Convert to UNSAFE_TODO in services [chromium/src : main]

0 views
Skip to first unread message

Arthur Sonzogni (Gerrit)

unread,
Nov 7, 2025, 12:08:09 PMNov 7
to Raphael Kubo da Costa, Wanming Lin, Rijubrata Bhaumik, Zijie He, Hu, Ningxin, chromium...@chromium.org, Jiewei Qian, spang...@chromium.org, fuchsia...@chromium.org, odejesu...@chromium.org, wfh+...@chromium.org, chrome-gr...@chromium.org, mac-r...@chromium.org, fuzzin...@chromium.org, ipc-securi...@chromium.org, mattreyno...@chromium.org, network-ser...@chromium.org, tracing...@chromium.org

Arthur Sonzogni has uploaded the change for review

Commit message

Convert to UNSAFE_TODO in services

This is an automated #cleanup patch using the [Script] below.

We are migrating from coarse-grained file-level suppression (#pragma
allow_unsafe_buffers) to granular, expression-level markers
(UNSAFE_TODO()). The pragma disables safety checks for an entire file,
whereas UNSAFE_TODO() isolates specific potentially unsafe operations, allowing
the rest of the file to be enforced as safe.

This CL was uploaded by git cl split.
AX-Relnotes: N/A
Cleanup: This is an automated #cleanup.
Bug: 409340989
Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1

Change diff


Change information

Files:
  • M services/device/generic_sensor/platform_sensor_chromeos_unittest.cc
  • M services/device/generic_sensor/platform_sensor_provider_chromeos_unittest.cc
  • M services/device/generic_sensor/platform_sensor_reader_win.cc
  • M services/device/geolocation/wifi_data_provider_common_win.cc
  • M services/device/geolocation/wifi_data_provider_win.cc
  • M services/device/hid/hid_preparsed_data.cc
  • M services/device/hid/hid_report_descriptor_fuzzer.cc
  • M services/device/public/cpp/generic_sensor/sensor_mojom_traits.h
  • M services/device/usb/usb_descriptors_fuzzer.cc
  • M services/device/usb/usb_device_handle_impl.cc
  • M services/device/usb/usb_device_impl.cc
  • M services/device/usb/usb_service_impl.cc
  • M services/device/usb/usb_string_read_fuzzer.cc
  • M services/network/trust_tokens/scoped_boringssl_bytes.h
  • M services/proxy_resolver_win/windows_system_proxy_resolver_impl.cc
  • M services/proxy_resolver_win/windows_system_proxy_resolver_impl_unittest.cc
  • M services/resource_coordinator/public/cpp/memory_instrumentation/os_metrics_mac.cc
  • M services/shape_detection/face_detection_impl_mac_vision.mm
  • M services/tracing/public/cpp/perfetto/fuchsia_perfetto_producer_connector_unittest.cc
  • M services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_buffer_android.cc
  • M services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_buffer_android_unittest.cc
  • M services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_data_type_android.h
  • M services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_parser_android_unittest.cc
  • M services/tracing/public/cpp/perfetto/system_trace_writer.h
  • M services/webnn/dml/command_recorder.cc
  • M services/webnn/dml/command_recorder_test.cc
  • M services/webnn/dml/context_impl_dml.cc
  • M services/webnn/dml/graph_impl_dml.cc
Change size: M
Delta: 28 files changed, 58 insertions(+), 176 deletions(-)
Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: newchange
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1
Gerrit-Change-Number: 7131919
Gerrit-PatchSet: 1
Gerrit-Owner: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Reviewer: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-CC: Hu, Ningxin <ningx...@intel.com>
Gerrit-CC: Jiewei Qian <q...@chromium.org>
Gerrit-CC: Raphael Kubo da Costa <ku...@igalia.com>
Gerrit-CC: Rijubrata Bhaumik <rijubrat...@intel.com>
Gerrit-CC: Wanming Lin <wanmi...@intel.com>
Gerrit-CC: Zijie He <zij...@google.com>
satisfied_requirement
unsatisfied_requirement
open
diffy

Arthur Sonzogni (Gerrit)

unread,
Nov 8, 2025, 2:39:51 AMNov 8
to chromium...@chromium.org, Raphael Kubo da Costa, Hu, Ningxin, Jiewei Qian, Rijubrata Bhaumik, Wanming Lin, Zijie He, chrome-gr...@chromium.org, fuchsia...@chromium.org, fuzzin...@chromium.org, ipc-securi...@chromium.org, mac-r...@chromium.org, mattreyno...@chromium.org, network-ser...@chromium.org, odejesu...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org

Arthur Sonzogni voted Commit-Queue+1

Commit-Queue+1
Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1
Gerrit-Change-Number: 7131919
Gerrit-PatchSet: 1
Gerrit-Owner: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Reviewer: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-CC: Hu, Ningxin <ningx...@intel.com>
Gerrit-CC: Jiewei Qian <q...@chromium.org>
Gerrit-CC: Raphael Kubo da Costa <ku...@igalia.com>
Gerrit-CC: Rijubrata Bhaumik <rijubrat...@intel.com>
Gerrit-CC: Wanming Lin <wanmi...@intel.com>
Gerrit-CC: Zijie He <zij...@google.com>
Gerrit-Comment-Date: Sat, 08 Nov 2025 07:39:38 +0000
Gerrit-HasComments: No
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Arthur Sonzogni (Gerrit)

unread,
Nov 13, 2025, 4:54:25 AMNov 13
to Daniel Cheng, Chromium LUCI CQ, chromium...@chromium.org, Raphael Kubo da Costa, Hu, Ningxin, Jiewei Qian, Rijubrata Bhaumik, Wanming Lin, Zijie He, chrome-gr...@chromium.org, fuchsia...@chromium.org, fuzzin...@chromium.org, ipc-securi...@chromium.org, mac-r...@chromium.org, mattreyno...@chromium.org, network-ser...@chromium.org, odejesu...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org
Attention needed from Daniel Cheng

Arthur Sonzogni voted and added 1 comment

Votes added by Arthur Sonzogni

Auto-Submit+1

1 comment

Patchset-level comments
File-level comment, Patchset 3 (Latest):
Arthur Sonzogni . resolved

Hi Daniel,
Could you please take a look?

Open in Gerrit

Related details

Attention is currently required from:
  • Daniel Cheng
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1
Gerrit-Change-Number: 7131919
Gerrit-PatchSet: 3
Gerrit-Owner: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Reviewer: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
Gerrit-CC: Hu, Ningxin <ningx...@intel.com>
Gerrit-CC: Jiewei Qian <q...@chromium.org>
Gerrit-CC: Raphael Kubo da Costa <ku...@igalia.com>
Gerrit-CC: Rijubrata Bhaumik <rijubrat...@intel.com>
Gerrit-CC: Wanming Lin <wanmi...@intel.com>
Gerrit-CC: Zijie He <zij...@google.com>
Gerrit-Attention: Daniel Cheng <dch...@chromium.org>
Gerrit-Comment-Date: Thu, 13 Nov 2025 09:54:08 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Arthur Sonzogni (Gerrit)

unread,
Nov 14, 2025, 6:06:14 AMNov 14
to Daniel Cheng, Chromium LUCI CQ, chromium...@chromium.org, Raphael Kubo da Costa, Hu, Ningxin, Jiewei Qian, Rijubrata Bhaumik, Wanming Lin, Zijie He, chrome-gr...@chromium.org, fuchsia...@chromium.org, fuzzin...@chromium.org, ipc-securi...@chromium.org, mac-r...@chromium.org, mattreyno...@chromium.org, network-ser...@chromium.org, odejesu...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org
Attention needed from Daniel Cheng

Arthur Sonzogni voted and added 1 comment

Votes added by Arthur Sonzogni

Auto-Submit+1

1 comment

Patchset-level comments
Arthur Sonzogni . resolved

Hi Daniel,
Could you please take a look?

Open in Gerrit

Related details

Attention is currently required from:
  • Daniel Cheng
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1
Gerrit-Change-Number: 7131919
Gerrit-PatchSet: 5
Gerrit-Owner: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Reviewer: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
Gerrit-CC: Hu, Ningxin <ningx...@intel.com>
Gerrit-CC: Jiewei Qian <q...@chromium.org>
Gerrit-CC: Raphael Kubo da Costa <ku...@igalia.com>
Gerrit-CC: Rijubrata Bhaumik <rijubrat...@intel.com>
Gerrit-CC: Wanming Lin <wanmi...@intel.com>
Gerrit-CC: Zijie He <zij...@google.com>
Gerrit-Attention: Daniel Cheng <dch...@chromium.org>
Gerrit-Comment-Date: Fri, 14 Nov 2025 11:05:59 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Daniel Cheng (Gerrit)

unread,
Nov 14, 2025, 1:44:48 PMNov 14
to Arthur Sonzogni, Daniel Cheng, Chromium LUCI CQ, chromium...@chromium.org, Raphael Kubo da Costa, Hu, Ningxin, Jiewei Qian, Rijubrata Bhaumik, Wanming Lin, Zijie He, chrome-gr...@chromium.org, fuchsia...@chromium.org, fuzzin...@chromium.org, ipc-securi...@chromium.org, mac-r...@chromium.org, mattreyno...@chromium.org, network-ser...@chromium.org, odejesu...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org
Attention needed from Arthur Sonzogni

Daniel Cheng voted and added 3 comments

Votes added by Daniel Cheng

Code-Review+1

3 comments

Patchset-level comments
Daniel Cheng . resolved

LGTM w/optional nit

(I'm guessing that the current insertion is probably based on ranges suggested by clang)

File services/tracing/public/cpp/perfetto/fuchsia_perfetto_producer_connector_unittest.cc
Line 210, Patchset 5 (Latest): UNSAFE_TODO(EXPECT_EQ(
Daniel Cheng . unresolved

This UNSAFE_TODO() should be around the memcmp(), no?

File services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_buffer_android_unittest.cc
Line 69, Patchset 5 (Latest): UNSAFE_TODO(EXPECT_EQ(hprof.SizeOfType(i), correct_sizes[i]));
Daniel Cheng . unresolved

Similarly here and below, it should be around `correct_sizes[i]`

Open in Gerrit

Related details

Attention is currently required from:
  • Arthur Sonzogni
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement satisfiedCode-Owners
  • requirement satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1
Gerrit-Change-Number: 7131919
Gerrit-PatchSet: 5
Gerrit-Owner: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Reviewer: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
Gerrit-CC: Hu, Ningxin <ningx...@intel.com>
Gerrit-CC: Jiewei Qian <q...@chromium.org>
Gerrit-CC: Raphael Kubo da Costa <ku...@igalia.com>
Gerrit-CC: Rijubrata Bhaumik <rijubrat...@intel.com>
Gerrit-CC: Wanming Lin <wanmi...@intel.com>
Gerrit-CC: Zijie He <zij...@google.com>
Gerrit-Attention: Arthur Sonzogni <arthurs...@chromium.org>
Gerrit-Comment-Date: Fri, 14 Nov 2025 18:44:39 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
satisfied_requirement
unsatisfied_requirement
open
diffy

Arthur Sonzogni (Gerrit)

unread,
Nov 17, 2025, 8:17:22 AM (13 days ago) Nov 17
to Daniel Cheng, Chromium LUCI CQ, chromium...@chromium.org, Raphael Kubo da Costa, Hu, Ningxin, Jiewei Qian, Rijubrata Bhaumik, Wanming Lin, Zijie He, chrome-gr...@chromium.org, fuchsia...@chromium.org, fuzzin...@chromium.org, ipc-securi...@chromium.org, mac-r...@chromium.org, mattreyno...@chromium.org, network-ser...@chromium.org, odejesu...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org

Arthur Sonzogni voted and added 3 comments

Votes added by Arthur Sonzogni

Auto-Submit+1
Commit-Queue+2

3 comments

Patchset-level comments
File-level comment, Patchset 6 (Latest):
Arthur Sonzogni . resolved

Thanks Daniel!

File services/tracing/public/cpp/perfetto/fuchsia_perfetto_producer_connector_unittest.cc
Line 210, Patchset 5: UNSAFE_TODO(EXPECT_EQ(
Daniel Cheng . resolved

This UNSAFE_TODO() should be around the memcmp(), no?

Arthur Sonzogni

The range are coming from clang. Since `EXPECT_EQ` is a macro, I suspect it can't identify the part of the argument that lead to the unsafe error, so it ends up flagging the macro invocation instead.

So, this is the best I can do, in an automated way. I don't believe this matter much, but if you insist, I am happy to invert the two macros.

File services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_buffer_android_unittest.cc
Line 69, Patchset 5: UNSAFE_TODO(EXPECT_EQ(hprof.SizeOfType(i), correct_sizes[i]));
Daniel Cheng . resolved

Similarly here and below, it should be around `correct_sizes[i]`

Arthur Sonzogni

Done

Open in Gerrit

Related details

Attention set is empty
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement satisfiedCode-Owners
    • requirement satisfiedCode-Review
    • requirement satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1
    Gerrit-Change-Number: 7131919
    Gerrit-PatchSet: 6
    Gerrit-Owner: Arthur Sonzogni <arthurs...@chromium.org>
    Gerrit-Reviewer: Arthur Sonzogni <arthurs...@chromium.org>
    Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
    Gerrit-CC: Hu, Ningxin <ningx...@intel.com>
    Gerrit-CC: Jiewei Qian <q...@chromium.org>
    Gerrit-CC: Raphael Kubo da Costa <ku...@igalia.com>
    Gerrit-CC: Rijubrata Bhaumik <rijubrat...@intel.com>
    Gerrit-CC: Wanming Lin <wanmi...@intel.com>
    Gerrit-CC: Zijie He <zij...@google.com>
    Gerrit-Comment-Date: Mon, 17 Nov 2025 13:17:02 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    Comment-In-Reply-To: Daniel Cheng <dch...@chromium.org>
    satisfied_requirement
    open
    diffy

    Chromium LUCI CQ (Gerrit)

    unread,
    Nov 17, 2025, 9:45:25 AM (12 days ago) Nov 17
    to Arthur Sonzogni, Daniel Cheng, chromium...@chromium.org, Raphael Kubo da Costa, Hu, Ningxin, Jiewei Qian, Rijubrata Bhaumik, Wanming Lin, Zijie He, chrome-gr...@chromium.org, fuchsia...@chromium.org, fuzzin...@chromium.org, ipc-securi...@chromium.org, mac-r...@chromium.org, mattreyno...@chromium.org, network-ser...@chromium.org, odejesu...@chromium.org, spang...@chromium.org, tracing...@chromium.org, wfh+...@chromium.org

    Chromium LUCI CQ submitted the change with unreviewed changes

    Unreviewed changes

    5 is the latest approved patch-set.
    The change was submitted with unreviewed changes in the following files:

    ```
    The name of the file: services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_buffer_android_unittest.cc
    Insertions: 2, Deletions: 2.

    The diff is too large to show. Please review the diff.
    ```
    ```
    The name of the file: services/tracing/public/cpp/perfetto/fuchsia_perfetto_producer_connector_unittest.cc
    Insertions: 2, Deletions: 2.

    The diff is too large to show. Please review the diff.
    ```

    Change information

    Commit message:
    Convert to UNSAFE_TODO in services

    This is an automated #cleanup patch using the [Script] below.

    We are migrating from coarse-grained file-level suppression (#pragma
    allow_unsafe_buffers) to granular, expression-level markers
    (UNSAFE_TODO()). The pragma disables safety checks for an entire file,
    whereas UNSAFE_TODO() isolates specific potentially unsafe operations, allowing
    the rest of the file to be enforced as safe.

    This CL was uploaded by git cl split.
    AX-Relnotes: N/A
    Cleanup: This is an automated #cleanup.
    Bug: 409340989
    Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1
    Reviewed-by: Daniel Cheng <dch...@chromium.org>
    Auto-Submit: Arthur Sonzogni <arthurs...@chromium.org>
    Commit-Queue: Arthur Sonzogni <arthurs...@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#1545889}
    Files:
      • M services/device/generic_sensor/platform_sensor_chromeos_unittest.cc
      • M services/device/generic_sensor/platform_sensor_provider_chromeos_unittest.cc
      • M services/device/generic_sensor/platform_sensor_reader_win.cc
      • M services/device/geolocation/wifi_data_provider_common_win.cc
      • M services/device/geolocation/wifi_data_provider_win.cc
      • M services/device/hid/hid_preparsed_data.cc
      • M services/device/hid/hid_report_descriptor_fuzzer.cc
      • M services/device/public/cpp/generic_sensor/sensor_mojom_traits.h
      • M services/device/usb/usb_descriptors_fuzzer.cc
      • M services/device/usb/usb_device_handle_impl.cc
      • M services/device/usb/usb_device_impl.cc
      • M services/device/usb/usb_service_impl.cc
      • M services/device/usb/usb_string_read_fuzzer.cc
      • M services/network/trust_tokens/scoped_boringssl_bytes.h
      • M services/proxy_resolver_win/windows_system_proxy_resolver_impl.cc
      • M services/resource_coordinator/public/cpp/memory_instrumentation/os_metrics_mac.cc
      • M services/tracing/public/cpp/perfetto/fuchsia_perfetto_producer_connector_unittest.cc
      • M services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_buffer_android.cc
      • M services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_buffer_android_unittest.cc
      • M services/tracing/public/cpp/perfetto/java_heap_profiler/hprof_data_type_android.h
      • M services/tracing/public/cpp/perfetto/system_trace_writer.h
      • M services/webnn/dml/command_recorder.cc
      • M services/webnn/dml/command_recorder_test.cc
        Change size: L
        Delta: 23 files changed, 102 insertions(+), 179 deletions(-)
        Branch: refs/heads/main
        Submit Requirements:
        • requirement satisfiedCode-Review: +1 by Daniel Cheng
        Open in Gerrit
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: merged
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I52baecef50ca0eb0437b0eee04b153898a96a4e1
        Gerrit-Change-Number: 7131919
        Gerrit-PatchSet: 7
        Gerrit-Owner: Arthur Sonzogni <arthurs...@chromium.org>
        Gerrit-Reviewer: Arthur Sonzogni <arthurs...@chromium.org>
        Gerrit-Reviewer: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
        Gerrit-Reviewer: Daniel Cheng <dch...@chromium.org>
        open
        diffy
        satisfied_requirement
        Reply all
        Reply to author
        Forward
        0 new messages