Chair of IT Security / Prof. Dr. Claudia Eckert
Announcement: Master Thesis in Cooperation with Fraunhofer AISEC, Garching
Detecting Unsafe Numeric Operations in Rust
Rust is a modern programming language, which stands out due to its memory-safety guarantees. Rust’s principle of making unsafe code explicitly visible fails in one case: numeric operations. Unsafe numeric operations include, e.g.
• addition or multiplication operations which can overflow
• casts from unsigned to signed integers or vice versa, or
• casts from 32-bit integers to 16-bit integers, etc.
By default, non of these operations are checked in safe Rust code in release mode. Unchecked
numeric operations can result in unexpectedly high or small numbers. If those results are used
in memory operations, e.g. allocation or indexing of a buffer, this can potentially lead to memory
1 corruptions .
Task Description
This thesis aims to develop an analysis tool to check for potentially unsafe numeric operations in Rust code at compile time. This tool should support software developers or code reviewers to detect unsafe numeric operations statically before running the program. Hence, the tool should eliminate most false positives and therefore conduct a sophisticated formal analysis, e.g. abstract interpretation. Ideally, the developed tool could easily be integrated into Rust’s compilation work-flow.
Requirements
• Strong interest in formal methods for program analysis
• First experiences with Rust programming
• Ideally, first experiences working with the Rust compiler (rustc)
• Confident in working with Linux, Git & Docker
• Confident in working with one scripting language, e.g. Python
• Self-driven work ethic and fun experimenting with new techniques
Contact
Oliver Braunsdorf
Fraunhofer Institute for Applied and Integrated Security AISEC
Lichtenbergstraße 11, 85748 Garching
Mail: oliver.braunsdorf@aisec.fraunhofer.de
Phone: +49-89-3229986-161