|
1 (* Author: Tobias Nipkow *) |
|
2 |
|
3 section "Join-Based BST Implementation of Sets" |
|
4 |
|
5 theory Set2_BST_Join |
|
6 imports |
|
7 "HOL-Library.Tree" |
|
8 Cmp |
|
9 Set_Specs |
|
10 begin |
|
11 |
|
12 text \<open>This theory implements the set operations \<open>insert\<close>, \<open>delete\<close>, |
|
13 \<open>union\<close>, \<open>inter\<close>section and \<open>diff\<close>erence. The implementation is based on binary search trees. |
|
14 All operations are reduced to a single operation \<open>join l x r\<close> that joins two BSTs \<open>l\<close> and \<open>r\<close> |
|
15 and an element \<open>x\<close> such that \<open>l < x < r\<close>. |
|
16 |
|
17 This theory illustrates the idea but is not suitable for an efficient implementation where |
|
18 \<open>join\<close> balances the tree in some manner because type @{typ "'a tree"} in theory @{theory Tree} |
|
19 has no additional fields for recording balance information. See theory \<open>Set2_BST2_Join\<close> for that.\<close> |
|
20 |
|
21 text \<open>Function \<open>isin\<close> can also be expressed via \<open>join\<close> but this is more direct:\<close> |
|
22 |
|
23 fun isin :: "('a::linorder) tree \<Rightarrow> 'a \<Rightarrow> bool" where |
|
24 "isin Leaf x = False" | |
|
25 "isin (Node l a r) x = |
|
26 (case cmp x a of |
|
27 LT \<Rightarrow> isin l x | |
|
28 EQ \<Rightarrow> True | |
|
29 GT \<Rightarrow> isin r x)" |
|
30 |
|
31 lemma isin_set: "bst t \<Longrightarrow> isin t x = (x \<in> set_tree t)" |
|
32 by (induction t) (auto) |
|
33 |
|
34 |
|
35 locale Set2_BST_Join = |
|
36 fixes join :: "('a::linorder) tree \<Rightarrow> 'a \<Rightarrow> 'a tree \<Rightarrow> 'a tree" |
|
37 assumes set_join: "set_tree (join t1 x t2) = Set.insert x (set_tree t1 \<union> set_tree t2)" |
|
38 assumes bst_join: |
|
39 "\<lbrakk> bst l; bst r; \<forall>x \<in> set_tree l. x < k; \<forall>y \<in> set_tree r. k < y \<rbrakk> |
|
40 \<Longrightarrow> bst (join l k r)" |
|
41 fixes inv :: "'a tree \<Rightarrow> bool" |
|
42 assumes inv_Leaf: "inv \<langle>\<rangle>" |
|
43 assumes inv_join: "\<lbrakk> inv l; inv r \<rbrakk> \<Longrightarrow> inv (join l k r)" |
|
44 assumes inv_Node: "\<lbrakk> inv (Node l x r) \<rbrakk> \<Longrightarrow> inv l \<and> inv r" |
|
45 begin |
|
46 |
|
47 declare set_join [simp] |
|
48 |
|
49 subsection "\<open>split_min\<close>" |
|
50 |
|
51 fun split_min :: "'a tree \<Rightarrow> 'a \<times> 'a tree" where |
|
52 "split_min (Node l x r) = |
|
53 (if l = Leaf then (x,r) else let (m,l') = split_min l in (m, join l' x r))" |
|
54 |
|
55 lemma split_min_set: |
|
56 "\<lbrakk> split_min t = (x,t'); t \<noteq> Leaf \<rbrakk> \<Longrightarrow> |
|
57 x \<in> set_tree t \<and> set_tree t = Set.insert x (set_tree t')" |
|
58 proof(induction t arbitrary: t') |
|
59 case Node thus ?case by(auto split: prod.splits if_splits) |
|
60 next |
|
61 case Leaf thus ?case by simp |
|
62 qed |
|
63 |
|
64 lemma split_min_bst: |
|
65 "\<lbrakk> split_min t = (x,t'); bst t; t \<noteq> Leaf \<rbrakk> \<Longrightarrow> bst t' \<and> (\<forall>x' \<in> set_tree t'. x < x')" |
|
66 proof(induction t arbitrary: t') |
|
67 case Node thus ?case by(fastforce simp: split_min_set bst_join split: prod.splits if_splits) |
|
68 next |
|
69 case Leaf thus ?case by simp |
|
70 qed |
|
71 |
|
72 lemma split_min_inv: |
|
73 "\<lbrakk> split_min t = (x,t'); inv t; t \<noteq> Leaf \<rbrakk> \<Longrightarrow> inv t'" |
|
74 proof(induction t arbitrary: t') |
|
75 case Node thus ?case by(auto simp: inv_join split: prod.splits if_splits dest: inv_Node) |
|
76 next |
|
77 case Leaf thus ?case by simp |
|
78 qed |
|
79 |
|
80 |
|
81 subsection "\<open>join2\<close>" |
|
82 |
|
83 definition join2 :: "'a tree \<Rightarrow> 'a tree \<Rightarrow> 'a tree" where |
|
84 "join2 l r = (if r = Leaf then l else let (x,r') = split_min r in join l x r')" |
|
85 |
|
86 lemma set_join2[simp]: "set_tree (join2 l r) = set_tree l \<union> set_tree r" |
|
87 by(simp add: join2_def split_min_set split: prod.split) |
|
88 |
|
89 lemma bst_join2: "\<lbrakk> bst l; bst r; \<forall>x \<in> set_tree l. \<forall>y \<in> set_tree r. x < y \<rbrakk> |
|
90 \<Longrightarrow> bst (join2 l r)" |
|
91 by(simp add: join2_def bst_join split_min_set split_min_bst split: prod.split) |
|
92 |
|
93 lemma inv_join2: "\<lbrakk> inv l; inv r \<rbrakk> \<Longrightarrow> inv (join2 l r)" |
|
94 by(simp add: join2_def inv_join split_min_set split_min_inv split: prod.split) |
|
95 |
|
96 |
|
97 subsection "\<open>split\<close>" |
|
98 |
|
99 fun split :: "'a tree \<Rightarrow> 'a \<Rightarrow> 'a tree \<times> bool \<times> 'a tree" where |
|
100 "split Leaf k = (Leaf, False, Leaf)" | |
|
101 "split (Node l a r) k = |
|
102 (case cmp k a of |
|
103 LT \<Rightarrow> let (l1,b,l2) = split l k in (l1, b, join l2 a r) | |
|
104 GT \<Rightarrow> let (r1,b,r2) = split r k in (join l a r1, b, r2) | |
|
105 EQ \<Rightarrow> (l, True, r))" |
|
106 |
|
107 lemma split: "split t k = (l,kin,r) \<Longrightarrow> bst t \<Longrightarrow> |
|
108 set_tree l = {x \<in> set_tree t. x < k} \<and> set_tree r = {x \<in> set_tree t. k < x} |
|
109 \<and> (kin = (k \<in> set_tree t)) \<and> bst l \<and> bst r" |
|
110 proof(induction t arbitrary: l kin r) |
|
111 case Leaf thus ?case by simp |
|
112 next |
|
113 case Node thus ?case by(force split!: prod.splits if_splits intro!: bst_join) |
|
114 qed |
|
115 |
|
116 lemma split_inv: "split t k = (l,kin,r) \<Longrightarrow> inv t \<Longrightarrow> inv l \<and> inv r" |
|
117 proof(induction t arbitrary: l kin r) |
|
118 case Leaf thus ?case by simp |
|
119 next |
|
120 case Node |
|
121 thus ?case by(force simp: inv_join split!: prod.splits if_splits dest!: inv_Node) |
|
122 qed |
|
123 |
|
124 declare split.simps[simp del] |
|
125 |
|
126 |
|
127 subsection "\<open>insert\<close>" |
|
128 |
|
129 definition insert :: "'a \<Rightarrow> 'a tree \<Rightarrow> 'a tree" where |
|
130 "insert k t = (let (l,_,r) = split t k in join l k r)" |
|
131 |
|
132 lemma set_tree_insert: "bst t \<Longrightarrow> set_tree (insert x t) = Set.insert x (set_tree t)" |
|
133 by(auto simp add: insert_def split split: prod.split) |
|
134 |
|
135 lemma bst_insert: "bst t \<Longrightarrow> bst (insert x t)" |
|
136 by(auto simp add: insert_def bst_join dest: split split: prod.split) |
|
137 |
|
138 lemma inv_insert: "inv t \<Longrightarrow> inv (insert x t)" |
|
139 by(force simp: insert_def inv_join dest: split_inv split: prod.split) |
|
140 |
|
141 |
|
142 subsection "\<open>delete\<close>" |
|
143 |
|
144 definition delete :: "'a \<Rightarrow> 'a tree \<Rightarrow> 'a tree" where |
|
145 "delete k t = (let (l,_,r) = split t k in join2 l r)" |
|
146 |
|
147 lemma set_tree_delete: "bst t \<Longrightarrow> set_tree (delete k t) = set_tree t - {k}" |
|
148 by(auto simp: delete_def split split: prod.split) |
|
149 |
|
150 lemma bst_delete: "bst t \<Longrightarrow> bst (delete x t)" |
|
151 by(force simp add: delete_def intro: bst_join2 dest: split split: prod.split) |
|
152 |
|
153 lemma inv_delete: "inv t \<Longrightarrow> inv (delete x t)" |
|
154 by(force simp: delete_def inv_join2 dest: split_inv split: prod.split) |
|
155 |
|
156 |
|
157 subsection "\<open>union\<close>" |
|
158 |
|
159 fun union :: "'a tree \<Rightarrow> 'a tree \<Rightarrow> 'a tree" where |
|
160 "union t1 t2 = |
|
161 (if t1 = Leaf then t2 else |
|
162 if t2 = Leaf then t1 else |
|
163 case t1 of Node l1 k r1 \<Rightarrow> |
|
164 let (l2,_ ,r2) = split t2 k; |
|
165 l' = union l1 l2; r' = union r1 r2 |
|
166 in join l' k r')" |
|
167 |
|
168 declare union.simps [simp del] |
|
169 |
|
170 lemma set_tree_union: "bst t2 \<Longrightarrow> set_tree (union t1 t2) = set_tree t1 \<union> set_tree t2" |
|
171 proof(induction t1 t2 rule: union.induct) |
|
172 case (1 t1 t2) |
|
173 then show ?case |
|
174 by (auto simp: union.simps[of t1 t2] split split: tree.split prod.split) |
|
175 qed |
|
176 |
|
177 lemma bst_union: "\<lbrakk> bst t1; bst t2 \<rbrakk> \<Longrightarrow> bst (union t1 t2)" |
|
178 proof(induction t1 t2 rule: union.induct) |
|
179 case (1 t1 t2) |
|
180 thus ?case |
|
181 by(fastforce simp: union.simps[of t1 t2] set_tree_union split intro!: bst_join |
|
182 split: tree.split prod.split) |
|
183 qed |
|
184 |
|
185 lemma inv_union: "\<lbrakk> inv t1; inv t2 \<rbrakk> \<Longrightarrow> inv (union t1 t2)" |
|
186 proof(induction t1 t2 rule: union.induct) |
|
187 case (1 t1 t2) |
|
188 thus ?case |
|
189 by(auto simp:union.simps[of t1 t2] inv_join split_inv |
|
190 split!: tree.split prod.split dest: inv_Node) |
|
191 qed |
|
192 |
|
193 subsection "\<open>inter\<close>" |
|
194 |
|
195 fun inter :: "'a tree \<Rightarrow> 'a tree \<Rightarrow> 'a tree" where |
|
196 "inter t1 t2 = |
|
197 (if t1 = Leaf then Leaf else |
|
198 if t2 = Leaf then Leaf else |
|
199 case t1 of Node l1 k r1 \<Rightarrow> |
|
200 let (l2,kin,r2) = split t2 k; |
|
201 l' = inter l1 l2; r' = inter r1 r2 |
|
202 in if kin then join l' k r' else join2 l' r')" |
|
203 |
|
204 declare inter.simps [simp del] |
|
205 |
|
206 lemma set_tree_inter: |
|
207 "\<lbrakk> bst t1; bst t2 \<rbrakk> \<Longrightarrow> set_tree (inter t1 t2) = set_tree t1 \<inter> set_tree t2" |
|
208 proof(induction t1 t2 rule: inter.induct) |
|
209 case (1 t1 t2) |
|
210 show ?case |
|
211 proof (cases t1) |
|
212 case Leaf thus ?thesis by (simp add: inter.simps) |
|
213 next |
|
214 case [simp]: (Node l1 k r1) |
|
215 show ?thesis |
|
216 proof (cases "t2 = Leaf") |
|
217 case True thus ?thesis by (simp add: inter.simps) |
|
218 next |
|
219 case False |
|
220 let ?L1 = "set_tree l1" let ?R1 = "set_tree r1" |
|
221 have *: "k \<notin> ?L1 \<union> ?R1" using \<open>bst t1\<close> by (fastforce) |
|
222 obtain l2 kin r2 where sp: "split t2 k = (l2,kin,r2)" using prod_cases3 by blast |
|
223 let ?L2 = "set_tree l2" let ?R2 = "set_tree r2" let ?K = "if kin then {k} else {}" |
|
224 have t2: "set_tree t2 = ?L2 \<union> ?R2 \<union> ?K" and |
|
225 **: "?L2 \<inter> ?R2 = {}" "k \<notin> ?L2 \<union> ?R2" "?L1 \<inter> ?R2 = {}" "?L2 \<inter> ?R1 = {}" |
|
226 using split[OF sp] \<open>bst t1\<close> \<open>bst t2\<close> by (force, force, force, force, force) |
|
227 have IHl: "set_tree (inter l1 l2) = set_tree l1 \<inter> set_tree l2" |
|
228 using "1.IH"(1)[OF _ False _ sp[symmetric]] "1.prems"(1,2) split[OF sp] by simp |
|
229 have IHr: "set_tree (inter r1 r2) = set_tree r1 \<inter> set_tree r2" |
|
230 using "1.IH"(2)[OF _ False _ sp[symmetric]] "1.prems"(1,2) split[OF sp] by simp |
|
231 have "set_tree t1 \<inter> set_tree t2 = (?L1 \<union> ?R1 \<union> {k}) \<inter> (?L2 \<union> ?R2 \<union> ?K)" |
|
232 by(simp add: t2) |
|
233 also have "\<dots> = (?L1 \<inter> ?L2) \<union> (?R1 \<inter> ?R2) \<union> ?K" |
|
234 using * ** by auto |
|
235 also have "\<dots> = set_tree (inter t1 t2)" |
|
236 using IHl IHr sp inter.simps[of t1 t2] False by(simp) |
|
237 finally show ?thesis by simp |
|
238 qed |
|
239 qed |
|
240 qed |
|
241 |
|
242 lemma bst_inter: "\<lbrakk> bst t1; bst t2 \<rbrakk> \<Longrightarrow> bst (inter t1 t2)" |
|
243 proof(induction t1 t2 rule: inter.induct) |
|
244 case (1 t1 t2) |
|
245 thus ?case |
|
246 by(fastforce simp: inter.simps[of t1 t2] set_tree_inter split Let_def |
|
247 intro!: bst_join bst_join2 split: tree.split prod.split) |
|
248 qed |
|
249 |
|
250 lemma inv_inter: "\<lbrakk> inv t1; inv t2 \<rbrakk> \<Longrightarrow> inv (inter t1 t2)" |
|
251 proof(induction t1 t2 rule: inter.induct) |
|
252 case (1 t1 t2) |
|
253 thus ?case |
|
254 by(auto simp: inter.simps[of t1 t2] inv_join inv_join2 split_inv Let_def |
|
255 split!: tree.split prod.split dest: inv_Node) |
|
256 qed |
|
257 |
|
258 subsection "\<open>diff\<close>" |
|
259 |
|
260 fun diff :: "'a tree \<Rightarrow> 'a tree \<Rightarrow> 'a tree" where |
|
261 "diff t1 t2 = |
|
262 (if t1 = Leaf then Leaf else |
|
263 if t2 = Leaf then t1 else |
|
264 case t2 of Node l2 k r2 \<Rightarrow> |
|
265 let (l1,_,r1) = split t1 k; |
|
266 l' = diff l1 l2; r' = diff r1 r2 |
|
267 in join2 l' r')" |
|
268 |
|
269 declare diff.simps [simp del] |
|
270 |
|
271 lemma set_tree_diff: |
|
272 "\<lbrakk> bst t1; bst t2 \<rbrakk> \<Longrightarrow> set_tree (diff t1 t2) = set_tree t1 - set_tree t2" |
|
273 proof(induction t1 t2 rule: diff.induct) |
|
274 case (1 t1 t2) |
|
275 show ?case |
|
276 proof (cases t2) |
|
277 case Leaf thus ?thesis by (simp add: diff.simps) |
|
278 next |
|
279 case [simp]: (Node l2 k r2) |
|
280 show ?thesis |
|
281 proof (cases "t1 = Leaf") |
|
282 case True thus ?thesis by (simp add: diff.simps) |
|
283 next |
|
284 case False |
|
285 let ?L2 = "set_tree l2" let ?R2 = "set_tree r2" |
|
286 obtain l1 kin r1 where sp: "split t1 k = (l1,kin,r1)" using prod_cases3 by blast |
|
287 let ?L1 = "set_tree l1" let ?R1 = "set_tree r1" let ?K = "if kin then {k} else {}" |
|
288 have t1: "set_tree t1 = ?L1 \<union> ?R1 \<union> ?K" and |
|
289 **: "k \<notin> ?L1 \<union> ?R1" "?L1 \<inter> ?R2 = {}" "?L2 \<inter> ?R1 = {}" |
|
290 using split[OF sp] \<open>bst t1\<close> \<open>bst t2\<close> by (force, force, force, force) |
|
291 have IHl: "set_tree (diff l1 l2) = set_tree l1 - set_tree l2" |
|
292 using "1.IH"(1)[OF False _ _ sp[symmetric]] "1.prems"(1,2) split[OF sp] by simp |
|
293 have IHr: "set_tree (diff r1 r2) = set_tree r1 - set_tree r2" |
|
294 using "1.IH"(2)[OF False _ _ sp[symmetric]] "1.prems"(1,2) split[OF sp] by simp |
|
295 have "set_tree t1 - set_tree t2 = (?L1 \<union> ?R1) - (?L2 \<union> ?R2 \<union> {k})" |
|
296 by(simp add: t1) |
|
297 also have "\<dots> = (?L1 - ?L2) \<union> (?R1 - ?R2)" |
|
298 using ** by auto |
|
299 also have "\<dots> = set_tree (diff t1 t2)" |
|
300 using IHl IHr sp diff.simps[of t1 t2] False by(simp) |
|
301 finally show ?thesis by simp |
|
302 qed |
|
303 qed |
|
304 qed |
|
305 |
|
306 lemma bst_diff: "\<lbrakk> bst t1; bst t2 \<rbrakk> \<Longrightarrow> bst (diff t1 t2)" |
|
307 proof(induction t1 t2 rule: diff.induct) |
|
308 case (1 t1 t2) |
|
309 thus ?case |
|
310 by(fastforce simp: diff.simps[of t1 t2] set_tree_diff split Let_def |
|
311 intro!: bst_join bst_join2 split: tree.split prod.split) |
|
312 qed |
|
313 |
|
314 lemma inv_diff: "\<lbrakk> inv t1; inv t2 \<rbrakk> \<Longrightarrow> inv (diff t1 t2)" |
|
315 proof(induction t1 t2 rule: diff.induct) |
|
316 case (1 t1 t2) |
|
317 thus ?case |
|
318 by(auto simp: diff.simps[of t1 t2] inv_join inv_join2 split_inv Let_def |
|
319 split!: tree.split prod.split dest: inv_Node) |
|
320 qed |
|
321 |
|
322 text \<open>Locale @{locale Set2_BST_Join} implements locale @{locale Set2}:\<close> |
|
323 |
|
324 sublocale Set2 |
|
325 where empty = Leaf and isin = isin and insert = insert and delete = delete |
|
326 and union = union and inter = inter and diff = diff |
|
327 and set = set_tree and invar = "\<lambda>t. bst t \<and> inv t" |
|
328 proof (standard, goal_cases) |
|
329 case 1 show ?case by simp |
|
330 next |
|
331 case 2 thus ?case by (simp add: isin_set) |
|
332 next |
|
333 case 3 thus ?case by (simp add: set_tree_insert) |
|
334 next |
|
335 case 4 thus ?case by (simp add: set_tree_delete) |
|
336 next |
|
337 case 5 thus ?case by (simp add: inv_Leaf) |
|
338 next |
|
339 case 6 thus ?case by (simp add: inv_insert bst_insert) |
|
340 next |
|
341 case 7 thus ?case by (simp add: inv_delete bst_delete) |
|
342 next |
|
343 case 8 thus ?case by (simp add: set_tree_union) |
|
344 next |
|
345 case 9 thus ?case by (simp add: set_tree_inter) |
|
346 next |
|
347 case 10 thus ?case by (simp add: set_tree_diff) |
|
348 next |
|
349 case 11 thus ?case by (simp add: bst_union inv_union) |
|
350 next |
|
351 case 12 thus ?case by (simp add: bst_inter inv_inter) |
|
352 next |
|
353 case 13 thus ?case by (simp add: bst_diff inv_diff) |
|
354 qed |
|
355 |
|
356 end (* Set2_BST_Join *) |
|
357 |
|
358 text \<open>Interpretation of @{locale Set2_BST_Join} with unbalanced binary trees:\<close> |
|
359 |
|
360 interpretation Set2_BST_Join where join = Node and inv = "\<lambda>t. True" |
|
361 proof (standard, goal_cases) |
|
362 qed auto |
|
363 |
|
364 end |