diff options
Diffstat (limited to 'toolkit/components/asyncshutdown/AsyncShutdown.sys.mjs')
-rw-r--r-- | toolkit/components/asyncshutdown/AsyncShutdown.sys.mjs | 1131 |
1 files changed, 1131 insertions, 0 deletions
diff --git a/toolkit/components/asyncshutdown/AsyncShutdown.sys.mjs b/toolkit/components/asyncshutdown/AsyncShutdown.sys.mjs new file mode 100644 index 0000000000..d59cf8d713 --- /dev/null +++ b/toolkit/components/asyncshutdown/AsyncShutdown.sys.mjs @@ -0,0 +1,1131 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/** + * Managing safe shutdown of asynchronous services. + * + * Firefox shutdown is composed of phases that take place + * sequentially. Typically, each shutdown phase removes some + * capabilities from the application. For instance, at the end of + * phase profileBeforeChange, no service is permitted to write to the + * profile directory (with the exception of Telemetry). Consequently, + * if any service has requested I/O to the profile directory before or + * during phase profileBeforeChange, the system must be informed that + * these requests need to be completed before the end of phase + * profileBeforeChange. Failing to inform the system of this + * requirement can (and has been known to) cause data loss. + * + * Example: At some point during shutdown, the Add-On Manager needs to + * ensure that all add-ons have safely written their data to disk, + * before writing its own data. Since the data is saved to the + * profile, this must be completed during phase profileBeforeChange. + * + * AsyncShutdown.profileBeforeChange.addBlocker( + * "Add-on manager: shutting down", + * function condition() { + * // Do things. + * // Perform I/O that must take place during phase profile-before-change + * return promise; + * } + * }); + * + * In this example, function |condition| will be called at some point + * during phase profileBeforeChange and phase profileBeforeChange + * itself is guaranteed to not terminate until |promise| is either + * resolved or rejected. + */ + +import { XPCOMUtils } from "resource://gre/modules/XPCOMUtils.sys.mjs"; + +const lazy = {}; + +ChromeUtils.defineESModuleGetters(lazy, { + PromiseUtils: "resource://gre/modules/PromiseUtils.sys.mjs", +}); +XPCOMUtils.defineLazyServiceGetter( + lazy, + "gDebug", + "@mozilla.org/xpcom/debug;1", + "nsIDebug2" +); + +// `true` if this is a content process, `false` otherwise. +// It would be nicer to go through `Services.appinfo`, but some tests need to be +// able to replace that field with a custom implementation before it is first +// called. +const isContent = + // eslint-disable-next-line mozilla/use-services + Cc["@mozilla.org/xre/app-info;1"].getService(Ci.nsIXULRuntime).processType == + Ci.nsIXULRuntime.PROCESS_TYPE_CONTENT; + +// Display timeout warnings after 10 seconds +const DELAY_WARNING_MS = 10 * 1000; + +// Crash the process if shutdown is really too long +// (allowing for sleep). +const PREF_DELAY_CRASH_MS = "toolkit.asyncshutdown.crash_timeout"; +var DELAY_CRASH_MS = Services.prefs.getIntPref(PREF_DELAY_CRASH_MS, 60 * 1000); // One minute +Services.prefs.addObserver(PREF_DELAY_CRASH_MS, function() { + DELAY_CRASH_MS = Services.prefs.getIntPref(PREF_DELAY_CRASH_MS); +}); + +/** + * Any addBlocker calls that failed. We add this into barrier wait + * crash annotations to help with debugging. When we fail to add + * shutdown blockers that can break shutdown. We track these globally + * rather than per barrier because one failure mode is when the + * barrier has already finished by the time addBlocker is invoked - + * but the failure to add the blocker may result in later barriers + * waiting indefinitely, so the debug information is still useful + * for those later barriers. See bug 1801674 for more context. + */ +let gBrokenAddBlockers = []; + +/** + * A set of Promise that supports waiting. + * + * Promise items may be added or removed during the wait. The wait will + * resolve once all Promise items have been resolved or removed. + */ +function PromiseSet() { + /** + * key: the Promise passed pass the client of the `PromiseSet`. + * value: an indirection on top of `key`, as an object with + * the following fields: + * - indirection: a Promise resolved if `key` is resolved or + * if `resolve` is called + * - resolve: a function used to resolve the indirection. + */ + this._indirections = new Map(); + // Once all the tracked promises have been resolved we are done. Once Wait() + // resolves, it should not be possible anymore to add further promises. + // This covers for a possibly rare case, where something may try to add a + // blocker after wait() is done, that would never be awaited for. + this._done = false; +} +PromiseSet.prototype = { + /** + * Wait until all Promise have been resolved or removed. + * + * Note that calling `wait()` causes Promise to be removed from the + * Set once they are resolved. + * @param {function} onDoneCb invoked synchronously once all the entries + * have been handled and no new entries will be accepted. + * @return {Promise} Resolved once all Promise have been resolved or removed, + * or rejected after at least one Promise has rejected. + */ + wait(onDoneCb) { + // Pick an arbitrary element in the map, if any exists. + let entry = this._indirections.entries().next(); + if (entry.done) { + // No indirections left, we are done. + this._done = true; + onDoneCb(); + return Promise.resolve(); + } + + let [, indirection] = entry.value; + let promise = indirection.promise; + promise = promise.then(() => + // At this stage, the entry has been cleaned up. + this.wait(onDoneCb) + ); + return promise; + }, + + /** + * Add a new Promise to the set. + * + * Calls to wait (including ongoing calls) will only return once + * `key` has either resolved or been removed. + */ + add(key) { + if (this._done) { + throw new Error("Wait is complete, cannot add further promises."); + } + this._ensurePromise(key); + let indirection = lazy.PromiseUtils.defer(); + key + .then( + x => { + // Clean up immediately. + // This needs to be done before the call to `resolve`, otherwise + // `wait()` may loop forever. + this._indirections.delete(key); + indirection.resolve(x); + }, + err => { + this._indirections.delete(key); + indirection.reject(err); + } + ) + .finally(() => { + this._indirections.delete(key); + // Normally the promise is resolved or rejected, but if its global + // goes away, only finally may be invoked. In all the other cases this + // is a no-op since the promise has been fulfilled already. + indirection.reject( + new Error("Promise not fulfilled, did it lost its global?") + ); + }); + this._indirections.set(key, indirection); + }, + + /** + * Remove a Promise from the set. + * + * Calls to wait (including ongoing calls) will ignore this promise, + * unless it is added again. + */ + delete(key) { + this._ensurePromise(key); + let value = this._indirections.get(key); + if (!value) { + return false; + } + this._indirections.delete(key); + value.resolve(); + return true; + }, + + _ensurePromise(key) { + if (!key || typeof key != "object") { + throw new Error("Expected an object"); + } + if (!("then" in key) || typeof key.then != "function") { + throw new Error("Expected a Promise"); + } + }, +}; + +/** + * Display a warning. + * + * As this code is generally used during shutdown, there are chances + * that the UX will not be available to display warnings on the + * console. We therefore use dump() rather than Cu.reportError(). + */ +function log(msg, prefix = "", error = null) { + try { + dump(prefix + msg + "\n"); + if (error) { + dump(prefix + error + "\n"); + if (typeof error == "object" && "stack" in error) { + dump(prefix + error.stack + "\n"); + } + } + } catch (ex) { + dump("INTERNAL ERROR in AsyncShutdown: cannot log message.\n"); + } +} +const PREF_DEBUG_LOG = "toolkit.asyncshutdown.log"; +var DEBUG_LOG = Services.prefs.getBoolPref(PREF_DEBUG_LOG, false); +Services.prefs.addObserver(PREF_DEBUG_LOG, function() { + DEBUG_LOG = Services.prefs.getBoolPref(PREF_DEBUG_LOG); +}); + +function debug(msg, error = null) { + if (DEBUG_LOG) { + log(msg, "DEBUG: ", error); + } +} +function warn(msg, error = null) { + log(msg, "WARNING: ", error); +} +function fatalerr(msg, error = null) { + log(msg, "FATAL ERROR: ", error); +} + +// Utility function designed to get the current state of execution +// of a blocker. +// We are a little paranoid here to ensure that in case of evaluation +// error we do not block the AsyncShutdown. +function safeGetState(fetchState) { + if (!fetchState) { + return "(none)"; + } + let data, string; + try { + // Evaluate fetchState(), normalize the result into something that we can + // safely stringify or upload. + let state = fetchState(); + if (!state) { + return "(none)"; + } + string = JSON.stringify(state); + data = JSON.parse(string); + // Simplify the rest of the code by ensuring that we can simply + // concatenate the result to a message. + if (data && typeof data == "object") { + data.toString = function() { + return string; + }; + } + return data; + } catch (ex) { + // Make sure that this causes test failures + Promise.reject(ex); + + if (string) { + return string; + } + try { + return "Error getting state: " + ex + " at " + ex.stack; + } catch (ex2) { + return "Error getting state but could not display error"; + } + } +} + +/** + * Countdown for a given duration, skipping beats if the computer is too busy, + * sleeping or otherwise unavailable. + * + * @param {number} delay An approximate delay to wait in milliseconds (rounded + * up to the closest second). + * + * @return Deferred + */ +function looseTimer(delay) { + let DELAY_BEAT = 1000; + let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer); + let beats = Math.ceil(delay / DELAY_BEAT); + let deferred = lazy.PromiseUtils.defer(); + timer.initWithCallback( + function() { + if (beats <= 0) { + deferred.resolve(); + } + --beats; + }, + DELAY_BEAT, + Ci.nsITimer.TYPE_REPEATING_PRECISE_CAN_SKIP + ); + // Ensure that the timer is both canceled once we are done with it + // and not garbage-collected until then. + deferred.promise.then( + () => timer.cancel(), + () => timer.cancel() + ); + return deferred; +} + +/** + * Given an nsIStackFrame object, find the caller filename, line number, + * and stack if necessary, and return them as an object. + * + * @param {nsIStackFrame} topFrame Top frame of the call stack. + * @param {string} filename Pre-supplied filename or null if unknown. + * @param {number} lineNumber Pre-supplied line number or null if unknown. + * @param {string} stack Pre-supplied stack or null if unknown. + * + * @return object + */ +function getOrigin(topFrame, filename = null, lineNumber = null, stack = null) { + try { + // Determine the filename and line number of the caller. + let frame = topFrame; + + for (; frame && frame.filename == topFrame.filename; frame = frame.caller) { + // Climb up the stack + } + + if (filename == null) { + filename = frame ? frame.filename : "?"; + } + if (lineNumber == null) { + lineNumber = frame ? frame.lineNumber : 0; + } + if (stack == null) { + // Now build the rest of the stack as a string, using Task.jsm's rewriting + // to ensure that we do not lose information at each call to `Task.spawn`. + stack = []; + while (frame != null) { + stack.push(frame.filename + ":" + frame.name + ":" + frame.lineNumber); + frame = frame.caller; + } + } + + return { + filename, + lineNumber, + stack, + }; + } catch (ex) { + return { + filename: "<internal error: could not get origin>", + lineNumber: -1, + stack: "<internal error: could not get origin>", + }; + } +} + +/** + * {string} topic -> phase + */ +var gPhases = new Map(); + +export var AsyncShutdown = { + /** + * Access function getPhase. For testing purposes only. + */ + get _getPhase() { + let accepted = Services.prefs.getBoolPref( + "toolkit.asyncshutdown.testing", + false + ); + if (accepted) { + return getPhase; + } + return undefined; + }, + + /** + * This constant is used as the amount of milliseconds to allow shutdown to be + * blocked until we crash the process forcibly and is read from the + * 'toolkit.asyncshutdown.crash_timeout' pref. + */ + get DELAY_CRASH_MS() { + return DELAY_CRASH_MS; + }, +}; + +/** + * Register a new phase. + * + * @param {string} topic The notification topic for this Phase. + * @see {https://developer.mozilla.org/en-US/docs/Observer_Notifications} + */ +function getPhase(topic) { + let phase = gPhases.get(topic); + if (phase) { + return phase; + } + let spinner = new Spinner(topic); + phase = Object.freeze({ + /** + * Register a blocker for the completion of a phase. + * + * @param {string} name The human-readable name of the blocker. Used + * for debugging/error reporting. Please make sure that the name + * respects the following model: "Some Service: some action in progress" - + * for instance "OS.File: flushing all pending I/O"; + * @param {function|promise|*} condition A condition blocking the + * completion of the phase. Generally, this is a function + * returning a promise. This function is evaluated during the + * phase and the phase is guaranteed to not terminate until the + * resulting promise is either resolved or rejected. If + * |condition| is not a function but another value |v|, it behaves + * as if it were a function returning |v|. + * @param {object*} details Optionally, an object with details + * that may be useful for error reporting, as a subset of of the following + * fields: + * - fetchState (strongly recommended) A function returning + * information about the current state of the blocker as an + * object. Used for providing more details when logging errors or + * crashing. + * - stack. A string containing stack information. This module can + * generally infer stack information if it is not provided. + * - lineNumber A number containing the line number for the caller. + * This module can generally infer this information if it is not + * provided. + * - filename A string containing the filename for the caller. This + * module can generally infer the information if it is not provided. + * + * Examples: + * AsyncShutdown.profileBeforeChange.addBlocker("Module: just a promise", + * promise); // profileBeforeChange will not complete until + * // promise is resolved or rejected + * + * AsyncShutdown.profileBeforeChange.addBlocker("Module: a callback", + * function callback() { + * // ... + * // Execute this code during profileBeforeChange + * return promise; + * // profileBeforeChange will not complete until promise + * // is resolved or rejected + * }); + * + * AsyncShutdown.profileBeforeChange.addBlocker("Module: trivial callback", + * function callback() { + * // ... + * // Execute this code during profileBeforeChange + * // No specific guarantee about completion of profileBeforeChange + * }); + */ + addBlocker(name, condition, details = null) { + spinner.addBlocker(name, condition, details); + }, + /** + * Remove the blocker for a condition. + * + * If several blockers have been registered for the same + * condition, remove all these blockers. If no blocker has been + * registered for this condition, this is a noop. + * + * @return {boolean} true if a blocker has been removed, false + * otherwise. Note that a result of false may mean either that + * the blocker has never been installed or that the phase has + * completed and the blocker has already been resolved. + */ + removeBlocker(condition) { + return spinner.removeBlocker(condition); + }, + + get name() { + return spinner.name; + }, + + get isClosed() { + return spinner.isClosed; + }, + + /** + * Trigger the phase without having to broadcast a + * notification. For testing purposes only. + */ + get _trigger() { + let accepted = Services.prefs.getBoolPref( + "toolkit.asyncshutdown.testing", + false + ); + if (accepted) { + return () => spinner.observe(); + } + return undefined; + }, + }); + gPhases.set(topic, phase); + return phase; +} + +/** + * Utility class used to spin the event loop until all blockers for a + * Phase are satisfied. + * + * @param {string} topic The xpcom notification for that phase. + */ +function Spinner(topic) { + this._barrier = new Barrier(topic); + this._topic = topic; + Services.obs.addObserver(this, topic); +} + +Spinner.prototype = { + /** + * Register a new condition for this phase. + * + * See the documentation of `addBlocker` in property `client` + * of instances of `Barrier`. + */ + addBlocker(name, condition, details) { + this._barrier.client.addBlocker(name, condition, details); + }, + /** + * Remove the blocker for a condition. + * + * See the documentation of `removeBlocker` in rpoperty `client` + * of instances of `Barrier` + * + * @return {boolean} true if a blocker has been removed, false + * otherwise. Note that a result of false may mean either that + * the blocker has never been installed or that the phase has + * completed and the blocker has already been resolved. + */ + removeBlocker(condition) { + return this._barrier.client.removeBlocker(condition); + }, + + get name() { + return this._barrier.client.name; + }, + + get isClosed() { + return this._barrier.client.isClosed; + }, + + // nsIObserver.observe + observe() { + let topic = this._topic; + debug(`Starting phase ${topic}`); + Services.obs.removeObserver(this, topic); + + let satisfied = false; // |true| once we have satisfied all conditions + let promise; + try { + promise = this._barrier + .wait({ + warnAfterMS: DELAY_WARNING_MS, + crashAfterMS: DELAY_CRASH_MS, + }) + .catch + // Additional precaution to be entirely sure that we cannot reject. + (); + } catch (ex) { + debug("Error waiting for notification"); + throw ex; + } + + // Now, spin the event loop + debug("Spinning the event loop"); + promise.then(() => (satisfied = true)); // This promise cannot reject + let thread = Services.tm.mainThread; + while (!satisfied) { + try { + thread.processNextEvent(true); + } catch (ex) { + // An uncaught error should not stop us, but it should still + // be reported and cause tests to fail. + Promise.reject(ex); + } + } + debug(`Finished phase ${topic}`); + }, +}; + +/** + * A mechanism used to register blockers that prevent some action from + * happening. + * + * An instance of |Barrier| provides a capability |client| that + * clients can use to register blockers. The barrier is resolved once + * all registered blockers have been resolved. The owner of the + * |Barrier| may wait for the resolution of the barrier and obtain + * information on which blockers have not been resolved yet. + * + * @param {string} name The name of the blocker. Used mainly for error- + * reporting. + */ +function Barrier(name) { + if (!name) { + throw new TypeError("Instances of Barrier need a (non-empty) name"); + } + + /** + * The set of all Promise for which we need to wait before the barrier + * is lifted. Note that this set may be changed while we are waiting. + * + * Set to `null` once the wait is complete. + */ + this._waitForMe = new PromiseSet(); + + /** + * A map from conditions, as passed by users during the call to `addBlocker`, + * to `promise`, as present in `this._waitForMe`. + * + * Used to let users perform cleanup through `removeBlocker`. + * Set to `null` once the wait is complete. + * + * Key: condition (any, as passed by user) + * Value: promise used as a key in `this._waitForMe`. Note that there is + * no guarantee that the key is still present in `this._waitForMe`. + */ + this._conditionToPromise = new Map(); + + /** + * A map from Promise, as present in `this._waitForMe` or + * `this._conditionToPromise`, to information on blockers. + * + * Key: Promise (as present in this._waitForMe or this._conditionToPromise). + * Value: { + * trigger: function, + * promise, + * name, + * fetchState: function, + * stack, + * filename, + * lineNumber + * }; + */ + this._promiseToBlocker = new Map(); + + /** + * The name of the barrier. + */ + if (typeof name != "string") { + throw new TypeError("The name of the barrier must be a string"); + } + this._name = name; + + /** + * A cache for the promise returned by wait(). + */ + this._promise = null; + + /** + * `true` once we have started waiting. + */ + this._isStarted = false; + + /** + * `true` once we're done and won't accept any new blockers. + */ + this._isClosed = false; + + /** + * The capability of adding blockers. This object may safely be returned + * or passed to clients. + */ + this.client = { + /** + * The name of the barrier owning this client. + */ + get name() { + return name; + }, + + /** + * Register a blocker for the completion of this barrier. + * + * @param {string} name The human-readable name of the blocker. Used + * for debugging/error reporting. Please make sure that the name + * respects the following model: "Some Service: some action in progress" - + * for instance "OS.File: flushing all pending I/O"; + * @param {function|promise|*} condition A condition blocking the + * completion of the phase. Generally, this is a function + * returning a promise. This function is evaluated during the + * phase and the phase is guaranteed to not terminate until the + * resulting promise is either resolved or rejected. If + * |condition| is not a function but another value |v|, it behaves + * as if it were a function returning |v|. + * @param {object*} details Optionally, an object with details + * that may be useful for error reporting, as a subset of of the following + * fields: + * - fetchState (strongly recommended) A function returning + * information about the current state of the blocker as an + * object. Used for providing more details when logging errors or + * crashing. + * - stack. A string containing stack information. This module can + * generally infer stack information if it is not provided. + * - lineNumber A number containing the line number for the caller. + * This module can generally infer this information if it is not + * provided. + * - filename A string containing the filename for the caller. This + * module can generally infer the information if it is not provided. + */ + addBlocker: (name, condition, details) => { + if (typeof name != "string") { + gBrokenAddBlockers.push("No-name blocker"); + throw new TypeError("Expected a human-readable name as first argument"); + } + if (details && typeof details == "function") { + details = { + fetchState: details, + }; + } else if (!details) { + details = {}; + } + if (typeof details != "object") { + gBrokenAddBlockers.push(`${name} - invalid details`); + throw new TypeError( + "Expected an object as third argument to `addBlocker`, got " + details + ); + } + if (!this._waitForMe) { + gBrokenAddBlockers.push(`${name} - ${this._name} finished`); + throw new Error( + `Phase "${this._name}" is finished, it is too late to register completion condition "${name}"` + ); + } + debug(`Adding blocker ${name} for phase ${this._name}`); + + try { + this.client._internalAddBlocker(name, condition, details); + } catch (ex) { + gBrokenAddBlockers.push(`${name} - ${ex.message}`); + throw ex; + } + }, + + _internalAddBlocker: ( + name, + condition, + { fetchState = null, filename = null, lineNumber = null, stack = null } + ) => { + if (fetchState != null && typeof fetchState != "function") { + throw new TypeError("Expected a function for option `fetchState`"); + } + + // Split the condition between a trigger function and a promise. + + // The function to call to notify the blocker that we have started waiting. + // This function returns a promise resolved/rejected once the + // condition is complete, and never throws. + let trigger; + + // A promise resolved once the condition is complete. + let promise; + if (typeof condition == "function") { + promise = new Promise((resolve, reject) => { + trigger = () => { + try { + resolve(condition()); + } catch (ex) { + reject(ex); + } + }; + }); + } else { + // If `condition` is not a function, `trigger` is not particularly + // interesting, and `condition` needs to be normalized to a promise. + trigger = () => {}; + promise = Promise.resolve(condition); + } + + // Make sure that `promise` never rejects. + promise = promise + .catch(error => { + let msg = `A blocker encountered an error while we were waiting. + Blocker: ${name} + Phase: ${this._name} + State: ${safeGetState(fetchState)}`; + warn(msg, error); + + // The error should remain uncaught, to ensure that it + // still causes tests to fail. + Promise.reject(error); + }) + .catch + // Added as a last line of defense, in case `warn`, `this._name` or + // `safeGetState` somehow throws an error. + (); + + let topFrame = null; + if (filename == null || lineNumber == null || stack == null) { + topFrame = Components.stack; + } + + let blocker = { + trigger, + promise, + name, + fetchState, + getOrigin: () => getOrigin(topFrame, filename, lineNumber, stack), + }; + + this._waitForMe.add(promise); + this._promiseToBlocker.set(promise, blocker); + this._conditionToPromise.set(condition, promise); + + // As conditions may hold lots of memory, we attempt to cleanup + // as soon as we are done (which might be in the next tick, if + // we have been passed a resolved promise). + promise = promise.then(() => { + debug(`Completed blocker ${name} for phase ${this._name}`); + this._removeBlocker(condition); + }); + + if (this._isStarted) { + // The wait has already started. The blocker should be + // notified asap. We do it out of band as clients probably + // expect `addBlocker` to return immediately. + Promise.resolve().then(trigger); + } + }, + + /** + * Remove the blocker for a condition. + * + * If several blockers have been registered for the same + * condition, remove all these blockers. If no blocker has been + * registered for this condition, this is a noop. + * + * @return {boolean} true if at least one blocker has been + * removed, false otherwise. + */ + removeBlocker: condition => { + return this._removeBlocker(condition); + }, + }; + + /** + * Whether this client still accepts new blockers. + */ + Object.defineProperty(this.client, "isClosed", { + get: () => { + return this._isClosed; + }, + }); +} +Barrier.prototype = Object.freeze({ + /** + * The current state of the barrier, as a JSON-serializable object + * designed for error-reporting. + */ + get state() { + if (!this._isStarted) { + return "Not started"; + } + if (!this._waitForMe) { + return "Complete"; + } + let frozen = []; + for (let blocker of this._promiseToBlocker.values()) { + let { name, fetchState } = blocker; + let { stack, filename, lineNumber } = blocker.getOrigin(); + frozen.push({ + name, + state: safeGetState(fetchState), + filename, + lineNumber, + stack, + }); + } + return frozen; + }, + + /** + * Wait until all currently registered blockers are complete. + * + * Once this method has been called, any attempt to register a new blocker + * for this barrier will cause an error. + * + * Successive calls to this method always return the same value. + * + * @param {object=} options Optionally, an object that may contain + * the following fields: + * {number} warnAfterMS If provided and > 0, print a warning if the barrier + * has not been resolved after the given number of milliseconds. + * {number} crashAfterMS If provided and > 0, crash the process if the barrier + * has not been resolved after the give number of milliseconds (rounded up + * to the next second). To avoid crashing simply because the computer is busy + * or going to sleep, we actually wait for ceil(crashAfterMS/1000) successive + * periods of at least one second. Upon crashing, if a crash reporter is present, + * prepare a crash report with the state of this barrier. + * + * + * @return {Promise} A promise satisfied once all blockers are complete. + */ + wait(options = {}) { + // This method only implements caching on top of _wait() + if (this._promise) { + return this._promise; + } + return (this._promise = this._wait(options)); + }, + _wait(options) { + // Sanity checks + if (this._isStarted) { + throw new TypeError("Internal error: already started " + this._name); + } + if ( + !this._waitForMe || + !this._conditionToPromise || + !this._promiseToBlocker + ) { + throw new TypeError("Internal error: already finished " + this._name); + } + + let topic = this._name; + + // Notify blockers + for (let blocker of this._promiseToBlocker.values()) { + blocker.trigger(); // We have guarantees that this method will never throw + } + + this._isStarted = true; + + // Now, wait + let promise = this._waitForMe.wait(() => { + this._isClosed = true; + }); + + promise = promise.catch(function onError(error) { + // I don't think that this can happen. + // However, let's be overcautious with async/shutdown error reporting. + let msg = + "An uncaught error appeared while completing the phase." + + " Phase: " + + topic; + warn(msg, error); + }); + + promise = promise.then(() => { + // Cleanup memory + this._waitForMe = null; + this._promiseToBlocker = null; + this._conditionToPromise = null; + }); + + // Now handle warnings and crashes + let warnAfterMS = DELAY_WARNING_MS; + if (options && "warnAfterMS" in options) { + if ( + typeof options.warnAfterMS == "number" || + options.warnAfterMS == null + ) { + // Change the delay or deactivate warnAfterMS + warnAfterMS = options.warnAfterMS; + } else { + throw new TypeError("Wrong option value for warnAfterMS"); + } + } + + if (warnAfterMS && warnAfterMS > 0) { + // If the promise takes too long to be resolved/rejected, + // we need to notify the user. + let timer = Cc["@mozilla.org/timer;1"].createInstance(Ci.nsITimer); + timer.initWithCallback( + () => { + let msg = + "At least one completion condition is taking too long to complete." + + " Conditions: " + + JSON.stringify(this.state) + + " Barrier: " + + topic; + warn(msg); + }, + warnAfterMS, + Ci.nsITimer.TYPE_ONE_SHOT + ); + + promise = promise.then(function onSuccess() { + timer.cancel(); + // As a side-effect, this prevents |timer| from + // being garbage-collected too early. + }); + } + + let crashAfterMS = DELAY_CRASH_MS; + if (options && "crashAfterMS" in options) { + if ( + typeof options.crashAfterMS == "number" || + options.crashAfterMS == null + ) { + // Change the delay or deactivate crashAfterMS + crashAfterMS = options.crashAfterMS; + } else { + throw new TypeError("Wrong option value for crashAfterMS"); + } + } + + if (crashAfterMS > 0) { + let timeToCrash = null; + + // If after |crashAfterMS| milliseconds (adjusted to take into + // account sleep and otherwise busy computer) we have not finished + // this shutdown phase, we assume that the shutdown is somehow + // frozen, presumably deadlocked. At this stage, the only thing we + // can do to avoid leaving the user's computer in an unstable (and + // battery-sucking) situation is report the issue and crash. + timeToCrash = looseTimer(crashAfterMS); + timeToCrash.promise.then( + () => { + // Report the problem as best as we can, then crash. + let state = this.state; + + // If you change the following message, please make sure + // that any information on the topic and state appears + // within the first 200 characters of the message. This + // helps automatically sort oranges. + let msg = + "AsyncShutdown timeout in " + + topic + + " Conditions: " + + JSON.stringify(state) + + " At least one completion condition failed to complete" + + " within a reasonable amount of time. Causing a crash to" + + " ensure that we do not leave the user with an unresponsive" + + " process draining resources."; + fatalerr(msg); + if (gBrokenAddBlockers.length) { + fatalerr( + "Broken addBlocker calls: " + JSON.stringify(gBrokenAddBlockers) + ); + } + if (Services.appinfo.crashReporterEnabled) { + Services.appinfo.annotateCrashReport( + "AsyncShutdownTimeout", + JSON.stringify(this._gatherCrashReportTimeoutData(topic, state)) + ); + } else { + warn("No crash reporter available"); + } + + // To help sorting out bugs, we want to make sure that the + // call to nsIDebug2.abort points to a guilty client, rather + // than to AsyncShutdown itself. We pick a client that is + // still blocking and use its filename/lineNumber, + // which have been determined during the call to `addBlocker`. + let filename = "?"; + let lineNumber = -1; + for (let blocker of this._promiseToBlocker.values()) { + ({ filename, lineNumber } = blocker.getOrigin()); + break; + } + lazy.gDebug.abort(filename, lineNumber); + }, + function onSatisfied() { + // The promise has been rejected, which means that we have satisfied + // all completion conditions. + } + ); + + promise = promise.then( + function() { + timeToCrash.reject(); + } /* No error is possible here*/ + ); + } + + return promise; + }, + + _gatherCrashReportTimeoutData(phase, conditions) { + let data = { phase, conditions }; + if (gBrokenAddBlockers.length) { + data.brokenAddBlockers = gBrokenAddBlockers; + } + return data; + }, + + _removeBlocker(condition) { + if ( + !this._waitForMe || + !this._promiseToBlocker || + !this._conditionToPromise + ) { + // We have already cleaned up everything. + return false; + } + + let promise = this._conditionToPromise.get(condition); + if (!promise) { + // The blocker has already been removed + return false; + } + this._conditionToPromise.delete(condition); + this._promiseToBlocker.delete(promise); + return this._waitForMe.delete(promise); + }, +}); + +// List of well-known phases +// Ideally, phases should be registered from the component that decides +// when they start/stop. For compatibility with existing startup/shutdown +// mechanisms, we register a few phases here. + +// Parent process +if (!isContent) { + AsyncShutdown.profileChangeTeardown = getPhase("profile-change-teardown"); + AsyncShutdown.profileBeforeChange = getPhase("profile-before-change"); + AsyncShutdown.sendTelemetry = getPhase("profile-before-change-telemetry"); +} + +// Notifications that fire in the parent and content process, but should +// only have phases in the parent process. +if (!isContent) { + AsyncShutdown.quitApplicationGranted = getPhase("quit-application-granted"); +} + +// Don't add a barrier for content-child-shutdown because this +// makes it easier to cause shutdown hangs. + +// All processes +AsyncShutdown.webWorkersShutdown = getPhase("web-workers-shutdown"); +AsyncShutdown.xpcomWillShutdown = getPhase("xpcom-will-shutdown"); + +AsyncShutdown.Barrier = Barrier; + +Object.freeze(AsyncShutdown); |