Mechanical inference of invariants for FOR-loops

AbstractIn the mechanical verification of programs containing loops it is often necessary to provide loop invariants additionally to the specification in the form of pre and postconditions. In this paper we present a method for the mechanical inference of invariants for a practically relevant class of FOR-loops. The invariant is derived from the specification (pre, post) and the final bound of the loop only. The method is based on the technique “replacing a constant in post by a variable”, which has traditionally been used manually for the development of WHILE-loops. Our method is a complete mechanization of this heuristic for the verification of existing annotated FOR-loops. The range of applicability of the method is further extended by a technique called “bound transformation” and by taking common invariant conjuncts of pre and post into account. As a result, the method is applicable to the majority of FOR-loops occurring in practice.The incorporation of this method into an automatic program verifier would make the task of the SW engineer easier, because he has only to provide a pre–post-specification for a FOR-loop