Software Artefact for the OOPSLA'20 Paper Titled "How Do Programmers Use Unsafe Rust?"

Abstract

Rust’s ownership type system enforces a strict discipline on how memory locations are accessed and shared.
This discipline allows the compiler to statically prevent memory errors, data races, inadvertent side effects
through aliasing, and other errors that frequently occur in conventional imperative programs. However, the
restrictions imposed by Rust’s type system make it difficult or impossible to implement certain designs, such
as data structures that require aliasing (e.g., doubly-linked lists and shared caches). To work around this
limitation, Rust allows code blocks to be declared as unsafe and thereby exempted from certain restrictions of
the type system, for instance, to manipulate C-style raw pointers. Ensuring the safety of unsafe code is the
responsibility of the programmer. However, an important assumption of the Rust language, which we dub the
Rust hypothesis, is that programmers use Rust by following three main principles: use unsafe code sparingly,
make it easy to review, and hide it behind a safe abstraction such that client code can be written in safe Rust.

Understanding how Rust programmers use unsafe code and, in particular, whether the Rust hypothesis
holds is essential for Rust developers and testers, language and library designers, as well as tool developers.
This paper studies empirically how unsafe code is used in practice by analysing a large corpus of Rust projects
to assess the validity of the Rust hypothesis and to classify the purpose of unsafe code. We identify queries
that can be answered by automatically inspecting the program’s source code, its intermediate representation
MIR, as well as type information provided by the Rust compiler; we complement the results by manual
code inspection. Our study supports the Rust hypothesis partially: While most unsafe code is simple and
well-encapsulated, unsafe features are used extensively, especially for interoperability with other languages.

Artefact

This artefact contains both a virtual machine with a framework we used to do the analysis called Qrates and the data itself. You can find the instructions in the README.md file.

If you are interested in building on top of our research results, you can find the latest version of Qrates in our GitHub repository: https://github.com/rust-corpus/qrates/.