Store the Windows process HANDLE in Execution to avoid pid reuse races

Unlike Unix, Windows doesn't have a "zombie" state where the numeric pid remains valid after the subprocess has exited. Instead, the numeric process ID becomes invalid immediately once the process has exited. Per the Windows documentation of GetProcessId and related APIs, "Until a process terminates, its process identifier uniquely identifies it on the system."

On Windows, instead of closing/discarding the process HANDLE immediately after CreateProcess returns, retain the HANDLE in Execution and only close it once monitorProcessTermination returns. This resolve a race condition where the process could have exited between the period where CloseProcess was called and monitorProcessTermination is called. Now we simply use the original process handle to wait for the process to exit and retrieve its exit code, rather than "reverse engineering" its HANDLE from its numeric pid using OpenProcess.

Closes #92

Author: jakepetroules

Sources/Subprocess/API.swift

@@ -644,39 +644,40 @@ public func runDetached(
     output: FileDescriptor? = nil,
     error: FileDescriptor? = nil
 ) throws -> ProcessIdentifier {
+    let execution: Execution
     switch (input, output, error) {
     case (.none, .none, .none):
         let processInput = NoInput()
         let processOutput = DiscardedOutput()
         let processError = DiscardedOutput()
-        return try configuration.spawn(
+        execution = try configuration.spawn(
             withInput: try processInput.createPipe(),
             outputPipe: try processOutput.createPipe(),
             errorPipe: try processError.createPipe()
-        ).execution.processIdentifier
+        ).execution
     case (.none, .none, .some(let errorFd)):
         let processInput = NoInput()
         let processOutput = DiscardedOutput()
         let processError = FileDescriptorOutput(
             fileDescriptor: errorFd,
             closeAfterSpawningProcess: false
         )
-        return try configuration.spawn(
+        execution = try configuration.spawn(
             withInput: try processInput.createPipe(),
             outputPipe: try processOutput.createPipe(),
             errorPipe: try processError.createPipe()
-        ).execution.processIdentifier
+        ).execution
     case (.none, .some(let outputFd), .none):
         let processInput = NoInput()
         let processOutput = FileDescriptorOutput(
             fileDescriptor: outputFd, closeAfterSpawningProcess: false
         )
         let processError = DiscardedOutput()
-        return try configuration.spawn(
+        execution = try configuration.spawn(
             withInput: try processInput.createPipe(),
             outputPipe: try processOutput.createPipe(),
             errorPipe: try processError.createPipe()
-        ).execution.processIdentifier
+        ).execution
     case (.none, .some(let outputFd), .some(let errorFd)):
         let processInput = NoInput()
         let processOutput = FileDescriptorOutput(
@@ -687,23 +688,23 @@ public func runDetached(
             fileDescriptor: errorFd,
             closeAfterSpawningProcess: false
         )
-        return try configuration.spawn(
+        execution = try configuration.spawn(
             withInput: try processInput.createPipe(),
             outputPipe: try processOutput.createPipe(),
             errorPipe: try processError.createPipe()
-        ).execution.processIdentifier
+        ).execution
     case (.some(let inputFd), .none, .none):
         let processInput = FileDescriptorInput(
             fileDescriptor: inputFd,
             closeAfterSpawningProcess: false
         )
         let processOutput = DiscardedOutput()
         let processError = DiscardedOutput()
-        return try configuration.spawn(
+        execution = try configuration.spawn(
             withInput: try processInput.createPipe(),
             outputPipe: try processOutput.createPipe(),
             errorPipe: try processError.createPipe()
-        ).execution.processIdentifier
+        ).execution
     case (.some(let inputFd), .none, .some(let errorFd)):
         let processInput = FileDescriptorInput(
             fileDescriptor: inputFd, closeAfterSpawningProcess: false
@@ -713,11 +714,11 @@ public func runDetached(
             fileDescriptor: errorFd,
             closeAfterSpawningProcess: false
         )
-        return try configuration.spawn(
+        execution = try configuration.spawn(
             withInput: try processInput.createPipe(),
             outputPipe: try processOutput.createPipe(),
             errorPipe: try processError.createPipe()
-        ).execution.processIdentifier
+        ).execution
     case (.some(let inputFd), .some(let outputFd), .none):
         let processInput = FileDescriptorInput(
             fileDescriptor: inputFd,
@@ -728,11 +729,11 @@ public func runDetached(
             closeAfterSpawningProcess: false
         )
         let processError = DiscardedOutput()
-        return try configuration.spawn(
+        execution = try configuration.spawn(
             withInput: try processInput.createPipe(),
             outputPipe: try processOutput.createPipe(),
             errorPipe: try processError.createPipe()
-        ).execution.processIdentifier
+        ).execution
     case (.some(let inputFd), .some(let outputFd), .some(let errorFd)):
         let processInput = FileDescriptorInput(
             fileDescriptor: inputFd,
@@ -746,11 +747,13 @@ public func runDetached(
             fileDescriptor: errorFd,
             closeAfterSpawningProcess: false
         )
-        return try configuration.spawn(
+        execution = try configuration.spawn(
             withInput: try processInput.createPipe(),
             outputPipe: try processOutput.createPipe(),
             errorPipe: try processError.createPipe()
-        ).execution.processIdentifier
+        ).execution
     }
+    execution.release()
+    return execution.processIdentifier
 }
 

Sources/Subprocess/Configuration.swift

@@ -71,12 +71,11 @@ public struct Configuration: Sendable {
             outputPipe: output,
             errorPipe: error
         )
-        let pid = spawnResults.execution.processIdentifier
 
         var spawnResultBox: SpawnResult?? = consume spawnResults
         var _spawnResult = spawnResultBox!.take()!
 
-        let processIdentifier = _spawnResult.execution.processIdentifier
+        let execution = _spawnResult.execution
 
         let result: Swift.Result<Result, Error>
         do {
@@ -89,9 +88,8 @@ public struct Configuration: Sendable {
                 return try await body(_spawnResult.execution, inputIO, outputIO, errorIO)
             } onCleanup: {
                 // Attempt to terminate the child process
-                await Execution.runTeardownSequence(
-                    self.platformOptions.teardownSequence,
-                    on: pid
+                await execution.runTeardownSequence(
+                    self.platformOptions.teardownSequence
                 )
             })
         } catch {
@@ -103,7 +101,7 @@ public struct Configuration: Sendable {
         // even if `body` throws, and we are not leaving zombie processes in the
         // process table which will cause the process termination monitoring thread
         // to effectively hang due to the pid never being awaited
-        let terminationStatus = try await Subprocess.monitorProcessTermination(forProcessWithIdentifier: processIdentifier)
+        let terminationStatus = try await Subprocess.monitorProcessTermination(forExecution: _spawnResult.execution)
 
         return try ExecutionResult(terminationStatus: terminationStatus, value: result.get())
     }

Sources/Subprocess/Execution.swift

@@ -35,13 +35,16 @@ public struct Execution: Sendable {
     public let processIdentifier: ProcessIdentifier
 
     #if os(Windows)
+    internal nonisolated(unsafe) let processInformation: PROCESS_INFORMATION
     internal let consoleBehavior: PlatformOptions.ConsoleBehavior
 
     init(
         processIdentifier: ProcessIdentifier,
+        processInformation: PROCESS_INFORMATION,
         consoleBehavior: PlatformOptions.ConsoleBehavior
     ) {
         self.processIdentifier = processIdentifier
+        self.processInformation = processInformation
         self.consoleBehavior = consoleBehavior
     }
     #else
@@ -51,6 +54,17 @@ public struct Execution: Sendable {
         self.processIdentifier = processIdentifier
     }
     #endif  // os(Windows)
+
+    internal func release() {
+        #if os(Windows)
+        guard CloseHandle(processInformation.hThread) else {
+            fatalError("Failed to close thread HANDLE: \(SubprocessError.UnderlyingError(rawValue: GetLastError()))")
+        }
+        guard CloseHandle(processInformation.hProcess) else {
+            fatalError("Failed to close process HANDLE: \(SubprocessError.UnderlyingError(rawValue: GetLastError()))")
+        }
+        #endif
+    }
 }
 
 // MARK: - Output Capture

Sources/Subprocess/Platforms/Subprocess+Darwin.swift

@@ -485,18 +485,18 @@ extension String {
 // MARK: - Process Monitoring
 @Sendable
 internal func monitorProcessTermination(
-    forProcessWithIdentifier pid: ProcessIdentifier
+    forExecution execution: Execution
 ) async throws -> TerminationStatus {
     return try await withCheckedThrowingContinuation { continuation in
         let source = DispatchSource.makeProcessSource(
-            identifier: pid.value,
+            identifier: execution.processIdentifier.value,
             eventMask: [.exit],
             queue: .global()
         )
         source.setEventHandler {
             source.cancel()
             var siginfo = siginfo_t()
-            let rc = waitid(P_PID, id_t(pid.value), &siginfo, WEXITED)
+            let rc = waitid(P_PID, id_t(execution.processIdentifier.value), &siginfo, WEXITED)
             guard rc == 0 else {
                 continuation.resume(
                     throwing: SubprocessError(

Sources/Subprocess/Platforms/Subprocess+Linux.swift

@@ -265,7 +265,7 @@ extension String {
 // MARK: - Process Monitoring
 @Sendable
 internal func monitorProcessTermination(
-    forProcessWithIdentifier pid: ProcessIdentifier
+    forExecution execution: Execution
 ) async throws -> TerminationStatus {
     try await withCheckedThrowingContinuation { continuation in
         _childProcessContinuations.withLock { continuations in
@@ -274,7 +274,7 @@ internal func monitorProcessTermination(
             // the child process has terminated and manages to acquire the lock before
             // we add this continuation to the dictionary, then it will simply loop
             // and report the status again.
-            let oldContinuation = continuations.updateValue(continuation, forKey: pid.value)
+            let oldContinuation = continuations.updateValue(continuation, forKey: execution.processIdentifier.value)
             precondition(oldContinuation == nil)
 
             // Wake up the waiter thread if it is waiting for more child processes.

Sources/Subprocess/Platforms/Subprocess+Unix.swift

@@ -117,18 +117,6 @@ extension Execution {
     public func send(
         signal: Signal,
         toProcessGroup shouldSendToProcessGroup: Bool = false
-    ) throws {
-        try Self.send(
-            signal: signal,
-            to: self.processIdentifier,
-            toProcessGroup: shouldSendToProcessGroup
-        )
-    }
-
-    internal static func send(
-        signal: Signal,
-        to processIdentifier: ProcessIdentifier,
-        toProcessGroup shouldSendToProcessGroup: Bool
     ) throws {
         let pid = shouldSendToProcessGroup ? -(processIdentifier.value) : processIdentifier.value
         guard kill(pid, signal.rawValue) == 0 else {