Google Git
Sign in
fuchsia / third_party / android.googlesource.com / platform / system / libbase / 657800047a26ac653c184d05a0be0d35f2aff1d2
commit657800047a26ac653c184d05a0be0d35f2aff1d2[log] [tgz]
authorElliott Hughes <enh@google.com>Tue May 24 17:44:36 2022 -0700
committerCherrypicker Worker <android-build-cherrypicker-worker@google.com>Wed May 25 14:49:25 2022 +0000
tree488072748862cdcecd8864942e4cf92166033462
parentfff80ceee21221ee781b7eb970e8efed4ae34b28 [diff]
Make android::base::Basename() safe.

The previous "thread safety" was technically correct, but not super
useful in practice --- multiple calls to this function were safe, but
you couldn't mix android::base::Basename() and basename(3). This
actually hit us in practice when system_server leaked enough fds for
fdtrack to start up, which meant that libc calls that created fds would
request a backtrace, which meant that libunwind_stack would call
android::base::Basename(), which would call basename(3), which would
clobber a previous call to basename(3) in the original function that
made the otherwise innocuous libc call (realpath(3), in this case): it
was as if realpath(3) clobbered basename(3)'s storage!

I'm not a huge fan of this particular basename_r() implementation with
its gotos, but it's way too late in the T release cycle to be inventing
new implementations for a widely-used function. Sadly there's no
basename_r() for LP64 -- which, hilariously, is my fault -- so copy &
paste it is!

I've left mingw with the old implementation. I've no idea how much of
that mingw actually needs, so it can probably be cleaned up, but that's
a worry for another day.

Bug: http://b/231951809
Test: treehugger
Change-Id: I58a4c18d7943014ffdac4fd8185977b65b3ba1f7
(cherry picked from commit 91a10d912827b818d0c1931ede3a2afaa93b18cd)
Merged-In: I58a4c18d7943014ffdac4fd8185977b65b3ba1f7
2 files changed
tree: 488072748862cdcecd8864942e4cf92166033462
  1. include/
  2. tidy/
  3. .clang-format ⇨ ../../build/soong/scripts/system-clang-format-2
  4. abi_compatibility.cpp
  5. Android.bp
  6. chrono_utils.cpp
  7. chrono_utils_test.cpp
  8. cmsg.cpp
  9. cmsg_test.cpp
  10. CPPLINT.cfg
  11. endian_test.cpp
  12. errors_test.cpp
  13. errors_unix.cpp
  14. errors_windows.cpp
  15. expected_test.cpp
  16. file.cpp
  17. file_test.cpp
  18. format_benchmark.cpp
  19. function_ref_test.cpp
  20. hex.cpp
  21. hex_test.cpp
  22. logging.cpp
  23. logging_splitters.h
  24. logging_splitters_test.cpp
  25. logging_test.cpp
  26. macros_test.cpp
  27. mapped_file.cpp
  28. mapped_file_test.cpp
  29. no_destructor_test.cpp
  30. NOTICE
  31. OWNERS
  32. parsebool.cpp
  33. parsebool_test.cpp
  34. parsedouble_test.cpp
  35. parseint_test.cpp
  36. parsenetaddress.cpp
  37. parsenetaddress_fuzzer.cpp
  38. parsenetaddress_fuzzer.dict
  39. parsenetaddress_test.cpp
  40. posix_strerror_r.cpp
  41. PREUPLOAD.cfg
  42. process.cpp
  43. process_test.cpp
  44. properties.cpp
  45. properties_test.cpp
  46. README.md
  47. result_test.cpp
  48. result_test_constraint.cpp
  49. scopeguard_test.cpp
  50. stringprintf.cpp
  51. stringprintf_test.cpp
  52. strings.cpp
  53. strings_test.cpp
  54. test_main.cpp
  55. TEST_MAPPING
  56. test_utils.cpp
  57. test_utils_test.cpp
  58. threads.cpp
  59. utf8.cpp
  60. utf8_test.cpp
README.md

libbase

Who is this library for?

This library is a collection of convenience functions to make common tasks easier and less error-prone.

In this context, “error-prone” covers both “hard to do correctly” and “hard to do with good performance”, but as a general purpose library, libbase's primary focus is on making it easier to do things easily and correctly when a compromise has to be made between “simplest API” on the one hand and “fastest implementation” on the other. Though obviously the ideal is to have both.

Should my routine be added?

The intention is to cover the 80% use cases, not be all things to all users.

If you have a routine that‘s really useful in your project, congratulations. But that doesn’t mean it should be here rather than just in your project.

The question for libbase is “should everyone be doing this?”/“does this make everyone's code cleaner/safer?”. Historically we've considered the bar for inclusion to be “are there at least three unrelated projects that would be cleaned up by doing so”.

If your routine is actually something from a future C++ standard (that isn‘t yet in libc++), or it’s widely used in another library, that helps show that there's precedent. Being able to say “so-and-so has used this API for n years” is a good way to reduce concerns about API choices.

Any other restrictions?

Unlike most Android code, code in libbase has to build for Mac and Windows too.

Code here is also expected to have good test coverage.

By its nature, it‘s difficult to change libbase API. It’s often best to start using your routine just in your project, and let it “graduate” after you're certain that the API is solid.