System Programming in Rust

Balasubramanian, Abhiram; Baranowski, Marek S.; Burtsev, Anton; Panda, Aurojit; Rakamari, Zvonimir; Ryzhyk, Leonid

doi:10.1145/3139645.3139660

Cited by 16 publications

(12 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Pointer alias analysis is a hard problem in C. Missing an alias leads to memory corruption if the compiler fails to checkpoint an aliased memory location that must be checkpointed. Rust's ownership and immutability properties make alias analysis more precise [1]. Sections 5 and 6 describe how this precision benefits Ocelot's analyses.…”

Section: Benefit Of Targeting Rustmentioning

confidence: 99%

Automatically enforcing fresh and consistent inputs in intermittent systems

Surbatovich

Jia

Lucia

2021

Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

Intermittently powered energy-harvesting devices enable new applications in inaccessible environments. Program executions must be robust to unpredictable power failures, introducing new challenges in programmability and correctness. One hard problem is that input operations have implicit constraints, embedded in the behavior of continuously powered executions, on when input values can be collected and used. This paper aims to develop a formal framework for enforcing these constraints. We identify two key propertiesÐfreshness (i.e., uses of inputs must satisfy the same time constraints as in continuous executions) and temporal consistency (i.e., the collection of a set of inputs must satisfy the same time constraints as in continuous executions). We formalize these properties and show that they can be enforced using atomic regions. We develop Ocelot, an LLVM-based analysis and transformation tool targeting Rust, to enforce these properties automatically. Ocelot provides the programmer with annotations to express these constraints and infers atomic region placement in a program to satisfy them. We then formalize Ocelot's design and show that Ocelot generates correct programs with little performance cost or code changes.

show abstract

Section: Benefit Of Targeting Rustmentioning

confidence: 99%

Automatically enforcing fresh and consistent inputs in intermittent systems

Surbatovich

Jia

Lucia

2021

Proceedings of the 42nd ACM SIGPLAN International Conference on Programming Language Design and Implementation

View full text Add to dashboard Cite

show abstract

Section: Safe Codementioning

confidence: 99%

“…The ideas behind this, which is generically known as the borrow checker, are central to the language design and are not covered in this article. For more information, we refer the reader to the official documentation [32] and other reviews of the programming language [42,59]. In this article, we only expand on particular features of Rust, which are central to the attacks we present, and these are (a) mixing Rust with C/C++ unsafe code (covered in Section 3.4), and (b) code constructs of Rust that force the compiler to emit indirect branches in the final binary (covered in Section 4).…”

Section: Rust Basicsmentioning

confidence: 99%

Exploiting Mixed Binaries

Papaevripides

Αθανασόπουλος

2021

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

Unsafe programming systems are still very popular, despite the shortcomings due to several published memory-corruption vulnerabilities. Toward defending memory corruption, compilers have started to employ advanced software hardening such as Control-flow Integrity (CFI) and SafeStack. However, there is a broad interest for realizing compilers that impose memory safety with no heavy runtime support (e.g., garbage collection). Representative examples of this category are Rust and Go, which enforce memory safety primarily statically at compile time. Software hardening and Rust/Go are promising directions for defending memory corruption, albeit combining the two is questionable. In this article, we consider hardened mixed binaries, i.e., machine code that has been produced from different compilers and, in particular, from hardened C/C++ and Rust/Go (e.g., Mozilla Firefox, Dropbox, npm, and Docker). Our analysis is focused on Mozilla Firefox, which outsources significant code to Rust and is open source with known public vulnerabilities (with assigned CVE). Furthermore, we extend our analysis in mixed binaries that leverage Go, and we derive similar results. The attacks explored in this article do not exploit Rust or Go binaries that depend on some legacy (vulnerable) C/C++ code. In contrast, we explore how Rust/Go compiled code can stand as a vehicle for bypassing hardening in C/C++ code. In particular, we discuss CFI and SafeStack, which are available in the latest Clang. Our assessment concludes that CFI can be completely nullified through Rust or Go code by constructing much simpler attacks than state-of-the-art CFI bypasses.

show abstract

“…Cyclone and Rust achieve absence of harmful aliasing by enforcing an ownership type system on the memory pointed to by objects [13,14]. Furthermore, Rust has many sophisticated lifetime checks, that prevent dangling pointers,…”

Section: Related Workmentioning

confidence: 99%