| blob | 43233cab4d61029df05e6b51cac2f462f011e23e |
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: sw=4 ts=4 et :
3 */
4 /* This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
23 // Undo the damage done by mozzconf.h
24 #undef compress
26 /*
27 * IPC design:
28 *
29 * There are three kinds of messages: async, sync, and intr. Sync and intr
30 * messages are blocking. Only intr and high-priority sync messages can nest.
31 *
32 * Terminology: To dispatch a message Foo is to run the RecvFoo code for
33 * it. This is also called "handling" the message.
34 *
35 * Sync messages have priorities while async and intr messages always have
36 * normal priority. The three possible priorities are normal, high, and urgent.
37 * The intended uses of these priorities are:
38 * NORMAL - most messages.
39 * HIGH - CPOW-related messages, which can go in either direction.
40 * URGENT - messages where we don't want to dispatch
41 * incoming CPOWs while waiting for the response.
42 *
43 * To avoid jank, the parent process is not allowed to send sync messages of
44 * normal priority. The parent also is not allowed to send urgent messages at
45 * all. When a process is waiting for a response to a sync message M0, it will
46 * dispatch an incoming message M if:
47 * 1. M has a higher priority than M0, or
48 * 2. if M has the same priority as M0 and we're in the child, or
49 * 3. if M has the same priority as M0 and it was sent by the other side
50 while dispatching M0 (nesting).
51 * The idea is that higher priority messages should take precendence, and we
52 * also want to allow nesting. The purpose of rule 2 is to handle a race where
53 * both processes send to each other simultaneously. In this case, we resolve
54 * the race in favor of the parent (so the child dispatches first).
55 *
56 * Sync messages satisfy the following properties:
57 * A. When waiting for a response to a sync message, we won't dispatch any
58 * messages of lower priority.
59 * B. Sync messages of the same priority will be dispatched roughly in the
60 * order they were sent. The exception is when the parent and child send
61 * sync messages to each other simulataneously. In this case, the parent's
62 * message is dispatched first. While it is dispatched, the child may send
63 * further nested messages, and these messages may be dispatched before the
64 * child's original message. We can consider ordering to be preserved here
65 * because we pretend that the child's original message wasn't sent until
66 * after the parent's message is finished being dispatched.
67 *
68 * Intr messages are blocking but not prioritized. While waiting for an intr
69 * response, all incoming messages are dispatched until a response is
70 * received. Intr messages also can be nested. When two intr messages race with
71 * each other, a similar scheme is used to ensure that one side wins. The
72 * winning side is chosen based on the message type.
73 *
74 * Intr messages differ from sync messages in that, while sending an intr
75 * message, we may dispatch an async message. This causes some additional
76 * complexity. One issue is that replies can be received out of order. It's also
77 * more difficult to determine whether one message is nested inside
78 * another. Consequently, intr handling uses mOutOfTurnReplies and
79 * mRemoteStackDepthGuess, which are not needed for sync messages.
80 */
92 {
95 };
97 #define IPC_ASSERT(_cond, ...) \
98 do { \
99 if (!(_cond)) \
100 DebugAbort(__FILE__, __LINE__, #_cond,## __VA_ARGS__); \
101 } while (0)
110 // static
113 enum Direction
114 {
115 IN_MESSAGE,
116 OUT_MESSAGE
117 };
120 {
122 enum Semantics
123 {
124 INTR_SEMS,
125 SYNC_SEMS,
126 ASYNC_SEMS
127 };
135 ASYNC_SEMS),
138 {
140 }
143 {
152 }
155 {
160 }
163 {
168 }
171 {
173 }
176 {
178 }
183 }
187 {
194 }
199 Semantics mMesageSemantics;
200 Direction mDirection;
203 // Disable harmful methods.
206 };
209 {
213 {
230 }
244 // mListener could have gone away if Close() was called while
245 // MessageChannel code was still on the stack
257 }
261 // Disable harmful methods.
265 };
272 MOZ_GUARD_OBJECT_NOTIFIER_PARAM)
274 {
275 MOZ_GUARD_OBJECT_NOTIFIER_INIT;
278 }
279 }
283 }
284 }
286 MOZ_DECL_USE_GUARD_OBJECT_NOTIFIER
288 };
320 {
323 #ifdef OS_WIN
326 #endif
336 #ifdef OS_WIN
339 #endif
340 }
343 {
346 #ifdef OS_WIN
349 #endif
351 }
353 static void
355 {
360 }
362 bool
364 {
367 // The transport layer allows us to send messages before
368 // receiving the "connected" ack from the remote side.
370 }
372 bool
374 {
377 }
380 }
382 void
384 {
385 // Don't clear mWorkerLoopID; we use it in AssertLinkThread() and
386 // AssertWorkerThread().
387 //
388 // Also don't clear mListener. If we clear it, then sending a message
389 // through this channel after it's Clear()'ed can cause this process to
390 // crash.
391 //
392 // In practice, mListener owns the channel, so the channel gets deleted
393 // before mListener. But just to be safe, mListener is a weak pointer.
406 }
408 // Free up any memory used by pending messages.
414 }
415 }
417 bool
419 {
430 }
432 bool
434 {
435 // Opens a connection to another thread in the same process.
437 // This handshake proceeds as follows:
438 // - Let A be the thread initiating the process (either child or parent)
439 // and B be the other thread.
440 // - A spawns thread for B, obtaining B's message loop
441 // - A creates ProtocolChild and ProtocolParent instances.
442 // Let PA be the one appropriate to A and PB the side for B.
443 // - A invokes PA->Open(PB, ...):
444 // - set state to mChannelOpening
445 // - this will place a work item in B's worker loop (see next bullet)
446 // and then spins until PB->mChannelState becomes mChannelConnected
447 // - meanwhile, on PB's worker loop, the work item is removed and:
448 // - invokes PB->SlaveOpen(PA, ...):
449 // - sets its state and that of PA to Connected
460 }
467 FROM_HERE,
474 }
476 void
478 {
479 // Invoked when the other side has begun the open.
494 }
496 void
498 {
503 }
505 bool
507 {
514 }
521 }
525 }
527 bool
529 {
538 }
544 }
547 }
549 bool
551 {
557 {
558 // :TODO: Sort out Close() on this side racing with Close() on the
559 // other side
564 }
566 }
568 }
570 bool
572 {
573 // Never defer messages that have the highest priority, even async
574 // ones. This is safe because only the child can send these messages, so
575 // they can never nest.
579 // Unless they're urgent, we always defer async messages.
583 }
588 // Always defer if the priority of the incoming message is less than the
589 // priority of the message we're awaiting.
593 // Never defer if the message has strictly greater priority.
597 // When both sides send sync messages of the same priority, we resolve the
598 // race by dispatching in the child and deferring the incoming message in
599 // the parent. However, the parent still needs to dispatch nested sync
600 // messages.
601 //
602 // Deferring in the parent only sort of breaks message ordering. When the
603 // child's message comes in, we can pretend the child hasn't quite
604 // finished sending it yet. Since the message is sync, we know that the
605 // child hasn't moved on yet.
607 }
609 void
611 {
618 // Regardless of the Interrupt stack, if we're awaiting a sync reply,
619 // we know that it needs to be immediately handled to unblock us.
622 // Drop the message, but allow future sync messages to be sent.
625 }
630 // Rather than storing errors in mRecvd, we mark them in
631 // mRecvdErrors. We need a counter because multiple replies can arrive
632 // when a timeout happens, as in the following example. Imagine the
633 // child is running slowly. The parent sends a sync message P1. It times
634 // out. The child eventually sends a sync message C1. While waiting for
635 // the C1 response, the child dispatches P1. In doing so, it sends sync
636 // message C2. At that point, it's valid for the parent to send error
637 // responses for both C1 and C2.
639 mRecvdErrors++;
642 }
647 }
649 // Prioritized messages cannot be compressed.
656 // This message type has compression enabled, and the back of the
657 // queue was the same message type and routed to the same destination.
658 // Replace it with the newer message.
661 }
667 // There are three cases we're concerned about, relating to the state of the
668 // main thread:
669 //
670 // (1) We are waiting on a sync reply - main thread is blocked on the
671 // IPC monitor.
672 // - If the message is high priority, we wake up the main thread to
673 // deliver the message depending on ShouldDeferMessage. Otherwise, we
674 // leave it in the mPending queue, posting a task to the main event
675 // loop, where it will be processed once the synchronous reply has been
676 // received.
677 //
678 // (2) We are waiting on an Interrupt reply - main thread is blocked on the
679 // IPC monitor.
680 // - Always notify and wake up the main thread.
681 //
682 // (3) We are not waiting on a reply.
683 // - We post a task to the main event loop.
684 //
685 // Note that, we may notify the main thread even though the monitor is not
686 // blocked. This is okay, since we always check for pending events before
687 // blocking again.
694 // Worker thread is either not blocked on a reply, or this is an
695 // incoming Interrupt that raced with outgoing sync, and needs to be
696 // deferred to a later event-loop iteration.
698 // If we compressed away the previous message, we'll re-use
699 // its pending task.
701 }
702 }
703 }
705 bool
707 {
708 // See comment in DispatchSyncMessage.
711 // Sanity checks.
718 #ifdef OS_WIN
720 #endif
727 // Don't bother sending another sync message if a previous one timed out
728 // and we haven't received a reply for it. Once the original timed-out
729 // message receives a reply, we'll be able to send more sync messages
730 // again.
732 }
750 }
767 // Loop until there aren't any more priority messages to process.
777 }
778 it++;
779 }
784 // Processing these messages could result in more messages, so we
785 // loop around to check for more afterwards.
788 }
790 // See if we've received a reply.
792 mRecvdErrors--;
794 }
806 }
815 }
817 // We only time out a message if it initiated a new transaction (i.e.,
818 // if neither side has any other message Sends on the stack).
823 }
824 }
827 }
829 bool
831 {
835 #ifdef OS_WIN
837 #endif
839 // This must come before MonitorAutoLock, as its destructor acquires the
840 // monitor lock.
847 }
849 // Sanity checks.
865 // if a handler invoked by *Dispatch*() spun a nested event
866 // loop, and the connection was broken during that loop, we
867 // might have already processed the OnError event. if so,
868 // trying another loop iteration will be futile because
869 // channel state will have been cleared
873 }
875 // Now might be the time to process a message deferred because of race
876 // resolution.
879 // Wait for an event to occur.
883 // We might have received a "subtly deferred" message in a nested
884 // loop that it's now time to process.
887 {
889 }
893 }
895 Message recvd;
900 {
907 // because of subtleties with nested event loops, it's possible
908 // that we got here and nothing happened. or, we might have a
909 // deferred in-call that needs to be processed. either way, we
910 // won't break the inner while loop again until something new
911 // happens.
913 }
915 // If the message is not Interrupt, we can dispatch it as normal.
917 {
922 }
926 }
928 }
930 // If the message is an Interrupt reply, either process it as a reply to our
931 // call, or add it to the list of out-of-turn replies we've received.
935 // If this is not a reply the call we've initiated, add it to our
936 // out-of-turn replies and keep polling for events.
937 {
940 // Note, In the parent, sequence numbers increase from 0, and
941 // in the child, they decrease from 0.
944 {
947 }
953 }
955 // We received a reply to our most recent outstanding call. Pop
956 // this frame and return the reply.
962 }
964 // If we have no more pending out calls waiting on replies, then
965 // the reply queue should be empty.
971 }
973 // Dispatch an Interrupt in-call. Snapshot the current stack depth while we
974 // own the monitor.
976 {
981 }
985 }
986 }
989 }
991 bool
993 {
994 #ifdef OS_WIN
996 #endif
1003 }
1006 }
1007 }
1010 }
1012 bool
1014 {
1018 }
1020 bool
1022 {
1032 }
1034 bool
1036 {
1040 // Note that it is possible we could have sent a sync message at
1041 // the same time the parent process sent an urgent message, and
1042 // therefore mPendingUrgentRequest is set *and* mRecvd is set as
1043 // well, because the link thread received both before the worker
1044 // thread woke up.
1045 //
1046 // In this case, we process the urgent message first, but we need
1047 // to save the reply.
1050 {
1051 // In order to send the parent RPC messages and guarantee it will
1052 // wake up, we must re-use its transaction.
1057 }
1061 }
1063 // In between having dispatched our reply to the parent process, and
1064 // re-acquiring the monitor, the parent process could have already
1065 // processed that reply and sent the reply to our sync message. If so,
1066 // our saved reply should be empty.
1071 }
1073 bool
1075 {
1082 }
1093 }
1095 bool
1097 {
1101 Message recvd;
1108 // We probably just received a reply in a nested loop for an
1109 // Interrupt call sent before entering that loop.
1112 }
1114 {
1115 // We should not be in a transaction yet if we're not blocked.
1123 }
1125 }
1127 void
1129 {
1137 else
1139 }
1141 void
1143 {
1150 // We don't want to run any code that might run a nested event loop here, so
1151 // we avoid running event handlers. Once we've sent the response to the
1152 // urgent message, it's okay to run event handlers again since the parent is
1153 // no longer blocked.
1165 Result rv;
1167 // If the other side sends a message in response to one of our messages
1168 // that we've timed out, then we reply with an error.
1169 //
1170 // We even reject messages that were sent before the other side even got
1171 // to our timed out message.
1178 }
1186 }
1193 }
1194 }
1196 void
1198 {
1204 }
1206 Result rv;
1207 {
1212 }
1214 }
1216 void
1218 {
1224 // Race detection: see the long comment near mRemoteStackDepthGuess in
1225 // MessageChannel.h. "Remote" stack depth means our side, and "local" means
1226 // the other side.
1228 // Interrupt in-calls have raced. The winner, if there is one, gets to defer
1229 // processing of the other side's in-call.
1234 {
1249 }
1254 winner,
1256 }
1259 // We now know the other side's stack has one more frame
1260 // than we thought.
1264 }
1266 // We "lost" and need to process the other side's in-call. Don't need
1267 // to fix up the mRemoteStackDepthGuess here, because we're just about
1268 // to increment it in DispatchCall(), which will make it correct again.
1269 }
1271 #ifdef OS_WIN
1273 #endif
1286 }
1292 }
1293 }
1295 void
1297 {
1306 // the other side can only *under*-estimate our actual stack depth
1313 // maybe time to process this message
1317 // fix up fudge factor we added to account for race
1323 }
1325 void
1327 {
1331 {
1341 }
1342 }
1345 }
1347 void
1349 {
1353 // see long comment in OnMaybeDequeueOne()
1356 }
1357 }
1359 void
1361 {
1369 }
1371 // XXX performance tuning knob: could process all or k pending
1372 // messages here, rather than enqueuing for later processing
1376 }
1377 }
1381 {
1384 }
1386 bool
1388 {
1391 // We've really timed out this time.
1393 }
1394 // Try a second time.
1398 }
1400 }
1402 #ifndef OS_WIN
1403 bool
1405 {
1407 PR_INTERVAL_NO_TIMEOUT :
1409 // XXX could optimize away this syscall for "no timeout" case if desired
1414 // If the timeout didn't expire, we know we received an event. The
1415 // converse is not true.
1417 }
1419 bool
1421 {
1423 }
1425 void
1427 {
1429 }
1430 #endif
1432 bool
1434 {
1439 {
1442 }
1448 }
1451 }
1454 }
1456 void
1458 {
1459 // Set channel timeout value. Since this is broken up into
1460 // two period, the minimum timeout value is 2ms.
1463 ? kNoTimeout
1465 }
1467 void
1469 {
1474 }
1476 void
1478 {
1483 }
1485 void
1487 {
1490 }
1492 void
1494 {
1518 }
1524 }
1526 bool
1528 {
1544 errorMsg = "Processing error: message was deserialized, but the handler returned false (indicating failure)";
1556 }
1568 }
1570 void
1572 {
1585 }
1588 }
1591 }
1593 void
1595 {
1598 // TODO sort out Close() on this side racing with Close() on the other side
1600 // the channel closed, but we received a "Goodbye" message warning us
1601 // about it. no worries
1605 }
1607 // Oops, error! Let the listener know about it.
1611 }
1613 void
1615 {
1621 // OnChannelError holds mMonitor when it posts this task and this
1622 // task cannot be allowed to run until OnChannelError has
1623 // exited. We enforce that order by grabbing the mutex here which
1624 // should only continue once OnChannelError has completed.
1625 {
1627 // nothing to do here
1628 }
1631 mChannelErrorTask =
1633 // 10 ms delay is completely arbitrary
1636 }
1639 }
1641 void
1643 {
1649 // This must be the last code that runs on this thread!
1650 mChannelErrorTask =
1653 }
1655 // Special async message.
1657 {
1661 {
1662 }
1665 }
1668 }
1669 };
1671 void
1673 {
1679 }
1681 void
1683 {
1689 }
1693 }
1695 void
1697 {
1703 }
1706 }
1708 void
1710 {
1713 }
1715 void
1717 {
1720 {
1724 // See bug 538586: if the listener gets deleted while the
1725 // IO thread's NotifyChannelError event is still enqueued
1726 // and subsequently deletes us, then the error event will
1727 // also be deleted and the listener will never be notified
1728 // of the channel error.
1732 }
1734 }
1737 // SynchronouslyClose() waits for an ack from the other side, so
1738 // the opening sequence should complete before this returns.
1743 }
1746 // XXX be strict about this until there's a compelling reason
1747 // to relax
1749 }
1751 // notify the other side that we're about to close our socket
1754 }
1757 }
1759 void
1761 {
1767 // OK, the IO thread just closed the channel normally. Let the
1768 // listener know about it.
1772 }
1774 void
1778 {
1783 why,
1785 // technically we need the mutex for this, but we're dying anyway
1788 mRemoteStackDepthGuess);
1803 }
1806 }
1808 void
1810 {
1816 // print a python-style backtrace, first frame to last
1826 }
1827 }
1829 bool
1831 {
1833 }