Adding this specific dependency should be fine. It contains only macros definition. No C++ declaration / definition, so this shouldn't link in anything and/or duplicate symbols from //base.
WDYT @pa...@chromium.org?
Alternatively, we could duplicate the macro into a //base/android/link/compiler_specific.h
file like in the very first few patchsets.
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
| Code-Review | +1 |
lgtm
Adding this specific dependency should be fine. It contains only macros definition. No C++ declaration / definition, so this shouldn't link in anything and/or duplicate symbols from //base.
WDYT @pa...@chromium.org?
Alternatively, we could duplicate the macro into a //base/android/link/compiler_specific.h
file like in the very first few patchsets.
The macros in //base/compiler_specific.h look innocent to me for the purpose, so lgtm.
PS: Even if later the macros start calling functions from //base, it will cause unknown symbol link errors (because we do not provide libbase to it). I think these include rules are serving only as contract declaration, not the last line of defense.
UNSAFE_TODO(memcpy(buf, buf + kReadSize, kMaxLineLength));Q: how are we going to eliminate the UNSAFE_TODO for a library that cannot depend on //base and cannot use std::span? What is the plan?
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
| Commit-Queue | +2 |
Thanks!
UNSAFE_TODO(memcpy(buf, buf + kReadSize, kMaxLineLength));Q: how are we going to eliminate the UNSAFE_TODO for a library that cannot depend on //base and cannot use std::span? What is the plan?
A plan? ;-)
Without joking, For `partition_alloc`, we imported our own `base::span`. `base/android/linker/` is too small to justify it.
We still can:
I can give it a try in a follow-up and see what could be achieved quickly.
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
[unsafe-buffers] Remove allow_unsafe_buffers from linker_jni.cc
This CL removes '#pragma allow_unsafe_buffers' from linker_jni.cc.
It defines a local LINKER_UNSAFE_TODO macro because this file cannot depend on
base/, and wraps unsafe buffer usages.
This is a mechanical change transitioning to fine-grained macros.
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
UNSAFE_TODO(memcpy(buf, buf + kReadSize, kMaxLineLength));Arthur SonzogniQ: how are we going to eliminate the UNSAFE_TODO for a library that cannot depend on //base and cannot use std::span? What is the plan?
A plan? ;-)
Without joking, For `partition_alloc`, we imported our own `base::span`. `base/android/linker/` is too small to justify it.
We still can:
- Use `std::array` and "modern" C++ API considered safe.
- Allow `std::span` in this directory and use it.
- Use UNSAFE_BUFFERS(...) with justifications.
I can give it a try in a follow-up and see what could be achieved quickly.
Oh, that's very kind of you. Thanks!!
This code parses strings and walks ELF file format. I'm not sure it is easy to make these things provably memory-safe without extra overhead. We somewhat rely on data being well-formed (it was emitted by kernel or validated by the dynamic linker).
A plan? ;-)
Well, because "TODO" is in the name, I ought to naively assume that there is a plan ;))
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |