header {* Miscellaneous Definitions and Lemmas *}
theory Misc
imports Main "~~/src/HOL/Library/Multiset" "~~/src/HOL/ex/Quicksort"
begin
text_raw {*\label{thy:Misc}*}
text {* Here we provide a collection of miscellaneous definitions and helper lemmas *}
subsection "Miscellaneous (1)"
text {* This stuff is used in this theory itself, and thus occurs in first place or is simply not sorted into any other section of this theory. *}
subsubsection "AC-operators"
text {* Locale to declare AC-laws as simplification rules *}
locale Assoc =
fixes f
assumes assoc[simp]: "f (f x y) z = f x (f y z)"
locale AC = Assoc +
assumes commute[simp]: "f x y = f y x"
lemma (in AC) left_commute[simp]: "f x (f y z) = f y (f x z)"
by (simp only: assoc[symmetric]) simp
lemmas (in AC) AC_simps = commute assoc left_commute
text {* Locale to define functions from surjective, unique relations *}
locale su_rel_fun =
fixes F and f
assumes unique: "[|(A,B)∈F; (A,B')∈F|] ==> B=B'"
assumes surjective: "[|!!B. (A,B)∈F ==> P|] ==> P"
assumes f_def: "f A == THE B. (A,B)∈F"
lemma (in su_rel_fun) repr1: "(A,f A)∈F" proof (unfold f_def)
obtain B where "(A,B)∈F" by (rule surjective)
with theI[where P="λB. (A,B)∈F", OF this] show "(A, THE x. (A, x) ∈ F) ∈ F" by (blast intro: unique)
qed
lemma (in su_rel_fun) repr2: "(A,B)∈F ==> B=f A" using repr1
by (blast intro: unique)
lemma (in su_rel_fun) repr: "(f A = B) = ((A,B)∈F)" using repr1 repr2
by (blast)
lemma set_pair_flt_false[simp]: "{ (a,b). False } = {}"
by simp
-- "Contract quantification over two variables to pair"
lemma Ex_prod_contract: "(∃a b. P a b) <-> (∃z. P (fst z) (snd z))"
by auto
lemma All_prod_contract: "(∀a b. P a b) <-> (∀z. P (fst z) (snd z))"
by auto
lemma nat_geq_1_eq_neqz: "x≥1 <-> x≠(0::nat)"
by auto
lemma if_not_swap[simp]: "(if ¬c then a else b) = (if c then b else a)" by auto
subsection {* Sets *}
lemma subset_minus_empty: "A⊆B ==> A-B = {}" by auto
lemma set_notEmptyE: "[|S≠{}; !!x. x∈S ==> P|] ==> P"
by (metis equals0I)
lemma setsum_subset_split: assumes P: "finite A" "B⊆A" shows T: "setsum f A = setsum f (A-B) + setsum f B" proof -
from P have 1: "A = (A-B) ∪ B" by auto
have 2: "(A-B) ∩ B = {}" by auto
from P have 3: "finite B" by (blast intro: finite_subset)
from P have 4: "finite (A-B)" by simp
from 2 3 4 setsum_Un_disjoint have "setsum f ((A-B) ∪ B) = setsum f (A-B) + setsum f B" by blast
with 1 show ?thesis by simp
qed
lemma disjoint_mono: "[| a⊆a'; b⊆b'; a'∩b'={} |] ==> a∩b={}" by auto
lemma disjoint_alt_simp1: "A-B = A <-> A∩B = {}" by auto
lemma disjoint_alt_simp2: "A-B ≠ A <-> A∩B ≠ {}" by auto
lemma disjoint_alt_simp3: "A-B ⊂ A <-> A∩B ≠ {}" by auto
lemmas set_simps = subset_minus_empty disjoint_alt_simp1 disjoint_alt_simp2 disjoint_alt_simp3 Un_absorb1 Un_absorb2
lemma set_minus_singleton_eq: "x∉X ==> X-{x} = X"
by auto
lemma set_diff_diff_left: "A-B-C = A-(B∪C)"
by auto
lemma image_update[simp]: "x∉A ==> f(x:=n)`A = f`A"
by auto
lemma set_union_code [code_unfold]:
"set xs ∪ set ys = set (xs @ ys)"
by auto
subsubsection {* Finite Sets *}
lemma card_1_singletonI: "[|finite S; card S = 1; x∈S|] ==> S={x}"
proof (safe, rule ccontr)
case (goal1 x')
hence "finite (S-{x})" "S-{x} ≠ {}" by auto
hence "card (S-{x}) ≠ 0" by auto
moreover from goal1(1-3) have "card (S-{x}) = 0" by auto
ultimately have False by simp
thus ?case ..
qed
lemma card_insert_disjoint': "[|finite A; x ∉ A|] ==> card (insert x A) - Suc 0 = card A"
by (drule (1) card_insert_disjoint) auto
lemma card_eq_UNIV[simp]: "card (S::'a::finite set) = card (UNIV::'a set) <-> S=UNIV"
proof (auto)
fix x
assume A: "card S = card (UNIV::'a set)"
show "x∈S" proof (rule ccontr)
assume "x∉S" hence "S⊂UNIV" by auto
with psubset_card_mono[of UNIV S] have "card S < card (UNIV::'a set)" by auto
with A show False by simp
qed
qed
lemma card_eq_UNIV2[simp]: "card (UNIV::'a set) = card (S::'a::finite set) <-> S=UNIV"
using card_eq_UNIV[of S] by metis
lemma card_ge_UNIV[simp]: "card (UNIV::'a::finite set) ≤ card (S::'a set) <-> S=UNIV"
using card_mono[of "UNIV::'a::finite set" S, simplified]
by auto
lemmas length_remdups_card = length_remdups_concat[of "[l]", simplified] for l
lemma fs_contract: "fst ` { p | p. f (fst p) (snd p) ∈ S } = { a . ∃b. f a b ∈ S }"
by (simp add: image_Collect)
lemma finite_Collect:
assumes fin: "finite S" and inj: "inj f"
shows "finite {a. f a : S}"
proof -
def S' == "S ∩ range f"
hence "{a. f a : S} = {a. f a : S'}" by auto
also have "... = (inv f) ` S'"
proof
show "{a. f a : S'} <= inv f ` S'"
using inj by(force intro: image_eqI)
show "inv f ` S' <= {a. f a : S'}"
proof
fix x
assume "x : inv f ` S'"
then obtain y where "y : S'" "x = inv f y" by blast
moreover from `y : S'` obtain x' where "f x' = y"
unfolding S'_def by blast
hence "f (inv f y) = y" unfolding inv_def by(rule someI)
ultimately show "x : {a. f a : S'}" by simp
qed
qed
also have "finite S'" using fin unfolding S'_def by blast
ultimately show ?thesis by simp
qed
-- "Finite sets have an injective mapping to an initial segments of the
natural numbers"
lemma finite_imp_inj_to_nat_seg':
fixes A :: "'a set"
assumes A: "finite A"
obtains f::"'a => nat" and n::"nat" where
"f`A = {i. i<n}"
"inj_on f A"
by (metis A finite_imp_inj_to_nat_seg)
lemma lists_of_len_fin1: "finite P ==> finite (lists P ∩ { l. length l = n })"
proof (induct n)
case 0 thus ?case by auto
next
case (Suc n)
have "lists P ∩ { l. length l = Suc n }
= (λ(a,l). a#l) ` (P × (lists P ∩ {l. length l = n}))"
apply auto
apply (case_tac x)
apply auto
done
moreover from Suc have "finite …" by auto
ultimately show ?case by simp
qed
lemma lists_of_len_fin2: "finite P ==> finite (lists P ∩ { l. n = length l })"
proof -
assume A: "finite P"
have S: "{ l. n = length l } = { l. length l = n }" by auto
have "finite (lists P ∩ { l. n = length l })
<-> finite (lists P ∩ { l. length l = n })"
by (subst S) simp
thus ?thesis using lists_of_len_fin1[OF A] by auto
qed
lemmas lists_of_len_fin = lists_of_len_fin1 lists_of_len_fin2
lemmas cset_fin_simps = Ex_prod_contract fs_contract[symmetric] image_Collect[symmetric]
lemmas cset_fin_intros = finite_imageI finite_Collect inj_onI
subsection {* Functions *}
definition "inv_on f A x == SOME y. y∈A ∧ f y = x"
lemma inv_on_f_f[simp]: "[|inj_on f A; x∈A|] ==> inv_on f A (f x) = x"
by (auto simp add: inv_on_def inj_on_def)
lemma f_inv_on_f: "[| y∈f`A |] ==> f (inv_on f A y) = y"
by (auto simp add: inv_on_def intro: someI2)
lemma inv_on_f_range: "[| y ∈ f`A |] ==> inv_on f A y ∈ A"
by (auto simp add: inv_on_def intro: someI2)
lemma inj_on_map_inv_f [simp]: "[|set l ⊆ A; inj_on f A|] ==> map (inv_on f A) (map f l) = l"
apply (simp)
apply (induct l)
apply auto
done
subsection {* Multisets *}
subsubsection {* Case distinction *}
text {* Install a (new) default case-distinction lemma for multisets, that distinguishes between empty multiset and multiset that is the union of of some multiset and a singleton multiset.
This is the same case distinction as done by the @{thm [source] multiset_induct} rule that is installed as default induction rule for multisets by Multiset.thy. *}
lemma mset_cases[case_names empty add, cases type: multiset]: "[| M={#} ==> P; !!x M'. M=M'+{#x#} ==> P |] ==> P"
apply (induct M)
apply auto
done
lemma multiset_induct'[case_names empty add]: "[|P {#}; !!M x. P M ==> P ({#x#}+M)|] ==> P M"
by (induct rule: multiset_induct) (auto simp add: union_commute)
lemma mset_cases'[case_names empty add]: "[| M={#} ==> P; !!x M'. M={#x#}+M' ==> P |] ==> P"
apply (induct M rule: multiset_induct')
apply auto
done
subsubsection {* Count *}
lemma count_ne_remove: "[| x ~= t|] ==> count S x = count (S-{#t#}) x"
by (auto)
lemma mset_empty_count[simp]: "(∀p. count M p = 0) = (M={#})"
by (auto simp add: multiset_eq_iff)
subsubsection {* Union, difference and intersection *}
lemma size_diff_se: "[|t :# S|] ==> size S = size (S - {#t#}) + 1" proof (unfold size_def)
let ?SIZE = "setsum (count S) (set_of S)"
assume A: "t :# S"
from A have SPLITPRE: "finite (set_of S) & {t}⊆(set_of S)" by auto
hence "?SIZE = setsum (count S) (set_of S - {t}) + setsum (count S) {t}" by (blast dest: setsum_subset_split)
hence "?SIZE = setsum (count S) (set_of S - {t}) + count (S) t" by auto
moreover with A have "count S t = count (S-{#t#}) t + 1" by auto
ultimately have D: "?SIZE = setsum (count S) (set_of S - {t}) + count (S-{#t#}) t + 1" by (arith)
moreover have "setsum (count S) (set_of S - {t}) = setsum (count (S-{#t#})) (set_of S - {t})" proof -
have "ALL x:(set_of S - {t}) . count S x = count (S-{#t#}) x" by (auto iff add: count_ne_remove)
thus ?thesis by simp
qed
ultimately have D: "?SIZE = setsum (count (S-{#t#})) (set_of S - {t}) + count (S-{#t#}) t + 1" by (simp)
moreover
{ assume CASE: "count (S-{#t#}) t = 0"
from CASE have "set_of S - {t} = set_of (S-{#t#})" by (auto iff add: set_of_def)
with CASE D have "?SIZE = setsum (count (S-{#t#})) (set_of (S - {#t#})) + 1" by simp
}
moreover
{ assume CASE: "count (S-{#t#}) t ~= 0"
from CASE have 1: "set_of S = set_of (S-{#t#})" by (auto iff add: set_of_def)
moreover from D have "?SIZE = setsum (count (S-{#t#})) (set_of S - {t}) + setsum (count (S-{#t#})) {t} + 1" by simp
moreover from SPLITPRE setsum_subset_split have "setsum (count (S-{#t#})) (set_of S) = setsum (count (S-{#t#})) (set_of S - {t}) + setsum (count (S-{#t#})) {t}" by (blast)
ultimately have "?SIZE = setsum (count (S-{#t#})) (set_of (S-{#t#})) + 1" by simp
}
ultimately show "?SIZE = setsum (count (S-{#t#})) (set_of (S - {#t#})) + 1" by blast
qed
lemma mset_union_diff_comm: "t :# S ==> T + (S - {#t#}) = (T + S) - {#t#}" proof -
assume "t :# S"
hence "count S t = count (S-{#t#}) t + 1" by auto
hence "count (S+T) t = count (S-{#t#}+T) t + 1" by auto
hence "count (S+T-{#t#}) t = count (S-{#t#}+T) t" by (simp)
moreover have "ALL x. x~=t --> count (S+T-{#t#}) x = count (S-{#t#}+T) x" by auto
ultimately show ?thesis by (auto simp add: union_ac iff add: multiset_eq_iff)
qed
lemma mset_diff_union_cancel[simp]: "t :# S ==> (S - {#t#}) + {#t#} = S"
by (auto simp add: mset_union_diff_comm union_ac)
lemma mset_right_cancel_union: "[|a :# A+B; ~(a :# B)|] ==> a:#A"
by (simp)
lemma mset_left_cancel_union: "[|a :# A+B; ~(a :# A)|] ==> a:#B"
by (simp)
lemmas mset_cancel_union = mset_right_cancel_union mset_left_cancel_union
lemma mset_right_cancel_elem: "[|a :# A+{#b#}; a~=b|] ==> a:#A"
apply(subgoal_tac "~(a :# {#b#})")
apply(auto)
done
lemma mset_left_cancel_elem: "[|a :# {#b#}+A; a~=b|] ==> a:#A"
apply(subgoal_tac "~(a :# {#b#})")
apply(auto)
done
lemmas mset_cancel_elem = mset_right_cancel_elem mset_left_cancel_elem
lemma mset_diff_cancel1elem[simp]: "~(a :# B) ==> {#a#}-B = {#a#}" proof -
assume A: "~(a :# B)"
hence "count ({#a#}-B) a = count ({#a#}) a" by auto
moreover have "ALL e . e~=a --> count ({#a#}-B) e = count ({#a#}) e" by auto
ultimately show ?thesis by (auto simp add: multiset_eq_iff)
qed
lemma union_diff_assoc_se: "t :# B ==> (A+B)-{#t#} = A + (B-{#t#})"
by (auto iff add: multiset_eq_iff)
lemma union_diff_assoc: "C-B={#} ==> (A+B)-C = A + (B-C)"
by (simp add: multiset_eq_iff)
lemma mset_union_1_elem1[simp]: "({#a#} = M+{#b#}) = (a=b & M={#})" proof
assume A: "{#a#} = M+{#b#}"
from A have "size {#a#} = size (M+{#b#})" by simp
hence "1 = 1 + size M" by auto
hence "M={#}" by auto
moreover with A have "a=b" by auto
ultimately show "a=b & M={#}" by auto
next
assume "a = b ∧ M = {#}"
thus "{#a#} = M+{#b#}" by auto
qed
lemma mset_union_1_elem2[simp]: "({#a#} = {#b#}+M) = (a=b & M={#})" using mset_union_1_elem1
by (simp add: union_ac)
lemma mset_union_1_elem3[simp]: "(M+{#b#}={#a#}) = (b=a & M={#})" using mset_union_1_elem1
by (auto dest: sym)
lemma mset_union_1_elem4[simp]: "({#b#}+M={#a#}) = (b=a & M={#})" using mset_union_1_elem3
by (simp add: union_ac)
lemma mset_inter_1elem1[simp]: assumes A: "~(a :# B)" shows "{#a#} #∩ B = {#}" proof (unfold multiset_inter_def)
from A have "{#a#} - B = {#a#}" by simp
thus "{#a#} - ({#a#} - B) = {#}" by simp
qed
lemma mset_inter_1elem2[simp]: "~(a :# B) ==> B #∩ {#a#} = {#}" proof -
assume "~(a :# B)"
hence "{#a#} #∩ B = {#}" by simp
thus ?thesis by (simp add: multiset_inter_commute)
qed
lemmas mset_inter_1elem = mset_inter_1elem1 mset_inter_1elem2
lemmas mset_neutral_cancel1 = union_left_cancel[where N="{#}", simplified] union_right_cancel[where N="{#}", simplified]
declare mset_neutral_cancel1[simp]
lemma mset_neutral_cancel2[simp]: "(c=n+c) = (n={#})" "(c=c+n) = (n={#})"
apply (auto simp add: union_ac)
apply (subgoal_tac "c+n=c", simp_all)+
done
lemma mset_union_2_elem: "{#a#}+{#b#} = M + {#c#} ==> {#a#}=M & b=c | a=c & {#b#}=M"
proof -
assume A: "{#a#}+{#b#} = M + {#c#}"
hence "{#a#}+{#b#}-{#b#} = M + {#c#} - {#b#}" by auto
hence AEQ: "{#a#} = M + {#c#} - {#b#}" by (auto simp add: union_assoc)
{ assume "c=b"
with AEQ have "{#a#} = M" by auto
} moreover {
from A have "{#b#}+{#a#} = M + {#c#}" by (auto simp add: union_commute)
moreover assume "a=c"
ultimately have "{#b#} = M" by auto
} moreover {
assume NEQ: "c~=b & a~=c"
from A have "{#a#}+{#b#}-{#c#} = M + {#c#}-{#c#}" by auto
hence "{#a#}+{#b#}-{#c#} = M" by (auto simp add: union_assoc)
with NEQ have "{#a#}-{#c#}+{#b#} = M" by (subgoal_tac "~ (c :# {#b#})", auto simp add: mset_inter_1elem multiset_union_diff_commute)
with NEQ have "{#a#}+{#b#} = M" by (subgoal_tac "~(a :# {#c#})", auto simp add: mset_diff_cancel1elem)
hence S1: "size M = 2" by auto
moreover from A have "size ({#a#}+{#b#}) = size (M + {#c#})" by auto
hence "size M = 1" by auto
ultimately have "False" by simp
}
ultimately show ?thesis by blast
qed
lemma mset_diff_union_s_inverse[simp]: "s :# S ==> {#s#} + (S - {# s #}) = S" proof -
assume "s :# S"
hence "S = S - {#s#} + {#s#}" by (auto simp add: mset_union_diff_comm)
thus ?thesis by (auto simp add: union_ac)
qed
lemma mset_un_iff: "(a :# A + B) = (a :# A | a :# B)"
by (simp)
lemma mset_un_cases[cases set, case_names left right]: "[|a :# A + B; a:#A ==> P; a:#B ==> P|] ==> P"
by (auto)
lemma mset_unplusm_dist_cases[cases set, case_names left right]:
assumes A: "{#s#}+A = B+C"
assumes L: "[|B={#s#}+(B-{#s#}); A=(B-{#s#})+C|] ==> P"
assumes R: "[|C={#s#}+(C-{#s#}); A=B+(C-{#s#})|] ==> P"
shows P
proof -
from A[symmetric] have "s :# B+C" by simp
thus ?thesis proof (cases rule: mset_un_cases)
case left hence 1: "B={#s#}+(B-{#s#})" by simp
with A have "{#s#}+A = {#s#}+((B-{#s#})+C)" by (simp add: union_ac)
hence 2: "A = (B-{#s#})+C" by (simp)
from L[OF 1 2] show ?thesis .
next
case right hence 1: "C={#s#}+(C-{#s#})" by simp
with A have "{#s#}+A = {#s#}+(B+(C-{#s#}))" by (simp add: union_ac)
hence 2: "A = B+(C-{#s#})" by (simp)
from R[OF 1 2] show ?thesis .
qed
qed
lemma mset_unplusm_dist_cases2[cases set, case_names left right]:
assumes A: "B+C = {#s#}+A"
assumes L: "[|B={#s#}+(B-{#s#}); A=(B-{#s#})+C|] ==> P"
assumes R: "[|C={#s#}+(C-{#s#}); A=B+(C-{#s#})|] ==> P"
shows P
using mset_unplusm_dist_cases[OF A[symmetric]] L R by blast
lemma mset_single_cases[cases set, case_names loc env]:
assumes A: "{#s#}+c = {#r'#}+c'"
assumes CASES: "[|s=r'; c=c'|] ==> P" "[|c'={#s#}+(c'-{#s#}); c={#r'#}+(c-{#r'#}); c-{#r'#} = c'-{#s#} |] ==> P"
shows "P"
proof -
{ assume CASE: "s=r'"
with A have "c=c'" by simp
with CASE CASES have ?thesis by auto
} moreover {
assume CASE: "s≠r'"
have "s:#{#s#}+c" by simp
with A have "s:#{#r'#}+c'" by simp
with CASE have "s:#c'" by (auto elim!: mset_un_cases split: split_if_asm)
from mset_diff_union_s_inverse[OF this, symmetric] have 1: "c' = {#s#} + (c' - {#s#})" .
with A have "{#s#}+c = {#s#}+({#r'#}+(c' - {#s#}))" by (auto simp add: union_ac)
hence 2: "c={#r'#}+(c' - {#s#})" by (auto)
hence 3: "c-{#r'#} = (c' - {#s#})" by auto
from 1 2 3 CASES have ?thesis by auto
} ultimately show ?thesis by blast
qed
lemma mset_single_cases'[cases set, case_names loc env]:
assumes A: "{#s#}+c = {#r'#}+c'"
assumes CASES: "[|s=r'; c=c'|] ==> P" "!!cc. [|c'={#s#}+cc; c={#r'#}+cc; c'-{#s#}=cc; c-{#r'#}=cc|] ==> P"
shows "P"
using A CASES by (auto elim!: mset_single_cases)
lemma mset_single_cases2[cases set, case_names loc env]:
assumes A: "c+{#s#} = c'+{#r'#}"
assumes CASES: "[|s=r'; c=c'|] ==> P" "[|c'=(c'-{#s#})+{#s#}; c=(c-{#r'#})+{#r'#}; c-{#r'#} = c'-{#s#} |] ==> P"
shows "P"
proof -
from A have "{#s#}+c = {#r'#}+c'" by (simp add: union_ac)
thus ?thesis proof (cases rule: mset_single_cases)
case loc with CASES show ?thesis by simp
next
case env with CASES show ?thesis by (simp add: union_ac)
qed
qed
lemma mset_single_cases2'[cases set, case_names loc env]:
assumes A: "c+{#s#} = c'+{#r'#}"
assumes CASES: "[|s=r'; c=c'|] ==> P" "!!cc. [|c'=cc+{#s#}; c=cc+{#r'#}; c'-{#s#}=cc; c-{#r'#}=cc|] ==> P"
shows "P"
using A CASES by (auto elim!: mset_single_cases2)
lemma mset_un_single_un_cases[consumes 1, case_names left right]: assumes A: "A+{#a#} = B+C" and CASES: "[|a:#B; A=(B-{#a#})+C|] ==> P" "[|a:#C; A=B+(C-{#a#})|] ==> P" shows "P"
proof -
have "a:#A+{#a#}" by simp
with A have "a:#B+C" by auto
thus ?thesis proof (cases rule: mset_un_cases)
case left hence "B=B-{#a#}+{#a#}" by auto
with A have "A+{#a#} = (B-{#a#})+C+{#a#}" by (auto simp add: union_ac)
hence "A=(B-{#a#})+C" by simp
with CASES(1)[OF left] show ?thesis by blast
next
case right hence "C=C-{#a#}+{#a#}" by auto
with A have "A+{#a#} = B+(C-{#a#})+{#a#}" by (auto simp add: union_ac)
hence "A=B+(C-{#a#})" by simp
with CASES(2)[OF right] show ?thesis by blast
qed
qed
lemma mset_distrib[consumes 1, case_names dist]: assumes A: "(A::'a multiset)+B = M+N" "!!Am An Bm Bn. [|A=Am+An; B=Bm+Bn; M=Am+Bm; N=An+Bn|] ==> P" shows "P"
proof -
{
fix X
have "!!A B M N P. [| (X::'a multiset)=A+B; A+B = M+N; !!Am An Bm Bn. [|A=Am+An; B=Bm+Bn; M=Am+Bm; N=An+Bn|] ==> P|] ==> P"
proof (induct X)
case empty thus ?case by simp
next
case (add X x A B M N)
from add(2,3) have MN: "X+{#x#} = M+N" by simp
from add(2) show ?case proof (cases rule: mset_un_single_un_cases)
case left from MN show ?thesis proof (cases rule: mset_un_single_un_cases[case_names left' right'])
case left' with left have "X=A-{#x#}+B" "A-{#x#}+B = M-{#x#}+N" by simp_all
from "add.hyps"[OF this] obtain Am An Bm Bn where "A - {#x#} = Am + An" "B = Bm + Bn" "M - {#x#} = Am + Bm" "N = An + Bn" .
hence "A - {#x#} + {#x#} = Am+{#x#} + An" "B = Bm + Bn" "M - {#x#}+{#x#} = Am+{#x#} + Bm" "N = An + Bn" by (simp_all add: union_ac)
with left(1) left'(1) show ?thesis using "add.prems"(3) by auto
next
case right' with left have "X=A-{#x#}+B" "A-{#x#}+B = M+(N-{#x#})" by simp_all
from "add.hyps"[OF this] obtain Am An Bm Bn where "A - {#x#} = Am + An" "B = Bm + Bn" "M = Am + Bm" "N-{#x#} = An + Bn" .
hence "A - {#x#} + {#x#} = Am + (An+{#x#})" "B = Bm + Bn" "M = Am + Bm" "N - {#x#}+{#x#} = (An+{#x#}) + Bn" by (simp_all add: union_ac)
with left(1) right'(1) show ?thesis using "add.prems"(3) by auto
qed
next
case right from MN show ?thesis proof (cases rule: mset_un_single_un_cases[case_names left' right'])
case left' with right have "X=A+(B-{#x#})" "A+(B-{#x#}) = M-{#x#}+N" by simp_all
from "add.hyps"[OF this] obtain Am An Bm Bn where "A = Am + An" "B-{#x#} = Bm + Bn" "M - {#x#} = Am + Bm" "N = An + Bn" .
hence "A = Am + An" "B-{#x#}+{#x#} = Bm+{#x#} + Bn" "M - {#x#}+{#x#} = Am + (Bm+{#x#})" "N = An + Bn" by (simp_all add: union_ac)
with right(1) left'(1) show ?thesis using "add.prems"(3) by auto
next
case right' with right have "X=A+(B-{#x#})" "A+(B-{#x#}) = M+(N-{#x#})" by simp_all
from "add.hyps"[OF this] obtain Am An Bm Bn where "A = Am + An" "B-{#x#} = Bm + Bn" "M = Am + Bm" "N-{#x#} = An + Bn" .
hence "A = Am + An" "B-{#x#}+{#x#} = Bm + (Bn+{#x#})" "M = Am + Bm" "N - {#x#}+{#x#} = An + (Bn+{#x#})" by (simp_all add: union_ac)
with right(1) right'(1) show ?thesis using "add.prems"(3) by auto
qed
qed
qed
} with A show ?thesis by blast
qed
subsubsection {* Singleton multisets *}
lemma mset_singletonI[intro!]: "a :# {#a#}"
by auto
lemma mset_singletonD[dest!]: "b :# {#a#} ==> b=a"
apply(cases "a=b")
apply(auto)
done
lemma mset_size_le1_cases[case_names empty singleton,consumes 1]: "[| size M ≤ Suc 0; M={#} ==> P; !!m. M={#m#} ==> P |] ==> P"
by (cases M) auto
lemma diff_union_single_conv2: "a :# J ==> J + I - {#a#} = (J - {#a#}) + I" using diff_union_single_conv[of J a I]
by (simp add: union_ac)
lemmas diff_union_single_convs = diff_union_single_conv diff_union_single_conv2
lemma mset_contains_eq: "(m:#M) = ({#m#}+(M-{#m#})=M)" proof (auto)
assume "{#m#} + (M - {#m#}) = M"
moreover have "m :# {#m#} + (M - {#m#})" by simp
ultimately show "m:#M" by simp
qed
subsubsection {* Pointwise ordering *}
lemma mset_empty_minimal[simp, intro!]: "{#} ≤ c"
by (unfold mset_le_def, auto)
lemma mset_empty_least[simp]: "c ≤ {#} = (c={#})"
by (unfold mset_le_def, auto)
lemma mset_empty_leastI[intro!]: "c={#} ==> c ≤ {#}"
by (simp only: mset_empty_least)
lemma mset_le_incr_right1: "a≤(b::'a multiset) ==> a≤b+c" using mset_le_mono_add[of a b "{#}" c, simplified] .
lemma mset_le_incr_right2: "a≤(b::'a multiset) ==> a≤c+b" using mset_le_incr_right1
by (auto simp add: union_commute)
lemmas mset_le_incr_right = mset_le_incr_right1 mset_le_incr_right2
lemma mset_le_decr_left1: "a+c≤(b::'a multiset) ==> a≤b" using mset_le_incr_right1 mset_le_mono_add_right_cancel
by blast
lemma mset_le_decr_left2: "c+a≤(b::'a multiset) ==> a≤b" using mset_le_decr_left1
by (auto simp add: union_ac)
lemmas mset_le_decr_left = mset_le_decr_left1 mset_le_decr_left2
lemma mset_le_single_conv[simp]: "({#e#}≤M) = (e:#M)"
by (unfold mset_le_def) auto
lemma mset_le_trans_elem: "[|e :# c; c ≤ c'|] ==> e :# c'" using order_trans[of "{#e#}" c c', simplified]
by assumption
lemma mset_le_subtract: "A≤B ==> A-C ≤ B-(C::'a multiset)"
apply (unfold mset_le_def)
apply auto
apply (subgoal_tac "count A a ≤ count B a")
apply arith
apply simp
done
lemma mset_le_union: "A+B ≤ C ==> A≤C ∧ B≤(C::'a multiset)"
by (auto dest: mset_le_decr_left)
lemma mset_le_subtract_left: "A+B ≤ (X::'a multiset) ==> B ≤ X-A ∧ A≤X"
by (auto dest: mset_le_subtract[of "A+B" "X" "A"] mset_le_union)
lemma mset_le_subtract_right: "A+B ≤ (X::'a multiset) ==> A ≤ X-B ∧ B≤X"
by (auto dest: mset_le_subtract[of "A+B" "X" "B"] mset_le_union)
lemma mset_le_addE: "[| xs ≤ (ys::'a multiset); !!zs. ys=xs+zs ==> P |] ==> P" using mset_le_exists_conv
by blast
lemma mset_le_sub_add_eq[simp,intro]: "A≤(B::'a multiset) ==> B-A+A = B"
by (auto elim: mset_le_addE simp add: union_ac)
lemma mset_2dist2_cases:
assumes A: "{#a#}+{#b#} ≤ A+B"
assumes CASES: "{#a#}+{#b#} ≤ A ==> P" "{#a#}+{#b#} ≤ B ==> P" "[|a :# A; b :# B|] ==> P" "[|a :# B; b :# A|] ==> P"
shows "P"
proof -
{ assume C: "a :# A" "b :# A-{#a#}"
with mset_le_mono_add[of "{#a#}" "{#a#}" "{#b#}" "A-{#a#}"] have "{#a#}+{#b#} ≤ A" by auto
} moreover {
assume C: "a :# A" "¬ (b :# A-{#a#})"
with A have "b:#B" by (unfold mset_le_def) (auto split: split_if_asm)
} moreover {
assume C: "¬ (a :# A)" "b :# B-{#a#}"
with A have "a :# B" by (unfold mset_le_def) (auto split: split_if_asm)
with C mset_le_mono_add[of "{#a#}" "{#a#}" "{#b#}" "B-{#a#}"] have "{#a#}+{#b#} ≤ B" by auto
} moreover {
assume C: "¬ (a :# A)" "¬ (b :# B-{#a#})"
with A have "a:#B ∧ b:#A" by (unfold mset_le_def) (auto split: split_if_asm)
} ultimately show P using CASES by blast
qed
lemma mset_union_subset: "A+B ≤ (C::'a multiset) ==> A≤C ∧ B≤C"
apply (unfold mset_le_def)
apply auto
apply (subgoal_tac "count A a + count B a ≤ count C a", arith, simp)+
done
lemma mset_union_subset_s: "{#a#}+B ≤ C ==> a :# C ∧ B ≤ C"
by (auto dest: mset_union_subset)
lemma mset_le_eq_refl: "a=(b::'a multiset) ==> a≤b"
by simp
lemma mset_singleton_eq[simplified,simp]: "a :# {#b#} = (a=b)"
by auto -- {* The simplification is here due to the lemma @{thm [source] "Multiset.count_single"}, that will be applied first deleting any application potential for this rule*}
lemma mset_le_single_single[simp]: "({#a#} ≤ {#b#}) = (a=b)"
by auto
lemma mset_le_single_conv1[simp]: "(M+{#a#} ≤ {#b#}) = (M={#} ∧ a=b)"
proof (auto)
assume A: "M+{#a#} ≤ {#b#}" thus "a=b" by (auto dest: mset_le_decr_left2)
with A mset_le_mono_add_right_cancel[of M "{#a#}" "{#}", simplified] show "M={#}" by blast
qed
lemma mset_le_single_conv2[simp]: "({#a#}+M ≤ {#b#}) = (M={#} ∧ a=b)"
by (simp add: union_ac)
lemma mset_le_single_cases[consumes 1, case_names empty singleton]: "[|M≤{#a#}; M={#} ==> P; M={#a#} ==> P|] ==> P"
by (induct M) auto
lemma mset_le_distrib[consumes 1, case_names dist]: "[|(X::'a multiset)≤A+B; !!Xa Xb. [|X=Xa+Xb; Xa≤A; Xb≤B|] ==> P |] ==> P"
by (auto elim!: mset_le_addE mset_distrib)
lemma mset_le_mono_add_single: "[|a :# ys; b :# ws|] ==> {#a#} + {#b#} ≤ ys + ws" using mset_le_mono_add[of "{#a#}" _ "{#b#}", simplified] .
lemma mset_size1elem: "[|size P ≤ 1; q :# P|] ==> P={#q#}"
by (auto elim: mset_size_le1_cases)
lemma mset_size2elem: "[|size P ≤ 2; {#q#}+{#q'#} ≤ P|] ==> P={#q#}+{#q'#}"
by (auto elim: mset_le_addE)
subsubsection {* Image under function *}
inductive_set
mset_map_Set :: "('a => 'b) => ('a multiset × 'b multiset) set"
for f:: "'a => 'b"
where
mset_map_Set_empty: "({#},{#})∈mset_map_Set f"
| mset_map_Set_add: "(A,B)∈mset_map_Set f ==> (A+{#a#},B+{#f a#})∈mset_map_Set f"
lemma mset_map_Set_empty_simps[simp]: "(({#},B)∈mset_map_Set f) = (B={#})" "((A,{#})∈mset_map_Set f) = (A={#})"
by (auto elim: mset_map_Set.cases intro: mset_map_Set_empty)
lemma mset_map_Set_single_left[simp]: "(({#a#},B)∈mset_map_Set f) = (B={#f a#})"
by (auto elim: mset_map_Set.cases intro: mset_map_Set_add[of "{#}" "{#}", simplified])
lemma mset_map_Set_single_rightE[cases set, case_names orig]: "[|(A,{#b#})∈mset_map_Set f; !!a. [|A={#a#}; b=f a|] ==> P|] ==> P"
by (auto elim: mset_map_Set.cases)
lemma mset_map_Set_sizes: "(A,B)∈mset_map_Set f ==> size A = size B"
by (induct rule: mset_map_Set.induct) auto
text {* Intuitively, this lemma allows one to choose a single image element corresponding to an original element *}
lemma mset_map_Set_choose[cases set, case_names choice]: assumes A: "(A+{#a#},B)∈mset_map_Set f" "!!B'. [|B=B'+{#f a#}; (A,B')∈mset_map_Set f|] ==> P" shows "P"
proof -
{ fix n
have "[|size B=n; (A+{#a#},B)∈mset_map_Set f; !!B'. [|B=B'+{#f a#}; (A,B')∈mset_map_Set f|] ==> P |] ==> P" proof (induct n arbitrary: A a B P)
case 0 thus ?case by simp
next
case (Suc n') from Suc.prems(2) show ?case proof (cases rule: mset_map_Set.cases)
case mset_map_Set_empty hence False by simp thus ?thesis ..
next
case (mset_map_Set_add A' B' a')
hence "A+{#a#}=A'+{#a'#}" by simp
thus ?thesis proof (cases rule: mset_single_cases2')
case loc with mset_map_Set_add Suc.prems(3) show ?thesis by auto
next
case (env A'')
from Suc.prems(1) mset_map_Set_add(2) have SIZE: "size B' = n'" by auto
from mset_map_Set_add env have MM: "(A'' + {#a#}, B') ∈ mset_map_Set f" by simp
from Suc.hyps[OF SIZE MM] obtain B'' where B'': "B'=B''+{#f a#}" "(A'',B'')∈mset_map_Set f" by blast
from mset_map_Set.mset_map_Set_add[OF B''(2)] env(2) have "(A, B'' + {#f a'#}) ∈ mset_map_Set f" by simp
moreover from B''(1) mset_map_Set_add have "B=B'' + {#f a'#} + {#f a#}" by (simp add: union_ac)
ultimately show ?thesis using Suc.prems(3) by blast
qed
qed
qed
} with A show P by blast
qed
lemma mset_map_Set_unique: "!!B B'. [|(A,B)∈mset_map_Set f; (A,B')∈mset_map_Set f|] ==> B=B'"
by (induct A) (auto elim!: mset_map_Set_choose)
lemma mset_map_Set_surjective: "[| !!B. (A,B)∈mset_map_Set f ==> P |] ==> P"
by (induct A) (auto intro: mset_map_Set_add)
definition
mset_map :: "('a => 'b) => 'a multiset => 'b multiset" (infixr "`#" 90)
where
"f `# A == (THE B. (A,B)∈mset_map_Set f)"
interpretation mset_map: su_rel_fun "mset_map_Set f" "op `# f"
apply (rule su_rel_fun.intro)
apply (erule mset_map_Set_unique, assumption)
apply (erule mset_map_Set_surjective)
apply (rule mset_map_def)
done
text {* Transfer the defining equations *}
lemma mset_map_empty[simp]: "f `# {#} = {#}"
apply (subst mset_map.repr)
apply (rule mset_map_Set_empty)
done
lemma mset_map_add[simp]: "f `# (A+{#a#}) = f `# A + {#f a#}" "f `# ({#a#}+A) = {#f a#} + f `# A"
by (auto simp add: mset_map.repr union_commute intro: mset_map_Set_add mset_map.repr1)
text {* Transfer some other lemmas *}
lemma mset_map_single_rightE[consumes 1, case_names orig]: "[|f `# P = {#y#}; !!x. [| P={#x#}; f x = y |] ==> Q |] ==> Q"
by (auto simp add: mset_map.repr elim: mset_map_Set_single_rightE)
text {* And show some further equations *}
lemma mset_map_single[simp]: "f `# {#a#} = {#f a#}" using mset_map_add(1)[where A="{#}", simplified] .
lemma mset_map_union: "!!B. f `# (A+B) = f `# A + f `# B"
by (induct A) (auto simp add: union_ac)
lemma mset_map_size: "size A = size (f `# A)"
by (induct A) auto
lemma mset_map_empty_eq[simp]: "(f `# P = {#}) = (P={#})" using mset_map_size[of P f]
by auto
lemma mset_map_le: "!!B. A ≤ B ==> f `# A ≤ f `# B" proof (induct A)
case empty thus ?case by simp
next
case (add A x B)
hence "A≤B-{#x#}" and SM: "{#x#}≤B" using mset_le_subtract_right by (fastforce+)
with "add.hyps" have "f `# A ≤ f `# (B-{#x#})" by blast
hence "f `# (A+{#x#}) ≤ f `# (B-{#x#}) + {#f x#}" by auto
also have "… = f `# (B-{#x#}+{#x#})" by simp
also with SM have "… = f `# B" by simp
finally show ?case .
qed
lemma mset_map_set_of: "set_of (f `# A) = f ` set_of A"
by (induct A) auto
lemma mset_map_split_orig: "!!M1 M2. [|f `# P = M1+M2; !!P1 P2. [|P=P1+P2; f `# P1 = M1; f `# P2 = M2|] ==> Q |] ==> Q"
apply (induct P)
apply fastforce
apply (fastforce elim!: mset_un_single_un_cases simp add: union_ac)
done
lemma mset_map_id: "[|!!x. f (g x) = x|] ==> f `# g `# X = X"
by (induct X) auto
text {* The following is a very specialized lemma. Intuitively, it splits the original multiset
by a splitting of some pointwise supermultiset of its image.
Application:
This lemma came in handy when proving the correctness of a constraint system that collects at most k sized submultisets of the sets of spawned threads.
*}
lemma mset_map_split_orig_le: assumes A: "f `# P ≤ M1+M2" and EX: "!!P1 P2. [|P=P1+P2; f `# P1 ≤ M1; f `# P2 ≤ M2|] ==> Q" shows "Q"
using A EX by (auto elim: mset_le_distrib mset_map_split_orig)
subsection {* Lists *}
-- "Obtains a list from the pointwise characterization of its elements"
lemma obtain_list_from_elements:
assumes A: "∀i<n. (∃li. P li i)"
obtains l where
"length l = n"
"∀i<n. P (l!i) i"
proof -
from A have "∃l. length l=n ∧ (∀i<n. P (l!i) i)"
proof (induct n)
case 0 thus ?case by simp
next
case (Suc n)
then obtain l where IH: "length l = n" "(∀i<n. P(l!i) i)" by auto
moreover from Suc.prems obtain ln where "P ln n" by auto
ultimately have "length (l@[ln]) = Suc n" "(∀i<Suc n. P((l@[ln])!i) i)"
by (auto simp add: nth_append dest: less_antisym)
thus ?case by blast
qed
thus ?thesis using that by (blast)
qed
subsubsection {* Reverse lists *}
lemma list_rev_decomp[rule_format]: "l~=[] --> (EX ll e . l = ll@[e])"
apply(induct_tac l)
apply(auto)
done
text {* Caution: Same order of case variables in snoc-case as @{thm [source] rev_exhaust}, the other way round than @{thm [source] rev_induct} ! *}
lemma length_compl_rev_induct[case_names Nil snoc]: "[|P []; !! l e . [|!! ll . length ll <= length l ==> P ll|] ==> P (l@[e])|] ==> P l"
apply(induct_tac l rule: length_induct)
apply(case_tac "xs" rule: rev_cases)
apply(auto)
done
lemma list_append_eq_Cons_cases[consumes 1]: "[|ys@zs = x#xs; [|ys=[]; zs=x#xs|] ==> P; !!ys'. [| ys=x#ys'; ys'@zs=xs |] ==> P |] ==> P"
by (auto iff add: append_eq_Cons_conv)
lemma list_Cons_eq_append_cases[consumes 1]: "[|x#xs = ys@zs; [|ys=[]; zs=x#xs|] ==> P; !!ys'. [| ys=x#ys'; ys'@zs=xs |] ==> P |] ==> P"
by (auto iff add: Cons_eq_append_conv)
lemma map_of_rev_distinct[simp]:
"distinct (map fst m) ==> map_of (rev m) = map_of m"
apply (induct m)
apply simp
apply simp
apply (subst map_add_comm)
apply force
apply simp
done
-- {* Tail-recursive, generalized @{const rev}. May also be used for
tail-recursively getting a list with all elements of the two
operands, if the order does not matter, e.g. when implementing
sets by lists. *}
fun revg where
"revg [] b = b" |
"revg (a#as) b = revg as (a#b)"
lemma revg_fun[simp]: "revg a b = rev a @ b"
by (induct a arbitrary: b)
auto
subsubsection "Folding"
text "Ugly lemma about foldl over associative operator with left and right neutral element"
lemma foldl_A1_eq: "!!i. [| !! e. f n e = e; !! e. f e n = e; !!a b c. f a (f b c) = f (f a b) c |] ==> foldl f i ww = f i (foldl f n ww)"
proof (induct ww)
case Nil thus ?case by simp
next
case (Cons a ww i) note IHP[simplified]=this
have "foldl f i (a # ww) = foldl f (f i a) ww" by simp
also from IHP have "… = f (f i a) (foldl f n ww)" by blast
also from IHP(4) have "… = f i (f a (foldl f n ww))" by simp
also from IHP(1)[OF IHP(2,3,4), where i=a] have "… = f i (foldl f a ww)" by simp
also from IHP(2)[of a] have "… = f i (foldl f (f n a) ww)" by simp
also have "… = f i (foldl f n (a#ww))" by simp
finally show ?case .
qed
lemmas foldl_conc_empty_eq = foldl_A1_eq[of "op @" "[]", simplified]
lemmas foldl_un_empty_eq = foldl_A1_eq[of "op ∪" "{}", simplified, OF Un_assoc[symmetric]]
lemma foldl_set: "foldl (op ∪) {} l = \<Union>{x. x∈set l}"
apply (induct l)
apply simp_all
apply (subst foldl_un_empty_eq)
apply auto
done
lemma (in monoid_mult) foldl_absorb1: "x*foldl (op *) 1 zs = foldl (op *) x zs"
apply (rule sym)
apply (rule foldl_A1_eq)
apply (auto simp add: mult_assoc)
done
text {* Towards an invariant rule for foldl *}
lemma foldl_rule_aux:
fixes I :: "'σ => 'a list => bool"
assumes initial: "I σ0 l0"
assumes step: "!!l1 l2 x σ. [| l0=l1@x#l2; I σ (x#l2) |] ==> I (f σ x) l2"
shows "I (foldl f σ0 l0) []"
using initial step
apply (induct l0 arbitrary: σ0)
apply auto
done
lemma foldl_rule_aux_P:
fixes I :: "'σ => 'a list => bool"
assumes initial: "I σ0 l0"
assumes step: "!!l1 l2 x σ. [| l0=l1@x#l2; I σ (x#l2) |] ==> I (f σ x) l2"
assumes final: "!!σ. I σ [] ==> P σ"
shows "P (foldl f σ0 l0)"
using foldl_rule_aux[of I σ0 l0, OF initial, OF step] final
by simp
lemma foldl_rule:
fixes I :: "'σ => 'a list => 'a list => bool"
assumes initial: "I σ0 [] l0"
assumes step: "!!l1 l2 x σ. [| l0=l1@x#l2; I σ l1 (x#l2) |] ==> I (f σ x) (l1@[x]) l2"
shows "I (foldl f σ0 l0) l0 []"
using initial step
apply (rule_tac I="λσ lr. ∃ll. l0=ll@lr ∧ I σ ll lr" in foldl_rule_aux_P)
apply auto
done
text {*
Invariant rule for foldl. The invariant is parameterized with
the state, the list of items that have already been processed and
the list of items that still have to be processed.
*}
lemma foldl_rule_P:
fixes I :: "'σ => 'a list => 'a list => bool"
-- "The invariant holds for the initial state, no items processed yet and all items to be processed:"
assumes initial: "I σ0 [] l0"
-- "The invariant remains valid if one item from the list is processed"
assumes step: "!!l1 l2 x σ. [| l0=l1@x#l2; I σ l1 (x#l2) |] ==> I (f σ x) (l1@[x]) l2"
-- "The proposition follows from the invariant in the final state, i.e. all items processed and nothing to be processed"
assumes final: "!!σ. I σ l0 [] ==> P σ"
shows "P (foldl f σ0 l0)"
using foldl_rule[of I, OF initial step] by (simp add: final)
text {* Invariant reasoning over @{const foldl} for distinct lists. Invariant rule makes no
assumptions about ordering. *}
lemma distinct_foldl_invar:
"[| distinct S; I (set S) σ0;
!!x it σ. [|x ∈ it; it ⊆ set S; I it σ|] ==> I (it - {x}) (f σ x)
|] ==> I {} (foldl f σ0 S)"
proof (induct S arbitrary: σ0)
case Nil thus ?case by auto
next
case (Cons x S)
note [simp] = Cons.prems(1)[simplified]
show ?case
apply simp
apply (rule Cons.hyps)
proof -
from Cons.prems(1) show "distinct S" by simp
from Cons.prems(3)[of x "set (x#S)", simplified,
OF Cons.prems(2)[simplified]]
show "I (set S) (f σ0 x)" .
fix xx it σ
assume A: "xx∈it" "it ⊆ set S" "I it σ"
show "I (it - {xx}) (f σ xx)" using A(2)
apply (rule_tac Cons.prems(3))
apply (simp_all add: A(1,3))
apply blast
done
qed
qed
lemma foldl_length_aux: "foldl (λi x. Suc i) a l = a + length l"
by (induct l arbitrary: a) auto
lemmas foldl_length[simp] = foldl_length_aux[where a=0, simplified]
lemma foldr_length_aux: "foldr (λx i. Suc i) l a = a + length l"
by (induct l arbitrary: a rule: rev_induct) auto
lemmas foldr_length[simp] = foldr_length_aux[where a=0, simplified]
context comp_fun_commute begin
lemma foldl_f_commute: "f a (foldl (λa b. f b a) b xs) = foldl (λa b. f b a) (f a b) xs"
by(induct xs arbitrary: b)(simp_all add: fun_left_comm)
lemma foldr_conv_foldl: "foldr f xs a = foldl (λa b. f b a) a xs"
by(induct xs arbitrary: a)(simp_all add: foldl_f_commute)
end
lemma filter_conv_foldr:
"filter P xs = foldr (λx xs. if P x then x # xs else xs) xs []"
by(induct xs) simp_all
lemma foldr_Cons: "foldr Cons xs [] = xs"
by(induct xs) simp_all
lemma foldr_snd_zip:
"length xs ≥ length ys ==> foldr (λ(x, y). f y) (zip xs ys) b = foldr f ys b"
proof(induct ys arbitrary: xs)
case (Cons y ys) thus ?case by(cases xs) simp_all
qed simp
lemma foldl_snd_zip:
"length xs ≥ length ys ==> foldl (λb (x, y). f b y) b (zip xs ys) = foldl f b ys"
proof(induct ys arbitrary: xs b)
case (Cons y ys) thus ?case by(cases xs) simp_all
qed simp
lemma fst_foldl: "fst (foldl (λ(a, b) x. (f a x, g a b x)) (a, b) xs) = foldl f a xs"
by(induct xs arbitrary: a b) simp_all
lemma foldl_foldl_conv_concat: "foldl (foldl f) a xs = foldl f a (concat xs)"
by(induct xs arbitrary: a) simp_all
lemma foldl_list_update:
"n < length xs ==> foldl f a (xs[n := x]) = foldl f (f (foldl f a (take n xs)) x) (drop (Suc n) xs)"
by(simp add: upd_conv_take_nth_drop)
subsubsection {* Map *}
lemma map_fst_mk_snd[simp]: "map fst (map (λx. (x,k)) l) = l" by (induct l) auto
lemma map_snd_mk_fst[simp]: "map snd (map (λx. (k,x)) l) = l" by (induct l) auto
lemma map_fst_mk_fst[simp]: "map fst (map (λx. (k,x)) l) = replicate (length l) k" by (induct l) auto
lemma map_snd_mk_snd[simp]: "map snd (map (λx. (x,k)) l) = replicate (length l) k" by (induct l) auto
lemma map_zip1: "map (λx. (x,k)) l = zip l (replicate (length l) k)" by (induct l) auto
lemma map_zip2: "map (λx. (k,x)) l = zip (replicate (length l) k) l" by (induct l) auto
lemmas map_zip=map_zip1 map_zip2
lemma map_append_res:
assumes "map f l = m1@m2"
obtains l1 l2 where "l=l1@l2" "map f l1 = m1" "map f l2 = m2"
using assms
proof (induct m1 arbitrary: l m2 thesis)
case Nil
then show ?case by simp
next
case (Cons fa m1)
then have "map f l = fa # m1 @ m2" by simp
then obtain a l' where l: "l = a # l'" and a: "f a = fa" and map_l': "map f l' = m1 @ m2"
by auto
obtain l1 l2 where l': "l' = l1 @ l2" and map_l1: "map f l1 = m1" and map_l2: "map f l2 = m2"
by (rule Cons(1)[OF _ map_l'])
let ?l1 = "a # l1"
have "l = ?l1 @ l2" "map f ?l1 = fa # m1" using a l l' map_l1 by simp_all
then show ?case using map_l2 by (rule Cons(2))
qed
lemma map_id[simp]:
"map id l = l" by (induct l, auto)
lemma map_id'[simp]:
"map id = id"
by (rule ext) simp
lemma inj_map_inv_f [simp]: "inj f ==> map (inv f) (map f l) = l"
by (simp)
lemma inj_on_map_the: "[|D ⊆ dom m; inj_on m D|] ==> inj_on (theom) D"
apply (rule inj_onI)
apply simp
apply (case_tac "m x")
apply (case_tac "m y")
apply (auto intro: inj_onD) [1]
apply (auto intro: inj_onD) [1]
apply (case_tac "m y")
apply (auto intro: inj_onD) [1]
apply simp
apply (rule inj_onD)
apply assumption
apply auto
done
lemma distinct_mapI: "distinct (List.map f l) ==> distinct l"
by (induct l) auto
lemma map_consI:
"w=map f ww ==> f a#w = map f (a#ww)"
"w@l=map f ww@l ==> f a#w@l = map f (a#ww)@l"
by auto
lemma restrict_map_subset_eq:
fixes R
shows "[|m |` R = m'; R'⊆R|] ==> m|` R' = m' |` R'"
by (auto simp add: Int_absorb1)
lemma restrict_map_self[simp]: "m |` dom m = m"
apply (rule ext)
apply (case_tac "m x")
apply (auto simp add: restrict_map_def)
done
lemma restrict_map_UNIV[simp]: "f |` UNIV = f"
by (auto simp add: restrict_map_def)
lemma restrict_map_inv[simp]: "f |` (- dom f) = Map.empty"
by (auto simp add: restrict_map_def intro: ext)
lemma restrict_map_upd: "(f |` S)(k \<mapsto> v) = f(k\<mapsto>v) |` (insert k S)"
by (auto simp add: restrict_map_def intro: ext)
lemma map_upd_eq_restrict[simp]: "m (x:=None) = m |` (-{x})"
by (auto intro: ext)
declare Map.finite_dom_map_of [simp, intro!]
lemma dom_const'[simp]: "dom (λx. Some (f x)) = UNIV"
by auto
lemma restrict_map_eq :
"((m |` A) k = None) <-> (k ∉ dom m ∩ A)"
"((m |` A) k = Some v) <-> (m k = Some v ∧ k ∈ A)"
unfolding restrict_map_def
by (simp_all add: dom_def)
definition "rel_of m P == {(k,v). m k = Some v ∧ P (k, v)}"
lemma rel_of_empty[simp]: "rel_of Map.empty P = {}"
by (auto simp add: rel_of_def)
subsubsection "zip"
text {* Removing unnecessary premise from @{thm [display] zip_append}*}
lemma zip_append': "[|length xs = length us|] ==> zip (xs @ ys) (us @ vs) = zip xs us @ zip ys vs"
by (simp add: zip_append1)
lemma zip_map_parts[simp]: "zip (map fst l) (map snd l) = l" by (induct l) auto
lemma pair_list_split: "[| !!l1 l2. [| l = zip l1 l2; length l1=length l2; length l=length l2 |] ==> P |] ==> P"
proof (induct l arbitrary: P)
case Nil thus ?case by auto
next
case (Cons a l) from Cons.hyps obtain l1 l2 where IHAPP: "l=zip l1 l2" "length l1 = length l2" "length l=length l2" .
obtain a1 a2 where [simp]: "a=(a1,a2)" by (cases a) auto
from IHAPP have "a#l = zip (a1#l1) (a2#l2)" "length (a1#l1) = length (a2#l2)" "length (a#l) = length (a2#l2)"
by (simp_all only:) (simp_all (no_asm_use))
with Cons.prems show ?case by blast
qed
lemma set_zip_cart: "x∈set (zip l l') ==> x∈set l × set l'"
by (auto simp add: set_zip)
lemma zip_inj: "[|length a = length b; length a' = length b'; zip a b = zip a' b'|] ==> a=a' ∧ b=b'"
apply (induct a b arbitrary: a' b' rule: list_induct2)
apply (case_tac a')
apply (case_tac b')
apply simp
apply simp
apply (case_tac b')
apply simp
apply simp
apply (case_tac a')
apply (case_tac b')
apply simp
apply simp
apply (case_tac b')
apply simp
proof -
case goal1
note [simp] = goal1(5,6)
from goal1(4) have C: "x=a" "y=aa" "zip xs ys = zip list lista" by simp_all
from goal1(2)[OF _ C(3)] goal1(3) have "xs=list ∧ ys = lista" by simp_all
thus ?case using C(1,2) by simp
qed
lemma zip_eq_zip_same_len[simp]:
"[| length a = length b; length a' = length b' |] ==>
zip a b = zip a' b' <-> a=a' ∧ b=b'"
by (auto dest: zip_inj)
lemma map_prod_fun_zip: "map (λ(x, y). (f x, g y)) (zip xs ys) = zip (map f xs) (map g ys)"
proof(induct xs arbitrary: ys)
case Nil thus ?case by simp
next
case (Cons x xs) thus ?case by(cases ys) simp_all
qed
subsubsection {* Generalized Zip*}
text {* Zip two lists element-wise, where the combination of two elements is specified by a function. Note that this function is underdefined for lists of different length. *}
fun zipf :: "('a=>'b=>'c) => 'a list => 'b list => 'c list" where
"zipf f [] [] = []" |
"zipf f (a#as) (b#bs) = f a b # zipf f as bs"
lemma zipf_zip: "[|length l1 = length l2|] ==> zipf Pair l1 l2 = zip l1 l2"
apply (induct l1 arbitrary: l2)
apply auto
apply (case_tac l2)
apply auto
done
-- "All quantification over zipped lists"
fun list_all_zip where
"list_all_zip P [] [] <-> True" |
"list_all_zip P (a#as) (b#bs) <-> P a b ∧ list_all_zip P as bs" |
"list_all_zip P _ _ <-> False"
lemma list_all_zip_alt: "list_all_zip P as bs <-> length as = length bs ∧ (∀i<length as. P (as!i) (bs!i))"
apply (induct P≡P as bs rule: list_all_zip.induct)
apply auto
apply (case_tac i)
apply auto
done
lemma list_all_zip_map1: "list_all_zip P (List.map f as) bs <-> list_all_zip (λa b. P (f a) b) as bs"
apply (induct as arbitrary: bs)
apply (case_tac bs)
apply auto [2]
apply (case_tac bs)
apply auto [2]
done
lemma list_all_zip_map2: "list_all_zip P as (List.map f bs) <-> list_all_zip (λa b. P a (f b)) as bs"
apply (induct as arbitrary: bs)
apply (case_tac bs)
apply auto [2]
apply (case_tac bs)
apply auto [2]
done
declare list_all_zip_alt[mono]
lemma lazI[intro?]: "[| length a = length b; !!i. i<length b ==> P (a!i) (b!i) |]
==> list_all_zip P a b"
by (auto simp add: list_all_zip_alt)
lemma laz_conj[simp]: "list_all_zip (λx y. P x y ∧ Q x y) a b
<-> list_all_zip P a b ∧ list_all_zip Q a b"
by (auto simp add: list_all_zip_alt)
lemma laz_len: "list_all_zip P a b ==> length a = length b"
by (simp add: list_all_zip_alt)
lemma laz_eq: "list_all_zip (op =) a b <-> a=b"
apply (induct a arbitrary: b)
apply (case_tac b)
apply simp
apply simp
apply (case_tac b)
apply simp
apply simp
done
lemma laz_swap_ex:
assumes A: "list_all_zip (λa b. ∃c. P a b c) A B"
obtains C where
"list_all_zip (λa c. ∃b. P a b c) A C"
"list_all_zip (λb c. ∃a. P a b c) B C"
proof -
from A have
[simp]: "length A = length B" and
IC: "∀i<length B. ∃ci. P (A!i) (B!i) ci"
by (auto simp add: list_all_zip_alt)
from obtain_list_from_elements[OF IC] obtain C where
"length C = length B"
"∀i<length B. P (A!i) (B!i) (C!i)" .
thus ?thesis
by (rule_tac that) (auto simp add: list_all_zip_alt)
qed
lemma laz_weak_Pa[simp]:
"list_all_zip (λa b. P a) A B <-> (length A = length B) ∧ (∀a∈set A. P a)"
by (auto simp add: list_all_zip_alt set_conv_nth)
lemma laz_weak_Pb[simp]:
"list_all_zip (λa b. P b) A B <-> (length A = length B) ∧ (∀b∈set B. P b)"
by (force simp add: list_all_zip_alt set_conv_nth)
subsubsection "Collecting Sets over Lists"
definition "list_collect_set f l == \<Union>{ f a | a. a∈set l }"
lemma list_collect_set_simps[simp]:
"list_collect_set f [] = {}"
"list_collect_set f [a] = f a"
"list_collect_set f (a#l) = f a ∪ list_collect_set f l"
"list_collect_set f (l@l') = list_collect_set f l ∪ list_collect_set f l'"
by (unfold list_collect_set_def) auto
lemma list_collect_set_map_simps[simp]:
"list_collect_set f (map x []) = {}"
"list_collect_set f (map x [a]) = f (x a)"
"list_collect_set f (map x (a#l)) = f (x a) ∪ list_collect_set f (map x l)"
"list_collect_set f (map x (l@l')) = list_collect_set f (map x l) ∪ list_collect_set f (map x l')"
by simp_all
lemma list_collect_set_alt: "list_collect_set f l = \<Union>{ f (l!i) | i. i<length l }"
apply (induct l)
apply simp
apply safe
apply auto
apply (rule_tac x="f (l!i)" in exI)
apply simp
apply (rule_tac x="Suc i" in exI)
apply simp
apply (case_tac i)
apply auto
done
lemma list_collect_set_as_map: "list_collect_set f l = \<Union>set (map f l)"
by (unfold list_collect_set_def) auto
subsubsection {* Sorted List with aribitrary Relations *}
inductive sorted_by_rel :: "('a => 'a => bool) => 'a list => bool" where
Nil [iff]: "sorted_by_rel R []"
| Cons: "∀y∈set xs. R x y ==> sorted_by_rel R xs ==> sorted_by_rel R (x # xs)"
inductive_simps sorted_by_rel_Cons[iff] : "sorted_by_rel R (x # xs)"
lemma sorted_by_rel_single [iff]:
"sorted_by_rel R [x]" by simp
lemma sorted_by_rel_weaken :
assumes R_weaken: "!!x y. [|x ∈ set l0; y ∈ set l0; R x y|] ==> R' x y"
and sort: "sorted_by_rel R l0"
shows "sorted_by_rel R' l0"
using assms
by (induct l0) (simp_all)
lemma sorted_by_rel_map :
"sorted_by_rel R (map f xs) = sorted_by_rel (λx y. R (f x) (f y)) xs"
by (induct xs) auto
lemma sorted_by_rel_append :
"sorted_by_rel R (xs @ ys) =
(sorted_by_rel R xs ∧ sorted_by_rel R ys ∧
(∀x ∈ set xs. ∀y∈ set ys. R x y))"
by (induct xs) auto
lemma sorted_by_rel_true [simp] :
"sorted_by_rel (λ_ _. True) l0"
by (induct l0) (simp_all)
lemma sorted_by_rel_linord [simp] :
"sorted_by_rel (λ(x::('a::{linorder})) y. x ≤ y) l0 <-> sorted l0"
by (induct l0) (auto simp add: sorted_Cons)
lemma sorted_by_rel_rev_linord [simp] :
"sorted_by_rel (λ(x::('a::{linorder})) y. x ≥ y) l0 <-> sorted (rev l0)"
by (induct l0) (auto simp add: sorted_Cons sorted_append)
lemma sorted_by_rel_map_linord [simp] :
"sorted_by_rel (λ(x::('a::{linorder} × 'b)) y. fst x ≤ fst y) l0 <-> sorted (map fst l0)"
by (induct l0) (auto simp add: sorted_Cons sorted_append)
lemma sorted_by_rel_map_rev_linord [simp] :
"sorted_by_rel (λ(x::('a::{linorder} × 'b)) y. fst x ≥ fst y) l0 <-> sorted (rev (map fst l0))"
by (induct l0) (auto simp add: sorted_Cons sorted_append)
subsection {* Quicksort by Relation *}
text {* A functional implementation of quicksort on lists. It it similar to the
one in Isabelle/HOL's example directory. However, it uses tail-recursion for append and arbitrary
relations. *}
fun partition_rev :: "('a => bool) => ('a list × 'a list) => 'a list => ('a list × 'a list)" where
"partition_rev P (yes, no) [] = (yes, no)"
| "partition_rev P (yes, no) (x # xs) =
partition_rev P (if P x then (x # yes, no) else (yes, x # no)) xs"
lemma partition_rev_filter_conv :
"partition_rev P (yes, no) xs = (rev (filter P xs) @ yes, rev (filter (Not o P) xs) @ no)"
by (induct xs arbitrary: yes no) (simp_all)
function quicksort_by_rel :: "('a => 'a => bool) => 'a list => 'a list => 'a list" where
"quicksort_by_rel R sl [] = sl"
| "quicksort_by_rel R sl (x#xs) =
(let (xs_s, xs_b) = partition_rev (λy. R y x) ([],[]) xs in
quicksort_by_rel R (x # (quicksort_by_rel R sl xs_b)) xs_s)"
by pat_completeness simp_all
termination
by (relation "measure (λ(_, _, xs). length xs)")
(simp_all add: partition_rev_filter_conv less_Suc_eq_le)
lemma quicksort_by_rel_remove_acc :
"quicksort_by_rel R sl xs = (quicksort_by_rel R [] xs @ sl)"
proof (induct xs arbitrary: sl rule: measure_induct_rule[of "length"])
case (less xs)
note ind_hyp = this
show ?case
proof (cases xs)
case Nil thus ?thesis by simp
next
case (Cons x xs') note xs_eq[simp] = this
obtain xs1 xs2 where part_rev_eq[simp]: "partition_rev (λy. R y x) ([], []) xs' = (xs1, xs2)"
by (rule PairE)
from part_rev_eq[symmetric]
have length_le: "length xs1 < length xs" "length xs2 < length xs"
unfolding partition_rev_filter_conv by (simp_all add: less_Suc_eq_le)
note ind_hyp1a = ind_hyp[OF length_le(1), of "x # quicksort_by_rel R [] xs2"]
note ind_hyp1b = ind_hyp[OF length_le(1), of "x # quicksort_by_rel R [] xs2 @ sl"]
note ind_hyp2 = ind_hyp[OF length_le(2), of sl]
show ?thesis by (simp add: ind_hyp1a ind_hyp1b ind_hyp2)
qed
qed
lemma quicksort_by_rel_remove_acc_guared :
"sl ≠ [] ==> quicksort_by_rel R sl xs = (quicksort_by_rel R [] xs @ sl)"
by (metis quicksort_by_rel_remove_acc)
lemma quicksort_by_rel_permutes [simp]:
"multiset_of (quicksort_by_rel R sl xs) = multiset_of (xs @ sl)"
proof (induct xs arbitrary: sl rule: measure_induct_rule[of "length"])
case (less xs)
note ind_hyp = this
show ?case
proof (cases xs)
case Nil thus ?thesis by simp
next
case (Cons x xs') note xs_eq[simp] = this
obtain xs1 xs2 where part_rev_eq[simp]: "partition_rev (λy. R y x) ([], []) xs' = (xs1, xs2)"
by (rule PairE)
from part_rev_eq[symmetric] have xs'_multi_eq : "multiset_of xs' = multiset_of xs1 + multiset_of xs2"
unfolding partition_rev_filter_conv
by (simp add: multiset_of_filter multiset_partition)
from part_rev_eq[symmetric]
have length_le: "length xs1 < length xs" "length xs2 < length xs"
unfolding partition_rev_filter_conv by (simp_all add: less_Suc_eq_le)
note ind_hyp[OF length_le(1)] ind_hyp[OF length_le(2)]
thus ?thesis by (simp add: xs'_multi_eq union_assoc)
qed
qed
lemma set_quicksort_by_rel [simp]: "set (quicksort_by_rel R sl xs) = set (xs @ sl)"
by (simp add: set_count_greater_0)
lemma sorted_by_rel_quicksort_by_rel:
fixes R:: "'x => 'x => bool"
assumes lin : "!!x y. (R x y) ∨ (R y x)"
and trans_R: "!!x y z. R x y ==> R y z ==> R x z"
shows "sorted_by_rel R (quicksort_by_rel R [] xs)"
proof (induct xs rule: measure_induct_rule[of "length"])
case (less xs)
note ind_hyp = this
show ?case
proof (cases xs)
case Nil thus ?thesis by simp
next
case (Cons x xs') note xs_eq[simp] = this
obtain xs1 xs2 where part_rev_eq[simp]: "partition_rev (λy. R y x) ([], []) xs' = (xs1, xs2)"
by (rule PairE)
from part_rev_eq[symmetric] have xs1_props: "!!y. y ∈ set xs1 ==> (R y x)" and
xs2_props: "!!y. y ∈ set xs2 ==> ¬(R y x)"
unfolding partition_rev_filter_conv
by simp_all
from xs2_props lin have xs2_props': "!!y. y ∈ set xs2 ==> (R x y)" by blast
from xs2_props' xs1_props trans_R have xs1_props':
"!!y1 y2. y1 ∈ set xs1 ==> y2 ∈ set xs2 ==> (R y1 y2)"
by metis
from part_rev_eq[symmetric]
have length_le: "length xs1 < length xs" "length xs2 < length xs"
unfolding partition_rev_filter_conv by (simp_all add: less_Suc_eq_le)
note ind_hyps = ind_hyp[OF length_le(1)] ind_hyp[OF length_le(2)]
thus ?thesis
by (simp add: quicksort_by_rel_remove_acc_guared sorted_by_rel_append Ball_def
xs1_props xs2_props' xs1_props')
qed
qed
lemma sorted_quicksort_by_rel:
"sorted (quicksort_by_rel op≤ [] xs)"
unfolding sorted_by_rel_linord[symmetric]
by (rule sorted_by_rel_quicksort_by_rel) auto
lemma sort_quicksort_by_rel:
"sort = quicksort_by_rel op≤ []"
apply (rule ext, rule properties_for_sort)
apply(simp_all add: sorted_quicksort_by_rel)
done
subsection {* Mergesort by Relation *}
text {* A functional implementation of mergesort on lists. It it similar to the
one in Isabelle/HOL's example directory. However, it uses tail-recursion for append and arbitrary
relations. *}
subsection {* Quicksort by Relation *}
text {* A functional implementation of quicksort on lists. It it similar to the
one in Isabelle/HOL's example directory. However, it uses tail-recursion for append and arbitrary
relations. *}
fun mergesort_by_rel_split :: "('a list × 'a list) => 'a list => ('a list × 'a list)" where
"mergesort_by_rel_split (xs1, xs2) [] = (xs1, xs2)"
| "mergesort_by_rel_split (xs1, xs2) [x] = (x # xs1, xs2)"
| "mergesort_by_rel_split (xs1, xs2) (x1 # x2 # xs) =
mergesort_by_rel_split (x1 # xs1, x2 # xs2) xs"
lemma list_induct_first2 [consumes 0, case_names Nil Sing Cons2]:
assumes "P []" "!!x. P [x]" "!!x1 x2 xs. P xs ==> P (x1 # x2 #xs)"
shows "P xs"
proof (induct xs rule: length_induct)
case (1 xs) note ind_hyp = this
show ?case
proof (cases xs)
case Nil thus ?thesis using assms(1) by simp
next
case (Cons x1 xs') note xs_eq[simp] = this
thus ?thesis
proof (cases xs')
case Nil thus ?thesis using assms(2) by simp
next
case (Cons x2 xs'') note xs'_eq[simp] = this
show ?thesis
by (simp add: ind_hyp assms(3))
qed
qed
qed
lemma mergesort_by_rel_split_length :
"length (fst (mergesort_by_rel_split (xs1, xs2) xs)) = length xs1 + (length xs div 2) + (length xs mod 2) ∧
length (snd (mergesort_by_rel_split (xs1, xs2) xs)) = length xs2 + (length xs div 2)"
by (induct xs arbitrary: xs1 xs2 rule: list_induct_first2)
(simp_all)
lemma multiset_of_mergesort_by_rel_split [simp]:
"multiset_of (fst (mergesort_by_rel_split (xs1, xs2) xs)) +
multiset_of (snd (mergesort_by_rel_split (xs1, xs2) xs)) =
multiset_of xs + multiset_of xs1 + multiset_of xs2"
apply (induct xs arbitrary: xs1 xs2 rule: list_induct_first2)
apply (simp_all add: ac_simps)
done
fun mergesort_by_rel_merge :: "('a => 'a => bool) => 'a list => 'a list => 'a list"
where
"mergesort_by_rel_merge R (x#xs) (y#ys) =
(if R x y then x # mergesort_by_rel_merge R xs (y#ys) else y # mergesort_by_rel_merge R (x#xs) ys)"
| "mergesort_by_rel_merge R xs [] = xs"
| "mergesort_by_rel_merge R [] ys = ys"
declare mergesort_by_rel_merge.simps [simp del]
lemma mergesort_by_rel_merge_simps[simp] :
"mergesort_by_rel_merge R (x#xs) (y#ys) =
(if R x y then x # mergesort_by_rel_merge R xs (y#ys) else y # mergesort_by_rel_merge R (x#xs) ys)"
"mergesort_by_rel_merge R xs [] = xs"
"mergesort_by_rel_merge R [] ys = ys"
apply (simp_all add: mergesort_by_rel_merge.simps)
apply (cases ys)
apply (simp_all add: mergesort_by_rel_merge.simps)
done
lemma mergesort_by_rel_merge_induct [consumes 0, case_names Nil1 Nil2 Cons1 Cons2]:
assumes "!!xs::'a list. P xs []" "!!ys::'b list. P [] ys"
"!!x xs y ys. R x y ==> P xs (y # ys) ==> P (x # xs) (y # ys)"
"!!x xs y ys. ¬(R x y) ==> P (x # xs) ys ==> P (x # xs) (y # ys)"
shows "P xs ys"
proof (induct xs arbitrary: ys)
case Nil thus ?case using assms(2) by simp
next
case (Cons x xs) note P_xs = this
show ?case
proof (induct ys)
case Nil thus ?case using assms(1) by simp
next
case (Cons y ys) note P_x_xs_ys = this
show ?case using assms(3,4)[of x y xs ys] P_x_xs_ys P_xs by metis
qed
qed
lemma multiset_of_mergesort_by_rel_merge [simp]:
"multiset_of (mergesort_by_rel_merge R xs ys) = multiset_of xs + multiset_of ys"
by (induct R xs ys rule: mergesort_by_rel_merge.induct) (simp_all add: ac_simps)
lemma set_mergesort_by_rel_merge [simp]:
"set (mergesort_by_rel_merge R xs ys) = set xs ∪ set ys"
by (induct R xs ys rule: mergesort_by_rel_merge.induct) auto
lemma sorted_by_rel_mergesort_by_rel_merge [simp]:
assumes lin : "!!x y. (R x y) ∨ (R y x)"
and trans_R: "!!x y z. R x y ==> R y z ==> R x z"
shows "sorted_by_rel R (mergesort_by_rel_merge R xs ys) <->
sorted_by_rel R xs ∧ sorted_by_rel R ys"
proof (induct xs ys rule: mergesort_by_rel_merge_induct[where R = R])
case Nil1 thus ?case by simp
next
case Nil2 thus ?case by simp
next
case (Cons1 x xs y ys) thus ?case
by (simp add: Ball_def) (metis trans_R)
next
case (Cons2 x xs y ys) thus ?case
apply (auto simp add: Ball_def)
apply (metis lin)
apply (metis lin trans_R)
done
qed
function mergesort_by_rel :: "('a => 'a => bool) => 'a list => 'a list"
where
"mergesort_by_rel R xs =
(if length xs < 2 then xs else
(mergesort_by_rel_merge R
(mergesort_by_rel R (fst (mergesort_by_rel_split ([], []) xs)))
(mergesort_by_rel R (snd (mergesort_by_rel_split ([], []) xs)))))"
by auto
termination
apply (relation "measure (λ(_, xs). length xs)")
apply (simp_all add: mergesort_by_rel_split_length)
proof -
fix xs :: "'a list"
assume "¬(length xs < 2)"
then obtain x1 x2 xs' where xs_eq: "xs = x1 # x2 # xs'"
apply (cases xs, simp, rename_tac x1 xs0)
apply (case_tac xs0, simp, rename_tac x2 xs')
apply auto
done
show "length xs div 2 + length xs mod 2 < length xs" by (simp add: xs_eq)
qed
declare mergesort_by_rel.simps [simp del]
lemma mergesort_by_rel_simps [simp, code] :
"mergesort_by_rel R [] = []"
"mergesort_by_rel R [x] = [x]"
"mergesort_by_rel R (x1 # x2 # xs) =
(let (xs1, xs2) = (mergesort_by_rel_split ([x1], [x2]) xs) in
mergesort_by_rel_merge R (mergesort_by_rel R xs1) (mergesort_by_rel R xs2))"
apply (simp add: mergesort_by_rel.simps)
apply (simp add: mergesort_by_rel.simps)
apply (simp add: mergesort_by_rel.simps[of _ "x1 # x2 # xs"] split: prod.splits)
done
lemma mergesort_by_rel_permutes [simp]:
"multiset_of (mergesort_by_rel R xs) = multiset_of xs"
proof (induct xs rule: length_induct)
case (1 xs) note ind_hyp = this
show ?case
proof (cases xs)
case Nil thus ?thesis by simp
next
case (Cons x1 xs') note xs_eq[simp] = this
show ?thesis
proof (cases xs')
case Nil thus ?thesis by simp
next
case (Cons x2 xs'') note xs'_eq[simp] = this
have "length (fst (mergesort_by_rel_split ([], []) xs)) < length xs"
"length (snd (mergesort_by_rel_split ([], []) xs)) < length xs"
by (simp_all add: mergesort_by_rel_split_length)
with ind_hyp show ?thesis
unfolding mergesort_by_rel.simps[of _ xs]
by (simp add: ac_simps)
qed
qed
qed
lemma set_mergesort_by_rel [simp]: "set (mergesort_by_rel R xs) = set xs"
by (simp add: set_count_greater_0)
lemma sorted_by_rel_mergesort_by_rel:
fixes R:: "'x => 'x => bool"
assumes lin : "!!x y. (R x y) ∨ (R y x)"
and trans_R: "!!x y z. R x y ==> R y z ==> R x z"
shows "sorted_by_rel R (mergesort_by_rel R xs)"
proof (induct xs rule: measure_induct_rule[of "length"])
case (less xs)
note ind_hyp = this
show ?case
proof (cases xs)
case Nil thus ?thesis by simp
next
case (Cons x xs') note xs_eq[simp] = this
thus ?thesis
proof (cases xs')
case Nil thus ?thesis by simp
next
case (Cons x2 xs'') note xs'_eq[simp] = this
have "length (fst (mergesort_by_rel_split ([], []) xs)) < length xs"
"length (snd (mergesort_by_rel_split ([], []) xs)) < length xs"
by (simp_all add: mergesort_by_rel_split_length)
with ind_hyp show ?thesis
unfolding mergesort_by_rel.simps[of _ xs]
by (simp add: sorted_by_rel_mergesort_by_rel_merge[OF lin trans_R])
qed
qed
qed
lemma sorted_mergesort_by_rel:
"sorted (mergesort_by_rel op≤ xs)"
unfolding sorted_by_rel_linord[symmetric]
by (rule sorted_by_rel_mergesort_by_rel) auto
lemma sort_mergesort_by_rel:
"sort = mergesort_by_rel op≤"
apply (rule ext, rule properties_for_sort)
apply(simp_all add: sorted_mergesort_by_rel)
done
subsubsection {* Miscellaneous *}
lemma length_compl_induct[case_names Nil Cons]: "[|P []; !! e l . [|!! ll . length ll <= length l ==> P ll|] ==> P (e#l)|] ==> P l"
apply(induct_tac l rule: length_induct)
apply(case_tac "xs")
apply(auto)
done
lemma list_size_conc[simp]: "list_size f (a@b) = list_size f a + list_size f b"
by (induct a) auto
lemma in_set_list_format: "[| e∈set l; !!l1 l2. l=l1@e#l2 ==> P |] ==> P"
proof (induct l arbitrary: P)
case Nil thus ?case by auto
next
case (Cons a l) show ?case proof (cases "a=e")
case True with Cons show ?thesis by force
next
case False with Cons.prems(1) have "e∈set l" by auto
with Cons.hyps obtain l1 l2 where "l=l1@e#l2" by blast
hence "a#l = (a#l1)@e#l2" by simp
with Cons.prems(2) show P by blast
qed
qed
text {* Simultaneous induction over two lists, prepending an element to one of the lists in each step *}
lemma list_2pre_induct[case_names base left right]: assumes BASE: "P [] []" and LEFT: "!!e w1' w2. P w1' w2 ==> P (e#w1') w2" and RIGHT: "!!e w1 w2'. P w1 w2' ==> P w1 (e#w2')" shows "P w1 w2"
proof -
{ -- "The proof is done by induction over the sum of the lengths of the lists"
fix n
have "!!w1 w2. [|length w1 + length w2 = n; P [] []; !!e w1' w2. P w1' w2 ==> P (e#w1') w2; !!e w1 w2'. P w1 w2' ==> P w1 (e#w2') |] ==> P w1 w2 "
apply (induct n)
apply simp
apply (case_tac w1)
apply auto
apply (case_tac w2)
apply auto
done
} from this[OF _ BASE LEFT RIGHT] show ?thesis by blast
qed
lemma list_decomp_1: "length l=1 ==> EX a . l=[a]"
by (case_tac l, auto)
lemma list_decomp_2: "length l=2 ==> EX a b . l=[a,b]"
by (case_tac l, auto simp add: list_decomp_1)
lemma drop_all_conc: "drop (length a) (a@b) = b"
by (simp)
lemma take_update[simp]: "take n (l[i:=x]) = (take n l)[i:=x]"
apply (induct l arbitrary: n i)
apply (auto split: nat.split)
apply (case_tac n)
apply simp_all
apply (case_tac n)
apply simp_all
done
lemma take_update_last: "length list>n ==> take (Suc n) list [n:=x] = take n list @ [x]"
by (induct list arbitrary: n)
(auto split: nat.split)
lemma list_rest_coinc: "[|length s2 <= length s1; s1@r1 = s2@r2|] ==> EX r1p . r2=r1p@r1"
proof -
assume A: "length s2 <= length s1" "s1@r1 = s2@r2"
hence "r1 = drop (length s1) (s2@r2)" by (auto simp only:drop_all_conc dest: sym)
moreover from A have "length s1 = length s1 - length s2 + length s2" by arith
ultimately have "r1 = drop ((length s1 - length s2)) r2" by (auto)
hence "r2 = take ((length s1 - length s2)) r2 @ r1" by auto
thus ?thesis by auto
qed
lemma list_tail_coinc: "n1#r1 = n2#r2 ==> n1=n2 & r1=r2"
by (auto)
lemma last_in_set[intro]: "[|l≠[]|] ==> last l ∈ set l"
by (induct l) auto
lemma map_ident_id[simp]: "map id = id" "map id x = x"
by (unfold id_def) auto
lemma op_conc_empty_img_id[simp]: "(op @ [] ` L) = L" by auto
lemma distinct_match: "[| distinct (al@e#bl) |] ==> (al@e#bl = al'@e#bl') <-> (al=al' ∧ bl=bl')"
proof (rule iffI, induct al arbitrary: al')
case Nil thus ?case by (cases al') auto
next
case (Cons a al) note Cprems=Cons.prems note Chyps=Cons.hyps
show ?case proof (cases al')
case Nil with Cprems have False by auto
thus ?thesis ..
next
case (Cons a' all')[simp]
with Cprems have [simp]: "a=a'" and P: "al@e#bl = all'@e#bl'" by auto
from Cprems(1) have D: "distinct (al@e#bl)" by auto
from Chyps[OF D P] have [simp]: "al=all'" "bl=bl'" by auto
show ?thesis by simp
qed
qed simp
lemma prop_match: "[| list_all P al; ¬P e; ¬P e'; list_all P bl |] ==> (al@e#bl = al'@e'#bl') <-> (al=al' ∧ e=e' ∧ bl=bl')"
apply (rule iffI, induct al arbitrary: al')
apply (case_tac al', fastforce, fastforce)+
done
lemmas prop_matchD = rev_iffD1[OF _ prop_match[where P=P]] for P
lemma list_match_lel_lel: "[|
c1 @ qs # c2 = c1' @ qs' # c2';
!!c21'. [|c1 = c1' @ qs' # c21'; c2' = c21' @ qs # c2|] ==> P;
[|c1' = c1; qs' = qs; c2' = c2|] ==> P;
!!c21. [|c1' = c1 @ qs # c21; c2 = c21 @ qs' # c2'|] ==> P
|] ==> P"
apply (auto simp add: append_eq_append_conv2)
apply (case_tac us)
apply auto
apply (case_tac us)
apply auto
done
lemma distinct_tl[simp]: "l≠[] ==> distinct l ==> distinct (tl l)"
by (cases l) auto
lemma xy_in_set_cases[consumes 2, case_names EQ XY YX]:
assumes A: "x∈set l" "y∈set l"
and C:
"!!l1 l2. [| x=y; l=l1@y#l2 |] ==> P"
"!!l1 l2 l3. [| x≠y; l=l1@x#l2@y#l3 |] ==> P"
"!!l1 l2 l3. [| x≠y; l=l1@y#l2@x#l3 |] ==> P"
shows P
proof (cases "x=y")
case True with A(1) obtain l1 l2 where "l=l1@y#l2" by (blast dest: split_list)
with C(1) True show ?thesis by blast
next
case False
from A(1) obtain l1 l2 where S1: "l=l1@x#l2" by (blast dest: split_list)
from A(2) obtain l1' l2' where S2: "l=l1'@y#l2'" by (blast dest: split_list)
from S1 S2 have M: "l1@x#l2 = l1'@y#l2'" by simp
thus P proof (cases rule: list_match_lel_lel[consumes 1, case_names 1 2 3])
case (1 c) with S1 have "l=l1'@y#c@x#l2" by simp
with C(3) False show ?thesis by blast
next
case 2 with False have False by blast
thus ?thesis ..
next
case (3 c) with S1 have "l=l1@x#c@y#l2'" by simp
with C(2) False show ?thesis by blast
qed
qed
lemma distinct_map_eq: "[| distinct (List.map f l); f x = f y; x∈set l; y∈set l |] ==> x=y"
by (erule (2) xy_in_set_cases) auto
-- {* Congruence rules for @{const list_all} and @{const list_ex} *}
lemma list_all_cong[fundef_cong]: "[| xs=ys; !!x. x∈set ys ==> f x <-> g x |] ==> list_all f xs = list_all g ys"
apply (induct xs arbitrary: ys)
apply auto
done
lemma list_ex_cong[fundef_cong]: "[| xs=ys; !!x. x∈set ys ==> f x <-> g x |] ==> list_ex f xs = list_ex g ys"
apply (induct xs arbitrary: ys)
apply auto
done
lemma lists_image_witness:
assumes A: "x∈lists (f`Q)"
obtains xo where "xo∈lists Q" "x=map f xo"
proof -
have "[| x∈lists (f`Q) |] ==> ∃xo∈lists Q. x=map f xo"
proof (induct x)
case Nil thus ?case by auto
next
case (Cons x xs)
then obtain xos where "xos∈lists Q" "xs=map f xos" by force
moreover from Cons.prems have "x∈f`Q" by auto
then obtain xo where "xo∈Q" "x=f xo" by auto
ultimately show ?case
by (rule_tac x="xo#xos" in bexI) auto
qed
thus ?thesis
apply (simp_all add: A)
apply (erule_tac bexE)
apply (rule_tac that)
apply assumption+
done
qed
lemma map_of_None_filterD:
"map_of xs x = None ==> map_of (filter P xs) x = None"
by(induct xs) auto
lemma map_of_concat: "map_of (concat xss) = foldr (λxs f. f ++ map_of xs) xss empty"
by(induct xss) simp_all
lemma map_of_Some_split:
"map_of xs k = Some v ==> ∃ys zs. xs = ys @ (k, v) # zs ∧ map_of ys k = None"
proof(induct xs)
case (Cons x xs)
obtain k' v' where x: "x = (k', v')" by(cases x)
show ?case
proof(cases "k' = k")
case True
with `map_of (x # xs) k = Some v` x have "x # xs = [] @ (k, v) # xs" "map_of [] k = None" by simp_all
thus ?thesis by blast
next
case False
with `map_of (x # xs) k = Some v` x
have "map_of xs k = Some v" by simp
from `map_of xs k = Some v ==> ∃ys zs. xs = ys @ (k, v) # zs ∧ map_of ys k = None`[OF this]
obtain ys zs where "xs = ys @ (k, v) # zs" "map_of ys k = None" by blast
with False x have "x # xs = (x # ys) @ (k, v) # zs" "map_of (x # ys) k = None" by simp_all
thus ?thesis by blast
qed
qed simp
lemma map_add_find_left:
"g k = None ==> (f ++ g) k = f k"
by(simp add: map_add_def)
lemma map_add_left_None:
"f k = None ==> (f ++ g) k = g k"
by(simp add: map_add_def split: option.split)
lemma map_of_Some_filter_not_in:
"[| map_of xs k = Some v; ¬ P (k, v); distinct (map fst xs) |] ==> map_of (filter P xs) k = None"
apply(induct xs)
apply(auto)
apply(auto simp add: map_of_eq_None_iff)
done
lemma distinct_map_fst_filterI: "distinct (map fst xs) ==> distinct (map fst (filter P xs))"
by(induct xs) auto
lemma distinct_map_fstD: "[| distinct (map fst xs); (x, y) ∈ set xs; (x, z) ∈ set xs |] ==> y = z"
by(induct xs)(fastforce elim: notE rev_image_eqI)+
lemma drop_eq_ConsD: "drop n xs = x # xs' ==> drop (Suc n) xs = xs'"
by(induct xs arbitrary: n)(simp_all add: drop_Cons split: nat.split_asm)
lemma concat_filter_neq_Nil:
"concat [ys\<leftarrow>xs. ys ≠ Nil] = concat xs"
by(induct xs) simp_all
lemma distinct_concat':
"[|distinct [ys\<leftarrow>xs. ys ≠ Nil]; !!ys. ys ∈ set xs ==> distinct ys;
!!ys zs. [|ys ∈ set xs; zs ∈ set xs; ys ≠ zs|] ==> set ys ∩ set zs = {}|]
==> distinct (concat xs)"
by(erule distinct_concat[of "[ys\<leftarrow>xs. ys ≠ Nil]", unfolded concat_filter_neq_Nil]) auto
lemma replicate_Suc_conv_snoc:
"replicate (Suc n) x = replicate n x @ [x]"
by (metis replicate_Suc replicate_append_same)
lemma filter_nth_ex_nth:
assumes "n < length (filter P xs)"
shows "∃m. n ≤ m ∧ m < length xs ∧ filter P xs ! n = xs ! m ∧ filter P (take m xs) = take n (filter P xs)"
using assms
proof(induct xs rule: rev_induct)
case Nil thus ?case by simp
next
case (snoc x xs)
show ?case
proof(cases "P x")
case False[simp]
from `n < length (filter P (xs @ [x]))` have "n < length (filter P xs)" by simp
hence "∃m≥n. m < length xs ∧ filter P xs ! n = xs ! m ∧ filter P (take m xs) = take n (filter P xs)" by(rule snoc)
thus ?thesis by(auto simp add: nth_append)
next
case True[simp]
show ?thesis
proof(cases "n = length (filter P xs)")
case False
with `n < length (filter P (xs @ [x]))` have "n < length (filter P xs)" by simp
moreover hence "∃m≥n. m < length xs ∧ filter P xs ! n = xs ! m ∧ filter P (take m xs) = take n (filter P xs)"
by(rule snoc)
ultimately show ?thesis by(auto simp add: nth_append)
next
case True[simp]
hence "filter P (xs @ [x]) ! n = (xs @ [x]) ! length xs" by simp
moreover have "length xs < length (xs @ [x])" by simp
moreover have "length xs ≥ n" by simp
moreover have "filter P (take (length xs) (xs @ [x])) = take n (filter P (xs @ [x]))" by simp
ultimately show ?thesis by blast
qed
qed
qed
lemma set_map_filter:
"set (List.map_filter g xs) = {y. ∃x. x ∈ set xs ∧ g x = Some y}"
by (induct xs) (auto simp add: List.map_filter_def set_eq_iff)
subsection {* Induction on nat *}
lemma nat_compl_induct[case_names 0 Suc]: "[|P 0; !! n . ALL nn . nn <= n --> P nn ==> P (Suc n)|] ==> P n"
apply(induct_tac n rule: nat_less_induct)
apply(case_tac n)
apply(auto)
done
lemma nat_compl_induct'[case_names 0 Suc]: "[|P 0; !! n . [|!! nn . nn ≤ n ==> P nn|] ==> P (Suc n)|] ==> P n"
apply(induct_tac n rule: nat_less_induct)
apply(case_tac n)
apply(auto)
done
subsection {* Functions of type @{typ "bool=>bool"}*}
lemma boolfun_cases_helper: "g=(λx. False) | g=(λx. x) | g=(λx. True) | g= (λx. ¬x)"
proof -
{ assume "g False" "g True"
hence "g = (λx. True)" by (rule_tac ext, case_tac x, auto)
} moreover {
assume "g False" "¬g True"
hence "g = (λx. ¬x)" by (rule_tac ext, case_tac x, auto)
} moreover {
assume "¬g False" "g True"
hence "g = (λx. x)" by (rule_tac ext, case_tac x, auto)
} moreover {
assume "¬g False" "¬g True"
hence "g = (λx. False)" by (rule_tac ext, case_tac x, auto)
} ultimately show ?thesis by fast
qed
lemma boolfun_cases[case_names False Id True Neg]: "[|g=(λx. False) ==> P g; g=(λx. x) ==> P g; g=(λx. True) ==> P g; g=(λx. ¬x) ==> P g|] ==> P g"
proof -
note boolfun_cases_helper[of g]
moreover assume "g=(λx. False) ==> P g" "g=(λx. x) ==> P g" "g=(λx. True) ==> P g" "g=(λx. ¬x) ==> P g"
ultimately show ?thesis by fast
qed
subsection {* Definite and indefinite description *}
text "Combined definite and indefinite description for binary predicate"
lemma some_theI: assumes EX: "∃a b . P a b" and BUN: "!! b1 b2 . [|∃a . P a b1; ∃a . P a b2|] ==> b1=b2"
shows "P (SOME a . ∃b . P a b) (THE b . ∃a . P a b)"
proof -
from EX have "EX b . P (SOME a . EX b . P a b) b" by (rule someI_ex)
moreover from EX have "EX b . EX a . P a b" by blast
with BUN theI'[of "λb . EX a . P a b"] have "EX a . P a (THE b . EX a . P a b)" by (unfold Ex1_def, blast)
moreover note BUN
ultimately show ?thesis by (fast)
qed
lemma some_insert_self[simp]: "S≠{} ==> insert (SOME x. x∈S) S = S"
by (auto intro: someI)
lemma some_elem[simp]: "S≠{} ==> (SOME x. x∈S) ∈ S"
by (auto intro: someI)
subsubsection{* Hilbert Choice with option *}
definition Eps_Opt where
"Eps_Opt P = (if (∃x. P x) then Some (SOME x. P x) else None)"
lemma some_opt_eq_trivial[simp] :
"Eps_Opt (λy. y = x) = Some x"
unfolding Eps_Opt_def by simp
lemma some_opt_sym_eq_trivial[simp] :
"Eps_Opt (op = x) = Some x"
unfolding Eps_Opt_def by simp
lemma some_opt_false_trivial[simp] :
"Eps_Opt (λ_. False) = None"
unfolding Eps_Opt_def by simp
lemma Eps_Opt_eq_None[simp] :
"Eps_Opt P = None <-> ¬(Ex P)"
unfolding Eps_Opt_def by simp
lemma Eps_Opt_eq_Some_implies :
"Eps_Opt P = Some x ==> P x"
unfolding Eps_Opt_def
by (metis option.inject option.simps(2) someI_ex)
lemma Eps_Opt_eq_Some :
assumes P_prop: "!!x'. P x ==> P x' ==> x' = x"
shows "Eps_Opt P = Some x <-> P x"
using P_prop
unfolding Eps_Opt_def
by (metis option.inject option.simps(2) someI_ex)
subsection {* Directed Graphs and Relations *}
subsubsection "Reflexive-Transitive Closure"
lemma r_le_rtrancl[simp]: "S⊆S⇧*" by auto
lemma rtrancl_mono_rightI: "S⊆S' ==> S⊆S'⇧*" by auto
text {* A path in a graph either does not use nodes from S at all, or it has a prefix leading to a node in S and a suffix that does not use nodes in S *}
lemma rtrancl_last_visit[cases set, case_names no_visit last_visit_point]:
shows
"[| (q,q')∈R⇧*;
(q,q')∈(R-UNIV×S)⇧* ==> P;
!!qt. [| qt∈S; (q,qt)∈R⇧+; (qt,q')∈(R-UNIV×S)⇧* |] ==> P
|] ==> P"
proof (induct rule: converse_rtrancl_induct[case_names refl step])
case refl thus ?case by auto
next
case (step q qh)
show P proof (rule step.hyps(3))
assume A: "(qh,q')∈(R-UNIV×S)⇧*"
show P proof (cases "qh∈S")
case False
with step.hyps(1) A have "(q,q')∈(R-UNIV×S)⇧*"
by (auto intro: converse_rtrancl_into_rtrancl)
with step.prems(1) show P .
next
case True
from step.hyps(1) have "(q,qh)∈R⇧+" by auto
with step.prems(2) True A show P by blast
qed
next
fix qt
assume A: "qt∈S" "(qh,qt)∈R⇧+" "(qt,q')∈(R-UNIV×S)⇧*"
with step.hyps(1) have "(q,qt)∈R⇧+" by auto
with step.prems(2) A(1,3) show P by blast
qed
qed
text {* Less general version of @{text rtrancl_last_visit}, but there's a short automatic proof *}
lemma rtrancl_last_visit': "[| (q,q')∈R⇧*; (q,q')∈(R-UNIV×S)⇧* ==> P; !!qt. [| qt∈S; (q,qt)∈R⇧*; (qt,q')∈(R-UNIV×S)⇧* |] ==> P |] ==> P"
by (induct rule: converse_rtrancl_induct) (auto intro: converse_rtrancl_into_rtrancl)
text {* Find last point where a path touches a set *}
lemma rtrancl_last_touch: "[| (q,q')∈R⇧*; q∈S; !!qt. [| qt∈S; (q,qt)∈R⇧*; (qt,q')∈(R-UNIV×S)⇧* |] ==> P |] ==> P"
by (erule rtrancl_last_visit') auto
lemma rtrancl_image_advance: "[|q∈R⇧* `` Q0; (q,x)∈R|] ==> x∈R⇧* `` Q0"
by (auto intro: rtrancl_into_rtrancl)
subsubsection "Converse Relation"
lemma converse_subset[simp]: "G¯ ⊆ H¯ <-> G⊆H"
by auto
lemma Sigma_converse: "(A×B)¯ = B×A" by auto
lemmas converse_add_simps = Sigma_converse trancl_converse[symmetric] converse_Un converse_Int
subsubsection "Cyclicity"
lemma acyclic_union:
"acyclic (A∪B) ==> acyclic A"
"acyclic (A∪B) ==> acyclic B"
by (metis Un_upper1 Un_upper2 acyclic_subset)+
lemma cyclicE: "[|¬acyclic g; !!x. (x,x)∈g⇧+ ==> P|] ==> P"
by (unfold acyclic_def) blast
lemma acyclic_empty[simp, intro!]: "acyclic {}" by (unfold acyclic_def) auto
lemma acyclic_insert_cyclic: "[|acyclic g; ¬acyclic (insert (x,y) g)|] ==> (y,x)∈g⇧*"
by (unfold acyclic_def) (auto simp add: trancl_insert)
text {*
This lemma makes a case distinction about a path in a graph where a couple of edges with the same
endpoint have been inserted: If there is a path from a to b, then there's such a path in the original graph, or
there's a path that uses an inserted edge only once.
Originally, this lemma was used to reason about the graph of an updated acquisition history. Any path in
this graph is either already contained in the original graph, or passes via an
inserted edge. Because all the inserted edges point to the same target node, in the
second case, the path can be short-circuited to use exactly one inserted edge.
*}
lemma trancl_multi_insert[cases set, case_names orig via]:
"[| (a,b)∈(r∪X×{m})⇧+;
(a,b)∈r⇧+ ==> P;
!!x. [| x∈X; (a,x)∈r⇧*; (m,b)∈r⇧* |] ==> P
|] ==> P"
proof (induct arbitrary: P rule: trancl_induct)
case (base b) thus ?case by auto
next
case (step b c) show ?case proof (rule step.hyps(3))
assume A: "(a,b)∈r⇧+"
note step.hyps(2)
moreover {
assume "(b,c)∈r"
with A have "(a,c)∈r⇧+" by auto
with step.prems have P by blast
} moreover {
assume "b∈X" "c=m"
with A have P by (rule_tac step.prems(2)) simp+
} ultimately show P by auto
next
fix x
assume A: "x ∈ X" "(a, x) ∈ r⇧*" "(m, b) ∈ r⇧*"
note step.hyps(2)
moreover {
assume "(b,c)∈r"
with A(3) have "(m,c)∈r⇧*" by auto
with step.prems(2)[OF A(1,2)] have P by blast
} moreover {
assume "b∈X" "c=m"
with A have P by (rule_tac step.prems(2)) simp+
} ultimately show P by auto
qed
qed
text {*
Version of @{thm [source] trancl_multi_insert} for inserted edges with the same startpoint.
*}
lemma trancl_multi_insert2[cases set, case_names orig via]:
"[|(a,b)∈(r∪{m}×X)⇧+; (a,b)∈r⇧+ ==> P; !!x. [| x∈X; (a,m)∈r⇧*; (x,b)∈r⇧* |] ==> P |] ==> P"
proof -
case goal1 from goal1(1) have "(b,a)∈((r∪{m}×X)⇧+)¯" by simp
also have "((r∪{m}×X)⇧+)¯ = (r¯∪X×{m})⇧+" by (simp add: converse_add_simps)
finally have "(b, a) ∈ (r¯ ∪ X × {m})⇧+" .
thus ?case
by (auto elim!: trancl_multi_insert
intro: goal1(2,3)
simp add: trancl_converse rtrancl_converse
)
qed
subsubsection {* Wellfoundedness *}
lemma wf_min: assumes A: "wf R" "R≠{}" "!!m. m∈Domain R - Range R ==> P" shows P proof -
have H: "!!x. wf R ==> ∀y. (x,y)∈R --> x∈Domain R - Range R ∨ (∃m. m∈Domain R - Range R)"
by (erule_tac wf_induct_rule[where P="λx. ∀y. (x,y)∈R --> x∈Domain R - Range R ∨ (∃m. m∈Domain R - Range R)"]) auto
from A(2) obtain x y where "(x,y)∈R" by auto
with A(1,3) H show ?thesis by blast
qed
lemma finite_wf_eq_wf_converse: "finite R ==> wf (R¯) <-> wf R"
by (metis acyclic_converse finite_acyclic_wf finite_acyclic_wf_converse wf_acyclic)
lemma wf_max: assumes A: "wf (R¯)" "R≠{}" and C: "!!m. m∈Range R - Domain R ==> P" shows "P"
proof -
from A(2) have NE: "R¯≠{}" by auto
from wf_min[OF A(1) NE] obtain m where "m∈Range R - Domain R" by auto
thus P by (blast intro: C)
qed
-- "Useful lemma to show well-foundedness of some process approaching a finite upper bound"
lemma wf_bounded_supset: "finite S ==> wf {(Q',Q). Q'⊃Q ∧ Q'⊆ S}"
proof -
assume [simp]: "finite S"
hence [simp]: "!!x. finite (S-x)" by auto
have "{(Q',Q). Q⊂Q' ∧ Q'⊆ S} ⊆ inv_image ({(s'::nat,s). s'<s}) (λQ. card (S-Q))"
proof (intro subsetI, case_tac x, simp)
fix a b
assume A: "b⊂a ∧ a⊆S"
hence "S-a ⊂ S-b" by blast
thus "card (S-a) < card (S-b)" by (auto simp add: psubset_card_mono)
qed
moreover have "wf ({(s'::nat,s). s'<s})" by (rule wf_less)
ultimately show ?thesis by (blast intro: wf_inv_image wf_subset)
qed
lemma lex_prod_fstI: "[| (fst a, fst b)∈r |] ==> (a,b)∈r<*lex*>s"
apply (cases a, cases b)
apply auto
done
lemma lex_prod_sndI: "[| fst a = fst b; (snd a, snd b)∈s |] ==> (a,b)∈r<*lex*>s"
apply (cases a, cases b)
apply auto
done
subsubsection {* Miscellaneous *}
lemma Image_empty[simp]: "{} `` X = {}"
by auto
lemma Image_subseteq_Range: fixes R shows "R``A ⊆ Range R"
by auto
lemma finite_Range: fixes R shows "finite R ==> finite (Range R)"
proof -
assume "finite R"
hence "finite (snd ` R)" by auto
also have "snd ` R = Range R" by force
finally show ?thesis .
qed
lemma finite_Image: fixes R shows "[| finite R |] ==> finite (R `` A)"
by (rule finite_subset[OF Image_subseteq_Range finite_Range])
lemma finite_rtrancl_Image:
fixes R
shows "[| finite R; finite A |] ==> finite ((R⇧*) `` A)"
proof -
assume A: "finite R" "finite A"
have "(R⇧* `` A) ⊆ Range R ∪ A"
proof safe
case goal1 thus ?case by (induct rule: rtrancl_induct) auto
qed
thus ?thesis
apply (erule_tac finite_subset)
apply (simp add: A finite_Range)
done
qed
subsection {* Ordering on @{text "option"}-Datatype *}
text {*
We lift any ordering relation on the option datatype, with @{text None} as the smallest element.
*}
instantiation option :: (ord) ord
begin
definition
le_option_def: "a ≤ b <-> (case a of None => True | Some aa => (case b of None => False | Some bb => aa≤bb))"
definition
less_option_def: "(a::'a option) < b <-> a ≤ b ∧ a ≠ b"
lemma None_least[simp]:
"None ≤ b"
"None < b <-> b≠None"
"None < Some bb"
"a≤None <-> a=None"
"¬ (a<None)"
apply (unfold le_option_def less_option_def)
apply (auto split: option.split_asm)
apply (cases b)
apply auto
done
lemma Some_simps[simp]:
"Some a ≤ Some b <-> a ≤ b"
by (auto simp add: le_option_def less_option_def split: option.split_asm)
lemma le_some_optE: "[|Some m≤x; !!m'. [|x=Some m'; m≤m'|] ==> P|] ==> P"
by (cases x) auto
lemma le_some_optI: "m≤m' ==> Some m ≤ Some m'" by simp
lemma le_optI:
"[| a=None |] ==> a≤b"
"[| a=Some x; b=Some y; x≤y |] ==> a≤b"
by auto
lemma le_optE: "[| a≤b; a=None ==> P; !!x y. [|a=Some x; b=Some y; x≤y|] ==> P |] ==> P"
apply (cases a, cases b)
apply auto
apply (cases b)
apply auto
done
instance ..
end
instantiation option :: (order) order
begin
instance by default (auto simp add: le_option_def less_option_def split: option.split_asm option.split)
lemma Some_simps2[simp]:
"Some a < Some b <-> a < (b::'a::order)"
by (auto simp add: le_option_def less_option_def split: option.split_asm)
lemma less_optE: "[|Some (m::'a::order)<x; !!m'. [|x=Some m'; m<m'|] ==> P|] ==> P"
by (cases x) auto
lemma less_optI: "(m::'a::order)≤m' ==> Some m ≤ Some m'" by simp
end
subsection "Ordering on Pair"
instantiation prod :: (ord, ord) ord
begin
fun less_eq_prod_aux where "less_eq_prod_aux (a1,a2) (b1,b2) = (a1<b1 ∨ (a1=b1 ∧ a2 ≤ b2))"
definition less_eq_prod_def: "a≤b == less_eq_prod_aux a b"
definition less_prod_def: "a<b == a≠b ∧ less_eq_prod_aux a b"
instance ..
end
instance prod :: (order, order) order
apply intro_classes
apply (unfold less_eq_prod_def less_prod_def)
apply (auto dest: less_trans)
done
instance prod :: (linorder, linorder) linorder
apply intro_classes
apply (unfold less_eq_prod_def less_prod_def)
apply auto
done
subsection "Maps"
lemma map_add_dom_app_simps[simp]:
"[| m∈dom l2 |] ==> (l1++l2) m = l2 m"
"[| m∉dom l1 |] ==> (l1++l2) m = l2 m"
"[| m∉dom l2 |] ==> (l1++l2) m = l1 m"
by (auto simp add: map_add_def split: option.split_asm)
lemma map_add_upd2[simp]: "m∉dom e2 ==> e1(m \<mapsto> u1) ++ e2 = (e1 ++ e2)(m \<mapsto> u1)"
apply (unfold map_add_def)
apply (rule ext)
apply (auto split: option.split)
done
lemma ran_add[simp]: "dom f ∩ dom g = {} ==> ran (f++g) = ran f ∪ ran g" by (fastforce simp add: ran_def map_add_def split: option.split_asm option.split)
lemma dom_empty_simp[simp]: "dom l = {} <-> l=empty"
by (auto simp add: dom_def intro: ext)
lemma nempty_dom: "[|e≠empty; !!m. m∈dom e ==> P |] ==> P"
by (subgoal_tac "dom e ≠ {}") (blast, auto)
lemma map_add_empty[simp]:
"(empty = f++g) <-> f=empty ∧ g=empty"
"(f++g = empty) <-> f=empty ∧ g=empty"
apply (safe)
apply (rule ext, drule_tac x=x in fun_cong, simp add: map_add_def split: option.split_asm)
apply (rule ext, drule_tac x=x in fun_cong, simp add: map_add_def split: option.split_asm)
apply simp
apply (rule ext, drule_tac x=x in fun_cong, simp add: map_add_def split: option.split_asm)
apply (rule ext, drule_tac x=x in fun_cong, simp add: map_add_def split: option.split_asm)
apply simp
done
lemma le_map_dom_mono: "m≤m' ==> dom m ⊆ dom m'"
apply (safe)
apply (drule_tac x=x in le_funD)
apply simp
apply (erule le_some_optE)
apply simp
done
lemma map_add_first_le: fixes m::"'a\<rightharpoonup>('b::order)" shows "[| m≤m' |] ==> m++n ≤ m'++n"
apply (rule le_funI)
apply (auto simp add: map_add_def split: option.split elim: le_funE)
done
lemma map_add_distinct_le: shows "[| m≤m'; n≤n'; dom m' ∩ dom n' = {} |] ==> m++n ≤ m'++n'"
apply (rule le_funI)
apply (auto simp add: map_add_def split: option.split)
apply (fastforce elim: le_funE)
apply (drule le_map_dom_mono)
apply (drule le_map_dom_mono)
apply (case_tac "m x")
apply simp
apply (force)
apply (fastforce dest!: le_map_dom_mono)
apply (erule le_funE)
apply (erule_tac x=x in le_funE)
apply simp
done
lemma map_add_left_comm: assumes A: "dom A ∩ dom B = {}" shows "A ++ (B ++ C) = B ++ (A ++ C)"
proof -
have "A ++ (B ++ C) = (A++B)++C" by simp
also have "… = (B++A)++C" by (simp add: map_add_comm[OF A])
also have "… = B++(A++C)" by simp
finally show ?thesis .
qed
lemmas map_add_ac = map_add_assoc map_add_comm map_add_left_comm
lemma le_map_restrict[simp]: fixes m :: "'a \<rightharpoonup> ('b::order)" shows "m |` X ≤ m"
by (rule le_funI) (simp add: restrict_map_def)
subsection{* Connection between Maps and Sets of Key-Value Pairs *}
definition map_to_set where
"map_to_set m = {(k, v) . m k = Some v}"
definition set_to_map where
"set_to_map S k = Eps_Opt (λv. (k, v) ∈ S)"
lemma set_to_map_simp :
assumes inj_on_fst: "inj_on fst S"
shows "(set_to_map S k = Some v) <-> (k, v) ∈ S"
proof (cases "∃v. (k, v) ∈ S")
case True
note kv_ex = this
then obtain v' where kv'_in: "(k, v') ∈ S" by blast
with inj_on_fst have kv''_in: "!!v''. (k, v'') ∈ S <-> v' = v''"
unfolding inj_on_def Ball_def
by auto
show ?thesis
unfolding set_to_map_def
by (simp add: kv_ex kv''_in)
next
case False
hence kv''_nin: "!!v''. (k, v'') ∉ S" by simp
thus ?thesis
by (simp add: set_to_map_def)
qed
lemma inj_on_fst_map_to_set :
"inj_on fst (map_to_set m)"
unfolding map_to_set_def inj_on_def by simp
lemma map_to_set_inverse :
"set_to_map (map_to_set m) = m"
proof
fix k
show "set_to_map (map_to_set m) k = m k"
proof (cases "m k")
case None note mk_eq = this
hence "!!v. (k, v) ∉ map_to_set m"
unfolding map_to_set_def by simp
with set_to_map_simp [OF inj_on_fst_map_to_set, of m k]
show ?thesis unfolding mk_eq by auto
next
case (Some v) note mk_eq = this
hence "(k, v) ∈ map_to_set m"
unfolding map_to_set_def by simp
with set_to_map_simp [OF inj_on_fst_map_to_set, of m k v]
show ?thesis unfolding mk_eq by auto
qed
qed
lemma set_to_map_inverse :
assumes inj_on_fst_S: "inj_on fst S"
shows "map_to_set (set_to_map S) = S"
proof (rule set_eqI)
fix kv
from set_to_map_simp [OF inj_on_fst_S, of "fst kv" "snd kv"]
show "(kv ∈ map_to_set (set_to_map S)) = (kv ∈ S)"
unfolding map_to_set_def
by auto
qed
lemma map_to_set_empty[simp]: "map_to_set empty = {}"
unfolding map_to_set_def by simp
lemma set_to_map_empty[simp]: "set_to_map {} = empty"
unfolding set_to_map_def[abs_def] by simp
lemma map_to_set_empty_iff: "map_to_set m = {} <-> m = Map.empty"
"{} = map_to_set m <-> m = Map.empty"
unfolding map_to_set_def by auto
lemma set_to_map_empty_iff: "set_to_map S = Map.empty <-> S = {}" (is ?T1)
"Map.empty = set_to_map S <-> S = {}" (is ?T2)
proof -
show T1: ?T1
apply (simp only: set_eq_iff)
apply (simp only: fun_eq_iff)
apply (simp add: set_to_map_def)
apply auto
done
from T1 show ?T2 by auto
qed
lemma map_to_set_upd[simp]: "map_to_set (m (k \<mapsto> v)) = insert (k, v) (map_to_set m - {(k, v') |v'. True})"
unfolding map_to_set_def
apply (simp add: set_eq_iff)
apply metis
done
lemma set_to_map_insert:
assumes k_nin: "fst kv ∉ fst ` S"
shows "set_to_map (insert kv S) = (set_to_map S) (fst kv \<mapsto> snd kv)"
proof
fix k'
obtain k v where kv_eq[simp]: "kv = (k, v)" by (rule PairE)
from k_nin have k_nin': "!!v'. (k, v') ∉ S"
by (auto simp add: image_iff Ball_def)
show "set_to_map (insert kv S) k' = (set_to_map S(fst kv \<mapsto> snd kv)) k'"
by (simp add: set_to_map_def k_nin')
qed
lemma map_to_set_dom :
"dom m = fst ` (map_to_set m)"
unfolding dom_def map_to_set_def
by (auto simp add: image_iff)
lemma map_to_set_ran :
"ran m = snd ` (map_to_set m)"
unfolding ran_def map_to_set_def
by (auto simp add: image_iff)
lemma set_to_map_dom :
"dom (set_to_map S) = fst ` S"
unfolding set_to_map_def[abs_def] dom_def
by (auto simp add: image_iff Bex_def)
lemma set_to_map_ran :
"ran (set_to_map S) ⊆ snd ` S"
unfolding set_to_map_def[abs_def] ran_def subset_iff
by (auto simp add: image_iff Bex_def)
(metis Eps_Opt_eq_Some)
lemma finite_map_to_set:
"finite (map_to_set m) = finite (dom m)"
unfolding map_to_set_def map_to_set_dom
apply (intro iffI finite_imageI)
apply assumption
apply (rule finite_imageD[of fst])
apply assumption
apply (simp add: inj_on_def)
done
lemma card_map_to_set :
"card (map_to_set m) = card (dom m)"
unfolding map_to_set_def map_to_set_dom
apply (rule card_image[symmetric])
apply (simp add: inj_on_def)
done
lemma map_of_map_to_set :
"distinct (map fst l) ==>
map_of l = m <-> set l = map_to_set m"
proof (induct l arbitrary: m)
case Nil thus ?case by (simp add: map_to_set_empty_iff) blast
next
case (Cons kv l m)
obtain k v where kv_eq[simp]: "kv = (k, v)" by (rule PairE)
from Cons(2) have dist_l: "distinct (map fst l)" and kv'_nin: "!!v'. (k, v') ∉ set l"
by (auto simp add: image_iff)
note ind_hyp = Cons(1)[OF dist_l]
from kv'_nin have l_eq: "set (kv # l) = map_to_set m <-> (set l = map_to_set (m (k := None))) ∧ m k = Some v"
apply (simp add: map_to_set_def restrict_map_def set_eq_iff)
apply (auto)
apply (metis)
apply (metis option.inject)
done
from kv'_nin have m_eq: "map_of (kv # l) = m <-> map_of l = (m (k := None)) ∧ m k = Some v"
apply (simp add: fun_eq_iff restrict_map_def map_of_eq_None_iff image_iff Ball_def)
apply metis
done
show ?case
unfolding m_eq l_eq
using ind_hyp[of "m (k := None)"]
by metis
qed
lemma map_to_set_map_of :
"distinct (map fst l) ==> map_to_set (map_of l) = set l"
by (metis map_of_map_to_set)
subsection {* Orderings *}
lemma (in order) min_arg_le[simp]:
"n ≤ min m n <-> min m n = n"
"m ≤ min m n <-> min m n = m"
by (auto simp: min_def)
lemma (in linorder) min_arg_not_ge[simp]:
"¬ min m n < m <-> min m n = m"
"¬ min m n < n <-> min m n = n"
by (auto simp: min_def)
lemma (in linorder) min_eq_arg[simp]:
"min m n = m <-> m≤n"
"min m n = n <-> n≤m"
by (auto simp: min_def)
lemma min_simps[simp]:
"a<(b::'a::order) ==> min a b = a"
"b<(a::'a::order) ==> min a b = b"
by (auto simp add: min_def dest: less_imp_le)
end