Noam Zilberstein,Derek Dreyer,Alexandra Silva

DOI: https://doi.org/10.1145/3586045

2023-03-11

Abstract:Program logics for bug-finding (such as the recently introduced Incorrectness Logic) have framed correctness and incorrectness as dual concepts requiring different logical foundations. In this paper, we argue that a single unified theory can be used for both correctness and incorrectness reasoning. We present Outcome Logic (OL), a novel generalization of Hoare Logic that is both monadic (to capture computational effects) and monoidal (to reason about outcomes and reachability). OL expresses true positive bugs, while retaining correctness reasoning abilities as well. To formalize the applicability of OL to both correctness and incorrectness, we prove that any false OL specification can be disproven in OL itself. We also use our framework to reason about new types of incorrectness in nondeterministic and probabilistic programs. Given these advances, we advocate for OL as a new foundational theory of correctness and incorrectness.

Logic in Computer Science,Programming Languages

S.V. Utyuzhnikov,P. Fantini,M.D. Guenov

DOI: https://doi.org/10.48550/arXiv.math/0512055

2005-12-02

Abstract:In multidisciplinary optimization the designer needs to find solution to optimization problems which include a number of usually contradicting criteria. Such a problem is mathematically related to the field of nonlinear vector optimization where there are many numerical methods capable of providing a solution. However, only a few of those are suitable for real multidisciplinary design in industry because an iteration design circle usually is very time-consuming. This is due to the time scales and computational resources associated with each iterative design cycle. The recently suggested Physical Programming Method appears to match many requirements raised in industrial applications. The method is modified to make its realization easier and more efficient, the main focus being the even generation of the complete Pareto set. The method is used to find the Pareto surface for different test cases.

Optimization and Control

Noam Zilberstein,Angelina Saliling,Alexandra Silva

DOI: https://doi.org/10.1145/3649821

2024-03-14

Abstract:Separation logic's compositionality and local reasoning properties have led to significant advances in scalable static analysis. But program analysis has new challenges -- many programs display computational effects and, orthogonally, static analyzers must handle incorrectness too. We present Outcome Separation Logic (OSL), a program logic that is sound for both correctness and incorrectness reasoning in programs with varying effects. OSL has a frame rule -- just like separation logic -- but uses different underlying assumptions that open up local reasoning to a larger class of properties than can be handled by any single existing logic. Building on this foundational theory, we also define symbolic execution algorithms that use bi-abduction to derive specifications for programs with effects. This involves a new tri-abduction procedure to analyze programs whose execution branches due to effects such as nondeterministic or probabilistic choice. This work furthers the compositionality promised by separation logic by opening up the possibility for greater reuse of analysis tools across two dimensions: bug-finding vs verification in programs with varying effects.

Logic in Computer Science,Programming Languages

P. Schneider-Kamp,J. Giesl,A. Serebrenik,R. Thiemann

DOI: https://doi.org/10.48550/arXiv.0803.0014

2008-09-01

Abstract:There are two kinds of approaches for termination analysis of logic programs: "transformational" and "direct" ones. Direct approaches prove termination directly on the basis of the logic program. Transformational approaches transform a logic program into a term rewrite system (TRS) and then analyze termination of the resulting TRS instead. Thus, transformational approaches make all methods previously developed for TRSs available for logic programs as well. However, the applicability of most existing transformations is quite restricted, as they can only be used for certain subclasses of logic programs. (Most of them are restricted to well-moded programs.) In this paper we improve these transformations such that they become applicable for any definite logic program. To simulate the behavior of logic programs by TRSs, we slightly modify the notion of rewriting by permitting infinite terms. We show that our transformation results in TRSs which are indeed suitable for automated termination analysis. In contrast to most other methods for termination of logic programs, our technique is also sound for logic programming without occur check, which is typically used in practice. We implemented our approach in the termination prover AProVE and successfully evaluated it on a large collection of examples.

Logic in Computer Science,Artificial Intelligence,Programming Languages

Simon Oddershede Gregersen,Alejandro Aguirre,Philipp G. Haselwarter,Joseph Tassarotti,Lars Birkedal

2024-04-12

Abstract:Almost-sure termination is an important correctness property for probabilistic programs, and a number of program logics have been developed for establishing it. However, these logics have mostly been developed for first-order programs written in languages with specific syntactic patterns for looping. In this paper, we consider almost-sure termination for higher-order probabilistic programs with general references. This combination of features allows for recursion and looping to be encoded through a variety of patterns. Therefore, rather than developing proof rules for reasoning about particular recursion patterns, we instead propose an approach based on proving refinement between a higher-order program and a simpler probabilistic model, in such a way that the refinement preserves termination behavior. By proving a refinement, almost-sure termination behavior of the program can then be established by analyzing the simpler model. We present this approach in the form of Caliper, a higher-order separation logic for proving termination-preserving refinements. Caliper uses probabilistic couplings to carry out relational reasoning between a program and a model. To handle the range of recursion patterns found in higher-order programs, Caliper uses guarded recursion, in particular the principle of Löb induction. A technical novelty is that Caliper does not require the use of transfinite step indexing or other technical restrictions found in prior work on guarded recursion for termination-preservation refinement. We demonstrate the flexibility of this approach by proving almost-sure termination of several examples, including first-order loop constructs, a random list generator, treaps, and a sampler for Galton-Watson trees that uses higher-order store. All the results have been mechanized in the Coq proof assistant.

Logic in Computer Science,Programming Languages

Étienne Payet

DOI: https://doi.org/10.1007/s10817-023-09693-z

2024-02-03

Journal of Automated Reasoning

Abstract:In this paper, we define two particular forms of non-termination, namely loops and binary chains , in an abstract framework that encompasses term rewriting and logic programming. The definition of loops relies on the notion of compatibility of binary relations. We also present a syntactic criterion for the detection of a special case of binary chains. Moreover, we describe our implementation NTI and compare its results at the Termination Competition 2023 with those of leading analyzers.

computer science, artificial intelligence

Yi-Dong Shen,Danny De Schreye,Dean Voets

DOI: https://doi.org/10.48550/arXiv.0905.2004

2009-05-13

Abstract:We present a heuristic framework for attacking the undecidable termination problem of logic programs, as an alternative to current termination/non-termination proof approaches. We introduce an idea of termination prediction, which predicts termination of a logic program in case that neither a termination nor a non-termination proof is applicable. We establish a necessary and sufficient characterization of infinite (generalized) SLDNF-derivations with arbitrary (concrete or moded) queries, and develop an algorithm that predicts termination of general logic programs with arbitrary non-floundering queries. We have implemented a termination prediction tool and obtained quite satisfactory experimental results. Except for five programs which break the experiment time limit, our prediction is 100% correct for all 296 benchmark programs of the Termination Competition 2007, of which eighteen programs cannot be proved by any of the existing state-of-the-art analyzers like AProVE07, NTI, Polytool and TALP.

Programming Languages,Artificial Intelligence,Logic in Computer Science

Rupak Majumdar,V.R. Sathiyanarayana

2024-07-24

Abstract:Deciding termination is a fundamental problem in the analysis of probabilistic imperative programs. We consider the qualitative and quantitative probabilistic termination problems for an imperative programming model with discrete probabilistic choice and demonic bounded nondeterminism. The qualitative question asks if the program terminates almost-surely, no matter how nondeterminism is resolved. The quantitative question asks for a bound on the probability of termination. Despite a long and rich literature on the topic, no sound and relatively complete proof systems were known for these problems. In this paper, we provide such sound and relatively complete proof rules for proving qualitative and quantitative termination in the assertion language of arithmetic. Our rules use supermartingales as estimates of the likelihood of a program's evolution and variants as measures of distances to termination. Our key insight is our completeness result, which shows how to construct a suitable supermartingales from an almost-surely terminating program. We also show that proofs of termination in many existing proof systems can be transformed to proofs in our system, pointing to its applicability in practice. As an application of our proof rule, we show an explicit proof of almost-sure termination for the two-dimensional random walker.

Logic in Computer Science

Noam Zilberstein

2024-01-09

Abstract:Starting with Hoare Logic over 50 years ago, numerous sound and relatively complete program logics have been devised to reason about the diverse programs encountered in the real world. This includes reasoning about computational effects, particularly those effects that cause the program execution to branch into multiple paths due to, e.g., nondeterministic or probabilistic choice.

Logic in Computer Science,Programming Languages

Noam Zilberstein,Alexandra Silva,Joseph Tassarotti

2024-11-18

Abstract:Although randomization has long been used in concurrent programs, formal methods for reasoning about this mixture of effects have lagged behind. In particular, no existing program logics can express specifications about the distributions of outcomes resulting from programs that are both probabilistic and concurrent. To address this, we introduce Probabilistic Concurrent Outcome Logic, which incorporates ideas from concurrent and probabilistic separation logics into Outcome Logic to introduce new compositional reasoning principles.

Logic in Computer Science,Programming Languages

Hong-Yi Chen,Cristina David,Daniel Kroening,Peter Schrammel,Bjorn Wachter

DOI: https://doi.org/10.1109/ase.2015.10

2015-01-01

Abstract:Proving program termination is key to guaranteeing absence of undesirable behaviour, such as hanging programs and even security vulnerabilities such as denial-of-service attacks. To make termination checks scale to large systems, interprocedural termination analysis seems essential, which is a largely unexplored area of research in termination analysis, where most effort has focussed on difficult single-procedure problems. We present a modular termination analysis for C programs using template-based interprocedural summarisation. Our analysis combines a context-sensitive, over-approximating forward analysis with the inference of under-approximating preconditions for termination. Bit-precise termination arguments are synthesised over lexicographic linear ranking function templates. Our experimental results show that our tool 2LS outperforms state-of-the-art alternatives, and demonstrate the clear advantage of interprocedural reasoning over monolithic analysis in terms of efficiency, while retaining comparable precision.

Dino Pedreschi,Salvatore Ruggieri,Jan-Georg Smaus

DOI: https://doi.org/10.48550/arXiv.cs/0106050

2002-07-22

Abstract:Termination of logic programs depends critically on the selection rule, i.e. the rule that determines which atom is selected in each resolution step. In this article, we classify programs (and queries) according to the selection rules for which they terminate. This is a survey and unified view on different approaches in the literature. For each class, we present a sufficient, for most classes even necessary, criterion for determining that a program is in that class. We study six classes: a program strongly terminates if it terminates for all selection rules; a program input terminates if it terminates for selection rules which only select atoms that are sufficiently instantiated in their input positions, so that these arguments do not get instantiated any further by the unification; a program local delay terminates if it terminates for local selection rules which only select atoms that are bounded w.r.t. an appropriate level mapping; a program left-terminates if it terminates for the usual left-to-right selection rule; a program exists-terminates if there exists a selection rule for which it terminates; finally, a program has bounded nondeterminism if it only has finitely many refutations. We propose a semantics-preserving transformation from programs with bounded nondeterminism into strongly terminating programs. Moreover, by unifying different formalisms and making appropriate assumptions, we are able to establish a formal hierarchy between the different classes.

Logic in Computer Science,Programming Languages

Yuanrui Zhang,Zhiming Liu

DOI: https://doi.org/10.1016/j.jlamp.2023.100921

IF: 1.088

2024-01-01

Journal of Logical and Algebraic Methods in Programming

Abstract:We propose a dynamic logic DLb called “dynamic logic with branching modalities”, which extends the temporal dynamic logic DLT with a “branching modality” for specifying safety properties of regular programs with tests (simply “regular programs”). Compared to the trace modality of DLT for while programs that do not abort, branching modality of DLb does not exclude aborting traces introduced by regular programs, thus is able to capture a type of safety properties which are important for systems with failure behaviors. Moreover, it is congruent to the compositionality of regular programs so that the proof system naturally extended from that of DLT is proved to be complete for DLb. In this paper, we build the theory of DLb on both propositional and first-ordered levels, defining two logics: propositional DLb (PDLb) and first-ordered DLb (FODLb). PDLb forms the theoretical basis of DLb while FODLb is useful for practical verification. We propose the proof systems for PDLb and FODLb, and analyze their decidability, soundness and (relative) completeness in a formal way, through comparing their expressiveness and deduction capabilities with propositional dynamic logic (PDL) and first-order dynamic logic (FODL) respectively. We show that FODLb is actually an extension of DLT, and illustrate the motivations of using the branching modality through an example.

Yangjia Li,Mingsheng Ying

DOI: https://doi.org/10.1145/3158123

2017-01-01

Proceedings of the ACM on Programming Languages

Abstract:We introduce the notion of linear ranking super-martingale (LRSM) for quantum programs (with nondeterministic choices, namely angelic and demonic choices). Several termination theorems are established showing that the existence of the LRSMs of a quantum program implies its termination. Thus, the termination problems of quantum programs is reduced to realisability and synthesis of LRSMs. We further show that the realisability and synthesis problem of LRSMs for quantum programs can be reduced to an SDP (Semi-Definite Programming) problem, which can be settled with the existing SDP solvers. The techniques developed in this paper are used to analyse the termination of several example quantum programs, including quantum random walks and quantum Bernoulli factory for random number generation. This work is essentially a generalisation of constraint-based approach to the corresponding problems for probabilistic programs developed in the recent literature by adding two novel ideas: (1) employing the fundamental Gleason's theorem in quantum mechanics to guide the choices of templates; and (2) a generalised Farkas' lemma in terms of observables (Hermitian operators) in quantum physics.

Andrew Gacek,Dale Miller,Gopalan Nadathur

DOI: https://doi.org/10.48550/arXiv.0911.2993

2010-09-01

Abstract:Relational descriptions have been used in formalizing diverse computational notions, including, for example, operational semantics, typing, and acceptance by non-deterministic machines. We therefore propose a (restricted) logical theory over relations as a language for specifying such notions. Our specification logic is further characterized by an ability to explicitly treat binding in object languages. Once such a logic is fixed, a natural next question is how we might prove theorems about specifications written in it. We propose to use a second logic, called a reasoning logic, for this purpose. A satisfactory reasoning logic should be able to completely encode the specification logic. Associated with the specification logic are various notions of binding: for quantifiers within formulas, for eigenvariables within sequents, and for abstractions within terms. To provide a natural treatment of these aspects, the reasoning logic must encode binding structures as well as their associated notions of scope, free and bound variables, and capture-avoiding substitution. Further, to support arguments about provability, the reasoning logic should possess strong mechanisms for constructing proofs by induction and co-induction. We provide these capabilities here by using a logic called G which represents relations over lambda-terms via definitions of atomic judgments, contains inference rules for induction and co-induction, and includes a special generic quantifier. We show how provability in the specification logic can be transparently encoded in G. We also describe an interactive theorem prover called Abella that implements G and this two-level logic approach and we present several examples that demonstrate the efficacy of Abella in reasoning about computations.

Logic in Computer Science,Programming Languages

Noam Zilberstein,Dexter Kozen,Alexandra Silva,Joseph Tassarotti

2024-10-30

Abstract:Programs increasingly rely on randomization in applications such as cryptography and machine learning. Analyzing randomized programs has been a fruitful research direction, but there is a gap when programs also exploit nondeterminism (for concurrency, efficiency, or algorithmic design). In this paper, we introduce Demonic Outcome Logic for reasoning about programs that exploit both randomization and nondeterminism. The logic includes several novel features, such as reasoning about multiple executions in tandem and manipulating pre- and postconditions using familiar equational laws -- including the distributive law of probabilistic choices over nondeterministic ones. We also give rules for loops that both establish termination and quantify the distribution of final outcomes from a single premise. We illustrate the reasoning capabilities of Demonic Outcome Logic through several case studies, including the Monty Hall problem, an adversarial protocol for simulating fair coins, and a heuristic based probabilistic SAT solver.

Logic in Computer Science,Programming Languages

D.J.C. Staudt

DOI: https://doi.org/10.48550/arXiv.1206.1936

2012-06-09

Abstract:Left-sequential logics provide a means for reasoning about (closed) propositional terms with atomic propositions that may have side effects and that are evaluated sequentially from left to right. Such propositional terms are commonly used in programming languages to direct the flow of a program. In this thesis we explore two such left-sequential logics. First we discuss Fully Evaluated Left-Sequential Logic, which employs a full evaluation strategy, i.e., to evaluate a term every one of its atomic propositions is evaluated causing its possible side effects to occur. We then turn to Short-Circuit (Left-Sequential) Logic as presented in [BP10b], where the evaluation may be 'short-circuited', thus preventing some, if not all, of the atomic propositions in a term being evaluated. We propose evaluation trees as a natural semantics for both logics and provide axiomatizations for the least identifying variant of each. From this, we define a logic with connectives that prescribe a full evaluation strategy as well as connectives that prescribe a short-circuit evaluation strategy.

Logic in Computer Science

Shaowei Zhu,Zachary Kincaid

DOI: https://doi.org/10.1145/3410313

2021-09-15

Abstract:Determining whether a given program terminates is the quintessential undecidable problem. Algorithms for termination analysis are divided into two groups: (1) algorithms with strong behavioral guarantees that work in limited circumstances (e.g., complete synthesis of linear ranking functions for polyhedral loops [Podelski and Rybalchenko, 2004]), and (2) algorithms that are widely applicable, but have weak behavioral guarantees (e.g., Terminator [Cook et al., 2006]). This paper investigates the space in between: how can we design practical termination analyzers with useful behavioral guarantees? This paper presents a termination analysis that is both compositional (the result of analyzing a composite program is a function of the analysis results of its components) and monotone ("more information into the analysis yields more information out"). The paper has two key contributions. The first is an extension of Tarjan's method for solving path problems in graphs to solve infinite path problems. This provides a foundation upon which to build compositional termination analyses. The second is a collection of monotone conditional termination analyses based on this framework. We demonstrate that our tool ComPACT (Compositional and Predictable Analysis for Conditional Termination) is competitive with state-of-the-art termination tools while providing stronger behavioral guarantees.

Programming Languages

Jianhui Chen,Fei He

DOI: https://doi.org/10.1145/3385412.3386002

2020-01-01

Abstract:Almost-sure termination is the most basic liveness property of probabilistic programs. We present a novel decomposition-based approach for proving almost-sure termination of probabilistic programs with complex control-flow structure and non-determinism. Our approach automatically decomposes the runs of the probabilistic program into a finite union of ω-regular subsets and then proves almost-sure termination of each subset based on the notion of localized ranking supermartingales. Compared to the lexicographic methods and the compositional methods, our approach does not require a lexicographic order over the ranking supermartingales as well as the so-called unaffecting condition. Thus it has high generality. We present the algorithm of our approach and prove its soundness, as well as its relative completeness. We show that our approach can be applied to some hard cases and the evaluation on the benchmarks of previous works shows the significant efficiency of our approach.

Marcel Moosbrugger,Ezio Bartocci,Joost-Pieter Katoen,Laura Kovács

DOI: https://doi.org/10.48550/arXiv.2107.13072

2021-07-28

Abstract:We describe the Amber tool for proving and refuting the termination of a class of probabilistic while-programs with polynomial arithmetic, in a fully automated manner. Amber combines martingale theory with properties of asymptotic bounding functions and implements relaxed versions of existing probabilistic termination proof rules to prove/disprove (positive) almost sure termination of probabilistic loops. Amber supports programs parameterized by symbolic constants and drawing from common probability distributions. Our experimental comparisons give practical evidence of Amber outperforming existing state-of-the-art tools.

Programming Languages