Bit-Precise Procedure-Modular Termination Analysis

Non-termination is the root cause of a variety of program bugs, such as hanging programs and denial-of-service vulnerabilities. This makes an automated analysis that can prove the absence of such bugs highly desirable. To scale termination checks to large systems, an interprocedural termination analysis seems essential. This is a largely unexplored area of research in termination analysis, where most effort has focussed on small but difficult single-procedure problems. We present a modular termination analysis for C programs using template-based interprocedural summarisation. Our analysis combines a context-sensitive, over-approximating forward analysis with the inference of under-approximating preconditions for termination. Bit-precise termination arguments are synthesised over lexicographic linear ranking function templates. Our experimental results show the advantage of interprocedural reasoning over monolithic analysis in terms of efficiency, while retaining comparable precision.

[1]  Kwangkeun Yi,et al.  Termination Analysis with Algorithmic Learning , 2012, CAV.

[2]  Peter W. O'Hearn,et al.  Proving Nontermination via Safety , 2014, TACAS.

[3]  Antoine Miné,et al.  The octagon abstract domain , 2001, Proceedings Eighth Working Conference on Reverse Engineering.

[4]  Thomas A. Henzinger,et al.  Proving non-termination , 2008, POPL '08.

[5]  Supratik Mukhopadhyay,et al.  Control Flow Refinement and Symbolic Computation of Average Case Bound , 2013, ATVA.

[6]  Francesco Ranzato,et al.  A Forward-Backward Abstraction Refinement Algorithm , 2008, VMCAI.

[7]  Daniel Kroening,et al.  Unrestricted Termination and Non-termination Arguments for Bit-Vector Programs , 2014, ESOP.

[8]  Daniel Kroening,et al.  Ranking function synthesis for bit-vector relations , 2010, Formal Methods Syst. Des..

[9]  Michael Rodeh,et al.  Cleanness Checking of String Manipulations in C Programs via Integer Analysis , 2001, SAS.

[10]  Peter Lee,et al.  Automatic numeric abstractions for heap-manipulating programs , 2010, POPL '10.

[11]  Daniel Kroening,et al.  Synthesising Interprocedural Bit-Precise Termination Proofs (T) , 2015, 2015 30th IEEE/ACM International Conference on Automated Software Engineering (ASE).

[12]  Mads Rosendahl,et al.  Automatic complexity analysis , 1989, FPCA.

[13]  William R. Harris,et al.  Alternation for Termination , 2010, SAS.

[14]  Jens Knoop,et al.  Symbolic Loop Bound Computation for WCET Analysis , 2011, Ershov Memorial Conference.

[15]  Andrey Rybalchenko,et al.  Compositional Termination Proofs for Multi-threaded Programs , 2012, TACAS.

[16]  Noam Rinetzky,et al.  From Shape Analysis to Termination Analysis in Linear Time , 2016, CAV.

[17]  Andy King,et al.  A backward analysis for constraint logic programs , 2001, Theory and Practice of Logic Programming.

[18]  Daniel Kroening,et al.  2LS for Program Analysis - (Competition Contribution) , 2016, TACAS.

[19]  Damien Massé,et al.  Policy Iteration-Based Conditional Termination and Ranking Functions , 2014, VMCAI.

[20]  Elvira Albert,et al.  COSTA: Design and Implementation of a Cost and Termination Analyzer for Java Bytecode , 2008, FMCO.

[21]  Samir Genaim,et al.  On the linear ranking problem for integer linear-constraint loops , 2012, POPL.

[22]  Kenneth L. McMillan,et al.  Quantified Invariant Generation Using an Interpolating Saturation Prover , 2008, TACAS.

[23]  Jürgen Giesl,et al.  Analyzing Runtime and Size Complexity of Integer Programs , 2016, ACM Trans. Program. Lang. Syst..

[24]  Marius Bozga,et al.  Deciding Conditional Termination , 2012, TACAS.

[25]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[26]  Bernd Finkbeiner,et al.  Causal Termination of Multi-threaded Programs , 2014, CAV.

[27]  Dirk Beyer,et al.  Competition on Software Verification - (SV-COMP) , 2012, TACAS.

[28]  Andreas Podelski,et al.  ARMC: The Logical Choice for Software Model Checking with Abstraction Refinement , 2007, PADL.

[29]  Dirk Beyer,et al.  Reliable and Reproducible Competition Results with BenchExec and Witnesses (Report on SV-COMP 2016) , 2016, TACAS.

[30]  Shengchao Qin,et al.  Termination and non-termination specification inference , 2015, PLDI.

[31]  Peter W. O'Hearn,et al.  Automatic Termination Proofs for Programs with Shape-Shifting Heaps , 2006, CAV.

[32]  Daniel Le Métayer,et al.  ACE: an automatic complexity evaluator , 1988, TOPL.

[33]  Jürgen Giesl,et al.  Analyzing Program Termination and Complexity Automatically with AProVE , 2016, Journal of Automated Reasoning.

[34]  Christel Baier,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2015, Lecture Notes in Computer Science.

[35]  Ashutosh Gupta,et al.  Predicate abstraction and refinement for verifying multi-threaded programs , 2011, POPL '11.

[36]  Amir M. Ben-Amram,et al.  Ranking Functions for Linear-Constraint Loops , 2012, JACM.

[37]  Wei-Ngan Chin,et al.  A Resource-Based Logic for Termination and Non-termination Proofs , 2014, ICFEM.

[38]  A. Rybalchenko,et al.  Transition invariants , 2004, LICS 2004.

[39]  Laure Gonnord,et al.  Synthesis of ranking functions using extremal counterexamples , 2015, PLDI.

[40]  Florence March,et al.  2016 , 2016, Affair of the Heart.

[41]  Jochen Hoenicke,et al.  Termination Analysis by Learning Terminating Programs , 2014, CAV.

[42]  Matthias Heizmann,et al.  Ranking Templates for Linear Loops , 2014, Log. Methods Comput. Sci..

[43]  Andreas Podelski,et al.  Termination proofs for systems code , 2006, PLDI '06.

[44]  Peter Schrammel Challenges in Decomposing Encodings of Verification Problems , 2016, HCVS@ETAPS.

[45]  Andreas Podelski,et al.  Proving thread termination , 2007, PLDI '07.

[46]  S. M. García,et al.  2014: , 2020, A Party for Lazarus.

[47]  Henny B. Sipma,et al.  Scalable Analysis of Linear Systems Using Mathematical Programming , 2005, VMCAI.

[48]  Reiner Hähnle,et al.  Resource Analysis of Complex Programs with Cost Equations , 2014, APLAS.

[49]  Daniel Kroening,et al.  Synthesising Interprocedural Bit-Precise Termination Proofs , 2015 .

[50]  Sumit Gulwani,et al.  Program analysis as constraint solving , 2008, PLDI '08.

[51]  Matthias Heizmann,et al.  Ranking Templates for Linear Loops , 2015 .

[52]  Marsha Chechik,et al.  Symbolic optimization with SMT solvers , 2014, POPL.

[53]  Sumit Gulwani,et al.  Control-flow refinement and progress invariants for bound analysis , 2009, PLDI '09.

[54]  Frédéric Mesnard,et al.  Inferring Left-terminating Classes of Queries for Constraint Logic Programs , 1996 .

[55]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[56]  Daniel Kroening,et al.  Termination Analysis with Compositional Transition Invariants , 2010, CAV.

[57]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[58]  Elvira Albert,et al.  Conditional termination of loops over heap-allocated data , 2014, Sci. Comput. Program..

[59]  Henny B. Sipma,et al.  Termination of Polynomial Programs , 2005, VMCAI.

[60]  Sumit Gulwani,et al.  Proving Conditional Termination , 2008, CAV.

[61]  Elvira Albert,et al.  Cost analysis of object-oriented bytecode programs , 2012, Theor. Comput. Sci..

[62]  Olivier Roussel,et al.  Controlling a Solver Execution with the runsolver Tool , 2011, J. Satisf. Boolean Model. Comput..

[63]  Helmut Veith,et al.  A simple and scalable static analysis for bound analysis and amortized complexity analysis , 2014, Software Engineering.

[64]  Ben Wegbreit,et al.  Mechanical program analysis , 1975, CACM.

[65]  Henny B. Sipma,et al.  Linear Ranking with Reachability , 2005, CAV.

[66]  Pierre Ganty,et al.  Proving Termination Starting from the End , 2013, CAV.

[67]  Florian Zuleger,et al.  Ramsey vs. Lexicographic Termination Proving , 2013, TACAS.

[68]  Jens Knoop,et al.  r-TuBound: Loop Bounds for WCET Analysis (Tool Paper) , 2012, LPAR.

[69]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[70]  Damien Massé,et al.  Proving Termination by Policy Iteration , 2012, NSAD@SAS.

[71]  Étienne Payet,et al.  A termination analyzer for Java bytecode based on path-length , 2010, TOPL.

[72]  Paul Feautrier,et al.  Multi-dimensional Rankings, Program Termination, and Complexity Bounds of Flowchart Programs , 2010, SAS.

[73]  Antoine Miné,et al.  A Decision Tree Abstract Domain for Proving Conditional Termination , 2014, SAS.

[74]  Jochen Hoenicke,et al.  Linear Ranking for Linear Lasso Programs , 2013, ATVA.

[75]  Daniel Kroening,et al.  Safety Verification and Refutation by k-Invariants and k-Induction , 2015, SAS.

[76]  Stefan Kowalewski,et al.  Counterexample-Guided Abstraction Refinement for PLCs , 2010, SSV.

[77]  Jürgen Giesl,et al.  Proving Termination of Programs with Bitvector Arithmetic by Symbolic Execution , 2016, SEFM.

[78]  Antoine Miné,et al.  Inference of ranking functions for proving temporal properties by abstract interpretation , 2017, Comput. Lang. Syst. Struct..

[79]  Deepak Kapur,et al.  Termination Analysis of Imperative Programs Using Bitvector Arithmetic , 2012, VSTTE.

[80]  Andreas Podelski,et al.  Ultimate Automizer with Two-track Proofs - (Competition Contribution) , 2016, TACAS.

[81]  Andreas Podelski,et al.  Summaries for While Programs with Recursion , 2005, ESOP.

[82]  Étienne Payet,et al.  Termination analysis of floating-point programs using parameterizable rational approximations , 2016, SAC.

[83]  Helmut Seidl,et al.  Precise Relational Invariants Through Strategy Iteration , 2007, CSL.

[84]  Elvira Albert,et al.  Rely-Guarantee Termination and Cost Analyses of Loops with Concurrent Interleavings , 2016, Journal of Automated Reasoning.

[85]  Jakob Engblom,et al.  The worst-case execution-time problem—overview of methods and survey of tools , 2008, TECS.