Audit smol

[8573]

the upcoming dramatically simpler runtime, smol

...is still not nearly as popular as Tokio, but it does get 210k downloads per month by Lib.rs's count.

They are preparing to cut a 2.0 release.

Of its constituent crates,

• these forbid unsafe code: smol, async-channel, async-net, blocking; and
• these use unsafe code: async-executor, async-fs, async-io, async-lock, async-process, async-task, futures-lite, polling.

[notgull]

To summarize:

• async-executor uses two lines of unsafe code, both of which are extensively checked via preconditions in async-task
• async-fs has two lines of unsafe that are mostly vestigial in the post-I/O-safety world, I've removed it in smol-rs/async-fs#26
• async-io's unsafety mostly comes from wrapping polling's new IO-Safe interface.
• async-lock's unsafety comes from implementing locks. In theory these could just be wrappers around spin and friends, in practice it would mean losing features and adding an unneeded dependency. So the unsafe here is justified I think. It could still use a once-over.
• async-process is on the track to be forbid(unsafe_code) after the new async-io update.
• async-task was previously audited.
• futures-lite only has one line of unsafe code, for pinning futures to the stack.
• polling is mostly just a wrapper around the system polling APIs, save for the IOCP and poll() backends.

If you need any help, please use me as a resource! I'm most available at the mailbox dev@notgull.net