isabelle: src/HOL/Data_Structures/AA_Set.thy@806be481aa57 (annotated)

61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	1	(*
63411 e051eea34990 got rid of class cmp; added height-size proofs by Daniel Stuewe nipkow parents: 62526 diff changeset	2	Author: Tobias Nipkow, Daniel Stüwe
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	3	*)
4c9e1e5a240e added AA trees nipkow parents: diff changeset	4
62130 90a3016a6c12 added AA_Map; tuned titles nipkow parents: 61793 diff changeset	5	section \<open>AA Tree Implementation of Sets\<close>
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	6
4c9e1e5a240e added AA trees nipkow parents: diff changeset	7	theory AA_Set
4c9e1e5a240e added AA trees nipkow parents: diff changeset	8	imports
4c9e1e5a240e added AA trees nipkow parents: diff changeset	9	Isin2
4c9e1e5a240e added AA trees nipkow parents: diff changeset	10	Cmp
4c9e1e5a240e added AA trees nipkow parents: diff changeset	11	begin
4c9e1e5a240e added AA trees nipkow parents: diff changeset	12
4c9e1e5a240e added AA trees nipkow parents: diff changeset	13	type_synonym 'a aa_tree = "('a,nat) tree"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	14
68431 b294e095f64c more abstract naming nipkow parents: 68413 diff changeset	15	definition empty :: "'a aa_tree" where
b294e095f64c more abstract naming nipkow parents: 68413 diff changeset	16	"empty = Leaf"
b294e095f64c more abstract naming nipkow parents: 68413 diff changeset	17
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	18	fun lvl :: "'a aa_tree \<Rightarrow> nat" where
4c9e1e5a240e added AA trees nipkow parents: diff changeset	19	"lvl Leaf = 0" \|
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	20	"lvl (Node _ _ lv _) = lv"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	21
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	22	fun invar :: "'a aa_tree \<Rightarrow> bool" where
4c9e1e5a240e added AA trees nipkow parents: diff changeset	23	"invar Leaf = True" \|
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	24	"invar (Node l a h r) =
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	25	(invar l \<and> invar r \<and>
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	26	h = lvl l + 1 \<and> (h = lvl r + 1 \<or> (\<exists>lr b rr. r = Node lr b h rr \<and> h = lvl rr + 1)))"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	27
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	28	fun skew :: "'a aa_tree \<Rightarrow> 'a aa_tree" where
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	29	"skew (Node (Node t1 b lvb t2) a lva t3) =
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	30	(if lva = lvb then Node t1 b lvb (Node t2 a lva t3) else Node (Node t1 b lvb t2) a lva t3)" \|
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	31	"skew t = t"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	32
4c9e1e5a240e added AA trees nipkow parents: diff changeset	33	fun split :: "'a aa_tree \<Rightarrow> 'a aa_tree" where
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	34	"split (Node t1 a lva (Node t2 b lvb (Node t3 c lvc t4))) =
67369 7360fe6bb423 prefer formal comments; wenzelm parents: 67040 diff changeset	35	(if lva = lvb \<and> lvb = lvc \<comment> \<open>\<open>lva = lvc\<close> suffices\<close>
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	36	then Node (Node t1 a lva t2) b (lva+1) (Node t3 c lva t4)
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	37	else Node t1 a lva (Node t2 b lvb (Node t3 c lvc t4)))" \|
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	38	"split t = t"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	39
4c9e1e5a240e added AA trees nipkow parents: diff changeset	40	hide_const (open) insert
4c9e1e5a240e added AA trees nipkow parents: diff changeset	41
63411 e051eea34990 got rid of class cmp; added height-size proofs by Daniel Stuewe nipkow parents: 62526 diff changeset	42	fun insert :: "'a::linorder \<Rightarrow> 'a aa_tree \<Rightarrow> 'a aa_tree" where
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	43	"insert x Leaf = Node Leaf x 1 Leaf" \|
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	44	"insert x (Node t1 a lv t2) =
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	45	(case cmp x a of
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	46	LT \<Rightarrow> split (skew (Node (insert x t1) a lv t2)) \|
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	47	GT \<Rightarrow> split (skew (Node t1 a lv (insert x t2))) \|
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	48	EQ \<Rightarrow> Node t1 x lv t2)"
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	49
4c9e1e5a240e added AA trees nipkow parents: diff changeset	50	fun sngl :: "'a aa_tree \<Rightarrow> bool" where
4c9e1e5a240e added AA trees nipkow parents: diff changeset	51	"sngl Leaf = False" \|
4c9e1e5a240e added AA trees nipkow parents: diff changeset	52	"sngl (Node _ _ _ Leaf) = True" \|
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	53	"sngl (Node _ _ lva (Node _ _ lvb _)) = (lva > lvb)"
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	54
4c9e1e5a240e added AA trees nipkow parents: diff changeset	55	definition adjust :: "'a aa_tree \<Rightarrow> 'a aa_tree" where
4c9e1e5a240e added AA trees nipkow parents: diff changeset	56	"adjust t =
4c9e1e5a240e added AA trees nipkow parents: diff changeset	57	(case t of
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	58	Node l x lv r \<Rightarrow>
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	59	(if lvl l >= lv-1 \<and> lvl r >= lv-1 then t else
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	60	if lvl r < lv-1 \<and> sngl l then skew (Node l x (lv-1) r) else
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	61	if lvl r < lv-1
4c9e1e5a240e added AA trees nipkow parents: diff changeset	62	then case l of
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	63	Node t1 a lva (Node t2 b lvb t3)
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	64	\<Rightarrow> Node (Node t1 a lva t2) b (lvb+1) (Node t3 x (lv-1) r)
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	65	else
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	66	if lvl r < lv then split (Node l x (lv-1) r)
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	67	else
4c9e1e5a240e added AA trees nipkow parents: diff changeset	68	case r of
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	69	Node t1 b lvb t4 \<Rightarrow>
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	70	(case t1 of
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	71	Node t2 a lva t3
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	72	\<Rightarrow> Node (Node l x (lv-1) t2) a (lva+1)
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	73	(split (Node t3 b (if sngl t1 then lva else lva+1) t4)))))"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	74
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 67369 diff changeset	75	text\<open>In the paper, the last case of @{const adjust} is expressed with the help of an
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	76	incorrect auxiliary function \texttt{nlvl}.
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	77
68023 75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	78	Function @{text split_max} below is called \texttt{dellrg} in the paper.
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	79	The latter is incorrect for two reasons: \texttt{dellrg} is meant to delete the largest
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	80	element but recurses on the left instead of the right subtree; the invariant
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 67369 diff changeset	81	is not restored.\<close>
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	82
68023 75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	83	fun split_max :: "'a aa_tree \<Rightarrow> 'a aa_tree * 'a" where
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	84	"split_max (Node l a lv Leaf) = (l,a)" \|
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	85	"split_max (Node l a lv r) = (let (r',b) = split_max r in (adjust(Node l a lv r'), b))"
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	86
63411 e051eea34990 got rid of class cmp; added height-size proofs by Daniel Stuewe nipkow parents: 62526 diff changeset	87	fun delete :: "'a::linorder \<Rightarrow> 'a aa_tree \<Rightarrow> 'a aa_tree" where
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	88	"delete _ Leaf = Leaf" \|
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	89	"delete x (Node l a lv r) =
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	90	(case cmp x a of
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	91	LT \<Rightarrow> adjust (Node (delete x l) a lv r) \|
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	92	GT \<Rightarrow> adjust (Node l a lv (delete x r)) \|
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	93	EQ \<Rightarrow> (if l = Leaf then r
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	94	else let (l',b) = split_max l in adjust (Node l' b lv r)))"
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	95
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	96	fun pre_adjust where
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	97	"pre_adjust (Node l a lv r) = (invar l \<and> invar r \<and>
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	98	((lv = lvl l + 1 \<and> (lv = lvl r + 1 \<or> lv = lvl r + 2 \<or> lv = lvl r \<and> sngl r)) \<or>
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	99	(lv = lvl l + 2 \<and> (lv = lvl r + 1 \<or> lv = lvl r \<and> sngl r))))"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	100
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	101	declare pre_adjust.simps [simp del]
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	102
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	103	subsection "Auxiliary Proofs"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	104
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	105	lemma split_case: "split t = (case t of
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	106	Node t1 x lvx (Node t2 y lvy (Node t3 z lvz t4)) \<Rightarrow>
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	107	(if lvx = lvy \<and> lvy = lvz
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	108	then Node (Node t1 x lvx t2) y (lvx+1) (Node t3 z lvx t4)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	109	else t)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	110	\| t \<Rightarrow> t)"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	111	by(auto split: tree.split)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	112
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	113	lemma skew_case: "skew t = (case t of
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	114	Node (Node t1 y lvy t2) x lvx t3 \<Rightarrow>
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	115	(if lvx = lvy then Node t1 y lvx (Node t2 x lvx t3) else t)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	116	\| t \<Rightarrow> t)"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	117	by(auto split: tree.split)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	118
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	119	lemma lvl_0_iff: "invar t \<Longrightarrow> lvl t = 0 \<longleftrightarrow> t = Leaf"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	120	by(cases t) auto
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	121
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	122	lemma lvl_Suc_iff: "lvl t = Suc n \<longleftrightarrow> (\<exists> l a r. t = Node l a (Suc n) r)"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	123	by(cases t) auto
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	124
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	125	lemma lvl_skew: "lvl (skew t) = lvl t"
62526 347150095fd2 tuned nipkow parents: 62496 diff changeset	126	by(cases t rule: skew.cases) auto
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	127
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	128	lemma lvl_split: "lvl (split t) = lvl t \<or> lvl (split t) = lvl t + 1 \<and> sngl (split t)"
62526 347150095fd2 tuned nipkow parents: 62496 diff changeset	129	by(cases t rule: split.cases) auto
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	130
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	131	lemma invar_2Nodes:"invar (Node l x lv (Node rl rx rlv rr)) =
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	132	(invar l \<and> invar \<langle>rl, rx, rlv, rr\<rangle> \<and> lv = Suc (lvl l) \<and>
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	133	(lv = Suc rlv \<or> rlv = lv \<and> lv = Suc (lvl rr)))"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	134	by simp
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	135
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	136	lemma invar_NodeLeaf[simp]:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	137	"invar (Node l x lv Leaf) = (invar l \<and> lv = Suc (lvl l) \<and> lv = Suc 0)"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	138	by simp
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	139
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	140	lemma sngl_if_invar: "invar (Node l a n r) \<Longrightarrow> n = lvl r \<Longrightarrow> sngl r"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	141	by(cases r rule: sngl.cases) clarsimp+
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	142
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	143
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	144	subsection "Invariance"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	145
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	146	subsubsection "Proofs for insert"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	147
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	148	lemma lvl_insert_aux:
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	149	"lvl (insert x t) = lvl t \<or> lvl (insert x t) = lvl t + 1 \<and> sngl (insert x t)"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	150	apply(induction t)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	151	apply (auto simp: lvl_skew)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	152	apply (metis Suc_eq_plus1 lvl.simps(2) lvl_split lvl_skew)+
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	153	done
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	154
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	155	lemma lvl_insert: obtains
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	156	(Same) "lvl (insert x t) = lvl t" \|
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	157	(Incr) "lvl (insert x t) = lvl t + 1" "sngl (insert x t)"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	158	using lvl_insert_aux by blast
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	159
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	160	lemma lvl_insert_sngl: "invar t \<Longrightarrow> sngl t \<Longrightarrow> lvl(insert x t) = lvl t"
62526 347150095fd2 tuned nipkow parents: 62496 diff changeset	161	proof (induction t rule: insert.induct)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	162	case (2 x t1 a lv t2)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	163	consider (LT) "x < a" \| (GT) "x > a" \| (EQ) "x = a"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	164	using less_linear by blast
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	165	thus ?case proof cases
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	166	case LT
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	167	thus ?thesis using 2 by (auto simp add: skew_case split_case split: tree.splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	168	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	169	case GT
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	170	thus ?thesis using 2 proof (cases t1)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	171	case Node
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	172	thus ?thesis using 2 GT
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	173	apply (auto simp add: skew_case split_case split: tree.splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	174	by (metis less_not_refl2 lvl.simps(2) lvl_insert_aux n_not_Suc_n sngl.simps(3))+
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	175	qed (auto simp add: lvl_0_iff)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	176	qed simp
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	177	qed simp
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	178
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	179	lemma skew_invar: "invar t \<Longrightarrow> skew t = t"
62526 347150095fd2 tuned nipkow parents: 62496 diff changeset	180	by(cases t rule: skew.cases) auto
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	181
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	182	lemma split_invar: "invar t \<Longrightarrow> split t = t"
62526 347150095fd2 tuned nipkow parents: 62496 diff changeset	183	by(cases t rule: split.cases) clarsimp+
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	184
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	185	lemma invar_NodeL:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	186	"\<lbrakk> invar(Node l x n r); invar l'; lvl l' = lvl l \<rbrakk> \<Longrightarrow> invar(Node l' x n r)"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	187	by(auto)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	188
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	189	lemma invar_NodeR:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	190	"\<lbrakk> invar(Node l x n r); n = lvl r + 1; invar r'; lvl r' = lvl r \<rbrakk> \<Longrightarrow> invar(Node l x n r')"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	191	by(auto)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	192
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	193	lemma invar_NodeR2:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	194	"\<lbrakk> invar(Node l x n r); sngl r'; n = lvl r + 1; invar r'; lvl r' = n \<rbrakk> \<Longrightarrow> invar(Node l x n r')"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	195	by(cases r' rule: sngl.cases) clarsimp+
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	196
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	197
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	198	lemma lvl_insert_incr_iff: "(lvl(insert a t) = lvl t + 1) \<longleftrightarrow>
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	199	(\<exists>l x r. insert a t = Node l x (lvl t + 1) r \<and> lvl l = lvl r)"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	200	apply(cases t)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	201	apply(auto simp add: skew_case split_case split: if_splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	202	apply(auto split: tree.splits if_splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	203	done
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	204
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	205	lemma invar_insert: "invar t \<Longrightarrow> invar(insert a t)"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	206	proof(induction t)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	207	case N: (Node l x n r)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	208	hence il: "invar l" and ir: "invar r" by auto
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	209	note iil = N.IH(1)[OF il]
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	210	note iir = N.IH(2)[OF ir]
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	211	let ?t = "Node l x n r"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	212	have "a < x \<or> a = x \<or> x < a" by auto
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	213	moreover
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	214	have ?case if "a < x"
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	215	proof (cases rule: lvl_insert[of a l])
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	216	case (Same) thus ?thesis
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	217	using \<open>a<x\<close> invar_NodeL[OF N.prems iil Same]
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	218	by (simp add: skew_invar split_invar del: invar.simps)
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	219	next
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	220	case (Incr)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	221	then obtain t1 w t2 where ial[simp]: "insert a l = Node t1 w n t2"
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	222	using N.prems by (auto simp: lvl_Suc_iff)
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	223	have l12: "lvl t1 = lvl t2"
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	224	by (metis Incr(1) ial lvl_insert_incr_iff tree.inject)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	225	have "insert a ?t = split(skew(Node (insert a l) x n r))"
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	226	by(simp add: \<open>a<x\<close>)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	227	also have "skew(Node (insert a l) x n r) = Node t1 w n (Node t2 x n r)"
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	228	by(simp)
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	229	also have "invar(split \<dots>)"
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	230	proof (cases r)
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	231	case Leaf
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	232	hence "l = Leaf" using N.prems by(auto simp: lvl_0_iff)
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	233	thus ?thesis using Leaf ial by simp
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	234	next
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	235	case [simp]: (Node t3 y m t4)
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	236	show ?thesis (using N(3) iil l12 by(auto))
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	237	proof cases
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	238	assume "m = n" thus ?thesis using N(3) iil by(auto)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	239	next
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	240	assume "m \<noteq> n" thus ?thesis using N(3) iil l12 by(auto)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	241	qed
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	242	qed
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	243	finally show ?thesis .
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	244	qed
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	245	moreover
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	246	have ?case if "x < a"
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	247	proof -
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	248	from \<open>invar ?t\<close> have "n = lvl r \<or> n = lvl r + 1" by auto
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	249	thus ?case
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	250	proof
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	251	assume 0: "n = lvl r"
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	252	have "insert a ?t = split(skew(Node l x n (insert a r)))"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	253	using \<open>a>x\<close> by(auto)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	254	also have "skew(Node l x n (insert a r)) = Node l x n (insert a r)"
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	255	using N.prems by(simp add: skew_case split: tree.split)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	256	also have "invar(split \<dots>)"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	257	proof -
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	258	from lvl_insert_sngl[OF ir sngl_if_invar[OF \<open>invar ?t\<close> 0], of a]
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	259	obtain t1 y t2 where iar: "insert a r = Node t1 y n t2"
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	260	using N.prems 0 by (auto simp: lvl_Suc_iff)
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	261	from N.prems iar 0 iir
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	262	show ?thesis by (auto simp: split_case split: tree.splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	263	qed
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	264	finally show ?thesis .
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	265	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	266	assume 1: "n = lvl r + 1"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	267	hence "sngl ?t" by(cases r) auto
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	268	show ?thesis
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	269	proof (cases rule: lvl_insert[of a r])
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	270	case (Same)
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	271	show ?thesis using \<open>x<a\<close> il ir invar_NodeR[OF N.prems 1 iir Same]
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	272	by (auto simp add: skew_invar split_invar)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	273	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	274	case (Incr)
67406 23307fd33906 isabelle update_cartouches -c; wenzelm parents: 67369 diff changeset	275	thus ?thesis using invar_NodeR2[OF \<open>invar ?t\<close> Incr(2) 1 iir] 1 \<open>x < a\<close>
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	276	by (auto simp add: skew_invar split_invar split: if_splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	277	qed
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	278	qed
67040 c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	279	qed
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	280	moreover
c1b87d15774a replaced raw proof blocks by local lemmas nipkow parents: 63636 diff changeset	281	have "a = x \<Longrightarrow> ?case" using N.prems by auto
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	282	ultimately show ?case by blast
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	283	qed simp
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	284
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	285
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	286	subsubsection "Proofs for delete"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	287
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	288	lemma invarL: "ASSUMPTION(invar \<langle>l, a, lv, r\<rangle>) \<Longrightarrow> invar l"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	289	by(simp add: ASSUMPTION_def)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	290
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	291	lemma invarR: "ASSUMPTION(invar \<langle>lv, l, a, r\<rangle>) \<Longrightarrow> invar r"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	292	by(simp add: ASSUMPTION_def)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	293
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	294	lemma sngl_NodeI:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	295	"sngl (Node l a lv r) \<Longrightarrow> sngl (Node l' a' lv r)"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	296	by(cases r) (simp_all)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	297
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	298
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	299	declare invarL[simp] invarR[simp]
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	300
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	301	lemma pre_cases:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	302	assumes "pre_adjust (Node l x lv r)"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	303	obtains
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	304	(tSngl) "invar l \<and> invar r \<and>
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	305	lv = Suc (lvl r) \<and> lvl l = lvl r" \|
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	306	(tDouble) "invar l \<and> invar r \<and>
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	307	lv = lvl r \<and> Suc (lvl l) = lvl r \<and> sngl r " \|
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	308	(rDown) "invar l \<and> invar r \<and>
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	309	lv = Suc (Suc (lvl r)) \<and> lv = Suc (lvl l)" \|
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	310	(lDown_tSngl) "invar l \<and> invar r \<and>
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	311	lv = Suc (lvl r) \<and> lv = Suc (Suc (lvl l))" \|
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	312	(lDown_tDouble) "invar l \<and> invar r \<and>
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	313	lv = lvl r \<and> lv = Suc (Suc (lvl l)) \<and> sngl r"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	314	using assms unfolding pre_adjust.simps
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	315	by auto
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	316
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	317	declare invar.simps(2)[simp del] invar_2Nodes[simp add]
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	318
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	319	lemma invar_adjust:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	320	assumes pre: "pre_adjust (Node l a lv r)"
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	321	shows "invar(adjust (Node l a lv r))"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	322	using pre proof (cases rule: pre_cases)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	323	case (tDouble) thus ?thesis unfolding adjust_def by (cases r) (auto simp: invar.simps(2))
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	324	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	325	case (rDown)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	326	from rDown obtain llv ll la lr where l: "l = Node ll la llv lr" by (cases l) auto
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	327	from rDown show ?thesis unfolding adjust_def by (auto simp: l invar.simps(2) split: tree.splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	328	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	329	case (lDown_tDouble)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	330	from lDown_tDouble obtain rlv rr ra rl where r: "r = Node rl ra rlv rr" by (cases r) auto
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	331	from lDown_tDouble and r obtain rrlv rrr rra rrl where
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	332	rr :"rr = Node rrr rra rrlv rrl" by (cases rr) auto
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	333	from lDown_tDouble show ?thesis unfolding adjust_def r rr
63636 6f38b7abb648 introduced aggressive splitter "split!" nipkow parents: 63411 diff changeset	334	apply (cases rl) apply (auto simp add: invar.simps(2) split!: if_split)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	335	using lDown_tDouble by (auto simp: split_case lvl_0_iff elim:lvl.elims split: tree.split)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	336	qed (auto simp: split_case invar.simps(2) adjust_def split: tree.splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	337
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	338	lemma lvl_adjust:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	339	assumes "pre_adjust (Node l a lv r)"
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	340	shows "lv = lvl (adjust(Node l a lv r)) \<or> lv = lvl (adjust(Node l a lv r)) + 1"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	341	using assms(1) proof(cases rule: pre_cases)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	342	case lDown_tSngl thus ?thesis
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	343	using lvl_split[of "\<langle>l, a, lvl r, r\<rangle>"] by (auto simp: adjust_def)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	344	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	345	case lDown_tDouble thus ?thesis
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	346	by (auto simp: adjust_def invar.simps(2) split: tree.split)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	347	qed (auto simp: adjust_def split: tree.splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	348
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	349	lemma sngl_adjust: assumes "pre_adjust (Node l a lv r)"
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	350	"sngl \<langle>l, a, lv, r\<rangle>" "lv = lvl (adjust \<langle>l, a, lv, r\<rangle>)"
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	351	shows "sngl (adjust \<langle>l, a, lv, r\<rangle>)"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	352	using assms proof (cases rule: pre_cases)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	353	case rDown
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	354	thus ?thesis using assms(2,3) unfolding adjust_def
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	355	by (auto simp add: skew_case) (auto split: tree.split)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	356	qed (auto simp: adjust_def skew_case split_case split: tree.split)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	357
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	358	definition "post_del t t' ==
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	359	invar t' \<and>
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	360	(lvl t' = lvl t \<or> lvl t' + 1 = lvl t) \<and>
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	361	(lvl t' = lvl t \<and> sngl t \<longrightarrow> sngl t')"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	362
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	363	lemma pre_adj_if_postR:
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	364	"invar\<langle>lv, l, a, r\<rangle> \<Longrightarrow> post_del r r' \<Longrightarrow> pre_adjust \<langle>lv, l, a, r'\<rangle>"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	365	by(cases "sngl r")
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	366	(auto simp: pre_adjust.simps post_del_def invar.simps(2) elim: sngl.elims)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	367
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	368	lemma pre_adj_if_postL:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	369	"invar\<langle>l, a, lv, r\<rangle> \<Longrightarrow> post_del l l' \<Longrightarrow> pre_adjust \<langle>l', b, lv, r\<rangle>"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	370	by(cases "sngl r")
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	371	(auto simp: pre_adjust.simps post_del_def invar.simps(2) elim: sngl.elims)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	372
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	373	lemma post_del_adjL:
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	374	"\<lbrakk> invar\<langle>l, a, lv, r\<rangle>; pre_adjust \<langle>l', b, lv, r\<rangle> \<rbrakk>
b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	375	\<Longrightarrow> post_del \<langle>l, a, lv, r\<rangle> (adjust \<langle>l', b, lv, r\<rangle>)"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	376	unfolding post_del_def
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	377	by (metis invar_adjust lvl_adjust sngl_NodeI sngl_adjust lvl.simps(2))
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	378
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	379	lemma post_del_adjR:
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	380	assumes "invar\<langle>lv, l, a, r\<rangle>" "pre_adjust \<langle>lv, l, a, r'\<rangle>" "post_del r r'"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	381	shows "post_del \<langle>lv, l, a, r\<rangle> (adjust \<langle>lv, l, a, r'\<rangle>)"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	382	proof(unfold post_del_def, safe del: disjCI)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	383	let ?t = "\<langle>lv, l, a, r\<rangle>"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	384	let ?t' = "adjust \<langle>lv, l, a, r'\<rangle>"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	385	show "invar ?t'" by(rule invar_adjust[OF assms(2)])
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	386	show "lvl ?t' = lvl ?t \<or> lvl ?t' + 1 = lvl ?t"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	387	using lvl_adjust[OF assms(2)] by auto
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	388	show "sngl ?t'" if as: "lvl ?t' = lvl ?t" "sngl ?t"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	389	proof -
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	390	have s: "sngl \<langle>lv, l, a, r'\<rangle>"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	391	proof(cases r')
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	392	case Leaf thus ?thesis by simp
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	393	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	394	case Node thus ?thesis using as(2) assms(1,3)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	395	by (cases r) (auto simp: post_del_def)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	396	qed
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	397	show ?thesis using as(1) sngl_adjust[OF assms(2) s] by simp
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	398	qed
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	399	qed
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	400
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	401	declare prod.splits[split]
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	402
68023 75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	403	theorem post_split_max:
75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	404	"\<lbrakk> invar t; (t', x) = split_max t; t \<noteq> Leaf \<rbrakk> \<Longrightarrow> post_del t t'"
75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	405	proof (induction t arbitrary: t' rule: split_max.induct)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	406	case (2 lv l a lvr rl ra rr)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	407	let ?r = "\<langle>lvr, rl, ra, rr\<rangle>"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	408	let ?t = "\<langle>lv, l, a, ?r\<rangle>"
68023 75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	409	from "2.prems"(2) obtain r' where r': "(r', x) = split_max ?r"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	410	and [simp]: "t' = adjust \<langle>lv, l, a, r'\<rangle>" by auto
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	411	from "2.IH"[OF _ r'] \<open>invar ?t\<close> have post: "post_del ?r r'" by simp
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	412	note preR = pre_adj_if_postR[OF \<open>invar ?t\<close> post]
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	413	show ?case by (simp add: post_del_adjR[OF "2.prems"(1) preR post])
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	414	qed (auto simp: post_del_def)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	415
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	416	theorem post_delete: "invar t \<Longrightarrow> post_del t (delete x t)"
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	417	proof (induction t)
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	418	case (Node l a lv r)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	419
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	420	let ?l' = "delete x l" and ?r' = "delete x r"
68413 b56ed5010e69 tuned order of arguments nipkow parents: 68023 diff changeset	421	let ?t = "Node l a lv r" let ?t' = "delete x ?t"
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	422
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	423	from Node.prems have inv_l: "invar l" and inv_r: "invar r" by (auto)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	424
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	425	note post_l' = Node.IH(1)[OF inv_l]
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	426	note preL = pre_adj_if_postL[OF Node.prems post_l']
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	427
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	428	note post_r' = Node.IH(2)[OF inv_r]
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	429	note preR = pre_adj_if_postR[OF Node.prems post_r']
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	430
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	431	show ?case
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	432	proof (cases rule: linorder_cases[of x a])
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	433	case less
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	434	thus ?thesis using Node.prems by (simp add: post_del_adjL preL)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	435	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	436	case greater
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	437	thus ?thesis using Node.prems by (simp add: post_del_adjR preR post_r')
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	438	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	439	case equal
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	440	show ?thesis
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	441	proof cases
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	442	assume "l = Leaf" thus ?thesis using equal Node.prems
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	443	by(auto simp: post_del_def invar.simps(2))
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	444	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	445	assume "l \<noteq> Leaf" thus ?thesis using equal
68023 75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	446	by simp (metis Node.prems inv_l post_del_adjL post_split_max pre_adj_if_postL)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	447	qed
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	448	qed
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	449	qed (simp add: post_del_def)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	450
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	451	declare invar_2Nodes[simp del]
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	452
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	453
4c9e1e5a240e added AA trees nipkow parents: diff changeset	454	subsection "Functional Correctness"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	455
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	456
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	457	subsubsection "Proofs for insert"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	458
4c9e1e5a240e added AA trees nipkow parents: diff changeset	459	lemma inorder_split: "inorder(split t) = inorder t"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	460	by(cases t rule: split.cases) (auto)
4c9e1e5a240e added AA trees nipkow parents: diff changeset	461
4c9e1e5a240e added AA trees nipkow parents: diff changeset	462	lemma inorder_skew: "inorder(skew t) = inorder t"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	463	by(cases t rule: skew.cases) (auto)
4c9e1e5a240e added AA trees nipkow parents: diff changeset	464
4c9e1e5a240e added AA trees nipkow parents: diff changeset	465	lemma inorder_insert:
4c9e1e5a240e added AA trees nipkow parents: diff changeset	466	"sorted(inorder t) \<Longrightarrow> inorder(insert x t) = ins_list x (inorder t)"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	467	by(induction t) (auto simp: ins_list_simps inorder_split inorder_skew)
4c9e1e5a240e added AA trees nipkow parents: diff changeset	468
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	469
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	470	subsubsection "Proofs for delete"
4c9e1e5a240e added AA trees nipkow parents: diff changeset	471
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	472	lemma inorder_adjust: "t \<noteq> Leaf \<Longrightarrow> pre_adjust t \<Longrightarrow> inorder(adjust t) = inorder t"
62526 347150095fd2 tuned nipkow parents: 62496 diff changeset	473	by(cases t)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	474	(auto simp: adjust_def inorder_skew inorder_split invar.simps(2) pre_adjust.simps
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	475	split: tree.splits)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	476
68023 75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	477	lemma split_maxD:
75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	478	"\<lbrakk> split_max t = (t',x); t \<noteq> Leaf; invar t \<rbrakk> \<Longrightarrow> inorder t' @ [x] = inorder t"
75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	479	by(induction t arbitrary: t' rule: split_max.induct)
75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	480	(auto simp: sorted_lems inorder_adjust pre_adj_if_postR post_split_max split: prod.splits)
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	481
4c9e1e5a240e added AA trees nipkow parents: diff changeset	482	lemma inorder_delete:
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	483	"invar t \<Longrightarrow> sorted(inorder t) \<Longrightarrow> inorder(delete x t) = del_list x (inorder t)"
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	484	by(induction t)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	485	(auto simp: del_list_simps inorder_adjust pre_adj_if_postL pre_adj_if_postR
68023 75130777ece4 del_max -> split_max nipkow parents: 67967 diff changeset	486	post_split_max post_delete split_maxD split: prod.splits)
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	487
68440 6826718f732d qualify interpretations to avoid clashes nipkow parents: 68431 diff changeset	488	interpretation S: Set_by_Ordered
68431 b294e095f64c more abstract naming nipkow parents: 68413 diff changeset	489	where empty = empty and isin = isin and insert = insert and delete = delete
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	490	and inorder = inorder and inv = invar
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	491	proof (standard, goal_cases)
68431 b294e095f64c more abstract naming nipkow parents: 68413 diff changeset	492	case 1 show ?case by (simp add: empty_def)
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	493	next
67967 5a4280946a25 moved and renamed lemmas nipkow parents: 67613 diff changeset	494	case 2 thus ?case by(simp add: isin_set_inorder)
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	495	next
4c9e1e5a240e added AA trees nipkow parents: diff changeset	496	case 3 thus ?case by(simp add: inorder_insert)
4c9e1e5a240e added AA trees nipkow parents: diff changeset	497	next
4c9e1e5a240e added AA trees nipkow parents: diff changeset	498	case 4 thus ?case by(simp add: inorder_delete)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	499	next
68431 b294e095f64c more abstract naming nipkow parents: 68413 diff changeset	500	case 5 thus ?case by(simp add: empty_def)
62496 f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	501	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	502	case 6 thus ?case by(simp add: invar_insert)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	503	next
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	504	case 7 thus ?case using post_delete by(auto simp: post_del_def)
f187aaf602c4 added invariant proofs to AA trees nipkow parents: 62390 diff changeset	505	qed
61793 4c9e1e5a240e added AA trees nipkow parents: diff changeset	506
62390 842917225d56 more canonical names nipkow parents: 62160 diff changeset	507	end

author	nipkow
	Wed, 17 Oct 2018 21:00:53 +0200
changeset 69145	806be481aa57
parent 68440	6826718f732d
child 69505	cc2d676d5395
permissions	-rw-r--r--