Efficient Directionless Weakest Preconditions

Verification condition (VC) generation is a fundamental part of many program analysis and applications, including proving program correctness, automatic test case generation, and proof carrying code. One might imagine VC applications would use the theoretically most appealing VC generation algorithm. This is often not the case. The most theoretically appealing algorithms are based upon weakest preconditions, and generate VCs at most O(M) for M program statements, however they process statements from last to first. In practice, many application domains choose forward symbolic execution (FSE), which generates predicates O(2 ) in size. FSE is chosen because it builds VCs in execution order, which allows a number of pragmatic optimizations. We reconcile the differences between FSE and WP by proposing a new directionless weakest precondition that can be run in both the forward and backward direction. Our algorithm provides the more attractive O(M) VC generation time and predicate size while allowing VC generation in execution order, which is what makes FSE attractive in practice. Thus, our algorithm can act as a “drop-in” replacement for either algorithm. We provide proofs of correctness, size, and generation time. We also show a correspondence between FSE and WP for deterministic programs, and perhaps surprisingly that they are not equivalent for the full class of GCL programs.