RAPx is a static Rust analysis platform developed by researchers at Artisan-Lab, Fudan University. The project aims to provide a foundation for Rust programmers to develop or use advanced static analysis features beyond those offered by the rustc compiler. For further details, please refer to the RAPx-Book.
The project is still under heavy development.
Install nightly-2024-10-12 on which rapx is compiled with. This just needs to do once on your machine. If the toolchain exists,
this will do nothing.
rustup toolchain install nightly-2024-10-12 --profile minimal --component rustc-dev,rust-src,llvm-tools-preview
cargo +nightly-2024-10-12 install rapx --git https://github.com/Artisan-Lab/RAPx.gitNavigate to your Rust project folder containing a Cargo.toml file. Then run cargo-rapx with toolchain override shorthand syntax.
cargo rapx [rapx options] -- [cargo check options]
where `-- [cargo check options]` is optional, and if specified, they are passed to cargo check.Alternatively, you can switch to the pinned toolchain ahead of time:
# set up rapx's toolchain as default
rustup default nightly-2024-10-12
# run cargo rapx without +toolchain syntax any more
cargo rapx [rapx options] -- [cargo check options]Check out supported options with -help:
cargo rapx -help or by manually specifying the toolchain version.
cargo +nightly-2024-10-12 rapx -help Environment variables (Values are case insensitive):
| var | default when absent | one of these values | description |
|---|---|---|---|
RAP_LOG |
info | debug, info, warn | verbosity of logging |
RAP_CLEAN |
true | true, false | run cargo clean before check |
RAP_RECURSIVE |
none | none, shallow, deep | scope of packages to check |
For RAP_RECURSIVE:
- none: check for current folder
- shallow: check for current workpace members
- deep: check for all workspaces from current folder
NOTE: for shallow or deep, rapx will enter each member folder to do the check.
The following command analyzes each function and output the aliases.
RAP_LOG=debug cargo rapx -alias=mop
If RAPx gets stuck after executing cargo clean, try manually downloading metadata dependencies by running cargo metadata.
The following command generates the API-dependency graph, which is useful for code synthesis, e.g., generating fuzz drivers.
cargo rapx -api-dep
The generated dot file can be visualized via graphviz.
dot -Tpng api_graph.dot -o output.png
Detect bugs such as use-after-free and double free in Rust crates caused by unsafe code.
cargo rapx -FDetect memory leakage bugs caused by apis like ManuallyDrop and into_raw().
cargo rapx -M
