I recently read a paper titling "All You Ever Wanted to Know about Dynamic Taint Analysis and Forward Symbolic Execution (but Might Have Been Afraid to Ask)" by Dr. EJ Schwartz. In the paper, he mainly talked about their applications in binary level security context.
In order to explain what they are, the author defines a specific language, with its operational semantic and so on. As I can see, this is an imperative language. I was wondering if such an analysis could be applied (and could make sense to do so) also to a small subset of a functional language. I mean, one with some basic arithmetical and boolean operations, if expressions, function definition, applications and some kinds of input functions.
In a pure functional language there are no side effects and values are immutable. In such a context the possible impact of a tainted value is, in my opinion, highly reduced because we can simply use if expressions to check the value. Once we have done so, can we assume that every evaluation of both the "then" and the "else" branch will be safe? I mean, in a context like this, in which we have not goto statements, pointers and so on, the overall security is improved and the taint analysis is more simple rather than in an imperative language and, since the control flow is more clear, the application of both static and dynamic analysis would be simpler.
However, I'm not an expert in this field so I'm quite confused about the possible applications and implications. Are my assumptions and thoughts right?
Thanks to everyone.
