reduce_unsafe 0.1.0

Reduce unsafe code and detect soundness bugs with equivalence checks against safe code
Documentation
  • Coverage
  • 33.33%
    1 out of 3 items documented1 out of 1 items with examples
  • Size
  • Source code size: 18.15 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 165.28 kB This is the summed size of all files generated by rustdoc for all configured targets
  • Links
  • Repository
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • WildCryptoFox

Reduce unsafe code and detect soundness bugs with equivalence checks against safe code

For discussions on this idea see the RFC on the Rust Internals forum and Rust Secure Code Working Group.

To indicate preference of safety over performance: add --cfg reduce_unsafe to your RUSTFLAGS.

reduce_unsafe::unchecked! runs the unsafe code unless the --cfg reduce_unsafe flag is present.

reduce_unsafe::checked! uses debug_assertions to decide between reduce_unsafe::unchecked! and running both branches and panics if they diverge.

If you have unsafe code which you believe is sound which could be implemented (slower) with safe code, consider using the reduce_unsafe::checked! or reduce_unsafe::unchecked! macros or #[cfg(reduce_unsafe)] attribute.

let my_str = unsafe {
    str::from_utf8_unchecked(bytes)
};

becomes

let my_str = reduce_unsafe::checked!(
    unsafe { str::from_utf8_unchecked(bytes) },
    str::from_utf8(bytes).expect("BUG: unsound unsafe code detected")
);

or if the returned type does not implement PartialEq or there are visible side effects

let my_str = reduce_unsafe::unchecked!(
    unsafe { str::from_utf8_unchecked(bytes) },
    str::from_utf8(bytes).expect("BUG: unsound unsafe code detected")
);