tor-browser

leb128iterator.h (8036B)

---

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */

// LEB128 utilities that can read/write unsigned LEB128 numbers from/to
// iterators.
//
// LEB128 = Little Endian Base 128, where small numbers take few bytes, but
// large numbers are still allowed, which is ideal when serializing numbers that
// are likely to be small.
// Each byte contains 7 bits from the number, starting at the "little end", the
// top bit is 0 for the last byte, 1 otherwise.
// Numbers 0-127 only take 1 byte. 128-16383 take 2 bytes. Etc.
//
// Iterators only need to provide:
// - `*it` to return a reference to the next byte to be read from or written to.
// - `++it` to advance the iterator after a byte is written.
//
// The caller must always provide sufficient space to write any number, by:
// - pre-allocating a large enough buffer, or
// - allocating more space when `++it` reaches the end and/or `*it` is invoked
//   after the end, or
// - moving the underlying pointer to an appropriate location (e.g., wrapping
//   around a circular buffer).
// The caller must also provide enough bytes to read a full value (i.e., at
// least one byte should have its top bit unset), and a type large enough to
// hold the stored value.
//
// Note: There are insufficient checks for validity! These functions are
// intended to be used together, i.e., the user should only `ReadULEB128()` from
// a sufficiently-large buffer that the same user filled with `WriteULEB128()`.
// Using with externally-sourced data (e.g., DWARF) is *not* recommended.
//
// https://en.wikipedia.org/wiki/LEB128

#ifndef leb128iterator_h
#define leb128iterator_h

#include "mozilla/Assertions.h"
#include "mozilla/Likely.h"

#include <climits>
#include <cstdint>
#include <limits>
#include <type_traits>

namespace mozilla {

// Number of bytes needed to represent `aValue`.
template <typename T>
constexpr uint_fast8_t ULEB128Size(T aValue) {
 static_assert(!std::numeric_limits<T>::is_signed,
               "ULEB128Size only takes unsigned types");
 // We need one output byte per 7 bits of non-zero value. So we just remove
 // 7 least significant bits at a time until the value becomes zero.
 // Note the special case of 0, which still needs 1 output byte; this is done
 // by starting the first loop before we check for 0.
 uint_fast8_t size = 0;
 for (;;) {
   size += 1;
   aValue >>= 7;
   // Expecting small values, so it should be more likely that `aValue == 0`.
   if (MOZ_LIKELY(aValue == 0)) {
     return size;
   }
 }
}

// Maximum number of bytes needed to represent any value of type `T`.
template <typename T>
constexpr uint_fast8_t ULEB128MaxSize() {
 return ULEB128Size<T>(std::numeric_limits<T>::max());
}

// Write `aValue` in LEB128 to `aIterator`.
// The iterator will be moved past the last byte.
template <typename T, typename It>
void WriteULEB128(T aValue, It& aIterator) {
 static_assert(!std::numeric_limits<T>::is_signed,
               "WriteULEB128 only takes unsigned types");
 using IteratorValue = std::remove_reference_t<decltype(*aIterator)>;
 static_assert(sizeof(IteratorValue) == 1,
               "WriteULEB128 expects an iterator to single bytes");
 // 0. Don't test for 0 yet, as we want to output one byte for it.
 for (;;) {
   // 1. Extract the 7 least significant bits.
   const uint_fast8_t byte = aValue & 0x7Fu;
   // 2. Remove them from `aValue`.
   aValue >>= 7;
   // 3. Write the 7 bits, and set the 8th bit if `aValue` is not 0 yet
   // (meaning there will be more bytes after this one.)
   // Expecting small values, so it should be more likely that `aValue == 0`.
   // Note: No absolute need to force-cast to IteratorValue, because we have
   // only changed the bottom 8 bits above. However the compiler could warn
   // about a narrowing conversion from potentially-multibyte uint_fast8_t down
   // to whatever single-byte type `*iterator* expects, so we make it explicit.
   *aIterator = static_cast<IteratorValue>(
       MOZ_LIKELY(aValue == 0) ? byte : (byte | 0x80u));
   // 4. Always advance the iterator to the next byte.
   ++aIterator;
   // 5. We're done if `aValue` is 0.
   // Expecting small values, so it should be more likely that `aValue == 0`.
   if (MOZ_LIKELY(aValue == 0)) {
     return;
   }
 }
}

// Read an LEB128 value from `aIterator`.
// The iterator will be moved past the last byte.
template <typename T, typename It>
T ReadULEB128(It& aIterator) {
 static_assert(!std::numeric_limits<T>::is_signed,
               "ReadULEB128 must return an unsigned type");
 using IteratorValue = std::remove_reference_t<decltype(*aIterator)>;
 static_assert(sizeof(IteratorValue) == 1,
               "ReadULEB128 expects an iterator to single bytes");
 // Incoming bits will be added to `result`...
 T result = 0;
 // ... starting with the least significant bits.
 uint_fast8_t shift = 0;
 for (;;) {
   // 1. Read one byte from the iterator.
   // `static_cast` just in case IteratorValue is not implicitly convertible to
   // uint_fast8_t. It wouldn't matter if the sign was extended, we're only
   // dealing with the bottom 8 bits below.
   const uint_fast8_t byte = static_cast<uint_fast8_t>(*aIterator);
   // 2. Always advance the iterator.
   ++aIterator;
   // 3. Extract the 7 bits of value, and shift them in place into `result`.
   result |= static_cast<T>(byte & 0x7fu) << shift;
   // 4. If the 8th bit is *not* set, this was the last byte.
   // Expecting small values, so it should be more likely that the bit is off.
   if (MOZ_LIKELY((byte & 0x80u) == 0)) {
     return result;
   }
   // There are more bytes to read.
   // 5. Next byte will contain more significant bits above the past 7.
   shift += 7;
   // Safety check that we're not going to shift by >= than the type size,
   // which is Undefined Behavior in C++.
   MOZ_ASSERT(shift < CHAR_BIT * sizeof(T));
 }
}

// constexpr ULEB128 reader class.
// Mostly useful when dealing with non-trivial byte feeds.
template <typename T>
class ULEB128Reader {
 static_assert(!std::numeric_limits<T>::is_signed,
               "ULEB128Reader must handle an unsigned type");

public:
 constexpr ULEB128Reader() = default;

 // Don't allow copy/assignment, it doesn't make sense for a stateful parser.
 constexpr ULEB128Reader(const ULEB128Reader&) = delete;
 constexpr ULEB128Reader& operator=(const ULEB128Reader&) = delete;

 // Feed a byte into the parser.
 // Returns true if this was the last byte.
 [[nodiscard]] constexpr bool FeedByteIsComplete(unsigned aByte) {
   MOZ_ASSERT(!IsComplete());
   // Extract the 7 bits of value, and shift them in place into the value.
   mValue |= static_cast<T>(aByte & 0x7fu) << mShift;
   // If the 8th bit is *not* set, this was the last byte.
   // Expecting small values, so it should be more likely that the bit is off.
   if (MOZ_LIKELY((aByte & 0x80u) == 0)) {
     mShift = mCompleteShift;
     return true;
   }
   // There are more bytes to read.
   // Next byte will contain more significant bits above the past 7.
   mShift += 7;
   // Safety check that we're not going to shift by >= than the type size,
   // which is Undefined Behavior in C++.
   MOZ_ASSERT(mShift < CHAR_BIT * sizeof(T));
   return false;
 }

 constexpr void Reset() {
   mValue = 0;
   mShift = 0;
 }

 [[nodiscard]] constexpr bool IsComplete() const {
   return mShift == mCompleteShift;
 }

 [[nodiscard]] constexpr T Value() const {
   MOZ_ASSERT(IsComplete());
   return mValue;
 }

private:
 // Special value of `mShift` indicating that parsing is complete.
 constexpr static unsigned mCompleteShift = 0x10000u;

 T mValue = 0;
 unsigned mShift = 0;
};

}  // namespace mozilla

#endif  // leb128iterator_h