Code reviews of the ArrayVec crate // Lib.rs

These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.

0.7.6 — diff review from 0.7.2 only (current) safe-to-deploy

From mozilla/supply-chain copy of hg. By Alex Franchuk.

Manually verified new unsafe pointer arithmetic.

The current version of ArrayVec is 0.7.6.

0.7.4 (older version) safe-to-run, does-not-implement-crypto

From google/supply-chain copy of chromium. Audited without comment by Nicholas Bishop.

0.7.4 (older version) unknown

From kornelski/crev-proofs copy of salsa.debian.org.

Only in debcargo (unstable). Changelog:

Team upload.
Upload to unstable
Package arrayvec 0.7.4 from crates.io using debcargo 2.6.1

0.7.4 (older version) unknown

From kornelski/crev-proofs copy of git.savannah.gnu.org.

Packaged for Guix (crates-io)

0.7.2 (older version) safe-to-deploy

From bytecodealliance/wasmtime. By Nick Fitzgerald.

Well documented invariants, good assertions for those invariants in unsafe code, and tested with MIRI to boot. LGTM.

cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.

safe-to-run

This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…

does-not-implement-crypto (implies crypto-safe)

Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own.

Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be "good enough" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.

crypto-safe

Implied by other criteria

All crypto algorithms in this crate have been reviewed by a relevant expert.

Note: If a crate does not implement crypto, use does-not-implement-crypto, which implies crypto-safe, but does not require expert review in order to audit for.

safe-to-deploy (implies safe-to-run)

This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. More…

unknown

May have been packaged automatically without a review

These reviews are from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.

The current version of ArrayVec is 0.7.6.

0.7.2 (older version) Rating: Positive Thoroughness: Medium Understanding: Low

by ThomasdenH on 2021-12-23

The crate uses a lot of unsafe, although the conditions for safety seem to have been taken in consideration carefully. The use of unsafe consists of: - Handling len/capacity where bounds are checked manually. This looks correct. - Handling unitialized memory for indices >= len. I don't know enough about it to judge correctness here - Handling utf8 conversions/assumptions. For example, the conversion from char to bytes. Correctness is checked for every byte here, so this is likely correct, too.

0.5.1 (older version) Rating: Neutral Thoroughness: Medium Understanding: Medium

by MaulingMonkey on 2019-12-22

Stack/value variable length arrays without heap fallback.

Pros:

Maybe sound?
Better than what you'll write.

Cons:

History of unsoundness (0.4.10 and earlier)
Disturbing amounts of unsafe

This version switched some slices possibly containing uninit (UB!) to use pointers instead. This makes encode_utf8 unsafe, sadly.

Diff	Rating	Notes
.cargo_vcs_info.json	+1
.gitignore	+1
Cargo.lock	+1	Rust version bump?
Cargo.toml	+1	debug [profile.*]
Cargo.toml.orig	+1	debug [profile.*]
README.rst	+1
*.{events,string_data,string_index}	0	Binary test files, unreviewed
src/array.rs	+1	Removed `#[inline]`
src/array_string.rs	+1	Added `fn len`, removed `#[inline]`, use ptr instead of slice
src/chars.rs	+1	`encode_utf8` is now sadly unsafe, more test coverage
src/lib.rs	+1	Inline tweaks, more (correct) ptr use, add `as_*_ptr` to match Vec (safe/sound)

0.5.0 (older version) Rating: Neutral Thoroughness: Medium Understanding: Medium

by MaulingMonkey on 2019-09-25

Show review…

Stack/value variable length arrays without heap fallback.

Pros:

Maybe sound?
Better than what you'll write.

Cons:

History of unsoundness (0.4.10 and earlier)
Disturbing amounts of unsafe

Diff	Rating	Notes
.cargo_vs_info.json	+1
.travis.yml	+1	MSRV bumped to 1.36.0, features tweaked.
Cargo.toml	+1	feature "serde-1" -> "serde", 2018 edition, drop cruft
Cargo.toml.orig	+1
README.rst	0	"(not yet released)" no longer accurate.
benches/extend.rs	+1	+black_box
build.rs	+1	Dropped?
src/array.rs	+1	Improved safety docs, although could use more explaination of what relies on the invariants. () and bool indexing for 1/2-len arrays.
src/array_string.rs	0	mem::zeroed -> MaybeUninitCopy::uninitialized. Lots of Copy constraints, one transmute -> from_utf8_unchecked_mut (safer).
src/lib.rs	0	truncate now unsafe (but sound), new try_extend_from_slice is unsafe (but sound). ArrayVec::extend ZST handling is obtuse, would be unsound in C++, but I believe sound in Rust, maybe?
src/maybe_uninit.rs	+1
src/maybe_uninit_nodrop.rs	+1	Removed
src/maybe_uninit_stable.rs	+1	Removed
src/range.rs	+1	Removed
tests/serde.rs	+1
tests/tests.rs	+1	New test cases

0.4.11 (older version) Rating: Positive Thoroughness: Low Understanding: Medium

Approved without comment by kornelski on 2019-07-22

Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository with a git tag matching the version. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.

Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.

To review the actual code of the crate, it's best to use cargo crev open arrayvec. Alternatively, you can download the tarball of arrayvec v0.7.6 or view the source online.