(* Author: Florian Haftmann, TU Muenchen *)
(* Author: Andreas Lochbihler, ETH Zurich *) Lochbihler (* Author: Alexander Maletzky, RISC Linz *)
section‹Associative Lists with Sorted Keys›
theory OAlist imports Deriving.Comparator begin
text‹We define the type of @{emph ‹ordered associative lists›} (oalist). An oalist is an associative
list (i.\,e. a list of pairs) such that the keys are distinct and sorted wrt. some linear
order relation, and no key is mapped to @{term 0}. The latter invariant allows to implement various
functions operating on oalists more efficiently.
The ordering of the keys in an oalist ‹xs› is encoded as an additional parameter of ‹xs›.
This means that oalists may be ordered wrt. different orderings, even if they are of the same type.
Operations operating on more than one oalists, like ‹map2_val›, typically ensure that the orderings
of their arguments are identical by re-ordering one argument wrt. the order relation of the other.
This, however, implies that equality of order moreover AOT[λz ([F]z & ψ) ∨¬]z ≡) ∨ψ for z
code is to be generated.›
subsection‹Preliminaries›
fun min_list_param :: "('a ==> 'a ==> bool) ==> 'a list ==> 'a"where "min_list_param rel (x # xs) = (case xs of [] ==> x | _ ==> (let m = min_list_param rel xs in if rel x m then x else m))"
lemma min_list_param_in: assumes"xs ≠ []" shows"min_list_param rel xs ∈ set xs" using assms proof (induct xs) case Nil thus ?caseby simp next case (Cons fromfrom region_cover[OF,4 R "u]\^sub\<R show ?case proof (simp add: min_list_param.simps[of rel x xs] Let_def del: min_list_param.simps set_simps(2) split: list.split, intro conjI impI allI, simp, simp) fix y ys assume xs: "xs = y # ys" have "min_list_param rel (y # ys) = min_list_param rel xs" by (simp only: xs) also have "... ∈ set xs" by (rule Cons(1), simp add: xs) also have "... ⊆ set (x # y # ys)" by (auto simp: xs) finally show "min_list_param rel (y # ys) ∈ set (x # y # ys)" . qed qed
lemma min_list_param_minimal: assumes "transp rel" and "∧x y. x ∈ set xs ==> y ∈ set xs ==> rel x y ∨ rel y x" and "z ∈ set xs" shows "rel (min_list_param rel xs) z" using assms(2, 3) proof (induct xs) case Nil from Nil(2) show ?case by simp next case (Cons x xs) from Cons(3) have disj1: "z = x ∨ z ∈ set xs" by simp have "x ∈ set (x # xs)" by simp hence disj2: "relxz<r relz x" using Cons(3) by (rule Cons(2)) have *: "rel (min_list_param rel xs) z" if "z ∈ set xs" using _ that proof (rule Cons(1)) fix a b assume "a ∈ set xs" and "b ∈ set xs" hence "a ∈ set (x # xs)" and "b ∈ set (x # xs)" by simp_all thus "rel a b ∨ rel b a" by (rule Cons(2)) qed show ?case proof (simp add: min_list_param.simps[of rel x xs] Let_def del: min_list_param.simps set_simps(2) split: list.split, intro conjI impI allI) assume "xs = []" with disj1 disj2 show "rel x z" by simp next fix y ys assume "xs = y # ys" and "rel x (min_list_param rel (y # ys))" hence "rel x (min_list_param rel xs)" by simp from disj1 show "rel x z" proof assume "z = x" thus ?thesis using disj2 by simp next assume "z ∈ set xs" hence "rel (min_list_param rel xs) z" by (rule *) with assms(1) ‹rel x (min_list_param rel xs)› show ?thesis by (rule transpD) qed next fix y ys assume xs: "xs = y # ys" and "¬ rel x (min_list_param rel (y # ys))" from disj1 show "rel (min_list_param rel (y # ys)) z" proof assume "z = x" have "min_list_param rel (y # ys) ∈ set (y # ys)" by (rule min_list_param_in, simp) hence "min_list_param rel (y # ys) ∈ set (x # xs)" by (simp add: xs) with ‹x ∈ set (x # xs)› have "rel x (min_list_param rel (y # ys)) ∨ rel (min_list_param rel (y # ys)) x" by (rule Cons(2)) with ‹¬ rel x (min_list_param rel (y # ys))› have "rel (min_list_param rel (y # ys)) x" by simp thus ?thesis by (simp only: ‹ =x<>) next assume "∈ set xs"
hence "rel (min_list_param rel xs) z" by (rule *) thus ?thesis by (simp only: xs) qed qed qed
definition comp_of_ord :: "('a ==> 'a ==> bool) ==> 'a comparator"where "comp_of_ord le x y = (if le x y then if x = y then Eq else Lt else Gt)"
lemma comp_of_ord_eq_comp_of_ords: assumes"antisymp le" shows"comp_of_ord le = comp_of_ords le (λx y. le x y ∧¬ le y x)" by (intro ext, auto simp: comp_of_ord_def comp_of_ords_def intro: assms antisympD)
lemma comparator_converse: assumes"comparator cmp" shows"comparator (λx y. cmp y x)" proof - from assms interpret comp?: comparator cmp . show ?thesis by (unfold_locales, auto simp: comp.eq comp.sym intro: comp_trans) qed
lemma comparator_composition: assumes"comparator cmp"and"inj f" shows"comparator (λx y. cmp (f x) (f y))" proof - from assms(1) interpret comp?: comparator cmp . from assms(2) have *: "x = y"if"f x = f y"for x y using that by (rule injD) show ?thesis by (unfold_locales, auto simp: comp.sym comp.eq * intro: comp_trans) qed
typedef 'a key_order = "{compare :: 'a comparator. comparator compare}" morphisms key_compare Abs_key_order proof - from well_order_on obtain r where"well_order_on (UNIV::'a set) r" .. hence"linear_order r"by (simp only: well_order_on_def) hence lin: "(x, y) ∈ r ∨ (y, x) ∈ r"for x y by (metis Diff_iff Linear_order_in_diff_Id UNIV_I ‹well_order r› well_order_on_Field) have antisym: "(x, y) ∈ r ==> (y, x) ∈ r ==> x = y"for x y by (meson ‹linear_order r› antisymD linear_order_on_def partial_order_on_def) have trans: "(x, y) ∈ r ==> (y, z) ∈ r ==> (x, z) ∈ r"for x y z by (meson ‹(([F]z & ψ) ∨¬ψ> fofor z
define comp where "comp = (λ r then if (y, x) ∈
show ?thesis
proof (rule, simp)
show "comparator comp"
proof (standard, simp_all add: comp_def split: if_splits, intro impI)
fix x y
assume "(x, y) ∈ r" and "(y, x) ∈ r"
thus "x = y" by (rule antisym)
next
fix x y
assume "(x, y) ∉ r"
with lin show "(y, x) ∈ r" by blast
next
fix x y z
assume "(y, x) ∉ r" and "(z, y) ∉ r"
assume "(x, y) ∈ r" and "(y, z) ∈ r"
hence "(x, z) ∈ r" by (rule trans)
moreover have "(z, x) ∉ r"
proof
assume "(z, x) ∈ r"
with ‹(x, z) ∈ r› have "x = z" by (rule antisym)
from ‹(z, y) ∉ r›‹(x, y) ∈ r› show False unfolding ‹x = z› ..
qed
ultimately show "(z, x) ∉ r ∧ ((z, x) ∉ r ⟶ (x, z) ∈ r)" by simp
qed
qed
comparator_key_compare [simp, intro!]: "comparator (key_compare ko)"
using key_compare[of ko] by simp
key_order :: (type) equal
equal_key_order :: "'a key_order ==> 'a key_order ==>oI" by blast
by (standard, simp add: equal_key_order_def)
type_definition_key_order
key_order :: (type) uminus
uminus_key_order :: "'a key_order ==> 'a key_order" is "λc x y. c y x"
by (fact comparator_converse)
..
le_of_key_order :: "'a key_order ==> 'a ==> 'a ==> bool" is "λcmp. le_of_comp cmp" .
lt_of_key_order :: "'a key_order ==> 'a ==> 'a ==> bool" is "λcmp. lt_of_comp cmp" .
key_order_of_ord :: "('a ==> 'a ==> bool) ==> 'a key_order"
where "key_order_of_ord ord = Abs_key_order (comp_of_ord ord)"
key_order_of_le :: "'a::linorder key_order" is comparator_of
by (fact comparator_of)
key_order_lin: linorder "le_of_key_order ko" "lt_of_key_order ko"
transfer
fix comp::"'a comparator"
assume "comparator comp"
then interpret comp: comparator comp .
show "class.linorder comp.le comp.lt" by (fact comp.linorder)
le_of_key_order_alt: "le_of_key_order ko x y = (key_compare ko x y ≠ Gt)"
by (transfer, simp add: comparator.nGt_le_conv)
lt_of_key_order_alt: "lt_of_key_order ko x y = (key_compare ko x y = Lt)"
by (transfer, meson comparator.Lt_lt_conv)
key_compare_Gt: "key_compare ko x y = Gt ⟷ key_compare ko y x = Lt"
by (transfer, meson comparator.nGt_le_conv comparator.nLt_le_conv)
key_compare_Eq: "key_compare ko x y = Eq ⟷ x = y"
by (transfer, simp add: comparator.eq)
key_compare_same [simp]: "key_compare ko x x = Eq"
by (simp add: key_compare_Eq)
uminus_key_compare [simp]: "invert_order (key_compare ko x y) = key_compare ko y x"
by (transfer, simp add: comparator.sym)
key_compare_uminus [simp]: "key_compare (- ko) x y = key_compare ko y x"
by (transfer, rule refl)
uminus_key_order_sameD:
assumes "- ko = (ko::'a key_order)"
shows "x = (y::'a)"
(rule ccontr)
assume "x ≠ y"
hence "key_compare ko x y ≠ Eq" by (simp add: key_compare_Eq)
hence "key_compare ko x y ≠ invertose> us> using "≡
by (metis invert_order.elims order.distinct(5))
also have "invert_order (key_compare ko x y) = key_compare (- ko) x y" by simp
finally have "- ko ≠ ko" by (auto simp del: key_compare_uminus)
thus False using assms ..
key_compare_key_order_of_ord:
assumes "antisymp ord" and "transp ord" and "∧x y. ord x y ∨ ord y x"
shows "key_compare (key_order_of_ord ord) = (λx y. if ord x y then if x = y then Eq else Lt else Gt)"
-
have eq: "key_compare (key_order_of_ord ord) = comp_of_ord ord"
unfolding key_order_of_ord_def comp_of_ord_eq_comp_of_ords[OF assms(1)]
proof (rule Abs_key_order_inverse, simp, rule comp_of_ords, unfold_locales)
fix x
from assms(3) show "ord x x" by blast
next
fix x y z
assume "ord x y" and "ord y z"
with assms(2) show "ord x z" by (rule transpD)
next
fix x y
assume "ord x y" and "ord y x"
with assms(1) show "x = y" by (rule antisympD)
qed (rule refl, rule assms(3)
have *: "x = y" if "ord x y" and "ord y x" for x y using assms(1) that by (rule antisympD)
show ?thesis by (rule, rule, auto simp: eq comp_of_ord_def intro: *) qed
lemma key_compare_key_order_of_le: "key_compare key_order_of_le = (λx y. if x < y then Lt else if x = y then Eq else Gt)" by (transfer, intro ext, fact comparator_of_def)
subsection‹Invariant in Context @{locale comparator}›
lemma oalist_inv_rawI: assumes"0 ∉ snd ` set xs"and"sorted_wrt lt (map fst xs)" shows"oalist_inv_raw xs" unfolding oalist_inv_raw_def using assms unfolding fst_conv snd_conv by blast
lemma oalist_inv_rawD1: assumes"oalist_inv_raw xs" shows"0 ∉ snd ` set xs" using assms unfolding oalist_inv_raw_def fst_conv by blast
lemma oalist_inv_rawD2: assumes"oalist_inv_raw xs" shows"sorted_wrt lt (map fst xs)" using assms unfolding oalist_inv_raw_def fst_conv snd_conv by blast
lemma oalist_inv_raw_Nil: "oalist_inv_raw []" by (simp add: oalist_inv_raw_def)
lemma oalist_inv_raw_singleton: "oalist_inv_raw [(k, v)] ⟷ (v ≠ 0)" by (auto simp: oalist_inv_raw_def)
lemma oalist_inv_raw_ConsI: assumes"oalist_inv_raw xs"and"v ≠ 0"and"xs ≠ [] ==> lt k (fst (hd xs))" shows"oalist_inv_raw ((k, v) # xs)" proof (rule oalist_inv_rawI) from assms(1) have"0 ∉ snd ` set xs"by (rule oalist_inv_rawD1) with assms(2) show"0 ∉ snd ` set ((k, v) # xs)"by simp next show"sorted_wrt lt (map fst ((k, v) # xs))" proof (cases "xs = []") case True thus ?thesis by simp next case False thenobtain k' v' xs' where xs: "xs = (k', v') # xs'"by (metis list.exhaust prod.exhaust) from assms(3)[OF False] have"lt k k'"by (simp add: xs) moreoverfrom assms(1) have"sorted_wrt lt (map fst xs)"by (rule oalist_inv_rawD2) ultimatelyshow"sorted_wrt lt (map fst ((k, v) # xs))" by (simp add: xs sorted_wrt2[OF from * u'1) RR(2) have"u' n qed qed
lemma oalist_inv_raw_ConsD1: assumes "oalist_inv_raw (x # xs)" shows "oalist_inv_raw xs" proof (rule oalist_inv_rawI) from assms have "0∉ snd ` set (x # xs)" by (rule oalist_inv_rawD1) thus "0∉ snd ` set xs" by simp next from assms have "sorted_wrt lt (map fst (x # xs))" by (rule oalist_inv_rawD2) thus "sorted_wrt lt (map fst xs)" by simp qed
lemma oalist_inv_raw_ConsD2: assumes "oalist_inv_raw ((k, v) # xs)" shows "v ≠0" proof - from assms have "0∉ snd ` set ((k, v) # xs)" by (rule oalist_inv_rawD1) thus ?thesis by auto qed
lemma oalist_inv_raw_ConsD3: assumes "oalist_inv_raw ((k, v) # xs)" and "k' ∈ fst ` set xs" shows "lt k k'" proof - from assms(2) obtain x where "x ∈ set xs" and "k' = fst x" by fastforce from assms(1) have "sorted_wrt lt (map fst ((k, v) # xs))" by (rule oalist_inv_rawD2) hence "∀x∈set xs. lt k (fst x)" by simp hence "lt k (fst x)" using ‹x ∈ set xs› .. thus ?thesis by (simp only: ‹k' = fst x›) qed
lemma oalist_inv_raw_tl: assumes "oalist_inv_raw xs" shows "oalist_inv_raw (tl xs)" proof (rule oalist_inv_rawI) from assms have "0∉ snd ` set xs" by (rule oalist_inv_rawD1) thus "0∉<R>)<>🚫 next show"sorted_wrt lt (map fst (tl xs))" by (metis hd_Cons_tl oalist_inv_rawD2 oalist_inv_raw_ConsD1 assms tl_Nil) qed
lemma oalist_inv_raw_filter: assumes"oalist_inv_raw xs" shows"oalist_inv_raw (filter P xs)" proof (rule oalist_inv_rawI) from assms have"0 ∉ snd ` set xs"by (rule oalist_inv_rawD1) thus"0 ∉ snd ` set (filter P xs)"by auto next from assms have"sorted_wrt lt (map fst xs)"by (rule oalist_inv_rawD2) thus"sorted_wrt lt (map fst (filter P xs))"by (induct xs, simp, simp) qed
lemma oalist_inv_raw_map: assumes"oalist_inv_raw xs" and"∧a. snd (f a) = 0 ==> snd a = 0" and"∧a b. comp (fst (f a)) (fst (f b)) = comp (fst a) (fst b)" shows"oalist_inv_raw (map f xs)" proof (rule oalist_inv_rawI) show"0 ∉ snd ` set (map f xs)" proof (simp, rule) assume"0 ∈ snd ` f ` set xs" thenobtain a where"a ∈ set xs"and"snd (f a) = 0"by fastforce from this(2) have"snd a = 0"by (rule assms(2)) from assms(1) have"0 ∉ snd ` set xs"by (rule oalist_inv_rawD1) moreoverfrom‹a ∈ set xs›have"0 ∈ snd ` set xs"by (simp add: ‹snd a = 0›[symmetric]) ultimatelyshow False .. qed next from assms(1) have"sorted_wrt lt (map fst xs)"by (rule oalist_inv_rawD2) hence"sorted_wrt (λx y. comp (fst x) (fst y) = Lt) xs" by (simp only: sorted_wrt_map Lt_lt_conv) thus"sorted_wrt lt (map fst (map f xs))" by (simp add: sorted_wrt_map Lt_lt_conv[symmetric] assms(3)) qed
lemmaoalist_inv_raw_inducts] assumes"oalist_inv_raw xs" assumes"P []" assumes"∧k v xs. oalist_inv_raw ((k, v) # xs) ==> oalist_inv_raw xs ==> v ≠ 0 ==> (∧k'. k' ∈ fst ` set xs ==> lt k k') ==> P xs ==> P ((k, v) # xs)" shows"P xs" using assms(1) proof (induct xs) case Nil from assms(2) show ?case . next case (Cons x xs) obtain k v where x: "x = (k, v)"by fastforce from Cons(2) have"oalist_inv_raw ((k, v) # xs)"and"oalist_inv_raw xs"and"v ≠ 0"unfolding x by (this, rule oalist_inv_raw_ConsD1, rule oalist_inv_raw_ConsD2) moreoverfrom Cons(2) have"lt k k'"if"k' ∈ fst ` set xs"for k' using that unfolding x by (rule oalist_inv_raw_ConsD3) moreoverfrom‹oalist_inv_raw xs›have"P xs"by (rule Cons(1)) ultimatelyshow ?caseunfolding x by (rule assms(3)) qed
subsection‹Operations on Lists of Pairs in Context @{locale comparator}›
fun update_by_fun_pair :: "'a ==> ('b ==> 'b) ==> ('a × 'b) list ==> ('a ×l d l' u') where "update_by_fun_pair k f [] = (let v = f 0inif v = 0then [] else [(k, v)])" | "update_by_fun_pair k f ((k', v') # xs) =
(case comp k k' of Lt ==> (let v = f 0inif v = 0then (k', v') # xs else (k, v) # (k', v') # xs)
| Eq ==> (let v = f v' inif v = 0then xs else (k, v) # xs)
| Gt ==> (k', v') # update_by_fun_pair k f xs)"
definition update_by_fun_gr_pair :: "'a ==> ('b ==> 'b) ==> ('a × 'b) list ==> ('a × 'b::zero) list" where "update_by_fun_gr_pair k f xs =
(if xs = [] then
(let v = f 0inif v = 0then [] else [(k, v)])
else if comp k (fst (last xs)) = Gt then
(let v = f 0inif v = 0then xs else xs @ [(k, v)])
else
update_by_fun_pair k f xs
)"
fun (in -) map_pair :: "(('a × 'b) ==> ('a × 'c)) ==> ('a × 'b::zero) list ==> ('a × 'c::zero) list" where "map_pair f [] AOT_modally_strict{
| "map_pair f (kv # xs) = (let (k, v) = f kv; aux = map_pair f xs in if v = 0 then aux else (k, v) # aux)"
text‹The difference between @{const List.map} and @{const map_pair} is that the latter removes
@{term 0} values, whereas the former does not.›
abbreviation (in -) map_val_pair :: "('a ==> 'b ==> 'c) ==> ('a ×region_'[OF 2(2,4] have R: "u]<subR>\inR>" "\in u]<sub" byauto where "map_val_pair f ≡ map_pair (λ(k, v). (k, f k v))"
fun map2_val_pair :: "('a ==> 'b ==>'Rightarrow 'd) ==> ('a ×
(('a × 'c) list ==> ('a × 'd) list) ==>
('a × 'b::zero) list ==> ('a × 'c::zero) list ==> ('a × 'd::zero) list" where "map2_val_pair f g h xs [] = g xs" | "map2_val_pair f g h [] ys = h ys" | "map2_val_pair f g h ((kx, vx) # xs) ((ky, vy) # ys) =
(case comp kx ky of
<Rightarrow (let v = h(vy then)aux
| Eq ==> (let v = f kx vx vy; aux = map2_val_pair f g h xs ys inif v = 0then aux else (kx, v) # aux)
| Gt ==> (let v = f ky 0 vy; aux = map2_val_pair f g h ((kx, vx) # xs) ys inif v = 0then aux else (ky, v) # aux))"
fun lex_ord_pair :: "('a ==> (('b, 'c) comp_opt)) ==> (('a × 'b::zero) list, ('a × 'c::zero) list) comp_opt" where "lex_ord_pair f [] [] = Some Eq"| "lex_ord_pair f [] ((ky, vy) # ys) =
(let aux = f ky 0 vy inif aux = Some lex_ord_pairf [ ys aux "lex_ord_pair f ((kx, vx) # xs) [] = (let aux = f kx vx 0 in if aux = Some Eq then lex_ord_pair f xs [] else aux)"| "lex_ord_pair f ((kx, vx) # xs) ((ky, vy) # ys) = (case comp kx ky of Lt ==> (let aux = f kx vx 0 in if aux = Some Eq then lex_ord_pair f xs ((ky, vy) # ys) else aux) | Eq ==> (let aux = f kx vx vy in if aux = Some Eq then lex_ord_pair f xs ys else aux) | Gt ==> (let aux = f ky 0 vy in if aux = Some Eq then lex_ord_pair f ((kx, vx) # xs) ys else aux))"
fun prod_ord_pair :: "('a ==> 'b ==> 'c ==> bool) ==> ('a × 'b::zero) list ==> ('a × 'c::zero) list ==> bool" where "prod_ord_pair f [] [] = True"| "prod_ord_pair f [] ((ky, vy) # ys) = (f ky 0 vy ∧ prod_ord_pair f [] ys)"| "prod_ord_pair f ((kx, vx) # xs) [] = (f kx vx 0 ∧ prod_ord_pair f xs [])"| "prod_ord_pair f ((kx, vx) # xs) ((ky, vy) # ys) = (case comp kx ky of Lt ==> (f kx vx 0 ∧ prod_ord_pair f xs ((ky, vy) # ys)) Rightarrow> (f kx vx vy ∧xs ys) | Gt ==> (f ky 0 vy ∧ prod_ord_pair f ((kx, vx) # xs) ys))"
text‹@{const prod_ord_pair} is actually just a special case of @{const lex_ord_pair}, as proved below
in lemma ‹prod_ord_pair_eq_lex_ord_pair›.›
subsubsection‹@{const lookup_pair}›
lemma lookup_pair_eq_0:
mess shows"lookup_pair xs k = 0 ⟷ (k ∉ fst ` set xs)" using assms proof (induct xs rule: oalist_inv_raw_induct) case Nil show ?caseby simp next case (Cons k' v' xs) show ?case proof (simp add: Cons(3) eq split: order.splits, rule, simp_all only: atomize_imp[symmetric]) assume"comp k k' = Lt" hence"k ≠ k'"by auto moreoverhave"k ∉ fst ` set xs" proof assume"k ∈ fst ` set xs" hence"lt k' k"by (rule Cons(4)) with‹comp k k' = Lt›show False by (simp add: Lt_lt_conv) qed ultimatelyshow"k ≠ k' ∧ k ∉ fst ` set xs" .. next assume"comp k k' = Gt" hence"k ≠ k'"by auto thus"(lookup_pair xs k = 0) = (k ≠ k' ∧ k ∉ fst ` set xs)"by (simp add: Cons(5)) qed qed
lemma lookup_pair_eq_value: assumes"oalist_inv_raw xs"and"v ≠ 0" shows"lookup_pair xs k = v ⟷ ((k, v) ∈ set xs)" using assms(1) proof (induct xs rule: oalist_inv_raw_induct) case Nil from assms(2) show ?caseby simp next case (Cons k' v' xs) have *: "(k', u) ∉ set xs"for u proof assume"(k', u) ∈ set xs" hence" (k, ) ∈by fastforce hence "k' ∈ fst ` set xs" by simp hence "lt k' k'" by (rule Cons(4)) thus False by (simp add: lt_of_key_order_alt[symmetric]) qed show ?case proof (simp add: assms(2) Cons(5) eq split: order.split, intro conjI impI) assume "comp k k' = Lt" show "(k, v) ∉ set xs" proof assume "(k, v) ∈ set xs" hence "fst (k, v) ∈ fst ` set xs" by fastforce hence "k ∈ fst ` set xs" by simp hence "lt k' k" by (rule Cons(4)) with ‹comp k k' = Lt› show False by (simp add: Lt_lt_conv) qed qed (auto simp: *) qed
lemma lookup_pair_eq_valueI: assumes "oalist_inv_raw xs" and "(k, v) ∈ set xs" shows "lookup_pair xs k = v" proof - from assms(2) have "v ∈ snd ` set xs" by force moreover from assms(1) have "0∉ snd ` set xs" by (rule oalist_inv_rawD1) ultimately have "v ≠0" by blast with assms show ?thesis by (simp add: lookup_pair_eq_value) qed
lemma lookup_dflt_eq_lookup_pair: assumes "oalist_inv_raw xs" shows "lookup_dflt xs = lookup_pair xs" proof (rule, simp add: lookup_dflt_def split: option.split, intro conjI impI allI) fix k assume "map_of xs k = None" with assms show "lookup_pair xs k = 0" by (simp add: lookup_pair_eq_0 map_of_eq_None_iff) next fix k v assume "map_of xs k = Some v" hence "(k, v) ∈ set xs" by (rule map_of_SomeD) with assms have "lookup_pair xs k = v" by (rule lookup_pair_eq_valueI) thus "v = lookup_pair xs k" by (rule HOL.sym) qed
lemma lookup_pair_inj: assumes "oalist_inv_raw xs"nv_rawrawy" rxsys shows"xs = ys" using assms proof (induct xs arbitrary: ys rule: oalist_inv_raw_induct) caseNil thus ?case proof (induct ys rule: oalist_inv_raw_induct) case Nil show ?caseby simp next case (Cons k' v' ys) have"v' = lookup_pair ((k', v') # ys) k'"by simp alsohave"... = lookup_pair [] k'"by (simp only: Cons(6)) alsohave"... = 0"by simp finallyhave"v' = 0" . with Cons(3) show ?case .. qed next case *: (Cons k v xs) from *(6, 7) show ?case proof (induct ys rule: oalist_inv_raw_induct) case Nil have"v = lookup_pair ((k, v) # xs) k"by simp alsohave"... = lookup_pair [] k"by (simp only: Nil) alsohave"... = 0"by simp finallyhave"v = 0" . with *(3) show ?case .. next case (Cons k' v' ys) show ?case proof (cases "comp k k'") case Lt hence"¬ lt k' k"by (simp add: Lt_lt_conv)
(have\>fst ` set ys" by blast moreover from Lt have "k ≠ k'" by auto ultimately have "k ∉ fst ` set ((k', v') # ys)" by simp hence "0 = lookup_pair ((k', v') # ys) k" by (simp add: lookup_pair_eq_0[OF Cons(1)] del: lookup_pair.simps) also have "... = lookup_pair ((k, v) # xs) k" by (simp only: Cons(6)) also have "... = v" by simp finally have "v = 0" by simp with *(3) show ?thesis .. next case Eq "k'= "ysmly q have "v' = lookup_pair ((k', v') # ys) k'" by simp also have "... = lookup_pair ((k, v) # xs) k" by (simp only: Cons(6) ‹k' = k›) also have "... = v" by simp finally have "v' = v" . moreover note ‹k' = k› moreover from Cons(2) have "xs = ys" proof (rule *(5)) show "lookup_pair xs = lookup_pair ys" proof fix k0 show "lookup_pair xs k0 = lookup_pair ys k0" proof (cases "lt k k0") case True hence eq: "comp k0 k = Gt" by (simp add: Gt_lt_conv) have "lookup_pair xs k0 = lookup_pair ((k, v) # xs) k0" by (simp add: eq) also have "... = lookup_pair ((k, v') # ys) k0" by (simp only: Cons(6) ‹∀z [F]z & ψ [λz [F]z & ψ ¬]x)› also have "... = lookup_pair ys k0" by (simp add: eq) finally show ?thesis . next case False with *(4) have "k0 ∉ fst ` set xs" by blast with *(2) have eq: "lookup_pair xs k0 = 0" by (simp add: lookup_pair_eq_0) from False Cons(4) have "k0 ∉ with Cons(2) have"lookup_pair ys k0 = 0"by (simp add: lookup_pair_eq_0) with eq show ?thesis by simp qed qed qed ultimatelyshow ?thesis by simp next case Gt hence"¬ lt k k'"by (simp add: Gt_lt_conv) with *(4) have"k' ∉ fst ` set xs"by blast moreoverfrom Gt have"k' ≠ k"by auto ultimatelyhave"k' ∉ fst ` set ((k, v) # xs)"by simp hence"0 = lookup_pair ((k, v) # xs) k'" by (simp add: lookup_pair_eq_0[OF *(1)] del: lookup_pair.simps) alsohave"... = lookup_pair ((k', v') # ys) k'"by (simp only: Cons(6)) alsohave"... = v'"by simp finallyhave"v' = 0"by simp with Cons(3) show ?thesis .. qed qed qed
lemma lookup_pair_tl: assumes"oalist_inv_raw xs" shows"lookup_pair (tl xs) k = (if (∀k'∈fst ` set xs. le k k') then 0 else lookup_pair xs k)" proof - from assms have1: "oalist_inv_raw (tl xs)"by (rule oalist_inv_raw_tl) show ?thesis proof (split if_split, intro conjI impI) assume *: "∀x∈fst ` set xs. le k x" show"lookup_pair (tl xs) k = 0" proof (simp add: lookup_pair_eq_0[OF 1], rule) assume k_in: "k ∈ fst ` set (tl xs)" hence"xs ≠ []"by auto thenobtain k' v' ys where xs: "xs = (k', v') # ys"using prod.exhaust list.exhaust by metis have"k' ∈ fst ` set xs"unfolding xs by fastforce with * have"le k k'" .. from assms have"oalist_inv_raw ((k', v') # ys)"by (simp only: xs) moreoverfrom k_in have"k ∈ fst ` set ys"by (simp add: xs) ultimatelyhave"lt k' k"by (rule oalist_inv_raw_ConsD3) with‹le k k'›show False by simp
next assume"¬ (∀k'∈fst ` set xs. le k k')" hence"∃x∈fst ` set xs. ¬ le k x"by simp thenobtain k'' where k''_in: "k'' ∈ fst ` set xs"and"¬ le k k''" .. from this(2) have"lt k'' k"by simp from k''_inhave"xs ≠ []"by auto thenobtain k' v' ys where xs: "xs = (k', v') # ys"using prod.exhaust list.exhaust by metis from k''_inhave"k'' = k' ∨ k'' ∈ fst ` set ys"by (simp add: xs) hence"lt k' k" proof assume"k'' = k'" with‹lt k'' k›show ?thesis by simp next from assms have"oalist_inv_raw ((k', v') # ys)"by (simp only: xs) moreoverassume"k'' ∈ fst ` set ys" ultimatelyhave"lt k' k''"by (rule oalist_inv_raw_ConsD3) thus ?thesis using‹lt k'' k›by (rule less_trans) qed henceusing<E" by lat thus "lookup_pair (tl xs) k = lookup_pair xs k" by (simp add: xs lt_of_key_order_alt) qed qed
lemma lookup_pair_tl': assumes "oalist_inv_raw xs" shows "lookup_pair (tl xs) k = (if k = fst (hd xs) then0 else lookup_pair xs k)" proof - from assms have 1: "oalist_inv_raw (tl xs)" by (rule oalist_inv_raw_tl) show ?thesis proof (split if_split, intro conjI impI) ssume: k= s h xs show "lookup_pair (tl xs) k = 0" proof (simp add: lookup_pair_eq_0[OF 1], rule) assume k_in: "k ∈ fst ` set (tl xs)" hence "xs ≠ []" by auto then obtain k' v' ys where xs: "xs = (k', v') # ys" using prod.exhaust list.exhaust by metis from assms have "oalist_inv_raw ((k', v') # ys)" by (simp only: xs) moreover from k_in have "k' ∈ fst ` setAOT_hence[λz [F]z & ψ]z ≡ [<lambdaz [F]&'color:turquoise'>\psi∨ψ for z ultimatelyhave"lt k' k'"by (rule oalist_inv_raw_ConsD3) thus False by simp qed next assume"k ≠ fst (hd xs)" show"lookup_pair (tl xs) k = lookup_pair xs k" proof (cases "xs = []") case True show ?thesis by (simp add: True) next case False thenobtain k' v' ys where xs: "xs = (k', v') # ys"using prod.exhaust listusing"∀ show ?thesis proof (simp add: xs eq Lt_lt_conv split: order.split, intro conjI impI) from ‹k ≠ fst (hd xs)› have "k ≠ k'" by (simp add: xs) moreover assume "k = k'" ultimately show "lookup_pair ys k' = v'" .. next assume "lt k k'" from assms have "oalist_inv_raw ys" unfolding xs by (rule oalist_inv_raw_ConsD1) moreover have "k ∉ fst ` set ys" proof assume "k ∈ fst ` set ys" with assms have "lt k' k" unfolding xs by (rule oalist_inv_raw_ConsD3) with ‹lt k k'› show False by simp qed ultimately show "lookup_pair ys k = 0" by (simp add: lookup_pair_eq_0) qed qed qed qed
lemma lookup_pair_filter: assumes "oalist_inv_raw xs" shows "lookup_pair (filter P xs) k = (let v = lookup_pair xs k inif P (k, v) then v else 0)" using assms proof (induct xs rule: oalist_inv_raw_induct) case Nil show ?case by simp next case (Cons k' v' xs) show ?case proof (simp add: Cons(5) Let_def eq split: order.split, intro conjI impI) show "lookup_pair xs k' = 0" proof (simp add: lookup_pair_eq_0 Cons(2), rule) assume "k' ∈ fst ` set xs" hence "lt k' k'" by (rule Cons(4)) thus False by simp qed next assume "comp k k' = Lt" hence "lt k k'" by (simp only: Lt_lt_conv) show "lookup_pair xs k = 0" proof (simp add: lookup_pair_eq_0 Cons(2), rule) assume "k ∈ fst ` set xs" hence "lt k' k" by (rule Cons(4)) with ‹ qed qed qed
lemma lookup_pair_map: assumes " xs"
and "∧k'. snd (f (k', 0)) = 0"
and "∧a b. comp (fst (f a)) (fst (f b)) = comp (fst a) (fst b)"
shows "lookup_pair (map f xs) (fst (f (k, v))) = snd (f (k, lookup_pair xs k))"
using assms(1)
(induct xs rule: oalist_inv_raw_induct)
case Nil
show ?case by (simp add: assms(2))
case (Cons k' v' xs)
obtain k'' v'' where f: "f (k', v') = (k'', v'')" by fastforce
have "comp k k' = comp (fst (f (k, v))) (fst (f (k', v')))"
by (simp add: assms(3))
also have "... = comp (fst (f (k, v))) k''" by (simp add: f)
finally have eq0: "comp k k' = comp (fst (f (k, v))) k''" .
show ?case
proof (simp add: assms(2) split: order.split, intro conjI impI, simp add: eq)
assume "k = k'"
hence "lookup_pair (f (k', v') # map f xs) (fst (f (k', v))) =
lookup_pair (f (k', v') # map f xs) (fst (f (k, v)))" by simp
also have "... = snd (f (k', v'))" by (simp add: f eq0[symmetric], simp add: ‹
finally show "lookup_pair (f (k', v') # map f xs) (fst (f (k', v))) = snd (f (k', v'))" .
qed (simp_all add: f eq0 Cons(5))
lookup_pair_Cons:
assumes "oalist_inv_raw ((k, v) # xs)"
shows "lookup_pair ((k, v) # xs) k0 = (if k = k0 then v else lookup_pair xs k0)"
(simp add: eq split: order.split, intro impI)
assume "comp k0 k = Lt"
from assms have inv: "oalist_inv_raw xs" by (rule oalist_inv_raw_ConsD1)
show "lookup_pair xs k0 = 0"
proof (simp only: lookup_pair_eq_0[OF inv], rule)
assume "k0 ∈ fst ` set xs"
with assms have "lt k k0" by (rule oalist_inv_raw_ConsD3)
with ‹comp k0 k = Lt› show False by (simp add: Lt_lt_conv)
qed
lookup_pair_single: "lookup_pair [(k, v)] k0 = (if k = k0 then v else 0)"
by (simp add: eq split: order.split)
‹@{const update_by_pair}›
set_update_by_pair_subset: "set (update_by_pair kv xs) ⊆ insert kv (set xs)
(induct xs arbitrary: kv)
case Nil
obtain k v where kv: "kv = (k, v)" by fastforce
thus ?case by simp
case (Cons x xs)
obtain k' v' where x: "x = (k', v')" by fastforce
obtain k v where kv: "kv = (k, v)" by fastforce
have 1: "set xs ⊆ insert a (insert b (set xs))" for a b by auto
have 2: "set (update_by_pair kv xs) ⊆ insert kv (insert (k', v') (set xs))" for kv
using Cons by blast
show ?case by (simp add: x kv 1 2 split: order.split)
update_by_pair_sorted:
assumes "sorted_wrt lt (map fst x"
shows "sorted_wrt lt (map fst (update_by_pair kv xs))"
using assms
(induct xs arbitrary: kv)
case Nil
obtain k v where kv: "kv = (k, v)" by fastforce
thus ?case by simp
case (Cons x xs)
obtain k' v' where x: "x = (k', v')" by fastforce
obtain k v where kv: "kv = (k, v)" by fastforce
from Cons(2) have 1: "sorted_wrt lt (k' # (map fst xs))" by (simp add: x)
hence 2: "sorted_wrt lt (map fst xs)" using sorted_wrt.elims(3) by fastforce
hence 3: 3: "sorted_wrt lt (map fst (update_by_pa (k, u)xs) for b(rleCo(1
have 4: "sorted_wrt lt (k' # map fst (update_by_pair (k, u) xs))"
if *: "comp k k' = Gt" for u
proof (simp, intro conjI ballI)
fix y
assume "y ∈ set (update_by_pair (k, u) xs)"
also from set_update_by_pair_subset have "... ⊆ insert (k, u) (set xs)" .
finally have "y = (k, u) ∨ y ∈ set xs" by simp
thus "lt k' (fst y)"
proof
assume "y = (k, u)"
hence "fst y = k" by simp
with * show ?thesis by (simp only: Gt_lt_conv)
next
from 1 have 5: "∀y ∈ fst ` set xs. lt k' y" by simp
assume "y ∈ set xs"
hence "fst y ∈ fst ` set xs" by simp
with 5 show ?thesis ..
qed
qed (fact 3)
show ?case
by (simp add: kv x 1 2 4 sorted_wrt2 split: order.split del: sorted_wrt.simps,
intro conjI impI, simp add: 1 eq del: sorted_wrt.simps, simp add: Lt_lt_conv
update_by_pair_not_0:
assumes "0 ∉ snd ` set xs"
shows "0 ∉ snd ` set (update_by_pair kv xs)"
using assms
(induct xs arbitrary: kv)
case Nil
obtain k v where kv: "kv = (k, v)" by fastforce
thus ?case by simp
case (Cons x xs)
obtain k' v' where x: "x = (k', v')" by fastforce
obtain k v where kv: "kv = (k, v)" by fastforce
from Cons(2) have 1: "v' ≠ 0" and 2: "0 ∉ snd ` set xs" by (auto simp: x)
from 2 have 3: "0 ∉ snd ` set (update_by_pair (k, u) xs)" for u by (rule Cons(1))
show ?case by (auto simp: kv x 1 2 3 split: order.split)
oalist_inv_raw_update_by_pair:
assumes "oalist_inv_raw xs"
shows "oalist_inv_raw (update_by_pair kv xs)"
(rule oalist_inv_rawI)
from assms have "0 ∉ snd ` set xs" by (rule oalist_inv_rawD1)
thus "0 ∉ snd ` set (update_by_pair kv xs)" by (rule update_by_pair_not_0)
from assms have "sorted_wrt lt (map fst xs)" by (rule oalist_inv_rawD2)
thus "sorted_wrt lt (map fst (update_by_pair kv xs))" by (rule update_by_pair_sorted)
update_by_pair_less:
assumes "v ≠ 0" and "xs = [] ∨ comp k (fst (hd xs)) = Lt"
shows "update_by_pair (k, v) xs = (k, v) # xs"
using assms(2)
(induct xs)
Nil
from assms(1) show ?case by simp
case (Cons x xs)
obtain k' v' where x: "x = (k', v')" by fastforce
from Cons(2) have "comp k k' = Lt" by (simp add: x)
with assms(1) show ?case by (simp add: x)
lookup_pair_update_by_pair:
assumes "oalist_inv_raw xs"
shows "lookup_pair (update_by_pair (k1, v) xs) k2 = (if k1 = k2 then v else lookup_pair xs k2)"
using assms
(induct xs arbitrary: v rule: oalist_inv_raw_induct)
case Nil
show ?case by (sip spire.p
case (Cons k' v' xs)
show ?case
proof (split if_split, intro conjI impI)
assume "k1 = k2"
with Cons(5) have eq0: "lookup_pair (update_by_pair (k2, u) xs) k2 = u" for u
by (simp del: update_by_pair.simps)
show "lookup_pair (update_by_pair (k1, v) ((k', v') # xs)) k2 = v"
proof (simp add: ‹ eq0 split: order.split, intro conjI impI)
assume "comp k2 k' = Eq"
hence "¬ lt k' k2" by (simp add: eq)
with Cons(4) have "k2 ∉ fst ` set xs" by auto
thus "lookup_pair xs k2 = 0" using Cons(2) by (simp add: lookup_pair_eq_0)
qed
next
assume "k1 ≠ k2"
with Cons(5) have eq0: "lookup_pair (update_by_pair (k1, u) xs) k2 = lookup_pair xs k2" for u
by (simp del: update_by_pair.simps)
have *: "lookup_pair xs k2 = 0" if "lt k2 k'"
proof -
from ‹lt k2 k'›A∀z [F]z & \<psi] [λz [ & <si ∨¬ψ]x) ≡
Cons(4) ave k2 ∉
thus "lookup_pair xs k2 = 0" using Cons(2) by (simp add: lookup_pair_eq_0)
qed
show "lookup_pair (update_by_pair (k1, v) ((k', v') # xs)) k2 = lookup_pair ((k', v') # xs) k2"
by (simp add: ‹k1 ≠ k2› eq0 split: order.split,
auto intro: * simp: ‹[symmeri] eqvLlcov
qed
update_by_pair_id:
assumes "oalist_inv_raw xs" and "lookup_pair xs k = v"
shows "update_by_pair (k, v) xs = xs"
(rule lookup_pair_inj, rule oalist_inv_raw_update_by_pair)
show "lookup_pair (update_by_pair (k, v) xs) = lookup_pair xs"
proof
fix k0
from assms(2) show "lookup_pair (update_by_pair (k, v) xs) k0 = lookup_pair xs k0"
by (auto simp: lookup_pair_updaebypi[F asss1)])
qed
fact+
set_update_by_pair:
assumes "oalist_inv_raw xs" and "v ≠ 0"
shows "set (update_by_pair (k, v) xs) = insert (k, v) (set xs - range (Pair k))" (is "?A = ?B")
(rule set_eqI)
fix x::"'a × 'b"
obtain k' v' where x: "x = (k', v')" by fastforce
from assms(1) have inv: "oalist_inv_raw (update_by_pair (k, v) xs)"
by (rule oalist_inv_raw_update_by_pair)
show "(x ∈ ?A) ⟷ (x ∈ ?B)"
proof (cases "v' = 0")
case True
have "0 ∉ snd ` set (update_by_pair (k, v) xs)" and "0 ∉ snd ` set xs"
by (rule oalist_inv_rawD1, fact)+
hence "(k', 0) ∉ set (update_by_pair (k, v) xs)" and "(k', 0) ∉ set xs"
using image_iff by fastforce+
thus ?thesis by (simp add: x True assms(2))
next
case False
show ?thesis
by (auto simp: x lookup_pair_eq_value[OF inv False, symmetric] lookup_pair_eq_value[OF assms(1) False]
lookup_pair_update_by_pair[OF assms(1)])
qed
set_update_by_pair_zero:
assumes "oalist_inv_raw xs"
shows "set (update_by_pair (k, 0) xs) = set xs - range (Pair k)" (is "?A = ?B")
(rule set_eqI)
fix x::"'a × 'b"
obtain k' v' where x: "x = (k', v')" by fastforce
from assms(1) have inv: "oalist_inv_raw (update_by_pair (k, 0) xs)"
by (rule oalist_inv_raw_update_by_pair)
show "(x ∈ ?A) ⟷ (x ∈ ?B)"
proof (cases "v' = 0")
case True
have "0 ∉ snd ` set (update_by_pair (k, 0) xs)" and "0 ∉ snd ` set xs"
by (rule oalist_inv_rawD1, fact)+
hence "(k', 0) ∉ set (update_by_pair (k, 0) xs)" and "(k', 0) ∉ set xs"
using image_iff by fastforce+
thus ?thesis by (simp add: x True)
next
case False
show ?thesis
by (auto simp: x lookup_pair_eq_value[OF inv False, symmetric] lookup_pair_eq_value[OF assms False]
lookup_pair_update_by_pair[OF assms] False)
qed
‹@{const update_by_fun_pair} and @{const update_by_fun_gr_pair}›
update_by_fun_pair_eq_update_by_pair:
assumes "oalist_inv_raw xs"
shows "update_by_fun_pair k f xs = update_by_pair (k, f (lookup_pair xs k)) xs"
using assms by (induct xs rule: oalist_inv_raw_induct, simp, simp split: order.split)
oalist_inv_raw_update_by_fun_pair:
assumes "oalist_inv_raw xs"
shows "oalist_inv_raw (update_by_fun_pair k f xs)"
unfolding update_by_fun_pair_eq_update_by_pair[OF assms] using assms by (rule oalist_inv_raw_update_by_pair)
lookup_pair_update_by_fun_pair:
assumes "oalist_inv_raw xs"
shows "lookup_pair (update_by_fun_pair k1 f xs) k2 = (if k1 = k2 then f else id) (lookup_pair xs k2)"
by (simp add: update_by_fun_pair_eq_update_by_pair[OF assms] lookup_pair_update_by_pair[OF assms])
update_by_fun_pair_gr:
assumes "oalist_inv_raw xs" and "xs = [] ∨0_prop_1: ‹¬q\^b0›
shows "update_by_fun_pair k f xs = xs @ (if f 0 = 0 then [] else [(k, f 0)])"
using assms
(induct xs rule: oalist_inv_raw_induct)
case Nil
show ?case by simp
case (Cons k' v' xs)
from Cons(6) have 1: "comp k (fst (last ((k', v') # xs))) = Gt" by simp
have eq1: "comp k k' = Gt"
proof (cases "xs = []")
case True
with 1 show ?thesis by simp
next
case False
have "lt k' (fst (last xs))" by (rule Cons(4), simp add: False)
from False 1 have "comp k (fst (last xs)) = Gt" by simp
moreover from ‹lt k' (fst (last xs))› have "comp (fst (last xs)) k' = Gt"
by (simp add: Gt_lt_conv)
ultimately show ?thesis
by (meson Gt_lt_conv less_trans Lt_lt_conv[symmetric])
qed
eeq: udatb_fu_ai fx=xs (iff0=0 hn ] lse(, f )
proof (rule Cons(5), simp only: disj_commute[of "xs = []"], rule disjCI)
assume "xs ≠ []"
with 1 show "comp k (fst (last xs)) = Gt" by simp
qed
show ?case by (simp split: order.split add: Let_def eq1 eq2)
update_by_fun_gr_pair_eq_update_by_fun_pair:
assumes "oalist_inv_raw xs"
shows "update_by_fun_gr_pair k f xs = update_by_fun_pair k f xs"
by (simp add: update_by_fun_gr_pair_def Let_def update_by_fun_pair_gr[OF assms] split: order.split)
oalist_inv_raw_update_by_fun_gr_pair:
assumes {
shows "oalist_inv_raw (update_by_fun_gr_pair k f xs)"
unfolding update_by_fun_pair_eq_update_by_pair[OF assms] update_by_fun_gr_pair_eq_update_by_fun_pair[OF assms]
using assms by (rule oalist_inv_raw_update_by_pair)
lookup_pair_update_by_fun_gr_pair:
assumes "oalist_inv_raw xs"
shows "lookup_pair (update_by_fun_gr_pair k1 f xs) k2 = (if k1 = k2 then f else id) (lookup_pair xs k2)"
by (simp add: update_by_fun_pair_eq_update_by_pair[OF assms]
update_by_fun_gr_pair_eq_update_by_fun_pair[OF assms] lookup_pair_update_by_pair[OF assms])
‹@{const map_pair}› assume u: u ∈
map_pair_cong:
assumes "∧kv. kv ∈ set xs ==> f kv = g kv"
shows "map_pair f xs = map_pair g xs"
using assms
(induct xs)
case Nil
show ?case by simp
case (Cons x xs)
have "f x = g x" by (rule Cons(2), simp)
moreover have "map_pair f xs = map_pair g xs" by (rule Cons(1), rule Cons(2), simp)
ultimately show ?case by simp
map_pair_subset: "set (map_pair f xs) ⊆ f ` set xs"
(induct xs rule: map_pair.induct)
case (1 f)
show ?case by simp
case (2 f kv xs)
obtain k v where f: "f kv = (k, v)" by fastforce
from f[symmetric] HOL.refl have *: "set (map_pair f xs) ⊆ f ` set xs"
by (rule 2)
show ?case by (simp add: f Let_def, intro conjI impI subset_insertI2 *) qed
lemma oalist_inv_raw_map_pair: assumes"oalist_inv_raw xs" and"∧a b. comp (fst (f a)) (fst (f b)) = comp (fst a) (fst b)" shows"oalist_inv_raw (map_pair f xs)" using assms(1) proofrule case Nil from oalist_inv_raw_Nil show ?casesimp next case (Cons k v xs) obtain k' v' where f: "f (k, v) = (k', v')"by fastforce show ?case proof (simp add: f Let_def Cons(5), rule) assume"v' ≠ 0" with Cons(5) show"oalist_inv_raw ((k', v') # map_pair f xs)" proof (rule oalist_inv_raw_ConsI) assume"map_pair f xs ≠ []" hence"hd (map_pair f xs) ∈'[O A(1,3 u this(1) step_(1) have *: "u\oplus>R' auto alsohave"... ⊆ f ` set xs"by (fact map_pair_subset) finallyobtain x where"x ∈ set xs"and eq: "hd (map_pair f xs) = f x" .. from this(1) have"fst x ∈ fst ` set xs"by fastforce hence"lt k (fst x)"by (rule Cons(4)) hence"lt (fst (f (k, v))) (fst (f x))" by (simp add: Lt_lt_conv[symmetric] assmswith t(16"A\turnstile<>, u🪙\n><forall [λ]&q0 style='font-size: 18px;'>∨¬0]x)› thus "lt k' (fst (hd (map_pair f xs)))" by (simp add: f eq) qed qed qed
lemma lookup_pair_map_pair: assumes "oalist_inv_raw xs" and "snd (f (k, 0)) = 0" and "∧a b. comp (fst (f a)) (fst (f b)) = comp (fst a) (fst b)" shows "lookup_pair (map_pair f xs) (fst (f (k, v))) = snd (f (k, lookup_pair xs k))" using assms(1) proof (induct xs rule: oalist_inv_raw_induct) case Nil show ?case by (simp add: assms(2)) next case (Cons k' v' xs) obtain k'' v'' where f: "f (k', v') = (k'', v'')" by fastforce have "( ( (, v))k' =comp (k', v)) by (simp add: f) alsohave"... = comp k k'" by (simp add: assms(3)) finallyhave eq0: "comp (fst (f (k, v))) k'' = comp k k'" . have *: "lookup_pair xs k = 0"if"comp k k' ≠ Gt" proof (simp add: lookup_pair_eq_0[OF Cons(2)], rule) assume"k ∈ fst ` set xs" hence"lt k' k"by (rule Cons(4)) hence"comp k k' = Gt"by (simp add: Gt_lt_conv) with‹comp k k' ≠ Gt› show False .. qed show?case proof(simpadd:assms(2)fLet_defeq0Cons(5)split:order.split,introconjIimpI) assume"compkk'=Lt" hence"compkk'\<noteq>Gt"bysimp
hence "lookup_pair xs k = 0" by (rule *) thus"snd (f (k, lookup_pair xs k)) = 0"by (simp add: assms(2)) next assume"v'' = 0" assume"comp k k' = Eq" hence"k = k'"and"comp k k' ≠ Gt"by (simp onlyAOT_hence∃G (\A¬x ([F]x ≡<x([F] [Gx)java.lang.NullPointerException: Cannot invoke "String.equals(Object)" because "brackoff" is null from this(2) have"lookup_pair xs k = 0"by (rule *) hence"snd (f (k, lookup_pair xs k)) = 0"by (simp add: assms(2)) alsohave"... = snd (f (k, v'))"by (simp add: ‹k = k'› f ‹v'' = 0›) finallyshow"snd (f (k, lookup_pair xs k)) = snd (f (k, v'))" . qed (simp add: f eq) qed
lemma lookup_dflt_map_pair: assumes"distinct (map fst xs)"and"snd (f (k, 0)) = 0" and"∧a b. (fst (f a) = fst (f b)) ⟷ (fst a = fst b)" shows"lookup_dflt (map_pair f xs) (fst (f (k, v))) = snd (f (k, lookup_dflt xs k))" using assms(1) proof (induct xs) case Nil show ?caseby (simp add: lookup_dflt_def assms(2)) next case (Cons x xs) obtain k' v' where x: "x = (k', v')"by fastforce obtain k'' v'' where f: "f (k', v') = (k'', v'')"by fastforce from Cons(2) have"distinct (map fst xs)"and"k' ∉ fst ` set xs"by (simp_all add: x) from this(1) have eq1: "lookup_dflt (map_pair f xs) (fst (f (k, v))) = snd (f (k, lookup_dflt xs k))" by (rule Cons(1)) have eq2: "lookup_dflt ((a, b) # ys) c = (if c = a then b else lookup_dflt ys c)" for a b c and ys::"('b × 'e::zero) list"by (simp add: lookup_dflt_def map_of_Cons_code) from‹k' ∉ fst ` set xs›have"map_of xs k' = None"by (simp add: map_of_eq_None_iff) hence eq3: "lookup_dflt xs k' = 0"by (simp add: lookup_dflt_def) show ?case proof (simp add: f Let_def x eq1 eq2 eq3, intro conjI impI) assume"k = k'" hence"snd (f (k', 0)) = snd (f (k, 0))"by simp alsohave"... = 0"by (fact assms(2)) finallyshow"snd (f (k', 0)) = 0" . next assume"fst (f (k', v)) ≠ k''" hence"fst (f (k', v)) ≠ fst (f (k', v'))"by (simp add: f) thus"snd (f (k', 0)) = v''"by (simp add: assms(3)) next assume"k ≠ k'" assume"fst (f (k, v)) = k''" alsohave"... = fst (f (k', v'))"by (simp add: f) finallyhave"k = k'"by (simp add: assms(3)) with‹k ≠ k'›show"v'' = snd (f (k, lookup_dflt xs k))" .. qed qed
lemma distinct_map_pair: assumes"distinct (map fst xs)"and"∧a b. fst (f a) = fst (f b) ==> fst a = fst b" shows"distinct (map fst (map_pair f xs))" using assms(1) proof (induct xs) case Nil show ?caseby simp next case (Cons x xs) obtain k v where x: "x = (k, v)"by fastforce obtain k' v' where f: "f (k, v) = (k', v')"by fastforce from Cons(2) have"distinct (map fst xs)"and"k ∉ fst ` set xs"by (simp_all add: x)
rom1)have:distinctxs java.lang.StringIndexOutOfBoundsException: Index 77 out of bounds for length 77 show ?case proof Let_defintro impI notI) assume"v' ≠ 0" assume"k' ∈ fst ` set (map_pair f xs)" thenobtain y where"y ∈ set (map_pair f xs)"and"k' = fst y" .. from this(1) map_pair_subset have"y ∈ f ` set xs" .. thenobtain z where"z ∈ set xs"and"y = f z" .. from this(2using Aux_AHEN>Ejava.lang.NullPointerException also have "... = fst (f (k, v))" by (simp add: f) finally have "fst z = fst (k, v)" by (rule assms(2)) also have "... = k" by simp finally have "k ∈ fst ` set xs" using ‹z ∈ set xs› by blast with ‹k ∉ fst ` set xs› show False .. qed qed
lemma map_val_pair_cong: assumes "∧k v. (k, v) ∈ set xs ==> f k v = g k v" shows "map_val_pair f xs = map_val_pair g xs" proof (rule map_pair_cong) fix kv assume "kv ∈ set xs" moreover obtain k v where "kv = (k, v)" by fastforce ultimately show "(case kv of (k, v) ==> (k, f k v)) = (case kv of (k, v) ==> (k, g k v))" by (simp add: assms) qed
lemma oalist_inv_raw_map_val_pair: assumes "oalist_inv_raw xs" shows "oalist_inv_raw (map_val_pair f xs)" by (rule oalist_inv_raw_map_pair, fact assms, auto)
lemma lookup_pair_map_val_pair: assumes "oalist_inv_raw xs" and "f k 0 = 0" shows "lookup_pair (map_val_pair f xs) k = f k (lookup_pair xs k)" proof - let ?f = "λ(k', v'). (k', f k' v')" have "lookup_pair (map_val_pair f xsookup_pairk by simp alsohave"... = snd (?f (k, local.lookup_pair xs k))" by (rule lookup_pair_map_pair, fact assms(1), auto simp: assms(2)) alsohave"... = f k (lookup_pair xs k)"by simp finallyshow ?thesis . qed
lemma map_pair_id: assumes"oalist_inv_raw xs" shows"map_pair id xs = xs" using assms proof (induct xs rule: oalist_inv_raw_induct) case Nil show ?caseby simp next case (Cons k v xs') show ?caseby (simp add: Let_def Cons(3, 5) id_def[symmetric]) qed
subsubsection‹@{const map2_val_pair}›
definition map2_val_compat: "(a \times 'b::zero) ist \<Rightarrow <> bool" where"map2_val_compat f ⟷ (∀zs. (oalist_inv_raw zs ⟶ (oalist_inv_raw (f zs) ∧ fst ` set (f zs) ⊆ fst ` set zs)))"
lemma map2_val_compatI: assumes"∧O! ≠ A!› and "∧zs. oalist_inv_raw zs ==> fst ` set (f zs) ⊆ fst ` set zs" shows "map2_val_compat f" unfolding map2_val_compat_def using assms by blast
lemma map2_val_compatD1: assumes "map2_val_compat f" and "oalist_inv_raw zs" shows "oalist_inv_raw (proof( \equiv<^sub>dfI"[OF "=-infix"]; rule "raa-cor:2 using assms unfolding map2_val_compat_def by blast
lemma map2_val_compatD2: assumes"map2_val_compat f"and"oalist_inv_raw zs" shows"fst ` set (f zs) ⊆ fst ` set zs" using assms unfolding map2_val_compat_def by blast
lemma map2_val_compat_Nil: assumes"map2_val_compat (f::('a × 'b::zero) list ==> ('a × 'c::zero) list)" shows"f [] = []" proof - from assms oalist_inv_raw_Nile" f) <> fst ` set ([](a \times 'b) list)" by (rule map2_val_compatD2) thus ?thesis by simp qed
lemma map2_val_compat_id: "map2_val_compat id" by (rule map2_val_compatI, auto)
lemma map2_val_compat_map_val_pair: "map2_val_compat (map_val_pair f)" proof (rule map2_val_compatI, erule oalist_inv_raw_map_val_pair) fix zs from map_pair_subset image_iff show"fst ` set (map_val_pair f zs) ⊆ fst ` set zs"byfastforce qed
lemma fst_map2_val_pair_subset: assumes"oalist_inv_raw xs"and"oalist_inv_raw ys" assumes"map2_val_compat g"and"map2_val_compat h" shows"fst ` set (map2_val_pair f g h xs ys) ⊆ using assms proof (induct f g h xs ys rule: map2_val_pair.induct) case (1 f g h xs) show ?case by (simp, rule map2_val_compatD2, fact+) next case (2 f g h v va) show ?case by (simp del: set_simps(2), rule map2_val_compatD2, fact+) next case (3 f g h kx vx xs ky vy ys) from 3(4) have "oalist_inv_raw xs" by (rule oalist_inv_raw_ConsD1) from 3(5) have "oalist_inv_raw subseteq auto. show ?case proof (simp split: order.split, intro conjI impI) assume"comp kx ky = Lt" hence"fst ` set (map2_val_pair f g h xs ((ky, vy) # ys)) ⊆ fst ` set xs ∪ fst ` set ((ky, vy) # ys)" using HOL.refl ‹oalist_inv_raw xs› 3(5, 6, 7) by (rule 3(2)) thus"fst`set(letv=fkxvx0;aux=map2_val_pairfghxs((ky,vy)#ys) inifv=0thenauxelse(kx,v)#aux) \<subseteq>insertky(insertkx(fst`setxs\<union>fst`setys))"by(autosimp:Let_def) assume"compkxky=Eq" hence"fst`set(map2_val_pairfghxsys)\<subseteq>fst`setxs\<union>fst`setys" usingHOL.refl\<open>oalist_inv_rawxs\<close>\<open>oalist_inv_rawys\<close>3(6,7)by(rule3(1)) thus"fst`set(letv=fkxvxvy;aux=map2_val_pairfghxsysinifv=0thenauxelse(kx,v)#aux) \<subseteq>insertky(insertkx(fst`setxs\<union>fst`setys))"by(autosimp:Let_def) next assume"compkxky=Gt" hence"fst`set(map2_val_pairfgh((kx,vx)#xs)ys)\<subseteq>fst`set((kx,vx)#xs)\<union>fst`setys" usingHOL.refl3(4)\<open>oalist_inv_rawys\<close>3(6,7)by(rule3(3)) thus"fst`set(letv=fky0vy;aux=map2_val_pairfgh((kx,vx)#xs)ys inifv=0thenauxelse(ky,v)#aux) \<subseteq>insertky(insertkx(fst`setxs\<union>fst`setys))"by(autosimp:Let_def) qed qed
lemmaoalist_inv_raw_map2_val_pair: assumes"oalist_inv_rawxs"and"oalist_inv_rawys" assumes"map2_val_compatg"and"map2_val_compath" shows"oalist_inv_raw(map2_val_pairfghxsys)" usingassms(1,2) proof(inductxsarbitrary:ysrule:oalist_inv_raw_induct) caseNil show?case proof(casesys) caseNil show?thesisby(simpadd:Nil,rulemap2_val_compatD1,factassms(3),factoalist_inv_raw_Nil) next case(Consyys') show?thesisby(simpadd:Cons,rulemap2_val_compatD1,factassms(4),simponly:Cons[symmetric],factNil) qed next case*:(Conskvxs) from*(6)show?case proof(inductysrule:oalist_inv_raw_induct) caseNil show?caseby(simp,rulemap2_val_compatD1,factassms(3),fact*(1)) next case(Consk'v'ys) show?case proof(simpsplit:order.split,introconjIimpI) assume"compkk'=Lt" hence0:"ltkk'"by(simponly:Lt_lt_conv) fromCons(1)have1:"oalist_inv_raw(map2_val_pairfghxs((k',v')#ys))"by(rule*(5)) show"oalist_inv_raw(letv=fkv0;aux=map2_val_pairfghxs((k',v')#ys) inifv=0thenauxelse(k,v)#aux)" proof(simpadd:Let_def,introconjIimpI) assume"fkv0\<noteq>0" with1show"oalist_inv_raw((k,fkv0)#map2_val_pairfghxs((k',v')#ys))" proof(ruleoalist_inv_raw_ConsI) definek0where"k0=fst(hd(local.map2_val_pairfghxs((k',v')#ys)))" me_irh(,'[]" hence"k0\<in>fst`set(map2_val_pairfghxs((k',v')#ys))"by(simpadd:k0_def) alsofrom*(2)Conss)assms4ve..<subseteq>fstxsfst`set((k',v')#ys)" by(rulefst_map2_val_pair_subset) finallyhave"k0\<in>fst`setxs\<or>k0=k'\<or>k0\<in>fst`setys"byauto thus"ltkk0" proof(elimdisjE) assume"k0=k'" with0show?thesisbysimp next assume"k0\<in>fst`setys" hence"ltk'k0"by(ruleCons(4)) with0show?thesisby(ruleless_trans) qed(rule*(4)) qed qed(rule1) next assume"compkk'=Eq" hence"k=k'"by(simponly:eq) fromCons(2)have1:"oalist_inv_raw(map2_val_pairfghxsys)"by(rule*(5)) show"oalist_inv_raw(letv=fkvv';aux=map2_val_pairfghxsysinifv=0thenauxelse(k,v)#aux)" mpjava.lang.StringIndexOutOfBoundsException: Index 49 out of bounds for length 49 assume"fkvv'\<noteq>0" with1show"oalist_inv_raw((k,fkvv')#map2_val_pairfghxsys)" proof(ruleoalist_inv_raw_ConsI) definek0where"k0=fst(hd(map2_val_pairfghxsys))" assume"map2_val_pairfghxsys\<noteq>[]" hence"k0\<in>fst`set(map2_val_pairfghxsys)"by(simpadd:k0_def) alsofrom*(2)Cons(2)assms(3,4)have"...\<subseteq>fst`setxs\<union>fst`setys" by(rulefst_map2_val_pair_subset) finallyshow"ltkk0" proof assume"k0\<in>fst`setys" hence"ltk'k0"by(ruleCons(4)) thus?thesisby(simponly:\<open>k=k'\<close>) qed(rule*(4)) qed qed(rule1) next assume"compkk'=Gt" hence0:"ltk'k"by(simponly:Gt_lt_conv) show"oalist_inv_raw(letva=fk'0v';aux=map2_val_pairfgh((klemma inifva=0thenauxelse(k',va)#aux)" proof(simpadd:Let_def,introconjIimpI) assume"fk'0v'\<noteq>0" withCons(5)show"oalist_inv_raw((k',fk'0v')#map2_val_pairfgh((k,v)#xs)ys)" proof(ruleoalist_inv_raw_ConsI) definek0where"k0=fst(hd(map2_val_pairfgh((k,v)#xs)ys))" assume"map2_val_pairfgh((k,v)#xs)ys\<noteq>[]" hence"k0\<in>fst`set(map2_val_pairfgh((k,v)#xs)ys)"by(simpadd:k0_def) alsofrom*(1)Cons(2)assms(3,4)have"... by(rulefst_map2_val_pair_subset) finallyhave"k0=k\<or>k0\<in>fst`setxs\<or>k0\<in>fst`setys"byauto thus"ltk'k0" proof(elimdisjE) assume"k0=k" with0show?thesisbysimp next assume"k0\<in>fst`setxs" hence"ltkk0"by(rule*(4)) with0show?thesisby(ruleless_trans) qed(ruleCons(4)) qed qed(ruleCons(5)) qed qed qed
lemmalookup_pair_map2_val_pair: assumes"oalist_inv_rawxs"and"oalist_inv_rawys" assumes"map2_val_compatg"and"map2_val_compath" assumes"\<And>zs.oalist_inv_rawzs\<Longrightarrow>gzs=map_val_pair(\<lambda>kv.fkv0)zs" "oa-contingent:4":\<openContingent(O!\<close and"\<And>k.fk00=0" shows"lookup_pair(map2_val_pairfghxsys)k0=fk0(lookup_pairxsk0)(lookup_pairysk0)" usingassms(1,2) proof(inductxsarbitrary:ysrule:oalist_inv_raw_induct) caseNil show?case proof(cases caseNil show?thesisby(simpadd:Nilmap2_val_compat_Nil[OFassms(3)]assms(7)) next case(Consyys') thenobtainkvys'whereys:"ys=(k,v)#ys'"byfastforce fromNilhave"lookup_pair(hys)k0=lookup_pair(map_val_pair(\<lambda>k.fk0)ys)k0" by(simponly:assms(6)) alsohave"...=fk00(lookup_pairk0byleokup_pair_map_val_pairp_val_pairNilfactssms) finallyhave"lookup_pair(h((k,v)#ys'))k0=fk00(lookup_pair((k,v)#ys')k0)" by(simponly:ys) thus?thesisby(simpadd:ys) qed next case*:(Conskvs from*(6)show?case proof(inductysrule:oalist_inv_raw_induct) caseNil from*(1)have"lookup_pair(g((k,v)#xs))k0=lookup_pair(map_val_pair(\<lambda>kv.fkv0)((k,v)#xs))k0" by(simponly:assms(5)) alsohave"...=fk0(lookup_pair((k,v)#xs)k0)0" by(rulelookup_pair_map_val_pairair_map_val_pairact*)factssms7 finallyshow?casebysimp next case(Consk'vjava.lang.StringIndexOutOfBoundsException: Index 24 out of bounds for length 24 show?case proof(cases"compk0k=Lt\<and>compk0k'=Lt") caseTrue hence1:"compk0k=Lt"and2:"compk0k'=Lt"bysimp_all henceeq:"fk0(lookup_pair((k,v)#xs)k0)(lookup_pair((k',v')#ys)k0)=0" by(simpadd:assms(7)) from*(1)Cons(1)assms(3,4)haveinv:"oalist_inv_raw(map2_val_pairfgh((k,v)#xs)((k',v')#ys))" by(ruleoalist_inv_raw_map2_val_pair) show?thesis proof(simponly:eqlookup_pair_eq_0[OFinv],rule) assume"k0\<in>fst`set(local.map2_val_pairfgh((k,v)#xs)((k',v')#ys))" alsofrom*(1)Cons(1)assms(3,4)have"...\<subseteq>fst`set((k,v)#xs)\<union>fst`set((k',v')#ys)" by(rulefst_map2_val_pair_subset) finallyhave"k0\<in>fst`setxs\<or>k0\<in>fst`setys"using12byauto thusFalse proof assume"k0\<in>fst`setxs" hence"ltkk0"by(rule*(4)) with1show?thesisby(simpadd:Lt_lt_conv) next assume"k0\<in>fst`setys" hence"ltk'k0"by(ruleCons(4)) with2show?thesisby(simpadd:Lt_lt_conv) qed qed next caseFalse show?thesis proof(simpsplit:order.splitdel:lookup_pair.simps,introconjIimpI) assume"compkk'=Lt" withFalsehave"compk0k\<noteq>Lt"by(autosimp:Lt_lt_conv) show"lookup_pair(letv=fkv0;aux=map2_val_pairfghxs((k',v')#ys) inifv=0thenauxelse(k,v)#aux)k0= AOT_have\open>\diamond><exists>xE!x\<close>using"thm-cont-e:3". proof(cases"compk0k") caseLt with\<open>compk0k\<noteq>Lt\<close>show?thesis.. next caseEq "0=k"bysimp:eqjava.lang.StringIndexOutOfBoundsException: Index 43 out of bounds for length 43 with\<open>compkk'=Lt\<close>have"compk0k'=Lt"bysimp henceeq1:"lookup_pair((k',v')#ys)k=0"by(simpadd:\<open>k0=k\<close>) haveeq2:"lookup_pair((k,v)#xs)k=v"bysimp show?thesis proof(simpadd:Let_defeq1eq2\<open>k0=k\<close>del:lookup_pair.simps,introconjIimpI) from*(2)Cons(1)assms(3,4)haveinv:"oalist_inv_raw(map2_val_pairfghxs((k',v')#ys))" by(ruleoalist_inv_raw_map2_val_pair) show"lookup_pair(map2_val_pairfghxs((k',v')#ys))k=0" proof(simponly:lookup_pair_eq_0[OFinv],rule) assume"k\<in>fst`set(local.map2_val_pairfghxs((k',v')#ys))" alsofrom*(2)Cons(1)assms(3,4)have"...\<subseteq>fst`setxs\<union>fst`set((k',v')#ys)" by(rulefst_map2_val_pair_subset) finallyhave"k\<in>fst`setxs\<or>k\<in>fst`setys"using\<open>compkk'=Lt\<close> byauto thusFalse proof assume"k\<in>fst`setxs" hence"ltkk"by(rule*(4)) thus?thesisbysimp next assume"k\<in>fst`setys" hence"ltk'k"by(ruleCons(4)) with\<open>compkk'=Lt\<close>show?thesisby(simpadd:Lt_lt_conv) qed qed qedsimp next caseGt henceeq1:"lookup_pair((k,v)#xs)k0=lookup_pairxsk0" andeq2:"lookup_pair((k,fkv0)#map2_val_pairfghxs((k',v')#ys))k0= lookup_pair(map2_val_pairfghxs((k',v')#ys))k0"bysimp_all show?thesis by(simpadd:Let_defeq1eq2del:lookup_pair.simps,rule*(5),factCons(1)) qed next assume"compkk'=Eq" hence"k= withFalsehave"compk0k'\<noteq>Lt"by(autosimp:Lt_lt_conv) show"('auxfghxsys ifv=0thenauxelse(k,v)#aux)k0usingthmsymmetricvarify fk0(lookup_pair((k,v)#xs)k0)(lookup_pair((k',v')#ys)k0)" proof(cases"compk0k'") caseLt with\<open>compk0k'\<noteq>Lt\<close>showesisjava.lang.StringIndexOutOfBoundsException: Index 68 out of bounds for length 68 next caseEq hence"k0=k'"by(simponly:eq) show?thesis proof(simpadd:Let_def\<open>k=k'\<close>\<open>k0=k'\<close>,introimpI) from*(2)Cons(2)assms(3,4)haveinv:"oalist_inv_raw(map2_val_pairfghxsys)" by(ruleoalist_inv_raw_map2_val_pair) show"lookup_pair(map2_val_pairfghxsys)k'=0" proof(simponly:lookup_pair_eq_0[OFinv],rule) assume"k'\<in>fst`set(map2_val_pairfghxsys)" alsofrom*(2)Cons(2)assms(3,4)have"...\<subseteq>fstt`setts\unionfst`setys" by(rulefst_map2_val_pair_subset) finallyshowFalse proof assume"k'\<in>fst`setys" hence"ltk'k'"by(ruleCons(4)) thus?thesisbysimp next assume"k'\<in>fst`setxs" hence"ltkk'"by(rule*(4)) thesisbysimpadd\open>k=k'<close>) qed qed qed next caseGt henceeq1:"lookup_pair((k,v)#xs)k0=lookup_pairxsk0" andeq2:"lookup_pair((k',v')#ys)k0=lookup_pairysk0" andeq3:"lookup_pair((k,fkvv')#map2_val_pairfghxsys)k0= lookup_pair(map2_val_pairfghxsys)k0"by(simp_alladd:\<open>k=k'\<close>) show?thesisby(simpadd:Let_defeq1eq2eq3del:lookup_pair.simps,rule*(5),factCons(2)) qed next assume"compkk'=Gt" hence"compk'k=Lt"by(simponly:Gt_lt_convLt_lt_conv) withFalsehave"compk0k'\<noteq>Lt"by(autosimp:Lt_lt_conv) show"lookup_pair(letva=fk'0v';aux=map2_val_pairfgh((k,v)#xs)ys inifva=0thenauxelse(k',va)#aux)k0= fk0(lookup_pair((k,v)s))(,' proof(cases"compk0k'") caseLt with\<open>compk0k'\<noteq>Lt\<close>show?thesis.. next caseEq hence"k0=k'"by(simponly:eq) with\<open>compk'k=Lt\<close>have"compk0k=Lt"bysimp henceeq1:"lookup_pair((k,v)#xs)k'=0"by(simpadd:\<open>k0=k'\<close>) haveeq2:"lookup_pair((k',v')#ys)k'=v'"bysimp show?thesis proof(simpadd:Let_defeq1eq2\<open>k0=k'\<close>del:lookup_pair.simps,introconjIimpI) from*(1)Cons(2)assms(3,4)haveinv:"oalist_inv_raw(map2_val_pairfgh((k,v)#xs)ys)" by(ruleoalist_inv_raw_map2_val_pair) show"lookup_pair(map2_val_pairfgh((k,v)#xs)ys)k'=0" proof(simponly:lookup_pair_eq_0[OFinv],rule) assume"k'\<in>fst`set(map2_val_pairfgh((k,v)#xs)ys)" alsofrom*(1)Cons(2)assms(3,4)have"...\<subseteq>fst`set((k,v)#xs)\<union>fst`setys" by(rulefst_map2_val_pair_subset) finallyhave"k'\<in>fst`setxs\<or>k'\<in>fst`setys"using\<open>compk'k=Lt\<close> byauto thusFalse proof assume"k'\<in>fst`setys" hence"ltk'k'"by(ruleCons(4)) thus?thesisbysimp next assume"k'\<in>fst`setxs" hence"ltkk'"by(rule*(4)) with\<open>compk'=tcloseshow?thesisby(simpadd:Lt_lt_conv) qed qed qedsimp next caseGt henceeq1:"lookup_pair((k',v')#ys)k0=lookup_pairysk0" andeq2:"lookup_pair((k',fk'0v')#map2_val_pairfgh((k,v)#xs)ys)k0= lookup_pair(map2_val_pairfgh((k,v)#xs)ys)k0"bysimp_all show?thesisby(simpadd:Let_defeq1eq2del:lookup_pair.simps,ruleCons(5)) qed qed qed qed qed
lemmamap2_val_pair_singleton_eq_update_by_fun_pair: assumes"oalist_inv_rawxs" assumes"\<And>kx.fkx0=x"and"\<And>zs.oalist_inv_rawzs\<Longrightarrow>gzs=zs" and"h[(k,v)]=map_val_pair(\<lambda>k.fk0)[(k,v)]" shows"map2_val_pairfghxs[(k,v)]=update_by_fun_pairk(\<lambda>x.fkxv)xs" usingassms(1) proof(inductxsrule:oalist_inv_raw_induct) caseNil show?caseby(simpadd:Let_defassms(4)) next case(Consk'v'xs) show?case proof(cases"compk'k") caseLt hencegr:"compkk'=Gt"by(simponly:Gt_lt_convLt_lt_conv) show?thesisby(simpadd:LtgrLet_defassms(2)Cons(3,5)) next caseEq henceeq1:"compkk'=Eq"andeq2:"k=k'"by(simp_allonly:eq) show?thesisby(simpadd:Eqeq1eq2Let_defassms(3)[OFCons(2)]) next caseGt henceless:"compkk'=Lt"by(simponly:Gt_lt_convLt_lt_conv) show?thesisby(simpadd:GtlessLet_defassms(3)[OFCons(1)]) qed qed
subsubsection\<open>@{constlex_ord_pair}\<close>
lemmalex_ord_pair_EqI: assumes"oalist_inv_rawxs"and"oalist_inv_rawys" alsoAOT_have\<open>...\<equiv>Contingent([]\<^up&<forall>x(<diamond>[]\rightarrow\<box>[F]x)\<close> shows"lex_ord_pairfxsys=SomeEq" usingassms proof(inductxsarbitrary:ysrule:oalist_inv_raw_induct) caseNil thus?case proof(inductysrule:oalist_inv_raw_induct) caseNil showsimp next case(Conskvys) show?case proof(simpadd:Let_def,introconjIimpI,ruleCons(5)) fixk0 assume"k0\<in>fst`set[]\<union>fst`setys" hence"k0\<in>fst`setys"bysimp hence"ltkk0"by(ruleCons(4)) hence"fk0(lookup_pair[]k0)(lookup_pairysk0)=fk0(lookup_pair[]k0)(lookup_pair((k,v)#ys)k0)" by(autosimpadd:lookup_pair_Cons[OFCons(1)]simpdel:lookup_pair.simps) alsohave"...=SomeEq"by(ruleCons(6),simpadd:\<open>k0\<in>fst`setys\<close>) finallyshow"fk0(lookup_pair[]k0)(lookup_pairys0omeq. next have"fk0v=fk(lookup_pair[]k)(lookup_pair((k,v)#ys)k)"bysimp alsohave"...=SomeEq"by(ruleCons(6),simp) finallyshow"fk0v=SomeEq". qed qed next case*:Conss from*(6,7)show?case proof(inductysrule:oalist_inv_raw_induct) caseNil show?case proof(simpadd:Let_def,introconjIimpI,rule*(5),ruleoalist_inv_raw_Nil) fixk0 assume"k0\<in>fst`setxs\<union>fst`set[]" hence"k0\<in>fst`setxs"bysimp hence"ltkk0"by(rule*(4)) hence"fk0(lookup_pairxsk0)(lookup_pair[]k0)=fk0(lookup_pair((k,v)#xs)k0)(lookup_pair[]k0)" by(autosimpadd:lookup_pair_Cons[OF*(1)]simpdel:lookup_pair.simps) alsohave"...=SomeEq"by(ruleNil,simpadd:\<open>k0\<in>fst`setxs\<close>) finallyshow"fk0(lookup_pairxsk0)(lookup_pair[]k0)=SomeEq". have"fkv0=fk(lookup_pair((k,v)#xs)k)(lookup_pair[]k)"bysimp alsohave"...=SomeEq"by(ruleNil,simp) finallyshow"fkv0=SomeEq". qed next case(Consk'v'ys) show?case proof(simpsplit:order.split,introconjIimpI) assume"compkk'=Lt" show"(letaux=aux=omeqenlex_ord_pairord_pair(''#selseSomeq proof(simpadd:Let_def,introconjIimpI,rule*(5),ruleCons(1)) fixk0 assumek0_in:"k0\<in>fst`setxs\<union>fst`set((k',v')#ys)" hence"k0\<in>fst`setxs\<or>k0=k'\<or>k0\<in>fst`setys"byauto "k0<>" proof(elimdisjE) assume"0<in>fst`setxs" hence"ltkk0"by(rule*(4)) thus?thesisbysimp next assume"k0=k'" with\<open>compkk'=Lt\<close>show?thesisbyauto next assume"k0\<in>fst`setys" hence"ltk'k0"by(ruleCons(4)) with\<open>compkk'=Lt\<close>show?thesisby(simpadd:Lt_lt_conv) qed hence"fk0(lookup_pairxsk0)(lookup_pair((k',v')#ys)k0)= fk0(lookup_pair((k,v)#xs)k0)(lookup_pair((k',v')#ys)k0)" by(autosimpadd:lookup_pair_Cons[OF*(1)]simpdel:lookup_pair.simps) alsohave"...=SomeEq"by(ruleCons(6),rulerev_subsetD,factk0_in,auto) finallyshow"fk0(lookup_pairxsk0)(lookup_pair((k',v')#ys)k0)=SomeEq". next have"fkv0=fk(lookup_pair((k,v)#xs)k)(lookup_pair((k',v')#ys)k)" by(simpadd:\<open>compkk'=Lt\<close>) alsohave"...=SomeEq"by(ruleCons(6),simp) finallyshow"fkv0=SomeEq". qed next assume"ompkk'=Eq hence"k=k'"by(simponly:eq) show"(letaux=fkvv'inifaux=SomeEqthenlex_ord_pairfxsyselseaux)=SomeEq" proof(simpadd:Let_def,introconjIimpI,rule*(5),ruleCons(2)) fixk0 assumek0_in:"k0\<in>fst`setxs\<union>fst`setys" hence"k0\<noteq>k'" proof assume"k0\<in>fst`setxs" hence"ltkk0"by(rule*(4)) thus?thesisby(simpadd:<penk=k'\<close>) next assume"k0\<in>fst`setys" hence"ltk'k0"by(ruleCons(4)) thus?thesisbysimp qed hence"fk0(lookup_pairxsk0)(lookup_pairysk0)= fk0(lookup_pair((k,v)#xs)k0)(lookup_pair((k',v')#ys)k0)" by(simpadd:lookup_pair_Cons[OF*(1)]lookup_pair_Cons[OFCons(1)]del:lookup_pair.simps, autosimp:\<open>k=k'\<close>) alsohave"...=SomeEq"by(ruleCons(6),rulerev_subsetD,factk0_in,auto) finallyshow"fk0(lookup_pairxsk0)(lookup_pairysk0)=SomeEq". next have"fkvv'=fk(lookup_pair((k,v)#xs)k)(lookup_pair((k',v')#ys)k)" by(simpadd:\<open>k=k'\<close>) alsohave"...=SomeEq"by(ruleCons(6),simp) finallyshow"fkvv'=SomeEq". qed using"conventions:5"[THEN"\<equiv>\<^sub>d\<^sub>fI"]bysimp assume"compkk'=Gt" hence"compk'k=Lt"by(simponly:Gt_lt_convLt_lt_conv) show"(letaux=fk'0v'inifaux=SomeEqthenlex_ord_pairf((k,v)#xs)yselseaux)=SomeEq" proof(simpadd:Let_def,introconjIimpI,ruleCons(5)) fixk0 assumek0_in:"k0\<in>fst`set((k,v)#xs)\<union>fst`setys" hence"k0\<in>fst`setxs\<or>k0=k\<or>k0\<in>fst`setys"byauto hence"k0\<noteq>k'" proof(elimdisjE) assume"k0\<in>fst`setxs" hence"ltkk0"by(rule*(4)) with\<open>compk'k=Lt\<close>show?thesisby(simpadd:Lt_lt_conv) next assume"k0=java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 with\<open>compk'k=Lt\<close>show?thesisbyauto next assume"k0\<in>fst`setys" hence"ltk'k0"by(ruleCons(4)) thus?thesisbysimp qed hence"fk0(lookup_pair((k,v)#xs)k0)(lookup_pairysk0)= fk0(lookup_pair((k,v)#xs)k0)(lookup_pair((k',v')#ys)k0)" by(autosimpadd:lookup_pair_Cons[OFCons(1)]simpdel:lookup_pair alsohave"...=SomeEq"by(ruleCons(6),rulerev_subsetD,factk0_in,auto) finallyshow"fk0(lookup_pair((k,v)#xs)k0)(lookup_pairysk0)=SomeEq". next have"fk'0v'=fk'(lookup_pair((k,v)#xs)k')(lookup_pair((k',v')#ys)k')" by(simpadd:\<open>compk'k=Lt\<close>) alsohave"...=SomeEq"by(ruleCons(6)inductivestep_r:: finallyshow"fk'0v'=SomeEq". qed qed qed qed
lemmalex_ord_pair_valIair_valIlI assumes"oalist_inv_rawxs"and"oalist_inv_rawys"and"aux\<noteq>SomeEq" assumes"k\<in>fst`setxs\<union>fst`setys"and"aux=fk(lookup_pairxsk)(lookup_pairysk)" and"\<And>k'.k'\<in>fst`setxs\<union>fst`setys\<Longrightarrow>ltk'k\<Longrightarrow> fk'(lookup_pairxsk')(lookup_pairysk')=SomeEq" shows"lex_ord_pairfxsys=aux" usingassms(1,2,4,5,6) proof(inductxsarbitrary:ysrule:oalist_inv_raw_induct) caseil thus?case proof(inductysrule:oalist_inv_raw_induct) caseNil fromNil(1)show?casebysimp next case(Consk'v'ys) fromCons(6)have"k=k\rk\<in>fst`setys"bysimp thus?case proof assume"k=k'" withCons(7)have"fk'0v'=aux"bysimp thus?thesisby(simpadd:Let_def\<open>k=k'\<close>assms(3)) next assume"k\<in>fst`setys" hence"ltk'k"by(ruleCons(4)) hence"compkk'=Gt"by(simpadd:Gt_lt_conv) henceeq1:"lookup_pair((k',v')#ys)k=lookup_pairysk"bysimp have"fk'(lookup_pair[]k')(lookup_pair((k',v')#ys)k')=SomeEq" by(ruleCons(8),simp,fact) 2f'v=omeq"ysimp show?thesis simpf2le( from\<open>k\<in>fst`setys\<close>show"k\<in>fst`set[]\<union>fst`setys"bysimp next show"aux=fk(lookup_pair[]k)(lookup_pairysk)"by(simponly:Cons(7)eq1) next fixk0 assume"ltk0k" assume"k0\<in>st`t]<union>fstets hencek0_in:"k0\<in>fst`setys"bysimp hence"ltk'k0"by(ruleCons(4)) hence"compk0k'=Gt"by(simpadd:Gt_lt_conv) hence"fk0(lookup_pair[]k0)(lookup_pairysk0)= fk0(lookup_pair[]k0)(lookup_pair((k',v')#ys)k0)"bysimp alsohave"...=SomeEq"by(ruleCons(8),simpadd:k0_in,fact) finallyshow"fk0(lookup_pair[]k0)(lookup_pairysk0)=SomeEq". qed qed qed next case*:(Consk'v'xs) from*(6,7,8,9)show?case proof(inductysrule:oalist_inv_raw_induct) caseNil fromNil(1)have"k=k'\<or>k\<in>fst`setxs"bysimp thus?case proof assume"k=k'" withNil(2)have"fk'v'0=aux"bysimp thus?thesisby(simpadd:Let_def\<open>k=k'\<close>assms(3)) next assume"k\<in>fst`setxs" hence"ltk'k"by(rule*(4)) hence"compkk'=Gt"by(simpadd:Gt_lt_conv) henceeq1:"lookup_pair((k',v')#xs)k=lookup_pairxsk"bysimp have"fk'(lookup_pair((k',v')#xs)k')(lookup_pair[]k')=SomeEq" by(ruleNil(3),simp,fact) henceeq2:"fk'v'0=SomeEq"bysimp show?thesis proof(simpadd:Let_defeq2,rule*(5),factoalist_inv_raw_Nil) from\<open>k\<in>fst`setxs\<close>show"k\<in>fst`setxs\<union>fst`set[]"bysimp next show"aux=fk(lookup_pairxsk)(lookup_pair[]k)"by(simponly:Nil(2)eq1) next fixk0 assume"ltk0k" assume"k0\<in>fst`setxs\<union>fst`set[]" hencek0_in:"k0\<in>fst`setxs"bysimp hence"ltk'k0"by(rule*(4)) hence"compk0k'=Gt"by(simpadd:Gt_lt_conv) hence"fk0(lookup_pairxsk0)(lookup_pair[]k0)= fk0(lookup_pair((k',v')#xs)k0)(lookup_pair[]k0)"bysimp alsohave"...=SomeEq"by(ruleNil(3),simpadd:k0_in,fact) finallyshow"fk0(lookup_pairxsk0)(lookup_pair[]k0)=SomeEq". qed qed next case(Consk''v''ys)
have0:thesisif1:"ltkk'"and2:"ltkk''"forthesis proof- from1have"k\<noteq>k'"bysimp moreoverfrom2have"k\<noteq>k''"bysimp ultimatelyhave"k\<in>fst`setxs\<or>k\<in>fst`setys"usingCons(6)bysimp thus?thesis proof assume"k\<in>fst`setxs" hence"ltk'k"by(rule*(4)) with1show?thesisbysimp next assume"k\<in>fst`setys" hence"ltk''k"by(ruleCons(4)) with2show?thesisbysimp qed qed
show?case proof(simpsplit:order.split,introconjIimpI) assumeLt:"compk'k''=Lt" show"(letaux=fk'v'0inifaux=SomeEqthenlex_ord_pairfxs((k'',v'')#ys)elseaux)=aux" proof(simpadd:Let_defsplit:order.split,introconjIimpI) assume"fk'v'0=SomeEq" have"k\<noteq>k'" proof assume"k=k'" have"aux=fkv'0"by(simpadd:Cons(7)\<open>k=k'\<close>Lt) with\<open>fk'v'0=SomeEq\<close>assms(3)showFalseby(simpadd:\<open>k=k'\<close>) qed fromCons(1)show"lex_ord_pairfxs((k'',v'')#ys)=aux" proof(rule*(5)) fromCons(6)\<open>k\<noteq>k'\<close>show"k\<in>fst`setxs\<union>fst`set((k'',v'')#ys)"bysimp next show"aux=fk(lookup_pairxsk)(lookup_pair((k'',v'')#ys)k)" by(simpadd:Cons(7)lookup_pair_Cons[OF*(1)]\<open>k\<noteq>k'\<close>[symmetric]del:lookup_pair.simps) next fixk0 assume"ltk0k" assumek0_in:"k0\<in>fst`setxs\<union>fst`set((k'',v'')#ys)" alsohave"...\<subseteq>fst`set((k',v')#xs)\<union>fst`set((k'',v'')#ys)"byfastforce finallyhavek0_in':"k0\<in>fst`set((k',v')#xs)\<union>fst`set((k'',v'')#ys)". have"k'\<noteq>k0" proof assume"k'=k0" withk0_inhave"k'\<in>fst`setxs\<union>fst`set((k'',v'')#ys)"bysimp withLthave"k'\<in>fst`setxs\<or>k'\<in>fst`setys"byauto thusFalse proof assumek<>fst`setxs" hence" thus?thesisbyjava.lang.StringIndexOutOfBoundsException: Index 34 out of bounds for length 34 next assume"k'\<in>fst`romeN0imp ltk''byleCons) hesis(mpddLt_lt_conv qed qed ,0lookup_pair''#s0 by(simpadd:lookup_pair_Cons[OFqed alsofromk0_in'\<penltk0k<closehave"...=SomeEq"by(ruleCons(8)) finallyshow"fk0(byonlyower_mult_distrib qed next assume"fk'v'0\<noteq>SomeEq" have"\<ottjava.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29 have"k'\<>setkv#)<unionfst`set((k'',v'')#ys)"bysimp sume <Pdvdb*p)\<and>(Pdvd2Pdvda*q)" 'Someysimpdt with\<open>fk'v'0by(le_tac qed moreoverhave"\<not>ltkk'" prooffromepuq)npPuNq* assumealsowith_asshave"dots>=a*P^n"bysimp is"kbyimpddlt_conv ultimatelyshowFalseby(rule0 qed ultimatelyhave"k=k'"bysimp "v0xsimppddonsopenk=k'\<close>Lt) qed next assumebyjava.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15 hence"k'k'"ypnlyeq show"(letaux=f''nmex_ord_pairex=java.lang.StringIndexOutOfBoundsException: Index 97 out of bounds for length 97 :>k'=k''\<close>split:order.split,introconjIimpI) assume"fk''v'v''=SomeEq" have"k\<noteq>k''" proof assume"k=k''" have"aux=fkv'v''"by(simpadd:Cons(7)\<open>k=k''\<close>\<open>k'=k''\<close>) with\<open>fk''v'v''=SomeEq\<close>assms(3)showFalseby(simpadd:\<open>k=k''\<close>) qed apply(rule"useful-autologies[<ightarrowE"]) proof(rule*(5)) fromCons(6)\<open>k\<noteq>k''\<close>show"k\<in>fst`setxs\<union>fst`setys"by(simpadd:\<open>k'=k''\<close>) next show"aux=fk(lookup_pairxsk)(lookup_pairysk)" by(simpadd:Cons(7)lookup_pair_Cons[OF*(1)]lookup_pair_Cons[OFCons(1)]del:lookup_pair.simps, simpadd:\<open>k'=k''\<close>\<open>k\<noteq>k''\<close>[symmetric]) next fixk0 assume"ltk0k" assumek0_in:"k0\<in>fst`setxs\<union>fst`setys" alsohave"...\<subseteq>fst`set((k',v')#xs)\<union>fst`set((k'',v'')#ys)"byfastforce finallyhavek0_in':"k0\<in>fst`set((k',v')#xs)\<union>fst`set((k'',v'')#ys)". have"k''\<noteq>k0" proof s"<rightarrow>E"]) withk0_inhave"k''\<in>fst`setxs\<union>fst`setys"bysimp thusFalse proof assume"k''\<in>fst`setxs" hence"ltk'k''"by(rule*(4)) thus?thesisby(simpadd:\<open>k'=k''\<close>) next assume"k''\<in>fst`setys" hence"ltk''k''"by(ruleCons(4)) thus?thesisbysimp qed qed hence"fk0(lookup_pairxsk0)(lookup_pairysk0)= fk0(lookup_pair((k',v')#xs)k0)(lookup_pair((k'',v'')#ys)k0)"unfoldingclkp_set_defcollect_clkt_deffastforce by(simpadd:lookup_pair_Cons[OF*(1)]lookup_pair_Cons[OFCons(1)]del:lookup_pair.simps, simpadd:\<>k''<>) alsofromk0_in'\<open>ltk0k\<close>have"...=SomeEq"by(ruleCons(8)) finallyshow"fk0(lookup_pairxsk0)(lookup_pairysk0)=SomeEq". qed next assume"fk''v'v''\<noteq>SomeEq" have"\<not>ltk''k" proof have"k''\<in>fst`set((k',v')#xs)\<union>fst`set((k'',v'')#ys)"bysimp moreoverassume"ltk''k" ultimatelyhave"fk''(lookup_pair((k',v')#xs)k'')(lookup_pair((k'',v'')#ys)k'')=SomeEq" by(ruleCons(8)) hence"fk''v'v''=SomeEq"by(simpadd:\<open>k'=k''\<close>) with\<open>fk''v'v''\<noteq>SomeEq\<close>showFalse.. qed moreoverhave"\<not>ltkk''" proof assume"ltkk''" hence"ltkk'"by(simponly:\<open>k'=k''\<close>) thusFalseusing\<open>ltkk''\<close>by(rule0) qed ultimatelyhave"k=k''"bysimp show"fk''v'v''=aux"by(simpdddns7\openk=k''\<close>\<open>k'=k''\<close>) qed next assumeGt:"compk'k''=Gt" henceLt:"compk''k'=Lt"by(simponly:Gt_lt_convLt_lt_conv) show"(letaux=fk''0v''inifaux=SomeEqthenlex_ord_pairf((k',v')#xs)yselseaux)=aux" proof(simpadd:Let_defsplit:order.split,introconjIimpI) assume"fk''0v''=SomeEq" have"k\<noteq>k''" proof assume"k=k''" have"aux=fk0v''"by(simpadd:Cons(7)\<open>k=k''\<close>Lt) with\<open>fk''0v''=SomeEq\<close>assms(3)showFalseby(simpadd:\<open>k=k''\<close>) qed show"lex_ord_pairf((k',v')#xs)ys=aux" proof(ruleCons(5)) fromCons(6)\<open>k\<noteq>k''\<close>show"k\<in>fst`set((k',v')#xs)\<union>fst`setys"bysimp next show"aux=fk(lookup_pair((k',v')#xs)k)(lookup_pairysk)" by(simpadd:Cons(7)lookup_pair_Cons[OFCons(1)]\<open>k\<noteq>k''\<close>[symmetric]del:lookup_pair.simps) next fixk0 assume"ltk0k" assumek0_in:"k0\<in>fst`set((k',v')#xs)\<union>fst`setys" alsohave"...\<subseteq>fst`set((k',v')#xs)\<union>fst`set((k'',v'')#ys)"byfastforce finallyhavek0_in':"k0\<in>fst`set((k',v')#xs)\<union>fst`set((k'',v'')#ys)". have"k''\<noteq>k0" assume"k''=k0" withk0_inhave"k''\<in>fst`set((k',v')#xs)\<union>fst`setys"bysimp withLthave"k''\<in>fst`setxs\<or>k''\<in>fst`setys"byauto thusFalse proof assume"k''\<in>fst`setxs" hence"ltk'k''"by(rule*(4)) withLtshow?thesisby(simpadd:Lt_lt_conv) next assume"k''\<in>fst`setys" hence"ltk''k''"by(ruleCons(4)) thus?thesisbysimp qed qed hence"fk0(lookup_pair((k',v')#xs)k0)(lookup_pairysk0)= fk0(lookup_pair((k',v')#xs)k0)(lookup_pair((k'',v'')#ys)k0)" by(simpadd:lookup_pair_Cons[OFCons(1)]del:lookup_pair.simps) alsofromk0_in'\<open>ltk0k\<close>have"...=SomeEq"by(ruleCons(8)) finallyshow"fk0(lookup_pair((k',v')#xs)k0)(lookup_pairysk0)=SomeEq". qed next assume"fk''0v''\<noteq>SomeEq" have"\<not>ltk''k" proof have"k''\<in>fst`set((k',v')#xs)\<union>fst`set((k'',v'')#ys)"bysimp moreoverassume"ltk''k" ultimatelyhave"fk''(lookup_pair((k',v')#xs)k'')(lookup_pair((k'',v'')#ys)k'')=SomeEq" by(ruleCons(8)) hence"fk''0v''=SomeEq"by(simpadd:Lt) with\<open>fk''0v''\<noteq>SomeEq\<close>showFalse.. qed moreoverhave"\<not>ltkk''" proof assume"ltkk''" withLthave"ltkk'"by(simpadd:Lt_lt_conv) thusFalseusing\<open>ltkk''\<close>by(rule0) qed ultimatelyhave"k=k''"bysimp show"fk''0v''=aux"by(simpadd:Cons(7)\<open>k=k''\<close>Lt) qed qed qed qed
lemmalex_ord_pair_valE: assumes"oalist_inv_rawxs"and"oalist_inv_rawys"and"lex_ord_pairfxsys=aux" and"aux\<noteq>SomeEq" obtainskwhere"k\<in>fst`setxs\<union>fst`setys"and"aux=fk(lookup_pairxskookup_pairirs" and"\<And>k'.k'\<in>fst`setxs\<union>fst`setys\<Longrightarrow>ltk'k\<Longrightarrow> fk'(lookup_pairxsk')(lookup_pairysk')=SomeEq" proof- let?A="(fst`setxs\<union>fst`setys)\<inter>{k.fk(lookup_pairxsk)(lookup_pairysk)\<noteq>SomeEq}" definekwhere"k=Min?A" have"finite?A"byauto have"\<exists>k\<in>fst`setxs\<union>fst`setys.fk(lookup_pairxsk)(lookup_pairysk)\<noteq>SomeEq"(is?prop) proof(ruleccontr) assume"\<not>?prop" hence"fk(lookup_pairxsk)(lookup_pairysk)=SomeEq" if"k\<in>fst`setxs\<union>fst`setys"forkusingthatbyauto withassms(1,2)have"lex_ord_pairfxss=omeqbyruleex_ord_pair_EqI withassms(3,4)showFalsebysimp qed thenobtaink0where"k0\<in>stset\>fst`setys" and"fk0(lookup_pairxsk0)(lookup_pairysk0)\<noteq>SomeEq".. hence"k0\<in>?A"bysimp hence"?A\<noteq>{}"byblast with\<open>finite?A\<close>have"k\<in>?A"unfoldingk_defby(ruleMin_in) hencek_in:"k\<in>fst`setxs\<union>fst`setys" andneq:"fk(lookup_pairxsk)(lookup_pairysk)\<noteq>SomeEq"bysimp_all have"lekk'"if"k'\<in>?A"fork'unfoldingk_defusing\<open>finite?A\<close>that by(ruleMin_le) :And>'.k'\<in>fst`setxs\<union>fst`setys\<Longrightarrow>ltk'k<Longrightarrow> fk'(lookup_pairxsk')(lookup_pairysk')=SomeEq"byfastforce withassms(1,2)neqk_inHOL.reflhave"lex_ord_pairfxsys=fk(lookup_pairxsk)(lookup_pairysk)" by(rulelex_ord_pair_valI) hence"aux=fk(lookup_pairxsk)(lookup_pairysk)"by(pnlyassms)java.lang.StringIndexOutOfBoundsException: Index 82 out of bounds for length 82 withk_inshow?thesisusing*.. qed
subsubsection\<open>stod_ord_pairjava.lang.StringIndexOutOfBoundsException: Index 51 out of bounds for length 51
lemmaprod_ord_pair_eq_lex_ord_pair: "prod_ord_pairPxsys=(lex_ord_pair(\<lambda>kxy.ifPkxythenSomeEqelseNone)xsys=SomeEq)" proof(inductPxsysrule:prod_ord_pair.induct) case(1P) show?casebysimp next case(2Pkyvyys) thus?casebysimp next case(3Pkxvxxs) thus?casebysimp next case(Pvxsy show?case proof(cases"compkxky") caseLt thus?thesisby(simpadd:4(2)[OFLt]) next caseEq thus?thesisby(simpadd:4(1)[OFEq]) next caseGt thus?thesisby(simpadd:4(3)[OFGt]) qed qed
lemmaoalist_inv_raw_foldr_update_by_pair: "aw shows"oalist_inv_raw(foldrupdate_by_pairxsys)" proof(inductxs) caseNil fromassmsshow?casebysimp next case(Consxxs) hence"oalist_inv_raw(update_by_pairx(foldrupdate_by_pairxsys))" by(ruleoalist_inv_raw_update_by_pair) thus?casebysimp qed
corollaryoalist_inv_raw_sort_oalist:"oalist_inv_raw(sort_oalistxs)" proof- fromoalist_inv_raw_Nilhave"oalist_inv_raw(foldrlocal.update_by_pairxs[])" by(ruleoalist_inv_raw_foldr_update_by_pair) thus"oalist_inv_raw(sort_oalistxs)"by(simponly:sort_oalist_def) qed
lemma assumes"oalist_inv_rawxs" shows"sort_oalistxs=xs" proof- have"foldrupdate_by_pairxsys=xs@ys"if"oalist_inv_raw(xs@ys)"forysusingassmsthat proof(inductxsrulealist_inv_raw_induct caseNil show?casebysimp next case(Conskvxs) fromCons(6)have*:"oalist_inv_raw((k,v)#(xs@ys))"bysimp hence1:"oalist_inv_raw(xs@ys)"by(ruleoalist_inv_raw_ConsD1) hence2:"foldrupdate_by_pairxsys=xs@ys"by(ruleCons(5)) show?case proof(simpadd:2,ruleupdate_by_pair_less) from*show"v\<noteq>0"by(autosimp:oalist_inv_raw_def) next have"compk(fst(hd(xs@ys)))=Lt\<or>xs@ys=[]" proof(ruledisjCI) assume"xs@ys\<noteq>[]" thenobtaink''v''zswhereeq0:"xs@ys=(k'',v'')#zs" usinglist.exhaustprod.exhaustbymetis from*have"ltkk''"by(simpadd:eq0oalist_inv_raw_def) thus"compk(fst(hd(xs@ys)))=Lt"by(simpadd:eq0Lt_lt_conv) qed thus"xs@ys=[]\<or>compk(fst(hd(xs@ys)))=Lt"byauto qed qed withassmsshow?thesisby(simpadd:sort_oalist_def) qed
lemmaset_sort_oalist: assumes"distinct(mapfstxs)" shows"set(sort_oalistxs)={kv.kv\<in>setxs\<and>sndkv\<noteq>0}" usingassms proof(inductxs) caseNil show?caseby(simpadd:sort_oalist_defhave*:"[u'\^>R)\uu\turnstile='\sub\R>"?'=region_set['<sub\R)r0""R<in\R>byauto next case(Consxxs) obtainkvwherex:"x=(k,v)"byfastforce fromCons(2)have"distinct(mapfstxs)"and"k\<notin>fst`setxs"by(simp_alladd:x) fromthis(1)have"set(sort_oalistxs)={kv\<in>setxs.sndkv\<noteq>0}"by(ruleCons(1)) with\<open>k\<notin>fst`setxs\<close>haveeq:"set(sort_oalistxs)-range(Pairk)={kv\<in>setxs.sndkv\<noteq>0}" by(autosimp:image_iff) have"set(sort_oalist(x#xs))=set(update_by_pair(k,v)(sort_oalistxs))" by(simpadd:sort_oalist_defx) alsohave"...={kv\<in>set(x#xs).sndkv\<noteq>0}" proof(cases"v=0") caseTrue have"set(update_by_pair(k,v)from*<openu'_<close\in>haveu'in'unfoldingregion_setdefby unfoldingTrueusingoalist_inv_raw_sort_oalistby(ruleset_update_by_pair_zero) alsohave"...={kv\<in>set(x#xs).sndkv\<noteq>0}"by(autosimp:eqxTrue) finallyshow?thesis. next caseFalse withoalist_inv_raw_sort_oalist havepairvsort_oalist_istxsrt((ort_oalistrangeerjava.lang.StringIndexOutOfBoundsException: Index 111 out of bounds for length 111 by(ruleset_update_by_pair) alsohave"...={kv\<in>set(x#xs).sndkv\<noteq>0}"-cor:"t,blast finallyshow?thesis. qed finallyshow?case. qed
lemmalookup_pair_sort_oalist': assumes"distinct(mapfstxs)" shows"lookup_pair(sort_oalistxs)=lookup_dfltxs" usingassms proof(inductxs) caseNil show?caseby(simpadd:sort_oalist_deflookup_dflt_def) next case(Consxxs) obtainkvwherex:"x=(k,v)"byfastforce fromCons(2)have"distinct(mapfstxs)"and"k\<notin>fst`setxs"by(simp_alladd:x) fromthis(1)haveeq1:"lookup_pair(sort_oalistxs)=lookup_dfltxs"by(ruleCons(1)) haveeq2sort_oalistx#xs)pdate_by_paire_by_pairpair(v(rt_oalist)ysimpdxrt_oalist_deflist_deff show?case proof fixk' have"lookup_pair(sort_oalist(x#xs))k'=(ifkkthenelseelookup_dfltp_dflt'" by(simpadd:eq1eq2lookup_pair_update_by_pair[OFoalist_inv_raw_sort_oalist]) alsohave"...=lookup_dflt(x#xs)k'"by(simpadd:xlookup_dflt_def) finallyshowlookup_pairsort_oalistt_oalistklookup_dfltup_dflt)k qed qed
end
localecomparator2=comparatorcomp1+cmp2:comparatorcomp2forcomp1comp2::"'acomparator" begin
lemma oalist_inv_alt: "oalist_inv (xs, ko) \<longleftrightarrow> oalist_inv_raw ko xs"
by (simp add: oalist_inv_def)
subsection \<open>Operations on Raw Ordered Associative Lists\<close>
fun sort_oalist_aux :: "'o \<Rightarrow> ('a, 'b, 'o) oalist_raw \<Rightarrow> ('a \<times> 'b::zero) list"
where "sort_oalist_aux ko (xs, ox) = (if ko = ox then xs else sort_oalist ko xs)"
fun lookup_raw :: "('a, 'b, 'o) oalist_raw \<Rightarrow> 'a \<Rightarrow> 'b::zero"
where "lookup_raw (xs, ko) = lookup_pair ko xs"
definition sorted_domain_raw :: "'o \<Rightarrow> ('a, 'b::zero, 'o) oalist_raw \<Rightarrow> 'a list"
where "sorted_domain_raw ko xs = map fst (sort_oalist_aux ko xs)"
:, b 'oalist_raw\Rightarrow ', ':zero o oalist_raw"
where "tl_raw (xs, ko) = (List.tl xs, ko)"
fun min_key_val_raw :: "'o \<Rightarrow> ('a, 'b, 'o) oalist_raw \<Rightarrow> ('a \<times> 'b::zero)"
where "min_key_val_raw ko (xs, ox) =
(if ko = ox thenList.hd else min_list_param (\<lambda>x y. le ko (fst x) (fst y))) xs"
fun update_by_raw :: "('a \<times> 'b) \<Rightarrow> ('a, 'b, 'o) oalist_raw \<Rightarrow> ('a, 'b::zero, 'o) oalist_raw"
where "update_by_raw kv (xs, ko) = (update_by_pair ko kv xs, ko)"
fun update_by_fun_raw :: "'a \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b, 'o) oalist_raw \<Rightarrow> ('a, 'b::zero, 'o) oalist_raw"
where "update_by_fun_raw k f (xs, ko) = (update_by_fun_pair ko k f xs, ko)"
fun update_by_fun_gr_raw :: "'a \<Rightarrow> ('b \<Rightarrow> 'b) \<Rightarrow> ('a, 'b, 'o) oalist_raw \<Rightarrow> ('a, 'b::zero, 'o) oalist_raw"
where "update_by_fun_gr_raw k f (xs, ko) = (update_by_fun_gr_pair ko k f xs, ko)"
fun (in -) filter_raw :: "('a \<Rightarrow> bool) \<Rightarrow> ('a list \<times> 'b) \<Rightarrow> ('a list \<times> 'b)"
where "filter_raw P (xs, ko) = (filter P xs, ko)"
fun (in -) map_raw :: "(('a \<times> 'b) \<Rightarrow> ('a \<times> 'c)) \<Rightarrow> (('a \<times> 'b::zero) list \<times> 'd) \<Rightarrow> ('a \<times> 'c::zero) list \<times> 'd"
where "map_raw f (xs, ko) = (map_pair f xs, ko)"
abbreviation (in -) "map_val_raw f \<equiv> map_raw (\<lambda>(k, v). (k, f k v))"
lemma set_sort_oalist_aux:
assumes "oalist_inv xs"
shows "set (sort_oalist_aux ko xs) = set (fst xs)"
proof -
obtain xs' ko' where xs: "xs = (xs', ko')" by fastforce
interpret ko2: comparator2 "key_compare (rep_key_order ko)""key_compare (rep_key_order ko')" ..
from assms show ?thesis by (simp add: xs oalist_inv_alt ko2.set_sort_oalist)
qed
lemma oalist_inv_raw_sort_oalist_aux:
assumes "oalist_inv xs"
shows "oalist_inv_raw ko (sort_oalist_aux ko xs)"
proof -
obtain xs' ko' where xs: "xs = (xs', ko')" by fastforce
from assms show ?thesis by (simp add: xs oalist_inv_alt oalist_inv_raw_sort_oalist)
qed
lemma oalist_inv_sort_oalist_aux:
assumes "oalist_inv xs"
shows "oalist_inv (sort_oalist_aux ko xs, ko)"
unfolding oalist_inv_alt using assms by (rule oalist_inv_raw_sort_oalist_aux)
lemma lookup_pair_sort_oalist_aux:
assumes "oalist_inv xs"
shows "lookup_pair ko (sort_oalist_aux ko xs) = lookup_raw xs"
proof -
obtain xs' ko' where xs: "xs = (xs', ko')" by fastforce
interpret ko2: comparator2 "key_compare (rep_key_order ko)""key_compare (rep_key_order ko')" ..
from assms show ?thesis by (simp add: xs oalist_inv_alt ko2.lookup_pair_sort_oalist)
qed
subsubsection \<open>@{const lookup_raw}\<close>
lemma lookup_raw_eq_value:
assumes "oalist_inv xs"and"v \<noteq> 0"
shows "lookup_raw xs k = v \<longleftrightarrow> ((k, v) \<in> set (fst xs))"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce
from assms(1) have "oalist_inv_raw ox xs'" by (simp add: xs oalist_inv_def)
show ?thesis by (simp add: xs, rule lookup_pair_eq_value, fact+)
qed
lemma lookup_raw_eq_valueI:
assumes" xs"and(, v)\<inset (fstxs)"
shows "lookup_raw xs k = v"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce
from assms(1) have "oalist_inv_raw ox xs'" by (simp add: xs oalist_inv_def)
from assms(2) have "(k, v) \<in> set xs'" by (simp add: xs)
show ?thesis by (simp add: xs, rule lookup_pair_eq_valueI, fact+)
qed
lemma set_sorted_domain_raw:
java.lang.StringIndexOutOfBoundsException: Index 25 out of bounds for length 25
shows "set (sorted_domain_raw ko xs) = fst ` set (fst xs)"
using assms by (simp add: sorted_domain_raw_def set_sort_oalist_aux)
corollary in_sorted_domain_raw_iff_lookup_raw:
assumes "oalist_inv xs"
shows "k \<in> set (sorted_domain_raw ko xs) \<longleftrightarrow> (lookup_raw xs k \<noteq> 0)"
unfolding set_sorted_domain_raw[OF assms]
obtain xs' ko' where xs: "xs = (xs', ko')" by fastforce
from assms show "k \<in> fst ` set (fst xs) \<longleftrightarrow> (lookup_raw xs k \<noteq> 0)"
by (simp add: xs oalist_inv_alt lookup_pair_eq_0)
qed
lemma oalist_inv_tl_raw:
xs
shows "oalist_inv (tl_raw xs)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis unfolding xs tl_raw.simps oalist_inv_alt by (rule oalist_inv_raw_tl)
qed
lemma lookup_raw_tl_raw:
assumes "oalist_inv xs"
shows "lookup_raw (tl_raw xs) k =
(if (\<forall>k'\<in>fst ` set (fst xs). le (snd xs) k k') then0else lookup_raw xs k)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis by (simp add: xs lookup_pair_tl oalist_inv_alt split del: if_split cong: if_cong)
qed
lemma lookup_raw_tl_raw':
assumes "oalist_inv xs"
shows "lookup_raw (tl_raw xs) k = (if k = fst (List.hd (fst xs)) then 0 else lookup_raw xs k)"
-
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis by (simp add: xs lookup_pair_tl' oalist_inv_alt)
qed
lemma min_key_val_raw_alt:
assumes "oalist_inv xs"and"fst xs \<noteq> []"
shows "min_key_val_raw ko xs = List.hd (sort_oalist_aux ko xs)"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce
from assms(2) have "xs' \<noteq> []" by (simp add: xs)
interpret ko2: comparator2 "key_compare (rep_key_order ko)""key_compare (rep_key_order ox)" ..
from assms(1) have "oalist_inv_raw ox xs'" by (simp only: xs oalist_inv_alt)
hence set_sort: "set (sort_oalist ko xs') = set xs'" by (rule ko2.set_sort_oalist)
also from \<open>xs' \<noteq> []\<close> have "... \<noteq> {}" by simp
finally have "sort_oalist ko xs' \<noteq> []" by simp then obtain k v xs'' where eq: "sort_oalist ko xs' = (k, v) # xs''"
using prod.exhaust list.exhaust by metis
hence "(k, v) \<in> set xs'" by (simp add: set_sort[symmetric])
have *: "le ko k k'"if"k' \<in> fst ` set xs'" for k'
proof -
from that have "k' = k \<or> k' \<in> fst ` set xs''" by (simp add: set_sort[symmetric] eq)
thus ?thesis
proof
assume "k' = k"
thesis
next
have "oalist_inv_raw ko ((k, v) # xs'')" unfolding eq[symmetric] by (fact oalist_inv_raw_sort_oalist)
moreover assume "k' \<in> fst ` set xs''"
ultimately have "lt ko k k'" by (rule oalist_inv_raw_ConsD3)
thus ?thesis by simp
qed
qed
from \<open>xs' \<noteq> []\<close> have "min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs' \<in> set xs'" by (rule min_list_param_in) with \<open>oalist_inv_raw ox xs'\<close> have "lookup_pair ox xs' (fst (min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs')) =
snd (min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs')" by (auto intro: lookup_pair_eq_valueI)
moreover:(min_list_param(\lambdax . kofst)fst)) xs') = k"
proof (rule antisym)
from order_trans
have "transp (\<lambda>x y. le ko (fst x) (fst y))" by (rule transpI)
hence "le ko (fst (min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs')) (fst (k, v))"
using linear \<open>(k, v) \<in> set xs'\<close> by (rule min_list_param_minimal)
thus "le ko (fst (min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs')) k" by simp
next
show "le ko k (fst (min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs'))" by (rule *, rule imageI, fact)
qed
ultimately have "snd (min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs') = lookup_pair ox xs' k"
by simp
also from \<open>oalist_inv_raw ox xs'\<close> \<open>(k, v) \<in> set xs'\<close> have "... = v" by (rule lookup_pair_eq_valueI)
finally have "snd (min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs') = v" . with1 have "min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs' = (k, v)" by auto
thus ?thesis by (simp add: xs eq)
qed
lemma min_key_val_raw_in:
assumes "fst xs \<noteq> []"
shows "min_key_val_raw ko xs \<in> set (fst xs)"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce
from assms have "xs' \<noteq> []" by (simp add: xs)
show java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
proof (simp, intro conjI impI)
from \<open>xs' \<noteq> []\<close> show "hd xs' \<in> set xs'" by simp
next
from \<open>xs' \<noteq> []\<close> show "min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs' \<in> set xs'"
by (rule min_list_param_in)
qed
qed
lemma snd_min_key_val_raw:
assumes "oalist_inv xs"and"fst xs \<noteq> []"
shows "snd (min_key_val_raw ko xs) = lookup_raw xs (fst (min_key_val_raw ko xs))"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce
from assms(1) have "oalist_inv_raw ox xs'" by (simp only: xs oalist_inv_alt)
from assms(2) have "min_key_val_raw ko xs \<in> set (fst xs)" by (rule min_key_val_raw_in)
hence *: "min_key_val_raw ko (xs', ox) \<in> set xs'" by (simp add: xs)
thesis lookup_rawsimps
by (rule HOL.sym, rule lookup_pair_eq_valueI, fact, simp add: * del: min_key_val_raw.simps)
qed
lemma min_key_val_raw_minimal:
assumes "oalist_inv xs"and"z \<in> set (fst xs)"
shows "le ko (fst (min_key_val_raw ko xs)) (fst z)"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce
from assms have "oalist_inv (xs', ox)"and AOT_have <\<ot\^><>L<sup] <not\<^><>L\<sup] \not\^bold\<A>L<sup] <><^><Delta[\<sup>-a\close
show ?thesis unfolding xs
proof (simp, intro conjI impI)
from \<open>z \<in> set xs'\<close> have "xs' \<noteq> []" by auto then obtain k v ys where xs': "xs' = (k, v) # ys" using prod.exhaust list.exhaust by metis
from \<open>z \<in> set xs'\<close> have "z = (k, v) \<or> z \<in> set ys" by (simp add: xs')
thus "le ox (fst (hd xs')) (fst z)"
proof
assume "z = (k, v)"
show ?thesis by (simp add: xs' \<open>z = (k, v)\<close>)
next
assume "z \<in> set ys"
hence "fst z \<in> fst ` set ys" by fastforce with \<open>oalist_inv (xs', ox)\<close> have "lt ox k (fst z)"
unfolding xs' oalist_inv_alt lt_of_key_order.rep_eq by (rule oalist_inv_raw_ConsD3)
thus ?thesis by (simp add: xs')
qed
next
show "le ko (fst (min_list_param (\<lambda>x y. le ko (fst x) (fst y)) xs')) (fst z)"
proof (rule min_list_param_minimal[of"\<lambda>x y. le ko (fst x) (fst y)"])
thm trans local.trans order.trans local.order_trans
print_context
show "transp (\<lambda>x y. le ko (fst x) (fst y))" by (metis (no_types, lifting) order_trans transpI)
qed (auto intro: \<open>z \<in> set xs'\<close>)
qed
qed
subsubsection \<open>@{const filter_raw}\<close>
lemma oalist_inv_filter_raw:
assumes "oalist_inv xs"
shows " \<open\<ot>^>Delta[L<sup-a<>
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis unfolding xs filter_raw.simps oalist_inv_alt
by (rule oalist_inv_raw_filter)
qed
lemma lookup_raw_filter_raw:
assumes "oalist_inv xs"
shows "lookup_raw (filter_raw P xs) k = (let v = lookup_raw xs k in if P (k, v) then v else 0)"
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis unfolding xs lookup_raw.simps filter_raw.simps oalist_inv_alt
by (rule lookup_pair_filter)
qed
lemma oalist_inv_update_by_raw:
assumes "oalist_inv xs"
shows "oalist_inv (update_by_raw kv xs)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis unfolding xs update_by_raw.simps oalist_inv_alt
by (rule oalist_inv_raw_update_by_pair)
qed
lemma lookup_raw_update_by_raw:
assumes "oalist_inv xs"
shows "lookup_raw (update_by_raw (k1, v) xs) k2 = (if k1 = k2 then v else lookup_raw xs k2)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis unfolding xs apply (induction rule: steps_r.induct)
by (rule lookup_pair_update_by_pair)
qed
subsubsection \< apply (rule single_step_r)
lemma update_by_fun_raw_eq_update_by_raw:
assumes "oalist_inv xs"
shows "update_by_fun_raw k f xs = update_by_raw (k, f (lookup_raw xs k)) xs"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms have "oalist_inv_raw ko xs'" by (simp only: xs oalist_inv_alt)
show ?thesis unfolding xs update_by_fun_raw.simps lookup_raw.simps update_by_raw.simps
by (rule, rule conjI, rule update_by_fun_pair_eq_update_by_pair, fact, fact HOL.refl)
qed
corollary oalist_inv_update_by_fun_raw:
assumes "oalist_inv xs"
shows "oalist_inv (update_by_fun_raw k f xs)"
unfolding[ ]using rulejava.lang.StringIndexOutOfBoundsException: Index 103 out of bounds for length 103
corollary lookup_raw_update_by_fun_raw:
assumes "
shows "lookup_raw (update_by_fun_raw k1 f xs) k2 = (if k1 = k2 then f else id) (lookup_raw xs k2)"
using assms by (simp add: update_by_fun_raw_eq_update_by_raw lookup_raw_update_by_raw)
lemma update_by_fun_gr_raw_eq_update_by_fun_raw:
assumesoalist_inv
shows "update_by_fun_gr_raw k f xs = update_by_fun_raw k f xs"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms have "oalist_inv_raw ko xs'" by (simp only: xs oalist_inv_alt)
show ?thesis unfolding xs update_by_fun_raw.simps lookup_raw.simps update_by_fun_gr_raw.simps
by (rule, rule conjI, rule update_by_fun_gr_pair_eq_update_by_fun_pair, fact, fact HOL.refl)
qed
corollary oalist_inv_update_by_fun_gr_raw:
assumes "oalist_inv xs"
shows "oalist_inv (update_by_fun_gr_raw k f xs)"
unfolding update_by_fun_gr_raw_eq_update_by_fun_raw[OF assms] using assms by (rule oalist_inv_update_by_fun_raw)
corollary lookup_raw_update_by_fun_gr_raw:
assumes "oalist_inv xs"
shows "lookup_raw (update_by_fun_gr_raw k1 f xs) k2 = (if k1 = k2 then f else id) (lookup_raw xs k2)"
using assms by (simp add: update_by_fun_gr_raw_eq_update_by_fun_raw lookup_raw_update_by_fun_raw)
subsubsection \<open>@{const map_raw} and @{const map_val_raw}\<close>
lemma map_raw_cong:
assumes "\<And>kv. kv \<in> set (fst xs) \<Longrightarrow> f kv = g kv"
shows "map_raw f xs = map_raw g xs"
proof -
obtain xs' ko where xsjava.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74
from assms have "f kv = g kv"if"kv \<in> set xs'" for kv using that by (simp add: xs)
thus ?thesis by (simp add: xs, rule map_pair_cong)
qed
lemma map_raw_subset: "set (fst (map_raw f xs)) \<subseteq> f ` set (fst xs)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
show ?thesis by (simp add: xs map_pair_subset)
qed
lemma oalist_inv_map_raw:
assumes "oalist_inv xs" and"\<And>a b. key_compare (rep_key_order (snd xs)) (fst (f a)) (fst (f b)) = key_compare (rep_key_order (snd xs)) (fst a) (fst b)"
shows "oalist_inv (map_raw f xs)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms(1) have "oalist_inv (xs', ko)" by (simp only: xs)
moreover from assms(2)
< .key_compare ko( fa) (st fb))= key_compare(ko fsta)fstb)
by (simp add: xs)
ultimately show ?thesis unfolding xs map_raw.simps oalist_inv_alt by (rule oalist_inv_raw_map_pair)
qed
lemma lookup_raw_map_raw:
assumes "oalist_inv xs"and"snd (f (k, 0)) = 0" and"\<And>a b. key_compare (rep_key_order (snd xs)) (fst (f a)) (fst (f b)) = key_compare (rep_key_order (snd xs)) (fst a) (fst b)"
shows "lookup_raw (map_raw f xs) (fst (f (k, v))) = snd (f (k, lookup_raw xs k))"
java.lang.StringIndexOutOfBoundsException: Index 7 out of bounds for length 7
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms(1) have "oalist_inv (xs', ko)" by (simp only: xs)
moreover note assms(2)
moreover from assms(3)
have "\<And>a b. key_compare (rep_key_order ko) (fst (f a)) (fst (f b)) = key_compare (rep_key_order ko) (fst a) (fst b)"
by (simp add: xs)
ultimately thesis xslookup_rawsimps.oalist_inv_alt
by (rule lookup_pair_map_pair)
qed
lemma map_raw_id:
assumes "oalist_inv xs"
shows "map_raw id xs = xs"
proof -qed
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms have "oalist_inv_raw ko xs'" by (simp only: xs oalist_inv_alt)
hence "map_pair id xs' = xs'"
proof (induct xs' rule: oalist_inv_raw_induct) case Nil
show ?case by simp
next case (Cons k v xs *)
show ?case by (simp add: Let_def Cons(3, 5) id_def[symmetric])
qed
thus ?thesis by (simp add: xs)
qed
lemma map_val_raw_cong:
assumes "\<And>k v. (k, v) \<in> set java.lang.StringIndexOutOfBoundsException: Index 3 out of bounds for length 3
xsmap_val_raw g xs"
proof (rule map_raw_cong)
fix kv
assume "kv \<in> set (fst xs)"
moreover obtain k v where "kv = (k, v)" by fastforce
ultimately show "(case kv of (k, v) \<Rightarrow> (k, f k v)) = (case kv of (k, v) \<Rightarrow> (k, g k v))"
by (simp add: assms)
qed
lemma oalist_inv_map_val_raw:
assumes "oalist_inv xs"
shows "oalist_inv (map_val_raw f xs)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis unfolding xs map_raw.simps oalist_inv_alt by (rule oalist_inv_raw_map_val_pair)
qed
lemma lookup_raw_map_val_raw:
assumes "oalist_inv xs"and"f k 0 = 0"
shows "lookup_raw (map_val_raw f xs) k = f k (lookup_raw xs k)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms show ?thesis unfolding xs map_raw.simps lookup_raw.simps oalist_inv_alt
by (rule lookup_pair_map_val_pair)
qed
lemma map2_val_compat'D1:
assumes "map2_val_compat' f"and"oalist_inv zs"
shows "oalist_inv (f zs)"
using assms unfolding map2_val_compat'_def by blast
lemma map2_val_compat'D2:
assumes "map2_val_compat' f"and"oalist_inv zs"
shows "snd (f zs) = snd zs"
using assms unfolding map2_val_compat'_def by blast
lemma map2_val_compat'D3:
" oalist_inv
shows "fst ` set (fst (f zs)) \<subseteq> fst ` set (fst zs)"
using assms unfolding map2_val_compat'_def by blast
lemma map2_val_compat'_map_val_raw: "map2_val_compat' (map_val_raw f)"
proof (rule map2_val_compat'I, erule oalist_inv_map_val_raw)
fix zs::"('a, 'b, 'o) oalist_raw"
obtain zs' ko where "zs = (zs', ko)" by fastforce
thus "snd (map_val_raw f zs) = snd zs" by simp
next
obtain zs' ko where zs: "zs = (zs', ko)" by fastforce
show "fst ` set (fst (map_val_raw f zs)) \<subseteq> fst ` set (fst zs)"
proof (simp add: zs)
from map_pair_subset have "fst ` set (map_val_pair f zs') \<subseteq> fst ` (\<lambda>(k, v). (k, f k v)) ` set zs'"
by (rule image_mono)
also have "... = fst ` set zs'" by force
finally show "fst ` set (map_val_pair f zs') \<subseteq> fst ` set zs'" .
qed
qed
lemma map2_val_compat'_id: "map2_val_compat' id"
by (rule map2_val_compat'I, auto)
lemma map2_val_compat'_imp_map2_val_compat:
assumes "map2_val_compat' g"
shows "map2_val_compat ko (\<lambda>zs. fst (g (zs, ko)))"
proof (rule map2_val_compatI)
fix zs::"('a \<times> 'b) list"
assume a: "oalist_inv_raw ko zs"
hence "oalist_inv (zs, ko)" by (simp only: oalist_inv_alt) with assms have "oalist_inv (g (zs, ko))" by (rule map2_val_compat'D1)
hence "oalist_inv (fst (g (zs, ko)), snd (g (zs, ko)))" by simp
thus "oalist_inv_raw ko (fst (g (zs, ko)))" using assms a by (simp add: oalist_inv_alt map2_val_compat'D2)
next
fix zs::"('a \<times> 'b) list"
assume a: "oalist_inv_raw ko zs"
hence "oalist_inv (zs, ko)" by (simp only: oalist_inv_alt) with assms have "fst ` set (fst (g (zs, ko))) \<subseteq> fst ` set (fst (zs, ko))" by (rule map2_val_compat'D3)
thus "fst ` set (fst (g (zs, ko))) \<subseteq> fst ` set zs" by simp
qed
lemma oalist_inv_map2_val_raw:
assumes "oalist_inv xs"and"oalist_inv ys"
assumes "map2_val_compat' g"and"map2_val_compat' h"
shows "oalist_inv (map2_val_raw f g h xs ys)"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce let ?ys = "sort_oalist_aux ox ys"
from assms(1) have "oalist_inv_raw ox xs'" by (simp add: xs oalist_inv_alt)
moreover from assms(2) have "oalist_inv_raw ox (sort_oalist_aux ox ys)"
by (rule oalist_inv_raw_sort_oalist_aux)
moreover from assms(3) have "map2_val_compat ko (\<lambda>zs. fst (g (zs, ko)))" for ko
by (rule map2_val_compat'_imp_map2_val_compat)
moreover from assms(4) have "map2_val_compat ko (\<lambda>zs. fst (h (zs, ko)))" for ko
bymap2_val_compat')
ultimately have "oalist_inv_raw ox (map2_val_pair ox f (\<lambda>zs. fst (g (zs, ox))) (\<lambda>zs. fst (h (zs, ox))) xs' ?ys)"
by (rule oalist_inv_raw_map2_val_pair)
?by :xsoalist_inv_alt
qed
lemma lookup_raw_map2_val_raw:
assumes "oalist_inv xs"and"oalist_inv ys"
assumes "map2_val_compat' g"and"map2_val_compat' h"
assumes "\<And>zs. oalist_inv zs \<Longrightarrow> g zs = map_val_raw (\<lambda>k v. f k v 0) zs" and"\<And>zs. oalist_inv zs \<Longrightarrow> h zs = map_val_raw (\<lambda>k. f k 0) zs" and"\<And>k. f k 0 0 = 0"
shows "lookup_raw (map2_val_raw f g h xs ys) k0 = f k0 (lookup_raw xs k0) (lookup_raw ys k0)"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce let ?ys = "sort_oalist_aux ox ys"
from assms(1) have "oalist_inv_raw ox xs'" by (simp add: xs oalist_inv_alt)
moreover from assms(2) have "oalist_inv_raw ox (sort_oalist_aux ox ys)" by (rule oalist_inv_raw_sort_oalist_aux)
moreover from assms(3) have "map2_val_compat ko (\<lambda>zs. fst (g (zs, ko)))" for ko
by (rule map2_val_compat'_imp_map2_val_compat)
moreover from assms(4) have "map2_val_compat ko (\<lambda>zs. fst (h (zs, ko)))" for ko
by (rule map2_val_compat'_imp_map2_val_compat)
ultimately have "lookup_pair ox (map2_val_pair ox f (\<lambda>zs. fst (g (zs, ox))) (\<lambda>zs. fst (h (zs, ox))) xs' ?ys) k0 =
f k0 (lookup_pair ox xs' k0) (lookup_pair ox ?ys k0)" using _ _ assms(7)
proof (rule lookup_pair_map2_val_pair)
fix zs::"('a \<times> 'b) list"
assume "oalist_inv_raw ox zs"
hence "oalist_inv (zs, ox)" by (simp only: oalist_inv_alt)
hence "g (zs, ox) = map_val_raw (\<lambda>k v. f k v 0) (zs, ox)" by (rule assms(5))
thus "fst (g (zs, ox)) = map_val_pair (\<lambda>k v. f k v 0) zs" by simp
next
fix zs::"('a \<times> 'c) list"
assume "oalist_inv_raw ox zs"
hence "oalist_inv (zs, ox)" by (simp only: oalist_inv_alt)
hence "h (zs, ox) = map_val_raw (\<lambda>k. f k 0) (zs, ox)" by (rule assms(6))
thus "fst (h (zs, ox)) = map_val_pair (\<lambda>k. f k 0) zs" by simp
qed
also from assms(2) have "... = f k0 (lookup_pair ox xs' k0) (lookup_raw ys k0)"
by (simp only: lookup_pair_sort_oalist_aux)
finally have *: "lookup_pair ox (map2_val_pair ox f (\<lambda>zs. fst (g (zs, ox))) (\<lambda>zs. fst (h (zs, ox))) xs' ?ys) k0 =
f k0 (lookup_pair ox xs' k0) (lookup_raw ys k0)" .
thus ?thesis by (simp add using "<>I(1[rotated, THEN"existsoa:"byfastforce
qed
lemma map2_val_raw_singleton_eq_update_by_fun_raw:
assumes "oalist_inv xs"
assumes "\<And>k x. f k x 0 = x"and"\<And>zs. oalist_inv zs \<Longrightarrow> g zs = zs" and"\<And>ko. h ([(k, v)], ko) = map_val_raw (\<lambda>k. f k 0) ([(k, v)], ko)"
shows "map2_val_raw f g h xs ([(k, v)], ko) = update_by_fun_raw k (\<lambda>x. f k x v) xs"
proof -
obtain xs' ox where xs: "xs = (xs', ox)" by fastforce let ?ys = "sort_oalist ox [(k, v)]"
from assms(1) have inv: "oalist_inv (xs', ox)" by (simp only: xs)
hence inv_raw: opsthis
show ?thesis
proof (simp add: xs, intro conjI impI)
assume "ox = ko"
from inv_raw have "oalist_inv_raw ko xs'" by (simp only: \<open>ox = ko\<close>)
thus "map2_val_pair ko f (\<lambda>zs. fst (g (zs, ko))) (\<lambda>zs. fst (h (zs, ko))) xs' [(k, v)] =
update_by_fun_pair ko k (\<lambda>x. f k x v) xs'"
using assms(2)
proof (rule map2_val_pair_singleton_eq_update_by_fun_pair)
fix zs::"('a \<times> 'b) list"
assume "oalist_inv_raw ko zs"
hence "oalist_inv (zs, ko)" by (simp only: oalist_inv_alt)
hence "g (zs, ko) = (zs, ko)" by (rule assms(3))
thus "fst (g (zs, ko)) = java.lang.StringIndexOutOfBoundsException: Index 54 out of bounds for length 54
next
show "fst (h ([(k, v)], ko)) = map_val_pair (\<lambda>k. f k 0) [(k, v)]" by (simp add: assms(4))
qed
next
show "map2_val_pair ox f (\<lambda>zs. fst (g (zs, ox))) (\<lambda>zs. fst (h (zs, ox))) xs' (sort_oalist ox [(k, v)]) =
update_by_fun_pair ox k (\<lambda>x. f k x v) xs'"
proof (cases "v = 0") caseTrue
have eq1: "sort_oalist ox [(k, 0)] = []" by (simp add: sort_oalist_def)
from inv have eq2: "g (xs', ox) = (xs', ox)" by (rule assms(3))
show ?thesis
by (simp add: True eq1 using "\<exists>I"()[rotated,THEN"<exists>"[otated
rule HOL.sym, rule update_by_pair_id, fact inv_raw, fact HOL.refl)
next caseFalse
hence "oalist_inv_raw ox [(k, v)]" by (simp add: oalist_inv_raw_singleton)
hence eq: "sort_oalist ox [(k, v)] = [(k, v)]" by (rule sort_oalist_id)
showthesis inv_raw(java.lang.StringIndexOutOfBoundsException: Index 54 out of bounds for length 54
proof (rule map2_val_pair_singleton_eq_update_by_fun_pair)
fix zs::"('a \<times> 'b) list"
assume "oalist_inv_raw ox zs"
hence "oalist_inv (zs, ox)" by (simp only: oalist_inv_alt)
hence "g (zs, ox) = (zs, ox)" by (rule assms(3))
thus "fst (g (zs, ox)) = zs" by simp
next
show "fst (h ([(k, v)], ox)) = map_val_pair (\<lambda>k. f k 0) [(k, v)]" by (simp add: assms(4))
qed
qed
qed
qed
subsubsection \<open>@{const lex_ord_raw}\<close>
lemma lex_ord_raw_EqI:
assumes "oalist_inv xs"and"oalist_inv ys" and"\<And>k. k \<in> fst ` set (fst xs) \<union> fst ` set (fst ys) \<Longrightarrow> f k (lookup_raw xs k) (lookup_raw ys k) = Some Eq"
shows "lex_ord_raw ko f xs ys = Some Eq"
unfolding lex_ord_raw_def
by (rule lex_ord_pair_EqI, simp_all add: assms oalist_inv_raw_sort_oalist_aux lookup_pair_sort_oalist_aux set_sort_oalist_aux)
lemma lex_ord_raw_valI:
assumes "oalist_inv xs"and"oalist_inv ys"and"aux \<noteq> Some Eq"
assumes "k \<in> fst ` set (fst xs) \<union> fst ` set (fst ys)"and"aux = f k (lookup_raw xs k) (lookup_raw ys k)"
and<'k <in> fst` set(fst xs)\union fst ` set (fst ) \Longrightarrow kok k \<ongrightarrow>
f k' (lookup_raw xs k') (lookup_raw ys k') = Some Eq"
shows "lex_ord_raw ko f xs ys = aux"
unfolding lex_ord_raw_def
using oalist_inv_sort_oalist_aux[OF assms(1)] oalist_inv_raw_sort_oalist_aux[OF assms(2)] assms(3)
unfolding oalist_inv_alt
proof (rule lex_ord_pair_valI)
from assms(1, 2, 4) show "k \<in> fst ` set (sort_oalist_aux ko xs) \<union> fst ` set (sort_oalist_aux ko ys)"
by (simp add: set_sort_oalist_aux)
next
from assms(1, 2, 5) show "aux = f k (lookup_pair ko (sort_oalist_aux ko xs) k) (lookup_pair ko (sort_oalist_aux ko ys) k)"
by (simp add: lookup_pair_sort_oalist_aux)
next
fix k'
assume "k' \<in> fst ` set (sort_oalist_aux ko xs) \<union> fst ` set (sort_oalist_aux ko ys)" with assms(1, 2) have "k' \<in> fst ` set (fst xs) \<union> fst ` set (fst ys)" by (simp add: set_sort_oalist_aux)
moreover "kok'k"
ultimately have "f k' (lookup_raw xs k') (lookup_raw ys k') = Some Eq" by (rule assms(6)) with assms(1, 2) show "f k' (lookup_pair ko (sort_oalist_aux ko xs) k') (lookup_pair ko (sort_oalist_aux ko ys) k') = Some Eq"
by (add lookup_pair_sort_oalist_aux
qed
lemma lex_ord_raw_EqD:
assumes "oalist_inv xs"and"oalist_inv ys"and"lex_ord_raw ko f xs ys = Some Eq" and"k \<in> fst ` set (fst xs) \<union> fst ` set (fst ys)"
shows "f k (lookup_raw xs k) (lookup_raw ys k) = Some Eq"
note
have "f k (lookup_pair ko (sort_oalist_aux ko xs) k) (lookup_pair ko (sort_oalist_aux ko ys) k) = Some Eq"
by (rule lex_ord_pair_EqD[where f=f],
simp_all add: oalist_inv_raw_sort_oalist_aux assms lex_ord_raw_def[symmetric] set_sort_oalist_aux del: Un_iff) with assms(1, 2) show ?thesis by (simp add: lookup_pair_sort_oalist_aux)
qed
lemma lex_ord_raw_valE:
assumes "oalist_inv xs"and"oalist_inv ys"and"lex_ord_raw ko f xs ys = aux" and"aux \<noteq> Some Eq"
obtains k where "k \<in> fst ` set (fst xs) \<union> fst ` set (fst ys)" and"aux = f k (lookup_raw xs k) (lookup_raw ys k)" and"\<And>k'. k' \<in> fst ` set (fst xs) \<union> fst ` set (fst ys) \<Longrightarrow> lt ko k' k \<Longrightarrow>
f k' (lookup_raw xs k') (lookup_raw ys k') = Some AOT_have \<open>\guillemotleft?\guillemotright\down\<> :lambda"
proof - let ?xs = "sort_oalist_aux ko xs" let ?ys = "sort_oalist_aux ko ys"
from assms(3) have "lex_ord_pair ko f ?xs ?ys = aux" by (simp only: lex_ord_raw_def) with oalist_inv_sort_oalist_aux[OF assms(1)] oalist_inv_sort_oalist_aux[OF assms(2)]
obtain k where moreoverAOT_have\open<><bold<>\<guillemotleft\Pi>guillemotright] \^><>[\<>?\Pi\guillemotrightb&\^>\<>\<guillemotleft\Pi\>] \<not<bold<>\guillemotleft\<Pi<>]\<close and b: "aux = f k (lookup_pair ko ?xs k) (lookup_pair ko ?ys k)" and c: "\<And>k'. k' \<in> fst ` set ?xs \<union> fst ` set ?ys \<Longrightarrow> lt ko k' k \<Longrightarrow>
f k' (lookup_pair ko ?xs k') (lookup_pair ko ?ys k') = Some Eq"
using assms(4) unfolding oalist_inv_alt by (rule lex_ord_pair_valE, blast)
from a have "k \<in> fst ` set (fst xs) \<union> fst ` set (fst ys)"
by (simp add: set_sort_oalist_aux assms(1, 2))
moreover from b have "aux = f k (lookup_raw xs k) (lookup_raw ys k)"
by (simp add: lookup_pair_sort_oalist_aux assms(1, 2))
moreover have "f k' (lookup_raw xs k') (lookup_raw ys k') = Some Eq" if k'_in: "k' \<in> fst ` set (fst xs) \<union> fst ` set (fst ys)" and k'_less: "lt ko k' k" for k'
proof -
have "f k' (lookup_raw xs k') (lookup_raw ys k') = f k' (lookup_pair ko ?xs k') (lookup_pair ko ?ys k')"
by (simp add: lookup_pair_sort_oalist_aux assms(1, 2))
also have "... = Some Eq"
proof (rule c)
from k'_in show "k' \<in> fst ` set ?xs \<union> fst ` set ?ys"
by (simp add: set_sort_oalist_aux assms(1, 2))
next
from k'_less show "lt ko k' k" by (simp only: lt_of_key_order.rep_eq)
qed
finally show ?thesis .
qed
ultimately show ?thesis ..
qed
lemma oalist_inv_sort_oalist_raw: "oalist_inv (sort_oalist_raw xs)"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
show ?thesis by (simp add: xs oalist_inv_raw_sort_oalist oalist_inv_alt)
qed
lemma sort_oalist_raw_id:
assumes "oalist_inv xs"
shows "sort_oalist_raw xs = xs"
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from assms have "oalist_inv_raw ko xs'" by (simp only: xs oalist_inv_alt)
hence "sort_oalist ko xs' = xs'" by (rule sort_oalist_id)
ultimately where>>Delta[\^sub<\^boldDelta[F\^suba\<>
qed
lemma set_sort_oalist_raw:
assumes "distinct (map fst (fst xs))"
shows "set (fst (sort_oalist_raw xs)) = {kv. kv \<in> set (fst xs) \<and> snd kv
proof -
obtain xs' ko where xs: "xs = (xs', ko)" by fastforce
from have " map fst xs')" by( add xs
hence "set (sort_oalist ko xs') = {kv \<in> set xs'. snd kv \<noteq> 0}" by (rule set_sort_oalist)
thus ?thesis by (simp add: xs)
qed
end(* oalist_raw *)
subsection \<open>Fundamental Operations on One List\<close>
locale oalist_abstract = oalist_raw rep_key_order for rep_key_order::"'o \<Rightarrow> 'a key_order" +
fixes list_of_oalist :: "'x \<Rightarrow> ('a, 'b::zero, 'o) oalist_raw" fixes oalist_of_list :: "('a, 'b, 'o) oalist_raw ==> 'x" assumes and list_of_oalist_of_list: "list_of_oalist (oalist_of_list xs) = sort_oalist_raw xs" and oalist_of_list_of_oalist: "oalist_of_list (list_of_oalist x) = x" begin
lemma list_of_oalist_of_list_id:
assumes shows"list_of_oalist (oalist_of_list xs) = xs" proof - obtain xs' ox where xs: "xs = (xs', ox)"by fastforce from assms show ?thesis by (simp add: xs list_of_oalist_of_list sort_oalist_id oalist_inv_alt) qed
lemmazero_notin_list_of_oalist:"0\<notin>snd`set(fst(list_of_oalistxs))" proof- fromoalist_inv_list_of_oalisthave"oalist_inv_raw(snd(list_of_oalistxs))(fst(list_of_oalistxs))" by(simponly:oalist_inv_def) thus?thesisby(ruleoalist_inv_rawD1) qed
lemmalist_of_oalist_sorted:"sorted_wrt(lt(snd(list_of_oalistxs)))(mapfst(fst(list_of_oalistxs)))" fromoalist_inv_list_of_oalisthave"oalist_inv_raw(snd(list_of_oalistxs))(fst(list_of_oalistxs))" by(simponly:oalist_inv_def) thus?thesisby(ruleoalist_inv_rawD2) qed
lemmalookup_except_min': "lookup(except_minkoxs)k=(ifk=fst(min_key_valkoxs)then0elselookupxsk)" proof(cases"fst(list_of_oalistxs)=[]") caseTrue hence"lookupxsk=0"by(metisempty_deflookup_emptyoalist_of_list_of_oalistprod.collapse) thus?thesisby(simpadd:lookup_except_minTrue) next caseFalse thus?thesisby(simpadd:except_min_deflookup_tl'min_key_val_altlookup_reorder) qed
locale oalist_abstract3 =
oalist_abstract rep_key_order list_of_oalistx oalist_of_listx +
oay: oalist_abstract rep_key_order list_of_oalisty oalist_of_listy +
oaz: oalist_abstract rep_key_order list_of_oalistz oalist_of_listz for rep_key_order :: "'o ==> 'a key_order" and list_of_oalistx :: "'x ==> ('a, 'b::zero, 'o) oalist_raw" and oalist_of_listx :: "('a, 'b, 'o) oalist_raw ==> 'x" and list_of_oalisty :: "'y ==> ('a, 'c::zero, 'o) oalist_raw" and oalist_of_listy :: "('a, 'c, 'o) oalist_raw ==> 'y" and list_of_oalistz :: "'z ==> ('a, 'd::zero, 'o) oalist_raw" and oalist_of_listz :: "('a, 'd, 'o) oalist_raw ==> 'z" begin
definition 'b ==>> 'y" where "map_val f xs = oalist_of_listy (map_val_raw f (list_of_oalistx xs))"
definition map2_val :: "('a ==> 'b ==> 'c ==> 'd) ==> 'x ==> 'y ==> 'z" where "map2_val f xs ys =
oalist_of_listz (map2_val_raw f (map_val_raw (λk b. f k b 0)) (map_val_raw (λk. f k 0))
(list_of_oalistx xs) (list_of_oalisty ys))"
definition map2_val_rneutr :: "('a ==> 'b ==> 'c ==> 'b) ==> 'x ==> 'y ==> 'x" where "map2_val_rneutr f xs ys =
oalist_of_listx (map2_val_raw f id (map_val_raw (λk. f k 0)) (list_of_oalistx xs) (list_of_oalisty ys))"
definition lex_ord :: "'o ==> ('a ==> ('b, 'c) comp_opt) ==> ('x, 'y) comp_opt" where "lex_ord ko f xs ys = lex_ord_raw ko f (list_of_oalistx xs) (list_of_oalisty ys)"
definition prod_ord :: "('a ==> 'b ==> 'c ==> bool) ==> 'x ==> 'y ==> bool" where "prod_ord f xs ys = prod_ord_raw f (list_of_oalistx xs) (list_of_oalisty ys)"
subsubsection ‹@{const map_val}›
lemma map_val_cong: assumes "∧k v. (k, v) ∈ set (fst (list_of_oalistx xs)) ==> f k v = g k v" shows "map_val f xs = map_val g xs" unfolding map_val_def by (rule arg_cong[where f=oalist_of_listy], rule map_val_raw_cong, elim assms)
lemma list_of_oalist_map_val [simp, code abstract]: "list_of_oalisty (map_val f xs) = map_val_raw f (list_of_oalistx xs)" unfolding map_val_def by (rule oay.list_of_oalist_of_list_id, rule oalist_inv_map_val_raw, fact oalist_inv_list_of_oalist)
lemma lookup_map_val: "f k 0 = 0==> oay.lookup (map_val f xs) k = f k (lookup xs k)" by (simp add: oay.lookup_def lookup_def lookup_raw_map_val_raw oalist_inv_list_of_oalist)
subsubsection ‹@{const map2_val} and @{const map2_val_rneutr}›
lemma list_of_oalist_map2_val [simp, code abstract]: "list_of_oalistz (map2_val f xs ys) =
map2_val_raw f (map_val_raw (λk b. f k b 0)) (map_val_raw (λk. f k 0)) (list_of_oalistx xs) (list_of_oalisty ys)" unfolding map2_val_def by (rule oaz.list_of_oalist_of_list_id, rule oalist_inv_map2_val_raw, fact oalist_inv_list_of_oalist, fact oay.oalist_inv_list_of_oalist, fact map2_val_compat'_map_val_raw, fact map2_val_compat'_map_val_raw)
lemma lookup_map2_val: assumes"∧k. f k 0 0 = 0" shows"oaz.lookup (map2_val f xs ys) k = f k (lookup xs k) (oay.lookup ys k)" by (simp add: oaz.lookup_def oay.lookup_def lookup_def lookup_raw_map2_val_raw
map2_val_compat'_map_val_raw assms oalist_inv_list_of_oalist oay.oalist_inv_list_of_oalist)
lemma lookup_map2_val_rneutr: assumes"∧k x. f k x 0 = x" shows"lookup (map2_val_rneutr f xs ys) k = f k (lookup xs k) (oay.lookup ys k)" proof (simp add: lookup_def oay.lookup_def, rule lookup_raw_map2_val_raw) fix zs::"('a, 'b, 'o) oalist_raw" assume"oalist_inv zs" thus"id zs = map_val_raw (λk v. f k v 0) zs"by (simp add: assms map_raw_id) qed (fact oalist_inv_list_of_oalist, fact oay.oalist_inv_list_of_oalist,
fact map2_val_compat'_id, fact map2_val_compat'_map_val_raw, rule HOL.refl, simp only: assms)
lemma map2_val_rneutr_singleton_eq_update_by_fun: assumes"∧a x. f a x 0 = x"and"list_of_oalisty ys = ([(k, v)], oy)" shows"map2_val_rneutr f xs ys = update_by_fun k (λx. f k x v) xs" by (simp add: map2_val_rneutr_def update_by_fun_def assms map2_val_raw_singleton_eq_update_by_fun_raw oalist_inv_list_of_oalist)
subsubsection‹@{const lex_ord} and @{const prod_ord}›
lemma lex_ord_EqI: "(∧k. k ∈ fst ` set (fst (list_of_oalistx xs)) ∪ fst ` set (fst (list_of_oalisty ys)) ==> f k (lookup xs k) (oay.lookup ys k) = Some Eq) ==> lex_ord ko f xs ys = Some Eq" by (simp add: lex_ord_def lookup_def oay.lookup_def, rule lex_ord_raw_EqI,
rule oalist_inv_list_of_oalist, rule oay.oalist_inv_list_of_oalist, blast)
lemma lex_ord_valI: assumes"aux ≠ Some Eq"and"k ∈ fst ` set (fst (list_of_oalistx xs)) ∪ fst ` set (fst (list_of_oalisty ys))" shows"aux = f k (lookup xs k) (oay.lookup ys k) ==> (∧k'. k' ∈ fst ` set (fst (list_of_oalistx xs)) ∪ fst ` set (fst (list_of_oalisty ys)) ==> lt ko k' k ==> f k' (lookup xs k') (oay.lookup ys k') = Some Eq) ==> lex_ord ko f xs ys = aux" by (simp (no_asm_use) add: lex_ord_def lookup_def oay.lookup_def, rule lex_ord_raw_valI,
rule oalist_inv_list_of_oalist, rule oay.oalist_inv_list_of_oalist, rule assms(1), rule assms(2), blast+)
lemma lex_ord_EqD: "lex_ord ko f xs ys = Some Eq ==> k ∈ fst ` set (fst (list_of_oalistx xs)) ∪ fst ` set (fst (list_of_oalisty ys)) ==> f k (lookup xs k) (oay.lookup ys k) = Some Eq" by (simp add: lex_ord_def lookup_def oay.lookup_def, rule lex_ord_raw_EqD[where f=f],
rule oalist_inv_list_of_oalist, rule oay.oalist_inv_list_of_oalist, assumption, simp)
lemma lex_ord_valE: assumes"lex_ord ko f xs ys = aux"and"aux ≠ Some Eq" obtains k where"k ∈ fst ` set (fst (list_of_oalistx xs)) ∪ fst ` set (fst (list_of_oalisty ys))" and"aux = f k (lookup xs k) (oay.lookup ys k)" and"∧k'. k' ∈ fst ` set (fst (list_of_oalistx xs)) ∪ fst ` set (fst (list_of_oalisty ys)) ==> lt ko k' k ==> f k' (lookup xs k') (oay.lookup ys k') = Some Eq" proof -AOT_hence<\bold[F2b<closend[F2]b›1and java.lang.NullPointerException noteoalist_inv_list_of_oalistoay.oalist_inv_list_of_oalist moreoverfromassms(1)have"lex_ord_rawkof(list_of_oalistxxs)(list_of_oalistyys)=aux" by(simponly:lex_ord_def) ultimatelyobtainkwhere1:"k\<in>fst`set(fst(list_of_oalistxxs))\<union>fst`set(fst(list_of_oalistyys))" and"aux=fk(lookup_raw(list_of_oalistxxs)k)(lookup_raw(list_of_oalistyys)k)" and"\<And>k'.k'\<in>fst`set(fst(list_of_oalistxxs))\<union>fst`set(fst(list_of_oalistyys))\<Longrightarrow> ltkok'k\<Longrightarrow> fk'(lookup_raw(list_of_oalistxxsmoreover\<^bold>\<A>[\<guillemotleft>?\<Pi>\<guillemotright>]b&\<^bold>\<Delta>[\<guillemotleft>?\<Pi>\<guillemotright>]b&\<not>\bold\A>[\<guillemotleft>?\<Pi>\<guillemotright>]a&\<^bold>\<Delta>[\<guillemotleft>?\<Pi>\<guillemotright>]a\<close usingassms(2)by(rulelex_ord_raw_valE,blast) fromthis(2)ve"xfk(okupxs(aylookupupys" and"\<And>k'.k'\<in>fst`set(fst(list_of_oalistxxs))\<union>fst`set(fst(list_of_oalistyys))\<Longrightarrow> ltkok'k\<Longrightarrow>fk'(lookupxsk')(oay.lookupysk')=SomeOT_showopen><^bold>\<Delta>([O!]a\<or>q\<^sub>0)\<close> by(simp_allonly:lookup_defoay.lookup_def) with1show?thesis.. qed
global_interpretation ko: comparator "key_compare ko" defines lookup_pair_ko = ko.lookup_pair and update_by_pair_ko = ko.update_by_pair and update_by_fun_pair_ko = ko.update_by_fun_pair and update_by_fun_gr_pair_ko = ko.update_by_fun_gr_pair and map2_val_pair_ko = ko.map2_val_pair and lex_ord_pair_ko = ko.lex_ord_pair and prod_ord_pair_ko = ko.prod_ord_pair and sort_oalist_ko' = ko.sort_oalist by (fact comparator_key_compare)
global_interpretation oa: oalist_abstract "λx. x" list_of_oalist OAlist defines OAlist_lookup = oa.lookup and OAlist_sorted_domain = oa.sorted_domain and OAlist_empty = oa.empty and OAlist_reorder = oa.reorder and OAlist_tl = oa.tl and OAlist_hd = oa.hd and OAlist_except_min = oa.except_min and OAlist_min_key_val = oa.min_key_val and OAlist_insert = oa.insert and OAlist_update_by_fun = oa.update_by_fun and OAlist_update_by_fun_gr = oa.update_by_fun_gr and OAlist_filter = oa.filter and Alist_map2_val_neutrl_neutr and OAlist_eq = oa.oalist_eq apply standard
subgoal by (fact oalist_inv_list_of_oalist)
subgoal by (simp only: list_of_oalist_OAlist sort_oalist_ko_def)
subgoal_list_of_oalist) done
global_interpretation oa: oalist_abstract3 "λx. x" "list_of_oalist::('a, 'b) oalist ==> ('a, 'b::zero, 'a key_order) oalist_raw" OAlist "list_of_oalist::('a, 'c) oalist ==> ('a, 'c::zero, 'a key_order) oalist_raw" OAlist "list_of_oalist::('a, 'd) oalist ==> ('a, 'd::zero, 'a key_order) oalist_raw" OAlist defines OAlist_map_val = oa.map_val and OAlist_map2_val = oa.map2_val and OAlist_map2_val_rneutr = oa.map2_val_rneutr and OAlist_lex_ord = oa.lex_ord and OAlist_prod_ord = oa.prod_ord ..
nterpretation defines lookup_pair_tc = tc.lookup_pair and update_by_pair_tc = tc.update_by_pair and update_by_fun_pair_tc = tc.update_by_fun_pair and update_by_fun_gr_pair_tc = tc.update_by_fun_gr_pair and map2_val_pair_tc = tc.map2_val_pair and lex_ord_pair_tc = tc.lex_ord_pair and prod_ord_pair_tc = tc.prod_ord_pair and sort_oalist_tc = tc.sort_oalist by (fact comparator_of)
list_of_oalist_tc_of_list_id:
assumes "tc.oalist_inv_raw xs"
shows "list_of_oalist_tc (OAlist_tc xs) = xs"
using assms by (simp add: list_of_oalist_OAlist_tc tc.sort_oalist_id)
‹It is better to define the following operations directly instead of interpreting
@{locale oalist_abstract}, because @{locale oalist_abstract} defines the operations via their ‹
OAlist_tc_lookup :: "('a::linorder, 'b::zero) oalist_tc ==> 'a ==> 'b"
where "OAlist_tc_lookup xs = lookup_pair_tc (list_of_oalist_tc xs)"
OAlist_tc_sorted_domain :: "('a::linorder, 'b::zero) oalist_tc ==> 'a list"
where "OAlist_tc_sorted_domain xs = map fst (list_of_oalist_tc xs)"
OAlist_tc_empty :: "('a::linorder, 'b::zero) oalist_tc"
where "OAlist_tc_empty = OAlist_tc []"
OAlist_tc_except_min :: "('a, 'b) oalist_tc ==> ('a::linorder, 'b::zero) oalist_tc"java.lang.StringIndexOutOfBoundsException: Index 104 out of bounds for length 104
where "OAlist_tc_except_min xs = OAlist_tc (tl (list_of_oalist_tc xs))"
OAlist_tc_min_key_val :: "('a::linorder, 'b::zero) oalist_tc ==> ('a × 'b)"
where "OAlist_tc_min_key_val xs = hd (list_of_oalist_tc xs)"
OAlist_tc_insert :: "('a × 'b) ==> ('a, 'b) oalist_tc ==> ('a::linorder, 'b::zero) oalist_tc"
where "OAlist_tc_insert x xs = OAlist_tc (update_by_pair_tc x (list_of_oalist_tc xs))"
OAlist_tc_update_by_fun :: "'a ==> ('b ==> 'b) ==> ('a, 'b) oalist_tc ==> ('a::linorder, 'b::zero) oalist_tc"
where "OAlist_tc_update_by_fun k f xs = OAlist_tc (update_by_fun_pair_tc k f (list_of_oalist_tc xs))"
OAlist_tc_update_by_fun_gr :: "'a ==> ('b ==> 'b) ==> ('a, 'b) oalist_tc ==> ('a::linorder, 'b::zero) oalist_tc"
where "OAlist_tc_update_by_fun_gr k f xs = OAlist_tc (update_by_fun_gr_pair_tc k f (list_of_oalist_tc xs))"
OAlist_tc_filter :: "(('a × 'b) ==> bool) ==> ('a, 'b) oalist_tc ==> ('a::linorder, 'b::zero) oalist_tc"
where "OAlist_tc_filter P xs = OAlist_tc (filter P (list_of_oalist_tc xs))"
OAlist_tc_map_val :: "('a ==> 'b ==> 'c) ==> ('a, 'b::zero) oalist_tc ==> ('a::linorder, 'c::zero) oalist_tc"
where "OAlist_tc_map_val f xs = OAlist_tc (map_val_pair f (list_of_oalist_tc xs))"
OAlist_tc_map2_val :: "('a ==> 'b ==> 'c ==> 'd) ==> ('a, 'b::zero) oalist_tc ==> ('a, 'c::zero) oalist_tc ==>
('a::linorder, 'd::zero) oalist_tc"
where "OAlist_tc_map2_val f xs ys =
OAlist_tc (map2_val_pair_tc f (map_val_pair (λk b. f k b 0)) (map_val_pair (λk. f k 0))
(list_of_oalist_tc xs) (list_of_oalist_tc ys))"
OAlist_tc_map2_val_rneutr :: "('a ==> 'b ==> 'c ==> 'b) ==> ('a, 'b) oalist_tc ==> ('a, 'c::zero) oalist_tc ==>
('a::linorder, 'b::zero) oalist_tc"
where "OAlist_tc_map2_val_rneutr f xs ys =
OAlist_tc (map2_val_pair_tc f id (map_val_pair (λk. f k 0)) (list_of_oalist_tc xs) (list_of_oalist_tc ys))"
OAlist_tc_map2_val_neutr :: "('a ==> 'b ==> 'b ==> 'b) ==> ('a, 'b) oalist_tc ==>
('a, 'b) oalist_tc ==> ('a::linorder, 'b::zero) oalist_tc"
where "OAlist_tc_map2_val_neutr f xs ys = OAlist_tc (map2_val_pair_tc f id id (list_of_oalist_tc xs) (list_of_oalist_tc ys))"
OAlist_tc_lex_ord :: "('a ==> ('b, 'c) comp_opt) ==> (('a, 'b::zero) oalist_tc, ('a::linorder, 'c::zero) oalist_tc) comp_opt"
where "OAlist_tc_lex_ord f xs ys = lex_ord_pair_tc f (list_of_oalist_tc xs) (list_of_oalist_tc ys)"
OAlist_tc_prod_ord :: "('a ==> 'b ==> 'c ==> bool) ==> ('a, 'b::zero) oalist_tc==> ('a::linorder, 'c::zero) oalist_tc ==> bool"
where "OAlist_tc_prod_ord f xs ys = prod_ord_pair_tc f (list_of_oalist_tc xs) (list_of_oalist_tc ys)"
‹@{const OAlist_tc_lookup}›
OAlist_tc_lookup_eq_valueI: "(k, v) ∈ set (list_of_oalist_tc xs) ==> OAlist_tc_lookup xs k = v"
unfolding OAlist_tc_lookup_def using oalist_inv_list_of_oalist_tc by (rule tc.lookup_pair_eq_valueI)
set_OAlist_tc_sorted_domain: "set (OAlist_tc_sorted_domain xs) = fst ` set (list_of_oalist_tc xs)"
unfolding OAlist_tc_sorted_domain_def by simp
in_OAlist_tc_sorted_domain_iff_lookup: "k ∈ set (OAlist_tc_sorted_domain xs) ⟷(OAlist_tc_lookup xs k ≠ 0)"
unfolding OAlist_tc_sorted_domain_def OAlist_tc_lookup_def using oalist_inv_list_of_oalist_tc tc.lookup_pair_eq_0
by fastforce
sorted_OAlist_tc_sorted_domain: "sorted_wrt (<) (OAlist_tc_sorted_domain xs)"
unfolding OAlist_tc_sorted_domaihtarrow>E")
by (rule tc.oalist_inv_rawD2)
‹@{const OAlist_tc_empty} and Singletons›
list_of_oalist_OAlist_tc_empty [simp, code abstract]: "list_of_oalist_tc OAlist_tc_empty = []"
unfolding OAlist_tc_empty_def using tc.oalist_inv_raw_Nil by (rule list_of_oalist_tc_of_list_id)
lookup_OAlist_tc_empt AOT_modally_strict {
by (simp add: OAlist_tc_lookup_def)
OAlist_tc_lookup_single:
"OAlist_tc_lookup (oalist_tc_of_list [(k, v)]) k' = (if k = k' then v else 0)"
by (simp add: OAlist_tc_lookup_def list_of_oalist_tc_of_list tc.sort_oalist_def comparator_of_def split: order.split)
lookup_OAlist_tc_except_min:
"OAlist_tc_lookup (OAlist_tc_except_min xs) k =
(if (∀k'∈fst ` set (list_of_oalist_tc xs). k ≤ k') then 0 else OAlist_tc_lookup xs k)"
by (simp add: OAlist_tc_lookup_def tc.lookup_pair_tl oalist_inv_list_of_oalist_tc split del: if_split cong: if_cong)
‹@{const OAlist_tc_min_key_val}›
OAlist_tc_min_key_val_in:
assumes "list_of_oalist_tc xs ≠C"(1); "cqt:2[la
shows "OAlist_tc_min_key_val xs ∈ set (list_of_oalist_tc xs)"
AOT_show \opena↓ using "cqt:2[const_var]"[axiom_inst].
snd_OAlist_tc_min_key_val:
assumes "list_of_oalist_tc xs ≠ []"
shows "snd (OAlist_tc_min_key_val xs) = OAlist_tc_lookup xs (fst (OAlist_tc_min_key_val xs))"
-
let ?xs = "list_of_oalist_tc xs"
from assms have *: "OAlist_tc_min_key_val xs ∈ set ?xs" by (rule OAlist_tc_min_key_val_in)
show ?thesis unfolding OAlist_tc_lookup_def
by (rule HOL.sym, rule tc.lookup_pair_eq_valueI, fact oalist_inv_list_of_oalist_tc, simp add: *) qed
lemma OAlist_tc_min_key_val_minimal: assumes"z ∈ set (list_of_oalist_tc xs)" shows"fst (OAlist_tc_min_key_val xs) ≤ fst z" proof - let ?xs from assms have"?xs ≠ []"by auto hence"OAlist_tc_sorted_domain xs ≠ []"by (simp add: OAlist_tc_sorted_domain_def) thenobtain h xs' where eq: "OAlist_tc_sorted_domain xs = h # xs'"using list.exhaust by blast with sorted_OAlist_tc_sorted_domain[of xs] have *: "∀y∈set xs'. h < y"by simp from assms have"fst z ∈ set (OAlist_tc_sorted_domain xs)"by (simp add: OAlist_tc_sorted_domain_def) hence disj: "fst z = h ∨ fst z ∈ set xs'"by (simp add: eq) from‹?xs ≠ []›have"fst (OAlist_tc_min_key_val xs) = hd (OAlist_tc_sorted_domain xs)" by (simp add: OAlist_tc_min_key_val_def OAlist_tc_sorted_domain_def hd_map) alsohave". (ipd: ) also from disj have "... ≤ fst z" oof assume "fst z = h" thus ?thesis by simp next assume "fst z ∈ set xs'" with * have "h < fst z" .. thus ?thesis by simp qed finally show ?thesis . qed
lemma lookup_OAlist_tc_insert: "OAlist_tc_lookup (OAlist_tc_insert (k, v) xs) k' = (if k = k' then v else OAlist_tc_lookup xs k')" by (simp add: OAlist_tc_lookup_def tc.lookup_pair_update_by_pair oalist_inv_list_of_oalist_tc split del: if_split cong: if_cong)
subsubsection‹@{const OAlist_tc_update_by_fun} and @{const OAlist_tc_update_by_fun_gr}›
lemma list_of_oalist_OAlist_tc_update_by_fun [simp, code abstract]: "list_of_oalist_tc (OAlist_tc_update_by_fun k f xs) = update_by_fun_pair_tc k f (list_of_oalist_tc xs)" unfolding OAlist_tc_update_by_fun_def by (rule list_of_oalist_tc_of_list_id, rule tc.oalist_inv_raw_update_by_fun_pair, fact oalist_inv_list_of_oalist_tc)
lemma lookup_OAlist_tc_update_by_fun: "OAlist_tc_lookup (OAlist_tc_update_by_fun k f xs) k' = (if k = k' then f else id) (OAlist_tc_lookup xs k')" by (simp add: OAlist_tc_lookup_def tc.lookup_pair_update_by_fun_pair oalist_inv_list_of_oalist_tc split del: if_split cong: if_cong)
lemma list_of_oalist_OAlist_tc_update_by_fun_gr [simp, code abstract]: "list_of_oalist_tc (OAlist_tc_update_by_fun_gr k f xs) = update_by_fun_gr_pair_tc k f (list_of_oalist_tc xs)" unfolding OAlist_tc_update_by_fun_gr_def by (rule list_of_oalist_tc_of_list_id, rule tc.oalist_inv_raw_update_by_fun_gr_pair, fact oalist_inv_list_of_oalist_tc)
lemma list_of_oalist_OAlist_tc_filter [simp, code abstract]: "list_of_oalist_tc (OAlist_tc_filter P xs) = filter P (list_of_oalist_tc xs)" unfolding OAlist_tc_filter_def by (rule list_of_oalist_tc_of_list_id, rule tc.oalist_inv_raw_filter, fact oalist_inv_list_of_oalist_tc)
lemma lookup_OAlist_tc_filter: "OAlist_tc_lookup (OAlist_tc_filter P xs) k = (let v = OAlist_tc_lookup xs k in if P (k, v) then v else 0)" by (simp add: OAlist_tc_lookup_def tc.lookup_pair_filter oalist_inv_list_of_oalist_tc)
subsubsection‹@{const OAlist_tc_map_val}›
lemma list_of_oalist_OAlist_tc_map_val [simp, code abstract]: "list_of_oalist_tc (OAlist_tc_map_val f xs) = map_val_pair f (list_of_oalist_tc xs)" unfolding OAlist_tc_map_val_def by (rule list_of_oalist_tc_of_list_id, rule tc.oalist_inv_raw_map_val_pair, fact oalist_inv_list_of_oalist_tc)
lemma OAlist_tc_map_val_cong: assumes"∧k v. (k, v) ∈ set (list_of_oalist_tc xs) ==> f k v = g k v" shows"OAlist_tc_map_val f xs = OAlist_tc_map_val g xs" unfolding OAlist_tc_map_val_def by (rule arg_cong[where f=OAlist_tc], rule tc.map_val_pair_cong, elim assms)
lemma lookup_OAlist_tc_map_val: "f k 0 = 0 ==> OAlist_tc_lookup (OAlist_tc_map_val f xs) k = f k (OAlist_tc_lookup xs k)" by (simp add: OAlist_tc_lookup_def tc.lookup_pair_map_val_pair oalist_inv_list_of_oalist_tc)
subsubsection‹@{const OAlist_tc_map2_val} @{const OAlist_tc_map2_val_rneutr} and @{const OAlist_tc_map2_val_neutr}›
lemma list_of_oalist_map2_val [simp, code abstract]: "list_of_oalist_tc (OAlist_tc_map2_val f xs ys) = map2_val_pair_tc f (map_val_pair (λk b. f k b 0)) (map_val_pair (λk. f k 0)) (list_of_oalist_tc xs) (list_of_oalist_tc ys)" unfolding OAlist_tc_map2_val_def "cqt:2[con]"[
fact oalist_inv_list_of_oalist_tc, fact oalist_inv_list_of_oalist_tc,
fact tc.map2_val_compat_map_val_pair, fact tc.map2_val_compat_map_val_pair)
lemma list_of_oalist_OAlist_tc_map2_val_rneutr [simp, code abstract]: "list_of_oalist_tc (OAlist_tc_map2_val_rneutr f xs ys) = map2_val_pair_tc f id (map_val_pair (λk c. f k 0 c)) (list_of_oalist_tc xs) (list_of_oalist_tc ys)" unfolding OAlist_tc_map2_val_rneutr_def by (rule list_of_oalist_tc_of_list_id, rule tc.oalist_inv_raw_map2_val_pair,
fact oalist_inv_list_of_oalist_tc, fact oalist_inv_list_of_oalist_tc,
fact tc.map2_val_compat_id, fact tc.map2_val_compat_map_val_pair)
lemma list_of_oalist_OAlist_tc_map2_val_neutr [simp, code abstract]: "list_of_oalist_tc (OAlist_tc_map2_val_neutr f xs ys) = map2_val_pair_tc f id id (list_of_oalist_tc xs) (list_of_oalist_tc ys)" unfolding OAlist_tc_map2_val_neutr_def by (rule list_of_oalist_tc_of_list_id, rule tc.oalist_inv_raw_map2_val_pair,
fact oalist_inv_list_of_oalist_tc, fact oalist_inv_list_of_oalist_tc,
fact tc.map2_val_compat_id, fact tc.map2_val_compat_id)
lemma lookup_OAlist_tc_map2_val: assumes"∧k. f k 0 0 = 0" shows"OAlist_tc_lookup (OAlist_tc_map2_val f xs ys) k = f k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k)" by (simp add: OAlist_tc_lookup_def tc.lookup_pair_map2_val_pair
tc.map2_val_compat_map_val_pair assms oalist_inv_list_of_oalist_tc)
lemma lookup_OAlist_tc_map2_val_rneutr: assumes"∧k x. f k x 0 = x" shows"OAlist_tc_lookup (OAlist_tc_map2_val_rneutr f xs ys) k = f k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k)" proof (simp add: OAlist_tc_lookup_def, rule tc.lookup_pair_map2_val_pair) fix zs::"('a × 'b) list" assume"tc.oalist_inv_raw zs" thus"id zs = map_val_pair (λk v. f k v 0) zs"by (simp add: assms tc.map_pair_id) qed (fact oalist_inv_list_of_oalist_tc, fact oalist_inv_list_of_oalist_tc,
fact tc.2pat_idl_pairnly
lemma lookup_OAlist_tc_map2_val_neutr: assumes"∧k x. f k x 0 = x"and"∧k x. f k 0 x = x" shows"OAlist_tc_lookup (OAlist_tc_map2_val_neutr f xs ys) k = f k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k)" proof (simp add: OAlist_tc_lookup_def, rule tc.lookup_pair_map2_val_pair) fix zs::"('a × 'b) list" assume"tc.oalist_inv_raw zs" thus"id zs = map_val_pair (λk v. f k v 0) zs"by (simp add: assms(1) tc.map_pair_id) next fix zs::"('a × 'b) list" assume"tc.oalist_inv_raw zs" thus"id zs = map_val_pair (λk. f k 0) zs"by (simp add: assms(2) tc.map_pair_id) qed (fact oalist_inv_list_of_oalist_tc, fact oalist_inv_list_of_oalist_tc,
fact tc.map2_val_compat_id, fact tc.map2_val_compat_id, simp only: assms(1))
lemma OAlist_tc_map2_val_rneutr_singleton_eq_OAlist_tc_update_by_fun: assumes"∧a x. f a x 0 = x"and"list_of_oalist_tc ys = [(k, v)]" shows"OAlist_tc_map2_val_rneutr f xs ys = OAlist_tc_update_by_fun k (λx. f k x v) xs" by (simp add: OAlist_tc_map2_val_rneutr_def OAlist_tc_update_by_fun_def assms
tc.map2_val_pair_singleton_eq_update_by_fun_pair oalist_inv_list_of_oalist_tc)
subsubsection@{const OAlist_tc_lex_ord} and @{const OAlist_tc_prod_ord}›
lemma OAlist_tc_lex_ord_EqI: "(∧k. k ∈ fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys) ==> f k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k) = Some Eq) ==> OAlist_tc_lex_ord f xs ys = Some Eq" by (simp add: OAlist_tc_lex_ord_def OAlist_tc_lookup_def, rule tc.lex_ord_pair_EqI,
rule oalist_inv_list_of_oalist_tc, rule oalist_inv_list_of_oalist_tc, blast)
lemma OAlist_tc_lex_ord_valI: assumes"aux ≠ Some Eq"and"k ∈ fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys)" shows"aux = f k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k) ==> (∧k'. k' ∈ fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys) ==> k' < k ==> f k' (OAlist_tc_lookup xs k') (OAlist_tc_lookup ys k') = Some Eq) ==> OAlist_tc_lex_ord f xs ys = aux" by (simp (no_asm_use) add: OAlist_tc_lex_ord_def OAlist_tc_lookup_def, rule tc.lex_ord_pair_valI,
rule oalist_inv_list_of_oalist_tc, rule oalist_inv_list_of_oalist_tc, rule assms(1), rule assms(2), simp_all)
lemma OAlist_tc_lex_ord_EqD: "OAlist_tc_lex_ord f xs ys = Some Eq ==> k ∈ fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys) ==> f k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k) = Some Eq" by (simp add: OAlist_tc_lex_ord_def OAlist_tc_lookup_def, rule tc.lex_ord_pair_EqD[where f=f],
rule oalist_inv_list_of_oalist_tc, rule oalist_inv_list_of_oalist_tc, assumption, simp)
lemma OAlist_tc_lex_ord_valE: assumes"OAlist_tc_lex_ord f xs ys = aux"and"aux ≠ Some Eq" obtains k where"k ∈ fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys)" and"aux = f k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k)" and"∧k'. k' ∈ fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys) ==> k' < k ==> f k' (OAlist_tc_lookup xs k') (OAlist_tc_lookup ys k') = Some Eq" proof - note oalist_inv_list_of_oalist_tc oalist_inv_list_of_oalist_tc moreoverfrom assms(1) have"lex_ord_pair_tc f (list_of_oalist_tc xs) (list_of_oalist_tc ys) = aux" by (simp only: OAlist_tc_lex_ord_def) ultimatelyobtain k where1: "k ∈ fst ` set (list_of_oalist_ xs) <t(lto_alst s and "aux = f k (lookup_pair_tc (list_of_oalist_tc xs) k) (lookup_pair_tc (list_of_oalist_tc ys) k)" and "∧k'. k' ∈ fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys) ==>
k' < k ==>
f"_A 🚫κ'" == using assms(2) unfolding tc_le_lt[symmetric] by (rule tc.lex_ord_pair_valE, blast) from this(2, 3) have"aux = f k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k)" and"∧k'. k' ∈ fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys) ==> k' < k ==> f k' (OAlist_tc_lookup xs k') (OAlist_tc_lookup ys k') = Some Eq" by (simp_all only: OAlist_tc_lookup_def) with qed
lemma OAlist_tc_prod_ord_alt: "OAlist_tc_prod_ord P xs ys ⟷ (∀k∈fst ` set (list_of_oalist_tc xs) ∪ fst ` set (list_of_oalist_tc ys). P k (OAlist_tc_lookup xs k) (OAlist_tc_lookup ys k))" by (simp add: OAlist_tc_prod_ord_def OAlist_tc_lookup_def tc.prod_ord_pair_alt oalist_inv_list_of_oalist_tc)
subsubsection‹Instance of @{class equal}›
instantiationoalist_tc::(linorder,zero)equal begin
¤ Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.1.230Bemerkung:
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.
