# Checking Specific Algorithms - PowerPoint PPT Presentation

PPT – Checking Specific Algorithms PowerPoint presentation | free to view - id: 529416-MWQ4M The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
Title:

## Checking Specific Algorithms

Description:

### Checking Specific Algorithms Greg Bronevetsky Objective Primary goal: find checkers that can be applied to any program Along the way must look at checkers for ... – PowerPoint PPT presentation

Number of Views:8
Avg rating:3.0/5.0
Slides: 130
Provided by: gregBrone
Category:
Tags:
Transcript and Presenter's Notes

Title: Checking Specific Algorithms

1
Checking Specific Algorithms
• Greg Bronevetsky

2
Objective
• Primary goal find checkers that can be applied
to any program
• Along the way must look at checkers for specific
algorithms
• Each checker exploits special properties of
target algorithm
• General patterns may become apparent
• Useful for toolkit-style checker generator
• Library of algorithm-specific checkers used where
appropriate

3
Outline
• Low-hanging fruit
• Himanshu Gupta. "Result Verification Algorithms
for Optimization Problems", 1995
• Checkers for optimizations programs
• Existence of checkers for certain complexity
classes
• Certification Trails
• Gregory F. Sullivan, Dwight S. Wilson and Gerald
M. Masson, Certification of Computational
Results, 1995.
• Fundamentals of program testing correcting
• Manuel Blum, Michael Luby and Ronitt Rubinfeld.
"Self-Testing Correcting with Applications to
Numerical Problems"

4
Low-Hanging Fruit Outline
• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and -hard languages
• Approximate verifiers
• Verifiers with Certification Trails

5
Intro to Complexity
• Problems defined as sets of strings
• Particular set language
• Example language set of palindromes
• 001100, 01011010, etc.
• Membership in given language decidable by
computing device of given power
• ex Turing machine running in polynomial time
• Machine A on input x
• Runs for time poly(x)
• Returns ACCEPT x?L(A) REJECT
x?L(A)

6
Intro to Complexity
• Complexity class set of languages accepted by
machines of given power
• Examples
• P Turing machines with running time ?
O(poly(x))
• EXPSPACE Turing machines that use ? O(2x)
memory
• BC Boolean circuits of bounded depth
• Big deal can show some problems inherently
harder than others

7
Basics of Reductions
• Problem A reducible to problem B if can easily
solve A given algorithm for B
• Reduction
• Given x input to A
• Efficiently transform x to y input to B
• Efficiently usually means poly-time
• Ask algorithm for B if y valid B-string
• B is an oracle
• x valid A-string ? y valid B-string
• Thus, B at least as hard as A

8
Basics of Reductions
• Can compare difficulties of problems via
reductions
• If all problems in class C1 reducible to problems
in class C2 then C1 ? C2
• Example
• P ? NP
• Unknown if NP ? P
• If yes, then PNP
• If no, then some problems in NP cannot be solved
in polynomial time

9
Theorem 1
• Let A be an implementation of an algorithm
• Runs in time O(p()), p some polynomial
• Does there exist checker C for A that runs in
time lt p()?
• C accepts As input output, returns PASS/FAIL
• C knows As source code
• Runs in time O(q()) lt O(p()), asymptotically
faster
• A is decision algorithm, so output is 1 bit

Input
PASS, FAIL
A
C
0,1
10
Theorem 1
• As input x n bits
• As output y 1 bit
• Suppose C can verify whether x?L(A) using y
• In O(q(x)) time
• Then can decide L(A) in O(q(x)) time
• Given input x
• Run C on ltx,1gt
• If C(x,1) returns PASS, ACCEPT x
• If C(x,1) returns FAIL, REJECT x

11
Theorem 1
• A reduced to C
• C runs in O(q()) time
• Thus, p()-time problems solvable in q()-time
• This is not true
• Therefore, for p()-time decision algorithm A ??
checker C running in ltO(p()) time

12
Theorem 1.1
• Lets make job simpler for checker
• Helper proof
• Suppose A outputs helper proof
• C can use helper proof to simplify checking
• Size of helper proof ? q(x)
• Since C can only read ? q(x) bits of proof

0,1
Input
PASS, FAIL
C
A
HelperProof
13
Theorem 1.1
• As input x n bits
• As output y 1 bit q(x)-bit proof
• Suppose C can verify whether x?L(A) using y
• In O(q(x)) time
• Then y is witness for x?L(A)

14
Nondeterministic Time Classes
• Non-deterministic automaton for language L
• Given input x
• Runs for O(f(x)) amount of time
• Can make binary guesses 0,1
• If ? set of guesses s.t. automaton would accept,
then x?L
• At each guess, automaton splits
• 0 branch, 1 branch
• If accepts along some path then whole automaton
accepts

0
1
0
1
0
1
15
Nondeterministic Time Classes
• String of guesses leading to ACCEPT called a
witness
• Proves that x?L
• Can deterministically verify x?L
• No need to guess witness gives correct guesses
• NP runs for polynomial time witnesses ?
poly-length
• Nondet(f()) runs in time ? O(f(x))
witness length ? O(f(x))

16
Theorem 1.1
• As input x n bits
• As output y 1 bit q(x)-bit proof
• Suppose C can verify whether x?L(A) using y
• In O(q(x)) time
• Then y is witness for x?L(A)
• Thus, x?L(A) decidable by nondet automaton
running in O(q(x)) time

17
Theorem 1.1
• Guess all bits of proof
• Takes ?q(x) guesses
• For each proof, run C on ylt1, proofgt
• Accept if C says PASS on some ylt1, some
proofgt

Guess y
0
1
0
1
1
0
C
C
C
C
18
Theorem 1.1
• x?L(A) decidable by nondet automaton running in
O(q(x)) time
• Thus, L(A) ? Nondet(q())
• Recall A runs in time O(p())gtO(q())
• Det(p()) ? Nondet(q()) ? Nondet(p()) ? ?
Det(p()) ? Nondet(p())
• Shown If L(A) ? Det(p()) and ? proof-checker
that runs in time O(q()) where q()ltp() then
Det(p()) ? Nondet(p())

19
Theorem 1.1
• Shown If L(A) ? Det(p()) and ? checker that runs
in time O(q()) where q()ltp() then Det(p()) ?
Nondet(p())
• Known Det(p()) ? Nondet(p()) for few functions
• In general, as hard as P ? NP
• Worst case scenario
• If discover efficient checkers, then Det(p()) ?
Nondet(p())
• Very difficult
• If Det(p()) ? Nondet(p()) proven, no help to us

20
Low-Hanging Fruit Outline
• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and NP-hard languages
• Approximate verifiers

21
Definitions
• Problem ??I?S
• I set of inputs
• S set of solutions
• Algorithm on input x?I, returns y?S s.t. ltx,ygt??
• Verification problemV(?)?(I?S)?PASS,FAIL
• lt(x,y),PASSgt?V(?) iff ltx,ygt??
• lt(x,y),FAILgt?V(?) iff ltx,ygt??

22
Maximum Flow
• Given
• Directed graph G(V,E)
• Edges labeled with capacities
• c(u,v) capacity of edge
• Two special nodes S and T
• Must find maximum flow from s to t

T
c8
c5
c4
c1
c9
c2
c6
S
c7
c3
23
Maximum Flow
• Find edge labeling f
• f(u,v) flow on edge u?v ? c(u,v)
• Sum of flows coming into node Sum of flows
coming out of node
• Outflow of node s gt inflow
• Inflow of node t gt outflow
• Net outflow of s Net inflow of t Network
flow
• Problem Find labeling f generating largest
network flow

24
Residual Capacities
• Residual Capacity for flow fres(u,v) c(u,v)
f(u,v)
• (Capacity of edge unused by flow)
• Residual Graph Rf graph on V,E where
• Augmenting Path Path through Rf

25
Augmenting Paths ? Verifier
• Theorem Rf contains augmenting path ? f is not
maximum flow
• Example one common max flow algorithm
• Pick a flowWhile can find augmenting paths
• Adjust flow to remove augmenting path
• Thus, to check if given flow is max flow
• Ensure given flow valid
• Construct Rf
• Ensure that no augmenting path exists
• Path search much faster than max-flow algorithm

26
Min-Cost Flow
• Now edges have cost
• Goal find flow of given size with minimal cost
• For any potential flow construct Residual Graph
Rf
• Theorem given flow is min-cost if Rf has no
negative-cost cycles
• Thus, checker
• Ensures alleged min-cost flow is valid flow
• Constructs Rf
• Ensures that no negative-cost cycles exist
• Cycle search much faster than min-cost flow
algorithm

27
Matching
• Given bipartite weighted/unweighted graph find
subset of edges s.t.
• No left node has gt1 right node as neighbor
• No right node has gt1 left node as neighbor

X
Y
28
Verifier for Matching
• Matching also has augmenting paths
• Can verify matching
• Ensure that matching valid
• Search of augmenting path
• Above problems examples of matroids
• Intuitively problems solvable via basic greedy
algorithm
• All matroids have this structure
• Thus, can easily check matroid problems

29
Other Matroid Problems
• Minimal Spanning Tree
• Minimal Cut in Graph
• Maximal Basis in Linear Space

30
Low-Hanging Fruit Outline
• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and NP-hard languages
• Approximate verifiers

31
All Shortest Paths
• Given undirected graph G(V,E)
• Each edge (i,j) has weight w(i,j)
• Problem return the shortest path between every
pair of nodes
• Assume output format
• P predecessor matrix
• Pi,j k s.t. edge (k,j) lies on shortest path
i?j
• (i.e. node k precedes node j on path i?j)
• D distance matrix
• Di,j shortest distance from i to j
• (Di,i 0)

Pi,j
j
i
32
Checker Algorithm
• Step 1 ensure that P and D self-consistent
• foreach (i,j)
• Ensure that Di,j Di, Pi,j
w(Pi,j, j)
• If error seen, return FAIL
• Step 2 ensure output paths truly shortest
• foreach node i
• foreach edge (u,v)
• if(Di,u w(u,v) lt Di,v) return FAIL
• Return PASS

33
Checking Self-Consistency
• foreach (i,j)
• Ensure that Di,j Di, Pi,j w(Pi,j,
j)
• Clearly, if output correct, test returns PASS

Pi,j
j
i
Di, Pi,j
w(Pi,j, j)
Di,j
34
Checking Self-Consistency
• foreach (i,j)
• Ensure that Di,j Di, Pi,j w(Pi,j,
j)
• If output incorrect, two possible problems
• P may not represent valid paths
• D may not be true lengths of P s paths

Pi,j
j
i
Di, Pi,j
w(Pi,j, j)
Di,j
35
Checking D
• Suppose Di,j ? i?j distance according to P
• Pick pair i,j with shortest true distance
• Let k Pi,j
• Check Di,j ? Di, k w(k, j)
• No errors in D for pairs closer than i and j
• Thus, Di, k correct distance i?js predecessor
• So, Di, k w(k, j) is correct i?j distance
• Thus, will detect error

Pi,j
j
k
i
36
Checking P
• Pi, must induce spanning tree on nodes
• Thm Graph on n nodes is spanning tree ?
n-1 edges and acyclic
• Clearly, n-1 edges since each node j?i has Pi,j
• Above check will fail if cycle exists

37
Checking P Acyclicity
• Claim if cycle exists then D has error

i
Di,v
Di,u
u
v
path
• Suppose cycle exists
• Suppose all edges of u-v cycle have been checked
(and passed), u?v is last

38
Checking P Acyclicity
i
Di,v
Di,u
foreach (i,j) Di,j Di, Pi,j
w(Pi,j, j)
u
v
path
• v?u path passed, so Di,u Di,v w(path)
• In order for u?v to pass Di,v Di,u
w(u,v)
• But then, Di,v w(u,v) (Di,v w(path))
• Thus, cycle exists ? error in D detected

39
Checker Algorithm
• Step 1 ensure that P and D self-consistent
• foreach (i,j)
• Ensure that Di,j Di, Pi,j
w(Pi,j, j)
• If error seen, return FAIL
• Step 2 ensure output paths truly shortest
• foreach node i
• foreach edge (u,v)
• if(Di,u w(u,v) lt Di,v return FAIL
• Return PASS

?
40
Checking Shortest Paths
• Test ? nodes i, edges (u,v) Di,u w(u,v) ??
Di,v (FAIL if lt)
• Test checks if path through u shorter than
official path
• If output correct
• If u on shortest path, Di,u w(u,v) Di,v
• If u not on shortest path, Di,u w(u,v) ?
Di,v
• Thus, on correct output PASS returned

v
i
u
41
Checking Shortest Paths
• Suppose output incorrect Di,j not length of
shortest i?j path
• Step 1 ensures Di,j true distance of path i?j
according to P
• Let
• D? distance function for truly shortest
solution
• P? predecessor function for shortest
solution

42
Checking Shortest Paths
• Pick i,j s.t.
• Di,j ? D?i,j
• No other erroneous pair closer to each other (by
P? )
• Thus, ?u?Pi,j s.t. D?i,u w(u,j) lt Di,j
• Path thru u shorter than path thru Pi,j
• If shortest path is thru Pi,j, then Di,
Pi,j is wrong
• Big Question Will test detect this?

u
j
Shorter Path
i
Wrong Path
Pi,j
43
Checking Shortest Paths
• Thus, ?u?Pi,j s.t. D?i,u w(u,j) lt Di,j
• For each node i, test looks at all edges
• When looks at u?j
• Evaluates Di,u w(u,j) ?? Di,j
• Di,u D?i,u
• Since i,j closest erroneous pair
• Thus, Di,u w(u,j) D?i,u w(u,j) lt Di,j

u
j
Shorter Path
i
Wrong Path
Pi,j
44
Checking Shortest Paths
• For each node i, test looks at all edges
• When looks at u
• Evaluates Di,u w(u,v) ?? Di,v
• Di,u D?i,u
• Since i,j closest erroneous pair
• Thus, Di,u w(u,v) D?i,u w(u,v) lt Di,v
• Test returns FAIL
• Shown if output not shortest paths ?
test returns FAIL

45
Summary of Checkers
• Shown checkers for
• Matroids
• All-shortest paths
• Checkers very specific to target algorithm
• In general
• Find invariant of output
• Ensure it is true

46
Low-Hanging Fruit Outline
• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and NP-hard languages
• Approximate verifiers

47
Verifiers for NP-Complete Problems
• Given NP-complete decision problem ??I?0,1
• ?s verification problem V(?)?I?0,1 ?P,F
• ? reducible to V(?)

48
Verifiers for NP-Complete Problems
• Given NP-complete decision problem ??I?0,1
• ?s verification problem V(?)?I?0,1 ?P,F
• ? reducible to V(?)
• On input x, check if ltx,Pgt?V(?)
• Mapping computable in poly-time
• Thus, V(?) NP-complete
• Proven if ? NP-complete then so is V(?)

49
Verifiers for Some NP-Hard Problems
• Given NP-Hard problem H?I??
• On input x, returns y s.t.
• yltO(f(x))
• f(x) ? O(poly(x))
• f() poly-time computable
• Verification problem V(H)?I???P,F

50
Verifiers for Some NP-Hard Problems
• Reduction from H to V(H)
• Given x, compute f(x)
• Try all possible values for y?0 f(x)
• If ltltx,ygt, Pgt?V(H) then ACCEPT
• If not accepts, REJECT
• Reduction is poly-time
• Thus, V(H) is NP-Hard (unless PNP)
• Examples min vertex cover, max clique, chromatic
number, max cycle length, etc.

51
Low-Hanging Fruit Outline
• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and NP-hard languages
• Approximate verifiers

52
Maximization Problems
• Given NP-Hard Maximization problem H?I??
• Output size of maximum solution to problem
• For each H ? NP-Complete Decision problem HD
• Input ltx,ygt
• ACCEPT iff maximal solution to problem is ?y
• Can use binary search to find solve H using log
x calls to HD

53
Approximate Algorithms
• Given NP-Hard Maximization problem H?I??
• AH is (a,c) approximation algorithm for H if
• On input x, outputs y
• y ? max ? a?y c
• max is maximal solution of H
• Runs in poly time
• (a,c) approximation verifier AVH
• Input ltx,ygt
• Returns PASS iff y ? max ? a?y c

54
Approximation Verifiers NP
• Thm If poly-time (a,c) approximation algorithm
AH exists for NP-Hard maximization problem H,
Then approximation verifier AVH is NP-Complete
• Proof Reduce sibling decision problem HD to AVH
• Calls AH
• Uses AVH as oracle

55
Reducing HD
• Input ltx,ygt
• ACCEPT iff y?max
• max size of maximal solution to input x
• Step 1 call AH
• Get m?AHs approximation of max
• Step 2 work
• If y ? m?, ACCEPT
• If y gt m?
• If y gt a?m? c, REJECT
• Else, use AVH Oracle to see if ltx,ygt?L(AVH)
• If ltx,ygt?L(AVH), ACCEPT
• Else, REJECT

56
Reducing HD
• Given input ltx,ygt to HD
• Decided whether y?max by calling
• AH approximation algorithm
• AVH approximation verifier
• AH runs in poly time
• Reduction is poly-time, so can run AH as part of
reduction
• ltx,ygt transformed to input to AVH
• Thus, AVH at least as hard as HD

57
Proven
• NP-Hard Maximization problem AND
• Poly-time approximation algorithm for it
• Approximation verifier for approximation
algorithm is NP-Complete

58
Algorithm-specific Verifiers
• If poly-time approximation algorithm exists,
trivial approximation verifier
• On input ltx,ygt
• Run fault-free version of approximation algorithm
on x
• See if returns y
• Verifier still poly-time
• Only works for specific approximation algorithm
• Wont work for different approximators of same
problem

59
Low-Hanging Fruit Summary
• Covered several basic theorems
• Give idea of what is possible/impossible
• Fairly basic results
• Equivalent to homework in graduate theory class

60
Outline
• Low-hanging fruit
• Himanshu Gupta. "Result Verification Algorithms
for Optimization Problems", 1995
• Checkers for optimizations programs
• Existence of checkers for certain complexity
classes
• Certification Trails
• Gregory F. Sullivan, Dwight S. Wilson and Gerald
M. Masson, Certification of Computational
Results, 1995.
• Fundamentals of program testing correcting
• Manuel Blum, Michael Luby and Ronitt Rubinfeld.
"Self-Testing Correcting with Applications to
Numerical Problems"

61
Certification Trails
• Algorithm runs on input
• Produces
• Regular output
• Certification Trail short proof that output
matches input
• Certifier runs on ltinput, trailgt
• Produces same output or return FAIL
• Additional info from trail speeds recomputation
• If trail wrong, may still output correctly
• Certifiers presented here will just FAIL

62
Basic Definitions
• D set of inputs
• S set of valid outputs
• T set of certification trails
• Original program
• P D ? S?T
• Accepts input, returns ltoutput, trailgt
• Certifier
• C D?T ? S?FAIL
• Accepts ltinput, trailgt, returns output or FAIL

63
Focus of Certification Trails
• Paper comes from Software Engineering background
• Thus, focus on detecting programmer errors
• Argue that P and C different algorithms
• Thus, implementations different
• Low probability of same errors in P and C
• Hardware faults also mentioned

64
Certification Trails Outline
• Paper presents checkers for several common
algorithms
• Sorting
• Convex Hull
• Neat approach
• Problem-specific and very manual
• Little insight into general procedure
• Though, can create fault tolerant libraries

65
Sorting
• Given list of numbers, return the numbers in
sorted order
• Trivial check
• Given allegedly sorted output
• Check that order non-decreasing
• This doesnt work
• Output must be permutation of input
• Above checker would
• On input 2, 4, 6, 8
• Accept 0, 0, 0, 0, 0, 0

66
Correct Certifier
• Certification Trail list of indexes
• All input elements get ID
• ith element gets ID i
• At spot j of trail ID of element in sorted
position j

0 12
1 45
2 9
3 26
4 33
5 17
6 11
7 92
IDs Data
2 9
6 11
0 12
5 17
3 26
4 33
1 45
7 92
IDs Sorted Data
IDs in Trail
2
6
0
5
3
4
1
7
67
Checking Permutation
• Certifier gets
• Input numbers
• Their IDs in sorted order
• Uses ID list to reorder input numbers
• ID list serves as cheat sheet
• Shows correct sort decisions

Data
12
45
9
26
33
17
11
92
IDs in Trail
2
6
0
5
3
4
1
7
2 9
6 11
0 12
5 17
3 26
4 33
1 45
7 92
Sorted(?) IDs Sorted(?) Data
68
Checking Permutation
• Two things to check
• Onto For each sorted element, ? input element
• 1-1 All sorted elements refer to different
input elements

Data
12
45
9
26
33
17
11
92
IDs in Trail
2
6
0
5
3
4
1
7
2 9
6 11
0 12
5 17
3 26
4 33
1 45
7 92
Sorted(?) IDs Sorted(?) Data
69
Checking Permutation
• Onto For each sorted element, ? input element
• Check that all IDs in trail are valid
• 1-1 All sorted elements refer to different
input elements
• If two IDs in trail equal then some input element
not touched
• Not copied to sorted list
• Use touch counters

0 1 2 3 4 5 6 7
Input
Sorted
0 1 3 3 4 5 6 7
70
Checking Sort
• To check sort
• Traverse reordered list
• Ensure non-decreasing
• Sorter time O(n?log n)
• Certifier time O(n)
• Asymptotically faster
• Big trick
• Trail summarizes decisions made by sorter
• Enough info to quickly recompute
• Can any problem be cast into set of big decisions?

71
Certification Trails Outline
• Paper presents checkers for several common
algorithms
• Sorting
• Convex Hull
• Neat approach
• Problem-specific and very manual
• Little insight into general procedure
• Though, can create fault tolerant libraries

72
Convex Hull Problem
Given set of points on 2D plane, find subset
that forms convex hull around all points.
73
Convex Hull Step 1
Points sorted in order of increasing slope
relative to P1
P1 is the point with the least x-coordinate.
74
Convex Hull Invariant
All the points not on Hull are inside triangle
formed by P1 and two successive points on Hull
P6
P8
P5
P7
P4
P3
P1
P2
75
Convex Hull Invariant
P3 not Hull point ? clockwise angle between
lines P2P3 and P3P4 180º
P6
P8
P5
P7
P4
180º
P3
P1
P2
76
Convex Hull Invariant
P6
P8
P5
P7
P4
P1
lt 180º
P3
P2
77
Convex Hull Algorithm Outline
• Walk through P2 to Pn in slope order
• Keep adding points to hull
• If find point generating angle 180º
• Back up, remove all such points
• P1, P2 and Pn must be on convex hull

78
Convex Hull Algorithm
• Add P1, P2 and P3 to the Hull
• For Pk P4 to Pn
• (... trying to add Pk to the Hull )
• Let QA and QB be the two points most recently
• While the angle formed by QAQB and QBPk 180
• remove QB from the Hull since it is inside the
triangle P1, QA, Pk.
• Add Pk to the Hull

79
Trail for Convex Hull
• Augment Program to output
• h1, h2, ..., hm indexes of points on hull
• For each point Pi not on hull, proof of why not
• Tuple (xi, hj, hk, hk) s.t. xi in triangle hjhkhl
• xi internal point
• hj, hk, hk hull points

P5
P3
P1
P4
P2
80
Convex Hull Checker
• Checker checks that
• There is 1-1 correspondence between input points
and x1, x2, ..., xmUh1, h2, ..., hr.
• xi internal points
• hi hull points
• Each point in triangle proofs lies in given
triangle
• Basic error checking
• Assures that all points accounted for

81
Convex Hull Checker
• Checker checks that
• For each triple of consecutive hull points
hihi1hi2 lines hihi1 and hi1hi2 form
counter-clockwise angle ?180?
• i.e. form convex corners of hull
• ? unique locally maximal point on hull
• There exists theorem saying shape with above
properties is convex hull

P8
P6
?180?
?180?
P1
?180?
82
Proving Correctness
• If hull correct, will return PASS
• Since we check properties true of convex hulls
• If hull not correct
• If bad encoding of proof
• (i.e. points dont refer to input)
• First two checks will detect
• If internal points should be on hull
• Will not be in any triangle
• If hull points not convex
• Convexity assured by theorem, given points were
valid (ensured by first check)

83
Checking Convex Hull
• Original Algorithm O(n?log n) time
• Dominated by initial sort of points
• Checker O(n) time
• Asymptotically faster
• Very different algorithms
• Little chance of similar errors in both
• Hardware errors will affect both differently

84
Checking Convex Hull Big Trick
• Trail contains key facts discovered by algorithm
• Containment triangles
• Certifier checks main invariant
• Convexity of hull

85
Outline
• Low-hanging fruit
• Himanshu Gupta. "Result Verification Algorithms
for Optimization Problems", 1995
• Checkers for optimizations programs
• Existence of checkers for certain complexity
classes
• Certification Trails
• Gregory F. Sullivan, Dwight S. Wilson and Gerald
M. Masson, Certification of Computational
Results, 1995.
• Fundamentals of program testing correcting
• Manuel Blum, Michael Luby and Ronitt Rubinfeld.
"Self-Testing Correcting with Applications to
Numerical Problems"

86
Goals
• Aimed at implementation errors
• Given implementation P of function f
• Testing must see if P(x)f(x) for most inputs
• If correct for all inputs, output PASS
• If incorrect on too many inputs x, output FAIL
• Correcting if ? inputs x for which P(x)?f(x)
then
• Figure out correct P(x)
• Assuming P correct on most inputs
• Tester and corrector may call P

87
• Tester and corrector usually simpler than P
• Smaller probability of bugs
• Smaller running time ? smaller prob of random
fault
• Tester and corrector run faster than P
• (Counting calls to P as constant time)
• Thus, very likely different implementations
• Small probability of same bug in tester/corrector
and P

88
• One tester/corrector pair per function
• Reusable across implementations
• Can design testers/correctors for specific
libraries
• Applications using lots of library code (ex
Java, C) mostly covered
• Thus, can spend more time debugging
• Bottom Line
• P may be faulty
• Tester/Corrector assumed reliable

89
General Technique Testing
• Will test linearity property
• Shared by many functions
• f(xy) f(x) f(y)
• Will show
• If linearity holds for implementation P on inputs
• Then ? linear function g s.t. P(x)g(x) for most
inputs x
• (i.e. if P mostly linear then close to actually
linear function)
• Since P(x)f(x) on many inputs, g f

90
General Technique Correcting
• Focus on random self-reducible functions
• Can express f(x) as f(y1), f(y2), f(yk) where
y1, y2, yk random
• Assumes simple reduction function R()
• To get P(x), run several times
• Pick random y1, y2, yk
• P(x) R(P(y1), P(y2), P(yk))
• If on input x P(x) wrong, now correct with high
probability

91
True Definitions
• error(f, P, D) probability that P(x)?f(x) with
x randomly chosen via distribution D
• Probabilistic oracle program
• Probabilistic program M
• Makes calls to external oracle program A
• Calls counted as constant time
• Syntax MA

92
True Definition Self-Tester
• Let 0 ? ?1 lt ?2 ? 1
• Confidence parameter ?gt0
• (?1, ?2) self-testing program for f
• Probabilistic oracle program Tf
• If error(f, P, D) ? ?1 then TfP returns PASS with
Prob ? 1-?
• If error(f, P, D) ? ?2 then TfP returns FAIL with
Prob ? 1-?

?1
?2
FAIL
PASS
0
1
error(f, P, D)
93
True Definition Self-Corrector
• Let 0 ? ? lt 1
• Confidence parameter ?gt0
• ? self-correcting program for f
• Probabilistic oracle program Cf
• If error(f, P, D) ? ? then CfP(x) f(x) with
Prob ? 1-?
• x randomly selected from distribution D

94
Self-Tester/Corrector Pair
• Let 0 ? ?1 lt ?2 ? ? ? 1
• Confidence parameter ?gt0
• Tf (?1, ?2) self-tester for f
• Cf ? self-corrector for f
• Cf applied when Tf doesnt FAIL

NOT FAIL
?1
?2
?
FAIL
0
1
error(f, P, D)
95
Outline
• Self-correctors
• Assume existence of self-testers
• Simpler to prove correctness
• Self-Testers
• Correctness harder to prove
• Requires a bit of group theory

96
Self-Correctors
• Assume that for implementation Perror(f, P, D)
known
• Determined by self-tester
• error(f, P, D) ? constant
• Assume function f self-reducible
• f(x) R(f(y1), f(y2), f(yk))
• y1, y2, yk random
• Not independent of each other

97
General Self-Corrector
• For i 1 to q
• Pick random y1, y2, yk
• Note For any call to P we ensure output in
correct range

98
Improving Correctness
• Before P(x)?f(x) for some xs
• P(x)?f(x) on constant ? ? inputs x
• Now
• Each iteration has prob of failure ? ??k
• ProbR(P(x1), P(x2), , P(xk)) ?
R(f(x1), f(x2), , f(xk)) f(x) ? k??
• Since k calls to P
• Goal compute correct f(x) with prob ? 1-?
• Each self-reduction is independent
• Thus, error probability goes down exponentially
• Can get ? 1-? success prob after several
repeats
• Several ? ln(1/?)

99
Self-Reducibility of Mod
• Want to compute f(x) (x mod R)
• R fixed
• x ? 0R?2n-1
• Self-reducible
• (x mod R) (x1 mod R) (x2 mod R)
• x1 picked uniformly at random
• x2 picked s.t. x x1 x2
• Since (x1x2 mod R) (x1 mod R) (x2 mod R)

100
Self-Corrector for Mod
• For i 1 to q
• Pick random x1
• Pick x2 s.t. xx1x2

101
Self-Reducibility of Modular Mult
• Want to compute f(x,y) x?y mod R
• R fixed
• x, y ? 02n-1
• Self-Reducible
• x?y (x1?y1 mod R) (x1?y2 mod R)
(x2?y1 mod R) (x2?y2 mod R)
• x1, y1 picked uniformly at random
• x2, y2 picked s.t. x x1 x2, y y1 y2
• Since
• x1?y1 x1?y2 x2?y1 x2?y2
• x1?(y1 y2) x2?(y1 y2)
• (x1x2) ? (y1 y2) x?y

102
Self-Corrector for Modular Mult
• For i 1 to q
• Pick random x1, y1
• Pick x2 s.t. xx1x2
• Pick y2 s.t. yy1y2
P(x2,y2)
• Corrector for integer multiplication similar

103
Self-Reducibility of Matrix Mult
• Want to compute f(A,B) A?B
• A, B matrices
• Self-Reducible
• A?B A1?B1 A1?B2 A2?B1 A2?B2
• A1, B1 picked uniformly at random
• A2 A A1, B2 B B1
• Since
• A1?B1 A1?B2 A2?B1 A2?B2
• A1?(B1 B2) A2?(B1 B2)
• (A1A2) ? (B1 B2) A?B

104
Self-Corrector for Matrix Mult
• For i 1 to q
• Pick random A1, B1
• Pick A2 s.t. A2 A - A1
• Pick B2 s.t. B2 B B1
P(A2,B2)
• Polynomial multiplication works same way

105
Self-Correctors Summary
• Can design self-corrector for any random
self-reducible function
• Unknown how large this set is
• Self-Correctors very simple
• Finite bound loop
• Simple reduction function
• Thus, low probability of error in self-corrector
• Number of calls to P increases by log factor

106
Outline
• Self-correctors
• Assume existence of self-testers
• Simpler to prove correctness
• Self-Testers
• Correctness harder to prove
• Requires a bit of group theory

107
Moving to Self-Testing
• Can now self-correct
• Self-correctors only work if error(f, P, D) ?
constant
• But how can we know?
• Self-testing tells us

108
Self-Testing
• Given implementation P of function f
• Want to know error(f, P, D) ProbP(x)?f(x) for
x chosen with distribution D
• Assume P(x) f(x) for many xs
• Will present self-testers for linear functions
• Linear f(x1x2) f(x1) f(x2)
• Tests will bound error(f, P, D)

109
Linearity
• Modf(x1x2) (x1x2) mod R
(x1 mod R)(x2 mod R)
• Modular Multf(x1x2) ((x1x2)?y) mod R
(x1?y mod R) (x2?y mod R)

110
Self-Testing Technique
• Central Claim If P(x) is linear in many
spotsThen ? linear function g s.t. low prob
of P(x)?g(x)
• If P mostly linear then P very close to actually
linear function
• Since assumed for most x P(x) f(x)Then the
linear function P is close to is f()

111
Self-Testing Technique
• Thus self-tester repeatedly
• Picks random inputs
• Verifies P(x1x2) P(x1) P(x2)
• Verifies P(x11) P(x1) 1

112
Intro to Group Theory
• To explain why this works, must introduce group
theory
• Group set of numbers with operation ltS, gt
• Set S
• Binary Operation
• Given two group elements, produces another group
element
• Examples
• Infinite group Integers with
• Finite group Even integers 098, with
mod 100

113
Identity Element
• Special element 0
• ?h?S. 0 h h
• Called Identity Element
• Ex Rationals, with ?
• x ? y another rational
• 1 is identity since 1 ? x x
• Inverse x-1 s.t. x x-1 0

114
Group Generators
• Powers hn h h h h (n times)
• an am anm
• Each group has elements g1,,gc s.t.?h?S.
?n1n2nc. h
• Thus, all elements expressible in terms of g1,gc
• They generate the group

115
Subgroups
• Given group ltS, gt
• Subgroup ltT, gt if T?S
• Ex
• S Even Integers 098 mod 100
• T Multiples of 4 ? 098
• Each subgroup has own generators
• ltS, gt generated by 2
• ltT, gt generated by 4
• T 0 always subgroup

116
Subgroups Example
• Let G ltintegers 014, mod 15gt
• Group generator 1
• Subgroups
• 0 generated by 0
• 0, 3, 6, 9, 12 generated by 3
• 0, 5, 15 generated by 5
• All subgroups generated by some power of 1
• In general, every subgroup generated by some
combo of group generators

117
Functions on Groups
• is function from group to itself
• Can define others
• Ex given additive group, can define
multiplication
• Functions from one group to another
• G1 even integers 0...98
• G2 powers of 4 0186
• f G1?G2
• f(x?G1) (x?2) ? G2

118
Homomorphisms
• Homomorphism function on groups s.t.
• f GA?GB
• GB ltSA, Agt
• GB ltSB, Bgt
• f(x1 A x2) f(x1) B f(x2)
• i.e. Linear function on groups
• Example modular exponentiation
• GA Integers 0...R?2n, with
• GB Integers 0...R, with ?
• fa(x) ax mod R
• fa(x1x2) ax1x2 mod R (ax1 mod R) ? (ax2 mod
R) f(x1) ? f(x2)

119
Homomorphisms and Subgroups
• Fact homomorphisms map subgroups to subgroups
• f G1?G2
• ?x?H1, H1 subgroup of G1f(x) are all the members
of some H2, subgroup of G2

G1
G2
Homomorphism
120
Self-Testing Technique
• Given implementation P of function ff GA?GB
• Linear TestFor i1 to n
• Randomly pick x1, x2
• Check if
• If GB has no finite subgroups (besides 0B) then
done

121
Self-Testing Technique
• Given implementation P of function ff GA?GB
• If GB has finite subgroups (besides
0B)Neighbor TestFor i1 to n
• For each generator gi of group GA
• Randomly pick z
• Check if
• is f(z)s neighbor in target
subgroup of GB

122
Proof
• Method
• Assume that linearity and neighbor tests passed
• i.e. ? error for tests bounded by constant
• Prove that P mostly equal to some linear g()
• Steps
• Define discrepancy function disc(x) g(x)
P-1(x)
• g() some linear function, operating on same
groups as f()
• P(x)g(x) for most x ? disc(x)0 for most x
• disc(x) is homomorphism ? linearity test
passes for x
• Thus, if linearity test passed on many xs, disc
is probably homomorphism

123
Proof
• f() maps finite group to (possibly infinite)
group
• Mod
• Integer Mult
• Modular Mult
• g() and disc() map same groups

124
Proof
• Recall homomorphisms map subgroups to subgroups
• Thus, homomorphism disc() can only map domain
group to finite subgroup of range group
• Question Does range group have finite subgroups?
• (besides 0B)

125
Proof
• Range group no finite subgroups besides 0B
• Then disc must map domain group to 0B
• disc(x) 0B
• (On most xs, since disc probably homomorphism)

Finite Group
Infinite Group
0
Homomorphism
126
Proof
• Range group has real finite subgroups
• Each subgroup must have generators
• Those generators are products of the groups
generators
• Neighbor test
• For each generator gi
• Ensures any such subgroup must be 0B

127
Proof
• Thus, disc(x) 0B (with high probability)
• Recall disc(x) g(x) P-1(x)
• Thus, P(x) g(x) (with high probability)
• g() still undefined linear function
• Assumption P(x) f(x) on many inputs
• Fact if two linear functions equal on gt1 point,
they are same function
• Thus, g f and P(x)f(x) (with high probability)

128
Summary of Self-Testers
• Can verify if P(x)f(x) with high probability
• Useful information to know
• Required for self-correctors to work reliably
• Simple implementation
• Constant bound loop
• A few additions, multiplications, etc.
• Can be self-corrected themselves

129
Summary
• Paper presents the basics of broader theory of
self-testing/-correcting