-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Safety #765
Safety #765
Commits on Jul 23, 2023
-
Switch UnprotectedStorage::get_mut to accept &self
This is the first step for addressing a soundness issue where parallel joins create aliasing mutable references to the storage and where in regular joins for some storages previously returned references will be invalidated by calling `get_mut` (at least under stacked borrows afaict). The internals of each storage are adjusted to store components within a `SyncUnsafeCell` to allow handing out mutable references. `SyncUnsafeCell` is a wrapper of `UnsafeCell` that provides `Sync` by default. Other various details: * Edge cases with `as` casts on 16-bit and 32-bit platforms addressed to avoid UB in `UnprotectedStorage` impls. * Safety documentation added to unsafe code usage within `UnprotectedStorage` impls. * Safety documentation added to unsafe impls of DistinctStorage (only in storages.rs) * Started introduction of `#[deny(unsafe_op_in_unsafe_fn)]` lint in various modules. * Safety requirements on `UnprotectedStorage::get/get_mut` updated. * `NullStorage` internals updated to handle ZSTs better (including properly dropping them when `clean` is called and not dropping them in `insert`) and not require `T: Default`. * In `Storage::insert` add the `id` to the mask after calling `inner.insert()` to protect against unwinding from the `insert` call.
Configuration menu - View commit details
-
Copy full SHA for 2f331ad - Browse repository at this point
Copy the full SHA 2f331adView commit details -
Update safety comments on uses of
UnprotectedStorage::get_mut
and c……hange how `UnprotectedStorage::clean` works. * `clean` now always clears all components even if dropping the storage would have dropped them automatically (this helps address an edge case with `DenseVecStorage::insert` overflowing a `u32`). * Add safety requirement to `clean` that indicates the caller should ensure the mask has been cleared even if unwinding occurs from the `clean` call. * Ensured uses of `clean` met this requirement. * Also continue expanding application of `unsafe_op_in_unsafe_fn` lint. * Fixed typo from previous commit where FlaggedStorage::get was using get_mut internally.
Configuration menu - View commit details
-
Copy full SHA for 8366ddb - Browse repository at this point
Copy the full SHA 8366ddbView commit details -
Configuration menu - View commit details
-
Copy full SHA for ba8b976 - Browse repository at this point
Copy the full SHA ba8b976View commit details -
Update DerefFlaggedStorage to account for changes, get_mut impl postp…
…oned since we most likely want to transition this to a streaming only storage (which is thus given &mut access).
Configuration menu - View commit details
-
Copy full SHA for ac2146d - Browse repository at this point
Copy the full SHA ac2146dView commit details -
Refactor
UnprotectedStorage
and addSharedGetAccessMut
traitImplementations and uses of these traits are not yet changed. However, hopefully this is the final form needed to have storages that only support lending/streaming joins while also allowing some storages to support regular `Iterator` like joins and parallel joins as well as allowing storages where `UnprotectedStorage<T>::AccessMut` doesn't implement `DerefMut<Target =T>` (like a planned variant of the flagged storage).
Configuration menu - View commit details
-
Copy full SHA for bf620e1 - Browse repository at this point
Copy the full SHA bf620e1View commit details -
Refactor
Join
family of traits so they can be more safely implement……ed/used: (NOTE: nothing compiling yet since implementation of these traits have not been updated) * Introduced `LendJoin` trait that is like the lending iterator version of `Join`. This is useful for types that need to return aliasing mutable references from `get` calls with distinct `id`s (e.g. `Entries`, `DerefFlaggedStorage`, `RestrictStoraged`). `LendJoin` uses `nougat` crate to provide a GAT based API on stable rust. * Removed unsound `JoinIter::get`/`JoinIter::get_unchecked` but these methods are present on `JoinLendIter` where they can be soundly implemented. * Since there is a single `MaybeJoin` type used for all joins, the convenient `.maybe()` method was moved to `LendJoin` which should be the common denominator of implemented join traits (if we put this method on multiple traits, rust might start wondering which one you want to call, which isn't convenient...). * `ParJoin` trait is no an longer empty trait that relies on the implementation in `Join`. The new `ParJoin::get` takes a shared reference so the `ParallelIterator` implementation no longer creates aliasing exclusive references to call `Join::get`. * `Join` is now an `unsafe` trait to require that the mask/values returned from `Join::open` are properly associated. * Extended application of `deny(unsafe_op_in_unsafe_fn)` to the `join` module and added safety documentation to calls to unsafe functions there. * Removed `Clone` implementation for `JoinIter<J> where J::Mask: Clone, J::Value: Clone`. Nothing, in `Join::get` safety requirements implies that this is safe, in the cases where this is safe, the user can just call `.join()` twice for similar effect. Other misc changes: * `BitAnd` helper trait and `MaybeJoin` struct moved to their own files to declutter `join/mod.rs`.
Configuration menu - View commit details
-
Copy full SHA for e7d0aa1 - Browse repository at this point
Copy the full SHA e7d0aa1View commit details -
Update Join/ParJoin/Unprotected implementations to match changes in t…
…hese traits and add LendJoin implementations. Compiles again!!! * Several Join implementors where commented out (marked with `D-TODO`) so that I can update them in a separate batch. Want to make sure the changes were working first. * Remove `where Self: 'next'` bound from `LendJoin::Type<'next>'` since this was causing issues and an unnecessary bound. * Fix several other errors related to usage of `LendJoin`'s GAT. * Fix other misc errors from the last few commits * `deny(unsafe_op_in_unsafe_fn)` now covers the whole crate. * Add safety comments to unsafe code used in `Generation` methods. Still need to: * Implement `SharedGetAccessMutStorage` for relevant storages. * Update commented out types that implement `Join`. * Update some safety comments.
Configuration menu - View commit details
-
Copy full SHA for cc97588 - Browse repository at this point
Copy the full SHA cc97588View commit details -
Implement SharedGetAccessMutStorage for applicable storages and updat…
…e storage safety comments.
Configuration menu - View commit details
-
Copy full SHA for 483914b - Browse repository at this point
Copy the full SHA 483914bView commit details -
Remove
get_mut
, renameget_access_mut
->get_mut
, rename`SharedGetAccessMutStorage` -> `SharedGetMutStorage`, rename `shared_get_access_mut` -> `shared_get_mut`.
Configuration menu - View commit details
-
Copy full SHA for 57e929c - Browse repository at this point
Copy the full SHA 57e929cView commit details -
* Start work on implementing LendJoin and safely re-implementing Join for `&ChangeSet`, `&mut ChangeSet`, and `ChangeSet`. * Add `AccessMut` trait as a replacement for a few cases that were using `DerefMut` (since we don't want to require that `UnprotectedStorage::AccessMut<'a>' has to implement `DerefMut`). IIRC the cases were originally missed because they are behind feature flags. * Modify `SharedGetMutOnly` to also be generic over the storage type so that we don't have to require `T: Component` (since we were getting the storage type from the associated `Component::Storage`). IIRC this is to support use in `ChangeSet<T>` which doesn't require `T: Component`.
Configuration menu - View commit details
-
Copy full SHA for 0968089 - Browse repository at this point
Copy the full SHA 0968089View commit details -
Configuration menu - View commit details
-
Copy full SHA for 25b27e5 - Browse repository at this point
Copy the full SHA 25b27e5View commit details -
Configuration menu - View commit details
-
Copy full SHA for 448c9de - Browse repository at this point
Copy the full SHA 448c9deView commit details -
Changes to allow soundly implementing Join/LendJoin for the owned Cha…
…ngeSet<T> where iterating it removes items. * Added additional requirement to Join::get/LendJoin::get that it can not be called multiple times with the same ID. * Added unsafe `RepeatableLendGet` trait to allow opt-out of this requirement so that a safe `JoinLendIter::get` method can remain exposed. * Updated relevant safety comments for uses/impls of `LendJoin::get`. * TODO for next commit: update all uses/impls of `Join::get` to ensure they correspond with the requirement changes.
Configuration menu - View commit details
-
Copy full SHA for 919434b - Browse repository at this point
Copy the full SHA 919434bView commit details -
Updated safety comments for impls/uses of Join (see previous commit for
addtional details)
Configuration menu - View commit details
-
Copy full SHA for d2d05f2 - Browse repository at this point
Copy the full SHA d2d05f2View commit details -
Configuration menu - View commit details
-
Copy full SHA for ce90ce7 - Browse repository at this point
Copy the full SHA ce90ce7View commit details -
Add lend_join example and make Miri run it without errors by fixing a…
…n issue in `shred`
Configuration menu - View commit details
-
Copy full SHA for bea1ea9 - Browse repository at this point
Copy the full SHA bea1ea9View commit details -
Remove "nightly" feature now that generic associated types have stabi…
…lized and bump the MSRV to 1.65.0
Configuration menu - View commit details
-
Copy full SHA for e22d22a - Browse repository at this point
Copy the full SHA e22d22aView commit details -
Uncomment
entry
module and rework implementation:* Replace `Join` impl with `LendJoin` (to avoid creating aliasing mutable references to the storage). * Create new `Storage::not_present_insert` method that requires that the `id` not be present in the mask. This is used by both `Storage::insert` and `VacantEntry::insert` so we can centralize documenting the safety of calling `UnprotectedStorage::insert` and the handling of potential unwinding from `BitSet::add`.
Configuration menu - View commit details
-
Copy full SHA for 738dc16 - Browse repository at this point
Copy the full SHA 738dc16View commit details -
Implement refactored Join traits for
RestrictedStorage
and other re……lated changes: * SharedGetMutOnly::get_mut changed from method to associated function to make its use more apparent (e.g. compared to calling UnprotectedStorage::get_mut). * New requirement added to ParJoin trait implementation to facilitate callers of ParJoin::get that need to ensure they don't repeat indices. * `ShareGetMutStorage::shared_get_mut` requirements tweaked to allow calling this in conjuction with `UnprotectedStorage::get` when the `id`s used don't overlap. This facilitates `Join`/`ParJoin` impls for `RestrictedStorage` which can allow getting a component for one entity mutably while immutably getting the component for another entity at the same time. * Marker types used for restricted storage implementation replaced with producing distinct types for different types of joins: `PairedStorageRead` (for any read only join), `PariedStorageWriteExclusive` (for mutable LendJoin), and `PairedStorageWriteShare` (for mutable Join/ParJoin). * Renamed `PairedStorage` (which was replaced with the 3 types above) methods `get_unchecked`/`get_unchecked_mut` to `get`/`get_mut` since `unchecked` often is used to indicate some safety requirement hasn't been checked which isn't the case here. Renamed existing `get`/`get_mut` methods to `get_other`/`get_mut_other`. * Other misc changes that were missed in previous commits.
Configuration menu - View commit details
-
Copy full SHA for e4c3655 - Browse repository at this point
Copy the full SHA e4c3655View commit details -
Update implementations of ParJoin and callers of ParJoin::get to refl…
…ect changes in safety requirements.
Configuration menu - View commit details
-
Copy full SHA for 6ca2338 - Browse repository at this point
Copy the full SHA 6ca2338View commit details -
Uncomment
drain
module, update safety comments and implement `LendJ……oin` for `Drain`.
Configuration menu - View commit details
-
Copy full SHA for 0fad41d - Browse repository at this point
Copy the full SHA 0fad41dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 2c7d5e6 - Browse repository at this point
Copy the full SHA 2c7d5e6View commit details -
Configuration menu - View commit details
-
Copy full SHA for c33cd7c - Browse repository at this point
Copy the full SHA c33cd7cView commit details -
Configuration menu - View commit details
-
Copy full SHA for 09f1a4c - Browse repository at this point
Copy the full SHA 09f1a4cView commit details -
Reduce loop iterations on some tests when running with Miri so that t…
…hey finish in a reasonable time
Configuration menu - View commit details
-
Copy full SHA for c3a301f - Browse repository at this point
Copy the full SHA c3a301fView commit details -
Configuration menu - View commit details
-
Copy full SHA for e8f80e7 - Browse repository at this point
Copy the full SHA e8f80e7View commit details -
Configuration menu - View commit details
-
Copy full SHA for 391b310 - Browse repository at this point
Copy the full SHA 391b310View commit details -
Enhance LendJoin docs to hopefully explain its purpose and usage
Also: * Make `lend_join` example more comprehensive to showcase the options for iterating without the Iterator trait, as well as the JoinLendIter::get method. Include comments in the example to explain different aspects. * Fix/add various links in code docs. * Publically export `SliceAccess` trait since it appears in bounds on the public `Storage::as_slice`/`Storage::as_mut_slice`.
Configuration menu - View commit details
-
Copy full SHA for 6b74393 - Browse repository at this point
Copy the full SHA 6b74393View commit details -
Configuration menu - View commit details
-
Copy full SHA for 5aa5abf - Browse repository at this point
Copy the full SHA 5aa5abfView commit details -
Configuration menu - View commit details
-
Copy full SHA for 2beb089 - Browse repository at this point
Copy the full SHA 2beb089View commit details -
Configuration menu - View commit details
-
Copy full SHA for cbfa283 - Browse repository at this point
Copy the full SHA cbfa283View commit details -
Configuration menu - View commit details
-
Copy full SHA for 819d6ca - Browse repository at this point
Copy the full SHA 819d6caView commit details -
Configuration menu - View commit details
-
Copy full SHA for 2400172 - Browse repository at this point
Copy the full SHA 2400172View commit details -
Fix and simply insert code unwinding handling since allocation is not…
… actually guaranteed to abort on failure
Configuration menu - View commit details
-
Copy full SHA for 6736f15 - Browse repository at this point
Copy the full SHA 6736f15View commit details -
Add nightly feature to enable shred/nightly for more efficient MetaTa…
…ble implmenetation.
Configuration menu - View commit details
-
Copy full SHA for a31e781 - Browse repository at this point
Copy the full SHA a31e781View commit details
Commits on Jul 24, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 1fc3d1f - Browse repository at this point
Copy the full SHA 1fc3d1fView commit details
Commits on Jul 25, 2023
-
Fix various compilation warnings, change abort on unwinding during in…
…sertion into removing the inserted component (mainly to make should_panic test work)
Configuration menu - View commit details
-
Copy full SHA for 5abd46a - Browse repository at this point
Copy the full SHA 5abd46aView commit details
Commits on Jul 26, 2023
-
Configuration menu - View commit details
-
Copy full SHA for de30c85 - Browse repository at this point
Copy the full SHA de30c85View commit details -
Update MSRV to 1.70 since that is apparently necessary to remove "whe…
…re Self: 'next" from LendJoin::get
Configuration menu - View commit details
-
Copy full SHA for 35da879 - Browse repository at this point
Copy the full SHA 35da879View commit details -
Configuration menu - View commit details
-
Copy full SHA for a8c96f8 - Browse repository at this point
Copy the full SHA a8c96f8View commit details
Commits on Sep 15, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 784c7b0 - Browse repository at this point
Copy the full SHA 784c7b0View commit details
Commits on Sep 16, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 5d3bfe7 - Browse repository at this point
Copy the full SHA 5d3bfe7View commit details -
Configuration menu - View commit details
-
Copy full SHA for a53d28e - Browse repository at this point
Copy the full SHA a53d28eView commit details -
Configuration menu - View commit details
-
Copy full SHA for 0a4b99a - Browse repository at this point
Copy the full SHA 0a4b99aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 6d4724b - Browse repository at this point
Copy the full SHA 6d4724bView commit details -
Configuration menu - View commit details
-
Copy full SHA for eecf83a - Browse repository at this point
Copy the full SHA eecf83aView commit details -
Configuration menu - View commit details
-
Copy full SHA for 276450e - Browse repository at this point
Copy the full SHA 276450eView commit details