Fix a couple of race issue in Instance Id for Android

chkuang-g · a-maurice · commit 88309ec7fe36 · 2019-07-01T16:16:48.000-07:00
* Change CancelOperations() so that it does not hold the lock to operations_mutex_ all the time, which can result in deadlock with background thread.
* Change all implementation to pass AsyncOperation pointer to background thread instead of the pointer to SharedPtr&lt;AsyncOperation&gt; in a std::vector.

PiperOrigin-RevId: 254826416
diff --git a/instance_id/src/android/instance_id.cc b/instance_id/src/android/instance_id.cc
@@ -121,7 +121,7 @@ Future<std::string> InstanceId::GetId() const {
   if (!instance_id_internal_) return Future<std::string>();
 
   JNIEnv* env = app().GetJNIEnv();
-  SharedPtr<AsyncOperation>* operation =
+  SharedPtr<AsyncOperation> operation =
       instance_id_internal_->AddOperation(new AsyncOperation(
           env, instance_id_internal_,
           instance_id_internal_
@@ -130,10 +130,18 @@ Future<std::string> InstanceId::GetId() const {
   util::RunOnBackgroundThread(
       env,
       [](void* function_data) {
-        SharedPtr<AsyncOperation> operation =
-            *(static_cast<SharedPtr<AsyncOperation>*>(function_data));
+        // Assume that when this callback is called, AsyncOperation should still
+        // be in instance_id_internal->operations_ or this callback should not
+        // be called at all due to the lock in CppThreadDispatcherContext.
+        AsyncOperation* op_ptr = static_cast<AsyncOperation*>(function_data);
         InstanceIdInternal* instance_id_internal =
-            operation->instance_id_internal();
+            op_ptr->instance_id_internal();
+        // Hold a reference to AsyncOperation so that it will not be deleted
+        // during this callback.
+        SharedPtr<AsyncOperation> operation =
+            instance_id_internal->GetOperationSharedPtr(op_ptr);
+        if (!operation) return;
+
         JNIEnv* env = instance_id_internal->instance_id()->app().GetJNIEnv();
         jobject java_instance_id =
             env->NewLocalRef(instance_id_internal->java_instance_id());
@@ -151,16 +159,16 @@ Future<std::string> InstanceId::GetId() const {
               error.c_str());
         }
       },
-      operation, InstanceIdInternal::CanceledWithResult<std::string>,
-      &(**operation));
+      &(*operation), InstanceIdInternal::CanceledWithResult<std::string>,
+      &(*operation));
   return GetIdLastResult();
 }
 
 Future<void> InstanceId::DeleteId() {
   if (!instance_id_internal_) return Future<void>();
 
   JNIEnv* env = app().GetJNIEnv();
-  SharedPtr<AsyncOperation>* operation = instance_id_internal_->AddOperation(
+  SharedPtr<AsyncOperation> operation = instance_id_internal_->AddOperation(
       new AsyncOperation(env, instance_id_internal_,
                          instance_id_internal_
                              ->FutureAlloc<std::string>(
@@ -169,10 +177,17 @@ Future<void> InstanceId::DeleteId() {
   util::RunOnBackgroundThread(
       env,
       [](void* function_data) {
-        SharedPtr<AsyncOperation> operation =
-            *(static_cast<SharedPtr<AsyncOperation>*>(function_data));
+        // Assume that when this callback is called, AsyncOperation should still
+        // be in instance_id_internal->operations_ or this callback should not
+        // be called at all due to the lock in CppThreadDispatcherContext.
+        AsyncOperation* op_ptr = static_cast<AsyncOperation*>(function_data);
         InstanceIdInternal* instance_id_internal =
-            operation->instance_id_internal();
+            op_ptr->instance_id_internal();
+        // Hold a reference to AsyncOperation so that it will not be deleted
+        // during this callback.
+        SharedPtr<AsyncOperation> operation =
+            instance_id_internal->GetOperationSharedPtr(op_ptr);
+        if (!operation) return;
         JNIEnv* env = instance_id_internal->instance_id()->app().GetJNIEnv();
         jobject java_instance_id =
             env->NewLocalRef(instance_id_internal->java_instance_id());
@@ -187,7 +202,7 @@ Future<void> InstanceId::DeleteId() {
               operation, ExceptionStringToError(error.c_str()), error.c_str());
         }
       },
-      operation, InstanceIdInternal::Canceled, &(**operation));
+      &(*operation), InstanceIdInternal::Canceled, &(*operation));
   return DeleteIdLastResult();
 }
 
@@ -218,7 +233,7 @@ Future<std::string> InstanceId::GetToken(const char* entity,
   if (!instance_id_internal_) return Future<std::string>();
 
   JNIEnv* env = app().GetJNIEnv();
-  SharedPtr<AsyncOperation>* operation = instance_id_internal_->AddOperation(
+  SharedPtr<AsyncOperation> operation = instance_id_internal_->AddOperation(
       new AsyncTokenOperation(env, instance_id_internal_,
                               instance_id_internal_
                                   ->FutureAlloc<std::string>(
@@ -228,19 +243,26 @@ Future<std::string> InstanceId::GetToken(const char* entity,
   util::RunOnBackgroundThread(
       env,
       [](void* function_data) {
-        SharedPtr<AsyncOperation> base_operation =
-            *(static_cast<SharedPtr<AsyncOperation>*>(function_data));
-        AsyncTokenOperation* operation =
-            static_cast<AsyncTokenOperation*>(base_operation->derived());
+        // Assume that when this callback is called, AsyncOperation should still
+        // be in instance_id_internal->operations_ or this callback should not
+        // be called at all due to the lock in CppThreadDispatcherContext.
+        AsyncTokenOperation* op_ptr =
+            static_cast<AsyncTokenOperation*>(function_data);
         InstanceIdInternal* instance_id_internal =
-            operation->instance_id_internal();
+            op_ptr->instance_id_internal();
+        // Hold a reference to AsyncOperation so that it will not be deleted
+        // during this callback.
+        SharedPtr<AsyncOperation> operation =
+            instance_id_internal->GetOperationSharedPtr(op_ptr);
+        if (!operation) return;
+
         JNIEnv* env = instance_id_internal->instance_id()->app().GetJNIEnv();
         jobject java_instance_id =
             env->NewLocalRef(instance_id_internal->java_instance_id());
         jmethodID java_instance_id_method =
             instance_id::GetMethodId(instance_id::kGetToken);
-        jobject entity_jstring = env->NewStringUTF(operation->entity().c_str());
-        jobject scope_jstring = env->NewStringUTF(operation->scope().c_str());
+        jobject entity_jstring = env->NewStringUTF(op_ptr->entity().c_str());
+        jobject scope_jstring = env->NewStringUTF(op_ptr->scope().c_str());
         operation->ReleaseExecuteCancelLock();
         jobject token_jstring =
             env->CallObjectMethod(java_instance_id, java_instance_id_method,
@@ -252,20 +274,20 @@ Future<std::string> InstanceId::GetToken(const char* entity,
         env->DeleteLocalRef(scope_jstring);
         if (operation->AcquireExecuteCancelLock()) {
           instance_id_internal->CompleteOperationWithResult(
-              base_operation, token, ExceptionStringToError(error.c_str()),
+              operation, token, ExceptionStringToError(error.c_str()),
               error.c_str());
         }
       },
-      operation, InstanceIdInternal::CanceledWithResult<std::string>,
-      &(**operation));
+      &(*operation), InstanceIdInternal::CanceledWithResult<std::string>,
+      &(*operation));
   return GetTokenLastResult();
 }
 
 Future<void> InstanceId::DeleteToken(const char* entity, const char* scope) {
   if (!instance_id_internal_) return Future<void>();
 
   JNIEnv* env = app().GetJNIEnv();
-  SharedPtr<AsyncOperation>* operation =
+  SharedPtr<AsyncOperation> operation =
       instance_id_internal_->AddOperation(new AsyncTokenOperation(
           env, instance_id_internal_,
           instance_id_internal_
@@ -276,15 +298,22 @@ Future<void> InstanceId::DeleteToken(const char* entity, const char* scope) {
   util::RunOnBackgroundThread(
       env,
       [](void* function_data) {
-        SharedPtr<AsyncOperation> base_operation =
-            *(static_cast<SharedPtr<AsyncOperation>*>(function_data));
-        AsyncTokenOperation* operation =
-            static_cast<AsyncTokenOperation*>(base_operation->derived());
+        // Assume that when this callback is called, AsyncOperation should still
+        // be in instance_id_internal->operations_ or this callback should not
+        // be called at all due to the lock in CppThreadDispatcherContext.
+        AsyncTokenOperation* op_ptr =
+            static_cast<AsyncTokenOperation*>(function_data);
         InstanceIdInternal* instance_id_internal =
-            operation->instance_id_internal();
+            op_ptr->instance_id_internal();
+        // Hold a reference to AsyncOperation so that it will not be deleted
+        // during this callback.
+        SharedPtr<AsyncOperation> operation =
+            instance_id_internal->GetOperationSharedPtr(op_ptr);
+        if (!operation) return;
+
         JNIEnv* env = instance_id_internal->instance_id()->app().GetJNIEnv();
-        jobject entity_jstring = env->NewStringUTF(operation->entity().c_str());
-        jobject scope_jstring = env->NewStringUTF(operation->scope().c_str());
+        jobject entity_jstring = env->NewStringUTF(op_ptr->entity().c_str());
+        jobject scope_jstring = env->NewStringUTF(op_ptr->scope().c_str());
         jobject java_instance_id =
             env->NewLocalRef(instance_id_internal->java_instance_id());
         jmethodID java_instance_id_method =
@@ -298,11 +327,10 @@ Future<void> InstanceId::DeleteToken(const char* entity, const char* scope) {
         env->DeleteLocalRef(scope_jstring);
         if (operation->AcquireExecuteCancelLock()) {
           instance_id_internal->CompleteOperation(
-              base_operation, ExceptionStringToError(error.c_str()),
-              error.c_str());
+              operation, ExceptionStringToError(error.c_str()), error.c_str());
         }
       },
-      operation, InstanceIdInternal::Canceled, &(**operation));
+      &(*operation), InstanceIdInternal::Canceled, &(*operation));
   return DeleteTokenLastResult();
 }
 
diff --git a/instance_id/src/android/instance_id_internal.cc b/instance_id/src/android/instance_id_internal.cc
@@ -44,11 +44,11 @@ void InstanceIdInternal::Initialize(InstanceId* instance_id,
 }
 
 // Store a reference to a scheduled operation.
-SharedPtr<AsyncOperation>* InstanceIdInternal::AddOperation(
+SharedPtr<AsyncOperation> InstanceIdInternal::AddOperation(
     AsyncOperation* operation) {
   MutexLock lock(operations_mutex_);
   operations_.push_back(SharedPtr<AsyncOperation>(operation));
-  return &operations_[operations_.size() - 1];
+  return operations_[operations_.size() - 1];
 }
 
 // Remove a reference to a schedule operation.
@@ -63,11 +63,32 @@ void InstanceIdInternal::RemoveOperation(
   }
 }
 
+// Find the SharedPtr to the operation using raw pointer.
+SharedPtr<AsyncOperation> InstanceIdInternal::GetOperationSharedPtr(
+    AsyncOperation* operation) {
+  MutexLock lock(operations_mutex_);
+  for (auto it = operations_.begin(); it != operations_.end(); ++it) {
+    if (&(**it) == operation) {
+      return *it;
+    }
+  }
+  return SharedPtr<AsyncOperation>();
+}
+
 // Cancel all scheduled operations.
 void InstanceIdInternal::CancelOperations() {
-  MutexLock lock(operations_mutex_);
-  while (operations_.size()) {
-    operations_[0]->Cancel();
+  while (true) {
+    SharedPtr<AsyncOperation> operation_ptr;
+    {
+      MutexLock lock(operations_mutex_);
+      if (operations_.empty()) {
+        break;
+      }
+      operation_ptr = operations_[0];
+    }
+    if (operation_ptr) {
+      operation_ptr->Cancel();
+    }
   }
 }
 
@@ -80,9 +101,13 @@ void InstanceIdInternal::CompleteOperation(
 }
 
 void InstanceIdInternal::Canceled(void* function_data) {
-    SharedPtr<AsyncOperation>& operation =
-        *(static_cast<SharedPtr<AsyncOperation>*>(function_data));
-    operation->instance_id_internal()->CancelOperation(operation);
+  AsyncOperation* ptr = static_cast<AsyncOperation*>(function_data);
+  // Hold a reference to AsyncOperation so that it will not be deleted during
+  // this callback.
+  SharedPtr<AsyncOperation> operation =
+      ptr->instance_id_internal()->GetOperationSharedPtr(ptr);
+  if (!operation) return;
+  operation->instance_id_internal()->CancelOperation(operation);
 }
 
 }  // namespace internal
diff --git a/instance_id/src/android/instance_id_internal.h b/instance_id/src/android/instance_id_internal.h
@@ -84,7 +84,10 @@ class InstanceIdInternal : public InstanceIdInternalBase {
   InstanceId* instance_id() const { return instance_id_; }
 
   // Store a reference to a scheduled operation.
-  SharedPtr<AsyncOperation>* AddOperation(AsyncOperation* operation);
+  SharedPtr<AsyncOperation> AddOperation(AsyncOperation* operation);
+
+  // Find the SharedPtr to the operation using raw pointer.
+  SharedPtr<AsyncOperation> GetOperationSharedPtr(AsyncOperation* operation);
 
   // Remove a reference to a schedule operation.
   void RemoveOperation(const SharedPtr<AsyncOperation>& operation);
@@ -127,8 +130,12 @@ class InstanceIdInternal : public InstanceIdInternalBase {
   // Complete a future with an error when an operation is canceled.
   template <typename T>
   static void CanceledWithResult(void* function_data) {
-    SharedPtr<AsyncOperation>& operation =
-        *(static_cast<SharedPtr<AsyncOperation>*>(function_data));
+    AsyncOperation* ptr = static_cast<AsyncOperation*>(function_data);
+    // Hold a reference to AsyncOperation so that it will not be deleted during
+    // this callback.
+    SharedPtr<AsyncOperation> operation =
+        ptr->instance_id_internal()->GetOperationSharedPtr(ptr);
+    if (!operation) return;
     operation->instance_id_internal()->CancelOperationWithResult<T>(operation);
   }
 
