The Rust programming language restricts aliasing and mutability to provide static safety guarantees, which developers rely on to write secure and performant applications. However, Rust is frequently used to interoperate with other languages that have far weaker restrictions. These languages support cyclic and self-referential design patterns that conflict with current models of Rust's operational semantics, representing a potentially significant source of undefined behavior that no current tools can detect. We created MiriLLI, a tool which uses existing Rust and LLVM interpreters to jointly execute multi-language Rust applications. We used our tool in a large-scale study of Rust libraries that call foreign functions, and we found 45 instances of undefined or undesirable behavior. These include four bugs from libraries that had over 10,000 daily downloads on average, one from a component of the GNU Compiler Collection (GCC), and one from a library maintained by the Rust Project. Most of these errors were caused by incompatible aliasing and initialization patterns, incorrect foreign function bindings, and invalid type conversion. The majority of aliasing violations were caused by unsound operations in Rust, but they occurred in foreign code. The Rust community must invest in new tools for validating multi-language programs to ensure that developers can easily detect and fix these errors.

翻译：Rust编程语言通过限制别名和可变性来提供静态安全保证，开发者依赖这些特性编写安全且高性能的应用程序。然而，Rust经常与具有更弱限制的其他语言进行互操作。这些语言支持循环和自引用设计模式，与当前Rust操作语义模型相冲突，代表了当前工具无法检测的潜在重大未定义行为来源。我们创建了MiriLLI工具，该工具利用现有的Rust和LLVM解释器联合执行多语言Rust应用程序。我们在调用外部函数的Rust库大规模研究中使用了该工具，发现了45个未定义或不良行为实例。其中包括来自日均下载量超过一万次的库中的四个缺陷、一个来自GNU编译器集合（GCC）组件的缺陷，以及一个由Rust项目维护的库中的缺陷。这些错误大多由不兼容的别名和初始化模式、不正确的外部函数绑定以及无效的类型转换导致。大多数别名违规由Rust中的不安全操作引起，但发生在外部代码中。Rust社区必须投资开发用于验证多语言程序的新工具，以确保开发者能够轻松检测并修复这些错误。