Automatic termination proofs for programs with shape-shifting heaps
Josh Berdine,Byron Cook,Dino Distefano,Peter W. O'Hearn +3 more
- 17 Aug 2006
- Vol. 4144, pp 386-400
TL;DR: A new program termination analysis designed to handle imperative programs whose termination depends on the mutation of the program's heap is described and is able to prove the termination of loops extracted from Windows device drivers that could not be proved terminating before by other means.
read more
Abstract: We describe a new program termination analysis designed to handle imperative programs whose termination depends on the mutation of the program's heap We first describe how an abstract interpretation can be used to construct a finite number of relations which, if each is well-founded, implies termination We then give an abstract interpretation based on separation logic formulaewhich tracks the depths of pieces of heaps Finally, we combine these two techniques to produce an automatic termination prover We show that the analysis is able to prove the termination of loops extracted from Windows device drivers that could not be proved terminating before by other means; we also discuss a previously unknown bug found with the analysis
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Proving program termination
TL;DR: In contrast to popular belief, proving termination is not always impossible.
A termination analyzer for Java bytecode based on path-length
TL;DR: This article presents the first existing termination analyzer for Java bytecode dealing with any kind of data structures dynamically allocated on the heap and which does not require any help or annotation on the part of the user.
•Journal Article
Programs with lists are counter automata
TL;DR: In this paper, a new automated approach for checking safety and termination of one-selector linked data structures is proposed, based on using counter automata as accurate abstract models: control states correspond to abstract heap graphs where list segments without sharing are collapsed, and counters are used to keep track of the number of elements in these segments.
120
Interprocedural shape analysis with separated heap abstractions
Alexey Gotsman,Josh Berdine,Byron Cook +2 more
- 29 Aug 2006
TL;DR: An interprocedural shape analysis that makes use of spatial locality (i.e. the fact that most procedures modify only a small subset of the heap) in its representation of abstract states and tracks reachability indirectly and aliasing directly.
Proving that programs eventually do something good
Byron Cook,Alexey Gotsman,Andreas Podelski,Andrey Rybalchenko,Moshe Y. Vardi +4 more
- 17 Jan 2007
TL;DR: A tool is presented, which handles liveness properties of large systems written in C, described in an extension of the specification language used in the SDV system.
References
Separation logic: a logic for shared mutable data structures
John C. Reynolds
- 22 Jul 2002
TL;DR: An extension of Hoare logic that permits reasoning about low-level imperative programs that use shared mutable data structure is developed, including extensions that permit unrestricted address arithmetic, dynamically allocated arrays, and recursive procedures.
Assigning Meanings to Programs
Robert W. Floyd
- 01 Jan 1993
TL;DR: This paper attempts to provide an adequate basis for formal definitions of the meanings of programs in appropriately defined programming languages, in such a way that a rigorous standard is established for proofs about computer programs, including proofs of correctness, equivalence, and termination.
1.5K
Analysis of Recursive Game Graphs Using Data Flow Equations
Kousha Etessami
- 11 Jan 2004
TL;DR: In this paper, a finite-state abstraction of a sequential program with potentially recursive procedures and input from the environment is checked statically whether there are input sequences that can drive the system into "bad/good" executions.
1.1K
The existence of refinement mappings
Martín Abadi,Leslie Lamport +1 more
TL;DR: The authors consider specifications consisting of a state machine that specifies safety requirements and an arbitrary supplementary property that specifies liveness requirements and show that under reasonable assumptions about the specifications, if S/ Sub 1/ implements S/sub 2/, then by adding auxiliary variables to S/ sub 1/ one can guarantee the existence of a refinement mapping.
817
The existence of refinement mappings
Martín Abadi,Leslie Lamport +1 more
- 05 Jul 1988
TL;DR: The authors consider specifications consisting of a state machine that specifies safety requirements and an arbitrary supplementary property that specifies liveness requirements and show that under reasonable assumptions about the specifications, if S/ Sub 1/ implements S/sub 2/, then by adding auxiliary variables to S/ sub 1/ one can guarantee the existence of a refinement mapping.
Related Papers (5)
Byron Cook,Andreas Podelski,Andrey Rybalchenko +2 more
- 11 Jun 2006
Dino Distefano,Peter W. O'Hearn,Hongseok Yang +2 more
- 25 Mar 2006