rCanary: Detecting Memory Leaks Across Semi-automated Memory Management Boundary in Rust

Rust is an effective system programming language that guarantees memory safety via compile-time verifications. It employs a novel ownership-based resource management model to facilitate automated resource deallocation. It is anticipated that this model will eliminate memory leaks. However, we observed that user intervention driving semi-automated management is prone to introducing leaks. In contrast to violating memory-safety guarantees via the unsafe keyword, the leak breached boundary is implicit with no compiler alerting. In this paper, we present rCanary, a static, non-intrusive, and fully automated model checker to detect leaks across the semi-automated boundary. It adopts a precise encoder to abstract data with heap allocation and formalizes a refined leak-free memory model based on Boolean satisfiability. rCanary is implemented as an external component of Cargo and can generate constraints via MIR data flow. We evaluate it using flawed package benchmarks collected from the pull requests of prominent Rust packages. The results indicate it is possible to recall all these defects with acceptable false positives. We also apply our tool to more than 1,200 real-world crates from crates.io and GitHub, identifying 19 crates with potentially vulnerable leaks in 8.4 seconds per package.