From b9ec578d1f9fb1222c3764ee808b32a5bb57726d Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Wed, 28 May 2025 12:29:31 +1200 Subject: [PATCH 1/7] add unsafe-finder tool --- tools/unsafe-finder/Cargo.toml | 8 ++ tools/unsafe-finder/LICENSE-APACHE | 176 ++++++++++++++++++++++++++ tools/unsafe-finder/LICENSE-MIT | 23 ++++ tools/unsafe-finder/README.md | 49 +++++++ tools/unsafe-finder/src/main.rs | 197 +++++++++++++++++++++++++++++ 5 files changed, 453 insertions(+) create mode 100644 tools/unsafe-finder/Cargo.toml create mode 100644 tools/unsafe-finder/LICENSE-APACHE create mode 100644 tools/unsafe-finder/LICENSE-MIT create mode 100644 tools/unsafe-finder/README.md create mode 100644 tools/unsafe-finder/src/main.rs diff --git a/tools/unsafe-finder/Cargo.toml b/tools/unsafe-finder/Cargo.toml new file mode 100644 index 0000000000000..7c3284b8f73b0 --- /dev/null +++ b/tools/unsafe-finder/Cargo.toml @@ -0,0 +1,8 @@ +[package] +name = "unsafe-finder" +version = "0.1.0" +edition = "2024" + +[dependencies] +prettyplease = "0.2.32" +syn = {version = "2.0.101", features = ["full", "extra-traits", "visit"]} diff --git a/tools/unsafe-finder/LICENSE-APACHE b/tools/unsafe-finder/LICENSE-APACHE new file mode 100644 index 0000000000000..1b5ec8b78e237 --- /dev/null +++ b/tools/unsafe-finder/LICENSE-APACHE @@ -0,0 +1,176 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + +TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + +1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + +2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + +3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + +4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + +5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + +6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + +7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + +8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + +9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + +END OF TERMS AND CONDITIONS diff --git a/tools/unsafe-finder/LICENSE-MIT b/tools/unsafe-finder/LICENSE-MIT new file mode 100644 index 0000000000000..31aa79387f27e --- /dev/null +++ b/tools/unsafe-finder/LICENSE-MIT @@ -0,0 +1,23 @@ +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. diff --git a/tools/unsafe-finder/README.md b/tools/unsafe-finder/README.md new file mode 100644 index 0000000000000..e59ddb7bbe6c2 --- /dev/null +++ b/tools/unsafe-finder/README.md @@ -0,0 +1,49 @@ +# Unsafe finder + +This tool parses a Rust file and identifies three types of functions: +1. those that belong to impls and are `pub unsafe`; +2. those that belong to impls and are *not* `unsafe` but contain `unsafe` code; and, +3. those that are default functions belonging to traits and contain `unsafe` code. + +The clippy `missing_safety_doc` lint nags developers to add +(plain-text) safety comments to functions in category (1), with a +configuration option that will make clippy also complain about private +unsafe functions (default false). For the purpose of verifying the +Rust standard library, such functions should have contracts and be +verified against them. + +For categories (2) and (3), the unsafety is encapsulated in the +function; there must be some reason that the unsafe code in the +function is actually OK. (See +https://github.com/rust-lang/rust-clippy/issues/9330 for more +discussion on this issue). To verify the Rust standard library, one +must verify that there is no undefined behaviour triggered by the +unsafe code, probably by verifying the stated reason that the code is +OK. + +There are some related metrics which are automatically generated in the +`verify-rust-std` project. Those metrics live in `scritps/kani-std-analysis/metrics-data-core.json`. + +# Command-line arguments + +This tool takes a directory or a list of .rs files as input and prints +out a list of impls and traits that have functions in categories (1) +through (3), as well as the involved functions. + +``` +$ target/debug/unsafe-finder rc.rs +impl Rc {} +--- unsafe-containing fn inner +--- unsafe-containing fn into_inner_with_allocator + +impl Rc {} +--- unsafe-containing fn new +--- unsafe-containing fn new_uninit +--- unsafe-containing fn new_zeroed +--- unsafe-containing fn try_new +--- unsafe-containing fn try_new_uninit +--- unsafe-containing fn try_new_zeroed +--- unsafe-containing fn pin + +etc +``` diff --git a/tools/unsafe-finder/src/main.rs b/tools/unsafe-finder/src/main.rs new file mode 100644 index 0000000000000..0587a4bbf947e --- /dev/null +++ b/tools/unsafe-finder/src/main.rs @@ -0,0 +1,197 @@ +use syn::ImplItem; +use syn::Item::Impl; +use syn::ItemImpl; + +use syn::Item::Trait; +use syn::ItemTrait; +use syn::TraitItem; + +use syn::visit; +use syn::visit::Visit; + +use std::env; +use std::fs; +use std::io; +use std::process; +use std::path::Path; + +struct StmtVisitor { + found_unsafe: bool, +} + +impl<'ast> Visit<'ast> for StmtVisitor { + fn visit_expr_unsafe(&mut self, i: &'ast syn::ExprUnsafe) { + self.found_unsafe = true; + visit::visit_expr_unsafe(self, i); + } +} + +fn print_pub_unsafe_and_unsafe_containing_fns(ii: ItemImpl) { + let mut interesting = false; + let mut pub_unsafe_fns = Vec::new(); + let mut unsafe_containing_fns = Vec::new(); + for item in &ii.items { + match item { + ImplItem::Fn(f) => + { + // record all pub unsafe functions + if matches!(f.vis, syn::Visibility::Public(_)) && matches!(f.sig.unsafety, Some(_)) + { + interesting = true; + pub_unsafe_fns.push(format!("--- pub unsafe fn {}", f.sig.ident)); + } + // record functions that contain unsafe code in their bodies but that are not marked unsafe + else if matches!(f.sig.unsafety, None) { + let mut sv = StmtVisitor { + found_unsafe: false, + }; + sv.visit_block(&f.block); + if sv.found_unsafe { + interesting = true; + unsafe_containing_fns + .push(format!("--- unsafe-containing fn {}", f.sig.ident)); + } + } + } + _ => (), + } + } + if interesting { + // create an empty impl with the same name as ii + let mut i_copy = ii.clone(); + i_copy.items = Vec::new(); + let file = syn::File { + attrs: vec![], + items: vec![Impl(i_copy)], + shebang: None, + }; + print!("{}", prettyplease::unparse(&file)); + pub_unsafe_fns.iter().for_each(|s| { + println!("{}", s); + }); + unsafe_containing_fns.iter().for_each(|s| { + println!("{}", s); + }); + println!(); + } else { + // println!("--- nothing interesting here"); + } +} + +fn print_trait_unsafe_containing_fns(it: ItemTrait) { + let mut interesting = false; + let mut unsafe_containing_fns = Vec::new(); + for item in &it.items { + match item { + TraitItem::Fn(f) => + // record functions that contain unsafe code in their bodies but that are not marked unsafe + { + if matches!(f.sig.unsafety, None) { + let mut sv = StmtVisitor { + found_unsafe: false, + }; + if let Some(d) = &f.default { + sv.visit_block(&d); + } + if sv.found_unsafe { + interesting = true; + unsafe_containing_fns + .push(format!("--- unsafe-containing fn {}", f.sig.ident)); + } + } + } + _ => (), + } + } + if interesting { + let mut i_copy = it.clone(); + i_copy.items = Vec::new(); + let file = syn::File { + attrs: vec![], + items: vec![Trait(i_copy)], + shebang: None, + }; + print!("{}", prettyplease::unparse(&file)); + unsafe_containing_fns.iter().for_each(|s| { + println!("{}", s); + }); + println!(); + } else { + // println!("--- nothing interesting here"); + } +} + +fn handle_file(path:&Path) { + if !path.to_str().unwrap().ends_with(".rs") { + return; + } + + println!("# Unsafe usages in file {}", path.display()); + let src = fs::read_to_string(&path).expect("unable to read file"); + let syntax = syn::parse_file(&src).expect("unable to parse file"); + + for item in syntax.items { + match item { + Impl(im) => print_pub_unsafe_and_unsafe_containing_fns(im), + Trait(t) => print_trait_unsafe_containing_fns(t), + _ => (), + } + } +} + +fn handle_dir(path:&Path) -> io::Result<()> { + // https://users.rust-lang.org/t/testable-way-to-iterate-over-a-directory/81440 + let mut dirs = Vec::new(); + let mut dir_index = 0; + let mut dir_reader = fs::read_dir(path)?; + let mut had_files = false; + loop { + match dir_reader.next() { + Some(entry) => { + let cur_path = entry?.path(); + had_files = true; + if cur_path.is_dir() { + dirs.push(cur_path); + continue; + } + + if cur_path.is_file() { + handle_file(&cur_path); + continue; + } + } + _ => { + if !had_files && !dirs.is_empty() { + handle_file(&dirs[(dir_index - 1).max(0)].to_owned()); + } + if dir_index == dirs.len() { + break; + } + dir_reader = dirs[dir_index].read_dir()?; + had_files = false; + dir_index += 1; + } + } + } + + Ok(()) +} + +fn main() { + let mut args = env::args(); + let _ = args.next(); // executable name + + if args.len() == 0 { + eprintln!("Usage: unsafe-finder [directory | filename.rs]*"); + process::exit(1); + } + + for arg in args { + let path = Path::new(&arg); + if path.is_file() { + handle_file(&path); + } else if path.is_dir() { + handle_dir(&path).unwrap(); + } + } +} From 830be81e03ff284ee4b7901ea2d76153e8411da4 Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Tue, 23 Sep 2025 20:05:52 +1200 Subject: [PATCH 2/7] use output from std-analysis.sh to generate lists of unsafe functions instead of doing analysis from first principles --- tools/unsafe-finder/Cargo.toml | 4 + tools/unsafe-finder/src/main.rs | 333 ++++++++++++++++++++------------ 2 files changed, 216 insertions(+), 121 deletions(-) diff --git a/tools/unsafe-finder/Cargo.toml b/tools/unsafe-finder/Cargo.toml index 7c3284b8f73b0..1630694e76dd1 100644 --- a/tools/unsafe-finder/Cargo.toml +++ b/tools/unsafe-finder/Cargo.toml @@ -6,3 +6,7 @@ edition = "2024" [dependencies] prettyplease = "0.2.32" syn = {version = "2.0.101", features = ["full", "extra-traits", "visit"]} +csv = "1.1" +serde = { version = "1.0.55", features = ["derive"] } +regex = "1.11.2" +itertools = "0.14.0" diff --git a/tools/unsafe-finder/src/main.rs b/tools/unsafe-finder/src/main.rs index 0587a4bbf947e..dfdb8dc6263fc 100644 --- a/tools/unsafe-finder/src/main.rs +++ b/tools/unsafe-finder/src/main.rs @@ -1,142 +1,220 @@ -use syn::ImplItem; -use syn::Item::Impl; -use syn::ItemImpl; - -use syn::Item::Trait; -use syn::ItemTrait; -use syn::TraitItem; - -use syn::visit; -use syn::visit::Visit; - use std::env; use std::fs; +use std::error::Error; use std::io; use std::process; use std::path::Path; -struct StmtVisitor { - found_unsafe: bool, +use std::collections::HashMap; + +use itertools::Itertools; + +use serde::Serialize; +use serde::Deserialize; + +use regex::Regex; + +// from kani repo's tools/scanner/src/analysis.rs: +#[derive(Clone, Debug, Serialize, Deserialize)] +struct FnStats { + name: String, + is_unsafe: Option, + has_unsafe_ops: Option, + has_unsupported_input: Option, + has_loop_or_iterator: Option, + is_public: Option, +} + +#[derive(Clone)] +struct StructuredFnName { + krate: String, + module_path: Vec, + type_parameters: Vec, + item: String, } -impl<'ast> Visit<'ast> for StmtVisitor { - fn visit_expr_unsafe(&mut self, i: &'ast syn::ExprUnsafe) { - self.found_unsafe = true; - visit::visit_expr_unsafe(self, i); +#[derive(PartialOrd, Ord, Hash, Eq, PartialEq)] +struct CrateAndModules { + krate: String, + module_path: Vec +} + +fn split_by_double_colons(s:&str) -> Vec { + let mut bracket_level = 0; + let mut current_string = String::new(); + let mut previous_strings = vec![]; + let mut colons = 0; + for c in s.chars() { + current_string.push(c); + match c { + '<' => bracket_level += 1, + '>' => bracket_level -= 1, + ':' => { + if bracket_level > 0 { continue; } + colons += 1; + if colons == 2 { + colons = 0; + previous_strings.push(current_string[..current_string.len()-2].to_string()); + current_string.clear(); + }}, + _ => () + } } + previous_strings.push(current_string.clone()); + previous_strings } -fn print_pub_unsafe_and_unsafe_containing_fns(ii: ItemImpl) { - let mut interesting = false; - let mut pub_unsafe_fns = Vec::new(); - let mut unsafe_containing_fns = Vec::new(); - for item in &ii.items { - match item { - ImplItem::Fn(f) => - { - // record all pub unsafe functions - if matches!(f.vis, syn::Visibility::Public(_)) && matches!(f.sig.unsafety, Some(_)) - { - interesting = true; - pub_unsafe_fns.push(format!("--- pub unsafe fn {}", f.sig.ident)); - } - // record functions that contain unsafe code in their bodies but that are not marked unsafe - else if matches!(f.sig.unsafety, None) { - let mut sv = StmtVisitor { - found_unsafe: false, - }; - sv.visit_block(&f.block); - if sv.found_unsafe { - interesting = true; - unsafe_containing_fns - .push(format!("--- unsafe-containing fn {}", f.sig.ident)); - } - } - } - _ => (), - } - } - if interesting { - // create an empty impl with the same name as ii - let mut i_copy = ii.clone(); - i_copy.items = Vec::new(); - let file = syn::File { - attrs: vec![], - items: vec![Impl(i_copy)], - shebang: None, - }; - print!("{}", prettyplease::unparse(&file)); - pub_unsafe_fns.iter().for_each(|s| { - println!("{}", s); - }); - unsafe_containing_fns.iter().for_each(|s| { - println!("{}", s); - }); - println!(); - } else { - // println!("--- nothing interesting here"); +fn split_by_commas(s:&str) -> Vec { + let mut bracket_level = 0; + let mut parens_level = 0; + let mut current_string = String::new(); + let mut previous_strings = vec![]; + for c in s.chars() { + current_string.push(c); + match c { + '<' => bracket_level += 1, + '>' => bracket_level -= 1, + '(' => parens_level += 1, + ')' => parens_level -= 1, + ',' => { + if bracket_level > 0 || parens_level > 0 { continue; } + previous_strings.push(current_string[..current_string.len()-1].trim().to_string()); + current_string.clear(); + }, + _ => () + } } + previous_strings.push(current_string.trim().to_string().clone()); + previous_strings } -fn print_trait_unsafe_containing_fns(it: ItemTrait) { - let mut interesting = false; - let mut unsafe_containing_fns = Vec::new(); - for item in &it.items { - match item { - TraitItem::Fn(f) => - // record functions that contain unsafe code in their bodies but that are not marked unsafe - { - if matches!(f.sig.unsafety, None) { - let mut sv = StmtVisitor { - found_unsafe: false, - }; - if let Some(d) = &f.default { - sv.visit_block(&d); - } - if sv.found_unsafe { - interesting = true; - unsafe_containing_fns - .push(format!("--- unsafe-containing fn {}", f.sig.ident)); - } - } - } - _ => (), - } - } - if interesting { - let mut i_copy = it.clone(); - i_copy.items = Vec::new(); - let file = syn::File { - attrs: vec![], - items: vec![Trait(i_copy)], - shebang: None, - }; - print!("{}", prettyplease::unparse(&file)); - unsafe_containing_fns.iter().for_each(|s| { - println!("{}", s); - }); - println!(); - } else { - // println!("--- nothing interesting here"); +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn colons_singleton() { + let result = split_by_double_colons("a"); + assert_eq!(result, ["a"]); + } + + #[test] + fn colons_no_brackets() { + let result = split_by_double_colons("one::two"); + assert_eq!(result, ["one", "two"]); + } + + #[test] + fn colons_brackets_no_colons() { + let result = split_by_double_colons("one::::three"); + assert_eq!(result, ["one", "", "three"]); + } + + #[test] + fn colons_brackets_with_colons() { + let result = split_by_double_colons("one::::three"); + assert_eq!(result, ["one", "", "three"]); + } + + #[test] + fn commas_singleton() { + let result = split_by_commas("a"); + assert_eq!(result, ["a"]); + } + + #[test] + fn commas_brackets() { + let result = split_by_commas(""); + assert_eq!(result, [""]); + } + + #[test] + fn commas_no_brackets() { + let result = split_by_commas("a, b"); + assert_eq!(result, ["a","b"]); + } + + #[test] + fn commas_parens() { + let result = split_by_commas("(a,b)"); + assert_eq!(result, ["(a,b)"]); + } + + #[test] + fn commas_unmatched() { + let result = split_by_commas(" StructuredFnName { + let brackets_re = Regex::new(r"<(.+)>").unwrap(); + + let parts:Vec = split_by_double_colons(&raw_name).into_iter().rev().collect(); + let mut parts_index = 0; + let item = &parts[parts_index]; parts_index += 1; + let tp = &parts[parts_index].as_str(); + let type_parameters = if brackets_re.is_match(tp) { + let tp_commas = &brackets_re.captures(tp).unwrap(); + parts_index += 1; + split_by_commas(&tp_commas[1]).into_iter().map(|x| x.to_string()).collect() + } else { + vec![] + }; + let mut mp = vec![]; + while parts_index < parts.len() { + mp.push(parts[parts_index].to_string()); + parts_index += 1; + } + let kr = match mp.pop() { + Some(k) => k, + None => "".to_string() + }; + + StructuredFnName { + krate: kr, + module_path: mp.into_iter().rev().collect(), + type_parameters: type_parameters.into_iter().map(|x| x.to_string()).collect(), + item: item.to_string() } +} + +fn handle_file(path:&Path) -> Result<(), Box> { + let path_contents = fs::read_to_string(&path).expect("unable to read file"); + let mut rdr = csv::ReaderBuilder::new().delimiter(b';').from_reader(path_contents.as_bytes()); println!("# Unsafe usages in file {}", path.display()); - let src = fs::read_to_string(&path).expect("unable to read file"); - let syntax = syn::parse_file(&src).expect("unable to parse file"); - for item in syntax.items { - match item { - Impl(im) => print_pub_unsafe_and_unsafe_containing_fns(im), - Trait(t) => print_trait_unsafe_containing_fns(t), - _ => (), - } + let mut fns_by_crate_and_modules: HashMap> = HashMap::new(); + + for result in rdr.deserialize() { + let fn_stats: FnStats = result?; + if matches!(fn_stats.is_unsafe, Some(true)) { + let structured_fn_name = parse_fn_name(fn_stats.name); + let krate_and_module_path = CrateAndModules { + krate: structured_fn_name.krate.clone(), + module_path: structured_fn_name.module_path.clone() + }; + match fns_by_crate_and_modules.get_mut(&krate_and_module_path) { + Some(fns) => fns.push(structured_fn_name.clone()), + None => { fns_by_crate_and_modules.insert(krate_and_module_path, vec![structured_fn_name.clone()]); } + } + } } + + for krm in fns_by_crate_and_modules.keys().sorted() { + println!("crate {}, modules {:?}", krm.krate, krm.module_path); + if let Some(fns) = fns_by_crate_and_modules.get(krm) { + for structured_fn_name in fns { + println!("--- unsafe-containing fn {}", structured_fn_name.item); + if !structured_fn_name.type_parameters.is_empty() { + println!(" type parameters {:?}", structured_fn_name.type_parameters); + } + } + } + } + + Ok(()) } fn handle_dir(path:&Path) -> io::Result<()> { @@ -156,13 +234,20 @@ fn handle_dir(path:&Path) -> io::Result<()> { } if cur_path.is_file() { - handle_file(&cur_path); + if let Err(err) = handle_file(&cur_path) { + println!("error processing {}: {}", cur_path.display(), err); + process::exit(1); + } continue; } } _ => { if !had_files && !dirs.is_empty() { - handle_file(&dirs[(dir_index - 1).max(0)].to_owned()); + let target = dirs[(dir_index - 1).max(0)].to_owned(); + if let Err(err) = handle_file(&target) { + println!("error processing {}: {}", target.display(), err); + process::exit(1); + } } if dir_index == dirs.len() { break; @@ -182,16 +267,22 @@ fn main() { let _ = args.next(); // executable name if args.len() == 0 { - eprintln!("Usage: unsafe-finder [directory | filename.rs]*"); + // should we only handle files named "_scan_functions.csv"? + eprintln!("Usage: unsafe-finder [[prefix]_scan_functions.csv]*"); process::exit(1); } for arg in args { let path = Path::new(&arg); if path.is_file() { - handle_file(&path); + if let Err(err) = handle_file(&path) { + eprintln!("error processing {}: {}", arg, err); + process::exit(1); + } } else if path.is_dir() { handle_dir(&path).unwrap(); + } else { + eprintln!("could not open {}", arg); } } } From ab22aeac6e6e5ab5ae061afcbc90e6d943a57c76 Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Wed, 24 Sep 2025 21:01:32 +1200 Subject: [PATCH 3/7] also print fns with unsafe ops, and parse trait impls --- tools/unsafe-finder/src/main.rs | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/tools/unsafe-finder/src/main.rs b/tools/unsafe-finder/src/main.rs index dfdb8dc6263fc..9960578fc36fb 100644 --- a/tools/unsafe-finder/src/main.rs +++ b/tools/unsafe-finder/src/main.rs @@ -27,6 +27,7 @@ struct FnStats { #[derive(Clone)] struct StructuredFnName { + trait_impl: Option<(String, String)>, krate: String, module_path: Vec, type_parameters: Vec, @@ -148,9 +149,22 @@ mod tests { } fn parse_fn_name(raw_name:String) -> StructuredFnName { + let trait_impl_re = Regex::new(r"<(.+) as (.+)>").unwrap(); let brackets_re = Regex::new(r"<(.+)>").unwrap(); let parts:Vec = split_by_double_colons(&raw_name).into_iter().rev().collect(); + + if parts.len() == 2 && trait_impl_re.is_match(&parts[1]) { + let ti_captures = trait_impl_re.captures(&parts[1]).unwrap(); + return StructuredFnName { + trait_impl: Some((ti_captures[1].to_string(), ti_captures[2].to_string())), + krate: "".to_string(), + module_path: vec![], + type_parameters: vec![], + item: parts[0].to_string() + } + } + let mut parts_index = 0; let item = &parts[parts_index]; parts_index += 1; let tp = &parts[parts_index].as_str(); @@ -172,10 +186,11 @@ fn parse_fn_name(raw_name:String) -> StructuredFnName { }; StructuredFnName { - krate: kr, - module_path: mp.into_iter().rev().collect(), - type_parameters: type_parameters.into_iter().map(|x| x.to_string()).collect(), - item: item.to_string() + trait_impl: None, + krate: kr, + module_path: mp.into_iter().rev().collect(), + type_parameters: type_parameters.into_iter().map(|x| x.to_string()).collect(), + item: item.to_string() } } @@ -189,7 +204,7 @@ fn handle_file(path:&Path) -> Result<(), Box> { for result in rdr.deserialize() { let fn_stats: FnStats = result?; - if matches!(fn_stats.is_unsafe, Some(true)) { + if matches!(fn_stats.is_unsafe, Some(true)) || matches!(fn_stats.has_unsafe_ops, Some(true)) { let structured_fn_name = parse_fn_name(fn_stats.name); let krate_and_module_path = CrateAndModules { krate: structured_fn_name.krate.clone(), @@ -207,6 +222,9 @@ fn handle_file(path:&Path) -> Result<(), Box> { if let Some(fns) = fns_by_crate_and_modules.get(krm) { for structured_fn_name in fns { println!("--- unsafe-containing fn {}", structured_fn_name.item); + if let Some(ti) = &structured_fn_name.trait_impl { + println!(" trait {} as {}", ti.0, ti.1); + } else {} if !structured_fn_name.type_parameters.is_empty() { println!(" type parameters {:?}", structured_fn_name.type_parameters); } From dfb4dfd6df1a35b9038736e1b32efb5ee63f2d6a Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Thu, 25 Sep 2025 11:36:57 +1200 Subject: [PATCH 4/7] no krates --- tools/unsafe-finder/src/main.rs | 33 ++++++++------------------------- 1 file changed, 8 insertions(+), 25 deletions(-) diff --git a/tools/unsafe-finder/src/main.rs b/tools/unsafe-finder/src/main.rs index 9960578fc36fb..2515e639b7c0a 100644 --- a/tools/unsafe-finder/src/main.rs +++ b/tools/unsafe-finder/src/main.rs @@ -27,19 +27,12 @@ struct FnStats { #[derive(Clone)] struct StructuredFnName { - trait_impl: Option<(String, String)>, - krate: String, + trait_impl: Option<(String, String)>, // type as trait module_path: Vec, type_parameters: Vec, item: String, } -#[derive(PartialOrd, Ord, Hash, Eq, PartialEq)] -struct CrateAndModules { - krate: String, - module_path: Vec -} - fn split_by_double_colons(s:&str) -> Vec { let mut bracket_level = 0; let mut current_string = String::new(); @@ -158,7 +151,6 @@ fn parse_fn_name(raw_name:String) -> StructuredFnName { let ti_captures = trait_impl_re.captures(&parts[1]).unwrap(); return StructuredFnName { trait_impl: Some((ti_captures[1].to_string(), ti_captures[2].to_string())), - krate: "".to_string(), module_path: vec![], type_parameters: vec![], item: parts[0].to_string() @@ -180,14 +172,9 @@ fn parse_fn_name(raw_name:String) -> StructuredFnName { mp.push(parts[parts_index].to_string()); parts_index += 1; } - let kr = match mp.pop() { - Some(k) => k, - None => "".to_string() - }; StructuredFnName { trait_impl: None, - krate: kr, module_path: mp.into_iter().rev().collect(), type_parameters: type_parameters.into_iter().map(|x| x.to_string()).collect(), item: item.to_string() @@ -200,30 +187,26 @@ fn handle_file(path:&Path) -> Result<(), Box> { println!("# Unsafe usages in file {}", path.display()); - let mut fns_by_crate_and_modules: HashMap> = HashMap::new(); + let mut fns_by_modules: HashMap, Vec> = HashMap::new(); for result in rdr.deserialize() { let fn_stats: FnStats = result?; if matches!(fn_stats.is_unsafe, Some(true)) || matches!(fn_stats.has_unsafe_ops, Some(true)) { let structured_fn_name = parse_fn_name(fn_stats.name); - let krate_and_module_path = CrateAndModules { - krate: structured_fn_name.krate.clone(), - module_path: structured_fn_name.module_path.clone() - }; - match fns_by_crate_and_modules.get_mut(&krate_and_module_path) { + match fns_by_modules.get_mut(&structured_fn_name.module_path) { Some(fns) => fns.push(structured_fn_name.clone()), - None => { fns_by_crate_and_modules.insert(krate_and_module_path, vec![structured_fn_name.clone()]); } + None => { fns_by_modules.insert(structured_fn_name.module_path.clone(), vec![structured_fn_name.clone()]); } } } } - for krm in fns_by_crate_and_modules.keys().sorted() { - println!("crate {}, modules {:?}", krm.krate, krm.module_path); - if let Some(fns) = fns_by_crate_and_modules.get(krm) { + for mp in fns_by_modules.keys().sorted() { + println!("modules {:?}", mp); + if let Some(fns) = fns_by_modules.get(mp) { for structured_fn_name in fns { println!("--- unsafe-containing fn {}", structured_fn_name.item); if let Some(ti) = &structured_fn_name.trait_impl { - println!(" trait {} as {}", ti.0, ti.1); + println!(" trait impl: type {} as trait {}", ti.0, ti.1); } else {} if !structured_fn_name.type_parameters.is_empty() { println!(" type parameters {:?}", structured_fn_name.type_parameters); From 255e8f2c7839a871b89a83f5315f4f61dad48234 Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Thu, 25 Sep 2025 11:41:31 +1200 Subject: [PATCH 5/7] no directories --- tools/unsafe-finder/src/main.rs | 60 +++------------------------------ 1 file changed, 4 insertions(+), 56 deletions(-) diff --git a/tools/unsafe-finder/src/main.rs b/tools/unsafe-finder/src/main.rs index 2515e639b7c0a..55b251f62b5df 100644 --- a/tools/unsafe-finder/src/main.rs +++ b/tools/unsafe-finder/src/main.rs @@ -1,7 +1,6 @@ use std::env; use std::fs; use std::error::Error; -use std::io; use std::process; use std::path::Path; @@ -218,51 +217,6 @@ fn handle_file(path:&Path) -> Result<(), Box> { Ok(()) } -fn handle_dir(path:&Path) -> io::Result<()> { - // https://users.rust-lang.org/t/testable-way-to-iterate-over-a-directory/81440 - let mut dirs = Vec::new(); - let mut dir_index = 0; - let mut dir_reader = fs::read_dir(path)?; - let mut had_files = false; - loop { - match dir_reader.next() { - Some(entry) => { - let cur_path = entry?.path(); - had_files = true; - if cur_path.is_dir() { - dirs.push(cur_path); - continue; - } - - if cur_path.is_file() { - if let Err(err) = handle_file(&cur_path) { - println!("error processing {}: {}", cur_path.display(), err); - process::exit(1); - } - continue; - } - } - _ => { - if !had_files && !dirs.is_empty() { - let target = dirs[(dir_index - 1).max(0)].to_owned(); - if let Err(err) = handle_file(&target) { - println!("error processing {}: {}", target.display(), err); - process::exit(1); - } - } - if dir_index == dirs.len() { - break; - } - dir_reader = dirs[dir_index].read_dir()?; - had_files = false; - dir_index += 1; - } - } - } - - Ok(()) -} - fn main() { let mut args = env::args(); let _ = args.next(); // executable name @@ -274,16 +228,10 @@ fn main() { } for arg in args { - let path = Path::new(&arg); - if path.is_file() { - if let Err(err) = handle_file(&path) { - eprintln!("error processing {}: {}", arg, err); - process::exit(1); - } - } else if path.is_dir() { - handle_dir(&path).unwrap(); - } else { - eprintln!("could not open {}", arg); + let path = Path::new(&arg); + if let Err(err) = handle_file(&path) { + eprintln!("error processing {}: {}", arg, err); + process::exit(1); } } } From cfd4bca719a7b44ae34390492309a2bb5f2c108f Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Thu, 25 Sep 2025 12:06:19 +1200 Subject: [PATCH 6/7] print [pub] for public fns --- tools/unsafe-finder/src/main.rs | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/tools/unsafe-finder/src/main.rs b/tools/unsafe-finder/src/main.rs index 55b251f62b5df..a3037a10dd443 100644 --- a/tools/unsafe-finder/src/main.rs +++ b/tools/unsafe-finder/src/main.rs @@ -30,6 +30,7 @@ struct StructuredFnName { module_path: Vec, type_parameters: Vec, item: String, + is_public: bool } fn split_by_double_colons(s:&str) -> Vec { @@ -140,7 +141,7 @@ mod tests { } } -fn parse_fn_name(raw_name:String) -> StructuredFnName { +fn parse_fn_name(raw_name:String, is_public:bool) -> StructuredFnName { let trait_impl_re = Regex::new(r"<(.+) as (.+)>").unwrap(); let brackets_re = Regex::new(r"<(.+)>").unwrap(); @@ -152,7 +153,8 @@ fn parse_fn_name(raw_name:String) -> StructuredFnName { trait_impl: Some((ti_captures[1].to_string(), ti_captures[2].to_string())), module_path: vec![], type_parameters: vec![], - item: parts[0].to_string() + item: parts[0].to_string(), + is_public: is_public } } @@ -176,7 +178,8 @@ fn parse_fn_name(raw_name:String) -> StructuredFnName { trait_impl: None, module_path: mp.into_iter().rev().collect(), type_parameters: type_parameters.into_iter().map(|x| x.to_string()).collect(), - item: item.to_string() + item: item.to_string(), + is_public: is_public } } @@ -191,7 +194,7 @@ fn handle_file(path:&Path) -> Result<(), Box> { for result in rdr.deserialize() { let fn_stats: FnStats = result?; if matches!(fn_stats.is_unsafe, Some(true)) || matches!(fn_stats.has_unsafe_ops, Some(true)) { - let structured_fn_name = parse_fn_name(fn_stats.name); + let structured_fn_name = parse_fn_name(fn_stats.name, fn_stats.is_public.is_some() && fn_stats.is_public.unwrap()); match fns_by_modules.get_mut(&structured_fn_name.module_path) { Some(fns) => fns.push(structured_fn_name.clone()), None => { fns_by_modules.insert(structured_fn_name.module_path.clone(), vec![structured_fn_name.clone()]); } @@ -203,7 +206,7 @@ fn handle_file(path:&Path) -> Result<(), Box> { println!("modules {:?}", mp); if let Some(fns) = fns_by_modules.get(mp) { for structured_fn_name in fns { - println!("--- unsafe-containing fn {}", structured_fn_name.item); + println!("--- unsafe-containing fn {} {}", structured_fn_name.item, if structured_fn_name.is_public { "[pub]" } else { "" } ); if let Some(ti) = &structured_fn_name.trait_impl { println!(" trait impl: type {} as trait {}", ti.0, ti.1); } else {} From 3856e98e26e221d57875a80b61297300f4302e32 Mon Sep 17 00:00:00 2001 From: Patrick Lam Date: Thu, 25 Sep 2025 12:10:16 +1200 Subject: [PATCH 7/7] say what unsupported input is --- tools/unsafe-finder/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/unsafe-finder/src/main.rs b/tools/unsafe-finder/src/main.rs index a3037a10dd443..bd5f43e336815 100644 --- a/tools/unsafe-finder/src/main.rs +++ b/tools/unsafe-finder/src/main.rs @@ -19,7 +19,7 @@ struct FnStats { name: String, is_unsafe: Option, has_unsafe_ops: Option, - has_unsupported_input: Option, + has_unsupported_input: Option, // i.e. a function contains coroutines, floats, fn defs, fn ptrs, interior mut, raw pointers, recursive types, and mut refs has_loop_or_iterator: Option, is_public: Option, }