 
Summary: 1
Efficient Verified RedBlack Trees
ANDREW W. APPEL
Princeton University, Princeton NJ 08540, USA
(email: appel@princeton.edu)
Abstract
I present a new implementation of balanced binary search trees, compatible with the MSets interface
of the Coq Standard Library. Like the current Library implementation, mine is formally verified (in
Coq) to be correct with respect to the MSets specification, and to be balanced (which implies asymp
totic efficiency guarantees). Benchmarks show that my implementation runs significantly faster than
the library implementation, because (1) RedBlack trees avoid the significant overhead of arithmetic
incurred by AVL trees for balancing computations; (2) a specialized deletemin operation makes
priorityqueue operations much faster; and (3) dynamically choosing between three algorithms for
set union/intersection leads to better asymptotic efficiency.
1 Introduction
An important and growing body of formally verified software (with machinechecked
proofs) is written in pure functional languages that are embedded in logics and theorem
provers; this is because such languages have tractable proof theories that greatly eases the
verification task. Examples of such languages are ML (embedded in Isabelle/HOL) and
Gallina (embedded in Coq). These embedded pure functional languages extract to ML
