starboard: Harden thread safety checks and simplify ThreadChecker (#7499)

kjyoun · web-flow · commit 12cf2a4c4d55 · 2025-11-01T05:37:13.000Z
This change improves thread safety and robustness by enabling thread
checks in release builds and simplifying the underlying ThreadChecker
implementation.

Key changes:
- `ThreadChecker` is no longer a no-op in release builds. It has been
simplified to always bind to its creation thread, removing complex
atomic and lazy-initialization logic.
- All usages of `SB_DCHECK(thread_checker_.CalledOnValidThread())` have
been converted to `SB_CHECK`. This elevates the check from a debug-only
assertion to a fatal error in all build types, ensuring that any
threading violations are caught immediately.
- `JobQueue` is updated to use the new, simpler ThreadChecker, removing
its own redundant thread ID tracking.

Bug: 435425692
diff --git a/starboard/android/shared/audio_decoder_passthrough.h b/starboard/android/shared/audio_decoder_passthrough.h
@@ -40,7 +40,7 @@ class AudioDecoderPassthrough : public AudioDecoder {
 
   // AudioDecoder methods.
   void Initialize(const OutputCB& output_cb, const ErrorCB& error_cb) override {
-    SB_DCHECK(thread_checker_.CalledOnValidThread());
+    SB_CHECK(thread_checker_.CalledOnValidThread());
     SB_DCHECK(!output_cb_);
     SB_DCHECK(output_cb);
 
@@ -49,7 +49,7 @@ class AudioDecoderPassthrough : public AudioDecoder {
 
   void Decode(const InputBuffers& input_buffers,
               const ConsumedCB& consumed_cb) override {
-    SB_DCHECK(thread_checker_.CalledOnValidThread());
+    SB_CHECK(thread_checker_.CalledOnValidThread());
     SB_DCHECK(!input_buffers.empty());
     SB_DCHECK(consumed_cb);
     SB_DCHECK(output_cb_);
@@ -76,15 +76,15 @@ class AudioDecoderPassthrough : public AudioDecoder {
   }
 
   void WriteEndOfStream() override {
-    SB_DCHECK(thread_checker_.CalledOnValidThread());
+    SB_CHECK(thread_checker_.CalledOnValidThread());
     SB_DCHECK(output_cb_);
 
     decoded_audios_.push(new DecodedAudio);
     output_cb_();
   }
 
   scoped_refptr<DecodedAudio> Read(int* samples_per_second) override {
-    SB_DCHECK(thread_checker_.CalledOnValidThread());
+    SB_CHECK(thread_checker_.CalledOnValidThread());
     SB_DCHECK(samples_per_second);
     SB_DCHECK(!decoded_audios_.empty());
 
@@ -96,7 +96,7 @@ class AudioDecoderPassthrough : public AudioDecoder {
   }
 
   void Reset() override {
-    SB_DCHECK(thread_checker_.CalledOnValidThread());
+    SB_CHECK(thread_checker_.CalledOnValidThread());
 
     decoded_audios_ = std::queue<scoped_refptr<DecodedAudio>>();  // Clear
   }
diff --git a/starboard/android/shared/audio_sink_min_required_frames_tester.cc b/starboard/android/shared/audio_sink_min_required_frames_tester.cc
@@ -54,7 +54,7 @@ MinRequiredFramesTester::MinRequiredFramesTester(int max_required_frames,
       destroying_(false) {}
 
 MinRequiredFramesTester::~MinRequiredFramesTester() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   destroying_.store(true);
   if (tester_thread_) {
     test_complete_cv_.notify_one();
@@ -69,7 +69,7 @@ void MinRequiredFramesTester::AddTest(
     int sample_rate,
     const OnMinRequiredFramesReceivedCallback& received_cb,
     int default_required_frames) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   // MinRequiredFramesTester doesn't support to add test after starts.
   SB_DCHECK(!tester_thread_);
 
@@ -78,7 +78,7 @@ void MinRequiredFramesTester::AddTest(
 }
 
 void MinRequiredFramesTester::Start() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   // MinRequiredFramesTester only supports to start once.
   SB_DCHECK(!tester_thread_);
 
diff --git a/starboard/android/shared/video_frame_tracker.cc b/starboard/android/shared/video_frame_tracker.cc
@@ -18,6 +18,7 @@
 #include <cmath>
 #include <cstdint>
 #include <cstdlib>
+#include <list>
 #include <mutex>
 #include <vector>
 
@@ -75,7 +76,7 @@ int64_t VideoFrameTracker::seek_to_time() const {
 }
 
 void VideoFrameTracker::OnInputBuffer(int64_t timestamp) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   if (frames_to_be_rendered_.empty()) {
     frames_to_be_rendered_.push_back(timestamp);
@@ -112,7 +113,7 @@ void VideoFrameTracker::OnFrameRendered(int64_t frame_timestamp) {
 }
 
 void VideoFrameTracker::Seek(int64_t seek_to_time) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   // Ensure that all dropped frames before seeking are captured.
   UpdateDroppedFrames();
@@ -122,13 +123,13 @@ void VideoFrameTracker::Seek(int64_t seek_to_time) {
 }
 
 int VideoFrameTracker::UpdateAndGetDroppedFrames() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   UpdateDroppedFrames();
   return dropped_frames_;
 }
 
 void VideoFrameTracker::UpdateDroppedFrames() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   {
     std::lock_guard lock(rendered_frames_mutex_);
diff --git a/starboard/nplb/player_test_fixture.cc b/starboard/nplb/player_test_fixture.cc
@@ -232,13 +232,13 @@ SbPlayerTestFixture::SbPlayerTestFixture(
 }
 
 SbPlayerTestFixture::~SbPlayerTestFixture() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   TearDown();
 }
 
 void SbPlayerTestFixture::Seek(const int64_t time) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   SB_DCHECK(SbPlayerIsValid(player_));
 
   ASSERT_FALSE(error_occurred_);
@@ -256,7 +256,7 @@ void SbPlayerTestFixture::Seek(const int64_t time) {
 }
 
 void SbPlayerTestFixture::Write(const GroupedSamples& grouped_samples) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   SB_DCHECK(SbPlayerIsValid(player_));
   SB_DCHECK(!audio_end_of_stream_written_);
   SB_DCHECK(!video_end_of_stream_written_);
@@ -331,15 +331,15 @@ void SbPlayerTestFixture::Write(const GroupedSamples& grouped_samples) {
 }
 
 void SbPlayerTestFixture::WaitForPlayerPresenting() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   SB_DCHECK(SbPlayerIsValid(player_));
 
   ASSERT_FALSE(error_occurred_);
   ASSERT_NO_FATAL_FAILURE(WaitForPlayerState(kSbPlayerStatePresenting));
 }
 
 void SbPlayerTestFixture::WaitForPlayerEndOfStream() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   SB_DCHECK(SbPlayerIsValid(player_));
   SB_DCHECK(!audio_dmp_reader_ || audio_end_of_stream_written_);
   SB_DCHECK(!video_dmp_reader_ || video_end_of_stream_written_);
@@ -355,7 +355,7 @@ int64_t SbPlayerTestFixture::GetCurrentMediaTime() const {
 }
 
 void SbPlayerTestFixture::SetAudioWriteDuration(int64_t duration) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   SB_DCHECK_GT(duration, 0);
   audio_write_duration_ = duration;
 }
@@ -435,7 +435,7 @@ void SbPlayerTestFixture::OnError(SbPlayer player,
 }
 
 void SbPlayerTestFixture::Initialize() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   // Initialize drm system.
   if (!key_system_.empty()) {
@@ -474,7 +474,7 @@ void SbPlayerTestFixture::Initialize() {
 }
 
 void SbPlayerTestFixture::TearDown() {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   // We should always destroy |player_| and |drm_system_|, no matter if there's
   // any unexpected player error.
@@ -521,7 +521,7 @@ void SbPlayerTestFixture::WriteAudioSamples(
     int64_t timestamp_offset,
     int64_t discarded_duration_from_front,
     int64_t discarded_duration_from_back) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   SB_DCHECK(SbPlayerIsValid(player_));
   SB_DCHECK(audio_dmp_reader_);
   SB_DCHECK_GE(start_index, 0);
@@ -550,7 +550,7 @@ void SbPlayerTestFixture::WriteAudioSamples(
 
 void SbPlayerTestFixture::WriteVideoSamples(int start_index,
                                             int samples_to_write) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   SB_DCHECK_GE(start_index, 0);
   SB_DCHECK_GT(samples_to_write, 0);
   SB_DCHECK(SbPlayerIsValid(player_));
@@ -566,7 +566,7 @@ void SbPlayerTestFixture::WriteVideoSamples(int start_index,
 }
 
 void SbPlayerTestFixture::WriteEndOfStream(SbMediaType media_type) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
   SB_DCHECK(SbPlayerIsValid(player_));
 
   if (media_type == kSbMediaTypeAudio) {
@@ -586,7 +586,7 @@ void SbPlayerTestFixture::WriteEndOfStream(SbMediaType media_type) {
 }
 
 void SbPlayerTestFixture::WaitAndProcessNextEvent(int64_t timeout) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   auto event = callback_event_queue_.GetTimed(timeout);
 
@@ -629,7 +629,7 @@ void SbPlayerTestFixture::WaitAndProcessNextEvent(int64_t timeout) {
 }
 
 void SbPlayerTestFixture::WaitForDecoderStateNeedsData(const int64_t timeout) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   bool old_can_accept_more_audio_data = can_accept_more_audio_data_;
   bool old_can_accept_more_video_data = can_accept_more_video_data_;
@@ -648,7 +648,7 @@ void SbPlayerTestFixture::WaitForDecoderStateNeedsData(const int64_t timeout) {
 
 void SbPlayerTestFixture::WaitForPlayerState(const SbPlayerState desired_state,
                                              const int64_t timeout) {
-  SB_DCHECK(thread_checker_.CalledOnValidThread());
+  SB_CHECK(thread_checker_.CalledOnValidThread());
 
   if (HasReceivedPlayerState(desired_state)) {
     return;
diff --git a/starboard/shared/starboard/player/job_queue.cc b/starboard/shared/starboard/player/job_queue.cc
@@ -64,8 +64,7 @@ void ResetCurrentThreadJobQueue() {
 
 }  // namespace
 
-JobQueue::JobQueue() : thread_id_(SbThreadGetId()) {
-  SB_DCHECK(SbThreadIsValidId(thread_id_));
+JobQueue::JobQueue() {
   SetCurrentThreadJobQueue(this);
 }
 
@@ -159,7 +158,7 @@ bool JobQueue::BelongsToCurrentThread() const {
   // The ctor already ensures that the current JobQueue is the only JobQueue of
   // the thread, checking for thread id is more light-weighted then calling
   // JobQueue::current() and compare the result with |this|.
-  return thread_id_ == SbThreadGetId();
+  return thread_checker_.CalledOnValidThread();
 }
 
 // static
diff --git a/starboard/shared/starboard/player/job_queue.h b/starboard/shared/starboard/player/job_queue.h
@@ -25,7 +25,7 @@
 #include "starboard/common/log.h"
 #include "starboard/common/time.h"
 #include "starboard/shared/internal_only.h"
-#include "starboard/thread.h"
+#include "starboard/shared/starboard/thread_checker.h"
 
 #ifndef __cplusplus
 #error "Only C++ files can include this header."
@@ -169,7 +169,7 @@ class JobQueue {
   // be run.
   bool TryToRunOneJob(bool wait_for_next_job);
 
-  const SbThreadId thread_id_;
+  ThreadChecker thread_checker_;
   std::mutex mutex_;
   std::condition_variable condition_;
   int64_t current_job_token_ = JobToken::kInvalidToken + 1;
diff --git a/starboard/shared/starboard/thread_checker.h b/starboard/shared/starboard/thread_checker.h
@@ -18,63 +18,23 @@
 #include <atomic>
 
 #include "build/build_config.h"
+#include "starboard/common/log.h"
 #include "starboard/thread.h"
 
 namespace starboard {
 
-#if BUILDFLAG(COBALT_IS_RELEASE_BUILD)
-
-class ThreadChecker {
- public:
-  enum Type { kSetThreadIdOnCreation, kSetThreadIdOnFirstCheck };
-
-  explicit ThreadChecker(Type type = kSetThreadIdOnCreation) {}
-
-  void Detach() {}
-
-  bool CalledOnValidThread() const { return true; }
-};
-
-#else  // BUILDFLAG(COBALT_IS_RELEASE_BUILD)
-
 class ThreadChecker {
  public:
-  enum Type { kSetThreadIdOnCreation, kSetThreadIdOnFirstCheck };
-
-  explicit ThreadChecker(Type type = kSetThreadIdOnCreation) {
-    if (type == kSetThreadIdOnCreation) {
-      thread_id_ = SbThreadGetId();
-    } else {
-      thread_id_ = kSbThreadInvalidId;
-    }
+  ThreadChecker() : thread_id_(SbThreadGetId()) {
+    SB_CHECK(SbThreadIsValidId(thread_id_));
   }
 
-  // Detached the thread checker from its current thread.  The thread checker
-  // will re-attach to a thread when CalledOnValidThread() is called again.
-  // This essentially reset the thread checker to a status just like that it
-  // was created with 'kSetThreadIdOnFirstCheck'.
-  void Detach() {
-    // This is safe as when this function is called, it is expected that it
-    // won't be called on its current thread.
-    thread_id_ = kSbThreadInvalidId;
-  }
-
-  bool CalledOnValidThread() const {
-    SbThreadId current_thread_id = SbThreadGetId();
-    SbThreadId stored_thread_id = kSbThreadInvalidId;
-    thread_id_.compare_exchange_weak(stored_thread_id, current_thread_id,
-                                     std::memory_order_relaxed,
-                                     std::memory_order_relaxed);
-    return stored_thread_id == kSbThreadInvalidId ||
-           stored_thread_id == current_thread_id;
-  }
+  bool CalledOnValidThread() const { return thread_id_ == SbThreadGetId(); }
 
  private:
-  mutable std::atomic<SbThreadId> thread_id_;
+  const SbThreadId thread_id_;
 };
 
-#endif  // BUILDFLAG(COBALT_IS_RELEASE_BUILD)
-
 // Alias to prevent breaking the RDK build on CI.
 // See https://paste.googleplex.com/4776103591936000
 // TODO: b/441955897 - Remove this alias once RDK build on CI is updated
diff --git a/starboard/shared/widevine/drm_system_widevine.cc b/starboard/shared/widevine/drm_system_widevine.cc

Original file line number	Diff line number	Diff line change
`@@ -64,8 +64,7 @@ void ResetCurrentThreadJobQueue() {`
`64`	`64`
`65`	`65`	`} // namespace`
`66`	`66`
`67`		`-JobQueue::JobQueue() : thread_id_(SbThreadGetId()) {`
`68`		`- SB_DCHECK(SbThreadIsValidId(thread_id_));`
	`67`	`+JobQueue::JobQueue() {`
`69`	`68`	`SetCurrentThreadJobQueue(this);`
`70`	`69`	`}`
`71`	`70`
`@@ -159,7 +158,7 @@ bool JobQueue::BelongsToCurrentThread() const {`
`159`	`158`	`// The ctor already ensures that the current JobQueue is the only JobQueue of`
`160`	`159`	`// the thread, checking for thread id is more light-weighted then calling`
`161`	`160`	`// JobQueue::current() and compare the result with \|this\|.`
`162`		`- return thread_id_ == SbThreadGetId();`
	`161`	`+ return thread_checker_.CalledOnValidThread();`
`163`	`162`	`}`
`164`	`163`
`165`	`164`	`// static`