Demystifying Compiler Unstable Feature Usage and Impacts in the Rust Ecosystem

from arxiv, Published in ICSE'2024 Conference: https://conf.researchr.org/details/icse-2024/icse-2024-research-track/6/Demystifying-Compiler-Unstable-Feature-Usage-and-Impacts-in-the-Rust-Ecosystem. Project webiste: https://sites.google.com/view/ruf-study/home. Released Source Code Zonodo: https://zenodo.org/records/8289375

Rust programming language is gaining popularity rapidly in building reliable and secure systems due to its security guarantees and outstanding performance. To provide extra functionalities, the Rust compiler introduces Rust unstable features (RUF) to extend compiler functionality, syntax, and standard library support. However, these features are unstable and may get removed, introducing compilation failures to dependent packages. Even worse, their impacts propagate through transitive dependencies, causing large-scale failures in the whole ecosystem. Although RUF is widely used in Rust, previous research has primarily concentrated on Rust code safety, with the usage and impacts of RUF from the Rust compiler remaining unexplored. Therefore, we aim to bridge this gap by systematically analyzing the RUF usage and impacts in the Rust ecosystem. We propose novel techniques for extracting RUF precisely, and to assess its impact on the entire ecosystem quantitatively, we accurately resolve package dependencies. We have analyzed the whole Rust ecosystem with 590K package versions and 140M transitive dependencies. Our study shows that the Rust ecosystem uses 1000 different RUF, and at most 44% of package versions are affected by RUF, causing compiling failures for at most 12%. To mitigate wide RUF impacts, we further design and implement a RUF-compilation-failure recovery tool that can recover up to 90% of the failure. We believe our techniques, findings, and tools can help to stabilize the Rust compiler, ultimately enhancing the security and reliability of the Rust ecosystem.

翻译：Rust编程语言凭借其安全性保障和卓越性能，在构建可靠和安全系统方面迅速普及。为提供额外功能，Rust编译器引入了Rust不稳定特性（RUF）以扩展编译器功能、语法和标准库支持。然而，这些特性并不稳定，可能会被移除，从而导致依赖包出现编译失败。更糟糕的是，其影响通过传递性依赖传播，导致整个生态系统出现大规模故障。尽管RUF在Rust中广泛应用，但此前的研究主要集中于Rust代码安全性，而从Rust编译器角度对RUF的使用和影响尚未被探索。因此，我们旨在通过系统分析Rust生态系统中RUF的使用和影响来填补这一空白。我们提出了精确提取RUF的新技术，并定量评估其对整个生态系统的影响，同时准确解析包依赖关系。我们分析了包含59万个包版本和1.4亿个传递性依赖的完整Rust生态系统。研究表明，Rust生态系统使用了1000种不同的RUF，最多44%的包版本受到RUF影响，其中最多12%导致编译失败。为缓解RUF的广泛影响，我们进一步设计并实现了一个RUF编译失败恢复工具，可恢复高达90%的失败。我们相信，我们的技术、发现和工具有助于稳定Rust编译器，最终提升Rust生态系统的安全性和可靠性。