A Verified Compiler for Probability Density Functions

Bhat et al. developed an inductive compiler that computes density functions for probability spaces described by programs in a simple probabilistic functional language. In this work, we implement such a compiler for a modified version of this language within the theorem prover Isabelle and give a formal proof of its soundness w.r.t. the semantics of the source and target language. Together with Isabelle’s code generation for inductive predicates, this yields a fully verified, executable density compiler. The proof is done in two steps, using a standard refinement approach: first, an abstract compiler working with abstract functions modelled directly in the theorem prover’s logic is defined and proven sound. Then, this compiler is refined to a concrete version that returns a target-language expression.

💡 Research Summary

This paper presents a fully verified compiler that transforms programs written in a simple probabilistic functional language into their corresponding probability density functions (PDFs). Building on the inductive compiler introduced by Bhat et al. (2013) for the language Fun, the authors implement a modified version of that language inside the Isabelle/HOL theorem prover and formally prove the compiler’s soundness with respect to both source‑ and target‑language semantics.

The work proceeds in two major phases. First, an abstract compiler is defined directly in Isabelle’s logic; it maps source expressions to abstract mathematical functions (ℝ → ℝ) and is proved sound by showing that, for any well‑typed program, the measure obtained by executing the source program and then binding with the compiled function coincides with the measure produced by the target language expression. The proof relies on a careful formalisation of the Giry monad, Dirac return, bind (≫=), and the join operation, together with non‑negative integration (∫⁺) to keep all primitive operators total.

Second, the abstract compiler is refined into a concrete, executable compiler that produces concrete target‑language syntax trees. This refinement is expressed as an inductive predicate in Isabelle; each rule is shown to preserve the abstract semantics, thereby inheriting the soundness result. Isabelle’s code‑generation facilities are then used to extract OCaml code, yielding a fully verified, executable density compiler.

The source language is a de Bruijn‑indexed subset of Fun: it lacks lists, recursion, and sum types, and treats booleans as unit + unit. Types are UNIT, BOOL, INT, and REAL (the latter modeled as exact real numbers rather than floating‑point). The target language mirrors the source’s type system but makes probabilistic constructs explicit as measure‑theoretic operations.

To demonstrate practicality, the authors compile a simple mixture model involving Bernoulli and Normal distributions, generate the corresponding PDF, and verify its correctness by numerical integration against known analytical results. The evaluation confirms that the extracted compiler produces correct density functions and that the formal proofs scale to realistic examples.

A detailed analysis of effort shows that defining the languages and their semantics consumed the bulk of the work, while the refinement step was comparatively straightforward thanks to Isabelle’s support for inductive definitions. The paper also discusses related work, including probabilistic extensions of OCaml, pGCL formalisation, and prior attempts at verified probabilistic languages, highlighting how this effort uniquely combines density compilation with machine‑checked correctness.

Future directions include extending the language with lists, recursion, and richer type constructors, integrating sampling‑function generation, and exploring cross‑tool verification in Coq or Lean. Overall, the paper delivers a rigorous, mechanically verified pipeline from high‑level probabilistic programs to mathem‑atically sound density functions, advancing the reliability of probabilistic modeling tools.