Chapter 1 Introduction Points-to analysis is a static analysis technique that addresses a fundamental prob- lem in program analysis:at compile-time,it determines which memory locations a pointer can point to at runtime.For object-oriented languages,such as Java, points-to analysis focuses on heap locations,i.e.,it statically determines which heap objects a variable or reference can point to dynamically. The results of points-to analysis are required by a wide range of client ap- plications,including bug detection [57,56,11,90,91,103,9],security analy- sis [47,6,31,27,program understanding 26,29,62,79,compiler optimiza- tion (66,19,18,88 and program verification [79,12],as well as other program analyses,such as program slicing [44,81,43],call graph construction [54,38,3], reflection analysis [41,42,74,107]and escape analysis [15,100,97,68].Hence effective points-to analyses are highly demanded as they can benefit many client applications and other fundamental analysis techniques. Two metrics are usually considered to measure the effectiveness of points-to analysis:precision and efficiency.In terms of a client,a more precise points-to analysis enables less false bugs to be reported or more program properties to be 1Chapter 1 Introduction Points-to analysis is a static analysis technique that addresses a fundamental prob￾lem in program analysis: at compile-time, it determines which memory locations a pointer can point to at runtime. For object-oriented languages, such as Java, points-to analysis focuses on heap locations, i.e., it statically determines which heap objects a variable or reference can point to dynamically. The results of points-to analysis are required by a wide range of client ap￾plications, including bug detection [57, 56, 11, 90, 91, 103, 9], security analy￾sis [47, 6, 31, 27], program understanding [26, 29, 62, 79], compiler optimiza￾tion [66, 19, 18, 88] and program verification [79, 12], as well as other program analyses, such as program slicing [44, 81, 43], call graph construction [54, 38, 3], reflection analysis [41, 42, 74, 107] and escape analysis [15, 100, 97, 68]. Hence effective points-to analyses are highly demanded as they can benefit many client applications and other fundamental analysis techniques. Two metrics are usually considered to measure the effectiveness of points-to analysis: precision and efficiency. In terms of a client, a more precise points-to analysis enables less false bugs to be reported or more program properties to be 1