eliott/servo
1
0
Fork 0
mirror of https://github.com/servo/servo synced 2026-05-09 00:22:16 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
a2041d6263cfc19ba8aa4261530c08f2d5192e83
servo/components/script/dom/webgl/webglobject.rs
Martin Robinson 1a99f74c36 script: Use a WeakRef for references to WebGLRenderingContext (#40725) 
Many WebGL objects refer to a `WebGLRenderingContext` and rely on it for
messaging to the `WebGLThread`. This poses a problem, because WebGL
objects often need to send a message to the `WebGLThread` during their
`Drop` implementation. If the `Drop` is triggered as part of garbage
collection, references to the `WebGLRenderingContext` might be invalid,
if they were garbage collected first as part of the same harvest.

This change makes it so that all of these objects store a `WeakRef`
instead of a `Dom<>`. The `WeakRef` is only used if it can be rooted,
otherwise a `ContextLost` error is given. In cases where only messaging
is needed, a cloned `WebGLMsgSender` is used to perform messages
regardless of whether the context is garbage collected or not.

This isn't a replacement for #37622, but should make it easier to
implement as
the `WebGLMsgSender` and the `WeakRef` could be stored in the droppable
portion of the DOM object.

Testing: This fixes a use-after-free issue which is mainly detectable
via ASAN
builds. Since we do not run ASAN on CI, this is a bit hard to create
automated
tests for. I verified that this fixed the issue manually.
Fixes: #40655.

Signed-off-by: Martin Robinson <mrobinson@igalia.com>
2025-11-19 12:29:46 +00:00

74 lines
2.5 KiB
Rust
Raw Blame History

/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at https://mozilla.org/MPL/2.0/. */
use canvas_traits::webgl::{WebGLCommand, WebGLContextId, WebGLMsgSender};
// https://www.khronos.org/registry/webgl/specs/latest/1.0/webgl.idl
use dom_struct::dom_struct;
use script_bindings::root::DomRoot;
use script_bindings::weakref::WeakRef;
use crate::dom::bindings::cell::DomRefCell;
use crate::dom::bindings::codegen::Bindings::WebGLObjectBinding::WebGLObjectMethods;
use crate::dom::bindings::reflector::Reflector;
use crate::dom::bindings::str::USVString;
use crate::dom::webgl::webglrenderingcontext::WebGLRenderingContext;
use crate::dom::webglrenderingcontext::{Operation, capture_webgl_backtrace};
#[dom_struct]
pub(crate) struct WebGLObject {
reflector_: Reflector,
#[no_trace]
webgl_sender: WebGLMsgSender,
context: WeakRef<WebGLRenderingContext>,
label: DomRefCell<USVString>,
}
impl WebGLObject {
pub(crate) fn new_inherited(context: &WebGLRenderingContext) -> WebGLObject {
WebGLObject {
reflector_: Reflector::new(),
webgl_sender: context.sender().clone(),
context: WeakRef::new(context),
label: DomRefCell::new(USVString::default()),
}
}
/// Get the [`WebGLRenderingContext`] that created this object.
///
/// If `None` is returned the [`WebGLRenderingContext`] has already been garbage collected.
pub(crate) fn context(&self) -> Option<DomRoot<WebGLRenderingContext>> {
self.context.root()
}
#[inline]
pub(crate) fn context_id(&self) -> WebGLContextId {
self.webgl_sender.context_id()
}
#[inline]
pub(crate) fn send_with_fallibility(&self, command: WebGLCommand, fallibility: Operation) {
let result = self.webgl_sender.send(command, capture_webgl_backtrace());
if matches!(fallibility, Operation::Infallible) {
result.expect("Operation failed");
}
}
#[inline]
pub(crate) fn send_command(&self, command: WebGLCommand) {
self.send_with_fallibility(command, Operation::Infallible);
}
}
impl WebGLObjectMethods<crate::DomTypeHolder> for WebGLObject {
/// <https://registry.khronos.org/webgl/specs/latest/1.0/#5.3>
fn Label(&self) -> USVString {
self.label.borrow().clone()
}
/// <https://registry.khronos.org/webgl/specs/latest/1.0/#5.3>
fn SetLabel(&self, value: USVString) {
*self.label.borrow_mut() = value;
}
}
Reference in New Issue View Git Blame Copy Permalink