Add cargo features to configure safety checks

Author: beicause

godot-bindings/Cargo.toml

@@ -37,6 +37,14 @@ api-custom = ["dep:bindgen", "dep:regex", "dep:which"]
 api-custom-json = ["dep:nanoserde", "dep:bindgen", "dep:regex", "dep:which"]
 api-custom-extheader = []
 
+debug-checks-fast-unsafe = []
+debug-checks-balanced = []
+debug-checks-paranoid = []
+
+release-checks-fast-unsafe = []
+release-checks-balanced = []
+release-checks-paranoid = []
+
 [dependencies]
 gdextension-api = { workspace = true }
 

godot-bindings/build.rs

@@ -30,4 +30,16 @@ fn main() {
     // ]]
 
     assert!(count <= 1, "ERROR: at most one `api-*` feature can be enabled");
+
+    let mut debug_checks_count=0;
+    if cfg!(feature="debug-checks-fast-unsafe") {debug_checks_count+=1;}
+    if cfg!(feature="debug-checks-balanced") {debug_checks_count+=1;}
+    if cfg!(feature="debug-checks-paranoid") {debug_checks_count+=1;}
+    assert!(debug_checks_count<=1,"ERROR: at most one `debug-checks-*` feature can be enabled");
+
+    let mut release_checks_count=0;
+    if cfg!(feature="release-checks-fast-unsafe") {release_checks_count+=1;}
+    if cfg!(feature="release-checks-balanced") {release_checks_count+=1;}
+    if cfg!(feature="release-checks-paranoid") {release_checks_count+=1;}
+    assert!(release_checks_count<=1,"ERROR: at most one `release-checks-*` feature can be enabled");
 }

godot-bindings/src/lib.rs

@@ -267,3 +267,28 @@ pub fn before_api(major_minor: &str) -> bool {
 pub fn since_api(major_minor: &str) -> bool {
     !before_api(major_minor)
 }
+
+pub fn emit_checks_mode() {
+    let check_modes = ["fast-unsafe", "balanced", "paranoid"];
+    let mut checks_level = if cfg!(debug_assertions) { 2 } else { 1 };
+    if cfg!(debug_assertions) {
+        if cfg!(feature = "debug-checks-fast-unsafe") {
+            checks_level = 0;
+        } else if cfg!(feature = "debug-checks-balanced") {
+            checks_level = 1;
+        } else if cfg!(feature = "debug-checks-paranoid") {
+            checks_level = 2;
+        }
+    } else if cfg!(feature = "release-checks-fast-unsafe") {
+        checks_level = 0;
+    } else if cfg!(feature = "release-checks-balanced") {
+        checks_level = 1;
+    } else if cfg!(feature = "release-checks-paranoid") {
+        checks_level = 2;
+    }
+
+    for checks in check_modes.iter().take(checks_level + 1) {
+        println!(r#"cargo:rustc-check-cfg=cfg(checks_at_least, values("{checks}"))"#);
+        println!(r#"cargo:rustc-cfg=checks_at_least="{checks}""#);
+    }
+}

godot-codegen/src/generator/native_structures.rs

@@ -219,6 +219,7 @@ fn make_native_structure_field_and_accessor(
 
                 let obj = #snake_field_name.upcast();
 
+                #[cfg(checks_at_least = "balanced")]
                 assert!(obj.is_instance_valid(), "provided node is dead");
 
                 let id = obj.instance_id().to_u64();

godot-core/Cargo.toml

@@ -42,6 +42,14 @@ api-4-3 = ["godot-ffi/api-4-3"]
 api-4-4 = ["godot-ffi/api-4-4"]
 # ]]
 
+debug-checks-fast-unsafe = ["godot-ffi/debug-checks-fast-unsafe"]
+debug-checks-balanced = ["godot-ffi/debug-checks-balanced"]
+debug-checks-paranoid = ["godot-ffi/debug-checks-paranoid"]
+
+release-checks-fast-unsafe = ["godot-ffi/release-checks-fast-unsafe"]
+release-checks-balanced = ["godot-ffi/release-checks-balanced"]
+release-checks-paranoid = ["godot-ffi/release-checks-paranoid"]
+
 [dependencies]
 godot-ffi = { path = "../godot-ffi", version = "=0.3.5" }
 

godot-core/build.rs

@@ -18,4 +18,5 @@ fn main() {
 
     godot_bindings::emit_godot_version_cfg();
     godot_bindings::emit_wasm_nothreads_cfg();
+    godot_bindings::emit_checks_mode();
 }

godot-core/src/builtin/collections/array.rs

@@ -951,7 +951,7 @@ impl<T: ArrayElement> Array<T> {
         std::mem::transmute::<&Array<T>, &Array<U>>(self)
     }
 
-    #[cfg(debug_assertions)]
+    #[cfg(checks_at_least = "paranoid")]
     pub(crate) fn debug_validate_elements(&self) -> Result<(), ConvertError> {
         // SAFETY: every element is internally represented as Variant.
         let canonical_array = unsafe { self.assume_type_ref::<Variant>() };
@@ -973,7 +973,7 @@ impl<T: ArrayElement> Array<T> {
     }
 
     // No-op in Release. Avoids O(n) conversion checks, but still panics on access.
-    #[cfg(not(debug_assertions))]
+    #[cfg(not(checks_at_least = "paranoid"))]
     pub(crate) fn debug_validate_elements(&self) -> Result<(), ConvertError> {
         Ok(())
     }
@@ -1192,7 +1192,7 @@ impl<T: ArrayElement> Clone for Array<T> {
         let copy = unsafe { self.clone_unchecked() };
 
         // Double-check copy's runtime type in Debug mode.
-        if cfg!(debug_assertions) {
+        if cfg!(checks_at_least = "paranoid") {
             copy.with_checked_type()
                 .expect("copied array should have same type as original array")
         } else {

godot-core/src/classes/class_runtime.rs

@@ -8,10 +8,10 @@
 //! Runtime checks and inspection of Godot classes.
 
 use crate::builtin::{GString, StringName, Variant, VariantType};
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 use crate::classes::{ClassDb, Object};
 use crate::meta::CallContext;
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 use crate::meta::ClassName;
 use crate::obj::{bounds, Bounds, Gd, GodotClass, InstanceId, RawGd};
 use crate::sys;
@@ -177,6 +177,7 @@ where
     }
 }
 
+#[cfg(checks_at_least = "balanced")]
 pub(crate) fn ensure_object_alive(
     instance_id: InstanceId,
     old_object_ptr: sys::GDExtensionObjectPtr,
@@ -197,7 +198,7 @@ pub(crate) fn ensure_object_alive(
     );
 }
 
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 pub(crate) fn ensure_object_inherits(derived: ClassName, base: ClassName, instance_id: InstanceId) {
     if derived == base
         || base == Object::class_name() // for Object base, anything inherits by definition
@@ -212,7 +213,7 @@ pub(crate) fn ensure_object_inherits(derived: ClassName, base: ClassName, instan
     )
 }
 
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 pub(crate) fn ensure_binding_not_null<T>(binding: sys::GDExtensionClassInstancePtr)
 where
     T: GodotClass + Bounds<Declarer = bounds::DeclUser>,
@@ -240,7 +241,7 @@ where
 // Implementation of this file
 
 /// Checks if `derived` inherits from `base`, using a cache for _successful_ queries.
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 fn is_derived_base_cached(derived: ClassName, base: ClassName) -> bool {
     use std::collections::HashSet;
 

godot-core/src/meta/error/convert_error.rs

@@ -186,7 +186,7 @@ pub(crate) enum FromGodotError {
     },
 
     /// Special case of `BadArrayType` where a custom int type such as `i8` cannot hold a dynamic `i64` value.
-    #[cfg(debug_assertions)]
+    #[cfg(checks_at_least = "paranoid")]
     BadArrayTypeInt { expected: ArrayTypeInfo, value: i64 },
 
     /// InvalidEnum is also used by bitfields.
@@ -247,7 +247,7 @@ impl fmt::Display for FromGodotError {
                     "expected array of class {exp_class}, got array of class {act_class}"
                 )
             }
-            #[cfg(debug_assertions)]
+            #[cfg(checks_at_least = "paranoid")]
             Self::BadArrayTypeInt { expected, value } => {
                 write!(
                     f,

godot-core/src/meta/signature.rs

@@ -140,6 +140,7 @@ impl<Params: OutParamTuple, Ret: FromGodot> Signature<Params, Ret> {
         //$crate::out!("out_class_varcall: {call_ctx}");
 
         // Note: varcalls are not safe from failing, if they happen through an object pointer -> validity check necessary.
+        #[cfg(checks_at_least = "balanced")]
         if let Some(instance_id) = maybe_instance_id {
             crate::classes::ensure_object_alive(instance_id, object_ptr, &call_ctx);
         }
@@ -300,6 +301,7 @@ impl<Params: OutParamTuple, Ret: FromGodot> Signature<Params, Ret> {
         let call_ctx = CallContext::outbound(class_name, method_name);
         // $crate::out!("out_class_ptrcall: {call_ctx}");
 
+        #[cfg(checks_at_least = "balanced")]
         if let Some(instance_id) = maybe_instance_id {
             crate::classes::ensure_object_alive(instance_id, object_ptr, &call_ctx);
         }