Metric Semantics for Probabilistic Relational Reasoning
The Fuzz programming language [Reed and Pierce, 2010] uses an elegant linear type system to express and reason about function sensitivity properties, most notably ϵ-differential privacy. We show how to extend Fuzz to encompass more general relational properties of probabilistic programs, with our motivating example being the (ϵ, δ)-variant of differential privacy. Our technical contributions are threefold. First, we introduce the categorical notion of assignment on a monad to model composition properties of probabilistic divergences. Then, we show how to express relational properties as sensitivity properties via an adjunction we call the path construction, reminiscent of Benton's linear and non-linear models of linear logic. Finally, we instantiate our semantics to model the terminating fragment of Fuzz, and extend the language with types carrying information about richer divergences between distributions.
READ FULL TEXT