| // Copyright 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef MOJO_SYSTEM_DISPATCHER_H_ |
| #define MOJO_SYSTEM_DISPATCHER_H_ |
| |
| #include <stddef.h> |
| #include <stdint.h> |
| |
| #include <vector> |
| |
| #include "base/macros.h" |
| #include "base/memory/ref_counted.h" |
| #include "base/memory/scoped_ptr.h" |
| #include "base/synchronization/lock.h" |
| #include "mojo/embedder/platform_handle.h" |
| #include "mojo/embedder/platform_handle_vector.h" |
| #include "mojo/public/c/system/buffer.h" |
| #include "mojo/public/c/system/data_pipe.h" |
| #include "mojo/public/c/system/message_pipe.h" |
| #include "mojo/public/c/system/types.h" |
| #include "mojo/system/system_impl_export.h" |
| |
| namespace mojo { |
| namespace system { |
| |
| class Channel; |
| class Core; |
| class Dispatcher; |
| class DispatcherTransport; |
| class HandleTable; |
| class LocalMessagePipeEndpoint; |
| class ProxyMessagePipeEndpoint; |
| class RawSharedBufferMapping; |
| class TransportData; |
| class Waiter; |
| |
| typedef std::vector<scoped_refptr<Dispatcher> > DispatcherVector; |
| |
| namespace test { |
| |
| // Test helper. We need to declare it here so we can friend it. |
| MOJO_SYSTEM_IMPL_EXPORT DispatcherTransport DispatcherTryStartTransport( |
| Dispatcher* dispatcher); |
| |
| } // namespace test |
| |
| // A |Dispatcher| implements Mojo primitives that are "attached" to a particular |
| // handle. This includes most (all?) primitives except for |MojoWait...()|. This |
| // object is thread-safe, with its state being protected by a single lock |
| // |lock_|, which is also made available to implementation subclasses (via the |
| // |lock()| method). |
| class MOJO_SYSTEM_IMPL_EXPORT Dispatcher : |
| public base::RefCountedThreadSafe<Dispatcher> { |
| public: |
| enum Type { |
| kTypeUnknown = 0, |
| kTypeMessagePipe, |
| kTypeDataPipeProducer, |
| kTypeDataPipeConsumer, |
| kTypeSharedBuffer, |
| |
| // "Private" types (not exposed via the public interface): |
| kTypePlatformHandle = -1 |
| }; |
| virtual Type GetType() const = 0; |
| |
| // These methods implement the various primitives named |Mojo...()|. These |
| // take |lock_| and handle races with |Close()|. Then they call out to |
| // subclasses' |...ImplNoLock()| methods (still under |lock_|), which actually |
| // implement the primitives. |
| // NOTE(vtl): This puts a big lock around each dispatcher (i.e., handle), and |
| // prevents the various |...ImplNoLock()|s from releasing the lock as soon as |
| // possible. If this becomes an issue, we can rethink this. |
| MojoResult Close(); |
| |
| // |transports| may be non-null if and only if there are handles to be |
| // written; not that |this| must not be in |transports|. On success, all the |
| // dispatchers in |transports| must have been moved to a closed state; on |
| // failure, they should remain in their original state. |
| MojoResult WriteMessage(const void* bytes, |
| uint32_t num_bytes, |
| std::vector<DispatcherTransport>* transports, |
| MojoWriteMessageFlags flags); |
| // |dispatchers| must be non-null but empty, if |num_dispatchers| is non-null |
| // and nonzero. On success, it will be set to the dispatchers to be received |
| // (and assigned handles) as part of the message. |
| MojoResult ReadMessage(void* bytes, |
| uint32_t* num_bytes, |
| DispatcherVector* dispatchers, |
| uint32_t* num_dispatchers, |
| MojoReadMessageFlags flags); |
| MojoResult WriteData(const void* elements, |
| uint32_t* elements_num_bytes, |
| MojoWriteDataFlags flags); |
| MojoResult BeginWriteData(void** buffer, |
| uint32_t* buffer_num_bytes, |
| MojoWriteDataFlags flags); |
| MojoResult EndWriteData(uint32_t num_bytes_written); |
| MojoResult ReadData(void* elements, |
| uint32_t* num_bytes, |
| MojoReadDataFlags flags); |
| MojoResult BeginReadData(const void** buffer, |
| uint32_t* buffer_num_bytes, |
| MojoReadDataFlags flags); |
| MojoResult EndReadData(uint32_t num_bytes_read); |
| // |options| may be null. |new_dispatcher| must not be null, but |
| // |*new_dispatcher| should be null (and will contain the dispatcher for the |
| // new handle on success). |
| MojoResult DuplicateBufferHandle( |
| const MojoDuplicateBufferHandleOptions* options, |
| scoped_refptr<Dispatcher>* new_dispatcher); |
| MojoResult MapBuffer(uint64_t offset, |
| uint64_t num_bytes, |
| MojoMapBufferFlags flags, |
| scoped_ptr<RawSharedBufferMapping>* mapping); |
| |
| // Adds a waiter to this dispatcher. The waiter will be woken up when this |
| // object changes state to satisfy |signals| with context |context|. It will |
| // also be woken up when it becomes impossible for the object to ever satisfy |
| // |signals| with a suitable error status. |
| // |
| // Returns: |
| // - |MOJO_RESULT_OK| if the waiter was added; |
| // - |MOJO_RESULT_ALREADY_EXISTS| if |signals| is already satisfied; |
| // - |MOJO_RESULT_INVALID_ARGUMENT| if the dispatcher has been closed; and |
| // - |MOJO_RESULT_FAILED_PRECONDITION| if it is not (or no longer) possible |
| // that |signals| will ever be satisfied. |
| MojoResult AddWaiter(Waiter* waiter, |
| MojoHandleSignals signals, |
| uint32_t context); |
| void RemoveWaiter(Waiter* waiter); |
| |
| // A dispatcher must be put into a special state in order to be sent across a |
| // message pipe. Outside of tests, only |HandleTableAccess| is allowed to do |
| // this, since there are requirements on the handle table (see below). |
| // |
| // In this special state, only a restricted set of operations is allowed. |
| // These are the ones available as |DispatcherTransport| methods. Other |
| // |Dispatcher| methods must not be called until |DispatcherTransport::End()| |
| // has been called. |
| class HandleTableAccess { |
| private: |
| friend class Core; |
| friend class HandleTable; |
| // Tests also need this, to avoid needing |Core|. |
| friend DispatcherTransport test::DispatcherTryStartTransport(Dispatcher*); |
| |
| // This must be called under the handle table lock and only if the handle |
| // table entry is not marked busy. The caller must maintain a reference to |
| // |dispatcher| until |DispatcherTransport::End()| is called. |
| static DispatcherTransport TryStartTransport(Dispatcher* dispatcher); |
| }; |
| |
| // A |TransportData| may serialize dispatchers that are given to it (and which |
| // were previously attached to the |MessageInTransit| that is creating it) to |
| // a given |Channel| and then (probably in a different process) deserialize. |
| // Note that the |MessageInTransit| "owns" (i.e., has the only ref to) these |
| // dispatchers, so there are no locking issues. (There's no lock ordering |
| // issue, and in fact no need to take dispatcher locks at all.) |
| // TODO(vtl): Consider making another wrapper similar to |DispatcherTransport| |
| // (but with an owning, unique reference), and having |
| // |CreateEquivalentDispatcherAndCloseImplNoLock()| return that wrapper (and |
| // |MessageInTransit|, etc. only holding on to such wrappers). |
| class TransportDataAccess { |
| private: |
| friend class TransportData; |
| |
| // Serialization API. These functions may only be called on such |
| // dispatchers. (|channel| is the |Channel| to which the dispatcher is to be |
| // serialized.) See the |Dispatcher| methods of the same names for more |
| // details. |
| static void StartSerialize(Dispatcher* dispatcher, |
| Channel* channel, |
| size_t* max_size, |
| size_t* max_platform_handles); |
| static bool EndSerializeAndClose( |
| Dispatcher* dispatcher, |
| Channel* channel, |
| void* destination, |
| size_t* actual_size, |
| embedder::PlatformHandleVector* platform_handles); |
| |
| // Deserialization API. |
| // Note: This "clears" (i.e., reset to the invalid handle) any platform |
| // handles that it takes ownership of. |
| static scoped_refptr<Dispatcher> Deserialize( |
| Channel* channel, |
| int32_t type, |
| const void* source, |
| size_t size, |
| embedder::PlatformHandleVector* platform_handles); |
| }; |
| |
| protected: |
| friend class base::RefCountedThreadSafe<Dispatcher>; |
| |
| Dispatcher(); |
| virtual ~Dispatcher(); |
| |
| // These are to be overridden by subclasses (if necessary). They are called |
| // exactly once -- first |CancelAllWaitersNoLock()|, then |CloseImplNoLock()|, |
| // when the dispatcher is being closed. They are called under |lock_|. |
| virtual void CancelAllWaitersNoLock(); |
| virtual void CloseImplNoLock(); |
| virtual scoped_refptr<Dispatcher> |
| CreateEquivalentDispatcherAndCloseImplNoLock() = 0; |
| |
| // These are to be overridden by subclasses (if necessary). They are never |
| // called after the dispatcher has been closed. They are called under |lock_|. |
| // See the descriptions of the methods without the "ImplNoLock" for more |
| // information. |
| virtual MojoResult WriteMessageImplNoLock( |
| const void* bytes, |
| uint32_t num_bytes, |
| std::vector<DispatcherTransport>* transports, |
| MojoWriteMessageFlags flags); |
| virtual MojoResult ReadMessageImplNoLock(void* bytes, |
| uint32_t* num_bytes, |
| DispatcherVector* dispatchers, |
| uint32_t* num_dispatchers, |
| MojoReadMessageFlags flags); |
| virtual MojoResult WriteDataImplNoLock(const void* elements, |
| uint32_t* num_bytes, |
| MojoWriteDataFlags flags); |
| virtual MojoResult BeginWriteDataImplNoLock(void** buffer, |
| uint32_t* buffer_num_bytes, |
| MojoWriteDataFlags flags); |
| virtual MojoResult EndWriteDataImplNoLock(uint32_t num_bytes_written); |
| virtual MojoResult ReadDataImplNoLock(void* elements, |
| uint32_t* num_bytes, |
| MojoReadDataFlags flags); |
| virtual MojoResult BeginReadDataImplNoLock(const void** buffer, |
| uint32_t* buffer_num_bytes, |
| MojoReadDataFlags flags); |
| virtual MojoResult EndReadDataImplNoLock(uint32_t num_bytes_read); |
| virtual MojoResult DuplicateBufferHandleImplNoLock( |
| const MojoDuplicateBufferHandleOptions* options, |
| scoped_refptr<Dispatcher>* new_dispatcher); |
| virtual MojoResult MapBufferImplNoLock( |
| uint64_t offset, |
| uint64_t num_bytes, |
| MojoMapBufferFlags flags, |
| scoped_ptr<RawSharedBufferMapping>* mapping); |
| virtual MojoResult AddWaiterImplNoLock(Waiter* waiter, |
| MojoHandleSignals signals, |
| uint32_t context); |
| virtual void RemoveWaiterImplNoLock(Waiter* waiter); |
| |
| // These implement the API used to serialize dispatchers to a |Channel| |
| // (described below). They will only be called on a dispatcher that's attached |
| // to and "owned" by a |MessageInTransit|. See the non-"impl" versions for |
| // more information. |
| // |
| // Note: |StartSerializeImplNoLock()| is actually called with |lock_| NOT |
| // held, since the dispatcher should only be accessible to the calling thread. |
| // On Debug builds, |EndSerializeAndCloseImplNoLock()| is called with |lock_| |
| // held, to satisfy any |lock_.AssertAcquired()| (e.g., in |CloseImplNoLock()| |
| // -- and anything it calls); disentangling those assertions is |
| // difficult/fragile, and would weaken our general checking of invariants. |
| // |
| // TODO(vtl): Consider making these pure virtual once most things support |
| // being passed over a message pipe. |
| virtual void StartSerializeImplNoLock(Channel* channel, |
| size_t* max_size, |
| size_t* max_platform_handles); |
| virtual bool EndSerializeAndCloseImplNoLock( |
| Channel* channel, |
| void* destination, |
| size_t* actual_size, |
| embedder::PlatformHandleVector* platform_handles); |
| |
| // Available to subclasses. (Note: Returns a non-const reference, just like |
| // |base::AutoLock|'s constructor takes a non-const reference.) |
| base::Lock& lock() const { return lock_; } |
| |
| private: |
| friend class DispatcherTransport; |
| |
| // This should be overridden to return true if/when there's an ongoing |
| // operation (e.g., two-phase read/writes on data pipes) that should prevent a |
| // handle from being sent over a message pipe (with status "busy"). |
| virtual bool IsBusyNoLock() const; |
| |
| // Closes the dispatcher. This must be done under lock, and unlike |Close()|, |
| // the dispatcher must not be closed already. (This is the "equivalent" of |
| // |CreateEquivalentDispatcherAndCloseNoLock()|, for situations where the |
| // dispatcher must be disposed of instead of "transferred".) |
| void CloseNoLock(); |
| |
| // Creates an equivalent dispatcher -- representing the same resource as this |
| // dispatcher -- and close (i.e., disable) this dispatcher. I.e., this |
| // dispatcher will look as though it was closed, but the resource it |
| // represents will be assigned to the new dispatcher. This must be called |
| // under the dispatcher's lock. |
| scoped_refptr<Dispatcher> CreateEquivalentDispatcherAndCloseNoLock(); |
| |
| // API to serialize dispatchers to a |Channel|, exposed to only |
| // |TransportData| (via |TransportData|). They may only be called on a |
| // dispatcher attached to a |MessageInTransit| (and in particular not in |
| // |CoreImpl|'s handle table). |
| // |
| // Starts the serialization. Returns (via the two "out" parameters) the |
| // maximum amount of space that may be needed to serialize this dispatcher to |
| // the given |Channel| (no more than |
| // |TransportData::kMaxSerializedDispatcherSize|) and the maximum number of |
| // |PlatformHandle|s that may need to be attached (no more than |
| // |TransportData::kMaxSerializedDispatcherPlatformHandles|). If this |
| // dispatcher cannot be serialized to the given |Channel|, |*max_size| and |
| // |*max_platform_handles| should be set to zero. A call to this method will |
| // ALWAYS be followed by a call to |EndSerializeAndClose()| (even if this |
| // dispatcher cannot be serialized to the given |Channel|). |
| void StartSerialize(Channel* channel, |
| size_t* max_size, |
| size_t* max_platform_handles); |
| // Completes the serialization of this dispatcher to the given |Channel| and |
| // closes it. (This call will always follow an earlier call to |
| // |StartSerialize()|, with the same |Channel|.) This does so by writing to |
| // |destination| and appending any |PlatformHandle|s needed to |
| // |platform_handles| (which may be null if no platform handles were indicated |
| // to be required to |StartSerialize()|). This may write no more than the |
| // amount indicated by |StartSerialize()|. (WARNING: Beware of races, e.g., if |
| // something can be mutated between the two calls!) Returns true on success, |
| // in which case |*actual_size| is set to the amount it actually wrote to |
| // |destination|. On failure, |*actual_size| should not be modified; however, |
| // the dispatcher will still be closed. |
| bool EndSerializeAndClose(Channel* channel, |
| void* destination, |
| size_t* actual_size, |
| embedder::PlatformHandleVector* platform_handles); |
| |
| // This protects the following members as well as any state added by |
| // subclasses. |
| mutable base::Lock lock_; |
| bool is_closed_; |
| |
| DISALLOW_COPY_AND_ASSIGN(Dispatcher); |
| }; |
| |
| // Wrapper around a |Dispatcher| pointer, while it's being processed to be |
| // passed in a message pipe. See the comment about |
| // |Dispatcher::HandleTableAccess| for more details. |
| // |
| // Note: This class is deliberately "thin" -- no more expensive than a |
| // |Dispatcher*|. |
| class MOJO_SYSTEM_IMPL_EXPORT DispatcherTransport { |
| public: |
| DispatcherTransport() : dispatcher_(NULL) {} |
| |
| void End(); |
| |
| Dispatcher::Type GetType() const { return dispatcher_->GetType(); } |
| bool IsBusy() const { return dispatcher_->IsBusyNoLock(); } |
| void Close() { dispatcher_->CloseNoLock(); } |
| scoped_refptr<Dispatcher> CreateEquivalentDispatcherAndClose() { |
| return dispatcher_->CreateEquivalentDispatcherAndCloseNoLock(); |
| } |
| |
| bool is_valid() const { return !!dispatcher_; } |
| |
| protected: |
| Dispatcher* dispatcher() { return dispatcher_; } |
| |
| private: |
| friend class Dispatcher::HandleTableAccess; |
| |
| explicit DispatcherTransport(Dispatcher* dispatcher) |
| : dispatcher_(dispatcher) {} |
| |
| Dispatcher* dispatcher_; |
| |
| // Copy and assign allowed. |
| }; |
| |
| } // namespace system |
| } // namespace mojo |
| |
| #endif // MOJO_SYSTEM_DISPATCHER_H_ |