| blob | 6a8507af7b7bd5734294185ab1b81de5559b1135 |
1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
31 #include <mozilla/ServoBindings.h>
35 // The GlobalStyleSheetCache is responsible for sharing user agent style sheet
36 // contents across processes using shared memory. Here is a high level view of
37 // how that works:
38 //
39 // * In the parent process, in the GlobalStyleSheetCache constructor (which is
40 // called early on in a process' lifetime), we parse all UA style sheets into
41 // Gecko StyleSheet objects.
42 //
43 // * The constructor calls InitSharedSheetsInParent, which creates a shared
44 // memory segment that we know ahead of time will be big enough to store the
45 // UA sheets.
46 //
47 // * It then creates a Rust SharedMemoryBuilder object and passes it a pointer
48 // to the start of the shared memory.
49 //
50 // * For each UA sheet, we call Servo_SharedMemoryBuilder_AddStylesheet, which
51 // takes the StylesheetContents::rules (an Arc<Locked<CssRules>>), produces a
52 // deep clone of it, and writes that clone into the shared memory:
53 //
54 // * The deep clone isn't a clone() call, but a call to ToShmem::to_shmem. The
55 // ToShmem trait must be implemented on every type that is reachable under
56 // the Arc<Locked<CssRules>>. The to_shmem call for each type will clone the
57 // value, but any heap allocation will be cloned and placed into the shared
58 // memory buffer, rather than heap allocated.
59 //
60 // * For most types, the ToShmem implementation is simple, and we just
61 // #[derive(ToShmem)] it. For the types that need special handling due to
62 // having heap allocations (Vec<T>, Box<T>, Arc<T>, etc.) we have impls that
63 // call to_shmem on the heap allocated data, and then create a new container
64 // (e.g. using Box::from_raw) that points into the shared memory.
65 //
66 // * Arc<T> and Locked<T> want to perform atomic writes on data that needs to
67 // be in the shared memory buffer (the reference count for Arc<T>, and the
68 // SharedRwLock's AtomicRefCell for Locked<T>), so we add special modes to
69 // those objects that skip the writes. For Arc<T>, that means never
70 // dropping the object since we don't track the reference count. That's
71 // fine, since we want to just drop the entire shared memory buffer at
72 // shutdown. For Locked<T>, we just panic on attempting to take the lock
73 // for writing. That's also fine, since we don't want devtools being able
74 // to modify UA sheets.
75 //
76 // * For Atoms in Rust, static atoms are represented by an index into the
77 // static atom table. Then if we need to Deref the Atom we look up the
78 // table. We panic if any Atom we encounter in the UA style sheets is
79 // not a static atom.
80 //
81 // * For each UA sheet, we create a new C++ StyleSheet object using the shared
82 // memory clone of the sheet contents, and throw away the original heap
83 // allocated one. (We could avoid creating a new C++ StyleSheet object
84 // wrapping the shared contents, and update the original StyleSheet object's
85 // contents, but it's doubtful that matters.)
86 //
87 // * When we initially map the shared memory in the parent process in
88 // InitSharedSheetsInParent, we choose an address which is far away from the
89 // current extent of the heap. Although not too far, since we don't want to
90 // unnecessarily fragment the virtual address space.
91 //
92 // * In the child process, as early as possible (in
93 // ContentChild::InitSharedUASheets), we try to map the shared memory at that
94 // same address, then pass the shared memory buffer to
95 // GlobalStyleSheetCache::SetSharedMemory. Since we map at the same
96 // address, this means any internal pointers in the UA sheets back into the
97 // shared memory buffer that were written by the parent process are valid in
98 // the child process too.
99 //
100 // * In practice, mapping at the address we need in the child process this works
101 // nearly all the time. If we fail to map at the address we need, the child
102 // process falls back to parsing and allocating its own copy of the UA sheets.
107 #define PREF_LEGACY_STYLESHEET_CUSTOMIZATION \
108 "toolkit.legacyUserProfileCustomizations.stylesheets"
122 }
124 }
126 #define STYLE_SHEET(identifier_, url_, shared_) \
127 NotNull<StyleSheet*> GlobalStyleSheetCache::identifier_##Sheet() { \
128 if (!m##identifier_##Sheet) { \
129 m##identifier_##Sheet = LoadSheetURL(url_, eAgentSheetFeatures, eCrash); \
130 } \
131 return WrapNotNull(m##identifier_##Sheet); \
132 }
134 #undef STYLE_SHEET
138 }
142 }
152 }
153 // We want to leak the shared memory forever, rather than cleaning up all
154 // potential DOM references and such that chrome code may have created.
155 }
160 }
164 NS_IMETHODIMP
168 UNITS_BYTES,
170 "Memory used for built-in style sheets that are not "
177 "Memory used for built-in style sheets that are shared to "
179 }
182 }
188 #define MEASURE(s) n += s ? s->SizeOfIncludingThis(aMallocSizeOf) : 0;
190 #define STYLE_SHEET(identifier_, url_, shared_) MEASURE(m##identifier_##Sheet);
192 #undef STYLE_SHEET
197 // Measurement of the following members may be added later if DMD finds it is
198 // worthwhile:
199 // - gCSSLoader
202 }
211 }
213 // Load user style sheets.
217 // We know we need xul.css for the UI, so load that now too:
219 }
223 mUserContentSheet =
226 }
228 // If we are the in the parent process, then we load all of the UA sheets that
229 // are shareable and store them into shared memory. In both the parent and
230 // the content process, we load these sheets out of shared memory.
231 //
232 // The shared memory buffer's format is a Header object, which contains
233 // internal pointers to each of the shared style sheets, followed by the style
234 // sheets themselves.
237 // Load the style sheets and store them in a new shared memory buffer.
240 // Use the shared memory handle that was given to us by a SetSharedMemory
241 // call under ContentChild::InitXPCOM.
243 "GlobalStyleSheetCache::SetSharedMemory should have mapped "
245 }
246 }
248 // If we get here and we don't have a shared memory handle, then it means
249 // either we failed to create the shared memory buffer in the parent process
250 // (unexpected), or we failed to map the shared memory buffer at the address
251 // we needed in the content process (might happen).
252 //
253 // If sSharedMemory is non-null, but it is not currently mapped, then it means
254 // we are in the parent process, and we failed to re-map the memory after
255 // freezing it. (We keep sSharedMemory around so that we can still share it
256 // to content processes.)
257 //
258 // In the parent process, this means we'll just leave our eagerly loaded
259 // non-shared sheets in the mFooSheet fields. In a content process, we'll
260 // lazily load our own copies of the sheets later.
265 #define STYLE_SHEET(identifier_, url_, shared_) \
266 if (shared_) { \
267 LoadSheetFromSharedMemory(url_, &m##identifier_##Sheet, \
268 eAgentSheetFeatures, header, \
269 UserAgentStyleSheetID::identifier_); \
270 }
272 #undef STYLE_SHEET
273 }
274 }
275 }
298 }
307 }
309 // We need to choose an address to map the shared memory in the parent process
310 // that we'll also be able to use in content processes. There's no way to
311 // pick an address that is guaranteed to be free in future content processes,
312 // so instead we pick an address that is some distance away from current heap
313 // allocations and hope that by the time the content process maps the shared
314 // memory, that address will be free.
315 //
316 // On 64 bit, we have a large amount of address space, so we pick an address
317 // half way through the next 8 GiB of free space, and this has a very good
318 // chance of succeeding. On 32 bit, address space is more constrained. We
319 // only have 3 GiB of space to work with, and we don't want to pick a location
320 // right in the middle, since that could cause future large allocations to
321 // fail. So we pick an address half way through the next 512 MiB of free
322 // space. Experimentally this seems to work 9 times out of 10; this is good
323 // enough, as it means only 1 in 10 content processes will have its own unique
324 // copies of the UA style sheets, and we're still getting a significant
325 // overall memory saving.
326 //
327 // In theory ASLR could reduce the likelihood of the mapping succeeding in
328 // content processes, due to our expectations of where the heap is being
329 // wrong, but in practice this isn't an issue.
330 #ifdef HAVE_64BIT_BUILD
332 #else
334 #endif
339 }
342 // Failed to map at the address we computed for some reason. Fall back
343 // to just allocating at a location of the OS's choosing, and hope that
344 // it works in the content process.
347 }
348 }
353 #ifdef DEBUG
356 }
357 #endif
362 nsCString message;
364 // Copy each one into the shared memory, and record its pointer.
365 //
366 // Normally calling ToShared on UA sheets should not fail. It happens
367 // in practice in odd cases that seem like corrupted installations; see bug
368 // 1621773. On failure, return early and fall back to non-shared sheets.
369 #define STYLE_SHEET(identifier_, url_, shared_) \
370 if (shared_) { \
371 StyleSheet* sheet = identifier_##Sheet(); \
372 size_t i = size_t(UserAgentStyleSheetID::identifier_); \
373 URLExtraData::sShared[i] = sheet->URLData(); \
374 header->mSheets[i] = sheet->ToShared(builder.get(), message); \
375 if (!header->mSheets[i]) { \
377 return; \
378 } \
379 }
381 #undef STYLE_SHEET
383 // Finished writing into the shared memory. Freeze it, so that a process
384 // can't confuse other processes by changing the UA style sheet contents.
387 }
389 // The Freeze() call unmaps the shared memory. Re-map it again as read only.
390 // If this fails, due to something else being mapped into the same place
391 // between the Freeze() and Map() call, we can just fall back to keeping our
392 // own copy of the UA style sheets in the parent, and still try sending the
393 // shared memory to the content processes.
396 // Record how must of the shared memory we have used, for memory reporting
397 // later. We round up to the nearest page since the free space at the end
398 // of the page isn't really usable for anything else.
399 //
400 // TODO(heycam): This won't be true on Windows unless we allow creating the
401 // shared memory with SEC_RESERVE so that the pages are reserved but not
402 // committed.
404 sUsedSharedMemory =
409 }
413 }
417 }
419 /* static */
427 // For each pref that controls a CSS feature that a UA style sheet depends
428 // on (such as a pref that enables a property that a UA style sheet uses),
429 // register DependentPrefChanged as a callback to ensure that the relevant
430 // style sheets will be re-parsed.
431 // Preferences::RegisterCallback(&DependentPrefChanged,
432 // "layout.css.example-pref.enabled");
433 }
436 }
441 }
449 }
455 // if we don't have a profile yet, that's OK!
457 }
467 }
471 FailureAction aFailureAction) {
475 }
483 }
488 }
491 FailureAction aFailureAction) {
500 }
501 }
504 }
511 }
515 }
521 aURI,
525 aFailureAction);
526 }
528 }
539 }
543 }
544 }
550 }
552 }