Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/Isabelle/HOL/Data_Structures/   (Beweissystem Isabelle Version 2025-1©)  Datei vom 16.11.2025 mit Größe 15 kB image not shown  

Quelle  Tree23_Set.thy   Sprache: Isabelle

 


 

theory java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

  java.lang.StringIndexOutOfBoundsException: Index 5 out of bounds for length 5
  text\<open>\\<^sub>i (Of l a r) = height l"
begin

declare  full  auto up

definition empty :: "'
"empty Leaf"

funjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.NullPointerException

  (case
inductive_cases full_elims
     EQ" njava.lang.StringIndexOutOfBoundsException: Index 9 out of bounds for length 0
     GT
"isin (Node3 l a m b r) x =
  inductive_casesfull_Suc_elim" Sucn)"
     LT
     EQ \<Rightarrow> True |
      full_Suc_elimfull tjava.lang.StringIndexOutOfBoundsException: Index 47 out of bounds for length 47
( elim intro)
           \<Rightarrow> isin m x |
 Rightarrow
          GT \<Rightarrow> isin r x))"(   .introsbyautofull_elims:full)

java.lang.StringIndexOutOfBoundsException: Index 8 out of bounds for length 0

java.lang.NullPointerException
"\<^sub>i (Eq\<^sub>i t) = t" |
"\<^sub>i (Oflar =java.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 0

fun b autoSuc pmq)\<longleftrightarrow> full n l \<and> full n m \<and> full n r"( elim
"ins x Leaf = Of Leaf x Leaf"  byinduct , )
( =
   (casejava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Range [9, 8) out of bounds for length 22
        ll"t (\n. full n t)"
           Eq\<^sub>i l' => Eq\<^sub>i (Node2 l' a r) |
Of  full_imp_complete
      
      GT \<Rightarrow>
        (case ins x r of
           Eq
           Of <open>The \<^const>\<open>insert\<close> function either preserves the height of the \<^term>\<open>Of l p r\<close> indicates an increase in height.\<close>java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
form
   (
      LT \<Rightarrow>full \<open>The \<^const>\<open>insert\<close> operation preserves completeance.\<close>
        ( complete_iff_full
           Eqerule
 (: .)(:<ub
      EQ
      GT introjava.lang.StringIndexOutOfBoundsException: Index 31 out of bounds for length 31
        ( (druled(java.lang.StringIndexOutOfBoundsException: Index 39 out of bounds for length 39
            \<Rightarrow>
              rjava.lang.StringIndexOutOfBoundsException: Index 29 out of bounds for length 29
                \^>ir >
                Of<
           ( l a 'rule: .

           LT\Rightarrowjava.lang.StringIndexOutOfBoundsException: Index 27 out of bounds for length 27
(case  
                Eq\<^sub>i m' => Eq\<^sub>i (Node3 l a m' b r) |
java.lang.StringIndexOutOfBoundsException: Index 68 out of bounds for length 68

hide_const\<lbrakk> complete (tree\<^sub>d l'); complete m; complete r; h\<^sub>d l' = height r; height m = height r \<rbrakk><complete

definition insert  <>complete (tree\<^sub>d (node33 l a m b r'))"
"java.lang.StringIndexOutOfBoundsException: Index 6 out of bounds for length 0
by l mbrrule
datatypejava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

fun tree\<^sub>d :: "'a up\<^sub>d \<Rightarrow> 'a tree23" where
"byinductl amb'rule.induct
"tree\<^sub>d (Uf t) = t"

(* Variation: return None to signal no-change *)rule

fun<d_node31
"node21 (Eq\<^sub>d t1) a t2 = Eq\<^sub>d(Node2 t1 a t2)" |
"node21 (Uf t1) a: .)()
"node21 (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

fun node22 :
" '_node31:
"node22 (Node2 "height m > 0 \java.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63
"node22 (Node3 t1 heightr> \ h\<^sub>d(node32 l a m b r) =

funnode31 br :induct: java.lang.StringIndexOutOfBoundsException: Index 63 out of bounds for length 63
"" m max)(java.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
 Eq
"node31 (Uf t1) a (Node3java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

 :"atree23
"node32 t1 a (Eq\<^sub>d t2) b t3 = Eq\<^sub>d(Node3 t1 a t2 b t3)" |
"node32 t1 max (heightl java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
"node33 t1 a t2 b (Eq\<^sub>d t3) = Eq\<^sub>d(Node3 t1 a t2 b t3)" |
( t : x java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
node33heights prod)

fun
byinduct "t \ h\<^sub>d(del x t) = height t"
"(autosimp: heights split prod)
" (java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
split_min am  =let x'=split_min in(x,ode31 m r"

textjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
in which caseby t arbitraryrule

fun  auto:heights split.
"java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
  Node2 
  (ifjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
java.lang.StringIndexOutOfBoundsException: Index 35 out of bounds for length 35
  q
      x  then Leaf
     elsesubsection
"del x (Node2 l a r) =
java.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0
 emptyandjava.lang.StringIndexOutOfBoundsException: Range [35, 32) out of bounds for length 75
      
     EQ
" x ( l a m )=
  (case cmp x a of
     LT inorder  and  complete
      \<Rightarrow> let (a',m') = split_min m in node32 l a' m' b r |
     GTjava.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4
       (casecmp x
LTjava.lang.StringIndexOutOfBoundsException: Index 53 out of bounds for length 53
          EQ
case)

definition
java.lang.StringIndexOutOfBoundsException: Index 4 out of bounds for length 4


subsection "Functional Correctness"

subsubsection "Proofs for isin"

lemma isin_set: "sorted(qed(imp add: empty_def)+
by (induction


subsubsectionjava.lang.StringIndexOutOfBoundsException: Index 0 out of bounds for length 0

lemma inorder_ins:
  "sorted(inorder t) \ inorder(tree\<^sub>i(ins x t)) = ins_list x (inorder t)"
by(induction t) (auto simp: ins_list_simps split: up\<^sub>i.splits)

lemma inorder_insert:
  "sorted(inorder t) \ inorder(insert a t) = ins_list a (inorder t)"
by(simp add: insert_def inorder_ins)


subsubsection "Proofs for delete"

lemma inorder_node21: "height r > 0 \
  inorder (tree\<^sub>d (node21 l' a r)) = inorder (tree\<^sub>d l') @ a # inorder r"
by(induct l' a r rule: node21.induct) auto

lemma inorder_node22: "height l > 0 \
  inorder (tree\<^sub>d (node22 l a r')) = inorder l @ a # inorder (tree\<^sub>d r')"
by(induct l a r' rule: node22.induct) auto

lemma inorder_node31: "height m > 0 \
  inorder (tree\<^sub>d (node31 l' a m b r)) = inorder (tree\<^sub>d l') @ a # inorder m @ b # inorder r"
by(induct l' a m b r rule: node31.induct) auto

lemma inorder_node32: "height r > 0 \
  inorder (tree\<^sub>d (node32 l a m' b r)) = inorder l @ a # inorder (tree\<^sub>d m') @ b # inorder r"
by(induct l a m' b r rule: node32.induct) auto

lemma inorder_node33: "height m > 0 \
  inorder (tree\<^sub>d (node33 l a m b r')) = inorder l @ a # inorder m @ b # inorder (tree\<^sub>d r')"
by(induct l a m b r' rule: node33.induct) auto

lemmas inorder_nodes = inorder_node21 inorder_node22
  inorder_node31 inorder_node32 inorder_node33

lemma split_minD:
  "split_min t = (x,t') \ complete t \ height t > 0 \
  x # inorder(tree\<^sub>d t') = inorder t"
by(induction t arbitrary: t' rule: split_min.induct)
  (auto simp: inorder_nodes split: prod.splits)

lemma inorder_del: "\ complete t ; sorted(inorder t) \ \
  inorder(tree\<^sub>d (del x t)) = del_list x (inorder t)"
by(induction t rule: del.induct)
  (auto simp: del_list_simps inorder_nodes split_minD split!: if_split prod.splits)

lemma inorder_delete: "\ complete t ; sorted(inorder t) \ \
  inorder(delete x t) = del_list x (inorder t)"
by(simp add: delete_def inorder_del)


subsection \<open>Completeness\<close>


subsubsection "Proofs for insert"

text\<open>First a standard proof that \<^const>\<open>ins\<close> preserves \<^const>\<open>complete\<close>.\<close>

fun h\<^sub>i :: "'a up\<^sub>i \<Rightarrow> nat" where
"h\<^sub>i (Eq\<^sub>i t) = height t" |
"h\<^sub>i (Of l a r) = height l"

lemma complete_ins: "complete t \ complete (tree\<^sub>i(ins a t)) \ h\<^sub>i(ins a t) = height t"
by (induct t) (auto split!: if_split up\<^sub>i.split) (* 15 secs in 2015 *)

text\<open>Now an alternative proof (by Brian Huffman) that runs faster because
two properties (completeness and height) are combined in one predicate.\<close>

inductive full :: "nat \ 'a tree23 \ bool" where
"full 0 Leaf" |
"\full n l; full n r\ \ full (Suc n) (Node2 l p r)" |
"\full n l; full n m; full n r\ \ full (Suc n) (Node3 l p m q r)"

inductive_cases full_elims:
  "full n Leaf"
  "full n (Node2 l p r)"
  "full n (Node3 l p m q r)"

inductive_cases full_0_elim: "full 0 t"
inductive_cases full_Suc_elim: "full (Suc n) t"

lemma full_0_iff [simp]: "full 0 t \ t = Leaf"
  by (auto elim: full_0_elim intro: full.intros)

lemma full_Leaf_iff [simp]: "full n Leaf \ n = 0"
  by (auto elim: full_elims intro: full.intros)

lemma full_Suc_Node2_iff [simp]:
  "full (Suc n) (Node2 l p r) \ full n l \ full n r"
  by (auto elim: full_elims intro: full.intros)

lemma full_Suc_Node3_iff [simp]:
  "full (Suc n) (Node3 l p m q r) \ full n l \ full n m \ full n r"
  by (auto elim: full_elims intro: full.intros)

lemma full_imp_height: "full n t \ height t = n"
  by (induct set: full, simp_all)

lemma full_imp_complete: "full n t \ complete t"
  by (induct set: full, auto dest: full_imp_height)

lemma complete_imp_full: "complete t \ full (height t) t"
  by (induct t, simp_all)

lemma complete_iff_full: "complete t \ (\n. full n t)"
  by (auto elim!: complete_imp_full full_imp_complete)

text \<open>The \<^const>\<open>insert\<close> function either preserves the height of the
tree, or increases it by one. The constructor returned by the \<^term>\<open>insert\<close> function determines which: A return value of the form \<^term>\<open>Eq\<^sub>i t\<close> indicates that the height will be the same. A value of the
form \<^term>\<open>Of l p r\<close> indicates an increase in height.\<close>

fun full\<^sub>i :: "nat \<Rightarrow> 'a up\<^sub>i \<Rightarrow> bool" where
"full\<^sub>i n (Eq\<^sub>i t) \ full n t" |
"full\<^sub>i n (Of l p r) \ full n l \ full n r"

lemma full\<^sub>i_ins: "full n t \<Longrightarrow> full\<^sub>i n (ins a t)"
by (induct rule: full.induct) (auto split: up\<^sub>i.split)

text \<open>The \<^const>\<open>insert\<close> operation preserves completeance.\<close>

lemma complete_insert: "complete t \ complete (insert a t)"
unfolding complete_iff_full insert_def
apply (erule exE)
apply (drule full\<^sub>i_ins [of _ _ a])
apply (cases "ins a t")
apply (auto intro: full.intros)
done


subsection "Proofs for delete"

fun h\<^sub>d :: "'a up\<^sub>d \<Rightarrow> nat" where
"h\<^sub>d (Eq\<^sub>d t) = height t" |
"h\<^sub>d (Uf t) = height t + 1"

lemma complete_tree\<^sub>d_node21:
  "\complete r; complete (tree\<^sub>d l'); height r = h\<^sub>d l' \ \ complete (tree\<^sub>d (node21 l' a r))"
by(induct l' a r rule: node21.induct) auto

lemma complete_tree\<^sub>d_node22:
  "\complete(tree\<^sub>d r'); complete l; h\<^sub>d r' = height l \ \ complete (tree\<^sub>d (node22 l a r'))"
by(induct l a r' rule: node22.induct) auto

lemma complete_tree\<^sub>d_node31:
  "\<lbrakk> complete (tree\<^sub>d l'); complete m; complete r; h\<^sub>d l' = height r; height m = height r \<rbrakk>
  \<Longrightarrow> complete (tree\<^sub>d (node31 l' a m b r))"
by(induct l' a m b r rule: node31.induct) auto

lemma complete_tree\<^sub>d_node32:
  "\ complete l; complete (tree\<^sub>d m'); complete r; height l = height r; h\<^sub>d m' = height r \
  \<Longrightarrow> complete (tree\<^sub>d (node32 l a m' b r))"
by(induct l a m' b r rule: node32.induct) auto

lemma complete_tree\<^sub>d_node33:
  "\ complete l; complete m; complete(tree\<^sub>d r'); height l = h\<^sub>d r'; height m = h\<^sub>d r' \
  \<Longrightarrow> complete (tree\<^sub>d (node33 l a m b r'))"
by(induct l a m b r' rule: node33.induct) auto

lemmas completes = complete_tree\<^sub>d_node21 complete_tree\<^sub>d_node22
  complete_tree\<^sub>d_node31 complete_tree\<^sub>d_node32 complete_tree\<^sub>d_node33

lemma height'_node21:
   "height r > 0 \ h\<^sub>d(node21 l' a r) = max (h\<^sub>d l') (height r) + 1"
by(induct l' a r rule: node21.induct)(simp_all)

lemma height'_node22:
   "height l > 0 \ h\<^sub>d(node22 l a r') = max (height l) (h\<^sub>d r') + 1"
by(induct l a r' rule: node22.induct)(simp_all)

lemma height'_node31:
  "height m > 0 \ h\<^sub>d(node31 l a m b r) =
   max (h\<^sub>d l) (max (height m) (height r)) + 1"
by(induct l a m b r rule: node31.induct)(simp_all add: max_def)

lemma height'_node32:
  "height r > 0 \ h\<^sub>d(node32 l a m b r) =
   max (height l) (max (h\<^sub>d m) (height r)) + 1"
by(induct l a m b r rule: node32.induct)(simp_all add: max_def)

lemma height'_node33:
  "height m > 0 \ h\<^sub>d(node33 l a m b r) =
   max (height l) (max (height m) (h\<^sub>d r)) + 1"
by(induct l a m b r rule: node33.induct)(simp_all add: max_def)

lemmas heights = height'_node21 height'_node22
  height'_node31 height'_node32 height'_node33

lemma height_split_min:
  "split_min t = (x, t') \ height t > 0 \ complete t \ h\<^sub>d t' = height t"
by(induct t arbitrary: x t' rule: split_min.induct)
  (auto simp: heights split: prod.splits)

lemma height_del: "complete t \ h\<^sub>d(del x t) = height t"
by(induction x t rule: del.induct)
  (auto simp: heights max_def height_split_min split: prod.splits)

lemma complete_split_min:
  "\ split_min t = (x, t'); complete t; height t > 0 \ \ complete (tree\<^sub>d t')"
by(induct t arbitrary: x t' rule: split_min.induct)
  (auto simp: heights height_split_min completes split: prod.splits)

lemma complete_tree\<^sub>d_del: "complete t \<Longrightarrow> complete(tree\<^sub>d(del x t))"
by(induction x t rule: del.induct)
  (auto simp: completes complete_split_min height_del height_split_min split: prod.splits)

corollary complete_delete: "complete t \ complete(delete x t)"
by(simp add: delete_def complete_tree\<^sub>d_del)


subsection \<open>Overall Correctness\<close>

interpretation S: Set_by_Ordered
where empty = empty and isin = isin and insert = insert and delete = delete
and inorder = inorder and inv = complete
proof (standard, goal_cases)
  case 2 thus ?case by(simp add: isin_set)
next
  case 3 thus ?case by(simp add: inorder_insert)
next
  case 4 thus ?case by(simp add: inorder_delete)
next
  case 6 thus ?case by(simp add: complete_insert)
next
  case 7 thus ?case by(simp add: complete_delete)
qed (simp add: empty_def)+

end

99%


¤ Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.0.42Bemerkung:  (vorverarbeitet)  ¤

*© Formatika GbR, Deutschland




Wurzel

Suchen

Beweissystem der NASA

Beweissystem Isabelle

NIST Cobol Testsuite

Cephes Mathematical Library

Wiener Entwicklungsmethode

Haftungshinweis

Die Informationen auf dieser Webseite wurden nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit, noch Qualität der bereit gestellten Informationen zugesichert.

Bemerkung:

Die farbliche Syntaxdarstellung ist noch experimentell.