Probabilistic Analysis Based On Symbolic Game Semantics and Model Counting

Probabilistic program analysis aims to quantify the probability that a given program satisfies a required property. It has many potential applications, from program understanding and debugging to computing program reliability, compiler optimizations and quantitative information flow analysis for security. In these situations, it is usually more relevant to quantify the probability of satisfying/violating a given property than to just assess the possibility of such events to occur. In this work, we introduce an approach for probabilistic analysis of open programs (i.e. programs with undefined identifiers) based on game semantics and model counting. We use a symbolic representation of algorithmic game semantics to collect the symbolic constraints on the input data (context) that lead to the occurrence of the target events (e.g. satisfaction/violation of a given property). The constraints are then analyzed to quantify how likely is an input to satisfy them. We use model counting techniques to count the number of solutions (from a bounded integer domain) that satisfy given constraints. These counts are then used to assign probabilities to program executions and to assess the probability for the target event to occur at the desired level of confidence. Finally, we present the results of applying our approach to several interesting examples and illustrate the benefits they may offer.

💡 Research Summary

The paper presents a novel method for quantitative probabilistic analysis of programs, especially open programs that contain undefined identifiers, by combining symbolic game semantics with model counting techniques. The authors first translate programs written in a simplified fragment of Idealized Algol (IA₂) into a game‑semantic representation. In this representation, the interaction between a term (the Player) and its surrounding context (the Opponent) is captured as a sequence of moves, called a “play”. By using a symbolic version of algorithmic game semantics, concrete values are replaced by symbolic names (e.g., ?X, ?Z) and arithmetic/boolean expressions, yielding a finite set of symbolic plays. Each symbolic play is annotated with a “play condition”, a Boolean formula that precisely characterizes the set of concrete inputs that make the play feasible. For example, the condition attached to an if‑statement encodes whether the guard evaluates to true or false, while loops generate conditions that involve the number of iterations.

Once all play conditions have been extracted, the authors employ the LATTE model‑counting tool to count, within a bounded integer domain (e.g., 0…255), the number of assignments that satisfy each condition. Because the input space is assumed to be uniformly distributed, the probability of a particular play is simply the ratio of the count of satisfying assignments to the total number of possible inputs. Plays are labeled as “success” or “failure” depending on whether a designated abort command is executed; the program’s reliability (or the probability of satisfying a given property) is then the sum of the probabilities of all successful plays.

To handle potentially infinite behaviours such as while‑loops or recursive calls, the authors adopt a bounded analysis: they fix a maximum depth for loop unrolling and a maximum number of function‑argument evaluations. This restriction yields a finite set of plays whose conditions partition the entire input domain, guaranteeing that the summed probabilities equal one.

The paper’s contributions are threefold: (1) a systematic pipeline that automatically generates symbolic game‑semantic models and extracts precise Boolean play conditions; (2) the integration of state‑of‑the‑art model‑counting (LATTE) to compute exact probabilities for each execution path; (3) an implementation within the Symbolic Game Checker tool, extended with a model‑counting module, and a series of case studies demonstrating the approach on programs with conditionals, loops, external library calls, and security‑oriented information‑flow properties.

Experimental results show that the method can compute exact reliability figures for small to medium‑size programs, offering quantitative insight that traditional qualitative verification (which only answers “possible/not possible”) cannot provide. The authors discuss limitations, notably the assumption of uniform input distribution, the difficulty of handling non‑linear or continuous constraints, and the sensitivity of results to the chosen bound for loops and recursion. They suggest future work on automated bound selection, support for non‑uniform input models, and scaling techniques for larger programs.

Overall, the work bridges the gap between fully abstract, compositional semantic models and practical probabilistic analysis, opening new avenues for reliability engineering, quantitative information‑flow security, and probabilistic compiler optimizations.