Fix crashes caused by failing to unlock or destroy a static mutex while the app is being terminated

[nguyenhuy]

This is an interesting crash. Here is an example report in Pinterest app, happening on the static cacheLock mutex of ASImageNode:

There are other similar crashes related to __staticMutex in ASTextKitContext reported in #136. For instance, see thread #0 and #5 in this report, or thread #0 and #14 here.

Basically, what's happening is that all static mutexes are destroyed when an app is terminated by the system. At the same time, a static mutex is being unlocked or destroyed on another thread. The unlock or destruction yields a non-zero error code, which triggers an assertion, even in production.

A similar issue was discussed and fixed in Realm-Core (realm/realm-core#2243). For Texture, I went with a different approach that is arguably safer, IMHO. This should fix #136.

Mutex initialization using the PTHREAD_MUTEX_INITIALIZER does not immediately initialize the mutex. Instead, on first use, pthread_mutex_timedlock_np() or pthread_mutex_lock() or pthread_mutex_trylock() branches into a slow path and causes the initialization of the mutex. Because a mutex is not just a simple memory object and requires that some resources be allocated by the system, an attempt to call pthread_mutex_destroy() or pthread_mutex_unlock() on a mutex that was statically initialized using PTHREAD_MUTEX_INITIALIZER and was not yet locked causes an EINVAL error.

(https://www.ibm.com/support/knowledgecenter/en/ssw_i5_54/apis/users_65.htm)

[nguyenhuy]

Not sure why this is a recursive mutex in the first place.

[garrettmoon]

I hope for no good reason! Otherwise deadlocks…

[3a4oT]

@nguyenhuy thanks for the agenda and patch, very interesting. I still not understand how it triggers the assertion. Just two questions: 1 Have you reproduced it? And when do you plan next release?;)

[Adlai-Holler]

Wow it's awesome to know what is going on here.

What do you think about changing assert in ASDISPLAYNODE_THREAD_ASSERT_ON_ERROR into NSCAssert so that we won't get crashes in production? assert is enabled unless NDEBUG is defined – which most apps don't do.

[garrettmoon]

@nguyenhuy Since this is a failure case when the app exits I'm wondering if there's a solution which doesn't pollute client (to the lock) code. It seems that there is no user facing cost to these crashes?

While this is more formally correct, the react solution seems cleaner and likely has the same user facing impacts?

[garrettmoon]

I hope for no good reason! Otherwise deadlocks…

[maicki]

Awesome work @nguyenhuy. I would agree with @garrettmoon. The realm solution seems may a bit more simpler and we can repeat this pattern in other places if this repeats.
Otherwise it may makes it harder to change code were we handling the unlock of the lock.

[nguyenhuy]

@3a4oT To answer your questions:

• If a static mutex has been destroyed on the main thread during an app exit, calling pthread_mutex_unlock() to unlock it on a background thread causes the method to return a non-zero value. The value then triggers the assertion here.
• No, I have not been able to reproduce it.
• Soon™ :P

[nguyenhuy]

@Adlai-Holler Good idea. I went ahead and convert all assertions in ASThread to ASDisplayNodeCAssert.

@garrettmoon @maicki Thinking again, my approach requires more effort on client-side and so it is not scalable. I changed to the approach used in Realm.

[nguyenhuy]

I double-checked the code here and I'm 99% sure that this mutex doesn't need to be recursive.

[nguyenhuy]

^ @garrettmoon

[garrettmoon]

Cool :)

[nguyenhuy]

Merging. Thanks, everyone!