1761079 - Ensure that XPIProvider.setStartupData is called only when the provider is available

Status: NEW

(Toolkit :: Add-ons Manager, task, P3)

Description

[Rob Wu [:robwu]]

Extension.saveStartupData currently calls XPIProvider.setStartupData, but it is not obvious whether it is safe to do so. Based on the analysis below, we don't need to be concerned about calling this method at (early) browser startup, but I don't see anything that protects against attempts to save/modify data at shutdown.

From a cursory look, it seems like the use at startup is working in practice, because the underlying storage mechanism (XPIStates / addonStartup.json.lz4) is read synchronously before any add-on is started:

1. XPIProvider.startup calls checkForChanges and then markProviderSafe - https://searchfox.org/mozilla-central/rev/840881e1232f664a58b39caaae6284c7bcf121df/toolkit/mozapps/extensions/internal/XPIProvider.jsm#2489-2491
2. XPIProvider.checkForChanges calls XPIStates.scanForChanges at https://searchfox.org/mozilla-central/rev/840881e1232f664a58b39caaae6284c7bcf121df/toolkit/mozapps/extensions/internal/XPIProvider.jsm#2998
3. XPIStates.scanForChanges initializes the data at the first occasion (from addonStartup.json.lz4, and re-uses the data afterwards) at https://searchfox.org/mozilla-central/rev/840881e1232f664a58b39caaae6284c7bcf121df/toolkit/mozapps/extensions/internal/XPIProvider.jsm#1432-1433,1463-1464

After the last step, XPIProvider.setStartupData can currently be called safely by any Extension that is initialized via the AddonManager, at least as long as the browser has not started to shut down.

Comment 1

[Rob Wu [:robwu]]

In bug 1760146 I am refactoring to remove the direct use of XPIProvider in Extension.jsm, and moved the use of XPIProvider.setStartupData to AddonManager.jsm.

In AddonManager.jsm, most XPIProvider uses are via AddonManagerInternal._getProviderByName("XPIProvider"), which returns a XPIProvider only after the provider has fully started. Out of caution, I did not replace XPIProvider with that, but we can try replacing gXPIProvider with that and see if there are any failures. By replacing the gXPIProvider with AddonManagerInternal._getProviderByName("XPIProvider"), an error will be thrown when setStartupData is called after shutdown, but also before the provider has fully started. Throwing when called at startup may be problematic though, for example if an extension is started really early (during sync startup in checkForChanges, e.g. as observed by https://bugzilla.mozilla.org/show_bug.cgi?id=1760146#c1).