Coupling Proofs Are Probabilistic Product Programs Gilles Barthe, - - PowerPoint PPT Presentation
Coupling Proofs Are Probabilistic Product Programs Gilles Barthe, Benjmain Grgoire, Justin Hsu*, Pierre-Yves Strub IMDEA Software, Inria, University of Pennsylvania*, cole Polytechnique January 18, 2017 1 A simple card-flipping process
Coupling Proofs Are Probabilistic Product Programs
Gilles Barthe, Benjmain Grégoire, Justin Hsu*, Pierre-Yves Strub
IMDEA Software, Inria, University of Pennsylvania*, École Polytechnique
January 18, 2017
1
A simple card-flipping process
Setup
◮ Input: position in {1, . . . , 9} ◮ Repeat:
– Draw uniformly random card ∈ {1, . . . , 9} – Go forward that many steps
◮ Output last position before crossing 100 2
In pictures
3
3
In pictures
3 1
3
In pictures
3 1 5
3
In pictures
3 1 5 4
3
In pictures
3 1 5 4
Output last position: 99
3
Starting at a different position
1
4
Starting at a different position
1 2
4
Starting at a different position
1 2 9
4
Starting at a different position
1 2 9 8
4
Starting at a different position
1 2 9 8
How close are the two output distributions?
4
Combine first process and second process
5
Combine first process and second process
3
5
Combine first process and second process
3
5
Combine first process and second process
3 1
5
Combine first process and second process
3 1
5
Combine first process and second process
3 1 2
5
Combine first process and second process
3 1 2
5
Combine first process and second process
3 1 2 1
5
Combine first process and second process
3 1 2 1
5
Combine first process and second process
3 1 2 1 1
5
Combine first process and second process
3 1 2 1 1
5
Combine first process and second process
3 1 2 1 1 7
5
Combine first process and second process
3 1 2 1 1 7 4
5
Combine first process and second process
3 1 2 1 1 7 4
Product program: One program simulating two programs
5
Why is this interesting?
6
In general
Property P of product program
Property P ′ of two programs
7
Our construction
Two simulated programs can share randomness
8
3 1 5 4 1 2 9 8
Distance between
9
3 1 5 4 1 2 9 8
3 1 2 1 1 7 4
Distance between
9
3 1 5 4 1 2 9 8
3 1 2 1 1 7 4
Distance between
Probability that
9
3 1 5 4 1 2 9 8
Today:
3 1 2 1 1 7 4
Distance between
Probability that
9
Our technical contributions
A probabilistic product construction with shared randomness A probabilistic program logic ×pRHL: a proof-relevant version of pRHL
10
A crash course: Probabilistic Relational Hoare Logic [BGZ-B]
11
Imperative language
c ::= x ← e | c ; c | if e then c else c | while e do c
12
Imperative language
c ::= x ← e | c ; c | if e then c else c | while e do c | x
$
← [S]
Uniform sampling from finite set [S]
◮ coin flip: [ heads, tails ] ◮ random card: [ 1, ..., 9 ] 12
Imperative language
c ::= x ← e | c ; c | if e then c else c | while e do c | x
$
← [S]
Uniform sampling from finite set [S]
◮ coin flip: [ heads, tails ] ◮ random card: [ 1, ..., 9 ]
Command semantics [ [c] ]
◮ Input: memory ◮ Output: distribution over memories 12
Judgments: similar to Hoare logic
{P} c {Q}
13
Judgments: similar to Hoare logic
{P} c {Q}
Assertions: binary relation on memories
◮ Can refer to tagged program variables: x1 and x2 ◮ First order formulas, non-probabilistic 13
Judgments: similar to Hoare logic
{P} c {Q}
Assertions: binary relation on memories
◮ Can refer to tagged program variables: x1 and x2 ◮ First order formulas, non-probabilistic
If the two inputs satisfy P, we can share the randomness on two runs of c so that the two outputs satisfy Q.
13
Proof rules in pRHL: mostly similar to Hoare logic
14
Proof rules in pRHL: mostly similar to Hoare logic
14
Proof rules in pRHL: Random sampling
f : S → S bijection {⊤} x
$
← [S] {x2 = f(x1)}
15
Proof rules in pRHL: Random sampling
f : S → S bijection {⊤} x
$
← [S] {x2 = f(x1)}
Select how to share randomness
15
Introducing ×pRHL
Product pRHL
16
Idea: Product program c× simulates two processes
{P} c {Q}
17
Idea: Product program c× simulates two processes
{P} c {Q} c×
17
Idea: Product program c× simulates two processes
{P} c {Q} c×
Runs in combined memory
◮ Two separate copies of single memory ◮ Duplicate program variables: x1 and x2 17
Idea: Product program c× simulates two processes
{P} c {Q} c×
Runs in combined memory
◮ Two separate copies of single memory ◮ Duplicate program variables: x1 and x2
Property of c× = ⇒ property of two runs of c
17
A tour of ×pRHL rules: [Seq]
In pRHL:
{P} c {Q} {Q} c′ {R} {P} c ; c′ {R}
18
A tour of ×pRHL rules: [Seq]
In ×pRHL:
{P} c {Q} c× {Q} c′ {R} c×′ {P} c ; c′ {R} c× ; c×′
18
A tour of ×pRHL rules: [Seq]
In ×pRHL:
{P} c {Q} c× {Q} c′ {R} c×′ {P} c ; c′ {R} c× ; c×′
Sequence product programs
18
A tour of ×pRHL proof rules: [Rand]
In pRHL:
f : S → S bijection {⊤} x
$
← [S] {x2 = f(x1)}
19
A tour of ×pRHL proof rules: [Rand]
In ×pRHL:
f : S → S bijection {⊤} x
$
← [S] {x2 = f(x1)} x1
$
← [S] ; x2 ← f(x1)
19
A tour of ×pRHL proof rules: [Rand]
In ×pRHL:
f : S → S bijection {⊤} x
$
← [S] {x2 = f(x1)} x1
$
← [S] ; x2 ← f(x1)
Sample x2 depends on x1
19
A tour of ×pRHL rules: [Case]
In pRHL:
{P ∧ Q} c {R} {P ∧ ¬Q} c {R} {P} c {R}
20
A tour of ×pRHL rules: [Case]
In ×pRHL:
{P ∧ Q} c {R} c× {P ∧ ¬Q} c {R} c×
¬
{P} c {R} if Q then c× else c×
¬
20
A tour of ×pRHL rules: [Case]
In ×pRHL:
{P ∧ Q} c {R} c× {P ∧ ¬Q} c {R} c×
¬
{P} c {R} if Q then c× else c×
¬
Case in proof conditional in product
20
See the paper for ...
Verifying rapid mixing for Markov chains
◮ Examples from statistical physics ◮ A cool card trick
Advanced proof rules
◮ Asynchronous loop rule
Soundness
21
Our technical contributions
A probabilistic product construction with shared randomness A probabilistic program logic ×pRHL: a proof-relevant version of pRHL
22
23
Proof by coupling
A proof technique from probability theory
◮ Given: two processes ◮ Specify: how to coordinate random samplings ◮ Analyze: properties of linked/coupled processes
Attractive features
◮ Compositional ◮ Reason about relation between samples, not probabilities ◮ Reduce properties of two programs to properties of one program 24
Coupling proofs ≈ pRHL proofs
25
Coupling proofs ≈ pRHL proofs
describe Two coupled processes
25
Coupling proofs ≈ pRHL proofs
describe encode Two coupled processes
≈
Probabilistic product programs
25
Coupling proofs ≈ pRHL proofs
describe encode Two coupled processes
≈
Probabilistic product programs
Probabilistic product programs are the computational content
25