0.2.2 (current) Thoroughness: Medium Understanding: Medium
by yvt on 2021-09-18
These reviews are from Crev, a distributed system for code reviews. To add your review, set up cargo-crev
.
0.2.2 (current) Thoroughness: Medium Understanding: Medium
by yvt on 2021-09-18
0.2.2 (current) Thoroughness: Medium Understanding: Medium
by vorner on 2019-11-22
The whole idea of the crate -- having a variable unitialized for a while, then return something back later on seems a bit unnatural for the whole Rust type system. This can be seen by the fact that certain cornercases are handled by not merely panicking, but outright aborting the whole process.
I didn't manage to find a way to break safety guarantees using the crate and I tried to find a loophole quite hard. But considering how questionable things it does, I'd really like to see some kind of proof or semi-formal argument saying why it is safe. Such thing is not included in the source code, unfortunately.
The repository doesn't seem to have a recent activity and the last release is 2 years ago, but it's hard to say if it's abandoned or simply considered finished.
I've also found a resource leak (that is somewhat unlikely to get triggered in real-world usage).
Therefore, I'd be somewhat wary using this myself and would need a good reason to reach for this crate -- certainly not just for convenience.
Issue: Medium (github.com/Sgeo/take_mut/pull/10)
These reviews are from cargo-vet. To add your review, set up cargo-vet
and submit your URL to its registry.
0.2.2 (current)
From google/supply-chain copy of fuchsia. By David Koloski.
Reviewed on https://fxrev.dev/883543
0.2.2 (current)
From kornelski/crev-proofs copy of git.savannah.gnu.org.
Packaged for Guix (crates-io)
cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.
This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. More…
This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…
Negligible unsoundness or average soundness.
Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2
Mild unsoundness or suboptimal soundness.
Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3
Extreme unsoundness.
Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4
May have been packaged automatically without a review
Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.
To review the actual code of the crate, it's best to use cargo crev open take_mut
. Alternatively, you can download the tarball of take_mut v0.2.2 or view the source online.
While the idea of making a variable temporarily uninitialized may sound scary, this crate takes necessary precaution to make this sound.
Unfortunately, this crate has a resource leak issue that has been left open for two years, hence the negative rating.
This crate looks unmaintained as the last commit is from 2018.
Issue: Medium (github.com/Sgeo/take_mut/pull/10)
Recovery closure leakage