The Rust programming language restricts aliasing and mutability to provide static safety guarantees, which developers rely on to write secure and performant applications. However, Rust is frequently used to interoperate with other languages that have far weaker restrictions. These languages support cyclic and self-referential design patterns that conflict with current models of Rust's operational semantics, representing a potentially significant source of undefined behavior that no current tools can detect. We created MiriLLI, a tool which uses existing Rust and LLVM interpreters to jointly execute multi-language Rust applications. We used our tool in a large-scale study of Rust libraries that call foreign functions, and we found 45 instances of undefined or undesirable behavior. These include four bugs from libraries that had over 10,000 daily downloads on average, one from a component of the GNU Compiler Collection (GCC), and one from a library maintained by the Rust Project. Most of these errors were caused by incompatible aliasing and initialization patterns, incorrect foreign function bindings, and invalid type conversion. The majority of aliasing violations were caused by unsound operations in Rust, but they occurred in foreign code. The Rust community must invest in new tools for validating multi-language programs to ensure that developers can easily detect and fix these errors.

翻译：Rust编程语言通过限制别名和可变性提供静态安全保证，开发者依赖这些特性编写安全且高性能的应用程序。然而，Rust经常与具有更弱限制的其他语言互操作。这些语言支持循环和自引用设计模式，与当前Rust操作语义模型相冲突，代表了当前工具无法检测的潜在重大未定义行为来源。我们开发了MiriLLI工具，该工具利用现有的Rust和LLVM解释器联合执行多语言Rust应用程序。我们使用该工具对调用外部函数的Rust库进行了大规模研究，发现了45个未定义或不良行为的实例。其中包括四个平均每日下载量超过10,000次的库中的错误、一个来自GNU编译器集合（GCC）组件的错误，以及一个由Rust项目维护的库中的错误。这些错误大多由不兼容的别名和初始化模式、错误的外部函数绑定以及无效的类型转换引起。大多数别名违规由Rust中的不安全操作为本，但发生在外部代码中。Rust社区必须投资开发新的多语言程序验证工具，以确保开发者能够轻松检测并修复这些错误。