src/HOL/Library/RBT.thy
author krauss
Tue Jul 28 08:49:03 2009 +0200 (2009-07-28)
changeset 32245 0c1cb95a434d
parent 32237 cdc76a42fed4
child 35534 14d8d72f8b1f
permissions -rw-r--r--
tuned
krauss@26192
     1
(*  Title:      RBT.thy
krauss@26192
     2
    Author:     Markus Reiter, TU Muenchen
krauss@26192
     3
    Author:     Alexander Krauss, TU Muenchen
krauss@26192
     4
*)
krauss@26192
     5
krauss@26192
     6
header {* Red-Black Trees *}
krauss@26192
     7
krauss@26192
     8
(*<*)
krauss@26192
     9
theory RBT
haftmann@30738
    10
imports Main AssocList
krauss@26192
    11
begin
krauss@26192
    12
krauss@26192
    13
datatype color = R | B
krauss@26192
    14
datatype ('a,'b)"rbt" = Empty | Tr color "('a,'b)rbt" 'a 'b "('a,'b)rbt"
krauss@26192
    15
krauss@32245
    16
text {* Search tree properties *}
krauss@26192
    17
krauss@26192
    18
primrec
krauss@26192
    19
  pin_tree :: "'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> bool"
krauss@26192
    20
where
krauss@26192
    21
  "pin_tree k v Empty = False"
krauss@26192
    22
| "pin_tree k v (Tr c l x y r) = (k = x \<and> v = y \<or> pin_tree k v l \<or> pin_tree k v r)"
krauss@26192
    23
krauss@26192
    24
primrec
krauss@26192
    25
  keys :: "('k,'v) rbt \<Rightarrow> 'k set"
krauss@26192
    26
where
krauss@26192
    27
  "keys Empty = {}"
krauss@26192
    28
| "keys (Tr _ l k _ r) = { k } \<union> keys l \<union> keys r"
krauss@26192
    29
krauss@26192
    30
lemma pint_keys: "pin_tree k v t \<Longrightarrow> k \<in> keys t" by (induct t) auto
krauss@26192
    31
krauss@26192
    32
primrec tlt :: "'a\<Colon>order \<Rightarrow> ('a,'b) rbt \<Rightarrow> bool"
krauss@26192
    33
where
krauss@26192
    34
  "tlt k Empty = True"
krauss@26192
    35
| "tlt k (Tr c lt kt v rt) = (kt < k \<and> tlt k lt \<and> tlt k rt)"
krauss@26192
    36
krauss@26192
    37
abbreviation tllt (infix "|\<guillemotleft>" 50)
krauss@26192
    38
where "t |\<guillemotleft> x == tlt x t"
krauss@26192
    39
krauss@26192
    40
primrec tgt :: "'a\<Colon>order \<Rightarrow> ('a,'b) rbt \<Rightarrow> bool" (infix "\<guillemotleft>|" 50) 
krauss@26192
    41
where
krauss@26192
    42
  "tgt k Empty = True"
krauss@26192
    43
| "tgt k (Tr c lt kt v rt) = (k < kt \<and> tgt k lt \<and> tgt k rt)"
krauss@26192
    44
krauss@26192
    45
lemma tlt_prop: "(t |\<guillemotleft> k) = (\<forall>x\<in>keys t. x < k)" by (induct t) auto
krauss@26192
    46
lemma tgt_prop: "(k \<guillemotleft>| t) = (\<forall>x\<in>keys t. k < x)" by (induct t) auto
krauss@26192
    47
lemmas tlgt_props = tlt_prop tgt_prop
krauss@26192
    48
krauss@26192
    49
lemmas tgt_nit = tgt_prop pint_keys
krauss@26192
    50
lemmas tlt_nit = tlt_prop pint_keys
krauss@26192
    51
krauss@26192
    52
lemma tlt_trans: "\<lbrakk> t |\<guillemotleft> x; x < y \<rbrakk> \<Longrightarrow> t |\<guillemotleft> y"
krauss@26192
    53
  and tgt_trans: "\<lbrakk> x < y; y \<guillemotleft>| t\<rbrakk> \<Longrightarrow> x \<guillemotleft>| t"
krauss@26192
    54
by (auto simp: tlgt_props)
krauss@26192
    55
krauss@26192
    56
krauss@26192
    57
primrec st :: "('a::linorder, 'b) rbt \<Rightarrow> bool"
krauss@26192
    58
where
krauss@26192
    59
  "st Empty = True"
krauss@26192
    60
| "st (Tr c l k v r) = (l |\<guillemotleft> k \<and> k \<guillemotleft>| r \<and> st l \<and> st r)"
krauss@26192
    61
krauss@26192
    62
primrec map_of :: "('a\<Colon>linorder, 'b) rbt \<Rightarrow> 'a \<rightharpoonup> 'b"
krauss@26192
    63
where
krauss@26192
    64
  "map_of Empty k = None"
krauss@26192
    65
| "map_of (Tr _ l x y r) k = (if k < x then map_of l k else if x < k then map_of r k else Some y)"
krauss@26192
    66
krauss@26192
    67
lemma map_of_tlt[simp]: "t |\<guillemotleft> k \<Longrightarrow> map_of t k = None" 
krauss@26192
    68
by (induct t) auto
krauss@26192
    69
krauss@26192
    70
lemma map_of_tgt[simp]: "k \<guillemotleft>| t \<Longrightarrow> map_of t k = None"
krauss@26192
    71
by (induct t) auto
krauss@26192
    72
krauss@26192
    73
lemma mapof_keys: "st t \<Longrightarrow> dom (map_of t) = keys t"
krauss@26192
    74
by (induct t) (auto simp: dom_def tgt_prop tlt_prop)
krauss@26192
    75
krauss@26192
    76
lemma mapof_pit: "st t \<Longrightarrow> (map_of t k = Some v) = pin_tree k v t"
krauss@26192
    77
by (induct t) (auto simp: tlt_prop tgt_prop pint_keys)
krauss@26192
    78
krauss@26192
    79
lemma map_of_Empty: "map_of Empty = empty"
krauss@26192
    80
by (rule ext) simp
krauss@26192
    81
krauss@26192
    82
(* a kind of extensionality *)
krauss@26192
    83
lemma mapof_from_pit: 
krauss@26192
    84
  assumes st: "st t1" "st t2" 
krauss@26192
    85
  and eq: "\<And>v. pin_tree (k\<Colon>'a\<Colon>linorder) v t1 = pin_tree k v t2" 
krauss@26192
    86
  shows "map_of t1 k = map_of t2 k"
krauss@26192
    87
proof (cases "map_of t1 k")
krauss@26192
    88
  case None
krauss@26192
    89
  then have "\<And>v. \<not> pin_tree k v t1"
krauss@26192
    90
    by (simp add: mapof_pit[symmetric] st)
krauss@26192
    91
  with None show ?thesis
krauss@26192
    92
    by (cases "map_of t2 k") (auto simp: mapof_pit st eq)
krauss@26192
    93
next
krauss@26192
    94
  case (Some a)
krauss@26192
    95
  then show ?thesis
krauss@26192
    96
    apply (cases "map_of t2 k")
krauss@26192
    97
    apply (auto simp: mapof_pit st eq)
krauss@26192
    98
    by (auto simp add: mapof_pit[symmetric] st Some)
krauss@26192
    99
qed
krauss@26192
   100
krauss@26192
   101
subsection {* Red-black properties *}
krauss@26192
   102
krauss@26192
   103
primrec treec :: "('a,'b) rbt \<Rightarrow> color"
krauss@26192
   104
where
krauss@26192
   105
  "treec Empty = B"
krauss@26192
   106
| "treec (Tr c _ _ _ _) = c"
krauss@26192
   107
krauss@26192
   108
primrec inv1 :: "('a,'b) rbt \<Rightarrow> bool"
krauss@26192
   109
where
krauss@26192
   110
  "inv1 Empty = True"
krauss@26192
   111
| "inv1 (Tr c lt k v rt) = (inv1 lt \<and> inv1 rt \<and> (c = B \<or> treec lt = B \<and> treec rt = B))"
krauss@26192
   112
krauss@26192
   113
(* Weaker version *)
krauss@26192
   114
primrec inv1l :: "('a,'b) rbt \<Rightarrow> bool"
krauss@26192
   115
where
krauss@26192
   116
  "inv1l Empty = True"
krauss@26192
   117
| "inv1l (Tr c l k v r) = (inv1 l \<and> inv1 r)"
krauss@26192
   118
lemma [simp]: "inv1 t \<Longrightarrow> inv1l t" by (cases t) simp+
krauss@26192
   119
krauss@26192
   120
primrec bh :: "('a,'b) rbt \<Rightarrow> nat"
krauss@26192
   121
where
krauss@26192
   122
  "bh Empty = 0"
krauss@26192
   123
| "bh (Tr c lt k v rt) = (if c = B then Suc (bh lt) else bh lt)"
krauss@26192
   124
krauss@26192
   125
primrec inv2 :: "('a,'b) rbt \<Rightarrow> bool"
krauss@26192
   126
where
krauss@26192
   127
  "inv2 Empty = True"
krauss@26192
   128
| "inv2 (Tr c lt k v rt) = (inv2 lt \<and> inv2 rt \<and> bh lt = bh rt)"
krauss@26192
   129
krauss@26192
   130
definition
krauss@26192
   131
  "isrbt t = (inv1 t \<and> inv2 t \<and> treec t = B \<and> st t)"
krauss@26192
   132
krauss@26192
   133
lemma isrbt_st[simp]: "isrbt t \<Longrightarrow> st t" by (simp add: isrbt_def)
krauss@26192
   134
krauss@26192
   135
lemma rbt_cases:
krauss@26192
   136
  obtains (Empty) "t = Empty" 
krauss@26192
   137
  | (Red) l k v r where "t = Tr R l k v r" 
krauss@26192
   138
  | (Black) l k v r where "t = Tr B l k v r" 
krauss@26192
   139
by (cases t, simp) (case_tac "color", auto)
krauss@26192
   140
krauss@26192
   141
theorem Empty_isrbt[simp]: "isrbt Empty"
krauss@26192
   142
unfolding isrbt_def by simp
krauss@26192
   143
krauss@26192
   144
krauss@26192
   145
subsection {* Insertion *}
krauss@26192
   146
krauss@26192
   147
fun (* slow, due to massive case splitting *)
krauss@26192
   148
  balance :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   149
where
krauss@26192
   150
  "balance (Tr R a w x b) s t (Tr R c y z d) = Tr R (Tr B a w x b) s t (Tr B c y z d)" |
krauss@26192
   151
  "balance (Tr R (Tr R a w x b) s t c) y z d = Tr R (Tr B a w x b) s t (Tr B c y z d)" |
krauss@26192
   152
  "balance (Tr R a w x (Tr R b s t c)) y z d = Tr R (Tr B a w x b) s t (Tr B c y z d)" |
krauss@26192
   153
  "balance a w x (Tr R b s t (Tr R c y z d)) = Tr R (Tr B a w x b) s t (Tr B c y z d)" |
krauss@26192
   154
  "balance a w x (Tr R (Tr R b s t c) y z d) = Tr R (Tr B a w x b) s t (Tr B c y z d)" |
krauss@26192
   155
  "balance a s t b = Tr B a s t b"
krauss@26192
   156
krauss@26192
   157
lemma balance_inv1: "\<lbrakk>inv1l l; inv1l r\<rbrakk> \<Longrightarrow> inv1 (balance l k v r)" 
krauss@26192
   158
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   159
krauss@26192
   160
lemma balance_bh: "bh l = bh r \<Longrightarrow> bh (balance l k v r) = Suc (bh l)"
krauss@26192
   161
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   162
krauss@26192
   163
lemma balance_inv2: 
krauss@26192
   164
  assumes "inv2 l" "inv2 r" "bh l = bh r"
krauss@26192
   165
  shows "inv2 (balance l k v r)"
krauss@26192
   166
  using assms
krauss@26192
   167
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   168
krauss@26192
   169
lemma balance_tgt[simp]: "(v \<guillemotleft>| balance a k x b) = (v \<guillemotleft>| a \<and> v \<guillemotleft>| b \<and> v < k)" 
krauss@26192
   170
  by (induct a k x b rule: balance.induct) auto
krauss@26192
   171
krauss@26192
   172
lemma balance_tlt[simp]: "(balance a k x b |\<guillemotleft> v) = (a |\<guillemotleft> v \<and> b |\<guillemotleft> v \<and> k < v)"
krauss@26192
   173
  by (induct a k x b rule: balance.induct) auto
krauss@26192
   174
krauss@26192
   175
lemma balance_st: 
krauss@26192
   176
  fixes k :: "'a::linorder"
krauss@26192
   177
  assumes "st l" "st r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
krauss@26192
   178
  shows "st (balance l k v r)"
krauss@26192
   179
using assms proof (induct l k v r rule: balance.induct)
krauss@26192
   180
  case ("2_2" a x w b y t c z s va vb vd vc)
krauss@26192
   181
  hence "y < z \<and> z \<guillemotleft>| Tr B va vb vd vc" 
krauss@26192
   182
    by (auto simp add: tlgt_props)
krauss@26192
   183
  hence "tgt y (Tr B va vb vd vc)" by (blast dest: tgt_trans)
krauss@26192
   184
  with "2_2" show ?case by simp
krauss@26192
   185
next
krauss@26192
   186
  case ("3_2" va vb vd vc x w b y s c z)
krauss@26192
   187
  from "3_2" have "x < y \<and> tlt x (Tr B va vb vd vc)" 
krauss@26192
   188
    by (simp add: tlt.simps tgt.simps)
krauss@26192
   189
  hence "tlt y (Tr B va vb vd vc)" by (blast dest: tlt_trans)
krauss@26192
   190
  with "3_2" show ?case by simp
krauss@26192
   191
next
krauss@26192
   192
  case ("3_3" x w b y s c z t va vb vd vc)
krauss@26192
   193
  from "3_3" have "y < z \<and> tgt z (Tr B va vb vd vc)" by simp
krauss@26192
   194
  hence "tgt y (Tr B va vb vd vc)" by (blast dest: tgt_trans)
krauss@26192
   195
  with "3_3" show ?case by simp
krauss@26192
   196
next
krauss@26192
   197
  case ("3_4" vd ve vg vf x w b y s c z t va vb vii vc)
krauss@26192
   198
  hence "x < y \<and> tlt x (Tr B vd ve vg vf)" by simp
krauss@26192
   199
  hence 1: "tlt y (Tr B vd ve vg vf)" by (blast dest: tlt_trans)
krauss@26192
   200
  from "3_4" have "y < z \<and> tgt z (Tr B va vb vii vc)" by simp
krauss@26192
   201
  hence "tgt y (Tr B va vb vii vc)" by (blast dest: tgt_trans)
krauss@26192
   202
  with 1 "3_4" show ?case by simp
krauss@26192
   203
next
krauss@26192
   204
  case ("4_2" va vb vd vc x w b y s c z t dd)
krauss@26192
   205
  hence "x < y \<and> tlt x (Tr B va vb vd vc)" by simp
krauss@26192
   206
  hence "tlt y (Tr B va vb vd vc)" by (blast dest: tlt_trans)
krauss@26192
   207
  with "4_2" show ?case by simp
krauss@26192
   208
next
krauss@26192
   209
  case ("5_2" x w b y s c z t va vb vd vc)
krauss@26192
   210
  hence "y < z \<and> tgt z (Tr B va vb vd vc)" by simp
krauss@26192
   211
  hence "tgt y (Tr B va vb vd vc)" by (blast dest: tgt_trans)
krauss@26192
   212
  with "5_2" show ?case by simp
krauss@26192
   213
next
krauss@26192
   214
  case ("5_3" va vb vd vc x w b y s c z t)
krauss@26192
   215
  hence "x < y \<and> tlt x (Tr B va vb vd vc)" by simp
krauss@26192
   216
  hence "tlt y (Tr B va vb vd vc)" by (blast dest: tlt_trans)
krauss@26192
   217
  with "5_3" show ?case by simp
krauss@26192
   218
next
krauss@26192
   219
  case ("5_4" va vb vg vc x w b y s c z t vd ve vii vf)
krauss@26192
   220
  hence "x < y \<and> tlt x (Tr B va vb vg vc)" by simp
krauss@26192
   221
  hence 1: "tlt y (Tr B va vb vg vc)" by (blast dest: tlt_trans)
krauss@26192
   222
  from "5_4" have "y < z \<and> tgt z (Tr B vd ve vii vf)" by simp
krauss@26192
   223
  hence "tgt y (Tr B vd ve vii vf)" by (blast dest: tgt_trans)
krauss@26192
   224
  with 1 "5_4" show ?case by simp
krauss@26192
   225
qed simp+
krauss@26192
   226
krauss@26192
   227
lemma keys_balance[simp]: 
krauss@26192
   228
  "keys (balance l k v r) = { k } \<union> keys l \<union> keys r"
krauss@26192
   229
by (induct l k v r rule: balance.induct) auto
krauss@26192
   230
krauss@26192
   231
lemma balance_pit:  
krauss@26192
   232
  "pin_tree k x (balance l v y r) = (pin_tree k x l \<or> k = v \<and> x = y \<or> pin_tree k x r)" 
krauss@26192
   233
by (induct l v y r rule: balance.induct) auto
krauss@26192
   234
krauss@26192
   235
lemma map_of_balance[simp]: 
krauss@26192
   236
fixes k :: "'a::linorder"
krauss@26192
   237
assumes "st l" "st r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
krauss@26192
   238
shows "map_of (balance l k v r) x = map_of (Tr B l k v r) x"
krauss@26192
   239
by (rule mapof_from_pit) (auto simp:assms balance_pit balance_st)
krauss@26192
   240
krauss@26192
   241
primrec paint :: "color \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   242
where
krauss@26192
   243
  "paint c Empty = Empty"
krauss@26192
   244
| "paint c (Tr _ l k v r) = Tr c l k v r"
krauss@26192
   245
krauss@26192
   246
lemma paint_inv1l[simp]: "inv1l t \<Longrightarrow> inv1l (paint c t)" by (cases t) auto
krauss@26192
   247
lemma paint_inv1[simp]: "inv1l t \<Longrightarrow> inv1 (paint B t)" by (cases t) auto
krauss@26192
   248
lemma paint_inv2[simp]: "inv2 t \<Longrightarrow> inv2 (paint c t)" by (cases t) auto
krauss@26192
   249
lemma paint_treec[simp]: "treec (paint B t) = B" by (cases t) auto
krauss@26192
   250
lemma paint_st[simp]: "st t \<Longrightarrow> st (paint c t)" by (cases t) auto
krauss@26192
   251
lemma paint_pit[simp]: "pin_tree k x (paint c t) = pin_tree k x t" by (cases t) auto
krauss@26192
   252
lemma paint_mapof[simp]: "map_of (paint c t) = map_of t" by (rule ext) (cases t, auto)
krauss@26192
   253
lemma paint_tgt[simp]: "(v \<guillemotleft>| paint c t) = (v \<guillemotleft>| t)" by (cases t) auto
krauss@26192
   254
lemma paint_tlt[simp]: "(paint c t |\<guillemotleft> v) = (t |\<guillemotleft> v)" by (cases t) auto
krauss@26192
   255
krauss@26192
   256
fun
krauss@26192
   257
  ins :: "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   258
where
krauss@26192
   259
  "ins f k v Empty = Tr R Empty k v Empty" |
krauss@26192
   260
  "ins f k v (Tr B l x y r) = (if k < x then balance (ins f k v l) x y r
krauss@26192
   261
                               else if k > x then balance l x y (ins f k v r)
krauss@26192
   262
                               else Tr B l x (f k y v) r)" |
krauss@26192
   263
  "ins f k v (Tr R l x y r) = (if k < x then Tr R (ins f k v l) x y r
krauss@26192
   264
                               else if k > x then Tr R l x y (ins f k v r)
krauss@26192
   265
                               else Tr R l x (f k y v) r)"
krauss@26192
   266
krauss@26192
   267
lemma ins_inv1_inv2: 
krauss@26192
   268
  assumes "inv1 t" "inv2 t"
krauss@26192
   269
  shows "inv2 (ins f k x t)" "bh (ins f k x t) = bh t" 
krauss@26192
   270
  "treec t = B \<Longrightarrow> inv1 (ins f k x t)" "inv1l (ins f k x t)"
krauss@26192
   271
  using assms
krauss@26192
   272
  by (induct f k x t rule: ins.induct) (auto simp: balance_inv1 balance_inv2 balance_bh)
krauss@26192
   273
krauss@26192
   274
lemma ins_tgt[simp]: "(v \<guillemotleft>| ins f k x t) = (v \<guillemotleft>| t \<and> k > v)"
krauss@26192
   275
  by (induct f k x t rule: ins.induct) auto
krauss@26192
   276
lemma ins_tlt[simp]: "(ins f k x t |\<guillemotleft> v) = (t |\<guillemotleft> v \<and> k < v)"
krauss@26192
   277
  by (induct f k x t rule: ins.induct) auto
krauss@26192
   278
lemma ins_st[simp]: "st t \<Longrightarrow> st (ins f k x t)"
krauss@26192
   279
  by (induct f k x t rule: ins.induct) (auto simp: balance_st)
krauss@26192
   280
krauss@26192
   281
lemma keys_ins: "keys (ins f k v t) = { k } \<union> keys t"
krauss@26192
   282
by (induct f k v t rule: ins.induct) auto
krauss@26192
   283
krauss@26192
   284
lemma map_of_ins: 
krauss@26192
   285
  fixes k :: "'a::linorder"
krauss@26192
   286
  assumes "st t"
krauss@26192
   287
  shows "map_of (ins f k v t) x = ((map_of t)(k |-> case map_of t k of None \<Rightarrow> v 
krauss@26192
   288
                                                       | Some w \<Rightarrow> f k w v)) x"
krauss@26192
   289
using assms by (induct f k v t rule: ins.induct) auto
krauss@26192
   290
krauss@26192
   291
definition
krauss@26192
   292
  insertwithkey :: "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   293
where
krauss@26192
   294
  "insertwithkey f k v t = paint B (ins f k v t)"
krauss@26192
   295
krauss@26192
   296
lemma insertwk_st: "st t \<Longrightarrow> st (insertwithkey f k x t)"
krauss@26192
   297
  by (auto simp: insertwithkey_def)
krauss@26192
   298
krauss@26192
   299
theorem insertwk_isrbt: 
krauss@26192
   300
  assumes inv: "isrbt t" 
krauss@26192
   301
  shows "isrbt (insertwithkey f k x t)"
krauss@26192
   302
using assms
krauss@26192
   303
unfolding insertwithkey_def isrbt_def
krauss@26192
   304
by (auto simp: ins_inv1_inv2)
krauss@26192
   305
krauss@26192
   306
lemma map_of_insertwk: 
krauss@26192
   307
  assumes "st t"
krauss@26192
   308
  shows "map_of (insertwithkey f k v t) x = ((map_of t)(k |-> case map_of t k of None \<Rightarrow> v 
krauss@26192
   309
                                                       | Some w \<Rightarrow> f k w v)) x"
krauss@26192
   310
unfolding insertwithkey_def using assms
krauss@26192
   311
by (simp add:map_of_ins)
krauss@26192
   312
krauss@26192
   313
definition
krauss@26192
   314
  insertw_def: "insertwith f = insertwithkey (\<lambda>_. f)"
krauss@26192
   315
krauss@26192
   316
lemma insertw_st: "st t \<Longrightarrow> st (insertwith f k v t)" by (simp add: insertwk_st insertw_def)
krauss@26192
   317
theorem insertw_isrbt: "isrbt t \<Longrightarrow> isrbt (insertwith f k v t)" by (simp add: insertwk_isrbt insertw_def)
krauss@26192
   318
krauss@26192
   319
lemma map_of_insertw:
krauss@26192
   320
  assumes "isrbt t"
krauss@26192
   321
  shows "map_of (insertwith f k v t) = (map_of t)(k \<mapsto> (if k:dom (map_of t) then f (the (map_of t k)) v else v))"
krauss@26192
   322
using assms
krauss@26192
   323
unfolding insertw_def
krauss@26192
   324
by (rule_tac ext) (cases "map_of t k", auto simp:map_of_insertwk dom_def)
krauss@26192
   325
krauss@26192
   326
krauss@26192
   327
definition
krauss@26192
   328
  "insrt k v t = insertwithkey (\<lambda>_ _ nv. nv) k v t"
krauss@26192
   329
krauss@26192
   330
lemma insrt_st: "st t \<Longrightarrow> st (insrt k v t)" by (simp add: insertwk_st insrt_def)
krauss@26192
   331
theorem insrt_isrbt: "isrbt t \<Longrightarrow> isrbt (insrt k v t)" by (simp add: insertwk_isrbt insrt_def)
krauss@26192
   332
krauss@26192
   333
lemma map_of_insert: 
krauss@26192
   334
  assumes "isrbt t"
krauss@26192
   335
  shows "map_of (insrt k v t) = (map_of t)(k\<mapsto>v)"
krauss@26192
   336
unfolding insrt_def
krauss@26192
   337
using assms
krauss@26192
   338
by (rule_tac ext) (simp add: map_of_insertwk split:option.split)
krauss@26192
   339
krauss@26192
   340
krauss@26192
   341
subsection {* Deletion *}
krauss@26192
   342
krauss@26192
   343
lemma bh_paintR'[simp]: "treec t = B \<Longrightarrow> bh (paint R t) = bh t - 1"
krauss@26192
   344
by (cases t rule: rbt_cases) auto
krauss@26192
   345
krauss@26192
   346
fun
krauss@26192
   347
  balleft :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   348
where
krauss@26192
   349
  "balleft (Tr R a k x b) s y c = Tr R (Tr B a k x b) s y c" |
krauss@26192
   350
  "balleft bl k x (Tr B a s y b) = balance bl k x (Tr R a s y b)" |
krauss@26192
   351
  "balleft bl k x (Tr R (Tr B a s y b) t z c) = Tr R (Tr B bl k x a) s y (balance b t z (paint R c))" |
krauss@26192
   352
  "balleft t k x s = Empty"
krauss@26192
   353
krauss@26192
   354
lemma balleft_inv2_with_inv1:
krauss@26192
   355
  assumes "inv2 lt" "inv2 rt" "bh lt + 1 = bh rt" "inv1 rt"
krauss@26192
   356
  shows "bh (balleft lt k v rt) = bh lt + 1"
krauss@26192
   357
  and   "inv2 (balleft lt k v rt)"
krauss@26192
   358
using assms 
krauss@26192
   359
by (induct lt k v rt rule: balleft.induct) (auto simp: balance_inv2 balance_bh)
krauss@26192
   360
krauss@26192
   361
lemma balleft_inv2_app: 
krauss@26192
   362
  assumes "inv2 lt" "inv2 rt" "bh lt + 1 = bh rt" "treec rt = B"
krauss@26192
   363
  shows "inv2 (balleft lt k v rt)" 
krauss@26192
   364
        "bh (balleft lt k v rt) = bh rt"
krauss@26192
   365
using assms 
krauss@26192
   366
by (induct lt k v rt rule: balleft.induct) (auto simp add: balance_inv2 balance_bh)+ 
krauss@26192
   367
krauss@26192
   368
lemma balleft_inv1: "\<lbrakk>inv1l a; inv1 b; treec b = B\<rbrakk> \<Longrightarrow> inv1 (balleft a k x b)"
krauss@26192
   369
  by (induct a k x b rule: balleft.induct) (simp add: balance_inv1)+
krauss@26192
   370
krauss@26192
   371
lemma balleft_inv1l: "\<lbrakk> inv1l lt; inv1 rt \<rbrakk> \<Longrightarrow> inv1l (balleft lt k x rt)"
krauss@26192
   372
by (induct lt k x rt rule: balleft.induct) (auto simp: balance_inv1)
krauss@26192
   373
krauss@26192
   374
lemma balleft_st: "\<lbrakk> st l; st r; tlt k l; tgt k r \<rbrakk> \<Longrightarrow> st (balleft l k v r)"
krauss@26192
   375
apply (induct l k v r rule: balleft.induct)
krauss@26192
   376
apply (auto simp: balance_st)
krauss@26192
   377
apply (unfold tgt_prop tlt_prop)
krauss@26192
   378
by force+
krauss@26192
   379
krauss@26192
   380
lemma balleft_tgt: 
krauss@26192
   381
  fixes k :: "'a::order"
krauss@26192
   382
  assumes "k \<guillemotleft>| a" "k \<guillemotleft>| b" "k < x" 
krauss@26192
   383
  shows "k \<guillemotleft>| balleft a x t b"
krauss@26192
   384
using assms 
krauss@26192
   385
by (induct a x t b rule: balleft.induct) auto
krauss@26192
   386
krauss@26192
   387
lemma balleft_tlt: 
krauss@26192
   388
  fixes k :: "'a::order"
krauss@26192
   389
  assumes "a |\<guillemotleft> k" "b |\<guillemotleft> k" "x < k" 
krauss@26192
   390
  shows "balleft a x t b |\<guillemotleft> k"
krauss@26192
   391
using assms
krauss@26192
   392
by (induct a x t b rule: balleft.induct) auto
krauss@26192
   393
krauss@26192
   394
lemma balleft_pit: 
krauss@26192
   395
  assumes "inv1l l" "inv1 r" "bh l + 1 = bh r"
krauss@26192
   396
  shows "pin_tree k v (balleft l a b r) = (pin_tree k v l \<or> k = a \<and> v = b \<or> pin_tree k v r)"
krauss@26192
   397
using assms 
krauss@26192
   398
by (induct l k v r rule: balleft.induct) (auto simp: balance_pit)
krauss@26192
   399
krauss@26192
   400
fun
krauss@26192
   401
  balright :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   402
where
krauss@26192
   403
  "balright a k x (Tr R b s y c) = Tr R a k x (Tr B b s y c)" |
krauss@26192
   404
  "balright (Tr B a k x b) s y bl = balance (Tr R a k x b) s y bl" |
krauss@26192
   405
  "balright (Tr R a k x (Tr B b s y c)) t z bl = Tr R (balance (paint R a) k x b) s y (Tr B c t z bl)" |
krauss@26192
   406
  "balright t k x s = Empty"
krauss@26192
   407
krauss@26192
   408
lemma balright_inv2_with_inv1:
krauss@26192
   409
  assumes "inv2 lt" "inv2 rt" "bh lt = bh rt + 1" "inv1 lt"
krauss@26192
   410
  shows "inv2 (balright lt k v rt) \<and> bh (balright lt k v rt) = bh lt"
krauss@26192
   411
using assms
krauss@26192
   412
by (induct lt k v rt rule: balright.induct) (auto simp: balance_inv2 balance_bh)
krauss@26192
   413
krauss@26192
   414
lemma balright_inv1: "\<lbrakk>inv1 a; inv1l b; treec a = B\<rbrakk> \<Longrightarrow> inv1 (balright a k x b)"
krauss@26192
   415
by (induct a k x b rule: balright.induct) (simp add: balance_inv1)+
krauss@26192
   416
krauss@26192
   417
lemma balright_inv1l: "\<lbrakk> inv1 lt; inv1l rt \<rbrakk> \<Longrightarrow>inv1l (balright lt k x rt)"
krauss@26192
   418
by (induct lt k x rt rule: balright.induct) (auto simp: balance_inv1)
krauss@26192
   419
krauss@26192
   420
lemma balright_st: "\<lbrakk> st l; st r; tlt k l; tgt k r \<rbrakk> \<Longrightarrow> st (balright l k v r)"
krauss@26192
   421
apply (induct l k v r rule: balright.induct)
krauss@26192
   422
apply (auto simp:balance_st)
krauss@26192
   423
apply (unfold tlt_prop tgt_prop)
krauss@26192
   424
by force+
krauss@26192
   425
krauss@26192
   426
lemma balright_tgt: 
krauss@26192
   427
  fixes k :: "'a::order"
krauss@26192
   428
  assumes "k \<guillemotleft>| a" "k \<guillemotleft>| b" "k < x" 
krauss@26192
   429
  shows "k \<guillemotleft>| balright a x t b"
krauss@26192
   430
using assms by (induct a x t b rule: balright.induct) auto
krauss@26192
   431
krauss@26192
   432
lemma balright_tlt: 
krauss@26192
   433
  fixes k :: "'a::order"
krauss@26192
   434
  assumes "a |\<guillemotleft> k" "b |\<guillemotleft> k" "x < k" 
krauss@26192
   435
  shows "balright a x t b |\<guillemotleft> k"
krauss@26192
   436
using assms by (induct a x t b rule: balright.induct) auto
krauss@26192
   437
krauss@26192
   438
lemma balright_pit:
krauss@26192
   439
  assumes "inv1 l" "inv1l r" "bh l = bh r + 1" "inv2 l" "inv2 r"
krauss@26192
   440
  shows "pin_tree x y (balright l k v r) = (pin_tree x y l \<or> x = k \<and> y = v \<or> pin_tree x y r)"
krauss@26192
   441
using assms by (induct l k v r rule: balright.induct) (auto simp: balance_pit)
krauss@26192
   442
krauss@26192
   443
krauss@26192
   444
text {* app *}
krauss@26192
   445
krauss@26192
   446
fun
krauss@26192
   447
  app :: "('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   448
where
krauss@26192
   449
  "app Empty x = x" 
krauss@26192
   450
| "app x Empty = x" 
krauss@26192
   451
| "app (Tr R a k x b) (Tr R c s y d) = (case (app b c) of
krauss@26192
   452
                                      Tr R b2 t z c2 \<Rightarrow> (Tr R (Tr R a k x b2) t z (Tr R c2 s y d)) |
krauss@26192
   453
                                      bc \<Rightarrow> Tr R a k x (Tr R bc s y d))" 
krauss@26192
   454
| "app (Tr B a k x b) (Tr B c s y d) = (case (app b c) of
krauss@26192
   455
                                      Tr R b2 t z c2 \<Rightarrow> Tr R (Tr B a k x b2) t z (Tr B c2 s y d) |
krauss@26192
   456
                                      bc \<Rightarrow> balleft a k x (Tr B bc s y d))" 
krauss@26192
   457
| "app a (Tr R b k x c) = Tr R (app a b) k x c" 
krauss@26192
   458
| "app (Tr R a k x b) c = Tr R a k x (app b c)" 
krauss@26192
   459
krauss@26192
   460
lemma app_inv2:
krauss@26192
   461
  assumes "inv2 lt" "inv2 rt" "bh lt = bh rt"
krauss@26192
   462
  shows "bh (app lt rt) = bh lt" "inv2 (app lt rt)"
krauss@26192
   463
using assms 
krauss@26192
   464
by (induct lt rt rule: app.induct) 
krauss@26192
   465
   (auto simp: balleft_inv2_app split: rbt.splits color.splits)
krauss@26192
   466
krauss@26192
   467
lemma app_inv1: 
krauss@26192
   468
  assumes "inv1 lt" "inv1 rt"
krauss@26192
   469
  shows "treec lt = B \<Longrightarrow> treec rt = B \<Longrightarrow> inv1 (app lt rt)"
krauss@26192
   470
         "inv1l (app lt rt)"
krauss@26192
   471
using assms 
krauss@26192
   472
by (induct lt rt rule: app.induct)
krauss@26192
   473
   (auto simp: balleft_inv1 split: rbt.splits color.splits)
krauss@26192
   474
krauss@26192
   475
lemma app_tgt[simp]: 
krauss@26192
   476
  fixes k :: "'a::linorder"
krauss@26192
   477
  assumes "k \<guillemotleft>| l" "k \<guillemotleft>| r" 
krauss@26192
   478
  shows "k \<guillemotleft>| app l r"
krauss@26192
   479
using assms 
krauss@26192
   480
by (induct l r rule: app.induct)
krauss@26192
   481
   (auto simp: balleft_tgt split:rbt.splits color.splits)
krauss@26192
   482
krauss@26192
   483
lemma app_tlt[simp]: 
krauss@26192
   484
  fixes k :: "'a::linorder"
krauss@26192
   485
  assumes "l |\<guillemotleft> k" "r |\<guillemotleft> k" 
krauss@26192
   486
  shows "app l r |\<guillemotleft> k"
krauss@26192
   487
using assms 
krauss@26192
   488
by (induct l r rule: app.induct)
krauss@26192
   489
   (auto simp: balleft_tlt split:rbt.splits color.splits)
krauss@26192
   490
krauss@26192
   491
lemma app_st: 
krauss@26192
   492
  fixes k :: "'a::linorder"
krauss@26192
   493
  assumes "st l" "st r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
krauss@26192
   494
  shows "st (app l r)"
krauss@26192
   495
using assms proof (induct l r rule: app.induct)
krauss@26192
   496
  case (3 a x v b c y w d)
krauss@26192
   497
  hence ineqs: "a |\<guillemotleft> x" "x \<guillemotleft>| b" "b |\<guillemotleft> k" "k \<guillemotleft>| c" "c |\<guillemotleft> y" "y \<guillemotleft>| d"
krauss@26192
   498
    by auto
krauss@26192
   499
  with 3
krauss@26192
   500
  show ?case
krauss@26192
   501
    apply (cases "app b c" rule: rbt_cases)
krauss@26192
   502
    apply auto
krauss@26192
   503
    by (metis app_tgt app_tlt ineqs ineqs tlt.simps(2) tgt.simps(2) tgt_trans tlt_trans)+
krauss@26192
   504
next
krauss@26192
   505
  case (4 a x v b c y w d)
krauss@26192
   506
  hence "x < k \<and> tgt k c" by simp
krauss@26192
   507
  hence "tgt x c" by (blast dest: tgt_trans)
krauss@26192
   508
  with 4 have 2: "tgt x (app b c)" by (simp add: app_tgt)
krauss@26192
   509
  from 4 have "k < y \<and> tlt k b" by simp
krauss@26192
   510
  hence "tlt y b" by (blast dest: tlt_trans)
krauss@26192
   511
  with 4 have 3: "tlt y (app b c)" by (simp add: app_tlt)
krauss@26192
   512
  show ?case
krauss@26192
   513
  proof (cases "app b c" rule: rbt_cases)
krauss@26192
   514
    case Empty
krauss@26192
   515
    from 4 have "x < y \<and> tgt y d" by auto
krauss@26192
   516
    hence "tgt x d" by (blast dest: tgt_trans)
krauss@26192
   517
    with 4 Empty have "st a" and "st (Tr B Empty y w d)" and "tlt x a" and "tgt x (Tr B Empty y w d)" by auto
krauss@26192
   518
    with Empty show ?thesis by (simp add: balleft_st)
krauss@26192
   519
  next
krauss@26192
   520
    case (Red lta va ka rta)
krauss@26192
   521
    with 2 4 have "x < va \<and> tlt x a" by simp
krauss@26192
   522
    hence 5: "tlt va a" by (blast dest: tlt_trans)
krauss@26192
   523
    from Red 3 4 have "va < y \<and> tgt y d" by simp
krauss@26192
   524
    hence "tgt va d" by (blast dest: tgt_trans)
krauss@26192
   525
    with Red 2 3 4 5 show ?thesis by simp
krauss@26192
   526
  next
krauss@26192
   527
    case (Black lta va ka rta)
krauss@26192
   528
    from 4 have "x < y \<and> tgt y d" by auto
krauss@26192
   529
    hence "tgt x d" by (blast dest: tgt_trans)
krauss@26192
   530
    with Black 2 3 4 have "st a" and "st (Tr B (app b c) y w d)" and "tlt x a" and "tgt x (Tr B (app b c) y w d)" by auto
krauss@26192
   531
    with Black show ?thesis by (simp add: balleft_st)
krauss@26192
   532
  qed
krauss@26192
   533
next
krauss@26192
   534
  case (5 va vb vd vc b x w c)
krauss@26192
   535
  hence "k < x \<and> tlt k (Tr B va vb vd vc)" by simp
krauss@26192
   536
  hence "tlt x (Tr B va vb vd vc)" by (blast dest: tlt_trans)
krauss@26192
   537
  with 5 show ?case by (simp add: app_tlt)
krauss@26192
   538
next
krauss@26192
   539
  case (6 a x v b va vb vd vc)
krauss@26192
   540
  hence "x < k \<and> tgt k (Tr B va vb vd vc)" by simp
krauss@26192
   541
  hence "tgt x (Tr B va vb vd vc)" by (blast dest: tgt_trans)
krauss@26192
   542
  with 6 show ?case by (simp add: app_tgt)
krauss@26192
   543
qed simp+
krauss@26192
   544
krauss@26192
   545
lemma app_pit: 
krauss@26192
   546
  assumes "inv2 l" "inv2 r" "bh l = bh r" "inv1 l" "inv1 r"
krauss@26192
   547
  shows "pin_tree k v (app l r) = (pin_tree k v l \<or> pin_tree k v r)"
krauss@26192
   548
using assms 
krauss@26192
   549
proof (induct l r rule: app.induct)
krauss@26192
   550
  case (4 _ _ _ b c)
krauss@26192
   551
  hence a: "bh (app b c) = bh b" by (simp add: app_inv2)
krauss@26192
   552
  from 4 have b: "inv1l (app b c)" by (simp add: app_inv1)
krauss@26192
   553
krauss@26192
   554
  show ?case
krauss@26192
   555
  proof (cases "app b c" rule: rbt_cases)
krauss@26192
   556
    case Empty
krauss@26192
   557
    with 4 a show ?thesis by (auto simp: balleft_pit)
krauss@26192
   558
  next
krauss@26192
   559
    case (Red lta ka va rta)
krauss@26192
   560
    with 4 show ?thesis by auto
krauss@26192
   561
  next
krauss@26192
   562
    case (Black lta ka va rta)
krauss@26192
   563
    with a b 4  show ?thesis by (auto simp: balleft_pit)
krauss@26192
   564
  qed 
krauss@26192
   565
qed (auto split: rbt.splits color.splits)
krauss@26192
   566
krauss@26192
   567
fun
krauss@26192
   568
  delformLeft :: "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt" and
krauss@26192
   569
  delformRight :: "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt" and
krauss@26192
   570
  del :: "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   571
where
krauss@26192
   572
  "del x Empty = Empty" |
krauss@26192
   573
  "del x (Tr c a y s b) = (if x < y then delformLeft x a y s b else (if x > y then delformRight x a y s b else app a b))" |
krauss@26192
   574
  "delformLeft x (Tr B lt z v rt) y s b = balleft (del x (Tr B lt z v rt)) y s b" |
krauss@26192
   575
  "delformLeft x a y s b = Tr R (del x a) y s b" |
krauss@26192
   576
  "delformRight x a y s (Tr B lt z v rt) = balright a y s (del x (Tr B lt z v rt))" | 
krauss@26192
   577
  "delformRight x a y s b = Tr R a y s (del x b)"
krauss@26192
   578
krauss@26192
   579
lemma 
krauss@26192
   580
  assumes "inv2 lt" "inv1 lt"
krauss@26192
   581
  shows
krauss@26192
   582
  "\<lbrakk>inv2 rt; bh lt = bh rt; inv1 rt\<rbrakk> \<Longrightarrow>
krauss@26192
   583
  inv2 (delformLeft x lt k v rt) \<and> bh (delformLeft x lt k v rt) = bh lt \<and> (treec lt = B \<and> treec rt = B \<and> inv1 (delformLeft x lt k v rt) \<or> (treec lt \<noteq> B \<or> treec rt \<noteq> B) \<and> inv1l (delformLeft x lt k v rt))"
krauss@26192
   584
  and "\<lbrakk>inv2 rt; bh lt = bh rt; inv1 rt\<rbrakk> \<Longrightarrow>
krauss@26192
   585
  inv2 (delformRight x lt k v rt) \<and> bh (delformRight x lt k v rt) = bh lt \<and> (treec lt = B \<and> treec rt = B \<and> inv1 (delformRight x lt k v rt) \<or> (treec lt \<noteq> B \<or> treec rt \<noteq> B) \<and> inv1l (delformRight x lt k v rt))"
krauss@26192
   586
  and del_inv1_inv2: "inv2 (del x lt) \<and> (treec lt = R \<and> bh (del x lt) = bh lt \<and> inv1 (del x lt) 
krauss@26192
   587
  \<or> treec lt = B \<and> bh (del x lt) = bh lt - 1 \<and> inv1l (del x lt))"
krauss@26192
   588
using assms
krauss@26192
   589
proof (induct x lt k v rt and x lt k v rt and x lt rule: delformLeft_delformRight_del.induct)
krauss@26192
   590
case (2 y c _ y')
krauss@26192
   591
  have "y = y' \<or> y < y' \<or> y > y'" by auto
krauss@26192
   592
  thus ?case proof (elim disjE)
krauss@26192
   593
    assume "y = y'"
krauss@26192
   594
    with 2 show ?thesis by (cases c) (simp add: app_inv2 app_inv1)+
krauss@26192
   595
  next
krauss@26192
   596
    assume "y < y'"
krauss@26192
   597
    with 2 show ?thesis by (cases c) auto
krauss@26192
   598
  next
krauss@26192
   599
    assume "y' < y"
krauss@26192
   600
    with 2 show ?thesis by (cases c) auto
krauss@26192
   601
  qed
krauss@26192
   602
next
krauss@26192
   603
  case (3 y lt z v rta y' ss bb) 
krauss@26192
   604
  thus ?case by (cases "treec (Tr B lt z v rta) = B \<and> treec bb = B") (simp add: balleft_inv2_with_inv1 balleft_inv1 balleft_inv1l)+
krauss@26192
   605
next
krauss@26192
   606
  case (5 y a y' ss lt z v rta)
krauss@26192
   607
  thus ?case by (cases "treec a = B \<and> treec (Tr B lt z v rta) = B") (simp add: balright_inv2_with_inv1 balright_inv1 balright_inv1l)+
krauss@26192
   608
next
krauss@26192
   609
  case ("6_1" y a y' ss) thus ?case by (cases "treec a = B \<and> treec Empty = B") simp+
krauss@26192
   610
qed auto
krauss@26192
   611
krauss@26192
   612
lemma 
krauss@26192
   613
  delformLeft_tlt: "\<lbrakk>tlt v lt; tlt v rt; k < v\<rbrakk> \<Longrightarrow> tlt v (delformLeft x lt k y rt)"
krauss@26192
   614
  and delformRight_tlt: "\<lbrakk>tlt v lt; tlt v rt; k < v\<rbrakk> \<Longrightarrow> tlt v (delformRight x lt k y rt)"
krauss@26192
   615
  and del_tlt: "tlt v lt \<Longrightarrow> tlt v (del x lt)"
krauss@26192
   616
by (induct x lt k y rt and x lt k y rt and x lt rule: delformLeft_delformRight_del.induct) 
krauss@26192
   617
   (auto simp: balleft_tlt balright_tlt)
krauss@26192
   618
krauss@26192
   619
lemma delformLeft_tgt: "\<lbrakk>tgt v lt; tgt v rt; k > v\<rbrakk> \<Longrightarrow> tgt v (delformLeft x lt k y rt)"
krauss@26192
   620
  and delformRight_tgt: "\<lbrakk>tgt v lt; tgt v rt; k > v\<rbrakk> \<Longrightarrow> tgt v (delformRight x lt k y rt)"
krauss@26192
   621
  and del_tgt: "tgt v lt \<Longrightarrow> tgt v (del x lt)"
krauss@26192
   622
by (induct x lt k y rt and x lt k y rt and x lt rule: delformLeft_delformRight_del.induct)
krauss@26192
   623
   (auto simp: balleft_tgt balright_tgt)
krauss@26192
   624
krauss@26192
   625
lemma "\<lbrakk>st lt; st rt; tlt k lt; tgt k rt\<rbrakk> \<Longrightarrow> st (delformLeft x lt k y rt)"
krauss@26192
   626
  and "\<lbrakk>st lt; st rt; tlt k lt; tgt k rt\<rbrakk> \<Longrightarrow> st (delformRight x lt k y rt)"
krauss@26192
   627
  and del_st: "st lt \<Longrightarrow> st (del x lt)"
krauss@26192
   628
proof (induct x lt k y rt and x lt k y rt and x lt rule: delformLeft_delformRight_del.induct)
krauss@26192
   629
  case (3 x lta zz v rta yy ss bb)
krauss@26192
   630
  from 3 have "tlt yy (Tr B lta zz v rta)" by simp
krauss@26192
   631
  hence "tlt yy (del x (Tr B lta zz v rta))" by (rule del_tlt)
krauss@26192
   632
  with 3 show ?case by (simp add: balleft_st)
krauss@26192
   633
next
krauss@26192
   634
  case ("4_2" x vaa vbb vdd vc yy ss bb)
krauss@26192
   635
  hence "tlt yy (Tr R vaa vbb vdd vc)" by simp
krauss@26192
   636
  hence "tlt yy (del x (Tr R vaa vbb vdd vc))" by (rule del_tlt)
krauss@26192
   637
  with "4_2" show ?case by simp
krauss@26192
   638
next
krauss@26192
   639
  case (5 x aa yy ss lta zz v rta) 
krauss@26192
   640
  hence "tgt yy (Tr B lta zz v rta)" by simp
krauss@26192
   641
  hence "tgt yy (del x (Tr B lta zz v rta))" by (rule del_tgt)
krauss@26192
   642
  with 5 show ?case by (simp add: balright_st)
krauss@26192
   643
next
krauss@26192
   644
  case ("6_2" x aa yy ss vaa vbb vdd vc)
krauss@26192
   645
  hence "tgt yy (Tr R vaa vbb vdd vc)" by simp
krauss@26192
   646
  hence "tgt yy (del x (Tr R vaa vbb vdd vc))" by (rule del_tgt)
krauss@26192
   647
  with "6_2" show ?case by simp
krauss@26192
   648
qed (auto simp: app_st)
krauss@26192
   649
krauss@26192
   650
lemma "\<lbrakk>st lt; st rt; tlt kt lt; tgt kt rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bh lt = bh rt; x < kt\<rbrakk> \<Longrightarrow> pin_tree k v (delformLeft x lt kt y rt) = (False \<or> (x \<noteq> k \<and> pin_tree k v (Tr c lt kt y rt)))"
krauss@26192
   651
  and "\<lbrakk>st lt; st rt; tlt kt lt; tgt kt rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bh lt = bh rt; x > kt\<rbrakk> \<Longrightarrow> pin_tree k v (delformRight x lt kt y rt) = (False \<or> (x \<noteq> k \<and> pin_tree k v (Tr c lt kt y rt)))"
krauss@26192
   652
  and del_pit: "\<lbrakk>st t; inv1 t; inv2 t\<rbrakk> \<Longrightarrow> pin_tree k v (del x t) = (False \<or> (x \<noteq> k \<and> pin_tree k v t))"
krauss@26192
   653
proof (induct x lt kt y rt and x lt kt y rt and x t rule: delformLeft_delformRight_del.induct)
krauss@26192
   654
  case (2 xx c aa yy ss bb)
krauss@26192
   655
  have "xx = yy \<or> xx < yy \<or> xx > yy" by auto
krauss@26192
   656
  from this 2 show ?case proof (elim disjE)
krauss@26192
   657
    assume "xx = yy"
krauss@26192
   658
    with 2 show ?thesis proof (cases "xx = k")
krauss@26192
   659
      case True
krauss@26192
   660
      from 2 `xx = yy` `xx = k` have "st (Tr c aa yy ss bb) \<and> k = yy" by simp
krauss@26192
   661
      hence "\<not> pin_tree k v aa" "\<not> pin_tree k v bb" by (auto simp: tlt_nit tgt_prop)
krauss@26192
   662
      with `xx = yy` 2 `xx = k` show ?thesis by (simp add: app_pit)
krauss@26192
   663
    qed (simp add: app_pit)
krauss@26192
   664
  qed simp+
krauss@26192
   665
next    
krauss@26192
   666
  case (3 xx lta zz vv rta yy ss bb)
krauss@26192
   667
  def mt[simp]: mt == "Tr B lta zz vv rta"
krauss@26192
   668
  from 3 have "inv2 mt \<and> inv1 mt" by simp
krauss@26192
   669
  hence "inv2 (del xx mt) \<and> (treec mt = R \<and> bh (del xx mt) = bh mt \<and> inv1 (del xx mt) \<or> treec mt = B \<and> bh (del xx mt) = bh mt - 1 \<and> inv1l (del xx mt))" by (blast dest: del_inv1_inv2)
krauss@26192
   670
  with 3 have 4: "pin_tree k v (delformLeft xx mt yy ss bb) = (False \<or> xx \<noteq> k \<and> pin_tree k v mt \<or> (k = yy \<and> v = ss) \<or> pin_tree k v bb)" by (simp add: balleft_pit)
krauss@26192
   671
  thus ?case proof (cases "xx = k")
krauss@26192
   672
    case True
krauss@26192
   673
    from 3 True have "tgt yy bb \<and> yy > k" by simp
krauss@26192
   674
    hence "tgt k bb" by (blast dest: tgt_trans)
krauss@26192
   675
    with 3 4 True show ?thesis by (auto simp: tgt_nit)
krauss@26192
   676
  qed auto
krauss@26192
   677
next
krauss@26192
   678
  case ("4_1" xx yy ss bb)
krauss@26192
   679
  show ?case proof (cases "xx = k")
krauss@26192
   680
    case True
krauss@26192
   681
    with "4_1" have "tgt yy bb \<and> k < yy" by simp
krauss@26192
   682
    hence "tgt k bb" by (blast dest: tgt_trans)
krauss@26192
   683
    with "4_1" `xx = k` 
krauss@26192
   684
   have "pin_tree k v (Tr R Empty yy ss bb) = pin_tree k v Empty" by (auto simp: tgt_nit)
krauss@26192
   685
    thus ?thesis by auto
krauss@26192
   686
  qed simp+
krauss@26192
   687
next
krauss@26192
   688
  case ("4_2" xx vaa vbb vdd vc yy ss bb)
krauss@26192
   689
  thus ?case proof (cases "xx = k")
krauss@26192
   690
    case True
krauss@26192
   691
    with "4_2" have "k < yy \<and> tgt yy bb" by simp
krauss@26192
   692
    hence "tgt k bb" by (blast dest: tgt_trans)
krauss@26192
   693
    with True "4_2" show ?thesis by (auto simp: tgt_nit)
krauss@26192
   694
  qed simp
krauss@26192
   695
next
krauss@26192
   696
  case (5 xx aa yy ss lta zz vv rta)
krauss@26192
   697
  def mt[simp]: mt == "Tr B lta zz vv rta"
krauss@26192
   698
  from 5 have "inv2 mt \<and> inv1 mt" by simp
krauss@26192
   699
  hence "inv2 (del xx mt) \<and> (treec mt = R \<and> bh (del xx mt) = bh mt \<and> inv1 (del xx mt) \<or> treec mt = B \<and> bh (del xx mt) = bh mt - 1 \<and> inv1l (del xx mt))" by (blast dest: del_inv1_inv2)
krauss@26192
   700
  with 5 have 3: "pin_tree k v (delformRight xx aa yy ss mt) = (pin_tree k v aa \<or> (k = yy \<and> v = ss) \<or> False \<or> xx \<noteq> k \<and> pin_tree k v mt)" by (simp add: balright_pit)
krauss@26192
   701
  thus ?case proof (cases "xx = k")
krauss@26192
   702
    case True
krauss@26192
   703
    from 5 True have "tlt yy aa \<and> yy < k" by simp
krauss@26192
   704
    hence "tlt k aa" by (blast dest: tlt_trans)
krauss@26192
   705
    with 3 5 True show ?thesis by (auto simp: tlt_nit)
krauss@26192
   706
  qed auto
krauss@26192
   707
next
krauss@26192
   708
  case ("6_1" xx aa yy ss)
krauss@26192
   709
  show ?case proof (cases "xx = k")
krauss@26192
   710
    case True
krauss@26192
   711
    with "6_1" have "tlt yy aa \<and> k > yy" by simp
krauss@26192
   712
    hence "tlt k aa" by (blast dest: tlt_trans)
krauss@26192
   713
    with "6_1" `xx = k` show ?thesis by (auto simp: tlt_nit)
krauss@26192
   714
  qed simp
krauss@26192
   715
next
krauss@26192
   716
  case ("6_2" xx aa yy ss vaa vbb vdd vc)
krauss@26192
   717
  thus ?case proof (cases "xx = k")
krauss@26192
   718
    case True
krauss@26192
   719
    with "6_2" have "k > yy \<and> tlt yy aa" by simp
krauss@26192
   720
    hence "tlt k aa" by (blast dest: tlt_trans)
krauss@26192
   721
    with True "6_2" show ?thesis by (auto simp: tlt_nit)
krauss@26192
   722
  qed simp
krauss@26192
   723
qed simp
krauss@26192
   724
krauss@26192
   725
krauss@26192
   726
definition delete where
krauss@26192
   727
  delete_def: "delete k t = paint B (del k t)"
krauss@26192
   728
krauss@26192
   729
theorem delete_isrbt[simp]: assumes "isrbt t" shows "isrbt (delete k t)"
krauss@26192
   730
proof -
krauss@26192
   731
  from assms have "inv2 t" and "inv1 t" unfolding isrbt_def by auto 
krauss@26192
   732
  hence "inv2 (del k t) \<and> (treec t = R \<and> bh (del k t) = bh t \<and> inv1 (del k t) \<or> treec t = B \<and> bh (del k t) = bh t - 1 \<and> inv1l (del k t))" by (rule del_inv1_inv2)
krauss@26192
   733
  hence "inv2 (del k t) \<and> inv1l (del k t)" by (cases "treec t") auto
krauss@26192
   734
  with assms show ?thesis
krauss@26192
   735
    unfolding isrbt_def delete_def
krauss@26192
   736
    by (auto intro: paint_st del_st)
krauss@26192
   737
qed
krauss@26192
   738
krauss@26192
   739
lemma delete_pit: 
krauss@26192
   740
  assumes "isrbt t" 
krauss@26192
   741
  shows "pin_tree k v (delete x t) = (x \<noteq> k \<and> pin_tree k v t)"
krauss@26192
   742
  using assms unfolding isrbt_def delete_def
krauss@26192
   743
  by (auto simp: del_pit)
krauss@26192
   744
krauss@26192
   745
lemma map_of_delete:
krauss@26192
   746
  assumes isrbt: "isrbt t"
krauss@26192
   747
  shows "map_of (delete k t) = (map_of t)|`(-{k})"
krauss@26192
   748
proof
krauss@26192
   749
  fix x
krauss@26192
   750
  show "map_of (delete k t) x = (map_of t |` (-{k})) x" 
krauss@26192
   751
  proof (cases "x = k")
krauss@26192
   752
    assume "x = k" 
krauss@26192
   753
    with isrbt show ?thesis
krauss@26192
   754
      by (cases "map_of (delete k t) k") (auto simp: mapof_pit delete_pit)
krauss@26192
   755
  next
krauss@26192
   756
    assume "x \<noteq> k"
krauss@26192
   757
    thus ?thesis
krauss@26192
   758
      by auto (metis isrbt delete_isrbt delete_pit isrbt_st mapof_from_pit)
krauss@26192
   759
  qed
krauss@26192
   760
qed
krauss@26192
   761
krauss@26192
   762
subsection {* Union *}
krauss@26192
   763
krauss@26192
   764
primrec
krauss@26192
   765
  unionwithkey :: "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   766
where
krauss@26192
   767
  "unionwithkey f t Empty = t"
krauss@26192
   768
| "unionwithkey f t (Tr c lt k v rt) = unionwithkey f (unionwithkey f (insertwithkey f k v t) lt) rt"
krauss@26192
   769
krauss@26192
   770
lemma unionwk_st: "st lt \<Longrightarrow> st (unionwithkey f lt rt)" 
krauss@26192
   771
  by (induct rt arbitrary: lt) (auto simp: insertwk_st)
krauss@26192
   772
theorem unionwk_isrbt[simp]: "isrbt lt \<Longrightarrow> isrbt (unionwithkey f lt rt)" 
krauss@26192
   773
  by (induct rt arbitrary: lt) (simp add: insertwk_isrbt)+
krauss@26192
   774
krauss@26192
   775
definition
krauss@26192
   776
  unionwith where
krauss@26192
   777
  "unionwith f = unionwithkey (\<lambda>_. f)"
krauss@26192
   778
krauss@26192
   779
theorem unionw_isrbt: "isrbt lt \<Longrightarrow> isrbt (unionwith f lt rt)" unfolding unionwith_def by simp
krauss@26192
   780
krauss@26192
   781
definition union where
krauss@26192
   782
  "union = unionwithkey (%_ _ rv. rv)"
krauss@26192
   783
krauss@26192
   784
theorem union_isrbt: "isrbt lt \<Longrightarrow> isrbt (union lt rt)" unfolding union_def by simp
krauss@26192
   785
krauss@26192
   786
lemma union_Tr[simp]:
krauss@26192
   787
  "union t (Tr c lt k v rt) = union (union (insrt k v t) lt) rt"
krauss@26192
   788
  unfolding union_def insrt_def
krauss@26192
   789
  by simp
krauss@26192
   790
krauss@26192
   791
lemma map_of_union:
krauss@26192
   792
  assumes "isrbt s" "st t"
krauss@26192
   793
  shows "map_of (union s t) = map_of s ++ map_of t"
krauss@26192
   794
using assms
krauss@26192
   795
proof (induct t arbitrary: s)
krauss@26192
   796
  case Empty thus ?case by (auto simp: union_def)
krauss@26192
   797
next
krauss@26192
   798
  case (Tr c l k v r s)
krauss@26192
   799
  hence strl: "st r" "st l" "l |\<guillemotleft> k" "k \<guillemotleft>| r" by auto
krauss@26192
   800
krauss@26192
   801
  have meq: "map_of s(k \<mapsto> v) ++ map_of l ++ map_of r =
krauss@26192
   802
    map_of s ++
krauss@26192
   803
    (\<lambda>a. if a < k then map_of l a
krauss@26192
   804
    else if k < a then map_of r a else Some v)" (is "?m1 = ?m2")
krauss@26192
   805
  proof (rule ext)
krauss@26192
   806
    fix a
krauss@26192
   807
krauss@26192
   808
   have "k < a \<or> k = a \<or> k > a" by auto
krauss@26192
   809
    thus "?m1 a = ?m2 a"
krauss@26192
   810
    proof (elim disjE)
krauss@26192
   811
      assume "k < a"
krauss@26192
   812
      with `l |\<guillemotleft> k` have "l |\<guillemotleft> a" by (rule tlt_trans)
krauss@26192
   813
      with `k < a` show ?thesis
krauss@26192
   814
        by (auto simp: map_add_def split: option.splits)
krauss@26192
   815
    next
krauss@26192
   816
      assume "k = a"
krauss@26192
   817
      with `l |\<guillemotleft> k` `k \<guillemotleft>| r` 
krauss@26192
   818
      show ?thesis by (auto simp: map_add_def)
krauss@26192
   819
    next
krauss@26192
   820
      assume "a < k"
krauss@26192
   821
      from this `k \<guillemotleft>| r` have "a \<guillemotleft>| r" by (rule tgt_trans)
krauss@26192
   822
      with `a < k` show ?thesis
krauss@26192
   823
        by (auto simp: map_add_def split: option.splits)
krauss@26192
   824
    qed
krauss@26192
   825
  qed
krauss@26192
   826
krauss@26192
   827
  from Tr
krauss@26192
   828
  have IHs:
krauss@26192
   829
    "map_of (union (union (insrt k v s) l) r) = map_of (union (insrt k v s) l) ++ map_of r"
krauss@26192
   830
    "map_of (union (insrt k v s) l) = map_of (insrt k v s) ++ map_of l"
krauss@26192
   831
    by (auto intro: union_isrbt insrt_isrbt)
krauss@26192
   832
  
krauss@26192
   833
  with meq show ?case
krauss@26192
   834
    by (auto simp: map_of_insert[OF Tr(3)])
krauss@26192
   835
qed
krauss@26192
   836
krauss@26192
   837
subsection {* Adjust *}
krauss@26192
   838
krauss@26192
   839
primrec
krauss@26192
   840
  adjustwithkey :: "('a \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   841
where
krauss@26192
   842
  "adjustwithkey f k Empty = Empty"
krauss@26192
   843
| "adjustwithkey f k (Tr c lt x v rt) = (if k < x then (Tr c (adjustwithkey f k lt) x v rt) else if k > x then (Tr c lt x v (adjustwithkey f k rt)) else (Tr c lt x (f x v) rt))"
krauss@26192
   844
krauss@26192
   845
lemma adjustwk_treec: "treec (adjustwithkey f k t) = treec t" by (induct t) simp+
krauss@26192
   846
lemma adjustwk_inv1: "inv1 (adjustwithkey f k t) = inv1 t" by (induct t) (simp add: adjustwk_treec)+
krauss@26192
   847
lemma adjustwk_inv2: "inv2 (adjustwithkey f k t) = inv2 t" "bh (adjustwithkey f k t) = bh t" by (induct t) simp+
krauss@26192
   848
lemma adjustwk_tgt: "tgt k (adjustwithkey f kk t) = tgt k t" by (induct t) simp+
krauss@26192
   849
lemma adjustwk_tlt: "tlt k (adjustwithkey f kk t) = tlt k t" by (induct t) simp+
krauss@26192
   850
lemma adjustwk_st: "st (adjustwithkey f k t) = st t" by (induct t) (simp add: adjustwk_tlt adjustwk_tgt)+
krauss@26192
   851
krauss@26192
   852
theorem adjustwk_isrbt[simp]: "isrbt (adjustwithkey f k t) = isrbt t" 
krauss@26192
   853
unfolding isrbt_def by (simp add: adjustwk_inv2 adjustwk_treec adjustwk_st adjustwk_inv1 )
krauss@26192
   854
krauss@26192
   855
theorem adjustwithkey_map[simp]:
krauss@26192
   856
  "map_of (adjustwithkey f k t) x = 
krauss@26192
   857
  (if x = k then case map_of t x of None \<Rightarrow> None | Some y \<Rightarrow> Some (f k y)
krauss@26192
   858
            else map_of t x)"
krauss@26192
   859
by (induct t arbitrary: x) (auto split:option.splits)
krauss@26192
   860
krauss@26192
   861
definition adjust where
krauss@26192
   862
  "adjust f = adjustwithkey (\<lambda>_. f)"
krauss@26192
   863
krauss@26192
   864
theorem adjust_isrbt[simp]: "isrbt (adjust f k t) = isrbt t" unfolding adjust_def by simp
krauss@26192
   865
krauss@26192
   866
theorem adjust_map[simp]:
krauss@26192
   867
  "map_of (adjust f k t) x = 
krauss@26192
   868
  (if x = k then case map_of t x of None \<Rightarrow> None | Some y \<Rightarrow> Some (f y)
krauss@26192
   869
            else map_of t x)"
krauss@26192
   870
unfolding adjust_def by simp
krauss@26192
   871
krauss@26192
   872
subsection {* Map *}
krauss@26192
   873
krauss@26192
   874
primrec
krauss@26192
   875
  mapwithkey :: "('a::linorder \<Rightarrow> 'b \<Rightarrow> 'c) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'c) rbt"
krauss@26192
   876
where
krauss@26192
   877
  "mapwithkey f Empty = Empty"
krauss@26192
   878
| "mapwithkey f (Tr c lt k v rt) = Tr c (mapwithkey f lt) k (f k v) (mapwithkey f rt)"
krauss@26192
   879
krauss@26192
   880
theorem mapwk_keys[simp]: "keys (mapwithkey f t) = keys t" by (induct t) auto
krauss@26192
   881
lemma mapwk_tgt: "tgt k (mapwithkey f t) = tgt k t" by (induct t) simp+
krauss@26192
   882
lemma mapwk_tlt: "tlt k (mapwithkey f t) = tlt k t" by (induct t) simp+
krauss@26192
   883
lemma mapwk_st: "st (mapwithkey f t) = st t"  by (induct t) (simp add: mapwk_tlt mapwk_tgt)+
krauss@26192
   884
lemma mapwk_treec: "treec (mapwithkey f t) = treec t" by (induct t) simp+
krauss@26192
   885
lemma mapwk_inv1: "inv1 (mapwithkey f t) = inv1 t" by (induct t) (simp add: mapwk_treec)+
krauss@26192
   886
lemma mapwk_inv2: "inv2 (mapwithkey f t) = inv2 t" "bh (mapwithkey f t) = bh t" by (induct t) simp+
krauss@26192
   887
theorem mapwk_isrbt[simp]: "isrbt (mapwithkey f t) = isrbt t" 
krauss@26192
   888
unfolding isrbt_def by (simp add: mapwk_inv1 mapwk_inv2 mapwk_st mapwk_treec)
krauss@26192
   889
nipkow@30235
   890
theorem map_of_mapwk[simp]: "map_of (mapwithkey f t) x = Option.map (f x) (map_of t x)"
krauss@26192
   891
by (induct t) auto
krauss@26192
   892
krauss@26192
   893
definition map
krauss@26192
   894
where map_def: "map f == mapwithkey (\<lambda>_. f)"
krauss@26192
   895
krauss@26192
   896
theorem map_keys[simp]: "keys (map f t) = keys t" unfolding map_def by simp
krauss@26192
   897
theorem map_isrbt[simp]: "isrbt (map f t) = isrbt t" unfolding map_def by simp
nipkow@30235
   898
theorem map_of_map[simp]: "map_of (map f t) = Option.map f o map_of t"
krauss@26192
   899
  by (rule ext) (simp add:map_def)
krauss@26192
   900
krauss@26192
   901
subsection {* Fold *}
krauss@26192
   902
krauss@26192
   903
text {* The following is still incomplete... *}
krauss@26192
   904
krauss@26192
   905
primrec
krauss@26192
   906
  foldwithkey :: "('a::linorder \<Rightarrow> 'b \<Rightarrow> 'c \<Rightarrow> 'c) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'c \<Rightarrow> 'c"
krauss@26192
   907
where
krauss@26192
   908
  "foldwithkey f Empty v = v"
krauss@26192
   909
| "foldwithkey f (Tr c lt k x rt) v = foldwithkey f rt (f k x (foldwithkey f lt v))"
krauss@26192
   910
krauss@26192
   911
primrec alist_of
krauss@26192
   912
where 
krauss@26192
   913
  "alist_of Empty = []"
krauss@26192
   914
| "alist_of (Tr _ l k v r) = alist_of l @ (k,v) # alist_of r"
krauss@26192
   915
krauss@32237
   916
lemma map_of_alist_of_aux: "st (Tr c t1 k v t2) \<Longrightarrow> RBT.map_of (Tr c t1 k v t2) = RBT.map_of t2 ++ [k\<mapsto>v] ++ RBT.map_of t1"
krauss@32237
   917
proof (rule ext)
krauss@32237
   918
  fix x
krauss@32237
   919
  assume ST: "st (Tr c t1 k v t2)"
krauss@32237
   920
  let ?thesis = "RBT.map_of (Tr c t1 k v t2) x = (RBT.map_of t2 ++ [k \<mapsto> v] ++ RBT.map_of t1) x"
krauss@32237
   921
krauss@32237
   922
  have DOM_T1: "!!k'. k'\<in>dom (RBT.map_of t1) \<Longrightarrow> k>k'"
krauss@32237
   923
  proof -
krauss@32237
   924
    fix k'
krauss@32237
   925
    from ST have "t1 |\<guillemotleft> k" by simp
krauss@32237
   926
    with tlt_prop have "\<forall>k'\<in>keys t1. k>k'" by auto
krauss@32237
   927
    moreover assume "k'\<in>dom (RBT.map_of t1)"
krauss@32237
   928
    ultimately show "k>k'" using RBT.mapof_keys ST by auto
krauss@32237
   929
  qed
krauss@32237
   930
krauss@32237
   931
  have DOM_T2: "!!k'. k'\<in>dom (RBT.map_of t2) \<Longrightarrow> k<k'"
krauss@32237
   932
  proof -
krauss@32237
   933
    fix k'
krauss@32237
   934
    from ST have "k \<guillemotleft>| t2" by simp
krauss@32237
   935
    with tgt_prop have "\<forall>k'\<in>keys t2. k<k'" by auto
krauss@32237
   936
    moreover assume "k'\<in>dom (RBT.map_of t2)"
krauss@32237
   937
    ultimately show "k<k'" using RBT.mapof_keys ST by auto
krauss@32237
   938
  qed
krauss@32237
   939
krauss@32237
   940
  {
krauss@32237
   941
    assume C: "x<k"
krauss@32237
   942
    hence "RBT.map_of (Tr c t1 k v t2) x = RBT.map_of t1 x" by simp
krauss@32237
   943
    moreover from C have "x\<notin>dom [k\<mapsto>v]" by simp
krauss@32237
   944
    moreover have "x\<notin>dom (RBT.map_of t2)" proof
krauss@32237
   945
      assume "x\<in>dom (RBT.map_of t2)"
krauss@32237
   946
      with DOM_T2 have "k<x" by blast
krauss@32237
   947
      with C show False by simp
krauss@32237
   948
    qed
krauss@32237
   949
    ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
krauss@32237
   950
  } moreover {
krauss@32237
   951
    assume [simp]: "x=k"
krauss@32237
   952
    hence "RBT.map_of (Tr c t1 k v t2) x = [k \<mapsto> v] x" by simp
krauss@32237
   953
    moreover have "x\<notin>dom (RBT.map_of t1)" proof
krauss@32237
   954
      assume "x\<in>dom (RBT.map_of t1)"
krauss@32237
   955
      with DOM_T1 have "k>x" by blast
krauss@32237
   956
      thus False by simp
krauss@32237
   957
    qed
krauss@32237
   958
    ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
krauss@32237
   959
  } moreover {
krauss@32237
   960
    assume C: "x>k"
krauss@32237
   961
    hence "RBT.map_of (Tr c t1 k v t2) x = RBT.map_of t2 x" by (simp add: less_not_sym[of k x])
krauss@32237
   962
    moreover from C have "x\<notin>dom [k\<mapsto>v]" by simp
krauss@32237
   963
    moreover have "x\<notin>dom (RBT.map_of t1)" proof
krauss@32237
   964
      assume "x\<in>dom (RBT.map_of t1)"
krauss@32237
   965
      with DOM_T1 have "k>x" by simp
krauss@32237
   966
      with C show False by simp
krauss@32237
   967
    qed
krauss@32237
   968
    ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
krauss@32237
   969
  } ultimately show ?thesis using less_linear by blast
krauss@32237
   970
qed
krauss@32237
   971
krauss@26192
   972
lemma map_of_alist_of:
krauss@26192
   973
  shows "st t \<Longrightarrow> Map.map_of (alist_of t) = map_of t"
krauss@32237
   974
proof (induct t)
krauss@32237
   975
  case Empty thus ?case by (simp add: RBT.map_of_Empty)
krauss@32237
   976
next
krauss@32237
   977
  case (Tr c t1 k v t2)
krauss@32237
   978
  hence "Map.map_of (alist_of (Tr c t1 k v t2)) = RBT.map_of t2 ++ [k \<mapsto> v] ++ RBT.map_of t1" by simp
krauss@32237
   979
  also note map_of_alist_of_aux[OF Tr.prems,symmetric]
krauss@32237
   980
  finally show ?case .
krauss@32237
   981
qed
krauss@26192
   982
krauss@26192
   983
lemma fold_alist_fold:
krauss@26192
   984
  "foldwithkey f t x = foldl (\<lambda>x (k,v). f k v x) x (alist_of t)"
krauss@26192
   985
by (induct t arbitrary: x) auto
krauss@26192
   986
krauss@26192
   987
lemma alist_pit[simp]: "(k, v) \<in> set (alist_of t) = pin_tree k v t"
krauss@26192
   988
by (induct t) auto
krauss@26192
   989
krauss@26192
   990
lemma sorted_alist:
krauss@26192
   991
  "st t \<Longrightarrow> sorted (List.map fst (alist_of t))"
krauss@26192
   992
by (induct t) 
krauss@26192
   993
  (force simp: sorted_append sorted_Cons tlgt_props 
krauss@26192
   994
      dest!:pint_keys)+
krauss@26192
   995
krauss@26192
   996
lemma distinct_alist:
krauss@26192
   997
  "st t \<Longrightarrow> distinct (List.map fst (alist_of t))"
krauss@26192
   998
by (induct t) 
krauss@26192
   999
  (force simp: sorted_append sorted_Cons tlgt_props 
krauss@26192
  1000
      dest!:pint_keys)+
krauss@26192
  1001
(*>*)
krauss@26192
  1002
krauss@26192
  1003
text {* 
krauss@26192
  1004
  This theory defines purely functional red-black trees which can be
krauss@26192
  1005
  used as an efficient representation of finite maps.
krauss@26192
  1006
*}
krauss@26192
  1007
krauss@26192
  1008
subsection {* Data type and invariant *}
krauss@26192
  1009
krauss@26192
  1010
text {*
krauss@26192
  1011
  The type @{typ "('k, 'v) rbt"} denotes red-black trees with keys of
krauss@26192
  1012
  type @{typ "'k"} and values of type @{typ "'v"}. To function
krauss@26192
  1013
  properly, the key type must belong to the @{text "linorder"} class.
krauss@26192
  1014
krauss@26192
  1015
  A value @{term t} of this type is a valid red-black tree if it
krauss@26192
  1016
  satisfies the invariant @{text "isrbt t"}.
krauss@26192
  1017
  This theory provides lemmas to prove that the invariant is
krauss@26192
  1018
  satisfied throughout the computation.
krauss@26192
  1019
krauss@26192
  1020
  The interpretation function @{const "map_of"} returns the partial
krauss@26192
  1021
  map represented by a red-black tree:
krauss@26192
  1022
  @{term_type[display] "map_of"}
krauss@26192
  1023
krauss@26192
  1024
  This function should be used for reasoning about the semantics of the RBT
krauss@26192
  1025
  operations. Furthermore, it implements the lookup functionality for
krauss@26192
  1026
  the data structure: It is executable and the lookup is performed in
krauss@26192
  1027
  $O(\log n)$.  
krauss@26192
  1028
*}
krauss@26192
  1029
krauss@26192
  1030
subsection {* Operations *}
krauss@26192
  1031
krauss@26192
  1032
text {*
krauss@26192
  1033
  Currently, the following operations are supported:
krauss@26192
  1034
krauss@26192
  1035
  @{term_type[display] "Empty"}
krauss@26192
  1036
  Returns the empty tree. $O(1)$
krauss@26192
  1037
krauss@26192
  1038
  @{term_type[display] "insrt"}
krauss@26192
  1039
  Updates the map at a given position. $O(\log n)$
krauss@26192
  1040
krauss@26192
  1041
  @{term_type[display] "delete"}
krauss@26192
  1042
  Deletes a map entry at a given position. $O(\log n)$
krauss@26192
  1043
krauss@26192
  1044
  @{term_type[display] "union"}
krauss@26192
  1045
  Forms the union of two trees, preferring entries from the first one.
krauss@26192
  1046
krauss@26192
  1047
  @{term_type[display] "map"}
krauss@26192
  1048
  Maps a function over the values of a map. $O(n)$
krauss@26192
  1049
*}
krauss@26192
  1050
krauss@26192
  1051
krauss@26192
  1052
subsection {* Invariant preservation *}
krauss@26192
  1053
krauss@26192
  1054
text {*
krauss@26192
  1055
  \noindent
krauss@26192
  1056
  @{thm Empty_isrbt}\hfill(@{text "Empty_isrbt"})
krauss@26192
  1057
krauss@26192
  1058
  \noindent
krauss@26192
  1059
  @{thm insrt_isrbt}\hfill(@{text "insrt_isrbt"})
krauss@26192
  1060
krauss@26192
  1061
  \noindent
krauss@26192
  1062
  @{thm delete_isrbt}\hfill(@{text "delete_isrbt"})
krauss@26192
  1063
krauss@26192
  1064
  \noindent
krauss@26192
  1065
  @{thm union_isrbt}\hfill(@{text "union_isrbt"})
krauss@26192
  1066
krauss@26192
  1067
  \noindent
krauss@26192
  1068
  @{thm map_isrbt}\hfill(@{text "map_isrbt"})
krauss@26192
  1069
*}
krauss@26192
  1070
krauss@26192
  1071
subsection {* Map Semantics *}
krauss@26192
  1072
krauss@26192
  1073
text {*
krauss@26192
  1074
  \noindent
krauss@26192
  1075
  \underline{@{text "map_of_Empty"}}
krauss@26192
  1076
  @{thm[display] map_of_Empty}
krauss@26192
  1077
  \vspace{1ex}
krauss@26192
  1078
krauss@26192
  1079
  \noindent
krauss@26192
  1080
  \underline{@{text "map_of_insert"}}
krauss@26192
  1081
  @{thm[display] map_of_insert}
krauss@26192
  1082
  \vspace{1ex}
krauss@26192
  1083
krauss@26192
  1084
  \noindent
krauss@26192
  1085
  \underline{@{text "map_of_delete"}}
krauss@26192
  1086
  @{thm[display] map_of_delete}
krauss@26192
  1087
  \vspace{1ex}
krauss@26192
  1088
krauss@26192
  1089
  \noindent
krauss@26192
  1090
  \underline{@{text "map_of_union"}}
krauss@26192
  1091
  @{thm[display] map_of_union}
krauss@26192
  1092
  \vspace{1ex}
krauss@26192
  1093
krauss@26192
  1094
  \noindent
krauss@26192
  1095
  \underline{@{text "map_of_map"}}
krauss@26192
  1096
  @{thm[display] map_of_map}
krauss@26192
  1097
  \vspace{1ex}
krauss@26192
  1098
*}
krauss@26192
  1099
krauss@26192
  1100
end