Simpler proofs with decentralized invariants

When verifying programs where the data have some recursive structure, it is natural to make use of global invariants that are themselves recursively defined. Though this is mathematically elegant, this makes the proofs more complex, as the preservation of these invariants now requires induction. In particular, this makes the proofs less amenable to automation. An alternative is to use local invariants attached to individual components of the structure and which only involve a bounded number of elements. We call these decentralized invariants. When the structure is updated, the footprint of the modification only impacts a bounded number of invariants and reestablishing them does not require induction. In this paper, we illustrate this idea on three non-trivial programs, for which we achieve fully automated proofs.