Removed unsafe string mutation (#31850)

gfoidl · web-flow · commit a4bc912c18b8 · 2021-04-21T17:52:28.000-07:00
diff --git a/src/DataProtection/Cryptography.Internal/src/SafeHandles/BCryptAlgorithmHandle.cs b/src/DataProtection/Cryptography.Internal/src/SafeHandles/BCryptAlgorithmHandle.cs
@@ -65,25 +65,22 @@ public BCryptKeyHandle GenerateSymmetricKey(byte* pbSecret, uint cbSecret)
         /// </summary>
         public string GetAlgorithmName()
         {
+            const int StackAllocCharSize = 128;
+
             // First, calculate how many characters are in the name.
             uint byteLengthOfNameWithTerminatingNull = GetProperty(Constants.BCRYPT_ALGORITHM_NAME, null, 0);
-            CryptoUtil.Assert(byteLengthOfNameWithTerminatingNull % sizeof(char) == 0 && byteLengthOfNameWithTerminatingNull > sizeof(char), "byteLengthOfNameWithTerminatingNull % sizeof(char) == 0 && byteLengthOfNameWithTerminatingNull > sizeof(char)");
+            CryptoUtil.Assert(byteLengthOfNameWithTerminatingNull % sizeof(char) == 0 && byteLengthOfNameWithTerminatingNull > sizeof(char) && byteLengthOfNameWithTerminatingNull <= StackAllocCharSize * sizeof(char), "byteLengthOfNameWithTerminatingNull % sizeof(char) == 0 && byteLengthOfNameWithTerminatingNull > sizeof(char) && byteLengthOfNameWithTerminatingNull <= StackAllocCharSize * sizeof(char)");
             uint numCharsWithoutNull = (byteLengthOfNameWithTerminatingNull - 1) / sizeof(char);
 
             if (numCharsWithoutNull == 0)
             {
-                return String.Empty; // degenerate case
+                return string.Empty; // degenerate case
             }
 
-            // Allocate a string object and write directly into it (CLR team approves of this mechanism).
-            string retVal = new String((char)0, checked((int)numCharsWithoutNull));
-            uint numBytesCopied;
-            fixed (char* pRetVal = retVal)
-            {
-                numBytesCopied = GetProperty(Constants.BCRYPT_ALGORITHM_NAME, pRetVal, byteLengthOfNameWithTerminatingNull);
-            }
+            char* pBuffer = stackalloc char[StackAllocCharSize];
+            uint numBytesCopied = GetProperty(Constants.BCRYPT_ALGORITHM_NAME, pBuffer, byteLengthOfNameWithTerminatingNull);
             CryptoUtil.Assert(numBytesCopied == byteLengthOfNameWithTerminatingNull, "numBytesCopied == byteLengthOfNameWithTerminatingNull");
-            return retVal;
+            return new string(pBuffer, 0, (int)numCharsWithoutNull);
         }
 
         /// <summary>
diff --git a/src/Servers/Kestrel/Core/src/Internal/Infrastructure/HttpUtilities.cs b/src/Servers/Kestrel/Core/src/Internal/Infrastructure/HttpUtilities.cs
@@ -28,8 +28,7 @@ internal static partial class HttpUtilities
         private const ulong _http11VersionLong = 3543824036068086856; // GetAsciiStringAsLong("HTTP/1.1"); const results in better codegen
 
         private static readonly UTF8EncodingSealed DefaultRequestHeaderEncoding = new UTF8EncodingSealed();
-        private static readonly SpanAction<char, IntPtr> _getHeaderName = GetHeaderName;
-        private static readonly SpanAction<char, IntPtr> _getAsciiStringNonNullCharacters = GetAsciiStringNonNullCharacters;
+        private static readonly SpanAction<char, IntPtr> s_getHeaderName = GetHeaderName;
 
         [MethodImpl(MethodImplOptions.AggressiveInlining)]
         private static void SetKnownMethod(ulong mask, ulong knownMethodUlong, HttpMethod knownMethod, int length)
@@ -86,15 +85,15 @@ public static unsafe string GetHeaderName(this ReadOnlySpan<byte> span)
 
             fixed (byte* source = &MemoryMarshal.GetReference(span))
             {
-                return string.Create(span.Length, new IntPtr(source), _getHeaderName);
+                return string.Create(span.Length, new IntPtr(source), s_getHeaderName);
             }
         }
 
         private static unsafe void GetHeaderName(Span<char> buffer, IntPtr state)
         {
             fixed (char* output = &MemoryMarshal.GetReference(buffer))
             {
-                // This version if AsciiUtilities returns null if there are any null (0 byte) characters
+                // This version of AsciiUtilities returns null if there are any null (0 byte) characters
                 // in the string
                 if (!StringUtilities.TryGetAsciiString((byte*)state.ToPointer(), output, buffer.Length))
                 {
@@ -104,38 +103,11 @@ private static unsafe void GetHeaderName(Span<char> buffer, IntPtr state)
         }
 
         public static string GetAsciiStringNonNullCharacters(this Span<byte> span)
-            => GetAsciiStringNonNullCharacters((ReadOnlySpan<byte>)span);
-
-        [MethodImpl(MethodImplOptions.AggressiveInlining)]
-        public static unsafe string GetAsciiStringNonNullCharacters(this ReadOnlySpan<byte> span)
-        {
-            if (span.IsEmpty)
-            {
-                return string.Empty;
-            }
-
-            fixed (byte* source = &MemoryMarshal.GetReference(span))
-            {
-                return string.Create(span.Length, new IntPtr(source), _getAsciiStringNonNullCharacters);
-            }
-        }
+            => StringUtilities.GetAsciiStringNonNullCharacters(span);
 
         public static string GetAsciiOrUTF8StringNonNullCharacters(this ReadOnlySpan<byte> span)
             => StringUtilities.GetAsciiOrUTF8StringNonNullCharacters(span, DefaultRequestHeaderEncoding);
 
-        private static unsafe void GetAsciiStringNonNullCharacters(Span<char> buffer, IntPtr state)
-        {
-            fixed (char* output = &MemoryMarshal.GetReference(buffer))
-            {
-                // StringUtilities.TryGetAsciiString returns null if there are any null (0 byte) characters
-                // in the string
-                if (!StringUtilities.TryGetAsciiString((byte*)state.ToPointer(), output, buffer.Length))
-                {
-                    throw new InvalidOperationException();
-                }
-            }
-        }
-
         public static string GetRequestHeaderString(this ReadOnlySpan<byte> span, string name, Func<string, Encoding?> encodingSelector)
         {
             if (ReferenceEquals(KestrelServerOptions.DefaultRequestHeaderEncodingSelector, encodingSelector))
diff --git a/src/Shared/Http2cat/Http2Utilities.cs b/src/Shared/Http2cat/Http2Utilities.cs
@@ -144,64 +144,7 @@ public Http2Utilities(ConnectionContext clientConnectionContext, ILogger logger,
 
         void IHttpHeadersHandler.OnHeader(ReadOnlySpan<byte> name, ReadOnlySpan<byte> value)
         {
-            _decodedHeaders[GetAsciiStringNonNullCharacters(name)] = GetAsciiOrUTF8StringNonNullCharacters(value);
-        }
-
-        public unsafe string GetAsciiStringNonNullCharacters(ReadOnlySpan<byte> span)
-        {
-            if (span.IsEmpty)
-            {
-                return string.Empty;
-            }
-
-            var asciiString = new string('\0', span.Length);
-
-            fixed (char* output = asciiString)
-            fixed (byte* buffer = span)
-            {
-                // This version if AsciiUtilities returns null if there are any null (0 byte) characters
-                // in the string
-                if (!StringUtilities.TryGetAsciiString(buffer, output, span.Length))
-                {
-                    throw new InvalidOperationException();
-                }
-            }
-            return asciiString;
-        }
-
-        public unsafe string GetAsciiOrUTF8StringNonNullCharacters(ReadOnlySpan<byte> span)
-        {
-            if (span.IsEmpty)
-            {
-                return string.Empty;
-            }
-
-            var resultString = new string('\0', span.Length);
-
-            fixed (char* output = resultString)
-            fixed (byte* buffer = span)
-            {
-                // This version if AsciiUtilities returns null if there are any null (0 byte) characters
-                // in the string
-                if (!StringUtilities.TryGetAsciiString(buffer, output, span.Length))
-                {
-                    // null characters are considered invalid
-                    if (span.IndexOf((byte)0) != -1)
-                    {
-                        throw new InvalidOperationException();
-                    }
-
-                    try
-                    {
-                        resultString = HeaderValueEncoding.GetString(buffer, span.Length);
-                    }
-                    catch (DecoderFallbackException)
-                    {
-                        throw new InvalidOperationException();
-                    }
-                }
-            }
-            return resultString;
+            _decodedHeaders[name.GetAsciiStringNonNullCharacters()] = value.GetAsciiOrUTF8StringNonNullCharacters(HeaderValueEncoding);
         }
 
         void IHttpHeadersHandler.OnHeadersComplete(bool endStream) { }
diff --git a/src/Shared/ServerInfrastructure/StringUtilities.cs b/src/Shared/ServerInfrastructure/StringUtilities.cs
@@ -17,10 +17,10 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure
 {
     internal static class StringUtilities
     {
-        private static readonly SpanAction<char, IntPtr> s_getAsciiOrUtf8StringNonNullCharacters = GetAsciiStringNonNullCharacters;
-
-        private static string GetAsciiOrUTF8StringNonNullCharacters(this Span<byte> span, Encoding defaultEncoding)
-            => GetAsciiOrUTF8StringNonNullCharacters((ReadOnlySpan<byte>)span, defaultEncoding);
+        private static readonly SpanAction<char, IntPtr> s_getAsciiOrUTF8StringNonNullCharacters = GetAsciiStringNonNullCharactersWithMarker;
+        private static readonly SpanAction<char, IntPtr> s_getAsciiStringNonNullCharacters = GetAsciiStringNonNullCharacters;
+        private static readonly SpanAction<char, IntPtr> s_getLatin1StringNonNullCharacters = GetLatin1StringNonNullCharacters;
+        private static readonly SpanAction<char, (string? str, char separator, uint number)> s_populateSpanWithHexSuffix = PopulateSpanWithHexSuffix;
 
         public static unsafe string GetAsciiOrUTF8StringNonNullCharacters(this ReadOnlySpan<byte> span, Encoding defaultEncoding)
         {
@@ -31,7 +31,7 @@ public static unsafe string GetAsciiOrUTF8StringNonNullCharacters(this ReadOnlyS
 
             fixed (byte* source = &MemoryMarshal.GetReference(span))
             {
-                var resultString = string.Create(span.Length, new IntPtr(source), s_getAsciiOrUtf8StringNonNullCharacters);
+                var resultString = string.Create(span.Length, (IntPtr)source, s_getAsciiOrUTF8StringNonNullCharacters);
 
                 // If resultString is marked, perform UTF-8 encoding
                 if (resultString[0] == '\0')
@@ -56,11 +56,11 @@ public static unsafe string GetAsciiOrUTF8StringNonNullCharacters(this ReadOnlyS
             }
         }
 
-        private static unsafe void GetAsciiStringNonNullCharacters(Span<char> buffer, IntPtr state)
+        private static unsafe void GetAsciiStringNonNullCharactersWithMarker(Span<char> buffer, IntPtr state)
         {
             fixed (char* output = &MemoryMarshal.GetReference(buffer))
             {
-                // This version if AsciiUtilities returns false if there are any null ('\0') or non-Ascii
+                // This version of AsciiUtilities returns false if there are any null ('\0') or non-Ascii
                 // character (> 127) in the string.
                 if (!TryGetAsciiString((byte*)state.ToPointer(), output, buffer.Length))
                 {
@@ -70,27 +70,55 @@ private static unsafe void GetAsciiStringNonNullCharacters(Span<char> buffer, In
             }
         }
 
+        public static unsafe string GetAsciiStringNonNullCharacters(this ReadOnlySpan<byte> span)
+        {
+            if (span.IsEmpty)
+            {
+                return string.Empty;
+            }
+
+            fixed (byte* source = &MemoryMarshal.GetReference(span))
+            {
+                return string.Create(span.Length, (IntPtr)source, s_getAsciiStringNonNullCharacters);
+            }
+        }
+
+        private static unsafe void GetAsciiStringNonNullCharacters(Span<char> buffer, IntPtr state)
+        {
+            fixed (char* output = &MemoryMarshal.GetReference(buffer))
+            {
+                // This version of AsciiUtilities returns false if there are any null ('\0') or non-Ascii
+                // character (> 127) in the string.
+                if (!TryGetAsciiString((byte*)state.ToPointer(), output, buffer.Length))
+                {
+                    throw new InvalidOperationException();
+                }
+            }
+        }
+
         public static unsafe string GetLatin1StringNonNullCharacters(this ReadOnlySpan<byte> span)
         {
             if (span.IsEmpty)
             {
                 return string.Empty;
             }
 
-            var resultString = new string('\0', span.Length);
+            fixed (byte* source = &MemoryMarshal.GetReference(span))
+            {
+                return string.Create(span.Length, (IntPtr)source, s_getLatin1StringNonNullCharacters);
+            }
+        }
 
-            fixed (char* output = resultString)
-            fixed (byte* buffer = span)
+        private static unsafe void GetLatin1StringNonNullCharacters(Span<char> buffer, IntPtr state)
+        {
+            fixed (char* output = &MemoryMarshal.GetReference(buffer))
             {
-                // This returns false if there are any null (0 byte) characters in the string.
-                if (!TryGetLatin1String(buffer, output, span.Length))
+                if (!TryGetLatin1String((byte*)state.ToPointer(), output, buffer.Length))
                 {
                     // null characters are considered invalid
                     throw new InvalidOperationException();
                 }
             }
-
-            return resultString;
         }
 
         [MethodImpl(MethodImplOptions.AggressiveOptimization)]
@@ -299,7 +327,7 @@ public static unsafe bool TryGetLatin1String(byte* input, char* output, int coun
                 // If Vector not-accelerated or remaining less than vector size
                 if (!Vector.IsHardwareAccelerated || input > end - Vector<sbyte>.Count)
                 {
-                    if (IntPtr.Size == 8) // Use Intrinsic switch for branch elimination
+                    if (Environment.Is64BitProcess) // Use Intrinsic switch for branch elimination
                     {
                         // 64-bit: Loop longs by default
                         while (input <= end - sizeof(long))
@@ -403,10 +431,6 @@ public static bool BytesOrdinalEqualsStringAndAscii(string previousValue, ReadOn
                 goto NotEqual;
             }
 
-            // Use IntPtr values rather than int, to avoid unnecessary 32 -> 64 movs on 64-bit.
-            // Unfortunately this means we also need to cast to byte* for comparisons as IntPtr doesn't
-            // support operator comparisons (e.g. <=, >, etc).
-            //
             // Note: Pointer comparison is unsigned, so we use the compare pattern (offset + length <= count)
             // rather than (offset <= count - length) which we'd do with signed comparison to avoid overflow.
             // This isn't problematic as we know the maximum length is max string length (from test above)
@@ -666,7 +690,6 @@ private static bool IsValidHeaderString(string value)
                 return false;
             }
         }
-        private static readonly SpanAction<char, (string? str, char separator, uint number)> s_populateSpanWithHexSuffix = PopulateSpanWithHexSuffix;
 
         /// <summary>
         /// A faster version of String.Concat(<paramref name="str"/>, <paramref name="separator"/>, <paramref name="number"/>.ToString("X8"))

Original file line number	Diff line number	Diff line change
`@@ -17,10 +17,10 @@ namespace Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Infrastructure`
`17`	`17`	`{`
`18`	`18`	`internal static class StringUtilities`
`19`	`19`	`{`
`20`		`- private static readonly SpanAction<char, IntPtr> s_getAsciiOrUtf8StringNonNullCharacters = GetAsciiStringNonNullCharacters;`
`21`		`-`
`22`		`- private static string GetAsciiOrUTF8StringNonNullCharacters(this Span<byte> span, Encoding defaultEncoding)`
`23`		`- => GetAsciiOrUTF8StringNonNullCharacters((ReadOnlySpan<byte>)span, defaultEncoding);`
	`20`	`+ private static readonly SpanAction<char, IntPtr> s_getAsciiOrUTF8StringNonNullCharacters = GetAsciiStringNonNullCharactersWithMarker;`
	`21`	`+ private static readonly SpanAction<char, IntPtr> s_getAsciiStringNonNullCharacters = GetAsciiStringNonNullCharacters;`
	`22`	`+ private static readonly SpanAction<char, IntPtr> s_getLatin1StringNonNullCharacters = GetLatin1StringNonNullCharacters;`
	`23`	`+ private static readonly SpanAction<char, (string? str, char separator, uint number)> s_populateSpanWithHexSuffix = PopulateSpanWithHexSuffix;`
`24`	`24`
`25`	`25`	`public static unsafe string GetAsciiOrUTF8StringNonNullCharacters(this ReadOnlySpan<byte> span, Encoding defaultEncoding)`
`26`	`26`	`{`
`@@ -31,7 +31,7 @@ public static unsafe string GetAsciiOrUTF8StringNonNullCharacters(this ReadOnlyS`
`31`	`31`
`32`	`32`	`fixed (byte* source = &MemoryMarshal.GetReference(span))`
`33`	`33`	`{`
`34`		`- var resultString = string.Create(span.Length, new IntPtr(source), s_getAsciiOrUtf8StringNonNullCharacters);`
	`34`	`+ var resultString = string.Create(span.Length, (IntPtr)source, s_getAsciiOrUTF8StringNonNullCharacters);`
`35`	`35`
`36`	`36`	`// If resultString is marked, perform UTF-8 encoding`
`37`	`37`	`if (resultString[0] == '\0')`
`@@ -56,11 +56,11 @@ public static unsafe string GetAsciiOrUTF8StringNonNullCharacters(this ReadOnlyS`
`56`	`56`	`}`
`57`	`57`	`}`
`58`	`58`
`59`		`- private static unsafe void GetAsciiStringNonNullCharacters(Span<char> buffer, IntPtr state)`
	`59`	`+ private static unsafe void GetAsciiStringNonNullCharactersWithMarker(Span<char> buffer, IntPtr state)`
`60`	`60`	`{`
`61`	`61`	`fixed (char* output = &MemoryMarshal.GetReference(buffer))`
`62`	`62`	`{`
`63`		`- // This version if AsciiUtilities returns false if there are any null ('\0') or non-Ascii`
	`63`	`+ // This version of AsciiUtilities returns false if there are any null ('\0') or non-Ascii`
`64`	`64`	`// character (> 127) in the string.`
`65`	`65`	`if (!TryGetAsciiString((byte*)state.ToPointer(), output, buffer.Length))`
`66`	`66`	`{`
`@@ -70,27 +70,55 @@ private static unsafe void GetAsciiStringNonNullCharacters(Span<char> buffer, In`
`70`	`70`	`}`
`71`	`71`	`}`
`72`	`72`
	`73`	`+ public static unsafe string GetAsciiStringNonNullCharacters(this ReadOnlySpan<byte> span)`
	`74`	`+ {`
	`75`	`+ if (span.IsEmpty)`
	`76`	`+ {`
	`77`	`+ return string.Empty;`
	`78`	`+ }`
	`79`	`+`
	`80`	`+ fixed (byte* source = &MemoryMarshal.GetReference(span))`
	`81`	`+ {`
	`82`	`+ return string.Create(span.Length, (IntPtr)source, s_getAsciiStringNonNullCharacters);`
	`83`	`+ }`
	`84`	`+ }`
	`85`	`+`
	`86`	`+ private static unsafe void GetAsciiStringNonNullCharacters(Span<char> buffer, IntPtr state)`
	`87`	`+ {`
	`88`	`+ fixed (char* output = &MemoryMarshal.GetReference(buffer))`
	`89`	`+ {`
	`90`	`+ // This version of AsciiUtilities returns false if there are any null ('\0') or non-Ascii`
	`91`	`+ // character (> 127) in the string.`
	`92`	`+ if (!TryGetAsciiString((byte*)state.ToPointer(), output, buffer.Length))`
	`93`	`+ {`
	`94`	`+ throw new InvalidOperationException();`
	`95`	`+ }`
	`96`	`+ }`
	`97`	`+ }`
	`98`	`+`
`73`	`99`	`public static unsafe string GetLatin1StringNonNullCharacters(this ReadOnlySpan<byte> span)`
`74`	`100`	`{`
`75`	`101`	`if (span.IsEmpty)`
`76`	`102`	`{`
`77`	`103`	`return string.Empty;`
`78`	`104`	`}`
`79`	`105`
`80`		`- var resultString = new string('\0', span.Length);`
	`106`	`+ fixed (byte* source = &MemoryMarshal.GetReference(span))`
	`107`	`+ {`
	`108`	`+ return string.Create(span.Length, (IntPtr)source, s_getLatin1StringNonNullCharacters);`
	`109`	`+ }`
	`110`	`+ }`
`81`	`111`
`82`		`- fixed (char* output = resultString)`
`83`		`- fixed (byte* buffer = span)`
	`112`	`+ private static unsafe void GetLatin1StringNonNullCharacters(Span<char> buffer, IntPtr state)`
	`113`	`+ {`
	`114`	`+ fixed (char* output = &MemoryMarshal.GetReference(buffer))`
`84`	`115`	`{`
`85`		`- // This returns false if there are any null (0 byte) characters in the string.`
`86`		`- if (!TryGetLatin1String(buffer, output, span.Length))`
	`116`	`+ if (!TryGetLatin1String((byte*)state.ToPointer(), output, buffer.Length))`
`87`	`117`	`{`
`88`	`118`	`// null characters are considered invalid`
`89`	`119`	`throw new InvalidOperationException();`
`90`	`120`	`}`
`91`	`121`	`}`
`92`		`-`
`93`		`- return resultString;`
`94`	`122`	`}`
`95`	`123`
`96`	`124`	`[MethodImpl(MethodImplOptions.AggressiveOptimization)]`
`@@ -299,7 +327,7 @@ public static unsafe bool TryGetLatin1String(byte* input, char* output, int coun`
`299`	`327`	`// If Vector not-accelerated or remaining less than vector size`
`300`	`328`	`if (!Vector.IsHardwareAccelerated \|\| input > end - Vector<sbyte>.Count)`
`301`	`329`	`{`
`302`		`- if (IntPtr.Size == 8) // Use Intrinsic switch for branch elimination`
	`330`	`+ if (Environment.Is64BitProcess) // Use Intrinsic switch for branch elimination`
`303`	`331`	`{`
`304`	`332`	`// 64-bit: Loop longs by default`
`305`	`333`	`while (input <= end - sizeof(long))`
`@@ -403,10 +431,6 @@ public static bool BytesOrdinalEqualsStringAndAscii(string previousValue, ReadOn`
`403`	`431`	`goto NotEqual;`
`404`	`432`	`}`
`405`	`433`
`406`		`- // Use IntPtr values rather than int, to avoid unnecessary 32 -> 64 movs on 64-bit.`
`407`		`- // Unfortunately this means we also need to cast to byte* for comparisons as IntPtr doesn't`
`408`		`- // support operator comparisons (e.g. <=, >, etc).`
`409`		`- //`
`410`	`434`	`// Note: Pointer comparison is unsigned, so we use the compare pattern (offset + length <= count)`
`411`	`435`	`// rather than (offset <= count - length) which we'd do with signed comparison to avoid overflow.`
`412`	`436`	`// This isn't problematic as we know the maximum length is max string length (from test above)`
`@@ -666,7 +690,6 @@ private static bool IsValidHeaderString(string value)`
`666`	`690`	`return false;`
`667`	`691`	`}`
`668`	`692`	`}`
`669`		`- private static readonly SpanAction<char, (string? str, char separator, uint number)> s_populateSpanWithHexSuffix = PopulateSpanWithHexSuffix;`
`670`	`693`
`671`	`694`	`/// <summary>`
`672`	`695`	`/// A faster version of String.Concat(<paramref name="str"/>, <paramref name="separator"/>, <paramref name="number"/>.ToString("X8"))`