Verifying Rust Programs with SMACK

Baranowski, Marek S.; He, Shaobo; Rakamarić, Zvonimir

doi:10.1007/978-3-030-01090-4_32

Cited by 35 publications

(26 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Rust Verification Tools. CRUST [Toman et al 2015], a recent adaptation of SMACK [Baranowski et al 2018], andLindner et al [2018]'s work provide bounded verification tools for Rust (including unsafe code); these tools allow user checks to be added as Rust expressions. These tools work on C/LLVM code where Rust's type information is absent.…”

Section: Related Workmentioning

confidence: 99%

Leveraging rust types for modular specification and verification

Astrauskas

Müller

Poli

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Rust's type system ensures memory safety: well-typed Rust programs are guaranteed to not exhibit problems such as dangling pointers, data races, and unexpected side effects through aliased references. Ensuring correctness properties beyond memory safety, for instance, the guaranteed absence of assertion failures or more-general functional correctness, requires static program verification. For traditional system programming languages, formal verification is notoriously difficult and requires complex specifications and logics to reason about pointers, aliasing, and side effects on mutable state. This complexity is a major obstacle to the morewidespread verification of system software. In this paper, we present a novel verification technique that leverages Rust's type system to greatly simplify the specification and verification of system software written in Rust. We analyse information from the Rust compiler and synthesise a corresponding core proof for the program in a flavour of separation logic tailored to automation. To verify correctness properties beyond memory safety, users can annotate Rust programs with specifications at the abstraction level of Rust expressions; our technique weaves them into the core proof to verify modularly whether these specifications hold. Crucially, our proofs are constructed and checked automatically without exposing the underlying formal logic, allowing users to work exclusively at the level of abstraction of the programming language. As such, our work enables a new kind of verification tool, with the potential to impact a wide audience and allow the Rust community to benefit from state-of-the-art verification techniques. We have implemented our techniques for a subset of Rust; our evaluation on several thousand functions from widely-used Rust crates demonstrates its effectiveness.

show abstract

Section: Related Workmentioning

confidence: 99%

Leveraging rust types for modular specification and verification

Astrauskas

Müller

Poli

et al. 2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

show abstract

“…It is based on a higher-level intermediate framework called Viper [33] (that internally uses Boogie in some scenarios). Other verification efforts for Rust employ a translation to LLVM and then leverage LLVM-based verification techniques (see, e.g., [6,27,39]).…”

Section: Related Workmentioning

confidence: 99%

The Move Prover

Zhong

Cheang

Qadeer

et al. 2020

Computer Aided Verification

View full text Add to dashboard Cite

The Libra blockchain is designed to store billions of dollars in assets, so the security of code that executes transactions is important. The Libra blockchain has a new language for implementing transactions, called “Move.” This paper describes the Move Prover, an automatic formal verification system for Move. We overview the unique features of the Move language and then describe the architecture of the Prover, including the language for formal specification and the translation to the Boogie intermediate verification language .

show abstract

“…A majority of existing papers on Rust security focuses on formal verification [4,7,9] and bug detection [5,8,13,17]. Formal verification aims at proving the correctness of Rust programs mathematically.…”

Section: Related Workmentioning

confidence: 99%

“…Although it is well-known that unsafe Rust could undermine the memory-safety of Rust programs, its actual impact on real-world programs remains unclear. Existing work on Rust reliability mainly focus on how to test Rust programs to find bugs [13,17] or proving the security property of Rust language system via formal verification [4,5,9]. Current literature still lacks an understanding of the memory-safety bugs in real-world Rust programs.…”

Section: Introductionmentioning

confidence: 99%

Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs

Xu¹,

Chen²,

Sun³

et al. 2020

Preprint

View full text Add to dashboard Cite

Rust is an emerging programing language that aims at preventing memory-safety bugs without sacrificing much efficiency. The property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memorysafety promise? This paper studies the question by surveying the bug reports collected from two public datasets, Advisorydb and Trophy-cases, which contain all existing CVEs (common vulnerability and exposures) of Rust. We manually analyze each bug and extract their memory-safety issues and culprits. Our results show that buffer overflow and dangling pointers are still the major memory-safety issues in Rust, and most culprits are related to unsafe Rust. Such security issues reveal that the security cost of Rust to support unsafe functions is high. To elaborate, the culprits of buffer overflow bugs in Rust are very similar to those in C/C++, which generally involve both logical errors and arbitrary pointer operations that are allowed only by unsafe Rust. However, the culprits of dangling pointers in Rust have unique patterns, especially those related to the vulnerability of Rust's borrow checker and lifetime checker. Based on these findings, we further suggest two directions to improve the resilience of Rust against dangling pointers, including recommending the best practice of some APIs to program developers, as well as approaches to enhancing the borrow checker and lifetime checker. Our work intends to raise more concerns regarding the memory-safety promise of Rust and facilitates the maturity of the language.

show abstract

Verifying Rust Programs with SMACK

Cited by 35 publications

References 8 publications

Leveraging rust types for modular specification and verification

Leveraging rust types for modular specification and verification

The Move Prover

Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs

Contact Info

Product

Resources

About