Zhuohua Li, Jincheng Wang, Mingshen Sun, and John C.S. Lui
Proceedings of the 28th ACM Conference on Computer and Communications Security CCS '21, November 2021.

Availability:

  • Published paper
  • Source code

Abstract.

Safe system programming is often a crucial requirement due to its critical role in system software engineering. Conventional low- level programming languages such as C and assembly are efficient, but their inherent unsafe nature makes it undesirable for security- critical scenarios. Recently, Rust has become a promising alternative for safe system-level programming. While giving programmers fine- grained hardware control, its strong type system enforces many se- curity properties including memory safety. However, Rust’s security guarantee is not a silver bullet. Runtime crashes and memory-safety errors still harass Rust developers, causing damaging exploitable vulnerabilities, as reported by numerous studies.

In this paper, we present and evaluate MirChecker, a fully automated bug detection framework for Rust programs by perform- ing static analysis on Rust’s Mid-level Intermediate Representation (MIR). Based on the observation of existing bugs found in Rust code- bases, our approach keeps track of both numerical and symbolic information, detects potential runtime crashes and memory-safety errors by using constraint solving techniques, and outputs infor- mative diagnostics to users. We evaluate MirChecker on both buggy code snippets extracted from existing Common Vulnera- bilities and Exposures (CVE) and real-world Rust codebases. Our experiments show that MirChecker can detect all the issues in our code snippets, and is capable of performing bug finding in real- world scenarios, where it detected a total of 33 previously unknown bugs including 16 memory-safety issues from 12 Rust packages (crates) with an acceptable false-positive rate.

BibTeX Record:

@inproceedings{li21mirchecker,
    author    = "Zhuohua Li and Jincheng Wang and Mingshen Sun and John C.S. Lui",
    title     = "{MirChecker: Detecting Bugs in Rust Programs via Static Analysis}",
    booktitle = "Proceedings of the 28th ACM Conference on Computer and Communications Security",
    series    = "CCS '21",
    year      = "2021",
    month     = "11",
}