Open
Description
Recent bugs and discussions highlighted that we may want to enforce some stricter (automated) code checks.
In particular, we may want to introduce semgrep
to:
- Require any non-
lock()
ingunwrap()
to be accompanied by a// safety:
comment. - Disallow usage of
SystemTime::now
/Instant::now
/Instant::elapsed_since
to maintain WASM compatibility.
Similar approaches are currently applied by other projects in the rust-bitcoin
ecosystem, related usages are for example:
- Introduce
semgrep
rust-bitcoin/rust-bech32#153 - https://github.com/fedimint/fedimint/blob/master/.config/semgrep.yaml
(cc @tcharding)
Activity
tcharding commentedon Jan 31, 2024
@dpc should be credited with finding
semgrep
not me :)Could disallow any non-lock()ing unwraps altogether and use
expect
. Not sure how you could whitelist unit tests though, not doing so might be annoying. (Inrust-bitcoin
we have an (unwritten) no-unwrap outside of unit tests policy.dpc commentedon Jan 31, 2024
Ban unwrap, except in functions that have
#[test]
? Not perfect but better than nothing.tcharding commentedon Jan 31, 2024
Simple now I read it.