Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(163)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: mojo/system/options_validation.h

Issue 621153003: Move mojo edk into mojo/edk (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix checkdeps Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « mojo/system/multiprocess_message_pipe_unittest.cc ('k') | mojo/system/options_validation_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 // Functions to help with verifying various |Mojo...Options| structs from the
6 // (public, C) API. These are "extensible" structs, which all have |struct_size|
7 // as their first member. All fields (other than |struct_size|) are optional,
8 // but any |flags| specified must be known to the system (otherwise, an error of
9 // |MOJO_RESULT_UNIMPLEMENTED| should be returned).
10
11 #ifndef MOJO_SYSTEM_OPTIONS_VALIDATION_H_
12 #define MOJO_SYSTEM_OPTIONS_VALIDATION_H_
13
14 #include <stddef.h>
15 #include <stdint.h>
16
17 #include <algorithm>
18
19 #include "base/logging.h"
20 #include "base/macros.h"
21 #include "mojo/public/c/system/types.h"
22 #include "mojo/system/constants.h"
23 #include "mojo/system/memory.h"
24 #include "mojo/system/system_impl_export.h"
25
26 namespace mojo {
27 namespace system {
28
29 template <class Options>
30 class UserOptionsReader {
31 public:
32 // Constructor from a |UserPointer<const Options>| (which it checks -- this
33 // constructor has side effects!).
34 // Note: We initialize |options_reader_| without checking, since we do a check
35 // in |GetSizeForReader()|.
36 explicit UserOptionsReader(UserPointer<const Options> options)
37 : options_reader_(UserPointer<const char>::Reader::NoCheck(),
38 options.template ReinterpretCast<const char>(),
39 GetSizeForReader(options)) {
40 static_assert(offsetof(Options, struct_size) == 0,
41 "struct_size not first member of Options");
42 // TODO(vtl): Enable when MSVC supports this (C++11 extended sizeof):
43 // static_assert(sizeof(Options::struct_size) == sizeof(uint32_t),
44 // "Options::struct_size not a uint32_t");
45 // (Or maybe assert that its type is uint32_t?)
46 }
47
48 bool is_valid() const { return !!options_reader_.GetPointer(); }
49
50 const Options& options() const {
51 DCHECK(is_valid());
52 return *reinterpret_cast<const Options*>(options_reader_.GetPointer());
53 }
54
55 // Checks that the given (variable-size) |options| passed to the constructor
56 // (plausibly) has a member at the given offset with the given size. You
57 // probably want to use |OPTIONS_STRUCT_HAS_MEMBER()| instead.
58 bool HasMember(size_t offset, size_t size) const {
59 DCHECK(is_valid());
60 // We assume that |offset| and |size| are reasonable, since they should come
61 // from |offsetof(Options, some_member)| and |sizeof(Options::some_member)|,
62 // respectively.
63 return options().struct_size >= offset + size;
64 }
65
66 private:
67 static inline size_t GetSizeForReader(UserPointer<const Options> options) {
68 uint32_t struct_size =
69 options.template ReinterpretCast<const uint32_t>().Get();
70 if (struct_size < sizeof(uint32_t))
71 return 0;
72
73 // Check the full requested size.
74 // Note: Use |MOJO_ALIGNOF()| here to match the exact macro used in the
75 // declaration of Options structs.
76 internal::CheckUserPointerWithSize<MOJO_ALIGNOF(Options)>(options.pointer_,
77 struct_size);
78 options.template ReinterpretCast<const char>().CheckArray(struct_size);
79 // But we'll never look at more than |sizeof(Options)| bytes.
80 return std::min(static_cast<size_t>(struct_size), sizeof(Options));
81 }
82
83 UserPointer<const char>::Reader options_reader_;
84
85 DISALLOW_COPY_AND_ASSIGN(UserOptionsReader);
86 };
87
88 // Macro to invoke |UserOptionsReader<Options>::HasMember()| parametrized by
89 // member name instead of offset and size.
90 //
91 // (We can't just give |HasMember()| a member pointer template argument instead,
92 // since there's no good/strictly-correct way to get an offset from that.)
93 //
94 // TODO(vtl): With C++11, use |sizeof(Options::member)| instead of (the
95 // contortion below). We might also be able to pull out the type |Options| from
96 // |reader| (using |decltype|) instead of requiring a parameter.
97 #define OPTIONS_STRUCT_HAS_MEMBER(Options, member, reader) \
98 reader.HasMember(offsetof(Options, member), sizeof(reader.options().member))
99
100 } // namespace system
101 } // namespace mojo
102
103 #endif // MOJO_SYSTEM_OPTIONS_VALIDATION_H_
OLDNEW
« no previous file with comments | « mojo/system/multiprocess_message_pipe_unittest.cc ('k') | mojo/system/options_validation_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698