Productivity for proof engineering.

ABSTRACTContext: Recent projects such as L4.verified (the verification of the seL4 microkernel) have demonstrated that large-scale formal program verification is now becoming practical. Objective: We address an important but unstudied aspect of proof engineering: proof productivity. Method: We extracted size and effort data from the history of the development of nine projects associated with L4.verified. Results: We find strong linear relationships between effort and proof size for projects and for individuals. We discuss opportunities and limitations with the use of lines of proof as a size measure, and discuss the importance of understanding proof productivity for future research. Conclusions: An understanding of proof productivity will assist in its further industrial application and provide a basis for cost estimation and understanding of rework and tool usage.