{"title":"在内存层面正式了解 Rust 的所有权和借用系统","authors":"Shuanglong Kan, Zhe Chen, David Sanán, Yang Liu","doi":"10.1007/s10703-024-00460-3","DOIUrl":null,"url":null,"abstract":"<p>Rust is an emergent systems programming language highlighting memory safety through its Ownership and Borrowing System (OBS). Formalizing OBS in semantics is essential in certifying Rust’s memory safety guarantees. Existing formalizations of OBS are at the language level. That is, they explain OBS on Rust’s constructs. This paper proposes a different view of OBS at the memory level, independent of Rust’s constructs. The basic idea of our formalization is mapping the OBS invariants maintained by Rust’s type system to memory layouts and checking the invariants for memory operations. Our memory-level formalization of OBS helps people better understand the relationship between OBS and memory safety by narrowing the gap between OBS and memory operations. Moreover, it enables potential reuse of Rust’s OBS in other programming languages since memory operations are standard features and our formalization is not bound to Rust’s constructs. Based on the memory model, we have developed an executable operational semantics for Rust, called RustSEM, and implemented the semantics in K-Framework (<span>\\(\\mathbb {K}\\)</span>). RustSEM covers a much larger subset of the significant language constructs than existing formal semantics for Rust. More importantly, RustSEM can run and verify real Rust programs by exploiting <span>\\(\\mathbb {K}\\)</span>’s execution and verification engines. We have evaluated the semantic correctness of RustSEM wrt. the Rust compiler using around 700 tests. In particular, we have compared our formalization of OBS in the memory model with Rust’s type system and identified their differences due to the conservation of the Rust compiler. Moreover, our formalization of OBS is helpful to identifying undefined behavior of Rust programs with mixed safe and unsafe operations. We have also evaluated the potential applications of RustSEM in automated runtime and formal verification for functional and memory properties. Experimental results show that RustSEM can enhance Rust’s memory safety mechanism, as it is more powerful than OBS in the Rust compiler for detecting memory errors.</p>","PeriodicalId":12430,"journal":{"name":"Formal Methods in System Design","volume":"1 1","pages":""},"PeriodicalIF":0.7000,"publicationDate":"2024-07-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Formally understanding Rust’s ownership and borrowing system at the memory level\",\"authors\":\"Shuanglong Kan, Zhe Chen, David Sanán, Yang Liu\",\"doi\":\"10.1007/s10703-024-00460-3\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>Rust is an emergent systems programming language highlighting memory safety through its Ownership and Borrowing System (OBS). Formalizing OBS in semantics is essential in certifying Rust’s memory safety guarantees. Existing formalizations of OBS are at the language level. That is, they explain OBS on Rust’s constructs. This paper proposes a different view of OBS at the memory level, independent of Rust’s constructs. The basic idea of our formalization is mapping the OBS invariants maintained by Rust’s type system to memory layouts and checking the invariants for memory operations. Our memory-level formalization of OBS helps people better understand the relationship between OBS and memory safety by narrowing the gap between OBS and memory operations. Moreover, it enables potential reuse of Rust’s OBS in other programming languages since memory operations are standard features and our formalization is not bound to Rust’s constructs. Based on the memory model, we have developed an executable operational semantics for Rust, called RustSEM, and implemented the semantics in K-Framework (<span>\\\\(\\\\mathbb {K}\\\\)</span>). RustSEM covers a much larger subset of the significant language constructs than existing formal semantics for Rust. More importantly, RustSEM can run and verify real Rust programs by exploiting <span>\\\\(\\\\mathbb {K}\\\\)</span>’s execution and verification engines. We have evaluated the semantic correctness of RustSEM wrt. the Rust compiler using around 700 tests. In particular, we have compared our formalization of OBS in the memory model with Rust’s type system and identified their differences due to the conservation of the Rust compiler. Moreover, our formalization of OBS is helpful to identifying undefined behavior of Rust programs with mixed safe and unsafe operations. We have also evaluated the potential applications of RustSEM in automated runtime and formal verification for functional and memory properties. Experimental results show that RustSEM can enhance Rust’s memory safety mechanism, as it is more powerful than OBS in the Rust compiler for detecting memory errors.</p>\",\"PeriodicalId\":12430,\"journal\":{\"name\":\"Formal Methods in System Design\",\"volume\":\"1 1\",\"pages\":\"\"},\"PeriodicalIF\":0.7000,\"publicationDate\":\"2024-07-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Formal Methods in System Design\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1007/s10703-024-00460-3\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Formal Methods in System Design","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1007/s10703-024-00460-3","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}
Formally understanding Rust’s ownership and borrowing system at the memory level
Rust is an emergent systems programming language highlighting memory safety through its Ownership and Borrowing System (OBS). Formalizing OBS in semantics is essential in certifying Rust’s memory safety guarantees. Existing formalizations of OBS are at the language level. That is, they explain OBS on Rust’s constructs. This paper proposes a different view of OBS at the memory level, independent of Rust’s constructs. The basic idea of our formalization is mapping the OBS invariants maintained by Rust’s type system to memory layouts and checking the invariants for memory operations. Our memory-level formalization of OBS helps people better understand the relationship between OBS and memory safety by narrowing the gap between OBS and memory operations. Moreover, it enables potential reuse of Rust’s OBS in other programming languages since memory operations are standard features and our formalization is not bound to Rust’s constructs. Based on the memory model, we have developed an executable operational semantics for Rust, called RustSEM, and implemented the semantics in K-Framework (\(\mathbb {K}\)). RustSEM covers a much larger subset of the significant language constructs than existing formal semantics for Rust. More importantly, RustSEM can run and verify real Rust programs by exploiting \(\mathbb {K}\)’s execution and verification engines. We have evaluated the semantic correctness of RustSEM wrt. the Rust compiler using around 700 tests. In particular, we have compared our formalization of OBS in the memory model with Rust’s type system and identified their differences due to the conservation of the Rust compiler. Moreover, our formalization of OBS is helpful to identifying undefined behavior of Rust programs with mixed safe and unsafe operations. We have also evaluated the potential applications of RustSEM in automated runtime and formal verification for functional and memory properties. Experimental results show that RustSEM can enhance Rust’s memory safety mechanism, as it is more powerful than OBS in the Rust compiler for detecting memory errors.
期刊介绍:
The focus of this journal is on formal methods for designing, implementing, and validating the correctness of hardware (VLSI) and software systems. The stimulus for starting a journal with this goal came from both academia and industry. In both areas, interest in the use of formal methods has increased rapidly during the past few years. The enormous cost and time required to validate new designs has led to the realization that more powerful techniques must be developed. A number of techniques and tools are currently being devised for improving the reliability, and robustness of complex hardware and software systems. While the boundary between the (sub)components of a system that are cast in hardware, firmware, or software continues to blur, the relevant design disciplines and formal methods are maturing rapidly. Consequently, an important (and useful) collection of commonly applicable formal methods are expected to emerge that will strongly influence future design environments and design methods.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
