rCanary: Detecting Memory Leaks Across Semi-automated Memory Management Boundary in Rust

Rust is an effective system programming language that guarantees memory safety via compile-time verifications. It employs a novel ownership-based resource management model to facilitate automated deallocation. This model is anticipated to eliminate memory leaks. However, we observed that user interv...

Full description

Saved in:
Bibliographic Details
Published in:arXiv.org 2024-08
Main Authors: Cui, Mohan, Xu, Hui, Tian, Hongliang, Zhou, Yangfan
Format: Article
Language:English
Subjects:
Automation
Coders
Leak detection
Memory management
Programming languages
Resource management
Safety
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Rust is an effective system programming language that guarantees memory safety via compile-time verifications. It employs a novel ownership-based resource management model to facilitate automated deallocation. This model is anticipated to eliminate memory leaks. However, we observed that user intervention drives it into semi-automated memory management and makes it error-prone to cause leaks. In contrast to violating memory-safety guarantees restricted by the unsafe keyword, the boundary of leaking memory is implicit, and the compiler would not emit any warnings for developers. In this paper, we present rCanary, a static, non-intrusive, and fully automated model checker to detect leaks across the semiautomated boundary. We design an encoder to abstract data with heap allocation and formalize a refined leak-free memory model based on boolean satisfiability. It can generate SMT-Lib2 format constraints for Rust MIR and is implemented as a Cargo component. We evaluate rCanary by using flawed package benchmarks collected from the pull requests of open-source Rust projects. The results indicate that it is possible to recall all these defects with acceptable false positives. We further apply our tool to more than 1,200 real-world crates from crates.io and GitHub, identifying 19 crates having memory leaks. Our analyzer is also efficient, that costs 8.4 seconds per package.
ISSN:2331-8422