An Assertional Proof of the Stability and Correctness of Natural Mergesort

We present a mechanically verified implementation of the sorting algorithm Natural Mergesort that consists of a few methods specified by their contracts of pre/post conditions. Methods are annotated with assertions that allow the automatic verification of the contract satisfaction. This program-proof is made using the state-of-the-art verifier Dafny. We verify not only the standard sortedness property, but also that the algorithm performs a stable sort. Throughout the article, we provide and explain the complete text of the program-proof.

[1]  K. Rustan M. Leino,et al.  The Boogie Verification Debugger (Tool Paper) , 2011, SEFM.

[2]  Frank S. de Boer,et al.  Proof Pearl: The KeY to Correct and Stable Sorting , 2013, Journal of Automated Reasoning.

[3]  Donald E. Knuth,et al.  The Art of Computer Programming: Volume 3: Sorting and Searching , 1998 .

[4]  Roland Carl Backhouse The calculational method , 1995 .

[5]  Nadia Polikarpova,et al.  AutoProof: auto-active functional verification of object-oriented programs , 2015, International Journal on Software Tools for Technology Transfer.

[6]  Frank S. de Boer,et al.  OpenJDK's Java.utils.Collection.sort() Is Broken: The Good, the Bad and the Worst Case , 2015, CAV.

[7]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[8]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[9]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[10]  K. Rustan M. Leino,et al.  Verified Calculations , 2013, VSTTE.

[11]  Roberto Giacobazzi,et al.  Verification, Model Checking, and Abstract Interpretation , 2013, Lecture Notes in Computer Science.

[12]  K. Rustan M. Leino,et al.  The boogie verification debugger , 2011, ICSE 2011.

[13]  K. Rustan M. Leino,et al.  Automating Induction with an SMT Solver , 2012, VMCAI.

[14]  Christian Sternagel Proof Pearl—A Mechanized Proof of GHC’s Mergesort , 2012, Journal of Automated Reasoning.

[15]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[16]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[17]  K. Rustan M. Leino,et al.  Dafny: An Automatic Program Verifier for Functional Correctness , 2010, LPAR.

[18]  K. Rustan M. Leino,et al.  The Dafny Integrated Development Environment , 2014, F-IDE.

[19]  Panagiotis Manolios,et al.  Computer-Aided Reasoning: An Approach , 2011 .

[20]  Marsha Chechik,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2016, Lecture Notes in Computer Science.

[21]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[22]  Bernhard Beckert,et al.  Secure Information Flow for Java. A Dynamic Logic Approach. Extended Version , 2013 .

[23]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[24]  K. Rustan M. Leino,et al.  Specification and verification , 2011, Commun. ACM.

[25]  Bernhard Beckert,et al.  Verification of Object-Oriented Software. The KeY Approach - Foreword by K. Rustan M. Leino , 2007, The KeY Approach.

[26]  Jean-Christophe Filliâtre,et al.  Why3 - Where Programs Meet Provers , 2013, ESOP.