Chapter 1.Introduction 2 proved safely.A more efficient points-to analysis enables more time-critical clients (e.g.,compiler optimizations)to be applied or less turnaround time to wait. In this thesis,we aim to improve the precision and efficiency of points-to analysis respectively,in a significant way.However,this is not trivial as discussed below. 1.1 Challenges Although many techniques for improving the precision and efficiency of points-to analysis have been proposed in the last decades [5,53,7,82,101,75,92,69,34, 48,83,84,49,93,21,4,78,87,89,85],how to make a good balance between precision and efficiency remains a long-standing problem:the techniques which achieve higher precision usually sacrifice efficiency,and vice versa,which limits the effectiveness of points-to analysis. To make a good precision and efficiency trade-off,existing points-to analy- ses mainly focus on two dimensions:modeling the control-flow and modeling the heap.For object-oriented programs,context-sensitivity is known to model control- flow with tractable and useful precision [7,39,72,75,82,79.Compared to the storeless heap abstraction (e.g.,access paths),store-based heap abstraction (e.g., allocation-site-based and allocation-type-based heap modeling)is the one predomi- nately adopted by points-to analysis [32,72,80,45,94.However,both techniques suffer from the balance problem,especially for large object-oriented programs. Context-sensitive points-to analysis separately analyzes the methods under dif- ferent calling contexts to improve precision by preventing the merging of the points- to information in different contexts.To address the problem of infinite calling con- texts due to the recursive calls and also to further improve the analysis scalability in practice,traditional approaches usually limit the length of contexts by a givenChapter 1. Introduction 2 proved safely. A more efficient points-to analysis enables more time-critical clients (e.g., compiler optimizations) to be applied or less turnaround time to wait. In this thesis, we aim to improve the precision and efficiency of points-to analysis respectively, in a significant way. However, this is not trivial as discussed below. 1.1 Challenges Although many techniques for improving the precision and efficiency of points-to analysis have been proposed in the last decades [5, 53, 7, 82, 101, 75, 92, 69, 34, 48, 83, 84, 49, 93, 21, 4, 78, 87, 89, 85], how to make a good balance between precision and efficiency remains a long-standing problem: the techniques which achieve higher precision usually sacrifice efficiency, and vice versa, which limits the effectiveness of points-to analysis. To make a good precision and efficiency trade-off, existing points-to analy￾ses mainly focus on two dimensions: modeling the control-flow and modeling the heap. For object-oriented programs, context-sensitivity is known to model control- flow with tractable and useful precision [7, 39, 72, 75, 82, 79]. Compared to the storeless heap abstraction (e.g., access paths), store-based heap abstraction (e.g., allocation-site-based and allocation-type-based heap modeling) is the one predomi￾nately adopted by points-to analysis [32, 72, 80, 45, 94]. However, both techniques suffer from the balance problem, especially for large object-oriented programs. Context-sensitive points-to analysis separately analyzes the methods under dif￾ferent calling contexts to improve precision by preventing the merging of the points￾to information in different contexts. To address the problem of infinite calling con￾texts due to the recursive calls and also to further improve the analysis scalability in practice, traditional approaches usually limit the length of contexts by a given