research-article

Open access

A Lightweight Formalism for Reference Lifetimes and Borrowing in Rust

Author:

David J. PearceAuthors Info & Claims

ACM Transactions on Programming Languages and Systems (TOPLAS), Volume 43, Issue 1

Article No.: 3, Pages 1 - 73

https://doi.org/10.1145/3443420

Published: 17 April 2021 Publication History

All formats PDF

Abstract

Rust is a relatively new programming language that has gained significant traction since its v1.0 release in 2015. Rust aims to be a systems language that competes with C/C++. A claimed advantage of Rust is a strong focus on memory safety without garbage collection. This is primarily achieved through two concepts, namely, reference lifetimes and borrowing. Both of these are well-known ideas stemming from the literature on region-based memory management and linearity/uniqueness. Rust brings both of these ideas together to form a coherent programming model. Furthermore, Rust has a strong focus on stack-allocated data and, like C/C++ but unlike Java, permits references to local variables.

Type checking in Rust can be viewed as a two-phase process: First, a traditional type checker operates in a flow-insensitive fashion; second, a borrow checker enforces an ownership invariant using a flow-sensitive analysis. In this article, we present a lightweight formalism that captures these two phases using a flow-sensitive type system that enforces “type and borrow safety.” In particular, programs that are type and borrow safe will not attempt to dereference dangling pointers. Our calculus core captures many aspects of Rust, including copy- and move-semantics, mutable borrowing, reborrowing, partial moves, and lifetimes. In particular, it remains sufficiently lightweight to be easily digested and understood and, we argue, still captures the salient aspects of reference lifetimes and borrowing. Furthermore, extensions to the core can easily add more complex features (e.g., control-flow, tuples, method invocation). We provide a soundness proof to verify our key claims of the calculus. We also provide a reference implementation in Java with which we have model checked our calculus using over 500B input programs. We have also fuzz tested the Rust compiler using our calculus against 2B programs and, to date, found one confirmed compiler bug and several other possible issues.

References

[1]

A. Aiken, M. Fähndrich, and R. Levien. 1995. Better static memory management: Improving region-based analysis of higher-order languages. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI’95). 174--185.

Abstract

References

Cited By

Index Terms

Recommendations

RustHorn: CHC-based Verification for Rust Programs

Leveraging rust types for modular specification and verification

RustBelt: securing the foundations of the Rust programming language

Comments

Information

Published In

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

PDF

eReader

HTML Format

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations