| blob | 894f075696a66f82091f6cca4edbe8b1992a341e |
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 * vim: sw=4 ts=4 et :
3 */
4 /* This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
8 #ifndef ipc_glue_MessageChannel_h
9 #define ipc_glue_MessageChannel_h 1
22 #include <deque>
23 #include <stack>
24 #include <math.h>
32 {
36 {}
42 };
45 {
63 // "Open" from the perspective of the transport layer; the underlying
64 // socketpair/pipe should already be created.
65 //
66 // Returns true if the transport layer was successfully connected,
67 // i.e., mChannelState == ChannelConnected.
70 // "Open" a connection to another thread in the same process.
71 //
72 // Returns true if the transport layer was successfully connected,
73 // i.e., mChannelState == ChannelConnected.
74 //
75 // For more details on the process of opening a channel between
76 // threads, see the extended comment on this function
77 // in MessageChannel.cpp.
80 // Close the underlying transport channel.
83 // Force the channel to behave as if a channel error occurred. Valid
84 // for process links only, not thread links.
90 {
92 }
94 // Misc. behavioral traits consumers can request for this channel
97 // Windows: if this channel operates on the UI thread, indicates
98 // WindowsMessageLoop code should enable deferred native message
99 // handling to prevent deadlocks. Should only be used for protocols
100 // that manage child processes which might create native UI, like
101 // plugins.
103 };
110 {
112 }
114 // Asynchronously send a message to the other side of the channel
117 // Asynchronously deliver a message back to this side of the
118 // channel
121 // Synchronously send |msg| (i.e., wait for |reply|)
124 // Make an Interrupt call to the other side of the channel
127 // Wait until a message is received
136 }
140 // Unsound_IsClosed and Unsound_NumQueuedMessages are safe to call from any
141 // thread, but they make no guarantees about whether you'll get an
142 // up-to-date value; the values are written on one thread and read without
143 // locking, on potentially different threads. Thus you should only use
144 // them when you don't particularly care about getting a recent value (e.g.
145 // in a memory report).
148 }
151 }
155 }
158 }
160 #ifdef OS_WIN
161 struct MOZ_STACK_CLASS SyncStackFrame
162 {
171 // The previous stack frame for this channel.
174 // The previous stack frame on any channel.
176 };
183 }
185 }
188 // The deepest sync stack frame for this channel.
193 // The deepest sync stack frame on any channel.
202 #endif
216 // Send OnChannelConnected notification to listeners.
227 // Executed on the worker thread. Dequeues one pending message.
231 // Dispatches an incoming message to its appropriate handler.
234 // DispatchMessage will route to one of these functions depending on the
235 // protocol type of the message.
242 // Return true if the wait ended because a notification was received.
243 //
244 // Return false if the time elapsed from when we started the process of
245 // waiting until afterwards exceeded the currently allotted timeout.
246 // That *DOES NOT* mean false => "no event" (== timeout); there are many
247 // circumstances that could cause the measured elapsed time to exceed the
248 // timeout EVEN WHEN we were notified.
249 //
250 // So in sum: true is a meaningful return value; false isn't,
251 // necessarily.
259 // The "remote view of stack depth" can be different than the
260 // actual stack depth when there are out-of-turn replies. When we
261 // receive one, our actual Interrupt stack depth doesn't decrease, but
262 // the other side (that sent the reply) thinks it has. So, the
263 // "view" returned here is |stackDepth| minus the number of
264 // out-of-turn replies.
265 //
266 // Only called from the worker thread.
270 }
275 }
277 // This helper class manages mCxxStackDepth on behalf of MessageChannel.
278 // When the stack depth is incremented from zero to non-zero, it invokes
279 // a callback, and similarly for when the depth goes from non-zero to zero.
282 }
288 }
292 }
296 }
302 // This method is only safe to call on the worker thread, or in a
303 // debugger with all threads paused.
307 // Called from both threads
311 }
313 // Returns true if we're blocking waiting for a reply.
317 }
321 }
325 }
329 }
331 class MOZ_STACK_CLASS AutoEnterWaitForIncoming
332 {
336 {
339 }
342 {
344 }
348 };
351 // Returns true if we're dispatching a sync message's callback.
355 }
360 }
365 }
370 }
375 // Executed on the IO thread.
378 // Return true if |aMsg| is a special message targeted at the IO
379 // thread, in which case it shouldn't be delivered to the worker.
384 // Tell the IO thread to close the channel and wait for it to ACK.
392 // Run on the not current thread.
397 // Can be run on either thread
399 {
402 }
404 // The "link" thread is either the I/O thread (ProcessLink) or the
405 // other actor's work thread (ThreadLink). In either case, it is
406 // NOT our worker thread.
408 {
411 }
418 // All dequeuing tasks require a single point of cancellation,
419 // which is handled via a reference-counted task.
420 class RefCountedTask
421 {
425 { }
436 };
438 // Wrap an existing task which can be cancelled at any time
439 // without the wrapper's knowledge.
441 {
445 { }
450 };
454 ChannelState mChannelState;
456 Side mSide;
461 // id() of mWorkerLoop. This persists even after mWorkerLoop is cleared
462 // during channel shutdown.
465 // A task encapsulating dequeuing one pending message.
468 // Timeout periods are broken up in two to prevent system suspension from
469 // triggering an abort. This method (called by WaitForEvent with a 'did
470 // timeout' flag) decides if we should wait again for half of mTimeoutMs
471 // or give up.
475 // Worker-thread only; sequence numbers for messages that require
476 // synchronous replies.
486 {
488 }
491 }
494 T mPrev;
495 };
497 // Worker thread only.
501 // Set while we are dispatching a synchronous message. Only for use on the
502 // worker thread.
509 // When we send an urgent request from the parent process, we could race
510 // with an RPC message that was issued by the child beforehand. In this
511 // case, if the parent were to wake up while waiting for the urgent reply,
512 // and process the RPC, it could send an additional urgent message. The
513 // child would wake up to process the urgent message (as it always will),
514 // then send a reply, which could be received by the parent out-of-order
515 // with respect to the first urgent reply.
516 //
517 // To address this problem, urgent or RPC requests are associated with a
518 // "transaction". Whenever one side of the channel wishes to start a
519 // chain of RPC/urgent messages, it allocates a new transaction ID. Any
520 // messages the parent receives, not apart of this transaction, are
521 // deferred. When issuing RPC/urgent requests on top of a started
522 // transaction, the initiating transaction ID is used.
523 //
524 // To ensure IDs are unique, we use sequence numbers for transaction IDs,
525 // which grow in opposite directions from child to parent.
527 // The current transaction ID.
530 class AutoEnterTransaction
531 {
536 {
540 }
544 {
553 }
557 }
562 };
564 // If a sync message times out, we store its sequence number here. Any
565 // future sync messages will fail immediately. Once the reply for original
566 // sync message is received, we allow sync messages again.
567 //
568 // When a message times out, nothing is done to inform the other side. The
569 // other side will eventually dispatch the message and send a reply. Our
570 // side is responsible for replying to all sync messages sent by the other
571 // side when it dispatches the timed out message. The response is always an
572 // error.
573 //
574 // A message is only timed out if it initiated a transaction. This avoids
575 // hitting a lot of corner cases with message nesting that we don't really
576 // care about.
579 // If waiting for the reply to a sync out-message, it will be saved here
580 // on the I/O thread and then read and cleared by the worker thread.
583 // If a sync message reply that is an error arrives, we increment this
584 // counter rather than storing it in mRecvd.
587 // Queue of all incoming messages, except for replies to sync and urgent
588 // messages, which are delivered directly to mRecvd, and any pending urgent
589 // incall, which is stored in mPendingUrgentRequest.
590 //
591 // If both this side and the other side are functioning correctly, the queue
592 // can only be in certain configurations. Let
593 //
594 // |A<| be an async in-message,
595 // |S<| be a sync in-message,
596 // |C<| be an Interrupt in-call,
597 // |R<| be an Interrupt reply.
598 //
599 // The queue can only match this configuration
600 //
601 // A<* (S< | C< | R< (?{mStack.size() == 1} A<* (S< | C<)))
602 //
603 // The other side can send as many async messages |A<*| as it wants before
604 // sending us a blocking message.
605 //
606 // The first case is |S<|, a sync in-msg. The other side must be blocked,
607 // and thus can't send us any more messages until we process the sync
608 // in-msg.
609 //
610 // The second case is |C<|, an Interrupt in-call; the other side must be blocked.
611 // (There's a subtlety here: this in-call might have raced with an
612 // out-call, but we detect that with the mechanism below,
613 // |mRemoteStackDepth|, and races don't matter to the queue.)
614 //
615 // Final case, the other side replied to our most recent out-call |R<|.
616 // If that was the *only* out-call on our stack, |?{mStack.size() == 1}|,
617 // then other side "finished with us," and went back to its own business.
618 // That business might have included sending any number of async message
619 // |A<*| until sending a blocking message |(S< | C<)|. If we had more than
620 // one Interrupt call on our stack, the other side *better* not have sent us
621 // another blocking message, because it's blocked on a reply from us.
622 //
623 MessageQueue mPending;
625 // Stack of all the out-calls on which this channel is awaiting responses.
626 // Each stack refers to a different protocol and the stacks are mutually
627 // exclusive: multiple outcalls of the same kind cannot be initiated while
628 // another is active.
631 // This is what we think the Interrupt stack depth is on the "other side" of this
632 // Interrupt channel. We maintain this variable so that we can detect racy Interrupt
633 // calls. With each Interrupt out-call sent, we send along what *we* think the
634 // stack depth of the remote side is *before* it will receive the Interrupt call.
635 //
636 // After sending the out-call, our stack depth is "incremented" by pushing
637 // that pending message onto mPending.
638 //
639 // Then when processing an in-call |c|, it must be true that
640 //
641 // mStack.size() == c.remoteDepth
642 //
643 // I.e., my depth is actually the same as what the other side thought it
644 // was when it sent in-call |c|. If this fails to hold, we have detected
645 // racy Interrupt calls.
646 //
647 // We then increment mRemoteStackDepth *just before* processing the
648 // in-call, since we know the other side is waiting on it, and decrement
649 // it *just after* finishing processing that in-call, since our response
650 // will pop the top of the other side's |mPending|.
651 //
652 // One nice aspect of this race detection is that it is symmetric; if one
653 // side detects a race, then the other side must also detect the same race.
656 // Approximation of code frames on the C++ stack. It can only be
657 // interpreted as the implication:
658 //
659 // !mCxxStackFrames.empty() => MessageChannel code on C++ stack
660 //
661 // This member is only accessed on the worker thread, and so is not
662 // protected by mMonitor. It is managed exclusively by the helper
663 // |class CxxStackFrame|.
666 // Did we process an Interrupt out-call during this stack? Only meaningful in
667 // ExitedCxxStack(), from which this variable is reset.
670 // Are we waiting on this channel for an incoming message? This is used
671 // to implement WaitForIncomingMessage(). Must only be accessed while owning
672 // mMonitor.
675 // Map of replies received "out of turn", because of Interrupt
676 // in-calls racing with replies to outstanding in-calls. See
677 // https://bugzilla.mozilla.org/show_bug.cgi?id=521929.
678 MessageMap mOutOfTurnReplies;
680 // Stack of Interrupt in-calls that were deferred because of race
681 // conditions.
684 #ifdef OS_WIN
685 HANDLE mEvent;
686 #endif
688 // Should the channel abort the process from the I/O thread when
689 // a channel error occurs?
692 // Should we prevent scripts from running while dispatching urgent messages?
695 // See SetChannelFlags
696 ChannelFlags mFlags;
698 // Task and state used to asynchronously notify channel has been connected
699 // safely. This is necessary to be able to cancel notification if we are
700 // closed at the same time.
704 };
706 bool