OpenHarmony’s ecosystem has long lacked static code analysis tools tailored for ArkTS, impeding early detection of performance bottlenecks and security vulnerabilities during development. To address this gap, we propose ArkAnalyzer—the first static analysis framework specifically designed for ArkTS. It introduces an LLVM-inspired intermediate representation (IR) customized to ArkTS’s syntax and semantics, integrating a purpose-built AST parser, precise control- and data-flow analyses, and a rule-agnostic, plug-in–based architecture. ArkAnalyzer fills a critical infrastructure void in OpenHarmony’s static analysis toolchain and enables efficient, customizable defect detection. The framework is open-sourced and has been adopted by multiple mainstream OpenHarmony projects, demonstrably enhancing ArkTS code quality assurance.

ArkTS is a new programming language dedicated to developing apps for the emerging OpenHarmony mobile operating system. Like other programming languages constantly suffering from performance-related code smells or vulnerabilities, the ArkTS programming language will likely encounter the same problems. The solution given by our research community is to invent static analyzers, which are often implemented on top of a common static analysis framework, to detect and subsequently repair those issues automatically. Unfortunately, such an essential framework is not available for the OpenHarmony community yet. Existing program analysis methods have several problems when handling the ArkTS code. To bridge the gap, we design and implement a framework named ArkAnalyzer and make it publicly available as an open-source project. Our ArkAnalyzer addresses the aforementioned problems and has already integrated a number of fundamental static analysis functions that are ready to be reused by developers to implement OpenHarmony