Bridging the gap between source code and high-level concepts in static code analysis

Static code analysis has proven beneficial for many domains, including security assessment, error detection, and more. As systems have grown more reliant on conceptual components without a one-to-one mapping in the source code, however, traditional static code analysis tools have become less ideal for the task. This is greatly because current static code analysis libraries focus on individual code constructs, forcing the library's user to manually combine these into high-level components before performing any meaningful analysis. To bridge this gap, we put forth a novel approach for extracting components from programs using sets of parsers called Relative Static Structure Analyzers (ReSSA). This approach builds a grammar to match structures within an abstract syntax tree, abstracting away the boilerplate of manually traversing, matching, and extracting data. This empowers the user to focus on the structure of components in their chosen language and framework, and their final output. Our approach holds potential to greatly simplify static code analysis, allowing for fast and accurate identification of important components without needing to utilize arcane parsing libraries.