rCanary: Detecting Memory Leaks Across Semi-automated Memory Management Boundary in Rust

TL;DR

rCanary is a static, automated tool that detects memory leaks across semi-automated boundaries in Rust, addressing a gap where the compiler does not warn about implicit leaks caused by user intervention.

Contribution

It introduces a formal, SMT-based model checker for detecting memory leaks in Rust's semi-automated memory management boundary, implemented as a Cargo component.

Findings

Successfully recalled all defects in flawed package benchmarks

Identified 19 memory leaks in over 1,200 real-world crates

Efficient analysis with an average of 8.4 seconds per package

Abstract

Rust is an effective system programming language that guarantees memory safety via compile-time verifications. It employs a novel ownership-based resource management model to facilitate automated deallocation. This model is anticipated to eliminate memory leaks. However, we observed that user intervention drives it into semi-automated memory management and makes it error-prone to cause leaks. In contrast to violating memory-safety guarantees restricted by the unsafe keyword, the boundary of leaking memory is implicit, and the compiler would not emit any warnings for developers. In this paper, we present rCanary, a static, non-intrusive, and fully automated model checker to detect leaks across the semiautomated boundary. We design an encoder to abstract data with heap allocation and formalize a refined leak-free memory model based on boolean satisfiability. It can generate SMT-Lib2 format constraints for Rust MIR and is implemented as a Cargo component. We evaluate rCanary by using flawed package benchmarks collected from the pull requests of open-source Rust projects. The results indicate that it is possible to recall all these defects with acceptable false positives. We further apply our tool to more than 1,200 real-world crates from crates.io and GitHub, identifying 19 crates having memory leaks. Our analyzer is also efficient, that costs 8.4 seconds per package.