JoinIter::get allows mutable aliasing without the user writing any unsafe code. #647
Labels
Comments
|
Here is version of that where the lifetimes are explicit: use specs::{Builder, Component, DenseVecStorage, Join, World, WorldExt, WriteStorage, Storage, Read, Entity};
use specs::join::JoinIter;
use shred::FetchMut;
use specs::storage::MaskedStorage;
use specs::world::EntitiesRes;
#[derive(Default)]
struct TestComponent {
value: u32,
}
impl Component for TestComponent {
type Storage = DenseVecStorage<TestComponent>;
}
#[test]
fn testi() {
let mut world = World::new();
world.register::<TestComponent>();
let entity = world.create_entity().with(TestComponent::default()).build();
world.maintain();
let mut storage: WriteStorage<TestComponent> = world.write_storage();
let entities = world.entities();
fn a<'a: 'b, 'b>(
j: JoinIter<&'b mut Storage<'a, TestComponent, FetchMut<'a, MaskedStorage<TestComponent>>>>
) -> JoinIter<&'b mut Storage<'a, TestComponent, FetchMut<'a, MaskedStorage<TestComponent>>>>
{
j
}
let mut join_iter = a((&mut storage).join());
fn b<'a: 'b, 'b, 'c, 'd>(
j: &'c mut JoinIter<&'b mut Storage<'a, TestComponent, FetchMut<'a, MaskedStorage<TestComponent>>>>,
e: Entity,
es: &'d Read<'a, EntitiesRes>
) -> &'b mut TestComponent {
JoinIter::get(j, e, es).unwrap()
}
let aliased_ref_0 = b(&mut join_iter, entity, &entities);
let aliased_ref_1 = b(&mut join_iter, entity, &entities);
println!("aliased_ref_0 is initially {}.", aliased_ref_0.value);
aliased_ref_1.value += 1;
println!(
"After change to aliased_ref_1, aliased_ref_0 is now {}.",
aliased_ref_0.value
);
}and from this the reason why it's allowed is clear: |
|
This basically the old streaming vs non-streaming iterator thing, but manifested in different form. I thought I was clever before by adding this API for To fix this we would need to either prevent using |
azriel91
pushed a commit
to azriel91/specs
that referenced
this issue
Sep 30, 2019
537: Update rand requirement from 0.5.5 to 0.6.1 r=torkleyy a=dependabot[bot] Updates the requirements on [rand](https://github.com/rust-random/rand) to permit the latest version. <details> <summary>Changelog</summary> *Sourced from [rand's changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md).* > ## [0.6.1] - 2018-11-22 > - Support sampling `Duration` also for `no_std` (only since Rust 1.25) ([amethyst#649](https://github-redirect.dependabot.com/rust-random/rand/issues/649)) > - Disable default features of `libc` ([amethyst#647](https://github-redirect.dependabot.com/rust-random/rand/issues/647)) > > ## [0.6.0] - 2018-11-14 > > ### Project organisation > - Rand has moved from [rust-lang-nursery](https://github.com/rust-lang-nursery/rand) > to [rust-random](https://github.com/rust-random/rand)! ([amethyst#578](https://github-redirect.dependabot.com/rust-random/rand/issues/578)) > - Created [The Rust Random Book](https://rust-random.github.io/book/) > ([source](https://github.com/rust-random/book)) > - Update copyright and licence notices ([amethyst#591](https://github-redirect.dependabot.com/rust-random/rand/issues/591), [amethyst#611](https://github-redirect.dependabot.com/rust-random/rand/issues/611)) > - Migrate policy documentation from the wiki ([amethyst#544](https://github-redirect.dependabot.com/rust-random/rand/issues/544)) > > ### Platforms > - Add fork protection on Unix ([amethyst#466](https://github-redirect.dependabot.com/rust-random/rand/issues/466)) > - Added support for wasm-bindgen. ([amethyst#541](https://github-redirect.dependabot.com/rust-random/rand/issues/541), [amethyst#559](https://github-redirect.dependabot.com/rust-random/rand/issues/559), [amethyst#562](https://github-redirect.dependabot.com/rust-random/rand/issues/562), [amethyst#600](https://github-redirect.dependabot.com/rust-random/rand/issues/600)) > - Enable `OsRng` for powerpc64, sparc and sparc64 ([amethyst#609](https://github-redirect.dependabot.com/rust-random/rand/issues/609)) > - Use `syscall` from `libc` on Linux instead of redefining it ([amethyst#629](https://github-redirect.dependabot.com/rust-random/rand/issues/629)) > > ### RNGs > - Switch `SmallRng` to use PCG ([amethyst#623](https://github-redirect.dependabot.com/rust-random/rand/issues/623)) > - Implement `Pcg32` and `Pcg64Mcg` generators ([amethyst#632](https://github-redirect.dependabot.com/rust-random/rand/issues/632)) > - Move ISAAC RNGs to a dedicated crate ([amethyst#551](https://github-redirect.dependabot.com/rust-random/rand/issues/551)) > - Move Xorshift RNG to its own crate ([amethyst#557](https://github-redirect.dependabot.com/rust-random/rand/issues/557)) > - Move ChaCha and HC128 RNGs to dedicated crates ([amethyst#607](https://github-redirect.dependabot.com/rust-random/rand/issues/607), [amethyst#636](https://github-redirect.dependabot.com/rust-random/rand/issues/636)) > - Remove usage of `Rc` from `ThreadRng` ([amethyst#615](https://github-redirect.dependabot.com/rust-random/rand/issues/615)) > > ### Sampling and distributions > - Implement `Rng.gen_ratio()` and `Bernoulli::new_ratio()` ([amethyst#491](https://github-redirect.dependabot.com/rust-random/rand/issues/491)) > - Make `Uniform` strictly respect `f32` / `f64` high/low bounds ([amethyst#477](https://github-redirect.dependabot.com/rust-random/rand/issues/477)) > - Allow `gen_range` and `Uniform` to work on non-`Copy` types ([amethyst#506](https://github-redirect.dependabot.com/rust-random/rand/issues/506)) > - `Uniform` supports inclusive ranges: `Uniform::from(a..=b)`. This is > automatically enabled for Rust >= 1.27. ([amethyst#566](https://github-redirect.dependabot.com/rust-random/rand/issues/566)) > - Implement `TrustedLen` and `FusedIterator` for `DistIter` ([amethyst#620](https://github-redirect.dependabot.com/rust-random/rand/issues/620)) > > #### New distributions > - Add the `Dirichlet` distribution ([amethyst#485](https://github-redirect.dependabot.com/rust-random/rand/issues/485)) > - Added sampling from the unit sphere and circle. ([amethyst#567](https://github-redirect.dependabot.com/rust-random/rand/issues/567)) > - Implement the triangular distribution ([amethyst#575](https://github-redirect.dependabot.com/rust-random/rand/issues/575)) > - Implement the Weibull distribution ([amethyst#576](https://github-redirect.dependabot.com/rust-random/rand/issues/576)) > - Implement the Beta distribution ([amethyst#574](https://github-redirect.dependabot.com/rust-random/rand/issues/574)) > > #### Optimisations > > - Optimise `Bernoulli::new` ([amethyst#500](https://github-redirect.dependabot.com/rust-random/rand/issues/500)) > - Optimise `char` sampling ([amethyst#519](https://github-redirect.dependabot.com/rust-random/rand/issues/519)) > - Optimise sampling of `std::time::Duration` ([amethyst#583](https://github-redirect.dependabot.com/rust-random/rand/issues/583)) > > ### Sequences ></table> ... (truncated) </details> <details> <summary>Commits</summary> - See full diff in [compare view](https://github.com/rust-random/rand/commits/0.6.1) </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- **Note:** This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit. You can always request more updates by clicking `Bump now` in your [Dependabot dashboard](https://app.dependabot.com). <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot. </details> Co-authored-by: dependabot[bot] <support@dependabot.com> Co-authored-by: Thomas Schaller <torkleyy@gmail.com>
|
This API is very clearly unsound and needs to be removed. |
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Using the
JoinIter::getmethod, it is possible for a user ofspecsto create two mutable references to the same component data, without the user writing anyunsafecode. Here is a simple program that illustrates the issue:When I run this program, I get the following output:
The issue doesn't seem too hard to avoid as long as I only use
JoinIterfor its intended purpose as an iterator, but even so, the fact that I can violate Rust's aliasing rules without writingunsafeseems like an issue. PerhapsJoinIter::getneeds to be made private to thespecscrate, or maybe it just needs to be markedunsafe? I imagine the same issue can occur withJoinIter::get_unchecked, though I haven't tested it.Meta
Rust version: 1.37.0 (2018 edition)
Specs version / commit: 0.15.1
Operating system: Ubuntu 18.04.3 LTS 64-bit
Reproduction
Steps to reproduce the behavior:
Expected behavior
I would expect the above code not to compile, at least not without modifying it to include an
unsafeblock.The text was updated successfully, but these errors were encountered: