1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Functions to help with verifying various |Mojo...Options| structs from the
6 // (public, C) API. These are "extensible" structs, which all have |struct_size|
7 // as their first member. All fields (other than |struct_size|) are optional,
8 // but any |flags| specified must be known to the system (otherwise, an error of
9 // |MOJO_RESULT_UNIMPLEMENTED| should be returned).
11 #ifndef MOJO_EDK_SYSTEM_OPTIONS_VALIDATION_H_
12 #define MOJO_EDK_SYSTEM_OPTIONS_VALIDATION_H_
19 #include "base/logging.h"
20 #include "base/macros.h"
21 #include "mojo/edk/system/memory.h"
22 #include "mojo/edk/system/system_impl_export.h"
23 #include "mojo/public/c/system/types.h"
28 template <class Options
>
29 class UserOptionsReader
{
31 // Constructor from a |UserPointer<const Options>| (which it checks -- this
32 // constructor has side effects!).
33 // Note: We initialize |options_reader_| without checking, since we do a check
34 // in |GetSizeForReader()|.
35 explicit UserOptionsReader(UserPointer
<const Options
> options
)
36 : options_reader_(UserPointer
<const char>::Reader::NoCheck(),
37 options
.template ReinterpretCast
<const char>(),
38 GetSizeForReader(options
)) {
39 static_assert(offsetof(Options
, struct_size
) == 0,
40 "struct_size not first member of Options");
41 // TODO(vtl): Enable when MSVC supports this (C++11 extended sizeof):
42 // static_assert(sizeof(Options::struct_size) == sizeof(uint32_t),
43 // "Options::struct_size not a uint32_t");
44 // (Or maybe assert that its type is uint32_t?)
47 bool is_valid() const { return !!options_reader_
.GetPointer(); }
49 const Options
& options() const {
51 return *reinterpret_cast<const Options
*>(options_reader_
.GetPointer());
54 // Checks that the given (variable-size) |options| passed to the constructor
55 // (plausibly) has a member at the given offset with the given size. You
56 // probably want to use |OPTIONS_STRUCT_HAS_MEMBER()| instead.
57 bool HasMember(size_t offset
, size_t size
) const {
59 // We assume that |offset| and |size| are reasonable, since they should come
60 // from |offsetof(Options, some_member)| and |sizeof(Options::some_member)|,
62 return options().struct_size
>= offset
+ size
;
66 static inline size_t GetSizeForReader(UserPointer
<const Options
> options
) {
67 uint32_t struct_size
=
68 options
.template ReinterpretCast
<const uint32_t>().Get();
69 if (struct_size
< sizeof(uint32_t))
72 // Check the full requested size.
73 // Note: Use |MOJO_ALIGNOF()| here to match the exact macro used in the
74 // declaration of Options structs.
75 internal::CheckUserPointerWithSize
<MOJO_ALIGNOF(Options
)>(options
.pointer_
,
77 options
.template ReinterpretCast
<const char>().CheckArray(struct_size
);
78 // But we'll never look at more than |sizeof(Options)| bytes.
79 return std::min(static_cast<size_t>(struct_size
), sizeof(Options
));
82 UserPointer
<const char>::Reader options_reader_
;
84 DISALLOW_COPY_AND_ASSIGN(UserOptionsReader
);
87 // Macro to invoke |UserOptionsReader<Options>::HasMember()| parametrized by
88 // member name instead of offset and size.
90 // (We can't just give |HasMember()| a member pointer template argument instead,
91 // since there's no good/strictly-correct way to get an offset from that.)
93 // TODO(vtl): With C++11, use |sizeof(Options::member)| instead of (the
94 // contortion below). We might also be able to pull out the type |Options| from
95 // |reader| (using |decltype|) instead of requiring a parameter.
96 #define OPTIONS_STRUCT_HAS_MEMBER(Options, member, reader) \
97 reader.HasMember(offsetof(Options, member), sizeof(reader.options().member))
102 #endif // MOJO_EDK_SYSTEM_OPTIONS_VALIDATION_H_