我创建了一个小证明,旨在创建一个在证明案例中使用next的示例:
theory RedGreen
imports Main
begin
datatype color = RED | GREEN
fun green :: "color => color"
where
"green RED = GREEN"
| "green GREEN = GREEN"
lemma disj_not: "P \<or> Q \<Longrightarrow> \<not>P \<longrightarrow> Q"
proof
assume disj: "P \<or> Q"
assume "\<not>P"
from this show "Q" using `P \<or> Q` by (simp)
qed
lemma redgreen: "x \<noteq> RED \<longrightarrow> x = GREEN"
proof
assume notred: "x \<noteq> RED"
have "x = RED \<or> x = GREEN" by (simp only: color.nchotomy)
from this show "x = GREEN" using notred by (simp add: disj_not)
qed
lemma "green x = GREEN"
proof cases
assume "x = RED"
from this show "green x = GREEN" by (simp)
next
assume "x \<noteq> RED"
from this have "x = GREEN" by (simp add: redgreen)
from this show "green x = GREEN" by (simp)
qed
这可以简化而不会丢失细节吗?使用一些神奇的技巧不是我想要的。改善使用Isar的风格是值得欢迎的。
答案 0 :(得分:2)
我的经验是,像disj_not和redgreen这样的低级(和临时)规则几乎没用。如果确实有必要,这很可能归因于某些自动化程度不足(通过适当的simp,intro,elim和dest规则。很高兴,在你的例子中,这些&#34;中间的引理&#34;根本没有必要(我不认为它们具有特殊的教育价值)。来到你的简化版本的问题。我认为这样做的一种规范方式如下:
lemma "green x = GREEN"
proof (cases x)
case RED
then show "green x = GREEN" by simp
next
case GREEN
then show "green x = GREEN" by simp
qed
自动生成的事实color.exhaust用于x类型的变量color上的案例证明。