Proving Nontermination via Safety

Chen, Hong Yi; Cook, Byron; Fuhs, Carsten; Nimkar, Kaustubh; O’Hearn, Peter W.

doi:10.1007/978-3-642-54862-8_11

Cited by 53 publications

(82 citation statements)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…While a significant effort in analysis of non-probabilistic programs is devoted to proving termination, for bug-hunting purposes the analysis is often complemented by methods that aim to prove that a given program does not terminate [3,21,39,53,69]. Similarly for probabilistic programs we can ask for refutation of almost-sure termination of a given program.…”

Section: Refuting Almost-sure and Finite Terminationmentioning

confidence: 99%

Stochastic invariants for probabilistic termination

Chatterjee

Novotný

Žikelić

2017

Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages

View full text Add to dashboard Cite

Termination is one of the basic liveness properties, and we study the termination problem for probabilistic programs with real-valued variables. Previous works focused on the qualitative problem that asks whether an input program terminates with probability 1 (almost-sure termination). A powerful approach for this qualitative problem is the notion of ranking supermartingales with respect to a given set of invariants. The quantitative problem (probabilistic termination) asks for bounds on the termination probability, and this problem has not been addressed yet. A fundamental and conceptual drawback of the existing approaches to address probabilistic termination is that even though the supermartingales consider the probabilistic behaviour of the programs, the invariants are obtained completely ignoring the probabilistic aspect (i.e., the invariants are obtained considering all behaviours with no information about the probability).In this work we address the probabilistic termination problem for linear-arithmetic probabilistic programs with nondeterminism. We formally define the notion of stochastic invariants, which are constraints along with a probability bound that the constraints hold. We introduce a concept of repulsing supermartingales. First, we show that repulsing supermartingales can be used to obtain bounds on the probability of the stochastic invariants. Second, we show the effectiveness of repulsing supermartingales in the following three ways: (1) With a combination of ranking and repulsing supermartingales we can compute lower bounds on the probability of termination; (2) repulsing supermartingales provide witnesses for refutation of almost-sure termination; and (3) with a combination of ranking and repulsing supermartingales we can establish persistence properties of probabilistic programs.Along with our conceptual contributions, we establish the following computational results: First, the synthesis of a stochastic invariant which supports some ranking supermartingale and at the same time admits a repulsing supermartingale can be achieved via reduction to the existential first-order theory of reals, which generalizes existing results from the non-probabilistic setting. Second, given a program with "strict invariants" (e.g., obtained via abstract interpretation) and a stochastic invariant, we can check in polynomial time whether there exists a linear repulsing supermartingale w.r.t. the stochastic invariant (via reduction to LP). We also present experimental evaluation of our approach on academic examples.

show abstract

Section: Refuting Almost-sure and Finite Terminationmentioning

confidence: 99%

Stochastic invariants for probabilistic termination

Chatterjee

Novotný

Žikelić

2017

Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming Languages

View full text Add to dashboard Cite

show abstract

“…Each such non-deterministic conditional is marked as non-terminating if either of its two branches is non-terminating. This works for most examples, but is less general than the proposal in [8]. Secondly, while we support lexicographic linear ranking functions (LLRF) in our termination reasoning, we cannot handle programs that critically depend on Ramsey's theorem [10,36] or those that are based on size-change principles [33] but do not have LLRF counterpart.…”

Section: Resultsmentioning

confidence: 98%

“…[1,6,8,23,30,34,46]. Non-termination provers, such as TNT [23] and INVEL [46], attempt to disprove program termination by searching for some initial configurations that act as witnesses for non-termination.…”

Section: Related Workmentioning

confidence: 99%

“…For the last ten years, we have seen a fruitful line of research on proving termination [2-5, 7, 11-17, 19, 25, 28, 29, 33, 36-38] and non-termination [1,6,8,23,30,34,46] of imperative programs. Although these techniques for proving program termination and nontermination are often considered separately, a termination prover might deploy its own non-termination analysis mechanism to search for a feasible counterexample when a termination proof fails.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Termination and non-termination specification inference

Qin

Chin

2015

SIGPLAN Not.

View full text Add to dashboard Cite

Techniques for proving termination and non-termination of imperative programs are usually considered as orthogonal mechanisms. In this paper, we propose a novel mechanism that analyzes and proves both program termination and non-termination at the same time. We first introduce the concept of second-order termination constraints and accumulate a set of relational assumptions on them via a Hoare-style verification. We then solve these assumptions with case analysis to determine the (conditional) termination and nontermination scenarios expressed in some specification logic form. In contrast to current approaches, our technique can construct a summary of terminating and non-terminating behaviors for each method. This enables modularity and reuse for our termination and non-termination proving processes. We have tested our tool on sample programs from a recent termination competition, and compared favorably against state-of-the-art termination analyzers.

show abstract

“…Similar to [14,25], they employ static analysis to find every Strongly Connected SubGraph (SCSG) in the Control Flow Graph (CFG) of a given program. Here, a Max-SMT solver is used to synthesize a formulaic representation of each node, which is both a quasi-invariant (i.e., always holding after it held once) and edge-closing (i.e., not allowing a transition that leaves the node's SCSG to be taken).…”

Section: Related Workmentioning

confidence: 99%

Symbolic Liveness Analysis of Real-World Software

Schemmel

Büning

Dustmann

et al. 2018

Computer Aided Verification

View full text Add to dashboard Cite

Abstract. Liveness violation bugs are notoriously hard to detect, especially due to the difficulty inherent in applying formal methods to realworld programs. We present a generic and practically useful liveness property which defines a program as being live as long as it will eventually either consume more input or terminate. We show that this property naturally maps to many different kinds of real-world programs.To demonstrate the usefulness of our liveness property, we also present an algorithm that can be efficiently implemented to dynamically find lassos in the target program's state space during Symbolic Execution. This extends Symbolic Execution, a well known dynamic testing technique, to find a new class of program defects, namely liveness violations, while only incurring a small runtime and memory overhead, as evidenced by our evaluation. The implementation of our method found a total of five previously undiscovered software defects in BusyBox and the GNU Coreutils. All five defects have been confirmed and fixed by the respective maintainers after shipping for years, most of them well over a decade.

show abstract

Proving Nontermination via Safety

Cited by 53 publications

References 30 publications

Stochastic invariants for probabilistic termination

Stochastic invariants for probabilistic termination

Termination and non-termination specification inference

Symbolic Liveness Analysis of Real-World Software

Contact Info

Product

Resources

About