cargo-semver-checks VS scip

If you'd like to dig deeper, here are some links:

- cargo-semver-checks: https://github.com/obi1kenobi/cargo-semver-checks

- Trustfall query engine, which powers cargo-semver-checks: https://github.com/obi1kenobi/trustfall

- Trustfall playground, where you can query Rust library APIs in your browser -- for example, "which structs in `itertools` are importable by more than one path": https://play.predr.ag/rustdoc#?f=2&q=*3-Structs-importable-f...

- 10min conference talk on Trustfall: https://www.hytradboi.com/2022/how-to-query-almost-everythin...

I'm also giving a talk at P99 CONF in a few months about how Trustfall's new optimizations API made cargo-semver-checks over 2300x faster: https://twitter.com/PredragGruevski/status/16893002495908003...

I strongly recommend that anybody creating new error types for public APIs read Study of std::io::Error by u/matklad to see some ways that error types can [need to] be future-proofed. I don't know if cargo-semver-checks can catch these issues when they're generated by a macro, but it'd be something people using this crate should carefully look into.

cargo-semver-checks will implement a check for cases like this, and many other hazards like it. The check will be major, or minor, or just a hazard — whatever the overall community decides is right.

Full release notes: https://github.com/obi1kenobi/cargo-semver-checks/releases/tag/v0.18.0

Release notes, TL;DR: Rust 1.65+ only, no more false positives due to moved+re-exported items.

security is up there, but from reading the examples in CodeQL it just seemed like it would be possible to express some truly great versions of "don't do that" rules in it. I am a total JetBrains fanboi, and their introspections are world-class, but getting Qodana to run to completion before the heat death of the universe has proven to require more glucose than I have to offer it. Thus, I'm always interested in alternate implementations, even though I am acutely aware of the computational complexity of what I'm asking

I recalled another link I wish I had included in my question from the SourceGraph folks https://github.com/sourcegraph/scip#scip-code-intelligence-p... which started out life as "Language Server Indexing Protocol" and seems to solve some similar project-wide introspection questions but TBH since their rug pull I've been a lot less willing to hitch my wagon to their train

New standards proliferate all the time and many simply cannot rely solely on a compiler language server but can rely on a custom semantic information protocol - SCIP comes to mind. :)

Over the last ~9 months or so, we've been moving away from LSIF and have been using SCIP instead. https://github.com/sourcegraph/scip (announcement blog post, which covers the reasons for why we stopped using LSIF: https://about.sourcegraph.com/blog/announcing-scip)

This is pretty much exactly what we've built at Sourcegraph. Microsoft had introduced (but pretty much abandoned before it even started) LSIF, a static index format for LSP servers requests/responses.

We took that torch and carried it forward, building the spiritual successor called SCIP[0]. It's language agnostic, we have indexers for quite a few languages already, and we genuinely intend for it to be vendor neutral / a proper OSS project[1].

[0] https://about.sourcegraph.com/blog/announcing-scip

[1] https://github.com/sourcegraph/scip

Created a PR to mention tools using SCIP in the README. https://github.com/sourcegraph/scip/pull/101

I've looked into the pull request that added SCIP support to rust-analyzer, and apparently rust-analyzer uses the scip crate. The linked PR also links to a blog post that explains the motivation for scip. The github repo of the scip crate lives here, it's not linked in Cargo.toml, probably should.