Instead of repeatedly re-analyzing from scratch, an incremental static analysis only analyzes a codebase once completely, and then it updates the previous results based on the code changes. While this sounds promising to achieve speed-ups, the reality is that sophisticated static analyses typically employ features that can ruin incremental performance, such as inter-procedurality or context-sensitivity. In this study, we set out to explore whether incrementalization can help to achieve speed-ups for production CodeQL analyses that provide automated feedback on pull requests on GitHub. We first empirically validate the idea by measuring the potential for reuse on real-world codebases, and then we create a prototype incremental solver for CodeQL that exploits incrementality. We report on experimental results showing that we can indeed achieve update times proportional to the size of the code change, and we also discuss the limitations of our prototype.

翻译：增量式静态分析并非从头开始重复分析，而是仅对代码库进行一次完整分析，随后基于代码变更更新先前分析结果。尽管这一方法有望实现加速，但现实中复杂的静态分析通常采用过程间分析或上下文敏感性等特性，这些特性可能损害增量分析的性能。本研究旨在探索增量技术能否帮助加速生产级CodeQL分析（该类分析为GitHub上的拉取请求提供自动化反馈）。我们首先通过测量真实代码库中分析结果的可复用潜力对理论进行实证验证，随后创建了利用增量特性的CodeQL原型增量求解器。实验结果表明，我们确实能够实现与代码变更规模成比例的分析更新速度，同时讨论了当前原型的局限性。