Bounded Lazy Initialization
نویسندگان
چکیده
Tight field bounds have been successfully used in the context of bounded-exhaustive bug finding. They allow one to check the correctness of, or find bugs in, code manipulating data structures whose size made this kind of analyses previously infeasible. In this article we address the question of whether tight field bounds can also contribute to a significant speed-up for symbolic execution when using a system such as Symbolic Pathfinder. Specifically, we propose to change Symbolic Pathfinder’s lazy initialization mechanism to take advantage of tight field bounds. While a straightforward approach that takes into account tight field bounds works well for small scopes, the lack of symmetry-breaking significantly affects its performance. We then introduce a new technique that generates only non-isomorphic structures and consequently is able to consider fewer structures and to execute faster than lazy initialization.
منابع مشابه
Program Validation by Symbolic and Reverse Execution
Program validation is one of the most crucial tasks during program development since programs should conform to programmers’ requirements.2 To this end, one is often required to formulate requirements into formal specifications and analyze a given program against these specifications until no error is detected; if an error is detected, its cause must be located and fixed. In this dissertation, ...
متن کاملEager Class Initialization for Java
We describe a static analysis method on Java bytecode to determine class initialization dependencies This method can be used for eager class loading and initialization It catches many initialization circularities that are missed by the standard lazy implementation Except for contrived examples the computed initialization order gives the same results as standard lazy initialization
متن کاملDenotational semantics for lazy initialization of letrec black holes as exceptions rather than divergence
We present a denotational semantics for a simply typed call-by-need letrec calculus, which distinguishes direct cycles, such as let rec x = x in x and let rec x = y and y = x+ 1 in x, and looping recursion, such as let rec f = λx. f x in f 0. In this semantics the former denote an exception whereas the latter denotes divergence. The distinction is motivated by “lazy evaluation” as implemented i...
متن کاملResource Conflict Detection in Simulation of Function Unit Pipelines
Processor simulators are important parts of processor design toolsets in which they are used to verify and evaluate the properties of the designed processors. While simulating architectures with independent function unit pipelines using simulation techniques that avoid the overhead of instruction bit-string interpretation, such as compiled simulation, the simulation of function unit pipelines c...
متن کاملEnhancing Symbolic Execution of Heap-based Programs with Separation Logic for Test Input Generation
Symbolic execution is a well established method for test input generation. By taking inputs as symbolic values and solving constraints encoding path conditions, it helps achieve a better test coverage. Despite of having achieved tremendous success over numeric domains, existing symbolic execution techniques for heap-based programs (e.g., linked lists and trees) are limited due to the lack of a ...
متن کامل