This project provides static analysis tools for detecting concurrency and memory bugs, as well as potential panic locations in Rust projects. It is primarily aimed at Rust developers and researchers seeking to improve code safety and reliability by identifying issues like deadlocks, atomicity violations, use-after-free, and panics.

How It Works

Lockbud tracks the lifetime of Rust's LockGuard types to detect lock-related bugs. It constructs a call graph for each crate and its dependencies, identifies LockGuard creation and drop points, and uses a GenKill algorithm to find pairs of lockguards where one is not dropped before the other is acquired. It then applies points-to analysis to determine if these lockguards refer to the same lock, enabling detection of double-locking and, by building a graph of lock acquisition sequences, conflict-locking (deadlocks).

Quick Start & Requirements

• Install: Clone the repository, switch to the nightly toolchain (rustc-1.76.0-nightly-2024-12-01 or later), install components (rust-src, rustc-dev, llvm-tools-preview), and then run cargo install --path .. Alternatively, use cargo lockbud within your project directory or the provided Docker image.
• Prerequisites: Rust nightly toolchain (specific version required, matching the version lockbud was built with).
• Usage: Run ./detect.sh <path_to_project> or cargo lockbud -k <bug_kind>.
• Docs: https://github.com/BurtonQin/lockbud

Highlighted Details

• Detects Concurrency Bugs: Blocking Bugs (deadlock, double-lock, conflicting-lock-order, condvar misuse) and Non-blocking Bugs (atomicity-violation).
• Detects Memory Bugs: Use-after-free and invalid-free.
• Identifies potential Panic Locations.
• Deadlock detectors are noted as performing better due to initial project focus.

Maintenance & Community

The codebase is described as implemented quickly with plans for future refactoring. A to-do list is available in issue #58.

Licensing & Compatibility

• License: BSD-3-Clause.
• Compatibility: Suitable for commercial use.

Limitations & Caveats

The panic location detector may report many locations due to simplified analysis. Deadlock detectors currently support specific Mutex and RwLock implementations (std, parking_lot, spin). Call graph analysis is crate-specific and may not track indirect calls. Points-to analysis has limitations, particularly with the cc crate, leading to potential false positives; blacklisting cc is recommended. Memory and panic detectors may have false positives, especially on standard library and common dependencies.