skip to main content
US FlagAn official website of the United States government
dot gov icon
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
https lock icon
Secure .gov websites use HTTPS
A lock ( lock ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Explore Research Products in the PAR
It may take a few hours for recently added research products to appear in PAR search results.


Title: Zero-Cost Capabilities: Retrofitting Effect Safety in Rust
Over the last several years, the Rust programming language has gathered a following among software developers for its robust memory safety features. Nevertheless, it remains susceptible to potentially harmful side effects in untrusted code and is therefore vulnerable to supply chain attacks. We wish to investigate whether preventing them by retroactively enforcing side effect safety is possible. In this extended abstract, we introduce Coenobita, a Rust library that prevents undesirable side effects using capabilities without additional performance overhead. Our goal was to implement statically enforced, zero-cost, and unobtrusive capabilities. To evaluate Coenobita’s practicality and effectiveness, we conducted two case studies porting popular Rust crates walkdir and remove_dir_all to Coenobita. Porting walkdir required modifying or adding around 242 lines across three files originally containing 1800 lines total. Benchmarks were run on 46 tests provided in walkdir and their equivalents in coenobita-walkdir, demonstrating little change in runtime for most tests.  more » « less
Award ID(s):
2327338
PAR ID:
10523652
Author(s) / Creator(s):
;
Editor(s):
Zhang, Danfeng; Krishnaswami, Neel
Publisher / Repository:
POPL 2024 Student Research Competition
Date Published:
Subject(s) / Keyword(s):
software capabilities type systems software supply chain security Rust
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. ; ; ; ; (, Proceedings of the ACM on Programming Languages)
    The Rust type system guarantees memory safety and data-race freedom. However, to satisfy Rust's type rules, many familiar implementation patterns must be adapted substantially. These necessary adaptations complicate programming and might hinder language adoption. In this paper, we demonstrate that, in contrast to manual programming, automatic synthesis is not complicated by Rust's type system, but rather benefits in two major ways. First, a Rust synthesizer can get away with significantly simpler specifications. While in more traditional imperative languages, synthesizers often require lengthy annotations in a complex logic to describe the shape of data structures, aliasing, and potential side effects, in Rust, all this information can be inferred from the types, letting the user focus on specifying functional properties using a slight extension of Rust expressions. Second, the Rust type system reduces the search space for synthesis, which improves performance. In this work, we present the first approach to automatically synthesizing correct-by-construction programs in safe Rust. The key ingredient of our synthesis procedure is Synthetic Ownership Logic, a new program logic for deriving programs that are guaranteed to satisfy both a user-provided functional specification and, importantly, Rust's intricate type system. We implement this logic in a new tool called RusSOL. Our evaluation shows the effectiveness of RusSOL, both in terms of annotation burden and performance, in synthesizing provably correct solutions to common problems faced by new Rust developers. 
    more » « less
  2. ; ; ; ; (, Proceedings of the 44th International Conference on Software Engineering)
    Rust is a young systems programming language designed to provide both the safety guarantees of high-level languages and the execution performance of low-level languages. To achieve this design goal, Rust provides a suite of safety rules and checks against those rules at the compile time to eliminate many memory-safety and thread-safety issues. Due to its safety and performance, Rust’s popularity has increased significantly in recent years, and it has already been adopted to build many safety-critical software systems. It is critical to understand the learning and programming challenges imposed by Rust’s safety rules. For this purpose, we first conducted an empirical study through close, manual inspection of 100 Rust-related Stack Overflow questions. We sought to understand (1) what safety rules are challenging to learn and program with, (2) under which contexts a safety rule becomes more difficult to apply, and (3) whether the Rust compiler is sufficiently helpful in debugging safety-rule violations. We then performed an online survey with 101 Rust programmers to validate the findings of the empirical study. We invited participants to evaluate program variants that differ from each other, either in terms of violated safety rules or the code constructs involved in the violation, and compared the participants’ performance on the variants. Our mixed-methods investigation revealed a range of consistent findings that can benefit Rust learners, practitioners, and language designers. 
    more » « less
  3. ; ; ; ; ; ; ; ; ; ; et al (, Molecular Breeding)
    Abstract Introducing and characterizing variation through mutagenesis plus functional genomics can accelerate resistance breeding as well as our understanding of crop plant immunity. To reveal new germplasm resources for fungal disease resistance breeding in elite durum wheat, we challenged the diverse alleles in a sequenced and cataloged ethyl methanesulfonate mutagenized population of elite tetraploid wheatTriticum turgidumsubsp.durumcv ‘Kronos’ with stripe rust. We screened 2,000 mutant lines and identified sixteen enhanced disease resistance (EDR) lines with persistent resistance to stripe rust over four years of field testing. To find broad-spectrum resistance, we challenged these lines with other major biotrophic and necrotrophic pathogens, including those causing Septoria tritici blotch, tan spot, Fusarium head blight and leaf rust. Enhanced resistance to multiple fungi was found in 13 of 16 EDR lines. Five EDR lines showed spontaneous lesion formation in the absence of pathogens, providing new mutant resources to study plant stress response in the absence of the confounding effects of pathogen infection. We mapped exome capture sequencing data of the EDR lines to a recently released long-read Kronos genome to aid in the identification of causal mutations. We located an EDR resistance locus to an 175 Mb interval on chromosome 1B. Importantly, these phenotypically characterized EDR lines are newly described durum germplasm coupled with improved functional genomics resources that are readily available for both wheat fungal resistance breeding and basic plant immunity research. 
    more » « less
  4. ; (, ACM)
    The Rust programming language is a prominent candidate for a C and C++ replacement in the memory-safe era. However, Rust’s safety guarantees do not in general extend to arbitrary third-party code. The main purpose of this short paper is to point out that this is true even entirely within safe Rust – which we illustrate through a series of counterexamples. To complement our examples, we present initial experimental results to investigate: do existing program analysis and program veri!cation tools detect or mitigate these risks? Are these attack patterns realizable via input to publicly exposed functions in real-world Rust libraries? And to what extent do existing supply chain attacks in Rust leverage similar attacks? All of our examples and associated data are available as an open source repository on GitHub. We hope this paper will inspire future work on rethinking safety in Rust – especially, to go beyond the safe/unsafe distinction and harden Rust against a stronger threat model of attacks that can be used in the wild. 
    more » « less
  5. ; ; ; (, Proceedings of ACM International Conference on Mobile Systems, Applications and Services (MobiSys))
    Microcontroller-based embedded systems are vulnerable to memory safety errors and must be robust and responsive because they are often used in unmanned and mission-critical scenarios. The Rust programming language offers an appealing compile-time solution for memory safety but leaves stack overflows unresolved and foils zero-latency interrupt handling. We present Hopter, a Rust-based embedded operating system (OS) that provides memory safety, sys- tem robustness, and interrupt responsiveness to embedded systems while requiring minimal application cooperation. Hopter executes Rust code under a novel finite-stack semantics that converts stack overflows into Rust panics, enabling recovery from fatal errors through stack unwinding and restart. Hopter also employs a novel mechanism called soft-locks so that the OS never disables interrupts. We compare Hopter with other well-known embedded OSes using controlled workloads and report our experience using Hopter to develop a flight control system for a miniature drone and a gateway system for Internet of Things (IoT). We demonstrate that Hopter is well-suited for resource-constrained microcontrollers and supports error recovery for real-time workloads. 
    more » « less
  • Citation Formats
  • MLA
  • APA
  • Chicago
  • BibTeX
  • Save / Share this Record
  • Send to Email