gecko-dev/dom/ipc/ContentParent.h
Justin Lebar 32e25ae5f6 Bug 899761 - Fix a debug-build shutdown crash in ContentParent. r=khuey
Sometimes a ContentParent object gets destroyed after XPCOM shutdown has
shut down the cycle collector.  If the ContentParent destructor releases
a cycle collected object (e.g. mMessageManager), this causes the cycle
collector to assert.
2013-07-31 14:26:19 -07:00

491 lines
20 KiB
C++

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set sw=4 ts=8 et tw=80 : */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef mozilla_dom_ContentParent_h
#define mozilla_dom_ContentParent_h
#include "base/waitable_event_watcher.h"
#include "mozilla/dom/PContentParent.h"
#include "mozilla/dom/PMemoryReportRequestParent.h"
#include "mozilla/dom/TabContext.h"
#include "mozilla/ipc/GeckoChildProcessHost.h"
#include "mozilla/dom/ipc/Blob.h"
#include "mozilla/Attributes.h"
#include "mozilla/HalTypes.h"
#include "mozilla/LinkedList.h"
#include "mozilla/StaticPtr.h"
#include "nsFrameMessageManager.h"
#include "nsIObserver.h"
#include "nsIThreadInternal.h"
#include "nsNetUtil.h"
#include "nsIPermissionManager.h"
#include "nsIDOMGeoPositionCallback.h"
#include "nsIMemoryReporter.h"
#include "nsCOMArray.h"
#include "nsDataHashtable.h"
#include "nsHashKeys.h"
#include "PermissionMessageUtils.h"
#define CHILD_PROCESS_SHUTDOWN_MESSAGE NS_LITERAL_STRING("child-process-shutdown")
class mozIApplication;
class nsConsoleService;
class nsIDOMBlob;
namespace mozilla {
namespace ipc {
class OptionalURIParams;
class URIParams;
class TestShellParent;
} // namespace ipc
namespace jsipc {
class JavaScriptParent;
}
namespace layers {
class PCompositorParent;
} // namespace layers
namespace dom {
class TabParent;
class PStorageParent;
class ClonedMessageData;
class ContentParent : public PContentParent
, public nsIObserver
, public nsIThreadObserver
, public nsIDOMGeoPositionCallback
, public mozilla::dom::ipc::MessageManagerCallback
, public mozilla::LinkedListElement<ContentParent>
{
typedef mozilla::ipc::GeckoChildProcessHost GeckoChildProcessHost;
typedef mozilla::ipc::OptionalURIParams OptionalURIParams;
typedef mozilla::ipc::TestShellParent TestShellParent;
typedef mozilla::ipc::URIParams URIParams;
typedef mozilla::dom::ClonedMessageData ClonedMessageData;
public:
/**
* Start up the content-process machinery. This might include
* scheduling pre-launch tasks.
*/
static void StartUp();
/** Shut down the content-process machinery. */
static void ShutDown();
/**
* Ensure that all subprocesses are terminated and their OS
* resources have been reaped. This is synchronous and can be
* very expensive in general. It also bypasses the normal
* shutdown process.
*/
static void JoinAllSubprocesses();
static already_AddRefed<ContentParent>
GetNewOrUsed(bool aForBrowserElement = false);
/**
* Create a subprocess suitable for use as a preallocated app process.
*/
static already_AddRefed<ContentParent> PreallocateAppProcess();
/**
* Get or create a content process for the given TabContext. aFrameElement
* should be the frame/iframe element with which this process will
* associated.
*/
static TabParent*
CreateBrowserOrApp(const TabContext& aContext,
Element* aFrameElement);
static void GetAll(nsTArray<ContentParent*>& aArray);
static void GetAllEvenIfDead(nsTArray<ContentParent*>& aArray);
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSIOBSERVER
NS_DECL_NSITHREADOBSERVER
NS_DECL_NSIDOMGEOPOSITIONCALLBACK
/**
* MessageManagerCallback methods that we override.
*/
virtual bool DoSendAsyncMessage(JSContext* aCx,
const nsAString& aMessage,
const mozilla::dom::StructuredCloneData& aData,
JS::Handle<JSObject *> aCpows) MOZ_OVERRIDE;
virtual bool CheckPermission(const nsAString& aPermission) MOZ_OVERRIDE;
virtual bool CheckManifestURL(const nsAString& aManifestURL) MOZ_OVERRIDE;
virtual bool CheckAppHasPermission(const nsAString& aPermission) MOZ_OVERRIDE;
virtual bool CheckAppHasStatus(unsigned short aStatus) MOZ_OVERRIDE;
/** Notify that a tab is beginning its destruction sequence. */
void NotifyTabDestroying(PBrowserParent* aTab);
/** Notify that a tab was destroyed during normal operation. */
void NotifyTabDestroyed(PBrowserParent* aTab,
bool aNotifiedDestroying);
TestShellParent* CreateTestShell();
bool DestroyTestShell(TestShellParent* aTestShell);
TestShellParent* GetTestShellSingleton();
jsipc::JavaScriptParent *GetCPOWManager();
void ReportChildAlreadyBlocked();
bool RequestRunToCompletion();
bool IsAlive();
bool IsForApp();
void SetChildMemoryReporters(const InfallibleTArray<MemoryReport>& report);
GeckoChildProcessHost* Process() {
return mSubprocess;
}
int32_t Pid();
bool NeedsPermissionsUpdate() {
return mSendPermissionUpdates;
}
BlobParent* GetOrCreateActorForBlob(nsIDOMBlob* aBlob);
/**
* Kill our subprocess and make sure it dies. Should only be used
* in emergency situations since it bypasses the normal shutdown
* process.
*/
void KillHard();
uint64_t ChildID() { return mChildID; }
bool IsPreallocated();
/**
* Get a user-friendly name for this ContentParent. We make no guarantees
* about this name: It might not be unique, apps can spoof special names,
* etc. So please don't use this name to make any decisions about the
* ContentParent based on the value returned here.
*/
void FriendlyName(nsAString& aName);
protected:
void OnChannelConnected(int32_t pid) MOZ_OVERRIDE;
virtual void ActorDestroy(ActorDestroyReason why);
private:
static nsDataHashtable<nsStringHashKey, ContentParent*> *sAppContentParents;
static nsTArray<ContentParent*>* sNonAppContentParents;
static nsTArray<ContentParent*>* sPrivateContent;
static StaticAutoPtr<LinkedList<ContentParent> > sContentParents;
static void JoinProcessesIOThread(const nsTArray<ContentParent*>* aProcesses,
Monitor* aMonitor, bool* aDone);
// Take the preallocated process and transform it into a "real" app process,
// for the specified manifest URL. If there is no preallocated process (or
// if it's dead), this returns false.
static already_AddRefed<ContentParent>
MaybeTakePreallocatedAppProcess(const nsAString& aAppManifestURL,
ChildPrivileges aPrivs,
hal::ProcessPriority aInitialPriority);
static hal::ProcessPriority GetInitialProcessPriority(Element* aFrameElement);
// Hide the raw constructor methods since we don't want client code
// using them.
using PContentParent::SendPBrowserConstructor;
using PContentParent::SendPTestShellConstructor;
// No more than one of !!aApp, aIsForBrowser, and aIsForPreallocated may be
// true.
ContentParent(mozIApplication* aApp,
bool aIsForBrowser,
bool aIsForPreallocated,
ChildPrivileges aOSPrivileges = base::PRIVILEGES_DEFAULT,
hal::ProcessPriority aInitialPriority = hal::PROCESS_PRIORITY_FOREGROUND);
virtual ~ContentParent();
void Init();
// If the frame element indicates that the child process is "critical" and
// has a pending system message, this function acquires the CPU wake lock on
// behalf of the child. We'll release the lock when the system message is
// handled or after a timeout, whichever comes first.
void MaybeTakeCPUWakeLock(Element* aFrameElement);
// Set the child process's priority and then check whether the child is
// still alive. Returns true if the process is still alive, and false
// otherwise. If you pass a FOREGROUND* priority here, it's (hopefully)
// unlikely that the process will be killed after this point.
bool SetPriorityAndCheckIsAlive(hal::ProcessPriority aPriority);
// Transform a pre-allocated app process into a "real" app
// process, for the specified manifest URL. If this returns false, the
// child process has died.
bool TransformPreallocatedIntoApp(const nsAString& aAppManifestURL,
ChildPrivileges aPrivs);
/**
* Mark this ContentParent as dead for the purposes of Get*().
* This method is idempotent.
*/
void MarkAsDead();
/**
* Exit the subprocess and vamoose. After this call IsAlive()
* will return false and this ContentParent will not be returned
* by the Get*() funtions. However, the shutdown sequence itself
* may be asynchronous.
*
* If aCloseWithError is true and this is the first call to
* ShutDownProcess, then we'll close our channel using CloseWithError()
* rather than vanilla Close(). CloseWithError() indicates to IPC that this
* is an abnormal shutdown (e.g. a crash).
*/
void ShutDownProcess(bool aCloseWithError);
PCompositorParent*
AllocPCompositorParent(mozilla::ipc::Transport* aTransport,
base::ProcessId aOtherProcess) MOZ_OVERRIDE;
PImageBridgeParent*
AllocPImageBridgeParent(mozilla::ipc::Transport* aTransport,
base::ProcessId aOtherProcess) MOZ_OVERRIDE;
virtual bool RecvGetProcessAttributes(uint64_t* aId,
bool* aIsForApp,
bool* aIsForBrowser) MOZ_OVERRIDE;
virtual bool RecvGetXPCOMProcessAttributes(bool* aIsOffline) MOZ_OVERRIDE;
virtual mozilla::jsipc::PJavaScriptParent* AllocPJavaScriptParent();
virtual bool DeallocPJavaScriptParent(mozilla::jsipc::PJavaScriptParent*);
virtual PBrowserParent* AllocPBrowserParent(const IPCTabContext& aContext,
const uint32_t& aChromeFlags);
virtual bool DeallocPBrowserParent(PBrowserParent* frame);
virtual PDeviceStorageRequestParent* AllocPDeviceStorageRequestParent(const DeviceStorageParams&);
virtual bool DeallocPDeviceStorageRequestParent(PDeviceStorageRequestParent*);
virtual PBlobParent* AllocPBlobParent(const BlobConstructorParams& aParams);
virtual bool DeallocPBlobParent(PBlobParent*);
virtual PCrashReporterParent* AllocPCrashReporterParent(const NativeThreadId& tid,
const uint32_t& processType);
virtual bool DeallocPCrashReporterParent(PCrashReporterParent* crashreporter);
virtual bool RecvPCrashReporterConstructor(PCrashReporterParent* actor,
const NativeThreadId& tid,
const uint32_t& processType);
virtual bool RecvGetRandomValues(const uint32_t& length,
InfallibleTArray<uint8_t>* randomValues);
virtual PHalParent* AllocPHalParent() MOZ_OVERRIDE;
virtual bool DeallocPHalParent(PHalParent*) MOZ_OVERRIDE;
virtual PIndexedDBParent* AllocPIndexedDBParent();
virtual bool DeallocPIndexedDBParent(PIndexedDBParent* aActor);
virtual bool
RecvPIndexedDBConstructor(PIndexedDBParent* aActor);
virtual PMemoryReportRequestParent* AllocPMemoryReportRequestParent();
virtual bool DeallocPMemoryReportRequestParent(PMemoryReportRequestParent* actor);
virtual PTestShellParent* AllocPTestShellParent();
virtual bool DeallocPTestShellParent(PTestShellParent* shell);
virtual PNeckoParent* AllocPNeckoParent();
virtual bool DeallocPNeckoParent(PNeckoParent* necko);
virtual PExternalHelperAppParent* AllocPExternalHelperAppParent(
const OptionalURIParams& aUri,
const nsCString& aMimeContentType,
const nsCString& aContentDisposition,
const bool& aForceSave,
const int64_t& aContentLength,
const OptionalURIParams& aReferrer);
virtual bool DeallocPExternalHelperAppParent(PExternalHelperAppParent* aService);
virtual PSmsParent* AllocPSmsParent();
virtual bool DeallocPSmsParent(PSmsParent*);
virtual PStorageParent* AllocPStorageParent();
virtual bool DeallocPStorageParent(PStorageParent* aActor);
virtual PBluetoothParent* AllocPBluetoothParent();
virtual bool DeallocPBluetoothParent(PBluetoothParent* aActor);
virtual bool RecvPBluetoothConstructor(PBluetoothParent* aActor);
virtual PSpeechSynthesisParent* AllocPSpeechSynthesisParent();
virtual bool DeallocPSpeechSynthesisParent(PSpeechSynthesisParent* aActor);
virtual bool RecvPSpeechSynthesisConstructor(PSpeechSynthesisParent* aActor);
virtual bool RecvReadPrefsArray(InfallibleTArray<PrefSetting>* aPrefs);
virtual bool RecvReadFontList(InfallibleTArray<FontListEntry>* retValue);
virtual bool RecvReadPermissions(InfallibleTArray<IPC::Permission>* aPermissions);
virtual bool RecvSetClipboardText(const nsString& text, const bool& isPrivateData, const int32_t& whichClipboard);
virtual bool RecvGetClipboardText(const int32_t& whichClipboard, nsString* text);
virtual bool RecvEmptyClipboard();
virtual bool RecvClipboardHasText(bool* hasText);
virtual bool RecvGetSystemColors(const uint32_t& colorsCount, InfallibleTArray<uint32_t>* colors);
virtual bool RecvGetIconForExtension(const nsCString& aFileExt, const uint32_t& aIconSize, InfallibleTArray<uint8_t>* bits);
virtual bool RecvGetShowPasswordSetting(bool* showPassword);
virtual bool RecvStartVisitedQuery(const URIParams& uri);
virtual bool RecvVisitURI(const URIParams& uri,
const OptionalURIParams& referrer,
const uint32_t& flags);
virtual bool RecvSetURITitle(const URIParams& uri,
const nsString& title);
virtual bool RecvShowFilePicker(const int16_t& mode,
const int16_t& selectedType,
const bool& addToRecentDocs,
const nsString& title,
const nsString& defaultFile,
const nsString& defaultExtension,
const InfallibleTArray<nsString>& filters,
const InfallibleTArray<nsString>& filterNames,
InfallibleTArray<nsString>* files,
int16_t* retValue,
nsresult* result);
virtual bool RecvShowAlertNotification(const nsString& aImageUrl, const nsString& aTitle,
const nsString& aText, const bool& aTextClickable,
const nsString& aCookie, const nsString& aName,
const nsString& aBidi, const nsString& aLang);
virtual bool RecvCloseAlert(const nsString& aName);
virtual bool RecvTestPermissionFromPrincipal(const IPC::Principal& aPrincipal,
const nsCString& aType,
uint32_t* permission);
virtual bool RecvLoadURIExternal(const URIParams& uri);
virtual bool RecvSyncMessage(const nsString& aMsg,
const ClonedMessageData& aData,
const InfallibleTArray<CpowEntry>& aCpows,
InfallibleTArray<nsString>* aRetvals);
virtual bool RecvAsyncMessage(const nsString& aMsg,
const ClonedMessageData& aData,
const InfallibleTArray<CpowEntry>& aCpows);
virtual bool RecvFilePathUpdateNotify(const nsString& aType,
const nsString& aStorageName,
const nsString& aFilePath,
const nsCString& aReason);
virtual bool RecvAddGeolocationListener(const IPC::Principal& aPrincipal,
const bool& aHighAccuracy);
virtual bool RecvRemoveGeolocationListener();
virtual bool RecvSetGeolocationHigherAccuracy(const bool& aEnable);
virtual bool RecvConsoleMessage(const nsString& aMessage);
virtual bool RecvScriptError(const nsString& aMessage,
const nsString& aSourceName,
const nsString& aSourceLine,
const uint32_t& aLineNumber,
const uint32_t& aColNumber,
const uint32_t& aFlags,
const nsCString& aCategory);
virtual bool RecvPrivateDocShellsExist(const bool& aExist);
virtual bool RecvFirstIdle();
virtual bool RecvAudioChannelGetMuted(const AudioChannelType& aType,
const bool& aElementHidden,
const bool& aElementWasHidden,
bool* aValue);
virtual bool RecvAudioChannelRegisterType(const AudioChannelType& aType);
virtual bool RecvAudioChannelUnregisterType(const AudioChannelType& aType,
const bool& aElementHidden);
virtual bool RecvAudioChannelChangedNotification();
virtual bool RecvBroadcastVolume(const nsString& aVolumeName);
virtual bool RecvRecordingDeviceEvents(const nsString& aRecordingStatus);
virtual bool RecvSystemMessageHandled() MOZ_OVERRIDE;
virtual bool RecvCreateFakeVolume(const nsString& fsName, const nsString& mountPoint) MOZ_OVERRIDE;
virtual bool RecvSetFakeVolumeState(const nsString& fsName, const int32_t& fsState) MOZ_OVERRIDE;
virtual void ProcessingError(Result what) MOZ_OVERRIDE;
// If you add strong pointers to cycle collected objects here, be sure to
// release these objects in ShutDownProcess. See the comment there for more
// details.
GeckoChildProcessHost* mSubprocess;
base::ChildPrivileges mOSPrivileges;
uint64_t mChildID;
int32_t mGeolocationWatchID;
// This is a cache of all of the memory reporters
// registered in the child process. To update this, one
// can broadcast the topic "child-memory-reporter-request" using
// the nsIObserverService.
nsCOMArray<nsIMemoryReporter> mMemoryReporters;
nsString mAppManifestURL;
/**
* We cache mAppName instead of looking it up using mAppManifestURL when we
* need it because it turns out that getting an app from the apps service is
* expensive.
*/
nsString mAppName;
nsRefPtr<nsFrameMessageManager> mMessageManager;
// After we initiate shutdown, we also start a timer to ensure
// that even content processes that are 100% blocked (say from
// SIGSTOP), are still killed eventually. This task enforces that
// timer.
CancelableTask* mForceKillTask;
// How many tabs we're waiting to finish their destruction
// sequence. Precisely, how many TabParents have called
// NotifyTabDestroying() but not called NotifyTabDestroyed().
int32_t mNumDestroyingTabs;
// True only while this is ready to be used to host remote tabs.
// This must not be used for new purposes after mIsAlive goes to
// false, but some previously scheduled IPC traffic may still pass
// through.
bool mIsAlive;
// True after the OS-level shutdown sequence has been initiated.
// After going true, any use of this at all, including lingering
// IPC traffic passing through, will cause assertions to fail.
bool mIsDestroyed;
bool mSendPermissionUpdates;
bool mIsForBrowser;
friend class CrashReporterParent;
nsRefPtr<nsConsoleService> mConsoleService;
nsConsoleService* GetConsoleService();
};
} // namespace dom
} // namespace mozilla
#endif