Merge pull request #417 from godot-rust/feature/object-validity

Ensure object validity in class method calls

Author: Bromeon

.github/composite/godot-itest/action.yml

@@ -179,10 +179,12 @@ runs:
       # * grep -q:  no output, use exit code 0 if found -> thus also &&
       # * pkill:    stop Godot execution (since it hangs in headless mode); simple 'head -1' did not work as expected
       # * exit:     the terminated process would return 143, but this is more explicit and future-proof
+      #
+      # --disallow-focus: fail if #[itest(focus)] is encountered, to prevent running only a few tests for full CI
       run: |
         cd itest/godot
         echo "OUTCOME=itest" >> $GITHUB_ENV
-        $GODOT4_BIN --headless ${{ inputs.godot-args }} 2>&1 \
+        $GODOT4_BIN --headless -- --disallow-focus ${{ inputs.godot-args }} 2>&1 \
         | tee "${{ runner.temp }}/log.txt" \
         | tee >(grep -E "SCRIPT ERROR:|Can't open dynamic library" -q && {
         	printf "\n::error::godot-itest: unrecoverable Godot error, abort...\n";

.github/workflows/full-ci.yml

@@ -153,8 +153,6 @@ jobs:
         # Naming: {os}[-{runtimeVersion}]-{apiVersion}
         # runtimeVersion = version of Godot binary; apiVersion = version of GDExtension API against which gdext is compiled.
 
-        # --disallow-focus: fail if #[itest(focus)] is encountered, to prevent running only a few tests for full CI
-
         # Order this way because macOS typically has the longest duration, followed by Windows, so it benefits total workflow execution time.
         # Additionally, the 'linux (msrv *)' special case will then be listed next to the other 'linux' jobs.
         # Note: Windows uses '--target x86_64-pc-windows-msvc' by default as Cargo argument.
@@ -253,7 +251,6 @@ jobs:
             os: ubuntu-20.04
             artifact-name: linux-memcheck-clang-nightly
             godot-binary: godot.linuxbsd.editor.dev.x86_64.llvm.san
-            godot-args: -- --disallow-focus
             rust-toolchain: nightly
             rust-env-rustflags: -Zrandomize-layout -Zsanitizer=address
             rust-extra-args: --features godot/custom-godot
@@ -264,7 +261,6 @@ jobs:
             os: ubuntu-20.04
             artifact-name: linux-memcheck-clang-4.0.4
             godot-binary: godot.linuxbsd.editor.dev.x86_64.llvm.san
-            godot-args: -- --disallow-focus
             godot-prebuilt-patch: '4.0.4'
             rust-toolchain: nightly
             rust-env-rustflags: -Zrandomize-layout -Zsanitizer=address
@@ -279,7 +275,7 @@ jobs:
         with:
           artifact-name: godot-${{ matrix.artifact-name }}
           godot-binary: ${{ matrix.godot-binary }}
-          godot-args: ${{ matrix.godot-args }}
+          godot-args: ${{ matrix.godot-args }} # currently unused
           godot-prebuilt-patch: ${{ matrix.godot-prebuilt-patch }}
           rust-extra-args: ${{ matrix.rust-extra-args }} --features godot/codegen-full
           rust-toolchain: ${{ matrix.rust-toolchain || 'stable' }}

.github/workflows/minimal-ci.yml

@@ -165,7 +165,6 @@ jobs:
             os: ubuntu-20.04
             artifact-name: linux-memcheck-clang-nightly
             godot-binary: godot.linuxbsd.editor.dev.x86_64.llvm.san
-            godot-args: -- --disallow-focus
             rust-toolchain: nightly
             rust-env-rustflags: -Zrandomize-layout -Zsanitizer=address
             rust-extra-args: --features godot/custom-godot
@@ -176,7 +175,6 @@ jobs:
             os: ubuntu-20.04
             artifact-name: linux-memcheck-clang-4.0.4
             godot-binary: godot.linuxbsd.editor.dev.x86_64.llvm.san
-            godot-args: -- --disallow-focus
             godot-prebuilt-patch: '4.0.4'
             rust-toolchain: nightly
             rust-env-rustflags: -Zrandomize-layout -Zsanitizer=address
@@ -191,7 +189,7 @@ jobs:
         with:
           artifact-name: godot-${{ matrix.artifact-name }}
           godot-binary: ${{ matrix.godot-binary }}
-          godot-args: ${{ matrix.godot-args }}
+          godot-args: ${{ matrix.godot-args }} # currently unused
           godot-prebuilt-patch: ${{ matrix.godot-prebuilt-patch }}
           rust-extra-args: ${{ matrix.rust-extra-args }}
           rust-toolchain: ${{ matrix.rust-toolchain || 'stable' }}

godot-codegen/src/class_generator.rs

@@ -468,10 +468,9 @@ fn make_constructor(class: &Class, ctx: &Context) -> TokenStream {
         quote! {
             pub fn new() -> Gd<Self> {
                 unsafe {
-                    let __class_name = #godot_class_stringname;
-                    let __object_ptr = sys::interface_fn!(classdb_construct_object)(__class_name.string_sys());
-                    //let instance = Self { object_ptr };
-                    Gd::from_obj_sys(__object_ptr)
+                    let class_name = #godot_class_stringname;
+                    let object_ptr = sys::interface_fn!(classdb_construct_object)(class_name.string_sys());
+                    Gd::from_obj_sys(object_ptr)
                 }
             }
         }
@@ -481,9 +480,9 @@ fn make_constructor(class: &Class, ctx: &Context) -> TokenStream {
             #[must_use]
             pub fn new_alloc() -> Gd<Self> {
                 unsafe {
-                    let __class_name = #godot_class_stringname;
-                    let __object_ptr = sys::interface_fn!(classdb_construct_object)(__class_name.string_sys());
-                    Gd::from_obj_sys(__object_ptr)
+                    let class_name = #godot_class_stringname;
+                    let object_ptr = sys::interface_fn!(classdb_construct_object)(class_name.string_sys());
+                    Gd::from_obj_sys(object_ptr)
                 }
             }
         }
@@ -602,9 +601,10 @@ fn make_class(class: &Class, class_name: &TyName, ctx: &mut Context) -> Generate
 
             #[doc = #class_doc]
             #[derive(Debug)]
-            #[repr(transparent)]
+            #[repr(C)]
             pub struct #class_name {
                 object_ptr: sys::GDExtensionObjectPtr,
+                instance_id: crate::obj::InstanceId,
             }
             #virtual_trait
             #notification_enum
@@ -1107,26 +1107,33 @@ fn make_method_definition(
         method_name: method.name.clone(),
     });
 
-    let receiver_ffi_arg = &receiver.ffi_arg;
+    let maybe_instance_id = if method.is_static {
+        quote! { None }
+    } else {
+        quote! { Some(self.instance_id) }
+    };
+
+    let object_ptr = &receiver.ffi_arg;
     let ptrcall_invocation = quote! {
         let method_bind = sys::#get_method_table().fptr_by_index(#table_index);
-        let object_ptr = #receiver_ffi_arg;
 
         <CallSig as PtrcallSignatureTuple>::out_class_ptrcall::<RetMarshal>(
             method_bind,
-            object_ptr,
-            args
+            #method_name_str,
+            #object_ptr,
+            #maybe_instance_id,
+            args,
         )
     };
 
     let varcall_invocation = quote! {
         let method_bind = sys::#get_method_table().fptr_by_index(#table_index);
-        let type_ptr = #receiver_ffi_arg;
 
         <CallSig as VarcallSignatureTuple>::out_class_varcall(
             method_bind,
             #method_name_str,
-            type_ptr,
+            #object_ptr,
+            #maybe_instance_id,
             args,
             varargs
         )
@@ -1174,27 +1181,27 @@ fn make_builtin_method_definition(
     });
 
     let receiver = make_receiver(method.is_static, method.is_const, quote! { self.sys_ptr });
-    let receiver_ffi_arg = &receiver.ffi_arg;
+    let object_ptr = &receiver.ffi_arg;
 
     let ptrcall_invocation = quote! {
         let method_bind = sys::builtin_method_table().fptr_by_index(#table_index);
-        let object_ptr = #receiver_ffi_arg;
 
         <CallSig as PtrcallSignatureTuple>::out_builtin_ptrcall::<RetMarshal>(
             method_bind,
-            object_ptr,
+            #object_ptr,
             args
         )
     };
 
+    // TODO(#382): wait for https://github.com/godot-rust/gdext/issues/382
     let varcall_invocation = quote! {
-        <CallSig as VarcallSignatureTuple>::out_class_varcall(
+        /*<CallSig as VarcallSignatureTuple>::out_class_varcall(
             method_bind,
             #method_name_str,
-            object_ptr,
+            #object_ptr,
             args,
             varargs
-        )
+        )*/
     };
 
     make_function_definition(

godot-core/src/builtin/meta/signature.rs

@@ -4,11 +4,16 @@
  * file, You can obtain one at https://mozilla.org/MPL/2.0/.
  */
 
-use godot_ffi as sys;
 use std::fmt::Debug;
 
+use godot_ffi as sys;
 use sys::{BuiltinMethodBind, ClassMethodBind, UtilityFunctionBind};
 
+use crate::builtin::meta::*;
+//use crate::builtin::meta::MethodParamOrReturnInfo;
+use crate::builtin::{FromVariant, ToVariant, Variant};
+use crate::obj::InstanceId;
+
 #[doc(hidden)]
 pub trait VarcallSignatureTuple: PtrcallSignatureTuple {
     const PARAM_COUNT: usize;
@@ -33,6 +38,7 @@ pub trait VarcallSignatureTuple: PtrcallSignatureTuple {
         method_bind: sys::GDExtensionMethodBindPtr,
         method_name: &'static str,
         object_ptr: sys::GDExtensionObjectPtr,
+        maybe_instance_id: Option<InstanceId>, // if not static
         args: Self::Params,
         varargs: &[Variant],
     ) -> Self::Ret;
@@ -58,13 +64,15 @@ pub trait PtrcallSignatureTuple {
         args_ptr: *const sys::GDExtensionConstTypePtr,
         ret: sys::GDExtensionTypePtr,
         func: fn(sys::GDExtensionClassInstancePtr, Self::Params) -> Self::Ret,
-        method_name: &str,
+        method_name: &'static str,
         call_type: sys::PtrcallType,
     );
 
     unsafe fn out_class_ptrcall<Rr: PtrcallReturn<Ret = Self::Ret>>(
         method_bind: sys::GDExtensionMethodBindPtr,
+        method_name: &'static str,
         object_ptr: sys::GDExtensionObjectPtr,
+        maybe_instance_id: Option<InstanceId>, // if not static
         args: Self::Params,
     ) -> Self::Ret;
 
@@ -94,10 +102,6 @@ pub trait PtrcallSignatureTuple {
 //     }
 // }
 //
-use crate::builtin::meta::*;
-use crate::builtin::{FromVariant, ToVariant, Variant};
-
-use super::registration::method::MethodParamOrReturnInfo;
 
 macro_rules! impl_varcall_signature_for_tuple {
     (
@@ -162,9 +166,16 @@ macro_rules! impl_varcall_signature_for_tuple {
                 method_bind: ClassMethodBind,
                 method_name: &'static str,
                 object_ptr: sys::GDExtensionObjectPtr,
+                maybe_instance_id: Option<InstanceId>, // if not static
                 args: Self::Params,
                 varargs: &[Variant],
             ) -> Self::Ret {
+                eprintln!("varcall: {method_name}");
+                // Note: varcalls are not safe from failing, if the happen through an object pointer -> validity check necessary.
+                if let Some(instance_id) = maybe_instance_id {
+                    crate::engine::ensure_object_alive(instance_id, object_ptr, method_name);
+                }
+
                 let class_fn = sys::interface_fn!(object_method_bind_call);
 
                 let explicit_args = [
@@ -200,7 +211,6 @@ macro_rules! impl_varcall_signature_for_tuple {
                 args: Self::Params,
                 varargs: &[Variant],
             ) -> Self::Ret {
-
                 let explicit_args: [Variant; $PARAM_COUNT] = [
                     $(
                         <$Pn as ToVariant>::to_variant(&args.$n),
@@ -249,7 +259,7 @@ macro_rules! impl_ptrcall_signature_for_tuple {
                 args_ptr: *const sys::GDExtensionConstTypePtr,
                 ret: sys::GDExtensionTypePtr,
                 func: fn(sys::GDExtensionClassInstancePtr, Self::Params) -> Self::Ret,
-                method_name: &str,
+                method_name: &'static str,
                 call_type: sys::PtrcallType,
             ) {
                 // $crate::out!("ptrcall: {}", method_name);
@@ -267,9 +277,15 @@ macro_rules! impl_ptrcall_signature_for_tuple {
             #[inline]
             unsafe fn out_class_ptrcall<Rr: PtrcallReturn<Ret = Self::Ret>>(
                 method_bind: ClassMethodBind,
+                method_name: &'static str,
                 object_ptr: sys::GDExtensionObjectPtr,
+                maybe_instance_id: Option<InstanceId>, // if not static
                 args: Self::Params,
             ) -> Self::Ret {
+                if let Some(instance_id) = maybe_instance_id {
+                    crate::engine::ensure_object_alive(instance_id, object_ptr, method_name);
+                }
+
                 let class_fn = sys::interface_fn!(object_method_bind_ptrcall);
 
                 #[allow(clippy::let_unit_value)]

godot-core/src/engine.rs

@@ -9,12 +9,14 @@
 // Re-exports of generated symbols
 use crate::builtin::{GodotString, NodePath};
 use crate::obj::dom::EngineDomain;
-use crate::obj::{Gd, GodotClass, Inherits};
+use crate::obj::{Gd, GodotClass, Inherits, InstanceId};
 
 pub use crate::gen::central::global;
 pub use crate::gen::classes::*;
 pub use crate::gen::utilities;
 
+use crate::sys;
+
 /// Support for Godot _native structures_.
 ///
 /// Native structures are a niche API in Godot. These are low-level data types that are passed as pointers to/from the engine.
@@ -206,6 +208,31 @@ pub(crate) fn display_string<T: GodotClass>(
     <GodotString as std::fmt::Display>::fmt(&string, f)
 }
 
+pub(crate) fn object_ptr_from_id(instance_id: InstanceId) -> sys::GDExtensionObjectPtr {
+    // SAFETY: Godot looks up ID in ObjectDB and returns null if not found.
+    unsafe { sys::interface_fn!(object_get_instance_from_id)(instance_id.to_u64()) }
+}
+
+pub(crate) fn ensure_object_alive(
+    instance_id: InstanceId,
+    old_object_ptr: sys::GDExtensionObjectPtr,
+    method_name: &'static str,
+) {
+    let new_object_ptr = object_ptr_from_id(instance_id);
+
+    assert!(
+        !new_object_ptr.is_null(),
+        "{method_name}: access to instance with ID {instance_id} after it has been freed"
+    );
+
+    // This should not happen, as reuse of instance IDs was fixed according to https://github.com/godotengine/godot/issues/32383,
+    // namely in PR https://github.com/godotengine/godot/pull/36189. Double-check to make sure.
+    assert_eq!(
+        new_object_ptr, old_object_ptr,
+        "{method_name}: instance ID {instance_id} points to a stale, reused object. Please report this to gdext maintainers."
+    );
+}
+
 // ----------------------------------------------------------------------------------------------------------------------------------------------
 // Implementation of this file