The C programming language is well-known to have a large amount of underspecified behavior that often results in non-determinism even of sequential programs. In many application areas, not necessarily safety-critical ones, this is highly undesirable. A number of approaches and tools that statically analyze such behavior have been suggested, but they suffer from a high number of false positives and negatives. We present a novel model-based approach to analyzing non-determinism that works by automatic extraction of a faithful model of a given C program in a concurrent active object language. The extracted model renders any non-deterministic behavior of the C program in terms of explicit concurrency. This opens the door to global, semantic analyses. We give a fully formal account of the model extraction process and present an experimental evaluation of its implementation in the model extraction tool C2ABS.

众所周知，C编程语言具有大量未指定的行为，这甚至导致顺序程序也常常导致不确定性。在许多应用领域中（不一定是对安全要求严格的领域），这是非常不希望的。已经提出了许多静态分析这种行为的方法和工具，但是它们遭受大量假阳性和阴性的困扰。我们提出了一种基于模型的新颖方法来分析不确定性，该方法通过自动提取并发活动对象语言中给定C程序的忠实模型来工作。提取的模型根据显式并发呈现C程序的任何不确定性行为。这为全局语义分析打开了大门。