Automatic Termination Proofs for Programs with Shape-Shifting Heaps

We describe a new program termination analysis designed to handle imperative programs whose termination depends on the mutation of the program's heap. We first describe how an abstract interpretation can be used to construct a finite number of relations which, if each is well-founded, implies termination. We then give an abstract interpretation based on separation logic formulaewhich tracks the depths of pieces of heaps. Finally, we combine these two techniques to produce an automatic termination prover. We show that the analysis is able to prove the termination of loops extracted from Windows device drivers that could not be proved terminating before by other means; we also discuss a previously unknown bug found with the analysis.

[1]  Peter W. O'Hearn,et al.  A Local Shape Analysis Based on Separation Logic , 2006, TACAS.

[2]  Andreas Podelski,et al.  Terminator: Beyond Safety (Tool Paper) , 2006 .

[3]  Eran Yahav,et al.  Verifying Temporal Heap Properties Specified via Evolution Logic , 2003, Log. J. IGPL.

[4]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[5]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[6]  Joost-Pieter Katoen,et al.  Who is Pointing When to Whom? , 2004, FSTTCS.

[7]  Andreas Podelski,et al.  Transition predicate abstraction and fair termination , 2005, POPL '05.

[8]  Andreas Podelski,et al.  Terminator: Beyond Safety , 2006, CAV.

[9]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[10]  Neil D. Jones,et al.  The size-change principle for program termination , 2001, POPL '01.

[11]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[12]  Andreas Podelski,et al.  Transition invariants , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[13]  Andreas Podelski,et al.  Abstraction Refinement for Termination , 2005, SAS.

[14]  Eran Yahav,et al.  Property-guided verification of concurrent heap-manipulating programs , 2004 .

[15]  Joost-Pieter Katoen,et al.  Who is Pointing When to Whom? On the Automated Verification of Linked List Structures , 2004 .

[16]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[17]  Andreas Podelski,et al.  Termination proofs for systems code , 2006, PLDI '06.

[18]  Kousha Etessami,et al.  Verifying Probabilistic Procedural Programs , 2004, FSTTCS.

[19]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[20]  Michael Rodeh,et al.  Checking Cleanness in Linked Lists , 2000, SAS.

[21]  Henny B. Sipma,et al.  Termination of Polynomial Programs , 2005, VMCAI.

[22]  Andreas Podelski,et al.  A Complete Method for the Synthesis of Linear Ranking Functions , 2004, VMCAI.