Rust offers C/C++-level performance while enforcing memory safety through compile-time rules such as ownership and lifetimes. When these rules prove too restrictive, programmers can annotate regions as unsafe, bypassing static checks and re-introducing the risk that erroneous or malicious code corrupts otherwise safe memory. Ensuring runtime isolation therefore hinges on accurately locating every memory object an unsafe block may touch. This paper proposes and prototypes two complementary identification algorithms: (i) a dynamic scheme that tracks pointer provenance at runtime, and (ii) a static scheme that analyzes a value-flow graph built from LLVM IR. We evaluate both techniques on widely used Rust crates, highlighting trade-offs in precision and coverage.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

On the Comparison of Dynamic and Static Unsafe Objects Identification in Rust Programs

  • Shaowen Li,
  • Hiroyuki Sato

摘要

Rust offers C/C++-level performance while enforcing memory safety through compile-time rules such as ownership and lifetimes. When these rules prove too restrictive, programmers can annotate regions as unsafe, bypassing static checks and re-introducing the risk that erroneous or malicious code corrupts otherwise safe memory. Ensuring runtime isolation therefore hinges on accurately locating every memory object an unsafe block may touch. This paper proposes and prototypes two complementary identification algorithms: (i) a dynamic scheme that tracks pointer provenance at runtime, and (ii) a static scheme that analyzes a value-flow graph built from LLVM IR. We evaluate both techniques on widely used Rust crates, highlighting trade-offs in precision and coverage.