Formalizing Size-Optimal Sorting Networks: Extracting a Certified Proof Checker

Abstract: Abstract. Since the proof of the four color theorem in 1976, computergenerated proofs have become a reality in mathematics and computer science. During the last decade, we have seen formal proofs using verified proof assistants being used to verify the validity of such proofs. In this paper, we describe a formalized theory of size-optimal sorting networks. From this formalization we extract a certified checker that successfully verifies computer-generated proofs of optimality on up to 8 inputs. The checker rel… Show more

“…This is the first time that the symbiosis between the prune algorithm and the implementation of the untrusted oracle becomes a key ingredient for optimization. As we use an offline oracle [6], we can actually reorder the oracle information to suit the needs of the checker with an efficient (untrusted) preprocessor. An inspection of the definition of Generate shows that comparators are added in lexicographic order, and we can pre-process the oracle information such that the subsumptions are provided in the same order.…”

“…Subsequently [6], we formalized the relevant theory of sorting networks in Coq, therefrom extracting a certified checker able to confirm the validity of our informal computer-generated proof. The checker bypasses the original search steps by means of an untrusted oracle, implemented by reading the log file produced by the original program, and could verify the proof for the smaller case of 8 inputs, thereby constituting the first computer-validated proof of the results in [7].…”

“…Section 2 shortly introduces the basic of sorting networks, the generate-andprune algorithm from [3], and our formalization from [6] to the degree necessary to understand the improvements. In Section 3 we change the checker algorithm in the formalization in order to bring runtime down by at least an order of magnitude, while we reduce memory footprint by a factor of 3 in Section 4.…”

“…Therefore, we formalized the soundness of generate-and-prune in the theorem prover Coq with the goal of extracting a provenly correct checker of the same result [6] to Haskell. 1 In order to eliminate the search step in Prune, this formalization is parameterized on an oracle, which produces triples C a , C b , π such that C a ≤ π C b .…”

“…We then specify what it means for a comparator network to be a sorting network on n channels, and show that this is a decidable predicate. The details of the formalization of the theory of sorting networks can be found in [6].…”

Optimizing a Certified Proof Checker for a Large-Scale Computer-Generated Proof

“…This is the first time that the symbiosis between the prune algorithm and the implementation of the untrusted oracle becomes a key ingredient for optimization. As we use an offline oracle [6], we can actually reorder the oracle information to suit the needs of the checker with an efficient (untrusted) preprocessor. An inspection of the definition of Generate shows that comparators are added in lexicographic order, and we can pre-process the oracle information such that the subsumptions are provided in the same order.…”

“…Subsequently [6], we formalized the relevant theory of sorting networks in Coq, therefrom extracting a certified checker able to confirm the validity of our informal computer-generated proof. The checker bypasses the original search steps by means of an untrusted oracle, implemented by reading the log file produced by the original program, and could verify the proof for the smaller case of 8 inputs, thereby constituting the first computer-validated proof of the results in [7].…”

“…Section 2 shortly introduces the basic of sorting networks, the generate-andprune algorithm from [3], and our formalization from [6] to the degree necessary to understand the improvements. In Section 3 we change the checker algorithm in the formalization in order to bring runtime down by at least an order of magnitude, while we reduce memory footprint by a factor of 3 in Section 4.…”

“…Therefore, we formalized the soundness of generate-and-prune in the theorem prover Coq with the goal of extracting a provenly correct checker of the same result [6] to Haskell. 1 In order to eliminate the search step in Prune, this formalization is parameterized on an oracle, which produces triples C a , C b , π such that C a ≤ π C b .…”

“…We then specify what it means for a comparator network to be a sorting network on n channels, and show that this is a decidable predicate. The details of the formalization of the theory of sorting networks can be found in [6].…”

Optimizing a Certified Proof Checker for a Large-Scale Computer-Generated Proof

Efficient Certified Resolution Proof Checking

Formally Proving Size Optimality of Sorting Networks