Abstract
Program sensitivity measures how robust a program is to small changes in its input, and is a fundamental notion in domains ranging from differential privacy to cyber-physical systems. A natural way to formalize program sensitivity is in terms of metrics on the input and output spaces, requiring that an r-sensitive function map inputs that are at distance d to outputs that are at distance at most r · d. Program sensitivity is thus an analogue of Lipschitz continuity for programs.
Reed and Pierce introduced Fuzz, a functional language with a linear type system that can express program sensitivity. They show soundness operationally, in the form of a metric preservation property. Inspired by their work, we study program sensitivity and metric preservation from a denotational point of view. In particular, we introduce metric CPOs, a novel semantic structure for reasoning about computation on metric spaces, by endowing CPOs with a compatible notion of distance. This structure is useful for reasoning about metric properties of programs, and specifically about program sensitivity. We demonstrate metric CPOs by giving a model for the deterministic fragment of Fuzz.
- M. Abadi and G. D. Plotkin. A PER model of polymorphism and recursive types. In IEEE Symposium on Logic in Computer Science (LICS), Philadelphia, Pennsylvania, pages 355–365, 1990.Google Scholar
Cross Ref
- M. Abadi, B. C. Pierce, and G. D. Plotkin. Faithful ideal models for recursive polymorphic types. In IEEE Symposium on Logic in Computer Science (LICS), Asilomar, California, pages 216–225, 1989. Google Scholar
Digital Library
- R. M. Amadio. Recursion over realizability structures. Information and Computation, 91(1):55–85, 1991. Google Scholar
Digital Library
- P. America and J. J. M. M. Rutten. Solving reflexive domain equations in a category of complete metric spaces. In Workshop on the Mathematical Foundations of Programming Semantics (MFPS), New Orleans, Louisiana, volume 298 of Lecture Notes in Computer Science, pages 254–288. Springer-Verlag, 1987. Google Scholar
Digital Library
- A. Arnold and M. Nivat. Metric interpretations of infinite trees and semantics of non-deterministic recursive programs. Theoretical Computer Science, 11(2):181–205, 1980.Google Scholar
Cross Ref
- C. Baier and M. Z. Kwiatkowska. Domain equations for probabilistic processes. Electronic Notes in Theoretical Computer Science, 7:34–54, 1997.Google Scholar
Cross Ref
- C. Baier and M. E. Majster-Cederbaum. Denotational semantics in the CPO and metric approach. Theoretical Computer Science, 135(2): 171–220, 1994. Google Scholar
Digital Library
- G. Barthe, B. Köpf, F. Olmedo, and S. Zanella Béguelin. Probabilistic relational reasoning for differential privacy. In ACM SIGPLAN– SIGACT Symposium on Principles of Programming Languages (POPL), Philadelphia, Pennsylvania, pages 97–110, 2012. Google Scholar
Digital Library
- G. Barthe, M. Gaboardi, E. J. Gallego Arias, J. Hsu, A. Roth, and P.-Y. Strub. Higher-order approximate relational refinement types for mechanism design and differential privacy. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Mumbai, India, pages 55–68, 2015. Google Scholar
Digital Library
- L. Birkedal, K. Støvring, and J. Thamsborg. Realizability semantics of parametric polymorphism, general references, and recursive types. In International Conference on Foundations of Software Science and Computation Structures (FoSSaCS), York, England, volume 5504 of Lecture Notes in Computer Science, pages 456–470. Springer-Verlag, 2009.Google Scholar
Cross Ref
- L. Birkedal, K. Støvring, and J. Thamsborg. The category-theoretic solution of recursive metric-space equations. Theoretical Computer Science, 411(47):4102–4122, 2010. Google Scholar
Digital Library
- L. Birkedal, R. E. Møgelberg, J. Schwinghammer, and K. Støvring. First steps in synthetic guarded domain theory: Step-indexing in the topos of trees. In IEEE Symposium on Logic in Computer Science (LICS), Toronto, Ontario, pages 55–64, 2011. Google Scholar
Digital Library
- S. Chaudhuri, S. Gulwani, and R. Lublinerman. Continuity analysis of programs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Madrid, Spain, pages 57–70, 2010. Google Scholar
Digital Library
- S. Chaudhuri, S. Gulwani, R. Lublinerman, and S. NavidPour. Proving programs robust. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), Szeged, Hungary, pages 102–112, 2011. Google Scholar
Digital Library
- S. Chaudhuri, S. Gulwani, and R. Lublinerman. Continuity and robustness of programs. Communications of the ACM, 55(8):107–115, 2012. Google Scholar
Digital Library
- J. Chroboczek. Subtyping recursive games. In International Conference on Typed Lambda Calculi and Applications (TLCA), Kraków, Poland, volume 2044 of Lecture Notes in Computer Science, pages 61–75. Springer-Verlag, 2001. Google Scholar
Digital Library
- I. Csiszár and P. C. Shields. Information theory and statistics: A tutorial. Foundations and Trends® in Communications and Information Theory, 1(4):417–528, 2004. Google Scholar
Digital Library
- J. W. de Bakker and J. I. Zucker. Denotational semantics of concurrency. In ACM SIGACT Symposium on Theory of Computing (STOC), San Francisco, California, pages 153–158, 1982. Google Scholar
Digital Library
- E. P. de Vink and J. J. M. M. Rutten. Bisimulation for probabilistic transition systems: A coalgebraic approach. Theoretical Computer Science, 221(1–2):271–293, 1999. Google Scholar
Digital Library
- J. den Hartog, E. P. de Vink, and J. W. de Bakker. Metric semantics and full abstractness for action refinement and probabilistic choice. Electronic Notes in Theoretical Computer Science, 40:72–99, 2000.Google Scholar
Cross Ref
- J. Desharnais, R. Jagadeesan, V. Gupta, and P. Panangaden. The metric analogue of weak bisimulation for probabilistic processes. In IEEE Symposium on Logic in Computer Science (LICS), Copenhagen, Denmark, pages 413–422, 2002. Google Scholar
Digital Library
- C. Dwork, F. McSherry, K. Nissim, and A. D. Smith. Calibrating noise to sensitivity in private data analysis. In IACR Theory of Cryptography Conference (TCC), New York, New York, volume 3876 of Lecture Notes in Computer Science, pages 265–284. Springer-Verlag, 2006. Google Scholar
Digital Library
- M. H. Escardó. A metric model of PCF, 1999. Workshop on Realizability Semantics and Applications, Trento, Italy.Google Scholar
- M. P. Fiore and G. D. Plotkin. An axiomatization of computationally adequate domain theoretic models of FPC. In IEEE Symposium on Logic in Computer Science (LICS), Paris, France, pages 92–102, 1994.Google Scholar
- P. Freyd. Algebraically complete categories. In International Category Theory Conference (CT), Como, Italy, volume 1488 of Lecture Notes in Mathematics, pages 95–104. Springer-Verlag, 1990. ISBN 978-3-540-46435-8.Google Scholar
- M. Gaboardi, A. Haeberlen, J. Hsu, A. Narayan, and B. C. Pierce. Linear dependent types for differential privacy. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Rome, Italy, pages 357–370, 2013. Google Scholar
Digital Library
- A. Haeberlen, B. C. Pierce, and A. Narayan. Differential privacy under fire. In USENIX Security Symposium, San Francisco, USA, 2011. Google Scholar
Digital Library
- D. Hofmann, G. J. Seal, and W. Tholen, editors. Monoidal Topology. Cambridge University Press, 2014.Google Scholar
Cross Ref
- D. Kozen. Semantics of probabilistic programs. Journal of Computer and System Sciences, 22(3):328–350, 1981.Google Scholar
Cross Ref
- N. R. Krishnaswami and N. Benton. Ultrametric semantics of reactive programs. In IEEE Symposium on Logic in Computer Science (LICS), Toronto, Ontario, pages 257–266, 2011. Google Scholar
Digital Library
- D. B. MacQueen, G. D. Plotkin, and R. Sethi. An ideal model for recursive polymorphic types. In ACM Symposium on Principles of Programming Languages (POPL), Salt Lake City, Utah, pages 165–174, 1984. Google Scholar
Digital Library
- M. E. Majster-Cederbaum. On the uniqueness of fixed points of endofunctors in a category of complete metric spaces. Information Processing Letters, 29(6):277–281, 1988. Google Scholar
Digital Library
- M. E. Majster-Cederbaum and F. Zetzsche. Towards a foundation for semantics in complete metric spaces. Information and Computation, 90(2):217–243, 1991. Google Scholar
Digital Library
- M. E. Majster-Cederbaum and F. Zetzsche. The comparison of a CPObased semantics with a CMS-based semantics for CSP. Theoretical Computer Science, 124(1):1–40, 1994. Google Scholar
Digital Library
- H. Nakano. A modality for recursion. In IEEE Symposium on Logic in Computer Science (LICS), Santa Barbara, California, pages 255–266, 2000. Google Scholar
Digital Library
- A. M. Pitts. Relational properties of domains. Information and Computation, 127(2):66–90, 1996.Google Scholar
Cross Ref
- G. Plotkin. Lectures on predomains and partial functions. Notes for a course given at the Center for the Study of Language and Information, Stanford, 1985.Google Scholar
- J. Reed and B. C. Pierce. Distance makes the types grow stronger: A calculus for differential privacy. In ACM SIGPLAN International Conference on Functional Programming (ICFP), Baltimore, Maryland, pages 157–168, 2010. ISBN 978-1-60558-794-3. Google Scholar
Digital Library
- J. Schwinghammer, L. Birkedal, and K. Støvring. A step-indexed Kripke model of hidden state via recursive properties on recursively defined metric spaces. In International Conference on Foundations of Software Science and Computation Structures (FoSSaCS), Saarbrücken, Germany, volume 6604 of Lecture Notes in Computer Science, pages 305–319. Springer-Verlag, 2011. Google Scholar
Digital Library
- M. B. Smyth and G. D. Plotkin. The category-theoretic solution of recursive domain equations. SIAM Journal on Computing, 11(4): 761–783, 1982.Google Scholar
Digital Library
- F. van Breugel. An introduction to metric semantics: operational and denotational models for programming and specification languages. Theoretical Computer Science, 258(1–2):1–98, 2001. Google Scholar
Digital Library
- Introduction Metric Spaces Core Fuzz Metric CPOs Preliminaries Adding Metrics Domain Equations Full Fuzz Adapting the Model Metatheory A Remark on Recursive Functions Related Work ConclusionGoogle Scholar
Index Terms
A semantic account of metric preservation
Recommendations
A semantic account of metric preservation
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesProgram sensitivity measures how robust a program is to small changes in its input, and is a fundamental notion in domains ranging from differential privacy to cyber-physical systems. A natural way to formalize program sensitivity is in terms of metrics ...
Logics of metric spaces
We investigate the expressive power and computational properties of two different types of languages intended for speaking about distances. First, we consider a first-order language FM the two-variable fragment of which turns out to be undecidable in ...
Observationally-induced Effect Monads: Upper and Lower Powerspace Constructions
Alex Simpson has suggested to use an observationally-induced approach towards modelling computational effects in denotational semantics. The principal idea is that a single observation algebra is used for defining the computational type structure. He ...







Comments