src/HOL/Data_Structures/RBT_Set.thy
author nipkow
Sun Nov 29 19:01:54 2015 +0100 (2015-11-29)
changeset 61754 862daa8144f3
parent 61749 7f530d7e552d
child 62526 347150095fd2
permissions -rw-r--r--
RBT invariants for insert
nipkow@61224
     1
(* Author: Tobias Nipkow *)
nipkow@61224
     2
nipkow@61224
     3
section \<open>Red-Black Tree Implementation of Sets\<close>
nipkow@61224
     4
nipkow@61224
     5
theory RBT_Set
nipkow@61224
     6
imports
nipkow@61224
     7
  RBT
nipkow@61581
     8
  Cmp
nipkow@61224
     9
  Isin2
nipkow@61224
    10
begin
nipkow@61224
    11
nipkow@61749
    12
fun ins :: "'a::cmp \<Rightarrow> 'a rbt \<Rightarrow> 'a rbt" where
nipkow@61749
    13
"ins x Leaf = R Leaf x Leaf" |
nipkow@61749
    14
"ins x (B l a r) =
nipkow@61678
    15
  (case cmp x a of
nipkow@61749
    16
     LT \<Rightarrow> bal (ins x l) a r |
nipkow@61749
    17
     GT \<Rightarrow> bal l a (ins x r) |
nipkow@61678
    18
     EQ \<Rightarrow> B l a r)" |
nipkow@61749
    19
"ins x (R l a r) =
nipkow@61678
    20
  (case cmp x a of
nipkow@61749
    21
    LT \<Rightarrow> R (ins x l) a r |
nipkow@61749
    22
    GT \<Rightarrow> R l a (ins x r) |
nipkow@61678
    23
    EQ \<Rightarrow> R l a r)"
nipkow@61224
    24
nipkow@61749
    25
definition insert :: "'a::cmp \<Rightarrow> 'a rbt \<Rightarrow> 'a rbt" where
nipkow@61749
    26
"insert x t = paint Black (ins x t)"
nipkow@61749
    27
nipkow@61749
    28
fun del :: "'a::cmp \<Rightarrow> 'a rbt \<Rightarrow> 'a rbt"
nipkow@61749
    29
and delL :: "'a::cmp \<Rightarrow> 'a rbt \<Rightarrow> 'a \<Rightarrow> 'a rbt \<Rightarrow> 'a rbt"
nipkow@61749
    30
and delR :: "'a::cmp \<Rightarrow> 'a rbt \<Rightarrow> 'a \<Rightarrow> 'a rbt \<Rightarrow> 'a rbt"
nipkow@61224
    31
where
nipkow@61749
    32
"del x Leaf = Leaf" |
nipkow@61749
    33
"del x (Node _ l a r) =
nipkow@61678
    34
  (case cmp x a of
nipkow@61749
    35
     LT \<Rightarrow> delL x l a r |
nipkow@61749
    36
     GT \<Rightarrow> delR x l a r |
nipkow@61678
    37
     EQ \<Rightarrow> combine l r)" |
nipkow@61749
    38
"delL x (B t1 a t2) b t3 = balL (del x (B t1 a t2)) b t3" |
nipkow@61749
    39
"delL x l a r = R (del x l) a r" |
nipkow@61749
    40
"delR x t1 a (B t2 b t3) = balR t1 a (del x (B t2 b t3))" | 
nipkow@61749
    41
"delR x l a r = R l a (del x r)"
nipkow@61749
    42
nipkow@61749
    43
definition delete :: "'a::cmp \<Rightarrow> 'a rbt \<Rightarrow> 'a rbt" where
nipkow@61749
    44
"delete x t = paint Black (del x t)"
nipkow@61224
    45
nipkow@61224
    46
nipkow@61224
    47
subsection "Functional Correctness Proofs"
nipkow@61224
    48
nipkow@61749
    49
lemma inorder_paint: "inorder(paint c t) = inorder t"
nipkow@61749
    50
by(induction t) (auto)
nipkow@61749
    51
nipkow@61224
    52
lemma inorder_bal:
nipkow@61224
    53
  "inorder(bal l a r) = inorder l @ a # inorder r"
nipkow@61231
    54
by(induction l a r rule: bal.induct) (auto)
nipkow@61224
    55
nipkow@61749
    56
lemma inorder_ins:
nipkow@61749
    57
  "sorted(inorder t) \<Longrightarrow> inorder(ins x t) = ins_list x (inorder t)"
nipkow@61749
    58
by(induction x t rule: ins.induct) (auto simp: ins_list_simps inorder_bal)
nipkow@61749
    59
nipkow@61224
    60
lemma inorder_insert:
nipkow@61749
    61
  "sorted(inorder t) \<Longrightarrow> inorder(insert x t) = ins_list x (inorder t)"
nipkow@61749
    62
by (simp add: insert_def inorder_ins inorder_paint)
nipkow@61224
    63
nipkow@61224
    64
lemma inorder_balL:
nipkow@61224
    65
  "inorder(balL l a r) = inorder l @ a # inorder r"
nipkow@61749
    66
by(induction l a r rule: balL.induct)(auto simp: inorder_bal inorder_paint)
nipkow@61224
    67
nipkow@61224
    68
lemma inorder_balR:
nipkow@61224
    69
  "inorder(balR l a r) = inorder l @ a # inorder r"
nipkow@61749
    70
by(induction l a r rule: balR.induct) (auto simp: inorder_bal inorder_paint)
nipkow@61224
    71
nipkow@61224
    72
lemma inorder_combine:
nipkow@61224
    73
  "inorder(combine l r) = inorder l @ inorder r"
nipkow@61224
    74
by(induction l r rule: combine.induct)
nipkow@61231
    75
  (auto simp: inorder_balL inorder_balR split: tree.split color.split)
nipkow@61224
    76
nipkow@61749
    77
lemma inorder_del:
nipkow@61749
    78
 "sorted(inorder t) \<Longrightarrow>  inorder(del x t) = del_list x (inorder t)"
nipkow@61749
    79
 "sorted(inorder l) \<Longrightarrow>  inorder(delL x l a r) =
nipkow@61678
    80
    del_list x (inorder l) @ a # inorder r"
nipkow@61749
    81
 "sorted(inorder r) \<Longrightarrow>  inorder(delR x l a r) =
nipkow@61224
    82
    inorder l @ a # del_list x (inorder r)"
nipkow@61749
    83
by(induction x t and x l a r and x l a r rule: del_delL_delR.induct)
nipkow@61231
    84
  (auto simp: del_list_simps inorder_combine inorder_balL inorder_balR)
nipkow@61224
    85
nipkow@61749
    86
lemma inorder_delete:
nipkow@61749
    87
  "sorted(inorder t) \<Longrightarrow> inorder(delete x t) = del_list x (inorder t)"
nipkow@61749
    88
by (auto simp: delete_def inorder_del inorder_paint)
nipkow@61749
    89
nipkow@61581
    90
nipkow@61224
    91
interpretation Set_by_Ordered
nipkow@61224
    92
where empty = Leaf and isin = isin and insert = insert and delete = delete
nipkow@61588
    93
and inorder = inorder and inv = "\<lambda>_. True"
nipkow@61224
    94
proof (standard, goal_cases)
nipkow@61224
    95
  case 1 show ?case by simp
nipkow@61224
    96
next
nipkow@61224
    97
  case 2 thus ?case by(simp add: isin_set)
nipkow@61224
    98
next
nipkow@61224
    99
  case 3 thus ?case by(simp add: inorder_insert)
nipkow@61224
   100
next
nipkow@61749
   101
  case 4 thus ?case by(simp add: inorder_delete)
nipkow@61749
   102
qed auto
nipkow@61224
   103
nipkow@61754
   104
nipkow@61754
   105
subsection \<open>Structural invariants\<close>
nipkow@61754
   106
nipkow@61754
   107
fun color :: "'a rbt \<Rightarrow> color" where
nipkow@61754
   108
"color Leaf = Black" |
nipkow@61754
   109
"color (Node c _ _ _) = c"
nipkow@61754
   110
nipkow@61754
   111
fun bheight :: "'a rbt \<Rightarrow> nat" where
nipkow@61754
   112
"bheight Leaf = 0" |
nipkow@61754
   113
"bheight (Node c l x r) = (if c = Black then Suc(bheight l) else bheight l)"
nipkow@61754
   114
nipkow@61754
   115
fun inv1 :: "'a rbt \<Rightarrow> bool" where
nipkow@61754
   116
"inv1 Leaf = True" |
nipkow@61754
   117
"inv1 (Node c l a r) =
nipkow@61754
   118
  (inv1 l \<and> inv1 r \<and> (c = Black \<or> color l = Black \<and> color r = Black))"
nipkow@61754
   119
nipkow@61754
   120
fun inv1_root :: "'a rbt \<Rightarrow> bool" \<comment> \<open>Weaker version\<close> where
nipkow@61754
   121
"inv1_root Leaf = True" |
nipkow@61754
   122
"inv1_root (Node c l a r) = (inv1 l \<and> inv1 r)"
nipkow@61754
   123
nipkow@61754
   124
fun inv2 :: "'a rbt \<Rightarrow> bool" where
nipkow@61754
   125
"inv2 Leaf = True" |
nipkow@61754
   126
"inv2 (Node c l x r) = (inv2 l \<and> inv2 r \<and> bheight l = bheight r)"
nipkow@61754
   127
nipkow@61754
   128
lemma inv1_rootI[simp]: "inv1 t \<Longrightarrow> inv1_root t"
nipkow@61754
   129
by (cases t) simp+
nipkow@61754
   130
nipkow@61754
   131
definition rbt :: "'a rbt \<Rightarrow> bool" where
nipkow@61754
   132
"rbt t = (inv1 t \<and> inv2 t \<and> color t = Black)"
nipkow@61754
   133
nipkow@61754
   134
lemma color_paint_Black: "color (paint Black t) = Black"
nipkow@61754
   135
by (cases t) auto
nipkow@61754
   136
nipkow@61754
   137
theorem rbt_Leaf: "rbt Leaf"
nipkow@61754
   138
by (simp add: rbt_def)
nipkow@61754
   139
nipkow@61754
   140
lemma paint_inv1_root: "inv1_root t \<Longrightarrow> inv1_root (paint c t)"
nipkow@61754
   141
by (cases t) auto
nipkow@61754
   142
nipkow@61754
   143
lemma inv1_paint_Black: "inv1_root t \<Longrightarrow> inv1 (paint Black t)"
nipkow@61754
   144
by (cases t) auto
nipkow@61754
   145
nipkow@61754
   146
lemma inv2_paint: "inv2 t \<Longrightarrow> inv2 (paint c t)"
nipkow@61754
   147
by (cases t) auto
nipkow@61754
   148
nipkow@61754
   149
lemma inv1_bal: "\<lbrakk>inv1_root l; inv1_root r\<rbrakk> \<Longrightarrow> inv1 (bal l a r)" 
nipkow@61754
   150
by (induct l a r rule: bal.induct) auto
nipkow@61754
   151
nipkow@61754
   152
lemma bheight_bal:
nipkow@61754
   153
  "bheight l = bheight r \<Longrightarrow> bheight (bal l a r) = Suc (bheight l)"
nipkow@61754
   154
by (induct l a r rule: bal.induct) auto
nipkow@61754
   155
nipkow@61754
   156
lemma inv2_bal: 
nipkow@61754
   157
  "\<lbrakk> inv2 l; inv2 r; bheight l = bheight r \<rbrakk> \<Longrightarrow> inv2 (bal l a r)"
nipkow@61754
   158
by (induct l a r rule: bal.induct) auto
nipkow@61754
   159
nipkow@61754
   160
nipkow@61754
   161
subsubsection \<open>Insertion\<close>
nipkow@61754
   162
nipkow@61754
   163
lemma inv1_ins: assumes "inv1 t"
nipkow@61754
   164
  shows "color t = Black \<Longrightarrow> inv1 (ins x t)" "inv1_root (ins x t)"
nipkow@61754
   165
using assms
nipkow@61754
   166
by (induct x t rule: ins.induct) (auto simp: inv1_bal)
nipkow@61754
   167
nipkow@61754
   168
lemma inv2_ins: assumes "inv2 t"
nipkow@61754
   169
  shows "inv2 (ins x t)" "bheight (ins x t) = bheight t"
nipkow@61754
   170
using assms
nipkow@61754
   171
by (induct x t rule: ins.induct) (auto simp: inv2_bal bheight_bal)
nipkow@61754
   172
nipkow@61754
   173
theorem rbt_ins: "rbt t \<Longrightarrow> rbt (insert x t)"
nipkow@61754
   174
by (simp add: inv1_ins inv2_ins color_paint_Black inv1_paint_Black inv2_paint
nipkow@61754
   175
  rbt_def insert_def)
nipkow@61754
   176
nipkow@61754
   177
(*
nipkow@61754
   178
lemma bheight_paintR'[simp]: "color t = Black \<Longrightarrow> bheight (paint Red t) = bheight t - 1"
nipkow@61754
   179
by (cases t) auto
nipkow@61754
   180
nipkow@61754
   181
lemma balL_inv2_with_inv1:
nipkow@61754
   182
  assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "inv1 rt"
nipkow@61754
   183
  shows "bheight (balL lt a rt) = bheight lt + 1"  "inv2 (balL lt a rt)"
nipkow@61754
   184
using assms 
nipkow@61754
   185
by (induct lt a rt rule: balL.induct) (auto simp: inv2_bal inv2_paint bheight_bal)
nipkow@61754
   186
nipkow@61754
   187
lemma balL_inv2_app: 
nipkow@61754
   188
  assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "color rt = Black"
nipkow@61754
   189
  shows "inv2 (balL lt a rt)" 
nipkow@61754
   190
        "bheight (balL lt a rt) = bheight rt"
nipkow@61754
   191
using assms 
nipkow@61754
   192
by (induct lt a rt rule: balL.induct) (auto simp add: inv2_bal bheight_bal) 
nipkow@61754
   193
nipkow@61754
   194
lemma balL_inv1: "\<lbrakk>inv1_root l; inv1 r; color r = Black\<rbrakk> \<Longrightarrow> inv1 (balL l a r)"
nipkow@61754
   195
by (induct l a r rule: balL.induct) (simp_all add: inv1_bal)
nipkow@61754
   196
nipkow@61754
   197
lemma balL_inv1_root: "\<lbrakk> inv1_root lt; inv1 rt \<rbrakk> \<Longrightarrow> inv1_root (balL lt a rt)"
nipkow@61754
   198
by (induct lt a rt rule: balL.induct) (auto simp: inv1_bal paint_inv1_root)
nipkow@61754
   199
nipkow@61754
   200
lemma balR_inv2_with_inv1:
nipkow@61754
   201
  assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt + 1" "inv1 lt"
nipkow@61754
   202
  shows "inv2 (balR lt a rt) \<and> bheight (balR lt a rt) = bheight lt"
nipkow@61754
   203
using assms
nipkow@61754
   204
by(induct lt a rt rule: balR.induct)(auto simp: inv2_bal bheight_bal inv2_paint)
nipkow@61754
   205
nipkow@61754
   206
lemma balR_inv1: "\<lbrakk>inv1 a; inv1_root b; color a = Black\<rbrakk> \<Longrightarrow> inv1 (balR a x b)"
nipkow@61754
   207
by (induct a x b rule: balR.induct) (simp_all add: inv1_bal)
nipkow@61754
   208
nipkow@61754
   209
lemma balR_inv1_root: "\<lbrakk> inv1 lt; inv1_root rt \<rbrakk> \<Longrightarrow>inv1_root (balR lt x rt)"
nipkow@61754
   210
by (induct lt x rt rule: balR.induct) (auto simp: inv1_bal paint_inv1_root)
nipkow@61754
   211
nipkow@61754
   212
lemma combine_inv2:
nipkow@61754
   213
  assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt"
nipkow@61754
   214
  shows "bheight (combine lt rt) = bheight lt" "inv2 (combine lt rt)"
nipkow@61754
   215
using assms 
nipkow@61754
   216
by (induct lt rt rule: combine.induct) 
nipkow@61754
   217
   (auto simp: balL_inv2_app split: tree.splits color.splits)
nipkow@61754
   218
nipkow@61754
   219
lemma combine_inv1: 
nipkow@61754
   220
  assumes "inv1 lt" "inv1 rt"
nipkow@61754
   221
  shows "color lt = Black \<Longrightarrow> color rt = Black \<Longrightarrow> inv1 (combine lt rt)"
nipkow@61754
   222
         "inv1_root (combine lt rt)"
nipkow@61754
   223
using assms 
nipkow@61754
   224
by (induct lt rt rule: combine.induct)
nipkow@61754
   225
   (auto simp: balL_inv1 split: tree.splits color.splits)
nipkow@61754
   226
nipkow@61754
   227
nipkow@61754
   228
lemma 
nipkow@61754
   229
  assumes "inv2 lt" "inv1 lt"
nipkow@61754
   230
  shows
nipkow@61754
   231
  "\<lbrakk>inv2 rt; bheight lt = bheight rt; inv1 rt\<rbrakk> \<Longrightarrow>
nipkow@61754
   232
   inv2 (rbt_del_from_left x lt k v rt) \<and> 
nipkow@61754
   233
   bheight (rbt_del_from_left x lt k v rt) = bheight lt \<and> 
nipkow@61754
   234
   (color_of lt = B \<and> color_of rt = B \<and> inv1 (rbt_del_from_left x lt k v rt) \<or> 
nipkow@61754
   235
    (color_of lt \<noteq> B \<or> color_of rt \<noteq> B) \<and> inv1l (rbt_del_from_left x lt k v rt))"
nipkow@61754
   236
  and "\<lbrakk>inv2 rt; bheight lt = bheight rt; inv1 rt\<rbrakk> \<Longrightarrow>
nipkow@61754
   237
  inv2 (rbt_del_from_right x lt k v rt) \<and> 
nipkow@61754
   238
  bheight (rbt_del_from_right x lt k v rt) = bheight lt \<and> 
nipkow@61754
   239
  (color_of lt = B \<and> color_of rt = B \<and> inv1 (rbt_del_from_right x lt k v rt) \<or> 
nipkow@61754
   240
   (color_of lt \<noteq> B \<or> color_of rt \<noteq> B) \<and> inv1l (rbt_del_from_right x lt k v rt))"
nipkow@61754
   241
  and rbt_del_inv1_inv2: "inv2 (rbt_del x lt) \<and> (color_of lt = R \<and> bheight (rbt_del x lt) = bheight lt \<and> inv1 (rbt_del x lt) 
nipkow@61754
   242
  \<or> color_of lt = B \<and> bheight (rbt_del x lt) = bheight lt - 1 \<and> inv1l (rbt_del x lt))"
nipkow@61754
   243
using assms
nipkow@61754
   244
proof (induct x lt k v rt and x lt k v rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
nipkow@61754
   245
case (2 y c _ y')
nipkow@61754
   246
  have "y = y' \<or> y < y' \<or> y > y'" by auto
nipkow@61754
   247
  thus ?case proof (elim disjE)
nipkow@61754
   248
    assume "y = y'"
nipkow@61754
   249
    with 2 show ?thesis by (cases c) (simp add: combine_inv2 combine_inv1)+
nipkow@61754
   250
  next
nipkow@61754
   251
    assume "y < y'"
nipkow@61754
   252
    with 2 show ?thesis by (cases c) auto
nipkow@61754
   253
  next
nipkow@61754
   254
    assume "y' < y"
nipkow@61754
   255
    with 2 show ?thesis by (cases c) auto
nipkow@61754
   256
  qed
nipkow@61754
   257
next
nipkow@61754
   258
  case (3 y lt z v rta y' ss bb) 
nipkow@61754
   259
  thus ?case by (cases "color_of (Branch B lt z v rta) = B \<and> color_of bb = B") (simp add: balance_left_inv2_with_inv1 balance_left_inv1 balance_left_inv1l)+
nipkow@61754
   260
next
nipkow@61754
   261
  case (5 y a y' ss lt z v rta)
nipkow@61754
   262
  thus ?case by (cases "color_of a = B \<and> color_of (Branch B lt z v rta) = B") (simp add: balance_right_inv2_with_inv1 balance_right_inv1 balance_right_inv1l)+
nipkow@61754
   263
next
nipkow@61754
   264
  case ("6_1" y a y' ss) thus ?case by (cases "color_of a = B \<and> color_of Empty = B") simp+
nipkow@61754
   265
qed auto
nipkow@61754
   266
nipkow@61754
   267
theorem rbt_delete_is_rbt [simp]: assumes "rbt t" shows "rbt (delete k t)"
nipkow@61754
   268
proof -
nipkow@61754
   269
  from assms have "inv2 t" and "inv1 t" unfolding rbt_def by auto 
nipkow@61754
   270
  hence "inv2 (del k t) \<and> (color t = Red \<and> bheight (del k t) = bheight t \<and> inv1 (del k t) \<or> color t = Black \<and> bheight (del k t) = bheight t - 1 \<and> inv1_root (del k t))"
nipkow@61754
   271
    by (rule rbt_del_inv1_inv2)
nipkow@61754
   272
  hence "inv2 (del k t) \<and> inv1l (rbt_del k t)" by (cases "color_of t") auto
nipkow@61754
   273
  with assms show ?thesis
nipkow@61754
   274
    unfolding is_rbt_def rbt_delete_def
nipkow@61754
   275
    by (auto intro: paint_rbt_sorted rbt_del_rbt_sorted)
nipkow@61754
   276
qed
nipkow@61754
   277
*)
nipkow@61224
   278
end