招生广告
Published:
中国科学院计算技术研究所处理器芯片全国重点实验室宋林海老师课题组招收硕士生、直博生
Published:
中国科学院计算技术研究所处理器芯片全国重点实验室宋林海老师课题组招收硕士生、直博生
Published:
This is the brief description of CVE-2020-22429. For more details, please refer to Reference.
Published:
中国科学院计算技术研究所处理器芯片全国重点实验室宋林海老师课题组招收硕士生、直博生
Published:
This is the brief description of CVE-2020-22429. For more details, please refer to Reference.
Published:
Migrated to https://github.com/BurtonQin/Awesome-Rust-Checker. Welcome to contribute there.
Name | Description | Working on | Bug types | Technology | Maintenance |
---|---|---|---|---|---|
clippy | A bunch of lints to catch common mistakes and improve your Rust code. | HIR | Versatile | Pattern matching | ★★★★★ |
dylint | Run Rust lints from dynamic libraries | HIR | Versatile | Pattern matching | ★★★★★ |
Name | Description | Working on | Bug Types | Technology | Maintenance |
---|---|---|---|---|---|
MIRAI | Rust mid-level IR Abstract Interpreter | MIR | Panic, Security bugs, Correctness | Abstract Interpretation | ★★★★★ |
lockbud | Statically detect common memory and concurrrency bugs in Rust. Paper: Safety Issues in Rust, TSE’24 | MIR | Double-Lock, Conflicting-Lock-Order, Atomicity-Violation, Use-After-Free, Invalid-Free, Panic Locations | Data-flow Analysis | ★★★★★ |
RAP (formerly SafeDrop) | Rust Analysis Platform. Paper: SafeDrop, TOSEM’22 | MIR | Use-After-Free, Double-Free | Data-flow Analysis | ★★★★★ |
Rudra | Rust Memory Safety & Undefined Behavior Detection. Paper: Rudra, SOSP’21 | HIR, MIR | Memory safety when panicked, Higher Order Invariant, Send Sync Variance | Data-flow Analysis | ★★★☆☆ |
Yuga | Automatically Detecting Lifetime Annotation Bugs in the Rust Language. Paper: Yuga, ICSE’24 | HIR, MIR | Lifetime Annotation Bugs | Data-flow Analysis | ★★★★☆ |
MirChecker | A Simple Static Analysis Tool for Rust. Paper: MirChecker, CCS’21 | MIR | Panic (including numerical), Lifetime Corruption (memory issues) | Abstract Interpretation | ★★☆☆☆ |
FFIChecker | A Static Analysis Tool For Detecting Memory Management Bugs Between Rust and C/C++. Paper: FFIChecker, ESORICS’22 | LLVM IR | Memory issues across the Rust/C FFI | Abstract Interpretation | ★☆☆☆☆ |
Academic Papers (source code not found yet)
Name | Description | Working on | Bug Types | Technology |
---|---|---|---|---|
Rupair | Rupair: Towards Automatic Buffer Overflow Detection and Rectification for Rust. Rupair, ACSAC’21 | AST, MIR | Buffer Overflow | Data-flow Analysis |
RCanary | rCanary: Detecting Memory Leaks Across Semi-automated Memory Management Boundary in Rust. RCanary | HIR, MIR | Memory Leaks | Static Program Analysis, Model Checking |
CRUST | CRUST: Towards a Unified Cross-Language Program Analysis Framework for Rust. CRUST, QRS’22 | CRustIR based on MIR | Security (CFI vilation, Meta Data Leaking, Format String Attack), Memory issues(Out-of-bounds, Use-after-Free, Double-Free, Stack-Overflow, Buffer-Overflow), Arithmetic (Divide-by-zero, Integer-Overflow) | Program Analysis Framework |
ACORN | ACORN: Towards a Holistic Cross-Language Program Analysis for Rust. ACORN | Wasm | Security (Tainted Variable, Dangerous Function, Format String Attack), Memory issues (Out-of-bounds, Use-after-Free, Double-Free, Stack-Overflow, Buffer-Overflow), Arithmetic (Divide-by-zero, Integer-Overflow) | Program Analysis Framework |
Yu Zhang | Static Deadlock Detection for Rust Programs. Yu Zhang | MIR | Deadlock | Data-flow Analysis |
Kaiwen Zhang | Automatically Transform Rust Source to Petri Nets for Checking Deadlocks. Kaiwen Zhang | MIR | Deadlock | Petri Nets |
Name | Description | Working on | Bug Types | Technology | Maintenance |
---|---|---|---|---|---|
miri | An interpreter for Rust’s mid-level intermediate representation | MIR | Undefined Behavior | Abstract Interpretation | ★★★★★ |
cargo-careful | Execute Rust code carefully, with extra checking along the way | - | Undefined Behavior | Enable Debug Assertion in std | ★★★★★ |
cargo-fuzz | Command line helpers for fuzzing | - | - | Fuzzing | ★★★★★ |
Loom | Concurrency permutation testing tool for Rust. | Source Code | Concurrency Bugs | Permutation testing | ★★★★★ |
ERASAN | Efficient Rust Address Sanitizer. Paper: IEEES&P’24 | - | Memory Access Bugs | Fuzzing | ★★★★★ |
Automated-Fuzzer | Simple tool to create broken files and checking them with special apps | - | Panic | Fuzzing | ★★★★★ |
RULF | Fuzz Target Generator for Rust libraries. Paper: RULF, ASE’21 | - | Out-of-bound, Panic (including arithmetic) | Fuzzing | ★★★☆☆ |
RPG1 | RPG: Rust Library Fuzzing with Pool-based Fuzz Target. Paper: RPG, ICSE’24 | - | Out-of-bound, Panic (including arithmetic) | Fuzzing | ★★☆☆☆ |
SyRust | Automatic Testing of Rust Libraries with Semantic-Aware Program Synthesis. Paper: SyRust, PLDI’21 | - | - | Program Synthesis | ★☆☆☆☆ |
NADER | Automatic Context-Aware Safety Enhancement for Rust. Paper: OOPSLA’21 | MIR, Source Code | Unchecked Indexing | API Replacing | ★☆☆☆☆ |
casr2 | collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity. Paper: Casr-Cluster, ISPRAS’21, Ivannikov Memorial Workshop’24 | Crash Reports from ASan, UBSan, GDB | - | Analyze crashes | ★★★★★ |
Academic Papers (source code not found yet)
Name | Description | Working on | Bug Types | Technology |
---|---|---|---|---|
CrabSandwich | CrabSandwich: Fuzzing Rust with Rust. CrabSandwich, Fuzzing’23 | LLVM IR | Out-of-bounds, Panic | Fuzzing |
Zhiyong Ren | Detect Stack Overflow Bugs in Rust via Improved Fuzzing Technique. Zhiyong Ren, SEKE’21 | AST, HIR, MIR, LLVM IR | Stack Overflow | Fuzzing |
Rustheck | Safety Enhancement of Unsafe Rust via Dynamic Program Analysis. Rustcheck, QRS-C’23 | MIR | Memory vulnerabilities | Static Program Analysis, Instrumentation |
Name | Description | Working on | Bug Types | Technology | Maintenance |
---|---|---|---|---|---|
kani | The Kani Rust Verifier is a bit-precise model checker for Rust. Paper: kani, ICSE-SEIP’22 | MIR | Memory safety, User-specified assertions, Panics, Unexpected behavior (e.g., arithmetic overflows) | Model Checking | ★★★★★ |
prusti | A static verifier for Rust, based on the Viper verification infrastructure. Paper: prusti, NFM’22 | Viper | Panic (inluding arithmetic), User-specified assertions | Symbolic Execution | ★★★★☆ |
crux-mir | A static simulator for Rust programs | - | - | Symbolic Testing | ★★★★☆ |
verus | Verified Rust for low-level systems code. Paper: verus, OOPSLA’23 | - | - | - | ★★★★★ |
flux | flux is a refinement type checker for Rust. Paper: flux, PLDI’23 | - | - | - | ★★★★★ |
Aeneas | A verification toolchain for Rust programs. Paper: Aeneas, ICFP’22 | LLBC (for safe Rust only) | - | - | ★★★★★ |
RustBelt | Formal (and machine-checked) safety proof for a language representing a realistic subset of Rust. Paper: RustBelt, POPL’18 | 𝜆Rust | - | - | ★★★★★ |
RustHorn | A CHC-based automated verifier for Rust RustHorn, TOPLAS’21 | MIR | - | - | ★★★★☆ |
Creusot | A deductive verifier for Rust code. Creusot, ICFEM’22 | WhyML | Panics, overflows, Assertion failures | - | ★★★★★ |
RustHornBelt | A Semantic Foundation for Functional Verification of Rust Programs with Unsafe Code. Paper: RustHornBelt, PLDI’22 | 𝜆Rust | - | - | ★★☆☆☆ |
RefinedRust | A Type System for High-Assurance Verification of Rust Programs. Paper: RefinedRust, PLDI’24 | Radium | - | - | ★★★★★ |
Academic Papers (source code not found yet)
Name | Description | Working on | Bug Types | Technology |
---|---|---|---|---|
GillianRust | A hybrid approach to semi-automated Rust verification. GillianRust | - | - | - |
Thanks to the following awesome works:
Published:
This is the brief description of CVE-2020-22429. For more details, please refer to Reference.
Published:
Migrated to https://github.com/BurtonQin/Awesome-Rust-Checker. Welcome to contribute there.
Name | Description | Working on | Bug types | Technology | Maintenance |
---|---|---|---|---|---|
clippy | A bunch of lints to catch common mistakes and improve your Rust code. | HIR | Versatile | Pattern matching | ★★★★★ |
dylint | Run Rust lints from dynamic libraries | HIR | Versatile | Pattern matching | ★★★★★ |
Name | Description | Working on | Bug Types | Technology | Maintenance |
---|---|---|---|---|---|
MIRAI | Rust mid-level IR Abstract Interpreter | MIR | Panic, Security bugs, Correctness | Abstract Interpretation | ★★★★★ |
lockbud | Statically detect common memory and concurrrency bugs in Rust. Paper: Safety Issues in Rust, TSE’24 | MIR | Double-Lock, Conflicting-Lock-Order, Atomicity-Violation, Use-After-Free, Invalid-Free, Panic Locations | Data-flow Analysis | ★★★★★ |
RAP (formerly SafeDrop) | Rust Analysis Platform. Paper: SafeDrop, TOSEM’22 | MIR | Use-After-Free, Double-Free | Data-flow Analysis | ★★★★★ |
Rudra | Rust Memory Safety & Undefined Behavior Detection. Paper: Rudra, SOSP’21 | HIR, MIR | Memory safety when panicked, Higher Order Invariant, Send Sync Variance | Data-flow Analysis | ★★★☆☆ |
Yuga | Automatically Detecting Lifetime Annotation Bugs in the Rust Language. Paper: Yuga, ICSE’24 | HIR, MIR | Lifetime Annotation Bugs | Data-flow Analysis | ★★★★☆ |
MirChecker | A Simple Static Analysis Tool for Rust. Paper: MirChecker, CCS’21 | MIR | Panic (including numerical), Lifetime Corruption (memory issues) | Abstract Interpretation | ★★☆☆☆ |
FFIChecker | A Static Analysis Tool For Detecting Memory Management Bugs Between Rust and C/C++. Paper: FFIChecker, ESORICS’22 | LLVM IR | Memory issues across the Rust/C FFI | Abstract Interpretation | ★☆☆☆☆ |
Academic Papers (source code not found yet)
Name | Description | Working on | Bug Types | Technology |
---|---|---|---|---|
Rupair | Rupair: Towards Automatic Buffer Overflow Detection and Rectification for Rust. Rupair, ACSAC’21 | AST, MIR | Buffer Overflow | Data-flow Analysis |
RCanary | rCanary: Detecting Memory Leaks Across Semi-automated Memory Management Boundary in Rust. RCanary | HIR, MIR | Memory Leaks | Static Program Analysis, Model Checking |
CRUST | CRUST: Towards a Unified Cross-Language Program Analysis Framework for Rust. CRUST, QRS’22 | CRustIR based on MIR | Security (CFI vilation, Meta Data Leaking, Format String Attack), Memory issues(Out-of-bounds, Use-after-Free, Double-Free, Stack-Overflow, Buffer-Overflow), Arithmetic (Divide-by-zero, Integer-Overflow) | Program Analysis Framework |
ACORN | ACORN: Towards a Holistic Cross-Language Program Analysis for Rust. ACORN | Wasm | Security (Tainted Variable, Dangerous Function, Format String Attack), Memory issues (Out-of-bounds, Use-after-Free, Double-Free, Stack-Overflow, Buffer-Overflow), Arithmetic (Divide-by-zero, Integer-Overflow) | Program Analysis Framework |
Yu Zhang | Static Deadlock Detection for Rust Programs. Yu Zhang | MIR | Deadlock | Data-flow Analysis |
Kaiwen Zhang | Automatically Transform Rust Source to Petri Nets for Checking Deadlocks. Kaiwen Zhang | MIR | Deadlock | Petri Nets |
Name | Description | Working on | Bug Types | Technology | Maintenance |
---|---|---|---|---|---|
miri | An interpreter for Rust’s mid-level intermediate representation | MIR | Undefined Behavior | Abstract Interpretation | ★★★★★ |
cargo-careful | Execute Rust code carefully, with extra checking along the way | - | Undefined Behavior | Enable Debug Assertion in std | ★★★★★ |
cargo-fuzz | Command line helpers for fuzzing | - | - | Fuzzing | ★★★★★ |
Loom | Concurrency permutation testing tool for Rust. | Source Code | Concurrency Bugs | Permutation testing | ★★★★★ |
ERASAN | Efficient Rust Address Sanitizer. Paper: IEEES&P’24 | - | Memory Access Bugs | Fuzzing | ★★★★★ |
Automated-Fuzzer | Simple tool to create broken files and checking them with special apps | - | Panic | Fuzzing | ★★★★★ |
RULF | Fuzz Target Generator for Rust libraries. Paper: RULF, ASE’21 | - | Out-of-bound, Panic (including arithmetic) | Fuzzing | ★★★☆☆ |
RPG1 | RPG: Rust Library Fuzzing with Pool-based Fuzz Target. Paper: RPG, ICSE’24 | - | Out-of-bound, Panic (including arithmetic) | Fuzzing | ★★☆☆☆ |
SyRust | Automatic Testing of Rust Libraries with Semantic-Aware Program Synthesis. Paper: SyRust, PLDI’21 | - | - | Program Synthesis | ★☆☆☆☆ |
NADER | Automatic Context-Aware Safety Enhancement for Rust. Paper: OOPSLA’21 | MIR, Source Code | Unchecked Indexing | API Replacing | ★☆☆☆☆ |
casr2 | collect crash (or UndefinedBehaviorSanitizer error) reports, triage, and estimate severity. Paper: Casr-Cluster, ISPRAS’21, Ivannikov Memorial Workshop’24 | Crash Reports from ASan, UBSan, GDB | - | Analyze crashes | ★★★★★ |
Academic Papers (source code not found yet)
Name | Description | Working on | Bug Types | Technology |
---|---|---|---|---|
CrabSandwich | CrabSandwich: Fuzzing Rust with Rust. CrabSandwich, Fuzzing’23 | LLVM IR | Out-of-bounds, Panic | Fuzzing |
Zhiyong Ren | Detect Stack Overflow Bugs in Rust via Improved Fuzzing Technique. Zhiyong Ren, SEKE’21 | AST, HIR, MIR, LLVM IR | Stack Overflow | Fuzzing |
Rustheck | Safety Enhancement of Unsafe Rust via Dynamic Program Analysis. Rustcheck, QRS-C’23 | MIR | Memory vulnerabilities | Static Program Analysis, Instrumentation |
Name | Description | Working on | Bug Types | Technology | Maintenance |
---|---|---|---|---|---|
kani | The Kani Rust Verifier is a bit-precise model checker for Rust. Paper: kani, ICSE-SEIP’22 | MIR | Memory safety, User-specified assertions, Panics, Unexpected behavior (e.g., arithmetic overflows) | Model Checking | ★★★★★ |
prusti | A static verifier for Rust, based on the Viper verification infrastructure. Paper: prusti, NFM’22 | Viper | Panic (inluding arithmetic), User-specified assertions | Symbolic Execution | ★★★★☆ |
crux-mir | A static simulator for Rust programs | - | - | Symbolic Testing | ★★★★☆ |
verus | Verified Rust for low-level systems code. Paper: verus, OOPSLA’23 | - | - | - | ★★★★★ |
flux | flux is a refinement type checker for Rust. Paper: flux, PLDI’23 | - | - | - | ★★★★★ |
Aeneas | A verification toolchain for Rust programs. Paper: Aeneas, ICFP’22 | LLBC (for safe Rust only) | - | - | ★★★★★ |
RustBelt | Formal (and machine-checked) safety proof for a language representing a realistic subset of Rust. Paper: RustBelt, POPL’18 | 𝜆Rust | - | - | ★★★★★ |
RustHorn | A CHC-based automated verifier for Rust RustHorn, TOPLAS’21 | MIR | - | - | ★★★★☆ |
Creusot | A deductive verifier for Rust code. Creusot, ICFEM’22 | WhyML | Panics, overflows, Assertion failures | - | ★★★★★ |
RustHornBelt | A Semantic Foundation for Functional Verification of Rust Programs with Unsafe Code. Paper: RustHornBelt, PLDI’22 | 𝜆Rust | - | - | ★★☆☆☆ |
RefinedRust | A Type System for High-Assurance Verification of Rust Programs. Paper: RefinedRust, PLDI’24 | Radium | - | - | ★★★★★ |
Academic Papers (source code not found yet)
Name | Description | Working on | Bug Types | Technology |
---|---|---|---|---|
GillianRust | A hybrid approach to semi-automated Rust verification. GillianRust | - | - | - |
Thanks to the following awesome works:
Published:
This is the brief description of CVE-2020-22429. For more details, please refer to Reference.