Waverly% v41
Welcome to Clozure Common Lisp Version 1.6-dev-r14316M-trunk (DarwinX8632)!
ACL2 Version 4.1 built October 1, 2010 14:31:52.
Copyright (C) 2010 University of Texas at Austin
ACL2 comes with ABSOLUTELY NO WARRANTY. This is free software and you
are welcome to redistribute it under certain conditions. For details,
see the GNU General Public License.
Initialized with (INITIALIZE-ACL2 'INCLUDE-BOOK *ACL2-PASS-2-FILES*).
See the documentation topic note-4-1 for recent changes.
Note: We have modified the prompt in some underlying Lisps to further
distinguish it from the ACL2 prompt.
ACL2 Version 4.1. Level 1. Cbd "/Users/moore/".
Distributed books directory "/Users/moore/work/v4-1/acl2-sources/books/".
Type :help for help.
Type (good-bye) to quit completely out of ACL2.
ACL2 !>(ld "/v/filer4b/v11q001/text/acl2-work-01/reset-margins-for-demo.lisp")
ACL2 Version 4.1. Level 2. Cbd "/v/filer4b/v11q001/text/acl2-work-01/".
Distributed books directory "/Users/moore/work/v4-1/acl2-sources/books/".
Type :help for help.
Type (good-bye) to quit completely out of ACL2.
ACL2 !>> "ACL2"
ACL2 !>>
ACL2 !>>
ACL2 !>> (:WARN! . :OVERWRITE)
ACL2 !>>
TTAG NOTE: Adding ttag SHORT-MARGINS from the top level loop.
SHORT-MARGINS
ACL2 !>>
ACL2 Warning [Redef] in ( DEFCONST *PROOF-FAILURE-STRING*
...): *PROOF-FAILURE-STRING* redefined.
Summary
Form: ( DEFCONST *PROOF-FAILURE-STRING* ...)
Rules: NIL
Warnings: Redef
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
*PROOF-FAILURE-STRING*
ACL2 !>> (:QUERY . :OVERWRITE)
ACL2 !>>
Summary
Form: ( RESET-PREHISTORY NIL)
Rules: NIL
Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03)
:NEW-PREHISTORY-SET
ACL2 !>>Bye.
:EOF
ACL2 !>(defun ap (x y)
(if (endp x)
y
(cons (car x)
(ap (cdr x) y))))
The admission of AP is trivial, using the relation O<
(which is known to be well-founded on the domain recognized
by O-P) and the measure (ACL2-COUNT X). We observe
that the type of AP is described by the theorem
(OR (CONSP (AP X Y)) (EQUAL (AP X Y) Y)). We used primitive
type reasoning.
Summary
Form: ( DEFUN AP ...)
Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL))
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
AP
ACL2 !>(defun rev (x)
(if (endp x)
nil
(ap (rev (cdr x))
(list (car x)))))
The admission of REV is trivial, using the relation
O< (which is known to be well-founded on the domain
recognized by O-P) and the measure (ACL2-COUNT X).
We observe that the type of REV is described by the
theorem (OR (CONSP (REV X)) (EQUAL (REV X) NIL)). We
used primitive type reasoning and the :type-prescription
rule AP.
Summary
Form: ( DEFUN REV ...)
Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)
(:TYPE-PRESCRIPTION AP))
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
REV
ACL2 !>(rev '(1 2 3 0 1 2 3))
(3 2 1 0 3 2 1)
ACL2 !>(defun mem (e x)
(if (endp x)
nil
(if (equal e (car x))
t
(mem e (cdr x)))))
The admission of MEM is trivial, using the relation
O< (which is known to be well-founded on the domain
recognized by O-P) and the measure (ACL2-COUNT X).
We observe that the type of MEM is described by the
theorem (OR (EQUAL (MEM E X) T) (EQUAL (MEM E X) NIL)).
Summary
Form: ( DEFUN MEM ...)
Rules: NIL
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
MEM
ACL2 !>(mem 2 '(1 2 3 0 1 2 3))
T
ACL2 !>(mem 4 '(1 2 3 0 1 2 3))
NIL
ACL2 !>(defun has-dups (x)
(if (endp x)
nil
(if (mem (car x) (cdr x))
t
(has-dups (cdr x)))))
The admission of HAS-DUPS is trivial, using the relation
O< (which is known to be well-founded on the domain
recognized by O-P) and the measure (ACL2-COUNT X).
We observe that the type of HAS-DUPS is described by
the theorem
(OR (EQUAL (HAS-DUPS X) T) (EQUAL (HAS-DUPS X) NIL)).
Summary
Form: ( DEFUN HAS-DUPS ...)
Rules: NIL
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
HAS-DUPS
ACL2 !>(has-dups '(1 2 3 4 5))
NIL
ACL2 !>(has-dups '(1 2 3 4 3 1 5))
T
ACL2 !>(defthm problem-1
(equal (has-dups (rev x))
(has-dups x)))
Name the formula above *1.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(HAS-DUPS X). This suggestion was produced using the
:induction rules HAS-DUPS and REV. If we let (:P X)
denote *1 above then the induction scheme we'll use
is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (MEM (CAR X) (CDR X)))
(:P (CDR X)))
(:P X))
(IMPLIES (AND (NOT (ENDP X))
(MEM (CAR X) (CDR X)))
(:P X))
(IMPLIES (ENDP X) (:P X))).
This induction is justified by the same argument used
to admit HAS-DUPS. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
(IMPLIES (AND (NOT (ENDP X))
(NOT (MEM (CAR X) (CDR X)))
(EQUAL (HAS-DUPS (REV (CDR X)))
(HAS-DUPS (CDR X))))
(EQUAL (HAS-DUPS (REV X))
(HAS-DUPS X))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1/3'
(IMPLIES (AND (CONSP X)
(NOT (MEM (CAR X) (CDR X)))
(EQUAL (HAS-DUPS (REV (CDR X)))
(HAS-DUPS (CDR X))))
(EQUAL (HAS-DUPS (REV X))
(HAS-DUPS X))).
This simplifies, using the :definitions HAS-DUPS and
REV, to
Subgoal *1/3''
(IMPLIES (AND (CONSP X)
(NOT (MEM (CAR X) (CDR X)))
(EQUAL (HAS-DUPS (REV (CDR X)))
(HAS-DUPS (CDR X))))
(EQUAL (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))
(HAS-DUPS (CDR X)))).
The destructor terms (CAR X) and (CDR X) can be eliminated
by using CAR-CDR-ELIM to replace X by (CONS X1 X2),
(CAR X) by X1 and (CDR X) by X2. This produces the
following goal.
Subgoal *1/3'''
(IMPLIES (AND (CONSP (CONS X1 X2))
(NOT (MEM X1 X2))
(EQUAL (HAS-DUPS (REV X2))
(HAS-DUPS X2)))
(EQUAL (HAS-DUPS (AP (REV X2) (LIST X1)))
(HAS-DUPS X2))).
This simplifies, using primitive type reasoning, to
Subgoal *1/3'4'
(IMPLIES (AND (NOT (MEM X1 X2))
(EQUAL (HAS-DUPS (REV X2))
(HAS-DUPS X2)))
(EQUAL (HAS-DUPS (AP (REV X2) (LIST X1)))
(HAS-DUPS X2))).
We now use the second hypothesis by substituting
(HAS-DUPS (REV X2)) for (HAS-DUPS X2) and throwing away
the hypothesis. This produces
Subgoal *1/3'5'
(IMPLIES (NOT (MEM X1 X2))
(EQUAL (HAS-DUPS (AP (REV X2) (LIST X1)))
(HAS-DUPS (REV X2)))).
We generalize this conjecture, replacing (REV X2) by
RV. This produces
Subgoal *1/3'6'
(IMPLIES (NOT (MEM X1 X2))
(EQUAL (HAS-DUPS (AP RV (LIST X1)))
(HAS-DUPS RV))).
Name the formula above *1.1.
Subgoal *1/2
(IMPLIES (AND (NOT (ENDP X))
(MEM (CAR X) (CDR X)))
(EQUAL (HAS-DUPS (REV X))
(HAS-DUPS X))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1/2'
(IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X)))
(EQUAL (HAS-DUPS (REV X))
(HAS-DUPS X))).
This simplifies, using the :definitions HAS-DUPS and
REV, primitive type reasoning and the :type-prescription
rules HAS-DUPS and MEM, to
Subgoal *1/2''
(IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X)))
(HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))).
The destructor terms (CAR X) and (CDR X) can be eliminated
by using CAR-CDR-ELIM to replace X by (CONS X1 X2),
(CAR X) by X1 and (CDR X) by X2. This produces the
following goal.
Subgoal *1/2'''
(IMPLIES (AND (CONSP (CONS X1 X2)) (MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
This simplifies, using primitive type reasoning, to
Subgoal *1/2'4'
(IMPLIES (MEM X1 X2)
(HAS-DUPS (AP (REV X2) (LIST X1)))).
Name the formula above *1.2.
Subgoal *1/1
(IMPLIES (ENDP X)
(EQUAL (HAS-DUPS (REV X))
(HAS-DUPS X))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1/1'
(IMPLIES (NOT (CONSP X))
(EQUAL (HAS-DUPS (REV X))
(HAS-DUPS X))).
But simplification reduces this to T, using the :definitions
HAS-DUPS and REV and the :executable-counterparts of
EQUAL and HAS-DUPS.
So we now return to *1.2, which is
(IMPLIES (MEM X1 X2)
(HAS-DUPS (AP (REV X2) (LIST X1)))).
Perhaps we can prove *1.2 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(MEM X1 X2). This suggestion was produced using the
:induction rules MEM and REV. If we let (:P X1 X2)
denote *1.2 above then the induction scheme we'll use
is
(AND (IMPLIES (AND (NOT (ENDP X2))
(NOT (EQUAL X1 (CAR X2)))
(:P X1 (CDR X2)))
(:P X1 X2))
(IMPLIES (AND (NOT (ENDP X2))
(EQUAL X1 (CAR X2)))
(:P X1 X2))
(IMPLIES (ENDP X2) (:P X1 X2))).
This induction is justified by the same argument used
to admit MEM. When applied to the goal at hand the
above induction scheme produces four nontautological
subgoals.
Subgoal *1.2/4
(IMPLIES (AND (NOT (ENDP X2))
(NOT (EQUAL X1 (CAR X2)))
(HAS-DUPS (AP (REV (CDR X2)) (LIST X1)))
(MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2/4'
(IMPLIES (AND (CONSP X2)
(NOT (EQUAL X1 (CAR X2)))
(HAS-DUPS (AP (REV (CDR X2)) (LIST X1)))
(MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
This simplifies, using the :definitions MEM and REV
and primitive type reasoning, to
Subgoal *1.2/4''
(IMPLIES (AND (CONSP X2)
(NOT (EQUAL X1 (CAR X2)))
(HAS-DUPS (AP (REV (CDR X2)) (LIST X1)))
(MEM X1 (CDR X2)))
(HAS-DUPS (AP (AP (REV (CDR X2)) (LIST (CAR X2)))
(LIST X1)))).
The destructor terms (CAR X2) and (CDR X2) can be eliminated
by using CAR-CDR-ELIM to replace X2 by (CONS X3 X4),
(CAR X2) by X3 and (CDR X2) by X4. This produces the
following goal.
Subgoal *1.2/4'''
(IMPLIES (AND (CONSP (CONS X3 X4))
(NOT (EQUAL X1 X3))
(HAS-DUPS (AP (REV X4) (LIST X1)))
(MEM X1 X4))
(HAS-DUPS (AP (AP (REV X4) (LIST X3))
(LIST X1)))).
This simplifies, using primitive type reasoning, to
Subgoal *1.2/4'4'
(IMPLIES (AND (NOT (EQUAL X1 X3))
(HAS-DUPS (AP (REV X4) (LIST X1)))
(MEM X1 X4))
(HAS-DUPS (AP (AP (REV X4) (LIST X3))
(LIST X1)))).
We generalize this conjecture, replacing (REV X4) by
RV. This produces
Subgoal *1.2/4'5'
(IMPLIES (AND (NOT (EQUAL X1 X3))
(HAS-DUPS (AP RV (LIST X1)))
(MEM X1 X4))
(HAS-DUPS (AP (AP RV (LIST X3)) (LIST X1)))).
Name the formula above *1.2.1.
Subgoal *1.2/3
(IMPLIES (AND (NOT (ENDP X2))
(NOT (EQUAL X1 (CAR X2)))
(NOT (MEM X1 (CDR X2)))
(MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2/3'
(IMPLIES (AND (CONSP X2)
(NOT (EQUAL X1 (CAR X2)))
(NOT (MEM X1 (CDR X2)))
(MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
But simplification reduces this to T, using the :definition
MEM and primitive type reasoning.
Subgoal *1.2/2
(IMPLIES (AND (NOT (ENDP X2))
(EQUAL X1 (CAR X2))
(MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2/2'
(IMPLIES (AND (CONSP X2)
(EQUAL X1 (CAR X2))
(MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
This simplifies, using the :definitions MEM and REV
and primitive type reasoning, to
Subgoal *1.2/2''
(IMPLIES (CONSP X2)
(HAS-DUPS (AP (AP (REV (CDR X2)) (LIST (CAR X2)))
(LIST (CAR X2))))).
The destructor terms (CAR X2) and (CDR X2) can be eliminated
by using CAR-CDR-ELIM to replace X2 by (CONS X3 X4),
(CAR X2) by X3 and (CDR X2) by X4. This produces the
following goal.
Subgoal *1.2/2'''
(IMPLIES (CONSP (CONS X3 X4))
(HAS-DUPS (AP (AP (REV X4) (LIST X3))
(LIST X3)))).
This simplifies, using primitive type reasoning, to
Subgoal *1.2/2'4'
(HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3))).
Name the formula above *1.2.2.
Subgoal *1.2/1
(IMPLIES (AND (ENDP X2) (MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2/1'
(IMPLIES (AND (NOT (CONSP X2)) (MEM X1 X2))
(HAS-DUPS (AP (REV X2) (LIST X1)))).
But simplification reduces this to T, using the :definition
MEM.
So we now return to *1.2.2, which is
(HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3))).
Perhaps we can prove *1.2.2 by induction. One induction
scheme is suggested by this conjecture.
We will induct according to a scheme suggested by (REV X4).
This suggestion was produced using the :induction rule
REV. If we let (:P X3 X4) denote *1.2.2 above then
the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP X4)) (:P X3 (CDR X4)))
(:P X3 X4))
(IMPLIES (ENDP X4) (:P X3 X4))).
This induction is justified by the same argument used
to admit REV. When applied to the goal at hand the
above induction scheme produces two nontautological
subgoals.
Subgoal *1.2.2/2
(IMPLIES (AND (NOT (ENDP X4))
(HAS-DUPS (AP (AP (REV (CDR X4)) (LIST X3))
(LIST X3))))
(HAS-DUPS (AP (AP (REV X4) (LIST X3))
(LIST X3)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2/2'
(IMPLIES (AND (CONSP X4)
(HAS-DUPS (AP (AP (REV (CDR X4)) (LIST X3))
(LIST X3))))
(HAS-DUPS (AP (AP (REV X4) (LIST X3))
(LIST X3)))).
This simplifies, using the :definition REV, to
Subgoal *1.2.2/2''
(IMPLIES
(AND (CONSP X4)
(HAS-DUPS (AP (AP (REV (CDR X4)) (LIST X3))
(LIST X3))))
(HAS-DUPS (AP (AP (AP (REV (CDR X4)) (LIST (CAR X4)))
(LIST X3))
(LIST X3)))).
The destructor terms (CAR X4) and (CDR X4) can be eliminated
by using CAR-CDR-ELIM to replace X4 by (CONS X5 X6),
(CAR X4) by X5 and (CDR X4) by X6. This produces the
following goal.
Subgoal *1.2.2/2'''
(IMPLIES
(AND (CONSP (CONS X5 X6))
(HAS-DUPS (AP (AP (REV X6) (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP (AP (REV X6) (LIST X5)) (LIST X3))
(LIST X3)))).
This simplifies, using primitive type reasoning, to
Subgoal *1.2.2/2'4'
(IMPLIES
(HAS-DUPS (AP (AP (REV X6) (LIST X3)) (LIST X3)))
(HAS-DUPS (AP (AP (AP (REV X6) (LIST X5)) (LIST X3))
(LIST X3)))).
We generalize this conjecture, replacing (REV X6) by
RV. This produces
Subgoal *1.2.2/2'5'
(IMPLIES (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
Name the formula above *1.2.2.1.
Subgoal *1.2.2/1
(IMPLIES (ENDP X4)
(HAS-DUPS (AP (AP (REV X4) (LIST X3))
(LIST X3)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2/1'
(IMPLIES (NOT (CONSP X4))
(HAS-DUPS (AP (AP (REV X4) (LIST X3))
(LIST X3)))).
But simplification reduces this to T, using the :definitions
AP, HAS-DUPS, MEM and REV, the :executable-counterpart
of CONSP, primitive type reasoning and the :rewrite
rules CAR-CONS and CDR-CONS.
So we now return to *1.2.2.1, which is
(IMPLIES (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
Perhaps we can prove *1.2.2.1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(AP RV (CONS X5 'NIL)). This suggestion was produced
using the :induction rule AP. If we let (:P RV X3 X5)
denote *1.2.2.1 above then the induction scheme we'll
use is
(AND (IMPLIES (AND (NOT (ENDP RV))
(:P (CDR RV) X3 X5))
(:P RV X3 X5))
(IMPLIES (ENDP RV) (:P RV X3 X5))).
This induction is justified by the same argument used
to admit AP. When applied to the goal at hand the above
induction scheme produces three nontautological subgoals.
Subgoal *1.2.2.1/3
(IMPLIES
(AND (NOT (ENDP RV))
(HAS-DUPS (AP (AP (AP (CDR RV) (LIST X5)) (LIST X3))
(LIST X3)))
(HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1/3'
(IMPLIES
(AND (CONSP RV)
(HAS-DUPS (AP (AP (AP (CDR RV) (LIST X5)) (LIST X3))
(LIST X3)))
(HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
But simplification reduces this to T, using the :definitions
AP and HAS-DUPS, primitive type reasoning, the :rewrite
rules CAR-CONS and CDR-CONS and the :type-prescription
rule HAS-DUPS.
Subgoal *1.2.2.1/2
(IMPLIES
(AND
(NOT (ENDP RV))
(NOT (HAS-DUPS (AP (AP (CDR RV) (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1/2'
(IMPLIES
(AND
(CONSP RV)
(NOT (HAS-DUPS (AP (AP (CDR RV) (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
This simplifies, using the :definitions AP and HAS-DUPS,
primitive type reasoning, the :rewrite rules CAR-CONS
and CDR-CONS and the :type-prescription rule MEM, to
Subgoal *1.2.2.1/2''
(IMPLIES
(AND
(CONSP RV)
(NOT (HAS-DUPS (AP (AP (CDR RV) (LIST X3)) (LIST X3))))
(MEM (CAR RV)
(AP (AP (CDR RV) (LIST X3)) (LIST X3)))
(NOT (MEM (CAR RV)
(AP (AP (AP (CDR RV) (LIST X5)) (LIST X3))
(LIST X3)))))
(HAS-DUPS (AP (AP (AP (CDR RV) (LIST X5)) (LIST X3))
(LIST X3)))).
The destructor terms (CAR RV) and (CDR RV) can be eliminated
by using CAR-CDR-ELIM to replace RV by (CONS RV1 RV2),
(CAR RV) by RV1 and (CDR RV) by RV2. This produces
the following goal.
Subgoal *1.2.2.1/2'''
(IMPLIES
(AND (CONSP (CONS RV1 RV2))
(NOT (HAS-DUPS (AP (AP RV2 (LIST X3)) (LIST X3))))
(MEM RV1 (AP (AP RV2 (LIST X3)) (LIST X3)))
(NOT (MEM RV1
(AP (AP (AP RV2 (LIST X5)) (LIST X3))
(LIST X3)))))
(HAS-DUPS (AP (AP (AP RV2 (LIST X5)) (LIST X3))
(LIST X3)))).
This simplifies, using primitive type reasoning, to
Subgoal *1.2.2.1/2'4'
(IMPLIES
(AND (NOT (HAS-DUPS (AP (AP RV2 (LIST X3)) (LIST X3))))
(MEM RV1 (AP (AP RV2 (LIST X3)) (LIST X3)))
(NOT (MEM RV1
(AP (AP (AP RV2 (LIST X5)) (LIST X3))
(LIST X3)))))
(HAS-DUPS (AP (AP (AP RV2 (LIST X5)) (LIST X3))
(LIST X3)))).
We generalize this conjecture, replacing (AP RV2 (LIST X5))
by L and (AP RV2 (LIST X3)) by LST and restricting the
types of the new variables L and LST to be those of
the terms they replace, as established by primitive
type reasoning and AP. This produces
Subgoal *1.2.2.1/2'5'
(IMPLIES
(AND (CONSP L)
(CONSP LST)
(NOT (HAS-DUPS (AP LST (LIST X3))))
(MEM RV1 (AP LST (LIST X3)))
(NOT (MEM RV1 (AP (AP L (LIST X3)) (LIST X3)))))
(HAS-DUPS (AP (AP L (LIST X3)) (LIST X3)))).
We generalize this conjecture, replacing (AP L (LIST X3))
by L0 and (AP LST (LIST X3)) by L1 and restricting the
types of the new variables L0 and L1 to be those of
the terms they replace, as established by primitive
type reasoning and AP. This produces
Subgoal *1.2.2.1/2'6'
(IMPLIES (AND (CONSP L0)
(CONSP L1)
(CONSP L)
(CONSP LST)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 (AP L0 (LIST X3)))))
(HAS-DUPS (AP L0 (LIST X3)))).
We generalize this conjecture, replacing (AP L0 (LIST X3))
by L2 and restricting the type of the new variable L2
to be that of the term it replaces, as established by
primitive type reasoning and AP. This produces
Subgoal *1.2.2.1/2'7'
(IMPLIES (AND (CONSP L2)
(CONSP L0)
(CONSP L1)
(CONSP L)
(CONSP LST)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
We suspect that the terms (CONSP LST), (CONSP L) and
(CONSP L0) are irrelevant to the truth of this conjecture
and throw them out. We will thus try to prove
Subgoal *1.2.2.1/2'8'
(IMPLIES (AND (CONSP L2)
(CONSP L1)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
Name the formula above *1.2.2.1.1.
Subgoal *1.2.2.1/1
(IMPLIES (AND (ENDP RV)
(HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1/1'
(IMPLIES (AND (NOT (CONSP RV))
(HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
But simplification reduces this to T, using the :definitions
AP, HAS-DUPS and MEM, the :executable-counterpart of
CONSP, primitive type reasoning and the :rewrite rules
CAR-CONS and CDR-CONS.
So we now return to *1.2.2.1.1, which is
(IMPLIES (AND (CONSP L2)
(CONSP L1)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
Perhaps we can prove *1.2.2.1.1 by induction. Four
induction schemes are suggested by this conjecture.
These merge into two derived induction schemes. We
will choose arbitrarily among these.
We will induct according to a scheme suggested by
(MEM RV1 L1). This suggestion was produced using the
:induction rules HAS-DUPS and MEM. If we let
(:P L1 L2 RV1) denote *1.2.2.1.1 above then the induction
scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP L1))
(NOT (EQUAL RV1 (CAR L1)))
(:P (CDR L1) L2 RV1))
(:P L1 L2 RV1))
(IMPLIES (AND (NOT (ENDP L1))
(EQUAL RV1 (CAR L1)))
(:P L1 L2 RV1))
(IMPLIES (ENDP L1) (:P L1 L2 RV1))).
This induction is justified by the same argument used
to admit MEM. When applied to the goal at hand the
above induction scheme produces five nontautological
subgoals.
Subgoal *1.2.2.1.1/5
(IMPLIES (AND (NOT (ENDP L1))
(NOT (EQUAL RV1 (CAR L1)))
(NOT (MEM RV1 (CDR L1)))
(CONSP L2)
(CONSP L1)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1.1/5'
(IMPLIES (AND (CONSP L1)
(NOT (EQUAL RV1 (CAR L1)))
(NOT (MEM RV1 (CDR L1)))
(CONSP L2)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
But simplification reduces this to T, using the :definitions
HAS-DUPS and MEM and primitive type reasoning.
Subgoal *1.2.2.1.1/4
(IMPLIES (AND (NOT (ENDP L1))
(NOT (EQUAL RV1 (CAR L1)))
(HAS-DUPS (CDR L1))
(CONSP L2)
(CONSP L1)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1.1/4'
(IMPLIES (AND (CONSP L1)
(NOT (EQUAL RV1 (CAR L1)))
(HAS-DUPS (CDR L1))
(CONSP L2)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
But simplification reduces this to T, using the :definition
HAS-DUPS and the :type-prescription rule HAS-DUPS.
Subgoal *1.2.2.1.1/3
(IMPLIES (AND (NOT (ENDP L1))
(NOT (EQUAL RV1 (CAR L1)))
(NOT (CONSP (CDR L1)))
(CONSP L2)
(CONSP L1)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1.1/3'
(IMPLIES (AND (CONSP L1)
(NOT (EQUAL RV1 (CAR L1)))
(NOT (CONSP (CDR L1)))
(CONSP L2)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
This simplifies, using the :definitions HAS-DUPS and
MEM and primitive type reasoning, to
Subgoal *1.2.2.1.1/3''
(IMPLIES (AND (CONSP L1)
(NOT (EQUAL RV1 (CAR L1)))
(NOT (CONSP (CDR L1)))
(CONSP L2)
(NOT (HAS-DUPS (CDR L1)))
(MEM RV1 (CDR L1))
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
But simplification reduces this to T, using the :definitions
HAS-DUPS and MEM.
Subgoal *1.2.2.1.1/2
(IMPLIES (AND (NOT (ENDP L1))
(EQUAL RV1 (CAR L1))
(CONSP L2)
(CONSP L1)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1.1/2'
(IMPLIES (AND (CONSP L1)
(EQUAL RV1 (CAR L1))
(CONSP L2)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
This simplifies, using the :definitions HAS-DUPS and
MEM and primitive type reasoning, to
Subgoal *1.2.2.1.1/2''
(IMPLIES (AND (CONSP L1)
(CONSP L2)
(NOT (MEM (CAR L1) (CDR L1)))
(NOT (HAS-DUPS (CDR L1)))
(NOT (MEM (CAR L1) L2)))
(HAS-DUPS L2)).
The destructor terms (CAR L1) and (CDR L1) can be eliminated
by using CAR-CDR-ELIM to replace L1 by (CONS L3 L4),
(CAR L1) by L3 and (CDR L1) by L4. This produces the
following goal.
Subgoal *1.2.2.1.1/2'''
(IMPLIES (AND (CONSP (CONS L3 L4))
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
This simplifies, using primitive type reasoning, to
Subgoal *1.2.2.1.1/2'4'
(IMPLIES (AND (CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
Name the formula above *1.2.2.1.1.1.
Subgoal *1.2.2.1.1/1
(IMPLIES (AND (ENDP L1)
(CONSP L2)
(CONSP L1)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
But we reduce the conjecture to T, by case analysis.
So we now return to *1.2.2.1.1.1, which is
(IMPLIES (AND (CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
Perhaps we can prove *1.2.2.1.1.1 by induction. Four
induction schemes are suggested by this conjecture.
These merge into two derived induction schemes. We
will choose arbitrarily among these.
We will induct according to a scheme suggested by
(HAS-DUPS L4), but modified to accommodate (MEM L3 L4).
These suggestions were produced using the :induction
rules HAS-DUPS and MEM. If we let (:P L2 L3 L4) denote
*1.2.2.1.1.1 above then the induction scheme we'll use
is
(AND (IMPLIES (AND (NOT (ENDP L4))
(NOT (MEM (CAR L4) (CDR L4)))
(:P L2 L3 (CDR L4)))
(:P L2 L3 L4))
(IMPLIES (AND (NOT (ENDP L4))
(MEM (CAR L4) (CDR L4)))
(:P L2 L3 L4))
(IMPLIES (ENDP L4) (:P L2 L3 L4))).
This induction is justified by the same argument used
to admit HAS-DUPS. When applied to the goal at hand
the above induction scheme produces four nontautological
subgoals.
Subgoal *1.2.2.1.1.1/4
(IMPLIES (AND (NOT (ENDP L4))
(NOT (MEM (CAR L4) (CDR L4)))
(HAS-DUPS (CDR L4))
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1.1.1/4'
(IMPLIES (AND (CONSP L4)
(NOT (MEM (CAR L4) (CDR L4)))
(HAS-DUPS (CDR L4))
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
But simplification reduces this to T, using the :definitions
HAS-DUPS and MEM and the :type-prescription rule HAS-DUPS.
Subgoal *1.2.2.1.1.1/3
(IMPLIES (AND (NOT (ENDP L4))
(NOT (MEM (CAR L4) (CDR L4)))
(MEM L3 (CDR L4))
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1.1.1/3'
(IMPLIES (AND (CONSP L4)
(NOT (MEM (CAR L4) (CDR L4)))
(MEM L3 (CDR L4))
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
But simplification reduces this to T, using the :definition
MEM and the :type-prescription rule MEM.
Subgoal *1.2.2.1.1.1/2
(IMPLIES (AND (NOT (ENDP L4))
(MEM (CAR L4) (CDR L4))
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1.1.1/2'
(IMPLIES (AND (CONSP L4)
(MEM (CAR L4) (CDR L4))
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
But simplification reduces this to T, using the :definitions
HAS-DUPS and MEM and the :type-prescription rule MEM.
Subgoal *1.2.2.1.1.1/1
(IMPLIES (AND (ENDP L4)
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
By the simple :definition ENDP we reduce the conjecture
to
Subgoal *1.2.2.1.1.1/1'
(IMPLIES (AND (NOT (CONSP L4))
(CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
This simplifies, using the :definitions HAS-DUPS and
MEM, to
Subgoal *1.2.2.1.1.1/1''
(IMPLIES (AND (NOT (CONSP L4))
(CONSP L2)
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
We suspect that the term (NOT (CONSP L4)) is irrelevant
to the truth of this conjecture and throw it out. We
will thus try to prove
Subgoal *1.2.2.1.1.1/1'''
(IMPLIES (AND (CONSP L2) (NOT (MEM L3 L2)))
(HAS-DUPS L2)).
Name the formula above *1.2.2.1.1.1.1.
The formula above is subsumed by one of its parents,
*1.2.2.1.1.1, which we're in the process of trying to
prove by induction. When an inductive proof pushes
a subgoal for induction that is less general than the
original goal, it may be a sign that either an inappropriate
induction was chosen or that the original goal is insufficien\
tly general. In any case, our proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-1 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION ENDP)
(:DEFINITION HAS-DUPS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART EQUAL)
(:EXECUTABLE-COUNTERPART HAS-DUPS)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION HAS-DUPS)
(:INDUCTION MEM)
(:INDUCTION REV)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:TYPE-PRESCRIPTION AP)
(:TYPE-PRESCRIPTION HAS-DUPS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.15 seconds (prove: 0.07, print: 0.08, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoint at the top level: ***
Goal
(EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))
*** Key checkpoints under a top-level induction: ***
Subgoal *1/3''
(IMPLIES (AND (CONSP X)
(NOT (MEM (CAR X) (CDR X)))
(EQUAL (HAS-DUPS (REV (CDR X)))
(HAS-DUPS (CDR X))))
(EQUAL (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))
(HAS-DUPS (CDR X))))
Subgoal *1/2''
(IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X)))
(HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X)))))
ACL2 Error in ( DEFTHM PROBLEM-1 ...): See :DOC failure.
**************** FAILED ****************
ACL2 !>(set-gag-mode :goals)
ACL2 !>(defthm problem-1
(equal (has-dups (rev x))
(has-dups x)))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(HAS-DUPS X). This suggestion was produced using the
:induction rules HAS-DUPS and REV. If we let (:P X)
denote *1 above then the induction scheme we'll use
is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (MEM (CAR X) (CDR X)))
(:P (CDR X)))
(:P X))
(IMPLIES (AND (NOT (ENDP X))
(MEM (CAR X) (CDR X)))
(:P X))
(IMPLIES (ENDP X) (:P X))).
This induction is justified by the same argument used
to admit HAS-DUPS. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/3''
Subgoal *1/3'''
Subgoal *1/3'4'
Subgoal *1/3'5'
Subgoal *1/3'6'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/3''
(IMPLIES (AND (CONSP X)
(NOT (MEM (CAR X) (CDR X)))
(EQUAL (HAS-DUPS (REV (CDR X)))
(HAS-DUPS (CDR X))))
(EQUAL (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))
(HAS-DUPS (CDR X))))
*1.1 (Subgoal *1/3'6') is pushed for proof by induction.
])
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2''
Subgoal *1/2'''
Subgoal *1/2'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2''
(IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X)))
(HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X)))))
*1.2 (Subgoal *1/2'4') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.2, which is
(IMPLIES (MEM X1 X2)
(HAS-DUPS (AP (REV X2) (LIST X1)))).
Subgoal *1.2/4
Subgoal *1.2/4'
Subgoal *1.2/4''
Subgoal *1.2/4'''
Subgoal *1.2/4'4'
Subgoal *1.2/4'5'
*1.2.1 (Subgoal *1.2/4'5') is pushed for proof by induction.
Subgoal *1.2/3
Subgoal *1.2/3'
Subgoal *1.2/2
Subgoal *1.2/2'
Subgoal *1.2/2''
Subgoal *1.2/2'''
Subgoal *1.2/2'4'
*1.2.2 (Subgoal *1.2/2'4') is pushed for proof by induction.
Subgoal *1.2/1
Subgoal *1.2/1'
So we now return to *1.2.2, which is
(HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3))).
Subgoal *1.2.2/2
Subgoal *1.2.2/2'
Subgoal *1.2.2/2''
Subgoal *1.2.2/2'''
Subgoal *1.2.2/2'4'
Subgoal *1.2.2/2'5'
*1.2.2.1 (Subgoal *1.2.2/2'5') is pushed for proof by
induction.
Subgoal *1.2.2/1
Subgoal *1.2.2/1'
So we now return to *1.2.2.1, which is
(IMPLIES (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))
(HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3))
(LIST X3)))).
Subgoal *1.2.2.1/3
Subgoal *1.2.2.1/3'
Subgoal *1.2.2.1/2
Subgoal *1.2.2.1/2'
Subgoal *1.2.2.1/2''
Subgoal *1.2.2.1/2'''
Subgoal *1.2.2.1/2'4'
Subgoal *1.2.2.1/2'5'
Subgoal *1.2.2.1/2'6'
Subgoal *1.2.2.1/2'7'
Subgoal *1.2.2.1/2'8'
*1.2.2.1.1 (Subgoal *1.2.2.1/2'8') is pushed for proof
by induction.
Subgoal *1.2.2.1/1
Subgoal *1.2.2.1/1'
So we now return to *1.2.2.1.1, which is
(IMPLIES (AND (CONSP L2)
(CONSP L1)
(NOT (HAS-DUPS L1))
(MEM RV1 L1)
(NOT (MEM RV1 L2)))
(HAS-DUPS L2)).
Subgoal *1.2.2.1.1/5
Subgoal *1.2.2.1.1/5'
Subgoal *1.2.2.1.1/4
Subgoal *1.2.2.1.1/4'
Subgoal *1.2.2.1.1/3
Subgoal *1.2.2.1.1/3'
Subgoal *1.2.2.1.1/3''
Subgoal *1.2.2.1.1/2
Subgoal *1.2.2.1.1/2'
Subgoal *1.2.2.1.1/2''
Subgoal *1.2.2.1.1/2'''
Subgoal *1.2.2.1.1/2'4'
*1.2.2.1.1.1 (Subgoal *1.2.2.1.1/2'4') is pushed for
proof by induction.
Subgoal *1.2.2.1.1/1
So we now return to *1.2.2.1.1.1, which is
(IMPLIES (AND (CONSP L2)
(NOT (MEM L3 L4))
(NOT (HAS-DUPS L4))
(NOT (MEM L3 L2)))
(HAS-DUPS L2)).
Subgoal *1.2.2.1.1.1/4
Subgoal *1.2.2.1.1.1/4'
Subgoal *1.2.2.1.1.1/3
Subgoal *1.2.2.1.1.1/3'
Subgoal *1.2.2.1.1.1/2
Subgoal *1.2.2.1.1.1/2'
Subgoal *1.2.2.1.1.1/1
Subgoal *1.2.2.1.1.1/1'
Subgoal *1.2.2.1.1.1/1''
Subgoal *1.2.2.1.1.1/1'''
*1.2.2.1.1.1.1 (Subgoal *1.2.2.1.1.1/1''') is pushed
for proof by induction.
So we now return to *1.2.2.1.1.1.1, which is
(IMPLIES (AND (CONSP L2) (NOT (MEM L3 L2)))
(HAS-DUPS L2)).
The formula above is subsumed by one of its parents,
*1.2.2.1.1.1, which we're in the process of trying to
prove by induction. When an inductive proof pushes
a subgoal for induction that is less general than the
original goal, it may be a sign that either an inappropriate
induction was chosen or that the original goal is insufficien\
tly general. In any case, our proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-1 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION ENDP)
(:DEFINITION HAS-DUPS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART EQUAL)
(:EXECUTABLE-COUNTERPART HAS-DUPS)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION HAS-DUPS)
(:INDUCTION MEM)
(:INDUCTION REV)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:TYPE-PRESCRIPTION AP)
(:TYPE-PRESCRIPTION HAS-DUPS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.08 seconds (prove: 0.06, print: 0.02, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoint at the top level: ***
Goal
(EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))
*** Key checkpoints under a top-level induction: ***
Subgoal *1/3''
(IMPLIES (AND (CONSP X)
(NOT (MEM (CAR X) (CDR X)))
(EQUAL (HAS-DUPS (REV (CDR X)))
(HAS-DUPS (CDR X))))
(EQUAL (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))
(HAS-DUPS (CDR X))))
Subgoal *1/2''
(IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X)))
(HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X)))))
ACL2 Error in ( DEFTHM PROBLEM-1 ...): See :DOC failure.
**************** FAILED ****************
ACL2 !>(quote (Hint -- Think about (HAS-DUPS (AP A (LIST E)))))
(HINT --
THINK ABOUT (HAS-DUPS (AP A (LIST E))))
ACL2 !>(defthm problem-1-lemma-1
(equal (has-dups (ap a (list e)))
(or (mem e a)
(has-dups a))))
Subgoal 2
Subgoal 2'
([ A key checkpoint:
Subgoal 2'
(IMPLIES (MEM E A)
(HAS-DUPS (AP A (LIST E))))
*1 (Subgoal 2') is pushed for proof by induction.
])
Subgoal 1
([ A key checkpoint:
Subgoal 1
(IMPLIES (NOT (MEM E A))
(EQUAL (HAS-DUPS (AP A (LIST E)))
(HAS-DUPS A)))
Normally we would attempt to prove Subgoal 1 by induction.
However, we prefer in this instance to focus on the
original input conjecture rather than this simplified
special case. We therefore abandon our previous work
on this conjecture and reassign the name *1 to the original
conjecture. (See :DOC otf-flg.)
])
Perhaps we can prove *1 by induction. Four induction
schemes are suggested by this conjecture. Subsumption
reduces that number to two. These merge into one derived
induction scheme.
We will induct according to a scheme suggested by
(HAS-DUPS A), but modified to accommodate (MEM E A).
These suggestions were produced using the :induction
rules AP, HAS-DUPS and MEM. If we let (:P A E) denote
*1 above then the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP A))
(NOT (MEM (CAR A) (CDR A)))
(:P (CDR A) E))
(:P A E))
(IMPLIES (AND (NOT (ENDP A))
(MEM (CAR A) (CDR A)))
(:P A E))
(IMPLIES (ENDP A) (:P A E))).
This induction is justified by the same argument used
to admit HAS-DUPS. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/3.2
Subgoal *1/3.2'
Subgoal *1/3.2''
Subgoal *1/3.2'''
Subgoal *1/3.2'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/3.2'
(IMPLIES (AND (CONSP A)
(NOT (MEM (CAR A) (CDR A)))
(NOT (MEM E (CDR A)))
(NOT (HAS-DUPS (AP (CDR A) (LIST E))))
(MEM (CAR A) (AP (CDR A) (LIST E)))
(NOT (EQUAL E (CAR A))))
(HAS-DUPS (CDR A)))
*1.1 (Subgoal *1/3.2'4') is pushed for proof by induction.
])
Subgoal *1/3.1
Subgoal *1/3.1'
Subgoal *1/3.1''
Subgoal *1/3.1'''
Subgoal *1/3.1'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/3.1'
(IMPLIES (AND (CONSP A)
(NOT (MEM (CAR A) (CDR A)))
(NOT (HAS-DUPS (AP (CDR A) (LIST (CAR A)))))
(NOT (MEM (CAR A)
(AP (CDR A) (LIST (CAR A))))))
(HAS-DUPS (CDR A)))
*1.2 (Subgoal *1/3.1'4') is pushed for proof by induction.
])
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2.4
Subgoal *1/2.4'
Subgoal *1/2.4''
Subgoal *1/2.4'''
Subgoal *1/2.4'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.4'
(IMPLIES (AND (CONSP A)
(MEM (CAR A) (CDR A))
(NOT (MEM (CAR A)
(AP (CDR A) (LIST (CAR A))))))
(HAS-DUPS (AP (CDR A) (LIST (CAR A)))))
*1.3 (Subgoal *1/2.4'4') is pushed for proof by induction.
])
Subgoal *1/2.3
Subgoal *1/2.2
Subgoal *1/2.2'
Subgoal *1/2.2''
Subgoal *1/2.2'''
Subgoal *1/2.2'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.2'
(IMPLIES (AND (CONSP A)
(MEM (CAR A) (CDR A))
(NOT (MEM (CAR A) (AP (CDR A) (LIST E))))
(NOT (EQUAL E (CAR A)))
(MEM E (CDR A)))
(HAS-DUPS (AP (CDR A) (LIST E))))
*1.4 (Subgoal *1/2.2'4') is pushed for proof by induction.
])
Subgoal *1/2.1
Subgoal *1/2.1'
Subgoal *1/2.1''
Subgoal *1/2.1'''
Subgoal *1/2.1'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.1'
(IMPLIES (AND (CONSP A)
(MEM (CAR A) (CDR A))
(NOT (MEM (CAR A) (AP (CDR A) (LIST E))))
(NOT (MEM E (CDR A))))
(HAS-DUPS (AP (CDR A) (LIST E))))
*1.5 (Subgoal *1/2.1'4') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.5, which is
(IMPLIES (AND (CONSP L)
(MEM A1 A2)
(NOT (MEM A1 L))
(NOT (MEM E A2)))
(HAS-DUPS L)).
But the formula above is subsumed by *1.3, which we'll
try to prove later. We therefore regard *1.5 as proved
(pending the proof of the more general *1.3).
Subgoal *1/2.1' COMPLETED!
We next consider *1.4, which is
(IMPLIES (AND (CONSP L)
(MEM A1 A2)
(NOT (MEM A1 L))
(NOT (EQUAL E A1))
(MEM E A2))
(HAS-DUPS L)).
But the formula above is subsumed by *1.3, which we'll
try to prove later. We therefore regard *1.4 as proved
(pending the proof of the more general *1.3).
Subgoal *1/2.2' COMPLETED!
We next consider *1.3, which is
(IMPLIES (AND (CONSP L)
(MEM A1 A2)
(NOT (MEM A1 L)))
(HAS-DUPS L)).
But the formula above is subsumed by *1.2, which we'll
try to prove later. We therefore regard *1.3 as proved
(pending the proof of the more general *1.2).
Subgoal *1/2.4' COMPLETED!
We next consider *1.2, which is
(IMPLIES (AND (CONSP L)
(NOT (MEM A1 A2))
(NOT (HAS-DUPS L))
(NOT (MEM A1 L)))
(HAS-DUPS A2)).
Subgoal *1.2/5
Subgoal *1.2/5'
Subgoal *1.2/4
Subgoal *1.2/4'
Subgoal *1.2/3
Subgoal *1.2/3'
Subgoal *1.2/3''
Subgoal *1.2/3'''
Subgoal *1.2/3'4'
Subgoal *1.2/3'5'
Subgoal *1.2/3'6'
*1.2.1 (Subgoal *1.2/3'6') is pushed for proof by induction.
Subgoal *1.2/2
Subgoal *1.2/2'
Subgoal *1.2/1
So we now return to *1.2.1, which is
(IMPLIES (AND (NOT (EQUAL A1 L1))
(NOT (MEM A1 A2)))
(HAS-DUPS A2)).
Subgoal *1.2.1/4
Subgoal *1.2.1/4'
Subgoal *1.2.1/3
Subgoal *1.2.1/3'
Subgoal *1.2.1/2
Subgoal *1.2.1/2'
Subgoal *1.2.1/1
Subgoal *1.2.1/1'
Subgoal *1.2.1/1''
Subgoal *1.2.1/1'''
A goal of NIL, Subgoal *1.2.1/1''', has been generated!
Obviously, the proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-1-LEMMA-1 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION ENDP)
(:DEFINITION HAS-DUPS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART EQUAL)
(:EXECUTABLE-COUNTERPART HAS-DUPS)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION HAS-DUPS)
(:INDUCTION MEM)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:TYPE-PRESCRIPTION AP)
(:TYPE-PRESCRIPTION HAS-DUPS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.06 seconds (prove: 0.05, print: 0.02, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoints before reverting to proof by induction:
***
Subgoal 2'
(IMPLIES (MEM E A)
(HAS-DUPS (AP A (LIST E))))
Subgoal 1
(IMPLIES (NOT (MEM E A))
(EQUAL (HAS-DUPS (AP A (LIST E)))
(HAS-DUPS A)))
*** Key checkpoints under a top-level induction: ***
Subgoal *1/3.2'
(IMPLIES (AND (CONSP A)
(NOT (MEM (CAR A) (CDR A)))
(NOT (MEM E (CDR A)))
(NOT (HAS-DUPS (AP (CDR A) (LIST E))))
(MEM (CAR A) (AP (CDR A) (LIST E)))
(NOT (EQUAL E (CAR A))))
(HAS-DUPS (CDR A)))
Subgoal *1/3.1'
(IMPLIES (AND (CONSP A)
(NOT (MEM (CAR A) (CDR A)))
(NOT (HAS-DUPS (AP (CDR A) (LIST (CAR A)))))
(NOT (MEM (CAR A)
(AP (CDR A) (LIST (CAR A))))))
(HAS-DUPS (CDR A)))
ACL2 Error in ( DEFTHM PROBLEM-1-LEMMA-1 ...): See
:DOC failure.
**************** FAILED ****************
ACL2 !>(quote (Hint -- Think about (MEM E (AP A B))))
(HINT -- THINK ABOUT (MEM E (AP A B)))
ACL2 !>(defthm problem-1-lemma-2
(equal (mem e (ap a b))
(or (mem e a)
(mem e b))))
Subgoal 2
Subgoal 2'
([ A key checkpoint:
Subgoal 2'
(IMPLIES (MEM E A) (MEM E (AP A B)))
*1 (Subgoal 2') is pushed for proof by induction.
])
Subgoal 1
([ A key checkpoint:
Subgoal 1
(IMPLIES (NOT (MEM E A))
(EQUAL (MEM E (AP A B)) (MEM E B)))
Normally we would attempt to prove Subgoal 1 by induction.
However, we prefer in this instance to focus on the
original input conjecture rather than this simplified
special case. We therefore abandon our previous work
on this conjecture and reassign the name *1 to the original
conjecture. (See :DOC otf-flg.)
])
Perhaps we can prove *1 by induction. Four induction
schemes are suggested by this conjecture. Subsumption
reduces that number to three. These merge into two
derived induction schemes. However, one of these is
flawed and so we are left with one viable candidate.
We will induct according to a scheme suggested by (MEM E A),
but modified to accommodate (AP A B). These suggestions
were produced using the :induction rules AP and MEM.
If we let (:P A B E) denote *1 above then the induction
scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP A))
(NOT (EQUAL E (CAR A)))
(:P (CDR A) B E))
(:P A B E))
(IMPLIES (AND (NOT (ENDP A)) (EQUAL E (CAR A)))
(:P A B E))
(IMPLIES (ENDP A) (:P A B E))).
This induction is justified by the same argument used
to admit MEM. When applied to the goal at hand the
above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/1
Subgoal *1/1'
*1 is COMPLETED!
Thus key checkpoint Goal is COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-1-LEMMA-2 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION ENDP)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:EXECUTABLE-COUNTERPART EQUAL)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION MEM)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00)
PROBLEM-1-LEMMA-2
ACL2 !>(defthm problem-1-lemma-1
(equal (has-dups (ap a (list e)))
(or (mem e a)
(has-dups a))))
Subgoal 2
Subgoal 2'
([ A key checkpoint:
Subgoal 2'
(IMPLIES (MEM E A)
(HAS-DUPS (AP A (LIST E))))
*1 (Subgoal 2') is pushed for proof by induction.
])
Subgoal 1
([ A key checkpoint:
Subgoal 1
(IMPLIES (NOT (MEM E A))
(EQUAL (HAS-DUPS (AP A (LIST E)))
(HAS-DUPS A)))
Normally we would attempt to prove Subgoal 1 by induction.
However, we prefer in this instance to focus on the
original input conjecture rather than this simplified
special case. We therefore abandon our previous work
on this conjecture and reassign the name *1 to the original
conjecture. (See :DOC otf-flg.)
])
Perhaps we can prove *1 by induction. Four induction
schemes are suggested by this conjecture. Subsumption
reduces that number to two. These merge into one derived
induction scheme.
We will induct according to a scheme suggested by
(HAS-DUPS A), but modified to accommodate (MEM E A).
These suggestions were produced using the :induction
rules AP, HAS-DUPS and MEM. If we let (:P A E) denote
*1 above then the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP A))
(NOT (MEM (CAR A) (CDR A)))
(:P (CDR A) E))
(:P A E))
(IMPLIES (AND (NOT (ENDP A))
(MEM (CAR A) (CDR A)))
(:P A E))
(IMPLIES (ENDP A) (:P A E))).
This induction is justified by the same argument used
to admit HAS-DUPS. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2''
Subgoal *1/1
Subgoal *1/1'
*1 is COMPLETED!
Thus key checkpoint Goal is COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-1-LEMMA-1 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION ENDP)
(:DEFINITION HAS-DUPS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART EQUAL)
(:EXECUTABLE-COUNTERPART HAS-DUPS)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION HAS-DUPS)
(:INDUCTION MEM)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE PROBLEM-1-LEMMA-2)
(:TYPE-PRESCRIPTION MEM))
Time: 0.02 seconds (prove: 0.01, print: 0.00, other: 0.00)
PROBLEM-1-LEMMA-1
ACL2 !>(defthm problem-1
(equal (has-dups (rev x))
(has-dups x)))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(HAS-DUPS X). This suggestion was produced using the
:induction rules HAS-DUPS and REV. If we let (:P X)
denote *1 above then the induction scheme we'll use
is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (MEM (CAR X) (CDR X)))
(:P (CDR X)))
(:P X))
(IMPLIES (AND (NOT (ENDP X))
(MEM (CAR X) (CDR X)))
(:P X))
(IMPLIES (ENDP X) (:P X))).
This induction is justified by the same argument used
to admit HAS-DUPS. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/3''
Subgoal *1/3'''
Subgoal *1/3'4'
Subgoal *1/3'5'
Subgoal *1/3'6'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/3'''
(IMPLIES (AND (CONSP X)
(NOT (MEM (CAR X) (CDR X)))
(NOT (HAS-DUPS (REV (CDR X))))
(MEM (CAR X) (REV (CDR X))))
(HAS-DUPS (CDR X)))
*1.1 (Subgoal *1/3'6') is pushed for proof by induction.
])
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2''
Subgoal *1/2'''
Subgoal *1/2'4'
Subgoal *1/2'5'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2''
(IMPLIES (AND (CONSP X)
(MEM (CAR X) (CDR X))
(NOT (MEM (CAR X) (REV (CDR X)))))
(HAS-DUPS (REV (CDR X))))
*1.2 (Subgoal *1/2'5') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.2, which is
(IMPLIES (AND (MEM X1 X2) (NOT (MEM X1 RV)))
(HAS-DUPS RV)).
Subgoal *1.2/4
Subgoal *1.2/4'
Subgoal *1.2/3
Subgoal *1.2/3'
Subgoal *1.2/2
Subgoal *1.2/2'
Subgoal *1.2/1
Subgoal *1.2/1'
Subgoal *1.2/1''
Subgoal *1.2/1'''
A goal of NIL, Subgoal *1.2/1''', has been generated!
Obviously, the proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-1 ...)
Rules: ((:DEFINITION ENDP)
(:DEFINITION HAS-DUPS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART EQUAL)
(:EXECUTABLE-COUNTERPART HAS-DUPS)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION HAS-DUPS)
(:INDUCTION MEM)
(:INDUCTION REV)
(:REWRITE PROBLEM-1-LEMMA-1)
(:TYPE-PRESCRIPTION HAS-DUPS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.03 seconds (prove: 0.02, print: 0.01, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoint at the top level: ***
Goal
(EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))
*** Key checkpoints under a top-level induction: ***
Subgoal *1/3'''
(IMPLIES (AND (CONSP X)
(NOT (MEM (CAR X) (CDR X)))
(NOT (HAS-DUPS (REV (CDR X))))
(MEM (CAR X) (REV (CDR X))))
(HAS-DUPS (CDR X)))
Subgoal *1/2''
(IMPLIES (AND (CONSP X)
(MEM (CAR X) (CDR X))
(NOT (MEM (CAR X) (REV (CDR X)))))
(HAS-DUPS (REV (CDR X))))
ACL2 Error in ( DEFTHM PROBLEM-1 ...): See :DOC failure.
**************** FAILED ****************
ACL2 !>(quote (Hint -- Well?))
(HINT -- WELL?)
ACL2 !>(defthm problem-1-lemma-3
(equal (mem e (rev x))
(mem e x)))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by (MEM E X).
This suggestion was produced using the :induction rules
MEM and REV. If we let (:P E X) denote *1 above then
the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (EQUAL E (CAR X)))
(:P E (CDR X)))
(:P E X))
(IMPLIES (AND (NOT (ENDP X)) (EQUAL E (CAR X)))
(:P E X))
(IMPLIES (ENDP X) (:P E X))).
This induction is justified by the same argument used
to admit MEM. When applied to the goal at hand the
above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/1
Subgoal *1/1'
*1 is COMPLETED!
Thus key checkpoint Goal is COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-1-LEMMA-3 ...)
Rules: ((:DEFINITION ENDP)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART EQUAL)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION MEM)
(:INDUCTION REV)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE PROBLEM-1-LEMMA-2)
(:TYPE-PRESCRIPTION MEM))
Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00)
PROBLEM-1-LEMMA-3
ACL2 !>(defthm problem-1
(equal (has-dups (rev x))
(has-dups x)))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(HAS-DUPS X). This suggestion was produced using the
:induction rules HAS-DUPS and REV. If we let (:P X)
denote *1 above then the induction scheme we'll use
is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (MEM (CAR X) (CDR X)))
(:P (CDR X)))
(:P X))
(IMPLIES (AND (NOT (ENDP X))
(MEM (CAR X) (CDR X)))
(:P X))
(IMPLIES (ENDP X) (:P X))).
This induction is justified by the same argument used
to admit HAS-DUPS. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/1
Subgoal *1/1'
*1 is COMPLETED!
Thus key checkpoint Goal is COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-1 ...)
Rules: ((:DEFINITION ENDP)
(:DEFINITION HAS-DUPS)
(:DEFINITION NOT)
(:DEFINITION REV)
(:EXECUTABLE-COUNTERPART EQUAL)
(:EXECUTABLE-COUNTERPART HAS-DUPS)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION HAS-DUPS)
(:INDUCTION REV)
(:REWRITE PROBLEM-1-LEMMA-1)
(:REWRITE PROBLEM-1-LEMMA-3)
(:TYPE-PRESCRIPTION MEM))
Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.00)
PROBLEM-1
ACL2 !>(pbt 1)
L 1 (DEFUN AP (X Y) ...)
L 2 (DEFUN REV (X) ...)
L 3 (DEFUN MEM (E X) ...)
L 4 (DEFUN HAS-DUPS (X) ...)
5 (DEFTHM PROBLEM-1-LEMMA-2 ...)
6 (DEFTHM PROBLEM-1-LEMMA-1 ...)
7 (DEFTHM PROBLEM-1-LEMMA-3 ...)
8:x(DEFTHM PROBLEM-1 ...)
ACL2 !>(quote (end of demo 1))
(END OF DEMO 1)
ACL2 !>(defun collect-last (x)
(if (endp x)
nil
(if (mem (car x) (cdr x))
(collect-last (cdr x))
(cons (car x) (collect-last (cdr x))))))
The admission of COLLECT-LAST is trivial, using the
relation O< (which is known to be well-founded on the
domain recognized by O-P) and the measure (ACL2-COUNT X).
We observe that the type of COLLECT-LAST is described
by the theorem (TRUE-LISTP (COLLECT-LAST X)). We used
primitive type reasoning.
Summary
Form: ( DEFUN COLLECT-LAST ...)
Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL))
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
COLLECT-LAST
ACL2 !>(collect-last '(1 3 2 3 1 4))
(2 3 1 4)
ACL2 !>(defun collect-first (x a)
(if (endp x)
a
(collect-first (cdr x)
(if (mem (car x) a)
a
(cons (car x) a)))))
The admission of COLLECT-FIRST is trivial, using the
relation O< (which is known to be well-founded on the
domain recognized by O-P) and the measure (ACL2-COUNT X).
We observe that the type of COLLECT-FIRST is described
by the theorem
(OR (CONSP (COLLECT-FIRST X A))
(EQUAL (COLLECT-FIRST X A) A)).
We used primitive type reasoning.
Summary
Form: ( DEFUN COLLECT-FIRST ...)
Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL))
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
COLLECT-FIRST
ACL2 !>(collect-first '(1 3 2 3 1 4) nil)
(4 2 3 1)
ACL2 !>(collect-last (rev '(1 3 2 3 1 4)))
(4 2 3 1)
ACL2 !>(defthm problem-2
(equal (collect-first x nil)
(collect-last (rev x))))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by (REV X).
This suggestion was produced using the :induction rules
COLLECT-FIRST and REV. If we let (:P X) denote *1 above
then the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP X)) (:P (CDR X)))
(:P X))
(IMPLIES (ENDP X) (:P X))).
This induction is justified by the same argument used
to admit REV. When applied to the goal at hand the
above induction scheme produces two nontautological
subgoals.
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2''
Subgoal *1/2'''
Subgoal *1/2'4'
Subgoal *1/2'5'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2''
(IMPLIES
(AND (CONSP X)
(EQUAL (COLLECT-FIRST (CDR X) NIL)
(COLLECT-LAST (REV (CDR X)))))
(EQUAL (COLLECT-FIRST (CDR X) (LIST (CAR X)))
(COLLECT-LAST (AP (REV (CDR X)) (LIST (CAR X))))))
*1.1 (Subgoal *1/2'5') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.1, which is
(IMPLIES (EQUAL (COLLECT-FIRST X2 NIL)
(COLLECT-LAST RV))
(EQUAL (COLLECT-FIRST X2 (LIST X1))
(COLLECT-LAST (AP RV (LIST X1))))).
Subgoal *1.1/3
Subgoal *1.1/3'
Subgoal *1.1/3''
Subgoal *1.1/3'''
Subgoal *1.1/3'4'
Subgoal *1.1/3'5'
*1.1.1 (Subgoal *1.1/3'5') is pushed for proof by induction.
Subgoal *1.1/2
Subgoal *1.1/2'
Subgoal *1.1/2.2
Subgoal *1.1/2.2'
Subgoal *1.1/2.2''
Subgoal *1.1/2.2'''
Subgoal *1.1/2.2'4'
*1.1.2 (Subgoal *1.1/2.2'4') is pushed for proof by
induction.
Subgoal *1.1/2.1
Subgoal *1.1/2.1'
Subgoal *1.1/2.1''
Subgoal *1.1/2.1'''
*1.1.3 (Subgoal *1.1/2.1''') is pushed for proof by
induction.
Subgoal *1.1/1
Subgoal *1.1/1'
Subgoal *1.1/1''
Subgoal *1.1/1'''
*1.1.4 (Subgoal *1.1/1''') is pushed for proof by induction.
So we now return to *1.1.4, which is
(IMPLIES (NOT (COLLECT-LAST RV))
(EQUAL (LIST X1)
(COLLECT-LAST (AP RV (LIST X1))))).
Subgoal *1.1.4/5
Subgoal *1.1.4/5'
Subgoal *1.1.4/4
Subgoal *1.1.4/4'
Subgoal *1.1.4/3
Subgoal *1.1.4/3'
Subgoal *1.1.4/2
Subgoal *1.1.4/2'
Subgoal *1.1.4/1
Subgoal *1.1.4/1'
*1.1.4 is COMPLETED!
We therefore turn our attention to *1.1.3, which is
(IMPLIES (AND (NOT (EQUAL (COLLECT-FIRST X4 NIL)
(COLLECT-FIRST X4 (LIST X3))))
(NOT (EQUAL X3 X1)))
(EQUAL (COLLECT-FIRST X4 (LIST X3 X1))
(COLLECT-LAST (AP RV (LIST X1))))).
Subgoal *1.1.3/3
Subgoal *1.1.3/3'
Subgoal *1.1.3/3''
Subgoal *1.1.3/3'''
Subgoal *1.1.3/3'4'
Subgoal *1.1.3/3'5'
*1.1.3.1 (Subgoal *1.1.3/3'5') is pushed for proof by
induction.
Subgoal *1.1.3/2
Subgoal *1.1.3/2'
Subgoal *1.1.3/2.3
Subgoal *1.1.3/2.2
Subgoal *1.1.3/2.2'
Subgoal *1.1.3/2.2''
Subgoal *1.1.3/2.2'''
*1.1.3.2 (Subgoal *1.1.3/2.2''') is pushed for proof
by induction.
Subgoal *1.1.3/2.1
Subgoal *1.1.3/2.1'
Subgoal *1.1.3/2.1''
*1.1.3.3 (Subgoal *1.1.3/2.1'') is pushed for proof
by induction.
Subgoal *1.1.3/1
Subgoal *1.1.3/1'
Subgoal *1.1.3/1''
Subgoal *1.1.3/1'''
*1.1.3.4 (Subgoal *1.1.3/1''') is pushed for proof by
induction.
So we now return to *1.1.3.4, which is
(IMPLIES (NOT (EQUAL X3 X1))
(EQUAL (LIST X3 X1)
(COLLECT-LAST (AP RV (LIST X1))))).
Subgoal *1.1.3.4/2
Subgoal *1.1.3.4/2'
Subgoal *1.1.3.4/2''
Subgoal *1.1.3.4/2'''
Subgoal *1.1.3.4/2'4'
Subgoal *1.1.3.4/2'5'
*1.1.3.4.1 (Subgoal *1.1.3.4/2'5') is pushed for proof
by induction.
Subgoal *1.1.3.4/1
Subgoal *1.1.3.4/1'
Subgoal *1.1.3.4/1''
Subgoal *1.1.3.4/1'''
A goal of NIL, Subgoal *1.1.3.4/1''', has been generated!
Obviously, the proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-2 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION COLLECT-FIRST)
(:DEFINITION COLLECT-LAST)
(:DEFINITION ENDP)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART COLLECT-LAST)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART EQUAL)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION COLLECT-FIRST)
(:INDUCTION COLLECT-LAST)
(:INDUCTION REV)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE PROBLEM-1-LEMMA-2)
(:TYPE-PRESCRIPTION COLLECT-LAST)
(:TYPE-PRESCRIPTION MEM))
Time: 0.14 seconds (prove: 0.13, print: 0.01, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoint at the top level: ***
Goal
(EQUAL (COLLECT-FIRST X NIL)
(COLLECT-LAST (REV X)))
*** Key checkpoint under a top-level induction: ***
Subgoal *1/2''
(IMPLIES
(AND (CONSP X)
(EQUAL (COLLECT-FIRST (CDR X) NIL)
(COLLECT-LAST (REV (CDR X)))))
(EQUAL (COLLECT-FIRST (CDR X) (LIST (CAR X)))
(COLLECT-LAST (AP (REV (CDR X)) (LIST (CAR X))))))
ACL2 Error in ( DEFTHM PROBLEM-2 ...): See :DOC failure.
**************** FAILED ****************
ACL2 !>(collect-first '(1 3 2 3 1 4) '(3 4))
(2 1 3 4)
ACL2 !>(defun list-minus (x y)
(if (endp x)
nil
(if (mem (car x) y)
(list-minus (cdr x) y)
(cons (car x) (list-minus (cdr x) y)))))
The admission of LIST-MINUS is trivial, using the relation
O< (which is known to be well-founded on the domain
recognized by O-P) and the measure (ACL2-COUNT X).
We observe that the type of LIST-MINUS is described
by the theorem (TRUE-LISTP (LIST-MINUS X Y)). We used
primitive type reasoning.
Summary
Form: ( DEFUN LIST-MINUS ...)
Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL))
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
LIST-MINUS
ACL2 !>(list-minus '(1 3 2 3 1 4) '(3 4))
(1 2 1)
ACL2 !>(defthm problem-2-lemma-1
(equal (collect-first x a)
(ap (collect-last (list-minus (rev x) a))
a)))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(COLLECT-FIRST X A). This suggestion was produced using
the :induction rules COLLECT-FIRST and REV. If we let
(:P A X) denote *1 above then the induction scheme we'll
use is
(AND
(IMPLIES (AND (NOT (ENDP X))
(:P (IF (MEM (CAR X) A) A (CONS (CAR X) A))
(CDR X)))
(:P A X))
(IMPLIES (ENDP X) (:P A X))).
This induction is justified by the same argument used
to admit COLLECT-FIRST. Note, however, that the unmeasured
variable A is being instantiated. When applied to the
goal at hand the above induction scheme produces two
nontautological subgoals.
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2.2
Subgoal *1/2.2'
Subgoal *1/2.2''
Subgoal *1/2.2'''
Subgoal *1/2.2'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.2
(IMPLIES
(AND (CONSP X)
(MEM (CAR X) A)
(EQUAL (COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A))
A)))
(EQUAL
(COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST
(LIST-MINUS (AP (REV (CDR X)) (LIST (CAR X)))
A))
A)))
*1.1 (Subgoal *1/2.2'4') is pushed for proof by induction.
])
Subgoal *1/2.1
Subgoal *1/2.1'
Subgoal *1/2.1''
Subgoal *1/2.1'''
Subgoal *1/2.1'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.1
(IMPLIES
(AND
(CONSP X)
(NOT (MEM (CAR X) A))
(EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X))
(CONS (CAR X) A)))
(CONS (CAR X) A))))
(EQUAL
(COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST
(LIST-MINUS (AP (REV (CDR X)) (LIST (CAR X)))
A))
A)))
*1.2 (Subgoal *1/2.1'4') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.2, which is
(IMPLIES
(NOT (MEM X1 A))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV (CONS X1 A)))
(CONS X1 A))
(AP (COLLECT-LAST (LIST-MINUS (AP RV (LIST X1)) A))
A))).
Subgoal *1.2/4
Subgoal *1.2/4'
Subgoal *1.2/4''
Subgoal *1.2/4'''
Subgoal *1.2/4'4'
Subgoal *1.2/4'5'
*1.2.1 (Subgoal *1.2/4'5') is pushed for proof by induction.
Subgoal *1.2/3
Subgoal *1.2/3'
Subgoal *1.2/2
Subgoal *1.2/2'
Subgoal *1.2/1
Subgoal *1.2/1'
Subgoal *1.2/1''
*1.2.2 (Subgoal *1.2/1'') is pushed for proof by induction.
So we now return to *1.2.2, which is
(IMPLIES
(NOT (CONSP A))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV (CONS X1 A)))
(CONS X1 A))
(AP (COLLECT-LAST (LIST-MINUS (AP RV (LIST X1)) A))
A))).
Subgoal *1.2.2/3
Subgoal *1.2.2/3'
Subgoal *1.2.2/3.3
Subgoal *1.2.2/3.3'
Subgoal *1.2.2/3.3''
Subgoal *1.2.2/3.3'''
Subgoal *1.2.2/3.3'4'
Subgoal *1.2.2/3.3'5'
Subgoal *1.2.2/3.3'6'
*1.2.2.1 (Subgoal *1.2.2/3.3'6') is pushed for proof
by induction.
Subgoal *1.2.2/3.2
Subgoal *1.2.2/3.1
Subgoal *1.2.2/3.1'
Subgoal *1.2.2/3.1''
Subgoal *1.2.2/3.1'''
Subgoal *1.2.2/3.1'4'
Subgoal *1.2.2/3.1'5'
Subgoal *1.2.2/3.1'6'
*1.2.2.2 (Subgoal *1.2.2/3.1'6') is pushed for proof
by induction.
Subgoal *1.2.2/2
Subgoal *1.2.2/2'
Subgoal *1.2.2/2''
Subgoal *1.2.2/2'''
Subgoal *1.2.2/2'4'
Subgoal *1.2.2/2'5'
Subgoal *1.2.2/2'6'
Subgoal *1.2.2/2'7'
Subgoal *1.2.2/2'8'
*1.2.2.3 (Subgoal *1.2.2/2'8') is pushed for proof by
induction.
Subgoal *1.2.2/1
Subgoal *1.2.2/1'
So we now return to *1.2.2.3, which is
(IMPLIES
(AND
(TRUE-LISTP LMS)
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A)))
(CONS RV1 A))
(AP (COLLECT-LAST LMS) A))
(NOT (CONSP A)))
(MEM RV1 LMS)).
Subgoal *1.2.2.3/5
Subgoal *1.2.2.3/5'
Subgoal *1.2.2.3/4
Subgoal *1.2.2.3/4'
Subgoal *1.2.2.3/4.2
Subgoal *1.2.2.3/4.1
Subgoal *1.2.2.3/4.1'
Subgoal *1.2.2.3/4.1''
Subgoal *1.2.2.3/4.1'''
*1.2.2.3.1 (Subgoal *1.2.2.3/4.1''') is pushed for proof
by induction.
Subgoal *1.2.2.3/3
Subgoal *1.2.2.3/2
Subgoal *1.2.2.3/2'
Subgoal *1.2.2.3/1
Subgoal *1.2.2.3/1'
So we now return to *1.2.2.3.1, which is
(IMPLIES
(AND
(NOT (EQUAL RV1 LMS1))
(TRUE-LISTP LMS2)
(NOT (MEM LMS1 LMS2))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A)))
(CONS RV1 A))
(CONS LMS1 (AP (COLLECT-LAST LMS2) A)))
(NOT (CONSP A)))
(MEM RV1 LMS2)).
Subgoal *1.2.2.3.1/6
Subgoal *1.2.2.3.1/6'
Subgoal *1.2.2.3.1/5
Subgoal *1.2.2.3.1/5'
Subgoal *1.2.2.3.1/5.2
Subgoal *1.2.2.3.1/5.1
Subgoal *1.2.2.3.1/5.1'
Subgoal *1.2.2.3.1/5.1''
Subgoal *1.2.2.3.1/5.1'''
*1.2.2.3.1.1 (Subgoal *1.2.2.3.1/5.1''') is pushed for
proof by induction.
Subgoal *1.2.2.3.1/4
Subgoal *1.2.2.3.1/4'
Subgoal *1.2.2.3.1/3
Subgoal *1.2.2.3.1/2
Subgoal *1.2.2.3.1/2'
Subgoal *1.2.2.3.1/1
Subgoal *1.2.2.3.1/1'
Subgoal *1.2.2.3.1/1''
Subgoal *1.2.2.3.1/1'''
*1.2.2.3.1.2 (Subgoal *1.2.2.3.1/1''') is pushed for
proof by induction.
So we now return to *1.2.2.3.1.2, which is
(IMPLIES
(AND
(NOT (EQUAL RV1 LMS1))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A)))
(CONS RV1 A))
(CONS LMS1 A)))
(CONSP A)).
Subgoal *1.2.2.3.1.2/3
Subgoal *1.2.2.3.1.2/3'
Subgoal *1.2.2.3.1.2/3''
Subgoal *1.2.2.3.1.2/2
Subgoal *1.2.2.3.1.2/2'
Subgoal *1.2.2.3.1.2/1
Subgoal *1.2.2.3.1.2/1'
*1.2.2.3.1.2 is COMPLETED!
We therefore turn our attention to *1.2.2.3.1.1, which
is
(IMPLIES
(AND
(NOT (EQUAL RV1 LMS3))
(NOT (EQUAL RV1 LMS1))
(TRUE-LISTP LMS4)
(NOT (EQUAL LMS1 LMS3))
(NOT (MEM LMS1 LMS4))
(NOT (MEM LMS3 LMS4))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A)))
(CONS RV1 A))
(LIST* LMS1 LMS3 (AP (COLLECT-LAST LMS4) A)))
(NOT (CONSP A)))
(MEM RV1 LMS4)).
Subgoal *1.2.2.3.1.1/7
Subgoal *1.2.2.3.1.1/7'
Subgoal *1.2.2.3.1.1/6
Subgoal *1.2.2.3.1.1/6'
Subgoal *1.2.2.3.1.1/6.2
Subgoal *1.2.2.3.1.1/6.1
Subgoal *1.2.2.3.1.1/6.1'
Subgoal *1.2.2.3.1.1/6.1''
Subgoal *1.2.2.3.1.1/6.1'''
*1.2.2.3.1.1.1 (Subgoal *1.2.2.3.1.1/6.1''') is pushed
for proof by induction.
Subgoal *1.2.2.3.1.1/5
Subgoal *1.2.2.3.1.1/5'
Subgoal *1.2.2.3.1.1/4
Subgoal *1.2.2.3.1.1/4'
Subgoal *1.2.2.3.1.1/3
Subgoal *1.2.2.3.1.1/2
Subgoal *1.2.2.3.1.1/2'
Subgoal *1.2.2.3.1.1/1
Subgoal *1.2.2.3.1.1/1'
Subgoal *1.2.2.3.1.1/1''
Subgoal *1.2.2.3.1.1/1'''
*1.2.2.3.1.1.2 (Subgoal *1.2.2.3.1.1/1''') is pushed
for proof by induction.
So we now return to *1.2.2.3.1.1.2, which is
(IMPLIES
(AND
(NOT (EQUAL RV1 LMS3))
(NOT (EQUAL RV1 LMS1))
(NOT (EQUAL LMS1 LMS3))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A)))
(CONS RV1 A))
(LIST* LMS1 LMS3 A)))
(CONSP A)).
Subgoal *1.2.2.3.1.1.2/3
Subgoal *1.2.2.3.1.1.2/3'
Subgoal *1.2.2.3.1.1.2/3''
Subgoal *1.2.2.3.1.1.2/3'''
Subgoal *1.2.2.3.1.1.2/3'4'
Subgoal *1.2.2.3.1.1.2/3'5'
Subgoal *1.2.2.3.1.1.2/3'6'
Subgoal *1.2.2.3.1.1.2/3'7'
*1.2.2.3.1.1.2.1 (Subgoal *1.2.2.3.1.1.2/3'7') is pushed
for proof by induction.
Subgoal *1.2.2.3.1.1.2/2
Subgoal *1.2.2.3.1.1.2/2'
Subgoal *1.2.2.3.1.1.2/1
Subgoal *1.2.2.3.1.1.2/1'
So we now return to *1.2.2.3.1.1.2.1, which is
(IMPLIES (AND (TRUE-LISTP LMS)
(NOT (EQUAL RV1 LMS3))
(NOT (EQUAL RV1 RV3))
(NOT (EQUAL RV3 LMS3))
(NOT (MEM RV3 LMS))
(EQUAL (AP (COLLECT-LAST LMS) (CONS RV1 A))
(CONS LMS3 A)))
(CONSP A)).
Subgoal *1.2.2.3.1.1.2.1/7
Subgoal *1.2.2.3.1.1.2.1/7'
Subgoal *1.2.2.3.1.1.2.1/6
Subgoal *1.2.2.3.1.1.2.1/6'
Subgoal *1.2.2.3.1.1.2.1/5
Subgoal *1.2.2.3.1.1.2.1/4
Subgoal *1.2.2.3.1.1.2.1/4'
Subgoal *1.2.2.3.1.1.2.1/3
Subgoal *1.2.2.3.1.1.2.1/3'
Subgoal *1.2.2.3.1.1.2.1/2
Subgoal *1.2.2.3.1.1.2.1/1
Subgoal *1.2.2.3.1.1.2.1/1'
*1.2.2.3.1.1.2.1 and *1.2.2.3.1.1.2 are COMPLETED!
We therefore turn our attention to *1.2.2.3.1.1.1, which
is
(IMPLIES
(AND
(NOT (EQUAL RV1 LMS5))
(NOT (EQUAL RV1 LMS3))
(NOT (EQUAL RV1 LMS1))
(TRUE-LISTP LMS6)
(NOT (EQUAL LMS1 LMS3))
(NOT (EQUAL LMS1 LMS5))
(NOT (MEM LMS1 LMS6))
(NOT (EQUAL LMS3 LMS5))
(NOT (MEM LMS3 LMS6))
(NOT (MEM LMS5 LMS6))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A)))
(CONS RV1 A))
(LIST* LMS1
LMS3 LMS5 (AP (COLLECT-LAST LMS6) A)))
(NOT (CONSP A)))
(MEM RV1 LMS6)).
Subgoal *1.2.2.3.1.1.1/8
Subgoal *1.2.2.3.1.1.1/8'
Subgoal *1.2.2.3.1.1.1/7
Subgoal *1.2.2.3.1.1.1/7'
Subgoal *1.2.2.3.1.1.1/7''
Subgoal *1.2.2.3.1.1.1/7'''
Subgoal *1.2.2.3.1.1.1/7'4'
Subgoal *1.2.2.3.1.1.1/7'5'
Subgoal *1.2.2.3.1.1.1/7'6'
Subgoal *1.2.2.3.1.1.1/7'7'
Subgoal *1.2.2.3.1.1.1/7'8'
*1.2.2.3.1.1.1.1 (Subgoal *1.2.2.3.1.1.1/7'8') is pushed
for proof by induction.
Subgoal *1.2.2.3.1.1.1/6
Subgoal *1.2.2.3.1.1.1/6'
Subgoal *1.2.2.3.1.1.1/5
Subgoal *1.2.2.3.1.1.1/5'
Subgoal *1.2.2.3.1.1.1/4
Subgoal *1.2.2.3.1.1.1/4'
Subgoal *1.2.2.3.1.1.1/3
Subgoal *1.2.2.3.1.1.1/2
Subgoal *1.2.2.3.1.1.1/2'
Subgoal *1.2.2.3.1.1.1/1
Subgoal *1.2.2.3.1.1.1/1'
Subgoal *1.2.2.3.1.1.1/1''
Subgoal *1.2.2.3.1.1.1/1'''
*1.2.2.3.1.1.1.2 (Subgoal *1.2.2.3.1.1.1/1''') is pushed
for proof by induction.
So we now return to *1.2.2.3.1.1.1.2, which is
(IMPLIES
(AND
(NOT (EQUAL RV1 LMS5))
(NOT (EQUAL RV1 LMS3))
(NOT (EQUAL RV1 LMS1))
(NOT (EQUAL LMS1 LMS3))
(NOT (EQUAL LMS1 LMS5))
(NOT (EQUAL LMS3 LMS5))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A)))
(CONS RV1 A))
(LIST* LMS1 LMS3 LMS5 A)))
(CONSP A)).
Subgoal *1.2.2.3.1.1.1.2/3
Subgoal *1.2.2.3.1.1.1.2/3'
Subgoal *1.2.2.3.1.1.1.2/3''
Subgoal *1.2.2.3.1.1.1.2/3'''
Subgoal *1.2.2.3.1.1.1.2/3'4'
Subgoal *1.2.2.3.1.1.1.2/3'5'
Subgoal *1.2.2.3.1.1.1.2/3'6'
Subgoal *1.2.2.3.1.1.1.2/3'7'
*1.2.2.3.1.1.1.2.1 (Subgoal *1.2.2.3.1.1.1.2/3'7') is
pushed for proof by induction.
Subgoal *1.2.2.3.1.1.1.2/2
Subgoal *1.2.2.3.1.1.1.2/2'
Subgoal *1.2.2.3.1.1.1.2/1
Subgoal *1.2.2.3.1.1.1.2/1'
So we now return to *1.2.2.3.1.1.1.2.1, which is
(IMPLIES (AND (TRUE-LISTP LMS)
(NOT (EQUAL RV1 LMS5))
(NOT (EQUAL RV1 LMS3))
(NOT (EQUAL RV1 RV3))
(NOT (EQUAL RV3 LMS3))
(NOT (EQUAL RV3 LMS5))
(NOT (EQUAL LMS3 LMS5))
(NOT (MEM RV3 LMS))
(EQUAL (AP (COLLECT-LAST LMS) (CONS RV1 A))
(LIST* LMS3 LMS5 A)))
(CONSP A)).
Subgoal *1.2.2.3.1.1.1.2.1/7
Subgoal *1.2.2.3.1.1.1.2.1/7'
Subgoal *1.2.2.3.1.1.1.2.1/7''
Subgoal *1.2.2.3.1.1.1.2.1/7'''
Subgoal *1.2.2.3.1.1.1.2.1/7'4'
Subgoal *1.2.2.3.1.1.1.2.1/7'5'
*1.2.2.3.1.1.1.2.1.1 (Subgoal *1.2.2.3.1.1.1.2.1/7'5')
is pushed for proof by induction.
Subgoal *1.2.2.3.1.1.1.2.1/6
Subgoal *1.2.2.3.1.1.1.2.1/6'
Subgoal *1.2.2.3.1.1.1.2.1/5
Subgoal *1.2.2.3.1.1.1.2.1/4
Subgoal *1.2.2.3.1.1.1.2.1/4'
Subgoal *1.2.2.3.1.1.1.2.1/3
Subgoal *1.2.2.3.1.1.1.2.1/3'
Subgoal *1.2.2.3.1.1.1.2.1/2
Subgoal *1.2.2.3.1.1.1.2.1/1
Subgoal *1.2.2.3.1.1.1.2.1/1'
So we now return to *1.2.2.3.1.1.1.2.1.1, which is
(IMPLIES (AND (NOT (MEM LMS1 LMS2))
(TRUE-LISTP LMS2)
(NOT (EQUAL RV1 LMS5))
(NOT (EQUAL RV1 LMS1))
(NOT (EQUAL RV1 RV3))
(NOT (EQUAL RV3 LMS5))
(NOT (EQUAL LMS1 LMS5))
(NOT (EQUAL RV3 LMS1))
(NOT (MEM RV3 LMS2))
(EQUAL (AP (COLLECT-LAST LMS2) (CONS RV1 A))
(CONS LMS5 A)))
(CONSP A)).
Subgoal *1.2.2.3.1.1.1.2.1.1/9
Subgoal *1.2.2.3.1.1.1.2.1.1/9'
Subgoal *1.2.2.3.1.1.1.2.1.1/8
Subgoal *1.2.2.3.1.1.1.2.1.1/8'
Subgoal *1.2.2.3.1.1.1.2.1.1/7
Subgoal *1.2.2.3.1.1.1.2.1.1/6
Subgoal *1.2.2.3.1.1.1.2.1.1/6'
Subgoal *1.2.2.3.1.1.1.2.1.1/5
Subgoal *1.2.2.3.1.1.1.2.1.1/5'
Subgoal *1.2.2.3.1.1.1.2.1.1/4
Subgoal *1.2.2.3.1.1.1.2.1.1/4'
Subgoal *1.2.2.3.1.1.1.2.1.1/3
Subgoal *1.2.2.3.1.1.1.2.1.1/2
Subgoal *1.2.2.3.1.1.1.2.1.1/2'
Subgoal *1.2.2.3.1.1.1.2.1.1/1
Subgoal *1.2.2.3.1.1.1.2.1.1/1'
*1.2.2.3.1.1.1.2.1.1, *1.2.2.3.1.1.1.2.1 and *1.2.2.3.1.1.1.
2 are COMPLETED!
We therefore turn our attention to *1.2.2.3.1.1.1.1,
which is
(IMPLIES (AND (NOT (EQUAL RV1 LMS7))
(NOT (EQUAL RV1 LMS5))
(NOT (EQUAL RV1 LMS3))
(NOT (EQUAL RV1 LMS1))
(TRUE-LISTP LMS8)
(NOT (EQUAL LMS1 LMS3))
(NOT (EQUAL LMS1 LMS5))
(NOT (EQUAL LMS1 LMS7))
(NOT (MEM LMS1 LMS8))
(NOT (EQUAL LMS3 LMS5))
(NOT (EQUAL LMS3 LMS7))
(NOT (MEM LMS3 LMS8))
(NOT (EQUAL LMS5 LMS7))
(NOT (MEM LMS5 LMS8))
(NOT (MEM LMS7 LMS8)))
(MEM RV1 LMS8)).
Subgoal *1.2.2.3.1.1.1.1/8
Subgoal *1.2.2.3.1.1.1.1/8'
Subgoal *1.2.2.3.1.1.1.1/7
Subgoal *1.2.2.3.1.1.1.1/7'
Subgoal *1.2.2.3.1.1.1.1/6
Subgoal *1.2.2.3.1.1.1.1/6'
Subgoal *1.2.2.3.1.1.1.1/5
Subgoal *1.2.2.3.1.1.1.1/5'
Subgoal *1.2.2.3.1.1.1.1/4
Subgoal *1.2.2.3.1.1.1.1/4'
Subgoal *1.2.2.3.1.1.1.1/3
Subgoal *1.2.2.3.1.1.1.1/2
Subgoal *1.2.2.3.1.1.1.1/2'
Subgoal *1.2.2.3.1.1.1.1/1
Subgoal *1.2.2.3.1.1.1.1/1'
Subgoal *1.2.2.3.1.1.1.1/1''
Subgoal *1.2.2.3.1.1.1.1/1'''
Subgoal *1.2.2.3.1.1.1.1/1'4'
A goal of NIL, Subgoal *1.2.2.3.1.1.1.1/1'4', has been
generated! Obviously, the proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-2-LEMMA-1 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION COLLECT-FIRST)
(:DEFINITION COLLECT-LAST)
(:DEFINITION ENDP)
(:DEFINITION LIST-MINUS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:DEFINITION TRUE-LISTP)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART COLLECT-LAST)
(:EXECUTABLE-COUNTERPART CONSP)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION COLLECT-FIRST)
(:INDUCTION COLLECT-LAST)
(:INDUCTION LIST-MINUS)
(:INDUCTION MEM)
(:INDUCTION REV)
(:INDUCTION TRUE-LISTP)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE CONS-EQUAL)
(:TYPE-PRESCRIPTION AP)
(:TYPE-PRESCRIPTION COLLECT-LAST)
(:TYPE-PRESCRIPTION LIST-MINUS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.50 seconds (prove: 0.45, print: 0.05, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoint at the top level: ***
Goal
(EQUAL (COLLECT-FIRST X A)
(AP (COLLECT-LAST (LIST-MINUS (REV X) A))
A))
*** Key checkpoints under a top-level induction: ***
Subgoal *1/2.2
(IMPLIES
(AND (CONSP X)
(MEM (CAR X) A)
(EQUAL (COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A))
A)))
(EQUAL
(COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST
(LIST-MINUS (AP (REV (CDR X)) (LIST (CAR X)))
A))
A)))
Subgoal *1/2.1
(IMPLIES
(AND
(CONSP X)
(NOT (MEM (CAR X) A))
(EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X))
(CONS (CAR X) A)))
(CONS (CAR X) A))))
(EQUAL
(COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST
(LIST-MINUS (AP (REV (CDR X)) (LIST (CAR X)))
A))
A)))
ACL2 Error in ( DEFTHM PROBLEM-2-LEMMA-1 ...): See
:DOC failure.
**************** FAILED ****************
ACL2 !>(quote (Hint -- Think about (LIST-MINUS (AP X Y) Z)))
(HINT -- THINK ABOUT (LIST-MINUS (AP X Y) Z))
ACL2 !>(defthm list-minus-ap
(equal (list-minus (ap x y) z)
(ap (list-minus x z) (list-minus y z))))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Three induction
schemes are suggested by this conjecture. These merge
into two derived induction schemes. However, one of
these is flawed and so we are left with one viable candidate.
We will induct according to a scheme suggested by
(LIST-MINUS X Z), but modified to accommodate (AP X Y).
These suggestions were produced using the :induction
rules AP and LIST-MINUS. If we let (:P X Y Z) denote
*1 above then the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (MEM (CAR X) Z))
(:P (CDR X) Y Z))
(:P X Y Z))
(IMPLIES (AND (NOT (ENDP X))
(MEM (CAR X) Z)
(:P (CDR X) Y Z))
(:P X Y Z))
(IMPLIES (ENDP X) (:P X Y Z))).
This induction is justified by the same argument used
to admit LIST-MINUS. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/1
Subgoal *1/1'
*1 is COMPLETED!
Thus key checkpoint Goal is COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM LIST-MINUS-AP ...)
Rules: ((:DEFINITION AP)
(:DEFINITION ENDP)
(:DEFINITION LIST-MINUS)
(:DEFINITION NOT)
(:EXECUTABLE-COUNTERPART CONSP)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION LIST-MINUS)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:TYPE-PRESCRIPTION LIST-MINUS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.00)
LIST-MINUS-AP
ACL2 !>(defthm problem-2-lemma-1
(equal (collect-first x a)
(ap (collect-last (list-minus (rev x) a))
a)))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(COLLECT-FIRST X A). This suggestion was produced using
the :induction rules COLLECT-FIRST and REV. If we let
(:P A X) denote *1 above then the induction scheme we'll
use is
(AND
(IMPLIES (AND (NOT (ENDP X))
(:P (IF (MEM (CAR X) A) A (CONS (CAR X) A))
(CDR X)))
(:P A X))
(IMPLIES (ENDP X) (:P A X))).
This induction is justified by the same argument used
to admit COLLECT-FIRST. Note, however, that the unmeasured
variable A is being instantiated. When applied to the
goal at hand the above induction scheme produces two
nontautological subgoals.
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2.2
Subgoal *1/2.2'
Subgoal *1/2.2''
Subgoal *1/2.2'''
Subgoal *1/2.2'4'
Subgoal *1/2.2'5'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.2
(IMPLIES
(AND (CONSP X)
(MEM (CAR X) A)
(EQUAL (COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A))
A)))
(EQUAL
(COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST (AP (LIST-MINUS (REV (CDR X)) A) NIL))
A)))
*1.1 (Subgoal *1/2.2'5') is pushed for proof by induction.
])
Subgoal *1/2.1
Subgoal *1/2.1'
Subgoal *1/2.1''
Subgoal *1/2.1'''
Subgoal *1/2.1'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.1
(IMPLIES
(AND
(CONSP X)
(NOT (MEM (CAR X) A))
(EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X))
(CONS (CAR X) A)))
(CONS (CAR X) A))))
(EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST (AP (LIST-MINUS (REV (CDR X)) A)
(LIST (CAR X))))
A)))
*1.2 (Subgoal *1/2.1'4') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.2, which is
(IMPLIES
(NOT (MEM X1 A))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV (CONS X1 A)))
(CONS X1 A))
(AP (COLLECT-LAST (AP (LIST-MINUS RV A) (LIST X1)))
A))).
Subgoal *1.2/3
Subgoal *1.2/3'
Subgoal *1.2/3.2
Subgoal *1.2/3.2'
Subgoal *1.2/3.2''
Subgoal *1.2/3.2'''
Subgoal *1.2/3.2'4'
Subgoal *1.2/3.2'5'
*1.2.1 (Subgoal *1.2/3.2'5') is pushed for proof by
induction.
Subgoal *1.2/3.1
Subgoal *1.2/3.1.2
Subgoal *1.2/3.1.2'
Subgoal *1.2/3.1.2''
Subgoal *1.2/3.1.2'''
Subgoal *1.2/3.1.2'4'
*1.2.2 (Subgoal *1.2/3.1.2'4') is pushed for proof by
induction.
Subgoal *1.2/3.1.1
Subgoal *1.2/2
Subgoal *1.2/2'
Subgoal *1.2/1
Subgoal *1.2/1'
So we now return to *1.2.2, which is
(IMPLIES (AND (TRUE-LISTP LMS)
(TRUE-LISTP LMS0)
(NOT (MEM RV1 A))
(EQUAL (AP (COLLECT-LAST LMS) (CONS X1 A))
(AP (COLLECT-LAST (AP LMS0 (LIST X1)))
A))
(NOT (MEM X1 A))
(NOT (EQUAL RV1 X1))
(NOT (MEM RV1 LMS0)))
(NOT (MEM RV1 LMS))).
Subgoal *1.2.2/5
Subgoal *1.2.2/5'
Subgoal *1.2.2/4
Subgoal *1.2.2/4'
Subgoal *1.2.2/4.2
Subgoal *1.2.2/4.1
Subgoal *1.2.2/4.1'
Subgoal *1.2.2/4.1''
Subgoal *1.2.2/4.1'''
*1.2.2.1 (Subgoal *1.2.2/4.1''') is pushed for proof
by induction.
Subgoal *1.2.2/3
Subgoal *1.2.2/2
Subgoal *1.2.2/2'
Subgoal *1.2.2/2.2
Subgoal *1.2.2/2.2'
Subgoal *1.2.2/2.2''
*1.2.2.2 (Subgoal *1.2.2/2.2'') is pushed for proof
by induction.
Subgoal *1.2.2/2.1
Subgoal *1.2.2/2.1'
Subgoal *1.2.2/2.1''
Subgoal *1.2.2/2.1'''
*1.2.2.3 (Subgoal *1.2.2/2.1''') is pushed for proof
by induction.
Subgoal *1.2.2/1
Subgoal *1.2.2/1'
So we now return to *1.2.2.3, which is
(IMPLIES
(AND (TRUE-LISTP LMS2)
(TRUE-LISTP LMS0)
(NOT (MEM LMS1 A))
(NOT (MEM LMS1 LMS2))
(EQUAL (CONS LMS1
(AP (COLLECT-LAST LMS2) (CONS X1 A)))
(AP (COLLECT-LAST (AP LMS0 (LIST X1)))
A))
(NOT (MEM X1 A))
(NOT (EQUAL LMS1 X1)))
(MEM LMS1 LMS0)).
Subgoal *1.2.2.3/7
Subgoal *1.2.2.3/7'
Subgoal *1.2.2.3/7''
Subgoal *1.2.2.3/7'''
Subgoal *1.2.2.3/7'4'
Subgoal *1.2.2.3/7'5'
Subgoal *1.2.2.3/7'6'
*1.2.2.3.1 (Subgoal *1.2.2.3/7'6') is pushed for proof
by induction.
Subgoal *1.2.2.3/6
Subgoal *1.2.2.3/6'
Subgoal *1.2.2.3/5
Subgoal *1.2.2.3/4
Subgoal *1.2.2.3/4'
Subgoal *1.2.2.3/3
Subgoal *1.2.2.3/3'
Subgoal *1.2.2.3/2
Subgoal *1.2.2.3/1
Subgoal *1.2.2.3/1'
Subgoal *1.2.2.3/1''
Subgoal *1.2.2.3/1'''
*1.2.2.3.2 (Subgoal *1.2.2.3/1''') is pushed for proof
by induction.
So we now return to *1.2.2.3.2, which is
(IMPLIES (AND (TRUE-LISTP LMS0)
(NOT (MEM LMS1 A))
(EQUAL (LIST* LMS1 X1 A)
(AP (COLLECT-LAST (AP LMS0 (LIST X1)))
A))
(NOT (MEM X1 A))
(NOT (EQUAL LMS1 X1)))
(MEM LMS1 LMS0)).
Subgoal *1.2.2.3.2/5
Subgoal *1.2.2.3.2/5'
Subgoal *1.2.2.3.2/4
Subgoal *1.2.2.3.2/4'
Subgoal *1.2.2.3.2/4''
Subgoal *1.2.2.3.2/3
Subgoal *1.2.2.3.2/2
Subgoal *1.2.2.3.2/2'
Subgoal *1.2.2.3.2/1
Subgoal *1.2.2.3.2/1'
*1.2.2.3.2 is COMPLETED!
We therefore turn our attention to *1.2.2.3.1, which
is
(IMPLIES (AND (NOT (MEM LMS3 LMS4))
(TRUE-LISTP LMS4)
(TRUE-LISTP LMS0)
(NOT (MEM LMS1 A))
(NOT (EQUAL LMS1 LMS3))
(NOT (MEM LMS1 LMS4))
(NOT (MEM X1 A))
(NOT (EQUAL LMS1 X1)))
(MEM LMS1 LMS0)).
Subgoal *1.2.2.3.1/5
Subgoal *1.2.2.3.1/5'
Subgoal *1.2.2.3.1/4
Subgoal *1.2.2.3.1/3
Subgoal *1.2.2.3.1/3'
Subgoal *1.2.2.3.1/2
Subgoal *1.2.2.3.1/2'
Subgoal *1.2.2.3.1/1
Subgoal *1.2.2.3.1/1'
Subgoal *1.2.2.3.1/1''
Subgoal *1.2.2.3.1/1'''
*1.2.2.3.1.1 (Subgoal *1.2.2.3.1/1''') is pushed for
proof by induction.
So we now return to *1.2.2.3.1.1, which is
(IMPLIES (AND (TRUE-LISTP LMS0)
(NOT (MEM LMS1 A))
(NOT (EQUAL LMS1 LMS3))
(NOT (MEM X1 A))
(NOT (EQUAL LMS1 X1)))
(MEM LMS1 LMS0)).
Subgoal *1.2.2.3.1.1/4
Subgoal *1.2.2.3.1.1/4'
Subgoal *1.2.2.3.1.1/3
Subgoal *1.2.2.3.1.1/3'
Subgoal *1.2.2.3.1.1/2
Subgoal *1.2.2.3.1.1/2'
Subgoal *1.2.2.3.1.1/1
Subgoal *1.2.2.3.1.1/1'
Subgoal *1.2.2.3.1.1/1''
Subgoal *1.2.2.3.1.1/1'''
*1.2.2.3.1.1.1 (Subgoal *1.2.2.3.1.1/1''') is pushed
for proof by induction.
So we now return to *1.2.2.3.1.1.1, which is
(IMPLIES (AND (TRUE-LISTP LMS0)
(NOT (EQUAL LMS1 LMS3))
(NOT (EQUAL LMS1 X1)))
(MEM LMS1 LMS0)).
Subgoal *1.2.2.3.1.1.1/4
Subgoal *1.2.2.3.1.1.1/4'
Subgoal *1.2.2.3.1.1.1/3
Subgoal *1.2.2.3.1.1.1/2
Subgoal *1.2.2.3.1.1.1/2'
Subgoal *1.2.2.3.1.1.1/1
Subgoal *1.2.2.3.1.1.1/1'
Subgoal *1.2.2.3.1.1.1/1''
Subgoal *1.2.2.3.1.1.1/1'''
Subgoal *1.2.2.3.1.1.1/1'4'
A goal of NIL, Subgoal *1.2.2.3.1.1.1/1'4', has been
generated! Obviously, the proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-2-LEMMA-1 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION COLLECT-FIRST)
(:DEFINITION COLLECT-LAST)
(:DEFINITION ENDP)
(:DEFINITION LIST-MINUS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:DEFINITION TRUE-LISTP)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART COLLECT-LAST)
(:EXECUTABLE-COUNTERPART CONSP)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION COLLECT-FIRST)
(:INDUCTION COLLECT-LAST)
(:INDUCTION LIST-MINUS)
(:INDUCTION MEM)
(:INDUCTION REV)
(:INDUCTION TRUE-LISTP)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE LIST-MINUS-AP)
(:REWRITE PROBLEM-1-LEMMA-2)
(:TYPE-PRESCRIPTION COLLECT-LAST)
(:TYPE-PRESCRIPTION LIST-MINUS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.24 seconds (prove: 0.22, print: 0.02, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoint at the top level: ***
Goal
(EQUAL (COLLECT-FIRST X A)
(AP (COLLECT-LAST (LIST-MINUS (REV X) A))
A))
*** Key checkpoints under a top-level induction: ***
Subgoal *1/2.2
(IMPLIES
(AND (CONSP X)
(MEM (CAR X) A)
(EQUAL (COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A))
A)))
(EQUAL
(COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST (AP (LIST-MINUS (REV (CDR X)) A) NIL))
A)))
Subgoal *1/2.1
(IMPLIES
(AND
(CONSP X)
(NOT (MEM (CAR X) A))
(EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X))
(CONS (CAR X) A)))
(CONS (CAR X) A))))
(EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST (AP (LIST-MINUS (REV (CDR X)) A)
(LIST (CAR X))))
A)))
ACL2 Error in ( DEFTHM PROBLEM-2-LEMMA-1 ...): See
:DOC failure.
**************** FAILED ****************
ACL2 !>(quote (Hint -- Think about (COLLECT-LAST (AP X Y))))
(HINT -- THINK ABOUT (COLLECT-LAST (AP X Y)))
ACL2 !>(defthm problem-2-lemma-2
(equal (collect-last (ap x y))
(ap (collect-last (list-minus x y))
(collect-last y))))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Three induction
schemes are suggested by this conjecture. Subsumption
reduces that number to two. However, one of these is
flawed and so we are left with one viable candidate.
We will induct according to a scheme suggested by
(LIST-MINUS X Y). This suggestion was produced using
the :induction rules AP and LIST-MINUS. If we let (:P X Y)
denote *1 above then the induction scheme we'll use
is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (MEM (CAR X) Y))
(:P (CDR X) Y))
(:P X Y))
(IMPLIES (AND (NOT (ENDP X))
(MEM (CAR X) Y)
(:P (CDR X) Y))
(:P X Y))
(IMPLIES (ENDP X) (:P X Y))).
This induction is justified by the same argument used
to admit LIST-MINUS. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/3.3
Subgoal *1/3.3'
Subgoal *1/3.3''
Subgoal *1/3.3'''
Subgoal *1/3.3'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/3.3'
(IMPLIES
(AND (CONSP X)
(NOT (MEM (CAR X) Y))
(EQUAL (COLLECT-LAST (AP (CDR X) Y))
(AP (COLLECT-LAST (LIST-MINUS (CDR X) Y))
(COLLECT-LAST Y)))
(MEM (CAR X) (CDR X)))
(MEM (CAR X) (LIST-MINUS (CDR X) Y)))
*1.1 (Subgoal *1/3.3'4') is pushed for proof by induction.
])
Subgoal *1/3.2
Subgoal *1/3.1
Subgoal *1/3.1'
Subgoal *1/3.1''
Subgoal *1/3.1'''
Subgoal *1/3.1'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/3.1'
(IMPLIES
(AND (CONSP X)
(NOT (MEM (CAR X) Y))
(EQUAL (COLLECT-LAST (AP (CDR X) Y))
(AP (COLLECT-LAST (LIST-MINUS (CDR X) Y))
(COLLECT-LAST Y)))
(NOT (MEM (CAR X) (CDR X))))
(NOT (MEM (CAR X) (LIST-MINUS (CDR X) Y))))
*1.2 (Subgoal *1/3.1'4') is pushed for proof by induction.
])
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.2, which is
(IMPLIES (AND (TRUE-LISTP LMS)
(NOT (MEM X1 Y))
(EQUAL (COLLECT-LAST (AP X2 Y))
(AP (COLLECT-LAST LMS)
(COLLECT-LAST Y)))
(NOT (MEM X1 X2)))
(NOT (MEM X1 LMS))).
Subgoal *1.2/5
Subgoal *1.2/5'
Subgoal *1.2/4
Subgoal *1.2/4'
Subgoal *1.2/4''
Subgoal *1.2/4'''
Subgoal *1.2/4'4'
Subgoal *1.2/4'5'
Subgoal *1.2/4'6'
Subgoal *1.2/4'7'
*1.2.1 (Subgoal *1.2/4'7') is pushed for proof by induction.
Subgoal *1.2/3
Subgoal *1.2/2
Subgoal *1.2/2'
Subgoal *1.2/2.2
Subgoal *1.2/2.2'
Subgoal *1.2/2.2''
*1.2.2 (Subgoal *1.2/2.2'') is pushed for proof by induction.
Subgoal *1.2/2.1
Subgoal *1.2/2.1'
Subgoal *1.2/2.1''
Subgoal *1.2/2.1'''
*1.2.3 (Subgoal *1.2/2.1''') is pushed for proof by
induction.
Subgoal *1.2/1
Subgoal *1.2/1'
So we now return to *1.2.3, which is
(IMPLIES (AND (TRUE-LISTP LMS2)
(NOT (MEM LMS1 Y))
(NOT (MEM LMS1 LMS2))
(EQUAL (COLLECT-LAST (AP X2 Y))
(CONS LMS1
(AP (COLLECT-LAST LMS2)
(COLLECT-LAST Y)))))
(MEM LMS1 X2)).
Subgoal *1.2.3/7
Subgoal *1.2.3/7'
Subgoal *1.2.3/7''
Subgoal *1.2.3/7'''
Subgoal *1.2.3/7'4'
Subgoal *1.2.3/7'5'
Subgoal *1.2.3/7'6'
*1.2.3.1 (Subgoal *1.2.3/7'6') is pushed for proof by
induction.
Subgoal *1.2.3/6
Subgoal *1.2.3/6'
Subgoal *1.2.3/5
Subgoal *1.2.3/4
Subgoal *1.2.3/4'
Subgoal *1.2.3/3
Subgoal *1.2.3/3'
Subgoal *1.2.3/2
Subgoal *1.2.3/1
Subgoal *1.2.3/1'
Subgoal *1.2.3/1''
Subgoal *1.2.3/1'''
*1.2.3.2 (Subgoal *1.2.3/1''') is pushed for proof by
induction.
So we now return to *1.2.3.2, which is
(IMPLIES (AND (NOT (MEM LMS1 Y))
(EQUAL (COLLECT-LAST (AP X2 Y))
(CONS LMS1 (COLLECT-LAST Y))))
(MEM LMS1 X2)).
Subgoal *1.2.3.2/4
Subgoal *1.2.3.2/4'
Subgoal *1.2.3.2/3
Subgoal *1.2.3.2/3'
Subgoal *1.2.3.2/3.3
Subgoal *1.2.3.2/3.2
Subgoal *1.2.3.2/3.1
Subgoal *1.2.3.2/2
Subgoal *1.2.3.2/2'
Subgoal *1.2.3.2/1
Subgoal *1.2.3.2/1'
*1.2.3.2 is COMPLETED!
We therefore turn our attention to *1.2.3.1, which is
(IMPLIES (AND (NOT (MEM LMS3 LMS4))
(TRUE-LISTP LMS4)
(NOT (MEM LMS1 Y))
(NOT (EQUAL LMS1 LMS3))
(NOT (MEM LMS1 LMS4)))
(MEM LMS1 X2)).
Subgoal *1.2.3.1/5
Subgoal *1.2.3.1/5'
Subgoal *1.2.3.1/4
Subgoal *1.2.3.1/3
Subgoal *1.2.3.1/3'
Subgoal *1.2.3.1/2
Subgoal *1.2.3.1/2'
Subgoal *1.2.3.1/1
Subgoal *1.2.3.1/1'
Subgoal *1.2.3.1/1''
Subgoal *1.2.3.1/1'''
*1.2.3.1.1 (Subgoal *1.2.3.1/1''') is pushed for proof
by induction.
So we now return to *1.2.3.1.1, which is
(IMPLIES (AND (NOT (MEM LMS1 Y))
(NOT (EQUAL LMS1 LMS3)))
(MEM LMS1 X2)).
Subgoal *1.2.3.1.1/3
Subgoal *1.2.3.1.1/3'
Subgoal *1.2.3.1.1/2
Subgoal *1.2.3.1.1/2'
Subgoal *1.2.3.1.1/1
Subgoal *1.2.3.1.1/1'
Subgoal *1.2.3.1.1/1''
Subgoal *1.2.3.1.1/1'''
*1.2.3.1.1.1 (Subgoal *1.2.3.1.1/1''') is pushed for
proof by induction.
So we now return to *1.2.3.1.1.1, which is
(IMPLIES (NOT (EQUAL LMS1 LMS3))
(MEM LMS1 X2)).
The formula above is subsumed by one of its parents,
*1.2.3.1.1, which we're in the process of trying to
prove by induction. When an inductive proof pushes
a subgoal for induction that is less general than the
original goal, it may be a sign that either an inappropriate
induction was chosen or that the original goal is insufficien\
tly general. In any case, our proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-2-LEMMA-2 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION COLLECT-LAST)
(:DEFINITION ENDP)
(:DEFINITION LIST-MINUS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION TRUE-LISTP)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART COLLECT-LAST)
(:EXECUTABLE-COUNTERPART CONSP)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION COLLECT-LAST)
(:INDUCTION LIST-MINUS)
(:INDUCTION MEM)
(:INDUCTION TRUE-LISTP)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE CONS-EQUAL)
(:REWRITE PROBLEM-1-LEMMA-2)
(:TYPE-PRESCRIPTION COLLECT-LAST)
(:TYPE-PRESCRIPTION LIST-MINUS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.15 seconds (prove: 0.13, print: 0.02, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoint at the top level: ***
Goal
(EQUAL (COLLECT-LAST (AP X Y))
(AP (COLLECT-LAST (LIST-MINUS X Y))
(COLLECT-LAST Y)))
*** Key checkpoints under a top-level induction: ***
Subgoal *1/3.3'
(IMPLIES
(AND (CONSP X)
(NOT (MEM (CAR X) Y))
(EQUAL (COLLECT-LAST (AP (CDR X) Y))
(AP (COLLECT-LAST (LIST-MINUS (CDR X) Y))
(COLLECT-LAST Y)))
(MEM (CAR X) (CDR X)))
(MEM (CAR X) (LIST-MINUS (CDR X) Y)))
Subgoal *1/3.1'
(IMPLIES
(AND (CONSP X)
(NOT (MEM (CAR X) Y))
(EQUAL (COLLECT-LAST (AP (CDR X) Y))
(AP (COLLECT-LAST (LIST-MINUS (CDR X) Y))
(COLLECT-LAST Y)))
(NOT (MEM (CAR X) (CDR X))))
(NOT (MEM (CAR X) (LIST-MINUS (CDR X) Y))))
ACL2 Error in ( DEFTHM PROBLEM-2-LEMMA-2 ...): See
:DOC failure.
**************** FAILED ****************
ACL2 !>(quote (Hint -- Think about (mem e (list-minus x y))))
(HINT -- THINK ABOUT (MEM E (LIST-MINUS X Y)))
ACL2 !>(defthm problem-2-lemma-3
(iff (mem e (list-minus x y))
(and (mem e x)
(not (mem e y)))))
Goal'
Subgoal 3
([ A key checkpoint:
Subgoal 3
(IMPLIES (AND (NOT (MEM E (LIST-MINUS X Y)))
(MEM E X))
(MEM E Y))
*1 (Subgoal 3) is pushed for proof by induction.
])
Subgoal 2
([ A key checkpoint:
Subgoal 2
(IMPLIES (MEM E (LIST-MINUS X Y))
(NOT (MEM E Y)))
Normally we would attempt to prove Subgoal 2 by induction.
However, we prefer in this instance to focus on the
original input conjecture rather than this simplified
special case. We therefore abandon our previous work
on this conjecture and reassign the name *1 to the original
conjecture. (See :DOC otf-flg.)
])
Perhaps we can prove *1 by induction. Three induction
schemes are suggested by this conjecture. These merge
into two derived induction schemes. However, one of
these is flawed and so we are left with one viable candidate.
We will induct according to a scheme suggested by (MEM E X),
but modified to accommodate (LIST-MINUS X Y). These
suggestions were produced using the :induction rules
LIST-MINUS and MEM. If we let (:P E X Y) denote *1
above then the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (EQUAL E (CAR X)))
(:P E (CDR X) Y))
(:P E X Y))
(IMPLIES (AND (NOT (ENDP X)) (EQUAL E (CAR X)))
(:P E X Y))
(IMPLIES (ENDP X) (:P E X Y))).
This induction is justified by the same argument used
to admit MEM. When applied to the goal at hand the
above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/3.3
Subgoal *1/3.2
Subgoal *1/3.1
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2.2
Subgoal *1/2.2'
Subgoal *1/2.2''
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.2
(IMPLIES (AND (CONSP X) (MEM (CAR X) Y))
(NOT (MEM (CAR X) (LIST-MINUS (CDR X) Y))))
*1.1 (Subgoal *1/2.2'') is pushed for proof by induction.
])
Subgoal *1/2.1
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.1, which is
(IMPLIES (MEM X1 Y)
(NOT (MEM X1 (LIST-MINUS X2 Y)))).
Subgoal *1.1/3
Subgoal *1.1/3'
Subgoal *1.1/3''
Subgoal *1.1/2
Subgoal *1.1/2'
Subgoal *1.1/1
Subgoal *1.1/1'
*1.1 and *1 are COMPLETED!
Thus key checkpoints Subgoal *1/2.2 and Goal are COMPLETED!
Q.E.D.
The storage of PROBLEM-2-LEMMA-3 depends upon the :type-
prescription rule MEM.
Summary
Form: ( DEFTHM PROBLEM-2-LEMMA-3 ...)
Rules: ((:DEFINITION ENDP)
(:DEFINITION IFF)
(:DEFINITION LIST-MINUS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART NOT)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION LIST-MINUS)
(:INDUCTION MEM)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:TYPE-PRESCRIPTION LIST-MINUS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.02 seconds (prove: 0.01, print: 0.01, other: 0.00)
PROBLEM-2-LEMMA-3
ACL2 !>(defthm problem-2-lemma-2
(equal (collect-last (ap x y))
(ap (list-minus (collect-last x) y)
(collect-last y))))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Three induction
schemes are suggested by this conjecture. These merge
into two derived induction schemes. However, one of
these is flawed and so we are left with one viable candidate.
We will induct according to a scheme suggested by
(COLLECT-LAST X), but modified to accommodate (AP X Y).
These suggestions were produced using the :induction
rules AP and COLLECT-LAST. If we let (:P X Y) denote
*1 above then the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP X))
(NOT (MEM (CAR X) (CDR X)))
(:P (CDR X) Y))
(:P X Y))
(IMPLIES (AND (NOT (ENDP X))
(MEM (CAR X) (CDR X))
(:P (CDR X) Y))
(:P X Y))
(IMPLIES (ENDP X) (:P X Y))).
This induction is justified by the same argument used
to admit COLLECT-LAST. When applied to the goal at
hand the above induction scheme produces three nontautologica\
l subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/3''
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/1
Subgoal *1/1'
*1 is COMPLETED!
Thus key checkpoint Goal is COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-2-LEMMA-2 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION COLLECT-LAST)
(:DEFINITION ENDP)
(:DEFINITION LIST-MINUS)
(:DEFINITION NOT)
(:EXECUTABLE-COUNTERPART CONSP)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION COLLECT-LAST)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE PROBLEM-1-LEMMA-2)
(:TYPE-PRESCRIPTION COLLECT-LAST)
(:TYPE-PRESCRIPTION LIST-MINUS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.02 seconds (prove: 0.01, print: 0.00, other: 0.00)
PROBLEM-2-LEMMA-2
ACL2 !>(quote (Note that PROBLEM-1-LEMMA-2 from our earlier proof is used above))
(NOTE THAT PROBLEM-1-LEMMA-2
FROM OUR EARLIER PROOF IS USED ABOVE)
ACL2 !>(defthm problem-2-lemma-1
(equal (collect-first x a)
(ap (collect-last (list-minus (rev x) a))
a)))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by
(COLLECT-FIRST X A). This suggestion was produced using
the :induction rules COLLECT-FIRST and REV. If we let
(:P A X) denote *1 above then the induction scheme we'll
use is
(AND
(IMPLIES (AND (NOT (ENDP X))
(:P (IF (MEM (CAR X) A) A (CONS (CAR X) A))
(CDR X)))
(:P A X))
(IMPLIES (ENDP X) (:P A X))).
This induction is justified by the same argument used
to admit COLLECT-FIRST. Note, however, that the unmeasured
variable A is being instantiated. When applied to the
goal at hand the above induction scheme produces two
nontautological subgoals.
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2.2
Subgoal *1/2.2'
Subgoal *1/2.2''
Subgoal *1/2.2'''
Subgoal *1/2.2'4'
Subgoal *1/2.2'5'
Subgoal *1/2.2'6'
Subgoal *1/2.2'7'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.2
(IMPLIES
(AND (CONSP X)
(MEM (CAR X) A)
(EQUAL (COLLECT-FIRST (CDR X) A)
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A))
A)))
(EQUAL
(COLLECT-FIRST (CDR X) A)
(AP
(AP
(LIST-MINUS (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A))
NIL)
NIL)
A)))
*1.1 (Subgoal *1/2.2'7') is pushed for proof by induction.
])
Subgoal *1/2.1
Subgoal *1/2.1'
Subgoal *1/2.1''
Subgoal *1/2.1'''
Subgoal *1/2.1'4'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2.1
(IMPLIES
(AND
(CONSP X)
(NOT (MEM (CAR X) A))
(EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP (COLLECT-LAST (LIST-MINUS (REV (CDR X))
(CONS (CAR X) A)))
(CONS (CAR X) A))))
(EQUAL
(COLLECT-FIRST (CDR X) (CONS (CAR X) A))
(AP
(AP
(LIST-MINUS (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A))
(LIST (CAR X)))
(LIST (CAR X)))
A)))
*1.2 (Subgoal *1/2.1'4') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.2, which is
(IMPLIES
(NOT (MEM X1 A))
(EQUAL (AP (COLLECT-LAST (LIST-MINUS RV (CONS X1 A)))
(CONS X1 A))
(AP (AP (LIST-MINUS (COLLECT-LAST (LIST-MINUS RV A))
(LIST X1))
(LIST X1))
A))).
Subgoal *1.2/3
Subgoal *1.2/3'
Subgoal *1.2/3.3
Subgoal *1.2/3.2
Subgoal *1.2/3.1
Subgoal *1.2/2
Subgoal *1.2/2'
Subgoal *1.2/1
Subgoal *1.2/1'
*1.2 is COMPLETED!
Thus key checkpoint Subgoal *1/2.1 is COMPLETED!
We therefore turn our attention to *1.1, which is
(IMPLIES (AND (TRUE-LISTP CLT) (MEM X1 A))
(EQUAL (AP CLT A)
(AP (AP (LIST-MINUS CLT NIL) NIL) A))).
Subgoal *1.1/5
Subgoal *1.1/5'
Subgoal *1.1/4
Subgoal *1.1/3
Subgoal *1.1/3'
Subgoal *1.1/2
Subgoal *1.1/1
Subgoal *1.1/1'
*1.1 and *1 are COMPLETED!
Thus key checkpoints Subgoal *1/2.2 and Goal are COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-2-LEMMA-1 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION COLLECT-FIRST)
(:DEFINITION COLLECT-LAST)
(:DEFINITION ENDP)
(:DEFINITION LIST-MINUS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:DEFINITION TRUE-LISTP)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART AP)
(:EXECUTABLE-COUNTERPART COLLECT-LAST)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART LIST-MINUS)
(:EXECUTABLE-COUNTERPART NOT)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION COLLECT-FIRST)
(:INDUCTION LIST-MINUS)
(:INDUCTION REV)
(:INDUCTION TRUE-LISTP)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE LIST-MINUS-AP)
(:REWRITE PROBLEM-2-LEMMA-2)
(:REWRITE PROBLEM-2-LEMMA-3)
(:TYPE-PRESCRIPTION COLLECT-LAST)
(:TYPE-PRESCRIPTION LIST-MINUS)
(:TYPE-PRESCRIPTION MEM))
Time: 0.09 seconds (prove: 0.08, print: 0.01, other: 0.00)
PROBLEM-2-LEMMA-1
ACL2 !>(defthm problem-2
(equal (collect-first x nil)
(collect-last (rev x))))
ACL2 Warning [Subsume] in ( DEFTHM PROBLEM-2 ...):
The previously added rule PROBLEM-2-LEMMA-1 subsumes
a newly proposed :REWRITE rule generated from PROBLEM-2,
in the sense that the old rule rewrites a more general
target. Because the new rule will be tried first, it
may nonetheless find application.
Goal'
([ A key checkpoint:
Goal'
(EQUAL (AP (COLLECT-LAST (LIST-MINUS (REV X) NIL))
NIL)
(COLLECT-LAST (REV X)))
*1 (Goal') is pushed for proof by induction.
])
Perhaps we can prove *1 by induction. Two induction
schemes are suggested by this conjecture. Subsumption
reduces that number to one.
We will induct according to a scheme suggested by (REV X).
This suggestion was produced using the :induction rule
REV. If we let (:P X) denote *1 above then the induction
scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP X)) (:P (CDR X)))
(:P X))
(IMPLIES (ENDP X) (:P X))).
This induction is justified by the same argument used
to admit REV. When applied to the goal at hand the
above induction scheme produces two nontautological
subgoals.
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2''
Subgoal *1/2'''
Subgoal *1/2'4'
Subgoal *1/2'5'
Subgoal *1/2'6'
Subgoal *1/2'7'
Subgoal *1/2'8'
Subgoal *1/2'9'
Subgoal *1/2'10'
Subgoal *1/2'11'
([ A key checkpoint while proving *1 (descended from
Goal'):
Subgoal *1/2''
(IMPLIES
(AND
(CONSP X)
(EQUAL (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) NIL))
NIL)
(COLLECT-LAST (REV (CDR X)))))
(EQUAL
(AP (AP (LIST-MINUS
(COLLECT-LAST (LIST-MINUS (REV (CDR X)) NIL))
(LIST (CAR X)))
(LIST (CAR X)))
NIL)
(AP (LIST-MINUS (COLLECT-LAST (REV (CDR X)))
(LIST (CAR X)))
(LIST (CAR X)))))
*1.1 (Subgoal *1/2'11') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.1, which is
(IMPLIES (TRUE-LISTP LMS0)
(EQUAL (AP (AP LMS0 (LIST X1)) NIL)
(AP (AP LMS0 NIL) (LIST X1)))).
Subgoal *1.1/3
Subgoal *1.1/3'
Subgoal *1.1/2
Subgoal *1.1/1
Subgoal *1.1/1'
*1.1 and *1 are COMPLETED!
Thus key checkpoints Subgoal *1/2'' and Goal' are COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-2 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION COLLECT-LAST)
(:DEFINITION ENDP)
(:DEFINITION LIST-MINUS)
(:DEFINITION MEM)
(:DEFINITION NOT)
(:DEFINITION REV)
(:DEFINITION TRUE-LISTP)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART AP)
(:EXECUTABLE-COUNTERPART COLLECT-LAST)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART EQUAL)
(:EXECUTABLE-COUNTERPART LIST-MINUS)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION REV)
(:INDUCTION TRUE-LISTP)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE LIST-MINUS-AP)
(:REWRITE PROBLEM-2-LEMMA-1)
(:REWRITE PROBLEM-2-LEMMA-2)
(:TYPE-PRESCRIPTION COLLECT-LAST)
(:TYPE-PRESCRIPTION LIST-MINUS))
Warnings: Subsume
Time: 0.04 seconds (prove: 0.04, print: 0.00, other: 0.00)
PROBLEM-2
ACL2 !>(pbt 1)
L 1 (DEFUN AP (X Y) ...)
L 2 (DEFUN REV (X) ...)
L 3 (DEFUN MEM (E X) ...)
L 4 (DEFUN HAS-DUPS (X) ...)
5 (DEFTHM PROBLEM-1-LEMMA-2 ...)
6 (DEFTHM PROBLEM-1-LEMMA-1 ...)
7 (DEFTHM PROBLEM-1-LEMMA-3 ...)
8 (DEFTHM PROBLEM-1 ...)
L 9 (DEFUN COLLECT-LAST (X) ...)
L 10 (DEFUN COLLECT-FIRST (X A) ...)
L 11 (DEFUN LIST-MINUS (X Y) ...)
12 (DEFTHM LIST-MINUS-AP ...)
13 (DEFTHM PROBLEM-2-LEMMA-3 ...)
14 (DEFTHM PROBLEM-2-LEMMA-2 ...)
15 (DEFTHM PROBLEM-2-LEMMA-1 ...)
16:x(DEFTHM PROBLEM-2 ...)
ACL2 !>(quote (the end -- unless you want a really simple one))
(THE END
-- UNLESS YOU WANT A REALLY SIMPLE ONE)
ACL2 !>(defun how-many (e x)
(if (endp x)
0
(if (equal e (car x))
(+ 1 (how-many e (cdr x)))
(how-many e (cdr x)))))
The admission of HOW-MANY is trivial, using the relation
O< (which is known to be well-founded on the domain
recognized by O-P) and the measure (ACL2-COUNT X).
We observe that the type of HOW-MANY is described by
the theorem
(AND (INTEGERP (HOW-MANY E X)) (<= 0 (HOW-MANY E X))).
We used primitive type reasoning.
Summary
Form: ( DEFUN HOW-MANY ...)
Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL))
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
HOW-MANY
ACL2 !>(how-many 2 '(1 2 3 2 4 6 2 7))
3
ACL2 !>(defun splice (x e y)
(if (endp y)
nil
(if (equal e (car y))
(ap x (splice x e (cdr y)))
(cons (car y)
(splice x e (cdr y))))))
The admission of SPLICE is trivial, using the relation
O< (which is known to be well-founded on the domain
recognized by O-P) and the measure (ACL2-COUNT Y).
We observe that the type of SPLICE is described by the
theorem
(OR (CONSP (SPLICE X E Y)) (EQUAL (SPLICE X E Y) NIL)).
We used primitive type reasoning and the :type-prescription
rule AP.
Summary
Form: ( DEFUN SPLICE ...)
Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)
(:TYPE-PRESCRIPTION AP))
Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
SPLICE
ACL2 !>(splice '(0 0 0) 1 '(1 2 3 1 4 1 5))
(0 0 0 2 3 0 0 0 4 0 0 0 5)
ACL2 !>(defthm problem-0
(equal (how-many e (splice x e y))
(* (how-many e x)
(how-many e y))))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Three induction
schemes are suggested by this conjecture. Subsumption
reduces that number to two. However, one of these is
flawed and so we are left with one viable candidate.
We will induct according to a scheme suggested by
(SPLICE X E Y). This suggestion was produced using
the :induction rules HOW-MANY and SPLICE. If we let
(:P E X Y) denote *1 above then the induction scheme
we'll use is
(AND (IMPLIES (AND (NOT (ENDP Y))
(NOT (EQUAL E (CAR Y)))
(:P E X (CDR Y)))
(:P E X Y))
(IMPLIES (AND (NOT (ENDP Y))
(EQUAL E (CAR Y))
(:P E X (CDR Y)))
(:P E X Y))
(IMPLIES (ENDP Y) (:P E X Y))).
This induction is justified by the same argument used
to admit SPLICE. When applied to the goal at hand the
above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2''
Subgoal *1/2'''
Subgoal *1/2'4'
Subgoal *1/2'5'
([ A key checkpoint while proving *1 (descended from
Goal):
Subgoal *1/2''
(IMPLIES (AND (CONSP Y)
(EQUAL (HOW-MANY (CAR Y)
(SPLICE X (CAR Y) (CDR Y)))
(* (HOW-MANY (CAR Y) X)
(HOW-MANY (CAR Y) (CDR Y)))))
(EQUAL (HOW-MANY (CAR Y)
(AP X (SPLICE X (CAR Y) (CDR Y))))
(+ (HOW-MANY (CAR Y) X)
(HOW-MANY (CAR Y)
(SPLICE X (CAR Y) (CDR Y))))))
*1.1 (Subgoal *1/2'5') is pushed for proof by induction.
])
Subgoal *1/1
Subgoal *1/1'
So we now return to *1.1, which is
(EQUAL (HOW-MANY Y1 (AP X (SPLICE X Y1 Y2)))
(+ (HOW-MANY Y1 X)
(* (HOW-MANY Y1 X) (HOW-MANY Y1 Y2)))).
Subgoal *1.1/3
Subgoal *1.1/3'
Subgoal *1.1/3''
Subgoal *1.1/3'''
Subgoal *1.1/3'4'
Subgoal *1.1/3'5'
*1.1.1 (Subgoal *1.1/3'5') is pushed for proof by induction.
Subgoal *1.1/2
Subgoal *1.1/2'
Subgoal *1.1/2''
Subgoal *1.1/2'''
Subgoal *1.1/2'4'
Subgoal *1.1/2'5'
*1.1.2 (Subgoal *1.1/2'5') is pushed for proof by induction.
Subgoal *1.1/1
Subgoal *1.1/1'
Subgoal *1.1/1''
Subgoal *1.1/1'''
*1.1.3 (Subgoal *1.1/1''') is pushed for proof by induction.
So we now return to *1.1.3, which is
(EQUAL (HOW-MANY Y1 (AP X NIL))
(+ (HOW-MANY Y1 X)
(* 0 (HOW-MANY Y1 X)))).
Subgoal *1.1.3/3
Subgoal *1.1.3/3'
Subgoal *1.1.3/2
Subgoal *1.1.3/2'
Subgoal *1.1.3/2''
Subgoal *1.1.3/1
Subgoal *1.1.3/1'
*1.1.3 is COMPLETED!
We therefore turn our attention to *1.1.2, which is
(EQUAL (HOW-MANY Y3 (AP X (AP X (SPLICE X Y3 Y4))))
(+ (HOW-MANY Y3 X)
(HOW-MANY Y3 X)
(* (HOW-MANY Y3 X) (HOW-MANY Y3 Y4)))).
Subgoal *1.1.2/3
Subgoal *1.1.2/3'
Subgoal *1.1.2/3''
Subgoal *1.1.2/3'''
Subgoal *1.1.2/3'4'
Subgoal *1.1.2/3'5'
*1.1.2.1 (Subgoal *1.1.2/3'5') is pushed for proof by
induction.
Subgoal *1.1.2/2
Subgoal *1.1.2/2'
Subgoal *1.1.2/2''
Subgoal *1.1.2/2'''
Subgoal *1.1.2/2'4'
Subgoal *1.1.2/2'5'
*1.1.2.2 (Subgoal *1.1.2/2'5') is pushed for proof by
induction.
Subgoal *1.1.2/1
Subgoal *1.1.2/1'
Subgoal *1.1.2/1''
Subgoal *1.1.2/1'''
*1.1.2.3 (Subgoal *1.1.2/1''') is pushed for proof by
induction.
So we now return to *1.1.2.3, which is
(EQUAL (HOW-MANY Y3 (AP X (AP X NIL)))
(+ (HOW-MANY Y3 X)
(HOW-MANY Y3 X)
(* 0 (HOW-MANY Y3 X)))).
Subgoal *1.1.2.3/3
Subgoal *1.1.2.3/3'
Subgoal *1.1.2.3/3''
Subgoal *1.1.2.3/3'''
Subgoal *1.1.2.3/3'4'
Subgoal *1.1.2.3/3'5'
Subgoal *1.1.2.3/3'6'
*1.1.2.3.1 (Subgoal *1.1.2.3/3'6') is pushed for proof
by induction.
Subgoal *1.1.2.3/2
Subgoal *1.1.2.3/2'
Subgoal *1.1.2.3/2''
Subgoal *1.1.2.3/2'''
Subgoal *1.1.2.3/2'4'
Subgoal *1.1.2.3/2'5'
Subgoal *1.1.2.3/2'6'
Subgoal *1.1.2.3/2'7'
Subgoal *1.1.2.3/2'8'
Subgoal *1.1.2.3/2'9'
*1.1.2.3.2 (Subgoal *1.1.2.3/2'9') is pushed for proof
by induction.
Subgoal *1.1.2.3/1
Subgoal *1.1.2.3/1'
So we now return to *1.1.2.3.2, which is
(IMPLIES (AND (INTEGERP I)
(<= 0 I)
(EQUAL (HOW-MANY X1 (AP X2 AP))
(+ I I)))
(EQUAL (+ 1 (HOW-MANY X1 (AP X2 (CONS X1 AP))))
(+ 1 I 1 I))).
Subgoal *1.1.2.3.2/3
Subgoal *1.1.2.3.2/3'
Subgoal *1.1.2.3.2/3''
Subgoal *1.1.2.3.2/3'''
Subgoal *1.1.2.3.2/3'4'
Subgoal *1.1.2.3.2/3'5'
Subgoal *1.1.2.3.2/3'6'
*1.1.2.3.2.1 (Subgoal *1.1.2.3.2/3'6') is pushed for
proof by induction.
Subgoal *1.1.2.3.2/2
Subgoal *1.1.2.3.2/2'
Subgoal *1.1.2.3.2/2''
Subgoal *1.1.2.3.2/2'''
Subgoal *1.1.2.3.2/2'4'
Subgoal *1.1.2.3.2/2'5'
Subgoal *1.1.2.3.2/2'6'
Subgoal *1.1.2.3.2/2'7'
Subgoal *1.1.2.3.2/2'8'
Subgoal *1.1.2.3.2/2'9'
*1.1.2.3.2.2 (Subgoal *1.1.2.3.2/2'9') is pushed for
proof by induction.
Subgoal *1.1.2.3.2/1
Subgoal *1.1.2.3.2/1'
Subgoal *1.1.2.3.2/1''
So we now return to *1.1.2.3.2.2, which is
(IMPLIES (AND (INTEGERP J)
(<= 0 J)
(NOT (EQUAL J (+ 1 J)))
(INTEGERP I)
(<= 0 I))
(EQUAL (+ 1 1 (HOW-MANY X3 (AP X4 (CONS X3 AP))))
(+ 1 I 1 I))).
Subgoal *1.1.2.3.2.2/2
Subgoal *1.1.2.3.2.2/2'
Subgoal *1.1.2.3.2.2/2''
Subgoal *1.1.2.3.2.2/2'''
Subgoal *1.1.2.3.2.2/2'4'
Subgoal *1.1.2.3.2.2/2'5'
Subgoal *1.1.2.3.2.2/2'6'
*1.1.2.3.2.2.1 (Subgoal *1.1.2.3.2.2/2'6') is pushed
for proof by induction.
Subgoal *1.1.2.3.2.2/1
Subgoal *1.1.2.3.2.2/1'
Subgoal *1.1.2.3.2.2/1''
Subgoal *1.1.2.3.2.2/1'''
*1.1.2.3.2.2.2 (Subgoal *1.1.2.3.2.2/1''') is pushed
for proof by induction.
So we now return to *1.1.2.3.2.2.2, which is
(IMPLIES (AND (INTEGERP J)
(<= 0 J)
(NOT (EQUAL J (+ 1 J)))
(INTEGERP I)
(<= 0 I))
(EQUAL (+ 1 1 1 (HOW-MANY X3 AP))
(+ 1 I 1 I))).
Subgoal *1.1.2.3.2.2.2/3
Subgoal *1.1.2.3.2.2.2/3'
Subgoal *1.1.2.3.2.2.2/2
Subgoal *1.1.2.3.2.2.2/2'
Subgoal *1.1.2.3.2.2.2/2''
Subgoal *1.1.2.3.2.2.2/2'''
Subgoal *1.1.2.3.2.2.2/2'4'
Subgoal *1.1.2.3.2.2.2/2'5'
*1.1.2.3.2.2.2.1 (Subgoal *1.1.2.3.2.2.2/2'5') is pushed
for proof by induction.
Subgoal *1.1.2.3.2.2.2/1
Subgoal *1.1.2.3.2.2.2/1'
Subgoal *1.1.2.3.2.2.2/1''
Subgoal *1.1.2.3.2.2.2/1'''
*1.1.2.3.2.2.2.2 (Subgoal *1.1.2.3.2.2.2/1''') is pushed
for proof by induction.
So we now return to *1.1.2.3.2.2.2.2, which is
(IMPLIES (AND (INTEGERP J)
(<= 0 J)
(NOT (EQUAL J (+ 1 J)))
(INTEGERP I)
(<= 0 I))
(EQUAL 3 (+ 1 I 1 I))).
No induction schemes are suggested by *1.1.2.3.2.2.2.2.
Consequently, the proof attempt has failed.
Summary
Form: ( DEFTHM PROBLEM-0 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION ENDP)
(:DEFINITION FIX)
(:DEFINITION HOW-MANY)
(:DEFINITION NOT)
(:DEFINITION SPLICE)
(:ELIM CAR-CDR-ELIM)
(:EXECUTABLE-COUNTERPART BINARY-*)
(:EXECUTABLE-COUNTERPART BINARY-+)
(:EXECUTABLE-COUNTERPART CONSP)
(:EXECUTABLE-COUNTERPART EQUAL)
(:FAKE-RUNE-FOR-LINEAR NIL)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION HOW-MANY)
(:INDUCTION SPLICE)
(:REWRITE ASSOCIATIVITY-OF-+)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE COMMUTATIVITY-OF-*)
(:REWRITE COMMUTATIVITY-OF-+)
(:REWRITE DISTRIBUTIVITY)
(:REWRITE UNICITY-OF-0)
(:REWRITE UNICITY-OF-1)
(:TYPE-PRESCRIPTION HOW-MANY))
Time: 0.21 seconds (prove: 0.18, print: 0.02, other: 0.00)
---
The key checkpoint goals, below, may help you to debug
this failure. See :DOC failure and see :DOC set-checkpoint-
summary-limit.
---
*** Key checkpoint at the top level: ***
Goal
(EQUAL (HOW-MANY E (SPLICE X E Y))
(* (HOW-MANY E X) (HOW-MANY E Y)))
*** Key checkpoint under a top-level induction: ***
Subgoal *1/2''
(IMPLIES (AND (CONSP Y)
(EQUAL (HOW-MANY (CAR Y)
(SPLICE X (CAR Y) (CDR Y)))
(* (HOW-MANY (CAR Y) X)
(HOW-MANY (CAR Y) (CDR Y)))))
(EQUAL (HOW-MANY (CAR Y)
(AP X (SPLICE X (CAR Y) (CDR Y))))
(+ (HOW-MANY (CAR Y) X)
(HOW-MANY (CAR Y)
(SPLICE X (CAR Y) (CDR Y))))))
ACL2 Error in ( DEFTHM PROBLEM-0 ...): See :DOC failure.
**************** FAILED ****************
ACL2 !>(defthm problem-0-lemma-1
(equal (how-many e (ap a b))
(+ (how-many e a)
(how-many e b))))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Three induction
schemes are suggested by this conjecture. These merge
into two derived induction schemes. However, one of
these is flawed and so we are left with one viable candidate.
We will induct according to a scheme suggested by
(HOW-MANY E A), but modified to accommodate (AP A B).
These suggestions were produced using the :induction
rules AP and HOW-MANY. If we let (:P A B E) denote
*1 above then the induction scheme we'll use is
(AND (IMPLIES (AND (NOT (ENDP A))
(NOT (EQUAL E (CAR A)))
(:P (CDR A) B E))
(:P A B E))
(IMPLIES (AND (NOT (ENDP A))
(EQUAL E (CAR A))
(:P (CDR A) B E))
(:P A B E))
(IMPLIES (ENDP A) (:P A B E))).
This induction is justified by the same argument used
to admit HOW-MANY. When applied to the goal at hand
the above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/2''
Subgoal *1/1
Subgoal *1/1'
*1 is COMPLETED!
Thus key checkpoint Goal is COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-0-LEMMA-1 ...)
Rules: ((:DEFINITION AP)
(:DEFINITION ENDP)
(:DEFINITION FIX)
(:DEFINITION HOW-MANY)
(:DEFINITION NOT)
(:FAKE-RUNE-FOR-LINEAR NIL)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION AP)
(:INDUCTION HOW-MANY)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE COMMUTATIVITY-OF-+)
(:REWRITE UNICITY-OF-0)
(:TYPE-PRESCRIPTION HOW-MANY))
Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.00)
PROBLEM-0-LEMMA-1
ACL2 !>(defthm problem-0
(equal (how-many e (splice x e y))
(* (how-many e x)
(how-many e y))))
*1 (the initial Goal, a key checkpoint) is pushed for
proof by induction.
Perhaps we can prove *1 by induction. Three induction
schemes are suggested by this conjecture. Subsumption
reduces that number to two. However, one of these is
flawed and so we are left with one viable candidate.
We will induct according to a scheme suggested by
(SPLICE X E Y). This suggestion was produced using
the :induction rules HOW-MANY and SPLICE. If we let
(:P E X Y) denote *1 above then the induction scheme
we'll use is
(AND (IMPLIES (AND (NOT (ENDP Y))
(NOT (EQUAL E (CAR Y)))
(:P E X (CDR Y)))
(:P E X Y))
(IMPLIES (AND (NOT (ENDP Y))
(EQUAL E (CAR Y))
(:P E X (CDR Y)))
(:P E X Y))
(IMPLIES (ENDP Y) (:P E X Y))).
This induction is justified by the same argument used
to admit SPLICE. When applied to the goal at hand the
above induction scheme produces three nontautological
subgoals.
Subgoal *1/3
Subgoal *1/3'
Subgoal *1/2
Subgoal *1/2'
Subgoal *1/1
Subgoal *1/1'
*1 is COMPLETED!
Thus key checkpoint Goal is COMPLETED!
Q.E.D.
Summary
Form: ( DEFTHM PROBLEM-0 ...)
Rules: ((:DEFINITION ENDP)
(:DEFINITION FIX)
(:DEFINITION HOW-MANY)
(:DEFINITION NOT)
(:DEFINITION SPLICE)
(:EXECUTABLE-COUNTERPART CONSP)
(:FAKE-RUNE-FOR-TYPE-SET NIL)
(:INDUCTION HOW-MANY)
(:INDUCTION SPLICE)
(:REWRITE CAR-CONS)
(:REWRITE CDR-CONS)
(:REWRITE COMMUTATIVITY-OF-*)
(:REWRITE DISTRIBUTIVITY)
(:REWRITE PROBLEM-0-LEMMA-1)
(:REWRITE UNICITY-OF-1)
(:TYPE-PRESCRIPTION HOW-MANY))
Time: 0.01 seconds (prove: 0.01, print: 0.00, other: 0.00)
PROBLEM-0
ACL2 !>(quote (the end))
(THE END)
ACL2 !>