Unique Maximum Element (#113)

* Unique minimum proof

* adding unique maximum and updating structure

* format

* format

* remove duplicates in dafny subfolder

* remove empty line

* space fix

* remove equivalence relation and symmetric

* format space

* comment style

* comments again

* refinement

* naming

* naming

* fix typos

* remove empty space

* remove line

* format

* newline

* format

Author: stefan-aws

src/Collections/Sets/Sets.dfy

@@ -14,10 +14,12 @@
  *******************************************************************************/
 
 include "../../Functions.dfy"
+include "../../Relations.dfy"
 
 module {:options "-functionSyntax:4"} Sets {
 
   import opened Functions
+  import opened Relations
 
   /* If all elements in set x are in set y, x is a subset of y. */
   lemma LemmaSubset<T>(x: set<T>, y: set<T>)
@@ -236,4 +238,87 @@ module {:options "-functionSyntax:4"} Sets {
     LemmaSubsetSize(x, range);
   }
 
+  /** In a pre-ordered set, a greatest element is necessarily maximal. */
+  lemma LemmaGreatestImpliesMaximal<T(!new)>(R: (T, T) -> bool, max: T, s: set<T>)
+    requires PreOrdering(R)
+    ensures IsGreatest(R, max, s) ==> IsMaximal(R, max, s)
+  {
+  }
+
+  /** In a pre-ordered set, a least element is necessarily minimal. */
+  lemma LemmaLeastImpliesMinimal<T(!new)>(R: (T, T) -> bool, min: T, s: set<T>)
+    requires PreOrdering(R)
+    ensures IsLeast(R, min, s) ==> IsMinimal(R, min, s)
+  {
+  }
+
+  /** In a totally-ordered set, an element is maximal if and only if it is a greatest element. */
+  lemma LemmaMaximalEquivalentGreatest<T(!new)>(R: (T, T) -> bool, max: T, s: set<T>)
+    requires TotalOrdering(R)
+    ensures IsGreatest(R, max, s) <==> IsMaximal(R, max, s)
+  {
+  }
+
+  /** In a totally-ordered set, an element is minimal if and only if it is a least element. */
+  lemma LemmaMinimalEquivalentLeast<T(!new)>(R: (T, T) -> bool, min: T, s: set<T>)
+    requires TotalOrdering(R)
+    ensures IsLeast(R, min, s) <==> IsMinimal(R, min, s)
+  {
+  }
+
+  /** In a partially-ordered set, there exists at most one least element. */
+  lemma LemmaLeastIsUnique<T(!new)>(R: (T, T) -> bool, s: set<T>)
+    requires PartialOrdering(R)
+    ensures forall min, min' | IsLeast(R, min, s) && IsLeast(R, min', s) :: min == min'
+  {}
+
+  /** In a partially-ordered set, there exists at most one greatest element. */
+  lemma LemmaGreatestIsUnique<T(!new)>(R: (T, T) -> bool, s: set<T>)
+    requires PartialOrdering(R)
+    ensures forall max, max' | IsGreatest(R, max, s) && IsGreatest(R, max', s) :: max == max'
+  {}
+
+  /** In a totally-ordered set, there exists at most one minimal element. */
+  lemma LemmaMinimalIsUnique<T(!new)>(R: (T, T) -> bool, s: set<T>)
+    requires TotalOrdering(R)
+    ensures forall min, min' | IsMinimal(R, min, s) && IsMinimal(R, min', s) :: min == min'
+  {}
+
+  /** In a totally-ordered set, there exists at most one maximal element. */
+  lemma LemmaMaximalIsUnique<T(!new)>(R: (T, T) -> bool, s: set<T>)
+    requires TotalOrdering(R)
+    ensures forall max, max' | IsMaximal(R, max, s) && IsMaximal(R, max', s) :: max == max'
+  {}
+
+  /** Any totally-ordered set contains a unique minimal (equivalently, least) element. */
+  lemma LemmaFindUniqueMinimal<T(!new)>(R: (T, T) -> bool, s: set<T>) returns (min: T)
+    requires |s| > 0 && TotalOrdering(R)
+    ensures IsMinimal(R, min, s) && (forall min': T | IsMinimal(R, min', s) :: min == min')
+  {
+    var x :| x in s;
+    if s == {x} {
+      min := x;
+    } else {
+      var min' := LemmaFindUniqueMinimal(R, s - {x});
+      if
+      case R(min', x) => min := min';
+      case R(x, min') => min := x;
+    }
+  }
+
+  /** Any totally ordered set contains a unique maximal (equivalently, greatest) element. */
+  lemma LemmaFindUniqueMaximal<T(!new)>(R: (T, T) -> bool, s: set<T>) returns (max: T)
+    requires |s| > 0 && TotalOrdering(R)
+    ensures IsMaximal(R, max, s) && (forall max': T | IsMaximal(R, max', s) :: max == max')
+  {
+    var x :| x in s;
+    if s == {x} {
+      max := x;
+    } else {
+      var max' := LemmaFindUniqueMaximal(R, s - {x});
+      if
+      case R(max', x) => max := x;
+      case R(x, max') => max := max';
+    }
+  }
 }

src/Relations.dfy

@@ -49,6 +49,17 @@ module {:options "-functionSyntax:4"} Relations {
     && Connected(R)
   }
 
+  ghost predicate PreOrdering<T(!new)>(R: (T, T) -> bool) {
+    && Reflexive(R)
+    && Transitive(R)
+  }
+
+  ghost predicate PartialOrdering<T(!new)>(R: (T, T) -> bool) {
+    && Reflexive(R)
+    && Transitive(R)
+    && AntiSymmetric(R)
+  }
+
   ghost predicate EquivalenceRelation<T(!new)>(R: (T, T) -> bool) {
     && Reflexive(R)
     && Symmetric(R)
@@ -59,25 +70,26 @@ module {:options "-functionSyntax:4"} Relations {
     forall i, j | 0 <= i < j < |a| :: lessThan(a[i], a[j])
   }
 
-  /* An element in an ordered set is called minimal, if it is less than every element of the set. */
-  ghost predicate IsMinimum<T>(R: (T, T) -> bool, m: T, s: set<T>) {
-    m in s && forall y: T | y in s :: R(m, y)
-  }
-
-  /* Any totally ordered set contains a unique minimal element. */
-  lemma LemmaUniqueMinimum<T(!new)>(R: (T, T) -> bool, s: set<T>) returns (m: T)
-    requires |s| > 0 && TotalOrdering(R)
-    ensures IsMinimum(R, m, s) && (forall n: T | IsMinimum(R, n, s) :: m == n)
-  {
-    var x :| x in s;
-    if s == {x} {
-      m := x;
-    } else {
-      var m' := LemmaUniqueMinimum(R, s - {x});
-      if
-      case R(m', x) => m := m';
-      case R(x, m') => m := x;
-    }
+  /** An element in an ordered set is called a least element (or a minimum), if it is less than 
+      every other element of the set. */
+  ghost predicate IsLeast<T>(R: (T, T) -> bool, min: T, s: set<T>) {
+    min in s && forall x | x in s :: R(min, x)
+  }
+
+  /** An element in an ordered set is called a minimal element, if no other element is less than it. */
+  ghost predicate IsMinimal<T>(R: (T, T) -> bool, min: T, s: set<T>) {
+    min in s && forall x | x in s && R(x, min) ::  R(min, x)
+  }
+
+  /** An element in an ordered set is called a greatest element (or a maximum), if it is greater than 
+      every other element of the set. */
+  ghost predicate IsGreatest<T>(R: (T, T) -> bool, max: T, s: set<T>) {
+    max in s && forall x | x in s :: R(x, max)
+  }
+
+  /** An element in an ordered set is called a maximal element, if no other element is greater than it. */
+  ghost predicate IsMaximal<T>(R: (T, T) -> bool, max: T, s: set<T>) {
+    max in s && forall x | x in s && R(max, x) :: R(x, max)
   }
 
   lemma LemmaNewFirstElementStillSortedBy<T>(x: T, s: seq<T>, lessThan: (T, T) -> bool)

src/dafny/Collections/Sets.dfy

@@ -236,4 +236,87 @@ module {:options "-functionSyntax:4"} Dafny.Collections.Sets {
     LemmaSubsetSize(x, range);
   }
 
+  /** In a pre-ordered set, a greatest element is necessarily maximal. */
+  lemma LemmaGreatestImpliesMaximal<T(!new)>(R: (T, T) -> bool, max: T, s: set<T>)
+    requires PreOrdering(R)
+    ensures IsGreatest(R, max, s) ==> IsMaximal(R, max, s)
+  {
+  }
+
+  /** In a pre-ordered set, a least element is necessarily minimal. */
+  lemma LemmaLeastImpliesMinimal<T(!new)>(R: (T, T) -> bool, min: T, s: set<T>)
+    requires PreOrdering(R)
+    ensures IsLeast(R, min, s) ==> IsMinimal(R, min, s)
+  {
+  }
+
+  /** In a totally-ordered set, an element is maximal if and only if it is a greatest element. */
+  lemma LemmaMaximalEquivalentGreatest<T(!new)>(R: (T, T) -> bool, max: T, s: set<T>)
+    requires TotalOrdering(R)
+    ensures IsGreatest(R, max, s) <==> IsMaximal(R, max, s)
+  {
+  }
+
+  /** In a totally-ordered set, an element is minimal if and only if it is a least element. */
+  lemma LemmaMinimalEquivalentLeast<T(!new)>(R: (T, T) -> bool, min: T, s: set<T>)
+    requires TotalOrdering(R)
+    ensures IsLeast(R, min, s) <==> IsMinimal(R, min, s)
+  {
+  }
+
+  /** In a partially-ordered set, there exists at most one least element. */
+  lemma LemmaLeastIsUnique<T(!new)>(R: (T, T) -> bool, s: set<T>)
+    requires PartialOrdering(R)
+    ensures forall min, min' | IsLeast(R, min, s) && IsLeast(R, min', s) :: min == min'
+  {}
+
+  /** In a partially-ordered set, there exists at most one greatest element. */
+  lemma LemmaGreatestIsUnique<T(!new)>(R: (T, T) -> bool, s: set<T>)
+    requires PartialOrdering(R)
+    ensures forall max, max' | IsGreatest(R, max, s) && IsGreatest(R, max', s) :: max == max'
+  {}
+
+  /** In a totally-ordered set, there exists at most one minimal element. */
+  lemma LemmaMinimalIsUnique<T(!new)>(R: (T, T) -> bool, s: set<T>)
+    requires TotalOrdering(R)
+    ensures forall min, min' | IsMinimal(R, min, s) && IsMinimal(R, min', s) :: min == min'
+  {}
+
+  /** In a totally-ordered set, there exists at most one maximal element. */
+  lemma LemmaMaximalIsUnique<T(!new)>(R: (T, T) -> bool, s: set<T>)
+    requires TotalOrdering(R)
+    ensures forall max, max' | IsMaximal(R, max, s) && IsMaximal(R, max', s) :: max == max'
+  {}
+
+  /** Any totally-ordered set contains a unique minimal (equivalently, least) element. */
+  lemma LemmaFindUniqueMinimal<T(!new)>(R: (T, T) -> bool, s: set<T>) returns (min: T)
+    requires |s| > 0 && TotalOrdering(R)
+    ensures IsMinimal(R, min, s) && (forall min': T | IsMinimal(R, min', s) :: min == min')
+  {
+    var x :| x in s;
+    if s == {x} {
+      min := x;
+    } else {
+      var min' := LemmaFindUniqueMinimal(R, s - {x});
+      if
+      case R(min', x) => min := min';
+      case R(x, min') => min := x;
+    }
+  }
+
+  /** Any totally ordered set contains a unique maximal (equivalently, greatest) element. */
+  lemma LemmaFindUniqueMaximal<T(!new)>(R: (T, T) -> bool, s: set<T>) returns (max: T)
+    requires |s| > 0 && TotalOrdering(R)
+    ensures IsMaximal(R, max, s) && (forall max': T | IsMaximal(R, max', s) :: max == max')
+  {
+    var x :| x in s;
+    if s == {x} {
+      max := x;
+    } else {
+      var max' := LemmaFindUniqueMaximal(R, s - {x});
+      if
+      case R(max', x) => max := x;
+      case R(x, max') => max := max';
+    }
+  }
 }

src/dafny/Relations.dfy

@@ -75,9 +75,42 @@ module {:options "-functionSyntax:4"} Dafny.Relations {
     && Connected(R)
   }
 
+  ghost predicate PreOrdering<T(!new)>(R: (T, T) -> bool) {
+    && Reflexive(R)
+    && Transitive(R)
+  }
+
+  ghost predicate PartialOrdering<T(!new)>(R: (T, T) -> bool) {
+    && Reflexive(R)
+    && Transitive(R)
+    && AntiSymmetric(R)
+  }
+
   ghost predicate EquivalenceRelation<T(!new)>(R: (T, T) -> bool) {
     && Reflexive(R)
     && Symmetric(R)
     && Transitive(R)
   }
+
+  /** An element in an ordered set is called a least element (or a minimum), if it is less than 
+      every other element of the set. */
+  ghost predicate IsLeast<T>(R: (T, T) -> bool, min: T, s: set<T>) {
+    min in s && forall x | x in s :: R(min, x)
+  }
+
+  /** An element in an ordered set is called a minimal element, if no other element is less than it. */
+  ghost predicate IsMinimal<T>(R: (T, T) -> bool, min: T, s: set<T>) {
+    min in s && forall x | x in s && R(x, min) :: R(min, x)
+  }
+
+  /** An element in an ordered set is called a greatest element (or a maximum), if it is greater than 
+      every other element of the set. */
+  ghost predicate IsGreatest<T>(R: (T, T) -> bool, max: T, s: set<T>) {
+    max in s && forall x | x in s :: R(x, max)
+  }
+
+  /** An element in an ordered set is called a maximal element, if no other element is greater than it. */
+  ghost predicate IsMaximal<T>(R: (T, T) -> bool, max: T, s: set<T>) {
+    max in s && forall x | x in s && R(max, x) :: R(x, max)
+  }
 }