clippy		status: evaluated
tags: tool_management safety_affected: YES security_affected: YES tcl: HIGH version: 1.90.0 (see [1]) realizes: wp__tool_verification_report
doc_tool__clippy		Tool Verification Report

Clippy Verification Report

Introduction

Scope and purpose

Clippy is a linter tool (performs static code analysis) for the Rust programming language. It provides a collection of lints to catch common mistakes and improve code quality. Clippy helps developers identify potential issues in their Rust code, such as performance pitfalls, stylistic inconsistencies, and potential bugs.

Inputs and outputs

Inputs: Software sources (Rust), Lint configuration

Outputs: Report with detected rules violations

Fig. 18 Clippy overview

Available information

• Version: >= 1.90.0 [1]

• Official repository: rust-lang/rust-clippy

• Official documentation: rust-lang/rust-clippy

• Clippy configuration in S-CORE module repository: eclipse-score/score_rust_policies

Installation and integration

Installation

To add the Clippy Bazel targets to your project or module follow guidelines in here

Integration

Integrated in bazel.

Environment

Requires Rust toolchain and Bazel build environment.

Safety evaluation

This section outlines the safety evaluation of clippy for its use within the S-CORE project.

Table 73 Safety evaluation

Malfunction identification	Use case description	Malfunctions	Impact on safety?	Impact safety measures available?	Impact safety detection sufficient?	Further additional safety measure required?	Confidence (automatic calculation)
1	False-negative: Fail to detect non-compliance with the consistency rules	Diverging from consistency rules. However lints are not involved in ensuring correctness of code, but only a measure of quality of the source code.	no	no	yes	no	high
2	False-positive: Report non-compliance, although the code is compliant	No in code malfunction. However this will cause an failure in CI/CD checks that needs to be resolved before merging code by author through manual inspection and explanation	no	no	yes	no	high

Security evaluation

This section outlines the security evaluation of Rustfmt for its use within the S-CORE project.

Table 74 Security evaluation

Threat identification	Use case description	Threats	Impact on security?	Impact security measures available?	Impact security detection sufficient?
1	TBD	TBD	TBD	TBD	TBD

Result

Clippy does not require qualification for use in safety-related software development according to ISO 26262.

[1]

The tool version mentioned in this document is preliminary. Exact version shall be derived from qualified Rust compiler used in S-CORE project.