Scaling Type-Based Points-to Analysis with Saturation
Christian Wimmer, Codrut Stancu, David Kozak, Thomas Würthinger: Scaling Type-Based Points-to Analysis with Saturation. In Proceedings of the ACM on Programming Languages, volume 8, issue PLDI, article 187. ACM Press, 2024. doi:10.1145/3656417Abstract
Designing a whole-program static analysis requires trade-offs between precision and scalability. While a context-insensitive points-to analysis is often considered a good compromise, it still has non-linear complexity that leads to scalability problems when analyzing large applications. On the other hand, rapid type analysis scales well but lacks precision. We use saturation in a context-insensitive type-based points-to analysis to make it as scalable as a rapid type analysis, while preserving most of the precision of the points-to analysis. With saturation, the points-to analysis only propagates small points-to sets for variables. If a variable can have more values than a certain threshold, the variable and all its usages are considered saturated and no longer analyzed.
Our implementation in the points-to analysis of GraalVM Native Image, a closed-world approach to build standalone binaries for Java applications, shows that saturation allows GraalVM Native Image to analyze large Java applications with hundreds of thousands of methods in less than two minutes.