Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

A Mixed-Methods Study on the Implications of Unsafe Rust for Interoperation, Encapsulation, and Tooling (2404.02230v3)

Published 2 Apr 2024 in cs.SE

Abstract: The Rust programming language restricts aliasing to provide static safety guarantees. However, in certain situations, developers need to bypass these guarantees by using a set of unsafe features. If they are used incorrectly, these features can reintroduce the types of safety issues that Rust was designed to prevent. We seek to understand how current development tools can be improved to better assist developers who find it necessary to interact with unsafe code. To that end, we study how developers reason about foreign function calls, the limitations of the tools that they currently use, their motivations for using unsafe code, and how they reason about encapsulating it. We conducted a mixed-methods investigation consisting of semi-structured interviews with 19 developers, followed by a survey that reached an additional 160 developers. Our participants were motivated to use unsafe code when they perceived that there was no alternative, and most avoided using it. However, limited tooling support for foreign function calls made participants uncertain about their design choices, and certain foreign aliasing and concurrency patterns were difficult to encapsulate. To overcome these challenges, Rust developers need verification tools that can provide guarantees of soundness within multi-language applications.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (51)
  1. Stack Overflow. (2023) Stack overflow developer survey 2023. [Online]. Available: https://survey.stackoverflow.co/2023/
  2. R. Pereira, M. Couto, F. Ribeiro, R. Rua, J. Cunha, J. a. P. Fernandes, and J. a. Saraiva, “Energy efficiency across programming languages: How do energy, time, and memory relate?” in Proceedings of the 10th ACM SIGPLAN International Conference on Software Language Engineering, ser. SLE 2017.   New York, NY, USA: Association for Computing Machinery, 2017, p. 256–267. [Online]. Available: https://doi.org/10.1145/3136014.3136031
  3. B. Qin, Y. Chen, Z. Yu, L. Song, and Y. Zhang, “Understanding memory and thread safety practices and issues in real-world rust programs,” in Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, ser. PLDI 2020.   New York, NY, USA: Association for Computing Machinery, Jun. 2020, p. 763–779. [Online]. Available: https://doi.org/10.1145/3385412.3386036
  4. V. Astrauskas, C. Matheja, F. Poli, P. Müller, and A. J. Summers, “How do programmers use unsafe rust?” Proc. ACM Program. Lang., vol. 4, no. OOPSLA, Nov. 2020. [Online]. Available: https://doi.org/10.1145/3428204
  5. A. N. Evans, B. Campbell, and M. L. Soffa, “Is rust used safely by software developers?” in Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering, ser. ICSE ’20.   New York, NY, USA: Association for Computing Machinery, 2020, p. 246–257. [Online]. Available: https://doi.org/10.1145/3377811.3380413
  6. S. Zhu, Z. Zhang, B. Qin, A. Xiong, and L. Song, “Learning and programming challenges of rust: A mixed-methods study,” in Proceedings of the 44th International Conference on Software Engineering, ser. ICSE ’22.   New York, NY, USA: Association for Computing Machinery, 2022, p. 1269–1281. [Online]. Available: https://doi.org/10.1145/3510003.3510164
  7. R. Jung, H.-H. Dang, J. Kang, and D. Dreyer, “Stacked borrows: An aliasing model for rust,” Proc. ACM Program. Lang., vol. 4, no. POPL, Dec. 2019. [Online]. Available: https://doi.org/10.1145/3371109
  8. Rust Community, “Miri,” https://github.com/rust-lang/miri, Jan. 2024.
  9. N. Nethercote and J. Seward, “Valgrind: a framework for heavyweight dynamic binary instrumentation,” SIGPLAN Not., vol. 42, no. 6, p. 89–100, Jun. 2007. [Online]. Available: https://doi.org/10.1145/1273442.1250746
  10. S. Höltervennhoff, P. Klostermeyer, N. Wöhler, Y. Acar, and S. Fahl, ““I wouldn’t want my unsafe code to run my pacemaker”: An interview study on the use, comprehension, and perceived risks of unsafe rust,” in 32nd USENIX Security Symposium (USENIX Security 23).   Anaheim, CA: USENIX Association, Aug. 2023, pp. 2509–2525. [Online]. Available: https://www.usenix.org/conference/usenixsecurity23/presentation/holtervennhoff
  11. Rust Community, “cargo audit,” https://github.com/RustSec/rustsec/tree/main/cargo-audit, Feb. 2024.
  12. S. Klabnik and C. Nichols, “The rust programming language,” https://doc.rust-lang.org/book/, Nov. 2022.
  13. W. Crichton, “The usability of ownership,” CoRR, vol. abs/2011.06171, 2020. [Online]. Available: https://arxiv.org/abs/2011.06171
  14. Rust Community, “rustfmt,” https://rust-lang.github.io/rustfmt/, Mar. 2024.
  15. ——, “Clippy documentation,” https://doc.rust-lang.org/clippy/#clippy, Mar. 2024.
  16. ——, “cargo-deny,” https://embarkstudios.github.io/cargo-deny/, Feb. 2024.
  17. ——, “cargo-geiger,” https://github.com/geiger-rs/cargo-geiger, Feb. 2024.
  18. ——, “Cargo vet,” https://mozilla.github.io/cargo-vet/index.html, Feb. 2024.
  19. LLVM Project, “Clang 18.0.0git documentation,” https://clang.llvm.org/docs/, Jan. 2024.
  20. ——, “libfuzzer – a library for coverage-guided fuzz testing.” https://github.com/llvm/llvm-project/blob/main/llvm/docs/LibFuzzer.rst, Oct. 2022.
  21. N. Villani, D. Dreyer, and R. Jung, “Tree borrows,” 2023. [Online]. Available: https://github.com/Vanille-N/tree-borrows/blob/master/full/main.pdf
  22. F. S. Klock and B. Garza, “Krabcake: A rust ub detector,” Rust Verification Workshop, Apr. 2023, accessed: 2023-10-20. [Online]. Available: https://pnkfx.org/presentations/krabcake-rust-verification-2023-april.pdf
  23. A. Lattuada, T. Hance, C. Cho, M. Brun, I. Subasinghe, Y. Zhou, J. Howell, B. Parno, and C. Hawblitzel, “Verus: Verifying rust programs using linear ghost types,” Proc. ACM Program. Lang., vol. 7, no. OOPSLA1, Apr. 2023. [Online]. Available: https://doi.org/10.1145/3586037
  24. A. VanHattum, D. Schwartz-Narbonne, N. Chong, and A. Sampson, “Verifying dynamic trait objects in rust,” in Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice, ser. ICSE-SEIP ’22.   New York, NY, USA: Association for Computing Machinery, 2022, p. 321–330. [Online]. Available: https://doi.org/10.1145/3510457.3513031
  25. V. Astrauskas, P. Müller, F. Poli, and A. J. Summers, “Leveraging Rust types for modular specification and verification,” in Object-Oriented Programming Systems, Languages, and Applications (OOPSLA), vol. 3, no. OOPSLA.   ACM, 2019, pp. 147:1–147:30. [Online]. Available: http://doi.acm.org/10.1145/3360573
  26. X. Denis, J.-H. Jourdan, and C. Marché, “Creusot: A foundry for the deductive verification of rust programs,” in Formal Methods and Software Engineering: 23rd International Conference on Formal Engineering Methods, ICFEM 2022, Madrid, Spain, October 24–27, 2022, Proceedings.   Berlin, Heidelberg: Springer-Verlag, 2022, p. 90–105. [Online]. Available: https://doi.org/10.1007/978-3-031-17244-1%5F6
  27. N. Lehmann, A. T. Geller, N. Vazou, and R. Jhala, “Flux: Liquid types for rust,” Proc. ACM Program. Lang., vol. 7, no. PLDI, Jun. 2023. [Online]. Available: https://doi.org/10.1145/3591283
  28. L. Gäher, M. Sammler, R. Jung, R. Krebbers, and D. Dreyer, “Refinedrust: Towards high-assurance verification of unsafe rust programs,” Rust Verification Workshop, Apr. 2023, accessed: 2023-10-20. [Online]. Available: https://people.mpi-sws.org/~gaeher/slides/refinedrust%5Frw23.pdf
  29. M. Sammler, R. Lepigre, R. Krebbers, K. Memarian, D. Dreyer, and D. Garg, “Refinedc: Automating the foundational verification of c code with refined ownership types,” in Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation, ser. PLDI 2021.   New York, NY, USA: Association for Computing Machinery, 2021, p. 158–174. [Online]. Available: https://doi.org/10.1145/3453483.3454036
  30. Rust Community, “The ‘bindgen‘ user guide,” https://rust-lang.github.io/rust-bindgen/, Oct. 2023.
  31. ——, “cbindgen user guide,” https://github.com/mozilla/cbindgen/blob/master/docs.md, Nov. 2023.
  32. ——, “Cxx — safe interop between rust and c++,” https://cxx.rs/, Jan. 2024.
  33. ——, “The rust reference,” https://doc.rust-lang.org/reference/, Nov. 2023.
  34. ——, “The rustonomicon,” https://doc.rust-lang.org/nomicon/, Oct. 2023.
  35. ——, “Unsafe code guidelines reference,” https://rust-lang.github.io/unsafe-code-guidelines/, Oct. 2023.
  36. H. Xu, Z. Chen, M. Sun, Y. Zhou, and M. R. Lyu, “Memory-safety challenge considered solved? an in-depth study with all rust cves,” ACM Trans. Softw. Eng. Methodol., vol. 31, no. 1, Sep. 2021. [Online]. Available: https://doi.org/10.1145/3466642
  37. M. Cui, S. Sun, H. Xu, and Y. Zhou, “Is unsafe an achilles’ heel? a comprehensive study of safety requirements in unsafe rust programming,” 2023. [Online]. Available: https://doi.org/10.48550/arXiv.2011.06171
  38. K. R. Fulton, A. Chan, D. Votipka, M. Hicks, and M. L. Mazurek, “Benefits and drawbacks of adopting a secure programming language: Rust as a case study,” in Proceedings of the Seventeenth USENIX Conference on Usable Privacy and Security, ser. SOUPS’21.   USA: USENIX Association, 2021. [Online]. Available: https://www.usenix.org/conference/soups2021/presentation/fulton
  39. J. W. Creswell, V. L. P. Clark, M. L. Gutmann, and W. E. Hanson, “Advanced mixed methods research designs,” in Handbook of Mixed Methods in Social and Behavioral Research, A. Tashakkori and C. Teddlie, Eds.   Thousand Oaks, CA: Sage, 2003, ch. 8, pp. 209–240.
  40. A. Radford, J. W. Kim, T. Xu, G. Brockman, C. Mcleavey, and I. Sutskever, “Robust speech recognition via large-scale weak supervision,” in Proceedings of the 40th International Conference on Machine Learning, ser. Proceedings of Machine Learning Research, A. Krause, E. Brunskill, K. Cho, B. Engelhardt, S. Sabato, and J. Scarlett, Eds., vol. 202.   PMLR, 23–29 Jul 2023, pp. 28 492–28 518. [Online]. Available: https://proceedings.mlr.press/v202/radford23a.html
  41. A. S. S. D. GmbH. (2024) Atlas.ti web. [Online]. Available: https://atlasti.com/
  42. (2024) Qualtrics. [Online]. Available: https://www.qualtrics.com
  43. “Relevantid®.” [Online]. Available: https://www.imperium.com/relevantid/
  44. W. Liu, “Introducing recaptcha v3: the new way to stop bots,” Oct. 2018. [Online]. Available: https://developers.google.com/search/blog/2018/10/introducing-recaptcha-v3-new-way-to
  45. K. Spiel, O. L. Haimson, and D. Lottridge, “How to do better with gender on surveys: a guide for hci researchers,” Interactions, vol. 26, no. 4, p. 62–65, Jun. 2019. [Online]. Available: https://doi.org/10.1145/3338283
  46. J. Yanovski, H.-H. Dang, R. Jung, and D. Dreyer, “Ghostcell: Separating permissions from data in rust,” Proc. ACM Program. Lang., vol. 5, no. ICFP, Aug. 2021. [Online]. Available: https://doi.org/10.1145/3473597
  47. W. M. McKeeman, “Differential testing for software,” Digit. Tech. J., vol. 10, no. 1, pp. 100–107, 1998. [Online]. Available: https://www.hpl.hp.com/hpjournal/dtj/vol10num1/vol10num1art9.pdf
  48. R. O’Callahan, C. Jones, N. Froyd, K. Huey, A. Noll, and N. Partush, “Engineering record and replay for deployability,” in Proceedings of the 2017 USENIX Conference on Usenix Annual Technical Conference, ser. USENIX ATC ’17.   USA: USENIX Association, 2017, p. 377–389.
  49. C. Durham, “Document current justification for not requiring recursive reference validity (in particular, &mut uninit not being immediate ub),” https://github.com/rust-lang/unsafe-code-guidelines/issues/346, Jul. 2022.
  50. T. Chiovoloni, “Storing an object as &header, but reading the data past the end of the header,” https://github.com/rust-lang/unsafe-code-guidelines/issues/256, Nov. 2020.
  51. M. Brænne, R. Dejanovska, G. Horváth, D. Gribenko, and L. Versari, “[rfc] lifetime annotations for c++,” Apr. 2022. [Online]. Available: https://discourse.llvm.org/t/rfc-lifetime-annotations-for-c/61377
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now