用Isabelle证明一个递归函数_Isabelle_Theorem Proving

用Isabelle证明一个递归函数

isabelle

用Isabelle证明一个递归函数,isabelle,theorem-proving,Isabelle,Theorem Proving,我定义了以下递归函数： primrec span :: "('a ⇒ bool) ⇒ 'a list ⇒ 'a list * 'a list" where "span P [] = ([], [])" | "span P (x#xs) = (let (ys, zs) = span P xs in if P x then (x#ys, zs) else (ys, x#zs))" 将一个列表由一个筛选器 P拆分为两个子列表，

我定义了以下递归函数：

primrec span :: "('a ⇒ bool) ⇒ 'a list ⇒ 'a list * 'a list" where
"span P [] = ([], [])"
| "span P (x#xs) = 
  (let (ys, zs) = span P xs in 
   if P x then (x#ys, zs) else (ys, x#zs))"

将一个列表由一个筛选器<代码> P<代码>拆分为两个子列表，并在中间插入<代码> x <代码>。现在我想证明以下引理：

lemma invariant_length:
shows "length (fst (span P l)) + length (snd (span P l)) = length l"

我用归纳法做了证明

lemma invariant_length:
shows "length (fst (span P l)) + length (snd (span P l)) = length l"
proof (induction l)
case Nil
  then show ?case by auto
next
  case (Cons a l)
  show ?case
  proof(cases "P a")
    case True
    then have "span P (a # l) = (a # fst (span P l), snd (span P l))"
      by [where I stuck]
    then have "length (fst (span P (a # l))) + length (snd (span P (a # l))) 
               = length (a # fst (span P l)) + length(snd (span P l)) " 
      by simp
    then have "length (fst (span P (a # l))) + length (snd (span P (a # l))) 
               = Suc(length (fst (span P l))) + length(snd (span P l)) " 
      by simp
    with Cons have "length (fst (span P (a # l))) + length (snd (span P (a # l))) = Suc (length l)" 
      by simp
    then show ?thesis by simp
  next
    case False
        then have "span P (a # l) = (fst (span P l), a # snd (span P l))"
      by [where I stuck]
    then have "length (fst (span P (a # l))) + length (snd (span P (a # l))) 
               = length (fst (span P l)) + length(a # snd (span P l)) " 
      by simp
    then have "length (fst (span P (a # l))) + length (snd (span P (a # l))) 
               = length (fst (span P l)) + Suc(length(snd (span P l)))" 
      by simp
    with Cons have "length (fst (span P (a # l))) + length (snd (span P (a # l))) = Suc (length l)" 
      by simp
    then show ?thesis by simp
  qed
qed

在感应步骤中，我卡在两种情况中的第一步，我将其标记为

[卡在哪里]

。我试着在这里使用

auto

或

simp

，但伊莎贝尔说

Failed to finish proof⌂:
goal (1 subgoal):
 1. P a ⟹ (case span P l of (ys, x) ⇒ (a # ys, x)) = (a # fst (span P l), snd (span P l))

如何继续？

请不要只发布代码作为答案，还要解释代码的作用以及如何解决问题。带有解释的答案通常更有帮助，质量更好，更容易吸引选票。

lemma invariant_length:
  "length (fst (span P l)) + length (snd (span P l)) = length l"
  by (induction l; simp add: prod.case_eq_if)