Rust is an emerging, strongly-typed programming language focusing on efficiency and memory safety. With increasing projects adopting Rust, knowing how to use Unsafe Rust is crucial for Rust security. We observed that the description of safety requirements needs to be unified in Unsafe Rust programming. Current unsafe API documents in the standard library exhibited variations, including inconsistency and insufficiency. To enhance Rust security, we suggest unsafe API documents to list systematic descriptions of safety requirements for users to follow. In this paper, we conducted the first comprehensive empirical study on safety requirements across unsafe boundaries. We studied unsafe API documents in the standard library and defined 19 safety properties (SP). We then completed the data labeling on 416 unsafe APIs while analyzing their correlation to find interpretable results. To validate the practical usability and SP coverage, we categorized existing Rust CVEs until 2023-07-08 and performed a statistical analysis of std unsafe API usage toward the crates.io ecosystem. In addition, we conducted a user survey to gain insights into four aspects from experienced Rust programmers. We finally received 50 valid responses and confirmed our classification with statistical significance.

翻译：Rust是一种新兴的强类型编程语言，专注于效率与内存安全。随着越来越多的项目采用Rust，掌握不安全Rust的使用方法对Rust安全性至关重要。我们观察到，在不安全Rust编程中，安全需求的描述亟需统一。当前标准库中的不安全API文档存在不一致性与不充分性等差异。为提升Rust安全性，我们建议不安全API文档应提供系统化的安全需求描述供用户遵循。本文首次对跨不安全边界的安全需求进行了全面的实证研究。我们研究了标准库中的不安全API文档，定义了19项安全属性（SP）。随后，我们对416个不安全API完成数据标注，并分析其相关性以获取可解释结果。为验证实际可用性与SP覆盖范围，我们对截至2023-07-08的现有Rust CVE进行分类，并对crates.io生态系统中标准库不安全API的使用情况进行统计分析。此外，我们开展了用户调研，从四个维度获取经验丰富的Rust程序员的见解，最终收到50份有效回复，并验证了分类结果的统计显著性。