Resisting Underhandedness

Erick Tryzelaar edited this page Feb 28, 2017 · 14 revisions

This is a living document all about unsafety and general underhandedness. Please help keep this article up to date with any and all relevant articles and links.

Articles and Blogs about Safely using Unsafety

Testing

  • Rust Book chapter on testing.
  • quickcheck is a library to generate random input for test cases.
  • compiletest is a test framework that allows developers to check if their code is properly failing to compile. This helps to validate if you are creating a safe wrapper around unsafe code.

Fuzzing

Code Health

  • clippy is a tool that adds many lints to the Rust compiler to catch common mistakes. See this post to understand how it can help.
  • rustfmt is a tool to automatically and consistently format Rust code. It can be used to help avoid underhanded syntax formatting.

Security

  • RustSec Advisory Database is a repository of security advisories filed against Rust crates.
  • cargo-audit is tool that will audit a Cargo.lock file for the use of crates with security vulnerabilities.

Rust Bugs

  • I-unsound - open soundness issues in the Rust compiler that are a likely target for avoiding the Rust
  • Rust version 1.15.1 was released due to a bug in 1.15.0 where as_mut_slice was accidentally written to apply to immutable functions:
pub fn as_mut_slice(&self) -> &mut [T] {
    unsafe {
        slice::from_raw_parts_mut(self.ptr as *mut T, self.len())
    }
}
Clone this wiki locally
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.