CRUST: Towards a Unified Cross-Language Program Analysis Framework for Rust

Rust is a new safe system programming language enforcing safety guarantees by novel language features, a rich type system, and strict compile-time checking rules, and thus has been used extensively to build system software. For multilingual Rust applications containing external C code, memory security vulnerabilities can occur due to the intrinsically unsafe nature of C and the improper interactions between Rust and C. Unfortunately, existing security studies on Rust only focus on pure Rust code but cannot analyze either the native C code or the Rust/C interactions in multilingual Rust applications. As a result, the lack of such studies may defeat the guarantee that Rust is a safe language.This paper presents CRust, a unified program analysis framework across Rust and C, which enables program analyses to understand the semantics of C code by translating Rust and C into a unified specification language. The CRust framework consists of three key components: (1) a unified specification language CRustIR, which is a strong-typed low-level intermediate language suitable for program analysis; (2) a transformation to build models of C code by converting C code into CRustIR; and (3) program analysis algorithms on CRustIR to detect security vulnerabilities. We have implemented a software prototype for CRust, and have conducted extensive experiments to evaluate its effectiveness and performance. Experimental results demonstrated that CRust can effectively detect common memory security vulnerabilities caused by the interaction of Rust and C that are missed by state-of-the-art tools. In addition, CRust is efficient in bringing negligible overhead (0.23 seconds on average).