wenzelm@47455: (* Title: HOL/Library/RBT_Impl.thy krauss@26192: Author: Markus Reiter, TU Muenchen krauss@26192: Author: Alexander Krauss, TU Muenchen krauss@26192: *) krauss@26192: haftmann@36147: header {* Implementation of Red-Black Trees *} krauss@26192: haftmann@36147: theory RBT_Impl haftmann@45990: imports Main krauss@26192: begin krauss@26192: haftmann@36147: text {* haftmann@36147: For applications, you should use theory @{text RBT} which defines haftmann@36147: an abstract type of red-black tree obeying the invariant. haftmann@36147: *} haftmann@36147: haftmann@35550: subsection {* Datatype of RB trees *} haftmann@35550: krauss@26192: datatype color = R | B haftmann@35534: datatype ('a, 'b) rbt = Empty | Branch color "('a, 'b) rbt" 'a 'b "('a, 'b) rbt" haftmann@35534: haftmann@35534: lemma rbt_cases: haftmann@35534: obtains (Empty) "t = Empty" haftmann@35534: | (Red) l k v r where "t = Branch R l k v r" haftmann@35534: | (Black) l k v r where "t = Branch B l k v r" haftmann@35534: proof (cases t) haftmann@35534: case Empty with that show thesis by blast haftmann@35534: next haftmann@35534: case (Branch c) with that show thesis by (cases c) blast+ haftmann@35534: qed haftmann@35534: haftmann@35550: subsection {* Tree properties *} haftmann@35534: haftmann@35550: subsubsection {* Content of a tree *} haftmann@35550: haftmann@35550: primrec entries :: "('a, 'b) rbt \ ('a \ 'b) list" haftmann@35534: where haftmann@35534: "entries Empty = []" haftmann@35534: | "entries (Branch _ l k v r) = entries l @ (k,v) # entries r" krauss@26192: haftmann@35550: abbreviation (input) entry_in_tree :: "'a \ 'b \ ('a, 'b) rbt \ bool" krauss@26192: where haftmann@35550: "entry_in_tree k v t \ (k, v) \ set (entries t)" haftmann@35550: haftmann@35550: definition keys :: "('a, 'b) rbt \ 'a list" where haftmann@35550: "keys t = map fst (entries t)" krauss@26192: haftmann@35550: lemma keys_simps [simp, code]: haftmann@35550: "keys Empty = []" haftmann@35550: "keys (Branch c l k v r) = keys l @ k # keys r" haftmann@35550: by (simp_all add: keys_def) krauss@26192: haftmann@35534: lemma entry_in_tree_keys: haftmann@35550: assumes "(k, v) \ set (entries t)" haftmann@35550: shows "k \ set (keys t)" haftmann@35550: proof - haftmann@35550: from assms have "fst (k, v) \ fst ` set (entries t)" by (rule imageI) haftmann@35550: then show ?thesis by (simp add: keys_def) haftmann@35550: qed haftmann@35550: haftmann@35602: lemma keys_entries: haftmann@35602: "k \ set (keys t) \ (\v. (k, v) \ set (entries t))" haftmann@35602: by (auto intro: entry_in_tree_keys) (auto simp add: keys_def) haftmann@35602: kuncar@48621: lemma non_empty_rbt_keys: kuncar@48621: "t \ rbt.Empty \ keys t \ []" kuncar@48621: by (cases t) simp_all haftmann@35550: haftmann@35550: subsubsection {* Search tree properties *} krauss@26192: Andreas@47450: context ord begin haftmann@35534: Andreas@47450: definition rbt_less :: "'a \ ('a, 'b) rbt \ bool" Andreas@47450: where Andreas@47450: rbt_less_prop: "rbt_less k t \ (\x\set (keys t). x < k)" krauss@26192: Andreas@47450: abbreviation rbt_less_symbol (infix "|\" 50) Andreas@47450: where "t |\ x \ rbt_less x t" Andreas@47450: Andreas@47450: definition rbt_greater :: "'a \ ('a, 'b) rbt \ bool" (infix "\|" 50) haftmann@35534: where Andreas@47450: rbt_greater_prop: "rbt_greater k t = (\x\set (keys t). k < x)" krauss@26192: Andreas@47450: lemma rbt_less_simps [simp]: Andreas@47450: "Empty |\ k = True" Andreas@47450: "Branch c lt kt v rt |\ k \ kt < k \ lt |\ k \ rt |\ k" Andreas@47450: by (auto simp add: rbt_less_prop) krauss@26192: Andreas@47450: lemma rbt_greater_simps [simp]: Andreas@47450: "k \| Empty = True" Andreas@47450: "k \| (Branch c lt kt v rt) \ k < kt \ k \| lt \ k \| rt" Andreas@47450: by (auto simp add: rbt_greater_prop) krauss@26192: Andreas@47450: lemmas rbt_ord_props = rbt_less_prop rbt_greater_prop Andreas@47450: Andreas@47450: lemmas rbt_greater_nit = rbt_greater_prop entry_in_tree_keys Andreas@47450: lemmas rbt_less_nit = rbt_less_prop entry_in_tree_keys krauss@26192: Andreas@47450: lemma (in order) Andreas@47450: shows rbt_less_eq_trans: "l |\ u \ u \ v \ l |\ v" Andreas@47450: and rbt_less_trans: "t |\ x \ x < y \ t |\ y" Andreas@47450: and rbt_greater_eq_trans: "u \ v \ v \| r \ u \| r" Andreas@47450: and rbt_greater_trans: "x < y \ y \| t \ x \| t" Andreas@47450: by (auto simp: rbt_ord_props) krauss@26192: Andreas@47450: primrec rbt_sorted :: "('a, 'b) rbt \ bool" krauss@26192: where Andreas@47450: "rbt_sorted Empty = True" Andreas@47450: | "rbt_sorted (Branch c l k v r) = (l |\ k \ k \| r \ rbt_sorted l \ rbt_sorted r)" Andreas@47450: Andreas@47450: end krauss@26192: Andreas@47450: context linorder begin Andreas@47450: Andreas@47450: lemma rbt_sorted_entries: Andreas@47450: "rbt_sorted t \ List.sorted (List.map fst (entries t))" haftmann@35550: by (induct t) Andreas@47450: (force simp: sorted_append sorted_Cons rbt_ord_props haftmann@35550: dest!: entry_in_tree_keys)+ haftmann@35550: haftmann@35550: lemma distinct_entries: Andreas@47450: "rbt_sorted t \ distinct (List.map fst (entries t))" haftmann@35550: by (induct t) Andreas@47450: (force simp: sorted_append sorted_Cons rbt_ord_props haftmann@35550: dest!: entry_in_tree_keys)+ haftmann@35550: kuncar@48621: lemma distinct_keys: kuncar@48621: "rbt_sorted t \ distinct (keys t)" kuncar@48621: by (simp add: distinct_entries keys_def) kuncar@48621: kuncar@48621: haftmann@35550: subsubsection {* Tree lookup *} haftmann@35550: Andreas@47450: primrec (in ord) rbt_lookup :: "('a, 'b) rbt \ 'a \ 'b" haftmann@35534: where Andreas@47450: "rbt_lookup Empty k = None" Andreas@47450: | "rbt_lookup (Branch _ l x y r) k = Andreas@47450: (if k < x then rbt_lookup l k else if x < k then rbt_lookup r k else Some y)" haftmann@35534: Andreas@47450: lemma rbt_lookup_keys: "rbt_sorted t \ dom (rbt_lookup t) = set (keys t)" Andreas@47450: by (induct t) (auto simp: dom_def rbt_greater_prop rbt_less_prop) haftmann@35550: Andreas@47450: lemma dom_rbt_lookup_Branch: Andreas@47450: "rbt_sorted (Branch c t1 k v t2) \ Andreas@47450: dom (rbt_lookup (Branch c t1 k v t2)) Andreas@47450: = Set.insert k (dom (rbt_lookup t1) \ dom (rbt_lookup t2))" haftmann@35550: proof - Andreas@47450: assume "rbt_sorted (Branch c t1 k v t2)" Andreas@47450: moreover from this have "rbt_sorted t1" "rbt_sorted t2" by simp_all Andreas@47450: ultimately show ?thesis by (simp add: rbt_lookup_keys) haftmann@35550: qed haftmann@35550: Andreas@47450: lemma finite_dom_rbt_lookup [simp, intro!]: "finite (dom (rbt_lookup t))" haftmann@35550: proof (induct t) haftmann@35550: case Empty then show ?case by simp haftmann@35550: next haftmann@35550: case (Branch color t1 a b t2) Andreas@47450: let ?A = "Set.insert a (dom (rbt_lookup t1) \ dom (rbt_lookup t2))" Andreas@47450: have "dom (rbt_lookup (Branch color t1 a b t2)) \ ?A" by (auto split: split_if_asm) Andreas@47450: moreover from Branch have "finite (insert a (dom (rbt_lookup t1) \ dom (rbt_lookup t2)))" by simp haftmann@35550: ultimately show ?case by (rule finite_subset) haftmann@35550: qed haftmann@35550: Andreas@47450: end Andreas@47450: Andreas@47450: context ord begin Andreas@47450: Andreas@47450: lemma rbt_lookup_rbt_less[simp]: "t |\ k \ rbt_lookup t k = None" krauss@26192: by (induct t) auto krauss@26192: Andreas@47450: lemma rbt_lookup_rbt_greater[simp]: "k \| t \ rbt_lookup t k = None" krauss@26192: by (induct t) auto krauss@26192: Andreas@47450: lemma rbt_lookup_Empty: "rbt_lookup Empty = empty" krauss@26192: by (rule ext) simp krauss@26192: Andreas@47450: end Andreas@47450: Andreas@47450: context linorder begin Andreas@47450: haftmann@35618: lemma map_of_entries: Andreas@47450: "rbt_sorted t \ map_of (entries t) = rbt_lookup t" haftmann@35550: proof (induct t) Andreas@47450: case Empty thus ?case by (simp add: rbt_lookup_Empty) haftmann@35550: next haftmann@35550: case (Branch c t1 k v t2) Andreas@47450: have "rbt_lookup (Branch c t1 k v t2) = rbt_lookup t2 ++ [k\v] ++ rbt_lookup t1" haftmann@35550: proof (rule ext) haftmann@35550: fix x Andreas@47450: from Branch have RBT_SORTED: "rbt_sorted (Branch c t1 k v t2)" by simp Andreas@47450: let ?thesis = "rbt_lookup (Branch c t1 k v t2) x = (rbt_lookup t2 ++ [k \ v] ++ rbt_lookup t1) x" haftmann@35550: Andreas@47450: have DOM_T1: "!!k'. k'\dom (rbt_lookup t1) \ k>k'" haftmann@35550: proof - haftmann@35550: fix k' Andreas@47450: from RBT_SORTED have "t1 |\ k" by simp Andreas@47450: with rbt_less_prop have "\k'\set (keys t1). k>k'" by auto Andreas@47450: moreover assume "k'\dom (rbt_lookup t1)" Andreas@47450: ultimately show "k>k'" using rbt_lookup_keys RBT_SORTED by auto haftmann@35550: qed haftmann@35550: Andreas@47450: have DOM_T2: "!!k'. k'\dom (rbt_lookup t2) \ k| t2" by simp Andreas@47450: with rbt_greater_prop have "\k'\set (keys t2). kdom (rbt_lookup t2)" Andreas@47450: ultimately show "kdom [k\v]" by simp Andreas@47450: moreover have "x \ dom (rbt_lookup t2)" Andreas@47450: proof Andreas@47450: assume "x \ dom (rbt_lookup t2)" haftmann@35550: with DOM_T2 have "k v] x" by simp Andreas@47450: moreover have "x \ dom (rbt_lookup t1)" Andreas@47450: proof Andreas@47450: assume "x \ dom (rbt_lookup t1)" haftmann@35550: with DOM_T1 have "k>x" by blast haftmann@35550: thus False by simp haftmann@35550: qed haftmann@35550: ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps) haftmann@35550: } moreover { haftmann@35550: assume C: "x>k" Andreas@47450: hence "rbt_lookup (Branch c t1 k v t2) x = rbt_lookup t2 x" by (simp add: less_not_sym[of k x]) haftmann@35550: moreover from C have "x\dom [k\v]" by simp Andreas@47450: moreover have "x\dom (rbt_lookup t1)" proof Andreas@47450: assume "x\dom (rbt_lookup t1)" haftmann@35550: with DOM_T1 have "k>x" by simp haftmann@35550: with C show False by simp haftmann@35550: qed haftmann@35550: ultimately have ?thesis by (simp add: map_add_upd_left map_add_dom_app_simps) haftmann@35550: } ultimately show ?thesis using less_linear by blast haftmann@35550: qed Andreas@47450: also from Branch Andreas@47450: have "rbt_lookup t2 ++ [k \ v] ++ rbt_lookup t1 = map_of (entries (Branch c t1 k v t2))" by simp haftmann@35618: finally show ?case by simp haftmann@35550: qed haftmann@35550: Andreas@47450: lemma rbt_lookup_in_tree: "rbt_sorted t \ rbt_lookup t k = Some v \ (k, v) \ set (entries t)" haftmann@35618: by (simp add: map_of_entries [symmetric] distinct_entries) haftmann@35602: haftmann@35602: lemma set_entries_inject: Andreas@47450: assumes rbt_sorted: "rbt_sorted t1" "rbt_sorted t2" haftmann@35602: shows "set (entries t1) = set (entries t2) \ entries t1 = entries t2" haftmann@35602: proof - Andreas@47450: from rbt_sorted have "distinct (map fst (entries t1))" haftmann@35602: "distinct (map fst (entries t2))" haftmann@35602: by (auto intro: distinct_entries) Andreas@47450: with rbt_sorted show ?thesis Andreas@47450: by (auto intro: map_sorted_distinct_set_unique rbt_sorted_entries simp add: distinct_map) haftmann@35602: qed haftmann@35550: haftmann@35550: lemma entries_eqI: Andreas@47450: assumes rbt_sorted: "rbt_sorted t1" "rbt_sorted t2" Andreas@47450: assumes rbt_lookup: "rbt_lookup t1 = rbt_lookup t2" haftmann@35602: shows "entries t1 = entries t2" haftmann@35550: proof - Andreas@47450: from rbt_sorted rbt_lookup have "map_of (entries t1) = map_of (entries t2)" haftmann@35618: by (simp add: map_of_entries) Andreas@47450: with rbt_sorted have "set (entries t1) = set (entries t2)" haftmann@35602: by (simp add: map_of_inject_set distinct_entries) Andreas@47450: with rbt_sorted show ?thesis by (simp add: set_entries_inject) haftmann@35602: qed haftmann@35550: Andreas@47450: lemma entries_rbt_lookup: Andreas@47450: assumes "rbt_sorted t1" "rbt_sorted t2" Andreas@47450: shows "entries t1 = entries t2 \ rbt_lookup t1 = rbt_lookup t2" haftmann@35618: using assms by (auto intro: entries_eqI simp add: map_of_entries [symmetric]) haftmann@35602: Andreas@47450: lemma rbt_lookup_from_in_tree: Andreas@47450: assumes "rbt_sorted t1" "rbt_sorted t2" Andreas@47450: and "\v. (k, v) \ set (entries t1) \ (k, v) \ set (entries t2)" Andreas@47450: shows "rbt_lookup t1 k = rbt_lookup t2 k" haftmann@35602: proof - Andreas@47450: from assms have "k \ dom (rbt_lookup t1) \ k \ dom (rbt_lookup t2)" Andreas@47450: by (simp add: keys_entries rbt_lookup_keys) Andreas@47450: with assms show ?thesis by (auto simp add: rbt_lookup_in_tree [symmetric]) krauss@26192: qed krauss@26192: Andreas@47450: end haftmann@35550: haftmann@35550: subsubsection {* Red-black properties *} krauss@26192: haftmann@35534: primrec color_of :: "('a, 'b) rbt \ color" krauss@26192: where haftmann@35534: "color_of Empty = B" haftmann@35534: | "color_of (Branch c _ _ _ _) = c" krauss@26192: haftmann@35534: primrec bheight :: "('a,'b) rbt \ nat" haftmann@35534: where haftmann@35534: "bheight Empty = 0" haftmann@35534: | "bheight (Branch c lt k v rt) = (if c = B then Suc (bheight lt) else bheight lt)" haftmann@35534: haftmann@35534: primrec inv1 :: "('a, 'b) rbt \ bool" krauss@26192: where krauss@26192: "inv1 Empty = True" haftmann@35534: | "inv1 (Branch c lt k v rt) \ inv1 lt \ inv1 rt \ (c = B \ color_of lt = B \ color_of rt = B)" krauss@26192: haftmann@35534: primrec inv1l :: "('a, 'b) rbt \ bool" -- {* Weaker version *} krauss@26192: where krauss@26192: "inv1l Empty = True" haftmann@35534: | "inv1l (Branch c l k v r) = (inv1 l \ inv1 r)" krauss@26192: lemma [simp]: "inv1 t \ inv1l t" by (cases t) simp+ krauss@26192: haftmann@35534: primrec inv2 :: "('a, 'b) rbt \ bool" krauss@26192: where krauss@26192: "inv2 Empty = True" haftmann@35534: | "inv2 (Branch c lt k v rt) = (inv2 lt \ inv2 rt \ bheight lt = bheight rt)" krauss@26192: Andreas@47450: context ord begin krauss@26192: Andreas@47450: definition is_rbt :: "('a, 'b) rbt \ bool" where Andreas@47450: "is_rbt t \ inv1 t \ inv2 t \ color_of t = B \ rbt_sorted t" Andreas@47450: Andreas@47450: lemma is_rbt_rbt_sorted [simp]: Andreas@47450: "is_rbt t \ rbt_sorted t" by (simp add: is_rbt_def) krauss@26192: haftmann@35534: theorem Empty_is_rbt [simp]: haftmann@35534: "is_rbt Empty" by (simp add: is_rbt_def) krauss@26192: Andreas@47450: end krauss@26192: krauss@26192: subsection {* Insertion *} krauss@26192: krauss@26192: fun (* slow, due to massive case splitting *) krauss@26192: balance :: "('a,'b) rbt \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt" krauss@26192: where haftmann@35534: "balance (Branch R a w x b) s t (Branch R c y z d) = Branch R (Branch B a w x b) s t (Branch B c y z d)" | haftmann@35534: "balance (Branch R (Branch R a w x b) s t c) y z d = Branch R (Branch B a w x b) s t (Branch B c y z d)" | haftmann@35534: "balance (Branch R a w x (Branch R b s t c)) y z d = Branch R (Branch B a w x b) s t (Branch B c y z d)" | haftmann@35534: "balance a w x (Branch R b s t (Branch R c y z d)) = Branch R (Branch B a w x b) s t (Branch B c y z d)" | haftmann@35534: "balance a w x (Branch R (Branch R b s t c) y z d) = Branch R (Branch B a w x b) s t (Branch B c y z d)" | haftmann@35534: "balance a s t b = Branch B a s t b" krauss@26192: krauss@26192: lemma balance_inv1: "\inv1l l; inv1l r\ \ inv1 (balance l k v r)" krauss@26192: by (induct l k v r rule: balance.induct) auto krauss@26192: haftmann@35534: lemma balance_bheight: "bheight l = bheight r \ bheight (balance l k v r) = Suc (bheight l)" krauss@26192: by (induct l k v r rule: balance.induct) auto krauss@26192: krauss@26192: lemma balance_inv2: haftmann@35534: assumes "inv2 l" "inv2 r" "bheight l = bheight r" krauss@26192: shows "inv2 (balance l k v r)" krauss@26192: using assms krauss@26192: by (induct l k v r rule: balance.induct) auto krauss@26192: Andreas@47450: context ord begin Andreas@47450: Andreas@47450: lemma balance_rbt_greater[simp]: "(v \| balance a k x b) = (v \| a \ v \| b \ v < k)" krauss@26192: by (induct a k x b rule: balance.induct) auto krauss@26192: Andreas@47450: lemma balance_rbt_less[simp]: "(balance a k x b |\ v) = (a |\ v \ b |\ v \ k < v)" krauss@26192: by (induct a k x b rule: balance.induct) auto krauss@26192: Andreas@47450: end Andreas@47450: Andreas@47450: lemma (in linorder) balance_rbt_sorted: Andreas@47450: fixes k :: "'a" Andreas@47450: assumes "rbt_sorted l" "rbt_sorted r" "l |\ k" "k \| r" Andreas@47450: shows "rbt_sorted (balance l k v r)" krauss@26192: using assms proof (induct l k v r rule: balance.induct) krauss@26192: case ("2_2" a x w b y t c z s va vb vd vc) haftmann@35534: hence "y < z \ z \| Branch B va vb vd vc" Andreas@47450: by (auto simp add: rbt_ord_props) Andreas@47450: hence "y \| (Branch B va vb vd vc)" by (blast dest: rbt_greater_trans) krauss@26192: with "2_2" show ?case by simp krauss@26192: next krauss@26192: case ("3_2" va vb vd vc x w b y s c z) Andreas@47450: from "3_2" have "x < y \ Branch B va vb vd vc |\ x" haftmann@35534: by simp Andreas@47450: hence "Branch B va vb vd vc |\ y" by (blast dest: rbt_less_trans) krauss@26192: with "3_2" show ?case by simp krauss@26192: next krauss@26192: case ("3_3" x w b y s c z t va vb vd vc) Andreas@47450: from "3_3" have "y < z \ z \| Branch B va vb vd vc" by simp Andreas@47450: hence "y \| Branch B va vb vd vc" by (blast dest: rbt_greater_trans) krauss@26192: with "3_3" show ?case by simp krauss@26192: next krauss@26192: case ("3_4" vd ve vg vf x w b y s c z t va vb vii vc) Andreas@47450: hence "x < y \ Branch B vd ve vg vf |\ x" by simp Andreas@47450: hence 1: "Branch B vd ve vg vf |\ y" by (blast dest: rbt_less_trans) Andreas@47450: from "3_4" have "y < z \ z \| Branch B va vb vii vc" by simp Andreas@47450: hence "y \| Branch B va vb vii vc" by (blast dest: rbt_greater_trans) krauss@26192: with 1 "3_4" show ?case by simp krauss@26192: next krauss@26192: case ("4_2" va vb vd vc x w b y s c z t dd) Andreas@47450: hence "x < y \ Branch B va vb vd vc |\ x" by simp Andreas@47450: hence "Branch B va vb vd vc |\ y" by (blast dest: rbt_less_trans) krauss@26192: with "4_2" show ?case by simp krauss@26192: next krauss@26192: case ("5_2" x w b y s c z t va vb vd vc) Andreas@47450: hence "y < z \ z \| Branch B va vb vd vc" by simp Andreas@47450: hence "y \| Branch B va vb vd vc" by (blast dest: rbt_greater_trans) krauss@26192: with "5_2" show ?case by simp krauss@26192: next krauss@26192: case ("5_3" va vb vd vc x w b y s c z t) Andreas@47450: hence "x < y \ Branch B va vb vd vc |\ x" by simp Andreas@47450: hence "Branch B va vb vd vc |\ y" by (blast dest: rbt_less_trans) krauss@26192: with "5_3" show ?case by simp krauss@26192: next krauss@26192: case ("5_4" va vb vg vc x w b y s c z t vd ve vii vf) Andreas@47450: hence "x < y \ Branch B va vb vg vc |\ x" by simp Andreas@47450: hence 1: "Branch B va vb vg vc |\ y" by (blast dest: rbt_less_trans) Andreas@47450: from "5_4" have "y < z \ z \| Branch B vd ve vii vf" by simp Andreas@47450: hence "y \| Branch B vd ve vii vf" by (blast dest: rbt_greater_trans) krauss@26192: with 1 "5_4" show ?case by simp krauss@26192: qed simp+ krauss@26192: haftmann@35550: lemma entries_balance [simp]: haftmann@35550: "entries (balance l k v r) = entries l @ (k, v) # entries r" haftmann@35550: by (induct l k v r rule: balance.induct) auto krauss@26192: haftmann@35550: lemma keys_balance [simp]: haftmann@35550: "keys (balance l k v r) = keys l @ k # keys r" haftmann@35550: by (simp add: keys_def) haftmann@35550: haftmann@35550: lemma balance_in_tree: haftmann@35550: "entry_in_tree k x (balance l v y r) \ entry_in_tree k x l \ k = v \ x = y \ entry_in_tree k x r" haftmann@35550: by (auto simp add: keys_def) krauss@26192: Andreas@47450: lemma (in linorder) rbt_lookup_balance[simp]: Andreas@47450: fixes k :: "'a" Andreas@47450: assumes "rbt_sorted l" "rbt_sorted r" "l |\ k" "k \| r" Andreas@47450: shows "rbt_lookup (balance l k v r) x = rbt_lookup (Branch B l k v r) x" Andreas@47450: by (rule rbt_lookup_from_in_tree) (auto simp:assms balance_in_tree balance_rbt_sorted) krauss@26192: krauss@26192: primrec paint :: "color \ ('a,'b) rbt \ ('a,'b) rbt" krauss@26192: where krauss@26192: "paint c Empty = Empty" haftmann@35534: | "paint c (Branch _ l k v r) = Branch c l k v r" krauss@26192: krauss@26192: lemma paint_inv1l[simp]: "inv1l t \ inv1l (paint c t)" by (cases t) auto krauss@26192: lemma paint_inv1[simp]: "inv1l t \ inv1 (paint B t)" by (cases t) auto krauss@26192: lemma paint_inv2[simp]: "inv2 t \ inv2 (paint c t)" by (cases t) auto haftmann@35534: lemma paint_color_of[simp]: "color_of (paint B t) = B" by (cases t) auto haftmann@35550: lemma paint_in_tree[simp]: "entry_in_tree k x (paint c t) = entry_in_tree k x t" by (cases t) auto Andreas@47450: Andreas@47450: context ord begin Andreas@47450: Andreas@47450: lemma paint_rbt_sorted[simp]: "rbt_sorted t \ rbt_sorted (paint c t)" by (cases t) auto Andreas@47450: lemma paint_rbt_lookup[simp]: "rbt_lookup (paint c t) = rbt_lookup t" by (rule ext) (cases t, auto) Andreas@47450: lemma paint_rbt_greater[simp]: "(v \| paint c t) = (v \| t)" by (cases t) auto Andreas@47450: lemma paint_rbt_less[simp]: "(paint c t |\ v) = (t |\ v)" by (cases t) auto krauss@26192: krauss@26192: fun Andreas@47450: rbt_ins :: "('a \ 'b \ 'b \ 'b) \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt" krauss@26192: where Andreas@47450: "rbt_ins f k v Empty = Branch R Empty k v Empty" | Andreas@47450: "rbt_ins f k v (Branch B l x y r) = (if k < x then balance (rbt_ins f k v l) x y r Andreas@47450: else if k > x then balance l x y (rbt_ins f k v r) Andreas@47450: else Branch B l x (f k y v) r)" | Andreas@47450: "rbt_ins f k v (Branch R l x y r) = (if k < x then Branch R (rbt_ins f k v l) x y r Andreas@47450: else if k > x then Branch R l x y (rbt_ins f k v r) Andreas@47450: else Branch R l x (f k y v) r)" krauss@26192: krauss@26192: lemma ins_inv1_inv2: krauss@26192: assumes "inv1 t" "inv2 t" Andreas@47450: shows "inv2 (rbt_ins f k x t)" "bheight (rbt_ins f k x t) = bheight t" Andreas@47450: "color_of t = B \ inv1 (rbt_ins f k x t)" "inv1l (rbt_ins f k x t)" krauss@26192: using assms Andreas@47450: by (induct f k x t rule: rbt_ins.induct) (auto simp: balance_inv1 balance_inv2 balance_bheight) Andreas@47450: Andreas@47450: end Andreas@47450: Andreas@47450: context linorder begin krauss@26192: Andreas@47450: lemma ins_rbt_greater[simp]: "(v \| rbt_ins f (k :: 'a) x t) = (v \| t \ k > v)" Andreas@47450: by (induct f k x t rule: rbt_ins.induct) auto Andreas@47450: lemma ins_rbt_less[simp]: "(rbt_ins f k x t |\ v) = (t |\ v \ k < v)" Andreas@47450: by (induct f k x t rule: rbt_ins.induct) auto Andreas@47450: lemma ins_rbt_sorted[simp]: "rbt_sorted t \ rbt_sorted (rbt_ins f k x t)" Andreas@47450: by (induct f k x t rule: rbt_ins.induct) (auto simp: balance_rbt_sorted) krauss@26192: Andreas@47450: lemma keys_ins: "set (keys (rbt_ins f k v t)) = { k } \ set (keys t)" Andreas@47450: by (induct f k v t rule: rbt_ins.induct) auto krauss@26192: Andreas@47450: lemma rbt_lookup_ins: Andreas@47450: fixes k :: "'a" Andreas@47450: assumes "rbt_sorted t" Andreas@47450: shows "rbt_lookup (rbt_ins f k v t) x = ((rbt_lookup t)(k |-> case rbt_lookup t k of None \ v Andreas@47450: | Some w \ f k w v)) x" Andreas@47450: using assms by (induct f k v t rule: rbt_ins.induct) auto Andreas@47450: Andreas@47450: end Andreas@47450: Andreas@47450: context ord begin Andreas@47450: Andreas@47450: definition rbt_insert_with_key :: "('a \ 'b \ 'b \ 'b) \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt" Andreas@47450: where "rbt_insert_with_key f k v t = paint B (rbt_ins f k v t)" Andreas@47450: Andreas@47450: definition rbt_insertw_def: "rbt_insert_with f = rbt_insert_with_key (\_. f)" krauss@26192: Andreas@47450: definition rbt_insert :: "'a \ 'b \ ('a, 'b) rbt \ ('a, 'b) rbt" where Andreas@47450: "rbt_insert = rbt_insert_with_key (\_ _ nv. nv)" Andreas@47450: Andreas@47450: end Andreas@47450: Andreas@47450: context linorder begin krauss@26192: Andreas@47450: lemma rbt_insertwk_rbt_sorted: "rbt_sorted t \ rbt_sorted (rbt_insert_with_key f (k :: 'a) x t)" Andreas@47450: by (auto simp: rbt_insert_with_key_def) krauss@26192: Andreas@47450: theorem rbt_insertwk_is_rbt: haftmann@35534: assumes inv: "is_rbt t" Andreas@47450: shows "is_rbt (rbt_insert_with_key f k x t)" krauss@26192: using assms Andreas@47450: unfolding rbt_insert_with_key_def is_rbt_def krauss@26192: by (auto simp: ins_inv1_inv2) krauss@26192: Andreas@47450: lemma rbt_lookup_rbt_insertwk: Andreas@47450: assumes "rbt_sorted t" Andreas@47450: shows "rbt_lookup (rbt_insert_with_key f k v t) x = ((rbt_lookup t)(k |-> case rbt_lookup t k of None \ v krauss@26192: | Some w \ f k w v)) x" Andreas@47450: unfolding rbt_insert_with_key_def using assms Andreas@47450: by (simp add:rbt_lookup_ins) krauss@26192: Andreas@47450: lemma rbt_insertw_rbt_sorted: "rbt_sorted t \ rbt_sorted (rbt_insert_with f k v t)" Andreas@47450: by (simp add: rbt_insertwk_rbt_sorted rbt_insertw_def) Andreas@47450: theorem rbt_insertw_is_rbt: "is_rbt t \ is_rbt (rbt_insert_with f k v t)" Andreas@47450: by (simp add: rbt_insertwk_is_rbt rbt_insertw_def) krauss@26192: Andreas@47450: lemma rbt_lookup_rbt_insertw: haftmann@35534: assumes "is_rbt t" Andreas@47450: shows "rbt_lookup (rbt_insert_with f k v t) = (rbt_lookup t)(k \ (if k:dom (rbt_lookup t) then f (the (rbt_lookup t k)) v else v))" krauss@26192: using assms Andreas@47450: unfolding rbt_insertw_def Andreas@47450: by (rule_tac ext) (cases "rbt_lookup t k", auto simp:rbt_lookup_rbt_insertwk dom_def) krauss@26192: Andreas@47450: lemma rbt_insert_rbt_sorted: "rbt_sorted t \ rbt_sorted (rbt_insert k v t)" Andreas@47450: by (simp add: rbt_insertwk_rbt_sorted rbt_insert_def) Andreas@47450: theorem rbt_insert_is_rbt [simp]: "is_rbt t \ is_rbt (rbt_insert k v t)" Andreas@47450: by (simp add: rbt_insertwk_is_rbt rbt_insert_def) krauss@26192: Andreas@47450: lemma rbt_lookup_rbt_insert: haftmann@35534: assumes "is_rbt t" Andreas@47450: shows "rbt_lookup (rbt_insert k v t) = (rbt_lookup t)(k\v)" Andreas@47450: unfolding rbt_insert_def krauss@26192: using assms Andreas@47450: by (rule_tac ext) (simp add: rbt_lookup_rbt_insertwk split:option.split) krauss@26192: Andreas@47450: end krauss@26192: krauss@26192: subsection {* Deletion *} krauss@26192: haftmann@35534: lemma bheight_paintR'[simp]: "color_of t = B \ bheight (paint R t) = bheight t - 1" krauss@26192: by (cases t rule: rbt_cases) auto krauss@26192: krauss@26192: fun haftmann@35550: balance_left :: "('a,'b) rbt \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt" krauss@26192: where haftmann@35550: "balance_left (Branch R a k x b) s y c = Branch R (Branch B a k x b) s y c" | haftmann@35550: "balance_left bl k x (Branch B a s y b) = balance bl k x (Branch R a s y b)" | haftmann@35550: "balance_left bl k x (Branch R (Branch B a s y b) t z c) = Branch R (Branch B bl k x a) s y (balance b t z (paint R c))" | haftmann@35550: "balance_left t k x s = Empty" krauss@26192: haftmann@35550: lemma balance_left_inv2_with_inv1: haftmann@35534: assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "inv1 rt" haftmann@35550: shows "bheight (balance_left lt k v rt) = bheight lt + 1" haftmann@35550: and "inv2 (balance_left lt k v rt)" krauss@26192: using assms haftmann@35550: by (induct lt k v rt rule: balance_left.induct) (auto simp: balance_inv2 balance_bheight) krauss@26192: haftmann@35550: lemma balance_left_inv2_app: haftmann@35534: assumes "inv2 lt" "inv2 rt" "bheight lt + 1 = bheight rt" "color_of rt = B" haftmann@35550: shows "inv2 (balance_left lt k v rt)" haftmann@35550: "bheight (balance_left lt k v rt) = bheight rt" krauss@26192: using assms haftmann@35550: by (induct lt k v rt rule: balance_left.induct) (auto simp add: balance_inv2 balance_bheight)+ krauss@26192: haftmann@35550: lemma balance_left_inv1: "\inv1l a; inv1 b; color_of b = B\ \ inv1 (balance_left a k x b)" haftmann@35550: by (induct a k x b rule: balance_left.induct) (simp add: balance_inv1)+ krauss@26192: haftmann@35550: lemma balance_left_inv1l: "\ inv1l lt; inv1 rt \ \ inv1l (balance_left lt k x rt)" haftmann@35550: by (induct lt k x rt rule: balance_left.induct) (auto simp: balance_inv1) krauss@26192: Andreas@47450: lemma (in linorder) balance_left_rbt_sorted: Andreas@47450: "\ rbt_sorted l; rbt_sorted r; rbt_less k l; k \| r \ \ rbt_sorted (balance_left l k v r)" haftmann@35550: apply (induct l k v r rule: balance_left.induct) Andreas@47450: apply (auto simp: balance_rbt_sorted) Andreas@47450: apply (unfold rbt_greater_prop rbt_less_prop) krauss@26192: by force+ krauss@26192: Andreas@47450: context order begin Andreas@47450: Andreas@47450: lemma balance_left_rbt_greater: Andreas@47450: fixes k :: "'a" krauss@26192: assumes "k \| a" "k \| b" "k < x" haftmann@35550: shows "k \| balance_left a x t b" krauss@26192: using assms haftmann@35550: by (induct a x t b rule: balance_left.induct) auto krauss@26192: Andreas@47450: lemma balance_left_rbt_less: Andreas@47450: fixes k :: "'a" krauss@26192: assumes "a |\ k" "b |\ k" "x < k" haftmann@35550: shows "balance_left a x t b |\ k" krauss@26192: using assms haftmann@35550: by (induct a x t b rule: balance_left.induct) auto krauss@26192: Andreas@47450: end Andreas@47450: haftmann@35550: lemma balance_left_in_tree: haftmann@35534: assumes "inv1l l" "inv1 r" "bheight l + 1 = bheight r" haftmann@35550: shows "entry_in_tree k v (balance_left l a b r) = (entry_in_tree k v l \ k = a \ v = b \ entry_in_tree k v r)" krauss@26192: using assms haftmann@35550: by (induct l k v r rule: balance_left.induct) (auto simp: balance_in_tree) krauss@26192: krauss@26192: fun haftmann@35550: balance_right :: "('a,'b) rbt \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt" krauss@26192: where haftmann@35550: "balance_right a k x (Branch R b s y c) = Branch R a k x (Branch B b s y c)" | haftmann@35550: "balance_right (Branch B a k x b) s y bl = balance (Branch R a k x b) s y bl" | haftmann@35550: "balance_right (Branch R a k x (Branch B b s y c)) t z bl = Branch R (balance (paint R a) k x b) s y (Branch B c t z bl)" | haftmann@35550: "balance_right t k x s = Empty" krauss@26192: haftmann@35550: lemma balance_right_inv2_with_inv1: haftmann@35534: assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt + 1" "inv1 lt" haftmann@35550: shows "inv2 (balance_right lt k v rt) \ bheight (balance_right lt k v rt) = bheight lt" krauss@26192: using assms haftmann@35550: by (induct lt k v rt rule: balance_right.induct) (auto simp: balance_inv2 balance_bheight) krauss@26192: haftmann@35550: lemma balance_right_inv1: "\inv1 a; inv1l b; color_of a = B\ \ inv1 (balance_right a k x b)" haftmann@35550: by (induct a k x b rule: balance_right.induct) (simp add: balance_inv1)+ krauss@26192: haftmann@35550: lemma balance_right_inv1l: "\ inv1 lt; inv1l rt \ \inv1l (balance_right lt k x rt)" haftmann@35550: by (induct lt k x rt rule: balance_right.induct) (auto simp: balance_inv1) krauss@26192: Andreas@47450: lemma (in linorder) balance_right_rbt_sorted: Andreas@47450: "\ rbt_sorted l; rbt_sorted r; rbt_less k l; k \| r \ \ rbt_sorted (balance_right l k v r)" haftmann@35550: apply (induct l k v r rule: balance_right.induct) Andreas@47450: apply (auto simp:balance_rbt_sorted) Andreas@47450: apply (unfold rbt_less_prop rbt_greater_prop) krauss@26192: by force+ krauss@26192: Andreas@47450: context order begin Andreas@47450: Andreas@47450: lemma balance_right_rbt_greater: Andreas@47450: fixes k :: "'a" krauss@26192: assumes "k \| a" "k \| b" "k < x" haftmann@35550: shows "k \| balance_right a x t b" haftmann@35550: using assms by (induct a x t b rule: balance_right.induct) auto krauss@26192: Andreas@47450: lemma balance_right_rbt_less: Andreas@47450: fixes k :: "'a" krauss@26192: assumes "a |\ k" "b |\ k" "x < k" haftmann@35550: shows "balance_right a x t b |\ k" haftmann@35550: using assms by (induct a x t b rule: balance_right.induct) auto krauss@26192: Andreas@47450: end Andreas@47450: haftmann@35550: lemma balance_right_in_tree: haftmann@35534: assumes "inv1 l" "inv1l r" "bheight l = bheight r + 1" "inv2 l" "inv2 r" haftmann@35550: shows "entry_in_tree x y (balance_right l k v r) = (entry_in_tree x y l \ x = k \ y = v \ entry_in_tree x y r)" haftmann@35550: using assms by (induct l k v r rule: balance_right.induct) (auto simp: balance_in_tree) krauss@26192: krauss@26192: fun haftmann@35550: combine :: "('a,'b) rbt \ ('a,'b) rbt \ ('a,'b) rbt" krauss@26192: where haftmann@35550: "combine Empty x = x" haftmann@35550: | "combine x Empty = x" haftmann@35550: | "combine (Branch R a k x b) (Branch R c s y d) = (case (combine b c) of Andreas@47450: Branch R b2 t z c2 \ (Branch R (Branch R a k x b2) t z (Branch R c2 s y d)) | Andreas@47450: bc \ Branch R a k x (Branch R bc s y d))" haftmann@35550: | "combine (Branch B a k x b) (Branch B c s y d) = (case (combine b c) of Andreas@47450: Branch R b2 t z c2 \ Branch R (Branch B a k x b2) t z (Branch B c2 s y d) | Andreas@47450: bc \ balance_left a k x (Branch B bc s y d))" haftmann@35550: | "combine a (Branch R b k x c) = Branch R (combine a b) k x c" haftmann@35550: | "combine (Branch R a k x b) c = Branch R a k x (combine b c)" krauss@26192: haftmann@35550: lemma combine_inv2: haftmann@35534: assumes "inv2 lt" "inv2 rt" "bheight lt = bheight rt" haftmann@35550: shows "bheight (combine lt rt) = bheight lt" "inv2 (combine lt rt)" krauss@26192: using assms haftmann@35550: by (induct lt rt rule: combine.induct) haftmann@35550: (auto simp: balance_left_inv2_app split: rbt.splits color.splits) krauss@26192: haftmann@35550: lemma combine_inv1: krauss@26192: assumes "inv1 lt" "inv1 rt" haftmann@35550: shows "color_of lt = B \ color_of rt = B \ inv1 (combine lt rt)" haftmann@35550: "inv1l (combine lt rt)" krauss@26192: using assms haftmann@35550: by (induct lt rt rule: combine.induct) haftmann@35550: (auto simp: balance_left_inv1 split: rbt.splits color.splits) krauss@26192: Andreas@47450: context linorder begin Andreas@47450: Andreas@47450: lemma combine_rbt_greater[simp]: Andreas@47450: fixes k :: "'a" krauss@26192: assumes "k \| l" "k \| r" haftmann@35550: shows "k \| combine l r" krauss@26192: using assms haftmann@35550: by (induct l r rule: combine.induct) Andreas@47450: (auto simp: balance_left_rbt_greater split:rbt.splits color.splits) krauss@26192: Andreas@47450: lemma combine_rbt_less[simp]: Andreas@47450: fixes k :: "'a" krauss@26192: assumes "l |\ k" "r |\ k" haftmann@35550: shows "combine l r |\ k" krauss@26192: using assms haftmann@35550: by (induct l r rule: combine.induct) Andreas@47450: (auto simp: balance_left_rbt_less split:rbt.splits color.splits) krauss@26192: Andreas@47450: lemma combine_rbt_sorted: Andreas@47450: fixes k :: "'a" Andreas@47450: assumes "rbt_sorted l" "rbt_sorted r" "l |\ k" "k \| r" Andreas@47450: shows "rbt_sorted (combine l r)" haftmann@35550: using assms proof (induct l r rule: combine.induct) krauss@26192: case (3 a x v b c y w d) krauss@26192: hence ineqs: "a |\ x" "x \| b" "b |\ k" "k \| c" "c |\ y" "y \| d" krauss@26192: by auto krauss@26192: with 3 krauss@26192: show ?case haftmann@35550: by (cases "combine b c" rule: rbt_cases) Andreas@47450: (auto, (metis combine_rbt_greater combine_rbt_less ineqs ineqs rbt_less_simps(2) rbt_greater_simps(2) rbt_greater_trans rbt_less_trans)+) krauss@26192: next krauss@26192: case (4 a x v b c y w d) Andreas@47450: hence "x < k \ rbt_greater k c" by simp Andreas@47450: hence "rbt_greater x c" by (blast dest: rbt_greater_trans) Andreas@47450: with 4 have 2: "rbt_greater x (combine b c)" by (simp add: combine_rbt_greater) Andreas@47450: from 4 have "k < y \ rbt_less k b" by simp Andreas@47450: hence "rbt_less y b" by (blast dest: rbt_less_trans) Andreas@47450: with 4 have 3: "rbt_less y (combine b c)" by (simp add: combine_rbt_less) krauss@26192: show ?case haftmann@35550: proof (cases "combine b c" rule: rbt_cases) krauss@26192: case Empty Andreas@47450: from 4 have "x < y \ rbt_greater y d" by auto Andreas@47450: hence "rbt_greater x d" by (blast dest: rbt_greater_trans) Andreas@47450: with 4 Empty have "rbt_sorted a" and "rbt_sorted (Branch B Empty y w d)" Andreas@47450: and "rbt_less x a" and "rbt_greater x (Branch B Empty y w d)" by auto Andreas@47450: with Empty show ?thesis by (simp add: balance_left_rbt_sorted) krauss@26192: next krauss@26192: case (Red lta va ka rta) Andreas@47450: with 2 4 have "x < va \ rbt_less x a" by simp Andreas@47450: hence 5: "rbt_less va a" by (blast dest: rbt_less_trans) Andreas@47450: from Red 3 4 have "va < y \ rbt_greater y d" by simp Andreas@47450: hence "rbt_greater va d" by (blast dest: rbt_greater_trans) krauss@26192: with Red 2 3 4 5 show ?thesis by simp krauss@26192: next krauss@26192: case (Black lta va ka rta) Andreas@47450: from 4 have "x < y \ rbt_greater y d" by auto Andreas@47450: hence "rbt_greater x d" by (blast dest: rbt_greater_trans) Andreas@47450: with Black 2 3 4 have "rbt_sorted a" and "rbt_sorted (Branch B (combine b c) y w d)" Andreas@47450: and "rbt_less x a" and "rbt_greater x (Branch B (combine b c) y w d)" by auto Andreas@47450: with Black show ?thesis by (simp add: balance_left_rbt_sorted) krauss@26192: qed krauss@26192: next krauss@26192: case (5 va vb vd vc b x w c) Andreas@47450: hence "k < x \ rbt_less k (Branch B va vb vd vc)" by simp Andreas@47450: hence "rbt_less x (Branch B va vb vd vc)" by (blast dest: rbt_less_trans) Andreas@47450: with 5 show ?case by (simp add: combine_rbt_less) krauss@26192: next krauss@26192: case (6 a x v b va vb vd vc) Andreas@47450: hence "x < k \ rbt_greater k (Branch B va vb vd vc)" by simp Andreas@47450: hence "rbt_greater x (Branch B va vb vd vc)" by (blast dest: rbt_greater_trans) Andreas@47450: with 6 show ?case by (simp add: combine_rbt_greater) krauss@26192: qed simp+ krauss@26192: Andreas@47450: end Andreas@47450: haftmann@35550: lemma combine_in_tree: haftmann@35534: assumes "inv2 l" "inv2 r" "bheight l = bheight r" "inv1 l" "inv1 r" haftmann@35550: shows "entry_in_tree k v (combine l r) = (entry_in_tree k v l \ entry_in_tree k v r)" krauss@26192: using assms haftmann@35550: proof (induct l r rule: combine.induct) krauss@26192: case (4 _ _ _ b c) haftmann@35550: hence a: "bheight (combine b c) = bheight b" by (simp add: combine_inv2) haftmann@35550: from 4 have b: "inv1l (combine b c)" by (simp add: combine_inv1) krauss@26192: krauss@26192: show ?case haftmann@35550: proof (cases "combine b c" rule: rbt_cases) krauss@26192: case Empty haftmann@35550: with 4 a show ?thesis by (auto simp: balance_left_in_tree) krauss@26192: next krauss@26192: case (Red lta ka va rta) krauss@26192: with 4 show ?thesis by auto krauss@26192: next krauss@26192: case (Black lta ka va rta) haftmann@35550: with a b 4 show ?thesis by (auto simp: balance_left_in_tree) krauss@26192: qed krauss@26192: qed (auto split: rbt.splits color.splits) krauss@26192: Andreas@47450: context ord begin Andreas@47450: krauss@26192: fun Andreas@47450: rbt_del_from_left :: "'a \ ('a,'b) rbt \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt" and Andreas@47450: rbt_del_from_right :: "'a \ ('a,'b) rbt \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt" and Andreas@47450: rbt_del :: "'a\ ('a,'b) rbt \ ('a,'b) rbt" krauss@26192: where Andreas@47450: "rbt_del x Empty = Empty" | Andreas@47450: "rbt_del x (Branch c a y s b) = Andreas@47450: (if x < y then rbt_del_from_left x a y s b Andreas@47450: else (if x > y then rbt_del_from_right x a y s b else combine a b))" | Andreas@47450: "rbt_del_from_left x (Branch B lt z v rt) y s b = balance_left (rbt_del x (Branch B lt z v rt)) y s b" | Andreas@47450: "rbt_del_from_left x a y s b = Branch R (rbt_del x a) y s b" | Andreas@47450: "rbt_del_from_right x a y s (Branch B lt z v rt) = balance_right a y s (rbt_del x (Branch B lt z v rt))" | Andreas@47450: "rbt_del_from_right x a y s b = Branch R a y s (rbt_del x b)" Andreas@47450: Andreas@47450: end Andreas@47450: Andreas@47450: context linorder begin krauss@26192: krauss@26192: lemma krauss@26192: assumes "inv2 lt" "inv1 lt" krauss@26192: shows haftmann@35534: "\inv2 rt; bheight lt = bheight rt; inv1 rt\ \ Andreas@47450: inv2 (rbt_del_from_left x lt k v rt) \ Andreas@47450: bheight (rbt_del_from_left x lt k v rt) = bheight lt \ Andreas@47450: (color_of lt = B \ color_of rt = B \ inv1 (rbt_del_from_left x lt k v rt) \ Andreas@47450: (color_of lt \ B \ color_of rt \ B) \ inv1l (rbt_del_from_left x lt k v rt))" haftmann@35534: and "\inv2 rt; bheight lt = bheight rt; inv1 rt\ \ Andreas@47450: inv2 (rbt_del_from_right x lt k v rt) \ Andreas@47450: bheight (rbt_del_from_right x lt k v rt) = bheight lt \ Andreas@47450: (color_of lt = B \ color_of rt = B \ inv1 (rbt_del_from_right x lt k v rt) \ Andreas@47450: (color_of lt \ B \ color_of rt \ B) \ inv1l (rbt_del_from_right x lt k v rt))" Andreas@47450: and rbt_del_inv1_inv2: "inv2 (rbt_del x lt) \ (color_of lt = R \ bheight (rbt_del x lt) = bheight lt \ inv1 (rbt_del x lt) Andreas@47450: \ color_of lt = B \ bheight (rbt_del x lt) = bheight lt - 1 \ inv1l (rbt_del x lt))" krauss@26192: using assms Andreas@47450: proof (induct x lt k v rt and x lt k v rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct) krauss@26192: case (2 y c _ y') krauss@26192: have "y = y' \ y < y' \ y > y'" by auto krauss@26192: thus ?case proof (elim disjE) krauss@26192: assume "y = y'" haftmann@35550: with 2 show ?thesis by (cases c) (simp add: combine_inv2 combine_inv1)+ krauss@26192: next krauss@26192: assume "y < y'" krauss@26192: with 2 show ?thesis by (cases c) auto krauss@26192: next krauss@26192: assume "y' < y" krauss@26192: with 2 show ?thesis by (cases c) auto krauss@26192: qed krauss@26192: next krauss@26192: case (3 y lt z v rta y' ss bb) haftmann@35550: thus ?case by (cases "color_of (Branch B lt z v rta) = B \ color_of bb = B") (simp add: balance_left_inv2_with_inv1 balance_left_inv1 balance_left_inv1l)+ krauss@26192: next krauss@26192: case (5 y a y' ss lt z v rta) haftmann@35550: thus ?case by (cases "color_of a = B \ color_of (Branch B lt z v rta) = B") (simp add: balance_right_inv2_with_inv1 balance_right_inv1 balance_right_inv1l)+ krauss@26192: next haftmann@35534: case ("6_1" y a y' ss) thus ?case by (cases "color_of a = B \ color_of Empty = B") simp+ krauss@26192: qed auto krauss@26192: krauss@26192: lemma Andreas@47450: rbt_del_from_left_rbt_less: "\ lt |\ v; rt |\ v; k < v\ \ rbt_del_from_left x lt k y rt |\ v" Andreas@47450: and rbt_del_from_right_rbt_less: "\lt |\ v; rt |\ v; k < v\ \ rbt_del_from_right x lt k y rt |\ v" Andreas@47450: and rbt_del_rbt_less: "lt |\ v \ rbt_del x lt |\ v" Andreas@47450: by (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct) Andreas@47450: (auto simp: balance_left_rbt_less balance_right_rbt_less) krauss@26192: Andreas@47450: lemma rbt_del_from_left_rbt_greater: "\v \| lt; v \| rt; k > v\ \ v \| rbt_del_from_left x lt k y rt" Andreas@47450: and rbt_del_from_right_rbt_greater: "\v \| lt; v \| rt; k > v\ \ v \| rbt_del_from_right x lt k y rt" Andreas@47450: and rbt_del_rbt_greater: "v \| lt \ v \| rbt_del x lt" Andreas@47450: by (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct) Andreas@47450: (auto simp: balance_left_rbt_greater balance_right_rbt_greater) krauss@26192: Andreas@47450: lemma "\rbt_sorted lt; rbt_sorted rt; lt |\ k; k \| rt\ \ rbt_sorted (rbt_del_from_left x lt k y rt)" Andreas@47450: and "\rbt_sorted lt; rbt_sorted rt; lt |\ k; k \| rt\ \ rbt_sorted (rbt_del_from_right x lt k y rt)" Andreas@47450: and rbt_del_rbt_sorted: "rbt_sorted lt \ rbt_sorted (rbt_del x lt)" Andreas@47450: proof (induct x lt k y rt and x lt k y rt and x lt rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct) krauss@26192: case (3 x lta zz v rta yy ss bb) Andreas@47450: from 3 have "Branch B lta zz v rta |\ yy" by simp Andreas@47450: hence "rbt_del x (Branch B lta zz v rta) |\ yy" by (rule rbt_del_rbt_less) Andreas@47450: with 3 show ?case by (simp add: balance_left_rbt_sorted) krauss@26192: next krauss@26192: case ("4_2" x vaa vbb vdd vc yy ss bb) Andreas@47450: hence "Branch R vaa vbb vdd vc |\ yy" by simp Andreas@47450: hence "rbt_del x (Branch R vaa vbb vdd vc) |\ yy" by (rule rbt_del_rbt_less) krauss@26192: with "4_2" show ?case by simp krauss@26192: next krauss@26192: case (5 x aa yy ss lta zz v rta) Andreas@47450: hence "yy \| Branch B lta zz v rta" by simp Andreas@47450: hence "yy \| rbt_del x (Branch B lta zz v rta)" by (rule rbt_del_rbt_greater) Andreas@47450: with 5 show ?case by (simp add: balance_right_rbt_sorted) krauss@26192: next krauss@26192: case ("6_2" x aa yy ss vaa vbb vdd vc) Andreas@47450: hence "yy \| Branch R vaa vbb vdd vc" by simp Andreas@47450: hence "yy \| rbt_del x (Branch R vaa vbb vdd vc)" by (rule rbt_del_rbt_greater) krauss@26192: with "6_2" show ?case by simp Andreas@47450: qed (auto simp: combine_rbt_sorted) krauss@26192: Andreas@47450: lemma "\rbt_sorted lt; rbt_sorted rt; lt |\ kt; kt \| rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bheight lt = bheight rt; x < kt\ \ entry_in_tree k v (rbt_del_from_left x lt kt y rt) = (False \ (x \ k \ entry_in_tree k v (Branch c lt kt y rt)))" Andreas@47450: and "\rbt_sorted lt; rbt_sorted rt; lt |\ kt; kt \| rt; inv1 lt; inv1 rt; inv2 lt; inv2 rt; bheight lt = bheight rt; x > kt\ \ entry_in_tree k v (rbt_del_from_right x lt kt y rt) = (False \ (x \ k \ entry_in_tree k v (Branch c lt kt y rt)))" Andreas@47450: and rbt_del_in_tree: "\rbt_sorted t; inv1 t; inv2 t\ \ entry_in_tree k v (rbt_del x t) = (False \ (x \ k \ entry_in_tree k v t))" Andreas@47450: proof (induct x lt kt y rt and x lt kt y rt and x t rule: rbt_del_from_left_rbt_del_from_right_rbt_del.induct) krauss@26192: case (2 xx c aa yy ss bb) krauss@26192: have "xx = yy \ xx < yy \ xx > yy" by auto krauss@26192: from this 2 show ?case proof (elim disjE) krauss@26192: assume "xx = yy" krauss@26192: with 2 show ?thesis proof (cases "xx = k") krauss@26192: case True Andreas@47450: from 2 `xx = yy` `xx = k` have "rbt_sorted (Branch c aa yy ss bb) \ k = yy" by simp Andreas@47450: hence "\ entry_in_tree k v aa" "\ entry_in_tree k v bb" by (auto simp: rbt_less_nit rbt_greater_prop) haftmann@35550: with `xx = yy` 2 `xx = k` show ?thesis by (simp add: combine_in_tree) haftmann@35550: qed (simp add: combine_in_tree) krauss@26192: qed simp+ krauss@26192: next krauss@26192: case (3 xx lta zz vv rta yy ss bb) haftmann@35534: def mt[simp]: mt == "Branch B lta zz vv rta" krauss@26192: from 3 have "inv2 mt \ inv1 mt" by simp Andreas@47450: hence "inv2 (rbt_del xx mt) \ (color_of mt = R \ bheight (rbt_del xx mt) = bheight mt \ inv1 (rbt_del xx mt) \ color_of mt = B \ bheight (rbt_del xx mt) = bheight mt - 1 \ inv1l (rbt_del xx mt))" by (blast dest: rbt_del_inv1_inv2) Andreas@47450: with 3 have 4: "entry_in_tree k v (rbt_del_from_left xx mt yy ss bb) = (False \ xx \ k \ entry_in_tree k v mt \ (k = yy \ v = ss) \ entry_in_tree k v bb)" by (simp add: balance_left_in_tree) krauss@26192: thus ?case proof (cases "xx = k") krauss@26192: case True Andreas@47450: from 3 True have "yy \| bb \ yy > k" by simp Andreas@47450: hence "k \| bb" by (blast dest: rbt_greater_trans) Andreas@47450: with 3 4 True show ?thesis by (auto simp: rbt_greater_nit) krauss@26192: qed auto krauss@26192: next krauss@26192: case ("4_1" xx yy ss bb) krauss@26192: show ?case proof (cases "xx = k") krauss@26192: case True Andreas@47450: with "4_1" have "yy \| bb \ k < yy" by simp Andreas@47450: hence "k \| bb" by (blast dest: rbt_greater_trans) krauss@26192: with "4_1" `xx = k` Andreas@47450: have "entry_in_tree k v (Branch R Empty yy ss bb) = entry_in_tree k v Empty" by (auto simp: rbt_greater_nit) krauss@26192: thus ?thesis by auto krauss@26192: qed simp+ krauss@26192: next krauss@26192: case ("4_2" xx vaa vbb vdd vc yy ss bb) krauss@26192: thus ?case proof (cases "xx = k") krauss@26192: case True Andreas@47450: with "4_2" have "k < yy \ yy \| bb" by simp Andreas@47450: hence "k \| bb" by (blast dest: rbt_greater_trans) Andreas@47450: with True "4_2" show ?thesis by (auto simp: rbt_greater_nit) haftmann@35550: qed auto krauss@26192: next krauss@26192: case (5 xx aa yy ss lta zz vv rta) haftmann@35534: def mt[simp]: mt == "Branch B lta zz vv rta" krauss@26192: from 5 have "inv2 mt \ inv1 mt" by simp Andreas@47450: hence "inv2 (rbt_del xx mt) \ (color_of mt = R \ bheight (rbt_del xx mt) = bheight mt \ inv1 (rbt_del xx mt) \ color_of mt = B \ bheight (rbt_del xx mt) = bheight mt - 1 \ inv1l (rbt_del xx mt))" by (blast dest: rbt_del_inv1_inv2) Andreas@47450: with 5 have 3: "entry_in_tree k v (rbt_del_from_right xx aa yy ss mt) = (entry_in_tree k v aa \ (k = yy \ v = ss) \ False \ xx \ k \ entry_in_tree k v mt)" by (simp add: balance_right_in_tree) krauss@26192: thus ?case proof (cases "xx = k") krauss@26192: case True Andreas@47450: from 5 True have "aa |\ yy \ yy < k" by simp Andreas@47450: hence "aa |\ k" by (blast dest: rbt_less_trans) Andreas@47450: with 3 5 True show ?thesis by (auto simp: rbt_less_nit) krauss@26192: qed auto krauss@26192: next krauss@26192: case ("6_1" xx aa yy ss) krauss@26192: show ?case proof (cases "xx = k") krauss@26192: case True Andreas@47450: with "6_1" have "aa |\ yy \ k > yy" by simp Andreas@47450: hence "aa |\ k" by (blast dest: rbt_less_trans) Andreas@47450: with "6_1" `xx = k` show ?thesis by (auto simp: rbt_less_nit) krauss@26192: qed simp krauss@26192: next krauss@26192: case ("6_2" xx aa yy ss vaa vbb vdd vc) krauss@26192: thus ?case proof (cases "xx = k") krauss@26192: case True Andreas@47450: with "6_2" have "k > yy \ aa |\ yy" by simp Andreas@47450: hence "aa |\ k" by (blast dest: rbt_less_trans) Andreas@47450: with True "6_2" show ?thesis by (auto simp: rbt_less_nit) haftmann@35550: qed auto krauss@26192: qed simp krauss@26192: Andreas@47450: definition (in ord) rbt_delete where Andreas@47450: "rbt_delete k t = paint B (rbt_del k t)" krauss@26192: Andreas@47450: theorem rbt_delete_is_rbt [simp]: assumes "is_rbt t" shows "is_rbt (rbt_delete k t)" krauss@26192: proof - haftmann@35534: from assms have "inv2 t" and "inv1 t" unfolding is_rbt_def by auto Andreas@47450: hence "inv2 (rbt_del k t) \ (color_of t = R \ bheight (rbt_del k t) = bheight t \ inv1 (rbt_del k t) \ color_of t = B \ bheight (rbt_del k t) = bheight t - 1 \ inv1l (rbt_del k t))" by (rule rbt_del_inv1_inv2) Andreas@47450: hence "inv2 (rbt_del k t) \ inv1l (rbt_del k t)" by (cases "color_of t") auto krauss@26192: with assms show ?thesis Andreas@47450: unfolding is_rbt_def rbt_delete_def Andreas@47450: by (auto intro: paint_rbt_sorted rbt_del_rbt_sorted) krauss@26192: qed krauss@26192: Andreas@47450: lemma rbt_delete_in_tree: haftmann@35534: assumes "is_rbt t" Andreas@47450: shows "entry_in_tree k v (rbt_delete x t) = (x \ k \ entry_in_tree k v t)" Andreas@47450: using assms unfolding is_rbt_def rbt_delete_def Andreas@47450: by (auto simp: rbt_del_in_tree) krauss@26192: Andreas@47450: lemma rbt_lookup_rbt_delete: haftmann@35534: assumes is_rbt: "is_rbt t" Andreas@47450: shows "rbt_lookup (rbt_delete k t) = (rbt_lookup t)|`(-{k})" krauss@26192: proof krauss@26192: fix x Andreas@47450: show "rbt_lookup (rbt_delete k t) x = (rbt_lookup t |` (-{k})) x" krauss@26192: proof (cases "x = k") krauss@26192: assume "x = k" haftmann@35534: with is_rbt show ?thesis Andreas@47450: by (cases "rbt_lookup (rbt_delete k t) k") (auto simp: rbt_lookup_in_tree rbt_delete_in_tree) krauss@26192: next krauss@26192: assume "x \ k" krauss@26192: thus ?thesis Andreas@47450: by auto (metis is_rbt rbt_delete_is_rbt rbt_delete_in_tree is_rbt_rbt_sorted rbt_lookup_from_in_tree) krauss@26192: qed krauss@26192: qed krauss@26192: Andreas@47450: end haftmann@35550: krauss@26192: subsection {* Union *} krauss@26192: Andreas@47450: context ord begin Andreas@47450: Andreas@47450: primrec rbt_union_with_key :: "('a \ 'b \ 'b \ 'b) \ ('a,'b) rbt \ ('a,'b) rbt \ ('a,'b) rbt" krauss@26192: where Andreas@47450: "rbt_union_with_key f t Empty = t" Andreas@47450: | "rbt_union_with_key f t (Branch c lt k v rt) = rbt_union_with_key f (rbt_union_with_key f (rbt_insert_with_key f k v t) lt) rt" krauss@26192: Andreas@47450: definition rbt_union_with where Andreas@47450: "rbt_union_with f = rbt_union_with_key (\_. f)" Andreas@47450: Andreas@47450: definition rbt_union where Andreas@47450: "rbt_union = rbt_union_with_key (%_ _ rv. rv)" Andreas@47450: Andreas@47450: end krauss@26192: Andreas@47450: context linorder begin krauss@26192: Andreas@47450: lemma rbt_unionwk_rbt_sorted: "rbt_sorted lt \ rbt_sorted (rbt_union_with_key f lt rt)" Andreas@47450: by (induct rt arbitrary: lt) (auto simp: rbt_insertwk_rbt_sorted) Andreas@47450: theorem rbt_unionwk_is_rbt[simp]: "is_rbt lt \ is_rbt (rbt_union_with_key f lt rt)" Andreas@47450: by (induct rt arbitrary: lt) (simp add: rbt_insertwk_is_rbt)+ krauss@26192: Andreas@47450: theorem rbt_unionw_is_rbt: "is_rbt lt \ is_rbt (rbt_union_with f lt rt)" unfolding rbt_union_with_def by simp Andreas@47450: Andreas@47450: theorem rbt_union_is_rbt: "is_rbt lt \ is_rbt (rbt_union lt rt)" unfolding rbt_union_def by simp krauss@26192: Andreas@47450: lemma (in ord) rbt_union_Branch[simp]: Andreas@47450: "rbt_union t (Branch c lt k v rt) = rbt_union (rbt_union (rbt_insert k v t) lt) rt" Andreas@47450: unfolding rbt_union_def rbt_insert_def krauss@26192: by simp krauss@26192: Andreas@47450: lemma rbt_lookup_rbt_union: Andreas@47450: assumes "is_rbt s" "rbt_sorted t" Andreas@47450: shows "rbt_lookup (rbt_union s t) = rbt_lookup s ++ rbt_lookup t" krauss@26192: using assms krauss@26192: proof (induct t arbitrary: s) Andreas@47450: case Empty thus ?case by (auto simp: rbt_union_def) krauss@26192: next haftmann@35534: case (Branch c l k v r s) Andreas@47450: then have "rbt_sorted r" "rbt_sorted l" "l |\ k" "k \| r" by auto krauss@26192: Andreas@47450: have meq: "rbt_lookup s(k \ v) ++ rbt_lookup l ++ rbt_lookup r = Andreas@47450: rbt_lookup s ++ Andreas@47450: (\a. if a < k then rbt_lookup l a Andreas@47450: else if k < a then rbt_lookup r a else Some v)" (is "?m1 = ?m2") krauss@26192: proof (rule ext) krauss@26192: fix a krauss@26192: krauss@26192: have "k < a \ k = a \ k > a" by auto krauss@26192: thus "?m1 a = ?m2 a" krauss@26192: proof (elim disjE) krauss@26192: assume "k < a" Andreas@47450: with `l |\ k` have "l |\ a" by (rule rbt_less_trans) krauss@26192: with `k < a` show ?thesis krauss@26192: by (auto simp: map_add_def split: option.splits) krauss@26192: next krauss@26192: assume "k = a" krauss@26192: with `l |\ k` `k \| r` krauss@26192: show ?thesis by (auto simp: map_add_def) krauss@26192: next krauss@26192: assume "a < k" Andreas@47450: from this `k \| r` have "a \| r" by (rule rbt_greater_trans) krauss@26192: with `a < k` show ?thesis krauss@26192: by (auto simp: map_add_def split: option.splits) krauss@26192: qed krauss@26192: qed krauss@26192: kuncar@48621: from Branch have is_rbt: "is_rbt (rbt_union (rbt_insert k v s) l)" Andreas@47450: by (auto intro: rbt_union_is_rbt rbt_insert_is_rbt) haftmann@35550: with Branch have IHs: Andreas@47450: "rbt_lookup (rbt_union (rbt_union (rbt_insert k v s) l) r) = rbt_lookup (rbt_union (rbt_insert k v s) l) ++ rbt_lookup r" Andreas@47450: "rbt_lookup (rbt_union (rbt_insert k v s) l) = rbt_lookup (rbt_insert k v s) ++ rbt_lookup l" haftmann@35550: by auto krauss@26192: krauss@26192: with meq show ?case Andreas@47450: by (auto simp: rbt_lookup_rbt_insert[OF Branch(3)]) haftmann@35550: krauss@26192: qed krauss@26192: Andreas@47450: end haftmann@35550: haftmann@35550: subsection {* Modifying existing entries *} krauss@26192: Andreas@47450: context ord begin Andreas@47450: krauss@26192: primrec Andreas@47450: rbt_map_entry :: "'a \ ('b \ 'b) \ ('a, 'b) rbt \ ('a, 'b) rbt" krauss@26192: where Andreas@47450: "rbt_map_entry k f Empty = Empty" Andreas@47450: | "rbt_map_entry k f (Branch c lt x v rt) = Andreas@47450: (if k < x then Branch c (rbt_map_entry k f lt) x v rt Andreas@47450: else if k > x then (Branch c lt x v (rbt_map_entry k f rt)) haftmann@35602: else Branch c lt x (f v) rt)" krauss@26192: Andreas@47450: Andreas@47450: lemma rbt_map_entry_color_of: "color_of (rbt_map_entry k f t) = color_of t" by (induct t) simp+ Andreas@47450: lemma rbt_map_entry_inv1: "inv1 (rbt_map_entry k f t) = inv1 t" by (induct t) (simp add: rbt_map_entry_color_of)+ Andreas@47450: lemma rbt_map_entry_inv2: "inv2 (rbt_map_entry k f t) = inv2 t" "bheight (rbt_map_entry k f t) = bheight t" by (induct t) simp+ Andreas@47450: lemma rbt_map_entry_rbt_greater: "rbt_greater a (rbt_map_entry k f t) = rbt_greater a t" by (induct t) simp+ Andreas@47450: lemma rbt_map_entry_rbt_less: "rbt_less a (rbt_map_entry k f t) = rbt_less a t" by (induct t) simp+ Andreas@47450: lemma rbt_map_entry_rbt_sorted: "rbt_sorted (rbt_map_entry k f t) = rbt_sorted t" Andreas@47450: by (induct t) (simp_all add: rbt_map_entry_rbt_less rbt_map_entry_rbt_greater) krauss@26192: Andreas@47450: theorem rbt_map_entry_is_rbt [simp]: "is_rbt (rbt_map_entry k f t) = is_rbt t" Andreas@47450: unfolding is_rbt_def by (simp add: rbt_map_entry_inv2 rbt_map_entry_color_of rbt_map_entry_rbt_sorted rbt_map_entry_inv1 ) krauss@26192: Andreas@47450: end Andreas@47450: Andreas@47450: theorem (in linorder) rbt_lookup_rbt_map_entry: Andreas@47450: "rbt_lookup (rbt_map_entry k f t) = (rbt_lookup t)(k := Option.map f (rbt_lookup t k))" nipkow@39302: by (induct t) (auto split: option.splits simp add: fun_eq_iff) krauss@26192: haftmann@35550: subsection {* Mapping all entries *} krauss@26192: krauss@26192: primrec haftmann@35602: map :: "('a \ 'b \ 'c) \ ('a, 'b) rbt \ ('a, 'c) rbt" krauss@26192: where haftmann@35550: "map f Empty = Empty" haftmann@35550: | "map f (Branch c lt k v rt) = Branch c (map f lt) k (f k v) (map f rt)" krauss@32237: haftmann@35550: lemma map_entries [simp]: "entries (map f t) = List.map (\(k, v). (k, f k v)) (entries t)" haftmann@35550: by (induct t) auto haftmann@35550: lemma map_keys [simp]: "keys (map f t) = keys t" by (simp add: keys_def split_def) haftmann@35550: lemma map_color_of: "color_of (map f t) = color_of t" by (induct t) simp+ haftmann@35550: lemma map_inv1: "inv1 (map f t) = inv1 t" by (induct t) (simp add: map_color_of)+ haftmann@35550: lemma map_inv2: "inv2 (map f t) = inv2 t" "bheight (map f t) = bheight t" by (induct t) simp+ Andreas@47450: Andreas@47450: context ord begin Andreas@47450: Andreas@47450: lemma map_rbt_greater: "rbt_greater k (map f t) = rbt_greater k t" by (induct t) simp+ Andreas@47450: lemma map_rbt_less: "rbt_less k (map f t) = rbt_less k t" by (induct t) simp+ Andreas@47450: lemma map_rbt_sorted: "rbt_sorted (map f t) = rbt_sorted t" by (induct t) (simp add: map_rbt_less map_rbt_greater)+ haftmann@35550: theorem map_is_rbt [simp]: "is_rbt (map f t) = is_rbt t" Andreas@47450: unfolding is_rbt_def by (simp add: map_inv1 map_inv2 map_rbt_sorted map_color_of) krauss@32237: Andreas@47450: end krauss@26192: Andreas@47450: theorem (in linorder) rbt_lookup_map: "rbt_lookup (map f t) x = Option.map (f x) (rbt_lookup t x)" Andreas@47450: apply(induct t) Andreas@47450: apply auto Andreas@47450: apply(subgoal_tac "x = a") Andreas@47450: apply auto Andreas@47450: done Andreas@47450: (* FIXME: simproc "antisym less" does not work for linorder context, only for linorder type class Andreas@47450: by (induct t) auto *) haftmann@35550: haftmann@35550: subsection {* Folding over entries *} haftmann@35550: haftmann@35550: definition fold :: "('a \ 'b \ 'c \ 'c) \ ('a, 'b) rbt \ 'c \ 'c" where haftmann@46133: "fold f t = List.fold (prod_case f) (entries t)" krauss@26192: haftmann@35550: lemma fold_simps [simp, code]: haftmann@35550: "fold f Empty = id" haftmann@35550: "fold f (Branch c lt k v rt) = fold f rt \ f k v \ fold f lt" nipkow@39302: by (simp_all add: fold_def fun_eq_iff) haftmann@35534: kuncar@48621: (* fold with continuation predicate *) kuncar@48621: kuncar@48621: fun foldi :: "('c \ bool) \ ('a \ 'b \ 'c \ 'c) \ ('a :: linorder, 'b) rbt \ 'c \ 'c" kuncar@48621: where kuncar@48621: "foldi c f Empty s = s" | kuncar@48621: "foldi c f (Branch col l k v r) s = ( kuncar@48621: if (c s) then kuncar@48621: let s' = foldi c f l s in kuncar@48621: if (c s') then kuncar@48621: foldi c f r (f k v s') kuncar@48621: else s' kuncar@48621: else kuncar@48621: s kuncar@48621: )" haftmann@35606: haftmann@35606: subsection {* Bulkloading a tree *} haftmann@35606: Andreas@47450: definition (in ord) rbt_bulkload :: "('a \ 'b) list \ ('a, 'b) rbt" where Andreas@47450: "rbt_bulkload xs = foldr (\(k, v). rbt_insert k v) xs Empty" Andreas@47450: Andreas@47450: context linorder begin haftmann@35606: Andreas@47450: lemma rbt_bulkload_is_rbt [simp, intro]: Andreas@47450: "is_rbt (rbt_bulkload xs)" Andreas@47450: unfolding rbt_bulkload_def by (induct xs) auto haftmann@35606: Andreas@47450: lemma rbt_lookup_rbt_bulkload: Andreas@47450: "rbt_lookup (rbt_bulkload xs) = map_of xs" haftmann@35606: proof - haftmann@35606: obtain ys where "ys = rev xs" by simp haftmann@35606: have "\t. is_rbt t \ Andreas@47450: rbt_lookup (List.fold (prod_case rbt_insert) ys t) = rbt_lookup t ++ map_of (rev ys)" Andreas@47450: by (induct ys) (simp_all add: rbt_bulkload_def rbt_lookup_rbt_insert prod_case_beta) haftmann@35606: from this Empty_is_rbt have Andreas@47450: "rbt_lookup (List.fold (prod_case rbt_insert) (rev xs) Empty) = rbt_lookup Empty ++ map_of xs" haftmann@35606: by (simp add: `ys = rev xs`) Andreas@47450: then show ?thesis by (simp add: rbt_bulkload_def rbt_lookup_Empty foldr_conv_fold) haftmann@35606: qed haftmann@35606: Andreas@47450: end Andreas@47450: Andreas@47450: lemmas [code] = Andreas@47450: ord.rbt_less_prop Andreas@47450: ord.rbt_greater_prop Andreas@47450: ord.rbt_sorted.simps Andreas@47450: ord.rbt_lookup.simps Andreas@47450: ord.is_rbt_def Andreas@47450: ord.rbt_ins.simps Andreas@47450: ord.rbt_insert_with_key_def Andreas@47450: ord.rbt_insertw_def Andreas@47450: ord.rbt_insert_def Andreas@47450: ord.rbt_del_from_left.simps Andreas@47450: ord.rbt_del_from_right.simps Andreas@47450: ord.rbt_del.simps Andreas@47450: ord.rbt_delete_def Andreas@47450: ord.rbt_union_with_key.simps Andreas@47450: ord.rbt_union_with_def Andreas@47450: ord.rbt_union_def Andreas@47450: ord.rbt_map_entry.simps Andreas@47450: ord.rbt_bulkload_def Andreas@47450: Andreas@47450: text {* Restore original type constraints for constants *} Andreas@47450: setup {* Andreas@47450: fold Sign.add_const_constraint Andreas@47450: [(@{const_name rbt_less}, SOME @{typ "('a :: order) \ ('a, 'b) rbt \ bool"}), Andreas@47450: (@{const_name rbt_greater}, SOME @{typ "('a :: order) \ ('a, 'b) rbt \ bool"}), Andreas@47450: (@{const_name rbt_sorted}, SOME @{typ "('a :: linorder, 'b) rbt \ bool"}), Andreas@47450: (@{const_name rbt_lookup}, SOME @{typ "('a :: linorder, 'b) rbt \ 'a \ 'b"}), Andreas@47450: (@{const_name is_rbt}, SOME @{typ "('a :: linorder, 'b) rbt \ bool"}), Andreas@47450: (@{const_name rbt_ins}, SOME @{typ "('a\linorder \ 'b \ 'b \ 'b) \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_insert_with_key}, SOME @{typ "('a\linorder \ 'b \ 'b \ 'b) \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_insert_with}, SOME @{typ "('b \ 'b \ 'b) \ ('a :: linorder) \ 'b \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_insert}, SOME @{typ "('a :: linorder) \ 'b \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_del_from_left}, SOME @{typ "('a\linorder) \ ('a,'b) rbt \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_del_from_right}, SOME @{typ "('a\linorder) \ ('a,'b) rbt \ 'a \ 'b \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_del}, SOME @{typ "('a\linorder) \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_delete}, SOME @{typ "('a\linorder) \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_union_with_key}, SOME @{typ "('a\linorder \ 'b \ 'b \ 'b) \ ('a,'b) rbt \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_union_with}, SOME @{typ "('b \ 'b \ 'b) \ ('a\linorder,'b) rbt \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_union}, SOME @{typ "('a\linorder,'b) rbt \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_map_entry}, SOME @{typ "'a\linorder \ ('b \ 'b) \ ('a,'b) rbt \ ('a,'b) rbt"}), Andreas@47450: (@{const_name rbt_bulkload}, SOME @{typ "('a \ 'b) list \ ('a\linorder,'b) rbt"})] Andreas@47450: *} Andreas@47450: Andreas@47450: hide_const (open) R B Empty entries keys map fold krauss@26192: krauss@26192: end