[Merged by Bors] - unsafeify World::entities_mut
#4093
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BoxyUwU
force-pushed
the
remove_entities_mut
branch
2 times, most recently
from
db0f44b
to
52bdff0
Compare
james7132
requested changes
Mar 4, 2022
| @@ -198,7 +198,7 @@ impl Plugin for RenderPlugin { | |||
| // flushing as "invalid" ensures that app world entities aren't added as "empty archetype" entities by default | |||
| // these entities cannot be accessed without spawning directly onto them | |||
| // this _only_ works as expected because clear_entities() is called at the end of every frame. | |||
| render_app.world.entities_mut().flush_as_invalid(); | |||
| unsafe { render_app.world.entities_mut() }.flush_as_invalid(); | |||
There was a problem hiding this comment.
Is there a way to avoid this entirely?
There was a problem hiding this comment.
not sure, I dont particularly understand what the render app is actually trying to accomplish here 😅
There was a problem hiding this comment.
the render app "reserve" all the entities from the main app, but actually spawn something only on some of them. this marks all entities by default as invalid so that the one which won't be used aren't usable
There was a problem hiding this comment.
The "right" way to do this would be to expose a safe mirror of flush_as_invalid() on World. But honestly this feature is niche enough that im fine leaving this as-is for now.
BoxyUwU
changed the title
World::entities_mut >:(World::entities_mut >:(
alice-i-cecile
added
C-Bug
BoxyUwU
force-pushed
the
remove_entities_mut
branch
from
68499b4
to
6b3cd61
Compare
|
Figuring out how to fix the |
BoxyUwU
changed the title
World::entities_mut >:(World::entities_mut
alice-i-cecile
requested changes
Mar 24, 2022
There was a problem hiding this comment.
I agree with this change: this is very easy to create UB in safe code with, and so it's unsound if this is safe.
Entities is not very useful in general to the average user, and mutating it is particularly rare.
I really wish we would could avoid this being pub, but we can't, as it's needed in bevy_render.
alice-i-cecile
approved these changes
Mar 24, 2022
TheRawMeatball
approved these changes
Mar 28, 2022
alice-i-cecile
added
the
S-Ready-For-Final-Review
|
Adding to the 0.7 milestone; this is now actually UB since #4298 is merged. |
|
bors r+ |
bors bot
pushed a commit
that referenced
this pull request
Mar 30, 2022
# Objective
make bevy ecs a lil bit less unsound
## Solution
make unsound API unsafe so that there is an unsafe block to blame:
```rust
use bevy_ecs::prelude::*;
#[derive(Debug, Component)]
struct Foo(u8);
fn main() {
let mut world = World::new();
let e1 = world.spawn().id();
let e2 = world.spawn().insert(Foo(2)).id();
world.entities_mut().meta[0] = world.entities_mut().meta[1].clone();
let foo = world.entity(e1).get::<Foo>().unwrap();
// whoo i love having components i dont have
dbg!(foo);
}
```
This is not _strictly_ speaking UB, however:
- `Query::get_multiple` cannot work if this is allowed
- bevy_ecs is a pile of unsafe code whose soundness generally depends on the world being in a "correct" state with "no funny business" so it seems best to disallow this
- it is trivial to get bevy to panic inside of functions with safety invariants that have been violated (the entity location is not valid)
- it seems to violate what the safety invariant on `Entities::flush` is trying to ensure
bors
bot
changed the title
World::entities_mutWorld::entities_mut
james7132
added
the
C-Breaking-Change
aevyrie
pushed a commit
to aevyrie/bevy
that referenced
this pull request
Jun 7, 2022
# Objective
make bevy ecs a lil bit less unsound
## Solution
make unsound API unsafe so that there is an unsafe block to blame:
```rust
use bevy_ecs::prelude::*;
#[derive(Debug, Component)]
struct Foo(u8);
fn main() {
let mut world = World::new();
let e1 = world.spawn().id();
let e2 = world.spawn().insert(Foo(2)).id();
world.entities_mut().meta[0] = world.entities_mut().meta[1].clone();
let foo = world.entity(e1).get::<Foo>().unwrap();
// whoo i love having components i dont have
dbg!(foo);
}
```
This is not _strictly_ speaking UB, however:
- `Query::get_multiple` cannot work if this is allowed
- bevy_ecs is a pile of unsafe code whose soundness generally depends on the world being in a "correct" state with "no funny business" so it seems best to disallow this
- it is trivial to get bevy to panic inside of functions with safety invariants that have been violated (the entity location is not valid)
- it seems to violate what the safety invariant on `Entities::flush` is trying to ensure
ItsDoot
pushed a commit
to ItsDoot/bevy
that referenced
this pull request
Feb 1, 2023
# Objective
make bevy ecs a lil bit less unsound
## Solution
make unsound API unsafe so that there is an unsafe block to blame:
```rust
use bevy_ecs::prelude::*;
#[derive(Debug, Component)]
struct Foo(u8);
fn main() {
let mut world = World::new();
let e1 = world.spawn().id();
let e2 = world.spawn().insert(Foo(2)).id();
world.entities_mut().meta[0] = world.entities_mut().meta[1].clone();
let foo = world.entity(e1).get::<Foo>().unwrap();
// whoo i love having components i dont have
dbg!(foo);
}
```
This is not _strictly_ speaking UB, however:
- `Query::get_multiple` cannot work if this is allowed
- bevy_ecs is a pile of unsafe code whose soundness generally depends on the world being in a "correct" state with "no funny business" so it seems best to disallow this
- it is trivial to get bevy to panic inside of functions with safety invariants that have been violated (the entity location is not valid)
- it seems to violate what the safety invariant on `Entities::flush` is trying to ensure
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Objective
make bevy ecs a lil bit less unsound
Solution
make unsound API unsafe so that there is an unsafe block to blame:
This is not strictly speaking UB, however:
Query::get_multiplecannot work if this is allowedEntities::flushis trying to ensure