Bit-Precise Procedure-Modular Termination Analysis

Abstract: Non-termination is the root cause of a variety of program bugs, such as hanging programs and denial-ofservice vulnerabilities. This makes an automated analysis that can prove the absence of such bugs highly desirable. To scale termination checks to large systems, an interprocedural termination analysis seems essential. This is a largely unexplored area of research in termination analysis, where most effort has focussed on small but difficult single-procedure problems.We present a modular termination analysis f… Show more

“…While triangular loops are a very restricted subclass of general integer programs, integer programs often contain such loops. Hence, tools for termination analysis of such programs (e.g., [5,6,7,8,10,11,12]) could benefit from integrating our decision procedure and applying it whenever a sub-program is an affine triangular loop.…”

“…(A − c k I) is the zero matrix. 6 Here, I is the identity matrix. So an easy example for a triangular loop where the update matrix is not diagonalizable is the following well-known program (see, e.g., [2]): while x > 0 do x ← x + y; y ← y − 1 It terminates as y eventually becomes negative and then x decreases in each iteration.…”

Termination of Triangular Integer Loops is Decidable

“…While triangular loops are a very restricted subclass of general integer programs, integer programs often contain such loops. Hence, tools for termination analysis of such programs (e.g., [5,6,7,8,10,11,12]) could benefit from integrating our decision procedure and applying it whenever a sub-program is an affine triangular loop.…”

“…(A − c k I) is the zero matrix. 6 Here, I is the identity matrix. So an easy example for a triangular loop where the update matrix is not diagonalizable is the following well-known program (see, e.g., [2]): while x > 0 do x ← x + y; y ← y − 1 It terminates as y eventually becomes negative and then x decreases in each iteration.…”

Termination of Triangular Integer Loops is Decidable

“…At its core, it uses the kIkI algorithm (k-invariants and k-induction) [1], which integrates bounded model checking, k-induction, and abstract interpretation into a single, scalable framework. kIkI relies on incremental SAT solving in order to find proofs and refutations of assertions, as well as to perform termination analysis [2].…”

“…The competition submission is based on 2LS version 0.8. 2 The archive contains the binaries needed to run 2LS (2ls-binary, goto-cc), and so no further installation is needed. There is also a wrapper script 2ls which is used by Benchexec to run the tools over the verification benchmarks.…”

2LS: Heap Analysis and Memory Safety

“…2LS is a static analysis and verification tool for sequential C programs that is based on an algorithm called kIkI (k-invariants and k-induction) [1], which combines bounded model checking, k-induction, and abstract interpretation into a single, scalable framework. 2LS relies on incremental SAT solving to employ all these techniques simultaneously in order to find proofs and refutations of assertions, as well as to perform termination analysis [2]. This year's competition version introduces a new abstract shape domain allowing 2LS to reason about properties of programs manipulating heap and dynamic data structures, and a non-termination analysis, which serves as a counterpart to the existing termination analysis and allows 2LS to prove nontermination of a program.…”

2LS: Memory Safety and Non-termination