// Copyright 2024, The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

//! This file provides one possible implementation of the sysdeps functions for libavb.
//! Global allocator is required.

#![cfg_attr(not(test), no_std)]

extern crate alloc;
use alloc::alloc::{alloc, dealloc};
use core::{
    alloc::Layout,
    cmp::{min, Ord},
    ffi::CStr,
    mem::size_of,
    ptr::{null_mut, NonNull},
};

/// `avb_malloc_()` requires allocation to be word aligned.
const AVB_MALLOC_ALIGNMENT: usize = 2;

#[no_mangle]
pub extern "C" fn avb_abort() -> ! {
    panic!("avb_abort");
}

#[no_mangle]
pub extern "C" fn avb_malloc_(size: usize) -> *mut core::ffi::c_void {
    (|| {
        // Allocate extra to store the size value.
        let size = size_of::<usize>().checked_add(size)?;
        // SAFETY:
        // *  On success, `alloc` guarantees to allocate enough memory.
        // * `size.to_le_bytes().as_ptr()` is guaranteed valid memory.
        // * Alignment is 1 for bytes copy.
        unsafe {
            let ptr =
                NonNull::new(alloc(Layout::from_size_align(size, AVB_MALLOC_ALIGNMENT).ok()?))?;
            ptr.as_ptr().copy_from(size.to_le_bytes().as_ptr(), size_of::<usize>());
            let ptr = ptr.as_ptr().add(size_of::<usize>());
            Some(ptr)
        }
    })()
    .unwrap_or(null_mut()) as _
}

#[no_mangle]
pub extern "C" fn avb_free(ptr: *mut core::ffi::c_void) {
    assert_ne!(ptr, null_mut());
    let mut ptr = ptr as *mut u8;
    let mut size_bytes = [0u8; size_of::<usize>()];
    // SAFETY:
    // * `ptr` is allocated by `avb_malloc_` and guarantees to have enough memory for a preceding
    //   usize value and payload.
    // * `size_bytes.as_mut_ptr()` is a valid memory location.
    // * Alignment is 1 for bytes copy.
    unsafe {
        ptr = ptr.sub(size_of::<usize>());
        ptr.copy_to(size_bytes.as_mut_ptr(), size_of::<usize>())
    };
    let size = usize::from_le_bytes(size_bytes);
    // SAFETY: Call to global allocator.
    unsafe { dealloc(ptr, Layout::from_size_align(size, AVB_MALLOC_ALIGNMENT).unwrap()) };
}

#[no_mangle]
pub extern "C" fn avb_strlen(s: *const core::ffi::c_char) -> usize {
    // SAFETY: libavb guarantees to pass valid NULL-terminated strings to this function. The
    // returned reference is only used to compute string length.
    unsafe { CStr::from_ptr(s as *const _) }.to_bytes().len()
}

#[no_mangle]
pub extern "C" fn avb_div_by_10(dividend: *mut u64) -> u32 {
    // SAFETY: libavb guarantees to pass valid pointer to u64 integer here
    let val = unsafe { &mut *dividend };
    let rem = *val % 10;
    *val /= 10;
    rem.try_into().unwrap()
}

#[no_mangle]
pub extern "C" fn avb_memcpy(
    dest: *mut core::ffi::c_void,
    src: *const core::ffi::c_void,
    n: usize,
) -> *mut core::ffi::c_void {
    // SAFETY: libavb guarantees to pass valid pointers.
    unsafe { (src.cast::<u8>()).copy_to(dest as *mut _, n) };
    dest
}

#[no_mangle]
pub extern "C" fn avb_memcmp(
    src1: *const core::ffi::c_void,
    src2: *const core::ffi::c_void,
    n: usize,
) -> core::ffi::c_int {
    // SAFETY: libavb guarantees to pass valid pointers. References are only used within function.
    let (lhs, rhs) = unsafe {
        (
            core::slice::from_raw_parts(src1 as *const u8, n),
            core::slice::from_raw_parts(src2 as *const u8, n),
        )
    };
    Ord::cmp(lhs, rhs) as i32
}

#[no_mangle]
pub extern "C" fn avb_strcmp(
    s1: *const core::ffi::c_char,
    s2: *const core::ffi::c_char,
) -> core::ffi::c_int {
    // SAFETY: libavb guarantees to pass valid NULL-terminated strings. References are only used
    // within function.
    let (lhs, rhs) = unsafe { (CStr::from_ptr(s1 as *const _), CStr::from_ptr(s2 as *const _)) };
    Ord::cmp(lhs, rhs) as i32
}

#[no_mangle]
pub extern "C" fn avb_strncmp(
    s1: *const core::ffi::c_char,
    s2: *const core::ffi::c_char,
    n: usize,
) -> core::ffi::c_int {
    // SAFETY: libavb guarantees to pass valid NULL-terminated strings. References are only used
    // within function.
    let (lhs, rhs) = unsafe { (CStr::from_ptr(s1 as *const _), CStr::from_ptr(s2 as *const _)) };
    let cmp_size = min(min(lhs.to_bytes().len(), rhs.to_bytes().len()), n);
    Ord::cmp(&lhs.to_bytes()[..cmp_size], &rhs.to_bytes()[..cmp_size]) as i32
}

#[no_mangle]
pub extern "C" fn avb_memset(
    dest: *mut core::ffi::c_void,
    c: core::ffi::c_int,
    n: usize,
) -> *mut core::ffi::c_void {
    // SAFETY: libavb guarantees to pass valid buffer. Reference is only used within function.
    let arr = unsafe { core::slice::from_raw_parts_mut(dest as *mut u8, n) };
    arr.fill(c as u8);
    dest
}