Taming stateful computations in Rust with typestates

IF 1.7 3区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Journal of Computer Languages Pub Date : 2022-10-01 DOI:10.1016/j.cola.2022.101154

José Duarte , António Ravara

{"title":"Taming stateful computations in Rust with typestates","authors":"José Duarte , António Ravara","doi":"10.1016/j.cola.2022.101154","DOIUrl":null,"url":null,"abstract":"<div><p>As our lives become increasingly more reliant on software, the impact of its failures grows as well; these failures have diverse causes and their impact ranges from negligible to life-threatening; thus, it is our duty as developers to minimize their occurrence, just as other fields do.</p><p>To that end, we build abstractions, move complexity from component to component, and much more, just to stop the end-user from shooting themselves in the foot. However, building said abstractions still requires the original author to know where the pitfalls lie and how to avoid them, an implicit contract that does not constitute a guarantee that they will not shoot themselves and their users in the feet.</p><p>Rust aims to minimize the amount of handguns users have at their disposal, locking them behind special <span>unsafe</span> blocks and restricting the set of possible programs through static analysis; this analysis is performed by the compiler which ensures that the program does not contain memory related errors such as <em>use-after-free</em> bugs.</p><p>While Rust is able to succeed in the previous domain, other error classes persist, such as errors related to API misusage. Our work aims to tackle that domain, providing a tool which enables developers to write safer APIs using typestates.</p><p>We propose a macro which embeds a typestate description DSL in Rust which allows developers to specify typestates for their APIs; the typestate is checked at compile-time for common mistakes and to ensure the correct usage of the typestate, we leverage Rust’s type system.</p><p>Our work only requires a Rust compiler, avoiding workflow bloat and keeping the development experience simple; it is open-source and available at <span>https://github.com/rustype/typestate-rs</span><svg><path></path></svg>.</p></div>","PeriodicalId":48552,"journal":{"name":"Journal of Computer Languages","volume":"72 ","pages":"Article 101154"},"PeriodicalIF":1.7000,"publicationDate":"2022-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S259011842200051X/pdfft?md5=2622a5c710cc35277031a7c6298fd301&pid=1-s2.0-S259011842200051X-main.pdf","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Computer Languages","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S259011842200051X","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 2

Abstract

As our lives become increasingly more reliant on software, the impact of its failures grows as well; these failures have diverse causes and their impact ranges from negligible to life-threatening; thus, it is our duty as developers to minimize their occurrence, just as other fields do.

To that end, we build abstractions, move complexity from component to component, and much more, just to stop the end-user from shooting themselves in the foot. However, building said abstractions still requires the original author to know where the pitfalls lie and how to avoid them, an implicit contract that does not constitute a guarantee that they will not shoot themselves and their users in the feet.

Rust aims to minimize the amount of handguns users have at their disposal, locking them behind special unsafe blocks and restricting the set of possible programs through static analysis; this analysis is performed by the compiler which ensures that the program does not contain memory related errors such as use-after-free bugs.

While Rust is able to succeed in the previous domain, other error classes persist, such as errors related to API misusage. Our work aims to tackle that domain, providing a tool which enables developers to write safer APIs using typestates.

We propose a macro which embeds a typestate description DSL in Rust which allows developers to specify typestates for their APIs; the typestate is checked at compile-time for common mistakes and to ensure the correct usage of the typestate, we leverage Rust’s type system.

Our work only requires a Rust compiler, avoiding workflow bloat and keeping the development experience simple; it is open-source and available at https://github.com/rustype/typestate-rs.

查看原文本刊更多论文

用类型状态驯服Rust中的状态计算

随着我们的生活越来越依赖软件，软件故障的影响也越来越大；这些故障的原因多种多样，其影响从微不足道到危及生命不等；因此，作为开发人员，我们有责任像其他领域一样，尽量减少它们的出现。为此，我们构建抽象，将复杂性从一个组件转移到另一个组件，等等，只是为了防止最终用户自食其果。然而，构建所说的抽象仍然需要原作者知道陷阱在哪里，以及如何避免它们，这是一种隐含的契约，并不构成他们不会向自己和用户开枪的保证。Rust旨在最大限度地减少用户可支配的手枪数量，将其锁定在特殊的不安全块后面，并通过静态分析限制可能的程序集；这种分析是由编译器执行的，它确保程序不包含与内存相关的错误，例如释放错误后使用。虽然Rust能够在上一个域中成功，但其他错误类仍然存在，例如与API误用有关的错误。我们的工作旨在解决这个领域，提供一种工具，使开发人员能够使用类型状态编写更安全的API。我们提出了一个宏，它在Rust中嵌入了一个类型状态描述DSL，允许开发人员为他们的API指定类型状态；在编译时会检查typestate是否存在常见错误，为了确保typestate的正确使用，我们利用了Rust的类型系统。我们的工作只需要一个Rust编译器，避免了工作流程膨胀，并使开发体验变得简单；它是开源的，可在https://github.com/rustype/typestate-rs.

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Computer Languages Computer Science-Computer Networks and Communications

CiteScore

5.00

自引率

13.60%

发文量