Tree Borrows Just Landed
Hello, Rustaceans Hope you had an awesome and productive week last week. Let’s roll! In this issue, we’ll discuss the recently published Tree Borrows paper, present you a Rust quiz, spotlight an amazing Rust project, and share ten (10) incredible links of the week. Here’s issue 76 for you! THE MAIN NEWS
Tree Borrows Just Landed 🦀
While we were still enjoying the shiny new features that released on crates.io, the quartet of Neven Villani, Johannes Hostert, Derek Dreyer, and Ralf Jung collaborated on a paper to bring Tree Borrows: a new Rust aliasing model to life. This new model, recently celebrated at PLDI’25, is shaking up how Rust handles pointer shenanigans. Below is a short intro on what problems the paper is trying to solve.
“Rust provides unsafe for which safety is not guaranteed and must be manually handled by the programmer. This creates a tension. On the one hand, compilers would like to exploit the strong guarantees of the type system in order to unlock powerful intraprocedural optimizations. On the other hand, those optimizations are easily invalidated by “badly behaved” unsafe code. To ensure correctness of such optimizations, it thus becomes necessary to clearly define what unsafe code is “badly behaved.” In prior work, Stacked Borrows defined a set of rules achieving this goal. However, Stacked Borrows rules out several patterns that turn out to be common in real-world unsafe Rust code, and it does not account for advanced features of the Rust borrow checker that were introduced more recently.
To resolve these issues, Tree Borrows was introduced. As the name suggests, Tree Borrows swaps out the rigid stack-based approach of Stacked Borrows for a tree-structured model, tracking pointer permissions with a parent-child hierarchy. It’s like giving your references a family tree instead of a single-file line at the DMV.
This setup lets Rust enforce aliasing rules at runtime, catching undefined behavior (UB) with more finesse. The cool part? It rejects 54% fewer test cases than its predecessor, meaning your sketchy unsafe code has a better shot at surviving Miri’s scrutiny. Plus, it’s been formalized in Rocq, so you know it’s not just hand-wavy promises - it’s mathematically legit.
- What’s the catch? Well, it’s not all roses. Tree Borrows introduces concepts like Frozen and Reserved permissions to handle shared and mutable references, but it’s still stricter than LLVM’s noalias in some cases, potentially leaving performance gains on the table.
The community’s debating whether to make it the official Rust aliasing model, with some configs to tweak strictness for projects like the Linux kernel. It also plays nice with optimizations like read-read reordering, but don’t expect it to greenlight every wild pointer trick you’ve got up your sleeve.
- Why should you care? If you’re writing unsafe Rust, Tree Borrows could save you from borrow checker rage while keeping your optimizations safe.
It’s a step toward making Rust’s memory model less of a dictator and more of a chill collaborator. Tree borrows has been available as an optional feature in Miri (since March 2023), which you can enable with the flag MIRIFLAGS=-Zmiri-tree-borrows. So, next time you’re wrangling pointers, Tree Borrows has your back - mostly. Just don’t expect it to write your unsafe code for you.
Tree Borrows might make Rust’s aliasing rules less thorny, but mess up, and you’ll still get barked at by the borrow checker!