Program sensitivity measures how robust a program is to small changes in its input, and is a fundamental notion in domains ranging from differential privacy to cyber-physical systems. A natural way to formalize program sensitivity is in terms of metrics on the input and output spaces, requiring that an $r$-sensitive function map inputs that are at distance $d$ to outputs that are at distance at most $r \cdot d$. Program sensitivity is thus an analogue of Lipschitz continuity for programs. Reed and Pierce introduced Fuzz, a functional language with a linear type system that can express program sensitivity. They show soundness operationally, in the form of a metric preservation property. Inspired by their work, we study program sensitivity and metric preservation from a denotational point of view. In particular, we introduce metric CPOs, a novel semantic structure for reasoning about computation on metric spaces, by endowing CPOs with a compatible notion of distance. This structure is useful for reasoning about metric properties of programs, and specifically about program sensitivity. We demonstrate metric CPOs by giving a model for the deterministic fragment of Fuzz.
翻译:方案敏感度衡量程序在投入方面的微小变化如何强健,这是从不同的隐私到网络物理系统等领域的基本概念。正式确定方案敏感度的自然方式是投入和产出空间的度量,要求对输入和输出空间的量度进行量度,要求对输入和输出空间的量度进行量度,要求以美元为敏感度的功能映射输入在远方以美元表示的输出。因此,方案敏感度是Lipschitz程序连续性的类比。Reed和Pierce引入了Fuzz,这是一个功能语言,具有直线型系统,可以表达程序敏感性。它们以量度保存属性的形式显示操作上的稳健性。受其工作的启发,我们从分辨角度研究方案的灵敏度和量度保存。特别是我们引入了通用CPO,这是用于计算度空间的推理的一种新的语义结构,用一个相容的距离概念赋予CPO。这一结构有助于解释程序的标准特性,特别是程序敏感性。我们通过给Fuzz的确定性碎片的模型来展示标准CPO。