From: Ralf Jung Date: Mon, 26 Sep 2022 11:11:26 +0000 (+0200) Subject: add cargo-careful blog post X-Git-Url: https://git.ralfj.de/web.git/commitdiff_plain/ffa3b27d4d3b8802b1ea3bc5eda55cb12407b9f3?ds=sidebyside add cargo-careful blog post --- diff --git a/personal/_posts/2022-09-26-cargo-careful.md b/personal/_posts/2022-09-26-cargo-careful.md new file mode 100644 index 0000000..28bfec9 --- /dev/null +++ b/personal/_posts/2022-09-26-cargo-careful.md @@ -0,0 +1,24 @@ +--- +title: "carego careful: run your Rust code with extra careful debug checking" +categories: rust +--- + +Did you know that the standard library is full of useful checks that users never get to see? +There are plenty of debug assertions in the standard library that will do things like check that `char::from_u32_unchecked` is called on a valid `char`, that `CStr::from_bytes_with_nul_unchecked` does not have internal nul bytes, or that pointer functions such as `read`, `copy`, or `copy_nonoverlapping` are called on suitably aligned non-null (and non-overlapping) pointers. +However, the regular standard library that is distributed by rustup is compiled without debug assertions, so there is no easy way for users to benefit from all this extra checking. + + + +[`cargo careful`](https://github.com/RalfJung/cargo-careful) is here to close this gap: +when invoked the first time, it builds a standard library with debug assertions from source, and then runs your program or test suite with that standard library. +Installing `cargo careful` is as easy as `cargo install cargo-careful`, and then you can do `cargo careful run`/`cargo careful test` to execute your binary crates and test suites with an extra amount of debug checking. + +This will naturally be slower than a regular debug or release build, but it is *much* faster than executing your program in [Miri](https://github.com/rust-lang/miri) and still helps find some Undefined Behavior. +Unlike Miri, it is fully FFI-compatible (though the code behind the FFI barrier is completely unchecked). +Of course Miri is much more thorough and `cargo careful` will miss many problems (for instance, it cannot detect out-of-bounds pointer arithmetic -- but it *does* perform bounds checking on `get_unchecked` slice accesses). + +Note that for now, some of these checks (in particular for raw pointer methods) cause an abrupt abort of the program via SIGILL without a nice error message or backtrace. +There are probably ways to improve this in the future. +Meanwhile, if you have some `unsafe` code that for one reason or another you cannot test with Miri, give [`cargo careful`] a try and let me know how it is doing. :) + +[`cargo careful`]: https://github.com/RalfJung/cargo-careful