diff options
Diffstat (limited to 'dom/workers/RuntimeService.cpp')
-rw-r--r-- | dom/workers/RuntimeService.cpp | 2373 |
1 files changed, 2373 insertions, 0 deletions
diff --git a/dom/workers/RuntimeService.cpp b/dom/workers/RuntimeService.cpp new file mode 100644 index 0000000000..3d6a883867 --- /dev/null +++ b/dom/workers/RuntimeService.cpp @@ -0,0 +1,2373 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "RuntimeService.h" + +#include "nsContentSecurityUtils.h" +#include "nsIContentSecurityPolicy.h" +#include "mozilla/dom/Document.h" +#include "nsIObserverService.h" +#include "nsIScriptContext.h" +#include "nsIStreamTransportService.h" +#include "nsISupportsPriority.h" +#include "nsITimer.h" +#include "nsIURI.h" +#include "nsIXULRuntime.h" +#include "nsPIDOMWindow.h" + +#include <algorithm> +#include "mozilla/ipc/BackgroundChild.h" +#include "GeckoProfiler.h" +#include "js/ColumnNumber.h" // JS::ColumnNumberOneOrigin +#include "js/experimental/CTypes.h" // JS::CTypesActivityType, JS::SetCTypesActivityCallback +#include "jsfriendapi.h" +#include "js/friend/ErrorMessages.h" // js::GetErrorMessage, JSMSG_* +#include "js/ContextOptions.h" +#include "js/Initialization.h" +#include "js/LocaleSensitive.h" +#include "js/WasmFeatures.h" +#include "mozilla/ArrayUtils.h" +#include "mozilla/Atomics.h" +#include "mozilla/Attributes.h" +#include "mozilla/CycleCollectedJSContext.h" +#include "mozilla/CycleCollectedJSRuntime.h" +#include "mozilla/Telemetry.h" +#include "mozilla/TimeStamp.h" +#include "mozilla/dom/AtomList.h" +#include "mozilla/dom/BindingUtils.h" +#include "mozilla/dom/ErrorEventBinding.h" +#include "mozilla/dom/EventTargetBinding.h" +#include "mozilla/dom/FetchUtil.h" +#include "mozilla/dom/MessageChannel.h" +#include "mozilla/dom/MessageEventBinding.h" +#include "mozilla/dom/PerformanceService.h" +#include "mozilla/dom/RemoteWorkerChild.h" +#include "mozilla/dom/WorkerBinding.h" +#include "mozilla/dom/ScriptSettings.h" +#include "mozilla/dom/ShadowRealmGlobalScope.h" +#include "mozilla/dom/IndexedDatabaseManager.h" +#include "mozilla/DebugOnly.h" +#include "mozilla/Preferences.h" +#include "mozilla/ScopeExit.h" +#include "mozilla/dom/Navigator.h" +#include "mozilla/Monitor.h" +#include "nsContentUtils.h" +#include "nsCycleCollector.h" +#include "nsDOMJSUtils.h" +#include "nsISupportsImpl.h" +#include "nsLayoutStatics.h" +#include "nsNetUtil.h" +#include "nsServiceManagerUtils.h" +#include "nsThreadUtils.h" +#include "nsXPCOM.h" +#include "nsXPCOMPrivate.h" +#include "xpcpublic.h" +#include "XPCSelfHostedShmem.h" + +#if defined(XP_MACOSX) +# include "nsMacUtilsImpl.h" +#endif + +#include "WorkerDebuggerManager.h" +#include "WorkerError.h" +#include "WorkerLoadInfo.h" +#include "WorkerRunnable.h" +#include "WorkerScope.h" +#include "WorkerThread.h" +#include "prsystem.h" + +#ifdef DEBUG +# include "nsICookieJarSettings.h" +#endif + +#define WORKERS_SHUTDOWN_TOPIC "web-workers-shutdown" + +static mozilla::LazyLogModule gWorkerShutdownDumpLog("WorkerShutdownDump"); + +#ifdef SHUTDOWN_LOG +# undef SHUTDOWN_LOG +#endif +#define SHUTDOWN_LOG(msg) MOZ_LOG(gWorkerShutdownDumpLog, LogLevel::Debug, msg); + +namespace mozilla { + +using namespace ipc; + +namespace dom { + +using namespace workerinternals; + +namespace workerinternals { + +// The size of the worker runtime heaps in bytes. May be changed via pref. +#define WORKER_DEFAULT_RUNTIME_HEAPSIZE 32 * 1024 * 1024 + +// The size of the worker JS allocation threshold in MB. May be changed via +// pref. +#define WORKER_DEFAULT_ALLOCATION_THRESHOLD 30 + +// Half the size of the actual C stack, to be safe. +#define WORKER_CONTEXT_NATIVE_STACK_LIMIT 128 * sizeof(size_t) * 1024 + +// The maximum number of threads to use for workers, overridable via pref. +#define MAX_WORKERS_PER_DOMAIN 512 + +static_assert(MAX_WORKERS_PER_DOMAIN >= 1, + "We should allow at least one worker per domain."); + +#define PREF_WORKERS_PREFIX "dom.workers." +#define PREF_WORKERS_MAX_PER_DOMAIN PREF_WORKERS_PREFIX "maxPerDomain" + +#define GC_REQUEST_OBSERVER_TOPIC "child-gc-request" +#define CC_REQUEST_OBSERVER_TOPIC "child-cc-request" +#define MEMORY_PRESSURE_OBSERVER_TOPIC "memory-pressure" +#define LOW_MEMORY_DATA "low-memory" +#define LOW_MEMORY_ONGOING_DATA "low-memory-ongoing" +#define MEMORY_PRESSURE_STOP_OBSERVER_TOPIC "memory-pressure-stop" + +// Prefixes for observing preference changes. +#define PREF_JS_OPTIONS_PREFIX "javascript.options." +#define PREF_MEM_OPTIONS_PREFIX "mem." +#define PREF_GCZEAL "gczeal" + +static NS_DEFINE_CID(kStreamTransportServiceCID, NS_STREAMTRANSPORTSERVICE_CID); + +namespace { + +const uint32_t kNoIndex = uint32_t(-1); + +uint32_t gMaxWorkersPerDomain = MAX_WORKERS_PER_DOMAIN; + +// Does not hold an owning reference. +Atomic<RuntimeService*> gRuntimeService(nullptr); + +// Only true during the call to Init. +bool gRuntimeServiceDuringInit = false; + +class LiteralRebindingCString : public nsDependentCString { + public: + template <int N> + void RebindLiteral(const char (&aStr)[N]) { + Rebind(aStr, N - 1); + } +}; + +template <typename T> +struct PrefTraits; + +template <> +struct PrefTraits<bool> { + using PrefValueType = bool; + + static inline PrefValueType Get(const char* aPref) { + AssertIsOnMainThread(); + return Preferences::GetBool(aPref); + } + + static inline bool Exists(const char* aPref) { + AssertIsOnMainThread(); + return Preferences::GetType(aPref) == nsIPrefBranch::PREF_BOOL; + } +}; + +template <> +struct PrefTraits<int32_t> { + using PrefValueType = int32_t; + + static inline PrefValueType Get(const char* aPref) { + AssertIsOnMainThread(); + return Preferences::GetInt(aPref); + } + + static inline bool Exists(const char* aPref) { + AssertIsOnMainThread(); + return Preferences::GetType(aPref) == nsIPrefBranch::PREF_INT; + } +}; + +template <typename T> +T GetPref(const char* aFullPref, const T aDefault, bool* aPresent = nullptr) { + AssertIsOnMainThread(); + + using PrefHelper = PrefTraits<T>; + + T result; + bool present = true; + + if (PrefHelper::Exists(aFullPref)) { + result = PrefHelper::Get(aFullPref); + } else { + result = aDefault; + present = false; + } + + if (aPresent) { + *aPresent = present; + } + return result; +} + +void LoadContextOptions(const char* aPrefName, void* /* aClosure */) { + AssertIsOnMainThread(); + + RuntimeService* rts = RuntimeService::GetService(); + if (!rts) { + // May be shutting down, just bail. + return; + } + + const nsDependentCString prefName(aPrefName); + + // Several other pref branches will get included here so bail out if there is + // another callback that will handle this change. + if (StringBeginsWith( + prefName, + nsLiteralCString(PREF_JS_OPTIONS_PREFIX PREF_MEM_OPTIONS_PREFIX))) { + return; + } + +#ifdef JS_GC_ZEAL + if (prefName.EqualsLiteral(PREF_JS_OPTIONS_PREFIX PREF_GCZEAL)) { + return; + } +#endif + + JS::ContextOptions contextOptions; + xpc::SetPrefableContextOptions(contextOptions); + + nsCOMPtr<nsIXULRuntime> xr = do_GetService("@mozilla.org/xre/runtime;1"); + if (xr) { + bool safeMode = false; + xr->GetInSafeMode(&safeMode); + if (safeMode) { + contextOptions.disableOptionsForSafeMode(); + } + } + + RuntimeService::SetDefaultContextOptions(contextOptions); + + if (rts) { + rts->UpdateAllWorkerContextOptions(); + } +} + +#ifdef JS_GC_ZEAL +void LoadGCZealOptions(const char* /* aPrefName */, void* /* aClosure */) { + AssertIsOnMainThread(); + + RuntimeService* rts = RuntimeService::GetService(); + if (!rts) { + // May be shutting down, just bail. + return; + } + + int32_t gczeal = GetPref<int32_t>(PREF_JS_OPTIONS_PREFIX PREF_GCZEAL, -1); + if (gczeal < 0) { + gczeal = 0; + } + + int32_t frequency = + GetPref<int32_t>(PREF_JS_OPTIONS_PREFIX PREF_GCZEAL ".frequency", -1); + if (frequency < 0) { + frequency = JS_DEFAULT_ZEAL_FREQ; + } + + RuntimeService::SetDefaultGCZeal(uint8_t(gczeal), uint32_t(frequency)); + + if (rts) { + rts->UpdateAllWorkerGCZeal(); + } +} +#endif + +void UpdateCommonJSGCMemoryOption(RuntimeService* aRuntimeService, + const char* aPrefName, JSGCParamKey aKey) { + AssertIsOnMainThread(); + NS_ASSERTION(aPrefName, "Null pref name!"); + + int32_t prefValue = GetPref(aPrefName, -1); + Maybe<uint32_t> value = (prefValue < 0 || prefValue >= 10000) + ? Nothing() + : Some(uint32_t(prefValue)); + + RuntimeService::SetDefaultJSGCSettings(aKey, value); + + if (aRuntimeService) { + aRuntimeService->UpdateAllWorkerMemoryParameter(aKey, value); + } +} + +void UpdateOtherJSGCMemoryOption(RuntimeService* aRuntimeService, + JSGCParamKey aKey, Maybe<uint32_t> aValue) { + AssertIsOnMainThread(); + + RuntimeService::SetDefaultJSGCSettings(aKey, aValue); + + if (aRuntimeService) { + aRuntimeService->UpdateAllWorkerMemoryParameter(aKey, aValue); + } +} + +void LoadJSGCMemoryOptions(const char* aPrefName, void* /* aClosure */) { + AssertIsOnMainThread(); + + RuntimeService* rts = RuntimeService::GetService(); + + if (!rts) { + // May be shutting down, just bail. + return; + } + + constexpr auto memPrefix = + nsLiteralCString{PREF_JS_OPTIONS_PREFIX PREF_MEM_OPTIONS_PREFIX}; + const nsDependentCString fullPrefName(aPrefName); + + // Pull out the string that actually distinguishes the parameter we need to + // change. + nsDependentCSubstring memPrefName; + if (StringBeginsWith(fullPrefName, memPrefix)) { + memPrefName.Rebind(fullPrefName, memPrefix.Length()); + } else { + NS_ERROR("Unknown pref name!"); + return; + } + + struct WorkerGCPref { + nsLiteralCString memName; + const char* fullName; + JSGCParamKey key; + }; + +#define PREF(suffix_, key_) \ + { \ + nsLiteralCString(PREF_MEM_OPTIONS_PREFIX suffix_), \ + PREF_JS_OPTIONS_PREFIX PREF_MEM_OPTIONS_PREFIX suffix_, key_ \ + } + constexpr WorkerGCPref kWorkerPrefs[] = { + PREF("max", JSGC_MAX_BYTES), + PREF("gc_high_frequency_time_limit_ms", JSGC_HIGH_FREQUENCY_TIME_LIMIT), + PREF("gc_low_frequency_heap_growth", JSGC_LOW_FREQUENCY_HEAP_GROWTH), + PREF("gc_high_frequency_large_heap_growth", + JSGC_HIGH_FREQUENCY_LARGE_HEAP_GROWTH), + PREF("gc_high_frequency_small_heap_growth", + JSGC_HIGH_FREQUENCY_SMALL_HEAP_GROWTH), + PREF("gc_small_heap_size_max_mb", JSGC_SMALL_HEAP_SIZE_MAX), + PREF("gc_large_heap_size_min_mb", JSGC_LARGE_HEAP_SIZE_MIN), + PREF("gc_balanced_heap_limits", JSGC_BALANCED_HEAP_LIMITS_ENABLED), + PREF("gc_heap_growth_factor", JSGC_HEAP_GROWTH_FACTOR), + PREF("gc_allocation_threshold_mb", JSGC_ALLOCATION_THRESHOLD), + PREF("gc_malloc_threshold_base_mb", JSGC_MALLOC_THRESHOLD_BASE), + PREF("gc_small_heap_incremental_limit", + JSGC_SMALL_HEAP_INCREMENTAL_LIMIT), + PREF("gc_large_heap_incremental_limit", + JSGC_LARGE_HEAP_INCREMENTAL_LIMIT), + PREF("gc_urgent_threshold_mb", JSGC_URGENT_THRESHOLD_MB), + PREF("gc_incremental_slice_ms", JSGC_SLICE_TIME_BUDGET_MS), + PREF("gc_min_empty_chunk_count", JSGC_MIN_EMPTY_CHUNK_COUNT), + PREF("gc_max_empty_chunk_count", JSGC_MAX_EMPTY_CHUNK_COUNT), + PREF("gc_compacting", JSGC_COMPACTING_ENABLED), + }; +#undef PREF + + auto pref = kWorkerPrefs; + auto end = kWorkerPrefs + ArrayLength(kWorkerPrefs); + + if (gRuntimeServiceDuringInit) { + // During init, we want to update every pref in kWorkerPrefs. + MOZ_ASSERT(memPrefName.IsEmpty(), + "Pref branch prefix only expected during init"); + } else { + // Otherwise, find the single pref that changed. + while (pref != end) { + if (pref->memName == memPrefName) { + end = pref + 1; + break; + } + ++pref; + } +#ifdef DEBUG + if (pref == end) { + nsAutoCString message("Workers don't support the '"); + message.Append(memPrefName); + message.AppendLiteral("' preference!"); + NS_WARNING(message.get()); + } +#endif + } + + while (pref != end) { + switch (pref->key) { + case JSGC_MAX_BYTES: { + int32_t prefValue = GetPref(pref->fullName, -1); + Maybe<uint32_t> value = (prefValue <= 0 || prefValue >= 0x1000) + ? Nothing() + : Some(uint32_t(prefValue) * 1024 * 1024); + UpdateOtherJSGCMemoryOption(rts, pref->key, value); + break; + } + case JSGC_SLICE_TIME_BUDGET_MS: { + int32_t prefValue = GetPref(pref->fullName, -1); + Maybe<uint32_t> value = (prefValue <= 0 || prefValue >= 100000) + ? Nothing() + : Some(uint32_t(prefValue)); + UpdateOtherJSGCMemoryOption(rts, pref->key, value); + break; + } + case JSGC_COMPACTING_ENABLED: + case JSGC_PARALLEL_MARKING_ENABLED: + case JSGC_BALANCED_HEAP_LIMITS_ENABLED: { + bool present; + bool prefValue = GetPref(pref->fullName, false, &present); + Maybe<uint32_t> value = present ? Some(prefValue ? 1 : 0) : Nothing(); + UpdateOtherJSGCMemoryOption(rts, pref->key, value); + break; + } + case JSGC_HIGH_FREQUENCY_TIME_LIMIT: + case JSGC_LOW_FREQUENCY_HEAP_GROWTH: + case JSGC_HIGH_FREQUENCY_LARGE_HEAP_GROWTH: + case JSGC_HIGH_FREQUENCY_SMALL_HEAP_GROWTH: + case JSGC_SMALL_HEAP_SIZE_MAX: + case JSGC_LARGE_HEAP_SIZE_MIN: + case JSGC_ALLOCATION_THRESHOLD: + case JSGC_MALLOC_THRESHOLD_BASE: + case JSGC_SMALL_HEAP_INCREMENTAL_LIMIT: + case JSGC_LARGE_HEAP_INCREMENTAL_LIMIT: + case JSGC_URGENT_THRESHOLD_MB: + case JSGC_MIN_EMPTY_CHUNK_COUNT: + case JSGC_MAX_EMPTY_CHUNK_COUNT: + case JSGC_HEAP_GROWTH_FACTOR: + UpdateCommonJSGCMemoryOption(rts, pref->fullName, pref->key); + break; + default: + MOZ_ASSERT_UNREACHABLE("Unknown JSGCParamKey value"); + break; + } + ++pref; + } +} + +bool InterruptCallback(JSContext* aCx) { + WorkerPrivate* worker = GetWorkerPrivateFromContext(aCx); + MOZ_ASSERT(worker); + + // Now is a good time to turn on profiling if it's pending. + PROFILER_JS_INTERRUPT_CALLBACK(); + + return worker->InterruptCallback(aCx); +} + +class LogViolationDetailsRunnable final : public WorkerMainThreadRunnable { + uint16_t mViolationType; + nsString mFileName; + uint32_t mLineNum; + uint32_t mColumnNum; + nsString mScriptSample; + + public: + LogViolationDetailsRunnable(WorkerPrivate* aWorker, uint16_t aViolationType, + const nsString& aFileName, uint32_t aLineNum, + uint32_t aColumnNum, + const nsAString& aScriptSample) + : WorkerMainThreadRunnable(aWorker, + "RuntimeService :: LogViolationDetails"_ns), + mViolationType(aViolationType), + mFileName(aFileName), + mLineNum(aLineNum), + mColumnNum(aColumnNum), + mScriptSample(aScriptSample) { + MOZ_ASSERT(aWorker); + } + + virtual bool MainThreadRun() override; + + private: + ~LogViolationDetailsRunnable() = default; +}; + +bool ContentSecurityPolicyAllows(JSContext* aCx, JS::RuntimeCode aKind, + JS::Handle<JSString*> aCode) { + WorkerPrivate* worker = GetWorkerPrivateFromContext(aCx); + worker->AssertIsOnWorkerThread(); + + bool evalOK; + bool reportViolation; + uint16_t violationType; + nsAutoJSString scriptSample; + if (aKind == JS::RuntimeCode::JS) { + if (NS_WARN_IF(!scriptSample.init(aCx, aCode))) { + JS_ClearPendingException(aCx); + return false; + } + + if (!nsContentSecurityUtils::IsEvalAllowed( + aCx, worker->UsesSystemPrincipal(), scriptSample)) { + return false; + } + + evalOK = worker->IsEvalAllowed(); + reportViolation = worker->GetReportEvalCSPViolations(); + violationType = nsIContentSecurityPolicy::VIOLATION_TYPE_EVAL; + } else { + evalOK = worker->IsWasmEvalAllowed(); + reportViolation = worker->GetReportWasmEvalCSPViolations(); + violationType = nsIContentSecurityPolicy::VIOLATION_TYPE_WASM_EVAL; + } + + if (reportViolation) { + nsString fileName; + uint32_t lineNum = 0; + JS::ColumnNumberOneOrigin columnNum; + + JS::AutoFilename file; + if (JS::DescribeScriptedCaller(aCx, &file, &lineNum, &columnNum) && + file.get()) { + CopyUTF8toUTF16(MakeStringSpan(file.get()), fileName); + } else { + MOZ_ASSERT(!JS_IsExceptionPending(aCx)); + } + + RefPtr<LogViolationDetailsRunnable> runnable = + new LogViolationDetailsRunnable(worker, violationType, fileName, + lineNum, columnNum.oneOriginValue(), + scriptSample); + + ErrorResult rv; + runnable->Dispatch(Killing, rv); + if (NS_WARN_IF(rv.Failed())) { + rv.SuppressException(); + } + } + + return evalOK; +} + +void CTypesActivityCallback(JSContext* aCx, JS::CTypesActivityType aType) { + WorkerPrivate* worker = GetWorkerPrivateFromContext(aCx); + worker->AssertIsOnWorkerThread(); + + switch (aType) { + case JS::CTypesActivityType::BeginCall: + worker->BeginCTypesCall(); + break; + + case JS::CTypesActivityType::EndCall: + worker->EndCTypesCall(); + break; + + case JS::CTypesActivityType::BeginCallback: + worker->BeginCTypesCallback(); + break; + + case JS::CTypesActivityType::EndCallback: + worker->EndCTypesCallback(); + break; + + default: + MOZ_CRASH("Unknown type flag!"); + } +} + +// JSDispatchableRunnables are WorkerRunnables used to dispatch JS::Dispatchable +// back to their worker thread. A WorkerRunnable is used for two reasons: +// +// 1. The JS::Dispatchable::run() callback may run JS so we cannot use a control +// runnable since they use async interrupts and break JS run-to-completion. +// +// 2. The DispatchToEventLoopCallback interface is *required* to fail during +// shutdown (see jsapi.h) which is exactly what WorkerRunnable::Dispatch() will +// do. Moreover, JS_DestroyContext() does *not* block on JS::Dispatchable::run +// being called, DispatchToEventLoopCallback failure is expected to happen +// during shutdown. +class JSDispatchableRunnable final : public WorkerRunnable { + JS::Dispatchable* mDispatchable; + + ~JSDispatchableRunnable() { MOZ_ASSERT(!mDispatchable); } + + // Disable the usual pre/post-dispatch thread assertions since we are + // dispatching from some random JS engine internal thread: + + bool PreDispatch(WorkerPrivate* aWorkerPrivate) override { return true; } + + void PostDispatch(WorkerPrivate* aWorkerPrivate, + bool aDispatchResult) override { + // For the benefit of the destructor assert. + if (!aDispatchResult) { + mDispatchable = nullptr; + } + } + + public: + JSDispatchableRunnable(WorkerPrivate* aWorkerPrivate, + JS::Dispatchable* aDispatchable) + : WorkerRunnable(aWorkerPrivate, "JSDispatchableRunnable", + WorkerRunnable::WorkerThread), + mDispatchable(aDispatchable) { + MOZ_ASSERT(mDispatchable); + } + + bool WorkerRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate) override { + MOZ_ASSERT(aWorkerPrivate == mWorkerPrivate); + MOZ_ASSERT(aCx == mWorkerPrivate->GetJSContext()); + MOZ_ASSERT(mDispatchable); + + AutoJSAPI jsapi; + jsapi.Init(); + + mDispatchable->run(mWorkerPrivate->GetJSContext(), + JS::Dispatchable::NotShuttingDown); + mDispatchable = nullptr; // mDispatchable may delete itself + + return true; + } + + nsresult Cancel() override { + MOZ_ASSERT(mDispatchable); + + AutoJSAPI jsapi; + jsapi.Init(); + + mDispatchable->run(mWorkerPrivate->GetJSContext(), + JS::Dispatchable::ShuttingDown); + mDispatchable = nullptr; // mDispatchable may delete itself + + return NS_OK; + } +}; + +static bool DispatchToEventLoop(void* aClosure, + JS::Dispatchable* aDispatchable) { + // This callback may execute either on the worker thread or a random + // JS-internal helper thread. + + // See comment at JS::InitDispatchToEventLoop() below for how we know the + // WorkerPrivate is alive. + WorkerPrivate* workerPrivate = reinterpret_cast<WorkerPrivate*>(aClosure); + + // Dispatch is expected to fail during shutdown for the reasons outlined in + // the JSDispatchableRunnable comment above. + RefPtr<JSDispatchableRunnable> r = + new JSDispatchableRunnable(workerPrivate, aDispatchable); + return r->Dispatch(); +} + +static bool ConsumeStream(JSContext* aCx, JS::Handle<JSObject*> aObj, + JS::MimeType aMimeType, + JS::StreamConsumer* aConsumer) { + WorkerPrivate* worker = GetWorkerPrivateFromContext(aCx); + if (!worker) { + JS_ReportErrorNumberASCII(aCx, js::GetErrorMessage, nullptr, + JSMSG_WASM_ERROR_CONSUMING_RESPONSE); + return false; + } + + return FetchUtil::StreamResponseToJS(aCx, aObj, aMimeType, aConsumer, worker); +} + +bool InitJSContextForWorker(WorkerPrivate* aWorkerPrivate, + JSContext* aWorkerCx) { + aWorkerPrivate->AssertIsOnWorkerThread(); + NS_ASSERTION(!aWorkerPrivate->GetJSContext(), "Already has a context!"); + + JSSettings settings; + aWorkerPrivate->CopyJSSettings(settings); + + JS::ContextOptionsRef(aWorkerCx) = settings.contextOptions; + + // This is the real place where we set the max memory for the runtime. + for (const auto& setting : settings.gcSettings) { + if (setting.value) { + JS_SetGCParameter(aWorkerCx, setting.key, *setting.value); + } else { + JS_ResetGCParameter(aWorkerCx, setting.key); + } + } + + JS_SetNativeStackQuota(aWorkerCx, WORKER_CONTEXT_NATIVE_STACK_LIMIT); + + // Security policy: + static const JSSecurityCallbacks securityCallbacks = { + ContentSecurityPolicyAllows}; + JS_SetSecurityCallbacks(aWorkerCx, &securityCallbacks); + + // A WorkerPrivate lives strictly longer than its JSRuntime so we can safely + // store a raw pointer as the callback's closure argument on the JSRuntime. + JS::InitDispatchToEventLoop(aWorkerCx, DispatchToEventLoop, + (void*)aWorkerPrivate); + + JS::InitConsumeStreamCallback(aWorkerCx, ConsumeStream, + FetchUtil::ReportJSStreamError); + + // When available, set the self-hosted shared memory to be read, so that we + // can decode the self-hosted content instead of parsing it. + auto& shm = xpc::SelfHostedShmem::GetSingleton(); + JS::SelfHostedCache selfHostedContent = shm.Content(); + + if (!JS::InitSelfHostedCode(aWorkerCx, selfHostedContent)) { + NS_WARNING("Could not init self-hosted code!"); + return false; + } + + JS_AddInterruptCallback(aWorkerCx, InterruptCallback); + + JS::SetCTypesActivityCallback(aWorkerCx, CTypesActivityCallback); + +#ifdef JS_GC_ZEAL + JS_SetGCZeal(aWorkerCx, settings.gcZeal, settings.gcZealFrequency); +#endif + + return true; +} + +static bool PreserveWrapper(JSContext* cx, JS::Handle<JSObject*> obj) { + MOZ_ASSERT(cx); + MOZ_ASSERT(obj); + MOZ_ASSERT(mozilla::dom::IsDOMObject(obj)); + + return mozilla::dom::TryPreserveWrapper(obj); +} + +static bool IsWorkerDebuggerGlobalOrSandbox(JS::Handle<JSObject*> aGlobal) { + return IsWorkerDebuggerGlobal(aGlobal) || IsWorkerDebuggerSandbox(aGlobal); +} + +JSObject* Wrap(JSContext* cx, JS::Handle<JSObject*> existing, + JS::Handle<JSObject*> obj) { + JS::Rooted<JSObject*> targetGlobal(cx, JS::CurrentGlobalOrNull(cx)); + + // Note: the JS engine unwraps CCWs before calling this callback. + JS::Rooted<JSObject*> originGlobal(cx, JS::GetNonCCWObjectGlobal(obj)); + + const js::Wrapper* wrapper = nullptr; + if (IsWorkerDebuggerGlobalOrSandbox(targetGlobal) && + IsWorkerDebuggerGlobalOrSandbox(originGlobal)) { + wrapper = &js::CrossCompartmentWrapper::singleton; + } else { + wrapper = &js::OpaqueCrossCompartmentWrapper::singleton; + } + + if (existing) { + js::Wrapper::Renew(existing, obj, wrapper); + } + return js::Wrapper::New(cx, obj, wrapper); +} + +static const JSWrapObjectCallbacks WrapObjectCallbacks = { + Wrap, + nullptr, +}; + +class WorkerJSRuntime final : public mozilla::CycleCollectedJSRuntime { + public: + // The heap size passed here doesn't matter, we will change it later in the + // call to JS_SetGCParameter inside InitJSContextForWorker. + explicit WorkerJSRuntime(JSContext* aCx, WorkerPrivate* aWorkerPrivate) + : CycleCollectedJSRuntime(aCx), mWorkerPrivate(aWorkerPrivate) { + MOZ_COUNT_CTOR_INHERITED(WorkerJSRuntime, CycleCollectedJSRuntime); + MOZ_ASSERT(aWorkerPrivate); + + { + JS::UniqueChars defaultLocale = aWorkerPrivate->AdoptDefaultLocale(); + MOZ_ASSERT(defaultLocale, + "failure of a WorkerPrivate to have a default locale should " + "have made the worker fail to spawn"); + + if (!JS_SetDefaultLocale(Runtime(), defaultLocale.get())) { + NS_WARNING("failed to set workerCx's default locale"); + } + } + } + + void Shutdown(JSContext* cx) override { + // The CC is shut down, and the superclass destructor will GC, so make sure + // we don't try to CC again. + mWorkerPrivate = nullptr; + + CycleCollectedJSRuntime::Shutdown(cx); + } + + ~WorkerJSRuntime() { + MOZ_COUNT_DTOR_INHERITED(WorkerJSRuntime, CycleCollectedJSRuntime); + } + + virtual void PrepareForForgetSkippable() override {} + + virtual void BeginCycleCollectionCallback( + mozilla::CCReason aReason) override {} + + virtual void EndCycleCollectionCallback( + CycleCollectorResults& aResults) override {} + + void DispatchDeferredDeletion(bool aContinuation, bool aPurge) override { + MOZ_ASSERT(!aContinuation); + + // Do it immediately, no need for asynchronous behavior here. + nsCycleCollector_doDeferredDeletion(); + } + + virtual void CustomGCCallback(JSGCStatus aStatus) override { + if (!mWorkerPrivate) { + // We're shutting down, no need to do anything. + return; + } + + mWorkerPrivate->AssertIsOnWorkerThread(); + + if (aStatus == JSGC_END) { + bool collectedAnything = + nsCycleCollector_collect(CCReason::GC_FINISHED, nullptr); + mWorkerPrivate->SetCCCollectedAnything(collectedAnything); + } + } + + private: + WorkerPrivate* mWorkerPrivate; +}; + +} // anonymous namespace + +} // namespace workerinternals + +class WorkerJSContext final : public mozilla::CycleCollectedJSContext { + public: + // The heap size passed here doesn't matter, we will change it later in the + // call to JS_SetGCParameter inside InitJSContextForWorker. + explicit WorkerJSContext(WorkerPrivate* aWorkerPrivate) + : mWorkerPrivate(aWorkerPrivate) { + MOZ_COUNT_CTOR_INHERITED(WorkerJSContext, CycleCollectedJSContext); + MOZ_ASSERT(aWorkerPrivate); + // Magical number 2. Workers have the base recursion depth 1, and normal + // runnables run at level 2, and we don't want to process microtasks + // at any other level. + SetTargetedMicroTaskRecursionDepth(2); + } + + // MOZ_CAN_RUN_SCRIPT_BOUNDARY because otherwise we have to annotate the + // SpiderMonkey JS::JobQueue's destructor as MOZ_CAN_RUN_SCRIPT, which is a + // bit of a pain. + MOZ_CAN_RUN_SCRIPT_BOUNDARY ~WorkerJSContext() { + MOZ_COUNT_DTOR_INHERITED(WorkerJSContext, CycleCollectedJSContext); + JSContext* cx = MaybeContext(); + if (!cx) { + return; // Initialize() must have failed + } + + // We expect to come here with the cycle collector already shut down. + // The superclass destructor will run the GC one final time and finalize any + // JSObjects that were participating in cycles that were broken during CC + // shutdown. + // Make sure we don't try to CC again. + mWorkerPrivate = nullptr; + } + + WorkerJSContext* GetAsWorkerJSContext() override { return this; } + + CycleCollectedJSRuntime* CreateRuntime(JSContext* aCx) override { + return new WorkerJSRuntime(aCx, mWorkerPrivate); + } + + nsresult Initialize(JSRuntime* aParentRuntime) { + nsresult rv = CycleCollectedJSContext::Initialize( + aParentRuntime, WORKER_DEFAULT_RUNTIME_HEAPSIZE); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + JSContext* cx = Context(); + + js::SetPreserveWrapperCallbacks(cx, PreserveWrapper, HasReleasedWrapper); + JS_InitDestroyPrincipalsCallback(cx, nsJSPrincipals::Destroy); + JS_InitReadPrincipalsCallback(cx, nsJSPrincipals::ReadPrincipals); + JS_SetWrapObjectCallbacks(cx, &WrapObjectCallbacks); + if (mWorkerPrivate->IsDedicatedWorker()) { + JS_SetFutexCanWait(cx); + } + + return NS_OK; + } + + virtual void DispatchToMicroTask( + already_AddRefed<MicroTaskRunnable> aRunnable) override { + RefPtr<MicroTaskRunnable> runnable(aRunnable); + + MOZ_ASSERT(!NS_IsMainThread()); + MOZ_ASSERT(runnable); + + std::deque<RefPtr<MicroTaskRunnable>>* microTaskQueue = nullptr; + + JSContext* cx = Context(); + NS_ASSERTION(cx, "This should never be null!"); + + JS::Rooted<JSObject*> global(cx, JS::CurrentGlobalOrNull(cx)); + NS_ASSERTION(global, "This should never be null!"); + + // On worker threads, if the current global is the worker global or + // ShadowRealm global, we use the main micro task queue. Otherwise, the + // current global must be either the debugger global or a debugger sandbox, + // and we use the debugger micro task queue instead. + if (IsWorkerGlobal(global) || IsShadowRealmGlobal(global)) { + microTaskQueue = &GetMicroTaskQueue(); + } else { + MOZ_ASSERT(IsWorkerDebuggerGlobal(global) || + IsWorkerDebuggerSandbox(global)); + + microTaskQueue = &GetDebuggerMicroTaskQueue(); + } + + JS::JobQueueMayNotBeEmpty(cx); + microTaskQueue->push_back(std::move(runnable)); + } + + bool IsSystemCaller() const override { + return mWorkerPrivate->UsesSystemPrincipal(); + } + + void ReportError(JSErrorReport* aReport, + JS::ConstUTF8CharsZ aToStringResult) override { + mWorkerPrivate->ReportError(Context(), aToStringResult, aReport); + } + + WorkerPrivate* GetWorkerPrivate() const { return mWorkerPrivate; } + + private: + WorkerPrivate* mWorkerPrivate; +}; + +namespace workerinternals { + +namespace { + +class WorkerThreadPrimaryRunnable final : public Runnable { + WorkerPrivate* mWorkerPrivate; + SafeRefPtr<WorkerThread> mThread; + JSRuntime* mParentRuntime; + + class FinishedRunnable final : public Runnable { + SafeRefPtr<WorkerThread> mThread; + + public: + explicit FinishedRunnable(SafeRefPtr<WorkerThread> aThread) + : Runnable("WorkerThreadPrimaryRunnable::FinishedRunnable"), + mThread(std::move(aThread)) { + MOZ_ASSERT(mThread); + } + + NS_INLINE_DECL_REFCOUNTING_INHERITED(FinishedRunnable, Runnable) + + private: + ~FinishedRunnable() = default; + + NS_DECL_NSIRUNNABLE + }; + + public: + WorkerThreadPrimaryRunnable(WorkerPrivate* aWorkerPrivate, + SafeRefPtr<WorkerThread> aThread, + JSRuntime* aParentRuntime) + : mozilla::Runnable("WorkerThreadPrimaryRunnable"), + mWorkerPrivate(aWorkerPrivate), + mThread(std::move(aThread)), + mParentRuntime(aParentRuntime) { + MOZ_ASSERT(aWorkerPrivate); + MOZ_ASSERT(mThread); + } + + NS_INLINE_DECL_REFCOUNTING_INHERITED(WorkerThreadPrimaryRunnable, Runnable) + + private: + ~WorkerThreadPrimaryRunnable() = default; + + NS_DECL_NSIRUNNABLE +}; + +void PrefLanguagesChanged(const char* /* aPrefName */, void* /* aClosure */) { + AssertIsOnMainThread(); + + nsTArray<nsString> languages; + Navigator::GetAcceptLanguages(languages); + + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->UpdateAllWorkerLanguages(languages); + } +} + +void AppVersionOverrideChanged(const char* /* aPrefName */, + void* /* aClosure */) { + AssertIsOnMainThread(); + + nsAutoString override; + Preferences::GetString("general.appversion.override", override); + + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->UpdateAppVersionOverridePreference(override); + } +} + +void PlatformOverrideChanged(const char* /* aPrefName */, + void* /* aClosure */) { + AssertIsOnMainThread(); + + nsAutoString override; + Preferences::GetString("general.platform.override", override); + + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->UpdatePlatformOverridePreference(override); + } +} + +} /* anonymous namespace */ + +// This is only touched on the main thread. Initialized in Init() below. +StaticAutoPtr<JSSettings> RuntimeService::sDefaultJSSettings; + +RuntimeService::RuntimeService() + : mMutex("RuntimeService::mMutex"), + mObserved(false), + mShuttingDown(false), + mNavigatorPropertiesLoaded(false) { + AssertIsOnMainThread(); + MOZ_ASSERT(!GetService(), "More than one service!"); +} + +RuntimeService::~RuntimeService() { + AssertIsOnMainThread(); + + // gRuntimeService can be null if Init() fails. + MOZ_ASSERT(!GetService() || GetService() == this, "More than one service!"); + + gRuntimeService = nullptr; +} + +// static +RuntimeService* RuntimeService::GetOrCreateService() { + AssertIsOnMainThread(); + + if (!gRuntimeService) { + // The observer service now owns us until shutdown. + gRuntimeService = new RuntimeService(); + if (NS_FAILED((*gRuntimeService).Init())) { + NS_WARNING("Failed to initialize!"); + (*gRuntimeService).Cleanup(); + gRuntimeService = nullptr; + return nullptr; + } + } + + return gRuntimeService; +} + +// static +RuntimeService* RuntimeService::GetService() { return gRuntimeService; } + +bool RuntimeService::RegisterWorker(WorkerPrivate& aWorkerPrivate) { + aWorkerPrivate.AssertIsOnParentThread(); + + WorkerPrivate* parent = aWorkerPrivate.GetParent(); + if (!parent) { + AssertIsOnMainThread(); + + if (mShuttingDown) { + return false; + } + } + + const bool isServiceWorker = aWorkerPrivate.IsServiceWorker(); + const bool isSharedWorker = aWorkerPrivate.IsSharedWorker(); + const bool isDedicatedWorker = aWorkerPrivate.IsDedicatedWorker(); + if (isServiceWorker) { + AssertIsOnMainThread(); + Telemetry::Accumulate(Telemetry::SERVICE_WORKER_SPAWN_ATTEMPTS, 1); + } + + nsCString sharedWorkerScriptSpec; + if (isSharedWorker) { + AssertIsOnMainThread(); + + nsCOMPtr<nsIURI> scriptURI = aWorkerPrivate.GetResolvedScriptURI(); + NS_ASSERTION(scriptURI, "Null script URI!"); + + nsresult rv = scriptURI->GetSpec(sharedWorkerScriptSpec); + if (NS_FAILED(rv)) { + NS_WARNING("GetSpec failed?!"); + return false; + } + + NS_ASSERTION(!sharedWorkerScriptSpec.IsEmpty(), "Empty spec!"); + } + + bool exemptFromPerDomainMax = false; + if (isServiceWorker) { + AssertIsOnMainThread(); + exemptFromPerDomainMax = Preferences::GetBool( + "dom.serviceWorkers.exemptFromPerDomainMax", false); + } + + const nsCString& domain = aWorkerPrivate.Domain(); + + bool queued = false; + { + MutexAutoLock lock(mMutex); + + auto* const domainInfo = + mDomainMap + .LookupOrInsertWith( + domain, + [&domain, parent] { + NS_ASSERTION(!parent, "Shouldn't have a parent here!"); + Unused << parent; // silence clang -Wunused-lambda-capture in + // opt builds + auto wdi = MakeUnique<WorkerDomainInfo>(); + wdi->mDomain = domain; + return wdi; + }) + .get(); + + queued = gMaxWorkersPerDomain && + domainInfo->ActiveWorkerCount() >= gMaxWorkersPerDomain && + !domain.IsEmpty() && !exemptFromPerDomainMax; + + if (queued) { + domainInfo->mQueuedWorkers.AppendElement(&aWorkerPrivate); + + // Worker spawn gets queued due to hitting max workers per domain + // limit so let's log a warning. + WorkerPrivate::ReportErrorToConsole("HittingMaxWorkersPerDomain2"); + + if (isServiceWorker) { + Telemetry::Accumulate(Telemetry::SERVICE_WORKER_SPAWN_GETS_QUEUED, 1); + } else if (isSharedWorker) { + Telemetry::Accumulate(Telemetry::SHARED_WORKER_SPAWN_GETS_QUEUED, 1); + } else if (isDedicatedWorker) { + Telemetry::Accumulate(Telemetry::DEDICATED_WORKER_SPAWN_GETS_QUEUED, 1); + } + } else if (parent) { + domainInfo->mChildWorkerCount++; + } else if (isServiceWorker) { + domainInfo->mActiveServiceWorkers.AppendElement(&aWorkerPrivate); + } else { + domainInfo->mActiveWorkers.AppendElement(&aWorkerPrivate); + } + } + + // From here on out we must call UnregisterWorker if something fails! + if (parent) { + if (!parent->AddChildWorker(aWorkerPrivate)) { + UnregisterWorker(aWorkerPrivate); + return false; + } + } else { + if (!mNavigatorPropertiesLoaded) { + if (NS_FAILED(Navigator::GetAppVersion( + mNavigatorProperties.mAppVersion, aWorkerPrivate.GetDocument(), + false /* aUsePrefOverriddenValue */)) || + NS_FAILED(Navigator::GetPlatform( + mNavigatorProperties.mPlatform, aWorkerPrivate.GetDocument(), + false /* aUsePrefOverriddenValue */))) { + UnregisterWorker(aWorkerPrivate); + return false; + } + + // The navigator overridden properties should have already been read. + + Navigator::GetAcceptLanguages(mNavigatorProperties.mLanguages); + mNavigatorPropertiesLoaded = true; + } + + nsPIDOMWindowInner* window = aWorkerPrivate.GetWindow(); + + if (!isServiceWorker) { + // Service workers are excluded since their lifetime is separate from + // that of dom windows. + if (auto* const windowArray = mWindowMap.GetOrInsertNew(window, 1); + !windowArray->Contains(&aWorkerPrivate)) { + windowArray->AppendElement(&aWorkerPrivate); + } else { + MOZ_ASSERT(aWorkerPrivate.IsSharedWorker()); + } + } + } + + if (!queued && !ScheduleWorker(aWorkerPrivate)) { + return false; + } + + if (isServiceWorker) { + AssertIsOnMainThread(); + Telemetry::Accumulate(Telemetry::SERVICE_WORKER_WAS_SPAWNED, 1); + } + return true; +} + +void RuntimeService::UnregisterWorker(WorkerPrivate& aWorkerPrivate) { + aWorkerPrivate.AssertIsOnParentThread(); + + WorkerPrivate* parent = aWorkerPrivate.GetParent(); + if (!parent) { + AssertIsOnMainThread(); + } + + const nsCString& domain = aWorkerPrivate.Domain(); + + WorkerPrivate* queuedWorker = nullptr; + { + MutexAutoLock lock(mMutex); + + WorkerDomainInfo* domainInfo; + if (!mDomainMap.Get(domain, &domainInfo)) { + NS_ERROR("Don't have an entry for this domain!"); + } + + // Remove old worker from everywhere. + uint32_t index = domainInfo->mQueuedWorkers.IndexOf(&aWorkerPrivate); + if (index != kNoIndex) { + // Was queued, remove from the list. + domainInfo->mQueuedWorkers.RemoveElementAt(index); + } else if (parent) { + MOZ_ASSERT(domainInfo->mChildWorkerCount, "Must be non-zero!"); + domainInfo->mChildWorkerCount--; + } else if (aWorkerPrivate.IsServiceWorker()) { + MOZ_ASSERT(domainInfo->mActiveServiceWorkers.Contains(&aWorkerPrivate), + "Don't know about this worker!"); + domainInfo->mActiveServiceWorkers.RemoveElement(&aWorkerPrivate); + } else { + MOZ_ASSERT(domainInfo->mActiveWorkers.Contains(&aWorkerPrivate), + "Don't know about this worker!"); + domainInfo->mActiveWorkers.RemoveElement(&aWorkerPrivate); + } + + // See if there's a queued worker we can schedule. + if (domainInfo->ActiveWorkerCount() < gMaxWorkersPerDomain && + !domainInfo->mQueuedWorkers.IsEmpty()) { + queuedWorker = domainInfo->mQueuedWorkers[0]; + domainInfo->mQueuedWorkers.RemoveElementAt(0); + + if (queuedWorker->GetParent()) { + domainInfo->mChildWorkerCount++; + } else if (queuedWorker->IsServiceWorker()) { + domainInfo->mActiveServiceWorkers.AppendElement(queuedWorker); + } else { + domainInfo->mActiveWorkers.AppendElement(queuedWorker); + } + } + + if (domainInfo->HasNoWorkers()) { + MOZ_ASSERT(domainInfo->mQueuedWorkers.IsEmpty()); + mDomainMap.Remove(domain); + } + } + + // NB: For Shared Workers we used to call ShutdownOnMainThread on the + // RemoteWorkerController; however, that was redundant because + // RemoteWorkerChild uses a WeakWorkerRef which notifies at about the + // same time as us calling into the code here and would race with us. + + if (parent) { + parent->RemoveChildWorker(aWorkerPrivate); + } else if (aWorkerPrivate.IsSharedWorker()) { + AssertIsOnMainThread(); + + mWindowMap.RemoveIf([&aWorkerPrivate](const auto& iter) { + const auto& workers = iter.Data(); + MOZ_ASSERT(workers); + + if (workers->RemoveElement(&aWorkerPrivate)) { + MOZ_ASSERT(!workers->Contains(&aWorkerPrivate), + "Added worker more than once!"); + + return workers->IsEmpty(); + } + + return false; + }); + } else if (aWorkerPrivate.IsDedicatedWorker()) { + // May be null. + nsPIDOMWindowInner* window = aWorkerPrivate.GetWindow(); + if (auto entry = mWindowMap.Lookup(window)) { + MOZ_ALWAYS_TRUE(entry.Data()->RemoveElement(&aWorkerPrivate)); + if (entry.Data()->IsEmpty()) { + entry.Remove(); + } + } else { + MOZ_ASSERT_UNREACHABLE("window is not in mWindowMap"); + } + } + + if (queuedWorker && !ScheduleWorker(*queuedWorker)) { + UnregisterWorker(*queuedWorker); + } +} + +bool RuntimeService::ScheduleWorker(WorkerPrivate& aWorkerPrivate) { + if (!aWorkerPrivate.Start()) { + // This is ok, means that we didn't need to make a thread for this worker. + return true; + } + + const WorkerThreadFriendKey friendKey; + + SafeRefPtr<WorkerThread> thread = WorkerThread::Create(friendKey); + if (!thread) { + UnregisterWorker(aWorkerPrivate); + return false; + } + + if (NS_FAILED(thread->SetPriority(nsISupportsPriority::PRIORITY_NORMAL))) { + NS_WARNING("Could not set the thread's priority!"); + } + + aWorkerPrivate.SetThread(thread.unsafeGetRawPtr()); + JSContext* cx = CycleCollectedJSContext::Get()->Context(); + nsCOMPtr<nsIRunnable> runnable = new WorkerThreadPrimaryRunnable( + &aWorkerPrivate, thread.clonePtr(), JS_GetParentRuntime(cx)); + if (NS_FAILED( + thread->DispatchPrimaryRunnable(friendKey, runnable.forget()))) { + UnregisterWorker(aWorkerPrivate); + return false; + } + + return true; +} + +nsresult RuntimeService::Init() { + AssertIsOnMainThread(); + + nsLayoutStatics::AddRef(); + + // Initialize JSSettings. + sDefaultJSSettings = new JSSettings(); + SetDefaultJSGCSettings(JSGC_MAX_BYTES, Some(WORKER_DEFAULT_RUNTIME_HEAPSIZE)); + SetDefaultJSGCSettings(JSGC_ALLOCATION_THRESHOLD, + Some(WORKER_DEFAULT_ALLOCATION_THRESHOLD)); + + // nsIStreamTransportService is thread-safe but it must be initialized on the + // main-thread. FileReader needs it, so, let's initialize it now. + nsresult rv; + nsCOMPtr<nsIStreamTransportService> sts = + do_GetService(kStreamTransportServiceCID, &rv); + NS_ENSURE_TRUE(sts, NS_ERROR_FAILURE); + + nsCOMPtr<nsIObserverService> obs = services::GetObserverService(); + NS_ENSURE_TRUE(obs, NS_ERROR_FAILURE); + + rv = obs->AddObserver(this, NS_XPCOM_SHUTDOWN_THREADS_OBSERVER_ID, false); + NS_ENSURE_SUCCESS(rv, rv); + + rv = obs->AddObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID, false); + NS_ENSURE_SUCCESS(rv, rv); + + mObserved = true; + + if (NS_FAILED(obs->AddObserver(this, GC_REQUEST_OBSERVER_TOPIC, false))) { + NS_WARNING("Failed to register for GC request notifications!"); + } + + if (NS_FAILED(obs->AddObserver(this, CC_REQUEST_OBSERVER_TOPIC, false))) { + NS_WARNING("Failed to register for CC request notifications!"); + } + + if (NS_FAILED( + obs->AddObserver(this, MEMORY_PRESSURE_OBSERVER_TOPIC, false))) { + NS_WARNING("Failed to register for memory pressure notifications!"); + } + + if (NS_FAILED( + obs->AddObserver(this, NS_IOSERVICE_OFFLINE_STATUS_TOPIC, false))) { + NS_WARNING("Failed to register for offline notification event!"); + } + + MOZ_ASSERT(!gRuntimeServiceDuringInit, "This should be false!"); + gRuntimeServiceDuringInit = true; + +#define WORKER_PREF(name, callback) \ + NS_FAILED(Preferences::RegisterCallbackAndCall(callback, name)) + + if (NS_FAILED(Preferences::RegisterPrefixCallbackAndCall( + LoadJSGCMemoryOptions, + PREF_JS_OPTIONS_PREFIX PREF_MEM_OPTIONS_PREFIX)) || +#ifdef JS_GC_ZEAL + NS_FAILED(Preferences::RegisterCallback( + LoadGCZealOptions, PREF_JS_OPTIONS_PREFIX PREF_GCZEAL)) || +#endif + WORKER_PREF("intl.accept_languages", PrefLanguagesChanged) || + WORKER_PREF("general.appversion.override", AppVersionOverrideChanged) || + WORKER_PREF("general.platform.override", PlatformOverrideChanged) || + NS_FAILED(Preferences::RegisterPrefixCallbackAndCall( + LoadContextOptions, PREF_JS_OPTIONS_PREFIX))) { + NS_WARNING("Failed to register pref callbacks!"); + } + +#undef WORKER_PREF + + MOZ_ASSERT(gRuntimeServiceDuringInit, "Should be true!"); + gRuntimeServiceDuringInit = false; + + int32_t maxPerDomain = + Preferences::GetInt(PREF_WORKERS_MAX_PER_DOMAIN, MAX_WORKERS_PER_DOMAIN); + gMaxWorkersPerDomain = std::max(0, maxPerDomain); + + if (NS_WARN_IF(!IndexedDatabaseManager::GetOrCreate())) { + return NS_ERROR_UNEXPECTED; + } + + // PerformanceService must be initialized on the main-thread. + PerformanceService::GetOrCreate(); + + return NS_OK; +} + +void RuntimeService::Shutdown() { + AssertIsOnMainThread(); + + MOZ_ASSERT(!mShuttingDown); + // That's it, no more workers. + mShuttingDown = true; + + nsCOMPtr<nsIObserverService> obs = services::GetObserverService(); + NS_WARNING_ASSERTION(obs, "Failed to get observer service?!"); + + // Tell anyone that cares that they're about to lose worker support. + if (obs && NS_FAILED(obs->NotifyObservers(nullptr, WORKERS_SHUTDOWN_TOPIC, + nullptr))) { + NS_WARNING("NotifyObservers failed!"); + } + + { + AutoTArray<WorkerPrivate*, 100> workers; + + { + MutexAutoLock lock(mMutex); + + AddAllTopLevelWorkersToArray(workers); + } + + // Cancel all top-level workers. + for (const auto& worker : workers) { + if (!worker->Cancel()) { + NS_WARNING("Failed to cancel worker!"); + } + } + } + + sDefaultJSSettings = nullptr; +} + +namespace { + +class DumpCrashInfoRunnable final : public WorkerControlRunnable { + public: + explicit DumpCrashInfoRunnable(WorkerPrivate* aWorkerPrivate) + : WorkerControlRunnable(aWorkerPrivate, "DumpCrashInfoRunnable", + WorkerThread), + mMonitor("DumpCrashInfoRunnable::mMonitor") {} + + bool WorkerRun(JSContext* aCx, WorkerPrivate* aWorkerPrivate) override { + MonitorAutoLock lock(mMonitor); + if (!mHasMsg) { + aWorkerPrivate->DumpCrashInformation(mMsg); + mHasMsg.Flip(); + } + lock.Notify(); + return true; + } + + nsresult Cancel() override { + MonitorAutoLock lock(mMonitor); + if (!mHasMsg) { + mMsg.Assign("Canceled"); + mHasMsg.Flip(); + } + lock.Notify(); + + return NS_OK; + } + + bool DispatchAndWait() { + MonitorAutoLock lock(mMonitor); + + if (!Dispatch()) { + // The worker is already dead but the main thread still didn't remove it + // from RuntimeService's registry. + return false; + } + + // To avoid any possibility of process hangs we never receive reports on + // we give the worker 1sec to react. + lock.Wait(TimeDuration::FromMilliseconds(1000)); + if (!mHasMsg) { + mMsg.Append("NoResponse"); + mHasMsg.Flip(); + } + return true; + } + + const nsCString& MsgData() const { return mMsg; } + + private: + bool PreDispatch(WorkerPrivate* aWorkerPrivate) override { return true; } + + void PostDispatch(WorkerPrivate* aWorkerPrivate, + bool aDispatchResult) override {} + + Monitor mMonitor MOZ_UNANNOTATED; + nsCString mMsg; + FlippedOnce<false> mHasMsg; +}; + +struct ActiveWorkerStats { + template <uint32_t ActiveWorkerStats::*Category> + void Update(const nsTArray<WorkerPrivate*>& aWorkers) { + for (const auto worker : aWorkers) { + RefPtr<DumpCrashInfoRunnable> runnable = + new DumpCrashInfoRunnable(worker); + if (runnable->DispatchAndWait()) { + ++(this->*Category); + mMessage.Append(runnable->MsgData()); + } + } + } + + uint32_t mWorkers = 0; + uint32_t mServiceWorkers = 0; + nsCString mMessage; +}; + +} // namespace + +void RuntimeService::CrashIfHanging() { + MutexAutoLock lock(mMutex); + + // If we never wanted to shut down we cannot hang. + if (!mShuttingDown) { + return; + } + + ActiveWorkerStats activeStats; + uint32_t inactiveWorkers = 0; + + for (const auto& aData : mDomainMap.Values()) { + activeStats.Update<&ActiveWorkerStats::mWorkers>(aData->mActiveWorkers); + activeStats.Update<&ActiveWorkerStats::mServiceWorkers>( + aData->mActiveServiceWorkers); + + // These might not be top-level workers... + inactiveWorkers += std::count_if( + aData->mQueuedWorkers.begin(), aData->mQueuedWorkers.end(), + [](const auto* const worker) { return !worker->GetParent(); }); + } + + if (activeStats.mWorkers + activeStats.mServiceWorkers + inactiveWorkers == + 0) { + return; + } + + nsCString msg; + + // A: active Workers | S: active ServiceWorkers | Q: queued Workers + msg.AppendPrintf("Workers Hanging - %d|A:%d|S:%d|Q:%d", mShuttingDown ? 1 : 0, + activeStats.mWorkers, activeStats.mServiceWorkers, + inactiveWorkers); + msg.Append(activeStats.mMessage); + + // This string will be leaked. + MOZ_CRASH_UNSAFE(strdup(msg.BeginReading())); +} + +// This spins the event loop until all workers are finished and their threads +// have been joined. +void RuntimeService::Cleanup() { + AssertIsOnMainThread(); + + if (!mShuttingDown) { + Shutdown(); + } + + nsCOMPtr<nsIObserverService> obs = services::GetObserverService(); + NS_WARNING_ASSERTION(obs, "Failed to get observer service?!"); + + { + MutexAutoLock lock(mMutex); + + AutoTArray<WorkerPrivate*, 100> workers; + AddAllTopLevelWorkersToArray(workers); + + if (!workers.IsEmpty()) { + nsIThread* currentThread = NS_GetCurrentThread(); + NS_ASSERTION(currentThread, "This should never be null!"); + + // If the loop below takes too long, we probably have a problematic + // worker. MOZ_LOG some info before the parent process forcibly + // terminates us so that in the event we are a content process, the log + // output can provide useful context about the workers that did not + // cleanly shut down. + nsCOMPtr<nsITimer> timer; + RefPtr<RuntimeService> self = this; + nsresult rv = NS_NewTimerWithCallback( + getter_AddRefs(timer), + [self](nsITimer*) { self->DumpRunningWorkers(); }, + TimeDuration::FromSeconds(1), nsITimer::TYPE_ONE_SHOT, + "RuntimeService::WorkerShutdownDump"); + Unused << NS_WARN_IF(NS_FAILED(rv)); + + // And make sure all their final messages have run and all their threads + // have joined. + while (mDomainMap.Count()) { + MutexAutoUnlock unlock(mMutex); + + if (!NS_ProcessNextEvent(currentThread)) { + NS_WARNING("Something bad happened!"); + break; + } + } + + if (NS_SUCCEEDED(rv)) { + timer->Cancel(); + } + } + } + + NS_ASSERTION(!mWindowMap.Count(), "All windows should have been released!"); + +#define WORKER_PREF(name, callback) \ + NS_FAILED(Preferences::UnregisterCallback(callback, name)) + + if (mObserved) { + if (NS_FAILED(Preferences::UnregisterPrefixCallback( + LoadContextOptions, PREF_JS_OPTIONS_PREFIX)) || + WORKER_PREF("intl.accept_languages", PrefLanguagesChanged) || + WORKER_PREF("general.appversion.override", AppVersionOverrideChanged) || + WORKER_PREF("general.platform.override", PlatformOverrideChanged) || +#ifdef JS_GC_ZEAL + NS_FAILED(Preferences::UnregisterCallback( + LoadGCZealOptions, PREF_JS_OPTIONS_PREFIX PREF_GCZEAL)) || +#endif + NS_FAILED(Preferences::UnregisterPrefixCallback( + LoadJSGCMemoryOptions, + PREF_JS_OPTIONS_PREFIX PREF_MEM_OPTIONS_PREFIX))) { + NS_WARNING("Failed to unregister pref callbacks!"); + } + +#undef WORKER_PREF + + if (obs) { + if (NS_FAILED(obs->RemoveObserver(this, GC_REQUEST_OBSERVER_TOPIC))) { + NS_WARNING("Failed to unregister for GC request notifications!"); + } + + if (NS_FAILED(obs->RemoveObserver(this, CC_REQUEST_OBSERVER_TOPIC))) { + NS_WARNING("Failed to unregister for CC request notifications!"); + } + + if (NS_FAILED( + obs->RemoveObserver(this, MEMORY_PRESSURE_OBSERVER_TOPIC))) { + NS_WARNING("Failed to unregister for memory pressure notifications!"); + } + + if (NS_FAILED( + obs->RemoveObserver(this, NS_IOSERVICE_OFFLINE_STATUS_TOPIC))) { + NS_WARNING("Failed to unregister for offline notification event!"); + } + obs->RemoveObserver(this, NS_XPCOM_SHUTDOWN_THREADS_OBSERVER_ID); + obs->RemoveObserver(this, NS_XPCOM_SHUTDOWN_OBSERVER_ID); + mObserved = false; + } + } + + nsLayoutStatics::Release(); +} + +void RuntimeService::AddAllTopLevelWorkersToArray( + nsTArray<WorkerPrivate*>& aWorkers) { + for (const auto& aData : mDomainMap.Values()) { +#ifdef DEBUG + for (const auto& activeWorker : aData->mActiveWorkers) { + MOZ_ASSERT(!activeWorker->GetParent(), + "Shouldn't have a parent in this list!"); + } + for (const auto& activeServiceWorker : aData->mActiveServiceWorkers) { + MOZ_ASSERT(!activeServiceWorker->GetParent(), + "Shouldn't have a parent in this list!"); + } +#endif + + aWorkers.AppendElements(aData->mActiveWorkers); + aWorkers.AppendElements(aData->mActiveServiceWorkers); + + // These might not be top-level workers... + std::copy_if(aData->mQueuedWorkers.begin(), aData->mQueuedWorkers.end(), + MakeBackInserter(aWorkers), + [](const auto& worker) { return !worker->GetParent(); }); + } +} + +nsTArray<WorkerPrivate*> RuntimeService::GetWorkersForWindow( + const nsPIDOMWindowInner& aWindow) const { + AssertIsOnMainThread(); + + nsTArray<WorkerPrivate*> result; + if (nsTArray<WorkerPrivate*>* const workers = mWindowMap.Get(&aWindow)) { + NS_ASSERTION(!workers->IsEmpty(), "Should have been removed!"); + result.AppendElements(*workers); + } + return result; +} + +void RuntimeService::CancelWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + + for (WorkerPrivate* const worker : GetWorkersForWindow(aWindow)) { + MOZ_ASSERT(!worker->IsSharedWorker()); + worker->Cancel(); + } +} + +void RuntimeService::FreezeWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + + for (WorkerPrivate* const worker : GetWorkersForWindow(aWindow)) { + MOZ_ASSERT(!worker->IsSharedWorker()); + worker->Freeze(&aWindow); + } +} + +void RuntimeService::ThawWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + + for (WorkerPrivate* const worker : GetWorkersForWindow(aWindow)) { + MOZ_ASSERT(!worker->IsSharedWorker()); + worker->Thaw(&aWindow); + } +} + +void RuntimeService::SuspendWorkersForWindow( + const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + + for (WorkerPrivate* const worker : GetWorkersForWindow(aWindow)) { + MOZ_ASSERT(!worker->IsSharedWorker()); + worker->ParentWindowPaused(); + } +} + +void RuntimeService::ResumeWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + + for (WorkerPrivate* const worker : GetWorkersForWindow(aWindow)) { + MOZ_ASSERT(!worker->IsSharedWorker()); + worker->ParentWindowResumed(); + } +} + +void RuntimeService::PropagateStorageAccessPermissionGranted( + const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + MOZ_ASSERT_IF(aWindow.GetExtantDoc(), aWindow.GetExtantDoc() + ->CookieJarSettings() + ->GetRejectThirdPartyContexts()); + + for (WorkerPrivate* const worker : GetWorkersForWindow(aWindow)) { + worker->PropagateStorageAccessPermissionGranted(); + } +} + +template <typename Func> +void RuntimeService::BroadcastAllWorkers(const Func& aFunc) { + AssertIsOnMainThread(); + + AutoTArray<WorkerPrivate*, 100> workers; + { + MutexAutoLock lock(mMutex); + + AddAllTopLevelWorkersToArray(workers); + } + + for (const auto& worker : workers) { + aFunc(*worker); + } +} + +void RuntimeService::UpdateAllWorkerContextOptions() { + BroadcastAllWorkers([](auto& worker) { + worker.UpdateContextOptions(sDefaultJSSettings->contextOptions); + }); +} + +void RuntimeService::UpdateAppVersionOverridePreference( + const nsAString& aValue) { + AssertIsOnMainThread(); + mNavigatorProperties.mAppVersionOverridden = aValue; +} + +void RuntimeService::UpdatePlatformOverridePreference(const nsAString& aValue) { + AssertIsOnMainThread(); + mNavigatorProperties.mPlatformOverridden = aValue; +} + +void RuntimeService::UpdateAllWorkerLanguages( + const nsTArray<nsString>& aLanguages) { + MOZ_ASSERT(NS_IsMainThread()); + + mNavigatorProperties.mLanguages = aLanguages.Clone(); + BroadcastAllWorkers( + [&aLanguages](auto& worker) { worker.UpdateLanguages(aLanguages); }); +} + +void RuntimeService::UpdateAllWorkerMemoryParameter(JSGCParamKey aKey, + Maybe<uint32_t> aValue) { + BroadcastAllWorkers([aKey, aValue](auto& worker) { + worker.UpdateJSWorkerMemoryParameter(aKey, aValue); + }); +} + +#ifdef JS_GC_ZEAL +void RuntimeService::UpdateAllWorkerGCZeal() { + BroadcastAllWorkers([](auto& worker) { + worker.UpdateGCZeal(sDefaultJSSettings->gcZeal, + sDefaultJSSettings->gcZealFrequency); + }); +} +#endif + +void RuntimeService::SetLowMemoryStateAllWorkers(bool aState) { + BroadcastAllWorkers( + [aState](auto& worker) { worker.SetLowMemoryState(aState); }); +} + +void RuntimeService::GarbageCollectAllWorkers(bool aShrinking) { + BroadcastAllWorkers( + [aShrinking](auto& worker) { worker.GarbageCollect(aShrinking); }); +} + +void RuntimeService::CycleCollectAllWorkers() { + BroadcastAllWorkers([](auto& worker) { worker.CycleCollect(); }); +} + +void RuntimeService::SendOfflineStatusChangeEventToAllWorkers(bool aIsOffline) { + BroadcastAllWorkers([aIsOffline](auto& worker) { + worker.OfflineStatusChangeEvent(aIsOffline); + }); +} + +void RuntimeService::MemoryPressureAllWorkers() { + BroadcastAllWorkers([](auto& worker) { worker.MemoryPressure(); }); +} + +uint32_t RuntimeService::ClampedHardwareConcurrency( + bool aShouldResistFingerprinting) const { + // The Firefox Hardware Report says 70% of Firefox users have exactly 2 cores. + // When the resistFingerprinting pref is set, we want to blend into the crowd + // so spoof navigator.hardwareConcurrency = 2 to reduce user uniqueness. + if (MOZ_UNLIKELY(aShouldResistFingerprinting)) { + return 2; + } + + // This needs to be atomic, because multiple workers, and even mainthread, + // could race to initialize it at once. + static Atomic<uint32_t> unclampedHardwareConcurrency; + + // No need to loop here: if compareExchange fails, that just means that some + // other worker has initialized numberOfProcessors, so we're good to go. + if (!unclampedHardwareConcurrency) { + int32_t numberOfProcessors = 0; +#if defined(XP_MACOSX) + if (nsMacUtilsImpl::IsTCSMAvailable()) { + // On failure, zero is returned from GetPhysicalCPUCount() + // and we fallback to PR_GetNumberOfProcessors below. + numberOfProcessors = nsMacUtilsImpl::GetPhysicalCPUCount(); + } +#endif + if (numberOfProcessors == 0) { + numberOfProcessors = PR_GetNumberOfProcessors(); + } + if (numberOfProcessors <= 0) { + numberOfProcessors = 1; // Must be one there somewhere + } + Unused << unclampedHardwareConcurrency.compareExchange(0, + numberOfProcessors); + } + + return std::min(uint32_t(unclampedHardwareConcurrency), + StaticPrefs::dom_maxHardwareConcurrency()); +} + +// nsISupports +NS_IMPL_ISUPPORTS(RuntimeService, nsIObserver) + +// nsIObserver +NS_IMETHODIMP +RuntimeService::Observe(nsISupports* aSubject, const char* aTopic, + const char16_t* aData) { + AssertIsOnMainThread(); + + if (!strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID)) { + Shutdown(); + return NS_OK; + } + if (!strcmp(aTopic, NS_XPCOM_SHUTDOWN_THREADS_OBSERVER_ID)) { + Cleanup(); + return NS_OK; + } + if (!strcmp(aTopic, GC_REQUEST_OBSERVER_TOPIC)) { + GarbageCollectAllWorkers(/* shrinking = */ false); + return NS_OK; + } + if (!strcmp(aTopic, CC_REQUEST_OBSERVER_TOPIC)) { + CycleCollectAllWorkers(); + return NS_OK; + } + if (!strcmp(aTopic, MEMORY_PRESSURE_OBSERVER_TOPIC)) { + nsDependentString data(aData); + // Don't continue to GC/CC if we are in an ongoing low-memory state since + // its very slow and it likely won't help us anyway. + if (data.EqualsLiteral(LOW_MEMORY_ONGOING_DATA)) { + return NS_OK; + } + if (data.EqualsLiteral(LOW_MEMORY_DATA)) { + SetLowMemoryStateAllWorkers(true); + } + GarbageCollectAllWorkers(/* shrinking = */ true); + CycleCollectAllWorkers(); + MemoryPressureAllWorkers(); + return NS_OK; + } + if (!strcmp(aTopic, MEMORY_PRESSURE_STOP_OBSERVER_TOPIC)) { + SetLowMemoryStateAllWorkers(false); + return NS_OK; + } + if (!strcmp(aTopic, NS_IOSERVICE_OFFLINE_STATUS_TOPIC)) { + SendOfflineStatusChangeEventToAllWorkers(NS_IsOffline()); + return NS_OK; + } + + MOZ_ASSERT_UNREACHABLE("Unknown observer topic!"); + return NS_OK; +} + +namespace { +const char* WorkerKindToString(WorkerKind kind) { + switch (kind) { + case WorkerKindDedicated: + return "dedicated"; + case WorkerKindShared: + return "shared"; + case WorkerKindService: + return "service"; + default: + NS_WARNING("Unknown worker type"); + return "unknown worker type"; + } +} + +void LogWorker(WorkerPrivate* worker, const char* category) { + AssertIsOnMainThread(); + + SHUTDOWN_LOG(("Found %s (%s): %s", category, + WorkerKindToString(worker->Kind()), + NS_ConvertUTF16toUTF8(worker->ScriptURL()).get())); + + if (worker->Kind() == WorkerKindService) { + SHUTDOWN_LOG(("Scope: %s", worker->ServiceWorkerScope().get())); + } + + nsCString origin; + worker->GetPrincipal()->GetOrigin(origin); + SHUTDOWN_LOG(("Principal: %s", origin.get())); + + nsCString loadingOrigin; + worker->GetLoadingPrincipal()->GetOrigin(loadingOrigin); + SHUTDOWN_LOG(("LoadingPrincipal: %s", loadingOrigin.get())); + + RefPtr<DumpCrashInfoRunnable> runnable = new DumpCrashInfoRunnable(worker); + if (runnable->DispatchAndWait()) { + SHUTDOWN_LOG(("CrashInfo: %s", runnable->MsgData().get())); + } else { + SHUTDOWN_LOG(("CrashInfo: dispatch failed")); + } +} +} // namespace + +void RuntimeService::DumpRunningWorkers() { + // Temporarily set the LogLevel high enough to be certain the messages are + // visible. + LogModule* module = gWorkerShutdownDumpLog; + LogLevel prevLevel = module->Level(); + + const auto cleanup = + MakeScopeExit([module, prevLevel] { module->SetLevel(prevLevel); }); + + if (prevLevel < LogLevel::Debug) { + module->SetLevel(LogLevel::Debug); + } + + MutexAutoLock lock(mMutex); + + for (const auto& info : mDomainMap.Values()) { + for (WorkerPrivate* worker : info->mActiveWorkers) { + LogWorker(worker, "ActiveWorker"); + } + + for (WorkerPrivate* worker : info->mActiveServiceWorkers) { + LogWorker(worker, "ActiveServiceWorker"); + } + + for (WorkerPrivate* worker : info->mQueuedWorkers) { + LogWorker(worker, "QueuedWorker"); + } + } +} + +bool LogViolationDetailsRunnable::MainThreadRun() { + AssertIsOnMainThread(); + + nsIContentSecurityPolicy* csp = mWorkerPrivate->GetCsp(); + if (csp) { + csp->LogViolationDetails(mViolationType, + nullptr, // triggering element + mWorkerPrivate->CSPEventListener(), mFileName, + mScriptSample, mLineNum, mColumnNum, u""_ns, + u""_ns); + } + + return true; +} + +// MOZ_CAN_RUN_SCRIPT_BOUNDARY until Runnable::Run is MOZ_CAN_RUN_SCRIPT. See +// bug 1535398. +MOZ_CAN_RUN_SCRIPT_BOUNDARY +NS_IMETHODIMP +WorkerThreadPrimaryRunnable::Run() { + NS_ConvertUTF16toUTF8 url(mWorkerPrivate->ScriptURL()); + AUTO_PROFILER_LABEL_DYNAMIC_CSTR("WorkerThreadPrimaryRunnable::Run", OTHER, + url.get()); + + using mozilla::ipc::BackgroundChild; + + { + auto failureCleanup = MakeScopeExit([&]() { + // The creation of threadHelper above is the point at which a worker is + // considered to have run, because the `mPreStartRunnables` are all + // re-dispatched after `mThread` is set. We need to let the WorkerPrivate + // know so it can clean up the various event loops and delete the worker. + mWorkerPrivate->RunLoopNeverRan(); + }); + + mWorkerPrivate->SetWorkerPrivateInWorkerThread(mThread.unsafeGetRawPtr()); + + const auto threadCleanup = MakeScopeExit([&] { + // This must be called before ScheduleDeletion, which is either called + // from failureCleanup leaving scope, or from the outer scope. + mWorkerPrivate->ResetWorkerPrivateInWorkerThread(); + }); + + mWorkerPrivate->AssertIsOnWorkerThread(); + + // This needs to be initialized on the worker thread before being used on + // the main thread and calling BackgroundChild::GetOrCreateForCurrentThread + // exposes it to the main thread. + mWorkerPrivate->EnsurePerformanceStorage(); + + if (NS_WARN_IF(!BackgroundChild::GetOrCreateForCurrentThread())) { + return NS_ERROR_FAILURE; + } + + nsWeakPtr globalScopeSentinel; + nsWeakPtr debuggerScopeSentinel; + // Never use the following pointers without checking their corresponding + // nsWeakPtr sentinel, defined above and initialized after DoRunLoop ends. + WorkerGlobalScopeBase* globalScopeRawPtr = nullptr; + WorkerGlobalScopeBase* debuggerScopeRawPtr = nullptr; + { + nsCycleCollector_startup(); + + auto context = MakeUnique<WorkerJSContext>(mWorkerPrivate); + nsresult rv = context->Initialize(mParentRuntime); + if (NS_WARN_IF(NS_FAILED(rv))) { + return rv; + } + + JSContext* cx = context->Context(); + + if (!InitJSContextForWorker(mWorkerPrivate, cx)) { + return NS_ERROR_FAILURE; + } + + failureCleanup.release(); + + { + PROFILER_SET_JS_CONTEXT(cx); + + { + // We're on the worker thread here, and WorkerPrivate's refcounting is + // non-threadsafe: you can only do it on the parent thread. What that + // means in practice is that we're relying on it being kept alive + // while we run. Hopefully. + MOZ_KnownLive(mWorkerPrivate)->DoRunLoop(cx); + // The AutoJSAPI in DoRunLoop should have reported any exceptions left + // on cx. + MOZ_ASSERT(!JS_IsExceptionPending(cx)); + } + + mWorkerPrivate->ShutdownModuleLoader(); + + mWorkerPrivate->RunShutdownTasks(); + + BackgroundChild::CloseForCurrentThread(); + + PROFILER_CLEAR_JS_CONTEXT(); + } + + // There may still be runnables on the debugger event queue that hold a + // strong reference to the debugger global scope. These runnables are not + // visible to the cycle collector, so we need to make sure to clear the + // debugger event queue before we try to destroy the context. If we don't, + // the garbage collector will crash. + // Note that this just releases the runnables and does not execute them. + mWorkerPrivate->ClearDebuggerEventQueue(); + + // Before shutting down the cycle collector we need to do one more pass + // through the event loop to clean up any C++ objects that need deferred + // cleanup. + NS_ProcessPendingEvents(nullptr); + + // At this point we expect the scopes to be alive if they were ever + // created successfully, keep weak references and set up the sentinels. + globalScopeRawPtr = mWorkerPrivate->GlobalScope(); + if (globalScopeRawPtr) { + globalScopeSentinel = do_GetWeakReference(globalScopeRawPtr); + } + MOZ_ASSERT(!globalScopeRawPtr || globalScopeSentinel); + debuggerScopeRawPtr = mWorkerPrivate->DebuggerGlobalScope(); + if (debuggerScopeRawPtr) { + debuggerScopeSentinel = do_GetWeakReference(debuggerScopeRawPtr); + } + MOZ_ASSERT(!debuggerScopeRawPtr || debuggerScopeSentinel); + + // To our best knowledge nobody should need a reference to our globals + // now (NS_ProcessPendingEvents is the last expected potential usage) + // and we can unroot them. + mWorkerPrivate->UnrootGlobalScopes(); + + // Perform a full GC until we collect the main worker global and CC, + // which should break all cycles that touch JS. + bool repeatGCCC = true; + while (repeatGCCC) { + JS::PrepareForFullGC(cx); + JS::NonIncrementalGC(cx, JS::GCOptions::Shutdown, + JS::GCReason::WORKER_SHUTDOWN); + + // If we CCed something or got new events as a side effect, repeat. + repeatGCCC = mWorkerPrivate->isLastCCCollectedAnything() || + NS_HasPendingEvents(nullptr); + NS_ProcessPendingEvents(nullptr); + } + + // The worker global should be unrooted and the shutdown of cycle + // collection should break all the remaining cycles. + nsCycleCollector_shutdown(); + + // If ever the CC shutdown run caused side effects, process them. + NS_ProcessPendingEvents(nullptr); + + // Now WorkerJSContext goes out of scope. Do not use any cycle + // collectable objects nor JS after this point! + } + + // Check sentinels if we actually removed all global scope references. + // In case use the earlier set-aside raw pointers to not mess with the + // ref counting after the cycle collector has gone away. + if (globalScopeSentinel) { + MOZ_ASSERT(!globalScopeSentinel->IsAlive()); + if (NS_WARN_IF(globalScopeSentinel->IsAlive())) { + globalScopeRawPtr->NoteWorkerTerminated(); + globalScopeRawPtr = nullptr; + } + } + if (debuggerScopeSentinel) { + MOZ_ASSERT(!debuggerScopeSentinel->IsAlive()); + if (NS_WARN_IF(debuggerScopeSentinel->IsAlive())) { + debuggerScopeRawPtr->NoteWorkerTerminated(); + debuggerScopeRawPtr = nullptr; + } + } + } + + mWorkerPrivate->ScheduleDeletion(WorkerPrivate::WorkerRan); + + // It is no longer safe to touch mWorkerPrivate. + mWorkerPrivate = nullptr; + + // Now recycle this thread. + nsCOMPtr<nsIEventTarget> mainTarget = GetMainThreadSerialEventTarget(); + MOZ_ASSERT(mainTarget); + + RefPtr<FinishedRunnable> finishedRunnable = + new FinishedRunnable(std::move(mThread)); + MOZ_ALWAYS_SUCCEEDS( + mainTarget->Dispatch(finishedRunnable, NS_DISPATCH_NORMAL)); + + return NS_OK; +} + +NS_IMETHODIMP +WorkerThreadPrimaryRunnable::FinishedRunnable::Run() { + AssertIsOnMainThread(); + + SafeRefPtr<WorkerThread> thread = std::move(mThread); + if (thread->ShutdownRequired()) { + MOZ_ALWAYS_SUCCEEDS(thread->Shutdown()); + } + + return NS_OK; +} + +} // namespace workerinternals + +// This is mostly for invoking within a debugger. +void DumpRunningWorkers() { + RuntimeService* runtimeService = RuntimeService::GetService(); + if (runtimeService) { + runtimeService->DumpRunningWorkers(); + } else { + NS_WARNING("RuntimeService not found"); + } +} + +void CancelWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->CancelWorkersForWindow(aWindow); + } +} + +void FreezeWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->FreezeWorkersForWindow(aWindow); + } +} + +void ThawWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->ThawWorkersForWindow(aWindow); + } +} + +void SuspendWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->SuspendWorkersForWindow(aWindow); + } +} + +void ResumeWorkersForWindow(const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->ResumeWorkersForWindow(aWindow); + } +} + +void PropagateStorageAccessPermissionGrantedToWorkers( + const nsPIDOMWindowInner& aWindow) { + AssertIsOnMainThread(); + MOZ_ASSERT_IF(aWindow.GetExtantDoc(), aWindow.GetExtantDoc() + ->CookieJarSettings() + ->GetRejectThirdPartyContexts()); + + RuntimeService* runtime = RuntimeService::GetService(); + if (runtime) { + runtime->PropagateStorageAccessPermissionGranted(aWindow); + } +} + +WorkerPrivate* GetWorkerPrivateFromContext(JSContext* aCx) { + MOZ_ASSERT(!NS_IsMainThread()); + MOZ_ASSERT(aCx); + + CycleCollectedJSContext* ccjscx = CycleCollectedJSContext::GetFor(aCx); + if (!ccjscx) { + return nullptr; + } + + WorkerJSContext* workerjscx = ccjscx->GetAsWorkerJSContext(); + // GetWorkerPrivateFromContext is called only for worker contexts. The + // context private is cleared early in ~CycleCollectedJSContext() and so + // GetFor() returns null above if called after ccjscx is no longer a + // WorkerJSContext. + MOZ_ASSERT(workerjscx); + return workerjscx->GetWorkerPrivate(); +} + +WorkerPrivate* GetCurrentThreadWorkerPrivate() { + if (NS_IsMainThread()) { + return nullptr; + } + + CycleCollectedJSContext* ccjscx = CycleCollectedJSContext::Get(); + if (!ccjscx) { + return nullptr; + } + + WorkerJSContext* workerjscx = ccjscx->GetAsWorkerJSContext(); + // Even when GetCurrentThreadWorkerPrivate() is called on worker + // threads, the ccjscx will no longer be a WorkerJSContext if called from + // stable state events during ~CycleCollectedJSContext(). + if (!workerjscx) { + return nullptr; + } + + return workerjscx->GetWorkerPrivate(); +} + +bool IsCurrentThreadRunningWorker() { + return !NS_IsMainThread() && !!GetCurrentThreadWorkerPrivate(); +} + +bool IsCurrentThreadRunningChromeWorker() { + WorkerPrivate* wp = GetCurrentThreadWorkerPrivate(); + return wp && wp->UsesSystemPrincipal(); +} + +JSContext* GetCurrentWorkerThreadJSContext() { + WorkerPrivate* wp = GetCurrentThreadWorkerPrivate(); + if (!wp) { + return nullptr; + } + return wp->GetJSContext(); +} + +JSObject* GetCurrentThreadWorkerGlobal() { + WorkerPrivate* wp = GetCurrentThreadWorkerPrivate(); + if (!wp) { + return nullptr; + } + WorkerGlobalScope* scope = wp->GlobalScope(); + if (!scope) { + return nullptr; + } + return scope->GetGlobalJSObject(); +} + +JSObject* GetCurrentThreadWorkerDebuggerGlobal() { + WorkerPrivate* wp = GetCurrentThreadWorkerPrivate(); + if (!wp) { + return nullptr; + } + WorkerDebuggerGlobalScope* scope = wp->DebuggerGlobalScope(); + if (!scope) { + return nullptr; + } + return scope->GetGlobalJSObject(); +} + +} // namespace dom +} // namespace mozilla |