Program Analysis Using Binary Decision Diagrams

A fundamental problem in interprocedural program analyses is the need to represent and manipulate collections of large sets. Binary Decision Diagrams (BDDs) are a data structure widely used in model checking to compactly encode large state sets. In this dissertation, we develop new techniques and frameworks for applying BDDs to program analysis, and use our BDD-based analyses to gain new insight into factors influencing analysis precision.

To make it feasible to express complicated, interrelated analyses using BDDs, we first present the design and implementation of Jedd, a Java language extension which adds relations implemented with BDDs as a datatype, and makes it possible to express BDD-based algorithms at a higher level than existing BDD libraries.

Using Jedd, we develop Paddle, a framework of context-sensitive points-to and call graph analyses for Java, as well as client analyses that make use of their results. Paddle supports several variations of context-sensitive analyses, including the use of call site strings and abstract receiver object strings as abstractions of context.

We use the Paddle framework to perform an in-depth empirical study of the effect of context-sensitivity variations on the precision of interprocedural program analyses. The use of BDDs enables us to compare context-sensitive analyses on much larger, more realistic benchmarks than has been possible with traditional analysis implementations.

Finally, based on the call graph computed by Paddle, we implement, using Jedd, a novel static analysis of the cflow construct in the aspect-oriented language AspectJ. Thanks to the Jedd high-level representation, the implementation of the analysis closely mirrors its specification.