使用 Isar 证明子目标时:
sem_reg r2 v =
{w. (Δ' (reg2nfa r2 v) = {} ∨ ℐ (reg2nfa r2 v) ≠ {} ∧ (∃q'∈ℱ (reg2nfa r2 v). ∃x∈Δ' (reg2nfa r2 v). case x of (q, q'') ⇒ LTS_is_reachable (Δ (reg2nfa r2 v)) q'' w q')) ∧
(Δ' (reg2nfa r2 v) = {} ⟶ (∃q∈ℐ (reg2nfa r2 v). ∃x∈ℱ (reg2nfa r2 v). LTS_is_reachable (Δ (reg2nfa r2 v)) q w x))} ⟹
sem_reg r1 v = {w. ∃q∈ℐ (reg2nfa r1 v). ∃x∈ℱ (reg2nfa r1 v). LTS_is_reachable (Δ (reg2nfa r1 v)) q w x} ⟹
¬ LTS_is_reachable (trans2Del1 r1 v ∪ trans2Del1 r2 v) (Node r1) x_ Accept ⟹
¬ LTS_is_reachable (trans2Del1 r1 v ∪ trans2Del1 r2 v) (Node r2) x_ Accept ⟹
Δ' (reg2nfa r1 v) = {} ⟹ q_ ∈ ℐ (reg2nfa r1 v) ⟹ xa_ ∈ ℱ (reg2nfa r1 v) ⟹ LTS_is_reachable (Δ (reg2nfa r1 v)) q_ x_ xa_ ⟹ False我写了一个这样的引理
lemma subGoal1: "sem_reg r2 v =
{w. (Δ' (reg2nfa r2 v) = {} ∨ ℐ (reg2nfa r2 v) ≠ {} ∧ (∃q'∈ℱ (reg2nfa r2 v). ∃x∈Δ' (reg2nfa r2 v). case x of (q, q'') ⇒ LTS_is_reachable (Δ (reg2nfa r2 v)) q'' w q')) ∧
(Δ' (reg2nfa r2 v) = {} ⟶ (∃q∈ℐ (reg2nfa r2 v). ∃x∈ℱ (reg2nfa r2 v). LTS_is_reachable (Δ (reg2nfa r2 v)) q w x))} ⟹
sem_reg r1 v = {w. ∃q∈ℐ (reg2nfa r1 v). ∃x∈ℱ (reg2nfa r1 v). LTS_is_reachable (Δ (reg2nfa r1 v)) q w x} ⟹¬ LTS_is_reachable (trans2Del1 r1 v ∪ trans2Del1 r2 v) (Node r1) x Accept ⟹
¬ LTS_is_reachable (trans2Del1 r1 v ∪ trans2Del1 r2 v) (Node r2) x Accept ⟹
Δ' (reg2nfa r1 v) = {} ⟹ q ∈ ℐ (reg2nfa r1 v) ⟹ xa ∈ ℱ (reg2nfa r1 v) ⟹ LTS_is_reachable (Δ (reg2nfa r1 v)) q x xa ⟹ False"
proof -
assume "sem_reg r2 v =
{w. (Δ' (reg2nfa r2 v) = {} ∨ ℐ (reg2nfa r2 v) ≠ {} ∧ (∃q'∈ℱ (reg2nfa r2 v). ∃x∈Δ' (reg2nfa r2 v). case x of (q, q'') ⇒ LTS_is_reachable (Δ (reg2nfa r2 v)) q'' w q')) ∧
(Δ' (reg2nfa r2 v) = {} ⟶ (∃q∈ℐ (reg2nfa r2 v). ∃x∈ℱ (reg2nfa r2 v). LTS_is_reachable (Δ (reg2nfa r2 v)) q w x))}" and
"sem_reg r1 v = {w. ∃q∈ℐ (reg2nfa r1 v). ∃x∈ℱ (reg2nfa r1 v). LTS_is_reachable (Δ (reg2nfa r1 v)) q w x}" and a3:"¬ LTS_is_reachable (trans2Del1 r1 v ∪ trans2Del1 r2 v) (Node r1) x Accept" and
"¬ LTS_is_reachable (trans2Del1 r1 v ∪ trans2Del1 r2 v) (Node r2) x Accept" and
"Δ' (reg2nfa r1 v) = {}" and "q ∈ ℐ (reg2nfa r1 v)" and a1:"xa ∈ ℱ (reg2nfa r1 v)" and a2:"LTS_is_reachable (Δ (reg2nfa r1 v)) q x xa"
then have c1:"q = Node r1" by auto
from a1 have c2:"xa = Accept" by auto
from a2 c1 c2 have c3:"LTS_is_reachable (Δ (reg2nfa r1 v)) (Node r1) x Accept" by auto
from a3 have c4:"¬ LTS_is_reachable (Δ (reg2nfa r1 v) ∪ Δ (reg2nfa r2 v)) (Node r1) x Accept" by (auto simp:transEqDel)
from c4 have c5:"¬ LTS_is_reachable (Δ (reg2nfa r1 v)) (Node r1) x Accept" by (auto simp:UnionE)
from c3 c5 show "False" by auto
qed但似乎 q_ 与 q 不匹配。所以这个证明不能成功,如何重命名或修复它。它提到了那个坏名字q_。
回答1
您正在以错误的方式处理这种情况。复制大量文本会导致各种问题。我建议您使用内置命令(本身称为“子目标”),而不是设置单独的引理并复制子目标的文本,以便您可以直接访问本地假设。它在参考手册的第 7.2 节中进行了描述,您可以在此处下载:
https://www.cl.cam.ac.uk/research/hvg/Isabelle/dist/Isabelle2021-1/doc/isar-ref.pdf
从您最初的子目标中可以清楚地看出您已经陷入困境。在最后一行中,我们看到名为 q_、x_、xa_ 的变量。带有尾随下划线的变量名是一个警告,表明您有一个致命的变量名冲突,因此您必须在达到问题顶部的子目标之前做错了什么。