TY - GEN
T1 - Understanding memory and thread safety practices and issues in real-world Rust programs
AU - Qin, Boqin
AU - Chen, Yilun
AU - Yu, Zeming
AU - Song, Linhai
AU - Zhang, Yiying
N1 - Publisher Copyright:
© 2020 ACM.
PY - 2020/6/11
Y1 - 2020/6/11
N2 - Rust is a young programming language designed for systems software development. It aims to provide safety guarantees like high-level languages and performance efficiency like low-level languages. The core design of Rust is a set of strict safety rules enforced by compile-time checking. To support more low-level controls, Rust allows programmers to bypass these compiler checks to write unsafe code. It is important to understand what safety issues exist in real Rust programs and how Rust safety mechanisms impact programming practices. We performed the first empirical study of Rust by close, manual inspection of 850 unsafe code usages and 170 bugs in five open-source Rust projects, five widely-used Rust libraries, two online security databases, and the Rust standard library. Our study answers three important questions: how and why do programmers write unsafe code, what memory-safety issues real Rust programs have, and what concurrency bugs Rust programmers make. Our study reveals interesting real-world Rust program behaviors and new issues Rust programmers make. Based on our study results, we propose several directions of building Rust bug detectors and built two static bug detectors, both of which revealed previously unknown bugs.
AB - Rust is a young programming language designed for systems software development. It aims to provide safety guarantees like high-level languages and performance efficiency like low-level languages. The core design of Rust is a set of strict safety rules enforced by compile-time checking. To support more low-level controls, Rust allows programmers to bypass these compiler checks to write unsafe code. It is important to understand what safety issues exist in real Rust programs and how Rust safety mechanisms impact programming practices. We performed the first empirical study of Rust by close, manual inspection of 850 unsafe code usages and 170 bugs in five open-source Rust projects, five widely-used Rust libraries, two online security databases, and the Rust standard library. Our study answers three important questions: how and why do programmers write unsafe code, what memory-safety issues real Rust programs have, and what concurrency bugs Rust programmers make. Our study reveals interesting real-world Rust program behaviors and new issues Rust programmers make. Based on our study results, we propose several directions of building Rust bug detectors and built two static bug detectors, both of which revealed previously unknown bugs.
UR - https://www.scopus.com/pages/publications/85086823957
UR - https://www.scopus.com/pages/publications/85086823957#tab=citedBy
U2 - 10.1145/3385412.3386036
DO - 10.1145/3385412.3386036
M3 - Conference contribution
AN - SCOPUS:85086823957
T3 - Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)
SP - 763
EP - 779
BT - PLDI 2020 - Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation
A2 - Donaldson, Alastair F.
A2 - Torlak, Emina
PB - Association for Computing Machinery
T2 - 41st ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2020
Y2 - 15 June 2020 through 20 June 2020
ER -