Reliably cancel in-progress CryptoResult(Impl) upon shutdown.

Source/modules/crypto/CryptoResultImpl.h

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 19 matching lines @@
 
 #ifndef CryptoResultImpl_h
 #define CryptoResultImpl_h
 
 #include "bindings/core/v8/ScriptPromise.h"
 #include "core/dom/ExceptionCode.h"
 #include "modules/ModulesExport.h"
 #include "platform/CryptoResult.h"
 #include "public/platform/WebCrypto.h"
 #include "wtf/Forward.h"
+#include "wtf/ThreadingPrimitives.h"
 
 namespace blink {
 
-class ScriptPromiseResolver;
 MODULES_EXPORT ExceptionCode webCryptoErrorToExceptionCode(WebCryptoErrorType);
 
 // Wrapper around a Promise to notify completion of the crypto operation.
 //
 // The thread on which CryptoResultImpl was created on is referred to as the
 // "origin thread".
 //
 //  * At creation time there must be an active ExecutionContext.
 //  * The CryptoResult interface must only be called from the origin thread.
-//  * ref(), deref(), cancelled() and cancel() can be called from any thread.
+//  * cancel() can only be called from the origin thread.
+//  * ref(), deref() can be called from any thread.
 //  * One of the completeWith***() functions must be called, or the
 //    m_resolver will be leaked until the ExecutionContext is destroyed.
 class CryptoResultImpl final : public CryptoResult {
 public:
+    static PassRefPtrWillBeRawPtr<CryptoResultImpl> create(ScriptState*);
+
     ~CryptoResultImpl();
 
-    static PassRefPtrWillBeRawPtr<CryptoResultImpl> create(ScriptState*);
-
     void completeWithError(WebCryptoErrorType, const WebString&) override;
     void completeWithBuffer(const void* bytes, unsigned bytesSize) override;
     void completeWithJson(const char* utf8Data, unsigned length) override;
     void completeWithBoolean(bool) override;
     void completeWithKey(const WebCryptoKey&) override;
     void completeWithKeyPair(const WebCryptoKey& publicKey, const WebCryptoKey& privateKey) override;
-    bool cancelled() const override;
 
     // If called after completion (including cancellation) will return an empty
     // ScriptPromise.
     ScriptPromise promise();
 
+    WebCryptoResult result()
+    {
+        return WebCryptoResult(this);
+    }
+
+    bool registerResult(WebCryptoResult*) override;
+    void unregisterResult(WebCryptoResult*) override;
+    bool isOwnerResult(WebCryptoResult* result) const override { return result == m_resultOwner; }
+
+    DECLARE_VIRTUAL_TRACE();
+
 private:
     class Resolver;
     explicit CryptoResultImpl(ScriptState*);
 
+    void cancel();
     void clearResolver();
-    void cancel();
 
-    // FIXME: ScriptPromiseResolver should not be exported.
-    // Instead, use ScriptPromise.
-    ScriptPromiseResolver* m_resolver;
-    volatile int m_cancelled;
+    RawPtrWillBeMember<Resolver> m_resolver;
+
+    Mutex m_mutex;

[eroman, 2015/07/25 01:44:38]

Does this work? My understanding of this code is it relies on allowing recursive
locking (for instance in cancel()), so need RecursiveMutex

+
+    // To reliably allow a WebCrypto-using execution context to shut down while
+    // crypto operations it has issued are still underway, have CryptoResultImpl
+    // objects keep track of the WebCryptoResult where the result will eventually
+    // be reported, via a completeWith*() method.
+    //
+    // Should the execution context be stop()ped before that time, that registered
+    // WebCryptoResult is clear&cancelled. The execution context can then
+    // proceed and shut down tidily.
+    //
+    // When the corresponding crypto operation eventually completes, the webcrypto
+    // thread will observe the corresponding WebCryptoResult as cancelled and
+    // not attempt to invoke a completeWith*() method.
+    //
+    // This arrangement places a constraint on how the WebCryptoResult-wrapped CryptoResultImpl
+    // is used by the embedder's WebCrypto layer. The WebCryptoResult initially passed along
+    // from Blink may be assigned to other WebCryptoResult values, but by doing so the assigned-from
+    // WebCryptoResult must not be used for invoking a completeWith*() method. Only the last
+    // WebCryptoResult assigned to might be used.
+    //
+    // Asserts are in place to catch out such incorrect & unsupported use.
+    //
+    WebCryptoResult* m_resultOwner;
 };
 
 } // namespace blink
 
-#endif
+#endif // CryptoResultImpl_h