0

Ruby: Unmasking Unsafe Rust in Stripped Binaries via Machine Learning

Rust, as an emerging system programming language, introduces $\texttt{unsafe}$ to allow developers to bypass safety checks during compilation. As a result, memory safety bugs are typically confined to the $\texttt{unsafe}$ regions, which have been the primary focus of Rust…

Year
2022
Hosting
Abstract onlyARXIV-DEFAULT

Cite

Notes

Only stored in your browser.

Attribution

Abstract & full text
arxiv.org/abs/2211.00111ARXIV-DEFAULT
TL;DR
Semantic Scholar
Attribution policy →

Abstract

Rust, as an emerging system programming language, introduces unsafe to allow developers to bypass safety checks during compilation. As a result, memory safety bugs are typically confined to the unsafe regions, which have been the primary focus of Rust bug-finding tools. However, such tools rely on the presence of the unsafe keyword in Rust source code; there are no tools available that can examine Rust binaries to pinpoint unsafe areas. Therefore, we propose Ruby, the first tool that unmasks unsafe regions in Rust binaries using machine learning. By capturing the subtle differences in the binary instructions, Ruby can identify 91.75% of the total unsafe regions with a false positive rate of 6.16%, beating SOTA LLM models including GPT-5.2, Claude-4.5 and Gemini-3. We further applied Ruby to guide symbolic execution and fuzzing, showing a speed-up of 57.95% and 21.26%, with five bugs confirmed and patched by Google in Android library fuzzing.