Putting The Squeeze On Array Programs: Loop Verification Via Inductive Rank Reduction

Automatic verification of array manipulating programs is a challenging problem because it often amounts to the inference of inductive quantified loop invariants which, in some cases, may not even be first-order expressible. In this paper, we suggest a novel verification technique that is based on induction on user-defined rank of program states as an alternative to loop-invariants. Our technique, dubbed inductive rank reduction, works in two steps. Firstly, we simplify the verification problem and prove that the program is correct when the input state contains an input array of length l(B) or less, using the length of the array as the rank of the state. Secondly, we employ a squeezing function gamma which converts a program state s with an array of length l > l(B) to a state gamma(sigma) containing an array of length l - 1 or less. We prove that when gamma satisfies certain natural conditions then if the program violates its specification on s then it does so also on gamma(sigma). The correctness of the program on inputs with arrays of arbitrary lengths follows by induction.We make our technique automatic for array programs whose length of execution is proportional to the length of the input arrays by (i) performing the first step using symbolic execution, (ii) verifying the conditions required of gamma using Z3, and (iii) providing a heuristic procedure for synthesizing gamma . We implemented our technique and applied it successfully to several interesting array-manipulating programs, including a bidirectional summation program whose loop invariant cannot be expressed in first-order logic while its specification is quantifier-free.