util: Add MemBlockBuilder class to help manage blocks of memory for safe memcpy#9306
util: Add MemBlockBuilder class to help manage blocks of memory for safe memcpy#9306jmarantz merged 15 commits intoenvoyproxy:masterfrom
Conversation
…mcpy. Signed-off-by: Joshua Marantz <jmarantz@google.com>
htuch
left a comment
There was a problem hiding this comment.
LGTM modulo comments, thanks, this is a great improvement IMHO.
/wait
Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Joshua Marantz <jmarantz@google.com>
htuch
left a comment
There was a problem hiding this comment.
Awesome, this is a really nice contribution, @envoyproxy/maintainers please encourage the use of this pattern going forward where applicable.
|
@jmarantz looks like legit CI failures on coverage related to this PR, want to take a look? |
Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Joshua Marantz <jmarantz@google.com>
|
woo-hoo: this squirrels by the coverage issues matching the expected error message; ptal. |
|
@envoyproxy/maintainers can I have a non-googler review? This is should be relatively simple, as this adds a new class & tests but does not use it yet. |
mattklein123
left a comment
There was a problem hiding this comment.
Nice. A few comments for discussion.
/wait-any
| * @param data The block of objects to insert. | ||
| * @param size The number of elements in the block. | ||
| */ | ||
| void appendData(const T* data, uint64_t size) { |
There was a problem hiding this comment.
How about using absl::span here? Seems more flexible and a bit more type checked for many uses?
There was a problem hiding this comment.
I'm glad you mentioned this because I did not know about absl::Span<>. Pretty cool; I'll keep that one in mind. But I don't see how that data structure helps in this case, as the functionality it automates isn't really what this class does, which is provide a builder-like interface for filling in an owned piece of data.
There was a problem hiding this comment.
You are passing const T* data, uint64_t size which can be expressed in a span, just like a string_view. It seemed a more flexible interface that does the same thing? nbd either way.
There was a problem hiding this comment.
I see...ok that definitely improves the interface. Thanks!
I also did -- in a separate commit -- a change to use a span in the rep as well. That reduces the number of lines of code in this impl. Note than in absl::Span::remove_prefix() there is an assert() already, so I removed the SECURITY_ASSERT for now, and key off that in the death-tests.
I feel like the change in AppendOne from *write_ptr_++ = ch to write_span_[0] = ch; write_span_.remove_prefix(1); is a little less intuitive and might not compile to something quite as fast. WDYT? I can always roll back e0d6ee1
Signed-off-by: Joshua Marantz <jmarantz@google.com>
…at check the redundancy. Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Joshua Marantz <jmarantz@google.com>
… correct assertion. Signed-off-by: Joshua Marantz <jmarantz@google.com>
…e disabled for optimized builds. Signed-off-by: Joshua Marantz <jmarantz@google.com>
Signed-off-by: Joshua Marantz <jmarantz@google.com>
| * | ||
| * @param capacity The number of memory elements to allocate. | ||
| */ | ||
| void populate(uint64_t capacity) { populateHelper(capacity, std::make_unique<T[]>(capacity)); } |
There was a problem hiding this comment.
nit: I would probably call this resize(...) but up to you.
There was a problem hiding this comment.
Yeah that's better; will adjust in a follow-up though.
| *write_span_.data() = object; | ||
| write_span_.remove_prefix(1); |
There was a problem hiding this comment.
Agreed this is not quite as intuitive but I'm fine either way.
There was a problem hiding this comment.
i'll see how this feels for now. Thanks.
…afe memcpy (envoyproxy#9306) * Add MemBlockBuilder class to help manage blocks of memory for safe memcpy. Signed-off-by: Joshua Marantz <jmarantz@google.com> Signed-off-by: Prakhar <prakhar_au@yahoo.com>
Description: Split out from #8779 per suggestion from @htuch -- adds a class to help manage memory blocks, to make it easier to reason about the correctness of calls to memcpy.
Risk Level: low -- this PR just adds/tests a new utility class
Testing: just the new test
Docs Changes: n/a
Release Notes: n/a