Computer applications and/or libraries used with/by computer applications often include security vulnerabilities. Detection of such security vulnerabilities may occur via static program analysis. Static program analysis may be written in either an imperative programming language or in a declarative programming language. Writing a static program analysis in an imperative programming language may require writing large amounts of source code in an imperative programming language. Performing a static program analysis using a program expressed in a declarative programming language may become less viable when a program to be statically analyzed becomes very large (e.g., a program with many lines of code, many variables, many call-sites, many methods, etc.)