async_hooks: don't abort unnecessarily

* id values of -1 are allowed. They indicate that the id was never
  correctly assigned to the async resource. These will appear in any
  call graph, and will only be apparent to those using the async_hooks
  module, then reported in an issue.
* ids < -1 are still not allowed and will cause the application to
  exit the process; because there is no scenario where this should ever
  happen.
* Add asyncId range checks to emitAfterScript().
* Fix emitBeforeScript() range checks which should have been || not &&.
* Replace errors with entries in internal/errors.
* Fix async_hooks tests that check for exceptions to match new
  internal/errors entries.

NOTE: emit{Before,After,Destroy}() must continue to exit the process
because in the case of an exception during hook execution the state of
the application is unknowable. For example, an exception could cause a
memory leak:

    const id_map = new Map();

    before(id) {
      id_map.set(id, /* data object or similar */);
    },
    after(id) {
      throw new Error('id never dies!');
      id_map.delete(id);
    }

Allowing a recoverable exception may also cause an abort because of a
stack check in Environment::AsyncHooks::pop_ids() that verifies the
async id and pop'd ids match. This case would be more difficult to debug
than if fatalError() (lib/async_hooks.js) was called immediately.

    try {
      async_hooks.emitBefore(null, NaN);
    } catch (e) { }
    // do something
    async_hooks.emitAfter(5);

It also allows an edge case where emitBefore() could be called twice and
not have the pop_ids() CHECK fail:

    try {
      async_hooks.emitBefore(5, NaN);
    } catch (e) { }
    async_hooks.emitBefore(5);
    // do something
    async_hooks.emitAfter(5);

There is the option of allowing mismatches in the stack and ignoring the
check if no async hooks are enabled, but I don't believe going this far
is necessary.

PR-URL: https://github.com/nodejs/node/pull/14722
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Refael Ackermann <refack@gmail.com>

1 files changed, 44 insertions, 24 deletions

diff --git a/lib/async_hooks.js b/lib/async_hooks.js
index 41810271a4..61b9d51e8a 100644
--- a/lib/async_hooks.js
+++ b/lib/async_hooks.js
@@ -1,6 +1,7 @@
 'use strict';
 
 const async_wrap = process.binding('async_wrap');
+const errors = require('internal/errors');
 /* async_hook_fields is a Uint32Array wrapping the uint32_t array of
  * Environment::AsyncHooks::fields_[]. Each index tracks the number of active
  * hooks for each type.
@@ -108,13 +109,13 @@ function fatalError(e) {
 class AsyncHook {
   constructor({ init, before, after, destroy }) {
     if (init !== undefined && typeof init !== 'function')
-      throw new TypeError('init must be a function');
+      throw new errors.TypeError('ERR_ASYNC_CALLBACK', 'init');
     if (before !== undefined && typeof before !== 'function')
-      throw new TypeError('before must be a function');
+      throw new errors.TypeError('ERR_ASYNC_CALLBACK', 'before');
     if (after !== undefined && typeof after !== 'function')
-      throw new TypeError('after must be a function');
+      throw new errors.TypeError('ERR_ASYNC_CALLBACK', 'before');
     if (destroy !== undefined && typeof destroy !== 'function')
-      throw new TypeError('destroy must be a function');
+      throw new errors.TypeError('ERR_ASYNC_CALLBACK', 'before');
 
     this[init_symbol] = init;
     this[before_symbol] = before;
@@ -235,8 +236,11 @@ class AsyncResource {
   constructor(type, triggerAsyncId = initTriggerId()) {
     // Unlike emitInitScript, AsyncResource doesn't supports null as the
     // triggerAsyncId.
-    if (!Number.isSafeInteger(triggerAsyncId) || triggerAsyncId < 0)
-      throw new RangeError('triggerAsyncId must be an unsigned integer');
+    if (!Number.isSafeInteger(triggerAsyncId) || triggerAsyncId < -1) {
+      throw new errors.RangeError('ERR_INVALID_ASYNC_ID',
+                                  'triggerAsyncId',
+                                  triggerAsyncId);
+    }
 
     this[async_id_symbol] = ++async_uid_fields[kAsyncUidCntr];
     this[trigger_id_symbol] = triggerAsyncId;
@@ -330,14 +334,17 @@ function emitInitScript(asyncId, type, triggerAsyncId, resource) {
     async_uid_fields[kInitTriggerId] = 0;
   }
 
-  // TODO(trevnorris): I'd prefer allowing these checks to not exist, or only
-  // throw in a debug build, in order to improve performance.
-  if (!Number.isSafeInteger(asyncId) || asyncId < 0)
-    throw new RangeError('asyncId must be an unsigned integer');
-  if (typeof type !== 'string' || type.length <= 0)
-    throw new TypeError('type must be a string with length > 0');
-  if (!Number.isSafeInteger(triggerAsyncId) || triggerAsyncId < 0)
-    throw new RangeError('triggerAsyncId must be an unsigned integer');
+  if (!Number.isSafeInteger(asyncId) || asyncId < -1) {
+    throw new errors.RangeError('ERR_INVALID_ASYNC_ID', 'asyncId', asyncId);
+  }
+  if (!Number.isSafeInteger(triggerAsyncId) || triggerAsyncId < -1) {
+    throw new errors.RangeError('ERR_INVALID_ASYNC_ID',
+                                'triggerAsyncId',
+                                triggerAsyncId);
+  }
+  if (typeof type !== 'string' || type.length <= 0) {
+    throw new errors.TypeError('ERR_ASYNC_TYPE', type);
+  }
 
   emitInitNative(asyncId, type, triggerAsyncId, resource);
 }
@@ -381,13 +388,17 @@ function emitHookFactory(symbol, name) {
 
 
 function emitBeforeScript(asyncId, triggerAsyncId) {
-  // CHECK(Number.isSafeInteger(asyncId) && asyncId > 0)
-  // CHECK(Number.isSafeInteger(triggerAsyncId) && triggerAsyncId > 0)
-
-  // Validate the ids.
-  if (asyncId < 0 || triggerAsyncId < 0) {
-    fatalError('before(): asyncId or triggerAsyncId is less than zero ' +
-               `(asyncId: ${asyncId}, triggerAsyncId: ${triggerAsyncId})`);
+  // Validate the ids. An id of -1 means it was never set and is visible on the
+  // call graph. An id < -1 should never happen in any circumstance. Throw
+  // on user calls because async state should still be recoverable.
+  if (!Number.isSafeInteger(asyncId) || asyncId < -1) {
+    fatalError(
+      new errors.RangeError('ERR_INVALID_ASYNC_ID', 'asyncId', asyncId));
+  }
+  if (!Number.isSafeInteger(triggerAsyncId) || triggerAsyncId < -1) {
+    fatalError(new errors.RangeError('ERR_INVALID_ASYNC_ID',
+                                     'triggerAsyncId',
+                                     triggerAsyncId));
   }
 
   pushAsyncIds(asyncId, triggerAsyncId);
@@ -398,6 +409,11 @@ function emitBeforeScript(asyncId, triggerAsyncId) {
 
 
 function emitAfterScript(asyncId) {
+  if (!Number.isSafeInteger(asyncId) || asyncId < -1) {
+    fatalError(
+      new errors.RangeError('ERR_INVALID_ASYNC_ID', 'asyncId', asyncId));
+  }
+
   if (async_hook_fields[kAfter] > 0)
     emitAfterNative(asyncId);
 
@@ -406,9 +422,13 @@ function emitAfterScript(asyncId) {
 
 
 function emitDestroyScript(asyncId) {
-  // Return early if there are no destroy callbacks, or on attempt to emit
-  // destroy on the void.
-  if (async_hook_fields[kDestroy] === 0 || asyncId === 0)
+  if (!Number.isSafeInteger(asyncId) || asyncId < -1) {
+    fatalError(
+      new errors.RangeError('ERR_INVALID_ASYNC_ID', 'asyncId', asyncId));
+  }
+
+  // Return early if there are no destroy callbacks, or invalid asyncId.
+  if (async_hook_fields[kDestroy] === 0 || asyncId <= 0)
     return;
   async_wrap.addIdToDestroyList(asyncId);
 }