Precise pointer analysis for list-manipulating programs based on quantitative separation logic

Full precise pointer analysis has been a challenging problem, especially when dealing with dynamically-allocated memory. Separation logic can describe pointer alias formally, but cannot describe the quantitative reachability between pointers. In this paper, we present a symbolic framework for analyzing the reachability between pointers in list-manipulating programs. The precise points-to relations of pointers in lists are described by formulae of quantitative separation logic (QSL), and the analysis framework is based on the operational and rearrangement rules about the assignments of pointers. The fixpoint calculus and the counter symbolic abstraction are used to find loop invariants. We can get precise relations between pointers at each point of list-manipulating programs. In the end, several initial examples about list-manipulating programs are given to show that the approach can get precise pointer analysis for list-manipulating programs.