1 (* Title: HOL/Library/RBT_Impl.thy
2 Author: Markus Reiter, TU Muenchen
3 Author: Alexander Krauss, TU Muenchen
6 header {* Implementation of Red-Black Trees *}
13 For applications, you should use theory @{text RBT} which defines
14 an abstract type of red-black tree obeying the invariant.
17 subsection {* Datatype of RB trees *}
19 datatype color = R | B
20 datatype ('a, 'b) rbt = Empty | Branch color "('a, 'b) rbt" 'a 'b "('a, 'b) rbt"
23 obtains (Empty) "t = Empty"
24 | (Red) l k v r where "t = Branch R l k v r"
25 | (Black) l k v r where "t = Branch B l k v r"
27 case Empty with that show thesis by blast
29 case (Branch c) with that show thesis by (cases c) blast+
32 subsection {* Tree properties *}
34 subsubsection {* Content of a tree *}
36 primrec entries :: "('a, 'b) rbt \<Rightarrow> ('a \<times> 'b) list"
39 | "entries (Branch _ l k v r) = entries l @ (k,v) # entries r"
41 abbreviation (input) entry_in_tree :: "'a \<Rightarrow> 'b \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"
43 "entry_in_tree k v t \<equiv> (k, v) \<in> set (entries t)"
45 definition keys :: "('a, 'b) rbt \<Rightarrow> 'a list" where
46 "keys t = map fst (entries t)"
48 lemma keys_simps [simp, code]:
50 "keys (Branch c l k v r) = keys l @ k # keys r"
51 by (simp_all add: keys_def)
53 lemma entry_in_tree_keys:
54 assumes "(k, v) \<in> set (entries t)"
55 shows "k \<in> set (keys t)"
57 from assms have "fst (k, v) \<in> fst ` set (entries t)" by (rule imageI)
58 then show ?thesis by (simp add: keys_def)
62 "k \<in> set (keys t) \<longleftrightarrow> (\<exists>v. (k, v) \<in> set (entries t))"
63 by (auto intro: entry_in_tree_keys) (auto simp add: keys_def)
65 lemma non_empty_rbt_keys:
66 "t \<noteq> rbt.Empty \<Longrightarrow> keys t \<noteq> []"
69 subsubsection {* Search tree properties *}
73 definition rbt_less :: "'a \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"
75 rbt_less_prop: "rbt_less k t \<longleftrightarrow> (\<forall>x\<in>set (keys t). x < k)"
77 abbreviation rbt_less_symbol (infix "|\<guillemotleft>" 50)
78 where "t |\<guillemotleft> x \<equiv> rbt_less x t"
80 definition rbt_greater :: "'a \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool" (infix "\<guillemotleft>|" 50)
82 rbt_greater_prop: "rbt_greater k t = (\<forall>x\<in>set (keys t). k < x)"
84 lemma rbt_less_simps [simp]:
85 "Empty |\<guillemotleft> k = True"
86 "Branch c lt kt v rt |\<guillemotleft> k \<longleftrightarrow> kt < k \<and> lt |\<guillemotleft> k \<and> rt |\<guillemotleft> k"
87 by (auto simp add: rbt_less_prop)
89 lemma rbt_greater_simps [simp]:
90 "k \<guillemotleft>| Empty = True"
91 "k \<guillemotleft>| (Branch c lt kt v rt) \<longleftrightarrow> k < kt \<and> k \<guillemotleft>| lt \<and> k \<guillemotleft>| rt"
92 by (auto simp add: rbt_greater_prop)
94 lemmas rbt_ord_props = rbt_less_prop rbt_greater_prop
96 lemmas rbt_greater_nit = rbt_greater_prop entry_in_tree_keys
97 lemmas rbt_less_nit = rbt_less_prop entry_in_tree_keys
100 shows rbt_less_eq_trans: "l |\<guillemotleft> u \<Longrightarrow> u \<le> v \<Longrightarrow> l |\<guillemotleft> v"
101 and rbt_less_trans: "t |\<guillemotleft> x \<Longrightarrow> x < y \<Longrightarrow> t |\<guillemotleft> y"
102 and rbt_greater_eq_trans: "u \<le> v \<Longrightarrow> v \<guillemotleft>| r \<Longrightarrow> u \<guillemotleft>| r"
103 and rbt_greater_trans: "x < y \<Longrightarrow> y \<guillemotleft>| t \<Longrightarrow> x \<guillemotleft>| t"
104 by (auto simp: rbt_ord_props)
106 primrec rbt_sorted :: "('a, 'b) rbt \<Rightarrow> bool"
108 "rbt_sorted Empty = True"
109 | "rbt_sorted (Branch c l k v r) = (l |\<guillemotleft> k \<and> k \<guillemotleft>| r \<and> rbt_sorted l \<and> rbt_sorted r)"
113 context linorder begin
115 lemma rbt_sorted_entries:
116 "rbt_sorted t \<Longrightarrow> List.sorted (map fst (entries t))"
118 (force simp: sorted_append sorted_Cons rbt_ord_props
119 dest!: entry_in_tree_keys)+
121 lemma distinct_entries:
122 "rbt_sorted t \<Longrightarrow> distinct (map fst (entries t))"
124 (force simp: sorted_append sorted_Cons rbt_ord_props
125 dest!: entry_in_tree_keys)+
128 "rbt_sorted t \<Longrightarrow> distinct (keys t)"
129 by (simp add: distinct_entries keys_def)
132 subsubsection {* Tree lookup *}
134 primrec (in ord) rbt_lookup :: "('a, 'b) rbt \<Rightarrow> 'a \<rightharpoonup> 'b"
136 "rbt_lookup Empty k = None"
137 | "rbt_lookup (Branch _ l x y r) k =
138 (if k < x then rbt_lookup l k else if x < k then rbt_lookup r k else Some y)"
140 lemma rbt_lookup_keys: "rbt_sorted t \<Longrightarrow> dom (rbt_lookup t) = set (keys t)"
141 by (induct t) (auto simp: dom_def rbt_greater_prop rbt_less_prop)
143 lemma dom_rbt_lookup_Branch:
144 "rbt_sorted (Branch c t1 k v t2) \<Longrightarrow>
145 dom (rbt_lookup (Branch c t1 k v t2))
146 = Set.insert k (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2))"
148 assume "rbt_sorted (Branch c t1 k v t2)"
149 then show ?thesis by (simp add: rbt_lookup_keys)
152 lemma finite_dom_rbt_lookup [simp, intro!]: "finite (dom (rbt_lookup t))"
154 case Empty then show ?case by simp
156 case (Branch color t1 a b t2)
157 let ?A = "Set.insert a (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2))"
158 have "dom (rbt_lookup (Branch color t1 a b t2)) \<subseteq> ?A" by (auto split: split_if_asm)
159 moreover from Branch have "finite (insert a (dom (rbt_lookup t1) \<union> dom (rbt_lookup t2)))" by simp
160 ultimately show ?case by (rule finite_subset)
167 lemma rbt_lookup_rbt_less[simp]: "t |\<guillemotleft> k \<Longrightarrow> rbt_lookup t k = None"
170 lemma rbt_lookup_rbt_greater[simp]: "k \<guillemotleft>| t \<Longrightarrow> rbt_lookup t k = None"
173 lemma rbt_lookup_Empty: "rbt_lookup Empty = empty"
178 context linorder begin
180 lemma map_of_entries:
181 "rbt_sorted t \<Longrightarrow> map_of (entries t) = rbt_lookup t"
183 case Empty thus ?case by (simp add: rbt_lookup_Empty)
185 case (Branch c t1 k v t2)
186 have "rbt_lookup (Branch c t1 k v t2) = rbt_lookup t2 ++ [k\<mapsto>v] ++ rbt_lookup t1"
189 from Branch have RBT_SORTED: "rbt_sorted (Branch c t1 k v t2)" by simp
190 let ?thesis = "rbt_lookup (Branch c t1 k v t2) x = (rbt_lookup t2 ++ [k \<mapsto> v] ++ rbt_lookup t1) x"
192 have DOM_T1: "!!k'. k'\<in>dom (rbt_lookup t1) \<Longrightarrow> k>k'"
195 from RBT_SORTED have "t1 |\<guillemotleft> k" by simp
196 with rbt_less_prop have "\<forall>k'\<in>set (keys t1). k>k'" by auto
197 moreover assume "k'\<in>dom (rbt_lookup t1)"
198 ultimately show "k>k'" using rbt_lookup_keys RBT_SORTED by auto
201 have DOM_T2: "!!k'. k'\<in>dom (rbt_lookup t2) \<Longrightarrow> k<k'"
204 from RBT_SORTED have "k \<guillemotleft>| t2" by simp
205 with rbt_greater_prop have "\<forall>k'\<in>set (keys t2). k<k'" by auto
206 moreover assume "k'\<in>dom (rbt_lookup t2)"
207 ultimately show "k<k'" using rbt_lookup_keys RBT_SORTED by auto
212 hence "rbt_lookup (Branch c t1 k v t2) x = rbt_lookup t1 x" by simp
213 moreover from C have "x\<notin>dom [k\<mapsto>v]" by simp
214 moreover have "x \<notin> dom (rbt_lookup t2)"
216 assume "x \<in> dom (rbt_lookup t2)"
217 with DOM_T2 have "k<x" by blast
218 with C show False by simp
220 ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
223 hence "rbt_lookup (Branch c t1 k v t2) x = [k \<mapsto> v] x" by simp
224 moreover have "x \<notin> dom (rbt_lookup t1)"
226 assume "x \<in> dom (rbt_lookup t1)"
227 with DOM_T1 have "k>x" by blast
230 ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
233 hence "rbt_lookup (Branch c t1 k v t2) x = rbt_lookup t2 x" by (simp add: less_not_sym[of k x])
234 moreover from C have "x\<notin>dom [k\<mapsto>v]" by simp
235 moreover have "x\<notin>dom (rbt_lookup t1)" proof
236 assume "x\<in>dom (rbt_lookup t1)"
237 with DOM_T1 have "k>x" by simp
238 with C show False by simp
240 ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps)
241 } ultimately show ?thesis using less_linear by blast
244 have "rbt_lookup t2 ++ [k \<mapsto> v] ++ rbt_lookup t1 = map_of (entries (Branch c t1 k v t2))" by simp
245 finally show ?case by simp
248 lemma rbt_lookup_in_tree: "rbt_sorted t \<Longrightarrow> rbt_lookup t k = Some v \<longleftrightarrow> (k, v) \<in> set (entries t)"
249 by (simp add: map_of_entries [symmetric] distinct_entries)
251 lemma set_entries_inject:
252 assumes rbt_sorted: "rbt_sorted t1" "rbt_sorted t2"
253 shows "set (entries t1) = set (entries t2) \<longleftrightarrow> entries t1 = entries t2"
255 from rbt_sorted have "distinct (map fst (entries t1))"
256 "distinct (map fst (entries t2))"
257 by (auto intro: distinct_entries)
258 with rbt_sorted show ?thesis
259 by (auto intro: map_sorted_distinct_set_unique rbt_sorted_entries simp add: distinct_map)
263 assumes rbt_sorted: "rbt_sorted t1" "rbt_sorted t2"
264 assumes rbt_lookup: "rbt_lookup t1 = rbt_lookup t2"
265 shows "entries t1 = entries t2"
267 from rbt_sorted rbt_lookup have "map_of (entries t1) = map_of (entries t2)"
268 by (simp add: map_of_entries)
269 with rbt_sorted have "set (entries t1) = set (entries t2)"
270 by (simp add: map_of_inject_set distinct_entries)
271 with rbt_sorted show ?thesis by (simp add: set_entries_inject)
274 lemma entries_rbt_lookup:
275 assumes "rbt_sorted t1" "rbt_sorted t2"
276 shows "entries t1 = entries t2 \<longleftrightarrow> rbt_lookup t1 = rbt_lookup t2"
277 using assms by (auto intro: entries_eqI simp add: map_of_entries [symmetric])
279 lemma rbt_lookup_from_in_tree:
280 assumes "rbt_sorted t1" "rbt_sorted t2"
281 and "\<And>v. (k, v) \<in> set (entries t1) \<longleftrightarrow> (k, v) \<in> set (entries t2)"
282 shows "rbt_lookup t1 k = rbt_lookup t2 k"
284 from assms have "k \<in> dom (rbt_lookup t1) \<longleftrightarrow> k \<in> dom (rbt_lookup t2)"
285 by (simp add: keys_entries rbt_lookup_keys)
286 with assms show ?thesis by (auto simp add: rbt_lookup_in_tree [symmetric])
291 subsubsection {* Red-black properties *}
293 primrec color_of :: "('a, 'b) rbt \<Rightarrow> color"
296 | "color_of (Branch c _ _ _ _) = c"
298 primrec bheight :: "('a,'b) rbt \<Rightarrow> nat"
301 | "bheight (Branch c lt k v rt) = (if c = B then Suc (bheight lt) else bheight lt)"
303 primrec inv1 :: "('a, 'b) rbt \<Rightarrow> bool"
306 | "inv1 (Branch c lt k v rt) \<longleftrightarrow> inv1 lt \<and> inv1 rt \<and> (c = B \<or> color_of lt = B \<and> color_of rt = B)"
308 primrec inv1l :: "('a, 'b) rbt \<Rightarrow> bool" -- {* Weaker version *}
311 | "inv1l (Branch c l k v r) = (inv1 l \<and> inv1 r)"
312 lemma [simp]: "inv1 t \<Longrightarrow> inv1l t" by (cases t) simp+
314 primrec inv2 :: "('a, 'b) rbt \<Rightarrow> bool"
317 | "inv2 (Branch c lt k v rt) = (inv2 lt \<and> inv2 rt \<and> bheight lt = bheight rt)"
321 definition is_rbt :: "('a, 'b) rbt \<Rightarrow> bool" where
322 "is_rbt t \<longleftrightarrow> inv1 t \<and> inv2 t \<and> color_of t = B \<and> rbt_sorted t"
324 lemma is_rbt_rbt_sorted [simp]:
325 "is_rbt t \<Longrightarrow> rbt_sorted t" by (simp add: is_rbt_def)
327 theorem Empty_is_rbt [simp]:
328 "is_rbt Empty" by (simp add: is_rbt_def)
332 subsection {* Insertion *}
334 fun (* slow, due to massive case splitting *)
335 balance :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
337 "balance (Branch R a w x b) s t (Branch R c y z d) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
338 "balance (Branch R (Branch R a w x b) s t c) y z d = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
339 "balance (Branch R a w x (Branch R b s t c)) y z d = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
340 "balance a w x (Branch R b s t (Branch R c y z d)) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
341 "balance a w x (Branch R (Branch R b s t c) y z d) = Branch R (Branch B a w x b) s t (Branch B c y z d)" |
342 "balance a s t b = Branch B a s t b"
344 lemma balance_inv1: "\<lbrakk>inv1l l; inv1l r\<rbrakk> \<Longrightarrow> inv1 (balance l k v r)"
345 by (induct l k v r rule: balance.induct) auto
347 lemma balance_bheight: "bheight l = bheight r \<Longrightarrow> bheight (balance l k v r) = Suc (bheight l)"
348 by (induct l k v r rule: balance.induct) auto
351 assumes "inv2 l" "inv2 r" "bheight l = bheight r"
352 shows "inv2 (balance l k v r)"
354 by (induct l k v r rule: balance.induct) auto
358 lemma balance_rbt_greater[simp]: "(v \<guillemotleft>| balance a k x b) = (v \<guillemotleft>| a \<and> v \<guillemotleft>| b \<and> v < k)"
359 by (induct a k x b rule: balance.induct) auto
361 lemma balance_rbt_less[simp]: "(balance a k x b |\<guillemotleft> v) = (a |\<guillemotleft> v \<and> b |\<guillemotleft> v \<and> k < v)"
362 by (induct a k x b rule: balance.induct) auto
366 lemma (in linorder) balance_rbt_sorted:
368 assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
369 shows "rbt_sorted (balance l k v r)"
370 using assms proof (induct l k v r rule: balance.induct)
371 case ("2_2" a x w b y t c z s va vb vd vc)
372 hence "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc"
373 by (auto simp add: rbt_ord_props)
374 hence "y \<guillemotleft>| (Branch B va vb vd vc)" by (blast dest: rbt_greater_trans)
375 with "2_2" show ?case by simp
377 case ("3_2" va vb vd vc x w b y s c z)
378 from "3_2" have "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x"
380 hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
381 with "3_2" show ?case by simp
383 case ("3_3" x w b y s c z t va vb vd vc)
384 from "3_3" have "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc" by simp
385 hence "y \<guillemotleft>| Branch B va vb vd vc" by (blast dest: rbt_greater_trans)
386 with "3_3" show ?case by simp
388 case ("3_4" vd ve vg vf x w b y s c z t va vb vii vc)
389 hence "x < y \<and> Branch B vd ve vg vf |\<guillemotleft> x" by simp
390 hence 1: "Branch B vd ve vg vf |\<guillemotleft> y" by (blast dest: rbt_less_trans)
391 from "3_4" have "y < z \<and> z \<guillemotleft>| Branch B va vb vii vc" by simp
392 hence "y \<guillemotleft>| Branch B va vb vii vc" by (blast dest: rbt_greater_trans)
393 with 1 "3_4" show ?case by simp
395 case ("4_2" va vb vd vc x w b y s c z t dd)
396 hence "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x" by simp
397 hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
398 with "4_2" show ?case by simp
400 case ("5_2" x w b y s c z t va vb vd vc)
401 hence "y < z \<and> z \<guillemotleft>| Branch B va vb vd vc" by simp
402 hence "y \<guillemotleft>| Branch B va vb vd vc" by (blast dest: rbt_greater_trans)
403 with "5_2" show ?case by simp
405 case ("5_3" va vb vd vc x w b y s c z t)
406 hence "x < y \<and> Branch B va vb vd vc |\<guillemotleft> x" by simp
407 hence "Branch B va vb vd vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
408 with "5_3" show ?case by simp
410 case ("5_4" va vb vg vc x w b y s c z t vd ve vii vf)
411 hence "x < y \<and> Branch B va vb vg vc |\<guillemotleft> x" by simp
412 hence 1: "Branch B va vb vg vc |\<guillemotleft> y" by (blast dest: rbt_less_trans)
413 from "5_4" have "y < z \<and> z \<guillemotleft>| Branch B vd ve vii vf" by simp
414 hence "y \<guillemotleft>| Branch B vd ve vii vf" by (blast dest: rbt_greater_trans)
415 with 1 "5_4" show ?case by simp
418 lemma entries_balance [simp]:
419 "entries (balance l k v r) = entries l @ (k, v) # entries r"
420 by (induct l k v r rule: balance.induct) auto
422 lemma keys_balance [simp]:
423 "keys (balance l k v r) = keys l @ k # keys r"
424 by (simp add: keys_def)
426 lemma balance_in_tree:
427 "entry_in_tree k x (balance l v y r) \<longleftrightarrow> entry_in_tree k x l \<or> k = v \<and> x = y \<or> entry_in_tree k x r"
428 by (auto simp add: keys_def)
430 lemma (in linorder) rbt_lookup_balance[simp]:
432 assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
433 shows "rbt_lookup (balance l k v r) x = rbt_lookup (Branch B l k v r) x"
434 by (rule rbt_lookup_from_in_tree) (auto simp:assms balance_in_tree balance_rbt_sorted)
436 primrec paint :: "color \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
438 "paint c Empty = Empty"
439 | "paint c (Branch _ l k v r) = Branch c l k v r"
441 lemma paint_inv1l[simp]: "inv1l t \<Longrightarrow> inv1l (paint c t)" by (cases t) auto
442 lemma paint_inv1[simp]: "inv1l t \<Longrightarrow> inv1 (paint B t)" by (cases t) auto
443 lemma paint_inv2[simp]: "inv2 t \<Longrightarrow> inv2 (paint c t)" by (cases t) auto
444 lemma paint_color_of[simp]: "color_of (paint B t) = B" by (cases t) auto
445 lemma paint_in_tree[simp]: "entry_in_tree k x (paint c t) = entry_in_tree k x t" by (cases t) auto
449 lemma paint_rbt_sorted[simp]: "rbt_sorted t \<Longrightarrow> rbt_sorted (paint c t)" by (cases t) auto
450 lemma paint_rbt_lookup[simp]: "rbt_lookup (paint c t) = rbt_lookup t" by (rule ext) (cases t, auto)
451 lemma paint_rbt_greater[simp]: "(v \<guillemotleft>| paint c t) = (v \<guillemotleft>| t)" by (cases t) auto
452 lemma paint_rbt_less[simp]: "(paint c t |\<guillemotleft> v) = (t |\<guillemotleft> v)" by (cases t) auto
455 rbt_ins :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
457 "rbt_ins f k v Empty = Branch R Empty k v Empty" |
458 "rbt_ins f k v (Branch B l x y r) = (if k < x then balance (rbt_ins f k v l) x y r
459 else if k > x then balance l x y (rbt_ins f k v r)
460 else Branch B l x (f k y v) r)" |
461 "rbt_ins f k v (Branch R l x y r) = (if k < x then Branch R (rbt_ins f k v l) x y r
462 else if k > x then Branch R l x y (rbt_ins f k v r)
463 else Branch R l x (f k y v) r)"
466 assumes "inv1 t" "inv2 t"
467 shows "inv2 (rbt_ins f k x t)" "bheight (rbt_ins f k x t) = bheight t"
468 "color_of t = B \<Longrightarrow> inv1 (rbt_ins f k x t)" "inv1l (rbt_ins f k x t)"
470 by (induct f k x t rule: rbt_ins.induct) (auto simp: balance_inv1 balance_inv2 balance_bheight)
474 context linorder begin
476 lemma ins_rbt_greater[simp]: "(v \<guillemotleft>| rbt_ins f (k :: 'a) x t) = (v \<guillemotleft>| t \<and> k > v)"
477 by (induct f k x t rule: rbt_ins.induct) auto
478 lemma ins_rbt_less[simp]: "(rbt_ins f k x t |\<guillemotleft> v) = (t |\<guillemotleft> v \<and> k < v)"
479 by (induct f k x t rule: rbt_ins.induct) auto
480 lemma ins_rbt_sorted[simp]: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_ins f k x t)"
481 by (induct f k x t rule: rbt_ins.induct) (auto simp: balance_rbt_sorted)
483 lemma keys_ins: "set (keys (rbt_ins f k v t)) = { k } \<union> set (keys t)"
484 by (induct f k v t rule: rbt_ins.induct) auto
486 lemma rbt_lookup_ins:
488 assumes "rbt_sorted t"
489 shows "rbt_lookup (rbt_ins f k v t) x = ((rbt_lookup t)(k |-> case rbt_lookup t k of None \<Rightarrow> v
490 | Some w \<Rightarrow> f k w v)) x"
491 using assms by (induct f k v t rule: rbt_ins.induct) auto
497 definition rbt_insert_with_key :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
498 where "rbt_insert_with_key f k v t = paint B (rbt_ins f k v t)"
500 definition rbt_insertw_def: "rbt_insert_with f = rbt_insert_with_key (\<lambda>_. f)"
502 definition rbt_insert :: "'a \<Rightarrow> 'b \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt" where
503 "rbt_insert = rbt_insert_with_key (\<lambda>_ _ nv. nv)"
507 context linorder begin
509 lemma rbt_insertwk_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert_with_key f (k :: 'a) x t)"
510 by (auto simp: rbt_insert_with_key_def)
512 theorem rbt_insertwk_is_rbt:
513 assumes inv: "is_rbt t"
514 shows "is_rbt (rbt_insert_with_key f k x t)"
516 unfolding rbt_insert_with_key_def is_rbt_def
517 by (auto simp: ins_inv1_inv2)
519 lemma rbt_lookup_rbt_insertwk:
520 assumes "rbt_sorted t"
521 shows "rbt_lookup (rbt_insert_with_key f k v t) x = ((rbt_lookup t)(k |-> case rbt_lookup t k of None \<Rightarrow> v
522 | Some w \<Rightarrow> f k w v)) x"
523 unfolding rbt_insert_with_key_def using assms
524 by (simp add:rbt_lookup_ins)
526 lemma rbt_insertw_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert_with f k v t)"
527 by (simp add: rbt_insertwk_rbt_sorted rbt_insertw_def)
528 theorem rbt_insertw_is_rbt: "is_rbt t \<Longrightarrow> is_rbt (rbt_insert_with f k v t)"
529 by (simp add: rbt_insertwk_is_rbt rbt_insertw_def)
531 lemma rbt_lookup_rbt_insertw:
533 shows "rbt_lookup (rbt_insert_with f k v t) = (rbt_lookup t)(k \<mapsto> (if k:dom (rbt_lookup t) then f (the (rbt_lookup t k)) v else v))"
535 unfolding rbt_insertw_def
536 by (rule_tac ext) (cases "rbt_lookup t k", auto simp:rbt_lookup_rbt_insertwk dom_def)
538 lemma rbt_insert_rbt_sorted: "rbt_sorted t \<Longrightarrow> rbt_sorted (rbt_insert k v t)"
539 by (simp add: rbt_insertwk_rbt_sorted rbt_insert_def)
540 theorem rbt_insert_is_rbt [simp]: "is_rbt t \<Longrightarrow> is_rbt (rbt_insert k v t)"
541 by (simp add: rbt_insertwk_is_rbt rbt_insert_def)
543 lemma rbt_lookup_rbt_insert:
545 shows "rbt_lookup (rbt_insert k v t) = (rbt_lookup t)(k\<mapsto>v)"
546 unfolding rbt_insert_def
548 by (rule_tac ext) (simp add: rbt_lookup_rbt_insertwk split:option.split)
552 subsection {* Deletion *}
554 lemma bheight_paintR'[simp]: "color_of t = B \<Longrightarrow> bheight (paint R t) = bheight t - 1"
555 by (cases t rule: rbt_cases) auto
558 balance_left :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
560 "balance_left (Branch R a k x b) s y c = Branch R (Branch B a k x b) s y c" |
561 "balance_left bl k x (Branch B a s y b) = balance bl k x (Branch R a s y b)" |
562 "balance_left bl k x (Branch R (Branch B a s y b) t z c) = Branch R (Branch B bl k x a) s y (balance b t z (paint R c))" |
563 "balance_left t k x s = Empty"
565 lemma balance_left_inv2_with_inv1:
566 assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "inv1 rt"
567 shows "bheight (balance_left lt k v rt) = bheight lt + 1"
568 and "inv2 (balance_left lt k v rt)"
570 by (induct lt k v rt rule: balance_left.induct) (auto simp: balance_inv2 balance_bheight)
572 lemma balance_left_inv2_app:
573 assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "color_of rt = B"
574 shows "inv2 (balance_left lt k v rt)"
575 "bheight (balance_left lt k v rt) = bheight rt"
577 by (induct lt k v rt rule: balance_left.induct) (auto simp add: balance_inv2 balance_bheight)+
579 lemma balance_left_inv1: "\<lbrakk>inv1l a; inv1 b; color_of b = B\<rbrakk> \<Longrightarrow> inv1 (balance_left a k x b)"
580 by (induct a k x b rule: balance_left.induct) (simp add: balance_inv1)+
582 lemma balance_left_inv1l: "\<lbrakk> inv1l lt; inv1 rt \<rbrakk> \<Longrightarrow> inv1l (balance_left lt k x rt)"
583 by (induct lt k x rt rule: balance_left.induct) (auto simp: balance_inv1)
585 lemma (in linorder) balance_left_rbt_sorted:
586 "\<lbrakk> rbt_sorted l; rbt_sorted r; rbt_less k l; k \<guillemotleft>| r \<rbrakk> \<Longrightarrow> rbt_sorted (balance_left l k v r)"
587 apply (induct l k v r rule: balance_left.induct)
588 apply (auto simp: balance_rbt_sorted)
589 apply (unfold rbt_greater_prop rbt_less_prop)
594 lemma balance_left_rbt_greater:
596 assumes "k \<guillemotleft>| a" "k \<guillemotleft>| b" "k < x"
597 shows "k \<guillemotleft>| balance_left a x t b"
599 by (induct a x t b rule: balance_left.induct) auto
601 lemma balance_left_rbt_less:
603 assumes "a |\<guillemotleft> k" "b |\<guillemotleft> k" "x < k"
604 shows "balance_left a x t b |\<guillemotleft> k"
606 by (induct a x t b rule: balance_left.induct) auto
610 lemma balance_left_in_tree:
611 assumes "inv1l l" "inv1 r" "bheight l + 1 = bheight r"
612 shows "entry_in_tree k v (balance_left l a b r) = (entry_in_tree k v l \<or> k = a \<and> v = b \<or> entry_in_tree k v r)"
614 by (induct l k v r rule: balance_left.induct) (auto simp: balance_in_tree)
617 balance_right :: "('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
619 "balance_right a k x (Branch R b s y c) = Branch R a k x (Branch B b s y c)" |
620 "balance_right (Branch B a k x b) s y bl = balance (Branch R a k x b) s y bl" |
621 "balance_right (Branch R a k x (Branch B b s y c)) t z bl = Branch R (balance (paint R a) k x b) s y (Branch B c t z bl)" |
622 "balance_right t k x s = Empty"
624 lemma balance_right_inv2_with_inv1:
625 assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt + 1" "inv1 lt"
626 shows "inv2 (balance_right lt k v rt) \<and> bheight (balance_right lt k v rt) = bheight lt"
628 by (induct lt k v rt rule: balance_right.induct) (auto simp: balance_inv2 balance_bheight)
630 lemma balance_right_inv1: "\<lbrakk>inv1 a; inv1l b; color_of a = B\<rbrakk> \<Longrightarrow> inv1 (balance_right a k x b)"
631 by (induct a k x b rule: balance_right.induct) (simp add: balance_inv1)+
633 lemma balance_right_inv1l: "\<lbrakk> inv1 lt; inv1l rt \<rbrakk> \<Longrightarrow>inv1l (balance_right lt k x rt)"
634 by (induct lt k x rt rule: balance_right.induct) (auto simp: balance_inv1)
636 lemma (in linorder) balance_right_rbt_sorted:
637 "\<lbrakk> rbt_sorted l; rbt_sorted r; rbt_less k l; k \<guillemotleft>| r \<rbrakk> \<Longrightarrow> rbt_sorted (balance_right l k v r)"
638 apply (induct l k v r rule: balance_right.induct)
639 apply (auto simp:balance_rbt_sorted)
640 apply (unfold rbt_less_prop rbt_greater_prop)
645 lemma balance_right_rbt_greater:
647 assumes "k \<guillemotleft>| a" "k \<guillemotleft>| b" "k < x"
648 shows "k \<guillemotleft>| balance_right a x t b"
649 using assms by (induct a x t b rule: balance_right.induct) auto
651 lemma balance_right_rbt_less:
653 assumes "a |\<guillemotleft> k" "b |\<guillemotleft> k" "x < k"
654 shows "balance_right a x t b |\<guillemotleft> k"
655 using assms by (induct a x t b rule: balance_right.induct) auto
659 lemma balance_right_in_tree:
660 assumes "inv1 l" "inv1l r" "bheight l = bheight r + 1" "inv2 l" "inv2 r"
661 shows "entry_in_tree x y (balance_right l k v r) = (entry_in_tree x y l \<or> x = k \<and> y = v \<or> entry_in_tree x y r)"
662 using assms by (induct l k v r rule: balance_right.induct) (auto simp: balance_in_tree)
665 combine :: "('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
667 "combine Empty x = x"
668 | "combine x Empty = x"
669 | "combine (Branch R a k x b) (Branch R c s y d) = (case (combine b c) of
670 Branch R b2 t z c2 \<Rightarrow> (Branch R (Branch R a k x b2) t z (Branch R c2 s y d)) |
671 bc \<Rightarrow> Branch R a k x (Branch R bc s y d))"
672 | "combine (Branch B a k x b) (Branch B c s y d) = (case (combine b c) of
673 Branch R b2 t z c2 \<Rightarrow> Branch R (Branch B a k x b2) t z (Branch B c2 s y d) |
674 bc \<Rightarrow> balance_left a k x (Branch B bc s y d))"
675 | "combine a (Branch R b k x c) = Branch R (combine a b) k x c"
676 | "combine (Branch R a k x b) c = Branch R a k x (combine b c)"
679 assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt"
680 shows "bheight (combine lt rt) = bheight lt" "inv2 (combine lt rt)"
682 by (induct lt rt rule: combine.induct)
683 (auto simp: balance_left_inv2_app split: rbt.splits color.splits)
686 assumes "inv1 lt" "inv1 rt"
687 shows "color_of lt = B \<Longrightarrow> color_of rt = B \<Longrightarrow> inv1 (combine lt rt)"
688 "inv1l (combine lt rt)"
690 by (induct lt rt rule: combine.induct)
691 (auto simp: balance_left_inv1 split: rbt.splits color.splits)
693 context linorder begin
695 lemma combine_rbt_greater[simp]:
697 assumes "k \<guillemotleft>| l" "k \<guillemotleft>| r"
698 shows "k \<guillemotleft>| combine l r"
700 by (induct l r rule: combine.induct)
701 (auto simp: balance_left_rbt_greater split:rbt.splits color.splits)
703 lemma combine_rbt_less[simp]:
705 assumes "l |\<guillemotleft> k" "r |\<guillemotleft> k"
706 shows "combine l r |\<guillemotleft> k"
708 by (induct l r rule: combine.induct)
709 (auto simp: balance_left_rbt_less split:rbt.splits color.splits)
711 lemma combine_rbt_sorted:
713 assumes "rbt_sorted l" "rbt_sorted r" "l |\<guillemotleft> k" "k \<guillemotleft>| r"
714 shows "rbt_sorted (combine l r)"
715 using assms proof (induct l r rule: combine.induct)
716 case (3 a x v b c y w d)
717 hence ineqs: "a |\<guillemotleft> x" "x \<guillemotleft>| b" "b |\<guillemotleft> k" "k \<guillemotleft>| c" "c |\<guillemotleft> y" "y \<guillemotleft>| d"
721 by (cases "combine b c" rule: rbt_cases)
722 (auto, (metis combine_rbt_greater combine_rbt_less ineqs ineqs rbt_less_simps(2) rbt_greater_simps(2) rbt_greater_trans rbt_less_trans)+)
724 case (4 a x v b c y w d)
725 hence "x < k \<and> rbt_greater k c" by simp
726 hence "rbt_greater x c" by (blast dest: rbt_greater_trans)
727 with 4 have 2: "rbt_greater x (combine b c)" by (simp add: combine_rbt_greater)
728 from 4 have "k < y \<and> rbt_less k b" by simp
729 hence "rbt_less y b" by (blast dest: rbt_less_trans)
730 with 4 have 3: "rbt_less y (combine b c)" by (simp add: combine_rbt_less)
732 proof (cases "combine b c" rule: rbt_cases)
734 from 4 have "x < y \<and> rbt_greater y d" by auto
735 hence "rbt_greater x d" by (blast dest: rbt_greater_trans)
736 with 4 Empty have "rbt_sorted a" and "rbt_sorted (Branch B Empty y w d)"
737 and "rbt_less x a" and "rbt_greater x (Branch B Empty y w d)" by auto
738 with Empty show ?thesis by (simp add: balance_left_rbt_sorted)
740 case (Red lta va ka rta)
741 with 2 4 have "x < va \<and> rbt_less x a" by simp
742 hence 5: "rbt_less va a" by (blast dest: rbt_less_trans)
743 from Red 3 4 have "va < y \<and> rbt_greater y d" by simp
744 hence "rbt_greater va d" by (blast dest: rbt_greater_trans)
745 with Red 2 3 4 5 show ?thesis by simp
747 case (Black lta va ka rta)
748 from 4 have "x < y \<and> rbt_greater y d" by auto
749 hence "rbt_greater x d" by (blast dest: rbt_greater_trans)
750 with Black 2 3 4 have "rbt_sorted a" and "rbt_sorted (Branch B (combine b c) y w d)"
751 and "rbt_less x a" and "rbt_greater x (Branch B (combine b c) y w d)" by auto
752 with Black show ?thesis by (simp add: balance_left_rbt_sorted)
755 case (5 va vb vd vc b x w c)
756 hence "k < x \<and> rbt_less k (Branch B va vb vd vc)" by simp
757 hence "rbt_less x (Branch B va vb vd vc)" by (blast dest: rbt_less_trans)
758 with 5 show ?case by (simp add: combine_rbt_less)
760 case (6 a x v b va vb vd vc)
761 hence "x < k \<and> rbt_greater k (Branch B va vb vd vc)" by simp
762 hence "rbt_greater x (Branch B va vb vd vc)" by (blast dest: rbt_greater_trans)
763 with 6 show ?case by (simp add: combine_rbt_greater)
768 lemma combine_in_tree:
769 assumes "inv2 l" "inv2 r" "bheight l = bheight r" "inv1 l" "inv1 r"
770 shows "entry_in_tree k v (combine l r) = (entry_in_tree k v l \<or> entry_in_tree k v r)"
772 proof (induct l r rule: combine.induct)
774 hence a: "bheight (combine b c) = bheight b" by (simp add: combine_inv2)
775 from 4 have b: "inv1l (combine b c)" by (simp add: combine_inv1)
778 proof (cases "combine b c" rule: rbt_cases)
780 with 4 a show ?thesis by (auto simp: balance_left_in_tree)
782 case (Red lta ka va rta)
783 with 4 show ?thesis by auto
785 case (Black lta ka va rta)
786 with a b 4 show ?thesis by (auto simp: balance_left_in_tree)
788 qed (auto split: rbt.splits color.splits)
793 rbt_del_from_left :: "'a \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt" and
794 rbt_del_from_right :: "'a \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt" and
795 rbt_del :: "'a\<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"
797 "rbt_del x Empty = Empty" |
798 "rbt_del x (Branch c a y s b) =
799 (if x < y then rbt_del_from_left x a y s b
800 else (if x > y then rbt_del_from_right x a y s b else combine a b))" |
801 "rbt_del_from_left x (Branch B lt z v rt) y s b = balance_left (rbt_del x (Branch B lt z v rt)) y s b" |
802 "rbt_del_from_left x a y s b = Branch R (rbt_del x a) y s b" |
803 "rbt_del_from_right x a y s (Branch B lt z v rt) = balance_right a y s (rbt_del x (Branch B lt z v rt))" |
804 "rbt_del_from_right x a y s b = Branch R a y s (rbt_del x b)"
808 context linorder begin
811 assumes "inv2 lt" "inv1 lt"
813 "\<lbrakk>inv2 rt; bheight lt = bheight rt; inv1 rt\<rbrakk> \<Longrightarrow>
814 inv2 (rbt_del_from_left x lt k v rt) \<and>
815 bheight (rbt_del_from_left x lt k v rt) = bheight lt \<and>
816 (color_of lt = B \<and> color_of rt = B \<and> inv1 (rbt_del_from_left x lt k v rt) \<or>
817 (color_of lt \<noteq> B \<or> color_of rt \<noteq> B) \<and> inv1l (rbt_del_from_left x lt k v rt))"
818 and "\<lbrakk>inv2 rt; bheight lt = bheight rt; inv1 rt\<rbrakk> \<Longrightarrow>
819 inv2 (rbt_del_from_right x lt k v rt) \<and>
820 bheight (rbt_del_from_right x lt k v rt) = bheight lt \<and>
821 (color_of lt = B \<and> color_of rt = B \<and> inv1 (rbt_del_from_right x lt k v rt) \<or>
822 (color_of lt \<noteq> B \<or> color_of rt \<noteq> B) \<and> inv1l (rbt_del_from_right x lt k v rt))"
823 and rbt_del_inv1_inv2: "inv2 (rbt_del x lt) \<and> (color_of lt = R \<and> bheight (rbt_del x lt) = bheight lt \<and> inv1 (rbt_del x lt)
824 \<or> color_of lt = B \<and> bheight (rbt_del x lt) = bheight lt - 1 \<and> inv1l (rbt_del x lt))"
826 proof (induct x lt k v rt and x lt k v rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
828 have "y = y' \<or> y < y' \<or> y > y'" by auto
829 thus ?case proof (elim disjE)
831 with 2 show ?thesis by (cases c) (simp add: combine_inv2 combine_inv1)+
834 with 2 show ?thesis by (cases c) auto
837 with 2 show ?thesis by (cases c) auto
840 case (3 y lt z v rta y' ss bb)
841 thus ?case by (cases "color_of (Branch B lt z v rta) = B \<and> color_of bb = B") (simp add: balance_left_inv2_with_inv1 balance_left_inv1 balance_left_inv1l)+
843 case (5 y a y' ss lt z v rta)
844 thus ?case by (cases "color_of a = B \<and> color_of (Branch B lt z v rta) = B") (simp add: balance_right_inv2_with_inv1 balance_right_inv1 balance_right_inv1l)+
846 case ("6_1" y a y' ss) thus ?case by (cases "color_of a = B \<and> color_of Empty = B") simp+
850 rbt_del_from_left_rbt_less: "\<lbrakk> lt |\<guillemotleft> v; rt |\<guillemotleft> v; k < v\<rbrakk> \<Longrightarrow> rbt_del_from_left x lt k y rt |\<guillemotleft> v"
851 and rbt_del_from_right_rbt_less: "\<lbrakk>lt |\<guillemotleft> v; rt |\<guillemotleft> v; k < v\<rbrakk> \<Longrightarrow> rbt_del_from_right x lt k y rt |\<guillemotleft> v"
852 and rbt_del_rbt_less: "lt |\<guillemotleft> v \<Longrightarrow> rbt_del x lt |\<guillemotleft> v"
853 by (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
854 (auto simp: balance_left_rbt_less balance_right_rbt_less)
856 lemma rbt_del_from_left_rbt_greater: "\<lbrakk>v \<guillemotleft>| lt; v \<guillemotleft>| rt; k > v\<rbrakk> \<Longrightarrow> v \<guillemotleft>| rbt_del_from_left x lt k y rt"
857 and rbt_del_from_right_rbt_greater: "\<lbrakk>v \<guillemotleft>| lt; v \<guillemotleft>| rt; k > v\<rbrakk> \<Longrightarrow> v \<guillemotleft>| rbt_del_from_right x lt k y rt"
858 and rbt_del_rbt_greater: "v \<guillemotleft>| lt \<Longrightarrow> v \<guillemotleft>| rbt_del x lt"
859 by (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
860 (auto simp: balance_left_rbt_greater balance_right_rbt_greater)
862 lemma "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> k; k \<guillemotleft>| rt\<rbrakk> \<Longrightarrow> rbt_sorted (rbt_del_from_left x lt k y rt)"
863 and "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> k; k \<guillemotleft>| rt\<rbrakk> \<Longrightarrow> rbt_sorted (rbt_del_from_right x lt k y rt)"
864 and rbt_del_rbt_sorted: "rbt_sorted lt \<Longrightarrow> rbt_sorted (rbt_del x lt)"
865 proof (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
866 case (3 x lta zz v rta yy ss bb)
867 from 3 have "Branch B lta zz v rta |\<guillemotleft> yy" by simp
868 hence "rbt_del x (Branch B lta zz v rta) |\<guillemotleft> yy" by (rule rbt_del_rbt_less)
869 with 3 show ?case by (simp add: balance_left_rbt_sorted)
871 case ("4_2" x vaa vbb vdd vc yy ss bb)
872 hence "Branch R vaa vbb vdd vc |\<guillemotleft> yy" by simp
873 hence "rbt_del x (Branch R vaa vbb vdd vc) |\<guillemotleft> yy" by (rule rbt_del_rbt_less)
874 with "4_2" show ?case by simp
876 case (5 x aa yy ss lta zz v rta)
877 hence "yy \<guillemotleft>| Branch B lta zz v rta" by simp
878 hence "yy \<guillemotleft>| rbt_del x (Branch B lta zz v rta)" by (rule rbt_del_rbt_greater)
879 with 5 show ?case by (simp add: balance_right_rbt_sorted)
881 case ("6_2" x aa yy ss vaa vbb vdd vc)
882 hence "yy \<guillemotleft>| Branch R vaa vbb vdd vc" by simp
883 hence "yy \<guillemotleft>| rbt_del x (Branch R vaa vbb vdd vc)" by (rule rbt_del_rbt_greater)
884 with "6_2" show ?case by simp
885 qed (auto simp: combine_rbt_sorted)
887 lemma "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> kt; kt \<guillemotleft>| rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bheight lt = bheight rt; x < kt\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del_from_left x lt kt y rt) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v (Branch c lt kt y rt)))"
888 and "\<lbrakk>rbt_sorted lt; rbt_sorted rt; lt |\<guillemotleft> kt; kt \<guillemotleft>| rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bheight lt = bheight rt; x > kt\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del_from_right x lt kt y rt) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v (Branch c lt kt y rt)))"
889 and rbt_del_in_tree: "\<lbrakk>rbt_sorted t; inv1 t; inv2 t\<rbrakk> \<Longrightarrow> entry_in_tree k v (rbt_del x t) = (False \<or> (x \<noteq> k \<and> entry_in_tree k v t))"
890 proof (induct x lt kt y rt and x lt kt y rt and x t rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct)
891 case (2 xx c aa yy ss bb)
892 have "xx = yy \<or> xx < yy \<or> xx > yy" by auto
893 from this 2 show ?case proof (elim disjE)
895 with 2 show ?thesis proof (cases "xx = k")
897 from 2 `xx = yy` `xx = k` have "rbt_sorted (Branch c aa yy ss bb) \<and> k = yy" by simp
898 hence "\<not> entry_in_tree k v aa" "\<not> entry_in_tree k v bb" by (auto simp: rbt_less_nit rbt_greater_prop)
899 with `xx = yy` 2 `xx = k` show ?thesis by (simp add: combine_in_tree)
900 qed (simp add: combine_in_tree)
903 case (3 xx lta zz vv rta yy ss bb)
904 def mt[simp]: mt == "Branch B lta zz vv rta"
905 from 3 have "inv2 mt \<and> inv1 mt" by simp
906 hence "inv2 (rbt_del xx mt) \<and> (color_of mt = R \<and> bheight (rbt_del xx mt) = bheight mt \<and> inv1 (rbt_del xx mt) \<or> color_of mt = B \<and> bheight (rbt_del xx mt) = bheight mt - 1 \<and> inv1l (rbt_del xx mt))" by (blast dest: rbt_del_inv1_inv2)
907 with 3 have 4: "entry_in_tree k v (rbt_del_from_left xx mt yy ss bb) = (False \<or> xx \<noteq> k \<and> entry_in_tree k v mt \<or> (k = yy \<and> v = ss) \<or> entry_in_tree k v bb)" by (simp add: balance_left_in_tree)
908 thus ?case proof (cases "xx = k")
910 from 3 True have "yy \<guillemotleft>| bb \<and> yy > k" by simp
911 hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
912 with 3 4 True show ?thesis by (auto simp: rbt_greater_nit)
915 case ("4_1" xx yy ss bb)
916 show ?case proof (cases "xx = k")
918 with "4_1" have "yy \<guillemotleft>| bb \<and> k < yy" by simp
919 hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
921 have "entry_in_tree k v (Branch R Empty yy ss bb) = entry_in_tree k v Empty" by (auto simp: rbt_greater_nit)
925 case ("4_2" xx vaa vbb vdd vc yy ss bb)
926 thus ?case proof (cases "xx = k")
928 with "4_2" have "k < yy \<and> yy \<guillemotleft>| bb" by simp
929 hence "k \<guillemotleft>| bb" by (blast dest: rbt_greater_trans)
930 with True "4_2" show ?thesis by (auto simp: rbt_greater_nit)
933 case (5 xx aa yy ss lta zz vv rta)
934 def mt[simp]: mt == "Branch B lta zz vv rta"
935 from 5 have "inv2 mt \<and> inv1 mt" by simp
936 hence "inv2 (rbt_del xx mt) \<and> (color_of mt = R \<and> bheight (rbt_del xx mt) = bheight mt \<and> inv1 (rbt_del xx mt) \<or> color_of mt = B \<and> bheight (rbt_del xx mt) = bheight mt - 1 \<and> inv1l (rbt_del xx mt))" by (blast dest: rbt_del_inv1_inv2)
937 with 5 have 3: "entry_in_tree k v (rbt_del_from_right xx aa yy ss mt) = (entry_in_tree k v aa \<or> (k = yy \<and> v = ss) \<or> False \<or> xx \<noteq> k \<and> entry_in_tree k v mt)" by (simp add: balance_right_in_tree)
938 thus ?case proof (cases "xx = k")
940 from 5 True have "aa |\<guillemotleft> yy \<and> yy < k" by simp
941 hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
942 with 3 5 True show ?thesis by (auto simp: rbt_less_nit)
945 case ("6_1" xx aa yy ss)
946 show ?case proof (cases "xx = k")
948 with "6_1" have "aa |\<guillemotleft> yy \<and> k > yy" by simp
949 hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
950 with "6_1" `xx = k` show ?thesis by (auto simp: rbt_less_nit)
953 case ("6_2" xx aa yy ss vaa vbb vdd vc)
954 thus ?case proof (cases "xx = k")
956 with "6_2" have "k > yy \<and> aa |\<guillemotleft> yy" by simp
957 hence "aa |\<guillemotleft> k" by (blast dest: rbt_less_trans)
958 with True "6_2" show ?thesis by (auto simp: rbt_less_nit)
962 definition (in ord) rbt_delete where
963 "rbt_delete k t = paint B (rbt_del k t)"
965 theorem rbt_delete_is_rbt [simp]: assumes "is_rbt t" shows "is_rbt (rbt_delete k t)"
967 from assms have "inv2 t" and "inv1 t" unfolding is_rbt_def by auto
968 hence "inv2 (rbt_del k t) \<and> (color_of t = R \<and> bheight (rbt_del k t) = bheight t \<and> inv1 (rbt_del k t) \<or> color_of t = B \<and> bheight (rbt_del k t) = bheight t - 1 \<and> inv1l (rbt_del k t))" by (rule rbt_del_inv1_inv2)
969 hence "inv2 (rbt_del k t) \<and> inv1l (rbt_del k t)" by (cases "color_of t") auto
970 with assms show ?thesis
971 unfolding is_rbt_def rbt_delete_def
972 by (auto intro: paint_rbt_sorted rbt_del_rbt_sorted)
975 lemma rbt_delete_in_tree:
977 shows "entry_in_tree k v (rbt_delete x t) = (x \<noteq> k \<and> entry_in_tree k v t)"
978 using assms unfolding is_rbt_def rbt_delete_def
979 by (auto simp: rbt_del_in_tree)
981 lemma rbt_lookup_rbt_delete:
982 assumes is_rbt: "is_rbt t"
983 shows "rbt_lookup (rbt_delete k t) = (rbt_lookup t)|`(-{k})"
986 show "rbt_lookup (rbt_delete k t) x = (rbt_lookup t |` (-{k})) x"
987 proof (cases "x = k")
989 with is_rbt show ?thesis
990 by (cases "rbt_lookup (rbt_delete k t) k") (auto simp: rbt_lookup_in_tree rbt_delete_in_tree)
992 assume "x \<noteq> k"
994 by auto (metis is_rbt rbt_delete_is_rbt rbt_delete_in_tree is_rbt_rbt_sorted rbt_lookup_from_in_tree)
1000 subsection {* Modifying existing entries *}
1005 rbt_map_entry :: "'a \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
1007 "rbt_map_entry k f Empty = Empty"
1008 | "rbt_map_entry k f (Branch c lt x v rt) =
1009 (if k < x then Branch c (rbt_map_entry k f lt) x v rt
1010 else if k > x then (Branch c lt x v (rbt_map_entry k f rt))
1011 else Branch c lt x (f v) rt)"
1014 lemma rbt_map_entry_color_of: "color_of (rbt_map_entry k f t) = color_of t" by (induct t) simp+
1015 lemma rbt_map_entry_inv1: "inv1 (rbt_map_entry k f t) = inv1 t" by (induct t) (simp add: rbt_map_entry_color_of)+
1016 lemma rbt_map_entry_inv2: "inv2 (rbt_map_entry k f t) = inv2 t" "bheight (rbt_map_entry k f t) = bheight t" by (induct t) simp+
1017 lemma rbt_map_entry_rbt_greater: "rbt_greater a (rbt_map_entry k f t) = rbt_greater a t" by (induct t) simp+
1018 lemma rbt_map_entry_rbt_less: "rbt_less a (rbt_map_entry k f t) = rbt_less a t" by (induct t) simp+
1019 lemma rbt_map_entry_rbt_sorted: "rbt_sorted (rbt_map_entry k f t) = rbt_sorted t"
1020 by (induct t) (simp_all add: rbt_map_entry_rbt_less rbt_map_entry_rbt_greater)
1022 theorem rbt_map_entry_is_rbt [simp]: "is_rbt (rbt_map_entry k f t) = is_rbt t"
1023 unfolding is_rbt_def by (simp add: rbt_map_entry_inv2 rbt_map_entry_color_of rbt_map_entry_rbt_sorted rbt_map_entry_inv1 )
1027 theorem (in linorder) rbt_lookup_rbt_map_entry:
1028 "rbt_lookup (rbt_map_entry k f t) = (rbt_lookup t)(k := Option.map f (rbt_lookup t k))"
1029 by (induct t) (auto split: option.splits simp add: fun_eq_iff)
1031 subsection {* Mapping all entries *}
1034 map :: "('a \<Rightarrow> 'b \<Rightarrow> 'c) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'c) rbt"
1036 "map f Empty = Empty"
1037 | "map f (Branch c lt k v rt) = Branch c (map f lt) k (f k v) (map f rt)"
1039 lemma map_entries [simp]: "entries (map f t) = List.map (\<lambda>(k, v). (k, f k v)) (entries t)"
1041 lemma map_keys [simp]: "keys (map f t) = keys t" by (simp add: keys_def split_def)
1042 lemma map_color_of: "color_of (map f t) = color_of t" by (induct t) simp+
1043 lemma map_inv1: "inv1 (map f t) = inv1 t" by (induct t) (simp add: map_color_of)+
1044 lemma map_inv2: "inv2 (map f t) = inv2 t" "bheight (map f t) = bheight t" by (induct t) simp+
1048 lemma map_rbt_greater: "rbt_greater k (map f t) = rbt_greater k t" by (induct t) simp+
1049 lemma map_rbt_less: "rbt_less k (map f t) = rbt_less k t" by (induct t) simp+
1050 lemma map_rbt_sorted: "rbt_sorted (map f t) = rbt_sorted t" by (induct t) (simp add: map_rbt_less map_rbt_greater)+
1051 theorem map_is_rbt [simp]: "is_rbt (map f t) = is_rbt t"
1052 unfolding is_rbt_def by (simp add: map_inv1 map_inv2 map_rbt_sorted map_color_of)
1056 theorem (in linorder) rbt_lookup_map: "rbt_lookup (map f t) x = Option.map (f x) (rbt_lookup t x)"
1059 apply(subgoal_tac "x = a")
1062 (* FIXME: simproc "antisym less" does not work for linorder context, only for linorder type class
1063 by (induct t) auto *)
1065 hide_const (open) map
1067 subsection {* Folding over entries *}
1069 definition fold :: "('a \<Rightarrow> 'b \<Rightarrow> 'c \<Rightarrow> 'c) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> 'c \<Rightarrow> 'c" where
1070 "fold f t = List.fold (prod_case f) (entries t)"
1072 lemma fold_simps [simp]:
1074 "fold f (Branch c lt k v rt) = fold f rt \<circ> f k v \<circ> fold f lt"
1075 by (simp_all add: fold_def fun_eq_iff)
1077 lemma fold_code [code]:
1078 "fold f Empty x = x"
1079 "fold f (Branch c lt k v rt) x = fold f rt (f k v (fold f lt x))"
1082 (* fold with continuation predicate *)
1084 fun foldi :: "('c \<Rightarrow> bool) \<Rightarrow> ('a \<Rightarrow> 'b \<Rightarrow> 'c \<Rightarrow> 'c) \<Rightarrow> ('a :: linorder, 'b) rbt \<Rightarrow> 'c \<Rightarrow> 'c"
1086 "foldi c f Empty s = s" |
1087 "foldi c f (Branch col l k v r) s = (
1089 let s' = foldi c f l s in
1091 foldi c f r (f k v s')
1097 subsection {* Bulkloading a tree *}
1099 definition (in ord) rbt_bulkload :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt" where
1100 "rbt_bulkload xs = foldr (\<lambda>(k, v). rbt_insert k v) xs Empty"
1102 context linorder begin
1104 lemma rbt_bulkload_is_rbt [simp, intro]:
1105 "is_rbt (rbt_bulkload xs)"
1106 unfolding rbt_bulkload_def by (induct xs) auto
1108 lemma rbt_lookup_rbt_bulkload:
1109 "rbt_lookup (rbt_bulkload xs) = map_of xs"
1111 obtain ys where "ys = rev xs" by simp
1112 have "\<And>t. is_rbt t \<Longrightarrow>
1113 rbt_lookup (List.fold (prod_case rbt_insert) ys t) = rbt_lookup t ++ map_of (rev ys)"
1114 by (induct ys) (simp_all add: rbt_bulkload_def rbt_lookup_rbt_insert prod_case_beta)
1115 from this Empty_is_rbt have
1116 "rbt_lookup (List.fold (prod_case rbt_insert) (rev xs) Empty) = rbt_lookup Empty ++ map_of xs"
1117 by (simp add: `ys = rev xs`)
1118 then show ?thesis by (simp add: rbt_bulkload_def rbt_lookup_Empty foldr_conv_fold)
1125 subsection {* Building a RBT from a sorted list *}
1128 These functions have been adapted from
1129 Andrew W. Appel, Efficient Verified Red-Black Trees (September 2011)
1132 fun rbtreeify_f :: "nat \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt \<times> ('a \<times> 'b) list"
1133 and rbtreeify_g :: "nat \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt \<times> ('a \<times> 'b) list"
1135 "rbtreeify_f n kvs =
1136 (if n = 0 then (Empty, kvs)
1138 case kvs of (k, v) # kvs' \<Rightarrow> (Branch R Empty k v Empty, kvs')
1139 else if (n mod 2 = 0) then
1140 case rbtreeify_f (n div 2) kvs of (t1, (k, v) # kvs') \<Rightarrow>
1141 apfst (Branch B t1 k v) (rbtreeify_g (n div 2) kvs')
1142 else case rbtreeify_f (n div 2) kvs of (t1, (k, v) # kvs') \<Rightarrow>
1143 apfst (Branch B t1 k v) (rbtreeify_f (n div 2) kvs'))"
1145 | "rbtreeify_g n kvs =
1146 (if n = 0 \<or> n = 1 then (Empty, kvs)
1147 else if n mod 2 = 0 then
1148 case rbtreeify_g (n div 2) kvs of (t1, (k, v) # kvs') \<Rightarrow>
1149 apfst (Branch B t1 k v) (rbtreeify_g (n div 2) kvs')
1150 else case rbtreeify_f (n div 2) kvs of (t1, (k, v) # kvs') \<Rightarrow>
1151 apfst (Branch B t1 k v) (rbtreeify_g (n div 2) kvs'))"
1153 definition rbtreeify :: "('a \<times> 'b) list \<Rightarrow> ('a, 'b) rbt"
1154 where "rbtreeify kvs = fst (rbtreeify_g (Suc (length kvs)) kvs)"
1156 declare rbtreeify_f.simps [simp del] rbtreeify_g.simps [simp del]
1158 lemma rbtreeify_f_code [code]:
1159 "rbtreeify_f n kvs =
1160 (if n = 0 then (Empty, kvs)
1162 case kvs of (k, v) # kvs' \<Rightarrow>
1163 (Branch R Empty k v Empty, kvs')
1164 else let (n', r) = divmod_nat n 2 in
1166 case rbtreeify_f n' kvs of (t1, (k, v) # kvs') \<Rightarrow>
1167 apfst (Branch B t1 k v) (rbtreeify_g n' kvs')
1168 else case rbtreeify_f n' kvs of (t1, (k, v) # kvs') \<Rightarrow>
1169 apfst (Branch B t1 k v) (rbtreeify_f n' kvs'))"
1170 by(subst rbtreeify_f.simps)(simp only: Let_def divmod_nat_div_mod prod.simps)
1172 lemma rbtreeify_g_code [code]:
1173 "rbtreeify_g n kvs =
1174 (if n = 0 \<or> n = 1 then (Empty, kvs)
1175 else let (n', r) = divmod_nat n 2 in
1177 case rbtreeify_g n' kvs of (t1, (k, v) # kvs') \<Rightarrow>
1178 apfst (Branch B t1 k v) (rbtreeify_g n' kvs')
1179 else case rbtreeify_f n' kvs of (t1, (k, v) # kvs') \<Rightarrow>
1180 apfst (Branch B t1 k v) (rbtreeify_g n' kvs'))"
1181 by(subst rbtreeify_g.simps)(simp only: Let_def divmod_nat_div_mod prod.simps)
1183 lemma Suc_double_half: "Suc (2 * n) div 2 = n"
1186 lemma div2_plus_div2: "n div 2 + n div 2 = (n :: nat) - n mod 2"
1189 lemma rbtreeify_f_rec_aux_lemma:
1190 "\<lbrakk>k - n div 2 = Suc k'; n \<le> k; n mod 2 = Suc 0\<rbrakk>
1191 \<Longrightarrow> k' - n div 2 = k - n"
1192 apply(rule add_right_imp_eq[where a = "n - n div 2"])
1193 apply(subst add_diff_assoc2, arith)
1194 apply(simp add: div2_plus_div2)
1197 lemma rbtreeify_f_simps:
1198 "rbtreeify_f 0 kvs = (RBT_Impl.Empty, kvs)"
1199 "rbtreeify_f (Suc 0) ((k, v) # kvs) =
1200 (Branch R Empty k v Empty, kvs)"
1201 "0 < n \<Longrightarrow> rbtreeify_f (2 * n) kvs =
1202 (case rbtreeify_f n kvs of (t1, (k, v) # kvs') \<Rightarrow>
1203 apfst (Branch B t1 k v) (rbtreeify_g n kvs'))"
1204 "0 < n \<Longrightarrow> rbtreeify_f (Suc (2 * n)) kvs =
1205 (case rbtreeify_f n kvs of (t1, (k, v) # kvs') \<Rightarrow>
1206 apfst (Branch B t1 k v) (rbtreeify_f n kvs'))"
1207 by(subst (1) rbtreeify_f.simps, simp add: Suc_double_half)+
1209 lemma rbtreeify_g_simps:
1210 "rbtreeify_g 0 kvs = (Empty, kvs)"
1211 "rbtreeify_g (Suc 0) kvs = (Empty, kvs)"
1212 "0 < n \<Longrightarrow> rbtreeify_g (2 * n) kvs =
1213 (case rbtreeify_g n kvs of (t1, (k, v) # kvs') \<Rightarrow>
1214 apfst (Branch B t1 k v) (rbtreeify_g n kvs'))"
1215 "0 < n \<Longrightarrow> rbtreeify_g (Suc (2 * n)) kvs =
1216 (case rbtreeify_f n kvs of (t1, (k, v) # kvs') \<Rightarrow>
1217 apfst (Branch B t1 k v) (rbtreeify_g n kvs'))"
1218 by(subst (1) rbtreeify_g.simps, simp add: Suc_double_half)+
1220 declare rbtreeify_f_simps[simp] rbtreeify_g_simps[simp]
1222 lemma length_rbtreeify_f: "n \<le> length kvs
1223 \<Longrightarrow> length (snd (rbtreeify_f n kvs)) = length kvs - n"
1224 and length_rbtreeify_g:"\<lbrakk> 0 < n; n \<le> Suc (length kvs) \<rbrakk>
1225 \<Longrightarrow> length (snd (rbtreeify_g n kvs)) = Suc (length kvs) - n"
1226 proof(induction n kvs and n kvs rule: rbtreeify_f_rbtreeify_g.induct)
1229 proof(cases "n \<le> 1")
1230 case True thus ?thesis using "1.prems"
1231 by(cases n kvs rule: nat.exhaust[case_product list.exhaust]) auto
1234 hence "n \<noteq> 0" "n \<noteq> 1" by simp_all
1235 note IH = "1.IH"[OF this]
1237 proof(cases "n mod 2 = 0")
1239 hence "length (snd (rbtreeify_f n kvs)) =
1240 length (snd (rbtreeify_f (2 * (n div 2)) kvs))"
1241 by(metis minus_nat.diff_0 mult_div_cancel)
1242 also from "1.prems" False obtain k v kvs'
1243 where kvs: "kvs = (k, v) # kvs'" by(cases kvs) auto
1244 also have "0 < n div 2" using False by(simp)
1245 note rbtreeify_f_simps(3)[OF this]
1246 also note kvs[symmetric]
1247 also let ?rest1 = "snd (rbtreeify_f (n div 2) kvs)"
1248 from "1.prems" have "n div 2 \<le> length kvs" by simp
1249 with True have len: "length ?rest1 = length kvs - n div 2" by(rule IH)
1250 with "1.prems" False obtain t1 k' v' kvs''
1251 where kvs'': "rbtreeify_f (n div 2) kvs = (t1, (k', v') # kvs'')"
1252 by(cases ?rest1)(auto simp add: snd_def split: prod.split_asm)
1253 note this also note prod.simps(2) also note list.simps(5)
1254 also note prod.simps(2) also note snd_apfst
1255 also have "0 < n div 2" "n div 2 \<le> Suc (length kvs'')"
1256 using len "1.prems" False unfolding kvs'' by simp_all
1257 with True kvs''[symmetric] refl refl
1258 have "length (snd (rbtreeify_g (n div 2) kvs'')) =
1259 Suc (length kvs'') - n div 2" by(rule IH)
1260 finally show ?thesis using len[unfolded kvs''] "1.prems" True
1261 by(simp add: Suc_diff_le[symmetric] mult_2[symmetric] mult_div_cancel)
1264 hence "length (snd (rbtreeify_f n kvs)) =
1265 length (snd (rbtreeify_f (Suc (2 * (n div 2))) kvs))"
1266 by(metis Suc_eq_plus1_left comm_semiring_1_class.normalizing_semiring_rules(7)
1267 mod_2_not_eq_zero_eq_one_nat semiring_div_class.mod_div_equality')
1268 also from "1.prems" `\<not> n \<le> 1` obtain k v kvs'
1269 where kvs: "kvs = (k, v) # kvs'" by(cases kvs) auto
1270 also have "0 < n div 2" using `\<not> n \<le> 1` by(simp)
1271 note rbtreeify_f_simps(4)[OF this]
1272 also note kvs[symmetric]
1273 also let ?rest1 = "snd (rbtreeify_f (n div 2) kvs)"
1274 from "1.prems" have "n div 2 \<le> length kvs" by simp
1275 with False have len: "length ?rest1 = length kvs - n div 2" by(rule IH)
1276 with "1.prems" `\<not> n \<le> 1` obtain t1 k' v' kvs''
1277 where kvs'': "rbtreeify_f (n div 2) kvs = (t1, (k', v') # kvs'')"
1278 by(cases ?rest1)(auto simp add: snd_def split: prod.split_asm)
1279 note this also note prod.simps(2) also note list.simps(5)
1280 also note prod.simps(2) also note snd_apfst
1281 also have "n div 2 \<le> length kvs''"
1282 using len "1.prems" False unfolding kvs'' by simp arith
1283 with False kvs''[symmetric] refl refl
1284 have "length (snd (rbtreeify_f (n div 2) kvs'')) = length kvs'' - n div 2"
1286 finally show ?thesis using len[unfolded kvs''] "1.prems" False
1287 by simp(rule rbtreeify_f_rec_aux_lemma[OF sym])
1293 proof(cases "n > 1")
1294 case False with `0 < n` show ?thesis
1295 by(cases n kvs rule: nat.exhaust[case_product list.exhaust]) simp_all
1298 hence "\<not> (n = 0 \<or> n = 1)" by simp
1299 note IH = "2.IH"[OF this]
1301 proof(cases "n mod 2 = 0")
1303 hence "length (snd (rbtreeify_g n kvs)) =
1304 length (snd (rbtreeify_g (2 * (n div 2)) kvs))"
1305 by(metis minus_nat.diff_0 mult_div_cancel)
1306 also from "2.prems" True obtain k v kvs'
1307 where kvs: "kvs = (k, v) # kvs'" by(cases kvs) auto
1308 also have "0 < n div 2" using `1 < n` by(simp)
1309 note rbtreeify_g_simps(3)[OF this]
1310 also note kvs[symmetric]
1311 also let ?rest1 = "snd (rbtreeify_g (n div 2) kvs)"
1312 from "2.prems" `1 < n`
1313 have "0 < n div 2" "n div 2 \<le> Suc (length kvs)" by simp_all
1314 with True have len: "length ?rest1 = Suc (length kvs) - n div 2" by(rule IH)
1315 with "2.prems" obtain t1 k' v' kvs''
1316 where kvs'': "rbtreeify_g (n div 2) kvs = (t1, (k', v') # kvs'')"
1317 by(cases ?rest1)(auto simp add: snd_def split: prod.split_asm)
1318 note this also note prod.simps(2) also note list.simps(5)
1319 also note prod.simps(2) also note snd_apfst
1320 also have "n div 2 \<le> Suc (length kvs'')"
1321 using len "2.prems" unfolding kvs'' by simp
1322 with True kvs''[symmetric] refl refl `0 < n div 2`
1323 have "length (snd (rbtreeify_g (n div 2) kvs'')) = Suc (length kvs'') - n div 2"
1325 finally show ?thesis using len[unfolded kvs''] "2.prems" True
1326 by(simp add: Suc_diff_le[symmetric] mult_2[symmetric] mult_div_cancel)
1329 hence "length (snd (rbtreeify_g n kvs)) =
1330 length (snd (rbtreeify_g (Suc (2 * (n div 2))) kvs))"
1331 by(metis Suc_eq_plus1_left comm_semiring_1_class.normalizing_semiring_rules(7)
1332 mod_2_not_eq_zero_eq_one_nat semiring_div_class.mod_div_equality')
1333 also from "2.prems" `1 < n` obtain k v kvs'
1334 where kvs: "kvs = (k, v) # kvs'" by(cases kvs) auto
1335 also have "0 < n div 2" using `1 < n` by(simp)
1336 note rbtreeify_g_simps(4)[OF this]
1337 also note kvs[symmetric]
1338 also let ?rest1 = "snd (rbtreeify_f (n div 2) kvs)"
1339 from "2.prems" have "n div 2 \<le> length kvs" by simp
1340 with False have len: "length ?rest1 = length kvs - n div 2" by(rule IH)
1341 with "2.prems" `1 < n` False obtain t1 k' v' kvs''
1342 where kvs'': "rbtreeify_f (n div 2) kvs = (t1, (k', v') # kvs'')"
1343 by(cases ?rest1)(auto simp add: snd_def split: prod.split_asm, arith)
1344 note this also note prod.simps(2) also note list.simps(5)
1345 also note prod.simps(2) also note snd_apfst
1346 also have "n div 2 \<le> Suc (length kvs'')"
1347 using len "2.prems" False unfolding kvs'' by simp arith
1348 with False kvs''[symmetric] refl refl `0 < n div 2`
1349 have "length (snd (rbtreeify_g (n div 2) kvs'')) = Suc (length kvs'') - n div 2"
1351 finally show ?thesis using len[unfolded kvs''] "2.prems" False
1352 by(simp add: div2_plus_div2)
1357 lemma rbtreeify_induct [consumes 1, case_names f_0 f_1 f_even f_odd g_0 g_1 g_even g_odd]:
1359 defines "f0 == (\<And>kvs. P 0 kvs)"
1360 and "f1 == (\<And>k v kvs. P (Suc 0) ((k, v) # kvs))"
1362 (\<And>n kvs t k v kvs'. \<lbrakk> n > 0; n \<le> length kvs; P n kvs;
1363 rbtreeify_f n kvs = (t, (k, v) # kvs'); n \<le> Suc (length kvs'); Q n kvs' \<rbrakk>
1364 \<Longrightarrow> P (2 * n) kvs)"
1366 (\<And>n kvs t k v kvs'. \<lbrakk> n > 0; n \<le> length kvs; P n kvs;
1367 rbtreeify_f n kvs = (t, (k, v) # kvs'); n \<le> length kvs'; P n kvs' \<rbrakk>
1368 \<Longrightarrow> P (Suc (2 * n)) kvs)"
1369 and "g0 == (\<And>kvs. Q 0 kvs)"
1370 and "g1 == (\<And>kvs. Q (Suc 0) kvs)"
1372 (\<And>n kvs t k v kvs'. \<lbrakk> n > 0; n \<le> Suc (length kvs); Q n kvs;
1373 rbtreeify_g n kvs = (t, (k, v) # kvs'); n \<le> Suc (length kvs'); Q n kvs' \<rbrakk>
1374 \<Longrightarrow> Q (2 * n) kvs)"
1376 (\<And>n kvs t k v kvs'. \<lbrakk> n > 0; n \<le> length kvs; P n kvs;
1377 rbtreeify_f n kvs = (t, (k, v) # kvs'); n \<le> Suc (length kvs'); Q n kvs' \<rbrakk>
1378 \<Longrightarrow> Q (Suc (2 * n)) kvs)"
1379 shows "\<lbrakk> n \<le> length kvs;
1380 PROP f0; PROP f1; PROP feven; PROP fodd;
1381 PROP g0; PROP g1; PROP geven; PROP godd \<rbrakk>
1382 \<Longrightarrow> P n kvs"
1383 and "\<lbrakk> n \<le> Suc (length kvs);
1384 PROP f0; PROP f1; PROP feven; PROP fodd;
1385 PROP g0; PROP g1; PROP geven; PROP godd \<rbrakk>
1386 \<Longrightarrow> Q n kvs"
1388 assume f0: "PROP f0" and f1: "PROP f1" and feven: "PROP feven" and fodd: "PROP fodd"
1389 and g0: "PROP g0" and g1: "PROP g1" and geven: "PROP geven" and godd: "PROP godd"
1390 show "n \<le> length kvs \<Longrightarrow> P n kvs" and "n \<le> Suc (length kvs) \<Longrightarrow> Q n kvs"
1391 proof(induction rule: rbtreeify_f_rbtreeify_g.induct)
1394 proof(cases "n \<le> 1")
1395 case True thus ?thesis using "1.prems"
1396 by(cases n kvs rule: nat.exhaust[case_product list.exhaust])
1397 (auto simp add: f0[unfolded f0_def] f1[unfolded f1_def])
1400 hence ns: "n \<noteq> 0" "n \<noteq> 1" by simp_all
1401 hence ge0: "n div 2 > 0" by simp
1402 note IH = "1.IH"[OF ns]
1404 proof(cases "n mod 2 = 0")
1406 moreover from "1.prems" have n2: "n div 2 \<le> length kvs" by simp
1407 moreover from True n2 have "P (n div 2) kvs" by(rule IH)
1408 moreover from length_rbtreeify_f[OF n2] ge0 "1.prems" obtain t k v kvs'
1409 where kvs': "rbtreeify_f (n div 2) kvs = (t, (k, v) # kvs')"
1410 by(cases "snd (rbtreeify_f (n div 2) kvs)")
1411 (auto simp add: snd_def split: prod.split_asm)
1412 moreover from "1.prems" length_rbtreeify_f[OF n2] ge0
1413 have n2': "n div 2 \<le> Suc (length kvs')" by(simp add: kvs')
1414 moreover from True kvs'[symmetric] refl refl n2'
1415 have "Q (n div 2) kvs'" by(rule IH)
1416 moreover note feven[unfolded feven_def]
1417 (* FIXME: why does by(rule feven[unfolded feven_def]) not work? *)
1418 ultimately have "P (2 * (n div 2)) kvs" by -
1419 thus ?thesis using True by (metis div_mod_equality' minus_nat.diff_0 nat_mult_commute)
1422 moreover from "1.prems" have n2: "n div 2 \<le> length kvs" by simp
1423 moreover from False n2 have "P (n div 2) kvs" by(rule IH)
1424 moreover from length_rbtreeify_f[OF n2] ge0 "1.prems" obtain t k v kvs'
1425 where kvs': "rbtreeify_f (n div 2) kvs = (t, (k, v) # kvs')"
1426 by(cases "snd (rbtreeify_f (n div 2) kvs)")
1427 (auto simp add: snd_def split: prod.split_asm)
1428 moreover from "1.prems" length_rbtreeify_f[OF n2] ge0 False
1429 have n2': "n div 2 \<le> length kvs'" by(simp add: kvs') arith
1430 moreover from False kvs'[symmetric] refl refl n2' have "P (n div 2) kvs'" by(rule IH)
1431 moreover note fodd[unfolded fodd_def]
1432 ultimately have "P (Suc (2 * (n div 2))) kvs" by -
1433 thus ?thesis using False
1434 by simp (metis One_nat_def Suc_eq_plus1_left le_add_diff_inverse mod_less_eq_dividend mult_div_cancel)
1440 proof(cases "n \<le> 1")
1441 case True thus ?thesis using "2.prems"
1442 by(cases n kvs rule: nat.exhaust[case_product list.exhaust])
1443 (auto simp add: g0[unfolded g0_def] g1[unfolded g1_def])
1446 hence ns: "\<not> (n = 0 \<or> n = 1)" by simp
1447 hence ge0: "n div 2 > 0" by simp
1448 note IH = "2.IH"[OF ns]
1450 proof(cases "n mod 2 = 0")
1452 moreover from "2.prems" have n2: "n div 2 \<le> Suc (length kvs)" by simp
1453 moreover from True n2 have "Q (n div 2) kvs" by(rule IH)
1454 moreover from length_rbtreeify_g[OF ge0 n2] ge0 "2.prems" obtain t k v kvs'
1455 where kvs': "rbtreeify_g (n div 2) kvs = (t, (k, v) # kvs')"
1456 by(cases "snd (rbtreeify_g (n div 2) kvs)")
1457 (auto simp add: snd_def split: prod.split_asm)
1458 moreover from "2.prems" length_rbtreeify_g[OF ge0 n2] ge0
1459 have n2': "n div 2 \<le> Suc (length kvs')" by(simp add: kvs')
1460 moreover from True kvs'[symmetric] refl refl n2'
1461 have "Q (n div 2) kvs'" by(rule IH)
1462 moreover note geven[unfolded geven_def]
1463 ultimately have "Q (2 * (n div 2)) kvs" by -
1464 thus ?thesis using True
1465 by(metis div_mod_equality' minus_nat.diff_0 nat_mult_commute)
1468 moreover from "2.prems" have n2: "n div 2 \<le> length kvs" by simp
1469 moreover from False n2 have "P (n div 2) kvs" by(rule IH)
1470 moreover from length_rbtreeify_f[OF n2] ge0 "2.prems" False obtain t k v kvs'
1471 where kvs': "rbtreeify_f (n div 2) kvs = (t, (k, v) # kvs')"
1472 by(cases "snd (rbtreeify_f (n div 2) kvs)")
1473 (auto simp add: snd_def split: prod.split_asm, arith)
1474 moreover from "2.prems" length_rbtreeify_f[OF n2] ge0 False
1475 have n2': "n div 2 \<le> Suc (length kvs')" by(simp add: kvs') arith
1476 moreover from False kvs'[symmetric] refl refl n2'
1477 have "Q (n div 2) kvs'" by(rule IH)
1478 moreover note godd[unfolded godd_def]
1479 ultimately have "Q (Suc (2 * (n div 2))) kvs" by -
1480 thus ?thesis using False
1481 by simp (metis One_nat_def Suc_eq_plus1_left le_add_diff_inverse mod_less_eq_dividend mult_div_cancel)
1487 lemma inv1_rbtreeify_f: "n \<le> length kvs
1488 \<Longrightarrow> inv1 (fst (rbtreeify_f n kvs))"
1489 and inv1_rbtreeify_g: "n \<le> Suc (length kvs)
1490 \<Longrightarrow> inv1 (fst (rbtreeify_g n kvs))"
1491 by(induct n kvs and n kvs rule: rbtreeify_induct) simp_all
1493 fun plog2 :: "nat \<Rightarrow> nat"
1494 where "plog2 n = (if n \<le> 1 then 0 else plog2 (n div 2) + 1)"
1496 declare plog2.simps [simp del]
1498 lemma plog2_simps [simp]:
1499 "plog2 0 = 0" "plog2 (Suc 0) = 0"
1500 "0 < n \<Longrightarrow> plog2 (2 * n) = 1 + plog2 n"
1501 "0 < n \<Longrightarrow> plog2 (Suc (2 * n)) = 1 + plog2 n"
1502 by(subst plog2.simps, simp add: Suc_double_half)+
1504 lemma bheight_rbtreeify_f: "n \<le> length kvs
1505 \<Longrightarrow> bheight (fst (rbtreeify_f n kvs)) = plog2 n"
1506 and bheight_rbtreeify_g: "n \<le> Suc (length kvs)
1507 \<Longrightarrow> bheight (fst (rbtreeify_g n kvs)) = plog2 n"
1508 by(induct n kvs and n kvs rule: rbtreeify_induct) simp_all
1510 lemma bheight_rbtreeify_f_eq_plog2I:
1511 "\<lbrakk> rbtreeify_f n kvs = (t, kvs'); n \<le> length kvs \<rbrakk>
1512 \<Longrightarrow> bheight t = plog2 n"
1513 using bheight_rbtreeify_f[of n kvs] by simp
1515 lemma bheight_rbtreeify_g_eq_plog2I:
1516 "\<lbrakk> rbtreeify_g n kvs = (t, kvs'); n \<le> Suc (length kvs) \<rbrakk>
1517 \<Longrightarrow> bheight t = plog2 n"
1518 using bheight_rbtreeify_g[of n kvs] by simp
1520 hide_const (open) plog2
1522 lemma inv2_rbtreeify_f: "n \<le> length kvs
1523 \<Longrightarrow> inv2 (fst (rbtreeify_f n kvs))"
1524 and inv2_rbtreeify_g: "n \<le> Suc (length kvs)
1525 \<Longrightarrow> inv2 (fst (rbtreeify_g n kvs))"
1526 by(induct n kvs and n kvs rule: rbtreeify_induct)
1527 (auto simp add: bheight_rbtreeify_f bheight_rbtreeify_g
1528 intro: bheight_rbtreeify_f_eq_plog2I bheight_rbtreeify_g_eq_plog2I)
1530 lemma "n \<le> length kvs \<Longrightarrow> True"
1531 and color_of_rbtreeify_g:
1532 "\<lbrakk> n \<le> Suc (length kvs); 0 < n \<rbrakk>
1533 \<Longrightarrow> color_of (fst (rbtreeify_g n kvs)) = B"
1534 by(induct n kvs and n kvs rule: rbtreeify_induct) simp_all
1536 lemma entries_rbtreeify_f_append:
1538 \<Longrightarrow> entries (fst (rbtreeify_f n kvs)) @ snd (rbtreeify_f n kvs) = kvs"
1539 and entries_rbtreeify_g_append:
1540 "n \<le> Suc (length kvs)
1541 \<Longrightarrow> entries (fst (rbtreeify_g n kvs)) @ snd (rbtreeify_g n kvs) = kvs"
1542 by(induction rule: rbtreeify_induct) simp_all
1544 lemma length_entries_rbtreeify_f:
1545 "n \<le> length kvs \<Longrightarrow> length (entries (fst (rbtreeify_f n kvs))) = n"
1546 and length_entries_rbtreeify_g:
1547 "n \<le> Suc (length kvs) \<Longrightarrow> length (entries (fst (rbtreeify_g n kvs))) = n - 1"
1548 by(induct rule: rbtreeify_induct) simp_all
1550 lemma rbtreeify_f_conv_drop:
1551 "n \<le> length kvs \<Longrightarrow> snd (rbtreeify_f n kvs) = drop n kvs"
1552 using entries_rbtreeify_f_append[of n kvs]
1553 by(simp add: append_eq_conv_conj length_entries_rbtreeify_f)
1555 lemma rbtreeify_g_conv_drop:
1556 "n \<le> Suc (length kvs) \<Longrightarrow> snd (rbtreeify_g n kvs) = drop (n - 1) kvs"
1557 using entries_rbtreeify_g_append[of n kvs]
1558 by(simp add: append_eq_conv_conj length_entries_rbtreeify_g)
1560 lemma entries_rbtreeify_f [simp]:
1561 "n \<le> length kvs \<Longrightarrow> entries (fst (rbtreeify_f n kvs)) = take n kvs"
1562 using entries_rbtreeify_f_append[of n kvs]
1563 by(simp add: append_eq_conv_conj length_entries_rbtreeify_f)
1565 lemma entries_rbtreeify_g [simp]:
1566 "n \<le> Suc (length kvs) \<Longrightarrow>
1567 entries (fst (rbtreeify_g n kvs)) = take (n - 1) kvs"
1568 using entries_rbtreeify_g_append[of n kvs]
1569 by(simp add: append_eq_conv_conj length_entries_rbtreeify_g)
1571 lemma keys_rbtreeify_f [simp]: "n \<le> length kvs
1572 \<Longrightarrow> keys (fst (rbtreeify_f n kvs)) = take n (map fst kvs)"
1573 by(simp add: keys_def take_map)
1575 lemma keys_rbtreeify_g [simp]: "n \<le> Suc (length kvs)
1576 \<Longrightarrow> keys (fst (rbtreeify_g n kvs)) = take (n - 1) (map fst kvs)"
1577 by(simp add: keys_def take_map)
1580 "\<lbrakk> rbtreeify_f n kvs = (t, kvs'); n \<le> length kvs \<rbrakk>
1581 \<Longrightarrow> entries t = take n kvs \<and> kvs' = drop n kvs"
1582 using rbtreeify_f_conv_drop[of n kvs] entries_rbtreeify_f[of n kvs] by simp
1585 "\<lbrakk> rbtreeify_g n kvs = (t, kvs'); n \<le> Suc (length kvs) \<rbrakk>
1586 \<Longrightarrow> entries t = take (n - 1) kvs \<and> kvs' = drop (n - 1) kvs"
1587 using rbtreeify_g_conv_drop[of n kvs] entries_rbtreeify_g[of n kvs] by simp
1589 lemma entries_rbtreeify [simp]: "entries (rbtreeify kvs) = kvs"
1590 by(simp add: rbtreeify_def entries_rbtreeify_g)
1592 context linorder begin
1594 lemma rbt_sorted_rbtreeify_f:
1595 "\<lbrakk> n \<le> length kvs; sorted (map fst kvs); distinct (map fst kvs) \<rbrakk>
1596 \<Longrightarrow> rbt_sorted (fst (rbtreeify_f n kvs))"
1597 and rbt_sorted_rbtreeify_g:
1598 "\<lbrakk> n \<le> Suc (length kvs); sorted (map fst kvs); distinct (map fst kvs) \<rbrakk>
1599 \<Longrightarrow> rbt_sorted (fst (rbtreeify_g n kvs))"
1600 proof(induction n kvs and n kvs rule: rbtreeify_induct)
1601 case (f_even n kvs t k v kvs')
1602 from rbtreeify_fD[OF `rbtreeify_f n kvs = (t, (k, v) # kvs')` `n \<le> length kvs`]
1603 have "entries t = take n kvs"
1604 and kvs': "drop n kvs = (k, v) # kvs'" by simp_all
1605 hence unfold: "kvs = take n kvs @ (k, v) # kvs'" by(metis append_take_drop_id)
1606 from `sorted (map fst kvs)` kvs'
1607 have "(\<forall>(x, y) \<in> set (take n kvs). x \<le> k) \<and> (\<forall>(x, y) \<in> set kvs'. k \<le> x)"
1608 by(subst (asm) unfold)(auto simp add: sorted_append sorted_Cons)
1609 moreover from `distinct (map fst kvs)` kvs'
1610 have "(\<forall>(x, y) \<in> set (take n kvs). x \<noteq> k) \<and> (\<forall>(x, y) \<in> set kvs'. x \<noteq> k)"
1611 by(subst (asm) unfold)(auto intro: rev_image_eqI)
1612 ultimately have "(\<forall>(x, y) \<in> set (take n kvs). x < k) \<and> (\<forall>(x, y) \<in> set kvs'. k < x)"
1614 hence "fst (rbtreeify_f n kvs) |\<guillemotleft> k" "k \<guillemotleft>| fst (rbtreeify_g n kvs')"
1615 using `n \<le> Suc (length kvs')` `n \<le> length kvs` set_take_subset[of "n - 1" kvs']
1616 by(auto simp add: ord.rbt_greater_prop ord.rbt_less_prop take_map split_def)
1617 moreover from `sorted (map fst kvs)` `distinct (map fst kvs)`
1618 have "rbt_sorted (fst (rbtreeify_f n kvs))" by(rule f_even.IH)
1619 moreover have "sorted (map fst kvs')" "distinct (map fst kvs')"
1620 using `sorted (map fst kvs)` `distinct (map fst kvs)`
1621 by(subst (asm) (1 2) unfold, simp add: sorted_append sorted_Cons)+
1622 hence "rbt_sorted (fst (rbtreeify_g n kvs'))" by(rule f_even.IH)
1623 ultimately show ?case
1624 using `0 < n` `rbtreeify_f n kvs = (t, (k, v) # kvs')` by simp
1626 case (f_odd n kvs t k v kvs')
1627 from rbtreeify_fD[OF `rbtreeify_f n kvs = (t, (k, v) # kvs')` `n \<le> length kvs`]
1628 have "entries t = take n kvs"
1629 and kvs': "drop n kvs = (k, v) # kvs'" by simp_all
1630 hence unfold: "kvs = take n kvs @ (k, v) # kvs'" by(metis append_take_drop_id)
1631 from `sorted (map fst kvs)` kvs'
1632 have "(\<forall>(x, y) \<in> set (take n kvs). x \<le> k) \<and> (\<forall>(x, y) \<in> set kvs'. k \<le> x)"
1633 by(subst (asm) unfold)(auto simp add: sorted_append sorted_Cons)
1634 moreover from `distinct (map fst kvs)` kvs'
1635 have "(\<forall>(x, y) \<in> set (take n kvs). x \<noteq> k) \<and> (\<forall>(x, y) \<in> set kvs'. x \<noteq> k)"
1636 by(subst (asm) unfold)(auto intro: rev_image_eqI)
1637 ultimately have "(\<forall>(x, y) \<in> set (take n kvs). x < k) \<and> (\<forall>(x, y) \<in> set kvs'. k < x)"
1639 hence "fst (rbtreeify_f n kvs) |\<guillemotleft> k" "k \<guillemotleft>| fst (rbtreeify_f n kvs')"
1640 using `n \<le> length kvs'` `n \<le> length kvs` set_take_subset[of n kvs']
1641 by(auto simp add: rbt_greater_prop rbt_less_prop take_map split_def)
1642 moreover from `sorted (map fst kvs)` `distinct (map fst kvs)`
1643 have "rbt_sorted (fst (rbtreeify_f n kvs))" by(rule f_odd.IH)
1644 moreover have "sorted (map fst kvs')" "distinct (map fst kvs')"
1645 using `sorted (map fst kvs)` `distinct (map fst kvs)`
1646 by(subst (asm) (1 2) unfold, simp add: sorted_append sorted_Cons)+
1647 hence "rbt_sorted (fst (rbtreeify_f n kvs'))" by(rule f_odd.IH)
1648 ultimately show ?case
1649 using `0 < n` `rbtreeify_f n kvs = (t, (k, v) # kvs')` by simp
1651 case (g_even n kvs t k v kvs')
1652 from rbtreeify_gD[OF `rbtreeify_g n kvs = (t, (k, v) # kvs')` `n \<le> Suc (length kvs)`]
1653 have t: "entries t = take (n - 1) kvs"
1654 and kvs': "drop (n - 1) kvs = (k, v) # kvs'" by simp_all
1655 hence unfold: "kvs = take (n - 1) kvs @ (k, v) # kvs'" by(metis append_take_drop_id)
1656 from `sorted (map fst kvs)` kvs'
1657 have "(\<forall>(x, y) \<in> set (take (n - 1) kvs). x \<le> k) \<and> (\<forall>(x, y) \<in> set kvs'. k \<le> x)"
1658 by(subst (asm) unfold)(auto simp add: sorted_append sorted_Cons)
1659 moreover from `distinct (map fst kvs)` kvs'
1660 have "(\<forall>(x, y) \<in> set (take (n - 1) kvs). x \<noteq> k) \<and> (\<forall>(x, y) \<in> set kvs'. x \<noteq> k)"
1661 by(subst (asm) unfold)(auto intro: rev_image_eqI)
1662 ultimately have "(\<forall>(x, y) \<in> set (take (n - 1) kvs). x < k) \<and> (\<forall>(x, y) \<in> set kvs'. k < x)"
1664 hence "fst (rbtreeify_g n kvs) |\<guillemotleft> k" "k \<guillemotleft>| fst (rbtreeify_g n kvs')"
1665 using `n \<le> Suc (length kvs')` `n \<le> Suc (length kvs)` set_take_subset[of "n - 1" kvs']
1666 by(auto simp add: rbt_greater_prop rbt_less_prop take_map split_def)
1667 moreover from `sorted (map fst kvs)` `distinct (map fst kvs)`
1668 have "rbt_sorted (fst (rbtreeify_g n kvs))" by(rule g_even.IH)
1669 moreover have "sorted (map fst kvs')" "distinct (map fst kvs')"
1670 using `sorted (map fst kvs)` `distinct (map fst kvs)`
1671 by(subst (asm) (1 2) unfold, simp add: sorted_append sorted_Cons)+
1672 hence "rbt_sorted (fst (rbtreeify_g n kvs'))" by(rule g_even.IH)
1673 ultimately show ?case using `0 < n` `rbtreeify_g n kvs = (t, (k, v) # kvs')` by simp
1675 case (g_odd n kvs t k v kvs')
1676 from rbtreeify_fD[OF `rbtreeify_f n kvs = (t, (k, v) # kvs')` `n \<le> length kvs`]
1677 have "entries t = take n kvs"
1678 and kvs': "drop n kvs = (k, v) # kvs'" by simp_all
1679 hence unfold: "kvs = take n kvs @ (k, v) # kvs'" by(metis append_take_drop_id)
1680 from `sorted (map fst kvs)` kvs'
1681 have "(\<forall>(x, y) \<in> set (take n kvs). x \<le> k) \<and> (\<forall>(x, y) \<in> set kvs'. k \<le> x)"
1682 by(subst (asm) unfold)(auto simp add: sorted_append sorted_Cons)
1683 moreover from `distinct (map fst kvs)` kvs'
1684 have "(\<forall>(x, y) \<in> set (take n kvs). x \<noteq> k) \<and> (\<forall>(x, y) \<in> set kvs'. x \<noteq> k)"
1685 by(subst (asm) unfold)(auto intro: rev_image_eqI)
1686 ultimately have "(\<forall>(x, y) \<in> set (take n kvs). x < k) \<and> (\<forall>(x, y) \<in> set kvs'. k < x)"
1688 hence "fst (rbtreeify_f n kvs) |\<guillemotleft> k" "k \<guillemotleft>| fst (rbtreeify_g n kvs')"
1689 using `n \<le> Suc (length kvs')` `n \<le> length kvs` set_take_subset[of "n - 1" kvs']
1690 by(auto simp add: rbt_greater_prop rbt_less_prop take_map split_def)
1691 moreover from `sorted (map fst kvs)` `distinct (map fst kvs)`
1692 have "rbt_sorted (fst (rbtreeify_f n kvs))" by(rule g_odd.IH)
1693 moreover have "sorted (map fst kvs')" "distinct (map fst kvs')"
1694 using `sorted (map fst kvs)` `distinct (map fst kvs)`
1695 by(subst (asm) (1 2) unfold, simp add: sorted_append sorted_Cons)+
1696 hence "rbt_sorted (fst (rbtreeify_g n kvs'))" by(rule g_odd.IH)
1697 ultimately show ?case
1698 using `0 < n` `rbtreeify_f n kvs = (t, (k, v) # kvs')` by simp
1701 lemma rbt_sorted_rbtreeify:
1702 "\<lbrakk> sorted (map fst kvs); distinct (map fst kvs) \<rbrakk> \<Longrightarrow> rbt_sorted (rbtreeify kvs)"
1703 by(simp add: rbtreeify_def rbt_sorted_rbtreeify_g)
1705 lemma is_rbt_rbtreeify:
1706 "\<lbrakk> sorted (map fst kvs); distinct (map fst kvs) \<rbrakk>
1707 \<Longrightarrow> is_rbt (rbtreeify kvs)"
1708 by(simp add: is_rbt_def rbtreeify_def inv1_rbtreeify_g inv2_rbtreeify_g rbt_sorted_rbtreeify_g color_of_rbtreeify_g)
1710 lemma rbt_lookup_rbtreeify:
1711 "\<lbrakk> sorted (map fst kvs); distinct (map fst kvs) \<rbrakk> \<Longrightarrow>
1712 rbt_lookup (rbtreeify kvs) = map_of kvs"
1713 by(simp add: map_of_entries[symmetric] rbt_sorted_rbtreeify)
1718 Functions to compare the height of two rbt trees, taken from
1719 Andrew W. Appel, Efficient Verified Red-Black Trees (September 2011)
1722 fun skip_red :: "('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
1724 "skip_red (Branch color.R l k v r) = l"
1727 definition skip_black :: "('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
1729 "skip_black t = (let t' = skip_red t in case t' of Branch color.B l k v r \<Rightarrow> l | _ \<Rightarrow> t')"
1731 datatype compare = LT | GT | EQ
1733 partial_function (tailrec) compare_height :: "('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> compare"
1735 "compare_height sx s t tx =
1736 (case (skip_red sx, skip_red s, skip_red t, skip_red tx) of
1737 (Branch _ sx' _ _ _, Branch _ s' _ _ _, Branch _ t' _ _ _, Branch _ tx' _ _ _) \<Rightarrow>
1738 compare_height (skip_black sx') s' t' (skip_black tx')
1739 | (_, rbt.Empty, _, Branch _ _ _ _ _) \<Rightarrow> LT
1740 | (Branch _ _ _ _ _, _, rbt.Empty, _) \<Rightarrow> GT
1741 | (Branch _ sx' _ _ _, Branch _ s' _ _ _, Branch _ t' _ _ _, rbt.Empty) \<Rightarrow>
1742 compare_height (skip_black sx') s' t' rbt.Empty
1743 | (rbt.Empty, Branch _ s' _ _ _, Branch _ t' _ _ _, Branch _ tx' _ _ _) \<Rightarrow>
1744 compare_height rbt.Empty s' t' (skip_black tx')
1745 | _ \<Rightarrow> EQ)"
1747 declare compare_height.simps [code]
1749 hide_type (open) compare
1751 compare_height skip_black skip_red LT GT EQ compare_case compare_rec
1752 Abs_compare Rep_compare compare_rep_set
1754 Abs_compare_cases Abs_compare_induct Abs_compare_inject Abs_compare_inverse
1755 Rep_compare Rep_compare_cases Rep_compare_induct Rep_compare_inject Rep_compare_inverse
1756 compare.simps compare.exhaust compare.induct compare.recs compare.simps
1757 compare.size compare.case_cong compare.weak_case_cong compare.cases
1758 compare.nchotomy compare.split compare.split_asm compare_rec_def
1759 compare.eq.refl compare.eq.simps
1760 compare.EQ_def compare.GT_def compare.LT_def
1762 skip_red_def skip_red.simps skip_red.cases skip_red.induct
1764 compare_height_def compare_height.simps
1766 subsection {* union and intersection of sorted associative lists *}
1770 function sunion_with :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a \<times> 'b) list"
1772 "sunion_with f ((k, v) # as) ((k', v') # bs) =
1773 (if k > k' then (k', v') # sunion_with f ((k, v) # as) bs
1774 else if k < k' then (k, v) # sunion_with f as ((k', v') # bs)
1775 else (k, f k v v') # sunion_with f as bs)"
1776 | "sunion_with f [] bs = bs"
1777 | "sunion_with f as [] = as"
1778 by pat_completeness auto
1779 termination by lexicographic_order
1781 function sinter_with :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a \<times> 'b) list \<Rightarrow> ('a \<times> 'b) list"
1783 "sinter_with f ((k, v) # as) ((k', v') # bs) =
1784 (if k > k' then sinter_with f ((k, v) # as) bs
1785 else if k < k' then sinter_with f as ((k', v') # bs)
1786 else (k, f k v v') # sinter_with f as bs)"
1787 | "sinter_with f [] _ = []"
1788 | "sinter_with f _ [] = []"
1789 by pat_completeness auto
1790 termination by lexicographic_order
1794 declare ord.sunion_with.simps [code] ord.sinter_with.simps[code]
1796 context linorder begin
1798 lemma set_fst_sunion_with:
1799 "set (map fst (sunion_with f xs ys)) = set (map fst xs) \<union> set (map fst ys)"
1800 by(induct f xs ys rule: sunion_with.induct) auto
1802 lemma sorted_sunion_with [simp]:
1803 "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
1804 \<Longrightarrow> sorted (map fst (sunion_with f xs ys))"
1805 by(induct f xs ys rule: sunion_with.induct)
1806 (auto simp add: sorted_Cons set_fst_sunion_with simp del: set_map)
1808 lemma distinct_sunion_with [simp]:
1809 "\<lbrakk> distinct (map fst xs); distinct (map fst ys); sorted (map fst xs); sorted (map fst ys) \<rbrakk>
1810 \<Longrightarrow> distinct (map fst (sunion_with f xs ys))"
1811 proof(induct f xs ys rule: sunion_with.induct)
1812 case (1 f k v xs k' v' ys)
1813 have "\<lbrakk> \<not> k < k'; \<not> k' < k \<rbrakk> \<Longrightarrow> k = k'" by simp
1814 thus ?case using "1"
1815 by(auto simp add: set_fst_sunion_with sorted_Cons simp del: set_map)
1818 lemma map_of_sunion_with:
1819 "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
1820 \<Longrightarrow> map_of (sunion_with f xs ys) k =
1821 (case map_of xs k of None \<Rightarrow> map_of ys k
1822 | Some v \<Rightarrow> case map_of ys k of None \<Rightarrow> Some v
1823 | Some w \<Rightarrow> Some (f k v w))"
1824 by(induct f xs ys rule: sunion_with.induct)(auto simp add: sorted_Cons split: option.split dest: map_of_SomeD bspec)
1826 lemma set_fst_sinter_with [simp]:
1827 "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
1828 \<Longrightarrow> set (map fst (sinter_with f xs ys)) = set (map fst xs) \<inter> set (map fst ys)"
1829 by(induct f xs ys rule: sinter_with.induct)(auto simp add: sorted_Cons simp del: set_map)
1831 lemma set_fst_sinter_with_subset1:
1832 "set (map fst (sinter_with f xs ys)) \<subseteq> set (map fst xs)"
1833 by(induct f xs ys rule: sinter_with.induct) auto
1835 lemma set_fst_sinter_with_subset2:
1836 "set (map fst (sinter_with f xs ys)) \<subseteq> set (map fst ys)"
1837 by(induct f xs ys rule: sinter_with.induct)(auto simp del: set_map)
1839 lemma sorted_sinter_with [simp]:
1840 "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
1841 \<Longrightarrow> sorted (map fst (sinter_with f xs ys))"
1842 by(induct f xs ys rule: sinter_with.induct)(auto simp add: sorted_Cons simp del: set_map)
1844 lemma distinct_sinter_with [simp]:
1845 "\<lbrakk> distinct (map fst xs); distinct (map fst ys) \<rbrakk>
1846 \<Longrightarrow> distinct (map fst (sinter_with f xs ys))"
1847 proof(induct f xs ys rule: sinter_with.induct)
1848 case (1 f k v as k' v' bs)
1849 have "\<lbrakk> \<not> k < k'; \<not> k' < k \<rbrakk> \<Longrightarrow> k = k'" by simp
1850 thus ?case using "1" set_fst_sinter_with_subset1[of f as bs]
1851 set_fst_sinter_with_subset2[of f as bs]
1852 by(auto simp del: set_map)
1855 lemma map_of_sinter_with:
1856 "\<lbrakk> sorted (map fst xs); sorted (map fst ys) \<rbrakk>
1857 \<Longrightarrow> map_of (sinter_with f xs ys) k =
1858 (case map_of xs k of None \<Rightarrow> None | Some v \<Rightarrow> Option.map (f k v) (map_of ys k))"
1859 apply(induct f xs ys rule: sinter_with.induct)
1860 apply(auto simp add: sorted_Cons Option.map_def split: option.splits dest: map_of_SomeD bspec)
1865 lemma distinct_map_of_rev: "distinct (map fst xs) \<Longrightarrow> map_of (rev xs) = map_of xs"
1866 by(induct xs)(auto 4 3 simp add: map_add_def intro!: ext split: option.split intro: rev_image_eqI)
1868 lemma map_map_filter:
1869 "map f (List.map_filter g xs) = List.map_filter (Option.map f \<circ> g) xs"
1870 by(auto simp add: List.map_filter_def)
1872 lemma map_filter_option_map_const:
1873 "List.map_filter (\<lambda>x. Option.map (\<lambda>y. f x) (g (f x))) xs = filter (\<lambda>x. g x \<noteq> None) (map f xs)"
1874 by(auto simp add: map_filter_def filter_map o_def)
1876 lemma set_map_filter: "set (List.map_filter P xs) = the ` (P ` set xs - {None})"
1877 by(auto simp add: List.map_filter_def intro: rev_image_eqI)
1881 definition rbt_union_with_key :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
1883 "rbt_union_with_key f t1 t2 =
1884 (case RBT_Impl.compare_height t1 t1 t2 t2
1885 of compare.EQ \<Rightarrow> rbtreeify (sunion_with f (entries t1) (entries t2))
1886 | compare.LT \<Rightarrow> fold (rbt_insert_with_key (\<lambda>k v w. f k w v)) t1 t2
1887 | compare.GT \<Rightarrow> fold (rbt_insert_with_key f) t2 t1)"
1889 definition rbt_union_with where
1890 "rbt_union_with f = rbt_union_with_key (\<lambda>_. f)"
1892 definition rbt_union where
1893 "rbt_union = rbt_union_with_key (%_ _ rv. rv)"
1895 definition rbt_inter_with_key :: "('a \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a, 'b) rbt"
1897 "rbt_inter_with_key f t1 t2 =
1898 (case RBT_Impl.compare_height t1 t1 t2 t2
1899 of compare.EQ \<Rightarrow> rbtreeify (sinter_with f (entries t1) (entries t2))
1900 | compare.LT \<Rightarrow> rbtreeify (List.map_filter (\<lambda>(k, v). Option.map (\<lambda>w. (k, f k v w)) (rbt_lookup t2 k)) (entries t1))
1901 | compare.GT \<Rightarrow> rbtreeify (List.map_filter (\<lambda>(k, v). Option.map (\<lambda>w. (k, f k w v)) (rbt_lookup t1 k)) (entries t2)))"
1903 definition rbt_inter_with where
1904 "rbt_inter_with f = rbt_inter_with_key (\<lambda>_. f)"
1906 definition rbt_inter where
1907 "rbt_inter = rbt_inter_with_key (\<lambda>_ _ rv. rv)"
1911 context linorder begin
1913 lemma rbt_sorted_entries_right_unique:
1914 "\<lbrakk> (k, v) \<in> set (entries t); (k, v') \<in> set (entries t);
1915 rbt_sorted t \<rbrakk> \<Longrightarrow> v = v'"
1916 by(auto dest!: distinct_entries inj_onD[where x="(k, v)" and y="(k, v')"] simp add: distinct_map)
1918 lemma rbt_sorted_fold_rbt_insertwk:
1919 "rbt_sorted t \<Longrightarrow> rbt_sorted (List.fold (\<lambda>(k, v). rbt_insert_with_key f k v) xs t)"
1920 by(induct xs rule: rev_induct)(auto simp add: rbt_insertwk_rbt_sorted)
1922 lemma is_rbt_fold_rbt_insertwk:
1924 shows "is_rbt (fold (rbt_insert_with_key f) t2 t1)"
1926 def xs \<equiv> "entries t2"
1927 from assms show ?thesis unfolding fold_def xs_def[symmetric]
1928 by(induct xs rule: rev_induct)(auto simp add: rbt_insertwk_is_rbt)
1931 lemma rbt_lookup_fold_rbt_insertwk:
1932 assumes t1: "rbt_sorted t1" and t2: "rbt_sorted t2"
1933 shows "rbt_lookup (fold (rbt_insert_with_key f) t1 t2) k =
1934 (case rbt_lookup t1 k of None \<Rightarrow> rbt_lookup t2 k
1935 | Some v \<Rightarrow> case rbt_lookup t2 k of None \<Rightarrow> Some v
1936 | Some w \<Rightarrow> Some (f k w v))"
1938 def xs \<equiv> "entries t1"
1939 hence dt1: "distinct (map fst xs)" using t1 by(simp add: distinct_entries)
1940 with t2 show ?thesis
1941 unfolding fold_def map_of_entries[OF t1, symmetric]
1942 xs_def[symmetric] distinct_map_of_rev[OF dt1, symmetric]
1943 apply(induct xs rule: rev_induct)
1944 apply(auto simp add: rbt_lookup_rbt_insertwk rbt_sorted_fold_rbt_insertwk split: option.splits)
1945 apply(auto simp add: distinct_map_of_rev intro: rev_image_eqI)
1949 lemma is_rbt_rbt_unionwk [simp]:
1950 "\<lbrakk> is_rbt t1; is_rbt t2 \<rbrakk> \<Longrightarrow> is_rbt (rbt_union_with_key f t1 t2)"
1951 by(simp add: rbt_union_with_key_def Let_def is_rbt_fold_rbt_insertwk is_rbt_rbtreeify rbt_sorted_entries distinct_entries split: compare.split)
1953 lemma rbt_lookup_rbt_unionwk:
1954 "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk>
1955 \<Longrightarrow> rbt_lookup (rbt_union_with_key f t1 t2) k =
1956 (case rbt_lookup t1 k of None \<Rightarrow> rbt_lookup t2 k
1957 | Some v \<Rightarrow> case rbt_lookup t2 k of None \<Rightarrow> Some v
1958 | Some w \<Rightarrow> Some (f k v w))"
1959 by(auto simp add: rbt_union_with_key_def Let_def rbt_lookup_fold_rbt_insertwk rbt_sorted_entries distinct_entries map_of_sunion_with map_of_entries rbt_lookup_rbtreeify split: option.split compare.split)
1961 lemma rbt_unionw_is_rbt: "\<lbrakk> is_rbt lt; is_rbt rt \<rbrakk> \<Longrightarrow> is_rbt (rbt_union_with f lt rt)"
1962 by(simp add: rbt_union_with_def)
1964 lemma rbt_union_is_rbt: "\<lbrakk> is_rbt lt; is_rbt rt \<rbrakk> \<Longrightarrow> is_rbt (rbt_union lt rt)"
1965 by(simp add: rbt_union_def)
1967 lemma rbt_lookup_rbt_union:
1968 "\<lbrakk> rbt_sorted s; rbt_sorted t \<rbrakk> \<Longrightarrow>
1969 rbt_lookup (rbt_union s t) = rbt_lookup s ++ rbt_lookup t"
1970 by(rule ext)(simp add: rbt_lookup_rbt_unionwk rbt_union_def map_add_def split: option.split)
1972 lemma rbt_interwk_is_rbt [simp]:
1973 "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk> \<Longrightarrow> is_rbt (rbt_inter_with_key f t1 t2)"
1974 by(auto simp add: rbt_inter_with_key_def Let_def map_map_filter split_def o_def option_map_comp map_filter_option_map_const sorted_filter[where f=id, simplified] rbt_sorted_entries distinct_entries intro: is_rbt_rbtreeify split: compare.split)
1976 lemma rbt_interw_is_rbt:
1977 "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk> \<Longrightarrow> is_rbt (rbt_inter_with f t1 t2)"
1978 by(simp add: rbt_inter_with_def)
1980 lemma rbt_inter_is_rbt:
1981 "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk> \<Longrightarrow> is_rbt (rbt_inter t1 t2)"
1982 by(simp add: rbt_inter_def)
1984 lemma rbt_lookup_rbt_interwk:
1985 "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk>
1986 \<Longrightarrow> rbt_lookup (rbt_inter_with_key f t1 t2) k =
1987 (case rbt_lookup t1 k of None \<Rightarrow> None
1988 | Some v \<Rightarrow> case rbt_lookup t2 k of None \<Rightarrow> None
1989 | Some w \<Rightarrow> Some (f k v w))"
1990 by(auto 4 3 simp add: rbt_inter_with_key_def Let_def map_of_entries[symmetric] rbt_lookup_rbtreeify map_map_filter split_def o_def option_map_comp map_filter_option_map_const sorted_filter[where f=id, simplified] rbt_sorted_entries distinct_entries map_of_sinter_with map_of_eq_None_iff set_map_filter split: option.split compare.split intro: rev_image_eqI dest: rbt_sorted_entries_right_unique)
1992 lemma rbt_lookup_rbt_inter:
1993 "\<lbrakk> rbt_sorted t1; rbt_sorted t2 \<rbrakk>
1994 \<Longrightarrow> rbt_lookup (rbt_inter t1 t2) = rbt_lookup t2 |` dom (rbt_lookup t1)"
1995 by(auto simp add: rbt_inter_def rbt_lookup_rbt_interwk restrict_map_def split: option.split)
2000 subsection {* Code generator setup *}
2004 ord.rbt_greater_prop
2005 ord.rbt_sorted.simps
2006 ord.rbt_lookup.simps
2009 ord.rbt_insert_with_key_def
2012 ord.rbt_del_from_left.simps
2013 ord.rbt_del_from_right.simps
2016 ord.sunion_with.simps
2017 ord.sinter_with.simps
2018 ord.rbt_union_with_key_def
2019 ord.rbt_union_with_def
2021 ord.rbt_inter_with_key_def
2022 ord.rbt_inter_with_def
2024 ord.rbt_map_entry.simps
2025 ord.rbt_bulkload_def
2027 text {* More efficient implementations for @{term entries} and @{term keys} *}
2029 definition gen_entries ::
2030 "(('a \<times> 'b) \<times> ('a, 'b) rbt) list \<Rightarrow> ('a, 'b) rbt \<Rightarrow> ('a \<times> 'b) list"
2032 "gen_entries kvts t = entries t @ concat (map (\<lambda>(kv, t). kv # entries t) kvts)"
2034 lemma gen_entries_simps [simp, code]:
2035 "gen_entries [] Empty = []"
2036 "gen_entries ((kv, t) # kvts) Empty = kv # gen_entries kvts t"
2037 "gen_entries kvts (Branch c l k v r) = gen_entries (((k, v), r) # kvts) l"
2038 by(simp_all add: gen_entries_def)
2040 lemma entries_code [code]:
2041 "entries = gen_entries []"
2042 by(simp add: gen_entries_def fun_eq_iff)
2044 definition gen_keys :: "('a \<times> ('a, 'b) rbt) list \<Rightarrow> ('a, 'b) rbt \<Rightarrow> 'a list"
2045 where "gen_keys kts t = RBT_Impl.keys t @ concat (List.map (\<lambda>(k, t). k # keys t) kts)"
2047 lemma gen_keys_simps [simp, code]:
2048 "gen_keys [] Empty = []"
2049 "gen_keys ((k, t) # kts) Empty = k # gen_keys kts t"
2050 "gen_keys kts (Branch c l k v r) = gen_keys ((k, r) # kts) l"
2051 by(simp_all add: gen_keys_def)
2053 lemma keys_code [code]:
2054 "keys = gen_keys []"
2055 by(simp add: gen_keys_def fun_eq_iff)
2057 text {* Restore original type constraints for constants *}
2059 fold Sign.add_const_constraint
2060 [(@{const_name rbt_less}, SOME @{typ "('a :: order) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"}),
2061 (@{const_name rbt_greater}, SOME @{typ "('a :: order) \<Rightarrow> ('a, 'b) rbt \<Rightarrow> bool"}),
2062 (@{const_name rbt_sorted}, SOME @{typ "('a :: linorder, 'b) rbt \<Rightarrow> bool"}),
2063 (@{const_name rbt_lookup}, SOME @{typ "('a :: linorder, 'b) rbt \<Rightarrow> 'a \<rightharpoonup> 'b"}),
2064 (@{const_name is_rbt}, SOME @{typ "('a :: linorder, 'b) rbt \<Rightarrow> bool"}),
2065 (@{const_name rbt_ins}, SOME @{typ "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2066 (@{const_name rbt_insert_with_key}, SOME @{typ "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2067 (@{const_name rbt_insert_with}, SOME @{typ "('b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a :: linorder) \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2068 (@{const_name rbt_insert}, SOME @{typ "('a :: linorder) \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2069 (@{const_name rbt_del_from_left}, SOME @{typ "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2070 (@{const_name rbt_del_from_right}, SOME @{typ "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> 'a \<Rightarrow> 'b \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2071 (@{const_name rbt_del}, SOME @{typ "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2072 (@{const_name rbt_delete}, SOME @{typ "('a\<Colon>linorder) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2073 (@{const_name rbt_union_with_key}, SOME @{typ "('a\<Colon>linorder \<Rightarrow> 'b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2074 (@{const_name rbt_union_with}, SOME @{typ "('b \<Rightarrow> 'b \<Rightarrow> 'b) \<Rightarrow> ('a\<Colon>linorder,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2075 (@{const_name rbt_union}, SOME @{typ "('a\<Colon>linorder,'b) rbt \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2076 (@{const_name rbt_map_entry}, SOME @{typ "'a\<Colon>linorder \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> ('a,'b) rbt \<Rightarrow> ('a,'b) rbt"}),
2077 (@{const_name rbt_bulkload}, SOME @{typ "('a \<times> 'b) list \<Rightarrow> ('a\<Colon>linorder,'b) rbt"})]
2080 hide_const (open) R B Empty entries keys fold gen_keys gen_entries