Preventing Unsafe Numeric Operations in Rust

A large part of security vulnerabilities in software is due to memory safety violations.
The modern systems programming language Rust was designed to rule out such issues
by enforcing memory safety with a strong type system. At the same time, developers
are given low-level control to ensure broad applicability, similar to C or C++. To cope
with the dichotomy between high-level safety and low-level control, Rust lets developers
suspend some of the rules usually enforced by the compiler for specific parts of their
code. While being locally confined, some kinds of vulnerabilities ailing C and C++ can
thus still occur in Rust code. In particular, this includes vulnerabilities where a buffer
overflow is caused by an integer overflow.
In this work, we present an approach to detect numeric operations threatening
memory safety in Rust using static analysis. We identify integer overflows, underflows,
and truncations using symbolic execution. Further, we perform data-flow analysis to
determine whether the produced values can influence the size of memory allocations.
We implemented an analysis tool for Rust code and evaluated its accuracy, robustness,
and performance.