A Trace-based Approach for Code Safety Analysis
Hui Xu
TL;DR
The paper addresses undefined behavior in Rust by formalizing a trace-based safety framework that separates safe from unsafe code via explicit safety constraints. It presents a main theorem establishing that UB arises only from unsafe code and is governed by the unsafe code's safety constraints, and it derives soundness criteria for safe and unsafe functions. Extending the theory to struct, module, and crate levels, it introduces corollaries for sound function and struct encapsulation and defines an Unsafety Propagation Graph (UPG) to audit crates at scale. The work offers an actionable workflow for Rust crate auditing, enabling boundary-respecting encapsulation and practical verification of safety guarantees across code boundaries.
Abstract
Rust is a memory-safe programming language that disallows undefined behavior. Its safety guarantees have been extensively examined by the community through empirical studies, which has led to its remarkable success. However, unsafe code remains a critical concern in Rust. By reviewing the safety design of Rust and analyzing real-world Rust projects, this paper establishes a systematic framework for understanding unsafe code and undefined behavior, and summarizes the soundness criteria for Rust code. It further derives actionable guidance for achieving sound encapsulation.