technolution / rustig Goto Github PK
View Code? Open in Web Editor NEWA tool to detect code paths leading to Rust's panic handler
License: Apache License 2.0
A tool to detect code paths leading to Rust's panic handler
License: Apache License 2.0
The README says to use cargo install --git https://github.com/Technolution/rustig
but doing this outputs:
error: multiple packages with binaries found: arithmetic, binary_search, capturing_closure_invocation, direct, empty, hello_world, indexing, indirect, lib_calls, multi_dep, rustig, threads, trait_invocation, unwrap
Tried specifying the rustic binary with cargo install --git https://github.com/Technolution/rustig --bin rustig
but that resulted in the same error
It's bad UI design to have required option flags on a command-line tool. In fact, the documentation for Python's in-stdlib argument parsing library explicitly teaches people to avoid it.
This...
rustig [FLAGS] [OPTIONS] --binary <FILE>
...should be this...
rustig [FLAGS] [OPTIONS] <FILE>
Requiring --binary
or -b
before what could be a positional argument just makes the command more awkward to type without any improvement in its expressive power.
One of the dependencies fails to build with the following error:
Compiling cpp_demangle v0.2.9
error[E0034]: multiple applicable items in scope
--> C:\Users\mail\.cargo\registry\src\github.com-1ecc6299db9ec823\petgraph-0.4.12\src\graph_impl\stable_graph\mod.rs:1171:19
|
1171 | self.iter.find_map(|(i, node)| {
| ^^^^^^^^ multiple `find_map` found
|
note: candidate #1 is defined in an impl of the trait `iter_utils::IterUtilsExt` for the type `_`
It seems this is fixed in a newer minor point release of the dependency (i.e., cpp_demangle version 0.2.12).
It might be good to allow automatic upgrades of the rustig dependencies to newer minor point releases.
Is it actual tool for people to use or just some academic experiment?
Rustig outputs a lot of places that can panic on real projects. However, in safe code exploiting a panic is not very interesting for an attacker: the best it gets you is denial of service, and there are lots of ways to do that anyway.
However, this is not true for unsafe code. Unsafe Rust needs to uphold certain invariants even in presence of panics, and doing so is far from natural or obvious. There are real vulnerabilities caused by lack of panic safety.
Therefore, it would be nice to have a mode that highlights places that can panic in unsafe code only, to aid in auditing unsafe code.
I just came across your post to the user forums and thought I'd try rustig
out against a no_std
gcode parsing library i'm working on. When I ran the program on the cli-reader
example in my gcode-rs crate, rustig
itself panicked...
Here's a copy of the offending binary:
And steps to reproduce:
$ cd /tmp
$ git clone https://github.com/Michael-F-Bryan/gcode-rs
Cloning into 'gcode-rs'...
remote: Counting objects: 851, done.
remote: Compressing objects: 100% (112/112), done.
remote: Total 851 (delta 112), reused 195 (delta 98), pack-reused 633
Receiving objects: 100% (851/851), 3.92 MiB | 263.00 KiB/s, done.
Resolving deltas: 100% (475/475), done.
$ cd gcode-rs
$ cargo rustc --release --example cli-reader -- -g
Updating registry `https://github.com/rust-lang/crates.io-index`
Compiling nodrop v0.1.12
Compiling difference v2.0.0
Compiling ansi_term v0.11.0
Compiling arrayvec v0.4.7
Compiling pretty_assertions v0.5.1
Compiling gcode v0.3.0 (file:///tmp/gcode-rs)
warning: unused import: `ErrorKind`============================> ] 6/7: gcode
--> examples/cli-reader.rs:7:34
|
7 | use std::io::{self, Read, Error, ErrorKind, BufReader, BufRead};
| ^^^^^^^^^
|
= note: #[warn(unused_imports)] on by default
Finished release [optimized] target(s) in 10.44s
$ rustig --binary target/release/examples/cli-reader
thread 'main' panicked at 'index 40 out of range for slice of length 0', libcore/slice/mod.rs:1962:5
note: Run with `RUST_BACKTRACE=1` for a backtrace.
$ RUST_BACKTRACE=1 rustig --binary target/release/examples/cli-reader
thread 'main' panicked at 'index 40 out of range for slice of length 0', libcore/slice/mod.rs:1962:5
stack backtrace:
0: std::sys::unix::backtrace::tracing::imp::unwind_backtrace
at libstd/sys/unix/backtrace/tracing/gcc_s.rs:49
1: std::sys_common::backtrace::print
at libstd/sys_common/backtrace.rs:71
at libstd/sys_common/backtrace.rs:59
2: std::panicking::default_hook::{{closure}}
at libstd/panicking.rs:211
3: std::panicking::default_hook
at libstd/panicking.rs:227
4: std::panicking::rust_panic_with_hook
at libstd/panicking.rs:475
5: std::panicking::continue_panic_fmt
at libstd/panicking.rs:390
6: rust_begin_unwind
at libstd/panicking.rs:325
7: core::panicking::panic_fmt
at libcore/panicking.rs:77
8: core::slice::slice_index_len_fail
at libcore/slice/mod.rs:1962
9: panic_analysis::panic_calls::panic_message::get_bytes_at_address
10: <panic_analysis::panic_calls::panic_message::CorePanickingPanicMessageFinder as panic_analysis::panic_calls::panic_message::PanicMessageFinder>::find_panic_message
11: core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &'a mut F>::call_once
12: <alloc::vec::Vec<T> as alloc::vec::SpecExtend<T, I>>::from_iter
13: <panic_analysis::panic_calls::DefaultPanicCallsFinder as panic_analysis::panic_calls::PanicCallsFinder>::find_panics
14: panic_analysis::find_panics
15: rustig::main
16: std::rt::lang_start::{{closure}}
17: std::panicking::try::do_call
at libstd/rt.rs:59
at libstd/panicking.rs:310
18: __rust_maybe_catch_panic
at libpanic_unwind/lib.rs:105
19: std::rt::lang_start_internal
at libstd/panicking.rs:289
at libstd/panic.rs:392
at libstd/rt.rs:58
20: main
21: __libc_start_main
22: _start
You guys did an excellent job I should say after reading your doc and report.
Some examples of usage would be quite helpful for people to learn using this app I think.
Caught panic trying to run tool with binary depending on atomic primitive AtomicU64:
thread 'main' panicked at 'No DW_AT_low_pc attribute found for function _ZN4core4sync6atomic11AtomicUsize4load17h6a7ef750e69dfd6eE', lib/callgraph/src/callgraph/mod.rs:286:13
Currently this is blocked by: #9.
The main tool (CLI) can be published. The main libraries (callgraph and panic_analysis) can also be released separately.
Currently the callgraph library has a very specific dependency on the capstone library:
capstone = { git = "https://github.com/capstone-rust/capstone-rs.git", rev = "dc10578aa27414afc93f0a87959b2f0c22dc66c3" }
Newer version of this library changed their API to include lifetimes.
The code in the callgraph library needs refactoring to accept a newer capstone version.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.