[win] Create ModuleDatabase and ModuleEventSinkImpl.

chrome/browser/conflicts/module_database_win.h

Index: chrome/browser/conflicts/module_database_win.h
diff --git a/chrome/browser/conflicts/module_database_win.h b/chrome/browser/conflicts/module_database_win.h
new file mode 100644
index 0000000000000000000000000000000000000000..025d54f8d5433776817a54fbc27297eb7fbc48b1
--- /dev/null
+++ b/chrome/browser/conflicts/module_database_win.h
@@ -0,0 +1,214 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.

[sky, 2017/01/05 00:30:45]

2017 now on these files.

[chrisha, 2017/01/06 20:35:47]

Indeed!

Done.

+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_CONFLICTS_MODULE_DATABASE_WIN_H_
+#define CHROME_BROWSER_CONFLICTS_MODULE_DATABASE_WIN_H_
+
+#include <set>
+#include <utility>
+#include <vector>
+
+#include "base/files/file_path.h"
+#include "base/memory/weak_ptr.h"
+#include "base/sequenced_task_runner.h"
+#include "content/public/common/process_type.h"
+
+// A class that keeps track of all modules loaded across Chrome processes.
+// Drives the chrome://conflicts UI.
+class ModuleDatabase {
+ public:
+  // A ModuleDatabase is by default bound to a provided sequenced task runner.
+  // All calls must be made in the context of this task runner, unless

[sky, 2017/01/05 00:30:45]

How do you guarantee a function can't be called on this class from another
thread while in the destructor?

[chrisha, 2017/01/06 20:35:47]

That's a very good point. In practice, the ModuleDatabase is a singleton that
lives until process death.

But to make this explicitly safe, I guess the bouncing will have to be performed
externally, with a weak ptr that's been drawn earlier from the ModuleDatabase.
And the member functions would then advertise that they could only be called
from the |task_runner|. That would be easy enough to do. Thoughts?

[sky, 2017/01/06 21:05:40]

I'm ok with how you have it, as long as you document the assumption, perhaps
around where the singleton is defined.

[chrisha, 2017/01/11 16:34:17]

This is done in the follow-up CL that actually defines the singleton:

https://codereview.chromium.org/2613803005/

+  // otherwise noted. For calls from other contexts this task runner is used to
+  // bounce the call when appropriate.
+  explicit ModuleDatabase(scoped_refptr<base::SequencedTaskRunner> task_runner);
+  ~ModuleDatabase();
+
+  // Indicates that process with the given type has started. This must be called
+  // before any calls to OnModuleEvent or OnModuleUnload. Must be called in the
+  // same sequence as |task_runner_|.
+  void OnProcessStarted(uint32_t process_id,
+                        uint64_t creation_time,
+                        content::ProcessType process_type);
+
+  // Indicates that a module has been loaded. The data passed to this function
+  // is taken as gospel, so if it originates from a remote process it should be
+  // independently validated first. (In practice, see ModuleEventSinkImpl for
+  // details of where this happens.)
+  void OnModuleLoad(uint32_t process_id,
+                    uint64_t creation_time,

[sky, 2017/01/05 00:30:45]

Is there a reason not to use base::Time for creation_time and
module_time_date_stamp. Also, how come one is 64 and the other 32 bit?

[chrisha, 2017/01/06 20:35:47]

Because the times are being used as keys to distinguish processes/modules from
each other. In both cases I don't actually care about the meaning of the value,
but I want the representation to be precise as it is being used to distinguish
one process/module from another. If I convert to base::Time, there's a potential
for something to be lost in the translation, with no benefit to me as I don't
use them as a "time" value anywhere.

One is 64-bit and the other 32-bit because that's the bitness of their original
representations (process creation time uses a 64-bit FILETIME, and module
time-date-stamp uses a DWORD).

[sky, 2017/01/06 21:05:40]

Ok, thanks for the clarification.

+                    const base::FilePath& module_path,
+                    uint32_t module_size,
+                    uint32_t module_time_date_stamp,
+                    uintptr_t module_load_address);
+
+  // Indicates that the module at the given |load_address| in the specified
+  // process is being unloaded. This need not be trusted data, as it will be
+  // validated by the ModuleDatabase directly.
+  void OnModuleUnload(uint32_t process_id,
+                      uint64_t creation_time,
+                      uintptr_t module_load_address);
+
+  // Indicates that the given process has ended. This can be called from any
+  // thread and will be bounced to the |task_runner_|. In practice it will be
+  // invoked from the UI thread as the Mojo channel is torn down.
+  void OnProcessEnded(uint32_t process_id, uint64_t creation_time);
+
+  // TODO(chrisha): Module analysis code, and various accessors for use by
+  // chrome://conflicts.
+
+ private:
+  friend class TestModuleDatabase;
+  friend class ModuleDatabaseTest;
+  friend class ModuleEventSinkImplTest;
+
+  static constexpr size_t kInvalidIndex = ~0u;

[sky, 2017/01/05 00:30:45]

Please comment where this is used.

[chrisha, 2017/01/06 20:35:47]

Done.

+
+  // Used as a unique identifier for a module in a ModuleSet.
+  using ModuleId = int;
+
+  // Structures for maintaining information about modules.
+  struct ModuleInfo;
+  using ModuleSet = std::set<ModuleInfo>;
+  using ModuleLoadAddresses = std::vector<std::pair<ModuleId, uintptr_t>>;
+
+  // Structures for maintaining information about running processes.
+  struct ProcessInfo;
+  using ProcessSet = std::set<ProcessInfo>;
+
+  // Converts a valid |process_type| to a bit for use in a bitmask of process
+  // values. Exposed in the header for testing.
+  static uint32_t ProcessTypeToBit(content::ProcessType process_type);
+
+  // Converts a |bit_index| (which maps to the bit 1 << bit_index) to the
+  // corresponding process type. Exposed in the header for testing.
+  static content::ProcessType BitIndexToProcessType(uint32_t bit_index);
+
+  // Performs a linear scan to find the index of a |module_id| or |load_address|
+  // in a collection of modules. Returns kInvalidIndex if the index is not
+  // found.
+  static size_t FindLoadAddressIndexById(
+      ModuleId module_id,
+      const ModuleLoadAddresses& load_addresses);
+  static size_t FindLoadAddressIndexByAddress(
+      uintptr_t load_address,
+      const ModuleLoadAddresses& load_addresses);
+
+  // Inserts a module into a ModuleLoadAddress object.
+  static void InsertLoadAddress(ModuleId module_id,
+                                uintptr_t load_address,
+                                ModuleLoadAddresses* load_addresses);
+
+  // Removes a module from a ModuleLoadAddress object, either by the
+  // |module_id| or the |index| in the collection.
+  static void RemoveLoadAddressById(ModuleId module_id,
+                                    ModuleLoadAddresses* load_addresses);
+  static void RemoveLoadAddressByIndex(size_t index,
+                                       ModuleLoadAddresses* load_addresses);
+
+  // Finds or creates a mutable ModuleInfo entry.
+  ModuleInfo* FindOrCreateModuleInfo(const base::FilePath& module_path,
+                                     uint32_t module_size,
+                                     uint32_t module_time_date_stamp);
+
+  // Finds a process info entry. Returns nullptr if none is found.
+  ProcessInfo* GetProcessInfo(uint32_t process_id, uint64_t creation_time);
+
+  // Creates a process info entry.
+  void CreateProcessInfo(uint32_t process_id,
+                         uint64_t creation_time,
+                         content::ProcessType process_type);
+
+  // Deletes a process info entry.
+  void DeleteProcessInfo(uint32_t process_id, uint64_t creation_time);
+
+  // The task runner to which this object is bound.
+  scoped_refptr<base::SequencedTaskRunner> task_runner_;
+
+  // A map of all known modules.
+  ModuleSet modules_;
+
+  // The set of all known running processes, and modules loaded/unloaded in
+  // them.
+  ProcessSet processes_;
+
+  // Weak pointer factory for this object. This is used when bouncing
+  // incoming events to |task_runner_|.
+  base::WeakPtrFactory<ModuleDatabase> weak_ptr_factory_;
+
+  DISALLOW_COPY_AND_ASSIGN(ModuleDatabase);
+};
+
+// Maintains information about a module. Modules are permanent once added to
+// the ModuleSet, so this structure grows monotonically. In practice this is
+// not an issue as the modules themselves are vastly bigger than the minor
+// amount of metadata tracked here.
+struct ModuleDatabase::ModuleInfo {
+  ModuleInfo(const base::FilePath& module_path,
+             uint32_t module_size,
+             uint32_t module_time_date_stamp,
+             uint32_t module_id);
+
+  // Less-than operator allowing this object to be used in std::set.
+  bool operator<(const ModuleInfo& mi) const;
+
+  // Full path to the module on disk. Part of the key for a ModuleInfo.
+  const base::FilePath module_path;
+
+  // The module size. Part of the key for a ModuleInfo. This is taken from
+  // SizeOfImage from the module's IMAGE_OPTIONAL_HEADER.
+  const uint32_t module_size;
+
+  // The module time date stamp. Part of the key for a ModuleInfo. Taken from
+  // TimeDateStamp from the module's IMAGE_FILE_HEADER.
+  const uint32_t module_time_date_stamp;
+
+  // The ID of this module. This is a strictly incrementing value, and is used
+  // to tie a module to the list of running processes in which it is found.
+  // It is not part of the key for the module, but it is immutable. This is
+  // simply the index of the module in the insertion order.
+  const ModuleId module_id;
+
+  // Everything below this point is implicitly mutable data. Const versions of
+  // this struct will have their constness casted away at runtime, allowing
+  // map-like behaviour for a set without duplicating the key externally.
+
+  // Set of all process types in which this module has been seen (may not be
+  // currently present in a process of that type). This is a conversion of
+  // ProcessType enumeration to a bitfield. See "ProcessTypeToBit" and
+  // "BitIndexToProcessType" for details.
+  uint32_t process_types;
+};
+
+// Information about a running process. This ties modules in a ModuleSet to
+// processes in which they are (or have been) loaded.
+struct ModuleDatabase::ProcessInfo {
+  ProcessInfo(uint32_t process_id,
+              uint64_t creation_time,
+              content::ProcessType process_type);
+
+  // Less-than operator allowing this object to be used in std::set.
+  bool operator<(const ProcessInfo& pi) const;
+
+  const uint32_t process_id;
+  const uint64_t creation_time;
+  const content::ProcessType process_type;
+
+  // Everything below this point is implicitly mutable data. Const versions of
+  // this struct will have their constness casted away at runtime, allowing
+  // map-like behaviour for a set without duplicating the key externally.
+
+  // The set of modules that are loaded/unloaded in this process, by ID. This
+  // is typically a small list so a linear cost is okay to pay for
+  // lookup/deletion.
+  //
+  // These are modified by the various static *LoadAddress* helper functions in
+  // ModuleDatabase. The vector maintains the invariant the element with maximum
+  // module ID is always last. This ensures that the usual operation of loading
+  // a module is O(1).
+  ModuleLoadAddresses loaded_modules;
+  ModuleLoadAddresses unloaded_modules;
+};
+
+#endif  // CHROME_BROWSER_CONFLICTS_MODULE_DATABASE_WIN_H_