{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,21]],"date-time":"2026-05-21T18:34:29Z","timestamp":1779388469390,"version":"3.53.1"},"reference-count":44,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2023,5,26]],"date-time":"2023-05-26T00:00:00Z","timestamp":1685059200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Alibaba Group","award":["RF20210017"],"award-info":[{"award-number":["RF20210017"]}]},{"DOI":"10.13039\/100007219","name":"Natural Science Foundation of Shanghai","doi-asserted-by":"crossref","award":["22ZR1407900"],"award-info":[{"award-number":["22ZR1407900"]}],"id":[{"id":"10.13039\/100007219","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2023,10,31]]},"abstract":"<jats:p>\n            Rust is an emerging programming language that aims to prevent memory-safety bugs. However, the current design of Rust also brings side effects, which may increase the risk of memory-safety issues. In particular, it employs ownership-based resource management and enforces automatic deallocation of unused resources without using the garbage collector. It may therefore falsely deallocate reclaimed memory and lead to use-after-free or double-free issues. In this article, we study the problem of invalid memory deallocation and propose\n            <jats:italic>SafeDrop<\/jats:italic>\n            , a static path-sensitive data-flow analysis approach to detect such bugs. Our approach analyzes each function of a Rust crate iteratively in a flow-sensitive and field-sensitive way. It leverages a modified Tarjan algorithm to achieve scalable path-sensitive analysis and a cache-based strategy for efficient inter-procedural analysis. We have implemented our approach and integrated it into the Rust compiler. Experiment results show that the approach can successfully detect all such bugs in our experiments with a limited number of false positives and incurs a very small overhead compared to the original compilation time.\n          <\/jats:p>","DOI":"10.1145\/3542948","type":"journal-article","created":{"date-parts":[[2022,6,21]],"date-time":"2022-06-21T09:12:18Z","timestamp":1655802738000},"page":"1-21","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":39,"title":["SafeDrop: Detecting Memory Deallocation Bugs of Rust Programs via Static Data-flow Analysis"],"prefix":"10.1145","volume":"32","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5117-5829","authenticated-orcid":false,"given":"Mohan","family":"Cui","sequence":"first","affiliation":[{"name":"School of Computer Science, Fudan University, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7622-560X","authenticated-orcid":false,"given":"Chengjun","family":"Chen","sequence":"additional","affiliation":[{"name":"School of Computer Science, Fudan University, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2465-8627","authenticated-orcid":false,"given":"Hui","family":"Xu","sequence":"additional","affiliation":[{"name":"School of Computer Science, Fudan University, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9184-7383","authenticated-orcid":false,"given":"Yangfan","family":"Zhou","sequence":"additional","affiliation":[{"name":"School of Computer Science, Fudan University and Shanghai Key Laboratory of Intelligent Information Processing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,5,26]]},"reference":[{"key":"e_1_3_2_2_2","volume-title":"Compilers: Principles, Techniques, & Tools","author":"Aho Alfred V.","year":"2007","unstructured":"Alfred V. Aho, Monica S. Lam, Ravi Sethi, and Jeffrey D. Ullman. 2007. Compilers: Principles, Techniques, & Tools. Pearson Education, India."},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1145\/277650.277665"},{"key":"e_1_3_2_4_2","volume-title":"Program Analysis and Specialization for the C Programming Language","author":"Andersen Lars Ole","year":"1994","unstructured":"Lars Ole Andersen. 1994. Program Analysis and Specialization for the C Programming Language. Technical Report."},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1145\/2889160.2889229"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/3428204"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1145\/3360573"},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/3477132.3483570"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1145\/3102980.3103006"},{"key":"e_1_3_2_10_2","doi-asserted-by":"crossref","unstructured":"Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: Probabilistic memory safety for unsafe languages(PLDI\u201906). Association for Computing Machinery New York NY 158\u2013168.","DOI":"10.1145\/1133255.1134000"},{"key":"e_1_3_2_11_2","doi-asserted-by":"crossref","unstructured":"Juan Caballero Gustavo Grieco Mark Marron and Antonio Nappa. 2012. Undangle: Early detection of dangling pointers in use-after-free and double-free vulnerabilities. InProceedings of the ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA\u201912). Association for Computing Machinery New York NY 133\u2013143.","DOI":"10.1145\/2338965.2336769"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250789"},{"key":"e_1_3_2_13_2","doi-asserted-by":"crossref","unstructured":"Hoang-Hai Dang Jacques-Henri Jourdan Jan-Oliver Kaiser and Derek Dreyer. 2019. RustBelt meets relaxed memory. 4 POPL Article 34 (2019) 29 pages. 34","DOI":"10.1145\/3371102"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.65"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380413"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/800061.808753"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/781131.781150"},{"key":"e_1_3_2_18_2","first-page":"41","article-title":"Stacked borrows: An aliasing model for rust","volume":"4","author":"Jung Ralf","year":"2019","unstructured":"Ralf Jung, Hoang-Hai Dang, Jeehoon Kang, and Derek Dreyer. 2019. Stacked borrows: An aliasing model for rust. Proc. ACM Program. Lang. 4, POPL, Article 41 (Dec.2019), 32 pages.","journal-title":"Proc. ACM Program. Lang."},{"key":"e_1_3_2_19_2","doi-asserted-by":"crossref","unstructured":"Ralf Jung Jacques-Henri Jourdan Robbert Krebbers and Derek Dreyer. 2017. RustBelt: Securing the foundations of the rust programming language. 2 POPL Article 66 (Dec.2017) 34 pages. 66","DOI":"10.1145\/3158154"},{"key":"e_1_3_2_20_2","volume-title":"The Rust Programming Language (Covers Rust 2018)","author":"Klabnik Steve","year":"2019","unstructured":"Steve Klabnik and Carol Nichols. 2019. The Rust Programming Language (Covers Rust 2018). No Starch Press."},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.2307\/1969708"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/3314221.3314609"},{"key":"e_1_3_2_23_2","unstructured":"Erik Kouwe Vinod Nigade and Cristiano Giuffrida. 2017. DangSan: Scalable use-after-free detection."},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1145\/3144555.3144562"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1145\/161494.161501"},{"key":"e_1_3_2_26_2","volume-title":"Proceedings of the BSD Conference","volume":"5","author":"Lattner Chris","year":"2008","unstructured":"Chris Lattner. 2008. LLVM and clang: Next generation compiler technology. In Proceedings of the BSD Conference, Vol. 5."},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23238"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1145\/3131672.3136988"},{"key":"e_1_3_2_29_2","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484541"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/3377811.3380325"},{"key":"e_1_3_2_31_2","unstructured":"Mirai. 2021. Rust mid-level IR abstract interpreter. Retrieved from https:\/\/github.com\/facebookexperimental\/MIRAI."},{"key":"e_1_3_2_32_2","unstructured":"Miri. 2019. An interpreter for Rust\u2019s mid-level intermediate representation. Retrieved from https:\/\/github.com\/rust-lang\/miri."},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1145\/1273442.1250746"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/2737924.2737966"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/3385412.3386036"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/2103621.2103718"},{"key":"e_1_3_2_37_2","first-page":"309","volume-title":"Proceedings of the USENIX Annual Technical Conference (USENIX ATC\u201912)","author":"Serebryany Konstantin","year":"2012","unstructured":"Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Proceedings of the USENIX Annual Technical Conference (USENIX ATC\u201912). USENIX Association, Boston, MA, 309\u2013318. Retrieved from https:\/\/www.usenix.org\/conference\/atc12\/technical-sessions\/presentation\/serebryany."},{"key":"e_1_3_2_38_2","article-title":"GNU compiler collection internals","author":"Stallman Richard M.","year":"2002","unstructured":"Richard M. Stallman. 2002. GNU compiler collection internals. Free Software Foundation.","journal-title":"Free Software Foundation"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1145\/237721.237727"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/2338965.2336784"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2014.2302311"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2015.77"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3466642"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2866469"},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.1145\/3180155.3180178"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3542948","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3542948","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:32Z","timestamp":1750182572000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3542948"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5,26]]},"references-count":44,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2023,10,31]]}},"alternative-id":["10.1145\/3542948"],"URL":"https:\/\/doi.org\/10.1145\/3542948","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,5,26]]},"assertion":[{"value":"2021-07-26","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-05-13","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-05-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}