![Page 1: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/1.jpg)
Dual Pivot Quicksort: Verification and Proofusing KeY
Jonas Schiffl
Karlsruher Institut fur Technologie
July 27th, 2016
![Page 2: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/2.jpg)
Introduction
Why verify Dual Pivot Quicksort?
I Inspired by discovery of Timsort Bug
I Widely used standard library algorithm
I Complex enough
I Simple enough
![Page 3: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/3.jpg)
Introduction
Why verify Dual Pivot Quicksort?
I Inspired by discovery of Timsort Bug
I Widely used standard library algorithm
I Complex enough
I Simple enough
![Page 4: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/4.jpg)
Introduction
Why verify Dual Pivot Quicksort?
I Inspired by discovery of Timsort Bug
I Widely used standard library algorithm
I Complex enough
I Simple enough
![Page 5: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/5.jpg)
Introduction
Why verify Dual Pivot Quicksort?
I Inspired by discovery of Timsort Bug
I Widely used standard library algorithm
I Complex enough
I Simple enough
![Page 6: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/6.jpg)
Introduction
Why verify Dual Pivot Quicksort?
I Inspired by discovery of Timsort Bug
I Widely used standard library algorithm
I Complex enough
I Simple enough
![Page 7: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/7.jpg)
Introduction
Why verify Dual Pivot Quicksort?
I Inspired by discovery of Timsort Bug
I Widely used standard library algorithm
I Complex enough
I Simple enough
![Page 8: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/8.jpg)
Section 1
Algorithm Description
![Page 9: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/9.jpg)
Quicksort
array index
value ofelementat index
![Page 10: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/10.jpg)
Quicksort
array index
value ofelementat index
![Page 11: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/11.jpg)
Quicksort
array index
value ofelementat index
![Page 12: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/12.jpg)
Quicksort
array index
value ofelementat index
![Page 13: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/13.jpg)
Quicksort
array index
value ofelementat index
![Page 14: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/14.jpg)
Quicksort
array index
value ofelementat index
![Page 15: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/15.jpg)
Quicksort
array index
value ofelementat index
![Page 16: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/16.jpg)
Quicksort
array index
value ofelementat index
![Page 17: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/17.jpg)
Quicksort
array index
value ofelementat index
![Page 18: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/18.jpg)
Dual Pivot Quicksort
array index
value ofelementat index
![Page 19: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/19.jpg)
Dual Pivot Quicksort
array index
value ofelementat index
![Page 20: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/20.jpg)
Dual Pivot Quicksort
array index
value ofelementat index
![Page 21: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/21.jpg)
Dual Pivot Quicksort
Why use Dual Pivot Quicksort?
I Theory: Average number of swaps reduced by 20%(Yaroslavskiy 2009)
I Practice: Multi-pivot Quicksorts are more cache-efficient(Kushagra 2014)
I Benchmarking shows it is faster
![Page 22: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/22.jpg)
Dual Pivot Quicksort
Why use Dual Pivot Quicksort?
I Theory: Average number of swaps reduced by 20%(Yaroslavskiy 2009)
I Practice: Multi-pivot Quicksorts are more cache-efficient(Kushagra 2014)
I Benchmarking shows it is faster
![Page 23: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/23.jpg)
Dual Pivot Quicksort
Why use Dual Pivot Quicksort?
I Theory: Average number of swaps reduced by 20%(Yaroslavskiy 2009)
I Practice: Multi-pivot Quicksorts are more cache-efficient(Kushagra 2014)
I Benchmarking shows it is faster
![Page 24: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/24.jpg)
Dual Pivot Quicksort
Why use Dual Pivot Quicksort?
I Theory: Average number of swaps reduced by 20%(Yaroslavskiy 2009)
I Practice: Multi-pivot Quicksorts are more cache-efficient(Kushagra 2014)
I Benchmarking shows it is faster
![Page 25: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/25.jpg)
Java Implementation – Choosing a Sorting Algorithm
data type?
length?
byte
Counting Sort Insertion Sort
>29
<=29
length?
short, char
>3200 <47
Quicksort
else
length? highly structured?
int, long, float, double
<47
>285
elseno
Merge Sort
yes
![Page 26: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/26.jpg)
Java Implementation – Choosing a Sorting Algorithm
data type?
length?
byte
Counting Sort Insertion Sort
>29
<=29
length?
short, char
>3200 <47
Quicksort
else
length? highly structured?
int, long, float, double
<47
>285
elseno
Merge Sort
yes
![Page 27: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/27.jpg)
Java Implementation – Quicksort
Quicksort
Select 5 evenly spaced array elements
Sort elements in their positionsAll 5
elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?Pivot Values Partition
yes
Recursion
no
![Page 28: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/28.jpg)
Java Implementation – Quicksort
Quicksort Select 5 evenly spaced array elements
Sort elements in their positionsAll 5
elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?Pivot Values Partition
yes
Recursion
no
![Page 29: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/29.jpg)
Java Implementation – Quicksort
Quicksort Select 5 evenly spaced array elements
Sort elements in their positions
All 5elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?Pivot Values Partition
yes
Recursion
no
![Page 30: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/30.jpg)
Java Implementation – Quicksort
Quicksort Select 5 evenly spaced array elements
Sort elements in their positionsAll 5
elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?Pivot Values Partition
yes
Recursion
no
![Page 31: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/31.jpg)
Java Implementation – Quicksort
Quicksort Select 5 evenly spaced array elements
Sort elements in their positionsAll 5
elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?Pivot Values Partition
yes
Recursion
no
![Page 32: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/32.jpg)
Java Implementation – Quicksort
Quicksort Select 5 evenly spaced array elements
Sort elements in their positionsAll 5
elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?Pivot Values Partition
yes
Recursion
no
![Page 33: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/33.jpg)
Java Implementation – Quicksort
Quicksort Select 5 evenly spaced array elements
Sort elements in their positionsAll 5
elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?
Pivot Values Partitionyes
Recursion
no
![Page 34: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/34.jpg)
Java Implementation – Quicksort
Quicksort Select 5 evenly spaced array elements
Sort elements in their positionsAll 5
elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?Pivot Values Partition
yes
Recursion
no
![Page 35: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/35.jpg)
Java Implementation – Quicksort
Quicksort Select 5 evenly spaced array elements
Sort elements in their positionsAll 5
elementsdistinct?
Single Pivot Partition
no
Dual Pivot Partition
yes
Centralpart
large?Pivot Values Partition
yes
Recursion
no
![Page 36: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/36.jpg)
Java Implementation – Single Pivot Partition
array index
value ofelementat index
![Page 37: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/37.jpg)
Java Implementation – Single Pivot Partition
array index
value ofelementat index
![Page 38: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/38.jpg)
Java Implementation – Dual Pivot Partition
array index
value ofelementat index
![Page 39: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/39.jpg)
Java Implementation – Dual Pivot Partition
array index
value ofelementat index
![Page 40: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/40.jpg)
Java Implementation – Swap Pivot Values Partition
array index
value ofelementat index
![Page 41: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/41.jpg)
Java Implementation – Swap Pivot Values Partition
array index
value ofelementat index
![Page 42: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/42.jpg)
Java Implementation – Partitioning
less k great
![Page 43: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/43.jpg)
Java Implementation – Partitioning
less k great
![Page 44: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/44.jpg)
Java Implementation – Partitioning
less k great
![Page 45: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/45.jpg)
Java Implementation – Partitioning
less k great
![Page 46: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/46.jpg)
Java Implementation – Partitioning
less k great
![Page 47: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/47.jpg)
Java Implementation – Partitioning
less k great
![Page 48: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/48.jpg)
Java Implementation – Partitioning
less k great
![Page 49: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/49.jpg)
Java Implementation – Partitioning
less k great
![Page 50: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/50.jpg)
Java Implementation – Partitioning
less k great
![Page 51: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/51.jpg)
Java Implementation – Partitioning
less k great
![Page 52: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/52.jpg)
Java Implementation – Partitioning
less k great
![Page 53: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/53.jpg)
Java Implementation – Partitioning
less k great
![Page 54: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/54.jpg)
Section 2
Specification and Proof
![Page 55: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/55.jpg)
Work Flow
I Encapsulating source code in its own Java class
I Subdivision into three classes: One per partitioning style
I Writing specificationRunning KeYAdapting specification or source code
![Page 56: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/56.jpg)
Work Flow
I Encapsulating source code in its own Java class
I Subdivision into three classes: One per partitioning style
I Writing specificationRunning KeYAdapting specification or source code
![Page 57: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/57.jpg)
Work Flow
I Encapsulating source code in its own Java class
I Subdivision into three classes: One per partitioning style
I Writing specificationRunning KeYAdapting specification or source code
![Page 58: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/58.jpg)
Work Flow
I Encapsulating source code in its own Java class
I Subdivision into three classes: One per partitioning style
I Writing specificationRunning KeYAdapting specification or source code
![Page 59: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/59.jpg)
General KeY Strategy
I Autopilot Strategy MacroI If proof fails:
I Confirm by generating counterexampleI Find violated specification conditionI Adapt specification (or source code)
I If no proof is found:I Increase number of steps (?)I Interactive Rule Apps (Quantifier Instantiation,
if-then-else-split)I Heap Simplification + SMT Solver
![Page 60: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/60.jpg)
General KeY Strategy
I Autopilot Strategy Macro
I If proof fails:I Confirm by generating counterexampleI Find violated specification conditionI Adapt specification (or source code)
I If no proof is found:I Increase number of steps (?)I Interactive Rule Apps (Quantifier Instantiation,
if-then-else-split)I Heap Simplification + SMT Solver
![Page 61: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/61.jpg)
General KeY Strategy
I Autopilot Strategy MacroI If proof fails:
I Confirm by generating counterexampleI Find violated specification conditionI Adapt specification (or source code)
I If no proof is found:I Increase number of steps (?)I Interactive Rule Apps (Quantifier Instantiation,
if-then-else-split)I Heap Simplification + SMT Solver
![Page 62: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/62.jpg)
General KeY Strategy
I Autopilot Strategy MacroI If proof fails:
I Confirm by generating counterexampleI Find violated specification conditionI Adapt specification (or source code)
I If no proof is found:I Increase number of steps (?)I Interactive Rule Apps (Quantifier Instantiation,
if-then-else-split)I Heap Simplification + SMT Solver
![Page 63: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/63.jpg)
Feasibility – Problems with KeY
I Computation timeI Method extractionI Exact LocalizationI SMT SolverI Block Contracts
I Error in specification or lack of resources?
I Localizability
I Stability
I Responsiveness
![Page 64: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/64.jpg)
Feasibility – Problems with KeY
I Computation time
I Method extractionI Exact LocalizationI SMT SolverI Block Contracts
I Error in specification or lack of resources?
I Localizability
I Stability
I Responsiveness
![Page 65: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/65.jpg)
Feasibility – Problems with KeY
I Computation timeI Method extractionI Exact LocalizationI SMT SolverI Block Contracts
I Error in specification or lack of resources?
I Localizability
I Stability
I Responsiveness
![Page 66: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/66.jpg)
Feasibility – Problems with KeY
I Computation timeI Method extractionI Exact LocalizationI SMT SolverI Block Contracts
I Error in specification or lack of resources?
I Localizability
I Stability
I Responsiveness
![Page 67: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/67.jpg)
Feasibility – Problems with KeY
I Computation timeI Method extractionI Exact LocalizationI SMT SolverI Block Contracts
I Error in specification or lack of resources?
I Localizability
I Stability
I Responsiveness
![Page 68: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/68.jpg)
Feasibility – Problems with KeY
I Computation timeI Method extractionI Exact LocalizationI SMT SolverI Block Contracts
I Error in specification or lack of resources?
I Localizability
I Stability
I Responsiveness
![Page 69: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/69.jpg)
Feasibility – Problems with KeY
I Computation timeI Method extractionI Exact LocalizationI SMT SolverI Block Contracts
I Error in specification or lack of resources?
I Localizability
I Stability
I Responsiveness
![Page 70: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/70.jpg)
Violation of Single Pivot Partition Invariant
less k great
![Page 71: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/71.jpg)
Violation of Single Pivot Partition Invariant
less k great
![Page 72: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/72.jpg)
Violation of Single Pivot Partition Invariant
while (a[great] > pivot2) {
if (great -- == k) {
break outer;
}
}
while (a[great] == pivot2) {
if (great -- == k) {
break outer;
}
}
while (a[great] > pivot) {
--great;
}
...
![Page 73: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/73.jpg)
Violation of Single Pivot Partition Invariant
less great k
... ... ...
< = > = >
![Page 74: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/74.jpg)
Section 3
Conclusive Remarks
![Page 75: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/75.jpg)
Conclusive Remarks
I Verifying a large, complex, real-world Java program with KeYis feasable, but not without challenges
I Correct sorting, but invariant is violated
![Page 76: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/76.jpg)
Conclusive Remarks
I Verifying a large, complex, real-world Java program with KeYis feasable, but not without challenges
I Correct sorting, but invariant is violated
![Page 77: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/77.jpg)
Conclusive Remarks
I Verifying a large, complex, real-world Java program with KeYis feasable, but not without challenges
I Correct sorting, but invariant is violated
![Page 78: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/78.jpg)
Conclusive Remarks
I Verifying a large, complex, real-world Java program with KeYis feasable, but not without challenges
I Correct sorting, but invariant is violated
![Page 79: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/79.jpg)
Further Work
I Prove permutation property
I Prove method as-is
I Prove entire sort(int[]) method
I Prove entire sort method
![Page 80: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/80.jpg)
Further Work
I Prove permutation property
I Prove method as-is
I Prove entire sort(int[]) method
I Prove entire sort method
![Page 81: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/81.jpg)
Further Work
I Prove permutation property
I Prove method as-is
I Prove entire sort(int[]) method
I Prove entire sort method
![Page 82: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/82.jpg)
Further Work
I Prove permutation property
I Prove method as-is
I Prove entire sort(int[]) method
I Prove entire sort method
![Page 83: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/83.jpg)
Further Work
I Prove permutation property
I Prove method as-is
I Prove entire sort(int[]) method
I Prove entire sort method
![Page 84: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/84.jpg)
Further Work
I Prove permutation property
I Prove method as-is
I Prove entire sort(int[]) method
I Prove entire sort method
![Page 85: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/85.jpg)
Statistics – Single Pivot Partition
Method Nodes Branches Time [s] Rule Apps Interactive SMT
case right 14784 114 17,7 18919 0 0
split 17609 90 23,8 24189 0 0
sort(array, left, right) 18495 101 18,8 22839 0 0
sort(array) 654 7 0,4 1342 0 0
Total 51542 312 60.7 67289 0 0
![Page 86: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/86.jpg)
Statistics – Swap Pivot Values Partition
Method Nodes Branches Time [s] Rule Apps Interactive SMT
move great left 1245 16 0,8 2346 0 0
move less right 2120 14 1,8 3224 0 0
swap values 123636 407 246,6 138039 0 0
Total 127001 437 249.2 143609 0 0
![Page 87: Dual Pivot Quicksort: Verification and Proof using KeYi12Dual Pivot Quicksort: Veri cation and Proof using KeY Jonas Schi Karlsruher Institut fur Technologie July 27th, 2016 Introduction](https://reader034.vdocuments.mx/reader034/viewer/2022052408/604ccfda5d1aac4a057ac284/html5/thumbnails/87.jpg)
Statistics – Dual Pivot Partition
Method Nodes Branches Time [s] Rule Apps Interactive SMT
calc indices 24533 8 49,6 24835 0 0
insertionsort indices 50816 365 137,4 73056 0 34
prepare indices 5332 28 6,4 7153 0 0
move great left 1650 15 1,1 2605 0 0
move great in loop 1580 18 1,1 2787 0 0
move less right 1928 14 1,4 2967 0 0
loop body 52134 287 57,3 56263 18 0
split 28751 98 109,6 51666 0 36
sort(int[],left,right) 51342 305 459,6 76973 114 116
sort(int[]) 611 5 0,4 1236 0 0
Total 218677 1143 823,9 299541 132 186
Entire Proof 297220 1892 1133,8 510439 132 186