Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix Protected Value Property Access Safety #3505

Merged
merged 3 commits into from
Oct 14, 2021
Merged

Fix Protected Value Property Access Safety #3505

merged 3 commits into from
Oct 14, 2021

Conversation

jshier
Copy link
Contributor

@jshier jshier commented Oct 11, 2021
edited
Loading

Goals ⚽

This PR refactors the codebase to always access Protected properties through the wrapper when accessing sub properties. That is protectedValue.property must always be accessed as $protectedValue.property to the full access is protected by the lock.

Essentially, lock.around { value } is roughly equivalent to

lock.lock()
return value
lock.unlock()

which necessarily puts any access to the returned value's properties outside the lock. Instead, using the KeyPath-based dynamicMemberLookup ensures the entire access is protected, as it's roughly equivalent to:

lock.lock()
return value[keyPath: keyPath]
lock.unlock()

Implementation Details 🚧

In addition to auditing the use sites, various Protected APIs were updated to support throws/rethrows, to enable them to wrap throwing APIs. Namely, MultipartUpload has some troublesome internal API that access a Protected value while building the multipart payload, meaning the entire access must be protected. Both of these (let data = try $multipartFormData.read { try $0.encode() } and try $multipartFormData.read { try $0.writeEncodedData(to: fileURL) }) perform unbounded work inside the lock, which could have troublesome performance implications. However, without extensive refactoring of the multipart payload APIs, changes to the functionality isn't possible. This work was already being performed in the background, so overall impact should be minimal.

Testing Details 🔍

Additional tests were added, including one larger, high contention test which triggered the thread sanitizer when using a wrapped value instead of the wrapper.

@jshier jshier requested a review from cnoon October 11, 2021 03:31
cnoon
cnoon approved these changes Oct 14, 2021
View reviewed changes
Copy link
Member

@cnoon cnoon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great @jshier, nice work!

@jshier jshier merged commit c039ac7 into master Oct 14, 2021
@jshier jshier deleted the bug/protector-usage-safety branch October 14, 2021 00:46
@jshier jshier added this to the 5.5.0 milestone Dec 13, 2021
jshier added a commit that referenced this pull request Jan 15, 2022
@jshier
Fix Protected Value Property Access Safety (#3505)
3153eb8 
* Use the wrapper for property access, add tests.

* Note the change that triggers the sanitizer.

* Fix inappropriate wrapper access; local wrapper use.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cnoon cnoon cnoon approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.5.0
Development

Successfully merging this pull request may close these issues.
2 participants
@jshier @cnoon