Ferrous Systems explores multiple approaches to statically verifying that certain functions are never called in a Rust program, motivated by Ferrocene's need to certify a subset of `core` to IEC 61508 (SIL-2). Approaches covered include Clippy lints, effect type systems, linker-based tricks (no-panic), cfg hacks, and ultimately a custom rustc compiler driver. The chosen solution implements a callgraph analysis with two passes: a pre-monomorphization THIR pass for fast `cargo check` feedback, and a post-monomorphization MIR pass for reliable certification-grade analysis. The tool catches panics, unvalidated function calls, function pointer coercions, and dynamic trait object casts, even across crate boundaries and through generics.
Table of contents
1.1 The simple approach: Clippy lints1.2 The language approach: effect (type-)systems1.3 The toolchain approach: linker errors1.4 The hacky approach: cfg s1.5 The static analysis approach: a custom compiler driver1.6 core1.7 How it works1.8 Documentation1.9 Future work1.10 Try it out yourself1.11 What have we learned?Sort: