Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix potential crash when a descriptor set is destroyed but not unbound #8215

Merged
merged 2 commits into from
Oct 18, 2024
Merged

Fix potential crash when a descriptor set is destroyed but not unbound #8215

merged 2 commits into from
Oct 18, 2024

Conversation

bejado
Copy link
Member

@bejado bejado commented Oct 18, 2024

When a descriptor set is destroyed, its id<MTLBuffer>s are still bound within vertexDescriptorBindings and fragmentDescriptorBindings using __unsafe_unretained pointers . This is a problem because those pointers will be garbage after the descriptor set is destroyed. At the next render pass, if a new descriptor set is not bound, we'll attempt to pass the garbage values to setVertexBuffer:offset:atIndex.

Consider the following contrived repro case inside of a backend_test:
Some complications: the destruction of a descriptor set is delayed until the current command buffer completes AND the enclosing @autoreleasepool is drained. So, we need to insert a api.finish(0) and wrap every command around a mDriver.execute inside CommandStream.cpp.

In production these conditions should be periodically met naturally, leading to spurious crashes.

...
api.destroyDescriptorSet(descSet);
api.finish(0);  // this *actually* destroys descSet and all of its id<MTLBuffer>s

api.beginFrame(0, 0, 1);
api.beginRenderPass(defaultRenderTarget, params);   // this attempts to bind a deallocated id<MTLBuffer>
...

Instead, by using a __weak reference, pointers will be automatically nil-ed when a descriptor set is destroyed. It's valid to pass nil to setVertexBuffer:offset:atIndex.

BUGS=[374286912]

@bejado bejado added the internal Issue/PR does not affect clients label Oct 18, 2024
@bejado bejado merged commit 6e9afff into main Oct 18, 2024
12 checks passed
@bejado bejado deleted the bjd/desc-set-crash branch October 18, 2024 20:42
bejado added a commit that referenced this pull request Oct 18, 2024
@bejado
Fix potential crash when a descriptor set is destroyed but not unbound (
9e1ee2f 
#8215)
poweifeng pushed a commit that referenced this pull request Oct 21, 2024
@bejado @poweifeng
Fix potential crash when a descriptor set is destroyed but not unbound (
e4b1f04 
#8215)
poweifeng pushed a commit that referenced this pull request Oct 21, 2024
@bejado @poweifeng
Fix potential crash when a descriptor set is destroyed but not unbound (
87085ee 
#8215)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pixelflinger pixelflinger pixelflinger approved these changes

@z3moon z3moon Awaiting requested review from z3moon

@poweifeng poweifeng Awaiting requested review from poweifeng

Assignees
No one assigned
Labels
internal Issue/PR does not affect clients
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bejado @pixelflinger