# HG changeset patch # User paulson # Date 1693046185 -3600 # Node ID 7ed1759fe1bdbefd82c6be7e381549589ece652f # Parent d96dd69903fb3abd5bf55ee38cf82b473e6422f9 tidying up old apply-style proofs diff -r d96dd69903fb -r 7ed1759fe1bd src/HOL/Data_Structures/Array_Braun.thy --- a/src/HOL/Data_Structures/Array_Braun.thy Fri Aug 25 09:56:45 2023 +0100 +++ b/src/HOL/Data_Structures/Array_Braun.thy Sat Aug 26 11:36:25 2023 +0100 @@ -3,50 +3,49 @@ section "Arrays via Braun Trees" theory Array_Braun -imports - Array_Specs - Braun_Tree + imports + Array_Specs + Braun_Tree begin subsection "Array" fun lookup1 :: "'a tree \ nat \ 'a" where -"lookup1 (Node l x r) n = (if n=1 then x else lookup1 (if even n then l else r) (n div 2))" + "lookup1 (Node l x r) n = (if n=1 then x else lookup1 (if even n then l else r) (n div 2))" fun update1 :: "nat \ 'a \ 'a tree \ 'a tree" where -"update1 n x Leaf = Node Leaf x Leaf" | -"update1 n x (Node l a r) = + "update1 n x Leaf = Node Leaf x Leaf" | + "update1 n x (Node l a r) = (if n=1 then Node l x r else if even n then Node (update1 (n div 2) x l) a r else Node l a (update1 (n div 2) x r))" fun adds :: "'a list \ nat \ 'a tree \ 'a tree" where -"adds [] n t = t" | -"adds (x#xs) n t = adds xs (n+1) (update1 (n+1) x t)" + "adds [] n t = t" | + "adds (x#xs) n t = adds xs (n+1) (update1 (n+1) x t)" fun list :: "'a tree \ 'a list" where -"list Leaf = []" | -"list (Node l x r) = x # splice (list l) (list r)" + "list Leaf = []" | + "list (Node l x r) = x # splice (list l) (list r)" subsubsection "Functional Correctness" lemma size_list: "size(list t) = size t" -by(induction t)(auto) + by(induction t)(auto) lemma minus1_div2: "(n - Suc 0) div 2 = (if odd n then n div 2 else n div 2 - 1)" -by auto arith + by auto arith lemma nth_splice: "\ n < size xs + size ys; size ys \ size xs; size xs \ size ys + 1 \ \ splice xs ys ! n = (if even n then xs else ys) ! (n div 2)" -apply(induction xs ys arbitrary: n rule: splice.induct) -apply (auto simp: nth_Cons' minus1_div2) -done +proof(induction xs ys arbitrary: n rule: splice.induct) +qed (auto simp: nth_Cons' minus1_div2) lemma div2_in_bounds: "\ braun (Node l x r); n \ {1..size(Node l x r)}; n > 1 \ \ (odd n \ n div 2 \ {1..size r}) \ (even n \ n div 2 \ {1..size l})" -by auto arith + by auto arith declare upt_Suc[simp del] @@ -63,7 +62,7 @@ qed lemma list_eq_map_lookup1: "braun t \ list t = map (lookup1 t) [1..\<^const>\update1\\ @@ -96,18 +95,18 @@ qed lemma list_update1: "\ braun t; n \ {1.. size t} \ \ list(update1 n x t) = (list t)[n-1 := x]" -by(auto simp add: list_eq_map_lookup1 list_eq_iff_nth_eq lookup1_update1 size_update1 braun_update1) + by(auto simp add: list_eq_map_lookup1 list_eq_iff_nth_eq lookup1_update1 size_update1 braun_update1) text \A second proof of @{thm list_update1}:\ lemma diff1_eq_iff: "n > 0 \ n - Suc 0 = m \ n = m+1" -by arith + by arith lemma list_update_splice: "\ n < size xs + size ys; size ys \ size xs; size xs \ size ys + 1 \ \ (splice xs ys) [n := x] = (if even n then splice (xs[n div 2 := x]) ys else splice xs (ys[n div 2 := x]))" -by(induction xs ys arbitrary: n rule: splice.induct) (auto split: nat.split) + by(induction xs ys arbitrary: n rule: splice.induct) (auto split: nat.split) lemma list_update2: "\ braun t; n \ {1.. size t} \ \ list(update1 n x t) = (list t)[n-1 := x]" proof(induction t arbitrary: n) @@ -122,35 +121,35 @@ lemma splice_last: shows "size ys \ size xs \ splice (xs @ [x]) ys = splice xs ys @ [x]" -and "size ys+1 \ size xs \ splice xs (ys @ [y]) = splice xs ys @ [y]" -by(induction xs ys arbitrary: x y rule: splice.induct) (auto) + and "size ys+1 \ size xs \ splice xs (ys @ [y]) = splice xs ys @ [y]" + by(induction xs ys arbitrary: x y rule: splice.induct) (auto) lemma list_add_hi: "braun t \ list(update1 (Suc(size t)) x t) = list t @ [x]" -by(induction t)(auto simp: splice_last size_list) + by(induction t)(auto simp: splice_last size_list) lemma size_add_hi: "braun t \ m = size t \ size(update1 (Suc m) x t) = size t + 1" -by(induction t arbitrary: m)(auto) + by(induction t arbitrary: m)(auto) lemma braun_add_hi: "braun t \ braun(update1 (Suc(size t)) x t)" -by(induction t)(auto simp: size_add_hi) + by(induction t)(auto simp: size_add_hi) lemma size_braun_adds: "\ braun t; size t = n \ \ size(adds xs n t) = size t + length xs \ braun (adds xs n t)" -by(induction xs arbitrary: t n)(auto simp: braun_add_hi size_add_hi) + by(induction xs arbitrary: t n)(auto simp: braun_add_hi size_add_hi) lemma list_adds: "\ braun t; size t = n \ \ list(adds xs n t) = list t @ xs" -by(induction xs arbitrary: t n)(auto simp: size_braun_adds list_add_hi size_add_hi braun_add_hi) + by(induction xs arbitrary: t n)(auto simp: size_braun_adds list_add_hi size_add_hi braun_add_hi) subsubsection "Array Implementation" interpretation A: Array -where lookup = "\(t,l) n. lookup1 t (n+1)" -and update = "\n x (t,l). (update1 (n+1) x t, l)" -and len = "\(t,l). l" -and array = "\xs. (adds xs 0 Leaf, length xs)" -and invar = "\(t,l). braun t \ l = size t" -and list = "\(t,l). list t" + where lookup = "\(t,l) n. lookup1 t (n+1)" + and update = "\n x (t,l). (update1 (n+1) x t, l)" + and len = "\(t,l). l" + and array = "\xs. (adds xs 0 Leaf, length xs)" + and invar = "\(t,l). braun t \ l = size t" + and list = "\(t,l). list t" proof (standard, goal_cases) case 1 thus ?case by (simp add: nth_list_lookup1 split: prod.splits) next @@ -169,20 +168,20 @@ subsection "Flexible Array" fun add_lo where -"add_lo x Leaf = Node Leaf x Leaf" | -"add_lo x (Node l a r) = Node (add_lo a r) x l" + "add_lo x Leaf = Node Leaf x Leaf" | + "add_lo x (Node l a r) = Node (add_lo a r) x l" fun merge where -"merge Leaf r = r" | -"merge (Node l a r) rr = Node rr a (merge l r)" + "merge Leaf r = r" | + "merge (Node l a r) rr = Node rr a (merge l r)" fun del_lo where -"del_lo Leaf = Leaf" | -"del_lo (Node l a r) = merge l r" + "del_lo Leaf = Leaf" | + "del_lo (Node l a r) = merge l r" fun del_hi :: "nat \ 'a tree \ 'a tree" where -"del_hi n Leaf = Leaf" | -"del_hi n (Node l x r) = + "del_hi n Leaf = Leaf" | + "del_hi n (Node l x r) = (if n = 1 then Leaf else if even n then Node (del_hi (n div 2) l) x r @@ -195,58 +194,56 @@ paragraph \\<^const>\add_lo\\ lemma list_add_lo: "braun t \ list (add_lo a t) = a # list t" -by(induction t arbitrary: a) auto + by(induction t arbitrary: a) auto lemma braun_add_lo: "braun t \ braun(add_lo x t)" -by(induction t arbitrary: x) (auto simp add: list_add_lo simp flip: size_list) + by(induction t arbitrary: x) (auto simp add: list_add_lo simp flip: size_list) paragraph \\<^const>\del_lo\\ lemma list_merge: "braun (Node l x r) \ list(merge l r) = splice (list l) (list r)" -by (induction l r rule: merge.induct) auto + by (induction l r rule: merge.induct) auto lemma braun_merge: "braun (Node l x r) \ braun(merge l r)" -by (induction l r rule: merge.induct)(auto simp add: list_merge simp flip: size_list) + by (induction l r rule: merge.induct)(auto simp add: list_merge simp flip: size_list) lemma list_del_lo: "braun t \ list(del_lo t) = tl (list t)" -by (cases t) (simp_all add: list_merge) + by (cases t) (simp_all add: list_merge) lemma braun_del_lo: "braun t \ braun(del_lo t)" -by (cases t) (simp_all add: braun_merge) + by (cases t) (simp_all add: braun_merge) paragraph \\<^const>\del_hi\\ lemma list_Nil_iff: "list t = [] \ t = Leaf" -by(cases t) simp_all + by(cases t) simp_all lemma butlast_splice: "butlast (splice xs ys) = (if size xs > size ys then splice (butlast xs) ys else splice xs (butlast ys))" -by(induction xs ys rule: splice.induct) (auto) + by(induction xs ys rule: splice.induct) (auto) lemma list_del_hi: "braun t \ size t = st \ list(del_hi st t) = butlast(list t)" -apply(induction t arbitrary: st) -by(auto simp: list_Nil_iff size_list butlast_splice) + by (induction t arbitrary: st) (auto simp: list_Nil_iff size_list butlast_splice) lemma braun_del_hi: "braun t \ size t = st \ braun(del_hi st t)" -apply(induction t arbitrary: st) -by(auto simp: list_del_hi simp flip: size_list) + by (induction t arbitrary: st) (auto simp: list_del_hi simp flip: size_list) subsubsection "Flexible Array Implementation" interpretation AF: Array_Flex -where lookup = "\(t,l) n. lookup1 t (n+1)" -and update = "\n x (t,l). (update1 (n+1) x t, l)" -and len = "\(t,l). l" -and array = "\xs. (adds xs 0 Leaf, length xs)" -and invar = "\(t,l). braun t \ l = size t" -and list = "\(t,l). list t" -and add_lo = "\x (t,l). (add_lo x t, l+1)" -and del_lo = "\(t,l). (del_lo t, l-1)" -and add_hi = "\x (t,l). (update1 (Suc l) x t, l+1)" -and del_hi = "\(t,l). (del_hi l t, l-1)" + where lookup = "\(t,l) n. lookup1 t (n+1)" + and update = "\n x (t,l). (update1 (n+1) x t, l)" + and len = "\(t,l). l" + and array = "\xs. (adds xs 0 Leaf, length xs)" + and invar = "\(t,l). braun t \ l = size t" + and list = "\(t,l). list t" + and add_lo = "\x (t,l). (add_lo x t, l+1)" + and del_lo = "\(t,l). (del_lo t, l-1)" + and add_hi = "\x (t,l). (update1 (Suc l) x t, l+1)" + and del_hi = "\(t,l). (del_hi l t, l-1)" proof (standard, goal_cases) case 1 thus ?case by (simp add: list_add_lo split: prod.splits) next @@ -272,37 +269,37 @@ subsubsection \Size\ fun diff :: "'a tree \ nat \ nat" where -"diff Leaf _ = 0" | -"diff (Node l x r) n = (if n=0 then 1 else if even n then diff r (n div 2 - 1) else diff l (n div 2))" + "diff Leaf _ = 0" | + "diff (Node l x r) n = (if n=0 then 1 else if even n then diff r (n div 2 - 1) else diff l (n div 2))" fun size_fast :: "'a tree \ nat" where -"size_fast Leaf = 0" | -"size_fast (Node l x r) = (let n = size_fast r in 1 + 2*n + diff l n)" + "size_fast Leaf = 0" | + "size_fast (Node l x r) = (let n = size_fast r in 1 + 2*n + diff l n)" declare Let_def[simp] lemma diff: "braun t \ size t : {n, n + 1} \ diff t n = size t - n" -by(induction t arbitrary: n) auto + by (induction t arbitrary: n) auto lemma size_fast: "braun t \ size_fast t = size t" -by(induction t) (auto simp add: diff) + by (induction t) (auto simp add: diff) subsubsection \Initialization with 1 element\ fun braun_of_naive :: "'a \ nat \ 'a tree" where -"braun_of_naive x n = (if n=0 then Leaf + "braun_of_naive x n = (if n=0 then Leaf else let m = (n-1) div 2 in if odd n then Node (braun_of_naive x m) x (braun_of_naive x m) else Node (braun_of_naive x (m + 1)) x (braun_of_naive x m))" fun braun2_of :: "'a \ nat \ 'a tree * 'a tree" where -"braun2_of x n = (if n = 0 then (Leaf, Node Leaf x Leaf) + "braun2_of x n = (if n = 0 then (Leaf, Node Leaf x Leaf) else let (s,t) = braun2_of x ((n-1) div 2) in if odd n then (Node s x s, Node t x s) else (Node t x s, Node t x t))" definition braun_of :: "'a \ nat \ 'a tree" where -"braun_of x n = fst (braun2_of x n)" + "braun_of x n = fst (braun2_of x n)" declare braun2_of.simps [simp del] @@ -325,10 +322,10 @@ qed corollary braun_braun_of: "braun(braun_of x n)" -unfolding braun_of_def by (metis eq_fst_iff braun2_of_size_braun) + unfolding braun_of_def by (metis eq_fst_iff braun2_of_size_braun) corollary list_braun_of: "list(braun_of x n) = replicate n x" -unfolding braun_of_def by (metis eq_fst_iff braun2_of_replicate) + unfolding braun_of_def by (metis eq_fst_iff braun2_of_replicate) subsubsection "Proof Infrastructure" @@ -338,8 +335,8 @@ paragraph \\take_nths\\ fun take_nths :: "nat \ nat \ 'a list \ 'a list" where -"take_nths i k [] = []" | -"take_nths i k (x # xs) = (if i = 0 then x # take_nths (2^k - 1) k xs + "take_nths i k [] = []" | + "take_nths i k (x # xs) = (if i = 0 then x # take_nths (2^k - 1) k xs else take_nths (i - 1) k xs)" text \This is the more concise definition but seems to complicate the proofs:\ @@ -353,60 +350,62 @@ show ?case proof cases assume [simp]: "i = 0" - have "(\n. {(n+1) * 2 ^ k - 1}) = {m. \n. Suc m = n * 2 ^ k}" - apply (auto simp del: mult_Suc) + have "\x n. Suc x = n * 2 ^ k \ \xa. x = Suc xa * 2 ^ k - Suc 0" by (metis diff_Suc_Suc diff_zero mult_eq_0_iff not0_implies_Suc) + then have "(\n. {(n+1) * 2 ^ k - 1}) = {m. \n. Suc m = n * 2 ^ k}" + by (auto simp del: mult_Suc) thus ?thesis by (simp add: Cons.IH ac_simps nths_Cons) next assume [arith]: "i \ 0" - have "(\n. {n * 2 ^ k + i - 1}) = {m. \n. Suc m = n * 2 ^ k + i}" - apply auto + have "\x n. Suc x = n * 2 ^ k + i \ \xa. x = xa * 2 ^ k + i - Suc 0" by (metis diff_Suc_Suc diff_zero) + then have "(\n. {n * 2 ^ k + i - 1}) = {m. \n. Suc m = n * 2 ^ k + i}" + by auto thus ?thesis by (simp add: Cons.IH nths_Cons) qed qed lemma take_nths_drop: "take_nths i k (drop j xs) = take_nths (i + j) k xs" -by (induct xs arbitrary: i j; simp add: drop_Cons split: nat.split) + by (induct xs arbitrary: i j; simp add: drop_Cons split: nat.split) lemma take_nths_00: "take_nths 0 0 xs = xs" -by (induct xs; simp) + by (induct xs; simp) lemma splice_take_nths: "splice (take_nths 0 (Suc 0) xs) (take_nths (Suc 0) (Suc 0) xs) = xs" -by (induct xs; simp) + by (induct xs; simp) lemma take_nths_take_nths: "take_nths i m (take_nths j n xs) = take_nths ((i * 2^n) + j) (m + n) xs" -by (induct xs arbitrary: i j; simp add: algebra_simps power_add) + by (induct xs arbitrary: i j; simp add: algebra_simps power_add) lemma take_nths_empty: "(take_nths i k xs = []) = (length xs \ i)" -by (induction xs arbitrary: i k) auto + by (induction xs arbitrary: i k) auto lemma hd_take_nths: "i < length xs \ hd(take_nths i k xs) = xs ! i" -by (induction xs arbitrary: i k) auto + by (induction xs arbitrary: i k) auto lemma take_nths_01_splice: "\ length xs = length ys \ length xs = length ys + 1 \ \ take_nths 0 (Suc 0) (splice xs ys) = xs \ take_nths (Suc 0) (Suc 0) (splice xs ys) = ys" -by (induct xs arbitrary: ys; case_tac ys; simp) + by (induct xs arbitrary: ys; case_tac ys; simp) lemma length_take_nths_00: "length (take_nths 0 (Suc 0) xs) = length (take_nths (Suc 0) (Suc 0) xs) \ length (take_nths 0 (Suc 0) xs) = length (take_nths (Suc 0) (Suc 0) xs) + 1" -by (induct xs) auto + by (induct xs) auto paragraph \\braun_list\\ fun braun_list :: "'a tree \ 'a list \ bool" where -"braun_list Leaf xs = (xs = [])" | -"braun_list (Node l x r) xs = (xs \ [] \ x = hd xs \ + "braun_list Leaf xs = (xs = [])" | + "braun_list (Node l x r) xs = (xs \ [] \ x = hd xs \ braun_list l (take_nths 1 1 xs) \ braun_list r (take_nths 2 1 xs))" @@ -426,14 +425,14 @@ subsubsection \Converting a list of elements into a Braun tree\ fun nodes :: "'a tree list \ 'a list \ 'a tree list \ 'a tree list" where -"nodes (l#ls) (x#xs) (r#rs) = Node l x r # nodes ls xs rs" | -"nodes (l#ls) (x#xs) [] = Node l x Leaf # nodes ls xs []" | -"nodes [] (x#xs) (r#rs) = Node Leaf x r # nodes [] xs rs" | -"nodes [] (x#xs) [] = Node Leaf x Leaf # nodes [] xs []" | -"nodes ls [] rs = []" + "nodes (l#ls) (x#xs) (r#rs) = Node l x r # nodes ls xs rs" | + "nodes (l#ls) (x#xs) [] = Node l x Leaf # nodes ls xs []" | + "nodes [] (x#xs) (r#rs) = Node Leaf x r # nodes [] xs rs" | + "nodes [] (x#xs) [] = Node Leaf x Leaf # nodes [] xs []" | + "nodes ls [] rs = []" fun brauns :: "nat \ 'a list \ 'a tree list" where -"brauns k xs = (if xs = [] then [] else + "brauns k xs = (if xs = [] then [] else let ys = take (2^k) xs; zs = drop (2^k) xs; ts = brauns (k+1) zs @@ -442,10 +441,10 @@ declare brauns.simps[simp del] definition brauns1 :: "'a list \ 'a tree" where -"brauns1 xs = (if xs = [] then Leaf else brauns 0 xs ! 0)" + "brauns1 xs = (if xs = [] then Leaf else brauns 0 xs ! 0)" fun T_brauns :: "nat \ 'a list \ nat" where -"T_brauns k xs = (if xs = [] then 0 else + "T_brauns k xs = (if xs = [] then 0 else let ys = take (2^k) xs; zs = drop (2^k) xs; ts = brauns (k+1) zs @@ -458,14 +457,14 @@ lemma length_nodes: "length (nodes ls xs rs) = length xs" -by (induct ls xs rs rule: nodes.induct; simp) + by (induct ls xs rs rule: nodes.induct; simp) lemma nth_nodes: "i < length xs \ nodes ls xs rs ! i = Node (if i < length ls then ls ! i else Leaf) (xs ! i) (if i < length rs then rs ! i else Leaf)" -by (induct ls xs rs arbitrary: i rule: nodes.induct; - simp add: nth_Cons split: nat.split) + by (induct ls xs rs arbitrary: i rule: nodes.induct; + simp add: nth_Cons split: nat.split) theorem length_brauns: "length (brauns k xs) = min (length xs) (2 ^ k)" @@ -487,13 +486,13 @@ show ?case using less.prems by (auto simp: brauns.simps[of k xs] nth_nodes take_nths_take_nths - IH take_nths_empty hd_take_nths length_brauns) + IH take_nths_empty hd_take_nths length_brauns) qed corollary brauns1_correct: "braun (brauns1 xs) \ list (brauns1 xs) = xs" -using brauns_correct[of 0 xs 0] -by (simp add: brauns1_def braun_list_eq take_nths_00) + using brauns_correct[of 0 xs 0] + by (simp add: brauns1_def braun_list_eq take_nths_00) paragraph "Running Time Analysis" @@ -510,7 +509,7 @@ assume "xs \ []" let ?zs = "drop (2^k) xs" have "T_brauns k xs = T_brauns (k+1) ?zs + 4 * min (2^k) (length xs)" - using \xs \ []\ by(simp) + using \xs \ []\ by(simp) also have "\ = 4 * length ?zs + 4 * min (2^k) (length xs)" using less[of ?zs "k+1"] \xs \ []\ by (simp) @@ -526,10 +525,10 @@ text \The code and the proof are originally due to Thomas Sewell (except running time).\ function list_fast_rec :: "'a tree list \ 'a list" where -"list_fast_rec ts = (let us = filter (\t. t \ Leaf) ts in + "list_fast_rec ts = (let us = filter (\t. t \ Leaf) ts in if us = [] then [] else map value us @ list_fast_rec (map left us @ map right us))" -by (pat_completeness, auto) + by (pat_completeness, auto) lemma list_fast_rec_term1: "ts \ [] \ Leaf \ set ts \ sum_list (map (size o left) ts) + sum_list (map (size o right) ts) < sum_list (map size ts)" @@ -545,27 +544,21 @@ done termination - apply (relation "measure (sum_list o map size)") - apply simp - apply (simp add: list_fast_rec_term) - done + by (relation "measure (sum_list o map size)"; simp add: list_fast_rec_term) declare list_fast_rec.simps[simp del] definition list_fast :: "'a tree \ 'a list" where -"list_fast t = list_fast_rec [t]" + "list_fast t = list_fast_rec [t]" function T_list_fast_rec :: "'a tree list \ nat" where -"T_list_fast_rec ts = (let us = filter (\t. t \ Leaf) ts + "T_list_fast_rec ts = (let us = filter (\t. t \ Leaf) ts in length ts + (if us = [] then 0 else 5 * length us + T_list_fast_rec (map left us @ map right us)))" -by (pat_completeness, auto) + by (pat_completeness, auto) termination - apply (relation "measure (sum_list o map size)") - apply simp - apply (simp add: list_fast_rec_term) - done + by (relation "measure (sum_list o map size)"; simp add: list_fast_rec_term) declare T_list_fast_rec.simps[simp del] @@ -573,22 +566,22 @@ lemma list_fast_rec_all_Leaf: "\t \ set ts. t = Leaf \ list_fast_rec ts = []" -by (simp add: filter_empty_conv list_fast_rec.simps) + by (simp add: filter_empty_conv list_fast_rec.simps) lemma take_nths_eq_single: "length xs - i < 2^n \ take_nths i n xs = take 1 (drop i xs)" -by (induction xs arbitrary: i n; simp add: drop_Cons') + by (induction xs arbitrary: i n; simp add: drop_Cons') lemma braun_list_Nil: "braun_list t [] = (t = Leaf)" -by (cases t; simp) + by (cases t; simp) lemma braun_list_not_Nil: "xs \ [] \ braun_list t xs = - (\l x r. t = Node l x r \ x = hd xs \ - braun_list l (take_nths 1 1 xs) \ - braun_list r (take_nths 2 1 xs))" -by(cases t; simp) + (\l x r. t = Node l x r \ x = hd xs \ + braun_list l (take_nths 1 1 xs) \ + braun_list r (take_nths 2 1 xs))" + by(cases t; simp) theorem list_fast_rec_correct: "\ length ts = 2 ^ k; \i < 2 ^ k. braun_list (ts ! i) (take_nths i k xs) \ @@ -615,13 +608,13 @@ \ (\ys. ys = take_nths (i + 2 * 2 ^ k) (Suc k) xs \ braun_list (right (ts ! i)) ys)" by (auto simp: take_nths_empty hd_take_nths braun_list_not_Nil take_nths_take_nths - algebra_simps) + algebra_simps) have 1: "map value ts = take (2 ^ k) xs" using less.prems(1) False by (simp add: list_eq_iff_nth_eq *) have 2: "list_fast_rec (map left ts @ map right ts) = drop (2 ^ k) xs" using less.prems(1) False by (auto intro!: Nat.diff_less less.hyps[where k= "Suc k"] - simp: nth_append * take_nths_drop algebra_simps) + simp: nth_append * take_nths_drop algebra_simps) from less.prems(1) False show ?thesis by (auto simp: list_fast_rec.simps[of ts] 1 2 * all_set_conv_all_nth) qed @@ -629,13 +622,13 @@ corollary list_fast_correct: "braun t \ list_fast t = list t" -by (simp add: list_fast_def take_nths_00 braun_list_eq list_fast_rec_correct[where k=0]) + by (simp add: list_fast_def take_nths_00 braun_list_eq list_fast_rec_correct[where k=0]) paragraph "Running Time Analysis" lemma sum_tree_list_children: "\t \ set ts. t \ Leaf \ (\t\ts. k * size t) = (\t \ map left ts @ map right ts. k * size t) + k * length ts" -by(induction ts)(auto simp add: neq_Leaf_iff algebra_simps) + by(induction ts)(auto simp add: neq_Leaf_iff algebra_simps) theorem T_list_fast_rec_ub: "T_list_fast_rec ts \ sum_list (map (\t. 7*size t + 1) ts)" @@ -647,11 +640,11 @@ assume "?us = []" thus ?thesis using T_list_fast_rec.simps[of ts] by(simp add: sum_list_Suc) - next + next assume "?us \ []" let ?children = "map left ?us @ map right ?us" have "T_list_fast_rec ts = T_list_fast_rec ?children + 5 * length ?us + length ts" - using \?us \ []\ T_list_fast_rec.simps[of ts] by(simp) + using \?us \ []\ T_list_fast_rec.simps[of ts] by(simp) also have "\ \ (\t\?children. 7 * size t + 1) + 5 * length ?us + length ts" using less[of "?children"] list_fast_rec_term[of "?us"] \?us \ []\ by (simp) diff -r d96dd69903fb -r 7ed1759fe1bd src/HOL/Data_Structures/Brother12_Set.thy --- a/src/HOL/Data_Structures/Brother12_Set.thy Fri Aug 25 09:56:45 2023 +0100 +++ b/src/HOL/Data_Structures/Brother12_Set.thy Sat Aug 26 11:36:25 2023 +0100 @@ -3,10 +3,10 @@ section \1-2 Brother Tree Implementation of Sets\ theory Brother12_Set -imports - Cmp - Set_Specs - "HOL-Number_Theory.Fib" + imports + Cmp + Set_Specs + "HOL-Number_Theory.Fib" begin subsection \Data Type and Operations\ @@ -20,28 +20,28 @@ N3 "'a bro" 'a "'a bro" 'a "'a bro" definition empty :: "'a bro" where -"empty = N0" + "empty = N0" fun inorder :: "'a bro \ 'a list" where -"inorder N0 = []" | -"inorder (N1 t) = inorder t" | -"inorder (N2 l a r) = inorder l @ a # inorder r" | -"inorder (L2 a) = [a]" | -"inorder (N3 t1 a1 t2 a2 t3) = inorder t1 @ a1 # inorder t2 @ a2 # inorder t3" + "inorder N0 = []" | + "inorder (N1 t) = inorder t" | + "inorder (N2 l a r) = inorder l @ a # inorder r" | + "inorder (L2 a) = [a]" | + "inorder (N3 t1 a1 t2 a2 t3) = inorder t1 @ a1 # inorder t2 @ a2 # inorder t3" fun isin :: "'a bro \ 'a::linorder \ bool" where -"isin N0 x = False" | -"isin (N1 t) x = isin t x" | -"isin (N2 l a r) x = + "isin N0 x = False" | + "isin (N1 t) x = isin t x" | + "isin (N2 l a r) x = (case cmp x a of LT \ isin l x | EQ \ True | GT \ isin r x)" fun n1 :: "'a bro \ 'a bro" where -"n1 (L2 a) = N2 N0 a N0" | -"n1 (N3 t1 a1 t2 a2 t3) = N2 (N2 t1 a1 t2) a2 (N1 t3)" | -"n1 t = N1 t" + "n1 (L2 a) = N2 N0 a N0" | + "n1 (N3 t1 a1 t2 a2 t3) = N2 (N2 t1 a1 t2) a2 (N1 t3)" | + "n1 t = N1 t" hide_const (open) insert @@ -49,30 +49,30 @@ begin fun n2 :: "'a bro \ 'a \ 'a bro \ 'a bro" where -"n2 (L2 a1) a2 t = N3 N0 a1 N0 a2 t" | -"n2 (N3 t1 a1 t2 a2 t3) a3 (N1 t4) = N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4)" | -"n2 (N3 t1 a1 t2 a2 t3) a3 t4 = N3 (N2 t1 a1 t2) a2 (N1 t3) a3 t4" | -"n2 t1 a1 (L2 a2) = N3 t1 a1 N0 a2 N0" | -"n2 (N1 t1) a1 (N3 t2 a2 t3 a3 t4) = N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4)" | -"n2 t1 a1 (N3 t2 a2 t3 a3 t4) = N3 t1 a1 (N1 t2) a2 (N2 t3 a3 t4)" | -"n2 t1 a t2 = N2 t1 a t2" + "n2 (L2 a1) a2 t = N3 N0 a1 N0 a2 t" | + "n2 (N3 t1 a1 t2 a2 t3) a3 (N1 t4) = N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4)" | + "n2 (N3 t1 a1 t2 a2 t3) a3 t4 = N3 (N2 t1 a1 t2) a2 (N1 t3) a3 t4" | + "n2 t1 a1 (L2 a2) = N3 t1 a1 N0 a2 N0" | + "n2 (N1 t1) a1 (N3 t2 a2 t3 a3 t4) = N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4)" | + "n2 t1 a1 (N3 t2 a2 t3 a3 t4) = N3 t1 a1 (N1 t2) a2 (N2 t3 a3 t4)" | + "n2 t1 a t2 = N2 t1 a t2" fun ins :: "'a::linorder \ 'a bro \ 'a bro" where -"ins x N0 = L2 x" | -"ins x (N1 t) = n1 (ins x t)" | -"ins x (N2 l a r) = + "ins x N0 = L2 x" | + "ins x (N1 t) = n1 (ins x t)" | + "ins x (N2 l a r) = (case cmp x a of LT \ n2 (ins x l) a r | EQ \ N2 l a r | GT \ n2 l a (ins x r))" fun tree :: "'a bro \ 'a bro" where -"tree (L2 a) = N2 N0 a N0" | -"tree (N3 t1 a1 t2 a2 t3) = N2 (N2 t1 a1 t2) a2 (N1 t3)" | -"tree t = t" + "tree (L2 a) = N2 N0 a N0" | + "tree (N3 t1 a1 t2 a2 t3) = N2 (N2 t1 a1 t2) a2 (N1 t3)" | + "tree t = t" definition insert :: "'a::linorder \ 'a bro \ 'a bro" where -"insert x t = tree(ins x t)" + "insert x t = tree(ins x t)" end @@ -80,36 +80,36 @@ begin fun n2 :: "'a bro \ 'a \ 'a bro \ 'a bro" where -"n2 (N1 t1) a1 (N1 t2) = N1 (N2 t1 a1 t2)" | -"n2 (N1 (N1 t1)) a1 (N2 (N1 t2) a2 (N2 t3 a3 t4)) = + "n2 (N1 t1) a1 (N1 t2) = N1 (N2 t1 a1 t2)" | + "n2 (N1 (N1 t1)) a1 (N2 (N1 t2) a2 (N2 t3 a3 t4)) = N1 (N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4))" | -"n2 (N1 (N1 t1)) a1 (N2 (N2 t2 a2 t3) a3 (N1 t4)) = + "n2 (N1 (N1 t1)) a1 (N2 (N2 t2 a2 t3) a3 (N1 t4)) = N1 (N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4))" | -"n2 (N1 (N1 t1)) a1 (N2 (N2 t2 a2 t3) a3 (N2 t4 a4 t5)) = + "n2 (N1 (N1 t1)) a1 (N2 (N2 t2 a2 t3) a3 (N2 t4 a4 t5)) = N2 (N2 (N1 t1) a1 (N2 t2 a2 t3)) a3 (N1 (N2 t4 a4 t5))" | -"n2 (N2 (N1 t1) a1 (N2 t2 a2 t3)) a3 (N1 (N1 t4)) = + "n2 (N2 (N1 t1) a1 (N2 t2 a2 t3)) a3 (N1 (N1 t4)) = N1 (N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4))" | -"n2 (N2 (N2 t1 a1 t2) a2 (N1 t3)) a3 (N1 (N1 t4)) = + "n2 (N2 (N2 t1 a1 t2) a2 (N1 t3)) a3 (N1 (N1 t4)) = N1 (N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4))" | -"n2 (N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4)) a5 (N1 (N1 t5)) = + "n2 (N2 (N2 t1 a1 t2) a2 (N2 t3 a3 t4)) a5 (N1 (N1 t5)) = N2 (N1 (N2 t1 a1 t2)) a2 (N2 (N2 t3 a3 t4) a5 (N1 t5))" | -"n2 t1 a1 t2 = N2 t1 a1 t2" + "n2 t1 a1 t2 = N2 t1 a1 t2" fun split_min :: "'a bro \ ('a \ 'a bro) option" where -"split_min N0 = None" | -"split_min (N1 t) = + "split_min N0 = None" | + "split_min (N1 t) = (case split_min t of None \ None | Some (a, t') \ Some (a, N1 t'))" | -"split_min (N2 t1 a t2) = + "split_min (N2 t1 a t2) = (case split_min t1 of None \ Some (a, N1 t2) | Some (b, t1') \ Some (b, n2 t1' a t2))" fun del :: "'a::linorder \ 'a bro \ 'a bro" where -"del _ N0 = N0" | -"del x (N1 t) = N1 (del x t)" | -"del x (N2 l a r) = + "del _ N0 = N0" | + "del x (N1 t) = N1 (del x t)" | + "del x (N2 l a r) = (case cmp x a of LT \ n2 (del x l) a r | GT \ n2 l a (del x r) | @@ -118,35 +118,35 @@ Some (b, r') \ n2 l b r'))" fun tree :: "'a bro \ 'a bro" where -"tree (N1 t) = t" | -"tree t = t" + "tree (N1 t) = t" | + "tree t = t" definition delete :: "'a::linorder \ 'a bro \ 'a bro" where -"delete a t = tree (del a t)" + "delete a t = tree (del a t)" end subsection \Invariants\ fun B :: "nat \ 'a bro set" -and U :: "nat \ 'a bro set" where -"B 0 = {N0}" | -"B (Suc h) = { N2 t1 a t2 | t1 a t2. + and U :: "nat \ 'a bro set" where + "B 0 = {N0}" | + "B (Suc h) = { N2 t1 a t2 | t1 a t2. t1 \ B h \ U h \ t2 \ B h \ t1 \ B h \ t2 \ B h \ U h}" | -"U 0 = {}" | -"U (Suc h) = N1 ` B h" + "U 0 = {}" | + "U (Suc h) = N1 ` B h" abbreviation "T h \ B h \ U h" fun Bp :: "nat \ 'a bro set" where -"Bp 0 = B 0 \ L2 ` UNIV" | -"Bp (Suc 0) = B (Suc 0) \ {N3 N0 a N0 b N0|a b. True}" | -"Bp (Suc(Suc h)) = B (Suc(Suc h)) \ + "Bp 0 = B 0 \ L2 ` UNIV" | + "Bp (Suc 0) = B (Suc 0) \ {N3 N0 a N0 b N0|a b. True}" | + "Bp (Suc(Suc h)) = B (Suc(Suc h)) \ {N3 t1 a t2 b t3 | t1 a t2 b t3. t1 \ B (Suc h) \ t2 \ U (Suc h) \ t3 \ B (Suc h)}" fun Um :: "nat \ 'a bro set" where -"Um 0 = {}" | -"Um (Suc h) = N1 ` T h" + "Um 0 = {}" | + "Um (Suc h) = N1 ` T h" subsection "Functional Correctness Proofs" @@ -155,29 +155,29 @@ lemma isin_set: "t \ T h \ sorted(inorder t) \ isin t x = (x \ set(inorder t))" -by(induction h arbitrary: t) (fastforce simp: isin_simps split: if_splits)+ + by(induction h arbitrary: t) (fastforce simp: isin_simps split: if_splits)+ subsubsection "Proofs for insertion" lemma inorder_n1: "inorder(n1 t) = inorder t" -by(cases t rule: n1.cases) (auto simp: sorted_lems) + by(cases t rule: n1.cases) (auto simp: sorted_lems) context insert begin lemma inorder_n2: "inorder(n2 l a r) = inorder l @ a # inorder r" -by(cases "(l,a,r)" rule: n2.cases) (auto simp: sorted_lems) + by(cases "(l,a,r)" rule: n2.cases) (auto simp: sorted_lems) lemma inorder_tree: "inorder(tree t) = inorder t" -by(cases t) auto + by(cases t) auto lemma inorder_ins: "t \ T h \ sorted(inorder t) \ inorder(ins a t) = ins_list a (inorder t)" -by(induction h arbitrary: t) (auto simp: ins_list_simps inorder_n1 inorder_n2) + by(induction h arbitrary: t) (auto simp: ins_list_simps inorder_n1 inorder_n2) lemma inorder_insert: "t \ T h \ sorted(inorder t) \ inorder(insert a t) = ins_list a (inorder t)" -by(simp add: insert_def inorder_ins inorder_tree) + by(simp add: insert_def inorder_ins inorder_tree) end @@ -187,27 +187,27 @@ begin lemma inorder_tree: "inorder(tree t) = inorder t" -by(cases t) auto + by(cases t) auto lemma inorder_n2: "inorder(n2 l a r) = inorder l @ a # inorder r" -by(cases "(l,a,r)" rule: n2.cases) (auto) + by(cases "(l,a,r)" rule: n2.cases) (auto) lemma inorder_split_min: "t \ T h \ (split_min t = None \ inorder t = []) \ (split_min t = Some(a,t') \ inorder t = a # inorder t')" -by(induction h arbitrary: t a t') (auto simp: inorder_n2 split: option.splits) + by(induction h arbitrary: t a t') (auto simp: inorder_n2 split: option.splits) lemma inorder_del: "t \ T h \ sorted(inorder t) \ inorder(del x t) = del_list x (inorder t)" apply (induction h arbitrary: t) apply (auto simp: del_list_simps inorder_n2 split: option.splits) apply (auto simp: del_list_simps inorder_n2 - inorder_split_min[OF UnI1] inorder_split_min[OF UnI2] split: option.splits) + inorder_split_min[OF UnI1] inorder_split_min[OF UnI2] split: option.splits) done lemma inorder_delete: "t \ T h \ sorted(inorder t) \ inorder(delete x t) = del_list x (inorder t)" -by(simp add: delete_def inorder_del inorder_tree) + by(simp add: delete_def inorder_del inorder_tree) end @@ -217,38 +217,41 @@ subsubsection \Proofs for insertion\ lemma n1_type: "t \ Bp h \ n1 t \ T (Suc h)" -by(cases h rule: Bp.cases) auto + by(cases h rule: Bp.cases) auto context insert begin lemma tree_type: "t \ Bp h \ tree t \ B h \ B (Suc h)" -by(cases h rule: Bp.cases) auto + by(cases h rule: Bp.cases) auto lemma n2_type: "(t1 \ Bp h \ t2 \ T h \ n2 t1 a t2 \ Bp (Suc h)) \ (t1 \ T h \ t2 \ Bp h \ n2 t1 a t2 \ Bp (Suc h))" -apply(cases h rule: Bp.cases) -apply (auto)[2] -apply(rule conjI impI | erule conjE exE imageE | simp | erule disjE)+ -done + apply(cases h rule: Bp.cases) + apply (auto)[2] + apply(rule conjI impI | erule conjE exE imageE | simp | erule disjE)+ + done lemma Bp_if_B: "t \ B h \ t \ Bp h" -by (cases h rule: Bp.cases) simp_all + by (cases h rule: Bp.cases) simp_all text\An automatic proof:\ lemma "(t \ B h \ ins x t \ Bp h) \ (t \ U h \ ins x t \ T h)" -apply(induction h arbitrary: t) - apply (simp) -apply (fastforce simp: Bp_if_B n2_type dest: n1_type) -done +proof (induction h arbitrary: t) + case 0 + then show ?case by simp +next + case (Suc h) + then show ?case by (fastforce simp: Bp_if_B n2_type dest: n1_type) +qed text\A detailed proof:\ lemma ins_type: -shows "t \ B h \ ins x t \ Bp h" and "t \ U h \ ins x t \ T h" + shows "t \ B h \ ins x t \ Bp h" and "t \ U h \ ins x t \ T h" proof(induction h arbitrary: t) case 0 { case 1 thus ?case by simp @@ -300,7 +303,7 @@ lemma insert_type: "t \ B h \ insert x t \ B h \ B (Suc h)" -unfolding insert_def by (metis ins_type(1) tree_type) + unfolding insert_def by (metis ins_type(1) tree_type) end @@ -311,37 +314,38 @@ "L2 y \ B h = False" "(N3 t1 a1 t2 a2 t3) \ B h = False" "N0 \ B h \ h = 0" -by (cases h, auto)+ + by (cases h, auto)+ context delete begin lemma n2_type1: "\t1 \ Um h; t2 \ B h\ \ n2 t1 a t2 \ T (Suc h)" -apply(cases h rule: Bp.cases) -apply auto[2] -apply(erule exE bexE conjE imageE | simp | erule disjE)+ -done + apply(cases h rule: Bp.cases) + apply auto[2] + apply(erule exE bexE conjE imageE | simp | erule disjE)+ + done lemma n2_type2: "\t1 \ B h ; t2 \ Um h \ \ n2 t1 a t2 \ T (Suc h)" -apply(cases h rule: Bp.cases) -apply auto[2] -apply(erule exE bexE conjE imageE | simp | erule disjE)+ -done + apply(cases h rule: Bp.cases) + using Um.simps(1) apply blast + apply force + apply(erule exE bexE conjE imageE | simp | erule disjE)+ + done lemma n2_type3: "\t1 \ T h ; t2 \ T h \ \ n2 t1 a t2 \ T (Suc h)" -apply(cases h rule: Bp.cases) -apply auto[2] -apply(erule exE bexE conjE imageE | simp | erule disjE)+ -done + apply(cases h rule: Bp.cases) + apply auto[2] + apply(erule exE bexE conjE imageE | simp | erule disjE)+ + done lemma split_minNoneN0: "\t \ B h; split_min t = None\ \ t = N0" -by (cases t) (auto split: option.splits) + by (cases t) (auto split: option.splits) lemma split_minNoneN1 : "\t \ U h; split_min t = None\ \ t = N1 N0" -by (cases h) (auto simp: split_minNoneN0 split: option.splits) + by (cases h) (auto simp: split_minNoneN0 split: option.splits) lemma split_min_type: "t \ B h \ split_min t = Some (a, t') \ t' \ T h" @@ -459,11 +463,11 @@ qed auto lemma tree_type: "t \ T (h+1) \ tree t \ B (h+1) \ B h" -by(auto) + by(auto) lemma delete_type: "t \ B h \ delete x t \ B h \ B(h-1)" -unfolding delete_def -by (cases h) (simp, metis del_type(1) tree_type Suc_eq_plus1 diff_Suc_1) + unfolding delete_def + by (cases h) (simp, metis del_type(1) tree_type Suc_eq_plus1 diff_Suc_1) end @@ -471,8 +475,8 @@ subsection "Overall correctness" interpretation Set_by_Ordered -where empty = empty and isin = isin and insert = insert.insert -and delete = delete.delete and inorder = inorder and inv = "\t. \h. t \ B h" + where empty = empty and isin = isin and insert = insert.insert + and delete = delete.delete and inorder = inorder and inv = "\t. \h. t \ B h" proof (standard, goal_cases) case 2 thus ?case by(auto intro!: isin_set) next @@ -506,27 +510,27 @@ | "size (N2 t1 _ t2) = 1 + size t1 + size t2" lemma fib_tree_B: "fib_tree h \ B h" -by (induction h rule: fib_tree.induct) auto + by (induction h rule: fib_tree.induct) auto declare [[names_short]] lemma size_fib': "size (fib_tree h) = fib' h" -by (induction h rule: fib_tree.induct) auto + by (induction h rule: fib_tree.induct) auto lemma fibfib: "fib' h + 1 = fib (Suc(Suc h))" -by (induction h rule: fib_tree.induct) auto + by (induction h rule: fib_tree.induct) auto lemma B_N2_cases[consumes 1]: -assumes "N2 t1 a t2 \ B (Suc n)" -obtains - (BB) "t1 \ B n" and "t2 \ B n" | - (UB) "t1 \ U n" and "t2 \ B n" | - (BU) "t1 \ B n" and "t2 \ U n" -using assms by auto + assumes "N2 t1 a t2 \ B (Suc n)" + obtains + (BB) "t1 \ B n" and "t2 \ B n" | + (UB) "t1 \ U n" and "t2 \ B n" | + (BU) "t1 \ B n" and "t2 \ U n" + using assms by auto lemma size_bounded: "t \ B h \ size t \ size (fib_tree h)" -unfolding size_fib' proof (induction h arbitrary: t rule: fib'.induct) -case (3 h t') + unfolding size_fib' proof (induction h arbitrary: t rule: fib'.induct) + case (3 h t') note main = 3 then obtain t1 a t2 where t': "t' = N2 t1 a t2" by auto with main have "N2 t1 a t2 \ B (Suc (Suc h))" by auto @@ -546,7 +550,7 @@ qed auto theorem "t \ B h \ fib (h + 2) \ size t + 1" -using size_bounded -by (simp add: size_fib' fibfib[symmetric] del: fib.simps) + using size_bounded + by (simp add: size_fib' fibfib[symmetric] del: fib.simps) end diff -r d96dd69903fb -r 7ed1759fe1bd src/HOL/Data_Structures/Sorting.thy --- a/src/HOL/Data_Structures/Sorting.thy Fri Aug 25 09:56:45 2023 +0100 +++ b/src/HOL/Data_Structures/Sorting.thy Sat Aug 26 11:36:25 2023 +0100 @@ -3,9 +3,9 @@ section "Sorting" theory Sorting -imports - Complex_Main - "HOL-Library.Multiset" + imports + Complex_Main + "HOL-Library.Multiset" begin hide_const List.insort @@ -16,40 +16,31 @@ subsection "Insertion Sort" fun insort1 :: "'a::linorder \ 'a list \ 'a list" where -"insort1 x [] = [x]" | -"insort1 x (y#ys) = + "insort1 x [] = [x]" | + "insort1 x (y#ys) = (if x \ y then x#y#ys else y#(insort1 x ys))" fun insort :: "'a::linorder list \ 'a list" where -"insort [] = []" | -"insort (x#xs) = insort1 x (insort xs)" + "insort [] = []" | + "insort (x#xs) = insort1 x (insort xs)" subsubsection "Functional Correctness" lemma mset_insort1: "mset (insort1 x xs) = {#x#} + mset xs" -apply(induction xs) -apply auto -done + by (induction xs) auto lemma mset_insort: "mset (insort xs) = mset xs" -apply(induction xs) -apply simp -apply (simp add: mset_insort1) -done + by (induction xs) (auto simp: mset_insort1) lemma set_insort1: "set (insort1 x xs) = {x} \ set xs" -by(simp add: mset_insort1 flip: set_mset_mset) + by(simp add: mset_insort1 flip: set_mset_mset) lemma sorted_insort1: "sorted (insort1 a xs) = sorted xs" -apply(induction xs) -apply(auto simp add: set_insort1) -done + by (induction xs) (auto simp: set_insort1) lemma sorted_insort: "sorted (insort xs)" -apply(induction xs) -apply(auto simp: sorted_insort1) -done + by (induction xs) (auto simp: sorted_insort1) subsubsection "Time Complexity" @@ -62,8 +53,8 @@ (if x \ y then x#y#ys else y#(insort1 x ys))\ \ fun T_insort1 :: "'a::linorder \ 'a list \ nat" where -"T_insort1 x [] = 1" | -"T_insort1 x (y#ys) = + "T_insort1 x [] = 1" | + "T_insort1 x (y#ys) = (if x \ y then 0 else T_insort1 x ys) + 1" text\ @@ -71,24 +62,18 @@ \insort (x#xs) = insort1 x (insort xs)\ \ fun T_insort :: "'a::linorder list \ nat" where -"T_insort [] = 1" | -"T_insort (x#xs) = T_insort xs + T_insort1 x (insort xs) + 1" + "T_insort [] = 1" | + "T_insort (x#xs) = T_insort xs + T_insort1 x (insort xs) + 1" lemma T_insort1_length: "T_insort1 x xs \ length xs + 1" -apply(induction xs) -apply auto -done + by (induction xs) auto lemma length_insort1: "length (insort1 x xs) = length xs + 1" -apply(induction xs) -apply auto -done + by (induction xs) auto lemma length_insort: "length (insort xs) = length xs" -apply(induction xs) -apply (auto simp: length_insort1) -done + by (metis Sorting.mset_insort size_mset) lemma T_insort_length: "T_insort xs \ (length xs + 1) ^ 2" proof(induction xs) @@ -109,12 +94,12 @@ subsection "Merge Sort" fun merge :: "'a::linorder list \ 'a list \ 'a list" where -"merge [] ys = ys" | -"merge xs [] = xs" | -"merge (x#xs) (y#ys) = (if x \ y then x # merge xs (y#ys) else y # merge (x#xs) ys)" + "merge [] ys = ys" | + "merge xs [] = xs" | + "merge (x#xs) (y#ys) = (if x \ y then x # merge xs (y#ys) else y # merge (x#xs) ys)" fun msort :: "'a::linorder list \ 'a list" where -"msort xs = (let n = length xs in + "msort xs = (let n = length xs in if n \ 1 then xs else merge (msort (take (n div 2) xs)) (msort (drop (n div 2) xs)))" @@ -124,7 +109,7 @@ subsubsection "Functional Correctness" lemma mset_merge: "mset(merge xs ys) = mset xs + mset ys" -by(induction xs ys rule: merge.induct) auto + by(induction xs ys rule: merge.induct) auto lemma mset_msort: "mset (msort xs) = mset xs" proof(induction xs rule: msort.induct) @@ -151,13 +136,13 @@ text \Via the previous lemma or directly:\ lemma set_merge: "set(merge xs ys) = set xs \ set ys" -by (metis mset_merge set_mset_mset set_mset_union) + by (metis mset_merge set_mset_mset set_mset_union) lemma "set(merge xs ys) = set xs \ set ys" -by(induction xs ys rule: merge.induct) (auto) + by(induction xs ys rule: merge.induct) (auto) lemma sorted_merge: "sorted (merge xs ys) \ (sorted xs \ sorted ys)" -by(induction xs ys rule: merge.induct) (auto simp: set_merge) + by(induction xs ys rule: merge.induct) (auto simp: set_merge) lemma sorted_msort: "sorted (msort xs)" proof(induction xs rule: msort.induct) @@ -180,15 +165,15 @@ text \We only count the number of comparisons between list elements.\ fun C_merge :: "'a::linorder list \ 'a list \ nat" where -"C_merge [] ys = 0" | -"C_merge xs [] = 0" | -"C_merge (x#xs) (y#ys) = 1 + (if x \ y then C_merge xs (y#ys) else C_merge (x#xs) ys)" + "C_merge [] ys = 0" | + "C_merge xs [] = 0" | + "C_merge (x#xs) (y#ys) = 1 + (if x \ y then C_merge xs (y#ys) else C_merge (x#xs) ys)" lemma C_merge_ub: "C_merge xs ys \ length xs + length ys" -by (induction xs ys rule: C_merge.induct) auto + by (induction xs ys rule: C_merge.induct) auto fun C_msort :: "'a::linorder list \ nat" where -"C_msort xs = + "C_msort xs = (let n = length xs; ys = take (n div 2) xs; zs = drop (n div 2) xs @@ -198,9 +183,7 @@ declare C_msort.simps [simp del] lemma length_merge: "length(merge xs ys) = length xs + length ys" -apply (induction xs ys rule: merge.induct) -apply auto -done + by (induction xs ys rule: merge.induct) auto lemma length_msort: "length(msort xs) = length xs" proof (induction xs rule: msort.induct) @@ -245,78 +228,77 @@ (* Beware of implicit conversions: *) lemma C_msort_log: "length xs = 2^k \ C_msort xs \ length xs * log 2 (length xs)" -using C_msort_le[of xs k] apply (simp add: log_nat_power algebra_simps) -by (metis (mono_tags) numeral_power_eq_of_nat_cancel_iff of_nat_le_iff of_nat_mult) + using C_msort_le[of xs k] + by (metis log2_of_power_eq mult.commute of_nat_mono of_nat_mult) subsection "Bottom-Up Merge Sort" fun merge_adj :: "('a::linorder) list list \ 'a list list" where -"merge_adj [] = []" | -"merge_adj [xs] = [xs]" | -"merge_adj (xs # ys # zss) = merge xs ys # merge_adj zss" + "merge_adj [] = []" | + "merge_adj [xs] = [xs]" | + "merge_adj (xs # ys # zss) = merge xs ys # merge_adj zss" text \For the termination proof of \merge_all\ below.\ lemma length_merge_adjacent[simp]: "length (merge_adj xs) = (length xs + 1) div 2" -by (induction xs rule: merge_adj.induct) auto + by (induction xs rule: merge_adj.induct) auto fun merge_all :: "('a::linorder) list list \ 'a list" where -"merge_all [] = []" | -"merge_all [xs] = xs" | -"merge_all xss = merge_all (merge_adj xss)" + "merge_all [] = []" | + "merge_all [xs] = xs" | + "merge_all xss = merge_all (merge_adj xss)" definition msort_bu :: "('a::linorder) list \ 'a list" where -"msort_bu xs = merge_all (map (\x. [x]) xs)" + "msort_bu xs = merge_all (map (\x. [x]) xs)" subsubsection "Functional Correctness" abbreviation mset_mset :: "'a list list \ 'a multiset" where -"mset_mset xss \ \\<^sub># (image_mset mset (mset xss))" + "mset_mset xss \ \\<^sub># (image_mset mset (mset xss))" lemma mset_merge_adj: "mset_mset (merge_adj xss) = mset_mset xss" -by(induction xss rule: merge_adj.induct) (auto simp: mset_merge) + by(induction xss rule: merge_adj.induct) (auto simp: mset_merge) lemma mset_merge_all: "mset (merge_all xss) = mset_mset xss" -by(induction xss rule: merge_all.induct) (auto simp: mset_merge mset_merge_adj) + by(induction xss rule: merge_all.induct) (auto simp: mset_merge mset_merge_adj) lemma mset_msort_bu: "mset (msort_bu xs) = mset xs" -by(simp add: msort_bu_def mset_merge_all multiset.map_comp comp_def) + by(simp add: msort_bu_def mset_merge_all multiset.map_comp comp_def) lemma sorted_merge_adj: "\xs \ set xss. sorted xs \ \xs \ set (merge_adj xss). sorted xs" -by(induction xss rule: merge_adj.induct) (auto simp: sorted_merge) + by(induction xss rule: merge_adj.induct) (auto simp: sorted_merge) lemma sorted_merge_all: "\xs \ set xss. sorted xs \ sorted (merge_all xss)" -apply(induction xss rule: merge_all.induct) -using [[simp_depth_limit=3]] by (auto simp add: sorted_merge_adj) + by (induction xss rule: merge_all.induct) (auto simp add: sorted_merge_adj) lemma sorted_msort_bu: "sorted (msort_bu xs)" -by(simp add: msort_bu_def sorted_merge_all) + by(simp add: msort_bu_def sorted_merge_all) subsubsection "Time Complexity" fun C_merge_adj :: "('a::linorder) list list \ nat" where -"C_merge_adj [] = 0" | -"C_merge_adj [xs] = 0" | -"C_merge_adj (xs # ys # zss) = C_merge xs ys + C_merge_adj zss" + "C_merge_adj [] = 0" | + "C_merge_adj [xs] = 0" | + "C_merge_adj (xs # ys # zss) = C_merge xs ys + C_merge_adj zss" fun C_merge_all :: "('a::linorder) list list \ nat" where -"C_merge_all [] = 0" | -"C_merge_all [xs] = 0" | -"C_merge_all xss = C_merge_adj xss + C_merge_all (merge_adj xss)" + "C_merge_all [] = 0" | + "C_merge_all [xs] = 0" | + "C_merge_all xss = C_merge_adj xss + C_merge_all (merge_adj xss)" definition C_msort_bu :: "('a::linorder) list \ nat" where -"C_msort_bu xs = C_merge_all (map (\x. [x]) xs)" + "C_msort_bu xs = C_merge_all (map (\x. [x]) xs)" lemma length_merge_adj: "\ even(length xss); \xs \ set xss. length xs = m \ \ \xs \ set (merge_adj xss). length xs = 2*m" -by(induction xss rule: merge_adj.induct) (auto simp: length_merge) + by(induction xss rule: merge_adj.induct) (auto simp: length_merge) lemma C_merge_adj: "\xs \ set xss. length xs = m \ C_merge_adj xss \ m * length xss" proof(induction xss rule: C_merge_adj.induct) @@ -354,27 +336,24 @@ qed corollary C_msort_bu: "length xs = 2 ^ k \ C_msort_bu xs \ k * 2 ^ k" -using C_merge_all[of "map (\x. [x]) xs" 1] by (simp add: C_msort_bu_def) + using C_merge_all[of "map (\x. [x]) xs" 1] by (simp add: C_msort_bu_def) subsection "Quicksort" fun quicksort :: "('a::linorder) list \ 'a list" where -"quicksort [] = []" | -"quicksort (x#xs) = quicksort (filter (\y. y < x) xs) @ [x] @ quicksort (filter (\y. x \ y) xs)" + "quicksort [] = []" | + "quicksort (x#xs) = quicksort (filter (\y. y < x) xs) @ [x] @ quicksort (filter (\y. x \ y) xs)" lemma mset_quicksort: "mset (quicksort xs) = mset xs" -apply (induction xs rule: quicksort.induct) -apply (auto simp: not_le) -done + by (induction xs rule: quicksort.induct) (auto simp: not_le) lemma set_quicksort: "set (quicksort xs) = set xs" -by(rule mset_eq_setD[OF mset_quicksort]) + by(rule mset_eq_setD[OF mset_quicksort]) lemma sorted_quicksort: "sorted (quicksort xs)" -apply (induction xs rule: quicksort.induct) -apply (auto simp add: sorted_append set_quicksort) -done +proof (induction xs rule: quicksort.induct) +qed (auto simp: sorted_append set_quicksort) subsection "Insertion Sort w.r.t. Keys and Stability" @@ -382,45 +361,45 @@ hide_const List.insort_key fun insort1_key :: "('a \ 'k::linorder) \ 'a \ 'a list \ 'a list" where -"insort1_key f x [] = [x]" | -"insort1_key f x (y # ys) = (if f x \ f y then x # y # ys else y # insort1_key f x ys)" + "insort1_key f x [] = [x]" | + "insort1_key f x (y # ys) = (if f x \ f y then x # y # ys else y # insort1_key f x ys)" fun insort_key :: "('a \ 'k::linorder) \ 'a list \ 'a list" where -"insort_key f [] = []" | -"insort_key f (x # xs) = insort1_key f x (insort_key f xs)" + "insort_key f [] = []" | + "insort_key f (x # xs) = insort1_key f x (insort_key f xs)" subsubsection "Standard functional correctness" lemma mset_insort1_key: "mset (insort1_key f x xs) = {#x#} + mset xs" -by(induction xs) simp_all + by(induction xs) simp_all lemma mset_insort_key: "mset (insort_key f xs) = mset xs" -by(induction xs) (simp_all add: mset_insort1_key) + by(induction xs) (simp_all add: mset_insort1_key) (* Inductive proof simpler than derivation from mset lemma: *) lemma set_insort1_key: "set (insort1_key f x xs) = {x} \ set xs" -by (induction xs) auto + by (induction xs) auto lemma sorted_insort1_key: "sorted (map f (insort1_key f a xs)) = sorted (map f xs)" -by(induction xs)(auto simp: set_insort1_key) + by(induction xs)(auto simp: set_insort1_key) lemma sorted_insort_key: "sorted (map f (insort_key f xs))" -by(induction xs)(simp_all add: sorted_insort1_key) + by(induction xs)(simp_all add: sorted_insort1_key) subsubsection "Stability" lemma insort1_is_Cons: "\x\set xs. f a \ f x \ insort1_key f a xs = a # xs" -by (cases xs) auto + by (cases xs) auto lemma filter_insort1_key_neg: "\ P x \ filter P (insort1_key f x xs) = filter P xs" -by (induction xs) simp_all + by (induction xs) simp_all lemma filter_insort1_key_pos: "sorted (map f xs) \ P x \ filter P (insort1_key f x xs) = insort1_key f x (filter P xs)" -by (induction xs) (auto, subst insort1_is_Cons, auto) + by (induction xs) (auto, subst insort1_is_Cons, auto) lemma sort_key_stable: "filter (\y. f y = k) (insort_key f xs) = filter (\y. f y = k) xs" proof (induction xs) diff -r d96dd69903fb -r 7ed1759fe1bd src/HOL/Data_Structures/Tries_Binary.thy --- a/src/HOL/Data_Structures/Tries_Binary.thy Fri Aug 25 09:56:45 2023 +0100 +++ b/src/HOL/Data_Structures/Tries_Binary.thy Sat Aug 26 11:36:25 2023 +0100 @@ -3,7 +3,7 @@ section "Binary Tries and Patricia Tries" theory Tries_Binary -imports Set_Specs + imports Set_Specs begin hide_const (open) insert @@ -11,10 +11,10 @@ declare Let_def[simp] fun sel2 :: "bool \ 'a * 'a \ 'a" where -"sel2 b (a1,a2) = (if b then a2 else a1)" + "sel2 b (a1,a2) = (if b then a2 else a1)" fun mod2 :: "('a \ 'a) \ bool \ 'a * 'a \ 'a * 'a" where -"mod2 f b (a1,a2) = (if b then (a1,f a2) else (f a1,a2))" + "mod2 f b (a1,a2) = (if b then (a1,f a2) else (f a1,a2))" subsection "Trie" @@ -22,82 +22,78 @@ datatype trie = Lf | Nd bool "trie * trie" definition empty :: trie where -[simp]: "empty = Lf" + [simp]: "empty = Lf" fun isin :: "trie \ bool list \ bool" where -"isin Lf ks = False" | -"isin (Nd b lr) ks = + "isin Lf ks = False" | + "isin (Nd b lr) ks = (case ks of [] \ b | k#ks \ isin (sel2 k lr) ks)" fun insert :: "bool list \ trie \ trie" where -"insert [] Lf = Nd True (Lf,Lf)" | -"insert [] (Nd b lr) = Nd True lr" | -"insert (k#ks) Lf = Nd False (mod2 (insert ks) k (Lf,Lf))" | -"insert (k#ks) (Nd b lr) = Nd b (mod2 (insert ks) k lr)" + "insert [] Lf = Nd True (Lf,Lf)" | + "insert [] (Nd b lr) = Nd True lr" | + "insert (k#ks) Lf = Nd False (mod2 (insert ks) k (Lf,Lf))" | + "insert (k#ks) (Nd b lr) = Nd b (mod2 (insert ks) k lr)" lemma isin_insert: "isin (insert xs t) ys = (xs = ys \ isin t ys)" -apply(induction xs t arbitrary: ys rule: insert.induct) -apply (auto split: list.splits if_splits) -done +proof (induction xs t arbitrary: ys rule: insert.induct) +qed (auto split: list.splits if_splits) text \A simple implementation of delete; does not shrink the trie!\ fun delete0 :: "bool list \ trie \ trie" where -"delete0 ks Lf = Lf" | -"delete0 ks (Nd b lr) = + "delete0 ks Lf = Lf" | + "delete0 ks (Nd b lr) = (case ks of [] \ Nd False lr | k#ks' \ Nd b (mod2 (delete0 ks') k lr))" lemma isin_delete0: "isin (delete0 as t) bs = (as \ bs \ isin t bs)" -apply(induction as t arbitrary: bs rule: delete0.induct) -apply (auto split: list.splits if_splits) -done +proof (induction as t arbitrary: bs rule: delete0.induct) +qed (auto split: list.splits if_splits) text \Now deletion with shrinking:\ fun node :: "bool \ trie * trie \ trie" where -"node b lr = (if \ b \ lr = (Lf,Lf) then Lf else Nd b lr)" + "node b lr = (if \ b \ lr = (Lf,Lf) then Lf else Nd b lr)" fun delete :: "bool list \ trie \ trie" where -"delete ks Lf = Lf" | -"delete ks (Nd b lr) = + "delete ks Lf = Lf" | + "delete ks (Nd b lr) = (case ks of [] \ node False lr | k#ks' \ node b (mod2 (delete ks') k lr))" lemma isin_delete: "isin (delete xs t) ys = (xs \ ys \ isin t ys)" -apply(induction xs t arbitrary: ys rule: delete.induct) - apply simp -apply (auto split: list.splits if_splits) - apply (metis isin.simps(1)) - apply (metis isin.simps(1)) + apply(induction xs t arbitrary: ys rule: delete.induct) + apply (auto split: list.splits if_splits) + apply (metis isin.simps(1))+ done definition set_trie :: "trie \ bool list set" where -"set_trie t = {xs. isin t xs}" + "set_trie t = {xs. isin t xs}" lemma set_trie_empty: "set_trie empty = {}" -by(simp add: set_trie_def) + by(simp add: set_trie_def) lemma set_trie_isin: "isin t xs = (xs \ set_trie t)" -by(simp add: set_trie_def) + by(simp add: set_trie_def) lemma set_trie_insert: "set_trie(insert xs t) = set_trie t \ {xs}" -by(auto simp add: isin_insert set_trie_def) + by(auto simp add: isin_insert set_trie_def) lemma set_trie_delete: "set_trie(delete xs t) = set_trie t - {xs}" -by(auto simp add: isin_delete set_trie_def) + by(auto simp add: isin_delete set_trie_def) text \Invariant: tries are fully shrunk:\ fun invar where -"invar Lf = True" | -"invar (Nd b (l,r)) = (invar l \ invar r \ (l = Lf \ r = Lf \ b))" + "invar Lf = True" | + "invar (Nd b (l,r)) = (invar l \ invar r \ (l = Lf \ r = Lf \ b))" lemma insert_Lf: "insert xs t \ Lf" -using insert.elims by blast + using insert.elims by blast lemma invar_insert: "invar t \ invar(insert xs t)" proof(induction xs t rule: insert.induct) @@ -122,23 +118,10 @@ qed interpretation S: Set -where empty = empty and isin = isin and insert = insert and delete = delete -and set = set_trie and invar = invar -proof (standard, goal_cases) - case 1 show ?case by (rule set_trie_empty) -next - case 2 show ?case by(rule set_trie_isin) -next - case 3 thus ?case by(auto simp: set_trie_insert) -next - case 4 show ?case by(rule set_trie_delete) -next - case 5 show ?case by(simp) -next - case 6 thus ?case by(rule invar_insert) -next - case 7 thus ?case by(rule invar_delete) -qed + where empty = empty and isin = isin and insert = insert and delete = delete + and set = set_trie and invar = invar + unfolding Set_def + by (smt (verit, best) Tries_Binary.empty_def invar.simps(1) invar_delete invar_insert set_trie_delete set_trie_empty set_trie_insert set_trie_isin) subsection "Patricia Trie" @@ -147,24 +130,24 @@ text \Fully shrunk:\ fun invarP where -"invarP LfP = True" | -"invarP (NdP ps b (l,r)) = (invarP l \ invarP r \ (l = LfP \ r = LfP \ b))" + "invarP LfP = True" | + "invarP (NdP ps b (l,r)) = (invarP l \ invarP r \ (l = LfP \ r = LfP \ b))" fun isinP :: "trieP \ bool list \ bool" where -"isinP LfP ks = False" | -"isinP (NdP ps b lr) ks = + "isinP LfP ks = False" | + "isinP (NdP ps b lr) ks = (let n = length ps in if ps = take n ks then case drop n ks of [] \ b | k#ks' \ isinP (sel2 k lr) ks' else False)" definition emptyP :: trieP where -[simp]: "emptyP = LfP" + [simp]: "emptyP = LfP" fun lcp :: "'a list \ 'a list \ 'a list \ 'a list \ 'a list" where -"lcp [] ys = ([],[],ys)" | -"lcp xs [] = ([],xs,[])" | -"lcp (x#xs) (y#ys) = + "lcp [] ys = ([],[],ys)" | + "lcp xs [] = ([],xs,[])" | + "lcp (x#xs) (y#ys) = (if x\y then ([],x#xs,y#ys) else let (ps,xs',ys') = lcp xs ys in (x#ps,xs',ys'))" @@ -172,12 +155,12 @@ lemma mod2_cong[fundef_cong]: "\ lr = lr'; k = k'; \a b. lr'=(a,b) \ f (a) = f' (a) ; \a b. lr'=(a,b) \ f (b) = f' (b) \ \ mod2 f k lr= mod2 f' k' lr'" -by(cases lr, cases lr', auto) + by(cases lr, cases lr', auto) fun insertP :: "bool list \ trieP \ trieP" where -"insertP ks LfP = NdP ks True (LfP,LfP)" | -"insertP ks (NdP ps b lr) = + "insertP ks LfP = NdP ks True (LfP,LfP)" | + "insertP ks (NdP ps b lr) = (case lcp ks ps of (qs, k#ks', p#ps') \ let tp = NdP ps' b lr; tk = NdP ks' True (LfP,LfP) in @@ -192,7 +175,7 @@ text \Smart constructor that shrinks:\ definition nodeP :: "bool list \ bool \ trieP * trieP \ trieP" where -"nodeP ps b lr = + "nodeP ps b lr = (if b then NdP ps b lr else case lr of (LfP,LfP) \ LfP | @@ -201,8 +184,8 @@ _ \ NdP ps b lr)" fun deleteP :: "bool list \ trieP \ trieP" where -"deleteP ks LfP = LfP" | -"deleteP ks (NdP ps b lr) = + "deleteP ks LfP = LfP" | + "deleteP ks (NdP ps b lr) = (case lcp ks ps of (_, _, _#_) \ NdP ps b lr | (_, k#ks', []) \ nodeP ps b (mod2 (deleteP ks') k lr) | @@ -215,13 +198,13 @@ text \First step: @{typ trieP} implements @{typ trie} via the abstraction function \abs_trieP\:\ fun prefix_trie :: "bool list \ trie \ trie" where -"prefix_trie [] t = t" | -"prefix_trie (k#ks) t = + "prefix_trie [] t = t" | + "prefix_trie (k#ks) t = (let t' = prefix_trie ks t in Nd False (if k then (Lf,t') else (t',Lf)))" fun abs_trieP :: "trieP \ trie" where -"abs_trieP LfP = Lf" | -"abs_trieP (NdP ps b (l,r)) = prefix_trie ps (Nd b (abs_trieP l, abs_trieP r))" + "abs_trieP LfP = Lf" | + "abs_trieP (NdP ps b (l,r)) = prefix_trie ps (Nd b (abs_trieP l, abs_trieP r))" text \Correctness of @{const isinP}:\ @@ -229,96 +212,82 @@ lemma isin_prefix_trie: "isin (prefix_trie ps t) ks = (ps = take (length ps) ks \ isin t (drop (length ps) ks))" -apply(induction ps arbitrary: ks) -apply(auto split: list.split) -done + by (induction ps arbitrary: ks) (auto split: list.split) lemma abs_trieP_isinP: "isinP t ks = isin (abs_trieP t) ks" -apply(induction t arbitrary: ks rule: abs_trieP.induct) - apply(auto simp: isin_prefix_trie split: list.split) -done +proof (induction t arbitrary: ks rule: abs_trieP.induct) +qed (auto simp: isin_prefix_trie split: list.split) text \Correctness of @{const insertP}:\ lemma prefix_trie_Lfs: "prefix_trie ks (Nd True (Lf,Lf)) = insert ks Lf" -apply(induction ks) -apply auto -done + by (induction ks) auto lemma insert_prefix_trie_same: "insert ps (prefix_trie ps (Nd b lr)) = prefix_trie ps (Nd True lr)" -apply(induction ps) -apply auto -done + by (induction ps) auto lemma insert_append: "insert (ks @ ks') (prefix_trie ks t) = prefix_trie ks (insert ks' t)" -apply(induction ks) -apply auto -done + by (induction ks) auto lemma prefix_trie_append: "prefix_trie (ps @ qs) t = prefix_trie ps (prefix_trie qs t)" -apply(induction ps) -apply auto -done + by (induction ps) auto lemma lcp_if: "lcp ks ps = (qs, ks', ps') \ ks = qs @ ks' \ ps = qs @ ps' \ (ks' \ [] \ ps' \ [] \ hd ks' \ hd ps')" -apply(induction ks ps arbitrary: qs ks' ps' rule: lcp.induct) -apply(auto split: prod.splits if_splits) -done +proof (induction ks ps arbitrary: qs ks' ps' rule: lcp.induct) +qed (auto split: prod.splits if_splits) lemma abs_trieP_insertP: "abs_trieP (insertP ks t) = insert ks (abs_trieP t)" -apply(induction t arbitrary: ks) -apply(auto simp: prefix_trie_Lfs insert_prefix_trie_same insert_append prefix_trie_append - dest!: lcp_if split: list.split prod.split if_splits) -done +proof (induction t arbitrary: ks) +qed (auto simp: prefix_trie_Lfs insert_prefix_trie_same insert_append prefix_trie_append + dest!: lcp_if split: list.split prod.split if_splits) text \Correctness of @{const deleteP}:\ lemma prefix_trie_Lf: "prefix_trie xs t = Lf \ xs = [] \ t = Lf" -by(cases xs)(auto) + by(cases xs)(auto) lemma abs_trieP_Lf: "abs_trieP t = Lf \ t = LfP" -by(cases t) (auto simp: prefix_trie_Lf) + by(cases t) (auto simp: prefix_trie_Lf) lemma delete_prefix_trie: "delete xs (prefix_trie xs (Nd b (l,r))) = (if (l,r) = (Lf,Lf) then Lf else prefix_trie xs (Nd False (l,r)))" -by(induction xs)(auto simp: prefix_trie_Lf) + by(induction xs)(auto simp: prefix_trie_Lf) lemma delete_append_prefix_trie: "delete (xs @ ys) (prefix_trie xs t) = (if delete ys t = Lf then Lf else prefix_trie xs (delete ys t))" -by(induction xs)(auto simp: prefix_trie_Lf) + by(induction xs)(auto simp: prefix_trie_Lf) lemma nodeP_LfP2: "nodeP xs False (LfP, LfP) = LfP" -by(simp add: nodeP_def) + by(simp add: nodeP_def) text \Some non-inductive aux. lemmas:\ lemma abs_trieP_nodeP: "a\LfP \ b \ LfP \ abs_trieP (nodeP xs f (a, b)) = prefix_trie xs (Nd f (abs_trieP a, abs_trieP b))" -by(auto simp add: nodeP_def prefix_trie_append split: trieP.split) + by(auto simp add: nodeP_def prefix_trie_append split: trieP.split) lemma nodeP_True: "nodeP ps True lr = NdP ps True lr" -by(simp add: nodeP_def) + by(simp add: nodeP_def) lemma delete_abs_trieP: "delete ks (abs_trieP t) = abs_trieP (deleteP ks t)" -apply(induction t arbitrary: ks) -apply(auto simp: delete_prefix_trie delete_append_prefix_trie - prefix_trie_append prefix_trie_Lf abs_trieP_Lf nodeP_LfP2 abs_trieP_nodeP nodeP_True - dest!: lcp_if split: if_splits list.split prod.split) -done +proof (induction t arbitrary: ks) +qed (auto simp: delete_prefix_trie delete_append_prefix_trie + prefix_trie_append prefix_trie_Lf abs_trieP_Lf nodeP_LfP2 abs_trieP_nodeP nodeP_True + dest!: lcp_if split: if_splits list.split prod.split) text \Invariant preservation:\ lemma insertP_LfP: "insertP xs t \ LfP" -by(cases t)(auto split: prod.split list.split) + by(cases t)(auto split: prod.split list.split) lemma invarP_insertP: "invarP t \ invarP(insertP xs t)" proof(induction t arbitrary: xs) @@ -331,7 +300,7 @@ (* Inlining this proof leads to nontermination *) lemma invarP_nodeP: "\ invarP t1; invarP t2\ \ invarP (nodeP xs b (t1, t2))" -by (auto simp add: nodeP_def split: trieP.split) + by (auto simp add: nodeP_def split: trieP.split) lemma invarP_deleteP: "invarP t \ invarP(deleteP xs t)" proof(induction t arbitrary: xs) @@ -345,20 +314,20 @@ text \The overall correctness proof. Simply composes correctness lemmas.\ definition set_trieP :: "trieP \ bool list set" where -"set_trieP = set_trie o abs_trieP" + "set_trieP = set_trie o abs_trieP" lemma isinP_set_trieP: "isinP t xs = (xs \ set_trieP t)" -by(simp add: abs_trieP_isinP set_trie_isin set_trieP_def) + by(simp add: abs_trieP_isinP set_trie_isin set_trieP_def) lemma set_trieP_insertP: "set_trieP (insertP xs t) = set_trieP t \ {xs}" -by(simp add: abs_trieP_insertP set_trie_insert set_trieP_def) + by(simp add: abs_trieP_insertP set_trie_insert set_trieP_def) lemma set_trieP_deleteP: "set_trieP (deleteP xs t) = set_trieP t - {xs}" -by(auto simp: set_trie_delete set_trieP_def simp flip: delete_abs_trieP) + by(auto simp: set_trie_delete set_trieP_def simp flip: delete_abs_trieP) interpretation SP: Set -where empty = emptyP and isin = isinP and insert = insertP and delete = deleteP -and set = set_trieP and invar = invarP + where empty = emptyP and isin = isinP and insert = insertP and delete = deleteP + and set = set_trieP and invar = invarP proof (standard, goal_cases) case 1 show ?case by (simp add: set_trieP_def set_trie_def) next