icoq regression proof selection for large scale
play

iCoq : Regression Proof Selection for Large-Scale Verification - PowerPoint PPT Presentation

Oct 11, 2023 •384 likes •837 views

iCoq : Regression Proof Selection for Large-Scale Verification Projects iCoq : Regression Proof Selection for Large-Scale Verification Projects Karl Palmskog University of Illinois at Urbana-Champaign Joint work with Ahmet Celik and Milos

  1. iCoq : Regression Proof Selection for Large-Scale Verification Projects iCoq : Regression Proof Selection for Large-Scale Verification Projects Karl Palmskog University of Illinois at Urbana-Champaign Joint work with Ahmet Celik and Milos Gligoric at UT Austin 1 / 21

  2. iCoq : Regression Proof Selection for Large-Scale Verification Projects Verification Using Proof Assistants 1 encode definitions in (higher-order) formalism 2 prove propositions interactively using powerful tactics 3 check soundness of every low-level step proof assistant tactics proof user logic engine proof checker subgoals examples: Coq, HOL4, HOL Light, Isabelle/HOL, Lean, Nuprl, ... 2 / 21

  3. iCoq : Regression Proof Selection for Large-Scale Verification Projects Some Large-Scale Proof Assistant Projects Project Year Assistant Check Time LOC 4-Color Theorem 2005 Coq hours 60k Odd Order Theorem 2012 Coq hours 150k Kepler Conjecture 2015 HOL Light days 500k CompCert 2009 Coq tens of mins 40k seL4 2009 Isabelle/HOL hours 200k Verdi Raft 2016 Coq tens of mins 50k problem: long proof checking times 3 / 21

  4. iCoq : Regression Proof Selection for Large-Scale Verification Projects Problem: Regression Proving in Evolving Projects Typical proving scenario: 1 change definition or lemma statement 2 begin process of re-checking all proofs 3 checking fails hours later (for seemingly unrelated proof) 4 / 21

  5. iCoq : Regression Proof Selection for Large-Scale Verification Projects Problem: Regression Proving in Evolving Projects Typical proving scenario: 1 change definition or lemma statement 2 begin process of re-checking all proofs 3 checking fails hours later (for seemingly unrelated proof) Typical testing scenario: 1 change method statements or method signature 2 begin process of re-running all tests 3 testing fails hours later (for seemingly unrelated test) 4 / 21

  6. iCoq : Regression Proof Selection for Large-Scale Verification Projects Regression Test Selection (RTS) A regression test selection technique chooses, from an existing test set, tests that are deemed necessary to validate modified software. Rothermel and Harrold, ACM TOSEM 6, 2 ’97 5 / 21

  7. iCoq : Regression Proof Selection for Large-Scale Verification Projects Regression Test Selection (RTS) A regression test selection technique chooses, from an existing test set, tests that are deemed necessary to validate modified software. Rothermel and Harrold, ACM TOSEM 6, 2 ’97 A regression proof selection technique chooses, from an existing proof set, proofs that are deemed necessary to verify modified theories. 5 / 21

  8. iCoq : Regression Proof Selection for Large-Scale Verification Projects Our Contribution 1 propose a regression proof selection (RPS) technique 2 implement RPS technique in tool, iCoq , which supports Coq 3 evaluate iCoq on revision histories of large Coq projects 6 / 21

  9. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq in a Nutshell based on a constructive dependent type theory (CiC) definitions + proofs programmed in Gallina/Ltac ( .v files) coqc tool processes .v files, outputs terms ( .vo files) Require Import Alternate. Const Lemma alt_exists : forall l1 l2, exists l3, alt l1 l2 l3. Lambda Proof. induction l1; intros; destruct l2. - exists []. apply alt_nil. App App Name l1 - exists (n :: l2). apply alt_nil. - exists (a :: l1). apply alt_step. apply alt_nil. Ind list Ind nat Const list ind - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). repeat apply alt_step. auto. Qed. AltLem.v AltLem.vo 7 / 21

  10. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq in a Nutshell based on a constructive dependent type theory (CiC) definitions + proofs programmed in Gallina/Ltac ( .v files) coqc tool processes .v files, outputs terms ( .vo files) Require Import Alternate. Const Lemma alt_exists : forall l1 l2, exists l3, alt l1 l2 l3. Lambda Proof. induction l1; intros; destruct l2. - exists []. apply alt_nil. App App Name l1 - exists (n :: l2). apply alt_nil. - exists (a :: l1). apply alt_step. apply alt_nil. Ind list Ind nat Const list ind - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). repeat apply alt_step. auto. Qed. AltLem.v AltLem.vo 7 / 21

  11. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq in a Nutshell based on a constructive dependent type theory (CiC) definitions + proofs programmed in Gallina/Ltac ( .v files) coqc tool processes .v files, outputs terms ( .vo files) Require Import Alternate. Const Lemma alt_exists : forall l1 l2, exists l3, alt l1 l2 l3. Lambda Proof. induction l1; intros; destruct l2. - exists []. apply alt_nil. App App Name l1 - exists (n :: l2). apply alt_nil. - exists (a :: l1). apply alt_step. apply alt_nil. Ind list Ind nat Const list ind - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). repeat apply alt_step. auto. Qed. AltLem.v AltLem.vo 7 / 21

  12. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq in a Nutshell based on a constructive dependent type theory (CiC) definitions + proofs programmed in Gallina/Ltac ( .v files) coqc tool processes .v files, outputs terms ( .vo files) Require Import Alternate. Const Lemma alt_exists : forall l1 l2, exists l3, alt l1 l2 l3. Lambda Proof. induction l1; intros; destruct l2. - exists []. apply alt_nil. App App Name l1 - exists (n :: l2). apply alt_nil. - exists (a :: l1). apply alt_step. apply alt_nil. Ind list Ind nat Const list ind - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). repeat apply alt_step. auto. Qed. AltLem.v AltLem.vo 7 / 21

  13. iCoq : Regression Proof Selection for Large-Scale Verification Projects Coq v8.5 Asynchronous Proof-Checking Toolchain newly-added toolchain can produce .vio files without proofs .vio files contain proof tasks, checked asynchronously alt exists AltLem.v proof script coqc -quick alt exists AltLem.vio proof task coqc -check-vio-tasks 8 / 21

  14. iCoq : Regression Proof Selection for Large-Scale Verification Projects Regression Proof Selection Technique Three phases: 1 analysis : locate proofs affected by changes 2 execution : emit and run proof-checking commands 3 collection : find dependencies of modified definitions and lemmas+proofs Key idea: maintain file and identifier dependency graphs 9 / 21

  15. iCoq : Regression Proof Selection for Large-Scale Verification Projects Example, revision 1 Require Export List. Export ListNotations. Require Import Alternate. Fixpoint alternate l1 l2 : list nat := Lemma alt_exists : match l1 with forall l1 l2, exists l3, alt l1 l2 l3. | [] ⇒ l2 | h1 :: t1 ⇒ Proof. match l2 with induction l1; intros; destruct l2. | [] ⇒ h1 :: t1 - exists []. apply alt_nil. | h2 :: t2 ⇒ - exists (n :: l2). apply alt_nil. h1 :: h2 :: alternate t1 t2 - exists (a :: l1). apply alt_step. end apply alt_nil. end. - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). Inductive alt : list nat → list nat → repeat apply alt_step. auto. list nat → Prop := Qed. | alt_nil : forall l, alt [] l l AltLem.v | alt_step : forall a l t1 t2, alt l t1 t2 → alt (a :: t1) l (a :: t2). Lemma alt_alternate : forall l1 l2 l3, alt l1 l2 l3 → alternate l1 l2 = l3. Proof. (* ... omitted proof script ... *) Qed. Alternate.v 10 / 21

  16. iCoq : Regression Proof Selection for Large-Scale Verification Projects Example, revision 1 Require Export List. Export ListNotations. Require Import Alternate. Fixpoint alternate l1 l2 : list nat := Lemma alt_exists : match l1 with forall l1 l2, exists l3, alt l1 l2 l3. | [] ⇒ l2 | h1 :: t1 ⇒ Proof. match l2 with induction l1; intros; destruct l2. | [] ⇒ h1 :: t1 - exists []. apply alt_nil. | h2 :: t2 ⇒ - exists (n :: l2). apply alt_nil. h1 :: h2 :: alternate t1 t2 - exists (a :: l1). apply alt_step. end apply alt_nil. end. - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). Inductive alt : list nat → list nat → repeat apply alt_step. auto. list nat → Prop := Qed. | alt_nil : forall l, alt [] l l AltLem.v | alt_step : forall a l t1 t2, alt l t1 t2 → alt (a :: t1) l (a :: t2). Lemma alt_alternate : Alternate.v List.v forall l1 l2 l3, alt l1 l2 l3 → alternate l1 l2 = l3. Proof. (* ... omitted proof script ... *) AltLem.v Qed. File dependency graph Alternate.v 10 / 21

  17. iCoq : Regression Proof Selection for Large-Scale Verification Projects Example, revision 1 Require Export List. Export ListNotations. Require Import Alternate. Fixpoint alternate l1 l2 : list nat := Lemma alt_exists : match l1 with forall l1 l2, exists l3, alt l1 l2 l3. | [] ⇒ l2 | h1 :: t1 ⇒ Proof. match l2 with induction l1; intros; destruct l2. | [] ⇒ h1 :: t1 - exists []. apply alt_nil. | h2 :: t2 ⇒ - exists (n :: l2). apply alt_nil. h1 :: h2 :: alternate t1 t2 - exists (a :: l1). apply alt_step. end apply alt_nil. end. - specialize(IHl1 l2). destruct IHl1. exists (a :: n :: x). Inductive alt : list nat → list nat → repeat apply alt_step. auto. list nat → Prop := Qed. | alt_nil : forall l, alt [] l l AltLem.v | alt_step : forall a l t1 t2, alt l t1 t2 → alt (a :: t1) l (a :: t2). # coqc -quick Alternate.v Lemma alt_alternate : forall l1 l2 l3, alt l1 l2 l3 → # coqc -quick AltLem.v alternate l1 l2 = l3. Proof. # coqc -check-vio-tasks 0 Alternate.vio (* ... omitted proof script ... *) Qed. # coqc -check-vio-tasks 0 AltLem.vio Alternate.v 10 / 21

Recommend

piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet

piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet

piCoq: Parallel Regression Proving for Large-Scale Verification Projects piCoq: Parallel Regression Proving for Large-Scale Verification Projects Karl Palmskog , Ahmet Celik, and Milos Gligoric The University of Texas at Austin, USA 1 / 29

891 views • 65 slides
Least Squares Support Vector Regression with Applications to Large-Scale Data: a Statistical

Least Squares Support Vector Regression with Applications to Large-Scale Data: a Statistical

Goal & Overview Introduction FS-LSSVM Robust Nonparametric Methods Correlated Errors Confidence Intervals Conclusions Least Squares Support Vector Regression with Applications to Large-Scale Data: a Statistical Approach Kris De

2.28k views • 94 slides
Joint Feature Selection in Distributed Stochastic Learning for Large-Scale Discriminative SMT

Joint Feature Selection in Distributed Stochastic Learning for Large-Scale Discriminative SMT

Introduction Features Algorithms Experiments Results Joint Feature Selection in Distributed Stochastic Learning for Large-Scale Discriminative SMT Patrick Simianer , Stefan Riezler , Chris Dyer Department of Computational

708 views • 68 slides
STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test

STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test

STARTS: STARTS: STARTS: STARTS: STAtic STAtic Regression Test Selection Regression Test Selection STAtic STAtic Regression Test Selection Regression Test Selection Owolabi Legunsen , August Shi, Darko Marinov ASE 2017 Urbana-Champaign,

480 views • 11 slides
Optimal Large-Scale Internet Media Selection Gareth James Department of Data Sciences and

Optimal Large-Scale Internet Media Selection Gareth James Department of Data Sciences and

Introduction Solving the Criterion Empirical Results Conclusion Optimal Large-Scale Internet Media Selection Gareth James Department of Data Sciences and Operations Marshall School of Business University of Southern California October 21st,

319 views • 21 slides
FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large

FINANCING LARGE SCALE SOLAR Large Scale Solar Conference - Sydney Gloria Chan Director, Large Scale Solar Lead April 2017 CONTENTS 1. Introduction to CEFC 2. Investment trends 3. The future of large scale solar 4. Pathway to sustainable

664 views • 21 slides
Large scale greedy feature-selection for multi-target learning Antti Airola, Tapio Pahikkala et

Large scale greedy feature-selection for multi-target learning Antti Airola, Tapio Pahikkala et

Large scale greedy feature-selection for multi-target learning Antti Airola, Tapio Pahikkala et al. ECML 2015 BigTargets Workshop Antti Airola, Tapio Pahikkala et al. Large scale greedy feature-selection for multi-target learning Overview

354 views • 17 slides
Quantile Regression for Large-scale Applications Jiyan Yang Stanford University June 19, 2013

Quantile Regression for Large-scale Applications Jiyan Yang Stanford University June 19, 2013

Quantile Regression for Large-scale Applications Jiyan Yang Stanford University June 19, 2013 International Conference on Machine Learning, 2013 Joint work with Xiangrui Meng and Michael Mahoney Jiyan Yang (Stanford University) 2013 ICML

505 views • 27 slides
Resources Description, Selection, Reservation and Verification on a Large-scale Testbed David

Resources Description, Selection, Reservation and Verification on a Large-scale Testbed David

Resources Description, Selection, Reservation and Verification on a Large-scale Testbed David Margery, Emile Morel, Lucas Nussbaum, Olivier Richard Cyril Rohr Grid5000 Lucas Nussbaum Resources management on Grid5000 1 / 13 Grid5000

180 views • 13 slides
Formalizing Mathematics-In Praxis: First experiences with Isabelle/HOL ALEXANDRIA: Large-Scale

Formalizing Mathematics-In Praxis: First experiences with Isabelle/HOL ALEXANDRIA: Large-Scale

Formalizing Mathematics-In Praxis: First experiences with Isabelle/HOL ALEXANDRIA: Large-Scale Formal Proof for the Working Mathematician Angeliki Koutsoukou-Argyraki Computer Laboratory, University of Cambridge, UK AITP 2019, Obergurgl,

666 views • 43 slides
INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO

INCORPORATING LARGE-SCALE CITIZEN INCORPORATING LARGE-SCALE CITIZEN DELIBERATION INTO ENVIRONMENTAL CONFLICT RESOLUTION America Speaks presentation to the 2008 ECR Conference Table Introductions Please form groups of 4-5 and give: Your name

848 views • 41 slides
Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008

Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008

Large-Scale Survey Interviewing Following Large Scale Survey Interviewing Following the 2008 WenChuan Earthquake Zhang Huafeng and Jon Pedersen International Blaise Users Conference (IBUC) Baltimore, USA , 1 Introduction Two household

711 views • 22 slides
Regression : feat u re selection P R AC TIC IN G MAC H IN E L E AR N IN G IN TE R VIE W QU E

Regression : feat u re selection P R AC TIC IN G MAC H IN E L E AR N IN G IN TE R VIE W QU E

Regression : feat u re selection P R AC TIC IN G MAC H IN E L E AR N IN G IN TE R VIE W QU E STION S IN P YTH ON Lisa St u art Data Scientist Selecting the correct feat u res : Red u ces o v er ing Impro v es acc u rac y Increases

859 views • 54 slides
Large-Scale Machine Learning Jean-Philippe Vert jean-philippe.vert@ { mines-paristech,curie,ens }

Large-Scale Machine Learning Jean-Philippe Vert jean-philippe.vert@ { mines-paristech,curie,ens }

Large-Scale Machine Learning Jean-Philippe Vert jean-philippe.vert@ { mines-paristech,curie,ens } .fr 1 / 104 Outline Introduction 1 Standard machine learning 2 Dimension reduction: PCA Clustering: k -means Regression: ridge regression

1.79k views • 125 slides
Lecture 6: Multiple Linear Regression, Polynomial Regression and Model Selection CS109A

Lecture 6: Multiple Linear Regression, Polynomial Regression and Model Selection CS109A

Lecture 6: Multiple Linear Regression, Polynomial Regression and Model Selection CS109A Introduction to Data Science Pavlos Protopapas and Kevin Rader Announcements Section : Friday 1:30-2:45pm : @ MD 123 (only this Friday) A-section: Today:

921 views • 65 slides
Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is

Large-scale production of graphene: Introduction Large-scale production of graphene: what is graphene? Graphene is a truly 2D system made of Carbon atoms arranged in an honeycomb hexagonal lattice Zero-gap semiconductor with a low-energy linear

268 views • 6 slides
using R for regression model selection with adaptive penalties procedures based on the FDR

using R for regression model selection with adaptive penalties procedures based on the FDR

using R for regression model selection with adaptive penalties procedures based on the FDR criteria Tal Galili Tel Aviv University Based on the paper by YOAV BENJAMINI and YULIA GAVRILOV A SIMPLE FORWARD SELECTION PROCEDURE BASED ON

605 views • 33 slides
Efficient Interactive Training Selection for Large-scale Entity Resolution Qing Wang, Dinusha

Efficient Interactive Training Selection for Large-scale Entity Resolution Qing Wang, Dinusha

Efficient Interactive Training Selection for Large-scale Entity Resolution Qing Wang, Dinusha Vatsalan and Peter Christen { qing.wang,dinusha.vatsalan,peter.christen } @anu.edu.au Research School of Computer Science The Australian National

378 views • 19 slides
Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA

Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA

Ethics in Techniques for large-scale data Graham J.L. Kemp TECHNIQUES FOR LARGE-SCALE DATA Masters level course: Chalmers MPALG and MPSOF programmes (DAT345) GU Applied Data Science programme (DIT871) Learning outcomes include:

305 views • 18 slides
LS-SVMlab & Large scale modeling Kristiaan Pelckmans, ESAT- SCD/SISTA J.A.K. Suykens, B. De

LS-SVMlab & Large scale modeling Kristiaan Pelckmans, ESAT- SCD/SISTA J.A.K. Suykens, B. De

LS-SVMlab & Large scale modeling Kristiaan Pelckmans, ESAT- SCD/SISTA J.A.K. Suykens, B. De Moor Content Content I. Overview II. Classification III. Regression IV. Unsupervised Learning V. Time-series VI.

474 views • 35 slides
Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik,

Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik,

Towards Refactoring-Aware Regression Test Selection Kaiyuan Wang , Chenguang Zhu, Ahmet Celik, Jongwook Kim, Don Batory, Milos Gligoric Funded in part by the US National Science Foundation and a Google Faculty Research Award 1 Regression

783 views • 31 slides
Practical Regression Test Selection with Dynamic File Dependencies Milos Gligoric, Lamyaa

Practical Regression Test Selection with Dynamic File Dependencies Milos Gligoric, Lamyaa

Practical Regression Test Selection with Dynamic File Dependencies Milos Gligoric, Lamyaa Eloussi, and Darko Marinov CNS-0958199 CCF-1012759 CCF-1421503 ISSTA, Baltimore, USA CCF-1439957 07/16/2015 Regression Testing Executes tests for

831 views • 37 slides
An Email Contact Protocol Experiment in a Large-Scale Survey of U.S. in a Large Scale Survey of

An Email Contact Protocol Experiment in a Large-Scale Survey of U.S. in a Large Scale Survey of

An Email Contact Protocol Experiment in a Large-Scale Survey of U.S. in a Large Scale Survey of U.S. Government Employees DC-AAPOR Summer Conference Preview/Review Bureau of Labor Statistics Conference Center Washington DC Washington, DC

1.17k views • 25 slides
Ridge/Lasso Regression, Model selection Xuezhi Wang Computer Science Department Carnegie Mellon

Ridge/Lasso Regression, Model selection Xuezhi Wang Computer Science Department Carnegie Mellon

Ridge/Lasso Regression Model Selection Ridge/Lasso Regression, Model selection Xuezhi Wang Computer Science Department Carnegie Mellon University 10701-recitation, Apr 22 Lasso Ridge/Lasso Regression Model Selection Outline Ridge/Lasso

584 views • 27 slides

More recommend