基于逆向程序流和函数依赖集的程序切片算法

程序切片技术大多是根据程序依赖图(PDG)和系统依赖图(SDG)的图可达性算法来优化得到感兴趣的程序集合,但是构造PDG和SDG需要很大的空间开销。本文提出一种基于逆向程序流和函数依赖集的切片算法,从兴趣点开始扫描逆向程序流来计算程序切片,只计算与切片相关的数据依赖,并且考虑函数调用时切片的计算,提高计算切片的效率。通过实例表明该算法减少了计算程序切片的复杂度,具有一定的可行性和实用性。     

一种基于逆向程序流的程序切片算法*

传统的程序切片方法一般基于程序依赖图(PDG)和系统依赖图(SDG)的可达性算法,但是在建立PDG和SDG的过程中会计算一些与切片无关的数据依赖,造成时空资源的浪费及切片效率的降低。提出了一种基于程序逆向流的切片算法,它事先建立逆向程序流,再从切片点开始沿逆向程序流扫描程序以获得程序切片,只计算与切片相关的数据依赖,从而提高了切片计算的时空效率。通过实验发现该算法具有一定的可行性和实用性。本算法适用于包括Fortran、C等编程语言在内的命令式程序的切片生成。     

一个分层切片工具模型

程序切片技术在程序调试、测试、程序理解、逆向工程和软件维护等方面有着广泛的应用。程序切片是一组可能影响到在程序中某个点i的某个变量v的值的语句或谓词的集合。而(v,i)被称作切片准则。这里v也可以是一组变量。自从Mark Weiser提出切片的概念,随着程序依赖图、系统依赖图的出现,传统程序的切片技术已走向成熟。1994年以来,面向对象的程序切片逐渐成为研究的主流。A.Krishnaswamy利用一种面向对象的程序依赖图(OPDG,Object-Ori-ented Program Dependence Graph)来计算面向对象程序的语句切片,但是OPDG不能表示动态绑定等问题。D.Liang,L.D.Larsen和M.J.Harrold扩展系统依赖图来计算面向对象程序的切片,在一定程度上解决了动态绑定和对象参数的问题。这些切片方法都是基于依赖图的,而构造OO程序的依赖图是一件非常复杂的工作,而且构造过程中容易出错,这会导致切片的结果不正确,造成前功尽弃。李必信提出了分层切片的思想,利用逐步求精的方法来得到面向对象程序的切片。     

一种面向对象程序的过程间切片算法

程序切片是一种程序分析技术，它通过把程序减少到只包含与某个特定计算相关的那些语句来分析程序，过程间切片作为图形可达性问题时，需要扩展过程内切片所用的程序依赖图（PDG）成系统依赖图（SDG），然后利用两阶段图形可达性算法计算比较精确的切片，目前程序切片技术的研究以面向对象程序切片为主，文中讨论了一种合适面向对象程序的分层切片方法，并综合分层切片方法和两阶段图形可达性算法提出了一种简化的计算面向对象程序过程间切片的算法。     

一种基于Java程序分层模型的方法内切片生成算法

程序切片作为软件理解领域的一种重要的分析技术,可以将程序分解为独立的程序线程。系统依赖图的概念及两阶段图形可达性算法的出现,则有效解决了程序切片的过程调用问题。文章介绍了程序切片的基本概念,并给出了在面向对象程序中进行静态分层切片的思想。作为分层切片思想的应用,文章给出了在一种Java程序切片工具模型JSTM(JavaSlicingToolsModel)中运用系统依赖图进行方法内切片的具体算法。     

面向方面程序的简化动态依赖图切片方法

程序切片是一种重要的程序分析技术,广泛应用于程序的调试、测试与维护等领域。面向方面程序设计作为一种新的软件开发范型,能够实现横切关注点的模块化,其特有的语言元素和功能为切片增加了难度。从静态切片和动态切片两种类型,讨论了面向方面程序切片技术。在此基础上,提出了一种基于简化动态依赖图的面向方面程序切片方法,可以减少动态依赖图中节点和边的数量,生成准确的面向方面程序的动态切片,从而有助于人们更好地对面向方面程序进行分析和理解。     

基于体系结构依赖图的Wright形式化语言的切片方法

将切片技术应用于软件体系结构中,根据程序依赖图和系统依赖图的构建思想,提出了体系结构元素依赖图(SADG)的概念,并给出了构建方法以及基于依赖图的切片算法。利用此切片技术从已有的软件体系结构的Wright描述中,提取使用者感兴趣的软件元素(例如,构件和连接体),从而从体系结构的角度,更好的支持了软件理解、软件维护、软件再工程以及软件复用。     

一种面向对象程序的分层切片方法

程序切片是一种程序分析技术,广泛应用于程序的调试、测试、理解和维护等软件开发的各个阶段.在研究静态类型面向对象的程序切片时发现,利用系统依赖图计算程序切片虽然是一种有效的方法,但构造OO程序的系统依赖图是一件非常复杂的工作,而且构造过程中容易出错,这会导致切片的结果不正确,造成前功尽弃.为此,从程序逻辑分层的角度提出一种OO程序的层次模型,然后在OO程序的层次模型基础上采用逐步求精算法来分层计算OO程序的切片.     

基于程序依赖图的静态BPEL程序切片技术

传统程序切片技术在计算BPEL程序切片时会产生切片不完备问题,为此,提出一种基于程序依赖图的BPEL静态程序切片技术。该技术根据BPEL语言的特点,通过建立BPEL程序依赖图,计算BPEL程序切片。案例分析表明,该技术能够获得更加全面的程序切片,从而可以帮助软件工程人员更好地测试、调试和维护BPEL程序。     

基于扩展体系结构元素依赖图的切片方法

本文将切片技术应用于软件体系结构中,根据程序依赖图和系统依赖图的构建思想,针对体系结枸中的风格类型提出了扩展体系结构元素依赖图(EAEDG)的概念,并给出了构建方法以及基于依赖图的切片算法。不仅可用于以可复用软件元素的提取、还有助于软件维护、软件理解以及软件再工程。     

Lazy Slicing for State-Space Exploration

CEGAR (Counterexample-guided abstraction refinement)-based slicing is one of the most important techniques in reducing the state space in model checking.However,CEGAR-based slicing repeatedly explores the state space handled previously in case a spurious counterexample is found.Inspired by lazy abstraction,we introduce the concept of lazy slicing which eliminates this repeated computation.Lazy slicing is done on-the-fly,and only up to the precision necessary to rule out spurious counterexamples.It identifies a spurious counterexample by concretizing a path fragment other than the full path,which reduces the cost of spurious counterexample decision significantly.Besides,we present an improved over-approximate slicing method to build a more precise slice model.We also provide the proof of the correctness and the termination of lazy slicing,and implement a prototype model checker to verify safety property.Experimental results show that lazy slicing scales to larger systems than CEGAR-based slicing methods.     

非经典切片技术及其在形式验证中的应用综述

切片技术最初是作为一种程序分解抽取的分析技术而出现的,经过20多年的不断发展和完善,应用范围已遍及软件工程学科的各个方面。特别是从本世纪初,随着非经典切片：计算切片和证明切片两个新兴研究方向的出现,其学术研究和工程价值越发突出。简要地介绍了切片技术思想的起源、发展过程,并着重介绍非经典的计算切片和证明切片技术及其在验证领域的应用。     

Syntax-Directed Amorphous Slicing

An amorphous slice of a program is constructed with respect to a set of variables. The amorphous slice is an executable program which preserves the behaviour of the original on the variables of interest. Unlike syntax-preserving slices, amorphous slices need not preserve a projection of the syntax of a program. This makes the task of amorphous slice construction harder, but it also often makes the result thinner and thereby preferable in applications where syntax preservation is unimportant.This paper describes an approach to the construction of amorphous slices which is based on the Abstract Syntax Tree of the program to be sliced, and does not require the construction of control flow graphs nor of program dependence graphs. The approach has some strengths and weaknesses which the paper discusses.The amorphous slicer, is part of the GUSTT slicing system, which includes syntax preserving static and conditioned slicers, a side effect removal transformation phase, slicing criterion guidance and for which much of the correctness proofs for transformation steps are mechanically verified. The system handles a subset of WSL, into which more general WSL constructs can be transformed.The paper focuses upon the way in which the GUSTT System uses dependence reduction transformation tactics. Such dependence reduction is at the heart of all approaches to amorphous slicing. The algorithms used are described and their performance is assessed with a simple empirical study of best and worst case execution times for an implementation built on top of the FermaT transformation system for maintenance and re-engineering.     

An efficient method for computing dynamic program slices

We propose an efficient method for computing dynamic slices of programs. Our method is based on construction of data dependence edges of program dependence graph at run-time. We introduce the concept of compact dynamic dependence graphs (CDDGs) of programs. We show computation of dynamic slices using CDDGs to be more efficient than existing methods.     

A non-standard semantics for program slicing and dependence analysis

We introduce a new non-strict semantics for a simple while language. We demonstrate that this semantics allows us to give a denotational definition of variable dependence and neededness, which is consistent with program slicing. Unlike other semantics used in variable dependence, our semantics is substitutive. We prove that our semantics is preserved by traditional slicing algorithms.     

HSFal: Effective fault localization using hybrid spectrum of full slices and execution slices

Most of the existing fault localization approaches use execution coverage of test cases to isolate the suspicious codes that likely contain faults. Program slicing can extract the dependencies of program entities with respect to a specific criterion. Therefore this technique is expected to have a beneficial effect on fault localization. In this paper, we propose a novel approach using a hybrid spectrum of full slices and execution slices to improve the effectiveness of fault localization. In particular, our approach firstly computes full slices of failed test cases and execution slices of passed test cases respectively. Secondly it constructs the hybrid spectrum by intersecting full slices and execution slices. Finally it computes the suspiciousness of each statement in the hybrid slice spectrum and generates a fault location report with descending suspiciousness of each statement. We also implement our proposed approach in our prototype tool HSFal by Java programming language. To verify the effectiveness of our approach, we performed an empirical study by the prototype on several widely used open source programs. Our approach is compared with eight representative coverage-based and slice-based fault localization approaches. Final experimental results show that our proposed approach is more effective in fault localization than other compared approaches, and can reduce almost 2.98–31.79% of the average cost of examined code significantly.     

The value of slicing while debugging

The paper describes a study that explored the relationship of program slicing to (1) code understanding gained while debugging, and to (2) a debugger's ability to localize the program fault area. The study included two experiments. The first experiment compared the program understanding abilities of two classes of debuggers: those who slice while debugging and those who do not. For debugging purposes, a slice can be thought of as a minimal subprogram of the original code that contains the program faults. Those who only examine statements within a slice for correctness are considered slicers; all others are considered non-slicers. Using accuracy of subprogram construction as a measure of understanding, it was determined that slicers have a better understanding of the code after debugging. The second experiment compared debugger fault localization abilities before and after a training session on how to use slicing in debugging. Using time as a measure of ability, it was shown that slicing while debugging improves a debugger's ability to localize the program fault area.