Imports

CLRS Section 18.3 - B-tree deletion specification

This section adds a first-pass deletion specification over the mathematical B-tree key-membership model. It deliberately stays at the set-membership layer: the operation filters the represented key list and later refinements can replace it with the full CLRS node-level borrow/merge algorithm.

Main results:

  • Theorem BTree.delete_preserves_model: specification deletion preserves the first-pass validity predicate.

  • Theorem BTree.delete_valid: direct validity-preservation wrapper for specification deletion.

  • Theorem BTree.delete_mem_iff: after deletion, membership is exactly membership of a key different from the deleted key.

  • Theorem BTree.delete_mem_iff_ne: the same membership specification using Prop-level key inequality.

  • Theorem BTree.delete_search_iff: searching after deletion succeeds exactly for old searchable keys different from the deleted key.

  • Theorem BTree.delete_search_iff_ne: the same successful-search specification using Prop-level key inequality.

  • Theorem BTree.delete_search_false_iff: searching after deletion fails exactly for the deleted key or keys that failed before.

  • Theorem BTree.delete_search_false_old: old unsuccessful searches remain unsuccessful after deletion.

  • Theorem BTree.delete_not_mem_iff: membership after deletion fails exactly for the deleted key or keys that were absent before.

  • Theorems BTree.delete_not_mem_old and BTree.delete_not_mem_of_eq: old absent keys and keys equal to the deleted key remain absent after deletion.

  • Theorems BTree.delete_not_mem and BTree.delete_search_deleted_false: the deleted key is absent and not searchable after deletion.

  • Theorem BTree.delete_search_false_of_eq: any query key equal to the deleted key is not searchable after deletion.

  • Theorems BTree.delete_mem_of_ne, BTree.delete_mem_of_ne_prop, BTree.delete_search_of_ne, and BTree.delete_search_of_ne_prop: old keys different from the deleted key remain present and searchable after deletion.

  • Theorems BTree.delete_search_of_mem_ne, BTree.delete_search_of_mem_ne_prop, and BTree.delete_search_false_of_not_mem: old membership and absence give direct post-deletion successful and failed searches.

Current gaps:

  • Node-level underflow repair, sibling borrowing, merging, and disk-page semantics remain strengthening targets.

namespace CLRSnamespace Chapter18namespace BTree

Specification-level B-tree deletion: remove all occurrences of a key.

def delete (x : Nat) (t : BTree) : BTree := node ((keysOf t).filter (fun y => y != x)) []

Specification deletion preserves the first-pass validity predicate.

theorem delete_preserves_model {minDegree x : Nat} {t : BTree} (hvalid : Valid minDegree t) : Valid minDegree (delete x t) :=

Specification deletion preserves validity under the direct operation name.

theorem delete_valid {minDegree x : Nat} {t : BTree} (hvalid : Valid minDegree t) : Valid minDegree (delete x t) :=

Specification deletion removes exactly the requested key from membership.

theorem delete_mem_iff (x y : Nat) (t : BTree) : mem y (delete x t) <-> y != x mem y t :=

Deletion membership succeeds exactly for old keys distinct from the deleted key.

exact , h.2 exact , h.2

The deleted key is absent after specification deletion.

Old keys different from the deleted key remain present after deletion.

Old keys with Prop-level inequality remain present after deletion.

Membership after deletion fails exactly for the deleted key or old absent keys.

Old absent keys remain absent after specification deletion.

Any key equal to the deleted key is absent after specification deletion.

Searching after deletion succeeds exactly for remaining old keys.

Searching after deletion succeeds exactly for old searchable keys distinct from the deleted key.

exact , h.2 exact , h.2

Searching for the deleted key fails after specification deletion.

theorem delete_search_deleted_false {minDegree x : Nat} {t : BTree} (hvalid : Valid minDegree t) : search x (delete x t) = false :=

Any key equal to the deleted key is not searchable after specification deletion.

Old searchable keys different from the deleted key remain searchable after deletion.

Old searchable keys with Prop-level inequality remain searchable after deletion.

Old members different from the deleted key are directly searchable after deletion.

theorem delete_search_of_mem_ne {minDegree x y : Nat} {t : BTree} (hvalid : Valid minDegree t) (hxy : (y != x) = true) (hy : mem y t) : search y (delete x t) = true :=

Old members with Prop-level inequality are directly searchable after deletion.

theorem delete_search_of_mem_ne_prop {minDegree x y : Nat} {t : BTree} (hvalid : Valid minDegree t) (hxy : y x) (hy : mem y t) : search y (delete x t) = true :=

Searching after deletion fails exactly for the deleted key or an old failed search.

Old unsuccessful searches remain unsuccessful after specification deletion.

Old absent keys are directly failed searches after specification deletion.

theorem delete_search_false_of_not_mem {minDegree x y : Nat} {t : BTree} (hvalid : Valid minDegree t) (hy : ¬ mem y t) : search y (delete x t) = false :=
end BTreeend Chapter18end CLRS