Skip to Main Content
  1. Home
  2. Search
  3. SWAN: A Static Analysis Framework for Swift
View
Download
Communities and Collections
Usage
  • 37 views
  • 49 downloads

SWAN: A Static Analysis Framework for Swift

  • Author / Creator
    Tiganov, Daniil

  • Swift is an open-source programming language and Apple’s recommended choice for app development. Given the global widespread use of Apple devices, the ability to analyze Swift programs has significant impact on millions of users. Although static analysis frameworks exist for various computing platforms, there is a lack of comparable tools for Swift. Existing Swift static analysis tools are either incomplete, use dynamic analysis, or are otherwise not suitable for deeper analyses of Swift programs such as taint tracking. Moreover, other existing tools for Swift only help enforce code styles and best practices.

    In this thesis, we present SWAN, an open-source and configurable framework that allows robust program analyses of Swift programs. SWAN features a suite of call-graph construction algorithms, support for modelling black-box functions using its own internal representation, and can track dataflow through libraries. The framework is also capable of traditional taint analysis, typestate analysis, and detecting security vulnerabilities, such as cryptographic API misuses. We demonstrate the framework’s robustness by evaluating its core framework runtime performance, call-graph construction precision and performance, and ability to find cryptographic API misuses in real Swift applications. For most of our benchmarks, SWAN parses, translates, and prepares the program for analysis in under 5 seconds and builds a precise call-graph in less than 13 seconds. SWAN also finds 43 real cryptographic API misuses across 13 applications that we tested.

  • Subjects / Keywords
  • Graduation date
    Fall 2023
  • Type of Item
    Thesis
  • Degree
    Master of Science
  • DOI
    https://doi.org/10.7939/r3-m47t-hh61
  • License
    This thesis is made available by the University of Alberta Libraries with permission of the copyright owner solely for non-commercial purposes. This thesis, or any portion thereof, may not otherwise be copied or reproduced without the written consent of the copyright owner, except to the extent permitted by Canadian copyright law.