skip to main content

Aliasing Limits on Translating C to Safe Rust

Published:06 April 2023Publication History
Skip Abstract Section

Abstract

The Rust language was created to provide safe low-level systems programming. There is both industrial and academic interest in the problem of (semi-)automatically translating C code to Rust in order to exploit Rust's safety guarantees. We study the effectiveness and limitations of existing techniques for automatically translating unsafe raw pointers (in Rust programs translated from C) into safe Rust references via ownership and lifetime inference. Our novel evaluation methodology enables our study to extend beyond prior studies, and to discover new information contradicting the conclusions of prior studies. We find that existing translation methods are severely limited by a lack of precision in the Rust compiler's safety checker, causing many safe pointer manipulations to be labeled as potentially unsafe. Leveraging this information, we propose methods for improving translation, based on encoding the results of a more precise analysis in a manner that is understandable to an unmodified Rust compiler. We implement one of our proposed methods, increasing the number of pointers that can be translated to safe Rust references by 75% over the baseline (from 12% to 21% of all pointers).

References

  1. Alexander Aiken. 1999. Introduction to set constraint-based program analysis. Science of Computer Programming, 35, 2 (1999), Nov., 79–111. issn:0167-6423 https://doi.org/10.1016/S0167-6423(99)00007-6 Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Lars Ole Andersen. 1994. Program Analysis and Specialization for the C Programming Language. no URL Google ScholarGoogle Scholar
  3. Brian Anderson, Lars Bergstrom, David Herman, Josh Matthews, Keegan McAllister, Manish Goregaokar, Jack Moffitt, and Simon Sapin. 2015. Experience Report: Developing the Servo Web Browser Engine using Rust. arXiv:1505.07383 [cs], May, arxiv:1505.07383 arXiv: 1505.07383 Google ScholarGoogle Scholar
  4. F. J. Anscombe. 1973. Graphs in Statistical Analysis. The American Statistician, 27, 1 (1973), Feb., 17–21. issn:0003-1305 https://doi.org/10.1080/00031305.1973.10478966 Google ScholarGoogle ScholarCross RefCross Ref
  5. Chandrasekhar Boyapati, Robert Lee, and Martin Rinard. 2002. Ownership Types for Safe Programming: Preventing Data Races and Deadlocks. In Proceedings of the 17th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications (OOPSLA ’02). ACM, New York, NY, USA. 211–230. isbn:978-1-58113-471-1 https://doi.org/10.1145/582419.582440 Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Chandrasekhar Boyapati, Alexandru Salcianu, William Beebee, Jr., and Martin Rinard. 2003. Ownership Types for Safe Region-based Memory Management in Real-time Java. In Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLDI ’03). ACM, New York, NY, USA. 324–337. isbn:978-1-58113-662-3 https://doi.org/10.1145/781131.781168 Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. David Bryant. 2016. A Quantum Leap for the Web. https://medium.com/mozilla-tech/a-quantum-leap-for-the-web-a3b7174b3c12 Google ScholarGoogle Scholar
  8. Jonathan Corbet. 2021. Rust support hits linux-next. https://lwn.net/Articles/849849/ Google ScholarGoogle Scholar
  9. Nelson Elhage. 2020. Supporting Linux kernel development in Rust. https://lwn.net/Articles/829858/ Google ScholarGoogle Scholar
  10. Archibald Samuel Elliott, Andrew Ruef, Michael Hicks, and David Tarditi. 2018. Checked C: Making C Safe by Extension. In 2018 IEEE Cybersecurity Development. IEEE, Cambridge, MA, USA. 53–60. https://doi.org/10.1109/SecDev.2018.00015 Google ScholarGoogle ScholarCross RefCross Ref
  11. Mehmet Emre, Peter Boyland, Ryan Schroeder, and Aesha Parekh. 2023. Artifact for "Aliasing Limits on Translating C to Safe Rust". https://doi.org/10.5281/zenodo.7714175 Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Mehmet Emre, Ryan Schroeder, Kyle Dewey, and Ben Hardekopf. 2021. Translating C to Safer Rust. Proc. ACM Program. Lang., 5, OOPSLA (2021), Article 121, Oct., 29 pages. https://doi.org/10.1145/3485498 Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Manuel Fähndrich, Jakob Rehof, and Manuvir Das. 2000. Scalable Context-Sensitive Flow Analysis Using Instantiation Constraints. In Proceedings of the ACM SIGPLAN 2000 Conference on Programming Language Design and Implementation (PLDI ’00). Association for Computing Machinery, New York, NY, USA. 253–263. isbn:1581131992 https://doi.org/10.1145/349299.349332 Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Jeffrey S. Foster, Tachio Terauchi, and Alex Aiken. 2002. Flow-Sensitive Type Qualifiers. In Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation (PLDI ’02). Association for Computing Machinery, New York, NY, USA. 1–12. isbn:1581134630 https://doi.org/10.1145/512529.512531 Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Samuel Z. Guyer and Calvin Lin. 2003. Client-Driven Pointer Analysis. In Static Analysis (Lecture Notes in Computer Science). Springer, Berlin, Heidelberg, 214–236. isbn:978-3-540-40325-8 978-3-540-44898-3 https://doi.org/10.1007/3-540-44898-5_12 Google ScholarGoogle ScholarCross RefCross Ref
  16. Nevin Heintze and Olivier Tardieu. 2001. Ultra-fast Aliasing Analysis Using CLA: A Million Lines of C Code in a Second. In Proceedings of the ACM SIGPLAN 2001 Conference on Programming Language Design and Implementation (PLDI ’01). ACM, New York, NY, USA. 254–263. isbn:978-1-58113-414-8 https://doi.org/10.1145/378795.378855 Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Immunant inc.. 2020. immunant/c2rust. https://github.com/immunant/c2rust original-date: 2018-04-20T00:05:50Z Google ScholarGoogle Scholar
  18. Trevor Jim, J Gregory Morrisett, Dan Grossman, Michael W Hicks, James Cheney, and Yanling Wang. 2002. Cyclone: a safe dialect of C.. In USENIX Annual Technical Conference, General Track. 275–288. Google ScholarGoogle Scholar
  19. George Kastrinis and Yannis Smaragdakis. 2013. Hybrid Context-sensitivity for Points-to Analysis. In Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’13). ACM, New York, NY, USA. 423–434. isbn:978-1-4503-2014-6 https://doi.org/10.1145/2491956.2462191 Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Kornel Lesinski. 2018. Citrus / Citrus. https://gitlab.com/citrus-rs/citrus Google ScholarGoogle Scholar
  21. Amit Levy, Michael P. Andersen, Bradford Campbell, David Culler, Prabal Dutta, Branden Ghena, Philip Levis, and Pat Pannuto. 2015. Ownership is theft: experiences building an embedded OS in rust. In Proceedings of the 8th Workshop on Programming Languages and Operating Systems (PLOS ’15). Association for Computing Machinery, New York, NY, USA. 21–26. isbn:978-1-4503-3942-1 https://doi.org/10.1145/2818302.2818306 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Ondřej Lhoták and Laurie Hendren. 2006. Context-Sensitive Points-to Analysis: Is It Worth It? In Compiler Construction (Lecture Notes in Computer Science). Springer, Berlin, Heidelberg, 47–64. isbn:978-3-540-33050-9 978-3-540-33051-6 https://doi.org/10.1007/11688839_5 Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. Yi Lin, Stephen M. Blackburn, Antony L. Hosking, and Michael Norrish. 2016. Rust as a language for high performance GC implementation. In Proceedings of the 2016 ACM SIGPLAN International Symposium on Memory Management - ISMM 2016. ACM Press, Santa Barbara, CA, USA. 89–98. isbn:978-1-4503-4317-6 https://doi.org/10.1145/2926697.2926707 Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. Michael Ling, Yijun Yu, Haitao Wu, Yuan Wang, James R. Cordy, and Ahmed E. Hassan. 2022. In Rust We Trust – A Transpiler from Unsafe C to Safer Rust. In 2022 IEEE/ACM 44th International Conference on Software Engineering: Companion Proceedings. IEEE, Pittsburgh, PA, USA. 354–355. https://doi.org/10.1109/ICSE-Companion55297.2022.9793767 Google ScholarGoogle ScholarCross RefCross Ref
  25. Aravind Machiry, John Kastner, Matt McCutchen, Aaron Eline, Kyle Headley, and Michael Hicks. 2022. C to checked C by 3c. Proceedings of the ACM on Programming Languages, 6, OOPSLA1 (2022), April, 78:1–78:29. https://doi.org/10.1145/3527322 Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. George C. Necula, Jeremy Condit, Matthew Harren, Scott McPeak, and Westley Weimer. 2005. CCured: Type-Safe Retrofitting of Legacy Software. ACM Trans. Program. Lang. Syst., 27, 3 (2005), May, 477–526. issn:0164-0925 https://doi.org/10.1145/1065887.1065892 Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. David J. Pearce, Paul H.J. Kelly, and Chris Hankin. 2007. Efficient Field-sensitive Pointer Analysis of C. ACM Trans. Program. Lang. Syst., 30, 1 (2007), Nov., issn:0164-0925 https://doi.org/10.1145/1290520.1290524 Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Marc Shapiro and Susan Horwitz. 1997. The effects of the precision of pointer analysis. In Static Analysis (Lecture Notes in Computer Science). Springer, Berlin, Heidelberg, 16–34. isbn:978-3-540-63468-3 978-3-540-69576-9 https://doi.org/10.1007/BFb0032731 Google ScholarGoogle ScholarCross RefCross Ref
  29. Marc Shapiro and Susan Horwitz. 1997. Fast and Accurate Flow-insensitive Points-to Analysis. In Proceedings of the 24th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’97). ACM, New York, NY, USA. 1–14. isbn:978-0-89791-853-4 https://doi.org/10.1145/263699.263703 Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Jamey Sharp. 2020. jameysharp/corrode. https://github.com/jameysharp/corrode original-date: 2016-05-05T21:12:52Z Google ScholarGoogle Scholar
  31. Yannis Smaragdakis, George Kastrinis, and George Balatsouras. 2014. Introspective Analysis: Context-sensitivity, Across the Board. In Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’14). ACM, New York, NY, USA. 485–495. isbn:978-1-4503-2784-8 https://doi.org/10.1145/2594291.2594320 Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. Bjarne Steensgaard. 1996. Points-to Analysis in Almost Linear Time. In Proceedings of the 23rd ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL ’96). ACM, New York, NY, USA. 32–41. isbn:978-0-89791-769-8 https://doi.org/10.1145/237721.237727 Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Jeff Vander Stoep and Stephen Hines. 2021. Rust in the Android platform. https://security.googleblog.com/2021/04/rust-in-android-platform.html Google ScholarGoogle Scholar
  34. Yulei Sui and Jingling Xue. 2016. SVF: interprocedural static value-flow analysis in LLVM. In Proceedings of the 25th international conference on compiler construction. 265–266. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. The Rust Project. 2021. The Rust Reference. https://doc.rust-lang.org/stable/reference/ Google ScholarGoogle Scholar
  36. The Rust Project. 2022. lazy-static.rs. https://github.com/rust-lang-nursery/lazy-static.rs original-date: 2014-06-24T08:25:15Z Google ScholarGoogle Scholar
  37. The Rust Project. 2022. standard lazy types - Rust RFC #2788. https://github.com/rust-lang/rfcs/pull/2788 Google ScholarGoogle Scholar
  38. Aaron Weiss, Daniel Patterson, Nicholas D Matsakis, and Amal Ahmed. 2020. Oxide: The Essence of Rust. 27 pages. https://doi.org/10.48550/arXiv.1903.00982 Google ScholarGoogle Scholar

Index Terms

  1. Aliasing Limits on Translating C to Safe Rust

          Recommendations

          Comments

          Login options

          Check if you have access through your login credentials or your institution to get full access on this article.

          Sign in

          Full Access

          • Article Metrics

            • Downloads (Last 12 months)310
            • Downloads (Last 6 weeks)112

            Other Metrics

          PDF Format

          View or Download as a PDF file.

          PDF

          eReader

          View online with eReader.

          eReader
          About Cookies On This Site

          We use cookies to ensure that we give you the best experience on our website.

          Learn more

          Got it!