stream_base,tls_wrap: notify on destruct

[trevnorris]

Classes like TLSWrap are given a pointer to a StreamBase instance;
stored on the private member TLSWrap::stream_. Unfortunately the
lifetime of stream_ is not reported to the TLSWrap instance and if
free'd will leave an invalid pointer; which can still be accessed by the
TLSWrap instance. Causing the application to segfault if accessed.

Give StreamBase a destruct callback to notify when the class is being
cleaned up. Use this in TLSWrap to set stream_ = nullptr.

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• commit message follows [commit guidelines][]

Affected core subsystem(s)

stream_base, tls_wrap

CI: https://ci.nodejs.org/job/node-test-commit/8575/

[addaleax]

LGTM, thanks!

Can you also undo the lib/ and src/ changes from #11776 here? They should just be unnecessary overhead now.

[trevnorris]

@addaleax I reverted the lib/ and sr/ changes from that commit but it's crashing. I'll see if it can be easily fixed. /cc @jasnell

[addaleax]

Curious, I tried it too but it worked fine (leaving out the one in IsAlive() – maybe that’s it?)

edit:

diff:

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index e1767c5e6723..4c9294fb4e69 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -399,12 +399,6 @@ TLSSocket.prototype._wrapHandle = function(wrap) {
     res = null;
   });
 
-  if (wrap) {
-    wrap.on('close', function() {
-      res.onStreamClose();
-    });
-  }
-
   return res;
 };
 
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
index 3dad65011ff8..b4b1e9c9b10d 100644
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@@ -815,13 +815,6 @@ void TLSWrap::EnableSessionCallbacks(
 }
 
 
-void TLSWrap::OnStreamClose(const FunctionCallbackInfo<Value>& args) {
-  TLSWrap* wrap;
-  ASSIGN_OR_RETURN_UNWRAP(&wrap, args.Holder());
-
-  wrap->stream_ = nullptr;
-}
-
 
 void TLSWrap::DestroySSL(const FunctionCallbackInfo<Value>& args) {
   TLSWrap* wrap;
@@ -953,7 +946,6 @@ void TLSWrap::Initialize(Local<Object> target,
   env->SetProtoMethod(t, "enableSessionCallbacks", EnableSessionCallbacks);
   env->SetProtoMethod(t, "destroySSL", DestroySSL);
   env->SetProtoMethod(t, "enableCertCb", EnableCertCb);
-  env->SetProtoMethod(t, "onStreamClose", OnStreamClose);
 
   StreamBase::AddMethods<TLSWrap>(env, t, StreamBase::kFlagHasWritev);
   SSLWrap<TLSWrap>::AddMethods(env, t);
diff --git a/src/tls_wrap.h b/src/tls_wrap.h
index f1d53f3e2f5d..19633ea8667f 100644
--- a/src/tls_wrap.h
+++ b/src/tls_wrap.h
@@ -161,7 +161,6 @@ class TLSWrap : public AsyncWrap,
   static void EnableCertCb(
       const v8::FunctionCallbackInfo<v8::Value>& args);
   static void DestroySSL(const v8::FunctionCallbackInfo<v8::Value>& args);
-  static void OnStreamClose(const v8::FunctionCallbackInfo<v8::Value>& args);
 
 #ifdef SSL_CTRL_SET_TLSEXT_SERVERNAME_CB
   static void GetServername(const v8::FunctionCallbackInfo<v8::Value>& args);

[trevnorris]

@addaleax ah yup. it should be ssl_ != nullptr && stream_ != nullptr && stream_->IsAlive(). I'll add that in.

[addaleax]

Thanks! CI: https://ci.nodejs.org/job/node-test-commit/8576/ (edit: green up to a single Jenkins failure)

[bnoordhuis]

If TLSWrap is the only user of this, wouldn't it make more sense to set stream_ = nullptr in ~TLSWrap()?

(Also, that inheritance chain... TLSWrap -> StreamWrap -> StreamBase -> StreamResource, with multiple inheritance, CRTP and ad hoc function pointers thrown in for good measure. Barf!)

[trevnorris]

@bnoordhuis setting stream_ = nullptr in ~TLSWrap() actually isn't enough. And actually, just managed to create a new test that still segfaults. So I'm revisiting the patch.

EDIT: The failure I mentioned just happened to occur under similar circumstances, but unrelated to this PR.

[trevnorris]

@bnoordhuis okay. so this took me far longer than I'd have liked but I now remember why I made the change this way to begin with.

TLSWrap::stream_ points to the StreamBase* instance that's passed to TLSWrap::TLSWrap(). Each of these pointers are assigned to their own FunctionTemplate instance as an internal aligned pointer, and the lifetime of each is independent from the other. Meaning stream_ may be deleted even though the TLSWrap instance remains alive. In JS they're just attached as properties to each other.

So if the StreamBase instance is closed and released then stream_ will point to invalid memory, even though the TLSWrap instance is still alive. Which means the necessary step is to zero out the stream_ field in the TLSWrap instance, and also add stream != nullptr checks to the native methods like TLSWrap::IsAlive(), so it is no longer pointing to an invalid memory address.

To clarify (if that's possible) TLSWrap inherits from StreamBase and it holds a pointer to another StreamBase instance.

I'll update the commit message with all this information.

FYI all that class template multiple inheritance stuff going on is what lead me to this solution in c0e6c66:

#define ASSIGN_OR_RETURN_UNWRAP(ptr, obj, ...)                                \
  do {                                                                        \
    *ptr =                                                                    \
        Unwrap<typename node::remove_reference<decltype(**ptr)>::type>(obj);  \
    if (*ptr == nullptr)                                                      \
      return __VA_ARGS__;                                                     \
  } while (0)

In order to handle unwrapping in methods like template<class Base, ...> StreamBase::JSMethod() that need to convert a void* of a class instance in a template method to its parent class, that also has multiple inheritance.

[trevnorris]

@bnoordhuis Updated the commit message with some of the specifics I outlined above.

Rebased and new CI: https://ci.nodejs.org/job/node-test-commit/8650/

[trevnorris]

All tests are passing. Will land this tomorrow if there are no objections.

[addaleax]

Landed in 0db49fe...595efd8

[trevnorris]

@addaleax thanks much!