Loading...

PPT – Checking Specific Algorithms PowerPoint presentation | free to view - id: 529416-MWQ4M

The Adobe Flash plugin is needed to view this content

Checking Specific Algorithms

- Greg Bronevetsky

Objective

- Primary goal find checkers that can be applied

to any program - Along the way must look at checkers for specific

algorithms - Each checker exploits special properties of

target algorithm - General patterns may become apparent
- Useful for toolkit-style checker generator
- Library of algorithm-specific checkers used where

appropriate

Outline

- Low-hanging fruit
- Himanshu Gupta. "Result Verification Algorithms

for Optimization Problems", 1995 - Checkers for optimizations programs
- Existence of checkers for certain complexity

classes - Certification Trails
- Gregory F. Sullivan, Dwight S. Wilson and Gerald

M. Masson, Certification of Computational

Results, 1995. - Fundamentals of program testing correcting
- Manuel Blum, Michael Luby and Ronitt Rubinfeld.

"Self-Testing Correcting with Applications to

Numerical Problems"

Low-Hanging Fruit Outline

- Gregs Theorem
- Himanshu Gupta
- Checkers for optimization problems (primal-dual)
- Max Flow
- Min-cost Flow
- Unweighted Weighted bipartite matching
- All Shortest Paths
- Existence proofs for verifiers
- Verifiers for NP-complete and -hard languages
- Approximate verifiers
- Verifiers with Certification Trails

Intro to Complexity

- Problems defined as sets of strings
- Particular set language
- Example language set of palindromes
- 001100, 01011010, etc.
- Membership in given language decidable by

computing device of given power - ex Turing machine running in polynomial time
- Machine A on input x
- Runs for time poly(x)
- Returns ACCEPT x?L(A) REJECT

x?L(A)

Intro to Complexity

- Complexity class set of languages accepted by

machines of given power - Examples
- P Turing machines with running time ?

O(poly(x)) - EXPSPACE Turing machines that use ? O(2x)

memory - BC Boolean circuits of bounded depth
- Big deal can show some problems inherently

harder than others

Basics of Reductions

- Problem A reducible to problem B if can easily

solve A given algorithm for B - Reduction
- Given x input to A
- Efficiently transform x to y input to B
- Efficiently usually means poly-time
- Ask algorithm for B if y valid B-string
- B is an oracle
- x valid A-string ? y valid B-string
- Thus, B at least as hard as A

Basics of Reductions

- Can compare difficulties of problems via

reductions - If all problems in class C1 reducible to problems

in class C2 then C1 ? C2 - Example
- P ? NP
- Unknown if NP ? P
- If yes, then PNP
- If no, then some problems in NP cannot be solved

in polynomial time

Theorem 1

- Let A be an implementation of an algorithm
- Runs in time O(p()), p some polynomial
- Does there exist checker C for A that runs in

time lt p()? - C accepts As input output, returns PASS/FAIL
- C knows As source code
- Runs in time O(q()) lt O(p()), asymptotically

faster - A is decision algorithm, so output is 1 bit

Input

PASS, FAIL

A

C

0,1

Theorem 1

- As input x n bits
- As output y 1 bit
- Suppose C can verify whether x?L(A) using y
- In O(q(x)) time
- Then can decide L(A) in O(q(x)) time
- Given input x
- Run C on ltx,1gt
- If C(x,1) returns PASS, ACCEPT x
- If C(x,1) returns FAIL, REJECT x

Theorem 1

- A reduced to C
- C runs in O(q()) time
- Thus, p()-time problems solvable in q()-time
- This is not true
- Therefore, for p()-time decision algorithm A ??

checker C running in ltO(p()) time

Theorem 1.1

- Lets make job simpler for checker
- Helper proof
- Suppose A outputs helper proof
- C can use helper proof to simplify checking
- Size of helper proof ? q(x)
- Since C can only read ? q(x) bits of proof

0,1

Input

PASS, FAIL

C

A

HelperProof

Theorem 1.1

- As input x n bits
- As output y 1 bit q(x)-bit proof
- Suppose C can verify whether x?L(A) using y
- In O(q(x)) time
- Then y is witness for x?L(A)

Nondeterministic Time Classes

- Non-deterministic automaton for language L
- Given input x
- Runs for O(f(x)) amount of time
- Can make binary guesses 0,1
- If ? set of guesses s.t. automaton would accept,

then x?L

- At each guess, automaton splits
- 0 branch, 1 branch
- If accepts along some path then whole automaton

accepts

0

1

0

1

0

1

Nondeterministic Time Classes

- String of guesses leading to ACCEPT called a

witness - Proves that x?L
- Can deterministically verify x?L
- No need to guess witness gives correct guesses
- NP runs for polynomial time witnesses ?

poly-length - Nondet(f()) runs in time ? O(f(x))

witness length ? O(f(x))

Theorem 1.1

- As input x n bits
- As output y 1 bit q(x)-bit proof
- Suppose C can verify whether x?L(A) using y
- In O(q(x)) time
- Then y is witness for x?L(A)
- Thus, x?L(A) decidable by nondet automaton

running in O(q(x)) time

Theorem 1.1

- Guess all bits of proof
- Takes ?q(x) guesses
- For each proof, run C on ylt1, proofgt
- Accept if C says PASS on some ylt1, some

proofgt

Guess y

0

1

0

1

1

0

C

C

C

C

Theorem 1.1

- x?L(A) decidable by nondet automaton running in

O(q(x)) time - Thus, L(A) ? Nondet(q())
- Recall A runs in time O(p())gtO(q())
- Det(p()) ? Nondet(q()) ? Nondet(p()) ? ?

Det(p()) ? Nondet(p()) - Shown If L(A) ? Det(p()) and ? proof-checker

that runs in time O(q()) where q()ltp() then

Det(p()) ? Nondet(p())

Theorem 1.1

- Shown If L(A) ? Det(p()) and ? checker that runs

in time O(q()) where q()ltp() then Det(p()) ?

Nondet(p()) - Known Det(p()) ? Nondet(p()) for few functions
- In general, as hard as P ? NP
- Worst case scenario
- If discover efficient checkers, then Det(p()) ?

Nondet(p()) - Very difficult
- If Det(p()) ? Nondet(p()) proven, no help to us

Low-Hanging Fruit Outline

- Gregs Theorem
- Himanshu Gupta
- Checkers for optimization problems (primal-dual)
- Max Flow
- Min-cost Flow
- Unweighted Weighted bipartite matching
- All Shortest Paths
- Existence proofs for verifiers
- Verifiers for NP-complete and NP-hard languages
- Approximate verifiers

Definitions

- Problem ??I?S
- I set of inputs
- S set of solutions
- Algorithm on input x?I, returns y?S s.t. ltx,ygt??
- Verification problemV(?)?(I?S)?PASS,FAIL
- lt(x,y),PASSgt?V(?) iff ltx,ygt??
- lt(x,y),FAILgt?V(?) iff ltx,ygt??

Maximum Flow

- Given
- Directed graph G(V,E)
- Edges labeled with capacities
- c(u,v) capacity of edge
- Two special nodes S and T
- Must find maximum flow from s to t

T

c8

c5

c4

c1

c9

c2

c6

S

c7

c3

Maximum Flow

- Find edge labeling f
- f(u,v) flow on edge u?v ? c(u,v)
- Sum of flows coming into node Sum of flows

coming out of node - Outflow of node s gt inflow
- Inflow of node t gt outflow
- Net outflow of s Net inflow of t Network

flow - Problem Find labeling f generating largest

network flow

Residual Capacities

- Residual Capacity for flow fres(u,v) c(u,v)

f(u,v) - (Capacity of edge unused by flow)
- Residual Graph Rf graph on V,E where
- Augmenting Path Path through Rf

Augmenting Paths ? Verifier

- Theorem Rf contains augmenting path ? f is not

maximum flow - Example one common max flow algorithm
- Pick a flowWhile can find augmenting paths
- Adjust flow to remove augmenting path
- Thus, to check if given flow is max flow
- Ensure given flow valid
- Construct Rf
- Ensure that no augmenting path exists
- Path search much faster than max-flow algorithm

Min-Cost Flow

- Now edges have cost
- Goal find flow of given size with minimal cost
- For any potential flow construct Residual Graph

Rf - Theorem given flow is min-cost if Rf has no

negative-cost cycles - Thus, checker
- Ensures alleged min-cost flow is valid flow
- Constructs Rf
- Ensures that no negative-cost cycles exist
- Cycle search much faster than min-cost flow

algorithm

Matching

- Given bipartite weighted/unweighted graph find

subset of edges s.t. - No left node has gt1 right node as neighbor
- No right node has gt1 left node as neighbor

X

Y

Verifier for Matching

- Matching also has augmenting paths
- Can verify matching
- Ensure that matching valid
- Search of augmenting path
- Above problems examples of matroids
- Intuitively problems solvable via basic greedy

algorithm - All matroids have this structure
- Thus, can easily check matroid problems

Other Matroid Problems

- Minimal Spanning Tree
- Minimal Cut in Graph
- Maximal Basis in Linear Space

Low-Hanging Fruit Outline

- Gregs Theorem
- Himanshu Gupta
- Checkers for optimization problems (primal-dual)
- Max Flow
- Min-cost Flow
- Unweighted Weighted bipartite matching
- All Shortest Paths
- Existence proofs for verifiers
- Verifiers for NP-complete and NP-hard languages
- Approximate verifiers

All Shortest Paths

- Given undirected graph G(V,E)
- Each edge (i,j) has weight w(i,j)
- Problem return the shortest path between every

pair of nodes - Assume output format
- P predecessor matrix
- Pi,j k s.t. edge (k,j) lies on shortest path

i?j - (i.e. node k precedes node j on path i?j)
- D distance matrix
- Di,j shortest distance from i to j
- (Di,i 0)

Pi,j

j

i

Checker Algorithm

- Step 1 ensure that P and D self-consistent
- foreach (i,j)
- Ensure that Di,j Di, Pi,j

w(Pi,j, j) - If error seen, return FAIL
- Step 2 ensure output paths truly shortest
- foreach node i
- foreach edge (u,v)
- if(Di,u w(u,v) lt Di,v) return FAIL
- Return PASS

Checking Self-Consistency

- foreach (i,j)
- Ensure that Di,j Di, Pi,j w(Pi,j,

j) - Clearly, if output correct, test returns PASS

Pi,j

j

i

Di, Pi,j

w(Pi,j, j)

Di,j

Checking Self-Consistency

- foreach (i,j)
- Ensure that Di,j Di, Pi,j w(Pi,j,

j) - If output incorrect, two possible problems
- P may not represent valid paths
- D may not be true lengths of P s paths

Pi,j

j

i

Di, Pi,j

w(Pi,j, j)

Di,j

Checking D

- Suppose Di,j ? i?j distance according to P
- Pick pair i,j with shortest true distance
- Let k Pi,j
- Check Di,j ? Di, k w(k, j)
- No errors in D for pairs closer than i and j
- Thus, Di, k correct distance i?js predecessor
- So, Di, k w(k, j) is correct i?j distance
- Thus, will detect error

Pi,j

j

k

i

Checking P

- Pi, must induce spanning tree on nodes
- Thm Graph on n nodes is spanning tree ?

n-1 edges and acyclic - Clearly, n-1 edges since each node j?i has Pi,j
- Above check will fail if cycle exists

Checking P Acyclicity

- Claim if cycle exists then D has error

i

Di,v

Di,u

u

v

path

- Suppose cycle exists
- Suppose all edges of u-v cycle have been checked

(and passed), u?v is last

Checking P Acyclicity

i

Di,v

Di,u

foreach (i,j) Di,j Di, Pi,j

w(Pi,j, j)

u

v

path

- v?u path passed, so Di,u Di,v w(path)
- In order for u?v to pass Di,v Di,u

w(u,v) - But then, Di,v w(u,v) (Di,v w(path))
- Contradiction!
- Thus, cycle exists ? error in D detected

Checker Algorithm

- Step 1 ensure that P and D self-consistent
- foreach (i,j)
- Ensure that Di,j Di, Pi,j

w(Pi,j, j) - If error seen, return FAIL
- Step 2 ensure output paths truly shortest
- foreach node i
- foreach edge (u,v)
- if(Di,u w(u,v) lt Di,v return FAIL
- Return PASS

?

Checking Shortest Paths

- Test ? nodes i, edges (u,v) Di,u w(u,v) ??

Di,v (FAIL if lt) - Test checks if path through u shorter than

official path - If output correct
- If u on shortest path, Di,u w(u,v) Di,v
- If u not on shortest path, Di,u w(u,v) ?

Di,v - Thus, on correct output PASS returned

v

i

u

Checking Shortest Paths

- Suppose output incorrect Di,j not length of

shortest i?j path - Step 1 ensures Di,j true distance of path i?j

according to P - Let
- D? distance function for truly shortest

solution - P? predecessor function for shortest

solution

Checking Shortest Paths

- Pick i,j s.t.
- Di,j ? D?i,j
- No other erroneous pair closer to each other (by

P? ) - Thus, ?u?Pi,j s.t. D?i,u w(u,j) lt Di,j
- Path thru u shorter than path thru Pi,j
- If shortest path is thru Pi,j, then Di,

Pi,j is wrong - Big Question Will test detect this?

u

j

Shorter Path

i

Wrong Path

Pi,j

Checking Shortest Paths

- Thus, ?u?Pi,j s.t. D?i,u w(u,j) lt Di,j
- For each node i, test looks at all edges
- When looks at u?j
- Evaluates Di,u w(u,j) ?? Di,j
- Di,u D?i,u
- Since i,j closest erroneous pair
- Thus, Di,u w(u,j) D?i,u w(u,j) lt Di,j

u

j

Shorter Path

i

Wrong Path

Pi,j

Checking Shortest Paths

- For each node i, test looks at all edges
- When looks at u
- Evaluates Di,u w(u,v) ?? Di,v
- Di,u D?i,u
- Since i,j closest erroneous pair
- Thus, Di,u w(u,v) D?i,u w(u,v) lt Di,v
- Test returns FAIL
- Shown if output not shortest paths ?

test returns FAIL

Summary of Checkers

- Shown checkers for
- Matroids
- All-shortest paths
- Checkers very specific to target algorithm
- In general
- Find invariant of output
- Ensure it is true

Low-Hanging Fruit Outline

- Gregs Theorem
- Himanshu Gupta
- Checkers for optimization problems (primal-dual)
- Max Flow
- Min-cost Flow
- Unweighted Weighted bipartite matching
- All Shortest Paths
- Existence proofs for verifiers
- Verifiers for NP-complete and NP-hard languages
- Approximate verifiers

Verifiers for NP-Complete Problems

- Given NP-complete decision problem ??I?0,1
- ?s verification problem V(?)?I?0,1 ?P,F
- ? reducible to V(?)

Verifiers for NP-Complete Problems

- Given NP-complete decision problem ??I?0,1
- ?s verification problem V(?)?I?0,1 ?P,F
- ? reducible to V(?)
- On input x, check if ltx,Pgt?V(?)
- Mapping computable in poly-time
- Thus, V(?) NP-complete
- Proven if ? NP-complete then so is V(?)

Verifiers for Some NP-Hard Problems

- Given NP-Hard problem H?I??
- On input x, returns y s.t.
- yltO(f(x))
- f(x) ? O(poly(x))
- f() poly-time computable
- Verification problem V(H)?I???P,F

Verifiers for Some NP-Hard Problems

- Reduction from H to V(H)
- Given x, compute f(x)
- Try all possible values for y?0 f(x)
- If ltltx,ygt, Pgt?V(H) then ACCEPT
- If not accepts, REJECT
- Reduction is poly-time
- Thus, V(H) is NP-Hard (unless PNP)
- Examples min vertex cover, max clique, chromatic

number, max cycle length, etc.

Low-Hanging Fruit Outline

- Gregs Theorem
- Himanshu Gupta
- Checkers for optimization problems (primal-dual)
- Max Flow
- Min-cost Flow
- Unweighted Weighted bipartite matching
- All Shortest Paths
- Existence proofs for verifiers
- Verifiers for NP-complete and NP-hard languages
- Approximate verifiers

Maximization Problems

- Given NP-Hard Maximization problem H?I??
- Output size of maximum solution to problem
- For each H ? NP-Complete Decision problem HD
- Input ltx,ygt
- ACCEPT iff maximal solution to problem is ?y
- Can use binary search to find solve H using log

x calls to HD

Approximate Algorithms

- Given NP-Hard Maximization problem H?I??
- AH is (a,c) approximation algorithm for H if
- On input x, outputs y
- y ? max ? a?y c
- max is maximal solution of H
- Runs in poly time
- (a,c) approximation verifier AVH
- Input ltx,ygt
- Returns PASS iff y ? max ? a?y c

Approximation Verifiers NP

- Thm If poly-time (a,c) approximation algorithm

AH exists for NP-Hard maximization problem H,

Then approximation verifier AVH is NP-Complete - Proof Reduce sibling decision problem HD to AVH
- Calls AH
- Uses AVH as oracle

Reducing HD

- Input ltx,ygt
- ACCEPT iff y?max
- max size of maximal solution to input x
- Step 1 call AH
- Get m?AHs approximation of max
- Step 2 work
- If y ? m?, ACCEPT
- If y gt m?
- If y gt a?m? c, REJECT
- Else, use AVH Oracle to see if ltx,ygt?L(AVH)
- If ltx,ygt?L(AVH), ACCEPT
- Else, REJECT

Reducing HD

- Given input ltx,ygt to HD
- Decided whether y?max by calling
- AH approximation algorithm
- AVH approximation verifier
- AH runs in poly time
- Reduction is poly-time, so can run AH as part of

reduction - ltx,ygt transformed to input to AVH
- Thus, AVH at least as hard as HD

Proven

- NP-Hard Maximization problem AND
- Poly-time approximation algorithm for it
- Approximation verifier for approximation

algorithm is NP-Complete

Algorithm-specific Verifiers

- If poly-time approximation algorithm exists,

trivial approximation verifier - On input ltx,ygt
- Run fault-free version of approximation algorithm

on x - See if returns y
- Verifier still poly-time
- Only works for specific approximation algorithm
- Wont work for different approximators of same

problem

Low-Hanging Fruit Summary

- Covered several basic theorems
- Give idea of what is possible/impossible
- Fairly basic results
- Equivalent to homework in graduate theory class

Outline

- Low-hanging fruit
- Himanshu Gupta. "Result Verification Algorithms

for Optimization Problems", 1995 - Checkers for optimizations programs
- Existence of checkers for certain complexity

classes - Certification Trails
- Gregory F. Sullivan, Dwight S. Wilson and Gerald

M. Masson, Certification of Computational

Results, 1995. - Fundamentals of program testing correcting
- Manuel Blum, Michael Luby and Ronitt Rubinfeld.

"Self-Testing Correcting with Applications to

Numerical Problems"

Certification Trails

- Algorithm runs on input
- Produces
- Regular output
- Certification Trail short proof that output

matches input - Certifier runs on ltinput, trailgt
- Produces same output or return FAIL
- Additional info from trail speeds recomputation
- If trail wrong, may still output correctly
- Certifiers presented here will just FAIL

Basic Definitions

- D set of inputs
- S set of valid outputs
- T set of certification trails
- Original program
- P D ? S?T
- Accepts input, returns ltoutput, trailgt
- Certifier
- C D?T ? S?FAIL
- Accepts ltinput, trailgt, returns output or FAIL

Focus of Certification Trails

- Paper comes from Software Engineering background
- Thus, focus on detecting programmer errors
- Argue that P and C different algorithms
- Thus, implementations different
- Low probability of same errors in P and C
- Hardware faults also mentioned

Certification Trails Outline

- Paper presents checkers for several common

algorithms - Sorting
- Convex Hull
- Neat approach
- Problem-specific and very manual
- Little insight into general procedure
- Though, can create fault tolerant libraries

Sorting

- Given list of numbers, return the numbers in

sorted order - Trivial check
- Given allegedly sorted output
- Check that order non-decreasing
- This doesnt work
- Output must be permutation of input
- Above checker would
- On input 2, 4, 6, 8
- Accept 0, 0, 0, 0, 0, 0

Correct Certifier

- Certification Trail list of indexes
- All input elements get ID
- ith element gets ID i
- At spot j of trail ID of element in sorted

position j

0 12

1 45

2 9

3 26

4 33

5 17

6 11

7 92

IDs Data

2 9

6 11

0 12

5 17

3 26

4 33

1 45

7 92

IDs Sorted Data

IDs in Trail

2

6

0

5

3

4

1

7

Checking Permutation

- Certifier gets
- Input numbers
- Their IDs in sorted order
- Uses ID list to reorder input numbers
- ID list serves as cheat sheet
- Shows correct sort decisions

Data

12

45

9

26

33

17

11

92

IDs in Trail

2

6

0

5

3

4

1

7

2 9

6 11

0 12

5 17

3 26

4 33

1 45

7 92

Sorted(?) IDs Sorted(?) Data

Checking Permutation

- Two things to check
- Onto For each sorted element, ? input element
- 1-1 All sorted elements refer to different

input elements

Data

12

45

9

26

33

17

11

92

IDs in Trail

2

6

0

5

3

4

1

7

2 9

6 11

0 12

5 17

3 26

4 33

1 45

7 92

Sorted(?) IDs Sorted(?) Data

Checking Permutation

- Onto For each sorted element, ? input element
- Check that all IDs in trail are valid
- 1-1 All sorted elements refer to different

input elements - If two IDs in trail equal then some input element

not touched - Not copied to sorted list
- Use touch counters

0 1 2 3 4 5 6 7

Input

Sorted

0 1 3 3 4 5 6 7

Checking Sort

- To check sort
- Traverse reordered list
- Ensure non-decreasing
- Sorter time O(n?log n)
- Certifier time O(n)
- Asymptotically faster
- Big trick
- Trail summarizes decisions made by sorter
- Enough info to quickly recompute
- Can any problem be cast into set of big decisions?

Certification Trails Outline

- Paper presents checkers for several common

algorithms - Sorting
- Convex Hull
- Neat approach
- Problem-specific and very manual
- Little insight into general procedure
- Though, can create fault tolerant libraries

Convex Hull Problem

Given set of points on 2D plane, find subset

that forms convex hull around all points.

Convex Hull Step 1

Points sorted in order of increasing slope

relative to P1

P1 is the point with the least x-coordinate.

Convex Hull Invariant

All the points not on Hull are inside triangle

formed by P1 and two successive points on Hull

P6

P8

P5

P7

P4

P3

P1

P2

Convex Hull Invariant

P3 not Hull point ? clockwise angle between

lines P2P3 and P3P4 180º

P6

P8

P5

P7

P4

180º

P3

P1

P2

Convex Hull Invariant

P6

P8

P5

P7

P4

P1

lt 180º

P3

P2

Convex Hull Algorithm Outline

- Walk through P2 to Pn in slope order
- Keep adding points to hull
- If find point generating angle 180º
- Back up, remove all such points
- Until added Pn
- P1, P2 and Pn must be on convex hull

Convex Hull Algorithm

- Add P1, P2 and P3 to the Hull
- For Pk P4 to Pn
- (... trying to add Pk to the Hull )
- Let QA and QB be the two points most recently

added to the Hull - While the angle formed by QAQB and QBPk 180
- remove QB from the Hull since it is inside the

triangle P1, QA, Pk. - Add Pk to the Hull

Trail for Convex Hull

- Augment Program to output
- h1, h2, ..., hm indexes of points on hull
- For each point Pi not on hull, proof of why not
- Tuple (xi, hj, hk, hk) s.t. xi in triangle hjhkhl
- xi internal point
- hj, hk, hk hull points

P5

P3

P1

P4

P2

Convex Hull Checker

- Checker checks that
- There is 1-1 correspondence between input points

and x1, x2, ..., xmUh1, h2, ..., hr. - xi internal points
- hi hull points
- Each point in triangle proofs lies in given

triangle - Basic error checking
- Assures that all points accounted for

Convex Hull Checker

- Checker checks that
- For each triple of consecutive hull points

hihi1hi2 lines hihi1 and hi1hi2 form

counter-clockwise angle ?180? - i.e. form convex corners of hull
- ? unique locally maximal point on hull
- There exists theorem saying shape with above

properties is convex hull

P8

P6

?180?

?180?

P1

?180?

Proving Correctness

- If hull correct, will return PASS
- Since we check properties true of convex hulls
- If hull not correct
- If bad encoding of proof
- (i.e. points dont refer to input)
- First two checks will detect
- If internal points should be on hull
- Will not be in any triangle
- If hull points not convex
- Convexity assured by theorem, given points were

valid (ensured by first check)

Checking Convex Hull

- Original Algorithm O(n?log n) time
- Dominated by initial sort of points
- Checker O(n) time
- Asymptotically faster
- Very different algorithms
- Little chance of similar errors in both
- Hardware errors will affect both differently

Checking Convex Hull Big Trick

- Trail contains key facts discovered by algorithm
- Containment triangles
- Certifier checks main invariant
- Convexity of hull

Outline

- Low-hanging fruit
- Himanshu Gupta. "Result Verification Algorithms

for Optimization Problems", 1995 - Checkers for optimizations programs
- Existence of checkers for certain complexity

classes - Certification Trails
- Gregory F. Sullivan, Dwight S. Wilson and Gerald

M. Masson, Certification of Computational

Results, 1995. - Fundamentals of program testing correcting
- Manuel Blum, Michael Luby and Ronitt Rubinfeld.

"Self-Testing Correcting with Applications to

Numerical Problems"

Goals

- Aimed at implementation errors
- Given implementation P of function f
- Testing must see if P(x)f(x) for most inputs
- If correct for all inputs, output PASS
- If incorrect on too many inputs x, output FAIL
- Correcting if ? inputs x for which P(x)?f(x)

then - Figure out correct P(x)
- Assuming P correct on most inputs
- Tester and corrector may call P

Added Reliability

- Tester and corrector usually simpler than P
- Use simple additions, etc.
- Smaller probability of bugs
- Smaller running time ? smaller prob of random

fault - Tester and corrector run faster than P
- (Counting calls to P as constant time)
- Thus, very likely different implementations
- Small probability of same bug in tester/corrector

and P

Added Reliability

- One tester/corrector pair per function
- Reusable across implementations
- Can design testers/correctors for specific

libraries - Applications using lots of library code (ex

Java, C) mostly covered - Thus, can spend more time debugging
- Bottom Line
- P may be faulty
- Tester/Corrector assumed reliable

General Technique Testing

- Will test linearity property
- Shared by many functions
- f(xy) f(x) f(y)
- Will show
- If linearity holds for implementation P on inputs
- Then ? linear function g s.t. P(x)g(x) for most

inputs x - (i.e. if P mostly linear then close to actually

linear function) - Since P(x)f(x) on many inputs, g f

General Technique Correcting

- Focus on random self-reducible functions
- Can express f(x) as f(y1), f(y2), f(yk) where

y1, y2, yk random - Assumes simple reduction function R()
- To get P(x), run several times
- Pick random y1, y2, yk
- P(x) R(P(y1), P(y2), P(yk))
- If on input x P(x) wrong, now correct with high

probability

True Definitions

- error(f, P, D) probability that P(x)?f(x) with

x randomly chosen via distribution D - Probabilistic oracle program
- Probabilistic program M
- Makes calls to external oracle program A
- Calls counted as constant time
- Syntax MA

True Definition Self-Tester

- Let 0 ? ?1 lt ?2 ? 1
- Confidence parameter ?gt0
- (?1, ?2) self-testing program for f
- Probabilistic oracle program Tf
- If error(f, P, D) ? ?1 then TfP returns PASS with

Prob ? 1-? - If error(f, P, D) ? ?2 then TfP returns FAIL with

Prob ? 1-?

?1

?2

FAIL

PASS

0

1

error(f, P, D)

True Definition Self-Corrector

- Let 0 ? ? lt 1
- Confidence parameter ?gt0
- ? self-correcting program for f
- Probabilistic oracle program Cf
- If error(f, P, D) ? ? then CfP(x) f(x) with

Prob ? 1-? - x randomly selected from distribution D

Self-Tester/Corrector Pair

- Let 0 ? ?1 lt ?2 ? ? ? 1
- Confidence parameter ?gt0
- Tf (?1, ?2) self-tester for f
- Cf ? self-corrector for f
- Cf applied when Tf doesnt FAIL

NOT FAIL

?1

?2

?

FAIL

0

1

error(f, P, D)

Outline

- Self-correctors
- Assume existence of self-testers
- Simpler to prove correctness
- Self-Testers
- Correctness harder to prove
- Requires a bit of group theory

Self-Correctors

- Assume that for implementation Perror(f, P, D)

known - Determined by self-tester
- error(f, P, D) ? constant
- Assume function f self-reducible
- f(x) R(f(y1), f(y2), f(yk))
- y1, y2, yk random
- Not independent of each other

General Self-Corrector

- For i 1 to q
- Pick random y1, y2, yk
- answeri R(P(y1), P(y2), P(yk))
- Output majority answer out of answer1q
- Note For any call to P we ensure output in

correct range

Improving Correctness

- Before P(x)?f(x) for some xs
- P(x)?f(x) on constant ? ? inputs x
- Now
- Each iteration has prob of failure ? ??k
- ProbR(P(x1), P(x2), , P(xk)) ?

R(f(x1), f(x2), , f(xk)) f(x) ? k?? - Since k calls to P
- Goal compute correct f(x) with prob ? 1-?
- Each self-reduction is independent
- Thus, error probability goes down exponentially
- Can get ? 1-? success prob after several

repeats - Several ? ln(1/?)

Self-Reducibility of Mod

- Want to compute f(x) (x mod R)
- R fixed
- x ? 0R?2n-1
- Self-reducible
- (x mod R) (x1 mod R) (x2 mod R)
- x1 picked uniformly at random
- x2 picked s.t. x x1 x2
- Since (x1x2 mod R) (x1 mod R) (x2 mod R)

Self-Corrector for Mod

- For i 1 to q
- Pick random x1
- Pick x2 s.t. xx1x2
- answeri P(x1) P(x2)
- Return majority among answer1q

Self-Reducibility of Modular Mult

- Want to compute f(x,y) x?y mod R
- R fixed
- x, y ? 02n-1
- Self-Reducible
- x?y (x1?y1 mod R) (x1?y2 mod R)

(x2?y1 mod R) (x2?y2 mod R) - x1, y1 picked uniformly at random
- x2, y2 picked s.t. x x1 x2, y y1 y2
- Since
- x1?y1 x1?y2 x2?y1 x2?y2
- x1?(y1 y2) x2?(y1 y2)
- (x1x2) ? (y1 y2) x?y

Self-Corrector for Modular Mult

- For i 1 to q
- Pick random x1, y1
- Pick x2 s.t. xx1x2
- Pick y2 s.t. yy1y2
- answeri P(x1,y1) P(x1,y2) P(x2,y1)

P(x2,y2) - Return majority among answer1q
- Corrector for integer multiplication similar

Self-Reducibility of Matrix Mult

- Want to compute f(A,B) A?B
- A, B matrices
- Self-Reducible
- A?B A1?B1 A1?B2 A2?B1 A2?B2
- A1, B1 picked uniformly at random
- A2 A A1, B2 B B1
- Since
- A1?B1 A1?B2 A2?B1 A2?B2
- A1?(B1 B2) A2?(B1 B2)
- (A1A2) ? (B1 B2) A?B

Self-Corrector for Matrix Mult

- For i 1 to q
- Pick random A1, B1
- Pick A2 s.t. A2 A - A1
- Pick B2 s.t. B2 B B1
- answeri P(A1,B1) P(A1,B2) P(A2,B1)

P(A2,B2) - Return majority among answer1q
- Polynomial multiplication works same way

Self-Correctors Summary

- Can design self-corrector for any random

self-reducible function - Unknown how large this set is
- Self-Correctors very simple
- Finite bound loop
- Simple reduction function
- Thus, low probability of error in self-corrector
- Number of calls to P increases by log factor

Outline

- Self-correctors
- Assume existence of self-testers
- Simpler to prove correctness
- Self-Testers
- Correctness harder to prove
- Requires a bit of group theory

Moving to Self-Testing

- Can now self-correct
- Self-correctors only work if error(f, P, D) ?

constant - But how can we know?
- Self-testing tells us

Self-Testing

- Given implementation P of function f
- Want to know error(f, P, D) ProbP(x)?f(x) for

x chosen with distribution D - Assume P(x) f(x) for many xs
- Will present self-testers for linear functions
- Linear f(x1x2) f(x1) f(x2)
- Tests will bound error(f, P, D)

Linearity

- Modf(x1x2) (x1x2) mod R

(x1 mod R)(x2 mod R) - Modular Multf(x1x2) ((x1x2)?y) mod R

(x1?y mod R) (x2?y mod R)

Self-Testing Technique

- Central Claim If P(x) is linear in many

spotsThen ? linear function g s.t. low prob

of P(x)?g(x) - If P mostly linear then P very close to actually

linear function - Since assumed for most x P(x) f(x)Then the

linear function P is close to is f()

Self-Testing Technique

- Thus self-tester repeatedly
- Picks random inputs
- Verifies P(x1x2) P(x1) P(x2)
- Verifies P(x11) P(x1) 1

Intro to Group Theory

- To explain why this works, must introduce group

theory - Group set of numbers with operation ltS, gt
- Set S
- Binary Operation
- Given two group elements, produces another group

element - Examples
- Infinite group Integers with
- Finite group Even integers 098, with

mod 100

Identity Element

- Special element 0
- ?h?S. 0 h h
- Called Identity Element
- Ex Rationals, with ?
- x ? y another rational
- 1 is identity since 1 ? x x
- Inverse x-1 s.t. x x-1 0

Group Generators

- Powers hn h h h h (n times)
- an am anm
- Each group has elements g1,,gc s.t.?h?S.

?n1n2nc. h - Thus, all elements expressible in terms of g1,gc
- They generate the group

Subgroups

- Given group ltS, gt
- Subgroup ltT, gt if T?S
- Ex
- S Even Integers 098 mod 100
- T Multiples of 4 ? 098
- Each subgroup has own generators
- ltS, gt generated by 2
- ltT, gt generated by 4
- T 0 always subgroup

Subgroups Example

- Let G ltintegers 014, mod 15gt
- Group generator 1
- Subgroups
- 0 generated by 0
- 0, 3, 6, 9, 12 generated by 3
- 0, 5, 15 generated by 5
- All subgroups generated by some power of 1
- In general, every subgroup generated by some

combo of group generators

Functions on Groups

- is function from group to itself
- Can define others
- Ex given additive group, can define

multiplication - Functions from one group to another
- G1 even integers 0...98
- G2 powers of 4 0186
- f G1?G2
- f(x?G1) (x?2) ? G2

Homomorphisms

- Homomorphism function on groups s.t.
- f GA?GB
- GB ltSA, Agt
- GB ltSB, Bgt
- f(x1 A x2) f(x1) B f(x2)
- i.e. Linear function on groups
- Example modular exponentiation
- GA Integers 0...R?2n, with
- GB Integers 0...R, with ?
- fa(x) ax mod R
- fa(x1x2) ax1x2 mod R (ax1 mod R) ? (ax2 mod

R) f(x1) ? f(x2)

Homomorphisms and Subgroups

- Fact homomorphisms map subgroups to subgroups
- f G1?G2
- ?x?H1, H1 subgroup of G1f(x) are all the members

of some H2, subgroup of G2

G1

G2

Homomorphism

Self-Testing Technique

- Given implementation P of function ff GA?GB
- Linear TestFor i1 to n
- Randomly pick x1, x2
- Check if
- If GB has no finite subgroups (besides 0B) then

done

Self-Testing Technique

- Given implementation P of function ff GA?GB
- If GB has finite subgroups (besides

0B)Neighbor TestFor i1 to n - For each generator gi of group GA
- Randomly pick z
- Check if
- is f(z)s neighbor in target

subgroup of GB

Proof

- Method
- Assume that linearity and neighbor tests passed
- i.e. ? error for tests bounded by constant
- Prove that P mostly equal to some linear g()
- Steps
- Define discrepancy function disc(x) g(x)

P-1(x) - g() some linear function, operating on same

groups as f() - P(x)g(x) for most x ? disc(x)0 for most x
- disc(x) is homomorphism ? linearity test

passes for x - Thus, if linearity test passed on many xs, disc

is probably homomorphism

Proof

- f() maps finite group to (possibly infinite)

group - Mod
- Integer Mult
- Modular Mult
- g() and disc() map same groups

Proof

- Recall homomorphisms map subgroups to subgroups
- Thus, homomorphism disc() can only map domain

group to finite subgroup of range group - Question Does range group have finite subgroups?
- (besides 0B)

Proof

- Range group no finite subgroups besides 0B
- Then disc must map domain group to 0B
- disc(x) 0B
- (On most xs, since disc probably homomorphism)

Finite Group

Infinite Group

0

Homomorphism

Proof

- Range group has real finite subgroups
- Each subgroup must have generators
- Those generators are products of the groups

generators - Neighbor test
- For each generator gi
- Ensures any such subgroup must be 0B

Proof

- Thus, disc(x) 0B (with high probability)
- Recall disc(x) g(x) P-1(x)
- Thus, P(x) g(x) (with high probability)
- g() still undefined linear function
- Assumption P(x) f(x) on many inputs
- Fact if two linear functions equal on gt1 point,

they are same function - Thus, g f and P(x)f(x) (with high probability)

Summary of Self-Testers

- Can verify if P(x)f(x) with high probability
- Useful information to know
- Required for self-correctors to work reliably
- Simple implementation
- Constant bound loop
- A few additions, multiplications, etc.
- Can be self-corrected themselves

Summary

- Paper presents the basics of broader theory of

self-testing/-correcting - Some additional related papers
- S. Ravikumar and D. Sivakumar. "Efficient

Self-Testing of Linear Recurrences". - Expands these testers to test linearity in bulk

fashion for linear recurrences - Ronitt Rubinfeld and Madhu Sudan. "Robust

Characterizations of Polynomials with

Applications to Program Testing", SIAM Journal on

Computing, 1996. - Funda Ergun, S. Ravi Kumar and Ronnitt Rubinfeld.

"Checking Approximate Computations of Polynomials

and Functional Equations", IEEE Conference on

Foundations of Computer Science, 1996.