-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handling invalid/not-enabled chained structs on extensible Out-structs #115
Comments
IIRC, this is for extensibility. In the JS API, if/when WebGPU's limits gain additional members, they can be detected in the JS API by checking for the existence of properties in GPUSupportedLimits or perhaps by first querying if the limit's respective feature is available in GPUSupportedFeatures. The C API can't just add members to the struct without breaking ABI compatibility, so additions would be expressed by doing something like:
and it will populate both
|
"you're holding it wrong" 😐 |
If "you're holding it wrong" can wgpuAdapterGetLimits just crash? |
why would crashing be a better option? Is the implementation supposed to insert an actual crash? If so, it has to do something to detect the failure condition, so indicating to the developer that something went wrong seems better than an unrecoverable crash. |
What is the application supposed to do about it though? If it's purely a programming error then the developer (e.g. browser developer) should deal with it, not the application (e.g. the browser code). Analogously, we might reasonably crash if you pass in a null pointer where there shouldn't be one, or similar. I was thinking an assert, debug-only would be reasonable. |
In general the API doesn't crash if you pass an incorrect sType: it produces a validation error. This is a bit similar where we don't crash but gracefully return that it is an error. Agreed that it's not that much better than than crashing in terms of what the code can do, but at least it can provide a correct error message to the user "whoops I did something bad" instead of just crashing the application/GPU process. |
A web application wouldn't be able to trigger this though. E.g. it would be Chrome's responsibility to make sure it doesn't pass stuff to Dawn that Dawn doesn't understand (which should be easy). TBH, thinking about it now, I think of the extension structs as being purely a part of the C bindings and think it would be fine if all functions crashed if given extension chains they don't understand. Calling this "validation" is a bit weird because I think it's blurring the line between bindings and behavior. |
I guess we never spelled out the non-crashability guarantees of this header. In my mind if you respected the following, then an application would be guaranteed to not crash:
So here the question is whether we add a new constraint:
I have a slight preference to make non-crashability easier for applications, especially since it happens "for free" in (our) implement, but either way would be fine. Whatever we decide we should start describing it in docs. |
We could also say that unknown structs are completely skipped - so no crash, and no bool. One thing is that It could be slightly surprising if you pass a chained out-struct and only some of the structs are actually populated and the others are left uninitialized. Leaving those structs uninitialized is already the case when |
Ah I was thinking about this wrong, I was thinking about an implementation that doesn't understand the sType at all, not just a device that doesn't have the feature enabled. In retrospect that doesn't really make sense because that would mean there was a version mismatch between header and implementation. If the sType is something completely wrong (not recognized by the implementation, maybe because the sType is for a different extension chain) I think it makes sense to crash or debug-assert. If the sType is something that would be valid with the correct feature enabled, but that feature isn't enabled, then leaving the struct uninitialized, or maybe zero-initializing it, would be reasonable. |
Should wgpuAdapterGetProperties also return a bool, since it looks like this is also meant to be extensible? I was also wondering about the consistency with wgpuShaderModuleGetCompilationInfo - I'm assuming that in this case, the implementation adds whatever extensions it thinks are relevant to WGPUCompilationInfo, rather than the user requesting them specifically. Could this approach also work for the limits and properties? I suppose the ownership/lifetime of the extensions makes it a bit tricky. |
Yeah, I agree, looks like they should match (either both return bool or both return void).
Correct, and it's that way because wgpuShaderModuleGetCompilationInfo takes a callback so the library can own the return value.
We could do this for limits/properties if they also took callbacks (which could called inline rather than asynchronously), but I think most applications would want to hold onto the limits/properties data for longer than that. (They might want to do that with shader compilation info too, but it's harder because they don't know the size of the output ahead of time - we'd have to have a "get number of messages" followed by "write all the messages into this array for me", like Vulkan has in many of its APIs.) |
Don't extension chains exist to provide ABI stability? If header should always match implementation then there is no need to have extension chains and new fields can simply be added to structs instead. Maybe a boolean field can be added to |
I think that depends on whether we want unidirectional compatibility (older header can be used with newer binary) or bidirectional compatibility (any header can be used with any binary) in our ABI. |
|
meeting:
(See also the somewhat related #225.) |
This should be a complete list of functions that take out-structs:
Having verified that none of the standardized ones have return values already, we can apply the proposal above to all of them. Marking "has resolution". |
We never bikeshed the name of the status enum. Here's a suggestion. typedef enum WGPUStatus {
WGPUStatus_Success = 0x00000000,
WGPUStatus_Error = 0x00000001,
WGPUStatus_Force32 = 0x7FFFFFFF
} WGPUStatus WGPU_ENUM_ATTRIBUTE; |
April 25th meeting:
|
Not used yet. The values are wrong (we intend to shift them to 1,2) but I'll fix that along with the other enums because it may be a generator-wide change. Issue: webgpu-native#115
WebGPU's
limits
don't seem to be optional, so it doesn't make much sense whywgpuAdapterGetLimits()
returns a bool.The text was updated successfully, but these errors were encountered: