Make it easier to catch bugs in async command handling. (#25402)

bzbarsky-apple · pull[bot] · commit 15210683f93f · 2024-02-26T13:53:22.000Z
If GetSubjectDescriptor or GetAccessingFabricIndex were called on a
CommandHandler after the command handling had gone async, it would sometimes
crash, and sometimes not, depending on whether sessions had been evicted or not.

Make that situation always crash, so that it will be caught more easily in
testing.
diff --git a/src/app/CommandHandler.cpp b/src/app/CommandHandler.cpp
@@ -93,6 +93,8 @@ void CommandHandler::OnInvokeCommandRequest(Messaging::ExchangeContext * ec, con
         StatusResponse::Send(status, mExchangeCtx.Get(), false /*aExpectResponse*/);
         mSentStatusResponse = true;
     }
+
+    mGoneAsync = true;
 }
 
 Status CommandHandler::ProcessInvokeRequest(System::PacketBufferHandle && payload, bool isTimedInvoke)
@@ -577,6 +579,7 @@ TLV::TLVWriter * CommandHandler::GetCommandDataIBTLVWriter()
 
 FabricIndex CommandHandler::GetAccessingFabricIndex() const
 {
+    VerifyOrDie(!mGoneAsync);
     return mExchangeCtx->GetSessionHandle()->GetFabricIndex();
 }
 
diff --git a/src/app/CommandHandler.h b/src/app/CommandHandler.h
@@ -182,6 +182,13 @@ class CommandHandler : public Messaging::ExchangeDelegate
     CHIP_ERROR PrepareStatus(const ConcreteCommandPath & aCommandPath);
     CHIP_ERROR FinishStatus();
     TLV::TLVWriter * GetCommandDataIBTLVWriter();
+
+    /**
+     * GetAccessingFabricIndex() may only be called during synchronous command
+     * processing.  Anything that runs async (while holding a
+     * CommandHandler::Handle or equivalent) must not call this method, because
+     * it will not work right if the session we're using was evicted.
+     */
     FabricIndex GetAccessingFabricIndex() const;
 
     /**
@@ -272,7 +279,17 @@ class CommandHandler : public Messaging::ExchangeDelegate
         msgContext->FlushAcks();
     }
 
-    Access::SubjectDescriptor GetSubjectDescriptor() const { return mExchangeCtx->GetSessionHandle()->GetSubjectDescriptor(); }
+    /**
+     * GetSubjectDescriptor() may only be called during synchronous command
+     * processing.  Anything that runs async (while holding a
+     * CommandHandler::Handle or equivalent) must not call this method, because
+     * it might not work right if the session we're using was evicted.
+     */
+    Access::SubjectDescriptor GetSubjectDescriptor() const
+    {
+        VerifyOrDie(!mGoneAsync);
+        return mExchangeCtx->GetSessionHandle()->GetSubjectDescriptor();
+    }
 
 private:
     friend class TestCommandInteraction;
@@ -394,6 +411,10 @@ class CommandHandler : public Messaging::ExchangeDelegate
     chip::System::PacketBufferTLVWriter mCommandMessageWriter;
     TLV::TLVWriter mBackupWriter;
     bool mBufferAllocated = false;
+    // If mGoneAsync is true, we have finished out initial processing of the
+    // incoming invoke.  After this point, our session could go away at any
+    // time.
+    bool mGoneAsync = false;
 };
 
 } // namespace app

Original file line number	Diff line number	Diff line change
`@@ -93,6 +93,8 @@ void CommandHandler::OnInvokeCommandRequest(Messaging::ExchangeContext * ec, con`
`93`	`93`	`StatusResponse::Send(status, mExchangeCtx.Get(), false /aExpectResponse/);`
`94`	`94`	`mSentStatusResponse = true;`
`95`	`95`	`}`
	`96`	`+`
	`97`	`+ mGoneAsync = true;`
`96`	`98`	`}`
`97`	`99`
`98`	`100`	`Status CommandHandler::ProcessInvokeRequest(System::PacketBufferHandle && payload, bool isTimedInvoke)`
`@@ -577,6 +579,7 @@ TLV::TLVWriter * CommandHandler::GetCommandDataIBTLVWriter()`
`577`	`579`
`578`	`580`	`FabricIndex CommandHandler::GetAccessingFabricIndex() const`
`579`	`581`	`{`
	`582`	`+ VerifyOrDie(!mGoneAsync);`
`580`	`583`	`return mExchangeCtx->GetSessionHandle()->GetFabricIndex();`
`581`	`584`	`}`
`582`	`585`