Make android::base::Basename() safe.

The previous "thread safety" was technically correct, but not super
useful in practice --- multiple calls to this function were safe, but
you couldn't mix android::base::Basename() and basename(3). This
actually hit us in practice when system_server leaked enough fds for
fdtrack to start up, which meant that libc calls that created fds would
request a backtrace, which meant that libunwind_stack would call
android::base::Basename(), which would call basename(3), which would
clobber a previous call to basename(3) in the original function that
made the otherwise innocuous libc call (realpath(3), in this case): it
was as if realpath(3) clobbered basename(3)'s storage!

I'm not a huge fan of this particular basename_r() implementation with
its gotos, but it's way too late in the T release cycle to be inventing
new implementations for a widely-used function. Sadly there's no
basename_r() for LP64 -- which, hilariously, is my fault -- so copy &
paste it is!

I've left mingw with the old implementation. I've no idea how much of
that mingw actually needs, so it can probably be cleaned up, but that's
a worry for another day.

Bug: http://b/231951809
Test: treehugger
Change-Id: I58a4c18d7943014ffdac4fd8185977b65b3ba1f7
2 files changed
tree: a32bff21a4a34794540e8b68a9f62b8c89e6c150
  1. include/
  2. tidy/
  3. abi_compatibility.cpp
  4. Android.bp
  5. chrono_utils.cpp
  6. chrono_utils_test.cpp
  7. cmsg.cpp
  8. cmsg_test.cpp
  9. CPPLINT.cfg
  10. endian_test.cpp
  11. errors_test.cpp
  12. errors_unix.cpp
  13. errors_windows.cpp
  14. expected_test.cpp
  15. file.cpp
  16. file_test.cpp
  17. format_benchmark.cpp
  18. function_ref_test.cpp
  19. hex.cpp
  20. hex_test.cpp
  21. logging.cpp
  22. logging_splitters.h
  23. logging_splitters_test.cpp
  24. logging_test.cpp
  25. macros_test.cpp
  26. mapped_file.cpp
  27. mapped_file_test.cpp
  28. no_destructor_test.cpp
  29. NOTICE
  30. OWNERS
  31. parsebool.cpp
  32. parsebool_test.cpp
  33. parsedouble_test.cpp
  34. parseint_test.cpp
  35. parsenetaddress.cpp
  36. parsenetaddress_fuzzer.cpp
  37. parsenetaddress_fuzzer.dict
  38. parsenetaddress_test.cpp
  39. posix_strerror_r.cpp
  40. PREUPLOAD.cfg
  41. process.cpp
  42. process_test.cpp
  43. properties.cpp
  44. properties_test.cpp
  45. README.md
  46. result_test.cpp
  47. result_test_constraint.cpp
  48. scopeguard_test.cpp
  49. stringprintf.cpp
  50. stringprintf_test.cpp
  51. strings.cpp
  52. strings_test.cpp
  53. test_main.cpp
  54. TEST_MAPPING
  55. test_utils.cpp
  56. test_utils_test.cpp
  57. threads.cpp
  58. utf8.cpp
  59. utf8_test.cpp
README.md

libbase

Who is this library for?

This library is a collection of convenience functions to make common tasks easier and less error-prone.

In this context, “error-prone” covers both “hard to do correctly” and “hard to do with good performance”, but as a general purpose library, libbase's primary focus is on making it easier to do things easily and correctly when a compromise has to be made between “simplest API” on the one hand and “fastest implementation” on the other. Though obviously the ideal is to have both.

Should my routine be added?

The intention is to cover the 80% use cases, not be all things to all users.

If you have a routine that‘s really useful in your project, congratulations. But that doesn’t mean it should be here rather than just in your project.

The question for libbase is “should everyone be doing this?”/“does this make everyone's code cleaner/safer?”. Historically we've considered the bar for inclusion to be “are there at least three unrelated projects that would be cleaned up by doing so”.

If your routine is actually something from a future C++ standard (that isn‘t yet in libc++), or it’s widely used in another library, that helps show that there's precedent. Being able to say “so-and-so has used this API for n years” is a good way to reduce concerns about API choices.

Any other restrictions?

Unlike most Android code, code in libbase has to build for Mac and Windows too.

Code here is also expected to have good test coverage.

By its nature, it‘s difficult to change libbase API. It’s often best to start using your routine just in your project, and let it “graduate” after you're certain that the API is solid.