Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef BASE_THREADING_THREAD_RESTRICTIONS_H_ |
| 6 | #define BASE_THREADING_THREAD_RESTRICTIONS_H_ |
| 7 | |
| 8 | #include "base/base_export.h" |
| 9 | #include "base/basictypes.h" |
| 10 | |
| 11 | // See comment at top of thread_checker.h |
| 12 | #if (!defined(NDEBUG) || defined(DCHECK_ALWAYS_ON)) |
| 13 | #define ENABLE_THREAD_RESTRICTIONS 1 |
| 14 | #else |
| 15 | #define ENABLE_THREAD_RESTRICTIONS 0 |
| 16 | #endif |
| 17 | |
| 18 | class AcceleratedPresenter; |
| 19 | class BrowserProcessImpl; |
| 20 | class HistogramSynchronizer; |
| 21 | class MetricsService; |
| 22 | class NativeBackendKWallet; |
| 23 | class ScopedAllowWaitForLegacyWebViewApi; |
| 24 | class TestingAutomationProvider; |
| 25 | |
| 26 | namespace browser_sync { |
| 27 | class NonFrontendDataTypeController; |
| 28 | class UIModelWorker; |
| 29 | } |
| 30 | namespace cc { |
| 31 | class CompletionEvent; |
| 32 | } |
| 33 | namespace chromeos { |
| 34 | class AudioMixerAlsa; |
| 35 | class BlockingMethodCaller; |
| 36 | namespace system { |
| 37 | class StatisticsProviderImpl; |
| 38 | } |
| 39 | } |
| 40 | namespace chrome_browser_net { |
| 41 | class Predictor; |
| 42 | } |
| 43 | namespace content { |
| 44 | class BrowserGpuChannelHostFactory; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 45 | class BrowserTestBase; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 46 | class GLHelper; |
| 47 | class GpuChannelHost; |
| 48 | class RenderWidgetHelper; |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 49 | class ScopedAllowWaitForAndroidLayoutTests; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 50 | class TextInputClientMac; |
| 51 | } |
| 52 | namespace dbus { |
| 53 | class Bus; |
| 54 | } |
| 55 | namespace disk_cache { |
| 56 | class BackendImpl; |
| 57 | class InFlightIO; |
| 58 | } |
| 59 | namespace media { |
| 60 | class AudioOutputController; |
| 61 | } |
| 62 | namespace net { |
| 63 | class FileStreamPosix; |
| 64 | class FileStreamWin; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 65 | namespace internal { |
| 66 | class AddressTrackerLinux; |
| 67 | } |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 68 | } |
| 69 | |
| 70 | namespace remoting { |
| 71 | class AutoThread; |
| 72 | } |
| 73 | |
| 74 | namespace base { |
| 75 | |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 76 | namespace android { |
| 77 | class JavaHandlerThread; |
| 78 | } |
| 79 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 80 | class SequencedWorkerPool; |
| 81 | class SimpleThread; |
| 82 | class Thread; |
| 83 | class ThreadTestHelper; |
| 84 | |
| 85 | // Certain behavior is disallowed on certain threads. ThreadRestrictions helps |
| 86 | // enforce these rules. Examples of such rules: |
| 87 | // |
| 88 | // * Do not do blocking IO (makes the thread janky) |
| 89 | // * Do not access Singleton/LazyInstance (may lead to shutdown crashes) |
| 90 | // |
| 91 | // Here's more about how the protection works: |
| 92 | // |
| 93 | // 1) If a thread should not be allowed to make IO calls, mark it: |
| 94 | // base::ThreadRestrictions::SetIOAllowed(false); |
| 95 | // By default, threads *are* allowed to make IO calls. |
| 96 | // In Chrome browser code, IO calls should be proxied to the File thread. |
| 97 | // |
| 98 | // 2) If a function makes a call that will go out to disk, check whether the |
| 99 | // current thread is allowed: |
| 100 | // base::ThreadRestrictions::AssertIOAllowed(); |
| 101 | // |
| 102 | // |
| 103 | // Style tip: where should you put AssertIOAllowed checks? It's best |
| 104 | // if you put them as close to the disk access as possible, at the |
| 105 | // lowest level. This rule is simple to follow and helps catch all |
| 106 | // callers. For example, if your function GoDoSomeBlockingDiskCall() |
| 107 | // only calls other functions in Chrome and not fopen(), you should go |
| 108 | // add the AssertIOAllowed checks in the helper functions. |
| 109 | |
| 110 | class BASE_EXPORT ThreadRestrictions { |
| 111 | public: |
| 112 | // Constructing a ScopedAllowIO temporarily allows IO for the current |
| 113 | // thread. Doing this is almost certainly always incorrect. |
| 114 | class BASE_EXPORT ScopedAllowIO { |
| 115 | public: |
| 116 | ScopedAllowIO() { previous_value_ = SetIOAllowed(true); } |
| 117 | ~ScopedAllowIO() { SetIOAllowed(previous_value_); } |
| 118 | private: |
| 119 | // Whether IO is allowed when the ScopedAllowIO was constructed. |
| 120 | bool previous_value_; |
| 121 | |
| 122 | DISALLOW_COPY_AND_ASSIGN(ScopedAllowIO); |
| 123 | }; |
| 124 | |
| 125 | // Constructing a ScopedAllowSingleton temporarily allows accessing for the |
| 126 | // current thread. Doing this is almost always incorrect. |
| 127 | class BASE_EXPORT ScopedAllowSingleton { |
| 128 | public: |
| 129 | ScopedAllowSingleton() { previous_value_ = SetSingletonAllowed(true); } |
| 130 | ~ScopedAllowSingleton() { SetSingletonAllowed(previous_value_); } |
| 131 | private: |
| 132 | // Whether singleton use is allowed when the ScopedAllowSingleton was |
| 133 | // constructed. |
| 134 | bool previous_value_; |
| 135 | |
| 136 | DISALLOW_COPY_AND_ASSIGN(ScopedAllowSingleton); |
| 137 | }; |
| 138 | |
| 139 | #if ENABLE_THREAD_RESTRICTIONS |
| 140 | // Set whether the current thread to make IO calls. |
| 141 | // Threads start out in the *allowed* state. |
| 142 | // Returns the previous value. |
| 143 | static bool SetIOAllowed(bool allowed); |
| 144 | |
| 145 | // Check whether the current thread is allowed to make IO calls, |
| 146 | // and DCHECK if not. See the block comment above the class for |
| 147 | // a discussion of where to add these checks. |
| 148 | static void AssertIOAllowed(); |
| 149 | |
| 150 | // Set whether the current thread can use singletons. Returns the previous |
| 151 | // value. |
| 152 | static bool SetSingletonAllowed(bool allowed); |
| 153 | |
| 154 | // Check whether the current thread is allowed to use singletons (Singleton / |
| 155 | // LazyInstance). DCHECKs if not. |
| 156 | static void AssertSingletonAllowed(); |
| 157 | |
| 158 | // Disable waiting on the current thread. Threads start out in the *allowed* |
| 159 | // state. Returns the previous value. |
| 160 | static void DisallowWaiting(); |
| 161 | |
| 162 | // Check whether the current thread is allowed to wait, and DCHECK if not. |
| 163 | static void AssertWaitAllowed(); |
| 164 | #else |
| 165 | // Inline the empty definitions of these functions so that they can be |
| 166 | // compiled out. |
| 167 | static bool SetIOAllowed(bool allowed) { return true; } |
| 168 | static void AssertIOAllowed() {} |
| 169 | static bool SetSingletonAllowed(bool allowed) { return true; } |
| 170 | static void AssertSingletonAllowed() {} |
| 171 | static void DisallowWaiting() {} |
| 172 | static void AssertWaitAllowed() {} |
| 173 | #endif |
| 174 | |
| 175 | private: |
| 176 | // DO NOT ADD ANY OTHER FRIEND STATEMENTS, talk to jam or brettw first. |
| 177 | // BEGIN ALLOWED USAGE. |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 178 | friend class content::BrowserTestBase; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 179 | friend class content::RenderWidgetHelper; |
Ben Murdoch | eb525c5 | 2013-07-10 11:40:50 +0100 | [diff] [blame] | 180 | friend class content::ScopedAllowWaitForAndroidLayoutTests; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 181 | friend class ::HistogramSynchronizer; |
| 182 | friend class ::ScopedAllowWaitForLegacyWebViewApi; |
| 183 | friend class ::TestingAutomationProvider; |
| 184 | friend class cc::CompletionEvent; |
| 185 | friend class remoting::AutoThread; |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 186 | friend class MessagePumpDefault; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 187 | friend class SequencedWorkerPool; |
| 188 | friend class SimpleThread; |
| 189 | friend class Thread; |
| 190 | friend class ThreadTestHelper; |
Torne (Richard Coles) | 90dce4d | 2013-05-29 14:40:03 +0100 | [diff] [blame] | 191 | friend class PlatformThread; |
Ben Murdoch | bb1529c | 2013-08-08 10:24:53 +0100 | [diff] [blame^] | 192 | friend class android::JavaHandlerThread; |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 193 | |
| 194 | // END ALLOWED USAGE. |
| 195 | // BEGIN USAGE THAT NEEDS TO BE FIXED. |
| 196 | friend class ::chromeos::AudioMixerAlsa; // http://crbug.com/125206 |
| 197 | friend class ::chromeos::BlockingMethodCaller; // http://crbug.com/125360 |
| 198 | friend class ::chromeos::system::StatisticsProviderImpl; // http://crbug.com/125385 |
| 199 | friend class browser_sync::NonFrontendDataTypeController; // http://crbug.com/19757 |
| 200 | friend class browser_sync::UIModelWorker; // http://crbug.com/19757 |
| 201 | friend class chrome_browser_net::Predictor; // http://crbug.com/78451 |
| 202 | friend class |
| 203 | content::BrowserGpuChannelHostFactory; // http://crbug.com/125248 |
| 204 | friend class content::GLHelper; // http://crbug.com/125415 |
| 205 | friend class content::GpuChannelHost; // http://crbug.com/125264 |
| 206 | friend class content::TextInputClientMac; // http://crbug.com/121917 |
| 207 | friend class dbus::Bus; // http://crbug.com/125222 |
| 208 | friend class disk_cache::BackendImpl; // http://crbug.com/74623 |
| 209 | friend class disk_cache::InFlightIO; // http://crbug.com/74623 |
| 210 | friend class media::AudioOutputController; // http://crbug.com/120973 |
| 211 | friend class net::FileStreamPosix; // http://crbug.com/115067 |
| 212 | friend class net::FileStreamWin; // http://crbug.com/115067 |
Torne (Richard Coles) | 2a99a7e | 2013-03-28 15:31:22 +0000 | [diff] [blame] | 213 | friend class net::internal::AddressTrackerLinux; // http://crbug.com/125097 |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 214 | friend class ::AcceleratedPresenter; // http://crbug.com/125391 |
| 215 | friend class ::BrowserProcessImpl; // http://crbug.com/125207 |
| 216 | friend class ::MetricsService; // http://crbug.com/124954 |
| 217 | friend class ::NativeBackendKWallet; // http://crbug.com/125331 |
| 218 | // END USAGE THAT NEEDS TO BE FIXED. |
| 219 | |
| 220 | #if ENABLE_THREAD_RESTRICTIONS |
| 221 | static bool SetWaitAllowed(bool allowed); |
| 222 | #else |
| 223 | static bool SetWaitAllowed(bool allowed) { return true; } |
| 224 | #endif |
| 225 | |
| 226 | // Constructing a ScopedAllowWait temporarily allows waiting on the current |
| 227 | // thread. Doing this is almost always incorrect, which is why we limit who |
| 228 | // can use this through friend. If you find yourself needing to use this, find |
| 229 | // another way. Talk to jam or brettw. |
| 230 | class BASE_EXPORT ScopedAllowWait { |
| 231 | public: |
| 232 | ScopedAllowWait() { previous_value_ = SetWaitAllowed(true); } |
| 233 | ~ScopedAllowWait() { SetWaitAllowed(previous_value_); } |
| 234 | private: |
| 235 | // Whether singleton use is allowed when the ScopedAllowWait was |
| 236 | // constructed. |
| 237 | bool previous_value_; |
| 238 | |
| 239 | DISALLOW_COPY_AND_ASSIGN(ScopedAllowWait); |
| 240 | }; |
| 241 | |
| 242 | DISALLOW_IMPLICIT_CONSTRUCTORS(ThreadRestrictions); |
| 243 | }; |
| 244 | |
| 245 | } // namespace base |
| 246 | |
| 247 | #endif // BASE_THREADING_THREAD_RESTRICTIONS_H_ |