Deciding Termination of Simple Randomized Loops

We consider the problem of universal positive almost sure termination (UPAST), i.e., deciding whether a given randomized program has finite expected runtime on all inputs [6, 34]. This is a stronger property than universal almost sure termination (UAST) which requires that the probability of termination is $1$. Our programs are simple randomized loops of the form

Here, $\overrightarrow{x}=(x_1,\mathrm{\dots },x_n)$ denotes the vector of program variables that range over a semiring $𝒮\subseteq ℝ$, and $𝐂\in {ℝ}^{m\times n}$ is a matrix representing the loop guard with $m$ linear constraints over the program variables. In each execution of the loop body, a matrix is chosen among $𝐀,𝐁\in {𝒮}^{n\times n}$ according to the probability $p\in [0,1]$ and the value $\overrightarrow{x}$ is updated accordingly.

As usual, let $\overline{\mathbb{Q}}\subseteq ℂ$ denote the set of algebraic numbers, i.e., the set of all roots of (univariate) polynomials from $\mathbb{Q}[x]$. As mentioned, $𝔸=\overline{\mathbb{Q}}\cap ℝ$ denotes the set of algebraic reals, and $[n]$ denotes the set of positive natural numbers below and including $n$ for every $n\in \mathbb{N}$ with $\mathbb{N}={\mathbb{N}}_{>0}\cup \{0\}$, i.e., $[n]=\{1,\mathrm{\dots },n-1,n\}$ for $n\ge 1$ and $[0]=\mathrm{\varnothing }$.

We now define our class of simple randomized loops. The program variables range over a semiring $𝒮\subseteq 𝔸$ with a guard consisting of a conjunction of $m$ strict linear inequations over the program variables, represented by a matrix $𝐂\in {𝔸}^{m\times n}$, and two commuting linear updates $𝐀,𝐁\in {𝒮}^{n\times n}$ that are diagonalizable (over $ℂ$). In each loop iteration, the applied update is chosen among $𝐀,𝐁$ according to the outcome of a (possibly biased) coin toss.

It is well known (e.g., [17, Thm. 1.3.12]) that two matrices $𝐀,𝐁\in {ℂ}^{n\times n}$ for $n\in \mathbb{N}$ are commuting and diagonalizable iff they are simultaneously diagonalizable, i.e., there is a regular matrix $𝐒\in {ℂ}^{n\times n}$ such that $𝐀={\mathrm{𝐒𝐀}}_{𝐃}{𝐒}^{-1}$ and $𝐁={\mathrm{𝐒𝐁}}_{𝐃}{𝐒}^{-1}$, where ${𝐀}_{𝐃}=\mathrm{diag}(a_1,\mathrm{\dots },a_n)\in {ℂ}^{n\times n}$ and ${𝐁}_{𝐃}=\mathrm{diag}(b_1,\mathrm{\dots },b_n)\in {ℂ}^{n\times n}$ are complex diagonal matrices, and $a_1,\mathrm{\dots },a_n$ and $b_1,\mathrm{\dots },b_n$ are the eigenvalues of $𝐀$ and $𝐁$, respectively. Moreover, if $𝐀,𝐁\in {\overline{\mathbb{Q}}}^{n\times n}$ are algebraic, then $𝐒,{𝐀}_{𝐃},{𝐁}_{𝐃}\in {\overline{\mathbb{Q}}}^{n\times n}$ can also be chosen to be algebraic.

The meaning of “$\overrightarrow{x}\leftarrow 𝐀\overrightarrow{x}{\oplus }_p𝐁\overrightarrow{x}$” is that $\overrightarrow{x}$ is updated to $𝐀\overrightarrow{x}$ with probability $p$ and to $𝐁\overrightarrow{x}$ with probability $1-p$. The comparison $𝐂\overrightarrow{x}>\overrightarrow{0}$ is understood componentwise, i.e., $𝐂\overrightarrow{x}>\overrightarrow{0}$ iff ${(𝐂\overrightarrow{x})}_c>0$ for all $c\in [m]$, where ${(𝐂\overrightarrow{x})}_c$ is the $c$-th entry of the vector $𝐂\overrightarrow{x}$. To simplify the notation, from now on we will consider a fixed loop $𝒫$ of dimension $n$ with $m$ constraints. Moreover, w.l.o.g. we assume $p\in (0,1)$, i.e., $p\notin \{0,1\}$, as otherwise one can set $𝐀$ to $𝐁$ if $p=0$ and $𝐁$ to $𝐀$ if $p=1$, and then replace $p$ by an arbitrary number from $(0,1)$.

A run $𝔯$ of the loop $𝒫$ is an infinite word $𝔯={𝔯}_1{𝔯}_2\mathrm{\dots }\in {\{A,B\}}^{\omega }$, where Runs denotes the set of all runs. For a run $𝔯={𝔯}_1\mathrm{\dots }$, the value ${𝔯}_i\in \{A,B\}$ indicates which of the updates $𝐀$ or $𝐁$ was used in the $i$-th iteration of the loop. Here, $A$ and $B$ are distinct markings even when $𝐀=𝐁$. To simplify the notation, we introduce random variables ${𝔯}_i:\text{Runs}\to \{\mathrm{A},\mathrm{B}\}$ for $i\in {\mathbb{N}}_{>0}$ that map a run to its $i$-th element. Note that all suchrandom variables ${𝔯}_i$ are independent and identically distributed. A (finite) execution $f\in {\bigcup }_{k\in \mathbb{N}}{\{A,B\}}^k$ is a (possibly empty) prefix of a run. Let Path denote the (countable) set of all such finite executions. Given a finite execution $f={𝔯}_1\mathrm{\dots }{𝔯}_k$ with ${𝔯}_i\in \{A,B\}$, let $|f|=k$ denote its length. Furthermore, for $s\in \{A,B\}$, ${|f|}_s=|\{i\in [k]\mid {𝔯}_i=s\}|$ denotes the number of performed updates with update matrix $𝐀$ or $𝐁$, respectively, during the execution of $f$.

Since the definition of runs is independent from the specific input of the loop, the semantics of the loop $𝒫$ depend only on the value of $p\in (0,1)$. To obtain a probability measure $\mathbb{P}$ for $𝒫$, one first considers cylinder sets ${\mathrm{Pre}}_f=\{f{𝔯}_1{𝔯}_2\mathrm{\dots }\in \text{Runs}\mid {𝔯}_{\mathrm{i}}\in \{\mathrm{A},\mathrm{B}\}\text{ for }\mathrm{i}\ge 1\}$ for all $f\in \text{Path}$, i.e., ${\mathrm{Pre}}_f$ contains all runs with prefix $f$. By requiring $\mathbb{P}({\mathrm{Pre}}_f)=p^{{|f|}_A}\cdot {(1-p)}^{{|f|}_B}$ for all $f\in \text{Path}$, one obtains a (unique) probability measure $\mathbb{P}:ℱ\to (0,1)$ on the $\sigma$-field $ℱ$ generated by all cylinder sets ${\mathrm{Pre}}_f$, see, e.g., [2, Thm. 2.7.2].

To capture the behavior of $𝒫$ on some specific input $\overrightarrow{x}\in {𝒮}^n$, we introduce a function $𝒱a{l}_{\overrightarrow{x}}:\text{Path}\to {𝔸}^{\mathrm{m}}$ that associates finite executions $f\in \text{Path}$ with the values of $𝒫$’s guard $𝐂\overrightarrow{x}$ after the execution of $f$. Recall that $𝐀$ and $𝐁$ commute. Hence, we define

where for every matrix $𝐌\in {ℂ}^{n\times n}$, ${𝐌}^0$ is the $n$-dimensional identity matrix.

The value of the $c$-th constraint after the execution of $f\in \text{Path}$ on the initial value $\overrightarrow{x}\in {𝔸}^n$ is given by the expression

for linear maps ${\gamma }_{c,i}:{𝔸}^n\to ℂ$ with

Here, ${(𝐂\cdot 𝐒)}_{c,i}$ denotes the entry of $𝐂\cdot 𝐒$ at row $c$ and column $i$. Moreover, since $𝐂\in {𝔸}^{m\times n}$, $𝐀,𝐁\in {𝔸}^{n\times n}$, and $\overrightarrow{x}\in {𝔸}^n$, we have ${\gamma }_{c,i}(\overrightarrow{x})\in \overline{\mathbb{Q}}$ for all $(c,i)\in [m]\times [n]$.⁴⁴4This observation will be needed in the final SMT encoding for our decision procedure (see Lemma 34), as we have to encode the coefficients ${\gamma }_{c,i}(\overrightarrow{x})$ for a given $\overrightarrow{x}\in {𝔸}^n$. In the following, we refer to the addends $a_i^{{|f|}_A}\cdot b_i^{{|f|}_B}\cdot {\gamma }_{c,i}(\overrightarrow{x})$ of the sum in 4 as constraint terms.

The following lemma shows that if one has two pairs of eigenvalues $(a,b)$ and $(\overline{a},\overline{b})$ where $\overline{a}$ and $\overline{b}$ are the complex conjugates of $a$ and $b$, then the sum of all linear maps ${\gamma }_{c,i}(\overrightarrow{x})$ where $(a_i,b_i)=(a,b)$ is the complex conjugate of the sum of all linear maps ${\gamma }_{c,i}(\overrightarrow{x})$ where $(a_i,b_i)=(\overline{a},\overline{b})$. For instance in Ex. 5, $(a_1,b_1)$ are the complex conjugates of $(a_2,b_2)$ and indeed, we have ${\gamma }_{1,2}(\overrightarrow{x})=\overline{{\gamma }_{1,1}(\overrightarrow{x})}$. This lemma will later be needed to show that when representing ${(𝒱a{l}_{\overrightarrow{x}}(f))}_c$ and summing up the coefficients of its addends in a suitable way, all resulting coefficients are real numbers (see Remark 18).

In order to define the notion of termination for $𝒫$, we first introduce the concept of a run’s length by counting the number of iterations until the guard is violated for the first time. Throughout the paper, we use the convention $\min \mathrm{\varnothing }=\mathrm{\infty }$.

We now define the expected runtime of $𝒫$ for the input $\overrightarrow{x}$ as the expectation $𝔼({ℒ}_{\overrightarrow{x}})$. If $𝔼({ℒ}_{\overrightarrow{x}})=\mathrm{\infty }$, we call the corresponding input $\overrightarrow{x}$ non-terminating. So we consider positive almost sure termination [6, 34], where termination corresponds to a finite expected runtime.

Consequently, we call $𝒫$ terminating whenever $\mathrm{NT}=\mathrm{\varnothing }$ and non-terminating otherwise.

As in [7, 15, 16, 18, 31, 35], we focus on eventual non-termination instead of actual non-termination as this allows us to ignore a finite number of initial updates of the loop. In our setting, an input $\overrightarrow{x}$ is eventually non-terminating if a non-terminating input $\overrightarrow{y}$ can be reached by repeated application of the updates in the loop body to $\overrightarrow{x}$.

The motivation behind considering $\mathrm{ENT}$ instead of $\mathrm{NT}$ is that it allows us to “jump” over the first iterations of the loop (where the loop guard might be violated). In this way, we can focus only on the longterm behavior of the loop on a given input.

Considering $\mathrm{ENT}$ instead of $\mathrm{NT}$ is justified by the fact that $\mathrm{NT}=\mathrm{\varnothing }$ iff $\mathrm{ENT}=\mathrm{\varnothing }$, as shown by Lemma 12.

In this section we consider the value $𝒱a{l}_{\overrightarrow{x}}(f)$ for $|f|\to \mathrm{\infty }$, motivated by our interest in eventual non-termination. In the first part of this section, we represent ${(𝒱a{l}_{\overrightarrow{x}}(f))}_c$, for $c\in [m]$, as a sum over so-called “constraint term groups”, expressed using a quantity $𝒰(f)$ corresponding to “how much $f$ has deviated from the expected execution”. The section’s second part then shows that for specific $f\in \text{Path}$ it suffices to only consider certain addends of this sum in order to decide whether ${(𝒱a{l}_{\overrightarrow{x}}(f))}_c>0$ as $|f|\to \mathrm{\infty }$. This observation will lead to a necessary condition for eventual non-termination in Sect. 4, which will subsequently be turned into a sufficient criterion in Sect. 5.

When executing the loop $𝒫$, the relative number of times that update $𝐀$ is selected over $𝐁$ will intuitively tend towards $p$ with increasing number of iterations. We now consider this relative quantity and additionally subtract $p$ to center its distribution around $0$.

We will investigate which addends determine the sign of ${(𝒱a{l}_{\overrightarrow{x}}(f))}_c$ for $|f|\to \mathrm{\infty }$. To this end, we want to express the value of the constraint terms after some finite execution $f$ in terms of $𝒰(f)$ and $|f|$. The advantage is that for sufficiently long paths $f$, we know how $|f|$ and $𝒰(f)$ “behave” (i.e., $|f|$ “tends towards” $\mathrm{\infty }$ and $𝒰(f)$ is “expected to tend towards” 0).

Note that in Lemma 14 we excluded all constraint terms with $a=0$ or $b=0$ in order to avoid a division by zero. However, we additionally required⁵⁵5The set of runs $𝔯$ where $𝒰(f)\in \{-p,1-p\}$ for every prefix $f$ of $𝔯$ has probability 0, as $𝒰(f)\in \{p,1-p\}$ means that only $𝐀$ or $𝐁$ has been selected in $f$. However, we had required . $𝒰(f)\notin \{-p,1-p\}$ implying and , since $|f|>0$. Hence, for all constraint terms $a^{{|f|}_A}{b}^{{|f|}_B}\gamma$ with $a=0$ or$b=0$ and all considered $f\in \text{Path}$, we have $a^{{|f|}_A}{b}^{{|f|}_B}=0$ and thus the value of such constraint terms can safely be ignored when computing ${\left(𝒱a{l}_{\overrightarrow{x}}(f)\right)}_c$. This leads to the equation

where ${\zeta }_{i,𝐀}=\frac{a_i}{|a_i|}$ and ${\zeta }_{i,𝐁}=\frac{b_i}{|b_i|}$.

By inspecting the right-hand side of 6 it becomes clear that the subexpressions $\frac{{|a_i|}^p}{{|b_i|}^{p-1}}$ and $\frac{|a_i|}{|b_i|}$ govern the overall asymptotic growth of ${(𝒱a{l}_{\overrightarrow{x}}(f))}_c$ as $|f|$ increases. In the following, we group all constraint terms into so-called constraint term groups which are sets of indices $i$ corresponding to constraint terms where $\frac{{|a_i|}^p}{{|b_i|}^{p-1}}$ and $\frac{|a_i|}{|b_i|}$ have common values $𝔦$ and $𝔬$. Here, $𝔦=\frac{{|a_i|}^p}{{|b_i|}^{p-1}}$ is the expression that is important in 6 if $𝒰(f)$ is in a region close to 0.⁶⁶6Note that $a_i^{{|f|}_A}{b}_i^{{|f|}_B}$ is the $|f|$-th power of the weighted geometric mean $a_i^p{b}_i^{1-p}$ whenever $𝒰(f)=0$. If one is outside such a region, then $𝔬=\frac{|a_i|}{|b_i|}$ is important as well.

For $c\in [m]$ and non-empty $f\in \text{Path}$ with $𝒰(f)\in (-p,1-p)$, 6 can be rearranged to

with Def. 16.

Lemma 17 shows that for all $a_1,b_1,a_2,b_2\ne 0$ we have $\frac{|a_1|}{|b_1|}=\frac{|a_2|}{|b_2|}$ and $\frac{{|a_1|}^p}{{|b_1|}^{p-1}}=\frac{{|a_2|}^p}{{|b_2|}^{p-1}}$ iff $|a_1|=|a_2|$ and $|b_1|=|b_2|$. Thus, if $i,i^{\prime }\in {𝔇}_{(𝔦,𝔬)}$, then $|a_i|=|a_{i^{\prime }}|$ and $|b_i|=|b_{i^{\prime }}|$. We will first return to this result in Sect. 4, where we will use that for all $i,i^{\prime }\in {𝔇}_{(𝔦,𝔬)}$ with $a_i,b_i,a_{i^{\prime }},b_{i^{\prime }}\in {ℝ}_{>0}$ we have $(a_i,b_i)=(a_i^{\prime },b_i^{\prime })$. Later on, we will revisit it in Sect. 5.

Due to 7, we have to consider sums ${\sum }_{i\in {𝔇}_{(𝔦,𝔬),c,\overrightarrow{x}}}{\zeta }_{i,𝐀}^{{|f|}_A}{\zeta }_{i,𝐁}^{{|f|}_B}{\gamma }_{c,i}(\overrightarrow{x})$ for $\overrightarrow{x}\in {𝔸}^n$ and $c\in [m]$. While ${\zeta }_{i,𝐀}$, ${\zeta }_{i,𝐁}$, and ${\gamma }_{c,i}(\overrightarrow{x})$ are complex numbers in general, such sums are always real-valued. The corresponding Remark 18 is an immediate consequence of Lemma 7. Later, this remark will allow us to make statements about the signs of such sums, see Lemma 23.