src/HOL/Library/RBT_Impl.thy
author haftmann
Fri Mar 22 19:18:08 2019 +0000 (4 months ago)
changeset 69946 494934c30f38
parent 69593 3dda49e08b9d
permissions -rw-r--r--
improved code equations taken over from AFP
wenzelm@47455
     1
(*  Title:      HOL/Library/RBT_Impl.thy
krauss@26192
     2
    Author:     Markus Reiter, TU Muenchen
krauss@26192
     3
    Author:     Alexander Krauss, TU Muenchen
krauss@26192
     4
*)
krauss@26192
     5
wenzelm@60500
     6
section \<open>Implementation of Red-Black Trees\<close>
krauss@26192
     7
haftmann@36147
     8
theory RBT_Impl
haftmann@45990
     9
imports Main
krauss@26192
    10
begin
krauss@26192
    11
wenzelm@60500
    12
text \<open>
wenzelm@61585
    13
  For applications, you should use theory \<open>RBT\<close> which defines
haftmann@36147
    14
  an abstract type of red-black tree obeying the invariant.
wenzelm@60500
    15
\<close>
haftmann@36147
    16
wenzelm@60500
    17
subsection \<open>Datatype of RB trees\<close>
haftmann@35550
    18
blanchet@58310
    19
datatype color = R | B
blanchet@58310
    20
datatype ('a, 'b) rbt = Empty | Branch color "('a, 'b) rbt" 'a 'b "('a, 'b) rbt"
haftmann@35534
    21
haftmann@35534
    22
lemma rbt_cases:
haftmann@35534
    23
  obtains (Empty) "t = Empty" 
haftmann@35534
    24
  | (Red) l k v r where "t = Branch R l k v r" 
haftmann@35534
    25
  | (Black) l k v r where "t = Branch B l k v r"
haftmann@35534
    26
proof (cases t)
haftmann@35534
    27
  case Empty with that show thesis by blast
haftmann@35534
    28
next
haftmann@35534
    29
  case (Branch c) with that show thesis by (cases c) blast+
haftmann@35534
    30
qed
haftmann@35534
    31
wenzelm@60500
    32
subsection \<open>Tree properties\<close>
haftmann@35534
    33
wenzelm@60500
    34
subsubsection \<open>Content of a tree\<close>
haftmann@35550
    35
haftmann@35550
    36
primrec entries :: "('a, 'b) rbt \<Rightarrow> ('a \<times> 'b) list"
haftmann@35534
    37
where 
haftmann@35534
    38
  "entries Empty = []"
haftmann@35534
    39
| "entries (Branch _ l k v r) = entries l @ (k,v) # entries r"
krauss@26192
    40
haftmann@35550
    41
abbreviation (input) entry_in_tree :: "'a \<Rightarrow> 'b \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"
krauss@26192
    42
where
haftmann@35550
    43
  "entry_in_tree k v t \<equiv> (k, v) \<in> set (entries t)"
haftmann@35550
    44
haftmann@35550
    45
definition keys :: "('a, 'b) rbt \<Rightarrow> 'a list" where
haftmann@35550
    46
  "keys t = map fst (entries t)"
krauss@26192
    47
haftmann@35550
    48
lemma keys_simps [simp, code]:
haftmann@35550
    49
  "keys Empty = []"
haftmann@35550
    50
  "keys (Branch c l k v r) = keys l @ k # keys r"
haftmann@35550
    51
  by (simp_all add: keys_def)
krauss@26192
    52
haftmann@35534
    53
lemma entry_in_tree_keys:
haftmann@35550
    54
  assumes "(k, v) \<in> set (entries t)"
haftmann@35550
    55
  shows "k \<in> set (keys t)"
haftmann@35550
    56
proof -
haftmann@35550
    57
  from assms have "fst (k, v) \<in> fst ` set (entries t)" by (rule imageI)
haftmann@35550
    58
  then show ?thesis by (simp add: keys_def)
haftmann@35550
    59
qed
haftmann@35550
    60
haftmann@35602
    61
lemma keys_entries:
haftmann@35602
    62
  "k \<in> set (keys t) \<longleftrightarrow> (\<exists>v. (k, v) \<in> set (entries t))"
haftmann@35602
    63
  by (auto intro: entry_in_tree_keys) (auto simp add: keys_def)
haftmann@35602
    64
kuncar@48621
    65
lemma non_empty_rbt_keys: 
kuncar@48621
    66
  "t \<noteq> rbt.Empty \<Longrightarrow> keys t \<noteq> []"
kuncar@48621
    67
  by (cases t) simp_all
haftmann@35550
    68
wenzelm@60500
    69
subsubsection \<open>Search tree properties\<close>
krauss@26192
    70
Andreas@47450
    71
context ord begin
haftmann@35534
    72
Andreas@47450
    73
definition rbt_less :: "'a \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"
Andreas@47450
    74
where
Andreas@47450
    75
  rbt_less_prop: "rbt_less k t \<longleftrightarrow> (\<forall>x\<in>set (keys t). x < k)"
krauss@26192
    76
Andreas@47450
    77
abbreviation rbt_less_symbol (infix "|\<guillemotleft>" 50)
Andreas@47450
    78
where "t |\<guillemotleft> x \<equiv> rbt_less x t"
Andreas@47450
    79
Andreas@47450
    80
definition rbt_greater :: "'a \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool" (infix "\<guillemotleft>|" 50) 
haftmann@35534
    81
where
Andreas@47450
    82
  rbt_greater_prop: "rbt_greater k t = (\<forall>x\<in>set (keys t). k < x)"
krauss@26192
    83
Andreas@47450
    84
lemma rbt_less_simps [simp]:
Andreas@47450
    85
  "Empty |\<guillemotleft> k = True"
Andreas@47450
    86
  "Branch c lt kt v rt |\<guillemotleft> k \<longleftrightarrow> kt < k \<and> lt |\<guillemotleft> k \<and> rt |\<guillemotleft> k"
Andreas@47450
    87
  by (auto simp add: rbt_less_prop)
krauss@26192
    88
Andreas@47450
    89
lemma rbt_greater_simps [simp]:
Andreas@47450
    90
  "k \<guillemotleft>| Empty = True"
Andreas@47450
    91
  "k \<guillemotleft>| (Branch c lt kt v rt) \<longleftrightarrow> k < kt \<and> k \<guillemotleft>| lt \<and> k \<guillemotleft>| rt"
Andreas@47450
    92
  by (auto simp add: rbt_greater_prop)
krauss@26192
    93
Andreas@47450
    94
lemmas rbt_ord_props = rbt_less_prop rbt_greater_prop
Andreas@47450
    95
Andreas@47450
    96
lemmas rbt_greater_nit = rbt_greater_prop entry_in_tree_keys
Andreas@47450
    97
lemmas rbt_less_nit = rbt_less_prop entry_in_tree_keys
krauss@26192
    98
Andreas@47450
    99
lemma (in order)
Andreas@47450
   100
  shows rbt_less_eq_trans: "l |\<guillemotleft> u \<Longrightarrow> u \<le> v \<Longrightarrow> l |\<guillemotleft> v"
Andreas@47450
   101
  and rbt_less_trans: "t |\<guillemotleft> x \<Longrightarrow> x < y \<Longrightarrow> t |\<guillemotleft> y"
Andreas@47450
   102
  and rbt_greater_eq_trans: "u \<le> v \<Longrightarrow> v \<guillemotleft>| r \<Longrightarrow> u \<guillemotleft>| r"
Andreas@47450
   103
  and rbt_greater_trans: "x < y \<Longrightarrow> y \<guillemotleft>| t \<Longrightarrow> x \<guillemotleft>| t"
Andreas@47450
   104
  by (auto simp: rbt_ord_props)
krauss@26192
   105
Andreas@47450
   106
primrec rbt_sorted :: "('a, 'b) rbt \<Rightarrow> bool"
krauss@26192
   107
where
Andreas@47450
   108
  "rbt_sorted Empty = True"
Andreas@47450
   109
| "rbt_sorted (Branch c l k v r) = (l |\<guillemotleft> k \<and> k \<guillemotleft>| r \<and> rbt_sorted l \<and> rbt_sorted r)"
Andreas@47450
   110
Andreas@47450
   111
end
krauss@26192
   112
Andreas@47450
   113
context linorder begin
Andreas@47450
   114
Andreas@47450
   115
lemma rbt_sorted_entries:
Andreas@49770
   116
  "rbt_sorted t \<Longrightarrow> List.sorted (map fst (entries t))"
nipkow@68109
   117
by (induct t)  (force simp: sorted_append rbt_ord_props dest!: entry_in_tree_keys)+
haftmann@35550
   118
haftmann@35550
   119
lemma distinct_entries:
Andreas@49770
   120
  "rbt_sorted t \<Longrightarrow> distinct (map fst (entries t))"
nipkow@68109
   121
by (induct t) (force simp: sorted_append rbt_ord_props dest!: entry_in_tree_keys)+
haftmann@35550
   122
kuncar@48621
   123
lemma distinct_keys:
kuncar@48621
   124
  "rbt_sorted t \<Longrightarrow> distinct (keys t)"
kuncar@48621
   125
  by (simp add: distinct_entries keys_def)
kuncar@48621
   126
kuncar@48621
   127
wenzelm@60500
   128
subsubsection \<open>Tree lookup\<close>
haftmann@35550
   129
Andreas@47450
   130
primrec (in ord) rbt_lookup :: "('a, 'b) rbt \<Rightarrow> 'a \<rightharpoonup> 'b"
haftmann@35534
   131
where
Andreas@47450
   132
  "rbt_lookup Empty k = None"
Andreas@47450
   133
| "rbt_lookup (Branch _ l x y r) k = 
Andreas@47450
   134
   (if k < x then rbt_lookup l k else if x < k then rbt_lookup r k else Some y)"
haftmann@35534
   135
Andreas@47450
   136
lemma rbt_lookup_keys: "rbt_sorted t \<Longrightarrow> dom (rbt_lookup t) = set (keys t)"
Andreas@47450
   137
  by (induct t) (auto simp: dom_def rbt_greater_prop rbt_less_prop)
haftmann@35550
   138
Andreas@47450
   139
lemma dom_rbt_lookup_Branch: 
Andreas@47450
   140
  "rbt_sorted (Branch c t1 k v t2) \<Longrightarrow> 
Andreas@47450
   141
    dom (rbt_lookup (Branch c t1 k v t2)) 
Andreas@47450
   142
    = Set.insert k (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2))"
haftmann@35550
   143
proof -
Andreas@47450
   144
  assume "rbt_sorted (Branch c t1 k v t2)"
wenzelm@53374
   145
  then show ?thesis by (simp add: rbt_lookup_keys)
haftmann@35550
   146
qed
haftmann@35550
   147
Andreas@47450
   148
lemma finite_dom_rbt_lookup [simp, intro!]: "finite (dom (rbt_lookup t))"
haftmann@35550
   149
proof (induct t)
haftmann@35550
   150
  case Empty then show ?case by simp
haftmann@35550
   151
next
haftmann@35550
   152
  case (Branch color t1 a b t2)
Andreas@47450
   153
  let ?A = "Set.insert a (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2))"
nipkow@62390
   154
  have "dom (rbt_lookup (Branch color t1 a b t2)) \<subseteq> ?A" by (auto split: if_split_asm)
Andreas@47450
   155
  moreover from Branch have "finite (insert a (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2)))" by simp
haftmann@35550
   156
  ultimately show ?case by (rule finite_subset)
haftmann@35550
   157
qed 
haftmann@35550
   158
Andreas@47450
   159
end
Andreas@47450
   160
Andreas@47450
   161
context ord begin
Andreas@47450
   162
Andreas@47450
   163
lemma rbt_lookup_rbt_less[simp]: "t |\<guillemotleft> k \<Longrightarrow> rbt_lookup t k = None" 
krauss@26192
   164
by (induct t) auto
krauss@26192
   165
Andreas@47450
   166
lemma rbt_lookup_rbt_greater[simp]: "k \<guillemotleft>| t \<Longrightarrow> rbt_lookup t k = None"
krauss@26192
   167
by (induct t) auto
krauss@26192
   168
nipkow@68450
   169
lemma rbt_lookup_Empty: "rbt_lookup Empty = Map.empty"
krauss@26192
   170
by (rule ext) simp
krauss@26192
   171
Andreas@47450
   172
end
Andreas@47450
   173
Andreas@47450
   174
context linorder begin
Andreas@47450
   175
haftmann@35618
   176
lemma map_of_entries:
Andreas@47450
   177
  "rbt_sorted t \<Longrightarrow> map_of (entries t) = rbt_lookup t"
haftmann@35550
   178
proof (induct t)
Andreas@47450
   179
  case Empty thus ?case by (simp add: rbt_lookup_Empty)
haftmann@35550
   180
next
haftmann@35550
   181
  case (Branch c t1 k v t2)
Andreas@47450
   182
  have "rbt_lookup (Branch c t1 k v t2) = rbt_lookup t2 ++ [k\<mapsto>v] ++ rbt_lookup t1"
haftmann@35550
   183
  proof (rule ext)
haftmann@35550
   184
    fix x
Andreas@47450
   185
    from Branch have RBT_SORTED: "rbt_sorted (Branch c t1 k v t2)" by simp
Andreas@47450
   186
    let ?thesis = "rbt_lookup (Branch c t1 k v t2) x = (rbt_lookup t2 ++ [k \<mapsto> v] ++ rbt_lookup t1) x"
haftmann@35550
   187
Andreas@47450
   188
    have DOM_T1: "!!k'. k'\<in>dom (rbt_lookup t1) \<Longrightarrow> k>k'"
haftmann@35550
   189
    proof -
haftmann@35550
   190
      fix k'
Andreas@47450
   191
      from RBT_SORTED have "t1 |\<guillemotleft> k" by simp
Andreas@47450
   192
      with rbt_less_prop have "\<forall>k'\<in>set (keys t1). k>k'" by auto
Andreas@47450
   193
      moreover assume "k'\<in>dom (rbt_lookup t1)"
Andreas@47450
   194
      ultimately show "k>k'" using rbt_lookup_keys RBT_SORTED by auto
haftmann@35550
   195
    qed
haftmann@35550
   196
    
Andreas@47450
   197
    have DOM_T2: "!!k'. k'\<in>dom (rbt_lookup t2) \<Longrightarrow> k<k'"
haftmann@35550
   198
    proof -
haftmann@35550
   199
      fix k'
Andreas@47450
   200
      from RBT_SORTED have "k \<guillemotleft>| t2" by simp
Andreas@47450
   201
      with rbt_greater_prop have "\<forall>k'\<in>set (keys t2). k<k'" by auto
Andreas@47450
   202
      moreover assume "k'\<in>dom (rbt_lookup t2)"
Andreas@47450
   203
      ultimately show "k<k'" using rbt_lookup_keys RBT_SORTED by auto
haftmann@35550
   204
    qed
haftmann@35550
   205
    
haftmann@35550
   206
    {
haftmann@35550
   207
      assume C: "x<k"
Andreas@47450
   208
      hence "rbt_lookup (Branch c t1 k v t2) x = rbt_lookup t1 x" by simp
haftmann@35550
   209
      moreover from C have "x\<notin>dom [k\<mapsto>v]" by simp
Andreas@47450
   210
      moreover have "x \<notin> dom (rbt_lookup t2)"
Andreas@47450
   211
      proof
Andreas@47450
   212
        assume "x \<in> dom (rbt_lookup t2)"
haftmann@35550
   213
        with DOM_T2 have "k<x" by blast
haftmann@35550
   214
        with C show False by simp
haftmann@35550
   215
      qed
haftmann@35550
   216
      ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
haftmann@35550
   217
    } moreover {
haftmann@35550
   218
      assume [simp]: "x=k"
Andreas@47450
   219
      hence "rbt_lookup (Branch c t1 k v t2) x = [k \<mapsto> v] x" by simp
Andreas@47450
   220
      moreover have "x \<notin> dom (rbt_lookup t1)" 
Andreas@47450
   221
      proof
Andreas@47450
   222
        assume "x \<in> dom (rbt_lookup t1)"
haftmann@35550
   223
        with DOM_T1 have "k>x" by blast
haftmann@35550
   224
        thus False by simp
haftmann@35550
   225
      qed
haftmann@35550
   226
      ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
haftmann@35550
   227
    } moreover {
haftmann@35550
   228
      assume C: "x>k"
Andreas@47450
   229
      hence "rbt_lookup (Branch c t1 k v t2) x = rbt_lookup t2 x" by (simp add: less_not_sym[of k x])
haftmann@35550
   230
      moreover from C have "x\<notin>dom [k\<mapsto>v]" by simp
Andreas@47450
   231
      moreover have "x\<notin>dom (rbt_lookup t1)" proof
Andreas@47450
   232
        assume "x\<in>dom (rbt_lookup t1)"
haftmann@35550
   233
        with DOM_T1 have "k>x" by simp
haftmann@35550
   234
        with C show False by simp
haftmann@35550
   235
      qed
haftmann@35550
   236
      ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
haftmann@35550
   237
    } ultimately show ?thesis using less_linear by blast
haftmann@35550
   238
  qed
Andreas@47450
   239
  also from Branch 
Andreas@47450
   240
  have "rbt_lookup t2 ++ [k \<mapsto> v] ++ rbt_lookup t1 = map_of (entries (Branch c t1 k v t2))" by simp
haftmann@35618
   241
  finally show ?case by simp
haftmann@35550
   242
qed
haftmann@35550
   243
Andreas@47450
   244
lemma rbt_lookup_in_tree: "rbt_sorted t \<Longrightarrow> rbt_lookup t k = Some v \<longleftrightarrow> (k, v) \<in> set (entries t)"
haftmann@35618
   245
  by (simp add: map_of_entries [symmetric] distinct_entries)
haftmann@35602
   246
haftmann@35602
   247
lemma set_entries_inject:
Andreas@47450
   248
  assumes rbt_sorted: "rbt_sorted t1" "rbt_sorted t2" 
haftmann@35602
   249
  shows "set (entries t1) = set (entries t2) \<longleftrightarrow> entries t1 = entries t2"
haftmann@35602
   250
proof -
Andreas@47450
   251
  from rbt_sorted have "distinct (map fst (entries t1))"
haftmann@35602
   252
    "distinct (map fst (entries t2))"
haftmann@35602
   253
    by (auto intro: distinct_entries)
Andreas@47450
   254
  with rbt_sorted show ?thesis
Andreas@47450
   255
    by (auto intro: map_sorted_distinct_set_unique rbt_sorted_entries simp add: distinct_map)
haftmann@35602
   256
qed
haftmann@35550
   257
haftmann@35550
   258
lemma entries_eqI:
Andreas@47450
   259
  assumes rbt_sorted: "rbt_sorted t1" "rbt_sorted t2" 
Andreas@47450
   260
  assumes rbt_lookup: "rbt_lookup t1 = rbt_lookup t2"
haftmann@35602
   261
  shows "entries t1 = entries t2"
haftmann@35550
   262
proof -
Andreas@47450
   263
  from rbt_sorted rbt_lookup have "map_of (entries t1) = map_of (entries t2)"
haftmann@35618
   264
    by (simp add: map_of_entries)
Andreas@47450
   265
  with rbt_sorted have "set (entries t1) = set (entries t2)"
haftmann@35602
   266
    by (simp add: map_of_inject_set distinct_entries)
Andreas@47450
   267
  with rbt_sorted show ?thesis by (simp add: set_entries_inject)
haftmann@35602
   268
qed
haftmann@35550
   269
Andreas@47450
   270
lemma entries_rbt_lookup:
Andreas@47450
   271
  assumes "rbt_sorted t1" "rbt_sorted t2" 
Andreas@47450
   272
  shows "entries t1 = entries t2 \<longleftrightarrow> rbt_lookup t1 = rbt_lookup t2"
haftmann@35618
   273
  using assms by (auto intro: entries_eqI simp add: map_of_entries [symmetric])
haftmann@35602
   274
Andreas@47450
   275
lemma rbt_lookup_from_in_tree: 
Andreas@47450
   276
  assumes "rbt_sorted t1" "rbt_sorted t2" 
Andreas@47450
   277
  and "\<And>v. (k, v) \<in> set (entries t1) \<longleftrightarrow> (k, v) \<in> set (entries t2)" 
Andreas@47450
   278
  shows "rbt_lookup t1 k = rbt_lookup t2 k"
haftmann@35602
   279
proof -
Andreas@47450
   280
  from assms have "k \<in> dom (rbt_lookup t1) \<longleftrightarrow> k \<in> dom (rbt_lookup t2)"
Andreas@47450
   281
    by (simp add: keys_entries rbt_lookup_keys)
Andreas@47450
   282
  with assms show ?thesis by (auto simp add: rbt_lookup_in_tree [symmetric])
krauss@26192
   283
qed
krauss@26192
   284
Andreas@47450
   285
end
haftmann@35550
   286
wenzelm@60500
   287
subsubsection \<open>Red-black properties\<close>
krauss@26192
   288
haftmann@35534
   289
primrec color_of :: "('a, 'b) rbt \<Rightarrow> color"
krauss@26192
   290
where
haftmann@35534
   291
  "color_of Empty = B"
haftmann@35534
   292
| "color_of (Branch c _ _ _ _) = c"
krauss@26192
   293
haftmann@35534
   294
primrec bheight :: "('a,'b) rbt \<Rightarrow> nat"
haftmann@35534
   295
where
haftmann@35534
   296
  "bheight Empty = 0"
haftmann@35534
   297
| "bheight (Branch c lt k v rt) = (if c = B then Suc (bheight lt) else bheight lt)"
haftmann@35534
   298
haftmann@35534
   299
primrec inv1 :: "('a, 'b) rbt \<Rightarrow> bool"
krauss@26192
   300
where
krauss@26192
   301
  "inv1 Empty = True"
haftmann@35534
   302
| "inv1 (Branch c lt k v rt) \<longleftrightarrow> inv1 lt \<and> inv1 rt \<and> (c = B \<or> color_of lt = B \<and> color_of rt = B)"
krauss@26192
   303
wenzelm@61585
   304
primrec inv1l :: "('a, 'b) rbt \<Rightarrow> bool" \<comment> \<open>Weaker version\<close>
krauss@26192
   305
where
krauss@26192
   306
  "inv1l Empty = True"
haftmann@35534
   307
| "inv1l (Branch c l k v r) = (inv1 l \<and> inv1 r)"
krauss@26192
   308
lemma [simp]: "inv1 t \<Longrightarrow> inv1l t" by (cases t) simp+
krauss@26192
   309
haftmann@35534
   310
primrec inv2 :: "('a, 'b) rbt \<Rightarrow> bool"
krauss@26192
   311
where
krauss@26192
   312
  "inv2 Empty = True"
haftmann@35534
   313
| "inv2 (Branch c lt k v rt) = (inv2 lt \<and> inv2 rt \<and> bheight lt = bheight rt)"
krauss@26192
   314
Andreas@47450
   315
context ord begin
krauss@26192
   316
Andreas@47450
   317
definition is_rbt :: "('a, 'b) rbt \<Rightarrow> bool" where
Andreas@47450
   318
  "is_rbt t \<longleftrightarrow> inv1 t \<and> inv2 t \<and> color_of t = B \<and> rbt_sorted t"
Andreas@47450
   319
Andreas@47450
   320
lemma is_rbt_rbt_sorted [simp]:
Andreas@47450
   321
  "is_rbt t \<Longrightarrow> rbt_sorted t" by (simp add: is_rbt_def)
krauss@26192
   322
haftmann@35534
   323
theorem Empty_is_rbt [simp]:
haftmann@35534
   324
  "is_rbt Empty" by (simp add: is_rbt_def)
krauss@26192
   325
Andreas@47450
   326
end
krauss@26192
   327
wenzelm@60500
   328
subsection \<open>Insertion\<close>
krauss@26192
   329
nipkow@61225
   330
text \<open>The function definitions are based on the book by Okasaki.\<close>
nipkow@61225
   331
krauss@26192
   332
fun (* slow, due to massive case splitting *)
krauss@26192
   333
  balance :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   334
where
haftmann@35534
   335
  "balance (Branch R a w x b) s t (Branch R c y z d) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   336
  "balance (Branch R (Branch R a w x b) s t c) y z d = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   337
  "balance (Branch R a w x (Branch R b s t c)) y z d = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   338
  "balance a w x (Branch R b s t (Branch R c y z d)) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   339
  "balance a w x (Branch R (Branch R b s t c) y z d) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   340
  "balance a s t b = Branch B a s t b"
krauss@26192
   341
krauss@26192
   342
lemma balance_inv1: "\<lbrakk>inv1l l; inv1l r\<rbrakk> \<Longrightarrow> inv1 (balance l k v r)" 
krauss@26192
   343
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   344
haftmann@35534
   345
lemma balance_bheight: "bheight l = bheight r \<Longrightarrow> bheight (balance l k v r) = Suc (bheight l)"
krauss@26192
   346
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   347
krauss@26192
   348
lemma balance_inv2: 
haftmann@35534
   349
  assumes "inv2 l" "inv2 r" "bheight l = bheight r"
krauss@26192
   350
  shows "inv2 (balance l k v r)"
krauss@26192
   351
  using assms
krauss@26192
   352
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   353
Andreas@47450
   354
context ord begin
Andreas@47450
   355
Andreas@47450
   356
lemma balance_rbt_greater[simp]: "(v \<guillemotleft>| balance a k x b) = (v \<guillemotleft>| a \<and> v \<guillemotleft>| b \<and> v < k)" 
krauss@26192
   357
  by (induct a k x b rule: balance.induct) auto
krauss@26192
   358
Andreas@47450
   359
lemma balance_rbt_less[simp]: "(balance a k x b |\<guillemotleft> v) = (a |\<guillemotleft> v \<and> b |\<guillemotleft> v \<and> k < v)"
krauss@26192
   360
  by (induct a k x b rule: balance.induct) auto
krauss@26192
   361
Andreas@47450
   362
end
Andreas@47450
   363
Andreas@47450
   364
lemma (in linorder) balance_rbt_sorted: 
Andreas@47450
   365
  fixes k :: "'a"
Andreas@47450
   366
  assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
Andreas@47450
   367
  shows "rbt_sorted (balance l k v r)"
krauss@26192
   368
using assms proof (induct l k v r rule: balance.induct)
krauss@26192
   369
  case ("2_2" a x w b y t c z s va vb vd vc)
haftmann@35534
   370
  hence "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc" 
Andreas@47450
   371
    by (auto simp add: rbt_ord_props)
Andreas@47450
   372
  hence "y \<guillemotleft>| (Branch B va vb vd vc)" by (blast dest: rbt_greater_trans)
krauss@26192
   373
  with "2_2" show ?case by simp
krauss@26192
   374
next
krauss@26192
   375
  case ("3_2" va vb vd vc x w b y s c z)
Andreas@47450
   376
  from "3_2" have "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x" 
haftmann@35534
   377
    by simp
Andreas@47450
   378
  hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
krauss@26192
   379
  with "3_2" show ?case by simp
krauss@26192
   380
next
krauss@26192
   381
  case ("3_3" x w b y s c z t va vb vd vc)
Andreas@47450
   382
  from "3_3" have "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc" by simp
Andreas@47450
   383
  hence "y \<guillemotleft>| Branch B va vb vd vc" by (blast dest: rbt_greater_trans)
krauss@26192
   384
  with "3_3" show ?case by simp
krauss@26192
   385
next
krauss@26192
   386
  case ("3_4" vd ve vg vf x w b y s c z t va vb vii vc)
Andreas@47450
   387
  hence "x < y \<and> Branch B vd ve vg vf |\<guillemotleft> x" by simp
Andreas@47450
   388
  hence 1: "Branch B vd ve vg vf |\<guillemotleft> y" by (blast dest: rbt_less_trans)
Andreas@47450
   389
  from "3_4" have "y < z \<and> z \<guillemotleft>| Branch B va vb vii vc" by simp
Andreas@47450
   390
  hence "y \<guillemotleft>| Branch B va vb vii vc" by (blast dest: rbt_greater_trans)
krauss@26192
   391
  with 1 "3_4" show ?case by simp
krauss@26192
   392
next
krauss@26192
   393
  case ("4_2" va vb vd vc x w b y s c z t dd)
Andreas@47450
   394
  hence "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x" by simp
Andreas@47450
   395
  hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
krauss@26192
   396
  with "4_2" show ?case by simp
krauss@26192
   397
next
krauss@26192
   398
  case ("5_2" x w b y s c z t va vb vd vc)
Andreas@47450
   399
  hence "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc" by simp
Andreas@47450
   400
  hence "y \<guillemotleft>| Branch B va vb vd vc" by (blast dest: rbt_greater_trans)
krauss@26192
   401
  with "5_2" show ?case by simp
krauss@26192
   402
next
krauss@26192
   403
  case ("5_3" va vb vd vc x w b y s c z t)
Andreas@47450
   404
  hence "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x" by simp
Andreas@47450
   405
  hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
krauss@26192
   406
  with "5_3" show ?case by simp
krauss@26192
   407
next
krauss@26192
   408
  case ("5_4" va vb vg vc x w b y s c z t vd ve vii vf)
Andreas@47450
   409
  hence "x < y \<and> Branch B va vb vg vc |\<guillemotleft> x" by simp
Andreas@47450
   410
  hence 1: "Branch B va vb vg vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
Andreas@47450
   411
  from "5_4" have "y < z \<and> z \<guillemotleft>| Branch B vd ve vii vf" by simp
Andreas@47450
   412
  hence "y \<guillemotleft>| Branch B vd ve vii vf" by (blast dest: rbt_greater_trans)
krauss@26192
   413
  with 1 "5_4" show ?case by simp
krauss@26192
   414
qed simp+
krauss@26192
   415
haftmann@35550
   416
lemma entries_balance [simp]:
haftmann@35550
   417
  "entries (balance l k v r) = entries l @ (k, v) # entries r"
haftmann@35550
   418
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   419
haftmann@35550
   420
lemma keys_balance [simp]: 
haftmann@35550
   421
  "keys (balance l k v r) = keys l @ k # keys r"
haftmann@35550
   422
  by (simp add: keys_def)
haftmann@35550
   423
haftmann@35550
   424
lemma balance_in_tree:  
haftmann@35550
   425
  "entry_in_tree k x (balance l v y r) \<longleftrightarrow> entry_in_tree k x l \<or> k = v \<and> x = y \<or> entry_in_tree k x r"
haftmann@35550
   426
  by (auto simp add: keys_def)
krauss@26192
   427
Andreas@47450
   428
lemma (in linorder) rbt_lookup_balance[simp]: 
Andreas@47450
   429
fixes k :: "'a"
Andreas@47450
   430
assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
Andreas@47450
   431
shows "rbt_lookup (balance l k v r) x = rbt_lookup (Branch B l k v r) x"
Andreas@47450
   432
by (rule rbt_lookup_from_in_tree) (auto simp:assms balance_in_tree balance_rbt_sorted)
krauss@26192
   433
krauss@26192
   434
primrec paint :: "color \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   435
where
krauss@26192
   436
  "paint c Empty = Empty"
haftmann@35534
   437
| "paint c (Branch _ l k v r) = Branch c l k v r"
krauss@26192
   438
krauss@26192
   439
lemma paint_inv1l[simp]: "inv1l t \<Longrightarrow> inv1l (paint c t)" by (cases t) auto
krauss@26192
   440
lemma paint_inv1[simp]: "inv1l t \<Longrightarrow> inv1 (paint B t)" by (cases t) auto
krauss@26192
   441
lemma paint_inv2[simp]: "inv2 t \<Longrightarrow> inv2 (paint c t)" by (cases t) auto
haftmann@35534
   442
lemma paint_color_of[simp]: "color_of (paint B t) = B" by (cases t) auto
haftmann@35550
   443
lemma paint_in_tree[simp]: "entry_in_tree k x (paint c t) = entry_in_tree k x t" by (cases t) auto
Andreas@47450
   444
Andreas@47450
   445
context ord begin
Andreas@47450
   446
Andreas@47450
   447
lemma paint_rbt_sorted[simp]: "rbt_sorted t \<Longrightarrow> rbt_sorted (paint c t)" by (cases t) auto
Andreas@47450
   448
lemma paint_rbt_lookup[simp]: "rbt_lookup (paint c t) = rbt_lookup t" by (rule ext) (cases t, auto)
Andreas@47450
   449
lemma paint_rbt_greater[simp]: "(v \<guillemotleft>| paint c t) = (v \<guillemotleft>| t)" by (cases t) auto
Andreas@47450
   450
lemma paint_rbt_less[simp]: "(paint c t |\<guillemotleft> v) = (t |\<guillemotleft> v)" by (cases t) auto
krauss@26192
   451
krauss@26192
   452
fun
Andreas@47450
   453
  rbt_ins :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   454
where
Andreas@47450
   455
  "rbt_ins f k v Empty = Branch R Empty k v Empty" |
Andreas@47450
   456
  "rbt_ins f k v (Branch B l x y r) = (if k < x then balance (rbt_ins f k v l) x y r
Andreas@47450
   457
                                       else if k > x then balance l x y (rbt_ins f k v r)
Andreas@47450
   458
                                       else Branch B l x (f k y v) r)" |
Andreas@47450
   459
  "rbt_ins f k v (Branch R l x y r) = (if k < x then Branch R (rbt_ins f k v l) x y r
Andreas@47450
   460
                                       else if k > x then Branch R l x y (rbt_ins f k v r)
Andreas@47450
   461
                                       else Branch R l x (f k y v) r)"
krauss@26192
   462
krauss@26192
   463
lemma ins_inv1_inv2: 
krauss@26192
   464
  assumes "inv1 t" "inv2 t"
Andreas@47450
   465
  shows "inv2 (rbt_ins f k x t)" "bheight (rbt_ins f k x t) = bheight t" 
Andreas@47450
   466
  "color_of t = B \<Longrightarrow> inv1 (rbt_ins f k x t)" "inv1l (rbt_ins f k x t)"
krauss@26192
   467
  using assms
Andreas@47450
   468
  by (induct f k x t rule: rbt_ins.induct) (auto simp: balance_inv1 balance_inv2 balance_bheight)
Andreas@47450
   469
Andreas@47450
   470
end
Andreas@47450
   471
Andreas@47450
   472
context linorder begin
krauss@26192
   473
Andreas@47450
   474
lemma ins_rbt_greater[simp]: "(v \<guillemotleft>| rbt_ins f (k :: 'a) x t) = (v \<guillemotleft>| t \<and> k > v)"
Andreas@47450
   475
  by (induct f k x t rule: rbt_ins.induct) auto
Andreas@47450
   476
lemma ins_rbt_less[simp]: "(rbt_ins f k x t |\<guillemotleft> v) = (t |\<guillemotleft> v \<and> k < v)"
Andreas@47450
   477
  by (induct f k x t rule: rbt_ins.induct) auto
Andreas@47450
   478
lemma ins_rbt_sorted[simp]: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_ins f k x t)"
Andreas@47450
   479
  by (induct f k x t rule: rbt_ins.induct) (auto simp: balance_rbt_sorted)
krauss@26192
   480
Andreas@47450
   481
lemma keys_ins: "set (keys (rbt_ins f k v t)) = { k } \<union> set (keys t)"
Andreas@47450
   482
  by (induct f k v t rule: rbt_ins.induct) auto
krauss@26192
   483
Andreas@47450
   484
lemma rbt_lookup_ins: 
Andreas@47450
   485
  fixes k :: "'a"
Andreas@47450
   486
  assumes "rbt_sorted t"
Andreas@47450
   487
  shows "rbt_lookup (rbt_ins f k v t) x = ((rbt_lookup t)(k |-> case rbt_lookup t k of None \<Rightarrow> v 
Andreas@47450
   488
                                                                | Some w \<Rightarrow> f k w v)) x"
Andreas@47450
   489
using assms by (induct f k v t rule: rbt_ins.induct) auto
Andreas@47450
   490
Andreas@47450
   491
end
Andreas@47450
   492
Andreas@47450
   493
context ord begin
Andreas@47450
   494
Andreas@47450
   495
definition rbt_insert_with_key :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
Andreas@47450
   496
where "rbt_insert_with_key f k v t = paint B (rbt_ins f k v t)"
Andreas@47450
   497
Andreas@47450
   498
definition rbt_insertw_def: "rbt_insert_with f = rbt_insert_with_key (\<lambda>_. f)"
krauss@26192
   499
Andreas@47450
   500
definition rbt_insert :: "'a \<Rightarrow> 'b \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt" where
Andreas@47450
   501
  "rbt_insert = rbt_insert_with_key (\<lambda>_ _ nv. nv)"
Andreas@47450
   502
Andreas@47450
   503
end
Andreas@47450
   504
Andreas@47450
   505
context linorder begin
krauss@26192
   506
Andreas@47450
   507
lemma rbt_insertwk_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert_with_key f (k :: 'a) x t)"
Andreas@47450
   508
  by (auto simp: rbt_insert_with_key_def)
krauss@26192
   509
Andreas@47450
   510
theorem rbt_insertwk_is_rbt: 
haftmann@35534
   511
  assumes inv: "is_rbt t" 
Andreas@47450
   512
  shows "is_rbt (rbt_insert_with_key f k x t)"
krauss@26192
   513
using assms
Andreas@47450
   514
unfolding rbt_insert_with_key_def is_rbt_def
krauss@26192
   515
by (auto simp: ins_inv1_inv2)
krauss@26192
   516
Andreas@47450
   517
lemma rbt_lookup_rbt_insertwk: 
Andreas@47450
   518
  assumes "rbt_sorted t"
Andreas@47450
   519
  shows "rbt_lookup (rbt_insert_with_key f k v t) x = ((rbt_lookup t)(k |-> case rbt_lookup t k of None \<Rightarrow> v 
krauss@26192
   520
                                                       | Some w \<Rightarrow> f k w v)) x"
Andreas@47450
   521
unfolding rbt_insert_with_key_def using assms
Andreas@47450
   522
by (simp add:rbt_lookup_ins)
krauss@26192
   523
Andreas@47450
   524
lemma rbt_insertw_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert_with f k v t)" 
Andreas@47450
   525
  by (simp add: rbt_insertwk_rbt_sorted rbt_insertw_def)
Andreas@47450
   526
theorem rbt_insertw_is_rbt: "is_rbt t \<Longrightarrow> is_rbt (rbt_insert_with f k v t)"
Andreas@47450
   527
  by (simp add: rbt_insertwk_is_rbt rbt_insertw_def)
krauss@26192
   528
Andreas@47450
   529
lemma rbt_lookup_rbt_insertw:
wenzelm@63649
   530
  "is_rbt t \<Longrightarrow>
wenzelm@63649
   531
    rbt_lookup (rbt_insert_with f k v t) =
wenzelm@63649
   532
      (rbt_lookup t)(k \<mapsto> (if k \<in> dom (rbt_lookup t) then f (the (rbt_lookup t k)) v else v))"
wenzelm@63649
   533
  by (rule ext, cases "rbt_lookup t k") (auto simp: rbt_lookup_rbt_insertwk dom_def rbt_insertw_def)
krauss@26192
   534
Andreas@47450
   535
lemma rbt_insert_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert k v t)"
Andreas@47450
   536
  by (simp add: rbt_insertwk_rbt_sorted rbt_insert_def)
Andreas@47450
   537
theorem rbt_insert_is_rbt [simp]: "is_rbt t \<Longrightarrow> is_rbt (rbt_insert k v t)"
Andreas@47450
   538
  by (simp add: rbt_insertwk_is_rbt rbt_insert_def)
krauss@26192
   539
wenzelm@63649
   540
lemma rbt_lookup_rbt_insert: "is_rbt t \<Longrightarrow> rbt_lookup (rbt_insert k v t) = (rbt_lookup t)(k\<mapsto>v)"
wenzelm@63649
   541
  by (rule ext) (simp add: rbt_insert_def rbt_lookup_rbt_insertwk split: option.split)
krauss@26192
   542
Andreas@47450
   543
end
krauss@26192
   544
wenzelm@60500
   545
subsection \<open>Deletion\<close>
krauss@26192
   546
haftmann@35534
   547
lemma bheight_paintR'[simp]: "color_of t = B \<Longrightarrow> bheight (paint R t) = bheight t - 1"
krauss@26192
   548
by (cases t rule: rbt_cases) auto
krauss@26192
   549
wenzelm@63680
   550
text \<open>
wenzelm@63680
   551
  The function definitions are based on the Haskell code by Stefan Kahrs
wenzelm@63680
   552
  at \<^url>\<open>http://www.cs.ukc.ac.uk/people/staff/smk/redblack/rb.html\<close>.
wenzelm@63680
   553
\<close>
nipkow@61225
   554
krauss@26192
   555
fun
haftmann@35550
   556
  balance_left :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   557
where
haftmann@35550
   558
  "balance_left (Branch R a k x b) s y c = Branch R (Branch B a k x b) s y c" |
haftmann@35550
   559
  "balance_left bl k x (Branch B a s y b) = balance bl k x (Branch R a s y b)" |
haftmann@35550
   560
  "balance_left bl k x (Branch R (Branch B a s y b) t z c) = Branch R (Branch B bl k x a) s y (balance b t z (paint R c))" |
haftmann@35550
   561
  "balance_left t k x s = Empty"
krauss@26192
   562
haftmann@35550
   563
lemma balance_left_inv2_with_inv1:
haftmann@35534
   564
  assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "inv1 rt"
haftmann@35550
   565
  shows "bheight (balance_left lt k v rt) = bheight lt + 1"
haftmann@35550
   566
  and   "inv2 (balance_left lt k v rt)"
krauss@26192
   567
using assms 
haftmann@35550
   568
by (induct lt k v rt rule: balance_left.induct) (auto simp: balance_inv2 balance_bheight)
krauss@26192
   569
haftmann@35550
   570
lemma balance_left_inv2_app: 
haftmann@35534
   571
  assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "color_of rt = B"
haftmann@35550
   572
  shows "inv2 (balance_left lt k v rt)" 
haftmann@35550
   573
        "bheight (balance_left lt k v rt) = bheight rt"
krauss@26192
   574
using assms 
haftmann@35550
   575
by (induct lt k v rt rule: balance_left.induct) (auto simp add: balance_inv2 balance_bheight)+ 
krauss@26192
   576
haftmann@35550
   577
lemma balance_left_inv1: "\<lbrakk>inv1l a; inv1 b; color_of b = B\<rbrakk> \<Longrightarrow> inv1 (balance_left a k x b)"
haftmann@35550
   578
  by (induct a k x b rule: balance_left.induct) (simp add: balance_inv1)+
krauss@26192
   579
haftmann@35550
   580
lemma balance_left_inv1l: "\<lbrakk> inv1l lt; inv1 rt \<rbrakk> \<Longrightarrow> inv1l (balance_left lt k x rt)"
haftmann@35550
   581
by (induct lt k x rt rule: balance_left.induct) (auto simp: balance_inv1)
krauss@26192
   582
Andreas@47450
   583
lemma (in linorder) balance_left_rbt_sorted: 
Andreas@47450
   584
  "\<lbrakk> rbt_sorted l; rbt_sorted r; rbt_less k l; k \<guillemotleft>| r \<rbrakk> \<Longrightarrow> rbt_sorted (balance_left l k v r)"
haftmann@35550
   585
apply (induct l k v r rule: balance_left.induct)
Andreas@47450
   586
apply (auto simp: balance_rbt_sorted)
Andreas@47450
   587
apply (unfold rbt_greater_prop rbt_less_prop)
krauss@26192
   588
by force+
krauss@26192
   589
Andreas@47450
   590
context order begin
Andreas@47450
   591
Andreas@47450
   592
lemma balance_left_rbt_greater: 
Andreas@47450
   593
  fixes k :: "'a"
krauss@26192
   594
  assumes "k \<guillemotleft>| a" "k \<guillemotleft>| b" "k < x" 
haftmann@35550
   595
  shows "k \<guillemotleft>| balance_left a x t b"
krauss@26192
   596
using assms 
haftmann@35550
   597
by (induct a x t b rule: balance_left.induct) auto
krauss@26192
   598
Andreas@47450
   599
lemma balance_left_rbt_less: 
Andreas@47450
   600
  fixes k :: "'a"
krauss@26192
   601
  assumes "a |\<guillemotleft> k" "b |\<guillemotleft> k" "x < k" 
haftmann@35550
   602
  shows "balance_left a x t b |\<guillemotleft> k"
krauss@26192
   603
using assms
haftmann@35550
   604
by (induct a x t b rule: balance_left.induct) auto
krauss@26192
   605
Andreas@47450
   606
end
Andreas@47450
   607
haftmann@35550
   608
lemma balance_left_in_tree: 
haftmann@35534
   609
  assumes "inv1l l" "inv1 r" "bheight l + 1 = bheight r"
haftmann@35550
   610
  shows "entry_in_tree k v (balance_left l a b r) = (entry_in_tree k v l \<or> k = a \<and> v = b \<or> entry_in_tree k v r)"
krauss@26192
   611
using assms 
haftmann@35550
   612
by (induct l k v r rule: balance_left.induct) (auto simp: balance_in_tree)
krauss@26192
   613
krauss@26192
   614
fun
haftmann@35550
   615
  balance_right :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   616
where
haftmann@35550
   617
  "balance_right a k x (Branch R b s y c) = Branch R a k x (Branch B b s y c)" |
haftmann@35550
   618
  "balance_right (Branch B a k x b) s y bl = balance (Branch R a k x b) s y bl" |
haftmann@35550
   619
  "balance_right (Branch R a k x (Branch B b s y c)) t z bl = Branch R (balance (paint R a) k x b) s y (Branch B c t z bl)" |
haftmann@35550
   620
  "balance_right t k x s = Empty"
krauss@26192
   621
haftmann@35550
   622
lemma balance_right_inv2_with_inv1:
haftmann@35534
   623
  assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt + 1" "inv1 lt"
haftmann@35550
   624
  shows "inv2 (balance_right lt k v rt) \<and> bheight (balance_right lt k v rt) = bheight lt"
krauss@26192
   625
using assms
haftmann@35550
   626
by (induct lt k v rt rule: balance_right.induct) (auto simp: balance_inv2 balance_bheight)
krauss@26192
   627
haftmann@35550
   628
lemma balance_right_inv1: "\<lbrakk>inv1 a; inv1l b; color_of a = B\<rbrakk> \<Longrightarrow> inv1 (balance_right a k x b)"
haftmann@35550
   629
by (induct a k x b rule: balance_right.induct) (simp add: balance_inv1)+
krauss@26192
   630
haftmann@35550
   631
lemma balance_right_inv1l: "\<lbrakk> inv1 lt; inv1l rt \<rbrakk> \<Longrightarrow>inv1l (balance_right lt k x rt)"
haftmann@35550
   632
by (induct lt k x rt rule: balance_right.induct) (auto simp: balance_inv1)
krauss@26192
   633
Andreas@47450
   634
lemma (in linorder) balance_right_rbt_sorted:
Andreas@47450
   635
  "\<lbrakk> rbt_sorted l; rbt_sorted r; rbt_less k l; k \<guillemotleft>| r \<rbrakk> \<Longrightarrow> rbt_sorted (balance_right l k v r)"
haftmann@35550
   636
apply (induct l k v r rule: balance_right.induct)
Andreas@47450
   637
apply (auto simp:balance_rbt_sorted)
Andreas@47450
   638
apply (unfold rbt_less_prop rbt_greater_prop)
krauss@26192
   639
by force+
krauss@26192
   640
Andreas@47450
   641
context order begin
Andreas@47450
   642
Andreas@47450
   643
lemma balance_right_rbt_greater: 
Andreas@47450
   644
  fixes k :: "'a"
krauss@26192
   645
  assumes "k \<guillemotleft>| a" "k \<guillemotleft>| b" "k < x" 
haftmann@35550
   646
  shows "k \<guillemotleft>| balance_right a x t b"
haftmann@35550
   647
using assms by (induct a x t b rule: balance_right.induct) auto
krauss@26192
   648
Andreas@47450
   649
lemma balance_right_rbt_less: 
Andreas@47450
   650
  fixes k :: "'a"
krauss@26192
   651
  assumes "a |\<guillemotleft> k" "b |\<guillemotleft> k" "x < k" 
haftmann@35550
   652
  shows "balance_right a x t b |\<guillemotleft> k"
haftmann@35550
   653
using assms by (induct a x t b rule: balance_right.induct) auto
krauss@26192
   654
Andreas@47450
   655
end
Andreas@47450
   656
haftmann@35550
   657
lemma balance_right_in_tree:
haftmann@35534
   658
  assumes "inv1 l" "inv1l r" "bheight l = bheight r + 1" "inv2 l" "inv2 r"
haftmann@35550
   659
  shows "entry_in_tree x y (balance_right l k v r) = (entry_in_tree x y l \<or> x = k \<and> y = v \<or> entry_in_tree x y r)"
haftmann@35550
   660
using assms by (induct l k v r rule: balance_right.induct) (auto simp: balance_in_tree)
krauss@26192
   661
krauss@26192
   662
fun
haftmann@35550
   663
  combine :: "('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   664
where
haftmann@35550
   665
  "combine Empty x = x" 
haftmann@35550
   666
| "combine x Empty = x" 
haftmann@35550
   667
| "combine (Branch R a k x b) (Branch R c s y d) = (case (combine b c) of
Andreas@47450
   668
                                    Branch R b2 t z c2 \<Rightarrow> (Branch R (Branch R a k x b2) t z (Branch R c2 s y d)) |
Andreas@47450
   669
                                    bc \<Rightarrow> Branch R a k x (Branch R bc s y d))" 
haftmann@35550
   670
| "combine (Branch B a k x b) (Branch B c s y d) = (case (combine b c) of
Andreas@47450
   671
                                    Branch R b2 t z c2 \<Rightarrow> Branch R (Branch B a k x b2) t z (Branch B c2 s y d) |
Andreas@47450
   672
                                    bc \<Rightarrow> balance_left a k x (Branch B bc s y d))" 
haftmann@35550
   673
| "combine a (Branch R b k x c) = Branch R (combine a b) k x c" 
haftmann@35550
   674
| "combine (Branch R a k x b) c = Branch R a k x (combine b c)" 
krauss@26192
   675
haftmann@35550
   676
lemma combine_inv2:
haftmann@35534
   677
  assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt"
haftmann@35550
   678
  shows "bheight (combine lt rt) = bheight lt" "inv2 (combine lt rt)"
krauss@26192
   679
using assms 
haftmann@35550
   680
by (induct lt rt rule: combine.induct) 
haftmann@35550
   681
   (auto simp: balance_left_inv2_app split: rbt.splits color.splits)
krauss@26192
   682
haftmann@35550
   683
lemma combine_inv1: 
krauss@26192
   684
  assumes "inv1 lt" "inv1 rt"
haftmann@35550
   685
  shows "color_of lt = B \<Longrightarrow> color_of rt = B \<Longrightarrow> inv1 (combine lt rt)"
haftmann@35550
   686
         "inv1l (combine lt rt)"
krauss@26192
   687
using assms 
haftmann@35550
   688
by (induct lt rt rule: combine.induct)
haftmann@35550
   689
   (auto simp: balance_left_inv1 split: rbt.splits color.splits)
krauss@26192
   690
Andreas@47450
   691
context linorder begin
Andreas@47450
   692
Andreas@47450
   693
lemma combine_rbt_greater[simp]: 
Andreas@47450
   694
  fixes k :: "'a"
krauss@26192
   695
  assumes "k \<guillemotleft>| l" "k \<guillemotleft>| r" 
haftmann@35550
   696
  shows "k \<guillemotleft>| combine l r"
krauss@26192
   697
using assms 
haftmann@35550
   698
by (induct l r rule: combine.induct)
Andreas@47450
   699
   (auto simp: balance_left_rbt_greater split:rbt.splits color.splits)
krauss@26192
   700
Andreas@47450
   701
lemma combine_rbt_less[simp]: 
Andreas@47450
   702
  fixes k :: "'a"
krauss@26192
   703
  assumes "l |\<guillemotleft> k" "r |\<guillemotleft> k" 
haftmann@35550
   704
  shows "combine l r |\<guillemotleft> k"
krauss@26192
   705
using assms 
haftmann@35550
   706
by (induct l r rule: combine.induct)
Andreas@47450
   707
   (auto simp: balance_left_rbt_less split:rbt.splits color.splits)
krauss@26192
   708
Andreas@47450
   709
lemma combine_rbt_sorted: 
Andreas@47450
   710
  fixes k :: "'a"
Andreas@47450
   711
  assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
Andreas@47450
   712
  shows "rbt_sorted (combine l r)"
haftmann@35550
   713
using assms proof (induct l r rule: combine.induct)
krauss@26192
   714
  case (3 a x v b c y w d)
krauss@26192
   715
  hence ineqs: "a |\<guillemotleft> x" "x \<guillemotleft>| b" "b |\<guillemotleft> k" "k \<guillemotleft>| c" "c |\<guillemotleft> y" "y \<guillemotleft>| d"
krauss@26192
   716
    by auto
krauss@26192
   717
  with 3
krauss@26192
   718
  show ?case
haftmann@35550
   719
    by (cases "combine b c" rule: rbt_cases)
Andreas@47450
   720
      (auto, (metis combine_rbt_greater combine_rbt_less ineqs ineqs rbt_less_simps(2) rbt_greater_simps(2) rbt_greater_trans rbt_less_trans)+)
krauss@26192
   721
next
krauss@26192
   722
  case (4 a x v b c y w d)
Andreas@47450
   723
  hence "x < k \<and> rbt_greater k c" by simp
Andreas@47450
   724
  hence "rbt_greater x c" by (blast dest: rbt_greater_trans)
Andreas@47450
   725
  with 4 have 2: "rbt_greater x (combine b c)" by (simp add: combine_rbt_greater)
Andreas@47450
   726
  from 4 have "k < y \<and> rbt_less k b" by simp
Andreas@47450
   727
  hence "rbt_less y b" by (blast dest: rbt_less_trans)
Andreas@47450
   728
  with 4 have 3: "rbt_less y (combine b c)" by (simp add: combine_rbt_less)
krauss@26192
   729
  show ?case
haftmann@35550
   730
  proof (cases "combine b c" rule: rbt_cases)
krauss@26192
   731
    case Empty
Andreas@47450
   732
    from 4 have "x < y \<and> rbt_greater y d" by auto
Andreas@47450
   733
    hence "rbt_greater x d" by (blast dest: rbt_greater_trans)
Andreas@47450
   734
    with 4 Empty have "rbt_sorted a" and "rbt_sorted (Branch B Empty y w d)"
Andreas@47450
   735
      and "rbt_less x a" and "rbt_greater x (Branch B Empty y w d)" by auto
Andreas@47450
   736
    with Empty show ?thesis by (simp add: balance_left_rbt_sorted)
krauss@26192
   737
  next
krauss@26192
   738
    case (Red lta va ka rta)
Andreas@47450
   739
    with 2 4 have "x < va \<and> rbt_less x a" by simp
Andreas@47450
   740
    hence 5: "rbt_less va a" by (blast dest: rbt_less_trans)
Andreas@47450
   741
    from Red 3 4 have "va < y \<and> rbt_greater y d" by simp
Andreas@47450
   742
    hence "rbt_greater va d" by (blast dest: rbt_greater_trans)
krauss@26192
   743
    with Red 2 3 4 5 show ?thesis by simp
krauss@26192
   744
  next
krauss@26192
   745
    case (Black lta va ka rta)
Andreas@47450
   746
    from 4 have "x < y \<and> rbt_greater y d" by auto
Andreas@47450
   747
    hence "rbt_greater x d" by (blast dest: rbt_greater_trans)
Andreas@47450
   748
    with Black 2 3 4 have "rbt_sorted a" and "rbt_sorted (Branch B (combine b c) y w d)" 
Andreas@47450
   749
      and "rbt_less x a" and "rbt_greater x (Branch B (combine b c) y w d)" by auto
Andreas@47450
   750
    with Black show ?thesis by (simp add: balance_left_rbt_sorted)
krauss@26192
   751
  qed
krauss@26192
   752
next
krauss@26192
   753
  case (5 va vb vd vc b x w c)
Andreas@47450
   754
  hence "k < x \<and> rbt_less k (Branch B va vb vd vc)" by simp
Andreas@47450
   755
  hence "rbt_less x (Branch B va vb vd vc)" by (blast dest: rbt_less_trans)
Andreas@47450
   756
  with 5 show ?case by (simp add: combine_rbt_less)
krauss@26192
   757
next
krauss@26192
   758
  case (6 a x v b va vb vd vc)
Andreas@47450
   759
  hence "x < k \<and> rbt_greater k (Branch B va vb vd vc)" by simp
Andreas@47450
   760
  hence "rbt_greater x (Branch B va vb vd vc)" by (blast dest: rbt_greater_trans)
Andreas@47450
   761
  with 6 show ?case by (simp add: combine_rbt_greater)
krauss@26192
   762
qed simp+
krauss@26192
   763
Andreas@47450
   764
end
Andreas@47450
   765
haftmann@35550
   766
lemma combine_in_tree: 
haftmann@35534
   767
  assumes "inv2 l" "inv2 r" "bheight l = bheight r" "inv1 l" "inv1 r"
haftmann@35550
   768
  shows "entry_in_tree k v (combine l r) = (entry_in_tree k v l \<or> entry_in_tree k v r)"
krauss@26192
   769
using assms 
haftmann@35550
   770
proof (induct l r rule: combine.induct)
krauss@26192
   771
  case (4 _ _ _ b c)
haftmann@35550
   772
  hence a: "bheight (combine b c) = bheight b" by (simp add: combine_inv2)
haftmann@35550
   773
  from 4 have b: "inv1l (combine b c)" by (simp add: combine_inv1)
krauss@26192
   774
krauss@26192
   775
  show ?case
haftmann@35550
   776
  proof (cases "combine b c" rule: rbt_cases)
krauss@26192
   777
    case Empty
haftmann@35550
   778
    with 4 a show ?thesis by (auto simp: balance_left_in_tree)
krauss@26192
   779
  next
krauss@26192
   780
    case (Red lta ka va rta)
krauss@26192
   781
    with 4 show ?thesis by auto
krauss@26192
   782
  next
krauss@26192
   783
    case (Black lta ka va rta)
haftmann@35550
   784
    with a b 4  show ?thesis by (auto simp: balance_left_in_tree)
krauss@26192
   785
  qed 
krauss@26192
   786
qed (auto split: rbt.splits color.splits)
krauss@26192
   787
Andreas@47450
   788
context ord begin
Andreas@47450
   789
krauss@26192
   790
fun
Andreas@47450
   791
  rbt_del_from_left :: "'a \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt" and
Andreas@47450
   792
  rbt_del_from_right :: "'a \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt" and
Andreas@47450
   793
  rbt_del :: "'a\<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   794
where
Andreas@47450
   795
  "rbt_del x Empty = Empty" |
Andreas@47450
   796
  "rbt_del x (Branch c a y s b) = 
Andreas@47450
   797
   (if x < y then rbt_del_from_left x a y s b 
Andreas@47450
   798
    else (if x > y then rbt_del_from_right x a y s b else combine a b))" |
Andreas@47450
   799
  "rbt_del_from_left x (Branch B lt z v rt) y s b = balance_left (rbt_del x (Branch B lt z v rt)) y s b" |
Andreas@47450
   800
  "rbt_del_from_left x a y s b = Branch R (rbt_del x a) y s b" |
Andreas@47450
   801
  "rbt_del_from_right x a y s (Branch B lt z v rt) = balance_right a y s (rbt_del x (Branch B lt z v rt))" | 
Andreas@47450
   802
  "rbt_del_from_right x a y s b = Branch R a y s (rbt_del x b)"
Andreas@47450
   803
Andreas@47450
   804
end
Andreas@47450
   805
Andreas@47450
   806
context linorder begin
krauss@26192
   807
krauss@26192
   808
lemma 
krauss@26192
   809
  assumes "inv2 lt" "inv1 lt"
krauss@26192
   810
  shows
haftmann@35534
   811
  "\<lbrakk>inv2 rt; bheight lt = bheight rt; inv1 rt\<rbrakk> \<Longrightarrow>
Andreas@47450
   812
   inv2 (rbt_del_from_left x lt k v rt) \<and> 
Andreas@47450
   813
   bheight (rbt_del_from_left x lt k v rt) = bheight lt \<and> 
Andreas@47450
   814
   (color_of lt = B \<and> color_of rt = B \<and> inv1 (rbt_del_from_left x lt k v rt) \<or> 
Andreas@47450
   815
    (color_of lt \<noteq> B \<or> color_of rt \<noteq> B) \<and> inv1l (rbt_del_from_left x lt k v rt))"
haftmann@35534
   816
  and "\<lbrakk>inv2 rt; bheight lt = bheight rt; inv1 rt\<rbrakk> \<Longrightarrow>
Andreas@47450
   817
  inv2 (rbt_del_from_right x lt k v rt) \<and> 
Andreas@47450
   818
  bheight (rbt_del_from_right x lt k v rt) = bheight lt \<and> 
Andreas@47450
   819
  (color_of lt = B \<and> color_of rt = B \<and> inv1 (rbt_del_from_right x lt k v rt) \<or> 
Andreas@47450
   820
   (color_of lt \<noteq> B \<or> color_of rt \<noteq> B) \<and> inv1l (rbt_del_from_right x lt k v rt))"
Andreas@47450
   821
  and rbt_del_inv1_inv2: "inv2 (rbt_del x lt) \<and> (color_of lt = R \<and> bheight (rbt_del x lt) = bheight lt \<and> inv1 (rbt_del x lt) 
Andreas@47450
   822
  \<or> color_of lt = B \<and> bheight (rbt_del x lt) = bheight lt - 1 \<and> inv1l (rbt_del x lt))"
krauss@26192
   823
using assms
Andreas@47450
   824
proof (induct x lt k v rt and x lt k v rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
krauss@26192
   825
case (2 y c _ y')
krauss@26192
   826
  have "y = y' \<or> y < y' \<or> y > y'" by auto
krauss@26192
   827
  thus ?case proof (elim disjE)
krauss@26192
   828
    assume "y = y'"
haftmann@35550
   829
    with 2 show ?thesis by (cases c) (simp add: combine_inv2 combine_inv1)+
krauss@26192
   830
  next
krauss@26192
   831
    assume "y < y'"
krauss@26192
   832
    with 2 show ?thesis by (cases c) auto
krauss@26192
   833
  next
krauss@26192
   834
    assume "y' < y"
krauss@26192
   835
    with 2 show ?thesis by (cases c) auto
krauss@26192
   836
  qed
krauss@26192
   837
next
krauss@26192
   838
  case (3 y lt z v rta y' ss bb) 
haftmann@35550
   839
  thus ?case by (cases "color_of (Branch B lt z v rta) = B \<and> color_of bb = B") (simp add: balance_left_inv2_with_inv1 balance_left_inv1 balance_left_inv1l)+
krauss@26192
   840
next
krauss@26192
   841
  case (5 y a y' ss lt z v rta)
haftmann@35550
   842
  thus ?case by (cases "color_of a = B \<and> color_of (Branch B lt z v rta) = B") (simp add: balance_right_inv2_with_inv1 balance_right_inv1 balance_right_inv1l)+
krauss@26192
   843
next
haftmann@35534
   844
  case ("6_1" y a y' ss) thus ?case by (cases "color_of a = B \<and> color_of Empty = B") simp+
krauss@26192
   845
qed auto
krauss@26192
   846
krauss@26192
   847
lemma 
Andreas@47450
   848
  rbt_del_from_left_rbt_less: "\<lbrakk> lt |\<guillemotleft> v; rt |\<guillemotleft> v; k < v\<rbrakk> \<Longrightarrow> rbt_del_from_left x lt k y rt |\<guillemotleft> v"
Andreas@47450
   849
  and rbt_del_from_right_rbt_less: "\<lbrakk>lt |\<guillemotleft> v; rt |\<guillemotleft> v; k < v\<rbrakk> \<Longrightarrow> rbt_del_from_right x lt k y rt |\<guillemotleft> v"
Andreas@47450
   850
  and rbt_del_rbt_less: "lt |\<guillemotleft> v \<Longrightarrow> rbt_del x lt |\<guillemotleft> v"
Andreas@47450
   851
by (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct) 
Andreas@47450
   852
   (auto simp: balance_left_rbt_less balance_right_rbt_less)
krauss@26192
   853
Andreas@47450
   854
lemma rbt_del_from_left_rbt_greater: "\<lbrakk>v \<guillemotleft>| lt; v \<guillemotleft>| rt; k > v\<rbrakk> \<Longrightarrow> v \<guillemotleft>| rbt_del_from_left x lt k y rt"
Andreas@47450
   855
  and rbt_del_from_right_rbt_greater: "\<lbrakk>v \<guillemotleft>| lt; v \<guillemotleft>| rt; k > v\<rbrakk> \<Longrightarrow> v \<guillemotleft>| rbt_del_from_right x lt k y rt"
Andreas@47450
   856
  and rbt_del_rbt_greater: "v \<guillemotleft>| lt \<Longrightarrow> v \<guillemotleft>| rbt_del x lt"
Andreas@47450
   857
by (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
Andreas@47450
   858
   (auto simp: balance_left_rbt_greater balance_right_rbt_greater)
krauss@26192
   859
Andreas@47450
   860
lemma "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> k; k \<guillemotleft>| rt\<rbrakk> \<Longrightarrow> rbt_sorted (rbt_del_from_left x lt k y rt)"
Andreas@47450
   861
  and "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> k; k \<guillemotleft>| rt\<rbrakk> \<Longrightarrow> rbt_sorted (rbt_del_from_right x lt k y rt)"
Andreas@47450
   862
  and rbt_del_rbt_sorted: "rbt_sorted lt \<Longrightarrow> rbt_sorted (rbt_del x lt)"
Andreas@47450
   863
proof (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
krauss@26192
   864
  case (3 x lta zz v rta yy ss bb)
Andreas@47450
   865
  from 3 have "Branch B lta zz v rta |\<guillemotleft> yy" by simp
Andreas@47450
   866
  hence "rbt_del x (Branch B lta zz v rta) |\<guillemotleft> yy" by (rule rbt_del_rbt_less)
Andreas@47450
   867
  with 3 show ?case by (simp add: balance_left_rbt_sorted)
krauss@26192
   868
next
krauss@26192
   869
  case ("4_2" x vaa vbb vdd vc yy ss bb)
Andreas@47450
   870
  hence "Branch R vaa vbb vdd vc |\<guillemotleft> yy" by simp
Andreas@47450
   871
  hence "rbt_del x (Branch R vaa vbb vdd vc) |\<guillemotleft> yy" by (rule rbt_del_rbt_less)
krauss@26192
   872
  with "4_2" show ?case by simp
krauss@26192
   873
next
krauss@26192
   874
  case (5 x aa yy ss lta zz v rta) 
Andreas@47450
   875
  hence "yy \<guillemotleft>| Branch B lta zz v rta" by simp
Andreas@47450
   876
  hence "yy \<guillemotleft>| rbt_del x (Branch B lta zz v rta)" by (rule rbt_del_rbt_greater)
Andreas@47450
   877
  with 5 show ?case by (simp add: balance_right_rbt_sorted)
krauss@26192
   878
next
krauss@26192
   879
  case ("6_2" x aa yy ss vaa vbb vdd vc)
Andreas@47450
   880
  hence "yy \<guillemotleft>| Branch R vaa vbb vdd vc" by simp
Andreas@47450
   881
  hence "yy \<guillemotleft>| rbt_del x (Branch R vaa vbb vdd vc)" by (rule rbt_del_rbt_greater)
krauss@26192
   882
  with "6_2" show ?case by simp
Andreas@47450
   883
qed (auto simp: combine_rbt_sorted)
krauss@26192
   884
Andreas@47450
   885
lemma "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> kt; kt \<guillemotleft>| rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bheight lt = bheight rt; x < kt\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del_from_left x lt kt y rt) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v (Branch c lt kt y rt)))"
Andreas@47450
   886
  and "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> kt; kt \<guillemotleft>| rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bheight lt = bheight rt; x > kt\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del_from_right x lt kt y rt) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v (Branch c lt kt y rt)))"
Andreas@47450
   887
  and rbt_del_in_tree: "\<lbrakk>rbt_sorted t; inv1 t; inv2 t\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del x t) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v t))"
Andreas@47450
   888
proof (induct x lt kt y rt and x lt kt y rt and x t rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
krauss@26192
   889
  case (2 xx c aa yy ss bb)
krauss@26192
   890
  have "xx = yy \<or> xx < yy \<or> xx > yy" by auto
krauss@26192
   891
  from this 2 show ?case proof (elim disjE)
krauss@26192
   892
    assume "xx = yy"
krauss@26192
   893
    with 2 show ?thesis proof (cases "xx = k")
krauss@26192
   894
      case True
wenzelm@60500
   895
      from 2 \<open>xx = yy\<close> \<open>xx = k\<close> have "rbt_sorted (Branch c aa yy ss bb) \<and> k = yy" by simp
Andreas@47450
   896
      hence "\<not> entry_in_tree k v aa" "\<not> entry_in_tree k v bb" by (auto simp: rbt_less_nit rbt_greater_prop)
wenzelm@60500
   897
      with \<open>xx = yy\<close> 2 \<open>xx = k\<close> show ?thesis by (simp add: combine_in_tree)
haftmann@35550
   898
    qed (simp add: combine_in_tree)
krauss@26192
   899
  qed simp+
krauss@26192
   900
next    
krauss@26192
   901
  case (3 xx lta zz vv rta yy ss bb)
wenzelm@63040
   902
  define mt where [simp]: "mt = Branch B lta zz vv rta"
krauss@26192
   903
  from 3 have "inv2 mt \<and> inv1 mt" by simp
Andreas@47450
   904
  hence "inv2 (rbt_del xx mt) \<and> (color_of mt = R \<and> bheight (rbt_del xx mt) = bheight mt \<and> inv1 (rbt_del xx mt) \<or> color_of mt = B \<and> bheight (rbt_del xx mt) = bheight mt - 1 \<and> inv1l (rbt_del xx mt))" by (blast dest: rbt_del_inv1_inv2)
Andreas@47450
   905
  with 3 have 4: "entry_in_tree k v (rbt_del_from_left xx mt yy ss bb) = (False \<or> xx \<noteq> k \<and> entry_in_tree k v mt \<or> (k = yy \<and> v = ss) \<or> entry_in_tree k v bb)" by (simp add: balance_left_in_tree)
krauss@26192
   906
  thus ?case proof (cases "xx = k")
krauss@26192
   907
    case True
Andreas@47450
   908
    from 3 True have "yy \<guillemotleft>| bb \<and> yy > k" by simp
Andreas@47450
   909
    hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
Andreas@47450
   910
    with 3 4 True show ?thesis by (auto simp: rbt_greater_nit)
krauss@26192
   911
  qed auto
krauss@26192
   912
next
krauss@26192
   913
  case ("4_1" xx yy ss bb)
krauss@26192
   914
  show ?case proof (cases "xx = k")
krauss@26192
   915
    case True
Andreas@47450
   916
    with "4_1" have "yy \<guillemotleft>| bb \<and> k < yy" by simp
Andreas@47450
   917
    hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
wenzelm@60500
   918
    with "4_1" \<open>xx = k\<close> 
Andreas@47450
   919
   have "entry_in_tree k v (Branch R Empty yy ss bb) = entry_in_tree k v Empty" by (auto simp: rbt_greater_nit)
krauss@26192
   920
    thus ?thesis by auto
krauss@26192
   921
  qed simp+
krauss@26192
   922
next
krauss@26192
   923
  case ("4_2" xx vaa vbb vdd vc yy ss bb)
krauss@26192
   924
  thus ?case proof (cases "xx = k")
krauss@26192
   925
    case True
Andreas@47450
   926
    with "4_2" have "k < yy \<and> yy \<guillemotleft>| bb" by simp
Andreas@47450
   927
    hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
Andreas@47450
   928
    with True "4_2" show ?thesis by (auto simp: rbt_greater_nit)
haftmann@35550
   929
  qed auto
krauss@26192
   930
next
krauss@26192
   931
  case (5 xx aa yy ss lta zz vv rta)
wenzelm@63040
   932
  define mt where [simp]: "mt = Branch B lta zz vv rta"
krauss@26192
   933
  from 5 have "inv2 mt \<and> inv1 mt" by simp
Andreas@47450
   934
  hence "inv2 (rbt_del xx mt) \<and> (color_of mt = R \<and> bheight (rbt_del xx mt) = bheight mt \<and> inv1 (rbt_del xx mt) \<or> color_of mt = B \<and> bheight (rbt_del xx mt) = bheight mt - 1 \<and> inv1l (rbt_del xx mt))" by (blast dest: rbt_del_inv1_inv2)
Andreas@47450
   935
  with 5 have 3: "entry_in_tree k v (rbt_del_from_right xx aa yy ss mt) = (entry_in_tree k v aa \<or> (k = yy \<and> v = ss) \<or> False \<or> xx \<noteq> k \<and> entry_in_tree k v mt)" by (simp add: balance_right_in_tree)
krauss@26192
   936
  thus ?case proof (cases "xx = k")
krauss@26192
   937
    case True
Andreas@47450
   938
    from 5 True have "aa |\<guillemotleft> yy \<and> yy < k" by simp
Andreas@47450
   939
    hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
Andreas@47450
   940
    with 3 5 True show ?thesis by (auto simp: rbt_less_nit)
krauss@26192
   941
  qed auto
krauss@26192
   942
next
krauss@26192
   943
  case ("6_1" xx aa yy ss)
krauss@26192
   944
  show ?case proof (cases "xx = k")
krauss@26192
   945
    case True
Andreas@47450
   946
    with "6_1" have "aa |\<guillemotleft> yy \<and> k > yy" by simp
Andreas@47450
   947
    hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
wenzelm@60500
   948
    with "6_1" \<open>xx = k\<close> show ?thesis by (auto simp: rbt_less_nit)
krauss@26192
   949
  qed simp
krauss@26192
   950
next
krauss@26192
   951
  case ("6_2" xx aa yy ss vaa vbb vdd vc)
krauss@26192
   952
  thus ?case proof (cases "xx = k")
krauss@26192
   953
    case True
Andreas@47450
   954
    with "6_2" have "k > yy \<and> aa |\<guillemotleft> yy" by simp
Andreas@47450
   955
    hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
Andreas@47450
   956
    with True "6_2" show ?thesis by (auto simp: rbt_less_nit)
haftmann@35550
   957
  qed auto
krauss@26192
   958
qed simp
krauss@26192
   959
Andreas@47450
   960
definition (in ord) rbt_delete where
Andreas@47450
   961
  "rbt_delete k t = paint B (rbt_del k t)"
krauss@26192
   962
Andreas@47450
   963
theorem rbt_delete_is_rbt [simp]: assumes "is_rbt t" shows "is_rbt (rbt_delete k t)"
krauss@26192
   964
proof -
haftmann@35534
   965
  from assms have "inv2 t" and "inv1 t" unfolding is_rbt_def by auto 
Andreas@47450
   966
  hence "inv2 (rbt_del k t) \<and> (color_of t = R \<and> bheight (rbt_del k t) = bheight t \<and> inv1 (rbt_del k t) \<or> color_of t = B \<and> bheight (rbt_del k t) = bheight t - 1 \<and> inv1l (rbt_del k t))" by (rule rbt_del_inv1_inv2)
Andreas@47450
   967
  hence "inv2 (rbt_del k t) \<and> inv1l (rbt_del k t)" by (cases "color_of t") auto
krauss@26192
   968
  with assms show ?thesis
Andreas@47450
   969
    unfolding is_rbt_def rbt_delete_def
Andreas@47450
   970
    by (auto intro: paint_rbt_sorted rbt_del_rbt_sorted)
krauss@26192
   971
qed
krauss@26192
   972
Andreas@47450
   973
lemma rbt_delete_in_tree: 
haftmann@35534
   974
  assumes "is_rbt t" 
Andreas@47450
   975
  shows "entry_in_tree k v (rbt_delete x t) = (x \<noteq> k \<and> entry_in_tree k v t)"
Andreas@47450
   976
  using assms unfolding is_rbt_def rbt_delete_def
Andreas@47450
   977
  by (auto simp: rbt_del_in_tree)
krauss@26192
   978
Andreas@47450
   979
lemma rbt_lookup_rbt_delete:
haftmann@35534
   980
  assumes is_rbt: "is_rbt t"
Andreas@47450
   981
  shows "rbt_lookup (rbt_delete k t) = (rbt_lookup t)|`(-{k})"
krauss@26192
   982
proof
krauss@26192
   983
  fix x
Andreas@47450
   984
  show "rbt_lookup (rbt_delete k t) x = (rbt_lookup t |` (-{k})) x" 
krauss@26192
   985
  proof (cases "x = k")
krauss@26192
   986
    assume "x = k" 
haftmann@35534
   987
    with is_rbt show ?thesis
Andreas@47450
   988
      by (cases "rbt_lookup (rbt_delete k t) k") (auto simp: rbt_lookup_in_tree rbt_delete_in_tree)
krauss@26192
   989
  next
krauss@26192
   990
    assume "x \<noteq> k"
krauss@26192
   991
    thus ?thesis
Andreas@47450
   992
      by auto (metis is_rbt rbt_delete_is_rbt rbt_delete_in_tree is_rbt_rbt_sorted rbt_lookup_from_in_tree)
krauss@26192
   993
  qed
krauss@26192
   994
qed
krauss@26192
   995
Andreas@47450
   996
end
haftmann@35550
   997
wenzelm@60500
   998
subsection \<open>Modifying existing entries\<close>
krauss@26192
   999
Andreas@47450
  1000
context ord begin
Andreas@47450
  1001
krauss@26192
  1002
primrec
Andreas@47450
  1003
  rbt_map_entry :: "'a \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
krauss@26192
  1004
where
Andreas@47450
  1005
  "rbt_map_entry k f Empty = Empty"
Andreas@47450
  1006
| "rbt_map_entry k f (Branch c lt x v rt) =
Andreas@47450
  1007
    (if k < x then Branch c (rbt_map_entry k f lt) x v rt
Andreas@47450
  1008
    else if k > x then (Branch c lt x v (rbt_map_entry k f rt))
haftmann@35602
  1009
    else Branch c lt x (f v) rt)"
krauss@26192
  1010
Andreas@47450
  1011
Andreas@47450
  1012
lemma rbt_map_entry_color_of: "color_of (rbt_map_entry k f t) = color_of t" by (induct t) simp+
Andreas@47450
  1013
lemma rbt_map_entry_inv1: "inv1 (rbt_map_entry k f t) = inv1 t" by (induct t) (simp add: rbt_map_entry_color_of)+
Andreas@47450
  1014
lemma rbt_map_entry_inv2: "inv2 (rbt_map_entry k f t) = inv2 t" "bheight (rbt_map_entry k f t) = bheight t" by (induct t) simp+
Andreas@47450
  1015
lemma rbt_map_entry_rbt_greater: "rbt_greater a (rbt_map_entry k f t) = rbt_greater a t" by (induct t) simp+
Andreas@47450
  1016
lemma rbt_map_entry_rbt_less: "rbt_less a (rbt_map_entry k f t) = rbt_less a t" by (induct t) simp+
Andreas@47450
  1017
lemma rbt_map_entry_rbt_sorted: "rbt_sorted (rbt_map_entry k f t) = rbt_sorted t"
Andreas@47450
  1018
  by (induct t) (simp_all add: rbt_map_entry_rbt_less rbt_map_entry_rbt_greater)
krauss@26192
  1019
Andreas@47450
  1020
theorem rbt_map_entry_is_rbt [simp]: "is_rbt (rbt_map_entry k f t) = is_rbt t" 
Andreas@47450
  1021
unfolding is_rbt_def by (simp add: rbt_map_entry_inv2 rbt_map_entry_color_of rbt_map_entry_rbt_sorted rbt_map_entry_inv1 )
krauss@26192
  1022
Andreas@47450
  1023
end
Andreas@47450
  1024
Andreas@47450
  1025
theorem (in linorder) rbt_lookup_rbt_map_entry:
blanchet@55466
  1026
  "rbt_lookup (rbt_map_entry k f t) = (rbt_lookup t)(k := map_option f (rbt_lookup t k))"
nipkow@39302
  1027
  by (induct t) (auto split: option.splits simp add: fun_eq_iff)
krauss@26192
  1028
wenzelm@60500
  1029
subsection \<open>Mapping all entries\<close>
krauss@26192
  1030
krauss@26192
  1031
primrec
haftmann@35602
  1032
  map :: "('a \<Rightarrow> 'b \<Rightarrow> 'c) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'c) rbt"
krauss@26192
  1033
where
haftmann@35550
  1034
  "map f Empty = Empty"
haftmann@35550
  1035
| "map f (Branch c lt k v rt) = Branch c (map f lt) k (f k v) (map f rt)"
krauss@32237
  1036
haftmann@35550
  1037
lemma map_entries [simp]: "entries (map f t) = List.map (\<lambda>(k, v). (k, f k v)) (entries t)"
haftmann@35550
  1038
  by (induct t) auto
haftmann@35550
  1039
lemma map_keys [simp]: "keys (map f t) = keys t" by (simp add: keys_def split_def)
haftmann@35550
  1040
lemma map_color_of: "color_of (map f t) = color_of t" by (induct t) simp+
haftmann@35550
  1041
lemma map_inv1: "inv1 (map f t) = inv1 t" by (induct t) (simp add: map_color_of)+
haftmann@35550
  1042
lemma map_inv2: "inv2 (map f t) = inv2 t" "bheight (map f t) = bheight t" by (induct t) simp+
Andreas@47450
  1043
Andreas@47450
  1044
context ord begin
Andreas@47450
  1045
Andreas@47450
  1046
lemma map_rbt_greater: "rbt_greater k (map f t) = rbt_greater k t" by (induct t) simp+
Andreas@47450
  1047
lemma map_rbt_less: "rbt_less k (map f t) = rbt_less k t" by (induct t) simp+
Andreas@47450
  1048
lemma map_rbt_sorted: "rbt_sorted (map f t) = rbt_sorted t"  by (induct t) (simp add: map_rbt_less map_rbt_greater)+
haftmann@35550
  1049
theorem map_is_rbt [simp]: "is_rbt (map f t) = is_rbt t" 
Andreas@47450
  1050
unfolding is_rbt_def by (simp add: map_inv1 map_inv2 map_rbt_sorted map_color_of)
krauss@32237
  1051
Andreas@47450
  1052
end
krauss@26192
  1053
blanchet@55466
  1054
theorem (in linorder) rbt_lookup_map: "rbt_lookup (map f t) x = map_option (f x) (rbt_lookup t x)"
Andreas@47450
  1055
  apply(induct t)
Andreas@47450
  1056
  apply auto
blanchet@58257
  1057
  apply(rename_tac a b c, subgoal_tac "x = a")
Andreas@47450
  1058
  apply auto
Andreas@47450
  1059
  done
Andreas@47450
  1060
 (* FIXME: simproc "antisym less" does not work for linorder context, only for linorder type class
Andreas@47450
  1061
    by (induct t) auto *)
haftmann@35550
  1062
Andreas@49770
  1063
hide_const (open) map
Andreas@49770
  1064
wenzelm@60500
  1065
subsection \<open>Folding over entries\<close>
haftmann@35550
  1066
haftmann@35550
  1067
definition fold :: "('a \<Rightarrow> 'b \<Rightarrow> 'c \<Rightarrow> 'c) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> 'c \<Rightarrow> 'c" where
blanchet@55414
  1068
  "fold f t = List.fold (case_prod f) (entries t)"
krauss@26192
  1069
Andreas@49770
  1070
lemma fold_simps [simp]:
haftmann@35550
  1071
  "fold f Empty = id"
haftmann@35550
  1072
  "fold f (Branch c lt k v rt) = fold f rt \<circ> f k v \<circ> fold f lt"
nipkow@39302
  1073
  by (simp_all add: fold_def fun_eq_iff)
haftmann@35534
  1074
Andreas@49770
  1075
lemma fold_code [code]:
Andreas@49810
  1076
  "fold f Empty x = x"
Andreas@49810
  1077
  "fold f (Branch c lt k v rt) x = fold f rt (f k v (fold f lt x))"
Andreas@49770
  1078
by(simp_all)
Andreas@49770
  1079
wenzelm@67408
  1080
\<comment> \<open>fold with continuation predicate\<close>
kuncar@48621
  1081
fun foldi :: "('c \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> 'c \<Rightarrow> 'c) \<Rightarrow> ('a :: linorder, 'b) rbt \<Rightarrow> 'c \<Rightarrow> 'c" 
kuncar@48621
  1082
  where
kuncar@48621
  1083
  "foldi c f Empty s = s" |
kuncar@48621
  1084
  "foldi c f (Branch col l k v r) s = (
kuncar@48621
  1085
    if (c s) then
kuncar@48621
  1086
      let s' = foldi c f l s in
kuncar@48621
  1087
        if (c s') then
kuncar@48621
  1088
          foldi c f r (f k v s')
kuncar@48621
  1089
        else s'
kuncar@48621
  1090
    else 
kuncar@48621
  1091
      s
kuncar@48621
  1092
  )"
haftmann@35606
  1093
wenzelm@60500
  1094
subsection \<open>Bulkloading a tree\<close>
haftmann@35606
  1095
Andreas@47450
  1096
definition (in ord) rbt_bulkload :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt" where
Andreas@47450
  1097
  "rbt_bulkload xs = foldr (\<lambda>(k, v). rbt_insert k v) xs Empty"
Andreas@47450
  1098
Andreas@47450
  1099
context linorder begin
haftmann@35606
  1100
Andreas@47450
  1101
lemma rbt_bulkload_is_rbt [simp, intro]:
Andreas@47450
  1102
  "is_rbt (rbt_bulkload xs)"
Andreas@47450
  1103
  unfolding rbt_bulkload_def by (induct xs) auto
haftmann@35606
  1104
Andreas@47450
  1105
lemma rbt_lookup_rbt_bulkload:
Andreas@47450
  1106
  "rbt_lookup (rbt_bulkload xs) = map_of xs"
haftmann@35606
  1107
proof -
haftmann@35606
  1108
  obtain ys where "ys = rev xs" by simp
haftmann@35606
  1109
  have "\<And>t. is_rbt t \<Longrightarrow>
blanchet@55414
  1110
    rbt_lookup (List.fold (case_prod rbt_insert) ys t) = rbt_lookup t ++ map_of (rev ys)"
blanchet@55414
  1111
      by (induct ys) (simp_all add: rbt_bulkload_def rbt_lookup_rbt_insert case_prod_beta)
haftmann@35606
  1112
  from this Empty_is_rbt have
blanchet@55414
  1113
    "rbt_lookup (List.fold (case_prod rbt_insert) (rev xs) Empty) = rbt_lookup Empty ++ map_of xs"
wenzelm@60500
  1114
     by (simp add: \<open>ys = rev xs\<close>)
Andreas@47450
  1115
  then show ?thesis by (simp add: rbt_bulkload_def rbt_lookup_Empty foldr_conv_fold)
haftmann@35606
  1116
qed
haftmann@35606
  1117
Andreas@47450
  1118
end
Andreas@47450
  1119
Andreas@49770
  1120
Andreas@49770
  1121
wenzelm@60500
  1122
subsection \<open>Building a RBT from a sorted list\<close>
Andreas@49770
  1123
wenzelm@60500
  1124
text \<open>
Andreas@49770
  1125
  These functions have been adapted from 
Andreas@49770
  1126
  Andrew W. Appel, Efficient Verified Red-Black Trees (September 2011) 
wenzelm@60500
  1127
\<close>
Andreas@49770
  1128
Andreas@49770
  1129
fun rbtreeify_f :: "nat \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt \<times> ('a \<times> 'b) list"
Andreas@49770
  1130
  and rbtreeify_g :: "nat \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt \<times> ('a \<times> 'b) list"
Andreas@49770
  1131
where
Andreas@49770
  1132
  "rbtreeify_f n kvs =
Andreas@49770
  1133
   (if n = 0 then (Empty, kvs)
Andreas@49770
  1134
    else if n = 1 then
Andreas@49770
  1135
      case kvs of (k, v) # kvs' \<Rightarrow> (Branch R Empty k v Empty, kvs')
Andreas@49770
  1136
    else if (n mod 2 = 0) then
Andreas@49770
  1137
      case rbtreeify_f (n div 2) kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1138
        apfst (Branch B t1 k v) (rbtreeify_g (n div 2) kvs')
Andreas@49770
  1139
    else case rbtreeify_f (n div 2) kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1140
        apfst (Branch B t1 k v) (rbtreeify_f (n div 2) kvs'))"
Andreas@49770
  1141
Andreas@49770
  1142
| "rbtreeify_g n kvs =
Andreas@49770
  1143
   (if n = 0 \<or> n = 1 then (Empty, kvs)
Andreas@49770
  1144
    else if n mod 2 = 0 then
Andreas@49770
  1145
      case rbtreeify_g (n div 2) kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1146
        apfst (Branch B t1 k v) (rbtreeify_g (n div 2) kvs')
Andreas@49770
  1147
    else case rbtreeify_f (n div 2) kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1148
        apfst (Branch B t1 k v) (rbtreeify_g (n div 2) kvs'))"
Andreas@49770
  1149
Andreas@49770
  1150
definition rbtreeify :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt"
Andreas@49770
  1151
where "rbtreeify kvs = fst (rbtreeify_g (Suc (length kvs)) kvs)"
Andreas@49770
  1152
Andreas@49770
  1153
declare rbtreeify_f.simps [simp del] rbtreeify_g.simps [simp del]
Andreas@49770
  1154
Andreas@49770
  1155
lemma rbtreeify_f_code [code]:
Andreas@49770
  1156
  "rbtreeify_f n kvs =
Andreas@49770
  1157
   (if n = 0 then (Empty, kvs)
Andreas@49770
  1158
    else if n = 1 then
Andreas@49770
  1159
      case kvs of (k, v) # kvs' \<Rightarrow> 
Andreas@49770
  1160
        (Branch R Empty k v Empty, kvs')
haftmann@61433
  1161
    else let (n', r) = Divides.divmod_nat n 2 in
Andreas@49770
  1162
      if r = 0 then
Andreas@49770
  1163
        case rbtreeify_f n' kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1164
          apfst (Branch B t1 k v) (rbtreeify_g n' kvs')
Andreas@49770
  1165
      else case rbtreeify_f n' kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1166
          apfst (Branch B t1 k v) (rbtreeify_f n' kvs'))"
haftmann@66808
  1167
by (subst rbtreeify_f.simps) (simp only: Let_def divmod_nat_def prod.case)
Andreas@49770
  1168
Andreas@49770
  1169
lemma rbtreeify_g_code [code]:
Andreas@49770
  1170
  "rbtreeify_g n kvs =
Andreas@49770
  1171
   (if n = 0 \<or> n = 1 then (Empty, kvs)
haftmann@61433
  1172
    else let (n', r) = Divides.divmod_nat n 2 in
Andreas@49770
  1173
      if r = 0 then
Andreas@49770
  1174
        case rbtreeify_g n' kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1175
          apfst (Branch B t1 k v) (rbtreeify_g n' kvs')
Andreas@49770
  1176
      else case rbtreeify_f n' kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1177
          apfst (Branch B t1 k v) (rbtreeify_g n' kvs'))"
haftmann@66808
  1178
by(subst rbtreeify_g.simps)(simp only: Let_def divmod_nat_def prod.case)
Andreas@49770
  1179
Andreas@49770
  1180
lemma Suc_double_half: "Suc (2 * n) div 2 = n"
Andreas@49770
  1181
by simp
Andreas@49770
  1182
Andreas@49770
  1183
lemma div2_plus_div2: "n div 2 + n div 2 = (n :: nat) - n mod 2"
Andreas@49770
  1184
by arith
Andreas@49770
  1185
Andreas@49770
  1186
lemma rbtreeify_f_rec_aux_lemma:
Andreas@49770
  1187
  "\<lbrakk>k - n div 2 = Suc k'; n \<le> k; n mod 2 = Suc 0\<rbrakk>
Andreas@49770
  1188
  \<Longrightarrow> k' - n div 2 = k - n"
Andreas@49770
  1189
apply(rule add_right_imp_eq[where a = "n - n div 2"])
Andreas@49770
  1190
apply(subst add_diff_assoc2, arith)
Andreas@49770
  1191
apply(simp add: div2_plus_div2)
Andreas@49770
  1192
done
Andreas@49770
  1193
Andreas@49770
  1194
lemma rbtreeify_f_simps:
blanchet@59575
  1195
  "rbtreeify_f 0 kvs = (Empty, kvs)"
Andreas@49770
  1196
  "rbtreeify_f (Suc 0) ((k, v) # kvs) = 
Andreas@49770
  1197
  (Branch R Empty k v Empty, kvs)"
Andreas@49770
  1198
  "0 < n \<Longrightarrow> rbtreeify_f (2 * n) kvs =
Andreas@49770
  1199
   (case rbtreeify_f n kvs of (t1, (k, v) # kvs') \<Rightarrow>
Andreas@49770
  1200
     apfst (Branch B t1 k v) (rbtreeify_g n kvs'))"
Andreas@49770
  1201
  "0 < n \<Longrightarrow> rbtreeify_f (Suc (2 * n)) kvs =
Andreas@49770
  1202
   (case rbtreeify_f n kvs of (t1, (k, v) # kvs') \<Rightarrow> 
Andreas@49770
  1203
     apfst (Branch B t1 k v) (rbtreeify_f n kvs'))"
Andreas@49770
  1204
by(subst (1) rbtreeify_f.simps, simp add: Suc_double_half)+
Andreas@49770
  1205
Andreas@49770
  1206
lemma rbtreeify_g_simps:
Andreas@49770
  1207
  "rbtreeify_g 0 kvs = (Empty, kvs)"
Andreas@49770
  1208
  "rbtreeify_g (Suc 0) kvs = (Empty, kvs)"
Andreas@49770
  1209
  "0 < n \<Longrightarrow> rbtreeify_g (2 * n) kvs =
Andreas@49770
  1210
   (case rbtreeify_g n kvs of (t1, (k, v) # kvs') \<Rightarrow> 
Andreas@49770
  1211
     apfst (Branch B t1 k v) (rbtreeify_g n kvs'))"
Andreas@49770
  1212
  "0 < n \<Longrightarrow> rbtreeify_g (Suc (2 * n)) kvs =
Andreas@49770
  1213
   (case rbtreeify_f n kvs of (t1, (k, v) # kvs') \<Rightarrow> 
Andreas@49770
  1214
     apfst (Branch B t1 k v) (rbtreeify_g n kvs'))"
Andreas@49770
  1215
by(subst (1) rbtreeify_g.simps, simp add: Suc_double_half)+
Andreas@49770
  1216
Andreas@49770
  1217
declare rbtreeify_f_simps[simp] rbtreeify_g_simps[simp]
Andreas@49770
  1218
Andreas@49770
  1219
lemma length_rbtreeify_f: "n \<le> length kvs
Andreas@49770
  1220
  \<Longrightarrow> length (snd (rbtreeify_f n kvs)) = length kvs - n"
Andreas@49770
  1221
  and length_rbtreeify_g:"\<lbrakk> 0 < n; n \<le> Suc (length kvs) \<rbrakk>
Andreas@49770
  1222
  \<Longrightarrow> length (snd (rbtreeify_g n kvs)) = Suc (length kvs) - n"
Andreas@49770
  1223
proof(induction n kvs and n kvs rule: rbtreeify_f_rbtreeify_g.induct)
Andreas@49770
  1224
  case (1 n kvs)
Andreas@49770
  1225
  show ?case
Andreas@49770
  1226
  proof(cases "n \<le> 1")
Andreas@49770
  1227
    case True thus ?thesis using "1.prems"
Andreas@49770
  1228
      by(cases n kvs rule: nat.exhaust[case_product list.exhaust]) auto
Andreas@49770
  1229
  next
Andreas@49770
  1230
    case False
Andreas@49770
  1231
    hence "n \<noteq> 0" "n \<noteq> 1" by simp_all
Andreas@49770
  1232
    note IH = "1.IH"[OF this]
Andreas@49770
  1233
    show ?thesis
Andreas@49770
  1234
    proof(cases "n mod 2 = 0")
Andreas@49770
  1235
      case True
Andreas@49770
  1236
      hence "length (snd (rbtreeify_f n kvs)) = 
Andreas@49770
  1237
        length (snd (rbtreeify_f (2 * (n div 2)) kvs))"
haftmann@64246
  1238
        by(metis minus_nat.diff_0 minus_mod_eq_mult_div [symmetric])
Andreas@49770
  1239
      also from "1.prems" False obtain k v kvs' 
Andreas@49770
  1240
        where kvs: "kvs = (k, v) # kvs'" by(cases kvs) auto
Andreas@49770
  1241
      also have "0 < n div 2" using False by(simp) 
Andreas@49770
  1242
      note rbtreeify_f_simps(3)[OF this]
Andreas@49770
  1243
      also note kvs[symmetric] 
Andreas@49770
  1244
      also let ?rest1 = "snd (rbtreeify_f (n div 2) kvs)"
Andreas@49770
  1245
      from "1.prems" have "n div 2 \<le> length kvs" by simp
Andreas@49770
  1246
      with True have len: "length ?rest1 = length kvs - n div 2" by(rule IH)
Andreas@49770
  1247
      with "1.prems" False obtain t1 k' v' kvs''
Andreas@49770
  1248
        where kvs'': "rbtreeify_f (n div 2) kvs = (t1, (k', v') # kvs'')"
Andreas@49770
  1249
         by(cases ?rest1)(auto simp add: snd_def split: prod.split_asm)
blanchet@55412
  1250
      note this also note prod.case also note list.simps(5) 
blanchet@55412
  1251
      also note prod.case also note snd_apfst
Andreas@49770
  1252
      also have "0 < n div 2" "n div 2 \<le> Suc (length kvs'')" 
Andreas@49770
  1253
        using len "1.prems" False unfolding kvs'' by simp_all
Andreas@49770
  1254
      with True kvs''[symmetric] refl refl
Andreas@49770
  1255
      have "length (snd (rbtreeify_g (n div 2) kvs'')) = 
Andreas@49770
  1256
        Suc (length kvs'') - n div 2" by(rule IH)
Andreas@49770
  1257
      finally show ?thesis using len[unfolded kvs''] "1.prems" True
haftmann@64246
  1258
        by(simp add: Suc_diff_le[symmetric] mult_2[symmetric] minus_mod_eq_mult_div [symmetric])
Andreas@49770
  1259
    next
Andreas@49770
  1260
      case False
Andreas@49770
  1261
      hence "length (snd (rbtreeify_f n kvs)) = 
Andreas@49770
  1262
        length (snd (rbtreeify_f (Suc (2 * (n div 2))) kvs))"
haftmann@59554
  1263
        by (simp add: mod_eq_0_iff_dvd)
wenzelm@60500
  1264
      also from "1.prems" \<open>\<not> n \<le> 1\<close> obtain k v kvs' 
Andreas@49770
  1265
        where kvs: "kvs = (k, v) # kvs'" by(cases kvs) auto
wenzelm@60500
  1266
      also have "0 < n div 2" using \<open>\<not> n \<le> 1\<close> by(simp) 
Andreas@49770
  1267
      note rbtreeify_f_simps(4)[OF this]
Andreas@49770
  1268
      also note kvs[symmetric] 
Andreas@49770
  1269
      also let ?rest1 = "snd (rbtreeify_f (n div 2) kvs)"
Andreas@49770
  1270
      from "1.prems" have "n div 2 \<le> length kvs" by simp
Andreas@49770
  1271
      with False have len: "length ?rest1 = length kvs - n div 2" by(rule IH)
wenzelm@60500
  1272
      with "1.prems" \<open>\<not> n \<le> 1\<close> obtain t1 k' v' kvs''
Andreas@49770
  1273
        where kvs'': "rbtreeify_f (n div 2) kvs = (t1, (k', v') # kvs'')"
Andreas@49770
  1274
        by(cases ?rest1)(auto simp add: snd_def split: prod.split_asm)
blanchet@55412
  1275
      note this also note prod.case also note list.simps(5)
blanchet@55412
  1276
      also note prod.case also note snd_apfst
Andreas@49770
  1277
      also have "n div 2 \<le> length kvs''" 
Andreas@49770
  1278
        using len "1.prems" False unfolding kvs'' by simp arith
Andreas@49770
  1279
      with False kvs''[symmetric] refl refl
Andreas@49770
  1280
      have "length (snd (rbtreeify_f (n div 2) kvs'')) = length kvs'' - n div 2"
Andreas@49770
  1281
        by(rule IH)
Andreas@49770
  1282
      finally show ?thesis using len[unfolded kvs''] "1.prems" False
Andreas@49770
  1283
        by simp(rule rbtreeify_f_rec_aux_lemma[OF sym])
Andreas@49770
  1284
    qed
Andreas@49770
  1285
  qed
Andreas@49770
  1286
next
Andreas@49770
  1287
  case (2 n kvs)
Andreas@49770
  1288
  show ?case
Andreas@49770
  1289
  proof(cases "n > 1")
wenzelm@60500
  1290
    case False with \<open>0 < n\<close> show ?thesis
Andreas@49770
  1291
      by(cases n kvs rule: nat.exhaust[case_product list.exhaust]) simp_all
Andreas@49770
  1292
  next
Andreas@49770
  1293
    case True
Andreas@49770
  1294
    hence "\<not> (n = 0 \<or> n = 1)" by simp
Andreas@49770
  1295
    note IH = "2.IH"[OF this]
Andreas@49770
  1296
    show ?thesis
Andreas@49770
  1297
    proof(cases "n mod 2 = 0")
Andreas@49770
  1298
      case True
Andreas@49770
  1299
      hence "length (snd (rbtreeify_g n kvs)) =
Andreas@49770
  1300
        length (snd (rbtreeify_g (2 * (n div 2)) kvs))"
haftmann@64246
  1301
        by(metis minus_nat.diff_0 minus_mod_eq_mult_div [symmetric])
Andreas@49770
  1302
      also from "2.prems" True obtain k v kvs' 
Andreas@49770
  1303
        where kvs: "kvs = (k, v) # kvs'" by(cases kvs) auto
wenzelm@60500
  1304
      also have "0 < n div 2" using \<open>1 < n\<close> by(simp) 
Andreas@49770
  1305
      note rbtreeify_g_simps(3)[OF this]
Andreas@49770
  1306
      also note kvs[symmetric] 
Andreas@49770
  1307
      also let ?rest1 = "snd (rbtreeify_g (n div 2) kvs)"
wenzelm@60500
  1308
      from "2.prems" \<open>1 < n\<close>
Andreas@49770
  1309
      have "0 < n div 2" "n div 2 \<le> Suc (length kvs)" by simp_all
Andreas@49770
  1310
      with True have len: "length ?rest1 = Suc (length kvs) - n div 2" by(rule IH)
Andreas@49770
  1311
      with "2.prems" obtain t1 k' v' kvs''
Andreas@49770
  1312
        where kvs'': "rbtreeify_g (n div 2) kvs = (t1, (k', v') # kvs'')"
Andreas@49770
  1313
        by(cases ?rest1)(auto simp add: snd_def split: prod.split_asm)
blanchet@55412
  1314
      note this also note prod.case also note list.simps(5) 
blanchet@55412
  1315
      also note prod.case also note snd_apfst
Andreas@49770
  1316
      also have "n div 2 \<le> Suc (length kvs'')" 
Andreas@49770
  1317
        using len "2.prems" unfolding kvs'' by simp
wenzelm@60500
  1318
      with True kvs''[symmetric] refl refl \<open>0 < n div 2\<close>
Andreas@49770
  1319
      have "length (snd (rbtreeify_g (n div 2) kvs'')) = Suc (length kvs'') - n div 2"
Andreas@49770
  1320
        by(rule IH)
Andreas@49770
  1321
      finally show ?thesis using len[unfolded kvs''] "2.prems" True
haftmann@64246
  1322
        by(simp add: Suc_diff_le[symmetric] mult_2[symmetric] minus_mod_eq_mult_div [symmetric])
Andreas@49770
  1323
    next
Andreas@49770
  1324
      case False
Andreas@49770
  1325
      hence "length (snd (rbtreeify_g n kvs)) = 
Andreas@49770
  1326
        length (snd (rbtreeify_g (Suc (2 * (n div 2))) kvs))"
haftmann@59554
  1327
        by (simp add: mod_eq_0_iff_dvd)
wenzelm@60500
  1328
      also from "2.prems" \<open>1 < n\<close> obtain k v kvs'
Andreas@49770
  1329
        where kvs: "kvs = (k, v) # kvs'" by(cases kvs) auto
wenzelm@60500
  1330
      also have "0 < n div 2" using \<open>1 < n\<close> by(simp)
Andreas@49770
  1331
      note rbtreeify_g_simps(4)[OF this]
Andreas@49770
  1332
      also note kvs[symmetric] 
Andreas@49770
  1333
      also let ?rest1 = "snd (rbtreeify_f (n div 2) kvs)"
Andreas@49770
  1334
      from "2.prems" have "n div 2 \<le> length kvs" by simp
Andreas@49770
  1335
      with False have len: "length ?rest1 = length kvs - n div 2" by(rule IH)
wenzelm@60500
  1336
      with "2.prems" \<open>1 < n\<close> False obtain t1 k' v' kvs'' 
Andreas@49770
  1337
        where kvs'': "rbtreeify_f (n div 2) kvs = (t1, (k', v') # kvs'')"
Andreas@49770
  1338
        by(cases ?rest1)(auto simp add: snd_def split: prod.split_asm, arith)
blanchet@55412
  1339
      note this also note prod.case also note list.simps(5) 
blanchet@55412
  1340
      also note prod.case also note snd_apfst
Andreas@49770
  1341
      also have "n div 2 \<le> Suc (length kvs'')" 
Andreas@49770
  1342
        using len "2.prems" False unfolding kvs'' by simp arith
wenzelm@60500
  1343
      with False kvs''[symmetric] refl refl \<open>0 < n div 2\<close>
Andreas@49770
  1344
      have "length (snd (rbtreeify_g (n div 2) kvs'')) = Suc (length kvs'') - n div 2"
Andreas@49770
  1345
        by(rule IH)
Andreas@49770
  1346
      finally show ?thesis using len[unfolded kvs''] "2.prems" False
Andreas@49770
  1347
        by(simp add: div2_plus_div2)
Andreas@49770
  1348
    qed
Andreas@49770
  1349
  qed
Andreas@49770
  1350
qed
Andreas@49770
  1351
Andreas@49770
  1352
lemma rbtreeify_induct [consumes 1, case_names f_0 f_1 f_even f_odd g_0 g_1 g_even g_odd]:
Andreas@49770
  1353
  fixes P Q
Andreas@49770
  1354
  defines "f0 == (\<And>kvs. P 0 kvs)"
Andreas@49770
  1355
  and "f1 == (\<And>k v kvs. P (Suc 0) ((k, v) # kvs))"
Andreas@49770
  1356
  and "feven ==
Andreas@49770
  1357
    (\<And>n kvs t k v kvs'. \<lbrakk> n > 0; n \<le> length kvs; P n kvs; 
Andreas@49770
  1358
       rbtreeify_f n kvs = (t, (k, v) # kvs'); n \<le> Suc (length kvs'); Q n kvs' \<rbrakk> 
Andreas@49770
  1359
     \<Longrightarrow> P (2 * n) kvs)"
Andreas@49770
  1360
  and "fodd == 
Andreas@49770
  1361
    (\<And>n kvs t k v kvs'. \<lbrakk> n > 0; n \<le> length kvs; P n kvs;
Andreas@49770
  1362
       rbtreeify_f n kvs = (t, (k, v) # kvs'); n \<le> length kvs'; P n kvs' \<rbrakk> 
Andreas@49770
  1363
    \<Longrightarrow> P (Suc (2 * n)) kvs)"
Andreas@49770
  1364
  and "g0 == (\<And>kvs. Q 0 kvs)"
Andreas@49770
  1365
  and "g1 == (\<And>kvs. Q (Suc 0) kvs)"
Andreas@49770
  1366
  and "geven == 
Andreas@49770
  1367
    (\<And>n kvs t k v kvs'. \<lbrakk> n > 0; n \<le> Suc (length kvs); Q n kvs; 
Andreas@49770
  1368
       rbtreeify_g n kvs = (t, (k, v) # kvs'); n \<le> Suc (length kvs'); Q n kvs' \<rbrakk>
Andreas@49770
  1369
    \<Longrightarrow> Q (2 * n) kvs)"
Andreas@49770
  1370
  and "godd == 
Andreas@49770
  1371
    (\<And>n kvs t k v kvs'. \<lbrakk> n > 0; n \<le> length kvs; P n kvs;
Andreas@49770
  1372
       rbtreeify_f n kvs = (t, (k, v) # kvs'); n \<le> Suc (length kvs'); Q n kvs' \<rbrakk>
Andreas@49770
  1373
    \<Longrightarrow> Q (Suc (2 * n)) kvs)"
Andreas@49770
  1374
  shows "\<lbrakk> n \<le> length kvs; 
Andreas@49770
  1375
           PROP f0; PROP f1; PROP feven; PROP fodd; 
Andreas@49770
  1376
           PROP g0; PROP g1; PROP geven; PROP godd \<rbrakk>
Andreas@49770
  1377
         \<Longrightarrow> P n kvs"
Andreas@49770
  1378
  and "\<lbrakk> n \<le> Suc (length kvs);
Andreas@49770
  1379
          PROP f0; PROP f1; PROP feven; PROP fodd; 
Andreas@49770
  1380
          PROP g0; PROP g1; PROP geven; PROP godd \<rbrakk>
Andreas@49770
  1381
       \<Longrightarrow> Q n kvs"
Andreas@49770
  1382
proof -
Andreas@49770
  1383
  assume f0: "PROP f0" and f1: "PROP f1" and feven: "PROP feven" and fodd: "PROP fodd"
Andreas@49770
  1384
    and g0: "PROP g0" and g1: "PROP g1" and geven: "PROP geven" and godd: "PROP godd"
Andreas@49770
  1385
  show "n \<le> length kvs \<Longrightarrow> P n kvs" and "n \<le> Suc (length kvs) \<Longrightarrow> Q n kvs"
Andreas@49770
  1386
  proof(induction rule: rbtreeify_f_rbtreeify_g.induct)
Andreas@49770
  1387
    case (1 n kvs)
Andreas@49770
  1388
    show ?case
Andreas@49770
  1389
    proof(cases "n \<le> 1")
Andreas@49770
  1390
      case True thus ?thesis using "1.prems"
Andreas@49770
  1391
        by(cases n kvs rule: nat.exhaust[case_product list.exhaust])
Andreas@49770
  1392
          (auto simp add: f0[unfolded f0_def] f1[unfolded f1_def])
Andreas@49770
  1393
    next
Andreas@49770
  1394
      case False 
Andreas@49770
  1395
      hence ns: "n \<noteq> 0" "n \<noteq> 1" by simp_all
Andreas@49770
  1396
      hence ge0: "n div 2 > 0" by simp
Andreas@49770
  1397
      note IH = "1.IH"[OF ns]
Andreas@49770
  1398
      show ?thesis
Andreas@49770
  1399
      proof(cases "n mod 2 = 0")
Andreas@49770
  1400
        case True note ge0 
Andreas@49770
  1401
        moreover from "1.prems" have n2: "n div 2 \<le> length kvs" by simp
wenzelm@53374
  1402
        moreover from True n2 have "P (n div 2) kvs" by(rule IH)
Andreas@49770
  1403
        moreover from length_rbtreeify_f[OF n2] ge0 "1.prems" obtain t k v kvs' 
Andreas@49770
  1404
          where kvs': "rbtreeify_f (n div 2) kvs = (t, (k, v) # kvs')"
Andreas@49770
  1405
          by(cases "snd (rbtreeify_f (n div 2) kvs)")
Andreas@49770
  1406
            (auto simp add: snd_def split: prod.split_asm)
Andreas@49770
  1407
        moreover from "1.prems" length_rbtreeify_f[OF n2] ge0
wenzelm@53374
  1408
        have n2': "n div 2 \<le> Suc (length kvs')" by(simp add: kvs')
wenzelm@53374
  1409
        moreover from True kvs'[symmetric] refl refl n2'
Andreas@49770
  1410
        have "Q (n div 2) kvs'" by(rule IH)
Andreas@49770
  1411
        moreover note feven[unfolded feven_def]
Andreas@49770
  1412
          (* FIXME: why does by(rule feven[unfolded feven_def]) not work? *)
Andreas@49770
  1413
        ultimately have "P (2 * (n div 2)) kvs" by -
haftmann@64243
  1414
        thus ?thesis using True by (metis minus_mod_eq_div_mult [symmetric] minus_nat.diff_0 mult.commute)
Andreas@49770
  1415
      next
Andreas@49770
  1416
        case False note ge0
Andreas@49770
  1417
        moreover from "1.prems" have n2: "n div 2 \<le> length kvs" by simp
wenzelm@53374
  1418
        moreover from False n2 have "P (n div 2) kvs" by(rule IH)
Andreas@49770
  1419
        moreover from length_rbtreeify_f[OF n2] ge0 "1.prems" obtain t k v kvs' 
Andreas@49770
  1420
          where kvs': "rbtreeify_f (n div 2) kvs = (t, (k, v) # kvs')"
Andreas@49770
  1421
          by(cases "snd (rbtreeify_f (n div 2) kvs)")
Andreas@49770
  1422
            (auto simp add: snd_def split: prod.split_asm)
Andreas@49770
  1423
        moreover from "1.prems" length_rbtreeify_f[OF n2] ge0 False
wenzelm@53374
  1424
        have n2': "n div 2 \<le> length kvs'" by(simp add: kvs') arith
wenzelm@53374
  1425
        moreover from False kvs'[symmetric] refl refl n2' have "P (n div 2) kvs'" by(rule IH)
Andreas@49770
  1426
        moreover note fodd[unfolded fodd_def]
Andreas@49770
  1427
        ultimately have "P (Suc (2 * (n div 2))) kvs" by -
Andreas@49770
  1428
        thus ?thesis using False 
haftmann@64246
  1429
          by simp (metis One_nat_def Suc_eq_plus1_left le_add_diff_inverse mod_less_eq_dividend minus_mod_eq_mult_div [symmetric])
Andreas@49770
  1430
      qed
Andreas@49770
  1431
    qed
Andreas@49770
  1432
  next
Andreas@49770
  1433
    case (2 n kvs)
Andreas@49770
  1434
    show ?case
Andreas@49770
  1435
    proof(cases "n \<le> 1")
Andreas@49770
  1436
      case True thus ?thesis using "2.prems"
Andreas@49770
  1437
        by(cases n kvs rule: nat.exhaust[case_product list.exhaust])
Andreas@49770
  1438
          (auto simp add: g0[unfolded g0_def] g1[unfolded g1_def])
Andreas@49770
  1439
    next
Andreas@49770
  1440
      case False 
Andreas@49770
  1441
      hence ns: "\<not> (n = 0 \<or> n = 1)" by simp
Andreas@49770
  1442
      hence ge0: "n div 2 > 0" by simp
Andreas@49770
  1443
      note IH = "2.IH"[OF ns]
Andreas@49770
  1444
      show ?thesis
Andreas@49770
  1445
      proof(cases "n mod 2 = 0")
Andreas@49770
  1446
        case True note ge0
Andreas@49770
  1447
        moreover from "2.prems" have n2: "n div 2 \<le> Suc (length kvs)" by simp
wenzelm@53374
  1448
        moreover from True n2 have "Q (n div 2) kvs" by(rule IH)
Andreas@49770
  1449
        moreover from length_rbtreeify_g[OF ge0 n2] ge0 "2.prems" obtain t k v kvs' 
Andreas@49770
  1450
          where kvs': "rbtreeify_g (n div 2) kvs = (t, (k, v) # kvs')"
Andreas@49770
  1451
          by(cases "snd (rbtreeify_g (n div 2) kvs)")
Andreas@49770
  1452
            (auto simp add: snd_def split: prod.split_asm)
Andreas@49770
  1453
        moreover from "2.prems" length_rbtreeify_g[OF ge0 n2] ge0
wenzelm@53374
  1454
        have n2': "n div 2 \<le> Suc (length kvs')" by(simp add: kvs')
wenzelm@53374
  1455
        moreover from True kvs'[symmetric] refl refl  n2'
Andreas@49770
  1456
        have "Q (n div 2) kvs'" by(rule IH)
Andreas@49770
  1457
        moreover note geven[unfolded geven_def]
Andreas@49770
  1458
        ultimately have "Q (2 * (n div 2)) kvs" by -
Andreas@49770
  1459
        thus ?thesis using True 
haftmann@64243
  1460
          by(metis minus_mod_eq_div_mult [symmetric] minus_nat.diff_0 mult.commute)
Andreas@49770
  1461
      next
Andreas@49770
  1462
        case False note ge0
Andreas@49770
  1463
        moreover from "2.prems" have n2: "n div 2 \<le> length kvs" by simp
wenzelm@53374
  1464
        moreover from False n2 have "P (n div 2) kvs" by(rule IH)
Andreas@49770
  1465
        moreover from length_rbtreeify_f[OF n2] ge0 "2.prems" False obtain t k v kvs' 
Andreas@49770
  1466
          where kvs': "rbtreeify_f (n div 2) kvs = (t, (k, v) # kvs')"
Andreas@49770
  1467
          by(cases "snd (rbtreeify_f (n div 2) kvs)")
Andreas@49770
  1468
            (auto simp add: snd_def split: prod.split_asm, arith)
Andreas@49770
  1469
        moreover from "2.prems" length_rbtreeify_f[OF n2] ge0 False
wenzelm@53374
  1470
        have n2': "n div 2 \<le> Suc (length kvs')" by(simp add: kvs') arith
wenzelm@53374
  1471
        moreover from False kvs'[symmetric] refl refl n2'
Andreas@49770
  1472
        have "Q (n div 2) kvs'" by(rule IH)
Andreas@49770
  1473
        moreover note godd[unfolded godd_def]
Andreas@49770
  1474
        ultimately have "Q (Suc (2 * (n div 2))) kvs" by -
Andreas@49770
  1475
        thus ?thesis using False 
haftmann@64246
  1476
          by simp (metis One_nat_def Suc_eq_plus1_left le_add_diff_inverse mod_less_eq_dividend minus_mod_eq_mult_div [symmetric])
Andreas@49770
  1477
      qed
Andreas@49770
  1478
    qed
Andreas@49770
  1479
  qed
Andreas@49770
  1480
qed
Andreas@49770
  1481
Andreas@49770
  1482
lemma inv1_rbtreeify_f: "n \<le> length kvs 
Andreas@49770
  1483
  \<Longrightarrow> inv1 (fst (rbtreeify_f n kvs))"
Andreas@49770
  1484
  and inv1_rbtreeify_g: "n \<le> Suc (length kvs)
Andreas@49770
  1485
  \<Longrightarrow> inv1 (fst (rbtreeify_g n kvs))"
Andreas@49770
  1486
by(induct n kvs and n kvs rule: rbtreeify_induct) simp_all
Andreas@49770
  1487
Andreas@49770
  1488
fun plog2 :: "nat \<Rightarrow> nat" 
Andreas@49770
  1489
where "plog2 n = (if n \<le> 1 then 0 else plog2 (n div 2) + 1)"
Andreas@49770
  1490
Andreas@49770
  1491
declare plog2.simps [simp del]
Andreas@49770
  1492
Andreas@49770
  1493
lemma plog2_simps [simp]:
Andreas@49770
  1494
  "plog2 0 = 0" "plog2 (Suc 0) = 0"
Andreas@49770
  1495
  "0 < n \<Longrightarrow> plog2 (2 * n) = 1 + plog2 n"
Andreas@49770
  1496
  "0 < n \<Longrightarrow> plog2 (Suc (2 * n)) = 1 + plog2 n"
Andreas@49770
  1497
by(subst plog2.simps, simp add: Suc_double_half)+
Andreas@49770
  1498
Andreas@49770
  1499
lemma bheight_rbtreeify_f: "n \<le> length kvs
Andreas@49770
  1500
  \<Longrightarrow> bheight (fst (rbtreeify_f n kvs)) = plog2 n"
Andreas@49770
  1501
  and bheight_rbtreeify_g: "n \<le> Suc (length kvs)
Andreas@49770
  1502
  \<Longrightarrow> bheight (fst (rbtreeify_g n kvs)) = plog2 n"
Andreas@49770
  1503
by(induct n kvs and n kvs rule: rbtreeify_induct) simp_all
Andreas@49770
  1504
Andreas@49770
  1505
lemma bheight_rbtreeify_f_eq_plog2I:
Andreas@49770
  1506
  "\<lbrakk> rbtreeify_f n kvs = (t, kvs'); n \<le> length kvs \<rbrakk> 
Andreas@49770
  1507
  \<Longrightarrow> bheight t = plog2 n"
Andreas@49770
  1508
using bheight_rbtreeify_f[of n kvs] by simp
Andreas@49770
  1509
Andreas@49770
  1510
lemma bheight_rbtreeify_g_eq_plog2I: 
Andreas@49770
  1511
  "\<lbrakk> rbtreeify_g n kvs = (t, kvs'); n \<le> Suc (length kvs) \<rbrakk>
Andreas@49770
  1512
  \<Longrightarrow> bheight t = plog2 n"
Andreas@49770
  1513
using bheight_rbtreeify_g[of n kvs] by simp
Andreas@49770
  1514
Andreas@49770
  1515
hide_const (open) plog2
Andreas@49770
  1516
Andreas@49770
  1517
lemma inv2_rbtreeify_f: "n \<le> length kvs
Andreas@49770
  1518
  \<Longrightarrow> inv2 (fst (rbtreeify_f n kvs))"
Andreas@49770
  1519
  and inv2_rbtreeify_g: "n \<le> Suc (length kvs)
Andreas@49770
  1520
  \<Longrightarrow> inv2 (fst (rbtreeify_g n kvs))"
Andreas@49770
  1521
by(induct n kvs and n kvs rule: rbtreeify_induct)
Andreas@49770
  1522
  (auto simp add: bheight_rbtreeify_f bheight_rbtreeify_g 
Andreas@49770
  1523
        intro: bheight_rbtreeify_f_eq_plog2I bheight_rbtreeify_g_eq_plog2I)
Andreas@49770
  1524
Andreas@49770
  1525
lemma "n \<le> length kvs \<Longrightarrow> True"
Andreas@49770
  1526
  and color_of_rbtreeify_g:
Andreas@49770
  1527
  "\<lbrakk> n \<le> Suc (length kvs); 0 < n \<rbrakk> 
Andreas@49770
  1528
  \<Longrightarrow> color_of (fst (rbtreeify_g n kvs)) = B"
Andreas@49770
  1529
by(induct n kvs and n kvs rule: rbtreeify_induct) simp_all
Andreas@49770
  1530
Andreas@49770
  1531
lemma entries_rbtreeify_f_append:
Andreas@49770
  1532
  "n \<le> length kvs 
Andreas@49770
  1533
  \<Longrightarrow> entries (fst (rbtreeify_f n kvs)) @ snd (rbtreeify_f n kvs) = kvs"
Andreas@49770
  1534
  and entries_rbtreeify_g_append: 
Andreas@49770
  1535
  "n \<le> Suc (length kvs) 
Andreas@49770
  1536
  \<Longrightarrow> entries (fst (rbtreeify_g n kvs)) @ snd (rbtreeify_g n kvs) = kvs"
Andreas@49770
  1537
by(induction rule: rbtreeify_induct) simp_all
Andreas@49770
  1538
Andreas@49770
  1539
lemma length_entries_rbtreeify_f:
Andreas@49770
  1540
  "n \<le> length kvs \<Longrightarrow> length (entries (fst (rbtreeify_f n kvs))) = n"
Andreas@49770
  1541
  and length_entries_rbtreeify_g: 
Andreas@49770
  1542
  "n \<le> Suc (length kvs) \<Longrightarrow> length (entries (fst (rbtreeify_g n kvs))) = n - 1"
Andreas@49770
  1543
by(induct rule: rbtreeify_induct) simp_all
Andreas@49770
  1544
Andreas@49770
  1545
lemma rbtreeify_f_conv_drop: 
Andreas@49770
  1546
  "n \<le> length kvs \<Longrightarrow> snd (rbtreeify_f n kvs) = drop n kvs"
Andreas@49770
  1547
using entries_rbtreeify_f_append[of n kvs]
Andreas@49770
  1548
by(simp add: append_eq_conv_conj length_entries_rbtreeify_f)
Andreas@49770
  1549
Andreas@49770
  1550
lemma rbtreeify_g_conv_drop: 
Andreas@49770
  1551
  "n \<le> Suc (length kvs) \<Longrightarrow> snd (rbtreeify_g n kvs) = drop (n - 1) kvs"
Andreas@49770
  1552
using entries_rbtreeify_g_append[of n kvs]
Andreas@49770
  1553
by(simp add: append_eq_conv_conj length_entries_rbtreeify_g)
Andreas@49770
  1554
Andreas@49770
  1555
lemma entries_rbtreeify_f [simp]:
Andreas@49770
  1556
  "n \<le> length kvs \<Longrightarrow> entries (fst (rbtreeify_f n kvs)) = take n kvs"
Andreas@49770
  1557
using entries_rbtreeify_f_append[of n kvs]
Andreas@49770
  1558
by(simp add: append_eq_conv_conj length_entries_rbtreeify_f)
Andreas@49770
  1559
Andreas@49770
  1560
lemma entries_rbtreeify_g [simp]:
Andreas@49770
  1561
  "n \<le> Suc (length kvs) \<Longrightarrow> 
Andreas@49770
  1562
  entries (fst (rbtreeify_g n kvs)) = take (n - 1) kvs"
Andreas@49770
  1563
using entries_rbtreeify_g_append[of n kvs]
Andreas@49770
  1564
by(simp add: append_eq_conv_conj length_entries_rbtreeify_g)
Andreas@49770
  1565
Andreas@49770
  1566
lemma keys_rbtreeify_f [simp]: "n \<le> length kvs
Andreas@49770
  1567
  \<Longrightarrow> keys (fst (rbtreeify_f n kvs)) = take n (map fst kvs)"
Andreas@49770
  1568
by(simp add: keys_def take_map)
Andreas@49770
  1569
Andreas@49770
  1570
lemma keys_rbtreeify_g [simp]: "n \<le> Suc (length kvs)
Andreas@49770
  1571
  \<Longrightarrow> keys (fst (rbtreeify_g n kvs)) = take (n - 1) (map fst kvs)"
Andreas@49770
  1572
by(simp add: keys_def take_map)
Andreas@49770
  1573
Andreas@49770
  1574
lemma rbtreeify_fD: 
Andreas@49770
  1575
  "\<lbrakk> rbtreeify_f n kvs = (t, kvs'); n \<le> length kvs \<rbrakk> 
Andreas@49770
  1576
  \<Longrightarrow> entries t = take n kvs \<and> kvs' = drop n kvs"
Andreas@49770
  1577
using rbtreeify_f_conv_drop[of n kvs] entries_rbtreeify_f[of n kvs] by simp
Andreas@49770
  1578
Andreas@49770
  1579
lemma rbtreeify_gD: 
Andreas@49770
  1580
  "\<lbrakk> rbtreeify_g n kvs = (t, kvs'); n \<le> Suc (length kvs) \<rbrakk>
Andreas@49770
  1581
  \<Longrightarrow> entries t = take (n - 1) kvs \<and> kvs' = drop (n - 1) kvs"
Andreas@49770
  1582
using rbtreeify_g_conv_drop[of n kvs] entries_rbtreeify_g[of n kvs] by simp
Andreas@49770
  1583
Andreas@49770
  1584
lemma entries_rbtreeify [simp]: "entries (rbtreeify kvs) = kvs"
Andreas@49770
  1585
by(simp add: rbtreeify_def entries_rbtreeify_g)
Andreas@49770
  1586
Andreas@49770
  1587
context linorder begin
Andreas@49770
  1588
Andreas@49770
  1589
lemma rbt_sorted_rbtreeify_f: 
Andreas@49770
  1590
  "\<lbrakk> n \<le> length kvs; sorted (map fst kvs); distinct (map fst kvs) \<rbrakk> 
Andreas@49770
  1591
  \<Longrightarrow> rbt_sorted (fst (rbtreeify_f n kvs))"
Andreas@49770
  1592
  and rbt_sorted_rbtreeify_g: 
Andreas@49770
  1593
  "\<lbrakk> n \<le> Suc (length kvs); sorted (map fst kvs); distinct (map fst kvs) \<rbrakk>
Andreas@49770
  1594
  \<Longrightarrow> rbt_sorted (fst (rbtreeify_g n kvs))"
Andreas@49770
  1595
proof(induction n kvs and n kvs rule: rbtreeify_induct)
Andreas@49770
  1596
  case (f_even n kvs t k v kvs')
wenzelm@60500
  1597
  from rbtreeify_fD[OF \<open>rbtreeify_f n kvs = (t, (k, v) # kvs')\<close> \<open>n \<le> length kvs\<close>]
Andreas@49770
  1598
  have "entries t = take n kvs"
Andreas@49770
  1599
    and kvs': "drop n kvs = (k, v) # kvs'" by simp_all
Andreas@49770
  1600
  hence unfold: "kvs = take n kvs @ (k, v) # kvs'" by(metis append_take_drop_id)
wenzelm@60500
  1601
  from \<open>sorted (map fst kvs)\<close> kvs'
Andreas@49770
  1602
  have "(\<forall>(x, y) \<in> set (take n kvs). x \<le> k) \<and> (\<forall>(x, y) \<in> set kvs'. k \<le> x)"
nipkow@68109
  1603
    by(subst (asm) unfold)(auto simp add: sorted_append)
wenzelm@60500
  1604
  moreover from \<open>distinct (map fst kvs)\<close> kvs'
Andreas@49770
  1605
  have "(\<forall>(x, y) \<in> set (take n kvs). x \<noteq> k) \<and> (\<forall>(x, y) \<in> set kvs'. x \<noteq> k)"
Andreas@49770
  1606
    by(subst (asm) unfold)(auto intro: rev_image_eqI)
Andreas@49770
  1607
  ultimately have "(\<forall>(x, y) \<in> set (take n kvs). x < k) \<and> (\<forall>(x, y) \<in> set kvs'. k < x)"
Andreas@49770
  1608
    by fastforce
Andreas@49770
  1609
  hence "fst (rbtreeify_f n kvs) |\<guillemotleft> k" "k \<guillemotleft>| fst (rbtreeify_g n kvs')"
wenzelm@60500
  1610
    using \<open>n \<le> Suc (length kvs')\<close> \<open>n \<le> length kvs\<close> set_take_subset[of "n - 1" kvs']
Andreas@49770
  1611
    by(auto simp add: ord.rbt_greater_prop ord.rbt_less_prop take_map split_def)
wenzelm@60500
  1612
  moreover from \<open>sorted (map fst kvs)\<close> \<open>distinct (map fst kvs)\<close>
Andreas@49770
  1613
  have "rbt_sorted (fst (rbtreeify_f n kvs))" by(rule f_even.IH)
Andreas@49770
  1614
  moreover have "sorted (map fst kvs')" "distinct (map fst kvs')"
wenzelm@60500
  1615
    using \<open>sorted (map fst kvs)\<close> \<open>distinct (map fst kvs)\<close>
nipkow@68109
  1616
    by(subst (asm) (1 2) unfold, simp add: sorted_append)+
Andreas@49770
  1617
  hence "rbt_sorted (fst (rbtreeify_g n kvs'))" by(rule f_even.IH)
Andreas@49770
  1618
  ultimately show ?case
wenzelm@60500
  1619
    using \<open>0 < n\<close> \<open>rbtreeify_f n kvs = (t, (k, v) # kvs')\<close> by simp
Andreas@49770
  1620
next
Andreas@49770
  1621
  case (f_odd n kvs t k v kvs')
wenzelm@60500
  1622
  from rbtreeify_fD[OF \<open>rbtreeify_f n kvs = (t, (k, v) # kvs')\<close> \<open>n \<le> length kvs\<close>]
Andreas@49770
  1623
  have "entries t = take n kvs" 
Andreas@49770
  1624
    and kvs': "drop n kvs = (k, v) # kvs'" by simp_all
Andreas@49770
  1625
  hence unfold: "kvs = take n kvs @ (k, v) # kvs'" by(metis append_take_drop_id)
wenzelm@60500
  1626
  from \<open>sorted (map fst kvs)\<close> kvs'
Andreas@49770
  1627
  have "(\<forall>(x, y) \<in> set (take n kvs). x \<le> k) \<and> (\<forall>(x, y) \<in> set kvs'. k \<le> x)"
nipkow@68109
  1628
    by(subst (asm) unfold)(auto simp add: sorted_append)
wenzelm@60500
  1629
  moreover from \<open>distinct (map fst kvs)\<close> kvs'
Andreas@49770
  1630
  have "(\<forall>(x, y) \<in> set (take n kvs). x \<noteq> k) \<and> (\<forall>(x, y) \<in> set kvs'. x \<noteq> k)"
Andreas@49770
  1631
    by(subst (asm) unfold)(auto intro: rev_image_eqI)
Andreas@49770
  1632
  ultimately have "(\<forall>(x, y) \<in> set (take n kvs). x < k) \<and> (\<forall>(x, y) \<in> set kvs'. k < x)"
Andreas@49770
  1633
    by fastforce
Andreas@49770
  1634
  hence "fst (rbtreeify_f n kvs) |\<guillemotleft> k" "k \<guillemotleft>| fst (rbtreeify_f n kvs')"
wenzelm@60500
  1635
    using \<open>n \<le> length kvs'\<close> \<open>n \<le> length kvs\<close> set_take_subset[of n kvs']
Andreas@49770
  1636
    by(auto simp add: rbt_greater_prop rbt_less_prop take_map split_def)
wenzelm@60500
  1637
  moreover from \<open>sorted (map fst kvs)\<close> \<open>distinct (map fst kvs)\<close>
Andreas@49770
  1638
  have "rbt_sorted (fst (rbtreeify_f n kvs))" by(rule f_odd.IH)
Andreas@49770
  1639
  moreover have "sorted (map fst kvs')" "distinct (map fst kvs')"
wenzelm@60500
  1640
    using \<open>sorted (map fst kvs)\<close> \<open>distinct (map fst kvs)\<close>
nipkow@68109
  1641
    by(subst (asm) (1 2) unfold, simp add: sorted_append)+
Andreas@49770
  1642
  hence "rbt_sorted (fst (rbtreeify_f n kvs'))" by(rule f_odd.IH)
Andreas@49770
  1643
  ultimately show ?case 
wenzelm@60500
  1644
    using \<open>0 < n\<close> \<open>rbtreeify_f n kvs = (t, (k, v) # kvs')\<close> by simp
Andreas@49770
  1645
next
Andreas@49770
  1646
  case (g_even n kvs t k v kvs')
wenzelm@60500
  1647
  from rbtreeify_gD[OF \<open>rbtreeify_g n kvs = (t, (k, v) # kvs')\<close> \<open>n \<le> Suc (length kvs)\<close>]
Andreas@49770
  1648
  have t: "entries t = take (n - 1) kvs" 
Andreas@49770
  1649
    and kvs': "drop (n - 1) kvs = (k, v) # kvs'" by simp_all
Andreas@49770
  1650
  hence unfold: "kvs = take (n - 1) kvs @ (k, v) # kvs'" by(metis append_take_drop_id)
wenzelm@60500
  1651
  from \<open>sorted (map fst kvs)\<close> kvs'
Andreas@49770
  1652
  have "(\<forall>(x, y) \<in> set (take (n - 1) kvs). x \<le> k) \<and> (\<forall>(x, y) \<in> set kvs'. k \<le> x)"
nipkow@68109
  1653
    by(subst (asm) unfold)(auto simp add: sorted_append)
wenzelm@60500
  1654
  moreover from \<open>distinct (map fst kvs)\<close> kvs'
Andreas@49770
  1655
  have "(\<forall>(x, y) \<in> set (take (n - 1) kvs). x \<noteq> k) \<and> (\<forall>(x, y) \<in> set kvs'. x \<noteq> k)"
Andreas@49770
  1656
    by(subst (asm) unfold)(auto intro: rev_image_eqI)
Andreas@49770
  1657
  ultimately have "(\<forall>(x, y) \<in> set (take (n - 1) kvs). x < k) \<and> (\<forall>(x, y) \<in> set kvs'. k < x)"
Andreas@49770
  1658
    by fastforce
Andreas@49770
  1659
  hence "fst (rbtreeify_g n kvs) |\<guillemotleft> k" "k \<guillemotleft>| fst (rbtreeify_g n kvs')"
wenzelm@60500
  1660
    using \<open>n \<le> Suc (length kvs')\<close> \<open>n \<le> Suc (length kvs)\<close> set_take_subset[of "n - 1" kvs']
Andreas@49770
  1661
    by(auto simp add: rbt_greater_prop rbt_less_prop take_map split_def)
wenzelm@60500
  1662
  moreover from \<open>sorted (map fst kvs)\<close> \<open>distinct (map fst kvs)\<close>
Andreas@49770
  1663
  have "rbt_sorted (fst (rbtreeify_g n kvs))" by(rule g_even.IH)
Andreas@49770
  1664
  moreover have "sorted (map fst kvs')" "distinct (map fst kvs')"
wenzelm@60500
  1665
    using \<open>sorted (map fst kvs)\<close> \<open>distinct (map fst kvs)\<close>
nipkow@68109
  1666
    by(subst (asm) (1 2) unfold, simp add: sorted_append)+
Andreas@49770
  1667
  hence "rbt_sorted (fst (rbtreeify_g n kvs'))" by(rule g_even.IH)
wenzelm@60500
  1668
  ultimately show ?case using \<open>0 < n\<close> \<open>rbtreeify_g n kvs = (t, (k, v) # kvs')\<close> by simp
Andreas@49770
  1669
next
Andreas@49770
  1670
  case (g_odd n kvs t k v kvs')
wenzelm@60500
  1671
  from rbtreeify_fD[OF \<open>rbtreeify_f n kvs = (t, (k, v) # kvs')\<close> \<open>n \<le> length kvs\<close>]
Andreas@49770
  1672
  have "entries t = take n kvs"
Andreas@49770
  1673
    and kvs': "drop n kvs = (k, v) # kvs'" by simp_all
Andreas@49770
  1674
  hence unfold: "kvs = take n kvs @ (k, v) # kvs'" by(metis append_take_drop_id)
wenzelm@60500
  1675
  from \<open>sorted (map fst kvs)\<close> kvs'
Andreas@49770
  1676
  have "(\<forall>(x, y) \<in> set (take n kvs). x \<le> k) \<and> (\<forall>(x, y) \<in> set kvs'. k \<le> x)"
nipkow@68109
  1677
    by(subst (asm) unfold)(auto simp add: sorted_append)
wenzelm@60500
  1678
  moreover from \<open>distinct (map fst kvs)\<close> kvs'
Andreas@49770
  1679
  have "(\<forall>(x, y) \<in> set (take n kvs). x \<noteq> k) \<and> (\<forall>(x, y) \<in> set kvs'. x \<noteq> k)"
Andreas@49770
  1680
    by(subst (asm) unfold)(auto intro: rev_image_eqI)
Andreas@49770
  1681
  ultimately have "(\<forall>(x, y) \<in> set (take n kvs). x < k) \<and> (\<forall>(x, y) \<in> set kvs'. k < x)"
Andreas@49770
  1682
    by fastforce
Andreas@49770
  1683
  hence "fst (rbtreeify_f n kvs) |\<guillemotleft> k" "k \<guillemotleft>| fst (rbtreeify_g n kvs')"
wenzelm@60500
  1684
    using \<open>n \<le> Suc (length kvs')\<close> \<open>n \<le> length kvs\<close> set_take_subset[of "n - 1" kvs']
Andreas@49770
  1685
    by(auto simp add: rbt_greater_prop rbt_less_prop take_map split_def)
wenzelm@60500
  1686
  moreover from \<open>sorted (map fst kvs)\<close> \<open>distinct (map fst kvs)\<close>
Andreas@49770
  1687
  have "rbt_sorted (fst (rbtreeify_f n kvs))" by(rule g_odd.IH)
Andreas@49770
  1688
  moreover have "sorted (map fst kvs')" "distinct (map fst kvs')"
wenzelm@60500
  1689
    using \<open>sorted (map fst kvs)\<close> \<open>distinct (map fst kvs)\<close>
nipkow@68109
  1690
    by(subst (asm) (1 2) unfold, simp add: sorted_append)+
Andreas@49770
  1691
  hence "rbt_sorted (fst (rbtreeify_g n kvs'))" by(rule g_odd.IH)
Andreas@49770
  1692
  ultimately show ?case
wenzelm@60500
  1693
    using \<open>0 < n\<close> \<open>rbtreeify_f n kvs = (t, (k, v) # kvs')\<close> by simp
Andreas@49770
  1694
qed simp_all
Andreas@49770
  1695
Andreas@49770
  1696
lemma rbt_sorted_rbtreeify: 
Andreas@49770
  1697
  "\<lbrakk> sorted (map fst kvs); distinct (map fst kvs) \<rbrakk> \<Longrightarrow> rbt_sorted (rbtreeify kvs)"
Andreas@49770
  1698
by(simp add: rbtreeify_def rbt_sorted_rbtreeify_g)
Andreas@49770
  1699
Andreas@49770
  1700
lemma is_rbt_rbtreeify: 
Andreas@49770
  1701
  "\<lbrakk> sorted (map fst kvs); distinct (map fst kvs) \<rbrakk>
Andreas@49770
  1702
  \<Longrightarrow> is_rbt (rbtreeify kvs)"
Andreas@49770
  1703
by(simp add: is_rbt_def rbtreeify_def inv1_rbtreeify_g inv2_rbtreeify_g rbt_sorted_rbtreeify_g color_of_rbtreeify_g)
Andreas@49770
  1704
Andreas@49770
  1705
lemma rbt_lookup_rbtreeify:
Andreas@49770
  1706
  "\<lbrakk> sorted (map fst kvs); distinct (map fst kvs) \<rbrakk> \<Longrightarrow> 
Andreas@49770
  1707
  rbt_lookup (rbtreeify kvs) = map_of kvs"
Andreas@49770
  1708
by(simp add: map_of_entries[symmetric] rbt_sorted_rbtreeify)
Andreas@49770
  1709
Andreas@49770
  1710
end
Andreas@49770
  1711
wenzelm@60500
  1712
text \<open>
Andreas@49770
  1713
  Functions to compare the height of two rbt trees, taken from 
Andreas@49770
  1714
  Andrew W. Appel, Efficient Verified Red-Black Trees (September 2011)
wenzelm@60500
  1715
\<close>
Andreas@49770
  1716
Andreas@49770
  1717
fun skip_red :: "('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
Andreas@49770
  1718
where
Andreas@49770
  1719
  "skip_red (Branch color.R l k v r) = l"
Andreas@49770
  1720
| "skip_red t = t"
Andreas@49770
  1721
Andreas@49807
  1722
definition skip_black :: "('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
Andreas@49770
  1723
where
Andreas@49807
  1724
  "skip_black t = (let t' = skip_red t in case t' of Branch color.B l k v r \<Rightarrow> l | _ \<Rightarrow> t')"
Andreas@49770
  1725
blanchet@58310
  1726
datatype compare = LT | GT | EQ
Andreas@49770
  1727
Andreas@49770
  1728
partial_function (tailrec) compare_height :: "('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> compare"
Andreas@49770
  1729
where
Andreas@49770
  1730
  "compare_height sx s t tx =
Andreas@49770
  1731
  (case (skip_red sx, skip_red s, skip_red t, skip_red tx) of
Andreas@49770
  1732
     (Branch _ sx' _ _ _, Branch _ s' _ _ _, Branch _ t' _ _ _, Branch _ tx' _ _ _) \<Rightarrow> 
Andreas@49770
  1733
       compare_height (skip_black sx') s' t' (skip_black tx')
Andreas@49770
  1734
   | (_, rbt.Empty, _, Branch _ _ _ _ _) \<Rightarrow> LT
Andreas@49770
  1735
   | (Branch _ _ _ _ _, _, rbt.Empty, _) \<Rightarrow> GT
Andreas@49770
  1736
   | (Branch _ sx' _ _ _, Branch _ s' _ _ _, Branch _ t' _ _ _, rbt.Empty) \<Rightarrow>
Andreas@49770
  1737
       compare_height (skip_black sx') s' t' rbt.Empty
Andreas@49770
  1738
   | (rbt.Empty, Branch _ s' _ _ _, Branch _ t' _ _ _, Branch _ tx' _ _ _) \<Rightarrow>
Andreas@49770
  1739
       compare_height rbt.Empty s' t' (skip_black tx')
Andreas@49770
  1740
   | _ \<Rightarrow> EQ)"
Andreas@49770
  1741
Andreas@49770
  1742
declare compare_height.simps [code]
Andreas@49770
  1743
Andreas@49770
  1744
hide_type (open) compare
Andreas@49770
  1745
hide_const (open)
blanchet@55417
  1746
  compare_height skip_black skip_red LT GT EQ case_compare rec_compare
blanchet@58257
  1747
  Abs_compare Rep_compare
Andreas@49770
  1748
hide_fact (open)
Andreas@49770
  1749
  Abs_compare_cases Abs_compare_induct Abs_compare_inject Abs_compare_inverse
Andreas@49770
  1750
  Rep_compare Rep_compare_cases Rep_compare_induct Rep_compare_inject Rep_compare_inverse
blanchet@55642
  1751
  compare.simps compare.exhaust compare.induct compare.rec compare.simps
blanchet@57983
  1752
  compare.size compare.case_cong compare.case_cong_weak compare.case
wenzelm@62093
  1753
  compare.nchotomy compare.split compare.split_asm compare.eq.refl compare.eq.simps
Andreas@49770
  1754
  equal_compare_def
wenzelm@61121
  1755
  skip_red.simps skip_red.cases skip_red.induct 
Andreas@49807
  1756
  skip_black_def
wenzelm@61121
  1757
  compare_height.simps
Andreas@49770
  1758
wenzelm@60500
  1759
subsection \<open>union and intersection of sorted associative lists\<close>
Andreas@49770
  1760
Andreas@49770
  1761
context ord begin
Andreas@49770
  1762
Andreas@49770
  1763
function sunion_with :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a \<times> 'b) list" 
Andreas@49770
  1764
where
Andreas@49770
  1765
  "sunion_with f ((k, v) # as) ((k', v') # bs) =
Andreas@49770
  1766
   (if k > k' then (k', v') # sunion_with f ((k, v) # as) bs
Andreas@49770
  1767
    else if k < k' then (k, v) # sunion_with f as ((k', v') # bs)
Andreas@49770
  1768
    else (k, f k v v') # sunion_with f as bs)"
Andreas@49770
  1769
| "sunion_with f [] bs = bs"
Andreas@49770
  1770
| "sunion_with f as [] = as"
Andreas@49770
  1771
by pat_completeness auto
Andreas@49770
  1772
termination by lexicographic_order
Andreas@49770
  1773
Andreas@49770
  1774
function sinter_with :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a \<times> 'b) list"
Andreas@49770
  1775
where
Andreas@49770
  1776
  "sinter_with f ((k, v) # as) ((k', v') # bs) =
Andreas@49770
  1777
  (if k > k' then sinter_with f ((k, v) # as) bs
Andreas@49770
  1778
   else if k < k' then sinter_with f as ((k', v') # bs)
Andreas@49770
  1779
   else (k, f k v v') # sinter_with f as bs)"
Andreas@49770
  1780
| "sinter_with f [] _ = []"
Andreas@49770
  1781
| "sinter_with f _ [] = []"
Andreas@49770
  1782
by pat_completeness auto
Andreas@49770
  1783
termination by lexicographic_order
Andreas@49770
  1784
Andreas@49770
  1785
end
Andreas@49770
  1786
Andreas@49770
  1787
declare ord.sunion_with.simps [code] ord.sinter_with.simps[code]
Andreas@49770
  1788
Andreas@49770
  1789
context linorder begin
Andreas@49770
  1790
Andreas@49770
  1791
lemma set_fst_sunion_with: 
Andreas@49770
  1792
  "set (map fst (sunion_with f xs ys)) = set (map fst xs) \<union> set (map fst ys)"
Andreas@49770
  1793
by(induct f xs ys rule: sunion_with.induct) auto
Andreas@49770
  1794
Andreas@49770
  1795
lemma sorted_sunion_with [simp]:
Andreas@49770
  1796
  "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk> 
Andreas@49770
  1797
  \<Longrightarrow> sorted (map fst (sunion_with f xs ys))"
Andreas@49770
  1798
by(induct f xs ys rule: sunion_with.induct)
nipkow@68109
  1799
  (auto simp add: set_fst_sunion_with simp del: set_map)
Andreas@49770
  1800
Andreas@49770
  1801
lemma distinct_sunion_with [simp]:
Andreas@49770
  1802
  "\<lbrakk> distinct (map fst xs); distinct (map fst ys); sorted (map fst xs); sorted (map fst ys) \<rbrakk>
Andreas@49770
  1803
  \<Longrightarrow> distinct (map fst (sunion_with f xs ys))"
Andreas@49770
  1804
proof(induct f xs ys rule: sunion_with.induct)
Andreas@49770
  1805
  case (1 f k v xs k' v' ys)
Andreas@49770
  1806
  have "\<lbrakk> \<not> k < k'; \<not> k' < k \<rbrakk> \<Longrightarrow> k = k'" by simp
Andreas@49770
  1807
  thus ?case using "1"
nipkow@68109
  1808
    by(auto simp add: set_fst_sunion_with simp del: set_map)
Andreas@49770
  1809
qed simp_all
Andreas@49770
  1810
Andreas@49770
  1811
lemma map_of_sunion_with: 
Andreas@49770
  1812
  "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
Andreas@49770
  1813
  \<Longrightarrow> map_of (sunion_with f xs ys) k = 
Andreas@49770
  1814
  (case map_of xs k of None \<Rightarrow> map_of ys k 
Andreas@49770
  1815
  | Some v \<Rightarrow> case map_of ys k of None \<Rightarrow> Some v 
Andreas@49770
  1816
              | Some w \<Rightarrow> Some (f k v w))"
nipkow@68109
  1817
by(induct f xs ys rule: sunion_with.induct)(auto split: option.split dest: map_of_SomeD bspec)
Andreas@49770
  1818
Andreas@49770
  1819
lemma set_fst_sinter_with [simp]:
Andreas@49770
  1820
  "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
Andreas@49770
  1821
  \<Longrightarrow> set (map fst (sinter_with f xs ys)) = set (map fst xs) \<inter> set (map fst ys)"
nipkow@68109
  1822
by(induct f xs ys rule: sinter_with.induct)(auto simp del: set_map)
Andreas@49770
  1823
Andreas@49770
  1824
lemma set_fst_sinter_with_subset1:
Andreas@49770
  1825
  "set (map fst (sinter_with f xs ys)) \<subseteq> set (map fst xs)"
Andreas@49770
  1826
by(induct f xs ys rule: sinter_with.induct) auto
Andreas@49770
  1827
Andreas@49770
  1828
lemma set_fst_sinter_with_subset2:
Andreas@49770
  1829
  "set (map fst (sinter_with f xs ys)) \<subseteq> set (map fst ys)"
Andreas@49770
  1830
by(induct f xs ys rule: sinter_with.induct)(auto simp del: set_map)
Andreas@49770
  1831
Andreas@49770
  1832
lemma sorted_sinter_with [simp]:
Andreas@49770
  1833
  "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
Andreas@49770
  1834
  \<Longrightarrow> sorted (map fst (sinter_with f xs ys))"
nipkow@68109
  1835
by(induct f xs ys rule: sinter_with.induct)(auto simp del: set_map)
Andreas@49770
  1836
Andreas@49770
  1837
lemma distinct_sinter_with [simp]:
Andreas@49770
  1838
  "\<lbrakk> distinct (map fst xs); distinct (map fst ys) \<rbrakk>
Andreas@49770
  1839
  \<Longrightarrow> distinct (map fst (sinter_with f xs ys))"
Andreas@49770
  1840
proof(induct f xs ys rule: sinter_with.induct)
Andreas@49770
  1841
  case (1 f k v as k' v' bs)
Andreas@49770
  1842
  have "\<lbrakk> \<not> k < k'; \<not> k' < k \<rbrakk> \<Longrightarrow> k = k'" by simp
Andreas@49770
  1843
  thus ?case using "1" set_fst_sinter_with_subset1[of f as bs]
Andreas@49770
  1844
    set_fst_sinter_with_subset2[of f as bs]
Andreas@49770
  1845
    by(auto simp del: set_map)
Andreas@49770
  1846
qed simp_all
Andreas@49770
  1847
Andreas@49770
  1848
lemma map_of_sinter_with:
Andreas@49770
  1849
  "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
Andreas@49770
  1850
  \<Longrightarrow> map_of (sinter_with f xs ys) k = 
blanchet@55466
  1851
  (case map_of xs k of None \<Rightarrow> None | Some v \<Rightarrow> map_option (f k v) (map_of ys k))"
Andreas@49770
  1852
apply(induct f xs ys rule: sinter_with.induct)
nipkow@68109
  1853
apply(auto simp add: map_option_case split: option.splits dest: map_of_SomeD bspec)
Andreas@49770
  1854
done
Andreas@49770
  1855
Andreas@49770
  1856
end
Andreas@49770
  1857
Andreas@49770
  1858
lemma distinct_map_of_rev: "distinct (map fst xs) \<Longrightarrow> map_of (rev xs) = map_of xs"
Andreas@49770
  1859
by(induct xs)(auto 4 3 simp add: map_add_def intro!: ext split: option.split intro: rev_image_eqI)
Andreas@49770
  1860
Andreas@49770
  1861
lemma map_map_filter: 
blanchet@55466
  1862
  "map f (List.map_filter g xs) = List.map_filter (map_option f \<circ> g) xs"
Andreas@49770
  1863
by(auto simp add: List.map_filter_def)
Andreas@49770
  1864
blanchet@55466
  1865
lemma map_filter_map_option_const: 
blanchet@55466
  1866
  "List.map_filter (\<lambda>x. map_option (\<lambda>y. f x) (g (f x))) xs = filter (\<lambda>x. g x \<noteq> None) (map f xs)"
Andreas@49770
  1867
by(auto simp add: map_filter_def filter_map o_def)
Andreas@49770
  1868
Andreas@49770
  1869
lemma set_map_filter: "set (List.map_filter P xs) = the ` (P ` set xs - {None})"
Andreas@49770
  1870
by(auto simp add: List.map_filter_def intro: rev_image_eqI)
Andreas@49770
  1871
Andreas@49770
  1872
context ord begin
Andreas@49770
  1873
Andreas@49770
  1874
definition rbt_union_with_key :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
Andreas@49770
  1875
where
Andreas@49770
  1876
  "rbt_union_with_key f t1 t2 =
Andreas@49770
  1877
  (case RBT_Impl.compare_height t1 t1 t2 t2
Andreas@49770
  1878
   of compare.EQ \<Rightarrow> rbtreeify (sunion_with f (entries t1) (entries t2))
Andreas@49770
  1879
    | compare.LT \<Rightarrow> fold (rbt_insert_with_key (\<lambda>k v w. f k w v)) t1 t2
Andreas@49770
  1880
    | compare.GT \<Rightarrow> fold (rbt_insert_with_key f) t2 t1)"
Andreas@49770
  1881
Andreas@49770
  1882
definition rbt_union_with where
Andreas@49770
  1883
  "rbt_union_with f = rbt_union_with_key (\<lambda>_. f)"
Andreas@49770
  1884
Andreas@49770
  1885
definition rbt_union where
Andreas@49770
  1886
  "rbt_union = rbt_union_with_key (%_ _ rv. rv)"
Andreas@49770
  1887
Andreas@49770
  1888
definition rbt_inter_with_key :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
Andreas@49770
  1889
where
Andreas@49770
  1890
  "rbt_inter_with_key f t1 t2 =
Andreas@49770
  1891
  (case RBT_Impl.compare_height t1 t1 t2 t2 
Andreas@49770
  1892
   of compare.EQ \<Rightarrow> rbtreeify (sinter_with f (entries t1) (entries t2))
blanchet@55466
  1893
    | compare.LT \<Rightarrow> rbtreeify (List.map_filter (\<lambda>(k, v). map_option (\<lambda>w. (k, f k v w)) (rbt_lookup t2 k)) (entries t1))
blanchet@55466
  1894
    | compare.GT \<Rightarrow> rbtreeify (List.map_filter (\<lambda>(k, v). map_option (\<lambda>w. (k, f k w v)) (rbt_lookup t1 k)) (entries t2)))"
Andreas@49770
  1895
Andreas@49770
  1896
definition rbt_inter_with where
Andreas@49770
  1897
  "rbt_inter_with f = rbt_inter_with_key (\<lambda>_. f)"
Andreas@49770
  1898
Andreas@49770
  1899
definition rbt_inter where
Andreas@49770
  1900
  "rbt_inter = rbt_inter_with_key (\<lambda>_ _ rv. rv)"
Andreas@49770
  1901
Andreas@49770
  1902
end
Andreas@49770
  1903
Andreas@49770
  1904
context linorder begin
Andreas@49770
  1905
Andreas@49770
  1906
lemma rbt_sorted_entries_right_unique:
Andreas@49770
  1907
  "\<lbrakk> (k, v) \<in> set (entries t); (k, v') \<in> set (entries t); 
Andreas@49770
  1908
     rbt_sorted t \<rbrakk> \<Longrightarrow> v = v'"
Andreas@49770
  1909
by(auto dest!: distinct_entries inj_onD[where x="(k, v)" and y="(k, v')"] simp add: distinct_map)
Andreas@49770
  1910
Andreas@49770
  1911
lemma rbt_sorted_fold_rbt_insertwk:
Andreas@49770
  1912
  "rbt_sorted t \<Longrightarrow> rbt_sorted (List.fold (\<lambda>(k, v). rbt_insert_with_key f k v) xs t)"
Andreas@49770
  1913
by(induct xs rule: rev_induct)(auto simp add: rbt_insertwk_rbt_sorted)
Andreas@49770
  1914
Andreas@49770
  1915
lemma is_rbt_fold_rbt_insertwk:
Andreas@49770
  1916
  assumes "is_rbt t1"
Andreas@49770
  1917
  shows "is_rbt (fold (rbt_insert_with_key f) t2 t1)"
Andreas@49770
  1918
proof -
wenzelm@63040
  1919
  define xs where "xs = entries t2"
Andreas@49770
  1920
  from assms show ?thesis unfolding fold_def xs_def[symmetric]
Andreas@49770
  1921
    by(induct xs rule: rev_induct)(auto simp add: rbt_insertwk_is_rbt)
Andreas@49770
  1922
qed
Andreas@49770
  1923
Andreas@49770
  1924
lemma rbt_lookup_fold_rbt_insertwk:
Andreas@49770
  1925
  assumes t1: "rbt_sorted t1" and t2: "rbt_sorted t2"
Andreas@49770
  1926
  shows "rbt_lookup (fold (rbt_insert_with_key f) t1 t2) k =
Andreas@49770
  1927
  (case rbt_lookup t1 k of None \<Rightarrow> rbt_lookup t2 k
Andreas@49770
  1928
   | Some v \<Rightarrow> case rbt_lookup t2 k of None \<Rightarrow> Some v
Andreas@49770
  1929
               | Some w \<Rightarrow> Some (f k w v))"
Andreas@49770
  1930
proof -
wenzelm@63040
  1931
  define xs where "xs = entries t1"
Andreas@49770
  1932
  hence dt1: "distinct (map fst xs)" using t1 by(simp add: distinct_entries)
Andreas@49770
  1933
  with t2 show ?thesis
Andreas@49770
  1934
    unfolding fold_def map_of_entries[OF t1, symmetric]
Andreas@49770
  1935
      xs_def[symmetric] distinct_map_of_rev[OF dt1, symmetric]
Andreas@49770
  1936
    apply(induct xs rule: rev_induct)
Andreas@49770
  1937
    apply(auto simp add: rbt_lookup_rbt_insertwk rbt_sorted_fold_rbt_insertwk split: option.splits)
Andreas@49770
  1938
    apply(auto simp add: distinct_map_of_rev intro: rev_image_eqI)
Andreas@49770
  1939
    done
Andreas@49770
  1940
qed
Andreas@49770
  1941
Andreas@49770
  1942
lemma is_rbt_rbt_unionwk [simp]:
Andreas@49770
  1943
  "\<lbrakk> is_rbt t1; is_rbt t2 \<rbrakk> \<Longrightarrow> is_rbt (rbt_union_with_key f t1 t2)"
Andreas@49770
  1944
by(simp add: rbt_union_with_key_def Let_def is_rbt_fold_rbt_insertwk is_rbt_rbtreeify rbt_sorted_entries distinct_entries split: compare.split)
Andreas@49770
  1945
Andreas@49770
  1946
lemma rbt_lookup_rbt_unionwk:
Andreas@49770
  1947
  "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk> 
Andreas@49770
  1948
  \<Longrightarrow> rbt_lookup (rbt_union_with_key f t1 t2) k = 
Andreas@49770
  1949
  (case rbt_lookup t1 k of None \<Rightarrow> rbt_lookup t2 k 
Andreas@49770
  1950
   | Some v \<Rightarrow> case rbt_lookup t2 k of None \<Rightarrow> Some v 
Andreas@49770
  1951
              | Some w \<Rightarrow> Some (f k v w))"
Andreas@49770
  1952
by(auto simp add: rbt_union_with_key_def Let_def rbt_lookup_fold_rbt_insertwk rbt_sorted_entries distinct_entries map_of_sunion_with map_of_entries rbt_lookup_rbtreeify split: option.split compare.split)
Andreas@49770
  1953
Andreas@49770
  1954
lemma rbt_unionw_is_rbt: "\<lbrakk> is_rbt lt; is_rbt rt \<rbrakk> \<Longrightarrow> is_rbt (rbt_union_with f lt rt)"
Andreas@49770
  1955
by(simp add: rbt_union_with_def)
Andreas@49770
  1956
Andreas@49770
  1957
lemma rbt_union_is_rbt: "\<lbrakk> is_rbt lt; is_rbt rt \<rbrakk> \<Longrightarrow> is_rbt (rbt_union lt rt)"
Andreas@49770
  1958
by(simp add: rbt_union_def)
Andreas@49770
  1959
Andreas@49770
  1960
lemma rbt_lookup_rbt_union:
Andreas@49770
  1961
  "\<lbrakk> rbt_sorted s; rbt_sorted t \<rbrakk> \<Longrightarrow>
Andreas@49770
  1962
  rbt_lookup (rbt_union s t) = rbt_lookup s ++ rbt_lookup t"
Andreas@49770
  1963
by(rule ext)(simp add: rbt_lookup_rbt_unionwk rbt_union_def map_add_def split: option.split)
Andreas@49770
  1964
Andreas@49770
  1965
lemma rbt_interwk_is_rbt [simp]:
Andreas@49770
  1966
  "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk> \<Longrightarrow> is_rbt (rbt_inter_with_key f t1 t2)"
blanchet@55466
  1967
by(auto simp add: rbt_inter_with_key_def Let_def map_map_filter split_def o_def option.map_comp map_filter_map_option_const sorted_filter[where f=id, simplified] rbt_sorted_entries distinct_entries intro: is_rbt_rbtreeify split: compare.split)
Andreas@49770
  1968
Andreas@49770
  1969
lemma rbt_interw_is_rbt:
Andreas@49770
  1970
  "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk> \<Longrightarrow> is_rbt (rbt_inter_with f t1 t2)"
Andreas@49770
  1971
by(simp add: rbt_inter_with_def)
Andreas@49770
  1972
Andreas@49770
  1973
lemma rbt_inter_is_rbt:
Andreas@49770
  1974
  "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk> \<Longrightarrow> is_rbt (rbt_inter t1 t2)"
Andreas@49770
  1975
by(simp add: rbt_inter_def)
Andreas@49770
  1976
Andreas@49770
  1977
lemma rbt_lookup_rbt_interwk:
Andreas@49770
  1978
  "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk>
Andreas@49770
  1979
  \<Longrightarrow> rbt_lookup (rbt_inter_with_key f t1 t2) k =
Andreas@49770
  1980
  (case rbt_lookup t1 k of None \<Rightarrow> None 
Andreas@49770
  1981
   | Some v \<Rightarrow> case rbt_lookup t2 k of None \<Rightarrow> None
Andreas@49770
  1982
               | Some w \<Rightarrow> Some (f k v w))"
blanchet@55466
  1983
by(auto 4 3 simp add: rbt_inter_with_key_def Let_def map_of_entries[symmetric] rbt_lookup_rbtreeify map_map_filter split_def o_def option.map_comp map_filter_map_option_const sorted_filter[where f=id, simplified] rbt_sorted_entries distinct_entries map_of_sinter_with map_of_eq_None_iff set_map_filter split: option.split compare.split intro: rev_image_eqI dest: rbt_sorted_entries_right_unique)
Andreas@49770
  1984
Andreas@49770
  1985
lemma rbt_lookup_rbt_inter:
Andreas@49770
  1986
  "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk>
Andreas@49770
  1987
  \<Longrightarrow> rbt_lookup (rbt_inter t1 t2) = rbt_lookup t2 |` dom (rbt_lookup t1)"
Andreas@49770
  1988
by(auto simp add: rbt_inter_def rbt_lookup_rbt_interwk restrict_map_def split: option.split)
Andreas@49770
  1989
Andreas@49770
  1990
end
Andreas@49770
  1991
Andreas@49770
  1992
wenzelm@60500
  1993
subsection \<open>Code generator setup\<close>
Andreas@49480
  1994
Andreas@47450
  1995
lemmas [code] =
Andreas@47450
  1996
  ord.rbt_less_prop
Andreas@47450
  1997
  ord.rbt_greater_prop
Andreas@47450
  1998
  ord.rbt_sorted.simps
Andreas@47450
  1999
  ord.rbt_lookup.simps
Andreas@47450
  2000
  ord.is_rbt_def
Andreas@47450
  2001
  ord.rbt_ins.simps
Andreas@47450
  2002
  ord.rbt_insert_with_key_def
Andreas@47450
  2003
  ord.rbt_insertw_def
Andreas@47450
  2004
  ord.rbt_insert_def
Andreas@47450
  2005
  ord.rbt_del_from_left.simps
Andreas@47450
  2006
  ord.rbt_del_from_right.simps
Andreas@47450
  2007
  ord.rbt_del.simps
Andreas@47450
  2008
  ord.rbt_delete_def
Andreas@49770
  2009
  ord.sunion_with.simps
Andreas@49770
  2010
  ord.sinter_with.simps
Andreas@49770
  2011
  ord.rbt_union_with_key_def
Andreas@47450
  2012
  ord.rbt_union_with_def
Andreas@47450
  2013
  ord.rbt_union_def
Andreas@49770
  2014
  ord.rbt_inter_with_key_def
Andreas@49770
  2015
  ord.rbt_inter_with_def
Andreas@49770
  2016
  ord.rbt_inter_def
Andreas@47450
  2017
  ord.rbt_map_entry.simps
Andreas@47450
  2018
  ord.rbt_bulkload_def
Andreas@47450
  2019
wenzelm@69593
  2020
text \<open>More efficient implementations for \<^term>\<open>entries\<close> and \<^term>\<open>keys\<close>\<close>
Andreas@49480
  2021
Andreas@49480
  2022
definition gen_entries :: 
Andreas@49480
  2023
  "(('a \<times> 'b) \<times> ('a, 'b) rbt) list \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a \<times> 'b) list"
Andreas@49480
  2024
where
Andreas@49770
  2025
  "gen_entries kvts t = entries t @ concat (map (\<lambda>(kv, t). kv # entries t) kvts)"
Andreas@49480
  2026
Andreas@49480
  2027
lemma gen_entries_simps [simp, code]:
Andreas@49480
  2028
  "gen_entries [] Empty = []"
Andreas@49480
  2029
  "gen_entries ((kv, t) # kvts) Empty = kv # gen_entries kvts t"
Andreas@49480
  2030
  "gen_entries kvts (Branch c l k v r) = gen_entries (((k, v), r) # kvts) l"
Andreas@49480
  2031
by(simp_all add: gen_entries_def)
Andreas@49480
  2032
Andreas@49480
  2033
lemma entries_code [code]:
Andreas@49480
  2034
  "entries = gen_entries []"
Andreas@49480
  2035
by(simp add: gen_entries_def fun_eq_iff)
Andreas@49480
  2036
Andreas@49480
  2037
definition gen_keys :: "('a \<times> ('a, 'b) rbt) list \<Rightarrow> ('a, 'b) rbt \<Rightarrow> 'a list"
Andreas@49480
  2038
where "gen_keys kts t = RBT_Impl.keys t @ concat (List.map (\<lambda>(k, t). k # keys t) kts)"
Andreas@49480
  2039
Andreas@49480
  2040
lemma gen_keys_simps [simp, code]:
Andreas@49480
  2041
  "gen_keys [] Empty = []"
Andreas@49480
  2042
  "gen_keys ((k, t) # kts) Empty = k # gen_keys kts t"
Andreas@49480
  2043
  "gen_keys kts (Branch c l k v r) = gen_keys ((k, r) # kts) l"
Andreas@49480
  2044
by(simp_all add: gen_keys_def)
Andreas@49480
  2045
Andreas@49480
  2046
lemma keys_code [code]:
Andreas@49480
  2047
  "keys = gen_keys []"
Andreas@49480
  2048
by(simp add: gen_keys_def fun_eq_iff)
Andreas@49480
  2049
wenzelm@60500
  2050
text \<open>Restore original type constraints for constants\<close>
wenzelm@60500
  2051
setup \<open>
Andreas@47450
  2052
  fold Sign.add_const_constraint
wenzelm@69593
  2053
    [(\<^const_name>\<open>rbt_less\<close>, SOME \<^typ>\<open>('a :: order) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool\<close>),
wenzelm@69593
  2054
     (\<^const_name>\<open>rbt_greater\<close>, SOME \<^typ>\<open>('a :: order) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool\<close>),
wenzelm@69593
  2055
     (\<^const_name>\<open>rbt_sorted\<close>, SOME \<^typ>\<open>('a :: linorder, 'b) rbt \<Rightarrow> bool\<close>),
wenzelm@69593
  2056
     (\<^const_name>\<open>rbt_lookup\<close>, SOME \<^typ>\<open>('a :: linorder, 'b) rbt \<Rightarrow> 'a \<rightharpoonup> 'b\<close>),
wenzelm@69593
  2057
     (\<^const_name>\<open>is_rbt\<close>, SOME \<^typ>\<open>('a :: linorder, 'b) rbt \<Rightarrow> bool\<close>),
wenzelm@69593
  2058
     (\<^const_name>\<open>rbt_ins\<close>, SOME \<^typ>\<open>('a::linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2059
     (\<^const_name>\<open>rbt_insert_with_key\<close>, SOME \<^typ>\<open>('a::linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2060
     (\<^const_name>\<open>rbt_insert_with\<close>, SOME \<^typ>\<open>('b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a :: linorder) \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2061
     (\<^const_name>\<open>rbt_insert\<close>, SOME \<^typ>\<open>('a :: linorder) \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2062
     (\<^const_name>\<open>rbt_del_from_left\<close>, SOME \<^typ>\<open>('a::linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2063
     (\<^const_name>\<open>rbt_del_from_right\<close>, SOME \<^typ>\<open>('a::linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2064
     (\<^const_name>\<open>rbt_del\<close>, SOME \<^typ>\<open>('a::linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2065
     (\<^const_name>\<open>rbt_delete\<close>, SOME \<^typ>\<open>('a::linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2066
     (\<^const_name>\<open>rbt_union_with_key\<close>, SOME \<^typ>\<open>('a::linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2067
     (\<^const_name>\<open>rbt_union_with\<close>, SOME \<^typ>\<open>('b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a::linorder,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2068
     (\<^const_name>\<open>rbt_union\<close>, SOME \<^typ>\<open>('a::linorder,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2069
     (\<^const_name>\<open>rbt_map_entry\<close>, SOME \<^typ>\<open>'a::linorder \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt\<close>),
wenzelm@69593
  2070
     (\<^const_name>\<open>rbt_bulkload\<close>, SOME \<^typ>\<open>('a \<times> 'b) list \<Rightarrow> ('a::linorder,'b) rbt\<close>)]
wenzelm@60500
  2071
\<close>
Andreas@47450
  2072
Andreas@49770
  2073
hide_const (open) R B Empty entries keys fold gen_keys gen_entries
krauss@26192
  2074
krauss@26192
  2075
end