Stream: t-lang/wg-unsafe-code-guidelines

Topic: Miri is awesome!


Elichai Turkel (May 07 2020 at 11:20, on Zulip):

Just wanted to say that every time I see a crate with suspiciously looking unsafe code (unint/pointer offseting) I immediately reach Miri before I start to manually analyze it and it almost always finds the UBs for me :)
So thank you for this tool! @RalfJ @oli and the rest of the contributors!
(latest: https://github.com/RustSec/advisory-db/pull/290)

RalfJ (May 08 2020 at 07:57, on Zulip):

@Elichai Turkel so glad that it helps you :)

RalfJ (May 08 2020 at 07:57, on Zulip):

The one thing I want to warn against is using Miri instead of a manual audit. Miri being green is a great sign but for various reasons does not replace actually understanding the code and convincing yourself that it is correct.

RalfJ (May 08 2020 at 07:58, on Zulip):

Also, for cases where it did not find the UB but you found it later -- if you think that's a bug in Miri (and not just, say, incomplete coverage of the test suite), please let us know :D

Elichai Turkel (May 08 2020 at 09:30, on Zulip):

Obviously not instead, no static analysis will ever cover real logic errors :)

And I think these were mostly either missing shims by miri, outside of miri scope, or outside of stacked borrows (validity of value behind a ref etc)

RalfJ (May 08 2020 at 18:43, on Zulip):

Miri is not a "static analysis" though :)

RalfJ (May 08 2020 at 18:44, on Zulip):

(it's a dynamic analysis)

RalfJ (May 17 2020 at 08:45, on Zulip):

While I have the attention of some Miri users, could I ask you for feedback on this issue concerning cargo miri test argument handling?

Last update: Jun 05 2020 at 23:10UTC