Checklist

• Development environment:

  • Use a stable compilation toolchain (DENV-STABLE)
  • Keep default values for critical variables in cargo profiles (DENV-CARGO-OPTS)
  • Keep default values for compiler environment variables when running cargo (DENV-CARGO-ENVVARS)
  • Use linter regularly (DENV-LINTER)
  • Use Rust formatter (rustfmt) (DENV-FORMAT)
  • Manually check automatic fixes (DENV-AUTOFIX)

• Libraries:

  • Check for outdated dependencies versions (cargo-outdated) (LIBS-OUTDATED)
  • Check for security vulnerabilities report on dependencies (cargo-audit) (LIBS-AUDIT)
  • Check for unsafe code in dependencies (LIBS-UNSAFE)

• Language generalities:

  • Respect naming conventions (LANG-NAMING)
  • Don't use unsafe blocks (LANG-UNSAFE)
  • Use appropriate arithmetic operations regarding potential overflows (LANG-ARITH)
  • Implement custom Error type, wrapping all possible errors (LANG-ERRWRAP)
  • Use the ? operator and do not use the try! macro (LANG-ERRDO)
  • Don't use functions that can cause panic! (LANG-NOPANIC)
  • Test properly array indexing or use the get method (LANG-ARRINDEXING)
  • Handle correctly panic! in FFI (LANG-FFIPANIC)

• Memory management:

  • Do not use forget (MEM-FORGET)
  • Use clippy lint to detect use of forget (MEM-FORGET-LINT)
  • Do not leak memory (MEM-LEAK)
  • Do release value wrapped in ManuallyDrop (MEM-MANUALLYDROP)
  • Always call from_raw on into_rawed value (MEM-INTOFROMRAW)
  • Do not use uninitialized memory (MEM-UNINIT)
  • Zero out memory of sensitive data after use (MEM-ZERO)

• Type system:

  • Justify Drop implementation (LANG-DROP)
  • Do not panic in Drop implementation (LANG-DROP-NO-PANIC)
  • Do not allow cycles of reference-counted Drop (LANG-DROP-NO-CYCLE)
  • Do not rely only on Drop to ensure security (LANG-DROP-SEC)
  • Justify Send and Sync implementation (LANG-SYNC-TRAITS)
  • Respect the invariants of standard comparison traits (LANG-CMP-INV)
  • Use the default method implementation of standard comparison traits (LANG-CMP-DEFAULTS)
  • Derive comparison traits when possible (LANG-CMP-DERIVE)

• Foreign Function Interface:

  • Use only C-compatible types in FFI (FFI-CTYPE)
  • Use consistent types at FFI boundaries (FFI-TCONS)
  • Use automatic binding generator tools (FFI-AUTOMATE)
  • Use portable aliases c_* when binding to platform-dependent types (FFI-PFTYPE)
  • Do not use unchecked non-robust foreign values (FFI-CKNONROBUST)
  • Check foreign values in Rust (FFI-CKINRUST)
  • Do not use reference types but pointer types (FFI-NOREF)
  • Do not use unchecked foreign references (FFI-CKREF)
  • Check foreign pointers (FFI-CKPTR)
  • Mark function pointer types in FFI as extern and unsafe (FFI-MARKEDFUNPTR)
  • Check foreign function pointers (FFI-CKFUNPTR)
  • Do not use incoming Rust enum at FFI boundary (FFI-NOENUM)
  • Use dedicated Rust types for foreign opaque types (FFI-R-OPAQUE)
  • Use incomplete C/C++ struct pointers to make type opaque (FFI-C-OPAQUE)
  • Do not use types that implement Drop at FFI boundary (FFI-MEM-NODROP)
  • Ensure clear data ownership in FFI (FFI-MEM-OWNER)
  • Wrap foreign data in memory releasing wrapper (FFI-MEM-WRAPPING)
  • Handle panic! correctly in FFI (FFI-NOPANIC)
  • Provide safe wrapping to foreign library (FFI-SAFEWRAPPING)
  • Expose dedicated C-compatible API only (FFI-CAPI)