Making Pointer Analysis More Precise by Unleashing the Power of Selective Context Sensitivity 147:5 Points-To info in previous Unity Relay pass PTpre Program P C.S.Selector of C.S.Selector of Unity (Figure 2) Trigger Relay (Figure 3) when Selective C.S. Selected Selected C.S. C.S. Approaches Unity Selective C.S. Selective C.S fails Pointer Analysis Pointer Analysis filtered by PTpre Precise Pointer Analysis Results for P Fig.1.Overview of the Unity-Relay Framework. principle maintains for each program element the most precise context that any component context- sensitivity approach would use.Then the new selected context-sensitivity information(Selected C.S. in Figure 1)will guide the selective context-sensitive pointer analysis to analyze P,and its results will be the output of Unity-Relay if the analysis is able to finish running within the time limit; otherwise(i.e,if Unity is too expensive to scale),Unity-Relay will trigger its Relay component to analyze P. Generally,given n approaches in S,Relay will run the selective context-sensitive pointer analysis n times(ie.,we have n passes in Relay).In each pass,as shown in Figure 1,the selective context- sensitive pointer analysis is guided by the context-sensitivity information(Selected C.S.)output from the C.S.selector of Relay according to the relay principle as illustrated in Section 3.3.Between successive passes,the precision of the earlier pass will be transmitted to and accumulated in the next pass.This is achieved by soundly filtering the pointer analysis results in the current pass by using the points-to information(points-to sets of variables)from the previous pass(PTpre in Figure 1).As a result,in Relay,the scalability burden is shared in each analysis run(i.e.,each pass): a component strategy is not burdened by others,but instead each strategy that completes helps both the precision and the scalability of the rest.Although overall precision is not guaranteed to reach that of Unity,precision improvements are reaped in a stable and accumulative way. 3.2 Unity Recall that every selective context-sensitive analysis represents a precision and efficiency trade-off, where precision bumps up against the limits of analysis scalability.In other words,for past selective context-sensitive analyses,the degree of precision(typically:the proportion of the program to be analyzed context-sensitively)is chosen to be approximately at a point where further improving it would render the analysis non-scalable.According to previous work,treating context-sensitively even a small set of methods may significantly hinder scalability,for the "wrong"choice of meth- ods [Li et al.2020].Now it seems that we are trapped:if a small step towards precision may hit the scalability wall(in the precision and efficiency balance made by each selective context-sensitivity approach),how can we reap a further noticeable precision improvement in a general,policy-agnostic meta-framework?To escape from the trap,in Unity,we propose to take a big step forward towards higher precision,by allowing many more methods to be analyzed under context sensitivity,with Proc.ACM Program.Lang.,Vol.5,No.OOPSLA,Article 147.Publication date:October 2021.Making Pointer Analysis More Precise by Unleashing the Power of Selective Context Sensitivity 147:5 C.S. Selector of Unity (Figure 2) Selective C.S. Pointer Analysis Selected C.S. C.S. Selector of Relay (Figure 3) Selective C.S. Pointer Analysis filtered by pai Selected C.S. Points-To info in previous Unity Relay Trigger when Unity fails Precise Pointer Analysis Results for P Program P Selective C.S. Approaches pass PTpre PTpre Fig. 1. Overview of the Unity-Relay Framework. principle maintains for each program element the most precise context that any component context￾sensitivity approach would use. Then the new selected context-sensitivity information (Selected C.S. in Figure 1) will guide the selective context-sensitive pointer analysis to analyze P, and its results will be the output of Unity-Relay if the analysis is able to finish running within the time limit; otherwise (i.e., if Unity is too expensive to scale), Unity-Relay will trigger its Relay component to analyze P. Generally, given 𝑛 approaches in 𝑆, Relay will run the selective context-sensitive pointer analysis 𝑛 times (i.e., we have 𝑛 passes in Relay). In each pass, as shown in Figure 1, the selective context￾sensitive pointer analysis is guided by the context-sensitivity information (Selected C.S.) output from the C.S. selector of Relay according to the relay principle as illustrated in Section 3.3. Between successive passes, the precision of the earlier pass will be transmitted to and accumulated in the next pass. This is achieved by soundly filtering the pointer analysis results in the current pass by using the points-to information (points-to sets of variables) from the previous pass (PT𝑝𝑟𝑒 in Figure 1). As a result, in Relay, the scalability burden is shared in each analysis run (i.e., each pass): a component strategy is not burdened by others, but instead each strategy that completes helps both the precision and the scalability of the rest. Although overall precision is not guaranteed to reach that of Unity, precision improvements are reaped in a stable and accumulative way. 3.2 Unity Recall that every selective context-sensitive analysis represents a precision and efficiency trade-off, where precision bumps up against the limits of analysis scalability. In other words, for past selective context-sensitive analyses, the degree of precision (typically: the proportion of the program to be analyzed context-sensitively) is chosen to be approximately at a point where further improving it would render the analysis non-scalable. According to previous work, treating context-sensitively even a small set of methods may significantly hinder scalability, for the łwrongž choice of meth￾ods [Li et al. 2020]. Now it seems that we are trapped: if a small step towards precision may hit the scalability wall (in the precision and efficiency balance made by each selective context-sensitivity approach), how can we reap a further noticeable precision improvement in a general, policy-agnostic meta-framework? To escape from the trap, in Unity, we propose to take a big step forward towards higher precision, by allowing many more methods to be analyzed under context sensitivity, with Proc. ACM Program. Lang., Vol. 5, No. OOPSLA, Article 147. Publication date: October 2021