Reliably cancel in-progress CryptoResult(Impl) upon shutdown.

Source/modules/crypto/CryptoResultImpl.h

Index: Source/modules/crypto/CryptoResultImpl.h
diff --git a/Source/modules/crypto/CryptoResultImpl.h b/Source/modules/crypto/CryptoResultImpl.h
index b6cb6e90126c8290fdfbbd3a2172afc230868247..b1166de82f4b242eadaa4b27b84272cb53c377de 100644
--- a/Source/modules/crypto/CryptoResultImpl.h
+++ b/Source/modules/crypto/CryptoResultImpl.h
@@ -37,10 +37,10 @@
 #include "platform/CryptoResult.h"
 #include "public/platform/WebCrypto.h"
 #include "wtf/Forward.h"
+#include "wtf/ThreadingPrimitives.h"
 
 namespace blink {
 
-class ScriptPromiseResolver;
 MODULES_EXPORT ExceptionCode webCryptoErrorToExceptionCode(WebCryptoErrorType);
 
 // Wrapper around a Promise to notify completion of the crypto operation.
@@ -50,40 +50,73 @@ MODULES_EXPORT ExceptionCode webCryptoErrorToExceptionCode(WebCryptoErrorType);
 //
 //  * At creation time there must be an active ExecutionContext.
 //  * The CryptoResult interface must only be called from the origin thread.
-//  * ref(), deref(), cancelled() and cancel() can be called from any thread.
+//  * cancel() can only be called from the origin thread.
+//  * ref(), deref() can be called from any thread.
 //  * One of the completeWith***() functions must be called, or the
 //    m_resolver will be leaked until the ExecutionContext is destroyed.
 class CryptoResultImpl final : public CryptoResult {
 public:
-    ~CryptoResultImpl();
-
     static PassRefPtrWillBeRawPtr<CryptoResultImpl> create(ScriptState*);
 
+    ~CryptoResultImpl();
+
     void completeWithError(WebCryptoErrorType, const WebString&) override;
     void completeWithBuffer(const void* bytes, unsigned bytesSize) override;
     void completeWithJson(const char* utf8Data, unsigned length) override;
     void completeWithBoolean(bool) override;
     void completeWithKey(const WebCryptoKey&) override;
     void completeWithKeyPair(const WebCryptoKey& publicKey, const WebCryptoKey& privateKey) override;
-    bool cancelled() const override;
 
     // If called after completion (including cancellation) will return an empty
     // ScriptPromise.
     ScriptPromise promise();
 
+    WebCryptoResult result()
+    {
+        return WebCryptoResult(this);
+    }
+
+    bool registerResult(WebCryptoResult*) override;
+    void unregisterResult(WebCryptoResult*) override;
+    bool isOwnerResult(WebCryptoResult* result) const override { return result == m_resultOwner; }
+
+    DECLARE_VIRTUAL_TRACE();
+
 private:
     class Resolver;
     explicit CryptoResultImpl(ScriptState*);
 
-    void clearResolver();
     void cancel();
+    void clearResolver();
+
+    RawPtrWillBeMember<Resolver> m_resolver;
+
+    Mutex m_mutex;

[eroman, 2015/07/25 01:44:38]

Does this work? My understanding of this code is it relies on allowing recursive
locking (for instance in cancel()), so need RecursiveMutex

 
-    // FIXME: ScriptPromiseResolver should not be exported.
-    // Instead, use ScriptPromise.
-    ScriptPromiseResolver* m_resolver;
-    volatile int m_cancelled;
+    // To reliably allow a WebCrypto-using execution context to shut down while
+    // crypto operations it has issued are still underway, have CryptoResultImpl
+    // objects keep track of the WebCryptoResult where the result will eventually
+    // be reported, via a completeWith*() method.
+    //
+    // Should the execution context be stop()ped before that time, that registered
+    // WebCryptoResult is clear&cancelled. The execution context can then
+    // proceed and shut down tidily.
+    //
+    // When the corresponding crypto operation eventually completes, the webcrypto
+    // thread will observe the corresponding WebCryptoResult as cancelled and
+    // not attempt to invoke a completeWith*() method.
+    //
+    // This arrangement places a constraint on how the WebCryptoResult-wrapped CryptoResultImpl
+    // is used by the embedder's WebCrypto layer. The WebCryptoResult initially passed along
+    // from Blink may be assigned to other WebCryptoResult values, but by doing so the assigned-from
+    // WebCryptoResult must not be used for invoking a completeWith*() method. Only the last
+    // WebCryptoResult assigned to might be used.
+    //
+    // Asserts are in place to catch out such incorrect & unsupported use.
+    //
+    WebCryptoResult* m_resultOwner;
 };
 
 } // namespace blink
 
-#endif
+#endif // CryptoResultImpl_h