Zhuohua Li, Jincheng Wang, Mingshen Sun, and John C.S. Lui
Proceedings of the 28th ACM Conference on Computer and Communications Security CCS '21, November 2021.

Availability:

Abstract.

Safe system programming is often a crucial requirement due to its critical role in system software engineering. Conventional low-level programming languages such as C and assembly are efficient, but their inherent unsafe nature makes it undesirable for security-critical scenarios. Recently, Rust has become a promising alternative for safe system-level programming. While giving programmers fine-grained hardware control, its strong type system enforces many security properties including memory safety. However, Rust’s security guarantee is not a silver bullet. Runtime crashes and memory-safety errors still harass Rust developers, causing damaging exploitable vulnerabilities, as reported by numerous studies.

In this paper, we present and evaluate MirChecker, a fully automated bug detection framework for Rust programs by performing static analysis on Rust’s Mid-level Intermediate Representation (MIR). Based on the observation of existing bugs found in Rust codebases, our approach keeps track of both numerical and symbolic information, detects potential runtime crashes and memory-safety errors by using constraint solving techniques, and outputs informative diagnostics to users. We evaluate MirChecker on both buggy code snippets extracted from existing Common Vulnerabilities and Exposures (CVE) and real-world Rust codebases. Our experiments show that MirChecker can detect all the issues in our code snippets, and is capable of performing bug finding in real-world scenarios, where it detected a total of 33 previously unknown bugs including 16 memory-safety issues from 12 Rust packages (crates) with an acceptable false-positive rate.

BibTeX Record:

@inproceedings{li21mirchecker,
    author    = "Zhuohua Li and Jincheng Wang and Mingshen Sun and John C.S. Lui",
    title     = "{MirChecker: Detecting Bugs in Rust Programs via Static Analysis}",
    booktitle = "Proceedings of the 28th ACM Conference on Computer and Communications Security",
    series    = "CCS '21",
    year      = "2021",
    month     = "11",
}