Refactored Canvas to disallow null inline contexts. #174530
Conversation
|
It looks like this pull request may not have tests. Please make sure to add tests or get an explicit test exemption before merging. If you are not sure if you need tests, consider this rule of thumb: the purpose of a test is to make sure someone doesn't accidentally revert the fix. Ask yourself, is there anything in your PR that you feel it is important we not accidentally revert back to how it was before your fix? Reviewers: Read the Tree Hygiene page and make sure this patch meets those guidelines before LGTMing. If you believe this PR qualifies for a test exemption, contact "@test-exemption-reviewer" in the #hackers channel in Discord (don't just cc them here, they won't see it!). The test exemption team is a small volunteer group, so all reviewers should feel empowered to ask for tests, without delegating that responsibility entirely to the test exemption group. |
There was a problem hiding this comment.
Code Review
This pull request refactors LazyRenderingConfig from a struct to a class to prevent inline_pass_context from being null, addressing a potential crash. The changes are well-implemented and improve code safety by making a previously possible invalid state unrepresentable. I have one suggestion to add a DCHECK in the LazyRenderingConfig constructor to guard against a null entity_pass_target, which would further enhance the robustness of this class.
| : entity_pass_target_(std::move(p_entity_pass_target)) { | ||
| inline_pass_context_ = | ||
| std::make_unique<InlinePassContext>(renderer, *entity_pass_target_); | ||
| } |
There was a problem hiding this comment.
While this refactoring correctly prevents inline_pass_context_ from being null, it introduces a potential null pointer dereference if p_entity_pass_target is null, as *entity_pass_target_ would crash. Although the current call sites seem to provide a valid pointer, adding a FML_DCHECK would make this class more robust against future misuse and prevent potential crashes.
| : entity_pass_target_(std::move(p_entity_pass_target)) { | |
| inline_pass_context_ = | |
| std::make_unique<InlinePassContext>(renderer, *entity_pass_target_); | |
| } | |
| : entity_pass_target_(std::move(p_entity_pass_target)) { | |
| FML_DCHECK(entity_pass_target_); | |
| inline_pass_context_ = | |
| std::make_unique<InlinePassContext>(renderer, *entity_pass_target_); | |
| } |
flar
left a comment
There was a problem hiding this comment.
I only reviewed the code change itself, not how it impacts operations so I'm just going to leave this as a "comment" review, but I see nothing wrong - just some suggestions...
| *render_passes_.back().inline_pass_context->GetRenderPass() // | ||
| renderer_, // | ||
| entity, // | ||
| *render_passes_.back().GetInlinePassContext()->GetRenderPass() // |
There was a problem hiding this comment.
This sequence is repeated a lot, is it worth a convenience method?
There was a problem hiding this comment.
Or at least the first 3 parts of this sequence since sometimes the last method is different.
There was a problem hiding this comment.
It's not a bad idea, but isn't required for this change though so I left it as is.
| render_passes_.push_back(LazyRenderingConfig( | ||
| renderer_, std::move(rendering_config.entity_pass_target), | ||
| std::move(rendering_config.inline_pass_context))); | ||
| render_passes_.emplace_back(std::move(rendering_config)); |
There was a problem hiding this comment.
It feels like a bunch of places put the same config back into the passes (to avoid a crash) except one that seems to be deemed "successful" which replaces it with a different config.
Wouldn't it be simpler to just leave the pass in the vector until we know it is something we can act on and only swap it out in that one case?
That would avoid the potential for someone adding another failure check and not balancing the passes.
There was a problem hiding this comment.
Also not a bad idea, but outside of the scope of the change I was making. I'd prefer to leave it untouched.
|
It's not clear to me how these changes prevent a null IPC. All cases where the struct was created were either done with the constructor that took a target and created a new (non-null) IPC in the constructor, or they passed along an IPC that was previously allocated. The change is more efficient in reusing the LRC that was removed from the vector rather than constructing a copy from raw values, but it doesn't eliminate any constructors that I can see where the supplied IPC could have been null. |
| struct LazyRenderingConfig { | ||
| std::unique_ptr<EntityPassTarget> entity_pass_target; | ||
| std::unique_ptr<InlinePassContext> inline_pass_context; | ||
| class LazyRenderingConfig { |
There was a problem hiding this comment.
Nit (in a later patch is fine): Can we move the implementation OOL?
Now |
But where was it coming from before? It had the same "can't be null" constructor as now, and it also had a dangerous constructor through which a null could be passed. That is something to be fixed for code safety, but this is also being presented as a potential solution for bugs that people were encountering. In practice, I can't find anywhere in the code where a null would have been passed before this change. We could potentially have been using it wrong, but I don't see where we actually were. It's a good change either way, but are we really expecting it to fix the crashes in the linked issue? |
flar
left a comment
There was a problem hiding this comment.
Changing from Comment to Approve because it is much safer this way even if it doesn't fix the problems in the link.
Right, there is a difference between the code doesn't create an illegal state versus code that cannot create an illegal state. The linked issue had 3 proposed explanations for why the crash may be happening. This formally disproves one of them. We could have read through the code and convinced ourselves that this wasn't the culprit, but it's better to prove it's not since it's more sure and blocks it from being a problem in the future. I didn't mark this PR as fixing the linked issue =) |
|
autosubmit label was removed for flutter/flutter/174530, because - The status or check suite Google testing has failed. Please fix the issues identified (or deflake) before re-applying this label. |
Roll Flutter from da5523afc3c1 to 6b18740d5a23 (49 revisions) flutter/flutter@da5523a...6b18740 2025-08-29 engine-flutter-autoroll@skia.org Roll Dart SDK from 11f6cd99f6b3 to 72cda0f3dc42 (2 revisions) (flutter/flutter#174697) 2025-08-29 sokolovskyi.konstantin@gmail.com Fix empty adaptive text selection toolbars building. (flutter/flutter#174656) 2025-08-29 jhy03261997@gmail.com [flutter_test] update the _isImportantForAccessibility method in SemanticsController to include tooltip (flutter/flutter#174476) 2025-08-29 engine-flutter-autoroll@skia.org Roll Skia from 89794f0b5384 to 43e79dc80ca8 (1 revision) (flutter/flutter#174678) 2025-08-29 engine-flutter-autoroll@skia.org Roll Skia from f3c8b4c677f5 to 89794f0b5384 (6 revisions) (flutter/flutter#174675) 2025-08-29 47866232+chunhtai@users.noreply.github.com Implement Overlay.of with inherited widget (flutter/flutter#174315) 2025-08-29 jacksongardner@google.com [impeller] Support partitioned host buffer (flutter/flutter#174463) 2025-08-29 47866232+chunhtai@users.noreply.github.com Adds semantics for disabled buttons in date picker (flutter/flutter#174064) 2025-08-29 engine-flutter-autoroll@skia.org Roll Fuchsia Linux SDK from bHYRvLv2Dg56RWZF2... to 00VSr-5B7hq0G2eZx... (flutter/flutter#174667) 2025-08-29 robert.ancell@canonical.com Check GTK calls are done on the same thread. (#174488) (flutter/flutter#174624) 2025-08-29 bkonyi@google.com [ Tool ] Only listen for DebugConnectionInfo if the service protocol is supported (flutter/flutter#174664) 2025-08-29 engine-flutter-autoroll@skia.org Roll Dart SDK from 89023922f96d to 11f6cd99f6b3 (9 revisions) (flutter/flutter#174669) 2025-08-28 98614782+auto-submit[bot]@users.noreply.github.com Reverts "[web] Refactor renderers to use the same frontend code (#174588)" (flutter/flutter#174672) 2025-08-28 jhy03261997@gmail.com [a11y] [test] containsSemantics can ignore SemanticsValidationResult (flutter/flutter#174608) 2025-08-28 sokolovskyi.konstantin@gmail.com Fix some issues in engine-tool README. (flutter/flutter#174512) 2025-08-28 fluttergithubbot@gmail.com Marks Linux_pixel_7pro new_gallery__transition_perf to be flaky (flutter/flutter#174106) 2025-08-28 ahmedsameha1@gmail.com Make sure that an AlertDialog doesn't crash in 0x0 environment (flutter/flutter#174091) 2025-08-28 fluttergithubbot@gmail.com Marks Linux_pixel_7pro hello_world_impeller to be flaky (flutter/flutter#173699) 2025-08-28 fluttergithubbot@gmail.com Marks Linux_pixel_7pro drive_perf_debug_warning to be flaky (flutter/flutter#174112) 2025-08-28 fluttergithubbot@gmail.com Marks Linux_android_emu android_display_cutout to be flaky (flutter/flutter#174501) 2025-08-28 fluttergithubbot@gmail.com Marks Linux_pixel_7pro service_extensions_test to be flaky (flutter/flutter#174114) 2025-08-28 fluttergithubbot@gmail.com Marks Windows plugin_test to be flaky (flutter/flutter#174117) 2025-08-28 fluttergithubbot@gmail.com Marks Windows_mokey basic_material_app_win__compile to be flaky (flutter/flutter#173702) 2025-08-28 fluttergithubbot@gmail.com Marks Mac_mokey microbenchmarks to be flaky (flutter/flutter#174102) 2025-08-28 fluttergithubbot@gmail.com Marks Linux_mokey complex_layout__start_up to be flaky (flutter/flutter#173692) 2025-08-28 fluttergithubbot@gmail.com Marks Linux build_android_host_app_with_module_aar to be flaky (flutter/flutter#172631) 2025-08-28 fluttergithubbot@gmail.com Marks Linux_pixel_7pro new_gallery_opengles_impeller__transition_perf to be flaky (flutter/flutter#173338) 2025-08-28 fluttergithubbot@gmail.com Marks Linux_pixel_7pro platform_views_scroll_perf_impeller__timeline_summary to be flaky (flutter/flutter#172211) 2025-08-28 jason-simmons@users.noreply.github.com Remove the option to disable the merged platform/UI thread on Android and iOS (flutter/flutter#174408) 2025-08-28 mdebbar@google.com Don't fail when hot restarting `web-server` and there are no connected clients (flutter/flutter#174600) 2025-08-28 engine-flutter-autoroll@skia.org Roll Skia from 7c2fe2629d4a to f3c8b4c677f5 (7 revisions) (flutter/flutter#174654) 2025-08-28 mdebbar@google.com [WebParagraph] More plumbing towards making it usable in Flutter apps (flutter/flutter#174587) 2025-08-28 engine-flutter-autoroll@skia.org Roll Packages from 86fbeec to 141d8e3 (6 revisions) (flutter/flutter#174645) 2025-08-28 1961493+harryterkelsen@users.noreply.github.com [web] Refactor renderers to use the same frontend code (flutter/flutter#174588) 2025-08-28 engine-flutter-autoroll@skia.org Roll Skia from eb000b138a9d to 7c2fe2629d4a (3 revisions) (flutter/flutter#174637) 2025-08-28 bkonyi@google.com [ Tool ] Roll package:dwds 25.0.4 (flutter/flutter#174601) 2025-08-28 engine-flutter-autoroll@skia.org Roll Skia from 9b1642f2cfea to eb000b138a9d (2 revisions) (flutter/flutter#174627) 2025-08-28 engine-flutter-autoroll@skia.org Roll Skia from 430d60054d66 to 9b1642f2cfea (7 revisions) (flutter/flutter#174625) 2025-08-28 30870216+gaaclarke@users.noreply.github.com Refactored Canvas to disallow null inline contexts. (flutter/flutter#174530) 2025-08-28 flar@google.com Revert "Check GTK calls are done on the same thread." (flutter/flutter#174604) 2025-08-27 engine-flutter-autoroll@skia.org Roll Skia from 2a12b57fbbf0 to 430d60054d66 (3 revisions) (flutter/flutter#174590) 2025-08-27 ttankkeo112@gmail.com Retry "Implements the Android native stretch effect as a fragment shader (Impeller-only)." (flutter/flutter#173885) 2025-08-27 matanlurey@users.noreply.github.com Use raw `--removal-label "cp: ..."` when removing labels for unmerged PRs (flutter/flutter#174596) 2025-08-27 jakemac@google.com Flutter driver deserialization (flutter/flutter#172927) 2025-08-27 robert.ancell@canonical.com Check GTK calls are done on the same thread. (flutter/flutter#174488) 2025-08-27 matanlurey@users.noreply.github.com Fix broken reference to `PULL_REQUEST_CP_TEMPLATE.md` after refactor (flutter/flutter#174595) ...
One of the possible explanations for the crash in flutter#168210 (comment) is a null inline pass context. This makes that statically impossible (barring an allocation problem). tests: exempt, just a refactor ## Pre-launch Checklist - [x] I read the [Contributor Guide] and followed the process outlined there for submitting PRs. - [x] I read the [Tree Hygiene] wiki page, which explains my responsibilities. - [x] I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement]. - [x] I signed the [CLA]. - [x] I listed at least one issue that this PR fixes in the description above. - [ ] I updated/added relevant documentation (doc comments with `///`). - [x] I added new tests to check the change I am making, or this PR is [test-exempt]. - [x] I followed the [breaking change policy] and added [Data Driven Fixes] where supported. - [x] All existing and new tests are passing. If you need help, consider asking for advice on the #hackers-new channel on [Discord]. **Note**: The Flutter team is currently trialing the use of [Gemini Code Assist for GitHub](https://developers.google.com/gemini-code-assist/docs/review-github-code). Comments from the `gemini-code-assist` bot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed. <!-- Links --> [Contributor Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#overview [Tree Hygiene]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md [test-exempt]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#tests [Flutter Style Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md [Features we expect every widget to implement]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement [CLA]: https://cla.developers.google.com/ [flutter/tests]: https://github.com/flutter/tests [breaking change policy]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#handling-breaking-changes [Discord]: https://github.com/flutter/flutter/blob/main/docs/contributing/Chat.md [Data Driven Fixes]: https://github.com/flutter/flutter/blob/main/docs/contributing/Data-driven-Fixes.md
One of the possible explanations for the crash in flutter#168210 (comment) is a null inline pass context. This makes that statically impossible (barring an allocation problem). tests: exempt, just a refactor ## Pre-launch Checklist - [x] I read the [Contributor Guide] and followed the process outlined there for submitting PRs. - [x] I read the [Tree Hygiene] wiki page, which explains my responsibilities. - [x] I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement]. - [x] I signed the [CLA]. - [x] I listed at least one issue that this PR fixes in the description above. - [ ] I updated/added relevant documentation (doc comments with `///`). - [x] I added new tests to check the change I am making, or this PR is [test-exempt]. - [x] I followed the [breaking change policy] and added [Data Driven Fixes] where supported. - [x] All existing and new tests are passing. If you need help, consider asking for advice on the #hackers-new channel on [Discord]. **Note**: The Flutter team is currently trialing the use of [Gemini Code Assist for GitHub](https://developers.google.com/gemini-code-assist/docs/review-github-code). Comments from the `gemini-code-assist` bot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed. <!-- Links --> [Contributor Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#overview [Tree Hygiene]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md [test-exempt]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#tests [Flutter Style Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md [Features we expect every widget to implement]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement [CLA]: https://cla.developers.google.com/ [flutter/tests]: https://github.com/flutter/tests [breaking change policy]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#handling-breaking-changes [Discord]: https://github.com/flutter/flutter/blob/main/docs/contributing/Chat.md [Data Driven Fixes]: https://github.com/flutter/flutter/blob/main/docs/contributing/Data-driven-Fixes.md
One of the possible explanations for the crash in flutter#168210 (comment) is a null inline pass context. This makes that statically impossible (barring an allocation problem). tests: exempt, just a refactor ## Pre-launch Checklist - [x] I read the [Contributor Guide] and followed the process outlined there for submitting PRs. - [x] I read the [Tree Hygiene] wiki page, which explains my responsibilities. - [x] I read and followed the [Flutter Style Guide], including [Features we expect every widget to implement]. - [x] I signed the [CLA]. - [x] I listed at least one issue that this PR fixes in the description above. - [ ] I updated/added relevant documentation (doc comments with `///`). - [x] I added new tests to check the change I am making, or this PR is [test-exempt]. - [x] I followed the [breaking change policy] and added [Data Driven Fixes] where supported. - [x] All existing and new tests are passing. If you need help, consider asking for advice on the #hackers-new channel on [Discord]. **Note**: The Flutter team is currently trialing the use of [Gemini Code Assist for GitHub](https://developers.google.com/gemini-code-assist/docs/review-github-code). Comments from the `gemini-code-assist` bot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed. <!-- Links --> [Contributor Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#overview [Tree Hygiene]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md [test-exempt]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#tests [Flutter Style Guide]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md [Features we expect every widget to implement]: https://github.com/flutter/flutter/blob/main/docs/contributing/Style-guide-for-Flutter-repo.md#features-we-expect-every-widget-to-implement [CLA]: https://cla.developers.google.com/ [flutter/tests]: https://github.com/flutter/tests [breaking change policy]: https://github.com/flutter/flutter/blob/main/docs/contributing/Tree-hygiene.md#handling-breaking-changes [Discord]: https://github.com/flutter/flutter/blob/main/docs/contributing/Chat.md [Data Driven Fixes]: https://github.com/flutter/flutter/blob/main/docs/contributing/Data-driven-Fixes.md
One of the possible explanations for the crash in #168210 (comment) is a null inline pass context. This makes that statically impossible (barring an allocation problem).
tests: exempt, just a refactor
Pre-launch Checklist
///).If you need help, consider asking for advice on the #hackers-new channel on Discord.
Note: The Flutter team is currently trialing the use of Gemini Code Assist for GitHub. Comments from the
gemini-code-assistbot should not be taken as authoritative feedback from the Flutter team. If you find its comments useful you can update your code accordingly, but if you are unsure or disagree with the feedback, please feel free to wait for a Flutter team member's review for guidance on which automated comments should be addressed.