Mojo: Add the ability to notify a Mojo Channel that it's going to be destroyed soon.

mojo/system/channel.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "mojo/system/channel.h"
 
 #include <algorithm>
 
 #include "base/bind.h"
 #include "base/compiler_specific.h"
@@ skipping 18 matching lines @@
 }
 
 Channel::EndpointInfo::EndpointInfo(scoped_refptr<MessagePipe> message_pipe,
                                     unsigned port)
     : state(STATE_NORMAL), message_pipe(message_pipe), port(port) {
 }
 
 Channel::EndpointInfo::~EndpointInfo() {
 }
 
-Channel::Channel() : is_running_(false), next_local_id_(kBootstrapEndpointId) {
+Channel::Channel()
+    : is_running_(false),
+      is_shutting_down_(false),
+      next_local_id_(kBootstrapEndpointId) {
 }
 
 bool Channel::Init(scoped_ptr<RawChannel> raw_channel) {
   DCHECK(creation_thread_checker_.CalledOnValidThread());
   DCHECK(raw_channel);
 
   // No need to take |lock_|, since this must be called before this object
   // becomes thread-safe.
-  DCHECK(!is_running_no_lock());
+  DCHECK(!is_running_);
   raw_channel_ = raw_channel.Pass();
 
   if (!raw_channel_->Init(this)) {
     raw_channel_.reset();
     return false;
   }
 
   is_running_ = true;
   return true;
 }
 
 void Channel::Shutdown() {
   DCHECK(creation_thread_checker_.CalledOnValidThread());
 
   IdToEndpointInfoMap to_destroy;
   {
     base::AutoLock locker(lock_);
-    if (!is_running_no_lock())
+    if (!is_running_)
       return;
 
     // Note: Don't reset |raw_channel_|, in case we're being called from within
     // |OnReadMessage()| or |OnError()|.
     raw_channel_->Shutdown();
     is_running_ = false;
 
     // We need to deal with it outside the lock.
     std::swap(to_destroy, local_id_to_endpoint_info_map_);
   }
 
   size_t num_live = 0;
   size_t num_zombies = 0;
   for (IdToEndpointInfoMap::iterator it = to_destroy.begin();
        it != to_destroy.end();
        ++it) {
     if (it->second.state == EndpointInfo::STATE_NORMAL) {
       it->second.message_pipe->OnRemove(it->second.port);
       num_live++;
     } else {
       DCHECK(!it->second.message_pipe);
       num_zombies++;
     }
   }
   DVLOG_IF(2, num_live || num_zombies) << "Shut down Channel with " << num_live
                                        << " live endpoints and " << num_zombies
                                        << " zombies";
 }
 
+void Channel::WillShutdownSoon() {
+  base::AutoLock locker(lock_);
+  is_shutting_down_ = true;
+}
+
 MessageInTransit::EndpointId Channel::AttachMessagePipeEndpoint(
     scoped_refptr<MessagePipe> message_pipe,
     unsigned port) {
   DCHECK(message_pipe);
   DCHECK(port == 0 || port == 1);
 
   MessageInTransit::EndpointId local_id;
   {
     base::AutoLock locker(lock_);
 
+    DLOG_IF(WARNING, is_shutting_down_)
+        << "AttachMessagePipeEndpoint() while shutting down";
+
     while (next_local_id_ == MessageInTransit::kInvalidEndpointId ||
            local_id_to_endpoint_info_map_.find(next_local_id_) !=
                local_id_to_endpoint_info_map_.end())
       next_local_id_++;
 
     local_id = next_local_id_;
     next_local_id_++;
 
     // TODO(vtl): Use emplace when we move to C++11 unordered_maps. (It'll avoid
     // some expensive reference count increment/decrements.) Once this is done,
@@ skipping 28 matching lines @@
   }
   return MessageInTransit::kInvalidEndpointId;
 }
 
 bool Channel::RunMessagePipeEndpoint(MessageInTransit::EndpointId local_id,
                                      MessageInTransit::EndpointId remote_id) {
   EndpointInfo endpoint_info;
   {
     base::AutoLock locker(lock_);
 
+    DLOG_IF(WARNING, is_shutting_down_)
+        << "RunMessagePipeEndpoint() while shutting down";
+
     IdToEndpointInfoMap::const_iterator it =
         local_id_to_endpoint_info_map_.find(local_id);
     if (it == local_id_to_endpoint_info_map_.end())
       return false;
     endpoint_info = it->second;
   }
 
   // Assume that this was in response to |kSubtypeChannelRunMessagePipeEndpoint|
   // and ignore it.
   if (endpoint_info.state != EndpointInfo::STATE_NORMAL) {
@@ skipping 26 matching lines @@
     HandleLocalError(base::StringPrintf(
         "Failed to send message to run remote message pipe endpoint (local ID "
         "%u, remote ID %u)",
         static_cast<unsigned>(local_id),
         static_cast<unsigned>(remote_id)));
   }
 }
 
 bool Channel::WriteMessage(scoped_ptr<MessageInTransit> message) {
   base::AutoLock locker(lock_);
-  if (!is_running_no_lock()) {
+  if (!is_running_) {
     // TODO(vtl): I think this is probably not an error condition, but I should
     // think about it (and the shutdown sequence) more carefully.
     LOG(WARNING) << "WriteMessage() after shutdown";
     return false;
   }
 
+  DLOG_IF(WARNING, is_shutting_down_) << "WriteMessage() while shutting down";
   return raw_channel_->WriteMessage(message.Pass());
 }
 
 bool Channel::IsWriteBufferEmpty() {
   base::AutoLock locker(lock_);
-  if (!is_running_no_lock())
+  if (!is_running_)
     return true;
   return raw_channel_->IsWriteBufferEmpty();
 }
 
 void Channel::DetachMessagePipeEndpoint(
     MessageInTransit::EndpointId local_id,
     MessageInTransit::EndpointId remote_id) {
   DCHECK_NE(local_id, MessageInTransit::kInvalidEndpointId);
 
   bool should_send_remove_message = false;
   {
     base::AutoLock locker_(lock_);
-    if (!is_running_no_lock())
+    if (!is_running_)
       return;
 
     IdToEndpointInfoMap::iterator it =
         local_id_to_endpoint_info_map_.find(local_id);
     DCHECK(it != local_id_to_endpoint_info_map_.end());
 
     switch (it->second.state) {
       case EndpointInfo::STATE_NORMAL:
         it->second.state = EndpointInfo::STATE_WAIT_REMOTE_REMOVE_ACK;
         it->second.message_pipe = NULL;
@@ skipping 25 matching lines @@
         static_cast<unsigned>(remote_id)));
   }
 }
 
 size_t Channel::GetSerializedPlatformHandleSize() const {
   return raw_channel_->GetSerializedPlatformHandleSize();
 }
 
 Channel::~Channel() {
   // The channel should have been shut down first.
-  DCHECK(!is_running_no_lock());
+  DCHECK(!is_running_);
 }
 
 void Channel::OnReadMessage(
     const MessageInTransit::View& message_view,
     embedder::ScopedPlatformHandleVectorPtr platform_handles) {
   switch (message_view.type()) {
     case MessageInTransit::kTypeMessagePipeEndpoint:
     case MessageInTransit::kTypeMessagePipe:
       OnReadMessageForDownstream(message_view, platform_handles.Pass());
       break;
     case MessageInTransit::kTypeChannel:
       OnReadMessageForChannel(message_view, platform_handles.Pass());
       break;
     default:
       HandleRemoteError(
           base::StringPrintf("Received message of invalid type %u",
                              static_cast<unsigned>(message_view.type())));
       break;
   }
 }
 
 void Channel::OnError(Error error) {
   switch (error) {
     case ERROR_READ_SHUTDOWN:
       // The other side was cleanly closed, so this isn't actually an error.
       DVLOG(1) << "RawChannel read error (shutdown)";
       break;
-    case ERROR_READ_BROKEN:
-      LOG(ERROR) << "RawChannel read error (connection broken)";
+    case ERROR_READ_BROKEN: {
+      base::AutoLock locker(lock_);
+      LOG_IF(ERROR, !is_shutting_down_)
+          << "RawChannel read error (connection broken)";
       break;
+    }
     case ERROR_READ_BAD_MESSAGE:
       // Receiving a bad message means either a bug, data corruption, or
       // malicious attack (probably due to some other bug).
       LOG(ERROR) << "RawChannel read error (received bad message)";
       break;
     case ERROR_READ_UNKNOWN:
       LOG(ERROR) << "RawChannel read error (unknown)";
       break;
     case ERROR_WRITE:
       // Write errors are slightly notable: they probably shouldn't happen under
@@ skipping 16 matching lines @@
     return;
   }
 
   EndpointInfo endpoint_info;
   {
     base::AutoLock locker(lock_);
 
     // Since we own |raw_channel_|, and this method and |Shutdown()| should only
     // be called from the creation thread, |raw_channel_| should never be null
     // here.
-    DCHECK(is_running_no_lock());
+    DCHECK(is_running_);
 
     IdToEndpointInfoMap::const_iterator it =
         local_id_to_endpoint_info_map_.find(local_id);
     if (it == local_id_to_endpoint_info_map_.end()) {
       HandleRemoteError(base::StringPrintf(
           "Received a message for nonexistent local destination ID %u",
           static_cast<unsigned>(local_id)));
       // This is strongly indicative of some problem. However, it's not a fatal
       // error, since it may indicate a bug (or hostile) remote process. Don't
       // die even for Debug builds, since handling this properly needs to be
@@ skipping 156 matching lines @@
   // TODO(vtl): Is this how we really want to handle this?
   // Sometimes we'll want to propagate the error back to the message pipe
   // (endpoint), and notify it that the remote is (effectively) closed.
   // Sometimes we'll want to kill the channel (and notify all the endpoints that
   // their remotes are dead.
   LOG(WARNING) << error_message;
 }
 
 }  // namespace system
 }  // namespace mojo