This work addresses the challenge of effectively expressing and checking scope constraints on variable declarations—such as integer overflow—in program verification. It introduces, for the first time in the VerCors verifier, a predicate subtyping mechanism that allows a single variable to combine multiple subtypes and enforces a strict mode ensuring all subexpressions satisfy their respective constraints. The approach automatically generates verification specifications from variable declarations, significantly enhancing both expressiveness and verification precision. A prototype implementation has been integrated into VerCors, and empirical evaluation demonstrates its effectiveness in supporting the declaration and verification of complex range constraints, thereby strengthening static detection of safety issues like overflow.

Predicate subtypes provide an attractive mechanism to specify range constraints on variable declarations. This paper discusses how we add support for predicate subtypes to the VerCors program verifier. Our approach automatically generates appropriate specifications from predicate subtype declarations. It provides support to easily combine multiple subtypes for a single variable declaration. Moreover, in order to use predicate subtypes for overflow checking, a special strict mode is introduced, where every subexpression also has to stay within the declared subtype. A prototype implementation is integrated into the VerCors verifier.