Fluid Updates: Beyond Strong vs. Weak Updates

  • Isil Dillig
  • Thomas Dillig
  • Alex Aiken
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6012)


We describe a symbolic heap abstraction that unifies reasoning about arrays, pointers, and scalars, and we define a fluid update operation on this symbolic heap that relaxes the dichotomy between strong and weak updates. Our technique is fully automatic, does not suffer from the kind of state-space explosion problem partition-based approaches are prone to, and can naturally express properties that hold for non-contiguous array elements. We demonstrate the effectiveness of this technique by evaluating it on challenging array benchmarks and by automatically verifying buffer accesses and dereferences in five Unix Coreutils applications with no annotations or false alarms.


Index Variable Array Element Iteration Counter Concrete Element Loop Body 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Chase, D.R., Wegman, M., Zadeck, F.K.: Analysis of pointers and structures. In: PLDI, pp. 296–310. ACM, New York (1990)Google Scholar
  2. 2.
    Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: Design and implementation of a special-purpose static program analyzer for safety-critical real-time embedded software (2002)Google Scholar
  3. 3.
    Reps, T.W., Sagiv, S., Wilhelm, R.: Static program analysis via 3-valued logic. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 15–30. Springer, Heidelberg (2004)Google Scholar
  4. 4.
    Gopan, D., Reps, T., Sagiv, M.: A framework for numeric analysis of array operations. In: POPL, pp. 338–350. ACM, New York (2005)Google Scholar
  5. 5.
    Aiken, A., Bugrara, S., Dillig, I., Dillig, T., Hackett, B., Hawkins, P.: An overview of the saturn project. In: PASTE, pp. 43–48. ACM, New York (2007)CrossRefGoogle Scholar
  6. 6.
    Ball, T., Rajamani, S.: The slam project: debugging system software via static analysis. In: POPL, NY, USA, pp. 1–3 (2002)Google Scholar
  7. 7.
    Lee, S., Cho, D.: Packet-scheduling algorithm based on priority of separate buffers for unicast and multicast services. Electronics Letters 39(2), 259–260 (2003)CrossRefGoogle Scholar
  8. 8.
    Nguyen, K., Nguyen, T., Cheung, S.: P2p streaming with hierarchical network coding (July 2007)Google Scholar
  9. 9.
    Landi, W., Ryder, B.G.: A safe approximate algorithm for interprocedural aliasing. SIGPLAN Not. 27(7), 235–248 (1992)CrossRefGoogle Scholar
  10. 10.
    Cooper, D.: Theorem proving in arithmetic without multiplication. Machine Intelligence 7, 91–100 (1972)zbMATHGoogle Scholar
  11. 11.
    Gulwani, S., Musuvathi, M.: Cover algorithms. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 193–207. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  12. 12.
    Karr, M.: Affine relationships among variables of a program. A.I., 133–151 (1976)Google Scholar
  13. 13.
    Cousot, P., Halbwachs, N.: Automatic discovery of linear restraints among variables of a program. In: POPL, pp. 84–96. ACM, New York (1978)Google Scholar
  14. 14.
    Dillig, I., Dillig, T., Aiken, A.: Cuts from proofs: A complete and practical technique for solving linear inequalities over integers. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 233–247. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Chandra, S., Reps, T.: Physical type checking for c. SIGSOFT 24(5), 66–75 (1999)CrossRefGoogle Scholar
  16. 16.
    Gulwani, S., Mehra, K., Chilimbi, T.: SPEED: precise and efficient static estimation of program computational complexity. In: POPL, pp. 127–139 (2009)Google Scholar
  17. 17.
    Jhala, R., Mcmillan, K.L.: Array abstractions from proofs. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 193–206. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Halbwachs, N., Péron, M.: Discovering properties about arrays in simple programs. In: PLDI, pp. 339–348. ACM, New York (2008)CrossRefGoogle Scholar
  19. 19.
    Kovacs, L., Voronkov, A.: Finding loop invariants for programs over arrays using a theorem prover. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 470–485. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  20. 20.
  21. 21.
    Jones, N., Muchnick, S.: Flow analysis and optimization of LISP-like structures. In: POPL, pp. 244–256. ACM, New York (1979)Google Scholar
  22. 22.
    Deutsch, A.: Interprocedural may-alias analysis for pointers: Beyond k-limiting. In: PLDI, pp. 230–241. ACM, New York (1994)Google Scholar
  23. 23.
    Allamigeon, X.: Non-disjunctive numerical domain for array predicate abstraction. In: Drossopoulou, S. (ed.) ESOP 2008. LNCS, vol. 4960, pp. 163–177. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. 24.
    Gulwani, S., McCloskey, B., Tiwari, A.: Lifting abstract interpreters to quantified logical domains. In: POPL, pp. 235–246. ACM, New York (2008)CrossRefGoogle Scholar
  25. 25.
    Seghir, M., Podelski, A., Wies, T.: Abstraction Refinement for Quantified Array Assertions. In: Palsberg, J., Su, Z. (eds.) SAS 2009. LNCS, vol. 5673, pp. 3–18. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  26. 26.
    Flanagan, C., Qadeer, S.: Predicate abstraction for software verification. In: POPL, pp. 191–202. ACM, New York (2002)Google Scholar
  27. 27.
    Schmidt, D.A.: A calculus of logical relations for over- and underapproximating static analyses. Sci. Comput. Program. 64(1), 29–53 (2007)zbMATHCrossRefGoogle Scholar
  28. 28.
    Calcagno, C., Distefano, D., O’Hearn, P., Yang, H.: Compositional shape analysis by means of bi-abduction. In: POPL, pp. 289–300. ACM, New York (2009)Google Scholar
  29. 29.
    Cousot, P.: Verification by abstract interpretation. In: Dershowitz, N. (ed.) Verification: Theory and Practice. LNCS, vol. 2772, pp. 243–268. Springer, Heidelberg (2004)Google Scholar
  30. 30.
    Dillig, I., Dillig, T., Aiken, A.: Fluid updates: Beyond strong vs. weak updates (extended version),

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Isil Dillig
    • 1
  • Thomas Dillig
    • 1
  • Alex Aiken
    • 1
  1. 1.Department of Computer ScienceStanford University 

Personalised recommendations