Automated Termination Analysis for Programs with Pointer Arithmetic

Proving termination automatically for programs with explicit pointer arithmetic is still an open problem. To close this gap, we introduce a novel abstract domain that can track allocated memory in detail. We use it to automatically construct a symbolic execution graph that represents all possible runs of the program and that can be used to prove memory safety. This graph is then transformed into an integer transition system, whose termination can be proved by standard techniques. We implemented this approach in the automated termination prover AProVE and demonstrate its capability of analyzing C programs with pointer arithmetic that existing tools cannot handle.

[1]  Daniel Kroening,et al.  Termination Analysis with Compositional Transition Invariants , 2010, CAV.

[2]  Daniel Kroening,et al.  Loop Summarization and Termination Analysis , 2011, TACAS.

[3]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[4]  William R. Harris,et al.  Alternation for Termination , 2010, SAS.

[5]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[6]  Andreas Podelski,et al.  ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement , 2007, PADL.

[7]  Tomás Vojnar,et al.  Predator: A Shape Analyzer Based on Symbolic Memory Graphs - (Competition Contribution) , 2014, TACAS.

[8]  Milo M. K. Martin,et al.  Formalizing the LLVM intermediate representation for verified program transformations , 2012, POPL '12.

[9]  Deepak Kapur,et al.  Termination Analysis of C Programs Using Compiler Intermediate Languages , 2011, RTA.

[10]  Yannick Moy,et al.  Modular inference of subprogram contracts for safety checking , 2010, J. Symb. Comput..

[11]  Philipp Wendler,et al.  CPAchecker with Sequential Combination of Explicit-State Analysis and Predicate Analysis - (Competition Contribution) , 2013, TACAS.

[12]  James Brotherston,et al.  A Generic Cyclic Theorem Prover , 2012, APLAS.

[13]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[14]  Étienne Payet,et al.  A termination analyzer for Java bytecode based on path-length , 2010, TOPL.

[15]  Vikram S. Adve,et al.  LLVM: a compilation framework for lifelong program analysis & transformation , 2004, International Symposium on Code Generation and Optimization, 2004. CGO 2004..

[16]  Jochen Hoenicke,et al.  Linear Ranking for Linear Lasso Programs , 2013, ATVA.

[17]  Caterina Urban,et al.  The Abstract Domain of Segmented Ranking Functions , 2013, SAS.

[18]  Peter Lee,et al.  Automatic numeric abstractions for heap-manipulating programs , 2010, POPL '10.

[19]  Elvira Albert,et al.  Termination Analysis of Java Bytecode , 2008, FMOODS.

[20]  Jürgen Giesl,et al.  Automated Termination Proofs for Java Programs with Cyclic Data , 2012, CAV.

[21]  Marc Brockschmidt,et al.  Better Termination Proving through Cooperation , 2013, CAV.

[22]  Samin Ishtiaq,et al.  SLAyer: Memory Safety for Systems-Level Code , 2011, CAV.

[23]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .