Imports

CLRS Section 20.2 - van Emde Boas tree specification

This first-pass section represents a van Emde Boas tree by the finite set of keys it contains, together with a universe bound. The model gives precise query/update specifications before introducing recursive summary and cluster storage.

Main results:

  • Theorem VEB.member_correct: membership queries match the represented set.

  • Theorems VEB.minimum_correct and VEB.maximum_correct: returned extrema are represented keys with the expected order property.

  • Theorems VEB.minimum_mem, VEB.minimum_le, VEB.maximum_mem, and VEB.le_maximum: direct membership and lower/upper-bound corollaries for returned extrema.

  • Theorems VEB.member_lt_univ, VEB.minimum_lt_univ, VEB.maximum_lt_univ, VEB.successor_lt_univ, and VEB.predecessor_lt_univ: successful queries return keys inside the represented universe.

  • Theorems VEB.minimum_none_iff and VEB.maximum_none_iff: extrema queries return no key exactly when the represented set is empty.

  • Theorem VEB.successor_correct: a returned successor is represented, greater than the query, and no larger than any represented greater key.

  • Theorems VEB.successor_mem, VEB.successor_gt, VEB.successor_le, VEB.predecessor_mem, VEB.predecessor_lt, and VEB.le_predecessor: direct membership and order corollaries for returned neighbors.

  • Theorem VEB.successor_none_iff: no successor is returned exactly when no represented key is greater than the query.

  • Theorem VEB.predecessor_correct: a returned predecessor is represented, less than the query, and no smaller than any represented smaller key.

  • Theorem VEB.predecessor_none_iff: no predecessor is returned exactly when no represented key is smaller than the query.

  • Theorems VEB.insert_correct and VEB.delete_correct: updates match finite-set insertion and deletion.

  • Theorems VEB.insert_member_iff and VEB.delete_member_iff: membership queries after updates match the expected finite-set update.

  • Theorems VEB.insert_member_self, VEB.insert_member_old, VEB.delete_member_deleted_false, and VEB.delete_member_of_ne: direct member-query corollaries for the updated key and preserved old keys after insertion and deletion.

  • Theorems VEB.insert_member_false_iff and VEB.delete_member_false_iff: exact failed member-query specifications after insertion and deletion.

  • Theorems VEB.insert_member_false_of_ne, VEB.delete_member_false_old, and VEB.delete_member_false_of_eq: direct failed member-query preservation wrappers after insertion and deletion.

  • Theorems VEB.insert_minimum_correct, VEB.insert_maximum_correct, VEB.delete_minimum_correct, and VEB.delete_maximum_correct: extrema returned after updates are exactly extrema of the updated finite set.

  • Theorems VEB.insert_minimum_mem, VEB.insert_minimum_mem_old_of_ne, VEB.insert_minimum_le_inserted, VEB.insert_minimum_le_old, VEB.insert_maximum_mem, VEB.insert_maximum_mem_old_of_ne, VEB.insert_maximum_inserted_le, and VEB.insert_maximum_old_le: direct membership and order corollaries for extrema returned after insertion, including old-key membership when the returned extremum is not the inserted key.

  • Theorems VEB.delete_minimum_ne, VEB.delete_minimum_mem, VEB.delete_minimum_le_old, VEB.delete_maximum_ne, VEB.delete_maximum_mem, and VEB.delete_maximum_old_le: direct membership and order corollaries for extrema returned after deletion.

  • Theorems VEB.insert_minimum_none_iff, VEB.insert_maximum_none_iff, VEB.delete_minimum_none_iff, and VEB.delete_maximum_none_iff: empty extrema results after updates match whether the updated finite set is empty.

  • Theorems VEB.minimum_none_of_empty, VEB.maximum_none_of_empty, VEB.insert_minimum_ne_none, VEB.insert_maximum_ne_none, VEB.delete_minimum_none_of_all_eq, and VEB.delete_maximum_none_of_all_eq: direct extrema empty-result wrappers for base and updated trees.

  • Theorems VEB.minimum_ne_none_of_nonempty and VEB.maximum_ne_none_of_nonempty: direct nonempty-result wrappers for base extrema queries.

  • Theorems VEB.delete_minimum_ne_none_of_remaining and VEB.delete_maximum_ne_none_of_remaining: direct nonempty-result wrappers for extrema queries after deletion leaves a remaining old key.

  • Theorems VEB.insert_successor_correct, VEB.insert_predecessor_correct, VEB.delete_successor_correct, and VEB.delete_predecessor_correct: successor and predecessor queries after updates are extrema of the updated filtered finite set.

  • Theorems VEB.insert_successor_mem, VEB.insert_successor_mem_old_of_ne, VEB.insert_successor_gt, VEB.insert_successor_le, VEB.insert_predecessor_mem, VEB.insert_predecessor_mem_old_of_ne, VEB.insert_predecessor_lt, and VEB.insert_le_predecessor: direct membership and order corollaries for returned neighbors after insertion, including old-key membership when the returned neighbor is not the inserted key.

  • Theorems VEB.delete_successor_mem, VEB.delete_successor_gt, VEB.delete_successor_le, VEB.delete_predecessor_mem, VEB.delete_predecessor_lt, and VEB.delete_le_predecessor: direct membership and order corollaries for returned neighbors after deletion.

  • Theorems VEB.insert_member_lt_univ, VEB.insert_minimum_lt_univ, VEB.insert_maximum_lt_univ, VEB.insert_successor_lt_univ, VEB.insert_predecessor_lt_univ, VEB.delete_member_lt_univ, VEB.delete_minimum_lt_univ, VEB.delete_maximum_lt_univ, VEB.delete_successor_lt_univ, and VEB.delete_predecessor_lt_univ: successful queries after updates still return keys inside the represented universe.

  • Theorems VEB.insert_successor_none_iff, VEB.insert_predecessor_none_iff, VEB.delete_successor_none_iff, and VEB.delete_predecessor_none_iff: no-neighbor query results after updates match the absence of updated keys on the corresponding side.

  • Theorems VEB.successor_none_of_no_gt, VEB.predecessor_none_of_no_lt, VEB.insert_successor_none_of_no_gt, VEB.insert_predecessor_none_of_no_lt, VEB.delete_successor_none_of_no_gt, and VEB.delete_predecessor_none_of_no_lt: direct no-neighbor query wrappers for base and updated trees.

  • Theorems VEB.successor_ne_none_of_exists_gt and VEB.predecessor_ne_none_of_exists_lt: direct existing-neighbor wrappers for base successor and predecessor queries.

  • Theorems VEB.insert_successor_ne_none_of_insert_gt, VEB.insert_successor_ne_none_of_old_gt, VEB.insert_predecessor_ne_none_of_insert_lt, VEB.insert_predecessor_ne_none_of_old_lt, VEB.delete_successor_ne_none_of_remaining_gt, and VEB.delete_predecessor_ne_none_of_remaining_lt: direct existing-neighbor wrappers for updated successor and predecessor queries.

  • Theorems VEB.insert_successor_none_of_insert_le_old_no_gt, VEB.insert_predecessor_none_of_query_le_insert_old_no_lt, VEB.delete_successor_none_of_old_no_gt, and VEB.delete_predecessor_none_of_old_no_lt: premise-light no-neighbor wrappers stated against the old represented set.

  • Theorem VEB.operationDepth_linear: the first-pass recurrence-depth wrapper is linear in the universe exponent.

Current gaps:

  • Recursive summary/cluster storage and word-RAM base cases are future refinement targets.

namespace CLRSnamespace Chapter20namespace VEB

First-pass vEB tree state: a universe size and a finite represented set.

structure Tree where univSize : Nat elems : Finset Nat

A tree represents exactly a finite set whose elements fit in the universe.

def Represents (t : Tree) (s : Finset Nat) : Prop := t.elems = s forall x, x s -> x < t.univSize

Boolean membership query.

def member (x : Nat) (t : Tree) : Bool := decide (x t.elems)

Membership queries match the represented set.

theorem member_correct {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) : member x t = true <-> x s :=

A successful membership query returns a key inside the represented universe.

theorem member_lt_univ {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hmem : member x t = true) : x < t.univSize :=

Minimum represented key, if the tree is nonempty.

def minimum (t : Tree) : Option Nat := if h : t.elems.Nonempty then some (t.elems.min' h) else none

Maximum represented key, if the tree is nonempty.

def maximum (t : Tree) : Option Nat := if h : t.elems.Nonempty then some (t.elems.max' h) else none

The returned minimum is represented and is a lower bound for all keys.

A returned minimum belongs to the represented key set.

theorem minimum_mem {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hmin : minimum t = some x) : x s :=

A returned minimum is no larger than any represented key.

theorem minimum_le {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hmin : minimum t = some x) (hy : y s) : x <= y :=

A returned minimum lies inside the represented universe.

theorem minimum_lt_univ {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hmin : minimum t = some x) : x < t.univSize :=

No minimum is returned exactly when the represented set is empty.

If the represented set is empty, no minimum is returned.

theorem minimum_none_of_empty {t : Tree} {s : Finset Nat} (hrep : Represents t s) (hempty : s = ) : minimum t = none :=

A nonempty represented set forces the minimum query to return a result.

The returned maximum is represented and is an upper bound for all keys.

A returned maximum belongs to the represented key set.

theorem maximum_mem {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hmax : maximum t = some x) : x s :=

Every represented key is no larger than a returned maximum.

theorem le_maximum {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hmax : maximum t = some x) (hy : y s) : y <= x :=

A returned maximum lies inside the represented universe.

theorem maximum_lt_univ {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hmax : maximum t = some x) : x < t.univSize :=

No maximum is returned exactly when the represented set is empty.

If the represented set is empty, no maximum is returned.

theorem maximum_none_of_empty {t : Tree} {s : Finset Nat} (hrep : Represents t s) (hempty : s = ) : maximum t = none :=

A nonempty represented set forces the maximum query to return a result.

Candidate successor set for query x.

def successorCandidates (x : Nat) (t : Tree) : Finset Nat := t.elems.filter (fun y => x < y)

Least represented key greater than x, if one exists.

def successor (x : Nat) (t : Tree) : Option Nat := if h : (successorCandidates x t).Nonempty then some ((successorCandidates x t).min' h) else none

A returned successor is represented, greater than the query, and no larger than any represented key that is also greater than the query.

A returned successor belongs to the represented key set.

theorem successor_mem {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hsucc : successor x t = some y) : y s :=

A returned successor is greater than the query.

theorem successor_gt {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hsucc : successor x t = some y) : x < y :=

A returned successor is no larger than any represented key greater than the query.

theorem successor_le {t : Tree} {s : Finset Nat} {x y z : Nat} (hrep : Represents t s) (hsucc : successor x t = some y) (hz : z s) (hxz : x < z) : y <= z :=

A returned successor lies inside the represented universe.

theorem successor_lt_univ {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hsucc : successor x t = some y) : y < t.univSize :=

No successor is returned exactly when no represented key is greater.

If no represented key is greater than the query, no successor is returned.

theorem successor_none_of_no_gt {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hnone : forall y, y s -> ¬ x < y) : successor x t = none :=

An existing greater represented key forces successor to return a result.

theorem successor_ne_none_of_exists_gt {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hy : y s) (hxy : x < y) : successor x t none :=

Candidate predecessor set for query x.

def predecessorCandidates (x : Nat) (t : Tree) : Finset Nat := t.elems.filter (fun y => y < x)

Greatest represented key less than x, if one exists.

def predecessor (x : Nat) (t : Tree) : Option Nat := if h : (predecessorCandidates x t).Nonempty then some ((predecessorCandidates x t).max' h) else none

A returned predecessor is represented, less than the query, and no smaller than any represented key that is also less than the query.

A returned predecessor belongs to the represented key set.

theorem predecessor_mem {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hpred : predecessor x t = some y) : y s :=

A returned predecessor is less than the query.

theorem predecessor_lt {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hpred : predecessor x t = some y) : y < x :=

Any represented key less than the query is no larger than a returned predecessor.

theorem le_predecessor {t : Tree} {s : Finset Nat} {x y z : Nat} (hrep : Represents t s) (hpred : predecessor x t = some y) (hz : z s) (hzx : z < x) : z <= y :=

A returned predecessor lies inside the represented universe.

theorem predecessor_lt_univ {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hpred : predecessor x t = some y) : y < t.univSize :=

No predecessor is returned exactly when no represented key is smaller.

If no represented key is smaller than the query, no predecessor is returned.

theorem predecessor_none_of_no_lt {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hnone : forall y, y s -> ¬ y < x) : predecessor x t = none :=

An existing smaller represented key forces predecessor to return a result.

theorem predecessor_ne_none_of_exists_lt {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hy : y s) (hyx : y < x) : predecessor x t none :=

Insert a key into the represented set.

def insert (x : Nat) (t : Tree) : Tree := { t with elems := Insert.insert x t.elems }

Insertion matches finite-set insertion when the inserted key is in universe.

Membership after insertion succeeds exactly for the inserted or old keys.

A successful membership query after insertion lies inside the represented universe.

theorem insert_member_lt_univ {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmem : member y (insert x t) = true) : y < t.univSize :=

Membership succeeds for the inserted key after insertion.

Old represented keys remain members after insertion.

Membership after insertion fails exactly for noninserted keys absent before insertion.

Old failed membership queries different from the inserted key remain false after insertion.

A returned minimum after insertion is the least key among the inserted key and old set.

theorem insert_minimum_correct {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmin : minimum (insert x t) = some m) : (m = x m s) m <= x forall y, y s -> m <= y := exact hmin'.2 x ( ) exact hmin'.2 y ( )

A returned minimum after insertion is the inserted key or an old key.

theorem insert_minimum_mem {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmin : minimum (insert x t) = some m) : m = x m s :=

A returned minimum after insertion that is not the inserted key is an old key.

theorem insert_minimum_mem_old_of_ne {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmin : minimum (insert x t) = some m) (hmx : m x) : m s := cases insert_minimum_mem (t := t) (s := s) (x := x) (m := m) hrep hx hmin with

A returned minimum after insertion is no larger than the inserted key.

theorem insert_minimum_le_inserted {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmin : minimum (insert x t) = some m) : m <= x :=

A returned minimum after insertion is no larger than any old key.

theorem insert_minimum_le_old {t : Tree} {s : Finset Nat} {x m y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmin : minimum (insert x t) = some m) (hy : y s) : m <= y :=

A returned minimum after insertion lies inside the represented universe.

theorem insert_minimum_lt_univ {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmin : minimum (insert x t) = some m) : m < t.univSize :=

Insertion makes the updated set nonempty, so no minimum-empty result is possible.

After insertion, a minimum-empty result is impossible.

theorem insert_minimum_ne_none {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hx : x < t.univSize) : minimum (insert x t) none :=

A returned maximum after insertion is the greatest key among the inserted key and old set.

theorem insert_maximum_correct {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmax : maximum (insert x t) = some m) : (m = x m s) x <= m forall y, y s -> y <= m := exact hmax'.2 x ( ) exact hmax'.2 y ( )

A returned maximum after insertion is the inserted key or an old key.

theorem insert_maximum_mem {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmax : maximum (insert x t) = some m) : m = x m s :=

A returned maximum after insertion that is not the inserted key is an old key.

theorem insert_maximum_mem_old_of_ne {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmax : maximum (insert x t) = some m) (hmx : m x) : m s := cases insert_maximum_mem (t := t) (s := s) (x := x) (m := m) hrep hx hmax with

The inserted key is no larger than a returned maximum after insertion.

theorem insert_maximum_inserted_le {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmax : maximum (insert x t) = some m) : x <= m :=

Any old key is no larger than a returned maximum after insertion.

theorem insert_maximum_old_le {t : Tree} {s : Finset Nat} {x m y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmax : maximum (insert x t) = some m) (hy : y s) : y <= m :=

A returned maximum after insertion lies inside the represented universe.

theorem insert_maximum_lt_univ {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hmax : maximum (insert x t) = some m) : m < t.univSize :=

Insertion makes the updated set nonempty, so no maximum-empty result is possible.

After insertion, a maximum-empty result is impossible.

theorem insert_maximum_ne_none {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hx : x < t.univSize) : maximum (insert x t) none :=

A returned successor after insertion is the least updated key greater than the query.

theorem insert_successor_correct {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hsucc : successor q (insert x t) = some y) : (y = x y s) q < y forall z, z = x z s -> q < z -> y <= z := exact hsucc'.2.2 z ( ) hqz

A returned successor after insertion is either the inserted key or an old key.

theorem insert_successor_mem {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hsucc : successor q (insert x t) = some y) : y = x y s :=

A returned successor after insertion that is not the inserted key is an old key.

theorem insert_successor_mem_old_of_ne {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hsucc : successor q (insert x t) = some y) (hyx : y x) : y s := cases insert_successor_mem (t := t) (s := s) (x := x) (q := q) (y := y) hrep hx hsucc with

A returned successor after insertion is greater than the query.

theorem insert_successor_gt {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hsucc : successor q (insert x t) = some y) : q < y :=

A returned successor after insertion is no larger than any updated greater key.

theorem insert_successor_le {t : Tree} {s : Finset Nat} {x q y z : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hsucc : successor q (insert x t) = some y) (hz : z = x z s) (hqz : q < z) : y <= z :=

A returned successor after insertion lies inside the represented universe.

theorem insert_successor_lt_univ {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hsucc : successor q (insert x t) = some y) : y < t.univSize :=

No successor after insertion means no inserted or old key is greater than the query.

theorem insert_successor_none_iff {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hx : x < t.univSize) : successor q (insert x t) = none <-> forall y, y = x y s -> ¬ q < y :=

If no updated key is greater than the query after insertion, no successor is returned.

theorem insert_successor_none_of_no_gt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hnone : forall y, y = x y s -> ¬ q < y) : successor q (insert x t) = none :=

If the inserted key and every old key are no greater than the query, no successor is returned.

theorem insert_successor_none_of_insert_le_old_no_gt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hxq : x <= q) (hold : forall y, y s -> ¬ q < y) : successor q (insert x t) = none := exact insert_successor_none_of_no_gt (t := t) (s := s) (x := x) (q := q) hrep hx ( cases hy with )

If the inserted key is greater than the query, successor after insertion exists.

theorem insert_successor_ne_none_of_insert_gt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hqx : q < x) : successor q (insert x t) none :=

If an old represented key is greater than the query, successor after insertion exists.

theorem insert_successor_ne_none_of_old_gt {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hy : y s) (hqy : q < y) : successor q (insert x t) none :=

A returned predecessor after insertion is the greatest updated key less than the query.

theorem insert_predecessor_correct {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hpred : predecessor q (insert x t) = some y) : (y = x y s) y < q forall z, z = x z s -> z < q -> z <= y := exact hpred'.2.2 z ( ) hzq

A returned predecessor after insertion is either the inserted key or an old key.

theorem insert_predecessor_mem {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hpred : predecessor q (insert x t) = some y) : y = x y s :=

A returned predecessor after insertion that is not the inserted key is an old key.

theorem insert_predecessor_mem_old_of_ne {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hpred : predecessor q (insert x t) = some y) (hyx : y x) : y s := cases insert_predecessor_mem (t := t) (s := s) (x := x) (q := q) (y := y) hrep hx hpred with

A returned predecessor after insertion is less than the query.

theorem insert_predecessor_lt {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hpred : predecessor q (insert x t) = some y) : y < q :=

Any updated key less than the query is no larger than a returned predecessor.

theorem insert_le_predecessor {t : Tree} {s : Finset Nat} {x q y z : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hpred : predecessor q (insert x t) = some y) (hz : z = x z s) (hzq : z < q) : z <= y :=

A returned predecessor after insertion lies inside the represented universe.

theorem insert_predecessor_lt_univ {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hpred : predecessor q (insert x t) = some y) : y < t.univSize :=

No predecessor after insertion means no inserted or old key is smaller than the query.

theorem insert_predecessor_none_iff {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hx : x < t.univSize) : predecessor q (insert x t) = none <-> forall y, y = x y s -> ¬ y < q :=

If no updated key is smaller than the query after insertion, no predecessor is returned.

theorem insert_predecessor_none_of_no_lt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hnone : forall y, y = x y s -> ¬ y < q) : predecessor q (insert x t) = none :=

If the query is no greater than the inserted key and no old key is smaller, no predecessor is returned.

theorem insert_predecessor_none_of_query_le_insert_old_no_lt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hqx : q <= x) (hold : forall y, y s -> ¬ y < q) : predecessor q (insert x t) = none := exact insert_predecessor_none_of_no_lt (t := t) (s := s) (x := x) (q := q) hrep hx ( cases hy with )

If the inserted key is smaller than the query, predecessor after insertion exists.

theorem insert_predecessor_ne_none_of_insert_lt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hxq : x < q) : predecessor q (insert x t) none :=

If an old represented key is smaller than the query, predecessor after insertion exists.

theorem insert_predecessor_ne_none_of_old_lt {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hx : x < t.univSize) (hy : y s) (hyq : y < q) : predecessor q (insert x t) none :=

Delete a key from the represented set.

def delete (x : Nat) (t : Tree) : Tree := { t with elems := t.elems.erase x }

Deletion matches finite-set deletion.

theorem delete_correct {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) : Represents (delete x t) (s.erase x) :=

Membership after deletion succeeds exactly for old keys different from the deleted key.

A successful membership query after deletion lies inside the represented universe.

theorem delete_member_lt_univ {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hmem : member y (delete x t) = true) : y < t.univSize :=

Membership fails for the deleted key after deletion.

theorem delete_member_deleted_false {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) : member x (delete x t) = false :=

Old keys different from the deleted key remain members after deletion.

Membership after deletion fails exactly for the deleted key or old absent keys.

Old failed membership queries remain false after deletion.

Keys equal to the deleted key are failed membership queries after deletion.

A returned minimum after deletion is the least remaining old key.

exact hmin'.2 y ( )

A returned minimum after deletion is not the deleted key.

theorem delete_minimum_ne {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hmin : minimum (delete x t) = some m) : m x :=

A returned minimum after deletion is an old key.

theorem delete_minimum_mem {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hmin : minimum (delete x t) = some m) : m s :=

A returned minimum after deletion is no larger than any old remaining key.

theorem delete_minimum_le_old {t : Tree} {s : Finset Nat} {x m y : Nat} (hrep : Represents t s) (hmin : minimum (delete x t) = some m) (hy : y s) (hyx : y x) : m <= y :=

A returned minimum after deletion lies inside the represented universe.

theorem delete_minimum_lt_univ {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hmin : minimum (delete x t) = some m) : m < t.univSize :=

No minimum after deletion means every old key was the deleted key.

If every old key equals the deleted key, no minimum remains after deletion.

theorem delete_minimum_none_of_all_eq {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hall : forall y, y s -> y = x) : minimum (delete x t) = none :=

If some old key remains after deletion, a minimum still exists.

theorem delete_minimum_ne_none_of_remaining {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hy : y s) (hyx : y x) : minimum (delete x t) none :=

A returned maximum after deletion is the greatest remaining old key.

exact hmax'.2 y ( )

A returned maximum after deletion is not the deleted key.

theorem delete_maximum_ne {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hmax : maximum (delete x t) = some m) : m x :=

A returned maximum after deletion is an old key.

theorem delete_maximum_mem {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hmax : maximum (delete x t) = some m) : m s :=

Any old remaining key is no larger than a returned maximum after deletion.

theorem delete_maximum_old_le {t : Tree} {s : Finset Nat} {x m y : Nat} (hrep : Represents t s) (hmax : maximum (delete x t) = some m) (hy : y s) (hyx : y x) : y <= m :=

A returned maximum after deletion lies inside the represented universe.

theorem delete_maximum_lt_univ {t : Tree} {s : Finset Nat} {x m : Nat} (hrep : Represents t s) (hmax : maximum (delete x t) = some m) : m < t.univSize :=

No maximum after deletion means every old key was the deleted key.

If every old key equals the deleted key, no maximum remains after deletion.

theorem delete_maximum_none_of_all_eq {t : Tree} {s : Finset Nat} {x : Nat} (hrep : Represents t s) (hall : forall y, y s -> y = x) : maximum (delete x t) = none :=

If some old key remains after deletion, a maximum still exists.

theorem delete_maximum_ne_none_of_remaining {t : Tree} {s : Finset Nat} {x y : Nat} (hrep : Represents t s) (hy : y s) (hyx : y x) : maximum (delete x t) none :=

A returned successor after deletion is the least remaining old key greater than the query.

exact hsucc'.2.2 z ( ) hqz

A returned successor after deletion is a remaining old key.

theorem delete_successor_mem {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hsucc : successor q (delete x t) = some y) : y x y s :=

A returned successor after deletion is greater than the query.

theorem delete_successor_gt {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hsucc : successor q (delete x t) = some y) : q < y :=

A returned successor after deletion is no larger than any remaining greater key.

theorem delete_successor_le {t : Tree} {s : Finset Nat} {x q y z : Nat} (hrep : Represents t s) (hsucc : successor q (delete x t) = some y) (hz : z s) (hzx : z x) (hqz : q < z) : y <= z :=

A returned successor after deletion lies inside the represented universe.

theorem delete_successor_lt_univ {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hsucc : successor q (delete x t) = some y) : y < t.univSize :=

No successor after deletion means no remaining old key is greater than the query.

If no remaining old key is greater than the query after deletion, no successor is returned.

theorem delete_successor_none_of_no_gt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hnone : forall y, y s -> y x -> ¬ q < y) : successor q (delete x t) = none :=

If no old key is greater than the query, deletion returns no successor.

theorem delete_successor_none_of_old_no_gt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hnone : forall y, y s -> ¬ q < y) : successor q (delete x t) = none := exact delete_successor_none_of_no_gt (t := t) (s := s) (x := x) (q := q) hrep ( )

If a remaining old key is greater than the query, successor after deletion exists.

theorem delete_successor_ne_none_of_remaining_gt {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hy : y s) (hyx : y x) (hqy : q < y) : successor q (delete x t) none :=

A returned predecessor after deletion is the greatest remaining old key less than the query.

exact hpred'.2.2 z ( ) hzq

A returned predecessor after deletion is a remaining old key.

theorem delete_predecessor_mem {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hpred : predecessor q (delete x t) = some y) : y x y s :=

A returned predecessor after deletion is less than the query.

theorem delete_predecessor_lt {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hpred : predecessor q (delete x t) = some y) : y < q :=

Any remaining old key less than the query is no larger than a returned predecessor.

theorem delete_le_predecessor {t : Tree} {s : Finset Nat} {x q y z : Nat} (hrep : Represents t s) (hpred : predecessor q (delete x t) = some y) (hz : z s) (hzx : z x) (hzq : z < q) : z <= y :=

A returned predecessor after deletion lies inside the represented universe.

theorem delete_predecessor_lt_univ {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hpred : predecessor q (delete x t) = some y) : y < t.univSize :=

No predecessor after deletion means no remaining old key is smaller than the query.

If no remaining old key is smaller than the query after deletion, no predecessor is returned.

theorem delete_predecessor_none_of_no_lt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hnone : forall y, y s -> y x -> ¬ y < q) : predecessor q (delete x t) = none :=

If no old key is smaller than the query, deletion returns no predecessor.

theorem delete_predecessor_none_of_old_no_lt {t : Tree} {s : Finset Nat} {x q : Nat} (hrep : Represents t s) (hnone : forall y, y s -> ¬ y < q) : predecessor q (delete x t) = none := exact delete_predecessor_none_of_no_lt (t := t) (s := s) (x := x) (q := q) hrep ( )

If a remaining old key is smaller than the query, predecessor after deletion exists.

theorem delete_predecessor_ne_none_of_remaining_lt {t : Tree} {s : Finset Nat} {x q y : Nat} (hrep : Represents t s) (hy : y s) (hyx : y x) (hyq : y < q) : predecessor q (delete x t) none :=

First-pass operation-depth recurrence over a tower exponent.

def operationDepth (k : Nat) : Nat := k + 1

The first-pass operation-depth recurrence starts with one base step.

theorem operationDepth_zero : operationDepth 0 = 1 :=

The first-pass operation-depth recurrence increases by one per exponent level.

theorem operationDepth_succ (k : Nat) : operationDepth (k + 1) = operationDepth k + 1 :=

The first-pass recurrence-depth wrapper is linear in k.

theorem operationDepth_linear (k : Nat) : operationDepth k <= k + 1 :=

The first-pass operation depth is monotone in the exponent level.

theorem operationDepth_monotone {a b : Nat} (hab : a <= b) : operationDepth a <= operationDepth b :=

The first-pass operation depth is strictly monotone in the exponent level.

theorem operationDepth_strict_mono {a b : Nat} (hab : a < b) : operationDepth a < operationDepth b :=
end VEBend Chapter20end CLRS