Skip to content

Audit crossbeam #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
yoshuawuyts opened this issue Jul 27, 2019 · 3 comments
Open

Audit crossbeam #16

yoshuawuyts opened this issue Jul 27, 2019 · 3 comments

Comments

@yoshuawuyts
Copy link

yoshuawuyts commented Jul 27, 2019
edited
Loading

https://crates.io/crates/crossbeam has about 6000 downloads a day*, has 162 inverse dependencies (of which a non-zero amount operates on untrusted input) and is generally considered a core piece of infrastructure.

A cursory search points to 67 references of unsafe, in addition to 106 references to atomics which probably makes it a suitable candidate for an audit.

*Probably more since crossbeam is a defacto repackage of several smaller crossbeam-* modules.
@Lokathor
Copy link
Contributor

WOW THEY'RE USING AN offset_of! MACRO

THAT'S A GOOD PLAN.

(it's never a good plan)

@64
Copy link

64 commented Jul 28, 2019

See also rust-lang/unsafe-code-guidelines#158

@Shnatsel
Copy link
Member

Shnatsel commented Sep 8, 2019

Not directly relevant to auditing crossbeam itself, but I've noticed they're pulling in a dependency with 170 unsafe expressions just to write a few lines with it, so I've replaced it with ad-hoc safe code: crossbeam-rs/crossbeam#414

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Shnatsel @yoshuawuyts @Lokathor @64