Previous work has shown that one can often greatly speed up static analysis by computing data flows not for every edge in the program's control-flow graph but instead only along definition-use chains. This yields a so-called sparse static analysis. Recent work on SparseDroid has shown that specifically taint analysis can be "sparsified" with extraordinary effectiveness because the taint state of one variable does not depend on those of others. This allows one to soundly omit more flow-function computations than in the general case. In this work, we now assess whether this result carries over to the more generic setting of so-called Interprocedural Distributive Environment (IDE) problems. Opposed to taint analysis, IDE comprises distributive problems with large or even infinitely broad domains, such as typestate analysis or linear constant propagation. Specifically, this paper presents Sparse IDE, a framework that realizes sparsification for any static analysis that fits the IDE framework. We implement Sparse IDE in SparseHeros, as an extension to the popular Heros IDE solver, and evaluate its performance on real-world Java libraries by comparing it to the baseline IDE algorithm. To this end, we design, implement and evaluate a linear constant propagation analysis client on top of SparseHeros. Our experiments show that, although IDE analyses can only be sparsified with respect to symbols and not (numeric) values, Sparse IDE can nonetheless yield significantly lower runtimes and often also memory consumptions compared to the original IDE.

翻译：先前工作表明，通过仅沿定义-使用链而非程序控制流图的每条边计算数据流，通常可大幅加速静态分析，这被称为稀疏静态分析。近期关于SparseDroid的研究指出，由于污点分析中某个变量的污点状态不依赖于其他变量，因此该分析能以极高效率实现"稀疏化"，相比通用情况能更可靠地省略更多流函数计算。本研究进一步评估了这一结论是否适用于更通用的所谓"过程间分布式环境"（IDE）问题。与污点分析不同，IDE涵盖域较大甚至无限宽的分布式问题，例如类型状态分析或线性常量传播。具体而言，本文提出了Sparse IDE框架，能为任何符合IDE框架的静态分析实现稀疏化。我们在SparseHeros中实现了Sparse IDE（作为对广泛使用的Heros IDE求解器的扩展），并通过与基准IDE算法对比，在真实Java库上评估其性能。为此，我们基于SparseHeros设计、实现并评估了一个线性常量传播分析客户端。实验表明，尽管IDE分析仅能针对符号（而非数值）进行稀疏化，但相比原始IDE，Sparse IDE仍能显著降低运行时间并常能减少内存消耗。