4cd53cc7e1
# Objective Following #10756, we're now using raw pointers in BundleInserter and BundleSpawner. This is primarily to get around the need to split the borrow on the World, but it leaves a lot to be desired in terms of safety guarantees. There's no type level guarantee the code can't dereference a null pointer, and it's restoring them to borrows fairly liberally within the associated functions. ## Solution * Replace the pointers with `NonNull` and a new `bevy_ptr::ConstNonNull` that only allows conversion back to read-only borrows * Remove the closure to avoid potentially aliasing through the closure by restructuring the match expression. * Move all conversions back into borrows as far up as possible to ensure that the borrow checker is at least locally followed. |
||
|---|---|---|
| .. | ||
| src | ||
| Cargo.toml | ||
| README.md | ||
Bevy Ptr
The bevy_ptr crate provides low-level abstractions for working with pointers in a more safe way than using rust's raw pointers.
Rust has lifetimed and typed references (&'a T), unlifetimed and typed references (*const T), but no lifetimed but untyped references.
bevy_ptr adds them, called Ptr<'a>, PtrMut<'a> and OwningPtr<'a>.
These types are lifetime-checked so can never lead to problems like use-after-frees and must always point to valid data.