Cryptographically verifiable, distributed dependency reviews
reviewer: MaulingMonkey
$ cargo crev repo fetch url https://github.com/MaulingMonkey/crev-proofs$ cargo crev id trust 6OZqHXqyUAF57grEY7IVMjRljdd9dgDxiNtr1NF1BdYrepo: https://github.com/MaulingMonkey/crev-proofs
Please, use mobile in landscape.
Pros:
Cons:
unsafe in macro prevents use with #![forbid(unsafe_code)]Pros:
Cons:
unsafe in macro prevents use with #![forbid(unsafe_code)]Pros:
Cons:
unsafe in macro prevents use with #![forbid(unsafe_code)]Pros:
Cons:
unsafe in macro prevents use with #![forbid(unsafe_code)]core::mem::uninitialized until 1.0.4 is UBPros:
Cons:
unsafe in macro prevents use with #![forbid(unsafe_code)]core::mem::uninitialized until 1.0.4 is UBPros:
Cons:
unsafe in macro prevents use with #![forbid(unsafe_code)]core::mem::uninitialized until 1.0.4 is UBPros:
Cons:
unsafe in macro prevents use with #![forbid(unsafe_code)]core::mem::uninitialized until 1.0.4 is UBPros:
Cons:
unsafe in macro prevents use with #![forbid(unsafe_code)]core::mem::uninitialized until 1.0.4 is UBStack/value variable length arrays without heap fallback.
Pros:
Cons:
This version switched some slices possibly containing uninit (UB!) to use
pointers instead. This makes encode_utf8 unsafe, sadly.
| Diff | Rating | Notes |
|---|---|---|
| .cargo_vcs_info.json | +1 | |
| .gitignore | +1 | |
| Cargo.lock | +1 | Rust version bump? |
| Cargo.toml | +1 | debug [profile.*] |
| Cargo.toml.orig | +1 | debug [profile.*] |
| README.rst | +1 | |
| *.{events,string_data,string_index} | 0 | Binary test files, unreviewed |
| src/array.rs | +1 | Removed #[inline] |
| src/array_string.rs | +1 | Added fn len, removed #[inline], use ptr instead of slice |
| src/chars.rs | +1 | encode_utf8 is now sadly unsafe, more test coverage |
| src/lib.rs | +1 | Inline tweaks, more (correct) ptr use, add as_*_ptr to match Vec (safe/sound) |
Stack/value variable length arrays without heap fallback.
Pros:
Cons:
| Diff | Rating | Notes |
|---|---|---|
| .cargo_vs_info.json | +1 | |
| .travis.yml | +1 | MSRV bumped to 1.36.0, features tweaked. |
| Cargo.toml | +1 | feature "serde-1" -> "serde", 2018 edition, drop cruft |
| Cargo.toml.orig | +1 | |
| README.rst | 0 | "(not yet released)" no longer accurate. |
| benches/extend.rs | +1 | +black_box |
| build.rs | +1 | Dropped? |
| src/array.rs | +1 | Improved safety docs, although could use more explaination of what relies on the invariants. () and bool indexing for 1/2-len arrays. |
| src/array_string.rs | 0 | mem::zeroed -> MaybeUninitCopy::uninitialized. Lots of Copy constraints, one transmute -> from_utf8_unchecked_mut (safer). |
| src/lib.rs | 0 | truncate now unsafe (but sound), new try_extend_from_slice is unsafe (but sound). ArrayVec::extend ZST handling is obtuse, would be unsound in C++, but I believe sound in Rust, maybe? |
| src/maybe_uninit.rs | +1 | |
| src/maybe_uninit_nodrop.rs | +1 | Removed |
| src/maybe_uninit_stable.rs | +1 | Removed |
| src/range.rs | +1 | Removed |
| tests/serde.rs | +1 | |
| tests/tests.rs | +1 | New test cases |
Probably sound as of 0.4.11 on Rust 1.36.0+?
Uses a disturbing amount of unsafe, but aside from uninitialized! use in ArrayVec 1.35 and earlier, it all at least appears to be correct after a careful reading.
Unlike smallvec, this doesn't fall back on the heap.
Better than whatever you'll write rolling your own, at least.
0.4.7 -> 0.4.8: IntoIter implemented Clone, unconcerning
0.4.8 -> 0.4.9: ArrayString initialized to 0, ArrayVec uses nightly MaybeUninit. Unfortunately stable still uses uninitialized!() so this is still negative.
0.4.9 -> 0.4.10: #[repr(C)], -Clone for MaybeUninit. Apparently I missed more possible unsoundness. Unsafe is hard.
0.4.10 -> 0.4.11: ArrayVec should now also be sound in Rust 1.36.0+, probably, maybe.
Prefer 0.4.11 which at least starts using MaybeUninit instead of uninitialized!(), which is fundamentally unsound.
Uses a disturbing amount of unsafe, but aside from uninitialized, it all at least appears to be correct after a careful reading.
Unlike smallvec, this doesn't fall back on the heap.
Better than whatever you'll write rolling your own, at least.
0.4.7 -> 0.4.8: IntoIter implemented Clone, unconcerning
0.4.8 -> 0.4.9: ArrayString initialized to 0, ArrayVec uses nightly MaybeUninit. Unfortunately stable still uses uninitialized!() so this is still negative.
0.4.9 -> 0.4.10: #[repr(C)], -Clone for MaybeUninit. Apparently I missed more possible unsoundness. Unsafe is hard.
Prefer 0.4.11 which at least starts using MaybeUninit instead of uninitialized!(), which is fundamentally unsound.
Uses a disturbing amount of unsafe, but aside from uninitialized, it all at least appears to be correct after a careful reading.
Unlike smallvec, this doesn't fall back on the heap.
Better than whatever you'll write rolling your own, at least.
0.4.7 -> 0.4.8: IntoIter implemented Clone, unconcerning
0.4.8 -> 0.4.9: ArrayString initialized to 0, ArrayVec uses nightly MaybeUninit. Unfortunately stable still uses uninitialized!() so this is still negative.
Prefer 0.4.11 which at least starts using MaybeUninit instead of uninitialized!(), which is fundamentally unsound.
Uses a disturbing amount of unsafe, but aside from uninitialized, it all at least appears to be correct after a careful reading.
Unlike smallvec, this doesn't fall back on the heap.
Better than whatever you'll write rolling your own, at least.
See 0.4.7 for base review. Diffed 0.4.7 -> 0.4.8, no concerning changes.
Prefer 0.4.11 which at least starts using MaybeUninit instead of uninitialized!(), which is fundamentally unsound.
Uses a disturbing amount of unsafe, but aside from uninitialized, it all at least appears to be correct after a careful reading.
Unlike smallvec, this doesn't fall back on the heap.
Better than whatever you'll write rolling your own, at least.
| File | Rating | Notes |
|---|---|---|
| benches/arraystring.rs | +1 | |
| benches/extend.rs | +1 | |
| src/array_string.rs | 0 | lots of unsafe, but I think sound |
| src/array.rs | 0 | fix_array_impl! hides unsafe, but not misused nor public |
| src/char.rs | +1 | Relied upon for soundness... thoroughly checked against https://en.wikipedia.org/wiki/UTF-8 |
| src/errors.rs | +1 | |
| src/lib.rs | 0 | lots of unsafe, but I think sound |
| src/range.rs | +1 | |
| tests/serde.rs | +1 | |
| tests/tests.rs | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| custom.css | +1 | |
| LICENSE-APACHE | +1 | |
| LICENSE-MIT | +1 | |
| README.rst | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | Overused |
| fs | +1 | Unused |
| docs | +1 | |
| tests | 0 | Good coverage... not seeing any fuzz testing for all this unsafe though. |
| Line | Notes |
|---|---|
| 56 | unsafe - new_array ~ uninitialized, Array is an unsafe trait though so only implement it if this is sound...? |
| 95 | No CapacityError? Inconsistent vs from... |
| 160 | unsafe { ... } - looks correct |
| 213 | unsafe { ... } - looks correct |
| 216 | could be a slice copy instead |
| 245 | unsafe { ... } - looks correct |
| 271 | unsafe { ... } - looks correct |
| 307 | unsafe { ... } - looks correct |
| 318 | unsafe { ... } - looks correct |
| 331 | unsafe fn - decent docs, looks correct, should be more explicit about uninitialized though |
| 342 | unsafe fn - needs better docs, but looks correct |
| 351 | unsafe { ... } - looks correct |
| 361 | unsafe { ... } - scary transmute, but just from &mut [u8] to &mut str. stdlib from_utf8_unchecked does equivalent pointer casts |
| Line | Notes |
|---|---|
| 80 | Aieee! |
| 132 | unsafe { ... } - not sure this is sound for bools etc. |
| 214 | unsafe { ... } - looks correct |
| 246 | unsafe fn - exactly as spceified |
| 306 | unsafe { ... } - looks correct |
| 340 | unsafe { ... } - looks correct |
| 511 | unsafe fn - exactly as specified |
| 552 | unsafe { ... } - scary as heck... but Drain should keep self borrowed long enough, at least. |
| 575 | unsafe { ... } - looks correct |
| 604 | unsafe { ... } - looks correct |
| 614 | unsafe { ... } - looks correct |
| 707 | unsafe { ... } - looks correct. Size could be reduced, relies on IntoIter's custom drop not dropping copied elements due to the index increment to avoid double drops. |
| 724 | unsafe { ... } - looks correct. Size could be reduced, relies on IntoIter's custom drop not dropping copied elements due to the length decrement to avoid double drops. |
| 740 | unsafe { ... } - looks correct. Implements the aforementioned IntoIter custom drop. |
| 764 | unsafe Sync - I believe this is OK. |
| 765 | unsafe Send - I believe this is OK. |
| 775 | unsafe { ... } - looks correct. Relies on set_len already being truncated to avoid double drops. |
| 793 | unsafe { ... } - looks correct. Relies on set_len already being truncated to avoid double drops. |
| 809 | necessary to aovid memory leaks |
| 812 | unsafe { ... } - looks correct. |
| 851 | unsafe { ... } - looks correct. |
| 1008 | unsafe { ... } - looks correct. |
UNSOUND: https://github.com/tomprogrammer/rust-ascii/issues/64 (I didn't cath this one)
unsound? https://github.com/tomprogrammer/rust-ascii/issues/65
Lots of repeated unsafe.
No debug_assert! s for uncheck codepaths.
Unsound test code assumes gen_range meets it's safe API contract.
Not fully reviewed.
| File | Rating | Notes |
|---|---|---|
| src/serialization/ascii_char.rs | +1 | thoroughness: low, understanding: high throughout |
| src/serialization/ascii_str.rs | +1 | |
| src/serialization/ascii_string.rs | +1 | |
| src/serialization/mod.rs | +1 | |
| src/ascii_char.rs | 0 | unsound test code? |
| src/ascii_str.rs | -1 | UNSOUND - missing #[repr(transparent)]` ! |
| src/ascii_string.rs | N/A | Unreviewed |
| src/free_functions.rs | N/A | |
| src/lib.rs | N/A | |
| .gitignore | N/A | |
| .travis.yml | N/A | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE-APACHE | N/A | |
| LICENSE_MIT | N/A | |
| README.md | N/A | |
| RELEASES.md | N/A | |
| tests.rs | N/A |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | UNSOUND, disappointing lack of debug_assert!s. |
| fs | +1? | Not present? |
| io | +1? | Not present? |
| docs | +1? | |
| tests | +1? |
| Line | Notes |
|---|---|
| 22 | This must contain every value between 0..=127 for soundness guarantees bellow. |
| 476 | unsafe { ... } - looks sound. case 1 handles 32..=126, case 2 handles 127, case 3 handles 0..=31. Not wild about this impl but looks valid. See https://en.wikipedia.org/wiki/Control_Pictures |
| 498 | unsafe { ... } - looks sound. 'a' > 'A' |
| 509 | unsafe { ... } - looks sound. |
| 548 | unsafe { ... } - looks sound. Duplicate logic, annoyingly. |
| 557 | unsafe { ... } - looks sound. Duplicate logic, annoyingly. |
| 659 | unsafe fn - looks good. |
| 670 | unsafe fn - disappointing lack of debug_assert! |
| 678 | unsafe { ... } - looks sound. |
| 686 | unsafe fn - disappointing lack of debug_assert!. transmute from u8 to #[repr(u8)] enum... I believe that's sound. |
| 694 | unsafe { ... } - looks sound. |
| 702 | unsafe fn - looks sound. |
| 714 | UNSOUND TEST CODE? no guarantee generic Gen actually generates within range. Gated behind "quickcheck" feature. |
| 735 | UNSOUND TEST CODE? no guarantee generic Gen actually generates within range. Gated behind "quickcheck" feature. |
| Line | Notes |
|---|---|
| 116 | unsafe fn - looks good. |
| 352 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 359 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 367 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 384 | scary transmuting impl_into! macro, audit all uses carefully |
| 390 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 397 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 405 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 410 | I believed these invokes would be sound if AsciiStr was #[repr(transparent)], but https://github.com/tomprogrammer/rust-ascii/issues/64 proved me wrong. |
| 668 | unsafe fn - looks good. |
| 676 | unsafe fn - looks good. |
| 689 | unsafe fn - looks good. |
| 701 | unsafe fn - looks good. |
| 713 | unsafe fn - looks good. |
| 724 | unsafe fn - looks good. |
| 734 | unsafe fn - looks good. |
| 746 | unsafe fn - looks good. |
| 756 | unsafe fn - looks good. |
| 764 | unsafe { ... } - looks sound. |
| 768 | unsafe fn - disappointing lack of debug_assert!. |
| 777 | unsafe { ... } - looks sound. |
| 781 | unsafe fn - disappointing lack of debug_assert!. |
| 793 | unsafe fn - looks good. |
| 800 | unsafe { ... } - looks sound. |
| 804 | unsafe fn - disappointing lack of debug_assert!. |
| 818 | unsafe fn - looks good. |
UNSOUND: https://github.com/tomprogrammer/rust-ascii/issues/64 (I didn't catch this one)
unsound? https://github.com/tomprogrammer/rust-ascii/issues/65
Lots of repeated unsafe.
No debug_assert! s for uncheck codepaths.
Unsound test code assumes gen_range meets it's safe API contract.
Not fully reviewed.
| File | Rating | Notes |
|---|---|---|
| src/serialization/ascii_char.rs | +1 | thoroughness: low, understanding: high throughout |
| src/serialization/ascii_str.rs | +1 | |
| src/serialization/ascii_string.rs | +1 | |
| src/serialization/mod.rs | +1 | |
| src/ascii_char.rs | 0 | unsound test code? |
| src/ascii_str.rs | -1 | UNSOUND - missing #[repr(transparent)]` ! |
| src/ascii_string.rs | N/A | Unreviewed |
| src/free_functions.rs | N/A | |
| src/lib.rs | N/A | |
| .gitignore | N/A | |
| .travis.yml | N/A | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE-APACHE | N/A | |
| LICENSE_MIT | N/A | |
| README.md | N/A | |
| RELEASES.md | N/A | |
| tests.rs | N/A |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | UNSOUND, disappointing lack of debug_assert!s. |
| fs | +1? | Not present? |
| io | +1? | Not present? |
| docs | +1? | |
| tests | +1? |
| Line | Notes |
|---|---|
| 22 | This must contain every value between 0..=127 for soundness guarantees bellow. |
| 476 | unsafe { ... } - looks sound. case 1 handles 32..=126, case 2 handles 127, case 3 handles 0..=31. Not wild about this impl but looks valid. See https://en.wikipedia.org/wiki/Control_Pictures |
| 498 | unsafe { ... } - looks sound. 'a' > 'A' |
| 509 | unsafe { ... } - looks sound. |
| 548 | unsafe { ... } - looks sound. Duplicate logic, annoyingly. |
| 557 | unsafe { ... } - looks sound. Duplicate logic, annoyingly. |
| 659 | unsafe fn - looks good. |
| 670 | unsafe fn - disappointing lack of debug_assert! |
| 678 | unsafe { ... } - looks sound. |
| 686 | unsafe fn - disappointing lack of debug_assert!. transmute from u8 to #[repr(u8)] enum... I believe that's sound. |
| 694 | unsafe { ... } - looks sound. |
| 702 | unsafe fn - looks sound. |
| 714 | UNSOUND TEST CODE? no guarantee generic Gen actually generates within range. Gated behind "quickcheck" feature. |
| 735 | UNSOUND TEST CODE? no guarantee generic Gen actually generates within range. Gated behind "quickcheck" feature. |
| Line | Notes |
|---|---|
| 116 | unsafe fn - looks good. |
| 352 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 359 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 367 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 384 | scary transmuting impl_into! macro, audit all uses carefully |
| 390 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 397 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 405 | UNSOUND unsafe { ... } - AsciiStr is not #[repr(transparent)] ! |
| 410 | I believed these invokes would be sound if AsciiStr was #[repr(transparent)], but https://github.com/tomprogrammer/rust-ascii/issues/64 proved me wrong. |
| 668 | unsafe fn - looks good. |
| 676 | unsafe fn - looks good. |
| 689 | unsafe fn - looks good. |
| 701 | unsafe fn - looks good. |
| 713 | unsafe fn - looks good. |
| 724 | unsafe fn - looks good. |
| 734 | unsafe fn - looks good. |
| 746 | unsafe fn - looks good. |
| 756 | unsafe fn - looks good. |
| 764 | unsafe { ... } - looks sound. |
| 768 | unsafe fn - disappointing lack of debug_assert!. |
| 777 | unsafe { ... } - looks sound. |
| 781 | unsafe fn - disappointing lack of debug_assert!. |
| 793 | unsafe fn - looks good. |
| 800 | unsafe { ... } - looks sound. |
| 804 | unsafe fn - disappointing lack of debug_assert!. |
| 818 | unsafe fn - looks good. |
Not suitable for UGC - memory exhaustion and panic concerns.
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/ase.md#0.1.3
Not suitable for UGC - memory exhaustion and panic concerns.
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/ase.md#0.1.1
Not suitable for UGC - memory exhaustion and panic concerns.
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/ase.md#0.1.0
[Full Audit]
Parses JSON aseprite exports
Pros:
Cons:
[Full Audit]
Parses JSON aseprite exports
Pros:
Cons:
Private fields make this unusable until 0.1.2
Private fields make this unusable until 0.1.2
LGTM, starts using RUSTFLAGS
0.1.6: LGTM
0.1.5: No unsafe code, minor safe-looking file I/O
No unsafe code, minor safe-looking file I/O
Offset read/write with &self
Pros:
read_at(&self, ...)Cons:
BufOffsetReader is a bit kludgy - u64 as usize casts should probably Err insteadFile makes for inconsistent seek behavior when used by referenceOffset read/write with &self
Pros:
read_at(&self, ...)Cons:
BufOffsetReader is a bit kludgy - u64 as usize casts should probably Err insteadFile makes for inconsistent seek behavior when used by referenceOffset read/write with &self
Pros:
read_at(&self, ...)Cons:
BufOffsetReader is a bit kludgy - u64 as usize casts should probably Err insteadFile makes for inconsistent seek behavior when used by referenceOffset read/write with &self
Pros:
read_at(&self, ...)Cons:
BufOffsetReader is a bit kludgy - u64 as usize casts should probably Err insteadFile makes for inconsistent seek behavior when used by referenceOffset read/write with &self
Pros:
read_at(&self, ...)Cons:
BufOffsetReader is a bit kludgy - u64 as usize casts should probably Err insteadFile makes for inconsistent seek behavior when used by referenceOffset read/write with &self
Pros:
read_at(&self, ...)Cons:
BufOffsetReader is a bit kludgy - u64 as usize casts should probably Err insteadFile makes for inconsistent seek behavior when used by referenceOffset read/write with &self
Pros:
read_at(&self, ...)Cons:
BufOffsetReader is a bit kludgy - u64 as usize casts should probably Err insteadFile makes for inconsistent seek behavior when used by referenceI wrote it, minimal 'unsafe' for FFI, well tested.
See Full Audit
unsafe in serialization related code is hard to audit and makes me nervousPart of my byteorder audit
Part of my byteorder audit
Part of my byteorder audit
Part of my byteorder audit
https://github.com/rust-lang/cargo - I blindly trust rust
A mixed bag.
On the one hand, the core tool found in src seems fine, solid fundamentals.
On the other hand, the glue code is full chock full of unsafe, some of it unsound.
Worse, the FFI includes things that varies from android SDK to SDK from the loops of things.
injected-glue\ffi.rs: -1
Should be replaced with bindgen generated header? Also, changes between SDKs, so really really really should not be simply hardcoded...!
Ref: https://android.googlesource.com/platform/development/+/4948c163663ecc343c97e4c2a2139234f1d3273f/ndk/sources/android/native_app_glue/android_native_app_glue.h
Ref: https://chromium.googlesource.com/android_tools/+/7fc902d157a9aed7a2b68adc9c69181b3a43cd58/ndk/sources/android/native_app_glue/android_native_app_glue.h
45 LOOPER_ID_INPUT: Wrong? (should be 2?: https://chromium.googlesource.com/android_tools/+/7fc902d157a9aed7a2b68adc9c69181b3a43cd58/ndk/sources/android/native_app_glue/android_native_app_glue.h#204)
LOOPER_ID_EVENT? Different name? https://android.googlesource.com/platform/development/+/4948c163663ecc343c97e4c2a2139234f1d3273f/ndk/sources/android/native_app_glue/android_native_app_glue.h
46 LOOPER_ID_USER: Wrong? (should be 3?: https://chromium.googlesource.com/android_tools/+/7fc902d157a9aed7a2b68adc9c69181b3a43cd58/ndk/sources/android/native_app_glue/android_native_app_glue.h#209)
65+ Skimmed only
injected-glue\lib.rs: -1
92 static mut ANDROID_APP should be UnsafeCell
164 static mut G_MAINTHREAD_BOXED should be UnsafeCell, probable undefined behavior / race conditions
172 scary transmutes
182 Unsound when combined with
191 'safe' access
196 android_main2 is UNSOUND - dereferencing pointers, setting globals, etc. without being marked unsafe.
197+ Skimmed only
340: giant unsafe block
347: uninitialized
src\ops\build.rs: +1
75 Medium: I suspect this won't work on windows as it doesn't use .cmd scripts for the compiler/linker?
131 Medium: injected_glue_lib cmd.exec()?; followed by cmd.exec_with_output()?; (134)- does the glue get double compiled for no good reason?
218 Medium: unreachable! abused where panic! probably should be?
423 Minor: Hardcodes a lot of assumptions. Good foundation though.
src\ops\install.rs: +1
Medium: No way to specify device
src\ops\mod.rs: +1
src\ops\run.rs: +1
Medium: No way to specify device
src\config.rs: +1
Minor: Could use more OsString
Minor: Non-optional opengles_version_*
src\main.rs: +1
Cargo.toml: +1
Cargo.toml.orig: +1
glue_obj.rs: Sketchy looking casts and main handling... but might be right
linker.rs: Strange parse_arguments loop style... but safe, looks sane.
0.4.16: Trivial version bumps.
0.4.15: Trivial version bumps.
0.4.14: Trivial version bumps, mass reformatting.
0.4.13: Trivial version bumps.
0.4.12: Trivial version bumps.
0.4.11: Nice and solid looking code. 100% safe code.
Reviewed:
src\cli.rs: +1
src\main.rs: +1
151 run_lldb
Nonterminating loops are problematic, but I think the side effects here should make this work OK?
(see https://github.com/rust-lang/rust/issues/28728 )
Cargo.toml: +1
Cargo.toml.orig: +1
13 readme path references unpackaged readme
TIL:
Using traits to extend clap::App so flags can be reused per-subcommand is interesting.
0.4.15: Trivial version bumps.
0.4.14: Trivial version bumps, mass reformatting.
0.4.13: Trivial version bumps.
0.4.12: Trivial version bumps.
0.4.11: Nice and solid looking code. 100% safe code.
Reviewed:
src\cli.rs: +1
src\main.rs: +1
151 run_lldb
Nonterminating loops are problematic, but I think the side effects here should make this work OK?
(see https://github.com/rust-lang/rust/issues/28728 )
Cargo.toml: +1
Cargo.toml.orig: +1
13 readme path references unpackaged readme
TIL:
Using traits to extend clap::App so flags can be reused per-subcommand is interesting.
0.4.14: Trivial version bumps, mass reformatting.
0.4.13: Trivial version bumps.
0.4.12: Trivial version bumps.
0.4.11: Nice and solid looking code. 100% safe code.
Reviewed:
src\cli.rs: +1
src\main.rs: +1
151 run_lldb
Nonterminating loops are problematic, but I think the side effects here should make this work OK?
(see https://github.com/rust-lang/rust/issues/28728 )
Cargo.toml: +1
Cargo.toml.orig: +1
13 readme path references unpackaged readme
TIL:
Using traits to extend clap::App so flags can be reused per-subcommand is interesting.
0.4.13: Trivial version bumps.
0.4.12: Trivial version bumps.
0.4.11: Nice and solid looking code. 100% safe code.
Reviewed:
src\cli.rs: +1
src\main.rs: +1
151 run_lldb
Nonterminating loops are problematic, but I think the side effects here should make this work OK?
(see https://github.com/rust-lang/rust/issues/28728 )
Cargo.toml: +1
Cargo.toml.orig: +1
13 readme path references unpackaged readme
TIL:
Using traits to extend clap::App so flags can be reused per-subcommand is interesting.
0.4.12: Trivial version bumps.
0.4.11: Nice and solid looking code. 100% safe code.
Reviewed:
src\cli.rs: +1
src\main.rs: +1
151 run_lldb
Nonterminating loops are problematic, but I think the side effects here should make this work OK?
(see https://github.com/rust-lang/rust/issues/28728 )
Cargo.toml: +1
Cargo.toml.orig: +1
13 readme path references unpackaged readme
TIL:
Using traits to extend clap::App so flags can be reused per-subcommand is interesting.
Nice and solid looking code. 100% safe code.
Reviewed:
src\cli.rs: +1
src\main.rs: +1
151 run_lldb
Nonterminating loops are problematic, but I think the side effects here should make this work OK?
(see https://github.com/rust-lang/rust/issues/28728 )
Cargo.toml: +1
Cargo.toml.orig: +1
13 readme path references unpackaged readme
TIL:
Using traits to extend clap::App so flags can be reused per-subcommand is interesting.
Add/remove/update Cargo.toml dependencies from the command line.
Pros:
Cons:
| crev | |
|---|---|
| thoroughness | low |
| understanding | medium |
| rating | neutral |
| Diff | Rating | Notes |
|---|---|---|
| Cargo.lock | +1 | Added since 0.3.3, enabling frozen installs. Approx 200 indirect deps. |
| Cargo.toml | +1 | Version bumps |
| Cargo.toml.orig | +1 | Version bumps |
| README.md | +1 | Mentions new --sort option |
| appveyor.yml | +1 | Disables gnu targets |
| src/bin/add/args.rs | +1 | New --sort and --offline options |
| src/bin/add/main.rs | +1 | |
| src/bin/upgrade/main.rs | +1 | |
| src/errors.rs | +1 | |
| src/fetch.rs | +1 | |
| src/lib.rs | +1 | |
| src/manifest.rs | +1 | |
| src/registry.rs | +1 | |
| tests/cargo-add.rs | +1 | |
| tests/fixtures/add/Cargo.toml.unsorted | +1 |
Add/remove/update Cargo.toml dependencies from the command line.
Pros:
Cons:
--frozen| crev | |
|---|---|
| thoroughness | low |
| understanding | medium |
| rating | neutral |
| File | Rating | Notes |
|---|---|---|
| src/bin/add/args.rs | +1 | |
| src/bin/add/main.rs | +1 | |
| src/bin/add/manifest_test.rs | +1 | |
| src/bin/rm/main.rs | +1 | |
| src/bin/upgrade/main.rs | +1 | |
| src/crate_name.rs | -1 | .contains(url) seems wrong |
| src/dependency.rs | -1 | No branch support for dependencies? |
| src/errors.rs | +1 | |
| src/fetch.rs | +1 | |
| src/lib.rs | +1 | |
| src/manifest.rs | 0 | find/search duplicate some of cargo metadata's effort I believe |
| tests/fixtures/add/local/Cargo.toml.sample | +1 | |
| tests/fixtures/add/Cargo.toml.sample | +1 | |
| tests/fixtures/manifest-invalid/Cargo.toml.sample | +1 | |
| tests/fixtures/rm/Cargo.toml.sample | +1 | |
| tests/fixtures/upgrade/Cargo.toml.invalid | +1 | |
| tests/fixtures/upgrade/Cargo.toml.source | +1 | |
| tests/fixtures/upgrade/Cargo.toml.target | +1 | |
| tests/cargo-add.rs | 0 | 191: Duplicate assert!s for no reason? |
| tests/cargo-rm.rs | +1 | Tests are admittedly a bit brittle |
| tests/cargo-upgrade.rs | +1 | |
| tests/test_manifest.rs | +1 | |
| tests/utils.rs | 0 | 17: Pointless clone, beware execute_* passes to exec. |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .editorconfig | +1 | |
| .gitignore | +1 | |
| .travis.yml | 0 | rustfmt, clippy, travis-cargo, libcurl4-openssl-dev, libelf-dev, libdw-dev, coveralls |
| appveyor.yml | +1 | |
| bors.toml | +1 | |
| Cargo.toml | 0 | Apache-2.0/MIT. That's a lot of deps. |
| Cargo.toml.orig | 0 | ^ |
| Cargo.lock | -1 | N/A, would nice to be able to --frozen(?) to install fully audited bins |
| CONTRIBUTING.md | +1 | |
| LICENSE | 0 | Just MIT listed here, Cargo.toml references Apache-2.0/MIT. |
| README.md | 0 | "Apache-2.0/MIT" could be clearer in a Readme. |
| rustfmt.toml | 0 | Empty file |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None, warn if introduced |
| miri | N/A | Not bothering with |
| fs | 0 | Manifest related, looks safe? |
| io | 0 | Manifest related |
| docs | +1 | |
| tests | +1 |
format!(
"{host}/api/v1/crates/{crate_name}",
host = REGISTRY_HOST,
crate_name = crate_name
);
Pretty trivial, not even sure if it'll work right on windows to be worth using.
Parse cargo metadata and cargo build --message-format=json output.
Pros:
Cons:
cargo metadata could be passed bad| crev | |
|---|---|
| thoroughness | medium |
| understanding | medium |
| rating | positive |
| Diff | Rating | Notes |
|---|---|---|
| .cargo_vcs_info.json | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| src/dependency.rs | +1 | |
| src/lib.rs | +1 | |
| src/messages.rs | +1 | |
| tests/test_samples.rs | +1 |
Parse cargo metadata and cargo build --message-format=json output.
| Diff | Rating | Notes |
|---|---|---|
| .cargo_vcs_info.json | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| src/errors.rs | +1 | Added Error::NoJson |
| src/lib.rs | 0 | Various safe but breaking code changes |
| src/messages.rs | +1 | |
| tests/selftest.rs | +1 | |
| tests/test_samples.rs | +1 |
| File | Rating | Notes |
|---|---|---|
| src/dependency.rs | +1 | |
| src/diagnostic.rs | +1 | |
| src/errors.rs | +1 | |
| src/lib.rs | 0 | MetadataCommand makes me slightly paranoid |
| src/messages.rs | +1 | |
| tests/selftest.rs | +1 | |
| tests/test_samples.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | 1.32.0 MSRV |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE-MIT | +1 | |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None |
| fs | +1 | None |
| io | 0 | Can invoke cargo metadata. Looks sane, but if passed malicious feature names etc... |
| docs | +1 | |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 495 | exec | shell access, and I'm paranoid about shell param escaping... |
| 500 | exec | shell access, and I'm paranoid about shell param escaping... |
Parse cargo metadata and cargo build --message-format=json output.
| File | Rating | Notes |
|---|---|---|
| src/dependency.rs | +1 | |
| src/diagnostic.rs | +1 | |
| src/errors.rs | +1 | |
| src/lib.rs | 0 | MetadataCommand makes me slightly paranoid |
| src/messages.rs | +1 | |
| tests/selftest.rs | +1 | |
| tests/test_samples.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | 1.32.0 MSRV |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE-MIT | +1 | |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None |
| fs | +1 | None |
| io | 0 | Can invoke cargo metadata. Looks sane, but if passed malicious feature names etc... |
| docs | +1 | |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 495 | exec | shell access, and I'm paranoid about shell param escaping... |
| 500 | exec | shell access, and I'm paranoid about shell param escaping... |
Macro black magic... I trust the author and what I do understand looks good.
Macro black magic... I trust the author and what I do understand looks good.
Interesting idea. Lots of unsafe! Supposedly auto-generated.
I have at least read the code enough (including explicitly looking at each use of unsafe)
to believe there are no obvious funny business nor proper soundness issues. That said:
Concerns (rating: neutral):
Lots of concerning use of unsafe { ... } + core::mem::uninitialized()... but only in #[test] code.
#[allow(improper_ctypes)] for extern "C" block. Sounds like UB-bait.
Punts all safety concerns to the user.
Concerns (thoroughness: low):
I have not properly vetted fn/struct/type signatures against a proper reference.
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| .github/CODEOWNERS | +1 | |
| docs/CONTRIBUTING.md | +1 | |
| src/cursor/ansi_cursor.rs | +1 | |
| src/cursor/cursor.rs | +1 | |
| src/cursor/winapi_cursor.rs | +1 | |
| src/sys/unix.rs | -1 | [#3] 45: Getting the cursor pos can drop stdin data |
| src/sys/winapi.rs | -1 | [#4, #5] Multiple soundness issues |
| src/cursor.rs | +1 | |
| src/lib.rs | +1 | |
| src/sys.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| Cargo.toml | +1 | MIT, dep: winapi |
| Cargo.toml.orig | +1 | MIT, dep: winapi |
| CHANGELOG.md | +1 | |
| LICENSE | +1 | MIT |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | Soundness issues |
| fs | +1 | None |
| io | 0 | Drops stdin |
| docs | +1 | |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 26 | unsafe mut SAVED_CURSOR_POS | -1, [#4] Access to static mut is unguarded! Undefined behavior! Unsound! |
| 68 | fn Cursor::goto | 0, [#5] unsafe { ... } - would be valid if screen buffer handle was guaranteed valid |
| 86 | fn Cursor::set_visibility | 0, [#5] unsafe { ... } - would be valid if screen buffer handle was guaranteed valid |
| 101 | fn Cursor::restore_cursor_pos | -1, [#4] Access to static mut is unguarded! Undefined behavior! Unsound! |
| 114 | fn Cursor::save_cursor_pos | -1, [#4] Access to static mut is unguarded! Undefined behavior! Unsound! |
| 121 | impl From for Cusror | ??, [#5] Not sure if Handle is guaranteed to be valid |
| 129 | impl From for Cursor | -1, [#5] no guarantee HANDLE is valid, unsound! |
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| .github/CODEOWNERS | +1 | |
| docs/CONTRIBUTING.md | +1 | |
| src/cursor/ansi_cursor.rs | +1 | |
| src/cursor/cursor.rs | +1 | |
| src/cursor/winapi_cursor.rs | +1 | |
| src/sys/unix.rs | -1 | [#199] 45: Getting the cursor pos can drop stdin data |
| src/sys/winapi.rs | -1 | [#245, #252] Multiple soundness issues |
| src/cursor.rs | +1 | |
| src/lib.rs | +1 | |
| src/sys.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| Cargo.toml | +1 | MIT, dep: winapi |
| Cargo.toml.orig | +1 | MIT, dep: winapi |
| CHANGELOG.md | +1 | |
| LICENSE | +1 | MIT |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | Soundness issues |
| fs | +1 | None |
| io | 0 | Drops stdin |
| docs | +1 | |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 26 | unsafe mut SAVED_CURSOR_POS | -1, [#245] Access to static mut is unguarded! Undefined behavior! Unsound! |
| 68 | fn Cursor::goto | 0, [#252] unsafe { ... } - would be valid if screen buffer handle was guaranteed valid |
| 86 | fn Cursor::set_visibility | 0, [#252] unsafe { ... } - would be valid if screen buffer handle was guaranteed valid |
| 101 | fn Cursor::restore_cursor_pos | -1, [#245] Access to static mut is unguarded! Undefined behavior! Unsound! |
| 114 | fn Cursor::save_cursor_pos | -1, [#245] Access to static mut is unguarded! Undefined behavior! Unsound! |
| 121 | impl From for Cusror | ??, [#252] Not sure if Handle is guaranteed to be valid |
| 129 | impl From for Cursor | -1, [#252] no guarantee HANDLE is valid, unsound! |
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| .github/CODEOWNERS | +1 | |
| docs/CONTRIBUTING.md | +1 | |
| src/input/input.rs | +1 | |
| src/input/unix_input.rs | -1 | Parsing looks off, panicy internals |
| src/input/windows_input.rs | -1 | Unsound [#245], very strange keyboard handling. |
| src/sys/unix.rs | 0 | Mishandles read == 0? |
| src/input.rs | +1 | |
| src/lib.rs | +1 | |
| src/sys.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| travis.yml | +1 | |
| Cargo.toml | +1 | MIT, winapi, libc, optional serde |
| Cargo.toml.orig | +1 | MIT, winapi, libc, optional serde |
| CHANGELOG.md | +1 | |
| LICENSE | +1 | MIT |
| README.md | +1 | MIT |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | Unsound |
| fs | +1 | /dev/tty access, but that's expected |
| io | +1 | Sound... probably |
| docs | +1 | |
| tests | 0 | Admittedly hard to unit test |
| Line | What | Notes |
|---|---|---|
| 198 | fn SyncReader::next | -1, Disambiguating ESC like this seems super sketchy/brittle. |
| 261 | fn parse_event | -1, This is more like what ESC parsing should look like...? |
| 269 | fn parse_event | -1, \r\n -> Enter Enter? Seems wrong... |
| 312 | fn parse_csi | -1, .unwrap Panic city |
| EOF |
| Line | What | Notes |
|---|---|---|
| 42 | static mut ORIG_MODE | -1, More unsound access [[#2]] |
| 47 | WindowsInput::read_char | +1, unsafe { ... } - willing to assume _getwche is sound. |
| 110 | fn WindowsInput::enable_mouse_mode | -1, unsafe { ... } - unsound access of ORIG_MODE! [#245] |
| 116 | fn WindowsInput::disable_mouse_mode | -1, unsafe { ... } - unsound access of ORIG_MODE! [#245] |
| 225 | fn read_single_event | 0, unsafe { ... } - KeyEventRecord::from(*input.event.KeyEvent()) is probably sound/safe? |
| 228 | fn read_single_event | 0, unsafe { ... } - MouseEvent::from(*input.event.MouseEvent()) is probably sound/safe? |
| 249 | fn read_input_events | 0, unsafe { ... } - KeyEventRecord::from(*input.event.KeyEvent()) is probably sound/safe? |
| 256 | fn read_input_events | 0, unsafe { ... } - MouseEvent::from(*input.event.MouseEvent()) is probably sound/safe? |
| 291 | fn parse_key_event_record | 0, Several keys are dead, apparently |
| 303 | fn parse_key_event_record | 0, Strange enumeration values for KeyEvent |
| 345 | fn parse_key_event_record | -1, either VK_PRIOR | VK_NEXT can be sanely simplified a lot or something is super fucky. |
| 354 | fn parse_key_event_record | -1, either VK_END | VK_HOME can be sanely simplified a lot or something is super fucky. |
| 367 | fn parse_key_event_record | 0, unsafe { ... } assumes UnicodeChar is valid. Private fn only called on win32 results... technically unsound of winapi only populated AsciiChar, but that would be super dumb. |
| EOF |
| Line | What | Notes |
|---|---|---|
| 19 | fn get_tty_fd | +1, unsafe { ... } looks sound |
| 45 | fn read_char_raw | 0, read == 0 can probably happen when pipe broken? generates extra ' '? |
| EOF |
Pros:
| File | Rating | Notes |
|---|---|---|
| .github/CODEOWNERS | +1 | |
| docs/CONTRIBUTING.md | +1 | |
| src/screen/alternate.rs | +1 | |
| src/sceren/raw.rs | +1 | |
| src/sys/unix.rs | +1 | |
| src/sys/winapi.rs | +1 | |
| src/lib.rs | +1 | |
| src/screen.rs | +1 | |
| src/sys.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travvis.yml | +1 | No MSRV |
| Cargo.toml | +1 | MIT, winapi, crossterm_* |
| Cargo.toml.orig | +1 | MIT, winapi, crossterm_* |
| CHANGELOG.md | +1 | |
| LICENSE | +1 | MIT |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | Not in this crate |
| fs | +1 | Not in this crate |
| io | +1 | Indirect / stdio |
| docs | +1 | |
| tests | ?? | Not in this crate |
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| .github/CODEOWNERS | +1 | |
| docs/CONTRIBUTING.md | +1 | |
| src/enums/attribute.rs | +1 | Verified codes vs https://en.wikipedia.org/wiki/ANSI_escape_code#SGR_parameters |
| src/enums/color.rs | 0 | FromStr for Color doesn't implement RGB parsing despite supporting RGB |
| src/enums/colored.rs | +1 | |
| src/ansi_color.rs | 0 | Verified codes vs https://en.wikipedia.org/wiki/ANSI_escape_code#8-bit . Could've simplified match logic a bit. |
| src/color.rs | -1 | Bugs (#261, #263) |
| src/enums.rs | +1 | |
| src/lib.rs | +1 | |
| src/macros.rs | +1 | |
| src/objectstyle.rs | +1 | |
| src/styledobject.rs | 0 | Odd fg/bg naming style. Also reset seems suboptimal if nesting styles? |
| src/traits.rs | +1 | Not sure how wild I am about &str extension methods, but it works. |
| src/winapi_color.rs | -1 | Unsound static mut ORIGINAL_CONSOLE_COLOR if original_console_color ever called before init_console_color, which appears possible #245 |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | No MSRV |
| Cargo.toml | +1 | MIT, winapi, crossterm_winapi, serde |
| Cargo.toml.orig | +1 | MIT, winapi, crossterm_winapi, serde |
| CHANGELOG.md | +1 | |
| LICENSE | +1 | MIT |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | #245 unsound static mut |
| fs | +1 | None |
| io | 0 | Not sure what to blame for win7 styling failures |
| docs | +1 | |
| tests | -1 | Few, hard anyways |
| Line | What | Notes |
|---|---|---|
| 46 | fn WinApiColor::set_fg | mask should be 0x00F0 instead of special casing BACKGROUND_INTENSITY |
| 78 | fn WinApiColor::set_bg | mask should be 0x000F instead of special casing FOREGROUND_INTENSITY |
| 118 | fn color_value | Isn't Color::White and Color::Grey here swapped in terms of colors to be used? |
| 119 | fn color_value | Isn't Color::White and Color::Grey here swapped in terms of colors to be used? |
| 133 | fn color_value | 0 seems like a poor choice for fallback fg color, especially when it's also used for bg color |
| 153 | fn color_value | Isn't Color::White and Color::Grey here swapped in terms of colors to be used? |
| 154 | fn color_value | Isn't Color::White and Color::Grey here swapped in terms of colors to be used? |
| 133 | fn color_value | 0 seems like a mediocre choice for fallback bg color, especially when it's also used for fg color |
| 172 | fn color_value | Wait why the heck are we going to/from strings that makes 0 sense |
| 191 | static mut ORIGINAL_CONSOLE_COLOR | Unsound access if reset called before set_??, which appears possible #245 |
0.4.16: Trivial version bumps.
0.4.15: Trivial version bumps.
0.4.14: Trivial version bumps, style changes.
0.4.13: Trivial version bumps.
0.4.12: Trivial version bumps.
0.4.11
Some of the build/path stuff seems a little off... but might be correct?
All safe code, no security problems.
Reviewed:
src\build_env.rs +1
src\build.rs +1
src\lib.rs 0
102 Is this really correct for specifying the *host* environment?
105 ..
src\utils.rs 0
14 Isn't this generating /../../../ ? Doesn't seem right...
Cargo.toml +1
Cargo.toml.orig +1
0.4.15: Trivial version bumps.
0.4.14: Trivial version bumps, style changes.
0.4.13: Trivial version bumps.
0.4.12: Trivial version bumps.
0.4.11
Some of the build/path stuff seems a little off... but might be correct?
All safe code, no security problems.
Reviewed:
src\build_env.rs +1
src\build.rs +1
src\lib.rs 0
102 Is this really correct for specifying the *host* environment?
105 ..
src\utils.rs 0
14 Isn't this generating /../../../ ? Doesn't seem right...
Cargo.toml +1
Cargo.toml.orig +1
0.4.14: Trivial version bumps, style changes.
0.4.13: Trivial version bumps.
0.4.12: Trivial version bumps.
0.4.11
Some of the build/path stuff seems a little off... but might be correct?
All safe code, no security problems.
Reviewed:
src\build_env.rs +1
src\build.rs +1
src\lib.rs 0
102 Is this really correct for specifying the *host* environment?
105 ..
src\utils.rs 0
14 Isn't this generating /../../../ ? Doesn't seem right...
Cargo.toml +1
Cargo.toml.orig +1
0.4.13: Trivial version bumps.
0.4.12: Trivial version bumps.
0.4.11
Some of the build/path stuff seems a little off... but might be correct?
All safe code, no security problems.
Reviewed:
src\build_env.rs +1
src\build.rs +1
src\lib.rs 0
102 Is this really correct for specifying the *host* environment?
105 ..
src\utils.rs 0
14 Isn't this generating /../../../ ? Doesn't seem right...
Cargo.toml +1
Cargo.toml.orig +1
0.4.12: Trivial version bumps.
0.4.11
Some of the build/path stuff seems a little off... but might be correct?
All safe code, no security problems.
Reviewed:
src\build_env.rs +1
src\build.rs +1
src\lib.rs 0
102 Is this really correct for specifying the *host* environment?
105 ..
src\utils.rs 0
14 Isn't this generating /../../../ ? Doesn't seem right...
Cargo.toml +1
Cargo.toml.orig +1
Some of the build/path stuff seems a little off... but might be correct?
All safe code, no security problems.
Reviewed:
src\build_env.rs +1
src\build.rs +1
src\lib.rs 0
102 Is this really correct for specifying the *host* environment?
105 ..
src\utils.rs 0
14 Isn't this generating /../../../ ? Doesn't seem right...
Cargo.toml +1
Cargo.toml.orig +1
0.4.16: Trivial version bumps, thread -> std::thread
0.4.15: Trivial version bumps
0.4.14: Trivial version bumps, lots of pointless style changes, a few warning fixes (missing dyns etc.)
0.4.13: Trivial version bumps
0.4.12: Trivial version bumps
0.4.11
thoroughness: low - mostly due to iOS FFI, shell stuff not being super thorough, and review fatigue causing my eyes to glaze over in places.
understanding: low - lots of shell/path stuff that I don't know well enough to verify
rating: neutral - see concerns bellow.
src\android\device.rs +1
14 Odd place to install...
src\android\mod.rs +1
155 Could also check android studio SDK install path
src\host\device.rs +1
src\host\mod.rs +1
src\host\platform.rs +1
src\ios\device.rs 0
50 Not sure if the underlying iOS APIs are thread safe, but this seems acceptable.
277 unsafe { ... } for FFI. Looks generally safe except for scary mem::transmute(kCFBooleanTrue), but even that may be right.
303 unsafe { ... } for FFI. Looks safe to me.
367 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
419 unsafe { ... } for FFI. Looks safe to me.
440 unsafe { ... } for FFI. Looks safe to me.
454 unsafe { ... } for FFI. Looks safe to me.
487 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
519 This thread just eats errors.
683 unsafe { ... } for FFI. Transmute... probably safe.
690 unsafe { ... } for FFI. Looks safe to me.
691 unsafe { ... } for FFI. Scary Core Foundation related transmutes... probably OK, but some utilities to sanity check these conversions in debug would be nice.
696 unsafe { ... } for FFI. Another scary-but-probably-safe transmute.
src\ios\helpers.py +1
src\ios\mobiledevice_sys.rs 0
FFI, not perfectly verified since I don't have an OS X machine to check the headers out on.
Ref: https://github.com/PanayotCankov/device.io/blob/master/idb/MobileDevice.h
Various minor const differences, a few functions missing in ref, a few likely improved definitions in places.
33 am_device_notification_callback_info has "extra" field vs reference, "subscription". iOS internal struct?
src\ios\mod.rs 0
43 unsafe { ... } for FFI. Looks safe to me.
55 technically unsound inner fn (uses ptrs)
61 Scary looking as hell, but I think this is just going Box (40) -> void* (48) -> Box (here).
62 UNDEFINED BEHAVIOR: Possible panic unwind through FFI, technically an hazard.
I would've missed this edge case but for the comment, so I'm not docking points.
Unlikely to cause severe problems, but would be worth fixing.
src\ios\platform.rs +1
src\ios\xcode.rs +1
25 Dead code not reviewed
91 I have not thoroughly audited this code signing stuff, but looks OK.
199 com.zoy.kali.Dinghy? A bit hardcoded...
src\platform\mod.rs +1
src\platform\regular_platform.rs +1
44 Since when does "regular" mean "*nix" - might not work on windows.
src\script\device.rs +1
src\script\mod.rs +1
src\ssh\device.rs 0
src\ssh\mod.rs +1
src\compiler.rs +1
475 Isn't this unbanned?
src\config.rs +1
src\device.rs +1
src\errors.rs +1
src\lib.rs +1
87 random sleep? why?
src\overlay.rs +1
src\project.rs +1
src\toolchain.rs +1
src\utils.rs +1
build.rs +1
Cargo.toml +1
Cargo.toml.orig +1
Neat loop pattern:
for (a, b, c) in &[
("a", "b", "c"),
("aa", "bb", "cc"),
] {
...
}
Sysroot paths: ndk/toolchains/llvm/prebuilt/sysroot/usr/lib/{binutils_cpu}-linux-{abi_kind}"
0.4.15: Trivial version bumps
0.4.14: Trivial version bumps, lots of pointless style changes, a few warning fixes (missing dyns etc.)
0.4.13: Trivial version bumps
0.4.12: Trivial version bumps
0.4.11
thoroughness: low - mostly due to iOS FFI, shell stuff not being super thorough, and review fatigue causing my eyes to glaze over in places.
understanding: low - lots of shell/path stuff that I don't know well enough to verify
rating: neutral - see concerns bellow.
src\android\device.rs +1
14 Odd place to install...
src\android\mod.rs +1
155 Could also check android studio SDK install path
src\host\device.rs +1
src\host\mod.rs +1
src\host\platform.rs +1
src\ios\device.rs 0
50 Not sure if the underlying iOS APIs are thread safe, but this seems acceptable.
277 unsafe { ... } for FFI. Looks generally safe except for scary mem::transmute(kCFBooleanTrue), but even that may be right.
303 unsafe { ... } for FFI. Looks safe to me.
367 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
419 unsafe { ... } for FFI. Looks safe to me.
440 unsafe { ... } for FFI. Looks safe to me.
454 unsafe { ... } for FFI. Looks safe to me.
487 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
519 This thread just eats errors.
683 unsafe { ... } for FFI. Transmute... probably safe.
690 unsafe { ... } for FFI. Looks safe to me.
691 unsafe { ... } for FFI. Scary Core Foundation related transmutes... probably OK, but some utilities to sanity check these conversions in debug would be nice.
696 unsafe { ... } for FFI. Another scary-but-probably-safe transmute.
src\ios\helpers.py +1
src\ios\mobiledevice_sys.rs 0
FFI, not perfectly verified since I don't have an OS X machine to check the headers out on.
Ref: https://github.com/PanayotCankov/device.io/blob/master/idb/MobileDevice.h
Various minor const differences, a few functions missing in ref, a few likely improved definitions in places.
33 am_device_notification_callback_info has "extra" field vs reference, "subscription". iOS internal struct?
src\ios\mod.rs 0
43 unsafe { ... } for FFI. Looks safe to me.
55 technically unsound inner fn (uses ptrs)
61 Scary looking as hell, but I think this is just going Box (40) -> void* (48) -> Box (here).
62 UNDEFINED BEHAVIOR: Possible panic unwind through FFI, technically an hazard.
I would've missed this edge case but for the comment, so I'm not docking points.
Unlikely to cause severe problems, but would be worth fixing.
src\ios\platform.rs +1
src\ios\xcode.rs +1
25 Dead code not reviewed
91 I have not thoroughly audited this code signing stuff, but looks OK.
199 com.zoy.kali.Dinghy? A bit hardcoded...
src\platform\mod.rs +1
src\platform\regular_platform.rs +1
44 Since when does "regular" mean "*nix" - might not work on windows.
src\script\device.rs +1
src\script\mod.rs +1
src\ssh\device.rs 0
src\ssh\mod.rs +1
src\compiler.rs +1
475 Isn't this unbanned?
src\config.rs +1
src\device.rs +1
src\errors.rs +1
src\lib.rs +1
87 random sleep? why?
src\overlay.rs +1
src\project.rs +1
src\toolchain.rs +1
src\utils.rs +1
build.rs +1
Cargo.toml +1
Cargo.toml.orig +1
Neat loop pattern:
for (a, b, c) in &[
("a", "b", "c"),
("aa", "bb", "cc"),
] {
...
}
Sysroot paths: ndk/toolchains/llvm/prebuilt/sysroot/usr/lib/{binutils_cpu}-linux-{abi_kind}"
0.4.14: Trivial version bumps, lots of pointless style changes, a few warning fixes (missing dyns etc.)
0.4.13: Trivial version bumps
0.4.12: Trivial version bumps
0.4.11
thoroughness: low - mostly due to iOS FFI, shell stuff not being super thorough, and review fatigue causing my eyes to glaze over in places.
understanding: low - lots of shell/path stuff that I don't know well enough to verify
rating: neutral - see concerns bellow.
src\android\device.rs +1
14 Odd place to install...
src\android\mod.rs +1
155 Could also check android studio SDK install path
src\host\device.rs +1
src\host\mod.rs +1
src\host\platform.rs +1
src\ios\device.rs 0
50 Not sure if the underlying iOS APIs are thread safe, but this seems acceptable.
277 unsafe { ... } for FFI. Looks generally safe except for scary mem::transmute(kCFBooleanTrue), but even that may be right.
303 unsafe { ... } for FFI. Looks safe to me.
367 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
419 unsafe { ... } for FFI. Looks safe to me.
440 unsafe { ... } for FFI. Looks safe to me.
454 unsafe { ... } for FFI. Looks safe to me.
487 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
519 This thread just eats errors.
683 unsafe { ... } for FFI. Transmute... probably safe.
690 unsafe { ... } for FFI. Looks safe to me.
691 unsafe { ... } for FFI. Scary Core Foundation related transmutes... probably OK, but some utilities to sanity check these conversions in debug would be nice.
696 unsafe { ... } for FFI. Another scary-but-probably-safe transmute.
src\ios\helpers.py +1
src\ios\mobiledevice_sys.rs 0
FFI, not perfectly verified since I don't have an OS X machine to check the headers out on.
Ref: https://github.com/PanayotCankov/device.io/blob/master/idb/MobileDevice.h
Various minor const differences, a few functions missing in ref, a few likely improved definitions in places.
33 am_device_notification_callback_info has "extra" field vs reference, "subscription". iOS internal struct?
src\ios\mod.rs 0
43 unsafe { ... } for FFI. Looks safe to me.
55 technically unsound inner fn (uses ptrs)
61 Scary looking as hell, but I think this is just going Box (40) -> void* (48) -> Box (here).
62 UNDEFINED BEHAVIOR: Possible panic unwind through FFI, technically an hazard.
I would've missed this edge case but for the comment, so I'm not docking points.
Unlikely to cause severe problems, but would be worth fixing.
src\ios\platform.rs +1
src\ios\xcode.rs +1
25 Dead code not reviewed
91 I have not thoroughly audited this code signing stuff, but looks OK.
199 com.zoy.kali.Dinghy? A bit hardcoded...
src\platform\mod.rs +1
src\platform\regular_platform.rs +1
44 Since when does "regular" mean "*nix" - might not work on windows.
src\script\device.rs +1
src\script\mod.rs +1
src\ssh\device.rs 0
src\ssh\mod.rs +1
src\compiler.rs +1
475 Isn't this unbanned?
src\config.rs +1
src\device.rs +1
src\errors.rs +1
src\lib.rs +1
87 random sleep? why?
src\overlay.rs +1
src\project.rs +1
src\toolchain.rs +1
src\utils.rs +1
build.rs +1
Cargo.toml +1
Cargo.toml.orig +1
Neat loop pattern:
for (a, b, c) in &[
("a", "b", "c"),
("aa", "bb", "cc"),
] {
...
}
Sysroot paths: ndk/toolchains/llvm/prebuilt/sysroot/usr/lib/{binutils_cpu}-linux-{abi_kind}"
0.4.13: Trivial version bumps
0.4.12: Trivial version bumps
0.4.11
thoroughness: low - mostly due to iOS FFI, shell stuff not being super thorough, and review fatigue causing my eyes to glaze over in places.
understanding: low - lots of shell/path stuff that I don't know well enough to verify
rating: neutral - see concerns bellow.
src\android\device.rs +1
14 Odd place to install...
src\android\mod.rs +1
155 Could also check android studio SDK install path
src\host\device.rs +1
src\host\mod.rs +1
src\host\platform.rs +1
src\ios\device.rs 0
50 Not sure if the underlying iOS APIs are thread safe, but this seems acceptable.
277 unsafe { ... } for FFI. Looks generally safe except for scary mem::transmute(kCFBooleanTrue), but even that may be right.
303 unsafe { ... } for FFI. Looks safe to me.
367 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
419 unsafe { ... } for FFI. Looks safe to me.
440 unsafe { ... } for FFI. Looks safe to me.
454 unsafe { ... } for FFI. Looks safe to me.
487 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
519 This thread just eats errors.
683 unsafe { ... } for FFI. Transmute... probably safe.
690 unsafe { ... } for FFI. Looks safe to me.
691 unsafe { ... } for FFI. Scary Core Foundation related transmutes... probably OK, but some utilities to sanity check these conversions in debug would be nice.
696 unsafe { ... } for FFI. Another scary-but-probably-safe transmute.
src\ios\helpers.py +1
src\ios\mobiledevice_sys.rs 0
FFI, not perfectly verified since I don't have an OS X machine to check the headers out on.
Ref: https://github.com/PanayotCankov/device.io/blob/master/idb/MobileDevice.h
Various minor const differences, a few functions missing in ref, a few likely improved definitions in places.
33 am_device_notification_callback_info has "extra" field vs reference, "subscription". iOS internal struct?
src\ios\mod.rs 0
43 unsafe { ... } for FFI. Looks safe to me.
55 technically unsound inner fn (uses ptrs)
61 Scary looking as hell, but I think this is just going Box (40) -> void* (48) -> Box (here).
62 UNDEFINED BEHAVIOR: Possible panic unwind through FFI, technically an hazard.
I would've missed this edge case but for the comment, so I'm not docking points.
Unlikely to cause severe problems, but would be worth fixing.
src\ios\platform.rs +1
src\ios\xcode.rs +1
25 Dead code not reviewed
91 I have not thoroughly audited this code signing stuff, but looks OK.
199 com.zoy.kali.Dinghy? A bit hardcoded...
src\platform\mod.rs +1
src\platform\regular_platform.rs +1
44 Since when does "regular" mean "*nix" - might not work on windows.
src\script\device.rs +1
src\script\mod.rs +1
src\ssh\device.rs 0
src\ssh\mod.rs +1
src\compiler.rs +1
475 Isn't this unbanned?
src\config.rs +1
src\device.rs +1
src\errors.rs +1
src\lib.rs +1
87 random sleep? why?
src\overlay.rs +1
src\project.rs +1
src\toolchain.rs +1
src\utils.rs +1
build.rs +1
Cargo.toml +1
Cargo.toml.orig +1
Neat loop pattern:
for (a, b, c) in &[
("a", "b", "c"),
("aa", "bb", "cc"),
] {
...
}
Sysroot paths: ndk/toolchains/llvm/prebuilt/sysroot/usr/lib/{binutils_cpu}-linux-{abi_kind}"
0.4.12: Trivial version bumps
0.4.11
thoroughness: low - mostly due to iOS FFI, shell stuff not being super thorough, and review fatigue causing my eyes to glaze over in places.
understanding: low - lots of shell/path stuff that I don't know well enough to verify
rating: neutral - see concerns bellow.
src\android\device.rs +1
14 Odd place to install...
src\android\mod.rs +1
155 Could also check android studio SDK install path
src\host\device.rs +1
src\host\mod.rs +1
src\host\platform.rs +1
src\ios\device.rs 0
50 Not sure if the underlying iOS APIs are thread safe, but this seems acceptable.
277 unsafe { ... } for FFI. Looks generally safe except for scary mem::transmute(kCFBooleanTrue), but even that may be right.
303 unsafe { ... } for FFI. Looks safe to me.
367 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
419 unsafe { ... } for FFI. Looks safe to me.
440 unsafe { ... } for FFI. Looks safe to me.
454 unsafe { ... } for FFI. Looks safe to me.
487 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
519 This thread just eats errors.
683 unsafe { ... } for FFI. Transmute... probably safe.
690 unsafe { ... } for FFI. Looks safe to me.
691 unsafe { ... } for FFI. Scary Core Foundation related transmutes... probably OK, but some utilities to sanity check these conversions in debug would be nice.
696 unsafe { ... } for FFI. Another scary-but-probably-safe transmute.
src\ios\helpers.py +1
src\ios\mobiledevice_sys.rs 0
FFI, not perfectly verified since I don't have an OS X machine to check the headers out on.
Ref: https://github.com/PanayotCankov/device.io/blob/master/idb/MobileDevice.h
Various minor const differences, a few functions missing in ref, a few likely improved definitions in places.
33 am_device_notification_callback_info has "extra" field vs reference, "subscription". iOS internal struct?
src\ios\mod.rs 0
43 unsafe { ... } for FFI. Looks safe to me.
55 technically unsound inner fn (uses ptrs)
61 Scary looking as hell, but I think this is just going Box (40) -> void* (48) -> Box (here).
62 UNDEFINED BEHAVIOR: Possible panic unwind through FFI, technically an hazard.
I would've missed this edge case but for the comment, so I'm not docking points.
Unlikely to cause severe problems, but would be worth fixing.
src\ios\platform.rs +1
src\ios\xcode.rs +1
25 Dead code not reviewed
91 I have not thoroughly audited this code signing stuff, but looks OK.
199 com.zoy.kali.Dinghy? A bit hardcoded...
src\platform\mod.rs +1
src\platform\regular_platform.rs +1
44 Since when does "regular" mean "*nix" - might not work on windows.
src\script\device.rs +1
src\script\mod.rs +1
src\ssh\device.rs 0
src\ssh\mod.rs +1
src\compiler.rs +1
475 Isn't this unbanned?
src\config.rs +1
src\device.rs +1
src\errors.rs +1
src\lib.rs +1
87 random sleep? why?
src\overlay.rs +1
src\project.rs +1
src\toolchain.rs +1
src\utils.rs +1
build.rs +1
Cargo.toml +1
Cargo.toml.orig +1
Neat loop pattern:
for (a, b, c) in &[
("a", "b", "c"),
("aa", "bb", "cc"),
] {
...
}
Sysroot paths: ndk/toolchains/llvm/prebuilt/sysroot/usr/lib/{binutils_cpu}-linux-{abi_kind}"
thoroughness: low - mostly due to iOS FFI, shell stuff not being super thorough, and review fatigue causing my eyes to glaze over in places.
understanding: low - lots of shell/path stuff that I don't know well enough to verify
rating: neutral - see concerns bellow.
src\android\device.rs +1
14 Odd place to install...
src\android\mod.rs +1
155 Could also check android studio SDK install path
src\host\device.rs +1
src\host\mod.rs +1
src\host\platform.rs +1
src\ios\device.rs 0
50 Not sure if the underlying iOS APIs are thread safe, but this seems acceptable.
277 unsafe { ... } for FFI. Looks generally safe except for scary mem::transmute(kCFBooleanTrue), but even that may be right.
303 unsafe { ... } for FFI. Looks safe to me.
367 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
419 unsafe { ... } for FFI. Looks safe to me.
440 unsafe { ... } for FFI. Looks safe to me.
454 unsafe { ... } for FFI. Looks safe to me.
487 unsafe { ... } for FFI. Looks safe to me, but needlessly large.
519 This thread just eats errors.
683 unsafe { ... } for FFI. Transmute... probably safe.
690 unsafe { ... } for FFI. Looks safe to me.
691 unsafe { ... } for FFI. Scary Core Foundation related transmutes... probably OK, but some utilities to sanity check these conversions in debug would be nice.
696 unsafe { ... } for FFI. Another scary-but-probably-safe transmute.
src\ios\helpers.py +1
src\ios\mobiledevice_sys.rs 0
FFI, not perfectly verified since I don't have an OS X machine to check the headers out on.
Ref: https://github.com/PanayotCankov/device.io/blob/master/idb/MobileDevice.h
Various minor const differences, a few functions missing in ref, a few likely improved definitions in places.
33 am_device_notification_callback_info has "extra" field vs reference, "subscription". iOS internal struct?
src\ios\mod.rs 0
43 unsafe { ... } for FFI. Looks safe to me.
55 technically unsound inner fn (uses ptrs)
61 Scary looking as hell, but I think this is just going Box (40) -> void* (48) -> Box (here).
62 UNDEFINED BEHAVIOR: Possible panic unwind through FFI, technically an hazard.
I would've missed this edge case but for the comment, so I'm not docking points.
Unlikely to cause severe problems, but would be worth fixing.
src\ios\platform.rs +1
src\ios\xcode.rs +1
25 Dead code not reviewed
91 I have not thoroughly audited this code signing stuff, but looks OK.
199 com.zoy.kali.Dinghy? A bit hardcoded...
src\platform\mod.rs +1
src\platform\regular_platform.rs +1
44 Since when does "regular" mean "*nix" - might not work on windows.
src\script\device.rs +1
src\script\mod.rs +1
src\ssh\device.rs 0
src\ssh\mod.rs +1
src\compiler.rs +1
475 Isn't this unbanned?
src\config.rs +1
src\device.rs +1
src\errors.rs +1
src\lib.rs +1
87 random sleep? why?
src\overlay.rs +1
src\project.rs +1
src\toolchain.rs +1
src\utils.rs +1
build.rs +1
Cargo.toml +1
Cargo.toml.orig +1
Neat loop pattern:
for (a, b, c) in &[
("a", "b", "c"),
("aa", "bb", "cc"),
] {
...
}
Sysroot paths: ndk/toolchains/llvm/prebuilt/sysroot/usr/lib/{binutils_cpu}-linux-{abi_kind}"
AVOID. This crate is unsound as fuck, and abandoned.
Alternatives:
gl_generator to provide low level unsafe API structs.https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/egl.md
foreign_type! can generate unsound code without using the unsafe keyword in client code at all.
Technically sound, but makes me nervous.
Opaque: Looks way too dereferencable, and would have the wrong size - that of ().
ForeignTypeRef: Unchecked pointer casts galore.
Yet another unsound ECS. Saw more 16-bit counters too.
I'm assuming GetVolumePathNameW will leave buffer null terminated if successful. Unsafe only used for sane-looking FFI, and zeroing structs.
Looks nice and solid. Well documented, well tested, code coverage, safe + sound.
Large crate - so I haven't taken the time to thoroughly audit everything - but I have at least skimmed over all code.
I've written some of my own partial DWARF parser in C++ in the past... parts look appropriately familiar.
| File | Rating | Notes |
|---|---|---|
| benches/bench.rs | +1 | fs |
| examples/dwarfdump.rs | +1 | fs |
| fixtures/self/* | unreviewed binary data (used in test fixtures, probably OK) | |
| fixtures/self/README.md | +1 | |
| releases/friends.sh | +1 | |
| releases/release-announcement-template.md | +1 | |
| src/abbrev.rs | +1 | |
| src/aranges.rs | +1 | |
| src/cfi.rs | +1 | |
| src/constants.rs | +1 | |
| src/endianity.rs | +1 | |
| src/leb128.rs | +1 | |
| src/lib.rs | +1 | |
| src/line.rs | +1 | |
| src/loc.rs | +1 | |
| src/lookup.rs | +1 | |
| src/op.rs | +1 | |
| src/parser.rs | +1 | |
| src/pubnames.rs | +1 | |
| src/pubtypes.rs | +1 | |
| src/ranges.rs | +1 | |
| src/reader.rs | +1 | |
| src/str.rs | +1 | |
| src/test_util.rs | +1 | |
| src/unit.rs | +1 | |
| tests/parse_self.rs | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | 0 | I haven't reviewed travis-cargo |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| CONTRIBUTING.md | +1 | |
| coverage | +1 | |
| format | +1 | |
| LICENSE-APACHE | +1 | |
| LICENSE-MIT | +1 | |
| README.md | +1 | |
| rustfmt.toml | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | Single match unsafe { memmap::Mmap::map(&file) } |
| fs | +1 | Safe, only used in benches/examples/tests |
| io | +1 | Some io::{stderr, Error, Write} - all sane |
| docs | +1 | Lots of 'em! |
| tests | +1 | Lots of 'em! |
travis-cargo
Handle basic #include s for GLSL.
Pros:
Cons:
#file directives emitted#include, must pre-register all possible includes.| crev | |
|---|---|
| thoroughness | medium |
| understanding | high |
| rating | positive |
| File | Rating | Notes |
|---|---|---|
| src/error.rs | +1 | Display for Error not double-clickable but provides good context. |
| src/lib.rs | 0 | Doesn't disambiguate quote style, no callbacks so you must pre-define every includable file. |
| .cargo_vs_info.json | +1 | |
| .cargo-ok | +1 | |
| Cargo.toml | +1 | Apache 2.0 or MIT |
| Cargo.toml.orig | +1 | regex, lazy_static, [dev] indoc, criterion |
| LICENSE-APACHE | +1 | |
| LICENSE-MIT | +1 | |
| README.md | +1 | Apache 2.0 or MIT, Contributions section |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None, 100% safe |
| miri | ||
| fs | +1 | None, instead you need to pre-include(path, into_string). |
| io | +1 | |
| docs | +1 | |
| tests | +1 | Not in .crate, but appears to be there/fine in original repository |
Encoders/decoders for .ico and .cur file formats.
Pros:
Pros:
imageresvgicon-pie's lack of multithreading makes icon-pie sound despite icon_baker's bogus Send+Sync implsPros:
imageresvgCons:
0.2.0: Some minor refactoring and a lot of ugly rustfmt(?) reformatting.
0.1.5: Read all code, including skimmed every line of autogenerated rust tables. Looked for any security issues, including any obvious DoS attacks from loops. Did not try to manually verify any of the bidi/punycode/idna logic against a spec, but test coverage looks excellent.
Read all code, including skimmed every line of autogenerated rust tables. Looked for any security issues, including any obvious DoS attacks from loops. Did not try to manually verify any of the bidi/punycode/idna logic against a spec, but test coverage looks excellent.
std::time::Instant alternative that doesn't panic on wasm targets.
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| .circleci/config.yml | +1 | |
| src/lib.rs | +1 | |
| src/native.rs | +1 | I would've preferred a wrap Instant for ensuring compat, but sure. |
| src/wasm.rs | 0 | f64 repr might accumulate poorly |
| tests/wasm.rs | 0 | test_instant_now could spuriously fail if elapsed() == 0, would like to see more test coverage |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | Overkill |
| AUTHORS | +1 | |
| Cargo.lock | 0 | Pointless, shouldn't be part of the package |
| Cargo.toml | +1 | BSD-3-Clause |
| Cargo.toml.orig | +1 | BSD-3-Clause |
| LICENSE | +1 | BSD-3-Clause? |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None |
| fs | +1 | None |
| io | +1 | None |
| docs | 0 | Mostly unnecessary |
| tests | 0 | Could use more |
Great crate. Doesn't work with WASM.
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/inventory.md#015
Great crate. Doesn't work with WASM.
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/inventory.md#015
Great crate, but currently unsound. Also doesn't work with WASM.
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/inventory.md#014
I believe this is sound, but has way too much unsafe and too few tests for my tastes.
udivmod_1e19 reduces my thoroughness and understanding to low, otherwise both would be medium or higher.
Reviewed:
benches/bench.rs +1
src/lib.rs 0
119 mem::uninitialized (POD)
164 impl_IntegerCommon is potentially unsound, but not public, and guarded by debug_assert!s at least.
Would vastly prefer static_assertions though.
196 one giant unsafe block for pointer math? No bounds checks? Super gross!
Relies on $max_len being enough for $t with no bounds checking.
Relies on d1/d2/n being unable to overflow DEC_DIGITS_LUT.
A careful reading makes this appear technically sound, but super super sketchy.
246 Carefully audited for impl_Integer.
255 Carefully audited for impl_Integer.
267 Carefully audited for impl_Integer.
270 Carefully audited for impl_Integer.
273 Carefully audited for impl_Integer.
294 Again? A careful reading makes this appear technically sound, but super super sketchy.
338 Carefully audited for impl_Integer128.
339 Shouldn't this technically have the cfg if U128_MAX_LEN is going to have it?
341 Carefully audited for impl_Integer128.
tests/test.rs +1
Not nearly enough tests for my liking given how much unsafe code there is.
I'd like to see every edge case of iota::write tested, they aren't.
I'd like to see every edge case of udivmod_1e19 tested, it's not directly tested at all.
.gitignore +1
.travis.yml +1
Cargo.toml +1
Cargo.toml.orig +1
README.md +1
Not yet fully reviewed:
src/udiv128.rs 0
34 Correct - since high is nonzero (line 29 bails if it wasn't), leading_zeros < 64.
35+ My eyes glazed over at this point. I haven't verified udivmod_1e19(...).1 meets it's invariants!
TIL:
You can use \``edition2018on doc comment code blocks. You can have a public trait require a private one to "seal" it. You can specifysudo: false` in .travis.yml
Rated files were at least reviewed to thoroughness + understanding medium, but the rest was only reviewed to througuhness low.
| File | Rating | Notes |
|---|---|---|
| .github/PULL_REQUEST_TEMPLATE.md | +1 | |
| .travis/run_travis_job.sh | +1 | |
| .vscode/tasks.json | +1 | |
| benches/api_calls.rs | +1 | Various API concerns but this file is fine. |
| examples/HelloWorld.h | +1 | Matches HelloWorld.java... generated by javah? |
| examples/HelloWorld.java | +1 | |
| examples/Makefile | +1 | |
| src/wrapper/descriptors/class_desc.rs | +1 | |
| src/wrapper/descriptors/desc.rs | +1 | |
| src/wrapper/descriptors/exception_desc.rs | +1 | |
| src/wrapper/descriptors/field_desc.rs | +1 | |
| src/wrapper/descriptors/method_desc.rs | +1 | |
| src/wrapper/descriptors/mod.rs | +1 | |
| src/wrapper/java_vm/init_args.rs | +1 | |
| src/wrapper/java_vm/mod.rs | +1 | |
| src/wrapper/java_vm/vm.rs | -1 | Not 100% sure if it's sound to detatch threads out from under other Java code. Some unsafe attach fns also confuse me as to why they're unsafe. |
| src/wrapper/objects/auto_local.rs | -1 | Not 100% sure if AutoLocal::new is sound based on scary JVM crash warnings |
| src/wrapper/objects/global_ref.rs | +1 | |
| src/wrapper/objects/jbytebuffer.rs | -1 | Allowing construction from arbitrary jobject s will likely be unsound later |
| src/wrapper/objects/jclass.rs | -1 | Ditto |
| src/wrapper/objects/jfieldid.rs | -1 | Ditto |
| src/wrapper/objects/jlist.rs | -1 | Called it - internal is used in safe fns, unsound looking as fuck. |
| src/wrapper/objects/jmap.rs | ||
| src/wrapper/objects/jmethodid.rs | ||
| src/wrapper/objects/jobject.rs | ||
| src/wrapper/objects/jstaticfieldid.rs | ||
| src/wrapper/objects/jstaticmethodid.rs | ||
| src/wrapper/objects/jstring.rs | ||
| src/wrapper/objects/jthrowable.rs | ||
| src/wrapper/objects/jvalue.rs | ||
| src/wrapper/objects/mod.rs | ||
| src/wrapper/strings/ffi_str.rs | ||
| src/wrapper/strings/java_str.rs | ||
| src/wrapper/strings/mod.rs | ||
| src/wrapper/errors.rs | ||
| src/wrapper/executor.rs | ||
| src/wrapper/jnienv.rs | ||
| src/wrapper/macros.rs | ||
| src/wrapper/signature.rs | ||
| src/wrapper/version.rs | ||
| src/lib.rs | ||
| src/sys.rs | +1 | pub use jni_sys::* |
| tests/util/example_proxy.rs | ||
| tests/util/mod.rs | ||
| tests/executor_nested_attach.rs | ||
| tests/executor.rs | ||
| tests/java_integers.rs | ||
| tests/jmap.rs | ||
| tests/jni_api.rs | ||
| tests/jni_global_ref_is_deleted.rs | ||
| tests/jni_global_refs.rs | ||
| tests/threads_attach_guard.rs | ||
| tests/threads_detach_daemon.rs | ||
| tests/threads_detach.rs | ||
| tests/threads_explicit_detach_daemon.rs | ||
| tests/threads_explicit_detach_permanent.rs | ||
| tests/threads_explicit_detach.rs | ||
| tests/threads_nested_attach_daemon.rs | ||
| tests/threads_nested_attach_guard.rs | ||
| tests/threads_nested_attach_permanently.rs | ||
| .appveyor.yml | ||
| .gitignore | ||
| .travis.yml | ||
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| CHANGELOG.md | +1 | |
| clippy.toml | +1 | |
| CODE_OF_CONDUCT.md | +1 | |
| CONTRIBUTING.md | +1 | |
| LICENSE-APACHE | +1 | |
| LICENSE-MIT | +1 | |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | Unsound |
| fs | +1 | Not used |
| io | +1 | Not used |
| docs | +1 | Well documented |
| tests | +1 | Decent testing |
| Line | Notes |
|---|---|
| 52 | ..._unchecked is safe? Look at call_static_method_unchecked carefully. |
| 69 | Not all ..._unchecked are safe? |
| 154 | Must manually drop local refs? Lame. |
| 226 | No use of black box? |
| +1 |
| Line | Notes |
|---|---|
| 24 | I feel like having an implicit "<init>" instead of a struct of some sort is potentially confusing? |
| +1 |
| Line | Notes |
|---|---|
| 46 | Could use more doc-tests |
| 50 | Silently ignoring unsupported options is a little lame |
| 70 | JavaVM::build in doc comments, not new ? |
| 101 | Pretty gosh darn heckin' sketchy if you ask me... relies on opts never being modified after this point. Fortunately this type's contents are nice and private/local, so that's enforced. |
| +1 |
| Line | Notes |
|---|---|
| 134 | unsafe impl Send + Sync - I believe this is safe for JavaVM (as used here), but not for JNIEnv (keep a look out for that later) |
| 150 | unsafe { ... } - ptr casts are a bit sketchy, otherwise LGTM. |
| 158 | +1 |
| 165 | unsafe fn - +1 |
| 185 | attach_current_thread_permanently - possible noop if already attached, meaning it might be temporary! |
| 232 | detach_current_thread - doc comments make this sound possibly unsound? |
| 270 | unsafe { ... } - +1 |
| 280 | unsafe { ... } - +1 |
| 364 | unsafe fn - This... actually looks sound? What am I missing? |
| 386 | unsafe fn - This... actually looks sound? What am I missing? |
| 409 | unsafe { ... } - +1 |
| -1 - Can detatched threads cause unsoundness? What am I missing for unsafe fn? |
| Line | Notes |
|---|---|
| 36 | unsafe impl Send + Sync - should be safe? |
| 48 | unsafe fn - presumably because this takes a jobject. LGTM. |
| 66 | unsafe fn - presumably because this takes a jobject. LGTM. |
| +1 |
| Line | Notes |
|---|---|
| 11 | jobject is just a pointer, so this general purpouse crate-exported method means using JByteBuffer s is unsafe! |
| 32 | there's no guarantee a given JObject is a JByteBuffer, but this succeeds unconditionally. |
| -1 - I suspect invalid jobject s will cause soundness issues later |
| Line | Notes |
|---|---|
| 20 | Eww, methods cached per-object? |
| 46 | jobject -> JObject -> JList can be constructed with an invalid pointer... |
| 69 | ...making all safe fns on this type unsound. Use of 'safe' _unchecked methods also concerns me. |
| -1 |
| Line | Rating | Notes |
|---|---|---|
| ... | ||
| 26 | +1 | non_null |
| ... | ||
| 105 | +1 | java_vm_unchecked - 'unchecked' refers to error codes. unsafe macro, $java_vm must be valid. |
| 132 | -1 | java_vm_method - I wish this forced the caller to use unsafe { ... }. unsafe macro, $jnienv must be valid. |
| ... |
javah to generate rust, perhaps?[build-dependencies]Good solid FFI crate. Manual generation (I see comments!) concerns me, but upon review it looks to have been done correctly.
Verified all structs and FFI signatures against android JNI.h, with the exception of double checking that everything is marked JNICALL on windows JNI instead of just most of it.
Android JNI lacks parameter names, so I didn't sanity check those either.
Verified against %LOCALAPPDATA%\Android\Sdk\ndk-bundle\toolchains\llvm\prebuilt\windows-x86_64\sysroot\usr\include\jni.h
| File | Rating | Notes |
|---|---|---|
| src/lib.rs | +1 | Lots of unsafe... but necessary. |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| appveyor.yml | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | Lots of it... but all necessary, and after careful review, all appears correct. |
| fs | +1 | None |
| io | +1 | None |
| docs | -1 | Nonexistant, but of low importance (other primary references are available) |
| tests | 0 | Not in crate |
| Line | Rating | Notes |
|---|---|---|
| 7 | +1 | Looks sufficiently correct to me - VS defines this as *mut c_char, but *mut c_void is close enough IMO. |
| 10 | +1 | all verified |
| 20 | 0 | native version uses more newtypes, but without inheritence maybe this is sane in Rust. |
| 39 | +1 | verified |
| 51 | +1 | sure |
| 57 | +1 | |
| 64 | -1 | DANGER - rust enum for C enum is begging for unsound if returned from FFI |
| 71 | +1 | JNI constants here all look good |
| 93 | 0 | JNINativeMethod - C version uses const char*, but the muts here aren't a big deal... I |
| 99 | +1 | |
| 105 | +1 | JNINativeInterface is bloody huge, but all methods appear to match in name, position, and signature... |
| 115 | ...with the caveat that there's a lot of "system" convention when JNICALL isn't used throughout the android jni.h. However, it is used in openjdk so that's probably fine? | |
| 116 | I'm also assuming Option<unsafe extern "system" fn(...) -> ...> is FFI compatible with C function pointers, which might be a bad assumption. | |
| 157 | Native version isn't marked no return but I bet it is. | |
| 175 | Also, varargs functions degrade to "C" mode per https://stackoverflow.com/a/3615407 | |
| 1411 | Reviewed all the way to here! | |
| 1413 | +1 | Sure |
| 1421 | +1 | JNIEnv_ - Lack of impl with forwarding fns like jni.h has is vageuly annoying. |
| 1425 | +1 | Sure |
| 1433 | +1 | JavaVMOption - Again, mut differences, but otherwise OK. Sure. |
| 1438 | +1 | Sure |
| 1446 | +1 | JavaVMInitArgs - LGTM |
| 1453 | +1 | Sure |
| 1461 | +1 | JavaVMAttachArgs - Again, mut differences, but otherwise OK. Sure. |
| 1467 | +1 | Sure |
| 1475 | +1 | JNIInvokeInterface - LGTM |
| 1501 | +1 | Sure |
| 1507 | +1 | LHTM |
1.4.0: Read diff, looks fine.
1.3.0: Read all of src, skimmed all of tests. core_lazy.rs looks a little odd, but is 100% safe code - any issues would be in it's core dependency, spin. inline_lazy.rs contains unsafe blocks... look safe, but downgrades rating to merely positive. lib.rs is just safe macros. Tests all pass.
Read all of src, skimmed all of tests. core_lazy.rs looks a little odd, but is 100% safe code - any issues would be in it's core dependency, spin. inline_lazy.rs contains unsafe blocks... look safe, but downgrades rating to merely positive. lib.rs is just safe macros. Tests all pass.
lazy_static 0.2.11 relied on unsafe muts which would have race conditions during initialization.
I recommend upgrading to a modern lazy_static 1.3.0+!
src\core_lazy.rs: +1
src\lazy.rs: -1 UNSOUND (race conditions in multithreaded init due to static mut / mut refs taken outside of call_once)
src\lib.rs: -1 UNSOUND (uses the static muts without syncronization)
src\nightly_lazy.rs: -1 UNSOUND (race conditions in multithreaded init due to static mut / mut refs taken outside of call_once)
tests*: +1 (skimmed, seem fine)
.travis.yml: +1
.appveyor.yml: +1
Cargo.toml: +1
Cargo.toml.orig: +1
README.md: +1
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/lazycell.md#1.2.1
Appears quite high quality, only the minimum necessary amount of unsafe code used.
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/lazycell.md#1.2.0
Appears quite high quality, only the minimum necessary amount of unsafe code used.
Encode/decode DWARF's variable length integer format, LEB128
Pros:
Apache-2.0 OR MITEncode/decode DWARF's variable length integer format, LEB128
Pros:
Apache-2.0 OR MITEncode/decode DWARF's variable length integer format, LEB128
Pros:
Apache-2.0 OR MITEncode/decode DWARF's variable length integer format, LEB128
Pros:
Apache-2.0 OR MITEncode/decode DWARF's variable length integer format, LEB128
Pros:
Apache-2.0 OR MITEncode/decode DWARF's variable length integer format, LEB128
Pros:
Cons:
A low-boilerplate, high performance archetype based ECS.
Pros:
Cons:
| crev | |
|---|---|
| thoroughness | medium |
| understanding | low (thanks to use of unsafe) |
| rating | negative |
| File | Rating | Notes |
|---|---|---|
| benches/allocation_stress.rs | +1 | No global side effects, no black box use...? |
| benches/pos_vel.rs | +1 | No global side effects, no black box use...? |
| examples/hello_world.rs | +1 | |
| src/borrows.rs | +1 | API lock design concerns me... and I suspect this relies on stable_drop_order to avoid aliasing violations. |
| src/lib.rs | -1 | Difficult to vet unsafe. Some O(N) and overflow concerns. |
| src/query.rs | -1 | Difficult to vet unsafe. |
| src/storage.rs | -1 | Tons of difficult-to-vet UnsafeCell use that leaks some of it's unsafety out to other files. |
| tests/query_api.rs | +1 | |
| tests/world_api.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | caching cargo might be a bad idea IME |
| bench.png | +1 | |
| Cargo.toml | +1 | MIT |
| Cargo.toml.orig | +1 | MIT |
| LICENSE | +1 | MIT |
| readme.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | Lots of hard to reason about unsafe. |
| miri | -1 | Trivial use chokes up miri. |
| fs | +1 | |
| io | +1 | |
| docs | +1 | |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 17 | Borrow::aquire_read | Possible race condition source. Attempts to increment if >= 0. Theoretically could livelock if sufficiently contested, shouldn't in practice. |
| 33 | Borrow::aquire_write | Possible race condition source. Attempts to go from 0 => -1. |
| 43 | Drop for Borrow | +1 |
| 57 | Borrowed | Safe from aliasing violations by virtue of stable_drop_order ? Cannot drop Borrow before value lifetime has ended. |
| 92 | PartialEq for Borrowed | 'b lifetime unused...? |
| 98 | Eq for Borrowed | 'b lifetime unused...? |
| 128 | BorrowedMut | Safe from aliasing violations by virtue of stable_drop_order ? Cannot drop Borrow before value lifetime has ended. |
| 177 | BorrowedSlice | Safe from aliasing violations by virtue of stable_drop_order ? Cannot drop Borrow before value lifetime has ended. |
| 220 | BorrowedMutSlice | Safe from aliasing violations by virtue of stable_drop_order ? Cannot drop Borrow before value lifetime has ended. |
| 269 | BorrowedIter | Safe from aliasing violations by virtue of stable_drop_order ? Cannot drop Borrow before value lifetime has ended. |
| EOF |
| Line | What | Notes |
|---|---|---|
| 1 | Lib doc comments | +1 |
| 254 | WorldId | Only 16-bit world IDs? I could see this overflowing in practice, especially if using the advertized ability to stream stuff in. |
| 264 | ArchetypeId | Only 16-bit chunk IDs? Also, poor alignment. |
| 281 | Entity | Standard dual generation index, I approve... although hot entity IDs could overflow in practice? |
| 310 | Universe::logger | Not entirely sure I'm a fan of this. |
| 365 | ComponentIndex & friends | These Indexes should be used earlier when defining WorldId etc.... |
| 409 | impl EntityBlock | +1 |
| 431 | EntityBlock::in_range | Slightly bogus u32 cast - EntityBlock::new should enforce u32 size if you want a u32 len... |
| 498 | impl EntityAllocator | Full of O(N/1024) operations that could be O(1). Chunking is fine, but this really should abuse the fact that BLOCK_SIZE is constant more instead of looping. |
| 517 | EntityAllocator::create_entity | A better allocation strategy (IMO) would be to always start with the block we last allocated from. Will have degenerate behavior if we're constantly freeing/allocating from the first block. |
| 625 | World::merge doc comment | Concerning, implies API is unsound |
| 638 | World::merge | unsafe { ... } - I think this might be sound thanks to &mut self implying we have exclusive access to self.archetypes[?].chunks()[?].entities() |
| 719 | World::insert | unsafe { ... } - I think this might be sound thanks to &mut self implying we have exclusive access to self.archetypes[?].chunks()[?].entities() |
| 720 | World::insert | unsafe { ... } - I think this might be sound thanks to &mut self implying we have exclusive access to self.archetypes[?].chunks()[?].entities() |
| 805 | World::entity_data_mut | unsafe { ... } - I think this might be sound thanks to &mut self implying we have exclusive access to self.archetypes[?].chunks()[?].entities() |
| 841 | World::prep_archetype | unsafe { ... } - Probably sound - index should be valid - but why not just `.map( |
| 1016 | EntitySource for IterEntitySource | unsafe { ... } - I think this might be sound thanks to &mut Chunk implying we have exclusive access to chunk.entities() |
| EOF |
| Line | What | Notes |
|---|---|---|
| * | PhantomData | Frequently used when T is already used in the struct, I'm concerned I'm missing something. |
| 196 | impl View for (...) validate() | unsafe { ... } - 0 <= i < j < types.len(), so both calls to get_unchecked should be sound. |
| 276 | std::ops::Not for Passthrough | Oooh, operator overloading abuse. Probably fine? |
| 1065 | impl Iterator for ZipEntities next | unsafe { ... } - Sketchy, assumes data.len() <= entities.len() and that's not a particularly trivial assertion to prove. |
| 1088 | ChunkView::entities | unsafe { ... } - NFI if this is sound or not. |
| EOF |
| Line | What | Notes |
|---|---|---|
| 19 | StorageVec | UnsafeCell! Oh no. |
| 39 | unsafe fn StorageVec::data_mut(&self) | Because this doesn't take &mut self, this forces the caller to enforce borrow checking manually. |
| 47 | ComponentStorage::remove for StorageVec | unsafe { ... } - I think this might be sound thanks to &mut self |
| 52 | ComponentStorage::len for StorageVec | unsafe { ... } - Unsound? It's not clear what, if anything, ensures len() isn't being mutated by another borrower. |
| 104 | unsafe fn Chunk::entities_unchecked | Because this doesn't take &mut self, this forces the caller to enforce borrow checking manually. |
| 126 | unsafe fn Chunk::entity_data_unchecked | +1? |
| 141 | unsafe fn Chunk::entity_data_mut_unchecked | Ditto. |
| 157 | Chunk::entity_data | unsafe { ... } - Unsound? "Locks" via borrow types after constructing &T, which is too late. |
| 174 | Chunk::entity_data_mut | unsafe { ... } - Unsound? "Locks" via borrow types after constructing &mut T, which is too late. |
| 199 | Chunk::shared_data | unsafe { ... } - NFI if this is sound or not. Haven't groked why SharedComponentStore is UnsafeCell or what protects it, if anything. |
| 212 | Chunk::remove | unsafe { ... } - I think this might be sound thanks to &mut self |
| EOF |
use legion::prelude::*;
[test] // PREPEND YOUR OWN POUND SIGN
fn test() {
let universe = Universe::new(None);
let mut world = universe.create_world();
world.insert_from((), vec![(1i32,)]);
}
rustup toolchain install nightly-2019-09-11
rustup component add miri --toolchain=nightly-2019-09-11
cargo +nightly-2019-09-11 miri test
error[E0080]: Miri evaluation error: trying to reborrow for SharedReadWrite, but parent tag <126591> does not have an appropriate item in the borrow stack
|
= note: inside call to `<legion::IterEntitySource<std::vec::IntoIter<(i32,)>, (i32,)> as legion::EntitySource>::write` at C:\Users\Mike\.cargo\registry\src\github.com-1ecc6299db9ec823\legion-0.1.1\src\lib.rs:716:29
= note: inside call to `legion::World::insert::<(), legion::IterEntitySource<std::vec::IntoIter<(i32,)>, (i32,)>>` at C:\Users\Mike\.cargo\registry\src\github.com-1ecc6299db9ec823\legion-0.1.1\src\lib.rs:689:9
note: inside call to `legion::World::insert_from::<(), std::vec::Vec<(i32,)>>` at src\lib.rs:7:5
--> src\lib.rs:7:5
|
7 | world.insert_from((), vec![(1i32,)]);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
note: inside call to `test` at src\lib.rs:4:1
--> src\lib.rs:4:1
|
4 | / fn test() {
5 | | let universe = Universe::new(None);
6 | | let mut world = universe.create_world();
7 | | world.insert_from((), vec![(1i32,)]);
8 | | }
| |_^
TypeId::of::<T>()Utility crate... LGTM!
Internal implementation detail crate of macro_rules_attribute. Relatively trivial... LGTM.
Trivial, looks correct, looks tested. cfg!(debug_assertions) is a sane cfg.
API design is super brittle. Returning uninitialized memory seems like UB-bait.
| File | Rating | Notes |
|---|---|---|
| src/lib.rs | -1 | Soundish, but unsafe as heck APIs. |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| Cargo.toml | +1 | |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | Soundish, but unsafe as heck API design. |
| fs | +1 | None |
| io | +1 | None |
| docs | +1 | |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 23 | allocate | This looks like it returns uninitialized memory (only sizes capacity not actual size). UB bait. Unaligned. |
| 38 | reallocate | Minimal debug checks, constructs Vec from_raw_parts with size when the real vec had size 0. |
https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/microprofile.md#021
Decent seeming crate, but 98% underdocumented underfuzzed C++ that is network exposed, parses strings, rewrites x86, etc.
Might use for development but using it in production would just be begging for CVEs.
Good starting point, and my favorite Rust MIDI API so far, but likely unsound as stands.
Pros:
Cons:
TODO:
| File | Rating | Notes |
|---|---|---|
| examples/test_forward.rs | +1 | |
| examples/test_play.rs | +1 | |
| examples/test_reuse.rs | +1 | |
| examples/test_sysex.rs | +1 | |
| src/backend/asla/mod.rs | 0 | Some extra unsafe, use of uninit data possibly UB |
| src/backend/coremidi/mod.rs | 0 | Is Core MIDI thread safe? (unsafe impl Send for MidiOutputConnection) |
| src/jack/mod.rs | -1 | Use of transmute_copy on Box is skeeeeeeetchy, uninitialized too :( |
| src/jack/wrappers.rs | -1 | Is JACK thread safe? Ringbuffer::read is unsound! Lots of unsafe but mostly for sane FFI. |
| src/winmm/handler.rs | 0 | unsafe for FFI, some pointer casts I haven't thoroughly vetted |
| src/winmm/mod.rs | 0 | unsafe for FFI, uninitialized :(, sketchy deallocate API. Is WinMM thread safe? 333: UB &mut violates aliasing? |
| src/backend/mod.rs | +1 | |
| src/os/mod.rs | +1 | |
| src/os/unix.rs | +1 | |
| src/common.rs | 0 | Consumption of the MidiInput/MidiOutput clients/factories on connect seems a bit strange, especially after the ports refactor. |
| src/errors.rs | +1 | |
| src/lib.rs | +1 | unsafe, but sound |
| tests/virtual.rs | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | RCE: Downloads/installs jack from the internet |
| appveyor.yml | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE | +1 | |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | 99% sure something in here is unsound. transmute_copy, type punning, use of memalloc crate. |
| fs | +1 | N/A |
| io | 0 | libc... maybe safe? |
| docs | +1 | |
| tests | 0 | Good examples, but needs more automated unit/integration tests. Admittedly hard given the lack of MIDI devices on CI servers... |
| Line | What | Notes |
|---|---|---|
| 21 | fn poll | +1 |
| 81 | unsafe impl Send for EventEncoder | Is ASLA thread safe? |
| 578 | unsafe in handle_input | Construction of uninitialized vec, UB? |
[Full Audit]
std::num::NonZero___ equivalents
Pros:
Cons:
NonZero*snew impl[Full Audit]
std::num::NonZero___ equivalents
Pros:
Cons:
NonZero*snew impl[Full Audit]
std::num::NonZero___ equivalents
Pros:
Cons:
NonZero*snew implQueries the OS for the number of CPU cores you have.
Pros:
Cons:
unsafeAlternatives:
Queries the OS for the number of CPU cores you have.
Pros:
Cons:
unsafeAlternatives:
Queries the OS for the number of CPU cores you have.
Pros:
Cons:
unsafeAlternatives:
Solid looking, 100% safe. Only concern is CI scripts downloading random URLs.
Sound, although buggy AMD hardware makes implementing CryptoRng for RdRand/RdSeed a little unnerving to me ( https://github.com/nagisa/rust_rdrand/issues/12 )
Reviewed:
benches\rdrand.rs: +1
benches\rdseed.rs: +1
benches\std.rs: +1
src\changelog.rs: +1
src\lib.rs: 0
All of $gen::try_fill_bytes::imp being unsafe is still concerning... but I believe it's sound now.
RdRand/RdSeed implement CrytoRng, which makes buggy AMD hardware concerning: https://github.com/nagisa/rust_rdrand/issues/12
Concerns reduced since 0.4.0:
https://github.com/nagisa/rust_rdrand/commit/7af432c6e315fde053d0056d1b7df893a865711a
unsafe blocks appear much larger than they need to be.
Concerns fixed since 0.4.0:
https://github.com/nagisa/rust_rdrand/commit/26a0a2f9d885fbbb8e14fa47c8a48e366cf15455
mem::uninitialized() u32s
loop_rand! uses mem::uninitialized() for $el:ty, easy to misuse! Requires unsafe{} so technically sound. Not exported.
https://github.com/nagisa/rust_rdrand/commit/7af432c6e315fde053d0056d1b7df893a865711a
$gen::try_fill_bytes: UNSOUND! word and buffer reference the same data. As both are &mut Ts, this is 100% undefined behavior.
ptr::copy_nonoverlapping: This should really use a slice copy which should be just as safe...? But maybe missing from core?
Verified vs https://www.amd.com/system/files/TechDocs/24594.pdf
is_x86_feature_detected: I have not verified this is correct.
Sound, although buggy AMD hardware makes implementing CryptoRng for RdRand/RdSeed a little unnerving to me ( https://github.com/nagisa/rust_rdrand/issues/12 )
Reviewed:
benches\rdrand.rs: +1
benches\rdseed.rs: +1
benches\std.rs: +1
src\changelog.rs: +1
src\lib.rs: 0
All of $gen::try_fill_bytes::imp being unsafe is still concerning... but I believe it's sound now.
RdRand/RdSeed implement CrytoRng, which makes buggy AMD hardware concerning: https://github.com/nagisa/rust_rdrand/issues/12
Concerns reduced since 0.4.0:
https://github.com/nagisa/rust_rdrand/commit/7af432c6e315fde053d0056d1b7df893a865711a
unsafe blocks appear much larger than they need to be.
Concerns fixed since 0.4.0:
https://github.com/nagisa/rust_rdrand/commit/26a0a2f9d885fbbb8e14fa47c8a48e366cf15455
mem::uninitialized() u32s
loop_rand! uses mem::uninitialized() for $el:ty, easy to misuse! Requires unsafe{} so technically sound. Not exported.
https://github.com/nagisa/rust_rdrand/commit/7af432c6e315fde053d0056d1b7df893a865711a
$gen::try_fill_bytes: UNSOUND! word and buffer reference the same data. As both are &mut Ts, this is 100% undefined behavior.
ptr::copy_nonoverlapping: This should really use a slice copy which should be just as safe...? But maybe missing from core?
Verified vs https://www.amd.com/system/files/TechDocs/24594.pdf
is_x86_feature_detected: I have not verified this is correct.
$gen::try_fill_bytes invokes undefined behavior (overlapping &mut u32 and &mut [u8]).
Reviewed:
benches\rdrand.rs: +1
benches\rdseed.rs: +1
benches\std.rs: +1
src\changelog.rs: +1
src\lib.rs: Concerns:
mem::uninitialized() u32s
is_x86_feature_detected: I have not verified this is correct.
loop_rand! uses mem::uninitialized() for $el:ty, easy to misuse! Requires unsafe{} so technically sound. Not exported.
$gen::try_fill_bytes: UNSOUND! word and buffer reference the same data. As both are &mut Ts, this is 100% undefined behavior.
unsafe blocks appear much larger than they need to be.
ptr::copy_nonoverlapping: This should really use a slice copy which should be just as safe...? But maybe missing from core?
$gen::try_fill_bytes invokes undefined behavior (overlapping &mut u32 and &mut [u8]): https://github.com/nagisa/rust_rdrand/issues/13. 0.5.x removed some use of uninitialized.
Reviewed:
benches\rdrand.rs: +1
benches\rdseed.rs: +1
benches\std.rs: +1
src\changelog.rs: +1
src\lib.rs: Concerns:
mem::uninitialized() u32s
is_x86_feature_detected: I have not verified this is correct.
loop_rand! uses mem::uninitialized() for $el:ty, easy to misuse! Requires unsafe{} so technically sound. Not exported.
$gen::try_fill_bytes: UNSOUND! word and buffer reference the same data. As both are &mut Ts, this is 100% undefined behavior.
unsafe blocks appear much larger than they need to be.
ptr::copy_nonoverlapping: This should really use a slice copy which should be just as safe...? But maybe missing from core?
Offset read/write with &self
Pros:
Cons:
File isn't ReadAt/WriteAt on windows due to seeks... reasonable but annoyingOffset read/write with &self
Pros:
Cons:
File isn't ReadAt/WriteAt on windows due to seeks... reasonable but annoyingExposes unsound APIs, lots of unverified syscalls.
Reviewed:
src\arch*.rs: Skimmed... looks reasonable, but didn't verify correct instructions / register invalidation.
src\io\dma.rs: Some unsafe... looks correct, but not thoroughly tested.
src\io\io.rs: +1
src\io\mmio.rs: UNSOUND (can construct uninitialized() T via "safe" Mmio::new()!)
src\io\mod.rs: +1
src\io\pio.rs: Some unsafe... looks reasonable, but didn't verify correct instructions.
src\scheme\generate.sh: +1
src\scheme\mod.rs: +1
src\scheme\scheme*.rs: UNSOUND (can construct arbitrary slices from arbitrary Packet s via Scheme*::handle)
.cargo_vcs_info.json: +1
.cargo-ok: +1
.gitlab-ci.yml: +1
Cargo.toml: +1
Cargo.toml.orig: +1
LICENSE: +1
README.md: +1
Skimmed:
src\call.rs: Lots of unsafe syscalls... unverified.
src\data.rs: UNSOUND (Map deref etc.)
src\error.rs: No tests for STR_ERROR, but at least it's sound.
src\flag.rs: Sound, magic constant city, meh.
src\lib.rs: LEAKS UNSOUND TRAITS into public interface!
src\number.rs: Safe, magic constant city.
src\tests.rs: Unsafe, but only #[test]s
0.2.0-alpha: Significant refactoring, adding support for generics. LGTM?
0.1.2: Seems solid, although my syn-fu is weak, limiting my ability to review this.
| File | Rating | Notes |
|---|---|---|
| src/docs/require_unsafe_in_bodies.md | +1 | |
| src/docs/require_unsafe_in_body.md | +1 | |
| src/utils/macros.rs | +1 | |
| src/utils/mod.rs | +1 | |
| src/lib.rs | +1 | understanding: low - I'm barely following along |
| src/tests.rs | +1 | |
| tests/ui/body_on_method_2.rs | +1 | |
| tests/ui/body_on_method_2.stderr | +1 | |
| tests/ui/body_on_method.rs | +1 | |
| tests/ui/body_on_method.stderr | +1 | |
| tests/ui/readme.rs | +1 | |
| tests/ui/readme.stderr | +1 | |
| tests/impl_method_2.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/impl_method.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/trait_default_method.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/ui.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| Cargo.toml | +1 | MIT |
| Cargo.toml.orig | +1 | MIT |
| LICENSE | +1 | MIT |
| Makefile | +1 | Unixy |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | Wrangles unsafe but doesn't actually use it itself |
| fs | +1 | None |
| io | +1 | Modifies codegen through syn |
| docs | +1 | |
| tests | +1 |
let Struct { ref member, ref mut member2, .. } = to_destructure;
0.2.0: More refactoring surrounding generics.
0.2.0-alpha: Significant refactoring, adding support for generics. LGTM?
0.1.2: Seems solid, although my syn-fu is weak, limiting my ability to review this.
| File | Rating | Notes |
|---|---|---|
| src/docs/require_unsafe_in_bodies.md | +1 | |
| src/docs/require_unsafe_in_body.md | +1 | |
| src/utils/macros.rs | +1 | |
| src/utils/mod.rs | +1 | |
| src/lib.rs | +1 | understanding: low - I'm barely following along |
| src/tests.rs | +1 | |
| tests/ui/body_on_method_2.rs | +1 | |
| tests/ui/body_on_method_2.stderr | +1 | |
| tests/ui/body_on_method.rs | +1 | |
| tests/ui/body_on_method.stderr | +1 | |
| tests/ui/readme.rs | +1 | |
| tests/ui/readme.stderr | +1 | |
| tests/impl_method_2.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/impl_method.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/trait_default_method.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/ui.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| Cargo.toml | +1 | MIT |
| Cargo.toml.orig | +1 | MIT |
| LICENSE | +1 | MIT |
| Makefile | +1 | Unixy |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | Wrangles unsafe but doesn't actually use it itself |
| fs | +1 | None |
| io | +1 | Modifies codegen through syn |
| docs | +1 | |
| tests | +1 |
let Struct { ref member, ref mut member2, .. } = to_destructure;
Seems solid, although my syn-fu is weak, limiting my ability to review this.
| File | Rating | Notes |
|---|---|---|
| src/docs/require_unsafe_in_bodies.md | +1 | |
| src/docs/require_unsafe_in_body.md | +1 | |
| src/utils/macros.rs | +1 | |
| src/utils/mod.rs | +1 | |
| src/lib.rs | +1 | understanding: low - I'm barely following along |
| src/tests.rs | +1 | |
| tests/ui/body_on_method_2.rs | +1 | |
| tests/ui/body_on_method_2.stderr | +1 | |
| tests/ui/body_on_method.rs | +1 | |
| tests/ui/body_on_method.stderr | +1 | |
| tests/ui/readme.rs | +1 | |
| tests/ui/readme.stderr | +1 | |
| tests/impl_method_2.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/impl_method.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/trait_default_method.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| tests/ui.rs | +1 | The cfgs on unit-tests look the wrong way around? |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| Cargo.toml | +1 | MIT |
| Cargo.toml.orig | +1 | MIT |
| LICENSE | +1 | MIT |
| Makefile | +1 | Unixy |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | Wrangles unsafe but doesn't actually use it itself |
| fs | +1 | None |
| io | +1 | Modifies codegen through syn |
| docs | +1 | |
| tests | +1 |
let Struct { ref member, ref mut member2, .. } = to_destructure;
Excellent looking crate.
Full notes: https://github.com/MaulingMonkey/rust-reviews/blob/master/reviews/rustversion.md#100
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| src/lib.rs | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | Installs travis-cargo |
| Cargo.lock | +1 | |
| Cargo.toml | +1 | No 3rd party deps |
| LICENSE-APACHE | +1 | |
| LICENSE-MIT | +1 | |
| Readme.md | +1 | Properly dual licensed |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None |
| miri | -1 | "can't call foreign function: GetCurrentProcess" |
| fs | +1 | None |
| io | 0 | Hardcoded env fns might need to be featured out for browser WASM targets |
| docs | +1 | |
| tests | +1 | Doc tests |
| Line | What | Notes |
|---|---|---|
| 1 | lib.rs doc comments | +1 |
| 155 | fn full_with_context | +1 |
| 229 | fn full_with_context_no_errors | +1 |
| 283 | fn full | +1 |
| 295 | struct LookupError | +1 |
| 303 | impl Display for LookupError | +1 |
| 309 | impl Error for LookupError | +1 |
| 314 | macro_rules try_lookup! | +1 |
| 323 | fn is_valid_var_name_char | +1 - includes unicode, as mentioned in docs |
| 393 | fn env_with_context | +1 |
| 506 | fn env_with_context_no_errors | +1 |
| 552 | fn env | +1 |
| 584 | fn tilde_with_context | 0 - example incomplete |
| 633 | fn tilde | +1 |
| 637 | mod tilde_tets | +1 |
| 675 | mod env_test | +1 |
| 821 | mod full_tests | +1 |
Apparently you can use references link style for badge images. Huh! I should use that for reviews...
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| src/lib.rs | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | Installs travis-cargo |
| Cargo.lock | +1 | |
| Cargo.toml | +1 | No 3rd party deps |
| LICENSE-APACHE | +1 | |
| LICENSE-MIT | +1 | |
| Readme.md | +1 | Properly dual licensed |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None |
| miri | -1 | "can't call foreign function: GetCurrentProcess" |
| fs | +1 | None |
| io | 0 | Hardcoded env fns might need to be featured out for browser WASM targets |
| docs | +1 | |
| tests | +1 | Doc tests |
| Line | What | Notes |
|---|---|---|
| 1 | lib.rs doc comments | +1 |
| 155 | fn full_with_context | +1 |
| 229 | fn full_with_context_no_errors | +1 |
| 283 | fn full | +1 |
| 295 | struct LookupError | +1 |
| 303 | impl Display for LookupError | +1 |
| 309 | impl Error for LookupError | +1 |
| 314 | macro_rules try_lookup! | +1 |
| 323 | fn is_valid_var_name_char | +1 - includes unicode, as mentioned in docs |
| 393 | fn env_with_context | +1 |
| 506 | fn env_with_context_no_errors | +1 |
| 552 | fn env | +1 |
| 584 | fn tilde_with_context | 0 - example incomplete |
| 633 | fn tilde | +1 |
| 637 | mod tilde_tets | +1 |
| 675 | mod env_test | +1 |
| 821 | mod full_tests | +1 |
Apparently you can use references link style for badge images. Huh! I should use that for reviews...
Lots of unsafe code, long standing open 'maybe UB' issues that proved to be correct, 3 previous rustsec advisories, no obvious fuzz tests. Use only under duress.
Slightly odd-seeming design, looks sane/safe though.
Pros:
Cons:
println!()s for !is_unconstrained() joins is lame / a perf hazard in and of itself.-1s for more detailsMisc. notes:
world.maintain() is necessary| crev | |
|---|---|
| thoroughness | medium |
| understanding | medium |
| rating | neutral |
| File | Rating | Notes |
|---|---|---|
| .github/ISSUE_TEMPLATE/bug_report.md | +1 | |
| .github/ISSUE_TEMPLATE/feature_request.md | +1 | |
| .github/stale.yml | +1 | |
| benches/benches_main.rs | +1 | criterion |
| benches/big_or_small.rs | +1 | nalgebra, shred |
| benches/parallel.rs | +1 | |
| benches/storage_cmp.rs | +1 | |
| benches/storage_sparse.rs | +1 | |
| benches/world.rs | +1 | rayon |
| docs/reference/src/01_system.md | 0 | ~empty |
| docs/reference/src/intro.md | +1 | |
| docs/reference/src/SUMMARY.md | +1 | TOC |
| docs/reference/book.toml | +1 | |
| docs/tutorials/src/images/component-tables.svg | +1 | <switch>? <foreignObject>? What is this madness... |
| docs/tutorials/src/images/entity-component.svg | +1 | |
| docs/tutorials/src/images/system.svg | +1 | |
| docs/tutorials/src/01_intro.md | +1 | Java? |
| docs/tutorials/src/02_hello_world.md | 0 | specs 0.15.0, lots of rust,ignores, poor link names |
| docs/tutorials/src/03_dispatcher.md | +1 | |
| docs/tutorials/src/04_resources.md | +1 | Option<Read<...>> |
| docs/tutorials/src/05_storages.md | +1 | |
| docs/tutorials/src/06_system_data.md | +1 | |
| docs/tutorials/src/07_setup.md | +1 | |
| docs/tutorials/src/08_join.md | +1 | |
| docs/tutorials/src/09_parallel_join.md | +1 | |
| docs/tutorials/src/10_rendering.md | +1 | |
| docs/tutorials/src/11_advanced_component.md | +1 | |
| docs/tutorials/src/12_tracked.md | +1 | |
| docs/tutorials/src/13_saveload.md | +1 | |
| docs/tutorials/src/14_troubleshooting.md | +1 | |
| docs/tutorials/src/SUMMARY.md | +1 | TOC |
| docs/tutorials/book.toml | +1 | |
| docs/website/content/pages/about.md | +1 | |
| docs/website/content/pages/docs.md | +1 | |
| docs/website/content/_index.md | +1 | |
| docs/website/content/specs-0.15.md | +1 | draft, "Test" |
| docs/website/themes/hyde/sass/hyde.scss | +1 | |
| docs/website/themes/hyde/sass/poole.scss | +1 | |
| docs/website/themes/hyde/sass/print.scss | +1 | |
| docs/website/themes/hyde/static/.gitkeep | +1 | |
| docs/website/themes/hyde/templates/404.html | +1 | some templating engine used |
| docs/website/themes/hyde/templates/index.html | +1 | |
| docs/website/themes/hyde/templates/page-nodate.html | +1 | |
| docs/website/themes/hyde/templates/page.html | +1 | |
| docs/website/themes/hyde/.gitignore | +1 | |
| docs/website/themes/hyde/config.toml | +1 | |
| docs/website/themes/hyde/LICENSE | +1 | MIT |
| docs/website/themes/hyde/README.md | +1 | |
| docs/website/themes/hyde/theme.toml | +1 | |
| docs/website/config.toml | +1 | |
| examples/async.rs | +1 | |
| examples/basic.rs | +1 | |
| examples/bitset.rs | +1 | fizzbuzz! Hah. |
| examples/cluster_bomb.rs | +1 | |
| examples/full.rs | +1 | dispatcher.with_barrier() |
| examples/ordered_track.rs | +1 | |
| examples/saveload.rs | +1 | ron, structs/impls inside fns |
| examples/track.rs | +1 | |
| scripts/build-netlify.sh | 0 | Installing things from the internet (zola, mdbook, rustup) |
| scripts/kcov.sh | -1 | docker - owns/deletes mykcov1, runs images, disables seccomp |
| src/join/mod.rs | 0 | I don't fully grok the ParJoin limitations yet, nor the underlying reason behind unsafe fn open/get. |
| src/join/par_join.rs | -1 | "[...] technically not allowed" (ab)use of UnsafeCell |
| src/saveload/de.rs | +1 | |
| src/saveload/marker.rs | +1 | |
| src/saveload/mod.rs | +1 | |
| src/saveload/ser.rs | +1 | |
| src/saveload/tests.rs | +1 | |
| src/saveload/uuid.rs | +1 | |
| src/storage/data.rs | +1 | |
| src/storage/drain.rs | +1 | |
| src/storage/entry.rs | -1 | Entries::get seems sketchy |
| src/storage/flagged.rs | +1 | |
| src/storage/generic.rs | +1 | |
| src/storage/mod.rs | -1 | &mut Storage::get_mut is sketchy as heck |
| src/storage/restrict.rs | -1 | More ParJoin I can't wrap my head around, _unchecked fns sound unsafe but aren't marked as such. |
| src/storage/storages.rs | -1 | #644, UnprotectedStorage is a scary API in general for perf reasons. |
| src/storage/tests.rs | +1 | needs more |
| src/storage/track.rs | 0 | |
| src/world/comp.rs | +1 | |
| src/world/entity.rs | 0 | Possibly missing some self.killed.contains(...) checks in Allocator, ungrokked ParJoin |
| src/world/lazy.rs | +1 | |
| src/world/mod.rs | +1 | |
| src/world/tests.rs | +1 | |
| src/world/world_ext.rs | 0 | Some concerns about create_entity_unchecked, is_alive |
| src/bitset.rs | +1 | |
| src/changeset.rs | -1 | Bypasses lifetime checks |
| src/error.rs | +1 | |
| src/lib.rs | +1 | |
| src/prelude.rs | +1 | |
| tests/saveload.rs | +1 | |
| tests/tests.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .rustfmt.toml | +1 | |
| Cargo.lock | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| CHANGELOG.md | +1 | I like the link format here |
| CODE_OF_CONDUCT.md | +1 | |
| codecov.yml | +1 | |
| CONTRIBUTING.md | +1 | |
| LICENSE-APACHE | +1 | |
| LICENSE-MIT | +1 | |
| netlify.toml | +1 | |
| PULL_REQUEST_TEMPLATE.md | +1 | |
| README.md | +1 | Dual MIT/Apache 2.0, could use a deps badge |
| Other | Rating | Notes |
|---|---|---|
| unsafe | -1 | ParJoin sounds unsound, scary comments like "// This is horribly unsafe." |
| miri | -1 | N/A (atomics) |
| fs | +1 | N/A |
| io | +1 | N/A |
| docs | +1 | Sets the golden standard for how to document unsafe code in many places... but sadly not all. |
| tests | 0 | Some gaps on a per-module basis, which really seem necessary for some of the scarier nests of unsafe code. |
| Line | What | Notes |
|---|---|---|
| 227 | unsafe fn Join::open | Hmm... will this truly be unsound? Will need to read more... |
| 237 | unsafe fn Join::get | "The implementation [...] has no invariants to meet" - I don't grok why this is unsafe yet, but tat least the doc comments seem clear. |
| 273 | unsafe fn MaybeJoin::open | +1, just forwards, good doc comments about held constraints |
| 280 | unsafe fn MaybeJoin::get | +1, meets documented constraints, good doc comments about held constraints |
| 305 | fn JoinIter::new | 0, fix pending: #645 println! isn't an appropriate mechanism for this and possibly adds another perf issue. PR switches to log crate. |
| 312 | fn JoinIter::new | 0, relies on constraint of impl |
| 370 | fn JoinIter::get | +1, documents and abides by safety constraints |
| 386 | fn JoinIter::get_unchecked | +1, documents and abides by safety constraints |
| 399 | fn JoinIter::next | +1, documents and abides by safety constraints |
| 422 | unsafe fn (A,B,...)::open | +1, documents and abides by safety constraints |
| 434 | unsafe fn (A,B,...)::get | +1, documents and abides by safety constraints |
| 440 | fn (A,B,...)::is_unconstrained | +1 |
| 451 | unsafe impl ParJoin for (A,B,...) | 0, sounds accurate but I don't fully grok |
| 500 | unsafe fn _Readers_::open | +1, just forwards sanely |
| 506 | unsafe fn _Readers_::get | +1, just forwards sanely |
| 511 | unsafe fn _Readers_::is_unconstrained | +1 |
| 519 | unsafe impl ParJoin for _Readers_ | 0, sounds accurate but I don't fully grok |
| 542 | unsafe fn _Writers_::open | +1, just forwards sanely |
| 548 | unsafe fn _Writers_::get | +1, just forwards sanely |
| 553 | unsafe fn _Writers_::is_unconstrained | +1 |
| 561 | unsafe impl ParJoin for _Writers_ | 0, sounds accurate but I don't fully grok |
| EOF |
| Line | What | Notes |
|---|---|---|
| 21 | fn ParJoin::par_join comment | -1, "NOTE: This is currently unspecified behavior." - concerning... |
| 30 | fn ParJoin::par_join | 0, fix pending: #645 println! isn't an appropriate mechanism for this and possibly adds another perf issue. PR switches to log crate. |
| 56 | fn JoinParIter::drive_unindexed | 0, unsafe { ... } relies on constraint of impl |
| 98 | unsafe impl Send for JoinProducer | -1, "[...] technically not allowed" abuse of UnsafeCell |
| 130 | fn UnindexedProducer::fold_with | 0, logic makes sense to me here |
| EOF |
| Line | What | Notes |
|---|---|---|
| 25 | unsafe fn Drain::open | +1, just forwards sanely |
| 32 | unsafe fn Drain::get | +1, uses remove sanely |
| EOF |
| Line | What | Notes |
|---|---|---|
| 41 | fn Storage::entry | +1, unsafe { ... } documents and abides by safety constraints |
| 121 | fn Storage::entries | +1 |
| 140 | unsafe fn Entries::open | +1 |
| 146 | unsafe fn Entries::get | -1, unsafe { ... } - I can't verify how this lifetime extension is possibly sound either. |
| 164 | fn Entries::is_unconstrained | +1 |
| 184 | fn OccupiedEntry::get | +1, unsafe { ... } - documents and abides by safety constraints |
| 197 | fn OccupiedEntry::get_mut | +1, unsafe { ... } - documents and abides by safety constraints |
| 205 | fn OccupiedEntry::into_mut | +1, unsafe { ... } - documents and abides by safety constraints |
| 209 | fn OccupiedEntry::insert | +1 |
| 215 | fn OccupiedEntry::remove | +1 |
| 236 | fn VacantEntry::insert | +1, unsafe { ... } - documents and abides by safety constraints |
| EOF |
| Line | What | Notes |
|---|---|---|
| 203 | unsafe fn FlaggedStorage::clean | +1, just forwards sanely |
| 210 | unsafe fn FlaggedStorage::get | +1, just forwards sanely |
| 214 | unsafe fn FlaggedStorage::get_mut | +1, just forwards sanely |
| 221 | unsafe fn FlaggedStorage::insert | +1, just forwards sanely |
| 228 | unsafe fn FlaggedStorage::remove | +1, just forwards sanely |
| EOF |
| Line | What | Notes |
|---|---|---|
| 57 | unsafe fn AntiStorage::open | +1, safe and sound |
| 62 | unsafe fn AntiStorage::get | +1, safe and sound |
| 66 | unsafe impl DistinctStorage for AntiStorage | +1, safe and sound |
| 70 | unsafe impl ParJoin for AntiStorage | +1, safe and sound |
| 78 | unsafe impl CastFrom for dyn AnyStorage | 0, don't fully grok why this is unsafe, but looks 100% safe and sound and matches shred examples. |
| 122 | unsafe trait DistinctStorage | +1, safe and sound |
| 155 | fn MaskedStorage::clear | +1, unsafe { ... } - documents and abides by safety constraints |
| 165 | fn MaskedStorage::remove | +1, unsafe { ... } - documents and abides by safety constraints |
| 175 | fn MaskedStorage::drop | +1, unsafe { ... } - documents and abides by safety constraints |
| 231 | fn Storage::get | +1, unsafe { ... } - documents and abides by safety constraints |
| 274 | unsafe fn Storage::unprotected_storage_mut | +1, documents constraints |
| 282 | fn Storage::get_mut | +1, unsafe { ... } - documents and abides by safety constraints |
| 299 | fn Storage::insert | +1, unsafe { ... } - documents and abides by safety constraints |
| 304 | fn Storage::insert | +1, unsafe { ... } - documents and abides by safety constraints |
| 341 | unsafe impl DistinctStorage for Storage | +1, proper constraints |
| 356 | unsafe fn &Storage::open | +1, documents constraints |
| 362 | unsafe fn &Storage::get | +1, just forwards sanely |
| 400 | unsafe fn &mut Storage::open | +1, documents constraints |
| 409 | unsafe fn &mut Storage::get | -1, WTF? Lifetime extension? Can't this just be v.get_mut(i)? |
| 449 | trait UnprotectedStorage | -1, needs to make it clearer that clearmust be called before dropping as currently stands, unless that's just a bug. |
| 457 | unsafe fn UnprotectedStorage::clear | +1, documents constraints |
| 472 | unsafe fn UnprotectedStorage::get | +1, documents constraints |
| 485 | unsafe fn UnprotectedStorage::get_mut | +1, documents constraints |
| 496 | unsafe fn UnprotectedStorage::insert | +1, documents constraints |
| 504 | unsafe fn UnprotectedStorage::remove | +1, documents constraints |
| 514 | unsafe fn UnprotectedStorage::drop | +1, documents constraints, default impl sane/sound |
| EOF |
| Line | What | Notes |
|---|---|---|
| 83 | unsafe impl ParJoin for &mut RestrictedStorage<..., MutableParallelRestriction> | -1, no idea |
| 93 | unsafe impl ParJoin for &RestrictedStorage<..., ImmutableAliasing> | -1, no idea |
| 113 | unsafe fn &RestrictedStorage::open | 0, could maybe document safety more, but I believe sound? |
| 118 | unsafe fn &RestrictedStorage::get | 0, could maybe document safety more, but I believe sound? |
| 144 | unsafe fn &mut RestrictedStorage::open | 0, could maybe document safety more, but I believe sound? |
| 149 | unsafe fn &mut RestrictedStorage::get | 0, could maybe document safety more, but I believe sound? |
| 239 | fn PairedStorage::get_unchecked | -1, unsafe { ... } - maybe fine, but safety undocumented and get_unchecked sounds like something that should itself be an unsafe fn? |
| 252 | fn PariedStorage::get_mut_unchecked | -1, unsafe { ... } - maybe fine, but safety undocumented and get_unchecked sounds like something that should itself be an unsafe fn? |
| 272 | fn PairedStorage::get | +1, abides by safety constraints |
| 294 | fn PairedStorage::get_mut | +1, abides by safety constraints |
| EOF |
Careful auditing gives a good idea for what the actual API requirements of UnprotectedStorage are, and it's a doozy.
cleancleans on several storages make me think it should consume self instead of taking &mut self - maybe can't due to API limitations?| Line | What | Notes |
|---|---|---|
| 20 | unsafe fn BTreeStorage::clean | 0, should maybe clear storage? |
| 27 | unsafe fn BTreeStorage::get | +1 |
| 31 | unsafe fn BTreeStorage::get_mut | +1 |
| 35 | unsafe fn BTreeStorage::insert | +1 |
| 39 | unsafe fn BTreeStorage::remove | +1 |
| 44 | unsafe impl DistinctStorage for BTreeStorage | +1 as I grok DistinctStorage |
| 54 | unsafe fn HashMapStorage::clean | 0, should maybe clear storage? |
| 61 | unsafe fn HashMapStorage::get | +1 |
| 65 | unsafe fn HashMapStorage::get_mut | +1 |
| 69 | unsafe fn HashMapStorage::insert | +1 |
| 73 | unsafe fn HashMapStorage::remove | +1 |
| 78 | unsafe impl DistinctStorage for HashMapStorage | +1 |
| 95 | unsafe fn DenseVecStorage::clean | 0, should maybe clear storage? |
| 102 | unsafe fn DenseVecStorage::get | 0, unsound on bad index, but fn is unsafe. Otherwise sound. |
| 107 | unsafe fn DenseVecStorage::get_mut | 0, unsound on bad index, but fn is unsafe. Otherwise sound. |
| 112 | unsafe fn DenseVecStorage::insert | 0, set_len leaves uninitialized gaps in the data_id Vec. Maybe sound, but at least violates std docs. See #644 |
| 124 | unsafe fn DenseVecStorage::remove | 0, unsound on bad index, but fn is unsafe. Otherwise sound. |
| 133 | unsafe impl DistinctStorage for DenseVecStorage | +1 |
| 143 | unsafe fn NullStorage::clean | +1 |
| 149 | unsafe fn NullStorage::get | +1 |
| 153 | unsafe fn NullStorage::get_mut | +1 |
| 157 | unsafe fn NullStorage::insert | +1 |
| 159 | unsafe fn NullStorage::remove | +1 |
| 178 | unsafe impl DistinctStorage for NullStorage | +1, precondition enforced by Default::default() |
| 187 | unsafe fn VecStorage::clean | +1 |
| 200 | unsafe fn VecStorage::get | 0, unsound on bad index, but fn is unsafe. Otherwise sound. |
| 204 | unsafe fn VecStorage::get_mut | 0, unsound on bad index, but fn is unsafe. Otherwise sound. |
| 208 | unsafe fn VecStorage::insert | -1, set_len leaves uninitialized gaps in the data_id Vec, making it unsound to drop before calling clean. Sound if perfectly used (e.g. call clean), but a timebomb as stands IMO. See #644 |
| 222 | unsafe fn VecStorage::remove | 0, unsound on bad index, but fn is unsafe. Otherwise sound. |
| 229 | unsafe impl DistinctStorage for VecStorage | +1 |
| EOF |
| Line | What | Notes |
|---|---|---|
| 460 | vec_arc | +1, unsafe { ... } |
| -1, would like to see more tests involving drop types | ||
| -1, would like to see more tests involving specific storages | ||
| EOF |
| Line | What | Notes |
|---|---|---|
| 53 | fn Storage::channel | 0, unsafe { ... } - I don't grok the safety invariants we need to hold here |
| 59 | fn Storage::event_emission | 0, unsafe { ... } - I don't grok the safety invariants we need to hold here |
| 72 | fn Storage::channel_mut | 0, unsafe { ... } - I don't grok the safety invariants we need to hold here |
| 92 | fn Storage::set_event_emission | 0, unsafe { ... } - I don't grok the safety invariants we need to hold here |
| EOF |
Well, this is a bit more complicated than simply doing generational indicies. Atomics... oh boy.
| Line | What | Notes |
|---|---|---|
| 51 | struct Allocator | 0, interplay of fields is underdocumented |
| Allocator::alive | Lagging bitset derived from aliveness of generations, used for Join and not much else. Lags behind when *_atomic is used. | |
| Allocator::raised, killed | Tracks atomic ops specifically for later merge, otherwise ignored/internal. | |
| Allocator::cache | LIFO queue of entity IDs to reuse | |
| Allocator::max_id | next entity ID if no entity IDs to reuse | |
| 90 | fn Allocator::kill_atomic | 0, leaves generations alone? Is this an async kill? |
| 114 | fn Allocator::is_alive | -1, doesn't this need to check !self.killed.contains(id) too? |
| 131 | fn Allocator::entity | -1, doesn't this need to check !self.killed.contains(id) too? |
| 188 | fn Allocator::merge | 0, why not push directly into cache? |
| 211 | struct CreateIterAtomic | +1 |
| 223 | struct Entity | +1 |
| 256 | struct EntitiesRes | +1 |
| 321 | unsafe fn EntitiesRes::open | +1? don't fully grok preconds but this seems fine/safe |
| 321 | unsafe fn EntitiesRes::get | +1? don't fully grok preconds but this seems fine/safe |
| 336 | unsafe impl ParJoin for EntitiesRes | -1, don't fully grok preconds |
| 341 | struct EntityResBuilder | +1 |
| 376 | struct Generation | +1, should maybe have a struct-level comment that negative = dead though? Although obvious from fn is_alive... |
| 420 | struct ZeroableGeneration | +1 |
| 441 | fn ZeroableGeneration::die | 0, is debug_assert! enough? Seems like it'll go super off the rails in release builds, and other fns like raised panic. Internal method though... |
| 451 | fn ZeroableGeneration::raised | 0, explicit checked_sub vs implicit for Generation::raised |
| 470 | struct EntityCache | 0, needs better docs. Seems to be a semi-concurrent FILO index list for entity realloc. |
| EOF |
| Line | What | Notes |
|---|---|---|
| 240 | fn WorldExt::create_entity_unchecked | -1, does this need to be an unsafe fn? What isn't checked? Just that you have exclusive world access? |
| 281 | fn WorldExt::is_alive | 0, sketchy edge cases |
| 392 | fn World::is_alive | 0, should this really be panicing on a dead generation? Doesn't that just mean the entity is dead?!? |
| EOF |
| Line | What | Notes |
|---|---|---|
| 24 | unsafe fn BitSet*::open | +1, sure? |
| 29 | unsafe fn BitSet*::get | +1, sure? |
| 35 | unsafe impl ParJoin for BitSet* | 0, think this is fine? |
| EOF |
| Line | What | Notes |
|---|---|---|
| 61 | fn ChangeSet::add | +1, unsafe { ... } - documents and abides by safety constraints |
| 66 | fn ChangeSet::add | +1, unsafe { ... } - abides by safety constraints, docs seem a little off |
| 77 | fn ChangeSet::clear | +1, unsafe { ... } - documents and abides by safety constraints |
| 115 | unsafe fn &mut ChangeSet::open | +1, sure? |
| 123 | unsafe fn &mut ChangeSet::get | -1, bypasses lifetime checks! |
| 134 | unsafe fn &ChangeSet::open | +1, sure? |
| 141 | unsafe fn &ChangeSet::get | +1, sure? |
| 154 | unsafe fn ChangeSet::open | +1, sure? |
| 161 | unsafe fn ChangeSet::get | +1, sure? |
| EOF |
#[must_use] makes a lot of sense for builder patterns terminating in .build()Solid crate overall.
Concerns:
NUM_RETRIES means this crate can hang.| File | Rating | Notes |
|---|---|---|
| src/file/imp/mod.rs | +1 | |
| src/file/imp/other.rs | +1 | not_supported |
| src/file/imp/unix.rs | +1 | unsafe, but sound. |
| src/file/imp/windows.rs | +1 | unsafe, but sound. |
| src/file/mod.rs | +1 | |
| src/dir.rs | +1 | |
| src/error.rs | +1 | |
| src/lib.rs | +1 | |
| src/spooled.rs | +1 | Could use a .into_file() |
| src/util.rs | 0 | unsafe, but sound. |
| tests/namedtempfile.rs | +1 | |
| tests/spooled.rs | +1 | |
| tests/tempdir.rs | +1 | |
| tests/tempfile.rs | +1 | |
| .gitignore | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE-APACHE | +1 | |
| LICENSE-MIT | +1 | |
| NEWS | +1 | |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | 0 | Minor unnecessary/overlong unsafe blocks |
| fs | 0 | Rationale of this entire crate |
| io | +1 | All looks sane |
| docs | +1 | Tons of doc comments |
| tests | +1 | Lots of 'em |
| Line | What | Notes |
|---|---|---|
| 15 | cvt_err | +1, verified error handling is correct vs online man pages for rename and link. |
| 25 | cvt_err | +1 |
| 30 | cstr | +1 |
| 35 | create_named | +1 |
| 44 | create_unlinked | +1 |
| 62 | create | +1, sane flag use. |
| 79 | create | +1 |
| 83 | create_unix | +1, minor hazard to reproducable builds due to random filenames |
| 93 | reopen | +1 |
| 107 | persist | 0, unsafe larger than necessary, but sound. |
| 130 | persist | 0, redox NYI but sane placeholder error |
| 135 | keep | 0, nothing to do on unix |
| Line | What | Notes |
|---|---|---|
| 19 | to_utf16 | +1, null terminates |
| 23 | create_named | +1 |
| 32 | create | +1, minor hazard to reproducable builds due to random filenames |
| 50 | reopen | +1, unsafe but sound. Verified error handling vs MSDN. |
| 67 | keep | +1, unsafe but sound. Verified error handling vs MSDN. |
| 78 | persist | 0, unsafe larger than necessary, but sound. Verified error handling vs MSDN. |
| Line | What | Notes |
|---|---|---|
| ... | * | +1, well reviewed despite my lack of notes. |
| 587 | new_in | +1, doc comment links wrong method (new_in instead of new) |
| ... | * | +1, well reviewed despite my lack of notes. |
| 859 | into_file | 0, confusing how to use these correctly as Drop still occurs |
| 867 | into_temp_path | 0, confusing how to use these correctly as Drop still occurs |
| 876 | into_parts | 0, confusing how to use these correctly as Drop still occurs |
| ... | * | +1, well reviewed despite my lack of notes. |
| Line | What | Notes |
|---|---|---|
| ... | * | +1, well reviewed despite my lack of notes. |
| 131 | NUM_RETRIES | -1, absurdly large default value 1 << 31, will hang "forever". |
| ... | * | +1, well reviewed despite my lack of notes. |
| Line | What | Notes |
|---|---|---|
| 9 | tmpname | 0, unsafe for semi-pointless str::from_utf8_unchecked, but sound. Reproducable builds hazard. |
| 26 | create_helper | +1, although I'd pick a different error message. |
let tmp;
if cond {
tmp = asdf;
&tmp
}
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.debug_struct("TempDir")
.field("path", &self.path())
.finish()
}
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
[Full Audit] Terminal I/O Settings
Pros:
Cons:
⚠️ Didn't verify many OS-specific structs/constants, and termios structure might not guarantee ABI stability?
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Simple basic thread pool
Pros:
Cons:
Do not use on User Generated Content!
* Vulnerable to path traversal attacks if fed bogus .tmx files (see Tileset::new_reference)
* No obvious protection against zipbombs
* A couple cases where bad input will panic, a potential DoS vector.
For game engines, there's also no great way to inject your own virtual filesystem callbacks (again see Tileset::new_reference)
There's also a few missing features:
* Wang Tiles
* Terrains
* "file" Custom Properties
| File | Rating | Notes |
|---|---|---|
| assets/tiled_base64_external.tmx | +1 | |
| assets/tiled_base64_gzip.tmx | +1 | |
| assets/tiled_base64_zlib.tmx | +1 | |
| assets/tiled_base64.tmx | +1 | |
| assets/tiled_csv.tmx | +1 | |
| assets/tiled_image_layers.tmx | +1 | |
| assets/tiled_xml.tmx | +1 | |
| tilesheet.png | +1 | Neat looking modern tileset... wonder what the source is! |
| tilesheet.tsx | +1 | |
| examples/main.rs | +1 | |
| src/lib.rs | +1 | |
| tests/lib.rs | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | Sparse... no MSRV, beta/nightly, etc. |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| CONTRIBUTORS.md | +1 | |
| README.md | +1 | Dead link to tileset source |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | No unsafe |
| fs | -1 | See Tileset::new_reference notes |
| io | 0 | Brittle XML parsing, but OK for limited inputs. |
| docs | -1 | Barely any. |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 28 | get_attrs! | Eep |
| 53 | parse_tag! | Mishandles nested tags... fortunately that's probably not necessary. |
| 97 | Colour::from_str | British... and a possible source of panics. |
| 161 | PropertyValue::new | No "file" support (see https://doc.mapeditor.org/en/stable/manual/custom-properties/#adding-properties) |
| 238 | Map::new | My kingdom for some variable names! |
| 256 | Map::new | Still using try! |
| 385 | Tileset::new_reference | Possible path traversal attacks, limits ability to inject your own virtual filesystem. |
| 860 | decode_csv | I've heard decoding arbitrary CSV is way more complicated than this... but this probably works for tile data as used in tmx files. |
| 883 | convert_to_u32 | Kinda want this to be based on iterators to avoid an extra alloc... |
Do not use on User Generated Content!
* Vulnerable to path traversal attacks if fed bogus .tmx files (see Tileset::new_reference)
* No obvious protection against zipbombs
* A couple cases where bad input will panic, a potential DoS vector.
For game engines, there's also no great way to inject your own virtual filesystem callbacks (again see Tileset::new_reference)
There's also a few missing features:
* Wang Tiles
* Terrains
* "file" Custom Properties
| File | Rating | Notes |
|---|---|---|
| assets/tiled_base64_external.tmx | +1 | |
| assets/tiled_base64_gzip.tmx | +1 | |
| assets/tiled_base64_zlib.tmx | +1 | |
| assets/tiled_base64.tmx | +1 | |
| assets/tiled_csv.tmx | +1 | |
| assets/tiled_image_layers.tmx | +1 | |
| assets/tiled_xml.tmx | +1 | |
| tilesheet.png | +1 | Neat looking modern tileset... wonder what the source is! |
| tilesheet.tsx | +1 | |
| examples/main.rs | +1 | |
| src/lib.rs | +1 | |
| tests/lib.rs | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | Sparse... no MSRV, beta/nightly, etc. |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| CONTRIBUTORS.md | +1 | |
| README.md | +1 | Dead link to tileset source |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | No unsafe |
| fs | -1 | See Tileset::new_reference notes |
| io | 0 | Brittle XML parsing, but OK for limited inputs. |
| docs | -1 | Barely any. |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 28 | get_attrs! | Eep |
| 53 | parse_tag! | Mishandles nested tags... fortunately that's probably not necessary. |
| 97 | Colour::from_str | British... and a possible source of panics. |
| 161 | PropertyValue::new | No "file" support (see https://doc.mapeditor.org/en/stable/manual/custom-properties/#adding-properties) |
| 238 | Map::new | My kingdom for some variable names! |
| 256 | Map::new | Still using try! |
| 385 | Tileset::new_reference | Possible path traversal attacks, limits ability to inject your own virtual filesystem. |
| 860 | decode_csv | I've heard decoding arbitrary CSV is way more complicated than this... but this probably works for tile data as used in tmx files. |
| 883 | convert_to_u32 | Kinda want this to be based on iterators to avoid an extra alloc... |
Do not use on User Generated Content!
For game engines, there's also no great way to inject your own virtual filesystem callbacks (again see Tileset::new_reference)
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| src/layer.rs | 0 | Raw structures |
| src/lib.rs | +1 | |
| src/map.rs | +1 | |
| src/object.rs | +1 | |
| src/parsers.rs | 0 | No decompression support, can panic (not suitable for user generated content) |
| src/tile_set.rs | -1 | Not suitable for user generated content! |
| src/utils.rs | +1 | |
| src/wangs.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None |
| fs | -1 | Path traversal |
| io | +1 | serde |
| docs | +1 | |
| tests | -1 | Not in crate, maybe in repository |
| Line | What | Notes |
|---|---|---|
| 17 | TileLayer::chunks | Option seems kinda pointless, also this API is meh |
| 129 | DrawOrder | There are at least 4 draw modes now for layers - although there's also Map / RenderOrder.... blehrg (top->down left->right, top->down right->left, ...) |
| Line | What | Notes |
|---|---|---|
| 129 | parse_color blue | Despite earlier padding, no guarantee this is valid / may panic (both for overflowing and for not being a unicode boundary.) |
| Line | What | Notes |
|---|---|---|
| 121 | Deserialize for TileSet | File::open - path traversal attacks, lack of virtual filesystem support, etc. |
Do not use on User Generated Content!
For game engines, there's also no great way to inject your own virtual filesystem callbacks (again see Tileset::new_reference)
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| src/layer.rs | 0 | Raw structures |
| src/lib.rs | +1 | |
| src/map.rs | +1 | |
| src/object.rs | +1 | |
| src/parsers.rs | 0 | No decompression support, can panic (not suitable for user generated content) |
| src/tile_set.rs | -1 | Not suitable for user generated content! |
| src/utils.rs | +1 | |
| src/wangs.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | None |
| fs | -1 | Path traversal |
| io | +1 | serde |
| docs | +1 | |
| tests | 0 | Not in crate, but found in repository (https://gitlab.com/ljcode/tiled-json-rs/tree/master/tests) |
| Line | What | Notes |
|---|---|---|
| 17 | TileLayer::chunks | Option seems kinda pointless, also this API is meh |
| 129 | DrawOrder | There are at least 4 draw modes now for layers - although there's also Map / RenderOrder.... blehrg (top->down left->right, top->down right->left, ...) |
| Line | What | Notes |
|---|---|---|
| 129 | parse_color blue | Despite earlier padding, no guarantee this is valid / may panic (both for overflowing and for not being a unicode boundary.) |
| Line | What | Notes |
|---|---|---|
| 121 | Deserialize for TileSet | File::open - path traversal attacks, lack of virtual filesystem support, etc. |
I'm unfamiliar with vcpkg s, but looks reasonable + all safe code.
Decent crate seeing some usage. Worth building upon. (Full Audit)
Decent crate seeing some usage. Worth building upon. (Full Audit)
Decent crate seeing some usage. Worth building upon. (Full Audit)
Decent crate seeing some usage. Worth building upon. (Full Audit)
Decent crate seeing some usage. Worth building upon. (Full Audit)
Decent crate seeing some usage. Worth building upon. (Full Audit)
vfs 0.1.0 lacks a license. Upgrade to 0.1.1+. (Full Audit)
Haven't thoroughly verified base64 logic but looks good skimming everything.
Trivial uninhabited type. LGTM.
No unsafe, no I/O, single lib.rs source file, decent docs.
Basic 0-dependencies Fn-based Waker source.
This could eventually be made safe when Wake (not Waker!) stabilizes.
In the meantime, this crate manually creates a Waker via RawWaker.
This requires some unsafe code, but this crate appropriately uses just about
the bare minimum necessary to accomplish the task, and appears to do so soundly and correctly.
Additionally, the code is minimal (63 LOC including comments and whitespace for 1.1.0) and straightforward.
Basic 0-dependencies Fn-based Waker source.
This could eventually be made safe when Wake (not Waker!) stabilizes.
In the meantime, this crate manually creates a Waker via RawWaker.
This requires some unsafe code, but this crate appropriately uses just about
the bare minimum necessary to accomplish the task, and appears to do so soundly and correctly.
Additionally, the code is minimal (63 LOC including comments and whitespace for 1.1.0) and straightforward.
0.13.0: RON support, lockfile/CI changes. LGTM.
0.12.0: Looks good to me. Some of the finer points are a little obtuse to me (RE: reloads, dependencies, an the inspect trait.)
| File | Rating | Notes |
|---|---|---|
| examples/toml/hello.html | +1 | |
| examples/toml/main.rs | +1 | |
| src/context.rs | +1 | |
| src/json.rs | +1 | |
| src/key.rs | +1 | |
| src/lib.rs | +1 | |
| src/load.rs | +1 | |
| src/res.rs | +1 | |
| src/toml.rs | +1 | |
| tests/lib.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| CHANGELOG.md | +1 | |
| LICENSE | +1 | |
| README.md | +1 | |
| rustfmt.toml | +1 | Ew 2 space indents gross |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | No unsafe code |
| fs | +1 | Nothing fishy |
| io | +1 | Nothing fishy |
| docs | +1 | Good god there are a lot. Needs more concrete motivating examples though. |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 12 | Key | 'static lifetime... minor leak? but I probably don't care? |
cargo-sync-readme
cargo-outdated
Looks good to me. Some of the finer points are a little obtuse to me (RE: reloads, dependencies, an the inspect trait.)
| File | Rating | Notes |
|---|---|---|
| examples/toml/hello.html | +1 | |
| examples/toml/main.rs | +1 | |
| src/context.rs | +1 | |
| src/json.rs | +1 | |
| src/key.rs | +1 | |
| src/lib.rs | +1 | |
| src/load.rs | +1 | |
| src/res.rs | +1 | |
| src/toml.rs | +1 | |
| tests/lib.rs | +1 | |
| .cargo_vcs_info.json | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| CHANGELOG.md | +1 | |
| LICENSE | +1 | |
| README.md | +1 | |
| rustfmt.toml | +1 | Ew 2 space indents gross |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | No unsafe code |
| fs | +1 | Nothing fishy |
| io | +1 | Nothing fishy |
| docs | +1 | Good god there are a lot. Needs more concrete motivating examples though. |
| tests | +1 |
| Line | What | Notes |
|---|---|---|
| 12 | Key | 'static lifetime... minor leak? but I probably don't care? |
cargo-sync-readme
cargo-outdated
Looks great overall.
I haven't double-checked any logic against WASM specs.
I haven't verified that WASM validation is suitable to rely upon for JIT compilers or the like.
| File | Rating | Notes |
|---|---|---|
| examples/dump.rs | +1 | io (safe) |
| examples/simple.rs | +1 | io (safe) |
| fuzz/* | UNREVIEWED (excluded from crate) | |
| src/lib.rs | +1 | |
| src/limits.rs | +1 | |
| src/parser.rs | +1 | |
| src/tests.rs | +1 | io (safe) |
| src/validator.rs | +1 | check_utf8 could be mostly replaced with stdlib? |
| tests/*.wasm | Unreviewed... nothing but WASM though, should be OK | |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| check-rustfmt.sh | +1 | Globally overwrites rustfmt with specific version |
| format-all.sh | +1 | |
| LICENSE | +1 | Apache 2.0 |
| Readme.md | +1 | |
| test-all.sh | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | No unsafe code. |
| fs | +1 | Examples and tests only, reasonably used. |
Looks great overall.
I haven't double-checked any logic against WASM specs.
I haven't verified that WASM validation is suitable to rely upon for JIT compilers or the like.
| File | Rating | Notes |
|---|---|---|
| examples/dump.rs | +1 | io (safe) |
| examples/simple.rs | +1 | io (safe) |
| fuzz/* | UNREVIEWED (excluded from crate) | |
| src/lib.rs | +1 | |
| src/limits.rs | +1 | |
| src/parser.rs | +1 | |
| src/tests.rs | +1 | io (safe) |
| src/validator.rs | +1 | check_utf8 could be mostly replaced with stdlib? |
| tests/*.wasm | Unreviewed... nothing but WASM though, should be OK | |
| .gitignore | +1 | |
| .travis.yml | +1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| check-rustfmt.sh | +1 | Globally overwrites rustfmt with specific version |
| format-all.sh | +1 | |
| LICENSE | +1 | Apache 2.0 |
| Readme.md | +1 | |
| test-all.sh | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | No unsafe code. |
| fs | +1 | Examples and tests only, reasonably used. |
Pros:
build.rs integrationCons:
build.rs context.See Full Audit
Fairly full review. Looks solid.
Pros:
Cons:
| File | Rating | Notes |
|---|---|---|
| src/reader/parser/inside_cdata.rs | +1 | Going through tokenizer at all unnerves me slightly |
| src/reader/parser/inside_closing_tag_name.rs | +1 | |
| src/reader/parser/inside_comment.rs | +1 | |
| src/reader/parser/inside_declaration.rs | +1 | |
| src/reader/parser/inside_doctype.rs | +1 | |
| src/reader/parser/inside_opening_tag.rs | +1 | |
| src/reader/parser/inside_processing_instruction.rs | +1 | |
| src/reader/parser/inside_reference.rs | +1 | |
| src/reader/parser/mod.rs | +1 | |
| src/reader/parser/outside_tag.rs | +1 | |
| src/reader/config.rs | +1 | |
| src/reader/error.rs | +1 | |
| src/reader/events.rs | +1 | |
| src/reader/lexer.rs | +1 | |
| src/reader/mod.rs | +1 | |
| src/writer/config.rs | +1 | Two space indents by default is heresy but whatever. |
| src/writer/emitter.rs | 0 | Encodings not escaped, namespace URIs not escaped. General attributes are escaped though. CDATA containing ]]> not fixed. |
| src/writer/events.rs | +1 | |
| src/writer/mod.rs | +1 | |
| src/analyze.rs | +1 | Should really be moved to bins or examples or something. |
| src/attribute.rs | +1 | |
| src/common.rs | 0 | Caught netvl/xml-rs#179 |
| src/escape.rs | +1 | |
| src/lib.rs | +1 | |
| src/macros.rs | +1 | |
| src/name.rs | +1 | |
| src/namespace.rs | +1 | |
| src/util.rs | +1 | |
| tests/documents/sample_1_full.txt | +1 | skimmed |
| tests/documents/sample_1_short.txt | +1 | skimmed |
| tests/documents/sample_1.xml | +1 | skimmed |
| tests/documents/sample_2_full.txt | +1 | skimmed |
| tests/documents/sample_2_short.txt | +1 | skimmed |
| tests/documents/sample_2.xml | +1 | skimmed |
| tests/documents/sample_3_full.txt | +1 | skimmed |
| tests/documents/sample_3_short.txt | +1 | skimmed |
| tests/documents/sample_3.xml | +1 | skimmed |
| tests/documents/sample_4_full.txt | +1 | skimmed |
| tests/documents/sample_4_short.txt | +1 | skimmed |
| tests/documents/sample_4.xml | +1 | skimmed |
| tests/documents/sample_5_short.txt | +1 | skimmed |
| tests/documents/sample_5.xml | +1 | skimmed |
| tests/event_reader.rs | +1 | |
| tests/event_writer.rs | +1 | |
| tests/streaming.rs | +1 | |
| .cargo-ok | +1 | |
| .gitignore | +1 | |
| .travis.yml | +1 | Installs pip travis-cargo |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| Changelog.md | +1 | |
| design.md | +1 | TODO list |
| LICENSE | +1 | MIT, matching Cargo.toml |
| Readme.md | +1 | MIT Licensed |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | One small use in test case, PR to remove upstream and apply deny(unsafe_code) lint. |
| fs | +1 | Only in analyze (and maybe tests?), and sanely |
| io | +1 | |
| docs | +1 | |
| tests | 0 | Needs more fuzz tests |
| Line | What | Notes |
|---|---|---|
| 23 | predefined XML entities | Apparently these 5 are the only predefined entities in XML. Don't have to worry about the hundreds HTML supports. |
| 52 | custom XML entities | Not recursive, no XML bomb here unless DTD constructed a huge entry for extra_entities already. |
&impl ?Sized+AsRef<str>0.5.3: Replaced libflate with flate2, minor touchups. LGTM.
0.5.2: Looks like a solid crate. A few minor concerns:
CON or similar.| File | Rating | Notes |
|---|---|---|
| benches/read_entry.rs | +1 | |
| examples/extract_lorem.rs | +1 | |
| examples/extract.rs | +1 | |
| examples/file_info.rs | +1 | |
| examples/stdin_info.rs | +1 | |
| examples/write_dir.rs | 0 | 755 permissions make me slightly nervous, but I think it's safe |
| examples/write_sample.rs | 0 | 755 permissions make me slightly nervous, but I think it's safe |
| script/doc-upload.cfg | +1 | |
| src/compression.rs | +1 | |
| src/cp437.rs | +1 | |
| src/crc32.rs | +1 | |
| src/lib.rs | +1 | |
| src/read.rs | +1 | |
| src/result.rs | +1 | |
| src/spec.rs | +1 | |
| src/types.rs | 0 | Could be a little more defensive towards misue, but pretty solid. |
| src/write.rs | +1 | |
| tests/data/*.zip | Unreviewed... probably OK though | |
| tests/end_to_end.rs | +1 | |
| tests/invalid_date.rs | +1 | |
| tests/zip64_large.rs | +1 | |
| .gitignore | +1 | |
| .travis.yml | -1 | |
| appveyor.yml | -1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE | +1 | MIT |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | No unsafe code |
| fs | +1 | Examples/tests appear safe. |
| io | +1 | |
| docs | +1 | |
| tests | +1 | Could use more fuzzing tests |
| Line | Notes |
|---|---|
| 215 | I'd like this to have a scarier name... but eh, at least it's sound. |
| 250 | This drops invalid components... I think it should return an error on invalid components. But at least it's sound and shouldn't be vulnerable to path navigation attacks? |
| 250 | This doesn't forbid CON or similar. |
| 298 | Excellent test, this is exactly what I want to see! |
Looks like a solid crate. A few minor concerns:
CON or similar.| File | Rating | Notes |
|---|---|---|
| benches/read_entry.rs | +1 | |
| examples/extract_lorem.rs | +1 | |
| examples/extract.rs | +1 | |
| examples/file_info.rs | +1 | |
| examples/stdin_info.rs | +1 | |
| examples/write_dir.rs | 0 | 755 permissions make me slightly nervous, but I think it's safe |
| examples/write_sample.rs | 0 | 755 permissions make me slightly nervous, but I think it's safe |
| script/doc-upload.cfg | +1 | |
| src/compression.rs | +1 | |
| src/cp437.rs | +1 | |
| src/crc32.rs | +1 | |
| src/lib.rs | +1 | |
| src/read.rs | +1 | |
| src/result.rs | +1 | |
| src/spec.rs | +1 | |
| src/types.rs | 0 | Could be a little more defensive towards misue, but pretty solid. |
| src/write.rs | +1 | |
| tests/data/*.zip | Unreviewed... probably OK though | |
| tests/end_to_end.rs | +1 | |
| tests/invalid_date.rs | +1 | |
| tests/zip64_large.rs | +1 | |
| .gitignore | +1 | |
| .travis.yml | -1 | |
| appveyor.yml | -1 | |
| Cargo.toml | +1 | |
| Cargo.toml.orig | +1 | |
| LICENSE | +1 | MIT |
| README.md | +1 |
| Other | Rating | Notes |
|---|---|---|
| unsafe | +1 | No unsafe code |
| fs | +1 | Examples/tests appear safe. |
| io | +1 | |
| docs | +1 | |
| tests | +1 | Could use more fuzzing tests |
| Line | Notes |
|---|---|
| 215 | I'd like this to have a scarier name... but eh, at least it's sound. |
| 250 | This drops invalid components... I think it should return an error on invalid components. But at least it's sound and shouldn't be vulnerable to path navigation attacks? |
| 250 | This doesn't forbid CON or similar. |
| 298 | Excellent test, this is exactly what I want to see! |
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/
https://64.github.io/actix/https://github.com/actix/actix-web/pull/968#issuecomment-509894555