Fearless Unsafe. A More User-friendly Document for Unsafe Rust Programming Base on Refined Safety Properties

• URL: http://arxiv.org/abs/2412.06251v2
• Date: Thu, 19 Dec 2024 07:02:19 GMT
• Title: Fearless Unsafe. A More User-friendly Document for Unsafe Rust Programming Base on Refined Safety Properties
• Authors: Mohan Cui, Penglei Mao, Shuran Sun, Yangfan Zhou, Hui Xu,
• Abstract summary: Rust, a popular systems-level programming language, has garnered widespread attention due to its features of achieving run-time efficiency and memory safety. With an increasing number of real-world projects adopting Rust, understanding how to assist programmers in writing unsafe code poses a significant challenge. Based on our observations, the current standard library has many unsafe APIs, but their descriptions are not uniform, complete, and intuitive.
• Score: 4.250147698839545
• License:
• Abstract: Rust, a popular systems-level programming language, has garnered widespread attention due to its features of achieving run-time efficiency and memory safety. With an increasing number of real-world projects adopting Rust, understanding how to assist programmers in correctly writing unsafe code poses a significant challenge. Based on our observations, the current standard library has many unsafe APIs, but their descriptions are not uniform, complete, and intuitive, especially in describing safety requirements. Therefore, we advocate establishing a systematic category of safety requirements for revising those documents. In this paper, we extended and refined our study in ICSE 2024. We defined a category of Safety Properties (22 items in total) that learned from the documents of unsafe APIs in the standard library. Then, we labeled all public unsafe APIs (438 in total) and analyzed their correlations. Based on the safety properties, we reorganized all the unsafe documents in the standard library and designed a consultation plugin into rust-analyzer as a complementary tool to assist Rust developers in writing unsafe code. To validate the practical significance, we categorized the root causes of all Rust CVEs up to 2024-01-31 (419 in total) into safety properties and further counted the real-world usage of unsafe APIs in the crates.io ecosystem.

Related papers

• SafetyAnalyst: Interpretable, transparent, and steerable safety moderation for AI behavior [56.10557932893919]
  We present SafetyAnalyst, a novel AI safety moderation framework. Given an AI behavior, SafetyAnalyst uses chain-of-thought reasoning to analyze its potential consequences. It aggregates all harmful and beneficial effects into a harmfulness score using fully interpretable weight parameters.
  arXiv  Detail & Related papers  (2024-10-22T03:38:37Z)
• Characterizing Unsafe Code Encapsulation In Real-world Rust Systems [2.285834282327349]
  Interior unsafe is an essential design paradigm advocated by the Rust community in system software development. The Rust compiler is incapable of verifying the soundness of a safe function containing unsafe code. We propose a novel unsafety isolation graph to model the essential usage and encapsulation of unsafe code.
  arXiv  Detail & Related papers  (2024-06-12T06:59:51Z)
• Bringing Rust to Safety-Critical Systems in Space [1.0742675209112622]
  Rust aims to drastically reduce the chance of introducing bugs and produces overall more secure and safer code. This work provides a set of recommendations for the development of safety-critical space systems in Rust.
  arXiv  Detail & Related papers  (2024-05-28T12:48:47Z)
• ALERT: A Comprehensive Benchmark for Assessing Large Language Models' Safety through Red Teaming [64.86326523181553]
  ALERT is a large-scale benchmark to assess safety based on a novel fine-grained risk taxonomy. It aims to identify vulnerabilities, inform improvements, and enhance the overall safety of the language models.
  arXiv  Detail & Related papers  (2024-04-06T15:01:47Z)
• Fast Summary-based Whole-program Analysis to Identify Unsafe Memory Accesses in Rust [23.0568924498396]
  Rust is one of the most promising systems programming languages to solve the memory safety issues that have plagued low-level software for over forty years. unsafe Rust code and directly-linked unsafe foreign libraries may not only introduce memory safety violations themselves but also compromise the entire program as they run in the same monolithic address space as the safe Rust. We have prototyped a whole-program analysis for identifying both unsafe heap allocations and memory accesses to those unsafe heap objects.
  arXiv  Detail & Related papers  (2023-10-16T11:34:21Z)
• SafetyBench: Evaluating the Safety of Large Language Models [54.878612385780805]
  SafetyBench is a comprehensive benchmark for evaluating the safety of Large Language Models (LLMs) It comprises 11,435 diverse multiple choice questions spanning across 7 distinct categories of safety concerns. Our tests over 25 popular Chinese and English LLMs in both zero-shot and few-shot settings reveal a substantial performance advantage for GPT-4 over its counterparts.
  arXiv  Detail & Related papers  (2023-09-13T15:56:50Z)
• A Closer Look at the Security Risks in the Rust Ecosystem [0.0]
  Rust is an emerging programming language designed for the development of systems software. To facilitate the reuse of Rust code, crates.io, as a central package registry of the Rust ecosystem, hosts thousands of third-party Rust packages. The openness of crates.io enables the growth of the Rust ecosystem but comes with security risks by severe security advisories.
  arXiv  Detail & Related papers  (2023-08-29T06:05:25Z)
• Is unsafe an Achilles' Heel? A Comprehensive Study of Safety Requirements in Unsafe Rust Programming [4.981203415693332]
  Rust is an emerging, strongly-typed programming language focusing on efficiency and memory safety. Current unsafe API documents in the standard library exhibited variations, including inconsistency and insufficiency. To enhance Rust security, we suggest unsafe API documents to list systematic descriptions of safety requirements for users to follow.
  arXiv  Detail & Related papers  (2023-08-09T08:16:10Z)
• Safe Deep Reinforcement Learning by Verifying Task-Level Properties [84.64203221849648]
  Cost functions are commonly employed in Safe Deep Reinforcement Learning (DRL) The cost is typically encoded as an indicator function due to the difficulty of quantifying the risk of policy decisions in the state space. In this paper, we investigate an alternative approach that uses domain knowledge to quantify the risk in the proximity of such states by defining a violation metric.
  arXiv  Detail & Related papers  (2023-02-20T15:24:06Z)
• Online Safety Property Collection and Refinement for Safe Deep Reinforcement Learning in Mapless Navigation [79.89605349842569]
  We introduce the Collection and Refinement of Online Properties (CROP) framework to design properties at training time. CROP employs a cost signal to identify unsafe interactions and use them to shape safety properties. We evaluate our approach in several robotic mapless navigation tasks and demonstrate that the violation metric computed with CROP allows higher returns and lower violations over previous Safe DRL approaches.
  arXiv  Detail & Related papers  (2023-02-13T21:19:36Z)
• SafeText: A Benchmark for Exploring Physical Safety in Language Models [62.810902375154136]
  We study commonsense physical safety across various models designed for text generation and commonsense reasoning tasks. We find that state-of-the-art large language models are susceptible to the generation of unsafe text and have difficulty rejecting unsafe advice.
  arXiv  Detail & Related papers  (2022-10-18T17:59:31Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.