Rust, a popular systems-level programming language, has garnered widespread attention due to its features of achieving run-time efficiency and memory safety. With an increasing number of real-world projects adopting Rust, understanding how to assist programmers in correctly writing unsafe code poses a significant challenge. Based on our observations, the current standard library has many unsafe APIs, but their descriptions are not uniform, complete, and intuitive, especially in describing safety requirements. Therefore, we advocate establishing a systematic category of safety requirements for revising those documents. In this paper, we extended and refined our study in ICSE 2024. We defined a category of Safety Properties (22 items in total) that learned from the documents of unsafe APIs in the standard library. Then, we labeled all public unsafe APIs (438 in total) and analyzed their correlations. Based on the safety properties, we reorganized all the unsafe documents in the standard library and designed a consultation plugin into rust-analyzer as a complementary tool to assist Rust developers in writing unsafe code. To validate the practical significance, we categorized the root causes of all Rust CVEs up to 2024-01-31 (419 in total) into safety properties and further counted the real-world usage of unsafe APIs in the crates.io ecosystem.
翻译:Rust作为一种流行的系统级编程语言,因其实现运行时效率与内存安全的特性而受到广泛关注。随着越来越多的实际项目采用Rust,如何帮助程序员正确编写不安全代码成为一个重要挑战。根据我们的观察,当前标准库包含大量不安全API,但其文档描述在安全性要求说明方面存在不统一、不完整且不够直观的问题。为此,我们主张建立系统化的安全性要求分类体系以修订这些文档。本文在ICSE 2024研究基础上进行了扩展与深化:我们通过分析标准库中不安全API的文档,定义了包含22个条目的安全属性分类体系。随后,我们对所有公开不安全API(共438个)进行了标注并分析其关联性。基于这些安全属性,我们重组了标准库中所有不安全代码文档,并在rust-analyzer中设计了咨询插件作为辅助工具,以帮助Rust开发者编写不安全代码。为验证实际意义,我们将截至2024年1月31日的所有Rust CVE根本原因(共419个)归类至安全属性体系,并进一步统计了crates.io生态系统中不安全API的实际使用情况。