I'm looking at the crev review of
redox_syscall: https://github.com/MaulingMonkey/crev-proofs/commit/0e29470384492587074e19a2a1ff7adc341bea25 , pasted inline:
version: -1 date: "2019-07-24T14:53:11.836480900-07:00" from: id-type: crev id: 6OZqHXqyUAF57grEY7IVMjRljdd9dgDxiNtr1NF1BdY url: "https://github.com/MaulingMonkey/crev-proofs" package: source: "https://crates.io" name: redox_syscall version: 0.1.56 revision: e3fd644ba9830d104c309f77c36dc6b94f92f2b1 digest: FTw1q2J_JAvJHFyP4Xn0URVlkBDh1xI3mxs5sFn_A-U review: thoroughness: low understanding: low rating: negative comment: | Exposes unsound APIs, lots of unverified syscalls. Reviewed: src\arch\*.rs: Skimmed... looks reasonable, but didn't verify correct instructions / register invalidation. src\io\dma.rs: Some unsafe... looks correct, but not thoroughly tested. src\io\io.rs: +1 src\io\mmio.rs: UNSOUND (can construct uninitialized() T via "safe" `Mmio::new()`!) src\io\mod.rs: +1 src\io\pio.rs: Some unsafe... looks reasonable, but didn't verify correct instructions. src\scheme\generate.sh: +1 src\scheme\mod.rs: +1 src\scheme\scheme*.rs: UNSOUND (can construct arbitrary slices from arbitrary Packet s via `Scheme*::handle`) .cargo_vcs_info.json: +1 .cargo-ok: +1 .gitlab-ci.yml: +1 Cargo.toml: +1 Cargo.toml.orig: +1 LICENSE: +1 README.md: +1 Skimmed: src\call.rs: Lots of unsafe syscalls... unverified. src\data.rs: UNSOUND (Map deref etc.) src\error.rs: No tests for STR_ERROR, but at least it's sound. src\flag.rs: Sound, magic constant city, meh. src\lib.rs: LEAKS UNSOUND TRAITS into public interface! src\number.rs: Safe, magic constant city. src\tests.rs: Unsafe, but only #[test]s
I just wanted to bring it to your attention. I guess in a low-level crate like this it might be more complicated to judge the
unsafe issues. Please let me know what you think. Are some of the unsafety issues real? Is there anything that can be improved about it?