zohar manna1 henny b. sipma1 ting zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf ·...
TRANSCRIPT
![Page 1: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/1.jpg)
VERIFYING BALANCED TREES
VERIFYING BALANCED TREES
Zohar Manna1 Henny B. Sipma1 Ting Zhang2
1Department of Computer ScienceStanford University
2Theory GroupMicrosoft Research Asia
Logical Foundations of Computer ScienceJune 5, 2007
![Page 2: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/2.jpg)
VERIFYING BALANCED TREES
OUTLINE
OUTLINE
1 INTRODUCTIONMotivationOur ContributionsRelated Work and Comparison
2 MAIN TALKDecidable Logic of R-B TreesAnalyze Algorithms on R-B Trees
3 CONCLUSIONOur ContributionsFuture Work
![Page 3: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/3.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
MOTIVATION
OUTLINE
1 INTRODUCTIONMotivationOur ContributionsRelated Work and Comparison
2 MAIN TALKDecidable Logic of R-B TreesAnalyze Algorithms on R-B Trees
3 CONCLUSIONOur ContributionsFuture Work
![Page 4: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/4.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
MOTIVATION
VERIFYING HIGH-LEVEL DATA STRUCTURES
+ What?Complex data structure: Trees . . .High-level properties: Being Balanced . . .Intricate Operations: Self-balancing . . .
+ Why?Ubiquitous in advanced programming languagesBut hard to get it right
+ Difficulty?Lost in Translation
+ Approach?Develop decidable logics to model them directly
Get High, Stay High ,
![Page 5: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/5.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
MOTIVATION
VERIFYING HIGH-LEVEL DATA STRUCTURES
+ What?Complex data structure: Trees . . .High-level properties: Being Balanced . . .Intricate Operations: Self-balancing . . .
+ Why?Ubiquitous in advanced programming languagesBut hard to get it right
+ Difficulty?Lost in Translation
+ Approach?Develop decidable logics to model them directly
Get High, Stay High ,
![Page 6: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/6.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
MOTIVATION
VERIFYING HIGH-LEVEL DATA STRUCTURES
+ What?Complex data structure: Trees . . .High-level properties: Being Balanced . . .Intricate Operations: Self-balancing . . .
+ Why?Ubiquitous in advanced programming languagesBut hard to get it right
+ Difficulty?Lost in Translation
+ Approach?Develop decidable logics to model them directly
Get High, Stay High ,
![Page 7: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/7.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
MOTIVATION
VERIFYING HIGH-LEVEL DATA STRUCTURES
+ What?Complex data structure: Trees . . .High-level properties: Being Balanced . . .Intricate Operations: Self-balancing . . .
+ Why?Ubiquitous in advanced programming languagesBut hard to get it right
+ Difficulty?Lost in Translation
+ Approach?Develop decidable logics to model them directly
Get High, Stay High ,
![Page 8: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/8.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
MOTIVATION
VERIFYING HIGH-LEVEL DATA STRUCTURES
+ What?Complex data structure: Trees . . .High-level properties: Being Balanced . . .Intricate Operations: Self-balancing . . .
+ Why?Ubiquitous in advanced programming languagesBut hard to get it right
+ Difficulty?Lost in Translation
+ Approach?Develop decidable logics to model them directly
Get High, Stay High ,
![Page 9: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/9.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
OUR CONTRIBUTIONS
OUTLINE
1 INTRODUCTIONMotivationOur ContributionsRelated Work and Comparison
2 MAIN TALKDecidable Logic of R-B TreesAnalyze Algorithms on R-B Trees
3 CONCLUSIONOur ContributionsFuture Work
![Page 10: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/10.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
OUR CONTRIBUTIONS
OUR CONTRIBUTIONS
+ Develop a first-order theory of red-black trees using thetheory of term algebras augmented with Presburgerarithmetic
+ Show how to use this theory to represent the transitionrelations of the tree operations directly from the programstatements, and how to use them to construct Hoare triples
+ Provide a decision procedure for automatically checkingvalidity of the resulting verification conditions
+ Generalizable to model other balanced tree structures,such as AVL trees and B-trees
![Page 11: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/11.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
OUR CONTRIBUTIONS
OUR CONTRIBUTIONS
+ Develop a first-order theory of red-black trees using thetheory of term algebras augmented with Presburgerarithmetic
+ Show how to use this theory to represent the transitionrelations of the tree operations directly from the programstatements, and how to use them to construct Hoare triples
+ Provide a decision procedure for automatically checkingvalidity of the resulting verification conditions
+ Generalizable to model other balanced tree structures,such as AVL trees and B-trees
![Page 12: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/12.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
OUR CONTRIBUTIONS
OUR CONTRIBUTIONS
+ Develop a first-order theory of red-black trees using thetheory of term algebras augmented with Presburgerarithmetic
+ Show how to use this theory to represent the transitionrelations of the tree operations directly from the programstatements, and how to use them to construct Hoare triples
+ Provide a decision procedure for automatically checkingvalidity of the resulting verification conditions
+ Generalizable to model other balanced tree structures,such as AVL trees and B-trees
![Page 13: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/13.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
OUR CONTRIBUTIONS
OUR CONTRIBUTIONS
+ Develop a first-order theory of red-black trees using thetheory of term algebras augmented with Presburgerarithmetic
+ Show how to use this theory to represent the transitionrelations of the tree operations directly from the programstatements, and how to use them to construct Hoare triples
+ Provide a decision procedure for automatically checkingvalidity of the resulting verification conditions
+ Generalizable to model other balanced tree structures,such as AVL trees and B-trees
![Page 14: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/14.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
RELATED WORK AND COMPARISON
OUTLINE
1 INTRODUCTIONMotivationOur ContributionsRelated Work and Comparison
2 MAIN TALKDecidable Logic of R-B TreesAnalyze Algorithms on R-B Trees
3 CONCLUSIONOur ContributionsFuture Work
![Page 15: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/15.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
RELATED WORK AND COMPARISON
RELATED WORK
+ Quantitative Shape Analysis [Rugina 04]ABSTRACT INTERPRETATION Performs forward propagationin an abstract heap
+ Tree Automata with Size Constraints [Habermehl et al 06]AUTOMATA TRANSFORMATION Encodes transition relations,pre- and post-conditions as tree languages
+ Hypergraph Rewriting [Baldan et al 05]REWRITING TECHNIQUES Uses approximate unfolding tocompute the reachable states of a graph rewriting system
+ Context Logic [Calcagno et al 05]DEDUCTIVE SYSTEM Proved sound and complete
![Page 16: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/16.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
RELATED WORK AND COMPARISON
RELATED WORK
+ Quantitative Shape Analysis [Rugina 04]ABSTRACT INTERPRETATION Performs forward propagationin an abstract heap
+ Tree Automata with Size Constraints [Habermehl et al 06]AUTOMATA TRANSFORMATION Encodes transition relations,pre- and post-conditions as tree languages
+ Hypergraph Rewriting [Baldan et al 05]REWRITING TECHNIQUES Uses approximate unfolding tocompute the reachable states of a graph rewriting system
+ Context Logic [Calcagno et al 05]DEDUCTIVE SYSTEM Proved sound and complete
![Page 17: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/17.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
RELATED WORK AND COMPARISON
RELATED WORK
+ Quantitative Shape Analysis [Rugina 04]ABSTRACT INTERPRETATION Performs forward propagationin an abstract heap
+ Tree Automata with Size Constraints [Habermehl et al 06]AUTOMATA TRANSFORMATION Encodes transition relations,pre- and post-conditions as tree languages
+ Hypergraph Rewriting [Baldan et al 05]REWRITING TECHNIQUES Uses approximate unfolding tocompute the reachable states of a graph rewriting system
+ Context Logic [Calcagno et al 05]DEDUCTIVE SYSTEM Proved sound and complete
![Page 18: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/18.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
RELATED WORK AND COMPARISON
RELATED WORK
+ Quantitative Shape Analysis [Rugina 04]ABSTRACT INTERPRETATION Performs forward propagationin an abstract heap
+ Tree Automata with Size Constraints [Habermehl et al 06]AUTOMATA TRANSFORMATION Encodes transition relations,pre- and post-conditions as tree languages
+ Hypergraph Rewriting [Baldan et al 05]REWRITING TECHNIQUES Uses approximate unfolding tocompute the reachable states of a graph rewriting system
+ Context Logic [Calcagno et al 05]DEDUCTIVE SYSTEM Proved sound and complete
![Page 19: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/19.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
RELATED WORK AND COMPARISON
COMPARISON
RELATED WORK
4 Express updates at an arbitrary pointed location8 Verification of Hoare triples is not fully automatic8 Lack of intuitive connections between low level program
statements and the high level formalism
OUR WORK
8 Cannot express updates at an arbitrary pointed locationResort to induction
4 Verification of Hoare triples is fully automatic4 Clear connections between low level program statements
and the high level formalism
![Page 20: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/20.jpg)
VERIFYING BALANCED TREES
INTRODUCTION
RELATED WORK AND COMPARISON
COMPARISON
RELATED WORK
4 Express updates at an arbitrary pointed location8 Verification of Hoare triples is not fully automatic8 Lack of intuitive connections between low level program
statements and the high level formalism
OUR WORK
8 Cannot express updates at an arbitrary pointed locationResort to induction
4 Verification of Hoare triples is fully automatic4 Clear connections between low level program statements
and the high level formalism
![Page 21: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/21.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
OUTLINE
1 INTRODUCTIONMotivationOur ContributionsRelated Work and Comparison
2 MAIN TALKDecidable Logic of R-B TreesAnalyze Algorithms on R-B Trees
3 CONCLUSIONOur ContributionsFuture Work
![Page 22: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/22.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
RED-BLACK TREES
DEFINITION (RED-BLACK TREES)
A binary tree with the following coloring properties:1 Every node is either red or black.2 Every leaf node is black.3 The root is black.4 Every red node has two black children.5 All paths from the root to leaf nodes contain the same
number of black nodes.
![Page 23: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/23.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
EXAMPLE: RED-BLACK TREES
7
2
1 5
4 nil
11
8 14
nil 15
![Page 24: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/24.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
COLOR FLIPPING
11
2
1 7
5
4 nil
8
14
nil 15
w
11
2
1 7
5
4 nil
8
14
nil 15
![Page 25: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/25.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
COLOR FLIPPING
11
2
1 7
5
4 nil
8
14
nil 15 w
11
2
1 7
5
4 nil
8
14
nil 15
![Page 26: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/26.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
COLOR FLIPPING
11
2
1 7
5
4 nil
8
14
nil 15 w
11
2
1 7
5
4 nil
8
14
nil 15
![Page 27: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/27.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
LEFT ROTATION
11
2
1 7
5
4 nil
8
14
nil 15
w
11
7
2
1 5
4 nil
8
14
nil 15
![Page 28: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/28.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
LEFT ROTATION
11
2
1 7
5
4 nil
8
14
nil 15 w
11
7
2
1 5
4 nil
8
14
nil 15
![Page 29: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/29.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
LEFT ROTATION
11
2
1 7
5
4 nil
8
14
nil 15 w
11
7
2
1 5
4 nil
8
14
nil 15
![Page 30: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/30.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
RIGHT ROTATION
11
7
2
1 5
4 nil
8
14
nil 15
w
7
2
1 5
4 nil
11
8 14
nil 15
![Page 31: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/31.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
RIGHT ROTATION
11
7
2
1 5
4 nil
8
14
nil 15 w
7
2
1 5
4 nil
11
8 14
nil 15
![Page 32: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/32.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
RIGHT ROTATION
11
7
2
1 5
4 nil
8
14
nil 15 w
7
2
1 5
4 nil
11
8 14
nil 15
![Page 33: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/33.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
TERM ALGEBRAS
DEFINITION (TERM ALGEBRAS)
A term algebra TA : 〈T; C,A,S, T 〉 consists of1 T: The term domain called C-terms2 C: A set of constructors: α, β, γ, . . .3 A: A set of constants: a, b, c, . . . We require A 6= ∅ andA ⊆ C.
4 S: A set of selectors. For a constructor α with arity k > 0,there are k selectors sα1 , . . . , s
αk in S.
5 T : A set of testers. For each constructor α there is acorresponding tester Isα.
![Page 34: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/34.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
COLORED TREES
RB = 〈 Trb; {red, black, nil}, {nil},{carred, cdrred, carblack, cdrblack}, {Isred, Isblack, Isnil} 〉 ,
where+ Trb denotes the domain+ nil denotes a leaf,+ red and black are binary constructors+ car] and cdr] are the left and the right ]-selectors
(] ∈ {red, black}).
![Page 35: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/35.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
RED-BLACK TREES
RBZ = 〈RB; PA; | · |max, | · |min : Trb → N 〉
with
| · |max : length of maxiaml black path| · |min : length of mimimal black path
![Page 36: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/36.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
MAXIMAL BLACK PATH
|x|max =
1 if x is nil
0 if x has two consecutive rednodes
max(|x1|max, |x2|max) + 1 if x is a well-formed black tree
max(|x1|max, |x2|max) if x is a well-formed red tree
![Page 37: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/37.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
MINIMAL BLACK PATH
|x|min =
1 if x is nil
0 if x has two consecutive rednodes
min(|x1|min, |x2|min) + 1 if x is a well-formed black tree
min(|x1|min, |x2|min) if x is a well-formed red tree
![Page 38: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/38.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
PREDICATES FOR WELL-FORMED TREES
x IS A WELL-FORMED BLACK TREE:
GB(x, x1, x2) def== x = black(x1, x2) ∧ |x1|max 6= 0 ∧ |x2|max 6= 0
x IS A WELL-FORMED RED TREE:
GR(x, x1, x2) def== x = red(x1, x2) ∧ |x1|max 6= 0 ∧ |x2|max 6= 0
x HAS TWO CONSECUTIVE RED NODES:
Vio(x) def== x 6= nil ∧ ∀x1∀x2(¬GB(x, x1, x2) ∨ ¬GR(x, x1, x2)
)
![Page 39: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/39.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
RED-BLACK PROPERTIES
x IS A RED BLACK TREE IF
ϕ1 : |x|max = |x|minany maximal path of x contains the samenumber of black nodes
ϕ2 : |x|max > 0 any red node of x must have two blackchildren
ϕ3 : Isblack(x) the root of x is black
![Page 40: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/40.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
RED-BLACK PROPERTIES
SUBDOMAIN PREDICATE:
ϕRB(x) def== ϕ1 ∧ ϕ2 ∧ ϕ3
THEORY OF THE SUBDOMAIN OBTAINED BY RELATIVIZATION:
∀x (ϕRB(x)→ Φ(x)) for universal properties∃x (ϕRB(x) ∧ Φ(x)) for existential properties
![Page 41: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/41.jpg)
VERIFYING BALANCED TREES
MAIN TALK
DECIDABLE LOGIC OF R-B TREES
DECIDABILITY OF RBZ
THEOREM (DECIDABILITY OF RBZ)
1 Th∃(RBZ) is NP-complete.2 Th(RBZ) is decidable and admits quantifier elimination.
PROOF SKETCH.1 Reduce term constraints to integer constraints2 Reduce term quantifiers to integer quantifiers
![Page 42: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/42.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
OUTLINE
1 INTRODUCTIONMotivationOur ContributionsRelated Work and Comparison
2 MAIN TALKDecidable Logic of R-B TreesAnalyze Algorithms on R-B Trees
3 CONCLUSIONOur ContributionsFuture Work
![Page 43: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/43.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
TRANSITION RELATION
NOTATION
+ v̄: variables in the current state+ v̄′: the corresponding variables in the next state.+ ρq(v̄, v̄′): transition relation of a statement q
+ post(q, ϕ): post-condition of ϕ(v̄) after executing astatement q
COMPOSITION
The transition relation of the composite statement 〈q; r〉 is
(∃v̄1)(ρq(v̄, v̄1) ∧ ρr(v̄1, v̄′)
)
![Page 44: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/44.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
VERIFICATION CONDITIONS
HOARE TRIPLES
+ {ϕ}q{ψ}: state ψ reached after executing q at state ϕ+ {ϕ}q{ψ}: equivalent to post(q, ϕ)→ ψ
PROVING HOARE TRIPLES
post(q, ϕ) def== (∃v̄0)(ρq(v̄0, v̄) ∧ ϕ(v̄0)
){ϕ}q{ψ} def== (∃v̄0)
(ρq(v̄0, v̄) ∧ ϕ(v̄0)
)→ ψ(v̄)
![Page 45: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/45.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 1
11
2
1 7x2
5x1
4x nil
8
14
nil 15
w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
T ′[x− 1].tree = cdr(T ′[x− 2])= black(car(T[x− 1].tree), cdr(T[x− 1].tree))
![Page 46: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/46.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 1
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
T ′[x− 1].tree = cdr(T ′[x− 2])= black(car(T[x− 1].tree), cdr(T[x− 1].tree))
![Page 47: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/47.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 1
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
T ′[x− 1].tree = cdr(T ′[x− 2])= black(car(T[x− 1].tree), cdr(T[x− 1].tree))
![Page 48: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/48.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 1
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
T ′[x− 1].tree = cdr(T ′[x− 2])= black(car(T[x− 1].tree), cdr(T[x− 1].tree))
![Page 49: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/49.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 2
11
2
1 7x2
5x1
4x nil
8
14
nil 15
w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
car(T ′[x− 2]) = T ′[x− 1] = black(car(T[x− 1]), cdr(T[x− 1]))
![Page 50: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/50.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 2
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
car(T ′[x− 2]) = T ′[x− 1] = black(car(T[x− 1]), cdr(T[x− 1]))
![Page 51: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/51.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 2
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
car(T ′[x− 2]) = T ′[x− 1] = black(car(T[x− 1]), cdr(T[x− 1]))
![Page 52: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/52.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 2
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
car(T ′[x− 2]) = T ′[x− 1] = black(car(T[x− 1]), cdr(T[x− 1]))
![Page 53: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/53.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 3
11
2
1 7x2
5x1
4x nil
8
14
nil 15
w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
T ′[x− 2] = red(car(T[x− 2]), cdr(T[x− 2]))
![Page 54: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/54.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 3
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
T ′[x− 2] = red(car(T[x− 2]), cdr(T[x− 2]))
![Page 55: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/55.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 3
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
T ′[x− 2] = red(car(T[x− 2]), cdr(T[x− 2]))
![Page 56: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/56.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
COLOR FLIPPING: STEP 3
11
2
1 7x2
5x1
4x nil
8
14
nil 15 w
11
2
1 7x2
5x1
4x nil
8
14
nil 15
T ′[x− 2] = red(car(T[x− 2]), cdr(T[x− 2]))
![Page 57: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/57.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 1
11
2x1
1 7x
5x1
4 nil
8
14
nil 15
w
11
7x1
8 2x
5x1
4 nil
1
14
nil 15
cdr(T ′[x− 1]) = T ′[x]∧ (T ′[x + 1].tree = cdr(T ′[x]) = T[x].tree)∧ (T ′[x].tree = car(T ′[x− 1]) = T[x + 1].tree)
![Page 58: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/58.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 1
11
2x1
1 7x
5x1
4 nil
8
14
nil 15 w
11
7x1
8 2x
5x1
4 nil
1
14
nil 15
cdr(T ′[x− 1]) = T ′[x]∧ (T ′[x + 1].tree = cdr(T ′[x]) = T[x].tree)∧ (T ′[x].tree = car(T ′[x− 1]) = T[x + 1].tree)
![Page 59: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/59.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 1
11
2x1
1 7x
5x1
4 nil
8
14
nil 15 w
11
7x1
8 2x
5x1
4 nil
1
14
nil 15
cdr(T ′[x− 1]) = T ′[x]∧ (T ′[x + 1].tree = cdr(T ′[x]) = T[x].tree)∧ (T ′[x].tree = car(T ′[x− 1]) = T[x + 1].tree)
![Page 60: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/60.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 1
11
2x1
1 7x
5x1
4 nil
8
14
nil 15 w
11
7x1
8 2x
5x1
4 nil
1
14
nil 15
cdr(T ′[x− 1]) = T ′[x]∧ (T ′[x + 1].tree = cdr(T ′[x]) = T[x].tree)∧ (T ′[x].tree = car(T ′[x− 1]) = T[x + 1].tree)
![Page 61: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/61.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 2
11
7x1
8 2x
5x1
4 nil
1
14
nil 15
w
11
7x1
2x
5x1
4 nil
1
8
14
nil 15
T ′[x].dir = right ∧ T ′[x− 1] = red(cdr(T[x− 1]), car(T[x− 1]))
![Page 62: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/62.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 2
11
7x1
8 2x
5x1
4 nil
1
14
nil 15 w
11
7x1
2x
5x1
4 nil
1
8
14
nil 15
T ′[x].dir = right ∧ T ′[x− 1] = red(cdr(T[x− 1]), car(T[x− 1]))
![Page 63: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/63.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 2
11
7x1
8 2x
5x1
4 nil
1
14
nil 15 w
11
7x1
2x
5x1
4 nil
1
8
14
nil 15
T ′[x].dir = right ∧ T ′[x− 1] = red(cdr(T[x− 1]), car(T[x− 1]))
![Page 64: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/64.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 2
11
7x1
8 2x
5x1
4 nil
1
14
nil 15 w
11
7x1
2x
5x1
4 nil
1
8
14
nil 15
T ′[x].dir = right ∧ T ′[x− 1] = red(cdr(T[x− 1]), car(T[x− 1]))
![Page 65: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/65.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 3
11
7x1
2x
5x1
4 nil
1
8
14
nil 15
w
11
7x1
2x
1 5 x1
4 nil
8
14
nil 15
T ′[x + 1].dir = left ∧ car(T ′[x− 1]) = T ′[x]∧ T ′[x] = red(cdr(T[x]), car(T[x]))
![Page 66: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/66.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 3
11
7x1
2x
5x1
4 nil
1
8
14
nil 15 w
11
7x1
2x
1 5 x1
4 nil
8
14
nil 15
T ′[x + 1].dir = left ∧ car(T ′[x− 1]) = T ′[x]∧ T ′[x] = red(cdr(T[x]), car(T[x]))
![Page 67: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/67.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 3
11
7x1
2x
5x1
4 nil
1
8
14
nil 15 w
11
7x1
2x
1 5 x1
4 nil
8
14
nil 15
T ′[x + 1].dir = left ∧ car(T ′[x− 1]) = T ′[x]∧ T ′[x] = red(cdr(T[x]), car(T[x]))
![Page 68: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/68.jpg)
VERIFYING BALANCED TREES
MAIN TALK
ANALYZE ALGORITHMS ON R-B TREES
LEFT ROTATION: STEP 3
11
7x1
2x
5x1
4 nil
1
8
14
nil 15 w
11
7x1
2x
1 5 x1
4 nil
8
14
nil 15
T ′[x + 1].dir = left ∧ car(T ′[x− 1]) = T ′[x]∧ T ′[x] = red(cdr(T[x]), car(T[x]))
![Page 69: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/69.jpg)
VERIFYING BALANCED TREES
CONCLUSION
OUR CONTRIBUTIONS
OUTLINE
1 INTRODUCTIONMotivationOur ContributionsRelated Work and Comparison
2 MAIN TALKDecidable Logic of R-B TreesAnalyze Algorithms on R-B Trees
3 CONCLUSIONOur ContributionsFuture Work
![Page 70: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/70.jpg)
VERIFYING BALANCED TREES
CONCLUSION
OUR CONTRIBUTIONS
OUR CONTRIBUTIONS
+ Develop a first-order theory of red-black trees using thetheory of term algebras augmented with Presburgerarithmetic
+ Show how to use this theory to represent the transitionrelations of the tree operations directly from the programstatements, and how to use them to construct Hoare triples
+ Provide a decision procedure for automatically checkingvalidity of the resulting verification conditions
+ Generalizable to model other balanced tree structures,such as AVL trees and B-trees
![Page 71: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/71.jpg)
VERIFYING BALANCED TREES
CONCLUSION
OUR CONTRIBUTIONS
OUR CONTRIBUTIONS
+ Develop a first-order theory of red-black trees using thetheory of term algebras augmented with Presburgerarithmetic
+ Show how to use this theory to represent the transitionrelations of the tree operations directly from the programstatements, and how to use them to construct Hoare triples
+ Provide a decision procedure for automatically checkingvalidity of the resulting verification conditions
+ Generalizable to model other balanced tree structures,such as AVL trees and B-trees
![Page 72: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/72.jpg)
VERIFYING BALANCED TREES
CONCLUSION
OUR CONTRIBUTIONS
OUR CONTRIBUTIONS
+ Develop a first-order theory of red-black trees using thetheory of term algebras augmented with Presburgerarithmetic
+ Show how to use this theory to represent the transitionrelations of the tree operations directly from the programstatements, and how to use them to construct Hoare triples
+ Provide a decision procedure for automatically checkingvalidity of the resulting verification conditions
+ Generalizable to model other balanced tree structures,such as AVL trees and B-trees
![Page 73: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/73.jpg)
VERIFYING BALANCED TREES
CONCLUSION
OUR CONTRIBUTIONS
OUR CONTRIBUTIONS
+ Develop a first-order theory of red-black trees using thetheory of term algebras augmented with Presburgerarithmetic
+ Show how to use this theory to represent the transitionrelations of the tree operations directly from the programstatements, and how to use them to construct Hoare triples
+ Provide a decision procedure for automatically checkingvalidity of the resulting verification conditions
+ Generalizable to model other balanced tree structures,such as AVL trees and B-trees
![Page 74: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/74.jpg)
VERIFYING BALANCED TREES
CONCLUSION
FUTURE WORK
OUTLINE
1 INTRODUCTIONMotivationOur ContributionsRelated Work and Comparison
2 MAIN TALKDecidable Logic of R-B TreesAnalyze Algorithms on R-B Trees
3 CONCLUSIONOur ContributionsFuture Work
![Page 75: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/75.jpg)
VERIFYING BALANCED TREES
CONCLUSION
FUTURE WORK
FUTURE WORK
+ Express more properties:Tree Orderings
+ Model Destructive Updates:Decidable Logic with Extraction and Assignment
T[p] def== the subtree of T at position p
T ⊕p T ′ def== the tree obtained from T by substituting T ′
for the subtree of T at position p
![Page 76: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/76.jpg)
VERIFYING BALANCED TREES
CONCLUSION
FUTURE WORK
FUTURE WORK
+ Express more properties:Tree Orderings
+ Model Destructive Updates:Decidable Logic with Extraction and Assignment
T[p] def== the subtree of T at position p
T ⊕p T ′ def== the tree obtained from T by substituting T ′
for the subtree of T at position p
![Page 77: Zohar Manna1 Henny B. Sipma1 Ting Zhang2 - cs.stanford.edutingz/papers/lfcs07/lfcs07_talk.pdf · VERIFYING BALANCED TREES VERIFYING BALANCED TREES Zohar Manna1 Henny B. Sipma1 Ting](https://reader031.vdocuments.us/reader031/viewer/2022022715/5c13231d09d3f26c7c8c49bc/html5/thumbnails/77.jpg)
VERIFYING BALANCED TREES
CONCLUSION
FUTURE WORK
Thank You!