I have defined a labeled transition system, and the function which accpets the list that system could reach. For convinence, I defined another funtion used for collecting reachable states. And I want to prove the relation between these two functions.
type_synonym ('q,'a) LTS = "('q * 'a set * 'q) set"
primrec LTS_is_reachable :: "('q, 'a) LTS \<Rightarrow> 'q \<Rightarrow> 'a list \<Rightarrow> 'q \<Rightarrow> bool" where
"LTS_is_reachable \<Delta> q [] q' = (q = q')"|
"LTS_is_reachable \<Delta> q (a # w) q' =
(\<exists>q'' \<sigma>. a \<in> \<sigma> \<and> (q, \<sigma>, q'') \<in> \<Delta> \<and> LTS_is_reachable \<Delta> q'' w q')"
primrec LTS_is_reachable_set :: "('q, 'a) LTS ⇒ 'q ⇒ 'a list ⇒ 'q set" where
"LTS_is_reachable_set Δ q [] = {q}"|
"LTS_is_reachable_set Δ q (a # w) = \<Union> ((λ(q, σ, q''). if a \<in> σ then LTS_is_reachable_set Δ q'' w else {}) ` Δ)"
lemma "LTS_is_reachable Δ q1 w q2 \<Longrightarrow> q2\<in>(LTS_is_reachable_set Δ q1 w)"
apply (induct w)
apply simp
Have such a lemma, I don't know how to prove it.
The subgoal is here:
⋀a w. (LTS_is_reachable Δ q1 w q2 ⟹ q2 ∈ LTS_is_reachable_set Δ q1 w) ⟹
∃q'' σ. a ∈ σ ∧ (q1, σ, q'') ∈ Δ ∧ LTS_is_reachable Δ q'' w q2 ⟹
∃x∈Δ. q2 ∈ (case x of (q, σ, q'') ⇒ if a ∈ σ then LTS_is_reachable_set Δ q'' w else {})
There is a problem with your example beyond how to prove the lemma: Your definition of LTS_is_reachable_set is buggy. Consider the second equation of this definition:
"LTS_is_reachable_set Δ q (a # w) = ⋃ ((λ(q, σ, q''). ...
The issue here is that variable q in λ(q, σ, q'') is not the same as the parameter q in the left-hand side. Therefore, you should rename q in the right-hand side to, for example, q' and explicitly check that q and q' are equal as follows:
"LTS_is_reachable_set Δ q (a # w) = ⋃ ((λ(q', σ, q''). if a ∈ σ ∧ q' = q then ...
Now, you can prove your lemma by induction on w as you intended to do it. However, you need to weaken the induction hypotheses by making q1 an arbitrary value so you can effectively apply it in your proof. Here's an example of how you can prove your lemma:
lemma "LTS_is_reachable Δ q1 w q2 ⟹ q2 ∈ LTS_is_reachable_set Δ q1 w"
proof (induction w arbitrary: q1)
case Nil
then show ?case
by simp
next
case (Cons a w)
from `LTS_is_reachable Δ q1 (a # w) q2`
obtain q'' and σ
where "a ∈ σ" and "(q1, σ, q'') ∈ Δ" and "LTS_is_reachable Δ q'' w q2"
by auto
moreover from `LTS_is_reachable Δ q'' w q2` and Cons.IH
have "q2 ∈ LTS_is_reachable_set Δ q'' w"
by simp
ultimately show ?case
by fastforce
qed