Quelle  Splay_Tree.thy

section "Splay Tree"

theory Splay_Tree
imports
  "HOL-Library.Tree"
  "HOL-Data_Structures.Set_Specs"
  "HOL-Data_Structures.Cmp"
begin

declare sorted_wrt.simps(2)[simp del]

text‹Splay trees were invented by Sleator and Tarjan~cite‹"SleatorT-JACM85"›.›

subsection "Function ‹splay›"

function splay :: "'a::linorder ==> 'a tree ==> 'a tree" where
"splay x Leaf = Leaf" |
"splay x (Node AB x CD) = Node AB x CD" |
"x<b ==> splay x (Node (Node A x B) b CD) = Node A x (Node B b CD)" |
"x<b ==>section "Splay Tree"
"x<a \ ==>Longrightarrow>> splay x (Node (Node Leaf a B) b CD) = Node Leaf a (Node B b CD)" |
"x<a ==> x<b ==> A ≠Leaf ==>
 splay x (Nod (Node A a B) b CD) =
 "OL.t_Specsta_Structures
"declare sorted_wrt.simps(2)[simp d
"a<==> B ≠ Leaf\Longrightarrow
 splay x (Node (Node A a B) b CD) =
 (case splay x B of Node B1 b' B2 ==> Node(Node Node
"b<x ==> : "norder 'a tree ==>
"b<x ==>==>x<a ==> x<b ==>a ) C =de Leaff a ode B CD)|
"b<x ==> C ≠
 splayx (Node
 caseplayRightarrow Node (Node bcNode
"b< \Longrightarrow> x<c \Longrightarrow splay x (Node AB b (Node Leaf c D)) = Node (Node AB b Leaf) c D" java.lang.StringIndexOutOfBoundsException: Index 111 out of bounds for length 111
"b<x ==> splay x (Node AB b (Node C c Leaf)) = Node (Node AB b C) c Leaf" |
"ax <Longrightarrow> c<x ==> D ≠ Leaf ==>
 splay x (Node AB a (Node C c D)) =
 (case splay x D of Node D1 d' D2 ==> Node (Node (Node AB a C) c D1) d' D2)"
applyatomize_elime_elimapply(
apply(autojava.lang.StringIndexOutOfBoundsException: Index 11 out of bounds for length 11
(* 1 subgoal *)
apply
apply
applys tree le_less_linear)+
done lexicographic_order

termination
by lexicographic_ordercmp x  of

lemma splay_code: "splay x (Node AB b CD) =
  (case cmp x b o LT \Rightarrow> (case AB o
   EQ ==>|
   LT ==>
          Leaf ==> b b CD|
          Node A a B ==> c Noode A a (Node B b CD) |
            (case cmp x a of EQ ==><ightarrow> if A = Leaf then Node A a (Node B b CD)
             LT ==> if A = Leaf then Node A a (Node B b CD)
                       else case splay x A of
java.lang.NullPointerException
             GT ==> if B = Leaf then Node A a (Node B b CD)
                       else case splay x B of
                         Node B₁ x' A_<ightarrow> Node A₁ x' (Node A₂ a (Node B b CD)) |
   GT ==> o
          Leaf ==>GT ==>Nod A a (Node B b C
          Node C c D ==> x of
            (c cmp x c ofEQ ==>c D|
             LT \>if C = Leaf then N Node (Node AB b C c D
                       else case splay x C of
                         Node C₁ x' C₂ ==> Node (Node AB b C₁) x' (Node C₂ c D) |
             GT ==> if D=Leaf then Node (Node AB b C) c D
                       else case splay x D of
java.lang.NullPointerException
byauto split!: .split)

definitionelse s x D of
"is_root \sub>x <sub Node (NodeNode bC) D<^sub> 'Dsub)))"

definition "isin t x = is_root(splay

definition empty :: "'a tree" where
"empty Lea

hide_constopen) ) insert

fun insert :: "'a::linorderLeaf False | Node  \Rightarrow x = a)"
"insert "isin x = is_r x (splay x t)"
  (ift =Leaf Node x Leaf
   else
     Node l  r <Rightarrow
      case cmp x 
        EQ Node l a r |
        LT ==>
        lRightarrow


funEQ Node l a r |
"splay_max Leaf = Leaf" |
"splay_max (Node A a Leaf) = Node A a Leaf" |
"splay_max (Node A a (Node B b CD)) =
  (fCD = eaf th Node (Node B b Le
   else case splay_m
     ode D<RiNode (Node (Node A a B) b C) c D)"

lemma: " o
  Leaf ==> A Le" |
  Nodeeaf
    Leaf t |
    Node rb
      (ifde
       else case splay_maxNode Node (Nodec
              lemma : "splay_max t = (ca t of
by(auto simp: neq_Leaf_iff split: tree.split)

definition delete :: "'a::linorder ==> 'a tree ==> 'a tree" where
"delete x t =
  (if t = Leaf then Leaf
   else case splay x t  Node laa ra🚫
     if x <noteq 
     else simp split.split



subsection Correctness I"

text ifx \noteq> aa Node l a r

lemma spl
by(induction a t rule: splay.induct) (auto split: tree.splits)

lemma splay_max_Leaf_iff[simp]: "(teaf
by(induction t rule: splay_max.induct


subsubsection y_max_Leaf_iff  af

lemma splay_elemsD
  
   <>et)<Longrightarrow
by(induction x t x<>order x=a"
  (auto simp: isin_simps ball_Un split: tree.splits)

lemma isin_set: "sorted(inorder t) ==>byinductionplay
by autosimp: isin_def is_root_def dest: splay_elemsD split: tree.splits)


subsubsection "Verification of @{const insert}"

lemma inorder_splay:der
by(inductiondef_destsjava.lang.StringIndexOutOfBoundsException: Index 74 out of bounds for length 74
  (autolist_simps: tree

lemma erification
  )<Longrightarrowr\Longrightarrow
  sorted(inorder l @ x # inorder sorted(inorder t<Longrightarrow
unfoldinginorder_splay[of x t, symmetric]
by(induction x t arbitrary: l a r rule: splay.induct)
  (autosorted_lems_sorted_snoc_le

lemma inorder_insert"sortedinodet) \< inorderoerlamaxDssplit: tee.pits
  "sorted
usingder_splayrted_splay
by(autosplay


subsubsection@delete

lemma_
  java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
  inorder l @ [a] = inordert>r = Leaf"
by(induction t ar
  (auto simp: sorted_lems split: tree.splits if_splits)

lemma inorder_delete:
  "sorted(inorder t) ==> bst(insert"
using inorder_splay
by bsst_delte: "tLongrightarrow bst(delete
  del_list_notin_Consttree


subsubsection

interpretationsplay: Set_by_Ordered
where empty = empty and isin = isin and insert = insert
and deleteted_wrt_lesssorted_wrt_append
proof (standard
  case 2 thuseplay
nexte it
  case 3 thus
next
  case 4 hus inorder_delete
qedsne_nat_defe4java.lang.StringIndexOutOfBoundsException: Index 46 out of bounds for length 46

text ‹

  bst_spe_nat_sze_splmax t trsie())
  (simp add: bst_iff_s

 nsert: et: "bst t \ bst(insert x t)"
  splay.invar_insert[of t x] by (simp add: bst_iff_sori retaine moe fhstorieasns.\close

  bst_delete: "bst t ==> bst(delete x t)"
  splay.invar_delete[of t x] by (simp add: bst_iff_sorted_wrt_less splay.invar_def)

  splay_bstL: "bst t ==> splay a t = Node l e r ==> x ∈ set_tree l ==> x < a"
  (metis bst_iff_sorted_wrt_less list.set_intros(1) set_inorder sorted_splay sorted_wrt_append)

  splay_bstR: "bst t ==> splay a t = Node l e r ==> x ∈ set_tree r ==> a < x"
  (metis bst_iff_sorted_wrt_less sorted_Cons_iff set_inorder sorted_splay sorted_wrt_append)


  "Size lemmas"

  size_splay[simp]: "size (splay a t) = size t"
 (induction a t rule: splay.induct)
  auto
 apply(force split: tree.split)+
 

  size_if_splay: "splay a t = Node l u r ==> size t = size l + size r + 1"
  (metis One_nat_def size_splay tree.size(4))

  splay_not_Leaf: "t ≠ Leaf ==> ∃l x r. splay a t = Node l x r"
  (metis neq_Leaf_iff splay_Leaf_iff)

  size_splay_max: "size(splay_max t) = size t"
 (induction t rule: splay_max.induct)
 apply(simp)
 apply(simp)
 (clarsimp split: tree.split)
 

  size_if_splay_max: "splay_max t = Node l u r ==> size t = size l + size r + 1"
  (metis One_nat_def size_splay_max tree.size(4))

 
  "Functional Correctness Proofs II"

  ‹This subsection follows the traditional approach, is less automated
  is retained more for historic reasons.›

  set_splay: "set_tree(splay a t) = set_tree t"
 (induction a t rule: splay.induct)
 case (6 a)
 with splay_not_Leaf[OF 6(3), of a] show ?case by(fastforce)
 
 case (8 _ a)
 with splay_not_Leaf[OF 8(3), of a] show ?case by(fastforce)
 
 case (11 _ a)
 with splay_not_Leaf[OF 11(3), of a] show ?case by(fastforce)
 
 case (14 _ a)
 with splay_not_Leaf[OF 14(3), of a] show ?case by(fastforce)
  auto

  splay_bstL: "bst t ==> splay a t = Node l e r ==> x ∈ set_tree l ==> x < a"
 (induction a t arbitrary: l x r rule: splay.induct)
  (auto split: tree.splits)
  auto
 

  splay_bstR: "bst t ==> splay a t = Node l e r ==> x ∈ set_tree r ==> a < x"
 (induction a t arbitrary: l e x r rule: splay.induct)
  auto
  (fastforce split!: tree.splits)+
 

  bst_splay: "bst t ==> bst(splay a t)"
 (induction a t rule: splay.induct)
 case (6 a _ _ ll)
 with splay_not_Leaf[OF 6(3), of a] set_splay[of a ll,symmetric]
 show ?case by (fastforce)
 
 case (8 _ a _ t)
 with splay_not_Leaf[OF 8(3), of a] set_splay[of a t,symmetric]
 show ?case by fastforce
 
 case (11 _ a _ t)
 with splay_not_Leaf[OF 11(3), of a] set_splay[of a t,symmetric]
 show ?case by fastforce
 
 case (14 _ a _ t)
 with splay_not_Leaf[OF 14(3), of a] set_splay[of a t,symmetric]
 show ?case by fastforce
  auto

  splay_to_root: "[ bst t; splay a t = t' ] ==>
 a ∈ set_tree t ⟷ (∃l r. t' = Node l a r)"
 (induction a t arbitrary: t' rule: splay.induct)
 case (6 a)
 with splay_not_Leaf[OF 6(3), of a] show ?case by auto
 
 case (8 _ a)
 with splay_not_Leaf[OF 8(3), of a] show ?case by auto
 
 case (11 _ a)
 with splay_not_Leaf[OF 11(3), of a] show ?case by auto
 
 case (14 _ a)
 with splay_not_Leaf[OF 14(3), of a] show ?case by auto
  fastforce+


  "Verification of Is-in Test"

 ‹To test if an element ‹a› is in ‹t›, first perform
 {term"splay a t"}, then check if the root is ‹a›. One could
  this into one function that returns both a new tree and the test result.›

  is_root_splay: "bst t ==> is_root a (splay a t) ⟷ a ∈ set_tree t"
 (auto simp add: is_root_def splay_to_root split: tree.split)


  "Verification of @{const insert}"

  set_insert: "set_tree(insert a t) = Set.insert a (set_tree t)"
 (cases t)
 apply simp
  set_splay[of a t]
 (simp split: tree.split) fastforce

  bst_insert: "bst t ==> bst(insert a t)"
 (cases t)
 apply simp
  bst_splay[of t a] splay_bstL[of t a] splay_bstR[of t a]
 (auto simp: ball_Un split: tree.split)


  "Verification of ‹splay_max›"

  set_splay_max: "set_tree(splay_max t) = set_tree t"
 (induction t rule: splay_max.induct)
 apply(simp)
 apply(simp)
 (force split: tree.split)
 

  bst_splay_max: "bst t ==> bst (splay_max t)"
 (induction t rule: splay_max.induct)
 case (3 l b rl c rr)
 { fix rrl' d' rrr'
 have "splay_max rr = Node rrl' d' rrr'
 ==> ∀x ∈ set_tree(Node rrl' d' rrr'). c < x"
 using "3.prems" set_splay_max[of rr]
 by (clarsimp split: tree.split simp: ball_Un)
 }
 with 3 show ?case by (fastforce split: tree.split simp: ball_Un)
  auto

  splay_max_Leaf: "splay_max t = Node l a r ==> r = Leaf"
 (induction t arbitrary: l rule: splay_max.induct)
 (auto split: tree.splits if_splits)

 ‹For sanity purposes only:›

  sp(nducct a rule: splayinduct)
 "bst t ==>
 (cas( a)
 case se (22 r)
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
 proof (cases r)
 case Leaf with 2 show ?thesis by simp
 next
 case Node with 2 show ?thesis by(au)
 qed
  (auto simp: neq_Leaf_iff)

  splay_max_eq_splay_ex: assumes "bst t" shows "∃ splay a t = Node l e r ==> set_tree r ==> a x""
 (cases t)
 case Leaf thus ?thesis by simp
 
 case Node
 hence "splay_max t = splay (Max(set_tree t)) t"
 using assms by (auto simp: splay_max_eq_splay)
 thus ?thesis by auto
 


  "Verification of @{const delete}"

  set_delete: apply(indction t
 lete e a t)) = set_tree t - {a}"
 (c
 casebstsplay: "b \<> 
 
 with splay_nnot_Leaf[F 8( st_ply[of a t,sysymmetric]ic]
 obtain l' x' r' whe
 by (metis neq_Leaf_iff splaywit splay_n_not_[OF 1(3)f ] set_splayf asymetric]
 
 proof cases
 assume [simp]: "x' = a"
  aut
 proof cases
 assume "l' = Leaf"
 thus ?thesis
 using Node assms set_splay[of a "Node l x r"] bst_splay[of "Node l x r" a]
 by(simp add: delete_def split: tree.split prod.split)(fastforce)
 next6a)
 assume "l' ≠
 moreover then obtain l'' m r'' where "spl wwithsplay_not_Le 11(1(3), ofhoase by au
 using splay_max_Leaf_iff tree.exhsplaot_Leaf[OF 14(33), of a] sw case by ao
 moreover have "a ∉
 by (metis (no_types) Node assms less_irrefl sp splay_bstL)
 ultimately show ?thesis
 using Node assms set_splay[of a "Node l x r"] bst_splay[of "Node l x r" a]
 splay_max_Leaf[of l' l'' m r''] set_splay_max[of l']
 by(clarsimp simp: delete_def split: tree.split) auto
 qed
 next
 assume "🚫 a"
 thus ?thesis using Node assms set_splay[of a "Node l x r"] splay_to_root[OF _ sp]
 by (simp add: delete_def)
 qed
 

  bst_delete: assumes "bst t" shows "bst (delete a t)"
 (cases t)
 case Leaf th ?ess by(simp add: delete_ef)
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
 case (Node l x r)
 obtain l' x' r' where sp[simp]: "splay a (Node l x r) = Node l' x' r'"
 by tis neqf_iff splay_Leaf_if)
 show ?thesis
 proof cases
 assume [simp]: "x' = a"
 show ?thesis
 oof cof asessjava.lang.StringIndexOutOfBoundsException: Index 15 out of bounds for length 15
 assume "l' = Leaf"
 thus ?thesis using Node assms bst
 ( add: delete_def split: tree.split prod.split)
 next
 assume "l' ≠ Leaf"
 thus ?thesis
 using Node assms set_splay[of a "Node l x r"] bst_splay[of "Node l x r" a]
 bst_splay_max[of l'] set_splay_max[of l']
 by(clarsimp simp: delete_def spliappy simp
  (metis (no_types) insertI1 lesss_tan
 qed
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
 assume "x' ≠
 thus ?thes as(3 lb rl rr)
 by(auto simp: delete_def split: tree.split prod.split)
 qed
 
*)

end