We present Universal Property Directed Reachability (PDR~{arbitrary}), a property-directed procedure for automatic inference of invariants in a universal fragment of first-order logic. PDR~{arbitrary} is an extension of Bradley's PDR/IC3 algorithm for inference of propositional invariants. PDR~{arbitrary} terminates when it either discovers a concrete counterexample, infers an inductive universal invariant strong enough to establish the desired safety property, or finds a proof that such an invariant does not exist. We implemented an analyzer based on PDR~{arbitrary}, and applied it to a collection of list-manipulating programs. Our analyzer was able to automatically infer universal invariants strong enough to establish memory safety and certain functional correctness properties, show the absence of such invariants for certain natural programs and specifications, and detect bugs. All this, without the need for user-supplied abstraction predicates.
展开▼
