Issue 4937147073167360: Issue 1672 - Subscribe and listen COM events using ATL::IDispEventImpl and BEGIN_SINK_MAP

Issue 4937147073167360: Issue 1672 - Subscribe and listen COM events using ATL::IDispEventImpl and BEGIN_SINK_MAP (Closed)

Created:
Dec. 8, 2014, 12:19 p.m. by sergei

Modified:
March 30, 2015, 7:24 a.m.

Reviewers:
Eric, Oleksandr

Visibility:
Public.

Description

# Wait for resolution reagarding http://codereview.adblockplus.org/6032593782833152/ - fix call of CPluginTabBase::OnDocumentComplete from OnDocumentComplete to pass the browser of the current frame, not the browser of the root page - remove interface IIEPlugin from idl file because we don't need it - remove CPluginClass::Invoke - add SINK_MAP to CPluginClass - remove CPluginClass::GetConnectionPoint because now we use ATL::IDispEventImpl::{DispEventAdvise,DispEventUnadvise} which do it. - remove CPluginClass::m_nConnectionID because now it lives in ATL::IDispEventImpl - extract the code from CPluginClass::Invoke into new methods - change to calling convention and adjust arguments of methods which are slots for the events to stdcall because it's required by ATL::IDispEventImpl - add more argument checks for all new and modified methods

Patch Set 1 #

Total comments: 8

Patch Set 2 : fix-NITs #

Total comments: 19

Patch Set 3 : fix accoring to comments without entry point #

Total comments: 2

Patch Set 4 : add exception wrappers #

Total comments: 4

Patch Set 5 : rebase, parent = 5d5eb4df1bf2 #

Created: March 13, 2015, 3:20 p.m.

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+1936 lines, -2066 lines)			Patch
M	src/plugin/AdblockPlus.idl	View	1 2 3 4	2 chunks	+1 line, -13 lines	0 comments	Download
M	src/plugin/PluginClass.h	View	1 2 3 4	1 chunk	+184 lines, -174 lines	0 comments	Download
M	src/plugin/PluginClass.cpp	View	1 2 3 4	1 chunk	+1750 lines, -1878 lines	0 comments	Download
M	src/plugin/PluginErrorCodes.h	View	1 2 3 4	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 22

Expand All Messages | Collapse All Messages

Eric

If I understand our requirements correctly, we need to be able to run under the ...

Dec. 31, 2014, 5:03 p.m. (2014-12-31 17:03:15 UTC) #1

Oleksandr

Looks great, with just a few nits. Looks like there will be some merge conflicts ...

Jan. 9, 2015, 12:02 a.m. (2015-01-09 00:02:16 UTC) #2

sergei

rebased and fixed http://codereview.adblockplus.org/4937147073167360/diff/5629499534213120/src/plugin/PluginClass.cpp File src/plugin/PluginClass.cpp (right): http://codereview.adblockplus.org/4937147073167360/diff/5629499534213120/src/plugin/PluginClass.cpp#newcode249 src/plugin/PluginClass.cpp:249: m_isAdviced = true; On 2015/01/09 00:02:17, ...

Jan. 9, 2015, 4:10 p.m. (2015-01-09 16:10:30 UTC) #3

Oleksandr

http://codereview.adblockplus.org/4937147073167360/diff/5766466041282560/src/plugin/PluginClass.cpp File src/plugin/PluginClass.cpp (right): http://codereview.adblockplus.org/4937147073167360/diff/5766466041282560/src/plugin/PluginClass.cpp#newcode309 src/plugin/PluginClass.cpp:309: // Unadvise I guess we can loose the captain ...

Jan. 10, 2015, 11:27 p.m. (2015-01-10 23:27:24 UTC) #4

Eric

See #1173 about the need to deal with entry points correctly. https://issues.adblockplus.org/ticket/1173 http://codereview.adblockplus.org/4937147073167360/diff/5766466041282560/src/plugin/PluginClass.cpp File src/plugin/PluginClass.cpp ...

Jan. 12, 2015, 2:18 p.m. (2015-01-12 14:18:07 UTC) #5

sergei

I've not addressed try-catch and entry points here, because I've created a proposal how it ...

Jan. 13, 2015, 11:49 a.m. (2015-01-13 11:49:12 UTC) #6

Eric

On 2015/01/13 11:49:12, sergei wrote: > I've not addressed try-catch and entry points here, because ...

Jan. 13, 2015, 5:43 p.m. (2015-01-13 17:43:45 UTC) #7

Eric

http://codereview.adblockplus.org/4937147073167360/diff/5766466041282560/src/plugin/PluginClass.cpp File src/plugin/PluginClass.cpp (right): http://codereview.adblockplus.org/4937147073167360/diff/5766466041282560/src/plugin/PluginClass.cpp#newcode246 src/plugin/PluginClass.cpp:246: HRESULT hr = DispEventAdvise(webBrowser); On 2015/01/13 11:49:12, sergei wrote: ...

Jan. 13, 2015, 6:44 p.m. (2015-01-13 18:44:30 UTC) #8

http://codereview.adblockplus.org/4937147073167360/diff/5766466041282560/src/...
File src/plugin/PluginClass.cpp (right):

http://codereview.adblockplus.org/4937147073167360/diff/5766466041282560/src/...
src/plugin/PluginClass.cpp:246: HRESULT hr = DispEventAdvise(webBrowser);
On 2015/01/13 11:49:12, sergei wrote:
> It does not belong to constructor/destructor pair.

It absolutely should be paired.

As it's written now, there's a race condition between calling DispEventAdvise()
and setting 'm_isAdvised'. In what should be the destructor, there's a
semaphore-protected block that ensures that DispEventUnadvise() is called
atomically with resetting 'm_isAdvised' (which is defective--see comment--but
whatever). There should be a similar semaphore-protected block for
DispEventAdvise().

So this pair of calls is managing a kind of event-connection resource, and
because it's a resource, it falls under the purview of RAII. Unlike with
connection points, there's no explicit handle or object associated with the
resource, but it's still a resource. The member 'm_isAdvised' acts as the proxy
for that resource.

Such a resource class should have two members:
  -- a browser pointer, to avoid calling the (de facto) global GetBrowser() in
the destructor.
  -- the semaphore used to protect the block. Per #1467, we can use the standard
library for this.

The class does not need 'm_isAdvised', because it would be redundant. Such a
member would always be true during the existence of the instance.

The member variable in CPluginClass can be unique_ptr<>, which will
automatically call the destructor. Presence of the allocated instance represents
presence of the resource.

http://codereview.adblockplus.org/4937147073167360/diff/5643440998055936/src/...
File src/plugin/PluginClass.cpp (right):

http://codereview.adblockplus.org/4937147073167360/diff/5643440998055936/src/...
src/plugin/PluginClass.cpp:1613: m_isAdvised = false;
If the call to DispEventUnadvise() fails, we should not reset the flag.

sergei

I've added try-catch. Regarding details of advising and unadvising, in general, it's not a part ...

Feb. 27, 2015, 6:27 p.m. (2015-02-27 18:27:36 UTC) #9

I've added try-catch.

Regarding details of advising and unadvising, in general, it's not a part of
this issue, if you think that we need it, please create an issue for it.

However, I would like to comment that now I don't see any race condition between
the call of DispEventAdvise() and setting m_isAdvised because there is no any
other thread at this moment which can access it, so we don't need to protect it
now. As well as, just in case, I've checked all cases when we access it.
- m_isAdvised is
-- set in the constructor (PluginClass.cpp), there is no any other thread at
this moment which can access it, so we don't need to protect it now.
-- modified and DispEventAdvise is called from CPluginClass::SetSite. At this
moment there is no any other thread which can use them, so it's not necessary to
protect them there.
- CPluginClass::Unadvise is called from (pay attention that it contains the
protection, so here we don't need to make any changes)
-- another thread (CPluginClass::StartInitObject)
-- "main" thread from
--- exception handler (`catch (std::runtime_error e)` in CPluginClass::SetSite)
--- CPluginClass::SetSite during the uninitialization
--- CPluginClass::OnOnQuit

Also, I would not say that we should pay attention that something can happen
between DispEventAdvise() and `m_isAdvised = true;` because we have a plenty of
such places, I would say it's completely enough safe here to don't care about
it.

> Such a resource class should have two members:
>   -- a browser pointer, to avoid calling the (de facto) global GetBrowser() in
> the destructor.
>   -- the semaphore used to protect the block. Per #1467, we can use the
standard
> library for this.
> 
> The class does not need 'm_isAdvised', because it would be redundant. Such a
> member would always be true during the existence of the instance.
> 
> The member variable in CPluginClass can be unique_ptr<>, which will
> automatically call the destructor. Presence of the allocated instance
represents
> presence of the resource.

In that case the semaphore cannot be a member of the resource because the
semaphore will be also deinitialized which will create a race condition (e.g.,
another thread can be working with it during the destroying of it). However, I
agree that we should not use one semaphore for the everything. Now it's even
shared among all instances of CPluginClass. Also, I think we need to check
whether we need `m_isAdvised` but I would say it's not important now.

http://codereview.adblockplus.org/4937147073167360/diff/5643440998055936/src/...
File src/plugin/PluginClass.cpp (right):

http://codereview.adblockplus.org/4937147073167360/diff/5643440998055936/src/...
src/plugin/PluginClass.cpp:1613: m_isAdvised = false;
On 2015/01/13 18:44:30, Eric wrote:
> If the call to DispEventUnadvise() fails, we should not reset the flag.

If it's already unadvised the value of `FAILED(hr)` is true and we should set
`m_isAdvised` to false. I would say it requires additional investigation whether
we even need `m_isAdvised`. So, it's also not relevant to the current changes.

Eric

On 2015/02/27 18:27:36, sergei wrote: > - m_isAdvised is > -- modified and DispEventAdvise is ...

Feb. 28, 2015, 7:18 p.m. (2015-02-28 19:18:22 UTC) #10

On 2015/02/27 18:27:36, sergei wrote:
> - m_isAdvised is
> -- modified and DispEventAdvise is called from CPluginClass::SetSite. At this
> moment there is no any other thread which can use them, so it's not necessary
to
> protect them there.

It is a bad idea to assert that SetSite is called only when there's no other
thread running. Such a claim relies on knowing the behavior of internal
threading and object pools of IE for all past and future versions. Thus, we
should assume that there's a race condition here.

> - CPluginClass::Unadvise is called from (pay attention that it contains the
> protection, so here we don't need to make any changes)

Unadvise() is implemented as an atomic, so I agree, that one is fine. At root,
what I'm asking for is a parallel function Advise() which is also atomic.

Now I also think that such a pair best belongs in a constructor/destructor pair.
But getting to a matched pair of atomic operations is more important than having
it arranged as RAII.

> In that case the semaphore cannot be a member of the resource because the
> semaphore will be also deinitialized which will create a race condition

Such a semaphore would be a static member, as all the other semaphores we have
are, such as 's_criticalSectionLocal' used in Unadvise().

> I would say it requires additional investigation whether
> we even need `m_isAdvised`. So, it's also not relevant to the current changes.

With better internal object architecture, we wouldn't need it. 'CPluginClass' is
a horribly overburdened class, combining BHO functions and UI functions. Its
initialization is also overburdened, mixing initialization for global-scope and
window-scope variables. Its deferred initialization behavior isn't correct,
because we are accepting events for handling before we know that the
initialization thread has finished, incurring race conditions. (There's even a
comment that we should wait for the initialization to finish in the destructor,
which 

The right architecture needs a class that handles events and a class that
manages the event-handling class. The manager needs to manage the advice
relationship. At startup, it must first construct the handler and then call
Advise(). At shutdown, it must call Unadvise(), then wait for all the events
that might be in the middle of processing to complete, and only then can it
destroy the handler. Right now all this is being done in 'CPluginClass', and
it's a mess. Fixing the mess means fixing 'SetSite' as well, and that's not
going to happen quickly.

--------

In the spirit of incremental progress, it's not worth to try to fix even very
many of these problems in the present change set. However, I would like to see
here an atomic 'Advise()'. It's a modest start and points in the right
direction. With that change, I'll be OK with leaving everything else for the
future and I'll consider this change set good enough to commit.

Eric

Editing problem. Here's the complete sentence: > (There's even a comment that we should wait ...

Feb. 28, 2015, 7:20 p.m. (2015-02-28 19:20:33 UTC) #11

sergei

On 2015/02/28 19:18:22, Eric wrote: > On 2015/02/27 18:27:36, sergei wrote: > > - m_isAdvised ...

March 9, 2015, 10:33 a.m. (2015-03-09 10:33:26 UTC) #12

On 2015/02/28 19:18:22, Eric wrote:
> On 2015/02/27 18:27:36, sergei wrote:
> > - m_isAdvised is
> > -- modified and DispEventAdvise is called from CPluginClass::SetSite. At
this
> > moment there is no any other thread which can use them, so it's not
necessary
> to
> > protect them there.
> 
> It is a bad idea to assert that SetSite is called only when there's no other
> thread running. Such a claim relies on knowing the behavior of internal
> threading and object pools of IE for all past and future versions. Thus, we
> should assume that there's a race condition here.
SetSite is only one entry point, how can there be some another thread accessing
this data?

> > - CPluginClass::Unadvise is called from (pay attention that it contains the
> > protection, so here we don't need to make any changes)
> 
> Unadvise() is implemented as an atomic, so I agree, that one is fine. At root,
> what I'm asking for is a parallel function Advise() which is also atomic.
> 
> Now I also think that such a pair best belongs in a constructor/destructor
pair.
> But getting to a matched pair of atomic operations is more important than
having
> it arranged as RAII.
I don't mind, although it's not necessary now and it's not a part of this issue.

> > In that case the semaphore cannot be a member of the resource because the
> > semaphore will be also deinitialized which will create a race condition
> 
> Such a semaphore would be a static member, as all the other semaphores we have
> are, such as 's_criticalSectionLocal' used in Unadvise().
Why should it be a static memeber? It only confuses and complicates the things.

> ...
> In the spirit of incremental progress, it's not worth to try to fix even very
> many of these problems in the present change set. However, I would like to see
> here an atomic 'Advise()'. It's a modest start and points in the right
> direction. With that change, I'll be OK with leaving everything else for the
> future and I'll consider this change set good enough to commit.
I think we don't need it because there is no case when it's needed but having it
encourages the developer to assume that it's needed which complicates the
understanding of the code.

Eric

On 2015/03/09 10:33:26, sergei wrote: > SetSite is only one entry point, how can there ...

March 9, 2015, 1:40 p.m. (2015-03-09 13:40:41 UTC) #13

Oleksandr

> The apparent behavior is that (IE-internal) browser objects instantiate a single > BHO object ...

March 10, 2015, 8:05 a.m. (2015-03-10 08:05:36 UTC) #14

Oleksandr

http://codereview.adblockplus.org/4937147073167360/diff/5631943370604544/src/plugin/PluginClass.cpp File src/plugin/PluginClass.cpp (right): http://codereview.adblockplus.org/4937147073167360/diff/5631943370604544/src/plugin/PluginClass.cpp#newcode491 src/plugin/PluginClass.cpp:491: /* [in] */ IDispatch* frameBrowserDisp, Since we do have ...

March 12, 2015, 5:10 a.m. (2015-03-12 05:10:57 UTC) #16

Eric

Noticed something else. Not a blocker to commit. http://codereview.adblockplus.org/4937147073167360/diff/5631943370604544/src/plugin/PluginClass.cpp File src/plugin/PluginClass.cpp (left): http://codereview.adblockplus.org/4937147073167360/diff/5631943370604544/src/plugin/PluginClass.cpp#oldcode630 src/plugin/PluginClass.cpp:630: DEBUG_GENERAL(tmp); ...

March 12, 2015, 10:43 p.m. (2015-03-12 22:43:14 UTC) #17

sergei

Please take a look at it again, because I've rebased it.

March 13, 2015, 3:45 p.m. (2015-03-13 15:45:31 UTC) #18

Oleksandr

March 13, 2015, 4:42 p.m. (2015-03-13 16:42:03 UTC) #20

sergei

March 13, 2015, 5:03 p.m. (2015-03-13 17:03:14 UTC) #21

Oleksandr

March 17, 2015, 2:44 a.m. (2015-03-17 02:44:52 UTC) #22

This was pushed here https://hg.adblockplus.org/adblockplusie/rev/66c71b83b105

Expand All Messages | Collapse All Messages