Fearless Unsafe. A More User-friendly Document for Unsafe Rust Programming Base on Refined Safety Properties

Rust, a popular systems-level programming language, has garnered widespread attention due to its features of achieving run-time efficiency and memory safety. With an increasing number of real-world projects adopting Rust, understanding how to assist programmers in correctly writing unsafe code poses a significant challenge. Based on our observations, the current standard library has many unsafe APIs, but their descriptions are not uniform, complete, and intuitive, especially in describing safety requirements. Therefore, we advocate establishing a systematic category of safety requirements for revising those documents. In this paper, we extended and refined our study in ICSE 2024. We defined a category of Safety Properties (22 items in total) that learned from the documents of unsafe APIs in the standard library. Then, we labeled all public unsafe APIs (438 in total) and analyzed their correlations. Based on the safety properties, we reorganized all the unsafe documents in the standard library and designed a consultation plugin into rust-analyzer as a complementary tool to assist Rust developers in writing unsafe code. To validate the practical significance, we categorized the root causes of all Rust CVEs up to 2024-01-31 (419 in total) into safety properties and further counted the real-world usage of unsafe APIs in the crates.io ecosystem.