theory RTreeimports "~~/src/HOL/Library/Transitive_Closure_Table" beginsection {* A theory of relational trees *}inductive_cases path_nilE [elim!]: "rtrancl_path r x [] y"inductive_cases path_consE [elim!]: "rtrancl_path r x (z#zs) y"subsection {* Definitions *}text {* In this theory, we are going to give a notion of of `Relational Graph` and its derived notion `Relational Tree`. Given a binary relation @{text "r"}, the `Relational Graph of @{text "r"}` is the graph, the edges of which are those in @{text "r"}. In this way, any binary relation can be viewed as a `Relational Graph`. Note, this notion of graph includes infinite graphs. A `Relation Graph` @{text "r"} is said to be a `Relational Tree` if it is both {\em single valued} and {\em acyclic}. *}locale forest = fixes r assumes sgv: "single_valued r" assumes acl: "acyclic r"text {* The following two auxiliary functions @{text "rel_of"} and @{text "pred_of"} transfer between the predicate and set representation of binary relations.*}definition "rel_of r = {(x, y) | x y. r x y}"definition "pred_of r = (\<lambda> x y. (x, y) \<in> r)"text {* To reason about {\em Relational Graph}, a notion of path is needed, which is given by the following @{text "rpath"} (short for `relational path`). The path @{text "xs"} in proposition @{text "rpath r x xs y"} is a path leading from @{text "x"} to @{text "y"}, which serves as a witness of the fact @{text "(x, y) \<in> r^*"}. @{text "rpath"} is simply a wrapper of the @{text "rtrancl_path"} defined in the imported theory @{text "Transitive_Closure_Table"}, which defines a notion of path for the predicate form of binary relations. *}definition "rpath r x xs y = rtrancl_path (pred_of r) x xs y"text {* Given a path @{text "ps"}, @{text "edges_on ps"} is the set of edges along the path, which is defined as follows: *}definition "edges_on ps = {(a,b) | a b. \<exists> xs ys. ps = xs@[a,b]@ys}"text {* The following @{text "indep"} defines a notion of independence. Two nodes @{text "x"} and @{text "y"} are said to be independent (expressed as @{text "indep x y"}), if neither one is reachable from the other in relational graph @{text "r"}. *}definition "indep r x y = (((x, y) \<notin> r^*) \<and> ((y, x) \<notin> r^*))"text {* In relational tree @{text "r"}, the sub tree of node @{text "x"} is written @{text "subtree r x"}, which is defined to be the set of nodes (including itself) which can reach @{text "x"} by following some path in @{text "r"}: *}definition "subtree r x = {y . (y, x) \<in> r^*}"definition "ancestors r x = {y. (x, y) \<in> r^+}"(* tmp *)definition "nancestors r x \<equiv> ancestors r x \<union> {x}"lemma nancestors_def2: "nancestors r x \<equiv> {y. (x, y) \<in> r\<^sup>*}"unfolding nancestors_defapply(auto)by (smt Collect_cong ancestors_def insert_compr mem_Collect_eq rtrancl_eq_or_trancl)lemma nancestors2: "y \<in> ancestors r x \<Longrightarrow> y \<in> nancestors r x"apply(auto simp add: nancestors_def)donelemma nancestors3: "\<lbrakk>y \<in> nancestors r x; x \<noteq> y\<rbrakk> \<Longrightarrow> y \<in> ancestors r x"apply(auto simp add: nancestors_def)done(* end tmp *)definition "root r x = (ancestors r x = {})"lemma root_indep: assumes "root r x" and "root r y" and "y \<noteq> x" shows "indep r x y"proof - { assume "(x, y) \<in> r^*" hence False using assms by (unfold root_def ancestors_def, auto dest:tranclD rtranclD) } moreover { assume "(y, x) \<in> r^*" hence False using assms by (unfold root_def ancestors_def, auto dest:tranclD rtranclD) } ultimately show ?thesis by (auto simp:indep_def)qedtext {* The following @{text "edge_in r x"} is the set of edges contained in the sub-tree of @{text "x"}, with @{text "r"} as the underlying graph. *}definition "edges_in r x = {(a, b) | a b. (a, b) \<in> r \<and> b \<in> subtree r x}"text {* The following lemma @{text "edges_in_meaning"} shows the intuitive meaning of `an edge @{text "(a, b)"} is in the sub-tree of @{text "x"}`, i.e., both @{text "a"} and @{text "b"} are in the sub-tree. *}lemma edges_in_meaning: "edges_in r x = {(a, b) | a b. (a, b) \<in> r \<and> a \<in> subtree r x \<and> b \<in> subtree r x}" by (auto simp:edges_in_def subtree_def)text {* The following lemma shows the meaning of @{term "edges_in"} from the other side, which says: for the edge @{text "(a,b)"} to be outside of the sub-tree of @{text "x"}, it is sufficient to show that @{text "b"} is.*}lemma edges_in_refutation: assumes "b \<notin> subtree r x" shows "(a, b) \<notin> edges_in r x" using assms by (unfold edges_in_def subtree_def, auto)definition "children r x = {y. (y, x) \<in> r}"locale fforest = forest + assumes fb: "finite (children r x)" assumes wf: "wf r"beginlemma finite_children: "finite (children r x)" using fb by (cases "children r x = {}", auto simp:children_def)endsubsection {* Auxiliary lemmas *}lemma index_minimize: assumes "P (i::nat)" obtains j where "P j" and "\<forall> k < j. \<not> P k" using assms by (induct i rule:less_induct, auto)subsection {* Properties of Relational Graphs and Relational Trees *}subsubsection {* Properties of @{text "rel_of"} and @{text "pred_of"} *}text {* The following lemmas establish bijectivity of the two functions *}lemma pred_rel_eq: "pred_of (rel_of r) = r" by (auto simp:rel_of_def pred_of_def)lemma rel_pred_eq: "rel_of (pred_of r) = r" by (auto simp:rel_of_def pred_of_def)lemma rel_of_star: "rel_of (r^**) = (rel_of r)^*" by (unfold rel_of_def rtranclp_rtrancl_eq, auto)lemma pred_of_star: "pred_of (r^*) = (pred_of r)^**"proof - { fix x y have "pred_of (r^*) x y = (pred_of r)^** x y" by (unfold pred_of_def rtranclp_rtrancl_eq, auto) } thus ?thesis by autoqedlemma star_2_pstar: "(x, y) \<in> r^* = (pred_of (r^*)) x y" by (simp add: pred_of_def)subsubsection {* Properties of @{text "rpath"} *}text {* Induction rule for @{text "rpath"}: *}lemma rpath_induct [consumes 1, case_names rbase rstep, induct pred: rpath]: assumes "rpath r x1 x2 x3" and "\<And>x. P x [] x" and "\<And>x y ys z. (x, y) \<in> r \<Longrightarrow> rpath r y ys z \<Longrightarrow> P y ys z \<Longrightarrow> P x (y # ys) z" shows "P x1 x2 x3" using assms[unfolded rpath_def] by (induct, auto simp:pred_of_def rpath_def)lemma rpathE [elim]: assumes "rpath r x xs y" obtains (base) "y = x" "xs = []" | (step) z zs where "(x, z) \<in> r" "rpath r z zs y" "xs = z#zs" using assms by (induct, auto)text {* Introduction rule for empty path *}lemma rbaseI [intro!]: assumes "x = y" shows "rpath r x [] y" by (unfold rpath_def assms, rule Transitive_Closure_Table.rtrancl_path.base)text {* Introduction rule for non-empty path *}lemma rstepI [intro!]: assumes "(x, y) \<in> r" and "rpath r y ys z" shows "rpath r x (y#ys) z" proof(unfold rpath_def, rule Transitive_Closure_Table.rtrancl_path.step) from assms(1) show "pred_of r x y" by (auto simp:pred_of_def)next from assms(2) show "rtrancl_path (pred_of r) y ys z" by (auto simp:pred_of_def rpath_def)qedlemma rpath_stepI'[intro, simp]: assumes "rpath r x xs y" and "(y, z) \<in> r" shows "rpath r x (xs@[z]) z" using assms by (induct, auto)text {* Introduction rule for @{text "@"}-path *}lemma rpath_appendI [intro,simp]: assumes "rpath r x xs a" and "rpath r a ys y" shows "rpath r x (xs @ ys) y" using assms by (unfold rpath_def, auto intro:rtrancl_path_trans)text {* Elimination rule for empty path *}lemma rpath_cases [cases pred:rpath,elim]: assumes "rpath r a1 a2 a3" obtains (rbase) "a1 = a3" and "a2 = []" | (rstep) y :: "'a" and ys :: "'a list" where "(a1, y) \<in> r" and "a2 = y # ys" and "rpath r y ys a3" using assms [unfolded rpath_def] by (cases, auto simp:rpath_def pred_of_def)lemma rpath_nilE [elim!, cases pred:rpath]: assumes "rpath r x [] y" obtains "y = x" using assms[unfolded rpath_def] by autotext {* Elimination rule for non-empty paths constructed with @{text "#"}.*}lemma rpath_ConsE [elim!, cases pred:rpath]: assumes "rpath r x (y # ys) x2" obtains (rstep) "(x, y) \<in> r" and "rpath r y ys x2" using assms[unfolded rpath_def] by (cases, auto simp:rpath_def pred_of_def)text {* Elimination rule for non-empty path, where the destination node @{text "y"} is shown to be at the end of the path.*}lemma rpath_nnl_lastE [elim]: assumes "rpath r x xs y" and "xs \<noteq> []" obtains xs' where "xs = xs'@[y]" using assmsproof(induct) case (rstep x y ys z) thus ?case by (cases ys, auto)qed autotext {* Other elimination rules of @{text "rpath"} *}lemma rpath_appendE [elim]: assumes "rpath r x (xs @ [a] @ ys) y" obtains "rpath r x (xs @ [a]) a" and "rpath r a ys y" using rtrancl_path_appendE[OF assms[unfolded rpath_def, simplified], folded rpath_def] by autolemma rpath_subE [elim]: assumes "rpath r x (xs @ [a] @ ys @ [b] @ zs) y" obtains "rpath r x (xs @ [a]) a" and "rpath r a (ys @ [b]) b" and "rpath r b zs y" using assms by (elim rpath_appendE, auto)text {* Every path has a unique end point. *}lemma rpath_dest_eq [simp]: assumes "rpath r x xs x1" and "rpath r x xs x2" shows "x1 = x2" using assms by (induct, auto)lemma rpath_dest_eq_simp[simp]: assumes "rpath r x xs1 x1" and "rpath r x xs2 x2" and "xs1 = xs2" shows "x1 = x2" using assms by (induct, auto)subsubsection {* Properites of @{text "edges_on"} *}lemma edge_on_headI[simp, intro]: assumes "(a, b) = (a', b')" shows "(a, b) \<in> edges_on (a' # b' # xs)" using assms by (unfold edges_on_def, auto)lemma edges_on_ConsI[intro]: assumes "(a, b) \<in> edges_on xs" shows "(a, b) \<in> edges_on (x#xs)" using assms apply (unfold edges_on_def, auto) by (meson Cons_eq_appendI)lemma edges_on_appendI1[intro]: assumes "(a, b) \<in> edges_on xs" shows "(a, b) \<in> edges_on (xs'@xs)" using assms apply (unfold edges_on_def, auto simp:append_assoc) by (metis append_assoc)lemma edges_on_appendI2[intro]: assumes "(a, b) \<in> edges_on xs" shows "(a, b) \<in> edges_on (xs@xs')" using assms apply (unfold edges_on_def, auto) by metislemma edges_onE [elim]: assumes "(a, b) \<in> edges_on xs" obtains a' b' xs' where "(a,b) = (a', b')" "xs = a'#b'#xs'" | a' b' xs' where "(a,b) \<noteq> (a', b')" "xs = a'#b'#xs'" "(a,b) \<in> edges_on (b'#xs')"proof(cases xs) case Nil with assms show ?thesis by (unfold edges_on_def, auto)next case cs1: (Cons a' xsa) show ?thesis proof(cases xsa) case Nil with cs1 and assms show ?thesis by (unfold edges_on_def, auto) next case (Cons b' xsb) show ?thesis proof(cases "(a,b) = (a', b')") case True with cs1 Cons show ?thesis using that by metis next case False from assms[unfolded cs1 Cons edges_on_def] obtain xs1 ys1 where "a' # b' # xsb = xs1 @ [a, b] @ ys1" by auto moreover with False obtain c xsc where "xs1 = Cons c xsc" by (cases xs1, auto) ultimately have h: "b' # xsb = xsc @ [a, b] @ ys1" by auto show ?thesis apply (rule that(2)[OF False], insert cs1 Cons, simp) using h by auto qed qedqedlemma edges_on_nil [simp]: "edges_on [] = {}" by autolemma edges_on_single [simp]: "edges_on [a] = {}" by autolemma edges_on_unfold [simp]: "edges_on (a # b # xs) = {(a, b)} \<union> edges_on (b # xs)" (is "?L = ?R")by (auto)lemma edges_on_len: assumes "x \<in> edges_on l" shows "2 \<le> length l" using assms by (cases x, auto)text {* Elimination of @{text "edges_on"} for non-empty path *}lemma edges_on_consE [elim!, cases set:edges_on]: assumes "(a,b) \<in> edges_on (x#xs)" obtains (head) xs' where "x = a" and "xs = b#xs'" | (tail) "(a,b) \<in> edges_on xs" using assms by autotext {* Every edges on the path is a graph edges:*}lemma rpath_edges_on [intro]: assumes "rpath r x xs y" shows "edges_on (x#xs) \<subseteq> r" using assms by (induct arbitrary:y, auto)text {* @{text "edges_on"} is mono with respect to @{text "#"}-operation: *}lemma edges_on_Cons_mono [intro,simp]: shows "edges_on xs \<subseteq> edges_on (x#xs)" by autolemma edges_on_append_mono [intro,simp]: shows "edges_on xs \<subseteq> edges_on (xs'@xs)" by autolemma edges_on_append_mono' [intro,simp]: shows "edges_on xs \<subseteq> edges_on (xs@xs')" by autotext {* The following rule @{text "rpath_transfer"} is used to show that one path is intact as long as all the edges on it are intact with the change of graph. If @{text "x#xs"} is path in graph @{text "r1"} and every edges along the path is also in @{text "r2"}, then @{text "x#xs"} is also a edge in graph @{text "r2"}:*}lemma rpath_transfer[intro]: assumes "rpath r1 x xs y" and "edges_on (x#xs) \<subseteq> r2" shows "rpath r2 x xs y" using assms by (induct, auto)lemma edges_on_rpathI[intro, simp]: assumes "edges_on (a#xs@[b]) \<subseteq> r" shows "rpath r a (xs@[b]) b" using assms by (induct xs arbitrary: a b, auto) lemma list_nnl_appendE [elim]: assumes "xs \<noteq> []" obtains x xs' where "xs = xs'@[x]" by (insert assms, rule rev_exhaust, fastforce)lemma edges_on_rpathI' [intro]: assumes "edges_on (a#xs) \<subseteq> r" and "xs \<noteq> []" and "last xs = b" shows "rpath r a xs b"proof - obtain xs' where "xs = xs'@[b]" using assms by fastforce with assms show ?thesis by fastforceqedtext {* The following lemma extracts the path from @{text "x"} to @{text "y"} from proposition @{text "(x, y) \<in> r^*"}*}lemma star_rpath [elim]: assumes "(x, y) \<in> r^*" obtains xs where "rpath r x xs y" using assms by (induct, auto)text {* The following lemma uses the path @{text "xs"} from @{text "x"} to @{text "y"} as a witness to show @{text "(x, y) \<in> r^*"}.*}lemma rpath_star [simp]: assumes "rpath r x xs y" shows "(x, y) \<in> r^*"proof - from iffD2[OF rtranclp_eq_rtrancl_path] and assms[unfolded rpath_def] have "(pred_of r)\<^sup>*\<^sup>* x y" by metis thus ?thesis by (simp add: pred_of_star star_2_pstar)qed declare rpath_star[elim_format]lemma rpath_transfer' [intro]: assumes "rpath r1 x xs y" and "r1 \<subseteq> r2" shows "rpath r2 x xs y" using assms by (induct, auto)lemma subtree_transfer[intro]: assumes "a \<in> subtree r1 a'" and "r1 \<subseteq> r2" shows "a \<in> subtree r2 a'" using assms proof - from assms(1) obtain xs where h1: "rpath r1 a xs a'" by (auto simp:subtree_def) show ?thesis proof - from rpath_star[OF h1] have "(a, a') \<in> r1\<^sup>*" . with assms(2) have "(a, a') \<in> r2\<^sup>*" using rtrancl_mono subsetCE by blast thus ?thesis by (auto simp:subtree_def) qedqed text {* @{text "subtree"} is mono with respect to the underlying graph.*}lemma subtree_mono[intro]: assumes "r1 \<subseteq> r2" shows "subtree r1 x \<subseteq> subtree r2 x" using assms by autolemma subtree_rev_transfer[intro]: assumes "a \<notin> subtree r2 a'" and "r1 \<subseteq> r2" shows "a \<notin> subtree r1 a'" using assms and subtree_transfer by metistext {* The following lemmas establishes a relation from paths in @{text "r"} to @{text "r^+"} relation.*}lemma rpath_plus[simp]: assumes "rpath r x xs y" and "xs \<noteq> []" shows "(x, y) \<in> r^+" using assms by (induct, simp) fastforcelemma plus_rpath [elim]: assumes "(x, y) \<in> r^+" obtains xs where "rpath r x xs y" and "xs \<noteq> []"proof - from assms have "\<exists> xs. rpath r x xs y \<and> xs \<noteq> []" by (induct; auto) with that show ?thesis by metisqedsubsubsection {* Properties of @{text "subtree"} and @{term "ancestors"}*}lemma ancestors_subtreeI [intro, dest]: assumes "b \<in> ancestors r a" shows "a \<in> subtree r b" using assms by (auto simp:subtree_def ancestors_def)lemma ancestors_Field[elim]: assumes "b \<in> ancestors r a" obtains "a \<in> Domain r" "b \<in> Range r" using assms apply (unfold ancestors_def, simp) by (metis Domain.DomainI Range.intros trancl_domain trancl_range)lemma subtreeE [elim]: assumes "a \<in> subtree r b" obtains "a = b" | "a \<noteq> b" and "b \<in> ancestors r a"proof - from assms have "(a, b) \<in> r^*" by (auto simp:subtree_def) from rtranclD[OF this] have " a = b \<or> a \<noteq> b \<and> (a, b) \<in> r\<^sup>+" . with that[unfolded ancestors_def] show ?thesis by autoqedlemma subtree_Field [simp, iff]: "subtree r x \<subseteq> Field r \<union> {x}"proof fix y assume "y \<in> subtree r x" thus "y \<in> Field r \<union> {x}" proof(cases rule:subtreeE) case 1 thus ?thesis by auto next case 2 thus ?thesis by (unfold Field_def, fast) qedqedlemma subtree_ancestorsI: assumes "a \<in> subtree r b" and "a \<noteq> b" shows "b \<in> ancestors r a" using assms by autotext {* The following lemma characterizes the change of sub-tree of @{text "x"} with the removal of an outside edge @{text "(a,b)"}. Note that, according to lemma @{thm edges_in_refutation}, the assumption @{term "b \<notin> subtree r x"} amounts to saying @{text "(a, b)"} is outside the sub-tree of @{text "x"}.*}lemma subtree_del_outside [simp,intro]: (* ddd *) assumes "b \<notin> subtree r x" shows "subtree (r - {(a, b)}) x = (subtree r x)" (is "?L = ?R")proof - { fix c assume "c \<in> ?R" hence "(c, x) \<in> r^*" by (auto simp:subtree_def) hence "c \<in> ?L" proof(rule star_rpath) fix xs assume rp: "rpath r c xs x" show ?thesis proof - from rp have "rpath (r - {(a, b)}) c xs x" proof(rule rpath_transfer) from rp have "edges_on (c # xs) \<subseteq> r" .. moreover have "(a, b) \<notin> edges_on (c#xs)" proof assume "(a, b) \<in> edges_on (c # xs)" then obtain l1 l2 where h: "c#xs = l1@[a,b]@l2" by (auto simp:edges_on_def) hence "tl (c#xs) = tl (l1@[a,b]@l2)" by simp then obtain l1' where eq_xs_b: "xs = l1'@[b]@l2" by (cases l1, auto) from rp[unfolded this] show False by (rule rpath_appendE, insert assms(1), auto simp:subtree_def) qed ultimately show "edges_on (c # xs) \<subseteq> (r - {(a, b)})" by (auto) qed thus ?thesis by (auto simp:subtree_def) qed qed } moreover { fix c assume "c \<in> ?L" moreover have "... \<subseteq> (subtree r x)" by auto ultimately have "c \<in> ?R" by auto } ultimately show ?thesis by autoqed(* ddd *)lemma subset_del_subtree_outside [simp, intro]: (* ddd *) assumes "Range r' \<inter> subtree r x = {}" shows "subtree (r - r') x = (subtree r x)" proof - { fix c assume "c \<in> (subtree r x)" hence "(c, x) \<in> r^*" by (auto simp:subtree_def) hence "c \<in> subtree (r - r') x" proof(rule star_rpath) fix xs assume rp: "rpath r c xs x" show ?thesis proof - from rp have "rpath (r - r') c xs x" proof(rule rpath_transfer) from rp have "edges_on (c # xs) \<subseteq> r" .. moreover { fix a b assume h: "(a, b) \<in> r'" have "(a, b) \<notin> edges_on (c#xs)" proof assume "(a, b) \<in> edges_on (c # xs)" then obtain l1 l2 where "c#xs = (l1@[a])@[b]@l2" by (auto simp:edges_on_def) hence "tl (c#xs) = tl (l1@[a,b]@l2)" by simp then obtain l1' where eq_xs_b: "xs = l1'@[b]@l2" by (cases l1, auto) from rp[unfolded this] show False proof(rule rpath_appendE) assume "rpath r b l2 x" from rpath_star[OF this] have "b \<in> subtree r x" by (auto simp:subtree_def) with assms (1) and h show ?thesis by (auto) qed qed } ultimately show "edges_on (c # xs) \<subseteq> (r - r')" by (auto) qed thus ?thesis by (rule rpath_star[elim_format], auto simp:subtree_def) qed qed } moreover { fix c assume "c \<in> subtree (r - r') x" moreover have "... \<subseteq> (subtree r x)" by (rule subtree_mono, auto) ultimately have "c \<in> (subtree r x)" by auto } ultimately show ?thesis by autoqedlemma subtree_insert_ext [simp, intro]: assumes "b \<in> subtree r x" shows "subtree (r \<union> {(a, b)}) x = (subtree r x) \<union> (subtree r a)" using assms by (auto simp:subtree_def rtrancl_insert)lemma subtree_insert_next [simp, intro]: assumes "b \<notin> subtree r x" shows "subtree (r \<union> {(a, b)}) x = (subtree r x)" using assms by (auto simp:subtree_def rtrancl_insert)lemma set_add_rootI[simp, intro]: assumes "root r a" and "a \<notin> Domain r1" shows "root (r \<union> r1) a" using assmsproof - let ?r = "r \<union> r1" { fix a' assume "a' \<in> ancestors ?r a" hence "(a, a') \<in> ?r^+" by (auto simp:ancestors_def) from tranclD[OF this] obtain z where "(a, z) \<in> ?r" by auto moreover have "(a, z) \<notin> r" proof assume "(a, z) \<in> r" with assms(1) show False by (auto simp:root_def ancestors_def) qed ultimately have "(a, z) \<in> r1" by auto with assms(2) have False by (auto) } thus ?thesis by (auto simp:root_def)qedlemma ancestors_mono [simp]: assumes "r1 \<subseteq> r2" shows "ancestors r1 x \<subseteq> ancestors r2 x"proof fix a assume "a \<in> ancestors r1 x" hence "(x, a) \<in> r1^+" by (auto simp:ancestors_def) from plus_rpath[OF this] obtain xs where h: "rpath r1 x xs a" "xs \<noteq> []" . have "rpath r2 x xs a" proof(rule rpath_transfer[OF h(1)]) from h(1) have "edges_on (x # xs) \<subseteq> r1" .. also note assms finally show "edges_on (x # xs) \<subseteq> r2" . qed from rpath_plus[OF this h(2)] show "a \<in> ancestors r2 x" by (auto simp:ancestors_def)qedlemma subtree_refute: assumes "x \<notin> ancestors r y" and "x \<noteq> y" shows "y \<notin> subtree r x"proof assume "y \<in> subtree r x" thus False by(elim subtreeE, insert assms, auto)qedsubsubsection {* Properties about relational trees *}context forest beginlemma ancestors_headE: assumes "c \<in> ancestors r a" assumes "(a, b) \<in> r" obtains "b = c" | "c \<in> ancestors r b"proof - from assms(1) have "(a, c) \<in> r^+" by (auto simp:ancestors_def) hence "b = c \<or> c \<in> ancestors r b" proof(cases rule:converse_tranclE[consumes 1]) case 1 with assms(2) and sgv have "b = c" by (auto simp:single_valued_def) thus ?thesis by auto next case (2 y) from 2(1) and assms(2) and sgv have "y = b" by (auto simp:single_valued_def) from 2(2)[unfolded this] have "c \<in> ancestors r b" by (auto simp:ancestors_def) thus ?thesis by auto qed with that show ?thesis by metisqedlemma ancestors_accum: assumes "(a, b) \<in> r" shows "ancestors r a = ancestors r b \<union> {b}"proof - { fix c assume "c \<in> ancestors r a" hence "(a, c) \<in> r^+" by (auto simp:ancestors_def) hence "c \<in> ancestors r b \<union> {b}" proof(cases rule:converse_tranclE[consumes 1]) case 1 with sgv assms have "c = b" by (unfold single_valued_def, auto) thus ?thesis by auto next case (2 c') with sgv assms have "c' = b" by (unfold single_valued_def, auto) from 2(2)[unfolded this] show ?thesis by (auto simp:ancestors_def) qed } moreover { fix c assume "c \<in> ancestors r b \<union> {b}" hence "c = b \<or> c \<in> ancestors r b" by auto hence "c \<in> ancestors r a" proof assume "c = b" from assms[folded this] show ?thesis by (auto simp:ancestors_def) next assume "c \<in> ancestors r b" with assms show ?thesis by (auto simp:ancestors_def) qed } ultimately show ?thesis by autoqedlemma rootI [intro]: assumes h: "\<And> x'. x' \<noteq> x \<Longrightarrow> x \<notin> subtree r' x'" and "r' \<subseteq> r" shows "root r' x"proof - from acyclic_subset[OF acl assms(2)] have acl': "acyclic r'" . { fix x' assume "x' \<in> ancestors r' x" hence h1: "(x, x') \<in> r'^+" by (auto simp:ancestors_def) have "x' \<noteq> x" proof assume eq_x: "x' = x" from h1[unfolded this] and acl' show False by (auto simp:acyclic_def) qed moreover from h1 have "x \<in> subtree r' x'" by (auto simp:subtree_def) ultimately have False using h by auto } thus ?thesis by (auto simp:root_def)qedlemma rpath_overlap_oneside [elim]: (* ddd *) assumes "rpath r x xs1 x1" and "rpath r x xs2 x2" and "length xs1 \<le> length xs2" obtains xs3 where "xs2 = xs1 @ xs3"proof(cases "xs1 = []") case True with that show ?thesis by autonext case False have "\<forall> i \<le> length xs1. take i xs1 = take i xs2" proof - { assume "\<not> (\<forall> i \<le> length xs1. take i xs1 = take i xs2)" then obtain i where "i \<le> length xs1 \<and> take i xs1 \<noteq> take i xs2" by auto from this(1) have "False" proof(rule index_minimize) fix j assume h1: "j \<le> length xs1 \<and> take j xs1 \<noteq> take j xs2" and h2: " \<forall>k<j. \<not> (k \<le> length xs1 \<and> take k xs1 \<noteq> take k xs2)" -- {* @{text "j - 1"} is the branch point between @{text "xs1"} and @{text "xs2"} *} let ?idx = "j - 1" -- {* A number of inequalities concerning @{text "j - 1"} are derived first *} have lt_i: "?idx < length xs1" using False h1 by (metis Suc_diff_1 le_neq_implies_less length_greater_0_conv lessI less_imp_diff_less) have lt_i': "?idx < length xs2" using lt_i and assms(3) by auto have lt_j: "?idx < j" using h1 by (cases j, auto) -- {* From thesis inequalities, a number of equations concerning @{text "xs1"} and @{text "xs2"} are derived *} have eq_take: "take ?idx xs1 = take ?idx xs2" using h2[rule_format, OF lt_j] and h1 by linarith have eq_xs1: " xs1 = take ?idx xs1 @ xs1 ! (?idx) # drop (Suc (?idx)) xs1" using id_take_nth_drop[OF lt_i] . have eq_xs2: "xs2 = take ?idx xs2 @ xs2 ! (?idx) # drop (Suc (?idx)) xs2" using id_take_nth_drop[OF lt_i'] . -- {* The branch point along the path is finally pinpointed *} have neq_idx: "xs1!?idx \<noteq> xs2!?idx" proof - have "take j xs1 = take ?idx xs1 @ [xs1 ! ?idx]" using eq_xs1 Suc_diff_1 lt_i lt_j take_Suc_conv_app_nth by fastforce moreover have eq_tk2: "take j xs2 = take ?idx xs2 @ [xs2 ! ?idx]" using Suc_diff_1 lt_i' lt_j take_Suc_conv_app_nth by fastforce ultimately show ?thesis using eq_take h1 by auto qed show ?thesis proof(cases " take (j - 1) xs1 = []") case True have "(x, xs1!?idx) \<in> r" proof - from eq_xs1[unfolded True, simplified, symmetric] assms(1) have "rpath r x ( xs1 ! ?idx # drop (Suc ?idx) xs1) x1" by simp from this[unfolded rpath_def] show ?thesis by (auto simp:pred_of_def) qed moreover have "(x, xs2!?idx) \<in> r" proof - from eq_xs2[folded eq_take, unfolded True, simplified, symmetric] assms(2) have "rpath r x ( xs2 ! ?idx # drop (Suc ?idx) xs2) x2" by simp from this[unfolded rpath_def] show ?thesis by (auto simp:pred_of_def) qed ultimately show ?thesis using neq_idx sgv[unfolded single_valued_def] by metis next case False then obtain e es where eq_es: "take ?idx xs1 = es@[e]" by fast have "(e, xs1!?idx) \<in> r" proof - from eq_xs1[unfolded eq_es] have "xs1 = es@[e, xs1!?idx]@drop (Suc ?idx) xs1" by simp hence "(e, xs1!?idx) \<in> edges_on xs1" by (simp add:edges_on_def, metis) with rpath_edges_on[OF assms(1)] edges_on_Cons_mono[of xs1 x] show ?thesis by (auto) qed moreover have "(e, xs2!?idx) \<in> r" proof - from eq_xs2[folded eq_take, unfolded eq_es] have "xs2 = es@[e, xs2!?idx]@drop (Suc ?idx) xs2" by simp hence "(e, xs2!?idx) \<in> edges_on xs2" by (simp add:edges_on_def, metis) with rpath_edges_on[OF assms(2)] edges_on_Cons_mono[of xs2 x] show ?thesis by (auto) qed ultimately show ?thesis using sgv[unfolded single_valued_def] neq_idx by metis qed qed } thus ?thesis by auto qed from this[rule_format, of "length xs1"] have "take (length xs1) xs1 = take (length xs1) xs2" by simp moreover have "xs2 = take (length xs1) xs2 @ drop (length xs1) xs2" by simp ultimately have "xs2 = xs1 @ drop (length xs1) xs2" by auto from that[OF this] show ?thesis .qedlemma rpath_overlap_oneside': assumes "rpath r x xs1 x1" and "rpath r x xs2 x2" and "length xs1 \<le> length xs2" obtains xs3 where "xs2 = xs1 @ xs3" "rpath r x xs1 x1" "rpath r x1 xs3 x2"proof - from rpath_overlap_oneside[OF assms] obtain xs3 where eq_xs: "xs2 = xs1 @ xs3" by auto show ?thesis proof(cases "xs1 = []") case True from rpath_nilE[OF assms(1)[unfolded this]] have eq_x1: "x1 = x" . have "xs2 = xs3" using True eq_xs by simp from that[OF eq_xs assms(1) assms(2)[folded eq_x1, unfolded this]] show ?thesis . next case False from rpath_nnl_lastE[OF assms(1) False] obtain xs' where eq_xs1: "xs1 = xs'@[x1]" by auto from assms(2)[unfolded eq_xs this] have "rpath r x (xs' @ [x1] @ xs3) x2" by simp from rpath_appendE[OF this] have "rpath r x (xs' @ [x1]) x1" "rpath r x1 xs3 x2" by auto from that [OF eq_xs this(1)[folded eq_xs1] this(2)] show ?thesis . qedqedlemma rpath_overlap [consumes 2, cases pred:rpath]: assumes "rpath r x xs1 x1" and "rpath r x xs2 x2" obtains (less_1) xs3 where "xs2 = xs1 @ xs3" | (less_2) xs3 where "xs1 = xs2 @ xs3"proof - have "length xs1 \<le> length xs2 \<or> length xs2 \<le> length xs1" by auto with assms rpath_overlap_oneside that show ?thesis by metisqedlemma rpath_overlap' [consumes 2, cases pred:rpath]: assumes "rpath r x xs1 x1" and "rpath r x xs2 x2" obtains (less_1) xs3 where "xs2 = xs1 @ xs3" "rpath r x xs1 x1" "rpath r x1 xs3 x2" | (less_2) xs3 where "xs1 = xs2 @ xs3" "rpath r x xs2 x2" "rpath r x2 xs3 x1"proof - have "length xs1 \<le> length xs2 \<or> length xs2 \<le> length xs1" by auto with assms rpath_overlap_oneside' that show ?thesis by metisqedtext {* As a corollary of @{thm "rpath_overlap_oneside"}, the following two lemmas gives one important property of relation tree, i.e. there is at most one path between any two nodes. Similar to the proof of @{thm rpath_overlap}, we starts with the one side version first.*}lemma rpath_unique_oneside: assumes "rpath r x xs1 y" and "rpath r x xs2 y" and "length xs1 \<le> length xs2" shows "xs1 = xs2"proof - from rpath_overlap_oneside[OF assms] obtain xs3 where less_1: "xs2 = xs1 @ xs3" by blast show ?thesis proof(cases "xs3 = []") case True from less_1[unfolded this] show ?thesis by simp next case False note FalseH = this show ?thesis proof(cases "xs1 = []") case True have "(x, x) \<in> r^+" proof(rule rpath_plus) from assms(1)[unfolded True] have "y = x" by (cases rule:rpath_nilE, simp) from assms(2)[unfolded this] show "rpath r x xs2 x" . next from less_1 and False show "xs2 \<noteq> []" by simp qed with acl show ?thesis by (unfold acyclic_def, auto) next case False then obtain e es where eq_xs1: "xs1 = es@[e]" by fast from assms(2)[unfolded less_1 this] have "rpath r x (es @ [e] @ xs3) y" by simp thus ?thesis proof(cases rule:rpath_appendE) case 1 from rpath_dest_eq [OF 1(1)[folded eq_xs1] assms(1)] have "e = y" . from rpath_plus [OF 1(2)[unfolded this] FalseH] have "(y, y) \<in> r^+" . with acl show ?thesis by (unfold acyclic_def, auto) qed qed qedqedtext {* The following is the full version of path uniqueness.*}lemma rpath_unique: assumes "rpath r x xs1 y" and "rpath r x xs2 y" shows "xs1 = xs2"proof(cases "length xs1 \<le> length xs2") case True from rpath_unique_oneside[OF assms this] show ?thesis .next case False hence "length xs2 \<le> length xs1" by simp from rpath_unique_oneside[OF assms(2,1) this] show ?thesis by simpqedtext {* The following lemma shows that the `independence` relation is symmetric. It is an obvious auxiliary lemma which will be used later. *}lemma sym_indep: "indep r x y \<Longrightarrow> indep r y x" by (unfold indep_def, auto)text {* This is another `obvious` lemma about trees, which says trees rooted at independent nodes are disjoint.*}lemma subtree_disjoint: assumes "indep r x y" shows "subtree r x \<inter> subtree r y = {}"proof - { fix z x y xs1 xs2 xs3 assume ind: "indep r x y" and rp1: "rpath r z xs1 x" and rp2: "rpath r z xs2 y" and h: "xs2 = xs1 @ xs3" have False proof(cases "xs1 = []") case True from rp1[unfolded this] have "x = z" by auto from rp2[folded this] rpath_star ind[unfolded indep_def] show ?thesis by metis next case False then obtain e es where eq_xs1: "xs1 = es@[e]" by fast from rp2[unfolded h this] have "rpath r z (es @ [e] @ xs3) y" by simp thus ?thesis proof(cases rule:rpath_appendE) case 1 have "e = x" using 1(1)[folded eq_xs1] rp1 rpath_dest_eq by metis from rpath_star[OF 1(2)[unfolded this]] ind[unfolded indep_def] show ?thesis by auto qed qed } note my_rule = this { fix z assume h: "z \<in> subtree r x" "z \<in> subtree r y" from h(1) have "(z, x) \<in> r^*" by (unfold subtree_def, auto) then obtain xs1 where rp1: "rpath r z xs1 x" using star_rpath by metis from h(2) have "(z, y) \<in> r^*" by (unfold subtree_def, auto) then obtain xs2 where rp2: "rpath r z xs2 y" using star_rpath by metis from rp1 rp2 have False by (cases, insert my_rule[OF sym_indep[OF assms(1)] rp2 rp1] my_rule[OF assms(1) rp1 rp2], auto) } thus ?thesis by autoqedlemma root_unique: assumes "x \<in> subtree r y" and "x \<in> subtree r z" and "root r y" and "root r z" shows "y = z" proof - { assume "y \<noteq> z" from root_indep[OF assms(4,3) this] have "indep r z y" . from subtree_disjoint[OF this] and assms have False by auto } thus ?thesis by autoqedtext {* The following lemma @{text "subtree_del"} characterizes the change of sub-tree of @{text "x"} with the removal of an inside edge @{text "(a, b)"}. Note that, the case for the removal of an outside edge has already been dealt with in lemma @{text "subtree_del_outside"}). This lemma is underpinned by the following two `obvious` facts: \begin{enumearte} \item In graph @{text "r"}, for an inside edge @{text "(a,b) \<in> edges_in r x"}, every node @{text "c"} in the sub-tree of @{text "a"} has a path which goes first from @{text "c"} to @{text "a"}, then through edge @{text "(a, b)"}, and finally reaches @{text "x"}. By the uniqueness of path in a tree, all paths from sub-tree of @{text "a"} to @{text "x"} are such constructed, therefore must go through @{text "(a, b)"}. The consequence is: with the removal of @{text "(a,b)"}, all such paths will be broken. \item On the other hand, all paths not originate from within the sub-tree of @{text "a"} will not be affected by the removal of edge @{text "(a, b)"}. The reason is simple: if the path is affected by the removal, it must contain @{text "(a, b)"}, then it must originate from within the sub-tree of @{text "a"}. \end{enumearte}*}lemma subtree_del_inside: (* ddd *) assumes "(a,b) \<in> edges_in r x" shows "subtree (r - {(a, b)}) x = (subtree r x) - subtree r a"proof - from assms have asm: "b \<in> subtree r x" "(a, b) \<in> r" by (auto simp:edges_in_def) -- {* The proof follows a common pattern to prove the equality of sets. *} { -- {* The `left to right` direction. *} fix c -- {* Assuming @{text "c"} is inside the sub-tree of @{text "x"} in the reduced graph *} assume h: "c \<in> subtree (r - {(a, b)}) x" -- {* We are going to show that @{text "c"} can not be in the sub-tree of @{text "a"} in the original graph. *} -- {* In other words, all nodes inside the sub-tree of @{text "a"} in the original graph will be removed from the sub-tree of @{text "x"} in the reduced graph. *} -- {* The reason, as analyzed before, is that all paths from within the sub-tree of @{text "a"} are broken with the removal of edge @{text "(a,b)"}. *} have "c \<in> (subtree r x) - subtree r a" proof - let ?r' = "r - {(a, b)}" -- {* The reduced graph is abbreviated as @{text "?r'"} *} from h have "(c, x) \<in> ?r'^*" by (auto simp:subtree_def) -- {* Extract from the reduced graph the path @{text "xs"} from @{text "c"} to @{text "x"}. *} then obtain xs where rp0: "rpath ?r' c xs x" by (rule star_rpath, auto) -- {* It is easy to show @{text "xs"} is also a path in the original graph *} hence rp1: "rpath r c xs x" using rpath_edges_on[OF rp0] by auto -- {* @{text "xs"} is used as the witness to show that @{text "c"} in the sub-tree of @{text "x"} in the original graph. *} hence "c \<in> subtree r x" by (rule rpath_star[elim_format], auto simp:subtree_def) -- {* The next step is to show that @{text "c"} can not be in the sub-tree of @{text "a"} in the original graph. *} -- {* We need to use the fact that all paths originate from within sub-tree of @{text "a"} are broken. *} moreover have "c \<notin> subtree r a" proof -- {* Proof by contradiction, suppose otherwise *} assume otherwise: "c \<in> subtree r a" -- {* Then there is a path in original graph leading from @{text "c"} to @{text "a"} *} obtain xs1 where rp_c: "rpath r c xs1 a" proof - from otherwise have "(c, a) \<in> r^*" by (auto simp:subtree_def) thus ?thesis by (rule star_rpath, auto intro!:that) qed -- {* Starting from this path, we are going to construct a fictional path from @{text "c"} to @{text "x"}, which, as explained before, is broken, so that contradiction can be derived. *} -- {* First, there is a path from @{text "b"} to @{text "x"} *} obtain ys where rp_b: "rpath r b ys x" proof - from asm have "(b, x) \<in> r^*" by (auto simp:subtree_def) thus ?thesis by (rule star_rpath, auto intro!:that) qed -- {* The paths @{text "xs1"} and @{text "ys"} can be tied together using @{text "(a,b)"} to form a path from @{text "c"} to @{text "x"}: *} have "rpath r c (xs1 @ b # ys) x" proof - from rstepI[OF asm(2) rp_b] have "rpath r a (b # ys) x" . from rpath_appendI[OF rp_c this] show ?thesis . qed -- {* By the uniqueness of path between two nodes of a tree, we have: *} from rpath_unique[OF rp1 this] have eq_xs: "xs = xs1 @ b # ys" . -- {* Contradiction can be derived from from this fictional path . *} show False proof - -- {* It can be shown that @{term "(a,b)"} is on this fictional path. *} have "(a, b) \<in> edges_on (c#xs)" proof(cases "xs1 = []") case True from rp_c[unfolded this] have "rpath r c [] a" . hence eq_c: "c = a" by fast hence "c#xs = a#xs" by simp from this and eq_xs have "c#xs = a # xs1 @ b # ys" by simp from this[unfolded True] have "c#xs = []@[a,b]@ys" by simp thus ?thesis by (auto simp:edges_on_def) next case False from rpath_nnl_lastE[OF rp_c this] obtain xs' where "xs1 = xs'@[a]" by auto from eq_xs[unfolded this] have "c#xs = (c#xs')@[a,b]@ys" by simp thus ?thesis by (unfold edges_on_def, blast) qed -- {* It can also be shown that @{term "(a,b)"} is not on this fictional path. *} moreover have "(a, b) \<notin> edges_on (c#xs)" using rpath_edges_on[OF rp0] by (auto) -- {* Contradiction is thus derived. *} ultimately show False by auto qed qed ultimately show ?thesis by auto qed } moreover { -- {* The `right to left` direction. *} fix c -- {* Assuming that @{text "c"} is in the sub-tree of @{text "x"}, but outside of the sub-tree of @{text "a"} in the original graph, *} assume h: "c \<in> (subtree r x) - subtree r a" -- {* we need to show that in the reduced graph, @{text "c"} is still in the sub-tree of @{text "x"}. *} have "c \<in> subtree (r - {(a, b)}) x" proof - -- {* The proof goes by showing that the path from @{text "c"} to @{text "x"} in the original graph is not affected by the removal of @{text "(a,b)"}. *} from h have "(c, x) \<in> r^*" by (unfold subtree_def, auto) -- {* Extract the path @{text "xs"} from @{text "c"} to @{text "x"} in the original graph. *} from star_rpath[OF this] obtain xs where rp: "rpath r c xs x" by auto -- {* Show that it is also a path in the reduced graph. *} hence "rpath (r - {(a, b)}) c xs x" -- {* The proof goes by using rule @{thm rpath_transfer} *} proof(rule rpath_transfer) -- {* We need to show all edges on the path are still in the reduced graph. *} show "edges_on (c # xs) \<subseteq> r - {(a, b)}" proof - -- {* It is easy to show that all the edges are in the original graph. *} from rpath_edges_on [OF rp] have " edges_on (c # xs) \<subseteq> r" . -- {* The essential part is to show that @{text "(a, b)"} is not on the path. *} moreover have "(a,b) \<notin> edges_on (c#xs)" proof -- {* Proof by contradiction, suppose otherwise: *} assume otherwise: "(a, b) \<in> edges_on (c#xs)" -- {* Then @{text "(a, b)"} is in the middle of the path. with @{text "l1"} and @{text "l2"} be the nodes in the front and rear respectively. *} then obtain l1 l2 where eq_xs: "c#xs = l1 @ [a, b] @ l2" by (unfold edges_on_def, blast) -- {* From this, it can be shown that @{text "c"} is in the sub-tree of @{text "a"} *} have "c \<in> subtree r a" proof(cases "l1 = []") case True -- {* If @{text "l1"} is null, it can be derived that @{text "c = a"}. *} with eq_xs have "c = a" by auto -- {* So, @{text "c"} is obviously in the sub-tree of @{text "a"}. *} thus ?thesis by (unfold subtree_def, auto) next case False -- {* When @{text "l1"} is not null, it must have a tail @{text "es"}: *} then obtain e es where "l1 = e#es" by (cases l1, auto) -- {* The relation of this tail with @{text "xs"} is derived: *} with eq_xs have "xs = es@[a,b]@l2" by auto -- {* From this, a path from @{text "c"} to @{text "a"} is made visible: *} from rp[unfolded this] have "rpath r c (es @ [a] @ (b#l2)) x" by simp thus ?thesis proof(cases rule:rpath_appendE) -- {* The path from @{text "c"} to @{text "a"} is extraced using @{thm "rpath_appendE"}: *} case 1 from rpath_star[OF this(1)] -- {* The extracted path servers as a witness that @{text "c"} is in the sub-tree of @{text "a"}: *} show ?thesis by (simp add:subtree_def) qed qed with h show False by auto qed ultimately show ?thesis by auto qed qed -- {* From , it is shown that @{text "c"} is in the sub-tree of @{text "x"} inthe reduced graph. *} from rpath_star[OF this] show ?thesis by (auto simp:subtree_def) qed } -- {* The equality of sets is derived from the two directions just proved. *} ultimately show ?thesis by blastqed lemma set_del_rootI: assumes "r1 \<subseteq> r" and "a \<in> Domain r1" shows "root (r - r1) a"proof - let ?r = "r - r1" { fix a' assume neq: "a' \<noteq> a" have "a \<notin> subtree ?r a'" proof assume "a \<in> subtree ?r a'" hence "(a, a') \<in> ?r^*" by (auto simp:subtree_def) from star_rpath[OF this] obtain xs where rp: "rpath ?r a xs a'" by auto from rpathE[OF this] and neq obtain z zs where h: "(a, z) \<in> ?r" "rpath ?r z zs a'" "xs = z#zs" by auto from assms(2) obtain z' where z'_in: "(a, z') \<in> r1" by (auto simp:DomainE) with assms(1) have "(a, z') \<in> r" by auto moreover from h(1) have "(a, z) \<in> r" by simp ultimately have "z' = z" using sgv by (auto simp:single_valued_def) from z'_in[unfolded this] and h(1) show False by auto qed } thus ?thesis by (intro rootI, auto)qedlemma edge_del_no_rootI: assumes "(a, b) \<in> r" shows "root (r - {(a, b)}) a" by (rule set_del_rootI, insert assms, auto)lemma ancestors_children_unique: assumes "z1 \<in> ancestors r x \<inter> children r y" and "z2 \<in> ancestors r x \<inter> children r y" shows "z1 = z2"proof - from assms have h: "(x, z1) \<in> r^+" "(z1, y) \<in> r" "(x, z2) \<in> r^+" "(z2, y) \<in> r" by (auto simp:ancestors_def children_def) -- {* From this, a path containing @{text "z1"} is obtained. *} from plus_rpath[OF h(1)] obtain xs1 where h1: "rpath r x xs1 z1" "xs1 \<noteq> []" by auto from rpath_nnl_lastE[OF this] obtain xs1' where eq_xs1: "xs1 = xs1' @ [z1]" by auto from h(2) have h2: "rpath r z1 [y] y" by auto from rpath_appendI[OF h1(1) h2, unfolded eq_xs1] have rp1: "rpath r x (xs1' @ [z1, y]) y" by simp -- {* Then, another path containing @{text "z2"} is obtained. *} from plus_rpath[OF h(3)] obtain xs2 where h3: "rpath r x xs2 z2" "xs2 \<noteq> []" by auto from rpath_nnl_lastE[OF this] obtain xs2' where eq_xs2: "xs2 = xs2' @ [z2]" by auto from h(4) have h4: "rpath r z2 [y] y" by auto from rpath_appendI[OF h3(1) h4, unfolded eq_xs2] have "rpath r x (xs2' @ [z2, y]) y" by simp -- {* Finally @{text "z1 = z2"} is proved by uniqueness of path. *} from rpath_unique[OF rp1 this] have "xs1' @ [z1, y] = xs2' @ [z2, y]" . thus ?thesis by autoqedlemma ancestors_childrenE: assumes "y \<in> ancestors r x" obtains "x \<in> children r y" | z where "z \<in> ancestors r x \<inter> children r y"proof - from assms(1) have "(x, y) \<in> r^+" by (auto simp:ancestors_def) from tranclD2[OF this] obtain z where h: "(x, z) \<in> r\<^sup>*" "(z, y) \<in> r" by auto from h(1) show ?thesis proof(cases rule:rtranclE) case base from h(2)[folded this] have "x \<in> children r y" by (auto simp:children_def) thus ?thesis by (intro that, auto) next case (step u) hence "z \<in> ancestors r x" by (auto simp:ancestors_def) moreover from h(2) have "z \<in> children r y" by (auto simp:children_def) ultimately show ?thesis by (intro that, auto) qedqedend (* of forest *)lemma subtree_trancl: "subtree r x = {x} \<union> {y. (y, x) \<in> r^+}" (is "?L = ?R")proof - { fix z assume "z \<in> ?L" hence "z \<in> ?R" proof(cases rule:subtreeE) case 2 thus ?thesis by (unfold ancestors_def, auto) qed auto } moreover { fix z assume "z \<in> ?R" hence "z \<in> ?L" by (unfold subtree_def, auto) } ultimately show ?thesis by autoqedlemma ancestor_children_subtreeI [intro]: "x \<in> ancestors r z \<Longrightarrow> z \<in> \<Union>(subtree r ` children r x)" by (unfold ancestors_def children_def, auto simp:subtree_def dest:tranclD2)lemma [iff]: "x \<in> subtree r x" by (auto simp:subtree_def)lemma [intro]: "xa \<in> children r x \<Longrightarrow> z \<in> subtree r xa \<Longrightarrow> z \<in> subtree r x" by (unfold children_def subtree_def, auto)lemma subtree_children: "subtree r x = ({x} \<union> (\<Union> (subtree r ` (children r x))))" (is "?L = ?R") by fastcontext fforestbeginlemma finite_subtree: shows "finite (subtree r x)"proof(induct rule:wf_induct[OF wf]) case (1 x) have "finite (\<Union>(subtree r ` children r x))" proof(rule finite_Union) show "finite (subtree r ` children r x)" proof(cases "children r x = {}") case True thus ?thesis by auto next case False hence "x \<in> Range r" by (auto simp:children_def) from fb have "finite (children r x)" . thus ?thesis by (rule finite_imageI) qed next fix M assume "M \<in> subtree r ` children r x" then obtain y where h: "y \<in> children r x" "M = subtree r y" by auto hence "(y, x) \<in> r" by (auto simp:children_def) from 1[rule_format, OF this, folded h(2)] show "finite M" . qed thus ?case by (unfold subtree_children finite_Un, auto)qedenddefinition "pairself f = (\<lambda>(a, b). (f a, f b))"definition "rel_map f r = (pairself f ` r)"lemma rel_mapE: assumes "(a, b) \<in> rel_map f r" obtains c d where "(c, d) \<in> r" "(a, b) = (f c, f d)" using assms by (unfold rel_map_def pairself_def, auto)lemma rel_mapI: assumes "(a, b) \<in> r" and "c = f a" and "d = f b" shows "(c, d) \<in> rel_map f r" using assms by (unfold rel_map_def pairself_def, auto)lemma map_appendE: assumes "map f zs = xs @ ys" obtains xs' ys' where "zs = xs' @ ys'" "xs = map f xs'" "ys = map f ys'"proof - have "\<exists> xs' ys'. zs = xs' @ ys' \<and> xs = map f xs' \<and> ys = map f ys'" using assms proof(induct xs arbitrary:zs ys) case (Nil zs ys) thus ?case by auto next case (Cons x xs zs ys) note h = this show ?case proof(cases zs) case (Cons e es) with h have eq_x: "map f es = xs @ ys" "x = f e" by auto from h(1)[OF this(1)] obtain xs' ys' where "es = xs' @ ys'" "xs = map f xs'" "ys = map f ys'" by blast with Cons eq_x have "zs = (e#xs') @ ys' \<and> x # xs = map f (e#xs') \<and> ys = map f ys'" by auto thus ?thesis by metis qed (insert h, auto) qed thus ?thesis by (auto intro!:that)qedlemma rel_map_mono: assumes "r1 \<subseteq> r2" shows "rel_map f r1 \<subseteq> rel_map f r2" using assms by (auto simp:rel_map_def pairself_def)lemma rel_map_compose [simp]: shows "rel_map f1 (rel_map f2 r) = rel_map (f1 o f2) r" by (auto simp:rel_map_def pairself_def)lemma edges_on_map: "edges_on (map f xs) = rel_map f (edges_on xs)"proof - { fix a b assume "(a, b) \<in> edges_on (map f xs)" then obtain l1 l2 where eq_map: "map f xs = l1 @ [a, b] @ l2" by (unfold edges_on_def, auto) hence "(a, b) \<in> rel_map f (edges_on xs)" by (auto elim!:map_appendE intro!:rel_mapI simp:edges_on_def) } moreover { fix a b assume "(a, b) \<in> rel_map f (edges_on xs)" then obtain c d where h: "(c, d) \<in> edges_on xs" "(a, b) = (f c, f d)" by (elim rel_mapE, auto) then obtain l1 l2 where eq_xs: "xs = l1 @ [c, d] @ l2" by (auto simp:edges_on_def) hence eq_map: "map f xs = map f l1 @ [f c, f d] @ map f l2" by auto have "(a, b) \<in> edges_on (map f xs)" proof - from h(2) have "[f c, f d] = [a, b]" by simp from eq_map[unfolded this] show ?thesis by (auto simp:edges_on_def) qed } ultimately show ?thesis by autoqedlemma image_id: assumes "\<And> x. x \<in> A \<Longrightarrow> f x = x" shows "f ` A = A" using assms by (auto simp:image_def)lemma rel_map_inv_id: assumes "inj_on f ((Domain r) \<union> (Range r))" shows "(rel_map (inv_into ((Domain r) \<union> (Range r)) f \<circ> f) r) = r"proof - let ?f = "(inv_into (Domain r \<union> Range r) f \<circ> f)" { fix a b assume h0: "(a, b) \<in> r" have "pairself ?f (a, b) = (a, b)" proof - from assms h0 have "?f a = a" by (auto intro:inv_into_f_f) moreover have "?f b = b" by (insert h0, simp, intro inv_into_f_f[OF assms], auto intro!:RangeI) ultimately show ?thesis by (auto simp:pairself_def) qed } thus ?thesis by (unfold rel_map_def, intro image_id, case_tac x, auto)qed lemma rel_map_acyclic: assumes "acyclic r" and "inj_on f ((Domain r) \<union> (Range r))" shows "acyclic (rel_map f r)"proof - let ?D = "Domain r \<union> Range r" { fix a assume "(a, a) \<in> (rel_map f r)^+" from plus_rpath[OF this] obtain xs where rp: "rpath (rel_map f r) a xs a" "xs \<noteq> []" by auto from rpath_nnl_lastE[OF this] obtain xs' where eq_xs: "xs = xs'@[a]" by auto from rpath_edges_on[OF rp(1)] have h: "edges_on (a # xs) \<subseteq> rel_map f r" . from edges_on_map[of "inv_into ?D f" "a#xs"] have "edges_on (map (inv_into ?D f) (a # xs)) = rel_map (inv_into ?D f) (edges_on (a # xs))" . with rel_map_mono[OF h, of "inv_into ?D f"] have "edges_on (map (inv_into ?D f) (a # xs)) \<subseteq> rel_map ((inv_into ?D f) o f) r" by simp from this[unfolded eq_xs] have subr: "edges_on (map (inv_into ?D f) (a # xs' @ [a])) \<subseteq> rel_map (inv_into ?D f \<circ> f) r" . have "(map (inv_into ?D f) (a # xs' @ [a])) = (inv_into ?D f a) # map (inv_into ?D f) xs' @ [inv_into ?D f a]" by simp from edges_on_rpathI[OF subr[unfolded this]] have "rpath (rel_map (inv_into ?D f \<circ> f) r) (inv_into ?D f a) (map (inv_into ?D f) xs' @ [inv_into ?D f a]) (inv_into ?D f a)" . hence "(inv_into ?D f a, inv_into ?D f a) \<in> (rel_map (inv_into ?D f \<circ> f) r)^+" by (rule rpath_plus, simp) moreover have "(rel_map (inv_into ?D f \<circ> f) r) = r" by (rule rel_map_inv_id[OF assms(2)]) moreover note assms(1) ultimately have False by (unfold acyclic_def, auto) } thus ?thesis by (auto simp:acyclic_def)qedlemma compose_relpow_2 [intro, simp]: assumes "r1 \<subseteq> r" and "r2 \<subseteq> r" shows "r1 O r2 \<subseteq> r ^^ (2::nat)"proof - { fix a b assume "(a, b) \<in> r1 O r2" then obtain e where "(a, e) \<in> r1" "(e, b) \<in> r2" by auto with assms have "(a, e) \<in> r" "(e, b) \<in> r" by auto hence "(a, b) \<in> r ^^ (Suc (Suc 0))" by auto } thus ?thesis by (auto simp:numeral_2_eq_2)qedlemma relpow_mult: "((r::'a rel) ^^ m) ^^ n = r ^^ (m*n)"proof(induct n arbitrary:m) case (Suc k m) thus ?case proof - have h: "(m * k + m) = (m + m * k)" by auto show ?thesis apply (simp add:Suc relpow_add[symmetric]) by (unfold h, simp) qedqed simplemma acyclic_compose [intro, simp]: assumes "acyclic r" and "r1 \<subseteq> r" and "r2 \<subseteq> r" shows "acyclic (r1 O r2)"proof - { fix a assume "(a, a) \<in> (r1 O r2)^+" from trancl_mono[OF this compose_relpow_2[OF assms(2, 3)]] have "(a, a) \<in> (r ^^ 2) ^+" . from trancl_power[THEN iffD1, OF this] obtain n where h: "(a, a) \<in> (r ^^ 2) ^^ n" "n > 0" by blast from this(1)[unfolded relpow_mult] have h2: "(a, a) \<in> r ^^ (2 * n)" . have "(a, a) \<in> r^+" proof(cases rule:trancl_power[THEN iffD2]) from h(2) h2 show "\<exists>n>0. (a, a) \<in> r ^^ n" by (rule_tac x = "2*n" in exI, auto) qed with assms have "False" by (auto simp:acyclic_def) } thus ?thesis by (auto simp:acyclic_def)qedlemma children_compose_unfold: "children (r1 O r2) x = \<Union> (children r1 ` (children r2 x))" by (auto simp:children_def)lemma fbranch_compose [intro, simp]: assumes "\<forall> x \<in> Range r1 . finite (children r1 x)" and "\<forall> x \<in> Range r2 . finite (children r2 x)" shows "\<forall> x \<in> Range (r1 O r2) . finite (children (r1 O r2) x)"proof - { fix x assume "x\<in>Range (r1 O r2)" then obtain y z where h: "(y, z) \<in> r1" "(z, x) \<in> r2" by auto have "finite (children (r1 O r2) x)" proof(unfold children_compose_unfold, rule finite_Union) show "finite (children r1 ` children r2 x)" proof(rule finite_imageI) from h(2) have "x \<in> Range r2" by auto from assms(2)[unfolded fforest_def] this show "finite (children r2 x)" by auto qed next fix M assume "M \<in> children r1 ` children r2 x" then obtain y where h1: "y \<in> children r2 x" "M = children r1 y" by auto show "finite M" proof(cases "children r1 y = {}") case True with h1(2) show ?thesis by auto next case False hence "y \<in> Range r1" by (unfold children_def, auto) from assms(1)[unfolded fforest_def] this h1(2) show ?thesis by auto qed qed } thus ?thesis using assms by autoqedlemma fbranch_compose1 [intro, simp]: assumes "\<forall>x. finite (children r1 x)" and "\<forall>x. finite (children r2 x)" shows "\<forall>x. finite (children (r1 O r2) x)"by (metis (no_types, lifting) Collect_empty_eq Range.intros assms(1) assms(2) children_def fbranch_compose finite.emptyI)lemma finite_fbranchI [intro]: assumes "finite r" shows "\<forall> x \<in> Range r . finite (children r x)"proof - { fix x assume "x \<in>Range r" have "finite (children r x)" proof - have "{y. (y, x) \<in> r} \<subseteq> Domain r" by (auto) from rev_finite_subset[OF finite_Domain[OF assms] this] have "finite {y. (y, x) \<in> r}" . thus ?thesis by (unfold children_def, simp) qed } thus ?thesis by autoqedlemma finite_fbranchI1 [intro]: assumes "finite r" shows "\<forall> x . finite (children r x)" by (metis (no_types, lifting) Collect_empty_eq Range.intros assms children_def finite.emptyI finite_fbranchI)lemma subset_fbranchI [intro]: assumes "\<forall> x \<in> Range r1 . finite (children r1 x)" and "r2 \<subseteq> r1" shows "\<forall> x \<in> Range r2 . finite (children r2 x)"proof - { fix x assume "x \<in>Range r2" with assms(2) have "x \<in> Range r1" by auto from assms(1)[rule_format, OF this] have "finite (children r1 x)" . hence "finite (children r2 x)" proof(rule rev_finite_subset) from assms(2) show "children r2 x \<subseteq> children r1 x" by (auto simp:children_def) qed } thus ?thesis by autoqedlemma children_subtree [simp, intro]: shows "children r x \<subseteq> subtree r x" by (auto simp:children_def subtree_def)lemma children_union_kept [simp]: assumes "x \<notin> Range r'" shows "children (r \<union> r') x = children r x" using assms by (auto simp:children_def)lemma wf_rbase [elim]: assumes "wf r" obtains b where "(b, a) \<in> r^*" "\<forall> c. (c, b) \<notin> r"proof - from assms have "\<exists> b. (b, a) \<in> r^* \<and> (\<forall> c. (c, b) \<notin> r)" proof(induct) case (less x) thus ?case proof(cases "\<exists> z. (z, x) \<in> r") case False moreover have "(x, x) \<in> r^*" by auto ultimately show ?thesis by metis next case True then obtain z where h_z: "(z, x) \<in> r" by auto from less[OF this] obtain b where "(b, z) \<in> r^*" "(\<forall>c. (c, b) \<notin> r)" by auto moreover from this(1) h_z have "(b, x) \<in> r^*" by auto ultimately show ?thesis by metis qed qed with that show ?thesis by metisqedlemma wf_base [elim]: assumes "wf r" and "a \<in> Range r" obtains b where "(b, a) \<in> r^+" "\<forall> c. (c, b) \<notin> r"proof - from assms(2) obtain a' where h_a: "(a', a) \<in> r" by auto from wf_rbase[OF assms(1), of a] obtain b where h_b: "(b, a) \<in> r\<^sup>*" "\<forall>c. (c, b) \<notin> r" by auto from rtranclD[OF this(1)] have "b = a \<or> b \<noteq> a \<and> (b, a) \<in> r\<^sup>+" by auto moreover have "b \<noteq> a" using h_a h_b(2) by auto ultimately have "(b, a) \<in> r\<^sup>+" by auto with h_b(2) and that show ?thesis by metisqeddeclare RTree.subtree_transfer[rule del]declare RTree.subtreeE[rule del]declare RTree.ancestors_Field[rule del]declare RTree.star_rpath[rule del]declare RTree.plus_rpath[rule del]end