[Backport] fix data race and use-after-free in napi_threadsafe_function (#199)

Author: toyobayashi

.github/workflows/main.yml

@@ -32,10 +32,10 @@ permissions:
   contents: write
 
 env:
-  WASI_VERSION: '27'
-  WASI_VERSION_FULL: '27.0'
-  WASI_SDK_PATH: './wasi-sdk-27.0'
-  EM_VERSION: '4.0.1'
+  WASI_VERSION: '29'
+  WASI_VERSION_FULL: '29.0'
+  WASI_SDK_PATH: './wasi-sdk-29.0'
+  EM_VERSION: '4.0.11'
   EM_CACHE_FOLDER: 'emsdk-cache'
   NODE_VERSION: '24.11.1'
 

packages/core/package.json

@@ -27,7 +27,7 @@
     }
   },
   "dependencies": {
-    "@emnapi/wasi-threads": "1.1.0",
+    "@emnapi/wasi-threads": "1.2.0",
     "tslib": "^2.4.0"
   },
   "scripts": {

packages/emnapi/CMakeLists.txt

@@ -143,6 +143,15 @@ endif()
 if(NODE_WANT_INTERNALS)
   add_compile_definitions("NODE_WANT_INTERNALS=${NODE_WANT_INTERNALS}")
 endif()
+if(EMNAPI_WORKER_POOL_SIZE)
+  add_compile_definitions("EMNAPI_WORKER_POOL_SIZE=${EMNAPI_WORKER_POOL_SIZE}")
+endif()
+if(EMNAPI_NEXTTICK_TYPE)
+  add_compile_definitions("EMNAPI_NEXTTICK_TYPE=${EMNAPI_NEXTTICK_TYPE}")
+endif()
+if(EMNAPI_USE_PROXYING)
+  add_compile_definitions("EMNAPI_USE_PROXYING=${EMNAPI_USE_PROXYING}")
+endif()
 
 add_library(${EMNAPI_TARGET_NAME} STATIC ${EMNAPI_SRC} ${UV_SRC})
 target_include_directories(${EMNAPI_TARGET_NAME} PUBLIC ${EMNAPI_INCLUDE})
@@ -152,11 +161,10 @@ if(IS_EMSCRIPTEN)
   target_link_options(${EMNAPI_TARGET_NAME} INTERFACE "--js-library=${EMNAPI_JS_LIB}")
 endif()
 
-add_library(${EMNAPI_BASIC_TARGET_NAME} STATIC ${ENAPI_BASIC_SRC})
+add_library(${EMNAPI_BASIC_TARGET_NAME} STATIC ${ENAPI_BASIC_SRC} ${UV_SRC})
 target_include_directories(${EMNAPI_BASIC_TARGET_NAME} PUBLIC ${EMNAPI_INCLUDE})
 target_compile_definitions(${EMNAPI_BASIC_TARGET_NAME}
   PUBLIC ${EMNAPI_DEFINES}
-  PRIVATE "EMNAPI_DISABLE_UV"
 )
 if(IS_EMSCRIPTEN)
   set_target_properties(${EMNAPI_BASIC_TARGET_NAME} PROPERTIES INTERFACE_LINK_DEPENDS ${EMNAPI_JS_LIB})
@@ -184,27 +192,27 @@ if(EMNAPI_BUILD_FOR_NAPI_RS)
 
   add_library(${EMNAPI_BASIC_NAPI_RS_MT_TARGET_NAME} STATIC
     ${ENAPI_BASIC_SRC}
+    ${UV_SRC}
     "${CMAKE_CURRENT_SOURCE_DIR}/src/thread/async_worker_create.c"
     "${CMAKE_CURRENT_SOURCE_DIR}/src/thread/async_worker_init.S"
   )
   target_include_directories(${EMNAPI_BASIC_NAPI_RS_MT_TARGET_NAME} PUBLIC ${EMNAPI_INCLUDE})
   target_compile_definitions(${EMNAPI_BASIC_NAPI_RS_MT_TARGET_NAME}
     PUBLIC ${EMNAPI_DEFINES} "NAPI_EXTERN=__attribute__((__import_module__(\"env\")))"
-    PRIVATE "EMNAPI_DISABLE_UV"
   )
 endif()
 
 if(EMNAPI_BUILD_BASIC_MT)
   add_library(${EMNAPI_BASIC_MT_TARGET_NAME} STATIC
     ${ENAPI_BASIC_SRC}
+    ${UV_SRC}
     "${CMAKE_CURRENT_SOURCE_DIR}/src/thread/async_worker_create.c"
     "${CMAKE_CURRENT_SOURCE_DIR}/src/thread/async_worker_init.S"
   )
   target_compile_options(${EMNAPI_BASIC_MT_TARGET_NAME} PUBLIC "-matomics" "-mbulk-memory")
   target_include_directories(${EMNAPI_BASIC_MT_TARGET_NAME} PUBLIC ${EMNAPI_INCLUDE})
   target_compile_definitions(${EMNAPI_BASIC_MT_TARGET_NAME}
     PUBLIC ${EMNAPI_DEFINES}
-    PRIVATE "EMNAPI_DISABLE_UV"
   )
 
   if(IS_EMSCRIPTEN)
@@ -231,15 +239,6 @@ if(EMNAPI_BUILD_MT)
     set_target_properties(${EMNAPI_MT_TARGET_NAME} PROPERTIES INTERFACE_LINK_DEPENDS ${EMNAPI_JS_LIB})
     target_link_options(${EMNAPI_MT_TARGET_NAME} INTERFACE "--js-library=${EMNAPI_JS_LIB}")
   endif()
-  if(EMNAPI_WORKER_POOL_SIZE)
-    target_compile_definitions(${EMNAPI_MT_TARGET_NAME} PRIVATE "EMNAPI_WORKER_POOL_SIZE=${EMNAPI_WORKER_POOL_SIZE}")
-  endif()
-  if(EMNAPI_NEXTTICK_TYPE)
-    target_compile_definitions(${EMNAPI_MT_TARGET_NAME} PRIVATE "EMNAPI_NEXTTICK_TYPE=${EMNAPI_NEXTTICK_TYPE}")
-  endif()
-  if(EMNAPI_USE_PROXYING)
-    target_compile_definitions(${EMNAPI_MT_TARGET_NAME} PRIVATE "EMNAPI_USE_PROXYING=${EMNAPI_USE_PROXYING}")
-  endif()
 endif()
 
 if(IS_EMSCRIPTEN)

packages/emnapi/emnapi.gyp

@@ -48,14 +48,21 @@
       'target_name': 'emnapi_basic',
       'type': 'static_library',
       'defines': [
-        'EMNAPI_DISABLE_UV'
       ],
       'sources': [
         'src/js_native_api.c',
         'src/node_api.c',
         'src/async_cleanup_hook.c',
         'src/async_context.c',
         'src/wasi_wait.c',
+
+        'src/uv/uv-common.c',
+        'src/uv/threadpool.c',
+        'src/uv/unix/loop.c',
+        'src/uv/unix/posix-hrtime.c',
+        'src/uv/unix/thread.c',
+        'src/uv/unix/async.c',
+        'src/uv/unix/core.c',
       ],
       'link_settings': {
         'target_conditions': [

packages/emnapi/package.json

@@ -14,7 +14,10 @@
   },
   "scripts": {
     "build": "node ./script/build.js",
-    "version": "node ./script/version.js"
+    "version": "node ./script/version.js",
+    "generate-struct-info-wasm32": "node -e \"fs.mkdirSync('script/out',{recursive:true})\" && emcc -Iinclude/node -pthread script/generate_struct_info.c -sNODERAWFS -o script/out/generate_struct_info_wasm32.js && node ./script/out/generate_struct_info_wasm32.js",
+    "generate-struct-info-wasm64": "node -e \"fs.mkdirSync('script/out',{recursive:true})\" && emcc -Iinclude/node -pthread script/generate_struct_info.c -sNODERAWFS -sMEMORY64 -o script/out/generate_struct_info_wasm64.js && node ./script/out/generate_struct_info_wasm64.js",
+    "generate-struct-info": "npm run generate-struct-info-wasm32 && npm run generate-struct-info-wasm64"
   },
   "repository": {
     "type": "git",

packages/emnapi/script/generate_struct_info.c

@@ -0,0 +1,71 @@
+#include <stdio.h>
+#include "../src/emnapi_internal.h"
+#include "../src/threadsafe_function.h"
+
+#ifdef __wasm64__
+#define WASM_BIT "64"
+#else
+#define WASM_BIT "32"
+#endif
+
+void print_napi_env_info(FILE* f) {
+  fprintf(f, "declare const enum NapiEnvOffset" WASM_BIT " {\n");
+  fprintf(f, "  __size__ = %zu,\n", sizeof(node_api_base_env__));
+  fprintf(f, "  vptr = %zu,\n", offsetof(node_api_base_env__, vptr));
+  fprintf(f, "  sentinel = %zu,\n", offsetof(node_api_base_env__, sentinel));
+  fprintf(f, "  js_vtable = %zu,\n", offsetof(node_api_base_env__, js_vtable));
+  fprintf(f, "  module_vtable = %zu,\n", offsetof(node_api_base_env__, module_vtable));
+  fprintf(f, "  id = %zu,\n", offsetof(node_api_base_env__, id));
+  fprintf(f, "  last_error = %zu,\n", offsetof(node_api_base_env__, last_error));
+  fprintf(f, "  last_error___size__ = %zu,\n", sizeof(napi_extended_error_info));
+  fprintf(f, "  last_error_error_message = %zu,\n", offsetof(node_api_base_env__, last_error) + offsetof(napi_extended_error_info, error_message));
+  fprintf(f, "  last_error_engine_reserved = %zu,\n", offsetof(node_api_base_env__, last_error) + offsetof(napi_extended_error_info, engine_reserved));
+  fprintf(f, "  last_error_engine_error_code = %zu,\n", offsetof(node_api_base_env__, last_error) + offsetof(napi_extended_error_info, engine_error_code));
+  fprintf(f, "  last_error_error_code = %zu,\n", offsetof(node_api_base_env__, last_error) + offsetof(napi_extended_error_info, error_code));
+  fprintf(f, "}\n");
+}
+
+void print_napi_threadsafe_function_info(FILE* f) {
+  fprintf(f, "declare const enum NapiTSFNOffset" WASM_BIT " {\n");
+  fprintf(f, "  __size__ = %zu,\n", sizeof(struct napi_threadsafe_function__));
+  fprintf(f, "  async_resource = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource));
+  fprintf(f, "  async_resource___size__ = %zu,\n", sizeof(optional_async_resource));
+  fprintf(f, "  async_resource_resource = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, resource_));
+  fprintf(f, "  async_resource_async_context = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, async_context_));
+  fprintf(f, "  async_resource_async_context___size__ = %zu,\n", sizeof(async_context));
+  fprintf(f, "  async_resource_async_context_async_id = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, async_context_) + offsetof(async_context, async_id));
+  fprintf(f, "  async_resource_async_context_trigger_async_id = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, async_context_) + offsetof(async_context, trigger_async_id));
+  fprintf(f, "  async_resource_is_some = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, is_some));
+  fprintf(f, "  mutex = %zu,\n", offsetof(struct napi_threadsafe_function__, mutex));
+  fprintf(f, "  cond = %zu,\n", offsetof(struct napi_threadsafe_function__, cond));
+  fprintf(f, "  queue_size = %zu,\n", offsetof(struct napi_threadsafe_function__, queue_size));
+  fprintf(f, "  queue = %zu,\n", offsetof(struct napi_threadsafe_function__, queue));
+  fprintf(f, "  async = %zu,\n", offsetof(struct napi_threadsafe_function__, async));
+  fprintf(f, "  thread_count = %zu,\n", offsetof(struct napi_threadsafe_function__, thread_count));
+  fprintf(f, "  state = %zu,\n", offsetof(struct napi_threadsafe_function__, state));
+  fprintf(f, "  dispatch_state = %zu,\n", offsetof(struct napi_threadsafe_function__, dispatch_state));
+  fprintf(f, "  context = %zu,\n", offsetof(struct napi_threadsafe_function__, context));
+  fprintf(f, "  max_queue_size = %zu,\n", offsetof(struct napi_threadsafe_function__, max_queue_size));
+  fprintf(f, "  ref = %zu,\n", offsetof(struct napi_threadsafe_function__, ref));
+  fprintf(f, "  env = %zu,\n", offsetof(struct napi_threadsafe_function__, env));
+  fprintf(f, "  finalize_data = %zu,\n", offsetof(struct napi_threadsafe_function__, finalize_data));
+  fprintf(f, "  finalize_cb = %zu,\n", offsetof(struct napi_threadsafe_function__, finalize_cb));
+  fprintf(f, "  call_js_cb = %zu,\n", offsetof(struct napi_threadsafe_function__, call_js_cb));
+  fprintf(f, "  handles_closing = %zu,\n", offsetof(struct napi_threadsafe_function__, handles_closing));
+  fprintf(f, "  async_ref = %zu,\n", offsetof(struct napi_threadsafe_function__, async_ref));
+  fprintf(f, "}\n");
+}
+
+int main() {
+  FILE* f = fopen("src/typings/struct-wasm" WASM_BIT ".d.ts", "w");
+  if (f == NULL) {
+    fprintf(stderr, "Failed to open file\n");
+    return 1;
+  }
+
+  print_napi_env_info(f);
+  print_napi_threadsafe_function_info(f);
+
+  fclose(f);
+  return 0;
+}

packages/emnapi/src/async_cleanup_hook.c

@@ -82,8 +82,6 @@ _emnapi_ach_handle_create(napi_env env,
   return handle;
 }
 
-EMNAPI_INTERNAL_EXTERN void _emnapi_set_immediate(void (*callback)(void*), void* data);
-
 static void _emnapi_ach_handle_env_unref(void* arg) {
   napi_env env = (napi_env) arg;
   _emnapi_env_unref(env);

packages/emnapi/src/core/async-work.ts

@@ -89,6 +89,7 @@ var emnapiAWMT = {
         const worker = onCreateWorker({ type: 'async-work', name: 'emnapi-async-worker' })
         const p = PThread.loadWasmModuleToWorker(worker)
         emnapiAWMT.addListener(worker)
+        emnapiTSFN.addListener(worker)
         promises.push(p.then(() => {
           if (typeof worker.unref === 'function') {
             worker.unref()

packages/emnapi/src/core/async.ts

@@ -25,6 +25,15 @@ function emnapiGetWorkerByPthreadPtr (pthreadPtr: number): any {
   return worker
 }
 
+/** @__sig vp */
+export function _emnapi_worker_ref (pthreadPtr: number): void {
+  if (ENVIRONMENT_IS_PTHREAD) return
+  const worker = emnapiGetWorkerByPthreadPtr(pthreadPtr)
+  if (worker && typeof worker.ref === 'function') {
+    worker.ref()
+  }
+}
+
 /** @__sig vp */
 export function _emnapi_worker_unref (pthreadPtr: number): void {
   if (ENVIRONMENT_IS_PTHREAD) return

packages/emnapi/src/emnapi_internal.h

@@ -1,3 +1,6 @@
+#ifndef EMNAPI_INTERNAL_H
+#define EMNAPI_INTERNAL_H
+
 #include "emnapi.h"
 
 #if defined(__EMSCRIPTEN__) || defined(__wasi__)
@@ -109,6 +112,13 @@ EMNAPI_INTERNAL_EXTERN int _emnapi_is_main_browser_thread();
 EMNAPI_INTERNAL_EXTERN int _emnapi_is_main_runtime_thread();
 EMNAPI_INTERNAL_EXTERN double _emnapi_get_now();
 EMNAPI_INTERNAL_EXTERN void _emnapi_unwind();
+EMNAPI_INTERNAL_EXTERN void _emnapi_set_immediate(void (*callback)(void*), void* data);
+EMNAPI_INTERNAL_EXTERN napi_status _emnapi_create_function(napi_env env,
+                                                           const char* utf8name,
+                                                           size_t length,
+                                                           napi_callback cb,
+                                                           void* data,
+                                                           napi_value* result);
 
 #if defined(__EMSCRIPTEN_PTHREADS__) || defined(_REENTRANT)
 #define EMNAPI_HAVE_THREADS 1
@@ -186,3 +196,5 @@ void _emnapi_env_check_gc_access(napi_env env);
   } while (0)
 
 EXTERN_C_END
+
+#endif