Diffy: Inductive Reasoning of Array Programs using Difference Invariants

We present a novel verification technique to prove interesting properties of a class of array programs with a symbolic parameter N denoting the size of the array. The technique relies on constructing two slightly different versions of the program. It infers difference relations between the corresponding variables at key control points of the joint control-flow graph of the two program versions. The inferred difference invaraints are agnostic of the post-condition to be proved and are typically much simpler than the inductive invariants needed for proving the post-condition directly. We formulate a new technique to prove the desired post-condition by inducting on the program parameter N, in which the difference invariants are crucially used in the key inductive step. This contrasts with classical techniques that rely on finding potentially complex loop invaraints for each loop in the program. Our synergistic combination of inductive reasoning and finding simple difference invariants helps prove properties of programs that cannot be proved even by the winner of Arrays sub-category from SV-COMP 2021. We have implemented a prototype tool called diffy to demonstrate these ideas. We show the results on a set of benchmarks and compare its performance vis-a-vis state-of-the-art tools for verifying array programs.