Journal of Automated Reasoning

, Volume 62, Issue 2, pp 261–280 | Cite as

Formalizing Network Flow Algorithms: A Refinement Approach in Isabelle/HOL

  • Peter LammichEmail author
  • S. Reza Sefidgar


We present a formalization of classical algorithms for computing the maximum flow in a network: the Edmonds–Karp algorithm and the push–relabel algorithm. We prove correctness and time complexity of these algorithms. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL—the interactive theorem prover used for the formalization. Using stepwise refinement techniques, we instantiate the generic Ford–Fulkerson algorithm to Edmonds–Karp algorithm, and the generic push–relabel algorithm of Goldberg and Tarjan to both the relabel-to-front and the FIFO push–relabel algorithm. Further refinement then yields verified efficient implementations of the algorithms, which compare well to unverified reference implementations.


Maximum flow problem Edmonds–Karp algorithm Push–relabel algorithm Formal verification Isabelle/HOL Stepwise refinement 


  1. 1.
    Back, R.-J.: On the correctness of refinement steps in program development. Ph.D. thesis, Department of Computer Science, University of Helsinki (1978)Google Scholar
  2. 2.
    Back, R.-J., von Wright, J.: Refinement Calculus—A Systematic Introduction. Springer, Berlin (1998)CrossRefzbMATHGoogle Scholar
  3. 3.
    Ballarin, C.: Interpretation of locales in Isabelle. In: Borwein, J.M., Farmer, W.M. (eds.) MKM 2006, Volume 4108 of LNAI. Springer, Berlin (2006)Google Scholar
  4. 4.
    Bertot, Y., Castran, P.: Interactive Theorem Proving and Program Development: Coq’Art The Calculus of Inductive Constructions, 1st edn. Springer, Berlin (2010)Google Scholar
  5. 5.
    Bulwahn, L., Krauss, A., Haftmann, F., Erkök, L., Matthews, J.: Imperative functional programming with Isabelle/HOL. In: Mohamed, O.A., Mu\(\tilde{{\text{n}}}\)oz, C.A., Tahar, S. (eds.) TPHOL, volume 5170 of LNCS. Springer, Berlin (2008)Google Scholar
  6. 6.
    Charguéraud, A.: Characteristic formulae for the verification of imperative programs. In: Chakravarty, M.M.T., Hu, Z., Danvy, O. (eds.) ICFP. ACM, New York (2011)Google Scholar
  7. 7.
    Charguéraud, A., Pottier, F.: Machine-checked verification of the correctness and amortized complexity of an efficient union-find implementation. In: Proceedings of ITP (2015)Google Scholar
  8. 8.
    Chen, R., Lévy, J.-J.: A semi-automatic proof of strong connectivity. VSTTE 2017. (2017).
  9. 9.
    Cherkassky, B.V., Goldberg, A.V.: On implementing the push—relabel method for the maximum flow problem. Algorithmica 19(4), 390–410 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press, Cambridge (2009)zbMATHGoogle Scholar
  11. 11.
    Dinitz, Y.: Theoretical Computer Science. Chapter Dinitz’ Algorithm: The Original Version and Even’s Version. Springer, Berlin (2006)Google Scholar
  12. 12.
    Edmonds, J., Karp, R.M.: Theoretical improvements in algorithmic efficiency for network flow problems. J. ACM 19(2), 248–264 (1972)zbMATHGoogle Scholar
  13. 13.
    Filliâtre, J.-C., Paskevich, A.: Why3—Where Programs Meet Provers. Springer, Berlin (2013)CrossRefGoogle Scholar
  14. 14.
    Ford, L.R., Fulkerson, D.R.: Maximal flow through a network. Can. J. Math. 8(3), 399–404 (1956)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Goldberg, A.V.: Andrew goldberg’s network optimization library.
  16. 16.
    Goldberg, A.V., Tarjan, R.E.: A new approach to the maximum-flow problem. J. ACM 35(4), 921–940 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Greenaway, D.: Automated proof-producing abstraction of C code. Ph.D. thesis, CSE, UNSW, Sydney, Australia (2015)Google Scholar
  18. 18.
    Greenaway, D., Andronick, J., Klein, G.: Bridging the gap: automatic verified abstraction of C. In: Beringer, L., Felty, A.P. (eds.) ITP. Springer, Berlin (2012)Google Scholar
  19. 19.
    Haftmann, F.: Code Generation from Specifications in Higher Order Logic. Ph.D. thesis, Technische Universität München (2009)Google Scholar
  20. 20.
    Haftmann, F., Nipkow, T.: Code generation via higher-order rewrite systems. In: Blume, M., Kobayashi, N., Vidal, G. (eds.) FLOPS 2010, LNCS. Springer, Berlin (2010)Google Scholar
  21. 21.
    Johnson, D.S., McGeoch, C.C., et al.: Network Flows and Matching: First DIMACS Implementation Challenge. American Mathematical Society, Providence (1993)CrossRefzbMATHGoogle Scholar
  22. 22.
    Karzanov, A.V.: Determination of maximal flow in a network by method of preflows. Doklady Akademii Nauk SSSR 215(1), 49–52 (1974)MathSciNetGoogle Scholar
  23. 23.
    Krauss, A.: Recursive definitions of monadic functions. In: Proceedings of PAR, vol. 43 (2010)Google Scholar
  24. 24.
    Lammich, P.: Refinement for monadic programs. In: Archive of Formal Proofs., 2012. Formal proof development (2012)
  25. 25.
    Lammich, P.: Verified efficient implementation of Gabow’s strongly connected component algorithm. In: Klein, G., Gamboa, R. (eds.) ITP, volume 8558 of LNCS. Springer, Berlin (2014)Google Scholar
  26. 26.
    Lammich, P.: Refinement to Imperative/HOL. In: Urban, C., Zhang, X. (eds.) ITP, volume 9236 of LNCS. Springer, Berlin (2015)Google Scholar
  27. 27.
    Lammich, P.: Refinement based verification of imperative data structures. In: Avigad, J., Chlipala, A. (eds.) CPP. ACM, New York (2016)Google Scholar
  28. 28.
    Lammich, P., Meis, R.: A separation logic framework for Imperative HOL. Archive of Formal Proofs, (2012)., Formal proof development
  29. 29.
    Lammich, P., Sefidgar, S.R.: Formalizing the Edmonds-Karp algorithm. In: Proceedings of ITP (2016)Google Scholar
  30. 30.
    Lammich, P., Sefidgar, S.R.: Formalizing the Edmonds-Karp algorithm. Archive of Formal Proofs, (2016)., Formal proof development
  31. 31.
    Lammich, P., Sefidgar, S.R.: Flow networks and the Min-Cut-Max-Flow theorem. Archive of Formal Proofs, (June 2017). Formal proof development
  32. 32.
    Lammich, P., Sefidgar, S.R.: Formalizing push-relabel algorithms. Archive of Formal Proofs (2017)., Formal proof development
  33. 33.
    Lammich, P., Tuerk, T.: Applying data refinement for monadic programs to Hopcroft’s algorithm. In: Proc. of ITP, volume 7406 of LNCS. Springer, (2012)Google Scholar
  34. 34.
    Lee, G.: Correctnesss of Ford-Fulkerson’s maximum flow algorithm. Formaliz. Math. 13(2), 305–314 (2005)MathSciNetGoogle Scholar
  35. 35.
    Lee, G., Rudnicki, P.: Alternative aggregates in Mizar. In: Kauers, M., Kerber, M., Miner, R., Windsteiger, W. (eds.) Calculemus ’07/MKM ’07. Springer, Berlin (2007)Google Scholar
  36. 36.
    Matuszewski, R., Rudnicki, P.: Mizar: the first 30 years. Mech. Math. Appl. 4, 3–24 (2005)Google Scholar
  37. 37.
    MLton Standard ML compiler.
  38. 38.
    Nipkow, T.: Amortized complexity verified. In: Proceedings of ITP (2015)Google Scholar
  39. 39.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL—A Proof Assistant for Higher-Order Logic, Volume 2283 of LNCS. Springer, Berlin (2002)zbMATHGoogle Scholar
  40. 40.
    Nordhoff, B., Lammich, P.: Formalization of Dijkstra’s algorithm. Archive of Formal Proofs (2012)., Formal proof development
  41. 41.
    Noschinski, L.: Formalizing Graph Theory and Planarity Certificates. Ph.D. thesis, Fakultät für Informatik, Technische Universität München (2015)Google Scholar
  42. 42.
    Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: Proceedings of the Logic in Computer Science (LICS). IEEE (2002)Google Scholar
  43. 43.
    Sedgewick, R., Wayne, K.: Algorithms, 4th edn. Addison-Wesley, Boston (2011)Google Scholar
  44. 44.
    Stanford ACM-ICPC notebook.
  45. 45.
    Wenzel, M.: Isar—A generic interpretative approach to readable formal proof documents. In: TPHOLs’99, volume 1690 of LNCS. Springer, Berlin (1999)Google Scholar
  46. 46.
    Wirth, N.: Program development by stepwise refinement. Commun. ACM 14(4), 221–227 (1971)CrossRefzbMATHGoogle Scholar
  47. 47.
    Zwick, U.: The smallest networks on which the Ford–Fulkerson maximum flow procedure may fail to terminate. Theor. Comput. Sci. 148(1), 165–170 (1995)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media B.V., part of Springer Nature 2017

Authors and Affiliations

  1. 1.Institut für InformatikTechnische Universität MünchenMunichGermany
  2. 2.Institute of Information Security, Department of Computer ScienceETH ZurichZurichSwitzerland

Personalised recommendations