Safer at any speed: Automatic context-aware safety enhancement for Rust

Natalie Popescu, Ziyang Xu, Sotiris Apostolakis, David I. August, Amit Levy

Research output: Contribution to journalArticlepeer-review

Abstract

Type-safe languages improve application safety by eliminating whole classes of vulnerabilities-such as buffer overflows-by construction. However, this safety sometimes comes with a performance cost. As a result, many modern type-safe languages provide escape hatches that allow developers to manually bypass them. The relative value of performance to safety and the degree of performance obtained depends upon the application context, including user goals and the hardware upon which the application is to be executed. Since libraries may be used in many different contexts, library developers cannot make safety-performance trade-off decisions appropriate for all cases. Application developers can tune libraries themselves to increase safety or performance, but this requires extra effort and makes libraries less reusable. To address this problem, we present NADER, a Rust development tool that makes applications safer by automatically transforming unsafe code into equivalent safe code according to developer preferences and application context. In end-to-end system evaluations in a given context, NADER automatically reintroduces numerous library bounds checks, in many cases making application code that uses popular Rust libraries safer with no corresponding loss in performance.

Original languageEnglish (US)
Article number103
JournalProceedings of the ACM on Programming Languages
Volume5
Issue numberOOPSLA
DOIs
StatePublished - Oct 2021

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality

Keywords

  • Rust
  • bounds checks
  • safety-performance trade-off

Fingerprint

Dive into the research topics of 'Safer at any speed: Automatic context-aware safety enhancement for Rust'. Together they form a unique fingerprint.

Cite this