Session Comparison_Sort_Lower_Bound

Theory Linorder_Relations

   File:    Linorder_Relations.thy
   Author:  Manuel Eberl

   Linear orderings represented as relations (i.e. set of pairs). Also contains 
   material connecting such orderings to lists, and insertion sort w.r.t. a 
   given ordering relation.
section ‹Linear orderings as relations›
theory Linorder_Relations

subsection ‹Auxiliary facts›

(* TODO: Move *)
lemma distinct_count_atmost_1':
  "distinct xs = (a. count (mset xs) a  1)"
proof -
    fix x have "count (mset xs) x = (if x  set xs then 1 else 0)  count (mset xs) x  1"
      using count_eq_zero_iff[of "mset xs" x]
      by (cases "count (mset xs) x") (auto simp del: count_mset_0_iff) 
  thus ?thesis unfolding distinct_count_atmost_1 by blast
lemma distinct_mset_mono: 
  assumes "distinct ys" "mset xs ⊆# mset ys"
  shows   "distinct xs" 
  unfolding distinct_count_atmost_1'
  fix x
  from assms(2) have "count (mset xs) x  count (mset ys) x"
    by (rule mset_subset_eq_count)
  also from assms(1) have "  1" unfolding distinct_count_atmost_1' ..
  finally show "count (mset xs) x  1" .

lemma mset_eq_imp_distinct_iff:
  assumes "mset xs = mset ys"
  shows   "distinct xs  distinct ys"
  using assms by (simp add: distinct_count_atmost_1')

lemma total_on_subset: "total_on B R  A  B  total_on A R"
  by (auto simp: total_on_def)

subsection ‹Sortedness w.r.t. a relation›

inductive sorted_wrt :: "('a × 'a) set  'a list  bool" for R where
  "sorted_wrt R []"
| "sorted_wrt R xs  (y. y  set xs  (x,y)  R)  sorted_wrt R (x # xs)"

lemma sorted_wrt_Nil [simp]: "sorted_wrt R []"
  by (rule sorted_wrt.intros)

lemma sorted_wrt_Cons: "sorted_wrt R (x # xs)  (yset xs. (x,y)  R)  sorted_wrt R xs"
  by (auto intro: sorted_wrt.intros elim: sorted_wrt.cases)

lemma sorted_wrt_singleton [simp]: "sorted_wrt R [x]"
  by (intro sorted_wrt.intros) simp_all

lemma sorted_wrt_many:
  assumes "trans R"
  shows   "sorted_wrt R (x # y # xs)  (x,y)  R  sorted_wrt R (y # xs)"
  by (force intro: sorted_wrt.intros transD[OF assms] elim: sorted_wrt.cases)

lemma sorted_wrt_imp_le_last:
  assumes "sorted_wrt R xs" "xs  []" "x  set xs" "x  last xs"
  shows   "(x, last xs)  R"
  using assms by induction auto
lemma sorted_wrt_append:
  assumes "sorted_wrt R xs" "sorted_wrt R ys" 
          "x y. x  set xs  y  set ys  (x,y)  R" "trans R"
  shows   "sorted_wrt R (xs @ ys)"
  using assms by (induction xs) (auto simp: sorted_wrt_Cons)

lemma sorted_wrt_snoc:
  assumes "sorted_wrt R xs" "(last xs, y)  R" "trans R"
  shows   "sorted_wrt R (xs @ [y])"
  using assms(1,2)
proof induction
  case (2 xs x)
  show ?case
  proof (cases "xs = []")
    case False
    with 2 have "(z,y)  R" if "z  set xs" for z
      using that by (cases "z = last xs")
                    (auto intro: assms transD[OF assms(3), OF sorted_wrt_imp_le_last[OF 2(1)]])
    from False have *: "last xs  set xs" by simp
    moreover from 2 False have "(x,y)  R" by (intro transD[OF assms(3) 2(2)[OF *]]) simp
    ultimately show ?thesis using 2 False
      by (auto intro!: sorted_wrt.intros)
  qed (insert 2, auto intro: sorted_wrt.intros)
qed simp_all
lemma sorted_wrt_conv_nth:
  "sorted_wrt R xs  (i j. i < j  j < length xs  (xs!i, xs!j)  R)"
  by (induction xs) (auto simp: sorted_wrt_Cons nth_Cons set_conv_nth split: nat.splits)

subsection ‹Linear orderings›

definition linorder_on :: "'a set  ('a × 'a) set  bool"  where
  "linorder_on A R  refl_on A R  antisym R  trans R  total_on A R"
lemma linorder_on_cases:
  assumes "linorder_on A R" "x  A" "y  A"
  shows   "x = y  ((x, y)  R  (y, x)  R)  ((y, x)  R  (x, y)  R)"
  using assms by (auto simp: linorder_on_def refl_on_def total_on_def antisym_def)

lemma sorted_wrt_linorder_imp_index_le:
  assumes "linorder_on A R" "set xs  A" "sorted_wrt R xs" 
          "x  set xs" "y  set xs" "(x,y)  R"
  shows   "index xs x  index xs y"
proof -
  define i j where "i = index xs x" and "j = index xs y"
    assume "j < i"
    moreover from assms have "i < length xs" by (simp add: i_def)
    ultimately have "(xs!j,xs!i)  R" using assms by (auto simp: sorted_wrt_conv_nth)
    with assms have "x = y" by (auto simp: linorder_on_def antisym_def i_def j_def)
  hence "i  j  x = y" by linarith
  thus ?thesis by (auto simp: i_def j_def)

lemma sorted_wrt_linorder_index_le_imp:
  assumes "linorder_on A R" "set xs  A" "sorted_wrt R xs" 
          "x  set xs" "y  set xs" "index xs x  index xs y"
  shows   "(x,y)  R"
proof (cases "x = y")
  case False
  define i j where "i = index xs x" and "j = index xs y"
  from False and assms have "i  j" by (simp add: i_def j_def)
  with ‹index xs x  index xs y have "i < j" by (simp add: i_def j_def)
  moreover from assms have "j < length xs" by (simp add: j_def)
  ultimately have "(xs ! i, xs ! j)  R" using assms(3)
    by (auto simp: sorted_wrt_conv_nth)
  with assms show ?thesis by (simp_all add: i_def j_def)
qed (insert assms, auto simp: linorder_on_def refl_on_def)

lemma sorted_wrt_linorder_index_le_iff:
  assumes "linorder_on A R" "set xs  A" "sorted_wrt R xs" 
          "x  set xs" "y  set xs"
  shows   "index xs x  index xs y  (x,y)  R"
  using sorted_wrt_linorder_index_le_imp[OF assms] sorted_wrt_linorder_imp_index_le[OF assms] 
  by blast
lemma sorted_wrt_linorder_index_less_iff:
  assumes "linorder_on A R" "set xs  A" "sorted_wrt R xs" 
          "x  set xs" "y  set xs"
  shows   "index xs x < index xs y  (y,x)  R"
  by (subst sorted_wrt_linorder_index_le_iff[OF assms(1-3) assms(5,4), symmetric]) auto

lemma sorted_wrt_distinct_linorder_nth:
  assumes "linorder_on A R" "set xs  A" "sorted_wrt R xs" "distinct xs" 
          "i < length xs" "j < length xs"
  shows   "(xs!i, xs!j)  R  i  j"
proof (cases i j rule: linorder_cases)
  case less
  with assms show ?thesis by (simp add: sorted_wrt_conv_nth)
  case equal
  from assms have "xs ! i  set xs" "xs ! j  set xs" by (auto simp: set_conv_nth)
  with assms(2) have "xs ! i  A" "xs ! j  A" by blast+
  with ‹linorder_on A R and equal show ?thesis by (simp add: linorder_on_def refl_on_def)
  case greater
  with assms have "(xs!j, xs!i)  R" by (auto simp add: sorted_wrt_conv_nth)
  moreover from assms and greater have "xs ! i  xs ! j" by (simp add: nth_eq_iff_index_eq)
  ultimately show ?thesis using ‹linorder_on A R greater
    by (auto simp: linorder_on_def antisym_def)

subsection ‹Converting a list into a linear ordering›

definition linorder_of_list :: "'a list  ('a × 'a) set" where
  "linorder_of_list xs = {(a,b). a  set xs  b  set xs  index xs a  index xs b}"

lemma linorder_linorder_of_list [intro, simp]:
  assumes "distinct xs"
  shows   "linorder_on (set xs) (linorder_of_list xs)"
  unfolding linorder_on_def using assms
  by (auto simp: refl_on_def antisym_def trans_def total_on_def linorder_of_list_def)

lemma sorted_wrt_linorder_of_list [intro, simp]: 
  "distinct xs  sorted_wrt (linorder_of_list xs) xs"
  by (auto simp: sorted_wrt_conv_nth linorder_of_list_def index_nth_id)

subsection ‹Insertion sort›

primrec insert_wrt :: "('a × 'a) set  'a  'a list  'a list" where
  "insert_wrt R x [] = [x]"
| "insert_wrt R x (y # ys) = (if (x, y)  R then x # y # ys else y # insert_wrt R x ys)"

lemma set_insert_wrt [simp]: "set (insert_wrt R x xs) = insert x (set xs)"
  by (induction xs) auto

lemma mset_insert_wrt [simp]: "mset (insert_wrt R x xs) = add_mset x (mset xs)"
  by (induction xs) auto

lemma length_insert_wrt [simp]: "length (insert_wrt R x xs) = Suc (length xs)"
  by (induction xs) simp_all

definition insort_wrt :: "('a × 'a) set  'a list  'a list" where
  "insort_wrt R xs = foldr (insert_wrt R) xs []"

lemma set_insort_wrt [simp]: "set (insort_wrt R xs) = set xs"
  by (induction xs) (simp_all add: insort_wrt_def)

lemma mset_insort_wrt [simp]: "mset (insort_wrt R xs) = mset xs"
  by (induction xs) (simp_all add: insort_wrt_def)
lemma length_insort_wrt [simp]: "length (insort_wrt R xs) = length xs"
  by (induction xs) (simp_all add: insort_wrt_def)

lemma sorted_wrt_insert_wrt [intro]: 
  "linorder_on A R  set (x # xs)  A  
     sorted_wrt R xs  sorted_wrt R (insert_wrt R x xs)"
proof (induction xs)
  case (Cons y ys)
  from Cons.prems have "(x,y)  R  (y,x)  R" 
    by (cases "x = y") (auto simp: linorder_on_def refl_on_def total_on_def)
  with Cons show ?case
    by (auto simp: sorted_wrt_Cons intro: transD simp: linorder_on_def)
qed auto

lemma sorted_wrt_insort [intro]:
  assumes "linorder_on A R" "set xs  A"
  shows   "sorted_wrt R (insort_wrt R xs)"
proof -
  from assms have "set (insort_wrt R xs) = set xs  sorted_wrt R (insort_wrt R xs)"
    by (induction xs) (auto simp: insort_wrt_def intro!: sorted_wrt_insert_wrt)
  thus ?thesis ..

lemma distinct_insort_wrt [simp]: "distinct (insort_wrt R xs)  distinct xs"
  by (simp add: distinct_count_atmost_1)

lemma sorted_wrt_linorder_unique:
  assumes "linorder_on A R" "mset xs = mset ys" "sorted_wrt R xs" "sorted_wrt R ys"
  shows   "xs = ys"
proof -
  from ‹mset xs = mset ys have "length xs = length ys" by (rule mset_eq_length)
  from this and assms(2-) show ?thesis
  proof (induction xs ys rule: list_induct2)
    case (Cons x xs y ys)
    have "set (x # xs) = set_mset (mset (x # xs))" by simp
    also have "mset (x # xs) = mset (y # ys)" by fact
    also have "set_mset  = set (y # ys)" by simp
    finally have eq: "set (x # xs) = set (y # ys)" .
    have "x = y"
    proof (rule ccontr)
      assume "x  y"
      with eq have "x  set ys" "y  set xs" by auto
      with Cons.prems and assms(1) and eq have "(x, y)  R" "(y, x)  R"
        by (auto simp: sorted_wrt_Cons)
      with assms(1) have "x = y" by (auto simp: linorder_on_def antisym_def)
      with x  y show False by contradiction
    with Cons show ?case by (auto simp: sorted_wrt_Cons)
  qed auto

subsection ‹Obtaining a sorted list of a given set›

definition sorted_wrt_list_of_set where
  "sorted_wrt_list_of_set R A = 
     (if finite A then (THE xs. set xs = A  distinct xs  sorted_wrt R xs) else [])"
lemma mset_remdups: "mset (remdups xs) = mset_set (set xs)"
proof (induction xs)
  case (Cons x xs)
  thus ?case by (cases "x  set xs") (auto simp: insert_absorb)
qed auto
lemma sorted_wrt_list_set:
  assumes "linorder_on A R" "set xs  A"
  shows   "sorted_wrt_list_of_set R (set xs) = insort_wrt R (remdups xs)"
proof -
  have "sorted_wrt_list_of_set R (set xs) = 
          (THE xsa. set xsa = set xs  distinct xsa  sorted_wrt R xsa)"
    by (simp add: sorted_wrt_list_of_set_def)
  also have " = insort_wrt R (remdups xs)"
  proof (rule the_equality)
    fix xsa assume xsa: "set xsa = set xs  distinct xsa  sorted_wrt R xsa"
    from xsa have "mset xsa = mset_set (set xsa)" by (subst mset_set_set) simp_all
    also from xsa have "set xsa = set xs" by simp
    also have "mset_set  = mset (remdups xs)" by (simp add: mset_remdups)
    finally show "xsa = insort_wrt R (remdups xs)" using xsa assms
      by (intro sorted_wrt_linorder_unique[OF assms(1)])
         (auto intro!: sorted_wrt_insort)
  qed (insert assms, auto intro!: sorted_wrt_insort)
  finally show ?thesis .

lemma linorder_sorted_wrt_exists:
  assumes "linorder_on A R" "finite B" "B  A"
  shows   "xs. set xs = B  distinct xs  sorted_wrt R xs"
proof -
  from ‹finite B obtain xs where "set xs = B" "distinct xs"
    using finite_distinct_list by blast
  hence "set (insort_wrt R xs) = B" "distinct (insort_wrt R xs)" by simp_all
  moreover have "sorted_wrt R (insort_wrt R xs)"
    using assms ‹set xs = B by (intro sorted_wrt_insort[OF assms(1)]) auto
  ultimately show ?thesis by blast

lemma linorder_sorted_wrt_list_of_set:
  assumes "linorder_on A R" "finite B" "B  A"
  shows   "set (sorted_wrt_list_of_set R B) = B" "distinct (sorted_wrt_list_of_set R B)"
          "sorted_wrt R (sorted_wrt_list_of_set R B)"
proof -
  have "∃!xs. set xs = B  distinct xs  sorted_wrt R xs"
  proof (rule ex_ex1I)
    show "xs. set xs = B  distinct xs  sorted_wrt R xs"
      by (rule linorder_sorted_wrt_exists assms)+
    fix xs ys assume "set xs = B  distinct xs  sorted_wrt R xs" 
                     "set ys = B  distinct ys  sorted_wrt R ys"
    thus "xs = ys" 
      by (intro sorted_wrt_linorder_unique[OF assms(1)]) (auto simp: set_eq_iff_mset_eq_distinct)
  from theI'[OF this] show  "set (sorted_wrt_list_of_set R B) = B" 
    "distinct (sorted_wrt_list_of_set R B)" "sorted_wrt R (sorted_wrt_list_of_set R B)" 
    by (simp_all add: sorted_wrt_list_of_set_def ‹finite B)

lemma sorted_wrt_list_of_set_eqI:
  assumes "linorder_on B R" "A  B" "set xs = A" "distinct xs" "sorted_wrt R xs"
  shows   "sorted_wrt_list_of_set R A = xs"
proof (rule sorted_wrt_linorder_unique)
  show "linorder_on B R" by fact
  let ?ys = "sorted_wrt_list_of_set R A"
  have fin [simp]: "finite A" by (simp_all add: assms(3) [symmetric])
  have *: "distinct ?ys" "set ?ys = A" "sorted_wrt R ?ys"
    by (rule linorder_sorted_wrt_list_of_set[OF assms(1)] fin assms)+
  from assms * show "mset ?ys = mset xs"
    by (subst set_eq_iff_mset_eq_distinct [symmetric]) simp_all
  show "sorted_wrt R ?ys" by fact
qed fact+

subsection ‹Rank of an element in an ordering›
text ‹
  The `rank' of an element in a set w.r.t. an ordering is how many smaller elements exist.
  This is particularly useful in linear orders, where there exists a unique $n$-th element 
  for every $n$.
definition linorder_rank where
  "linorder_rank R A x = card {yA-{x}. (y,x)  R}"
lemma linorder_rank_le: 
  assumes "finite A"
  shows   "linorder_rank R A x  card A"
  unfolding linorder_rank_def using assms
  by (rule card_mono) auto
lemma linorder_rank_less:
  assumes "finite A" "x  A"
  shows   "linorder_rank R A x < card A"
proof -
  have "linorder_rank R A x  card (A - {x})"
    unfolding linorder_rank_def using assms by (intro card_mono) auto
  also from assms have " < card A" by (intro psubset_card_mono) auto
  finally show ?thesis .

lemma linorder_rank_union:
  assumes "finite A" "finite B" "A  B = {}"
  shows   "linorder_rank R (A  B) x = linorder_rank R A x + linorder_rank R B x"
proof -
  have "linorder_rank R (A  B) x = card {y(AB)-{x}. (y,x)  R}"
    by (simp add: linorder_rank_def)
  also have "{y(AB)-{x}. (y,x)  R} = {yA-{x}. (y,x)  R}  {yB-{x}. (y,x)  R}" by blast
  also have "card  = linorder_rank R A x + linorder_rank R B x" unfolding linorder_rank_def
    using assms by (intro card_Un_disjoint) auto
  finally show ?thesis .

lemma linorder_rank_empty [simp]: "linorder_rank R {} x = 0"
  by (simp add: linorder_rank_def)

lemma linorder_rank_singleton: 
  "linorder_rank R {y} x = (if x  y  (y,x)  R then 1 else 0)"
proof -
  have "linorder_rank R {y} x = card {z{y}-{x}. (z,x)  R}" by (simp add: linorder_rank_def)
  also have "{z{y}-{x}. (z,x)  R} = (if x  y  (y,x)  R then {y} else {})" by auto
  also have "card  = (if x  y  (y,x)  R then 1 else 0)" by simp
  finally show ?thesis .

lemma linorder_rank_insert:
  assumes "finite A" "y  A"
  shows   "linorder_rank R (insert y A) x = 
             (if x  y  (y,x)  R then 1 else 0) + linorder_rank R A x"
  using linorder_rank_union[of "{y}" A R x] assms by (auto simp: linorder_rank_singleton)
lemma linorder_rank_mono:
  assumes "linorder_on B R" "finite A" "A  B" "(x, y)  R"
  shows   "linorder_rank R A x  linorder_rank R A y"
  unfolding linorder_rank_def
proof (rule card_mono)
  from assms have trans: "trans R" and antisym: "antisym R" by (simp_all add: linorder_on_def)
  from assms antisym show "{y  A - {x}. (y, x)  R}  {ya  A - {y}. (ya, y)  R}"
    by (auto intro: transD[OF trans] simp: antisym_def)
qed (insert assms, simp_all)

lemma linorder_rank_strict_mono:
  assumes "linorder_on B R" "finite A" "A  B" "y  A" "(y, x)  R" "x  y"
  shows   "linorder_rank R A y < linorder_rank R A x"
proof -
  from assms(1) have trans: "trans R" by (simp add: linorder_on_def)
  from assms have *: "(x, y)  R" by (auto simp: linorder_on_def antisym_def)
  from this and (y,x)  R have "{zA-{y}. (z, y)  R}  {zA-{x}. (z,x)  R}"
    by (auto intro: transD[OF trans])
  moreover from * and assms have "y  {zA-{y}. (z, y)  R}" "y  {zA-{x}. (z, x)  R}"
    by auto
  ultimately have "{zA-{y}. (z, y)  R}  {zA-{x}. (z,x)  R}" by blast
  thus ?thesis using assms unfolding linorder_rank_def by (intro psubset_card_mono) auto

lemma linorder_rank_le_iff:
  assumes "linorder_on B R" "finite A" "A  B" "x  A" "y  A"
  shows   "linorder_rank R A x  linorder_rank R A y  (x, y)  R"
proof (cases "x = y")
  case True
  with assms show ?thesis by (auto simp: linorder_on_def refl_on_def)
  case False
  from assms(1) have trans: "trans R" by (simp_all add: linorder_on_def)
  from assms have "x  B" "y  B" by auto
  with ‹linorder_on B R and False have "((x,y)  R  (y,x)  R)  ((y,x)  R  (x,y)  R)"
    by (fastforce simp: linorder_on_def antisym_def total_on_def)
  thus ?thesis
    assume "(x,y)  R  (y,x)  R"
    with assms show ?thesis by (auto intro!: linorder_rank_mono)
    assume *: "(y,x)  R  (x,y)  R"
    with linorder_rank_strict_mono[OF assms(1-3), of y x] assms False 
      show ?thesis by auto

lemma linorder_rank_eq_iff:
  assumes "linorder_on B R" "finite A" "A  B" "x  A" "y  A"
  shows   "linorder_rank R A x = linorder_rank R A y  x = y"
  assume "linorder_rank R A x = linorder_rank R A y"
  with linorder_rank_le_iff[OF assms(1-5)] linorder_rank_le_iff[OF assms(1-3) assms(5,4)]
    have "(x, y)  R" "(y, x)  R" by simp_all
  with assms show "x = y" by (auto simp: linorder_on_def antisym_def)
qed simp_all
lemma linorder_rank_set_sorted_wrt:
  assumes "linorder_on B R" "set xs  B" "sorted_wrt R xs" "x  set xs" "distinct xs"
  shows   "linorder_rank R (set xs) x = index xs x"
proof -
  define j where "j = index xs x"
  from assms have j: "j < length xs" by (simp add: j_def)
  have *: "x = y  ((x, y)  R  (y, x)  R)  ((y, x)  R  (x, y)  R)" if "y  set xs" for y
    using linorder_on_cases[OF assms(1), of x y] assms that by auto
  from assms have "{yset xs-{x}. (y, x)  R} = {yset xs-{x}. index xs y < index xs x}"
    by (auto simp: sorted_wrt_linorder_index_less_iff[OF assms(1-3)] dest: *)
  also have " = {yset xs. index xs y < j}" by (auto simp: j_def)
  also have " = (λi. xs ! i) ` {i. i < j}"
  proof safe
    fix y assume "y  set xs" "index xs y < j"
    moreover from this and j have "y = xs ! index xs y" by simp
    ultimately show "y  (!) xs ` {i. i < j}" by blast
  qed (insert assms j, auto simp: index_nth_id)
  also from assms and j have "card  = card {i. i < j}" 
    by (intro card_image) (auto simp: inj_on_def nth_eq_iff_index_eq)
  also have " = j" by simp
  finally show ?thesis by (simp only: j_def linorder_rank_def)

lemma bij_betw_linorder_rank:
  assumes "linorder_on B R" "finite A" "A  B"
  shows   "bij_betw (linorder_rank R A) A {..<card A}"
proof -
  define xs where "xs = sorted_wrt_list_of_set R A"
  note xs = linorder_sorted_wrt_list_of_set[OF assms, folded xs_def]
  from ‹distinct xs have len_xs: "length xs = card A"
    by (subst ‹set xs = A [symmetric]) (auto simp: distinct_card)
  have rank: "linorder_rank R (set xs) x = index xs x" if "x  A" for x
    using linorder_rank_set_sorted_wrt[OF assms(1), of xs x] assms that xs by simp_all
  from xs len_xs show ?thesis
    by (intro bij_betw_byWitness[where f' = "λi. xs ! i"])
       (auto simp: rank index_nth_id intro!: nth_mem)

subsection ‹The bijection between linear orderings and lists›

theorem bij_betw_linorder_of_list:
  assumes "finite A"
  shows   "bij_betw linorder_of_list (permutations_of_set A) {R. linorder_on A R}"
proof (intro bij_betw_byWitness[where f' = "λR. sorted_wrt_list_of_set R A"] ballI subsetI,
  case (1 xs)
  thus ?case by (intro sorted_wrt_list_of_set_eqI) (auto simp: permutations_of_set_def)
  case (2 R)
  hence R: "linorder_on A R" by simp
  from R have in_R: "x  A" "y  A" if "(x,y)  R" for x y using that 
    by (auto simp: linorder_on_def refl_on_def)
  let ?xs = "sorted_wrt_list_of_set R A"
  have xs: "distinct ?xs" "set ?xs = A" "sorted_wrt R ?xs"
    by (rule linorder_sorted_wrt_list_of_set[OF R] assms order.refl)+
  thus ?case using sorted_wrt_linorder_index_le_iff[OF R, of ?xs]
    by (auto simp: linorder_of_list_def dest: in_R)
  case (4 xs)
  then obtain R where R: "linorder_on A R" and xs [simp]: "xs = sorted_wrt_list_of_set R A" by auto
  let ?xs = "sorted_wrt_list_of_set R A"
  have xs: "distinct ?xs" "set ?xs = A" "sorted_wrt R ?xs"
    by (rule linorder_sorted_wrt_list_of_set[OF R] assms order.refl)+
  thus ?case by auto
qed (auto simp: permutations_of_set_def)

corollary card_finite_linorders:
  assumes "finite A"
  shows   "card {R. linorder_on A R} = fact (card A)"
proof -
  have "card {R. linorder_on A R} = card (permutations_of_set A)"
    by (rule sym, rule bij_betw_same_card [OF bij_betw_linorder_of_list[OF assms]])
  also from assms have " = fact (card A)" by (rule card_permutations_of_set)
  finally show ?thesis .


Theory Comparison_Sort_Lower_Bound

  File:     Comparison_Sort_Lower_Bound.thy
  Author:   Manuel Eberl <>

  Proof of the lower-bound on worst-case comparisons in a comparison-based sorting algorithm.
section ‹Lower bound on costs of comparison-based sorting›
theory Comparison_Sort_Lower_Bound
subsection ‹Abstract description of sorting algorithms›

text ‹
  We have chosen to model a sorting algorithm in the following way: A sorting algorithm takes a 
  list with distinct elements and a linear ordering on these elements, and it returns a list 
  with the same elements that is sorted w.\,r.\,t.\ the given ordering.

  The use of an explicit ordering means that the algorithm must look at the ordering, i.\,e.\ 
  it has to use pair-wise comparison of elements, since all the information that is relevant 
  for producing the correct sorting is in the ordering; the elements themselves are irrelevant.

  Furthermore, we record the number of comparisons that the algorithm makes by not giving it the 
  relation explicitly, but in the form of a comparison oracle that may be queried.

  A sorting algorithm (or `sorter') for a fixed input list (but for arbitrary orderings) can then
  be written as a recursive datatype that is either the result (the sorted list) or a comparison 
  query consisting of two elements and a continuation that maps the result of the comparison
  to the remaining computation.

datatype 'a sorter = Return "'a list" | Query 'a 'a "bool  'a sorter"

text ‹
  Cormen~\emph{et\ al.}~\cite{cormen}\ use a similar `decision tree' model where an sorting 
  algorithm for lists of fixed size $n$ is modelled as a binary tree where each node is a 
  comparison of two elements. They also demand that every leaf in the tree be reachable in 
  order to avoid `dead' subtrees (if the algorithm makes redundant comparisons, there may be 
  branches that can never be taken). Then, the worst-case number of comparisons made is simply 
  the height of the tree.

  We chose a subtly different model that does not have this restriction on the algorithm but 
  instead uses a more semantic way of counting the worst-case number of comparisons: We simply 
  use the maximum number of comparisons that occurs for any of the (finitely many) inputs.

  We therefore first define a function that counts the number of queries for a specific
  ordering and then a function that counts the number of queries in the worst case (ranging 
  over a given set of allowed orderings; typically, this will be the set of all linear orders
  on the list).
primrec count_queries :: "('a × 'a) set  'a sorter  nat" where
  "count_queries _ (Return _)    = 0"
| "count_queries R (Query a b f) = Suc (count_queries R (f ((a, b)  R)))"

definition count_wc_queries :: "('a × 'a) set set  'a sorter  nat" where
  "count_wc_queries Rs sorter = (if Rs = {} then 0 else Max ((λR. count_queries R sorter) ` Rs))"

lemma count_wc_queries_empty [simp]: "count_wc_queries {} sorter = 0"
  by (simp add: count_wc_queries_def)

lemma count_wc_queries_aux:
  assumes "R. R  Rs  sorter = sorter' R" "Rs  Rs'" "finite Rs'"
  shows   "count_wc_queries Rs sorter  Max ((λR. count_queries R (sorter' R)) ` Rs')" 
proof (cases "Rs = {}")
  case False
  hence "count_wc_queries Rs sorter = Max ((λR. count_queries R sorter) ` Rs)"
    by (simp add: count_wc_queries_def)
  also have "(λR. count_queries R sorter) ` Rs = (λR. count_queries R (sorter' R)) ` Rs"
    by (intro image_cong refl) (simp_all add: assms)
  also have "Max   Max ((λR. count_queries R (sorter' R)) ` Rs')" using False
    by (intro Max_mono assms image_mono finite_imageI) auto
  finally show ?thesis .
qed simp_all

primrec eval_sorter :: "('a × 'a) set  'a sorter  'a list" where
  "eval_sorter _ (Return ys)   = ys"
| "eval_sorter R (Query a b f) = eval_sorter R (f ((a,b)  R))"
text ‹
  We now get an obvious bound on the maximum number of different results that a given sorter 
  can produce.
lemma card_range_eval_sorter:
  assumes "finite Rs"
  shows   "card ((λR. eval_sorter R e) ` Rs)  2 ^ count_wc_queries Rs e"
using assms
proof (induction e arbitrary: Rs)
  case (Return xs Rs)
  have *: "(λR. eval_sorter R (Return xs)) ` Rs = (if Rs = {} then {} else {xs})" by auto
  show ?case by (subst *) auto
  case (Query a b f Rs)
  have "f True  range f" "f False  range f" by simp_all
  note IH = this [THEN Query.IH]
  let ?Rs1 = "{RRs. (a, b)  R}" and ?Rs2 = "{RRs. (a, b)  R}"
  let ?A = "(λR. eval_sorter R (f True)) ` ?Rs1" and ?B = "(λR. eval_sorter R (f False)) ` ?Rs2"
  from Query.prems have fin: "finite ?Rs1" "finite ?Rs2" by simp_all

  have *: "(λR. eval_sorter R (Query a b f)) ` Rs  ?A  ?B"
  proof (intro subsetI, elim imageE, goal_cases)
    case (1 xs R)
    thus ?case by (cases "(a,b)  R") auto
  show ?case
  proof (cases "Rs = {}")
    case False
    have "card ((λR. eval_sorter R (Query a b f)) ` Rs)  card (?A  ?B)"
      by (intro card_mono finite_UnI finite_imageI fin *)
    also have "  card ?A + card ?B" by (rule card_Un_le)
    also have "  2 ^ count_wc_queries ?Rs1 (f True) + 2 ^ count_wc_queries ?Rs2 (f False)"
      by (intro add_mono IH fin)
    also have "count_wc_queries ?Rs1 (f True)  Max ((λR. count_queries R (f ((a,b)R))) ` Rs)"
      by (intro count_wc_queries_aux Query.prems) auto
    also have "count_wc_queries ?Rs2 (f False)  Max ((λR. count_queries R (f ((a,b)R))) ` Rs)"
      by (intro count_wc_queries_aux Query.prems) auto
    also have "2 ^  + 2 ^  = (2 ^ Suc  :: nat)" by simp
    also have "Suc (Max ((λR. count_queries R (f ((a,b)R))) ` Rs)) = 
                 Max (Suc ` ((λR. count_queries R (f ((a,b)R))) ` Rs))" using False
      by (intro mono_Max_commute finite_imageI Query.prems) (auto simp: incseq_def)
    also have "Suc ` ((λR. count_queries R (f ((a,b)R))) ` Rs) = 
                 (λR. Suc (count_queries R (f ((a,b)R)))) ` Rs" by (simp add: image_image)
    also have "Max  = count_wc_queries Rs (Query a b f)" using False
      by (auto simp add: count_wc_queries_def)
    finally show ?thesis by - simp_all
  qed simp_all

text ‹
  The following predicate describes what constitutes a valid sorting result for a given 
  ordering and a given input list. Note that when the ordering is linear, the result is
  actually unique.
definition is_sorting :: "('a × 'a) set  'a list  'a list  bool" where
  "is_sorting R xs ys  (mset xs = mset ys)  sorted_wrt R ys"

subsection ‹Lower bounds on number of comparisons›

text ‹
  For a list of $n$ distinct elements, there are $n!$ linear orderings on $n$ elements,
  each of which leads to a different result after sorting the original list. 
  Since a sorter can produce at most $2^k$ different results with $k$ comparisons, we get 
  the bound $2^k \geq n!$:
  fixes sorter :: "'a sorter" and xs :: "'a list"
  assumes distinct: "distinct xs"
  assumes sorter: "R. linorder_on (set xs) R  is_sorting R xs (eval_sorter R sorter)"
  defines "Rs  {R. linorder_on (set xs) R}"
  shows   two_power_count_queries_ge: "fact (length xs)  (2 ^ count_wc_queries Rs sorter :: nat)"
    and   count_queries_ge:           "log 2 (fact (length xs))  real (count_wc_queries Rs sorter)"
proof -
  have "Rs  Pow (set xs × set xs)" by (auto simp: Rs_def linorder_on_def refl_on_def)
  hence fin: "finite Rs" by (rule finite_subset) simp_all
  from assms have "fact (length xs) = card (permutations_of_set (set xs))"
    by (simp add: distinct_card)
  also have "permutations_of_set (set xs)  (λR. eval_sorter R sorter) ` Rs"
  proof (rule subsetI, goal_cases)
    case (1 ys)
    define R where "R = linorder_of_list ys"
    define zs where "zs = eval_sorter R sorter"
    from 1 and distinct have mset_ys: "mset ys = mset xs" 
      by (auto simp: set_eq_iff_mset_eq_distinct permutations_of_set_def)
    from 1 have *: "linorder_on (set xs) R" unfolding R_def using linorder_linorder_of_list[of ys]
      by (simp add: permutations_of_set_def)
    from sorter[OF this] have "mset xs = mset zs" "sorted_wrt R zs"
      by (simp_all add: is_sorting_def zs_def)
    moreover from 1 have "sorted_wrt R ys" unfolding R_def
      by (intro sorted_wrt_linorder_of_list) (simp_all add: permutations_of_set_def)
    ultimately have "zs = ys"
      by (intro sorted_wrt_linorder_unique[OF *]) (simp_all add: mset_ys)
    moreover from * have "R  Rs" by (simp add: Rs_def)
    ultimately show ?case unfolding zs_def by blast
  hence "card (permutations_of_set (set xs))  card ((λR. eval_sorter R sorter) ` Rs)"
    by (intro card_mono finite_imageI fin)
  also from fin have "  2 ^ count_wc_queries Rs sorter" by (rule card_range_eval_sorter)
  finally show *: "fact (length xs)  (2 ^ count_wc_queries Rs sorter :: nat)" .
  have "ln (fact (length xs)) = ln (real (fact (length xs)))" by simp
  also have "  ln (real (2 ^ count_wc_queries Rs sorter))"
  proof (subst ln_le_cancel_iff)
    show "real (fact (length xs))  real (2 ^ count_wc_queries Rs sorter)" 
      by (subst of_nat_le_iff) (rule *)
  qed simp_all
  also have " = real (count_wc_queries Rs sorter) * ln 2" by (simp add: ln_realpow)
  finally have "real (count_wc_queries Rs sorter)  ln (fact (length xs)) / ln 2" 
    by (simp add: field_simps)
  also have "ln (fact (length xs)) / ln 2 = log 2 (fact (length xs))" by (simp add: log_def)
  finally show **: "log 2 (fact (length xs))  real (count_wc_queries Rs sorter)" .

(* TODO: Good example for automation. Also, move. *)
lemma ln_fact_bigo: "(λn. ln (fact n) - (ln (2 * pi * n) / 2 + n * ln n - n))  O(λn. 1 / n)"
  and asymp_equiv_ln_fact [asymp_equiv_intros]: "(λn. ln (fact n)) ∼[at_top] (λn. n * ln n)"
proof -
  include asymp_equiv_notation
  define f where "f = (λn. ln (2 * pi * real n) / 2 + real n * ln (real n) - real n)"
  have "eventually (λn. ln (fact n) - f n  {0..1/(12*real n)}) at_top"
    using eventually_gt_at_top[of "1::nat"]
  proof eventually_elim
    case (elim n)
    with ln_fact_bounds[of n] show ?case by (simp add: f_def)
  hence "eventually (λn. norm (ln (fact n) - f n)  (1/12) * norm (1 / real n)) at_top"
    using eventually_gt_at_top[of "0::nat"] by eventually_elim (simp_all add: field_simps)
  thus "(λn. ln (fact n) - f n)  O(λn. 1 / real n)" 
    using bigoI[of "λn. ln (fact n) - f n" "1/12" "λn. 1 / real n"] by simp
  also have "(λn. 1 / real n)  o(f)" unfolding f_def by (intro smallo_real_nat_transfer) simp
  finally have "(λn. f n + (ln (fact n) - f n))  f"
    by (subst asymp_equiv_add_right) simp_all
  hence "(λn. ln (fact n))  f" by simp
  also have "f  (λn. n * ln n + (ln (2*pi*n)/2 - n))" by (simp add: f_def algebra_simps)
  also have "  (λn. n * ln n)" by (subst asymp_equiv_add_right) auto
  finally show "(λn. ln (fact n))  (λn. n * ln n)" .
text ‹
  This leads to the following well-known Big-Omega bound on the number of comparisons 
  that a general sorting algorithm has to make:
corollary count_queries_bigomega:
  fixes sorter :: "nat  nat sorter"
  assumes sorter: "n R. linorder_on {..<n} R  
                         is_sorting R [0..<n] (eval_sorter R (sorter n))"
  defines "Rs  λn. {R. linorder_on {..<n} R}"
  shows   "(λn. count_wc_queries (Rs n) (sorter n))  Ω(λn. n * ln n)"
proof -
  have "(λn. n * ln n)  Θ(λn. ln (fact n))"
    by (subst bigtheta_sym) (intro asymp_equiv_imp_bigtheta asymp_equiv_intros)
  also have "(λn. ln (fact n))  Θ(λn. log 2 (fact n))" by (simp add: log_def)
  also have "(λn. log 2 (fact n))  O(λn. count_wc_queries (Rs n) (sorter n))"
  proof (intro bigoI[where c = 1] always_eventually allI, goal_cases)
    case (1 n)
    have "norm (log 2 (fact n)) = log 2 (fact (length [0..<n]))" by simp
    also from sorter[of n] have "  real (count_wc_queries (Rs n) (sorter n))" 
      using count_queries_ge[of "[0..<n]" "sorter n"] by (auto simp: Rs_def atLeast0LessThan) 
    also have " = 1 * norm " by simp
    finally show ?case by simp
  finally show ?thesis by (simp add: bigomega_iff_bigo)