skip to main content
research-article
Open Access
Artifacts Evaluated & Functional

Proving expected sensitivity of probabilistic programs

Published:27 December 2017Publication History
Skip Abstract Section

Abstract

Program sensitivity, also known as Lipschitz continuity, describes how small changes in a program’s input lead to bounded changes in the output. We propose an average notion of program sensitivity for probabilistic programs—expected sensitivity—that averages a distance function over a probabilistic coupling of two output distributions from two similar inputs. By varying the distance, expected sensitivity recovers useful notions of probabilistic function sensitivity, including stability of machine learning algorithms and convergence of Markov chains.

Furthermore, expected sensitivity satisfies clean compositional properties and is amenable to formal verification. We develop a relational program logic called EpRHL for proving expected sensitivity properties. Our logic features two key ideas. First, relational pre-conditions and post-conditions are expressed using distances, a real-valued generalization of typical boolean-valued (relational) assertions. Second, judgments are interpreted in terms of expectation coupling, a novel, quantitative generalization of probabilistic couplings which supports compositional reasoning.

We demonstrate our logic on examples beyond the reach of prior relational logics. Our main example formalizes uniform stability of the stochastic gradient method. Furthermore, we prove rapid mixing for a probabilistic model of population dynamics. We also extend our logic with a transitivity principle for expectation couplings to capture the path coupling proof technique by Bubley and Dyer, and formalize rapid mixing of the Glauber dynamics from statistical physics.

Skip Supplemental Material Section

Supplemental Material

expectedsensitivityofprobabilisticprograms.webm

References

  1. Arthur Azevedo de Amorim, Marco Gaboardi, Emilio Jesús Gallego Arias, and Justin Hsu. 2014. Really natural linear indexed type-checking. In Symposium on Implementation and Application of Functional Programming Languages (IFL), Boston, Massachusetts . ACM Press, 5:1–5:12. http://arxiv.org/abs/1503.04522Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Arthur Azevedo de Amorim, Marco Gaboardi, Justin Hsu, Shin-ya Katsumata, and Ikram Cherigui. 2017. A semantic account of metric preservation. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Paris, France . 545–556. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Gilles Barthe, François Dupressoir, Sebastian Faust, Benjamin Grégoire, François-Xavier Standaert, and Pierre-Yves Strub. 2016a. Parallel Implementations of Masking Schemes and the Bounded Moment Leakage Model. IACR Cryptology ePrint Archive 2016 (2016), 912. http://eprint.iacr.org/2016/912Google ScholarGoogle Scholar
  4. Gilles Barthe, François Dupressoir, Benjamin Grégoire, César Kunz, Benedikt Schmidt, and Pierre-Yves Strub. 2013. EasyCrypt: A Tutorial. In Foundations of Security Analysis and Design VII (FOSAD) (Lecture Notes in Computer Science), Vol. 8604. Springer-Verlag, 146–166. Tutorial Lectures.Google ScholarGoogle Scholar
  5. Gilles Barthe, Thomas Espitau, Justin Hsu, Tetsuya Sato, and Pierre-Yves Strub. 2017a. ⋆-Liftings for differential privacy. In International Colloquium on Automata, Languages and Programming (ICALP), Warsaw, Poland (Leibniz International Proceedings in Informatics) , Vol. 80. Schloss Dagstuhl–Leibniz Center for Informatics, 102:1–102:12. https://arxiv.org/abs/ 1705.00133Google ScholarGoogle Scholar
  6. Gilles Barthe, Noémie Fong, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2016b. Advanced Probabilistic Couplings for Differential Privacy. In ACM SIGSAC Conference on Computer and Communications Security (CCS), Vienna, Austria . 55–67. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Gilles Barthe, Marco Gaboardi, Emilio Jesús Gallego Arias, Justin Hsu, Aaron Roth, and Pierre-Yves Strub. 2015. Higher-Order Approximate Relational Refinement Types for Mechanism Design and Differential Privacy. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Mumbai, India . 55–68. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Gilles Barthe, Marco Gaboardi, Emilio Jesús Gallego Arias, Justin Hsu, Aaron Roth, and Pierre-Yves Strub. 2016c. Computeraided verification in mechanism design. In Conference on Web and Internet Economics (WINE), Montréal, Québec. http: //arxiv.org/abs/1502.04052 Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Gilles Barthe, Marco Gaboardi, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2016d. Proving Differential Privacy via Probabilistic Couplings. In IEEE Symposium on Logic in Computer Science (LICS), New York, New York. 749–758. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Gilles Barthe, Benjamin Grégoire, Justin Hsu, and Pierre-Yves Strub. 2017b. Coupling proofs are probabilistic product programs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Paris, France. http: //arxiv.org/abs/1607.03455 Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Gilles Barthe, Benjamin Grégoire, and Santiago Zanella-Béguelin. 2009. Formal Certification of Code-Based Cryptographic Proofs. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Savannah, Georgia. New York, 90–101. http://certicrypt.gforge.inria.fr/2013.Journal.pdfGoogle ScholarGoogle Scholar
  12. Gilles Barthe, Boris Köpf, Federico Olmedo, and Santiago Zanella Béguelin. 2012. Probabilistic relational reasoning for differential privacy. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Philadelphia, Pennsylvania . 97–110. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Gilles Barthe and Federico Olmedo. 2013. Beyond Differential Privacy: Composition Theorems and Relational Logic for f -divergences between Probabilistic Programs. In International Colloquium on Automata, Languages and Programming (ICALP), Riga, Latvia (Lecture Notes in Computer Science) , Vol. 7966. Springer-Verlag, 49–60. http://certicrypt.gforge.inria. fr/2013.ICALP.pdf Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. AT Bharucha-Reid et al. 1976. Fixed point theorems in probabilistic analysis. Bull. Amer. Math. Soc. 82, 5 (1976), 641–657. Google ScholarGoogle ScholarCross RefCross Ref
  15. Olivier Bousquet and André Elisseeff. 2002. Stability and Generalization. Journal of Machine Learning Research 2 (2002), 499–526. http://www.jmlr.org/papers/v2/bousquet02a.htmlGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  16. Russ Bubley and Martin Dyer. 1997. Path coupling: A technique for proving rapid mixing in Markov chains. In IEEE Symposium on Foundations of Computer Science (FOCS), Miami Beach, Florida . 223–231. Google ScholarGoogle ScholarCross RefCross Ref
  17. Swarat Chaudhuri, Sumit Gulwani, and Roberto Lublinerman. 2010. Continuity analysis of programs. In ACM SIGPLAN– SIGACT Symposium on Principles of Programming Languages (POPL), Madrid, Spain . 57–70. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Narendra M Dixit, Piyush Srivastava, and Nisheeth K Vishnoi. 2012. A finite population model of molecular evolution: Theory and computation. Journal of Computational Biology 19, 10 (2012), 1176–1202.Google ScholarGoogle ScholarCross RefCross Ref
  19. Hassan Eldib, Chao Wang, Mostafa M. I. Taha, and Patrick Schaumont. 2015. Quantitative Masking Strength: Quantifying the Power Side-Channel Resistance of Software Code. IEEE Transansactions on CAD of Integrated Circuits and Systems 34, 10 (2015), 1558–1568. Google ScholarGoogle ScholarCross RefCross Ref
  20. André Elisseeff, Theodoros Evgeniou, and Massimiliano Pontil. 2005. Stability of Randomized Learning Algorithms. Journal of Machine Learning Research 6 (2005), 55–79. http://www.jmlr.org/papers/v6/elisseeff05a.htmlGoogle ScholarGoogle ScholarDigital LibraryDigital Library
  21. Marco Gaboardi, Andreas Haeberlen, Justin Hsu, Arjun Narayan, and Benjamin C. Pierce. 2013. Linear dependent types for differential privacy. In ACM SIGPLAN–SIGACT Symposium on Principles of Programming Languages (POPL), Rome, Italy. 357–370. http://dl.acm.org/citation.cfm?id=2429113 Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. Moritz Hardt, Ben Recht, and Yoram Singer. 2016. Train faster, generalize better: Stability of stochastic gradient descent. In International Conference on Machine Learning (ICML), New York, NY (Journal of Machine Learning Research), Vol. 48. JMLR.org, 1225–1234. http://jmlr.org/proceedings/papers/v48/hardt16.htmlGoogle ScholarGoogle Scholar
  23. Daniel L. Hartl and Andrew G. Clark. 2006. Principles of Population Genetics (fourth ed.). Sinauer Associates.Google ScholarGoogle Scholar
  24. Justin Hsu. 2017. Probabilistic Couplings for Probabilistic Reasoning. Ph.D. Dissertation. University of Pennsylvania. arXiv: cs.LO/1710.09951 https://arxiv.org/abs/1710.09951Google ScholarGoogle Scholar
  25. Xiaowei Huang, Marta Kwiatkowska, Sen Wang, and Min Wu. 2017. Safety Verification of Deep Neural Networks. In International Conference on Computer Aided Verification (CAV), Heidelberg, Germany (Lecture Notes in Computer Science) , Rupak Majumdar and Viktor Kuncak (Eds.), Vol. 10426. Springer-Verlag, 3–29. Google ScholarGoogle ScholarCross RefCross Ref
  26. Thomas Jansen. 2013. Analyzing Evolutionary Algorithms: The Computer Science Perspective. Springer-Verlag. Google ScholarGoogle ScholarCross RefCross Ref
  27. Mark Jerrum. 1995. A Very Simple Algorithm for Estimating the Number of k-Colorings of a Low-Degree Graph. Random Structures and Algorithms 7, 2 (1995), 157–166. Google ScholarGoogle ScholarCross RefCross Ref
  28. Benjamin Lucien Kaminski, Joost-Pieter Katoen, Christoph Matheja, and Federico Olmedo. 2016. Weakest Precondition Reasoning for Expected Run-Times of Probabilistic Programs. In European Symposium on Programming (ESOP), Eindhoven, The Netherlands (Lecture Notes in Computer Science) , Vol. 9632. Springer-Verlag, 364–389. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Guy Katz, Clark W. Barrett, David L. Dill, Kyle Julian, and Mykel J. Kochenderfer. 2017. Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks. In International Conference on Computer Aided Verification (CAV), Heidelberg, Germany (Lecture Notes in Computer Science) , Rupak Majumdar and Viktor Kuncak (Eds.), Vol. 10426. Springer-Verlag, 97–117. Google ScholarGoogle ScholarCross RefCross Ref
  30. Dexter Kozen. 1979. Semantics of probabilistic programs. In IEEE Symposium on Foundations of Computer Science (FOCS), San Juan, Puerto Rico . 101–114. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Dexter Kozen. 1985. A Probabilistic PDL. J. Comput. System Sci. 30, 2 (1985), 162–178. Google ScholarGoogle ScholarCross RefCross Ref
  32. Torgny Lindvall. 2002. Lectures on the coupling method. Courier Corporation.Google ScholarGoogle Scholar
  33. Carroll Morgan, Annabelle McIver, and Karen Seidel. 1996. Probabilistic Predicate Transformers. ACM Transactions on Programming Languages and Systems 18, 3 (1996), 325–353. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. Ioannis Panageas, Piyush Srivastava, and Nisheeth K. Vishnoi. 2016. Evolutionary Dynamics in Finite Populations Mix Rapidly. In ACM–SIAM Symposium on Discrete Algorithms (SODA), Arlington, Virginia. 480–497. Google ScholarGoogle ScholarCross RefCross Ref
  35. Jason Reed and Benjamin C Pierce. 2010. Distance Makes the Types Grow Stronger: A Calculus for Differential Privacy. In ACM SIGPLAN International Conference on Functional Programming (ICFP), Baltimore, Maryland. http://dl.acm.org/ citation.cfm?id=1863568Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. Tetsuya Sato. 2016. Approximate Relational Hoare Logic for Continuous Random Samplings. In Conference on the Mathematical Foundations of Programming Semantics (MFPS), Pittsburgh, Pennsylvania . http://arxiv.org/abs/1603.01445Google ScholarGoogle Scholar
  37. Daniel Selsam, Percy Liang, and David L. Dill. 2017. Developing Bug-Free Machine Learning Systems With Formal Mathematics. In International Conference on Machine Learning (ICML), Sydney, Australia (Proceedings of Machine Learning Research) , Doina Precup and Yee Whye Teh (Eds.), Vol. 70. 3047–3056. http://proceedings.mlr.press/v70/selsam17a.htmlGoogle ScholarGoogle Scholar
  38. Ohad Shamir. 2016. Without-Replacement Sampling for Stochastic Gradient Methods: Convergence Results and Application to Distributed Optimization. CoRR abs/1603.00570 (2016). http://arxiv.org/abs/1603.00570Google ScholarGoogle Scholar
  39. Hermann Thorisson. 2000. Coupling, Stationarity, and Regeneration. Springer-Verlag. Google ScholarGoogle ScholarCross RefCross Ref
  40. Cédric Villani. 2008. Optimal transport: Old and new. Springer-Verlag.Google ScholarGoogle Scholar
  41. Nisheeth K. Vishnoi. 2015. The Speed of Evolution. In ACM–SIAM Symposium on Discrete Algorithms (SODA), San Diego, California . 1590–1601. Google ScholarGoogle ScholarCross RefCross Ref
  42. Daniel Winograd-Cort, Andreas Haeberlen, Aaron Roth, and Benjamin C. Pierce. 2017. A framework for adaptive differential privacy. In ACM SIGPLAN International Conference on Functional Programming (ICFP), Oxford, England. 10:1–10:29. https://dl.acm.org/citation.cfm?id=3110254Google ScholarGoogle Scholar

Index Terms

  1. Proving expected sensitivity of probabilistic programs

        Recommendations

        Comments

        Login options

        Check if you have access through your login credentials or your institution to get full access on this article.

        Sign in

        Full Access

        PDF Format

        View or Download as a PDF file.

        PDF

        eReader

        View online with eReader.

        eReader
        About Cookies On This Site

        We use cookies to ensure that we give you the best experience on our website.

        Learn more

        Got it!