The authors conducted a large-scale study of Rust libraries that call foreign functions, using a tool called MiriLLI to detect violations of Rust's aliasing model. They found 45 instances of undefined or undesirable behavior across 35 different libraries, including bugs in popular libraries and even in a component of the GNU Compiler Collection (GCC).
The key insights from the study are:
Rust's restrictions on cyclic and self-referential data structures can lead to undefined behavior when interfacing with foreign libraries that use these patterns freely. The most common issues were "Tree Borrows" violations, memory leaks, and uses of uninitialized memory.
Developers can inadvertently introduce undefined behavior through safe operations at foreign function boundaries, due to incompatible aliasing and initialization patterns, incorrect foreign function bindings, and invalid type conversions.
The Rust community must invest in new tools to validate multi-language programs and detect these types of errors, as current best practices and tooling are insufficient.
The authors created MiriLLI, which extends existing Rust and LLVM interpreters to jointly execute programs and detect violations of Rust's aliasing model across foreign function calls. They used MiriLLI to analyze test cases from 957 Rust libraries that call foreign functions, finding 45 unique instances of undefined behavior.
Till ett annat språk
från källinnehåll
arxiv.org
Djupare frågor