cargo-geiger icon indicating copy to clipboard operation
cargo-geiger copied to clipboard
verified publisher icon rust-secure-code

How to count rust-bindgen and other FFI?

Open anderejd opened this issue 7 years ago • 3 comments

Questions:

  • Should it even show up in the stats?
  • Does it have its own metric?
  • Should the generated code be analyzed?
  • Can extern "C" and friends be used to help identify unsafe code used for FFI reliably?

anderejd avatar Jun 21 '18 19:06 anderejd

Should it even show up in the stats? Does it have its own metric?

There should probably be flags that enable and disable the metrics, at least for debugging. Another thing to be wary of is unsafe used for FFI say still contain undefined behavior. If you add analyses for known-UB (say, you can identify transmute & to &mut), the FFI analysis shouldn't remove the UB analysis.

It may also be useful to have a "conjunction" mode that outputs metrics for blocks suffering from multiple problems (e.g. blocks that do FFI with UB). This mode may be particularly useful in ecosystem-wide analyses; it could be beneficial to the Rustonomicon, for example, to point out errors that tend to happen for a specific unsafe use-case.

audreyality avatar Jun 22 '18 11:06 audreyality

If some interfaced C code is buggy and unsafe, then respective FFI crate is also unsafe.

vi avatar Jun 26 '18 21:06 vi

I'm closing this since I'm ok with keeping things as they are right now. Linting for patterns that are known to cause undefined behavior would be an interesting feature though, but perhaps better suited for clippy.

anderejd avatar Aug 18 '19 09:08 anderejd