Electrolysis/Errors and Shutdown: Difference between revisions
(errors and shutdown summary) |
(be explicit about protocol error termination) |
||
| Line 1: | Line 1: | ||
The chrome process should remain stable even when the content process crashes, hangs, or becomes otherwise unusable. | The chrome process should remain stable even when the content process crashes, hangs, or becomes otherwise unusable. | ||
If a malformed or otherwise illegal message is sent across the IPC wire, no recovery should be attempted: the child process should be immediately terminated as if it crashed. | |||
When a content process is intentionally no longer needed, it should shut down. In release builds, there is no reason to shut down "cleanly", and the content process can just _abort(). In debug/leaktesting builds, the content process should perform a full shutdown so that leak testing can verify that there are no leaked objects. | When a content process is intentionally no longer needed, it should shut down. In release builds, there is no reason to shut down "cleanly", and the content process can just _abort(). In debug/leaktesting builds, the content process should perform a full shutdown so that leak testing can verify that there are no leaked objects. | ||
Revision as of 22:49, 25 August 2009
The chrome process should remain stable even when the content process crashes, hangs, or becomes otherwise unusable.
If a malformed or otherwise illegal message is sent across the IPC wire, no recovery should be attempted: the child process should be immediately terminated as if it crashed.
When a content process is intentionally no longer needed, it should shut down. In release builds, there is no reason to shut down "cleanly", and the content process can just _abort(). In debug/leaktesting builds, the content process should perform a full shutdown so that leak testing can verify that there are no leaked objects.
IPDL Notifications
On both the Parent and Child side, IPDL will notify protocol actors when a connection shuts down:
enum IPCShutdownReason {
IPCShutdownNormal,
IPCShutdownProtocolError,
IPCShutdownCrash,
IPCShutdownHang
};
virtual void ActorProtocolParent::Shutdown(IPCShutdownReason reason) = 0;
virtual void ActorProtocolChild::Shutdown(IPCShutdownReason reason) {
// the default child implementation asserts
NS_ASSERTION("Subobject was not destroyed before shutdown.");
}
Note that child actors will only be notified about normal shutdown, and only in debug/leak builds (in all other cases the child process will simply abort).