src/HOL/Library/RBT_Impl.thy
author wenzelm
Wed Sep 12 13:42:28 2012 +0200 (2012-09-12)
changeset 49322 fbb320d02420
parent 48621 877df57629e3
child 49480 4632b867fba7
permissions -rw-r--r--
tuned headers;
wenzelm@47455
     1
(*  Title:      HOL/Library/RBT_Impl.thy
krauss@26192
     2
    Author:     Markus Reiter, TU Muenchen
krauss@26192
     3
    Author:     Alexander Krauss, TU Muenchen
krauss@26192
     4
*)
krauss@26192
     5
haftmann@36147
     6
header {* Implementation of Red-Black Trees *}
krauss@26192
     7
haftmann@36147
     8
theory RBT_Impl
haftmann@45990
     9
imports Main
krauss@26192
    10
begin
krauss@26192
    11
haftmann@36147
    12
text {*
haftmann@36147
    13
  For applications, you should use theory @{text RBT} which defines
haftmann@36147
    14
  an abstract type of red-black tree obeying the invariant.
haftmann@36147
    15
*}
haftmann@36147
    16
haftmann@35550
    17
subsection {* Datatype of RB trees *}
haftmann@35550
    18
krauss@26192
    19
datatype color = R | B
haftmann@35534
    20
datatype ('a, 'b) rbt = Empty | Branch color "('a, 'b) rbt" 'a 'b "('a, 'b) rbt"
haftmann@35534
    21
haftmann@35534
    22
lemma rbt_cases:
haftmann@35534
    23
  obtains (Empty) "t = Empty" 
haftmann@35534
    24
  | (Red) l k v r where "t = Branch R l k v r" 
haftmann@35534
    25
  | (Black) l k v r where "t = Branch B l k v r"
haftmann@35534
    26
proof (cases t)
haftmann@35534
    27
  case Empty with that show thesis by blast
haftmann@35534
    28
next
haftmann@35534
    29
  case (Branch c) with that show thesis by (cases c) blast+
haftmann@35534
    30
qed
haftmann@35534
    31
haftmann@35550
    32
subsection {* Tree properties *}
haftmann@35534
    33
haftmann@35550
    34
subsubsection {* Content of a tree *}
haftmann@35550
    35
haftmann@35550
    36
primrec entries :: "('a, 'b) rbt \<Rightarrow> ('a \<times> 'b) list"
haftmann@35534
    37
where 
haftmann@35534
    38
  "entries Empty = []"
haftmann@35534
    39
| "entries (Branch _ l k v r) = entries l @ (k,v) # entries r"
krauss@26192
    40
haftmann@35550
    41
abbreviation (input) entry_in_tree :: "'a \<Rightarrow> 'b \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"
krauss@26192
    42
where
haftmann@35550
    43
  "entry_in_tree k v t \<equiv> (k, v) \<in> set (entries t)"
haftmann@35550
    44
haftmann@35550
    45
definition keys :: "('a, 'b) rbt \<Rightarrow> 'a list" where
haftmann@35550
    46
  "keys t = map fst (entries t)"
krauss@26192
    47
haftmann@35550
    48
lemma keys_simps [simp, code]:
haftmann@35550
    49
  "keys Empty = []"
haftmann@35550
    50
  "keys (Branch c l k v r) = keys l @ k # keys r"
haftmann@35550
    51
  by (simp_all add: keys_def)
krauss@26192
    52
haftmann@35534
    53
lemma entry_in_tree_keys:
haftmann@35550
    54
  assumes "(k, v) \<in> set (entries t)"
haftmann@35550
    55
  shows "k \<in> set (keys t)"
haftmann@35550
    56
proof -
haftmann@35550
    57
  from assms have "fst (k, v) \<in> fst ` set (entries t)" by (rule imageI)
haftmann@35550
    58
  then show ?thesis by (simp add: keys_def)
haftmann@35550
    59
qed
haftmann@35550
    60
haftmann@35602
    61
lemma keys_entries:
haftmann@35602
    62
  "k \<in> set (keys t) \<longleftrightarrow> (\<exists>v. (k, v) \<in> set (entries t))"
haftmann@35602
    63
  by (auto intro: entry_in_tree_keys) (auto simp add: keys_def)
haftmann@35602
    64
kuncar@48621
    65
lemma non_empty_rbt_keys: 
kuncar@48621
    66
  "t \<noteq> rbt.Empty \<Longrightarrow> keys t \<noteq> []"
kuncar@48621
    67
  by (cases t) simp_all
haftmann@35550
    68
haftmann@35550
    69
subsubsection {* Search tree properties *}
krauss@26192
    70
Andreas@47450
    71
context ord begin
haftmann@35534
    72
Andreas@47450
    73
definition rbt_less :: "'a \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"
Andreas@47450
    74
where
Andreas@47450
    75
  rbt_less_prop: "rbt_less k t \<longleftrightarrow> (\<forall>x\<in>set (keys t). x < k)"
krauss@26192
    76
Andreas@47450
    77
abbreviation rbt_less_symbol (infix "|\<guillemotleft>" 50)
Andreas@47450
    78
where "t |\<guillemotleft> x \<equiv> rbt_less x t"
Andreas@47450
    79
Andreas@47450
    80
definition rbt_greater :: "'a \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool" (infix "\<guillemotleft>|" 50) 
haftmann@35534
    81
where
Andreas@47450
    82
  rbt_greater_prop: "rbt_greater k t = (\<forall>x\<in>set (keys t). k < x)"
krauss@26192
    83
Andreas@47450
    84
lemma rbt_less_simps [simp]:
Andreas@47450
    85
  "Empty |\<guillemotleft> k = True"
Andreas@47450
    86
  "Branch c lt kt v rt |\<guillemotleft> k \<longleftrightarrow> kt < k \<and> lt |\<guillemotleft> k \<and> rt |\<guillemotleft> k"
Andreas@47450
    87
  by (auto simp add: rbt_less_prop)
krauss@26192
    88
Andreas@47450
    89
lemma rbt_greater_simps [simp]:
Andreas@47450
    90
  "k \<guillemotleft>| Empty = True"
Andreas@47450
    91
  "k \<guillemotleft>| (Branch c lt kt v rt) \<longleftrightarrow> k < kt \<and> k \<guillemotleft>| lt \<and> k \<guillemotleft>| rt"
Andreas@47450
    92
  by (auto simp add: rbt_greater_prop)
krauss@26192
    93
Andreas@47450
    94
lemmas rbt_ord_props = rbt_less_prop rbt_greater_prop
Andreas@47450
    95
Andreas@47450
    96
lemmas rbt_greater_nit = rbt_greater_prop entry_in_tree_keys
Andreas@47450
    97
lemmas rbt_less_nit = rbt_less_prop entry_in_tree_keys
krauss@26192
    98
Andreas@47450
    99
lemma (in order)
Andreas@47450
   100
  shows rbt_less_eq_trans: "l |\<guillemotleft> u \<Longrightarrow> u \<le> v \<Longrightarrow> l |\<guillemotleft> v"
Andreas@47450
   101
  and rbt_less_trans: "t |\<guillemotleft> x \<Longrightarrow> x < y \<Longrightarrow> t |\<guillemotleft> y"
Andreas@47450
   102
  and rbt_greater_eq_trans: "u \<le> v \<Longrightarrow> v \<guillemotleft>| r \<Longrightarrow> u \<guillemotleft>| r"
Andreas@47450
   103
  and rbt_greater_trans: "x < y \<Longrightarrow> y \<guillemotleft>| t \<Longrightarrow> x \<guillemotleft>| t"
Andreas@47450
   104
  by (auto simp: rbt_ord_props)
krauss@26192
   105
Andreas@47450
   106
primrec rbt_sorted :: "('a, 'b) rbt \<Rightarrow> bool"
krauss@26192
   107
where
Andreas@47450
   108
  "rbt_sorted Empty = True"
Andreas@47450
   109
| "rbt_sorted (Branch c l k v r) = (l |\<guillemotleft> k \<and> k \<guillemotleft>| r \<and> rbt_sorted l \<and> rbt_sorted r)"
Andreas@47450
   110
Andreas@47450
   111
end
krauss@26192
   112
Andreas@47450
   113
context linorder begin
Andreas@47450
   114
Andreas@47450
   115
lemma rbt_sorted_entries:
Andreas@47450
   116
  "rbt_sorted t \<Longrightarrow> List.sorted (List.map fst (entries t))"
haftmann@35550
   117
by (induct t) 
Andreas@47450
   118
  (force simp: sorted_append sorted_Cons rbt_ord_props 
haftmann@35550
   119
      dest!: entry_in_tree_keys)+
haftmann@35550
   120
haftmann@35550
   121
lemma distinct_entries:
Andreas@47450
   122
  "rbt_sorted t \<Longrightarrow> distinct (List.map fst (entries t))"
haftmann@35550
   123
by (induct t) 
Andreas@47450
   124
  (force simp: sorted_append sorted_Cons rbt_ord_props 
haftmann@35550
   125
      dest!: entry_in_tree_keys)+
haftmann@35550
   126
kuncar@48621
   127
lemma distinct_keys:
kuncar@48621
   128
  "rbt_sorted t \<Longrightarrow> distinct (keys t)"
kuncar@48621
   129
  by (simp add: distinct_entries keys_def)
kuncar@48621
   130
kuncar@48621
   131
haftmann@35550
   132
subsubsection {* Tree lookup *}
haftmann@35550
   133
Andreas@47450
   134
primrec (in ord) rbt_lookup :: "('a, 'b) rbt \<Rightarrow> 'a \<rightharpoonup> 'b"
haftmann@35534
   135
where
Andreas@47450
   136
  "rbt_lookup Empty k = None"
Andreas@47450
   137
| "rbt_lookup (Branch _ l x y r) k = 
Andreas@47450
   138
   (if k < x then rbt_lookup l k else if x < k then rbt_lookup r k else Some y)"
haftmann@35534
   139
Andreas@47450
   140
lemma rbt_lookup_keys: "rbt_sorted t \<Longrightarrow> dom (rbt_lookup t) = set (keys t)"
Andreas@47450
   141
  by (induct t) (auto simp: dom_def rbt_greater_prop rbt_less_prop)
haftmann@35550
   142
Andreas@47450
   143
lemma dom_rbt_lookup_Branch: 
Andreas@47450
   144
  "rbt_sorted (Branch c t1 k v t2) \<Longrightarrow> 
Andreas@47450
   145
    dom (rbt_lookup (Branch c t1 k v t2)) 
Andreas@47450
   146
    = Set.insert k (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2))"
haftmann@35550
   147
proof -
Andreas@47450
   148
  assume "rbt_sorted (Branch c t1 k v t2)"
Andreas@47450
   149
  moreover from this have "rbt_sorted t1" "rbt_sorted t2" by simp_all
Andreas@47450
   150
  ultimately show ?thesis by (simp add: rbt_lookup_keys)
haftmann@35550
   151
qed
haftmann@35550
   152
Andreas@47450
   153
lemma finite_dom_rbt_lookup [simp, intro!]: "finite (dom (rbt_lookup t))"
haftmann@35550
   154
proof (induct t)
haftmann@35550
   155
  case Empty then show ?case by simp
haftmann@35550
   156
next
haftmann@35550
   157
  case (Branch color t1 a b t2)
Andreas@47450
   158
  let ?A = "Set.insert a (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2))"
Andreas@47450
   159
  have "dom (rbt_lookup (Branch color t1 a b t2)) \<subseteq> ?A" by (auto split: split_if_asm)
Andreas@47450
   160
  moreover from Branch have "finite (insert a (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2)))" by simp
haftmann@35550
   161
  ultimately show ?case by (rule finite_subset)
haftmann@35550
   162
qed 
haftmann@35550
   163
Andreas@47450
   164
end
Andreas@47450
   165
Andreas@47450
   166
context ord begin
Andreas@47450
   167
Andreas@47450
   168
lemma rbt_lookup_rbt_less[simp]: "t |\<guillemotleft> k \<Longrightarrow> rbt_lookup t k = None" 
krauss@26192
   169
by (induct t) auto
krauss@26192
   170
Andreas@47450
   171
lemma rbt_lookup_rbt_greater[simp]: "k \<guillemotleft>| t \<Longrightarrow> rbt_lookup t k = None"
krauss@26192
   172
by (induct t) auto
krauss@26192
   173
Andreas@47450
   174
lemma rbt_lookup_Empty: "rbt_lookup Empty = empty"
krauss@26192
   175
by (rule ext) simp
krauss@26192
   176
Andreas@47450
   177
end
Andreas@47450
   178
Andreas@47450
   179
context linorder begin
Andreas@47450
   180
haftmann@35618
   181
lemma map_of_entries:
Andreas@47450
   182
  "rbt_sorted t \<Longrightarrow> map_of (entries t) = rbt_lookup t"
haftmann@35550
   183
proof (induct t)
Andreas@47450
   184
  case Empty thus ?case by (simp add: rbt_lookup_Empty)
haftmann@35550
   185
next
haftmann@35550
   186
  case (Branch c t1 k v t2)
Andreas@47450
   187
  have "rbt_lookup (Branch c t1 k v t2) = rbt_lookup t2 ++ [k\<mapsto>v] ++ rbt_lookup t1"
haftmann@35550
   188
  proof (rule ext)
haftmann@35550
   189
    fix x
Andreas@47450
   190
    from Branch have RBT_SORTED: "rbt_sorted (Branch c t1 k v t2)" by simp
Andreas@47450
   191
    let ?thesis = "rbt_lookup (Branch c t1 k v t2) x = (rbt_lookup t2 ++ [k \<mapsto> v] ++ rbt_lookup t1) x"
haftmann@35550
   192
Andreas@47450
   193
    have DOM_T1: "!!k'. k'\<in>dom (rbt_lookup t1) \<Longrightarrow> k>k'"
haftmann@35550
   194
    proof -
haftmann@35550
   195
      fix k'
Andreas@47450
   196
      from RBT_SORTED have "t1 |\<guillemotleft> k" by simp
Andreas@47450
   197
      with rbt_less_prop have "\<forall>k'\<in>set (keys t1). k>k'" by auto
Andreas@47450
   198
      moreover assume "k'\<in>dom (rbt_lookup t1)"
Andreas@47450
   199
      ultimately show "k>k'" using rbt_lookup_keys RBT_SORTED by auto
haftmann@35550
   200
    qed
haftmann@35550
   201
    
Andreas@47450
   202
    have DOM_T2: "!!k'. k'\<in>dom (rbt_lookup t2) \<Longrightarrow> k<k'"
haftmann@35550
   203
    proof -
haftmann@35550
   204
      fix k'
Andreas@47450
   205
      from RBT_SORTED have "k \<guillemotleft>| t2" by simp
Andreas@47450
   206
      with rbt_greater_prop have "\<forall>k'\<in>set (keys t2). k<k'" by auto
Andreas@47450
   207
      moreover assume "k'\<in>dom (rbt_lookup t2)"
Andreas@47450
   208
      ultimately show "k<k'" using rbt_lookup_keys RBT_SORTED by auto
haftmann@35550
   209
    qed
haftmann@35550
   210
    
haftmann@35550
   211
    {
haftmann@35550
   212
      assume C: "x<k"
Andreas@47450
   213
      hence "rbt_lookup (Branch c t1 k v t2) x = rbt_lookup t1 x" by simp
haftmann@35550
   214
      moreover from C have "x\<notin>dom [k\<mapsto>v]" by simp
Andreas@47450
   215
      moreover have "x \<notin> dom (rbt_lookup t2)"
Andreas@47450
   216
      proof
Andreas@47450
   217
        assume "x \<in> dom (rbt_lookup t2)"
haftmann@35550
   218
        with DOM_T2 have "k<x" by blast
haftmann@35550
   219
        with C show False by simp
haftmann@35550
   220
      qed
haftmann@35550
   221
      ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
haftmann@35550
   222
    } moreover {
haftmann@35550
   223
      assume [simp]: "x=k"
Andreas@47450
   224
      hence "rbt_lookup (Branch c t1 k v t2) x = [k \<mapsto> v] x" by simp
Andreas@47450
   225
      moreover have "x \<notin> dom (rbt_lookup t1)" 
Andreas@47450
   226
      proof
Andreas@47450
   227
        assume "x \<in> dom (rbt_lookup t1)"
haftmann@35550
   228
        with DOM_T1 have "k>x" by blast
haftmann@35550
   229
        thus False by simp
haftmann@35550
   230
      qed
haftmann@35550
   231
      ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
haftmann@35550
   232
    } moreover {
haftmann@35550
   233
      assume C: "x>k"
Andreas@47450
   234
      hence "rbt_lookup (Branch c t1 k v t2) x = rbt_lookup t2 x" by (simp add: less_not_sym[of k x])
haftmann@35550
   235
      moreover from C have "x\<notin>dom [k\<mapsto>v]" by simp
Andreas@47450
   236
      moreover have "x\<notin>dom (rbt_lookup t1)" proof
Andreas@47450
   237
        assume "x\<in>dom (rbt_lookup t1)"
haftmann@35550
   238
        with DOM_T1 have "k>x" by simp
haftmann@35550
   239
        with C show False by simp
haftmann@35550
   240
      qed
haftmann@35550
   241
      ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
haftmann@35550
   242
    } ultimately show ?thesis using less_linear by blast
haftmann@35550
   243
  qed
Andreas@47450
   244
  also from Branch 
Andreas@47450
   245
  have "rbt_lookup t2 ++ [k \<mapsto> v] ++ rbt_lookup t1 = map_of (entries (Branch c t1 k v t2))" by simp
haftmann@35618
   246
  finally show ?case by simp
haftmann@35550
   247
qed
haftmann@35550
   248
Andreas@47450
   249
lemma rbt_lookup_in_tree: "rbt_sorted t \<Longrightarrow> rbt_lookup t k = Some v \<longleftrightarrow> (k, v) \<in> set (entries t)"
haftmann@35618
   250
  by (simp add: map_of_entries [symmetric] distinct_entries)
haftmann@35602
   251
haftmann@35602
   252
lemma set_entries_inject:
Andreas@47450
   253
  assumes rbt_sorted: "rbt_sorted t1" "rbt_sorted t2" 
haftmann@35602
   254
  shows "set (entries t1) = set (entries t2) \<longleftrightarrow> entries t1 = entries t2"
haftmann@35602
   255
proof -
Andreas@47450
   256
  from rbt_sorted have "distinct (map fst (entries t1))"
haftmann@35602
   257
    "distinct (map fst (entries t2))"
haftmann@35602
   258
    by (auto intro: distinct_entries)
Andreas@47450
   259
  with rbt_sorted show ?thesis
Andreas@47450
   260
    by (auto intro: map_sorted_distinct_set_unique rbt_sorted_entries simp add: distinct_map)
haftmann@35602
   261
qed
haftmann@35550
   262
haftmann@35550
   263
lemma entries_eqI:
Andreas@47450
   264
  assumes rbt_sorted: "rbt_sorted t1" "rbt_sorted t2" 
Andreas@47450
   265
  assumes rbt_lookup: "rbt_lookup t1 = rbt_lookup t2"
haftmann@35602
   266
  shows "entries t1 = entries t2"
haftmann@35550
   267
proof -
Andreas@47450
   268
  from rbt_sorted rbt_lookup have "map_of (entries t1) = map_of (entries t2)"
haftmann@35618
   269
    by (simp add: map_of_entries)
Andreas@47450
   270
  with rbt_sorted have "set (entries t1) = set (entries t2)"
haftmann@35602
   271
    by (simp add: map_of_inject_set distinct_entries)
Andreas@47450
   272
  with rbt_sorted show ?thesis by (simp add: set_entries_inject)
haftmann@35602
   273
qed
haftmann@35550
   274
Andreas@47450
   275
lemma entries_rbt_lookup:
Andreas@47450
   276
  assumes "rbt_sorted t1" "rbt_sorted t2" 
Andreas@47450
   277
  shows "entries t1 = entries t2 \<longleftrightarrow> rbt_lookup t1 = rbt_lookup t2"
haftmann@35618
   278
  using assms by (auto intro: entries_eqI simp add: map_of_entries [symmetric])
haftmann@35602
   279
Andreas@47450
   280
lemma rbt_lookup_from_in_tree: 
Andreas@47450
   281
  assumes "rbt_sorted t1" "rbt_sorted t2" 
Andreas@47450
   282
  and "\<And>v. (k, v) \<in> set (entries t1) \<longleftrightarrow> (k, v) \<in> set (entries t2)" 
Andreas@47450
   283
  shows "rbt_lookup t1 k = rbt_lookup t2 k"
haftmann@35602
   284
proof -
Andreas@47450
   285
  from assms have "k \<in> dom (rbt_lookup t1) \<longleftrightarrow> k \<in> dom (rbt_lookup t2)"
Andreas@47450
   286
    by (simp add: keys_entries rbt_lookup_keys)
Andreas@47450
   287
  with assms show ?thesis by (auto simp add: rbt_lookup_in_tree [symmetric])
krauss@26192
   288
qed
krauss@26192
   289
Andreas@47450
   290
end
haftmann@35550
   291
haftmann@35550
   292
subsubsection {* Red-black properties *}
krauss@26192
   293
haftmann@35534
   294
primrec color_of :: "('a, 'b) rbt \<Rightarrow> color"
krauss@26192
   295
where
haftmann@35534
   296
  "color_of Empty = B"
haftmann@35534
   297
| "color_of (Branch c _ _ _ _) = c"
krauss@26192
   298
haftmann@35534
   299
primrec bheight :: "('a,'b) rbt \<Rightarrow> nat"
haftmann@35534
   300
where
haftmann@35534
   301
  "bheight Empty = 0"
haftmann@35534
   302
| "bheight (Branch c lt k v rt) = (if c = B then Suc (bheight lt) else bheight lt)"
haftmann@35534
   303
haftmann@35534
   304
primrec inv1 :: "('a, 'b) rbt \<Rightarrow> bool"
krauss@26192
   305
where
krauss@26192
   306
  "inv1 Empty = True"
haftmann@35534
   307
| "inv1 (Branch c lt k v rt) \<longleftrightarrow> inv1 lt \<and> inv1 rt \<and> (c = B \<or> color_of lt = B \<and> color_of rt = B)"
krauss@26192
   308
haftmann@35534
   309
primrec inv1l :: "('a, 'b) rbt \<Rightarrow> bool" -- {* Weaker version *}
krauss@26192
   310
where
krauss@26192
   311
  "inv1l Empty = True"
haftmann@35534
   312
| "inv1l (Branch c l k v r) = (inv1 l \<and> inv1 r)"
krauss@26192
   313
lemma [simp]: "inv1 t \<Longrightarrow> inv1l t" by (cases t) simp+
krauss@26192
   314
haftmann@35534
   315
primrec inv2 :: "('a, 'b) rbt \<Rightarrow> bool"
krauss@26192
   316
where
krauss@26192
   317
  "inv2 Empty = True"
haftmann@35534
   318
| "inv2 (Branch c lt k v rt) = (inv2 lt \<and> inv2 rt \<and> bheight lt = bheight rt)"
krauss@26192
   319
Andreas@47450
   320
context ord begin
krauss@26192
   321
Andreas@47450
   322
definition is_rbt :: "('a, 'b) rbt \<Rightarrow> bool" where
Andreas@47450
   323
  "is_rbt t \<longleftrightarrow> inv1 t \<and> inv2 t \<and> color_of t = B \<and> rbt_sorted t"
Andreas@47450
   324
Andreas@47450
   325
lemma is_rbt_rbt_sorted [simp]:
Andreas@47450
   326
  "is_rbt t \<Longrightarrow> rbt_sorted t" by (simp add: is_rbt_def)
krauss@26192
   327
haftmann@35534
   328
theorem Empty_is_rbt [simp]:
haftmann@35534
   329
  "is_rbt Empty" by (simp add: is_rbt_def)
krauss@26192
   330
Andreas@47450
   331
end
krauss@26192
   332
krauss@26192
   333
subsection {* Insertion *}
krauss@26192
   334
krauss@26192
   335
fun (* slow, due to massive case splitting *)
krauss@26192
   336
  balance :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   337
where
haftmann@35534
   338
  "balance (Branch R a w x b) s t (Branch R c y z d) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   339
  "balance (Branch R (Branch R a w x b) s t c) y z d = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   340
  "balance (Branch R a w x (Branch R b s t c)) y z d = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   341
  "balance a w x (Branch R b s t (Branch R c y z d)) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   342
  "balance a w x (Branch R (Branch R b s t c) y z d) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
haftmann@35534
   343
  "balance a s t b = Branch B a s t b"
krauss@26192
   344
krauss@26192
   345
lemma balance_inv1: "\<lbrakk>inv1l l; inv1l r\<rbrakk> \<Longrightarrow> inv1 (balance l k v r)" 
krauss@26192
   346
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   347
haftmann@35534
   348
lemma balance_bheight: "bheight l = bheight r \<Longrightarrow> bheight (balance l k v r) = Suc (bheight l)"
krauss@26192
   349
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   350
krauss@26192
   351
lemma balance_inv2: 
haftmann@35534
   352
  assumes "inv2 l" "inv2 r" "bheight l = bheight r"
krauss@26192
   353
  shows "inv2 (balance l k v r)"
krauss@26192
   354
  using assms
krauss@26192
   355
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   356
Andreas@47450
   357
context ord begin
Andreas@47450
   358
Andreas@47450
   359
lemma balance_rbt_greater[simp]: "(v \<guillemotleft>| balance a k x b) = (v \<guillemotleft>| a \<and> v \<guillemotleft>| b \<and> v < k)" 
krauss@26192
   360
  by (induct a k x b rule: balance.induct) auto
krauss@26192
   361
Andreas@47450
   362
lemma balance_rbt_less[simp]: "(balance a k x b |\<guillemotleft> v) = (a |\<guillemotleft> v \<and> b |\<guillemotleft> v \<and> k < v)"
krauss@26192
   363
  by (induct a k x b rule: balance.induct) auto
krauss@26192
   364
Andreas@47450
   365
end
Andreas@47450
   366
Andreas@47450
   367
lemma (in linorder) balance_rbt_sorted: 
Andreas@47450
   368
  fixes k :: "'a"
Andreas@47450
   369
  assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
Andreas@47450
   370
  shows "rbt_sorted (balance l k v r)"
krauss@26192
   371
using assms proof (induct l k v r rule: balance.induct)
krauss@26192
   372
  case ("2_2" a x w b y t c z s va vb vd vc)
haftmann@35534
   373
  hence "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc" 
Andreas@47450
   374
    by (auto simp add: rbt_ord_props)
Andreas@47450
   375
  hence "y \<guillemotleft>| (Branch B va vb vd vc)" by (blast dest: rbt_greater_trans)
krauss@26192
   376
  with "2_2" show ?case by simp
krauss@26192
   377
next
krauss@26192
   378
  case ("3_2" va vb vd vc x w b y s c z)
Andreas@47450
   379
  from "3_2" have "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x" 
haftmann@35534
   380
    by simp
Andreas@47450
   381
  hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
krauss@26192
   382
  with "3_2" show ?case by simp
krauss@26192
   383
next
krauss@26192
   384
  case ("3_3" x w b y s c z t va vb vd vc)
Andreas@47450
   385
  from "3_3" have "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc" by simp
Andreas@47450
   386
  hence "y \<guillemotleft>| Branch B va vb vd vc" by (blast dest: rbt_greater_trans)
krauss@26192
   387
  with "3_3" show ?case by simp
krauss@26192
   388
next
krauss@26192
   389
  case ("3_4" vd ve vg vf x w b y s c z t va vb vii vc)
Andreas@47450
   390
  hence "x < y \<and> Branch B vd ve vg vf |\<guillemotleft> x" by simp
Andreas@47450
   391
  hence 1: "Branch B vd ve vg vf |\<guillemotleft> y" by (blast dest: rbt_less_trans)
Andreas@47450
   392
  from "3_4" have "y < z \<and> z \<guillemotleft>| Branch B va vb vii vc" by simp
Andreas@47450
   393
  hence "y \<guillemotleft>| Branch B va vb vii vc" by (blast dest: rbt_greater_trans)
krauss@26192
   394
  with 1 "3_4" show ?case by simp
krauss@26192
   395
next
krauss@26192
   396
  case ("4_2" va vb vd vc x w b y s c z t dd)
Andreas@47450
   397
  hence "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x" by simp
Andreas@47450
   398
  hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
krauss@26192
   399
  with "4_2" show ?case by simp
krauss@26192
   400
next
krauss@26192
   401
  case ("5_2" x w b y s c z t va vb vd vc)
Andreas@47450
   402
  hence "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc" by simp
Andreas@47450
   403
  hence "y \<guillemotleft>| Branch B va vb vd vc" by (blast dest: rbt_greater_trans)
krauss@26192
   404
  with "5_2" show ?case by simp
krauss@26192
   405
next
krauss@26192
   406
  case ("5_3" va vb vd vc x w b y s c z t)
Andreas@47450
   407
  hence "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x" by simp
Andreas@47450
   408
  hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
krauss@26192
   409
  with "5_3" show ?case by simp
krauss@26192
   410
next
krauss@26192
   411
  case ("5_4" va vb vg vc x w b y s c z t vd ve vii vf)
Andreas@47450
   412
  hence "x < y \<and> Branch B va vb vg vc |\<guillemotleft> x" by simp
Andreas@47450
   413
  hence 1: "Branch B va vb vg vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
Andreas@47450
   414
  from "5_4" have "y < z \<and> z \<guillemotleft>| Branch B vd ve vii vf" by simp
Andreas@47450
   415
  hence "y \<guillemotleft>| Branch B vd ve vii vf" by (blast dest: rbt_greater_trans)
krauss@26192
   416
  with 1 "5_4" show ?case by simp
krauss@26192
   417
qed simp+
krauss@26192
   418
haftmann@35550
   419
lemma entries_balance [simp]:
haftmann@35550
   420
  "entries (balance l k v r) = entries l @ (k, v) # entries r"
haftmann@35550
   421
  by (induct l k v r rule: balance.induct) auto
krauss@26192
   422
haftmann@35550
   423
lemma keys_balance [simp]: 
haftmann@35550
   424
  "keys (balance l k v r) = keys l @ k # keys r"
haftmann@35550
   425
  by (simp add: keys_def)
haftmann@35550
   426
haftmann@35550
   427
lemma balance_in_tree:  
haftmann@35550
   428
  "entry_in_tree k x (balance l v y r) \<longleftrightarrow> entry_in_tree k x l \<or> k = v \<and> x = y \<or> entry_in_tree k x r"
haftmann@35550
   429
  by (auto simp add: keys_def)
krauss@26192
   430
Andreas@47450
   431
lemma (in linorder) rbt_lookup_balance[simp]: 
Andreas@47450
   432
fixes k :: "'a"
Andreas@47450
   433
assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
Andreas@47450
   434
shows "rbt_lookup (balance l k v r) x = rbt_lookup (Branch B l k v r) x"
Andreas@47450
   435
by (rule rbt_lookup_from_in_tree) (auto simp:assms balance_in_tree balance_rbt_sorted)
krauss@26192
   436
krauss@26192
   437
primrec paint :: "color \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   438
where
krauss@26192
   439
  "paint c Empty = Empty"
haftmann@35534
   440
| "paint c (Branch _ l k v r) = Branch c l k v r"
krauss@26192
   441
krauss@26192
   442
lemma paint_inv1l[simp]: "inv1l t \<Longrightarrow> inv1l (paint c t)" by (cases t) auto
krauss@26192
   443
lemma paint_inv1[simp]: "inv1l t \<Longrightarrow> inv1 (paint B t)" by (cases t) auto
krauss@26192
   444
lemma paint_inv2[simp]: "inv2 t \<Longrightarrow> inv2 (paint c t)" by (cases t) auto
haftmann@35534
   445
lemma paint_color_of[simp]: "color_of (paint B t) = B" by (cases t) auto
haftmann@35550
   446
lemma paint_in_tree[simp]: "entry_in_tree k x (paint c t) = entry_in_tree k x t" by (cases t) auto
Andreas@47450
   447
Andreas@47450
   448
context ord begin
Andreas@47450
   449
Andreas@47450
   450
lemma paint_rbt_sorted[simp]: "rbt_sorted t \<Longrightarrow> rbt_sorted (paint c t)" by (cases t) auto
Andreas@47450
   451
lemma paint_rbt_lookup[simp]: "rbt_lookup (paint c t) = rbt_lookup t" by (rule ext) (cases t, auto)
Andreas@47450
   452
lemma paint_rbt_greater[simp]: "(v \<guillemotleft>| paint c t) = (v \<guillemotleft>| t)" by (cases t) auto
Andreas@47450
   453
lemma paint_rbt_less[simp]: "(paint c t |\<guillemotleft> v) = (t |\<guillemotleft> v)" by (cases t) auto
krauss@26192
   454
krauss@26192
   455
fun
Andreas@47450
   456
  rbt_ins :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   457
where
Andreas@47450
   458
  "rbt_ins f k v Empty = Branch R Empty k v Empty" |
Andreas@47450
   459
  "rbt_ins f k v (Branch B l x y r) = (if k < x then balance (rbt_ins f k v l) x y r
Andreas@47450
   460
                                       else if k > x then balance l x y (rbt_ins f k v r)
Andreas@47450
   461
                                       else Branch B l x (f k y v) r)" |
Andreas@47450
   462
  "rbt_ins f k v (Branch R l x y r) = (if k < x then Branch R (rbt_ins f k v l) x y r
Andreas@47450
   463
                                       else if k > x then Branch R l x y (rbt_ins f k v r)
Andreas@47450
   464
                                       else Branch R l x (f k y v) r)"
krauss@26192
   465
krauss@26192
   466
lemma ins_inv1_inv2: 
krauss@26192
   467
  assumes "inv1 t" "inv2 t"
Andreas@47450
   468
  shows "inv2 (rbt_ins f k x t)" "bheight (rbt_ins f k x t) = bheight t" 
Andreas@47450
   469
  "color_of t = B \<Longrightarrow> inv1 (rbt_ins f k x t)" "inv1l (rbt_ins f k x t)"
krauss@26192
   470
  using assms
Andreas@47450
   471
  by (induct f k x t rule: rbt_ins.induct) (auto simp: balance_inv1 balance_inv2 balance_bheight)
Andreas@47450
   472
Andreas@47450
   473
end
Andreas@47450
   474
Andreas@47450
   475
context linorder begin
krauss@26192
   476
Andreas@47450
   477
lemma ins_rbt_greater[simp]: "(v \<guillemotleft>| rbt_ins f (k :: 'a) x t) = (v \<guillemotleft>| t \<and> k > v)"
Andreas@47450
   478
  by (induct f k x t rule: rbt_ins.induct) auto
Andreas@47450
   479
lemma ins_rbt_less[simp]: "(rbt_ins f k x t |\<guillemotleft> v) = (t |\<guillemotleft> v \<and> k < v)"
Andreas@47450
   480
  by (induct f k x t rule: rbt_ins.induct) auto
Andreas@47450
   481
lemma ins_rbt_sorted[simp]: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_ins f k x t)"
Andreas@47450
   482
  by (induct f k x t rule: rbt_ins.induct) (auto simp: balance_rbt_sorted)
krauss@26192
   483
Andreas@47450
   484
lemma keys_ins: "set (keys (rbt_ins f k v t)) = { k } \<union> set (keys t)"
Andreas@47450
   485
  by (induct f k v t rule: rbt_ins.induct) auto
krauss@26192
   486
Andreas@47450
   487
lemma rbt_lookup_ins: 
Andreas@47450
   488
  fixes k :: "'a"
Andreas@47450
   489
  assumes "rbt_sorted t"
Andreas@47450
   490
  shows "rbt_lookup (rbt_ins f k v t) x = ((rbt_lookup t)(k |-> case rbt_lookup t k of None \<Rightarrow> v 
Andreas@47450
   491
                                                                | Some w \<Rightarrow> f k w v)) x"
Andreas@47450
   492
using assms by (induct f k v t rule: rbt_ins.induct) auto
Andreas@47450
   493
Andreas@47450
   494
end
Andreas@47450
   495
Andreas@47450
   496
context ord begin
Andreas@47450
   497
Andreas@47450
   498
definition rbt_insert_with_key :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
Andreas@47450
   499
where "rbt_insert_with_key f k v t = paint B (rbt_ins f k v t)"
Andreas@47450
   500
Andreas@47450
   501
definition rbt_insertw_def: "rbt_insert_with f = rbt_insert_with_key (\<lambda>_. f)"
krauss@26192
   502
Andreas@47450
   503
definition rbt_insert :: "'a \<Rightarrow> 'b \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt" where
Andreas@47450
   504
  "rbt_insert = rbt_insert_with_key (\<lambda>_ _ nv. nv)"
Andreas@47450
   505
Andreas@47450
   506
end
Andreas@47450
   507
Andreas@47450
   508
context linorder begin
krauss@26192
   509
Andreas@47450
   510
lemma rbt_insertwk_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert_with_key f (k :: 'a) x t)"
Andreas@47450
   511
  by (auto simp: rbt_insert_with_key_def)
krauss@26192
   512
Andreas@47450
   513
theorem rbt_insertwk_is_rbt: 
haftmann@35534
   514
  assumes inv: "is_rbt t" 
Andreas@47450
   515
  shows "is_rbt (rbt_insert_with_key f k x t)"
krauss@26192
   516
using assms
Andreas@47450
   517
unfolding rbt_insert_with_key_def is_rbt_def
krauss@26192
   518
by (auto simp: ins_inv1_inv2)
krauss@26192
   519
Andreas@47450
   520
lemma rbt_lookup_rbt_insertwk: 
Andreas@47450
   521
  assumes "rbt_sorted t"
Andreas@47450
   522
  shows "rbt_lookup (rbt_insert_with_key f k v t) x = ((rbt_lookup t)(k |-> case rbt_lookup t k of None \<Rightarrow> v 
krauss@26192
   523
                                                       | Some w \<Rightarrow> f k w v)) x"
Andreas@47450
   524
unfolding rbt_insert_with_key_def using assms
Andreas@47450
   525
by (simp add:rbt_lookup_ins)
krauss@26192
   526
Andreas@47450
   527
lemma rbt_insertw_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert_with f k v t)" 
Andreas@47450
   528
  by (simp add: rbt_insertwk_rbt_sorted rbt_insertw_def)
Andreas@47450
   529
theorem rbt_insertw_is_rbt: "is_rbt t \<Longrightarrow> is_rbt (rbt_insert_with f k v t)"
Andreas@47450
   530
  by (simp add: rbt_insertwk_is_rbt rbt_insertw_def)
krauss@26192
   531
Andreas@47450
   532
lemma rbt_lookup_rbt_insertw:
haftmann@35534
   533
  assumes "is_rbt t"
Andreas@47450
   534
  shows "rbt_lookup (rbt_insert_with f k v t) = (rbt_lookup t)(k \<mapsto> (if k:dom (rbt_lookup t) then f (the (rbt_lookup t k)) v else v))"
krauss@26192
   535
using assms
Andreas@47450
   536
unfolding rbt_insertw_def
Andreas@47450
   537
by (rule_tac ext) (cases "rbt_lookup t k", auto simp:rbt_lookup_rbt_insertwk dom_def)
krauss@26192
   538
Andreas@47450
   539
lemma rbt_insert_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert k v t)"
Andreas@47450
   540
  by (simp add: rbt_insertwk_rbt_sorted rbt_insert_def)
Andreas@47450
   541
theorem rbt_insert_is_rbt [simp]: "is_rbt t \<Longrightarrow> is_rbt (rbt_insert k v t)"
Andreas@47450
   542
  by (simp add: rbt_insertwk_is_rbt rbt_insert_def)
krauss@26192
   543
Andreas@47450
   544
lemma rbt_lookup_rbt_insert: 
haftmann@35534
   545
  assumes "is_rbt t"
Andreas@47450
   546
  shows "rbt_lookup (rbt_insert k v t) = (rbt_lookup t)(k\<mapsto>v)"
Andreas@47450
   547
unfolding rbt_insert_def
krauss@26192
   548
using assms
Andreas@47450
   549
by (rule_tac ext) (simp add: rbt_lookup_rbt_insertwk split:option.split)
krauss@26192
   550
Andreas@47450
   551
end
krauss@26192
   552
krauss@26192
   553
subsection {* Deletion *}
krauss@26192
   554
haftmann@35534
   555
lemma bheight_paintR'[simp]: "color_of t = B \<Longrightarrow> bheight (paint R t) = bheight t - 1"
krauss@26192
   556
by (cases t rule: rbt_cases) auto
krauss@26192
   557
krauss@26192
   558
fun
haftmann@35550
   559
  balance_left :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   560
where
haftmann@35550
   561
  "balance_left (Branch R a k x b) s y c = Branch R (Branch B a k x b) s y c" |
haftmann@35550
   562
  "balance_left bl k x (Branch B a s y b) = balance bl k x (Branch R a s y b)" |
haftmann@35550
   563
  "balance_left bl k x (Branch R (Branch B a s y b) t z c) = Branch R (Branch B bl k x a) s y (balance b t z (paint R c))" |
haftmann@35550
   564
  "balance_left t k x s = Empty"
krauss@26192
   565
haftmann@35550
   566
lemma balance_left_inv2_with_inv1:
haftmann@35534
   567
  assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "inv1 rt"
haftmann@35550
   568
  shows "bheight (balance_left lt k v rt) = bheight lt + 1"
haftmann@35550
   569
  and   "inv2 (balance_left lt k v rt)"
krauss@26192
   570
using assms 
haftmann@35550
   571
by (induct lt k v rt rule: balance_left.induct) (auto simp: balance_inv2 balance_bheight)
krauss@26192
   572
haftmann@35550
   573
lemma balance_left_inv2_app: 
haftmann@35534
   574
  assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "color_of rt = B"
haftmann@35550
   575
  shows "inv2 (balance_left lt k v rt)" 
haftmann@35550
   576
        "bheight (balance_left lt k v rt) = bheight rt"
krauss@26192
   577
using assms 
haftmann@35550
   578
by (induct lt k v rt rule: balance_left.induct) (auto simp add: balance_inv2 balance_bheight)+ 
krauss@26192
   579
haftmann@35550
   580
lemma balance_left_inv1: "\<lbrakk>inv1l a; inv1 b; color_of b = B\<rbrakk> \<Longrightarrow> inv1 (balance_left a k x b)"
haftmann@35550
   581
  by (induct a k x b rule: balance_left.induct) (simp add: balance_inv1)+
krauss@26192
   582
haftmann@35550
   583
lemma balance_left_inv1l: "\<lbrakk> inv1l lt; inv1 rt \<rbrakk> \<Longrightarrow> inv1l (balance_left lt k x rt)"
haftmann@35550
   584
by (induct lt k x rt rule: balance_left.induct) (auto simp: balance_inv1)
krauss@26192
   585
Andreas@47450
   586
lemma (in linorder) balance_left_rbt_sorted: 
Andreas@47450
   587
  "\<lbrakk> rbt_sorted l; rbt_sorted r; rbt_less k l; k \<guillemotleft>| r \<rbrakk> \<Longrightarrow> rbt_sorted (balance_left l k v r)"
haftmann@35550
   588
apply (induct l k v r rule: balance_left.induct)
Andreas@47450
   589
apply (auto simp: balance_rbt_sorted)
Andreas@47450
   590
apply (unfold rbt_greater_prop rbt_less_prop)
krauss@26192
   591
by force+
krauss@26192
   592
Andreas@47450
   593
context order begin
Andreas@47450
   594
Andreas@47450
   595
lemma balance_left_rbt_greater: 
Andreas@47450
   596
  fixes k :: "'a"
krauss@26192
   597
  assumes "k \<guillemotleft>| a" "k \<guillemotleft>| b" "k < x" 
haftmann@35550
   598
  shows "k \<guillemotleft>| balance_left a x t b"
krauss@26192
   599
using assms 
haftmann@35550
   600
by (induct a x t b rule: balance_left.induct) auto
krauss@26192
   601
Andreas@47450
   602
lemma balance_left_rbt_less: 
Andreas@47450
   603
  fixes k :: "'a"
krauss@26192
   604
  assumes "a |\<guillemotleft> k" "b |\<guillemotleft> k" "x < k" 
haftmann@35550
   605
  shows "balance_left a x t b |\<guillemotleft> k"
krauss@26192
   606
using assms
haftmann@35550
   607
by (induct a x t b rule: balance_left.induct) auto
krauss@26192
   608
Andreas@47450
   609
end
Andreas@47450
   610
haftmann@35550
   611
lemma balance_left_in_tree: 
haftmann@35534
   612
  assumes "inv1l l" "inv1 r" "bheight l + 1 = bheight r"
haftmann@35550
   613
  shows "entry_in_tree k v (balance_left l a b r) = (entry_in_tree k v l \<or> k = a \<and> v = b \<or> entry_in_tree k v r)"
krauss@26192
   614
using assms 
haftmann@35550
   615
by (induct l k v r rule: balance_left.induct) (auto simp: balance_in_tree)
krauss@26192
   616
krauss@26192
   617
fun
haftmann@35550
   618
  balance_right :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   619
where
haftmann@35550
   620
  "balance_right a k x (Branch R b s y c) = Branch R a k x (Branch B b s y c)" |
haftmann@35550
   621
  "balance_right (Branch B a k x b) s y bl = balance (Branch R a k x b) s y bl" |
haftmann@35550
   622
  "balance_right (Branch R a k x (Branch B b s y c)) t z bl = Branch R (balance (paint R a) k x b) s y (Branch B c t z bl)" |
haftmann@35550
   623
  "balance_right t k x s = Empty"
krauss@26192
   624
haftmann@35550
   625
lemma balance_right_inv2_with_inv1:
haftmann@35534
   626
  assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt + 1" "inv1 lt"
haftmann@35550
   627
  shows "inv2 (balance_right lt k v rt) \<and> bheight (balance_right lt k v rt) = bheight lt"
krauss@26192
   628
using assms
haftmann@35550
   629
by (induct lt k v rt rule: balance_right.induct) (auto simp: balance_inv2 balance_bheight)
krauss@26192
   630
haftmann@35550
   631
lemma balance_right_inv1: "\<lbrakk>inv1 a; inv1l b; color_of a = B\<rbrakk> \<Longrightarrow> inv1 (balance_right a k x b)"
haftmann@35550
   632
by (induct a k x b rule: balance_right.induct) (simp add: balance_inv1)+
krauss@26192
   633
haftmann@35550
   634
lemma balance_right_inv1l: "\<lbrakk> inv1 lt; inv1l rt \<rbrakk> \<Longrightarrow>inv1l (balance_right lt k x rt)"
haftmann@35550
   635
by (induct lt k x rt rule: balance_right.induct) (auto simp: balance_inv1)
krauss@26192
   636
Andreas@47450
   637
lemma (in linorder) balance_right_rbt_sorted:
Andreas@47450
   638
  "\<lbrakk> rbt_sorted l; rbt_sorted r; rbt_less k l; k \<guillemotleft>| r \<rbrakk> \<Longrightarrow> rbt_sorted (balance_right l k v r)"
haftmann@35550
   639
apply (induct l k v r rule: balance_right.induct)
Andreas@47450
   640
apply (auto simp:balance_rbt_sorted)
Andreas@47450
   641
apply (unfold rbt_less_prop rbt_greater_prop)
krauss@26192
   642
by force+
krauss@26192
   643
Andreas@47450
   644
context order begin
Andreas@47450
   645
Andreas@47450
   646
lemma balance_right_rbt_greater: 
Andreas@47450
   647
  fixes k :: "'a"
krauss@26192
   648
  assumes "k \<guillemotleft>| a" "k \<guillemotleft>| b" "k < x" 
haftmann@35550
   649
  shows "k \<guillemotleft>| balance_right a x t b"
haftmann@35550
   650
using assms by (induct a x t b rule: balance_right.induct) auto
krauss@26192
   651
Andreas@47450
   652
lemma balance_right_rbt_less: 
Andreas@47450
   653
  fixes k :: "'a"
krauss@26192
   654
  assumes "a |\<guillemotleft> k" "b |\<guillemotleft> k" "x < k" 
haftmann@35550
   655
  shows "balance_right a x t b |\<guillemotleft> k"
haftmann@35550
   656
using assms by (induct a x t b rule: balance_right.induct) auto
krauss@26192
   657
Andreas@47450
   658
end
Andreas@47450
   659
haftmann@35550
   660
lemma balance_right_in_tree:
haftmann@35534
   661
  assumes "inv1 l" "inv1l r" "bheight l = bheight r + 1" "inv2 l" "inv2 r"
haftmann@35550
   662
  shows "entry_in_tree x y (balance_right l k v r) = (entry_in_tree x y l \<or> x = k \<and> y = v \<or> entry_in_tree x y r)"
haftmann@35550
   663
using assms by (induct l k v r rule: balance_right.induct) (auto simp: balance_in_tree)
krauss@26192
   664
krauss@26192
   665
fun
haftmann@35550
   666
  combine :: "('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   667
where
haftmann@35550
   668
  "combine Empty x = x" 
haftmann@35550
   669
| "combine x Empty = x" 
haftmann@35550
   670
| "combine (Branch R a k x b) (Branch R c s y d) = (case (combine b c) of
Andreas@47450
   671
                                    Branch R b2 t z c2 \<Rightarrow> (Branch R (Branch R a k x b2) t z (Branch R c2 s y d)) |
Andreas@47450
   672
                                    bc \<Rightarrow> Branch R a k x (Branch R bc s y d))" 
haftmann@35550
   673
| "combine (Branch B a k x b) (Branch B c s y d) = (case (combine b c) of
Andreas@47450
   674
                                    Branch R b2 t z c2 \<Rightarrow> Branch R (Branch B a k x b2) t z (Branch B c2 s y d) |
Andreas@47450
   675
                                    bc \<Rightarrow> balance_left a k x (Branch B bc s y d))" 
haftmann@35550
   676
| "combine a (Branch R b k x c) = Branch R (combine a b) k x c" 
haftmann@35550
   677
| "combine (Branch R a k x b) c = Branch R a k x (combine b c)" 
krauss@26192
   678
haftmann@35550
   679
lemma combine_inv2:
haftmann@35534
   680
  assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt"
haftmann@35550
   681
  shows "bheight (combine lt rt) = bheight lt" "inv2 (combine lt rt)"
krauss@26192
   682
using assms 
haftmann@35550
   683
by (induct lt rt rule: combine.induct) 
haftmann@35550
   684
   (auto simp: balance_left_inv2_app split: rbt.splits color.splits)
krauss@26192
   685
haftmann@35550
   686
lemma combine_inv1: 
krauss@26192
   687
  assumes "inv1 lt" "inv1 rt"
haftmann@35550
   688
  shows "color_of lt = B \<Longrightarrow> color_of rt = B \<Longrightarrow> inv1 (combine lt rt)"
haftmann@35550
   689
         "inv1l (combine lt rt)"
krauss@26192
   690
using assms 
haftmann@35550
   691
by (induct lt rt rule: combine.induct)
haftmann@35550
   692
   (auto simp: balance_left_inv1 split: rbt.splits color.splits)
krauss@26192
   693
Andreas@47450
   694
context linorder begin
Andreas@47450
   695
Andreas@47450
   696
lemma combine_rbt_greater[simp]: 
Andreas@47450
   697
  fixes k :: "'a"
krauss@26192
   698
  assumes "k \<guillemotleft>| l" "k \<guillemotleft>| r" 
haftmann@35550
   699
  shows "k \<guillemotleft>| combine l r"
krauss@26192
   700
using assms 
haftmann@35550
   701
by (induct l r rule: combine.induct)
Andreas@47450
   702
   (auto simp: balance_left_rbt_greater split:rbt.splits color.splits)
krauss@26192
   703
Andreas@47450
   704
lemma combine_rbt_less[simp]: 
Andreas@47450
   705
  fixes k :: "'a"
krauss@26192
   706
  assumes "l |\<guillemotleft> k" "r |\<guillemotleft> k" 
haftmann@35550
   707
  shows "combine l r |\<guillemotleft> k"
krauss@26192
   708
using assms 
haftmann@35550
   709
by (induct l r rule: combine.induct)
Andreas@47450
   710
   (auto simp: balance_left_rbt_less split:rbt.splits color.splits)
krauss@26192
   711
Andreas@47450
   712
lemma combine_rbt_sorted: 
Andreas@47450
   713
  fixes k :: "'a"
Andreas@47450
   714
  assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
Andreas@47450
   715
  shows "rbt_sorted (combine l r)"
haftmann@35550
   716
using assms proof (induct l r rule: combine.induct)
krauss@26192
   717
  case (3 a x v b c y w d)
krauss@26192
   718
  hence ineqs: "a |\<guillemotleft> x" "x \<guillemotleft>| b" "b |\<guillemotleft> k" "k \<guillemotleft>| c" "c |\<guillemotleft> y" "y \<guillemotleft>| d"
krauss@26192
   719
    by auto
krauss@26192
   720
  with 3
krauss@26192
   721
  show ?case
haftmann@35550
   722
    by (cases "combine b c" rule: rbt_cases)
Andreas@47450
   723
      (auto, (metis combine_rbt_greater combine_rbt_less ineqs ineqs rbt_less_simps(2) rbt_greater_simps(2) rbt_greater_trans rbt_less_trans)+)
krauss@26192
   724
next
krauss@26192
   725
  case (4 a x v b c y w d)
Andreas@47450
   726
  hence "x < k \<and> rbt_greater k c" by simp
Andreas@47450
   727
  hence "rbt_greater x c" by (blast dest: rbt_greater_trans)
Andreas@47450
   728
  with 4 have 2: "rbt_greater x (combine b c)" by (simp add: combine_rbt_greater)
Andreas@47450
   729
  from 4 have "k < y \<and> rbt_less k b" by simp
Andreas@47450
   730
  hence "rbt_less y b" by (blast dest: rbt_less_trans)
Andreas@47450
   731
  with 4 have 3: "rbt_less y (combine b c)" by (simp add: combine_rbt_less)
krauss@26192
   732
  show ?case
haftmann@35550
   733
  proof (cases "combine b c" rule: rbt_cases)
krauss@26192
   734
    case Empty
Andreas@47450
   735
    from 4 have "x < y \<and> rbt_greater y d" by auto
Andreas@47450
   736
    hence "rbt_greater x d" by (blast dest: rbt_greater_trans)
Andreas@47450
   737
    with 4 Empty have "rbt_sorted a" and "rbt_sorted (Branch B Empty y w d)"
Andreas@47450
   738
      and "rbt_less x a" and "rbt_greater x (Branch B Empty y w d)" by auto
Andreas@47450
   739
    with Empty show ?thesis by (simp add: balance_left_rbt_sorted)
krauss@26192
   740
  next
krauss@26192
   741
    case (Red lta va ka rta)
Andreas@47450
   742
    with 2 4 have "x < va \<and> rbt_less x a" by simp
Andreas@47450
   743
    hence 5: "rbt_less va a" by (blast dest: rbt_less_trans)
Andreas@47450
   744
    from Red 3 4 have "va < y \<and> rbt_greater y d" by simp
Andreas@47450
   745
    hence "rbt_greater va d" by (blast dest: rbt_greater_trans)
krauss@26192
   746
    with Red 2 3 4 5 show ?thesis by simp
krauss@26192
   747
  next
krauss@26192
   748
    case (Black lta va ka rta)
Andreas@47450
   749
    from 4 have "x < y \<and> rbt_greater y d" by auto
Andreas@47450
   750
    hence "rbt_greater x d" by (blast dest: rbt_greater_trans)
Andreas@47450
   751
    with Black 2 3 4 have "rbt_sorted a" and "rbt_sorted (Branch B (combine b c) y w d)" 
Andreas@47450
   752
      and "rbt_less x a" and "rbt_greater x (Branch B (combine b c) y w d)" by auto
Andreas@47450
   753
    with Black show ?thesis by (simp add: balance_left_rbt_sorted)
krauss@26192
   754
  qed
krauss@26192
   755
next
krauss@26192
   756
  case (5 va vb vd vc b x w c)
Andreas@47450
   757
  hence "k < x \<and> rbt_less k (Branch B va vb vd vc)" by simp
Andreas@47450
   758
  hence "rbt_less x (Branch B va vb vd vc)" by (blast dest: rbt_less_trans)
Andreas@47450
   759
  with 5 show ?case by (simp add: combine_rbt_less)
krauss@26192
   760
next
krauss@26192
   761
  case (6 a x v b va vb vd vc)
Andreas@47450
   762
  hence "x < k \<and> rbt_greater k (Branch B va vb vd vc)" by simp
Andreas@47450
   763
  hence "rbt_greater x (Branch B va vb vd vc)" by (blast dest: rbt_greater_trans)
Andreas@47450
   764
  with 6 show ?case by (simp add: combine_rbt_greater)
krauss@26192
   765
qed simp+
krauss@26192
   766
Andreas@47450
   767
end
Andreas@47450
   768
haftmann@35550
   769
lemma combine_in_tree: 
haftmann@35534
   770
  assumes "inv2 l" "inv2 r" "bheight l = bheight r" "inv1 l" "inv1 r"
haftmann@35550
   771
  shows "entry_in_tree k v (combine l r) = (entry_in_tree k v l \<or> entry_in_tree k v r)"
krauss@26192
   772
using assms 
haftmann@35550
   773
proof (induct l r rule: combine.induct)
krauss@26192
   774
  case (4 _ _ _ b c)
haftmann@35550
   775
  hence a: "bheight (combine b c) = bheight b" by (simp add: combine_inv2)
haftmann@35550
   776
  from 4 have b: "inv1l (combine b c)" by (simp add: combine_inv1)
krauss@26192
   777
krauss@26192
   778
  show ?case
haftmann@35550
   779
  proof (cases "combine b c" rule: rbt_cases)
krauss@26192
   780
    case Empty
haftmann@35550
   781
    with 4 a show ?thesis by (auto simp: balance_left_in_tree)
krauss@26192
   782
  next
krauss@26192
   783
    case (Red lta ka va rta)
krauss@26192
   784
    with 4 show ?thesis by auto
krauss@26192
   785
  next
krauss@26192
   786
    case (Black lta ka va rta)
haftmann@35550
   787
    with a b 4  show ?thesis by (auto simp: balance_left_in_tree)
krauss@26192
   788
  qed 
krauss@26192
   789
qed (auto split: rbt.splits color.splits)
krauss@26192
   790
Andreas@47450
   791
context ord begin
Andreas@47450
   792
krauss@26192
   793
fun
Andreas@47450
   794
  rbt_del_from_left :: "'a \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt" and
Andreas@47450
   795
  rbt_del_from_right :: "'a \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt" and
Andreas@47450
   796
  rbt_del :: "'a\<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
   797
where
Andreas@47450
   798
  "rbt_del x Empty = Empty" |
Andreas@47450
   799
  "rbt_del x (Branch c a y s b) = 
Andreas@47450
   800
   (if x < y then rbt_del_from_left x a y s b 
Andreas@47450
   801
    else (if x > y then rbt_del_from_right x a y s b else combine a b))" |
Andreas@47450
   802
  "rbt_del_from_left x (Branch B lt z v rt) y s b = balance_left (rbt_del x (Branch B lt z v rt)) y s b" |
Andreas@47450
   803
  "rbt_del_from_left x a y s b = Branch R (rbt_del x a) y s b" |
Andreas@47450
   804
  "rbt_del_from_right x a y s (Branch B lt z v rt) = balance_right a y s (rbt_del x (Branch B lt z v rt))" | 
Andreas@47450
   805
  "rbt_del_from_right x a y s b = Branch R a y s (rbt_del x b)"
Andreas@47450
   806
Andreas@47450
   807
end
Andreas@47450
   808
Andreas@47450
   809
context linorder begin
krauss@26192
   810
krauss@26192
   811
lemma 
krauss@26192
   812
  assumes "inv2 lt" "inv1 lt"
krauss@26192
   813
  shows
haftmann@35534
   814
  "\<lbrakk>inv2 rt; bheight lt = bheight rt; inv1 rt\<rbrakk> \<Longrightarrow>
Andreas@47450
   815
   inv2 (rbt_del_from_left x lt k v rt) \<and> 
Andreas@47450
   816
   bheight (rbt_del_from_left x lt k v rt) = bheight lt \<and> 
Andreas@47450
   817
   (color_of lt = B \<and> color_of rt = B \<and> inv1 (rbt_del_from_left x lt k v rt) \<or> 
Andreas@47450
   818
    (color_of lt \<noteq> B \<or> color_of rt \<noteq> B) \<and> inv1l (rbt_del_from_left x lt k v rt))"
haftmann@35534
   819
  and "\<lbrakk>inv2 rt; bheight lt = bheight rt; inv1 rt\<rbrakk> \<Longrightarrow>
Andreas@47450
   820
  inv2 (rbt_del_from_right x lt k v rt) \<and> 
Andreas@47450
   821
  bheight (rbt_del_from_right x lt k v rt) = bheight lt \<and> 
Andreas@47450
   822
  (color_of lt = B \<and> color_of rt = B \<and> inv1 (rbt_del_from_right x lt k v rt) \<or> 
Andreas@47450
   823
   (color_of lt \<noteq> B \<or> color_of rt \<noteq> B) \<and> inv1l (rbt_del_from_right x lt k v rt))"
Andreas@47450
   824
  and rbt_del_inv1_inv2: "inv2 (rbt_del x lt) \<and> (color_of lt = R \<and> bheight (rbt_del x lt) = bheight lt \<and> inv1 (rbt_del x lt) 
Andreas@47450
   825
  \<or> color_of lt = B \<and> bheight (rbt_del x lt) = bheight lt - 1 \<and> inv1l (rbt_del x lt))"
krauss@26192
   826
using assms
Andreas@47450
   827
proof (induct x lt k v rt and x lt k v rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
krauss@26192
   828
case (2 y c _ y')
krauss@26192
   829
  have "y = y' \<or> y < y' \<or> y > y'" by auto
krauss@26192
   830
  thus ?case proof (elim disjE)
krauss@26192
   831
    assume "y = y'"
haftmann@35550
   832
    with 2 show ?thesis by (cases c) (simp add: combine_inv2 combine_inv1)+
krauss@26192
   833
  next
krauss@26192
   834
    assume "y < y'"
krauss@26192
   835
    with 2 show ?thesis by (cases c) auto
krauss@26192
   836
  next
krauss@26192
   837
    assume "y' < y"
krauss@26192
   838
    with 2 show ?thesis by (cases c) auto
krauss@26192
   839
  qed
krauss@26192
   840
next
krauss@26192
   841
  case (3 y lt z v rta y' ss bb) 
haftmann@35550
   842
  thus ?case by (cases "color_of (Branch B lt z v rta) = B \<and> color_of bb = B") (simp add: balance_left_inv2_with_inv1 balance_left_inv1 balance_left_inv1l)+
krauss@26192
   843
next
krauss@26192
   844
  case (5 y a y' ss lt z v rta)
haftmann@35550
   845
  thus ?case by (cases "color_of a = B \<and> color_of (Branch B lt z v rta) = B") (simp add: balance_right_inv2_with_inv1 balance_right_inv1 balance_right_inv1l)+
krauss@26192
   846
next
haftmann@35534
   847
  case ("6_1" y a y' ss) thus ?case by (cases "color_of a = B \<and> color_of Empty = B") simp+
krauss@26192
   848
qed auto
krauss@26192
   849
krauss@26192
   850
lemma 
Andreas@47450
   851
  rbt_del_from_left_rbt_less: "\<lbrakk> lt |\<guillemotleft> v; rt |\<guillemotleft> v; k < v\<rbrakk> \<Longrightarrow> rbt_del_from_left x lt k y rt |\<guillemotleft> v"
Andreas@47450
   852
  and rbt_del_from_right_rbt_less: "\<lbrakk>lt |\<guillemotleft> v; rt |\<guillemotleft> v; k < v\<rbrakk> \<Longrightarrow> rbt_del_from_right x lt k y rt |\<guillemotleft> v"
Andreas@47450
   853
  and rbt_del_rbt_less: "lt |\<guillemotleft> v \<Longrightarrow> rbt_del x lt |\<guillemotleft> v"
Andreas@47450
   854
by (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct) 
Andreas@47450
   855
   (auto simp: balance_left_rbt_less balance_right_rbt_less)
krauss@26192
   856
Andreas@47450
   857
lemma rbt_del_from_left_rbt_greater: "\<lbrakk>v \<guillemotleft>| lt; v \<guillemotleft>| rt; k > v\<rbrakk> \<Longrightarrow> v \<guillemotleft>| rbt_del_from_left x lt k y rt"
Andreas@47450
   858
  and rbt_del_from_right_rbt_greater: "\<lbrakk>v \<guillemotleft>| lt; v \<guillemotleft>| rt; k > v\<rbrakk> \<Longrightarrow> v \<guillemotleft>| rbt_del_from_right x lt k y rt"
Andreas@47450
   859
  and rbt_del_rbt_greater: "v \<guillemotleft>| lt \<Longrightarrow> v \<guillemotleft>| rbt_del x lt"
Andreas@47450
   860
by (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
Andreas@47450
   861
   (auto simp: balance_left_rbt_greater balance_right_rbt_greater)
krauss@26192
   862
Andreas@47450
   863
lemma "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> k; k \<guillemotleft>| rt\<rbrakk> \<Longrightarrow> rbt_sorted (rbt_del_from_left x lt k y rt)"
Andreas@47450
   864
  and "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> k; k \<guillemotleft>| rt\<rbrakk> \<Longrightarrow> rbt_sorted (rbt_del_from_right x lt k y rt)"
Andreas@47450
   865
  and rbt_del_rbt_sorted: "rbt_sorted lt \<Longrightarrow> rbt_sorted (rbt_del x lt)"
Andreas@47450
   866
proof (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
krauss@26192
   867
  case (3 x lta zz v rta yy ss bb)
Andreas@47450
   868
  from 3 have "Branch B lta zz v rta |\<guillemotleft> yy" by simp
Andreas@47450
   869
  hence "rbt_del x (Branch B lta zz v rta) |\<guillemotleft> yy" by (rule rbt_del_rbt_less)
Andreas@47450
   870
  with 3 show ?case by (simp add: balance_left_rbt_sorted)
krauss@26192
   871
next
krauss@26192
   872
  case ("4_2" x vaa vbb vdd vc yy ss bb)
Andreas@47450
   873
  hence "Branch R vaa vbb vdd vc |\<guillemotleft> yy" by simp
Andreas@47450
   874
  hence "rbt_del x (Branch R vaa vbb vdd vc) |\<guillemotleft> yy" by (rule rbt_del_rbt_less)
krauss@26192
   875
  with "4_2" show ?case by simp
krauss@26192
   876
next
krauss@26192
   877
  case (5 x aa yy ss lta zz v rta) 
Andreas@47450
   878
  hence "yy \<guillemotleft>| Branch B lta zz v rta" by simp
Andreas@47450
   879
  hence "yy \<guillemotleft>| rbt_del x (Branch B lta zz v rta)" by (rule rbt_del_rbt_greater)
Andreas@47450
   880
  with 5 show ?case by (simp add: balance_right_rbt_sorted)
krauss@26192
   881
next
krauss@26192
   882
  case ("6_2" x aa yy ss vaa vbb vdd vc)
Andreas@47450
   883
  hence "yy \<guillemotleft>| Branch R vaa vbb vdd vc" by simp
Andreas@47450
   884
  hence "yy \<guillemotleft>| rbt_del x (Branch R vaa vbb vdd vc)" by (rule rbt_del_rbt_greater)
krauss@26192
   885
  with "6_2" show ?case by simp
Andreas@47450
   886
qed (auto simp: combine_rbt_sorted)
krauss@26192
   887
Andreas@47450
   888
lemma "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> kt; kt \<guillemotleft>| rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bheight lt = bheight rt; x < kt\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del_from_left x lt kt y rt) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v (Branch c lt kt y rt)))"
Andreas@47450
   889
  and "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> kt; kt \<guillemotleft>| rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bheight lt = bheight rt; x > kt\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del_from_right x lt kt y rt) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v (Branch c lt kt y rt)))"
Andreas@47450
   890
  and rbt_del_in_tree: "\<lbrakk>rbt_sorted t; inv1 t; inv2 t\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del x t) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v t))"
Andreas@47450
   891
proof (induct x lt kt y rt and x lt kt y rt and x t rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
krauss@26192
   892
  case (2 xx c aa yy ss bb)
krauss@26192
   893
  have "xx = yy \<or> xx < yy \<or> xx > yy" by auto
krauss@26192
   894
  from this 2 show ?case proof (elim disjE)
krauss@26192
   895
    assume "xx = yy"
krauss@26192
   896
    with 2 show ?thesis proof (cases "xx = k")
krauss@26192
   897
      case True
Andreas@47450
   898
      from 2 `xx = yy` `xx = k` have "rbt_sorted (Branch c aa yy ss bb) \<and> k = yy" by simp
Andreas@47450
   899
      hence "\<not> entry_in_tree k v aa" "\<not> entry_in_tree k v bb" by (auto simp: rbt_less_nit rbt_greater_prop)
haftmann@35550
   900
      with `xx = yy` 2 `xx = k` show ?thesis by (simp add: combine_in_tree)
haftmann@35550
   901
    qed (simp add: combine_in_tree)
krauss@26192
   902
  qed simp+
krauss@26192
   903
next    
krauss@26192
   904
  case (3 xx lta zz vv rta yy ss bb)
haftmann@35534
   905
  def mt[simp]: mt == "Branch B lta zz vv rta"
krauss@26192
   906
  from 3 have "inv2 mt \<and> inv1 mt" by simp
Andreas@47450
   907
  hence "inv2 (rbt_del xx mt) \<and> (color_of mt = R \<and> bheight (rbt_del xx mt) = bheight mt \<and> inv1 (rbt_del xx mt) \<or> color_of mt = B \<and> bheight (rbt_del xx mt) = bheight mt - 1 \<and> inv1l (rbt_del xx mt))" by (blast dest: rbt_del_inv1_inv2)
Andreas@47450
   908
  with 3 have 4: "entry_in_tree k v (rbt_del_from_left xx mt yy ss bb) = (False \<or> xx \<noteq> k \<and> entry_in_tree k v mt \<or> (k = yy \<and> v = ss) \<or> entry_in_tree k v bb)" by (simp add: balance_left_in_tree)
krauss@26192
   909
  thus ?case proof (cases "xx = k")
krauss@26192
   910
    case True
Andreas@47450
   911
    from 3 True have "yy \<guillemotleft>| bb \<and> yy > k" by simp
Andreas@47450
   912
    hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
Andreas@47450
   913
    with 3 4 True show ?thesis by (auto simp: rbt_greater_nit)
krauss@26192
   914
  qed auto
krauss@26192
   915
next
krauss@26192
   916
  case ("4_1" xx yy ss bb)
krauss@26192
   917
  show ?case proof (cases "xx = k")
krauss@26192
   918
    case True
Andreas@47450
   919
    with "4_1" have "yy \<guillemotleft>| bb \<and> k < yy" by simp
Andreas@47450
   920
    hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
krauss@26192
   921
    with "4_1" `xx = k` 
Andreas@47450
   922
   have "entry_in_tree k v (Branch R Empty yy ss bb) = entry_in_tree k v Empty" by (auto simp: rbt_greater_nit)
krauss@26192
   923
    thus ?thesis by auto
krauss@26192
   924
  qed simp+
krauss@26192
   925
next
krauss@26192
   926
  case ("4_2" xx vaa vbb vdd vc yy ss bb)
krauss@26192
   927
  thus ?case proof (cases "xx = k")
krauss@26192
   928
    case True
Andreas@47450
   929
    with "4_2" have "k < yy \<and> yy \<guillemotleft>| bb" by simp
Andreas@47450
   930
    hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
Andreas@47450
   931
    with True "4_2" show ?thesis by (auto simp: rbt_greater_nit)
haftmann@35550
   932
  qed auto
krauss@26192
   933
next
krauss@26192
   934
  case (5 xx aa yy ss lta zz vv rta)
haftmann@35534
   935
  def mt[simp]: mt == "Branch B lta zz vv rta"
krauss@26192
   936
  from 5 have "inv2 mt \<and> inv1 mt" by simp
Andreas@47450
   937
  hence "inv2 (rbt_del xx mt) \<and> (color_of mt = R \<and> bheight (rbt_del xx mt) = bheight mt \<and> inv1 (rbt_del xx mt) \<or> color_of mt = B \<and> bheight (rbt_del xx mt) = bheight mt - 1 \<and> inv1l (rbt_del xx mt))" by (blast dest: rbt_del_inv1_inv2)
Andreas@47450
   938
  with 5 have 3: "entry_in_tree k v (rbt_del_from_right xx aa yy ss mt) = (entry_in_tree k v aa \<or> (k = yy \<and> v = ss) \<or> False \<or> xx \<noteq> k \<and> entry_in_tree k v mt)" by (simp add: balance_right_in_tree)
krauss@26192
   939
  thus ?case proof (cases "xx = k")
krauss@26192
   940
    case True
Andreas@47450
   941
    from 5 True have "aa |\<guillemotleft> yy \<and> yy < k" by simp
Andreas@47450
   942
    hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
Andreas@47450
   943
    with 3 5 True show ?thesis by (auto simp: rbt_less_nit)
krauss@26192
   944
  qed auto
krauss@26192
   945
next
krauss@26192
   946
  case ("6_1" xx aa yy ss)
krauss@26192
   947
  show ?case proof (cases "xx = k")
krauss@26192
   948
    case True
Andreas@47450
   949
    with "6_1" have "aa |\<guillemotleft> yy \<and> k > yy" by simp
Andreas@47450
   950
    hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
Andreas@47450
   951
    with "6_1" `xx = k` show ?thesis by (auto simp: rbt_less_nit)
krauss@26192
   952
  qed simp
krauss@26192
   953
next
krauss@26192
   954
  case ("6_2" xx aa yy ss vaa vbb vdd vc)
krauss@26192
   955
  thus ?case proof (cases "xx = k")
krauss@26192
   956
    case True
Andreas@47450
   957
    with "6_2" have "k > yy \<and> aa |\<guillemotleft> yy" by simp
Andreas@47450
   958
    hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
Andreas@47450
   959
    with True "6_2" show ?thesis by (auto simp: rbt_less_nit)
haftmann@35550
   960
  qed auto
krauss@26192
   961
qed simp
krauss@26192
   962
Andreas@47450
   963
definition (in ord) rbt_delete where
Andreas@47450
   964
  "rbt_delete k t = paint B (rbt_del k t)"
krauss@26192
   965
Andreas@47450
   966
theorem rbt_delete_is_rbt [simp]: assumes "is_rbt t" shows "is_rbt (rbt_delete k t)"
krauss@26192
   967
proof -
haftmann@35534
   968
  from assms have "inv2 t" and "inv1 t" unfolding is_rbt_def by auto 
Andreas@47450
   969
  hence "inv2 (rbt_del k t) \<and> (color_of t = R \<and> bheight (rbt_del k t) = bheight t \<and> inv1 (rbt_del k t) \<or> color_of t = B \<and> bheight (rbt_del k t) = bheight t - 1 \<and> inv1l (rbt_del k t))" by (rule rbt_del_inv1_inv2)
Andreas@47450
   970
  hence "inv2 (rbt_del k t) \<and> inv1l (rbt_del k t)" by (cases "color_of t") auto
krauss@26192
   971
  with assms show ?thesis
Andreas@47450
   972
    unfolding is_rbt_def rbt_delete_def
Andreas@47450
   973
    by (auto intro: paint_rbt_sorted rbt_del_rbt_sorted)
krauss@26192
   974
qed
krauss@26192
   975
Andreas@47450
   976
lemma rbt_delete_in_tree: 
haftmann@35534
   977
  assumes "is_rbt t" 
Andreas@47450
   978
  shows "entry_in_tree k v (rbt_delete x t) = (x \<noteq> k \<and> entry_in_tree k v t)"
Andreas@47450
   979
  using assms unfolding is_rbt_def rbt_delete_def
Andreas@47450
   980
  by (auto simp: rbt_del_in_tree)
krauss@26192
   981
Andreas@47450
   982
lemma rbt_lookup_rbt_delete:
haftmann@35534
   983
  assumes is_rbt: "is_rbt t"
Andreas@47450
   984
  shows "rbt_lookup (rbt_delete k t) = (rbt_lookup t)|`(-{k})"
krauss@26192
   985
proof
krauss@26192
   986
  fix x
Andreas@47450
   987
  show "rbt_lookup (rbt_delete k t) x = (rbt_lookup t |` (-{k})) x" 
krauss@26192
   988
  proof (cases "x = k")
krauss@26192
   989
    assume "x = k" 
haftmann@35534
   990
    with is_rbt show ?thesis
Andreas@47450
   991
      by (cases "rbt_lookup (rbt_delete k t) k") (auto simp: rbt_lookup_in_tree rbt_delete_in_tree)
krauss@26192
   992
  next
krauss@26192
   993
    assume "x \<noteq> k"
krauss@26192
   994
    thus ?thesis
Andreas@47450
   995
      by auto (metis is_rbt rbt_delete_is_rbt rbt_delete_in_tree is_rbt_rbt_sorted rbt_lookup_from_in_tree)
krauss@26192
   996
  qed
krauss@26192
   997
qed
krauss@26192
   998
Andreas@47450
   999
end
haftmann@35550
  1000
krauss@26192
  1001
subsection {* Union *}
krauss@26192
  1002
Andreas@47450
  1003
context ord begin
Andreas@47450
  1004
Andreas@47450
  1005
primrec rbt_union_with_key :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
krauss@26192
  1006
where
Andreas@47450
  1007
  "rbt_union_with_key f t Empty = t"
Andreas@47450
  1008
| "rbt_union_with_key f t (Branch c lt k v rt) = rbt_union_with_key f (rbt_union_with_key f (rbt_insert_with_key f k v t) lt) rt"
krauss@26192
  1009
Andreas@47450
  1010
definition rbt_union_with where
Andreas@47450
  1011
  "rbt_union_with f = rbt_union_with_key (\<lambda>_. f)"
Andreas@47450
  1012
Andreas@47450
  1013
definition rbt_union where
Andreas@47450
  1014
  "rbt_union = rbt_union_with_key (%_ _ rv. rv)"
Andreas@47450
  1015
Andreas@47450
  1016
end
krauss@26192
  1017
Andreas@47450
  1018
context linorder begin
krauss@26192
  1019
Andreas@47450
  1020
lemma rbt_unionwk_rbt_sorted: "rbt_sorted lt \<Longrightarrow> rbt_sorted (rbt_union_with_key f lt rt)" 
Andreas@47450
  1021
  by (induct rt arbitrary: lt) (auto simp: rbt_insertwk_rbt_sorted)
Andreas@47450
  1022
theorem rbt_unionwk_is_rbt[simp]: "is_rbt lt \<Longrightarrow> is_rbt (rbt_union_with_key f lt rt)" 
Andreas@47450
  1023
  by (induct rt arbitrary: lt) (simp add: rbt_insertwk_is_rbt)+
krauss@26192
  1024
Andreas@47450
  1025
theorem rbt_unionw_is_rbt: "is_rbt lt \<Longrightarrow> is_rbt (rbt_union_with f lt rt)" unfolding rbt_union_with_def by simp
Andreas@47450
  1026
Andreas@47450
  1027
theorem rbt_union_is_rbt: "is_rbt lt \<Longrightarrow> is_rbt (rbt_union lt rt)" unfolding rbt_union_def by simp
krauss@26192
  1028
Andreas@47450
  1029
lemma (in ord) rbt_union_Branch[simp]:
Andreas@47450
  1030
  "rbt_union t (Branch c lt k v rt) = rbt_union (rbt_union (rbt_insert k v t) lt) rt"
Andreas@47450
  1031
  unfolding rbt_union_def rbt_insert_def
krauss@26192
  1032
  by simp
krauss@26192
  1033
Andreas@47450
  1034
lemma rbt_lookup_rbt_union:
Andreas@47450
  1035
  assumes "is_rbt s" "rbt_sorted t"
Andreas@47450
  1036
  shows "rbt_lookup (rbt_union s t) = rbt_lookup s ++ rbt_lookup t"
krauss@26192
  1037
using assms
krauss@26192
  1038
proof (induct t arbitrary: s)
Andreas@47450
  1039
  case Empty thus ?case by (auto simp: rbt_union_def)
krauss@26192
  1040
next
haftmann@35534
  1041
  case (Branch c l k v r s)
Andreas@47450
  1042
  then have "rbt_sorted r" "rbt_sorted l" "l |\<guillemotleft> k" "k \<guillemotleft>| r" by auto
krauss@26192
  1043
Andreas@47450
  1044
  have meq: "rbt_lookup s(k \<mapsto> v) ++ rbt_lookup l ++ rbt_lookup r =
Andreas@47450
  1045
    rbt_lookup s ++
Andreas@47450
  1046
    (\<lambda>a. if a < k then rbt_lookup l a
Andreas@47450
  1047
    else if k < a then rbt_lookup r a else Some v)" (is "?m1 = ?m2")
krauss@26192
  1048
  proof (rule ext)
krauss@26192
  1049
    fix a
krauss@26192
  1050
krauss@26192
  1051
   have "k < a \<or> k = a \<or> k > a" by auto
krauss@26192
  1052
    thus "?m1 a = ?m2 a"
krauss@26192
  1053
    proof (elim disjE)
krauss@26192
  1054
      assume "k < a"
Andreas@47450
  1055
      with `l |\<guillemotleft> k` have "l |\<guillemotleft> a" by (rule rbt_less_trans)
krauss@26192
  1056
      with `k < a` show ?thesis
krauss@26192
  1057
        by (auto simp: map_add_def split: option.splits)
krauss@26192
  1058
    next
krauss@26192
  1059
      assume "k = a"
krauss@26192
  1060
      with `l |\<guillemotleft> k` `k \<guillemotleft>| r` 
krauss@26192
  1061
      show ?thesis by (auto simp: map_add_def)
krauss@26192
  1062
    next
krauss@26192
  1063
      assume "a < k"
Andreas@47450
  1064
      from this `k \<guillemotleft>| r` have "a \<guillemotleft>| r" by (rule rbt_greater_trans)
krauss@26192
  1065
      with `a < k` show ?thesis
krauss@26192
  1066
        by (auto simp: map_add_def split: option.splits)
krauss@26192
  1067
    qed
krauss@26192
  1068
  qed
krauss@26192
  1069
kuncar@48621
  1070
  from Branch have is_rbt: "is_rbt (rbt_union (rbt_insert k v s) l)"
Andreas@47450
  1071
    by (auto intro: rbt_union_is_rbt rbt_insert_is_rbt)
haftmann@35550
  1072
  with Branch have IHs:
Andreas@47450
  1073
    "rbt_lookup (rbt_union (rbt_union (rbt_insert k v s) l) r) = rbt_lookup (rbt_union (rbt_insert k v s) l) ++ rbt_lookup r"
Andreas@47450
  1074
    "rbt_lookup (rbt_union (rbt_insert k v s) l) = rbt_lookup (rbt_insert k v s) ++ rbt_lookup l"
haftmann@35550
  1075
    by auto
krauss@26192
  1076
  
krauss@26192
  1077
  with meq show ?case
Andreas@47450
  1078
    by (auto simp: rbt_lookup_rbt_insert[OF Branch(3)])
haftmann@35550
  1079
krauss@26192
  1080
qed
krauss@26192
  1081
Andreas@47450
  1082
end
haftmann@35550
  1083
haftmann@35550
  1084
subsection {* Modifying existing entries *}
krauss@26192
  1085
Andreas@47450
  1086
context ord begin
Andreas@47450
  1087
krauss@26192
  1088
primrec
Andreas@47450
  1089
  rbt_map_entry :: "'a \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
krauss@26192
  1090
where
Andreas@47450
  1091
  "rbt_map_entry k f Empty = Empty"
Andreas@47450
  1092
| "rbt_map_entry k f (Branch c lt x v rt) =
Andreas@47450
  1093
    (if k < x then Branch c (rbt_map_entry k f lt) x v rt
Andreas@47450
  1094
    else if k > x then (Branch c lt x v (rbt_map_entry k f rt))
haftmann@35602
  1095
    else Branch c lt x (f v) rt)"
krauss@26192
  1096
Andreas@47450
  1097
Andreas@47450
  1098
lemma rbt_map_entry_color_of: "color_of (rbt_map_entry k f t) = color_of t" by (induct t) simp+
Andreas@47450
  1099
lemma rbt_map_entry_inv1: "inv1 (rbt_map_entry k f t) = inv1 t" by (induct t) (simp add: rbt_map_entry_color_of)+
Andreas@47450
  1100
lemma rbt_map_entry_inv2: "inv2 (rbt_map_entry k f t) = inv2 t" "bheight (rbt_map_entry k f t) = bheight t" by (induct t) simp+
Andreas@47450
  1101
lemma rbt_map_entry_rbt_greater: "rbt_greater a (rbt_map_entry k f t) = rbt_greater a t" by (induct t) simp+
Andreas@47450
  1102
lemma rbt_map_entry_rbt_less: "rbt_less a (rbt_map_entry k f t) = rbt_less a t" by (induct t) simp+
Andreas@47450
  1103
lemma rbt_map_entry_rbt_sorted: "rbt_sorted (rbt_map_entry k f t) = rbt_sorted t"
Andreas@47450
  1104
  by (induct t) (simp_all add: rbt_map_entry_rbt_less rbt_map_entry_rbt_greater)
krauss@26192
  1105
Andreas@47450
  1106
theorem rbt_map_entry_is_rbt [simp]: "is_rbt (rbt_map_entry k f t) = is_rbt t" 
Andreas@47450
  1107
unfolding is_rbt_def by (simp add: rbt_map_entry_inv2 rbt_map_entry_color_of rbt_map_entry_rbt_sorted rbt_map_entry_inv1 )
krauss@26192
  1108
Andreas@47450
  1109
end
Andreas@47450
  1110
Andreas@47450
  1111
theorem (in linorder) rbt_lookup_rbt_map_entry:
Andreas@47450
  1112
  "rbt_lookup (rbt_map_entry k f t) = (rbt_lookup t)(k := Option.map f (rbt_lookup t k))"
nipkow@39302
  1113
  by (induct t) (auto split: option.splits simp add: fun_eq_iff)
krauss@26192
  1114
haftmann@35550
  1115
subsection {* Mapping all entries *}
krauss@26192
  1116
krauss@26192
  1117
primrec
haftmann@35602
  1118
  map :: "('a \<Rightarrow> 'b \<Rightarrow> 'c) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'c) rbt"
krauss@26192
  1119
where
haftmann@35550
  1120
  "map f Empty = Empty"
haftmann@35550
  1121
| "map f (Branch c lt k v rt) = Branch c (map f lt) k (f k v) (map f rt)"
krauss@32237
  1122
haftmann@35550
  1123
lemma map_entries [simp]: "entries (map f t) = List.map (\<lambda>(k, v). (k, f k v)) (entries t)"
haftmann@35550
  1124
  by (induct t) auto
haftmann@35550
  1125
lemma map_keys [simp]: "keys (map f t) = keys t" by (simp add: keys_def split_def)
haftmann@35550
  1126
lemma map_color_of: "color_of (map f t) = color_of t" by (induct t) simp+
haftmann@35550
  1127
lemma map_inv1: "inv1 (map f t) = inv1 t" by (induct t) (simp add: map_color_of)+
haftmann@35550
  1128
lemma map_inv2: "inv2 (map f t) = inv2 t" "bheight (map f t) = bheight t" by (induct t) simp+
Andreas@47450
  1129
Andreas@47450
  1130
context ord begin
Andreas@47450
  1131
Andreas@47450
  1132
lemma map_rbt_greater: "rbt_greater k (map f t) = rbt_greater k t" by (induct t) simp+
Andreas@47450
  1133
lemma map_rbt_less: "rbt_less k (map f t) = rbt_less k t" by (induct t) simp+
Andreas@47450
  1134
lemma map_rbt_sorted: "rbt_sorted (map f t) = rbt_sorted t"  by (induct t) (simp add: map_rbt_less map_rbt_greater)+
haftmann@35550
  1135
theorem map_is_rbt [simp]: "is_rbt (map f t) = is_rbt t" 
Andreas@47450
  1136
unfolding is_rbt_def by (simp add: map_inv1 map_inv2 map_rbt_sorted map_color_of)
krauss@32237
  1137
Andreas@47450
  1138
end
krauss@26192
  1139
Andreas@47450
  1140
theorem (in linorder) rbt_lookup_map: "rbt_lookup (map f t) x = Option.map (f x) (rbt_lookup t x)"
Andreas@47450
  1141
  apply(induct t)
Andreas@47450
  1142
  apply auto
Andreas@47450
  1143
  apply(subgoal_tac "x = a")
Andreas@47450
  1144
  apply auto
Andreas@47450
  1145
  done
Andreas@47450
  1146
 (* FIXME: simproc "antisym less" does not work for linorder context, only for linorder type class
Andreas@47450
  1147
    by (induct t) auto *)
haftmann@35550
  1148
haftmann@35550
  1149
subsection {* Folding over entries *}
haftmann@35550
  1150
haftmann@35550
  1151
definition fold :: "('a \<Rightarrow> 'b \<Rightarrow> 'c \<Rightarrow> 'c) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> 'c \<Rightarrow> 'c" where
haftmann@46133
  1152
  "fold f t = List.fold (prod_case f) (entries t)"
krauss@26192
  1153
haftmann@35550
  1154
lemma fold_simps [simp, code]:
haftmann@35550
  1155
  "fold f Empty = id"
haftmann@35550
  1156
  "fold f (Branch c lt k v rt) = fold f rt \<circ> f k v \<circ> fold f lt"
nipkow@39302
  1157
  by (simp_all add: fold_def fun_eq_iff)
haftmann@35534
  1158
kuncar@48621
  1159
(* fold with continuation predicate *)
kuncar@48621
  1160
kuncar@48621
  1161
fun foldi :: "('c \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> 'c \<Rightarrow> 'c) \<Rightarrow> ('a :: linorder, 'b) rbt \<Rightarrow> 'c \<Rightarrow> 'c" 
kuncar@48621
  1162
  where
kuncar@48621
  1163
  "foldi c f Empty s = s" |
kuncar@48621
  1164
  "foldi c f (Branch col l k v r) s = (
kuncar@48621
  1165
    if (c s) then
kuncar@48621
  1166
      let s' = foldi c f l s in
kuncar@48621
  1167
        if (c s') then
kuncar@48621
  1168
          foldi c f r (f k v s')
kuncar@48621
  1169
        else s'
kuncar@48621
  1170
    else 
kuncar@48621
  1171
      s
kuncar@48621
  1172
  )"
haftmann@35606
  1173
haftmann@35606
  1174
subsection {* Bulkloading a tree *}
haftmann@35606
  1175
Andreas@47450
  1176
definition (in ord) rbt_bulkload :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt" where
Andreas@47450
  1177
  "rbt_bulkload xs = foldr (\<lambda>(k, v). rbt_insert k v) xs Empty"
Andreas@47450
  1178
Andreas@47450
  1179
context linorder begin
haftmann@35606
  1180
Andreas@47450
  1181
lemma rbt_bulkload_is_rbt [simp, intro]:
Andreas@47450
  1182
  "is_rbt (rbt_bulkload xs)"
Andreas@47450
  1183
  unfolding rbt_bulkload_def by (induct xs) auto
haftmann@35606
  1184
Andreas@47450
  1185
lemma rbt_lookup_rbt_bulkload:
Andreas@47450
  1186
  "rbt_lookup (rbt_bulkload xs) = map_of xs"
haftmann@35606
  1187
proof -
haftmann@35606
  1188
  obtain ys where "ys = rev xs" by simp
haftmann@35606
  1189
  have "\<And>t. is_rbt t \<Longrightarrow>
Andreas@47450
  1190
    rbt_lookup (List.fold (prod_case rbt_insert) ys t) = rbt_lookup t ++ map_of (rev ys)"
Andreas@47450
  1191
      by (induct ys) (simp_all add: rbt_bulkload_def rbt_lookup_rbt_insert prod_case_beta)
haftmann@35606
  1192
  from this Empty_is_rbt have
Andreas@47450
  1193
    "rbt_lookup (List.fold (prod_case rbt_insert) (rev xs) Empty) = rbt_lookup Empty ++ map_of xs"
haftmann@35606
  1194
     by (simp add: `ys = rev xs`)
Andreas@47450
  1195
  then show ?thesis by (simp add: rbt_bulkload_def rbt_lookup_Empty foldr_conv_fold)
haftmann@35606
  1196
qed
haftmann@35606
  1197
Andreas@47450
  1198
end
Andreas@47450
  1199
Andreas@47450
  1200
lemmas [code] =
Andreas@47450
  1201
  ord.rbt_less_prop
Andreas@47450
  1202
  ord.rbt_greater_prop
Andreas@47450
  1203
  ord.rbt_sorted.simps
Andreas@47450
  1204
  ord.rbt_lookup.simps
Andreas@47450
  1205
  ord.is_rbt_def
Andreas@47450
  1206
  ord.rbt_ins.simps
Andreas@47450
  1207
  ord.rbt_insert_with_key_def
Andreas@47450
  1208
  ord.rbt_insertw_def
Andreas@47450
  1209
  ord.rbt_insert_def
Andreas@47450
  1210
  ord.rbt_del_from_left.simps
Andreas@47450
  1211
  ord.rbt_del_from_right.simps
Andreas@47450
  1212
  ord.rbt_del.simps
Andreas@47450
  1213
  ord.rbt_delete_def
Andreas@47450
  1214
  ord.rbt_union_with_key.simps
Andreas@47450
  1215
  ord.rbt_union_with_def
Andreas@47450
  1216
  ord.rbt_union_def
Andreas@47450
  1217
  ord.rbt_map_entry.simps
Andreas@47450
  1218
  ord.rbt_bulkload_def
Andreas@47450
  1219
Andreas@47450
  1220
text {* Restore original type constraints for constants *}
Andreas@47450
  1221
setup {*
Andreas@47450
  1222
  fold Sign.add_const_constraint
Andreas@47450
  1223
    [(@{const_name rbt_less}, SOME @{typ "('a :: order) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"}),
Andreas@47450
  1224
     (@{const_name rbt_greater}, SOME @{typ "('a :: order) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"}),
Andreas@47450
  1225
     (@{const_name rbt_sorted}, SOME @{typ "('a :: linorder, 'b) rbt \<Rightarrow> bool"}),
Andreas@47450
  1226
     (@{const_name rbt_lookup}, SOME @{typ "('a :: linorder, 'b) rbt \<Rightarrow> 'a \<rightharpoonup> 'b"}),
Andreas@47450
  1227
     (@{const_name is_rbt}, SOME @{typ "('a :: linorder, 'b) rbt \<Rightarrow> bool"}),
Andreas@47450
  1228
     (@{const_name rbt_ins}, SOME @{typ "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1229
     (@{const_name rbt_insert_with_key}, SOME @{typ "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1230
     (@{const_name rbt_insert_with}, SOME @{typ "('b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a :: linorder) \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1231
     (@{const_name rbt_insert}, SOME @{typ "('a :: linorder) \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1232
     (@{const_name rbt_del_from_left}, SOME @{typ "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1233
     (@{const_name rbt_del_from_right}, SOME @{typ "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1234
     (@{const_name rbt_del}, SOME @{typ "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1235
     (@{const_name rbt_delete}, SOME @{typ "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1236
     (@{const_name rbt_union_with_key}, SOME @{typ "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1237
     (@{const_name rbt_union_with}, SOME @{typ "('b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a\<Colon>linorder,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1238
     (@{const_name rbt_union}, SOME @{typ "('a\<Colon>linorder,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1239
     (@{const_name rbt_map_entry}, SOME @{typ "'a\<Colon>linorder \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
Andreas@47450
  1240
     (@{const_name rbt_bulkload}, SOME @{typ "('a \<times> 'b) list \<Rightarrow> ('a\<Colon>linorder,'b) rbt"})]
Andreas@47450
  1241
*}
Andreas@47450
  1242
Andreas@47450
  1243
hide_const (open) R B Empty entries keys map fold
krauss@26192
  1244
krauss@26192
  1245
end