bevy/crates/bevy_ptr
Boxy 512f376fc1 Document alignment requirements of Ptr, PtrMut and OwningPtr (#7151)
# Objective

The types in the `bevy_ptr` accidentally did not document anything relating to alignment. This is unsound as many methods rely on the pointer being correctly aligned. 

## Solution

This PR introduces new safety invariants on the `$ptr::new`, `$ptr::byte_offset` and `$ptr::byte_add` methods requiring them to keep the pointer aligned. This is consistent with the documentation of these pointer types which document them as being "type erased borrows".

As it was pointed out (by @JoJoJet in #7117) that working with unaligned pointers can be useful (for example our commands abstraction which does not try to align anything properly, see #7039) this PR also introduces a default type parameter to all the pointer types that specifies whether it has alignment requirements or not. I could not find any code in `bevy_ecs` that would need unaligned pointers right now so this is going unused.

---

## Changelog

- Correctly document alignment requirements on `bevy_ptr` types.
- Support variants of `bevy_ptr` types that do not require being correctly aligned for the pointee type.

## Migration Guide

- Safety invariants on `bevy_ptr` types' `new` `byte_add` and `byte_offset` methods have been changed. All callers should re-audit for soundness.
2023-01-10 23:12:52 +00:00
..
src Document alignment requirements of Ptr, PtrMut and OwningPtr (#7151) 2023-01-10 23:12:52 +00:00
Cargo.toml Release 0.9.0 (#6568) 2022-11-12 20:01:29 +00:00
README.md bevy_ptr standalone crate (#4653) 2022-05-04 19:16:10 +00:00

bevy_ptr

The bevy_ptr crate provides low-level abstractions for working with pointers in a more safe way than using rust's raw pointers.

Rust has lifetimed and typed references (&'a T), unlifetimed and typed references (*const T), but no lifetimed but untyped references. bevy_ptr adds them, called Ptr<'a>, PtrMut<'a> and OwningPtr<'a>. These types are lifetime-checked so can never lead to problems like use-after-frees and must always point to valid data.