1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
|
// Copyright 2018 The gVisor Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package safemem
import (
"bytes"
"fmt"
"reflect"
"syscall"
"unsafe"
)
// A BlockSeq represents a sequence of Blocks, each of which has non-zero
// length.
//
// BlockSeqs are immutable and may be copied by value. The zero value of
// BlockSeq represents an empty sequence.
type BlockSeq struct {
// If length is 0, then the BlockSeq is empty. Invariants: data == 0;
// offset == 0; limit == 0.
//
// If length is -1, then the BlockSeq represents the single Block{data,
// limit, false}. Invariants: offset == 0; limit > 0; limit does not
// overflow the range of an int.
//
// If length is -2, then the BlockSeq represents the single Block{data,
// limit, true}. Invariants: offset == 0; limit > 0; limit does not
// overflow the range of an int.
//
// Otherwise, length >= 2, and the BlockSeq represents the `length` Blocks
// in the array of Blocks starting at address `data`, starting at `offset`
// bytes into the first Block and limited to the following `limit` bytes.
// Invariants: data != 0; offset < len(data[0]); limit > 0; offset+limit <=
// the combined length of all Blocks in the array; the first Block in the
// array has non-zero length.
//
// length is never 1; sequences consisting of a single Block are always
// stored inline (with length < 0).
data unsafe.Pointer
length int
offset int
limit uint64
}
// BlockSeqOf returns a BlockSeq representing the single Block b.
func BlockSeqOf(b Block) BlockSeq {
if b.length == 0 {
return BlockSeq{}
}
bs := BlockSeq{
data: b.start,
length: -1,
limit: uint64(b.length),
}
if b.needSafecopy {
bs.length = -2
}
return bs
}
// BlockSeqFromSlice returns a BlockSeq representing all Blocks in slice.
// If slice contains Blocks with zero length, BlockSeq will skip them during
// iteration.
//
// Whether the returned BlockSeq shares memory with slice is unspecified;
// clients should avoid mutating slices passed to BlockSeqFromSlice.
//
// Preconditions: The combined length of all Blocks in slice <= math.MaxUint64.
func BlockSeqFromSlice(slice []Block) BlockSeq {
slice = skipEmpty(slice)
var limit uint64
for _, b := range slice {
sum := limit + uint64(b.Len())
if sum < limit {
panic("BlockSeq length overflows uint64")
}
limit = sum
}
return blockSeqFromSliceLimited(slice, limit)
}
// Preconditions: The combined length of all Blocks in slice <= limit. If
// len(slice) != 0, the first Block in slice has non-zero length, and limit >
// 0.
func blockSeqFromSliceLimited(slice []Block, limit uint64) BlockSeq {
switch len(slice) {
case 0:
return BlockSeq{}
case 1:
return BlockSeqOf(slice[0].TakeFirst64(limit))
default:
return BlockSeq{
data: unsafe.Pointer(&slice[0]),
length: len(slice),
limit: limit,
}
}
}
func skipEmpty(slice []Block) []Block {
for i, b := range slice {
if b.Len() != 0 {
return slice[i:]
}
}
return nil
}
// IsEmpty returns true if bs contains no Blocks.
//
// Invariants: bs.IsEmpty() == (bs.NumBlocks() == 0) == (bs.NumBytes() == 0).
// (Of these, prefer to use bs.IsEmpty().)
func (bs BlockSeq) IsEmpty() bool {
return bs.length == 0
}
// NumBlocks returns the number of Blocks in bs.
func (bs BlockSeq) NumBlocks() int {
// In general, we have to count: if bs represents a windowed slice then the
// slice may contain Blocks with zero length, and bs.length may be larger
// than the actual number of Blocks due to bs.limit.
var n int
for !bs.IsEmpty() {
n++
bs = bs.Tail()
}
return n
}
// NumBytes returns the sum of Block.Len() for all Blocks in bs.
func (bs BlockSeq) NumBytes() uint64 {
return bs.limit
}
// Head returns the first Block in bs.
//
// Preconditions: !bs.IsEmpty().
func (bs BlockSeq) Head() Block {
if bs.length == 0 {
panic("empty BlockSeq")
}
if bs.length < 0 {
return bs.internalBlock()
}
return (*Block)(bs.data).DropFirst(bs.offset).TakeFirst64(bs.limit)
}
// Preconditions: bs.length < 0.
func (bs BlockSeq) internalBlock() Block {
return Block{
start: bs.data,
length: int(bs.limit),
needSafecopy: bs.length == -2,
}
}
// Tail returns a BlockSeq consisting of all Blocks in bs after the first.
//
// Preconditions: !bs.IsEmpty().
func (bs BlockSeq) Tail() BlockSeq {
if bs.length == 0 {
panic("empty BlockSeq")
}
if bs.length < 0 {
return BlockSeq{}
}
head := (*Block)(bs.data).DropFirst(bs.offset)
headLen := uint64(head.Len())
if headLen >= bs.limit {
// The head Block exhausts the limit, so the tail is empty.
return BlockSeq{}
}
var extSlice []Block
extSliceHdr := (*reflect.SliceHeader)(unsafe.Pointer(&extSlice))
extSliceHdr.Data = uintptr(bs.data)
extSliceHdr.Len = bs.length
extSliceHdr.Cap = bs.length
tailSlice := skipEmpty(extSlice[1:])
tailLimit := bs.limit - headLen
return blockSeqFromSliceLimited(tailSlice, tailLimit)
}
// DropFirst returns a BlockSeq equivalent to bs, but with the first n bytes
// omitted. If n > bs.NumBytes(), DropFirst returns an empty BlockSeq.
//
// Preconditions: n >= 0.
func (bs BlockSeq) DropFirst(n int) BlockSeq {
if n < 0 {
panic(fmt.Sprintf("invalid n: %d", n))
}
return bs.DropFirst64(uint64(n))
}
// DropFirst64 is equivalent to DropFirst but takes an uint64.
func (bs BlockSeq) DropFirst64(n uint64) BlockSeq {
if n >= bs.limit {
return BlockSeq{}
}
for {
// Calling bs.Head() here is surprisingly expensive, so inline getting
// the head's length.
var headLen uint64
if bs.length < 0 {
headLen = bs.limit
} else {
headLen = uint64((*Block)(bs.data).Len() - bs.offset)
}
if n < headLen {
// Dropping ends partway through the head Block.
if bs.length < 0 {
return BlockSeqOf(bs.internalBlock().DropFirst64(n))
}
bs.offset += int(n)
bs.limit -= n
return bs
}
n -= headLen
bs = bs.Tail()
}
}
// TakeFirst returns a BlockSeq equivalent to the first n bytes of bs. If n >
// bs.NumBytes(), TakeFirst returns a BlockSeq equivalent to bs.
//
// Preconditions: n >= 0.
func (bs BlockSeq) TakeFirst(n int) BlockSeq {
if n < 0 {
panic(fmt.Sprintf("invalid n: %d", n))
}
return bs.TakeFirst64(uint64(n))
}
// TakeFirst64 is equivalent to TakeFirst but takes a uint64.
func (bs BlockSeq) TakeFirst64(n uint64) BlockSeq {
if n == 0 {
return BlockSeq{}
}
if bs.limit > n {
bs.limit = n
}
return bs
}
// String implements fmt.Stringer.String.
func (bs BlockSeq) String() string {
var buf bytes.Buffer
buf.WriteByte('[')
var sep string
for !bs.IsEmpty() {
buf.WriteString(sep)
sep = " "
buf.WriteString(bs.Head().String())
bs = bs.Tail()
}
buf.WriteByte(']')
return buf.String()
}
// CopySeq copies srcs.NumBytes() or dsts.NumBytes() bytes, whichever is less,
// from srcs to dsts and returns the number of bytes copied.
//
// If srcs and dsts overlap, the data stored in dsts is unspecified.
func CopySeq(dsts, srcs BlockSeq) (uint64, error) {
var done uint64
for !dsts.IsEmpty() && !srcs.IsEmpty() {
dst := dsts.Head()
src := srcs.Head()
n, err := Copy(dst, src)
done += uint64(n)
if err != nil {
return done, err
}
dsts = dsts.DropFirst(n)
srcs = srcs.DropFirst(n)
}
return done, nil
}
// ZeroSeq sets all bytes in dsts to 0 and returns the number of bytes zeroed.
func ZeroSeq(dsts BlockSeq) (uint64, error) {
var done uint64
for !dsts.IsEmpty() {
n, err := Zero(dsts.Head())
done += uint64(n)
if err != nil {
return done, err
}
dsts = dsts.DropFirst(n)
}
return done, nil
}
// IovecsFromBlockSeq returns a []syscall.Iovec representing seq.
func IovecsFromBlockSeq(bs BlockSeq) []syscall.Iovec {
iovs := make([]syscall.Iovec, 0, bs.NumBlocks())
for ; !bs.IsEmpty(); bs = bs.Tail() {
b := bs.Head()
iovs = append(iovs, syscall.Iovec{
Base: &b.ToSlice()[0],
Len: uint64(b.Len()),
})
// We don't need to care about b.NeedSafecopy(), because the host
// kernel will handle such address ranges just fine (by returning
// EFAULT).
}
return iovs
}
|
