| blob | 5a685c195b075b73c15acfbcc4186f704cd39535 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at https://mozilla.org/MPL/2.0/. */
7 #ifndef mozilla_ipc_ProtocolUtils_h
8 #define mozilla_ipc_ProtocolUtils_h 1
37 #if defined(ANDROID) && defined(DEBUG)
38 # include <android/log.h>
39 #endif
46 // WARNING: this takes into account the private, special-message-type
47 // enum in ipc_channel.h. They need to be kept in sync.
49 // XXX the max message ID is actually kuint32max now ... when this
50 // changed, the assumptions of the special message IDs changed in that
51 // they're not carving out messages from likely-unallocated space, but
52 // rather carving out messages from the end of space allocated to
53 // protocol 0. Oops! We can get away with this until protocol 0
54 // starts approaching its 65,536th message.
65 // kuint16max - 1 is used by ipc_channel.h.
66 };
85 #ifdef FUZZING
87 #endif
91 #ifdef XP_WIN
94 // In theory, on Windows, this is a valid process ID, but in practice they are
95 // currently divisible by four. Process IDs share the kernel handle allocation
96 // code and they are guaranteed to be divisible by four.
97 // As this could change for process IDs we shouldn't generally rely on this
98 // property, however even if that were to change, it seems safe to rely on this
99 // particular value never being used.
101 #else
104 #endif
106 // Scoped base::ProcessHandle to ensure base::CloseProcessHandle is called.
115 }
116 }
117 };
123 // Used to pass references to protocol actors across the wire.
124 // Actors created on the parent-side have a positive ID, and actors
125 // allocated on the child side have a negative ID.
128 };
130 // What happens if Interrupt calls race?
134 // The actor has not established a link yet, or the actor is no longer in use
135 // by IPC, and its 'Dealloc' method has been called or is being called.
136 //
137 // NOTE: This state is used instead of an explicit `Freed` state when IPC no
138 // longer holds references to the current actor as we currently re-open
139 // existing actors. Once we fix these poorly behaved actors, this loopback
140 // state can be split to have the final state not be the same as the initial
141 // state.
142 Inactive,
144 // A live link is connected to the other side of this actor.
145 Connected,
147 // The link has begun being destroyed. Messages may still be received, but
148 // cannot be sent. (exception: sync/intr replies may be sent while Doomed).
149 Doomed,
151 // The link has been destroyed, and messages will no longer be sent or
152 // received.
153 Destroyed,
154 };
158 // Generated by IPDL compiler
167 FailedConstructor,
168 Deletion,
169 AncestorDeletion,
170 NormalShutdown,
171 AbnormalShutdown
172 };
189 // The following methods either directly forward to the toplevel protocol, or
190 // almost directly do.
206 // Sets an event target to which all messages for aActor will be
207 // dispatched. This method must be called before right before the SendPFoo
208 // message for aActor is sent. And SendPFoo *must* be called if
209 // SetEventTargetForActor is called. The receiver when calling
210 // SetEventTargetForActor must be the actor that will be the manager for
211 // aActor.
215 // Replace the event target for the messages of aActor. There must not be
216 // any messages of aActor in the task queue, or we might run into some
217 // unexpected behavior.
226 // Actor lifecycle and other properties.
240 }
242 // Remove or deallocate a managee given its type.
273 // We have separate functions because the accessibility code manually
274 // calls SetManager.
277 // Sets the manager for the protocol and registers the protocol with
278 // its manager, setting up channels for the protocol as well. Not
279 // for use outside of IPDL.
283 // Helpers for calling `Send` on our underlying IPC channel.
297 }
298 }
300 // Collect all actors managed by this object in an array. To make this safer
301 // to iterate, `ActorLifecycleProxy` references are returned rather than raw
302 // actor pointers.
306 // Internal method called when the actor becomes connected.
309 // Called immediately before setting the actor state to doomed, and triggering
310 // async actor destruction. Messages may be sent from this callback, but no
311 // later.
312 // FIXME(nika): This is currently unused!
316 // Called when the actor has been destroyed due to an error, a __delete__
317 // message, or a __doom__ reply.
321 // Called when IPC has acquired its first reference to the actor. This method
322 // may take references which will later be freed by `ActorDealloc`.
325 // Called when IPC has released its final reference to the actor. It will call
326 // the dealloc method, causing the actor to be actually freed.
327 //
328 // The actor has been freed after this method returns.
332 }
333 }
340 ProtocolId mProtocolId;
341 Side mSide;
342 LinkStatus mLinkStatus;
346 };
348 #define IPC_OK() mozilla::ipc::IPCResult::Ok()
349 #define IPC_FAIL(actor, why) \
350 mozilla::ipc::IPCResult::Fail(WrapNotNull(actor), __func__, (why))
351 #define IPC_FAIL_NO_REASON(actor) \
352 mozilla::ipc::IPCResult::Fail(WrapNotNull(actor), __func__)
354 /**
355 * All message deserializer and message handler should return this
356 * type via above macros. We use a less generic name here to avoid
357 * conflict with mozilla::Result because we have quite a few using
358 * namespace mozilla::ipc; in the code base.
359 */
370 };
375 /**
376 * All top-level protocols should inherit this class.
377 *
378 * IToplevelProtocol tracks all top-level protocol actors created from
379 * this protocol actor.
380 */
382 #ifdef FUZZING
384 #endif
391 Side aSide);
395 // Shadow methods on IProtocol which are implemented directly on toplevel
396 // actors.
412 // NOTE: The target actor's Manager must already be set.
435 // Open a toplevel actor such that both ends of the actor's channel are on
436 // the same thread. This method should be called on the thread to perform
437 // the link.
438 //
439 // WARNING: Attempting to send a sync or intr message on the same thread
440 // will crash.
444 /**
445 * This sends a special message that is processed on the IO thread, so that
446 * other actors can know that the process will soon shutdown.
447 */
460 // WARNING: This function is called with the MessageChannel monitor held.
463 // The code here is only useful for fuzzing. It should not be used for any
464 // other purpose.
465 #ifdef DEBUG
466 // Returns true if we should simulate a timeout.
467 // WARNING: This is a testing-only function that is called with the
468 // MessageChannel monitor held. Don't do anything fancy here or we could
469 // deadlock.
472 // Returns true if we want to cause the worker thread to sleep with the
473 // monitor unlocked.
476 // This function should be implemented to sleep for some amount of time on
477 // the worker thread. Will only be called if NeedArtificialSleep() returns
478 // true.
480 #else
484 #endif
496 }
498 /**
499 * Return true if windows messages can be handled while waiting for a reply
500 * to a sync IPDL message.
501 */
526 // NOTE NOTE NOTE
527 // Used to be on mState
532 // XXX: We no longer need mEventTargetMap for Quantum DOM, so it may be
533 // worthwhile to remove it before people start depending on it for other weird
534 // things.
535 Mutex mEventTargetMutex;
538 MessageChannel mChannel;
539 };
550 };
552 #define FORWARD_SHMEM_ALLOCATOR_TO(aImplClass) \
553 virtual bool AllocShmem( \
554 size_t aSize, mozilla::ipc::SharedMemory::SharedMemoryType aShmType, \
555 mozilla::ipc::Shmem* aShmem) override { \
556 return aImplClass::AllocShmem(aSize, aShmType, aShmem); \
557 } \
558 virtual bool AllocUnsafeShmem( \
559 size_t aSize, mozilla::ipc::SharedMemory::SharedMemoryType aShmType, \
560 mozilla::ipc::Shmem* aShmem) override { \
561 return aImplClass::AllocUnsafeShmem(aSize, aShmType, aShmem); \
562 } \
563 virtual bool DeallocShmem(mozilla::ipc::Shmem& aShmem) override { \
564 return aImplClass::DeallocShmem(aShmem); \
565 }
568 #if defined(DEBUG) || defined(FUZZING)
570 #else
572 #endif
573 }
575 #if defined(DEBUG) || defined(FUZZING)
577 #endif
580 #if defined(DEBUG) || defined(FUZZING)
582 #else
584 #endif
585 }
591 MessageDirection aDirection);
595 // The code generator calls this function for errors which come from the
596 // methods of protocols. Doing this saves codesize by making the error
597 // cases significantly smaller.
600 // The code generator calls this function for errors which are not
601 // protocol-specific: errors in generated struct methods or errors in
602 // transition functions, for instance. Doing this saves codesize by
603 // by making the error cases significantly smaller.
622 #if defined(XP_WIN)
623 // This is a restricted version of Windows' DuplicateHandle() function
624 // that works inside the sandbox and can send handles but not retrieve
625 // them. Unlike DuplicateHandle(), it takes a process ID rather than
626 // a process handle. It returns true on success, false otherwise.
629 DWORD aOptions);
630 #endif
632 /**
633 * Annotate the crash reporter with the error code from the most recent system
634 * call. Returns the system error.
635 */
638 /**
639 * An endpoint represents one end of a partially initialized IPDL channel. To
640 * set up a new top-level protocol:
641 *
642 * Endpoint<PFooParent> parentEp;
643 * Endpoint<PFooChild> childEp;
644 * nsresult rv;
645 * rv = PFoo::CreateEndpoints(parentPid, childPid, &parentEp, &childEp);
646 *
647 * You're required to pass in parentPid and childPid, which are the pids of the
648 * processes in which the parent and child endpoints will be used.
649 *
650 * Endpoints can be passed in IPDL messages or sent to other threads using
651 * PostTask. Once an Endpoint has arrived at its destination process and thread,
652 * you need to create the top-level actor and bind it to the endpoint:
653 *
654 * FooParent* parent = new FooParent();
655 * bool rv1 = parentEp.Bind(parent, processActor);
656 * bool rv2 = parent->SendBar(...);
657 *
658 * (See Bind below for an explanation of processActor.) Once the actor is bound
659 * to the endpoint, it can send and receive messages.
660 */
674 ProcessId aOtherPid)
688 }
690 }
696 }
703 }
708 }
709 }
713 // This method binds aActor to this endpoint. After this call, the actor can
714 // be used to send and receive messages. The endpoint becomes invalid.
723 }
728 }
731 }
743 TransportDescriptor mTransport;
745 };
747 #if defined(XP_MACOSX)
749 #else
752 #endif
754 // This function is used internally to create a pair of Endpoints. See the
755 // comment above Endpoint for a description of how it might be used.
766 nsresult rv;
772 }
783 }
785 /**
786 * A managed endpoint represents one end of a partially initialized managed
787 * IPDL actor. It is used for situations where the usual IPDL Constructor
788 * methods do not give sufficient control over the construction of actors, such
789 * as when constructing actors within replies, or constructing multiple related
790 * actors simultaneously.
791 *
792 * FooParent* parent = new FooParent();
793 * ManagedEndpoint<PFooChild> childEp = parentMgr->OpenPFooEndpoint(parent);
794 *
795 * ManagedEndpoints should be sent using IPDL messages or other mechanisms to
796 * the other side of the manager channel. Once the ManagedEndpoint has arrived
797 * at its destination, you can create the actor, and bind it to the endpoint.
798 *
799 * FooChild* child = new FooChild();
800 * childMgr->BindPFooEndpoint(childEp, child);
801 *
802 * WARNING: If the remote side of an endpoint has not been bound before it
803 * begins to receive messages, an IPC routing error will occur, likely causing
804 * a browser crash.
805 */
815 }
821 }
835 // The routing ID for the to-be-created endpoint.
838 // XXX(nika): Might be nice to have other info for assertions?
839 // e.g. mManagerId, mManagerType, etc.
840 };
842 // The ActorLifecycleProxy is a helper type used internally by IPC to maintain a
843 // maybe-owning reference to an IProtocol object. For well-behaved actors
844 // which are not freed until after their `Dealloc` method is called, a
845 // reference to an actor's `ActorLifecycleProxy` object is an owning one, as the
846 // `Dealloc` method will only be called when all references to the
847 // `ActorLifecycleProxy` are released.
848 //
849 // Unfortunately, some actors may be destroyed before their `Dealloc` method
850 // is called. For these actors, `ActorLifecycleProxy` acts as a weak pointer,
851 // and will begin to return `nullptr` from its `Get()` method once the
852 // corresponding actor object has been destroyed.
853 //
854 // When calling a `Recv` method, IPC will hold a `ActorLifecycleProxy` reference
855 // to the target actor, meaning that well-behaved actors can behave as though a
856 // strong reference is being held.
857 //
858 // Generic IPC code MUST treat ActorLifecycleProxy references as weak
859 // references!
877 // Hold a reference to the actor's manager's ActorLifecycleProxy to help
878 // prevent it from dying while we're still alive!
880 };
892 // Having the core logic work on void pointers, rather than typed pointers,
893 // means that we can have one instance of this code out-of-line, rather
894 // than several hundred instances of this code out-of-lined. (Those
895 // repeated instances don't necessarily get folded together by the linker
896 // because they contain member offsets and such that differ between the
897 // functions.) We do have to pay for it with some eye-bleedingly bad casts,
898 // though.
904 }
905 };
912 }
915 }
921 }
923 }
935 }
943 }
945 }
949 }
950 };
960 }
964 // We duplicate the descriptor so that our own file descriptor remains
965 // valid after the write. An alternative would be to set
966 // aParam.mTransport.mValid to false, but that won't work because aParam
967 // is const.
974 }
982 }
984 // Object is empty, but read succeeded.
986 }
994 }
997 }
1001 }
1002 };
1010 }
1018 }
1020 }
1024 }
1025 };