TimSort is the main sorting algorithm provided by the Java standard library and many other programming frameworks. Our original goal was functional verification of TimSort with mechanical proofs. However, during our verification attempt we discovered a bug which causes the implementation to crash by an uncaught exception. In this paper, we identify conditions under which the bug occurs, and from this we derive a bug-free version that does not compromise performance. We formally specify the new version and verify termination and the absence of exceptions including the bug. This verification is carried out mechanically with KeY, a state-of-the-art interactive verification tool for Java. We provide a detailed description and analysis of the proofs. The complexity of the proofs required extensions and new capabilities in KeY, including symbolic state merging.

中文翻译：

---

验证 OpenJDK 对泛型集合的排序方法

TimSort 是 Java 标准库和许多其他编程框架提供的主要排序算法。我们最初的目标是使用机械证明对 TimSort 进行功能验证。但是，在我们的验证尝试期间，我们发现了一个错误，该错误导致实现因未捕获的异常而崩溃。在本文中，我们确定了错误发生的条件，并从中得出了一个不影响性能的无错误版本。我们正式指定新版本并验证终止和不存在包括错误在内的异常。这种验证是使用 KeY 机械地进行的，KeY 是一种用于 Java 的最先进的交互式验证工具。我们提供了对证明的详细描述和分析。证明的复杂性需要在 Key 中进行扩展和新功能，