Pitfalls of Safe Rust
a year ago
- #Memory Safety
- #Common Pitfalls
- #Rust
- Rust's memory safety is important but not sufficient for overall reliability.
- Common bugs in safe Rust include type casting mistakes, logic bugs, panics from unwrap/expect, malicious build.rs scripts, incorrect unsafe code, and race conditions.
- Tips to avoid common problems: protect against integer overflow, avoid 'as' for numeric conversions, use bounded types, don't index into arrays without bounds checking, use split_at_checked, make invalid states unrepresentable, avoid primitive types for business logic, handle default values carefully, implement Debug safely, be careful with serialization, protect against TOCTOU, use constant-time comparison for sensitive data, don't accept unbounded input, be aware of Path::join behavior with absolute paths, check for unsafe code in dependencies with cargo-geiger.
- Clippy can prevent many of these issues at compile time.
- Testing, linting, and fuzzing are still important in Rust for maximum robustness.