[Merged by Bors] - Lock down access to Entities #6740
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
james7132
added
C-Docs
alice-i-cecile
approved these changes
Nov 24, 2022
There was a problem hiding this comment.
I like this change a lot, and the docs are good. IMO this is essential for #6733, as it restricts users to the happy path.
Co-authored-by: Alice Cecile <[email protected]>
jakobhellermann
approved these changes
Nov 24, 2022
Co-authored-by: Jakob Hellermann <[email protected]>
alice-i-cecile
added
the
S-Ready-For-Final-Review
Weibye
approved these changes
Nov 24, 2022
|
Incorporated the changes from #3985 and reworded it to address the unresolved comments from that PR. |
There was a problem hiding this comment.
One thought I had is that Entity: Reflect which usually means that the fields are considered public and exposed. But we do impl_reflect_value
bevy/crates/bevy_ecs/src/reflect.rs
Line 404 in 3827316
so it is treated as an opaque identifier.
| Exists(EntityLocation), | ||
| DidNotExist, | ||
| ExistsWithWrongGeneration, | ||
| } | ||
|
|
||
| impl Entity { | ||
| #[cfg(test)] | ||
| pub(crate) const fn new(index: u32, generation: u32) -> Entity { |
There was a problem hiding this comment.
I looked at the other methods on Entity.
After this PR we still have
Entity::from_bits(Entity::to_bits(entity))is still a perfect roundtripEntity::from_raw(index)still exists and gives an entity withindexandgeneration0Entity::index()andEntity::generation()
The use case from the docs of from_raw could be replace with Entity::INVALID. Do we know of other use cases, otherwise maybe replace it?
There was a problem hiding this comment.
This actually isn't a departure from the current status quo. Both fields were pub(crate) before this so you couldn't create a raw entity outside of Entity::from_raw before this PR.
The only time I can think of needing to construct a raw entity that isn't covered by serialization or reflection is for testing, for which there is no real need to round-trip it.
|
That last thread may be nice to address elsewhere, but shouldn't block this work :) bors r+ |
bors bot
pushed a commit
that referenced
this pull request
Nov 28, 2022
# Objective The soundness of the ECS `World` partially relies on the correctness of the state of `Entities` stored within it. We're currently allowing users to (unsafely) mutate it, as well as readily construct it without using a `World`. While this is not strictly unsound so long as users (including `bevy_render`) safely use the APIs, it's a fairly easy path to unsoundness without much of a guard rail. Addresses #3362 for `bevy_ecs::entity`. Incorporates the changes from #3985. ## Solution Remove `Entities`'s `Default` implementation and force access to the type to only be through a properly constructed `World`. Additional cleanup for other parts of `bevy_ecs::entity`: - `Entity::index` and `Entity::generation` are no longer `pub(crate)`, opting to force the rest of bevy_ecs to use the public interface to access these values. - `EntityMeta` is no longer `pub` and also not `pub(crate)` to attempt to cut down on updating `generation` without going through an `Entities` API. It's currently inaccessible except via the `pub(crate)` Vec on `Entities`, there was no way for an outside user to use it. - Added `Entities::set`, an unsafe `pub(crate)` API for setting the location of an Entity (parallel to `Entities::get`) that replaces the internal case where we need to set the location of an entity when it's been spawned, moved, or despawned. - `Entities::alloc_at_without_replacement` is only used in `World::get_or_spawn` within the first party crates, and I cannot find a public use of this API in any ecosystem crate that I've checked (via GitHub search). - Attempted to document the few remaining undocumented public APIs in the module. --- ## Changelog Removed: `Entities`'s `Default` implementation. Removed: `EntityMeta` Removed: `Entities::alloc_at_without_replacement` and `AllocAtWithoutReplacement`. Co-authored-by: james7132 <[email protected]> Co-authored-by: James Liu <[email protected]>
|
Build failed (retrying...): |
|
Merge conflict. |
|
bors retry |
bors bot
pushed a commit
that referenced
this pull request
Nov 28, 2022
# Objective The soundness of the ECS `World` partially relies on the correctness of the state of `Entities` stored within it. We're currently allowing users to (unsafely) mutate it, as well as readily construct it without using a `World`. While this is not strictly unsound so long as users (including `bevy_render`) safely use the APIs, it's a fairly easy path to unsoundness without much of a guard rail. Addresses #3362 for `bevy_ecs::entity`. Incorporates the changes from #3985. ## Solution Remove `Entities`'s `Default` implementation and force access to the type to only be through a properly constructed `World`. Additional cleanup for other parts of `bevy_ecs::entity`: - `Entity::index` and `Entity::generation` are no longer `pub(crate)`, opting to force the rest of bevy_ecs to use the public interface to access these values. - `EntityMeta` is no longer `pub` and also not `pub(crate)` to attempt to cut down on updating `generation` without going through an `Entities` API. It's currently inaccessible except via the `pub(crate)` Vec on `Entities`, there was no way for an outside user to use it. - Added `Entities::set`, an unsafe `pub(crate)` API for setting the location of an Entity (parallel to `Entities::get`) that replaces the internal case where we need to set the location of an entity when it's been spawned, moved, or despawned. - `Entities::alloc_at_without_replacement` is only used in `World::get_or_spawn` within the first party crates, and I cannot find a public use of this API in any ecosystem crate that I've checked (via GitHub search). - Attempted to document the few remaining undocumented public APIs in the module. --- ## Changelog Removed: `Entities`'s `Default` implementation. Removed: `EntityMeta` Removed: `Entities::alloc_at_without_replacement` and `AllocAtWithoutReplacement`. Co-authored-by: james7132 <[email protected]> Co-authored-by: James Liu <[email protected]>
bors
bot
changed the title
taiyoungjang
pushed a commit
to taiyoungjang/bevy
that referenced
this pull request
Dec 15, 2022
# Objective The soundness of the ECS `World` partially relies on the correctness of the state of `Entities` stored within it. We're currently allowing users to (unsafely) mutate it, as well as readily construct it without using a `World`. While this is not strictly unsound so long as users (including `bevy_render`) safely use the APIs, it's a fairly easy path to unsoundness without much of a guard rail. Addresses bevyengine#3362 for `bevy_ecs::entity`. Incorporates the changes from bevyengine#3985. ## Solution Remove `Entities`'s `Default` implementation and force access to the type to only be through a properly constructed `World`. Additional cleanup for other parts of `bevy_ecs::entity`: - `Entity::index` and `Entity::generation` are no longer `pub(crate)`, opting to force the rest of bevy_ecs to use the public interface to access these values. - `EntityMeta` is no longer `pub` and also not `pub(crate)` to attempt to cut down on updating `generation` without going through an `Entities` API. It's currently inaccessible except via the `pub(crate)` Vec on `Entities`, there was no way for an outside user to use it. - Added `Entities::set`, an unsafe `pub(crate)` API for setting the location of an Entity (parallel to `Entities::get`) that replaces the internal case where we need to set the location of an entity when it's been spawned, moved, or despawned. - `Entities::alloc_at_without_replacement` is only used in `World::get_or_spawn` within the first party crates, and I cannot find a public use of this API in any ecosystem crate that I've checked (via GitHub search). - Attempted to document the few remaining undocumented public APIs in the module. --- ## Changelog Removed: `Entities`'s `Default` implementation. Removed: `EntityMeta` Removed: `Entities::alloc_at_without_replacement` and `AllocAtWithoutReplacement`. Co-authored-by: james7132 <[email protected]> Co-authored-by: James Liu <[email protected]>
alradish
pushed a commit
to alradish/bevy
that referenced
this pull request
Jan 22, 2023
# Objective The soundness of the ECS `World` partially relies on the correctness of the state of `Entities` stored within it. We're currently allowing users to (unsafely) mutate it, as well as readily construct it without using a `World`. While this is not strictly unsound so long as users (including `bevy_render`) safely use the APIs, it's a fairly easy path to unsoundness without much of a guard rail. Addresses bevyengine#3362 for `bevy_ecs::entity`. Incorporates the changes from bevyengine#3985. ## Solution Remove `Entities`'s `Default` implementation and force access to the type to only be through a properly constructed `World`. Additional cleanup for other parts of `bevy_ecs::entity`: - `Entity::index` and `Entity::generation` are no longer `pub(crate)`, opting to force the rest of bevy_ecs to use the public interface to access these values. - `EntityMeta` is no longer `pub` and also not `pub(crate)` to attempt to cut down on updating `generation` without going through an `Entities` API. It's currently inaccessible except via the `pub(crate)` Vec on `Entities`, there was no way for an outside user to use it. - Added `Entities::set`, an unsafe `pub(crate)` API for setting the location of an Entity (parallel to `Entities::get`) that replaces the internal case where we need to set the location of an entity when it's been spawned, moved, or despawned. - `Entities::alloc_at_without_replacement` is only used in `World::get_or_spawn` within the first party crates, and I cannot find a public use of this API in any ecosystem crate that I've checked (via GitHub search). - Attempted to document the few remaining undocumented public APIs in the module. --- ## Changelog Removed: `Entities`'s `Default` implementation. Removed: `EntityMeta` Removed: `Entities::alloc_at_without_replacement` and `AllocAtWithoutReplacement`. Co-authored-by: james7132 <[email protected]> Co-authored-by: James Liu <[email protected]>
ItsDoot
pushed a commit
to ItsDoot/bevy
that referenced
this pull request
Feb 1, 2023
# Objective The soundness of the ECS `World` partially relies on the correctness of the state of `Entities` stored within it. We're currently allowing users to (unsafely) mutate it, as well as readily construct it without using a `World`. While this is not strictly unsound so long as users (including `bevy_render`) safely use the APIs, it's a fairly easy path to unsoundness without much of a guard rail. Addresses bevyengine#3362 for `bevy_ecs::entity`. Incorporates the changes from bevyengine#3985. ## Solution Remove `Entities`'s `Default` implementation and force access to the type to only be through a properly constructed `World`. Additional cleanup for other parts of `bevy_ecs::entity`: - `Entity::index` and `Entity::generation` are no longer `pub(crate)`, opting to force the rest of bevy_ecs to use the public interface to access these values. - `EntityMeta` is no longer `pub` and also not `pub(crate)` to attempt to cut down on updating `generation` without going through an `Entities` API. It's currently inaccessible except via the `pub(crate)` Vec on `Entities`, there was no way for an outside user to use it. - Added `Entities::set`, an unsafe `pub(crate)` API for setting the location of an Entity (parallel to `Entities::get`) that replaces the internal case where we need to set the location of an entity when it's been spawned, moved, or despawned. - `Entities::alloc_at_without_replacement` is only used in `World::get_or_spawn` within the first party crates, and I cannot find a public use of this API in any ecosystem crate that I've checked (via GitHub search). - Attempted to document the few remaining undocumented public APIs in the module. --- ## Changelog Removed: `Entities`'s `Default` implementation. Removed: `EntityMeta` Removed: `Entities::alloc_at_without_replacement` and `AllocAtWithoutReplacement`. Co-authored-by: james7132 <[email protected]> Co-authored-by: James Liu <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Objective
The soundness of the ECS
Worldpartially relies on the correctness of the state ofEntitiesstored within it. We're currently allowing users to (unsafely) mutate it, as well as readily construct it without using aWorld. While this is not strictly unsound so long as users (includingbevy_render) safely use the APIs, it's a fairly easy path to unsoundness without much of a guard rail.Addresses #3362 for
bevy_ecs::entity. Incorporates the changes from #3985.Solution
Remove
Entities'sDefaultimplementation and force access to the type to only be through a properly constructedWorld.Additional cleanup for other parts of
bevy_ecs::entity:Entity::indexandEntity::generationare no longerpub(crate), opting to force the rest of bevy_ecs to use the public interface to access these values.EntityMetais no longerpuband also notpub(crate)to attempt to cut down on updatinggenerationwithout going through anEntitiesAPI. It's currently inaccessible except via thepub(crate)Vec onEntities, there was no way for an outside user to use it.Entities::set, an unsafepub(crate)API for setting the location of an Entity (parallel toEntities::get) that replaces the internal case where we need to set the location of an entity when it's been spawned, moved, or despawned.Entities::alloc_at_without_replacementis only used inWorld::get_or_spawnwithin the first party crates, and I cannot find a public use of this API in any ecosystem crate that I've checked (via GitHub search).Changelog
Removed:
Entities'sDefaultimplementation.Removed:
EntityMetaRemoved:
Entities::alloc_at_without_replacementandAllocAtWithoutReplacement.Migration Guide
Entities'sDefaultimplementation has been removed. You can fetch a reference to aWorld'sEntitiesviaWorld::entitiesandWorld::entities_mut.Entities::alloc_at_without_replacementandAllocAtWithoutReplacementhas been made private due to difficulty in using it properly outside ofbevy_ecs. If you still need use of this API, please file an issue.