One in five Rust packages use unsafe mode

Rust Foundation published statistics, according to which out of 127 thousand significant packages presented in the catalog crates.iomore than 24 thousand (19.11%) use the keyword “unsafe” to disable memory safety checks in individual blocks of code or when calling functions. 34.35% of packages make direct calls to functions from other crate packages that use the “unsafe” mode.

It is noted that in most cases the use of the “unsafe” mode is due to calling code written in other languages ​​or accessing libraries in C/C++. The crate package developed by Microsoft was recognized as the package with the largest number of calls in “unsafe” mode. windows, which is a wrapper over the Windows platform API. This package has 36 million downloads. Unsafe is also used in the most popular packages syn (470 million downloads), proc-macro2 (354 million downloads) and libc (345 million downloads).


To identify problems in code executed in “unsafe” mode, the project is developing an interpreter Miriwhich allows you to determine accesses outside the bounds of buffers, memory usage after it is freed, incorrect use of uninitialized data, violation of the invariance of basic types (for example, bool does not correspond to the values ​​0 or 1), violation of object ownership rules, the occurrence of race conditions and memory leaks.

Thanks for reading: