►
Description
Hui Xu describes experiences teaching a Memory Safety and PL Design course in Rust. Xu quantitatively reports on student success and points out some difficulties with the approach, leading to an ongoing software project that builds a knowledge base of common Rust mistakes and uses a neural network architecture to make code suggestions to Rust student programmers.
A
Hello,
everyone,
it's
my
privilege
to
share
my
experiences
of
teaching
rust
and
our
research
work
about
doing
some
code
recommendations
to
assist
right,
beginners,
okay,
so
my
talk
consists
of
these
three
parts.
The
first
one
is
my
background
and
second
part
is
my
experiences
of
teaching
rust.
And
finally,
my
research
work
on
some
code
recommendation
research
and
I'm
a
tenure
track,
associate
professor
at
fudan
university.
My
research
interests
lacking
software
reliability,
especially
using
some
program
analysis
techniques
to
enhance
software
detail
bags,
and
I
have
done
some
publications
related
to
rush.
A
So
that's
how
I
know
russ,
that's
how
I
learn
rest.
So
the
main
course
I
teach
at
fuda
university
are
these
two
courses.
The
first
one
is
the
post-graduate
course.
It's
a
member
safety
and
program
language
design.
In
this
course,
I
teach
the
basic
design
principles
of
rust
and
the
memory
safety
issues
it
aimed
to
address,
and
the
second
cause
of
compeller
theory
is
an
undergraduate
cause,
and
in
this
course
I
also
introduced
some
concept
related
to
rust,
for
example,
some
grammars
of
the
type
system.
A
So
why
I'm
interested
in
rush?
Because
I'm
doing
such
a
very
reliability
research
and
in
this
field
we
cannot
trust
developers,
of
course,
where
in
the
past
there
are
already
many
people
working
on
detecting
bugs
through
software
testing
or
static
analysis
or
dynamic
analysis.
But
there's
you,
as
you
know,
still
many
banks
in
software.
So
rush
aim
to
tackle
this
problem
from
a
new
trial.
It
tried
to
prevent
critical
bugs
through
language
design,
was
still
offering
adequate
control
flexibility.
A
Well,
the
goal
is
ambitious,
but
it's
view
it's
also
very
challenging
to
balance
between
the
security
and
usability.
So
that's
why
I'm
curious
about
whether
russ
can
achieve
the
goal.
So
I
did
my
research
work
by
story,
many
bugs
like
some
cves
and
do
some
program
analysis
research
related
to
rust.
A
So
I
want
to
highlight
the
resultant
method
v.
So
this
survey
is
based
on
a
data
set
of
over
100
memory
box
and
this
box.
Some
bugs
are
from
a
certain
third
party
libraries,
somebody
from
the
standard,
libraries
or
the
compellers,
and
the
result
the
the
main
result
is
rust,
is
really
effective
in
memory
city
protection
as
an
evidence,
all
these
boxes
require
acid
coat.
I
accept
the
compeller
back
and,
secondly,
most
cves,
which
are
the
the
most
critical
bugs
are.
They
are
api
soundness
issues.
A
None
of
these
cves
are
found
in
executable
programs,
which
means
the
apical
and
sound
the
the
back
reporters.
They
can
write
some
proof
of
concept
examples.
They
call
this
and
some
sip
apis
and
without
using
any
acid
code,
they
can
trigger
some
memory
safety
problems.
A
So
all
these
parts
they
are
epsilon
is
issues.
They
are
meld
issues
unless
this
this
some
issues
shows
they
they
propagate.
They
have
to
escalate
to
some
execute
votes.
They
will
not
lead
to
security
consequences
and
in
practice
I
found
no
such
bank
report.
So
that's
the
second
evidence
why
rust
that
converts
me
rusty
is
really
effective.
A
So
I
based
on
my
result,
I
think
roster
is
a
successful
language.
I
I
also
get
some
similar
feedback
from
my
colleague
or
student.
My
student
told
me
as
long
as
I
as
a
rasa
program
can
compel
the
fql
is
always
likely
to
work.
A
It
will
not
crash
and
another
senior
russia
device
developer
told
me.
I
can
always
feel
masculine
improvement
in
using
the
language.
There
are
many
interesting
concept
to
learn
and
the
second
reason
why
I
I
choose
to
teach
rust,
because
it's
a
new
language
with
very
few
lactic
features.
Imagine
c
plus
plus
the
intelligent
pointers.
A
Some
some
people
often
try
to
compare
intelligent
pointers
with
rafter
as
a
reference
counter
and
lots
of
ownership,
but
in
c
plus
plus,
you
can
still
use
raw
pointers,
as
you
very
often
so
you
see
plus
parts
that
the
language
is
not
as
secure,
because
there
are
many
legislative
features
and
besides
there
are
many
attractive
features
of
rush
as
a
new
program
language.
A
Besides
a
memory
safety
guarantee,
for
example,
the
power,
powerful
system
and
the
exception
handling
mechanism,
I
will
use
these
two
concrete
examples
to
to
to
demonstrate
the
the
features
I
like
the
first
one
is
the
variable
declaration.
A
Grammar
is
very
simple,
but
it
is
very,
I
think
it's
very
important
so,
as
you
know,
raster
the
tag
always
comes
after
the
identifier
and
but
which
is
very
different
from
c
plus
plus
that
have
come
before
the
the
adding
file.
So
what's
what's
important
here
is
that
for
for
for
such
syntax,
you
can.
A
It
is
much
easier
to
develop
an
efficient
top-down
pattern
or
recursive
design
pattern,
and,
secondly,
is
the
code
will
look
more
compact
for
tapping
inference
for
c
plus
plus
you
have
to,
since
you
have
to
write
some
tab
before
the
identifier,
so
the
pythagorean
is
expect
some
tab
as
a
placeholder.
A
So
if
you
you,
you
want
to
omit
the
the
tab
before
the
identifier
you
have
to
use
auto,
but
in
rust
you
can
directly
omit
the
the
tab,
and
the
second
example
is
a
treat
bond
which
can
developers
have
to
declare
bom
boundary
generic
parameters,
which
is
very
different
to
other
program
languages
with
generic
parameters
such
as
c
plus
plus,
you
can
declare
a
generic
parameter
with
a
template,
but
you
cannot
bound
the
the
template,
c,
plus
plus
c
support
for
other
language,
like
c
sharp
java.
They
also
have.
A
They
also
have
cell
tree
bond,
but
I
think
rust
rust
is
very,
it's
very
convenient
to
use
such
bond
and
they
are
very
useful
for
debugging
and
also
very
useful
for
that.
The
security
control
are
thinking
about
the
sin
and
the
sink
treat.
They
are
very
important
for
the
memory
safety,
so
in
the
second
part
I
will
share
my
experiences
of
teaching
rust.
I
will
focus
on
the
the.
A
Course,
and
in
this
course,
due
to
the
lockdown
this
spring
in
shanghai,
we
only
have
14
weeks
to
teach
this
course,
and
there
are
three.
There
are
three
parts
in
the
first
part,
I
teach
the
foundations
and
memory
safety.
In
the
second
part,
I
teach
the
the
syntax,
the
grammar
of
wrath
and
the
design
of
rust
and
in
the
third
part,
because
it's
postgraduate
course
so
I've
introduced
some
advanced
topics
to
the
student.
A
So
for
each
week
we
have
three
units
in
each
class.
We
have
for
45
minutes
and
I
use
two
you
need
for
teaching
and
one
unit
for
in-class
practice,
because
unless
the
student
is
really
coding,
something
they
cannot
really
learn
graph,
but
the
the
skill
so
for
in-class
practice.
They
are
attacking
experiment
and
coding
is
par
coding
practice.
A
So,
for
example,
for
the
when
teaching
the
foundation
and
memory
safety,
I
did
the
attacking
experiments
related
to
the
buffer,
overflow
and
the
hip
hip.
Overflow
attack
also
the
concurrent
memory
accessor
attack
and
unless
a
student
they
really
realize
that
the
bad
consequences
of
these
memory
safety
issues.
They
will
not
really
appreciate
the
design
right
because
it's
been
a
of.
They
will
spend
a
lot
of
time
to
to
fetter
with
this
bottle,
checker
or
other
checks
of
the
compeller.
So
that's
the
thing.
A
A
So
it's
I
have
four
four
coding
practices
for
my
student,
so
the
first
one
is
to
implement
a
band
research
tree
or
a
double
link
list,
because
the
double
linked
list
is
much
difficult
for
compared
to
the
banner
retreat,
because
the
it
requires
the
object
might
be
should
be
owned
by
two.
Two
different
should
have
different
two
different
owners,
so
the
students
have
to
either
have
to
use
ancient
code
or
or
the
reference
counter.
A
So
in
the
second
coding
experiment,
ask
the
student
to
extend
the
structure,
support
generic
parameters
and
trees,
so
they
will
implement
the
trees
such
as
eco
or
arduino.
In
in
the
third
assignment,
the
student
will
implement
an
iterator
for
the
strategy.
They
will
demonstrate
how
the
filter
works
in
this
assignment.
We
will
practice
a
closure.
A
So
in
the
fourth
segment
the
student
has
to
re,
write
the
strat
to
be
stressif.
They
will
implement
the
sync
and
send
treat
and
show
the
threat
is
expressive.
So
basically,
this
my
teaching
teaching
materials
and
this
coding
practices
the
the
group
groups
radically.
That's
the
core
patch
is
ownership,
and
then,
with
these
goals,
the
student
can
learn
the
type
system.
A
Including
the
generic
treat
and
coder
and
finally,
the
concurrency
issues,
so
my
student,
according
to
the
feedback
from
the
student
most
students
can
finish
their
assignment
in
two
hours
is
except
one
student.
Do
he
pay
take
the
double
linked
list
assignment
and
use
eight
hours
to
do
the
first
coding
practice
so
about
an
interesting
problem.
A
He
appeared
in
a
lot
of
social
media
and-
and
we
just
discussed
by
by
you
guys-
and
it's
it's
just
less
difficult
to
to
learn.
I
also
get
some
fit
responses
from
my
students
that
that
they
are
very
interesting.
A
My
student
told
me:
I'm
adjusted
are
familiar
with
ownership
and
that
student
told
me
I
just
really
have
much
restrictions
on
developers
so
that
my
third
student
told
me
that's
it,
although
that's
difficult
but
interesting
as
I
I
have
to
spend
my
time
combining
with
the
compiler
borrow
check
and
the
reference
issues,
and
the
fourth
student
told
me
it's
not
that
difficult.
If
you
have
some
supplies
plus
background,
but
I
think
left
hand
is
really
hard.
A
So
my
understanding
of
the
the
learning
curve
is,
as
I
tried
in
my
class
if
the
student
has
some
program
background
and
if
we
assume
a
minimal
raster
for
the
beginners,
although
it
is
still
not
easy
to
write
a
compatible
code
because
students
have
to
to
to
learn
the
exclusive
mutability
principle
and
left-hand
mechanism,
but
it
should
be
manageable.
All
students
can
finish
their
assignments
within
two
or
three
hours.
A
I
think
the
most
difficult
things
are.
The
advanced
features
of
rush
on
my
head.
Roster
brings
a
barrier
to
reading
the
code
rest
by
others,
especially
some
scary
coach,
as
you
posted
on
the
the
the
tulip
and
secondly,
especially
for
some
developers
from
c
plus
plus
transfer
from
these
other
program
languages.
A
They
may
ignore
the
sound
soundness
requirement
of
their
eps,
which
is
the
magical
rust
for
the
memory
safety
protection.
A
So,
oh
sorry,.
B
A
Okay,
so
for
recommendation,
I
will
focus
on
the
some
unnecessary
usage
of
our
zip
code,
so
we
want
to
suggest
a
equivalent
sequel
to
to
developers
every
skip
this
details.
There
are
some
obvious
patterns
from
github
of
the
rough
dock,
so
our
solution
is
to
based
on
the
language
server
protocol
to
recommend
to
to
to
to
do
some
recommendations
where
developers
are
coding,
so
the
techniques
it's
meaning
based
on
the
cms
graph
neural
network.
So
we
can
build.
A
And
use
a
cms
graph
neural
network
to
generate
some
embeddings.
The
technique
is
more
efficient
than
the
traditional
bad
pattern.
Graph
mentioned
is
as
much
efficient
if
you
have
a
large
code
base.
So
basically
we
extract
the
attributed
control
flow
graph
and
use
the
graph
neural
network
to
generate
the
imbalance.
A
So
finally,
concluding
remarks
is
a
successful
language
with
many
attractive
features,
and
my
experiences
of
teaching
is
really
encouraging.
I
got
positive
feedback
based
on
the
performance
of
my
students
and,
however,
the
magical
raster
lag
in
the
sony's
requirement
of
civil
apis
is
declare
retail
security
so
to
assist
assistant
russia
beginners
to
write
high
quality
code.
We
can
summarize
some
common
bio
patterns
and
make
recommendations
when
where
they
are
coding,
so
the
techniques
I
mean
based
on
language,
server,
protocol
and
semi
graph
neural
network.
So
that's
all.
B
All
right,
great
thanks
wade,
so
we
have
time
for
maybe
one
or
two
questions.
If
anybody
wants
to
pop
one
in
the
chat
and
otherwise
yeah
we'll
have
our
next
speaker
get
ready
soon,.
A
I
thought
it
was
20
minutes
talk.
B
Yeah,
so
one
question
is:
could
you
extend
ideas
of
recommendation
to
code
with
type
errors?
So
does
your
recommendation
work
when
a
program
is
ill-typed
or
could
it.
A
I
think
the
code
recommendation
as
long
as
it
really
depends
on
whether
you
can
build
you
can
you
can
you
can
collect
much
money
sample
enough
sample
to
train
the
knowledge
base
so
because,
as
you
know,
we
use
a
neural
net
network,
you
have
to
do.
You
have
to
collect
many
code,
hundreds
of
code
or
something
or
code,
and
do
code
recommendation.
A
So
as
long
as
we
traditionally
to
detect
hyperios,
we
usually
use
some
static
analysis
approach
and
it's
really
heuristic
to
use
this
good
recommendation
approach.
But
it's
worth
to
to
it's
worth.