15-EFT.WP.Methods.Falsification v1.0 | Appendix B: Implementation Bindings & Function Prototypes

Home ／ Docs-Technical WhitePaper ／ 15-EFT.WP.Methods.Falsification v1.0

Appendix B: Implementation Bindings & Function Prototypes

I. Scope & Objectives

• Consolidate the I50-* implementation bindings — prototypes, contracts, exceptions, and reference snippets — to ensure reproducibility, auditability, and forensic validity under the same EnvLock and anchor.
• For implementers and auditors: all interfaces obey the unified symbols and ambiguity-avoidance rules; parenthesize any fraction/operator; align timelines via ts = alpha + beta * tau_mono.

II. Terms & Symbols

• As in Appendix A: H0/H1, T(x), C_alpha, alpha/beta/power, FDR/FWER/q_star, GateDecision ∈ {pass, hold, block}, delta_offon, R_infer = 1 - delta_offon, epsilon_linf/epsilon_l2, budget.cpu/gpu/mem, EnvLock, anchor, hash(•), fingerprint, Graph.sig/ParamCard.sig/InferPipelineCard.sig.
• Conflict names (mandatory): never mix T_fil with T_trans; strictly distinguish n from n_eff.

III. Prototype Catalog & Parameters (I50-1 → I50-10)

• I50-1 define_hypothesis(spec:dict) -> Hypothesis
  Purpose: register a falsifiable H0/H1, effect-size convention, and gates.
  Input: spec = {H0:str, H1:str, effect_size:str, alpha:float, power_target:float, delta_equiv:float?}.
  Output: Hypothesis = {id:str, spec:dict, created_at:ts, anchor}.
  Pre: check_dim(spec); textual spec passes lint.
  Post: write to AuditTrail, sign hash(spec).
• I50-2 register_assertions(spec:dict) -> AssertionSet
  Purpose: register assertions and metamorphic relations MR_k.
  Input: spec = {assertions:list, MR:list, oracle:str}.
  Output: AssertionSet = {id:str, assertions:list, MR:list}.
  Pre: oracle is resolvable.
  Post: initialize cov_spec = 0.
• I50-3 generate_counterexamples(runtime:any, hypothesis:Hypothesis, ops:list, budget:dict) -> CEReport
  Purpose: generate counterexamples and minimal failing evidence.
  Input: ops ⊆ {fuzz, mutation, adversarial(epsilon)}, explicit budget.*.
  Output: CEReport = {cases:list, kill_rate:float, logs:any}.
  Post: emit fingerprint, record rng.seed/rng_family.
• I50-4 metamorphic_transform(x:any, MR:dict) -> x_prime:any
  Purpose: synthesize x_prime per MR_k.
  Input: MR = {name:str, params:dict, invariants:list}.
  Output: x_prime and invariant-check results.
  Post: on failure raise E_ORACLE_AMBIGUOUS or return invariant=false.
• I50-5 adversarial_attack(runtime:any, x:any, method:str, eps:dict) -> AttackReport
  Purpose: perform white/black-box adversarial attacks.
  Input: method ∈ {fgsm, pgd, cw, square, gradient_attack}, eps = {epsilon_linf:float?, epsilon_l2:float?, steps:int}.
  Output: AttackReport = {x_adv:any, success:bool, eps:dict, loss_after:float}.
  Resources: bounded by budget.* and EnvLock.
• I50-6 sequential_test(stream:any, rule:dict) -> {decision:str, alpha_spent:float}
  Purpose: sequential/adaptive testing (SPRT / alpha-spending).
  Input: rule = {type:str, alpha:float, beta:float, spending:str, bounds:dict}.
  Output: decision ∈ {accept, reject, continue}, alpha_spent.
  Pre: streaming samples mapped to tau_mono and aligned to ts.
• I50-7 oracle_score(y_true:any, y_pred:any, oracle:any) -> Verdict
  Purpose: unified scoring and falsification verdict.
  Output: Verdict = {score:float, pass:bool, delta_claim:float}.
  Post: record p_value/effect_size when applicable.
• I50-8 compute_coverage(logs:any) -> CoverageReport
  Purpose: compute cov_case / cov_spec / kill_rate.
  Output: CoverageReport = {cov_case:float, cov_spec:float, kill_rate:float, C_hit:int, C_total:int}.
• I50-9 gate_release(evidence:dict, policy:dict) -> GateDecision
  Purpose: make the production gate decision from the evidence bundle & policy.
  Input: evidence = {metrics:dict, intervals:dict, drift:dict, risks:dict}, policy = {thresholds:dict, fdr:q_star?, risk_budget:dict}.
  Output: GateDecision ∈ {pass, hold, block} with reasons.
  Post: write AuditTrail and link DiffCard.
• I50-10 regress_guard(baseline:any, candidate:any, tests:any) -> RegressionReport
  Purpose: non-regression & regression defense.
  Output: RegressionReport = {delta_baseline:float, eq_rate:float, dist:float, pass:bool}.
  Gate: pass = ( delta_baseline ≥ - tau_nonreg ) ∧ ( eq_rate ≥ tau_eq ) ∧ ( dist ≤ tau_dist ).

IV. Idempotency & Replay

• Under identical anchor and EnvLock, with fixed rng.seed/rng_family and version signatures Graph.sig / ParamCard.sig / InferPipelineCard.sig, any I50-* replay must yield equivalent results or remain within tolerance tau_rep:
  | metric_replay - metric_ref | ≤ tau_rep.
• For online/offline consistency, first align via ts = alpha + beta * tau_mono, then compute delta_offon and R_infer = 1 - delta_offon.
• Adversarial/fuzz strategies must log eps / budget.* and random state to support minimal evidence replay in CEReport.

V. Exceptions & Handling

• E_ORACLE_AMBIGUOUS: non-unique scorer or conflicting assertion.
• E_POWER_INSUFFICIENT: power < power_target — deny release or continue sampling.
• E_MULTITEST_UNCONTROLLED: missing or violated FDR/FWER control.
• E_SCHEMA_MISMATCH: data/log schema deviates from Core.DataSpec.
• E_ENV_MISMATCH: inconsistent EnvLock or signature mismatch.
• E_NONDETERMINISM: replay deviation exceeds tau_rep.
• E_RESOURCE_EXCEEDED: exceeds budget.* or timeout.
• Principle: fail fast in place, record AuditTrail with hash(payload) & fingerprint, and trigger GateDecision = hold/block if needed.

VI. Reference Snippets (Pseudocode / State Machines)

• Sequential testing I50-6 (alpha-spending skeleton)
• State S ∈ {running, accept, reject}
• alpha_remain = alpha ; beta_remain = beta
• loop:
• x_t ← pull()
• T_t ← update_stat(x_t)
• alpha_step ← spend(alpha_remain, t, spending)
• (A_t, B_t) ← boundaries(alpha_remain, beta_remain, t)
• if T_t ≥ B_t: S = reject
• elif T_t ≤ A_t: S = accept
• else: S = running
• alpha_spent += alpha_step ; alpha_remain -= alpha_step
• if S ≠ running: return {decision:S, alpha_spent}
• Gating I50-9 (evidence aggregation)
• inputs: coverage, performance, uncertainty, drift, risk
• per-metric pass via policy.thresholds
• if multiplicity: control FDR at q_star
• enforce risk_used ≤ risk_budget.total
• if all pass & risk OK → pass
• elif borderline or insufficient evidence → hold
• else → block
• output: triggered gates, alpha/p_value, intervals, signature snapshot
• Regression defense I50-10 (non-regression gate)
• delta_baseline = ( score_cand - score_base )
• (eq_rate, dist) ← dual_run_compare(...)
• pass = ( delta_baseline ≥ - tau_nonreg ) ∧ ( eq_rate ≥ tau_eq ) ∧ ( dist ≤ tau_dist )
• if ¬pass: attach reproducible slice & set rollback_trigger = true

VII. Logging & Audit-Trail Fields

• AuditTrail (minimum): ts, tau_mono, anchor, EnvLock, Graph.sig, ParamCard.sig, InferPipelineCard.sig, rng.seed/rng_family, inputs.sha256, outputs.sha256, policy.hash, alpha/beta/q_star, alpha_spent, GateDecision, reason, DiffCard link.
• CoverageReport addenda: C_hit, C_total, cov_case, cov_spec, mut_all, mut_killed, kill_rate.
• CEReport/AttackReport addenda: eps, budget.*, success, loss_after, fingerprint.

VIII. Resource & Security Constraints

• Before any I50-*, validate budget.cpu/gpu/mem and budget.power; on violation, raise E_RESOURCE_EXCEEDED.
• Access to controlled data/models requires EnvLock verification and least privilege. External sharing is limited to signed hash(•) and metric summaries.

IX. Versioning & Compatibility

1. Semantic versioning for I50-*: MAJOR.MINOR.PATCH.
   • MAJOR may break backward compatibility.
   • MINOR adds optional params with no default behavior change.
   • PATCH fixes defects and docs only.
2. Deprecation: annotate deprecated_since and replacement API; retain for at least two MINOR cycles.

X. Cross-References & Dependencies

• Testing & error-control conventions: Chapter 7, Appendix A.
• Uncertainty & confidence: Chapter 8.
• Online gating & rollback: Chapter 9.
• Compliance & audit: Chapter 10.
• Cross-domain consistency & regression defense: Chapters 11 & 13.

XI. Implementation Checklist (Deliverables)

• API contracts & examples: I50- API Card*.
• Evidence & logs: AuditTrail, CoverageReport, RegressionReport, GateLogs.
• Signatures & locks: EnvLock, Graph.sig, ParamCard.sig, InferPipelineCard.sig, policy.hash.
• Change records: CHANGELOG and DiffCard.