Supermartingales for Reachability in in Probabilistic Programs - - PowerPoint PPT Presentation

supermartingales for
SMART_READER_LITE
LIVE PREVIEW

Supermartingales for Reachability in in Probabilistic Programs - - PowerPoint PPT Presentation

Jan 17, 2023 127 likes •752 views

Ranking and Repulsing Supermartingales for Reachability in in Probabilistic Programs Toru Takisaka 1 , Yuichiro Oyabu 2,3 , Natsuki Urabe 1 , Ichiro Hasuo 2,3 National Institute of Informatics, Japan 1 The Graduate University for Advanced

slide-1
SLIDE 1

Ranking and Repulsing Supermartingales for Reachability in in Probabilistic Programs

Toru Takisaka1, Yuichiro Oyabu2,3, Natsuki Urabe1, Ichiro Hasuo2,3

National Institute of Informatics, Japan1 The Graduate University for Advanced Studies (SOKENDAI), Japan2 University of Tokyo, Japan3

slide-2
SLIDE 2

Formalize the extension procedure from metamathematical viewpoint Discrete → Hybrid Qualitative → Quantitative Formal method for software Specification, verification, Synthesis…

Formal method for CPS

collaborate Machine learning Optimization Control theory Category theory, logic, …

  • Software support

for CPS development

  • Cost cut in quality

assurance

  • Theoretical basis for

future integrated development

https://group-mmm.org/eratommsd/

slide-3
SLIDE 3

Formalize the extension procedure from metamathematical viewpoint Discrete → Hybrid Qualitative → Quantitative Formal method for software Specification, verification, Synthesis…

Formal method for CPS

collaborate Machine learning Optimization Control theory Category theory, logic, …

  • Software support

for CPS development

  • Cost cut in quality

assurance

  • Theoretical basis for

future integrated development

https://group-mmm.org/eratommsd/

slide-4
SLIDE 4

Outline

  • Introduction / preliminaries
  • Our topic: supermartingale for reachability analysis
  • What can supermartingale do?
  • What is supermartingale? / Why does it work?
  • Which property of SM techniques are we interested? -

Soundness / completeness

  • Our contribution
  • Theoretical part: characterization of SM techniques via

KT theorem

  • Implementation and experiments
slide-5
SLIDE 5

Input: probabilistic program

Problem formulation

slide-6
SLIDE 6

Input: probabilistic program

  • Nondet. / Prob.

branching

  • Nondet. / Prob.

assignment

Problem formulation

slide-7
SLIDE 7

Input: probabilistic program

  • Nondet. / Prob.

branching

  • Nondet. / Prob.

assignment

What is the probability that the program terminates?

(under angelic/demonic scheduler) Problem

We admit continuous variables ⇒ Generally one can’t compute probability efficiently

Problem formulation

slide-8
SLIDE 8

Problem formulation

Input: probabilistic program

⇒ Reachability analysis by supermartingale

  • Nondet. / Prob.

branching

  • Nondet. / Prob.

assignment

What is the probability that the program terminates?

(under angelic/demonic scheduler) Problem

We admit continuous variables ⇒ Generally one can’t compute probability efficiently

slide-9
SLIDE 9

Outline

  • Introduction / preliminaries
  • Our topic: supermartingale for reachability analysis
  • What can supermartingale do?
  • What is supermartingale? / Why does it work?
  • Which property of SM techniques are we interested? -

Soundness / completeness

  • Our contribution
  • Theoretical part: characterization of SM techniques via

KT theorem

  • Implementation and experiments
slide-10
SLIDE 10

(Agrawal+, POPL’18)

Probabilistic modification of real-world benchmarks

(in Alias+, SAS’10)

A.s. termination is

certified in 20/28 examples

Ranking supermartingale for a.s. termination (Chakarov-Sankaranarayanan, CAV’13 etc.)

slide-11
SLIDE 11

(Steinhardt-Tedrake, IJRR’12)

>99% safety is guaranteed

(Pr(failure) <1%)

The log-base-10 of the failure probability System: pendulum + noise

𝜄

Failure ⇔ 𝜄 > 𝜌/6 at time 𝑢 ≤ 1hour

Repulsing supermartingale for lower bound of safety probability

(Steinhardt-Tedrake, IJRR’12; Chatterjee+, POPL’17 etc.)

slide-12
SLIDE 12

Outline

  • Introduction / preliminaries
  • Our topic: supermartingale for reachability analysis
  • What can supermartingale do?
  • What is supermartingale? / Why does it work?
  • Which property of SM techniques are we interested? -

Soundness / completeness

  • Our contribution
  • Theoretical part: characterization of SM techniques via

KT theorem

  • Implementation and experiments
slide-13
SLIDE 13

𝑚4 𝑚3 𝑚2 𝑚1 𝑦 > 0 ∗ ∗ 𝑢 ≔ 𝑢 + 3 𝑦 ≔ 𝑦 − 1 𝑦 ≤ 0 𝑚5 Start

  • A state is a pair (program location, memory state)
  • Nondet. / prob. branching

finite ℝV 𝑢 ≔ 𝑢 + 1 𝑞 ≔ Bernoulli(0.9) 𝑦 ≔ 𝑦 − 𝑞

Semantics: Control flow graph

(Agrawal+, POPL’18 etc.)

slide-14
SLIDE 14

𝑚4 𝑚3 𝑚2 𝑚1 𝑦 > 0 ∗ ∗ 𝑢 ≔ 𝑢 + 3 𝑦 ≔ 𝑦 − 1 𝑦 ≤ 0 𝑚5 Start

  • A state is a pair (program location, memory state)
  • Nondet. / prob. branching

finite ℝV 𝑢 ≔ 𝑢 + 1 𝑞 ≔ Bernoulli(0.9) 𝑦 ≔ 𝑦 − 𝑞

Semantics: Control flow graph

(Agrawal+, POPL’18 etc.)

slide-15
SLIDE 15

𝑚4 𝑚3 𝑚2 𝑚1 𝑦 > 0 ∗ ∗ 𝑢 ≔ 𝑢 + 3 𝑦 ≔ 𝑦 − 1 𝑦 ≤ 0 𝑚5 Start

  • A state is a pair (program location, memory state)
  • Nondet. / prob. branching

finite ℝV 𝑢 ≔ 𝑢 + 1 𝑞 ≔ Bernoulli(0.9) 𝑦 ≔ 𝑦 − 𝑞

Semantics: Control flow graph

(Agrawal+, POPL’18 etc.)

slide-16
SLIDE 16

𝑚4 𝑚3 𝑚2 𝑚1 𝑦 > 0 ∗ ∗ 𝑢 ≔ 𝑢 + 3 𝑦 ≔ 𝑦 − 1 𝑦 ≤ 0 𝑚5 Start

  • A state is a pair (program location, memory state)
  • Nondet. / prob. branching

finite ℝV 𝑢 ≔ 𝑢 + 1 𝑞 ≔ Bernoulli(0.9) 𝑦 ≔ 𝑦 − 𝑞

Semantics: Control flow graph

(Agrawal+, POPL’18 etc.)

slide-17
SLIDE 17

𝑚4 𝑚3 𝑚2 𝑚1 𝑦 > 0 ∗ ∗ 𝑢 ≔ 𝑢 + 3 𝑦 ≔ 𝑦 − 1 𝑦 ≤ 0 𝑚5 Start

  • A state is a pair (program location, memory state)
  • Nondet. / prob. branching

finite ℝV 0.4 0.6 𝑢 ≔ 𝑢 + 1 𝑞 ≔ Bernoulli(0.9) 𝑦 ≔ 𝑦 − 𝑞

Semantics: Control flow graph

(Agrawal+, POPL’18 etc.)

slide-18
SLIDE 18

𝑚4 𝑚3 𝑚2 𝑚1 𝑦 > 0 ∗ ∗ 𝑢 ≔ 𝑢 + 3 𝑦 ≔ 𝑦 − 1 𝑦 ≤ 0 𝑚5 Start

  • A state is a pair (program location, memory state)
  • Nondet. / prob. branching

finite ℝV 0.4 0.6 𝑫 = (terminating states) = 𝒎𝟔 × 𝒚, 𝒖, 𝒒 | 𝒖 ≤ 𝟑𝟏

⇒Pr(the system eventually visits the region 𝐷)?

Problem 𝑢 ≔ 𝑢 + 1 𝑞 ≔ Bernoulli(0.9) 𝑦 ≔ 𝑦 − 𝑞

Semantics: Control flow graph

(Agrawal+, POPL’18 etc.)

slide-19
SLIDE 19

𝑚4 𝑚3 𝑚2 𝑚1 𝑦 > 0 ∗ ∗ 𝑢 ≔ 𝑢 + 3 𝑦 ≔ 𝑦 − 1 𝑦 ≤ 0 𝑚5 Start

  • A state is a pair (program location, memory state)
  • Nondet. / prob. branching

finite ℝV 0.4 0.6 𝑫 = (terminating states) = 𝒎𝟔 × 𝒚, 𝒖, 𝒒 | 𝒖 ≤ 𝟑𝟏

⇒Pr(the system eventually visits the region 𝐷)?

Problem 𝑢 ≔ 𝑢 + 1 𝑞 ≔ Bernoulli(0.9) 𝑦 ≔ 𝑦 − 𝑞 …under angelic/demonic scheduler

Semantics: Control flow graph

(Agrawal+, POPL’18 etc.)

slide-20
SLIDE 20

𝑚2 𝑚1 𝑚3 ∗ ∗ 𝑦 ≔ Bernoulli(0.9) 𝑚4 f = 1 f = 𝑦 f = 𝑦 − 1 f = −3 𝔽 the value of 𝑔 at the next state = 0.9 ∀𝑚 𝑚2 → 𝑚 … (angelic) ∃𝑚 𝑚2 → 𝑚 …(demonic)

Supermartingale = a function over states

that is “non-increasing” through transitions

slide-21
SLIDE 21

Ranking function

slide-22
SLIDE 22

Ranking function

4 3 1 2 3

slide-23
SLIDE 23

4 3 1 2 3

> > > > > >

ℕ-valued

Ranking function

slide-24
SLIDE 24

Ranking function

4 3 1 2 3

The system eventually visits (under any nondeterministic choice)

> > > > > >

ℕ-valued

slide-25
SLIDE 25

Ranking function

4 3 1 2 3 2 1

The system eventually visits (under any nondeterministic choice)

> > > > > >

ℕ-valued

slide-26
SLIDE 26

Ranking supermartingale

1 2 1 2 1

slide-27
SLIDE 27

Ranking supermartingale

2 1 2 1 2 1

slide-28
SLIDE 28

Ranking supermartingale

2 1 2 1 2 1 𝔽 the value of 𝑔 at the next state decreases at least 1

[0, +∞)- valued

slide-29
SLIDE 29

The system eventually visits almost surely

Ranking supermartingale

2 1 2 1 2 1 𝔽 the value of 𝑔 at the next state decreases at least 1

[0, +∞)- valued

slide-30
SLIDE 30

Barrier certificate

Safe region Unsafe region

𝑦init

slide-31
SLIDE 31

Barrier certificate

Safe region Unsafe region

𝑔 < 0

𝑦init

slide-32
SLIDE 32

Barrier certificate

𝑔 ≥ 0

Safe region Unsafe region

𝑔 ≥ 0

𝑦init

𝑔 < 0

slide-33
SLIDE 33

Barrier certificate

𝑔 ≥ 0

Safe region Unsafe region

𝑔 ≥ 0

𝑦init

𝑔 < 0

slide-34
SLIDE 34

Barrier certificate

𝑔 ≥ 0

Safe region Unsafe region

𝑔 ≥ 0

The system does not enter the unsafe region

𝑦init

𝑔 < 0

slide-35
SLIDE 35

Probabilistic barrier certificate (a.k.a. nonneg. repulsing supermartingale)

Safe region Unsafe region

𝑦init

slide-36
SLIDE 36

Safe region Unsafe region

𝑦init

𝑔 ≤ 𝜀 [0,1]- valued

Probabilistic barrier certificate (a.k.a. nonneg. repulsing supermartingale)

slide-37
SLIDE 37

𝑔 = 1

Safe region Unsafe region

𝑔 = 1

𝑦init

[0,1]- valued

Probabilistic barrier certificate (a.k.a. nonneg. repulsing supermartingale)

𝑔 ≤ 𝜀

slide-38
SLIDE 38

𝑔 = 1

Safe region Unsafe region

𝑔 = 1

𝑦init

[0,1]- valued 𝑔 ≤ 𝜀

Probabilistic barrier certificate (a.k.a. nonneg. repulsing supermartingale)

slide-39
SLIDE 39

𝑔 = 1

Safe region Unsafe region

𝑔 = 1

Pr(the system enters the unsafe region) ≤ 𝜀

𝑦init

[0,1]- valued 𝑔 ≤ 𝜀

Probabilistic barrier certificate (a.k.a. nonneg. repulsing supermartingale)

slide-40
SLIDE 40

Outline

  • Introduction / preliminaries
  • Our topic: supermartingale for reachability analysis
  • What can supermartingale do?
  • What is supermartingale? / Why does it work?
  • Which property of SM techniques are we interested? -

Soundness / completeness

  • Our contribution
  • Theoretical part: characterization of SM techniques via

KT theorem

  • Implementation and experiments
slide-41
SLIDE 41

Two objective functions

  • Given: a control flow graph, and a subset 𝐷 of its states
  • For 𝑡 ∈ 𝑀 × ℝ𝑊 = (state space),

𝔽steps ∶ 𝑡 ↦ 𝔽 the number of steps from 𝑡 to the region 𝐷 ℙreach ∶ 𝑡 ↦ ℙ the system eventually visits the region 𝐷 from 𝑡

slide-42
SLIDE 42

Two objective functions

…under angelic/demonic scheduler

𝔽steps ∶ 𝑡 ↦ 𝔽 the number of steps from 𝑡 to the region 𝐷 ℙreach ∶ 𝑡 ↦ ℙ the system eventually visits the region 𝐷 from 𝑡

  • Given: a control flow graph, and a subset 𝐷 of its states
  • For 𝑡 ∈ 𝑀 × ℝ𝑊 = (state space),
slide-43
SLIDE 43

𝑔 is a RankSM ⇒ 𝔽steps ≤ 𝑔 Soundness: Completeness: 𝔽steps is a RankSM

Ranking supermartingale

(𝑔 𝑡 < ∞ ⇒ ℙreach(𝑡) = 1)

Soundness: Completeness:

Nonnegative repulsing supermartingale

𝑔 is a RepSM ⇒ ℙreach ≤ 𝑔 ℙreach is a RepSM

Soundness/completeness

slide-44
SLIDE 44

Approximation method Certificate for Soundness Completeness Additive ranking Supermartingale

(Chakarov-Sankaranarayanan, CAV’13 etc.)

Yes (with nondet. / continuous variable) Yes (with nondet. / discrete variable) Nonnegative repulsing supermartingale

(Steinhardt+, IJRR’12 etc.)

Yes (NO nondet. / continuous variable)*

  • 𝛿-scaled submartingale

(Urabe+, LICS‘17)

Yes (NO nondet. / continuous variable)

  • 𝜁-decreasing repulsing

supermartingale

(Chatterjee+, POPL’17)

Yes (with nondet. / continuous var. / linearity assumpt.)

  • 𝔽steps < ∞

ℙreach ≥ ? ℙreach ≤ ? ℙreach ≤ ?

(ℙreach= 1)

State of the Art

*In [Steinhardt+] continuous-time dynamics is also considered Soundness for c-supermartingale is shown, which is a relaxation of supermartingale

slide-45
SLIDE 45

Our contributions

Soundness/completeness of martingale techniques for

PPs with continuous variables and nondeterminism Characterization of martingale techniques via

Knaster-Tarski fixed point theorem Implementation and experiments

slide-46
SLIDE 46

Our contributions

Soundness/completeness of martingale techniques for

PPs with continuous variables and nondeterminism Characterization of martingale techniques via

Knaster-Tarski fixed point theorem Implementation and experiments

slide-47
SLIDE 47

Approximation method Certificate for Soundness Completeness Additive ranking Supermartingale

(Chakarov-Sankaranarayanan, CAV’13 etc.)

Yes (with nondet. / continuous variable) Yes (with nondet. / discrete variable) Nonnegative repulsing supermartingale

(Steinhardt+, IJRR’12 etc.)

Yes (NO nondet. / continuous variable)*

  • 𝛿-scaled submartingale

(Urabe+, LICS‘17)

Yes (NO nondet. / continuous variable)

  • 𝜁-decreasing repulsing

supermartingale

(Chatterjee+, POPL’17)

Yes (with nondet. / continuous var. / linearity assumpt.)

  • 𝔽steps < ∞

ℙreach ≥ ? ℙreach ≤ ? ℙreach ≤ ?

(ℙreach= 1)

Soundness/completeness of martingale techniques

*In [Steinhardt+] continuous-time dynamics is also considered Soundness for c-supermartingale is shown, which is a relaxation of supermartingale

slide-48
SLIDE 48

Approximation method Certificate for Soundness Completeness Additive ranking Supermartingale

(Chakarov-Sankaranarayanan, CAV’13 etc.)

Yes (with nondet. / continuous variable) Yes (with nondet. / discrete variable) Nonnegative repulsing supermartingale

(Steinhardt+, IJRR’12 etc.)

Yes (NO nondet. / continuous variable)

  • 𝛿-scaled submartingale

(Urabe+, LICS‘17)

Yes (NO nondet. / continuous variable)

  • 𝜁-decreasing repulsing

supermartingale

(Chatterjee+, POPL’17)

Yes (with nondet. / continuous var. / linearity assumpt.)

  • Yes (with nondet. /

continuous variable)* Yes (with nondet. /

  • cont. var.)

No Yes (with nondet. /

  • cont. var.)

𝔽steps < ∞ ℙreach ≥ ? ℙreach ≤ ? ℙreach ≤ ?

(ℙreach= 1)

Soundness/completeness of martingale techniques

*In [Steinhardt+] continuous-time dynamics is also considered Soundness for c-supermartingale is shown, which is a relaxation of supermartingale

slide-49
SLIDE 49

Approximation method Certificate for Soundness Completeness Additive ranking Supermartingale

(Chakarov-Sankaranarayanan, CAV’13 etc.)

Yes (with nondet. / continuous variable) Yes (with nondet. / discrete variable) Nonnegative repulsing supermartingale

(Steinhardt+, IJRR’12 etc.)

Yes (NO nondet. / continuous variable)

  • 𝛿-scaled submartingale

(Urabe+, LICS‘17)

Yes (NO nondet. / continuous variable)

  • 𝜁-decreasing repulsing

supermartingale

(Chatterjee+, POPL’17)

Yes (with nondet. / continuous var. / linearity assumpt.)

  • Yes (with nondet. /

continuous variable) Yes (with nondet. /

  • cont. var.)

No Yes (with nondet. /

  • cont. var.)

𝔽steps < ∞ ℙreach ≥ ? ℙreach ≤ ? ℙreach ≤ ?

(ℙreach= 1)

Soundness/completeness of martingale techniques

For certain endofunctions Φ and Ψ,

𝔽steps = 𝜈Φ and ℙreach = 𝜈Ψ

*In [Steinhardt+] continuous-time dynamics is also considered Soundness for c-supermartingale is shown, which is a relaxation of supermartingale

slide-50
SLIDE 50

𝔽steps = 𝜈Φ

The lattice (ℱ, ⊑)

ℱ … the set of all (measurable) functions 𝑔: 𝑀 × ℝ𝑊 → 0, ∞ ⊑ … 𝑔 ⊑ 𝑕 ⇔ ∀𝑡. 𝑔 𝑡 ≤ 𝑕(𝑡)

Our theorem

Soundness/completeness of RankSM

slide-51
SLIDE 51

𝔽steps = 𝜈Φ

The lattice (ℱ, ⊑)

ℱ … the set of all (measurable) functions 𝑔: 𝑀 × ℝ𝑊 → 0, ∞ ⊑ … 𝑔 ⊑ 𝑕 ⇔ ∀𝑡. 𝑔 𝑡 ≤ 𝑕(𝑡)

Soundness 𝑔 is a RankSM 𝔽steps ⊑ 𝑔 Our theorem

Soundness/completeness of RankSM

slide-52
SLIDE 52

𝔽steps = 𝜈Φ

The lattice (ℱ, ⊑)

ℱ … the set of all (measurable) functions 𝑔: 𝑀 × ℝ𝑊 → 0, ∞ ⊑ … 𝑔 ⊑ 𝑕 ⇔ ∀𝑡. 𝑔 𝑡 ≤ 𝑕(𝑡)

Φ𝑔⊑𝑔 𝜈Φ⊑𝑔

Soundness 𝑔 is a RankSM 𝔽steps ⊑ 𝑔 ⇔ ⇔ Our theorem

Soundness/completeness of RankSM

slide-53
SLIDE 53

𝔽steps = 𝜈Φ

The lattice (ℱ, ⊑)

ℱ … the set of all (measurable) functions 𝑔: 𝑀 × ℝ𝑊 → 0, ∞ ⊑ … 𝑔 ⊑ 𝑕 ⇔ ∀𝑡. 𝑔 𝑡 ≤ 𝑕(𝑡)

Φ𝑔⊑𝑔 𝜈Φ⊑𝑔

Soundness 𝑔 is a RankSM 𝔽steps ⊑ 𝑔 ⇔ Knaster-Tarski theorem ⇔ Our theorem

Soundness/completeness of RankSM

slide-54
SLIDE 54

𝔽steps = 𝜈Φ

The lattice (ℱ, ⊑)

ℱ … the set of all (measurable) functions 𝑔: 𝑀 × ℝ𝑊 → 0, ∞ ⊑ … 𝑔 ⊑ 𝑕 ⇔ ∀𝑡. 𝑔 𝑡 ≤ 𝑕(𝑡)

Φ𝑔⊑𝑔 𝜈Φ⊑𝑔

Soundness 𝑔 is a RankSM 𝔽steps ⊑ 𝑔 Φ𝔽steps ⊑ 𝔽steps Completeness ⇔ Knaster-Tarski theorem ⇔ Our theorem

Soundness/completeness of RankSM

slide-55
SLIDE 55

ℙreach = 𝜈Ψ

The lattice (ℱ, ⊑)

ℱ … the set of all (measurable) functions 𝑔: 𝑀 × ℝ𝑊 → 0,1 ⊑ … 𝑔 ⊑ 𝑕 ⇔ ∀𝑡. 𝑔 𝑡 ≤ 𝑕(𝑡)

Ψ𝑔⊑𝑔 𝜈Ψ⊑𝑔

Soundness 𝑔 is a RepSM ℙreach ⊑ 𝑔 Ψℙreach ⊑ ℙreach Completeness ⇔ Knaster-Tarski theorem ⇔ Our theorem

Soundness/completeness of NNRepSM

slide-56
SLIDE 56

Our contributions

Soundness/completeness of martingale techniques for

PPs with continuous variables and nondeterminism Characterization of martingale techniques via

Knaster-Tarski fixed point theorem Implementation and experiments

slide-57
SLIDE 57

Synthesis algorithm

  • Input: affine/polynomial PP
  • Translate PP to
  • For the set 𝐺 of all affine/polynomial functions over

states, solve:

  • Output: 𝑔(𝑦𝑗𝑜𝑗𝑢)

control flow graph initial state 𝑦𝑗𝑜𝑗𝑢 set of terminal states

  • Overapprox. “ sup ℙreach ”
slide-58
SLIDE 58

Synthesis algorithm

  • Input: affine/polynomial PP
  • Translate PP to
  • For the set 𝐺 of all affine/polynomial functions over

states, solve:

  • Output: 𝑔(𝑦𝑗𝑜𝑗𝑢)

control flow graph initial state 𝑦𝑗𝑜𝑗𝑢 set of terminal states

  • Overapprox. “ sup ℙreach ”

Can be reduced to LP/SDP problem

(e.g. Chakarov-Sankaranarayanan, CAV’13; Chatterjee+, CAV’16)

slide-59
SLIDE 59

Synthesis algorithm

  • Input: affine/polynomial PP
  • Translate PP to
  • For the set 𝐺 of all affine functions over states, solve:
  • Output: 𝑔(𝑦𝑗𝑜𝑗𝑢)

control flow graph initial state 𝑦𝑗𝑜𝑗𝑢 set of terminal states

  • Underapprox. “ inf ℙreach ”

Can be reduced to LP problem

(e.g. Chakarov-Sankaranarayanan, CAV’13)

slide-60
SLIDE 60

𝛿-scaled submartingale Nonnegative repulsing submartingale

  • Input: adversarial random walk (similar to the reading ex.)
  • Nontrivial bounds found in 50% cases

Experiments

slide-61
SLIDE 61

Observed comparative advantage of nonnegative RepSM over 𝜁-decreasing RepSM

Experiments

slide-62
SLIDE 62

Approximation method Certificate for Soundness Completeness Additive ranking Supermartingale

(Chakarov-Sankaranarayanan, CAV’13 etc.)

Yes (with nondet. / continuous variable) Yes (with nondet. / discrete variable) Nonnegative repulsing supermartingale

(Steinhardt+, IJRR’12 etc.)

Yes (NO nondet. / continuous variable)

  • 𝛿-scaled submartingale

(Urabe+, LICS‘17)

Yes (NO nondet. / continuous variable)

  • 𝜁-decreasing repulsing

supermartingale

(Chatterjee+, POPL’17)

Yes (with nondet. / continuous var. / linearity assumpt.)

  • Yes (with nondet. /

continuous variable)* Yes (with nondet. /

  • cont. var.)

No Yes (with nondet. /

  • cont. var.)

𝔽steps < ∞ ℙreach ≥ ? ℙreach ≤ ? ℙreach ≤ ?

(ℙreach= 1)

*In [Steinhardt+] continuous-time dynamics is also considered Soundness for c-supermartingale is shown, which is a relaxation of supermartingale

Thank you for your attention ☺