Memory-Safety Challenge Considered Solved? An In-Depth Study with All Rust CVEs
نویسندگان
چکیده
Rust is an emerging programming language that aims at preventing memory-safety bugs without sacrificing much efficiency. The claimed property very attractive to developers, and many projects start using the language. However, can achieve promise? This article studies question by surveying 186 real-world bug reports collected from several origins, which contain all existing common vulnerability exposures (CVEs) of issues 2020-12-31. We manually analyze each extract their culprit patterns. Our analysis result shows keep its promise require unsafe code, in our dataset are mild soundness only leave a possibility write code. Furthermore, we summarize three typical categories bugs, including automatic memory reclaim, unsound function, generic or trait. While claim related side effect newly-adopted ownership-based resource management scheme, function reveals essential challenge development for avoiding trait intensifies risk introducing unsoundness. Based on these findings, propose two promising directions toward improving security development, best practices specific APIs methods detect particular involving work intends raise more discussions regarding facilitate maturity
منابع مشابه
an investigation of the types of text reduction in subtitling: a case study of the persian film gilaneh with english subtitles
چکیده ندارد.
15 صفحه اولDesign tool encapsulation - all problems solved?
*. This research was supported in part by the commission of EC under ESPRIT contract 7364 Abstract Although a prime goal of CAD frameworks is to facilitate cost effective, efficient, and seamless incorporation of tools into design systems little support is given to tool integrators. We present a new methodology called execution protocols that allows to abstract tool integration from a particula...
متن کاملProvince-wide healthcare system integration challenge being solved in Alberta.
ver the past 10 years, Alberta has pioneered the development of a province-wide electronic health record (EHR). As a result, a number of the building blocks are already operational – for example, patient and provider registries, a pharmaceutical information network, a laboratory test results history system and electronic medical record systems are in many physicians’ offices. However, because t...
متن کاملan exploratory study of differential item functioning (dif) in efl reading comprehension
بررسی دلایل عملکرد متفاوت سوالات آزمون درک مطلب به زبان خارجی تاریخچه ی تحقیق درباره ی منابع عملکرد مختلف سوالات (دیف) در آزمون درک مطلب پر است از مجموعه ای از متغیرهای فرضیه ای که چند مورد از مهمترین آنها عبارتند از: جنسیت، آشنایی با موضوع متن، علاقه به موضوع یا محتوای متن، حدس زدن، و عوامل بافت اجتماعی (پی 2004؛ زومبو و گلین 2005). مطالعه حاضر با استناد به فلسفه ی انکارپذیری پوپر عوامل ذکر...
15 صفحه اولذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: ACM Transactions on Software Engineering and Methodology
سال: 2021
ISSN: ['1049-331X', '1557-7392']
DOI: https://doi.org/10.1145/3466642