Language focus

AI code review for Rust

Rust eliminates whole memory bug classes, so review energy shifts to logic, `unsafe`, async lifetimes, and FFI contracts. CodeCritic reads your diff for intent, Send/Sync boundaries, and API misuse - alongside what `cargo clippy` already enforces.

async RustFFI & unsafeWorkspace cratesPaste or PRFree tier
GitHub code review

Online paste review · All languages

Review focus

Rust risks after the borrow checker

Passing `cargo check` is table stakes. We highlight places humans must read carefully: unsafe preconditions, lock ordering, and macros that hide control flow.

  • `unsafe` blocks without documented invariants, and safe wrappers that expose UB on edge inputs.
  • Async: `Send`/`Sync` bounds that compile but deadlock at runtime, and `.await` holding locks across yield points.
  • FFI: mismatched lifetimes, incorrect `repr(C)` layouts, and panic-unwind crossing foreign frames.
  • Error handling: `unwrap` on user-facing paths, `expect` messages that leak internals, and lost context in `?` chains.
  • Macro-heavy code where expanded logic is harder to grep than the call site suggests.
  • Performance footguns: accidental clones in hot loops, unbounded allocations in parsers, and sync I/O inside async tasks.

Clippy and Miri remain authoritative for lint rules and UB experiments - use AI review for prioritization and narrative on the diff.

Stacks

Common Rust codebases we see

Async services

Tokio/runtime tuning, task cancellation, and backpressure on channels versus unbounded mpsc abuse.

Systems & FFI

C bindings, callback lifetimes, and `no_std` crates where allocators differ between host and firmware.

WASM & embedded

Size constraints, panic=abort expectations, and APIs that assume std::fs on targets without it.

Workflow

Review Rust before merge

Submit the crate surface you changed; workspace-wide reviews work best through GitHub PR scope.
  1. 1

    Paste or PR the crate slice

    Include `mod` boundaries and public items affected. For unsafe, add the safe API that calls it so invariants are visible.

  2. 2

    Triage unsafe and async first

    Findings on `unsafe`, locks, and await points get priority because they are costly to debug post-merge.

  3. 3

    Run clippy and tests locally

    Confirm automated suggestions against `cargo test` and targeted Miri runs when unsafe or FFI changed.

  4. 4

    Standardize on PR reviews

    Connect GitHub when every change to crypto, parsing, or storage layers should get the same scan.

Practice

Rust feedback you can act on

Expand macros mentally before dismissing a finding - if the call site is opaque, paste the generated snippet or simplify the macro for review.

Document safety invariants above `unsafe fn` the way you would for a human auditor; the model uses those comments.

Split drive-by refactors from behavior changes; Rust diffs get large fast and hide one-line logic bugs.

GitHub reviews keep discussion on the diff; use the same account for paste experiments and PR automation.

Workspace crates: point reviews at the package that changed so path dependencies resolve in context.

Read trust and limitations before connecting repos with proprietary algorithms or keys in source.

Details: Integrations, Limitations, Pricing.

Rust merge checklist

  • Unsafe: Every new `unsafe` has documented pre/post conditions and a safe API that enforces them.
  • Async locks: No await while holding `std::sync::Mutex` unless you accept the deadlock risk explicitly.
  • Public API: Breaking changes semver-bumped; feature flags default-safe for downstream crates.
  • Tests: Add regression tests for branches the diff introduces, especially error paths.

FAQ

Rust code review FAQ

No. Run clippy in CI for deterministic lints. CodeCritic adds narrative review on design and correctness in the diff.

Review your Rust change

Try a paste review free, then wire GitHub when the team wants every PR scanned the same way.

How it works