In Rust we Trust?
This project evaluates three Rust code analysis tools—Rudra, Miri, and Cargo-Scan—for their effectiveness in detecting memory safety issues. We compare their accuracy, memory consumption, and analysis time using a dataset of Rust crates.
Course ECS 289C: Topics in Programming Languages and Compilers (UC Davis)
Instructor Prof. Caleb Stanford
Team Parnian Kamran, Muhammad Hassnain
Quarter Spring 2024
Rust is a systems programming language that aims to provide memory safety without a garbage collector. However, Rust developers still need to be cautious about memory safety issues in unsafe code. To help developers identify these issues, we evaluate three Rust code analysis tools—Rudra, Miri, and Cargo-Scan—for their effectiveness in detecting memory safety issues. We compare their accuracy, memory consumption, and analysis time using a dataset of Rust crates.
| Tools | Analysis | Targets (safe/unsafe) | False Positive | False Negative | Exploration Domain | Limitations |
|---|---|---|---|---|---|---|
| Rulf | Static | Both | Yes | - | Rust crates | No support for generics, traits, macros |
| SyRust | Dynamic | Both | Yes | - | 30 Rust popular crates | No support for other crates |
| Miri | Dynamic | Unsafe | Yes | Yes | Rust crates | No support for hardware APIs, FFIs, File systems |
| Rudra | Static | Unsafe | No | Yes | Rust Ecosystem (43k packages) and Rust-based OSes | Restricted to crates supported by rustc 1.58.0 |
| Cargo Scan | Static | Both | Yes | No | Rust Ecosystem | No report about bugs or vulnerabilities |
Even though we list five analyzers, we only evaluate three of them— Rudra, Miri, and Cargo-Scan. Please find below some plots that show the comparison of these analyzers. For more details and results, please refer to the final report and presentation slides.
