fix race conditions in concurrency operation

Author: zhongkechen

sdk/src/main/java/software/amazon/lambda/durable/context/BaseContextImpl.java

@@ -5,8 +5,6 @@
 import com.amazonaws.services.lambda.runtime.Context;
 import software.amazon.lambda.durable.DurableConfig;
 import software.amazon.lambda.durable.execution.ExecutionManager;
-import software.amazon.lambda.durable.execution.SuspendExecutionException;
-import software.amazon.lambda.durable.execution.ThreadContext;
 import software.amazon.lambda.durable.execution.ThreadType;
 
 public abstract class BaseContextImpl implements AutoCloseable, BaseContext {
@@ -36,40 +34,13 @@ protected BaseContextImpl(
             String contextId,
             String contextName,
             ThreadType threadType) {
-        this(executionManager, durableConfig, lambdaContext, contextId, contextName, threadType, true);
-    }
-
-    /**
-     * Creates a new BaseContext instance.
-     *
-     * @param executionManager the execution manager for thread coordination and state management
-     * @param durableConfig the durable execution configuration
-     * @param lambdaContext the AWS Lambda runtime context
-     * @param contextId the context ID, null for root context, set for child contexts
-     * @param contextName the human-readable name for this context
-     * @param threadType the type of thread this context runs on
-     * @param setCurrentThreadContext whether to call setCurrentThreadContext on the execution manager
-     */
-    protected BaseContextImpl(
-            ExecutionManager executionManager,
-            DurableConfig durableConfig,
-            Context lambdaContext,
-            String contextId,
-            String contextName,
-            ThreadType threadType,
-            boolean setCurrentThreadContext) {
         this.executionManager = executionManager;
         this.durableConfig = durableConfig;
         this.lambdaContext = lambdaContext;
         this.contextId = contextId;
         this.contextName = contextName;
         this.isReplaying = executionManager.hasOperationsForContext(contextId);
         this.threadType = threadType;
-
-        if (setCurrentThreadContext) {
-            // write the thread id and type to thread local
-            executionManager.setCurrentThreadContext(new ThreadContext(contextId, threadType));
-        }
     }
 
     // =============== accessors ================
@@ -138,23 +109,4 @@ public boolean isReplaying() {
     public void setExecutionMode() {
         this.isReplaying = false;
     }
-
-    @Override
-    public void close() {
-        // this is called in the user thread, after the context's user code has completed
-        if (getContextId() != null) {
-            // if this is a child context or a step context, we need to
-            // deregister the context's thread from the execution manager
-            try {
-                executionManager.deregisterActiveThread(getContextId());
-            } catch (SuspendExecutionException e) {
-                // Expected when this is the last active thread. Must catch here because:
-                // 1/ This runs in a worker thread detached from handlerFuture
-                // 2/ Uncaught exception would prevent stepAsync().get() from resume
-                // Suspension/Termination is already signaled via
-                // suspendExecutionFuture/terminateExecutionFuture
-                // before the throw.
-            }
-        }
-    }
 }

sdk/src/main/java/software/amazon/lambda/durable/context/DurableContextImpl.java

@@ -67,24 +67,7 @@ private DurableContextImpl(
             Context lambdaContext,
             String contextId,
             String contextName) {
-        this(executionManager, durableConfig, lambdaContext, contextId, contextName, true);
-    }
-
-    private DurableContextImpl(
-            ExecutionManager executionManager,
-            DurableConfig durableConfig,
-            Context lambdaContext,
-            String contextId,
-            String contextName,
-            boolean setCurrentThreadContext) {
-        super(
-                executionManager,
-                durableConfig,
-                lambdaContext,
-                contextId,
-                contextName,
-                ThreadType.CONTEXT,
-                setCurrentThreadContext);
+        super(executionManager, durableConfig, lambdaContext, contextId, contextName, ThreadType.CONTEXT);
         operationIdGenerator = new OperationIdGenerator(contextId);
     }
 
@@ -115,22 +98,6 @@ public DurableContextImpl createChildContext(String childContextId, String child
                 getExecutionManager(), getDurableConfig(), getLambdaContext(), childContextId, childContextName);
     }
 
-    /**
-     * Creates a child context without setting the current thread context.
-     *
-     * <p>Use this when the child context is being created on a thread that should not have its thread-local context
-     * overwritten (e.g. when constructing the context ahead of running it on a separate thread).
-     *
-     * @param childContextId the child context's ID (the CONTEXT operation's operation ID)
-     * @param childContextName the name of the child context
-     * @return a new DurableContext for the child context
-     */
-    public DurableContextImpl createChildContextWithoutSettingThreadContext(
-            String childContextId, String childContextName) {
-        return new DurableContextImpl(
-                getExecutionManager(), getDurableConfig(), getLambdaContext(), childContextId, childContextName, false);
-    }
-
     /**
      * Creates a step context for executing step operations.
      *
@@ -418,7 +385,6 @@ public void close() {
         if (logger != null) {
             logger.close();
         }
-        super.close();
     }
 
     /**

sdk/src/main/java/software/amazon/lambda/durable/context/StepContextImpl.java

@@ -66,6 +66,5 @@ public void close() {
         if (logger != null) {
             logger.close();
         }
-        super.close();
     }
 }

sdk/src/main/java/software/amazon/lambda/durable/execution/DurableExecutor.java

@@ -51,6 +51,7 @@ public static <I, O> DurableExecutionOutput execute(
             executionManager.registerActiveThread(null);
             var handlerFuture = CompletableFuture.supplyAsync(
                     () -> {
+                        executionManager.setCurrentThreadContext(new ThreadContext(null, ThreadType.CONTEXT));
                         var userInput = extractUserInput(
                                 executionManager.getExecutionOperation(), config.getSerDes(), inputType);
                         // use try-with-resources to clear logger properties

sdk/src/main/java/software/amazon/lambda/durable/operation/BaseDurableOperation.java

@@ -6,6 +6,7 @@
 import java.util.List;
 import java.util.Objects;
 import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.atomic.AtomicReference;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import software.amazon.awssdk.services.lambda.model.Operation;
@@ -16,6 +17,7 @@
 import software.amazon.lambda.durable.exception.NonDeterministicExecutionException;
 import software.amazon.lambda.durable.exception.UnrecoverableDurableExecutionException;
 import software.amazon.lambda.durable.execution.ExecutionManager;
+import software.amazon.lambda.durable.execution.SuspendExecutionException;
 import software.amazon.lambda.durable.execution.ThreadContext;
 import software.amazon.lambda.durable.execution.ThreadType;
 import software.amazon.lambda.durable.model.OperationIdentifier;
@@ -46,6 +48,7 @@ public abstract class BaseDurableOperation {
     protected final ExecutionManager executionManager;
     protected final CompletableFuture<BaseDurableOperation> completionFuture;
     private final DurableContextImpl durableContext;
+    private final AtomicReference<CompletableFuture<Void>> runningUserHandler = new AtomicReference<>(null);
 
     /**
      * Constructs a new durable operation.
@@ -152,7 +155,7 @@ private void validateCurrentThreadType() {
                     "Nested %s operation is not supported on %s from within a %s execution.",
                     getType(), getName(), current);
             // terminate execution and throw the exception
-            terminateExecutionWithIllegalDurableOperationException(message);
+            throw terminateExecutionWithIllegalDurableOperationException(message);
         }
     }
 
@@ -208,6 +211,50 @@ protected Operation waitForOperationCompletion() {
         return op;
     }
 
+    protected void runUserHandler(Runnable runnable, String contextId, ThreadType threadType) {
+        Runnable wrapped = () -> {
+            executionManager.setCurrentThreadContext(new ThreadContext(contextId, threadType));
+            try {
+                runnable.run();
+            } finally {
+                if (contextId != null) {
+                    try {
+                        // if this is a child context or a step context, we need to
+                        // deregister the context's thread from the execution manager
+                        executionManager.deregisterActiveThread(contextId);
+                    } catch (SuspendExecutionException e) {
+                        // Expected when this is the last active thread. Must catch here because:
+                        // 1/ This runs in a worker thread detached from handlerFuture
+                        // 2/ Uncaught exception would prevent stepAsync().get() from resume
+                        // Suspension/Termination is already signaled via
+                        // suspendExecutionFuture/terminateExecutionFuture
+                        // before the throw.
+                    }
+                }
+            }
+        };
+
+        // runUserHandler is used to ensure that only one user handler is running at a time
+        if (runningUserHandler.get() != null) {
+            throw new IllegalStateException("User handler already running");
+        }
+
+        // Thread registration is intentionally split across two threads:
+        // 1. registerActiveThread on the PARENT thread — ensures the child is tracked before the
+        //    parent can deregister and trigger suspension (race prevention).
+        // 2. setCurrentContext on the CHILD thread — sets the ThreadLocal so operations inside
+        //    the child context know which context they belong to.
+        // registerActiveThread is idempotent (no-op if already registered).
+        registerActiveThread(contextId);
+
+        if (!runningUserHandler.compareAndSet(
+                null,
+                CompletableFuture.runAsync(
+                        wrapped, getContext().getDurableConfig().getExecutorService()))) {
+            throw new IllegalStateException("User handler already running");
+        }
+    }
+
     /**
      * Receives operation updates from ExecutionManager. Completes the internal future when the operation reaches a
      * terminal status, unblocking any threads waiting on this operation.
@@ -317,21 +364,21 @@ protected void validateReplay(Operation checkpointed) {
         }
 
         if (!checkpointed.type().equals(getType())) {
-            terminateExecution(new NonDeterministicExecutionException(String.format(
+            throw terminateExecution(new NonDeterministicExecutionException(String.format(
                     "Operation type mismatch for \"%s\". Expected %s, got %s",
                     getOperationId(), checkpointed.type(), getType())));
         }
 
         if (!Objects.equals(checkpointed.name(), getName())) {
-            terminateExecution(new NonDeterministicExecutionException(String.format(
+            throw terminateExecution(new NonDeterministicExecutionException(String.format(
                     "Operation name mismatch for \"%s\". Expected \"%s\", got \"%s\"",
                     getOperationId(), checkpointed.name(), getName())));
         }
 
         if ((getSubType() == null && checkpointed.subType() != null)
                 || getSubType() != null
                         && !Objects.equals(checkpointed.subType(), getSubType().getValue())) {
-            terminateExecution(new NonDeterministicExecutionException(String.format(
+            throw terminateExecution(new NonDeterministicExecutionException(String.format(
                     "Operation subType mismatch for \"%s\". Expected \"%s\", got \"%s\"",
                     getOperationId(), checkpointed.subType(), getSubType())));
         }

sdk/src/main/java/software/amazon/lambda/durable/operation/CallbackOperation.java

@@ -65,7 +65,7 @@ protected void replay(Operation existing) {
                 // Still waiting - continue to polling
             }
             default ->
-                terminateExecutionWithIllegalDurableOperationException(
+                throw terminateExecutionWithIllegalDurableOperationException(
                         "Unexpected callback status: " + existing.status());
         }
         pollForOperationUpdates();

sdk/src/main/java/software/amazon/lambda/durable/operation/ChildContextOperation.java

@@ -5,8 +5,6 @@
 import static software.amazon.lambda.durable.execution.ExecutionManager.isTerminalStatus;
 
 import java.nio.charset.StandardCharsets;
-import java.util.concurrent.CompletableFuture;
-import java.util.concurrent.ExecutorService;
 import java.util.function.Function;
 import software.amazon.awssdk.services.lambda.model.ContextOptions;
 import software.amazon.awssdk.services.lambda.model.ErrorObject;
@@ -28,6 +26,7 @@
 import software.amazon.lambda.durable.exception.StepInterruptedException;
 import software.amazon.lambda.durable.exception.UnrecoverableDurableExecutionException;
 import software.amazon.lambda.durable.execution.SuspendExecutionException;
+import software.amazon.lambda.durable.execution.ThreadType;
 import software.amazon.lambda.durable.model.OperationIdentifier;
 import software.amazon.lambda.durable.util.ExceptionHelper;
 
@@ -46,7 +45,6 @@ public class ChildContextOperation<T> extends SerializableDurableOperation<T> {
     private static final int LARGE_RESULT_THRESHOLD = 256 * 1024;
 
     private final Function<DurableContext, T> function;
-    private final ExecutorService userExecutor;
     private final ConcurrencyOperation<?> parentOperation;
     private boolean replayChildContext;
     private T reconstructedResult;
@@ -69,7 +67,6 @@ public ChildContextOperation(
             ConcurrencyOperation<?> parentOperation) {
         super(operationIdentifier, resultTypeToken, config.serDes(), durableContext);
         this.function = function;
-        this.userExecutor = getContext().getDurableConfig().getExecutorService();
         this.parentOperation = parentOperation;
     }
 
@@ -116,14 +113,6 @@ private void executeChildContext() {
         //       third level child context "hash(hash(hash(1)-2)-1)".
         var contextId = getOperationId();
 
-        // Thread registration is intentionally split across two threads:
-        // 1. registerActiveThread on the PARENT thread — ensures the child is tracked before the
-        //    parent can deregister and trigger suspension (race prevention).
-        // 2. setCurrentContext on the CHILD thread — sets the ThreadLocal so operations inside
-        //    the child context know which context they belong to.
-        // registerActiveThread is idempotent (no-op if already registered).
-        registerActiveThread(contextId);
-
         Runnable userHandler = () -> {
             // use a try-with-resources to
             // - add thread id/type to thread local when the step starts
@@ -144,7 +133,7 @@ private void executeChildContext() {
         };
 
         // Execute user provided child context code in user-configured executor
-        CompletableFuture.runAsync(userHandler, userExecutor);
+        runUserHandler(userHandler, contextId, ThreadType.CONTEXT);
     }
 
     private void handleChildContextSuccess(T result) {
@@ -192,7 +181,7 @@ private void handleChildContextFailure(Throwable exception) {
         }
         if (exception instanceof UnrecoverableDurableExecutionException unrecoverableDurableExecutionException) {
             // terminate the execution and throw the exception if it's not recoverable
-            terminateExecution(unrecoverableDurableExecutionException);
+            throw terminateExecution(unrecoverableDurableExecutionException);
         }
 
         // Skip checkpointing if parent ConcurrencyOperation has already completed —