Checking Specific Algorithms

1
Checking Specific Algorithms

• Greg Bronevetsky

2
Objective

• Primary goal find checkers that can be applied
  to any program
• Along the way must look at checkers for specific
  algorithms
• Each checker exploits special properties of
  target algorithm
• General patterns may become apparent
• Useful for toolkit-style checker generator
• Library of algorithm-specific checkers used where
  appropriate

3
Outline

• Low-hanging fruit
• Himanshu Gupta. "Result Verification Algorithms
  for Optimization Problems", 1995
• Checkers for optimizations programs
• Existence of checkers for certain complexity
  classes
• Certification Trails
• Gregory F. Sullivan, Dwight S. Wilson and Gerald
  M. Masson, Certification of Computational
  Results, 1995.
• Fundamentals of program testing correcting
• Manuel Blum, Michael Luby and Ronitt Rubinfeld.
  "Self-Testing Correcting with Applications to
  Numerical Problems"

4
Low-Hanging Fruit Outline

• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and -hard languages
• Approximate verifiers
• Verifiers with Certification Trails

5
Intro to Complexity

• Problems defined as sets of strings
• Particular set language
• Example language set of palindromes
• 001100, 01011010, etc.
• Membership in given language decidable by
  computing device of given power
• ex Turing machine running in polynomial time
• Machine A on input x
• Runs for time poly(x)
• Returns ACCEPT x?L(A) REJECT
  x?L(A)

6
Intro to Complexity

• Complexity class set of languages accepted by
  machines of given power
• Examples
• P Turing machines with running time ?
  O(poly(x))
• EXPSPACE Turing machines that use ? O(2x)
  memory
• BC Boolean circuits of bounded depth
• Big deal can show some problems inherently
  harder than others

7
Basics of Reductions

• Problem A reducible to problem B if can easily
  solve A given algorithm for B
• Reduction
• Given x input to A
• Efficiently transform x to y input to B
• Efficiently usually means poly-time
• Ask algorithm for B if y valid B-string
• B is an oracle
• x valid A-string ? y valid B-string
• Thus, B at least as hard as A

8
Basics of Reductions

• Can compare difficulties of problems via
  reductions
• If all problems in class C1 reducible to problems
  in class C2 then C1 ? C2
• Example
• P ? NP
• Unknown if NP ? P
• If yes, then PNP
• If no, then some problems in NP cannot be solved
  in polynomial time

9
Theorem 1

• Let A be an implementation of an algorithm
• Runs in time O(p()), p some polynomial
• Does there exist checker C for A that runs in
  time lt p()?
• C accepts As input output, returns PASS/FAIL
• C knows As source code
• Runs in time O(q()) lt O(p()), asymptotically
  faster
• A is decision algorithm, so output is 1 bit

Input
PASS, FAIL
A
C
0,1
10
Theorem 1

• As input x n bits
• As output y 1 bit
• Suppose C can verify whether x?L(A) using y
• In O(q(x)) time
• Then can decide L(A) in O(q(x)) time
• Given input x
• Run C on ltx,1gt
• If C(x,1) returns PASS, ACCEPT x
• If C(x,1) returns FAIL, REJECT x

11
Theorem 1

• A reduced to C
• C runs in O(q()) time
• Thus, p()-time problems solvable in q()-time
• This is not true
• Therefore, for p()-time decision algorithm A ??
  checker C running in ltO(p()) time

12
Theorem 1.1

• Lets make job simpler for checker
• Helper proof
• Suppose A outputs helper proof
• C can use helper proof to simplify checking
• Size of helper proof ? q(x)
• Since C can only read ? q(x) bits of proof

0,1
Input
PASS, FAIL
C
A
HelperProof
13
Theorem 1.1

• As input x n bits
• As output y 1 bit q(x)-bit proof
• Suppose C can verify whether x?L(A) using y
• In O(q(x)) time
• Then y is witness for x?L(A)

14
Nondeterministic Time Classes

• Non-deterministic automaton for language L
• Given input x
• Runs for O(f(x)) amount of time
• Can make binary guesses 0,1
• If ? set of guesses s.t. automaton would accept,
  then x?L

• At each guess, automaton splits
• 0 branch, 1 branch
• If accepts along some path then whole automaton
  accepts

0
1
0
1
0
1
15
Nondeterministic Time Classes

• String of guesses leading to ACCEPT called a
  witness
• Proves that x?L
• Can deterministically verify x?L
• No need to guess witness gives correct guesses
• NP runs for polynomial time witnesses ?
  poly-length
• Nondet(f()) runs in time ? O(f(x))
  witness length ? O(f(x))

16
Theorem 1.1

• As input x n bits
• As output y 1 bit q(x)-bit proof
• Suppose C can verify whether x?L(A) using y
• In O(q(x)) time
• Then y is witness for x?L(A)
• Thus, x?L(A) decidable by nondet automaton
  running in O(q(x)) time

17
Theorem 1.1

• Guess all bits of proof
• Takes ?q(x) guesses
• For each proof, run C on ylt1, proofgt
• Accept if C says PASS on some ylt1, some
  proofgt

Guess y
0
1
0
1
1
0
C
C
C
C
18
Theorem 1.1

• x?L(A) decidable by nondet automaton running in
  O(q(x)) time
• Thus, L(A) ? Nondet(q())
• Recall A runs in time O(p())gtO(q())
• Det(p()) ? Nondet(q()) ? Nondet(p()) ? ?
  Det(p()) ? Nondet(p())
• Shown If L(A) ? Det(p()) and ? proof-checker
  that runs in time O(q()) where q()ltp() then
  Det(p()) ? Nondet(p())

19
Theorem 1.1

• Shown If L(A) ? Det(p()) and ? checker that runs
  in time O(q()) where q()ltp() then Det(p()) ?
  Nondet(p())
• Known Det(p()) ? Nondet(p()) for few functions
• In general, as hard as P ? NP
• Worst case scenario
• If discover efficient checkers, then Det(p()) ?
  Nondet(p())
• Very difficult
• If Det(p()) ? Nondet(p()) proven, no help to us

20
Low-Hanging Fruit Outline

• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and NP-hard languages
• Approximate verifiers

21
Definitions

• Problem ??I?S
• I set of inputs
• S set of solutions
• Algorithm on input x?I, returns y?S s.t. ltx,ygt??
• Verification problemV(?)?(I?S)?PASS,FAIL
• lt(x,y),PASSgt?V(?) iff ltx,ygt??
• lt(x,y),FAILgt?V(?) iff ltx,ygt??

22
Maximum Flow

• Given
• Directed graph G(V,E)
• Edges labeled with capacities
• c(u,v) capacity of edge
• Two special nodes S and T
• Must find maximum flow from s to t

T
c8
c5
c4
c1
c9
c2
c6
S
c7
c3
23
Maximum Flow

• Find edge labeling f
• f(u,v) flow on edge u?v ? c(u,v)
• Sum of flows coming into node Sum of flows
  coming out of node
• Outflow of node s gt inflow
• Inflow of node t gt outflow
• Net outflow of s Net inflow of t Network
  flow
• Problem Find labeling f generating largest
  network flow

24
Residual Capacities

• Residual Capacity for flow fres(u,v) c(u,v)
  f(u,v)
• (Capacity of edge unused by flow)
• Residual Graph Rf graph on V,E where
• Augmenting Path Path through Rf

25
Augmenting Paths ? Verifier

• Theorem Rf contains augmenting path ? f is not
  maximum flow
• Example one common max flow algorithm
• Pick a flowWhile can find augmenting paths
• Adjust flow to remove augmenting path
• Thus, to check if given flow is max flow
• Ensure given flow valid
• Construct Rf
• Ensure that no augmenting path exists
• Path search much faster than max-flow algorithm

26
Min-Cost Flow

• Now edges have cost
• Goal find flow of given size with minimal cost
• For any potential flow construct Residual Graph
  Rf
• Theorem given flow is min-cost if Rf has no
  negative-cost cycles
• Thus, checker
• Ensures alleged min-cost flow is valid flow
• Constructs Rf
• Ensures that no negative-cost cycles exist
• Cycle search much faster than min-cost flow
  algorithm

27
Matching

• Given bipartite weighted/unweighted graph find
  subset of edges s.t.
• No left node has gt1 right node as neighbor
• No right node has gt1 left node as neighbor

X
Y
28
Verifier for Matching

• Matching also has augmenting paths
• Can verify matching
• Ensure that matching valid
• Search of augmenting path
• Above problems examples of matroids
• Intuitively problems solvable via basic greedy
  algorithm
• All matroids have this structure
• Thus, can easily check matroid problems

29
Other Matroid Problems

• Minimal Spanning Tree
• Minimal Cut in Graph
• Maximal Basis in Linear Space

30
Low-Hanging Fruit Outline

• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and NP-hard languages
• Approximate verifiers

31
All Shortest Paths

• Given undirected graph G(V,E)
• Each edge (i,j) has weight w(i,j)
• Problem return the shortest path between every
  pair of nodes
• Assume output format
• P predecessor matrix
• Pi,j k s.t. edge (k,j) lies on shortest path
  i?j
• (i.e. node k precedes node j on path i?j)
• D distance matrix
• Di,j shortest distance from i to j
• (Di,i 0)

Pi,j
j
i
32
Checker Algorithm

• Step 1 ensure that P and D self-consistent
• foreach (i,j)
• Ensure that Di,j Di, Pi,j
  w(Pi,j, j)
• If error seen, return FAIL
• Step 2 ensure output paths truly shortest
• foreach node i
• foreach edge (u,v)
• if(Di,u w(u,v) lt Di,v) return FAIL
• Return PASS

33
Checking Self-Consistency

• foreach (i,j)
• Ensure that Di,j Di, Pi,j w(Pi,j,
  j)
• Clearly, if output correct, test returns PASS

Pi,j
j
i
Di, Pi,j
w(Pi,j, j)
Di,j
34
Checking Self-Consistency

• foreach (i,j)
• Ensure that Di,j Di, Pi,j w(Pi,j,
  j)
• If output incorrect, two possible problems
• P may not represent valid paths
• D may not be true lengths of P s paths

Pi,j
j
i
Di, Pi,j
w(Pi,j, j)
Di,j
35
Checking D

• Suppose Di,j ? i?j distance according to P
• Pick pair i,j with shortest true distance
• Let k Pi,j
• Check Di,j ? Di, k w(k, j)
• No errors in D for pairs closer than i and j
• Thus, Di, k correct distance i?js predecessor
• So, Di, k w(k, j) is correct i?j distance
• Thus, will detect error

Pi,j
j
k
i
36
Checking P

• Pi, must induce spanning tree on nodes
• Thm Graph on n nodes is spanning tree ?
  n-1 edges and acyclic
• Clearly, n-1 edges since each node j?i has Pi,j
• Above check will fail if cycle exists

37
Checking P Acyclicity

• Claim if cycle exists then D has error

i
Di,v
Di,u
u
v
path

• Suppose cycle exists
• Suppose all edges of u-v cycle have been checked
  (and passed), u?v is last

38
Checking P Acyclicity
i
Di,v
Di,u
foreach (i,j) Di,j Di, Pi,j
w(Pi,j, j)
u
v
path

• v?u path passed, so Di,u Di,v w(path)
• In order for u?v to pass Di,v Di,u
  w(u,v)
• But then, Di,v w(u,v) (Di,v w(path))
• Contradiction!
• Thus, cycle exists ? error in D detected

39
Checker Algorithm

• Step 1 ensure that P and D self-consistent
• foreach (i,j)
• Ensure that Di,j Di, Pi,j
  w(Pi,j, j)
• If error seen, return FAIL
• Step 2 ensure output paths truly shortest
• foreach node i
• foreach edge (u,v)
• if(Di,u w(u,v) lt Di,v return FAIL
• Return PASS

?
40
Checking Shortest Paths

• Test ? nodes i, edges (u,v) Di,u w(u,v) ??
  Di,v (FAIL if lt)
• Test checks if path through u shorter than
  official path
• If output correct
• If u on shortest path, Di,u w(u,v) Di,v
• If u not on shortest path, Di,u w(u,v) ?
  Di,v
• Thus, on correct output PASS returned

v
i
u
41
Checking Shortest Paths

• Suppose output incorrect Di,j not length of
  shortest i?j path
• Step 1 ensures Di,j true distance of path i?j
  according to P
• Let
• D? distance function for truly shortest
  solution
• P? predecessor function for shortest
  solution

42
Checking Shortest Paths

• Pick i,j s.t.
• Di,j ? D?i,j
• No other erroneous pair closer to each other (by
  P? )
• Thus, ?u?Pi,j s.t. D?i,u w(u,j) lt Di,j
• Path thru u shorter than path thru Pi,j
• If shortest path is thru Pi,j, then Di,
  Pi,j is wrong
• Big Question Will test detect this?

u
j
Shorter Path
i
Wrong Path
Pi,j
43
Checking Shortest Paths

• Thus, ?u?Pi,j s.t. D?i,u w(u,j) lt Di,j
• For each node i, test looks at all edges
• When looks at u?j
• Evaluates Di,u w(u,j) ?? Di,j
• Di,u D?i,u
• Since i,j closest erroneous pair
• Thus, Di,u w(u,j) D?i,u w(u,j) lt Di,j

u
j
Shorter Path
i
Wrong Path
Pi,j
44
Checking Shortest Paths

• For each node i, test looks at all edges
• When looks at u
• Evaluates Di,u w(u,v) ?? Di,v
• Di,u D?i,u
• Since i,j closest erroneous pair
• Thus, Di,u w(u,v) D?i,u w(u,v) lt Di,v
• Test returns FAIL
• Shown if output not shortest paths ?
  test returns FAIL

45
Summary of Checkers

• Shown checkers for
• Matroids
• All-shortest paths
• Checkers very specific to target algorithm
• In general
• Find invariant of output
• Ensure it is true

46
Low-Hanging Fruit Outline

• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and NP-hard languages
• Approximate verifiers

47
Verifiers for NP-Complete Problems

• Given NP-complete decision problem ??I?0,1
• ?s verification problem V(?)?I?0,1 ?P,F
• ? reducible to V(?)

48
Verifiers for NP-Complete Problems

• Given NP-complete decision problem ??I?0,1
• ?s verification problem V(?)?I?0,1 ?P,F
• ? reducible to V(?)
• On input x, check if ltx,Pgt?V(?)
• Mapping computable in poly-time
• Thus, V(?) NP-complete
• Proven if ? NP-complete then so is V(?)

49
Verifiers for Some NP-Hard Problems

• Given NP-Hard problem H?I??
• On input x, returns y s.t.
• yltO(f(x))
• f(x) ? O(poly(x))
• f() poly-time computable
• Verification problem V(H)?I???P,F

50
Verifiers for Some NP-Hard Problems

• Reduction from H to V(H)
• Given x, compute f(x)
• Try all possible values for y?0 f(x)
• If ltltx,ygt, Pgt?V(H) then ACCEPT
• If not accepts, REJECT
• Reduction is poly-time
• Thus, V(H) is NP-Hard (unless PNP)
• Examples min vertex cover, max clique, chromatic
  number, max cycle length, etc.

51
Low-Hanging Fruit Outline

• Gregs Theorem
• Himanshu Gupta
• Checkers for optimization problems (primal-dual)
• Max Flow
• Min-cost Flow
• Unweighted Weighted bipartite matching
• All Shortest Paths
• Existence proofs for verifiers
• Verifiers for NP-complete and NP-hard languages
• Approximate verifiers

52
Maximization Problems

• Given NP-Hard Maximization problem H?I??
• Output size of maximum solution to problem
• For each H ? NP-Complete Decision problem HD
• Input ltx,ygt
• ACCEPT iff maximal solution to problem is ?y
• Can use binary search to find solve H using log
  x calls to HD

53
Approximate Algorithms

• Given NP-Hard Maximization problem H?I??
• AH is (a,c) approximation algorithm for H if
• On input x, outputs y
• y ? max ? a?y c
• max is maximal solution of H
• Runs in poly time
• (a,c) approximation verifier AVH
• Input ltx,ygt
• Returns PASS iff y ? max ? a?y c

54
Approximation Verifiers NP

• Thm If poly-time (a,c) approximation algorithm
  AH exists for NP-Hard maximization problem H,
  Then approximation verifier AVH is NP-Complete
• Proof Reduce sibling decision problem HD to AVH
• Calls AH
• Uses AVH as oracle

55
Reducing HD

• Input ltx,ygt
• ACCEPT iff y?max
• max size of maximal solution to input x
• Step 1 call AH
• Get m?AHs approximation of max
• Step 2 work
• If y ? m?, ACCEPT
• If y gt m?
• If y gt a?m? c, REJECT
• Else, use AVH Oracle to see if ltx,ygt?L(AVH)
• If ltx,ygt?L(AVH), ACCEPT
• Else, REJECT

56
Reducing HD

• Given input ltx,ygt to HD
• Decided whether y?max by calling
• AH approximation algorithm
• AVH approximation verifier
• AH runs in poly time
• Reduction is poly-time, so can run AH as part of
  reduction
• ltx,ygt transformed to input to AVH
• Thus, AVH at least as hard as HD

57
Proven

• NP-Hard Maximization problem AND
• Poly-time approximation algorithm for it
• Approximation verifier for approximation
  algorithm is NP-Complete

58
Algorithm-specific Verifiers

• If poly-time approximation algorithm exists,
  trivial approximation verifier
• On input ltx,ygt
• Run fault-free version of approximation algorithm
  on x
• See if returns y
• Verifier still poly-time
• Only works for specific approximation algorithm
• Wont work for different approximators of same
  problem

59
Low-Hanging Fruit Summary

• Covered several basic theorems
• Give idea of what is possible/impossible
• Fairly basic results
• Equivalent to homework in graduate theory class

60
Outline

• Low-hanging fruit
• Himanshu Gupta. "Result Verification Algorithms
  for Optimization Problems", 1995
• Checkers for optimizations programs
• Existence of checkers for certain complexity
  classes
• Certification Trails
• Gregory F. Sullivan, Dwight S. Wilson and Gerald
  M. Masson, Certification of Computational
  Results, 1995.
• Fundamentals of program testing correcting
• Manuel Blum, Michael Luby and Ronitt Rubinfeld.
  "Self-Testing Correcting with Applications to
  Numerical Problems"

61
Certification Trails

• Algorithm runs on input
• Produces
• Regular output
• Certification Trail short proof that output
  matches input
• Certifier runs on ltinput, trailgt
• Produces same output or return FAIL
• Additional info from trail speeds recomputation
• If trail wrong, may still output correctly
• Certifiers presented here will just FAIL

62
Basic Definitions

• D set of inputs
• S set of valid outputs
• T set of certification trails
• Original program
• P D ? S?T
• Accepts input, returns ltoutput, trailgt
• Certifier
• C D?T ? S?FAIL
• Accepts ltinput, trailgt, returns output or FAIL

63
Focus of Certification Trails

• Paper comes from Software Engineering background
• Thus, focus on detecting programmer errors
• Argue that P and C different algorithms
• Thus, implementations different
• Low probability of same errors in P and C
• Hardware faults also mentioned

64
Certification Trails Outline

• Paper presents checkers for several common
  algorithms
• Sorting
• Convex Hull
• Neat approach
• Problem-specific and very manual
• Little insight into general procedure
• Though, can create fault tolerant libraries

65
Sorting

• Given list of numbers, return the numbers in
  sorted order
• Trivial check
• Given allegedly sorted output
• Check that order non-decreasing
• This doesnt work
• Output must be permutation of input
• Above checker would
• On input 2, 4, 6, 8
• Accept 0, 0, 0, 0, 0, 0

66
Correct Certifier

• Certification Trail list of indexes
• All input elements get ID
• ith element gets ID i
• At spot j of trail ID of element in sorted
  position j

0 12
1 45
2 9
3 26
4 33
5 17
6 11
7 92
IDs Data
2 9
6 11
0 12
5 17
3 26
4 33
1 45
7 92
IDs Sorted Data
IDs in Trail
2
6
0
5
3
4
1
7
67
Checking Permutation

• Certifier gets
• Input numbers
• Their IDs in sorted order
• Uses ID list to reorder input numbers
• ID list serves as cheat sheet
• Shows correct sort decisions

Data
12
45
9
26
33
17
11
92
IDs in Trail
2
6
0
5
3
4
1
7
2 9
6 11
0 12
5 17
3 26
4 33
1 45
7 92
Sorted(?) IDs Sorted(?) Data
68
Checking Permutation

• Two things to check
• Onto For each sorted element, ? input element
• 1-1 All sorted elements refer to different
  input elements

Data
12
45
9
26
33
17
11
92
IDs in Trail
2
6
0
5
3
4
1
7
2 9
6 11
0 12
5 17
3 26
4 33
1 45
7 92
Sorted(?) IDs Sorted(?) Data
69
Checking Permutation

• Onto For each sorted element, ? input element
• Check that all IDs in trail are valid
• 1-1 All sorted elements refer to different
  input elements
• If two IDs in trail equal then some input element
  not touched
• Not copied to sorted list
• Use touch counters

0 1 2 3 4 5 6 7
Input
Sorted
0 1 3 3 4 5 6 7
70
Checking Sort

• To check sort
• Traverse reordered list
• Ensure non-decreasing
• Sorter time O(n?log n)
• Certifier time O(n)
• Asymptotically faster
• Big trick
• Trail summarizes decisions made by sorter
• Enough info to quickly recompute
• Can any problem be cast into set of big decisions?

71
Certification Trails Outline

• Paper presents checkers for several common
  algorithms
• Sorting
• Convex Hull
• Neat approach
• Problem-specific and very manual
• Little insight into general procedure
• Though, can create fault tolerant libraries

72
Convex Hull Problem
Given set of points on 2D plane, find subset
that forms convex hull around all points.
73
Convex Hull Step 1
Points sorted in order of increasing slope
relative to P1
P1 is the point with the least x-coordinate.
74
Convex Hull Invariant
All the points not on Hull are inside triangle
formed by P1 and two successive points on Hull
P6
P8
P5
P7
P4
P3
P1
P2
75
Convex Hull Invariant
P3 not Hull point ? clockwise angle between
lines P2P3 and P3P4 180º
P6
P8
P5
P7
P4
180º
P3
P1
P2
76
Convex Hull Invariant
P6
P8
P5
P7
P4
P1
lt 180º
P3
P2
77
Convex Hull Algorithm Outline

• Walk through P2 to Pn in slope order
• Keep adding points to hull
• If find point generating angle 180º
• Back up, remove all such points
• Until added Pn
• P1, P2 and Pn must be on convex hull

78
Convex Hull Algorithm

• Add P1, P2 and P3 to the Hull
• For Pk P4 to Pn
• (... trying to add Pk to the Hull )
• Let QA and QB be the two points most recently
  added to the Hull
• While the angle formed by QAQB and QBPk 180
• remove QB from the Hull since it is inside the
  triangle P1, QA, Pk.
• Add Pk to the Hull

79
Trail for Convex Hull

• Augment Program to output
• h1, h2, ..., hm indexes of points on hull
• For each point Pi not on hull, proof of why not
• Tuple (xi, hj, hk, hk) s.t. xi in triangle hjhkhl
• xi internal point
• hj, hk, hk hull points

P5
P3
P1
P4
P2
80
Convex Hull Checker

• Checker checks that
• There is 1-1 correspondence between input points
  and x1, x2, ..., xmUh1, h2, ..., hr.
• xi internal points
• hi hull points
• Each point in triangle proofs lies in given
  triangle
• Basic error checking
• Assures that all points accounted for

81
Convex Hull Checker

• Checker checks that
• For each triple of consecutive hull points
  hihi1hi2 lines hihi1 and hi1hi2 form
  counter-clockwise angle ?180?
• i.e. form convex corners of hull
• ? unique locally maximal point on hull
• There exists theorem saying shape with above
  properties is convex hull

P8
P6
?180?
?180?
P1
?180?
82
Proving Correctness

• If hull correct, will return PASS
• Since we check properties true of convex hulls
• If hull not correct
• If bad encoding of proof
• (i.e. points dont refer to input)
• First two checks will detect
• If internal points should be on hull
• Will not be in any triangle
• If hull points not convex
• Convexity assured by theorem, given points were
  valid (ensured by first check)

83
Checking Convex Hull

• Original Algorithm O(n?log n) time
• Dominated by initial sort of points
• Checker O(n) time
• Asymptotically faster
• Very different algorithms
• Little chance of similar errors in both
• Hardware errors will affect both differently

84
Checking Convex Hull Big Trick

• Trail contains key facts discovered by algorithm
• Containment triangles
• Certifier checks main invariant
• Convexity of hull

85
Outline

• Low-hanging fruit
• Himanshu Gupta. "Result Verification Algorithms
  for Optimization Problems", 1995
• Checkers for optimizations programs
• Existence of checkers for certain complexity
  classes
• Certification Trails
• Gregory F. Sullivan, Dwight S. Wilson and Gerald
  M. Masson, Certification of Computational
  Results, 1995.
• Fundamentals of program testing correcting
• Manuel Blum, Michael Luby and Ronitt Rubinfeld.
  "Self-Testing Correcting with Applications to
  Numerical Problems"

86
Goals

• Aimed at implementation errors
• Given implementation P of function f
• Testing must see if P(x)f(x) for most inputs
• If correct for all inputs, output PASS
• If incorrect on too many inputs x, output FAIL
• Correcting if ? inputs x for which P(x)?f(x)
  then
• Figure out correct P(x)
• Assuming P correct on most inputs
• Tester and corrector may call P

87
Added Reliability

• Tester and corrector usually simpler than P
• Use simple additions, etc.
• Smaller probability of bugs
• Smaller running time ? smaller prob of random
  fault
• Tester and corrector run faster than P
• (Counting calls to P as constant time)
• Thus, very likely different implementations
• Small probability of same bug in tester/corrector
  and P

88
Added Reliability

• One tester/corrector pair per function
• Reusable across implementations
• Can design testers/correctors for specific
  libraries
• Applications using lots of library code (ex
  Java, C) mostly covered
• Thus, can spend more time debugging
• Bottom Line
• P may be faulty
• Tester/Corrector assumed reliable

89
General Technique Testing

• Will test linearity property
• Shared by many functions
• f(xy) f(x) f(y)
• Will show
• If linearity holds for implementation P on inputs
• Then ? linear function g s.t. P(x)g(x) for most
  inputs x
• (i.e. if P mostly linear then close to actually
  linear function)
• Since P(x)f(x) on many inputs, g f

90
General Technique Correcting

• Focus on random self-reducible functions
• Can express f(x) as f(y1), f(y2), f(yk) where
  y1, y2, yk random
• Assumes simple reduction function R()
• To get P(x), run several times
• Pick random y1, y2, yk
• P(x) R(P(y1), P(y2), P(yk))
• If on input x P(x) wrong, now correct with high
  probability

91
True Definitions

• error(f, P, D) probability that P(x)?f(x) with
  x randomly chosen via distribution D
• Probabilistic oracle program
• Probabilistic program M
• Makes calls to external oracle program A
• Calls counted as constant time
• Syntax MA

92
True Definition Self-Tester

• Let 0 ? ?1 lt ?2 ? 1
• Confidence parameter ?gt0
• (?1, ?2) self-testing program for f
• Probabilistic oracle program Tf
• If error(f, P, D) ? ?1 then TfP returns PASS with
  Prob ? 1-?
• If error(f, P, D) ? ?2 then TfP returns FAIL with
  Prob ? 1-?

?1
?2
FAIL
PASS
0
1
error(f, P, D)
93
True Definition Self-Corrector

• Let 0 ? ? lt 1
• Confidence parameter ?gt0
• ? self-correcting program for f
• Probabilistic oracle program Cf
• If error(f, P, D) ? ? then CfP(x) f(x) with
  Prob ? 1-?
• x randomly selected from distribution D

94
Self-Tester/Corrector Pair

• Let 0 ? ?1 lt ?2 ? ? ? 1
• Confidence parameter ?gt0
• Tf (?1, ?2) self-tester for f
• Cf ? self-corrector for f
• Cf applied when Tf doesnt FAIL

NOT FAIL
?1
?2
?
FAIL
0
1
error(f, P, D)
95
Outline

• Self-correctors
• Assume existence of self-testers
• Simpler to prove correctness
• Self-Testers
• Correctness harder to prove
• Requires a bit of group theory

96
Self-Correctors

• Assume that for implementation Perror(f, P, D)
  known
• Determined by self-tester
• error(f, P, D) ? constant
• Assume function f self-reducible
• f(x) R(f(y1), f(y2), f(yk))
• y1, y2, yk random
• Not independent of each other

97
General Self-Corrector

• For i 1 to q
• Pick random y1, y2, yk
• answeri R(P(y1), P(y2), P(yk))
• Output majority answer out of answer1q
• Note For any call to P we ensure output in
  correct range

98
Improving Correctness

• Before P(x)?f(x) for some xs
• P(x)?f(x) on constant ? ? inputs x
• Now
• Each iteration has prob of failure ? ??k
• ProbR(P(x1), P(x2), , P(xk)) ?
  R(f(x1), f(x2), , f(xk)) f(x) ? k??
• Since k calls to P
• Goal compute correct f(x) with prob ? 1-?
• Each self-reduction is independent
• Thus, error probability goes down exponentially
• Can get ? 1-? success prob after several
  repeats
• Several ? ln(1/?)

99
Self-Reducibility of Mod

• Want to compute f(x) (x mod R)
• R fixed
• x ? 0R?2n-1
• Self-reducible
• (x mod R) (x1 mod R) (x2 mod R)
• x1 picked uniformly at random
• x2 picked s.t. x x1 x2
• Since (x1x2 mod R) (x1 mod R) (x2 mod R)

100
Self-Corrector for Mod

• For i 1 to q
• Pick random x1
• Pick x2 s.t. xx1x2
• answeri P(x1) P(x2)
• Return majority among answer1q

101
Self-Reducibility of Modular Mult

• Want to compute f(x,y) x?y mod R
• R fixed
• x, y ? 02n-1
• Self-Reducible
• x?y (x1?y1 mod R) (x1?y2 mod R)
  (x2?y1 mod R) (x2?y2 mod R)
• x1, y1 picked uniformly at random
• x2, y2 picked s.t. x x1 x2, y y1 y2
• Since
• x1?y1 x1?y2 x2?y1 x2?y2
• x1?(y1 y2) x2?(y1 y2)
• (x1x2) ? (y1 y2) x?y

102
Self-Corrector for Modular Mult

• For i 1 to q
• Pick random x1, y1
• Pick x2 s.t. xx1x2
• Pick y2 s.t. yy1y2
• answeri P(x1,y1) P(x1,y2) P(x2,y1)
  P(x2,y2)
• Return majority among answer1q
• Corrector for integer multiplication similar

103
Self-Reducibility of Matrix Mult

• Want to compute f(A,B) A?B
• A, B matrices
• Self-Reducible
• A?B A1?B1 A1?B2 A2?B1 A2?B2
• A1, B1 picked uniformly at random
• A2 A A1, B2 B B1
• Since
• A1?B1 A1?B2 A2?B1 A2?B2
• A1?(B1 B2) A2?(B1 B2)
• (A1A2) ? (B1 B2) A?B

104
Self-Corrector for Matrix Mult

• For i 1 to q
• Pick random A1, B1
• Pick A2 s.t. A2 A - A1
• Pick B2 s.t. B2 B B1
• answeri P(A1,B1) P(A1,B2) P(A2,B1)
  P(A2,B2)
• Return majority among answer1q
• Polynomial multiplication works same way

105
Self-Correctors Summary

• Can design self-corrector for any random
  self-reducible function
• Unknown how large this set is
• Self-Correctors very simple
• Finite bound loop
• Simple reduction function
• Thus, low probability of error in self-corrector
• Number of calls to P increases by log factor

106
Outline

• Self-correctors
• Assume existence of self-testers
• Simpler to prove correctness
• Self-Testers
• Correctness harder to prove
• Requires a bit of group theory

107
Moving to Self-Testing

• Can now self-correct
• Self-correctors only work if error(f, P, D) ?
  constant
• But how can we know?
• Self-testing tells us

108
Self-Testing

• Given implementation P of function f
• Want to know error(f, P, D) ProbP(x)?f(x) for
  x chosen with distribution D
• Assume P(x) f(x) for many xs
• Will present self-testers for linear functions
• Linear f(x1x2) f(x1) f(x2)
• Tests will bound error(f, P, D)

109
Linearity

• Modf(x1x2) (x1x2) mod R
  (x1 mod R)(x2 mod R)
• Modular Multf(x1x2) ((x1x2)?y) mod R
  (x1?y mod R) (x2?y mod R)

110
Self-Testing Technique

• Central Claim If P(x) is linear in many
  spotsThen ? linear function g s.t. low prob
  of P(x)?g(x)
• If P mostly linear then P very close to actually
  linear function
• Since assumed for most x P(x) f(x)Then the
  linear function P is close to is f()

111
Self-Testing Technique

• Thus self-tester repeatedly
• Picks random inputs
• Verifies P(x1x2) P(x1) P(x2)
• Verifies P(x11) P(x1) 1

112
Intro to Group Theory

• To explain why this works, must introduce group
  theory
• Group set of numbers with operation ltS, gt
• Set S
• Binary Operation
• Given two group elements, produces another group
  element
• Examples
• Infinite group Integers with
• Finite group Even integers 098, with
  mod 100

113
Identity Element

• Special element 0
• ?h?S. 0 h h
• Called Identity Element
• Ex Rationals, with ?
• x ? y another rational
• 1 is identity since 1 ? x x
• Inverse x-1 s.t. x x-1 0

114
Group Generators

• Powers hn h h h h (n times)
• an am anm
• Each group has elements g1,,gc s.t.?h?S.
  ?n1n2nc. h
• Thus, all elements expressible in terms of g1,gc
• They generate the group

115
Subgroups

• Given group ltS, gt
• Subgroup ltT, gt if T?S
• Ex
• S Even Integers 098 mod 100
• T Multiples of 4 ? 098
• Each subgroup has own generators
• ltS, gt generated by 2
• ltT, gt generated by 4
• T 0 always subgroup

116
Subgroups Example

• Let G ltintegers 014, mod 15gt
• Group generator 1
• Subgroups
• 0 generated by 0
• 0, 3, 6, 9, 12 generated by 3
• 0, 5, 15 generated by 5
• All subgroups generated by some power of 1
• In general, every subgroup generated by some
  combo of group generators

117
Functions on Groups

• is function from group to itself
• Can define others
• Ex given additive group, can define
  multiplication
• Functions from one group to another
• G1 even integers 0...98
• G2 powers of 4 0186
• f G1?G2
• f(x?G1) (x?2) ? G2

118
Homomorphisms

• Homomorphism function on groups s.t.
• f GA?GB
• GB ltSA, Agt
• GB ltSB, Bgt
• f(x1 A x2) f(x1) B f(x2)
• i.e. Linear function on groups
• Example modular exponentiation
• GA Integers 0...R?2n, with
• GB Integers 0...R, with ?
• fa(x) ax mod R
• fa(x1x2) ax1x2 mod R (ax1 mod R) ? (ax2 mod
  R) f(x1) ? f(x2)

119
Homomorphisms and Subgroups

• Fact homomorphisms map subgroups to subgroups
• f G1?G2
• ?x?H1, H1 subgroup of G1f(x) are all the members
  of some H2, subgroup of G2

G1
G2
Homomorphism
120
Self-Testing Technique

• Given implementation P of function ff GA?GB
• Linear TestFor i1 to n
• Randomly pick x1, x2
• Check if
• If GB has no finite subgroups (besides 0B) then
  done

121
Self-Testing Technique

• Given implementation P of function ff GA?GB
• If GB has finite subgroups (besides
  0B)Neighbor TestFor i1 to n
• For each generator gi of group GA
• Randomly pick z
• Check if
• is f(z)s neighbor in target
  subgroup of GB

122
Proof

• Method
• Assume that linearity and neighbor tests passed
• i.e. ? error for tests bounded by constant
• Prove that P mostly equal to some linear g()
• Steps
• Define discrepancy function disc(x) g(x)
  P-1(x)
• g() some linear function, operating on same
  groups as f()
• P(x)g(x) for most x ? disc(x)0 for most x
• disc(x) is homomorphism ? linearity test
  passes for x
• Thus, if linearity test passed on many xs, disc
  is probably homomorphism

123
Proof

• f() maps finite group to (possibly infinite)
  group
• Mod
• Integer Mult
• Modular Mult
• g() and disc() map same groups

124
Proof

• Recall homomorphisms map subgroups to subgroups
• Thus, homomorphism disc() can only map domain
  group to finite subgroup of range group
• Question Does range group have finite subgroups?
• (besides 0B)

125
Proof

• Range group no finite subgroups besides 0B
• Then disc must map domain group to 0B
• disc(x) 0B
• (On most xs, since disc probably homomorphism)

Finite Group
Infinite Group
0
Homomorphism
126
Proof

• Range group has real finite subgroups
• Each subgroup must have generators
• Those generators are products of the groups
  generators
• Neighbor test
• For each generator gi
• Ensures any such subgroup must be 0B

127
Proof

• Thus, disc(x) 0B (with high probability)
• Recall disc(x) g(x) P-1(x)
• Thus, P(x) g(x) (with high probability)
• g() still undefined linear function
• Assumption P(x) f(x) on many inputs
• Fact if two linear functions equal on gt1 point,
  they are same function
• Thus, g f and P(x)f(x) (with high probability)

128
Summary of Self-Testers

• Can verify if P(x)f(x) with high probability
• Useful information to know
• Required for self-correctors to work reliably
• Simple implementation
• Constant bound loop
• A few additions, multiplications, etc.
• Can be self-corrected themselves

129
Summary

• Paper presents the basics of broader theory of
  self-testing/-correcting
• Some additional related papers
• S. Ravikumar and D. Sivakumar. "Efficient
  Self-Testing of Linear Recurrences".
• Expands these testers to test linearity in bulk
  fashion for linear recurrences
• Ronitt Rubinfeld and Madhu Sudan. "Robust
  Characterizations of Polynomials with
  Applications to Program Testing", SIAM Journal on
  Computing, 1996.
• Funda Ergun, S. Ravi Kumar and Ronnitt Rubinfeld.
  "Checking Approximate Computations of Polynomials
  and Functional Equations", IEEE Conference on
  Foundations of Computer Science, 1996.