summaryrefslogtreecommitdiffstats
path: root/mobile/android/docs/shutdown.rst
diff options
context:
space:
mode:
Diffstat (limited to 'mobile/android/docs/shutdown.rst')
-rw-r--r--mobile/android/docs/shutdown.rst77
1 files changed, 77 insertions, 0 deletions
diff --git a/mobile/android/docs/shutdown.rst b/mobile/android/docs/shutdown.rst
new file mode 100644
index 000000000..9ec0655f9
--- /dev/null
+++ b/mobile/android/docs/shutdown.rst
@@ -0,0 +1,77 @@
+.. -*- Mode: rst; fill-column: 100; -*-
+
+===================================
+ Shutting down Firefox for Android
+===================================
+
+Background
+==========
+
+Normally, apps on Android don't need to provide any support for explicit quitting, instead they are
+just sent into the background where they eventually get killed by the OS's low-memory killer.
+
+Nevertheless, Firefox on Android allows explicit quitting to support the use case of users wanting
+to clear part or all of their private data after finishing a browsing session. When this option to
+"Clear private data on exit" is activated from the settings, a "Quit" button is provided in the menu.
+
+Because Firefox on Android uses a native UI (written in Java), which also holds some of the user's
+browsing data, this creates some additional complications when compared to quitting on desktop.
+
+Technical details
+=================
+
+When the "Quit" button is used, the UI sends a ``Browser:Quit`` notification to Gecko's ``BrowserApp``,
+which initiates the normal Gecko shutdown procedure. At the same time however, the native UI needs to
+shutdown as well, so as to
+
+1) provide an immediate visual feedback to the user that Firefox is indeed quitting
+
+2) avoid a state where the UI is still running "normally" while the rendering engine is already
+ shutting down, which could lead to loosing incoming external tabs if they were to arrive within
+ that period.
+
+Therefore, shutdown of the native UI was originally started simultaneously with notifying Gecko.
+Because the clearing of private data during shutdown is handled by Gecko's ``Sanitizer``, while some
+private data, e.g. the browsing history, is held in a database by the native UI, this means that
+Gecko needs to message the native UI during shutdown if the user wants the browsing history to be
+cleared on quitting.
+Shutting down the UI simultaneously with Gecko therefore introduced a race condition where the data
+clearing could fail because the native UI thread responsible for receiving Gecko's sanitization
+messages had already exited by the time Gecko's ``Sanitizer`` was attempting to e.g. clear the
+user's browsing history (for further reading, compare `bug 1266594
+<https://bugzilla.mozilla.org/show_bug.cgi?id=1266594>`_).
+
+To fix this issue, the native UI (in ``GeckoApp``) now waits for the ``Sanitizer`` to run and
+message all necessary sanitization handlers and only starts its shutdown after receiving a
+``Sanitize:Finished`` message with a ``shutdown: true`` parameter set. While this introduces a
+certain delay in closing the UI, it is still faster than having to wait for Gecko to exit completely
+before starting to close the UI.
+
+Currently, quitting Firefox therefore proceeds roughly as follows:
+
+1) The user presses the "Quit" button in the main menu, which sends a ``Browser:Quit`` notification
+ to ``BrowserApp``. This notification also contains additional parameters indicating which types
+ of private user data - if any - to clear during shutdown.
+
+2) ``BrowserApp.quit`` runs, which initiates Gecko shutdown by sending out a
+ ``quit-application-requested`` notification.
+
+3) If nobody cancelled shutdown in response to the ``quit-application-requested`` notification,
+ quitting proceeds and the ``SessionStore`` enters shutdown mode (``STATE_QUITTING``), which
+ basically means that no new (asynchronous) writes are started to prevent any interference with
+ the final flushing of data.
+
+4) ``BrowserApp`` calls the ``Sanitizer`` to clear up any private user data that might need cleaning.
+ After the ``Sanitizer`` has invoked all required sanitization handlers (including any on the
+ native Java UI side, e.g. for the browsing history) and finished running, it sends a
+ ``Sanitize:Finished`` message back to the native UI.
+
+5) On receiving the ``Sanitize:Finished`` message, ``GeckoApp`` starts the shutdown of the native UI
+ as well by calling ``doShutdown()``.
+
+6) After sending the ``Sanitize:Finished`` message, Gecko's ``Sanitizer`` runs the callback provided
+ by ``BrowserApp.quit``, which is ``appStartup.quit(Ci.nsIAppStartup.eForceQuit)``, thereby
+ starting the actual and final shutting down of Gecko.
+
+7) On receiving the final ``quit-application`` notification, the ``SessionStore`` synchronously
+ writes its current state to disk.