Thetis-lathe: Guidance on Reducing Residual Safety Obstacle in System Software from Rust Source Codes

Open Webpage

Renshuang Jiang, Pan Dong, Yan Ding, Ran Wei, Zhe Jiang

Published: 2025, Last Modified: 08 Nov 2025ACM Trans. Embed. Comput. Syst. 2025EveryoneRevisionsBibTeXCC BY-SA 4.0
Abstract: Programming languages play a crucial role in ensuring the safety of the Operating System (OS). Traditional low-level languages (e.g., C, C++), while high-performance, usually offer very limited protections on safety, and their vulnerability patches (e.g., AddressSanitizer, DangSan), while effective in mitigating some issues, are often too expensive. Rust language combines memory safety with performance, providing a fresh paradigm for constructing efficient, reliable, and dependable. However, existing Rust rely on unsafe code fragments to interface with low-level hardware and other programming languages, introducing critical issues: (1) compromised system-wide safety due to the presence of unsafe code, (2) inaccurate defect detection because of unavoidable interactions between unsafe and safe code; and (3) difficulty in finding an optimal balance between accuracy and efficiency of defect detection and elimination.In contrast to the previous work, we believe — “prevention is always better than cure”. Therefore, we propose a new methodology (namely Thetis) to detect and guide the minimization of unsafe fragments in Rust source code. For unsafe code detection, Thetis designs an automated inspection method based on feature extraction. For unsafe code elimination based on Unsafe Rust types and interchangeability, Thetis prop defect optimization suggestions and designs a framework to automatically provide safer code recommendations. We have designed and implemented a new tool called Thetis-lathe based on Thetis and have also ported Thetis-lathe to three mainstream Rust applications, i.e., BlogOS, rCore, and Miri Failure Set. Evaluations show that our tool improved the accuracy of defects and decreased the amount of unsafe code by 35% and undefined behavior by approximately 50%. Furthermore, Thetis-lathe speeds up the run-time about 5x compared with the sanitizer and LMbench results indicate that our approach introduces 7.6% (average) performance overhead on the entire system.