Open cdstanford opened 10 months ago
We are thinking that for now we just add an FFIDecl
effect as a temporary measure in addition to the FFICall
effect. That way, system-configuration-sys
doesn't incorrectly get marked as safe, but we still catch if there are cross-crate FFI function calls and audit them
Currently, we add the
FFICall
effect when an FFI function is called, not when it is declared. This seems wrong because when an FFI function is public, e.g.The function is not marked as having any effects, but calling it is clearly dangerous.
This shows up on the
system-configuration-sys
crate (v 0.5.0) as found by @deian leading to, confusingly, no effects in this crate, and I also copied the relevant source code file to thetest-crates/ffi-ex
example crate so we can track its results onmake test
v0 tasks:
v1 tasks:
FFICall
effect when FFI functions are called, as this would now be redundantmake test
and make sure the changes look reasonable