I've a LTS system below, and try to prove from a same start node to end node, the accept list would be empty. The condition is that the two nodes are both the accept node(final node), thus the idea is simple.
type_synonym ('q,'a) LTS = "('q * 'a set * 'q) set"
inductive LTS_is_reachable :: "('q, 'a) LTS ⇒ ('q * 'q) set ⇒ 'q ⇒ 'a list ⇒ 'q ⇒ bool" for Δ and Δ' where
LTS_Empty[intro!]: "LTS_is_reachable Δ Δ' q [] q" |
LTS_Step1: "LTS_is_reachable Δ Δ' q l q'" if "(q, q'') ∈ Δ'" and "LTS_is_reachable Δ Δ' q'' l q'" |
LTS_Step2[intro!]: "LTS_is_reachable Δ Δ' q (a # w) q'" if "a ∈ σ" and "(q, σ, q'') ∈ Δ" and "LTS_is_reachable Δ Δ' q'' w q'"
The lemma I try to prove is
lemma "LTS_is_reachable Δ Δ' end x end ⟹ ∀(p, σ, q) ∈ Δ. p ≠ end ⟹ ∀(p, q) ∈ Δ'. p = end ⟶ q = end ⟹ x = []"
The ∀(p, σ, q) ∈ Δ. p ≠ end is easy to understand that no transition starts from the final node to the second ∀(p, q) ∈ Δ'. p = end ⟶ q = end means that the first node can not be the final node, except the second is the final node. I could prove it by induction.
Thanks in advance.
