Skip to main content
SpringerLink
Log in

Formalizing Network Flow Algorithms: A Refinement Approach in Isabelle/HOL

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

We present a formalization of classical algorithms for computing the maximum flow in a network: the Edmonds–Karp algorithm and the push–relabel algorithm. We prove correctness and time complexity of these algorithms. Our formal proof closely follows a standard textbook proof, and is accessible even without being an expert in Isabelle/HOL—the interactive theorem prover used for the formalization. Using stepwise refinement techniques, we instantiate the generic Ford–Fulkerson algorithm to Edmonds–Karp algorithm, and the generic push–relabel algorithm of Goldberg and Tarjan to both the relabel-to-front and the FIFO push–relabel algorithm. Further refinement then yields verified efficient implementations of the algorithms, which compare well to unverified reference implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. Section 10.1 provides a detailed discussion

  2. With \(u=v\), this also implies that there are no self loops.

  3. i. e. a path with a minimum number of edges.

  4. I.e., \((u_0,[l_1,\ldots ,l_n],u_n)\in R^*\) iff \(\forall 0\le i < n.~(u_i,l_{i+1},u_{i+1})\in R\).

  5. Using Cormen’s technique, we would have been able to prove a bound of \(17V^2E\).

  6. We have not found any implementation based on relabel-to-front, and our own experiments indicate a rather poor performance.

  7. Up to this point, the formalization models capacities as linearly ordered integral domains, which subsume reals, rationals, and integers. Thus, we could chose any executable number representation here.

  8. Actually, the unverified reference implementations of the push–relabel algorithms [15, 44] that we use in our benchmarks (cf. Sect. 9) lack such checks, and silently report erroneous maximum flow values in case of overflow. One implementation [44] has a parser that silently ignores overflows, while the other [15] uses a too small integer type for the excess flow.

  9. A Hoare triple is written as \({<}P{>}~c~{<}\lambda r.~Q~r{>}_t\), where P is the precondition, c the program, and Q the postcondition that also depends on the program’s return value r. Pre- and postcondition are written as separation logic assertions, where \(\text {emp}\) describes the empty heap, \(*\) is the separating conjunction, \(\uparrow \varPhi \) indicates a pure assertion, i. e. one that describes no heap content, and \(\exists _\text {A}\) is the existential quantifier lifted to assertions.

References

  1. Back, R.-J.: On the correctness of refinement steps in program development. Ph.D. thesis, Department of Computer Science, University of Helsinki (1978)

  2. Back, R.-J., von Wright, J.: Refinement Calculus—A Systematic Introduction. Springer, Berlin (1998)

    Book  MATH  Google Scholar 

  3. Ballarin, C.: Interpretation of locales in Isabelle. In: Borwein, J.M., Farmer, W.M. (eds.) MKM 2006, Volume 4108 of LNAI. Springer, Berlin (2006)

    Google Scholar 

  4. Bertot, Y., Castran, P.: Interactive Theorem Proving and Program Development: Coq’Art The Calculus of Inductive Constructions, 1st edn. Springer, Berlin (2010)

    Google Scholar 

  5. Bulwahn, L., Krauss, A., Haftmann, F., Erkök, L., Matthews, J.: Imperative functional programming with Isabelle/HOL. In: Mohamed, O.A., Mu\(\tilde{{\text{n}}}\)oz, C.A., Tahar, S. (eds.) TPHOL, volume 5170 of LNCS. Springer, Berlin (2008)

  6. Charguéraud, A.: Characteristic formulae for the verification of imperative programs. In: Chakravarty, M.M.T., Hu, Z., Danvy, O. (eds.) ICFP. ACM, New York (2011)

  7. Charguéraud, A., Pottier, F.: Machine-checked verification of the correctness and amortized complexity of an efficient union-find implementation. In: Proceedings of ITP (2015)

  8. Chen, R., Lévy, J.-J.: A semi-automatic proof of strong connectivity. VSTTE 2017. (2017). https://hal.inria.fr/hal-01632947

  9. Cherkassky, B.V., Goldberg, A.V.: On implementing the push—relabel method for the maximum flow problem. Algorithmica 19(4), 390–410 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  10. Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms, 3rd edn. The MIT Press, Cambridge (2009)

    MATH  Google Scholar 

  11. Dinitz, Y.: Theoretical Computer Science. Chapter Dinitz’ Algorithm: The Original Version and Even’s Version. Springer, Berlin (2006)

    Google Scholar 

  12. Edmonds, J., Karp, R.M.: Theoretical improvements in algorithmic efficiency for network flow problems. J. ACM 19(2), 248–264 (1972)

    MATH  Google Scholar 

  13. Filliâtre, J.-C., Paskevich, A.: Why3—Where Programs Meet Provers. Springer, Berlin (2013)

    Book  Google Scholar 

  14. Ford, L.R., Fulkerson, D.R.: Maximal flow through a network. Can. J. Math. 8(3), 399–404 (1956)

    Article  MathSciNet  MATH  Google Scholar 

  15. Goldberg, A.V.: Andrew goldberg’s network optimization library. http://www.avglab.com/andrew/soft.html

  16. Goldberg, A.V., Tarjan, R.E.: A new approach to the maximum-flow problem. J. ACM 35(4), 921–940 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  17. Greenaway, D.: Automated proof-producing abstraction of C code. Ph.D. thesis, CSE, UNSW, Sydney, Australia (2015)

  18. Greenaway, D., Andronick, J., Klein, G.: Bridging the gap: automatic verified abstraction of C. In: Beringer, L., Felty, A.P. (eds.) ITP. Springer, Berlin (2012)

  19. Haftmann, F.: Code Generation from Specifications in Higher Order Logic. Ph.D. thesis, Technische Universität München (2009)

  20. Haftmann, F., Nipkow, T.: Code generation via higher-order rewrite systems. In: Blume, M., Kobayashi, N., Vidal, G. (eds.) FLOPS 2010, LNCS. Springer, Berlin (2010)

  21. Johnson, D.S., McGeoch, C.C., et al.: Network Flows and Matching: First DIMACS Implementation Challenge. American Mathematical Society, Providence (1993)

    Book  MATH  Google Scholar 

  22. Karzanov, A.V.: Determination of maximal flow in a network by method of preflows. Doklady Akademii Nauk SSSR 215(1), 49–52 (1974)

    MathSciNet  Google Scholar 

  23. Krauss, A.: Recursive definitions of monadic functions. In: Proceedings of PAR, vol. 43 (2010)

  24. Lammich, P.: Refinement for monadic programs. In: Archive of Formal Proofs. http://afp.sf.net/entries/Refine_Monadic.shtml, 2012. Formal proof development (2012)

  25. Lammich, P.: Verified efficient implementation of Gabow’s strongly connected component algorithm. In: Klein, G., Gamboa, R. (eds.) ITP, volume 8558 of LNCS. Springer, Berlin (2014)

  26. Lammich, P.: Refinement to Imperative/HOL. In: Urban, C., Zhang, X. (eds.) ITP, volume 9236 of LNCS. Springer, Berlin (2015)

  27. Lammich, P.: Refinement based verification of imperative data structures. In: Avigad, J., Chlipala, A. (eds.) CPP. ACM, New York (2016)

  28. Lammich, P., Meis, R.: A separation logic framework for Imperative HOL. Archive of Formal Proofs, (2012). http://afp.sf.net/entries/Separation_Logic_Imperative_HOL.shtml, Formal proof development

  29. Lammich, P., Sefidgar, S.R.: Formalizing the Edmonds-Karp algorithm. In: Proceedings of ITP (2016)

  30. Lammich, P., Sefidgar, S.R.: Formalizing the Edmonds-Karp algorithm. Archive of Formal Proofs, (2016). http://isa-afp.org/entries/EdmondsKarp_Maxflow.shtml, Formal proof development

  31. Lammich, P., Sefidgar, S.R.: Flow networks and the Min-Cut-Max-Flow theorem. Archive of Formal Proofs, (June 2017). http://isa-afp.org/entries/Flow_Networks.shtml. Formal proof development

  32. Lammich, P., Sefidgar, S.R.: Formalizing push-relabel algorithms. Archive of Formal Proofs (2017). http://isa-afp.org/entries/Prpu_Maxflow.shtml, Formal proof development

  33. Lammich, P., Tuerk, T.: Applying data refinement for monadic programs to Hopcroft’s algorithm. In: Proc. of ITP, volume 7406 of LNCS. Springer, (2012)

  34. Lee, G.: Correctnesss of Ford-Fulkerson’s maximum flow algorithm. Formaliz. Math. 13(2), 305–314 (2005)

    MathSciNet  Google Scholar 

  35. Lee, G., Rudnicki, P.: Alternative aggregates in Mizar. In: Kauers, M., Kerber, M., Miner, R., Windsteiger, W. (eds.) Calculemus ’07/MKM ’07. Springer, Berlin (2007)

  36. Matuszewski, R., Rudnicki, P.: Mizar: the first 30 years. Mech. Math. Appl. 4, 3–24 (2005)

    Google Scholar 

  37. MLton Standard ML compiler. http://mlton.org/

  38. Nipkow, T.: Amortized complexity verified. In: Proceedings of ITP (2015)

  39. Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL—A Proof Assistant for Higher-Order Logic, Volume 2283 of LNCS. Springer, Berlin (2002)

    MATH  Google Scholar 

  40. Nordhoff, B., Lammich, P.: Formalization of Dijkstra’s algorithm. Archive of Formal Proofs (2012). http://afp.sf.net/entries/Dijkstra_Shortest_Path.shtml, Formal proof development

  41. Noschinski, L.: Formalizing Graph Theory and Planarity Certificates. Ph.D. thesis, Fakultät für Informatik, Technische Universität München (2015)

  42. Reynolds, J.C.: Separation logic: A logic for shared mutable data structures. In: Proceedings of the Logic in Computer Science (LICS). IEEE (2002)

  43. Sedgewick, R., Wayne, K.: Algorithms, 4th edn. Addison-Wesley, Boston (2011)

    Google Scholar 

  44. Stanford ACM-ICPC notebook. https://github.com/jaehyunp/stanfordacm

  45. Wenzel, M.: Isar—A generic interpretative approach to readable formal proof documents. In: TPHOLs’99, volume 1690 of LNCS. Springer, Berlin (1999)

  46. Wirth, N.: Program development by stepwise refinement. Commun. ACM 14(4), 221–227 (1971)

    Article  MATH  Google Scholar 

  47. Zwick, U.: The smallest networks on which the Ford–Fulkerson maximum flow procedure may fail to terminate. Theor. Comput. Sci. 148(1), 165–170 (1995)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institut für Informatik, Technische Universität München, Munich, Germany

    Peter Lammich

  2. Institute of Information Security, Department of Computer Science, ETH Zurich, Zurich, Switzerland

    S. Reza Sefidgar

Authors
  1. Peter Lammich
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Reza Sefidgar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Peter Lammich.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Lammich, P., Sefidgar, S.R. Formalizing Network Flow Algorithms: A Refinement Approach in Isabelle/HOL. J Autom Reasoning 62, 261–280 (2019). https://doi.org/10.1007/s10817-017-9442-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-017-9442-4

Keywords

Search

Navigation