Towards verifying unsafe Rust programs against Rust's pointer-aliasing restrictions

TL;DR

This paper introduces a work-in-progress program logic aimed at verifying that Rust programs, especially those using unsafe blocks, adhere to Rust's strict pointer-aliasing rules for safety.

Contribution

It proposes the first modular verification approach specifically designed for unsafe Rust code to ensure compliance with pointer-aliasing restrictions.

Findings

Developed a new program logic for unsafe Rust verification

Demonstrated the approach's potential for ensuring safety in unsafe code

Lays groundwork for future tools to verify Rust's pointer rules

Abstract

The Rust programming language is famous for its strong ownership regime: at each point, each value is either exclusively owned, exclusively borrowed through a mutable reference, or borrowed as read-only through one or more shared references. These rules, known as Rust's pointer-aliasing rules, are exploited by the Rust compiler to generate more efficient machine code, and enforced by Rust's static type system, except inside unsafe blocks. In this paper, we present our work in progress towards the first program logic for modularly verifying that Rust programs that use unsafe blocks comply with the pointer-aliasing rules.