Static Code Analysis

This is a question about tools for analysis of Swift code, so possibly is not quite on topic here, but I'm not sure where else it would go?

In our code base we have a number of places where we handle various forms of personal data. We want to be able to report on which kinds of personal data our various modules handle.

A type level approach to tackling this is attractive. We would ensure all occurrences of personal data in our code base are represented by specific Swift types, which seems like a good plan anyway (having struct UserName {…} instead of just a raw String).

I'm trying to explore how we might do some kind of static code analysis to find uses of these data types in modules.

Eg, a module "Users" defines UserName.

  • If "Dashboard" imports "Users" and makes reference to UserName then a report for "Dashboard" would include UserName.
  • But if "Branding" also imports "Users" and does not make use of UserName, then a report for "Branding" would not mention UserName.

Primarily, is it possible to get a list of the types that a module makes use of? If it is, I can scan this for any mentions of the personal data types that we care about.

Going a bit further, we could also have a generic wrapper for types that contain personal data, and just search for any occurrences of those. Or alternatively, types that contain personal data might conform to PersonalData, and we could somehow find any conforming types in a module.

I asked a related question on Stack Overflow and was pointed to sourcekitten, however, I'm not sure if it can "find all used types" for a module, and I don't really understand how to use it at all either!



Hi, I don't know the answer to your question, but I'm curious what does "make use of" means? Does it mean accessing UserName type or accessing its instance values? Note accessing instance values may be direct or indirect (e.g. through another struct's field or a function's return value. If these happen in a function's body code, they are not necessarily reflected in a function's signature).


:-) That's a tremendous question! I should have known better than think I'd get away with not clarifying "make use of" of type.

I think I mean "Defines any type or function that transitively includes a type". But perhaps a loser definition might be acceptable if that is what an analysis provides.