Craig interpolation is a widespread method in verification, with important applications such as Predicate Abstraction, CounterExample Guided Abstraction Refinement and Lazy Abstraction With Interpolants. Most state-of-the-art model checking techniques based on interpolation require collections of interpolants to satisfy particular properties, to which we refer as "collectives"; they do not hold in general for all interpolation systems and have to be established for each particular system and verification environment. Nevertheless, no systematic approach exists that correlates the individual interpolation systems and compares the necessary collectives. This paper proposes a uniform framework, which encompasses (and generalizes) the most common collectives exploited in verification. We use it for a systematic study of the collectives and of the constraints they pose on propositional interpolation systems used in SAT-based model checking.Craig interpolation is a popular approach in verification [13,12] with notable applications such as Predicate Abstraction [9], CounterExample Guided Abstraction Refinement (CEGAR) [6], and Lazy Abstraction With Interpolants (LAWI) [14].Formally, given two formulae A and B such that A ∧ B is unsatisfiable, a Craig interpolant is a formula I such that A implies I, I is inconsistent with B and I is defined over the atoms (i.e., propositional variables) common to A and B. It can be seen as an over-approximation of A that is still inconsistent with B 3 . In model checking applications, A typically encodes some finite program traces, and B denotes error locations. In this case, an interpolant I represents a set of safe states that over-approximate the states reachable in A.In most verification tasks, a single interpolant, i.e., a single subdivision of constraints into two groups A and B, is not sufficient. For example, consider ⋆ This material is based upon work funded and supported by the Department of Defense under Contract No. FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. This material has been approved for public release and unlimited distribution. DM-0000469.3 We write Itp(A | B) for an interpolant of A and B, and IA when B is clear from the context.Theorem 18. A family {Itp S1 , . . . , Itp Sn } has n-SA iff for all k ≤ n all the subfamilies {Itp Si 1 , . . . , Itp Si k } have k-SA. Proof. The proof works as in Theorem 17. Theorem 19. A family {Itp S0 , . . . , Itp Sn } has n-PI iff for all k ≤ n the subfamily {Itp S0 , . . . , Itp S k } has k-PI.Proof. The proof works as in Theorem 2.Theorem 20. For a given tree T = (V, E), a family {Itp Si } i∈V has T -TI iff for every subtree T ′ = (V ′ , E ′ ) of T , the family {Itp Sj } j∈V ′ has T ′ -TI.
