An important dimension of pointer analysis is field-Sensitive, which has been proven to effectively enhance the accuracy of pointer analysis results. A crucial area of research within field-Sensitive is Structure-Sensitive. Structure-Sensitive has been shown to further enhance the precision of pointer analysis. However, existing structure-sensitive methods cannot handle cases where an object possesses multiple structures, even though it's common for an object to have multiple structures throughout its lifecycle. This paper introduces MTO-SS, a flow-sensitive pointer analysis method for objects with multiple structures. Our observation is that it's common for an object to possess multiple structures throughout its lifecycle. The novelty of MTO-SS lies in: MTO-SS introduces Structure-Flow-Sensitive. An object has different structure information at different locations in the program. To ensure the completeness of an object's structure information, MTO-SS always performs weak updates on the object's type. This means that once an object possesses a structure, this structure will accompany the object throughout its lifecycle. We evaluated our method of multi-structured object pointer analysis using the 12 largest programs in GNU Coreutils and compared the experimental results with sparse flow-sensitive method and another method, TYPECLONE, which only allows an object to have one structure information. Our experimental results confirm that MTO-SS is more precise than both sparse flow-sensitive pointer analysis and TYPECLONE, being able to answer, on average, over 22\% more alias queries with a no-alias result compared to the former, and over 3\% more compared to the latter. Additionally, the time overhead introduced by our method is very low.

翻译：指针分析的一个重要维度是域敏感性（field-Sensitive），已证明该维度能有效提升指针分析结果的精度。域敏感性中的一个关键研究领域是结构敏感性（Structure-Sensitive）。研究表明，结构敏感性可进一步提高指针分析的精准度。然而，现有结构敏感方法无法处理一个对象具有多个结构的情况——尽管对象在其生命周期中拥有多个结构是常见现象。本文提出MTO-SS，一种面向多结构对象的流敏感指针分析方法。我们的观察表明，对象在生命周期内拥有多个结构是普遍存在的。MTO-SS的创新之处在于：引入了结构流敏感性（Structure-Flow-Sensitive）。对象在程序的不同位置具有不同的结构信息。为确保对象结构信息的完整性，MTO-SS始终对对象类型执行弱更新（weak update）。这意味着，一旦对象获得某个结构，该结构将伴随其整个生命周期。我们使用GNU Coreutils中规模最大的12个程序对多结构对象指针分析方法进行了评估，并将实验结果与稀疏流敏感方法及另一仅允许对象拥有单一结构信息的TYPECLONE方法进行对比。实验结果表明，MTO-SS比稀疏流敏感指针分析和TYPECLONE均更精确：与前者相比，MTO-SS平均能多回答超过22%的无别名查询；与后者相比，则多超过3%。此外，该方法带来的时间开销极低。