#panic #analyzer #inspector #ci #search #rust

yanked panic-free-analyzer

an audit tool to scan your crate or workspace searching for potential panic points in your codebase

1 unstable release

0.1.0 Jan 10, 2024

#24 in #inspector

MIT license

9KB
123 lines

Rust Panic Free Analyzer

Overview

Rust Panic Free Analyzer is an audit tool designed to scan your Rust crate or workspace. Its primary function is to identify potential panic points in your codebase, leading you in developing binaries and libraries that are as close to "Panic Free" as possible.

ℹī¸ As of now, it only currently searches the crates that you develop, and not the dependencies of your crates.

How does it work?

Key Identification Patterns

The tool searches for usage of several key patterns in Rust code that are often associated with panic points. These include:

  • panic!: Direct calls to the panic! macro, which causes the program to terminate immediately and provide an error message.
  • unwrap: Calls to the .unwrap() method, often used on Option or Result types, which will cause a panic if the value is None or Err.
  • expect: Similar to unwrap, but allows specifying a custom error message.
  • Array Indexing: Direct indexing into arrays (e.g., arr[index]) without bounds checking, which can panic if the index is out of bounds. (A safer indexing method is .get())
  • unreachable!: Indicates code that should never be reached; panics if executed.
  • todo! and unimplemented!: Macros indicating incomplete or unimplemented code, which will panic if reached.

Installation

To start using it, you need to install it first.

cargo install panic-free-analyzer

Usage:

After installation, you can run the analyzer on your crate or entire workspace. Use the following command:

cargo panic-analyzer

If you wish to exclude specific crates from your workspace during the analysis, set the `IGNORED_CRATES`` environment variable. Pass the names of the crates you want to exclude, separated by commas:

IGNORED_CRATES=tests,benches cargo panic-analyzer

Audit Results Example 👇

Below is an example of an audit result generated by the Rust Panic Free Analyzer:

🚨 Rust Panic Audit: 141 Potential Panic Points Detected 🚨

Crate: vrl

📊 Total Usages: 37

  • 🔎 expect usages: 1
  • 🎁 unwrap usages: 32
  • 🚨 panic usages: 1
  • đŸ”ĸ array_index usages: 3

Crate: jwt_auth

📊 Total Usages: 31

  • 🎁 unwrap usages: 29
  • đŸ”ĸ array_index usages: 2

Crate: config

📊 Total Usages: 14

  • 🚨 panic usages: 3
  • 🔎 expect usages: 3
  • 🎁 unwrap usages: 8

📌 Expected Annotations

Crate: common

📊 Total Expected Usages: 1

  • Reason: "we need this"
  • Code: panic!("Exited process!")
  • Location: ./libs/common/src/lib.rs:18

Dependencies

~3–11MB
~113K SLoC