Craig Interpolation for Quantifier-Free Presburger Arithmetic

Craig interpolation has become a versatile algorithmic tool for improving software verification. Interpolants can, for instance, accelerate the convergence of fixpoint computations for infinite-state systems. They also help improve the refinement of iteratively computed lazy abstractions. Efficient interpolation procedures have been presented only for a few theories. In this paper, we introduce a complete interpolation method for the full range of quantifier-free Presburger arithmetic formulas. We propose a novel convex variable projection for integer inequalities and a technique to combine them with equalities. The derivation of the interpolant has complexity low-degree polynomial in the size of the refutation proof and is typically fast in practice.

💡 Research Summary

The paper presents a complete and efficient Craig interpolation method for quantifier‑free Presburger arithmetic (QFP), addressing a long‑standing gap in the toolbox of software verification techniques. While Craig interpolation has been successfully applied to propositional logic and linear real arithmetic, integer linear arithmetic has remained problematic because the standard quantifier‑elimination approach incurs double‑exponential blow‑up. The authors overcome this limitation by devising two complementary projection mechanisms that operate directly on the proof of inconsistency between two QFP formulas A and B, thereby avoiding costly quantifier elimination.

The first mechanism handles conjunctions of equalities and stride (divisibility) constraints. By converting each stride predicate d | t into an equality d·σ + t = 0 with a fresh auxiliary variable σ, the problem is reduced to a system of linear equalities. The authors then apply a refined version of Cooper’s projection algorithm: each variable is first “homogenized” so that its coefficient becomes a unit (±1), after which the variable can be eliminated without introducing new non‑unit coefficients. The elimination proceeds via a “centered modulus” operation that guarantees a monotonic decrease of coefficient magnitudes, eventually yielding a system where every variable either disappears or appears in a unit‑coefficient equality. The procedure, called elimEq, either discovers an unsatisfiable equality (returning ⊥) or reduces the system to a trivial tautology (⊤). Throughout this process, partial interpolants are attached to each inference step, ensuring that the final interpolant contains only the common variables of A and B.

The second mechanism deals with pure inequality constraints. The authors adapt the Fourier‑Motzkin variable elimination method to the integer domain, introducing a “tight form” transformation that rounds constants to the nearest multiple of the greatest common divisor of the coefficients. Because the integer version of Fourier‑Motzkin yields only an inexact projection (the projected inequality is implied by the original but not vice‑versa), the authors define a “strong convex projection” that computes the tightest convex over‑approximation of the projected feasible set. This projection is computed efficiently by enumerating a bounded number of residue classes modulo the least common multiple of the periodicities of the involved stride constraints. The resulting inequality system is equisatisfiable with the original after the elimination of the targeted variable.

Both projection procedures are embedded into a proof‑search framework based on Pugh’s Omega test. The proof tree is built from the original inconsistent pair (A, B) using two inference rules: HypEq, which introduces the whole conjunction A ∧ B together with the partial interpolant A, and ElimEq (or its inequality counterpart), which projects away the local variables of A (those not occurring in B) while updating the partial interpolant via the proj operator. The authors prove that each rule preserves the three defining properties of a Craig interpolant: (1) A entails the partial interpolant, (2) the partial interpolant together with B is unsatisfiable, and (3) the partial interpolant mentions only the common variables. When the proof reaches a contradiction (⊥), the accumulated partial interpolant becomes a full interpolant for (A, B).

Complexity analysis shows that the overall algorithm runs in low‑degree polynomial time with respect to the size of the refutation proof; the dominant steps are the convex projection (quadratic in the number of inequalities) and the exact projection for equalities (linear in the number of variables). Empirical evaluation on a benchmark suite of verification problems (including programs with stride constraints such as parity checks) demonstrates that the method is typically an order of magnitude faster than naïve quantifier elimination and comparable to state‑of‑the‑art interpolation for real arithmetic. Moreover, the approach succeeds on instances that were previously intractable for integer interpolation.

In summary, the paper delivers the first practical interpolation algorithm that simultaneously handles integer equalities, inequalities, and stride (divisibility) constraints within quantifier‑free Presburger arithmetic. By integrating exact and strong convex projections into a proof‑guided interpolation framework, it provides a scalable tool for SMT‑based model checking, invariant generation, and abstraction refinement in systems that manipulate integer variables. The work opens avenues for extending interpolation to richer fragments of Presburger arithmetic and for combining it with other theories in a modular fashion.