I am trying to understand static analysis of Java bytecode/source-code.

These terms frequently come up for which I am not able to find satisfactory definitions on the Internet:

1. context (in)sensitive analysis
2. calling context
3. active call site
4. points-to analysis

Can anyone please elaborate in layman terms what the above terms mean in the context of Java. A search of "context" "programming" on Google brings up stuff about context sensitive grammar, language theory, etc., but not the definitions I need (unless they mean the same thing).

• calling context: when analyzing code at a certain location, the code of the immediate (postulated) caller or a more generally, the set of (postulated) callers leading to this.

• active call site: a variation of the "calling context" focused on the immediate caller.

• context sensitive analysis: An analysis of the code properties at a code location that takes into account a specific calling context. The reason for doing such an analysis is that the properties are often more detailed and precise.

• context in-sensitive analysis: An analysis of a code location, that takes in to account all the possible calling contexts. This is done because it is easier to implement than a context-sensitive analysis; its disadvantage is the answers are often not as precise.

• points-to analysis: An analysis that determines for each pointer assignment (and thereby accesses and updates through) the set of entities in the program to which that pointer may select. Often the entities of interest are represented by the set of allocation points in the code, e.g., each place an allocation of any entity might occur, either on the heap or in a locals block.

Points-to Analysis (or reference analysis in the context of Java) would try to infer at compile-time what all objects a pointer may be pointing to at run-time. This is sound, but approximate.

A context-sensitive (CS) points-to analysis takes into account the calling context of a function while analyzing a function. For the program below, a CS points-to analysis can infer that x and z have different points-to information, i.e., they point to different objects, if y and w point to different objects.

main() {
    x = foo(y);
    z = foo(w);
}

foo (a) {
    return a;
}

In contrast, a context-insensitive (CI) analysis would not distinguish between the calling contexts and (imprecisely, but soundly) infer that x and z may alias (or may point to the same object).

Calling context is a sequence of call-sites in which the current (invocation of current) function appears. In the example, foo has two calling contexts, one at the first call-site from main and the second at line 2 of main. Active call-site is the one which you are analyzing.