A Compositional Approach to Network Algorithms

# A Compositional Approach to Network Algorithms

Assaf Kfoury
Boston University
Boston, Massachusetts
kfoury@bu.edu
Partially supported by NSF awards CCF-0820138 and CNS-1135722. This is an updated version of a report that was largely completed and circulated since 2014 [37].
July 26, 2019
###### Abstract

We present elements of a typing theory for flow networks, where “types”, “typings”, and “type inference” are formulated in terms of familiar notions from polyhedral analysis and convex optimization. Based on this typing theory, we develop an alternative approach to the design and analysis of network algorithms, which we illustrate by applying it to the max-flow problem in multiple-source, multiple-sink, capacited directed planar graphs.

## 1 Introduction

#### Background and motivation.

The work reported herein stems from a group effort to develop an integrated enviroment for system modeling and system analysis that are simultaneously: modular (“distributed in space”), incremental (“distributed in time”), and order-oblivious (“components can be analyzed and assembled in any order”). These are the three defining properties of what we call a compositional approach to system development. Several papers explain how this environment is defined and used, as well as its current state of development and implementation [4, 5, 6, 35, 34, 47]. An extra fortuitous benefit of our work has been a fresh perspective on the design and analysis of network algorithms.

For this approach to succeed at all, we need to appropriately encapsulate a system’s components as they are modeled and become available for analysis:111In this Introduction, a “component” is not taken in the graph-theoretic sense of “maximal connected subgraph”. It here means a “subnetwork” (or, if there is an underlying graph, a “subgraph”) with input and output ports to connect it with other “subnetworks”. We hide their internal workings, but also infer enough information to safely connect them at their boundaries and to later guarantee the safe operation of the system as a whole. The inferred information has to be formally encoded, and somehow composable at the interfaces, to enforce safety invariants throughout the process of assembling components and later during system operation. This is precisely the traditional role assigned to types and typings in a different context – namely, for a strongly-typed programming language, their purpose is to enforce safety invariants across program modules and abstractions. Naturally, our types and typings will be formalized differently here, depending on how we specify systems and on the choice of invariant properties.222Example of a safety invariant for programs: “A boolean value is never divided by .” Example of a safety invariant for networks: “Conservation of flow is never violated at a network node.”

To illustrate our methodology, we consider the classical max-flow problem in capacited directed graphs.333A comprehensive survey of algorithms for the max-flow problem is nearly impossible, as it is one of the most studied optimization problems over several decades. A broad classification is still useful, depending on concepts, proof techniques and/or graph restrictions. There is the family of algorithms based on the concept of augmenting path, starting with the Ford-Fulkerson algorithm in the 1950’s [21]. A refinement of the augmenting-path method is the blocking flow method [19]. A later family of max-flow algorithms uses the preflow push (or push relabel) method [23, 27]. A survey of these families of max-flow algorithms to the end of the 1990’s is in [24, 2]. Later papers combine variants of augmenting-path algorithms and related blocking-flow algorithms, variants of preflow-push algorithms, and algorithms combining different parts of all of these methodologies [41, 26, 25, 43]. Another late entry in this plethora of approaches uses the notion of pseudoflow [29, 12]. The most recent research includes max-flow algorithms restricted to planar graphs [8, 39, 9, 20], approximate max-flow algorithms restricted to undirected graphs [46, 33], and approximate and exact max-flow algorithms restricted to uncapacited undirected graphs using concepts of electrical flow [15, 40]. Since it comes at no extra cost for us, we simultaneously consider the min-flow problem as well as the presence of multiple sources and multiple sinks. The min-flow problem is meaningful only if arcs are assigned lower-bound capacities (or thresholds) which feasible flows are not allowed to go under. Every arc in our networks is therefore assigned two capacities, one lower bound and one upper bound.

For favorable comparison with other approaches, as far as run-time complexities are concerned, we limit our attention to planar networks, a sufficiently large class with many practical applications. It is also a class that has been studied extensively, often with further restrictions on the topology (e.g., undirected graphs vs. directed graphs) and/or the capacities (e.g., integral vs. rational). None of the latter restrictions are necessary for our approach to work. However, as of now, if we lift the planarity restriction, our run-time complexities exceed those of other approaches.

We stress that our methodology has applicability beyond the max-flow problem: It can be applied to tackle other network-related algorithmic problems, with different or additional measures of what qualify as desirable solutions, even if the associated run-time complexities are not linear or nearly linear.

#### Overview of our methodology.

The central concept of our approach is what we call a network typing. To make this work, a network (or network component) is allowed to have “dangling” arcs; in effect, is allowed to have multiple sources or input arcs (i.e., arcs whose tails are not incident to any node) and multiple sinks or output arcs (i.e., arcs whose heads are not incident to any node). Given a network , now with multiple input arcs and multiple output arcs, a typing for is an algebraic characterization of all the feasible flows in – including, in particular, all maximum feasible flows and all minimum feasible flows.

More precisely, a sound typing for network specifies constraints on the latter’s inputs and outputs, such that every assignment of values to its input/output arcs satisfying these constraints can be extended to a feasible flow in . Moreover, if the input/output constraints specified by are satisfied by every input/output assignment extendable to a feasible flow , then we say that is complete for . In analogy with a similar concept in strongly-typed programming languages, we call principal a typing which is both sound and complete – and satisfying a few additional syntactic requirements for easier inference of types and typings.

In our formulation, a typing for network defines a compact convex polyhedral set (or polytope), which we denote , in the vector space , where is the set of reals, and and are the numbers of input arcs and output arcs in . An input/output assignment satisfies if , viewed as a point in the space , is inside . Hence, is a sound typing (resp. sound+complete or principal typing) if is contained in (resp. equal to) the set of all input/output assignments extendable to feasible flows in .

Let and be principal typings for networks and . If we connect and by linking some of their output arcs to some of their input arcs, we obtain a new network which we denote (only in this introduction) . One of our results shows that a principal typing of can be obtained by direct (and relatively easy) algebraic operations on and , without any need to re-examine the internal details of the two components and . Put differently, an analysis (to produce a principal typing) for the assembled network can be directly and easily obtained from the analysis of and the analysis of .

What we have just described is the counterpart of what programming-language theorists call a modular (or syntax-directed) analysis (or type inference), which infers a type for the whole program from the types of its subprograms, and the latter from the types of their respective subprograms, and so on recursively, down to the types of the smallest program fragments.444We will make a distinction between a “type” and a “typing”, similar to a distinction made by programming-language theorists.

Because our network typings denote polytopes, we can in fact make our approach not only modular but also compositional, now mathematically stated as follows: If and are sound and complete typings for networks and , then the calculation of and the calculation of can be done independently of each other; that is, the analysis (to produce ) for and the analysis (to produce ) for can be carried out separately without prior knowledge that the two will be subsequently assembled together.555In the study of programming languages, there are type systems that support modular but not compositional analysis. What is compositional is modular, but not the other way around. A case in point is the so-called Hindley-Milner type system for ML-like functional languages, where the order matters in which types are inferred: Hindley-Milner type-inference is not order-oblivious.

Given a network partitioned into finitely many components with respective principal typings , we can then assemble these typings in any order to obtain a principal typing for the whole of . Efficiency in computing the final principal typing depends on a judicious partitioning of , which is to decrease as much as possible the number of arcs running between separate components, and again recursively when assembling larger components from smaller components. At the end of this procedure, every input/output assignment extendable to a maximum feasible flow in , and every input/output assignment extendable to a minimum feasible flow , can be directly read off the final typing – but observe: not and themselves.

#### Whole-network versus compositional.

We qualified our approach as being compositional because a network is not required to be fully assembled, nor its constituent components to be all available, in order to start an analysis of those already in place and connected. What’s more, an already-connected component can be removed and swapped with another one , as long as and have the same typing, i.e., as far as the rest of the network is concerned, the invariants encoded by typings are oblivious to the swapping of and . In the conventional categories of algorithm design and analysis, our compositional approach can be viewed as a form of divide-and-conquer that allows the re-design of parts without forcing a re-analysis of the same parts.

These aspects of compositionality are important when modeling very large networks which may contain broken or missing components, or failure-prone and obsolete components that need to be replaced. But if these aspects do not matter, then there is an immediate drawback to our compositional approach, as currently devised and used: It returns the value of a maximum flow , but not itself.

By contrast, other approaches (any of those cited in footnote 3) construct a specific maximum flow , whose value can be immediately read off from the total leaving the source(s) or, equivalently, the total entering the sink(s). We may qualify the other approaches as being whole-network, because they presume all the pieces (nodes, arcs, and their capacities) of a network are in place before an analysis is started.

There is more than one way to bypass the forementioned drawback of our compositional approach, none entirely satisfactory (as of now). A natural but costly option is to augment the information that typings encode: A typing is made to also encode information about paths that carry a maximum flow in the component for which is a principal typing, but the incurred cost is prohibitive, generally exponential in the external dimension of the component (the number of its input/output ports).666It is not a trivial matter to augment a typing for a network component so that it also encodes information about max-flow paths in . It is out of the question to retain information about all max-flow paths. What needs to be done is to encode, for every “extreme” input/output assignment extendable to a max-flow, just one path or path-combination carrying a max-flow extending . (An input/output assignment is extreme if, as a point in the space , it is a vertex of .) The cost of this extra encoding grows exponentially with . From the perspective of compositionality, this exponential growth adds to another disadvantage: The more information we make the typing to encode about ’s internals beyond safety invariants – unless the choice of internal paths in to carry max-flows is taken as another safety condition – the fewer the components of which is a typing that we can substitute for , thus narrowing the range of experimentation and possible substitutions between components during modeling and analysis.

A more promising option is a two-phase process, yet to be investigated. In the first phase, we use our compositional approach to return the value of a max-flow. In the second phase, we use this max-flow value to compute an actual maximum flow in the network. It remains to be seen whether this is doable efficiently, or within the resource bounds of our algorithms below. We delay this question to future research.

#### Highlights and wider connections.

Our main contribution in this report is a different framework for the design and analysis of network algorithms, which we here illustrate by presenting a new algorithm for the classical max-flow problem. When restricted to the class of planar networks with bounded “outerplanarity” and bounded “external dimension”, our algorithm runs in linear time.

The external dimension (or interface dimension) of a network is the number of its input/output ports, i.e., the number of its sources the number of its sinks. A network’s planar embedding has outerplanarity if it has layers of nodes, i.e., after iteratively removing the nodes (and incident arcs) on the outer face at most times, we obtain the empty network. A planar network is of outerplanarity if it has a planar embedding (not necessarily unique) of outerplanarity . A more precise statement of our final result is this:

Given fixed parameters and , for every planar -node network of outerplanarity and external dimension , our algorithm simultaneously returns a max-flow value and a min-flow value in time , where the hidden multiplicative constant depends on and only.777The usual trick of directing new arcs from an artificial source node to all source nodes and again from all sink nodes to an artificial sink node, in order to reduce the case of sources and sinks to the single-source single-sink case, generally destroys the planarity of and cannot be used to simplify our algorithm.

Our final algorithm combines several intermediate algorithms, each of independent interest for computing network typings. We mention several salient features that distinguish our approach:

1. Nowhere do we invoke a linear-programming algorithm (e.g., the simplex network algorithm). Our many optimizations relative to linear constraints are entirely carried out by various transformations on networks and their underlying graphs, and by using no more than the operations of addition, subtraction, and comparison of numbers. At the end, our complexity bounds are all functions of only the number of nodes and arcs, and are independent of costs and capacities, i.e., these are strongly-polynomial bounds.

2. In all cases, our algorithms do not impose any restrictions on flow capacities and costs. These capacities and costs can be arbitrarily large or small, independent of each other, and not restricted to integral values.

3. Part of our results are a contribution to the vast body of work on fixed-parameter low-degree-polynomial time algorithms, or linear-time algorithms, for problems that are intractable (e.g., NP-hard) or impractical on very large input data (e.g., non-linear polynomial time) when these parameters are unrestricted.888A useful though somewhat dated survey of efficient fixed-parameter algorithms is [7]. A recent survey in a focused area (transportation engineering) is [22] where parameter-tuning refers to alternatives in selecting fixed-parameter algorithms.

4. In the process of building a full system from smaller components, interface dimensions figure prominently in our analysis. The quality of our results, in minimizing algorithm complexities and simplifying their proofs, depends on keeping interface dimensions as small as possible. This part of our work rejoins research on efficient algorithms for graph separators and decomposition. (One of our results below depends on the linear-time computation of an optimal partioning of a -regular planar embedding.)

#### Organization of the report.

This introduction and the following sections until the reference pages, less than ten pages, are an extended abstract, which includes several propositions and theorems without their proofs. Proofs and further technical material in support of claims in the earlier part of the report are in the four appendices after the reference pages. Sections 2, 3, and 4, present elements of our compositional approach. Section 5 is our application to the max-flow problem in planar networks. Section 6 presents immediate extensions of this report and proposes directions for future research.

## 2 Flow Networks and Their Typings

We take flow networks in their simplest form, as capacited finite directed graphs. We repeat standard notions [1], but now adapted to our context.999For our purposes, we need a definition of flow networks that is more arc-centric and less node-centric than the standard one. Such alternative definitions have already been proposed (see, for example, Chapter 2 in [38]), but are still not the most convenient for us. A flow network is a pair , where is a finite set of nodes and a finite set of directed arcs, with each arc connecting two distinct nodes (no self-loops and no multiple arcs in the same direction connecting the same two nodes). We write and for the sets of reals and non-negative reals. Such a flow network is supplied with capacity functions on the arcs, (lower-bound capacity) and (upper-bound capacity), such that and for every .

We write and for the two ends of arc . The set of arcs is the disjoint union of three sets, i.e., where:

 A\# := {a∈A|\em head(a)∈N \& \em tail(a)∈N} (the internal arcs of N), Ain := {a∈A|\em head(a)∈N \& \em tail(a)∉N} (the input arcs of N), Aout := {a∈A|\em head(a)∉N % \& \em tail(a)∈N} (the output arcs of N).

A flow is a function which, if feasible, satisfies “flow conservation” at every node and “capacity constraints” at every arc, both defined as in the standard formulation [1].

We call a bounded closed interval of real numbers (possibly negative) a type. A typing is a partial map (possibly total) that assigns types to subsets of the input and output arcs. Formally, is of the following form, where and is the power-set operator, :101010The notation “” is ambiguous, because it does not distinguish between input arcs and output arcs. We use it nonetheless for succintness. The context will always make clear which members of are input arcs and which are output arcs.

i.e., is the set of bounded closed intervals. As a function, is not totally arbitrary and satisfies conditions that make it a network typing; in particular, it will always be that , the latter condition expressing the fact that the total amount entering a network must equal the total amount exiting it.111111We assume there are no producer nodes and no consumer nodes in . In the presence of producers and consumers, our formulation here of flow networks and their typings has to be adjusted accordingly (details in [36]).

An input/output assignment (or IO assignment) is a function . For a flow or an IO assignment , we say satisfies the typing iff, for every such that is defined and , we have:

where means . In words, this says that the “sum of the values assigned by to input arcs” minus the “sum of the values assigned by to output arcs” is within the interval .

## 3 Principal Typings

We say a typing is sound for network if:

• Every IO assignment satisfying is extendable to a feasible flow in .

A sound typing is one that is generally more conservative than required to prevent system’s malfunction: It filters out all unsafe IO assignments, i.e., not extendable to feasible flows, and perhaps a few more that are safe.

For our application here (max-flow and min-flow values), not only do we want to assemble networks for their safe operation, we want to operate them to the limit of their safety guarantees. We therefore use the two limits of each interval/type to specify the exact minimum and the exact maximum that an input/output arc (or a subset of input/output arcs) can carry across interfaces. We thus say a typing is complete for network if:

• Every feasible flow in satisfies .

Every min-flow in and every max-flow in satisfy a sound and complete typing for .

Let and , and assume a fixed ordering of the arcs in . An IO assignment specifies a point, namely , in the vector space , and the collection of all IO assignments satisfying a typing form a compact convex polyhedral set (or polytope) in the first orthant , which we denote . Using standard notions of convexity in vector spaces and polyhedral analysis [45, 10], the following are straightforward:

###### Proposition 1 (Sound and Complete Typings Are Equivalent).

If and are sound and complete typings for the same network , then .

###### Proposition 2 (Sound Typings Are Subtypings of Sound and Complete Typings).

If is a sound and complete typing for network and is a sound typing for the same , then .

The “subtyping” relation is contravariant w.r.t. “”. We say two networks and are similar if they have the same number of input arcs and same number of output arcs. Proposition 2 implies this: Given similar networks and , with respective sound and complete typings and , if , i.e., if is a subtyping of , then can be safely substituted for , in any assembly of networks containing .121212An assignment of values to the input arcs (resp. output arcs) of a network does not uniquely determine the values at its output arcs (resp. input arcs) in the presence of multiple input/output arcs. In that sense, flow moves non-deterministically between input arcs and output arcs. Non-determinism is usually classified in two ways: angelic and demonic, according to whether it proceeds to favor a desirable outcome or to obstruct it. Our notion of subtyping here, and with it the notion of safe substitution, presumes that the non-determinism of flow networks is angelic. For the case when non-determinism is demonic, “subtyping between network typings” has to be defined in a more restrictive way. We elaborate on this question in Appendix D.

One complication when dealing with typings as polytopes are the alternatives in representing them (convex hulls vs. intersections of halfspaces). We choose to represent them by intersecting halfspaces, with some (not all) redundancies in their defining linear inequalities eliminated. We thus say the typing is tight if, for every for which is defined and every , there is an IO assignment such that:

Informally, is tight if no defined contains redundant information.

Another kind of redundancy occurs when an interval/type is defined for some with even though there is no communication between and . We eliminate this kind of redundancy via what we call “locally total” typings. We need a preliminary notion. A network is a subnetwork of network if and such that:

 B\# = {a∈A|\em head(a)∈M \& \em tail(a)∈M}, Bin = {a∈A|\em head(a)∈M \& \em tail(a)∉M}, Bout = {a∈A|\em head(a)∉M % \& \em tail(a)∈M}.

We also say is the subnetwork of induced by . The subnetwork is a component of if is connected and , , and , i.e., is a maximal connected subnetwork of . If network contains two distinct component and , there is no communication between and , and the typings of the latter two can be computed independently of each other. We say a typing for is locally total if, for all components and of , and all and :

• The interval/type is defined.

• If and , the interval/type is not defined.

Whereas “tight” and “locally total” can be viewed (and are in fact) properties of a typing , independent of any network for which is a typing, “sound” and “complete” are properties of relative to a particular . If has only one component (itself), a locally-total typing for is a total function on . We can prove:

###### Theorem 3 (Uniqueness of Locally Total, Tight, Sound and Complete Typings).

For all networks , there is a unique typing which is locally total, tight, sound and complete – henceforth called the principal typing of .

The principal typing of is a characterization of all IO assignments extendable to feasible flows in .131313A related result is established in [28] by a different method that invokes a linear-programming procedure. The motivation for that latter work, different from ours, is whether the external (i.e., input/output) flow pattern of a multiterminal network can be completely described independently of the size of . In particular, if is connected, its min-flow and max-flow values are the two limits of the type , or equivalently, the negated two limits of . Theorem 3 implies that two similar networks and are equivalent iff their principal typings are equal, regardless of their respective sizes and internal details.

We can compute a principal typing typing via linear-programming (but we do not): For every component of and every , we specify an objective to be minimized and maximized, corresponding to the two limits of the type , relative to the collection of flow-preservation equations (one for each node) and capacity-constraint inequalities (two for each arc). Following this approach in the proof of Theorem 3, it is relatively easy to show that the resulting is locally total, tight, and complete – but it takes non-trivial work in polyhedral analysis to prove that is also sound. Besides being relatively expensive (the result of invoking a linear-programming procedure), the drawback of this approach is that it is whole-network, as opposed to compositional, requiring prior knowledge of all constraints in before can be computed.

## 4 Disassembling and Reassembling Networks

In earlier reports [4, 5, 6, 35, 34], we used our compositional approach to model/design/analyze systems incrementally, from components that are supplied separately at different times. Here, we assume we are given all of a network at once, which we then disassemble into its smallest units (i.e., one-node components), compute their principal typings, and then combine the latter to produce a principal typing for . Because we are given all of at once, we can control the order in which we reassemble it. A schematic example is Figure 1.

The process of disassembling involves “cutting in halves” some of its internal arcs: If internal arc is cut in two halves, then we remove and introduce a new input arc with and a new output arc with . Formally, given a two-part partition of , we define:

is the set of internal arcs that are not cut or that have had their two halves reconnected.

Given the initial network where every internal arc is connected, we define another network where every internal arc is cut into two halves and . The input arcs and output arcs of are therefore: and , respectively, with . is a network of one-node components. If we call the fully disassembled network:

we reassemble the original by defining the sequence of networks: where and for every , where is the operation that splices and . What we call the binding schedule is the order in which the internal arcs are spliced, i.e., if:

then , where . If is a connected network, we write for the external dimension of . For each of the intermediate networks with , we define:

and also . Without invoking a linear-programming procedure and only using the arithmetical operators on arc capacities, we can prove:

###### Theorem 4 (Principal Typing of N from the Principal Typing of BreakUp(N) in Stages).
1. We can compute the principal typing of a one-node network in time where .

2. We can compute ’s principal typing from ’s principal typing in time where .

3. Let be reassembled from using the binding schedule . We can compute the principal typing of in time where .

Part 3 in Theorem 4 follows from parts 1 and 2. It implies that, to minimize the time to compute a principal typing for network , we need to minimize . There are natural network topologies for which there is a binding schedule with constant or slow-growing as a function of and . Section 5 is an example.

## 5 An Application: Max-Flows and Min-Flows in Planar Networks

There is a wide range of algorithms for the max-flow problem. Some produce exact max-flows, others approximate max-flows [46, 33]. They all achieve nearly linear time in the graph size – but not quite linear, unless arc capacities obey restrictions [20, 40]. A recent result is the following: There exists an algorithm that solves the max-flow problem with multiple sources and sinks in an -node directed planar graph in time [9].

Our type-based compositional approach offers an alternative, with other benefits unrelated to algorithm run-time. Assume is given with a planar embedding already, i.e., we do not have to compute the embedding (which can be computed in linear time in any case [44]). Every planar embedding of an undirected graph has an outerplanarity , and so does therefore the network by considering its underlying graph where all arcs directions are ignored.141414Also ignoring two parallel arcs resulting from omitting arc directions in two-node cycles. The planar embedding of has outerplanarity if deleting all the nodes on the unbounded face leaves an embedding of outerplanarity .151515The “outerplanarity index” and the “outerplanarity” of an undirected graph are not the same thing. The outerplanarity index of is the smallest integer such that has a planar embedding of outerplanarity . To compute the outerplanarity index of , and produce a planar embedding of of outerplanarity its outerplanarity index, is not a trivial problem, for which the best known algorithm requires quadratic time in general [32] – which, if we used it to pre-process the input to our algorithm in Theorem 5, would upend its final linear run-time. On the other hand, a planar embedding of of outerplanarity = -approximation of its outerplanarity index can be found in linear time, also shown in [32]. Although an interesting problem, we do not bother with finding a planar embedding of of outerplanarity matching its outerplanarity index. It is worth noting that for a tri-connected planar network, “outerplanarity” and “outerplanarity index” are the same measure, since the planar embedding of a tri-connected graph is unique ([17] or Section 4.3 in [18]). However, there are very simple examples of bi-connected, but not tri-connected, planar networks with planar embeddings of arbitrarily large outerplanarity but whose outerplanarity index is as small as . An example of a -outerplanar embedding is the network shown in Figure 1. Based on Theorem 4, we can prove:

###### Theorem 5 (Principal Typing of Planar Network).

If an -node network is given in a planar embedding of outerplanarity , with input ports and output ports, we can compute a principal typing for in time where the hidden multiplicative constant depends only on , and .

If the algorithm in Theorem 5 is made to work on the planar embedding of a -regular network (e.g., the network in Figure 1), it proceeds by disassembling and reassembling in a manner to minimize the interface dimension of all components in intermediate stages (as in Figure 1). The proof of Theorem 5 is a simple generalization of this operation to the -regular planar embedding of an arbitrary planar , based on:

###### Lemma 6 (From Arbitrary Networks to 3-Regular Networks).

Let be a flow network, not necessarily planar. In time , we can transform into a similar network such that:

1. There are no two-node cycles in .

2. The degree of every node in is .

3. Every typing is principal for iff is principal for .

4.  and  ,  where .

5. If is given in a -outerplanar embedding, is returned in a -outerplanar embedding with .

The proofs for parts 1-4 in Lemma 6 are relatively straightforward, only the proof for part 5 is complicated. An immediate consequence of Theorem 5 is: For every , we have an algorithm which, given an arbitrary -node network in a planar embedding of outerplanarity and external dimension , simultaneously computes a max-flow value and a min-flow value in time .

## 6 Extensions and Future Work

There are natural generalizations that will provide material for a more substantial comparison with other approaches. Among such generalizations:

1. Adjust the formal framework to handle the commonly-considered cases of:

• multicommodity flows (formal definitions in [1], Chapt. 17)

• minimum-cost flows, minimum-cost max flows, and variations (formal definitions in [1], Chapt. 9-11)

These cases introduce new kinds of linear constraints, often more general than flow-conservation equations and capacity-constraint inequalities (as in this report), where all coefficients are or .

2. Identify natural network topologies that are amenable to the kind of examination we already applied to planar networks, following the presentation in Section 5 and leading to similar results.

Beyond commonly-studied generalizations and topologies, there are a number of questions more directly related to the fine-tuning of our approach and/or to the modeling and analysis of networking systems.

Among such questions are practical situations where flows are regulated by non-linear constraints. For example, a common case is that of a non-linear convex cost function which may or may not be transformed into a piecewise linear cost function (Chapt. 14 in [1]). Another example is provided by mass conservation, more general than flow conservation: If denotes the “density” of the flow carried by arc/channel and the “velocity” at which it travels along , then mass conservation at node is expressed as the non-linear constraint: which is equivalent to flow conservation at node only when velocity is uniformly the same on all arcs.161616Velocity is measured in unit distance/unit time, e.g., mile/hour. Density is measured in unit mass/unit distance, e.g., ton/mile. Hence, the value of on arc is measured in unit mass/unit time, e.g., ton/hour, commonly called the mass flow on .

We leave all of the preceding questions for future research. Below we mention three specific directions under current investigation.

#### Leaner Representations of Principal Typings.

We have not eliminated all redundancies in our representation of principal typings. The presence of these redundancies increases the run-time of our algorithms, as well as complicates the process of inferring typings and reasoning about them. For example, by Lemma 12 in Appendix B, if is a two-part partition of and is the principal typing (as defined in this report) for a network with input/output arcs , then , which means that at most one of the two intervals/types, and , is necessary for defining .

For two concrete examples, consider typings and in Examples 9 and 10 in Appendix A. These are principal typings. In addition to the interval/type assigned to and , which is always , the remaining intervals/types are “symmetric”, in the sense that whenever . Hence, type assignments will suffice to uniquely define and .

This is a general fact: For a network of external dimension , at most non-zero interval/type assignments are required to uniquely define a tight, sound, and complete, typing for . Hence, we need a weaker requirement than “locally total” to guarantee uniqueness of a new notion of “principal typing”.

#### Augmenting Typings for Resource Management.

In recent years, programming-language theorists have augmented types and typings to enforce more than safety invariants. In particular, there are strongly-typed functional languages (mostly experimental now) where types encode information related to resource management and security guarantees. The same can be done with our network typings encoded as polytopes.

For example, researchers in traffic engineering consider objective functions (to be optimized relative to such constraints as “flow conservation”, “capacity constraints”, and others), which also keep track of uses of resources (e.g., see [3]). Possible measurements of resources are – let for all arcs for simplicity:

1. Hop Routing (HR). The hop-routing value of is the number of channels such that .

2. Channel Utilization (CU). The utilization of a channel is defined as .

3. Mean Delay (MD). The mean delay of a channel can be measured by .

HR, CU, and MD, can be taken as objectives to be minimized, along with flow to be maximized, resulting in a more complex optimization problem. But HR, CU, and MD, can also be taken as measures to be composed across interfaces, requiring a different (and simpler) adjustment of our network typings.

#### Sensitivity (aka Robustness) Analysis.

A key concept in many research areas is function robustness or, by another name, function sensitivity.171717For example, in differential privacy, one of the most common mechanisms for turning a (possibly privacy-leaking) query into a differentially private one involves establishing a bound on its sensitivity. The concept appears in programming-language studies, which more directly informed our own work [13, 14]: A program is said to be -robust if an -variation of the input can cause the output to vary by at most . More recently, a type-based approach to robustness analysis of functional programs was introduced and shown to offer additional benefits [16].

The counterpart of function robustness in network-flow problems is sensitivity analysis, which has a longer history (Chapt. 9-11 in [1], Chapt. 3 in [11]). The purpose is to determine changes in the optimal solution of a flow problem resulting from small changes in the data (supply/demand vector or the capacity or cost of any arc). There are two basic different ways of performing sensitivity analysis in relation to flow problems (Chapt. 9 in [1]): (1) using combinatorial methods and (2) using simplex-based methods from linear programming – and both are essentially whole-system approaches.

A natural outgrowth from these earlier studies will be to adapt them to our particular type-based compositional approach. In particular, in our case, robustness analysis should account for the effects of, not only small changes in network parameters, but also complete break-down of an arc/channel or a subnetwork – and, preferably, in such a way as to not obstruct efficient inference of network typings.

## References

• [1] R.K. Ahuja, T. L. Magnanti, and J.B. Orlin. Network Flows: Theory, Algorithms, and Applications. Prentice Hall, Englewood Cliffs, N.J., 1993.
• [2] Takao Asano and Yasuhito Asano. Recent Developments in Maximum Flow Algorithms. Journal of the Operations Research Society of Japan, 43(1), March 2000.
• [3] S. Balon and G. Leduc. Dividing the Traffic Matrix to Approach Optimal Traffic Engineering. In 14th IEEE Int’l Conf. on Networks (ICON 2006), volume 2, pages 566–571, September 2006.
• [4] A. Bestavros, A. Kfoury, A. Lapets, and M. Ocean. Safe Compositional Network Sketches: Tool and Use Cases. In IEEE Workshop on Compositional Theory and Technology for Real-Time Embedded Systems, Wash D.C., December 2009.
• [5] A. Bestavros, A. Kfoury, A. Lapets, and M. Ocean. Safe Compositional Network Sketches: The Formal Framework. In 13th ACM HSCC, Stockholm, April 2010.
• [6] Azer Bestavros and Assaf Kfoury. A Domain-Specific Language for Incremental and Modular Design of Large-Scale Verifiably-Safe Flow Networks. In Proc. of IFIP Working Conference on Domain-Specific Languages (DSL 2011), EPTCS Volume 66, pages 24–47, Sept 2011.
• [7] Hans L. Bodlaender. A Partial -Arboretum of Graphs with Bounded Treewidth. Theoretical Computer Science, 209(1-2):1–45, 1998.
• [8] Glencora Borradaile and Philip Klein. An Algorithm for Maximum st-Flow in a Directed Planar Graph. Journal of the ACM, 56(2):1–30, April 2009.
• [9] Glencora Borradaile, Philip Klein, Shay Mozes, Yahav Nussbaum, and Christian Wulff-Nilsen. Multiple-Source Multiple-Sink Maximum Flow in Directed Planar Graphs in Near-Linear Time. In FOCS 2011, Proc. of 52nd Annual Symposium on Foundations of Computer Science, pages 170–179. IEEE, October 2011.
• [10] S. Boyd and L. Vanderberghe. Convex Optimization. Cambridge University Press, New York, USA, (second printing with corrections) 2009.
• [11] Stephen P. Bradley, Arnoldo C. Hax, and Thomas L. Magnanti. Applied Mathematical Programming. Addison-Wesley, Reading, MA, 1977.
• [12] Bala G. Chandran and Dorit S. Hochbaum. A Computational Study of the Pseudoflow and Push-Relabel Algorithms for the Maximum Flow Problem. Oper. Res., 57(2):358–376, March/April 2009.
• [13] Swarat Chaudhuri, Sumit Gulwani, and Roberto Lublinerman. Continuity and Robustness of Programs. Commun. ACM, 55(8):107–115, August 2012.
• [14] Swarat Chaudhuri, Sumit Gulwani, Roberto Lublinerman, and Sara Navidpour. Proving Programs Robust. In Proc. of 19th ACM SIGSOFT Symposium and the 13th European Conference on Foundations of Software Engineering, ESEC/FSE ’11, pages 102–112, New York, NY, USA, 2011. ACM.
• [15] Paul Christiano, Jonathan A. Kelner, Aleksander Madry, Daniel A. Spielman, and Shang-Hua Teng. Electrical Flows, Laplacian Systems, and Faster Approximation of Maximum Flow in Undirected Graphs. In L. Fortnow and S. P. Vadhan, editors, STOC 2011, Proc. of 43rd Symp. on Theory of Computing, pages 273–282. ACM, 2011.
• [16] Loris D’Antoni, Marco Gaboardi, Emilio Jesús Gallego Arias, Andreas Haeberlen, and Benjamin Pierce. Sensitivity Analysis Using Type-Based Constraints. In Proc. of 1st Annual Workshop on Functional Programming Concepts in Domain-Specific Languages, FPCDSL ’13, pages 43–50, New York, NY, USA, 2013. ACM.
• [17] Samir Datta and Prakriya. Planarity Testing Revisited. Electronic Colloquium on Computational Complexity, 9, 2011.
• [18] Reinhard Deistel. Graph Theory. Springer Verlag, 2012.
• [19] E.A. Dinic. Algorithm for Solution of a Problem of Maximum Flow in Networks with Power Estimation. Soviet Mathematics Doklady, 11:1277–1280, 1970.
• [20] David Eisenstat and Philip N. Klein. Linear-Time Algorithms for Max Flow and Multiple-Source Shortest Paths in Unit-Weight Planar Graphs. In STOC 2013, Proc. of 45th Symp. on Theory of Computing, pages 735–744, June 2013.
• [21] L.R. Ford and D.R. Fulkerson. Maximal Flow Through a Network. Canadian Journal of Mathematics, 8:399–404, 1956.
• [22] Alexandru Florian Gaiu. Sequential Parameter Tuning of Algorithms for the Vehicle Routing Problem. Technical Report Internal Report 2013-04, Computer Science Department, Universiteit Leiden, February 2013.
• [23] Andrew V. Goldberg. A New Max-Flow Algorithm. Technical Report MIT/LCS/TM-291, Laboratory for Computer Science, MIT, 1985.
• [24] Andrew V. Goldberg. Recent Developments in Maximum Flow Algorithms (Invited Lecture). In SWAT ’98: Proc. of 6th Scandinavian Workshop on Algorithm Theory, pages 1–10. Springer Verlag, 1998.
• [25] Andrew V. Goldberg. Two-Level Push-Relabel Algorithm for the Maximum Flow Problem. In Proc. of 5th International Conference on Algorithmic Aspects in Information and Management, AAIM ’09, pages 212–225, Berlin, Heidelberg, 2009. Springer-Verlag.
• [26] Andrew V. Goldberg and Satish Rao. Beyond the Flow Decomposition Barrier. J. ACM, 45(5):783–797, September 1998.
• [27] Andrew V. Goldberg and Robert E. Tarjan. A New Approach to the Maximum Flow Problem. In STOC 1986, Proc. of 18th Annual ACM Symposium on the Theory of Computing, pages 136–146, 1986.
• [28] Torben Hagerup, Jyrki Katajainen, Naomi Nishimura, and Prabhakar Ragde. Characterizing Multiterminal Flow Networks and Computing Flows in Networks of Small Treewidth. Journal of Computer and System Sciences, 57(3):366–375, December 1998.
• [29] Dorit S. Hochbaum. The Pseudoflow Algorithm: A New Algorithm for the Maximum-Flow Problem. Oper. Res., 56(4):992–1009, July 2008.
• [30] Trevor Jim. What Are Principal Typings and What Are They Good For? Tech. memo. MIT/LCS/TM-532, MIT, 1995.
• [31] Trevor Jim. What Are Principal Typings and What Are They Good For? In Proc. of 23rd ACM Symp. on Principles of Programming Languages, pages 42–53, 1996.
• [32] Frank Kammer. Determining the Smallest Such That Is -Outerplanar. In Lars Arge, Michael Hoffmann, and Emo Welzl, editors, Proc. of 15th Annual European Symposium on Algorithms, ESA 2007, pages 359–370. LNCS 4698, Springer Verlag, September 2007.
• [33] Jonathan A. Kelner, Lorenzo Orecchia, Yin Tat Lee, and Aaron Sidford. An Almost-Linear-Time Algorithm for Approximate Max Flow in Undirected Graphs, and its Multicommodity Generalizations. Computing Research Repository (CoRR), abs/1304.2338, 2013.
• [34] Assaf Kfoury. A Domain-Specific Language for Incremental and Modular Design of Large-Scale Verifiably-Safe Flow Networks (Part 1). Technical Report BUCS-TR-2011-011, CS Dept, Boston Univ, May 2011.
• [35] Assaf Kfoury. The Denotational, Operational, and Static Semantics of a Domain-Specific Language for the Design of Flow Networks. In Proc. of SBLP 2011: Brazilian Symposium on Programming Languages, Sept 2011.
• [36] Assaf Kfoury. A Typing Theory for Flow Networks (Part I), CS Dept, Boston Univ, BUCS-TR-2012-021.
• [37] Assaf Kfoury. A Compositional Approach to Network Algorithms. Technical Report BUCS-TR-2013-015, CS Dept, Boston University, November 2013.
• [38] Philip N. Klein. Optimization Algorithms for Planar Graphs. http://planarity.org/, 2012.
• [39] Jakub Lacki, Yahav Nussbaum, Piotr Sankowski, and Christian Wulff-Nilsen. Single Source – All Sinks Max Flows in Planar Digraphs. In IEEE 53rd Annual Symposium on Foundations of Computer Science, volume 0 of FOCS ’11, pages 599–608, Los Alamitos, CA, USA, 2012. IEEE Computer Society.
• [40] Yin Tat Lee, Satish Rao, and Nikhil Srivastava. A New Approach to Computing Maximum Flows Using Electrical Flows. In STOC 2013, Proc. of 45th Symp. on Theory of Computing, pages 755–764. ACM, June 2013.
• [41] G. Mazzoni, S. Pallottino, and M.G. Scutella. The Maximum Flow Problem: A Max-Preflow Approach. European Journal of Operational Research, 53:257–278, 1991.
• [42] Takao Nishizeki and Md. Saidur Rahman. Rectangular Drawing Algorithms. In Roberto Tamassia, editor, Hanbook of Graph Drawing and Visualization, pages 317–348. CRC Press, Baton Rouge, FL, 2013.
• [43] James B. Orlin. Max Flows in Time or Less. In STOC 2013, Proc. of 45th Symposium on the Theory of Computing, pages 765–774. ACM, June 2013.
• [44] Maurizio Patrignani. Planarity Testing and Embedding. In Roberto Tamassia, editor, Hanbook of Graph Drawing and Visualization, pages 1–42. CRC Press, Baton Rouge, FL, 2013.
• [45] A. Schrijver. A Course in Combinatorial Optimization. CWI (the manuscript can be downloaded from the author’s webpage http://homepages.cwi.nl/~lex/), Amsterdam, The Netherlands, 2012.
• [46] Jonah Sherman. Nearly Maximum Flows in Nearly Linear Time. Computing Research Repository (CoRR), abs/1304.2077 (also in Proc. of FOCS 2013), 2013.
• [47] Nate Soule, Azer Bestavros, Assaf Kfoury, and Andrei Lapets. Safe Compositional Equation-based Modeling of Constrained Flow Networks. In Proc. of 4th Int’l Workshop on Equation-Based Object-Oriented Modeling Languages and Tools, Zürich, September 2011.

## Appendix A Appendix: Further Comments and Examples for Section 2 and Section 3

Our notion of a network “typing” as an assignment of intervals/types to members of a powerset resembles in some ways, but is still different from, the notion of a “typing” (different from a “type”) in the study of strongly-typed programming languages. This is quite apart from the differences in syntactic conventions – the first from vector spaces and polyhedral analysis, the second from first-order logic. In strongly-typed programming languages, a “typing” refers to the result of what is called a “derivable typing judgment” and consists of: a program expression ; a type (not a typing) assigned to and, at least implicitly, to every well-formed subexpression of ; and a type environment that includes a type for every variable occurring free in .

Report [31] and the longer [30] are at the origin of this notion of “typing” in programming languages. These two reports also discuss the distinction between “modular” and “compositional”, in the same sense we explained in Section 1, but now in the context of type inference for strongly-typed functional programs. The notion of a “typing” for a program, as opposed to a “type” for it, came about as a result of the need to develop a “compositional”, as opposed to a just “modular”, static analysis of programs.

###### Proof 7 (for Theorem 3).

There are different approaches to proving Theorem 3. One approach relies heavily on polyhedral analysis and invokes a linear-programming procedure (such as the simplex) repeatedly. Moreover, it requires a preliminary collection of all flow-preservation equations (one for each node) and all capacity-constraint inequalities (two for each arc), for the given network , before we can start an analysis to compute the principal typing of . This is the approach taken in [36].

But we can do better here. The alternative is to simply invoke Theorem 4 later in this report. This alternative approach does not use any pre-defined linear-programming procedure, and is also in harmony with our emphasis on “compositionality” – allowing for partial analyses to be incrementally composed.

###### Terminology 8.

In all previous articles that informed the work reported in this report, we made a distinction between valid typings and principal typings (for the same network ). What we called “valid” before is what we call “sound” here, and what we called “principal” before is what we call “sound and complete” here.

What we call “principal” here is not only “sound and complete”, but also satifies uniqueness conditions – in this report, expressed by the notions of “tight” and “locally total”.

The three examples below illustrate several of the concepts in Sections 2 and 3. These are three similar networks, i.e., they each have input arcs and output arcs. Their principal typings are generated using the material in Section 4.

###### Example 9.

Network is shown on the left in Figure 2, where all omitted lower-bound capacities are and all omitted upper-bound capacities are . is an unspecified “very large number”. A min-flow in pushes units through, and a max-flow in pushes units. The value of every feasible flow in will therefore be in the interval . A principal typing for is such that and makes the following type assignments:

 \framebox$a1:[0,15]$ \framebox$a2:[0,25]$ \framebox$−a3:[−15,0]$ \framebox$−a4:[−25,0]$ \framebox$a1+a2:[0,30]$ a1−a3:[−10,10]––––––––––––––––––– a1−a4:[−25,15]––––––––––––––––––– a2−a3:[−15,25]––––––––––––––––––– a2−a4:[−10,10]––––––––––––––––––– \framebox$−a3−a4:[−30,0]$ a1+a2−a3:[0,25] a1+a2−a4:[0,15] a1−a3−a4:[−25,0] a2−a3−a4:[−15,0]

To explain our notational convention, consider the type assignment “”, one of the non-trivial assignments made by . We write “” to mean that . The minus preceding in the expression “” indicates that is an output arc, whereas and are input arcs. The boxed type assignments and the underlined type assignments are for purposes of comparison with the typing in Example 10 and typing in Example 11.

###### Example 10.

Network is shown in the middle in Figure 2. A min-flow in pushes units through, and a max-flow in pushes units. The value of all feasible flows in will therefore be in the interval , the same as for in Example 9. A principal typing for is such that , and makes the following type assignments:

 \framebox$a1:[0,15]$ \framebox$a2:[0,25]$ \framebox$−a3:[−15,0]$ \framebox$−a4:[−25,0]$ \framebox$a1+a2:[0,30]$ a1−a3:[−10,12]––––––––––––––––––– a1−a4:[−23,15]––––––––––––––––––– a2−a3:[−15,23]––––––––––––––––––– a2−a4:[−12,10]––––––––––––––––––– \framebox$−a3−a4:[−30,0]$ a1+a2−a3:[0,25] a1+a2−a4:[0,15] a1−a3−a4:[−25,0] a2−a3−a4:[−15,0]

In this example and the preceding one, the type assignments in rectangular boxes are for subsets of the input arcs and for subsets of the output arcs , but not for subsets mixing input arcs and output arcs. Note that the boxed assignments are the same for and .

The underlined type assignments are among those that mix input and output arcs. We underline those in Example 9 that are different from the corresponding ones in this Example 10. This difference implies there are IO assignments extendable to feasible flows in (resp. in ) but not in (resp. in ). This is perhaps counter-intuitive, since and make exactly the same type assignments to input arcs and, separately, output arcs (the boxed assignments). For example, the IO assignment defined by:

 f(a1)=15f(a2)=0f(a3)=3f(a4)=12

is extendable to a feasible flow in but not in . The reason is that violates (i.e., is outside) the type . Similarly, the IO assignment defined by:

 f(a0)=0f(a2)=25f(a3)=0f(a4)=25

is extendable to a feasible flow in but not in , the reason being that violates the type .

From the preceding, neither nor is a subtyping of the other, in the sense explained in Section 3. Neither nor can be safely substituted for the other in a larger assembly of networks.

###### Example 11.

Network is shown on the right in Figure 2. A principal typing for is such that and makes the following type assignments:

 \framebox$a1:[0,15]$ \framebox$a2:[0,25]$ \framebox$−a3:[−15,0]$ \framebox$−a4:[−25,0]$ \framebox$a1+a2:[0,30]$ a1−a3:[−10,10]––––––––––––––––––– a1−a4:[−23,15]––––––––––––––––––– a2−a3:[−15,23]––––––––––––––––––– a2−a4:[−10,10]––––––––––––––––––– \framebox$−a3−a4:[−30,0]$ a1+a2−a3:[0,25] a1+a2−a4:[0,15] a1−a3−a4:[−25,0] a2−a3−a4:[−15,0]

In this example and the two preceding, the type assignments in rectangular boxes are for subsets of the input arcs and for subsets of the output arcs , but not for subsets mixing input arcs and output arcs. Again, the boxed assignments are the same for , , and . The differences between , , and are in the underlined type assignments.

We write and to indicate that and are subtypings of , contravariantly corresponding to the fact that and . In fact, is the least typing (in the partial order “”) such that both and are subtypings of , because for every . To be specific, the subsets on which and disagree are:

 {a1,a3},  {a1,a4},  {a2,a3},  {a2,a4},

and intersecting the intervals/types assigned by and to these sets, we obtain the following equalities:

 T1({a1,a3})∩T2({a1,a3}) = T3({a1,a3}), T1({a1,a4})∩T2({a1,a4}) = T3({a1,a4}), T1({a2,a3})∩T2({a2,a3}) = T3({a2,a3}), T1({a2,a4})∩T2({a2,a4}) = T3({a2,a4}),

Both and can be safely substituted for in a larger assembly of networks – provided the non-determinism of flow movement through and is angelic.181818If the non-determinism of flow movement is demonic, as opposed to angelic, we need a more restrictive notion of subtyping. Further comments in footnote 12 and Appendix D.

## Appendix B Appendix: Proofs and Supporting Lemmas for Section 4

Let and be fixed, where . Let . If is an interval of real numbers for some , we write to denote the interval . If for some , we define and .

The next two results, Lemma 12 and Lemma 13, are about tight typings , independently of whether is sound and/or complete for a network .

###### Lemma 12.

Let be a tight typing such that: .

Conclusion: For every two-part partition of , say , if both and are defined, then .

###### Proof.

One particular case in the conclusion is when and , so that trivially , which also implies .

Consider the general case when . From Section 3, is the polytope defined by and is the set of linear inequalities induced by . For every -dimensional point , we have:

 ∑f(Ain) − ∑f(Aout) = 0

because and therefore:

 0 ⩽ ∑{a|a∈Ain} − ∑{a|a∈