Safer at any speed: automatic context-aware safety enhancement for Rust
Open Access
- 15 October 2021
- journal article
- research article
- Published by Association for Computing Machinery (ACM) in Proceedings of the ACM on Programming Languages
- Vol. 5 (OOPSLA), 1-23
- https://doi.org/10.1145/3485480
Abstract
Type-safe languages improve application safety by eliminating whole classes of vulnerabilities–such as buffer overflows–by construction. However, this safety sometimes comes with a performance cost. As a result, many modern type-safe languages provide escape hatches that allow developers to manually bypass them. The relative value of performance to safety and the degree of performance obtained depends upon the application context, including user goals and the hardware upon which the application is to be executed. Since libraries may be used in many different contexts, library developers cannot make safety-performance trade-off decisions appropriate for all cases. Application developers can tune libraries themselves to increase safety or performance, but this requires extra effort and makes libraries less reusable. To address this problem, we present NADER, a Rust development tool that makes applications safer by automatically transforming unsafe code into equivalent safe code according to developer preferences and application context. In end-to-end system evaluations in a given context, NADER automatically reintroduces numerous library bounds checks, in many cases making application code that uses popular Rust libraries safer with no corresponding loss in performance.Funding Information
- NSF (CCF-2028733,CCF-1814654,CCF-2119070)
This publication has 22 references indexed in Scilit:
- High System-Code Security with Low OverheadPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- The rust languageACM SIGAda Ada Letters, 2014
- Safe haskellACM SIGPLAN Notices, 2012
- SoftBoundACM SIGPLAN Notices, 2009
- A Tool Suite for Simulation Based Analysis of Memory Access BehaviorLecture Notes in Computer Science, 2004
- ABCDACM SIGPLAN Notices, 2000
- Automatic parallelization of divide and conquer algorithmsACM SIGPLAN Notices, 1999
- Elimination of redundant array subscript range checksACM SIGPLAN Notices, 1995
- Accurate static branch prediction by value range propagationACM SIGPLAN Notices, 1995
- Optimizing array bound checks using flow analysisACM Letters on Programming Languages and Systems, 1993