ABSTRACT
Program termination is central to the process of ensuring that systems code can always react. We describe a new program termination prover that performs a path-sensitive and context-sensitive program analysis and provides capacity for large program fragments (i.e. more than 20,000 lines of code) together with support for programming language features such as arbitrarily nested loops, pointers, function-pointers, side-effects, etc.We also present experimental results on device driver dispatch routines from theWindows operating system. The most distinguishing aspect of our tool is how it shifts the balance between the two tasks of constructing and respectively checking the termination argument. Checking becomes the hard step. In this paper we show how we solve the corresponding challenge of checking with binary reachability analysis.
- I. Balaban, A. Pnueli, and L. D. Zuck. Shape analysis by predicate abstraction. In VMCAI'2005: Verification, Model Checking, and Abstract Interpretation, volume 3385 of LNCS. Springer, 2005. Google Scholar
Digital Library
- T. Ball, E. Bounimova, B. Cook, V. Levin, J. Lichtenberg, C. McGarvey, B. Ondrusek, S. K. Rajamani, and A. Ustuner. Thorough static analysis of device drivers. In EuroSys'06: European Systems Conference, 2006. Google Scholar
Digital Library
- A. Biere, C. Artho, and V. Schuppan. Liveness checking as safety checking. In FMICS'02: Formal Methods for Industrial Critical Systems, volume 66(2) of ENTCS, 2002.Google Scholar
- B. Blanchet, P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. A static analyzer for large safetycritical software. In PLDI'2003: Programming Language Design and Implementation, pages 196--207. ACM Press, 2003. Google Scholar
Digital Library
- F. Bourdoncle. Abstract debugging of higher-order imperative languages. In PLDI'1993: Programming Language Design and Implementation, pages 46--55. ACM Press, 1993. Google Scholar
Digital Library
- A. Bradley, Z. Manna, and H. Sipma. Linear ranking with reachability. In CAV'05: Conference on Computer Aided Verification, volume 3576 of LNCS. Springer, 2005. Google Scholar
Digital Library
- A. Bradley, Z. Manna, and H. Sipma. Termination of polynomial programs. In VMCAI'2005: Verification, Model Checking, and Abstract Interpretation, volume 3385 of LNCS. Springer, 2005. Google Scholar
Digital Library
- E. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. In TACAS'04: Tools and Algorithms for the Construction and Analysis of Systems, volume 2988 of LNCS, pages 168--176. Springer, 2004.Google Scholar
- M. Codish and C. Taboch. A semantic basis for the termination analysis of logic programs. The Journal of Logic Programming, 41(1):103--123, 1999.Google Scholar
Cross Ref
- M. Colón and H. Sipma. Practical methods for proving program termination. In CAV'2002: Computer Aided Verification, volume 2404 of LNCS, pages 442--454. Springer, 2002. Google Scholar
Digital Library
- E. Contejean, C. Marché, B. Monate, and X. Urbain. Proving Termination of Rewriting with CiME. In Extended Abstracts of the 6th International Workshop on Termination, WST'03, pages 71--73, June 2003.Google Scholar
- B. Cook, D. Kroening, and N. Sharygina. Cogent: Accurate theorem proving for program verification. In CAV'05: Conference on Computer Aided Verification, 2005. Google Scholar
Digital Library
- B. Cook, A. Podelski, and A. Rybalchenko. Abstraction refinement for termination. In SAS'2005: Static Analysis Symposium, volume 3672 of LNCS, pages 87--101. Springer, 2005. Google Scholar
Digital Library
- P. Cousot. Proving program invariance and termination by parametric abstraction, lagrangian relaxation and semidefinite programming. In VMCAI'2005: Verification, Model Checking, and Abstract Interpretation, volume 3385 of LNCS. Springer, 2005. Google Scholar
Digital Library
- R. W. Floyd. Assigning meanings to programs. In J. T. Schwartz, editor, Mathematical Aspects of Computer Science, volume 19 of Proceedings of Symposia in Applied Mathematics, pages 19--32. American Mathematical Society, 1967.Google Scholar
- J. Giesl, R. Thiemann, P. Schneider-Kamp, and S. Falke. Automated termination proofs with AProVE. In RTA'2004: Rewriting Techniques and Applications, volume 3091 of LNCS, pages 210--220. Springer, 2004.Google Scholar
- T. A. Henzinger, R. Jhala, R. Majumdar, and K. L. McMillan. Abstractions from proofs. In POPL'2004: Principles of Programming Languages, pages 232--244. ACM Press, 2004. Google Scholar
Digital Library
- C. S. Lee, N. D. Jones, and A. M. Ben-Amram. The size-change principle for program termination. In POPL'2001: Principles of Programming Languages, volume 36, 3 of ACM SIGPLAN Notices, pages 81--92. ACM Press, 2001. Google Scholar
Digital Library
- N. Lindenstrauss, Y. Sagiv, and A. Serebrenik. TermiLog: A system for checking termination of queries to logic programs. In CAV'97: Computer-Aided Verification, LNCS, pages 444--447. Springer, 1997. Google Scholar
Digital Library
- Z. Manna and A. Pnueli. Temporal verification of reactive systems: Safety. Springer, 1995. Google Scholar
Digital Library
- Microsoft Corporation. Windows Static Driver Verifier. Available at www.microsoft.com/whdc/devtools/tools/SDV.mspx, July 2004.Google Scholar
- A. Podelski and A. Rybalchenko. A complete method for the synthesis of linear ranking functions. In VMCAI'2004: Verification, Model Checking, and Abstract Interpretation, volume 2937 of LNCS, pages 239--251. Springer, 2004.Google Scholar
Cross Ref
- A. Podelski and A. Rybalchenko. Transition invariants. In LICS'2004: Logic in Computer Science, pages 32--41. IEEE, 2004. Google Scholar
Digital Library
- A. Turing. On computable numbers, with an application to the Entscheidungsproblem. London Mathematical Society, 42(2):230--265, 1936.Google Scholar
- E. Yahav, T. Reps, M. Sagiv, and R.Wilhelm. Verifying temporal heap properties specified via evolution logic. In ESOP'2003: European Symp. on Programming, volume 2618 of LNCS, pages 204--222. Springer, 2003. Google Scholar
Digital Library
Index Terms
Termination proofs for systems code
Recommendations
Termination proofs for systems code
Proceedings of the 2006 PLDI ConferenceProgram termination is central to the process of ensuring that systems code can always react. We describe a new program termination prover that performs a path-sensitive and context-sensitive program analysis and provides capacity for large program ...
Proving non-termination
POPL '08: Proceedings of the 35th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesThe search for proof and the search for counterexamples (bugs) are complementary activities that need to be pursued concurrently in order to maximize the practical success rate of verification tools.While this is well-understood in safety verification, ...
Proving non-termination
POPL '08The search for proof and the search for counterexamples (bugs) are complementary activities that need to be pursued concurrently in order to maximize the practical success rate of verification tools.While this is well-understood in safety verification, ...







Comments