I'm very new to Isabelle and proof obligations, and I'm currently translating a VDM model I made of the 'Dots and Boxes' game (the basic VDM type translations were provided for us).
So far I have two record types, a Dot:
record Dot =
pos_x :: VDMNat1
pos_y :: VDMNat1
..and a Move (made up of two Dot's):
record Move =
dot_a :: Dot
dot_b :: Dot
..but now I'm attempting to translate a sequence of those Move's and am experiencing a strange error with the invariant:
type_synonym Moves = "Move VDMSet"
definition inv_Moves :: "Moves ⇒ "
where "inv_Moves ms ≡
int (card ms) ≤ MAX_MOVES ∧
(∀ m . m ∈ ms ⟶
inv_Move m ∧
pos_x dot_a m > 0 ∧
pos_y dot_a m > 0 ∧
pos_x dot_b m > 0 ∧
pos_y dot_b m > 0 ∧
pos_x dot_a m ≤ BOARD_WIDTH ∧
pos_y dot_a m ≤ BOARD_HEIGHT ∧
pos_x dot_b m ≤ BOARD_WIDTH ∧
pos_y dot_b m ≤ BOARD_HEIGHT ∧
inverse_move m ∉ ms)"
I know the invariant is probably worse than just this error, but as far as I can tell from the error it's having an issue with the multiple calls to the record fields; i.e. passing dot_a to pos_x instead of the result of dot_a m. The only solution I can think of is to manipulate the order of operations but I'm not sure how to achieve this as pos_x dot_a m = pos_x (dot_a m).
Any help would be much appreciated!
