Amazon and Rust Foundation have announced an initiative focused on enhancing the safety of the standard library of the Rust language. The main goal is to ensure the reliability and safety of functions that utilize the keyword “Unsafe”, enabling operations like handling unsafe memory, manipulating pointers, modifying static variables, and interacting with external libraries in C/C++. Currently, the RUST standard library consists of approximately 35,000 functions, with 7,500 of them containing code blocks executed within the “UNSAFE” context. In the last three years, 57 issues related to the library’s correctness have been identified, with 20 of them classified as vulnerabilities.
The assessment of the library involves a competition, where participants can engage in various tasks related to conducting checks to verify the safe operation of RUST libraries or developing tools for automating such checks. Successful completion of the auditing tasks (providing formal evidence of reliability) leads to receiving remuneration. The experiments and results obtained from this work are published in a separate repository, branching from the standard Rust repository.
As of now, participants are offered tasks such as ensuring the safety of RAW pointers in functions within the Core :: ptr module and delivering formal evidence on the correctness of pointer operations. Existing tools like aeneas, kani,