Polynomial reachability witnesses via Stellensätze

Asadi, Ali Al; Chatterjee, Krishnendu; Fu, Hongfei; Goharshady, Amir Kafshdar; Mahdavi, Mohammad

doi:10.1145/3453483.3454076

Cited by 17 publications

(12 citation statements)

References 81 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An example of an SI-indicator for our running example in Fig. 1 is given in (2). The following theorem formalizes the above intuition and is our main result of this section.…”

Section: A Sound and Complete Characterization Of Sissupporting

confidence: 59%

“…We now provide template-based relatively complete algorithms for simultaneous and automated synthesis of SI-indicators and RSMs, in order to solve the quantitative termination problem over pCFGs with affine/polynomial arithmetic. Our approach builds upon the ideas of [2,9] for qualitative and non-probabilistic cases.…”

Section: Automated Template-based Synthesis Algorithmmentioning

confidence: 99%

See 1 more Smart Citation

Sound and Complete Certificates for Quantitative Termination Analysis of Probabilistic Programs

Chatterjee

Goharshady

Meggendorfer

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We consider the quantitative problem of obtaining lower-bounds on the probability of termination of a given non-deterministic probabilistic program. Specifically, given a non-termination threshold $$p \in [0, 1],$$ p ∈ [ 0 , 1 ] , we aim for certificates proving that the program terminates with probability at least $$1-p$$ 1 - p . The basic idea of our approach is to find a terminating stochastic invariant, i.e. a subset $$ SI $$ SI of program states such that (i) the probability of the program ever leaving $$ SI $$ SI is no more than p, and (ii) almost-surely, the program either leaves $$ SI $$ SI or terminates.While stochastic invariants are already well-known, we provide the first proof that the idea above is not only sound, but also complete for quantitative termination analysis. We then introduce a novel sound and complete characterization of stochastic invariants that enables template-based approaches for easy synthesis of quantitative termination certificates, especially in affine or polynomial forms. Finally, by combining this idea with the existing martingale-based methods that are relatively complete for qualitative termination analysis, we obtain the first automated, sound, and relatively complete algorithm for quantitative termination analysis. Notably, our completeness guarantees for quantitative termination analysis are as strong as the best-known methods for the qualitative variant.Our prototype implementation demonstrates the effectiveness of our approach on various probabilistic programs. We also demonstrate that our algorithm certifies lower bounds on termination probability for probabilistic programs that are beyond the reach of previous methods.

show abstract

“…An example of an SI-indicator for our running example in Fig. 1 is given in (2). The following theorem formalizes the above intuition and is our main result of this section.…”

Section: A Sound and Complete Characterization Of Sissupporting

confidence: 59%

Section: Automated Template-based Synthesis Algorithmmentioning

confidence: 99%

Sound and Complete Certificates for Quantitative Termination Analysis of Probabilistic Programs

Chatterjee

Goharshady

Meggendorfer

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…We formalise and prove this relation to backwards, under-approximate triples in the supplementary material [Le et al 2022]. A related concept was studied by Ball et al [2005] under the name must + transitions, in the reachability analysis of Asadi et al [2021], and referred to as łtotal Hoare triplesž by de Vries and Koutavas [2011].…”

Section: Manifest Errorsmentioning

confidence: 99%

Finding real bugs in big programs with incorrectness logic

Raad

Villard

et al. 2022

Proc. ACM Program. Lang.

View full text Add to dashboard Cite

Incorrectness Logic (IL) has recently been advanced as a logical theory for compositionally proving the presence of bugs—dual to Hoare Logic, which is used to compositionally prove their absence. Though IL was motivated in large part by the aim of providing a logical foundation for bug-catching program analyses, it has remained an open question: is IL useful only retrospectively (to explain existing analyses), or can it actually be useful in developing new analyses which can catch real bugs in big programs? In this work, we develop Pulse-X, a new, automatic program analysis for catching memory errors, based on ISL, a recent synthesis of IL and separation logic. Using Pulse-X, we have found 15 new real bugs in OpenSSL, which we have reported to OpenSSL maintainers and have since been fixed. In order not to be overwhelmed with potential but false error reports, we develop a compositional bug-reporting criterion based on a distinction between latent and manifest errors, which references the under-approximate ISL abstractions computed by Pulse-X, and we investigate the fix rate resulting from application of this criterion. Finally, to probe the potential practicality of our bug-finding method, we conduct a comparison to Infer, a widely used analyzer which has proven useful in industrial engineering practice.

show abstract

“…Constraint solving-based program analysis. Constraint solvingbased techniques are a classical approach to program analysis [24], that have been used for multiple static analyses including the synthesis of ranking functions for termination analysis [1,7,18], proving non-termination [13,36], invariant generation [12,17], reachability [2], as well as several methods for cost analysis that we discussed above.…”

Section: Related Workmentioning

confidence: 99%

“…The constraint solving-based approach allows our method to provide several key properties: (1) our method can be fully automated, (2) the computation of the threshold value and witnessing potential functions proceed by reduction to linear programming, hence it allows efficient optimization of the threshold value by introducing a minimization objective in the linear program, (3) since our method does not depend on syntactic alignment of programs and performs relational reasoning only on the level of inputs, it is suitable for programs that are not syntactically similar, and (4) our method supports non-determinism in the programming language (which can be hard to support with program alignment).…”

Section: Introductionmentioning

confidence: 99%

Differential Cost Analysis with Simultaneous Potentials and Anti-potentials

Žikelić¹,

Chang²,

Bolignano³

et al. 2022

Preprint

View full text Add to dashboard Cite

We present a novel approach to differential cost analysis that, given a program revision, attempts to statically bound the difference in resource usage, or cost, between the two program versions. Differential cost analysis is particularly interesting because of the many compelling applications for it, such as detecting resource-use regressions at code-review time or proving the absence of certain side-channel vulnerabilities. One prior approach to differential cost analysis is to apply relational reasoning that conceptually constructs a product program on which one can over-approximate the difference in costs between the two program versions. However, a significant challenge in any relational approach is effectively aligning the program versions to get precise results. In this paper, our key insight is that we can avoid the need for and the limitations of program alignment if, instead, we bound the difference of two cost-bound summaries rather than directly bounding the concrete cost difference. In particular, our method computes a threshold value for the maximal difference in cost between two program versions simultaneously using two kinds of cost-bound summariesa potential function that evaluates to an upper bound for the cost incurred in the first program and an anti-potential function that evaluates to a lower bound for the cost incurred in the second. Our method has a number of desirable properties: it can be fully automated, it allows optimizing the threshold value on relative cost, it is suitable for programs that are not syntactically similar, and it supports non-determinism. We have evaluated an implementation of our approach on a number of program pairs collected from * This paper describes work performed in part while Ðorđe Žikelić was an Applied Scientist Intern at Amazon.† Bor-Yuh Evan Chang holds concurrent appointments at the University of Colorado Boulder and as an Amazon Scholar. This paper describes work performed at Amazon and is not associated with CU Boulder. ‡ Franco Raimondi holds concurrent appointments at Middlesex University and as an Amazon Scholar. This paper describes work performed at Amazon and is not associated with Middlesex.the literature, and we find that our method computes tight threshold values on relative cost in most examples.

show abstract

Polynomial reachability witnesses via Stellensätze

Cited by 17 publications

References 81 publications

Sound and Complete Certificates for Quantitative Termination Analysis of Probabilistic Programs

Sound and Complete Certificates for Quantitative Termination Analysis of Probabilistic Programs

Finding real bugs in big programs with incorrectness logic

Differential Cost Analysis with Simultaneous Potentials and Anti-potentials

Contact Info

Product

Resources

About