[BUG] Impl traits don't have enough trait bounds

[felinira]

Bug description

XyzImpl traits don't actually check whether they are implemented on classes that derive / implement the specific class. The Impl traits themselves only provide implementations, so usually they would be fine to implement wherever. However, almost all bindings also offer to call parent implementations, or other ffi methods as part of some Ext traits.

In practise this means that you can call unrelated methods on any object, thus being able to cause UB.

Examples:

• Implement gtk::WidgetImpl on any gobject subclass and get access to things like set_css_name without the object actually having to be derived from GtkWidget. This causes a runtime critical with UB afterwards.
• Implement gio::InitableImpl on a gobject subclass that doesn't implement gio::Initable and call parent_init. This panics here: https://github.com/gtk-rs/gtk-rs-core/blob/b97554d03ae9ae8f1c56e0e61f55d2612e1be271/glib/src/subclass/types.rs#L496

There are probably more ways to make this lead to more serious and harder to detect behaviour.

Solution

Adding trait bounds like this should probably resolve all these issues:

pub trait WidgetImpl: ObjectSubclass where <Self as ObjectSubclass>::Type: IsA<Widget>

[sdroege]

As discussed on Matrix yesterday, adding such trait bounds will require them to be added recursively in more places. E.g. ButtonImpl will need both IsA<Widget> and IsA<Button>.

Also it means that the glib::wrapper! usage must list all super-classes and can't just skip one. That part will probably break a bit of code.

This seems like the right thing to do though.