We get the following warnings with clang.
> ipc/chromium/src/base/time_posix.cc:103:57: error: overflow in expression; result is 0 with type 'long' [-Werror,-Winteger-overflow]
> ipc/chromium/src/base/time_posix.cc:106:58: error: overflow in expression; result is -1000 with type 'long' [-Werror,-Winteger-overflow]
This is a genuine bug. The upstream code in Chromium has changed (commit
2a278516943eee02e0206506a4b907fc0b55f27b) and this patch changes our code to be
similar. I did tests and confirmed that instead of getting 0 or -1 for
|milliseconds|, we now get -2147483648000 or 2147483647999, which is much
better.
The code for packing and unpacking IPC messages does currently not
output detailed error message. This patch adds macros that display
information about the failed operation and arguments. The overhead
of the macros is small and the fast path can be inlined.
The patch removes 455 occurrences of FAIL_ON_WARNINGS from moz.build files, and
adds 78 instances of ALLOW_COMPILER_WARNINGS. About half of those 78 are in
code we control and which should be removable with a little effort.
When the parent process has trouble deserializing an IPC message from the content
process, it originally killed that content process. This doesn't result in us
creating a crash report (and doing so is difficult if the FatalError is hit
off main thread). We now crash the parent process if we hit such a FatalError
in the parent process. This will hopefully give us an idea of how frequent
these FatalErrors are, since up until now we've been getting no crash data
for them.
This is motivated by three separate but related problems:
1. Our concept of recursion depth is broken for things that run from AfterProcessNextEvent observers (e.g. Promises). We decrement the recursionDepth counter before firing observers, so a Promise callback running at the lowest event loop depth has a recursion depth of 0 (whereas a regular nsIRunnable would be 1). This is a problem because it's impossible to distinguish a Promise running after a sync XHR's onreadystatechange handler from a top-level event (since the former runs with depth 2 - 1 = 1, and the latter runs with just 1).
2. The nsIThreadObserver mechanism that is used by a lot of code to run "after" the current event is a poor fit for anything that runs script. First, the order the observers fire in is the order they were added, not anything fixed by spec. Additionally, running script can cause the event loop to spin, which is a big source of pain here (bholley has some nasty bug caused by this).
3. We run Promises from different points in the code for workers and main thread. The latter runs from XPConnect's nsIThreadObserver callbacks, while the former runs from a hardcoded call to run Promises in the worker event loop. What workers do is particularly problematic because it means we can't get the right recursion depth no matter what we do to nsThread.
The solve this, this patch does the following:
1. Consolidate some handling of microtasks and all handling of stable state from appshell and WorkerPrivate into CycleCollectedJSRuntime.
2. Make the recursionDepth counter only available to CycleCollectedJSRuntime (and its consumers) and remove it from the nsIThreadInternal and nsIThreadObserver APIs.
3. Adjust the recursionDepth counter so that microtasks run with the recursionDepth of the task they are associated with.
4. Introduce the concept of metastable state to replace appshell's RunBeforeNextEvent. Metastable state is reached after every microtask or task is completed. This provides the semantics that bent and I want for IndexedDB, where transactions autocommit at the end of a microtask and do not "spill" from one microtask into a subsequent microtask. This differs from appshell's RunBeforeNextEvent in two ways:
a) It fires between microtasks, which was the motivation for starting this.
b) It no longer ensures that we're at the same event loop depth in the native event queue. bent decided we don't care about this.
5. Reorder stable state to happen after microtasks such as Promises, per HTML. Right now we call the regular thread observers, including appshell, before the main thread observer (XPConnect), so stable state tasks happen before microtasks.
This allows us to send a sync fork request to the Nuwa process when we need one but there is no
spare process available. After an app is launched, the request to fork a spare process is still
handled asynchronously.
This also moves the initialization of the sandbox TargetServices to earlier in
plugin-container.cpp content_process_main, because it needs to happen before
xul.dll loads.
The current situation looks like this: Firefox launches the plugin-container
with two environment variables set:
LD_LIBRARY_PATH=$FIREFOX_DIR:$LD_LIBRARY_PATH
LD_PRELOAD=$FIREFOX_DIR/libmozgtk2.so:$LD_PRELOAD
libxul.so has a dependency on libmozgtk.so (without "2"), but libmozgtk2.so
has a SONAME of libmozgtk.so, so ld.so recognizes libmozgtk2.so as a
dependency of libxul.so, and uses it instead of the actual libmozgtk.so,
making the plugin-container use Gtk+2 instead of Gtk+3 to load Gtk+2 plugins.
Now, ASan sets things up in shared libraries such that they needs a symbol
from the executable binary. So in the case of plugin-container, the
plugin-container executable itself contains some ASan symbols such as
__asan_init_v3. libmozgtk2.so, OTOH, contains an undefined weak reference to
that symbol, like all other Firefox shared libraries.
Since libmozgtk2.so is LD_PRELOADed, it is loaded _before_ the
plugin-container executable, and __asan_init_v3 can't be resolved.
Disabling ASan for libmozgtk2.so would be a possibility, but the build system
doesn't really know how to do that, and filtering out -fsanitize=address
can be fragile.
The alternative possibility, implemented here, is to change the library
loading strategy, renaming libmozgtk2.so to gtk2/libmozgtk.so, and setting
the following environment variable when Firefox launches the plugin-container:
LD_LIBRARY_PATH=$FIREFOX_DIR/gtk2:$FIREFOX_DIR:$LD_LIBRARY_PATH
There are a variety of ways that the parent and child process ensure that
the child process exits quickly in opt builds, but for AddressSanitizer
builds we want to let the child process to run to completion, so that we
can get a LeakSanitizer report.
This requires adding some addition LSan suppressions, because running
LSan in child processes detects some new leaks.
The new daemon runnables are generalized implementations of the
Bluetooth daemon runnables. The code is unchanged, except for name
changes and fixes to the coding style.
The new daemon runnables are generalized implementations of the
Bluetooth daemon runnables. The code is unchanged, except for name
changes and fixes to the coding style.
The shutdown procedure for socket classes ensures that the I/O class is
deleted independently from its socket class. If the socket class has been
deleted, no I/O is performed and no socket events are forwarded. The I/O
class therefore doesn't require a strong reference to its socket class.
This patch removes the remaining ref-counted pointers from the socket I/O
classes. The socket class clears the weak reference in its socket I/O class
when closing the socket.
This patch finally breaks up forwarding received RIL messages to the
main thread before they go to the RIL worker. Any RIL message that is
received on th I/O thread is forwarded directly to the RIL worker
thread and handed over to the RIL worker JS code.
The patch includes a number of changes. They all depend on each other,
so there's no good way of landing them one-by-one.
* |RilConsumer| now runs on the RIL worker thread.
* |RilWorker| uses tasks to register/unregister |RilConsumer| in the worker.
* |RilConsumer| uses |RilSocket| instead of |StreamSocket|.
* With |RilSocket|, received RIL messages do not go through main. They are
forwared to the RIL worker and handed over to JS immediately.
This patch separates the current interface of |RilConsumer| into
two distinct classes. |RilWorker| provides the public interface
and |RilConsumer| provides the internal implementation. Running
|RilConsumer| on a worker thread will be easier this way.
With this patch, |RilSocket| and it's helpers forward received data
via a WCTD. This will hand over the worker's JS context to the RIL
consumer.
In a later patch, the RIL consumer will be moved onto the RIL worker
thread and call the JS ril-worker code directly.
|RilSocket| and |RilSocketConsumer| are copies of the respective stream-
socket classes. Improvements to the RIL I/O code will be implemented on
top of the new classes.
This patch finally breaks up forwarding received RIL messages to the
main thread before they go to the RIL worker. Any RIL message that is
received on th I/O thread is forwarded directly to the RIL worker
thread and handed over to the RIL worker JS code.
The patch includes a number of changes. They all depend on each other,
so there's no good way of landing them one-by-one.
* |RilConsumer| now runs on the RIL worker thread.
* |RilWorker| uses tasks to register/unregister |RilConsumer| in the worker.
* |RilConsumer| uses |RilSocket| instead of |StreamSocket|.
* With |RilSocket|, received RIL messages do not go through main. They are
forwared to the RIL worker and handed over to JS immediately.
This patch separates the current interface of |RilConsumer| into
two distinct classes. |RilWorker| provides the public interface
and |RilConsumer| provides the internal implementation. Running
|RilConsumer| on a worker thread will be easier this way.
With this patch, |RilSocket| and it's helpers forward received data
via a WCTD. This will hand over the worker's JS context to the RIL
consumer.
In a later patch, the RIL consumer will be moved onto the RIL worker
thread and call the JS ril-worker code directly.
|RilSocket| and |RilSocketConsumer| are copies of the respective stream-
socket classes. Improvements to the RIL I/O code will be implemented on
top of the new classes.
The bulk of this commit was generated by running:
run-clang-tidy.py \
-checks='-*,llvm-namespace-comment' \
-header-filter=^/.../mozilla-central/.* \
-fix
The class |DaemonSocket| and its helpers implement a service-
neutral connection to a HAL daemon. This patch moves the code
to an appropriate directory and breaks up the code into smaller
pieces.
Dispatching events via |nsIThread| doesn't work with worker threads. This
patch replaces all uses of |nsIThread| in the socket code by equivalent
uses of |MessageLoop|.
Different users of the socket I/O code have different requirements
for their I/O buffers. This patch moves the buffer management into
sub-classes of |UnixSocketBuffer|. Each of them can maintain memory
according to its needs.
Make it harder for users to accidentally reintroduce usage of the PR_LOG macros
when using 'mozilla/Logging.h'. This can still be worked around by directly
including 'prlog.h' (and not 'mozilla/Logging.h') if absolutely necessary.
The socket IPC interfaces still use 'main thread' in a number of
places. This patch changes all such interfaces and documentation
to speak of 'consumer thread' instead.
The consumer thread handles socket creation, destruction, and
data processing for socket IPC. Traditionally this has been
done on the main thread.
This patch extends the socket IPC classes to support arbitrary
consumer threads. The thread is configured when establishing a
connection, and performs all of the above operations until the
socket is closed.
The I/O thread sends and receives data on a file descriptor. This
has traditionally been performed on a single I/O thread.
This patch extends the socket IPC classes to support arbitrary I/O
threads. The thread is configured when a connection is established
and used until the socket gets closed.
Both types, |union sockaddr_any| and |struct sockaddr_storage|, provide
a sockaddr type that can hold any address. The latter is standardized by
POSIX, so we prefer it.
This patch integrates the functionality of |BluetoothDaemonChannel|
into |BluetoothDaemonConnection|. All users are adapted, the former
class is removed.
This patch converts |ListenSocket| to forward events to an instance
of |ListenSocketConsumer|. All users are converted and the related
listener and consumer classes are removed.
This patch converts |StreamSocket| to forward events and data to an
instance of |StreamSocketConsumer|. All users are converted and the
related listener and consumer classes are removed.
With this patch, stream and listening sockets handle the setup of
accepted sockets internally. Sub-classes of |StreamSocket| don't
have to overload StreamSocket's |GetIO| any longer.
The new method |UnixSocketConnector::Duplicate| allows a socket
connector to duplicate itself. Listening sockets will used this
feature to create socket connectors for accepted connections.
This patch cleans up the interface of |StreamSocket|. All arguments
that contain protocol parameters are removed from |Connect|. They are
stored in the connector class. |Connect| now returns error codes. The
method |GetSocketAddr| is unused and not thread-safe and therefore
removed. The method |SendSocketData| for strings is unused and removed.
This patch cleans up the interface of |StreamSocket|. All arguments
that contain protocol parameters are removed from |Connect|. They are
stored in the connector class. |Connect| now returns error codes. The
method |GetSocketAddr| is unused and not thread-safe and therefore
removed. The method |SendSocketData| for strings is unused and removed.
This patch converts the socket I/O classes to use the new interface
of the socket-connector classes. All sockets are now created and set
up by a socket connector.
The current interface of |UnixSocketConnector| doesn't follow any design
and is not easily understandable.
This patch adds a new interface to the class. The new interface provides
a method for each of the following operations:
* converting an address to a human-readable string,
* creating a listening socket,
* creating a stream socket, and
* accepting a stream socket from a listening socket.
All arguments are stored in the connector class, so that connect and
listen methods of the socket classes don't require protocol-specific
arguments. All socket parameters are set within the connector class,
so each connector class can now select parameters individually.
Make it harder for users to accidentally reintroduce usage of the PR_LOG macros
when using 'mozilla/Logging.h'. This can still be worked around by directly
including 'prlog.h' (and not 'mozilla/Logging.h') if absolutely necessary.
Make it harder for users to accidentally reintroduce usage of the PR_LOG macros
when using 'mozilla/Logging.h'. This can still be worked around by directly
including 'prlog.h' (and not 'mozilla/Logging.h') if absolutely necessary.
This patch converts the socket I/O classes to use the new interface
of the socket-connector classes. All sockets are now created and set
up by a socket connector.
The current interface of |UnixSocketConnector| doesn't follow any design
and is not easily understandable.
This patch adds a new interface to the class. The new interface provides
a method for each of the following operations:
* converting an address to a human-readable string,
* creating a listening socket,
* creating a stream socket, and
* accepting a stream socket from a listening socket.
All arguments are stored in the connector class, so that connect and
listen methods of the socket classes don't require protocol-specific
arguments. All socket parameters are set within the connector class,
so each connector class can now select parameters individually.
CLOSED TREE
Backed out changeset 12ce98475c6e (bug 1119980)
Backed out changeset bdb8d05f8870 (bug 1119980)
Backed out changeset a68a18840492 (bug 1119980)
