Synthesizing Probabilistic Invariants via Doobs decomposition G. - - PowerPoint PPT Presentation

Synthesizing Probabilistic Invariants via Doob’s decomposition

• G. Barthe, T. Espitau, L.M.F Fioriti, J. Hsu

CAV, 2016

Introduction

1

Introduction

1 Probabilistic Computations 2

Ubiquitous in many fields (ML, Crypto, Privacy,…) But… Difficult to prove Termination ? (Certainly, almost sure, non terminating)

Introduction

1 Probabilistic Computations 2 Martingales? 3 Doob’s Decomposition

Ubiquitous in many fields (ML, Crypto, Privacy,…) But… Difficult to prove Termination ? (Certainly, almost sure, non terminating) Difficulty to transfer local to end of program Reason on average values Martingales have the required transfer property

Introduction

1 Probabilistic Computations 2 Martingales? 3 Doob’s Decomposition

Ubiquitous in many fields (ML, Crypto, Privacy,…) But… Difficult to prove Termination ? (Certainly, almost sure, non terminating) Difficulty to transfer local to end of program Reason on average values Martingales have the required transfer property But (again)… Difficult to find good ones Automated generation? Doob’s decomposition Formal method to generate martingales from a seed.

Martingale theory 101 (I)

Martingale theory 101 (I)

Step 1: Some probabilities

• Ω set of outcomes.
• Sigma algebra:

Set F of subsets of Ω Closed under complements, countable unions, countable intersections.

• Probability measure:

Countably additive mapping P : F → [0, 1] P(Ω) = 1. Probability space

Martingale theory 101 (II)

Step 2: Stochastic process

• Random variable:

X : Ω → R measurable ( X-1 ( (a,b] ) ∈F )

• Filtration: ( Fi ) ⊂ F s.t:

Fi-1 ⊂ Fi

• Process wrt filtration Fi:

Sequence (Xi) s.t: Xi is Fi measurable

Martingale theory 101 (II)

Interlude: PL setting Ω: Element = Possible outcome of samples Fi: Events sampled at iteration i or before Process (Xi) is adapted to the filtration iff: Xi is defined in term of elements sampled at step i or before

i = 0 While b do z[i] ←$ Samplings... x[i] ← f(x[i-1], ... , f[0], z[i], … ,z[0]) i++ end

Martingale theory 101 (III)

Step 3: Expectations & Moments

• Expectation:

E[X] = ∑u∈Ω X(u) P(u)

• Conditional expectation wrt G ⊂ F: E[X|G]

Y G-mesurable st E[X.1A ] = E[Y.1A] for A∈G

Martingale theory 101 (IV)

Step 4 ( Final! ): Martingales

• Martingale:

E [ Xi | Fi-1 ] = Xi-1 Average value of the current step is equal to the value of the previous step

Playing with martingales

Doob’s decomposition (Xi) stochastic process → (Mi) martingale M0 = X0 Mi = X0 + ∑i

j=1 Xj - E [Xj | Fj-1]

Black Magic of martingales

Optional Stopping theorem (Mi) martingale → Expectations are invariants E[Mj] = E[M0]

Black Magic of martingales

Optional Stopping theorem E[Mj] = E[M0]

Black Magic of martingales

Optional Stopping theorem E[MT] = E[M0] For T a stopping time : T : Ω → R { w ∈ Ω | T(w) ≤ i } ⊂ Fi

Black Magic of martingales

Optional Stopping theorem E[MT] = E[M0] For T a stopping time : T : Ω → R { w ∈ Ω | T(w) ≤ i } ⊂ Fi

and...

|Mi - Mi-1 | ≤ C E[T] < ∞

Let’s play with a program...

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Stopping time? (on average)

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Stopping time? (on average) 1/(1-p)

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Equation for x? Xi = Xi-1 + Zi

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Equation for x? Xi = Xi-1 + Zi Polynomial extraction

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = X0 Mi = X0 + ∑i

j=1 Xj - E[Xj | Fj-1]

Doob

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = X0 + ∑i

j=1 Xj - E[Xj | Fj-1]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = ∑i

j=1 Xj - E[Xj | Fj-1]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = ∑i

j=1 Xj - E[Xj-1 + Zi | Fj-1]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = ∑i

j=1 Xj - E[Xj-1 | Fj-1] + E[Zi | Fj-1]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = ∑i

j=1 Xj - E[Xj-1 | Fj-1] + E[Zi ]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = ∑i

j=1 Xj - E[Xj-1 | Fj-1] + p

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = ∑i

j=1 Xj - Xj-1 + p

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = Xi - X0 + i p

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

Xi = Xi-1 + Zi M0 = 0 Mi = Xi + i p Simplify...

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi E[ M0 ] = E[ MT] Optional Stopping

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi 0 = E[ MT]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi 0 = E[ XT- Tp]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi 0 = E[ XT] - E[ Tp]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi 0 = E[ XT] - p E[T] Simplify...

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi 0 = E[T-1] - p E[T] Hint XT = T-1

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi 0 = E[T] - 1 - p E[T]

Geometric distribution

x[0] ← 0; while (z ̸= 0) do z ←$ Bern(p, {1, 0}); x ← x[-1] + z; end

M0 = 0 Mi = Xi + i p Xi = Xi-1 + Zi E[T] = 1 /(1-p) Simplify...

Automatization

Inputs

Automatization

Inputs Extract Poly.

Automatization

Inputs Extract Poly. Doob decomp.

Automatization

Inputs Extract Poly. Doob decomp. Simplify

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify Verify Hints.

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify Simplify Verify Hints.

Gambler’s ruin

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

X

Automatization

Inputs Extract Poly.

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

Xi = Xi-1 + Zi

Automatization

Inputs Extract Poly. Doob decomp.

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

Xi = Xi-1 + Zi M0 = X0 Mi = Xi

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

Xi = Xi-1 + Zi M0 = X0 Mi = Xi a = E[X0] = E[XT]

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify Verify Hints.

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

Xi = Xi-1 + Zi M0 = X0 Mi = Xi a = E[X0] = E[XT] x=0 or x=b

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify Simplify Verify Hints.

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

Xi = Xi-1 + Zi M0 = X0 Mi = Xi a = E[X0] = E[XT] x=0 or x=b a = b P[x=b]

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

X2

Automatization

Inputs Extract Poly.

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

X2 Xi

2 = (Xi-1 + Zi)2

Automatization

Inputs Extract Poly. Doob decomp.

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

M0 = X0

2 Mi = Xi 2-i

Xi

2 = (Xi-1 + Zi)2

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

M0 = X0 Mi = Xi a2 = E[X0

2] = E[XT 2 - T]

Xi

2 = (Xi-1 + Zi)2

M0 = X0

2 Mi = Xi 2-i

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify Verify Hints.

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

M0 = X0 Mi = Xi a = E[X0] = E[XT] x=0 or x=b Xi

2 = (Xi-1 + Zi)2

M0 = X0

2 Mi = Xi 2-i

M0 = X0 Mi = Xi a2 = E[X0

2] = E[XT 2 - T]

M0 = X0

2 Mi = Xi 2-i

Automatization

Inputs Extract Poly. Doob decomp. OST Simplify Simplify Verify Hints.

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

M0 = X0 Mi = Xi a = E[X0] = E[XT] x=0 or x=b a2 = b2 P[x=b]-E[T] Xi

2 = (Xi-1 + Zi)2

M0 = X0

2 Mi = Xi 2-i

M0 = X0 Mi = Xi a2 = E[X0

2] = E[XT 2 - T]

M0 = X0

2 Mi = Xi 2-i

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

a2 = b2 P[x=b]-E[T] a = b P[x=b] E[T] = a(b-a)

Gambler’s ruin

x[0] ← a; while (0 < x < b) do z ←$ Bern(1/2, {-1, 1}); x ← x + z; end

Abracadabra

match0[0] ←1; match1[0] ←0; ... match11[0] ← 0; while (match11 == 0) do s ←$ UnifMatches; match11 ← match10[-1] * π11(s); match10 ← match9[-1] * π10(s); ... match1 ← match0[-1] * π1(s); end

Abracadabra

match0[0] ←1; match1[0] ←0; ... match11[0] ← 0; while (match11 == 0) do s ←$ UnifMatches; match11 ← match10[-1] * π11(s); match10 ← match9[-1] * π10(s); ... match1 ← match0[-1] * π1(s); end

Abracadabra

match0[0] ←1; match1[0] ←0; ... match11[0] ← 0; while (match11 == 0) do s ←$ UnifMatches; match11 ← match10[-1] * π11(s); match10 ← match9[-1] * π10(s); ... match1 ← match0[-1] * π1(s); end

1+ L· match1 +···+L11 ·match11

Abracadabra

match0[0] ←1; match1[0] ←0; ... match11[0] ← 0; while (match11 == 0) do s ←$ UnifMatches; match11 ← match10[-1] * π11(s); match10 ← match9[-1] * π10(s); ... match1 ← match0[-1] * π1(s); end

1+ L· match1 +···+L11 ·match11

1+L+...+L11 - [ 1+ L· match1 +···+L11 ·match11 ] decreases with Pr 1/L

Abracadabra

match0[0] ←1; match1[0] ←0; ... match11[0] ← 0; while (match11 == 0) do s ←$ UnifMatches; match11 ← match10[-1] * π11(s); match10 ← match9[-1] * π10(s); ... match1 ← match0[-1] * π1(s); end

1+ L· match1 +···+L11 ·match11 E[T] = L+L4+L11

Abracadabra

match0[0] ←1; match1[0] ←0; ... match11[0] ← 0; while (match11 == 0) do s ←$ UnifMatches; match11 ← match10[-1] * π11(s); match10 ← match9[-1] * π10(s); ... match1 ← match0[-1] * π1(s); end

1+ L· match1 +···+L11 ·match11 E[T] = 26+264+2611

Abracadabra

match0[0] ←1; match1[0] ←0; ... match11[0] ← 0; while (match11 == 0) do s ←$ UnifMatches; match11 ← match10[-1] * π11(s); match10 ← match9[-1] * π10(s); ... match1 ← match0[-1] * π1(s); end

1+ L· match1 +···+L11 ·match11 E[T] =

3670344487444778

Abracadabra

match0[0] ←1; match1[0] ←0; ... match11[0] ← 0; while (match11 == 0) do s ←$ UnifMatches; match11 ← match10[-1] * π11(s); match10 ← match9[-1] * π10(s); ... match1 ← match0[-1] * π1(s); end

1+ L· match1 +···+L11 ·match11 E[T] =

3670344487444778

116 385 860 years...

In a nutshell

• Program + Seed → Martingale
• Martingale + OST → Expectation at the stopping time
• f loop
• Works symbolically , only requires AS-termination
• POC written in Python+SymPy, runs in less than a

second for simplest example to 6s for Abracadabra.

Questions?