Affiliation:
1. Inria, Paris, France
2. Microsoft Azure Research, Redmond, USA
Abstract
The Rust programming language continues to rise in popularity, and as such, warrants the close attention of the programming languages community. In this work, we present a new foundational contribution towards the theoretical understanding of Rust’s semantics. We prove that LLBC, a high-level, borrow-centric model previously proposed for Rust’s semantics and execution, is sound with regards to a low-level pointer-based language
à la
CompCert. Specifically, we prove the following: that LLBC is a correct view over a traditional model of execution; that LLBC’s symbolic semantics are a correct abstraction of LLBC programs; and that LLBC’s symbolic semantics act as a borrow-checker for LLBC, i.e. that symbolically-checked LLBC programs do not get stuck when executed on a heap-and-addresses model of execution. To prove these results, we introduce a new proof style that considerably simplifies our proofs of simulation, which relies on a notion of hybrid states. Equipped with this reasoning framework, we show that a new addition to LLBC’s symbolic semantics, namely a join operation, preserves the abstraction and borrow-checking properties. This in turn allows us to add support for loops to the Aeneas framework; we show, using a series of examples and case studies, that this unlocks new expressive power for Aeneas.
Publisher
Association for Computing Machinery (ACM)
Reference41 articles.
1. Leveraging rust types for modular specification and verification
2. The Design and Formalization of Mezzo, a Permission-Based Programming Language
3. Shape Analysis for Composite Data Structures
4. Bruno Blanchet. 2001. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In 14th IEEE Computer Security Foundations Workshop (CSFW-14). IEEE Computer Society, Cape Breton, Nova Scotia, Canada. 82–96. This paper received a test of time award at the CSF’23 conference
5. Moving Fast with Software Verification