A Lightweight Formalism for Reference Lifetimes and Borrowing in Rust

  title={A Lightweight Formalism for Reference Lifetimes and Borrowing in Rust},
  author={David J. Pearce},
  journal={ACM Transactions on Programming Languages and Systems (TOPLAS)},
  pages={1 - 73}
  • David J. Pearce
  • Published 17 April 2021
  • Computer Science
  • ACM Transactions on Programming Languages and Systems (TOPLAS)
Rust is a relatively new programming language that has gained significant traction since its v1.0 release in 2015. Rust aims to be a systems language that competes with C/C++. A claimed advantage of Rust is a strong focus on memory safety without garbage collection. This is primarily achieved through two concepts, namely, reference lifetimes and borrowing. Both of these are well-known ideas stemming from the literature on region-based memory management and linearity/uniqueness. Rust brings both… 

Figures and Tables from this paper

Verifying Whiley Programs with Boogie
This work provides evidence that Boogie is (for the most part) sufficiently general to act as an intermediate language for a wide range of source languages and can verify significantly more programs than the native Whiley verifier which was custom-built for Whiley verification.
Automatic proofs of memory deallocation for a Whiley-to-C Compiler
The design and verification of a copy elimination and memory deallocation scheme for a compiler that translates the verification-friendly programming language Whiley into efficient C code is described and benchmark results show that the compiler effectively reduces the time complexity of LZ77 decompression from O(n) to the theoretically lowest possible level O( nlog n).
Rusty Links in Local Chains
This work sketches how more more “local” ownership could be added to Rust, permitting multiple mutable references to objects, provided each reference is bounded by the object’s lifetime.
Benchmarking Runtime Scripting Performance in WebAssembly
This work uses micro-benchmarks and a macro-benchmark to compare execution times between WASM and native mode, and demonstrates a 5-10x performance penalty for WASM compared to native execution.


Patina : A Formalization of the Rust Programming Language
This model provides a syntactic version of the Borrow Checker, which may be more understandable than the non-syntactic version in Rust, and uses this model to prove the soudness of some core operations and justify the conjecture that the model, as a whole, is sound.
RustBelt meets relaxed memory
This paper adapts RustBelt to account for the relaxed-memory operations that concurrent Rust libraries actually use, in the process uncovering a data race in the Arc library.
KRust: A Formal Executable Semantics of Rust
A formal executable operational semantics of a subset of Rust, called KRust, which yields automatically a formal interpreter and verification tools for Rust programs and has been validated by testing with 182 tests.
Oxide: The Essence of Rust
Oxide is presented, a formalized programming language close to source-level Rust (but with fully-annotated types), and takes a new view of lifetimes as approximate provenances of references, and is able to automatically compute this information through a flow-sensitive substructural typing judgment for which it proves syntactic type safety using progress and preservation.
Ownership is theft: experiences building an embedded OS in rust
In the experience developing an operating system for embedded systems in Rust, it is found that Rust's ownership model prevents otherwise safe resource sharing common in the embedded domain, conflicts with the reality of hardware resources, and hinders using closures for programming asynchronously.
Leveraging rust types for modular specification and verification
This paper presents a novel verification technique that leverages Rust's type system to greatly simplify the specification and verification of system software written in Rust, and enables a new kind of verification tool, with the potential to impact a wide audience and allow the Rust community to benefit from state-of-the-art verification techniques.
CRUST : A Bounded Verifier for Rust
This work presents CRUST, a tool combining exhaustive test generation and bounded model checking to detect memory safety errors, as well as violations of Rust’s pointer aliasing invariants within unsafe library code.
Kilim: Isolation-Typed Actors for Java
Kilim is a framework that employs a combination of techniques to help create robust, massively concurrent systems in mainstream languages such as Java: (i) ultra-lightweight, cooperatively-scheduled threads, (ii) a message-passing framework and (iii) isolation-aware messaging.
System Programming in Rust: Beyond Safety
This work argues that the superpowers of Rust go beyond safety, and enables capabilities that cannot be implemented efficiently in traditional languages, both safe and unsafe, and that dramatically improve security and reliability of system software.
Stacked borrows: an aliasing model for Rust
Stacked Borrows is proposed, an operational semantics for memory accesses in Rust that defines an aliasing discipline and declares programs violating it to have undefined behavior, meaning the compiler does not have to consider such programs when performing optimizations.