Would adding a section to the Readme about this be welcome?
Together with static analysis, I think cap-std can be used to reduce the necessary code review to know that something does not escape the capabilities handed to it. So one would only need to review the API that one uses from a crate.
For this one would need some tool(s) one could run on a crate (and recursively its dependencies) to verify that it does not use any of the following:
Any suggestions for relevant tools?
While there is research in that direction, for now none of this is to the level of formally proven, but the constructed to be correct level known from Rust.
Would adding a section to the Readme about this be welcome?
Together with static analysis, I think cap-std can be used to reduce the necessary code review to know that something does not escape the capabilities handed to it. So one would only need to review the API that one uses from a crate.
For this one would need some tool(s) one could run on a crate (and recursively its dependencies) to verify that it does not use any of the following:
#![deny(unsafe_code)]https://doc.rust-lang.org/reference/attributes/diagnostics.html , I think there are ready made tools, need to find a good recommendation)Any suggestions for relevant tools?
While there is research in that direction, for now none of this is to the level of formally proven, but the constructed to be correct level known from Rust.