Add initial support for integrating the taint and escape analysis to permit sound reasoning in the presence of concurrent goroutines.
The escape analysis provides "locality" information for each ssa.Instruction, in a context-sensitive manner. This locality information is used by the taint analysis to show that taint does not leak between goroutines.
Initial support includes support for most SSA variables. There are a few constructs not yet supported by the escape analysis, which will make the entire analysis unsound for those programs. This includes closures, defers, and indirect function calls.
The implementation uses an interface (analysis/dataflow/analyses.go), to avoid cyclic dependency issues, but this interface also provides a convenient wrapper over the raw escape information for the taint analysis.
Remaining steps include supporting all features in the escape analysis, adding tests for recursive functions, and testing on large-scale programs.
Add initial support for integrating the taint and escape analysis to permit sound reasoning in the presence of concurrent goroutines.
The escape analysis provides "locality" information for each ssa.Instruction, in a context-sensitive manner. This locality information is used by the taint analysis to show that taint does not leak between goroutines.
Initial support includes support for most SSA variables. There are a few constructs not yet supported by the escape analysis, which will make the entire analysis unsound for those programs. This includes closures, defers, and indirect function calls.
The implementation uses an interface (analysis/dataflow/analyses.go), to avoid cyclic dependency issues, but this interface also provides a convenient wrapper over the raw escape information for the taint analysis.
Remaining steps include supporting all features in the escape analysis, adding tests for recursive functions, and testing on large-scale programs.