commit | 657800047a26ac653c184d05a0be0d35f2aff1d2 | [log] [tgz] |
---|---|---|
author | Elliott Hughes <enh@google.com> | Tue May 24 17:44:36 2022 -0700 |
committer | Cherrypicker Worker <android-build-cherrypicker-worker@google.com> | Wed May 25 14:49:25 2022 +0000 |
tree | 488072748862cdcecd8864942e4cf92166033462 | |
parent | fff80ceee21221ee781b7eb970e8efed4ae34b28 [diff] |
Make android::base::Basename() safe. The previous "thread safety" was technically correct, but not super useful in practice --- multiple calls to this function were safe, but you couldn't mix android::base::Basename() and basename(3). This actually hit us in practice when system_server leaked enough fds for fdtrack to start up, which meant that libc calls that created fds would request a backtrace, which meant that libunwind_stack would call android::base::Basename(), which would call basename(3), which would clobber a previous call to basename(3) in the original function that made the otherwise innocuous libc call (realpath(3), in this case): it was as if realpath(3) clobbered basename(3)'s storage! I'm not a huge fan of this particular basename_r() implementation with its gotos, but it's way too late in the T release cycle to be inventing new implementations for a widely-used function. Sadly there's no basename_r() for LP64 -- which, hilariously, is my fault -- so copy & paste it is! I've left mingw with the old implementation. I've no idea how much of that mingw actually needs, so it can probably be cleaned up, but that's a worry for another day. Bug: http://b/231951809 Test: treehugger Change-Id: I58a4c18d7943014ffdac4fd8185977b65b3ba1f7 (cherry picked from commit 91a10d912827b818d0c1931ede3a2afaa93b18cd) Merged-In: I58a4c18d7943014ffdac4fd8185977b65b3ba1f7
This library is a collection of convenience functions to make common tasks easier and less error-prone.
In this context, “error-prone” covers both “hard to do correctly” and “hard to do with good performance”, but as a general purpose library, libbase's primary focus is on making it easier to do things easily and correctly when a compromise has to be made between “simplest API” on the one hand and “fastest implementation” on the other. Though obviously the ideal is to have both.
The intention is to cover the 80% use cases, not be all things to all users.
If you have a routine that‘s really useful in your project, congratulations. But that doesn’t mean it should be here rather than just in your project.
The question for libbase is “should everyone be doing this?”/“does this make everyone's code cleaner/safer?”. Historically we've considered the bar for inclusion to be “are there at least three unrelated projects that would be cleaned up by doing so”.
If your routine is actually something from a future C++ standard (that isn‘t yet in libc++), or it’s widely used in another library, that helps show that there's precedent. Being able to say “so-and-so has used this API for n years” is a good way to reduce concerns about API choices.
Unlike most Android code, code in libbase has to build for Mac and Windows too.
Code here is also expected to have good test coverage.
By its nature, it‘s difficult to change libbase API. It’s often best to start using your routine just in your project, and let it “graduate” after you're certain that the API is solid.