fix: Memory mismanagement with UI scheduled callbacks #6900
Conversation
| @@ -50,6 +50,7 @@ NativeProxy::NativeProxy( | |||
| isBridgeless, | |||
| getIsReducedMotion())), | |||
| layoutAnimations_(std::move(layoutAnimations)) { | |||
| reanimatedModuleProxy_->init(getPlatformDependentMethods()); | |||
There was a problem hiding this comment.
weak_from_this can only be used after the object has been instantiated. Therefore, all callbacks that use weak_from_this must be created in a subsequent init method.
| if (reanimatedModuleProxy_ != nullptr) { | ||
| reanimatedModuleProxy_->invalidate(); | ||
| } |
There was a problem hiding this comment.
We can't invalidate it here because relevant callbacks might still need it. Once they get executed and cleaned up the destructor will take care of things.
| @@ -72,6 +72,7 @@ static inline bool getIsReducedMotion() | |||
|
|
|||
| auto reanimatedModuleProxy = std::make_shared<ReanimatedModuleProxy>( | |||
| workletsModuleProxy, rnRuntime, jsInvoker, platformDepMethodsHolder, isBridgeless, getIsReducedMotion()); | |||
| reanimatedModuleProxy->init(platformDepMethodsHolder); | |||
There was a problem hiding this comment.
weak_from_this can only be used after the object has been instantiated. Therefore, all callbacks that use weak_from_this must be created in a subsequent init method.
| @@ -34,14 +34,21 @@ void ReanimatedCommitHook::maybeInitializeLayoutAnimations( | |||
| // when a new surfaceId is observed we call setMountingOverrideDelegate | |||
| // for all yet unseen surfaces | |||
| uiManager_->getShadowTreeRegistry().enumerate( | |||
| [this](const ShadowTree &shadowTree, bool &stop) { | |||
| if (shadowTree.getSurfaceId() <= currentMaxSurfaceId_) { | |||
| [weakReanimatedCommitHook = weak_from_this()]( | |||
There was a problem hiding this comment.
I couldn't decide if I prefer the syntax
weakThis - strongThis
or
weak<object name> - <object name>
Do you have any preferences?
There was a problem hiding this comment.
i think weak<Object name> is more clear
Summary
What
The pattern we used with scheduling callbacks on the UI thread - capturing
thisas a reference - is prone to memory issues. Given such code:We are likely to run into accessing invalidated memory during a reload. This is due to fact that
WorkletsModuleProxyis managed by some object held by the instance of React Native. Let's look at the following scenario.WorkletsModuleProxyis created on the JS thread and held by theWorkletsModuleNative Module.WorkletsModuleProxy::scheduleOnUIis invoked on the JS thread. The callback is scheduled to be executed on the UI thread.WorkletsModulegets destroyed. Therefore,WorkletsModuleProxyis released and also destroyed.thishas been invalidated. The App crashes.Keep in mind that this isn't exclusive to thread jumps exclusively. Calling
scheduleOnUIon the UI thread could still result in the callback executing after the memory has been invalidated.WorkletsModuleProxyis only an example here, the problem could manifest in all the places where we pass lambdas that capturethisby reference.Fix
To fix this I refactored the code so everytime we pass
thisto a scheduled callback, it would be done via a weak pointer which would lock the object and prevent it from being destroyed while the callback is being executed on the UI thread.Perhaps some bits of code don't need this safety measure due to a heuristic existing that guarantees that respective memory won't be invalidated before the callback gets executed. However, I found it extremely challenging and unreliable to come up with these heuristics, as they could possibly break at any future change of the code.
Affected code:
Test plan
Reloading the app no longer causes a crash on a scheduled UI callback.