Developers rely on the static safety guarantees of the Rust programming language to write secure and performant applications. However, Rust is frequently used to interoperate with other languages which allow design patterns that conflict with Rust's evolving aliasing models. Miri is currently the only dynamic analysis tool that can validate applications against these models, but it does not support finding bugs in foreign functions, indicating that there may be a critical correctness gap across the Rust ecosystem. We conducted a large-scale evaluation of Rust libraries that call foreign functions to determine whether Miri's dynamic analyses remain useful in this context. We used Miri and an LLVM interpreter to jointly execute applications that call foreign functions, where we found 46 instances of undefined or undesired behavior in 37 libraries. Three bugs were found in libraries that had more than 10,000 daily downloads on average during our observation period, and one was found in a library maintained by the Rust Project. Many of these bugs were violations of Rust's aliasing models, but the latest Tree Borrows model was significantly more permissive than the earlier Stacked Borrows model. The Rust community must invest in new, production-ready tooling for multi-language applications to ensure that developers can detect these errors.

翻译：开发者依赖Rust编程语言的静态安全保证来编写安全且高性能的应用程序。然而，Rust经常需要与其他语言进行互操作，这些语言允许的设计模式可能与Rust不断发展的别名模型相冲突。Miri是目前唯一能够根据这些模型验证应用程序的动态分析工具，但它不支持检测外来函数中的错误，这表明整个Rust生态系统中可能存在关键的正确性缺口。我们对调用外来函数的Rust库进行了大规模评估，以确定Miri的动态分析在此背景下是否仍然有效。我们联合使用Miri和LLVM解释器来执行调用外来函数的应用程序，在37个库中发现了46例未定义或不期望的行为。其中三个错误出现在我们观察期间平均每日下载量超过10,000次的库中，还有一个错误出现在由Rust项目组维护的库中。这些错误大多违反了Rust的别名模型，但最新的Tree Borrows模型比早期的Stacked Borrows模型明显更为宽松。Rust社区必须为多语言应用程序投资开发新的、可用于生产环境的工具，以确保开发者能够检测到这些错误。