1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef PPAPI_SHARED_IMPL_PROXY_LOCK_H_
6 #define PPAPI_SHARED_IMPL_PROXY_LOCK_H_
8 #include "base/basictypes.h"
10 #include "base/callback.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/threading/thread_checker.h"
14 #include "ppapi/shared_impl/ppapi_shared_export.h"
26 // This is the one lock to rule them all for the ppapi proxy. All PPB interface
27 // functions that need to be synchronized should lock this lock on entry. This
28 // is normally accomplished by using an appropriate Enter RAII object at the
29 // beginning of each thunk function.
31 // TODO(dmichael): If this turns out to be too slow and contentious, we'll want
32 // to use multiple locks. E.g., one for the var tracker, one for the resource
34 class PPAPI_SHARED_EXPORT ProxyLock
{
36 // Return the global ProxyLock. Normally, you should not access this
37 // directly but instead use ProxyAutoLock or ProxyAutoUnlock. But sometimes
38 // you need access to the ProxyLock, for example to create a condition
40 static base::Lock
* Get();
42 // Acquire the proxy lock. If it is currently held by another thread, block
43 // until it is available. If the lock has not been set using the 'Set' method,
44 // this operation does nothing. That is the normal case for the host side;
45 // see PluginResourceTracker for where the lock gets set for the out-of-
46 // process plugin case.
47 static void Acquire();
48 // Relinquish the proxy lock. If the lock has not been set, this does nothing.
49 static void Release();
51 // Assert that the lock is owned by the current thread (in the plugin
52 // process). Does nothing when running in-process (or in the host process).
53 static void AssertAcquired();
54 static void AssertAcquiredDebugOnly() {
60 // We have some unit tests where one thread pretends to be the host and one
61 // pretends to be the plugin. This allows the lock to do nothing on only one
62 // thread to support these tests. See TwoWayTest for more information.
63 class PPAPI_SHARED_EXPORT LockingDisablerForTest
{
65 LockingDisablerForTest();
66 ~LockingDisablerForTest();
70 friend class content::HostGlobals
;
71 // On the host side, we do not lock. This must be called at most once at
72 // startup, before other threads that may access the ProxyLock have had a
74 static void DisableLocking();
76 DISALLOW_IMPLICIT_CONSTRUCTORS(ProxyLock
);
79 // A simple RAII class for locking the PPAPI proxy lock on entry and releasing
80 // on exit. This is for simple interfaces that don't use the 'thunk' system,
81 // such as PPB_Var and PPB_Core.
84 ProxyAutoLock() { ProxyLock::Acquire(); }
85 ~ProxyAutoLock() { ProxyLock::Release(); }
88 DISALLOW_COPY_AND_ASSIGN(ProxyAutoLock
);
91 // The inverse of the above; unlock on construction, lock on destruction. This
92 // is useful for calling out to the plugin, when we need to unlock but ensure
93 // that we re-acquire the lock when the plugin is returns or raises an
95 class ProxyAutoUnlock
{
97 ProxyAutoUnlock() { ProxyLock::Release(); }
98 ~ProxyAutoUnlock() { ProxyLock::Acquire(); }
101 DISALLOW_COPY_AND_ASSIGN(ProxyAutoUnlock
);
104 // A set of function template overloads for invoking a function pointer while
105 // the ProxyLock is unlocked. This assumes that the luck is held.
106 // CallWhileUnlocked unlocks the ProxyLock just before invoking the given
107 // function. The lock is immediately re-acquired when the invoked function
108 // function returns. CallWhileUnlocked returns whatever the given function
112 // *result = CallWhileUnlocked(ppp_input_event_impl_->HandleInputEvent,
114 // resource->pp_resource());
115 template <class ReturnType
>
116 ReturnType
CallWhileUnlocked(ReturnType (*function
)()) {
117 ProxyAutoUnlock unlock
;
120 // Note we use 2 types for the params, even though for the most part we expect
121 // A1 to match P1. We let the compiler determine if P1 can convert safely to
122 // A1. This allows callers to avoid having to do things like
123 // const_cast to add const.
124 template <class ReturnType
, class A1
, class P1
>
125 ReturnType
CallWhileUnlocked(ReturnType (*function
)(A1
), const P1
& p1
) {
126 ProxyAutoUnlock unlock
;
129 template <class ReturnType
, class A1
, class A2
, class P1
, class P2
>
130 ReturnType
CallWhileUnlocked(ReturnType (*function
)(A1
, A2
),
133 ProxyAutoUnlock unlock
;
134 return function(p1
, p2
);
136 template <class ReturnType
, class A1
, class A2
, class A3
, class P1
, class P2
,
138 ReturnType
CallWhileUnlocked(ReturnType (*function
)(A1
, A2
, A3
),
142 ProxyAutoUnlock unlock
;
143 return function(p1
, p2
, p3
);
145 template <class ReturnType
, class A1
, class A2
, class A3
, class A4
, class P1
,
146 class P2
, class P3
, class P4
>
147 ReturnType
CallWhileUnlocked(ReturnType (*function
)(A1
, A2
, A3
, A4
),
152 ProxyAutoUnlock unlock
;
153 return function(p1
, p2
, p3
, p4
);
155 template <class ReturnType
, class A1
, class A2
, class A3
, class A4
, class A5
,
156 class P1
, class P2
, class P3
, class P4
, class P5
>
157 ReturnType
CallWhileUnlocked(ReturnType (*function
)(A1
, A2
, A3
, A4
, A5
),
163 ProxyAutoUnlock unlock
;
164 return function(p1
, p2
, p3
, p4
, p5
);
166 void PPAPI_SHARED_EXPORT
CallWhileUnlocked(const base::Closure
& closure
);
170 template <typename RunType
>
171 class RunWhileLockedHelper
;
173 // A helper class to ensure that a callback is always run and destroyed while
174 // the ProxyLock is held. A callback that is bound with ref-counted Var or
175 // Resource parameters may invoke methods on the VarTracker or the
176 // ResourceTracker in its destructor, and these require the ProxyLock.
178 class RunWhileLockedHelper
<void()> {
180 typedef base::Callback
<void()> CallbackType
;
181 explicit RunWhileLockedHelper(const CallbackType
& callback
)
182 : callback_(new CallbackType(callback
)) {
183 // CallWhileLocked and destruction might happen on a different thread from
185 thread_checker_
.DetachFromThread();
187 static void CallWhileLocked(scoped_ptr
<RunWhileLockedHelper
> ptr
) {
188 // Bind thread_checker_ to this thread so we can check in the destructor.
189 // *If* the callback gets invoked, it's important that RunWhileLockedHelper
190 // is destroyed on the same thread (see the comments in the destructor).
191 DCHECK(ptr
->thread_checker_
.CalledOnValidThread());
194 // Use a scope and local Callback to ensure that the callback is cleared
195 // before the lock is released, even in the unlikely event that Run()
196 // throws an exception.
197 scoped_ptr
<CallbackType
> temp_callback(ptr
->callback_
.Pass());
198 temp_callback
->Run();
202 ~RunWhileLockedHelper() {
203 // Check that the Callback is destroyed on the same thread as where
204 // CallWhileLocked happened if CallWhileLocked happened. If we weren't
205 // invoked, thread_checked_ isn't bound to a thread.
206 DCHECK(thread_checker_
.CalledOnValidThread());
207 // Here we read callback_ without the lock. This is why the callback must be
208 // destroyed on the same thread where it runs. Note that callback_ will be
209 // NULL if it has already been run via CallWhileLocked. In this case,
210 // there's no need to acquire the lock, because we don't touch any shared
213 // If the callback was *not* run, we're in a case where the task queue
214 // we got pushed to has been destroyed (e.g., the thread is shut down and
215 // its MessageLoop destroyed before all tasks have run.)
217 // We still need to have the lock when we destroy the callback:
218 // - Because Resource and Var inherit RefCounted (not
219 // ThreadSafeRefCounted).
220 // - Because if the callback owns the last ref to a Resource, it will
221 // call the ResourceTracker and also the Resource's destructor, which
222 // both require the ProxyLock.
229 DISALLOW_COPY_AND_ASSIGN(RunWhileLockedHelper
);
230 scoped_ptr
<CallbackType
> callback_
;
232 // Used to ensure that the Callback is run and deleted on the same thread.
233 base::ThreadChecker thread_checker_
;
236 template <typename P1
>
237 class RunWhileLockedHelper
<void(P1
)> {
239 typedef base::Callback
<void(P1
)> CallbackType
;
240 explicit RunWhileLockedHelper(const CallbackType
& callback
)
241 : callback_(new CallbackType(callback
)) {
242 thread_checker_
.DetachFromThread();
244 static void CallWhileLocked(scoped_ptr
<RunWhileLockedHelper
> ptr
, P1 p1
) {
245 DCHECK(ptr
->thread_checker_
.CalledOnValidThread());
248 scoped_ptr
<CallbackType
> temp_callback(ptr
->callback_
.Pass());
249 temp_callback
->Run(p1
);
252 ~RunWhileLockedHelper() {
253 DCHECK(thread_checker_
.CalledOnValidThread());
261 DISALLOW_COPY_AND_ASSIGN(RunWhileLockedHelper
);
262 scoped_ptr
<CallbackType
> callback_
;
263 base::ThreadChecker thread_checker_
;
266 template <typename P1
, typename P2
>
267 class RunWhileLockedHelper
<void(P1
, P2
)> {
269 typedef base::Callback
<void(P1
, P2
)> CallbackType
;
270 explicit RunWhileLockedHelper(const CallbackType
& callback
)
271 : callback_(new CallbackType(callback
)) {
272 thread_checker_
.DetachFromThread();
274 static void CallWhileLocked(
275 scoped_ptr
<RunWhileLockedHelper
> ptr
, P1 p1
, P2 p2
) {
276 DCHECK(ptr
->thread_checker_
.CalledOnValidThread());
279 scoped_ptr
<CallbackType
> temp_callback(ptr
->callback_
.Pass());
280 temp_callback
->Run(p1
, p2
);
283 ~RunWhileLockedHelper() {
284 DCHECK(thread_checker_
.CalledOnValidThread());
292 DISALLOW_COPY_AND_ASSIGN(RunWhileLockedHelper
);
293 scoped_ptr
<CallbackType
> callback_
;
294 base::ThreadChecker thread_checker_
;
297 template <typename P1
, typename P2
, typename P3
>
298 class RunWhileLockedHelper
<void(P1
, P2
, P3
)> {
300 typedef base::Callback
<void(P1
, P2
, P3
)> CallbackType
;
301 explicit RunWhileLockedHelper(const CallbackType
& callback
)
302 : callback_(new CallbackType(callback
)) {
303 thread_checker_
.DetachFromThread();
305 static void CallWhileLocked(
306 scoped_ptr
<RunWhileLockedHelper
> ptr
, P1 p1
, P2 p2
, P3 p3
) {
307 DCHECK(ptr
->thread_checker_
.CalledOnValidThread());
310 scoped_ptr
<CallbackType
> temp_callback(ptr
->callback_
.Pass());
311 temp_callback
->Run(p1
, p2
, p3
);
314 ~RunWhileLockedHelper() {
315 DCHECK(thread_checker_
.CalledOnValidThread());
323 DISALLOW_COPY_AND_ASSIGN(RunWhileLockedHelper
);
324 scoped_ptr
<CallbackType
> callback_
;
325 base::ThreadChecker thread_checker_
;
328 } // namespace internal
330 // RunWhileLocked wraps the given Callback in a new Callback that, when invoked:
331 // 1) Locks the ProxyLock.
332 // 2) Runs the original Callback (forwarding arguments, if any).
333 // 3) Clears the original Callback (while the lock is held).
334 // 4) Unlocks the ProxyLock.
335 // Note that it's important that the callback is cleared in step (3), in case
336 // clearing the Callback causes a destructor (e.g., for a Resource) to run,
337 // which should hold the ProxyLock to avoid data races.
339 // This is for cases where you want to run a task or store a Callback, but you
340 // want to ensure that the ProxyLock is acquired for the duration of the task
341 // that the Callback runs.
343 // GetMainThreadMessageLoop()->PostDelayedTask(
345 // RunWhileLocked(base::Bind(&CallbackWrapper, callback, result)),
348 // In normal usage like the above, this all should "just work". However, if you
349 // do something unusual, you may get a runtime crash due to deadlock. Here are
350 // the ways that the returned Callback must be used to avoid a deadlock:
351 // (1) copied to another Callback. After that, the original callback can be
352 // destroyed with or without the proxy lock acquired, while the newly assigned
353 // callback has to conform to these same restrictions. Or
354 // (2) run without proxy lock acquired (e.g., being posted to a MessageLoop
355 // and run there). The callback must be destroyed on the same thread where it
356 // was run (but can be destroyed with or without the proxy lock acquired). Or
357 // (3) destroyed without the proxy lock acquired.
358 template <class FunctionType
>
359 inline base::Callback
<FunctionType
> RunWhileLocked(
360 const base::Callback
<FunctionType
>& callback
) {
361 // NOTE: the reason we use "scoped_ptr" here instead of letting the callback
362 // own it via base::Owned is kind of subtle. Imagine for the moment that we
363 // call RunWhileLocked without the ProxyLock:
365 // base::Callback<void ()> local_callback = base::Bind(&Foo);
366 // some_task_runner.PostTask(FROM_HERE, RunWhileLocked(local_callback));
368 // In this case, since we don't have a lock synchronizing us, it's possible
369 // for the callback to run on the other thread before we return and destroy
370 // |local_callback|. The important thing here is that even though the other
371 // thread gets a copy of the callback, the internal "BindState" of the
372 // callback is refcounted and shared between all copies of the callback. So
373 // in that case, if we used base::Owned, we might delete RunWhileLockedHelper
374 // on this thread, which will violate the RunWhileLockedHelper's assumption
375 // that it is destroyed on the same thread where it is run.
376 scoped_ptr
<internal::RunWhileLockedHelper
<FunctionType
>> helper(
377 new internal::RunWhileLockedHelper
<FunctionType
>(callback
));
379 &internal::RunWhileLockedHelper
<FunctionType
>::CallWhileLocked
,
380 base::Passed(helper
.Pass()));
385 #endif // PPAPI_SHARED_IMPL_PROXY_LOCK_H_