当前位置: X-MOL 学术ACM Trans. Program. Lang. Syst. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Lightweight Formalism for Reference Lifetimes and Borrowing in Rust
ACM Transactions on Programming Languages and Systems ( IF 1.5 ) Pub Date : 2021-04-17 , DOI: 10.1145/3443420
David J. Pearce 1
Affiliation  

Rust is a relatively new programming language that has gained significant traction since its v1.0 release in 2015. Rust aims to be a systems language that competes with C/C++. A claimed advantage of Rust is a strong focus on memory safety without garbage collection. This is primarily achieved through two concepts, namely, reference lifetimes and borrowing . Both of these are well-known ideas stemming from the literature on region-based memory management and linearity / uniqueness . Rust brings both of these ideas together to form a coherent programming model. Furthermore, Rust has a strong focus on stack-allocated data and, like C/C++ but unlike Java, permits references to local variables. Type checking in Rust can be viewed as a two-phase process: First, a traditional type checker operates in a flow-insensitive fashion; second, a borrow checker enforces an ownership invariant using a flow-sensitive analysis. In this article, we present a lightweight formalism that captures these two phases using a flow-sensitive type system that enforces “ type and borrow safety .” In particular, programs that are type and borrow safe will not attempt to dereference dangling pointers. Our calculus core captures many aspects of Rust, including copy- and move-semantics, mutable borrowing, reborrowing, partial moves, and lifetimes. In particular, it remains sufficiently lightweight to be easily digested and understood and, we argue, still captures the salient aspects of reference lifetimes and borrowing. Furthermore, extensions to the core can easily add more complex features (e.g., control-flow, tuples, method invocation). We provide a soundness proof to verify our key claims of the calculus. We also provide a reference implementation in Java with which we have model checked our calculus using over 500B input programs. We have also fuzz tested the Rust compiler using our calculus against 2B programs and, to date, found one confirmed compiler bug and several other possible issues.

中文翻译:

Rust 中引用生命周期和借用的轻量级形式主义

Rust 是一种相对较新的编程语言,自 2015 年发布 v1.0 以来获得了极大的关注。Rust 旨在成为一种与 C/C++ 竞争的系统语言。Rust 的一个声称的优势是在没有垃圾收集的情况下非常关注内存安全。这主要是通过两个概念来实现的,即参考寿命借贷. 这两个都是众所周知的想法,源于关于基于区域的内存管理线性度/独特性. Rust 将这两种想法结合在一起,形成了一个连贯的编程模型。此外,Rust 非常关注堆栈分配的数据,并且与 C/C++ 一样,但与 Java 不同,它允许引用局部变量。Rust 中的类型检查可以被视为一个两阶段的过程:首先,传统的类型检查器以流不敏感的方式运行;第二,一个借用检查器使用流敏感分析强制所有权不变。在本文中,我们提出了一种轻量级形式,它使用流敏感类型系统捕获这两个阶段,该系统强制执行“键入和借用安全。” 特别是,类型和借用安全的程序不会尝试取消引用悬空指针。我们的微积分核心捕获了 Rust 的许多方面,包括复制和移动语义、可变借用、重借、部分移动和生命周期。特别是,它仍然足够轻巧,易于消化和理解,并且我们认为,它仍然抓住了参考生命周期和借用的突出方面。此外,对核心的扩展可以轻松添加更复杂的功能(例如,控制流、元组、方法调用)。我们提供了一个可靠的证明来验证我们对微积分的关键主张。我们还提供了一个 Java 参考实现,我们使用超过 500B 的输入程序对我们的微积分进行了模型检查。我们还使用我们的微积分针对 2B 程序对 Rust 编译器进行了模糊测试,迄今为止,
更新日期:2021-04-17
down
wechat
bug