mio

Audit of mio 1.2.1, the low-level non-blocking I/O library underlying tokio. Matches upstream Git byte-for-byte. No build script, no crypto, no subprocess spawn, no env reads. Capability surface is the kernel sockets/pipes/readiness APIs the crate exists to wrap, with ~114 tightly-scoped unsafe blocks each wrapping a single OS call. Three low-severity findings: a documented-but-not-present epoll race, scope statement on the soundness boundary, and the panicking shell backend when os-poll is off.

mio 1.2.0 is a cross-platform non-blocking I/O event loop backed by epoll, kqueue, poll(2), WASI poll_oneoff, and Windows IOCP/AFD. One medium-severity finding: 93 of 114 unsafe blocks lack SAFETY comments, reducing auditability. No soundness or security issues were found in the selector implementations, Waker backends, fd-lifetime management, or IOCP bridging layer.

mio 0.8.11 wraps epoll, kqueue, and IOCP behind a unified non-blocking I/O event API. One medium-severity quality finding: 145 of 146 unsafe blocks carry no SAFETY comment, though the invariants were verified by inspection. The unsafe sites are sound; the IOCP overlapped-pointer ownership protocol is correct but convention-reliant.