Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs.

Rust is an emerging programing language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property is very attractive to developers, and many projects start using the language. However, can Rust achieve the memory-safety promise? This paper studies the question by surveying the bug reports collected from two public datasets, \textit{Trophy Cases} and \textit{RustSec Advisory Database}, which contain all existing CVEs (common vulnerability and exposures) of Rust. We manually analyze each bug in-depth and extract their memory-safety issues and culprits. Our analysis leads to several novel findings and implications. Most importantly, we find while Rust successfully limits memory-safety risks to the realm of unsafe code, it also brings some side effects that cause new patterns of dangling-pointer issues. In particular, most of the use-after-free and double-free bugs are related to the automatic drop scheme associated with the ownership-based memory management model. Based on these findings, we further provide several suggestions to program developers (i.e., best practice of using some APIs) and compiler developers (i.e., possible ways to mitigate the side effects) for improving the resilience of Rust software. Our work intends to raise more discussions regarding the memory-safety issues of Rust and facilitate the maturity of the language.