| blob | cc81e435ce6fed41e919c106ec535eb3b184fb3f |
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: sw=4 ts=4 et :
3 */
4 /* This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 #ifndef ipc_glue_MessageChannel_h
9 #define ipc_glue_MessageChannel_h 1
22 #include <deque>
23 #include <stack>
24 #include <math.h>
32 {
36 {}
42 };
45 {
63 // "Open" from the perspective of the transport layer; the underlying
64 // socketpair/pipe should already be created.
65 //
66 // Returns true if the transport layer was successfully connected,
67 // i.e., mChannelState == ChannelConnected.
70 // "Open" a connection to another thread in the same process.
71 //
72 // Returns true if the transport layer was successfully connected,
73 // i.e., mChannelState == ChannelConnected.
74 //
75 // For more details on the process of opening a channel between
76 // threads, see the extended comment on this function
77 // in MessageChannel.cpp.
80 // Close the underlying transport channel.
83 // Force the channel to behave as if a channel error occurred. Valid
84 // for process links only, not thread links.
90 {
92 }
94 // Misc. behavioral traits consumers can request for this channel
97 // Windows: if this channel operates on the UI thread, indicates
98 // WindowsMessageLoop code should enable deferred native message
99 // handling to prevent deadlocks. Should only be used for protocols
100 // that manage child processes which might create native UI, like
101 // plugins.
103 };
110 {
112 }
114 // Asynchronously send a message to the other side of the channel
117 // Asynchronously deliver a message back to this side of the
118 // channel
121 // Synchronously send |msg| (i.e., wait for |reply|)
124 // Make an Interrupt call to the other side of the channel
127 // Wait until a message is received
136 }
140 // Unsound_IsClosed and Unsound_NumQueuedMessages are safe to call from any
141 // thread, but they make no guarantees about whether you'll get an
142 // up-to-date value; the values are written on one thread and read without
143 // locking, on potentially different threads. Thus you should only use
144 // them when you don't particularly care about getting a recent value (e.g.
145 // in a memory report).
148 }
151 }
155 }
158 }
160 #ifdef OS_WIN
161 struct MOZ_STACK_CLASS SyncStackFrame
162 {
171 // The previous stack frame for this channel.
174 // The previous stack frame on any channel.
176 };
183 }
185 }
188 // The deepest sync stack frame for this channel.
193 // The deepest sync stack frame on any channel.
202 #endif
216 // Send OnChannelConnected notification to listeners.
227 // Executed on the worker thread. Dequeues one pending message.
231 // Dispatches an incoming message to its appropriate handler.
234 // DispatchMessage will route to one of these functions depending on the
235 // protocol type of the message.
242 // Return true if the wait ended because a notification was received.
243 //
244 // Return false if the time elapsed from when we started the process of
245 // waiting until afterwards exceeded the currently allotted timeout.
246 // That *DOES NOT* mean false => "no event" (== timeout); there are many
247 // circumstances that could cause the measured elapsed time to exceed the
248 // timeout EVEN WHEN we were notified.
249 //
250 // So in sum: true is a meaningful return value; false isn't,
251 // necessarily.
259 // The "remote view of stack depth" can be different than the
260 // actual stack depth when there are out-of-turn replies. When we
261 // receive one, our actual Interrupt stack depth doesn't decrease, but
262 // the other side (that sent the reply) thinks it has. So, the
263 // "view" returned here is |stackDepth| minus the number of
264 // out-of-turn replies.
265 //
266 // Only called from the worker thread.
270 }
275 }
277 // This helper class manages mCxxStackDepth on behalf of MessageChannel.
278 // When the stack depth is incremented from zero to non-zero, it invokes
279 // a callback, and similarly for when the depth goes from non-zero to zero.
282 }
288 }
292 }
296 }
300 }
304 }
310 // This method is only safe to call on the worker thread, or in a
311 // debugger with all threads paused.
315 // Called from both threads
319 }
321 // Returns true if we're blocking waiting for a reply.
325 }
329 }
333 }
337 }
339 class MOZ_STACK_CLASS AutoEnterWaitForIncoming
340 {
344 {
347 }
350 {
352 }
356 };
359 // Returns true if we're dispatching a sync message's callback.
363 }
368 }
373 }
378 }
383 // Executed on the IO thread.
386 // Return true if |aMsg| is a special message targeted at the IO
387 // thread, in which case it shouldn't be delivered to the worker.
392 // Tell the IO thread to close the channel and wait for it to ACK.
400 // Run on the not current thread.
405 // Can be run on either thread
407 {
410 }
412 // The "link" thread is either the I/O thread (ProcessLink) or the
413 // other actor's work thread (ThreadLink). In either case, it is
414 // NOT our worker thread.
416 {
419 }
426 // All dequeuing tasks require a single point of cancellation,
427 // which is handled via a reference-counted task.
428 class RefCountedTask
429 {
433 { }
444 };
446 // Wrap an existing task which can be cancelled at any time
447 // without the wrapper's knowledge.
449 {
453 { }
458 };
462 ChannelState mChannelState;
464 Side mSide;
469 // id() of mWorkerLoop. This persists even after mWorkerLoop is cleared
470 // during channel shutdown.
473 // A task encapsulating dequeuing one pending message.
476 // Timeout periods are broken up in two to prevent system suspension from
477 // triggering an abort. This method (called by WaitForEvent with a 'did
478 // timeout' flag) decides if we should wait again for half of mTimeoutMs
479 // or give up.
483 // Worker-thread only; sequence numbers for messages that require
484 // synchronous replies.
494 {
496 }
499 }
502 T mPrev;
503 };
505 // Worker thread only.
509 // Set while we are dispatching a synchronous message. Only for use on the
510 // worker thread.
517 // When we send an urgent request from the parent process, we could race
518 // with an RPC message that was issued by the child beforehand. In this
519 // case, if the parent were to wake up while waiting for the urgent reply,
520 // and process the RPC, it could send an additional urgent message. The
521 // child would wake up to process the urgent message (as it always will),
522 // then send a reply, which could be received by the parent out-of-order
523 // with respect to the first urgent reply.
524 //
525 // To address this problem, urgent or RPC requests are associated with a
526 // "transaction". Whenever one side of the channel wishes to start a
527 // chain of RPC/urgent messages, it allocates a new transaction ID. Any
528 // messages the parent receives, not apart of this transaction, are
529 // deferred. When issuing RPC/urgent requests on top of a started
530 // transaction, the initiating transaction ID is used.
531 //
532 // To ensure IDs are unique, we use sequence numbers for transaction IDs,
533 // which grow in opposite directions from child to parent.
535 // The current transaction ID.
538 class AutoEnterTransaction
539 {
544 {
548 }
552 {
561 }
565 }
570 };
572 // If a sync message times out, we store its sequence number here. Any
573 // future sync messages will fail immediately. Once the reply for original
574 // sync message is received, we allow sync messages again.
575 //
576 // When a message times out, nothing is done to inform the other side. The
577 // other side will eventually dispatch the message and send a reply. Our
578 // side is responsible for replying to all sync messages sent by the other
579 // side when it dispatches the timed out message. The response is always an
580 // error.
581 //
582 // A message is only timed out if it initiated a transaction. This avoids
583 // hitting a lot of corner cases with message nesting that we don't really
584 // care about.
587 // If waiting for the reply to a sync out-message, it will be saved here
588 // on the I/O thread and then read and cleared by the worker thread.
591 // If a sync message reply that is an error arrives, we increment this
592 // counter rather than storing it in mRecvd.
595 // Queue of all incoming messages, except for replies to sync and urgent
596 // messages, which are delivered directly to mRecvd, and any pending urgent
597 // incall, which is stored in mPendingUrgentRequest.
598 //
599 // If both this side and the other side are functioning correctly, the queue
600 // can only be in certain configurations. Let
601 //
602 // |A<| be an async in-message,
603 // |S<| be a sync in-message,
604 // |C<| be an Interrupt in-call,
605 // |R<| be an Interrupt reply.
606 //
607 // The queue can only match this configuration
608 //
609 // A<* (S< | C< | R< (?{mStack.size() == 1} A<* (S< | C<)))
610 //
611 // The other side can send as many async messages |A<*| as it wants before
612 // sending us a blocking message.
613 //
614 // The first case is |S<|, a sync in-msg. The other side must be blocked,
615 // and thus can't send us any more messages until we process the sync
616 // in-msg.
617 //
618 // The second case is |C<|, an Interrupt in-call; the other side must be blocked.
619 // (There's a subtlety here: this in-call might have raced with an
620 // out-call, but we detect that with the mechanism below,
621 // |mRemoteStackDepth|, and races don't matter to the queue.)
622 //
623 // Final case, the other side replied to our most recent out-call |R<|.
624 // If that was the *only* out-call on our stack, |?{mStack.size() == 1}|,
625 // then other side "finished with us," and went back to its own business.
626 // That business might have included sending any number of async message
627 // |A<*| until sending a blocking message |(S< | C<)|. If we had more than
628 // one Interrupt call on our stack, the other side *better* not have sent us
629 // another blocking message, because it's blocked on a reply from us.
630 //
631 MessageQueue mPending;
633 // Stack of all the out-calls on which this channel is awaiting responses.
634 // Each stack refers to a different protocol and the stacks are mutually
635 // exclusive: multiple outcalls of the same kind cannot be initiated while
636 // another is active.
639 // This is what we think the Interrupt stack depth is on the "other side" of this
640 // Interrupt channel. We maintain this variable so that we can detect racy Interrupt
641 // calls. With each Interrupt out-call sent, we send along what *we* think the
642 // stack depth of the remote side is *before* it will receive the Interrupt call.
643 //
644 // After sending the out-call, our stack depth is "incremented" by pushing
645 // that pending message onto mPending.
646 //
647 // Then when processing an in-call |c|, it must be true that
648 //
649 // mStack.size() == c.remoteDepth
650 //
651 // I.e., my depth is actually the same as what the other side thought it
652 // was when it sent in-call |c|. If this fails to hold, we have detected
653 // racy Interrupt calls.
654 //
655 // We then increment mRemoteStackDepth *just before* processing the
656 // in-call, since we know the other side is waiting on it, and decrement
657 // it *just after* finishing processing that in-call, since our response
658 // will pop the top of the other side's |mPending|.
659 //
660 // One nice aspect of this race detection is that it is symmetric; if one
661 // side detects a race, then the other side must also detect the same race.
664 // Approximation of code frames on the C++ stack. It can only be
665 // interpreted as the implication:
666 //
667 // !mCxxStackFrames.empty() => MessageChannel code on C++ stack
668 //
669 // This member is only accessed on the worker thread, and so is not
670 // protected by mMonitor. It is managed exclusively by the helper
671 // |class CxxStackFrame|.
674 // Did we process an Interrupt out-call during this stack? Only meaningful in
675 // ExitedCxxStack(), from which this variable is reset.
678 // Are we waiting on this channel for an incoming message? This is used
679 // to implement WaitForIncomingMessage(). Must only be accessed while owning
680 // mMonitor.
683 // Map of replies received "out of turn", because of Interrupt
684 // in-calls racing with replies to outstanding in-calls. See
685 // https://bugzilla.mozilla.org/show_bug.cgi?id=521929.
686 MessageMap mOutOfTurnReplies;
688 // Stack of Interrupt in-calls that were deferred because of race
689 // conditions.
692 #ifdef OS_WIN
693 HANDLE mEvent;
694 #endif
696 // Should the channel abort the process from the I/O thread when
697 // a channel error occurs?
700 // Should we prevent scripts from running while dispatching urgent messages?
703 // See SetChannelFlags
704 ChannelFlags mFlags;
706 // Task and state used to asynchronously notify channel has been connected
707 // safely. This is necessary to be able to cancel notification if we are
708 // closed at the same time.
712 };
714 bool