Making Pointer Analysis More Precise by Unleashing the Power of Selective Context Sensitivity 147:3 accumulated in the next pass:in each pass,the points-to results retrieved from the previous pass are used to on-the-fly filter intermediate points-to results,keeping inferred points-to sets small and,thus,enhancing scalability. Given any selective context-sensitive pointer analysis A(guided by an approach in S),if A is sound and scalable for P,no matter how precise A is,Unity-Relay can be expected to produce a sound and scalable analysis with a precision that is guaranteed to be at least as good as A's,in the worst case.(Experimental results show that the precision is always better.)This property also implies that even when new(possibly special-purpose)selective context-sensitivity insights are developed in the future,Unity-Relay will still be able to leverage them to produce a more precise analysis in practice. Results.As a proof-of-concept,we instantiate the Unity-Relay framework in a tool called BATON. We extensively evaluate BAToN on a set of hard-to-analyze Java programs(including the toughest programs evaluated in the past literature of selective context-sensitive pointer analysis for Java), using three general precision metrics and four popular clients(also the most complete set of precision metrics/clients used in recent literature).Compared to the state of the art,experimental results show that BAToN is able to improve precision significantly,and achieves the best precision for all metrics and clients for all evaluated programs.To the best of our knowledge,this is the first time that this level of analysis precision has been attained for these hard-to-analyze programs. Moreover,because of Unity-Relay's nature as a general meta-framework,we expect it to see more future instantiations and to unleash the power of more selective context-sensitivity approaches,to produce more precise pointer analyses. In summary,this work makes the following contributions: We present Unity-Relay,a simple and practical framework to produce precise pointer analyses for hard-to-analyze Java programs,by unleashing the power of selective context sensitivity(Section 3). We formulate the Unity-Relay framework,prove its soundness and precision guarantees, and discuss its scalability (Section 4). We present BAroN,a tool instantiated from the Unity-Relay framework,which will be released as an open-source tool(Section 5). We conduct extensive experiments by comparing BAroN with the state of the art,to demon- strate its effectiveness in the real world(the experimental results can be obtained using the accompanying artifact [Tan et al.2021])(Section 6).BATON substantially improves on the precision of previous algorithms in the literature-e.g.,eliminating over 33%of alias pairs (soundly determined to be spurious)on average,and up to 71%,compared to the best past contender evaluated. 2 BACKGROUND We assume that the reader is familiar with the high-level concepts of pointer analysis,as introduced in several surveys [Smaragdakis and Balatsouras 2015;Sridharan et al.2013].This section describes some necessary background knowledge about context sensitivity for whole-program pointer analysis for Java Traditional Context Sensitivity.A method is analyzed context-sensitively means that the static abstraction of different dynamic instantiations of variables and heap objects within the method will be treated separately during analysis under different abstract entities called contexts.Accordingly, spurious object flows will be reduced,thus making the analysis more precise.Given a method m,each of its contexts typically consists of a list of consecutive context elements in the form of Proc.ACM Program.Lang.,Vol.5,No.OOPSLA,Article 147.Publication date:October 2021.Making Pointer Analysis More Precise by Unleashing the Power of Selective Context Sensitivity 147:3 accumulated in the next pass: in each pass, the points-to results retrieved from the previous pass are used to on-the-fly filter intermediate points-to results, keeping inferred points-to sets small and, thus, enhancing scalability. Given any selective context-sensitive pointer analysis 𝐴 (guided by an approach in 𝑆), if 𝐴 is sound and scalable for P, no matter how precise 𝐴 is, Unity-Relay can be expected to produce a sound and scalable analysis with a precision that is guaranteed to be at least as good as 𝐴’s, in the worst case. (Experimental results show that the precision is always better.) This property also implies that even when new (possibly special-purpose) selective context-sensitivity insights are developed in the future, Unity-Relay will still be able to leverage them to produce a more precise analysis in practice. Results. As a proof-of-concept, we instantiate the Unity-Relay framework in a tool called Baton. We extensively evaluate Baton on a set of hard-to-analyze Java programs (including the toughest programs evaluated in the past literature of selective context-sensitive pointer analysis for Java), using three general precision metrics and four popular clients (also the most complete set of precision metrics/clients used in recent literature). Compared to the state of the art, experimental results show that Baton is able to improve precision significantly, and achieves the best precision for all metrics and clients for all evaluated programs. To the best of our knowledge, this is the first time that this level of analysis precision has been attained for these hard-to-analyze programs. Moreover, because of Unity-Relay’s nature as a general meta-framework, we expect it to see more future instantiations and to unleash the power of more selective context-sensitivity approaches, to produce more precise pointer analyses. In summary, this work makes the following contributions: • We present Unity-Relay, a simple and practical framework to produce precise pointer analyses for hard-to-analyze Java programs, by unleashing the power of selective context sensitivity (Section 3). • We formulate the Unity-Relay framework, prove its soundness and precision guarantees, and discuss its scalability (Section 4). • We present Baton, a tool instantiated from the Unity-Relay framework, which will be released as an open-source tool (Section 5). • We conduct extensive experiments by comparing Baton with the state of the art, to demonstrate its effectiveness in the real world (the experimental results can be obtained using the accompanying artifact [Tan et al. 2021]) (Section 6). Baton substantially improves on the precision of previous algorithms in the literatureÐe.g., eliminating over 33% of alias pairs (soundly determined to be spurious) on average, and up to 71%, compared to the best past contender evaluated. 2 BACKGROUND We assume that the reader is familiar with the high-level concepts of pointer analysis, as introduced in several surveys [Smaragdakis and Balatsouras 2015; Sridharan et al. 2013]. This section describes some necessary background knowledge about context sensitivity for whole-program pointer analysis for Java. Traditional Context Sensitivity. A method is analyzed context-sensitively means that the static abstraction of different dynamic instantiations of variables and heap objects within the method will be treated separately during analysis under different abstract entities called contexts. Accordingly, spurious object flows will be reduced, thus making the analysis more precise. Given a method m, each of its contexts typically consists of a list of consecutive context elements in the form of Proc. ACM Program. Lang., Vol. 5, No. OOPSLA, Article 147. Publication date: October 2021