diff -r 0fd478e14e87 -r f1b39d77db00 RTree.thy --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/RTree.thy Thu Dec 03 14:34:29 2015 +0800 @@ -0,0 +1,958 @@ +theory RTree +imports "~~/src/HOL/Library/Transitive_Closure_Table" +begin + +section {* A theory of relational trees *} + +inductive_cases path_nilE [elim!]: "rtrancl_path r x [] y" +inductive_cases path_consE [elim!]: "rtrancl_path r x (z#zs) y" + +subsection {* Definitions *} + +text {* + In this theory, we are giving to give a notion of of `Relational Graph` and + its derived notion `Relational Tree`. Given a binary relation @{text "r"}, + the `Relational Graph of @{text "r"}` is the graph, the edges of which + are those in @{text "r"}. In this way, any binary relation can be viewed + as a `Relational Graph`. Note, this notion of graph includes infinite graphs. + + A `Relation Graph` @{text "r"} is said to be a `Relational Tree` if it is both + {\em single valued} and {\em acyclic}. +*} + +text {* + The following @{text "sgv"} specifies that relation @{text "r"} is {\em single valued}. +*} +locale sgv = + fixes r + assumes sgv: "single_valued r" + +text {* + The following @{text "rtree"} specifies that @{text "r"} is a + {\em Relational Tree}. +*} +locale rtree = sgv + + assumes acl: "acyclic r" + +text {* + The following two auxiliary functions @{text "rel_of"} and @{text "pred_of"} + transfer between the predicate and set representation of binary relations. +*} + +definition "rel_of r = {(x, y) | x y. r x y}" + +definition "pred_of r = (\ x y. (x, y) \ r)" + +text {* + To reason about {\em Relational Graph}, a notion of path is + needed, which is given by the following @{text "rpath"} (short + for `relational path`). + The path @{text "xs"} in proposition @{text "rpath r x xs y"} is + a path leading from @{text "x"} to @{text "y"}, which serves as a + witness of the fact @{text "(x, y) \ r^*"}. + + @{text "rpath"} + is simply a wrapper of the @{text "rtrancl_path"} defined in the imported + theory @{text "Transitive_Closure_Table"}, which defines + a notion of path for the predicate form of binary relations. +*} +definition "rpath r x xs y = rtrancl_path (pred_of r) x xs y" + +text {* + Given a path @{text "ps"}, @{text "edges_on ps"} is the + set of edges along the path, which is defined as follows: +*} + +definition "edges_on ps = {(a,b) | a b. \ xs ys. ps = xs@[a,b]@ys}" + +text {* + The following @{text "indep"} defines a notion of independence. + Two nodes @{text "x"} and @{text "y"} are said to be independent + (expressed as @{text "indep x y"}), if neither one is reachable + from the other in relational graph @{text "r"}. +*} +definition "indep r x y = (((x, y) \ r^*) \ ((y, x) \ r^*))" + +text {* + In relational tree @{text "r"}, the sub tree of node @{text "x"} is written + @{text "subtree r x"}, which is defined to be the set of nodes (including itself) + which can reach @{text "x"} by following some path in @{text "r"}: +*} + +definition "subtree r x = {y . (y, x) \ r^*}" + +text {* + The following @{text "edge_in r x"} is the set of edges + contained in the sub-tree of @{text "x"}, with @{text "r"} as the underlying graph. +*} + +definition "edges_in r x = {(a, b) | a b. (a, b) \ r \ b \ subtree r x}" + +text {* + The following lemma @{text "edges_in_meaning"} shows the intuitive meaning + of `an edge @{text "(a, b)"} is in the sub-tree of @{text "x"}`, + i.e., both @{text "a"} and @{text "b"} are in the sub-tree. +*} +lemma edges_in_meaning: + "edges_in r x = {(a, b) | a b. (a, b) \ r \ a \ subtree r x \ b \ subtree r x}" +proof - + { fix a b + assume h: "(a, b) \ r" "b \ subtree r x" + moreover have "a \ subtree r x" + proof - + from h(2)[unfolded subtree_def] have "(b, x) \ r^*" by simp + with h(1) have "(a, x) \ r^*" by auto + thus ?thesis by (auto simp:subtree_def) + qed + ultimately have "((a, b) \ r \ a \ subtree r x \ b \ subtree r x)" + by (auto) + } thus ?thesis by (auto simp:edges_in_def) +qed + +text {* + The following lemma shows the means of @{term "edges_in"} from the other side, + which says to for the edge @{text "(a,b)"} to be outside of the sub-tree of @{text "x"}, + it is sufficient if @{text "b"} is. +*} +lemma edges_in_refutation: + assumes "b \ subtree r x" + shows "(a, b) \ edges_in r x" + using assms by (unfold edges_in_def subtree_def, auto) + +subsection {* Auxiliary lemmas *} + +lemma index_minimize: + assumes "P (i::nat)" + obtains j where "P j" and "\ k < j. \ P k" +proof - + have "\ j. P j \ (\ k < j. \ P k)" + using assms + proof(induct i rule:less_induct) + case (less t) + show ?case + proof(cases "\ j < t. \ P j") + case True + with less (2) show ?thesis by blast + next + case False + then obtain j where "j < t" "P j" by auto + from less(1)[OF this] + show ?thesis . + qed + qed + with that show ?thesis by metis +qed + +subsection {* Properties of Relational Graphs and Relational Trees *} + +subsubsection {* Properties of @{text "rel_of"} and @{text "pred_of"} *} + +text {* The following lemmas establish bijectivity of the two functions *} + +lemma pred_rel_eq: "pred_of (rel_of r) = r" by (auto simp:rel_of_def pred_of_def) + +lemma rel_pred_eq: "rel_of (pred_of r) = r" by (auto simp:rel_of_def pred_of_def) + +lemma rel_of_star: "rel_of (r^**) = (rel_of r)^*" + by (unfold rel_of_def rtranclp_rtrancl_eq, auto) + +lemma pred_of_star: "pred_of (r^*) = (pred_of r)^**" +proof - + { fix x y + have "pred_of (r^*) x y = (pred_of r)^** x y" + by (unfold pred_of_def rtranclp_rtrancl_eq, auto) + } thus ?thesis by auto +qed + +lemma star_2_pstar: "(x, y) \ r^* = (pred_of (r^*)) x y" + by (simp add: pred_of_def) + +subsubsection {* Properties of @{text "rpath"} *} + +text {* Induction rule for @{text "rpath"}: *} + +print_statement rtrancl_path.induct + +lemma rpath_induct [consumes 1, case_names rbase rstep, induct pred: rpath]: + assumes "rpath r x1 x2 x3" + and "\x. P x [] x" + and "\x y ys z. (x, y) \ r \ rpath r y ys z \ P y ys z \ P x (y # ys) z" + shows "P x1 x2 x3" + using assms[unfolded rpath_def] + by (induct, auto simp:pred_of_def rpath_def) + +text {* Introduction rule for empty path *} +lemma rbaseI [intro!]: + assumes "x = y" + shows "rpath r x [] y" + by (unfold rpath_def assms, + rule Transitive_Closure_Table.rtrancl_path.base) + +text {* Introduction rule for non-empty path *} +lemma rstepI [intro!]: + assumes "(x, y) \ r" + and "rpath r y ys z" + shows "rpath r x (y#ys) z" +proof(unfold rpath_def, rule Transitive_Closure_Table.rtrancl_path.step) + from assms(1) show "pred_of r x y" by (auto simp:pred_of_def) +next + from assms(2) show "rtrancl_path (pred_of r) y ys z" + by (auto simp:pred_of_def rpath_def) +qed + +text {* Introduction rule for @{text "@"}-path *} +lemma rpath_appendI [intro]: + assumes "rpath r x xs a" and "rpath r a ys y" + shows "rpath r x (xs @ ys) y" + using assms + by (unfold rpath_def, auto intro:rtrancl_path_trans) + +text {* Elimination rule for empty path *} + +lemma rpath_cases [cases pred:rpath]: + assumes "rpath r a1 a2 a3" + obtains (rbase) "a1 = a3" and "a2 = []" + | (rstep) y :: "'a" and ys :: "'a list" + where "(a1, y) \ r" and "a2 = y # ys" and "rpath r y ys a3" + using assms [unfolded rpath_def] + by (cases, auto simp:rpath_def pred_of_def) + +lemma rpath_nilE [elim!, cases pred:rpath]: + assumes "rpath r x [] y" + obtains "y = x" + using assms[unfolded rpath_def] by auto + +-- {* This is a auxiliary lemmas used only in the proof of @{text "rpath_nnl_lastE"} *} +lemma rpath_nnl_last: + assumes "rtrancl_path r x xs y" + and "xs \ []" + obtains xs' where "xs = xs'@[y]" +proof - + from append_butlast_last_id[OF `xs \ []`, symmetric] + obtain xs' y' where eq_xs: "xs = (xs' @ y' # [])" by simp + with assms(1) + have "rtrancl_path r x ... y" by simp + hence "y = y'" by (rule rtrancl_path_appendE, auto) + with eq_xs have "xs = xs'@[y]" by simp + from that[OF this] show ?thesis . +qed + +text {* + Elimination rule for non-empty paths constructed with @{text "#"}. +*} + +lemma rpath_ConsE [elim!, cases pred:rpath]: + assumes "rpath r x (y # ys) x2" + obtains (rstep) "(x, y) \ r" and "rpath r y ys x2" + using assms[unfolded rpath_def] + by (cases, auto simp:rpath_def pred_of_def) + +text {* + Elimination rule for non-empty path, where the destination node + @{text "y"} is shown to be at the end of the path. +*} +lemma rpath_nnl_lastE: + assumes "rpath r x xs y" + and "xs \ []" + obtains xs' where "xs = xs'@[y]" + using assms[unfolded rpath_def] + by (rule rpath_nnl_last, auto) + +text {* Other elimination rules of @{text "rpath"} *} + +lemma rpath_appendE: + assumes "rpath r x (xs @ [a] @ ys) y" + obtains "rpath r x (xs @ [a]) a" and "rpath r a ys y" + using rtrancl_path_appendE[OF assms[unfolded rpath_def, simplified], folded rpath_def] + by auto + +lemma rpath_subE: + assumes "rpath r x (xs @ [a] @ ys @ [b] @ zs) y" + obtains "rpath r x (xs @ [a]) a" and "rpath r a (ys @ [b]) b" and "rpath r b zs y" + using assms + by (elim rpath_appendE, auto) + +text {* Every path has a unique end point. *} +lemma rpath_dest_eq: + assumes "rpath r x xs x1" + and "rpath r x xs x2" + shows "x1 = x2" + using assms + by (induct, auto) + +subsubsection {* Properites of @{text "edges_on"} *} + +lemma edges_on_len: + assumes "(a,b) \ edges_on l" + shows "length l \ 2" + using assms + by (unfold edges_on_def, auto) + +text {* Elimination of @{text "edges_on"} for non-empty path *} +lemma edges_on_consE [elim, cases set:edges_on]: + assumes "(a,b) \ edges_on (x#xs)" + obtains (head) xs' where "x = a" and "xs = b#xs'" + | (tail) "(a,b) \ edges_on xs" +proof - + from assms obtain l1 l2 + where h: "(x#xs) = l1 @ [a,b] @ l2" by (unfold edges_on_def, blast) + have "(\ xs'. x = a \ xs = b#xs') \ ((a,b) \ edges_on xs)" + proof(cases "l1") + case Nil with h + show ?thesis by auto + next + case (Cons e el) + from h[unfolded this] + have "xs = el @ [a,b] @ l2" by auto + thus ?thesis + by (unfold edges_on_def, auto) + qed + thus ?thesis + proof + assume "(\xs'. x = a \ xs = b # xs')" + then obtain xs' where "x = a" "xs = b#xs'" by blast + from that(1)[OF this] show ?thesis . + next + assume "(a, b) \ edges_on xs" + from that(2)[OF this] show ?thesis . + qed +qed + +text {* + Every edges on the path is a graph edges: +*} +lemma rpath_edges_on: + assumes "rpath r x xs y" + shows "(edges_on (x#xs)) \ r" + using assms +proof(induct arbitrary:y) + case (rbase x) + thus ?case by (unfold edges_on_def, auto) +next + case (rstep x y ys z) + show ?case + proof - + { fix a b + assume "(a, b) \ edges_on (x # y # ys)" + hence "(a, b) \ r" by (cases, insert rstep, auto) + } thus ?thesis by auto + qed +qed + +text {* @{text "edges_on"} is mono with respect to @{text "#"}-operation: *} +lemma edges_on_Cons_mono: + shows "edges_on xs \ edges_on (x#xs)" +proof - + { fix a b + assume "(a, b) \ edges_on xs" + then obtain l1 l2 where "xs = l1 @ [a,b] @ l2" + by (auto simp:edges_on_def) + hence "x # xs = (x#l1) @ [a, b] @ l2" by auto + hence "(a, b) \ edges_on (x#xs)" + by (unfold edges_on_def, blast) + } thus ?thesis by auto +qed + +text {* + The following rule @{text "rpath_transfer"} is used to show + that one path is intact as long as all the edges on it are intact + with the change of graph. + + If @{text "x#xs"} is path in graph @{text "r1"} and + every edges along the path is also in @{text "r2"}, + then @{text "x#xs"} is also a edge in graph @{text "r2"}: +*} + +lemma rpath_transfer: + assumes "rpath r1 x xs y" + and "edges_on (x#xs) \ r2" + shows "rpath r2 x xs y" + using assms +proof(induct) + case (rstep x y ys z) + show ?case + proof(rule rstepI) + show "(x, y) \ r2" + proof - + have "(x, y) \ edges_on (x # y # ys)" + by (unfold edges_on_def, auto) + with rstep(4) show ?thesis by auto + qed + next + show "rpath r2 y ys z" + using rstep edges_on_Cons_mono[of "y#ys" "x"] by (auto) + qed +qed (unfold rpath_def, auto intro!:Transitive_Closure_Table.rtrancl_path.base) + + +text {* + The following lemma extracts the path from @{text "x"} to @{text "y"} + from proposition @{text "(x, y) \ r^*"} +*} +lemma star_rpath: + assumes "(x, y) \ r^*" + obtains xs where "rpath r x xs y" +proof - + have "\ xs. rpath r x xs y" + proof(unfold rpath_def, rule iffD1[OF rtranclp_eq_rtrancl_path]) + from assms + show "(pred_of r)\<^sup>*\<^sup>* x y" + apply (fold pred_of_star) + by (auto simp:pred_of_def) + qed + from that and this show ?thesis by blast +qed + +text {* + The following lemma uses the path @{text "xs"} from @{text "x"} to @{text "y"} + as a witness to show @{text "(x, y) \ r^*"}. +*} +lemma rpath_star: + assumes "rpath r x xs y" + shows "(x, y) \ r^*" +proof - + from iffD2[OF rtranclp_eq_rtrancl_path] and assms[unfolded rpath_def] + have "(pred_of r)\<^sup>*\<^sup>* x y" by metis + thus ?thesis by (simp add: pred_of_star star_2_pstar) +qed + +text {* + The following lemmas establishes a relation from pathes in @{text "r"} + to @{text "r^+"} relation. +*} +lemma rpath_plus: + assumes "rpath r x xs y" + and "xs \ []" + shows "(x, y) \ r^+" +proof - + from assms(2) obtain e es where "xs = e#es" by (cases xs, auto) + from assms(1)[unfolded this] + show ?thesis + proof(cases) + case rstep + show ?thesis + proof - + from rpath_star[OF rstep(2)] have "(e, y) \ r\<^sup>*" . + with rstep(1) show "(x, y) \ r^+" by auto + qed + qed +qed + +subsubsection {* Properties of @{text "subtree"} *} + +text {* + @{text "subtree"} is mono with respect to the underlying graph. +*} +lemma subtree_mono: + assumes "r1 \ r2" + shows "subtree r1 x \ subtree r2 x" +proof + fix c + assume "c \ subtree r1 x" + hence "(c, x) \ r1^*" by (auto simp:subtree_def) + from star_rpath[OF this] obtain xs + where rp:"rpath r1 c xs x" by metis + hence "rpath r2 c xs x" + proof(rule rpath_transfer) + from rpath_edges_on[OF rp] have "edges_on (c # xs) \ r1" . + with assms show "edges_on (c # xs) \ r2" by auto + qed + thus "c \ subtree r2 x" + by (rule rpath_star[elim_format], auto simp:subtree_def) +qed + +text {* + The following lemma characterizes the change of sub-tree of @{text "x"} + with the removal of an outside edge @{text "(a,b)"}. + + Note that, according to lemma @{thm edges_in_refutation}, the assumption + @{term "b \ subtree r x"} amounts to saying @{text "(a, b)"} + is outside the sub-tree of @{text "x"}. +*} +lemma subtree_del_outside: (* ddd *) + assumes "b \ subtree r x" + shows "subtree (r - {(a, b)}) x = (subtree r x)" +proof - + { fix c + assume "c \ (subtree r x)" + hence "(c, x) \ r^*" by (auto simp:subtree_def) + hence "c \ subtree (r - {(a, b)}) x" + proof(rule star_rpath) + fix xs + assume rp: "rpath r c xs x" + show ?thesis + proof - + from rp + have "rpath (r - {(a, b)}) c xs x" + proof(rule rpath_transfer) + from rpath_edges_on[OF rp] have "edges_on (c # xs) \ r" . + moreover have "(a, b) \ edges_on (c#xs)" + proof + assume "(a, b) \ edges_on (c # xs)" + then obtain l1 l2 where h: "c#xs = l1@[a,b]@l2" by (auto simp:edges_on_def) + hence "tl (c#xs) = tl (l1@[a,b]@l2)" by simp + then obtain l1' where eq_xs_b: "xs = l1'@[b]@l2" by (cases l1, auto) + from rp[unfolded this] + show False + proof(rule rpath_appendE) + assume "rpath r b l2 x" + thus ?thesis + by(rule rpath_star[elim_format], insert assms(1), auto simp:subtree_def) + qed + qed + ultimately show "edges_on (c # xs) \ r - {(a,b)}" by auto + qed + thus ?thesis by (rule rpath_star[elim_format], auto simp:subtree_def) + qed + qed + } moreover { + fix c + assume "c \ subtree (r - {(a, b)}) x" + moreover have "... \ (subtree r x)" by (rule subtree_mono, auto) + ultimately have "c \ (subtree r x)" by auto + } ultimately show ?thesis by auto +qed + +lemma subtree_insert_ext: + assumes "b \ subtree r x" + shows "subtree (r \ {(a, b)}) x = (subtree r x) \ (subtree r a)" + using assms by (auto simp:subtree_def rtrancl_insert) + +lemma subtree_insert_next: + assumes "b \ subtree r x" + shows "subtree (r \ {(a, b)}) x = (subtree r x)" + using assms + by (auto simp:subtree_def rtrancl_insert) + +subsubsection {* Properties about relational trees *} + +context rtree +begin + +lemma rpath_overlap_oneside: (* ddd *) + assumes "rpath r x xs1 x1" + and "rpath r x xs2 x2" + and "length xs1 \ length xs2" + obtains xs3 where "xs2 = xs1 @ xs3" +proof(cases "xs1 = []") + case True + with that show ?thesis by auto +next + case False + have "\ i \ length xs1. take i xs1 = take i xs2" + proof - + { assume "\ (\ i \ length xs1. take i xs1 = take i xs2)" + then obtain i where "i \ length xs1 \ take i xs1 \ take i xs2" by auto + from this(1) have "False" + proof(rule index_minimize) + fix j + assume h1: "j \ length xs1 \ take j xs1 \ take j xs2" + and h2: " \k (k \ length xs1 \ take k xs1 \ take k xs2)" + -- {* @{text "j - 1"} is the branch point between @{text "xs1"} and @{text "xs2"} *} + let ?idx = "j - 1" + -- {* A number of inequalities concerning @{text "j - 1"} are derived first *} + have lt_i: "?idx < length xs1" using False h1 + by (metis Suc_diff_1 le_neq_implies_less length_greater_0_conv lessI less_imp_diff_less) + have lt_i': "?idx < length xs2" using lt_i and assms(3) by auto + have lt_j: "?idx < j" using h1 by (cases j, auto) + -- {* From thesis inequalities, a number of equations concerning @{text "xs1"} + and @{text "xs2"} are derived *} + have eq_take: "take ?idx xs1 = take ?idx xs2" + using h2[rule_format, OF lt_j] and h1 by auto + have eq_xs1: " xs1 = take ?idx xs1 @ xs1 ! (?idx) # drop (Suc (?idx)) xs1" + using id_take_nth_drop[OF lt_i] . + have eq_xs2: "xs2 = take ?idx xs2 @ xs2 ! (?idx) # drop (Suc (?idx)) xs2" + using id_take_nth_drop[OF lt_i'] . + -- {* The branch point along the path is finally pinpointed *} + have neq_idx: "xs1!?idx \ xs2!?idx" + proof - + have "take j xs1 = take ?idx xs1 @ [xs1 ! ?idx]" + using eq_xs1 Suc_diff_1 lt_i lt_j take_Suc_conv_app_nth by fastforce + moreover have eq_tk2: "take j xs2 = take ?idx xs2 @ [xs2 ! ?idx]" + using Suc_diff_1 lt_i' lt_j take_Suc_conv_app_nth by fastforce + ultimately show ?thesis using eq_take h1 by auto + qed + show ?thesis + proof(cases " take (j - 1) xs1 = []") + case True + have "(x, xs1!?idx) \ r" + proof - + from eq_xs1[unfolded True, simplified, symmetric] assms(1) + have "rpath r x ( xs1 ! ?idx # drop (Suc ?idx) xs1) x1" by simp + from this[unfolded rpath_def] + show ?thesis by (auto simp:pred_of_def) + qed + moreover have "(x, xs2!?idx) \ r" + proof - + from eq_xs2[folded eq_take, unfolded True, simplified, symmetric] assms(2) + have "rpath r x ( xs2 ! ?idx # drop (Suc ?idx) xs2) x2" by simp + from this[unfolded rpath_def] + show ?thesis by (auto simp:pred_of_def) + qed + ultimately show ?thesis using neq_idx sgv[unfolded single_valued_def] by metis + next + case False + then obtain e es where eq_es: "take ?idx xs1 = es@[e]" + using rev_exhaust by blast + have "(e, xs1!?idx) \ r" + proof - + from eq_xs1[unfolded eq_es] + have "xs1 = es@[e, xs1!?idx]@drop (Suc ?idx) xs1" by simp + hence "(e, xs1!?idx) \ edges_on xs1" by (simp add:edges_on_def, metis) + with rpath_edges_on[OF assms(1)] edges_on_Cons_mono[of xs1 x] + show ?thesis by auto + qed moreover have "(e, xs2!?idx) \ r" + proof - + from eq_xs2[folded eq_take, unfolded eq_es] + have "xs2 = es@[e, xs2!?idx]@drop (Suc ?idx) xs2" by simp + hence "(e, xs2!?idx) \ edges_on xs2" by (simp add:edges_on_def, metis) + with rpath_edges_on[OF assms(2)] edges_on_Cons_mono[of xs2 x] + show ?thesis by auto + qed + ultimately show ?thesis + using sgv[unfolded single_valued_def] neq_idx by metis + qed + qed + } thus ?thesis by auto + qed + from this[rule_format, of "length xs1"] + have "take (length xs1) xs1 = take (length xs1) xs2" by simp + moreover have "xs2 = take (length xs1) xs2 @ drop (length xs1) xs2" by simp + ultimately have "xs2 = xs1 @ drop (length xs1) xs2" by auto + from that[OF this] show ?thesis . +qed + +lemma rpath_overlap [consumes 2, cases pred:rpath]: + assumes "rpath r x xs1 x1" + and "rpath r x xs2 x2" + obtains (less_1) xs3 where "xs2 = xs1 @ xs3" + | (less_2) xs3 where "xs1 = xs2 @ xs3" +proof - + have "length xs1 \ length xs2 \ length xs2 \ length xs1" by auto + with assms rpath_overlap_oneside that show ?thesis by metis +qed + +text {* + As a corollary of @{thm "rpath_overlap_oneside"}, + the following two lemmas gives one important property of relation tree, + i.e. there is at most one path between any two nodes. + Similar to the proof of @{thm rpath_overlap}, we starts with + the one side version first. +*} + +lemma rpath_unique_oneside: + assumes "rpath r x xs1 y" + and "rpath r x xs2 y" + and "length xs1 \ length xs2" + shows "xs1 = xs2" +proof - + from rpath_overlap_oneside[OF assms] + obtain xs3 where less_1: "xs2 = xs1 @ xs3" by blast + show ?thesis + proof(cases "xs3 = []") + case True + from less_1[unfolded this] show ?thesis by simp + next + case False + note FalseH = this + show ?thesis + proof(cases "xs1 = []") + case True + have "(x, x) \ r^+" + proof(rule rpath_plus) + from assms(1)[unfolded True] + have "y = x" by (cases rule:rpath_nilE, simp) + from assms(2)[unfolded this] show "rpath r x xs2 x" . + next + from less_1 and False show "xs2 \ []" by simp + qed + with acl show ?thesis by (unfold acyclic_def, auto) + next + case False + then obtain e es where eq_xs1: "xs1 = es@[e]" using rev_exhaust by auto + from assms(2)[unfolded less_1 this] + have "rpath r x (es @ [e] @ xs3) y" by simp + thus ?thesis + proof(cases rule:rpath_appendE) + case 1 + from rpath_dest_eq [OF 1(1)[folded eq_xs1] assms(1)] + have "e = y" . + from rpath_plus [OF 1(2)[unfolded this] FalseH] + have "(y, y) \ r^+" . + with acl show ?thesis by (unfold acyclic_def, auto) + qed + qed + qed +qed + +text {* + The following is the full version of path uniqueness. +*} +lemma rpath_unique: + assumes "rpath r x xs1 y" + and "rpath r x xs2 y" + shows "xs1 = xs2" +proof(cases "length xs1 \ length xs2") + case True + from rpath_unique_oneside[OF assms this] show ?thesis . +next + case False + hence "length xs2 \ length xs1" by simp + from rpath_unique_oneside[OF assms(2,1) this] + show ?thesis by simp +qed + +text {* + The following lemma shows that the `independence` relation is symmetric. + It is an obvious auxiliary lemma which will be used later. +*} +lemma sym_indep: "indep r x y \ indep r y x" + by (unfold indep_def, auto) + +text {* + This is another `obvious` lemma about trees, which says trees rooted at + independent nodes are disjoint. +*} +lemma subtree_disjoint: + assumes "indep r x y" + shows "subtree r x \ subtree r y = {}" +proof - + { fix z x y xs1 xs2 xs3 + assume ind: "indep r x y" + and rp1: "rpath r z xs1 x" + and rp2: "rpath r z xs2 y" + and h: "xs2 = xs1 @ xs3" + have False + proof(cases "xs1 = []") + case True + from rp1[unfolded this] have "x = z" by auto + from rp2[folded this] rpath_star ind[unfolded indep_def] + show ?thesis by metis + next + case False + then obtain e es where eq_xs1: "xs1 = es@[e]" using rev_exhaust by blast + from rp2[unfolded h this] + have "rpath r z (es @ [e] @ xs3) y" by simp + thus ?thesis + proof(cases rule:rpath_appendE) + case 1 + have "e = x" using 1(1)[folded eq_xs1] rp1 rpath_dest_eq by metis + from rpath_star[OF 1(2)[unfolded this]] ind[unfolded indep_def] + show ?thesis by auto + qed + qed + } note my_rule = this + { fix z + assume h: "z \ subtree r x" "z \ subtree r y" + from h(1) have "(z, x) \ r^*" by (unfold subtree_def, auto) + then obtain xs1 where rp1: "rpath r z xs1 x" using star_rpath by metis + from h(2) have "(z, y) \ r^*" by (unfold subtree_def, auto) + then obtain xs2 where rp2: "rpath r z xs2 y" using star_rpath by metis + from rp1 rp2 + have False + by (cases, insert my_rule[OF sym_indep[OF assms(1)] rp2 rp1] + my_rule[OF assms(1) rp1 rp2], auto) + } thus ?thesis by auto +qed + +text {* + The following lemma @{text "subtree_del"} characterizes the change of sub-tree of + @{text "x"} with the removal of an inside edge @{text "(a, b)"}. + Note that, the case for the removal of an outside edge has already been dealt with + in lemma @{text "subtree_del_outside"}). + + This lemma is underpinned by the following two `obvious` facts: + \begin{enumearte} + \item + In graph @{text "r"}, for an inside edge @{text "(a,b) \ edges_in r x"}, + every node @{text "c"} in the sub-tree of @{text "a"} has a path + which goes first from @{text "c"} to @{text "a"}, then through edge @{text "(a, b)"}, and + finally reaches @{text "x"}. By the uniqueness of path in a tree, + all paths from sub-tree of @{text "a"} to @{text "x"} are such constructed, therefore + must go through @{text "(a, b)"}. The consequence is: with the removal of @{text "(a,b)"}, + all such paths will be broken. + + \item + On the other hand, all paths not originate from within the sub-tree of @{text "a"} + will not be affected by the removal of edge @{text "(a, b)"}. + The reason is simple: if the path is affected by the removal, it must + contain @{text "(a, b)"}, then it must originate from within the sub-tree of @{text "a"}. + \end{enumearte} +*} + +lemma subtree_del_inside: (* ddd *) + assumes "(a,b) \ edges_in r x" + shows "subtree (r - {(a, b)}) x = (subtree r x) - subtree r a" +proof - + from assms have asm: "b \ subtree r x" "(a, b) \ r" by (auto simp:edges_in_def) + -- {* The proof follows a common pattern to prove the equality of sets. *} + { -- {* The `left to right` direction. + *} + fix c + -- {* Assuming @{text "c"} is inside the sub-tree of @{text "x"} in the reduced graph *} + assume h: "c \ subtree (r - {(a, b)}) x" + -- {* We are going to show that @{text "c"} can not be in the sub-tree of @{text "a"} in + the original graph. *} + -- {* In other words, all nodes inside the sub-tree of @{text "a"} in the original + graph will be removed from the sub-tree of @{text "x"} in the reduced graph. *} + -- {* The reason, as analyzed before, is that all paths from within the + sub-tree of @{text "a"} are broken with the removal of edge @{text "(a,b)"}. + *} + have "c \ (subtree r x) - subtree r a" + proof - + let ?r' = "r - {(a, b)}" -- {* The reduced graph is abbreviated as @{text "?r'"} *} + from h have "(c, x) \ ?r'^*" by (auto simp:subtree_def) + -- {* Extract from the reduced graph the path @{text "xs"} from @{text "c"} to @{text "x"}. *} + then obtain xs where rp0: "rpath ?r' c xs x" by (rule star_rpath, auto) + -- {* It is easy to show @{text "xs"} is also a path in the original graph *} + hence rp1: "rpath r c xs x" + proof(rule rpath_transfer) + from rpath_edges_on[OF rp0] + show "edges_on (c # xs) \ r" by auto + qed + -- {* @{text "xs"} is used as the witness to show that @{text "c"} + in the sub-tree of @{text "x"} in the original graph. *} + hence "c \ subtree r x" + by (rule rpath_star[elim_format], auto simp:subtree_def) + -- {* The next step is to show that @{text "c"} can not be in the sub-tree of @{text "a"} + in the original graph. *} + -- {* We need to use the fact that all paths originate from within sub-tree of @{text "a"} + are broken. *} + moreover have "c \ subtree r a" + proof + -- {* Proof by contradiction, suppose otherwise *} + assume otherwise: "c \ subtree r a" + -- {* Then there is a path in original graph leading from @{text "c"} to @{text "a"} *} + obtain xs1 where rp_c: "rpath r c xs1 a" + proof - + from otherwise have "(c, a) \ r^*" by (auto simp:subtree_def) + thus ?thesis by (rule star_rpath, auto intro!:that) + qed + -- {* Starting from this path, we are going to construct a fictional + path from @{text "c"} to @{text "x"}, which, as explained before, + is broken, so that contradiction can be derived. *} + -- {* First, there is a path from @{text "b"} to @{text "x"} *} + obtain ys where rp_b: "rpath r b ys x" + proof - + from asm have "(b, x) \ r^*" by (auto simp:subtree_def) + thus ?thesis by (rule star_rpath, auto intro!:that) + qed + -- {* The paths @{text "xs1"} and @{text "ys"} can be + tied together using @{text "(a,b)"} to form a path + from @{text "c"} to @{text "x"}: *} + have "rpath r c (xs1 @ b # ys) x" + proof - + from rstepI[OF asm(2) rp_b] have "rpath r a (b # ys) x" . + from rpath_appendI[OF rp_c this] + show ?thesis . + qed + -- {* By the uniqueness of path between two nodes of a tree, we have: *} + from rpath_unique[OF rp1 this] have eq_xs: "xs = xs1 @ b # ys" . + -- {* Contradiction can be derived from from this fictional path . *} + show False + proof - + -- {* It can be shown that @{term "(a,b)"} is on this fictional path. *} + have "(a, b) \ edges_on (c#xs)" + proof(cases "xs1 = []") + case True + from rp_c[unfolded this] have "rpath r c [] a" . + hence eq_c: "c = a" by (rule rpath_nilE, simp) + hence "c#xs = a#xs" by simp + from this and eq_xs have "c#xs = a # xs1 @ b # ys" by simp + from this[unfolded True] have "c#xs = []@[a,b]@ys" by simp + thus ?thesis by (auto simp:edges_on_def) + next + case False + from rpath_nnl_lastE[OF rp_c this] + obtain xs' where "xs1 = xs'@[a]" by auto + from eq_xs[unfolded this] have "c#xs = (c#xs')@[a,b]@ys" by simp + thus ?thesis by (unfold edges_on_def, blast) + qed + -- {* It can also be shown that @{term "(a,b)"} is not on this fictional path. *} + moreover have "(a, b) \ edges_on (c#xs)" + using rpath_edges_on[OF rp0] by auto + -- {* Contradiction is thus derived. *} + ultimately show False by auto + qed + qed + ultimately show ?thesis by auto + qed + } moreover { + -- {* The `right to left` direction. + *} + fix c + -- {* Assuming that @{text "c"} is in the sub-tree of @{text "x"}, but + outside of the sub-tree of @{text "a"} in the original graph, *} + assume h: "c \ (subtree r x) - subtree r a" + -- {* we need to show that in the reduced graph, @{text "c"} is still in + the sub-tree of @{text "x"}. *} + have "c \ subtree (r - {(a, b)}) x" + proof - + -- {* The proof goes by showing that the path from @{text "c"} to @{text "x"} + in the original graph is not affected by the removal of @{text "(a,b)"}. + *} + from h have "(c, x) \ r^*" by (unfold subtree_def, auto) + -- {* Extract the path @{text "xs"} from @{text "c"} to @{text "x"} in the original graph. *} + from star_rpath[OF this] obtain xs where rp: "rpath r c xs x" by auto + -- {* Show that it is also a path in the reduced graph. *} + hence "rpath (r - {(a, b)}) c xs x" + -- {* The proof goes by using rule @{thm rpath_transfer} *} + proof(rule rpath_transfer) + -- {* We need to show all edges on the path are still in the reduced graph. *} + show "edges_on (c # xs) \ r - {(a, b)}" + proof - + -- {* It is easy to show that all the edges are in the original graph. *} + from rpath_edges_on [OF rp] have " edges_on (c # xs) \ r" . + -- {* The essential part is to show that @{text "(a, b)"} is not on the path. *} + moreover have "(a,b) \ edges_on (c#xs)" + proof + -- {* Proof by contradiction, suppose otherwise: *} + assume otherwise: "(a, b) \ edges_on (c#xs)" + -- {* Then @{text "(a, b)"} is in the middle of the path. + with @{text "l1"} and @{text "l2"} be the nodes in + the front and rear respectively. *} + then obtain l1 l2 where eq_xs: + "c#xs = l1 @ [a, b] @ l2" by (unfold edges_on_def, blast) + -- {* From this, it can be shown that @{text "c"} is + in the sub-tree of @{text "a"} *} + have "c \ subtree r a" + proof(cases "l1 = []") + case True + -- {* If @{text "l1"} is null, it can be derived that @{text "c = a"}. *} + with eq_xs have "c = a" by auto + -- {* So, @{text "c"} is obviously in the sub-tree of @{text "a"}. *} + thus ?thesis by (unfold subtree_def, auto) + next + case False + -- {* When @{text "l1"} is not null, it must have a tail @{text "es"}: *} + then obtain e es where "l1 = e#es" by (cases l1, auto) + -- {* The relation of this tail with @{text "xs"} is derived: *} + with eq_xs have "xs = es@[a,b]@l2" by auto + -- {* From this, a path from @{text "c"} to @{text "a"} is made visible: *} + from rp[unfolded this] have "rpath r c (es @ [a] @ (b#l2)) x" by simp + thus ?thesis + proof(cases rule:rpath_appendE) + -- {* The path from @{text "c"} to @{text "a"} is extraced + using @{thm "rpath_appendE"}: *} + case 1 + from rpath_star[OF this(1)] + -- {* The extracted path servers as a witness that @{text "c"} is + in the sub-tree of @{text "a"}: *} + show ?thesis by (simp add:subtree_def) + qed + qed with h show False by auto + qed ultimately show ?thesis by auto + qed + qed + -- {* From , it is shown that @{text "c"} is in the sub-tree of @{text "x"} + inthe reduced graph. *} + from rpath_star[OF this] show ?thesis by (auto simp:subtree_def) + qed + } + -- {* The equality of sets is derived from the two directions just proved. *} + ultimately show ?thesis by auto +qed + +end + +end \ No newline at end of file