Add cargo features to configure safety checks

Author: beicause

godot-bindings/Cargo.toml

@@ -32,6 +32,9 @@ api-custom = ["dep:bindgen", "dep:regex", "dep:which"]
 api-custom-json = ["dep:nanoserde", "dep:bindgen", "dep:regex", "dep:which"]
 api-custom-extheader = []
 
+debug-checks-balanced = []
+release-checks-fast = []
+
 [dependencies]
 gdextension-api = { workspace = true }
 

godot-bindings/build.rs

@@ -10,7 +10,7 @@
 // It's the only purpose of this build.rs file. If a better solution is found, this file can be removed.
 
 #[rustfmt::skip]
-fn main() {    
+fn main() {
     let mut count = 0;
     if cfg!(feature = "api-custom") { count += 1; }
     if cfg!(feature = "api-custom-json") { count += 1; }

godot-bindings/src/lib.rs

@@ -267,3 +267,21 @@ pub fn before_api(major_minor: &str) -> bool {
 pub fn since_api(major_minor: &str) -> bool {
     !before_api(major_minor)
 }
+
+pub fn emit_checks_mode() {
+    let check_modes = ["fast-unsafe", "balanced", "paranoid"];
+    let mut checks_level = if cfg!(debug_assertions) { 2 } else { 1 };
+    #[cfg(debug_assertions)]
+    if cfg!(feature = "debug-checks-balanced") {
+        checks_level = 1;
+    }
+    #[cfg(not(debug_assertions))]
+    if cfg!(feature = "release-checks-fast") {
+        checks_level = 0;
+    }
+
+    for checks in check_modes.iter().take(checks_level + 1) {
+        println!(r#"cargo:rustc-check-cfg=cfg(checks_at_least, values("{checks}"))"#);
+        println!(r#"cargo:rustc-cfg=checks_at_least="{checks}""#);
+    }
+}

godot-codegen/src/generator/native_structures.rs

@@ -219,6 +219,7 @@ fn make_native_structure_field_and_accessor(
 
                 let obj = #snake_field_name.upcast();
 
+                #[cfg(checks_at_least = "balanced")]
                 assert!(obj.is_instance_valid(), "provided node is dead");
 
                 let id = obj.instance_id().to_u64();

godot-core/Cargo.toml

@@ -37,6 +37,9 @@ api-4-3 = ["godot-ffi/api-4-3"]
 api-4-4 = ["godot-ffi/api-4-4"]
 # ]]
 
+debug-checks-balanced = ["godot-ffi/debug-checks-balanced"]
+release-checks-fast = ["godot-ffi/release-checks-fast"]
+
 [dependencies]
 godot-ffi = { path = "../godot-ffi", version = "=0.3.5" }
 

godot-core/build.rs

@@ -18,4 +18,5 @@ fn main() {
 
     godot_bindings::emit_godot_version_cfg();
     godot_bindings::emit_wasm_nothreads_cfg();
+    godot_bindings::emit_checks_mode();
 }

godot-core/src/builtin/collections/array.rs

@@ -979,7 +979,7 @@ impl<T: ArrayElement> Array<T> {
     }
 
     /// Validates that all elements in this array can be converted to integers of type `T`.
-    #[cfg(debug_assertions)]
+    #[cfg(checks_at_least = "paranoid")]
     pub(crate) fn debug_validate_int_elements(&self) -> Result<(), ConvertError> {
         // SAFETY: every element is internally represented as Variant.
         let canonical_array = unsafe { self.assume_type_ref::<Variant>() };
@@ -1001,7 +1001,7 @@ impl<T: ArrayElement> Array<T> {
     }
 
     // No-op in Release. Avoids O(n) conversion checks, but still panics on access.
-    #[cfg(not(debug_assertions))]
+    #[cfg(not(checks_at_least = "paranoid"))]
     pub(crate) fn debug_validate_int_elements(&self) -> Result<(), ConvertError> {
         Ok(())
     }
@@ -1244,7 +1244,7 @@ impl<T: ArrayElement> Clone for Array<T> {
         let copy = unsafe { self.clone_unchecked() };
 
         // Double-check copy's runtime type in Debug mode.
-        if cfg!(debug_assertions) {
+        if cfg!(checks_at_least = "paranoid") {
             copy.with_checked_type()
                 .expect("copied array should have same type as original array")
         } else {

godot-core/src/classes/class_runtime.rs

@@ -8,10 +8,10 @@
 //! Runtime checks and inspection of Godot classes.
 
 use crate::builtin::{GString, StringName, Variant, VariantType};
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 use crate::classes::{ClassDb, Object};
 use crate::meta::CallContext;
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 use crate::meta::ClassId;
 use crate::obj::{bounds, Bounds, Gd, GodotClass, InstanceId, RawGd, Singleton};
 use crate::sys;
@@ -191,6 +191,7 @@ where
     Gd::<T>::from_obj_sys(object_ptr)
 }
 
+#[cfg(checks_at_least = "balanced")]
 pub(crate) fn ensure_object_alive(
     instance_id: InstanceId,
     old_object_ptr: sys::GDExtensionObjectPtr,
@@ -211,7 +212,7 @@ pub(crate) fn ensure_object_alive(
     );
 }
 
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 pub(crate) fn ensure_object_inherits(derived: ClassId, base: ClassId, instance_id: InstanceId) {
     if derived == base
         || base == Object::class_id() // for Object base, anything inherits by definition
@@ -226,7 +227,7 @@ pub(crate) fn ensure_object_inherits(derived: ClassId, base: ClassId, instance_i
     )
 }
 
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 pub(crate) fn ensure_binding_not_null<T>(binding: sys::GDExtensionClassInstancePtr)
 where
     T: GodotClass + Bounds<Declarer = bounds::DeclUser>,
@@ -254,7 +255,7 @@ where
 // Implementation of this file
 
 /// Checks if `derived` inherits from `base`, using a cache for _successful_ queries.
-#[cfg(debug_assertions)]
+#[cfg(checks_at_least = "paranoid")]
 fn is_derived_base_cached(derived: ClassId, base: ClassId) -> bool {
     use std::collections::HashSet;
 

godot-core/src/meta/error/convert_error.rs

@@ -186,7 +186,7 @@ pub(crate) enum FromGodotError {
     },
 
     /// Special case of `BadArrayType` where a custom int type such as `i8` cannot hold a dynamic `i64` value.
-    #[cfg(debug_assertions)]
+    #[cfg(checks_at_least = "paranoid")]
     BadArrayTypeInt {
         expected_int_type: &'static str,
         value: i64,
@@ -231,7 +231,7 @@ impl fmt::Display for FromGodotError {
 
                 write!(f, "expected array of type {exp_class}, got {act_class}")
             }
-            #[cfg(debug_assertions)]
+            #[cfg(checks_at_least = "paranoid")]
             Self::BadArrayTypeInt {
                 expected_int_type,
                 value,

godot-core/src/meta/signature.rs

@@ -144,6 +144,7 @@ impl<Params: OutParamTuple, Ret: FromGodot> Signature<Params, Ret> {
         //$crate::out!("out_class_varcall: {call_ctx}");
 
         // Note: varcalls are not safe from failing, if they happen through an object pointer -> validity check necessary.
+        #[cfg(checks_at_least = "balanced")]
         if let Some(instance_id) = maybe_instance_id {
             crate::classes::ensure_object_alive(instance_id, object_ptr, &call_ctx);
         }
@@ -304,6 +305,7 @@ impl<Params: OutParamTuple, Ret: FromGodot> Signature<Params, Ret> {
         let call_ctx = CallContext::outbound(class_name, method_name);
         // $crate::out!("out_class_ptrcall: {call_ctx}");
 
+        #[cfg(checks_at_least = "balanced")]
         if let Some(instance_id) = maybe_instance_id {
             crate::classes::ensure_object_alive(instance_id, object_ptr, &call_ctx);
         }