-
Notifications
You must be signed in to change notification settings - Fork 221
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JoinIter::get allows mutable aliasing without the user writing any unsafe code. #647
Comments
Here is version of that where the lifetimes are explicit: use specs::{Builder, Component, DenseVecStorage, Join, World, WorldExt, WriteStorage, Storage, Read, Entity};
use specs::join::JoinIter;
use shred::FetchMut;
use specs::storage::MaskedStorage;
use specs::world::EntitiesRes;
#[derive(Default)]
struct TestComponent {
value: u32,
}
impl Component for TestComponent {
type Storage = DenseVecStorage<TestComponent>;
}
#[test]
fn testi() {
let mut world = World::new();
world.register::<TestComponent>();
let entity = world.create_entity().with(TestComponent::default()).build();
world.maintain();
let mut storage: WriteStorage<TestComponent> = world.write_storage();
let entities = world.entities();
fn a<'a: 'b, 'b>(
j: JoinIter<&'b mut Storage<'a, TestComponent, FetchMut<'a, MaskedStorage<TestComponent>>>>
) -> JoinIter<&'b mut Storage<'a, TestComponent, FetchMut<'a, MaskedStorage<TestComponent>>>>
{
j
}
let mut join_iter = a((&mut storage).join());
fn b<'a: 'b, 'b, 'c, 'd>(
j: &'c mut JoinIter<&'b mut Storage<'a, TestComponent, FetchMut<'a, MaskedStorage<TestComponent>>>>,
e: Entity,
es: &'d Read<'a, EntitiesRes>
) -> &'b mut TestComponent {
JoinIter::get(j, e, es).unwrap()
}
let aliased_ref_0 = b(&mut join_iter, entity, &entities);
let aliased_ref_1 = b(&mut join_iter, entity, &entities);
println!("aliased_ref_0 is initially {}.", aliased_ref_0.value);
aliased_ref_1.value += 1;
println!(
"After change to aliased_ref_1, aliased_ref_0 is now {}.",
aliased_ref_0.value
);
} and from this the reason why it's allowed is clear: |
This basically the old streaming vs non-streaming iterator thing, but manifested in different form. I thought I was clever before by adding this API for To fix this we would need to either prevent using |
537: Update rand requirement from 0.5.5 to 0.6.1 r=torkleyy a=dependabot[bot] Updates the requirements on [rand](https://github.com/rust-random/rand) to permit the latest version. <details> <summary>Changelog</summary> *Sourced from [rand's changelog](https://github.com/rust-random/rand/blob/master/CHANGELOG.md).* > ## [0.6.1] - 2018-11-22 > - Support sampling `Duration` also for `no_std` (only since Rust 1.25) ([amethyst#649](https://github-redirect.dependabot.com/rust-random/rand/issues/649)) > - Disable default features of `libc` ([amethyst#647](https://github-redirect.dependabot.com/rust-random/rand/issues/647)) > > ## [0.6.0] - 2018-11-14 > > ### Project organisation > - Rand has moved from [rust-lang-nursery](https://github.com/rust-lang-nursery/rand) > to [rust-random](https://github.com/rust-random/rand)! ([amethyst#578](https://github-redirect.dependabot.com/rust-random/rand/issues/578)) > - Created [The Rust Random Book](https://rust-random.github.io/book/) > ([source](https://github.com/rust-random/book)) > - Update copyright and licence notices ([amethyst#591](https://github-redirect.dependabot.com/rust-random/rand/issues/591), [amethyst#611](https://github-redirect.dependabot.com/rust-random/rand/issues/611)) > - Migrate policy documentation from the wiki ([amethyst#544](https://github-redirect.dependabot.com/rust-random/rand/issues/544)) > > ### Platforms > - Add fork protection on Unix ([amethyst#466](https://github-redirect.dependabot.com/rust-random/rand/issues/466)) > - Added support for wasm-bindgen. ([amethyst#541](https://github-redirect.dependabot.com/rust-random/rand/issues/541), [amethyst#559](https://github-redirect.dependabot.com/rust-random/rand/issues/559), [amethyst#562](https://github-redirect.dependabot.com/rust-random/rand/issues/562), [amethyst#600](https://github-redirect.dependabot.com/rust-random/rand/issues/600)) > - Enable `OsRng` for powerpc64, sparc and sparc64 ([amethyst#609](https://github-redirect.dependabot.com/rust-random/rand/issues/609)) > - Use `syscall` from `libc` on Linux instead of redefining it ([amethyst#629](https://github-redirect.dependabot.com/rust-random/rand/issues/629)) > > ### RNGs > - Switch `SmallRng` to use PCG ([amethyst#623](https://github-redirect.dependabot.com/rust-random/rand/issues/623)) > - Implement `Pcg32` and `Pcg64Mcg` generators ([amethyst#632](https://github-redirect.dependabot.com/rust-random/rand/issues/632)) > - Move ISAAC RNGs to a dedicated crate ([amethyst#551](https://github-redirect.dependabot.com/rust-random/rand/issues/551)) > - Move Xorshift RNG to its own crate ([amethyst#557](https://github-redirect.dependabot.com/rust-random/rand/issues/557)) > - Move ChaCha and HC128 RNGs to dedicated crates ([amethyst#607](https://github-redirect.dependabot.com/rust-random/rand/issues/607), [amethyst#636](https://github-redirect.dependabot.com/rust-random/rand/issues/636)) > - Remove usage of `Rc` from `ThreadRng` ([amethyst#615](https://github-redirect.dependabot.com/rust-random/rand/issues/615)) > > ### Sampling and distributions > - Implement `Rng.gen_ratio()` and `Bernoulli::new_ratio()` ([amethyst#491](https://github-redirect.dependabot.com/rust-random/rand/issues/491)) > - Make `Uniform` strictly respect `f32` / `f64` high/low bounds ([amethyst#477](https://github-redirect.dependabot.com/rust-random/rand/issues/477)) > - Allow `gen_range` and `Uniform` to work on non-`Copy` types ([amethyst#506](https://github-redirect.dependabot.com/rust-random/rand/issues/506)) > - `Uniform` supports inclusive ranges: `Uniform::from(a..=b)`. This is > automatically enabled for Rust >= 1.27. ([amethyst#566](https://github-redirect.dependabot.com/rust-random/rand/issues/566)) > - Implement `TrustedLen` and `FusedIterator` for `DistIter` ([amethyst#620](https://github-redirect.dependabot.com/rust-random/rand/issues/620)) > > #### New distributions > - Add the `Dirichlet` distribution ([amethyst#485](https://github-redirect.dependabot.com/rust-random/rand/issues/485)) > - Added sampling from the unit sphere and circle. ([amethyst#567](https://github-redirect.dependabot.com/rust-random/rand/issues/567)) > - Implement the triangular distribution ([amethyst#575](https://github-redirect.dependabot.com/rust-random/rand/issues/575)) > - Implement the Weibull distribution ([amethyst#576](https://github-redirect.dependabot.com/rust-random/rand/issues/576)) > - Implement the Beta distribution ([amethyst#574](https://github-redirect.dependabot.com/rust-random/rand/issues/574)) > > #### Optimisations > > - Optimise `Bernoulli::new` ([amethyst#500](https://github-redirect.dependabot.com/rust-random/rand/issues/500)) > - Optimise `char` sampling ([amethyst#519](https://github-redirect.dependabot.com/rust-random/rand/issues/519)) > - Optimise sampling of `std::time::Duration` ([amethyst#583](https://github-redirect.dependabot.com/rust-random/rand/issues/583)) > > ### Sequences ></table> ... (truncated) </details> <details> <summary>Commits</summary> - See full diff in [compare view](https://github.com/rust-random/rand/commits/0.6.1) </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- **Note:** This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit. You can always request more updates by clicking `Bump now` in your [Dependabot dashboard](https://app.dependabot.com). <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot. </details> Co-authored-by: dependabot[bot] <[email protected]> Co-authored-by: Thomas Schaller <[email protected]>
This API is very clearly unsound and needs to be removed. |
Description
Using the
JoinIter::get
method, it is possible for a user ofspecs
to create two mutable references to the same component data, without the user writing anyunsafe
code. Here is a simple program that illustrates the issue:When I run this program, I get the following output:
The issue doesn't seem too hard to avoid as long as I only use
JoinIter
for its intended purpose as an iterator, but even so, the fact that I can violate Rust's aliasing rules without writingunsafe
seems like an issue. PerhapsJoinIter::get
needs to be made private to thespecs
crate, or maybe it just needs to be markedunsafe
? I imagine the same issue can occur withJoinIter::get_unchecked
, though I haven't tested it.Meta
Rust version: 1.37.0 (2018 edition)
Specs version / commit: 0.15.1
Operating system: Ubuntu 18.04.3 LTS 64-bit
Reproduction
Steps to reproduce the behavior:
Expected behavior
I would expect the above code not to compile, at least not without modifying it to include an
unsafe
block.The text was updated successfully, but these errors were encountered: