空的三角洲引理证明在伊莎贝尔(Isabelle)
我已经定义了下文的归纳谓词。在这里,我想证明一个称为emptydelta1的显而易见的引理。但是这里似乎存在一些问题。
type_synonym ('q,'a) LTS = "('q * 'a set * 'q) set"
inductive LTS_is_reachable :: "('q, 'a) LTS ⇒ ('q * 'q) set ⇒ 'q ⇒ 'a list ⇒ 'q ⇒ bool" where
LTS_Empty[intro!]:"LTS_is_reachable Δ Δ' q [] q"|
LTS_Step1:"(q, q'') ∈ Δ' ∧ LTS_is_reachable Δ Δ' q'' l q' ⟹ LTS_is_reachable Δ Δ' q l q'" |
LTS_Step2[intro!]:"a ∈ σ ∧ (q, σ, q'') ∈ Δ ∧ LTS_is_reachable Δ Δ' q'' w q' ⟹ LTS_is_reachable Δ Δ' q (a # w) q'"
引理是
lemma "LTS_is_reachable {} Δ' p x q ⟹ x = []"
proof(induction rule:LTS_is_reachable.cases)
case (LTS_Empty Δ Δ' q)
then show ?case by auto
next
case (LTS_Step1 q q'' Δ' Δ l q')
then show ?case apply simp sorry
next
case (LTS_Step2 a σ q q'' Δ Δ' w q')
then show ?case by auto
qed
想法:BeaCause来自Delta1的列表中的元素,因此当Delta1为空时,列表的结果必须为空。
任何帮助将不胜感激!
I have defined an inductive predicate as below. And here i want to prove an obvious lemma which called emptyDelta1. But it seems that there exists some questions here.
type_synonym ('q,'a) LTS = "('q * 'a set * 'q) set"
inductive LTS_is_reachable :: "('q, 'a) LTS ⇒ ('q * 'q) set ⇒ 'q ⇒ 'a list ⇒ 'q ⇒ bool" where
LTS_Empty[intro!]:"LTS_is_reachable Δ Δ' q [] q"|
LTS_Step1:"(q, q'') ∈ Δ' ∧ LTS_is_reachable Δ Δ' q'' l q' ⟹ LTS_is_reachable Δ Δ' q l q'" |
LTS_Step2[intro!]:"a ∈ σ ∧ (q, σ, q'') ∈ Δ ∧ LTS_is_reachable Δ Δ' q'' w q' ⟹ LTS_is_reachable Δ Δ' q (a # w) q'"
The lemma is
lemma "LTS_is_reachable {} Δ' p x q ⟹ x = []"
proof(induction rule:LTS_is_reachable.cases)
case (LTS_Empty Δ Δ' q)
then show ?case by auto
next
case (LTS_Step1 q q'' Δ' Δ l q')
then show ?case apply simp sorry
next
case (LTS_Step2 a σ q q'' Δ Δ' w q')
then show ?case by auto
qed
Idea: beacause the element in list which comes from the Delta1, so that when the delta1 is empty, that the result of list must be empty.
Any helps will be appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,您应该对您的定义进行一些改进,以
lts_is_reachable:请注意,参数
Δ和Δ'是固定参数(即它们不会更改)。因此,您应该通过使用子句的encuctive定义的子句来提示isabelle。这样,伊莎贝尔能够生成更简单的归纳规则。您应该尝试避免使用
进行复合假设,而是使用或更好的是,ISAR构造如果 和>和。这样,您允许更简单的证据和更好的自动化。也就是说,您改进的
lts_is_reachable的定义如下:关于引理的证明,您应使用
lts_is_reachable.indable.induct.induct而不是lts_is_reachable.cases作为通过计算诱导进行证明的规则。这样,您可以轻松地证明自己的引理如下:或者,较短,如下所示:
希望这会有所帮助。
Firstly, there are a couple of improvements that should be made to your definition of
LTS_is_reachable:Note that the parameters
ΔandΔ'are fixed parameters (i.e., they do not change). Thus, you should hint Isabelle by using theforclause of theinductivedefinition. This way, Isabelle is able to generate a simpler induction rule.You should try to avoid
∧for compound assumptions and instead use⟹or, even better, the Isar constructsifandand. This way, you allow for simpler proofs and better automation.That is, your improved definition of
LTS_is_reachableis the following:Regarding the proof of your lemma, you should use
LTS_is_reachable.inductinstead ofLTS_is_reachable.casesas the rule for a proof by computation induction. This way, you can easily prove your lemma as follows:Or, much shorter, as follows:
Hope this helps.