Transformational Verification of Quicksort

TL;DR

This paper demonstrates a transformation-based approach to verify the correctness of a Quicksort program by translating it into constrained Horn clauses, transforming these clauses, and checking their satisfiability with an automated solver.

Contribution

It introduces an extension of existing algorithms for eliminating inductively defined data structures in the context of verifying functional programs.

Findings

Successful verification of Quicksort correctness properties

Extension of transformation algorithms for inductive data structures

Effective use of Eldarica solver for satisfiability checking

Abstract

Many transformation techniques developed for constraint logic programs, also known as constrained Horn clauses (CHCs), have found new useful applications in the field of program verification. In this paper, we work out a nontrivial case study through the transformation-based verification approach. We consider the familiar Quicksort program for sorting lists, written in a functional programming language, and we verify the pre/-postconditions that specify the intended correctness properties of the functions defined in the program. We verify these properties by: (1) translating them into CHCs, (2) transforming the CHCs by removing all list occurrences, and (3) checking the satisfiability of the transformed CHCs by using the Eldarica solver over booleans and integers. The transformation mentioned at Point (2) requires an extension of the algorithms for the elimination of inductively defined data structures presented in previous work, because during one stage of the transformation we use as lemmas some properties that have been proved at previous stages.