Fluid Updates: Beyond Strong vs. Weak Updates

Dillig, Işıl; Dillig, Thomas; Aiken, Alex

doi:10.1007/978-3-642-11957-6_14

Cited by 88 publications

(120 citation statements)

References 31 publications

(39 reference statements)

Supporting

Mentioning

120

Contrasting

Order By: Relevance

“…We evaluate the randomized search algorithms on the benchmarks of [15] in Table 3. The VCs for these benchmarks were obtained from the repository of the competition on software verification.…”

Section: Discussionmentioning

confidence: 99%

“…1 We have omitted benchmarks with bugs from the original benchmark set; these bugs are triggered during data generation. The second column shows the time taken to analyze these benchmarks using the fluid updates abstraction in [15]. Using a specialized abstract domain leads to a very efficient analysis, but the scope of the analysis is limited to array manipulating programs that have invariants given by Eqn.…”

Section: Discussionmentioning

confidence: 99%

“…We now define a search space of invariants to simulate the fluid updates abstraction for reasoning about arrays [15]. If x 1 , .…”

Section: Arraysmentioning

confidence: 99%

See 2 more Smart Citations

From Invariant Checking to Invariant Inference Using Randomized Search

Sharma

Aiken

2014

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

Abstract. We describe a general framework c2i for generating an invariant inference procedure from an invariant checking procedure. Given a checker and a language of possible invariants, c2i generates an inference procedure that iteratively invokes two phases. The search phase uses randomized search to discover candidate invariants and the validate phase uses the checker to either prove or refute that the candidate is an actual invariant. To demonstrate the applicability of c2i, we use it to generate inference procedures that prove safety properties of numerical programs, prove non-termination of numerical programs, prove functional specifications of array manipulating programs, prove safety properties of string manipulating programs, and prove functional specifications of heap manipulating programs that use linked list data structures.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

From Invariant Checking to Invariant Inference Using Randomized Search

Sharma

Aiken

2014

Computer Aided Verification

Self Cite

View full text Add to dashboard Cite

show abstract

“…Instead, they use uninterpreted functions to map a elements of a key/attribute type to a natural number that is the array index containing the value. The value arrays are then represented and manipulated using fluid updates [9]. Uninterpreted functions: There are several analyses [3,13] that use uninterpreted functions to combine multiple abstract domains.…”

Section: Related Workmentioning

confidence: 99%

Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages

Cox

Chang

Rival

2015

Programming Languages and Systems

View full text Add to dashboard Cite

Abstract. Dynamic language library developers face a challenging problem: ensuring that their libraries will behave correctly for a wide variety of client programs without having access to those client programs. This problem stems from the common use of two defining features for dynamic languages: callbacks into client code and complex manipulation of attribute names within objects. To remedy this problem, we introduce two state-spanning abstractions. To analyze callbacks, the first abstraction desynchronizes a heap, allowing partitions of the heap that may be affected by a callback to an unknown function to be frozen in the state prior to the call. To analyze object attribute manipulation, building upon an abstraction for dynamic language heaps, the second abstraction tracks attribute name/value pairs across the execution of a library. We implement these abstractions and use them to verify modular specifications of class-, trait-, and mixin-implementing libraries.

show abstract

“…Hence, Mistral's interface is designed to be useful for program analysis systems that incrementally construct formulas from existing formulas and make many intermediary satisfiability or validity queries. Examples of such systems include, but are not limited to, [10,16,[7][8][9]17]. …”

Section: Integration With Program Analysismentioning

confidence: 99%

Small Formulas for Large Programs: On-Line Constraint Simplification in Scalable Static Analysis

Dillig

Aiken

2010

Static Analysis

Self Cite

View full text Add to dashboard Cite

Abstract. Static analysis techniques that represent program states as formulas typically generate a large number of redundant formulas that are incrementally constructed from previous formulas. In addition to querying satisfiability and validity, analyses perform other operations on formulas, such as quantifier elimination, substitution, and instantiation, most of which are highly sensitive to formula size. Thus, the scalability of many static analysis techniques requires controlling the size of the generated formulas throughout the analysis. In this paper, we present a practical algorithm for reducing SMT formulas to a simplified form containing no redundant subparts. We present experimental evidence that on-line simplification of formulas dramatically improves scalability.

show abstract

Fluid Updates: Beyond Strong vs. Weak Updates

Cited by 88 publications

References 31 publications

From Invariant Checking to Invariant Inference Using Randomized Search

From Invariant Checking to Invariant Inference Using Randomized Search

Desynchronized Multi-State Abstractions for Open Programs in Dynamic Languages

Small Formulas for Large Programs: On-Line Constraint Simplification in Scalable Static Analysis

Contact Info

Product

Resources

About