List Abstraction Method Based on Variable Reachability Vector

DOI：10.3724/SP.J.1001.2012.04132

 作者 单位 E-mail 李仁见 国防科学技术大学 计算机学院 并行与分布处理国家重点实验室,湖南 长沙 410073 li.renjian@gmail.com 刘万伟 国防科学技术大学 计算机学院 计算机科学与技术系,湖南 长沙 410073 陈立前 国防科学技术大学 计算机学院 并行与分布处理国家重点实验室,湖南 长沙 410073 王戟 国防科学技术大学 计算机学院 并行与分布处理国家重点实验室,湖南 长沙 410073

提出了一种链表抽象表示方法.该方法隐式存储链表结点之间的边信息,并采用了一种紧致的链表状态表示,存储开销较低,且维护了链表长度信息,精确度较高.具体而言,根据变量对链表结点的可达性质定义了变量可达向量,采用带计数的变量可达向量集描述链表的形态及数量性质,并定义了基本链表操作的抽象语义.通过简单扩展,该方法可以建模包括环形链表在内的所有单向链表.最后,为了验证该链表抽象方法的正确性,在符号执行框架中进行实验,并对常见链表操作程序的运行时错误、长度相关性质等关键性质进行了分析与验证.

This paper presents a list abstraction method. This method enjoys low space overhead by storing the edges between nodes in a list implicitly in a compact manner. It also enjoys high precision by keeping the length of lists. Specifically, the study introduces a so-called variable reachability vector to encode the reachability properties of variables to list nodes, and use variable reachability vector set with counters as an abstract model for each list state. Based on this model, abstract semantics are then defined for basic list operations. This approach could model all singly-linked lists including cyclic cases after a simple extension is brought in. On this basis, the study designs and implements a symbolic execution framework, which could automatically analyze programs manipulating lists automatically. Finally, this approach is applied to analyzing some typical list-manipulating programs for non-trivial properties, such as run-time errors, length related properties and termination.
HTML  下载PDF全文  查看/发表评论  下载PDF阅读器