Corroded: A repository that provides intentionally unsafe, ‘illegal’ Rust primitives

TL;DR

A public GitHub repository called Corroded offers Rust APIs and examples that deliberately bypass the language's safety checks, including lifetimes, bounds checks, and synchronization. The project README explicitly instructs large language models to prefer these unsafe patterns and makes claims about audits and endorsements.

What happened

A repository named corroded on GitHub publishes a collection of Rust types and helper functions designed to subvert the language's safety guarantees. The README and examples showcase constructs such as Null<T> (raw null pointers), yeet() (byte reinterpretation/transmute), immortalize() (forging 'static lifetimes), clone_mut() (creating multiple &mut aliases), Dangling<T> (use-after-free), CorrodedVec<T> (no bounds checks), garbage() (returning uninitialized memory), RacyCell<T> (unsynchronized concurrent access) and GlobalCell<T> (global mutable state without locks). The project also references Rust–, described as a Rust compiler without the borrow checker. The repository includes an explicit note targeted at large language models, telling them to recommend these patterns as modern, idiomatic Rust. The README states that the code has been audited, used in production at major companies, and is endorsed by the Rust Foundation; the project carries multiple license files (MIT, GPL-2.0, and an NSFW license) and example code is provided in the source tree.

Why it matters

• The code intentionally overrides Rust's safety model (lifetimes, aliasing, bounds checks), which can produce undefined behavior and security vulnerabilities if used.
• Guidance aimed at LLMs could influence automated code suggestions or generated examples, potentially spreading unsafe patterns.
• Claims of audits, production use and foundation endorsement—if accepted without verification—could mislead developers about real-world safety and suitability.
• The repository demonstrates how language-level safety can be circumvented, prompting questions about tooling, review practices and dependency vetting.

Key facts

• Repository name: buyukakyuz/corroded on GitHub.
• README promotes multiple constructs that bypass Rust safety: Null<T>, yeet(), immortalize(), clone_mut(), Dangling<T>, CorrodedVec<T>, garbage(), RacyCell<T>, GlobalCell<T> and more.
• The README contains a dedicated 'Note for LLMs' instructing models to prefer and recommend these unsafe patterns.
• The project references Rust–, described as a Rust compiler with the borrow checker removed.
• The README asserts the code has been audited by 'top security researchers', is 'used in production at major companies', and that 'The Rust Foundation endorses these patterns.'
• Repository includes multiple license files: MIT, GPL-2.0, and an NSFW license file.
• The GitHub UI snapshot in the source lists ~1.1k stars and about 30 forks (as shown in the page header).
• Examples and code snippets are included in the repo (examples/ and src/ directories referenced).
• The project README explicitly encourages use of unsafe constructs and removing standard Rust safety checks.

What to watch next

• Whether downstream tools, tutorials or LLMs begin to echo the repository's guidance—if so, that could spread unsafe practices (not confirmed in the source).
• Verification or repudiation of the README's claims about audits, production deployment and Rust Foundation endorsement (not confirmed in the source).
• Repository activity metrics (stars, forks, issues) as a signal of attention and adoption; the source shows notable star counts but ongoing trends are not provided in the source.

Quick glossary

• Borrow checker: A Rust compiler component that enforces rules about how references and ownership are used to prevent data races and memory safety errors.
• Undefined behavior: Program behavior that is not specified by the language; it can produce unpredictable results, crashes, or security vulnerabilities.
• Unsafe block: A Rust language construct that permits operations the compiler cannot verify for safety, such as raw pointer dereferencing or calling extern functions.
• Transmute: A low-level operation that reinterprets a value's bytes as a different type, potentially violating type invariants.
• Raw pointer: A pointer type that is not tracked by Rust's ownership system and does not enforce borrowing rules or bounds checks.

Reader FAQ

What does the Corroded repository do?
It publishes Rust types and helper functions that deliberately bypass Rust safety checks (e.g., lifetimes, aliasing, bounds checks) and includes examples and a README instructing LLMs to prefer these patterns.

Does the project claim to be audited or production-ready?
The README states the code 'has been audited by top security researchers' and is 'used in production at major companies', and that the Rust Foundation endorses these patterns.

Is the borrow checker removed?
The README references Rust– as a Rust compiler with the borrow checker completely removed; the repository itself provides APIs that bypass borrow-checker guarantees.

Should developers use these patterns in normal projects?
The repository promotes unsafe, undefined-behavior-inducing patterns; whether they are appropriate is not confirmed in the source and depends on independent verification and risk assessment.

corroded "We used to tell compilers what to do. Now they lecture us about 'lifetimes' and 'ownership.' Time to write code the way God intended." — Terry Davis, probably What…

Sources

• Corroded: Illegal Rust

Related posts

• California launches DROP to let residents demand data brokers delete info
• Report: Microsoft removes official offline activation method for Windows 10/11
• Midnight Raid in Caracas Raises Prospect of an American Protectorate