/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ /* vim: set ts=8 sts=2 et sw=2 tw=80: */ /* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #ifndef nsStringBuffer_h__ #define nsStringBuffer_h__ #include #include "mozilla/MemoryReporting.h" template struct already_AddRefed; /* * Add a canary field to protect against double-frees of nsStringBuffer and * other potential heap corruptions. We intend to back this out before 58 hits * beta. */ #if (defined(DEBUG) || defined(NIGHTLY_BUILD)) && !defined(MOZ_ASAN) # define STRING_BUFFER_CANARY 1 #endif #ifdef STRING_BUFFER_CANARY enum nsStringBufferCanary : uint32_t { CANARY_OK = 0xaf57c8fa, CANARY_POISON = 0x534dc0f5 }; #endif /** * This structure precedes the string buffers "we" allocate. It may be the * case that nsTAString::mData does not point to one of these special * buffers. The mDataFlags member variable distinguishes the buffer type. * * When this header is in use, it enables reference counting, and capacity * tracking. NOTE: A string buffer can be modified only if its reference * count is 1. */ class nsStringBuffer { private: friend class CheckStaticAtomSizes; std::atomic mRefCount; uint32_t mStorageSize; #ifdef STRING_BUFFER_CANARY uint32_t mCanary; #endif public: /** * Allocates a new string buffer, with given size in bytes and a * reference count of one. When the string buffer is no longer needed, * it should be released via Release. * * It is up to the caller to set the bytes corresponding to the string * buffer by calling the Data method to fetch the raw data pointer. Care * must be taken to properly null terminate the character array. The * storage size can be greater than the length of the actual string * (i.e., it is not required that the null terminator appear in the last * storage unit of the string buffer's data). * * @return new string buffer or null if out of memory. */ static already_AddRefed Alloc(size_t aStorageSize); /** * Resizes the given string buffer to the specified storage size. This * method must not be called on a readonly string buffer. Use this API * carefully!! * * This method behaves like the ANSI-C realloc function. (i.e., If the * allocation fails, null will be returned and the given string buffer * will remain unmodified.) * * @see IsReadonly */ static nsStringBuffer* Realloc(nsStringBuffer* aBuf, size_t aStorageSize); /** * Increment the reference count on this string buffer. */ void NS_FASTCALL AddRef(); /** * Decrement the reference count on this string buffer. The string * buffer will be destroyed when its reference count reaches zero. */ void NS_FASTCALL Release(); /** * This method returns the string buffer corresponding to the given data * pointer. The data pointer must have been returned previously by a * call to the nsStringBuffer::Data method. */ static nsStringBuffer* FromData(void* aData) { nsStringBuffer* sb = reinterpret_cast(aData) - 1; #ifdef STRING_BUFFER_CANARY if (MOZ_UNLIKELY(sb->mCanary != CANARY_OK)) sb->FromDataCanaryCheckFailed(); #endif return sb; } /** * This method returns the data pointer for this string buffer. */ void* Data() const { return const_cast(reinterpret_cast(this + 1)); } /** * This function returns the storage size of a string buffer in bytes. * This value is the same value that was originally passed to Alloc (or * Realloc). */ uint32_t StorageSize() const { return mStorageSize; } /** * If this method returns false, then the caller can be sure that their * reference to the string buffer is the only reference to the string * buffer, and therefore it has exclusive access to the string buffer and * associated data. However, if this function returns true, then other * consumers may rely on the data in this buffer being immutable and * other threads may access this buffer simultaneously. */ bool IsReadonly() const { // This doesn't lead to the destruction of the buffer, so we don't // need to perform acquire memory synchronization for the normal // reason that a reference count needs acquire synchronization // (ensuring that all writes to the object made on other threads are // visible to the thread destroying the object). // // We then need to consider the possibility that there were prior // writes to the buffer on a different thread: one that has either // since released its reference count, or one that also has access // to this buffer through the same reference. There are two ways // for that to happen: either the buffer pointer or a data structure // (e.g., string object) pointing to the buffer was transferred from // one thread to another, or the data structure pointing to the // buffer was already visible on both threads. In the first case // (transfer), the transfer of data from one thread to another would // have handled the memory synchronization. In the latter case // (data structure visible on both threads), the caller needed some // sort of higher level memory synchronization to protect against // the string object being mutated at the same time on multiple // threads. return mRefCount.load(std::memory_order_relaxed) > 1; } /** * The FromString methods return a string buffer for the given string * object or null if the string object does not have a string buffer. * The reference count of the string buffer is NOT incremented by these * methods. If the caller wishes to hold onto the returned value, then * the returned string buffer must have its reference count incremented * via a call to the AddRef method. */ static nsStringBuffer* FromString(const nsAString& aStr); static nsStringBuffer* FromString(const nsACString& aStr); /** * The ToString methods assign this string buffer to a given string * object. If the string object does not support sharable string * buffers, then its value will be set to a copy of the given string * buffer. Otherwise, these methods increment the reference count of the * given string buffer. It is important to specify the length (in * storage units) of the string contained in the string buffer since the * length of the string may be less than its storage size. The string * must have a null terminator at the offset specified by |len|. * * NOTE: storage size is measured in bytes even for wide strings; * however, string length is always measured in storage units * (2-byte units for wide strings). */ void ToString(uint32_t aLen, nsAString& aStr, bool aMoveOwnership = false); void ToString(uint32_t aLen, nsACString& aStr, bool aMoveOwnership = false); /** * This measures the size only if the StringBuffer is unshared. */ size_t SizeOfIncludingThisIfUnshared( mozilla::MallocSizeOf aMallocSizeOf) const; /** * This measures the size regardless of whether the StringBuffer is * unshared. * * WARNING: Only use this if you really know what you are doing, because * it can easily lead to double-counting strings. If you do use them, * please explain clearly in a comment why it's safe and won't lead to * double-counting. */ size_t SizeOfIncludingThisEvenIfShared( mozilla::MallocSizeOf aMallocSizeOf) const; #ifdef STRING_BUFFER_CANARY /* * Called by FromData if the canary check failed. This is out-of-line in * nsSubstring.cpp so that MOZ_CRASH_UNSAFE_PRINTF is available via #includes. * It is not available in FromData due to #include-order. */ void FromDataCanaryCheckFailed() const; #endif }; #endif /* !defined(nsStringBuffer_h__ */