Detecting Unsafe Raw Pointer Dereferencing Behavior in Rust

Zhijian HUANG  Yong Jun WANG  Jing LIU  

Publication
IEICE TRANSACTIONS on Information and Systems   Vol.E101-D   No.8   pp.2150-2153
Publication Date: 2018/08/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2018EDL8040
Type of Manuscript: LETTER
Category: Dependable Computing
Keyword: 
unsafe rust,  raw pointer dereferencing,  multiple mutable references,  thief function,  

Full Text: PDF(285.6KB)
>>Buy this Article


Summary: 
The rising systems programming language Rust is fast, efficient and memory safe. However, improperly dereferencing raw pointers in Rust causes new safety problems. In this paper, we present a detailed analysis into these problems and propose a practical hybrid approach to detecting unsafe raw pointer dereferencing behaviors. Our approach employs pattern matching to identify functions that can be used to generate illegal multiple mutable references (We define them as thief function) and instruments the dereferencing operation in order to perform dynamic checking at runtime. We implement a tool named UnsafeFencer and has successfully identified 52 thief functions in 28 real-world crates*, of which 13 public functions are verified to generate multiple mutable references.