Automatically proving termination and memory safety for programs with pointer arithmetic

While automated verification of imperative programs has been studied intensively, proving termination of programs with explicit pointer arithmetic fully automatically was still an open problem. To close this gap, we introduce a novel abstract domain that can track allocated memory in detail. We use it to automatically construct a symbolic execution graph that over-approximates all possible runs of a program and that can be used to prove memory safety. This graph is then transformed into an integer transition system, whose termination can be proved by standard techniques. We implemented this approach in the automated termination prover AProVE and demonstrate its capability of analyzing C programs with pointer arithmetic that existing tools cannot handle

Certified Abstract Interpretation with Pretty-Big-Step Semantics

International audienceThis paper describes an investigation into developing certified abstractinterpreters from big-step semantics using the Coq proof assistant.We base our approach on Schmidt’s abstract interpretationprinciples for natural semantics, and use a pretty-big-step (PBS) semantics,a semantic format proposed by Charguéraud. We proposea systematic representation of the PBS format and implement it inCoq. We then show how the semantic rules can be abstracted in amethodical fashion, independently of the chosen abstract domain,to produce a set of abstract inference rules that specify an abstractinterpreter. We prove the correctness of the abstract interpreter inCoq once and for all, under the assumption that abstract operationsfaithfully respect the concrete ones. We finally show how to definecorrect-by-construction analyses: their correction amounts to provingthey belong to the abstract semantics