Rounding errors in floating-point sampling can compromise the correctness and security of continuous distribution samplers, posing significant risks in highly sensitive contexts such as differential privacy. This work proposes Continuous-Eris, a formal verification framework based on higher-order separation logic that, for the first time, supports mechanized verification of exact sampling programs featuring probabilistic choice, higher-order functions, and dynamic state. Built upon computable real numbers and incorporating lazy arbitrary-precision sample generation, the framework is implemented in the Rocq proof assistant. Using Continuous-Eris, we have successfully verified the correctness of exact samplers for uniform, Gaussian, and Laplace distributions, along with their underlying real-number arithmetic libraries, thereby guaranteeing mathematically precise sampling semantics.

Most implementations of sampling algorithms for continuous distributions use floating-point numbers, which introduce round-off errors and approximations. These errors can be difficult to analyze, and can cause security issues when used in algorithms for differential privacy. An alternative is to use exact sampling algorithms based on computable reals, which can lazily generate the digits of a continuous sample to arbitrary precision. However, these algorithms are intricate, and implementing and using them involves a combination of semantically challenging language features, such as probabilistic choice, higher-order functions, and dynamically-allocated mutable state. In this paper we present Continuous-Eris, a higher-order separation logic for verifying the correctness of exact sampling algorithms for computable distributions. To demonstrate Continuous-Eris, we verify the correctness of computable samplers for the uniform, Gaussian, and Laplace distributions, as well as a library for exact real arithmetic for working with generated samples. All of the results in this paper have been verified in the Rocq proof assistant.