rust-secure-code / safety-dance

Auditing crates for unsafe code which can be safely replaced
Apache License 2.0
536 stars 10 forks source link

Request Clippy lints for antipatterns we discover #21

Open Shnatsel opened 5 years ago

Shnatsel commented 5 years ago

We encounter a lot of unsafe code that can be converted to safe. We should start cataloguing the antipatterns we discover and document how to convert them to safe code.

Also, for every antipattern discovered we should open an issue against Clippy to detect it - that way we can effectively prevent such cases in the future. This already has precedent, see e.g. https://github.com/rust-lang/rust-clippy/issues/3237

alex commented 5 years ago

https://github.com/rust-lang/rust-clippy/issues/4375 is another example

Lokathor commented 5 years ago

One thing is that uninitialized() can be replaced with zeroed() in all cases. All of them. Any time memory can't be zeroed() it couldn't have been uninitialized() anyway.

So even if they don't want to switch to MaybeUninit (eg: want to support an old compiler), they can switch to zeroed(). It's not definitely safe, but it safer at least.

Shnatsel commented 5 years ago

I thought "why document stuff if we can ask for clippy lints right away?"

And then this happened: https://github.com/rust-lang/rust-clippy/issues/4483

I'll need to review the unsafe code I've already purged, but this is already a big, multi-faceted work item right there.

Shnatsel commented 5 years ago

https://github.com/rust-lang/rust-clippy/issues/4484 https://github.com/rust-lang/rust-clippy/issues/4485

Shnatsel commented 5 years ago

https://github.com/rust-lang/rust-clippy/issues/4515

Shnatsel commented 5 years ago

Requested another lint based on a bug in real-world code: https://github.com/rust-lang/rust-clippy/issues/4774 And a compiler warning, because it looks easy to reliably detect and dangerous enough to warn against it by default, without relying on optional tooling: https://github.com/rust-lang/rust/issues/66136

I've also requested improvements to an existing lint, although this one might be tricky: https://github.com/rust-lang/rust-clippy/issues/4765

Lokathor commented 5 years ago

I already requested a lint for the problem case I hit XD

gotta check existing issues!

Shnatsel commented 4 years ago

Another lint requested: https://github.com/rust-lang/rust-clippy/issues/4862

Shnatsel commented 4 years ago

https://github.com/rust-lang/rust-clippy/issues/4891

Shnatsel commented 4 years ago

https://github.com/rust-lang/rust-clippy/issues/4896