From 46230720b56a3b7ed19a4edeb39dd8cca614bae2 Mon Sep 17 00:00:00 2001 From: Dzmitry Malyshau Date: Mon, 6 Jul 2020 23:46:46 -0400 Subject: [PATCH] Remove UnsafeFeatures as we decided the top level guard is not useful --- player/src/main.rs | 1 - wgpu-core/src/instance.rs | 27 +++++---------------------- wgpu-types/src/lib.rs | 35 ----------------------------------- 3 files changed, 5 insertions(+), 58 deletions(-) diff --git a/player/src/main.rs b/player/src/main.rs index ef42c883b1..4188372465 100644 --- a/player/src/main.rs +++ b/player/src/main.rs @@ -491,7 +491,6 @@ fn main() { #[cfg(not(feature = "winit"))] compatible_surface: None, }, - unsafe { wgt::UnsafeFeatures::allow() }, wgc::instance::AdapterInputs::IdSet( &[wgc::id::TypedId::zip(0, 0, backend)], |id| id.backend(), diff --git a/wgpu-core/src/instance.rs b/wgpu-core/src/instance.rs index 7aba21026f..9b670de05d 100644 --- a/wgpu-core/src/instance.rs +++ b/wgpu-core/src/instance.rs @@ -125,12 +125,11 @@ pub struct Adapter { pub(crate) raw: hal::adapter::Adapter, features: wgt::Features, limits: wgt::Limits, - unsafe_features: wgt::UnsafeFeatures, life_guard: LifeGuard, } impl Adapter { - fn new(raw: hal::adapter::Adapter, unsafe_features: wgt::UnsafeFeatures) -> Self { + fn new(raw: hal::adapter::Adapter) -> Self { span!(_guard, INFO, "Adapter::new"); let adapter_features = raw.physical_device.features(); @@ -160,9 +159,6 @@ impl Adapter { wgt::Features::MULTI_DRAW_INDIRECT_COUNT, adapter_features.contains(hal::Features::DRAW_INDIRECT_COUNT), ); - if unsafe_features.allowed() { - // Unsafe features go here - } let adapter_limits = raw.physical_device.limits(); @@ -176,7 +172,6 @@ impl Adapter { raw, features, limits, - unsafe_features, life_guard: LifeGuard::new(), } } @@ -325,11 +320,7 @@ impl Global { self.surfaces.register_identity(id_in, surface, &mut token) } - pub fn enumerate_adapters( - &self, - unsafe_features: wgt::UnsafeFeatures, - inputs: AdapterInputs>, - ) -> Vec { + pub fn enumerate_adapters(&self, inputs: AdapterInputs>) -> Vec { span!(_guard, INFO, "Instance::enumerate_adapters"); let instance = &self.instance; @@ -341,7 +332,7 @@ impl Global { if let Some(inst) = instance_field { if let Some(id_backend) = inputs.find(backend) { for raw in inst.enumerate_adapters() { - let adapter = Adapter::new(raw, unsafe_features); + let adapter = Adapter::new(raw); log::info!("Adapter {} {:?}", backend_info, adapter.raw.info); adapters.push(backend_hub(self).adapters.register_identity( id_backend.clone(), @@ -369,7 +360,6 @@ impl Global { pub fn pick_adapter( &self, desc: &RequestAdapterOptions, - unsafe_features: wgt::UnsafeFeatures, inputs: AdapterInputs>, ) -> Option { span!(_guard, INFO, "Instance::pick_adapter"); @@ -482,7 +472,7 @@ impl Global { backends_map! { let map = |(info_adapter, id_backend, mut adapters_backend, backend_hub)| { if selected < adapters_backend.len() { - let adapter = Adapter::new(adapters_backend.swap_remove(selected), unsafe_features); + let adapter = Adapter::new(adapters_backend.swap_remove(selected)); log::info!("Adapter {} {:?}", info_adapter, adapter.raw.info); let id = backend_hub(self).adapters.register_identity( id_backend.take().unwrap(), @@ -585,14 +575,7 @@ impl Global { let adapter = &adapter_guard[adapter_id]; let phd = &adapter.raw.physical_device; - // Verify all features were exposed by the adapter - if !adapter.unsafe_features.allowed() { - assert!( - !desc.features.intersects(wgt::Features::ALL_UNSAFE), - "Cannot enable unsafe features without passing UnsafeFeatures::allow() when getting an adapter. Enabled unsafe extensions: {:?}", - desc.features & wgt::Features::ALL_UNSAFE - ) - } + // Verify all features were exposed by the adapter if !adapter.features.contains(desc.features) { return Err(RequestDeviceError::UnsupportedFeature( desc.features - adapter.features, diff --git a/wgpu-types/src/lib.rs b/wgpu-types/src/lib.rs index 1d9703d08b..6cdfd7531a 100644 --- a/wgpu-types/src/lib.rs +++ b/wgpu-types/src/lib.rs @@ -234,46 +234,11 @@ bitflags::bitflags! { const MULTI_DRAW_INDIRECT_COUNT = 0x0000_0000_0040_0000; /// Features which are part of the upstream webgpu standard const ALL_WEBGPU = 0x0000_0000_0000_FFFF; - /// Features that require activating the unsafe feature flag - const ALL_UNSAFE = 0xFFFF_0000_0000_0000; /// Features that are only available when targeting native (not web) const ALL_NATIVE = 0xFFFF_FFFF_FFFF_0000; } } -/// Marker type signalling if unsafe features are allowed to be enabled. -/// -/// This doesn't enable any unsafe features, but must be set to `allow` if -/// an unsafe features is enabled. -/// -/// The safety contract of safe Rust is that it is impossible to cause Undefined Behavior (UB) -/// from safe Rust. If a feature would allow UB to happen, it must preset an unsafe interface. -/// Enabling unsafe features is therefore an inherently unsafe operation. -#[derive(Debug, Copy, Clone, Default, Eq, PartialEq, Hash)] -#[cfg_attr(feature = "trace", derive(Serialize))] -#[cfg_attr(feature = "replay", derive(Deserialize))] -pub struct UnsafeFeatures { - allow_unsafe: bool, -} -impl UnsafeFeatures { - /// Allow unsafe features to be enabled. This is an unsafe function and by calling this - /// function, you assert that even with these features on, it is impossible to cause UB - /// from within safe Rust. - pub unsafe fn allow() -> Self { - Self { allow_unsafe: true } - } - /// Disallow unsafe features. - pub fn disallow() -> Self { - Self { - allow_unsafe: false, - } - } - /// Does this marker allow unsafe features. - pub fn allowed(self) -> bool { - self.allow_unsafe - } -} - /// Represents the sets of limits an adapter/device supports. /// /// Limits "better" than the default must be supported by the adapter and requested when requesting