Skip to content

remove unsound DerefMut impls from EntityHashMap/EntityHashSet#17450

Merged
alice-i-cecile merged 1 commit intobevyengine:mainfrom
Victoronz:remove-unsound-set-and-map-deref-mut
Jan 20, 2025
Merged

remove unsound DerefMut impls from EntityHashMap/EntityHashSet#17450
alice-i-cecile merged 1 commit intobevyengine:mainfrom
Victoronz:remove-unsound-set-and-map-deref-mut

Conversation

@Victoronz
Copy link
Copy Markdown
Contributor

@Victoronz Victoronz commented Jan 20, 2025

Objective

Noticed while doing #17449, I had left these DerefMut impls in.
Obtaining mutable references to those inner iterator types allows for mem::swap, which can be used to swap an incorrectly behaving instance into the wrappers.

Solution

Remove them!

@Victoronz Victoronz added C-Bug An unexpected or incorrect behavior D-Trivial Nice and easy! A great choice to get started with Bevy A-ECS Entities, components, systems, and events P-Unsound A bug that results in undefined compiler behavior S-Needs-Review Needs reviewer attention (from anyone!) to move forward labels Jan 20, 2025
@alice-i-cecile alice-i-cecile added S-Ready-For-Final-Review This PR has been approved by the community. It's ready for a maintainer to consider merging it and removed S-Needs-Review Needs reviewer attention (from anyone!) to move forward labels Jan 20, 2025
BenjaminBrienen
BenjaminBrienen approved these changes Jan 20, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@BenjaminBrienen BenjaminBrienen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have more code coverage using mem::swap so that miri can catch this?

@Victoronz
Copy link
Copy Markdown
Contributor Author

Victoronz commented Jan 20, 2025
edited
Loading

Should we have more code coverage using mem::swap so that miri can catch this?

I don't think this is tenable via code coverage, since what we'd need to test is an absence of an API, not how the present one behaves. DerefMut impls for wrappers that maintain safety invariants aren't "wrong" either, sometimes such an impl is used to return another wrapper.

@alice-i-cecile alice-i-cecile added this pull request to the merge queue Jan 20, 2025
Merged via the queue into bevyengine:main with commit 59657ed Jan 20, 2025
mrchantey pushed a commit to mrchantey/bevy that referenced this pull request Feb 4, 2025
@Victoronz @mrchantey
remove unsound DerefMut impls from EntityHashMap/EntityHashSet (b…
9a6bb87 
…evyengine#17450)

# Objective

Noticed while doing bevyengine#17449, I had left these `DerefMut` impls in.
Obtaining mutable references to those inner iterator types allows for
`mem::swap`, which can be used to swap an incorrectly behaving instance
into the wrappers.

## Solution

Remove them!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alice-i-cecile alice-i-cecile alice-i-cecile approved these changes

+2 more reviewers

@viridia viridia viridia approved these changes

@BenjaminBrienen BenjaminBrienen BenjaminBrienen approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

A-ECS Entities, components, systems, and events C-Bug An unexpected or incorrect behavior D-Trivial Nice and easy! A great choice to get started with Bevy P-Unsound A bug that results in undefined compiler behavior S-Ready-For-Final-Review This PR has been approved by the community. It's ready for a maintainer to consider merging it

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Victoronz @viridia @alice-i-cecile @BenjaminBrienen