This work addresses the poor scalability and high verification cost commonly encountered in the deductive verification of data-parallel programs—such as GPU kernels—due to nested quantifiers and array aliasing. The authors propose a provably correct quantifier rewriting technique that automatically generates efficient triggers and introduce a novel reduction mechanism to simplify reasoning about non-aliased or immutable arrays. Implemented within the VerCors verifier and combining automated theorem proving with sequence-based modeling, the approach achieves an average 9× speedup (up to 150×) on representative GPU kernels and, for the first time, successfully verifies a radio telescope pipeline program previously beyond the reach of existing methods.

This paper introduces several techniques that improve the scalability of the deductive verification of data-level programs working on arrays and matrices. First of all, we introduce a technique to rewrite expressions with (nested) quantifiers, so suitable triggers can be generated for these expressions. We have proven this rewrite technique correct in a theorem prover. Second, we make reasoning about potentially overlapping arrays easier, by providing specification constructs to indicate and verify that two arrays are not aliases, or that they are immutable, so they can be modelled as mathematical sequences. All our techniques are implemented in the VerCors program verifier. We illustrate how our techniques improve scalability through a large number of experiments. Using our techniques on a set of typical GPU kernels, we achieve a reduction of verification time by, on average, a factor of 9, with outliers being up to 150 times faster. Additionally, applying these techniques to earlier experiments and an earlier case study of a radio telescope pipeline permitted the verification of results which were previously unobtainable and significantly reduced the verification time.