Detecting Unsafe Raw Pointer Dereferencing Behavior in Rust

Zhijian HUANG
Yong Jun WANG
Jing LIU

IEICE TRANSACTIONS on Information and Systems   Vol.E101-D    No.8    pp.2150-2153
Publication Date: 2018/08/01
Publicized: 2018/05/14
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2018EDL8040
Type of Manuscript: LETTER
Category: Dependable Computing
unsafe rust,  raw pointer dereferencing,  multiple mutable references,  thief function,  

Full Text: PDF>>
Buy this Article

The rising systems programming language Rust is fast, efficient and memory safe. However, improperly dereferencing raw pointers in Rust causes new safety problems. In this paper, we present a detailed analysis into these problems and propose a practical hybrid approach to detecting unsafe raw pointer dereferencing behaviors. Our approach employs pattern matching to identify functions that can be used to generate illegal multiple mutable references (We define them as thief function) and instruments the dereferencing operation in order to perform dynamic checking at runtime. We implement a tool named UnsafeFencer and has successfully identified 52 thief functions in 28 real-world crates*, of which 13 public functions are verified to generate multiple mutable references.