Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WGL and EGL's context activation is unsound #6211

Open
ErichDonGubler opened this issue Sep 4, 2024 · 1 comment
Open

WGL and EGL's context activation is unsound #6211

ErichDonGubler opened this issue Sep 4, 2024 · 1 comment

Comments

@ErichDonGubler
Copy link
Member

Description

@MarijnS95 and I have determined that, in at least one case, the current WGL and EGL GLES backends are unsound, because conditions for safely conflict with the Soundness Property.

Repro steps

Will defer to @MarijnS95.

Expected vs observed behavior

These APIs should be sound, meaning that it is impossible for safe Rust to provoke UB or other memory unsafety.
@ErichDonGubler ErichDonGubler mentioned this issue Sep 4, 2024
Merged
6 tasks
@ErichDonGubler ErichDonGubler changed the title WGL and EGL APIs are unsound WGL and EGL's context activation is unsound Sep 9, 2024
@MarijnS95 MarijnS95 mentioned this issue Sep 23, 2024
Open
@MarijnS95
Copy link
Contributor

There is no direct repro other than that the safety constraints at:

wgpu/wgpu-hal/src/gles/egl.rs

Lines 1105 to 1112 in e7c139b

/// # Safety
///
/// - The underlying OpenGL ES context must be current.
/// - The underlying OpenGL ES context must be current when interfacing with any objects returned by
/// wgpu-hal from this adapter.
/// - The underlying OpenGL ES context must be current when dropping this adapter and when
/// dropping any objects returned from this adapter.
pub unsafe fn new_external(

are invalid/impossible to uphold after the call to new_external(). I copied the same for WGL:

wgpu/wgpu-hal/src/gles/wgl.rs

Lines 588 to 595 in e7c139b

/// # Safety
///
/// - The underlying OpenGL ES context must be current.
/// - The underlying OpenGL ES context must be current when interfacing with any objects returned by
/// wgpu-hal from this adapter.
/// - The underlying OpenGL ES context must be current when dropping this adapter and when
/// dropping any objects returned from this adapter.
pub unsafe fn new_external(

I've started getting into a solution at #5505 (comment) per a request from @jimblandy, and the simple verdict is that WGPU should probably move towards GL context sharing to solve all this trouble. That way WGPU can still share resources, while owning its own unique context that it can (un)current at any point in time without affecting external contexts.

Unfortunately context sharing can be finicky based on the platform (https://gitlab.freedesktop.org/gstreamer/gstreamer-rs/-/merge_requests/1486) and might require a larger refactor of wgpu's gles module. glutin already wraps and provides all of this in higher-level and safe APIs, and should make this migration easier.

Separate from that there appear to be some hacks to replace the context on the fly as soon as a surface is available. This is entirely unavoidable if we could create a wgpu Adapter with a given RawDisplayHandle to ensure it's using the exact same "display backend connection" as a windowing system from which Surfaces will be created/used.

@MarijnS95 MarijnS95 mentioned this issue Sep 25, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
WebGPU for Firefox
Status: Todo
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ErichDonGubler @MarijnS95