Certification of Computational Results Greg Bronevetsky

1
Certification of Computational ResultsGreg
Bronevetsky
2
Background

• Technique proposed by
• Gregory F. Sullivan
• Dwight S. Wilson
• Gerald B. Masson
• All from Johns Hopkins CS Department.

3
Overview

• Trying to do fault detection without the severe
  overhead of replication.
• Certification Trails are a manual approach that
  has that programmer provide additional code to
  have the program check itself.
• A program generates a certification trail that
  details its work.
• A checker program can use this trail to verify
  that the output is correct in asymptotically less
  time.
• Several examples provided. No automation.

4
Roadmap

• We will cover some algorithms to which the
  Certification Trails technique has been applied
• Sorting
• Convex Hull
• Heap Data Structures
• The addition of Certification Trails and the
  creation of the Checker is done manually by the
  programmer in all cases.

5
Trail for Sorting

• In order to verify the output of a sorting
  algorithm we must check that
• The sorted items are a permutation of the
  original input items.
• The sorted items appear in a non-decreasing order
  in the sorter's output.
• Thus, the trail should contain all the items in
  their original order, each labeled with its
  location in the sorted list.

6
Sorting Checker

• A Sorting Checker must
• Use the labels to place all elements into their
  sorted spots and verify that this results in a
  non-decreasing order.
• Verify that no two elements are placed in the
  same location in the ordered list.
• The Sorter takes O(n2) or O(n log n) time.
• The Checker takes O(n) time.
• Checker is asymptotically faster than Sorter.

7
Convex Hull Problem
Given a set of points on a 2D plane, find a
subset of points that forms a convex hull around
all the points.
8
Convex Hull Step 1
Points sorted in order of increasing slope
relative to P1
P1 is the point with the least x-coordinate.
9
Convex Hull Invariant
All the points not on the Hull are inside a
triangle formed by P1 and two successive points
on the Hull.
P6
P8
P5
P7
P4
P3
P1
P2
10
Convex Hull Invariant
We know that P3 is not a Hull point because the
clockwise angle between lines and
is 180º.
P6
P8
P5
P7
P4
180º
P3
P1
P2
11
Convex Hull Invariant
P6
P8
P5
P7
P4
P1
lt 180º
P3
P2
12
Convex Hull Algorithm

• Add P1, P2 and P3 to the Hull.
• (Note P1, P2 and Pn must be on the Hull.)
• For Pk P4 to Pn
• ... trying to add Pk to the Hull ...
• Let QA and QB be the two points most recently
  added to the Hull
• While the angle formed by QA, QB and Pk 180
• remove QB from the Hull since it is inside the
  triangle P1, QA, Pk.
• Add Pk to the Hull.

13
Trail for Convex Hull

• Augment Program to
• Output q1, q2, ..., qm the indexes of the
  points on the hull.
• Output a proof of correctness for x1, x2, ...,
  xr all points not on the Hull in the form of
  the triangle that contains it.

14
Convex Hull Checker

• Checker must check that
• There is a 1-1 correspondence between input
  points and q1, q2, ..., qm U x1, x2, ..., xr.
• All points in the triangle proofs correspond to
  input points.
• Each point in in the triangle proofs actually
  lies in the given triangle.
• Every triple of supposed Hull points forms a
  convex angle.
• There is a unique locally maximal point on the
  hull.

15
Asymptotic Runtimes

• Original Convex Hull Algorithm takes O(n log n)
  time to sort and the Hull construction loop takes
  only O(n) time.O(n log n)-time total.
• Convex Hull Checker runs thru the set of points
  once for each check.O(n)-time total.
• Checker asymptotically faster than Original.

16
Certification Trails for Data Structures

• Lets have a data structure for storing value/key
  pairs, ordered lexicographically(key, val) lt
  (key', val') iff valltval' or
  (valval' and keyltkey')
• Operations
• member(key) returns whether key is mapped to
  some val.
• insert(key, val) inserts a pair (key, val) into
  the data structure.
• delete(key) deletes the pair that contains key.

17
Data Structure Specs

• Data Structure Operations
• changekey(key, newval) executed when the pair
  (key, oldval) exists in the data structure.
  Removes this pair and inserts the pair (key,
  newval)
• deletemin() deletes the smallest pair (according
  to the ordering). Returns empty if the data
  structure contains no pairs.
• predecessor(key) returns the key of the pair
  that immediately precedes key's pair or
  smallest if there is no such pair.
• empty() returns whether the data structure is
  empty.

18
Data Structure Implementation

• Such a Data Structure can be implemented via an
  AVL tree, a red-black tree or a b-tree.
• Most operations will take O(log n) time.
• We can augement implementations to generate a
  certification trail
• insert(key, val) output the key of the
  predecessor of the newly inserted pair (key,
  val). If there is no predecessor, output
  smallest.
• changekey(key, newval) output predecessor of
  the new pair (key, newval). If there is no
  predecessor, output smallest.

19
Data Structure Checker

• A Checker for any program using the above data
  structure can use the certification trail to
  implement a much faster data structure.
• All operations can be done in O(1) time.
• Resulting program will be faster than original
  program. Maybe asymptotically faster.

20
Optimized Data Structure

• A doubly linked list of (key, val) pairs, sorted
  according to the pair ordering relation.
• An array indexed by keys, containing pointers to
  (key, val) pairs corresponding to the indexes.
• The first pair (with key0) contains valuesm,
  which is defined to be smaller than any other
  possible value.

21
Optimized Data Structure

• Optimized data structure operations
• insert(key, val)
• Read from trail prec_key the key of the pair
  preceding the new (key, val) pair.
• Check that it is a valid index.
• Look at the pair pointed to by arrayprec_key.
• Verify that it is ?null.
• Place the (key, val) pair at index key, following
  the (prec_key, prec_val) pair.
• Check that before the insert() arraykey was
  null.
• Ensure that (key, val) is greater than its
  predecessor and less than its successor.

22
Optimized Insert Example
Result of the call insert(5, 62)
23
Optimized Data Structure

• Optimized data structure operations
• delete(key) Remove the pair pointed to by
  arraykey.
• Ensure that arraykey?null.
• changekey(key, newval) Call delete(key),
  followed by insert(key, newval). These calls will
  check all necessary conditions.
• deletemin() Look at the pair that follows the
  pair (0,sm) (pointed to by array0).
• If no such pair, return empty.
• Else, if there exists pair (key, val), then
  remove it and set arraykey to null.
• empty() Return whether there is a pair following
  the pair (0,sm).

24
Optimized Data Structure

• Optimized data structure operations
• member(key) return whether arraykeynull.
• predecessor(key)
• Look at the pair pointed to by arraykey.
• Follow its backward link to its predecessor pair.
• If the predecessor pair is (0,sm) then return
  smallest.
• Else, return the key field of that pair.
• Note that all the operations can be done in O(1)
  time.

25
Shortest Path

• A Shortest Path algorithm was implemented using
  the above algorithm.
• The original program used the original data
  structure that produced a certification trail.
• The checker version was identical to the original
  except that its data structure was the optimized
  version that used the trail.
• Original runtime O(mlog n)
• Checker runtime O(m)
• (mnumber of edges, nnumber of nodes)

26
Performance Sort

• Basic Algorithm Sorting algorithm with no
  certification trails.
• 1st Execution Sorter that produces
  certification trail.
• 2nd Execution Checking algorithm that uses the
  trail.
• Speedup factor of improvement of 2nd vs Basic.
• Savings of 1st 2nd trails execution over
  running Basic twice.

27
Performance Sort
28
Performance Convex Hull
29
Performance Shortest Path
30
Summary of Experiments

• The overhead of generating a certification trail
  is about 2.
• The checker run is much faster than the original.
  It can be run on much slower hardware or use a
  formally verified language.

31
Application to Byzantine Failures

• Current technique is completely manual. No known
  way to automatically convert a program to
  generate a trail.
• We may develop libraries that use the
  Certification Trails technique, allowing us to
  catch errors in a large fraction of a program.
• Door open to Failure Recovery when an error is
  detected the checker goes back to using original
  code to redo the work.