diff --git a/docs/en/pointer-analysis-framework.adoc b/docs/en/pointer-analysis-framework.adoc
index d39418e7b..156764078 100644
--- a/docs/en/pointer-analysis-framework.adoc
+++ b/docs/en/pointer-analysis-framework.adoc
@@ -87,6 +87,10 @@ See <<taint-analysis#taint-analysis,Taint Analysis>> for more details.
 ** Default value: `false`
 ** Specify whether to dump points-to results in YAML format. This option is independent of `dump` and `dump-ci` output formats.
 
+* Only dump points-to results of application code: `only-dump-app:[true|false]`
+** Default value: `false`
+** When set to `true`, `dump-yaml`, `dump-ci` will only dump analysis results of application code (and ignores library code).
+
 * Time limit: `time-limit:<time-limit>`
 ** Default value: `-1`
 ** Specify a time limit for pointer analysis (unit: second).When it is `-1`, there is no time limit.
diff --git a/src/main/java/pascal/taie/AbstractWorldBuilder.java b/src/main/java/pascal/taie/AbstractWorldBuilder.java
index bb9b477c1..56925866c 100644
--- a/src/main/java/pascal/taie/AbstractWorldBuilder.java
+++ b/src/main/java/pascal/taie/AbstractWorldBuilder.java
@@ -49,8 +49,6 @@ public abstract class AbstractWorldBuilder implements WorldBuilder {
 
     private static final Logger logger = LogManager.getLogger(AbstractWorldBuilder.class);
 
-    protected static final String JREs = "java-benchmarks/JREs";
-
     protected static final List<String> implicitEntries = List.of(
             "<java.lang.System: void initializeSystemClass()>",
             "<java.lang.Thread: void <init>(java.lang.ThreadGroup,java.lang.Runnable)>",
@@ -75,7 +73,7 @@ protected static String getClassPath(Options options) {
                     .collect(Collectors.joining(File.pathSeparator));
         } else { // when prependJVM is not set, we manually specify JRE jars
             // check existence of JREs
-            File jreDir = new File(JREs);
+            File jreDir = new File(options.getLibJREPath());
             if (!jreDir.exists()) {
                 throw new RuntimeException("""
                         Failed to locate Java library.
@@ -85,7 +83,7 @@ protected static String getClassPath(Options options) {
                         then put it in Tai-e's working directory.""");
             }
             String jrePath = String.format("%s/jre1.%d",
-                    JREs, options.getJavaVersion());
+                    options.getLibJREPath(), options.getJavaVersion());
             try (Stream<Path> paths = Files.walk(Path.of(jrePath))) {
                 return Streams.concat(
                                 paths.map(Path::toString).filter(p -> p.endsWith(".jar")),
diff --git a/src/main/java/pascal/taie/analysis/graph/flowgraph/FlowKind.java b/src/main/java/pascal/taie/analysis/graph/flowgraph/FlowKind.java
index 42ffd8e88..6d976b7fd 100644
--- a/src/main/java/pascal/taie/analysis/graph/flowgraph/FlowKind.java
+++ b/src/main/java/pascal/taie/analysis/graph/flowgraph/FlowKind.java
@@ -39,5 +39,17 @@ public enum FlowKind {
     PARAMETER_PASSING,
     RETURN,
 
+    // cut-shortcut
+    ARG_TO_HOST, // container entrance method, for example, v.add(e), o \in pts(v), e -> host(o)
+    HOST_TO_RESULT,
+    SUBSET,
+    CORRELATION,
+    ARRAYCOPY,
+    ID,
+    VIRTUAL_ARRAY,
+    VIRTUAL_ARG,
+    SET, GET,
+    NON_RELAY_GET, // relay edge
+
     OTHER,
 }
diff --git a/src/main/java/pascal/taie/analysis/pta/PointerAnalysis.java b/src/main/java/pascal/taie/analysis/pta/PointerAnalysis.java
index 7b293b951..e47b3576c 100644
--- a/src/main/java/pascal/taie/analysis/pta/PointerAnalysis.java
+++ b/src/main/java/pascal/taie/analysis/pta/PointerAnalysis.java
@@ -30,6 +30,7 @@
 import pascal.taie.analysis.pta.core.cs.selector.ContextSelectorFactory;
 import pascal.taie.analysis.pta.core.heap.AllocationSiteBasedModel;
 import pascal.taie.analysis.pta.core.heap.HeapModel;
+import pascal.taie.analysis.pta.core.solver.CutShortcutSolver;
 import pascal.taie.analysis.pta.core.solver.DefaultSolver;
 import pascal.taie.analysis.pta.core.solver.Solver;
 import pascal.taie.analysis.pta.plugin.AnalysisTimer;
@@ -40,6 +41,10 @@
 import pascal.taie.analysis.pta.plugin.ReferenceHandler;
 import pascal.taie.analysis.pta.plugin.ResultProcessor;
 import pascal.taie.analysis.pta.plugin.ThreadHandler;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.ContainerAccessHandler;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.MakeDefaultContainerConfig;
+import pascal.taie.analysis.pta.plugin.cutshortcut.field.FieldAccessHandler;
+import pascal.taie.analysis.pta.plugin.cutshortcut.localflow.LocalFlowHandler;
 import pascal.taie.analysis.pta.plugin.exception.ExceptionAnalysis;
 import pascal.taie.analysis.pta.plugin.invokedynamic.InvokeDynamicAnalysis;
 import pascal.taie.analysis.pta.plugin.invokedynamic.Java9StringConcatHandler;
@@ -75,52 +80,59 @@ public PointerAnalysisResult analyze() {
         HeapModel heapModel = new AllocationSiteBasedModel(options);
         ContextSelector selector = null;
         String advanced = options.getString("advanced");
+        String solverType = options.has("solver") ? options.getString("solver"): "default"; // which solver to use
         String cs = options.getString("cs");
         if (advanced != null) {
-            if (advanced.equals("collection")) {
+            if (advanced.equals("collection"))
                 selector = ContextSelectorFactory.makeSelectiveSelector(cs,
                         new CollectionMethods(World.get().getClassHierarchy()).get());
-            } else {
+            else {
                 // run context-insensitive analysis as pre-analysis
-                PointerAnalysisResult preResult = runAnalysis(heapModel,
-                        ContextSelectorFactory.makeCISelector());
-                if (advanced.startsWith("scaler")) {
+                PointerAnalysisResult preResult = runAnalysis(heapModel, ContextSelectorFactory.makeCISelector(), solverType);
+                if (advanced.startsWith("scaler"))
                     selector = Monitor.runAndCount(() -> ContextSelectorFactory
                                     .makeGuidedSelector(Scaler.run(preResult, advanced)),
                             "Scaler", Level.INFO);
-                } else if (advanced.startsWith("zipper")) {
+                else if (advanced.startsWith("zipper"))
                     selector = Monitor.runAndCount(() -> ContextSelectorFactory
                                     .makeSelectiveSelector(cs, Zipper.run(preResult, advanced)),
                             "Zipper", Level.INFO);
-                } else if (advanced.equals("mahjong")) {
+                else if (advanced.equals("mahjong"))
                     heapModel = Monitor.runAndCount(() -> Mahjong.run(preResult, options),
                             "Mahjong", Level.INFO);
-                } else {
+                else
                     throw new IllegalArgumentException(
                             "Illegal advanced analysis argument: " + advanced);
-                }
+
             }
         }
         if (selector == null) {
             selector = ContextSelectorFactory.makePlainSelector(cs);
         }
-        return runAnalysis(heapModel, selector);
+        return runAnalysis(heapModel, selector, solverType);
     }
 
     private PointerAnalysisResult runAnalysis(HeapModel heapModel,
-                                              ContextSelector selector) {
+                                              ContextSelector selector,
+                                              String solverType) {
         AnalysisOptions options = getOptions();
-        Solver solver = new DefaultSolver(options,
-                heapModel, selector, new MapBasedCSManager());
+        Solver solver;
+        if (solverType.equals("default"))
+            solver = new DefaultSolver(options, heapModel, selector, new MapBasedCSManager());
+        // cut-shortcut
+        else if (solverType.equals("csc"))
+            solver = new CutShortcutSolver(options, heapModel, selector, new MapBasedCSManager());
+        else
+            throw new IllegalArgumentException("Illegal solver type: " + solverType);
         // The initialization of some Plugins may read the fields in solver,
         // e.g., contextSelector or csManager, thus we initialize Plugins
-        // after setting all other fields of solver.
-        setPlugin(solver, options);
+        // after setting all other fields of solver.setPlugin(solver, options);
+        setPlugin(solver, options, solverType);
         solver.solve();
         return solver.getResult();
     }
 
-    private static void setPlugin(Solver solver, AnalysisOptions options) {
+    private static void setPlugin(Solver solver, AnalysisOptions options, String solverType) {
         CompositePlugin plugin = new CompositePlugin();
         // add builtin plugins
         // To record elapsed time precisely, AnalysisTimer should be added at first.
@@ -132,6 +144,15 @@ private static void setPlugin(Solver solver, AnalysisOptions options) {
                 new NativeModeller(),
                 new ExceptionAnalysis()
         );
+        if (solverType.equals("csc")) {
+            MakeDefaultContainerConfig.make();
+            plugin.addPlugin(
+                    new LocalFlowHandler(),
+                    new FieldAccessHandler(),
+                    new ContainerAccessHandler()
+            );
+        }
+
         int javaVersion = World.get().getOptions().getJavaVersion();
         if (javaVersion < 9) {
             // current reference handler doesn't support Java 9+
diff --git a/src/main/java/pascal/taie/analysis/pta/core/cs/element/AbstractPointer.java b/src/main/java/pascal/taie/analysis/pta/core/cs/element/AbstractPointer.java
index 3b16185e5..ec2c50201 100644
--- a/src/main/java/pascal/taie/analysis/pta/core/cs/element/AbstractPointer.java
+++ b/src/main/java/pascal/taie/analysis/pta/core/cs/element/AbstractPointer.java
@@ -45,6 +45,8 @@ abstract class AbstractPointer implements Pointer {
 
     private final ArrayList<PointerFlowEdge> outEdges = new ArrayList<>(4);
 
+    private final ArrayList<PointerFlowEdge> inEdges = new ArrayList<>(4);
+
     private Set<Predicate<CSObj>> filters = Set.of();
 
     protected AbstractPointer(int index) {
@@ -95,6 +97,7 @@ public PointerFlowEdge addEdge(PointerFlowEdge edge) {
         assert edge.source() == this;
         if (successors.add(edge.target())) {
             outEdges.add(edge);
+            edge.target().addInEdge(edge);
             return edge;
         } else if (edge.kind() == FlowKind.OTHER) {
             for (PointerFlowEdge outEdge : outEdges) {
@@ -103,11 +106,17 @@ public PointerFlowEdge addEdge(PointerFlowEdge edge) {
                 }
             }
             outEdges.add(edge);
+            edge.target().addInEdge(edge);
             return edge;
         }
         return null;
     }
 
+    public void addInEdge(PointerFlowEdge edge) {
+        assert edge.target() == this;
+        inEdges.add(edge);
+    }
+
     @Override
     public void removeEdgesIf(Predicate<PointerFlowEdge> filter) {
         outEdges.removeIf(filter);
@@ -118,6 +127,11 @@ public Set<PointerFlowEdge> getOutEdges() {
         return Collections.unmodifiableSet(new ArraySet<>(outEdges, true));
     }
 
+    @Override
+    public Set<PointerFlowEdge> getInEdges() {
+        return Collections.unmodifiableSet(new ArraySet<>(inEdges, true));
+    }
+
     @Override
     public int getOutDegree() {
         return outEdges.size();
diff --git a/src/main/java/pascal/taie/analysis/pta/core/cs/element/CSManager.java b/src/main/java/pascal/taie/analysis/pta/core/cs/element/CSManager.java
index e02141ced..9c1e055d4 100644
--- a/src/main/java/pascal/taie/analysis/pta/core/cs/element/CSManager.java
+++ b/src/main/java/pascal/taie/analysis/pta/core/cs/element/CSManager.java
@@ -24,6 +24,7 @@
 
 import pascal.taie.analysis.pta.core.cs.context.Context;
 import pascal.taie.analysis.pta.core.heap.Obj;
+
 import pascal.taie.ir.exp.Var;
 import pascal.taie.ir.stmt.Invoke;
 import pascal.taie.language.classes.JField;
diff --git a/src/main/java/pascal/taie/analysis/pta/core/cs/element/Pointer.java b/src/main/java/pascal/taie/analysis/pta/core/cs/element/Pointer.java
index 4b0275149..cff3c7586 100644
--- a/src/main/java/pascal/taie/analysis/pta/core/cs/element/Pointer.java
+++ b/src/main/java/pascal/taie/analysis/pta/core/cs/element/Pointer.java
@@ -97,6 +97,8 @@ public interface Pointer extends Indexable {
      */
     PointerFlowEdge addEdge(PointerFlowEdge edge);
 
+    void addInEdge(PointerFlowEdge edge);
+
     /**
      * Removes out edges of this pointer if they satisfy the filter.
      * <p>
@@ -112,6 +114,11 @@ public interface Pointer extends Indexable {
      */
     Set<PointerFlowEdge> getOutEdges();
 
+    /**
+     * @return out edges of this pointer in pointer flow graph.
+     */
+    Set<PointerFlowEdge> getInEdges();
+
     /**
      * @return out degree of this pointer in pointer flow graph.
      */
diff --git a/src/main/java/pascal/taie/analysis/pta/core/solver/CutShortcutSolver.java b/src/main/java/pascal/taie/analysis/pta/core/solver/CutShortcutSolver.java
new file mode 100644
index 000000000..366b52321
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/core/solver/CutShortcutSolver.java
@@ -0,0 +1,323 @@
+package pascal.taie.analysis.pta.core.solver;
+
+import pascal.taie.analysis.graph.callgraph.CallKind;
+import pascal.taie.analysis.graph.callgraph.Edge;
+import pascal.taie.analysis.graph.flowgraph.FlowKind;
+import pascal.taie.analysis.pta.core.cs.context.Context;
+import pascal.taie.analysis.pta.core.cs.element.*;
+import pascal.taie.analysis.pta.core.cs.selector.ContextSelector;
+import pascal.taie.analysis.pta.core.heap.HeapModel;
+import pascal.taie.analysis.pta.plugin.CompositePlugin;
+import pascal.taie.analysis.pta.plugin.Plugin;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.ContainerAccessHandler;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.ContainerConfig;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.HostKind;
+import pascal.taie.analysis.pta.plugin.cutshortcut.field.*;
+import pascal.taie.analysis.pta.plugin.reflection.ReflectiveCallEdge;
+import pascal.taie.analysis.pta.pts.PointsToSet;
+import pascal.taie.config.AnalysisOptions;
+import pascal.taie.ir.exp.Exp;
+import pascal.taie.ir.exp.InvokeExp;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.ir.stmt.Invoke;
+import pascal.taie.ir.stmt.LoadField;
+import pascal.taie.ir.stmt.StoreField;
+import pascal.taie.language.classes.JClass;
+import pascal.taie.language.classes.JField;
+import pascal.taie.language.classes.JMethod;
+import pascal.taie.language.type.NullType;
+import pascal.taie.language.type.ReferenceType;
+import pascal.taie.language.type.Type;
+import pascal.taie.util.collection.Maps;
+import pascal.taie.util.collection.MultiMap;
+import pascal.taie.util.collection.Sets;
+import pascal.taie.util.collection.TwoKeyMap;
+
+import java.util.Set;
+
+import static pascal.taie.analysis.pta.plugin.cutshortcut.ReflectiveEdgeProperty.setVirtualArg;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.SpecialVariables.isNonRelay;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.ClassAndTypeClassifier.isHashtableType;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.ClassAndTypeClassifier.isVectorType;
+
+public class CutShortcutSolver extends DefaultSolver {
+    private ContainerConfig containerConfig;
+
+    private FieldAccessHandler fieldAccessHandler = null;
+
+    private ContainerAccessHandler containerAccessHandler = null;
+
+    // cutRetuns resolved By LocalFlowHandler
+    private final Set<Var> cutReturnVars = Sets.newSet();
+
+    private final Set<StoreField> cutStoreFields = Sets.newSet();
+
+    private final Set<JMethod> selectedMethods = Sets.newSet();
+
+    // callsites whose callee should not be cut, handle container access whose object type is not modeled
+    private final Set<CSCallSite> recoveredCallSites = Sets.newSet();
+
+    public CutShortcutSolver(AnalysisOptions options, HeapModel heapModel,
+                             ContextSelector contextSelector, CSManager csManager) {
+        super(options, heapModel, contextSelector, csManager);
+    }
+
+    @Override
+    public void setPlugin(Plugin plugin) {
+        super.setPlugin(plugin);
+        assert plugin instanceof CompositePlugin;
+        CompositePlugin compositePlugin = (CompositePlugin) plugin;
+        for (Plugin p : compositePlugin.getAllPlugins()) {
+            if (p instanceof FieldAccessHandler fah)
+                fieldAccessHandler = fah;
+            else if (p instanceof ContainerAccessHandler cah)
+                containerAccessHandler = cah;
+        }
+        assert fieldAccessHandler != null;
+        assert containerAccessHandler != null;
+    }
+
+    // ---------- solver logic starts ----------
+    /**
+     * Initializes pointer analysis.
+     */
+    @Override
+    protected void initialize() {
+        containerConfig = ContainerConfig.config;
+        super.initialize();
+    }
+
+    /**
+     * Processes worklist entries until the worklist is empty.
+     */
+    @Override
+    protected void analyze() {
+        while (!workList.isEmpty()) {
+            WorkList.Entry entry = workList.pollEntry();
+            if (entry instanceof WorkList.PointerEntry pEntry) {
+                Pointer p = pEntry.pointer();
+                PointsToSet pts = pEntry.pointsToSet();
+                PointsToSet diff = propagate(p, pts);
+                if (!diff.isEmpty() && p instanceof CSVar v) {
+                    processInstanceStore(v, diff);
+                    processInstanceLoad(v, diff);
+                    processArrayStore(v, diff);
+                    processArrayLoad(v, diff);
+                    processCall(v, diff);
+                    plugin.onNewPointsToSet(v, diff);
+                }
+            }
+            else if (entry instanceof WorkList.CallEdgeEntry eEntry)
+                processCallEdge(eEntry.edge());
+            else if (entry instanceof WorkList.SetStmtEntry sEntry)
+                fieldAccessHandler.onNewSetStatement(sEntry.csMethod(), sEntry.setStmt());
+            else if (entry instanceof WorkList.GetStmtEntry gEntry)
+                fieldAccessHandler.onNewGetStatement(gEntry.csMethod(), gEntry.getStmt());
+            else if (entry instanceof WorkList.HostEntry hEntry) {
+                Pointer p = hEntry.pointer();
+                PointsToSet diff = processHostEntry(hEntry);
+                if (p instanceof CSVar csVar && !diff.isEmpty())
+                    containerAccessHandler.onNewHostEntry(csVar, diff, hEntry.kind());
+            }
+        }
+        plugin.onFinish();
+    }
+
+    public boolean addRecoveredCallSite(CSCallSite csCallSite) {
+        return recoveredCallSites.add(csCallSite);
+    }
+
+    public boolean isRecoveredCallSite(CSCallSite csCallSite) {
+        return recoveredCallSites.contains(csCallSite);
+    }
+
+    String[] stopSigns = new String[]{"iterator(", "entrySet()", "keySet()", "values()", "Entry(", "Iterator("};
+
+    /*
+     * @param source:  PFG edge s --> v, if source inside Transfer method, do not propagate ptsH
+     */
+    public boolean needPropagateHost(PointerFlowEdge edge) {
+        // Todo: Here return var of Map.values() --> r is treated as Local_Assign
+        if (edge.kind() == FlowKind.RETURN) {
+            Var sourceVar = ((CSVar) edge.source()).getVar();
+            JClass container = sourceVar.getMethod().getDeclaringClass();
+            String methodString = sourceVar.getMethod().toString();
+            // container, entryset type
+            if (containerConfig.isHostClass(container)) {
+                // source variable is inside function: iterator, entryset, keyset, values. do not propagate to host
+                for (String stopSign: stopSigns) {
+                    if (methodString.contains(stopSign))
+                        return false;
+                }
+                // HashTable.elements() return Enumeration of HashTable.values(), .keys() return Enumeration of keys
+                if (isHashtableType(container.getType()) && (methodString.contains("elements()") || methodString.contains("keys()")))
+                    return false;
+                // vector.elements() return Enumeration of Vector.elements
+                return !isVectorType(container.getType()) || !methodString.contains("elements()");
+            }
+            return true;
+        }
+        return true;
+    }
+
+    /**
+     * @return true if the type of given expression is concerned in
+     * pointer analysis, otherwise false.
+     */
+    public static boolean isConcerned(Exp exp) {
+        Type type = exp.getType();
+        return type instanceof ReferenceType && !(type instanceof NullType);
+    }
+
+    public void addCutStoreField(StoreField set) { // 需要跳过的StoreField，位于最内层的set方法
+        cutStoreFields.add(set);
+    }
+
+    private PointsToSet processHostEntry(WorkList.HostEntry entry) {
+        Pointer pointer = entry.pointer();
+        PointsToSet hostSet = entry.hostSet();
+        HostKind kind = entry.kind();
+        PointsToSet diff = containerAccessHandler.getHostListOf(pointer, kind).addAllDiff(hostSet);
+        if (!diff.isEmpty()) {
+            pointerFlowGraph.getOutEdgesOf(pointer).forEach(edge -> {
+                if (needPropagateHost(edge)) {
+                    Pointer target = edge.target();
+                    workList.addHostEntry(target, kind, diff);
+                }
+            });
+        }
+        return diff;
+    }
+
+    private void processInstanceStore(CSVar baseVar, PointsToSet pts) {
+        Context context = baseVar.getContext();
+        Var var = baseVar.getVar();
+        for (StoreField store : var.getStoreFields()) {
+            // skip cutStores
+            if (cutStoreFields.contains(store))
+                continue;
+            Var fromVar = store.getRValue();
+            if (propTypes.isAllowed(fromVar)) {
+                CSVar from = getCSManager().getCSVar(context, fromVar);
+                pts.forEach(baseObj -> {
+                    JField field = store.getFieldRef().resolve();
+                    InstanceField instField = getCSManager().getInstanceField(baseObj, field);
+                    addPFGEdge(from, instField, FlowKind.INSTANCE_STORE);
+                });
+            }
+        }
+    }
+
+    private void processInstanceLoad(CSVar baseVar, PointsToSet pts) {
+        Context context = baseVar.getContext();
+        Var var = baseVar.getVar();
+        for (LoadField load : var.getLoadFields()) {
+            Var toVar = load.getLValue();
+            JField field = load.getFieldRef().resolveNullable();
+            if (propTypes.isAllowed(toVar) && field != null) {
+                CSVar to = getCSManager().getCSVar(context, toVar);
+                pts.forEach(baseObj -> {
+                    InstanceField instField = getCSManager().getInstanceField(
+                            baseObj, field);
+                    addPFGEdge(instField, to, //toVar.getType(),
+                            isNonRelay(load) ? FlowKind.NON_RELAY_GET : FlowKind.INSTANCE_LOAD);
+                });
+            }
+        }
+    }
+
+    public void processCallEdge(Edge<CSCallSite, CSMethod> edge) {
+        if (callGraph.addEdge(edge)) {
+            if (edge instanceof ReflectiveCallEdge reflEdge)
+                setVirtualArg(reflEdge);
+            // process new call edge
+            CSMethod csCallee = edge.getCallee();
+            addCSMethod(csCallee);
+            if (edge.getKind() != CallKind.OTHER && !isIgnored(csCallee.getMethod())) {
+                CSCallSite csCallSite = edge.getCallSite();
+                Context callerCtx = edge.getCallSite().getContext();
+                Invoke callSite = edge.getCallSite().getCallSite();
+                Context calleeCtx = csCallee.getContext();
+                JMethod callee = csCallee.getMethod();
+                InvokeExp invokeExp = callSite.getInvokeExp();
+                // pass arguments to parameters
+                for (int i = 0; i < invokeExp.getArgCount(); ++i) {
+                    Var arg = invokeExp.getArg(i);
+                    if (propTypes.isAllowed(arg)) {
+                        Var param = callee.getIR().getParam(i);
+                        CSVar argVar = getCSManager().getCSVar(callerCtx, arg);
+                        CSVar paramVar = getCSManager().getCSVar(calleeCtx, param);
+                        addPFGEdge(argVar, paramVar, FlowKind.PARAMETER_PASSING);
+                    }
+                }
+                // pass results to LHS variable
+                Var lhs = callSite.getResult();
+                if (!ContainerAccessHandler.CutReturnEdge(lhs, callee) || recoveredCallSites.contains(csCallSite)) {
+                    if (lhs != null && propTypes.isAllowed(lhs)) {
+                        CSVar csLHS = getCSManager().getCSVar(callerCtx, lhs);
+                        for (Var ret : callee.getIR().getReturnVars()) {
+                            if (propTypes.isAllowed(ret) && !cutReturnVars.contains(ret)) {
+                                CSVar csRet = getCSManager().getCSVar(calleeCtx, ret);
+                                addPFGEdge(csRet, csLHS, FlowKind.RETURN);
+                            }
+                        }
+                    }
+                }
+            }
+            plugin.onNewCallEdge(edge);
+        }
+    }
+
+    public void addPFGEdge(Pointer source, Pointer target, FlowKind kind, Set<Transfer> transfers) {
+        PointerFlowEdge edge = new PointerFlowEdge(kind, source, target);
+        if (pointerFlowGraph.addEdge(edge) != null) {
+            PointsToSet sourceSet = getPointsToSetOf(source);
+            PointsToSet targetSet = makePointsToSet();
+            transfers.forEach(transfer -> {
+                if (edge.addTransfer(transfer)) {
+                    PointsToSet transferSet = transfer.apply(edge, sourceSet);
+                    targetSet.addAll(transferSet);
+                }
+            });
+            if (!targetSet.isEmpty())
+                addPointsTo(target, targetSet);
+            plugin.onNewPFGEdge(edge);
+        }
+    }
+
+    @Override
+    public void addPFGEdge(PointerFlowEdge edge, Transfer transfer) {
+        edge = pointerFlowGraph.addEdge(edge);
+        if (edge != null) {
+            if (edge.addTransfer(transfer)) {
+                PointsToSet targetSet = transfer.apply(edge, getPointsToSetOf(edge.source()));
+                if (!targetSet.isEmpty())
+                    addPointsTo(edge.target(), targetSet);
+            }
+            plugin.onNewPFGEdge(edge);
+        }
+    }
+
+    public void addSetStmtEntry(CSMethod csMethod, SetStatement setStmt) {
+        workList.addSetStmtEntry(csMethod, setStmt);
+    }
+
+    public void addGetStmtEntry(CSMethod csMethod, GetStatement getStmt) {
+        workList.addGetStmtEntry(csMethod, getStmt);
+    }
+
+    public void addHostEntry(Pointer pointer, HostKind kind, PointsToSet hostSet) {
+        if (!hostSet.isEmpty())
+            workList.addHostEntry(pointer, kind, hostSet);
+    }
+
+    public void addCutReturnVar(Var ret) {
+        cutReturnVars.add(ret);
+    }
+
+    public void addSelectedMethod(JMethod method) { selectedMethods.add(method); }
+
+    public Set<JMethod> getInvolvedMethods() {
+        return selectedMethods;
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/core/solver/DefaultSolver.java b/src/main/java/pascal/taie/analysis/pta/core/solver/DefaultSolver.java
index f0313dce3..fa9062bdf 100644
--- a/src/main/java/pascal/taie/analysis/pta/core/solver/DefaultSolver.java
+++ b/src/main/java/pascal/taie/analysis/pta/core/solver/DefaultSolver.java
@@ -122,7 +122,7 @@ public class DefaultSolver implements Solver {
 
     private final PointsToSetFactory ptsFactory;
 
-    private final PropagateTypes propTypes;
+    protected final PropagateTypes propTypes;
 
     /**
      * Whether only analyzes application code.
@@ -141,27 +141,27 @@ public class DefaultSolver implements Solver {
      */
     private volatile boolean isTimeout;
 
-    private Plugin plugin;
+    protected Plugin plugin;
 
-    private WorkList workList;
+    protected WorkList workList;
 
-    private CSCallGraph callGraph;
+    protected CSCallGraph callGraph;
 
-    private PointerFlowGraph pointerFlowGraph;
+    protected PointerFlowGraph pointerFlowGraph;
 
-    private Set<JMethod> reachableMethods;
+    protected Set<JMethod> reachableMethods;
 
     /**
      * Set of classes that have been initialized.
      */
-    private Set<JClass> initializedClasses;
+    protected Set<JClass> initializedClasses;
 
     /**
      * Set of methods to be intercepted and ignored.
      */
-    private Set<JMethod> ignoredMethods;
+    protected Set<JMethod> ignoredMethods;
 
-    private StmtProcessor stmtProcessor;
+    protected StmtProcessor stmtProcessor;
 
     private PointerAnalysisResult result;
 
@@ -174,6 +174,7 @@ public DefaultSolver(AnalysisOptions options, HeapModel heapModel,
         this.csManager = csManager;
         hierarchy = World.get().getClassHierarchy();
         typeSystem = World.get().getTypeSystem();
+        callGraph = new CSCallGraph(csManager);
         ptsFactory = new PointsToSetFactory(csManager.getObjectIndexer());
         propTypes = new PropagateTypes(
                 (List<String>) options.get("propagate-types"),
@@ -251,8 +252,7 @@ public void solve() {
     /**
      * Initializes pointer analysis.
      */
-    private void initialize() {
-        callGraph = new CSCallGraph(csManager);
+    protected void initialize() {
         pointerFlowGraph = new PointerFlowGraph(csManager);
         workList = new WorkList();
         reachableMethods = Sets.newSet();
@@ -304,7 +304,7 @@ private void stop() {
     /**
      * Processes work list entries until the work list is empty.
      */
-    private void analyze() {
+    protected void analyze() {
         while (!workList.isEmpty() && !isTimeout) {
             // phase starts
             while (!workList.isEmpty() && !isTimeout) {
@@ -340,7 +340,7 @@ private void analyze() {
      * Propagates pointsToSet to pt(pointer) and its PFG successors,
      * returns the difference set of pointsToSet and pt(pointer).
      */
-    private PointsToSet propagate(Pointer pointer, PointsToSet pointsToSet) {
+    protected PointsToSet propagate(Pointer pointer, PointsToSet pointsToSet) {
         logger.trace("Propagate {} to {}", pointsToSet, pointer);
         Set<Predicate<CSObj>> filters = pointer.getFilters();
         if (!filters.isEmpty()) {
@@ -400,7 +400,8 @@ private void processInstanceLoad(CSVar baseVar, PointsToSet pts) {
                 JField field = load.getFieldRef().resolve();
                 pts.forEach(baseObj -> {
                     if (baseObj.getObject().isFunctional()) {
-                        InstanceField instField = csManager.getInstanceField(baseObj, field);
+                        InstanceField instField = csManager.getInstanceField(
+                                baseObj, field);
                         addPFGEdge(instField, to, FlowKind.INSTANCE_LOAD);
                     }
                 });
@@ -414,7 +415,7 @@ private void processInstanceLoad(CSVar baseVar, PointsToSet pts) {
      * @param arrayVar the array variable
      * @param pts      set of new discovered arrays pointed by the variable.
      */
-    private void processArrayStore(CSVar arrayVar, PointsToSet pts) {
+    protected void processArrayStore(CSVar arrayVar, PointsToSet pts) {
         Context context = arrayVar.getContext();
         Var var = arrayVar.getVar();
         for (StoreArray store : var.getStoreArrays()) {
@@ -441,7 +442,7 @@ private void processArrayStore(CSVar arrayVar, PointsToSet pts) {
      * @param arrayVar the array variable
      * @param pts      set of new discovered arrays pointed by the variable.
      */
-    private void processArrayLoad(CSVar arrayVar, PointsToSet pts) {
+    protected void processArrayLoad(CSVar arrayVar, PointsToSet pts) {
         Context context = arrayVar.getContext();
         Var var = arrayVar.getVar();
         for (LoadArray load : var.getLoadArrays()) {
@@ -464,7 +465,7 @@ private void processArrayLoad(CSVar arrayVar, PointsToSet pts) {
      * @param recv the receiver variable
      * @param pts  set of new discovered objects pointed by the variable.
      */
-    private void processCall(CSVar recv, PointsToSet pts) {
+    protected void processCall(CSVar recv, PointsToSet pts) {
         Context context = recv.getContext();
         Var var = recv.getVar();
         for (Invoke callSite : var.getInvokes()) {
@@ -531,7 +532,7 @@ private void processCallEdge(Edge<CSCallSite, CSMethod> edge) {
         }
     }
 
-    private boolean isIgnored(JMethod method) {
+    protected boolean isIgnored(JMethod method) {
         return ignoredMethods.contains(method) ||
                 onlyApp && !method.isApplication();
     }
@@ -546,7 +547,7 @@ private void processNewMethod(JMethod method) {
         }
     }
 
-    private class StmtProcessor {
+    protected class StmtProcessor {
 
         /**
          * Information shared by all visitors.
diff --git a/src/main/java/pascal/taie/analysis/pta/core/solver/PointerFlowGraph.java b/src/main/java/pascal/taie/analysis/pta/core/solver/PointerFlowGraph.java
index 5375fb9a7..5279dfe7e 100644
--- a/src/main/java/pascal/taie/analysis/pta/core/solver/PointerFlowGraph.java
+++ b/src/main/java/pascal/taie/analysis/pta/core/solver/PointerFlowGraph.java
@@ -22,6 +22,7 @@
 
 package pascal.taie.analysis.pta.core.solver;
 
+import pascal.taie.analysis.graph.flowgraph.FlowEdge;
 import pascal.taie.analysis.graph.flowgraph.FlowKind;
 import pascal.taie.analysis.pta.core.cs.element.CSManager;
 import pascal.taie.analysis.pta.core.cs.element.Pointer;
@@ -33,6 +34,7 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+
 /**
  * Represents pointer flow graph in context-sensitive pointer analysis.
  */
@@ -59,9 +61,7 @@ public PointerFlowEdge addEdge(PointerFlowEdge edge) {
     }
 
     @Override
-    public Set<? extends Edge<Pointer>> getInEdgesOf(Pointer node) {
-        throw new UnsupportedOperationException();
-    }
+    public Set<PointerFlowEdge> getInEdgesOf(Pointer node) { return node.getInEdges(); }
 
     @Override
     public Set<PointerFlowEdge> getOutEdgesOf(Pointer pointer) {
@@ -74,7 +74,8 @@ public Stream<Pointer> pointers() {
 
     @Override
     public Set<Pointer> getPredsOf(Pointer node) {
-        throw new UnsupportedOperationException();
+        return Views.toMappedSet(node.getInEdges(),
+                PointerFlowEdge::target);
     }
 
     @Override
diff --git a/src/main/java/pascal/taie/analysis/pta/core/solver/WorkList.java b/src/main/java/pascal/taie/analysis/pta/core/solver/WorkList.java
index 780fdb1fe..143cc44f3 100644
--- a/src/main/java/pascal/taie/analysis/pta/core/solver/WorkList.java
+++ b/src/main/java/pascal/taie/analysis/pta/core/solver/WorkList.java
@@ -26,6 +26,8 @@
 import pascal.taie.analysis.pta.core.cs.element.CSCallSite;
 import pascal.taie.analysis.pta.core.cs.element.CSMethod;
 import pascal.taie.analysis.pta.core.cs.element.Pointer;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.HostKind;
+import pascal.taie.analysis.pta.plugin.cutshortcut.field.*;
 import pascal.taie.analysis.pta.pts.PointsToSet;
 import pascal.taie.util.collection.Maps;
 
@@ -38,7 +40,6 @@
  * Represents work list in pointer analysis.
  */
 final class WorkList {
-
     /**
      * Pointer entries to be processed.
      */
@@ -49,6 +50,13 @@ final class WorkList {
      */
     private final Queue<Edge<CSCallSite, CSMethod>> callEdges = new ArrayDeque<>();
 
+    // Additional work lists for cut-shortcut analysis
+    private final Queue<HostEntry> hostEntries = new ArrayDeque<>();
+
+    private final Queue<SetStmtEntry> setStmtEntries = new ArrayDeque<>();
+
+    private final Queue<GetStmtEntry>  getStmtEntries = new ArrayDeque<>();
+
     void addEntry(Pointer pointer, PointsToSet pointsToSet) {
         PointsToSet set = pointerEntries.get(pointer);
         if (set != null) {
@@ -66,19 +74,27 @@ Entry pollEntry() {
         if (!callEdges.isEmpty()) {
             // for correctness, we need to ensure that any call edges in
             // the work list must be processed prior to the pointer entries
-            return new CallEdgeEntry(callEdges.poll());
-        } else if (!pointerEntries.isEmpty()) {
+            return new WorkList.CallEdgeEntry(callEdges.poll());
+        }
+        else if (!pointerEntries.isEmpty()) {
             var it = pointerEntries.entrySet().iterator();
             var e = it.next();
             it.remove();
-            return new PointerEntry(e.getKey(), e.getValue());
-        } else {
-            throw new NoSuchElementException();
+            return new WorkList.PointerEntry(e.getKey(), e.getValue());
         }
+        else if (!setStmtEntries.isEmpty())
+            return setStmtEntries.poll();
+        else if (!getStmtEntries.isEmpty())
+            return getStmtEntries.poll();
+        else if (!hostEntries.isEmpty())
+            return hostEntries.poll();
+        else
+            throw new NoSuchElementException();
     }
 
     boolean isEmpty() {
-        return pointerEntries.isEmpty() && callEdges.isEmpty();
+        return pointerEntries.isEmpty() && hostEntries.isEmpty() && callEdges.isEmpty()
+                && setStmtEntries.isEmpty() && getStmtEntries.isEmpty();
     }
 
     interface Entry {
@@ -91,4 +107,28 @@ record PointerEntry(Pointer pointer, PointsToSet pointsToSet)
     record CallEdgeEntry(Edge<CSCallSite, CSMethod> edge)
             implements Entry {
     }
+
+    record HostEntry(Pointer pointer, HostKind kind, PointsToSet hostSet)
+            implements WorkList.Entry {
+    }
+
+    record SetStmtEntry(CSMethod csMethod, SetStatement setStmt)
+            implements WorkList.Entry {
+    }
+
+    record GetStmtEntry(CSMethod csMethod, GetStatement getStmt)
+            implements WorkList.Entry {
+    }
+
+    void addHostEntry(Pointer pointer, HostKind kind, PointsToSet hostSet) {
+        hostEntries.add(new HostEntry(pointer, kind, hostSet));
+    }
+
+    void addSetStmtEntry(CSMethod csMethod, SetStatement setStmt) {
+        setStmtEntries.add(new SetStmtEntry(csMethod, setStmt));
+    }
+
+    void addGetStmtEntry(CSMethod csMethod, GetStatement getStmt) {
+        getStmtEntries.add(new GetStmtEntry(csMethod, getStmt));
+    }
 }
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/CompositePlugin.java b/src/main/java/pascal/taie/analysis/pta/plugin/CompositePlugin.java
index 657c2de62..0b82f0edc 100644
--- a/src/main/java/pascal/taie/analysis/pta/plugin/CompositePlugin.java
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/CompositePlugin.java
@@ -76,6 +76,10 @@ public void addPlugin(Plugin... plugins) {
         }
     }
 
+    public final List<Plugin> getAllPlugins() {
+        return allPlugins;
+    }
+
     private void addPlugin(Plugin plugin, List<Plugin> plugins,
                            String name, Class<?>... parameterTypes) {
         try {
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/Plugin.java b/src/main/java/pascal/taie/analysis/pta/plugin/Plugin.java
index 2886a1c07..3704b0ee1 100644
--- a/src/main/java/pascal/taie/analysis/pta/plugin/Plugin.java
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/Plugin.java
@@ -28,6 +28,7 @@
 import pascal.taie.analysis.pta.core.cs.element.CSMethod;
 import pascal.taie.analysis.pta.core.cs.element.CSObj;
 import pascal.taie.analysis.pta.core.cs.element.CSVar;
+import pascal.taie.analysis.pta.core.solver.PointerFlowEdge;
 import pascal.taie.analysis.pta.core.solver.Solver;
 import pascal.taie.analysis.pta.pts.PointsToSet;
 import pascal.taie.ir.stmt.Invoke;
@@ -129,4 +130,12 @@ default void onNewCSMethod(CSMethod csMethod) {
      */
     default void onUnresolvedCall(CSObj recv, Context context, Invoke invoke) {
     }
+
+    /**
+     * Invoked when pointer analysis discover a new PFG Edge
+     *
+     * @param edge    the new created PFG edge
+     */
+    default void onNewPFGEdge(PointerFlowEdge edge) {
+    }
 }
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/ResultProcessor.java b/src/main/java/pascal/taie/analysis/pta/plugin/ResultProcessor.java
index 95721aae3..f5a5cfd2d 100644
--- a/src/main/java/pascal/taie/analysis/pta/plugin/ResultProcessor.java
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/ResultProcessor.java
@@ -108,16 +108,17 @@ public static void process(AnalysisOptions options,
 
         boolean taintEnabled = options.getString("taint-config") != null
                 || !((List<String>) options.get("taint-config-providers")).isEmpty();
+        boolean onlyDumpApp = options.getBoolean("only-dump-app");
         if (options.getBoolean("dump")) {
             dumpPointsToSet(result, taintEnabled);
         }
 
         if (options.getBoolean("dump-ci")) {
-            dumpCIPointsToSet(result);
+            dumpCIPointsToSet(result, onlyDumpApp);
         }
 
         if (options.getBoolean("dump-yaml")) {
-            dumpPointsToSetInYaml(result);
+            dumpPointsToSetInYaml(result, onlyDumpApp);
         }
 
         String expectedFile = options.getString("expected-file");
@@ -198,7 +199,7 @@ private static void dumpPointers(
         out.println();
     }
 
-    private static void dumpPointsToSetInYaml(PointerAnalysisResult result) {
+    private static void dumpPointsToSetInYaml(PointerAnalysisResult result, boolean onlyDumpApp) {
         File outFile = new File(World.get().getOptions().getOutputDir(), RESULTS_YAML_FILE);
         logger.info("Dumping points-to set (with contexts) in YAML to {}",
                 outFile.getAbsolutePath());
@@ -220,6 +221,7 @@ private static void dumpPointsToSetInYaml(PointerAnalysisResult result) {
         //            - "[]:NewObj{<A: A m()>[0@L1] new A}"
         final var variables = result.getCSVars()
                 .stream()
+                .filter(csVar -> !onlyDumpApp || csVar.getVar().getMethod().isApplication())
                 .collect(Collectors.groupingBy(csVar -> csVar.getVar().getMethod().getSignature(),
                         Maps::newOrderedMap,
                         Collectors.collectingAndThen(
@@ -250,6 +252,7 @@ private static void dumpPointsToSetInYaml(PointerAnalysisResult result) {
         //        - "[]:NewObj{<A: A m()>[0@L1] new String}"
         final var staticFields = result.getStaticFields()
                 .stream()
+                .filter(staticField -> !onlyDumpApp || staticField.getField().isApplication())
                 .collect(Collectors.groupingBy(sField -> sField.getField().getDeclaringClass().getName(),
                         Maps::newOrderedMap,
                         Collectors.mapping(sField -> Maps.ofLinkedHashMap(
@@ -268,6 +271,7 @@ private static void dumpPointsToSetInYaml(PointerAnalysisResult result) {
         //            - "[]:NewObj{<A: A m()>[0@L1] new String}"
         final var instanceFields = result.getInstanceFields()
                 .stream()
+                .filter(instanceField -> !onlyDumpApp || instanceField.getField().isApplication())
                 .collect(Collectors.groupingBy(iField -> iField.getBase().getObject(),
                                 () -> Maps.newOrderedMap(objComparator),
                                 Collectors.collectingAndThen(
@@ -297,6 +301,7 @@ private static void dumpPointsToSetInYaml(PointerAnalysisResult result) {
         //        - "ConstantObj{java.lang.String: \"hello\"}"
         final var arrayIndexes = result.getArrayIndexes()
                 .stream()
+                .filter(arrayIndex -> !onlyDumpApp || (arrayIndex.getArray().getObject().getContainerMethod().isPresent() && arrayIndex.getArray().getObject().getContainerMethod().get().isApplication()))
                 .collect(Collectors.groupingBy(ai -> ai.getArray().getObject(),
                              () -> Maps.newOrderedMap(objComparator),
                              Collectors.collectingAndThen(
@@ -334,7 +339,7 @@ private static void dumpPointsToSetInYaml(PointerAnalysisResult result) {
     /**
      * Dumps points-to sets for all variables (without contexts).
      */
-    private static void dumpCIPointsToSet(PointerAnalysisResult result) {
+    private static void dumpCIPointsToSet(PointerAnalysisResult result, boolean onlyDumpApp) {
         File outFile = new File(World.get().getOptions().getOutputDir(), CI_RESULTS_FILE);
         try (PrintStream out = new PrintStream(new FileOutputStream(outFile))) {
             logger.info("Dumping points-to set (without contexts) to {}",
@@ -343,6 +348,7 @@ private static void dumpCIPointsToSet(PointerAnalysisResult result) {
                     v -> v.getMethod().toString() + '/' + v.getName();
             result.getVars()
                     .stream()
+                    .filter(v -> !onlyDumpApp || v.getMethod().isApplication())
                     .sorted(Comparator.comparing(toString))
                     .forEach(v -> {
                         Set<Obj> pts = result.getPointsToSet(v);
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/ReflectiveEdgeProperty.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/ReflectiveEdgeProperty.java
new file mode 100644
index 000000000..f765faa3d
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/ReflectiveEdgeProperty.java
@@ -0,0 +1,44 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut;
+
+import pascal.taie.analysis.pta.plugin.reflection.ReflectiveCallEdge;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.language.type.ArrayType;
+import pascal.taie.util.collection.Maps;
+
+import java.util.Map;
+
+import static pascal.taie.analysis.pta.core.solver.CutShortcutSolver.isConcerned;
+
+public class ReflectiveEdgeProperty {
+    // used for Cut-Shortcut
+    public enum ReflectiveCallKind {
+        NEW_INSTANCE, // r = c.newInstance(args), r is the baseVar
+        METHOD_INVOKE, // r = m.invoke(obj, args): m is a instance of class method, and obj is a instance of m's declaring method,
+        // args is a variable of array type which stores the argument of m in order
+    }
+
+    private static final Map<ReflectiveCallEdge, ReflectiveCallKind> reflectiveCallKindMap = Maps.newMap();
+
+    private static final Map<ReflectiveCallEdge, Var> reflectiveCallVirtualArgMap = Maps.newMap();
+
+    public static void setReflectiveKind(ReflectiveCallEdge reflectiveCallEdge, ReflectiveCallKind kind) {
+        reflectiveCallKindMap.put(reflectiveCallEdge, kind);
+    }
+
+    public static ReflectiveCallKind getReflectiveKind(ReflectiveCallEdge reflectiveCallEdge) {
+        return reflectiveCallKindMap.get(reflectiveCallEdge);
+    }
+
+    public static void setVirtualArg(ReflectiveCallEdge reflectiveCallEdge) {
+        Var args = reflectiveCallEdge.getArgs();
+        if (args != null && isConcerned(args)) {
+            Var virtualArg = new Var(args.getMethod(), "VirtualArg", ((ArrayType) args.getType()).elementType(), -1);
+            SpecialVariables.setVirtualVar(virtualArg);
+            reflectiveCallVirtualArgMap.put(reflectiveCallEdge, virtualArg);
+        }
+    }
+
+    public static Var getVirtualArg(ReflectiveCallEdge reflectiveCallEdge) {
+        return reflectiveCallVirtualArgMap.getOrDefault(reflectiveCallEdge, null);
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/SpecialVariables.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/SpecialVariables.java
new file mode 100644
index 000000000..8efe9c0b7
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/SpecialVariables.java
@@ -0,0 +1,52 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut;
+
+import pascal.taie.analysis.pta.plugin.cutshortcut.field.ParameterIndex;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.ir.stmt.LoadField;
+import pascal.taie.util.collection.Maps;
+import pascal.taie.util.collection.Sets;
+
+import java.util.Map;
+import java.util.Set;
+
+public class SpecialVariables {
+    private static final Set<Var> definedVars = Sets.newSet();
+
+    private static final Set<Var> virtualVars = Sets.newSet();
+
+    private static final Map<Var, ParameterIndex> definedParameterIndexes = Maps.newMap();
+
+    private static final Set<LoadField> relayedLoadFields = Sets.newSet();
+
+    public static void setDefined(Var var) {
+        definedVars.add(var);
+    }
+
+    public static boolean isDefined(Var var) {
+        return definedVars.contains(var);
+    }
+
+    public static void setVirtualVar(Var var) {
+        virtualVars.add(var);
+    }
+
+    public static boolean isVirtualVar(Var var) {
+        return virtualVars.contains(var);
+    }
+
+    public static void setParameterIndex(Var param, ParameterIndex index) {
+        definedParameterIndexes.put(param, index);
+    }
+
+    public static ParameterIndex getParameterIndex(Var param) {
+        return definedParameterIndexes.get(param);
+    }
+
+    public static void disableRelay(LoadField loadField) {
+        relayedLoadFields.add(loadField);
+    }
+
+    public static boolean isNonRelay(LoadField loadField) {
+        return relayedLoadFields.contains(loadField);
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ClassAndTypeClassifier.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ClassAndTypeClassifier.java
new file mode 100644
index 000000000..3e46df1b3
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ClassAndTypeClassifier.java
@@ -0,0 +1,56 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container;
+
+import pascal.taie.World;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ContainerType;
+import pascal.taie.language.classes.ClassHierarchy;
+import pascal.taie.language.classes.JClass;
+import pascal.taie.language.type.Type;
+import pascal.taie.language.type.TypeSystem;
+
+public class ClassAndTypeClassifier {
+    private static final ClassHierarchy hierarchy = World.get().getClassHierarchy();
+    private static final TypeSystem typeSystem = World.get().getTypeSystem();
+
+    private static final JClass mapClass = hierarchy.getClass("java.util.Map");
+    private static final JClass mapEntryClass = hierarchy.getClass("java.util.Map$Entry");
+    private static final JClass collectionClass = hierarchy.getClass("java.util.Collection");
+    private static final JClass iteratorClass = hierarchy.getClass("java.util.Iterator");
+
+    private static final Type hashtableType = typeSystem.getType("java.util.Hashtable");
+    private static final Type vectorType = typeSystem.getType("java.util.Vector");
+
+    public static ContainerType ClassificationOf(Type type) {
+        JClass clz = hierarchy.getClass(type.getName());
+        return ClassificationOf(clz);
+    }
+
+    public static ContainerType ClassificationOf(JClass clz) {
+        if (clz == null)
+            return ContainerType.OTHER;
+        else if (hierarchy.isSubclass(mapClass, clz))
+            return ContainerType.MAP;
+        else if (hierarchy.isSubclass(collectionClass, clz))
+            return ContainerType.COLLECTION;
+        else if (hierarchy.isSubclass(iteratorClass, clz))
+            return ContainerType.ITER;
+        return ContainerType.OTHER;
+    }
+
+    public static JClass getOuterClass(JClass inner) {
+        if (inner != null && inner.hasOuterClass())
+            inner = inner.getOuterClass();
+        return inner;
+    }
+
+    public static boolean isVectorType(Type vector) {
+        return typeSystem.isSubtype(vectorType, vector);
+    }
+
+    public static boolean isHashtableType(Type hashtable) {
+        return typeSystem.isSubtype(hashtableType, hashtable);
+    }
+
+    public static boolean isMapEntryClass(JClass entry) {
+        return hierarchy.isSubclass(mapEntryClass, entry);
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ContainerAccessHandler.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ContainerAccessHandler.java
new file mode 100644
index 000000000..ff32346f0
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ContainerAccessHandler.java
@@ -0,0 +1,634 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container;
+
+import pascal.taie.analysis.graph.callgraph.CallGraph;
+import pascal.taie.analysis.graph.callgraph.CallKind;
+import pascal.taie.analysis.graph.callgraph.Edge;
+import pascal.taie.analysis.graph.flowgraph.FlowKind;
+import pascal.taie.analysis.pta.core.cs.context.Context;
+import pascal.taie.analysis.pta.core.cs.element.*;
+import pascal.taie.analysis.pta.core.heap.HeapModel;
+import pascal.taie.analysis.pta.core.heap.Obj;
+import pascal.taie.analysis.pta.core.solver.CutShortcutSolver;
+import pascal.taie.analysis.pta.core.solver.PointerFlowEdge;
+import pascal.taie.analysis.pta.core.solver.Solver;
+import pascal.taie.analysis.pta.plugin.Plugin;
+import pascal.taie.analysis.pta.plugin.cutshortcut.SpecialVariables;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ContExitCategory;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ExtendType;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.HostKind;
+import pascal.taie.analysis.pta.pts.PointsToSet;
+import pascal.taie.ir.exp.InvokeExp;
+import pascal.taie.ir.exp.InvokeInstanceExp;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.ir.stmt.Cast;
+import pascal.taie.ir.stmt.Invoke;
+import pascal.taie.ir.stmt.New;
+import pascal.taie.language.classes.JMethod;
+import pascal.taie.language.type.ArrayType;
+import pascal.taie.language.type.ClassType;
+import pascal.taie.language.type.Type;
+import pascal.taie.language.type.TypeSystem;
+import pascal.taie.util.AnalysisException;
+import pascal.taie.util.collection.*;
+
+import java.util.Collections;
+import java.util.Set;
+
+import static pascal.taie.analysis.pta.core.solver.CutShortcutSolver.isConcerned;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.ClassAndTypeClassifier.*;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ContExitCategory.*;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.HostKind.*;
+// ToDo: 其它自定义AbstractList类型，尤其是匿名内部类，实现了自定义get等方法
+public class ContainerAccessHandler implements Plugin {
+    private CutShortcutSolver solver;
+
+    private CSManager csManager;
+
+    private TypeSystem typeSystem;
+
+    private HostManager hostManager;
+
+    private HeapModel heapModel;
+
+    private CallGraph<CSCallSite, CSMethod> callGraph;
+
+    private ContainerConfig config;
+
+    private final Set<HostKind> ContKindsInterested = Set.of(COL, MAP_KEY_SET, MAP_VALUES, MAP_ENTRY_SET);
+    private final MultiMap<Pair<HostKind, CSVar>, Pair<HostKind, CSVar>> HostPropagater = Maps.newMultiMap();
+
+    // The first key type of pointerHostListMap may not only be ''CSVar'':
+    // a container field of a object obj.list (InstanceField) may also point-to container object.
+    private final TwoKeyMap<Pointer, HostKind, PointsToSet> pointerHostListMap = Maps.newTwoKeyMap(); // ptsH
+
+    // for Col-Value, Map-Value, Map-key exit calledge e: <c, l: r = v.get(..)> => <c^t, m>, add <c, v> -> <l, category>
+    private final MultiMap<CSVar, Pair<Invoke, ContExitCategory>> cachedContExitValues = Maps.newMultiMap();
+    // for MapEntry-GetKey(Map-Key), MapEntry-GetValue(Map-Value), Iterator-next/previous/nextElement(Col-Value) l: r = v.next(..), add <c, v> -> <l, hostkind, category>
+    private final MultiMap<CSVar, Triplet<Invoke, HostKind, ContExitCategory>> cachedIterExitValues = Maps.newMultiMap();
+    // \for v = new ArrayList(), l: r = v.get(0) => ArrayList.get, <c', o> \in pts(<c, v>), <c', o> => <c, l> \in hostToExit
+    private final MultiMap<CSObj, CSCallSite> hostToExits = Maps.newMultiMap();
+
+    // assist worklist method to handle container extender
+    private final MultiMap<CSVar, Var> ExtenderAddedToBase = Maps.newMultiMap(); // for <c, l: v.addAll(v1)>, add v to <c, v1>
+    private final MultiMap<CSVar, Var> ExtenderBaseToAdded = Maps.newMultiMap(); // for <c, l: v.addAll(v1)>, add v1 to <c, v>
+
+    // process ArrayInitializer, l: add(v_d, v_s), where v_s is array, v_d is collection, for worklist, add a temp variable arr_l
+    private final MultiMap<Var, Var> ArrayVarToVirtualArrayVar = Maps.newMultiMap(); // v_s --> arr_l
+    private final MultiMap<Var, Var> CollectionVarToVirtualArrayVar = Maps.newMultiMap(); // v_d --> arr_l
+
+    // We only model common container access. For user-defined container type like CustomArrayList, we usually ignore because they may define other entrance and exit method.
+    // For example, CustomArrayList.addAnObject, getAnObject. Since we have not model it, soundness issue could occur.
+    // But, there is [Entrance-Extend] method like List.addAll. If v is ArrayList, v.addAll(customArrayList). Where customArrayList may miss some src/dst variables.
+    // After propagate to v, v can not be soundly modeled.
+    // Hence here, taintHosts records those container objects whose type is modeled but may be influenced by unmodeled type container var like v.
+    private final Set<CSObj> taintHosts = Sets.newSet();
+
+    // Collect those var whose type is Map.Entry
+    private static final Set<Var> MapEntryVar = Sets.newSet();
+
+    public void setSolver(Solver solver) {
+        if (solver instanceof CutShortcutSolver cutShortcutSolver) {
+            this.solver = cutShortcutSolver;
+            csManager = solver.getCSManager();
+            typeSystem = solver.getTypeSystem();
+            callGraph = solver.getCallGraph();
+            heapModel = solver.getHeapModel();
+            config = ContainerConfig.config;
+            hostManager = new HostManager(csManager);
+        }
+        else
+            throw new AnalysisException("Invalid solver!");
+    }
+
+    @Override
+    public void onNewMethod(JMethod method) {
+        method.getIR().forEach(stmt -> {
+            if (stmt instanceof Cast castStmt) {
+                Type castType = castStmt.getRValue().getCastType();
+                if (castType instanceof ClassType classType && isMapEntryClass(classType.getJClass()))
+                    MapEntryVar.add(castStmt.getRValue().getValue());
+            }
+        });
+    }
+
+    @Override
+    public void onNewCSMethod(CSMethod csMethod) {
+        Context context = csMethod.getContext();
+        JMethod method = csMethod.getMethod();
+        method.getIR().forEach(stmt -> {
+            if (stmt instanceof New newStmt) {
+                Obj obj = heapModel.getObj(newStmt);
+                Type objType = obj.getType();
+                // called in Map.keySet()/values(), lhs = new KeySet()/values()
+                if (!method.isStatic()) {
+                    CSVar csThis = csManager.getCSVar(context, method.getIR().getThis());
+                    CSVar csLHS = csManager.getCSVar(context, newStmt.getLValue());
+                    if (config.isKeySetClass(objType))
+                        HostPropagater.put(new Pair<>(HostKind.MAP, csThis), new Pair<>(MAP_KEY_SET, csLHS));
+                    else if (config.isValueSetClass(objType))
+                        HostPropagater.put(new Pair<>(HostKind.MAP, csThis), new Pair<>(MAP_VALUES, csLHS));
+                }
+            }
+        });
+    }
+
+    // <c, l: r = v.k(l_a1, ...)> --> <c^t, m>
+    @Override
+    public void onNewCallEdge(Edge<CSCallSite, CSMethod> edge) {
+        if (edge.getKind() == CallKind.OTHER)
+            return;
+        CSCallSite csCallSite = edge.getCallSite();
+        CSMethod csCallee = edge.getCallee(); // <c^t, m>
+        Invoke callSite = csCallSite.getCallSite(); // l
+        JMethod callee = csCallee.getMethod(); // m
+        Context callSiteContext = csCallSite.getContext(); // c
+        InvokeExp invokeExp = callSite.getInvokeExp(); // r = v.k(l_a1, ...)
+
+        if (invokeExp instanceof InvokeInstanceExp instanceExp) {
+            Var base = instanceExp.getBase(); // v
+            CSVar csBase = csManager.getCSVar(callSiteContext, base); // <c, v>
+            CSVar csThis = csManager.getCSVar(csCallee.getContext(), callee.getIR().getThis()); // <c^t, m_this>
+
+            // propagate ptsH to callee this
+            ContKindsInterested.forEach(hostKind -> {
+                PointsToSet baseHostMap = pointerHostListMap.getOrDefault(csBase, hostKind, null);
+                if (baseHostMap != null && !baseHostMap.isEmpty()) {
+                    solver.addHostEntry(csThis, hostKind, baseHostMap);
+                    HostPropagater.put(new Pair<>(hostKind, csBase), new Pair<>(hostKind, csThis));
+                }
+            });
+
+            // Array Initializer
+            Pair<Integer, Integer> arrayInitInfo = config.getArrayInitializer(callee);
+            if (arrayInitInfo != null) {
+                solver.addSelectedMethod(callee);
+                processArrayInitializer(csCallSite, arrayInitInfo, instanceExp);
+            }
+            // callee is [Container Entrance-Append] like v.add(E)
+            Set<Pair<ContExitCategory, Integer>> categoryIndexPairs = config.getEntranceAppendIndex(callee);
+            if (!categoryIndexPairs.isEmpty())
+                pointerHostListMap.getOrDefault(csBase, Collections.emptyMap()).forEach((hostKind, hostSet) ->
+                        relateSourceToHosts(csCallSite, csCallee, categoryIndexPairs, hostSet));
+
+            // callee is [Container Entrance-Extend] like v.addAll(list)
+            Pair<ExtendType, Integer> entranceExtendIndex = config.getEntranceExtendIndex(callee);
+            if (entranceExtendIndex != null) {
+                solver.addSelectedMethod(callee);
+                ExtendType extendType = entranceExtendIndex.first();
+                Var addedContainer = instanceExp.getArg(entranceExtendIndex.second());
+                processEntranceExtend(csBase, addedContainer, extendType);
+            }
+
+            // callee is [Container Exit]
+            Var lhs = callSite.getLValue();
+            if (lhs != null && isConcerned(lhs)) {
+                // Standard container-element exit method, like l: r = v.get(i);, v is Collection/Map
+                ContExitCategory exitCategory = config.getContainerExitCategory(callee);
+                if (exitCategory != null) {
+                    solver.addSelectedMethod(callee);
+                    cachedContExitValues.put(csBase, new Pair<>(callSite, exitCategory)); // prepare for new worklist entry
+                    addTargetToAllHost(csBase, exitCategory == ColValue ? COL : HostKind.MAP, csCallSite, exitCategory, true);
+                }
+
+                // MapEntry exit method, l: r = v.getKey(), v is MapEntry
+//                else if (config.isMapEntryGetKeyMethod(callee)) {
+//                    solver.addSelectedMethod(callee);
+//                    addTargetToAllHost(csBase, MAP_ENTRY, csCallSite, MapKey, false);
+//                    cachedIterExitValues.put(csBase, new Triplet<>(callSite, MAP_ENTRY, MapKey));
+//                }
+//                // MapEntry exit method, l: r = v.getValue(), v is MapEntry
+//                else if (config.isMapEntryGetValueMethod(callee)) {
+//                    solver.addSelectedMethod(callee);
+//                    addTargetToAllHost(csBase, MAP_ENTRY, csCallSite, MapValue, false);
+//                    cachedIterExitValues.put(csBase, new Triplet<>(callSite, MAP_ENTRY, MapValue));
+//                }
+                // iterator-element exit method, l: r = v.next()/previous()/nextElement(), v is iterator/enumeration
+                else if (config.isIteratorExitMethods(callee)) {
+                    solver.addSelectedMethod(callee);
+                    /* an example, HashSet.iterator() return HashMap.KeyIterator type.
+                     * vs = new HashSet() {allocate os}, is = vs.iterator(), vsl = is.next();
+                     * vm = new HashMap() {allocate om}, im = vm.keyIterator(), vml = im.next();
+                     * same next call, the former is os --ColValue--> vsl, later is om --KeyValue--> vml, but with same next method
+                     * difference is that is => COL_ITR while im => MAP_KEY_ITR
+                     */
+                    addTargetToAllHost(csBase, MAP_VALUE_ITR, csCallSite, MapValue, false);
+                    cachedIterExitValues.put(csBase, new Triplet<>(callSite, MAP_VALUE_ITR, MapValue));
+                    addTargetToAllHost(csBase, MAP_KEY_ITR, csCallSite, MapKey, false);
+                    cachedIterExitValues.put(csBase, new Triplet<>(callSite, MAP_KEY_ITR, MapKey));
+                    addTargetToAllHost(csBase, COL_ITR, csCallSite, ColValue, false);
+                    cachedIterExitValues.put(csBase, new Triplet<>(callSite, COL_ITR, ColValue));
+                }
+            }
+        }
+    }
+
+    // <c, l: r = v.k(...)> --> <c^t, m>, where m is initializer of array List, l_a0/m_p0 are usually arrays of object
+    private void processArrayInitializer(CSCallSite csCallSite, Pair<Integer, Integer> arrayInitInfo, InvokeInstanceExp instanceExp) {
+        Var arrayVar = instanceExp.getArg(arrayInitInfo.first()), // l_ai, copied array
+            collectionVar = arrayInitInfo.second() == -1 ? instanceExp.getBase(): instanceExp.getArg(arrayInitInfo.second()); // v
+        if (!(arrayVar.getType() instanceof ArrayType))
+            throw new AnalysisException("Not Array Type!");
+        Type elementType = ((ArrayType) arrayVar.getType()).elementType();
+        // virtual var for m
+        Context callSiteContext = csCallSite.getContext();
+        JMethod caller = csCallSite.getCallSite().getContainer();
+        Var virtualArrayVar = new Var(caller,
+                "virtualArrayVar[" + caller.getName() + ", line:" + csCallSite.getCallSite().getLineNumber() +"]",
+                elementType, -1); // arr_arg_caller
+        SpecialVariables.setVirtualVar(virtualArrayVar);
+        ArrayVarToVirtualArrayVar.put(arrayVar, virtualArrayVar); // vs --> arr_l
+        CollectionVarToVirtualArrayVar.put(collectionVar, virtualArrayVar); // vd --> arr_l
+        CSVar csArray = csManager.getCSVar(callSiteContext, arrayVar); // <c, vs>
+        CSVar csVirtualArray = csManager.getCSVar(callSiteContext, virtualArrayVar); // <c, arr_arg_caller>
+
+        solver.getPointsToSetOf(csArray).forEach(csObj -> { // \forall <c'', os> \in pts(<c, vs>)
+            ArrayIndex arrayIndex = csManager.getArrayIndex(csObj); // <c'', os[*]>
+            // <c'', os[*]> --> <c, arr_l>
+            solver.addPFGEdge(arrayIndex, csVirtualArray, FlowKind.VIRTUAL_ARRAY, elementType);
+        });
+
+        CSVar csCollection = csManager.getCSVar(callSiteContext, collectionVar); // <c, v>
+        // \forall <c', od> \in ptsH(<c, v>), <c, arr_l> --> <c', host(od, ColValue)>
+        getHostListOf(csCollection, COL).forEach(hostObj -> addSourceToHost(csVirtualArray, hostObj, ColValue));
+    }
+
+    /*
+     * process c, l: r = v.k(..., v1, ...), where v and v1 are container variable, callee is extend method like List.addAll/Map.putAll
+     * @params csBaseContainer: // <c, v>
+     * @params csAddedContainer: // <c, l_ai>
+     */
+    private void processEntranceExtend(CSVar csBaseContainer, Var addedContainer, ExtendType extendType) {
+        // Collection/Map.Keyset()/Map.Values() -> Collection
+        CSVar csAddedContainer = csManager.getCSVar(csBaseContainer.getContext(), addedContainer);
+        ExtenderAddedToBase.put(csAddedContainer, csBaseContainer.getVar());
+        ExtenderBaseToAdded.put(csBaseContainer, addedContainer);
+
+        if (extendType == ExtendType.ColToCol) {
+            PointsToSet baseContainerSet = getHostListOf(csBaseContainer, COL);
+            addHostSubsetRelation(baseContainerSet, getHostListOf(csAddedContainer, COL), ExtendType.ColToCol);
+            addHostSubsetRelation(baseContainerSet, getHostListOf(csAddedContainer, MAP_KEY_SET), ExtendType.MapKeySetToCol);
+            addHostSubsetRelation(baseContainerSet, getHostListOf(csAddedContainer, MAP_VALUES), ExtendType.MapValuesToCol);
+        }
+        // Map -> Map
+        else if (extendType == ExtendType.MapToMap) {
+            PointsToSet baseMapSet = getHostListOf(csBaseContainer, HostKind.MAP);
+            addHostSubsetRelation(baseMapSet, getHostListOf(csAddedContainer, HostKind.MAP), ExtendType.MapToMap);
+        }
+        // Map.keySet() -> Col
+        else if (extendType == ExtendType.MapKeySetToCol) {
+            PointsToSet baseContainerSet = getHostListOf(csBaseContainer, COL);
+            addHostSubsetRelation(baseContainerSet, getHostListOf(csAddedContainer, MAP_KEY_SET), ExtendType.MapKeySetToCol);
+        }
+    }
+
+    private void addHostSubsetRelation(PointsToSet baseSet, PointsToSet addedSet, ExtendType extendType) {
+        for (CSObj csAddedObj: addedSet) {
+            // if added object is not modeled, then both base/added container variable should not be optimized by Cut-Shotrcut
+            if (config.isUnmodeledClass(csAddedObj.getObject().getType()) || taintHosts.contains(csAddedObj)) {
+                baseSet.forEach(this::taintHost);
+                break;
+            }
+            baseSet.forEach(csBaseObj -> {
+                // can not add object to empty collection type
+                if (csBaseObj.getObject().getType().getName().contains("java.util.Collections$Empty"))
+                    return;
+                switch (extendType) {
+                    // Collection -> Collection
+                    case ColToCol -> {
+                        CSVar csAddedHostPointer = hostManager.getHostVar(csAddedObj, ColValue),
+                              csBaseHostPointer = hostManager.getHostVar(csBaseObj, ColValue);
+                        solver.addPFGEdge(csAddedHostPointer, csBaseHostPointer, FlowKind.SUBSET);
+                    }
+                    // Map -> Map
+                    case MapToMap -> {
+                        CSVar csAddedMapKeyHostPointer = hostManager.getHostVar(csAddedObj, MapKey),
+                                csBaseMapKeyHostPointer = hostManager.getHostVar(csBaseObj, MapKey);
+                        solver.addPFGEdge(csAddedMapKeyHostPointer, csBaseMapKeyHostPointer, FlowKind.SUBSET);
+
+                        CSVar csAddedMapValueHostPointer = hostManager.getHostVar(csAddedObj, MapValue),
+                                csBaseMapValueHostPointer = hostManager.getHostVar(csBaseObj, MapValue);
+                        solver.addPFGEdge(csAddedMapValueHostPointer, csBaseMapValueHostPointer, FlowKind.SUBSET);
+                    }
+                    // Map.keySet() -> Collection
+                    case MapKeySetToCol -> {
+                        CSVar csAddedMapKeyHostPointer = hostManager.getHostVar(csAddedObj, MapKey),
+                                csBaseHostPointer = hostManager.getHostVar(csBaseObj, ColValue);
+                        solver.addPFGEdge(csAddedMapKeyHostPointer, csBaseHostPointer, FlowKind.SUBSET);
+                    }
+                    // Map.values() -> Collection
+                    case MapValuesToCol -> {
+                        CSVar csAddedMapValueHostPointer = hostManager.getHostVar(csAddedObj, MapValue),
+                                csBaseHostPointer = hostManager.getHostVar(csBaseObj, ColValue);
+                        solver.addPFGEdge(csAddedMapValueHostPointer, csBaseHostPointer, FlowKind.SUBSET);
+                    }
+                }
+            });
+        }
+    }
+
+    /*
+     * process when container object <ci, oi> is added into pts(<c, v>)
+     * @params csVar: <c, v>
+     * @params pts: {<c1, o1>, .., <cn, on>} added to pts(<c, v>)
+     */
+    @Override
+    public void onNewPointsToSet(CSVar csVar, PointsToSet pts) {
+        PointsToSet mapSet = solver.makePointsToSet(),
+                    colSet = solver.makePointsToSet();
+        pts.forEach(csObj -> { // <ci, oi>
+            // process when oi is container object
+            Type objType = csObj.getObject().getType(); // Type(oi)
+            switch (ClassificationOf(objType)) {
+                case MAP -> mapSet.addObject(csObj);
+                case COLLECTION -> colSet.addObject(csObj);
+            }
+
+            // if v is arguments of ArrayInitializer like ArrayList.<init>(array), add PFG edge: <ci, oi[*]> --> <c, arr_l>
+            ArrayVarToVirtualArrayVar.get(csVar.getVar()).forEach(arrVar -> {
+                CSVar csArrVar = csManager.getCSVar(csVar.getContext(), arrVar); // <c, arr_l>
+                ArrayIndex arrayIndex = csManager.getArrayIndex(csObj); // <ci, oi[*]>
+                solver.addPFGEdge(arrayIndex, csArrVar, FlowKind.VIRTUAL_ARRAY, arrVar.getType()); // <ci, oi[*]> --> <c, arr_l>
+            });
+        });
+        // [MapHost], ptsH(<c, v>, Map).update(MapSet)
+        if (!mapSet.isEmpty()) {
+            getHostListOf(csVar, HostKind.MAP).addAll(mapSet);
+            onNewHostEntry(csVar, mapSet, HostKind.MAP);
+        }
+        // [ColHost], ptsH(<c, v>, Col).update(ColSet)
+        if (!colSet.isEmpty()) {
+            getHostListOf(csVar, COL).addAll(colSet);
+            onNewHostEntry(csVar, colSet, COL);
+        }
+    }
+
+    /*
+     * @params csVar: <c, v>
+     * @params entrySet: {<c1, o1>, ... , <cn, on>} , new added to ptsH(<c, v>[host])
+     * @params hostkind: type of host variable (MapKey, MapValue, ColValue, ColItr, etc.)
+     */
+    public void onNewHostEntry(CSVar csVar, PointsToSet hostSet, HostKind hostKind) {
+        TransferAndMapEntryExit(csVar, hostSet, hostKind);
+        ProcessCachedExitInvokes(csVar, hostSet, hostKind); // process [HostTarget], propagate ptsH to exit variables
+        Context context = csVar.getContext(); // c
+        Var base = csVar.getVar(); // v
+        // process [HostSource]
+        base.getInvokes().forEach(invoke -> {
+            CSCallSite csCallSite = csManager.getCSCallSite(context, invoke); // <c, l: r = v.k(...)>
+            callGraph.getCalleesOf(csCallSite).forEach(csMethod -> {
+                Set<Pair<ContExitCategory, Integer>> entranceInfo = config.getEntranceAppendIndex(csMethod.getMethod());
+                // propagate ptsH to this variable of container class.
+                if (!entranceInfo.isEmpty())
+                    relateSourceToHosts(csCallSite, csMethod, entranceInfo, hostSet);
+            });
+        });
+
+        // \forall arr_l -> v, must be collection type
+        if (hostKind == COL) {
+            CollectionVarToVirtualArrayVar.get(base).forEach(arrVar -> {
+                CSVar csArrVar = csManager.getCSVar(context, arrVar);
+                hostSet.forEach(hostObj -> addSourceToHost(csArrVar, hostObj, ColValue));
+            });
+        }
+
+        // \forall v.addAll(v1) cached, since {<c1, o1>, ...} added to ptsH(v), we need to update PFG xx -> <ci, host(oi)> according to ptsH(v1)
+        ExtenderBaseToAdded.get(csVar).forEach(addedContainer -> { // <c, v1>
+            CSVar csAddedContainer = csManager.getCSVar(csVar.getContext(), addedContainer);
+            // Collection/Map.keySet()/Map.values() -> Collection, where v can only be collection
+            if (hostKind == COL) {
+                addHostSubsetRelation(hostSet, getHostListOf(csAddedContainer, COL), ExtendType.ColToCol);
+                addHostSubsetRelation(hostSet, getHostListOf(csAddedContainer, MAP_KEY_SET), ExtendType.MapKeySetToCol);
+                addHostSubsetRelation(hostSet, getHostListOf(csAddedContainer, MAP_VALUES), ExtendType.MapValuesToCol);
+            }
+            // Map -> Map, v can only be map
+            else if (hostKind == HostKind.MAP)
+                addHostSubsetRelation(hostSet, getHostListOf(csAddedContainer, HostKind.MAP), ExtendType.MapToMap);
+        });
+
+        // \forall vc.addAll(v) cached, since {<c1, o1>, ...} added to ptsH(v), we need to update PFG <ci, host(oi)> -> xx according to ptsH(vc)
+        ExtenderAddedToBase.get(csVar).forEach(baseContainer -> { // <c, vc>
+            CSVar csBaseContainer = csManager.getCSVar(csVar.getContext(), baseContainer);
+            // Collection -> Collection
+            if (hostKind == COL)
+                addHostSubsetRelation(getHostListOf(csBaseContainer, COL), hostSet, ExtendType.ColToCol);
+            // Map.keySet() -> Collection
+            else if (hostKind == MAP_KEY_SET)
+                addHostSubsetRelation(getHostListOf(csBaseContainer, COL), hostSet, ExtendType.MapKeySetToCol);
+            // Collection -> Collection
+            else if (hostKind == MAP_VALUES)
+                addHostSubsetRelation(getHostListOf(csBaseContainer, COL), hostSet, ExtendType.MapValuesToCol);
+            // Map -> Map, vc can only be map
+            else if (hostKind == HostKind.MAP)
+                addHostSubsetRelation(getHostListOf(csBaseContainer, HostKind.MAP), hostSet, ExtendType.MapToMap);
+        });
+
+        HostPropagater.get(new Pair<>(hostKind, csVar)).forEach(kindCSVarPair ->
+                solver.addHostEntry(kindCSVarPair.second(), kindCSVarPair.first(), hostSet));
+    }
+
+    /*
+     * @params csCallSite: <c, l: v.k(a)>, v is a container variable
+     * @params csCallee: <c^t, m>, m is a container access method
+     * @params categoryWithindex: {<category, i>, ...}. For example, Map.put(k, v) -> {<MapKey, 0>, <MapValue, 1>}
+     * @params hostSet: ptsH(<c, v>) => {<c1, o1>, ... , <cn, on>}
+     */
+    private void relateSourceToHosts(CSCallSite csCallSite, CSMethod csCallee, Set<Pair<ContExitCategory, Integer>> categoryIndexPairs, PointsToSet hostSet) {
+        JMethod callee = csCallee.getMethod(); // m
+        ClassType classType = callee.getDeclaringClass().getType(); // container class type
+        solver.addSelectedMethod(callee);
+        for (Pair<ContExitCategory, Integer> categoryIndexPair: categoryIndexPairs) {
+            Var argument = csCallSite.getCallSite().getInvokeExp().getArg(categoryIndexPair.second()); // source argument, l_ai
+            CSVar csArg = csManager.getCSVar(csCallSite.getContext(), argument); // <c, l_ai>
+            // filter: csObj must be subtype of container class type can be transfer to this variable
+            // do: generate source relation: <c, l_ai> <--category-- <ci, oi>
+            hostSet.getObjects().stream().filter(csObj -> typeSystem.isSubtype(classType, csObj.getObject().getType()))
+                    .forEach(csObj -> addSourceToHost(csArg, csObj, categoryIndexPair.first()));
+        }
+
+    }
+
+    /*
+     * [TransferHost]
+     * @params csVar: <c, v>
+     * @params containerType: type of container (Map or Collection)
+     * @params hostSet: {<c1, o1>, ... , <cn, on>} , new added to ptsH(<c, v>[containerType])
+     */
+    private void TransferAndMapEntryExit(CSVar csVar, PointsToSet hostSet, HostKind hostKind) {
+        Var varBase = csVar.getVar(); // container variable v
+        Context context = csVar.getContext(); // c
+        varBase.getInvokes().forEach(invoke -> { // l: r = v.k(...)
+            Var lhs = invoke.getLValue(); // r
+            if (lhs == null || !isConcerned(lhs))
+                return;
+            InvokeExp invokeExp = invoke.getInvokeExp(); // r = v.k(...)
+            String invokeString = invokeExp.getMethodRef().getName();
+            CSVar csLHS = csManager.getCSVar(context, lhs); // <c, r>
+
+            // Transfer Method: List/Set.iterator, Map.entrySet, Map.keySet, Map.values, MapEntry,iterator, MapEntry.next, etc.
+            config.getTransferAPIs().forEach(((hostKindOri, methodStr, hostKindGen) -> {
+                if (hostKind == hostKindOri && invokeString.contains(methodStr))
+                    solver.addHostEntry(csLHS, hostKindGen, hostSet);
+            }));
+
+            // Transfer Method: Vector.elements(), Hashtable.elements()
+            switch (hostKind) {
+                // Vector.elements() --> col_itr，注意其它list type没有elements方法
+                case COL -> {
+                    if (invokeString.equals("elements") && isVectorType(varBase.getType()))
+                        solver.addHostEntry(csLHS, COL_ITR, hostSet);
+                }
+                // Hashtable.elements() --> map_value_itr, 注意其它map type没有elements方法
+                case MAP -> {
+                    if ((invokeString.equals("elements") && isHashtableType(varBase.getType())))
+                        solver.addHostEntry(csLHS, MAP_VALUE_ITR, hostSet);
+                }
+            }
+
+            // Map-Entry Exit: map.entry.getKey(), map.entry.getValue()
+            config.getMapEntryExits().forEach((hostKindOri, methodStr, category) -> {
+                if (hostKind == hostKindOri && invokeString.contains(methodStr))
+                    hostSet.forEach(host ->
+                            checkHostRelatedExit(csManager.getCSCallSite(context, invoke), host, category));
+            });
+        });
+    }
+
+    // process related target invoke: l: r = v.k() for <c, v>
+    private void ProcessCachedExitInvokes(CSVar csVar, PointsToSet hostSet, HostKind hostKind) {
+        // container-exit like: r = v.get(..)
+        cachedContExitValues.get(csVar).forEach(invokeCategoryPair -> { // out invokes
+            Invoke callSite = invokeCategoryPair.first(); // l: r = v.k(...)
+            hostSet.forEach(host -> {
+                if (typeSystem.isSubtype(csVar.getVar().getType(), host.getObject().getType()))
+                    checkHostRelatedExit(csManager.getCSCallSite(csVar.getContext(), callSite), host, invokeCategoryPair.second());
+            });
+        });
+
+        // iterator-exit like: r = v.next(), here v is Iterator type, not Container type. Hence do not check type with typeSystem.isSubtype
+        cachedIterExitValues.get(csVar).forEach(invokeTrip -> {
+            // v could be COL_ITR/MAP_KEY_ITR/MAP_VALUE_ITR, so first we need to match
+            if (hostKind != invokeTrip.second())
+                return;
+            Invoke callSite = invokeTrip.first(); // l: r = v.k(...)>
+            hostSet.forEach(host ->
+                    checkHostRelatedExit(csManager.getCSCallSite(csVar.getContext(), callSite), host, invokeTrip.third()));
+        });
+    }
+
+    // for exit calledge e: <c, l: r = v.k()> => <c^t, m>, \forall <c', o> \in ptsH(<c, v>[hostKind]), add <c', o> --exitCategory--> <c, r>
+    private void addTargetToAllHost(CSVar csBase, HostKind hostKind, CSCallSite csCallSite, ContExitCategory exitCategory, boolean checkType) {
+        getHostListOf(csBase, hostKind).forEach(csObj -> {
+            if (!checkType || typeSystem.isSubtype(csBase.getType(), csObj.getObject().getType()))
+                checkHostRelatedExit(csCallSite, csObj, exitCategory);
+        });
+    }
+
+    /*
+     * [HostTarget], <c', o> --category--> <c, r>
+     * @params csVar: <c, r>
+     * @params csObj: <c', o>
+     * @params category: category of host variable (MapKey, MapValue, ColValue)
+     */
+    private void addTargetToHost(CSVar csVar, CSObj csObj, ContExitCategory category) {
+        if (hostManager.addHostTarget(csObj, category, csVar)) {
+            CSVar hostPointer = hostManager.getHostVar(csObj, category); // <c', ho>
+            solver.addPFGEdge(hostPointer, csVar, FlowKind.HOST_TO_RESULT); // result.getType(),
+        }
+    }
+
+    /*
+     * [HostSource], <c, r> <--category-- <c', o>
+     * @params csVar: <c, r>
+     * @params csObj: <c', o>
+     * @params category: category of host variable (MapKey, MapValue, ColValue)
+     */
+    private void addSourceToHost(CSVar csArg, CSObj csObj, ContExitCategory category) {
+        if (isConcerned(csArg.getVar()) && hostManager.addHostSource(csObj, category, csArg)) {
+            CSVar hostPointer = hostManager.getHostVar(csObj, category); // <c', v>
+            solver.addPFGEdge(csArg, hostPointer, FlowKind.ARG_TO_HOST);
+        }
+    }
+
+    // get ptsH for a pointer, usually pointer is a container variable csVar: <c, v>.
+    // Sometimes it could be a InstanceField like <c, o>.list
+    public PointsToSet getHostListOf(Pointer pointer, HostKind hostKind) {
+        return pointerHostListMap.computeIfAbsent(pointer, hostKind, (v, t) -> solver.makePointsToSet());
+    }
+
+    // propagate ptsH along PFG edge
+    @Override
+    public void onNewPFGEdge(PointerFlowEdge edge) {
+        Pointer source = edge.source(), target = edge.target();
+        if (solver.needPropagateHost(edge)) {
+            pointerHostListMap.getOrDefault(source, Collections.emptyMap()).forEach((
+                    (hostKind, sourcePtsH) -> solver.addHostEntry(target, hostKind, sourcePtsH)));
+        }
+    }
+
+    // process l: r = v.k(...) => m
+    public static boolean CutReturnEdge(Var lhs, JMethod callee) {
+        // if m is a container-exit method, cut m_ret --> r
+        if (ContainerConfig.config.getContainerExitCategory(callee) != null)
+            return true;
+        // if m is a iterator.next method, cut m_ret --> r,
+        // here MapEntryVar is to make sure iterator is not Map.entrySet().iterator(), because that next() is Transfer not Exit.
+        if (ContainerConfig.config.getIterExitCategory(callee) != null && MapEntryVar.contains(lhs))
+            return true;
+        // if m is a modeled map.entry.getKey()/getValue(), cut m_ret --> r
+        if (ContainerConfig.config.isHostClass(getOuterClass(callee.getDeclaringClass()))
+            && isMapEntryClass(callee.getDeclaringClass())
+            && (callee.getName().equals("getKey")) || callee.getName().equals("getValue"))
+            return true;
+        return false;
+    }
+
+
+    // For [Entrance-Extend] generated PFG edges: src --> dst, both src and dst are host variables for container objects.
+    // If src may point to a object whose type is not modeled, those host var should be conservatively handled.
+    private void taintHost(CSObj hostObj) {
+        if (!taintHosts.contains(hostObj)) {
+            taintHosts.add(hostObj);
+            hostToExits.get(hostObj).forEach(this::recoverCallSite);
+            for (ContExitCategory cat: ContExitCategory.values()) {
+                hostManager.getHostVar(hostObj, cat).getOutEdges().forEach(outEdge -> {
+                    Pointer succ = outEdge.target();
+                    if (succ instanceof CSVar csVar) {
+                        Obj targetHostObj = hostManager.getHostObj(csVar.getVar());
+                        if (targetHostObj != null)
+                            taintHost(csManager.getCSObj(csVar.getContext(), targetHostObj));
+                    }
+                });
+            }
+        }
+    }
+
+    // callsite l: r = v.get(), whose callee may be cut. However, since v may point-to a object whose type is not modeled
+    // the PFG from callee to r should be recovered to conservatively model
+    private void recoverCallSite(CSCallSite csCallSite) {
+        if (solver.addRecoveredCallSite(csCallSite)) {
+            CSVar csLHS = csManager.getCSVar(csCallSite.getContext(), csCallSite.getCallSite().getLValue());
+            callGraph.getCalleesOf(csCallSite).forEach(csCallee -> {
+                JMethod callee = csCallee.getMethod();
+                callee.getIR().getReturnVars().forEach(ret -> {
+                    CSVar csRet = csManager.getCSVar(csCallee.getContext(), ret); // <c^t, m_ret>
+                    solver.addPFGEdge(csRet, csLHS, FlowKind.RETURN); // <c^t, m_ret> --> <c, r>
+                });
+            });
+        }
+    }
+
+    // call edge e: <c, l: r = v.k(..)> => <c^t, m> is a exit-method call-relation.
+    private void checkHostRelatedExit(CSCallSite csCallSite, CSObj hostObj, ContExitCategory category) {
+        Var lhs = csCallSite.getCallSite().getLValue(); // r
+        // this callsite can be soundly modeled by cut-shortcut
+        if (!solver.isRecoveredCallSite(csCallSite)) {
+            if (config.isUnmodeledClass(hostObj.getObject().getType()) || taintHosts.contains(hostObj))
+                recoverCallSite(csCallSite);
+            else {
+                hostToExits.put(hostObj, csCallSite);
+                addTargetToHost(csManager.getCSVar(csCallSite.getContext(), lhs), hostObj, category);
+            }
+        }
+    }
+
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ContainerConfig.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ContainerConfig.java
new file mode 100644
index 000000000..61167eb2b
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/ContainerConfig.java
@@ -0,0 +1,157 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container;
+
+import pascal.taie.World;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.*;
+import pascal.taie.language.classes.ClassHierarchy;
+import pascal.taie.language.classes.JClass;
+import pascal.taie.language.classes.JMethod;
+import pascal.taie.language.type.ClassType;
+import pascal.taie.language.type.Type;
+import pascal.taie.util.collection.*;
+
+import java.util.Map;
+import java.util.Set;
+
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ContExitCategory.MapKey;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ContExitCategory.MapValue;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.HostKind.*;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.IterExitCategory.*;
+
+public class ContainerConfig {
+    public static ContainerConfig config = new ContainerConfig();
+
+    private static final ClassHierarchy hierarchy = World.get().getClassHierarchy();
+
+    // main modeled collection/map classes
+    private final MultiMap<ContainerType, JClass> hostClasses = Maps.newMultiMap();
+    // other abstract collection/map classes
+    private final MultiMap<ContainerType, JClass> unmodeledClasses = Maps.newMultiMap();
+
+    // Entrance Append method to argument index: m -> k, store for methods like List.add(k), Map.put(k, v)
+    private final MultiMap<JMethod, Pair<ContExitCategory, Integer>> EntranceAppendMap = Maps.newMultiMap();
+
+    // Entrance Extend method to argument index: m -> k, store for methods like List.addAll(c), Map.putAll(m)
+    private final Map<JMethod, Pair<ExtendType, Integer>> EntranceExtendMap = Maps.newMap();
+
+    // Exit method to category: m -> c, c could be one of [Map-Key, Map-Value, Col-Value]
+    private final Map<JMethod, ContExitCategory> ContainerExitMap = Maps.newMap();
+    // Exit method - Iterator.previous()/next()/nextElement()
+    // Here call-relation between Map.Entry.getKey/getValue() not resolved by Tai-e, hence not modeled here.
+    private final Map<JMethod, IterExitCategory> IterExitMap = Maps.newMap();
+
+    private final TwoKeyMap<HostKind, String, HostKind> TransferAPIs = Maps.newTwoKeyMap();
+    private final TwoKeyMap<HostKind, String, ContExitCategory> MapEntryExits = Maps.newTwoKeyMap();
+
+    // for m: ArrayList.<init>, add 0 -> -1, meaning array of index 0 copied to base
+    private final Map<JMethod, Pair<Integer, Integer>> ArrayInitializer = Maps.newMap();
+
+    private ContainerConfig() {
+        initializeTransferAPIs();
+    }
+
+    private void initializeTransferAPIs() {
+        TransferAPIs.put(COL, "iterator", COL_ITR);
+        TransferAPIs.put(COL, "Iterator", COL_ITR);
+        TransferAPIs.put(MAP, "entrySet", MAP_ENTRY_SET);
+        TransferAPIs.put(MAP, "keySet", MAP_KEY_SET);
+        TransferAPIs.put(MAP, "values", MAP_VALUES);
+        TransferAPIs.put(MAP, "Entry", MAP_ENTRY);
+        TransferAPIs.put(MAP, "keys", MAP_KEY_ITR);
+        TransferAPIs.put(MAP_ENTRY_SET, "iterator", MAP_ENTRY_ITR);
+        TransferAPIs.put(MAP_VALUES, "iterator", MAP_VALUE_ITR);
+        TransferAPIs.put(MAP_KEY_SET, "iterator", MAP_KEY_ITR);
+        TransferAPIs.put(MAP_ENTRY_ITR, "next", MAP_ENTRY);
+
+        MapEntryExits.put(MAP_ENTRY, "getValue", MapValue);
+        MapEntryExits.put(MAP_ENTRY, "getKey", MapKey);
+    }
+
+    public void addIterExitCategory(String methodSig, IterExitCategory category) {
+        JMethod method = hierarchy.getMethod(methodSig);
+        if (method != null)
+            IterExitMap.put(method, category);
+    }
+
+    public IterExitCategory getIterExitCategory(JMethod method) { return IterExitMap.getOrDefault(method, null); }
+
+    public boolean isIteratorExitMethods(JMethod method) { return getIterExitCategory(method) == ColIter; }
+
+    public boolean isKeySetClass(Type type) {
+        if (type instanceof ClassType classType)
+            return hostClasses.get(ContainerType.KEYSET).contains(classType.getJClass());
+        return false;
+    }
+
+    public boolean isValueSetClass(Type type) {
+        if (type instanceof ClassType classType)
+            return hostClasses.get(ContainerType.VALUES).contains(classType.getJClass());
+        return false;
+    }
+
+    public void addEntranceAppendIndex(String methodSig, ContExitCategory category, Integer index) {
+        JMethod method = hierarchy.getMethod(methodSig);
+        if (method != null)
+            EntranceAppendMap.put(method, new Pair<>(category, index));
+    }
+
+    public Set<Pair<ContExitCategory, Integer>> getEntranceAppendIndex(JMethod method) { return EntranceAppendMap.get(method); }
+
+    public void addEntranceExtendIndex(String methodSig, ExtendType extendType, Integer index) {
+        JMethod method = hierarchy.getMethod(methodSig);
+        EntranceExtendMap.put(method, new Pair<>(extendType, index));
+    }
+
+    public Pair<ExtendType, Integer> getEntranceExtendIndex(JMethod method) { return EntranceExtendMap.getOrDefault(method, null); }
+
+    public void addContainerExitCategory(String methodSig, ContExitCategory category) {
+        JMethod method = hierarchy.getMethod(methodSig);
+        if (method != null)
+            ContainerExitMap.put(method, category);
+    }
+
+    public ContExitCategory getContainerExitCategory(JMethod method) {
+        return ContainerExitMap.getOrDefault(method, null);
+    }
+
+    public TwoKeyMap<HostKind, String, HostKind> getTransferAPIs() {
+        return TransferAPIs;
+    }
+
+    public TwoKeyMap<HostKind, String, ContExitCategory> getMapEntryExits() {
+        return MapEntryExits;
+    }
+
+    public void addHostClass(ContainerType containerType, String clzName) {
+        JClass clz = hierarchy.getClass(clzName);
+        if (clz != null)
+            hostClasses.put(containerType, clz);
+    }
+
+    public boolean isHostClass(JClass clz) { return hostClasses.values().contains(clz); }
+
+    public void resolveUnmodeledClasses() {
+        hierarchy.getAllSubclassesOf(hierarchy.getClass("java.util.Collection")).forEach(clz -> {
+            if (!clz.isAbstract() && !hostClasses.values().contains(clz))
+                unmodeledClasses.put(ContainerType.COLLECTION, clz);
+        });
+        hierarchy.getAllSubclassesOf(hierarchy.getClass("java.util.Map")).forEach(clz -> {
+            if (!clz.isAbstract() && !hostClasses.values().contains(clz))
+                unmodeledClasses.put(ContainerType.MAP, clz);
+        });
+    }
+
+
+    public boolean isUnmodeledClass(Type type) {
+        if (type instanceof ClassType classType)
+            return unmodeledClasses.values().contains(classType.getJClass());
+        return false;
+    }
+
+    public void addArrayInitializer(String smethod, int index0, int index1) {
+        // index0: index of array variable, index1: index of Collection variable
+        JMethod method = hierarchy.getMethod(smethod);
+        ArrayInitializer.put(method, new Pair<>(index0, index1));
+    }
+
+    public Pair<Integer, Integer> getArrayInitializer(JMethod method) { return ArrayInitializer.get(method); }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/HostManager.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/HostManager.java
new file mode 100644
index 000000000..cd4d43f32
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/HostManager.java
@@ -0,0 +1,55 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container;
+
+import pascal.taie.analysis.pta.core.cs.element.CSManager;
+import pascal.taie.analysis.pta.core.cs.element.CSObj;
+import pascal.taie.analysis.pta.core.cs.element.CSVar;
+import pascal.taie.analysis.pta.core.heap.Obj;
+import pascal.taie.analysis.pta.plugin.cutshortcut.SpecialVariables;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ContExitCategory;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.util.collection.Maps;
+import pascal.taie.util.collection.TwoKeyMultiMap;
+
+import java.util.Map;
+
+public class HostManager {
+    private final CSManager csManager;
+
+    // assign a host variable for each container object
+    private final Map<Obj, Var> hostMap = Maps.newMap();
+    // map host variable to host object
+    private final Map<Var, Obj> hostVarToObj = Maps.newMap();
+
+    // denotes [HostSource], mapping container object <c, o> to set of host variables <c', v> that container.entrance(v), where o \in pts(container)
+    private final TwoKeyMultiMap<CSObj, ContExitCategory, CSVar> HostSourceMap = Maps.newTwoKeyMultiMap();
+
+    // denotes [HostTarget], mapping container object <c, o> to set of host variables <c', v> that v = container.exit(), where o \in pts(container)
+    private final TwoKeyMultiMap<CSObj, ContExitCategory, CSVar> HostTargetMap = Maps.newTwoKeyMultiMap();
+
+    public HostManager(CSManager csManager) {
+        this.csManager = csManager;
+    }
+
+    public CSVar getHostVar(CSObj containerCSObj, ContExitCategory category) {
+        Obj containerObj = containerCSObj.getObject();
+
+        Var hostVar = hostMap.computeIfAbsent(containerObj, obj -> {
+            String varName = "host of[" + obj.toString() + "]," + category.getCategory();
+            Var newHostVar = new Var(obj.getContainerMethod().orElse(null), varName, containerObj.getType(), -1);
+            SpecialVariables.setVirtualVar(newHostVar);
+            hostVarToObj.put(newHostVar, obj);
+            return newHostVar;
+        });
+        return csManager.getCSVar(containerCSObj.getContext(), hostVar);
+    }
+
+    public boolean addHostSource(CSObj containerCSObj, ContExitCategory category, CSVar hostVar) {
+        return HostSourceMap.put(containerCSObj, category, hostVar);
+    }
+
+    public boolean addHostTarget(CSObj containerCSObj, ContExitCategory category, CSVar hostVar) {
+        return HostTargetMap.put(containerCSObj, category, hostVar);
+    }
+
+    public Obj getHostObj(Var var) { return hostVarToObj.getOrDefault(var, null); }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/MakeDefaultContainerConfig.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/MakeDefaultContainerConfig.java
new file mode 100644
index 000000000..61c5da851
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/MakeDefaultContainerConfig.java
@@ -0,0 +1,94 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container;
+
+import com.fasterxml.jackson.core.type.TypeReference;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ContExitCategory;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ContainerType;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.ExtendType;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.enums.IterExitCategory;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Set;
+
+public class MakeDefaultContainerConfig {
+    public static void make() {
+        ContainerConfig config = ContainerConfig.config;
+        try {
+            ObjectMapper mapper = new ObjectMapper(new YAMLFactory());
+
+            // [Map/Col] classes
+            Map<String, List<String>> rawHostClassesData = mapper.readValue(
+                    Thread.currentThread().getContextClassLoader().getResourceAsStream("container-config/host-classes.yml"),
+                    new TypeReference<>() {});
+            rawHostClassesData.forEach((containerName, containerClasses) -> {
+                ContainerType containerType = ContainerType.getTypeName(containerName);
+                containerClasses.forEach(containerClassName ->
+                        config.addHostClass(containerType, containerClassName));
+            });
+
+            // [Other Class]
+            config.resolveUnmodeledClasses();
+
+            // [Entrance-Append]
+            Map<String, List<Map<String, Object>>> rawEntranceAppendDatas = mapper.readValue(
+                    Thread.currentThread().getContextClassLoader().getResourceAsStream("container-config/entrance-append.yml"),
+                    new TypeReference<>() {});
+            rawEntranceAppendDatas.forEach((categoryName, APIInfos) -> {
+                ContExitCategory category = ContExitCategory.getCategory(categoryName);
+                APIInfos.stream().filter(Objects::nonNull).forEach(APIInfo -> {
+                    String methodSig = (String) APIInfo.get("signature");
+                    Integer index = (Integer) APIInfo.get("index");
+                    config.addEntranceAppendIndex(methodSig, category, index);
+                });
+            });
+
+            // [Entrance-Extend]
+            Map<String, List<Map<String, Object>>> rawEntranceExtendDatas = mapper.readValue(
+                    Thread.currentThread().getContextClassLoader().getResourceAsStream("container-config/entrance-extend.yml"),
+                    new TypeReference<>() {});
+            rawEntranceExtendDatas.forEach((extendTypeValue, APIInfos) -> {
+                ExtendType extendType = ExtendType.getExtendType(extendTypeValue);
+                APIInfos.stream().filter(Objects::nonNull).forEach(APIInfo -> {
+                    String methodSig = (String) APIInfo.get("signature");
+                    Integer index = (Integer) APIInfo.get("index");
+                    config.addEntranceExtendIndex(methodSig, extendType, index);
+                });
+
+            });
+
+            // [Entrance-Array Initializer]
+            Map<String, List<Map<String, Object>>> rawArrayInitializerDatas = mapper.readValue(
+                    Thread.currentThread().getContextClassLoader().getResourceAsStream("container-config/array-initializer.yml"),
+                    new TypeReference<>() {});
+            rawArrayInitializerDatas.get("ArrayInit").forEach(APIInfo -> {
+                String methodSig = (String) APIInfo.get("signature");
+                Integer srcIndex = (Integer) APIInfo.get("src");
+                Integer dstIndex = (Integer) APIInfo.get("dst");
+                config.addArrayInitializer(methodSig, srcIndex, dstIndex);
+            });
+
+            // [Exit]
+            Map<String, List<String>> rawExitDatas = mapper.readValue(
+                    Thread.currentThread().getContextClassLoader().getResourceAsStream("container-config/exit.yml"),
+                    new TypeReference<>() {});
+            rawExitDatas.forEach((exitType, methodsigs) -> {
+                ContExitCategory category = ContExitCategory.getCategory(exitType);
+                IterExitCategory iterExitCategory = IterExitCategory.getCategory(exitType);
+                // Container-Exit
+                if (category != null)
+                    methodsigs.stream().filter(Objects::nonNull).forEach(methodsig -> config.addContainerExitCategory(methodsig, category));
+                // Iter-Exit
+                else if (iterExitCategory != null)
+                    methodsigs.stream().filter(Objects::nonNull).forEach(methodsig -> config.addIterExitCategory(methodsig, iterExitCategory));
+            });
+
+        }
+        catch (IOException e) {
+            e.printStackTrace();
+        }
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ContExitCategory.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ContExitCategory.java
new file mode 100644
index 000000000..21cd3838b
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ContExitCategory.java
@@ -0,0 +1,27 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container.enums;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public enum ContExitCategory {
+    MapKey("MapKey"),
+    MapValue("MapValue"),
+    ColValue("ColValue");
+
+    private final String category;
+
+    ContExitCategory(String category) {
+        this.category = category;
+    }
+
+    public String getCategory() {
+        return category;
+    }
+
+    private final static Map<String, ContExitCategory> NameToCateGory = Arrays.stream(values())
+            .collect(Collectors.toMap(c -> c.category, Function.identity()));
+
+    public static ContExitCategory getCategory(String Name) { return NameToCateGory.getOrDefault(Name, null); }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ContainerType.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ContainerType.java
new file mode 100644
index 000000000..b055f35e2
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ContainerType.java
@@ -0,0 +1,31 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container.enums;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public enum ContainerType {
+    MAP("Map"),
+    COLLECTION("Col"),
+    ENTRYSET("EntrySet"), // entrySet of map
+    KEYSET("KeySet"), // keySet of map
+    VALUES("Values"), // values of map
+    ITER("Iter"),
+    OTHER("OTHER");
+
+    private final String typeName;
+
+    ContainerType(String typeName) {
+        this.typeName = typeName;
+    }
+
+    public String getTypeName() {
+        return typeName;
+    }
+
+    private final static Map<String, ContainerType> NameToContainerType = Arrays.stream(values())
+            .collect(Collectors.toMap(c -> c.typeName, Function.identity()));
+
+    public static ContainerType getTypeName(String Name) { return NameToContainerType.getOrDefault(Name, null); }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ExtendType.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ExtendType.java
new file mode 100644
index 000000000..01506d209
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/ExtendType.java
@@ -0,0 +1,24 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container.enums;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public enum ExtendType {
+    MapToMap("MapToMap"), // Map.putAll(Map)
+    ColToCol("ColToCol"), // Collection.addAll(Collection)
+    MapKeySetToCol("MapKeySetToCol"), // Collection.addAll(Map.keySet())
+    MapValuesToCol("MapValuesToCol"); // Collection.addAll(Map.values());
+
+    private final String value;
+
+    public String getValue() { return value; }
+
+    ExtendType(String _value) { value = _value; }
+
+    private final static Map<String, ExtendType> ValueToExtendType = Arrays.stream(values())
+            .collect(Collectors.toMap(c -> c.value, Function.identity()));
+
+    public static ExtendType getExtendType(String value) { return ValueToExtendType.getOrDefault(value, null); }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/HostKind.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/HostKind.java
new file mode 100644
index 000000000..18a1dea65
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/HostKind.java
@@ -0,0 +1,26 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container.enums;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public enum HostKind {
+    MAP("Map"), MAP_ENTRY("MapEntry"),
+    MAP_ENTRY_SET("MapEntrySet"), MAP_KEY_SET("MapKeySet"), MAP_VALUES("MapValues"),
+    MAP_KEY_ITR("MapKeyIter"), MAP_ENTRY_ITR("MapEntryIter"), MAP_VALUE_ITR("MapValueIter"),
+
+    COL("Col"),
+    COL_ITR("ColIter");
+
+    private String kind;
+
+    HostKind(String _kind) { kind = _kind; }
+
+    public String getKind() { return kind; }
+
+    private final static Map<String, HostKind> NameToHostKind = Arrays.stream(values())
+            .collect(Collectors.toMap(h -> h.kind, Function.identity()));
+
+    public static HostKind getHostKind(String Name) { return NameToHostKind.get(Name); }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/IterExitCategory.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/IterExitCategory.java
new file mode 100644
index 000000000..fc87e5e88
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/container/enums/IterExitCategory.java
@@ -0,0 +1,27 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.container.enums;
+
+import java.util.Arrays;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+public enum IterExitCategory {
+    ColIter("ColIter"),
+    MapGetValue("MapGetValue"),
+    MapGetKey("MapGetKey");
+
+    private final String category;
+
+    IterExitCategory(String category) {
+        this.category = category;
+    }
+
+    public String getCategory() {
+        return category;
+    }
+
+    private final static Map<String, IterExitCategory> NameToCateGory = Arrays.stream(values())
+            .collect(Collectors.toMap(c -> c.category, Function.identity()));
+
+    public static IterExitCategory getCategory(String Name) { return NameToCateGory.getOrDefault(Name, null); }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/AbstractLoadField.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/AbstractLoadField.java
new file mode 100644
index 000000000..5bca090a5
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/AbstractLoadField.java
@@ -0,0 +1,30 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.field;
+
+import pascal.taie.ir.exp.FieldAccess;
+import pascal.taie.ir.exp.InstanceFieldAccess;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.ir.stmt.FieldStmt;
+import pascal.taie.ir.stmt.StmtVisitor;
+
+public class AbstractLoadField extends FieldStmt<Var, FieldAccess> {
+    private final boolean terminate;
+
+    public AbstractLoadField(Var lvalue, FieldAccess rvalue, boolean terminate) {
+        super(lvalue, rvalue);
+        this.terminate = terminate;
+    }
+
+    @Override
+    public FieldAccess getFieldAccess() {
+        return getRValue();
+    }
+
+    public boolean isNonRelay() {
+        return !terminate;
+    }
+
+    @Override
+    public <T> T accept(StmtVisitor<T> visitor) {
+        return null;
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/AbstractStoreField.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/AbstractStoreField.java
new file mode 100644
index 000000000..1546c5c12
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/AbstractStoreField.java
@@ -0,0 +1,23 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.field;
+
+import pascal.taie.ir.exp.FieldAccess;
+import pascal.taie.ir.exp.InstanceFieldAccess;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.ir.stmt.FieldStmt;
+import pascal.taie.ir.stmt.StmtVisitor;
+
+public class AbstractStoreField extends FieldStmt<FieldAccess, Var> {
+    public AbstractStoreField(FieldAccess lvalue, Var rvalue) {
+        super(lvalue, rvalue);
+    }
+
+    @Override
+    public FieldAccess getFieldAccess() {
+        return getLValue();
+    }
+
+    @Override
+    public <T> T accept(StmtVisitor<T> visitor) {
+        return null;
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/FieldAccessHandler.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/FieldAccessHandler.java
new file mode 100644
index 000000000..d907e2536
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/FieldAccessHandler.java
@@ -0,0 +1,392 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.field;
+
+import pascal.taie.World;
+import pascal.taie.analysis.graph.callgraph.CallGraph;
+import pascal.taie.analysis.graph.callgraph.Edge;
+import pascal.taie.analysis.graph.flowgraph.FlowKind;
+import pascal.taie.analysis.pta.core.cs.context.Context;
+import pascal.taie.analysis.pta.core.cs.element.*;
+import pascal.taie.analysis.pta.core.solver.CutShortcutSolver;
+import pascal.taie.analysis.pta.core.solver.PointerFlowEdge;
+import pascal.taie.analysis.pta.core.solver.Solver;
+import pascal.taie.analysis.pta.plugin.Plugin;
+import pascal.taie.analysis.pta.plugin.cutshortcut.container.ContainerAccessHandler;
+import pascal.taie.analysis.pta.pts.PointsToSet;
+import pascal.taie.ir.IR;
+import pascal.taie.ir.exp.InstanceFieldAccess;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.ir.proginfo.FieldRef;
+import pascal.taie.ir.stmt.Invoke;
+import pascal.taie.ir.stmt.LoadField;
+import pascal.taie.ir.stmt.StoreField;
+import pascal.taie.language.classes.JClass;
+import pascal.taie.language.classes.JField;
+import pascal.taie.language.classes.JMethod;
+import pascal.taie.language.type.TypeSystem;
+import pascal.taie.util.AnalysisException;
+import pascal.taie.util.collection.Maps;
+import pascal.taie.util.collection.MultiMap;
+import pascal.taie.util.collection.Sets;
+
+import java.util.*;
+import java.util.stream.Collectors;
+
+import static pascal.taie.analysis.pta.core.solver.CutShortcutSolver.isConcerned;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.SpecialVariables.*;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.field.ParameterIndex.THISINDEX;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.field.ParameterIndex.getRealParameterIndex;
+
+public class FieldAccessHandler implements Plugin {
+    private final MultiMap<CSMethod, SetStatement> setStatements = Maps.newMultiMap();
+
+    private final MultiMap<CSMethod, GetStatement> getStatements = Maps.newMultiMap();
+
+    private final Set<Var> cutReturnVars = Sets.newSet();
+
+    private final Map<Var, List<AbstractLoadField>> abstractLoadFields = Maps.newMap();
+
+    private final Map<Var, List<AbstractStoreField>> abstractStoreFields = Maps.newMap();
+
+    private CutShortcutSolver solver;
+
+    private TypeSystem typeSystem;
+
+    private CSManager csManager;
+
+    private CallGraph<CSCallSite, CSMethod> callGraph;
+
+    private Context emptyContext;
+
+    @Override
+    public void setSolver(Solver solver) {
+        if (solver instanceof CutShortcutSolver cutShortcutSolver) {
+            this.solver = cutShortcutSolver;
+            typeSystem = World.get().getTypeSystem();
+            callGraph = solver.getCallGraph();
+            csManager = solver.getCSManager();
+            emptyContext = solver.getContextSelector().getEmptyContext();
+        }
+        else
+            throw new AnalysisException("Invalid Solver to " + getClass());
+    }
+
+    @Override
+    public void onNewPointsToSet(CSVar csVar, PointsToSet pts) {
+        processAbstractInstanceLoad(csVar, pts);
+        processAbstractInstanceStore(csVar, pts);
+    }
+
+    // process abstract instance load: <c, lhs = base.f>, \forall <c', o> \in pts(<c, base>), add <c', o.f> --> <c, lhs>
+    private void processAbstractInstanceLoad(CSVar csVar, PointsToSet pts) {
+        Context baseContext = csVar.getContext(); // c
+        Var base = csVar.getVar(); // lhs
+        getAbstractLoadFields(base).forEach(load -> {
+            Var lhs = load.getLValue();
+            JField field = load.getFieldRef().resolve();
+            if (isConcerned(lhs) && field != null) {
+                CSVar csLHS = csManager.getCSVar(baseContext, lhs);
+                pts.forEach(baseObj -> {
+                    if (typeSystem.isSubtype(field.getDeclaringClass().getType(), baseObj.getObject().getType())) {
+                        InstanceField instField = csManager.getInstanceField(baseObj, field);
+                        solver.addPFGEdge(instField, csLHS, // lhs.getType(),
+                                load.isNonRelay() ? FlowKind.NON_RELAY_GET : FlowKind.GET);
+                    }
+                });
+            }
+        });
+    }
+
+    // process abstract store: <c, base.f = rhs>, \forall <c', o> \in pts(<c, base>), add <c, rhs> --> <c', o.f>
+    private void processAbstractInstanceStore(CSVar csVar, PointsToSet pts) {
+        Context baseContext = csVar.getContext();
+        Var base = csVar.getVar();
+        getAbstractStoreFields(base).forEach(store -> {
+            Var rhs = store.getRValue();
+            JField field = store.getFieldRef().resolve();
+            if (isConcerned(rhs) && field != null) {
+                CSVar csRHS = csManager.getCSVar(baseContext, rhs);
+                pts.forEach(baseObj -> {
+                    if (typeSystem.isSubtype(field.getDeclaringClass().getType(), baseObj.getObject().getType())) {
+                        InstanceField instField = csManager.getInstanceField(baseObj, field);
+                        solver.addPFGEdge(csRHS, instField, FlowKind.SET, field.getType());
+                    }
+                });
+            }
+        });
+    }
+
+    // [CutStore], [CutPropLoad]
+    @Override
+    public void onNewMethod(JMethod method) {
+        if (method.isAbstract())
+            return;
+        IR methodIR = method.getIR();
+        methodIR.forEach(stmt -> {
+            if (stmt.getDef().isPresent() && stmt.getDef().get() instanceof Var def)
+                setDefined(def);
+        });
+        if (methodIR.getThis() != null)
+            setParameterIndex(methodIR.getThis(), THISINDEX);
+        List<Var> params = methodIR.getParams();
+        for (int i = 0; i < params.size(); i++)
+            setParameterIndex(params.get(i), getRealParameterIndex(i));
+    }
+
+    @Override
+    public void onNewCSMethod(CSMethod csMethod) {
+        JMethod method = csMethod.getMethod();
+        if (method.isAbstract())
+            return;
+        JClass declaringClass = method.getDeclaringClass();
+        method.getIR().forEach(stmt -> {
+            if (!declaringClass.getName().equals("java.awt.Component")
+                    && !declaringClass.getName().equals("javax.swing.JComponent")
+                    && stmt instanceof LoadField load
+                    && load.getFieldAccess() instanceof InstanceFieldAccess fieldAccess) {
+                // m_ret(x) = m_pi.f;
+                Var x = load.getLValue(), y = fieldAccess.getBase();
+                if (isConcerned(x)) {
+                    int retIndex = ParameterIndex.GetReturnVariableIndex(x);
+                    ParameterIndex baseIndex = getParameterIndex(y);
+                    if (retIndex >= 0 && baseIndex != null && !isDefined(y)) {
+                        // the load inst should be relayed
+                        disableRelay(load);
+                        addCutReturnVar(csMethod, x);
+                        GetStatement getStatement = new GetStatement(retIndex, baseIndex, load.getFieldRef());
+                        solver.addGetStmtEntry(csMethod, getStatement);
+                    }
+                }
+            }
+            // not entry method, each entry method is associated with empty context, so this condition can be used to filter non-entry method
+            else if (!callGraph.entryMethods().collect(Collectors.toSet()).contains(csManager.getCSMethod(emptyContext, method))
+                    && stmt instanceof StoreField store
+                    && store.getFieldAccess() instanceof InstanceFieldAccess fieldAccess) {
+                // m_pi.f = m_pj;
+                Var x = fieldAccess.getBase(), y = store.getRValue();
+                if (isConcerned(y)) {
+                    ParameterIndex baseIndex = getParameterIndex(x), rhsIndex = getParameterIndex(y);
+                    if (baseIndex != null && rhsIndex != null && !isDefined(x) && !isDefined(y)) {
+                        solver.addCutStoreField(store);
+                        SetStatement setStatement = new SetStatement(baseIndex, store.getFieldRef(), rhsIndex);
+                        solver.addSetStmtEntry(csMethod, setStatement);
+                    }
+                }
+            }
+        });
+    }
+
+    /*
+     * work when l first appears in <c, m>
+     * @param csMethod: <c, m>,
+     * @param setStmt: l: m_pi.f = m_pj \in m
+     */
+    public void onNewSetStatement(CSMethod csMethod, SetStatement setStmt) {
+        if (addSetStatement(csMethod, setStmt))
+            callGraph.edgesInTo(csMethod).forEach(
+                edge -> processSetStatementOnCallEdge(edge, setStmt));
+    }
+
+    /*
+     * work when l first appears in <c, m>
+     * @param csMethod: <c, m>,
+     * @param getStmt: l: m_ret = m_pi.f \in m
+     */
+    public void onNewGetStatement(CSMethod csMethod, GetStatement getStmt) {
+        // add deleted return vars (only do it when a new set statement is found)
+        if (addGetStatement(csMethod, getStmt))
+            callGraph.edgesInTo(csMethod).forEach(
+                edge -> processGetStatementOnCallEdge(edge, getStmt));
+    }
+
+    /*
+     * [PropStore], generate temp store: <c, m_pu.f = m_pv> or concrete abstract store: <c, l_ai.f = l_aj>
+     * @param edge: <c, l: v.k(l_ai, ...)> --> <c^t, m>,
+     * @param setStmt: m_pi.f = m_pj \in m
+     */
+    private void processSetStatementOnCallEdge(Edge<CSCallSite, CSMethod> edge, SetStatement setStmt) {
+        Var base = ParameterIndex.getCorrespondingArgument(edge, setStmt.baseIndex()), // l_ai
+            rhs = ParameterIndex.getCorrespondingArgument(edge, setStmt.rhsIndex()); // l_aj
+        if (base != null && rhs != null && isConcerned(rhs)) {
+            CSMethod csCaller = edge.getCallSite().getContainer(); // <c, m_caller>
+            ParameterIndex baseIndexAtCaller = getParameterIndex(base),  // l_ai \is m_pu of m_caller
+                    rhsIndexAtCaller = getParameterIndex(rhs); // l_aj \is m_pv of m_caller
+            if (baseIndexAtCaller != null && rhsIndexAtCaller != null && !isDefined(base) && !isDefined(rhs)) {
+                solver.addSelectedMethod(edge.getCallee().getMethod());
+                // setStmt: m_pu.f = m_pv
+                solver.addSetStmtEntry(csCaller, new SetStatement(baseIndexAtCaller, setStmt.fieldRef(), rhsIndexAtCaller));
+            }
+            // top-level temp store, generate a new store field in current context
+            else
+                processNewAbstractStoreField(edge.getCallSite().getContext(), base, setStmt.fieldRef(), rhs);
+        }
+    }
+
+    /**
+     * [CutPropLoad], add new return var m_ret, generate temp load:
+     * @param edge: <c, l: m_caller_ret = v.k(..., l_ai, ...)> --> <c^t, m>
+     * @param getStmt: m_ret = m_pi.f \in m
+     */
+    private void processGetStatementOnCallEdge(Edge<CSCallSite, CSMethod> edge, GetStatement getStmt) {
+        // ToDo: consider context-sensitive setting
+        Invoke callSite = edge.getCallSite().getCallSite(); // l
+        JMethod callee = edge.getCallee().getMethod(); // m
+        Var base = ParameterIndex.getCorrespondingArgument(edge, getStmt.baseIndex()), // l_ai
+                lhs = callSite.getLValue(); // m_caller_ret
+        if (!ContainerAccessHandler.CutReturnEdge(lhs, callee)) {
+            if (base != null && lhs != null && isConcerned(lhs)) {
+                CSMethod csCaller = callGraph.getContainerOf(edge.getCallSite()); // <c, m_caller>
+                int lhsIndexAtCaller = ParameterIndex.GetReturnVariableIndex(lhs); // index of m_caller_ret
+                ParameterIndex baseIndexAtCaller = getParameterIndex(base); // index of l_ai
+                solver.addSelectedMethod(edge.getCallee().getMethod());
+                // m_caller_ret is return value of m_caller, l_ai is parameter/this of m_caller, [PropLoad] to caller of m_caller
+                if (lhsIndexAtCaller != -1 && baseIndexAtCaller != null) {
+                    addCutReturnVar(csCaller, lhs); // 每一层GetStatement的retVar都需要删除
+                    solver.addGetStmtEntry(csCaller, new GetStatement(lhsIndexAtCaller, baseIndexAtCaller, getStmt.fieldRef()));
+                    // new generated PFG edges are non-relay
+                    processNewAbstractLoadField(edge.getCallSite().getContext(), lhs, base, getStmt.fieldRef(), false);
+                }
+                // top-level temp load, generate a new load: <c, lhs = base.f>, new generated PFG edge is terminal(relayed)
+                else
+                    processNewAbstractLoadField(edge.getCallSite().getContext(), lhs, base, getStmt.fieldRef(), true);
+            }
+        }
+    }
+
+    // [ShortcutStore]: in context c, generate a new store field: <c, base.f = rhs>
+    private void processNewAbstractStoreField(Context context, Var base, FieldRef fieldRef, Var rhs) {
+        CSVar csBase = csManager.getCSVar(context, base),  // <c, base>
+              csRHS = csManager.getCSVar(context, rhs); // <c, rhs>
+        JField field = fieldRef.resolve();
+        AbstractStoreField storeField = new AbstractStoreField(new InstanceFieldAccess(fieldRef, base), rhs);
+        getAbstractStoreFields(base).add(storeField);
+        // \forall <c', o> \in pts(<c, base>), add <c, rhs> --> <c', o.f>
+        solver.getPointsToSetOf(csBase).forEach(csObj -> {
+            if (typeSystem.isSubtype(field.getDeclaringClass().getType(), csObj.getObject().getType()))
+                solver.addPFGEdge(csRHS, csManager.getInstanceField(csObj, field), FlowKind.SET, field.getType());
+        });
+    }
+
+    // [ShortcutLoad]: in context c, generate a new abstract load field: <c, lhs = base.f>, terminate determines whether it is lhs = base.f terminal PFG edge
+    private void processNewAbstractLoadField(Context context, Var lhs, Var base, FieldRef fieldRef, boolean terminate) {
+        CSVar csBase = csManager.getCSVar(context, base), // <c, base>
+                csLHS = csManager.getCSVar(context, lhs); // <c, lhs>
+        JField field = fieldRef.resolve();
+        AbstractLoadField loadField = new AbstractLoadField(lhs, new InstanceFieldAccess(fieldRef, base), terminate);
+        getAbstractLoadFields(base).add(loadField);
+        // \forall <c', o> \in pts(<c, base>), add PFG edge: <c', o.f> --> <c, lhs>
+        solver.getPointsToSetOf(csBase).forEach(csObj -> {
+            if (typeSystem.isSubtype(field.getDeclaringClass().getType(), csObj.getObject().getType()))
+                solver.addPFGEdge(csManager.getInstanceField(csObj, field), csLHS, // lhs.getType(),
+                        terminate ? FlowKind.GET : FlowKind.NON_RELAY_GET);
+        });
+    }
+
+    // [RelayEdge]: <c, l: r = v.k(...)> --> <c^t, m>
+    @Override
+    public void onNewCallEdge(Edge<CSCallSite, CSMethod> edge) {
+        Invoke callSite = edge.getCallSite().getCallSite(); // l
+        processSetStatementOnNewCallEdge(edge);
+        Var lhs = callSite.getLValue(); // r
+        if (lhs != null && isConcerned(lhs)) {
+            processGetStatementOnNewCallEdge(edge);
+            CSMethod csCallee = edge.getCallee(); // <c^t, m>
+            JMethod callee = csCallee.getMethod(); // m
+            CSVar csLHS = csManager.getCSVar(edge.getCallSite().getContext(), lhs); // <c, r>
+            if (!ContainerAccessHandler.CutReturnEdge(lhs, callee)) {
+                for (Var ret: callee.getIR().getReturnVars()) {
+                    if (cutReturnVars.contains(ret)) {
+                        CSVar csRet = csManager.getCSVar(csCallee.getContext(), ret); // <c^t, m_ret>
+                        csRet.getInEdges().forEach(inEdge -> { // \forall <c', v> --> <c^t, m_ret>
+                            // transfer, add <c', v> --> <c, r>, inEdge.terminate = True
+                            if (inEdge.kind() != FlowKind.NON_RELAY_GET)
+                                solver.addPFGEdge(inEdge.source(), csLHS, inEdge.kind(), inEdge.getTransfers());
+                        });
+                    }
+                }
+            }
+        }
+    }
+
+    // [CutPropLoad]: <c, l: r = v.k(...)> --> <c^t, m>,
+    private void processSetStatementOnNewCallEdge(Edge<CSCallSite, CSMethod> edge) {
+        // when a new call edge found, process callSite with previous found SetStatement in the callee
+        getSetStatementsOf(edge.getCallee()).forEach(setStmt ->
+                processSetStatementOnCallEdge(edge, setStmt));
+    }
+
+    // <c, l: r = v.k(...)> --> <c^t, m>
+    private void processGetStatementOnNewCallEdge(Edge<CSCallSite, CSMethod> edge) {
+        getGetStatementsOf(edge.getCallee()).forEach(getStmt ->
+                processGetStatementOnCallEdge(edge, getStmt));
+    }
+
+    /*
+     * [RelayEdge] rules, a relay PFG edge: <c'', n> --> <c, m_ret> should be converted to <c'', n> --> <c, r>
+     * @param edge: <c'', n> --> <c, m_ret>, edge is not terminal PFG
+     */
+    @Override
+    public void onNewPFGEdge(PointerFlowEdge edge) {
+        Pointer source = edge.source(), target = edge.target();
+        FlowKind kind = edge.kind();
+        // m_ret \in cutReturns, <c'', n> --> <c, m_ret> is a relay PFG edge
+        if (target instanceof CSVar csVar && cutReturnVars.contains(csVar.getVar()) && kind != FlowKind.NON_RELAY_GET) {
+            CSMethod csMethod = csManager.getCSMethod(csVar.getContext(), csVar.getVar().getMethod()); // c
+            // \forall <c'', l: r = v.k(...)> --> <c, m>, add <c'', o.f> --> <c, r>
+            callGraph.getCallersOf(csMethod).forEach(csCallSite -> {
+                Var lhs = csCallSite.getCallSite().getLValue(); // r
+                if (lhs != null && isConcerned(lhs)) {
+                    CSVar csLHS = csManager.getCSVar(csCallSite.getContext(), lhs);
+                    solver.addPFGEdge(source, csLHS, kind, edge.getTransfers()); // <c'', o.f> --> <c, r>
+                }
+            });
+        }
+    }
+
+    /*
+     * [RelayEdge]: <c'', x> --> <c, m_ret> translate to <c'', x> --> <c', r>
+     * @param csMethod: <c, m>,
+     * @param ret: m_ret \in cutReturns
+     */
+    private void addCutReturnVar(CSMethod csMethod, Var ret) {
+        cutReturnVars.add(ret);
+        solver.addCutReturnVar(ret);
+        CSVar csRet = csManager.getCSVar(csMethod.getContext(), ret); // <c, m_ret>
+        csRet.getInEdges().forEach(edge -> { // <c'', x> --> <c, m_ret>
+            if (edge.kind() != FlowKind.NON_RELAY_GET) {
+                // <c', l: r = v.k(...)> --> <c, m>
+                callGraph.getCallersOf(csMethod).forEach(csCallSite -> {
+                    Var lhs = csCallSite.getCallSite().getLValue(); // r
+                    if (lhs != null && isConcerned(lhs)) {
+                        CSVar csLHS = csManager.getCSVar(csCallSite.getContext(), lhs); // <c', r>
+                        solver.addPFGEdge(edge.source(), csLHS, edge.kind(), edge.getTransfers()); // <c'', x> --> <c', r>
+                    }
+                });
+            }
+        });
+    }
+
+    private boolean addSetStatement(CSMethod csMethod, SetStatement setStatement) {
+        return setStatements.put(csMethod, setStatement);
+    }
+
+    private boolean addGetStatement(CSMethod csMethod, GetStatement getStmt) {
+        return getStatements.put(csMethod, getStmt);
+    }
+
+    private Set<SetStatement> getSetStatementsOf(CSMethod csMethod) { // 得到一个方法里所有的SetStatement
+        return setStatements.get(csMethod);
+    }
+
+    private Set<GetStatement> getGetStatementsOf(CSMethod csMethod) {
+        return getStatements.get(csMethod);
+    }
+
+
+    private List<AbstractLoadField> getAbstractLoadFields(Var base) {
+        return abstractLoadFields.computeIfAbsent(base, v -> new ArrayList<>());
+    }
+
+    private List<AbstractStoreField> getAbstractStoreFields(Var base) {
+        return abstractStoreFields.computeIfAbsent(base, v -> new ArrayList<>());
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/GetStatement.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/GetStatement.java
new file mode 100644
index 000000000..210ea3181
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/GetStatement.java
@@ -0,0 +1,10 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.field;
+
+import pascal.taie.ir.proginfo.FieldRef;
+
+public record GetStatement(int lhsIndex, ParameterIndex baseIndex, FieldRef fieldRef) {
+    @Override
+    public String toString() {
+        return "[GetStmt]" + lhsIndex + "=" + baseIndex().toString() + "." + fieldRef.getName();
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/ParameterIndex.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/ParameterIndex.java
new file mode 100644
index 000000000..088e85cf8
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/ParameterIndex.java
@@ -0,0 +1,70 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.field;
+
+import pascal.taie.analysis.graph.callgraph.Edge;
+import pascal.taie.analysis.pta.core.cs.element.CSCallSite;
+import pascal.taie.analysis.pta.core.cs.element.CSMethod;
+import pascal.taie.analysis.pta.plugin.cutshortcut.ReflectiveEdgeProperty;
+import pascal.taie.analysis.pta.plugin.reflection.ReflectiveCallEdge;
+import pascal.taie.ir.IR;
+import pascal.taie.ir.exp.InvokeExp;
+import pascal.taie.ir.exp.InvokeInstanceExp;
+import pascal.taie.ir.exp.InvokeSpecial;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.ir.stmt.Invoke;
+import pascal.taie.util.AnalysisException;
+import pascal.taie.util.collection.Maps;
+
+import javax.annotation.Nullable;
+import java.util.List;
+import java.util.Map;
+
+public record ParameterIndex(boolean isThis, int index) {
+    public static ParameterIndex THISINDEX = new ParameterIndex(true, 0);
+
+    public static Map<Integer, ParameterIndex> realParameters = Maps.newMap();
+
+    @Override
+    public String toString() {
+        return isThis ? "%this" : index + "@parameter";
+    }
+
+    public static ParameterIndex getRealParameterIndex(int index) {
+        return realParameters.computeIfAbsent(index, i -> new ParameterIndex(false, index));
+    }
+
+    public static int GetReturnVariableIndex(Var var) { // -1: 不是return Variable, 0, ... : index
+        // TODO: check definitions of return variables
+        if (var.getMethod().isAbstract())
+            return -1;
+        IR methodIR = var.getMethod().getIR();
+        List<Var> returnVars = methodIR.getReturnVars();
+        int len = returnVars.size(), i;
+        for (i = 0; i < len; i ++)
+            if (returnVars.get(i).equals(var))
+                return i;
+        return -1;
+    }
+
+    @Nullable
+    public static Var getCorrespondingArgument(Edge<CSCallSite, CSMethod> edge, ParameterIndex parameterIndex) {
+        Invoke invoke = edge.getCallSite().getCallSite();
+        InvokeExp invokeExp = invoke.getInvokeExp();
+        if (edge instanceof ReflectiveCallEdge reflEdge) {
+            if (parameterIndex.isThis()) {
+                switch (ReflectiveEdgeProperty.getReflectiveKind(reflEdge)) {
+                    case NEW_INSTANCE -> { return invoke.getResult(); }
+                    case METHOD_INVOKE -> { return invokeExp.getArg(0); }
+                    default -> throw new AnalysisException("Invalid Reflective Call Edge");
+                }
+            }
+            else
+                return ReflectiveEdgeProperty.getVirtualArg(reflEdge);
+        }
+        if (!parameterIndex.isThis())
+            return invokeExp.getArg(parameterIndex.index());
+        else if (invokeExp instanceof InvokeInstanceExp instanceExp)
+            return instanceExp.getBase();
+
+        return null;
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/SetStatement.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/SetStatement.java
new file mode 100644
index 000000000..54ab7fe52
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/field/SetStatement.java
@@ -0,0 +1,25 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.field;
+
+import pascal.taie.ir.proginfo.FieldRef;
+
+import java.util.Objects;
+
+/**
+ * {@link SetStatement}表示需要向前去寻找callSite，并把这种抽象的Set行为作用到callSite处的指针（参数）的语句
+ * 和之前的SetStmt不同，现在的{@link SetStatement}并不一定是简单的{@link pascal.taie.ir.stmt.StoreField}语句
+ * 举个例子，如果Set方法内包含两层调用callSite(outer) -> set (包含callSite-inner) -> doSet方法
+ * 那么在doSet方法内部存在一个{@link SetStatement}，即为简单的{@link pascal.taie.ir.stmt.StoreField}语句
+ * 但是当我们从这个{@link SetStatement}出发，找到了set方法中的callSite-inner后，我们发现这个{@link SetStatement}抽象到callSite-inner后的base和rhs
+ * 仍然是**set**方法中的parameter，于是callSite-inner也被抽象成一个{@link SetStatement}，继续类似的操作（寻找callSite），
+ * 直到找到一个callSite，使得对应的base和rhs不再是方法的参数，此时建立**abstractStoreField，而不是{@link SetStatement}
+ * 具体的逻辑在solver中体现
+ * {@param baseIndex} 表示SetStatement的base变量对应的parameter index（因为他一定是方法的参数）
+ * {@param fieldRef} 该SetStatement对应的field
+ * {@param rhsIndex} 与baseIndex类似
+ */
+public record SetStatement(ParameterIndex baseIndex, FieldRef fieldRef, ParameterIndex rhsIndex) {
+    @Override
+    public String toString() {
+        return "[SetStmt]" + baseIndex().toString() + "." + fieldRef.getName() + " = " + rhsIndex.toString();
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/localflow/LocalFlowHandler.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/localflow/LocalFlowHandler.java
new file mode 100644
index 000000000..febec7692
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/localflow/LocalFlowHandler.java
@@ -0,0 +1,217 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.localflow;
+
+import pascal.taie.analysis.graph.callgraph.CallGraphs;
+import pascal.taie.analysis.graph.callgraph.Edge;
+import pascal.taie.analysis.graph.flowgraph.FlowKind;
+import pascal.taie.analysis.pta.core.cs.context.Context;
+import pascal.taie.analysis.pta.core.cs.element.CSCallSite;
+import pascal.taie.analysis.pta.core.cs.element.CSManager;
+import pascal.taie.analysis.pta.core.cs.element.CSMethod;
+import pascal.taie.analysis.pta.core.cs.element.CSVar;
+import pascal.taie.analysis.pta.core.heap.HeapModel;
+import pascal.taie.analysis.pta.core.heap.Obj;
+import pascal.taie.analysis.pta.core.solver.CutShortcutSolver;
+import pascal.taie.analysis.pta.core.solver.PointerFlowEdge;
+import pascal.taie.analysis.pta.core.solver.Solver;
+import pascal.taie.analysis.pta.plugin.Plugin;
+import pascal.taie.analysis.pta.plugin.cutshortcut.field.ParameterIndex;
+import pascal.taie.analysis.pta.pts.PointsToSet;
+import pascal.taie.ir.exp.InvokeExp;
+import pascal.taie.ir.exp.InvokeInstanceExp;
+import pascal.taie.ir.exp.Var;
+import pascal.taie.ir.stmt.*;
+import pascal.taie.language.classes.JMethod;
+import pascal.taie.util.AnalysisException;
+import pascal.taie.util.collection.Maps;
+import pascal.taie.util.collection.MultiMap;
+
+import java.util.List;
+
+import static pascal.taie.analysis.pta.core.solver.CutShortcutSolver.isConcerned;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.field.ParameterIndex.*;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.localflow.ParameterIndexOrNewObj.INDEX_THIS;
+
+public class LocalFlowHandler implements Plugin {
+    private CutShortcutSolver solver;
+
+    private CSManager csManager;
+
+    private HeapModel heapModel;
+
+    private int totIDMethod = 0;
+
+    // method -> set of parameter indices or new objects that are directly reach return vars without indirect-value flow
+    private final MultiMap<JMethod, ParameterIndexOrNewObj> directlyReturnParams = Maps.newMultiMap();
+
+    public void setSolver(Solver solver) {
+        if (solver instanceof CutShortcutSolver cutShortcutSolver) {
+            this.solver = cutShortcutSolver;
+            csManager = solver.getCSManager();
+            heapModel = solver.getHeapModel();
+        }
+        else
+            throw new AnalysisException("Invalid solver");
+    }
+
+    /*
+     * process <v, newPts(v)> for callsite r = v.k(...)
+     */
+    @Override
+    public void onNewPointsToSet(CSVar csVar, PointsToSet pts) {
+        Var base = csVar.getVar();
+        Context varContext = csVar.getContext();
+        // foreach r = v.k(...)
+        for (Invoke callSite : base.getInvokes()) {
+            Var lhs = callSite.getLValue(); // r
+            if (lhs != null && isConcerned(lhs)) {
+                CSVar csLHS = csManager.getCSVar(varContext, lhs); // <c, r>
+                pts.forEach(recvObj -> {
+                    // resolve v.k based on Type(o) where <c', o> \in newPts(v)
+                    JMethod callee = CallGraphs.resolveCallee(
+                            recvObj.getObject().getType(), callSite);
+                    // if v -> r holds for this callee, add <c', o> to newPts(r)
+                    if (callee != null && directlyReturnParams.get(callee).contains(INDEX_THIS))
+                        solver.addPointsTo(csLHS, recvObj);
+                });
+            }
+        }
+    }
+
+    @Override
+    public void onNewMethod(JMethod method) {
+        if (!method.isAbstract()) {
+            List<Var> retVars = method.getIR().getReturnVars();
+            MultiMap<Var, ParameterIndexOrNewObj> result = getVariablesAssignedFromParameters(method);
+            for (Var ret: retVars) {
+                if (!result.get(ret).isEmpty()) {
+                    totIDMethod++;
+                    break;
+                }
+            }
+            result.forEach((var, index) -> {
+                if (retVars.contains(var)) {
+                    solver.addSelectedMethod(method);
+                    directlyReturnParams.put(method, index);
+                    solver.addCutReturnVar(var);
+                }
+            });
+        }
+    }
+
+    private MultiMap<Var, ParameterIndexOrNewObj> getVariablesAssignedFromParameters(JMethod method) {
+        MultiMap<Var, ParameterIndexOrNewObj> result = Maps.newMultiMap();
+        MultiMap<Var, Stmt> definitions = Maps.newMultiMap();
+        method.getIR().forEach(stmt -> stmt.getDef().ifPresent(def -> {
+            if (def instanceof Var varDef)
+                definitions.put(varDef, stmt);
+        }));
+        for (int i = 0; i < method.getParamCount(); i++) {
+            Var param = method.getIR().getParam(i);
+            if (isConcerned(param)) { // parameter which is not redefined in the method body
+                if (definitions.get(param).isEmpty() || definitions.get(param).stream().allMatch(stmt -> stmt instanceof New)) {
+                    result.put(param, new ParameterIndexOrNewObj(false, getRealParameterIndex(i), null));
+                    definitions.get(param).forEach(stmt -> result.put(param,
+                            new ParameterIndexOrNewObj(true, null, heapModel.getObj((New) stmt)))
+                    );
+                }
+            }
+        }
+        Var thisVar = method.getIR().getThis();
+        if (thisVar != null)
+            result.put(thisVar, INDEX_THIS);
+
+        boolean changed = true;
+        int size = result.size();
+        while (size > 0 && changed) {
+            method.getIR().getVars().forEach(var -> {
+                boolean flag = true;
+                for (Stmt def: definitions.get(var)) {
+                    if (def instanceof Copy copy) {
+                        Var rhs = copy.getRValue();
+                        if (result.get(rhs).isEmpty()) {
+                            flag = false;
+                            break;
+                        }
+                    }
+                    else if (def instanceof Cast cast) {
+                        Var rhs = cast.getRValue().getValue();
+                        if (result.get(rhs).isEmpty()) {
+                            flag = false;
+                            break;
+                        }
+                    }
+                    else if (!(def instanceof New)) {
+                        flag = false;
+                        break;
+                    }
+                }
+                if (flag) {
+                    for (Stmt def: definitions.get(var)) {
+                        Var rhs;
+                        if (def instanceof Copy copy)
+                            rhs = copy.getRValue();
+                        else if (def instanceof Cast cast)
+                            rhs = cast.getRValue().getValue();
+                        else if (def instanceof New stmt) {
+                            Obj obj = heapModel.getObj(stmt);
+                            result.put(var, new ParameterIndexOrNewObj(true, null, obj));
+                            continue;
+                        }
+                        else
+                            throw new AnalysisException("Neither Copy not Cast: " + def + "!");
+                        result.get(rhs).forEach(index -> result.put(var, index));
+                    }
+                }
+            });
+            changed = result.size() != size;
+            size = result.size();
+        }
+        return result;
+    }
+
+    /*
+     * process <c, l: r = v.k(...)> --> <c', m>
+     */
+    @Override
+    public void onNewCallEdge(Edge<CSCallSite, CSMethod> edge) {
+        CSMethod csCallee = edge.getCallee(); // <c', m>
+        JMethod callee = csCallee.getMethod(); // m
+        Context calleeContext = csCallee.getContext(); // c'
+        CSCallSite csCallSite = edge.getCallSite(); // <c, l>
+        Context callSiteContext = csCallSite.getContext(); // c
+        Invoke callSite = csCallSite.getCallSite(); // l
+        InvokeExp invokeExp = callSite.getInvokeExp(); // r = v.k(...)
+        Var lhs = callSite.getLValue(); // r
+        if (lhs != null && isConcerned(lhs)) {
+            CSVar csLHS = csManager.getCSVar(callSiteContext, lhs); // <c, r>
+            directlyReturnParams.get(callee).forEach(indexOrObj -> {
+                // <c', o> \in newPts(<c, r>) \for o allocated in m
+                if (indexOrObj.isObj())
+                    solver.addPointsTo(csLHS, csManager.getCSObj(calleeContext, indexOrObj.obj()));
+                else {
+                    // in callee m, exist only direct-value flow between: this --> return.
+                    ParameterIndex index = indexOrObj.index();
+                    if (index == THISINDEX && invokeExp instanceof InvokeInstanceExp instanceExp) {
+                        CSVar csBase = csManager.getCSVar(callSiteContext, instanceExp.getBase()); // <c, v>
+                        solver.getPointsToSetOf(csBase).forEach(csObj -> {
+                            JMethod realCallee = CallGraphs.resolveCallee(csObj.getObject().getType(), callSite);
+                            // <c'', o> \in pts(<c, v>), Type(o) match m, then add <c'', o> to newPts(<c, r>)
+                            if (callee.equals(realCallee))
+                                solver.addPointsTo(csLHS, csObj);
+                        });
+                    }
+                    // exist direct-value flow between: parameter i --> return.
+                    if (index != THISINDEX) {
+                        assert index != null;
+                        Var arg = getCorrespondingArgument(edge, index); // ai
+                        // <c, ai> --> <c, r>
+                        if (arg != null && isConcerned(arg))
+                            solver.addPFGEdge(new PointerFlowEdge(FlowKind.ID, csManager.getCSVar(callSiteContext, arg), csLHS),
+                                    lhs.getType());
+                    }
+                }
+
+            });
+        }
+    }
+}
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/localflow/ParameterIndexOrNewObj.java b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/localflow/ParameterIndexOrNewObj.java
new file mode 100644
index 000000000..99f7632cc
--- /dev/null
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/cutshortcut/localflow/ParameterIndexOrNewObj.java
@@ -0,0 +1,16 @@
+package pascal.taie.analysis.pta.plugin.cutshortcut.localflow;
+
+import pascal.taie.analysis.pta.core.heap.Obj;
+import pascal.taie.analysis.pta.plugin.cutshortcut.field.ParameterIndex;
+
+import static pascal.taie.analysis.pta.plugin.cutshortcut.field.ParameterIndex.THISINDEX;
+
+public record ParameterIndexOrNewObj(boolean isObj, ParameterIndex index, Obj obj) {
+    public static ParameterIndexOrNewObj INDEX_THIS = new ParameterIndexOrNewObj(false, THISINDEX, null);
+
+    @Override
+    public String toString() {
+        return isObj ? obj.toString() : index.toString();
+    }
+}
+
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/reflection/ReflectiveActionModel.java b/src/main/java/pascal/taie/analysis/pta/plugin/reflection/ReflectiveActionModel.java
index da83b6371..e5811b0c2 100644
--- a/src/main/java/pascal/taie/analysis/pta/plugin/reflection/ReflectiveActionModel.java
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/reflection/ReflectiveActionModel.java
@@ -36,6 +36,7 @@
 import pascal.taie.analysis.pta.core.heap.Obj;
 import pascal.taie.analysis.pta.core.solver.PointerFlowEdge;
 import pascal.taie.analysis.pta.core.solver.Solver;
+import pascal.taie.analysis.pta.plugin.cutshortcut.ReflectiveEdgeProperty;
 import pascal.taie.analysis.pta.plugin.util.AnalysisModelPlugin;
 import pascal.taie.analysis.pta.plugin.util.CSObjs;
 import pascal.taie.analysis.pta.plugin.util.InvokeHandler;
@@ -53,6 +54,7 @@
 import pascal.taie.language.type.VoidType;
 import pascal.taie.util.collection.Maps;
 import pascal.taie.util.collection.MultiMap;
+import pascal.taie.analysis.pta.plugin.cutshortcut.ReflectiveEdgeProperty;
 
 import javax.annotation.Nullable;
 import java.util.Set;
@@ -61,6 +63,8 @@
 import static pascal.taie.analysis.graph.flowgraph.FlowKind.PARAMETER_PASSING;
 import static pascal.taie.analysis.graph.flowgraph.FlowKind.RETURN;
 import static pascal.taie.analysis.graph.flowgraph.FlowKind.STATIC_STORE;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.ReflectiveEdgeProperty.ReflectiveCallKind.METHOD_INVOKE;
+import static pascal.taie.analysis.pta.plugin.cutshortcut.ReflectiveEdgeProperty.ReflectiveCallKind.NEW_INSTANCE;
 import static pascal.taie.analysis.pta.plugin.util.InvokeUtils.BASE;
 
 /**
@@ -112,6 +116,7 @@ public class ReflectiveActionModel extends AnalysisModelPlugin {
         this.invokesWithLog = invokesWithLog;
     }
 
+    // reflection type: r = c.newInstance(args)
     @InvokeHandler(signature = "<java.lang.Class: java.lang.Object newInstance()>", argIndexes = {BASE})
     public void classNewInstance(Context context, Invoke invoke, PointsToSet classes) {
         classes.forEach(obj -> {
@@ -124,12 +129,13 @@ public void classNewInstance(Context context, Invoke invoke, PointsToSet classes
                 if (init != null && !typeMatcher.isUnmatched(invoke, init)) {
                     ClassType type = clazz.getType();
                     CSObj csNewObj = newReflectiveObj(context, invoke, type);
-                    addReflectiveCallEdge(context, invoke, csNewObj, init, null);
+                    addReflectiveCallEdge(context, invoke, csNewObj, init, null, NEW_INSTANCE);
                 }
             }
         });
     }
 
+    // reflection type: r = c.newInstance(args)
     @InvokeHandler(signature = "<java.lang.reflect.Constructor: java.lang.Object newInstance(java.lang.Object[])>", argIndexes = {BASE})
     public void constructorNewInstance(Context context, Invoke invoke, PointsToSet constructors) {
         constructors.forEach(obj -> {
@@ -141,7 +147,7 @@ public void constructorNewInstance(Context context, Invoke invoke, PointsToSet c
                 ClassType type = constructor.getDeclaringClass().getType();
                 CSObj csNewObj = newReflectiveObj(context, invoke, type);
                 addReflectiveCallEdge(context, invoke, csNewObj,
-                        constructor, invoke.getInvokeExp().getArg(0));
+                        constructor, invoke.getInvokeExp().getArg(0), NEW_INSTANCE);
             }
         });
     }
@@ -158,6 +164,7 @@ private CSObj newReflectiveObj(Context context, Invoke invoke, ReferenceType typ
         return csNewObj;
     }
 
+    // reflection type: r = m.invoke(obj, args)
     @InvokeHandler(signature = "<java.lang.reflect.Method: java.lang.Object invoke(java.lang.Object,java.lang.Object[])>", argIndexes = {BASE, 0})
     public void methodInvoke(Context context, Invoke invoke,
                              PointsToSet mtdObjs, PointsToSet recvObjs) {
@@ -168,12 +175,11 @@ public void methodInvoke(Context context, Invoke invoke,
             }
             JMethod target = CSObjs.toMethod(mtdObj);
             if (target != null && !typeMatcher.isUnmatched(invoke, target)) {
-                if (target.isStatic()) {
-                    addReflectiveCallEdge(context, invoke, null, target, argsVar);
-                } else {
+                if (target.isStatic())
+                    addReflectiveCallEdge(context, invoke, null, target, argsVar, METHOD_INVOKE);
+                else
                     recvObjs.forEach(recvObj ->
-                            addReflectiveCallEdge(context, invoke, recvObj, target, argsVar));
-                }
+                            addReflectiveCallEdge(context, invoke, recvObj, target, argsVar, METHOD_INVOKE));
             }
         });
     }
@@ -272,7 +278,7 @@ private boolean isInvalidTarget(Invoke invoke, CSObj metaObj) {
 
     private void addReflectiveCallEdge(
             Context callerCtx, Invoke callSite,
-            @Nullable CSObj recvObj, JMethod callee, Var args) {
+            @Nullable CSObj recvObj, JMethod callee, Var args, ReflectiveEdgeProperty.ReflectiveCallKind kind) {
         if (!callee.isConstructor() && !callee.isStatic()) {
             // dispatch for instance method (except constructor)
             assert recvObj != null : "recvObj is required for instance method";
@@ -284,15 +290,16 @@ private void addReflectiveCallEdge(
         }
         CSCallSite csCallSite = csManager.getCSCallSite(callerCtx, callSite);
         Context calleeCtx;
-        if (callee.isStatic()) {
+        if (callee.isStatic())
             calleeCtx = selector.selectContext(csCallSite, callee);
-        } else {
+        else {
             calleeCtx = selector.selectContext(csCallSite, recvObj, callee);
             // pass receiver object to 'this' variable of callee
             solver.addVarPointsTo(calleeCtx, callee.getIR().getThis(), recvObj);
         }
         ReflectiveCallEdge callEdge = new ReflectiveCallEdge(csCallSite,
                 csManager.getCSMethod(calleeCtx, callee), args);
+        ReflectiveEdgeProperty.setReflectiveKind(callEdge, kind);
         solver.addCallEdge(callEdge);
         allTargets.put(callSite, callee); // record target
     }
diff --git a/src/main/java/pascal/taie/analysis/pta/plugin/reflection/ReflectiveCallEdge.java b/src/main/java/pascal/taie/analysis/pta/plugin/reflection/ReflectiveCallEdge.java
index 423751912..c95994058 100644
--- a/src/main/java/pascal/taie/analysis/pta/plugin/reflection/ReflectiveCallEdge.java
+++ b/src/main/java/pascal/taie/analysis/pta/plugin/reflection/ReflectiveCallEdge.java
@@ -32,8 +32,7 @@
 /**
  * Represents reflective call edges.
  */
-class ReflectiveCallEdge extends OtherEdge<CSCallSite, CSMethod> {
-
+public class ReflectiveCallEdge extends OtherEdge<CSCallSite, CSMethod> {
     /**
      * Variable pointing to the array argument of reflective call,
      * which contains the arguments for the reflective target method, i.e.,
@@ -49,7 +48,7 @@ class ReflectiveCallEdge extends OtherEdge<CSCallSite, CSMethod> {
     }
 
     @Nullable
-    Var getArgs() {
+    public Var getArgs() {
         return args;
     }
 }
diff --git a/src/main/java/pascal/taie/config/Options.java b/src/main/java/pascal/taie/config/Options.java
index add8a63b7..fe8d49755 100644
--- a/src/main/java/pascal/taie/config/Options.java
+++ b/src/main/java/pascal/taie/config/Options.java
@@ -162,6 +162,14 @@ public boolean isPrependJVM() {
         return prependJVM;
     }
 
+    @JsonProperty
+    @Option(names = {"-lj", "--lib-jre"},
+            description = "JRE library path, (default: ${DEFAULT-VALUE})",
+            defaultValue = "java-benchmarks/JREs")
+    private String libJREPath;
+
+    public String getLibJREPath() { return libJREPath; }
+
     @JsonProperty
     @Option(names = {"-ap", "--allow-phantom"},
             description = "Allow Tai-e to process phantom references, i.e.," +
diff --git a/src/main/java/pascal/taie/ir/exp/Var.java b/src/main/java/pascal/taie/ir/exp/Var.java
index 403ce2f53..9bb0b0454 100644
--- a/src/main/java/pascal/taie/ir/exp/Var.java
+++ b/src/main/java/pascal/taie/ir/exp/Var.java
@@ -22,6 +22,8 @@
 
 package pascal.taie.ir.exp;
 
+import pascal.taie.analysis.pta.plugin.cutshortcut.field.AbstractLoadField;
+import pascal.taie.analysis.pta.plugin.cutshortcut.field.AbstractStoreField;
 import pascal.taie.ir.stmt.Invoke;
 import pascal.taie.ir.stmt.LoadArray;
 import pascal.taie.ir.stmt.LoadField;
@@ -253,6 +255,8 @@ private void readObject(ObjectInputStream s) throws IOException,
      * load array: x = v[i];
      * store array: v[i] = x;
      * invocation: v.f();
+     * abstract load field: x = absv.f; (for Cut-Shortcut analysis)
+     * abstract store field: absv.f = x; (for Cut-Shortcut analysis)
      * We use a separate class to store these relevant statements
      * (instead of directly storing them in {@link Var}) for saving space.
      * Most variables do not have any relevant statements, so these variables
diff --git a/src/main/java/pascal/taie/ir/stmt/FieldStmt.java b/src/main/java/pascal/taie/ir/stmt/FieldStmt.java
index 260054c43..0f7b5aa6a 100644
--- a/src/main/java/pascal/taie/ir/stmt/FieldStmt.java
+++ b/src/main/java/pascal/taie/ir/stmt/FieldStmt.java
@@ -32,7 +32,7 @@
  */
 public abstract class FieldStmt<L extends LValue, R extends RValue> extends AssignStmt<L, R> {
 
-    FieldStmt(L lvalue, R rvalue) {
+    protected FieldStmt(L lvalue, R rvalue) {
         super(lvalue, rvalue);
     }
 
diff --git a/src/main/java/pascal/taie/util/collection/Triplet.java b/src/main/java/pascal/taie/util/collection/Triplet.java
new file mode 100644
index 000000000..9c6b96bb8
--- /dev/null
+++ b/src/main/java/pascal/taie/util/collection/Triplet.java
@@ -0,0 +1,11 @@
+package pascal.taie.util.collection;
+
+import java.io.Serializable;
+
+public record Triplet <T1, T2, T3>(T1 first, T2 second, T3 third)
+        implements Serializable {
+    @Override
+    public String toString() {
+        return "<" + first + ", " + second + ", " + third + ">";
+    }
+}
diff --git a/src/main/resources/container-config/array-initializer.yml b/src/main/resources/container-config/array-initializer.yml
new file mode 100644
index 000000000..7038239a3
--- /dev/null
+++ b/src/main/resources/container-config/array-initializer.yml
@@ -0,0 +1,4 @@
+ArrayInit:
+  - {"signature": "<java.util.Arrays$ArrayList: void <init>(java.lang.Object[])>", "src": 0, "dst": -1}
+  - {"signature": "<java.util.Collections: boolean addAll(java.util.Collection,java.lang.Object[])>", "src": 1, "dst": 0}
+  - {"signature": "<java.util.concurrent.CopyOnWriteArrayList: void <init>(java.lang.Object[])>", "src": 0, "dst": -1}
diff --git a/src/main/resources/container-config/entrance-append.yml b/src/main/resources/container-config/entrance-append.yml
new file mode 100644
index 000000000..eb640b9e2
--- /dev/null
+++ b/src/main/resources/container-config/entrance-append.yml
@@ -0,0 +1,159 @@
+MapValue:
+  # HashMap, LinkedHashMap, TreeMap, Hashtable, WeakHashMap, IdentityHashMap, EnumMap
+  # ConcurrentHashMap, ConcurrentSkipListMap, Properties
+  - {signature: '<java.util.AbstractMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.HashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.TreeMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.IdentityHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.WeakHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.EnumMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.EnumMap: java.lang.Object put(java.lang.Enum,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Properties: java.lang.Object setProperty(java.lang.String,java.lang.String)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentHashMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentHashMap: java.lang.Object replace(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentHashMap: boolean replace(java.lang.Object,java.lang.Object,java.lang.Object)>', index: 2}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object replace(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: boolean replace(java.lang.Object,java.lang.Object,java.lang.Object)>', index: 2}
+
+  - {signature: '<java.util.Collections$SynchronizedMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Collections$CheckedMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Collections$SingletonMap: void <init>(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.TreeMap$NavigableSubMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 1}
+
+MapKey:
+  # HashMap, LinkedHashMap, TreeMap, Hashtable, WeakHashMap, IdentityHashMap, EnumMap
+  # ConcurrentHashMap, ConcurrentSkipListMap, Properties
+  - {signature: '<java.util.AbstractMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.HashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.TreeMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.IdentityHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.WeakHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.EnumMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.EnumMap: java.lang.Object put(java.lang.Enum,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentHashMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>', index: 0}
+
+  - {signature: '<java.util.Collections$SynchronizedMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$SingletonMap: void <init>(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.TreeMap$NavigableSubMap: java.lang.Object put(java.lang.Object,java.lang.Object)>', index: 0}
+
+ColValue:
+  # ArrayList, LinkedList, Vector, ArrayDeque, Stack, AbstractQueue, PriorityQueue, TreeSet
+  # SynchronousQueue, ConcurrentLinkedQueue, DelayQueue, ArrayBlockingQueue, LinkedBlockingQueue, PriorityBlockingQueue
+  # ConcurrentSkipListSet, CopyOnWriteArrayList
+  - {signature: '<java.util.ArrayList: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.ArrayList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.ArrayList: void add(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.LinkedList: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.LinkedList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.LinkedList: void add(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.LinkedList: void push(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.LinkedList: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.LinkedList: void addFirst(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.LinkedList: void addLast(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.LinkedList: boolean offerLast(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.LinkedList: boolean offerFirst(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.SubList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.SubList: void add(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Vector: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Vector: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Vector: void add(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Vector: void addElement(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Vector: void insertElementAt(java.lang.Object,int)>', index: 0}
+  - {signature: '<java.util.Vector: void setElementAt(java.lang.Object,int)>', index: 0}
+  - {signature: '<java.util.Stack: java.lang.Object push(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.HashSet: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.TreeSet: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.PriorityQueue: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.PriorityQueue: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.ArrayDeque: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.ArrayDeque: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.ArrayDeque: void addFirst(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.ArrayDeque: void addLast(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.ArrayDeque: boolean offerFirst(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.ArrayDeque: boolean offerLast(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.ArrayDeque: void push(java.lang.Object)>', index: 0}
+
+  - {signature: '<java.util.concurrent.ConcurrentLinkedQueue: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentLinkedQueue: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ArrayBlockingQueue: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ArrayBlockingQueue: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ArrayBlockingQueue: boolean offer(java.lang.Object,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.ArrayBlockingQueue: void put(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingQueue: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingQueue: void put(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingQueue: boolean offer(java.lang.Object,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.PriorityBlockingQueue: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.PriorityBlockingQueue: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.PriorityBlockingQueue: void put(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.PriorityBlockingQueue: boolean offer(java.lang.Object,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: boolean add(java.util.concurrent.Delayed)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: boolean offer(java.util.concurrent.Delayed)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: void put(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: void put(java.util.concurrent.Delayed)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: boolean offer(java.lang.Object,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: boolean offer(java.util.concurrent.Delayed,long,java.util.concurrent.TimeUnit)>', index: 0}
+
+  - {signature: '<java.util.concurrent.SynchronousQueue: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.SynchronousQueue: boolean offer(java.lang.Object,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.SynchronousQueue: void put(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: boolean offer(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: void addFirst(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: void addLast(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: void push(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: boolean offer(java.lang.Object,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: boolean offerFirst(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: boolean offerFirst(java.lang.Object,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: boolean offerLast(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: boolean offerLast(java.lang.Object,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: void put(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: void putFirst(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: void putLast(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListSet: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList: void add(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList: boolean addIfAbsent(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.concurrent.CopyOnWriteArraySet: boolean add(java.lang.Object)>', index: 0}
+
+  # those collection variables returned by Collection.xx(..), Arrays.asList(..). UnmodifiedCollection,List do not support entrance
+  - {signature: '<java.util.Collections$CopiesList: void <init>(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Collections$SingletonList: void <init>(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$SingletonSet: void <init>(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedCollection: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedCollection: boolean add(java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Collections$CheckedList: void add(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Collections$SynchronizedList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.Collections$SynchronizedList: void add(int,java.lang.Object)>', index: 1}
+
+  # Arrays.asList() 返回的内部类 (固定大小列表，set可用，add会抛异常但需建模)
+  - {signature: '<java.util.Arrays$ArrayList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  # ArrayList.subList()返回的内部类
+  - {signature: '<java.util.ArrayList$SubList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.ArrayList$SubList: void add(int,java.lang.Object)>', index: 1}
+  # CopyOnWriteArrayList.subList()返回的内部类
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList$COWSubList: java.lang.Object set(int,java.lang.Object)>', index: 1}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList$COWSubList: void add(int,java.lang.Object)>', index: 1}
+  # ScheduledThreadPoolExecutor内部类
+  - {signature: '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: boolean add(java.lang.Runnable)>', index: 0}
+  - {signature: '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: boolean offer(java.lang.Runnable)>', index: 0}
+  - {signature: '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: void put(java.lang.Runnable)>', index: 0}
+  - {signature: '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: boolean offer(java.lang.Runnable,long,java.util.concurrent.TimeUnit)>', index: 0}
+  - {signature: '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: void put(java.lang.Object)>', index: 0}
+
diff --git a/src/main/resources/container-config/entrance-extend.yml b/src/main/resources/container-config/entrance-extend.yml
new file mode 100644
index 000000000..374d0bdf2
--- /dev/null
+++ b/src/main/resources/container-config/entrance-extend.yml
@@ -0,0 +1,133 @@
+MapToMap:
+  - {signature: '<java.util.HashMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.HashMap: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.LinkedHashMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.TreeMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.TreeMap: void <init>(java.util.SortedMap)>', index: 0}
+  - {signature: '<java.util.TreeMap: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.IdentityHashMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.IdentityHashMap: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.AbstractMap: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.WeakHashMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.WeakHashMap: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.EnumMap: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.EnumMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.EnumMap: void <init>(java.util.EnumMap)>', index: 0}
+  - {signature: '<java.util.Hashtable: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.Hashtable: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.Properties: void <init>(java.util.Properties)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentHashMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentHashMap: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: void <init>(java.util.SortedMap)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap: void putAll(java.util.Map)>', index: 0}
+
+  # called in Collections.synchronizedMap(...)
+  - {signature: '<java.util.Collections$SynchronizedMap: void <init>(java.util.Map)>', index: 0}
+  # called in Collections.unmodifiableMap(...)
+  - {signature: '<java.util.Collections$UnmodifiableMap: void <init>(java.util.Map)>', index: 0}
+  - {signature: '<java.util.Collections$UnmodifiableMap: void putAll(java.util.Map)>', index: 0}
+  # called in Collections.unmodifiableSortedMap(...)
+  - {signature: '<java.util.Collections$UnmodifiableSortedMap: void <init>(java.util.SortedMap)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedMap: void putAll(java.util.Map)>', index: 0}
+  # called in Collections.checkedMap(...)
+  - {signature: '<java.util.Collections$CheckedMap: void putAll(java.util.Map)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedMap: void <init>(java.util.Map,java.lang.Class,java.lang.Class)>', index: 0}
+  # called in Collections.checkedSortedMap(...)
+  - {signature: '<java.util.Collections$CheckedSortedMap: void <init>(java.util.SortedMap,java.lang.Class,java.lang.Class)>', index: 0}
+
+  # TreeMap subView
+  - {signature: '<java.util.TreeMap$NavigableSubMap: void <init>(java.util.TreeMap,boolean,java.lang.Object,boolean,boolean,java.lang.Object,boolean)>', index: 0}
+  - {signature: '<java.util.TreeMap$AscendingSubMap: void <init>(java.util.TreeMap,boolean,java.lang.Object,boolean,boolean,java.lang.Object,boolean)>', index: 0}
+  - {signature: '<java.util.TreeMap$DescendingSubMap: void <init>(java.util.TreeMap,boolean,java.lang.Object,boolean,boolean,java.lang.Object,boolean)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListMap$SubMap: void <init>(java.util.concurrent.ConcurrentSkipListMap,java.lang.Object,boolean,java.lang.Object,boolean,boolean)>', index: 0}
+
+ColToCol:
+  - {signature: '<java.util.ArrayList: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.ArrayList: boolean addAll(int,java.util.Collection)>', index: 1}
+  - {signature: '<java.util.ArrayList: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.LinkedList: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.LinkedList: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.LinkedList: boolean addAll(int,java.util.Collection)>', index: 1}
+  - {signature: '<java.util.Vector: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.Vector: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.Vector: boolean addAll(int,java.util.Collection)>', index: 1}
+  - {signature: '<java.util.ArrayDeque: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.HashSet: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.LinkedHashSet: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.TreeSet: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.TreeSet: void <init>(java.util.SortedSet)>', index: 0}
+  - {signature: '<java.util.TreeSet: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.PriorityQueue: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.PriorityQueue: void <init>(java.util.PriorityQueue)>', index: 0}
+  - {signature: '<java.util.PriorityQueue: void <init>(java.util.SortedSet)>', index: 0}
+  - {signature: '<java.util.PriorityQueue: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.RandomAccessSubList: void <init>(java.util.AbstractList,int,int)>', index: 0}
+  - {signature: '<java.util.SubList: boolean addAll(int,java.util.Collection)>', index: 1}
+  - {signature: '<java.util.SubList: void <init>(java.util.AbstractList,int,int)>', index: 0}
+  - {signature: '<java.util.SubList: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.SubList: java.util.AbstractList access$100(java.util.SubList)>', index: 0}
+  - {signature: '<java.util.SubList: int access$000(java.util.SubList)>', index: 0}
+  - {signature: '<java.util.SubList: int access$200(java.util.SubList)>', index: 0}
+  - {signature: '<java.util.SubList: int access$210(java.util.SubList)>', index: 0}
+  - {signature: '<java.util.SubList: int access$208(java.util.SubList)>', index: 0}
+  - {signature: '<java.util.AbstractCollection: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.AbstractQueue: boolean addAll(java.util.Collection)>', index: 0}
+
+  - {signature: '<java.util.concurrent.ConcurrentLinkedQueue: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentLinkedQueue: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.ArrayBlockingQueue: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.ArrayBlockingQueue: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingQueue: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.LinkedBlockingDeque: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.PriorityBlockingQueue: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.PriorityBlockingQueue: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.DelayQueue: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListSet: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.ConcurrentSkipListSet: void <init>(java.util.SortedSet)>', index: 0}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList: int addAllAbsent(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.CopyOnWriteArraySet: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.concurrent.CopyOnWriteArraySet: boolean addAll(java.util.Collection)>', index: 0}
+
+  # inner class
+  - {signature: '<java.util.ArrayList$SubList: void <init>(java.util.ArrayList,java.util.AbstractList,int,int,int)>', index: 1}
+  - {signature: '<java.util.ArrayList$SubList: boolean addAll(int,java.util.Collection)>', index: 1}
+  - {signature: '<java.util.ArrayList$SubList: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.AbstractList: boolean addAll(int,java.util.Collection)>', index: 1}
+  - {signature: '<java.util.AbstractSequentialList: boolean addAll(int,java.util.Collection)>', index: 1}
+  - {signature: '<java.util.concurrent.CopyOnWriteArrayList$COWSubList: void <init>(java.util.concurrent.CopyOnWriteArrayList,int,int)>', index: 0}
+  - {signature: '<java.util.Collections$UnmodifiableCollection: void <init>(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedCollection: void <init>(java.util.Collection,java.lang.Class)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedCollection: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.Collections$UnmodifiableSet: void <init>(java.util.Set)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedSortedSet: void <init>(java.util.SortedSet)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedSortedSet: void <init>(java.util.SortedSet,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$AsLIFOQueue: void <init>(java.util.Deque)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedSet: void <init>(java.util.Set,java.lang.Class)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedCollection: void <init>(java.util.Collection,java.lang.Class)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedCollection: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedCollection: void <init>(java.util.Collection,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedList: void <init>(java.util.List,java.lang.Class)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedSet: void <init>(java.util.Set)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedSet: void <init>(java.util.Set,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedList: void <init>(java.util.List)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedList: void <init>(java.util.List,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$UnmodifiableRandomAccessList: void <init>(java.util.List)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedRandomAccessList: void <init>(java.util.List)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedRandomAccessList: void <init>(java.util.List,java.lang.Object)>', index: 0}
+  - {signature: '<java.util.Collections$EmptyList: void <init>(java.util.Collections$1)>', index: 0}
+  - {signature: '<java.util.Collections$UnmodifiableSortedSet: void <init>(java.util.SortedSet)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedSortedSet: void <init>(java.util.SortedSet,java.lang.Class)>', index: 0}
+  - {signature: '<java.util.Collections$UnmodifiableList: void <init>(java.util.List)>', index: 0}
+  - {signature: '<java.util.Collections$UnmodifiableSet: void <init>(java.util.Set)>', index: 0}
+  - {signature: '<java.util.Collections$CheckedRandomAccessList: void <init>(java.util.List,java.lang.Class)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedCollection: boolean addAll(java.util.Collection)>', index: 0}
+  - {signature: '<java.util.Collections$SynchronizedList: boolean addAll(int,java.util.Collection)>', index: 1}
+  - {signature: '<java.util.Collections$CheckedList: boolean addAll(int,java.util.Collection)>', index: 1}
+
+MapKeySetToCol:
+  - {signature: '<java.util.Collections$SetFromMap: void <init>(java.util.Map)>', index: 0}
+  - # Although ConcurrentSkipListSet is collection, its iterator return ConcurrentNavigableMap.keyIter(), hence for ptsH, consider it as a map.
+  - {signature: '<java.util.concurrent.ConcurrentSkipListSet: void <init>(java.util.concurrent.ConcurrentNavigableMap)>', index: 0}
diff --git a/src/main/resources/container-config/exit.yml b/src/main/resources/container-config/exit.yml
new file mode 100644
index 000000000..4234f670b
--- /dev/null
+++ b/src/main/resources/container-config/exit.yml
@@ -0,0 +1,342 @@
+ColValue:
+  # ArrayList, LinkedList, Vector, ArrayDeque, Stack, SubList, PriorityQueue, TreeSet
+  # SynchronousQueue, ConcurrentLinkedQueue, DelayQueue, ArrayBlockingQueue, LinkedBlockingQueue, PriorityBlockingQueue
+  # ConcurrentSkipListSet, CopyOnWriteArrayList
+  - '<java.util.AbstractList: java.lang.Object remove(int)>'
+  - '<java.util.ArrayList: java.lang.Object get(int)>'
+  - '<java.util.ArrayList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.ArrayList: java.lang.Object remove(int)>'
+  - '<java.util.LinkedList: java.lang.Object pop()>'
+  - '<java.util.LinkedList: java.lang.Object peekFirst()>'
+  - '<java.util.LinkedList: java.lang.Object peekLast()>'
+  - '<java.util.LinkedList: java.lang.Object pollFirst()>'
+  - '<java.util.LinkedList: java.lang.Object pollLast()>'
+  - '<java.util.LinkedList: java.lang.Object element()>'
+  - '<java.util.LinkedList: java.lang.Object remove()>'
+  - '<java.util.LinkedList: java.lang.Object poll()>'
+  - '<java.util.LinkedList: java.lang.Object peek()>'
+  - '<java.util.LinkedList: java.lang.Object getFirst()>'
+  - '<java.util.LinkedList: java.lang.Object getLast()>'
+  - '<java.util.LinkedList: java.lang.Object removeFirst()>'
+  - '<java.util.LinkedList: java.lang.Object removeLast()>'
+  - '<java.util.LinkedList: java.lang.Object get(int)>'
+  - '<java.util.LinkedList: java.lang.Object remove(int)>'
+  - '<java.util.SubList: java.lang.Object remove(int)>'
+  - '<java.util.SubList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.SubList: java.lang.Object get(int)>'
+  - '<java.util.Vector: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.Vector: java.lang.Object get(int)>'
+  - '<java.util.Vector: java.lang.Object elementAt(int)>'
+  - '<java.util.Vector: java.lang.Object firstElement()>'
+  - '<java.util.Vector: java.lang.Object lastElement()>'
+  - '<java.util.Vector: java.lang.Object remove(int)>'
+  - '<java.util.ArrayDeque: java.lang.Object removeFirst()>'
+  - '<java.util.ArrayDeque: java.lang.Object removeLast()>'
+  - '<java.util.ArrayDeque: java.lang.Object pollFirst()>'
+  - '<java.util.ArrayDeque: java.lang.Object pollLast()>'
+  - '<java.util.ArrayDeque: java.lang.Object getFirst()>'
+  - '<java.util.ArrayDeque: java.lang.Object getLast()>'
+  - '<java.util.ArrayDeque: java.lang.Object peekFirst()>'
+  - '<java.util.ArrayDeque: java.lang.Object peekLast()>'
+  - '<java.util.ArrayDeque: java.lang.Object remove()>'
+  - '<java.util.ArrayDeque: java.lang.Object poll()>'
+  - '<java.util.ArrayDeque: java.lang.Object element()>'
+  - '<java.util.ArrayDeque: java.lang.Object peek()>'
+  - '<java.util.ArrayDeque: java.lang.Object pop()>'
+  - '<java.util.ArrayDeque: java.lang.Object remove()>'
+  - '<java.util.Stack: java.lang.Object pop()>'
+  - '<java.util.Stack: java.lang.Object peek()>'
+  - '<java.util.Stack: java.lang.Object push(java.lang.Object)>'
+  - '<java.util.PriorityQueue: java.lang.Object peek()>'
+  - '<java.util.PriorityQueue: java.lang.Object poll()>'
+  - '<java.util.TreeSet: java.lang.Object lower(java.lang.Object)>'
+  - '<java.util.TreeSet: java.lang.Object floor(java.lang.Object)>'
+  - '<java.util.TreeSet: java.lang.Object ceiling(java.lang.Object)>'
+  - '<java.util.TreeSet: java.lang.Object higher(java.lang.Object)>'
+  - '<java.util.TreeSet: java.lang.Object pollFirst()>'
+  - '<java.util.TreeSet: java.lang.Object pollLast()>'
+  - '<java.util.TreeSet: java.lang.Object first()>'
+  - '<java.util.TreeSet: java.lang.Object last()>'
+  - '<java.util.concurrent.SynchronousQueue: java.lang.Object take()>'
+  - '<java.util.concurrent.SynchronousQueue: java.lang.Object poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.SynchronousQueue: java.lang.Object poll()>'
+  - '<java.util.concurrent.SynchronousQueue: java.lang.Object peek()>'
+  - '<java.util.concurrent.ConcurrentLinkedQueue: java.lang.Object peek()>'
+  - '<java.util.concurrent.ConcurrentLinkedQueue: java.lang.Object poll()>'
+  - '<java.util.concurrent.DelayQueue: java.util.concurrent.Delayed poll()>'
+  - '<java.util.concurrent.DelayQueue: java.lang.Object poll()>'
+  - '<java.util.concurrent.DelayQueue: java.util.concurrent.Delayed take()>'
+  - '<java.util.concurrent.DelayQueue: java.lang.Object take()>'
+  - '<java.util.concurrent.DelayQueue: java.util.concurrent.Delayed poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.DelayQueue: java.lang.Object poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.DelayQueue: java.util.concurrent.Delayed peek()>'
+  - '<java.util.concurrent.DelayQueue: java.lang.Object peek()>'
+  - '<java.util.concurrent.ArrayBlockingQueue: java.lang.Object poll()>'
+  - '<java.util.concurrent.ArrayBlockingQueue: java.lang.Object take()>'
+  - '<java.util.concurrent.ArrayBlockingQueue: java.lang.Object poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.ArrayBlockingQueue: java.lang.Object peek()>'
+  - '<java.util.concurrent.PriorityBlockingQueue: java.lang.Object take()>'
+  - '<java.util.concurrent.PriorityBlockingQueue: java.lang.Object poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.PriorityBlockingQueue: java.lang.Object poll()>'
+  - '<java.util.concurrent.PriorityBlockingQueue: java.lang.Object peek()>'
+  - '<java.util.concurrent.LinkedBlockingQueue: java.lang.Object take()>'
+  - '<java.util.concurrent.LinkedBlockingQueue: java.lang.Object poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.LinkedBlockingQueue: java.lang.Object poll()>'
+  - '<java.util.concurrent.LinkedBlockingQueue: java.lang.Object peek()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object removeFirst()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object removeLast()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object pollFirst()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object pollLast()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object takeFirst()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object takeLast()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object pollFirst(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object pollLast(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object getFirst()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object getLast()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object peekFirst()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object peekLast()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object remove()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object poll()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object take()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object element()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object peek()>'
+  - '<java.util.concurrent.LinkedBlockingDeque: java.lang.Object pop()>'
+  - '<java.util.concurrent.ConcurrentSkipListSet: java.lang.Object lower(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListSet: java.lang.Object floor(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListSet: java.lang.Object ceiling(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListSet: java.lang.Object higher(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListSet: java.lang.Object pollFirst()>'
+  - '<java.util.concurrent.ConcurrentSkipListSet: java.lang.Object pollLast()>'
+  - '<java.util.concurrent.ConcurrentSkipListSet: java.lang.Object first()>'
+  - '<java.util.concurrent.ConcurrentSkipListSet: java.lang.Object last()>'
+  - '<java.util.concurrent.CopyOnWriteArrayList: java.lang.Object get(int)>'
+  - '<java.util.concurrent.CopyOnWriteArrayList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.concurrent.CopyOnWriteArrayList: java.lang.Object remove(int)>'
+  - '<java.util.Arrays$ArrayList: java.lang.Object get(int)>'
+  - '<java.util.Arrays$ArrayList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.ArrayList$SubList: java.lang.Object get(int)>'
+  - '<java.util.ArrayList$SubList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.Collections$CopiesList: java.lang.Object get(int)>'
+  - '<java.util.Collections$SingletonList: java.lang.Object get(int)>'
+  - '<java.util.Collections$CheckedList: java.lang.Object get(int)>'
+  - '<java.util.Collections$SynchronizedList: java.lang.Object get(int)>'
+  - '<java.util.Collections$EmptyList: java.lang.Object get(int)>'
+  - '<java.util.Collections$UnmodifiableList: java.lang.Object get(int)>'
+  - '<java.util.Collections$UnmodifiableList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.Collections$SynchronizedList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.Collections$CheckedList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.Collections$AsLIFOQueue: java.lang.Object poll()>'
+  - '<java.util.Collections$AsLIFOQueue: java.lang.Object remove()>'
+  - '<java.util.Collections$AsLIFOQueue: java.lang.Object peek()>'
+  - '<java.util.Collections$AsLIFOQueue: java.lang.Object element()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Runnable poll()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Runnable peek()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Runnable take()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Runnable poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Runnable remove()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Runnable element()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Object poll(long,java.util.concurrent.TimeUnit)>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Object take()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Object peek()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Object element()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Object poll()>'
+  - '<java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue: java.lang.Object remove()>'
+  - '<java.util.concurrent.CopyOnWriteArrayList$COWSubList: java.lang.Object set(int,java.lang.Object)>'
+  - '<java.util.concurrent.CopyOnWriteArrayList$COWSubList: java.lang.Object get(int)>'
+  - '<java.util.concurrent.CopyOnWriteArrayList$COWSubList: java.lang.Object remove(int)>'
+
+MapValue:
+  # HashMap, LinkedHashMap, TreeMap, Hashtable, WeakHashMap, IdentityHashMap, EnumMap
+  # ConcurrentHashMap, ConcurrentSkipListMap, Properties
+  - '<java.util.AbstractMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.AbstractMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.HashMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.HashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.HashMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.LinkedHashMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.WeakHashMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.WeakHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.WeakHashMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.IdentityHashMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.IdentityHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.IdentityHashMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.TreeMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.TreeMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.TreeMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.Hashtable: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.Hashtable: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.Hashtable: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.EnumMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.EnumMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.EnumMap: java.lang.Object put(java.lang.Enum,java.lang.Object)>'
+  - '<java.util.EnumMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.Properties: java.lang.String getProperty(java.lang.String)>'
+  - '<java.util.Properties: java.lang.String getProperty(java.lang.String,java.lang.String)>'
+  - '<java.util.Properties: java.lang.Object setProperty(java.lang.String,java.lang.String)>'
+  - '<java.util.concurrent.ConcurrentHashMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentHashMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentHashMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentHashMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentHashMap: java.lang.Object replace(java.lang.Object,java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object replace(java.lang.Object,java.lang.Object)>'
+  - '<java.util.Collections$SynchronizedMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.Collections$SynchronizedMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.Collections$CheckedMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.Collections$CheckedMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object remove(java.lang.Object)>'
+  # ===== 漏掉的 ConcurrentSkipListMap 子视图操作 =====
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object get(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object put(java.lang.Object,java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object remove(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object putIfAbsent(java.lang.Object,java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object replace(java.lang.Object,java.lang.Object)>'
+
+
+MapKey:
+  # TreeMap, ConcurrentSkipListMap
+  - '<java.util.TreeMap: java.lang.Object firstKey()>'
+  - '<java.util.TreeMap: java.lang.Object lastKey()>'
+  - '<java.util.TreeMap: java.lang.Object lowerKey(java.lang.Object)>'
+  - '<java.util.TreeMap: java.lang.Object floorKey(java.lang.Object)>'
+  - '<java.util.TreeMap: java.lang.Object ceilingKey(java.lang.Object)>'
+  - '<java.util.TreeMap: java.lang.Object higherKey(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object firstKey()>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object lastKey()>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object lowerKey(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object floorKey(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object ceilingKey(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap: java.lang.Object higherKey(java.lang.Object)>'
+  # inner class
+  - '<java.util.Collections$UnmodifiableSortedMap: java.lang.Object firstKey()>'
+  - '<java.util.Collections$UnmodifiableSortedMap: java.lang.Object lastKey()>'
+  - '<java.util.Collections$SynchronizedSortedMap: java.lang.Object firstKey()>'
+  - '<java.util.Collections$SynchronizedSortedMap: java.lang.Object lastKey()>'
+  - '<java.util.Collections$CheckedSortedMap: java.lang.Object firstKey()>'
+  - '<java.util.Collections$CheckedSortedMap: java.lang.Object lastKey()>'
+  - '<java.util.Collections$CheckedNavigableMap: java.lang.Object firstKey()>'
+  - '<java.util.Collections$CheckedNavigableMap: java.lang.Object lastKey()>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object ceilingKey(java.lang.Object)>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object higherKey(java.lang.Object)>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object floorKey(java.lang.Object)>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object lowerKey(java.lang.Object)>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object firstKey()>'
+  - '<java.util.TreeMap$NavigableSubMap: java.lang.Object lastKey()>'
+  - '<java.util.TreeMap$SubMap: java.lang.Object firstKey()>'
+  - '<java.util.TreeMap$SubMap: java.lang.Object lastKey()>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object ceilingKey(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object lowerKey(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object higherKey(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object floorKey(java.lang.Object)>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object firstKey()>'
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap: java.lang.Object lastKey()>'
+
+
+# ArrayList, LinkedList, Vector, ArrayDeque, Stack, SubList, PriorityQueue, TreeSet
+# SynchronousQueue, ConcurrentLinkedQueue, DelayQueue, ArrayBlockingQueue, LinkedBlockingQueue, PriorityBlockingQueue
+# ConcurrentSkipListSet, CopyOnWriteArrayList
+# 注意不要包括Map.entrySet.Iterator.next方法，这一类为Transfer而不是Exit，
+# Set的iterator返回的可能是Map.keyIterator()，因此如果r = v.next()调用Map.keyIterator()，如果v是collection，那么r是Col-Value；如果是Map.keySet，那么是
+ColIter:
+  - '<java.util.AbstractList$Itr: java.lang.Object next()>' # AbstractList.iterator()
+  - '<java.util.AbstractList$ListItr: java.lang.Object previous()>' # AbstractList.listIterator()
+  - '<java.util.ArrayList$Itr: java.lang.Object next()>' # ArrayList.iterator()
+  - '<java.util.ArrayList$ListItr: java.lang.Object previous()>' # ArrayList.listIterator()
+  - '<java.util.ArrayList$SubList$1: java.lang.Object next()>' # ArrayList.SubList.listIterator(), anymous class
+  - '<java.util.ArrayList$SubList$1: java.lang.Object previous()>'
+  - '<java.util.LinkedList$ListItr: java.lang.Object next()>' # LinkedList.iterator()/listIterator()
+  - '<java.util.LinkedList$ListItr: java.lang.Object previous()>'
+  - '<java.util.LinkedList$DescendingIterator: java.lang.Object next()>' # LinkedList.descendingIterator()
+  - '<java.util.SubList$1: java.lang.Object next()>' # SubList.listIterator(), anymous class
+  - '<java.util.SubList$1: java.lang.Object previous()>'
+  - '<java.util.Vector$Itr: java.lang.Object next()>' # Vector.iterator()
+  - '<java.util.Vector$ListItr: java.lang.Object previous()>' # Vector.listIterator()
+  - '<java.util.Vector$1: java.lang.Object nextElement()>' # Vector.elements()
+  - '<java.util.PriorityQueue$Itr: java.lang.Object next()>' # PriorityDeque.iterator()
+  - '<java.util.ArrayDeque$DeqIterator: java.lang.Object next()>' # ArrayDeque.iterator()
+  - '<java.util.ArrayDeque$DescendingIterator: java.lang.Object next()>' # ArrayDeque.descendingIterator()
+  - '<java.util.AbstractMap$1$1: java.lang.Object next()>' # AbstractMap.keySet().iterator()
+  - '<java.util.AbstractMap$2$1: java.lang.Object next()>' # AbstractMap.values().iterator()
+  - '<java.util.HashMap$ValueIterator: java.lang.Object next()>' # HashMap.values().iterator()
+  - '<java.util.HashMap$KeyIterator: java.lang.Object next()>' # HashMap.keySet().iterator()/HashSet.iterator()
+  - '<java.util.HashMap$ValueIterator: java.lang.Object next()>' # HashMap.values().iterator()
+  - '<java.util.WeakHashMap$KeyIterator: java.lang.Object next()>' # WeakHashMap.keySet().iterator()
+  - '<java.util.WeakHashMap$ValueIterator: java.lang.Object next()>' # WeakHashMap.values().iterator()
+  - '<java.util.IdentityHashMap$KeyIterator: java.lang.Object next()>' # IdentityHashMap.keySet().iterator()
+  - '<java.util.IdentityHashMap$ValueIterator: java.lang.Object next()>' # IdentityHashMap.values().iterator()
+  - '<java.util.EnumMap$KeyIterator: java.lang.Object next()>' # EnumMap.keySet().iterator()
+  - '<java.util.EnumMap$ValueIterator: java.lang.Object next()>' # EnumMap.values().iterator()
+  - '<java.util.TreeMap$KeyIterator: java.lang.Object next()>' # TreeMap.keySet().iterator()/TreeSet.iterator()
+  - '<java.util.TreeMap$DescendingKeyIterator: java.lang.Object next()>' # TreeMap.keySet().descendingIterator()/TreeSet.descendingIterator()
+  - '<java.util.TreeMap$ValueIterator: java.lang.Object next()>' # TreeMap.values().iterator()
+  - '<java.util.TreeMap$NavigableSubMap$SubMapKeyIterator: java.lang.Object next()>' # TreeMap.keySet().iterator()/TreeSet.iterator()
+  - '<java.util.TreeMap$NavigableSubMap$DescendingSubMapKeyIterator: java.lang.Object next()>' # TreeMap.keySet().descendingIterator()/TreeSet.descendingIterator()
+  # Hashtable.keys() => MAP_KEY_ITR, keySet() => MAP_KEY_SET, elements() => MAP_VALUE_ITR, values() => MAP_VALUES
+  - '<java.util.Hashtable$Enumerator: java.lang.Object next()>' # HashTable.keySet()/values().iterator()
+  - '<java.util.Hashtable$Enumerator: java.lang.Object nextElement()>'
+  # ConcurrentHashMap.keys() => MAP_KEY_ITR, keySet() => MAP_KEY_SET, elements() => MAP_VALUE_ITR, values() => MAP_VALUES
+  - '<java.util.concurrent.ConcurrentHashMap$KeyIterator: java.lang.Object next()>' # ConcurrentHashMap.keySet().iterator()
+  - '<java.util.concurrent.ConcurrentHashMap$KeyIterator: java.lang.Object nextElement()>'
+  - '<java.util.concurrent.ConcurrentHashMap$ValueIterator: java.lang.Object next()>' # ConcurrentHashMap.values().iterator()
+  - '<java.util.concurrent.ConcurrentHashMap$ValueIterator: java.lang.Object nextElement()>'
+  # ConcurrentSkipListMap
+  - '<java.util.concurrent.ConcurrentSkipListMap$KeyIterator: java.lang.Object next()>' # ConcurrentSkipListMap.keySet().iterator()
+  - '<java.util.concurrent.ConcurrentSkipListMap$ValueIterator: java.lang.Object next()>' # ConcurrentSkipListMap.values().iterator()
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap$SubMapKeyIterator: java.lang.Object next()>' # ConcurrentSkipListMap.subMap().keySet().iterator()
+  - '<java.util.concurrent.ConcurrentSkipListMap$SubMap$SubMapValueIterator: java.lang.Object next()>' # ConcurrentSkipListMap.subMap().values().iterator()
+  - '<java.util.concurrent.ConcurrentLinkedQueue$Itr: java.lang.Object next()>'
+  - '<java.util.concurrent.ArrayBlockingQueue$Itr: java.lang.Object next()>'
+  - '<java.util.concurrent.LinkedBlockingQueue$Itr: java.lang.Object next()>'
+  - '<java.util.concurrent.LinkedBlockingDeque$AbstractItr: java.lang.Object next()>'
+  - '<java.util.concurrent.PriorityBlockingQueue$Itr: java.lang.Object next()>'
+  - '<java.util.concurrent.DelayQueue$Itr: java.lang.Object next()>'
+  - '<java.util.concurrent.CopyOnWriteArrayList$COWIterator: java.lang.Object next()>'
+  - '<java.util.concurrent.CopyOnWriteArrayList$COWIterator: java.lang.Object previous()>'
+  - '<java.util.Collections$UnmodifiableCollection$1: java.lang.Object next()>' # Collections.unmodifiableCollection().iterator()
+  - '<java.util.Collections$UnmodifiableList$1: java.lang.Object next()>' # Collections.unmodifiableList().iterator()
+  - '<java.util.Collections$CheckedCollection$1: java.lang.Object next()>' # Collections.checkedCollection().iterator()
+  - '<java.util.Collections$CheckedList$1: java.lang.Object next()>' # Collections.checkedList().listIterator()
+  - '<java.util.Collections$1: java.lang.Object next()>' # Collections.singletonSet()/singletonList().listIterator()
+  - '<java.util.HashMap$EntryIterator: java.util.Map$Entry next()>' # HashMap.entrySet().iterator()
+  - '<java.util.WeakHashMap$EntryIterator: java.util.Map$Entry next()>' # WeakHashMap.entrySet().iterator()
+  - '<java.util.IdentityHashMap$EntryIterator: java.util.Map$Entry next()>' # IdentityHashMap.entrySet().iterator()
+  - '<java.util.TreeMap$NavigableSubMap$SubMapEntryIterator: java.util.Map$Entry next()>' # TreeMap.subMap().entrySet().iterator()
+  - '<java.util.TreeMap$NavigableSubMap$DescendingSubMapEntryIterator: java.util.Map$Entry next()>' # TreeMap.descendingMap().entrySet().iterator()
+  - '<java.util.EnumMap$EntryIterator: java.util.Map$Entry next()>' # EnumMap.entrySet().iterator()
+  - '<java.util.TreeMap$EntryIterator: java.util.Map$Entry next()>' # TreeMap.entrySet().iterator()
+
+#MapGetKey:
+#  - '<java.util.AbstractMap$SimpleEntry: java.lang.Object getKey()>'
+#  - '<java.util.AbstractMap$SimpleImmutableEntry: java.lang.Object getKey()>'
+#  - '<java.util.HashMap$Node: java.lang.Object getKey()>'
+#  - '<java.util.TreeMap$Entry: java.lang.Object getKey()>'
+#  - '<java.util.Hashtable$Entry: java.lang.Object getKey()>'
+#  - '<java.util.WeakHashMap$Entry: java.lang.Object getKey()>'
+#  - '<java.util.IdentityHashMap$EntryIterator$Entry: java.lang.Object getKey()>'
+#  - '<java.util.EnumMap$EntryIterator$Entry: java.lang.Object getKey()>'
+#  - '<java.util.concurrent.ConcurrentHashMap$Node: java.lang.Object getKey()>'
+#  - '<java.util.concurrent.ConcurrentHashMap$MapEntry: java.lang.Object getKey()>'
+#  - '<java.util.concurrent.ConcurrentSkipListMap$Node: java.lang.Object getKey()>'
+#  - '<java.util.Collections$CheckedMap$CheckedEntrySet$CheckedEntry: java.lang.Object getKey()>'
+#  - '<java.util.Collections$UnmodifiableMap$UnmodifiableEntrySet$UnmodifiableEntry: java.lang.Object getKey()>'
+#
+#MapGetValue:
+#  - '<java.util.AbstractMap$SimpleEntry: java.lang.Object getValue()>'
+#  - '<java.util.AbstractMap$SimpleImmutableEntry: java.lang.Object getValue()>'
+#  - '<java.util.HashMap$Node: java.lang.Object getValue()>'
+#  - '<java.util.TreeMap$Entry: java.lang.Object getValue()>'
+#  - '<java.util.Hashtable$Entry: java.lang.Object getValue()>'
+#  - '<java.util.WeakHashMap$Entry: java.lang.Object getValue()>'
+#  - '<java.util.IdentityHashMap$EntryIterator$Entry: java.lang.Object getValue()>'
+#  - '<java.util.EnumMap$EntryIterator$Entry: java.lang.Object getValue()>'
+#  - '<java.util.concurrent.ConcurrentHashMap$Node: java.lang.Object getValue()>'
+#  - '<java.util.concurrent.ConcurrentHashMap$MapEntry: java.lang.Object getValue()>'
+#  - '<java.util.concurrent.ConcurrentSkipListMap$Node: java.lang.Object getValue()>'
+#  - '<java.util.Collections$CheckedMap$CheckedEntrySet$CheckedEntry: java.lang.Object getValue()>'
+#  - '<java.util.Collections$UnmodifiableMap$UnmodifiableEntrySet$UnmodifiableEntry: java.lang.Object getValue()>'
diff --git a/src/main/resources/container-config/host-classes.yml b/src/main/resources/container-config/host-classes.yml
new file mode 100644
index 000000000..113d7d8ec
--- /dev/null
+++ b/src/main/resources/container-config/host-classes.yml
@@ -0,0 +1,121 @@
+Col:
+  - "java.util.ArrayList"
+  - "java.util.LinkedList"
+  - "java.util.SubList"
+  - "java.util.RandomAccessSubList"
+  - "java.util.Vector"
+  - "java.util.Stack"
+  - "java.util.PriorityQueue"
+  - "java.util.ArrayDeque"
+  - "java.util.HashSet"
+  - "java.util.LinkedHashSet"
+  - "java.util.TreeSet"
+  - "java.util.concurrent.ConcurrentLinkedQueue"
+  - "java.util.concurrent.ArrayBlockingQueue"
+  - "java.util.concurrent.LinkedBlockingQueue"
+  - "java.util.concurrent.LinkedBlockingDeque"
+  - "java.util.concurrent.PriorityBlockingQueue"
+  - "java.util.concurrent.DelayQueue"
+  - "java.util.concurrent.SynchronousQueue"
+  - "java.util.concurrent.ConcurrentSkipListSet"
+  - "java.util.concurrent.CopyOnWriteArrayList"
+  - "java.util.concurrent.CopyOnWriteArraySet"
+
+  # inner class
+  - "java.util.Arrays$ArrayList"
+  - "java.util.ArrayList$SubList"
+  - "java.util.concurrent.CopyOnWriteArrayList$COWSubList"
+  - "java.util.Collections$UnmodifiableCollection"
+  - "java.util.Collections$UnmodifiableSet"
+  - "java.util.Collections$UnmodifiableSortedSet"
+  - "java.util.Collections$CopiesList"
+  - "java.util.Collections$AsLIFOQueue"
+  - "java.util.Collections$SynchronizedCollection"
+  - "java.util.Collections$UnmodifiableList"
+  - "java.util.Collections$CheckedCollection"
+  - "java.util.Collections$EmptySet"
+  - "java.util.Collections$SetFromMap"
+  - "java.util.Collections$SynchronizedList"
+  - "java.util.Collections$SynchronizedRandomAccessList"
+  - "java.util.Collections$SynchronizedSet"
+  - "java.util.Collections$CheckedList"
+  - "java.util.Collections$CheckedRandomAccessList"
+  - "java.util.Collections$UnmodifiableRandomAccessList"
+  - "java.util.Collections$SingletonSet"
+  - "java.util.Collections$SingletonList"
+  - "java.util.Collections$CheckedSet"
+  - "java.util.Collections$EmptyList"
+  - "java.util.Collections$CheckedSortedSet"
+  - "java.util.Collections$SynchronizedSortedSet"
+  - "java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue"
+
+Map:
+  - "java.util.HashMap"
+  - "java.util.LinkedHashMap"
+  - "java.util.IdentityHashMap"
+  - "java.util.TreeMap"
+  - "java.util.AbstractMap"
+  - "java.util.Hashtable"
+  - "java.util.WeakHashMap"
+  - "java.util.EnumMap"
+  - "java.util.Properties"
+
+  - "java.util.concurrent.ConcurrentHashMap"
+  - "java.util.concurrent.ConcurrentSkipListMap"
+  - "java.util.Collections$SynchronizedMap"
+  - "java.util.Collections$SynchronizedSortedMap"
+  - "java.util.Collections$EmptyMap"
+  - "java.util.Collections$UnmodifiableMap"
+  - "java.util.Collections$UnmodifiableSortedMap"
+  - "java.util.Collections$SingletonMap"
+  - "java.util.Collections$CheckedMap"
+  - "java.util.Collections$CheckedSortedMap"
+
+  - "java.util.TreeMap$NavigableSubMap"
+  - "java.util.TreeMap$DescendingSubMap"
+  - "java.util.TreeMap$AscendingSubMap"
+  - "java.util.TreeMap$SubMap"
+
+EntrySet:
+  - "java.util.HashMap$EntrySet"
+  - "java.util.LinkedHashMap$LinkedEntrySet"
+  - "java.util.TreeMap$EntrySet"
+  - "java.util.EnumMap$EntrySet"
+  - "java.util.IdentityHashMap$EntrySet"
+  - "java.util.WeakHashMap$EntrySet"
+  - "java.util.Hashtable$EntrySet"
+  - "java.util.concurrent.ConcurrentHashMap$EntrySetView"
+  - "java.util.concurrent.ConcurrentSkipListMap$EntrySet"
+
+  - "java.util.Collections$UnmodifiableMap$UnmodifiableEntrySet"
+  - "java.util.Collections$CheckedMap$CheckedEntrySet"
+  - "java.util.TreeMap$NavigableSubMap$EntrySetView"
+  - "java.util.TreeMap$DescendingSubMap$DescendingEntrySetView"
+  - "java.util.TreeMap$AscendingSubMap$AscendingEntrySetView"
+
+KeySet:
+  - "java.util.HashMap$KeySet"
+  - "java.util.LinkedHashMap$LinkedKeySet"
+  - "java.util.IdentityHashMap$KeySet"
+  - "java.util.WeakHashMap$KeySet"
+  - "java.util.Hashtable$KeySet"
+  - "java.util.AbstractMap$1" # AbstractMap.keySet() is anonymous class
+  - "java.util.TreeMap$KeySet"
+  - "java.util.EnumMap$KeySet"
+  - "java.util.concurrent.ConcurrentHashMap$KeySetView"
+  - "java.util.concurrent.ConcurrentSkipListMap$KeySet"
+
+
+Values:
+  - "java.util.HashMap$Values"
+  - "java.util.LinkedHashMap$LinkedValues"
+  - "java.util.IdentityHashMap$Values"
+  - "java.util.WeakHashMap$Values"
+  - "java.util.Hashtable$ValueCollection"
+  - "java.util.AbstractMap$2" # AbstractMap.values() is anonymous class
+  - "java.util.TreeMap$Values2"
+  - "java.util.EnumMap$Values"
+  - "java.util.concurrent.ConcurrentHashMap$ValuesView"
+  - "java.util.concurrent.ConcurrentSkipListMap$Values"
+
+
diff --git a/src/main/resources/tai-e-analyses.yml b/src/main/resources/tai-e-analyses.yml
index 72e244ece..23943b9ae 100644
--- a/src/main/resources/tai-e-analyses.yml
+++ b/src/main/resources/tai-e-analyses.yml
@@ -3,6 +3,7 @@
   id: pta
   options:
     cs: ci # | k-[obj|type|call][-k'h]
+    solver: default # | csc, which solver to use. Currently default or cut-shortcut
     only-app: false # only analyze application code
     implicit-entries: true # analyze implicit entries
     distinguish-string-constants: reflection # (distinguish reflection-relevant
@@ -23,6 +24,7 @@
     dump: false # whether dump points-to results (with contexts)
     dump-ci: false # whether dump points-to results (without contexts)
     dump-yaml: false # whether dump points-to results in yaml format
+    only-dump-app: false # only dump results of application code
     expected-file: null # path of expected file for comparing results
     reflection-inference: string-constant # | solar | null
     reflection-log: null # path to reflection log, required when reflection option is log