When static analyses like live variables and constant propagation are performed on programs that use pointers, it is necessary to first obtain information about the locations to which each pointer points. This information is provided by pointer analysis, often in the form of a points-to set, which is a safe approximation (superset) of the set of locations to which a pointer may point.
In a programming language like C, the ability to type cast pointers to structures allows a program to access a given object as if it had a type different from its declared type. This complicates the treatment of fields of structures as distinct elements in program analysis, since the layout of structures in memory is implementation dependent. Some pointer analysis algorithms collapse structures into single variables; others make use of non-portable structure layout information. These approaches lead to varying degrees of precision in their results.
We present a tunable pointer-analysis framework for handling structures and casting. Different instances of this framework produce algorithms with different levels of precision, portability, and efficiency. Experimental results from running our implementation of four instances of this framework show that (i) it is important to distinguish fields of structures in pointer analysis, but (ii) making conservative approximations when casting is involved does not cost much in terms of precision.