Skip to content

Remove deadlock potential from UncapturedErrorHandler. #8011

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: trunk
Choose a base branch
from
Open

Remove deadlock potential from UncapturedErrorHandler. #8011

wants to merge 3 commits into from

Conversation

kpreid
Copy link
Collaborator

@kpreid kpreid commented Jul 26, 2025
edited
Loading

Connections
Fixes #5395.

Description
Previously, the Device::on_uncaptured_error() callback was called with a device-wide mutex held. This provides synchronization we don’t actually promise to the user and which the user cannot take advantage of (because the callback signature is not FnMut), and allows a deadlock to occur via reentrancy.

Instead,

  • Call the callback without the mutex held.
  • To enable this, accept it wrapped in Arc instead of Box, and require it to be Send + Sync rather than just Send.

An alternative to the approach in this PR would be to explicitly document that the callback is called with a mutex held. In that case, the callback should be made FnMut to allow it to take advantage of this — the opposite of this PR's change to Fn + Sync.

Testing
Added a test case for the now-impossible deadlock.

Squash or Rebase?
Rebase.

Checklist

  • Run cargo fmt.
  • Run taplo format.
  • Run cargo clippy --tests. If applicable, add:
    • --target wasm32-unknown-unknown
  • Run cargo xtask test to run tests.
  • If this contains user-facing changes, add a CHANGELOG.md entry.

@kpreid kpreid requested a review from a team as a code owner July 26, 2025 16:52
@kpreid
Add Sync bound to uncaptured error handler.
4d62e3c 
It makes sense for a function to be `FnMut + Send`, or `Fn + Send + Sync`,
but not `Fn + Send` because that is overly restrictive for the caller and
the callee.
@kpreid kpreid added the area: api Issues related to API surface label Jul 26, 2025
@kpreid
Change uncaptured error handler pointer type from Box to Arc.
5ebb8f2 
This will be necessary for the next change.
@kpreid
Call uncaptured error handler without the lock held.
34996e4 
This prevents a possible deadlock if the callback itself calls wgpu
operations.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area: api Issues related to API surface
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Bound of UncapturedErrorHandler is more restrictive than it should be
1 participant
@kpreid