A Specialization Calculus for Pruning Disjunctive Predicates to Support Verification Wei-Ngan Chin 1 , Cristian Gherghina 1 , R˘ azvan Voicu 1 Florin Craciun 1 , and Shengchao Qin 2 Department of Computer Science, National University of Singapore School of Computing, Teeside University Abstract. Separation logic-based abstraction mechanisms, enhanced with user- defined inductive predicates, represent a powerful, expressive means of specify- ing heap-based data structures with strong invariant properties. However, expres- sive power comes at a cost: the manipulation of such logics typically requires the unfolding of disjunctive predicates which may lead to expensive proof search. We address this problem by proposing a predicate specialization technique that allows efficient symbolic pruning of infeasible disjuncts inside each predicate in- stance. Our technique is presented as a calculus whose derivations preserve the satisfiability of formulas, while reducing the subsequent cost of their manipula- tion. Initial experimental results have confirmed significant speed gains from the deployment of predicate specialization. While specialization is a familiar tech- nique for code optimization, its use in program verification is new. 1 Introduction Abstraction mechanisms are important for modelling and analyzing programs. Recent developments allow richer classes of properties to be expressed via user-defined pred- icates for capturing commonly occurring patterns of program properties. Separation logic-based abstraction mechanisms represent one such development. As an example, the following predicate captures an abstraction of a sorted doubly-linked list. data node { int val; node prev; node next; } dll(root, p, n, S) ≡ root=null ∧ n=0 ∧ S={} ∨∃v, q, S 1 · root→node(v, p, q) ∗ dll(q, root, n−1, S 1 ) ∧S = S 1 ∪{v}∧∀a∈S 1 · v≤a inv n≥0; In this definition root denotes a pointer into the list, n the length of the list, S repre- sents its set of values, whereas p denotes a backward pointer from the first node of the doubly-linked list. The invariant n≥0 must hold for all instances of this predicate. We clarify the following points. Firstly, spatial conjunction, denoted by the sym- bol ∗, provides a concise way of describing disjoint heap spaces. Secondly, this abstrac- tion mechanism is inherently infinite, due to recursion in predicate definition. Thirdly, a predicate definition is capable of capturing multiple features of the data structure it models, such as its size and set of values. While this richer set of features can enhance the precision of a program analysis, it inevitably leads to larger disjunctive formulas.