Memory corruption is one of the oldest and most disruptive problems in computer security, through which attackers may maliciously alter the program control flow. Unsafe languages, such as C and C++, are prone to these types of vulnerability. A promising alternative is Rust, which ensures memory safety through proper compile-time checks with no penalties at run-time. However, the Rust compiler is not able to provide these guarantees when programmers use Rust unsafe features or integrate code written in an unsafe language through the Foreign Function Interface mechanism. If the unsafe features and the integration of unsafe code are not handled with extreme care, the memory errors that Rust aims to eliminate may be reintroduced. Here, we define a static taint analysis that targets both Rust and foreign code to detect the common memory errors use-after-free, never-free, and double-free, and implement it in the tool crema. Our experimental evaluation on real cases from GitHub shows that crema detects memory errors effectively.
Detecting memory errors in rust programs including unsafe foreign code / Franceschi, Andrea; Galletta, Letterio; Degano, Pierpaolo. - 16192:(2025), pp. 167-184. ( SEFM 2025 - 23rd International Conference on Software Engineering and Formal Methods Toledo, Spain 10-14/11/2025) [10.1007/978-3-032-10444-1_11].
Detecting memory errors in rust programs including unsafe foreign code
Franceschi Andrea;Galletta Letterio;Degano Pierpaolo
2025
Abstract
Memory corruption is one of the oldest and most disruptive problems in computer security, through which attackers may maliciously alter the program control flow. Unsafe languages, such as C and C++, are prone to these types of vulnerability. A promising alternative is Rust, which ensures memory safety through proper compile-time checks with no penalties at run-time. However, the Rust compiler is not able to provide these guarantees when programmers use Rust unsafe features or integrate code written in an unsafe language through the Foreign Function Interface mechanism. If the unsafe features and the integration of unsafe code are not handled with extreme care, the memory errors that Rust aims to eliminate may be reintroduced. Here, we define a static taint analysis that targets both Rust and foreign code to detect the common memory errors use-after-free, never-free, and double-free, and implement it in the tool crema. Our experimental evaluation on real cases from GitHub shows that crema detects memory errors effectively.| File | Dimensione | Formato | |
|---|---|---|---|
|
camera ready SEFM_2025_Franceschi_Galletta_Degano.pdf
accesso aperto
Descrizione: Postprint - Detecting Memory Errors in Rust Programs Including Unsafe Foreign Code
Tipologia:
Documento in Post-print
Licenza:
Creative commons
Dimensione
393.66 kB
Formato
Adobe PDF
|
393.66 kB | Adobe PDF | Visualizza/Apri |
|
978-3-032-10444-1_11.pdf
non disponibili
Descrizione: Detecting Memory Errors in Rust Programs Including Unsafe Foreign Code
Tipologia:
Versione Editoriale (PDF)
Licenza:
Copyright dell'editore
Dimensione
1.13 MB
Formato
Adobe PDF
|
1.13 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
