Merge pull request #1435 from godot-rust/qol/enforce-func-bounds

Enforce `ToGodot`/`FromGodot` bounds in `#[func]`, remove raw pointer impls

Author: Bromeon

godot-codegen/src/generator/native_structures.rs

@@ -88,17 +88,15 @@ fn make_native_structure(
 
     let imports = util::make_imports();
     let (fields, methods) = make_native_structure_fields_and_methods(structure, ctx);
-    let doc = format!("[`ToGodot`] and [`FromGodot`] are implemented for `*mut {class_name}` and `*const {class_name}`.");
 
     // mod re_export needed, because class should not appear inside the file module, and we can't re-export private struct as pub
     let tokens = quote! {
         #imports
         use std::ffi::c_void; // for opaque object pointer fields
-        use crate::meta::{GodotConvert, FromGodot, ToGodot};
+        use crate::meta::{GodotConvert, EngineFromGodot, EngineToGodot};
 
         /// Native structure; can be passed via pointer in APIs that are not exposed to GDScript.
         ///
-        #[doc = #doc]
         #[derive(Clone, PartialEq, Debug)]
         #[repr(C)]
         pub struct #class_name {
@@ -113,36 +111,53 @@ fn make_native_structure(
             type Via = i64;
         }
 
-        impl ToGodot for *mut #class_name {
+        // Native structure pointers implement internal-only conversion traits for use in engine APIs.
+        impl EngineToGodot for *mut #class_name {
             type Pass = crate::meta::ByValue;
 
-            fn to_godot(&self) -> Self::Via {
+            fn engine_to_godot(&self) -> crate::meta::ToArg<'_, Self::Via, Self::Pass> {
                 *self as i64
             }
+
+            fn engine_to_variant(&self) -> crate::builtin::Variant {
+                crate::builtin::Variant::from(*self as i64)
+            }
         }
 
-        impl FromGodot for *mut #class_name {
-            fn try_from_godot(via: Self::Via) -> Result<Self, crate::meta::error::ConvertError> {
+        impl EngineFromGodot for *mut #class_name {
+            fn engine_try_from_godot(via: Self::Via) -> Result<Self, crate::meta::error::ConvertError> {
                 Ok(via as Self)
             }
+
+            fn engine_try_from_variant(variant: &crate::builtin::Variant) -> Result<Self, crate::meta::error::ConvertError> {
+                variant.try_to::<i64>().map(|i| i as Self)
+            }
         }
 
         impl GodotConvert for *const #class_name {
             type Via = i64;
         }
 
-        impl ToGodot for *const #class_name {
+        impl EngineToGodot for *const #class_name {
             type Pass = crate::meta::ByValue;
 
-            fn to_godot(&self) -> Self::Via {
+            fn engine_to_godot(&self) -> crate::meta::ToArg<'_, Self::Via, Self::Pass> {
                 *self as i64
             }
+
+            fn engine_to_variant(&self) -> crate::builtin::Variant {
+                crate::builtin::Variant::from(*self as i64)
+            }
         }
 
-        impl FromGodot for *const #class_name {
-            fn try_from_godot(via: Self::Via) -> Result<Self, crate::meta::error::ConvertError> {
+        impl EngineFromGodot for *const #class_name {
+            fn engine_try_from_godot(via: Self::Via) -> Result<Self, crate::meta::error::ConvertError> {
                 Ok(via as Self)
             }
+
+            fn engine_try_from_variant(variant: &crate::builtin::Variant) -> Result<Self, crate::meta::error::ConvertError> {
+                variant.try_to::<i64>().map(|i| i as Self)
+            }
         }
     };
     // note: TypePtr -> ObjectPtr conversion OK?

godot-core/src/meta/godot_convert/impls.rs

@@ -460,18 +460,27 @@ macro_rules! impl_pointer_convert {
             type Via = i64;
         }
 
-        impl ToGodot for $Ptr {
+        // Pointers implement internal-only conversion traits for use in engine APIs and virtual methods.
+        impl meta::EngineToGodot for $Ptr {
             type Pass = meta::ByValue;
 
-            fn to_godot(&self) -> Self::Via {
+            fn engine_to_godot(&self) -> meta::ToArg<'_, Self::Via, Self::Pass> {
                 *self as i64
             }
+
+            fn engine_to_variant(&self) -> Variant {
+                Variant::from(*self as i64)
+            }
         }
 
-        impl FromGodot for $Ptr {
-            fn try_from_godot(via: Self::Via) -> Result<Self, ConvertError> {
+        impl meta::EngineFromGodot for $Ptr {
+            fn engine_try_from_godot(via: Self::Via) -> Result<Self, ConvertError> {
                 Ok(via as Self)
             }
+
+            fn engine_try_from_variant(variant: &Variant) -> Result<Self, ConvertError> {
+                variant.try_to::<i64>().map(|i| i as Self)
+            }
         }
     };
 }
@@ -480,10 +489,85 @@ impl_pointer_convert!(*const std::ffi::c_void);
 impl_pointer_convert!(*mut std::ffi::c_void);
 
 // Some other pointer types are used by various other methods, see https://github.com/godot-rust/gdext/issues/677
-// TODO: Find better solution to this, this may easily break still if godot decides to add more pointer arguments.
+// Keep manually extending this; no point in automating with how rarely Godot adds new pointer types.
 
 impl_pointer_convert!(*mut *const u8);
 impl_pointer_convert!(*mut i32);
 impl_pointer_convert!(*mut f64);
 impl_pointer_convert!(*mut u8);
 impl_pointer_convert!(*const u8);
+
+// ----------------------------------------------------------------------------------------------------------------------------------------------
+// Tests for ToGodot/FromGodot missing impls
+//
+// Sanity check: comment-out ::godot::meta::ensure_func_bounds in func.rs, the 3 latter #[func] ones should fail.
+
+/// Test that `*mut i32` cannot be converted to variant.
+///
+/// ```compile_fail
+/// # use godot::prelude::*;
+/// let ptr: *mut i32 = std::ptr::null_mut();
+/// let variant = ptr.to_variant();  // Error: *mut i32 does not implement ToGodot
+/// ```
+fn __doctest_i32_ptr_to_variant() {}
+
+/// Test that void-pointers cannot be converted from variant.
+///
+/// ```compile_fail
+/// # use godot::prelude::*;
+/// let variant = Variant::nil();
+/// let ptr: *const std::ffi::c_void = variant.to();
+/// ```
+fn __doctest_void_ptr_from_variant() {}
+
+/// Test that native struct pointers cannot be used as `#[func]` parameters.
+///
+/// ```compile_fail
+/// # use godot::prelude::*;
+/// # use godot::classes::native::AudioFrame;
+/// #[derive(GodotClass)]
+/// #[class(init)]
+/// struct MyClass {}
+///
+/// #[godot_api]
+/// impl MyClass {
+///     #[func]
+///     fn take_pointer(&self, ptr: *mut AudioFrame) {}
+/// }
+/// ```
+fn __doctest_native_struct_pointer_param() {}
+
+/// Test that native struct pointers cannot be used as `#[func]` return types.
+///
+/// ```compile_fail
+/// # use godot::prelude::*;
+/// # use godot::classes::native::AudioFrame;
+/// #[derive(GodotClass)]
+/// #[class(init)]
+/// struct MyClass {}
+///
+/// #[godot_api]
+/// impl MyClass {
+///     #[func]
+///     fn return_pointer(&self) -> *const AudioFrame {
+///         std::ptr::null()
+///     }
+/// }
+/// ```
+fn __doctest_native_struct_pointer_return() {}
+
+/// Test that `u64` cannot be returned from `#[func]`.
+///
+/// ```compile_fail
+/// # use godot::prelude::*;
+/// #[derive(GodotClass)]
+/// #[class(init)]
+/// struct MyClass {}
+///
+/// #[godot_api]
+/// impl MyClass {
+///     #[func]
+///     fn return_pointer(&self) -> u64 { 123 }
+/// }
+/// ```
+fn __doctest_u64_return() {}

godot-core/src/meta/mod.rs

@@ -69,7 +69,7 @@ pub use element_type::{ElementScript, ElementType};
 pub use godot_convert::{EngineFromGodot, EngineToGodot, FromGodot, GodotConvert, ToGodot};
 pub use method_info::MethodInfo;
 pub use object_to_owned::ObjectToOwned;
-pub use param_tuple::{InParamTuple, OutParamTuple, ParamTuple};
+pub use param_tuple::{InParamTuple, OutParamTuple, ParamTuple, TupleFromGodot};
 pub use property_info::{PropertyHintInfo, PropertyInfo};
 #[cfg(feature = "trace")]
 pub use signature::trace;

godot-core/src/meta/param_tuple.rs

@@ -99,3 +99,10 @@ pub trait OutParamTuple: ParamTuple {
     /// Converts `array` to `Self` by calling [`to_variant`](crate::meta::ToGodot::to_variant) on each argument.
     fn to_variant_array(&self) -> Vec<Variant>;
 }
+
+/// Helper trait to verify that all tuple elements implement `FromGodot`.
+///
+/// Used internally by [`crate::meta::ensure_func_bounds()`] to ensure each parameter in a `#[func]` method
+/// implements `FromGodot`, not just `EngineFromGodot`.
+#[doc(hidden)]
+pub trait TupleFromGodot: Sized {}

godot-core/src/meta/param_tuple/impls.rs

@@ -16,8 +16,8 @@ use sys::GodotFfi;
 use crate::builtin::Variant;
 use crate::meta::error::{CallError, CallResult};
 use crate::meta::{
-    ArgPassing, CallContext, EngineFromGodot, EngineToGodot, GodotConvert, GodotType, InParamTuple,
-    OutParamTuple, ParamTuple,
+    ArgPassing, CallContext, EngineFromGodot, EngineToGodot, FromGodot, GodotConvert, GodotType,
+    InParamTuple, OutParamTuple, ParamTuple, TupleFromGodot,
 };
 
 macro_rules! count_idents {
@@ -27,6 +27,8 @@ macro_rules! count_idents {
 
 macro_rules! unsafe_impl_param_tuple {
     ($(($p:ident, $n:tt): $P:ident),*) => {
+        impl<$($P: FromGodot + fmt::Debug),*> TupleFromGodot for ($($P,)*) {}
+
         impl<$($P),*> ParamTuple for ($($P,)*) where $($P: GodotConvert + fmt::Debug),* {
             const LEN: usize = count_idents!($($P)*);
 

godot-core/src/meta/signature.rs

@@ -16,10 +16,17 @@ use crate::builtin::Variant;
 use crate::meta::error::{CallError, CallResult, ConvertError};
 use crate::meta::{
     EngineFromGodot, EngineToGodot, FromGodot, GodotConvert, GodotType, InParamTuple,
-    MethodParamOrReturnInfo, OutParamTuple, ParamTuple, ToGodot,
+    MethodParamOrReturnInfo, OutParamTuple, ParamTuple, ToGodot, TupleFromGodot,
 };
 use crate::obj::{GodotClass, ValidatedObject};
 
+/// Checks for `#[func]` expansions that all parameters implement `FromGodot` and the return type implements `ToGodot`.
+///
+/// [`Signature`] itself only requires `EngineFromGodot` and `EngineToGodot`.
+#[inline(always)]
+#[doc(hidden)]
+pub fn ensure_func_bounds<Params: TupleFromGodot, Ret: ToGodot>() {}
+
 /// A full signature for a function.
 ///
 /// For in-calls (that is, calls from the Godot engine to Rust code) `Params` will implement [`InParamTuple`] and `Ret`
@@ -177,7 +184,6 @@ impl<Params: OutParamTuple, Ret: EngineFromGodot> Signature<Params, Ret> {
     /// Make a varcall to the Godot engine for a virtual function call.
     ///
     /// # Safety
-    ///
     /// - `object_ptr` must be a live instance of a class with a method named `method_sname_ptr`
     /// - The method must expect args `args`, and return a value of type `Ret`
     #[cfg(since_api = "4.3")]
@@ -224,7 +230,6 @@ impl<Params: OutParamTuple, Ret: EngineFromGodot> Signature<Params, Ret> {
     /// Make a ptrcall to the Godot engine for a utility function that has varargs.
     ///
     /// # Safety
-    ///
     /// - `utility_fn` must expect args `args`, varargs `varargs`, and return a value of type `Ret`
     // Note: this is doing a ptrcall, but uses variant conversions for it.
     #[inline]
@@ -253,7 +258,6 @@ impl<Params: OutParamTuple, Ret: EngineFromGodot> Signature<Params, Ret> {
     /// Make a ptrcall to the Godot engine for a builtin method that has varargs.
     ///
     /// # Safety
-    ///
     /// - `builtin_fn` must expect args `args`, varargs `varargs`, and return a value of type `Ret`
     #[inline]
     pub unsafe fn out_builtin_ptrcall_varargs(
@@ -317,7 +321,6 @@ impl<Params: OutParamTuple, Ret: EngineFromGodot> Signature<Params, Ret> {
     /// Make a ptrcall to the Godot engine for a builtin method.
     ///
     /// # Safety
-    ///
     /// - `builtin_fn` must expect explicit args `args`, and return a value of type `Ret`
     #[inline]
     pub unsafe fn out_builtin_ptrcall(
@@ -346,7 +349,6 @@ impl<Params: OutParamTuple, Ret: EngineFromGodot> Signature<Params, Ret> {
     /// Make a ptrcall to the Godot engine for a utility function.
     ///
     /// # Safety
-    ///
     /// - `utility_fn` must expect explicit args `args`, and return a value of type `Ret`
     #[inline]
     pub unsafe fn out_utility_ptrcall(
@@ -371,7 +373,6 @@ impl<Params: OutParamTuple, Ret: EngineFromGodot> Signature<Params, Ret> {
     /// Performs a ptrcall and processes the return value to give nice error output.
     ///
     /// # Safety
-    ///
     /// This calls [`GodotFfi::new_with_init`] and passes the ptr as the second argument to `f`, see that function for safety docs.
     unsafe fn raw_ptrcall(
         args: Params,

godot-macros/src/class/data_models/func.rs

@@ -163,6 +163,9 @@ pub fn make_method_registration(
             type CallParams = #sig_params;
             type CallRet = #sig_ret;
 
+            // Statically check that all parameters implement FromGodot + return type implements ToGodot.
+            ::godot::meta::ensure_func_bounds::<CallParams, CallRet>();
+
             let method_name = StringName::from(#method_name_str);
 
             #varcall_fn_decl;

itest/rust/src/engine_tests/mod.rs

@@ -13,7 +13,7 @@ mod engine_enum_test;
 mod gfile_test;
 mod match_class_test;
 mod native_st_niche_audio_test;
-mod native_st_niche_pointer_test;
+//mod native_st_niche_pointer_test; // FIXME(v0.5): re-enable once implemented.
 mod native_structures_test;
 mod node_test;
 mod save_load_test;