Rust’s static memory safety guarantees can be violated during foreign function interface (FFI) interactions due to aliasing model incompatibilities—particularly with Tree Borrows—leading to undefined behavior (UB) that existing dynamic analysis tools like Miri cannot detect, creating a critical correctness gap in cross-language interoperability. Method: We conduct the first large-scale empirical study across 37 widely used Rust crates, combining Miri with the LLVM interpreter to enable cross-language cooperative analysis and systematically verify FFI call compliance under the Tree Borrows model. Contribution/Results: Our analysis uncovers 46 instances of UB or unexpected behavior—including in three high-download crates and one officially maintained Rust library—demonstrating that while Tree Borrows relaxes aliasing constraints, it exposes severe blind spots in current tooling for FFI contexts. This work establishes a novel methodology and an empirically grounded benchmark for verifying Rust’s cross-language memory safety.

Developers rely on the static safety guarantees of the Rust programming language to write secure and performant applications. However, Rust is frequently used to interoperate with other languages which allow design patterns that conflict with Rust's evolving aliasing models. Miri is currently the only dynamic analysis tool that can validate applications against these models, but it does not support finding bugs in foreign functions, indicating that there may be a critical correctness gap across the Rust ecosystem. We conducted a large-scale evaluation of Rust libraries that call foreign functions to determine whether Miri's dynamic analyses remain useful in this context. We used Miri and an LLVM interpreter to jointly execute applications that call foreign functions, where we found 46 instances of undefined or undesired behavior in 37 libraries. Three bugs were found in libraries that had more than 10,000 daily downloads on average during our observation period, and one was found in a library maintained by the Rust Project. Many of these bugs were violations of Rust's aliasing models, but the latest Tree Borrows model was significantly more permissive than the earlier Stacked Borrows model. The Rust community must invest in new, production-ready tooling for multi-language applications to ensure that developers can detect these errors.