Terminator: Beyond Safety

(Tool Paper)
  • Byron Cook
  • Andreas Podelski
  • Andrey Rybalchenko
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4144)


Previous symbolic software model checkers (i.e., program analysis tools based on predicate abstraction, pushdown model checking and iterative counterexample-guided abstraction refinement, etc.) are restricted to safety properties. Terminator is the first software model checker for termination. It is now being used to prove that device driver dispatch routines always return to their caller (or return counterexamples if they if they fail to terminate).


Model Check Ranking Function Transitive Closure Safety Property Abstract Interpretation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., Ustuner, A.: Thorough static analysis of device drivers. In: EuroSys 2006: European Systems Conference, pp. 73–85 (2006)Google Scholar
  2. 2.
    Bradley, A., Manna, Z., Sipma, H.: Termination of polynomial programs. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 113–129. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. In: ICSE 2003: International Conference on Software Engineering, pp. 385–395. IEEE, Los Alamitos (2003)Google Scholar
  4. 4.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Codish, M., Taboch, C.: A semantic basis for the termination analysis of logic programs. The Journal of Logic Programming 41(1), 103–123 (1999)MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Colón, M., Sipma, H.: Practical methods for proving program termination. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 442–454. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Cook, B., Podelski, A., Rybalchenko, A.: Abstraction refinement for termination. In: Hankin, C., Siveroni, I. (eds.) SAS 2005. LNCS, vol. 3672, pp. 87–101. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Cook, B., Podelski, A., Rybalchenko, A.: Termination proofs for systems code. In: PLDI 2006: Programming Language Design and Implementation (to appear, 2006)Google Scholar
  9. 9.
    Cousot, P.: Proving program invariance and termination by parametric abstraction, lagrangian relaxation and semidefinite programming. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 1–24. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: POPL 1979: Principles of Programming Languages, pp. 269–282. ACM Press, New York (1979)Google Scholar
  11. 11.
    Giesl, J., Thiemann, R., Schneider-Kamp, P., Falke, S.: Automated termination proofs with AProVE. In: van Oostrom, V. (ed.) RTA 2004. LNCS, vol. 3091, pp. 210–220. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Henzinger, T.A., Jhala, R., Majumdar, R., McMillan, K.L.: Abstractions from proofs. In: POPL 2004: Principles of Programming Languages, pp. 232–244. ACM Press, New York (2004)Google Scholar
  13. 13.
    Lee, C.S., Jones, N.D., Ben-Amram, A.M.: The size-change principle for program termination. In: POPL 2001: Principles of Programming Languages. vol. 36, 3 of ACM SIGPLAN Notices, pp. 81–92. ACM Press, New York (2001)Google Scholar
  14. 14.
    Lindenstrauss, N., Sagiv, Y., Serebrenik, A.: TermiLog: A system for checking termination of queries to logic programs. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 444–447. Springer, Heidelberg (1997)Google Scholar
  15. 15.
    Microsoft Corporation. Windows Static Driver Verifier (July 2004), Available at: www.microsoft.com/whdc/devtools/tools/SDV.mspx
  16. 16.
    Podelski, A., Rybalchenko, A.: A complete method for the synthesis of linear ranking functions. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 239–251. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  17. 17.
    Podelski, A., Rybalchenko, A.: Transition invariants. In: LICS 2004: Logic in Computer Science, pp. 32–41. IEEE, Los Alamitos (2004)Google Scholar
  18. 18.
    Podelski, A., Rybalchenko, A.: Transition predicate abstraction and fair termination. In: POPL 2005: Principles of Programming Languages, pp. 132–144. ACM Press, New York (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Byron Cook
    • 1
  • Andreas Podelski
    • 2
    • 3
  • Andrey Rybalchenko
    • 2
    • 4
  1. 1.Microsoft Research 
  2. 2.Max-Planck-Institut für Informatik 
  3. 3.Institut für InformatikUniversität Freiburg 
  4. 4.EPFL 

Personalised recommendations