Sergey "Shnatsel" Davidoff

Turns out there is a way to leverage rustc to detect all uses of unsafe code without requiring nightly: https://www.reddit.com/r/rust/comments/g9mw57/oneliner_to_correctly_list_all_uses_ofunsafe_in/ My quick tests show that it does in fact detect...

Then we would be engaging in an arms race with attackers, except attackers know our single exact set of behaviors and we know nothing about the attackers. This is doomed...

FWIW I've taken a stab at "universally applicable alternative to Memory Sanitizer" by writing [libdiffuzz](https://github.com/Shnatsel/libdiffuzz), but my approach was very simplistic, so the tool is not any better than MSAN,...

At about 800 downloads/day, used by [`goblin`](https://crates.io/crates/goblin)

I can't see a way to avoid unsafe character creation there without a performance hit, but at least we could add debug assertions there and then plug this into a...

The activity hub for sanitizers in Rust seems to be https://github.com/japaric/rust-san

Relevant discussion on crates.io bug tracker: https://github.com/rust-lang/crates.io/issues/75 https://github.com/dpc/crev which may solve it for companies with a security department reviewing incoming code

Discussion on internals forum: https://internals.rust-lang.org/t/pre-rfc-reviving-security-advisories-in-crates-io-rfc-pr-1752/9017

It seems the same can be accomplished in 100% safe Rust thanks to [TryFrom implementation from arrays to slices](https://doc.rust-lang.org/beta/std/primitive.array.html#impl-TryFrom%3C%26%27a%20%5BT%5D%3E). Example of similar 100% safe code in action: https://play.rust-lang.org/?version=stable&mode=debug&edition=2018&gist=9d6e1d61835060f832ce1724becb1214

The limitation is that the 100% safe approach only works for sizes up to 32, and will remain so until const generics are stabilized.