Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs
- 28 September 2021
- journal article
- research article
- Published by Association for Computing Machinery (ACM) in ACM Transactions on Software Engineering and Methodology
- Vol. 31 (1), 1-25
- https://doi.org/10.1145/3466642
Abstract
Rust is an emerging programming language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memory-safety promise? This article studies the question by surveying 186 real-world bug reports collected from several origins, which contain all existing Rust common vulnerability and exposures (CVEs) of memory-safety issues by 2020-12-31. We manually analyze each bug and extract their culprit patterns. Our analysis result shows that Rust can keep its promise that all memory-safety bugs require unsafe code, and many memory-safety bugs in our dataset are mild soundness issues that only leave a possibility to write memory-safety bugs without unsafe code. Furthermore, we summarize three typical categories of memory-safety bugs, including automatic memory reclaim, unsound function, and unsound generic or trait. While automatic memory claim bugs are related to the side effect of Rust newly-adopted ownership-based resource management scheme, unsound function reveals the essential challenge of Rust development for avoiding unsound code, and unsound generic or trait intensifies the risk of introducing unsoundness. Based on these findings, we propose two promising directions toward improving the security of Rust development, including several best practices of using specific APIs and methods to detect particular bugs involving unsafe code. Our work intends to raise more discussions regarding the memory-safety issues of Rust and facilitate the maturity of the language.Keywords
Funding Information
- China Education and Research Network (NGII20190410)
- Research Grants Council of the Hong Kong Special Administrative Region, China (CUHK 14210717)
This publication has 34 references indexed in Scilit:
- Practically Tunable Static Analysis Framework for Large-Scale JavaScript Applications (T)Published by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Fuzzing the Rust Typechecker Using CLP (T)Published by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Crust: A Bounded Verifier for Rust (N)Published by Institute of Electrical and Electronics Engineers (IEEE) ,2015
- Ownership is theftPublished by Association for Computing Machinery (ACM) ,2015
- A mechanized semantics for C++ object construction and destruction, with applications to resource managementPublished by Association for Computing Machinery (ACM) ,2012
- A mechanized semantics for C++ object construction and destruction, with applications to resource managementACM SIGPLAN Notices, 2012
- The impact of software engineering research on modern programming languagesACM Transactions on Software Engineering and Methodology, 2005
- An Effective Method to Detect Software Memory Leakage Leveraged from Neuroscience Principles Governing Human Memory BehaviorPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2005
- Abstract interpretationACM Computing Surveys, 1996
- Classes of recursively enumerable sets and their decision problemsTransactions of the American Mathematical Society, 1953