SaTC: CORE: Small: Collaborative: Understanding and Detecting Memory Bugs in Rust

SaTC：核心：小：协作：理解和检测 Rust 中的内存错误

• 批准号: 1955965
• 负责人: Linhai Song
• 金额: $ 29.84万
• 依托单位: Pennsylvania State Univ University Park
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2020
• 资助国家: 美国
• 起止时间: 2020-07-01 至 2024-05-31
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1955965&HistoricalAwards=false
• 关键词: SaTC; CORE; Small; Collaborative; Understanding

Rust is a young programming language designed for systems software development. Its main design goal is to achieve runtime performance as good as its competitor language, C, while offering better memory and thread safety using a linear type system and strict compile-time checking. Rust has become increasingly popular among developers of safety-critical software, such as operating systems, browsers, and block-chain systems. However, both practitioners and researchers know little about the status of memory bugs in real-world Rust programs. For example, do Rust compile-time checks eliminate all memory bugs? If not, do memory bugs in Rust exhibit certain detectable patterns? This project seeks answers to these questions by devising techniques to identify and eliminate the memory bugs? In particular, it aims to achieve a better understanding of common mistakes made by Rust programmers and build novel techniques to catch memory bugs missed by Rust compile-time checks. The outcome will influence how Rust evolves, guide how developers program Rust safely, and improve the safety of the Rust ecosystem. Rust safety mechanisms are sound, but sometimes they are too strict and prevent flexible control over low-level resources. To mitigate this problem, Rust allows developers to bypass its compiler checks using unsafe code. A function can be declared as unsafe. A piece of code inside a safe function can be unsafe, known as interior unsafe, where the unsafe code is encapsulated internally and treated as safe externally. Unfortunately, unsafe code and interior unsafe code can lead to memory bugs since they bypass Rust safety checks. This project aims to better understand Rust memory bugs and build novel static/dynamic tools to combat Rust memory bugs. This project contains three components: (1) a comprehensive taxonomy of Rust memory bugs, (2) novel static techniques to identify memory bugs in interior unsafe functions, and (3) novel fuzzing techniques enhanced by the safe/unsafe information in Rust.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Rust是一种年轻的编程语言，专为系统软件开发而设计。它的主要设计目标是实现与竞争对手C语言一样好的运行时性能，同时使用线性类型系统和严格的编译时检查提供更好的内存和线程安全性。Rust在安全关键软件（如操作系统、浏览器和区块链系统）的开发人员中越来越受欢迎。然而，实践者和研究人员对真实世界Rust程序中内存错误的状态知之甚少。例如，Rust编译时检查是否消除了所有内存错误？如果不是，Rust中的内存错误是否表现出某些可检测的模式？这个项目寻求这些问题的答案，通过设计技术来识别和消除内存错误？特别是，它旨在更好地理解Rust程序员所犯的常见错误，并构建新颖的技术来捕获Rust编译时检查遗漏的内存错误。结果将影响Rust的发展，指导开发人员如何安全地编程Rust，并提高Rust生态系统的安全性。 Rust安全机制是健全的，但有时它们过于严格，妨碍了对低级资源的灵活控制。为了缓解这个问题，Rust允许开发人员使用不安全的代码绕过其编译器检查。一个函数可以被声明为不安全。安全函数中的一段代码可能是不安全的，称为内部不安全，其中不安全的代码在内部封装并在外部视为安全。不幸的是，不安全代码和内部不安全代码可能会导致内存错误，因为它们绕过了Rust安全检查。该项目旨在更好地理解Rust内存错误，并构建新颖的静态/动态工具来对抗Rust内存错误。该项目包含三个组成部分：（1）Rust内存错误的全面分类，（2）识别内部不安全函数中内存错误的新型静态技术，以及（3）通过Rust中的安全/不安全信息增强的新型模糊技术。该奖项反映了NSF的法定使命，并通过使用基金会的知识价值和更广泛的影响审查标准进行评估，被认为值得支持。

项目成果

Automatically detecting and fixing concurrency bugs in go software systems

自动检测并修复Go软件系统中的并发错误

• DOI: 10.1145/3445814.3446756
• 发表时间: 2021
• 期刊: Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
• 作者: Liu, Ziheng;Zhu, Shuofei;Qin, Boqin;Chen, Hao;Song, Linhai
• 通讯作者: Song, Linhai

Who goes first? detecting go concurrency bugs via message reordering

• DOI: 10.1145/3503222.3507753
• 发表时间: 2022-02
• 期刊: Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems
• 作者: Ziheng Liu;Shi-Xiong Xia;Yu Liang;Linhai Song;Hong Hu

Learning and Programming Challenges of Rust: A Mixed-Methods Study

• DOI: 10.1145/3510003.3510164
• 发表时间: 2022-05
• 期刊: 2022 IEEE/ACM 44th International Conference on Software Engineering (ICSE)
• 作者: Shuofei Zhu;Ziyi Zhang;Boqin Qin;Aiping Xiong;Linhai Song

Beyond Bot Detection: Combating Fraudulent Online Survey Takers

超越机器人检测：打击欺诈性在线调查者

• DOI: 10.1145/3485447.3512230
• 发表时间: 2022
• 期刊: Proceedings of the Web Conference 2022
• 作者: Zhang, Ziyi;Zhu, Shuofei;Mink, Jaron;Xiong, Aiping;Song, Linhai;Wang, Gang
• 通讯作者: Wang, Gang

VRLifeTime -- An IDE Tool to Avoid Concurrency and Memory Bugs in Rust

VRLifeTime——避免 Rust 并发和内存错误的 IDE 工具

• DOI: 10.1145/3372297.3420024
• 发表时间: 2020
• 期刊: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
• 作者: Zhang, Ziyi;Qin, Boqin;Chen, Yilun;Song, Linhai;Zhang, Yiying
• 通讯作者: Zhang, Yiying