3

I am trying to make a B-Tree in Promela so that I can prove stuff about it, however, it seems that Promela does not support recursive data types. This doesn't work:

#define n 2
typedef BTreeNode
{
    int keys[2*n-1];
    BTreeNode children[2*n];
    int c;
};

How can I make a B-Tree in Promela, and if I can't, which tool would you suggest? I considered QuickCheck and Prolog. However making a B-Tree in Prolog would be hard too.

Janus Troelsen
  • 20,267
  • 14
  • 135
  • 196

1 Answers1

3

You'll represent the children using an index into a statically defined array of nodes. Like this:

#define n 2

#define BTreeNodeId   byte
typedef BTreeNode {
  BTreeNodeId my_id;
  int keys[2*n-1];
  BTreeNodeId children[2*n];
  int c;
};

BTreeNode nodes [10];
byte next_node_id = 0;

With this, you 'allocate' nodes by incrementing next_node_id and can access a child by referencing into nodes using the child's id.

GoZoner
  • 67,920
  • 20
  • 95
  • 145
  • I had an idea to use LRCS trees to represent the B-tree and then use the usual binary-tree-in-array to represent the LRCS tree. Do you think that's superior or inferior to your suggested solution? I only need to model tree insertion so far. – Janus Troelsen Jan 05 '14 at 12:33
  • This layout is problematic for me because it allows for multiple representations of the same tree, which makes it much harder, if not impossible to prove that a certain tree can be created. – Janus Troelsen Jan 05 '14 at 12:49
  • Are multiple representations a problem if Spin will check them all anyways to confirm your correctness claim? It might, at best, cost some time and space in the verification but it should not make the verification impossible. – GoZoner Jan 05 '14 at 17:47
  • I'm not familiar with 'LRCS trees' but, I've used the above technique on some simple binary tree verifications and some _much_ larger verifications. It is hard for me to see how it won't work! – GoZoner Jan 05 '14 at 17:49
  • Ah, I meant **LCRS** trees. – Janus Troelsen Jan 06 '14 at 11:14