1 Depth-fist seach and stong connectivity in Coq Januay 9, 2015
2 The poblem Finding the stongly connected components of a diected gaph. Pedagogical value: The fist nontivial gaph algoithm. Pactical value: Applications in pogam analysis, constaint solving, model-checking, etc.
3 Known algoithms Seveal known algoithms un in linea time: Tajan (1972). One pass. Maintains auxiliay data ( lowpoint values, etc.). Kosaaju (unpublished, 1978) and Shai (1981). Two passes. Maintains no auxiliay data. Descibed in Comen/Leiseson/Rivest s textbook. Explained by Wegene (2002). Gabow (2000), impoving on Pudom (1968) and Muno (1971). One pass. Maintains a union-find data stuctue.
4 Kosaaju s algoithm The algoithm is as follows: 1. Pefom a DFS tavesal of the gaph E, poducing a foest f 1. 2. Pefom a DFS tavesal of the evese gaph Ē, visiting the oots in the evese post-ode of f 1, poducing a foest f 2. Then, f 2 is a list of the stongly connected components. Magic! Note: the second tavesal does not have to be depth-fist. Really Easy to implement if you have done DFS aleady.
5 Why does this wok?
6 Complete discovey The left side of evey dashed bounday is closed w..t. E. The ight side of evey dashed bounday is closed w..t. Ē. Evey component is contained within some tee.
7 f 1 scc() w 1 Let be the oot of the last tee in f 1. The component of must be Ē (). v 1 f 2 w1 scc() w2 v 2
8 f 1 scc() w 1 Let be the oot of the last tee in f 1. The component of must be Ē (). So it is exactly the fist tee in f 2. v 1 f 2 w1 scc() w2 v 2
9 f 1 scc() Let be the oot of the last tee in f 1. w 1 The component of must be Ē (). So it is exactly the fist tee in f 2. v 1 f 2 w1 Futhemoe, it is a pefix of the last tee in f 1. scc() w2 v 2
10 f 1 scc() Let be the oot of the last tee in f 1. w 1 The component of must be Ē (). So it is exactly the fist tee in f 2. v 1 f 2 w1 Futhemoe, it is a pefix of the last tee in f 1. So, if we emove it by thought... scc() we end up whee we stated,... only with a smalle gaph. (Induction!) w2 v 2
11 Now, in Coq (biefly)
12 Foests A non-empty foest: w w v Foests fom an inductive type: f, v, w ::= ɛ w w :: v
13 DFS foests We define an inductive pedicate dfs (i) v (o). It has a cetain declaative flavo: v is a DFS foest. It still has a cetain impeative flavo: if the vetices in i ae maked at the beginning, then a DFS algoithm may constuct v, and the vetices in o ae maked at the end.
14 DFS foests DFS-Empty dfs (i) ɛ (i)
15 DFS foests DFS-NonEmpty w i dfs ({w} i) w (m) oots( w) E({w}) E({w}) m dfs (m) v (o) dfs (i) w :: v (o) w w was not initially maked afte making w, the DFS foest w was built evey oot of w is a successo of w evey successo of w was maked at this point then, the DFS foest v was built the DFS foest w :: v was built w
16 Complete discovey
17 Complete discovey Lemma (Complete discovey) dfs (i) v (o) and E(i) i imply E(o) o. Easy. (The pape summay of the poof is a few lines long.)
18 f 1 scc() w 1 v 1 f 2 w1 scc() w2 v 2
19 Kosaaju s algoithm Theoem (Kosaaju s algoithm is coect) Let (V, E) be a diected gaph. If the following hypotheses hold, dfs E ( ) f 1 (V) dfs Ē ( ) f 2 (V) ev(post(f 1 )) odes f 2 then the toplevel tees of f 2 ae the components of the gaph E. Slightly involved. (The pape summay of the poof is two pages.)
20 Towads an executable DFS in Coq ( executable = extactible)
21 Paametes A set V of vetices. V must be finite. Slightly too stong an assumption, but OK fo now.
22 Paametes A mathematical gaph E. A untime function successo v poducing an iteato on the successos of v.
23 Paametes A untime epesentation of sets of vetices. Recod SET (V : Type) := MkSET { ep : Type; meaning : ep -> (V -> Pop); void : ep; mak : V -> ep -> ep; maked : V -> ep -> bool;... // 3 moe hypotheses about void, mak, maked }.
24 A ecusive fomulation Notation state := (ep * foest V)%type. A state ecods the maked vetices and the foest built so fa.
25 A ecusive fomulation One would like to wite something like this: Definition visitf : state -> V -> state :=... This cannot wok, though. Because the ecusive call sits in a loop, the poof of temination must use the fact that a vetex, once maked, emains maked. So, we must build this infomation into the postcondition...
26 A ecusive fomulation This states that s1 has at least as many maked vetices as s0: Definition visitf_dep: foall s0 : state, V -> { s1 lift le s0 s1 }. Poof. eapply (Fix (...) (...)).... Defined. Woks. Unpleasant.
27 A tail-ecusive fomulation Wok in pogess. Temination is elatively easy to pove. (Geneic libay: Loop.) Paameteized by use hooks (on enty, on exit, on ediscovey). Nice (?) most geneal (?) specification: Theoem dfs_main_spec: exists vs, ev oots = ootsl vs /\ dfs E (maked base) (maked dfs_main) vs /\ dfs_main = fold dfs_init_spec vs. Running the iteative DFS algoithm is equivalent to guessing a DFS foest and ecusively folding ove this foest.
28 Conclusion
29 Conclusion Contibutions: Poofs of basic popeties of DFS. A poof of (the pinciple of) Kosaaju s algoithm. Embyo of a cetified DFS libay. (Moe to come.) Lessons: Sepaation between mathematics and code is desiable, and quite easy to achieve in Coq. Witing, specifying, poving geneic executable code is a lot of wok! We need a cetified libay of basic gaph algoithms!