diff -r ed938e2246b9 -r 0525670d8e6a RTree.thy~ --- a/RTree.thy~ Thu Jan 28 21:14:17 2016 +0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,1880 +0,0 @@ -theory RTree -imports "~~/src/HOL/Library/Transitive_Closure_Table" Max -begin - -section {* A theory of relational trees *} - -inductive_cases path_nilE [elim!]: "rtrancl_path r x [] y" -inductive_cases path_consE [elim!]: "rtrancl_path r x (z#zs) y" - -subsection {* Definitions *} - -text {* - In this theory, we are going to give a notion of of `Relational Graph` and - its derived notion `Relational Tree`. Given a binary relation @{text "r"}, - the `Relational Graph of @{text "r"}` is the graph, the edges of which - are those in @{text "r"}. In this way, any binary relation can be viewed - as a `Relational Graph`. Note, this notion of graph includes infinite graphs. - - A `Relation Graph` @{text "r"} is said to be a `Relational Tree` if it is both - {\em single valued} and {\em acyclic}. -*} - -text {* - The following @{text "sgv"} specifies that relation @{text "r"} is {\em single valued}. -*} -locale sgv = - fixes r - assumes sgv: "single_valued r" - -text {* - The following @{text "rtree"} specifies that @{text "r"} is a - {\em Relational Tree}. -*} -locale rtree = sgv + - assumes acl: "acyclic r" - -text {* - The following two auxiliary functions @{text "rel_of"} and @{text "pred_of"} - transfer between the predicate and set representation of binary relations. -*} - -definition "rel_of r = {(x, y) | x y. r x y}" - -definition "pred_of r = (\ x y. (x, y) \ r)" - -text {* - To reason about {\em Relational Graph}, a notion of path is - needed, which is given by the following @{text "rpath"} (short - for `relational path`). - The path @{text "xs"} in proposition @{text "rpath r x xs y"} is - a path leading from @{text "x"} to @{text "y"}, which serves as a - witness of the fact @{text "(x, y) \ r^*"}. - - @{text "rpath"} - is simply a wrapper of the @{text "rtrancl_path"} defined in the imported - theory @{text "Transitive_Closure_Table"}, which defines - a notion of path for the predicate form of binary relations. -*} -definition "rpath r x xs y = rtrancl_path (pred_of r) x xs y" - -text {* - Given a path @{text "ps"}, @{text "edges_on ps"} is the - set of edges along the path, which is defined as follows: -*} - -definition "edges_on ps = {(a,b) | a b. \ xs ys. ps = xs@[a,b]@ys}" - -text {* - The following @{text "indep"} defines a notion of independence. - Two nodes @{text "x"} and @{text "y"} are said to be independent - (expressed as @{text "indep x y"}), if neither one is reachable - from the other in relational graph @{text "r"}. -*} -definition "indep r x y = (((x, y) \ r^*) \ ((y, x) \ r^*))" - -text {* - In relational tree @{text "r"}, the sub tree of node @{text "x"} is written - @{text "subtree r x"}, which is defined to be the set of nodes (including itself) - which can reach @{text "x"} by following some path in @{text "r"}: -*} - -definition "subtree r x = {y . (y, x) \ r^*}" - -definition "ancestors r x = {y. (x, y) \ r^+}" - -definition "root r x = (ancestors r x = {})" - -text {* - The following @{text "edge_in r x"} is the set of edges - contained in the sub-tree of @{text "x"}, with @{text "r"} as the underlying graph. -*} - -definition "edges_in r x = {(a, b) | a b. (a, b) \ r \ b \ subtree r x}" - -text {* - The following lemma @{text "edges_in_meaning"} shows the intuitive meaning - of `an edge @{text "(a, b)"} is in the sub-tree of @{text "x"}`, - i.e., both @{text "a"} and @{text "b"} are in the sub-tree. -*} -lemma edges_in_meaning: - "edges_in r x = {(a, b) | a b. (a, b) \ r \ a \ subtree r x \ b \ subtree r x}" -proof - - { fix a b - assume h: "(a, b) \ r" "b \ subtree r x" - moreover have "a \ subtree r x" - proof - - from h(2)[unfolded subtree_def] have "(b, x) \ r^*" by simp - with h(1) have "(a, x) \ r^*" by auto - thus ?thesis by (auto simp:subtree_def) - qed - ultimately have "((a, b) \ r \ a \ subtree r x \ b \ subtree r x)" - by (auto) - } thus ?thesis by (auto simp:edges_in_def) -qed - -text {* - The following lemma shows the meaning of @{term "edges_in"} from the other side, - which says: for the edge @{text "(a,b)"} to be outside of the sub-tree of @{text "x"}, - it is sufficient to show that @{text "b"} is. -*} -lemma edges_in_refutation: - assumes "b \ subtree r x" - shows "(a, b) \ edges_in r x" - using assms by (unfold edges_in_def subtree_def, auto) - -definition "children r x = {y. (y, x) \ r}" - -locale fbranch = - fixes r - assumes fb: "\ x \ Range r . finite (children r x)" -begin - -lemma finite_children: "finite (children r x)" -proof(cases "children r x = {}") - case True - thus ?thesis by auto -next - case False - then obtain y where "(y, x) \ r" by (auto simp:children_def) - hence "x \ Range r" by auto - from fb[rule_format, OF this] - show ?thesis . -qed - -end - -locale fsubtree = fbranch + - assumes wf: "wf r" - -(* ccc *) - -subsection {* Auxiliary lemmas *} - -lemma index_minimize: - assumes "P (i::nat)" - obtains j where "P j" and "\ k < j. \ P k" -using assms -proof - - have "\ j. P j \ (\ k < j. \ P k)" - using assms - proof(induct i rule:less_induct) - case (less t) - show ?case - proof(cases "\ j < t. \ P j") - case True - with less (2) show ?thesis by blast - next - case False - then obtain j where "j < t" "P j" by auto - from less(1)[OF this] - show ?thesis . - qed - qed - with that show ?thesis by metis -qed - -subsection {* Properties of Relational Graphs and Relational Trees *} - -subsubsection {* Properties of @{text "rel_of"} and @{text "pred_of"} *} - -text {* The following lemmas establish bijectivity of the two functions *} - -lemma pred_rel_eq: "pred_of (rel_of r) = r" by (auto simp:rel_of_def pred_of_def) - -lemma rel_pred_eq: "rel_of (pred_of r) = r" by (auto simp:rel_of_def pred_of_def) - -lemma rel_of_star: "rel_of (r^**) = (rel_of r)^*" - by (unfold rel_of_def rtranclp_rtrancl_eq, auto) - -lemma pred_of_star: "pred_of (r^*) = (pred_of r)^**" -proof - - { fix x y - have "pred_of (r^*) x y = (pred_of r)^** x y" - by (unfold pred_of_def rtranclp_rtrancl_eq, auto) - } thus ?thesis by auto -qed - -lemma star_2_pstar: "(x, y) \ r^* = (pred_of (r^*)) x y" - by (simp add: pred_of_def) - -subsubsection {* Properties of @{text "rpath"} *} - -text {* Induction rule for @{text "rpath"}: *} - -lemma rpath_induct [consumes 1, case_names rbase rstep, induct pred: rpath]: - assumes "rpath r x1 x2 x3" - and "\x. P x [] x" - and "\x y ys z. (x, y) \ r \ rpath r y ys z \ P y ys z \ P x (y # ys) z" - shows "P x1 x2 x3" - using assms[unfolded rpath_def] - by (induct, auto simp:pred_of_def rpath_def) - -lemma rpathE: - assumes "rpath r x xs y" - obtains (base) "y = x" "xs = []" - | (step) z zs where "(x, z) \ r" "rpath r z zs y" "xs = z#zs" - using assms - by (induct, auto) - -text {* Introduction rule for empty path *} -lemma rbaseI [intro!]: - assumes "x = y" - shows "rpath r x [] y" - by (unfold rpath_def assms, - rule Transitive_Closure_Table.rtrancl_path.base) - -text {* Introduction rule for non-empty path *} -lemma rstepI [intro!]: - assumes "(x, y) \ r" - and "rpath r y ys z" - shows "rpath r x (y#ys) z" -proof(unfold rpath_def, rule Transitive_Closure_Table.rtrancl_path.step) - from assms(1) show "pred_of r x y" by (auto simp:pred_of_def) -next - from assms(2) show "rtrancl_path (pred_of r) y ys z" - by (auto simp:pred_of_def rpath_def) -qed - -text {* Introduction rule for @{text "@"}-path *} -lemma rpath_appendI [intro]: - assumes "rpath r x xs a" and "rpath r a ys y" - shows "rpath r x (xs @ ys) y" - using assms - by (unfold rpath_def, auto intro:rtrancl_path_trans) - -text {* Elimination rule for empty path *} - -lemma rpath_cases [cases pred:rpath]: - assumes "rpath r a1 a2 a3" - obtains (rbase) "a1 = a3" and "a2 = []" - | (rstep) y :: "'a" and ys :: "'a list" - where "(a1, y) \ r" and "a2 = y # ys" and "rpath r y ys a3" - using assms [unfolded rpath_def] - by (cases, auto simp:rpath_def pred_of_def) - -lemma rpath_nilE [elim!, cases pred:rpath]: - assumes "rpath r x [] y" - obtains "y = x" - using assms[unfolded rpath_def] by auto - --- {* This is a auxiliary lemmas used only in the proof of @{text "rpath_nnl_lastE"} *} -lemma rpath_nnl_last: - assumes "rtrancl_path r x xs y" - and "xs \ []" - obtains xs' where "xs = xs'@[y]" -proof - - from append_butlast_last_id[OF `xs \ []`, symmetric] - obtain xs' y' where eq_xs: "xs = (xs' @ y' # [])" by simp - with assms(1) - have "rtrancl_path r x ... y" by simp - hence "y = y'" by (rule rtrancl_path_appendE, auto) - with eq_xs have "xs = xs'@[y]" by simp - from that[OF this] show ?thesis . -qed - -text {* - Elimination rule for non-empty paths constructed with @{text "#"}. -*} - -lemma rpath_ConsE [elim!, cases pred:rpath]: - assumes "rpath r x (y # ys) x2" - obtains (rstep) "(x, y) \ r" and "rpath r y ys x2" - using assms[unfolded rpath_def] - by (cases, auto simp:rpath_def pred_of_def) - -text {* - Elimination rule for non-empty path, where the destination node - @{text "y"} is shown to be at the end of the path. -*} -lemma rpath_nnl_lastE: - assumes "rpath r x xs y" - and "xs \ []" - obtains xs' where "xs = xs'@[y]" - using assms[unfolded rpath_def] - by (rule rpath_nnl_last, auto) - -text {* Other elimination rules of @{text "rpath"} *} - -lemma rpath_appendE: - assumes "rpath r x (xs @ [a] @ ys) y" - obtains "rpath r x (xs @ [a]) a" and "rpath r a ys y" - using rtrancl_path_appendE[OF assms[unfolded rpath_def, simplified], folded rpath_def] - by auto - -lemma rpath_subE: - assumes "rpath r x (xs @ [a] @ ys @ [b] @ zs) y" - obtains "rpath r x (xs @ [a]) a" and "rpath r a (ys @ [b]) b" and "rpath r b zs y" - using assms - by (elim rpath_appendE, auto) - -text {* Every path has a unique end point. *} -lemma rpath_dest_eq: - assumes "rpath r x xs x1" - and "rpath r x xs x2" - shows "x1 = x2" - using assms - by (induct, auto) - -subsubsection {* Properites of @{text "edges_on"} *} - -lemma edges_on_unfold: - "edges_on (a # b # xs) = {(a, b)} \ edges_on (b # xs)" (is "?L = ?R") -proof - - { fix c d - assume "(c, d) \ ?L" - then obtain l1 l2 where h: "(a # b # xs) = l1 @ [c, d] @ l2" - by (auto simp:edges_on_def) - have "(c, d) \ ?R" - proof(cases "l1") - case Nil - with h have "(c, d) = (a, b)" by auto - thus ?thesis by auto - next - case (Cons e es) - from h[unfolded this] have "b#xs = es@[c, d]@l2" by auto - thus ?thesis by (auto simp:edges_on_def) - qed - } moreover - { fix c d - assume "(c, d) \ ?R" - moreover have "(a, b) \ ?L" - proof - - have "(a # b # xs) = []@[a,b]@xs" by simp - hence "\ l1 l2. (a # b # xs) = l1@[a,b]@l2" by auto - thus ?thesis by (unfold edges_on_def, simp) - qed - moreover { - assume "(c, d) \ edges_on (b#xs)" - then obtain l1 l2 where "b#xs = l1@[c, d]@l2" by (unfold edges_on_def, auto) - hence "a#b#xs = (a#l1)@[c,d]@l2" by simp - hence "\ l1 l2. (a # b # xs) = l1@[c,d]@l2" by metis - hence "(c,d) \ ?L" by (unfold edges_on_def, simp) - } - ultimately have "(c, d) \ ?L" by auto - } ultimately show ?thesis by auto -qed - -lemma edges_on_len: - assumes "(a,b) \ edges_on l" - shows "length l \ 2" - using assms - by (unfold edges_on_def, auto) - -text {* Elimination of @{text "edges_on"} for non-empty path *} - -lemma edges_on_consE [elim, cases set:edges_on]: - assumes "(a,b) \ edges_on (x#xs)" - obtains (head) xs' where "x = a" and "xs = b#xs'" - | (tail) "(a,b) \ edges_on xs" -proof - - from assms obtain l1 l2 - where h: "(x#xs) = l1 @ [a,b] @ l2" by (unfold edges_on_def, blast) - have "(\ xs'. x = a \ xs = b#xs') \ ((a,b) \ edges_on xs)" - proof(cases "l1") - case Nil with h - show ?thesis by auto - next - case (Cons e el) - from h[unfolded this] - have "xs = el @ [a,b] @ l2" by auto - thus ?thesis - by (unfold edges_on_def, auto) - qed - thus ?thesis - proof - assume "(\xs'. x = a \ xs = b # xs')" - then obtain xs' where "x = a" "xs = b#xs'" by blast - from that(1)[OF this] show ?thesis . - next - assume "(a, b) \ edges_on xs" - from that(2)[OF this] show ?thesis . - qed -qed - -text {* - Every edges on the path is a graph edges: -*} -lemma rpath_edges_on: - assumes "rpath r x xs y" - shows "(edges_on (x#xs)) \ r" - using assms -proof(induct arbitrary:y) - case (rbase x) - thus ?case by (unfold edges_on_def, auto) -next - case (rstep x y ys z) - show ?case - proof - - { fix a b - assume "(a, b) \ edges_on (x # y # ys)" - hence "(a, b) \ r" by (cases, insert rstep, auto) - } thus ?thesis by auto - qed -qed - -text {* @{text "edges_on"} is mono with respect to @{text "#"}-operation: *} -lemma edges_on_Cons_mono: - shows "edges_on xs \ edges_on (x#xs)" -proof - - { fix a b - assume "(a, b) \ edges_on xs" - then obtain l1 l2 where "xs = l1 @ [a,b] @ l2" - by (auto simp:edges_on_def) - hence "x # xs = (x#l1) @ [a, b] @ l2" by auto - hence "(a, b) \ edges_on (x#xs)" - by (unfold edges_on_def, blast) - } thus ?thesis by auto -qed - -text {* - The following rule @{text "rpath_transfer"} is used to show - that one path is intact as long as all the edges on it are intact - with the change of graph. - - If @{text "x#xs"} is path in graph @{text "r1"} and - every edges along the path is also in @{text "r2"}, - then @{text "x#xs"} is also a edge in graph @{text "r2"}: -*} - -lemma rpath_transfer: - assumes "rpath r1 x xs y" - and "edges_on (x#xs) \ r2" - shows "rpath r2 x xs y" - using assms -proof(induct) - case (rstep x y ys z) - show ?case - proof(rule rstepI) - show "(x, y) \ r2" - proof - - have "(x, y) \ edges_on (x # y # ys)" - by (unfold edges_on_def, auto) - with rstep(4) show ?thesis by auto - qed - next - show "rpath r2 y ys z" - using rstep edges_on_Cons_mono[of "y#ys" "x"] by (auto) - qed -qed (unfold rpath_def, auto intro!:Transitive_Closure_Table.rtrancl_path.base) - -lemma edges_on_rpathI: - assumes "edges_on (a#xs@[b]) \ r" - shows "rpath r a (xs@[b]) b" - using assms -proof(induct xs arbitrary: a b) - case Nil - moreover have "(a, b) \ edges_on (a # [] @ [b])" - by (unfold edges_on_def, auto) - ultimately have "(a, b) \ r" by auto - thus ?case by auto -next - case (Cons x xs a b) - from this(2) have "edges_on (x # xs @ [b]) \ r" by (simp add:edges_on_unfold) - from Cons(1)[OF this] have " rpath r x (xs @ [b]) b" . - moreover from Cons(2) have "(a, x) \ r" by (auto simp:edges_on_unfold) - ultimately show ?case by (auto) -qed - -text {* - The following lemma extracts the path from @{text "x"} to @{text "y"} - from proposition @{text "(x, y) \ r^*"} -*} -lemma star_rpath: - assumes "(x, y) \ r^*" - obtains xs where "rpath r x xs y" -proof - - have "\ xs. rpath r x xs y" - proof(unfold rpath_def, rule iffD1[OF rtranclp_eq_rtrancl_path]) - from assms - show "(pred_of r)\<^sup>*\<^sup>* x y" - apply (fold pred_of_star) - by (auto simp:pred_of_def) - qed - from that and this show ?thesis by blast -qed - -text {* - The following lemma uses the path @{text "xs"} from @{text "x"} to @{text "y"} - as a witness to show @{text "(x, y) \ r^*"}. -*} -lemma rpath_star: - assumes "rpath r x xs y" - shows "(x, y) \ r^*" -proof - - from iffD2[OF rtranclp_eq_rtrancl_path] and assms[unfolded rpath_def] - have "(pred_of r)\<^sup>*\<^sup>* x y" by metis - thus ?thesis by (simp add: pred_of_star star_2_pstar) -qed - -lemma subtree_transfer: - assumes "a \ subtree r1 a'" - and "r1 \ r2" - shows "a \ subtree r2 a'" -proof - - from assms(1)[unfolded subtree_def] - have "(a, a') \ r1^*" by auto - from star_rpath[OF this] - obtain xs where rp: "rpath r1 a xs a'" by blast - hence "rpath r2 a xs a'" - proof(rule rpath_transfer) - from rpath_edges_on[OF rp] and assms(2) - show "edges_on (a # xs) \ r2" by simp - qed - from rpath_star[OF this] - show ?thesis by (auto simp:subtree_def) -qed - -lemma subtree_rev_transfer: - assumes "a \ subtree r2 a'" - and "r1 \ r2" - shows "a \ subtree r1 a'" - using assms and subtree_transfer by metis - -text {* - The following lemmas establishes a relation from paths in @{text "r"} - to @{text "r^+"} relation. -*} -lemma rpath_plus: - assumes "rpath r x xs y" - and "xs \ []" - shows "(x, y) \ r^+" -proof - - from assms(2) obtain e es where "xs = e#es" by (cases xs, auto) - from assms(1)[unfolded this] - show ?thesis - proof(cases) - case rstep - show ?thesis - proof - - from rpath_star[OF rstep(2)] have "(e, y) \ r\<^sup>*" . - with rstep(1) show "(x, y) \ r^+" by auto - qed - qed -qed - -lemma plus_rpath: - assumes "(x, y) \ r^+" - obtains xs where "rpath r x xs y" and "xs \ []" -proof - - from assms - show ?thesis - proof(cases rule:converse_tranclE[consumes 1]) - case 1 - hence "rpath r x [y] y" by auto - from that[OF this] show ?thesis by auto - next - case (2 z) - from 2(2) have "(z, y) \ r^*" by auto - from star_rpath[OF this] obtain xs where "rpath r z xs y" by auto - from rstepI[OF 2(1) this] - have "rpath r x (z # xs) y" . - from that[OF this] show ?thesis by auto - qed -qed - -subsubsection {* Properties of @{text "subtree"} and @{term "ancestors"}*} - -lemma ancestors_subtreeI: - assumes "b \ ancestors r a" - shows "a \ subtree r b" - using assms by (auto simp:subtree_def ancestors_def) - -lemma ancestors_Field: - assumes "b \ ancestors r a" - obtains "a \ Domain r" "b \ Range r" - using assms - apply (unfold ancestors_def, simp) - by (metis Domain.DomainI Range.intros trancl_domain trancl_range) - -lemma subtreeE: - assumes "a \ subtree r b" - obtains "a = b" - | "a \ b" and "b \ ancestors r a" -proof - - from assms have "(a, b) \ r^*" by (auto simp:subtree_def) - from rtranclD[OF this] - have " a = b \ a \ b \ (a, b) \ r\<^sup>+" . - with that[unfolded ancestors_def] show ?thesis by auto -qed - - -lemma subtree_Field: - "subtree r x \ Field r \ {x}" -proof - fix y - assume "y \ subtree r x" - thus "y \ Field r \ {x}" - proof(cases rule:subtreeE) - case 1 - thus ?thesis by auto - next - case 2 - thus ?thesis apply (auto simp:ancestors_def) - using Field_def tranclD by fastforce - qed -qed - -lemma subtree_ancestorsI: - assumes "a \ subtree r b" - and "a \ b" - shows "b \ ancestors r a" - using assms - by (auto elim!:subtreeE) - -text {* - @{text "subtree"} is mono with respect to the underlying graph. -*} -lemma subtree_mono: - assumes "r1 \ r2" - shows "subtree r1 x \ subtree r2 x" -proof - fix c - assume "c \ subtree r1 x" - hence "(c, x) \ r1^*" by (auto simp:subtree_def) - from star_rpath[OF this] obtain xs - where rp:"rpath r1 c xs x" by metis - hence "rpath r2 c xs x" - proof(rule rpath_transfer) - from rpath_edges_on[OF rp] have "edges_on (c # xs) \ r1" . - with assms show "edges_on (c # xs) \ r2" by auto - qed - thus "c \ subtree r2 x" - by (rule rpath_star[elim_format], auto simp:subtree_def) -qed - -text {* - The following lemma characterizes the change of sub-tree of @{text "x"} - with the removal of an outside edge @{text "(a,b)"}. - - Note that, according to lemma @{thm edges_in_refutation}, the assumption - @{term "b \ subtree r x"} amounts to saying @{text "(a, b)"} - is outside the sub-tree of @{text "x"}. -*} -lemma subtree_del_outside: (* ddd *) - assumes "b \ subtree r x" - shows "subtree (r - {(a, b)}) x = (subtree r x)" -proof - - { fix c - assume "c \ (subtree r x)" - hence "(c, x) \ r^*" by (auto simp:subtree_def) - hence "c \ subtree (r - {(a, b)}) x" - proof(rule star_rpath) - fix xs - assume rp: "rpath r c xs x" - show ?thesis - proof - - from rp - have "rpath (r - {(a, b)}) c xs x" - proof(rule rpath_transfer) - from rpath_edges_on[OF rp] have "edges_on (c # xs) \ r" . - moreover have "(a, b) \ edges_on (c#xs)" - proof - assume "(a, b) \ edges_on (c # xs)" - then obtain l1 l2 where h: "c#xs = l1@[a,b]@l2" by (auto simp:edges_on_def) - hence "tl (c#xs) = tl (l1@[a,b]@l2)" by simp - then obtain l1' where eq_xs_b: "xs = l1'@[b]@l2" by (cases l1, auto) - from rp[unfolded this] - show False - proof(rule rpath_appendE) - assume "rpath r b l2 x" - thus ?thesis - by(rule rpath_star[elim_format], insert assms(1), auto simp:subtree_def) - qed - qed - ultimately show "edges_on (c # xs) \ r - {(a,b)}" by auto - qed - thus ?thesis by (rule rpath_star[elim_format], auto simp:subtree_def) - qed - qed - } moreover { - fix c - assume "c \ subtree (r - {(a, b)}) x" - moreover have "... \ (subtree r x)" by (rule subtree_mono, auto) - ultimately have "c \ (subtree r x)" by auto - } ultimately show ?thesis by auto -qed - -(* ddd *) -lemma subset_del_subtree_outside: (* ddd *) - assumes "Range r' \ subtree r x = {}" - shows "subtree (r - r') x = (subtree r x)" -proof - - { fix c - assume "c \ (subtree r x)" - hence "(c, x) \ r^*" by (auto simp:subtree_def) - hence "c \ subtree (r - r') x" - proof(rule star_rpath) - fix xs - assume rp: "rpath r c xs x" - show ?thesis - proof - - from rp - have "rpath (r - r') c xs x" - proof(rule rpath_transfer) - from rpath_edges_on[OF rp] have "edges_on (c # xs) \ r" . - moreover { - fix a b - assume h: "(a, b) \ r'" - have "(a, b) \ edges_on (c#xs)" - proof - assume "(a, b) \ edges_on (c # xs)" - then obtain l1 l2 where "c#xs = (l1@[a])@[b]@l2" by (auto simp:edges_on_def) - hence "tl (c#xs) = tl (l1@[a,b]@l2)" by simp - then obtain l1' where eq_xs_b: "xs = l1'@[b]@l2" by (cases l1, auto) - from rp[unfolded this] - show False - proof(rule rpath_appendE) - assume "rpath r b l2 x" - from rpath_star[OF this] - have "b \ subtree r x" by (auto simp:subtree_def) - with assms (1) and h show ?thesis by (auto) - qed - qed - } ultimately show "edges_on (c # xs) \ r - r'" by auto - qed - thus ?thesis by (rule rpath_star[elim_format], auto simp:subtree_def) - qed - qed - } moreover { - fix c - assume "c \ subtree (r - r') x" - moreover have "... \ (subtree r x)" by (rule subtree_mono, auto) - ultimately have "c \ (subtree r x)" by auto - } ultimately show ?thesis by auto -qed - -lemma subtree_insert_ext: - assumes "b \ subtree r x" - shows "subtree (r \ {(a, b)}) x = (subtree r x) \ (subtree r a)" - using assms by (auto simp:subtree_def rtrancl_insert) - -lemma subtree_insert_next: - assumes "b \ subtree r x" - shows "subtree (r \ {(a, b)}) x = (subtree r x)" - using assms - by (auto simp:subtree_def rtrancl_insert) - -lemma set_add_rootI: - assumes "root r a" - and "a \ Domain r1" - shows "root (r \ r1) a" -proof - - let ?r = "r \ r1" - { fix a' - assume "a' \ ancestors ?r a" - hence "(a, a') \ ?r^+" by (auto simp:ancestors_def) - from tranclD[OF this] obtain z where "(a, z) \ ?r" by auto - moreover have "(a, z) \ r" - proof - assume "(a, z) \ r" - with assms(1) show False - by (auto simp:root_def ancestors_def) - qed - ultimately have "(a, z) \ r1" by auto - with assms(2) - have False by (auto) - } thus ?thesis by (auto simp:root_def) -qed - -lemma ancestors_mono: - assumes "r1 \ r2" - shows "ancestors r1 x \ ancestors r2 x" -proof - fix a - assume "a \ ancestors r1 x" - hence "(x, a) \ r1^+" by (auto simp:ancestors_def) - from plus_rpath[OF this] obtain xs where - h: "rpath r1 x xs a" "xs \ []" . - have "rpath r2 x xs a" - proof(rule rpath_transfer[OF h(1)]) - from rpath_edges_on[OF h(1)] and assms - show "edges_on (x # xs) \ r2" by auto - qed - from rpath_plus[OF this h(2)] - show "a \ ancestors r2 x" by (auto simp:ancestors_def) -qed - -lemma subtree_refute: - assumes "x \ ancestors r y" - and "x \ y" - shows "y \ subtree r x" -proof - assume "y \ subtree r x" - thus False - by(elim subtreeE, insert assms, auto) -qed - -subsubsection {* Properties about relational trees *} - -context rtree -begin - -lemma ancestors_headE: - assumes "c \ ancestors r a" - assumes "(a, b) \ r" - obtains "b = c" - | "c \ ancestors r b" -proof - - from assms(1) - have "(a, c) \ r^+" by (auto simp:ancestors_def) - hence "b = c \ c \ ancestors r b" - proof(cases rule:converse_tranclE[consumes 1]) - case 1 - with assms(2) and sgv have "b = c" by (auto simp:single_valued_def) - thus ?thesis by auto - next - case (2 y) - from 2(1) and assms(2) and sgv have "y = b" by (auto simp:single_valued_def) - from 2(2)[unfolded this] have "c \ ancestors r b" by (auto simp:ancestors_def) - thus ?thesis by auto - qed - with that show ?thesis by metis -qed - -lemma ancestors_accum: - assumes "(a, b) \ r" - shows "ancestors r a = ancestors r b \ {b}" -proof - - { fix c - assume "c \ ancestors r a" - hence "(a, c) \ r^+" by (auto simp:ancestors_def) - hence "c \ ancestors r b \ {b}" - proof(cases rule:converse_tranclE[consumes 1]) - case 1 - with sgv assms have "c = b" by (unfold single_valued_def, auto) - thus ?thesis by auto - next - case (2 c') - with sgv assms have "c' = b" by (unfold single_valued_def, auto) - from 2(2)[unfolded this] - show ?thesis by (auto simp:ancestors_def) - qed - } moreover { - fix c - assume "c \ ancestors r b \ {b}" - hence "c = b \ c \ ancestors r b" by auto - hence "c \ ancestors r a" - proof - assume "c = b" - from assms[folded this] - show ?thesis by (auto simp:ancestors_def) - next - assume "c \ ancestors r b" - with assms show ?thesis by (auto simp:ancestors_def) - qed - } ultimately show ?thesis by auto -qed - -lemma rootI: - assumes h: "\ x'. x' \ x \ x \ subtree r' x'" - and "r' \ r" - shows "root r' x" -proof - - from acyclic_subset[OF acl assms(2)] - have acl': "acyclic r'" . - { fix x' - assume "x' \ ancestors r' x" - hence h1: "(x, x') \ r'^+" by (auto simp:ancestors_def) - have "x' \ x" - proof - assume eq_x: "x' = x" - from h1[unfolded this] and acl' - show False by (auto simp:acyclic_def) - qed - moreover from h1 have "x \ subtree r' x'" by (auto simp:subtree_def) - ultimately have False using h by auto - } thus ?thesis by (auto simp:root_def) -qed - -lemma rpath_overlap_oneside: (* ddd *) - assumes "rpath r x xs1 x1" (* ccc *) - and "rpath r x xs2 x2" - and "length xs1 \ length xs2" - obtains xs3 where - "xs2 = xs1 @ xs3" "rpath r x xs1 x1" "rpath r x1 xs3 x2" -proof(cases "xs1 = []") - case True - with that show ?thesis by auto -next - case False - have "\ i \ length xs1. take i xs1 = take i xs2" - proof - - { assume "\ (\ i \ length xs1. take i xs1 = take i xs2)" - then obtain i where "i \ length xs1 \ take i xs1 \ take i xs2" by auto - from this(1) have "False" - proof(rule index_minimize) - fix j - assume h1: "j \ length xs1 \ take j xs1 \ take j xs2" - and h2: " \k (k \ length xs1 \ take k xs1 \ take k xs2)" - -- {* @{text "j - 1"} is the branch point between @{text "xs1"} and @{text "xs2"} *} - let ?idx = "j - 1" - -- {* A number of inequalities concerning @{text "j - 1"} are derived first *} - have lt_i: "?idx < length xs1" using False h1 - by (metis Suc_diff_1 le_neq_implies_less length_greater_0_conv lessI less_imp_diff_less) - have lt_i': "?idx < length xs2" using lt_i and assms(3) by auto - have lt_j: "?idx < j" using h1 by (cases j, auto) - -- {* From thesis inequalities, a number of equations concerning @{text "xs1"} - and @{text "xs2"} are derived *} - have eq_take: "take ?idx xs1 = take ?idx xs2" - using h2[rule_format, OF lt_j] and h1 by auto - have eq_xs1: " xs1 = take ?idx xs1 @ xs1 ! (?idx) # drop (Suc (?idx)) xs1" - using id_take_nth_drop[OF lt_i] . - have eq_xs2: "xs2 = take ?idx xs2 @ xs2 ! (?idx) # drop (Suc (?idx)) xs2" - using id_take_nth_drop[OF lt_i'] . - -- {* The branch point along the path is finally pinpointed *} - have neq_idx: "xs1!?idx \ xs2!?idx" - proof - - have "take j xs1 = take ?idx xs1 @ [xs1 ! ?idx]" - using eq_xs1 Suc_diff_1 lt_i lt_j take_Suc_conv_app_nth by fastforce - moreover have eq_tk2: "take j xs2 = take ?idx xs2 @ [xs2 ! ?idx]" - using Suc_diff_1 lt_i' lt_j take_Suc_conv_app_nth by fastforce - ultimately show ?thesis using eq_take h1 by auto - qed - show ?thesis - proof(cases " take (j - 1) xs1 = []") - case True - have "(x, xs1!?idx) \ r" - proof - - from eq_xs1[unfolded True, simplified, symmetric] assms(1) - have "rpath r x ( xs1 ! ?idx # drop (Suc ?idx) xs1) x1" by simp - from this[unfolded rpath_def] - show ?thesis by (auto simp:pred_of_def) - qed - moreover have "(x, xs2!?idx) \ r" - proof - - from eq_xs2[folded eq_take, unfolded True, simplified, symmetric] assms(2) - have "rpath r x ( xs2 ! ?idx # drop (Suc ?idx) xs2) x2" by simp - from this[unfolded rpath_def] - show ?thesis by (auto simp:pred_of_def) - qed - ultimately show ?thesis using neq_idx sgv[unfolded single_valued_def] by metis - next - case False - then obtain e es where eq_es: "take ?idx xs1 = es@[e]" - using rev_exhaust by blast - have "(e, xs1!?idx) \ r" - proof - - from eq_xs1[unfolded eq_es] - have "xs1 = es@[e, xs1!?idx]@drop (Suc ?idx) xs1" by simp - hence "(e, xs1!?idx) \ edges_on xs1" by (simp add:edges_on_def, metis) - with rpath_edges_on[OF assms(1)] edges_on_Cons_mono[of xs1 x] - show ?thesis by auto - qed moreover have "(e, xs2!?idx) \ r" - proof - - from eq_xs2[folded eq_take, unfolded eq_es] - have "xs2 = es@[e, xs2!?idx]@drop (Suc ?idx) xs2" by simp - hence "(e, xs2!?idx) \ edges_on xs2" by (simp add:edges_on_def, metis) - with rpath_edges_on[OF assms(2)] edges_on_Cons_mono[of xs2 x] - show ?thesis by auto - qed - ultimately show ?thesis - using sgv[unfolded single_valued_def] neq_idx by metis - qed - qed - } thus ?thesis by auto - qed - from this[rule_format, of "length xs1"] - have "take (length xs1) xs1 = take (length xs1) xs2" by simp - moreover have "xs2 = take (length xs1) xs2 @ drop (length xs1) xs2" by simp - ultimately have "xs2 = xs1 @ drop (length xs1) xs2" by auto - from that[OF this] show ?thesis . -qed - -lemma rpath_overlap_oneside: (* ddd *) - assumes "rpath r x xs1 x1" - and "rpath r x xs2 x2" - and "length xs1 \ length xs2" - obtains xs3 where "xs2 = xs1 @ xs3" -proof(cases "xs1 = []") - case True - with that show ?thesis by auto -next - case False - have "\ i \ length xs1. take i xs1 = take i xs2" - proof - - { assume "\ (\ i \ length xs1. take i xs1 = take i xs2)" - then obtain i where "i \ length xs1 \ take i xs1 \ take i xs2" by auto - from this(1) have "False" - proof(rule index_minimize) - fix j - assume h1: "j \ length xs1 \ take j xs1 \ take j xs2" - and h2: " \k (k \ length xs1 \ take k xs1 \ take k xs2)" - -- {* @{text "j - 1"} is the branch point between @{text "xs1"} and @{text "xs2"} *} - let ?idx = "j - 1" - -- {* A number of inequalities concerning @{text "j - 1"} are derived first *} - have lt_i: "?idx < length xs1" using False h1 - by (metis Suc_diff_1 le_neq_implies_less length_greater_0_conv lessI less_imp_diff_less) - have lt_i': "?idx < length xs2" using lt_i and assms(3) by auto - have lt_j: "?idx < j" using h1 by (cases j, auto) - -- {* From thesis inequalities, a number of equations concerning @{text "xs1"} - and @{text "xs2"} are derived *} - have eq_take: "take ?idx xs1 = take ?idx xs2" - using h2[rule_format, OF lt_j] and h1 by auto - have eq_xs1: " xs1 = take ?idx xs1 @ xs1 ! (?idx) # drop (Suc (?idx)) xs1" - using id_take_nth_drop[OF lt_i] . - have eq_xs2: "xs2 = take ?idx xs2 @ xs2 ! (?idx) # drop (Suc (?idx)) xs2" - using id_take_nth_drop[OF lt_i'] . - -- {* The branch point along the path is finally pinpointed *} - have neq_idx: "xs1!?idx \ xs2!?idx" - proof - - have "take j xs1 = take ?idx xs1 @ [xs1 ! ?idx]" - using eq_xs1 Suc_diff_1 lt_i lt_j take_Suc_conv_app_nth by fastforce - moreover have eq_tk2: "take j xs2 = take ?idx xs2 @ [xs2 ! ?idx]" - using Suc_diff_1 lt_i' lt_j take_Suc_conv_app_nth by fastforce - ultimately show ?thesis using eq_take h1 by auto - qed - show ?thesis - proof(cases " take (j - 1) xs1 = []") - case True - have "(x, xs1!?idx) \ r" - proof - - from eq_xs1[unfolded True, simplified, symmetric] assms(1) - have "rpath r x ( xs1 ! ?idx # drop (Suc ?idx) xs1) x1" by simp - from this[unfolded rpath_def] - show ?thesis by (auto simp:pred_of_def) - qed - moreover have "(x, xs2!?idx) \ r" - proof - - from eq_xs2[folded eq_take, unfolded True, simplified, symmetric] assms(2) - have "rpath r x ( xs2 ! ?idx # drop (Suc ?idx) xs2) x2" by simp - from this[unfolded rpath_def] - show ?thesis by (auto simp:pred_of_def) - qed - ultimately show ?thesis using neq_idx sgv[unfolded single_valued_def] by metis - next - case False - then obtain e es where eq_es: "take ?idx xs1 = es@[e]" - using rev_exhaust by blast - have "(e, xs1!?idx) \ r" - proof - - from eq_xs1[unfolded eq_es] - have "xs1 = es@[e, xs1!?idx]@drop (Suc ?idx) xs1" by simp - hence "(e, xs1!?idx) \ edges_on xs1" by (simp add:edges_on_def, metis) - with rpath_edges_on[OF assms(1)] edges_on_Cons_mono[of xs1 x] - show ?thesis by auto - qed moreover have "(e, xs2!?idx) \ r" - proof - - from eq_xs2[folded eq_take, unfolded eq_es] - have "xs2 = es@[e, xs2!?idx]@drop (Suc ?idx) xs2" by simp - hence "(e, xs2!?idx) \ edges_on xs2" by (simp add:edges_on_def, metis) - with rpath_edges_on[OF assms(2)] edges_on_Cons_mono[of xs2 x] - show ?thesis by auto - qed - ultimately show ?thesis - using sgv[unfolded single_valued_def] neq_idx by metis - qed - qed - } thus ?thesis by auto - qed - from this[rule_format, of "length xs1"] - have "take (length xs1) xs1 = take (length xs1) xs2" by simp - moreover have "xs2 = take (length xs1) xs2 @ drop (length xs1) xs2" by simp - ultimately have "xs2 = xs1 @ drop (length xs1) xs2" by auto - from that[OF this] show ?thesis . -qed - -lemma rpath_overlap [consumes 2, cases pred:rpath]: - assumes "rpath r x xs1 x1" - and "rpath r x xs2 x2" - obtains (less_1) xs3 where "xs2 = xs1 @ xs3" - | (less_2) xs3 where "xs1 = xs2 @ xs3" -proof - - have "length xs1 \ length xs2 \ length xs2 \ length xs1" by auto - with assms rpath_overlap_oneside that show ?thesis by metis -qed - -text {* - As a corollary of @{thm "rpath_overlap_oneside"}, - the following two lemmas gives one important property of relation tree, - i.e. there is at most one path between any two nodes. - Similar to the proof of @{thm rpath_overlap}, we starts with - the one side version first. -*} - -lemma rpath_unique_oneside: - assumes "rpath r x xs1 y" - and "rpath r x xs2 y" - and "length xs1 \ length xs2" - shows "xs1 = xs2" -proof - - from rpath_overlap_oneside[OF assms] - obtain xs3 where less_1: "xs2 = xs1 @ xs3" by blast - show ?thesis - proof(cases "xs3 = []") - case True - from less_1[unfolded this] show ?thesis by simp - next - case False - note FalseH = this - show ?thesis - proof(cases "xs1 = []") - case True - have "(x, x) \ r^+" - proof(rule rpath_plus) - from assms(1)[unfolded True] - have "y = x" by (cases rule:rpath_nilE, simp) - from assms(2)[unfolded this] show "rpath r x xs2 x" . - next - from less_1 and False show "xs2 \ []" by simp - qed - with acl show ?thesis by (unfold acyclic_def, auto) - next - case False - then obtain e es where eq_xs1: "xs1 = es@[e]" using rev_exhaust by auto - from assms(2)[unfolded less_1 this] - have "rpath r x (es @ [e] @ xs3) y" by simp - thus ?thesis - proof(cases rule:rpath_appendE) - case 1 - from rpath_dest_eq [OF 1(1)[folded eq_xs1] assms(1)] - have "e = y" . - from rpath_plus [OF 1(2)[unfolded this] FalseH] - have "(y, y) \ r^+" . - with acl show ?thesis by (unfold acyclic_def, auto) - qed - qed - qed -qed - -text {* - The following is the full version of path uniqueness. -*} -lemma rpath_unique: - assumes "rpath r x xs1 y" - and "rpath r x xs2 y" - shows "xs1 = xs2" -proof(cases "length xs1 \ length xs2") - case True - from rpath_unique_oneside[OF assms this] show ?thesis . -next - case False - hence "length xs2 \ length xs1" by simp - from rpath_unique_oneside[OF assms(2,1) this] - show ?thesis by simp -qed - -text {* - The following lemma shows that the `independence` relation is symmetric. - It is an obvious auxiliary lemma which will be used later. -*} -lemma sym_indep: "indep r x y \ indep r y x" - by (unfold indep_def, auto) - -text {* - This is another `obvious` lemma about trees, which says trees rooted at - independent nodes are disjoint. -*} -lemma subtree_disjoint: - assumes "indep r x y" - shows "subtree r x \ subtree r y = {}" -proof - - { fix z x y xs1 xs2 xs3 - assume ind: "indep r x y" - and rp1: "rpath r z xs1 x" - and rp2: "rpath r z xs2 y" - and h: "xs2 = xs1 @ xs3" - have False - proof(cases "xs1 = []") - case True - from rp1[unfolded this] have "x = z" by auto - from rp2[folded this] rpath_star ind[unfolded indep_def] - show ?thesis by metis - next - case False - then obtain e es where eq_xs1: "xs1 = es@[e]" using rev_exhaust by blast - from rp2[unfolded h this] - have "rpath r z (es @ [e] @ xs3) y" by simp - thus ?thesis - proof(cases rule:rpath_appendE) - case 1 - have "e = x" using 1(1)[folded eq_xs1] rp1 rpath_dest_eq by metis - from rpath_star[OF 1(2)[unfolded this]] ind[unfolded indep_def] - show ?thesis by auto - qed - qed - } note my_rule = this - { fix z - assume h: "z \ subtree r x" "z \ subtree r y" - from h(1) have "(z, x) \ r^*" by (unfold subtree_def, auto) - then obtain xs1 where rp1: "rpath r z xs1 x" using star_rpath by metis - from h(2) have "(z, y) \ r^*" by (unfold subtree_def, auto) - then obtain xs2 where rp2: "rpath r z xs2 y" using star_rpath by metis - from rp1 rp2 - have False - by (cases, insert my_rule[OF sym_indep[OF assms(1)] rp2 rp1] - my_rule[OF assms(1) rp1 rp2], auto) - } thus ?thesis by auto -qed - -text {* - The following lemma @{text "subtree_del"} characterizes the change of sub-tree of - @{text "x"} with the removal of an inside edge @{text "(a, b)"}. - Note that, the case for the removal of an outside edge has already been dealt with - in lemma @{text "subtree_del_outside"}). - - This lemma is underpinned by the following two `obvious` facts: - \begin{enumearte} - \item - In graph @{text "r"}, for an inside edge @{text "(a,b) \ edges_in r x"}, - every node @{text "c"} in the sub-tree of @{text "a"} has a path - which goes first from @{text "c"} to @{text "a"}, then through edge @{text "(a, b)"}, and - finally reaches @{text "x"}. By the uniqueness of path in a tree, - all paths from sub-tree of @{text "a"} to @{text "x"} are such constructed, therefore - must go through @{text "(a, b)"}. The consequence is: with the removal of @{text "(a,b)"}, - all such paths will be broken. - - \item - On the other hand, all paths not originate from within the sub-tree of @{text "a"} - will not be affected by the removal of edge @{text "(a, b)"}. - The reason is simple: if the path is affected by the removal, it must - contain @{text "(a, b)"}, then it must originate from within the sub-tree of @{text "a"}. - \end{enumearte} -*} - -lemma subtree_del_inside: (* ddd *) - assumes "(a,b) \ edges_in r x" - shows "subtree (r - {(a, b)}) x = (subtree r x) - subtree r a" -proof - - from assms have asm: "b \ subtree r x" "(a, b) \ r" by (auto simp:edges_in_def) - -- {* The proof follows a common pattern to prove the equality of sets. *} - { -- {* The `left to right` direction. - *} - fix c - -- {* Assuming @{text "c"} is inside the sub-tree of @{text "x"} in the reduced graph *} - assume h: "c \ subtree (r - {(a, b)}) x" - -- {* We are going to show that @{text "c"} can not be in the sub-tree of @{text "a"} in - the original graph. *} - -- {* In other words, all nodes inside the sub-tree of @{text "a"} in the original - graph will be removed from the sub-tree of @{text "x"} in the reduced graph. *} - -- {* The reason, as analyzed before, is that all paths from within the - sub-tree of @{text "a"} are broken with the removal of edge @{text "(a,b)"}. - *} - have "c \ (subtree r x) - subtree r a" - proof - - let ?r' = "r - {(a, b)}" -- {* The reduced graph is abbreviated as @{text "?r'"} *} - from h have "(c, x) \ ?r'^*" by (auto simp:subtree_def) - -- {* Extract from the reduced graph the path @{text "xs"} from @{text "c"} to @{text "x"}. *} - then obtain xs where rp0: "rpath ?r' c xs x" by (rule star_rpath, auto) - -- {* It is easy to show @{text "xs"} is also a path in the original graph *} - hence rp1: "rpath r c xs x" - proof(rule rpath_transfer) - from rpath_edges_on[OF rp0] - show "edges_on (c # xs) \ r" by auto - qed - -- {* @{text "xs"} is used as the witness to show that @{text "c"} - in the sub-tree of @{text "x"} in the original graph. *} - hence "c \ subtree r x" - by (rule rpath_star[elim_format], auto simp:subtree_def) - -- {* The next step is to show that @{text "c"} can not be in the sub-tree of @{text "a"} - in the original graph. *} - -- {* We need to use the fact that all paths originate from within sub-tree of @{text "a"} - are broken. *} - moreover have "c \ subtree r a" - proof - -- {* Proof by contradiction, suppose otherwise *} - assume otherwise: "c \ subtree r a" - -- {* Then there is a path in original graph leading from @{text "c"} to @{text "a"} *} - obtain xs1 where rp_c: "rpath r c xs1 a" - proof - - from otherwise have "(c, a) \ r^*" by (auto simp:subtree_def) - thus ?thesis by (rule star_rpath, auto intro!:that) - qed - -- {* Starting from this path, we are going to construct a fictional - path from @{text "c"} to @{text "x"}, which, as explained before, - is broken, so that contradiction can be derived. *} - -- {* First, there is a path from @{text "b"} to @{text "x"} *} - obtain ys where rp_b: "rpath r b ys x" - proof - - from asm have "(b, x) \ r^*" by (auto simp:subtree_def) - thus ?thesis by (rule star_rpath, auto intro!:that) - qed - -- {* The paths @{text "xs1"} and @{text "ys"} can be - tied together using @{text "(a,b)"} to form a path - from @{text "c"} to @{text "x"}: *} - have "rpath r c (xs1 @ b # ys) x" - proof - - from rstepI[OF asm(2) rp_b] have "rpath r a (b # ys) x" . - from rpath_appendI[OF rp_c this] - show ?thesis . - qed - -- {* By the uniqueness of path between two nodes of a tree, we have: *} - from rpath_unique[OF rp1 this] have eq_xs: "xs = xs1 @ b # ys" . - -- {* Contradiction can be derived from from this fictional path . *} - show False - proof - - -- {* It can be shown that @{term "(a,b)"} is on this fictional path. *} - have "(a, b) \ edges_on (c#xs)" - proof(cases "xs1 = []") - case True - from rp_c[unfolded this] have "rpath r c [] a" . - hence eq_c: "c = a" by (rule rpath_nilE, simp) - hence "c#xs = a#xs" by simp - from this and eq_xs have "c#xs = a # xs1 @ b # ys" by simp - from this[unfolded True] have "c#xs = []@[a,b]@ys" by simp - thus ?thesis by (auto simp:edges_on_def) - next - case False - from rpath_nnl_lastE[OF rp_c this] - obtain xs' where "xs1 = xs'@[a]" by auto - from eq_xs[unfolded this] have "c#xs = (c#xs')@[a,b]@ys" by simp - thus ?thesis by (unfold edges_on_def, blast) - qed - -- {* It can also be shown that @{term "(a,b)"} is not on this fictional path. *} - moreover have "(a, b) \ edges_on (c#xs)" - using rpath_edges_on[OF rp0] by auto - -- {* Contradiction is thus derived. *} - ultimately show False by auto - qed - qed - ultimately show ?thesis by auto - qed - } moreover { - -- {* The `right to left` direction. - *} - fix c - -- {* Assuming that @{text "c"} is in the sub-tree of @{text "x"}, but - outside of the sub-tree of @{text "a"} in the original graph, *} - assume h: "c \ (subtree r x) - subtree r a" - -- {* we need to show that in the reduced graph, @{text "c"} is still in - the sub-tree of @{text "x"}. *} - have "c \ subtree (r - {(a, b)}) x" - proof - - -- {* The proof goes by showing that the path from @{text "c"} to @{text "x"} - in the original graph is not affected by the removal of @{text "(a,b)"}. - *} - from h have "(c, x) \ r^*" by (unfold subtree_def, auto) - -- {* Extract the path @{text "xs"} from @{text "c"} to @{text "x"} in the original graph. *} - from star_rpath[OF this] obtain xs where rp: "rpath r c xs x" by auto - -- {* Show that it is also a path in the reduced graph. *} - hence "rpath (r - {(a, b)}) c xs x" - -- {* The proof goes by using rule @{thm rpath_transfer} *} - proof(rule rpath_transfer) - -- {* We need to show all edges on the path are still in the reduced graph. *} - show "edges_on (c # xs) \ r - {(a, b)}" - proof - - -- {* It is easy to show that all the edges are in the original graph. *} - from rpath_edges_on [OF rp] have " edges_on (c # xs) \ r" . - -- {* The essential part is to show that @{text "(a, b)"} is not on the path. *} - moreover have "(a,b) \ edges_on (c#xs)" - proof - -- {* Proof by contradiction, suppose otherwise: *} - assume otherwise: "(a, b) \ edges_on (c#xs)" - -- {* Then @{text "(a, b)"} is in the middle of the path. - with @{text "l1"} and @{text "l2"} be the nodes in - the front and rear respectively. *} - then obtain l1 l2 where eq_xs: - "c#xs = l1 @ [a, b] @ l2" by (unfold edges_on_def, blast) - -- {* From this, it can be shown that @{text "c"} is - in the sub-tree of @{text "a"} *} - have "c \ subtree r a" - proof(cases "l1 = []") - case True - -- {* If @{text "l1"} is null, it can be derived that @{text "c = a"}. *} - with eq_xs have "c = a" by auto - -- {* So, @{text "c"} is obviously in the sub-tree of @{text "a"}. *} - thus ?thesis by (unfold subtree_def, auto) - next - case False - -- {* When @{text "l1"} is not null, it must have a tail @{text "es"}: *} - then obtain e es where "l1 = e#es" by (cases l1, auto) - -- {* The relation of this tail with @{text "xs"} is derived: *} - with eq_xs have "xs = es@[a,b]@l2" by auto - -- {* From this, a path from @{text "c"} to @{text "a"} is made visible: *} - from rp[unfolded this] have "rpath r c (es @ [a] @ (b#l2)) x" by simp - thus ?thesis - proof(cases rule:rpath_appendE) - -- {* The path from @{text "c"} to @{text "a"} is extraced - using @{thm "rpath_appendE"}: *} - case 1 - from rpath_star[OF this(1)] - -- {* The extracted path servers as a witness that @{text "c"} is - in the sub-tree of @{text "a"}: *} - show ?thesis by (simp add:subtree_def) - qed - qed with h show False by auto - qed ultimately show ?thesis by auto - qed - qed - -- {* From , it is shown that @{text "c"} is in the sub-tree of @{text "x"} - inthe reduced graph. *} - from rpath_star[OF this] show ?thesis by (auto simp:subtree_def) - qed - } - -- {* The equality of sets is derived from the two directions just proved. *} - ultimately show ?thesis by auto -qed - -lemma set_del_rootI: - assumes "r1 \ r" - and "a \ Domain r1" - shows "root (r - r1) a" -proof - - let ?r = "r - r1" - { fix a' - assume neq: "a' \ a" - have "a \ subtree ?r a'" - proof - assume "a \ subtree ?r a'" - hence "(a, a') \ ?r^*" by (auto simp:subtree_def) - from star_rpath[OF this] obtain xs - where rp: "rpath ?r a xs a'" by auto - from rpathE[OF this] and neq - obtain z zs where h: "(a, z) \ ?r" "rpath ?r z zs a'" "xs = z#zs" by auto - from assms(2) obtain z' where z'_in: "(a, z') \ r1" by (auto simp:DomainE) - with assms(1) have "(a, z') \ r" by auto - moreover from h(1) have "(a, z) \ r" by simp - ultimately have "z' = z" using sgv by (auto simp:single_valued_def) - from z'_in[unfolded this] and h(1) show False by auto - qed - } thus ?thesis by (intro rootI, auto) -qed - -lemma edge_del_no_rootI: - assumes "(a, b) \ r" - shows "root (r - {(a, b)}) a" - by (rule set_del_rootI, insert assms, auto) - -lemma ancestors_children_unique: - assumes "z1 \ ancestors r x \ children r y" - and "z2 \ ancestors r x \ children r y" - shows "z1 = z2" -proof - - from assms have h: - "(x, z1) \ r^+" "(z1, y) \ r" - "(x, z2) \ r^+" "(z2, y) \ r" - by (auto simp:ancestors_def children_def) - - -- {* From this, a path containing @{text "z1"} is obtained. *} - from plus_rpath[OF h(1)] obtain xs1 - where h1: "rpath r x xs1 z1" "xs1 \ []" by auto - from rpath_nnl_lastE[OF this] obtain xs1' where eq_xs1: "xs1 = xs1' @ [z1]" - by auto - from h(2) have h2: "rpath r z1 [y] y" by auto - from rpath_appendI[OF h1(1) h2, unfolded eq_xs1] - have rp1: "rpath r x (xs1' @ [z1, y]) y" by simp - - -- {* Then, another path containing @{text "z2"} is obtained. *} - from plus_rpath[OF h(3)] obtain xs2 - where h3: "rpath r x xs2 z2" "xs2 \ []" by auto - from rpath_nnl_lastE[OF this] obtain xs2' where eq_xs2: "xs2 = xs2' @ [z2]" - by auto - from h(4) have h4: "rpath r z2 [y] y" by auto - from rpath_appendI[OF h3(1) h4, unfolded eq_xs2] - have "rpath r x (xs2' @ [z2, y]) y" by simp - - -- {* Finally @{text "z1 = z2"} is proved by uniqueness of path. *} - from rpath_unique[OF rp1 this] - have "xs1' @ [z1, y] = xs2' @ [z2, y]" . - thus ?thesis by auto -qed - -lemma ancestors_childrenE: - assumes "y \ ancestors r x" - obtains "x \ children r y" - | z where "z \ ancestors r x \ children r y" -proof - - from assms(1) have "(x, y) \ r^+" by (auto simp:ancestors_def) - from tranclD2[OF this] obtain z where - h: "(x, z) \ r\<^sup>*" "(z, y) \ r" by auto - from h(1) - show ?thesis - proof(cases rule:rtranclE) - case base - from h(2)[folded this] have "x \ children r y" - by (auto simp:children_def) - thus ?thesis by (intro that, auto) - next - case (step u) - hence "z \ ancestors r x" by (auto simp:ancestors_def) - moreover from h(2) have "z \ children r y" - by (auto simp:children_def) - ultimately show ?thesis by (intro that, auto) - qed -qed - - -end (* of rtree *) - -lemma subtree_children: - "subtree r x = {x} \ (\ (subtree r ` (children r x)))" (is "?L = ?R") -proof - - { fix z - assume "z \ ?L" - hence "z \ ?R" - proof(cases rule:subtreeE[consumes 1]) - case 2 - hence "(z, x) \ r^+" by (auto simp:ancestors_def) - thus ?thesis - proof(rule tranclE) - assume "(z, x) \ r" - hence "z \ children r x" by (unfold children_def, auto) - moreover have "z \ subtree r z" by (auto simp:subtree_def) - ultimately show ?thesis by auto - next - fix c - assume h: "(z, c) \ r\<^sup>+" "(c, x) \ r" - hence "c \ children r x" by (auto simp:children_def) - moreover from h have "z \ subtree r c" by (auto simp:subtree_def) - ultimately show ?thesis by auto - qed - qed auto - } moreover { - fix z - assume h: "z \ ?R" - have "x \ subtree r x" by (auto simp:subtree_def) - moreover { - assume "z \ \(subtree r ` children r x)" - then obtain y where "(y, x) \ r" "(z, y) \ r^*" - by (auto simp:subtree_def children_def) - hence "(z, x) \ r^*" by auto - hence "z \ ?L" by (auto simp:subtree_def) - } ultimately have "z \ ?L" using h by auto - } ultimately show ?thesis by auto -qed - -context fsubtree -begin - -lemma finite_subtree: - shows "finite (subtree r x)" -proof(induct rule:wf_induct[OF wf]) - case (1 x) - have "finite (\(subtree r ` children r x))" - proof(rule finite_Union) - show "finite (subtree r ` children r x)" - proof(cases "children r x = {}") - case True - thus ?thesis by auto - next - case False - hence "x \ Range r" by (auto simp:children_def) - from fb[rule_format, OF this] - have "finite (children r x)" . - thus ?thesis by (rule finite_imageI) - qed - next - fix M - assume "M \ subtree r ` children r x" - then obtain y where h: "y \ children r x" "M = subtree r y" by auto - hence "(y, x) \ r" by (auto simp:children_def) - from 1[rule_format, OF this, folded h(2)] - show "finite M" . - qed - thus ?case - by (unfold subtree_children finite_Un, auto) -qed - -end - -definition "pairself f = (\(a, b). (f a, f b))" - -definition "rel_map f r = (pairself f ` r)" - -lemma rel_mapE: - assumes "(a, b) \ rel_map f r" - obtains c d - where "(c, d) \ r" "(a, b) = (f c, f d)" - using assms - by (unfold rel_map_def pairself_def, auto) - -lemma rel_mapI: - assumes "(a, b) \ r" - and "c = f a" - and "d = f b" - shows "(c, d) \ rel_map f r" - using assms - by (unfold rel_map_def pairself_def, auto) - -lemma map_appendE: - assumes "map f zs = xs @ ys" - obtains xs' ys' - where "zs = xs' @ ys'" "xs = map f xs'" "ys = map f ys'" -proof - - have "\ xs' ys'. zs = xs' @ ys' \ xs = map f xs' \ ys = map f ys'" - using assms - proof(induct xs arbitrary:zs ys) - case (Nil zs ys) - thus ?case by auto - next - case (Cons x xs zs ys) - note h = this - show ?case - proof(cases zs) - case (Cons e es) - with h have eq_x: "map f es = xs @ ys" "x = f e" by auto - from h(1)[OF this(1)] - obtain xs' ys' where "es = xs' @ ys'" "xs = map f xs'" "ys = map f ys'" - by blast - with Cons eq_x - have "zs = (e#xs') @ ys' \ x # xs = map f (e#xs') \ ys = map f ys'" by auto - thus ?thesis by metis - qed (insert h, auto) - qed - thus ?thesis by (auto intro!:that) -qed - -lemma rel_map_mono: - assumes "r1 \ r2" - shows "rel_map f r1 \ rel_map f r2" - using assms - by (auto simp:rel_map_def pairself_def) - -lemma rel_map_compose [simp]: - shows "rel_map f1 (rel_map f2 r) = rel_map (f1 o f2) r" - by (auto simp:rel_map_def pairself_def) - -lemma edges_on_map: "edges_on (map f xs) = rel_map f (edges_on xs)" -proof - - { fix a b - assume "(a, b) \ edges_on (map f xs)" - then obtain l1 l2 where eq_map: "map f xs = l1 @ [a, b] @ l2" - by (unfold edges_on_def, auto) - hence "(a, b) \ rel_map f (edges_on xs)" - by (auto elim!:map_appendE intro!:rel_mapI simp:edges_on_def) - } moreover { - fix a b - assume "(a, b) \ rel_map f (edges_on xs)" - then obtain c d where - h: "(c, d) \ edges_on xs" "(a, b) = (f c, f d)" - by (elim rel_mapE, auto) - then obtain l1 l2 where - eq_xs: "xs = l1 @ [c, d] @ l2" - by (auto simp:edges_on_def) - hence eq_map: "map f xs = map f l1 @ [f c, f d] @ map f l2" by auto - have "(a, b) \ edges_on (map f xs)" - proof - - from h(2) have "[f c, f d] = [a, b]" by simp - from eq_map[unfolded this] show ?thesis by (auto simp:edges_on_def) - qed - } ultimately show ?thesis by auto -qed - -lemma image_id: - assumes "\ x. x \ A \ f x = x" - shows "f ` A = A" - using assms by (auto simp:image_def) - -lemma rel_map_inv_id: - assumes "inj_on f ((Domain r) \ (Range r))" - shows "(rel_map (inv_into ((Domain r) \ (Range r)) f \ f) r) = r" -proof - - let ?f = "(inv_into (Domain r \ Range r) f \ f)" - { - fix a b - assume h0: "(a, b) \ r" - have "pairself ?f (a, b) = (a, b)" - proof - - from assms h0 have "?f a = a" by (auto intro:inv_into_f_f) - moreover have "?f b = b" - by (insert h0, simp, intro inv_into_f_f[OF assms], auto intro!:RangeI) - ultimately show ?thesis by (auto simp:pairself_def) - qed - } thus ?thesis by (unfold rel_map_def, intro image_id, case_tac x, auto) -qed - -lemma rel_map_acyclic: - assumes "acyclic r" - and "inj_on f ((Domain r) \ (Range r))" - shows "acyclic (rel_map f r)" -proof - - let ?D = "Domain r \ Range r" - { fix a - assume "(a, a) \ (rel_map f r)^+" - from plus_rpath[OF this] - obtain xs where rp: "rpath (rel_map f r) a xs a" "xs \ []" by auto - from rpath_nnl_lastE[OF this] obtain xs' where eq_xs: "xs = xs'@[a]" by auto - from rpath_edges_on[OF rp(1)] - have h: "edges_on (a # xs) \ rel_map f r" . - from edges_on_map[of "inv_into ?D f" "a#xs"] - have "edges_on (map (inv_into ?D f) (a # xs)) = rel_map (inv_into ?D f) (edges_on (a # xs))" . - with rel_map_mono[OF h, of "inv_into ?D f"] - have "edges_on (map (inv_into ?D f) (a # xs)) \ rel_map ((inv_into ?D f) o f) r" by simp - from this[unfolded eq_xs] - have subr: "edges_on (map (inv_into ?D f) (a # xs' @ [a])) \ rel_map (inv_into ?D f \ f) r" . - have "(map (inv_into ?D f) (a # xs' @ [a])) = (inv_into ?D f a) # map (inv_into ?D f) xs' @ [inv_into ?D f a]" - by simp - from edges_on_rpathI[OF subr[unfolded this]] - have "rpath (rel_map (inv_into ?D f \ f) r) - (inv_into ?D f a) (map (inv_into ?D f) xs' @ [inv_into ?D f a]) (inv_into ?D f a)" . - hence "(inv_into ?D f a, inv_into ?D f a) \ (rel_map (inv_into ?D f \ f) r)^+" - by (rule rpath_plus, simp) - moreover have "(rel_map (inv_into ?D f \ f) r) = r" by (rule rel_map_inv_id[OF assms(2)]) - moreover note assms(1) - ultimately have False by (unfold acyclic_def, auto) - } thus ?thesis by (auto simp:acyclic_def) -qed - -lemma relpow_mult: - "((r::'a rel) ^^ m) ^^ n = r ^^ (m*n)" -proof(induct n arbitrary:m) - case (Suc k m) - thus ?case - proof - - have h: "(m * k + m) = (m + m * k)" by auto - show ?thesis - apply (simp add:Suc relpow_add[symmetric]) - by (unfold h, simp) - qed -qed simp - -lemma compose_relpow_2: - assumes "r1 \ r" - and "r2 \ r" - shows "r1 O r2 \ r ^^ (2::nat)" -proof - - { fix a b - assume "(a, b) \ r1 O r2" - then obtain e where "(a, e) \ r1" "(e, b) \ r2" - by auto - with assms have "(a, e) \ r" "(e, b) \ r" by auto - hence "(a, b) \ r ^^ (Suc (Suc 0))" by auto - } thus ?thesis by (auto simp:numeral_2_eq_2) -qed - -lemma acyclic_compose: - assumes "acyclic r" - and "r1 \ r" - and "r2 \ r" - shows "acyclic (r1 O r2)" -proof - - { fix a - assume "(a, a) \ (r1 O r2)^+" - from trancl_mono[OF this compose_relpow_2[OF assms(2, 3)]] - have "(a, a) \ (r ^^ 2) ^+" . - from trancl_power[THEN iffD1, OF this] - obtain n where h: "(a, a) \ (r ^^ 2) ^^ n" "n > 0" by blast - from this(1)[unfolded relpow_mult] have h2: "(a, a) \ r ^^ (2 * n)" . - have "(a, a) \ r^+" - proof(cases rule:trancl_power[THEN iffD2]) - from h(2) h2 show "\n>0. (a, a) \ r ^^ n" - by (rule_tac x = "2*n" in exI, auto) - qed - with assms have "False" by (auto simp:acyclic_def) - } thus ?thesis by (auto simp:acyclic_def) -qed - -lemma children_compose_unfold: - "children (r1 O r2) x = \ (children r1 ` (children r2 x))" - by (auto simp:children_def) - -lemma fbranch_compose: - assumes "fbranch r1" - and "fbranch r2" - shows "fbranch (r1 O r2)" -proof - - { fix x - assume "x\Range (r1 O r2)" - then obtain y z where h: "(y, z) \ r1" "(z, x) \ r2" by auto - have "finite (children (r1 O r2) x)" - proof(unfold children_compose_unfold, rule finite_Union) - show "finite (children r1 ` children r2 x)" - proof(rule finite_imageI) - from h(2) have "x \ Range r2" by auto - from assms(2)[unfolded fbranch_def, rule_format, OF this] - show "finite (children r2 x)" . - qed - next - fix M - assume "M \ children r1 ` children r2 x" - then obtain y where h1: "y \ children r2 x" "M = children r1 y" by auto - show "finite M" - proof(cases "children r1 y = {}") - case True - with h1(2) show ?thesis by auto - next - case False - hence "y \ Range r1" by (unfold children_def, auto) - from assms(1)[unfolded fbranch_def, rule_format, OF this, folded h1(2)] - show ?thesis . - qed - qed - } thus ?thesis by (unfold fbranch_def, auto) -qed - -lemma finite_fbranchI: - assumes "finite r" - shows "fbranch r" -proof - - { fix x - assume "x \Range r" - have "finite (children r x)" - proof - - have "{y. (y, x) \ r} \ Domain r" by (auto) - from rev_finite_subset[OF finite_Domain[OF assms] this] - have "finite {y. (y, x) \ r}" . - thus ?thesis by (unfold children_def, simp) - qed - } thus ?thesis by (auto simp:fbranch_def) -qed - -lemma subset_fbranchI: - assumes "fbranch r1" - and "r2 \ r1" - shows "fbranch r2" -proof - - { fix x - assume "x \Range r2" - with assms(2) have "x \ Range r1" by auto - from assms(1)[unfolded fbranch_def, rule_format, OF this] - have "finite (children r1 x)" . - hence "finite (children r2 x)" - proof(rule rev_finite_subset) - from assms(2) - show "children r2 x \ children r1 x" by (auto simp:children_def) - qed - } thus ?thesis by (auto simp:fbranch_def) -qed - -lemma children_subtree: - shows "children r x \ subtree r x" - by (auto simp:children_def subtree_def) - -lemma children_union_kept: - assumes "x \ Range r'" - shows "children (r \ r') x = children r x" - using assms - by (auto simp:children_def) - -lemma wf_rbase: - assumes "wf r" - obtains b where "(b, a) \ r^*" "\ c. (c, b) \ r" -proof - - from assms - have "\ b. (b, a) \ r^* \ (\ c. (c, b) \ r)" - proof(induct) - case (less x) - thus ?case - proof(cases "\ z. (z, x) \ r") - case False - moreover have "(x, x) \ r^*" by auto - ultimately show ?thesis by metis - next - case True - then obtain z where h_z: "(z, x) \ r" by auto - from less[OF this] - obtain b where "(b, z) \ r^*" "(\c. (c, b) \ r)" - by auto - moreover from this(1) h_z have "(b, x) \ r^*" by auto - ultimately show ?thesis by metis - qed - qed - with that show ?thesis by metis -qed - -lemma wf_base: - assumes "wf r" - and "a \ Range r" - obtains b where "(b, a) \ r^+" "\ c. (c, b) \ r" -proof - - from assms(2) obtain a' where h_a: "(a', a) \ r" by auto - from wf_rbase[OF assms(1), of a] - obtain b where h_b: "(b, a) \ r\<^sup>*" "\c. (c, b) \ r" by auto - from rtranclD[OF this(1)] - have "b = a \ b \ a \ (b, a) \ r\<^sup>+" by auto - moreover have "b \ a" using h_a h_b(2) by auto - ultimately have "(b, a) \ r\<^sup>+" by auto - with h_b(2) and that show ?thesis by metis -qed - -end \ No newline at end of file