2025 | OriginalPaper | Chapter

Formally Verified Implementation of the K-Nearest Neighbors Classification Algorithm

Authors : Bernny Velasquez, Jessica Herring, Nadeem Abdul Hamid

Published in: Formal Methods: Foundations and Applications

Publisher: Springer Nature Switzerland

Classification, one of the most commonly applied algorithmic techniques in data mining, involves assigning a class label to observations based on previously seen data. Among the most ubiquitous and well-known approaches to classification is K-nearest neighbor (\(K\)NN) search, which predicts the class label for a query by determining the plurality class of its K-nearest data points. In this paper, we present a mechanically verified implementation of a K-nearest neighbors classification algorithm in the Coq  proof assistant, a powerful formal verification tool. Formally certifying the implementation, by proving that it meets its specification, provides a strong guarantee and high confidence that the classifier actually produces results in the expected manner. Given the conceptually simple nature of the \(K\)NN algorithm, this serves as a good baseline for developing specification and verification techniques for machine learning implementations.

Throughout the paper, lowercase k denotes the number of dimensions of the data points and uppercase K is the number of nearest neighbors that are sought.
The Coq syntax we use for function headers is: \((\textit{ident}_{\tiny \text {{function}}}\ {\textbf {(}}\textit{ident}_{\tiny \text {{param}}} {\textbf {:}} \ \textit{type}_{\tiny \text {{param}}} {\textbf {)}} \cdots \ {\textbf {(}}\textit{ident}_{\tiny \text {{param}}}\ {\textbf {:}} \ \textit{type}_{\tiny \text {{param}}} {\textbf {)}}\ {\textbf {:}} \ \textit{type}_{\tiny \text {{return}}})\) representing a named function with explicitly-typed parameters.
As part of our work for the implementation of this paper, we abstracted the distance metric, D, used by knn_search - an improvement over [16]. For space reasons, we omit any further discussion about it throughout the rest of this paper.
Conventionally, in Coq theorem statements, a conjunction of premises is written as a string of implication clauses (... -> ... -> ...).
Note, that correctness of the mechanics of the algorithm implementation (as formalized in this work), does not imply that the algorithm will necessarily produce accurate classifications for data points. It could well be that the correct plurality vote of the K nearest neighbors is different from the actual label of a query point.
