Skip to content

Panic safe component drop#24393

Open
SpecificProtagonist wants to merge 7 commits into
bevyengine:mainfrom
SpecificProtagonist:panic-safe-component-drop
Open

Panic safe component drop#24393
SpecificProtagonist wants to merge 7 commits into
bevyengine:mainfrom
SpecificProtagonist:panic-safe-component-drop

Conversation

@SpecificProtagonist
Copy link
Copy Markdown
Contributor

@SpecificProtagonist SpecificProtagonist commented May 22, 2026
edited
Loading

Objective

Fixes #2860

bevy_ecs is not panic-safe in regards to dropping components. Note that #12929 has since made some cases safe by permanently disabling the drop function in some cases, but others remained.

See also #20368 for lack of panic safety in required component constructors. The fix (#20933) to that differs a bit in that a panic in a required component constructor means we have to move the entity to a different archetype than originally planned, which is a bit more involved.

Solution

When a panic occurs while making changes that must be atomic (such as editing entity metadata or moving around component data), catch any panics originating from component drop functions and resume unwinding at the end.

While I've added a panics section to the doc comments of relevant internal functions, I have not done so for any of the safe wrappers.

Testing

Added the panic_in_component_drop test based on the linked issue.

@SpecificProtagonist SpecificProtagonist added C-Bug An unexpected or incorrect behavior A-ECS Entities, components, systems, and events P-Unsound A bug that results in undefined compiler behavior D-Unsafe Touches with unsafe code in some way S-Needs-Review Needs reviewer attention (from anyone!) to move forward labels May 22, 2026
@github-project-automation github-project-automation Bot moved this to Needs SME Triage in ECS May 22, 2026
Bluefinger
Bluefinger reviewed May 22, 2026
View reviewed changes
Comment thread crates/bevy_ecs/src/storage/table/column.rs
last_element_index: usize,
row: TableRow,
) {
self.added_ticks
Copy link
Copy Markdown
Contributor

@Bluefinger Bluefinger May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we have unchecked/unsafe code that we are touching, we should be trying to gradually wrapping these with unsafe blocks, so we can eventually enable the unsafe_op_in_unsafe_fn lint.

Copy link
Copy Markdown
Contributor Author

@SpecificProtagonist SpecificProtagonist May 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR doesn't really affect existing safety requirements, so adding extra unsafe blocks around existing unsafe code would just make this PR harder to review. I'll do a separate PR for more unsafe_op_in_unsafe_fn though :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Bluefinger Bluefinger Bluefinger left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

A-ECS Entities, components, systems, and events C-Bug An unexpected or incorrect behavior D-Unsafe Touches with unsafe code in some way P-Unsound A bug that results in undefined compiler behavior S-Needs-Review Needs reviewer attention (from anyone!) to move forward

Projects

ECS
Status: Needs SME Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Panic in drop leads to a double drop on spawning a new entity

3 participants

@SpecificProtagonist @Bluefinger @sapir