-
-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reduce runtime panics through SystemParam
validation
#15276
base: main
Are you sure you want to change the base?
Conversation
The opinions of the SME-ECS (@JoJoJet @maniwani @james7132 and myself) and frankly the rest of the ECS community are very positive on the broad direction of this work, so I'm marking it as |
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very pleased about how non-intrusive this is!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As follow-up, we should make the warning behavior configurable, as discussed in #15265.
Blocked on #15289 (if we want miri resolved) |
# Objective - I was running miri locally to check the UB in #15276 and it detected an unrelated memory leak, due to the `RawCommandQueue` changes. (I probably should have turned the leak detection off because we do purposely leak interned string labels and I assume that's why CI didn't detect it.) ## Solution - The memory allocated to `RawCommandQueue` needs to be manually dropped. This was being done for `bytes` and `cursor`, but was missed for `panic_recovery`. ## Testing - Ran miri locally and the related memory leaks errors when away.
I'll decline to review, too deep in the ECS internals for my experience. Can't say anything confidently. |
Objective
The goal of this PR is to introduce
SystemParam
validation in order to reduce runtime panics.Fixes #15265
Solution
SystemParam
now has a new methodvalidate_param(...) -> bool
, which takes immutable variants ofget_param
arguments. The returned value indicates whether the parameter can be acquired from the world. If parameters cannot be acquired for a system, it won't be executed, similarly to run conditions. This reduces panics when using params likeRes
,ResMut
, etc. as well as allows for new, ergonomic params like various kinds ofSingle
(Query::single) orNonEmptyQuery
.Param validation happens at the level of executors. System validation happens after updating archetypes and checking access, but before checking system/system set run conditions. (Technically, we can run validation right after updating archetypes and before checking access, but that'd require a bigger refactor in the executors.) The operation short circuits and marks system as ready, skipping all system and system set run conditions evaluation.
System and system set run conditions are validated per system/system set, if params are invalid the conditions are marked as not met.
Warning about system skipping will be part of another PR.
Testing
Two executor tests check that all executors:
Migration Guide
SystemParam
implementations need to implementvalidate_param
.