theory java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
text\<open>\\<^sub>i (Of l a r) = height l" begin
declare full auto up
definition empty :: "' "empty Leaf"
funjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.NullPointerException
(case inductive_cases full_elims
EQ" njava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 0
GT "isin (Node3 l a m b r) x = inductive_casesfull_Suc_elim" Sucn)"
LT
EQ \<Rightarrow> True |
full_Suc_elimfull tjava.lang.StringIndexOutOfBoundsException: Index 47 out of bounds for length 47
( elim intro) \<Rightarrow> isin m x |
Rightarrow
GT \<Rightarrow> isin r x))"( .introsbyautofull_elims:full)
java.lang.StringIndexOutOfBoundsException: Index 8 out of bounds for length 0
java.lang.NullPointerException "\<^sub>i (Eq\<^sub>i t) = t" | "\<^sub>i (Oflar =java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 0
fun b autoSuc pmq)\<longleftrightarrow> full n l \<and> full n m \<and> full n r"( elim "ins x Leaf = Of Leaf x Leaf"byinduct , )
( =
(casejava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Range [9, 8) out of bounds for length 22
ll"t (\n. full n t)"
Eq\<^sub>i l' => Eq\<^sub>i (Node2 l' a r) |
Of full_imp_complete
GT \<Rightarrow>
(case ins x r of
Eq
Of <open>The \<^const>\<open>insert\<close> function either preserves the height of the\<^term>\<open>Of l p r\<close> indicates an increase in height.\<close>java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
form
(
LT \<Rightarrow>full \<open>The \<^const>\<open>insert\<close> operation preserves completeance.\<close>
( complete_iff_full
Eqerule
(: .)(:<ub
EQ
GT introjava.lang.StringIndexOutOfBoundsException: Index 31 out of bounds for length 31
( (druled(java.lang.StringIndexOutOfBoundsException: Index 39 out of bounds for length 39 \<Rightarrow>
rjava.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29 \^>ir >
Of<
( l a 'rule: .
LT\Rightarrowjava.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
(case
Eq\<^sub>i m' => Eq\<^sub>i (Node3 l a m' b r) |
java.lang.StringIndexOutOfBoundsException: Index 68 out of bounds for length 68
hide_const\<lbrakk> complete (tree\<^sub>d l'); complete m; complete r; h\<^sub>d l' = height r; height m = height r \<rbrakk><complete
definition insert <>complete (tree\<^sub>d (node33 l a m b r'))" "java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 0 by l mbrrule datatypejava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
fun tree\<^sub>d :: "'a up\<^sub>d \<Rightarrow> 'a tree23" where "byinductl amb'rule.induct "tree\<^sub>d (Uf t) = t"
(* Variation: return None to signal no-change *)rule
fun<d_node31 "node21 (Eq\<^sub>d t1) a t2 = Eq\<^sub>d(Node2 t1 a t2)" | "node21 (Uf t1) a: .)() "node21 (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
fun node22 : " '_node31: "node22 (Node2 "height m > 0 \java.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63 "node22 (Node3 t1 heightr> \ h\<^sub>d(node32 l a m b r) =
funnode31 br :induct: java.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63 "" m max)(java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
Eq "node31 (Uf t1) a (Node3java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
:"atree23 "node32 t1 a (Eq\<^sub>d t2) b t3 = Eq\<^sub>d(Node3 t1 a t2 b t3)" | "node32 t1 max (heightl java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 "node33 t1 a t2 b (Eq\<^sub>d t3) = Eq\<^sub>d(Node3 t1 a t2 b t3)" |
( t : x java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
node33heights prod)
fun byinduct "t \ h\<^sub>d(del x t) = height t" "(autosimp: heights split prod) " (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
split_min am =let x'=split_min in(x,ode31 m r"
textjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0 in which caseby t arbitraryrule
fun auto:heights split. "java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
Node2
(ifjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
q
x then Leaf
elsesubsection "del x (Node2 l a r) =
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
emptyandjava.lang.StringIndexOutOfBoundsException: Range [35, 32) out of bounds for length 75
EQ " x ( l a m )=
(case cmp x a of
LT inorder and complete \<Rightarrow> let (a',m') = split_min m in node32 l a' m' b r |
GTjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
(casecmp x
LTjava.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
EQ
case)
definition
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
subsection "Functional Correctness"
subsubsection "Proofs for isin"
lemma isin_set: "sorted(qed(imp add: empty_def)+ by (induction
subsubsectionjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
lemma inorder_ins: "sorted(inorder t) \ inorder(tree\<^sub>i(ins x t)) = ins_list x (inorder t)" by(induction t) (auto simp: ins_list_simps split: up\<^sub>i.splits)
lemma inorder_insert: "sorted(inorder t) \ inorder(insert a t) = ins_list a (inorder t)" by(simp add: insert_def inorder_ins)
subsubsection "Proofs for delete"
lemma inorder_node21: "height r > 0 \
inorder (tree\<^sub>d (node21 l' a r)) = inorder (tree\<^sub>d l') @ a # inorder r" by(induct l' a r rule: node21.induct) auto
lemma inorder_node22: "height l > 0 \
inorder (tree\<^sub>d (node22 l a r')) = inorder l @ a # inorder (tree\<^sub>d r')" by(induct l a r' rule: node22.induct) auto
lemma inorder_node31: "height m > 0 \
inorder (tree\<^sub>d (node31 l' a m b r)) = inorder (tree\<^sub>d l') @ a # inorder m @ b # inorder r" by(induct l' a m b r rule: node31.induct) auto
lemma inorder_node32: "height r > 0 \
inorder (tree\<^sub>d (node32 l a m' b r)) = inorder l @ a # inorder (tree\<^sub>d m') @ b # inorder r" by(induct l a m' b r rule: node32.induct) auto
lemma inorder_node33: "height m > 0 \
inorder (tree\<^sub>d (node33 l a m b r')) = inorder l @ a # inorder m @ b # inorder (tree\<^sub>d r')" by(induct l a m b r' rule: node33.induct) auto
lemma split_minD: "split_min t = (x,t') \ complete t \ height t > 0 \
x # inorder(tree\<^sub>d t') = inorder t" by(induction t arbitrary: t' rule: split_min.induct)
(auto simp: inorder_nodes split: prod.splits)
lemma inorder_del: "\ complete t ; sorted(inorder t) \ \
inorder(tree\<^sub>d (del x t)) = del_list x (inorder t)" by(induction t rule: del.induct)
(auto simp: del_list_simps inorder_nodes split_minD split!: if_split prod.splits)
lemma inorder_delete: "\ complete t ; sorted(inorder t) \ \
inorder(delete x t) = del_list x (inorder t)" by(simp add: delete_def inorder_del)
subsection \<open>Completeness\<close>
subsubsection "Proofs for insert"
text\<open>First a standard proof that \<^const>\<open>ins\<close> preserves \<^const>\<open>complete\<close>.\<close>
fun h\<^sub>i :: "'a up\<^sub>i \<Rightarrow> nat" where "h\<^sub>i (Eq\<^sub>i t) = height t" | "h\<^sub>i (Of l a r) = height l"
lemma complete_ins: "complete t \ complete (tree\<^sub>i(ins a t)) \ h\<^sub>i(ins a t) = height t" by (induct t) (auto split!: if_split up\<^sub>i.split) (* 15 secs in 2015 *)
text\<open>Now an alternative proof (by Brian Huffman) that runs faster because
two properties (completeness and height) are combined in one predicate.\<close>
inductive full :: "nat \ 'a tree23 \ bool" where "full 0 Leaf" | "\full n l; full n r\ \ full (Suc n) (Node2 l p r)" | "\full n l; full n m; full n r\ \ full (Suc n) (Node3 l p m q r)"
inductive_cases full_elims: "full n Leaf" "full n (Node2 l p r)" "full n (Node3 l p m q r)"
lemma full_0_iff [simp]: "full 0 t \ t = Leaf" by (auto elim: full_0_elim intro: full.intros)
lemma full_Leaf_iff [simp]: "full n Leaf \ n = 0" by (auto elim: full_elims intro: full.intros)
lemma full_Suc_Node2_iff [simp]: "full (Suc n) (Node2 l p r) \ full n l \ full n r" by (auto elim: full_elims intro: full.intros)
lemma full_Suc_Node3_iff [simp]: "full (Suc n) (Node3 l p m q r) \ full n l \ full n m \ full n r" by (auto elim: full_elims intro: full.intros)
lemma full_imp_height: "full n t \ height t = n" by (induct set: full, simp_all)
lemma full_imp_complete: "full n t \ complete t" by (induct set: full, auto dest: full_imp_height)
lemma complete_imp_full: "complete t \ full (height t) t" by (induct t, simp_all)
lemma complete_iff_full: "complete t \ (\n. full n t)" by (auto elim!: complete_imp_full full_imp_complete)
text\<open>The \<^const>\<open>insert\<close> function either preserves the height of the
tree, or increases it by one. The constructor returned by the \<^term>\<open>insert\<close> function determines which: A return value of the form \<^term>\<open>Eq\<^sub>i t\<close> indicates that the height will be the same. A value of the
form \<^term>\<open>Of l p r\<close> indicates an increase in height.\<close>
fun full\<^sub>i :: "nat \<Rightarrow> 'a up\<^sub>i \<Rightarrow> bool" where "full\<^sub>i n (Eq\<^sub>i t) \ full n t" | "full\<^sub>i n (Of l p r) \ full n l \ full n r"
lemma full\<^sub>i_ins: "full n t \<Longrightarrow> full\<^sub>i n (ins a t)" by (induct rule: full.induct) (auto split: up\<^sub>i.split)
fun h\<^sub>d :: "'a up\<^sub>d \<Rightarrow> nat" where "h\<^sub>d (Eq\<^sub>d t) = height t" | "h\<^sub>d (Uf t) = height t + 1"
lemma complete_tree\<^sub>d_node21: "\complete r; complete (tree\<^sub>d l'); height r = h\<^sub>d l' \ \ complete (tree\<^sub>d (node21 l' a r))" by(induct l' a r rule: node21.induct) auto
lemma complete_tree\<^sub>d_node22: "\complete(tree\<^sub>d r'); complete l; h\<^sub>d r' = height l \ \ complete (tree\<^sub>d (node22 l a r'))" by(induct l a r' rule: node22.induct) auto
lemma complete_tree\<^sub>d_node31:
"\<lbrakk> complete (tree\<^sub>d l'); complete m; complete r; h\<^sub>d l' = height r; height m = height r \<rbrakk> \<Longrightarrow> complete (tree\<^sub>d (node31 l' a m b r))" by(induct l' a m b r rule: node31.induct) auto
lemma complete_tree\<^sub>d_node32: "\ complete l; complete (tree\<^sub>d m'); complete r; height l = height r; h\<^sub>d m' = height r \ \<Longrightarrow> complete (tree\<^sub>d (node32 l a m' b r))" by(induct l a m' b r rule: node32.induct) auto
lemma complete_tree\<^sub>d_node33: "\ complete l; complete m; complete(tree\<^sub>d r'); height l = h\<^sub>d r'; height m = h\<^sub>d r' \ \<Longrightarrow> complete (tree\<^sub>d (node33 l a m b r'))" by(induct l a m b r' rule: node33.induct) auto
lemma height'_node21: "height r > 0 \ h\<^sub>d(node21 l' a r) = max (h\<^sub>d l') (height r) + 1" by(induct l' a r rule: node21.induct)(simp_all)
lemma height'_node22: "height l > 0 \ h\<^sub>d(node22 l a r') = max (height l) (h\<^sub>d r') + 1" by(induct l a r' rule: node22.induct)(simp_all)
lemma height'_node31: "height m > 0 \ h\<^sub>d(node31 l a m b r) =
max (h\<^sub>d l) (max (height m) (height r)) + 1" by(induct l a m b r rule: node31.induct)(simp_all add: max_def)
lemma height'_node32: "height r > 0 \ h\<^sub>d(node32 l a m b r) =
max (height l) (max (h\<^sub>d m) (height r)) + 1" by(induct l a m b r rule: node32.induct)(simp_all add: max_def)
lemma height'_node33: "height m > 0 \ h\<^sub>d(node33 l a m b r) =
max (height l) (max (height m) (h\<^sub>d r)) + 1" by(induct l a m b r rule: node33.induct)(simp_all add: max_def)
lemma height_split_min: "split_min t = (x, t') \ height t > 0 \ complete t \ h\<^sub>d t' = height t" by(induct t arbitrary: x t' rule: split_min.induct)
(auto simp: heights split: prod.splits)
lemma height_del: "complete t \ h\<^sub>d(del x t) = height t" by(induction x t rule: del.induct)
(auto simp: heights max_def height_split_min split: prod.splits)
lemma complete_split_min: "\ split_min t = (x, t'); complete t; height t > 0 \ \ complete (tree\<^sub>d t')" by(induct t arbitrary: x t' rule: split_min.induct)
(auto simp: heights height_split_min completes split: prod.splits)
lemma complete_tree\<^sub>d_del: "complete t \<Longrightarrow> complete(tree\<^sub>d(del x t))" by(induction x t rule: del.induct)
(auto simp: completes complete_split_min height_del height_split_min split: prod.splits)
corollary complete_delete: "complete t \ complete(delete x t)" by(simp add: delete_def complete_tree\<^sub>d_del)
subsection \<open>Overall Correctness\<close>
interpretation S: Set_by_Ordered where empty = empty and isin = isin and insert = insert and delete = delete and inorder = inorder and inv = complete proof (standard, goal_cases) case 2 thus ?caseby(simp add: isin_set) next case 3 thus ?caseby(simp add: inorder_insert) next case 4 thus ?caseby(simp add: inorder_delete) next case 6 thus ?caseby(simp add: complete_insert) next case 7 thus ?caseby(simp add: complete_delete) qed (simp add: empty_def)+
end
¤ Dauer der Verarbeitung: 0.30 Sekunden
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
