We audited 10 Rust repositories spanning AI inference, agent runtimes, authentication, search, government services, ethical learning, and emulation — totaling 365 source files with 1,025+ tests. Every production .unwrap() and .expect() was manually classified: 140 total, all either algorithmically invariant or CLI-startup pattern. 8 actionable issues were found and fixed on the spot: 5 NaN-panic risks via partial_cmp().unwrap(), 1 hash-chain verification crash, 1 unguarded error propagation, and 1 ambiguous unwrap upgraded to explicit expect. A custom static analysis scanner was built and improved during the audit, catching 4 bugs in our own tooling along the way. Final result: 0 P0 risks, 0 actionable unwraps remaining.
Every finding below was detected, classified, fixed, and verified with passing tests during the audit.
partial_cmp().unwrap() on f32 values panics when either operand is NaN. Found in LLM token sampling (argmax, top-k sort, top-p sort) and anomaly detection confidence scoring. Any NaN from upstream tensor ops would crash the inference pipeline.llm-sampler/src/lib.rs — lines 192, 204, 225 (argmax, top-k, top-p)llm-models/src/llama.rs — line 880 (softmax argmax)b3-core/detectors.rs — line 330 (confidence sort)
// Before (panics on NaN): logits.iter().enumerate() .max_by(|(_, a), (_, b)| a.partial_cmp(b).unwrap()) // After (NaN-safe, total ordering): logits.iter().enumerate() .max_by(|(_, a), (_, b)| a.total_cmp(b))
partial_cmp().unwrap() → total_cmp(). NaN sorts to end deterministically. 88 + 88 tests pass.
verify() function of an append-only hash-chain log used serde_json::from_str(&line).unwrap() to parse each line. A single malformed line (disk corruption, partial write, manual edit) would panic instead of returning verification failure.logstore/src/lib.rs — line 158, verify() function// Before (panics on malformed JSON): let v: serde_json::Value = serde_json::from_str(&line).unwrap(); // After (returns chain-invalid without crash): let v: serde_json::Value = match serde_json::from_str(&line) { Ok(v) => v, Err(_) => return Ok(false), };
Ok(false) on parse failure. Verification never panics. 41 tests pass.
submit(request).unwrap() in a runtime execution path swallowed the error type. If the intervention channel was closed or full, the runtime panicked instead of propagating the error through the normal error chain.runtime.rs — line 243, submit() call inside execution loop// Before (panic on channel error): submit(request).unwrap(); // After (propagates via error chain): submit(request)?; // Added: Intervention(#[from] InterventionError) to RuntimeError
.unwrap() → ? with new InterventionError variant in RuntimeError enum. 179 tests pass.
as *const f16, std::slice::from_raw_parts) to reinterpret byte buffers. No alignment or bounds validation. Misaligned access is undefined behavior on most architectures.llm-quant/src/*.rs — 5 pointer casts in quantization kernelsllm-core/src/tensor.rs — 3 pointer casts in tensor view operations// Before (raw pointer cast, no validation): let ptr = bytes.as_ptr() as *const f16; let slice = unsafe { std::slice::from_raw_parts(ptr, count) }; // After (safe, validated by bytemuck): let slice: &[f16] = bytemuck::try_cast_slice(bytes) .map_err(|e| TensorError::AlignmentError(e))?;
bytemuck::from_bytes / try_cast_slice. 9 remaining unsafe blocks are Metal FFI, Send/Sync, mmap — all documented with SAFETY comments. 7 boundary tests added.
We built a custom Rust static analysis scanner during the audit. It found 4 bugs in itself — each improving accuracy across all 365 files.
#[cfg(test)] mod tests; → src/tests.rs was not followed. Result: +27 false positives in one repo. Fix: collect_test_module_paths() resolves indirection before counting.\bunsafe\b matched inside string literals, comments, and lint attributes. Fix: count_real_unsafe() strips strings/comments first, then matches only unsafe {/fn/impl/trait.Parser::expect(TokenKind, msg)? matched the .expect( regex. +16 false positives in one repo. Fix: require string literal argument — \.expect\s*\(\s*"./// and //! lines containing .unwrap() counted as production code. +18 false positives across 4 repos. Fix: strip_doc_comments() filters before counting.newcool-cognitive-core/crates/extractor-rust/.
panic!, todo!, or unimplemented! in production code across all 10 repos. 11 unreachable!() are all guarded by bitwise/enum invariants and documented.partial_cmp on floats is a systemic blind spot. Found in 3 of 10 repos independently. The pattern looks correct at first glance but panics on NaN — a value that routinely appears in neural network inference. total_cmp should be the default for all f32 ordering in Rust..expect("msg") in fn main — correct CLI pattern. But 1 unwrap in a library verify() function was a genuine crash risk. The distinction between binary-level and library-level unwrap tolerance is critical..unwrap(), .expect(), panic!, unsafe per file, excluding test code (#[cfg(test)], /tests/, /benches/).
Each repo scored by: prod unwrap count, test coverage, unsafe usage, invariant documentation quality.
Recurring patterns across the 10-repo ecosystem.
| Pattern | Repos | Count | Status |
|---|---|---|---|
partial_cmp().unwrap() on f32 |
3 / 10 | 5 | FIXED |
CLI .expect("msg") in fn main |
3 / 10 | 44 | SAFE |
RwLock poison .unwrap() |
1 / 10 | 30 | INVARIANT |
Regex::new(literal).unwrap() in Lazy |
2 / 10 | 21 | INVARIANT |
unreachable!() with invariant guard |
3 / 10 | 11 | DOCUMENTED |
unsafe with SAFETY comment |
1 / 10 | 9 | DOCUMENTED |
serde_json::to_string infallible |
3 / 10 | 6 | INVARIANT |
panic! / todo! in production |
0 / 10 | 0 | PASS |
Every unwrap classified. Every unsafe documented. Every fix verified with tests.
Prepaid via Stripe. No actionable findings? Full refund.
Prepaid. No actionable findings, full refund.