Safer at Any Speed: Automatic Context-Aware Safety Enhancement for Rust [abstract] (PDF)
Natalie Popescu*, Ziyang Xu*, Sotiris Apostolakis, David I. August, and Amit Levy
Proceedings of the ACM on Programming Languages, Volume 5, Issue OOPSLA (OOPSLA), October 2021.
(*Co-first authors) Awarded all top ACM Reproducibility Badges offered by the Artifact Evaluation Committee.
Type-safe languages improve application safety by eliminating whole classes of vulnerabilitiesÅsuch as buffer
overflowsÅby construction. However, this safety sometimes comes with a performance cost. As a result,
many modern type-safe languages provide escape hatches that allow developers to manually bypass them.
The relative value of performance to safety and the degree of performance obtained depends upon the
application context, including user goals and the hardware upon which the application is to be executed. Since
libraries may be used in many different contexts, library developers cannot make safety-performance trade-off
decisions appropriate for all cases. Application developers can tune libraries themselves to increase safety
or performance, but this requires extra effort and makes libraries less reusable. To address this problem, we
present NADER, a Rust development tool that makes applications safer by automatically transforming unsafe
code into equivalent safe code according to developer preferences and application context. In end-to-end
system evaluations in a given context, NADER automatically reintroduces numerous library bounds checks,
in many cases making application code that uses popular Rust libraries safer with no corresponding loss in