Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Merged by Bors] - Fix unsoundness for propagate_recursive #7003

Closed
wants to merge 12 commits into from
Closed

[Merged by Bors] - Fix unsoundness for propagate_recursive #7003

wants to merge 12 commits into from

Conversation

JoJoJet
Copy link
Member

@JoJoJet JoJoJet commented Dec 21, 2022

Objective

Fix #6983.

Solution

Mark the function propagate_recursive as unsafe, and specify the safety invariants through doc comments.

@james7132 james7132 added A-Hierarchy Parent-child entity hierarchies P-Unsound A bug that results in undefined compiler behavior labels Dec 21, 2022
james7132
james7132 requested changes Dec 21, 2022
View reviewed changes
crates/bevy_transform/src/systems.rs Outdated Show resolved Hide resolved
crates/bevy_transform/src/systems.rs Outdated Show resolved Hide resolved
@alice-i-cecile alice-i-cecile self-requested a review December 22, 2022 01:56
@alice-i-cecile alice-i-cecile added this to the 0.10 milestone Dec 22, 2022
james7132
james7132 requested changes Dec 22, 2022
View reviewed changes
crates/bevy_transform/src/systems.rs Outdated Show resolved Hide resolved
crates/bevy_transform/src/systems.rs Outdated Show resolved Hide resolved
james7132
james7132 reviewed Dec 23, 2022
View reviewed changes
crates/bevy_transform/src/systems.rs Outdated
*child,
changed,
);
// SAFETY: Assuming the hierarchy is consistent, we can be sure that each `child` entity
Copy link
Member

@james7132 james7132 Dec 23, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking on this a bit more. I'm still not satisfied with this safety comment. We can't assume that the hierarchy is consistent and tree/forest-like. That's what the assertion in the recursive function is for. Not sure what the best wording here is, since the validation for the safety invariant is asserted (recursively) in the called function itself, but is only safe under the assumption that individual entire trees are not aliased from the roots.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could document propagate_recursive with the invariant that it will panic if the hierarchy is malformed, and then cite that invariant in this safety comment. Does that seem right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should definitely document the panic on propagate_recursive, but the safety justification here is only valid if both the uniqueness of the roots AND the panic are included. The safety guarantee requires both the hierarchy to be not malformed (or panic if it is), and for the tree from the root down to be uniquely accessed from a single thread for it to be valid.

Copy link
Member Author

@JoJoJet JoJoJet Dec 24, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ended up rewriting this comment and the docs for propagate_recursive entirely. Lmk if thats an improvement.

alice-i-cecile
alice-i-cecile approved these changes Dec 24, 2022
View reviewed changes
Copy link
Member

@alice-i-cecile alice-i-cecile left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those are very nice safety docs now!

james7132
james7132 approved these changes Dec 24, 2022
View reviewed changes
Copy link
Member

@james7132 james7132 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is much better now. LGTM.

@alice-i-cecile alice-i-cecile added the S-Ready-For-Final-Review This PR has been approved by the community. It's ready for a maintainer to consider merging it label Dec 24, 2022
@alice-i-cecile
Copy link
Member

bors r+

bors bot pushed a commit that referenced this pull request Dec 25, 2022
@JoJoJet
Fix unsoundness for propagate_recursive (#7003)
e0b571c 
# Objective

Fix #6983.

## Solution

Mark the function `propagate_recursive` as unsafe, and specify the safety invariants through doc comments.
@bors
Copy link
Contributor

bors bot commented Dec 25, 2022

Build failed (retrying...):

bors bot pushed a commit that referenced this pull request Dec 25, 2022
@JoJoJet
Fix unsoundness for propagate_recursive (#7003)
b3d5906 
# Objective

Fix #6983.

## Solution

Mark the function `propagate_recursive` as unsafe, and specify the safety invariants through doc comments.
@bors
Copy link
Contributor

bors bot commented Dec 25, 2022

Pull request successfully merged into main.

Build succeeded:

@bors bors bot changed the title Fix unsoundness for propagate_recursive [Merged by Bors] - Fix unsoundness for propagate_recursive Dec 25, 2022
@bors bors bot closed this Dec 25, 2022
@JoJoJet JoJoJet deleted the propagate-recursive-unsound branch January 13, 2023 02:30
alradish pushed a commit to alradish/bevy that referenced this pull request Jan 22, 2023
@JoJoJet @alradish
Fix unsoundness for propagate_recursive (bevyengine#7003)
0ca7882 
# Objective

Fix bevyengine#6983.

## Solution

Mark the function `propagate_recursive` as unsafe, and specify the safety invariants through doc comments.
ItsDoot pushed a commit to ItsDoot/bevy that referenced this pull request Feb 1, 2023
@JoJoJet @ItsDoot
Fix unsoundness for propagate_recursive (bevyengine#7003)
dccf5ec 
# Objective

Fix bevyengine#6983.

## Solution

Mark the function `propagate_recursive` as unsafe, and specify the safety invariants through doc comments.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alice-i-cecile alice-i-cecile alice-i-cecile approved these changes

@james7132 james7132 james7132 approved these changes

@BoxyUwU BoxyUwU Awaiting requested review from BoxyUwU

Assignees
No one assigned
Labels
A-Hierarchy Parent-child entity hierarchies P-Unsound A bug that results in undefined compiler behavior S-Ready-For-Final-Review This PR has been approved by the community. It's ready for a maintainer to consider merging it
Projects
None yet
Milestone
0.10
Development

Successfully merging this pull request may close these issues.

internal fn propagate_recursive is unsound (unexploitably)
3 participants
@JoJoJet @alice-i-cecile @james7132