fix data race and use-after-free in napi_threadsafe_function (#198)

Author: toyobayashi

packages/core/package.json

@@ -17,7 +17,7 @@
     "./package.json": "./package.json"
   },
   "dependencies": {
-    "@emnapi/wasi-threads": "1.0.4",
+    "@emnapi/wasi-threads": "1.2.0",
     "tslib": "^2.4.0"
   },
   "scripts": {

packages/emnapi/CMakeLists.txt

@@ -185,6 +185,15 @@ endif()
 if(NODE_WANT_INTERNALS)
   add_compile_definitions("NODE_WANT_INTERNALS=${NODE_WANT_INTERNALS}")
 endif()
+if(EMNAPI_WORKER_POOL_SIZE)
+  add_compile_definitions("EMNAPI_WORKER_POOL_SIZE=${EMNAPI_WORKER_POOL_SIZE}")
+endif()
+if(EMNAPI_NEXTTICK_TYPE)
+  add_compile_definitions("EMNAPI_NEXTTICK_TYPE=${EMNAPI_NEXTTICK_TYPE}")
+endif()
+if(EMNAPI_USE_PROXYING)
+  add_compile_definitions("EMNAPI_USE_PROXYING=${EMNAPI_USE_PROXYING}")
+endif()
 
 add_library(${EMNAPI_TARGET_NAME} STATIC ${EMNAPI_SRC} ${UV_SRC})
 target_include_directories(${EMNAPI_TARGET_NAME} PUBLIC ${EMNAPI_INCLUDE})
@@ -195,11 +204,10 @@ if(IS_EMSCRIPTEN)
 endif()
 
 if(EMNAPI_BUILD_BASIC_LIBS)
-  add_library(${EMNAPI_BASIC_TARGET_NAME} STATIC ${ENAPI_BASIC_SRC})
+  add_library(${EMNAPI_BASIC_TARGET_NAME} STATIC ${ENAPI_BASIC_SRC} ${UV_SRC})
   target_include_directories(${EMNAPI_BASIC_TARGET_NAME} PUBLIC ${EMNAPI_INCLUDE})
   target_compile_definitions(${EMNAPI_BASIC_TARGET_NAME}
     PUBLIC ${EMNAPI_DEFINES}
-    PRIVATE "EMNAPI_DISABLE_UV"
   )
   if(IS_EMSCRIPTEN)
     set_target_properties(${EMNAPI_BASIC_TARGET_NAME} PROPERTIES INTERFACE_LINK_DEPENDS ${EMNAPI_JS_LIB})
@@ -229,13 +237,13 @@ if(EMNAPI_BUILD_FOR_NAPI_RS)
   if(EMNAPI_BUILD_BASIC_LIBS)
     add_library(${EMNAPI_BASIC_NAPI_RS_MT_TARGET_NAME} STATIC
       ${ENAPI_BASIC_SRC}
+      ${UV_SRC}
       "${CMAKE_CURRENT_SOURCE_DIR}/src/thread/async_worker_create.c"
       "${CMAKE_CURRENT_SOURCE_DIR}/src/thread/async_worker_init.S"
     )
     target_include_directories(${EMNAPI_BASIC_NAPI_RS_MT_TARGET_NAME} PUBLIC ${EMNAPI_INCLUDE})
     target_compile_definitions(${EMNAPI_BASIC_NAPI_RS_MT_TARGET_NAME}
       PUBLIC ${EMNAPI_DEFINES} "NAPI_EXTERN=__attribute__((__import_module__(\"env\")))"
-      PRIVATE "EMNAPI_DISABLE_UV"
     )
   endif()
 endif()
@@ -244,14 +252,14 @@ if(EMNAPI_BUILD_BASIC_LIBS)
   if(EMNAPI_BUILD_BASIC_MT)
     add_library(${EMNAPI_BASIC_MT_TARGET_NAME} STATIC
       ${ENAPI_BASIC_SRC}
+      ${UV_SRC}
       "${CMAKE_CURRENT_SOURCE_DIR}/src/thread/async_worker_create.c"
       "${CMAKE_CURRENT_SOURCE_DIR}/src/thread/async_worker_init.S"
     )
     target_compile_options(${EMNAPI_BASIC_MT_TARGET_NAME} PUBLIC "-matomics" "-mbulk-memory")
     target_include_directories(${EMNAPI_BASIC_MT_TARGET_NAME} PUBLIC ${EMNAPI_INCLUDE})
     target_compile_definitions(${EMNAPI_BASIC_MT_TARGET_NAME}
       PUBLIC ${EMNAPI_DEFINES}
-      PRIVATE "EMNAPI_DISABLE_UV"
     )
 
     if(IS_EMSCRIPTEN)
@@ -279,15 +287,6 @@ if(EMNAPI_BUILD_MT)
     set_target_properties(${EMNAPI_MT_TARGET_NAME} PROPERTIES INTERFACE_LINK_DEPENDS ${EMNAPI_JS_LIB})
     target_link_options(${EMNAPI_MT_TARGET_NAME} INTERFACE "--js-library=${EMNAPI_JS_LIB}")
   endif()
-  if(EMNAPI_WORKER_POOL_SIZE)
-    target_compile_definitions(${EMNAPI_MT_TARGET_NAME} PRIVATE "EMNAPI_WORKER_POOL_SIZE=${EMNAPI_WORKER_POOL_SIZE}")
-  endif()
-  if(EMNAPI_NEXTTICK_TYPE)
-    target_compile_definitions(${EMNAPI_MT_TARGET_NAME} PRIVATE "EMNAPI_NEXTTICK_TYPE=${EMNAPI_NEXTTICK_TYPE}")
-  endif()
-  if(EMNAPI_USE_PROXYING)
-    target_compile_definitions(${EMNAPI_MT_TARGET_NAME} PRIVATE "EMNAPI_USE_PROXYING=${EMNAPI_USE_PROXYING}")
-  endif()
 
   if(EMNAPI_BUILD_V8)
     add_library(${V8_MT_TARGET_NAME} STATIC ${V8_SRC})

packages/emnapi/emnapi.gyp

@@ -48,14 +48,21 @@
       'target_name': 'emnapi_basic',
       'type': 'static_library',
       'defines': [
-        'EMNAPI_DISABLE_UV'
       ],
       'sources': [
         'src/js_native_api.c',
         'src/node_api.c',
         'src/async_cleanup_hook.c',
         'src/async_context.c',
         'src/wasi_wait.c',
+
+        'src/uv/uv-common.c',
+        'src/uv/threadpool.c',
+        'src/uv/unix/loop.c',
+        'src/uv/unix/posix-hrtime.c',
+        'src/uv/unix/thread.c',
+        'src/uv/unix/async.c',
+        'src/uv/unix/core.c',
       ],
       'link_settings': {
         'target_conditions': [

packages/emnapi/package.json

@@ -15,8 +15,8 @@
   "scripts": {
     "build": "node ./script/build.js",
     "version": "node ./script/version.js",
-    "generate-struct-info-wasm32": "node -e \"fs.mkdirSync('script/out',{recursive:true})\" && emcc -Iinclude/node script/generate_struct_info.c -sNODERAWFS -o script/out/generate_struct_info_wasm32.js && node ./script/out/generate_struct_info_wasm32.js",
-    "generate-struct-info-wasm64": "node -e \"fs.mkdirSync('script/out',{recursive:true})\" && emcc -Iinclude/node script/generate_struct_info.c -sNODERAWFS -sMEMORY64 -o script/out/generate_struct_info_wasm64.js && node ./script/out/generate_struct_info_wasm64.js",
+    "generate-struct-info-wasm32": "node -e \"fs.mkdirSync('script/out',{recursive:true})\" && emcc -Iinclude/node -pthread script/generate_struct_info.c -sNODERAWFS -o script/out/generate_struct_info_wasm32.js && node ./script/out/generate_struct_info_wasm32.js",
+    "generate-struct-info-wasm64": "node -e \"fs.mkdirSync('script/out',{recursive:true})\" && emcc -Iinclude/node -pthread script/generate_struct_info.c -sNODERAWFS -sMEMORY64 -o script/out/generate_struct_info_wasm64.js && node ./script/out/generate_struct_info_wasm64.js",
     "generate-struct-info": "npm run generate-struct-info-wasm32 && npm run generate-struct-info-wasm64"
   },
   "repository": {

packages/emnapi/script/build.js

@@ -353,7 +353,7 @@ async function build () {
       coreTsconfigPath,
       path.join(__dirname, '../src/core/async-work.ts'),
       path.join(outputDir, 'async-work.js'),
-      ['emnapiCtx', 'emnapiEnv', 'emnapiNodeBinding', 'emnapiAsyncWorkPoolSize'],
+      ['emnapiCtx', 'emnapiNodeBinding', 'emnapiAsyncWorkPoolSize'],
       ['napi']
     ),
     buildNonEmscriptenPlugin(
@@ -362,7 +362,6 @@ async function build () {
       path.join(outputDir, 'threadsafe-function.js'),
       [
         'emnapiCtx',
-        'emnapiEnv',
         'emnapiNodeBinding',
         '_emnapi_node_emit_async_destroy: __emnapi_node_emit_async_destroy',
         '_emnapi_node_emit_async_init: __emnapi_node_emit_async_init',

packages/emnapi/script/generate_struct_info.c

@@ -1,19 +1,14 @@
 #include <stdio.h>
 #include "../src/emnapi_internal.h"
+#include "../src/threadsafe_function.h"
 
 #ifdef __wasm64__
 #define WASM_BIT "64"
 #else
 #define WASM_BIT "32"
 #endif
 
-int main() {
-  FILE* f = fopen("src/typings/struct-wasm" WASM_BIT ".d.ts", "w");
-  if (f == NULL) {
-    fprintf(stderr, "Failed to open file\n");
-    return 1;
-  }
-
+void print_napi_env_info(FILE* f) {
   fprintf(f, "declare const enum NapiEnvOffset" WASM_BIT " {\n");
   fprintf(f, "  __size__ = %zu,\n", sizeof(node_api_base_env__));
   fprintf(f, "  vptr = %zu,\n", offsetof(node_api_base_env__, vptr));
@@ -28,6 +23,48 @@ int main() {
   fprintf(f, "  last_error_engine_error_code = %zu,\n", offsetof(node_api_base_env__, last_error) + offsetof(napi_extended_error_info, engine_error_code));
   fprintf(f, "  last_error_error_code = %zu,\n", offsetof(node_api_base_env__, last_error) + offsetof(napi_extended_error_info, error_code));
   fprintf(f, "}\n");
+}
+
+void print_napi_threadsafe_function_info(FILE* f) {
+  fprintf(f, "declare const enum NapiTSFNOffset" WASM_BIT " {\n");
+  fprintf(f, "  __size__ = %zu,\n", sizeof(struct napi_threadsafe_function__));
+  fprintf(f, "  async_resource = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource));
+  fprintf(f, "  async_resource___size__ = %zu,\n", sizeof(optional_async_resource));
+  fprintf(f, "  async_resource_resource = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, resource_));
+  fprintf(f, "  async_resource_async_context = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, async_context_));
+  fprintf(f, "  async_resource_async_context___size__ = %zu,\n", sizeof(async_context));
+  fprintf(f, "  async_resource_async_context_async_id = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, async_context_) + offsetof(async_context, async_id));
+  fprintf(f, "  async_resource_async_context_trigger_async_id = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, async_context_) + offsetof(async_context, trigger_async_id));
+  fprintf(f, "  async_resource_is_some = %zu,\n", offsetof(struct napi_threadsafe_function__, async_resource) + offsetof(optional_async_resource, is_some));
+  fprintf(f, "  mutex = %zu,\n", offsetof(struct napi_threadsafe_function__, mutex));
+  fprintf(f, "  cond = %zu,\n", offsetof(struct napi_threadsafe_function__, cond));
+  fprintf(f, "  queue_size = %zu,\n", offsetof(struct napi_threadsafe_function__, queue_size));
+  fprintf(f, "  queue = %zu,\n", offsetof(struct napi_threadsafe_function__, queue));
+  fprintf(f, "  async = %zu,\n", offsetof(struct napi_threadsafe_function__, async));
+  fprintf(f, "  thread_count = %zu,\n", offsetof(struct napi_threadsafe_function__, thread_count));
+  fprintf(f, "  state = %zu,\n", offsetof(struct napi_threadsafe_function__, state));
+  fprintf(f, "  dispatch_state = %zu,\n", offsetof(struct napi_threadsafe_function__, dispatch_state));
+  fprintf(f, "  context = %zu,\n", offsetof(struct napi_threadsafe_function__, context));
+  fprintf(f, "  max_queue_size = %zu,\n", offsetof(struct napi_threadsafe_function__, max_queue_size));
+  fprintf(f, "  ref = %zu,\n", offsetof(struct napi_threadsafe_function__, ref));
+  fprintf(f, "  env = %zu,\n", offsetof(struct napi_threadsafe_function__, env));
+  fprintf(f, "  finalize_data = %zu,\n", offsetof(struct napi_threadsafe_function__, finalize_data));
+  fprintf(f, "  finalize_cb = %zu,\n", offsetof(struct napi_threadsafe_function__, finalize_cb));
+  fprintf(f, "  call_js_cb = %zu,\n", offsetof(struct napi_threadsafe_function__, call_js_cb));
+  fprintf(f, "  handles_closing = %zu,\n", offsetof(struct napi_threadsafe_function__, handles_closing));
+  fprintf(f, "  async_ref = %zu,\n", offsetof(struct napi_threadsafe_function__, async_ref));
+  fprintf(f, "}\n");
+}
+
+int main() {
+  FILE* f = fopen("src/typings/struct-wasm" WASM_BIT ".d.ts", "w");
+  if (f == NULL) {
+    fprintf(stderr, "Failed to open file\n");
+    return 1;
+  }
+
+  print_napi_env_info(f);
+  print_napi_threadsafe_function_info(f);
 
   fclose(f);
   return 0;

packages/emnapi/src/async_cleanup_hook.c

@@ -82,8 +82,6 @@ _emnapi_ach_handle_create(node_api_basic_env env,
   return handle;
 }
 
-EMNAPI_INTERNAL_EXTERN void _emnapi_set_immediate(void (*callback)(void*), void* data);
-
 static void _emnapi_ach_handle_env_unref(void* arg) {
   node_api_basic_env env = (node_api_basic_env) arg;
   _emnapi_env_unref(env);

packages/emnapi/src/core/async-work.ts

@@ -1,5 +1,5 @@
 /* eslint-disable @stylistic/indent */
-import { onCreateWorker, napiModule, singleThreadAsyncWork, _emnapi_async_work_pool_size } from 'emnapi:shared'
+import { emnapiEnv, onCreateWorker, napiModule, singleThreadAsyncWork, _emnapi_async_work_pool_size } from 'emnapi:shared'
 import { PThread, ENVIRONMENT_IS_NODE, ENVIRONMENT_IS_PTHREAD, wasmInstance, _free, wasmMemory, _malloc } from 'emscripten:runtime'
 import { POINTER_SIZE, to64, makeDynCall, makeSetValue, from64 } from 'emscripten:parse-tools'
 import { emnapiAWST } from '../async-work'
@@ -9,7 +9,6 @@ import { $CHECK_ENV_NOT_IN_GC, $CHECK_ARG, $CHECK_ENV } from '../macro'
 
 declare var emnapiPluginCtx: any
 declare var emnapiCtx: Context
-declare var emnapiEnv: Env
 declare var emnapiNodeBinding: NodeBinding | undefined
 
 const {
@@ -100,6 +99,9 @@ var emnapiAWMT = {
         const worker = onCreateWorker({ type: 'async-work', name: 'emnapi-async-worker' })
         const p = PThread.loadWasmModuleToWorker(worker)
         emnapiAWMT.addListener(worker)
+        if (typeof emnapiPluginCtx.emnapiTSFN !== 'undefined') {
+          emnapiPluginCtx.emnapiTSFN.addListener(worker)
+        }
         promises.push(p.then(() => {
           if (typeof worker.unref === 'function') {
             worker.unref()

packages/emnapi/src/core/async.ts

@@ -23,6 +23,15 @@ function emnapiGetWorkerByPthreadPtr (pthreadPtr: number): any {
   return worker
 }
 
+/** @__sig vp */
+export function _emnapi_worker_ref (pthreadPtr: number): void {
+  if (ENVIRONMENT_IS_PTHREAD) return
+  const worker = emnapiGetWorkerByPthreadPtr(pthreadPtr)
+  if (worker && typeof worker.ref === 'function') {
+    worker.ref()
+  }
+}
+
 /** @__sig vp */
 export function _emnapi_worker_unref (pthreadPtr: number): void {
   if (ENVIRONMENT_IS_PTHREAD) return

packages/emnapi/src/emnapi_internal.h

@@ -1,3 +1,6 @@
+#ifndef EMNAPI_INTERNAL_H
+#define EMNAPI_INTERNAL_H
+
 #include "emnapi.h"
 
 #if defined(__EMSCRIPTEN__) || defined(__wasi__)
@@ -103,6 +106,12 @@ EMNAPI_INTERNAL_EXTERN int _emnapi_is_main_browser_thread();
 EMNAPI_INTERNAL_EXTERN int _emnapi_is_main_runtime_thread();
 EMNAPI_INTERNAL_EXTERN double _emnapi_get_now();
 EMNAPI_INTERNAL_EXTERN void _emnapi_unwind();
+EMNAPI_INTERNAL_EXTERN void _emnapi_set_immediate(void (*callback)(void*), void* data);
+EMNAPI_INTERNAL_EXTERN napi_status _emnapi_create_function(const char* utf8name,
+                                                           size_t length,
+                                                           napi_callback cb,
+                                                           void* data,
+                                                           napi_value* result);
 
 #if defined(__EMSCRIPTEN_PTHREADS__) || defined(_REENTRANT)
 #define EMNAPI_HAVE_THREADS 1
@@ -182,3 +191,5 @@ void _emnapi_env_check_gc_access(napi_env env);
 EXTERN_C_END
 
 #include "js_native_api_internal.h"
+
+#endif