Memory safety bugs are pervasive in nearly all compiled programming languages. To mitigate this, modern languages such as Rust have been designed with a sophisticated ownership system that enforces memory safety. This system controls how variables are accessed and mutated, distinguishing between data that can be safely read and data that can be safely modified.

However, these guarantees are compromised when interacting with external libraries. While Rust’s Foreign Function Interface (FFI) can encode ownership constraints in its type signatures, there is no mechanism to ensure that external libraries—such as those written in C—respect these constraints. This mismatch can lead to discrepancies between Rust’s expectations and the actual behavior of foreign code, potentially resulting in undefined behavior and memory safety violations.

We propose two directions for detecting memory safety violations across language boundaries. Both approaches build on the insight that Rust’s type system makes implicit assumptions about external C code at the time of an FFI call. By turning these implicit type assumptions into explicit dynamic checks, we can detect when external code fails to satisfy Rust’s expectations. Early experiments show encouraging results in terms of both efficiency and effectiveness on existing benchmarks.