tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

RefMessageBodyService.h (4721B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef mozilla_dom_RefMessageBodyService_h
      8 #define mozilla_dom_RefMessageBodyService_h
      9 
     10 #include <cstdint>
     11 
     12 #include "js/TypeDecls.h"
     13 #include "mozilla/Maybe.h"
     14 #include "mozilla/Mutex.h"
     15 #include "mozilla/StaticMutex.h"
     16 #include "mozilla/UniquePtr.h"
     17 #include "nsHashKeys.h"
     18 #include "nsID.h"
     19 #include "nsISupports.h"
     20 #include "nsRefPtrHashtable.h"
     21 
     22 namespace JS {
     23 class CloneDataPolicy;
     24 }  // namespace JS
     25 
     26 namespace mozilla {
     27 
     28 class ErrorResult;
     29 template <class T>
     30 class OwningNonNull;
     31 
     32 namespace dom {
     33 
     34 class MessagePort;
     35 template <typename T>
     36 class Sequence;
     37 
     38 namespace ipc {
     39 class StructuredCloneData;
     40 }
     41 
     42 /**
     43 * At the time a BroadcastChannel or MessagePort sends messages, we don't know
     44 * which process is going to receive it. Because of this, we need to check if
     45 * the message is able to cross the process boundary.
     46 * If the message contains objects such as SharedArrayBuffers, WASM modules or
     47 * ImageBitmaps, it can be delivered on the current process only.
     48 * Instead of sending the whole message via IPC, we send a unique ID, while the
     49 * message is kept alive by RefMessageBodyService, on the current process using
     50 * a ref-counted RefMessageBody object.
     51 * When the receiver obtains the message ID, it checks if the local
     52 * RefMessageBodyService knows that ID. If yes, the sender and the receiver are
     53 * on the same process and the delivery can be completed; if not, a
     54 * messageerror event has to be dispatched instead.
     55 *
     56 * For MessagePort communication is 1-to-1 and because of this, the
     57 * receiver takes ownership of the message (RefMessageBodyService::Steal()).
     58 * If the receiver port is on a different process, RefMessageBodyService will
     59 * return a nullptr and a messageerror event will be dispatched.
     60 
     61 * For BroadcastChannel, the life-time of a message is a bit different than for
     62 * MessagePort. It has a 1-to-many communication and we could have multiple
     63 * receivers. Each one needs to deliver the message without taking full
     64 * ownership of it.
     65 * In order to support this feature, BroadcastChannel needs to call
     66 * RefMessageBodyService::SetMaxCount() to inform how many ports are allowed to
     67 * retrieve the current message, on the current process. Receivers on other
     68 * processes are not kept in consideration because they will not be able to
     69 * retrieve the message from RefMessageBodyService. When the last allowed
     70 * port has called RefMessageBodyService::GetAndCount(), the message is
     71 * released.
     72 */
     73 class RefMessageBody final {
     74  friend class RefMessageBodyService;
     75 
     76 public:
     77  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(RefMessageBody)
     78 
     79  RefMessageBody(const nsID& aPortID,
     80                 UniquePtr<ipc::StructuredCloneData>&& aCloneData);
     81 
     82  const nsID& PortID() const { return mPortID; }
     83 
     84  void Read(JSContext* aCx, JS::MutableHandle<JS::Value> aValue,
     85            const JS::CloneDataPolicy& aCloneDataPolicy, ErrorResult& aRv);
     86 
     87  // This method can be called only if the RefMessageBody is not supposed to be
     88  // ref-counted (see mMaxCount).
     89  bool TakeTransferredPortsAsSequence(
     90      Sequence<OwningNonNull<mozilla::dom::MessagePort>>& aPorts);
     91 
     92 private:
     93  ~RefMessageBody();
     94 
     95  const nsID mPortID;
     96 
     97  // In case the RefMessageBody is shared and refcounted (see mCount/mMaxCount),
     98  // we must enforce that the reading does not happen simultaneously on
     99  // different threads.
    100  Mutex mMutex MOZ_UNANNOTATED;
    101 
    102  UniquePtr<ipc::StructuredCloneData> mCloneData;
    103 
    104  // When mCount reaches mMaxCount, this object is released by the service.
    105  Maybe<uint32_t> mMaxCount;
    106  uint32_t mCount;
    107 };
    108 
    109 class RefMessageBodyService final {
    110 public:
    111  NS_INLINE_DECL_THREADSAFE_REFCOUNTING(RefMessageBodyService)
    112 
    113  static already_AddRefed<RefMessageBodyService> GetOrCreate();
    114 
    115  void ForgetPort(const nsID& aPortID);
    116 
    117  const nsID Register(already_AddRefed<RefMessageBody> aBody, ErrorResult& aRv);
    118 
    119  already_AddRefed<RefMessageBody> Steal(const nsID& aID);
    120 
    121  already_AddRefed<RefMessageBody> GetAndCount(const nsID& aID);
    122 
    123  void SetMaxCount(const nsID& aID, uint32_t aMaxCount);
    124 
    125 private:
    126  explicit RefMessageBodyService(const StaticMutexAutoLock& aProofOfLock);
    127  ~RefMessageBodyService();
    128 
    129  static RefMessageBodyService* GetOrCreateInternal(
    130      const StaticMutexAutoLock& aProofOfLock);
    131 
    132  nsRefPtrHashtable<nsIDHashKey, RefMessageBody> mMessages;
    133 };
    134 
    135 }  // namespace dom
    136 }  // namespace mozilla
    137 
    138 #endif  // mozilla_dom_RefMessageBodyService_h