Abstract
Sorting is a fundamental functionality in libraries, for which efficiency is crucial. Correctness of the highly optimised implementations is often taken for granted. De Gouw et al. have shown that this certainty is deceptive by revealing a bug in the Java Development Kit (JDK) implementation of TimSort.
We have formally analysed the other implementation of sorting in the JDK standard library: A highly efficient implementation of a dual pivot quicksort algorithm. We were able to deductively prove that the algorithm implementation is correct. However, a loop invariant which is annotated to the source code does not hold.
This paper reports on how an existing piece of non-trivial Java software can be made accessible to deductive verification and successfully proved correct, for which we use the Java verification engine KeY.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The first element of the array range to be sorted acts as the pivot element, instead of choosing the median of the initially chosen five elements, as in the JDK implementation.
References
Proving JDK’s dual pivot quicksort correct. Blog post, companion website. https://www.key-project.org/2017/08/17/dual-pivot/
Abano, C., Chu, G., Eiseman, G., Fu, J., Yu, T.: Lab report, Rutgers University
Ahrendt, W., Beckert, B., Bubel, R., Hähnle, R., Schmitt, P.H., Ulbrich, M. (eds.): Deductive Software Verification: The KeY Book. From Theory to Practice. LNCS, vol. 10001. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-319-49812-6
Beckert, B., Bormer, T., Grahl, D.: Deductive verification of legacy code. In: Margaria, T., Steffen, B. (eds.) ISoLA 2016. LNCS, vol. 9952, pp. 749–765. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47166-2_53
Black, P.E., Becker, G., Murray, N.V.: Formal verification of a merge sort program with static semantics. ACM SIGPLAN Not. 30(4), 51–60 (1995)
Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15
Galeotti, J.P., Furia, C.A., May, E., Fraser, G., Zeller, A.: Inferring loop invariants by mutation, dynamic analysis, and static checking. IEEE Trans. Softw. Eng. 41(10), 1019–1037 (2015)
de Gouw, S., de Boer, F.S., Rot, J.: Verification of counting sort and radix sort. In: Ahrendt, et al. [3], pp. 609–618
de Gouw, S., Rot, J., de Boer, F.S., Bubel, R., Hähnle, R.: OpenJDK’s Java.utils.Collection.sort() is broken: the good, the bad and the worst case. In: Kroening, D., Păsăreanu, C.S. (eds.) CAV 2015. LNCS, vol. 9206, pp. 273–289. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21690-4_16
Hoare, C.A.R.: Quicksort. Comput. J. 5(1), 10–16 (1962)
Huisman, M., Ahrendt, W., Grahl, D., Hentschel, M.: Formal specification with the Java modeling language. In: Ahrendt et al. [3], pp. 193–241
Huisman, M., Monahan, R., Mostowski, W., Müller, P., Ulbrich, M.: VerifyThis 2017: A program verification competition. Technical Report Karlsruhe Reports in Informatics 2017–10, Karlsruhe Institute of Technology (2017)
Kushagra, S., López-Ortiz, A., Munro, J.I., Qiao, A.: Multi-pivot quicksort: Theory and experiments. In: Proceedings of the Meeting on Algorithm Engineering and Experiments, pp. 47–60. Society for Industrial and Applied Mathematics (2014)
Leavens, G.T., Poll, E., Clifton, C., Cheon, Y., Ruby, C., Cok, D., Müller, P., Kiniry, J., Chalin, P., Zimmerman, D.M., Dietl, W.: JML Reference Manual (2013). draft Revision 2344
Leino, K.R.M.: Efficient weakest preconditions. Inf. Process. Lett. 93(6), 281–288 (2005). https://doi.org/10.1016/j.ipl.2004.10.015
Leino, K.R.M., Lucio, P.: An assertional proof of the stability and correctness of natural mergesort. ACM Trans. Comput. Log. 17(1), 6:1–6:22 (2015)
Scheurer, D., Hähnle, R., Bubel, R.: A general lattice model for merging symbolic execution branches. In: Ogata, K., Lawford, M., Liu, S. (eds.) ICFEM 2016. LNCS, vol. 10009, pp. 57–73. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-47846-3_5
Schmitt, P.H.: Some notes on permutations. Technical Report 7, Department of Informatics, Karlsruhe Institute of Technology (2017). http://publikationen.bibliothek.kit.edu/1000068624
Schmitt, P.H., Bubel, R.: Theories. In: Ahrendt et al. [3], pp. 149–166
Wild, S., Nebel, M.E., Neininger, R.: Average case and distributional analysis of Java 7’s dual pivot quicksort. CoRR abs/1304.0988 (2013). http://arxiv.org/abs/1304.0988
Yaroslavskiy, V.: Dual-pivot quicksort algorithm (2009). http://codeblab.com/wp-content/uploads/2009/09/DualPivotQuicksort.pdf. published online
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Beckert, B., Schiffl, J., Schmitt, P.H., Ulbrich, M. (2017). Proving JDK’s Dual Pivot Quicksort Correct. In: Paskevich, A., Wies, T. (eds) Verified Software. Theories, Tools, and Experiments. VSTTE 2017. Lecture Notes in Computer Science(), vol 10712. Springer, Cham. https://doi.org/10.1007/978-3-319-72308-2_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-72308-2_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72307-5
Online ISBN: 978-3-319-72308-2
eBook Packages: Computer ScienceComputer Science (R0)