author Phil Ringnalda <>
Sat, 29 Oct 2016 00:16:01 -0700
changeset 320106 75db19443bc054c4babd9567f837c2618947cc6c
parent 285924 bc6e8eb75949f36b116abceb33e3281d675396b5
permissions -rw-r--r--
Backed out changeset 4537bb4cfb82 (bug 1312571) to back out what it depends on

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at */

"use strict";

this.EXPORTED_SYMBOLS = ["SessionFile"];

 * Implementation of all the disk I/O required by the session store.
 * This is a private API, meant to be used only by the session store.
 * It will change. Do not use it for any other purpose.
 * Note that this module implicitly depends on one of two things:
 * 1. either the asynchronous file I/O system enqueues its requests
 *   and never attempts to simultaneously execute two I/O requests on
 *   the files used by this module from two distinct threads; or
 * 2. the clients of this API are well-behaved and do not place
 *   concurrent requests to the files used by this module.
 * Otherwise, we could encounter bugs, especially under Windows,
 *   e.g. if a request attempts to write sessionstore.js while
 *   another attempts to copy that file.
 * This implementation uses OS.File, which guarantees property 1.

const Cu = Components.utils;
const Cc = Components.classes;
const Ci = Components.interfaces;
const Cr = Components.results;


XPCOMUtils.defineLazyModuleGetter(this, "console",
XPCOMUtils.defineLazyModuleGetter(this, "PromiseUtils",
XPCOMUtils.defineLazyModuleGetter(this, "RunState",
XPCOMUtils.defineLazyModuleGetter(this, "TelemetryStopwatch",
XPCOMUtils.defineLazyModuleGetter(this, "Task",
XPCOMUtils.defineLazyServiceGetter(this, "Telemetry",
  ";1", "nsITelemetry");
XPCOMUtils.defineLazyServiceGetter(this, "sessionStartup",
  ";1", "nsISessionStartup");
XPCOMUtils.defineLazyModuleGetter(this, "SessionWorker",
XPCOMUtils.defineLazyModuleGetter(this, "SessionStore",

const PREF_UPGRADE_BACKUP = "browser.sessionstore.upgradeBackup.latestBuildID";
const PREF_MAX_UPGRADE_BACKUPS = "browser.sessionstore.upgradeBackup.maxUpgradeBackups";

const PREF_MAX_SERIALIZE_BACK = "browser.sessionstore.max_serialize_back";
const PREF_MAX_SERIALIZE_FWD = "browser.sessionstore.max_serialize_forward";

this.SessionFile = {
   * Read the contents of the session file, asynchronously.
  read: function () {
   * Write the contents of the session file, asynchronously.
  write: function (aData) {
    return SessionFileInternal.write(aData);
   * Wipe the contents of the session file, asynchronously.
  wipe: function () {
    return SessionFileInternal.wipe();

   * Return the paths to the files used to store, backup, etc.
   * the state of the file.
  get Paths() {
    return SessionFileInternal.Paths;


var Path = OS.Path;
var profileDir = OS.Constants.Path.profileDir;

var SessionFileInternal = {
  Paths: Object.freeze({
    // The path to the latest version of sessionstore written during a clean
    // shutdown. After startup, it is renamed `cleanBackup`.
    clean: Path.join(profileDir, "sessionstore.js"),

    // The path at which we store the previous version of `clean`. Updated
    // whenever we successfully load from `clean`.
    cleanBackup: Path.join(profileDir, "sessionstore-backups", "previous.js"),

    // The directory containing all sessionstore backups.
    backups: Path.join(profileDir, "sessionstore-backups"),

    // The path to the latest version of the sessionstore written
    // during runtime. Generally, this file contains more
    // privacy-sensitive information than |clean|, and this file is
    // therefore removed during clean shutdown. This file is designed to protect
    // against crashes / sudden shutdown.
    recovery: Path.join(profileDir, "sessionstore-backups", "recovery.js"),

    // The path to the previous version of the sessionstore written
    // during runtime (e.g. 15 seconds before recovery). In case of a
    // clean shutdown, this file is removed.  Generally, this file
    // contains more privacy-sensitive information than |clean|, and
    // this file is therefore removed during clean shutdown.  This
    // file is designed to protect against crashes that are nasty
    // enough to corrupt |recovery|.
    recoveryBackup: Path.join(profileDir, "sessionstore-backups", "recovery.bak"),

    // The path to a backup created during an upgrade of Firefox.
    // Having this backup protects the user essentially from bugs in
    // Firefox or add-ons, especially for users of Nightly. This file
    // does not contain any information more sensitive than |clean|.
    upgradeBackupPrefix: Path.join(profileDir, "sessionstore-backups", "upgrade.js-"),

    // The path to the backup of the version of the session store used
    // during the latest upgrade of Firefox. During load/recovery,
    // this file should be used if both |path|, |backupPath| and
    // |latestStartPath| are absent/incorrect.  May be "" if no
    // upgrade backup has ever been performed. This file does not
    // contain any information more sensitive than |clean|.
    get upgradeBackup() {
      let latestBackupID = SessionFileInternal.latestUpgradeBackupID;
      if (!latestBackupID) {
        return "";
      return this.upgradeBackupPrefix + latestBackupID;

    // The path to a backup created during an upgrade of Firefox.
    // Having this backup protects the user essentially from bugs in
    // Firefox, especially for users of Nightly.
    get nextUpgradeBackup() {
      return this.upgradeBackupPrefix + Services.appinfo.platformBuildID;

     * The order in which to search for a valid sessionstore file.
    get loadOrder() {
      // If `clean` exists and has been written without corruption during
      // the latest shutdown, we need to use it.
      // Otherwise, `recovery` and `recoveryBackup` represent the most
      // recent state of the session store.
      // Finally, if nothing works, fall back to the last known state
      // that can be loaded (`cleanBackup`) or, if available, to the
      // backup performed during the latest upgrade.
      let order = ["clean",
      if (SessionFileInternal.latestUpgradeBackupID) {
        // We have an upgradeBackup
      return order;

  // Number of attempted calls to `write`.
  // Note that we may have _attempts > _successes + _failures,
  // if attempts never complete.
  // Used for error reporting.
  _attempts: 0,

  // Number of successful calls to `write`.
  // Used for error reporting.
  _successes: 0,

  // Number of failed calls to `write`.
  // Used for error reporting.
  _failures: 0,

  // Resolved once initialization is complete.
  // The promise never rejects.
  _deferredInitialized: PromiseUtils.defer(),

  // `true` once we have started initialization, i.e. once something
  // has been scheduled that will eventually resolve `_deferredInitialized`.
  _initializationStarted: false,

  // The ID of the latest version of Gecko for which we have an upgrade backup
  // or |undefined| if no upgrade backup was ever written.
  get latestUpgradeBackupID() {
    try {
      return Services.prefs.getCharPref(PREF_UPGRADE_BACKUP);
    } catch (ex) {
      return undefined;

  // Find the correct session file, read it and setup the worker.
  read: Task.async(function* () {
    this._initializationStarted = true;

    let result;
    let noFilesFound = true;
    // Attempt to load by order of priority from the various backups
    for (let key of this.Paths.loadOrder) {
      let corrupted = false;
      let exists = true;
      try {
        let path = this.Paths[key];
        let startMs =;

        let source = yield, { encoding: "utf-8" });
        let parsed = JSON.parse(source);

        if (!SessionStore.isFormatVersionCompatible(parsed.version || ["sessionrestore", 0] /*fallback for old versions*/)) {
          // Skip sessionstore files that we don't understand.
          Cu.reportError("Cannot extract data from Session Restore file " + path + ". Wrong format/version: " + JSON.stringify(parsed.version) + ".");
        result = {
          origin: key,
          source: source,
          parsed: parsed
          add( - startMs);
      } catch (ex if ex instanceof OS.File.Error && ex.becauseNoSuchFile) {
        exists = false;
      } catch (ex if ex instanceof OS.File.Error) {
        // The file might be inaccessible due to wrong permissions
        // or similar failures. We'll just count it as "corrupted".
        console.error("Could not read session file ", ex, ex.stack);
        corrupted = true;
      } catch (ex if ex instanceof SyntaxError) {
        console.error("Corrupt session file (invalid JSON found) ", ex, ex.stack);
        // File is corrupted, try next file
        corrupted = true;
      } finally {
        if (exists) {
          noFilesFound = false;

    // All files are corrupted if files found but none could deliver a result.
    let allCorrupt = !noFilesFound && !result;

    if (!result) {
      // If everything fails, start with an empty session.
      result = {
        origin: "empty",
        source: "",
        parsed: null

    result.noFilesFound = noFilesFound;

    // Initialize the worker (in the background) to let it handle backups and also
    // as a workaround for bug 964531.
    let promiseInitialized ="init", [result.origin, this.Paths, {
      maxUpgradeBackups: Preferences.get(PREF_MAX_UPGRADE_BACKUPS, 3),
      maxSerializeBack: Preferences.get(PREF_MAX_SERIALIZE_BACK, 10),
      maxSerializeForward: Preferences.get(PREF_MAX_SERIALIZE_FWD, -1)

    promiseInitialized.catch(err => {
      // Ensure that we report errors but that they do not stop us.
    }).then(() => this._deferredInitialized.resolve());

    return result;

  // Post a message to the worker, making sure that it has been initialized
  // first.
  _postToWorker: Task.async(function*(...args) {
    if (!this._initializationStarted) {
      // Initializing the worker is somewhat complex, as proper handling of
      // backups requires us to first read and check the session. Consequently,
      // the only way to initialize the worker is to first call ``.

      // The call to `` causes background initialization of the worker.
      // Initialization will be complete once `this._deferredInitialized.promise`
      // resolves.;
    yield this._deferredInitialized.promise;

  write: function (aData) {
    if (RunState.isClosed) {
      return Promise.reject(new Error("SessionFile is closed"));

    let isFinalWrite = false;
    if (RunState.isClosing) {
      // If shutdown has started, we will want to stop receiving
      // write instructions.
      isFinalWrite = true;

    let performShutdownCleanup = isFinalWrite &&

    let options = {isFinalWrite, performShutdownCleanup};
    let promise = this._postToWorker("write", [aData, options]);

    // Wait until the write is done.
    promise = promise.then(msg => {
      // Record how long the write took.
      if (msg.result.upgradeBackup) {
        // We have just completed a backup-on-upgrade, store the information
        // in preferences.
    }, err => {
      // Catch and report any errors.
      console.error("Could not write session state file ", err, err.stack);
      // By not doing anything special here we ensure that |promise| cannot
      // be rejected anymore. The shutdown/cleanup code at the end of the
      // function will thus always be executed.

    // Ensure that we can write sessionstore.js cleanly before the profile
    // becomes unaccessible.
      "SessionFile: Finish writing Session Restore data",
        fetchState: () => ({
          attempts: this._attempts,
          successes: this._successes,
          failures: this._failures,

    // This code will always be executed because |promise| can't fail anymore.
    // We ensured that by having a reject handler that reports the failure but
    // doesn't forward the rejection.
    return promise.then(() => {
      // Remove the blocker, no matter if writing failed or not.

      if (isFinalWrite) {
        Services.obs.notifyObservers(null, "sessionstore-final-state-write-complete", "");

  wipe: function () {
    return this._postToWorker("wipe");

  _recordTelemetry: function(telemetry) {
    for (let id of Object.keys(telemetry)){
      let value = telemetry[id];
      let samples = [];
      if (Array.isArray(value)) {
      } else {
      let histogram = Telemetry.getHistogramById(id);
      for (let sample of samples) {