UnguessableToken: Clarify and assert postcondition Explicitly document and CHECK that a randomly created base::Token or base::UnguessableToken are non-zero. This ensures self-consistency in the API contract, because previously this assumption was implicitly baked into the class: [de]serialization methods were DCHECK'ing the token is non-zero, and besides that there was implicit assumption the probability of randomly generating all-zeroes is extremely low. But this CL makes this contract something to be relied upon at callsites. Change-Id: I54e0656b83827423718dbdc3f4ad3e4406ff10c9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4099384 Reviewed-by: Daniel Cheng <[email protected]> Commit-Queue: Maksim Ivanov <[email protected]> Cr-Commit-Position: refs/heads/main@{#1082829}

commit: 6177f0e977f26ea949f34e09c73f844b9fa29e77 [log] [tgz]
author: Maksim Ivanov <[email protected]> Wed Dec 14 00:32:49 2022
committer: Chromium LUCI CQ <[email protected]> Wed Dec 14 00:32:49 2022
tree: 8c349253dc660a5a4ae4d0d66d39776889989723
parent: 5a0513d4f4c3e43fd9e3b66fb70540600263308e [diff] [blame]
diff --git a/base/token.h b/base/token.h
index 4ad0ebf0..098ea5b 100644
--- a/base/token.h
+++ b/base/token.h

@@ -37,7 +37,8 @@
   constexpr Token& operator=(Token&&) = default;
 
   // Constructs a new Token with random |high| and |low| values taken from a
-  // cryptographically strong random source.
+  // cryptographically strong random source. The result's |is_zero()| is
+  // guaranteed to be false.
   static Token CreateRandom();
 
   // The high and low 64 bits of this Token.
commit	6177f0e977f26ea949f34e09c73f844b9fa29e77	[log] [tgz]
author	Maksim Ivanov <[email protected]>	Wed Dec 14 00:32:49 2022
committer	Chromium LUCI CQ <[email protected]>	Wed Dec 14 00:32:49 2022
tree	8c349253dc660a5a4ae4d0d66d39776889989723
parent	5a0513d4f4c3e43fd9e3b66fb70540600263308e [diff] [blame]