cheevos: drop stale rc_client load completions via generation

 counter

Even with the atomic queued_command from the previous patch, a
race remains: a background load callback for game A can complete
*after* the user has closed content and started loading game B.
The bg thread atomically writes CMD_CHEEVOS_FINALIZE_LOAD to
queued_command; on the next frame, rcheevos_test dispatches
rcheevos_finalize_game_load_on_ui_thread - applying game A's
finalization (achievement runtime initialization, memory map
hookup, hardcore enforcement) to game B's rcheevos_locals state.

Add a load_generation atomic counter to rcheevos_locals_t. Bump
it (atomic_inc) at the top of rcheevos_unload and rcheevos_load,
before any other state mutation. Capture the current value as
the userdata argument to rc_client_begin_identify_and_load_game
(passed through as void* via intptr_t cast - the rc_client
library treats userdata opaquely).

The bg-thread callback checks the captured generation against
the live counter at two points:

  - At the top of rcheevos_client_load_game_callback, before
    any work that mutates rcheevos_locals (rcheevos_init_memory,
    rc_client_set_read_memory_function, rcheevos_finalize_game_load).
    Stale callbacks return immediately without side effects.

  - Just before publishing CMD_CHEEVOS_FINALIZE_LOAD to
    queued_command. Between the entry check and here the bg
    thread runs a long sequence (network/file I/O, can take
    seconds); the user may unload mid-callback. The re-check
    is cheap and prevents a stale FINALIZE_LOAD from queuing.

Both checks are HAVE_THREADS-gated and skipped when the callback
runs on the main thread (which only happens when the rc_client
synchronously dispatches; in that case the userdata sentinel is
NULL but task_is_on_main_thread() returns true so the check is
skipped). The kickoff site is also gated: under HAVE_THREADS
the userdata is the captured generation, otherwise NULL.

Closes the second half of the cheevos queued_command hazard. The
first half (atomicity) was addressed in fd50fe1.

Author: LibretroAdmin

cheevos/cheevos.c

@@ -93,6 +93,9 @@ static rcheevos_locals_t rcheevos_locals =
    /* queued_command (atomic). CMD_EVENT_NONE == 0; static
     * zero-initialization satisfies all retro_atomic.h backends. */
    0,
+   /* load_generation (atomic). Starts at 0; bumped by
+    * rcheevos_unload and rcheevos_load. */
+   0,
 #endif
    "",   /* user_agent_prefix */
    "",   /* user_agent_core */
@@ -806,6 +809,17 @@ bool rcheevos_unload(void)
 {
    const bool was_loaded = rcheevos_is_game_loaded();
 
+#ifdef HAVE_THREADS
+   /* Bump the load generation FIRST, before any other state
+    * mutation. Any background load callback already in flight
+    * captured the previous generation at submit time; bumping
+    * here makes its eventual generation check fail, so it
+    * silently drops without writing FINALIZE_LOAD into
+    * queued_command. The atomic store synchronizes with the
+    * acquire-load on the bg thread. */
+   retro_atomic_inc_int(&rcheevos_locals.load_generation);
+#endif
+
 #ifdef HAVE_GFX_WIDGETS
    rcheevos_hide_widgets(gfx_widgets_ready());
    gfx_widget_set_cheevos_set_loading(false);
@@ -1663,6 +1677,29 @@ static void rcheevos_client_load_game_callback(int result,
    const settings_t *settings   = config_get_ptr();
    const rc_client_game_t *game = rc_client_get_game_info(client);
 
+#ifdef HAVE_THREADS
+   /* Stale-load filter. The userdata is the load_generation
+    * captured at rc_client_begin_identify_and_load_game time;
+    * if it no longer matches, the user has unloaded or started
+    * a new load while this one was in flight, and any further
+    * mutation of rcheevos_locals here would target the new
+    * session's state.
+    *
+    * The check is HAVE_THREADS-gated because only the threaded
+    * code path captures a real generation as userdata; the
+    * single-threaded build passes NULL (which would compare
+    * against the initial generation 0 and either match-or-miss
+    * unpredictably as the counter wraps). */
+   if (!task_is_on_main_thread())
+   {
+      intptr_t captured_gen = (intptr_t)userdata;
+      int      current_gen  = retro_atomic_load_acquire_int(
+            &rcheevos_locals.load_generation);
+      if ((intptr_t)current_gen != captured_gen)
+         return;
+   }
+#endif
+
 #if defined(HAVE_GFX_WIDGETS)
    gfx_widget_set_cheevos_set_loading(false);
 #endif
@@ -1748,8 +1785,22 @@ static void rcheevos_client_load_game_callback(int result,
    /* Have to "schedule" this. Game image should not be
     * loaded into memory on background thread */
    if (!task_is_on_main_thread())
+   {
+      /* Re-check the generation just before publishing.
+       * Between the entry check and here we ran a long
+       * sequence of work (potentially seconds with slow
+       * network or disk); the user may have unloaded or
+       * started a new load in that window. The captured
+       * generation is in userdata. */
+      intptr_t captured_gen = (intptr_t)userdata;
+      int      current_gen  = retro_atomic_load_acquire_int(
+            &rcheevos_locals.load_generation);
+      if ((intptr_t)current_gen != captured_gen)
+         return;
+
       retro_atomic_store_release_int(&rcheevos_locals.queued_command,
             CMD_CHEEVOS_FINALIZE_LOAD);
+   }
    else
 #endif
       rcheevos_finalize_game_load_on_ui_thread();
@@ -1768,6 +1819,14 @@ bool rcheevos_load(const void *data)
       && settings->bools.cheevos_enable;
 
 #ifdef HAVE_THREADS
+   /* Bump the load generation. Any background callback from a
+    * prior rc_client_begin_identify_and_load_game whose
+    * userdata-captured generation no longer matches will drop
+    * silently rather than writing FINALIZE_LOAD into
+    * queued_command and causing a stale finalize to be applied
+    * to the new game's state. See the matching comment in
+    * cheevos_locals.h. */
+   retro_atomic_inc_int(&rcheevos_locals.load_generation);
    retro_atomic_store_release_int(&rcheevos_locals.queued_command,
          CMD_EVENT_NONE);
 #endif
@@ -1882,8 +1941,26 @@ bool rcheevos_load(const void *data)
       }
 #endif
 
-      rc_client_begin_identify_and_load_game(rcheevos_locals.client, console_id,
-         info->path, (const uint8_t*)info->data, info->size, rcheevos_client_load_game_callback, NULL);
+      {
+#ifdef HAVE_THREADS
+         /* Capture the current load generation; the callback
+          * compares this against the live value to detect a
+          * stale completion (i.e. the user closed/changed
+          * content while the load was in flight). The cast
+          * loses information only if HAVE_THREADS is enabled
+          * and a generation counter overflows intptr_t, which
+          * would require ~2^31 (or ~2^63) load events. */
+         intptr_t gen = (intptr_t)retro_atomic_load_acquire_int(
+               &rcheevos_locals.load_generation);
+         rc_client_begin_identify_and_load_game(rcheevos_locals.client, console_id,
+            info->path, (const uint8_t*)info->data, info->size,
+            rcheevos_client_load_game_callback, (void*)gen);
+#else
+         rc_client_begin_identify_and_load_game(rcheevos_locals.client, console_id,
+            info->path, (const uint8_t*)info->data, info->size,
+            rcheevos_client_load_game_callback, NULL);
+#endif
+      }
    }
 
    return true;

cheevos/cheevos_locals.h

@@ -93,6 +93,19 @@ typedef struct rcheevos_locals_t
     * polling per frame; plain enum access would be a data race
     * with no memory barrier. */
    retro_atomic_int_t queued_command;
+
+   /* Bumped on every load lifecycle reset (rcheevos_load and
+    * rcheevos_unload). Captured at rc_client_begin_identify_and_load_game
+    * time and passed through the callback's userdata; the
+    * background callback compares its captured value against the
+    * current value at completion and drops stale completions
+    * whose target rcheevos_locals state has been reset out from
+    * under them. Without this, a load for game A that completes
+    * after the user has closed content and started loading game B
+    * would write FINALIZE_LOAD into queued_command and cause the
+    * main thread to apply game A's finalization to game B's
+    * memory map. */
+   retro_atomic_int_t load_generation;
 #endif
 
    char user_agent_prefix[128];       /* RetroArch/OS version information */