Search for a command to run...
Nowadays, software is used in almost every part of modern society. Consequently, software failures have massive impacts on many individuals. And indeed, software is error-prone and contains bugs and vulnerabilities. To find, and as a result reduce, bugs and vulnerabilities, static analysis can be used. It does not require executing malicious code and over-approximates all possible execution paths. Modern software is often crafted in multiple interacting programming languages. As a result, it requires static analyses that can analyze multi-language software adequately. Static analyses that can not analyze multi-language software adequately miss crucial cross-language properties like calls or data flows that lead to unintended behavior or can be exploited by attackers. There are already single-language analyses for nearly every mainstream programming language. We propose our Architecture for Cross-language Analysis (AXA) that allows the reuse of existing static analyses for cross-language analysis. AXA enables the integrated analyses to benefit from a cross-language analysis view through collaboration orchestrated by a central coordinator. Consequently, they do not miss crucial cross-language properties. This way, AXA can be the foundation for further research in cross-language analysis. It adjusts state-of-the-art analyses to recent developments, i.e., multi-language software. At the same time, it enables the reuse of and benefits from the assets of decades of research and development. This brings not only benefits to cross-language analysis developers, because they can reuse existing analyses. It also increases the relevance of the integrated static analyses. They can be used not only in a single- but also in a cross-language context while still focusing on a single language. To showcase that AXA allows to reuse existing static analyses with less effort than implementing the analyses from scratch, we implement two cross-language analyses with AXA–a points-to analysis and an immutability analysis. Points-to analyses are base analyses on which higher-level analyses depend, e.g., immutability analyses. Implementing and evaluating these two analyses shows that AXA allows the reuse of existing analyses with less effort than implementing the analyses from scratch. Furthermore, AXA increases the soundness of the integrated analyses without compromising precision.