Brussels / 2 & 3 February 2019

schedule

RustPräzi: a tool to build an entire call graph of crates.io

From package-based to precise call-based dependency network analysis


Which crates call a vulnerable function? Which deprecated functions are central to crates.io and should not be deleted? Am I breaking important clients and their dependencies with my new release? These are questions that package publishers and owners of package repositories crave for answers to. To solve this problem, we created RustPräzi: a call-based dependency network that represents a gigantic single large versioned call graph of all crates.io packages.

In this talk, I will describe how RustPräzi is developed, the challenges we faced while compiling the entire crates.io and the future directions. Our goal is to make RustPräzi a community effort that can help in maintaining the stability of crates.io. For example, bad releases which may negatively impact crates.io can be detected and avoided.

Speakers

Joseph Hejderup

Links