Download PDFOpen PDF in browser

Reasoning About Loops Using Vampire

11 pagesPublished: February 23, 2016

Abstract

In 2009, the symbol elimination method for loop invariant generation
was introduced, which used saturation
theorem proving in first-order logic to generate quantified invariants
of programs with arrays. Symbol elimination is fully automatic,
requires no user guidance, and it is the first ever approach able to
generate invariants with alternations of quantifiers. In this paper
we describe a number of improvements and extensions to symbol
elimination and invariant generation using first-order theorem
proving, in particular the Vampire theorem prover. Rather than being
limited to a specific programming language, our approach to reasoning
about loops in Vampire relies on a simple guarded command language for
its input, which can be used as an interface for more complex and
realistic imperative languages. We propose new ways for extending
quantified loop properties describing valid loop properties, by
simplifying the properties over array updates and next state
relations. We also extend symbol elimination with pre- and
post-conditions of loops. We use the loop specification to generate
only invariants that are relevant, that is, invariants that are needed
for proving partial correctness of loops. Further, we turn symbol
elimination into an automatic approach proving program correctness,
providing an alternative method to Hoare-rule based loop verification
or other deductive systems. We present our newly redesigned
implementation of loop reasoning in Vampire and also report on
experimental results.

Keyphrases: automated reasoning, first-order theorem proving, invariant generation, program analysis, symbol elimination

In: Laura Kovács and Andrei Voronkov (editors). Proceedings of the 1st and 2nd Vampire Workshops, vol 38, pages 52--62

Download PDFOpen PDF in browser