gecko/toolkit/modules/AsyncShutdown.jsm

461 lines
15 KiB
JavaScript
Raw Normal View History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
* You can obtain one at http://mozilla.org/MPL/2.0/. */
/**
* Managing safe shutdown of asynchronous services.
*
* Firefox shutdown is composed of phases that take place
* sequentially. Typically, each shutdown phase removes some
* capabilities from the application. For instance, at the end of
* phase profileBeforeChange, no service is permitted to write to the
* profile directory (with the exception of Telemetry). Consequently,
* if any service has requested I/O to the profile directory before or
* during phase profileBeforeChange, the system must be informed that
* these requests need to be completed before the end of phase
* profileBeforeChange. Failing to inform the system of this
* requirement can (and has been known to) cause data loss.
*
* Example: At some point during shutdown, the Add-On Manager needs to
* ensure that all add-ons have safely written their data to disk,
* before writing its own data. Since the data is saved to the
* profile, this must be completed during phase profileBeforeChange.
*
* AsyncShutdown.profileBeforeChange.addBlocker(
* "Add-on manager: shutting down",
* function condition() {
* // Do things.
* // Perform I/O that must take place during phase profile-before-change
* return promise;
* }
* });
*
* In this example, function |condition| will be called at some point
* during phase profileBeforeChange and phase profileBeforeChange
* itself is guaranteed to not terminate until |promise| is either
* resolved or rejected.
*/
"use strict";
const Cu = Components.utils;
const Cc = Components.classes;
const Ci = Components.interfaces;
Cu.import("resource://gre/modules/XPCOMUtils.jsm", this);
Cu.import("resource://gre/modules/Services.jsm", this);
XPCOMUtils.defineLazyModuleGetter(this, "Promise",
"resource://gre/modules/Promise.jsm");
XPCOMUtils.defineLazyServiceGetter(this, "gDebug",
"@mozilla.org/xpcom/debug;1", "nsIDebug");
Object.defineProperty(this, "gCrashReporter", {
get: function() {
delete this.gCrashReporter;
try {
let reporter = Cc["@mozilla.org/xre/app-info;1"].
getService(Ci.nsICrashReporter);
return this.gCrashReporter = reporter;
} catch (ex) {
return this.gCrashReporter = null;
}
},
configurable: true
});
// Display timeout warnings after 10 seconds
const DELAY_WARNING_MS = 10 * 1000;
// Crash the process if shutdown is really too long
// (allowing for sleep).
const PREF_DELAY_CRASH_MS = "toolkit.asyncshutdown.crash_timeout";
let DELAY_CRASH_MS = 60 * 1000; // One minute
try {
DELAY_CRASH_MS = Services.prefs.getIntPref(PREF_DELAY_CRASH_MS);
} catch (ex) {
// Ignore errors
}
Services.prefs.addObserver(PREF_DELAY_CRASH_MS, function() {
DELAY_CRASH_MS = Services.prefs.getIntPref(PREF_DELAY_CRASH_MS);
}, false);
/**
* Display a warning.
*
* As this code is generally used during shutdown, there are chances
* that the UX will not be available to display warnings on the
* console. We therefore use dump() rather than Cu.reportError().
*/
function log(msg, prefix = "", error = null) {
dump(prefix + msg + "\n");
if (error) {
dump(prefix + error + "\n");
if (typeof error == "object" && "stack" in error) {
dump(prefix + error.stack + "\n");
}
}
}
function warn(msg, error = null) {
return log(msg, "WARNING: ", error);
}
function err(msg, error = null) {
return log(msg, "ERROR: ", error);
}
// Utility function designed to get the current state of execution
// of a blocker.
// We are a little paranoid here to ensure that in case of evaluation
// error we do not block the AsyncShutdown.
function safeGetState(state) {
if (!state) {
return "(none)";
}
let data, string;
try {
// Evaluate state(), normalize the result into something that we can
// safely stringify or upload.
string = JSON.stringify(state());
data = JSON.parse(string);
// Simplify the rest of the code by ensuring that we can simply
// concatenate the result to a message.
if (data && typeof data == "object") {
data.toString = function() {
return string;
};
}
return data;
} catch (ex) {
if (string) {
return string;
}
try {
return "Error getting state: " + ex + " at " + ex.stack;
} catch (ex2) {
return "Error getting state but could not display error";
}
}
}
/**
* Countdown for a given duration, skipping beats if the computer is too busy,
* sleeping or otherwise unavailable.
*
* @param {number} delay An approximate delay to wait in milliseconds (rounded
* up to the closest second).
*
* @return Deferred
*/
function looseTimer(delay) {
let DELAY_BEAT = 1000;
let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
let beats = Math.ceil(delay / DELAY_BEAT);
let deferred = Promise.defer();
timer.initWithCallback(function() {
if (beats <= 0) {
deferred.resolve();
}
--beats;
}, DELAY_BEAT, Ci.nsITimer.TYPE_REPEATING_PRECISE_CAN_SKIP);
// Ensure that the timer is both canceled once we are done with it
// and not garbage-collected until then.
deferred.promise.then(() => timer.cancel(), () => timer.cancel());
return deferred;
}
this.EXPORTED_SYMBOLS = ["AsyncShutdown"];
/**
* {string} topic -> phase
*/
let gPhases = new Map();
this.AsyncShutdown = {
/**
* Access function getPhase. For testing purposes only.
*/
get _getPhase() {
let accepted = false;
try {
accepted = Services.prefs.getBoolPref("toolkit.asyncshutdown.testing");
} catch (ex) {
// Ignore errors
}
if (accepted) {
return getPhase;
}
return undefined;
}
};
/**
* Register a new phase.
*
* @param {string} topic The notification topic for this Phase.
* @see {https://developer.mozilla.org/en-US/docs/Observer_Notifications}
*/
function getPhase(topic) {
let phase = gPhases.get(topic);
if (phase) {
return phase;
}
let spinner = new Spinner(topic);
phase = Object.freeze({
/**
* Register a blocker for the completion of a phase.
*
* @param {string} name The human-readable name of the blocker. Used
* for debugging/error reporting. Please make sure that the name
* respects the following model: "Some Service: some action in progress" -
* for instance "OS.File: flushing all pending I/O";
* @param {function|promise|*} condition A condition blocking the
* completion of the phase. Generally, this is a function
* returning a promise. This function is evaluated during the
* phase and the phase is guaranteed to not terminate until the
* resulting promise is either resolved or rejected. If
* |condition| is not a function but another value |v|, it behaves
* as if it were a function returning |v|.
* @param {function*} state Optionally, a function returning
* information about the current state of the blocker as an
* object. Used for providing more details when logging errors or
* crashing.
*
* Examples:
* AsyncShutdown.profileBeforeChange.addBlocker("Module: just a promise",
* promise); // profileBeforeChange will not complete until
* // promise is resolved or rejected
*
* AsyncShutdown.profileBeforeChange.addBlocker("Module: a callback",
* function callback() {
* // ...
* // Execute this code during profileBeforeChange
* return promise;
* // profileBeforeChange will not complete until promise
* // is resolved or rejected
* });
*
* AsyncShutdown.profileBeforeChange.addBlocker("Module: trivial callback",
* function callback() {
* // ...
* // Execute this code during profileBeforeChange
* // No specific guarantee about completion of profileBeforeChange
* });
*
*/
addBlocker: function(name, condition, state = null) {
if (typeof name != "string") {
throw new TypeError("Expected a human-readable name as first argument");
}
if (state && typeof state != "function") {
throw new TypeError("Expected nothing or a function as third argument");
}
spinner.addBlocker({name: name, condition: condition, state: state});
}
});
gPhases.set(topic, phase);
return phase;
}
/**
* Utility class used to spin the event loop until all blockers for a
* Phase are satisfied.
*
* @param {string} topic The xpcom notification for that phase.
*/
function Spinner(topic) {
this._topic = topic;
this._conditions = new Set(); // set to |null| once it is too late to register
Services.obs.addObserver(this, topic, false);
}
Spinner.prototype = {
/**
* Register a new condition for this phase.
*
* @param {object} condition A Condition that must be fulfilled before
* we complete this Phase.
* Must contain fields:
* - {string} name The human-readable name of the condition. Used
* for debugging/error reporting.
* - {function} action An action that needs to be completed
* before we proceed to the next runstate. If |action| returns a promise,
* we wait until the promise is resolved/rejected before proceeding
* to the next runstate.
*/
addBlocker: function(condition) {
if (!this._conditions) {
throw new Error("Phase " + this._topic +
" has already begun, it is too late to register" +
" completion conditions.");
}
this._conditions.add(condition);
},
observe: function() {
let topic = this._topic;
Services.obs.removeObserver(this, topic);
let conditions = this._conditions;
this._conditions = null; // Too late to register
if (conditions.size == 0) {
// No need to spin anything
return;
}
// The promises for which we are waiting.
let allPromises = [];
// Information to determine and report to the user which conditions
// are not satisfied yet.
let allMonitors = [];
for (let {condition, name, state} of conditions) {
// Gather all completion conditions
try {
if (typeof condition == "function") {
// Normalize |condition| to the result of the function.
try {
condition = condition(topic);
} catch (ex) {
condition = Promise.reject(ex);
}
}
// Normalize to a promise. Of course, if |condition| was not a
// promise in the first place (in particular if the above
// function returned |undefined| or failed), that new promise
// isn't going to be terribly interesting, but it will behave
// as a promise.
condition = Promise.resolve(condition);
// If the promise takes too long to be resolved/rejected,
// we need to notify the user.
//
// If it takes way too long, we need to crash.
let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer);
timer.initWithCallback(function() {
let msg = "A phase completion condition is" +
" taking too long to complete." +
" Condition: " + monitor.name +
" Phase: " + topic +
" State: " + safeGetState(state);
warn(msg);
}, DELAY_WARNING_MS, Ci.nsITimer.TYPE_ONE_SHOT);
let monitor = {
isFrozen: true,
name: name,
state: state
};
condition = condition.then(function onSuccess() {
timer.cancel(); // As a side-effect, this prevents |timer| from
// being garbage-collected too early.
monitor.isFrozen = false;
}, function onError(error) {
timer.cancel();
let msg = "A completion condition encountered an error" +
" while we were spinning the event loop." +
" Condition: " + name +
" Phase: " + topic +
" State: " + safeGetState(state);
warn(msg, error);
monitor.isFrozen = false;
});
allMonitors.push(monitor);
allPromises.push(condition);
} catch (error) {
let msg = "A completion condition encountered an error" +
" while we were initializing the phase." +
" Condition: " + name +
" Phase: " + topic +
" State: " + safeGetState(state);
warn(msg, error);
}
}
conditions = null;
let promise = Promise.all(allPromises);
allPromises = null;
promise = promise.then(null, function onError(error) {
// I don't think that this can happen.
// However, let's be overcautious with async/shutdown error reporting.
let msg = "An uncaught error appeared while completing the phase." +
" Phase: " + topic;
warn(msg, error);
});
let satisfied = false; // |true| once we have satisfied all conditions
// If after DELAY_CRASH_MS (approximately one minute, adjusted to take
// into account sleep and otherwise busy computer) we have not finished
// this shutdown phase, we assume that the shutdown is somehow frozen,
// presumably deadlocked. At this stage, the only thing we can do to
// avoid leaving the user's computer in an unstable (and battery-sucking)
// situation is report the issue and crash.
let timeToCrash = looseTimer(DELAY_CRASH_MS);
timeToCrash.promise.then(
function onTimeout() {
// Report the problem as best as we can, then crash.
let frozen = [];
let states = [];
for (let {name, isFrozen, state} of allMonitors) {
if (isFrozen) {
frozen.push({name: name, state: safeGetState(state)});
}
}
let msg = "At least one completion condition failed to complete" +
" within a reasonable amount of time. Causing a crash to" +
" ensure that we do not leave the user with an unresponsive" +
" process draining resources." +
" Conditions: " + JSON.stringify(frozen) +
" Phase: " + topic;
err(msg);
if (gCrashReporter && gCrashReporter.enabled) {
let data = {
phase: topic,
conditions: frozen
};
gCrashReporter.annotateCrashReport("AsyncShutdownTimeout",
JSON.stringify(data));
} else {
warn("No crash reporter available");
}
let error = new Error();
gDebug.abort(error.fileName, error.lineNumber + 1);
},
function onSatisfied() {
// The promise has been rejected, which means that we have satisfied
// all completion conditions.
});
promise = promise.then(function() {
satisfied = true;
timeToCrash.reject();
}/* No error is possible here*/);
// Now, spin the event loop
let thread = Services.tm.mainThread;
while(!satisfied) {
thread.processNextEvent(true);
}
}
};
// List of well-known runstates
// Ideally, runstates should be registered from the component that decides
// when they start/stop. For compatibility with existing startup/shutdown
// mechanisms, we register a few runstates here.
this.AsyncShutdown.profileBeforeChange = getPhase("profile-before-change");
this.AsyncShutdown.sendTelemetry = getPhase("profile-before-change2");
this.AsyncShutdown.webWorkersShutdown = getPhase("web-workers-shutdown");
Object.freeze(this.AsyncShutdown);