Rust unsafe code

[Google Scholar] [Website]

Notes: Rust language, undefined behaviour
Papers: jung:popl:2020, wang:sosp:2013, astrauskas:oopsla:2020, qin:pldi:2020, evans:icse:2020

todo: Add some words around the following useful links

Blog posts about unsafe

  • Ralf Jung The scope of unsafe

    This post makes the point that unsafe code often depends on invariants holding and that adding safe code that breaks the invariants can make code incorrect.

    There used to be claims on the interwebs that “if a Rust program crashes, the bug must be in some unsafe block”. (And there probably still are.) Even academic researchers working on Rust got this wrong, arguing that in order to detect bugs in data structures like Vec it suffices to check functions involving unsafe code.

  • Niko Matsakis
    • Unsafe abstractions
    • The ‘Tootsie Pop’ model for unsafe code

      This post makes the point that you need to look at which data structure fields are accessible to understand whether your unsafe code is safe because even unsafe code could break your code’s invariants. For that reason, the unsafe boundary is closer to the module boundary (assuming the fields are not public).

  • Alex Ozdemir

RustBelt verifier, Undefined behaviour