Inter-process Communication (IPC)¶
Firefox Desktop is a multi-process desktop application. Code requiring instrumentation may be on any of its processes, so FOG provide facilities to do just that.
Design¶
The IPC Design of FOG was worked out in bug 1618253.
It centred around a few specific concepts:
Forbidding Non-Commutative Operations¶
Because we cannot nicely impose a canonical ordering of metric operations across all processes, FOG forbids non-commutative metric operations in some circumstances.
For example,
Add()
-ing to a Counter metric works from multiple processes because the order doesn’t matter.
However, given a String metric being Set()
from multiple processes simultaneously,
which value should it take?
This ambiguity is not a good foundation to build trust on, so we forbid setting a String metric from multiple processes.
List of Forbidden Operations¶
Boolean’s
set
(this is the metric type’s only operation)Labeled Boolean’s
set
(this is the metric type’s only operation)String’s
set
(this is the metric type’s only operation)Labeled String’s
set
(this is the metric type’s only operation)String List’s
set
add
is permitted (order and uniqueness are not guaranteed)
Timespan’s
start
,stop
, andcancel
(these are the metric type’s only operations)UUID’s
set
andgenerateAndSet
(these are the metric type’s only operations)Datetime’s
set
(this is the metric type’s only operation)Quantity’s
set
(this is the metric type’s only operation)Labeled Quantity’s
set
(this is the metric type’s only operation)
This list may grow over time as new metric types are added.
The Unsafety Valve: permit_non_commutative_operations_over_ipc
¶
If you wish to forgo FOG’s protections and guarantees around ordering,
and use non-commutative operations in child processes,
you may mark your metric definition with the
permit_non_commutative_operations_over_ipc
metadata property,
like so:
unordered_category:
unordered_boolean_metric:
type: boolean
metadata:
permit_non_commutative_operations_over_ipc: true
...
This presently only supports:
Boolean metrics
Labeled Boolean metrics
Note
If there’s an metric type not on this list that you need to use in a non-parent process, please reach out on the #glean channel and we’ll help you out.
Process Agnosticism¶
For metric types that can be used cross-process, FOG provides no facility for identifying which process the instrumentation is on.
What this means is that if you accumulate to a Timing Distribution in multiple processes, all the samples from all the processes will be combined in the same metric.
If you wish to distinguish samples from different process types, you will need multiple metrics and inline code to select the proper one for the given process. For example:
if (XRE_GetProcessType() == GeckoProcessType_Default) {
mozilla::glean::performance::cache_size.Accumulate(numBytes / 1024);
} else {
mozilla::glean::performance::non_main_process_cache_size.Accumulate(numBytes / 1024);
}
Scheduling¶
FOG makes no guarantee about when non-main-process metric values are sent across IPC. FOG will try its best to schedule opportunistically in idle moments, and during orderly shutdowns.
There are a few cases where we provide more firm guarantees:
Tests¶
There are test-only APIs in Rust, C++, and Javascript.
These do not await a flush of child process metric values.
You can use the test-only method testFlushAllChildren
on the FOG
XPCOM component to await child data’s arrival:
await Services.fog.testFlushAllChildren();
See the test documentation for more details on testing FOG. For writing tests about instrumentation, see the instrumentation test documentation.
Pings¶
We do not guarantee that non-main-process data has made it into a specific ping.
Built-in pings are submitted by the Rust Glean SDK at times FOG doesn’t directly control, so there may be data not present in the parent process when a built-in ping is submitted. We don’t anticipate this causing a problem since child-process data that “misses” a given ping will be included in the next one.
At this time, Custom Pings must be sent in the parent process and have no mechanism to schedule their submission for after child-process data arrives in the parent process. bug 1732118 tracks the addition of such a mechanism or guarantee.
Shutdown¶
We will make a best effort during an orderly shutdown to flush all pending data in child processes. This means a disorderly shutdown (usually a crash) may result in child process data being lost.
Size¶
We don’t measure or keep an up-to-date calculation of the size of the IPC Payload. We do, however, keep a count of the number of times the IPC Payload has been accessed. This is used as a (very) conservative estimate of the size of the IPC Payload so we do not exceed the IPC message size limit.
See bug 1745660.
Mechanics¶
The rough design is that the parent process can request an immediate flush of pending data,
and each child process can decide to flush its pending data whenever it wishes.
The former is via FlushFOGData() returns (ByteBuf)
and the latter via FOGData(ByteBuf)
.
Pending Data is a buffer of bytes generated by bincode
in Rust in the Child,
handed off to C++, passed over IPC,
then given back to bincode
in Rust on the Parent.
Rust is then responsible for turning the pending data into metrics API calls on the metrics in the parent process.
Supported Process Types¶
FOG supports messaging between the following types of child process and the parent process:
content children (via
PContent
(for now. See bug 1641989)gmp children (via
PGMP
)gpu children (via
PGPU
)rdd children (via
PRDD
)socket children (via
PSocketProcess
)utility children (via
PUtilityProcess
)
See the process model docs for more information about what that means.
Adding Support for a new Process Type¶
Adding support for a new process type is a matter of extending the two messages mentioned above in “Mechanics” to another process type’s protocol (ipdl file).
Add two messages to the appropriate sections in
P<ProcessType>.ipdl
(( Note:
PGPU
should be the only ipdl whereparent
means the non-parent/-main/-UI process, but double-check that you get this correct.))Add
async FOGData(ByteBuf&& aBuf);
to the parent/main/UI process side of things (most oftenparent:
).Add
async FlushFOGData() returns (ByteBuf buf);
to the non-parent/-main/-UI side (most oftenchild:
).
Implement the protocol endpoints in
P<ProcessType>{Child|Parent}.{h|cpp}
The message added to the
parent:
section goes inP<ProcessType>Parent.{h|cpp}
and vice versa.
Add to
FOGIPC.cpp
’sFlushAllChildData
code thatEnumerates all processes of the newly-supported type (there may only be one),
Calls `SendFlushFOGData on each, and
Adds the resulting promise to the array.
Add to
FOGIPC.cpp
’sSendFOGData
the correctGeckoProcessType_*
enum value, and appropriate code for getting the parent process singleton and callingSendFOGData
on it.Add to the fog crate’s
register_process_shutdown
function handling for at-shutdown flushing of IPC data. If this isn’t added, we will log (but not panic) on the first use of Glean APIs on an unsupported process type.“Handling” might be an empty block with a comment explaining where to find it (like how
PROCESS_TYPE_DEFAULT
is handled)Or it might be custom code (like
PROCESS_TYPE_CONTENT
’s)
Add to the documented list of supported process types the process type you added support for.