Compositional Verification of Procedural Programs using Horn Clauses over Integers and Arrays

TL;DR

This paper introduces a compositional SMT-based verification method for procedural C programs with heap, using Horn clauses and array theories, featuring a novel quantifier elimination and model-based approximation approach.

Contribution

It presents a new quantifier elimination algorithm for array theories and integrates it into a compositional verification framework for procedural programs.

Findings

Successfully verified benchmarks from SV-COMP'15

Achieved polynomial-time under-approximation with MBP

Extended SMT-based verification to handle arrays and heap

Abstract

We present a compositional SMT-based algorithm for safety of procedural C programs that takes the heap into consideration as well. Existing SMT-based approaches are either largely restricted to handling linear arithmetic operations and properties, or are non-compositional. We use Constrained Horn Clauses (CHCs) to represent the verification conditions where the memory operations are modeled using the extensional theory of arrays (ARR). First, we describe an exponential time quantifier elimination (QE) algorithm for ARR which can introduce new quantifiers of the index and value sorts. Second, we adapt the QE algorithm to efficiently obtain under-approximations using models, resulting in a polynomial time Model Based Projection (MBP) algorithm. Third, we integrate the MBP algorithm into the framework of compositional reasoning of procedural programs using may and must summaries recently proposed by us. Our solutions to the CHCs are currently restricted to quantifier-free formulas. Finally, we describe our practical experience over SV-COMP'15 benchmarks using an implementation in the tool SPACER.