Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix unsoundness in QueryState::is_empty #9463

Merged
merged 7 commits into from
Sep 3, 2023

Conversation

JoJoJet
Copy link
Member

@JoJoJet JoJoJet commented Aug 17, 2023

Objective

QueryState::is_empty is unsound, as it does not validate the world. If a mismatched world is passed in, then the query filter may cast a component to an incorrect type, causing undefined behavior.

Solution

Add world validation. To prevent a performance regression in Query (whose world does not need to be validated), the unchecked function is_empty_unsafe_world_cell has been added. This also allows us to remove one of the last usages of the private function UnsafeWorldCell::unsafe_world, which takes us a step towards being able to remove that method entirely.

@alice-i-cecile alice-i-cecile added A-ECS Entities, components, systems, and events C-Code-Quality A section of code that is hard to understand or change labels Aug 17, 2023
@github-actions
Copy link
Contributor

Example alien_cake_addict failed to run, please try running it locally and check the result.

@JoJoJet JoJoJet changed the title Make Query::is_empty safe Fix unsoundness in QueryState::is_empty Aug 19, 2023
@JoJoJet JoJoJet added the P-Unsound A bug that results in undefined compiler behavior label Aug 19, 2023
@alice-i-cecile alice-i-cecile added this to the 0.12 milestone Aug 19, 2023
Copy link
Contributor

@soqb soqb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is a solid fix! just one detail i have a query with.

crates/bevy_ecs/src/query/state.rs Show resolved Hide resolved
@JoJoJet
Copy link
Member Author

JoJoJet commented Aug 21, 2023

I realized that the safety invariants were still a bit off (based on the incorrect assumption that QueryState::as_nop does not access any world data), so I updated them. It should be correct now.

@alice-i-cecile alice-i-cecile added the S-Ready-For-Final-Review This PR has been approved by the community. It's ready for a maintainer to consider merging it label Sep 2, 2023
@alice-i-cecile alice-i-cecile added this pull request to the merge queue Sep 2, 2023
Merged via the queue into bevyengine:main with commit 58f7dac Sep 3, 2023
@JoJoJet JoJoJet deleted the safe-is-empty branch September 3, 2023 01:36
rdrpenguin04 pushed a commit to rdrpenguin04/bevy that referenced this pull request Jan 9, 2024
# Objective

`QueryState::is_empty` is unsound, as it does not validate the world. If
a mismatched world is passed in, then the query filter may cast a
component to an incorrect type, causing undefined behavior.

## Solution

Add world validation. To prevent a performance regression in `Query`
(whose world does not need to be validated), the unchecked function
`is_empty_unsafe_world_cell` has been added. This also allows us to
remove one of the last usages of the private function
`UnsafeWorldCell::unsafe_world`, which takes us a step towards being
able to remove that method entirely.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-ECS Entities, components, systems, and events C-Code-Quality A section of code that is hard to understand or change P-Unsound A bug that results in undefined compiler behavior S-Ready-For-Final-Review This PR has been approved by the community. It's ready for a maintainer to consider merging it
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants