PDF Editor
PDF Converter
Image Converter
Video Converter
Audio Converter
File Compressor
weakest precondition reasoning for expected run times of

Weakest Precondition Reasoning for Expected RunTimes of - PowerPoint PPT Presentation

Jan 15, 2024 ā€¢157 likes ā€¢1.29k views

Weakest Precondition Reasoning for Expected RunTimes of Probabilistic Programs Benjamin Kaminski Joost-Pieter Katoen Christoph Matheja Federico Olmedo 25th European Symposium on Programming 19th edition of the European Joint Conferences on

  1. Motivation Probabilistic Programs Probabilistic Programs What does a probabilistic program C do? Run program C on initial state Ļƒ Obtain final set of (subā€“)distributions Āµ over terminal states What is the runā€“time of C on input Ļƒ ? Behavior of C not entirely determined by Ļƒ Probabilistic nature of C influences its runā€“time Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 4

  2. Motivation Probabilistic Programs Probabilistic Programs What does a probabilistic program C do? Run program C on initial state Ļƒ Obtain final set of (subā€“)distributions Āµ over terminal states What is the runā€“time of C on input Ļƒ ? Behavior of C not entirely determined by Ļƒ Probabilistic nature of C influences its runā€“time Better Question: What is the expected runā€“time (ERT) of C on input Ļƒ ? Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 4

  3. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  4. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  5. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations x := 1; while ( 1 / 2 ) { x := 2 Ā· x } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  6. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations x := 1; while ( 1 / 2 ) { x := 2 Ā· x } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  7. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations Positive almostā€“sure termination: x := 1; while ( 1 / 2 ) { x := 2 Ā· x } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  8. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations Positive almostā€“sure termination: ERT of C is finite x := 1; while ( 1 / 2 ) { x := 2 Ā· x } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  9. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations Positive almostā€“sure termination: ERT of C is finite x := 1; while ( 1 / 2 ) { x := 2 Ā· x } ; while ( x > 0) { x := x āˆ’ 1 } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  10. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations Positive almostā€“sure termination: ERT of C is finite Positively almostā€“surely terminating programs are not closed under sequential composition x := 1; while ( 1 / 2 ) { x := 2 Ā· x } ; while ( x > 0) { x := x āˆ’ 1 } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  11. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations Positive almostā€“sure termination: ERT of C is finite Positively almostā€“surely terminating programs are not closed under sequential composition Reasoning about positive almostā€“sure termination is computationally very difficult: x := 1; while ( 1 / 2 ) { x := 2 Ā· x } ; while ( x > 0) { x := x āˆ’ 1 } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  12. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations Positive almostā€“sure termination: ERT of C is finite Positively almostā€“surely terminating programs are not closed under sequential composition Reasoning about positive almostā€“sure termination is computationally very difficult: Strictly more difficult than the termination problem for nonā€“probabilistic programs [MFCS 2015] x := 1; while ( 1 / 2 ) { x := 2 Ā· x } ; while ( x > 0) { x := x āˆ’ 1 } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  13. Motivation Expected Runā€“Times Expected Runā€“Time Phenomena ERT of C can be finite even if C admits infinite computations Positive almostā€“sure termination: ERT of C is finite Positively almostā€“surely terminating programs are not closed under sequential composition Reasoning about positive almostā€“sure termination is computationally very difficult: Strictly more difficult than the termination problem for nonā€“probabilistic programs [MFCS 2015] ERT of C can be infinite, even if C terminates almostā€“surely 1 x := 1; while ( 1 / 2 ) { x := 2 Ā· x } ; while ( x > 0) { x := x āˆ’ 1 } 1 i.e. with probability 1 Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 5

  14. Motivation Expected Runā€“Times Expected Runā€“Times Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 6

  15. Motivation Expected Runā€“Times Expected Runā€“Times ERT if C terminates almostā€“surely on Ļƒ : ļæ½ ā€œ C terminates after āˆž ļæ½ ļæ½ i Ā· Pr i steps on input Ļƒ ā€ i =1 Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 6

  16. Motivation Expected Runā€“Times Expected Runā€“Times ERT if C terminates almostā€“surely on Ļƒ : ļæ½ ā€œ C terminates after āˆž ļæ½ ļæ½ i Ā· Pr i steps on input Ļƒ ā€ i =1 ERT if C does not terminate almostā€“surely on Ļƒ : āˆž Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 6

  17. Motivation Expected Runā€“Times Expected Runā€“Times ERT if C terminates almostā€“surely on Ļƒ : ļæ½ ā€œ C terminates after āˆž ļæ½ ļæ½ i Ā· Pr i steps on input Ļƒ ā€ i =1 ERT if C does not terminate almostā€“surely on Ļƒ : āˆž In general: ERT of C is a function t : Ī£ ā†’ R āˆž ā‰„ 0 Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 6

  18. Motivation Expected Runā€“Times Expected Runā€“Times ERT if C terminates almostā€“surely on Ļƒ : ļæ½ ā€œ C terminates after āˆž ļæ½ ļæ½ i Ā· Pr i steps on input Ļƒ ā€ i =1 ERT if C does not terminate almostā€“surely on Ļƒ : āˆž In general: ERT of C is a function t : Ī£ ā†’ R āˆž ā‰„ 0 Call such a t a runā€“time. Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 6

  19. Motivation Expected Runā€“Times Expected Runā€“Times ERT if C terminates almostā€“surely on Ļƒ : ļæ½ ā€œ C terminates after āˆž ļæ½ ļæ½ i Ā· Pr i steps on input Ļƒ ā€ i =1 ERT if C does not terminate almostā€“surely on Ļƒ : āˆž In general: ERT of C is a function t : Ī£ ā†’ R āˆž ā‰„ 0 Call such a t a runā€“time. Denote set of runā€“times by T . Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 6

  20. Motivation Expected Runā€“Times Expected Runā€“Times ERT if C terminates almostā€“surely on Ļƒ : ļæ½ ā€œ C terminates after āˆž ļæ½ ļæ½ i Ā· Pr i steps on input Ļƒ ā€ i =1 ERT if C does not terminate almostā€“surely on Ļƒ : āˆž In general: ERT of C is a function t : Ī£ ā†’ R āˆž ā‰„ 0 Call such a t a runā€“time. Denote set of runā€“times by T . Complete partial order on T : t 1 ļæ½ t 2 iff āˆ€ Ļƒ āˆˆ Ī£: t 1 ( Ļƒ ) ā‰¤ t 2 ( Ļƒ ) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 6

  21. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 7

  22. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Use a continuation passing style ERT transformer ert [ C ]: T ā†’ T . Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 7

  23. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Use a continuation passing style ERT transformer ert [ C ]: T ā†’ T . C Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 7

  24. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Use a continuation passing style ERT transformer ert [ C ]: T ā†’ T . C t time needed after executing C Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 7

  25. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Use a continuation passing style ERT transformer ert [ C ]: T ā†’ T . C t time needed after executing C Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 7

  26. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Use a continuation passing style ERT transformer ert [ C ]: T ā†’ T . ert [ C ] ( t ) C t expected time needed time needed before executing C after executing C Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 7

  27. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Use a continuation passing style ERT transformer ert [ C ]: T ā†’ T . ert [ C ] ( t ) C t expected time needed time needed before executing C after executing C ERT in Terms of ert ert [ C ] ( 0 ) ( Ļƒ ) = ā€œERT of C on input Ļƒ ā€ Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 7

  28. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Rules for the ert Transformer ert [ C ] ( t ) C 1 + t skip Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 8

  29. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Rules for the ert Transformer ert [ C ] ( t ) C 1 + t skip x := E 1 + t [ x/E ] Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 8

  30. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Rules for the ert Transformer ert [ C ] ( t ) C 1 + t skip x := E 1 + t [ x/E ] Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 8

  31. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Rules for the ert Transformer ert [ C ] ( t ) C 1 + t skip x := E 1 + t [ x/E ] C 1 ; C 2 ert [ C 1 ] ( ert [ C 2 ] ( t )) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 8

  32. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Rules for the ert Transformer ert [ C ] ( t ) C 1 + t skip x := E 1 + t [ x/E ] C 1 ; C 2 ert [ C 1 ] ( ert [ C 2 ] ( t )) { C 1 } ļæ½ { C 2 } max { ert [ C 1 ] ( t ) , ert [ C 2 ] ( t ) } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 8

  33. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Rules for the ert Transformer ert [ C ] ( t ) C 1 + t skip x := E 1 + t [ x/E ] C 1 ; C 2 ert [ C 1 ] ( ert [ C 2 ] ( t )) { C 1 } ļæ½ { C 2 } max { ert [ C 1 ] ( t ) , ert [ C 2 ] ( t ) } if ( Ī¾ ) { C 1 } else { C 2 } 1 + ļæ½ Ī¾ : true ļæ½ Ā· ert [ C 1 ] ( t ) + ļæ½ Ī¾ : false ļæ½ Ā· ert [ C 2 ] ( t ) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 8

  34. Weakest Precondition Reasoning for Expected Runā€“Times The ert Transformer Rules for the ert Transformer ert [ C ] ( t ) C 1 + t skip x := E 1 + t [ x/E ] C 1 ; C 2 ert [ C 1 ] ( ert [ C 2 ] ( t )) { C 1 } ļæ½ { C 2 } max { ert [ C 1 ] ( t ) , ert [ C 2 ] ( t ) } if ( Ī¾ ) { C 1 } else { C 2 } 1 + ļæ½ Ī¾ : true ļæ½ Ā· ert [ C 1 ] ( t ) + ļæ½ Ī¾ : false ļæ½ Ā· ert [ C 2 ] ( t ) while ( Ī¾ ) { C ā€² } lfp X ā€¢ 1 + ļæ½ Ī¾ : false ļæ½ Ā· t + ļæ½ Ī¾ : true ļæ½ Ā· ert [ C ā€² ] ( X ) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 8

  35. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Upper Bounds for ert of Loops Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 9

  36. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Upper Bounds for ert of Loops Recall the definition of ert [ while ( Ī¾ ) { C } ] ( t ) : lfp X ā€¢ 1 + ļæ½ Ī¾ : false ļæ½ Ā· t + ļæ½ Ī¾ : true ļæ½ Ā· ert [ C ] ( X ) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 9

  37. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Upper Bounds for ert of Loops Recall the definition of ert [ while ( Ī¾ ) { C } ] ( t ) : lfp X ā€¢ 1 + ļæ½ Ī¾ : false ļæ½ Ā· t + ļæ½ Ī¾ : true ļæ½ Ā· ert [ C ] ( X ) ļæ½ ļæ½ļæ½ ļæ½ =: F ( X ) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 9

  38. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Upper Bounds for ert of Loops Recall the definition of ert [ while ( Ī¾ ) { C } ] ( t ) : lfp X ā€¢ 1 + ļæ½ Ī¾ : false ļæ½ Ā· t + ļæ½ Ī¾ : true ļæ½ Ā· ert [ C ] ( X ) ļæ½ ļæ½ļæ½ ļæ½ =: F ( X ) Theorem: Upper Bounds from Upper Invariants Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 9

  39. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Upper Bounds for ert of Loops Recall the definition of ert [ while ( Ī¾ ) { C } ] ( t ) : lfp X ā€¢ 1 + ļæ½ Ī¾ : false ļæ½ Ā· t + ļæ½ Ī¾ : true ļæ½ Ā· ert [ C ] ( X ) ļæ½ ļæ½ļæ½ ļæ½ =: F ( X ) Theorem: Upper Bounds from Upper Invariants If I āˆˆ T is an upper invariant of while ( Ī¾ ) { C } , i.e. if F ( I ) ļæ½ I Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 9

  40. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Upper Bounds for ert of Loops Recall the definition of ert [ while ( Ī¾ ) { C } ] ( t ) : lfp X ā€¢ 1 + ļæ½ Ī¾ : false ļæ½ Ā· t + ļæ½ Ī¾ : true ļæ½ Ā· ert [ C ] ( X ) ļæ½ ļæ½ļæ½ ļæ½ =: F ( X ) Theorem: Upper Bounds from Upper Invariants If I āˆˆ T is an upper invariant of while ( Ī¾ ) { C } , i.e. if F ( I ) ļæ½ I then ert [ while ( Ī¾ ) { C } ] ( t ) ļæ½ I . Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 9

  41. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Lower Bounds for ert of Loops Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 10

  42. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Lower Bounds for ert of Loops Reasoning on lower bounds is more involved: Find an argument for being below a least fixed point Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 10

  43. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Lower Bounds for ert of Loops Reasoning on lower bounds is more involved: Find an argument for being below a least fixed point Theorem: Lower Bounds from Lower Ļ‰ ā€“Invariants Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 10

  44. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Lower Bounds for ert of Loops Reasoning on lower bounds is more involved: Find an argument for being below a least fixed point Theorem: Lower Bounds from Lower Ļ‰ ā€“Invariants If { I n } n āˆˆ N āŠ† T is a lower Ļ‰ ā€“invariant, i.e. if I 0 ļæ½ F ( 0 ) , and I n +1 ļæ½ F ( I n ) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 10

  45. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Lower Bounds for ert of Loops Reasoning on lower bounds is more involved: Find an argument for being below a least fixed point Theorem: Lower Bounds from Lower Ļ‰ ā€“Invariants If { I n } n āˆˆ N āŠ† T is a lower Ļ‰ ā€“invariant, i.e. if I 0 ļæ½ F ( 0 ) , and I n +1 ļæ½ F ( I n ) then sup I n ļæ½ ert [ while ( Ī¾ ) { C } ] ( t ) . n āˆˆ N Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 10

  46. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Theorem: Completeness of Proof Rules The presented proof rules are complete Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 11

  47. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Theorem: Completeness of Proof Rules The presented proof rules are complete, since I = lfp F is an upper invariant Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 11

  48. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Theorem: Completeness of Proof Rules The presented proof rules are complete, since I = lfp F is an upper invariant and a lower Ļ‰ ā€“invariant is given by I n = F ā—¦ Ā· Ā· Ā· ā—¦ F ( 0 ) . ļæ½ ļæ½ļæ½ ļæ½ n times Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 11

  49. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Theorem: Completeness of Proof Rules The presented proof rules are complete, since I = lfp F is an upper invariant and a lower Ļ‰ ā€“invariant is given by I n = F ā—¦ Ā· Ā· Ā· ā—¦ F ( 0 ) . ļæ½ ļæ½ļæ½ ļæ½ n times Theorem: Bound Refinement If I is an upper bound and F ( I ) ļæ½ I , then F ( I ) is also an upper bound. Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 11

  50. Weakest Precondition Reasoning for Expected Runā€“Times Reasoning about ert Theorem: Completeness of Proof Rules The presented proof rules are complete, since I = lfp F is an upper invariant and a lower Ļ‰ ā€“invariant is given by I n = F ā—¦ Ā· Ā· Ā· ā—¦ F ( 0 ) . ļæ½ ļæ½ļæ½ ļæ½ n times Theorem: Bound Refinement If I is an upper bound and F ( I ) ļæ½ I , then F ( I ) is also an upper bound. Dually for lower bounds. Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 11

  51. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  52. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Correspondence to an operational semantics: Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  53. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Correspondence to an operational semantics: Operational model defined in terms of a reward MDP ` a la [QEST 2012] and [MFPS 2015] Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  54. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Correspondence to an operational semantics: Operational model defined in terms of a reward MDP ` a la [QEST 2012] and [MFPS 2015] ert coincides with expected reward in the operational MDP Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  55. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Correspondence to an operational semantics: Operational model defined in terms of a reward MDP ` a la [QEST 2012] and [MFPS 2015] ert coincides with expected reward in the operational MDP Enables bounded model checking of expected runā€“times Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  56. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Correspondence to an operational semantics: Operational model defined in terms of a reward MDP ` a la [QEST 2012] and [MFPS 2015] ert coincides with expected reward in the operational MDP Enables bounded model checking of expected runā€“times Nielsonā€™s Hoareā€“style logic for reasoning about runā€“time orders of magnitude of deterministic programs : Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  57. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Correspondence to an operational semantics: Operational model defined in terms of a reward MDP ` a la [QEST 2012] and [MFPS 2015] ert coincides with expected reward in the operational MDP Enables bounded model checking of expected runā€“times Nielsonā€™s Hoareā€“style logic for reasoning about runā€“time orders of magnitude of deterministic programs : Nielsonā€™s logic relies on introducing additional logical variables Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  58. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Correspondence to an operational semantics: Operational model defined in terms of a reward MDP ` a la [QEST 2012] and [MFPS 2015] ert coincides with expected reward in the operational MDP Enables bounded model checking of expected runā€“times Nielsonā€™s Hoareā€“style logic for reasoning about runā€“time orders of magnitude of deterministic programs : Nielsonā€™s logic relies on introducing additional logical variables ert is sound and complete with respect to Nielsonā€™s logic Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  59. Weakest Precondition Reasoning for Expected Runā€“Times Correspondence to Other Runā€“Time Models Is the ert Calculus a Reasonable Runā€“Time Model? Correspondence to an operational semantics: Operational model defined in terms of a reward MDP ` a la [QEST 2012] and [MFPS 2015] ert coincides with expected reward in the operational MDP Enables bounded model checking of expected runā€“times Nielsonā€™s Hoareā€“style logic for reasoning about runā€“time orders of magnitude of deterministic programs : Nielsonā€™s logic relies on introducing additional logical variables ert is sound and complete with respect to Nielsonā€™s logic ert calculus is arguably easier to apply ā€” no additional variables! Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 12

  60. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  61. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  62. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  63. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  64. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  65. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem We model it by the following algorithm: cp := [0 , . . . , 0] ; i := 1 ; x := N ; while ( x > 0) { while ( cp [ i ] ļæ½ = 0) { i : ā‰ˆ Unif [1 . . . N ] } ; cp [ i ] := 1 ; x := x āˆ’ 1 } Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  66. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem We model it by the following algorithm: cp := [0 , . . . , 0] ; i := 1 ; x := N ; while ( x > 0) { while ( cp [ i ] ļæ½ = 0) { i : ā‰ˆ Unif [1 . . . N ] } ; cp [ i ] := 1 ; x := x āˆ’ 1 } Using ert, we can analyze the ERT of the above algorithm directly on the source code given above: Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  67. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem We model it by the following algorithm: cp := [0 , . . . , 0] ; i := 1 ; x := N ; while ( x > 0) { while ( cp [ i ] ļæ½ = 0) { i : ā‰ˆ Unif [1 . . . N ] } ; cp [ i ] := 1 ; x := x āˆ’ 1 } Using ert, we can analyze the ERT of the above algorithm directly on the source code given above: ert [ coup . coll . ] ( 0 ) = 4 + [ N > 0] Ā· 2 N Ā· ( 2 + H N āˆ’ 1 ) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  68. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem We model it by the following algorithm: cp := [0 , . . . , 0] ; i := 1 ; x := N ; while ( x > 0) { while ( cp [ i ] ļæ½ = 0) { i : ā‰ˆ Unif [1 . . . N ] } ; cp [ i ] := 1 ; x := x āˆ’ 1 } Using ert, we can analyze the ERT of the above algorithm directly on the source code given above: ert [ coup . coll . ] ( 0 ) = 4 + [ N > 0] Ā· 2 N Ā· ( 2 + H N āˆ’ 1 ) Harmonic number H N āˆ’ 1 is in Ī˜(log N ) Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  69. Weakest Precondition Reasoning for Expected Runā€“Times Case Study Case Study: The Coupon Collectorā€™s Problem The coupon collector is a wellā€“known problem We model it by the following algorithm: cp := [0 , . . . , 0] ; i := 1 ; x := N ; while ( x > 0) { while ( cp [ i ] ļæ½ = 0) { i : ā‰ˆ Unif [1 . . . N ] } ; cp [ i ] := 1 ; x := x āˆ’ 1 } Using ert, we can analyze the ERT of the above algorithm directly on the source code given above: ert [ coup . coll . ] ( 0 ) = 4 + [ N > 0] Ā· 2 N Ā· ( 2 + H N āˆ’ 1 ) Harmonic number H N āˆ’ 1 is in Ī˜(log N ) Coupon collector program runs in Ī˜( N Ā· log N ) for N > 0 Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 13

  70. Het Einde Summary Summary Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 14

  71. Het Einde Summary Summary ert is an easy to understand weakestā€“preconditionā€“style calculus for reasoning about ERT of probabilistic programs Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 14

  72. Het Einde Summary Summary ert is an easy to understand weakestā€“preconditionā€“style calculus for reasoning about ERT of probabilistic programs ert is sound and complete for reasoning about expected runā€“times and positive almostā€“sure termination Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 14

  73. Het Einde Summary Summary ert is an easy to understand weakestā€“preconditionā€“style calculus for reasoning about ERT of probabilistic programs ert is sound and complete for reasoning about expected runā€“times and positive almostā€“sure termination ert comes with proof rules for reasoning about loops Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 14

  74. Het Einde Summary Summary ert is an easy to understand weakestā€“preconditionā€“style calculus for reasoning about ERT of probabilistic programs ert is sound and complete for reasoning about expected runā€“times and positive almostā€“sure termination ert comes with proof rules for reasoning about loops ert is a powerful alternative to ranking superā€“martingales Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 14

  75. Het Einde Summary Summary ert is an easy to understand weakestā€“preconditionā€“style calculus for reasoning about ERT of probabilistic programs ert is sound and complete for reasoning about expected runā€“times and positive almostā€“sure termination ert comes with proof rules for reasoning about loops ert is a powerful alternative to ranking superā€“martingales ert is applicable to tricky realā€“world examples which are difficult to reason about by formal verification techniques Kaminski, Katoen, Matheja, Olmedo Weakest Precondition Reasoning for Expected Runā€“Times 4.4.2016 14

Recommend

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Summary Weakest precondition reasoning Handling termination

1.22k views ā€¢ 85 slides
A weakest precondition approach to active analysis attacks analysis Musard Balliu, Isabella

A weakest precondition approach to active analysis attacks analysis Musard Balliu, Isabella

A weakest precondition approach to active attacks A weakest precondition approach to active analysis attacks analysis Musard Balliu, Isabella Mastroeni Musard Balliu Isabella Mastroeni School of Computer Science and Communication Royal

887 views ā€¢ 74 slides
COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling

COMP2111 Week 9 Term 1, 2020 Hoare Logic 1 Summary Weakest precondition reasoning Handling termination Operational semantics Adding non-determinism Refinement calculus 2 Finding a proof Consider the following code: Pow r := 1; i := 0;

538 views ā€¢ 37 slides
GOALS & OBJECTIVES PRECONDITION PRECONDITION (GOAL 1) (GOAL 2) Strong goals and

GOALS & OBJECTIVES PRECONDITION PRECONDITION (GOAL 1) (GOAL 2) Strong goals and

UNITED MIDCOAST CHARITIES DESIRED OUTCOME GOALS & OBJECTIVES PRECONDITION PRECONDITION (GOAL 1) (GOAL 2) Strong goals and objectives build toward your desired SMART STEP SMART STEP SMART STEP SMART STEP (OBJECTIVE) (OBJECTIVE)

362 views ā€¢ 14 slides
Null Dereference Verification Via Over-approximated Weakest Precondition analysis Ravichandhran

Null Dereference Verification Via Over-approximated Weakest Precondition analysis Ravichandhran

Null Dereference Verification Via Over-approximated Weakest Precondition analysis Ravichandhran Madhavan Microsoft Research, India Joint work with Raghavan Komondoor, Indian Institute of Science Problem Definition Verify absence of Null

1.04k views ā€¢ 71 slides
Towards Weakest Precondition Calculus for Local Store Miriam Polzer February 5, 2019 wp

Towards Weakest Precondition Calculus for Local Store Miriam Polzer February 5, 2019 wp

Towards Weakest Precondition Calculus for Local Store Miriam Polzer February 5, 2019 wp semantics via modality 1 : T ( T 1 ) T 1 Ex ample (Powerset Monad P ) P 1 = 2 = { , } : P 2 2 {} , {} {} , { , }

487 views ā€¢ 36 slides
Automated Reasoning Course Presentation Summary Automated Reasoning Motivations Course Plan

Automated Reasoning Course Presentation Summary Automated Reasoning Motivations Course Plan

Automated Reasoning Automated Reasoning Course Presentation Summary Automated Reasoning Motivations Course Plan Resources Exam Methods Motivations Automated Reasoning Automated reasoning mechanising the reasoning process. reasoning :

159 views ā€¢ 14 slides
Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning ,

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning ,

Evidential and Causal Reasoning Much reasoning in AI can be seen as evidential reasoning , (observations to a theory) followed by causal reasoning (theory to predictions). Diagnosis Given symptoms, evidential reasoning leads to hypotheses about

243 views ā€¢ 8 slides
The Weakest Failure Detectors to Boost Obstruction-Freedom Rachid Guerraoui 1 Micha Kapaka 1

The Weakest Failure Detectors to Boost Obstruction-Freedom Rachid Guerraoui 1 Micha Kapaka 1

The Weakest Failure Detectors to Boost Obstruction-Freedom Rachid Guerraoui 1 Micha Kapaka 1 Petr Kouznetsov 2 1 EPFL, Switzerland 2 MPI-SWS, Germany DISC 2006, 20.IX 2006 Micha Kapaka (EPFL) The Weakest FD to Boost OF DISC 2006, 20.IX

571 views ā€¢ 18 slides
Human Error - The Weakest link in CyberSecurity Exceptional IT. Real People. Bigger Purpose.

Human Error - The Weakest link in CyberSecurity Exceptional IT. Real People. Bigger Purpose.

Exceptional IT. Real People. Bigger Purpose. Human Error - The Weakest link in CyberSecurity Exceptional IT. Real People. Bigger Purpose. Exceptional IT. Real People. Bigger Purpose. Why is Human Error the Weakest Link? It is the easiest

230 views ā€¢ 9 slides
The weakest failure detectors to solve certain fundamental problems in distributed computing

The weakest failure detectors to solve certain fundamental problems in distributed computing

The weakest failure detectors to solve certain fundamental problems in distributed computing Carole Delporte-Gallet Hugues Fauconnier Vassos Hadzilacos Rachid Guerraoui Petr Kouznetsov Sam Toueg Contribution The weakest failure detectors

690 views ā€¢ 38 slides
TIMES TABLES HOW WE TEACH TIMES TABLES AND HOW YOU CAN HELP WHY ARE TIMES TABLES IMPORTANT?

TIMES TABLES HOW WE TEACH TIMES TABLES AND HOW YOU CAN HELP WHY ARE TIMES TABLES IMPORTANT?

TIMES TABLES HOW WE TEACH TIMES TABLES AND HOW YOU CAN HELP WHY ARE TIMES TABLES IMPORTANT? New from 2019: all children in year 4 will sit an online times table test. Times Tables knowledge and recall underpin so many different areas of

526 views ā€¢ 25 slides
SECTION 1: Introductions Code Reasoning Forward Reasoning CODE REASONING +

SECTION 1: Introductions Code Reasoning Forward Reasoning CODE REASONING +

OUTLINE SECTION 1: Introductions Code Reasoning Forward Reasoning CODE REASONING + Backward Reasoning Weaker vs. Stronger statements Version control VERSION CONTROL CSE 331 Summer 2018 slides borrowed and

763 views ā€¢ 11 slides
Probabilistic Reasoning; Probabilistic Reasoning; Network-based reasoning Network-based

Probabilistic Reasoning; Probabilistic Reasoning; Network-based reasoning Network-based

Probabilistic Reasoning; Probabilistic Reasoning; Network-based reasoning Network-based reasoning COMPSCI 276, Fall 2014 Set 1: Introduction and Background Rina Dechter (Reading: Pearl chapter 1-2, Darwiche chapters 1,3) 1 Why/What/How

700 views ā€¢ 45 slides
CHAPTER-4 1 LOGIC AND REASONING ! Knowledge and ! Reasoning in Knowledge- Reasoning Based

CHAPTER-4 1 LOGIC AND REASONING ! Knowledge and ! Reasoning in Knowledge- Reasoning Based

CHAPTER-4 1 LOGIC AND REASONING ! Knowledge and ! Reasoning in Knowledge- Reasoning Based Systems ! syntax and semantics ! shallow and deep reasoning ! validity and satisfiability ! forward and backward ! logic languages chaining ! alternative

616 views ā€¢ 23 slides
Expected Value 27 February 2012 Expected Value 27 February 2012 1/19 This week we discuss the

Expected Value 27 February 2012 Expected Value 27 February 2012 1/19 This week we discuss the

Expected Value 27 February 2012 Expected Value 27 February 2012 1/19 This week we discuss the notion of expected value and how it applies to probability situations, including the various New Mexico Lottery games. Expected Value 27 February

839 views ā€¢ 47 slides
Concurrent Kleene Algebra: Free Model and Completeness Tobias Kapp e Paul Brunet Alexandra

Concurrent Kleene Algebra: Free Model and Completeness Tobias Kapp e Paul Brunet Alexandra

Concurrent Kleene Algebra: Free Model and Completeness Tobias Kapp e Paul Brunet Alexandra Silva Fabio Zanasi University College London ESOP 2018 Introduction Lets write a program that outputs n > 0 space-separated s. T.

769 views ā€¢ 65 slides
Formalising Semantics for Expected Running Time of Probabilistic Programs (Rough Diamond)

Formalising Semantics for Expected Running Time of Probabilistic Programs (Rough Diamond)

Johannes Hlzl TU Mnchen, Germany Formalising Semantics for Expected Running Time of Probabilistic Programs (Rough Diamond) Kaminski, Katoen, Matheja, and Olmedo [ESOP 2016] Denotational: Operational: Correspondence: Denotational 2

1.36k views ā€¢ 89 slides
Mixin Modules and Computational Effects Davide Ancona and Sonia Fagorzi and Eugenio Moggi and

Mixin Modules and Computational Effects Davide Ancona and Sonia Fagorzi and Eugenio Moggi and

Mixin Modules and Computational Effects Davide Ancona and Sonia Fagorzi and Eugenio Moggi and Elena Zucca {davide, fagorzi, moggi, zucca}@disi.unige.it Dipartimento di Informatica e Scienze dellInformazione (DISI) University of Genova To

844 views ā€¢ 70 slides
A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting

A Higher-Order Abstract Syntax Approach to Verified Compilation of Functional Programs Yuting Wang and Gopalan Nadathur Department of Computer Science and Engineering University of Minnesota, Minneapolis ESOP 2016, Eindhoven, Netherlands

1.06k views ā€¢ 88 slides
Session Types in a Nutshell Session Types structure a series of interactions in a simple and

Session Types in a Nutshell Session Types structure a series of interactions in a simple and

Session Types in a Nutshell Session Types structure a series of interactions in a simple and concise syntax and ensure type safe communication . A Protocol Protocol: Buyer-Seller Alice Seller title Description: Alice buying a

644 views ā€¢ 60 slides
A Type-ical Case Study: The Sound Type-Indexed Type Checker Richard A. Eisenberg Bryn Mawr

A Type-ical Case Study: The Sound Type-Indexed Type Checker Richard A. Eisenberg Bryn Mawr

A Type-ical Case Study: The Sound Type-Indexed Type Checker Richard A. Eisenberg Bryn Mawr College / Tweag I/O rae@richarde.dev Tarball at richarde.dev/stitch.tar.gz and on ZuriHac website Sunday, June 16, 2019 ZuriHac Zrich,

449 views ā€¢ 40 slides
Type inference for monotonicity Michael Arntzenius University of Birmingham S-REPLS 9, 2018 x +

Type inference for monotonicity Michael Arntzenius University of Birmingham S-REPLS 9, 2018 x +

Type inference for monotonicity Michael Arntzenius University of Birmingham S-REPLS 9, 2018 x + log x x x log x 4 ::= R | A B types A , B terms M , N ::= x | x . M | M N A Poset R = R A B =

452 views ā€¢ 34 slides
Type Reconstruction for General Refinement Types Kenn Knowles University of California, Santa

Type Reconstruction for General Refinement Types Kenn Knowles University of California, Santa

Type Reconstruction for General Refinement Types Kenn Knowles University of California, Santa Cruz joint work with: Cormac Flanagan (University of California, Santa Cruz) March 25, 2007 Assertions / Refinement Types The role of assertions in

386 views ā€¢ 37 slides

More recommend

Logo Sambuz

Unleash a World of Digital Possibilitiesā€”Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Blogs Contact

Newsletter

Stay Informed & Inspiredā€”Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2025 SAMBUZ, All right reserved.