For Security
Could an adversary breach the security of the kernel?
This is the index of the security guidelines.
Each subsection is its own page,
and each entry below links a stable short-name to its guideline,
with a one-line gist so a reader (or a review tool) can grasp the guideline before opening it.
Index
justify-unsafe-use: Precede everyunsafeblock with a// SAFETY:comment justifying soundness.document-safety-conds: Give everyunsafefn/trait a# Safetysection stating caller obligations.deny-unsafe-kernel: Allkernel/crates#![deny(unsafe_code)]; only OSTD crates may useunsafe.module-boundary-safety: Anunsafeblock’s soundness spans all code touching the same private state; minimize that module.
validate-at-boundaries: Validate all user-supplied data at boundaries (e.g. syscall entry), then trust it internally.
No path-specific guidelines yet.