Abstract
Red–black trees are convenient data structures for inserting, searching, and deleting keys with logarithmic costs. However, keeping them balanced requires careful programming, and sometimes to deal with a high number of cases. In this paper, we present a functional version of a red–black tree variant called left-leaning, due to R. Sedgewick, which reduces the number of cases to be dealt with to a few ones. The code is rather concise, but reasoning about its correctness requires a rather large effort. We provide formal preconditions and postconditions for all the functions, prove their termination, and that the code satisfies its specifications. The proof is assertional, and consists of interspersing enough assertions among the code in order to help the verification tool to discharge the proof obligations. We have used the Dafny verification platform, which provides the programming language, the assertion language, and the verifier. To our knowledge, this is the first assertional proof of this data structure, and also one of the few ones including deletion.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
Available at https://www.lri.fr/~filliatr/fsets/.
Available at https://coq.inria.fr/library/Coq.MSets.MSetRBT.html.
Java code available in the slides at https://www.cs.princeton.edu/~rs/talks/LLRB/08Dagstuhl/RedBlack.pdf.
Available at https://dalila.sip.ucm.es/~ricardo/LLRB.dfy.
References
Adelson-Velskii, U.M., Landis, E.M.: An algorithm for the organization of information. In: Soviet Mathematics Doklady pp. 1259–1263 (1962)
Andersson, A.: Balanced search trees made simple. In: Dehne F., Sack JR., Santoro N., Whitesides S. (eds) Algorithms and Data Structures. WADS 1993. Lecture Notes in Computer Science, vol 709, pp 60–71. Springer, Berlin (1993)
Appel, A.W.: Efficient verified red–black trees p. http://www.cs.princeton.edu/~appel/papers/redblack.pdf (2011)
Arge, L., Sedgewick, R., Seidel, R.: 08081 Abstracts collection-data structures. In: Arge, L., Sedgewick, R., Seidel, R. (eds.) Data Structures, 17.02.-22.02.2008, Dagstuhl Seminar Proceedings, vol. 08081. Internationales Begegnungs- und Forschungszentrum für Informatik (IBFI), Schloss Dagstuhl, Germany (2008). http://drops.dagstuhl.de/opus/volltexte/2008/1532/
Bayer, R.: Symmetric binary b-trees: data structure and maintenance algorithms. Acta Inf. 1, 290–306 (1972). https://doi.org/10.1007/BF00289509
Bayer, R., McCreight, E.M.: Organization and maintenance of large ordered indices. Acta Inf. 1, 173–189 (1972). https://doi.org/10.1007/BF00288683
Bertot, Y., Casteran, P.: Interactive Theorem Proving and Program Development Coq’Art: The Calculus of Inductive Constructions. Texts in Theoretical Computer Science. An EATCS Series. Springer, New York (2004)
Bobot, F., Filliâtre, J.C., Marché, C., Melquiond, G., Paskevich, A.: The Why3 platform. Version 0.86.1. University Paris-Sud, CNRS, Inria (2015)
Bobot, F., Filliâtre, J.C., Marché, C., Paskevich, A.: Why3: shepherd your herd of provers. In: Boogie 2011: First International Workshop on Intermediate Verification Languages, pp. 53–64. Wroclaw, Poland (2011). https://hal.inria.fr/hal-00790310
Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 2nd edn. MIT Press, Cambridge (2001)
de Moura, L.M., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2008, Budapest, Hungary, March 29–April 6, 2008 Proceedings. Lecture Notes in Computer Science, vol. 4963, pp. 337–340. Springer, New York (2008). https://doi.org/10.1007/978-3-540-78800-3-24
Filliâtre, J., Letouzey, P.: Functors for proofs and programs. In: Schmidt, D.A. (ed.) Programming Languages and Systems, 13th European Symposium on Programming, ESOP 2004, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2004, Barcelona, Spain, March 29–April 2, 2004, Proceedings. Lecture Notes in Computer Science, vol. 2986, pp. 370–384. Springer, New York (2004). https://doi.org/10.1007/978-3-540-24725-8-26
Guibas, L.J., Sedgewick, R.: A dichromatic framework for balanced trees. In: 19th Annual Symposium on Foundations of Computer Science, Ann Arbor, Michigan, USA, 16–18 October 1978, pp. 8–21. IEEE Computer Society (1978). https://doi.org/10.1109/SFCS.1978.3
Guttag, J.V., Horning, J.J., Garland, S.J., Jones, K.D., Modet, A., Wing, J.M.: Larch: Languages and Tools for Formal Specification. Texts and Monographs in Computer Science. Springer, New York (1993). https://doi.org/10.1007/978-1-4612-2704-5
Herbert, L., Leino, K., Quaresma, J.: Using dafny, an automatic program verifier. In: Meyer, B., Nordio, M. (eds.) Tools for Practical Software Verification. Lecture Notes in Computer Science, vol. 7682, pp. 156–181. Springer, Berlin (2012). https://doi.org/10.1007/978-3-642-35746-6-6
Jones, C.B.: Systematic Software Development Using VDM. Prentice Hall International Series in Computer Science, 2nd edn. Prentice Hall, Upper Saddle River (1991)
Leino, K.R.M.: Dafny: an automatic program verifier for functional correctness. In: Clarke, E.M., Voronkov, A. (eds.) Logic for Programming, Artificial Intelligence, and Reasoning—16th International Conference, LPAR-16, Dakar, Senegal, April 25–May 1, 2010, Revised Selected Papers. Lecture Notes in Computer Science, vol. 6355, pp. 348–370. Springer, New York (2010). https://doi.org/10.1007/978-3-642-17511-4-20
Leino, K.R.M.: Developing verified programs with Dafny. In: Brosgol, B., Boleng, J., Taft, S.T. (eds.) ACM Conference on High Integrity Language Technology, HILT’12, pp. 9–10. ACM (2012)
Leino, K.R.M., Lucio, P.: An assertional proof of the stability and correctness of natural mergesort. ACM Trans. Comput. Log. 17(1), 6:1–6:22 (2015). https://doi.org/10.1145/2814571
Nipkow, T.: Automatic functional correctness proofs for functional search trees. In: Blanchette, J., Merz, S. (eds) Interactive Theorem Proving. ITP 2016. Lecture Notes in Computer Science, vol. 9807, pp. 307–322. Springer, Cham (2016)
Nipkow, T., Paulson, L., Wenzel, M.: Isabelle/HOL. A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, New York (2002)
Okasaki, C.: Red–black trees in a functional setting. J. Funct. Program. 9(4), 471–477 (1999)
Polikarpova, N., Tschannen, J., Furia, C.A.: A fully verified container library. In: Bjørner, N., de Boer, F.S. (eds.) FM 2015: Formal Methods—20th International Symposium, Oslo, Norway, June 24–26, 2015 Proceedings. Lecture Notes in Computer Science, vol. 9109, pp. 414–434. Springer, New York (2015). https://doi.org/10.1007/978-3-319-19249-9-26
Reade, C.M.P.: Balanced trees with removals: an exercise in rewriting and proof. Sci. Comput. Program. 18, 181–204 (1992)
Sedgewick, R., Wayne, K.: Algorithms, 4th edn. Addison-Wesley, Boston (2011)
Stepney, S., Cooper, D., Woodcock, J.: More powerful Z data refinement: pushing the state of the art in industrial refinement. In: Bowen, J.P., Fett, A., Hinchey, M.G. (eds.) ZUM ’98: The Z Formal Specification Notation, 11th International Conference of Z Users, Berlin, Germany, September 24–26, 1998 Proceedings. Lecture Notes in Computer Science, vol. 1493, pp. 284–307. Springer, New York (1998). https://doi.org/10.1007/978-3-540-49676-2-20
Weiss, M.A.: Data Structures and Problem Solving Using Java. Addison Wesley, Boston (1998)
Acknowledgements
The author would like to thank Dr. Paqui Lucio and Dr. Narciso Martí for providing useful remarks to a draft version of this paper, and also to the anonymous referees for their useful criticisms, which have much contributed to improve this final version.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Work partially funded by the Spanish Ministry of Economy and Competitiveness, State Research Agency and the European Regional Development Fund under the grant TIN2017-86217-R (MINECO/AEI/FEDER, EU) and by Comunidad de Madrid as part of the program S2018/TCS-4339 (BLOQUES-CM) co-funded by EIE Funds of the EU.
Rights and permissions
About this article
Cite this article
Peña, R. An Assertional Proof of Red–Black Trees Using Dafny. J Autom Reasoning 64, 767–791 (2020). https://doi.org/10.1007/s10817-019-09534-y
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10817-019-09534-y