Yoyak : Static analysis framework for Scala

Yoyak is a generic static analysis framework implemented in Scala. As far as we know, a few static analyzers[00,01,02] already exist in Scala world. While most of them only provide syntactic error checking[00] or pattern matching[01,02] for Scala sources, Yoyak can evaluate semantics of any input programs i.e. finding a fixed-point based on the theory of abstract interpretation. Static and semantic analysis technology is a key to many applications ranged from finding security vulnerabilities to improving software quality. As a solid example, we implement Android malware analyzer Dotbogey on our Yoyak framework. Dotbogey analyzes what hosts the given app connects to by simple string analysis, then checks whether the found hosts are malicious or not. In this talk, we will focus on what is Yoyak and how users can make their own semantic analyzer on it and present the working demo of Dotbogey. Author: Heejong Lee Heejong Lee is a software engineer and a static analyst who has been working in a static analysis industry since 2008. He is also a Scala evangelist and an open source contributor.