skip to main content

Safer at any speed: automatic context-aware safety enhancement for Rust

Published:15 October 2021Publication History
Skip Abstract Section

Abstract

Type-safe languages improve application safety by eliminating whole classes of vulnerabilities–such as buffer overflows–by construction. However, this safety sometimes comes with a performance cost. As a result, many modern type-safe languages provide escape hatches that allow developers to manually bypass them. The relative value of performance to safety and the degree of performance obtained depends upon the application context, including user goals and the hardware upon which the application is to be executed. Since libraries may be used in many different contexts, library developers cannot make safety-performance trade-off decisions appropriate for all cases. Application developers can tune libraries themselves to increase safety or performance, but this requires extra effort and makes libraries less reusable. To address this problem, we present NADER, a Rust development tool that makes applications safer by automatically transforming unsafe code into equivalent safe code according to developer preferences and application context. In end-to-end system evaluations in a given context, NADER automatically reintroduces numerous library bounds checks, in many cases making application code that uses popular Rust libraries safer with no corresponding loss in performance.

Skip Supplemental Material Section

Supplemental Material

Auxiliary Presentation Video

This is a presentation video for OOPSLA'21 on our accepted paper in the research track. In this paper, we present NADER, a Rust development tool that makes applications safer by automatically transforming unsafe code into equivalent safe code according to developer preferences and application context. In end-to-end system evaluations in a given context, NADER automatically reintroduces numerous library bounds checks, in many cases making application code that uses popular Rust libraries safer with no corresponding loss in performance.

References

  1. P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. 2008. Preventing Memory Error Exploits with WIT. In 2008 IEEE Symposium on Security and Privacy (sp 2008). 263–277. https://doi.org/10.1109/SP.2008.30 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Periklis Akritidis, Manuel Costa, Miguel Castro, and Steven Hand. 2009. Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense Against Out-of-Bounds Errors. In 18th USENIX Security Symposium (USENIX Security ’09) (18th usenix security symposium (usenix security ’09) ed.). USENIX. https://www.microsoft.com/en-us/research/publication/baggy-bounds-checking-an-efficient-and-backwards-compatible-defense-against-out-of-bounds-errors/ Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Jyrki Alakuijala, Andrea Farruggia, Paolo Ferragina, Eugene Kliuchnikov, Robert Obryk, Zoltan Szabadka, and Lode Vandevenne. 2019. Brotli: A General-Purpose Data Compressor. ACM Transactions on Information Systems, 37, 1 (2019), Jan., 1–30. issn:1046-8188, 1558-2868 https://doi.org/10.1145/3231935 Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Apple. 2021. Swift Programming Language. https://swift.org/ [Online; accessed April-2021].Google ScholarGoogle Scholar
  5. Vytautas Astrauskas, Christoph Matheja, Federico Poli, Peter Müller, and Alexander J. Summers. 2020. How Do Programmers Use Unsafe Rust? Proc. ACM Program. Lang., 4, OOPSLA (2020), Article 136, Nov., 27 pages. https://doi.org/10.1145/3428204 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. AWS. 2021. Firecracker. https://firecracker-microvm.github.io/ [Online; accessed April-2021].Google ScholarGoogle Scholar
  7. BLAKE3 Team. 2021. BLAKE3. https://github.com/BLAKE3-team/BLAKE3 [Online; accessed April-2021].Google ScholarGoogle Scholar
  8. Rastislav Bodík, Rajiv Gupta, and Vivek Sarkar. 2000. ABCD: Eliminating Array Bounds Checks on Demand. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation (PLDI ’00). Association for Computing Machinery, New York, NY, USA. 321–333. isbn:1581131992 https://doi.org/10.1145/349299.349342 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Cloudflare. 2021. Boring Tun. https://github.com/cloudflare/boringtun [Online; accessed April-2021].Google ScholarGoogle Scholar
  10. Cloudflare. 2021. quiche. https://github.com/cloudflare/quiche [Online; accessed April-2021].Google ScholarGoogle Scholar
  11. Charlie Curtsinger and Emery D. Berger. 2018. Coz: Finding Code That Counts with Causal Profiling. Commun. ACM, 61, 6 (2018), May, 91–99. issn:0001-0782 https://doi.org/10.1145/3205911 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. S Deorowicz. 2003. Silesia Compression Corpus. Silesian University of Technology, Poland.Google ScholarGoogle Scholar
  13. Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve. 2006. SAFECode: Enforcing Alias Analysis for Weakly Typed Languages. In Proceedings of the 27th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’06). Association for Computing Machinery, New York, NY, USA. 144–157. isbn:1595933204 https://doi.org/10.1145/1133981.1133999 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Diesel Team. 2021. DIESEL: A safe, extensible ORM and Query Builder for Rust. https://github.com/diesel-rs/diesel [Online; accessed April-2021].Google ScholarGoogle Scholar
  15. Alan A.A. Donovan and Brian W. Kernighan. 2015. The Go Programming Language (1st ed.). Addison-Wesley Professional. isbn:0134190440 Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Dropbox. 2020. Dropbox/Rust-Brotli-Decompressor. https://github.com/google/brotliGoogle ScholarGoogle Scholar
  17. Zakir Durumeric, Frank Li, James Kasten, Johanna Amann, Jethro Beekman, Mathias Payer, Nicolas Weaver, David Adrian, Vern Paxson, Michael Bailey, and J. Alex Halderman. 2014. The Matter of Heartbleed. In Proceedings of the 2014 Conference on Internet Measurement Conference (IMC ’14). Association for Computing Machinery, New York, NY, USA. 475–488. isbn:9781450332132 https://doi.org/10.1145/2663716.2663755 Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Ana Nora Evans, Bradford Campbell, and Mary Lou Soffa. 2020. Is Rust Used Safely by Software Developers? In Proceedings of the ACM/IEEE 42nd International Conference on Software Engineering (ICSE ’20). Association for Computing Machinery, New York, NY, USA. 246–257. isbn:9781450371216 https://doi.org/10.1145/3377811.3380413 Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. fnm Team. 2021. Fast Node Manager. https://github.com/Schniz/fnm [Online; accessed April-2021].Google ScholarGoogle Scholar
  20. Google. 2021. FlatBuffers. https://google.github.io/flatbuffers/ [Online; accessed April-2021].Google ScholarGoogle Scholar
  21. Rajiv Gupta. 1993. Optimizing Array Bound Checks Using Flow Analysis. ACM Lett. Program. Lang. Syst., 2, 1–4 (1993), March, 135–150. issn:1057-4514 https://doi.org/10.1145/176454.176507 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Hyperium. 2021. Tonic. https://github.com/hyperium/tonic [Online; accessed April-2021].Google ScholarGoogle Scholar
  23. InfluxData. 2021. Flux - Influx data language. https://github.com/influxdata/flux [Online; accessed April-2021].Google ScholarGoogle Scholar
  24. Iron Team. 2021. Iron. https://github.com/iron/iron [Online; accessed April-2021].Google ScholarGoogle Scholar
  25. Ralf Jung, Jacques-Henri Jourdan, Robbert Krebbers, and Derek Dreyer. 2017. RustBelt: Securing the foundations of the Rust programming language. Proceedings of the ACM on Programming Languages, 2, POPL (2017), 1–34. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Paul Kocher, Jann Horn, Anders Fogh, Daniel Genkin, Daniel Gruss, Werner Haas, Mike Hamburg, Moritz Lipp, Stefan Mangard, Thomas Prescher, Michael Schwarz, and Yuval Yarom. 2019. Spectre Attacks: Exploiting Speculative Execution. In 40th IEEE Symposium on Security and Privacy (S&P’19).Google ScholarGoogle Scholar
  27. Priyadarshan Kolte and Michael Wolfe. 1995. Elimination of Redundant Array Subscript Range Checks. In Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation (PLDI ’95). Association for Computing Machinery, New York, NY, USA. 270–278. isbn:0897916972 https://doi.org/10.1145/207110.207160 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Chinmay Kulkarni, Sara Moore, Mazhar Naqvi, Tian Zhang, Robert Ricci, and Ryan Stutsman. 2018. Splinter: Bare-Metal Extensions for Multi-Tenant Low-Latency Storage. In 13th USENIX Symposium on Operating Systems Design and Implementation (OSDI 18). USENIX Association, Carlsbad, CA. 627–643. isbn:978-1-939133-08-3 https://www.usenix.org/conference/osdi18/presentation/kulkarni Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Moritz Lipp, Michael Schwarz, Daniel Gruss, Thomas Prescher, Werner Haas, Anders Fogh, Jann Horn, Stefan Mangard, Paul Kocher, Daniel Genkin, Yuval Yarom, and Mike Hamburg. 2018. Meltdown: Reading Kernel Memory from User Space. In 27th USENIX Security Symposium (USENIX Security 18). Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Nicholas D. Matsakis and Felix S. Klock. 2014. The Rust Language. Ada Lett., 34, 3 (2014), Oct., 103–104. issn:1094-3641 https://doi.org/10.1145/2692956.2663188 Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Frank McSherry, Michael Isard, and Derek G. Murray. 2015. Scalability! But at what COST? In 15th Workshop on Hot Topics in Operating Systems (HotOS XV). USENIX Association, Kartause Ittingen, Switzerland. https://www.usenix.org/conference/hotos15/workshop-program/presentation/mcsherry Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Mozilla. 2021. Gecko. https://developer.mozilla.org/en-US/docs/Mozilla/Gecko [Online; accessed April-2021].Google ScholarGoogle Scholar
  33. Santosh Nagarakatte, Jianzhou Zhao, Milo M.K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly Compatible and Complete Spatial Memory Safety for c. In Proceedings of the 30th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’09). Association for Computing Machinery, New York, NY, USA. 245–258. isbn:9781605583921 https://doi.org/10.1145/1542476.1542504 Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. OpenSSL. 2021. OpenSSL. https://www.openssl.org/ [Online; accessed April-2021].Google ScholarGoogle Scholar
  35. Aurojit Panda, Sangjin Han, Keon Jang, Melvin Walls, Sylvia Ratnasamy, and Scott Shenker. 2016. NetBricks: Taking the V out of NFV. In 12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16). USENIX Association, Savannah, GA. 203–216. isbn:978-1-931971-33-1 https://www.usenix.org/conference/osdi16/technical-sessions/presentation/panda Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Jason R. C. Patterson. 1995. Accurate Static Branch Prediction by Value Range Propagation. In Proceedings of the ACM SIGPLAN 1995 Conference on Programming Language Design and Implementation (PLDI ’95). Association for Computing Machinery, New York, NY, USA. 67–78. isbn:0897916972 https://doi.org/10.1145/207110.207117 Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. Feng Qian, Laurie Hendren, and Clark Verbrugge. 2002. A comprehensive approach to array bounds check elimination for Java. In International Conference on Compiler Construction. 325–341. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Boqin Qin, Yilun Chen, Zeming Yu, Linhai Song, and Yiying Zhang. 2020. Understanding memory and thread safety practices and issues in real-world Rust programs. 763–779. https://doi.org/10.1145/3385412.3386036 Google ScholarGoogle ScholarDigital LibraryDigital Library
  39. rage Team. 2021. rage. https://github.com/str4d/rage [Online; accessed April-2021].Google ScholarGoogle Scholar
  40. Radu Rugina and Martin Rinard. 1999. Automatic Parallelization of Divide and Conquer Algorithms. In In Proceedings of the 7th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming. 72–83. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Rust Graphics Mages. 2021. gfx. https://github.com/gfx-rs/gfx [Online; accessed April-2021].Google ScholarGoogle Scholar
  42. Rust Language Team. 2021. Unsafe Rust. https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html. [Online; accessed April-2021].Google ScholarGoogle Scholar
  43. RustPython Team. 2021. RustPython. https://github.com/RustPython/RustPython [Online; accessed April-2021].Google ScholarGoogle Scholar
  44. Olatunji Ruwase and Monica S Lam. 2004. A Practical Dynamic Buffer Overflow Detector. In NDSS. 2004, 159–169.Google ScholarGoogle Scholar
  45. Servo Project Developers. 2021. Servo project. https://servo.org/ [Online; accessed April-2021].Google ScholarGoogle Scholar
  46. Sonic Team. 2021. Sonic. https://github.com/valeriansaliou/sonic [Online; accessed April-2021].Google ScholarGoogle Scholar
  47. swc Team. 2021. swc. https://github.com/swc-project/swc [Online; accessed April-2021].Google ScholarGoogle Scholar
  48. tantivy Team. 2021. tantivy. https://github.com/tantivy-search/tantivy [Online; accessed April-2021].Google ScholarGoogle Scholar
  49. David Terei, Simon Marlow, Simon Peyton Jones, and David Mazières. 2012. Safe Haskell. SIGPLAN Not., 47, 12 (2012), Sept., 137–148. issn:0362-1340 https://doi.org/10.1145/2430532.2364524 Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. TiKV Project. 2021. TiKV. https://github.com/tikv/tikv [Online; accessed April-2021].Google ScholarGoogle Scholar
  51. Timber. 2021. Vector. https://github.com/timberio/vector [Online; accessed April-2021].Google ScholarGoogle Scholar
  52. J. Wagner, V. Kuznetsov, G. Candea, and J. Kinder. 2015. High System-Code Security with Low Overhead. In 2015 IEEE Symposium on Security and Privacy. 866–879. https://doi.org/10.1109/SP.2015.58 Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Warp Team. 2021. warp. https://github.com/seanmonstar/warp [Online; accessed April-2021].Google ScholarGoogle Scholar
  54. Wasmer. 2021. Wasmer. https://wasmer.io/ [Online; accessed April-2021].Google ScholarGoogle Scholar
  55. Josef Weidendorfer, Markus Kowarschik, and Carsten Trinitis. 2004. A tool suite for simulation based analysis of memory access behavior. In International Conference on Computational Science. 440–447.Google ScholarGoogle ScholarCross RefCross Ref
  56. wrk Project. 2021. wrk. https://github.com/wg/wrk [Online; accessed April-2021].Google ScholarGoogle Scholar
  57. Thomas Würthinger, Christian Wimmer, and Hanspeter Mössenböck. 2007. Array bounds check elimination for the Java HotSpot™ client compiler. In Proceedings of the 5th international symposium on Principles and practice of programming in Java. 125–133. Google ScholarGoogle ScholarDigital LibraryDigital Library
  58. Xu Zhao, Kirk Rodrigues, Yu Luo, Michael Stumm, Ding Yuan, and Yuanyuan Zhou. 2017. Log20: Fully Automated Optimal Placement of Log Printing Statements under Specified Overhead Threshold. In Proceedings of the 26th Symposium on Operating Systems Principles (SOSP ’17). Association for Computing Machinery, New York, NY, USA. 565–581. isbn:9781450350853 https://doi.org/10.1145/3132747.3132778 Google ScholarGoogle ScholarDigital LibraryDigital Library
  59. Zola Team. 2021. zola. https://github.com/getzola/zola [Online; accessed April-2021].Google ScholarGoogle Scholar

Index Terms

  1. Safer at any speed: automatic context-aware safety enhancement for Rust

              Recommendations

              Comments

              Login options

              Check if you have access through your login credentials or your institution to get full access on this article.

              Sign in

              Full Access

              PDF Format

              View or Download as a PDF file.

              PDF

              eReader

              View online with eReader.

              eReader
              About Cookies On This Site

              We use cookies to ensure that we give you the best experience on our website.

              Learn more

              Got it!