Rust is an effective system programming language that guarantees memory safety via compile-time verifications. It employs a novel ownership-based resource management model to facilitate automated deallocation. This model is anticipated to eliminate memory leaks. However, we observed that user intervention drives it into semi-automated memory management and makes it error-prone to cause leaks. In contrast to violating memory-safety guarantees restricted by the unsafe keyword, the boundary of leaking memory is implicit, and the compiler would not emit any warnings for developers. In this paper, we present rCanary , a static, non-intrusive, and fully automated model checker to detect leaks across the semi-automated boundary. We design an encoder to abstract data with heap allocation and formalize a refined leak-free memory model based on boolean satisfiability. It can generate SMT-Lib2 format constraints for Rust MIR and is implemented as a Cargo component. We evaluate rCanary by using flawed package benchmarks collected from the pull requests of open-source Rust projects. The results indicate that it is possible to recall all these defects with acceptable false positives. We further apply our tool to more than 1,200 real-world crates from crates.io and GitHub, identifying 19 crates having memory leaks. Our analyzer is also efficient, that costs 8.4 seconds per package.

中文翻译：

---

rCanary：检测 Rust 中半自动内存管理边界的内存泄漏


Rust 是一种有效的系统编程语言，通过编译时验证保证内存安全。它采用新颖的基于所有权的资源管理模型来促进自动释放。该模型有望消除内存泄漏。然而，我们观察到用户干预使其进入半自动化内存管理状态，并使其容易出错导致泄漏。与违反 unsafe 关键字限制的内存安全保证相反，内存泄漏的边界是隐式的，编译器不会向开发人员发出任何警告。在本文中，我们提出了 rCanary，这是一种静态、非侵入式、全自动模型检查器，用于检测半自动化边界上的泄漏。我们设计了一个编码器，通过堆分配来抽象数据，并基于布尔可满足性形式化一个精致的无泄漏内存模型。它可以为 Rust MIR 生成 SMT-Lib2 格式约束，并作为 Cargo 组件实现。我们通过使用从开源 Rust 项目的拉取请求中收集的有缺陷的包基准来评估 rCanary。结果表明，可以通过可接受的误报来回忆所有这些缺陷。我们进一步将我们的工具应用于 crates.io 和 GitHub 上的 1,200 多个现实世界的 crate，识别出 19 个存在内存泄漏的 crate。我们的分析仪也非常高效，每个包的耗时为 8.4 秒。