LARA – Lab for Automated Reasoning and Analysis -

Pre-Computation of post in Predicate Abstraction

There is an alternative definition, which can be used to convert the above problem into a finite-state exploration problem. (It will be particularly useful if we consider an extension from conjunctions to disjunction of conjunctions.)

The condition

$\begin{equation*} \forall x,y,x',y'.\ (\bigwedge_{P\in a} P(x,y)) \land R(x,y,x',y') \rightarrow P'(x',y') \end{equation*}$

is equivalent to the validity of the formula

$\begin{equation*} (\bigwedge_{P\in a} P) \rightarrow wp(R, P') \end{equation*}$

Fix a predicate $P'$ . Consider all $a \subseteq {\cal P}$ for which the above condition holds, define them as

$\begin{equation*} suf(R,P') = \{ a \mid (\bigwedge_{P\in a} P) \rightarrow wp(R, P') \} \end{equation*}$

Clearly, if $a_1 \in suf(R,P')$ and $a_1 \subseteq a_2$ , then also $a_2 \in suf(R,P')$ . So, we can represent $suf(R,P')$ using its minimal elements $sufm(R,P')$ . These are minimal sufficient sets of predicates that ensure that $P'$ holds.

Then, we can define equivalently

$\begin{equation*} sp^\#(a,R) = \{ P' \mid \exists a' \in sufm(R,P').\ a' \subseteq a \} \end{equation*}$

The advantage of this definition is that we compute $sufm$ for a given predicate $P'$ and command given by $R$ , and then we can efficiently compute $sp^{\#}$ for all abstract values $a$ by checking inclusion of finite sets.

Approximation: The set $sufm(R,P')$ can have up to $2^{|{\cal P}|}$ elements. To avoid this, we can restrict it to only those subsets $a'$ that have at most e.g. 3 predicates.

Note that using smaller $sufm$ means that some $a'$ will be missing, the condition will be false in some cases, and in those cases $P'$ will not be included in the postcondition, so the resulting abstract element will be larger in the lattice. So the approach is still correct, just not as precise.