Allow configuring safety level through cargo features #1278
Conversation
|
API docs are being generated and will be shortly available at: https://godot-rust.github.io/docs/gdext/pr-1278 |
|
What if we call this The |
There was a problem hiding this comment.
Thanks a lot for the pull request! 👍
Please see my comment #1046 (comment) and subsequent response by @TitanNano, where we detailed quite a bit of the design.
Some feedback:
-
My first impression is that I'd rather not have this configured via environment variables, that's rather brittle and easy to silently get wrong (e.g. someone sets the environment variable for Godot, not for rustc). Instead, it should be a Cargo feature. While features are technically additive, we already do a similar thing with
api-4-2etc.- I know it can be slightly annoying since you can't easily enable a feature only in the Release config. But this isn't really easier with env vars.
-
Safety profiles should be named, not magic numbers. It's not obvious whether "0" means "no safety" or "no performance". An option is to use the term
checks, but it could also be something else.- The individual levels could be called
fast-unsafe,balancedandparanoid. (To be discussed) - Cargo feature would then be
checks-fast-unsafe. - Conditional compilation would be
#[cfg(checks_at_least = "balanced")]. Let's avoidnotif possible.
- The individual levels could be called
|
I think including chosen safety profile in preamble would be good idea as well (something along the lines of "Initialize godot-rust (API v4.4.stable.official, runtime v4.4.stable.official) fast-unsafe/balanced/slow-safe mode"?). Lines 288 to 293 in 0dde85e There are some validity checks which would be nice to cover, albeit I wouldn't sweat too much about it – we can cover them later 😄. One such example is the gdext/godot-core/src/obj/gd.rs Lines 1078 to 1087 in aaf3ed5
(I'll underline – I don't think we should sweat to cover all (or even the aforementioned one) the cases, we should just make an issue for tracking them) |
|
Yeah, I'd suggest not to add more specific checks in this PR, to get the basic mechanism working first 🙂 As for defaults, it should be:
While it means the user won't get max performance per default, it's better if they don't risk UB by default. But if we go for Cargo feature, we need to find a way how they can opt in... I could imagine that in Debug mode, many would still want to keep paranoid or balanced checks, while Release builds should have fast performance. It's unfortunately not that easy to specify Cargo features based on the build profile... |
beicause
force-pushed
the
safety-level-config
branch
3 times, most recently
from
793ac8b to
99e3534
Compare
Bromeon
force-pushed
the
master
branch
2 times, most recently
from
779c043 to
ddc5b76
Compare
beicause
force-pushed
the
safety-level-config
branch
2 times, most recently
from
37b86cd to
12a3cce
Compare
|
Hm, 6 new Cargo features is quite a lot, although I see the dilemma. What would the alternatives be? |
|
@beicause could you for now limit this to 3 features? The compiler invocation is already different due to |
The problem is if you have already specified |
|
Note – I was thinking earlier about exposing every safety level as an independent feature (the simplest possible implementation – |
That is true, but the same happens with |
|
As some stuff isn't yet clear and this can be added in a non-breaking way, I'll postpone this to after the initial v0.4 release. |
beicause
force-pushed
the
safety-level-config
branch
from
12a3cce to
dcbc049
Compare
beicause
changed the title
beicause
force-pushed
the
safety-level-config
branch
2 times, most recently
from
bdf8d01 to
20fb757
Compare
beicause
force-pushed
the
safety-level-config
branch
from
20fb757 to
a8eb3da
Compare
|
I think we can just add two features: |
|
Great idea! We can always add more if users have a concrete case for it 💪 |
There was a problem hiding this comment.
Thanks for the update!
We should have some CI jobs that run itest with those features, otherwise we don't even know if code compiles, let alone it works.
Maybe we find a way to reuse existing CI jobs, so that total CI time isn't increased... Do you have any suggestions?
|
|
||
|
|
||
| debug-checks-balanced = ["godot-core/debug-checks-balanced"] | ||
| release-checks-fast = ["godot-core/release-checks-fast"] |
There was a problem hiding this comment.
Use consistent terminology: fast -> fast-unsafe everywhere
| let checks_mode = if cfg!(checks_at_least = "paranoid") { | ||
| "paranoid" | ||
| } else if cfg!(checks_at_least = "balanced") { | ||
| "balanced" | ||
| } else if cfg!(checks_at_least = "fast-unsafe") { | ||
| "fast-unsafe" | ||
| } else { | ||
| unreachable!(); | ||
| }; | ||
| println!("Initialize godot-rust (API {api_version}, runtime {runtime_version}, safety checks {checks_mode})"); |
There was a problem hiding this comment.
Great idea! 👍
Could you extract this into a function? Might come in handy somewhere else...
fn safety_checks_string() -> &'static str { ... }| { | ||
| let call_ctx = CallContext::gd::<T>(method_name); | ||
|
|
||
| let instance_id = self.check_dynamic_type(&call_ctx); |
There was a problem hiding this comment.
The RTTI check should probably only occur under paranoid level, no?
Addresses #1276.
Allow configuring safety level through
GDEXT_SAFETY_LEVEL_DEBUGandGDEXT_SAFETY_LEVEL_RELEASEenvironment variables. Not sure if it can be implemented as ExtensionLibrary function. Also implemented as Cargo features may be annoying.debug_assertions(RTTI,backtrace, Array elements validation)(Correct me if I missed anything).