RefinedRust: A Type System for High-Assurance Verification of Rust Programs-Reference-Cited by-同舟云学术

RefinedRust: A Type System for High-Assurance Verification of Rust Programs

Published:2024-06-20 Issue:PLDI Volume:8 Page:1115-1139
ISSN:2475-1421
Container-title:Proceedings of the ACM on Programming Languages
language:en
Short-container-title:Proc. ACM Program. Lang.

Author:

Gäher Lennard¹^ORCID,Sammler Michael¹^ORCID,Jung Ralf²^ORCID,Krebbers Robbert³^ORCID,Dreyer Derek¹^ORCID

Affiliation:

1. MPI-SWS, Saarland Informatics Campus, Germany

2. ETH Zurich, Zürich, Switzerland

3. Radboud University Nijmegen, Nijmegen, Netherlands

Abstract

Rust is a modern systems programming language whose ownership-based type system statically guarantees memory safety, making it particularly well-suited to the domain of safety-critical systems. In recent years, a wellspring of automated deductive verification tools have emerged for establishing functional correctness of Rust code. However, none of the previous tools produce foundational proofs (machine-checkable in a general-purpose proof assistant), and all of them are restricted to the safe fragment of Rust. This is a problem because the vast majority of Rust programs make use of unsafe code at critical points, such as in the implementation of widely-used APIs. We propose RefinedRust, a refinement type system—proven sound in the Coq proof assistant—with the goal of establishing foundational semi-automated functional correctness verification of both safe and unsafe Rust code. We have developed a prototype verification tool implementing RefinedRust. Our tool translates Rust code (with user annotations) into a model of Rust embedded in Coq, and then checks its adherence to the RefinedRust type system using separation logic automation in Coq. All proofs generated by RefinedRust are checked by the Coq proof assistant, so the automation and type system do not have to be trusted. We evaluate the effectiveness of RefinedRust by verifying a variant of Rust’s Vec implementation that involves intricate reasoning about unsafe pointer-manipulating code.

Funder

European Research Council

Publisher

Association for Computing Machinery (ACM)

Link

https://dl.acm.org/doi/pdf/10.1145/3656422

Reference55 articles.

1. Andrew W. Appel. 2014. Program Logics for Certified Compilers. https://www.cambridge.org/de/academic/subjects/computer-science/programming-languages-and-applied-logic/program-logics-certified-compilers

2. Matt Asay. 2020. Why AWS loves Rust, and how we’d like to help. https://aws.amazon.com/de/blogs/opensource/why-aws-loves-rust-and-how-wed-like-to-help/ Last accessed 07 October 2021

3. Vytautas Astrauskas, Peter Müller, Federico Poli, and Alexander J. Summers. 2019. Leveraging Rust types for modular specification and verification. Proc. ACM Program. Lang., 3, OOPSLA (2019), 147:1–147:30. https://doi.org/10.1145/3360573 10.1145/3360573

4. The Rustonomicon authors. 2023. The nullable pointer optimization. https://doc.rust-lang.org/nomicon/ffi.html#the-nullable-pointer-optimization Last accessed 16 Nov 2023

5. The Rustonomicon authors. 2023. Vector implementation. https://doc.rust-lang.org/nomicon/vec/vec-final.html Last accessed 16 Nov 2023