Rust, as an emerging system programming language, introduces unsafe to allow developers to bypass safety checks during compilation. As a result, memory safety bugs are typically confined to the unsafe regions, which have been the primary focus of Rust bug-finding tools. However, such tools rely on the presence of the unsafe keyword in Rust source code; there are no tools available that can examine Rust binaries to pinpoint unsafe areas. Therefore, we propose Ruby, the first tool that unmasks unsafe regions in Rust binaries using machine learning. By capturing the subtle differences in the binary instructions, Ruby can identify 91.75% of the total unsafe regions with a false positive rate of 6.16%, beating SOTA LLM models including GPT-5.2, Claude-4.5 and Gemini-3. We further applied Ruby to guide symbolic execution and fuzzing, showing a speed-up of 57.95% and 21.26%, with five bugs confirmed and patched by Google in Android library fuzzing.
Ruby: Unmasking Unsafe Rust in Stripped Binaries via Machine Learning
Rust, as an emerging system programming language, introduces $\texttt{unsafe}$ to allow developers to bypass safety checks during compilation. As a result, memory safety bugs are typically confined to the $\texttt{unsafe}$ regions, which have been the primary focus of Rust…
- Year
- 2022
- Hosting
- Abstract onlyARXIV-DEFAULT
Cite
Notes
Only stored in your browser.
Attribution
- Abstract & full text
- arxiv.org/abs/2211.00111ARXIV-DEFAULT
- TL;DR
- Semantic Scholar