RustPräzi: a tool to build an entire call graph of crates.io

Cite

FOSDEM VZW

Hejderup, Joseph

Formal Metadata

Title

RustPräzi: a tool to build an entire call graph of crates.io

Subtitle

From package-based to precise call-based dependency network analysis

Title of Series

FOSDEM 2019

Number of Parts

561

Author

Hejderup, Joseph

License

CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/44527 (DOI)

Publisher

FOSDEM VZW

Release Date

2019

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Which crates call a vulnerable function? Which deprecated functions are central to crates.io and should not be deleted? Am I breaking important clients and their dependencies with my new release? These are questions that package publishers and owners of package repositories crave for answers to. To solve this problem, we created RustPräzi: a call-based dependency network that represents a gigantic single large versioned call graph of all crates.io packages. In this talk, I will describe how RustPräzi is developed, the challenges we faced while compiling the entire crates.io and the future directions. Our goal is to make RustPräzi a community effort that can help in maintaining the stability of crates.io. For example, bad releases which may negatively impact crates.io can be detected and avoided.