Abstract
Couplings are a powerful mathematical tool for reasoning about pairs of probabilistic processes. Recent developments in formal verification identify a close connection between couplings and pRHL, a relational program logic motivated by applications to provable security, enabling formal construction of couplings from the probability theory literature. However, existing work using pRHL merely shows existence of a coupling and does not give a way to prove quantitative properties about the coupling, needed to reason about mixing and convergence of probabilistic processes. Furthermore, pRHL is inherently incomplete, and is not able to capture some advanced forms of couplings such as shift couplings. We address both problems as follows.
First, we define an extension of pRHL, called x-pRHL, which explicitly constructs the coupling in a pRHL derivation in the form of a probabilistic product program that simulates two correlated runs of the original program. Existing verification tools for probabilistic programs can then be directly applied to the probabilistic product to prove quantitative properties of the coupling. Second, we equip x-pRHL with a new rule for while loops, where reasoning can freely mix synchronized and unsynchronized loop iterations. Our proof rule can capture examples of shift couplings, and the logic is relatively complete for deterministic programs.
We show soundness of x-PRHL and use it to analyze two classes of examples. First, we verify rapid mixing using different tools from coupling: standard coupling, shift coupling, and path coupling, a compositional principle for combining local couplings into a global coupling. Second, we verify (approximate) equivalence between a source and an optimized program for several instances of loop optimizations from the literature.
- D. J. Aldous and H. Thorisson. Shift-coupling. Stochastic Processes and their Applications, 44:1–14, 1993.Google Scholar
- T. Amtoft, S. Bandhakavi, and A. Banerjee. A logic for information flow in object-oriented programs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Charleston, South Carolina, pages 91–102, 2006. Google Scholar
Digital Library
- L. Avena, M. Heydenreich, F. den Hollander, E. Verbitskiy, and W. van Zuijlen. Random walks (lecture notes). Technical report, Mathematical Institute, Leiden University.Google Scholar
- G. Barthe, P. D’Argenio, and T. Rezk. Secure information flow by self-composition. In IEEE Computer Security Foundations Workshop (CSFW), Pacific Grove, California, pages 100–114, 2004. Google Scholar
Digital Library
- G. Barthe, B. Grégoire, and S. Zanella-Béguelin. Formal certification of code-based cryptographic proofs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Savannah, Georgia, pages 90–101, New York, 2009. Google Scholar
Digital Library
- G. Barthe, J. M. Crespo, and C. Kunz. Relational verification using product programs. In International Symposium on Formal Methods (FM), Limerick, Ireland, volume 6664 of Lecture Notes in Computer Science, pages 200–214. Springer-Verlag, 2011. Google Scholar
Digital Library
- G. Barthe, B. Köpf, F. Olmedo, and S. Z. Béguelin. Probabilistic relational reasoning for differential privacy. In ACM SIGPLAN– SIGACT Symposium on Principles of Programming Languages (POPL), Philadelphia, Pennsylvania, pages 97–110, 2012. Google Scholar
Digital Library
- G. Barthe, J. M. Crespo, and C. Kunz. Beyond 2-safety: Asymmetric product programs for relational program verification. In Symposium on the Logical Foundations of Computer Science (LFCS), San Diego, California, volume 7734 of Lecture Notes in Computer Science, pages 29–43. Springer-Verlag, 2013.Google Scholar
- G. Barthe, F. Dupressoir, B. Grégoire, C. Kunz, B. Schmidt, and P. Strub. Easycrypt: A tutorial. In Foundations of Security Analysis and Design VII (FOSAD), volume 8604 of Lecture Notes in Computer Science, pages 146–166. Springer-Verlag, 2013. Tutorial Lectures.Google Scholar
- G. Barthe, C. Fournet, B. Grégoire, P. Strub, N. Swamy, and S. Z. Béguelin. Probabilistic relational verification for cryptographic implementations. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), San Diego, California, pages 193–206, 2014. Google Scholar
Digital Library
- G. Barthe, M. Gaboardi, E. J. Gallego Arias, J. Hsu, C. Kunz, and P.-Y. Strub. Proving differential privacy in Hoare logic. In IEEE Computer Security Foundations Symposium (CSF), Vienna, Austria, pages 411–424, 2014. Google Scholar
Digital Library
- G. Barthe, T. Espitau, B. Grégoire, J. Hsu, L. Stefanesco, and P.-Y. Strub. Relational reasoning via probabilistic coupling. In International Conference on Logic for Programming, Artificial Intelligence and Reasoning (LPAR), Suva, Fiji, volume 9450 of Lecture Notes in Computer Science, pages 387–401. Springer-Verlag, 2015.Google Scholar
Digital Library
- G. Barthe, M. Gaboardi, E. J. G. Arias, J. Hsu, A. Roth, and P. Strub. Higher-order approximate relational refinement types for mechanism design and differential privacy. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Mumbai, India, pages 55–68, 2015. Google Scholar
Digital Library
- G. Barthe, J. M. Crespo, and C. Kunz. Product programs and relational program logics. Journal of Logical and Algebraic Methods in Programming, 2016.Google Scholar
Cross Ref
- G. Barthe, M. Gaboardi, B. Grégoire, J. Hsu, and P.-Y. Strub. Proving differential privacy via probabilistic couplings. In IEEE Symposium on Logic in Computer Science (LICS), New York, New York, 2016. Google Scholar
Digital Library
- G. Barthe, M. Gaboardi, B. Grégoire, J. Hsu, and P.-Y. Strub. A program logic for union bounds. In International Colloquium on Automata, Languages and Programming (ICALP), Rome, Italy, volume 55 of Leibniz International Proceedings in Informatics, pages 107:1–107:15. Schloss Dagstuhl–Leibniz Center for Informatics, 2016.Google Scholar
- N. Benton. Simple relational correctness proofs for static analyses and program transformations. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Venice, Italy, pages 14–25, 2004. Google Scholar
Digital Library
- N. Benton, M. Hofmann, and V. Nigam. Proof-relevant logical relations for name generation. In International Conference on Typed Lambda Calculi and Applications (TLCA), Eindhoven, The Netherlands, volume 7941 of Lecture Notes in Computer Science, pages 48–60. Springer-Verlag, 2013.Google Scholar
- L. Beringer. Relational decomposition. In Interactive Theorem Proving (ITP), Nijmegen, The Netherlands, volume 6898 of Lecture Notes in Computer Science, pages 39–54. Springer-Verlag, 2011. Google Scholar
Digital Library
- L. Beringer and M. Hofmann. Secure information flow and program logics. In IEEE Computer Security Foundations Symposium (CSF), Venice, Italy, pages 233–248, 2007. Google Scholar
Digital Library
- A. Bizjak and L. Birkedal. Step-indexed logical relations for probability. In International Conference on Foundations of Software Science and Computation Structures (FoSSaCS), London, England, volume 9034 of Lecture Notes in Computer Science, pages 279–294. Springer-Verlag, 2015.Google Scholar
- S. Brooks, A. Gelman, G. Jones, and X.-L. Meng. Handbook of Markov Chain Monte Carlo. CRC press, 2011.Google Scholar
Cross Ref
- R. Bubley and M. Dyer. Path coupling: A technique for proving rapid mixing in Markov chains. In IEEE Symposium on Foundations of Computer Science (FOCS), Miami Beach, Florida, pages 223–231, 1997. Google Scholar
Digital Library
- A. Canteaut, T. Fuhr, M. Naya-Plasencia, P. Paillier, J. Reinhard, and M. Videau. A unified indifferentiability proof for permutationor block cipher-based hash functions. IACR Cryptology ePrint Archive, 2012: 363, 2012.Google Scholar
- M. Carbin, D. Kim, S. Misailovic, and M. C. Rinard. Proving acceptability properties of relaxed nondeterministic approximate programs. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Beijing, China, pages 169–180, 2012. Google Scholar
Digital Library
- S. Chaudhuri, S. Gulwani, and R. Lublinerman. Continuity analysis of programs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Madrid, Spain, pages 57–70, 2010. Google Scholar
Digital Library
- A. Darvas, R. Hähnle, and D. Sands. A theorem proving approach to analysis of secure information flow. In Security in Pervasive Computing, volume 3450 of Lecture Notes in Computer Science, pages 193–209. Springer-Verlag, 2005. Preliminary version in the informal proceedings of WITS 2003. Google Scholar
Digital Library
- J. den Hartog. Probabilistic extensions of semantical models. PhD thesis, Vrije Universiteit Amsterdam, 2002.Google Scholar
- P. Diaconis and D. Stroock. Geometric bounds for eigenvalues of Markov chains. The Annals of Applied Probability, 1(1):36–61, Feb. 1991.Google Scholar
Cross Ref
- N. M. Dixit, P. Srivastava, and N. K. Vishnoi. A finite population model of molecular evolution: Theory and computation. Journal of Computational Biology, 19(10):1176–1202, 2012.Google Scholar
Cross Ref
- N. Ghani, F. N. Forsberg, and A. Simpson. Comprehensive parametric polymorphism: Categorical models and type theory. In International Conference on Foundations of Software Science and Computation Structures (FoSSaCS), Eindhoven, The Netherlands, volume 9634 of Lecture Notes in Computer Science, pages 3–19. Springer-Verlag, 2016.Google Scholar
- M. Gomulkiewicz, M. Klonowski, and M. Kutylowski. Rapid mixing and security of Chaum’s visual electronic voting. In European Symposium on Programming on Research in Computer Security (ESORICS), Gjøvic, Norway, volume 2808 of Lecture Notes in Computer Science, pages 132–145. Springer-Verlag.Google Scholar
- M. Jerrum. A very simple algorithm for estimating the number of k -colorings of a low-degree graph. Random Structures and Algorithms, 7(2):157–166, 1995. Google Scholar
Cross Ref
- M. Jerrum and A. Sinclair. Approximating the permanent. SIAM Journal on Computing, 18(6):1149–1178, 1989. Google Scholar
Digital Library
- M. Kovács, H. Seidl, and B. Finkbeiner. Relational abstract interpretation for the verification of 2-hypersafety properties. In ACM SIGSAC Conference on Computer and Communications Security (CCS), Berlin, Germany, pages 211–222, 2013. Google Scholar
Digital Library
- D. Kozen. Semantics of probabilistic programs. In IEEE Symposium on Foundations of Computer Science (FOCS), San Juan, Puerto Rico, pages 101–114, 1979. Google Scholar
Digital Library
- D. Kozen. A probabilistic PDL. Journal of Computer and System Sciences, 30(2):162–178, 1985.Google Scholar
Cross Ref
- D. Kozen. Kolmogorov extension, martingale convergence, and compositionality of processes. In IEEE Symposium on Logic in Computer Science (LICS), New York, New York, 2016. Google Scholar
Digital Library
- V. S. A. Kumar and H. Ramesh. Coupling vs. conductance for the Jerrum-Sinclair chain. Random Structures and Algorithms, 18(1):1–17, 2001. Google Scholar
Digital Library
- U. D. Lago, D. Sangiorgi, and M. Alberti. On coinductive equivalences for higher-order probabilistic functional programs. In ACM SIGPLAN– SIGACT Symposium on Principles of Programming Languages (POPL), San Diego, California, pages 297–308, 2014. Google Scholar
Digital Library
- D. A. Levin, Y. Peres, and E. L. Wilmer. Markov chains and mixing times. American Mathematical Society, 2009.Google Scholar
- T. Lindvall. Lectures on the coupling method. Courier Corporation, 2002.Google Scholar
- N. Metropolis, A. W. Rosenbluth, M. N. Rosenbluth, A. H. Teller, and E. Teller. Equation of state calculations by fast computing machines. The Journal of Chemical Physics, 21(6):1087–1092, 1953.Google Scholar
Cross Ref
- S. Misailovic, D. M. Roy, and M. C. Rinard. Probabilistically accurate program transformations. In International Symposium on Static Analysis (SAS), Venice, Italy, volume 6887 of Lecture Notes in Computer Science, pages 316–333. Springer-Verlag, 2011. Google Scholar
Digital Library
- C. Morgan, A. McIver, and K. Seidel. Probabilistic predicate transformers. ACM Transactions on Programming Languages and Systems, 18(3):325–353, 1996. Google Scholar
Digital Library
- C. Müller, M. Kovács, and H. Seidl. An analysis of universal information flow based on self-composition. In IEEE Computer Security Foundations Symposium (CSF), Venice, Italy, pages 380–393, 2015. Google Scholar
Digital Library
- A. Nanevski, A. Banerjee, and D. Garg. Verification of information flow and access control policies with dependent types. In IEEE Symposium on Security and Privacy (S&P), Oakland, California, pages 165–179, 2011. Google Scholar
Digital Library
- L. H. Ramshaw. Formalizing the Analysis of Algorithms. PhD thesis, Computer Science, 1979. Google Scholar
Digital Library
- D. Sangiorgi and V. Vignudelli. Environmental bisimulations for probabilistic higher-order languages. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Saint Petersburg, Florida, pages 595–607, 2016. Google Scholar
Digital Library
- T. Sato. Approximate relational Hoare logic for continuous random samplings. In Conference on the Mathematical Foundations of Programming Semantics (MFPS), Pittsburgh, Pennsylvania, 2016.Google Scholar
Cross Ref
- S. Sidiroglou-Douskos, S. Misailovic, H. Hoffmann, and M. C. Rinard. Managing performance vs. accuracy trade-offs with loop perforation. In Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE), Szeged, Hungary, pages 124–134, 2011. Google Scholar
Digital Library
- M. Sousa and I. Dillig. Cartesian Hoare logic for verifying k-safety properties. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), Santa Barbara, California, pages 57–69, 2016. Google Scholar
Digital Library
- T. Terauchi and A. Aiken. Secure information flow as a safety problem. In International Symposium on Static Analysis (SAS), London, England, volume 3672 of Lecture Notes in Computer Science, pages 352–367. Springer-Verlag, 2005. Google Scholar
Digital Library
- H. Thorisson. Coupling, Stationarity, and Regeneration. Springer-Verlag, 2000.Google Scholar
- C. Villani. Optimal transport: old and new. Springer-Verlag, 2008.Google Scholar
- H. Yang. Relational separation logic. Theoretical Computer Science, 375(1-3):308–334, 2007. Google Scholar
Digital Library
- A. Zaks and A. Pnueli. CoVaC: Compiler validation by program analysis of the cross-product. In International Symposium on Formal Methods (FM), Turku, Finland, volume 5014 of Lecture Notes in Computer Science, pages 35–51. Springer-Verlag, 2008. Google Scholar
Digital Library
Index Terms
Coupling proofs are probabilistic product programs
Recommendations
Formal certification of code-based cryptographic proofs
POPL '09: Proceedings of the 36th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languagesAs cryptographic proofs have become essentially unverifiable, cryptographers have argued in favor of developing techniques that help tame the complexity of their proofs. Game-based techniques provide a popular approach in which proofs are structured as ...
Coupling proofs are probabilistic product programs
POPL '17: Proceedings of the 44th ACM SIGPLAN Symposium on Principles of Programming LanguagesCouplings are a powerful mathematical tool for reasoning about pairs of probabilistic processes. Recent developments in formal verification identify a close connection between couplings and pRHL, a relational program logic motivated by applications to ...
Relational Reasoning via Probabilistic Coupling
LPAR-20 2015: Proceedings of the 20th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning - Volume 9450Probabilistic coupling is a powerful tool for analyzing pairs of probabilistic processes. Roughly, coupling two processes requires finding an appropriate witness process that models both processes in the same probability space. Couplings are powerful ...







Comments