mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-01-31 11:37:35 +00:00
6e6fc38935
Commit bc6c183 introduced a bunch of discrepancies between what files
look like in the repo and what clang-format says they should look like.
However, there were already a few discrepancies prior to that. Most of
these discrepancies seemed to be unintentional, but a few of them were
load-bearing (e.g., a #include that violated header ordering needing
something to have been #defined by a 'later' #include.)
I opted to take what I hope is a relatively smooth-brained approach: I
reverted the .clang-format change, ran clang-format on the whole repo,
reapplied the .clang-format change, reran clang-format again, and then
reverted the commit that contained the first run. Thus the full effect
of this PR should only be to apply the changed formatting rules to the
repo, and from skimming the results, this seems to be the case.
My work can be checked by applying the short, manual commits, and then
rerunning the command listed in the autogenerated commits (those whose
messages I have prefixed auto:) and seeing if your results agree.
It might be that the other diffs should be fixed at some point but I'm
leaving that aside for now.
fd '\.c(c|pp)?$' --print0| xargs -0 clang-format -i
94 lines
4.5 KiB
C
94 lines
4.5 KiB
C
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
|
│ vi: set et ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi │
|
|
╞══════════════════════════════════════════════════════════════════════════════╡
|
|
│ Copyright 2022 Justine Alexandra Roberts Tunney │
|
|
│ │
|
|
│ Permission to use, copy, modify, and/or distribute this software for │
|
|
│ any purpose with or without fee is hereby granted, provided that the │
|
|
│ above copyright notice and this permission notice appear in all copies. │
|
|
│ │
|
|
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
|
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
|
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
|
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
|
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
|
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
|
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
|
│ PERFORMANCE OF THIS SOFTWARE. │
|
|
╚─────────────────────────────────────────────────────────────────────────────*/
|
|
#include "net/http/tokenbucket.h"
|
|
#include "libc/intrin/atomic.h"
|
|
|
|
/**
|
|
* Atomically increments all signed bytes in array, without overflowing.
|
|
*
|
|
* Under the token bucket model, operations are denied by default unless
|
|
* tokens exist to allow them. This function must be called periodically
|
|
* from a single background thread to replenish the buckets with tokens.
|
|
* For example, this function may be called once per second which allows
|
|
* one operation per second on average with bursts up to 127 per second.
|
|
* This policy needn't be applied uniformly. For example, you might find
|
|
* out that a large corporation funnels all their traffic through one ip
|
|
* address, so you could replenish their tokens multiple times a second.
|
|
*
|
|
* @param w is word array that aliases byte token array
|
|
* @param n is number of 64-bit words in `w` array
|
|
*/
|
|
void ReplenishTokens(atomic_uint_fast64_t *w, size_t n) {
|
|
for (size_t i = 0; i < n; ++i) {
|
|
uint64_t a = atomic_load_explicit(w + i, memory_order_relaxed);
|
|
if (a == 0x7f7f7f7f7f7f7f7f)
|
|
continue;
|
|
uint64_t b = 0x8080808080808080;
|
|
uint64_t c = 0x7f7f7f7f7f7f7f7f ^ a;
|
|
uint64_t d = ((((c >> 1 | b) - c) & b) ^ b) >> 7;
|
|
atomic_fetch_add_explicit(w + i, d, memory_order_relaxed);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Atomically decrements signed byte index if it's positive.
|
|
*
|
|
* Multiple threads are able to call this method, to determine if enough
|
|
* tokens exist to perform an operation. Return values greater than zero
|
|
* mean a token was atomically acquired. Values less than, or equal zero
|
|
* means the bucket is empty. There must exist `1 << c` signed bytes (or
|
|
* buckets) in the `b` array.
|
|
*
|
|
* Since this design uses signed bytes, your returned number may be used
|
|
* to control how much burstiness is allowed. For example:
|
|
*
|
|
* int t = AcquireToken(tok.b, ip, 22);
|
|
* if (t < 64) {
|
|
* if (t > 8) write(client, "HTTP/1.1 429 \r\n\r\n", 17);
|
|
* close(client);
|
|
* return;
|
|
* }
|
|
*
|
|
* Could be used to send rejections to clients that exceed their tokens,
|
|
* whereas clients who've grossly exceeded their tokens, could simply be
|
|
* dropped.
|
|
*
|
|
* @param b is array of token buckets
|
|
* @param x is ipv4 address
|
|
* @param c is cidr
|
|
*/
|
|
int AcquireToken(atomic_schar *b, uint32_t x, int c) {
|
|
uint32_t i = x >> (32 - c);
|
|
int t = atomic_load_explicit(b + i, memory_order_relaxed);
|
|
if (t <= 0)
|
|
return t;
|
|
return atomic_fetch_add_explicit(b + i, -1, memory_order_relaxed);
|
|
}
|
|
|
|
/**
|
|
* Returns current number of tokens in bucket.
|
|
*
|
|
* @param b is array of token buckets
|
|
* @param x is ipv4 address
|
|
* @param c is cidr
|
|
*/
|
|
int CountTokens(atomic_schar *b, uint32_t x, int c) {
|
|
uint32_t i = x >> (32 - c);
|
|
return atomic_load_explicit(b + i, memory_order_relaxed);
|
|
}
|