This changes comes with several different refactorings all rolled into one,
unfotunately I couldn't find a way to pull them apart:
- First of all annotations now can either recorded (that is, we copy the value
and have the crash reporting code own the copy) or registered. Several
annotations are changed to use this functionality so that we don't need to
update them as their value change.
- The code in the exception handler is modified to read the annotations from
the mozannotation_client crate. This has the unfortunate side-effect that
we need three different bits of code to serialize them: one for annotations
read from a child process, one for reading annotations from the main process
outside of the exception handler and one for reading annotations from the
main process within the exception handler. As we move to fully
out-of-process crash reporting the last two methods will go away.
- The mozannotation_client crate now doesn't record annotation types anymore.
I realized as I was working on this that storing types at runtime has two
issues: the first one is that buggy code might change the type of an
annotation (that is record it under two different types at two different
moments), the second issue is that types might become corrupt during a
crash, so better enforce them at annotation-writing time. The end result is
that the mozannotation_* crates now only store byte buffers, track the
format the data is stored in (null-terminated string, fixed size buffer,
etc...) but not the type of data each annotation is supposed to contain.
- Which brings us to the next change: concrete types for annotations are now
enforced when they're written out. If an annotation doesn't match the
expected type it's skipped. Storing an annotation with the wrong type will
also trigger an assertion in debug builds.
Differential Revision: https://phabricator.services.mozilla.com/D195248
```
// We guarantee our robustness via these requirements:
// * Object.MutTiedFields() gives us a tuple,
// * where the combined sizeofs all field types sums to sizeof(Object),
// * (thus we know we are exhaustively listing all fields)
// * where feeding each field back into ParamTraits succeeds,
// * and ParamTraits is only automated for BytesAlwaysValidT<T> types.
// (BytesAlwaysValidT rejects bool and enum types, and only accepts int/float
// types, or array or std::arrays of such types)
// (Yes, bit-field fields are rejected by MutTiedFields too)
```
BytesAlwaysValidT<T> is the same as the IsTriviallySerializable<T> that
it replaces, however the emphasis is different, and should discourage
tagging structs as IsTriviallySerializable, since they more clearly
aren't BytesAlwaysValid.
Differential Revision: https://phabricator.services.mozilla.com/D151676
With this new approach, Shmem instances will now have their handles
transferred inline within messages as attachments, rather than being
associated with their actors and sent in separate messages.
This has a few advantages:
* The implementation is much simpler
* Releasing all references to a Shmem will automatically destroy it by
RAII, rather than leaking the shared memory region until the toplevel
actor is destroyed, removing the need for types like RaiiShmem.
* This allows re-transmitting Shmem instances to another process, as we
don't close the shared memory region handle upon receiving it.
But also has a disadvantage that because we keep alive the shared memory
region's handle until the shmem is destroyed, so that it can be
re-transmitted, we may end up using more FDs or HANDLEs while running.
This patch intentionally doesn't change or simplify callsites, removing
APIs like RaiiShmem, in order to make it easier to revert if this causes
issues on platforms like Linux due to FD exhaustion. If we don't run
into increased resource exhaustion problems, we can make these changes
in a follow-up.
Differential Revision: https://phabricator.services.mozilla.com/D140211
There weren't that many uses of the existing typedef, so it seemed like
it might be worthwhile to just replace all uses of the previous typedef
with the stl-like one.
Differential Revision: https://phabricator.services.mozilla.com/D142705
* Accept that finding an explicit unpack for a given stride might fail.
* Directly use the logic from the GLES spec for unpacking stride calculations.
* Use structuredSrcSize member.
* Calc explicit unpack based on dstStride, not srcStride.
Differential Revision: https://phabricator.services.mozilla.com/D136052
Previously, there was undefined behaviour when validating enum values in
EnumSerializer, which were actually invalid (which was hit during fuzzing, e.g.),
because the invalid integral value was cast to the enum type for comparison.
This patch changes the comparison to cast the valid values to their integral
values instead and compare those.
Differential Revision: https://phabricator.services.mozilla.com/D103449
This moves parts of IPCMessageUtils.h to two new header files and adapts
the include directives as necessary. The new header files are:
- EnumSerializer.h, which defines the templates for enum serializers
- IPCMessageUtilsSpecializations.h, which defines template specializations
of ParamTraits with extra dependencies (building upon both IPCMessageUtils.h
and EnumSerializer.h)
This should minimize the dependencies pulled in by every consumer of
IPCMessageUtils.h
Differential Revision: https://phabricator.services.mozilla.com/D94459
"Validate" bools to guarantee they always (de)serialize to proper values. Require that all enums use EnumSerializer or their own special handlers.
Differential Revision: https://phabricator.services.mozilla.com/D87367
* Use clearer pref names.
* Default (and only support) IPDL dispatching.
* Make DispatchCommands async-only.
* Sync ipdl command per sync webgl entrypoint.
* Eat the boilerplate cost, since there's not too many.
* Run SerializedSize off same path as Serialize.
* All shmem uploads go through normal DispatchCommands.
* Defer pruning of dead code for now so we can iterate quickly.
* Use Read/Write(begin,end) instead of (begin,size).
* This would have prevented a bug where we read/wrote N*sizeof(T)*sizeof(T).
Differential Revision: https://phabricator.services.mozilla.com/D81495
Since we are no longer peeking or removing without copying, Read always gets a valid object. This makes its parameter a reference and removes extraneous null checks.
Differential Revision: https://phabricator.services.mozilla.com/D78544
Since we are no longer peeking or removing without copying, MinSize always gets a valid object. This converts its parameter to a reference and removes extraneous null checks.
Differential Revision: https://phabricator.services.mozilla.com/D78543
Peeking or pulling entries from the queue without deserializing them into an object requires making QueueParamTraits more complex. We don't currently need the functionality; the added complexity isn't worth it.
Differential Revision: https://phabricator.services.mozilla.com/D78542
EnumSerializers allow for easy enum validation in deserialization. The implementation is taken from IPDL's EnumSerializers and uses the IPDL EnumValidator classes and is used in exactly the same way.
Differential Revision: https://phabricator.services.mozilla.com/D78541
Type checking these queues turned out not to be useful. It added tokens to the stream that validated the type of the data in the stream against the type of the objects that it would deserialize into. However, the IPC mechanism is already completely type safe at the source code level so it was not useful in debugging.
Differential Revision: https://phabricator.services.mozilla.com/D78539
The old style of using SharedMemory objects was fine for Windows but was incompatible with Mac and Linux because the objects were not sent to the remote process with the proper socket scheme. This meant that shared memory could not be read by the destination process. Shmems are capable of this on all platforms so we use them instead.
Differential Revision: https://phabricator.services.mozilla.com/D74972
Move QueueParamTraits, which are common between PCQ and IpdlQueue, to a file they both include. This also changes the namespace of a handful of the classes, like the Marshaller.
Differential Revision: https://phabricator.services.mozilla.com/D68260
