Lightweight Multilingual Software Analysis

TL;DR

This paper introduces MLSA, a lightweight static analysis architecture designed to analyze large multilingual software codebases by constructing call-graphs that reveal inter- and intra-language calls, aiding in security and quality management.

Contribution

The paper presents a modular, table-oriented architecture for static analysis of multilingual codebases, focusing on call-graph construction across multiple languages and APIs.

Findings

Algorithms successfully extract multilingual call-graphs

Implementation demonstrates practical analysis of large codebases

Analysis reveals inter-language call patterns and potential security issues

Abstract

Developer preferences, language capabilities and the persistence of older languages contribute to the trend that large software codebases are often multilingual, that is, written in more than one computer language. While developers can leverage monolingual software development tools to build software components, companies are faced with the problem of managing the resultant large, multilingual codebases to address issues with security, efficiency, and quality metrics. The key challenge is to address the opaque nature of the language interoperability interface: one language calling procedures in a second (which may call a third, or even back to the first), resulting in a potentially tangled, inefficient and insecure codebase. An architecture is proposed for lightweight static analysis of large multilingual codebases: the MLSA architecture. Its modular and table-oriented structure addresses the open-ended nature of multiple languages and language interoperability APIs. We focus here as an application on the construction of call-graphs that capture both inter-language and intra-language calls. The algorithms for extracting multilingual call-graphs from codebases are presented, and several examples of multilingual software engineering analysis are discussed. The state of the implementation and testing of MLSA is presented, and the implications for future work are discussed.