\section{Additional Implementation Details}
\label{sec:appendix_approach_details}

This appendix provides additional details and examples for the implementation of \tech.

\subsection{Code Instrumentation and Invariant Examples}
\label{subsec:appendix_instrumentation}

Figure \ref{fig:appendix_avl_instrumentation_combined} shows how a public method is instrumented with invariant checks, and Figure \ref{fig:appendix_avl_incorrect} shows an example of an incorrect invariant.

\begin{figure}[ht]
\centering
\begin{subfigure}[t]{0.45\linewidth}
\begin{lstlisting}[language=c++, escapechar=@, basicstyle=\ttfamily\scriptsize]
bool AvlTree::empty() { 
  check_invariant();
  auto ret = empty_original();
  check_invariant();
  return ret;
}

bool AvlTree::empty_original() { 
  return n == 0; 
}
\end{lstlisting}
\caption{AvlTree instrumented with invariants}
\label{fig:appendix_avl_instrumentation}
\end{subfigure}
\hfill
\begin{subfigure}[t]{0.53\linewidth}
\begin{lstlisting}[language=c++, escapechar=@, basicstyle=\ttfamily\scriptsize]
void AvlTree::check_invariant() {
  std::function<bool(const std::unique_ptr<Node>&)> 
  is_balanced = [&](const std::unique_ptr<Node>& node) -> bool {
    if (!node) return true;
    int left_height = height(node->left);
    int right_height = height(node->right);
    if (std::abs(left_height - right_height) > 1) 
        return false;
    return is_balanced(node->left) && 
           is_balanced(node->right);
  };
  assert(is_balanced(root));
}
\end{lstlisting}
\caption{Example of a correct AvlTree class invariant}
\label{fig:appendix_avl_correct_inv2}
\end{subfigure}
\caption{AvlTree instrumentation and invariant example}
\label{fig:appendix_avl_instrumentation_combined}
\end{figure}

\begin{figure}[ht]
\centering
\begin{lstlisting}[language=c++, escapechar=@, basicstyle=\ttfamily\scriptsize]
void AvlTree::check_invariant() {
    assert(height(root) == get_height(root));
}
\end{lstlisting}
\caption{Example of an incorrect invariant of AvlTree because there is no get\_height method}
\label{fig:appendix_avl_incorrect}
\end{figure}

\subsection{Test Generation Examples}
\label{subsec:appendix_test_generation}

Figure \ref{fig:appendix_avl_tests} shows an example of a generated test suite used for filtering invariants.

\begin{figure}[htp]
\centering
\begin{lstlisting}[language=c++, escapechar=!, basicstyle=\ttfamily\scriptsize]
int main() {
    // Test Case 1: Basic insertions and traversals
    {
        AvlTree tree;
        tree.insert(10); tree.insert(20); tree.insert(5);
        tree.in_order_traversal();
        tree.pre_order_traversal();
    }
    // Test Case 2: Size, height, empty checks
    {
        AvlTree tree;
        tree.insert(10); tree.insert(20);
        tree.size(); tree.height(); tree.empty();
    }
    // ... more test cases ...
}
\end{lstlisting}
\caption{A test suite generated for AvlTree}
\label{fig:appendix_avl_tests}
\end{figure}

\subsection{Refinement Details}
\label{subsec:appendix_refinement}

\tech implements a feedback loop for refining failing invariants. Figure \ref{fig:appendix_gcc_compiler_error} shows an error message, while Figures \ref{fig:appendix_avl_bst_before} and \ref{fig:appendix_avl_bst_after} show the BST invariant before and after refinement.

\begin{figure}[ht]
\centering
\begin{subfigure}[t]{0.45\linewidth}
\begin{lstlisting}[language=c++, escapechar=@, basicstyle=\ttfamily\scriptsize]
avl_tree.cpp: In lambda function:
avl_tree.cpp:21:16: error: use of 
'is_balanced' before deduction of 'auto'
\end{lstlisting}
\caption{gcc compiler error messages}
\label{fig:appendix_gcc_compiler_error}
\end{subfigure}
\hfill
\begin{subfigure}[t]{0.52\linewidth}
\begin{lstlisting}[language=c++, escapechar=@, basicstyle=\ttfamily\scriptsize]
void AvlTree::check_invariant() {
@\CodeBG@   auto is_bst = [&](const std::unique_ptr<Node>& node, 
  const T& min, const T& max) -> bool {
    if (!node) return true;
    if (node->data <= min || 
        node->data >= max) return false;
    return is_bst(node->left, min, node->data) && 
           is_bst(node->right, node->data, max);
  };
  assert(is_bst(root, std::numeric_limits<T>::min(), 
         std::numeric_limits<T>::max()));
}
\end{lstlisting}
\caption{BST property before refinement}
\label{fig:appendix_avl_bst_before}
\end{subfigure}
\end{figure}

\begin{figure}[ht]
\centering
\begin{lstlisting}[language=c++, escapechar=@, basicstyle=\ttfamily\scriptsize]
void AvlTree::check_invariant() {
@\CodeBGGreen@  std::function<bool(const std::unique_ptr<Node>&, const T&, const T&)> 
  is_bst = [&](const std::unique_ptr<Node>& node, const T& min, const T& max) -> bool {
    if (!node) return true;
    if (node->data <= min || node->data >= max) return false;
    return is_bst(node->left, min, node->data) && 
           is_bst(node->right, node->data, max);
  };
  assert(is_bst(root, std::numeric_limits<T>::min(), std::numeric_limits<T>::max()));
}
\end{lstlisting}
\caption{BST property after refinement: \CodeIn{auto} is changed to explicit declarations}
\label{fig:appendix_avl_bst_after}
\end{figure} 