Static Taint Analysis in Rust: Using Rusts Ownership System for Precise Static Analysis
Student thesis: Master thesis (including HD thesis)
- Hilmar Gústafsson
- Emil Jørgensen Njor
4. term, Computer Science, Master (Master Programme)
The Rust programming language employs a owner-
ship system that tackles the aliasing issue, a signifi-
cant source for imprecision in ordinary static analy-
ses. Theoretically, a static analysis should therefore
be more precise in Rust than in languages without
the ownership system. We explore how the owner-
ship system can make an analysis more precise in
practice.
To do so, we formally define a subset of Mid-level In-
termediate Representation (MIR), and a static taint
analysis based on that formalization. We implement
a tool which is based on the Rust compiler to demon-
strate the formalized taint analysis.
We confirm that the ownership system makes it pos-
sible to create a more precise taint analysis due to
the aliasing restrictions.
ship system that tackles the aliasing issue, a signifi-
cant source for imprecision in ordinary static analy-
ses. Theoretically, a static analysis should therefore
be more precise in Rust than in languages without
the ownership system. We explore how the owner-
ship system can make an analysis more precise in
practice.
To do so, we formally define a subset of Mid-level In-
termediate Representation (MIR), and a static taint
analysis based on that formalization. We implement
a tool which is based on the Rust compiler to demon-
strate the formalized taint analysis.
We confirm that the ownership system makes it pos-
sible to create a more precise taint analysis due to
the aliasing restrictions.
| Language | English |
|---|---|
| Publication date | 10 Jun 2021 |
| Number of pages | 51 |