icoq regression proof selection for large scale
play

iCoq : Regression Proof Selection for Large-Scale Verification - PowerPoint PPT Presentation

Oct 11, 2023 •384 likes •837 views

iCoq : Regression Proof Selection for Large-Scale Verification Projects iCoq : Regression Proof Selection for Large-Scale Verification Projects Karl Palmskog University of Illinois at Urbana-Champaign Joint work with Ahmet Celik and Milos

  1. iCoq : Regression Proof Selection for Large-Scale Verification Projects iCoq : Regression Proof Selection for Large-Scale Verification Projects Karl Palmskog University of Illinois at Urbana-Champaign Joint work with Ahmet Celik and Milos Gligoric at UT Austin 1 / 21

  2. iCoq : Regression Proof Selection for Large-Scale Verification Projects Verification Using Proof Assistants 1 encode definitions in (higher-order) formalism 2 prove propositions interactively using powerful tactics 3 check soundness of every low-level step proof assistant tactics proof user logic engine proof checker subgoals examples: Coq, HOL4, HOL Light, Isabelle/HOL, Lean, Nuprl, ... 2 / 21

  3. iCoq : Regression Proof Selection for Large-Scale Verification Projects Some Large-Scale Proof Assistant Projects Project Year Assistant Check Time LOC 4-Color Theorem 2005 Coq hours 60k Odd Order Theorem 2012 Coq hours 150k Kepler Conjecture 2015 HOL Light days 500k CompCert 2009 Coq tens of mins 40k seL4 2009 Isabelle/HOL hours 200k Verdi Raft 2016 Coq tens of mins 50k problem: long proof checking times 3 / 21

  4. iCoq : Regression Proof Selection for Large-Scale Verification Projects Problem: Regression Proving in Evolving Projects Typical proving scenario: 1 change definition or lemma statement 2 begin process of re-checking all proofs 3 checking fails hours later (for seemingly unrelated proof) 4 / 21

  5. iCoq : Regression Proof Selection for Large-Scale Verification Projects Problem: Regression Proving in Evolving Projects Typical proving scenario: 1 change definition or lemma statement 2 begin process of re-checking all proofs 3 checking fails hours later (for seemingly unrelated proof) Typical testing scenario: 1 change method statements or method signature 2 begin process of re-running all tests 3 testing fails hours later (for seemingly unrelated test) 4 / 21

  6. iCoq : Regression Proof Selection for Large-Scale Verification Projects Regression Test Selection (RTS) A regression test selection technique chooses, from an existing test set, tests that are deemed necessary to validate modified software. Rothermel and Harrold, ACM TOSEM 6, 2 ’97 5 / 21

  7. iCoq : Regression Proof Selection for Large-Scale Verification Projects Regression Test Selection (RTS) A regression test selection technique chooses, from an existing test set, tests that are deemed necessary to validate modified software. Rothermel and Harrold, ACM TOSEM 6, 2 ’97 A regression proof selection technique chooses, from an existing proof set, proofs that are deemed necessary to verify modified theories. 5 / 21

  8. iCoq : Regression Proof Selection for Large-Scale Verification Projects Our Contribution 1 propose a regression proof selection (RPS) technique 2 implement RPS technique in tool, iCoq , which supports Coq 3 evaluate iCoq on revision histories of large Coq projects 6 / 21

  9. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq in a Nutshell based on a constructive dependent type theory (CiC) definitions + proofs programmed in Gallina/Ltac ( .v files) coqc tool processes .v files, outputs terms ( .vo files) Require Import Alternate. Const Lemma alt_exists : forall l1 l2, exists l3, alt l1 l2 l3. Lambda Proof. induction l1; intros; destruct l2. - exists []. apply alt_nil. App App Name l1 - exists (n :: l2). apply alt_nil. - exists (a :: l1). apply alt_step. apply alt_nil. Ind list Ind nat Const list ind - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). repeat apply alt_step. auto. Qed. AltLem.v AltLem.vo 7 / 21

  10. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq in a Nutshell based on a constructive dependent type theory (CiC) definitions + proofs programmed in Gallina/Ltac ( .v files) coqc tool processes .v files, outputs terms ( .vo files) Require Import Alternate. Const Lemma alt_exists : forall l1 l2, exists l3, alt l1 l2 l3. Lambda Proof. induction l1; intros; destruct l2. - exists []. apply alt_nil. App App Name l1 - exists (n :: l2). apply alt_nil. - exists (a :: l1). apply alt_step. apply alt_nil. Ind list Ind nat Const list ind - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). repeat apply alt_step. auto. Qed. AltLem.v AltLem.vo 7 / 21

  11. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq in a Nutshell based on a constructive dependent type theory (CiC) definitions + proofs programmed in Gallina/Ltac ( .v files) coqc tool processes .v files, outputs terms ( .vo files) Require Import Alternate. Const Lemma alt_exists : forall l1 l2, exists l3, alt l1 l2 l3. Lambda Proof. induction l1; intros; destruct l2. - exists []. apply alt_nil. App App Name l1 - exists (n :: l2). apply alt_nil. - exists (a :: l1). apply alt_step. apply alt_nil. Ind list Ind nat Const list ind - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). repeat apply alt_step. auto. Qed. AltLem.v AltLem.vo 7 / 21

  12. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq in a Nutshell based on a constructive dependent type theory (CiC) definitions + proofs programmed in Gallina/Ltac ( .v files) coqc tool processes .v files, outputs terms ( .vo files) Require Import Alternate. Const Lemma alt_exists : forall l1 l2, exists l3, alt l1 l2 l3. Lambda Proof. induction l1; intros; destruct l2. - exists []. apply alt_nil. App App Name l1 - exists (n :: l2). apply alt_nil. - exists (a :: l1). apply alt_step. apply alt_nil. Ind list Ind nat Const list ind - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). repeat apply alt_step. auto. Qed. AltLem.v AltLem.vo 7 / 21

  13. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq v8.5 Asynchronous Proof-Checking Toolchain newly-added toolchain can produce .vio files without proofs .vio files contain proof tasks, checked asynchronously alt exists AltLem.v proof script coqc -quick alt exists AltLem.vio proof task coqc -check-vio-tasks 8 / 21

  14. iCoq : Regression Proof Selection for Large-Scale Verification Projects Regression Proof Selection Technique Three phases: 1 analysis : locate proofs affected by changes 2 execution : emit and run proof-checking commands 3 collection : find dependencies of modified definitions and lemmas+proofs Key idea: maintain file and identifier dependency graphs 9 / 21

  15. iCoq : Regression Proof Selection for Large-Scale Verification Projects Example, revision 1 Require Export List. Export ListNotations. Require Import Alternate. Fixpoint alternate l1 l2 : list nat := Lemma alt_exists : match l1 with forall l1 l2, exists l3, alt l1 l2 l3. | [] ⇒ l2 | h1 :: t1 ⇒ Proof. match l2 with induction l1; intros; destruct l2. | [] ⇒ h1 :: t1 - exists []. apply alt_nil. | h2 :: t2 ⇒ - exists (n :: l2). apply alt_nil. h1 :: h2 :: alternate t1 t2 - exists (a :: l1). apply alt_step. end apply alt_nil. end. - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). Inductive alt : list nat → list nat → repeat apply alt_step. auto. list nat → Prop := Qed. | alt_nil : forall l, alt [] l l AltLem.v | alt_step : forall a l t1 t2, alt l t1 t2 → alt (a :: t1) l (a :: t2). Lemma alt_alternate : forall l1 l2 l3, alt l1 l2 l3 → alternate l1 l2 = l3. Proof. (* ... omitted proof script ... *) Qed. Alternate.v 10 / 21

  16. iCoq : Regression Proof Selection for Large-Scale Verification Projects Example, revision 1 Require Export List. Export ListNotations. Require Import Alternate. Fixpoint alternate l1 l2 : list nat := Lemma alt_exists : match l1 with forall l1 l2, exists l3, alt l1 l2 l3. | [] ⇒ l2 | h1 :: t1 ⇒ Proof. match l2 with induction l1; intros; destruct l2. | [] ⇒ h1 :: t1 - exists []. apply alt_nil. | h2 :: t2 ⇒ - exists (n :: l2). apply alt_nil. h1 :: h2 :: alternate t1 t2 - exists (a :: l1). apply alt_step. end apply alt_nil. end. - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). Inductive alt : list nat → list nat → repeat apply alt_step. auto. list nat → Prop := Qed. | alt_nil : forall l, alt [] l l AltLem.v | alt_step : forall a l t1 t2, alt l t1 t2 → alt (a :: t1) l (a :: t2). Lemma alt_alternate : Alternate.v List.v forall l1 l2 l3, alt l1 l2 l3 → alternate l1 l2 = l3. Proof. (* ... omitted proof script ... *) AltLem.v Qed. File dependency graph Alternate.v 10 / 21

  17. iCoq : Regression Proof Selection for Large-Scale Verification Projects Example, revision 1 Require Export List. Export ListNotations. Require Import Alternate. Fixpoint alternate l1 l2 : list nat := Lemma alt_exists : match l1 with forall l1 l2, exists l3, alt l1 l2 l3. | [] ⇒ l2 | h1 :: t1 ⇒ Proof. match l2 with induction l1; intros; destruct l2. | [] ⇒ h1 :: t1 - exists []. apply alt_nil. | h2 :: t2 ⇒ - exists (n :: l2). apply alt_nil. h1 :: h2 :: alternate t1 t2 - exists (a :: l1). apply alt_step. end apply alt_nil. end. - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). Inductive alt : list nat → list nat → repeat apply alt_step. auto. list nat → Prop := Qed. | alt_nil : forall l, alt [] l l AltLem.v | alt_step : forall a l t1 t2, alt l t1 t2 → alt (a :: t1) l (a :: t2). # coqc -quick Alternate.v Lemma alt_alternate : forall l1 l2 l3, alt l1 l2 l3 → # coqc -quick AltLem.v alternate l1 l2 = l3. Proof. # coqc -check-vio-tasks 0 Alternate.vio (* ... omitted proof script ... *) Qed. # coqc -check-vio-tasks 0 AltLem.vio Alternate.v 10 / 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet

piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet

piCoq: Parallel Regression Proving for Large-Scale Verification Projects piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet Celik, and Milos Gligoric The University of Texas at Austin, USA 1 / 29

891 views • 65 slides
Least Squares Support Vector Regression with Applications to Large-Scale Data: a Statistical

Least Squares Support Vector Regression with Applications to Large-Scale Data: a Statistical

Goal & Overview Introduction FS-LSSVM Robust Nonparametric Methods Correlated Errors Confidence Intervals Conclusions Least Squares Support Vector Regression with Applications to Large-Scale Data: a Statistical Approach Kris De

2.28k views • 94 slides
Joint Feature Selection in Distributed Stochastic Learning for Large-Scale Discriminative SMT

Joint Feature Selection in Distributed Stochastic Learning for Large-Scale Discriminative SMT

Introduction Features Algorithms Experiments Results Joint Feature Selection in Distributed Stochastic Learning for Large-Scale Discriminative SMT Patrick Simianer , Stefan Riezler , Chris Dyer Department of Computational

708 views • 68 slides
STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test

STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test

STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test Selection STAtic STAtic Regression Test Selection Regression Test Selection Owolabi Legunsen , August Shi, Darko Marinov ASE 2017 Urbana-Champaign,

480 views • 11 slides
Optimal Large-Scale Internet Media Selection Gareth James Department of Data Sciences and

Optimal Large-Scale Internet Media Selection Gareth James Department of Data Sciences and

Introduction Solving the Criterion Empirical Results Conclusion Optimal Large-Scale Internet Media Selection Gareth James Department of Data Sciences and Operations Marshall School of Business University of Southern California October 21st,

319 views • 21 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
Large scale greedy feature-selection for multi-target learning Antti Airola, Tapio Pahikkala et

Large scale greedy feature-selection for multi-target learning Antti Airola, Tapio Pahikkala et

Large scale greedy feature-selection for multi-target learning Antti Airola, Tapio Pahikkala et al. ECML 2015 BigTargets Workshop Antti Airola, Tapio Pahikkala et al. Large scale greedy feature-selection for multi-target learning Overview

354 views • 17 slides
Quantile Regression for Large-scale Applications Jiyan Yang Stanford University June 19, 2013

Quantile Regression for Large-scale Applications Jiyan Yang Stanford University June 19, 2013

Quantile Regression for Large-scale Applications Jiyan Yang Stanford University June 19, 2013 International Conference on Machine Learning, 2013 Joint work with Xiangrui Meng and Michael Mahoney Jiyan Yang (Stanford University) 2013 ICML

505 views • 27 slides
Resources Description, Selection, Reservation and Verification on a Large-scale Testbed David

Resources Description, Selection, Reservation and Verification on a Large-scale Testbed David

Resources Description, Selection, Reservation and Verification on a Large-scale Testbed David Margery, Emile Morel, Lucas Nussbaum, Olivier Richard Cyril Rohr Grid5000 Lucas Nussbaum Resources management on Grid5000 1 / 13 Grid5000

180 views • 13 slides
Formalizing Mathematics-In Praxis: First experiences with Isabelle/HOL ALEXANDRIA: Large-Scale

Formalizing Mathematics-In Praxis: First experiences with Isabelle/HOL ALEXANDRIA: Large-Scale

Formalizing Mathematics-In Praxis: First experiences with Isabelle/HOL ALEXANDRIA: Large-Scale Formal Proof for the Working Mathematician Angeliki Koutsoukou-Argyraki Computer Laboratory, University of Cambridge, UK AITP 2019, Obergurgl,

666 views • 43 slides
INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO ENVIRONMENTAL CONFLICT RESOLUTION America Speaks presentation to the 2008 ECR Conference Table Introductions Please form groups of 4-5 and give: Your name

848 views • 41 slides
Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008

Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008

Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008 WenChuan Earthquake Zhang Huafeng and Jon Pedersen International Blaise Users Conference (IBUC) Baltimore, USA , 1 Introduction Two household

711 views • 22 slides
Regression : feat u re selection P R AC TIC IN G MAC H IN E L E AR N IN G IN TE R VIE W QU E

Regression : feat u re selection P R AC TIC IN G MAC H IN E L E AR N IN G IN TE R VIE W QU E

Regression : feat u re selection P R AC TIC IN G MAC H IN E L E AR N IN G IN TE R VIE W QU E STION S IN P YTH ON Lisa St u art Data Scientist Selecting the correct feat u res : Red u ces o v er ing Impro v es acc u rac y Increases

859 views • 54 slides
Large-Scale Machine Learning Jean-Philippe Vert jean-philippe.vert@ { mines-paristech,curie,ens }

Large-Scale Machine Learning Jean-Philippe Vert jean-philippe.vert@ { mines-paristech,curie,ens }

Large-Scale Machine Learning Jean-Philippe Vert jean-philippe.vert@ { mines-paristech,curie,ens } .fr 1 / 104 Outline Introduction 1 Standard machine learning 2 Dimension reduction: PCA Clustering: k -means Regression: ridge regression

1.79k views • 125 slides
Lecture 6: Multiple Linear Regression, Polynomial Regression and Model Selection CS109A

Lecture 6: Multiple Linear Regression, Polynomial Regression and Model Selection CS109A

Lecture 6: Multiple Linear Regression, Polynomial Regression and Model Selection CS109A Introduction to Data Science Pavlos Protopapas and Kevin Rader Announcements Section : Friday 1:30-2:45pm : @ MD 123 (only this Friday) A-section: Today:

921 views • 65 slides
Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is graphene? Graphene is a truly 2D system made of Carbon atoms arranged in an honeycomb hexagonal lattice Zero-gap semiconductor with a low-energy linear

268 views • 6 slides
IT Infrastructure: Hardware and Software LEARNING OBJECTIVES What are the components of IT

IT Infrastructure: Hardware and Software LEARNING OBJECTIVES What are the components of IT

9/23/2013 IT Infrastructure: Hardware and Software LEARNING OBJECTIVES What are the components of IT infrastructure? What are the major computer hardware, data storage, input, and output technologies used in business? What are

424 views • 19 slides
Power Grid Analysis with Hierarchical Support Graphs Xueqian Zhao Jia Wang Zhuo Feng Shiyan Hu

Power Grid Analysis with Hierarchical Support Graphs Xueqian Zhao Jia Wang Zhuo Feng Shiyan Hu

Design Automation Group Power Grid Analysis with Hierarchical Support Graphs Xueqian Zhao Jia Wang Zhuo Feng Shiyan Hu 2011 International Conference on Computer-Aided Design (ICCAD) 1 Power Grid Modeling & Analysis Multi-layer

456 views • 13 slides
Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist

Usable security for control systems Jun Ho Huh Honeywell ACS Labs, research scientist junho.huh@honeywell.com Honeywell.com What is usable security? Building security solutions that are intuitive and easy to use Many security

350 views • 9 slides
Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon,

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon,

Nomad : Mitigating Arbitrary Cloud Side Channels via Provider-Assisted Migration Soo-Jin Moon, Vyas Sekar Michael K. Reiter Context: Infrastructure-as-a-Service Clouds Client API Cloud Controller VM VM Machine VM VM VM Machine Machine

919 views • 73 slides
Software and Programming I Lab 2: Step-by-step execution of programs using a Debugger

Software and Programming I Lab 2: Step-by-step execution of programs using a Debugger

Software and Programming I Lab 2: Step-by-step execution of programs using a Debugger SP1-Lab2-20.pdf 1 23 January 2020 Tobi Brodie (tobi@dcs.bbk.ac.uk) Lab Session 2: Objectives This session we are concentrating on BlueJs built-in

658 views • 32 slides
A Performance Analysis of Large Scale Scientific Computing Applications from Logs Liqiang Cao,

A Performance Analysis of Large Scale Scientific Computing Applications from Logs Liqiang Cao,

A Performance Analysis of Large Scale Scientific Computing Applications from Logs Liqiang Cao, Xu Liu, Xiaowen Xu and Zhanjun Liu HPCC, IAPCM Schedule Motivation Log archive Characterization of performance Summary 1. Motivation

395 views • 28 slides
The Power of Peer Support Katie Godfrey, PhD Program Manager, Care for the Caregiver Objectives

The Power of Peer Support Katie Godfrey, PhD Program Manager, Care for the Caregiver Objectives

Care for the Caregiver: The Power of Peer Support Katie Godfrey, PhD Program Manager, Care for the Caregiver Objectives 1. Learn about the second victim phenomenon in healthcare: symptoms and prevalence 2. Hear about Care for the Caregiver,

546 views • 29 slides
JavaScript Code Martin Burtscher, UT Austin Ben Livshits & Ben Zorn, Microsoft Research

JavaScript Code Martin Burtscher, UT Austin Ben Livshits & Ben Zorn, Microsoft Research

JSZap : Compressing JavaScript Code Martin Burtscher, UT Austin Ben Livshits & Ben Zorn, Microsoft Research Gaurav Sinha, IIT Kanpur A Web 2.0 Application Dissected Talks to 14 backend services 1+ MB code (traffic, images, directions,

707 views • 27 slides

More recommend