Dual Pivot Quicksort: Verification and Proof using KeY Jonas - - PowerPoint PPT Presentation

dual pivot quicksort verification and proof using key
SMART_READER_LITE
LIVE PREVIEW

Dual Pivot Quicksort: Verification and Proof using KeY Jonas - - PowerPoint PPT Presentation

Oct 31, 2023 147 likes •1.02k views

Dual Pivot Quicksort: Verification and Proof using KeY Jonas Schiffl Karlsruher Institut f ur Technologie July 27th, 2016 Introduction Introduction Why verify Dual Pivot Quicksort? Introduction Why verify Dual Pivot Quicksort?

slide-1
SLIDE 1

Dual Pivot Quicksort: Verification and Proof using KeY

Jonas Schiffl

Karlsruher Institut f¨ ur Technologie

July 27th, 2016

slide-2
SLIDE 2

Introduction

slide-3
SLIDE 3

Introduction

Why verify Dual Pivot Quicksort?

slide-4
SLIDE 4

Introduction

Why verify Dual Pivot Quicksort?

◮ Inspired by discovery of Timsort Bug

slide-5
SLIDE 5

Introduction

Why verify Dual Pivot Quicksort?

◮ Inspired by discovery of Timsort Bug ◮ Widely used standard library algorithm

slide-6
SLIDE 6

Introduction

Why verify Dual Pivot Quicksort?

◮ Inspired by discovery of Timsort Bug ◮ Widely used standard library algorithm ◮ Complex enough

slide-7
SLIDE 7

Introduction

Why verify Dual Pivot Quicksort?

◮ Inspired by discovery of Timsort Bug ◮ Widely used standard library algorithm ◮ Complex enough ◮ Simple enough

slide-8
SLIDE 8

Section 1 Algorithm Description

slide-9
SLIDE 9

Quicksort

array index value of element at index

slide-10
SLIDE 10

Quicksort

array index value of element at index

slide-11
SLIDE 11

Quicksort

array index value of element at index

slide-12
SLIDE 12

Quicksort

array index value of element at index

slide-13
SLIDE 13

Quicksort

array index value of element at index

slide-14
SLIDE 14

Quicksort

array index value of element at index

slide-15
SLIDE 15

Quicksort

array index value of element at index

slide-16
SLIDE 16

Quicksort

array index value of element at index

slide-17
SLIDE 17

Quicksort

array index value of element at index

slide-18
SLIDE 18

Dual Pivot Quicksort

array index value of element at index

slide-19
SLIDE 19

Dual Pivot Quicksort

array index value of element at index

slide-20
SLIDE 20

Dual Pivot Quicksort

array index value of element at index

slide-21
SLIDE 21

Dual Pivot Quicksort

Why use Dual Pivot Quicksort?

slide-22
SLIDE 22

Dual Pivot Quicksort

Why use Dual Pivot Quicksort?

◮ Theory: Average number of swaps reduced by 20%

(Yaroslavskiy 2009)

slide-23
SLIDE 23

Dual Pivot Quicksort

Why use Dual Pivot Quicksort?

◮ Theory: Average number of swaps reduced by 20%

(Yaroslavskiy 2009)

◮ Practice: Multi-pivot Quicksorts are more cache-efficient

(Kushagra 2014)

slide-24
SLIDE 24

Dual Pivot Quicksort

Why use Dual Pivot Quicksort?

◮ Theory: Average number of swaps reduced by 20%

(Yaroslavskiy 2009)

◮ Practice: Multi-pivot Quicksorts are more cache-efficient

(Kushagra 2014)

◮ Benchmarking shows it is faster

slide-25
SLIDE 25

Java Implementation – Choosing a Sorting Algorithm

slide-26
SLIDE 26

Java Implementation – Choosing a Sorting Algorithm

data type? length? byte Counting Sort Insertion Sort >29 <=29 length? short, char >3200 <47 Quicksort else length? highly structured? int, long, float, double <47 >285 else no Merge Sort yes

slide-27
SLIDE 27

Java Implementation – Quicksort

Quicksort

slide-28
SLIDE 28

Java Implementation – Quicksort

Quicksort Select 5 evenly spaced array elements

slide-29
SLIDE 29

Java Implementation – Quicksort

Quicksort Select 5 evenly spaced array elements Sort elements in their positions

slide-30
SLIDE 30

Java Implementation – Quicksort

Quicksort Select 5 evenly spaced array elements Sort elements in their positions All 5 elements distinct?

slide-31
SLIDE 31

Java Implementation – Quicksort

Quicksort Select 5 evenly spaced array elements Sort elements in their positions All 5 elements distinct? Single Pivot Partition no

slide-32
SLIDE 32

Java Implementation – Quicksort

Quicksort Select 5 evenly spaced array elements Sort elements in their positions All 5 elements distinct? Single Pivot Partition no Dual Pivot Partition yes

slide-33
SLIDE 33

Java Implementation – Quicksort

Quicksort Select 5 evenly spaced array elements Sort elements in their positions All 5 elements distinct? Single Pivot Partition no Dual Pivot Partition yes Central part large?

slide-34
SLIDE 34

Java Implementation – Quicksort

Quicksort Select 5 evenly spaced array elements Sort elements in their positions All 5 elements distinct? Single Pivot Partition no Dual Pivot Partition yes Central part large? Pivot Values Partition yes

slide-35
SLIDE 35

Java Implementation – Quicksort

Quicksort Select 5 evenly spaced array elements Sort elements in their positions All 5 elements distinct? Single Pivot Partition no Dual Pivot Partition yes Central part large? Pivot Values Partition yes Recursion no

slide-36
SLIDE 36

Java Implementation – Single Pivot Partition

array index value of element at index

slide-37
SLIDE 37

Java Implementation – Single Pivot Partition

array index value of element at index

slide-38
SLIDE 38

Java Implementation – Dual Pivot Partition

array index value of element at index

slide-39
SLIDE 39

Java Implementation – Dual Pivot Partition

array index value of element at index

slide-40
SLIDE 40

Java Implementation – Swap Pivot Values Partition

array index value of element at index

slide-41
SLIDE 41

Java Implementation – Swap Pivot Values Partition

array index value of element at index

slide-42
SLIDE 42

Java Implementation – Partitioning

less k great

slide-43
SLIDE 43

Java Implementation – Partitioning

less k great

slide-44
SLIDE 44

Java Implementation – Partitioning

less k great

slide-45
SLIDE 45

Java Implementation – Partitioning

less k great

slide-46
SLIDE 46

Java Implementation – Partitioning

less k great

slide-47
SLIDE 47

Java Implementation – Partitioning

less k great

slide-48
SLIDE 48

Java Implementation – Partitioning

less k great

slide-49
SLIDE 49

Java Implementation – Partitioning

less k great

slide-50
SLIDE 50

Java Implementation – Partitioning

less k great

slide-51
SLIDE 51

Java Implementation – Partitioning

less k great

slide-52
SLIDE 52

Java Implementation – Partitioning

less k great

slide-53
SLIDE 53

Java Implementation – Partitioning

less k great

slide-54
SLIDE 54

Section 2 Specification and Proof

slide-55
SLIDE 55

Work Flow

slide-56
SLIDE 56

Work Flow

◮ Encapsulating source code in its own Java class

slide-57
SLIDE 57

Work Flow

◮ Encapsulating source code in its own Java class ◮ Subdivision into three classes: One per partitioning style

slide-58
SLIDE 58

Work Flow

◮ Encapsulating source code in its own Java class ◮ Subdivision into three classes: One per partitioning style ◮ Writing specification

Running KeY Adapting specification or source code

slide-59
SLIDE 59

General KeY Strategy

slide-60
SLIDE 60

General KeY Strategy

◮ Autopilot Strategy Macro

slide-61
SLIDE 61

General KeY Strategy

◮ Autopilot Strategy Macro ◮ If proof fails:

◮ Confirm by generating counterexample ◮ Find violated specification condition ◮ Adapt specification (or source code)

slide-62
SLIDE 62

General KeY Strategy

◮ Autopilot Strategy Macro ◮ If proof fails:

◮ Confirm by generating counterexample ◮ Find violated specification condition ◮ Adapt specification (or source code)

◮ If no proof is found:

◮ Increase number of steps (?) ◮ Interactive Rule Apps (Quantifier Instantiation,

if-then-else-split)

◮ Heap Simplification + SMT Solver

slide-63
SLIDE 63

Feasibility – Problems with KeY

slide-64
SLIDE 64

Feasibility – Problems with KeY

◮ Computation time

slide-65
SLIDE 65

Feasibility – Problems with KeY

◮ Computation time

◮ Method extraction ◮ Exact Localization ◮ SMT Solver ◮ Block Contracts

slide-66
SLIDE 66

Feasibility – Problems with KeY

◮ Computation time

◮ Method extraction ◮ Exact Localization ◮ SMT Solver ◮ Block Contracts

◮ Error in specification or lack of resources?

slide-67
SLIDE 67

Feasibility – Problems with KeY

◮ Computation time

◮ Method extraction ◮ Exact Localization ◮ SMT Solver ◮ Block Contracts

◮ Error in specification or lack of resources? ◮ Localizability

slide-68
SLIDE 68

Feasibility – Problems with KeY

◮ Computation time

◮ Method extraction ◮ Exact Localization ◮ SMT Solver ◮ Block Contracts

◮ Error in specification or lack of resources? ◮ Localizability ◮ Stability

slide-69
SLIDE 69

Feasibility – Problems with KeY

◮ Computation time

◮ Method extraction ◮ Exact Localization ◮ SMT Solver ◮ Block Contracts

◮ Error in specification or lack of resources? ◮ Localizability ◮ Stability ◮ Responsiveness

slide-70
SLIDE 70

Violation of Single Pivot Partition Invariant

slide-71
SLIDE 71

Violation of Single Pivot Partition Invariant

less k great

slide-72
SLIDE 72

Violation of Single Pivot Partition Invariant

while (a[great] > pivot2) { if (great -- == k) { break

  • uter;

} } while (a[great] == pivot2) { if (great -- == k) { break

  • uter;

} } while (a[great] > pivot) {

  • -great;

} ...

slide-73
SLIDE 73

Violation of Single Pivot Partition Invariant

less great k ... ... ... < = > = >

slide-74
SLIDE 74

Section 3 Conclusive Remarks

slide-75
SLIDE 75

Conclusive Remarks

slide-76
SLIDE 76

Conclusive Remarks

◮ Verifying a large, complex, real-world Java program with KeY

is feasable, but not without challenges

slide-77
SLIDE 77

Conclusive Remarks

◮ Verifying a large, complex, real-world Java program with KeY

is feasable, but not without challenges

◮ Correct sorting, but invariant is violated

slide-78
SLIDE 78

Conclusive Remarks

◮ Verifying a large, complex, real-world Java program with KeY

is feasable, but not without challenges

◮ Correct sorting, but invariant is violated

slide-79
SLIDE 79

Further Work

slide-80
SLIDE 80

Further Work

◮ Prove permutation property

slide-81
SLIDE 81

Further Work

◮ Prove permutation property ◮ Prove method as-is

slide-82
SLIDE 82

Further Work

◮ Prove permutation property ◮ Prove method as-is ◮ Prove entire sort(int[]) method

slide-83
SLIDE 83

Further Work

◮ Prove permutation property ◮ Prove method as-is ◮ Prove entire sort(int[]) method ◮ Prove entire sort method

slide-84
SLIDE 84

Further Work

◮ Prove permutation property ◮ Prove method as-is ◮ Prove entire sort(int[]) method ◮ Prove entire sort method

slide-85
SLIDE 85

Statistics – Single Pivot Partition

Method Nodes Branches Time [s] Rule Apps Interactive SMT case right 14784 114 17,7 18919 split 17609 90 23,8 24189 sort(array, left, right) 18495 101 18,8 22839 sort(array) 654 7 0,4 1342 Total 51542 312 60.7 67289

slide-86
SLIDE 86

Statistics – Swap Pivot Values Partition

Method Nodes Branches Time [s] Rule Apps Interactive SMT move great left 1245 16 0,8 2346 move less right 2120 14 1,8 3224 swap values 123636 407 246,6 138039 Total 127001 437 249.2 143609

slide-87
SLIDE 87

Statistics – Dual Pivot Partition

Method Nodes Branches Time [s] Rule Apps Interactive SMT calc indices 24533 8 49,6 24835 insertionsort indices 50816 365 137,4 73056 34 prepare indices 5332 28 6,4 7153 move great left 1650 15 1,1 2605 move great in loop 1580 18 1,1 2787 move less right 1928 14 1,4 2967 loop body 52134 287 57,3 56263 18 split 28751 98 109,6 51666 36 sort(int[],left,right) 51342 305 459,6 76973 114 116 sort(int[]) 611 5 0,4 1236 Total 218677 1143 823,9 299541 132 186 Entire Proof 297220 1892 1133,8 510439 132 186