Verifying Exact Samplers for Continuous Distributions with a Discrete Program Logic
For developers of probabilistic algorithms requiring exact sampling (e.g., differential privacy), this provides a formal verification method for correctness, though it is an incremental advance in program logic techniques.
The paper presents Continuous-Eris, a higher-order separation logic for verifying exact sampling algorithms for continuous distributions, and demonstrates its use by verifying samplers for uniform, Gaussian, and Laplace distributions, along with a library for exact real arithmetic.
Most implementations of sampling algorithms for continuous distributions use floating-point numbers, which introduce round-off errors and approximations. These errors can be difficult to analyze, and can cause security issues when used in algorithms for differential privacy. An alternative is to use exact sampling algorithms based on computable reals, which can lazily generate the digits of a continuous sample to arbitrary precision. However, these algorithms are intricate, and implementing and using them involves a combination of semantically challenging language features, such as probabilistic choice, higher-order functions, and dynamically-allocated mutable state. In this paper we present Continuous-Eris, a higher-order separation logic for verifying the correctness of exact sampling algorithms for computable distributions. To demonstrate Continuous-Eris, we verify the correctness of computable samplers for the uniform, Gaussian, and Laplace distributions, as well as a library for exact real arithmetic for working with generated samples. All of the results in this paper have been verified in the Rocq proof assistant.