Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Merged by Bors] - Fix unsoundness in EntityMut::world_scope #7387

Closed
wants to merge 17 commits into from
Closed

[Merged by Bors] - Fix unsoundness in EntityMut::world_scope #7387

Changes from 10 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
ce4a192
add a test case for `EntityMut` unsoundness
JoJoJet Jan 27, 2023
3412c82
catch the panic in the test
JoJoJet Jan 27, 2023
f134b43
use archetype moves instead of despawning
JoJoJet Jan 27, 2023
bb59e54
fix unsoundness
JoJoJet Jan 27, 2023
b85453e
rename `on_drop` -> `cleanup_guard`
JoJoJet Jan 27, 2023
0aff619
be overly cautious
JoJoJet Jan 27, 2023
f8ff83a
fix a stacked borrows failure
JoJoJet Jan 27, 2023
33cc770
Merge remote-tracking branch 'upstream/main' into world-scope-unsound
JoJoJet Jan 27, 2023
ecb90f7
update a comment
JoJoJet Jan 27, 2023
dfb9934
add a message to a test panic
JoJoJet Jan 27, 2023
3cb2ab0
Add a link to this PR on the regression test
JoJoJet Jan 27, 2023
41369f3
catch panics using only safe code
JoJoJet Jan 27, 2023
feecc66
Revert "catch panics using only safe code"
JoJoJet Jan 28, 2023
ed2bc62
use a custom guard type to to perform the cleanup
JoJoJet Jan 28, 2023
708abcc
fix a typo
JoJoJet Jan 28, 2023
c082001
make the regression test more rigorous
JoJoJet Jan 28, 2023
75f507f
minor correction to the docs for `EntityMut::update_location`
JoJoJet Jan 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 40 additions & 3 deletions crates/bevy_ecs/src/world/entity_ref.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -564,9 +564,22 @@ impl<'w> EntityMut<'w> {
/// # assert_eq!(new_r.0, 1);
/// ```
pub fn world_scope<U>(&mut self, f: impl FnOnce(&mut World) -> U) -> U {
let val = f(self.world);
self.update_location();
val
// Erase the lifetime of self, so we can get around the borrow checker.
let this_ptr = self as *mut Self;
JoJoJet marked this conversation as resolved.
Show resolved Hide resolved

// Update the stored `EntityLocation` for this instance.
// This will get called at the end of this scope, even if the closure `f` unwinds.
let _cleanup_guard = bevy_utils::OnDrop::new(move || {
// SAFETY:
// - When this closure gets called at the end of the outer scope,
// the reference to `self` will be inactive, which ensures that this will not alias.
// - The pointer must otherwise be safe to dereference, since it was obtained
// from a mutable reference.
let this = unsafe { &mut *this_ptr };
this.update_location();
});

f(self.world)
}

/// Updates the internal entity location to match the current location in the internal
Expand Down Expand Up @@ -856,6 +869,8 @@ pub(crate) unsafe fn take_component<'a>(

#[cfg(test)]
mod tests {
use std::panic::AssertUnwindSafe;

use crate as bevy_ecs;
use crate::component::ComponentId;
use crate::prelude::*; // for the `#[derive(Component)]`
Expand Down Expand Up @@ -947,4 +962,26 @@ mod tests {
assert!(entity.get_by_id(invalid_component_id).is_none());
assert!(entity.get_mut_by_id(invalid_component_id).is_none());
}

#[test]
JoJoJet marked this conversation as resolved.
Show resolved Hide resolved
fn entity_mut_world_scope_panic() {
let mut world = World::new();

let mut entity = world.spawn_empty();
let id = entity.id();
let res = std::panic::catch_unwind(AssertUnwindSafe(|| {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you need the AssertUnwindSafe by making the closure move?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would move the variable entity into the closure and make it inaccessible to the rest of the test.

entity.world_scope(|w| {
// Change the entity's `EnityLocation`, which invalidates the original `EntityMut`.
JoJoJet marked this conversation as resolved.
Show resolved Hide resolved
// This will get updated at the end of the scope.
w.entity_mut(id).insert(TestComponent(0));

// Ensure that the entity location still gets updated even in case of a panic.
panic!("this should get caught by the outer scope")
});
}));
assert!(res.is_err());

// If the `EntityLocation` has not been updated, this will cause UB.
entity.insert(TestComponent(0));
JoJoJet marked this conversation as resolved.
Show resolved Hide resolved
}
}