Yuga: Automatically Detecting Lifetime Annotation Bugs in the Rust Language
The Rust programming language is becoming increasingly popular among systems programmers due to its efficient performance and robust memory safety guarantees. Rust employs an ownership model to ensure these guarantees by allowing each value to be owned by only one identifier at a time. It uses the concept of borrowing and lifetimes to enable other variables to temporarily borrow values.
Despite its benefits, security vulnerabilities have been reported in Rust projects, often attributed to the use of “unsafe” Rust code. These vulnerabilities, in part, arise from incorrect lifetime annotations on function signatures. However, existing tools fail to detect these bugs, primarily because such bugs are rare, challenging to detect through dynamic analysis, and require explicit memory models.
To overcome these limitations, we characterize incorrect lifetime annotations as a source of memory safety bugs and leverage this understanding to devise a novel static analysis tool, Yuga, to detect potential lifetime annotation bugs. Yuga uses a multi-phase analysis approach, starting with a quick pattern-matching algorithm to identify potential buggy components and then conducting a flow and field-sensitive alias analysis to confirm the bugs. We also curate new datasets of lifetime annotation bugs. Yuga successfully detects bugs with good precision on these datasets, and we make the code and datasets publicly available.
Mon 23 JunDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
10:30 - 12:20 | Bug DetectionResearch Papers / Industry Papers / Demonstrations / Journal First at Aurora B Chair(s): Lingming Zhang University of Illinois at Urbana-Champaign | ||
10:30 20mTalk | Yuga: Automatically Detecting Lifetime Annotation Bugs in the Rust Language Journal First Vikram Nitin Columbia University, Anne Mulhern Red Hat Inc, Sanjay Arora Red Hat Inc, Baishakhi Ray Columbia University | ||
10:50 10mTalk | SpecChecker-Int: An Extensible Concurrency Bugs Detection Tool for Interrupt-driven Embedded Software Demonstrations Boxiang Wang Beijing Sunwise Information Technology Ltd, Chao Li Beijing Institute of Control Engineering; Beijing Sunwise Information Technology, Rui Chen Beijing Institute of Control Engineering; Beijing Sunwise Information Technology, Sheng Wang Beijing Sunwise Information Technology Ltd, Chunpeng Jia Beijing Sunwise Information Technology Ltd, Mengfei Yang China Academy of Space Technology | ||
11:00 20mTalk | dl²: Detecting Communication Deadlocks in Deep Learning Jobs Industry Papers Yanjie Gao Microsoft Research, Jiyu Luo University of Science and Technology of China, Haoxiang Lin Microsoft Research, Hongyu Zhang Chongqing University, Ming Wu Zero Gravity Labs, Mao Yang Microsoft Research DOI Pre-print | ||
11:20 20mTalk | Detecting Metadata-Related Bugs in Enterprise Applications Research Papers Md Mahir Asef Kabir Virginia Tech, Xiaoyin Wang University of Texas at San Antonio, Na Meng Virginia Tech DOI | ||
11:40 20mTalk | ROSCallBaX: Statically Detecting Inconsistencies In Callback Function Setup of Robotic Systems Research Papers Sayali Kate Purdue University, Yifei Gao Purdue University, Shiwei Feng Purdue University, Xiangyu Zhang Purdue University DOI | ||
12:00 20mTalk | Enhancing Web Accessibility: Automated Detection of Issues with Generative AI Research Papers Ziyao He University of California, Irvine, Syed Fatiul Huq University of California, Irvine, Sam Malek University of California at Irvine DOI | ||
Aurora B is the second room in the Aurora wing.
When facing the main Cosmos Hall, access to the Aurora wing is on the right, close to the side entrance of the hotel.