Confirmed users
307
edits
SecurityEngineering/NSS Startup and Shutdown in Gecko: Difference between revisions
SecurityEngineering/NSS Startup and Shutdown in Gecko (view source)
Revision as of 00:23, 1 January 2016
, 1 January 2016→The Desired Setup: wording nit
(→The Desired Setup: add more about NSS resources and leaks) |
(→The Desired Setup: wording nit) |
||
| Line 15: | Line 15: | ||
=== The Desired Setup === | === The Desired Setup === | ||
NSS should be initialized exactly once and shut down exactly once. Code that uses it should only be able to run after NSS is guaranteed to be initialized. While such code is running, it should prevent NSS from being shut down out from under it. When NSS is about to be shut down, all NSS resources held by the platform should be released. Any NSS resource leaks as detected by NSS_Shutdown should be fatal in debug builds. Once NSS has been shut down (upon notification that the entire process is shutting down), all methods that would use NSS | NSS should be initialized exactly once and shut down exactly once. Code that uses it should only be able to run after NSS is guaranteed to be initialized. While such code is running, it should prevent NSS from being shut down out from under it. When NSS is about to be shut down, all NSS resources held by the platform should be released. Any NSS resource leaks as detected by NSS_Shutdown should be fatal in debug builds. Once NSS has been shut down (upon notification that the entire process is shutting down), all methods that would use NSS must first check for this and return an error. | ||
Writing new code that correctly deals with these restrictions should be easy. | Writing new code that correctly deals with these restrictions should be easy. | ||