| blob | 76ff54c3bc9eabacb5d4bb2ef57e93fc20bb9c48 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /**
8 * A set of structs for tracking exceptions that need to be thrown to JS:
9 * ErrorResult and IgnoredErrorResult.
10 *
11 * Conceptually, these structs represent either success or an exception in the
12 * process of being thrown. This means that a failing ErrorResult _must_ be
13 * handled in one of the following ways before coming off the stack:
14 *
15 * 1) Suppressed via SuppressException().
16 * 2) Converted to a pure nsresult return value via StealNSResult().
17 * 3) Converted to an actual pending exception on a JSContext via
18 * MaybeSetPendingException.
19 * 4) Converted to an exception JS::Value (probably to then reject a Promise
20 * with) via dom::ToJSValue.
21 *
22 * An IgnoredErrorResult will automatically do the first of those four things.
23 */
25 #ifndef mozilla_ErrorResult_h
26 #define mozilla_ErrorResult_h
28 #include <stdarg.h>
30 #include <new>
31 #include <utility>
60 #define MSG_DEF(_name, _argc, _has_context, _exn, _str) _name,
62 #undef MSG_DEF
63 Err_Limit
64 };
66 // Debug-only compile-time table of the number of arguments of each error, for
67 // use in static_assert.
68 #if defined(DEBUG) && (defined(__clang__) || defined(__GNUC__))
70 # define MSG_DEF(_name, _argc, _has_context, _exn, _str) _argc,
72 # undef MSG_DEF
73 };
74 #endif
76 // Table of whether various error messages want a context arg.
78 #define MSG_DEF(_name, _argc, _has_context, _exn, _str) _has_context,
80 #undef MSG_DEF
81 };
83 // Table of the kinds of exceptions error messages will produce.
85 #define MSG_DEF(_name, _argc, _has_context, _exn, _str) _exn,
87 #undef MSG_DEF
88 };
98 #if defined(DEBUG) && (defined(__clang__) || defined(__GNUC__))
101 #endif
105 }
111 "Must give at least as many string arguments as are "
113 }
115 // Allow passing nsAString/nsACString instances for our args.
121 "There should not be more string arguments provided than are "
124 }
127 }
129 // Also allow passing literal instances for our args.
135 "There should not be more string arguments provided than are "
138 }
141 }
142 };
155 /**
156 * Templated implementation class for various ErrorResult-like things. The
157 * instantiations differ only in terms of their cleanup policies (used in the
158 * destructor), which they can specify via the template argument. Note that
159 * this means it's safe to reinterpret_cast between the instantiations unless
160 * you plan to invoke the destructor through such a cast pointer.
161 *
162 * A cleanup policy consists of two booleans: whether to assert that we've been
163 * reported or suppressed, and whether to then go ahead and suppress the
164 * exception.
165 */
171 #ifdef DEBUG
172 ,
175 #endif
176 {
177 }
183 // Consumers should have called one of MaybeSetPendingException
184 // (possibly via ToJSValue), StealNSResult, and SuppressException
186 }
190 }
192 // And now assert that we're in a good final state.
194 }
197 // Initialize mResult and whatever else we need to default-initialize, so
198 // the ClearUnionData call in our operator= will do the right thing
199 // (nothing).
202 }
211 // This method is deprecated. Consumers should Throw*Error with the
212 // appropriate DOMException name if they are throwing a DOMException. If they
213 // have a random nsresult which may or may not correspond to a DOMException
214 // type, they should consider using an appropriate DOMException with an
215 // informative message and calling the relevant Throw*Error.
219 }
221 // Duplicate our current state on the given TErrorResult object. Any
222 // existing errors or messages on the target will be suppressed before
223 // cloning. Our own error state remains unchanged.
226 // Use SuppressException when you want to suppress any exception that might be
227 // on the TErrorResult. After this call, the TErrorResult will be back a "no
228 // exception thrown" state.
231 // Use StealNSResult() when you want to safely convert the TErrorResult to
232 // an nsresult that you will then return to a caller. This will
233 // SuppressException(), since there will no longer be a way to report it.
237 // Don't propagate out our internal error codes that have special meaning.
242 // What to pick here?
244 }
247 }
249 // Use MaybeSetPendingException to convert a TErrorResult to a pending
250 // exception on the given JSContext. This is the normal "throw an exception"
251 // codepath.
252 //
253 // The return value is false if the TErrorResult represents success, true
254 // otherwise. This does mean that in JSAPI method implementations you can't
255 // just use this as |return rv.MaybeSetPendingException(cx)| (though you could
256 // |return !rv.MaybeSetPendingException(cx)|), but in practice pretty much any
257 // consumer would want to do some more work on the success codepath. So
258 // instead the way you use this is:
259 //
260 // if (rv.MaybeSetPendingException(cx)) {
261 // bail out here
262 // }
263 // go on to do something useful
264 //
265 // The success path is inline, since it should be the common case and we don't
266 // want to pay the price of a function call in some of the consumers of this
267 // method in the common case.
268 //
269 // Note that a true return value does NOT mean there is now a pending
270 // exception on aCx, due to uncatchable exceptions. It should still be
271 // considered equivalent to a JSAPI failure in terms of what callers should do
272 // after true is returned.
273 //
274 // After this call, the TErrorResult will no longer return true from Failed(),
275 // since the exception will have moved to the JSContext.
276 //
277 // If "context" is not null and our exception has a useful message string, the
278 // string "%s: ", with the value of "context" replacing %s, will be prepended
279 // to the message string. The passed-in string must be ASCII.
285 }
289 }
291 // Use StealExceptionFromJSContext to convert a pending exception on a
292 // JSContext to a TErrorResult. This function must be called only when a
293 // JSAPI operation failed. It assumes that lack of pending exception on the
294 // JSContext means an uncatchable exception was thrown.
295 //
296 // Codepaths that might call this method must call MightThrowJSException even
297 // if the relevant JSAPI calls do not fail.
298 //
299 // When this function returns, JS_IsExceptionPending(cx) will definitely be
300 // false.
304 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG
310 }
312 // To be used when throwing a TypeError with a completely custom
313 // message string that's only used in one spot.
317 }
319 // To be used when throwing a TypeError with a completely custom
320 // message string that's a string literal that's only used in one spot.
322 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG
325 }
328 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG
334 }
336 // To be used when throwing a RangeError with a completely custom
337 // message string that's only used in one spot.
341 }
343 // To be used when throwing a RangeError with a completely custom
344 // message string that's a string literal that's only used in one spot.
346 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG
349 }
354 }
356 // Facilities for throwing a preexisting JS exception value via this
357 // TErrorResult. The contract is that any code which might end up calling
358 // ThrowJSException() or StealExceptionFromJSContext() must call
359 // MightThrowJSException() even if no exception is being thrown. Code that
360 // conditionally calls ToJSValue on this TErrorResult only if Failed() must
361 // first call WouldReportJSException even if this TErrorResult has not failed.
362 //
363 // The exn argument to ThrowJSException can be in any compartment. It does
364 // not have to be in the compartment of cx. If someone later uses it, they
365 // will wrap it into whatever compartment they're working in, as needed.
366 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG
370 }
372 // Facilities for throwing DOMExceptions of whatever type a spec calls for.
373 // If an empty message string is passed to one of these Throw*Error functions,
374 // the default message string for the relevant type of DOMException will be
375 // used. The passed-in string must be UTF-8.
376 #define DOMEXCEPTION(name, err) \
377 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG Throw##name( \
378 const nsACString& aMessage) { \
379 ThrowDOMException(err, aMessage); \
380 } \
381 \
382 template <int N> \
383 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG Throw##name( \
384 const char(&aMessage)[N]) { \
385 ThrowDOMException(err, aMessage); \
386 }
390 #undef DOMEXCEPTION
394 }
396 // Flag on the TErrorResult that whatever needs throwing has been
397 // thrown on the JSContext already and we should not mess with it.
398 // If nothing was thrown, this becomes an uncatchable exception.
399 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG
402 // Check whether the TErrorResult says to just throw whatever is on
403 // the JSContext already.
406 }
408 // Support for uncatchable exceptions.
411 }
414 }
417 #ifdef DEBUG
419 #endif
420 }
422 #ifdef DEBUG
424 #endif
425 }
427 // In the future, we can add overloads of Throw that take more
428 // interesting things, like strings or DOM exception types or
429 // something if desired.
431 // Backwards-compat to make conversion simpler. We don't call
432 // Throw() here because people can easily pass success codes to
433 // this. This operator is deprecated and ideally shouldn't be used.
440 // For use in logging ONLY.
448 // Helper methods for throwing DOMExceptions, for now. We can try to get rid
449 // of these once EME code is fixed to not use them and we decouple
450 // DOMExceptions from nsresult.
451 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG
454 // Same thing, but using a string literal.
456 void MOZ_MUST_RETURN_FROM_CALLER_IF_THIS_IS_ARG
459 }
461 // Allow Promise to call the above methods when it really needs to.
462 // Unfortunately, we can't have the definition of Promise here, so can't mark
463 // just it's MaybeRejectWithDOMException method as a friend. In any case,
464 // hopefully it's all temporary until we sort out the EME bits.
467 // Implementation of MaybeSetPendingException for the case when we're a
468 // failure result. See documentation of MaybeSetPendingException for the
469 // "context" argument.
473 #ifdef DEBUG
475 HasMessage,
476 HasDOMExceptionInfo,
477 HasJSException,
478 HasNothing
479 };
490 // Helper method that creates a new Message for this TErrorResult,
491 // and returns the arguments array from that Message.
493 nsresult errorType);
495 // Helper method to replace invalid UTF-8 characters with the replacement
496 // character. aValidUpTo is the number of characters that are known to be
497 // valid. The string might be truncated if we encounter an OOM error.
502 #if defined(DEBUG) && (defined(__clang__) || defined(__GNUC__))
507 #endif
515 // Insert an empty string arg at the beginning and reduce our arg count to
516 // still be appended accordingly.
523 }
530 }
531 }
532 #ifdef DEBUG
535 }
538 #ifdef DEBUG
541 }
542 #endif
543 }
562 }
567 // ClearUnionData will try to clear the data in our mExtra union. After this
568 // the union may be in an uninitialized state (e.g. mMessage or
569 // mDOMExceptionInfo may point to deleted memory, or mJSException may be a
570 // JS::Value containing an invalid gcthing) and the caller must either
571 // reinitialize it or change mResult to something that will not involve us
572 // touching the union anymore.
575 // Methods for setting various specific kinds of pending exceptions. See
576 // documentation of MaybeSetPendingException for the "context" argument.
586 }
588 // Special values of mResult:
589 // NS_ERROR_INTERNAL_ERRORRESULT_TYPEERROR -- ThrowTypeError() called on us.
590 // NS_ERROR_INTERNAL_ERRORRESULT_RANGEERROR -- ThrowRangeError() called on us.
591 // NS_ERROR_INTERNAL_ERRORRESULT_JS_EXCEPTION -- ThrowJSException() called
592 // on us.
593 // NS_ERROR_UNCATCHABLE_EXCEPTION -- ThrowUncatchableException called on us.
594 // NS_ERROR_INTERNAL_ERRORRESULT_DOMEXCEPTION -- ThrowDOMException() called
595 // on us.
596 nsresult mResult;
601 // mMessage is set by ThrowErrorWithMessage and reported (and deallocated)
602 // by SetPendingExceptionWithMessage.
603 MOZ_INIT_OUTSIDE_CTOR
606 // mJSException is set (and rooted) by ThrowJSException and reported (and
607 // unrooted) by SetPendingJSException.
608 MOZ_INIT_OUTSIDE_CTOR
611 // mDOMExceptionInfo is set by ThrowDOMException and reported (and
612 // deallocated) by SetPendingDOMException.
613 MOZ_INIT_OUTSIDE_CTOR
616 // |mJSException| has a non-trivial constructor and therefore MUST be
617 // placement-new'd into existence.
618 MOZ_PUSH_DISABLE_NONTRIVIAL_UNION_WARNINGS
620 MOZ_POP_DISABLE_NONTRIVIAL_UNION_WARNINGS
624 // The |new| here switches the active arm of |mExtra|, from the compiler's
625 // point of view. Mere assignment *won't* necessarily do the right thing!
628 }
631 // The |new| here switches the active arm of |mExtra|, from the compiler's
632 // point of view. Mere assignment *won't* necessarily do the right thing!
635 }
638 // The |new| here switches the active arm of |mExtra|, from the compiler's
639 // point of view. Mere assignment *won't* necessarily do the right thing!
642 }
644 #ifdef DEBUG
645 // Used to keep track of codepaths that might throw JS exceptions,
646 // for assertion purposes.
649 // Used to keep track of what's stored in our union right now. Note
650 // that this may be set to HasNothing even if our mResult suggests
651 // we should have something, if we have already cleaned up the
652 // something.
653 UnionState mUnionState;
655 // The thread that created this TErrorResult
656 NS_DECL_OWNINGTHREAD;
657 #endif
659 // Not to be implemented, to make sure people always pass this by
660 // reference, not by value.
669 };
675 };
681 };
687 };
691 // A class people should normally use on the stack when they plan to actually
692 // do something with the exception.
697 BaseErrorResult;
703 // Explicitly allow moving out of a CopyableErrorResult into an ErrorResult.
704 // This is implemented below so it can see the definition of
705 // CopyableErrorResult.
710 // This operator is deprecated and ideally shouldn't be used.
715 // Not to be implemented, to make sure people always pass this by
716 // reference, not by value.
719 };
725 }
733 }
735 // A class for use when an ErrorResult should just automatically be ignored.
736 // This doesn't inherit from ErrorResult so we don't make two separate calls to
737 // SuppressException.
741 // A class for use when an ErrorResult needs to be copied to a lambda, into
742 // an IPDL structure, etc. Since this will often involve crossing thread
743 // boundaries this class will assert if you try to copy a JS exception. Only
744 // use this if you are propagating internal errors. In general its best
745 // to use ErrorResult by default and only convert to a CopyableErrorResult when
746 // you need it.
747 class CopyableErrorResult
752 BaseErrorResult;
760 }
765 // We must not copy JS exceptions since it can too easily lead to
766 // off-thread use. Assert this and fall back to a generic error
767 // in release builds.
775 // We could avoid the cast here if we had a move constructor on
776 // TErrorResult templated on the cleanup policy type, but then we'd have
777 // to either inline the impl or force all possible instantiations or
778 // something. This is a bit simpler, and not that different from our copy
779 // constructor.
782 }
783 }
787 // This operator is deprecated and ideally shouldn't be used.
794 }
797 // We must not copy JS exceptions since it can too easily lead to
798 // off-thread use. Assert this and fall back to a generic error
799 // in release builds.
811 }
813 }
815 // Disallow implicit converstion to non-const ErrorResult&, because that would
816 // allow people to throw exceptions on us while bypassing our checks for JS
817 // exceptions.
820 // Allow conversion to ErrorResult&& so we can move out of ourselves into
821 // an ErrorResult.
825 }
826 };
834 getter,
835 setter,
836 };
842 };
855 }
865 }
868 }
869 };
873 // We want an OOMReporter class that has the following properties:
874 //
875 // 1) Can be cast to from any ErrorResult-like type.
876 // 2) Has a fast destructor (because we want to use it from bindings).
877 // 3) Won't be randomly instantiated by non-binding code (because the fast
878 // destructor is not so safe).
879 // 4) Doesn't look ugly on the callee side (e.g. isn't in the binding_detail or
880 // binding_danger namespace).
881 //
882 // We do this by creating a class that can't actually be constructed directly
883 // but can be cast to from ErrorResult-like types, both implicitly and
884 // explicitly.
889 }
891 // A method that turns a FastErrorResult into an OOMReporter, which we use in
892 // codegen to ensure that callees don't take an ErrorResult when they should
893 // only be taking an OOMReporter. The idea is that we can then just have a
894 // FastErrorResult on the stack and call this to produce the thing to pass to
895 // callees.
899 // TErrorResult is a friend so its |operator OOMReporter&()| can work.
904 };
910 }
912 // A class for use when an ErrorResult should just automatically be
913 // ignored. This is designed to be passed as a temporary only, like
914 // so:
915 //
916 // foo->Bar(IgnoreErrors());
923 // We don't use an ErrorResult member here so we don't make two separate calls
924 // to SuppressException (one from us, one from the ErrorResult destructor
925 // after asserting).
927 mInner;
930 /******************************************************************************
931 ** Macros for checking results
932 ******************************************************************************/
934 #define RETURN_NSRESULT_ON_FAILURE(res) \
935 do { \
936 (res).WouldReportJSException(); \
937 if ((res).Failed()) { \
938 NS_WARNING(nsPrintfCString( \
940 #res, (res).ErrorCodeAsInt()) \
941 .get()); \
942 return (res).StealNSResult(); \
943 } \
944 } while (0)