"Against the Void": An Interview and Survey Study on How Rust Developers Use Unsafe Code
arxiv(2024)
摘要
The Rust programming language is an increasingly popular choice for systems
programming, since it can statically guarantee memory safety without automatic
garbage collection. Rust provides its safety guarantees by restricting aliasing
and mutability, but many key design patterns, such as cyclic aliasing and
multi-language interoperation, must bypass these restrictions. Rust's
keyword enables features that developers can use to implement
these patterns, and the Rust ecosystem includes useful tools for validating
whether code is used correctly. However, it is unclear if
these tools are adequate for all use cases. To understand developers' needs, we
conducted a mixed-methods study consisting of semi-structured interviews
followed by a survey. We interviewed 19 Rust developers and surveyed 160
developersx2013all of whom engaged with code. We
found that 77
were motivated to use code because they were unaware of a
safe alternative. Developers typically followed best-practices such as
minimizing and localizing their use of code, but only 23
were always certain that their encapsulations were sound. Limited tooling
support for inline assembly and foreign function calls prevented developers
from validating code, and differences between Rust and other
languages made foreign functions difficult to encapsulate. Verification tools
were underused, and developers rarely audited their dependencies. Our results
indicate a pressing need for production-ready tools that can validate the most
frequently used features.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要