| blob | b9c2d5e98d7a35d4e152d24440e35d5057892165 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* Utilities for hashing. */
9 /*
10 * This file exports functions for hashing data down to a uint32_t (a.k.a.
11 * mozilla::HashNumber), including:
12 *
13 * - HashString Hash a char* or char16_t/wchar_t* of known or unknown
14 * length.
15 *
16 * - HashBytes Hash a byte array of known length.
17 *
18 * - HashGeneric Hash one or more values. Currently, we support uint32_t,
19 * types which can be implicitly cast to uint32_t, data
20 * pointers, and function pointers.
21 *
22 * - AddToHash Add one or more values to the given hash. This supports the
23 * same list of types as HashGeneric.
24 *
25 *
26 * You can chain these functions together to hash complex objects. For example:
27 *
28 * class ComplexObject
29 * {
30 * char* mStr;
31 * uint32_t mUint1, mUint2;
32 * void (*mCallbackFn)();
33 *
34 * public:
35 * HashNumber hash()
36 * {
37 * HashNumber hash = HashString(mStr);
38 * hash = AddToHash(hash, mUint1, mUint2);
39 * return AddToHash(hash, mCallbackFn);
40 * }
41 * };
42 *
43 * If you want to hash an nsAString or nsACString, use the HashString functions
44 * in nsHashKeys.h.
45 */
47 #ifndef mozilla_HashFunctions_h
48 #define mozilla_HashFunctions_h
57 #include <stdint.h>
58 #include <type_traits>
65 /**
66 * The golden ratio as a 32-bit fixed-point value.
67 */
70 /*
71 * Given a raw hash code, h, return a number that can be used to select a hash
72 * bucket.
73 *
74 * This function aims to produce as uniform an output distribution as possible,
75 * especially in the most significant (leftmost) bits, even though the input
76 * distribution may be highly nonrandom, given the constraints that this must
77 * be deterministic and quick to compute.
78 *
79 * Since the leftmost bits of the result are best, the hash bucket index is
80 * computed by doing ScrambleHashCode(h) / (2^32/N) or the equivalent
81 * right-shift, not ScrambleHashCode(h) % N or the equivalent bit-mask.
82 */
84 /*
85 * Simply returning h would not cause any hash tables to produce wrong
86 * answers. But it can produce pathologically bad performance: The caller
87 * right-shifts the result, keeping only the highest bits. The high bits of
88 * hash codes are very often completely entropy-free. (So are the lowest
89 * bits.)
90 *
91 * So we use Fibonacci hashing, as described in Knuth, The Art of Computer
92 * Programming, 6.4. This mixes all the bits of the input hash code h.
93 *
94 * The value of goldenRatio is taken from the hex expansion of the golden
95 * ratio, which starts 1.9E3779B9.... This value is especially good if
96 * values with consecutive hash codes are stored in a hash table; see Knuth
97 * for details.
98 */
100 }
104 MOZ_NO_SANITIZE_UNSIGNED_OVERFLOW
107 }
110 /*
111 * This is the meat of all our hash routines. This hash function is not
112 * particularly sophisticated, but it seems to work well for our mostly
113 * plain-text inputs. Implementation notes follow.
114 *
115 * Our use of the golden ratio here is arbitrary; we could pick almost any
116 * number which:
117 *
118 * * is odd (because otherwise, all our hash values will be even)
119 *
120 * * has a reasonably-even mix of 1's and 0's (consider the extreme case
121 * where we multiply by 0x3 or 0xeffffff -- this will not produce good
122 * mixing across all bits of the hash).
123 *
124 * The rotation length of 5 is also arbitrary, although an odd number is again
125 * preferable so our hash explores the whole universe of possible rotations.
126 *
127 * Finally, we multiply by the golden ratio *after* xor'ing, not before.
128 * Otherwise, if |aHash| is 0 (as it often is for the beginning of a
129 * message), the expression
130 *
131 * mozilla::WrappingMultiply(kGoldenRatioU32, RotateLeft5(aHash))
132 * |xor|
133 * aValue
134 *
135 * evaluates to |aValue|.
136 *
137 * (Number-theoretic aside: Because any odd number |m| is relatively prime to
138 * our modulus (2**32), the list
139 *
140 * [x * m (mod 2**32) for 0 <= x < 2**32]
141 *
142 * has no duplicate elements. This means that multiplying by |m| does not
143 * cause us to skip any possible hash values.
144 *
145 * It's also nice if |m| has large-ish order mod 2**32 -- that is, if the
146 * smallest k such that m**k == 1 (mod 2**32) is large -- so we can safely
147 * multiply our hash value by |m| a few times without negating the
148 * multiplicative effect. Our golden ratio constant has order 2**29, which is
149 * more than enough for our purposes.)
150 */
153 }
155 /**
156 * AddUintNToHash takes sizeof(int_type) as a template parameter.
157 * Changes to these functions need to be propagated to
158 * MacroAssembler::prepareHashNonGCThing, which inlines them manually for
159 * the JIT.
160 */
164 }
171 }
175 /**
176 * AddToHash takes a hash and some values and returns a new hash based on the
177 * inputs.
178 *
179 * Currently, we support hashing uint32_t's, values which we can implicitly
180 * convert to uint32_t, data pointers, and function pointers.
181 */
186 /*
187 * Try to convert |A| to uint32_t implicitly. If this works, great. If not,
188 * we'll error out.
189 */
191 }
195 /*
196 * You might think this function should just take a void*. But then we'd only
197 * catch data pointers and couldn't handle function pointers.
198 */
203 }
205 // We use AddUintNToHash() for hashing all integral types. 8-byte integral
206 // types are treated the same as 64-bit pointers, and smaller integral types are
207 // first implicitly converted to 32 bits and then passed to AddUintNToHash()
208 // to be hashed.
212 }
216 // Hash using AddUintNToHash with the underlying type of the enum type
220 }
225 }
227 /**
228 * The HashGeneric class of functions let you hash one or more values.
229 *
230 * If you want to hash together two values x and y, calling HashGeneric(x, y) is
231 * much better than calling AddToHash(x, y), because AddToHash(x, y) assumes
232 * that x has already been hashed.
233 */
237 }
239 /**
240 * Hash successive |*aIter| until |!*aIter|, i.e. til null-termination.
241 *
242 * This function is *not* named HashString like the non-template overloads
243 * below. Some users define HashString overloads and pass inexactly-matching
244 * values to them -- but an inexactly-matching value would match this overload
245 * instead! We follow the general rule and don't mix and match template and
246 * regular overloads to avoid this.
247 *
248 * If you have the string's length, call HashStringKnownLength: it may be
249 * marginally faster.
250 */
256 }
258 }
260 /**
261 * Hash successive |aIter[i]| up to |i == aLength|.
262 */
269 }
271 }
273 /**
274 * The HashString overloads below do just what you'd expect.
275 *
276 * These functions are non-template functions so that users can 1) overload them
277 * with their own types 2) in a way that allows implicit conversions to happen.
278 */
280 // Use the |const unsigned char*| version of the above so that all ordinary
281 // character data hashes identically.
283 }
286 // Delegate to the |const unsigned char*| version of the above to share
287 // template instantiations.
289 aLength);
290 }
295 }
299 }
304 }
306 /**
307 * HashString overloads for |wchar_t| on platforms where it isn't |char16_t|.
308 */
314 }
321 }
323 /**
324 * Hash some number of bytes.
325 *
326 * This hash walks word-by-word, rather than byte-by-byte, so you won't get the
327 * same result out of HashBytes as you would out of HashString.
328 */
332 /**
333 * A pseudorandom function mapping 32-bit integers to 32-bit integers.
334 *
335 * This is for when you're feeding private data (like pointer values or credit
336 * card numbers) to a non-crypto hash function (like HashBytes) and then using
337 * the hash code for something that untrusted parties could observe (like a JS
338 * Map). Plug in a HashCodeScrambler before that last step to avoid leaking the
339 * private data.
340 *
341 * By itself, this does not prevent hash-flooding DoS attacks, because an
342 * attacker can still generate many values with exactly equal hash codes by
343 * attacking the non-crypto hash function alone. Equal hash codes will, of
344 * course, still be equal however much you scramble them.
345 *
346 * The algorithm is SipHash-1-3. See <https://131002.net/siphash/>.
347 */
354 /** Creates a new scrambler with the given 128-bit key. */
358 /**
359 * Scramble a hash code. Always produces the same result for the same
360 * combination of key and hash code.
361 */
365 }
369 }
373 }
378 // 1. Initialization.
383 }
386 // 2. Compression.
391 // 3. Finalization.
395 }
412 }
415 };
416 };