Verifying Exact Samplers for Continuous Distributions with a Discrete Program Logic

TL;DR

This paper introduces Continuous-Eris, a higher-order logic framework for verifying the correctness of exact sampling algorithms for continuous distributions, addressing issues of floating-point inaccuracies.

Contribution

It presents a novel separation logic for verifying complex exact sampling algorithms and demonstrates its application on multiple distributions within the Rocq proof assistant.

Findings

Verified correctness of samplers for uniform, Gaussian, and Laplace distributions

Developed a library for exact real arithmetic in the verification process

All results are formally verified in the Rocq proof assistant

Abstract

Most implementations of sampling algorithms for continuous distributions use floating-point numbers, which introduce round-off errors and approximations. These errors can be difficult to analyze, and can cause security issues when used in algorithms for differential privacy. An alternative is to use exact sampling algorithms based on computable reals, which can lazily generate the digits of a continuous sample to arbitrary precision. However, these algorithms are intricate, and implementing and using them involves a combination of semantically challenging language features, such as probabilistic choice, higher-order functions, and dynamically-allocated mutable state. In this paper we present Continuous-Eris, a higher-order separation logic for verifying the correctness of exact sampling algorithms for computable distributions. To demonstrate Continuous-Eris, we verify the correctness of computable samplers for the uniform, Gaussian, and Laplace distributions, as well as a library for exact real arithmetic for working with generated samples. All of the results in this paper have been verified in the Rocq proof assistant.