Proving thread termination

Byron Cook, Andreas Podelski, Andrey Rybalchenko
2007 Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation - PLDI '07  
Concurrent programs are often designed such that certain functions executing within critical threads must terminate. Examples of such cases can be found in operating systems, web servers, email clients, etc. Unfortunately, no known automatic program termination prover supports a practical method of proving the termination of threads. In this paper we describe such a procedure. The procedure's scalability is achieved through the use of environment models that abstract away the surrounding
more » ... . The procedure's accuracy is due to a novel method of incrementally constructing environment abstractions. Our method finds the conditions that a thread requires of its environment in order to establish termination by looking at the conditions necessary to prove that certain paths through the thread represent well-founded relations if executed in isolation of the other threads. The paper gives a description of experimental results using an implementation of our procedure on Windows device drivers, and a description of a previously unknown bug found with the tool. KeAcquireSpinLock(&Ext->SpinLock, &irql); do { irp = DequeueReadByFileObject(Ext, FileObject); if (irp) { irp->IoStatus.Status = STATUS_CANCELLED; irp->IoStatus.Information = 0; InsertTailList (&listHead,LinkPtr(irp)); } } while (irp != NULL); KeReleaseSpinLock(&Ext->SpinLock, irql);
doi:10.1145/1250734.1250771 dblp:conf/pldi/CookPR07 fatcat:ebzzv2ikjvhfhogav576olu6be