Optimize HashPrefixStore

[atuchin-m]

The PR:

• reduces the size of rewards publisher prefix storage by using another
• uses flatbuffers as a container.

The structure:
Each prefix is considered as the first 2 bytes (are used as index) + suffix.
Prefixes are stored as a collection where the first 2 bytes are used as an
index into the 'offsets' array (size 256*256 for all possible 2-byte values).
Each offset points to the position in 'all_suffixes' where the suffixes
for that prefix index begin.
Suffixes are stored contiguously for efficient binary search lookup.

Memory usage before = 1.7M * 4 = 6.5 MB
Memory usage after = Header + 256KB (offsets) + 1.7M * 2 (prefix_count * (prefix_size - 2)) = 3.5MB

When this version is installed the old RewardsCreators.db will be dropped, the prefixes will be re-downloaded.

Submitter Checklist:

• I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
• There is a ticket for my issue
• Used Github auto-closing keywords in the PR description above
• Wrote a good PR/commit description
• Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
• Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
• Checked the PR locally:
  • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
  • npm run presubmit wiki, npm run gn_check, npm run tslint
• Ran git rebase master (if needed)

Reviewer Checklist:

• A security review is not needed, or a link to one is included in the PR description
• New files have MPL-2.0 license header
• Adequate test coverage exists to prevent regressions
• Major classes, functions and non-trivial code blocks are well-commented
• Changes in component dependencies are properly reflected in gn
• Code follows the style guide
• Test plan is specified in PR before merging

After-merge Checklist:

• The associated issue milestone is set to the smallest version that the
  changes has landed on
• All relevant documentation has been updated, for instance:
  • https://github.com/brave/brave-browser/wiki/Deviations-from-Chromium-(features-we-disable-or-remove)
  • https://github.com/brave/brave-browser/wiki/Proxy-redirected-URLs
  • https://github.com/brave/brave-browser/wiki/Fingerprinting-Protections
  • https://github.com/brave/brave-browser/wiki/Brave%E2%80%99s-Use-of-Referral-Codes
  • https://github.com/brave/brave-browser/wiki/Web-Compatibility-Exceptions-in-Brave
  • https://github.com/brave/brave-browser/wiki/QA-Guide
  • https://github.com/brave/brave-browser/wiki/P3A

Test Plan:

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] Using reinterpret_cast against some data types may lead to undefined behaviour. In general, when needing to do these conversions, check how Chromium upstream does them. Most of the times a reinterpret_cast is wrong and there's no guarantee the compiler will generate the code that you thought it would.

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/reinterpret_cast.yaml


Cc @stoletheminerals @thypon @cdesouza-chromium

[cdesouza-chromium]

Flatbuffers is sad... can any of this be realistically spanified?

[atuchin-m]

@cdesouza-chromium
Flatbuffers supports snap and I use it here.
The problem is FB doesn't support char, only int8_t or uint8_t for array.
Because the surrounding code uses std::string_view, we have to convert somewhere span<uint8_t> to span/string_view<char>.

I've managed to remove reinterpret_cast. Also guarded the rest with static_assert for the source type.

[github-actions]

_{reported by reviewdog 🐶}
[semgrep] Using reinterpret_cast against some data types may lead to undefined behaviour. In general, when needing to do these conversions, check how Chromium upstream does them. Most of the times a reinterpret_cast is wrong and there's no guarantee the compiler will generate the code that you thought it would.

Source: https://github.com/brave/security-action/blob/main/assets/semgrep_rules/client/reinterpret_cast.yaml


Cc @stoletheminerals @thypon @cdesouza-chromium

[cdesouza-chromium]

We don't need the reinterpret_cast here. It should be something like:

auto data = base::as_string_view(base::span(all_suffixes));

[cdesouza-chromium]

Example corrected above. But I suspect it could be even simpler as base::as_string_view(all_suffixes);. You're gonna need to test.

[atuchin-m]

There is no as_string_view() in base::span<const uint8_t>. It's available only for span`

[cdesouza-chromium]

Are these ops safe? Is there any chance this could overflow?

[cdesouza-chromium]

We are doing double searches with suffix_arrays[index] being repeated twice.

[zenparsing]

This is pretty tricky code. TBH, I'm leaning towards preferring the simpler current approach for now. What would you think about leaving as-is for a couple of releases, and then introducing the optimization later, if necessary?

Also, since we're changing the file format, we're going to need another pref migration to reset the fetch timer.