The theory of arrays has been widely investigated. But concatenation, an operator that consistently appears in specifications of functional-correctness verification tools (e.g., Dafny, VeriFast, VST), is not included in most variants of the theory. Arrays with concatenation need better solvers with theoretical guarantees. We formalize a theory of arrays with concatenation, and define the array property fragment with concatenation. Although the array property fragment without concatenation is decidable, the fragment with concatenation is undecidable in general (e.g., when the base theory for array elements is linear integer arithmetic). But we characterize a “tangle-free” fragment; we present an algorithm that classifies verification goals in the array property fragment with concatenation as tangle-free or entangled, and that decides validity of tangle-free goals. We implement the algorithm in Coq and apply it to functional-correctness verification of C programs. The result shows our algorithm is reasonably efficient and reduces a significant amount of human effort in verification tasks. We also give an algorithm for using this array theory solver as a theory solver in SMT solvers.

阵列理论已被广泛研究。但是连接，一个始终出现在功能正确性验证工具（例如，Dafny、VeriFast、VST）规范中的运算符，并不包含在该理论的大多数变体中。具有串联的数组需要具有理论上保证的更好的求解器。我们形式化了串联数组的理论，并定义了串联数组的属性片段。尽管没有串联的数组属性片段是可判定的，但具有串联的片段通常是不可判定的（例如，当数组元素的基本理论是线性整数算术时）。但是我们描述了一个“无缠结”的片段；我们提出了一种算法，该算法将串联的数组属性片段中的验证目标分类为无缠结或缠结，这决定了无缠结目标的有效性。我们在 Coq 中实现该算法并将其应用于 C 程序的功能正确性验证。结果表明我们的算法相当有效，并且减少了验证任务中的大量人力。我们还提供了一种算法，用于将此阵列理论求解器用作 SMT 求解器中的理论求解器。