Automatically Proving Termination and Memory Safety for Programs with Pointer Arithmetic

Ströder, Thomas; Giesl, Jürgen; Brockschmidt, Marc; Frohn, Florian; Fuhs, Carsten; Hensel, Jera; Schneider–Kamp, Peter; Aschermann, Cornelius

doi:10.1007/s10817-016-9389-x

Cited by 19 publications

(5 citation statements)

References 60 publications

(53 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To make use of the wide range of existing sequential bound analyzers for integer programs (e.g., [4,6,9,12,20,23,36]), our method translates the pointer program I into an equivalent integer program I : Using the technique of [8], our algorithm translates the interleaved program with pointers I = P Instr(R) and predicate Inv ∧ g 0 into a bisimilar integer programÎ and predicate Inv ∧ g 0 . Alternatively, one could directly compute bounds on the pointer program I using techniques such as described in [3,17,37].…”

Section: Translation To Integer Programsmentioning

confidence: 99%

Rely-guarantee bound analysis of parameterized concurrent shared-memory programs

Pani

Weißenbacher

Zuleger

2021

Form Methods Syst Des

View full text Add to dashboard Cite

We present a thread-modular proof method for complexity and resource bound analysis of concurrent, shared-memory programs. To this end, we lift Jones’ rely-guarantee reasoning to assumptions and commitments capable of expressing bounds. The compositionality (thread-modularity) of this framework allows us to reason about parameterized programs, i.e., programs that execute arbitrarily many concurrent threads. We automate reasoning in our logic by reducing bound analysis of concurrent programs to the sequential case. As an application, we automatically infer time complexity for a family of fine-grained concurrent algorithms, lock-free data structures, to our knowledge for the first time.

show abstract

Section: Translation To Integer Programsmentioning

confidence: 99%

Rely-guarantee bound analysis of parameterized concurrent shared-memory programs

Pani

Weißenbacher

Zuleger

2021

Form Methods Syst Des

View full text Add to dashboard Cite

show abstract

“…For all of these programming languages, AProVE uses an approach to transform the original program into a simple back-end language (an integer transition system or a combination of ITSs and TRSs) and to prove termination of the resulting back-end system instead [47]. In contrast, the tool UltimateAutomizer [16] uses a generalization of program paths to Büchi Automata in order to remove terminating paths.…”

Section: Termination Of Programsmentioning

confidence: 99%

The Termination and Complexity Competition

Giesl

Rubio

Sternagel

et al. 2019

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

The termination and complexity competition (termCOMP) focuses on automated termination and complexity analysis for various kinds of programming paradigms, including categories for term rewriting, integer transition systems, imperative programming, logic programming, and functional programming. In all categories, the competition also welcomes the participation of tools providing certifiable output. The goal of the competition is to demonstrate the power and advances of the stateof-the-art tools in each of these areas.

show abstract

“…There are a number of related tools that can check pointer programs for memory safety. For example: a combination of ccured [Necula et al 2002] and blast [Henzinger et al 2003] due to Beyer et al [2005], invader [Yang et al 2008], xisa [Laviron et al 2010], slayer [Berdine et al 2011], infer [Calcagno and Distefano 2011], forester [Holík et al 2013], predator [Dudka et al 2013;Holík et al 2016], and aprove [Ströder et al 2017]. These tools can only handle sequential code.…”

Section: Related Workmentioning

confidence: 99%

Pointer life cycle types for lock-free data structures with memory reclamation

Meyer

Wolff

2019

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

We consider the verification of lock-free data structures that manually manage their memory with the help of a safe memory reclamation (SMR) algorithm. Our first contribution is a type system that checks whether a program properly manages its memory. If the type check succeeds, it is safe to ignore the SMR algorithm and consider the program under garbage collection. Intuitively, our types track the protection of pointers as guaranteed by the SMR algorithm. There are two design decisions. The type system does not track any shape information, which makes it extremely lightweight. Instead, we rely on invariant annotations that postulate a protection by the SMR. To this end, we introduce angels, ghost variables with an angelic semantics. Moreover, the SMR algorithm is not hard-coded but a parameter of the type system definition. To achieve this, we rely on a recent specification language for SMR algorithms. Our second contribution is to automate the type inference and the invariant check. For the type inference, we show a quadratic-time algorithm. For the invariant check, we give a source-to-source translation that links our programs to off-the-shelf verification tools. It compiles away the angelic semantics. This allows us to infer appropriate annotations automatically in a guess-and-check manner. To demonstrate the effectiveness of our type-based verification approach, we check linearizability for various list and set implementations from the literature with both hazard pointers and epoch-based memory reclamation. For many of the examples, this is the first time they are verified automatically. For the ones where there is a competitor, we obtain a speed-up of up to two orders of magnitude.Proving lock-free data structures linearizable has received a lot of attention (cf. Section 10). Doherty et al. [2004], for instance, give a mechanized proof of a practical lock-free queue. Such proofs require plenty of manual work and take a considerable amount of time. Moreover, they require an understanding of the proof method and the data structure under consideration. To overcome this drawback, we are interested in automated verification. The cave tool by Vafeiadis [2010a,b], for example, is able to establish linearizability for singly-linked data structures fully automatically.The problem with automated verification for lock-free data structures is its limited applicability. Most techniques are restricted to implementations that assume a garbage collector (GC). This assumption, however, does not apply to all programming languages. Take C/C++ as an example. It does not provide an automatic garbage collector that is running in the background. Instead, it is the programmer's obligation to avoid memory leaks by reclaiming memory that is no longer in use (using delete). In lock-free data structures, this task is much harder than it may seem at first glance. The root of the problem is that threads typically traverse the data structure without synchronization. Hence, there may be threads holding pointers to records that have alread...

show abstract

Automatically Proving Termination and Memory Safety for Programs with Pointer Arithmetic

Cited by 19 publications

References 60 publications

Rely-guarantee bound analysis of parameterized concurrent shared-memory programs

Rely-guarantee bound analysis of parameterized concurrent shared-memory programs

The Termination and Complexity Competition

Pointer life cycle types for lock-free data structures with memory reclamation

Contact Info

Product

Resources

About