https://crates.io/crates/crossbeam has about 6000 downloads a day*, has 162 inverse dependencies (of which a non-zero amount operates on untrusted input) and is generally considered a core piece of infrastructure.

A cursory search points to 67 references of unsafe, in addition to 106 references to atomics which probably makes it a suitable candidate for an audit.

*Probably more since crossbeam is a defacto repackage of several smaller crossbeam-* modules.

WOW THEY'RE USING AN offset_of! MACRO

THAT'S A GOOD PLAN.

(it's never a good plan)

See also rust-lang/unsafe-code-guidelines#158

Not directly relevant to auditing crossbeam itself, but I've noticed they're pulling in a dependency with 170 unsafe expressions just to write a few lines with it, so I've replaced it with ad-hoc safe code: crossbeam-rs/crossbeam#414