Fast Summary-based Whole-program Analysis to Identify Unsafe Memory Accesses in Rust
arxiv(2023)
摘要
Rust is one of the most promising systems programming languages to
fundamentally solve the memory safety issues that have plagued low-level
software for over forty years. However, to accommodate the scenarios where
Rust's type rules might be too restrictive for certain systems programming and
where programmers opt for performance over security checks, Rust opens security
escape hatches allowing writing unsafe source code or calling unsafe libraries.
Consequently, unsafe Rust code and directly-linked unsafe foreign libraries may
not only introduce memory safety violations themselves but also compromise the
entire program as they run in the same monolithic address space as the safe
Rust.
This problem can be mitigated by isolating unsafe memory objects (those
accessed by unsafe code) and sandboxing memory accesses to the unsafe memory.
One category of prior work utilizes existing program analysis frameworks on
LLVM IR to identify unsafe memory objects and accesses. However, they suffer
the limitations of prolonged analysis time and low precision. In this paper, we
tackled these two challenges using summary-based whole-program analysis on
Rust's MIR. The summary-based analysis computes information on demand so as to
save analysis time. Performing analysis on Rust's MIR exploits the rich
high-level type information inherent to Rust, which is unavailable in LLVM IR.
This manuscript is a preliminary study of ongoing research. We have prototyped
a whole-program analysis for identifying both unsafe heap allocations and
memory accesses to those unsafe heap objects. We reported the overhead and the
efficacy of the analysis in this paper.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要