Abstract

We present a framework to verify both, functional correctness and worst-case complexity of practically efficient algorithms. We implemented a stepwise refinement approach, using the novel concept of resource currencies to naturally structure the resource analysis along the refinement chain, and allow a fine-grained analysis of operation counts. Our framework targets the LLVM intermediate representation. We extend its semantics from earlier work with a cost model. As case study, we verify the correctness and O(nlog n) worst-case complexity of an implementation of the introsort algorithm, whose performance is on par with the state-of-the-art implementation found in the GNU C++ Library.

Highlights

  • The Refinement Framework has been used to verify the functional correctness of an implementation of introsort that performs on par with libstdc++’s implementation [17]

  • We will describe a practical example later (Section 5.5), and only present an alternative way to prove the refinement in Example 4 here: First, for functional correctness, we use the specification idxs cmpspec (∞) and a program idxs cmp∞ similar to idxs cmp but with all the costs replaced by ∞

  • We have presented a refinement framework for the simultaneous verification of functional correctness and complexity of algorithm implementations with competitive practical performance

Read more

Summary

Introduction

Correctness, and the complexity of algorithms is important. A practically efficient sorting algorithm with O(n log n) worst-case complexity is Musser’s introsort [22]. It allows to implement standard-compliant, practically efficient sorting algorithms. We present techniques to formally verify both, correctness and worst-case complexity of practically efficient implementations. The Refinement Framework has been used to verify the functional correctness of an implementation of introsort that performs on par with libstdc++’s implementation [17]. We already have extended the Refinement Framework to reason about complexity [11] This only supports the Imperative/HOL back end [16]. The performance of our implementation is still on par with libstdc++ We believe that this is the first time that both, correctness and complexity of a sorting algorithm have been formally verified down to a competitive implementation. Our formalization is available at https://www21.in.tum.de/~haslbema/ llvm-time

Specification of Algorithms With Resources
Nondeterministic Computations With Resources
Atomic Operations and Control Flow
Refinement on NREST
Refinement Patterns
LLVM With Cost Semantics
Basic Monad
Shallowly Embedded LLVM Semantics
Cost Model
Reasoning Setup
Primitive Setup
Automatic Refinement
Heap nondeterminism refinement
The Sepref Tool
Extracting Hoare Triples
Attain Supremum
Case Study
Specification of Sorting
Introsort’s Idea
Quicksort Scheme The first phase can be implemented in the following way
Final Insertion Sort
Separating Correctness and Complexity Proofs
Refining to LLVM
Benchmarks
Conclusions
Related Work
Future Work
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call