(BOOT-STRAP NQTHM)
[ 0.0 0.1 0.0 ]
GROUND-ZERO
(DEFN LENGTH
(X)
(IF (LISTP X)
(ADD1 (LENGTH (CDR X)))
0))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, LENGTH is accepted under the principle of definition.
From the definition we can conclude that (NUMBERP (LENGTH X)) is a theorem.
[ 0.0 0.0 0.0 ]
LENGTH
(PROVE-LEMMA LENGTH-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (LENGTH X) 0)))
This conjecture can be simplified, using the abbreviations NLISTP and IMPLIES,
to the conjecture:
(IMPLIES (NOT (LISTP X))
(EQUAL (LENGTH X) 0)).
This simplifies, expanding LENGTH and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
LENGTH-NLISTP
(PROVE-LEMMA LENGTH-CONS
(REWRITE)
(EQUAL (LENGTH (CONS A X))
(ADD1 (LENGTH X))))
This formula simplifies, applying the lemma CDR-CONS, and expanding the
definition of LENGTH, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
LENGTH-CONS
(PROVE-LEMMA LENGTH-APPEND
(REWRITE)
(EQUAL (LENGTH (APPEND X Y))
(PLUS (LENGTH X) (LENGTH Y))))
Call the conjecture *1.
Perhaps we can prove it by induction. Three inductions are suggested by
terms in the conjecture. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to two
new goals:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (LENGTH (APPEND (CDR X) Y))
(PLUS (LENGTH (CDR X)) (LENGTH Y))))
(EQUAL (LENGTH (APPEND X Y))
(PLUS (LENGTH X) (LENGTH Y)))),
which simplifies, applying the lemmas LENGTH-CONS and SUB1-ADD1, and opening
up the definitions of APPEND, LENGTH, and PLUS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (LENGTH (APPEND X Y))
(PLUS (LENGTH X) (LENGTH Y)))),
which simplifies, rewriting with LENGTH-NLISTP, and opening up the functions
APPEND, EQUAL, and PLUS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
LENGTH-APPEND
(DISABLE LENGTH)
[ 0.0 0.0 0.0 ]
LENGTH-OFF
(PROVE-LEMMA APPEND-ASSOC
(REWRITE)
(EQUAL (APPEND (APPEND X Y) Z)
(APPEND X (APPEND Y Z))))
Call the conjecture *1.
Perhaps we can prove it by induction. Three inductions are suggested by
terms in the conjecture. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y Z))
(p X Y Z))
(IMPLIES (NOT (LISTP X)) (p X Y Z))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to two
new goals:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (APPEND (APPEND (CDR X) Y) Z)
(APPEND (CDR X) (APPEND Y Z))))
(EQUAL (APPEND (APPEND X Y) Z)
(APPEND X (APPEND Y Z)))),
which simplifies, applying the lemmas CDR-CONS and CAR-CONS, and opening up
the definition of APPEND, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (APPEND (APPEND X Y) Z)
(APPEND X (APPEND Y Z)))),
which simplifies, unfolding the function APPEND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
APPEND-ASSOC
(PROVE-LEMMA MEMBER-CONS
(REWRITE)
(EQUAL (MEMBER A (CONS X L))
(OR (EQUAL A X) (MEMBER A L))))
This simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and opening up
the definitions of MEMBER and OR, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-CONS
(PROVE-LEMMA MEMBER-NLISTP
(REWRITE)
(IMPLIES (NLISTP L)
(NOT (MEMBER A L))))
This conjecture can be simplified, using the abbreviations NOT, NLISTP, and
IMPLIES, to:
(IMPLIES (NOT (LISTP L))
(NOT (MEMBER A L))).
This simplifies, unfolding the definition of MEMBER, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-NLISTP
(DISABLE MEMBER)
[ 0.0 0.0 0.0 ]
MEMBER-OFF
(DEFN SUBSETP
(X Y)
(IF (NLISTP X)
T
(AND (MEMBER (CAR X) Y)
(SUBSETP (CDR X) Y))))
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the
definition of NLISTP inform us that the measure (COUNT X) decreases according
to the well-founded relation LESSP in each recursive call. Hence, SUBSETP is
accepted under the principle of definition. Note that:
(OR (FALSEP (SUBSETP X Y))
(TRUEP (SUBSETP X Y)))
is a theorem.
[ 0.0 0.0 0.0 ]
SUBSETP
(DEFN SUBSETP-WIT
(X Y)
(IF (NLISTP X)
T
(IF (MEMBER (CAR X) Y)
(SUBSETP-WIT (CDR X) Y)
(CAR X))))
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the
definition of NLISTP inform us that the measure (COUNT X) decreases according
to the well-founded relation LESSP in each recursive call. Hence, SUBSETP-WIT
is accepted under the definitional principle.
[ 0.0 0.0 0.0 ]
SUBSETP-WIT
(PROVE-LEMMA SUBSETP-WIT-WITNESSES
(REWRITE)
(EQUAL (SUBSETP X Y)
(NOT (AND (MEMBER (SUBSETP-WIT X Y) X)
(NOT (MEMBER (SUBSETP-WIT X Y) Y))))))
This formula simplifies, opening up the definitions of NOT and AND, to the
following three new formulas:
Case 3. (IMPLIES (AND (MEMBER (SUBSETP-WIT X Y) X)
(NOT (MEMBER (SUBSETP-WIT X Y) Y)))
(EQUAL (SUBSETP X Y) F)).
This again simplifies, obviously, to the new goal:
(IMPLIES (AND (MEMBER (SUBSETP-WIT X Y) X)
(NOT (MEMBER (SUBSETP-WIT X Y) Y)))
(NOT (SUBSETP X Y))),
which we will name *1.
Case 2. (IMPLIES (NOT (MEMBER (SUBSETP-WIT X Y) X))
(EQUAL (SUBSETP X Y) T)).
This again simplifies, trivially, to:
(IMPLIES (NOT (MEMBER (SUBSETP-WIT X Y) X))
(SUBSETP X Y)),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (SUBSETP X Y)
(NOT (AND (MEMBER (SUBSETP-WIT X Y) X)
(NOT (MEMBER (SUBSETP-WIT X Y) Y))))),
named *1. Let us appeal to the induction principle. The recursive terms in
the conjecture suggest three inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p X Y))
(IMPLIES (AND (NOT (NLISTP X))
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (NOT (NLISTP X))
(NOT (MEMBER (CAR X) Y)))
(p X Y))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to prove that the measure (COUNT X) decreases according to
the well-founded relation LESSP in each induction step of the scheme. The
above induction scheme leads to the following three new goals:
Case 3. (IMPLIES (NLISTP X)
(EQUAL (SUBSETP X Y)
(NOT (AND (MEMBER (SUBSETP-WIT X Y) X)
(NOT (MEMBER (SUBSETP-WIT X Y) Y)))))).
This simplifies, applying the lemma MEMBER-NLISTP, and opening up NLISTP,
SUBSETP, SUBSETP-WIT, NOT, AND, and EQUAL, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X))
(MEMBER (CAR X) Y)
(EQUAL (SUBSETP (CDR X) Y)
(NOT (AND (MEMBER (SUBSETP-WIT (CDR X) Y)
(CDR X))
(NOT (MEMBER (SUBSETP-WIT (CDR X) Y)
Y))))))
(EQUAL (SUBSETP X Y)
(NOT (AND (MEMBER (SUBSETP-WIT X Y) X)
(NOT (MEMBER (SUBSETP-WIT X Y) Y)))))).
This simplifies, expanding NLISTP, NOT, AND, SUBSETP, SUBSETP-WIT, and EQUAL,
to the following two new goals:
Case 2.2.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(MEMBER (SUBSETP-WIT (CDR X) Y)
(CDR X))
(NOT (MEMBER (SUBSETP-WIT (CDR X) Y) Y))
(EQUAL (SUBSETP (CDR X) Y) F))
(MEMBER (SUBSETP-WIT (CDR X) Y) X)).
This again simplifies, trivially, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(MEMBER (SUBSETP-WIT (CDR X) Y)
(CDR X))
(NOT (MEMBER (SUBSETP-WIT (CDR X) Y) Y))
(NOT (SUBSETP (CDR X) Y)))
(MEMBER (SUBSETP-WIT (CDR X) Y) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces the new conjecture:
(IMPLIES (AND (MEMBER Z Y)
(MEMBER (SUBSETP-WIT V Y) V)
(NOT (MEMBER (SUBSETP-WIT V Y) Y))
(NOT (SUBSETP V Y)))
(MEMBER (SUBSETP-WIT V Y)
(CONS Z V))),
which further simplifies, applying MEMBER-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER (SUBSETP-WIT (CDR X) Y)
(CDR X)))
(EQUAL (SUBSETP (CDR X) Y) T)
(MEMBER (SUBSETP-WIT (CDR X) Y) X))
(MEMBER (SUBSETP-WIT (CDR X) Y) Y)).
This again simplifies, trivially, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER (SUBSETP-WIT (CDR X) Y)
(CDR X)))
(SUBSETP (CDR X) Y)
(MEMBER (SUBSETP-WIT (CDR X) Y) X))
(MEMBER (SUBSETP-WIT (CDR X) Y) Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces:
(IMPLIES (AND (MEMBER Z Y)
(NOT (MEMBER (SUBSETP-WIT V Y) V))
(SUBSETP V Y)
(MEMBER (SUBSETP-WIT V Y) (CONS Z V)))
(MEMBER (SUBSETP-WIT V Y) Y)),
which further simplifies, applying MEMBER-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(NOT (MEMBER (CAR X) Y)))
(EQUAL (SUBSETP X Y)
(NOT (AND (MEMBER (SUBSETP-WIT X Y) X)
(NOT (MEMBER (SUBSETP-WIT X Y) Y)))))).
This simplifies, opening up the definitions of NLISTP, SUBSETP, SUBSETP-WIT,
NOT, and AND, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y)))
(MEMBER (CAR X) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (NOT (MEMBER Z Y))
(MEMBER Z (CONS Z V))),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-WIT-WITNESSES
(PROVE-LEMMA SUBSETP-WIT-WITNESSES-GENERAL-1
(REWRITE)
(IMPLIES (AND (NOT (MEMBER (SUBSETP-WIT X Y) X))
(MEMBER A X))
(MEMBER A Y)))
WARNING: Note that SUBSETP-WIT-WITNESSES-GENERAL-1 contains the free variable
X which will be chosen by instantiating the hypothesis:
(NOT (MEMBER (SUBSETP-WIT X Y) X)).
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p A Y X))
(IMPLIES (AND (NOT (NLISTP X))
(MEMBER (CAR X) Y)
(p A Y (CDR X)))
(p A Y X))
(IMPLIES (AND (NOT (NLISTP X))
(NOT (MEMBER (CAR X) Y)))
(p A Y X))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to show that the measure (COUNT X) decreases according to
the well-founded relation LESSP in each induction step of the scheme. The
above induction scheme generates the following four new conjectures:
Case 4. (IMPLIES (AND (NLISTP X)
(NOT (MEMBER (SUBSETP-WIT X Y) X))
(MEMBER A X))
(MEMBER A Y)).
This simplifies, appealing to the lemma MEMBER-NLISTP, and expanding the
functions NLISTP and SUBSETP-WIT, to:
T.
Case 3. (IMPLIES (AND (NOT (NLISTP X))
(MEMBER (CAR X) Y)
(MEMBER (SUBSETP-WIT (CDR X) Y)
(CDR X))
(NOT (MEMBER (SUBSETP-WIT X Y) X))
(MEMBER A X))
(MEMBER A Y)).
This simplifies, expanding the definitions of NLISTP and SUBSETP-WIT, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(MEMBER (SUBSETP-WIT (CDR X) Y)
(CDR X))
(NOT (MEMBER (SUBSETP-WIT (CDR X) Y) X))
(MEMBER A X))
(MEMBER A Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove the new conjecture:
(IMPLIES (AND (MEMBER Z Y)
(MEMBER (SUBSETP-WIT V Y) V)
(NOT (MEMBER (SUBSETP-WIT V Y) (CONS Z V)))
(MEMBER A (CONS Z V)))
(MEMBER A Y)),
which further simplifies, rewriting with the lemma MEMBER-CONS, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X))
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(NOT (MEMBER (SUBSETP-WIT X Y) X))
(MEMBER A X))
(MEMBER A Y)),
which simplifies, unfolding the functions NLISTP and SUBSETP-WIT, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(NOT (MEMBER (SUBSETP-WIT (CDR X) Y) X))
(MEMBER A X))
(MEMBER A Y)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). This generates:
(IMPLIES (AND (MEMBER Z Y)
(NOT (MEMBER A V))
(NOT (MEMBER (SUBSETP-WIT V Y) (CONS Z V)))
(MEMBER A (CONS Z V)))
(MEMBER A Y)).
This further simplifies, applying MEMBER-CONS, to:
(IMPLIES (AND (MEMBER Z Y)
(NOT (MEMBER A V))
(NOT (EQUAL (SUBSETP-WIT V Y) Z))
(NOT (MEMBER (SUBSETP-WIT V Y) V))
(EQUAL A Z))
(MEMBER A Y)),
which again simplifies, clearly, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(NOT (MEMBER (CAR X) Y))
(NOT (MEMBER (SUBSETP-WIT X Y) X))
(MEMBER A X))
(MEMBER A Y)).
This simplifies, opening up the functions NLISTP and SUBSETP-WIT, to the new
conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (MEMBER (CAR X) X))
(MEMBER A X))
(MEMBER A Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (MEMBER Z (CONS Z V)))
(MEMBER A (CONS Z V)))
(MEMBER A Y)),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-WIT-WITNESSES-GENERAL-1
(PROVE-LEMMA SUBSETP-WIT-WITNESSES-GENERAL-2
(REWRITE)
(IMPLIES (AND (MEMBER (SUBSETP-WIT X Y) Y)
(MEMBER A X))
(MEMBER A Y)))
WARNING: Note that SUBSETP-WIT-WITNESSES-GENERAL-2 contains the free variable
X which will be chosen by instantiating the hypothesis:
(MEMBER (SUBSETP-WIT X Y) Y).
Call the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p A Y X))
(IMPLIES (AND (NOT (NLISTP X))
(MEMBER (CAR X) Y)
(p A Y (CDR X)))
(p A Y X))
(IMPLIES (AND (NOT (NLISTP X))
(NOT (MEMBER (CAR X) Y)))
(p A Y X))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP inform us that the measure (COUNT X) decreases according to the
well-founded relation LESSP in each induction step of the scheme. The above
induction scheme generates four new goals:
Case 4. (IMPLIES (AND (NLISTP X)
(MEMBER (SUBSETP-WIT X Y) Y)
(MEMBER A X))
(MEMBER A Y)),
which simplifies, appealing to the lemma MEMBER-NLISTP, and unfolding NLISTP
and SUBSETP-WIT, to:
T.
Case 3. (IMPLIES (AND (NOT (NLISTP X))
(MEMBER (CAR X) Y)
(NOT (MEMBER (SUBSETP-WIT (CDR X) Y) Y))
(MEMBER (SUBSETP-WIT X Y) Y)
(MEMBER A X))
(MEMBER A Y)),
which simplifies, opening up NLISTP and SUBSETP-WIT, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X))
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(MEMBER (SUBSETP-WIT X Y) Y)
(MEMBER A X))
(MEMBER A Y)),
which simplifies, opening up the definitions of NLISTP and SUBSETP-WIT, to
the goal:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(MEMBER (SUBSETP-WIT (CDR X) Y) Y)
(MEMBER A X))
(MEMBER A Y)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). We must thus prove:
(IMPLIES (AND (MEMBER Z Y)
(NOT (MEMBER A V))
(MEMBER (SUBSETP-WIT V Y) Y)
(MEMBER A (CONS Z V)))
(MEMBER A Y)).
But this further simplifies, appealing to the lemma MEMBER-CONS, to:
(IMPLIES (AND (MEMBER Z Y)
(NOT (MEMBER A V))
(MEMBER (SUBSETP-WIT V Y) Y)
(EQUAL A Z))
(MEMBER A Y)).
This again simplifies, trivially, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(NOT (MEMBER (CAR X) Y))
(MEMBER (SUBSETP-WIT X Y) Y)
(MEMBER A X))
(MEMBER A Y)).
This simplifies, opening up the functions NLISTP and SUBSETP-WIT, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-WIT-WITNESSES-GENERAL-2
(DISABLE SUBSETP-WIT-WITNESSES)
[ 0.0 0.0 0.0 ]
SUBSETP-WIT-WITNESSES-OFF
(DISABLE SUBSETP-WIT-WITNESSES-GENERAL-1)
[ 0.0 0.0 0.0 ]
SUBSETP-WIT-WITNESSES-GENERAL-1-OFF
(DISABLE SUBSETP-WIT-WITNESSES-GENERAL-2)
[ 0.0 0.0 0.0 ]
SUBSETP-WIT-WITNESSES-GENERAL-2-OFF
(PROVE-LEMMA SUBSETP-CONS-1
(REWRITE)
(EQUAL (SUBSETP (CONS A X) Y)
(AND (MEMBER A Y) (SUBSETP X Y))))
This simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and opening up
the definitions of SUBSETP and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-CONS-1
(PROVE-LEMMA SUBSETP-CONS-2
(REWRITE)
(IMPLIES (SUBSETP L M)
(SUBSETP L (CONS A M))))
Give the conjecture the name *1.
Let us appeal to the induction principle. Two inductions are suggested
by terms in the conjecture. However, they merge into one likely candidate
induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP L) (p L A M))
(IMPLIES (AND (NOT (NLISTP L)) (p (CDR L) A M))
(p L A M))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP establish that the measure (COUNT L) decreases according to the
well-founded relation LESSP in each induction step of the scheme. The above
induction scheme generates three new conjectures:
Case 3. (IMPLIES (AND (NLISTP L) (SUBSETP L M))
(SUBSETP L (CONS A M))),
which simplifies, expanding the functions NLISTP and SUBSETP, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP L))
(NOT (SUBSETP (CDR L) M))
(SUBSETP L M))
(SUBSETP L (CONS A M))),
which simplifies, opening up the functions NLISTP and SUBSETP, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP L))
(SUBSETP (CDR L) (CONS A M))
(SUBSETP L M))
(SUBSETP L (CONS A M))),
which simplifies, applying the lemma MEMBER-CONS, and opening up NLISTP and
SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-CONS-2
(PROVE-LEMMA SUBSETP-REFLEXIVITY
(REWRITE)
(SUBSETP X X))
Give the conjecture the name *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p X))
(IMPLIES (AND (NOT (NLISTP X)) (p (CDR X)))
(p X))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP inform us that the measure (COUNT X) decreases according to the
well-founded relation LESSP in each induction step of the scheme. The above
induction scheme generates the following two new formulas:
Case 2. (IMPLIES (NLISTP X) (SUBSETP X X)).
This simplifies, expanding the functions NLISTP and SUBSETP, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(SUBSETP (CDR X) (CDR X)))
(SUBSETP X X)).
This simplifies, opening up the functions NLISTP and SUBSETP, to the
following two new formulas:
Case 1.2.
(IMPLIES (AND (LISTP X)
(SUBSETP (CDR X) (CDR X)))
(MEMBER (CAR X) X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (SUBSETP Z Z)
(MEMBER V (CONS V Z))).
This further simplifies, appealing to the lemma MEMBER-CONS, to:
T.
Case 1.1.
(IMPLIES (AND (LISTP X)
(SUBSETP (CDR X) (CDR X)))
(SUBSETP (CDR X) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain:
(IMPLIES (SUBSETP Z Z)
(SUBSETP Z (CONS V Z))),
which further simplifies, applying SUBSETP-CONS-2, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-REFLEXIVITY
(PROVE-LEMMA CDR-SUBSETP
(REWRITE)
(SUBSETP (CDR X) X))
.
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate (CDR X)
and (CAR X). We would thus like to prove the following two new conjectures:
Case 2. (IMPLIES (NOT (LISTP X))
(SUBSETP (CDR X) X)).
This simplifies, applying CDR-NLISTP, and expanding LISTP and SUBSETP, to:
T.
Case 1. (SUBSETP Z (CONS V Z)).
But this simplifies, rewriting with the lemmas SUBSETP-REFLEXIVITY and
SUBSETP-CONS-2, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
CDR-SUBSETP
(PROVE-LEMMA MEMBER-SUBSETP
(REWRITE)
(IMPLIES (AND (MEMBER X Y) (SUBSETP Y Z))
(MEMBER X Z)))
WARNING: Note that MEMBER-SUBSETP contains the free variable Y which will be
chosen by instantiating the hypothesis (MEMBER X Y).
Call the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP Y) (p X Z Y))
(IMPLIES (AND (NOT (NLISTP Y)) (p X Z (CDR Y)))
(p X Z Y))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to prove that the measure (COUNT Y) decreases according to
the well-founded relation LESSP in each induction step of the scheme. The
above induction scheme leads to three new goals:
Case 3. (IMPLIES (AND (NLISTP Y)
(MEMBER X Y)
(SUBSETP Y Z))
(MEMBER X Z)),
which simplifies, applying the lemma MEMBER-NLISTP, and opening up the
definition of NLISTP, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP Y))
(NOT (MEMBER X (CDR Y)))
(MEMBER X Y)
(SUBSETP Y Z))
(MEMBER X Z)),
which simplifies, unfolding the functions NLISTP and SUBSETP, to the goal:
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER X (CDR Y)))
(MEMBER X Y)
(MEMBER (CAR Y) Z)
(SUBSETP (CDR Y) Z))
(MEMBER X Z)).
Appealing to the lemma CAR-CDR-ELIM, we now replace Y by (CONS W V) to
eliminate (CDR Y) and (CAR Y). This generates the goal:
(IMPLIES (AND (NOT (MEMBER X V))
(MEMBER X (CONS W V))
(MEMBER W Z)
(SUBSETP V Z))
(MEMBER X Z)).
This further simplifies, applying the lemma MEMBER-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP Y))
(NOT (SUBSETP (CDR Y) Z))
(MEMBER X Y)
(SUBSETP Y Z))
(MEMBER X Z)),
which simplifies, expanding the definitions of NLISTP and SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-SUBSETP
(PROVE-LEMMA SUBSETP-IS-TRANSITIVE
(REWRITE)
(IMPLIES (AND (SUBSETP X Y) (SUBSETP Y Z))
(SUBSETP X Z)))
WARNING: Note that SUBSETP-IS-TRANSITIVE contains the free variable Y which
will be chosen by instantiating the hypothesis (SUBSETP X Y).
Call the conjecture *1.
Perhaps we can prove it by induction. Three inductions are suggested by
terms in the conjecture. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (NLISTP X) (p X Z Y))
(IMPLIES (AND (NOT (NLISTP X)) (p (CDR X) Z Y))
(p X Z Y))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to prove that the measure (COUNT X) decreases according to
the well-founded relation LESSP in each induction step of the scheme. The
above induction scheme leads to three new goals:
Case 3. (IMPLIES (AND (NLISTP X)
(SUBSETP X Y)
(SUBSETP Y Z))
(SUBSETP X Z)),
which simplifies, opening up the definitions of NLISTP and SUBSETP, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y)
(SUBSETP Y Z))
(SUBSETP X Z)),
which simplifies, expanding NLISTP and SUBSETP, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(SUBSETP (CDR X) Z)
(SUBSETP X Y)
(SUBSETP Y Z))
(SUBSETP X Z)),
which simplifies, applying the lemma MEMBER-SUBSETP, and opening up the
functions NLISTP and SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-IS-TRANSITIVE
(PROVE-LEMMA MEMBER-APPEND
(REWRITE)
(EQUAL (MEMBER A (APPEND X Y))
(OR (MEMBER A X) (MEMBER A Y))))
This simplifies, opening up the function OR, to two new conjectures:
Case 2. (IMPLIES (NOT (MEMBER A X))
(EQUAL (MEMBER A (APPEND X Y))
(MEMBER A Y))),
which we will name *1.
Case 1. (IMPLIES (MEMBER A X)
(EQUAL (MEMBER A (APPEND X Y)) T)).
This again simplifies, trivially, to the new formula:
(IMPLIES (MEMBER A X)
(MEMBER A (APPEND X Y))),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (MEMBER A (APPEND X Y))
(OR (MEMBER A X) (MEMBER A Y))).
We named this *1. We will try to prove it by induction. There is only one
suggested induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p A (CDR X) Y))
(p A X Y))
(IMPLIES (NOT (LISTP X)) (p A X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates two new conjectures:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (MEMBER A (APPEND (CDR X) Y))
(OR (MEMBER A (CDR X)) (MEMBER A Y))))
(EQUAL (MEMBER A (APPEND X Y))
(OR (MEMBER A X) (MEMBER A Y)))),
which simplifies, applying MEMBER-CONS, CDR-SUBSETP, and MEMBER-SUBSETP, and
unfolding OR, APPEND, and EQUAL, to the following two new goals:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(EQUAL (MEMBER A (APPEND (CDR X) Y))
(MEMBER A Y))
(NOT (MEMBER A X))
(EQUAL A (CAR X)))
(EQUAL T (MEMBER A Y))).
This again simplifies, obviously, to the new conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(NOT (MEMBER (CAR X) (APPEND (CDR X) Y)))
(NOT (MEMBER (CAR X) X)))
(MEMBER (CAR X) Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove the new conjecture:
(IMPLIES (AND (NOT (MEMBER Z V))
(NOT (MEMBER Z (APPEND V Y)))
(NOT (MEMBER Z (CONS Z V))))
(MEMBER Z Y)),
which further simplifies, applying MEMBER-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(EQUAL (MEMBER A (APPEND (CDR X) Y))
(MEMBER A Y))
(MEMBER A X)
(NOT (EQUAL A (CAR X))))
(EQUAL (MEMBER A Y) T)).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(NOT (MEMBER A (APPEND (CDR X) Y)))
(MEMBER A X)
(NOT (EQUAL A (CAR X))))
(MEMBER A Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER A Z))
(NOT (MEMBER A (APPEND Z Y)))
(MEMBER A (CONS V Z))
(NOT (EQUAL A V)))
(MEMBER A Y)),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (MEMBER A (APPEND X Y))
(OR (MEMBER A X) (MEMBER A Y)))).
This simplifies, rewriting with MEMBER-NLISTP, and unfolding APPEND and OR,
to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-APPEND
(PROVE-LEMMA SUBSETP-APPEND
(REWRITE)
(EQUAL (SUBSETP (APPEND X Y) Z)
(AND (SUBSETP X Z) (SUBSETP Y Z))))
This simplifies, opening up the function AND, to two new conjectures:
Case 2. (IMPLIES (NOT (SUBSETP X Z))
(EQUAL (SUBSETP (APPEND X Y) Z) F)),
which again simplifies, clearly, to:
(IMPLIES (NOT (SUBSETP X Z))
(NOT (SUBSETP (APPEND X Y) Z))),
which we will name *1.
Case 1. (IMPLIES (SUBSETP X Z)
(EQUAL (SUBSETP (APPEND X Y) Z)
(SUBSETP Y Z))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(EQUAL (SUBSETP (APPEND X Y) Z)
(AND (SUBSETP X Z) (SUBSETP Y Z))),
which we named *1 above. We will appeal to induction. There are three
plausible inductions. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y Z))
(p X Y Z))
(IMPLIES (NOT (LISTP X)) (p X Y Z))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme produces two new
conjectures:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (SUBSETP (APPEND (CDR X) Y) Z)
(AND (SUBSETP (CDR X) Z)
(SUBSETP Y Z))))
(EQUAL (SUBSETP (APPEND X Y) Z)
(AND (SUBSETP X Z) (SUBSETP Y Z)))),
which simplifies, applying the lemma SUBSETP-CONS-1, and expanding AND,
APPEND, SUBSETP, and EQUAL, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (SUBSETP (APPEND X Y) Z)
(AND (SUBSETP X Z) (SUBSETP Y Z)))),
which simplifies, opening up the definitions of APPEND, SUBSETP, and AND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-APPEND
(PROVE-LEMMA SUBSETP-OF-APPEND-SUFFICIENCY
(REWRITE)
(IMPLIES (OR (SUBSETP A B) (SUBSETP A C))
(SUBSETP A (APPEND B C))))
This simplifies, opening up the function OR, to two new conjectures:
Case 2. (IMPLIES (SUBSETP A B)
(SUBSETP A (APPEND B C))),
which we will name *1.
Case 1. (IMPLIES (SUBSETP A C)
(SUBSETP A (APPEND B C))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(AND (IMPLIES (SUBSETP A C)
(SUBSETP A (APPEND B C)))
(IMPLIES (SUBSETP A B)
(SUBSETP A (APPEND B C)))),
which we named *1 above. We will appeal to induction. The recursive terms in
the conjecture suggest six inductions. They merge into two likely candidate
inductions. However, only one is unflawed. We will induct according to the
following scheme:
(AND (IMPLIES (NLISTP A) (p A B C))
(IMPLIES (AND (NOT (NLISTP A)) (p (CDR A) B C))
(p A B C))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to show that the measure (COUNT A) decreases according to
the well-founded relation LESSP in each induction step of the scheme. The
above induction scheme leads to six new formulas:
Case 6. (IMPLIES (AND (NLISTP A) (SUBSETP A C))
(SUBSETP A (APPEND B C))),
which simplifies, opening up the definitions of NLISTP and SUBSETP, to:
T.
Case 5. (IMPLIES (AND (NOT (NLISTP A))
(NOT (SUBSETP (CDR A) C))
(NOT (SUBSETP (CDR A) B))
(SUBSETP A C))
(SUBSETP A (APPEND B C))),
which simplifies, opening up the definitions of NLISTP and SUBSETP, to:
T.
Case 4. (IMPLIES (AND (NOT (NLISTP A))
(SUBSETP (CDR A) (APPEND B C))
(SUBSETP A C))
(SUBSETP A (APPEND B C))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
MEMBER-APPEND, and opening up the functions NLISTP and SUBSETP, to:
T.
Case 3. (IMPLIES (AND (NLISTP A) (SUBSETP A B))
(SUBSETP A (APPEND B C))).
This simplifies, opening up NLISTP and SUBSETP, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP A))
(NOT (SUBSETP (CDR A) C))
(NOT (SUBSETP (CDR A) B))
(SUBSETP A B))
(SUBSETP A (APPEND B C))).
This simplifies, expanding the functions NLISTP and SUBSETP, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP A))
(SUBSETP (CDR A) (APPEND B C))
(SUBSETP A B))
(SUBSETP A (APPEND B C))).
This simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and MEMBER-APPEND, and expanding the functions NLISTP and SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-OF-APPEND-SUFFICIENCY
(PROVE-LEMMA SUBSETP-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(AND (SUBSETP X Y)
(EQUAL (SUBSETP Y X) (NLISTP Y)))))
WARNING: Note that the proposed lemma SUBSETP-NLISTP is to be stored as zero
type prescription rules, zero compound recognizer rules, zero linear rules,
and two replacement rules.
This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to:
(IMPLIES (NOT (LISTP X))
(AND (SUBSETP X Y)
(EQUAL (SUBSETP Y X) (NLISTP Y)))),
which simplifies, rewriting with MEMBER-NLISTP, and expanding the definitions
of SUBSETP, NLISTP, and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-NLISTP
(PROVE-LEMMA SUBSETP-CONS-NOT-MEMBER
(REWRITE)
(IMPLIES (NOT (MEMBER Z X))
(EQUAL (SUBSETP X (CONS Z V))
(SUBSETP X V))))
Give the conjecture the name *1.
Let us appeal to the induction principle. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p X Z V))
(IMPLIES (AND (NOT (NLISTP X)) (p (CDR X) Z V))
(p X Z V))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to show that the measure (COUNT X) decreases according to
the well-founded relation LESSP in each induction step of the scheme. The
above induction scheme generates the following three new conjectures:
Case 3. (IMPLIES (AND (NLISTP X) (NOT (MEMBER Z X)))
(EQUAL (SUBSETP X (CONS Z V))
(SUBSETP X V))).
This simplifies, appealing to the lemmas MEMBER-NLISTP and SUBSETP-NLISTP,
and expanding the functions NLISTP and EQUAL, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X))
(MEMBER Z (CDR X))
(NOT (MEMBER Z X)))
(EQUAL (SUBSETP X (CONS Z V))
(SUBSETP X V))).
This simplifies, applying CDR-SUBSETP and MEMBER-SUBSETP, and expanding the
definition of NLISTP, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(EQUAL (SUBSETP (CDR X) (CONS Z V))
(SUBSETP (CDR X) V))
(NOT (MEMBER Z X)))
(EQUAL (SUBSETP X (CONS Z V))
(SUBSETP X V))),
which simplifies, applying MEMBER-CONS, and opening up NLISTP and SUBSETP,
to:
(IMPLIES (AND (LISTP X)
(EQUAL (SUBSETP (CDR X) (CONS Z V))
(SUBSETP (CDR X) V))
(NOT (MEMBER Z X))
(NOT (MEMBER (CAR X) V))
(EQUAL (CAR X) Z))
(EQUAL (SUBSETP (CDR X) V) F)),
which again simplifies, rewriting with the lemmas SUBSETP-CONS-2,
SUBSETP-REFLEXIVITY, and SUBSETP-IS-TRANSITIVE, and opening up EQUAL, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) X))
(NOT (MEMBER (CAR X) V)))
(NOT (SUBSETP (CDR X) V))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS W D) to
eliminate (CAR X) and (CDR X). This generates:
(IMPLIES (AND (NOT (MEMBER W (CONS W D)))
(NOT (MEMBER W V)))
(NOT (SUBSETP D V))).
This further simplifies, applying MEMBER-CONS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-CONS-NOT-MEMBER
(DISABLE SUBSETP)
[ 0.0 0.0 0.0 ]
SUBSETP-OFF
(DEFN PROPERP
(X)
(IF (LISTP X)
(PROPERP (CDR X))
(EQUAL X NIL)))
Linear arithmetic and the lemma CDR-LESSP can be used to establish that
the measure (COUNT X) decreases according to the well-founded relation LESSP
in each recursive call. Hence, PROPERP is accepted under the principle of
definition. From the definition we can conclude that:
(OR (FALSEP (PROPERP X))
(TRUEP (PROPERP X)))
is a theorem.
[ 0.0 0.0 0.0 ]
PROPERP
(DEFN FIX-PROPERP
(X)
(IF (LISTP X)
(CONS (CAR X) (FIX-PROPERP (CDR X)))
NIL))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, FIX-PROPERP is accepted under the definitional
principle. From the definition we can conclude that:
(OR (LITATOM (FIX-PROPERP X))
(LISTP (FIX-PROPERP X)))
is a theorem.
[ 0.0 0.0 0.0 ]
FIX-PROPERP
(PROVE-LEMMA PROPERP-FIX-PROPERP
(REWRITE)
(PROPERP (FIX-PROPERP X)))
Call the conjecture *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X)))
(p X))
(IMPLIES (NOT (LISTP X)) (p X))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to two new goals:
Case 2. (IMPLIES (AND (LISTP X)
(PROPERP (FIX-PROPERP (CDR X))))
(PROPERP (FIX-PROPERP X))),
which simplifies, applying CDR-CONS, and expanding the functions FIX-PROPERP
and PROPERP, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(PROPERP (FIX-PROPERP X))).
This simplifies, expanding FIX-PROPERP and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.2 ]
PROPERP-FIX-PROPERP
(PROVE-LEMMA FIX-PROPERP-PROPERP
(REWRITE)
(IMPLIES (PROPERP X)
(EQUAL (FIX-PROPERP X) X)))
Call the conjecture *1.
We will try to prove it by induction. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X)))
(p X))
(IMPLIES (NOT (LISTP X)) (p X))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following three new formulas:
Case 3. (IMPLIES (AND (LISTP X)
(NOT (PROPERP (CDR X)))
(PROPERP X))
(EQUAL (FIX-PROPERP X) X)).
This simplifies, expanding the definition of PROPERP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (FIX-PROPERP (CDR X)) (CDR X))
(PROPERP X))
(EQUAL (FIX-PROPERP X) X)).
This simplifies, appealing to the lemma CONS-CAR-CDR, and opening up PROPERP
and FIX-PROPERP, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (PROPERP X))
(EQUAL (FIX-PROPERP X) X)).
This simplifies, unfolding PROPERP, FIX-PROPERP, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
FIX-PROPERP-PROPERP
(PROVE-LEMMA PROPERP-CONS
(REWRITE)
(EQUAL (PROPERP (CONS X Y))
(PROPERP Y)))
This simplifies, rewriting with CDR-CONS, and unfolding PROPERP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-CONS
(PROVE-LEMMA PROPERP-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (PROPERP X) (EQUAL X NIL))))
This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to:
(IMPLIES (NOT (LISTP X))
(EQUAL (PROPERP X) (EQUAL X NIL))),
which simplifies, opening up PROPERP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-NLISTP
(PROVE-LEMMA FIX-PROPERP-CONS
(REWRITE)
(EQUAL (FIX-PROPERP (CONS X Y))
(CONS X (FIX-PROPERP Y))))
This conjecture simplifies, applying CDR-CONS and CAR-CONS, and unfolding the
function FIX-PROPERP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
FIX-PROPERP-CONS
(PROVE-LEMMA FIX-PROPERP-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (FIX-PROPERP X) NIL)))
This conjecture can be simplified, using the abbreviations NLISTP and IMPLIES,
to the conjecture:
(IMPLIES (NOT (LISTP X))
(EQUAL (FIX-PROPERP X) NIL)).
This simplifies, expanding FIX-PROPERP and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
FIX-PROPERP-NLISTP
(PROVE-LEMMA PROPERP-APPEND
(REWRITE)
(EQUAL (PROPERP (APPEND X Y))
(PROPERP Y)))
Call the conjecture *1.
We will try to prove it by induction. The recursive terms in the
conjecture suggest two inductions. However, only one is unflawed. We will
induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following two new formulas:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (PROPERP (APPEND (CDR X) Y))
(PROPERP Y)))
(EQUAL (PROPERP (APPEND X Y))
(PROPERP Y))).
This simplifies, applying PROPERP-CONS, and expanding the function APPEND,
to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (PROPERP (APPEND X Y))
(PROPERP Y))),
which simplifies, opening up the function APPEND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-APPEND
(PROVE-LEMMA FIX-PROPERP-APPEND
(REWRITE)
(EQUAL (FIX-PROPERP (APPEND X Y))
(APPEND X (FIX-PROPERP Y))))
Name the conjecture *1.
We will appeal to induction. The recursive terms in the conjecture
suggest three inductions. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following two new
formulas:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (FIX-PROPERP (APPEND (CDR X) Y))
(APPEND (CDR X) (FIX-PROPERP Y))))
(EQUAL (FIX-PROPERP (APPEND X Y))
(APPEND X (FIX-PROPERP Y)))).
This simplifies, applying FIX-PROPERP-CONS, and expanding APPEND, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (FIX-PROPERP (APPEND X Y))
(APPEND X (FIX-PROPERP Y)))),
which simplifies, expanding the definition of APPEND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
FIX-PROPERP-APPEND
(PROVE-LEMMA APPEND-NIL
(REWRITE)
(EQUAL (APPEND X NIL)
(FIX-PROPERP X)))
Call the conjecture *1.
We will try to prove it by induction. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X)))
(p X))
(IMPLIES (NOT (LISTP X)) (p X))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following two new formulas:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (APPEND (CDR X) NIL)
(FIX-PROPERP (CDR X))))
(EQUAL (APPEND X NIL)
(FIX-PROPERP X))).
This simplifies, expanding the definitions of APPEND and FIX-PROPERP, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (APPEND X NIL)
(FIX-PROPERP X))).
This simplifies, appealing to the lemma FIX-PROPERP-NLISTP, and opening up
APPEND and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
APPEND-NIL
(DEFN DELETE
(X L)
(IF (LISTP L)
(IF (EQUAL X (CAR L))
(CDR L)
(CONS (CAR L) (DELETE X (CDR L))))
L))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT L) decreases according to the well-founded relation LESSP in each
recursive call. Hence, DELETE is accepted under the principle of definition.
[ 0.0 0.0 0.0 ]
DELETE
(PROVE-LEMMA PROPERP-DELETE
(REWRITE)
(EQUAL (PROPERP (DELETE X L))
(PROPERP L)))
Call the conjecture *1.
We will try to prove it by induction. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP L) (EQUAL X (CAR L)))
(p X L))
(IMPLIES (AND (LISTP L)
(NOT (EQUAL X (CAR L)))
(p X (CDR L)))
(p X L))
(IMPLIES (NOT (LISTP L)) (p X L))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT L) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following three new formulas:
Case 3. (IMPLIES (AND (LISTP L) (EQUAL X (CAR L)))
(EQUAL (PROPERP (DELETE X L))
(PROPERP L))).
This simplifies, expanding the definitions of DELETE and PROPERP, to:
T.
Case 2. (IMPLIES (AND (LISTP L)
(NOT (EQUAL X (CAR L)))
(EQUAL (PROPERP (DELETE X (CDR L)))
(PROPERP (CDR L))))
(EQUAL (PROPERP (DELETE X L))
(PROPERP L))).
This simplifies, appealing to the lemma PROPERP-CONS, and opening up DELETE
and PROPERP, to:
T.
Case 1. (IMPLIES (NOT (LISTP L))
(EQUAL (PROPERP (DELETE X L))
(PROPERP L))).
This simplifies, rewriting with PROPERP-NLISTP, and unfolding the definition
of DELETE, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-DELETE
(DEFN DISJOINT
(X Y)
(IF (LISTP X)
(AND (NOT (MEMBER (CAR X) Y))
(DISJOINT (CDR X) Y))
T))
Linear arithmetic and the lemma CDR-LESSP establish that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, DISJOINT is accepted under the principle of definition.
From the definition we can conclude that:
(OR (FALSEP (DISJOINT X Y))
(TRUEP (DISJOINT X Y)))
is a theorem.
[ 0.0 0.0 0.0 ]
DISJOINT
(DEFN DISJOINT-WIT
(X Y)
(IF (LISTP X)
(IF (MEMBER (CAR X) Y)
(CAR X)
(DISJOINT-WIT (CDR X) Y))
T))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, DISJOINT-WIT is accepted under the definitional
principle.
[ 0.0 0.0 0.0 ]
DISJOINT-WIT
(PROVE-LEMMA DISJOINT-WIT-WITNESSES
(REWRITE)
(EQUAL (DISJOINT X Y)
(NOT (AND (MEMBER (DISJOINT-WIT X Y) X)
(MEMBER (DISJOINT-WIT X Y) Y)))))
This formula simplifies, opening up AND and NOT, to the following three new
formulas:
Case 3. (IMPLIES (NOT (MEMBER (DISJOINT-WIT X Y) X))
(EQUAL (DISJOINT X Y) T)).
This again simplifies, trivially, to the new formula:
(IMPLIES (NOT (MEMBER (DISJOINT-WIT X Y) X))
(DISJOINT X Y)),
which we will name *1.
Case 2. (IMPLIES (NOT (MEMBER (DISJOINT-WIT X Y) Y))
(EQUAL (DISJOINT X Y) T)).
This again simplifies, clearly, to:
(IMPLIES (NOT (MEMBER (DISJOINT-WIT X Y) Y))
(DISJOINT X Y)),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (DISJOINT X Y)
(NOT (AND (MEMBER (DISJOINT-WIT X Y) X)
(MEMBER (DISJOINT-WIT X Y) Y)))).
We named this *1. We will try to prove it by induction. There are three
plausible inductions. However, they merge into one likely candidate induction.
We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (MEMBER (CAR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme generates the
following three new conjectures:
Case 3. (IMPLIES (AND (LISTP X) (MEMBER (CAR X) Y))
(EQUAL (DISJOINT X Y)
(NOT (AND (MEMBER (DISJOINT-WIT X Y) X)
(MEMBER (DISJOINT-WIT X Y) Y))))).
This simplifies, applying SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding the definitions of DISJOINT, DISJOINT-WIT, AND, and NOT, to:
(IMPLIES (AND (LISTP X) (MEMBER (CAR X) Y))
(MEMBER (CAR X) X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). This generates:
(IMPLIES (MEMBER Z Y)
(MEMBER Z (CONS Z V))).
This further simplifies, applying MEMBER-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (DISJOINT (CDR X) Y)
(NOT (AND (MEMBER (DISJOINT-WIT (CDR X) Y)
(CDR X))
(MEMBER (DISJOINT-WIT (CDR X) Y)
Y)))))
(EQUAL (DISJOINT X Y)
(NOT (AND (MEMBER (DISJOINT-WIT X Y) X)
(MEMBER (DISJOINT-WIT X Y) Y))))).
This simplifies, applying SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
unfolding the definitions of AND, NOT, DISJOINT, DISJOINT-WIT, and EQUAL, to
two new conjectures:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (MEMBER (DISJOINT-WIT (CDR X) Y)
(CDR X)))
(EQUAL (DISJOINT (CDR X) Y) T)
(MEMBER (DISJOINT-WIT (CDR X) Y) X))
(NOT (MEMBER (DISJOINT-WIT (CDR X) Y) Y))),
which again simplifies, clearly, to the new goal:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (MEMBER (DISJOINT-WIT (CDR X) Y)
(CDR X)))
(DISJOINT (CDR X) Y)
(MEMBER (DISJOINT-WIT (CDR X) Y) X))
(NOT (MEMBER (DISJOINT-WIT (CDR X) Y) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove the new goal:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (MEMBER (DISJOINT-WIT V Y) V))
(DISJOINT V Y)
(MEMBER (DISJOINT-WIT V Y)
(CONS Z V)))
(NOT (MEMBER (DISJOINT-WIT V Y) Y))),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(MEMBER (DISJOINT-WIT (CDR X) Y)
(CDR X))
(MEMBER (DISJOINT-WIT (CDR X) Y) Y)
(EQUAL (DISJOINT (CDR X) Y) F))
(MEMBER (DISJOINT-WIT (CDR X) Y) X)).
This again simplifies, obviously, to the new goal:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(MEMBER (DISJOINT-WIT (CDR X) Y)
(CDR X))
(MEMBER (DISJOINT-WIT (CDR X) Y) Y)
(NOT (DISJOINT (CDR X) Y)))
(MEMBER (DISJOINT-WIT (CDR X) Y) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces:
(IMPLIES (AND (NOT (MEMBER Z Y))
(MEMBER (DISJOINT-WIT V Y) V)
(MEMBER (DISJOINT-WIT V Y) Y)
(NOT (DISJOINT V Y)))
(MEMBER (DISJOINT-WIT V Y)
(CONS Z V))),
which further simplifies, appealing to the lemma MEMBER-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (DISJOINT X Y)
(NOT (AND (MEMBER (DISJOINT-WIT X Y) X)
(MEMBER (DISJOINT-WIT X Y) Y))))),
which simplifies, applying MEMBER-NLISTP, and opening up the definitions of
DISJOINT, DISJOINT-WIT, AND, NOT, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-WIT-WITNESSES
(DISABLE DISJOINT-WIT)
[ 0.0 0.0 0.0 ]
DISJOINT-WIT-OFF
(DISABLE DISJOINT-WIT-WITNESSES)
[ 0.0 0.0 0.0 ]
DISJOINT-WIT-WITNESSES-OFF
(DEFN INTERSECTION
(X Y)
(IF (LISTP X)
(IF (MEMBER (CAR X) Y)
(CONS (CAR X)
(INTERSECTION (CDR X) Y))
(INTERSECTION (CDR X) Y))
NIL))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, INTERSECTION is accepted under the definitional
principle. Observe that:
(OR (LITATOM (INTERSECTION X Y))
(LISTP (INTERSECTION X Y)))
is a theorem.
[ 0.0 0.0 0.0 ]
INTERSECTION
(PROVE-LEMMA PROPERP-INTERSECTION
(REWRITE)
(PROPERP (INTERSECTION X Y)))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(PROPERP (INTERSECTION (CDR X) Y)))
(PROPERP (INTERSECTION X Y))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
PROPERP-CONS, and expanding the function INTERSECTION, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(PROPERP (INTERSECTION (CDR X) Y)))
(PROPERP (INTERSECTION X Y))).
This simplifies, unfolding the definition of INTERSECTION, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(PROPERP (INTERSECTION X Y))).
This simplifies, expanding INTERSECTION and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-INTERSECTION
(DEFN SET-DIFF
(X Y)
(IF (LISTP X)
(IF (MEMBER (CAR X) Y)
(SET-DIFF (CDR X) Y)
(CONS (CAR X) (SET-DIFF (CDR X) Y)))
NIL))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, SET-DIFF is accepted under the definitional principle.
Observe that (OR (LITATOM (SET-DIFF X Y)) (LISTP (SET-DIFF X Y))) is a theorem.
[ 0.0 0.0 0.0 ]
SET-DIFF
(PROVE-LEMMA PROPERP-SET-DIFF
(REWRITE)
(PROPERP (SET-DIFF X Y)))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(PROPERP (SET-DIFF (CDR X) Y)))
(PROPERP (SET-DIFF X Y))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding the function SET-DIFF, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(PROPERP (SET-DIFF (CDR X) Y)))
(PROPERP (SET-DIFF X Y))).
This simplifies, rewriting with PROPERP-CONS, and expanding SET-DIFF, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(PROPERP (SET-DIFF X Y))),
which simplifies, unfolding SET-DIFF and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-SET-DIFF
(DEFN SETP
(X)
(IF (NOT (LISTP X))
(EQUAL X NIL)
(AND (NOT (MEMBER (CAR X) (CDR X)))
(SETP (CDR X)))))
Linear arithmetic and the lemma CDR-LESSP can be used to establish that
the measure (COUNT X) decreases according to the well-founded relation LESSP
in each recursive call. Hence, SETP is accepted under the principle of
definition. Note that (OR (FALSEP (SETP X)) (TRUEP (SETP X))) is a theorem.
[ 0.0 0.0 0.0 ]
SETP
(PROVE-LEMMA SETP-IMPLIES-PROPERP
(REWRITE)
(IMPLIES (SETP X) (PROPERP X)))
Call the conjecture *1.
Perhaps we can prove it by induction. There are two plausible inductions.
However, they merge into one likely candidate induction. We will induct
according to the following scheme:
(AND (IMPLIES (NOT (LISTP X)) (p X))
(IMPLIES (AND (LISTP X) (p (CDR X)))
(p X))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (AND (NOT (LISTP X)) (SETP X))
(PROPERP X)).
This simplifies, expanding the definitions of SETP and PROPERP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (SETP (CDR X)))
(SETP X))
(PROPERP X)).
This simplifies, expanding SETP, to:
T.
Case 1. (IMPLIES (AND (LISTP X)
(PROPERP (CDR X))
(SETP X))
(PROPERP X)).
This simplifies, unfolding the functions SETP and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SETP-IMPLIES-PROPERP
(DISABLE PROPERP)
[ 0.0 0.0 0.0 ]
PROPERP-OFF
(DEFTHEORY SET-DEFNS
(LENGTH PROPERP FIX-PROPERP MEMBER APPEND SUBSETP DELETE DISJOINT
INTERSECTION SET-DIFF SETP PROPERP))
[ 0.0 0.0 0.0 ]
SET-DEFNS
(PROVE-LEMMA DELETE-CONS
(REWRITE)
(EQUAL (DELETE A (CONS B X))
(IF (EQUAL A B)
X
(CONS B (DELETE A X)))))
This conjecture simplifies, rewriting with CDR-CONS and CAR-CONS, and
expanding the definition of DELETE, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DELETE-CONS
(PROVE-LEMMA DELETE-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (DELETE A X) X)))
This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to
the new conjecture:
(IMPLIES (NOT (LISTP X))
(EQUAL (DELETE A X) X)),
which simplifies, opening up DELETE, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DELETE-NLISTP
(PROVE-LEMMA LISTP-DELETE
(REWRITE)
(EQUAL (LISTP (DELETE X L))
(IF (LISTP L)
(OR (NOT (EQUAL X (CAR L)))
(LISTP (CDR L)))
F)))
This conjecture simplifies, opening up DELETE, NOT, and OR, to:
(IMPLIES (NOT (LISTP L))
(EQUAL (LISTP L) F)).
This again simplifies, clearly, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
LISTP-DELETE
(PROVE-LEMMA DELETE-NON-MEMBER
(REWRITE)
(IMPLIES (NOT (MEMBER X Y))
(EQUAL (DELETE X Y) Y)))
Give the conjecture the name *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Y) (EQUAL X (CAR Y)))
(p X Y))
(IMPLIES (AND (LISTP Y)
(NOT (EQUAL X (CAR Y)))
(p X (CDR Y)))
(p X Y))
(IMPLIES (NOT (LISTP Y)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT Y)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates four new goals:
Case 4. (IMPLIES (AND (LISTP Y)
(EQUAL X (CAR Y))
(NOT (MEMBER X Y)))
(EQUAL (DELETE X Y) Y)),
which simplifies, expanding DELETE, to the goal:
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Y)))
(EQUAL (CDR Y) Y)).
Appealing to the lemma CAR-CDR-ELIM, we now replace Y by (CONS Z V) to
eliminate (CAR Y) and (CDR Y). The result is the formula:
(IMPLIES (NOT (MEMBER Z (CONS Z V)))
(EQUAL V (CONS Z V))).
But this further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP Y)
(NOT (EQUAL X (CAR Y)))
(MEMBER X (CDR Y))
(NOT (MEMBER X Y)))
(EQUAL (DELETE X Y) Y)).
This simplifies, appealing to the lemmas CDR-SUBSETP and MEMBER-SUBSETP, to:
T.
Case 2. (IMPLIES (AND (LISTP Y)
(NOT (EQUAL X (CAR Y)))
(EQUAL (DELETE X (CDR Y)) (CDR Y))
(NOT (MEMBER X Y)))
(EQUAL (DELETE X Y) Y)).
This simplifies, applying CONS-CAR-CDR, and expanding DELETE, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP Y))
(NOT (MEMBER X Y)))
(EQUAL (DELETE X Y) Y)),
which simplifies, rewriting with MEMBER-NLISTP and DELETE-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DELETE-NON-MEMBER
(PROVE-LEMMA DELETE-DELETE
(REWRITE)
(EQUAL (DELETE Y (DELETE X Z))
(DELETE X (DELETE Y Z))))
Call the conjecture *1.
Perhaps we can prove it by induction. Two inductions are suggested by
terms in the conjecture. However, they merge into one likely candidate
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Z) (EQUAL X (CAR Z)))
(p Y X Z))
(IMPLIES (AND (LISTP Z)
(NOT (EQUAL X (CAR Z)))
(p Y X (CDR Z)))
(p Y X Z))
(IMPLIES (NOT (LISTP Z)) (p Y X Z))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT Z) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to three
new goals:
Case 3. (IMPLIES (AND (LISTP Z) (EQUAL X (CAR Z)))
(EQUAL (DELETE Y (DELETE X Z))
(DELETE X (DELETE Y Z)))),
which simplifies, opening up the definition of DELETE, to two new
conjectures:
Case 3.2.
(IMPLIES (AND (LISTP Z)
(NOT (EQUAL Y (CAR Z))))
(EQUAL (DELETE Y (CDR Z))
(DELETE (CAR Z)
(CONS (CAR Z) (DELETE Y (CDR Z)))))),
which again simplifies, rewriting with DELETE-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP Z) (EQUAL Y (CAR Z)))
(EQUAL (DELETE Y (CDR Z))
(DELETE (CAR Z) (CDR Z)))).
This again simplifies, trivially, to:
T.
Case 2. (IMPLIES (AND (LISTP Z)
(NOT (EQUAL X (CAR Z)))
(EQUAL (DELETE Y (DELETE X (CDR Z)))
(DELETE X (DELETE Y (CDR Z)))))
(EQUAL (DELETE Y (DELETE X Z))
(DELETE X (DELETE Y Z)))).
This simplifies, appealing to the lemma DELETE-CONS, and expanding the
function DELETE, to:
(IMPLIES (AND (LISTP Z)
(NOT (EQUAL X (CAR Z)))
(EQUAL (DELETE Y (DELETE X (CDR Z)))
(DELETE X (DELETE Y (CDR Z))))
(NOT (EQUAL Y (CAR Z))))
(EQUAL (CONS (CAR Z)
(DELETE X (DELETE Y (CDR Z))))
(DELETE X
(CONS (CAR Z) (DELETE Y (CDR Z)))))),
which again simplifies, applying the lemma DELETE-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP Z))
(EQUAL (DELETE Y (DELETE X Z))
(DELETE X (DELETE Y Z)))),
which simplifies, applying MEMBER-NLISTP and DELETE-NON-MEMBER, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DELETE-DELETE
(PROVE-LEMMA MEMBER-DELETE
(REWRITE)
(IMPLIES (SETP X)
(EQUAL (MEMBER A (DELETE B X))
(AND (NOT (EQUAL A B))
(MEMBER A X)))))
This formula simplifies, opening up the definitions of NOT and AND, to the
following two new formulas:
Case 2. (IMPLIES (AND (SETP X) (NOT (EQUAL A B)))
(EQUAL (MEMBER A (DELETE B X))
(MEMBER A X))).
Give the above formula the name *1.
Case 1. (IMPLIES (AND (SETP X) (EQUAL A B))
(EQUAL (MEMBER A (DELETE B X)) F)).
This again simplifies, obviously, to the new formula:
(IMPLIES (SETP X)
(NOT (MEMBER B (DELETE B X)))),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(IMPLIES (SETP X)
(EQUAL (MEMBER A (DELETE B X))
(AND (NOT (EQUAL A B))
(MEMBER A X)))),
named *1. Let us appeal to the induction principle. The recursive terms in
the conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (EQUAL B (CAR X)))
(p A B X))
(IMPLIES (AND (LISTP X)
(NOT (EQUAL B (CAR X)))
(p A B (CDR X)))
(p A B X))
(IMPLIES (NOT (LISTP X)) (p A B X))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to four new formulas:
Case 4. (IMPLIES (AND (LISTP X)
(EQUAL B (CAR X))
(SETP X))
(EQUAL (MEMBER A (DELETE B X))
(AND (NOT (EQUAL A B))
(MEMBER A X)))),
which simplifies, unfolding SETP, DELETE, NOT, and AND, to two new goals:
Case 4.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (CDR X))
(NOT (EQUAL A (CAR X))))
(EQUAL (MEMBER A (CDR X))
(MEMBER A X))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove the new goal:
(IMPLIES (AND (NOT (MEMBER Z V))
(SETP V)
(NOT (EQUAL A Z)))
(EQUAL (MEMBER A V)
(MEMBER A (CONS Z V)))),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 4.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (CDR X))
(EQUAL A (CAR X)))
(EQUAL (MEMBER A (CDR X)) F)).
This again simplifies, clearly, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (EQUAL B (CAR X)))
(NOT (SETP (CDR X)))
(SETP X))
(EQUAL (MEMBER A (DELETE B X))
(AND (NOT (EQUAL A B))
(MEMBER A X)))).
This simplifies, unfolding SETP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (EQUAL B (CAR X)))
(EQUAL (MEMBER A (DELETE B (CDR X)))
(AND (NOT (EQUAL A B))
(MEMBER A (CDR X))))
(SETP X))
(EQUAL (MEMBER A (DELETE B X))
(AND (NOT (EQUAL A B))
(MEMBER A X)))).
This simplifies, applying the lemma MEMBER-CONS, and expanding the functions
NOT, AND, SETP, and DELETE, to the following four new conjectures:
Case 2.4.
(IMPLIES (AND (LISTP X)
(NOT (EQUAL B (CAR X)))
(NOT (EQUAL A B))
(EQUAL (MEMBER A (DELETE B (CDR X)))
(MEMBER A (CDR X)))
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (CDR X))
(NOT (EQUAL A (CAR X))))
(EQUAL (MEMBER A (CDR X))
(MEMBER A X))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). We must thus prove the goal:
(IMPLIES (AND (NOT (EQUAL B Z))
(NOT (EQUAL A B))
(EQUAL (MEMBER A (DELETE B V))
(MEMBER A V))
(NOT (MEMBER Z V))
(SETP V)
(NOT (EQUAL A Z)))
(EQUAL (MEMBER A V)
(MEMBER A (CONS Z V)))).
However this further simplifies, applying MEMBER-CONS, to:
T.
Case 2.3.
(IMPLIES (AND (LISTP X)
(NOT (EQUAL B (CAR X)))
(NOT (EQUAL A B))
(EQUAL (MEMBER A (DELETE B (CDR X)))
(MEMBER A (CDR X)))
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (CDR X))
(EQUAL A (CAR X)))
(EQUAL T (MEMBER A X))).
This again simplifies, clearly, to the new conjecture:
(IMPLIES (AND (LISTP X)
(NOT (EQUAL (CAR X) B))
(NOT (MEMBER (CAR X) (DELETE B (CDR X))))
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (CDR X)))
(MEMBER (CAR X) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (NOT (EQUAL Z B))
(NOT (MEMBER Z (DELETE B V)))
(NOT (MEMBER Z V))
(SETP V))
(MEMBER Z (CONS Z V))),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (EQUAL B (CAR X)))
(EQUAL A B)
(EQUAL (MEMBER A (DELETE B (CDR X)))
F)
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (CDR X))
(NOT (EQUAL A (CAR X))))
(NOT (MEMBER A
(CONS (CAR X) (DELETE A (CDR X)))))).
This again simplifies, applying MEMBER-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(NOT (EQUAL B (CAR X)))
(EQUAL A B)
(EQUAL (MEMBER A (DELETE B (CDR X)))
F)
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (CDR X))
(EQUAL A (CAR X)))
(NOT (MEMBER A (CDR X)))).
This again simplifies, clearly, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SETP X))
(EQUAL (MEMBER A (DELETE B X))
(AND (NOT (EQUAL A B))
(MEMBER A X)))).
This simplifies, applying MEMBER-NLISTP and DELETE-NON-MEMBER, and expanding
the definitions of SETP, NOT, AND, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-DELETE
(PROVE-LEMMA SETP-DELETE
(REWRITE)
(IMPLIES (SETP X)
(SETP (DELETE A X))))
Call the conjecture *1.
We will try to prove it by induction. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (EQUAL A (CAR X)))
(p A X))
(IMPLIES (AND (LISTP X)
(NOT (EQUAL A (CAR X)))
(p A (CDR X)))
(p A X))
(IMPLIES (NOT (LISTP X)) (p A X))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following four new formulas:
Case 4. (IMPLIES (AND (LISTP X)
(EQUAL A (CAR X))
(SETP X))
(SETP (DELETE A X))).
This simplifies, expanding the definitions of SETP and DELETE, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (EQUAL A (CAR X)))
(NOT (SETP (CDR X)))
(SETP X))
(SETP (DELETE A X))).
This simplifies, opening up the function SETP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (EQUAL A (CAR X)))
(SETP (DELETE A (CDR X)))
(SETP X))
(SETP (DELETE A X))).
This simplifies, applying the lemmas MEMBER-DELETE, CDR-CONS, and CAR-CONS,
and unfolding SETP and DELETE, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SETP X))
(SETP (DELETE A X))).
This simplifies, rewriting with MEMBER-NLISTP and DELETE-NON-MEMBER, and
expanding the definition of SETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SETP-DELETE
(DISABLE DELETE)
[ 0.0 0.0 0.0 ]
DELETE-OFF
(PROVE-LEMMA DISJOINT-CONS-1
(REWRITE)
(EQUAL (DISJOINT (CONS A X) Y)
(AND (NOT (MEMBER A Y))
(DISJOINT X Y))))
This formula simplifies, applying CDR-CONS and CAR-CONS, and unfolding
DISJOINT, NOT, and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-CONS-1
(PROVE-LEMMA DISJOINT-CONS-2
(REWRITE)
(EQUAL (DISJOINT X (CONS A Y))
(AND (NOT (MEMBER A X))
(DISJOINT X Y))))
This formula simplifies, expanding NOT and AND, to two new conjectures:
Case 2. (IMPLIES (NOT (MEMBER A X))
(EQUAL (DISJOINT X (CONS A Y))
(DISJOINT X Y))),
which we will name *1.
Case 1. (IMPLIES (MEMBER A X)
(EQUAL (DISJOINT X (CONS A Y)) F)).
This again simplifies, trivially, to the new conjecture:
(IMPLIES (MEMBER A X)
(NOT (DISJOINT X (CONS A Y)))),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (DISJOINT X (CONS A Y))
(AND (NOT (MEMBER A X))
(DISJOINT X Y))),
named *1. Let us appeal to the induction principle. Two inductions are
suggested by terms in the conjecture. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) A Y))
(p X A Y))
(IMPLIES (NOT (LISTP X)) (p X A Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following two new formulas:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (DISJOINT (CDR X) (CONS A Y))
(AND (NOT (MEMBER A (CDR X)))
(DISJOINT (CDR X) Y))))
(EQUAL (DISJOINT X (CONS A Y))
(AND (NOT (MEMBER A X))
(DISJOINT X Y)))).
This simplifies, appealing to the lemmas MEMBER-CONS, CDR-SUBSETP, and
MEMBER-SUBSETP, and unfolding the functions NOT, AND, DISJOINT, and EQUAL,
to the following two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(EQUAL (DISJOINT (CDR X) (CONS A Y))
(DISJOINT (CDR X) Y))
(NOT (MEMBER A X))
(NOT (MEMBER (CAR X) Y))
(EQUAL (CAR X) A))
(EQUAL F (DISJOINT (CDR X) Y))).
This again simplifies, obviously, to the new conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(DISJOINT (CDR X) (CONS (CAR X) Y))
(NOT (MEMBER (CAR X) X))
(NOT (MEMBER (CAR X) Y)))
(NOT (DISJOINT (CDR X) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z V))
(DISJOINT V (CONS Z Y))
(NOT (MEMBER Z (CONS Z V)))
(NOT (MEMBER Z Y)))
(NOT (DISJOINT V Y))),
which further simplifies, applying MEMBER-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(EQUAL (DISJOINT (CDR X) (CONS A Y))
(DISJOINT (CDR X) Y))
(MEMBER A X)
(NOT (EQUAL (CAR X) A))
(NOT (MEMBER (CAR X) Y)))
(EQUAL (DISJOINT (CDR X) Y) F)).
This again simplifies, trivially, to the new conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(DISJOINT (CDR X) (CONS A Y))
(MEMBER A X)
(NOT (EQUAL (CAR X) A))
(NOT (MEMBER (CAR X) Y)))
(NOT (DISJOINT (CDR X) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER A Z))
(DISJOINT Z (CONS A Y))
(MEMBER A (CONS V Z))
(NOT (EQUAL V A))
(NOT (MEMBER V Y)))
(NOT (DISJOINT Z Y))),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (DISJOINT X (CONS A Y))
(AND (NOT (MEMBER A X))
(DISJOINT X Y)))).
This simplifies, applying the lemma MEMBER-NLISTP, and expanding DISJOINT,
NOT, AND, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-CONS-2
(PROVE-LEMMA DISJOINT-NLISTP
(REWRITE)
(IMPLIES (OR (NLISTP X) (NLISTP Y))
(DISJOINT X Y)))
This conjecture simplifies, expanding NLISTP, OR, and DISJOINT, to the new
goal:
(IMPLIES (NOT (LISTP Y))
(DISJOINT X Y)),
which we will name *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates the following two new
conjectures:
Case 2. (IMPLIES (AND (LISTP X)
(DISJOINT (CDR X) Y)
(NOT (LISTP Y)))
(DISJOINT X Y)).
This simplifies, applying MEMBER-NLISTP, and opening up the function
DISJOINT, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (NOT (LISTP Y)))
(DISJOINT X Y)),
which simplifies, opening up the function DISJOINT, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-NLISTP
(PROVE-LEMMA DISJOINT-SYMMETRY
(REWRITE)
(EQUAL (DISJOINT X Y) (DISJOINT Y X)))
WARNING: the newly proposed lemma, DISJOINT-SYMMETRY, could be applied
whenever the previously added lemma DISJOINT-CONS-2 could.
WARNING: the newly proposed lemma, DISJOINT-SYMMETRY, could be applied
whenever the previously added lemma DISJOINT-CONS-1 could.
Give the conjecture the name *1.
We will appeal to induction. Two inductions are suggested by terms in
the conjecture, both of which are flawed. We limit our consideration to the
two suggested by the largest number of nonprimitive recursive functions in the
conjecture. Since both of these are equally likely, we will choose
arbitrarily. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following two new
conjectures:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (DISJOINT (CDR X) Y)
(DISJOINT Y (CDR X))))
(EQUAL (DISJOINT X Y)
(DISJOINT Y X))).
This simplifies, expanding the function DISJOINT, to the following two new
conjectures:
Case 2.2.
(IMPLIES (AND (LISTP X)
(EQUAL (DISJOINT (CDR X) Y)
(DISJOINT Y (CDR X)))
(NOT (MEMBER (CAR X) Y)))
(EQUAL (DISJOINT Y (CDR X))
(DISJOINT Y X))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (EQUAL (DISJOINT Z Y) (DISJOINT Y Z))
(NOT (MEMBER V Y)))
(EQUAL (DISJOINT Y Z)
(DISJOINT Y (CONS V Z)))).
This further simplifies, applying DISJOINT-CONS-2, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(EQUAL (DISJOINT (CDR X) Y)
(DISJOINT Y (CDR X)))
(MEMBER (CAR X) Y))
(EQUAL F (DISJOINT Y X))).
This again simplifies, obviously, to the new conjecture:
(IMPLIES (AND (LISTP X)
(EQUAL (DISJOINT (CDR X) Y)
(DISJOINT Y (CDR X)))
(MEMBER (CAR X) Y))
(NOT (DISJOINT Y X))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces the new goal:
(IMPLIES (AND (EQUAL (DISJOINT Z Y) (DISJOINT Y Z))
(MEMBER V Y))
(NOT (DISJOINT Y (CONS V Z)))),
which further simplifies, applying the lemmas SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and DISJOINT-CONS-2, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (DISJOINT X Y)
(DISJOINT Y X))),
which simplifies, rewriting with DISJOINT-NLISTP, and opening up the
definitions of OR, NLISTP, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-SYMMETRY
(PROVE-LEMMA DISJOINT-APPEND-RIGHT
(REWRITE)
(EQUAL (DISJOINT U (APPEND Y Z))
(AND (DISJOINT U Y) (DISJOINT U Z))))
WARNING: the previously added lemma, DISJOINT-SYMMETRY, could be applied
whenever the newly proposed DISJOINT-APPEND-RIGHT could!
This simplifies, opening up the function AND, to two new conjectures:
Case 2. (IMPLIES (NOT (DISJOINT U Y))
(EQUAL (DISJOINT U (APPEND Y Z)) F)),
which again simplifies, clearly, to:
(IMPLIES (NOT (DISJOINT U Y))
(NOT (DISJOINT U (APPEND Y Z)))),
which we will name *1.
Case 1. (IMPLIES (DISJOINT U Y)
(EQUAL (DISJOINT U (APPEND Y Z))
(DISJOINT U Z))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(EQUAL (DISJOINT U (APPEND Y Z))
(AND (DISJOINT U Y) (DISJOINT U Z))),
which we named *1 above. We will appeal to induction. There are four
plausible inductions. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP U) (p (CDR U) Y Z))
(p U Y Z))
(IMPLIES (NOT (LISTP U)) (p U Y Z))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT U) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme produces two new
conjectures:
Case 2. (IMPLIES (AND (LISTP U)
(EQUAL (DISJOINT (CDR U) (APPEND Y Z))
(AND (DISJOINT (CDR U) Y)
(DISJOINT (CDR U) Z))))
(EQUAL (DISJOINT U (APPEND Y Z))
(AND (DISJOINT U Y) (DISJOINT U Z)))),
which simplifies, applying the lemma MEMBER-APPEND, and expanding AND,
DISJOINT, and EQUAL, to:
T.
Case 1. (IMPLIES (NOT (LISTP U))
(EQUAL (DISJOINT U (APPEND Y Z))
(AND (DISJOINT U Y) (DISJOINT U Z)))),
which simplifies, applying the lemma DISJOINT-NLISTP, and opening up the
functions OR, NLISTP, AND, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-APPEND-RIGHT
(PROVE-LEMMA DISJOINT-APPEND-LEFT
(REWRITE)
(EQUAL (DISJOINT (APPEND Y Z) U)
(AND (DISJOINT Y U) (DISJOINT Z U))))
WARNING: the previously added lemma, DISJOINT-SYMMETRY, could be applied
whenever the newly proposed DISJOINT-APPEND-LEFT could!
This simplifies, appealing to the lemmas DISJOINT-APPEND-RIGHT and
DISJOINT-SYMMETRY, and opening up the definition of AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-APPEND-LEFT
(PROVE-LEMMA DISJOINT-NON-MEMBER
(REWRITE)
(IMPLIES (AND (MEMBER A X) (MEMBER A Y))
(NOT (DISJOINT X Y))))
WARNING: Note that DISJOINT-NON-MEMBER contains the free variable A which
will be chosen by instantiating the hypothesis (MEMBER A X).
Give the conjecture the name *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y A))
(p X Y A))
(IMPLIES (NOT (LISTP X)) (p X Y A))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
formulas:
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(MEMBER A X)
(MEMBER A Y))
(NOT (DISJOINT X Y))).
This simplifies, opening up DISJOINT, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(MEMBER A X)
(MEMBER A Y)
(NOT (MEMBER (CAR X) Y)))
(NOT (DISJOINT (CDR X) Y))),
which further simplifies, applying DISJOINT-SYMMETRY, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CDR X)))
(MEMBER A X)
(MEMBER A Y)
(NOT (MEMBER (CAR X) Y)))
(NOT (DISJOINT Y (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new goal:
(IMPLIES (AND (NOT (MEMBER A Z))
(MEMBER A (CONS V Z))
(MEMBER A Y)
(NOT (MEMBER V Y)))
(NOT (DISJOINT Y Z))),
which further simplifies, appealing to the lemmas MEMBER-CONS,
SUBSETP-REFLEXIVITY, and MEMBER-SUBSETP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (DISJOINT (CDR X) Y))
(MEMBER A X)
(MEMBER A Y))
(NOT (DISJOINT X Y))),
which simplifies, unfolding the function DISJOINT, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(MEMBER A X)
(MEMBER A Y))
(NOT (DISJOINT X Y))),
which simplifies, rewriting with the lemma MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-NON-MEMBER
(PROVE-LEMMA DISJOINT-SUBSETP-MONOTONE-SECOND
(REWRITE)
(IMPLIES (AND (SUBSETP Y Z) (DISJOINT X Z))
(DISJOINT X Y)))
WARNING: Note that DISJOINT-SUBSETP-MONOTONE-SECOND contains the free
variable Z which will be chosen by instantiating the hypothesis (SUBSETP Y Z).
Call the conjecture *1.
Perhaps we can prove it by induction. Two inductions are suggested by
terms in the conjecture. However, they merge into one likely candidate
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y Z))
(p X Y Z))
(IMPLIES (NOT (LISTP X)) (p X Y Z))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to three
new goals:
Case 3. (IMPLIES (AND (LISTP X)
(NOT (DISJOINT (CDR X) Z))
(SUBSETP Y Z)
(DISJOINT X Z))
(DISJOINT X Y)),
which simplifies, opening up the definition of DISJOINT, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(DISJOINT (CDR X) Y)
(SUBSETP Y Z)
(DISJOINT X Z))
(DISJOINT X Y)),
which simplifies, expanding DISJOINT, to:
(IMPLIES (AND (LISTP X)
(DISJOINT (CDR X) Y)
(SUBSETP Y Z)
(NOT (MEMBER (CAR X) Z))
(DISJOINT (CDR X) Z))
(NOT (MEMBER (CAR X) Y))).
But this again simplifies, appealing to the lemma MEMBER-SUBSETP, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(SUBSETP Y Z)
(DISJOINT X Z))
(DISJOINT X Y)),
which simplifies, applying the lemma DISJOINT-NLISTP, and opening up OR and
NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-SUBSETP-MONOTONE-SECOND
(PROVE-LEMMA SUBSETP-DISJOINT-2
(REWRITE)
(IMPLIES (AND (SUBSETP X Y) (DISJOINT Y Z))
(DISJOINT Z X)))
WARNING: Note that SUBSETP-DISJOINT-2 contains the free variable Y which will
be chosen by instantiating the hypothesis (SUBSETP X Y).
This simplifies, rewriting with DISJOINT-SYMMETRY and
DISJOINT-SUBSETP-MONOTONE-SECOND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-DISJOINT-2
(PROVE-LEMMA SUBSETP-DISJOINT-1
(REWRITE)
(IMPLIES (AND (SUBSETP X Y) (DISJOINT Y Z))
(DISJOINT X Z))
((USE (DISJOINT-SYMMETRY (X X) (Y Z)))
(DISABLE DISJOINT-SYMMETRY)))
WARNING: Note that SUBSETP-DISJOINT-1 contains the free variable Y which will
be chosen by instantiating the hypothesis (SUBSETP X Y).
This conjecture simplifies, rewriting with the lemma SUBSETP-DISJOINT-2, and
unfolding the function EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-DISJOINT-1
(PROVE-LEMMA SUBSETP-DISJOINT-3
(REWRITE)
(IMPLIES (AND (SUBSETP X Y) (DISJOINT Z Y))
(DISJOINT X Z)))
WARNING: Note that SUBSETP-DISJOINT-3 contains the free variable Y which will
be chosen by instantiating the hypothesis (SUBSETP X Y).
This simplifies, rewriting with DISJOINT-SYMMETRY and SUBSETP-DISJOINT-1, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-DISJOINT-3
(DISABLE DISJOINT)
[ 0.0 0.0 0.0 ]
DISJOINT-OFF
(PROVE-LEMMA INTERSECTION-DISJOINT
(REWRITE)
(EQUAL (EQUAL (INTERSECTION X Y) NIL)
(DISJOINT X Y)))
This formula simplifies, clearly, to the following two new goals:
Case 2. (IMPLIES (NOT (EQUAL (INTERSECTION X Y) NIL))
(NOT (DISJOINT X Y))).
Call the above conjecture *1.
Case 1. (IMPLIES (EQUAL (INTERSECTION X Y) NIL)
(EQUAL (DISJOINT X Y) T)).
This again simplifies, clearly, to:
(IMPLIES (EQUAL (INTERSECTION X Y) NIL)
(DISJOINT X Y)),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (EQUAL (INTERSECTION X Y) NIL)
(DISJOINT X Y)),
named *1. Let us appeal to the induction principle. There is only one
suggested induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates three new conjectures:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (EQUAL (INTERSECTION (CDR X) Y) NIL)
(DISJOINT (CDR X) Y)))
(EQUAL (EQUAL (INTERSECTION X Y) NIL)
(DISJOINT X Y))),
which simplifies, rewriting with DISJOINT-SYMMETRY, SUBSETP-REFLEXIVITY, and
MEMBER-SUBSETP, and opening up the function INTERSECTION, to the following
two new goals:
Case 3.2.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (EQUAL (INTERSECTION (CDR X) Y) NIL))
(NOT (DISJOINT Y (CDR X))))
(NOT (DISJOINT X Y))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). The result is:
(IMPLIES (AND (MEMBER Z Y)
(NOT (EQUAL (INTERSECTION V Y) NIL))
(NOT (DISJOINT Y V)))
(NOT (DISJOINT (CONS Z V) Y))).
But this further simplifies, rewriting with DISJOINT-SYMMETRY, MEMBER-CONS,
and DISJOINT-NON-MEMBER, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (INTERSECTION (CDR X) Y) NIL)
(EQUAL (DISJOINT Y (CDR X)) T))
(NOT (DISJOINT X Y))).
This again simplifies, obviously, to the new conjecture:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (INTERSECTION (CDR X) Y) NIL)
(DISJOINT Y (CDR X)))
(NOT (DISJOINT X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces the new formula:
(IMPLIES (AND (MEMBER Z Y)
(EQUAL (INTERSECTION V Y) NIL)
(DISJOINT Y V))
(NOT (DISJOINT (CONS Z V) Y))),
which further simplifies, applying the lemmas DISJOINT-SYMMETRY,
MEMBER-CONS, and DISJOINT-NON-MEMBER, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (EQUAL (INTERSECTION (CDR X) Y) NIL)
(DISJOINT (CDR X) Y)))
(EQUAL (EQUAL (INTERSECTION X Y) NIL)
(DISJOINT X Y))),
which simplifies, applying the lemma DISJOINT-SYMMETRY, and opening up the
functions INTERSECTION and EQUAL, to two new goals:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (EQUAL (INTERSECTION (CDR X) Y) NIL))
(NOT (DISJOINT Y (CDR X))))
(NOT (DISJOINT X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (EQUAL (INTERSECTION V Y) NIL))
(NOT (DISJOINT Y V)))
(NOT (DISJOINT (CONS Z V) Y))),
which further simplifies, applying DISJOINT-SYMMETRY and DISJOINT-CONS-2,
to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (INTERSECTION (CDR X) Y) NIL)
(EQUAL (DISJOINT Y (CDR X)) T))
(DISJOINT X Y)).
This again simplifies, obviously, to the new formula:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (INTERSECTION (CDR X) Y) NIL)
(DISJOINT Y (CDR X)))
(DISJOINT X Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z Y))
(EQUAL (INTERSECTION V Y) NIL)
(DISJOINT Y V))
(DISJOINT (CONS Z V) Y)),
which further simplifies, appealing to the lemmas DISJOINT-SYMMETRY and
DISJOINT-CONS-2, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (EQUAL (INTERSECTION X Y) NIL)
(DISJOINT X Y))),
which simplifies, applying the lemma DISJOINT-NLISTP, and expanding
INTERSECTION, EQUAL, OR, and NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-DISJOINT
(PROVE-LEMMA INTERSECTION-NLISTP
(REWRITE)
(IMPLIES (OR (NLISTP X) (NLISTP Y))
(EQUAL (INTERSECTION X Y) NIL)))
This conjecture can be simplified, using the abbreviations IMPLIES and
INTERSECTION-DISJOINT, to the goal:
(IMPLIES (OR (NLISTP X) (NLISTP Y))
(DISJOINT X Y)).
This simplifies, applying the lemma DISJOINT-NLISTP, and unfolding the
functions NLISTP and OR, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-NLISTP
(PROVE-LEMMA MEMBER-INTERSECTION
(REWRITE)
(EQUAL (MEMBER A (INTERSECTION X Y))
(AND (MEMBER A X) (MEMBER A Y))))
This simplifies, opening up the function AND, to two new conjectures:
Case 2. (IMPLIES (NOT (MEMBER A X))
(EQUAL (MEMBER A (INTERSECTION X Y))
F)),
which again simplifies, clearly, to:
(IMPLIES (NOT (MEMBER A X))
(NOT (MEMBER A (INTERSECTION X Y)))),
which we will name *1.
Case 1. (IMPLIES (MEMBER A X)
(EQUAL (MEMBER A (INTERSECTION X Y))
(MEMBER A Y))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(EQUAL (MEMBER A (INTERSECTION X Y))
(AND (MEMBER A X) (MEMBER A Y))),
which we named *1 above. We will appeal to induction. There is only one
plausible induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p A (CDR X) Y))
(p A X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p A (CDR X) Y))
(p A X Y))
(IMPLIES (NOT (LISTP X)) (p A X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme produces three new
conjectures:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (MEMBER A (INTERSECTION (CDR X) Y))
(AND (MEMBER A (CDR X))
(MEMBER A Y))))
(EQUAL (MEMBER A (INTERSECTION X Y))
(AND (MEMBER A X) (MEMBER A Y)))),
which simplifies, applying the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
MEMBER-CONS, and CDR-SUBSETP, and expanding AND and INTERSECTION, to four
new goals:
Case 3.4.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(EQUAL (MEMBER A (INTERSECTION (CDR X) Y))
F)
(EQUAL A (CAR X)))
(EQUAL (MEMBER A Y) T)),
which again simplifies, trivially, to:
T.
Case 3.3.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(EQUAL (MEMBER A (INTERSECTION (CDR X) Y))
F)
(NOT (EQUAL A (CAR X)))
(MEMBER A X))
(NOT (MEMBER A Y))).
This again simplifies, trivially, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(NOT (MEMBER A (INTERSECTION (CDR X) Y)))
(NOT (EQUAL A (CAR X)))
(MEMBER A X))
(NOT (MEMBER A Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove the new conjecture:
(IMPLIES (AND (MEMBER Z Y)
(NOT (MEMBER A V))
(NOT (MEMBER A (INTERSECTION V Y)))
(NOT (EQUAL A Z))
(MEMBER A (CONS Z V)))
(NOT (MEMBER A Y))),
which further simplifies, applying MEMBER-CONS, to:
T.
Case 3.2.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(EQUAL (MEMBER A (INTERSECTION (CDR X) Y))
F)
(EQUAL A (CAR X)))
(MEMBER A X)).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER (CAR X) (CDR X)))
(NOT (MEMBER (CAR X)
(INTERSECTION (CDR X) Y))))
(MEMBER (CAR X) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (MEMBER Z Y)
(NOT (MEMBER Z V))
(NOT (MEMBER Z (INTERSECTION V Y))))
(MEMBER Z (CONS Z V))),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(MEMBER A (CDR X))
(EQUAL (MEMBER A (INTERSECTION (CDR X) Y))
(MEMBER A Y))
(EQUAL A (CAR X)))
(EQUAL T (MEMBER A Y))).
This again simplifies, obviously, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (MEMBER A (INTERSECTION (CDR X) Y))
(AND (MEMBER A (CDR X))
(MEMBER A Y))))
(EQUAL (MEMBER A (INTERSECTION X Y))
(AND (MEMBER A X) (MEMBER A Y)))).
This simplifies, applying CDR-SUBSETP and MEMBER-SUBSETP, and opening up the
functions AND and INTERSECTION, to the formula:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (MEMBER A (CDR X)))
(EQUAL (MEMBER A (INTERSECTION (CDR X) Y))
F)
(MEMBER A X))
(NOT (MEMBER A Y))).
This again simplifies, obviously, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (MEMBER A (CDR X)))
(NOT (MEMBER A (INTERSECTION (CDR X) Y)))
(MEMBER A X))
(NOT (MEMBER A Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (MEMBER A V))
(NOT (MEMBER A (INTERSECTION V Y)))
(MEMBER A (CONS Z V)))
(NOT (MEMBER A Y))),
which further simplifies, applying MEMBER-CONS, to:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (MEMBER A V))
(NOT (MEMBER A (INTERSECTION V Y)))
(EQUAL A Z))
(NOT (MEMBER A Y))),
which again simplifies, clearly, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (MEMBER A (INTERSECTION X Y))
(AND (MEMBER A X) (MEMBER A Y)))).
This simplifies, applying INTERSECTION-NLISTP and MEMBER-NLISTP, and opening
up the functions OR, NLISTP, AND, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-INTERSECTION
(PROVE-LEMMA SUBSETP-INTERSECTION
(REWRITE)
(EQUAL (SUBSETP X (INTERSECTION Y Z))
(AND (SUBSETP X Y) (SUBSETP X Z)))
((INDUCT (SUBSETP X Y))))
This conjecture can be simplified, using the abbreviations NLISTP, NOT, OR,
and AND, to two new formulas:
Case 2. (IMPLIES (NOT (LISTP X))
(EQUAL (SUBSETP X (INTERSECTION Y Z))
(AND (SUBSETP X Y) (SUBSETP X Z)))),
which simplifies, rewriting with SUBSETP-NLISTP, and opening up the
functions AND and EQUAL, to:
T.
Case 1. (IMPLIES (AND (LISTP X)
(EQUAL (SUBSETP (CDR X) (INTERSECTION Y Z))
(AND (SUBSETP (CDR X) Y)
(SUBSETP (CDR X) Z))))
(EQUAL (SUBSETP X (INTERSECTION Y Z))
(AND (SUBSETP X Y) (SUBSETP X Z)))).
This simplifies, opening up the definition of AND, to the following four new
conjectures:
Case 1.4.
(IMPLIES (AND (LISTP X)
(NOT (SUBSETP (CDR X) Y))
(EQUAL (SUBSETP (CDR X) (INTERSECTION Y Z))
F)
(NOT (SUBSETP X Y)))
(EQUAL (SUBSETP X (INTERSECTION Y Z))
F)).
This again simplifies, trivially, to the new formula:
(IMPLIES (AND (LISTP X)
(NOT (SUBSETP (CDR X) Y))
(NOT (SUBSETP (CDR X) (INTERSECTION Y Z)))
(NOT (SUBSETP X Y)))
(NOT (SUBSETP X (INTERSECTION Y Z)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS W V) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (NOT (SUBSETP V Y))
(NOT (SUBSETP V (INTERSECTION Y Z)))
(NOT (SUBSETP (CONS W V) Y)))
(NOT (SUBSETP (CONS W V)
(INTERSECTION Y Z)))),
which further simplifies, applying SUBSETP-CONS-1 and MEMBER-INTERSECTION,
to:
T.
Case 1.3.
(IMPLIES (AND (LISTP X)
(NOT (SUBSETP (CDR X) Y))
(EQUAL (SUBSETP (CDR X) (INTERSECTION Y Z))
F)
(SUBSETP X Y))
(EQUAL (SUBSETP X (INTERSECTION Y Z))
(SUBSETP X Z))).
This again simplifies, clearly, to the new conjecture:
(IMPLIES (AND (LISTP X)
(NOT (SUBSETP (CDR X) Y))
(NOT (SUBSETP (CDR X) (INTERSECTION Y Z)))
(SUBSETP X Y))
(EQUAL (SUBSETP X (INTERSECTION Y Z))
(SUBSETP X Z))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS W V) to eliminate
(CDR X) and (CAR X). We thus obtain the new goal:
(IMPLIES (AND (NOT (SUBSETP V Y))
(NOT (SUBSETP V (INTERSECTION Y Z)))
(SUBSETP (CONS W V) Y))
(EQUAL (SUBSETP (CONS W V)
(INTERSECTION Y Z))
(SUBSETP (CONS W V) Z))),
which further simplifies, applying SUBSETP-CONS-1, to:
T.
Case 1.2.
(IMPLIES (AND (LISTP X)
(SUBSETP (CDR X) Y)
(EQUAL (SUBSETP (CDR X) (INTERSECTION Y Z))
(SUBSETP (CDR X) Z))
(NOT (SUBSETP X Y)))
(EQUAL (SUBSETP X (INTERSECTION Y Z))
F)).
This again simplifies, clearly, to the new goal:
(IMPLIES (AND (LISTP X)
(SUBSETP (CDR X) Y)
(EQUAL (SUBSETP (CDR X) (INTERSECTION Y Z))
(SUBSETP (CDR X) Z))
(NOT (SUBSETP X Y)))
(NOT (SUBSETP X (INTERSECTION Y Z)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS W V) to eliminate
(CDR X) and (CAR X). We thus obtain:
(IMPLIES (AND (SUBSETP V Y)
(EQUAL (SUBSETP V (INTERSECTION Y Z))
(SUBSETP V Z))
(NOT (SUBSETP (CONS W V) Y)))
(NOT (SUBSETP (CONS W V)
(INTERSECTION Y Z)))),
which further simplifies, rewriting with SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, SUBSETP-CONS-1, and MEMBER-INTERSECTION, to:
T.
Case 1.1.
(IMPLIES (AND (LISTP X)
(SUBSETP (CDR X) Y)
(EQUAL (SUBSETP (CDR X) (INTERSECTION Y Z))
(SUBSETP (CDR X) Z))
(SUBSETP X Y))
(EQUAL (SUBSETP X (INTERSECTION Y Z))
(SUBSETP X Z))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS W V) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (SUBSETP V Y)
(EQUAL (SUBSETP V (INTERSECTION Y Z))
(SUBSETP V Z))
(SUBSETP (CONS W V) Y))
(EQUAL (SUBSETP (CONS W V)
(INTERSECTION Y Z))
(SUBSETP (CONS W V) Z))).
But this further simplifies, rewriting with SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, SUBSETP-CONS-1, MEMBER-SUBSETP, and
MEMBER-INTERSECTION, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION
(PROVE-LEMMA INTERSECTION-SYMMETRY
(REWRITE)
(SUBSETP (INTERSECTION X Y)
(INTERSECTION Y X)))
This formula can be simplified, using the abbreviation SUBSETP-INTERSECTION,
to the following two new conjectures:
Case 2. (SUBSETP (INTERSECTION X Y) Y).
Give the above formula the name *1.
Case 1. (SUBSETP (INTERSECTION X Y) X),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(SUBSETP (INTERSECTION X Y)
(INTERSECTION Y X)),
which we named *1 above. We will appeal to induction. There are two
plausible inductions, both of which are flawed. We limit our consideration to
the two suggested by the largest number of nonprimitive recursive functions in
the conjecture. Since both of these are equally likely, we will choose
arbitrarily. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates the following three new
formulas:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (INTERSECTION (CDR X) Y)
(INTERSECTION Y (CDR X))))
(SUBSETP (INTERSECTION X Y)
(INTERSECTION Y X))).
This simplifies, rewriting with SUBSETP-INTERSECTION, SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, SUBSETP-CONS-1, CDR-SUBSETP, and SUBSETP-IS-TRANSITIVE, and
expanding INTERSECTION, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (INTERSECTION (CDR X) Y) Y)
(SUBSETP (INTERSECTION (CDR X) Y)
(CDR X)))
(MEMBER (CAR X) X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). This generates:
(IMPLIES (AND (MEMBER Z Y)
(SUBSETP (INTERSECTION V Y) Y)
(SUBSETP (INTERSECTION V Y) V))
(MEMBER Z (CONS Z V))).
But this further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (INTERSECTION (CDR X) Y)
(INTERSECTION Y (CDR X))))
(SUBSETP (INTERSECTION X Y)
(INTERSECTION Y X))).
This simplifies, rewriting with the lemmas SUBSETP-INTERSECTION, CDR-SUBSETP,
and SUBSETP-IS-TRANSITIVE, and opening up the definition of INTERSECTION, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(SUBSETP (INTERSECTION X Y)
(INTERSECTION Y X))).
This simplifies, applying INTERSECTION-NLISTP, and unfolding OR, NLISTP, and
SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-SYMMETRY
(PROVE-LEMMA INTERSECTION-CONS-1
(REWRITE)
(EQUAL (INTERSECTION (CONS A X) Y)
(IF (MEMBER A Y)
(CONS A (INTERSECTION X Y))
(INTERSECTION X Y))))
This formula simplifies, applying the lemmas CDR-CONS and CAR-CONS, and
unfolding INTERSECTION, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-CONS-1
(PROVE-LEMMA INTERSECTION-CONS-2
(REWRITE)
(IMPLIES (NOT (MEMBER A Y))
(EQUAL (INTERSECTION Y (CONS A X))
(INTERSECTION Y X))))
Give the conjecture the name *1.
Let us appeal to the induction principle. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) (CONS A X))
(p (CDR Y) A X))
(p Y A X))
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) (CONS A X)))
(p (CDR Y) A X))
(p Y A X))
(IMPLIES (NOT (LISTP Y)) (p Y A X))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT Y) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme generates the
following five new conjectures:
Case 5. (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) (CONS A X))
(MEMBER A (CDR Y))
(NOT (MEMBER A Y)))
(EQUAL (INTERSECTION Y (CONS A X))
(INTERSECTION Y X))).
This simplifies, appealing to the lemmas MEMBER-CONS, CDR-SUBSETP, and
MEMBER-SUBSETP, to:
T.
Case 4. (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) (CONS A X))
(EQUAL (INTERSECTION (CDR Y) (CONS A X))
(INTERSECTION (CDR Y) X))
(NOT (MEMBER A Y)))
(EQUAL (INTERSECTION Y (CONS A X))
(INTERSECTION Y X))).
This simplifies, rewriting with MEMBER-CONS, SUBSETP-CONS-2,
SUBSETP-REFLEXIVITY, and MEMBER-SUBSETP, and opening up the definition of
INTERSECTION, to:
(IMPLIES (AND (LISTP Y)
(EQUAL (CAR Y) A)
(EQUAL (INTERSECTION (CDR Y) (CONS A X))
(INTERSECTION (CDR Y) X))
(NOT (MEMBER A Y))
(NOT (MEMBER A X)))
(EQUAL (CONS A (INTERSECTION (CDR Y) X))
(INTERSECTION (CDR Y) X))).
This again simplifies, clearly, to the new conjecture:
(IMPLIES (AND (LISTP Y)
(EQUAL (INTERSECTION (CDR Y)
(CONS (CAR Y) X))
(INTERSECTION (CDR Y) X))
(NOT (MEMBER (CAR Y) Y)))
(MEMBER (CAR Y) X)).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS V Z) to eliminate
(CDR Y) and (CAR Y). We thus obtain:
(IMPLIES (AND (EQUAL (INTERSECTION Z (CONS V X))
(INTERSECTION Z X))
(NOT (MEMBER V (CONS V Z))))
(MEMBER V X)),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) (CONS A X)))
(MEMBER A (CDR Y))
(NOT (MEMBER A Y)))
(EQUAL (INTERSECTION Y (CONS A X))
(INTERSECTION Y X))).
This simplifies, rewriting with the lemmas MEMBER-CONS, CDR-SUBSETP, and
MEMBER-SUBSETP, to:
T.
Case 2. (IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) (CONS A X)))
(EQUAL (INTERSECTION (CDR Y) (CONS A X))
(INTERSECTION (CDR Y) X))
(NOT (MEMBER A Y)))
(EQUAL (INTERSECTION Y (CONS A X))
(INTERSECTION Y X))).
This simplifies, applying MEMBER-CONS, and expanding INTERSECTION, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP Y))
(NOT (MEMBER A Y)))
(EQUAL (INTERSECTION Y (CONS A X))
(INTERSECTION Y X))),
which simplifies, applying MEMBER-NLISTP and INTERSECTION-NLISTP, and
expanding the definitions of OR, NLISTP, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-CONS-2
(PROVE-LEMMA INTERSECTION-CONS-3
(REWRITE)
(IMPLIES (MEMBER W X)
(EQUAL (SUBSETP (INTERSECTION Y (CONS W Z))
X)
(SUBSETP (INTERSECTION Y Z) X)))
((ENABLE INTERSECTION)))
Call the conjecture *1.
Let us appeal to the induction principle. There are two plausible
inductions. However, they merge into one likely candidate induction. We will
induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) (CONS W Z))
(p (CDR Y) W Z X))
(p Y W Z X))
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) (CONS W Z)))
(p (CDR Y) W Z X))
(p Y W Z X))
(IMPLIES (NOT (LISTP Y))
(p Y W Z X))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT Y)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces three new formulas:
Case 3. (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) (CONS W Z))
(EQUAL (SUBSETP (INTERSECTION (CDR Y) (CONS W Z))
X)
(SUBSETP (INTERSECTION (CDR Y) Z) X))
(MEMBER W X))
(EQUAL (SUBSETP (INTERSECTION Y (CONS W Z))
X)
(SUBSETP (INTERSECTION Y Z) X))),
which simplifies, applying the lemmas MEMBER-CONS, SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, SUBSETP-CONS-1, and SUBSETP-CONS-2, and opening up
INTERSECTION, to:
(IMPLIES (AND (LISTP Y)
(EQUAL (CAR Y) W)
(EQUAL (SUBSETP (INTERSECTION (CDR Y) (CONS W Z))
X)
(SUBSETP (INTERSECTION (CDR Y) Z) X))
(MEMBER W X)
(MEMBER W Z))
(EQUAL (SUBSETP (INTERSECTION (CDR Y) Z) X)
(SUBSETP (CONS W (INTERSECTION (CDR Y) Z))
X))).
This again simplifies, applying SUBSETP-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) (CONS W Z)))
(EQUAL (SUBSETP (INTERSECTION (CDR Y) (CONS W Z))
X)
(SUBSETP (INTERSECTION (CDR Y) Z) X))
(MEMBER W X))
(EQUAL (SUBSETP (INTERSECTION Y (CONS W Z))
X)
(SUBSETP (INTERSECTION Y Z) X))).
This simplifies, rewriting with MEMBER-CONS, and expanding the definition of
INTERSECTION, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP Y)) (MEMBER W X))
(EQUAL (SUBSETP (INTERSECTION Y (CONS W Z))
X)
(SUBSETP (INTERSECTION Y Z) X))),
which simplifies, rewriting with MEMBER-NLISTP, INTERSECTION-NLISTP,
INTERSECTION-CONS-2, and SUBSETP-NLISTP, and unfolding the functions OR,
NLISTP, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-CONS-3
(PROVE-LEMMA INTERSECTION-CONS-SUBSETP
(REWRITE)
(SUBSETP (INTERSECTION X Y)
(INTERSECTION X (CONS A Y))))
This conjecture can be simplified, using the abbreviation SUBSETP-INTERSECTION,
to two new conjectures:
Case 2. (SUBSETP (INTERSECTION X Y) X),
which we will name *1.
Case 1. (SUBSETP (INTERSECTION X Y)
(CONS A Y)),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(SUBSETP (INTERSECTION X Y)
(INTERSECTION X (CONS A Y))),
which we named *1 above. We will appeal to induction. Two inductions are
suggested by terms in the conjecture. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y A))
(p X Y A))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y A))
(p X Y A))
(IMPLIES (NOT (LISTP X)) (p X Y A))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to the following three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (INTERSECTION (CDR X) Y)
(INTERSECTION (CDR X) (CONS A Y))))
(SUBSETP (INTERSECTION X Y)
(INTERSECTION X (CONS A Y)))).
This simplifies, rewriting with SUBSETP-INTERSECTION, SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, SUBSETP-CONS-2, MEMBER-CONS, SUBSETP-IS-TRANSITIVE, and
SUBSETP-CONS-1, and opening up the definition of INTERSECTION, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (INTERSECTION (CDR X) Y)
(INTERSECTION (CDR X) (CONS A Y))))
(SUBSETP (INTERSECTION X Y)
(INTERSECTION X (CONS A Y)))),
which simplifies, appealing to the lemmas SUBSETP-INTERSECTION and
MEMBER-CONS, and opening up INTERSECTION, to two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (INTERSECTION (CDR X) Y)
(CDR X))
(SUBSETP (INTERSECTION (CDR X) Y)
(CONS A Y))
(NOT (EQUAL (CAR X) A)))
(SUBSETP (INTERSECTION (CDR X) Y)
(INTERSECTION (CDR X) (CONS A Y)))),
which again simplifies, applying the lemmas SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, and SUBSETP-INTERSECTION, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (INTERSECTION (CDR X) Y)
(CDR X))
(SUBSETP (INTERSECTION (CDR X) Y)
(CONS A Y))
(EQUAL (CAR X) A))
(SUBSETP (INTERSECTION (CDR X) Y)
(CONS A
(INTERSECTION (CDR X) (CONS A Y))))),
which again simplifies, applying the lemmas MEMBER-INTERSECTION,
SUBSETP-CONS-NOT-MEMBER, SUBSETP-REFLEXIVITY, SUBSETP-IS-TRANSITIVE, and
SUBSETP-INTERSECTION, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(SUBSETP (INTERSECTION X Y)
(INTERSECTION X (CONS A Y)))),
which simplifies, appealing to the lemmas INTERSECTION-NLISTP, MEMBER-NLISTP,
and INTERSECTION-CONS-2, and expanding the definitions of OR, NLISTP, and
SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-CONS-SUBSETP
(PROVE-LEMMA SUBSETP-INTERSECTION-LEFT-1
(REWRITE)
(SUBSETP (INTERSECTION X Y) X)
((ENABLE INTERSECTION)))
Give the conjecture the name *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to three new formulas:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (INTERSECTION (CDR X) Y)
(CDR X)))
(SUBSETP (INTERSECTION X Y) X)),
which simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, CDR-SUBSETP,
SUBSETP-IS-TRANSITIVE, and SUBSETP-CONS-1, and opening up the definition of
INTERSECTION, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (INTERSECTION (CDR X) Y)
(CDR X)))
(MEMBER (CAR X) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces:
(IMPLIES (AND (MEMBER Z Y)
(SUBSETP (INTERSECTION V Y) V))
(MEMBER Z (CONS Z V))),
which further simplifies, appealing to the lemma MEMBER-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (INTERSECTION (CDR X) Y)
(CDR X)))
(SUBSETP (INTERSECTION X Y) X)),
which simplifies, applying the lemmas CDR-SUBSETP and SUBSETP-IS-TRANSITIVE,
and opening up INTERSECTION, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(SUBSETP (INTERSECTION X Y) X)),
which simplifies, appealing to the lemmas INTERSECTION-NLISTP and
SUBSETP-NLISTP, and unfolding the definitions of OR, NLISTP, and LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION-LEFT-1
(PROVE-LEMMA SUBSETP-INTERSECTION-LEFT-2
(REWRITE)
(SUBSETP (INTERSECTION X Y) Y)
((ENABLE INTERSECTION)))
Give the conjecture the name *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to three new formulas:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (INTERSECTION (CDR X) Y) Y))
(SUBSETP (INTERSECTION X Y) Y)),
which simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
SUBSETP-IS-TRANSITIVE, and SUBSETP-CONS-1, and opening up the definition of
INTERSECTION, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (INTERSECTION (CDR X) Y) Y))
(SUBSETP (INTERSECTION X Y) Y)).
This simplifies, applying SUBSETP-REFLEXIVITY and SUBSETP-IS-TRANSITIVE, and
unfolding INTERSECTION, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(SUBSETP (INTERSECTION X Y) Y)),
which simplifies, appealing to the lemmas INTERSECTION-NLISTP and
SUBSETP-NLISTP, and unfolding OR and NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION-LEFT-2
(PROVE-LEMMA SUBSETP-INTERSECTION-SUFFICIENCY-1
(REWRITE)
(IMPLIES (SUBSETP Y Z)
(SUBSETP (INTERSECTION X Y) Z))
((ENABLE INTERSECTION)))
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y Z))
(p X Y Z))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y Z))
(p X Y Z))
(IMPLIES (NOT (LISTP X)) (p X Y Z))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates three new conjectures:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (INTERSECTION (CDR X) Y) Z)
(SUBSETP Y Z))
(SUBSETP (INTERSECTION X Y) Z)),
which simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
SUBSETP-IS-TRANSITIVE, and SUBSETP-CONS-1, and opening up INTERSECTION, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (INTERSECTION (CDR X) Y) Z)
(SUBSETP Y Z))
(SUBSETP (INTERSECTION X Y) Z)).
This simplifies, applying the lemmas SUBSETP-REFLEXIVITY and
SUBSETP-IS-TRANSITIVE, and unfolding the function INTERSECTION, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SUBSETP Y Z))
(SUBSETP (INTERSECTION X Y) Z)).
This simplifies, rewriting with INTERSECTION-NLISTP and SUBSETP-NLISTP, and
opening up the functions OR and NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION-SUFFICIENCY-1
(PROVE-LEMMA SUBSETP-INTERSECTION-SUFFICIENCY-2
(REWRITE)
(IMPLIES (SUBSETP Y Z)
(SUBSETP (INTERSECTION Y X) Z))
((ENABLE INTERSECTION)))
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) X)
(p (CDR Y) X Z))
(p Y X Z))
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) X))
(p (CDR Y) X Z))
(p Y X Z))
(IMPLIES (NOT (LISTP Y)) (p Y X Z))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT Y)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates five new conjectures:
Case 5. (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) X)
(NOT (SUBSETP (CDR Y) Z))
(SUBSETP Y Z))
(SUBSETP (INTERSECTION Y X) Z)),
which simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
SUBSETP-CONS-1, and opening up INTERSECTION, to the following two new goals:
Case 5.2.
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) X)
(NOT (SUBSETP (CDR Y) Z))
(SUBSETP Y Z))
(MEMBER (CAR Y) Z)).
Appealing to the lemma CAR-CDR-ELIM, we now replace Y by (CONS V W) to
eliminate (CAR Y) and (CDR Y). We must thus prove the goal:
(IMPLIES (AND (MEMBER V X)
(NOT (SUBSETP W Z))
(SUBSETP (CONS V W) Z))
(MEMBER V Z)).
But this further simplifies, rewriting with the lemma SUBSETP-CONS-1, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) X)
(NOT (SUBSETP (CDR Y) Z))
(SUBSETP Y Z))
(SUBSETP (INTERSECTION (CDR Y) X) Z)).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS V W) to eliminate
(CAR Y) and (CDR Y). We would thus like to prove:
(IMPLIES (AND (MEMBER V X)
(NOT (SUBSETP W Z))
(SUBSETP (CONS V W) Z))
(SUBSETP (INTERSECTION W X) Z)),
which further simplifies, rewriting with SUBSETP-CONS-1, to:
T.
Case 4. (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) X)
(SUBSETP (INTERSECTION (CDR Y) X) Z)
(SUBSETP Y Z))
(SUBSETP (INTERSECTION Y X) Z)).
This simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
SUBSETP-IS-TRANSITIVE, and SUBSETP-CONS-1, and opening up the function
INTERSECTION, to the conjecture:
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) X)
(SUBSETP (INTERSECTION (CDR Y) X) Z)
(SUBSETP Y Z))
(MEMBER (CAR Y) Z)).
Appealing to the lemma CAR-CDR-ELIM, we now replace Y by (CONS V W) to
eliminate (CAR Y) and (CDR Y). The result is:
(IMPLIES (AND (MEMBER V X)
(SUBSETP (INTERSECTION W X) Z)
(SUBSETP (CONS V W) Z))
(MEMBER V Z)).
This further simplifies, applying SUBSETP-CONS-1, to:
T.
Case 3. (IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) X))
(NOT (SUBSETP (CDR Y) Z))
(SUBSETP Y Z))
(SUBSETP (INTERSECTION Y X) Z)).
This simplifies, unfolding the definition of INTERSECTION, to:
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) X))
(NOT (SUBSETP (CDR Y) Z))
(SUBSETP Y Z))
(SUBSETP (INTERSECTION (CDR Y) X) Z)).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS V W) to eliminate
(CAR Y) and (CDR Y). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER V X))
(NOT (SUBSETP W Z))
(SUBSETP (CONS V W) Z))
(SUBSETP (INTERSECTION W X) Z)),
which further simplifies, rewriting with the lemma SUBSETP-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) X))
(SUBSETP (INTERSECTION (CDR Y) X) Z)
(SUBSETP Y Z))
(SUBSETP (INTERSECTION Y X) Z)),
which simplifies, applying SUBSETP-REFLEXIVITY and SUBSETP-IS-TRANSITIVE,
and unfolding INTERSECTION, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP Y)) (SUBSETP Y Z))
(SUBSETP (INTERSECTION Y X) Z)).
This simplifies, rewriting with SUBSETP-NLISTP and INTERSECTION-NLISTP, and
opening up the definitions of OR and NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION-SUFFICIENCY-2
(PROVE-LEMMA INTERSECTION-ASSOCIATIVE
(REWRITE)
(EQUAL (INTERSECTION (INTERSECTION X Y) Z)
(INTERSECTION X (INTERSECTION Y Z)))
((ENABLE INTERSECTION)))
Call the conjecture *1.
Perhaps we can prove it by induction. Three inductions are suggested by
terms in the conjecture. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y Z))
(p X Y Z))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y Z))
(p X Y Z))
(IMPLIES (NOT (LISTP X)) (p X Y Z))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to three
new goals:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (INTERSECTION (INTERSECTION (CDR X) Y)
Z)
(INTERSECTION (CDR X)
(INTERSECTION Y Z))))
(EQUAL (INTERSECTION (INTERSECTION X Y) Z)
(INTERSECTION X (INTERSECTION Y Z)))),
which simplifies, applying the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
INTERSECTION-CONS-1, and MEMBER-INTERSECTION, and opening up the definition
of INTERSECTION, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (INTERSECTION (INTERSECTION (CDR X) Y)
Z)
(INTERSECTION (CDR X)
(INTERSECTION Y Z))))
(EQUAL (INTERSECTION (INTERSECTION X Y) Z)
(INTERSECTION X (INTERSECTION Y Z)))),
which simplifies, rewriting with MEMBER-INTERSECTION, and opening up the
function INTERSECTION, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (INTERSECTION (INTERSECTION X Y) Z)
(INTERSECTION X (INTERSECTION Y Z)))).
This simplifies, rewriting with the lemma INTERSECTION-NLISTP, and opening
up the functions OR, NLISTP, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-ASSOCIATIVE
(PROVE-LEMMA INTERSECTION-ELIMINATION
(REWRITE)
(IMPLIES (SUBSETP X Y)
(EQUAL (INTERSECTION X Y)
(FIX-PROPERP X))))
Give the conjecture the name *1.
We will try to prove it by induction. There are two plausible inductions.
However, they merge into one likely candidate induction. We will induct
according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates five new goals:
Case 5. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(EQUAL (INTERSECTION X Y)
(FIX-PROPERP X))),
which simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, CAR-CONS,
CDR-CONS, and CONS-EQUAL, and unfolding the functions INTERSECTION and
FIX-PROPERP, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(EQUAL (INTERSECTION (CDR X) Y)
(FIX-PROPERP (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces:
(IMPLIES (AND (MEMBER Z Y)
(NOT (SUBSETP V Y))
(SUBSETP (CONS Z V) Y))
(EQUAL (INTERSECTION V Y)
(FIX-PROPERP V))),
which further simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and SUBSETP-CONS-1, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (INTERSECTION (CDR X) Y)
(FIX-PROPERP (CDR X)))
(SUBSETP X Y))
(EQUAL (INTERSECTION X Y)
(FIX-PROPERP X))).
This simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
unfolding the functions INTERSECTION and FIX-PROPERP, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(EQUAL (INTERSECTION X Y)
(FIX-PROPERP X))),
which simplifies, opening up the functions INTERSECTION and FIX-PROPERP, to
the conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(EQUAL (INTERSECTION (CDR X) Y)
(CONS (CAR X)
(FIX-PROPERP (CDR X))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). The result is:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (SUBSETP V Y))
(SUBSETP (CONS Z V) Y))
(EQUAL (INTERSECTION V Y)
(CONS Z (FIX-PROPERP V)))).
This further simplifies, rewriting with SUBSETP-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (INTERSECTION (CDR X) Y)
(FIX-PROPERP (CDR X)))
(SUBSETP X Y))
(EQUAL (INTERSECTION X Y)
(FIX-PROPERP X))).
This simplifies, expanding the functions INTERSECTION and FIX-PROPERP, to
the new goal:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (INTERSECTION (CDR X) Y)
(FIX-PROPERP (CDR X))))
(NOT (SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (NOT (MEMBER Z Y))
(EQUAL (INTERSECTION V Y)
(FIX-PROPERP V)))
(NOT (SUBSETP (CONS Z V) Y))),
which further simplifies, appealing to the lemma SUBSETP-CONS-1, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SUBSETP X Y))
(EQUAL (INTERSECTION X Y)
(FIX-PROPERP X))),
which simplifies, appealing to the lemmas SUBSETP-NLISTP,
INTERSECTION-NLISTP, and FIX-PROPERP-NLISTP, and expanding the functions OR,
NLISTP, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.1 ]
INTERSECTION-ELIMINATION
(PROVE-LEMMA LENGTH-INTERSECTION
(REWRITE)
(NOT (LESSP (LENGTH X)
(LENGTH (INTERSECTION X Y)))))
WARNING: Note that the proposed lemma LENGTH-INTERSECTION is to be stored as
zero type prescription rules, zero compound recognizer rules, one linear rule,
and zero replacement rules.
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates three new conjectures:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (LESSP (LENGTH (CDR X))
(LENGTH (INTERSECTION (CDR X) Y)))))
(NOT (LESSP (LENGTH X)
(LENGTH (INTERSECTION X Y))))),
which simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, LENGTH-CONS,
and SUB1-ADD1, and opening up INTERSECTION and LESSP, to the following two
new goals:
Case 3.2.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (LESSP (LENGTH (CDR X))
(LENGTH (INTERSECTION (CDR X) Y)))))
(NOT (EQUAL (LENGTH X) 0))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). We must thus prove the goal:
(IMPLIES (AND (MEMBER Z Y)
(NOT (LESSP (LENGTH V)
(LENGTH (INTERSECTION V Y)))))
(NOT (EQUAL (LENGTH (CONS Z V)) 0))).
But this further simplifies, rewriting with the lemma LENGTH-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (LESSP (LENGTH (CDR X))
(LENGTH (INTERSECTION (CDR X) Y)))))
(NOT (LESSP (SUB1 (LENGTH X))
(LENGTH (INTERSECTION (CDR X) Y))))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (MEMBER Z Y)
(NOT (LESSP (LENGTH V)
(LENGTH (INTERSECTION V Y)))))
(NOT (LESSP (SUB1 (LENGTH (CONS Z V)))
(LENGTH (INTERSECTION V Y))))),
which further simplifies, rewriting with LENGTH-CONS and SUB1-ADD1, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (LESSP (LENGTH (CDR X))
(LENGTH (INTERSECTION (CDR X) Y)))))
(NOT (LESSP (LENGTH X)
(LENGTH (INTERSECTION X Y))))).
This simplifies, expanding the function INTERSECTION, to the new goal:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (LESSP (LENGTH (CDR X))
(LENGTH (INTERSECTION (CDR X) Y)))))
(NOT (LESSP (LENGTH X)
(LENGTH (INTERSECTION (CDR X) Y))))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (LESSP (LENGTH V)
(LENGTH (INTERSECTION V Y)))))
(NOT (LESSP (LENGTH (CONS Z V))
(LENGTH (INTERSECTION V Y))))),
which further simplifies, applying LENGTH-CONS and SUB1-ADD1, and unfolding
the definition of LESSP, to the new formula:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (LESSP (LENGTH V)
(LENGTH (INTERSECTION V Y))))
(NOT (EQUAL (LENGTH (INTERSECTION V Y))
0)))
(NOT (LESSP (LENGTH V)
(SUB1 (LENGTH (INTERSECTION V Y)))))),
which again simplifies, using linear arithmetic, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(NOT (LESSP (LENGTH X)
(LENGTH (INTERSECTION X Y))))),
which simplifies, applying LENGTH-NLISTP, SUBSETP-NLISTP, FIX-PROPERP-NLISTP,
and INTERSECTION-ELIMINATION, and expanding LENGTH and LESSP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
LENGTH-INTERSECTION
(PROVE-LEMMA SUBSETP-INTERSECTION-MEMBER
(REWRITE)
(IMPLIES (AND (SUBSETP (INTERSECTION X Y) Z)
(NOT (MEMBER A Z)))
(AND (IMPLIES (MEMBER A X)
(NOT (MEMBER A Y)))
(IMPLIES (MEMBER A Y)
(NOT (MEMBER A X))))))
WARNING: Note that SUBSETP-INTERSECTION-MEMBER contains the free variables Z
and X which will be chosen by instantiating the hypothesis:
(SUBSETP (INTERSECTION X Y) Z).
WARNING: Note that SUBSETP-INTERSECTION-MEMBER contains the free variables Z
and Y which will be chosen by instantiating the hypothesis:
(SUBSETP (INTERSECTION X Y) Z).
WARNING: Note that the proposed lemma SUBSETP-INTERSECTION-MEMBER is to be
stored as zero type prescription rules, zero compound recognizer rules, zero
linear rules, and two replacement rules.
Give the conjecture the name *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p A (CDR X) Y Z))
(p A X Y Z))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p A (CDR X) Y Z))
(p A X Y Z))
(IMPLIES (NOT (LISTP X))
(p A X Y Z))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to five new goals:
Case 5. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SUBSETP (INTERSECTION (CDR X) Y) Z))
(SUBSETP (INTERSECTION X Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A X))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
SUBSETP-CONS-1, and expanding the definition of INTERSECTION, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(SUBSETP (INTERSECTION X Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A X))).
This simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
SUBSETP-CONS-1, and expanding the function INTERSECTION, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (MEMBER A (CDR X)))
(MEMBER (CAR X) Z)
(SUBSETP (INTERSECTION (CDR X) Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A X))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V W) to
eliminate (CAR X) and (CDR X). The result is:
(IMPLIES (AND (MEMBER V Y)
(NOT (MEMBER A W))
(MEMBER V Z)
(SUBSETP (INTERSECTION W Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A (CONS V W)))).
However this further simplifies, rewriting with the lemma MEMBER-CONS, to:
(IMPLIES (AND (MEMBER V Y)
(NOT (MEMBER A W))
(MEMBER V Z)
(SUBSETP (INTERSECTION W Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (EQUAL A V))).
This again simplifies, obviously, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SUBSETP (INTERSECTION (CDR X) Y) Z))
(SUBSETP (INTERSECTION X Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A X))).
This simplifies, opening up the function INTERSECTION, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (MEMBER A (CDR X)))
(SUBSETP (INTERSECTION X Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A X))).
This simplifies, expanding the function INTERSECTION, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (MEMBER A (CDR X)))
(SUBSETP (INTERSECTION (CDR X) Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A X))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V W) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (NOT (MEMBER V Y))
(NOT (MEMBER A W))
(SUBSETP (INTERSECTION W Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A (CONS V W)))),
which further simplifies, applying MEMBER-CONS, to:
(IMPLIES (AND (NOT (MEMBER V Y))
(NOT (MEMBER A W))
(SUBSETP (INTERSECTION W Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (EQUAL A V))),
which again simplifies, obviously, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(SUBSETP (INTERSECTION X Y) Z)
(NOT (MEMBER A Z))
(MEMBER A Y))
(NOT (MEMBER A X))).
This simplifies, rewriting with SUBSETP-NLISTP, FIX-PROPERP-NLISTP,
INTERSECTION-ELIMINATION, and MEMBER-SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION-MEMBER
(PROVE-LEMMA INTERSECTION-APPEND
(REWRITE)
(EQUAL (INTERSECTION (APPEND X Y) Z)
(APPEND (INTERSECTION X Z)
(INTERSECTION Y Z))))
Call the conjecture *1.
We will try to prove it by induction. There are three plausible
inductions. They merge into two likely candidate inductions. However, only
one is unflawed. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y Z))
(p X Y Z))
(IMPLIES (NOT (LISTP X)) (p X Y Z))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates two new goals:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (INTERSECTION (APPEND (CDR X) Y) Z)
(APPEND (INTERSECTION (CDR X) Z)
(INTERSECTION Y Z))))
(EQUAL (INTERSECTION (APPEND X Y) Z)
(APPEND (INTERSECTION X Z)
(INTERSECTION Y Z)))),
which simplifies, appealing to the lemma INTERSECTION-CONS-1, and unfolding
APPEND and INTERSECTION, to two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP X)
(EQUAL (INTERSECTION (APPEND (CDR X) Y) Z)
(APPEND (INTERSECTION (CDR X) Z)
(INTERSECTION Y Z)))
(NOT (MEMBER (CAR X) Z)))
(EQUAL (INTERSECTION (APPEND (CDR X) Y) Z)
(APPEND (INTERSECTION (CDR X) Z)
(INTERSECTION Y Z)))),
which again simplifies, clearly, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(EQUAL (INTERSECTION (APPEND (CDR X) Y) Z)
(APPEND (INTERSECTION (CDR X) Z)
(INTERSECTION Y Z)))
(MEMBER (CAR X) Z))
(EQUAL (CONS (CAR X)
(INTERSECTION (APPEND (CDR X) Y) Z))
(APPEND (CONS (CAR X)
(INTERSECTION (CDR X) Z))
(INTERSECTION Y Z)))).
But this again simplifies, applying the lemmas CDR-CONS and CAR-CONS, and
opening up the definition of APPEND, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (INTERSECTION (APPEND X Y) Z)
(APPEND (INTERSECTION X Z)
(INTERSECTION Y Z)))),
which simplifies, rewriting with SUBSETP-NLISTP, FIX-PROPERP-NLISTP, and
INTERSECTION-ELIMINATION, and opening up the functions APPEND and LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-APPEND
(PROVE-LEMMA DISJOINT-INTERSECTION-APPEND
(REWRITE)
(EQUAL (DISJOINT X
(INTERSECTION Y (APPEND Z1 Z2)))
(AND (DISJOINT X (INTERSECTION Y Z1))
(DISJOINT X (INTERSECTION Y Z2))))
((ENABLE INTERSECTION)))
WARNING: the previously added lemma, DISJOINT-SYMMETRY, could be applied
whenever the newly proposed DISJOINT-INTERSECTION-APPEND could!
This conjecture simplifies, expanding the function AND, to the following two
new formulas:
Case 2. (IMPLIES (NOT (DISJOINT X (INTERSECTION Y Z1)))
(EQUAL (DISJOINT X
(INTERSECTION Y (APPEND Z1 Z2)))
F)).
This again simplifies, clearly, to the new conjecture:
(IMPLIES (NOT (DISJOINT X (INTERSECTION Y Z1)))
(NOT (DISJOINT X
(INTERSECTION Y (APPEND Z1 Z2))))),
which we will name *1.
Case 1. (IMPLIES (DISJOINT X (INTERSECTION Y Z1))
(EQUAL (DISJOINT X
(INTERSECTION Y (APPEND Z1 Z2)))
(DISJOINT X (INTERSECTION Y Z2)))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(EQUAL (DISJOINT X
(INTERSECTION Y (APPEND Z1 Z2)))
(AND (DISJOINT X (INTERSECTION Y Z1))
(DISJOINT X (INTERSECTION Y Z2)))).
We gave this the name *1 above. Perhaps we can prove it by induction. The
recursive terms in the conjecture suggest four inductions. They merge into
two likely candidate inductions. However, only one is unflawed. We will
induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) (APPEND Z1 Z2))
(p X (CDR Y) Z1 Z2))
(p X Y Z1 Z2))
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) (APPEND Z1 Z2)))
(p X (CDR Y) Z1 Z2))
(p X Y Z1 Z2))
(IMPLIES (NOT (LISTP Y))
(p X Y Z1 Z2))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT Y)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) (APPEND Z1 Z2))
(EQUAL (DISJOINT X
(INTERSECTION (CDR Y) (APPEND Z1 Z2)))
(AND (DISJOINT X (INTERSECTION (CDR Y) Z1))
(DISJOINT X
(INTERSECTION (CDR Y) Z2)))))
(EQUAL (DISJOINT X
(INTERSECTION Y (APPEND Z1 Z2)))
(AND (DISJOINT X (INTERSECTION Y Z1))
(DISJOINT X (INTERSECTION Y Z2))))).
This simplifies, rewriting with MEMBER-APPEND, SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and DISJOINT-CONS-2, and opening up the functions AND,
INTERSECTION, and EQUAL, to three new goals:
Case 3.3.
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z1)
(DISJOINT X (INTERSECTION (CDR Y) Z1))
(EQUAL (DISJOINT X
(INTERSECTION (CDR Y) (APPEND Z1 Z2)))
(DISJOINT X
(INTERSECTION (CDR Y) Z2)))
(NOT (MEMBER (CAR Y) X))
(MEMBER (CAR Y) Z2))
(EQUAL (DISJOINT X (INTERSECTION (CDR Y) Z2))
(DISJOINT X
(CONS (CAR Y)
(INTERSECTION (CDR Y) Z2))))),
which again simplifies, applying DISJOINT-CONS-2, to:
T.
Case 3.2.
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z2)
(NOT (DISJOINT X
(INTERSECTION (CDR Y) Z1)))
(EQUAL (DISJOINT X
(INTERSECTION (CDR Y) (APPEND Z1 Z2)))
F)
(MEMBER (CAR Y) Z1)
(DISJOINT X
(CONS (CAR Y)
(INTERSECTION (CDR Y) Z1)))
(NOT (MEMBER (CAR Y) X)))
(NOT (DISJOINT X
(INTERSECTION (CDR Y) Z2)))).
However this again simplifies, rewriting with DISJOINT-CONS-2, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z2)
(DISJOINT X (INTERSECTION (CDR Y) Z1))
(EQUAL (DISJOINT X
(INTERSECTION (CDR Y) (APPEND Z1 Z2)))
(DISJOINT X
(INTERSECTION (CDR Y) Z2)))
(MEMBER (CAR Y) Z1)
(NOT (DISJOINT X
(CONS (CAR Y)
(INTERSECTION (CDR Y) Z1))))
(NOT (MEMBER (CAR Y) X)))
(EQUAL (DISJOINT X (INTERSECTION (CDR Y) Z2))
F)).
However this again simplifies, rewriting with DISJOINT-CONS-2, to:
T.
Case 2. (IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) (APPEND Z1 Z2)))
(EQUAL (DISJOINT X
(INTERSECTION (CDR Y) (APPEND Z1 Z2)))
(AND (DISJOINT X (INTERSECTION (CDR Y) Z1))
(DISJOINT X
(INTERSECTION (CDR Y) Z2)))))
(EQUAL (DISJOINT X
(INTERSECTION Y (APPEND Z1 Z2)))
(AND (DISJOINT X (INTERSECTION Y Z1))
(DISJOINT X (INTERSECTION Y Z2))))).
This simplifies, applying the lemma MEMBER-APPEND, and opening up the
functions AND, INTERSECTION, and EQUAL, to:
T.
Case 1. (IMPLIES (NOT (LISTP Y))
(EQUAL (DISJOINT X
(INTERSECTION Y (APPEND Z1 Z2)))
(AND (DISJOINT X (INTERSECTION Y Z1))
(DISJOINT X (INTERSECTION Y Z2))))).
This simplifies, rewriting with SUBSETP-NLISTP, FIX-PROPERP-NLISTP,
INTERSECTION-ELIMINATION, DISJOINT-NLISTP, and DISJOINT-SYMMETRY, and
opening up the functions OR, NLISTP, AND, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-INTERSECTION-APPEND
(PROVE-LEMMA SUBSETP-INTERSECTION-APPEND
(REWRITE)
(EQUAL (SUBSETP (INTERSECTION U (APPEND X Y))
Z)
(AND (SUBSETP (INTERSECTION U X) Z)
(SUBSETP (INTERSECTION U Y) Z))))
This conjecture simplifies, expanding the function AND, to the following two
new formulas:
Case 2. (IMPLIES (NOT (SUBSETP (INTERSECTION U X) Z))
(EQUAL (SUBSETP (INTERSECTION U (APPEND X Y))
Z)
F)).
This again simplifies, clearly, to the new conjecture:
(IMPLIES (NOT (SUBSETP (INTERSECTION U X) Z))
(NOT (SUBSETP (INTERSECTION U (APPEND X Y))
Z))),
which we will name *1.
Case 1. (IMPLIES (SUBSETP (INTERSECTION U X) Z)
(EQUAL (SUBSETP (INTERSECTION U (APPEND X Y))
Z)
(SUBSETP (INTERSECTION U Y) Z))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(EQUAL (SUBSETP (INTERSECTION U (APPEND X Y))
Z)
(AND (SUBSETP (INTERSECTION U X) Z)
(SUBSETP (INTERSECTION U Y) Z))).
We gave this the name *1 above. Perhaps we can prove it by induction. The
recursive terms in the conjecture suggest four inductions. They merge into
two likely candidate inductions. However, only one is unflawed. We will
induct according to the following scheme:
(AND (IMPLIES (AND (LISTP U)
(MEMBER (CAR U) (APPEND X Y))
(p (CDR U) X Y Z))
(p U X Y Z))
(IMPLIES (AND (LISTP U)
(NOT (MEMBER (CAR U) (APPEND X Y)))
(p (CDR U) X Y Z))
(p U X Y Z))
(IMPLIES (NOT (LISTP U))
(p U X Y Z))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT U)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (AND (LISTP U)
(MEMBER (CAR U) (APPEND X Y))
(EQUAL (SUBSETP (INTERSECTION (CDR U) (APPEND X Y))
Z)
(AND (SUBSETP (INTERSECTION (CDR U) X) Z)
(SUBSETP (INTERSECTION (CDR U) Y)
Z))))
(EQUAL (SUBSETP (INTERSECTION U (APPEND X Y))
Z)
(AND (SUBSETP (INTERSECTION U X) Z)
(SUBSETP (INTERSECTION U Y) Z)))).
This simplifies, rewriting with MEMBER-APPEND, SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, SUBSETP-CONS-1, and SUBSETP-IS-TRANSITIVE, and opening up
the functions AND, INTERSECTION, and EQUAL, to three new goals:
Case 3.3.
(IMPLIES (AND (LISTP U)
(MEMBER (CAR U) X)
(SUBSETP (INTERSECTION (CDR U) X) Z)
(EQUAL (SUBSETP (INTERSECTION (CDR U) (APPEND X Y))
Z)
(SUBSETP (INTERSECTION (CDR U) Y) Z))
(MEMBER (CAR U) Z)
(MEMBER (CAR U) Y))
(EQUAL (SUBSETP (INTERSECTION (CDR U) Y) Z)
(SUBSETP (CONS (CAR U)
(INTERSECTION (CDR U) Y))
Z))),
which again simplifies, applying SUBSETP-CONS-1, to:
T.
Case 3.2.
(IMPLIES (AND (LISTP U)
(MEMBER (CAR U) Y)
(NOT (SUBSETP (INTERSECTION (CDR U) X) Z))
(EQUAL (SUBSETP (INTERSECTION (CDR U) (APPEND X Y))
Z)
F)
(MEMBER (CAR U) X)
(SUBSETP (CONS (CAR U)
(INTERSECTION (CDR U) X))
Z)
(MEMBER (CAR U) Z))
(NOT (SUBSETP (INTERSECTION (CDR U) Y)
Z))).
However this again simplifies, rewriting with SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and SUBSETP-CONS-1, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP U)
(MEMBER (CAR U) Y)
(SUBSETP (INTERSECTION (CDR U) X) Z)
(EQUAL (SUBSETP (INTERSECTION (CDR U) (APPEND X Y))
Z)
(SUBSETP (INTERSECTION (CDR U) Y) Z))
(MEMBER (CAR U) X)
(NOT (SUBSETP (CONS (CAR U)
(INTERSECTION (CDR U) X))
Z))
(MEMBER (CAR U) Z))
(EQUAL (SUBSETP (INTERSECTION (CDR U) Y) Z)
F)).
However this again simplifies, rewriting with SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, MEMBER-SUBSETP, and SUBSETP-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP U)
(NOT (MEMBER (CAR U) (APPEND X Y)))
(EQUAL (SUBSETP (INTERSECTION (CDR U) (APPEND X Y))
Z)
(AND (SUBSETP (INTERSECTION (CDR U) X) Z)
(SUBSETP (INTERSECTION (CDR U) Y)
Z))))
(EQUAL (SUBSETP (INTERSECTION U (APPEND X Y))
Z)
(AND (SUBSETP (INTERSECTION U X) Z)
(SUBSETP (INTERSECTION U Y) Z)))).
This simplifies, applying the lemmas MEMBER-APPEND, SUBSETP-REFLEXIVITY, and
SUBSETP-IS-TRANSITIVE, and opening up the functions AND, INTERSECTION, and
EQUAL, to:
T.
Case 1. (IMPLIES (NOT (LISTP U))
(EQUAL (SUBSETP (INTERSECTION U (APPEND X Y))
Z)
(AND (SUBSETP (INTERSECTION U X) Z)
(SUBSETP (INTERSECTION U Y) Z)))).
This simplifies, rewriting with SUBSETP-NLISTP, FIX-PROPERP-NLISTP, and
INTERSECTION-ELIMINATION, and opening up the functions AND and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
SUBSETP-INTERSECTION-APPEND
(PROVE-LEMMA SUBSETP-INTERSECTION-ELIMINATION-LEMMA
(REWRITE)
(IMPLIES (AND (SUBSETP Y X)
(NOT (SUBSETP Y Z)))
(NOT (SUBSETP (INTERSECTION X Y) Z)))
((USE (SUBSETP-IS-TRANSITIVE (X Y)
(Y (INTERSECTION X Y))
(Z Z)))
(DISABLE INTERSECTION)))
This simplifies, applying the lemmas SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, and SUBSETP-INTERSECTION, and opening up the functions
AND and IMPLIES, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION-ELIMINATION-LEMMA
(PROVE-LEMMA SUBSETP-INTERSECTION-ELIMINATION
(REWRITE)
(IMPLIES (SUBSETP Y X)
(IFF (SUBSETP (INTERSECTION X Y) Z)
(SUBSETP Y Z)))
((DISABLE INTERSECTION)))
This simplifies, opening up the function IFF, to two new conjectures:
Case 2. (IMPLIES (AND (SUBSETP Y X)
(NOT (SUBSETP (INTERSECTION X Y) Z)))
(NOT (SUBSETP Y Z))),
which again simplifies, applying SUBSETP-INTERSECTION-SUFFICIENCY-1, to:
T.
Case 1. (IMPLIES (AND (SUBSETP Y X)
(SUBSETP (INTERSECTION X Y) Z))
(SUBSETP Y Z)).
But this again simplifies, rewriting with
SUBSETP-INTERSECTION-ELIMINATION-LEMMA, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION-ELIMINATION
(PROVE-LEMMA DISJOINT-INTERSECTION
(REWRITE)
(EQUAL (DISJOINT (INTERSECTION X Y) Z)
(DISJOINT X (INTERSECTION Y Z)))
((ENABLE INTERSECTION)
(DISABLE DISJOINT)))
WARNING: the previously added lemma, DISJOINT-SYMMETRY, could be applied
whenever the newly proposed DISJOINT-INTERSECTION could!
This simplifies, rewriting with DISJOINT-SYMMETRY, to:
(EQUAL (DISJOINT Z (INTERSECTION X Y))
(DISJOINT X (INTERSECTION Y Z))).
Give the above formula the name *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(p Z X (CDR Y)))
(p Z X Y))
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(p Z X (CDR Y)))
(p Z X Y))
(IMPLIES (NOT (LISTP Y)) (p Z X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT Y)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(EQUAL (DISJOINT Z (INTERSECTION X (CDR Y)))
(DISJOINT X
(INTERSECTION (CDR Y) Z))))
(EQUAL (DISJOINT Z (INTERSECTION X Y))
(DISJOINT X (INTERSECTION Y Z)))).
This simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
DISJOINT-CONS-2, and expanding INTERSECTION, to two new goals:
Case 3.2.
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(EQUAL (DISJOINT Z (INTERSECTION X (CDR Y)))
(DISJOINT X (INTERSECTION (CDR Y) Z)))
(NOT (MEMBER (CAR Y) X)))
(EQUAL (DISJOINT Z (INTERSECTION X Y))
(DISJOINT X
(INTERSECTION (CDR Y) Z)))).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS V W) to eliminate
(CAR Y) and (CDR Y). We thus obtain the new goal:
(IMPLIES (AND (MEMBER V Z)
(EQUAL (DISJOINT Z (INTERSECTION X W))
(DISJOINT X (INTERSECTION W Z)))
(NOT (MEMBER V X)))
(EQUAL (DISJOINT Z
(INTERSECTION X (CONS V W)))
(DISJOINT X (INTERSECTION W Z)))),
which further simplifies, rewriting with the lemma INTERSECTION-CONS-2, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(EQUAL (DISJOINT Z (INTERSECTION X (CDR Y)))
(DISJOINT X (INTERSECTION (CDR Y) Z)))
(MEMBER (CAR Y) X))
(EQUAL (DISJOINT Z (INTERSECTION X Y))
F)),
which again simplifies, trivially, to:
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(EQUAL (DISJOINT Z (INTERSECTION X (CDR Y)))
(DISJOINT X (INTERSECTION (CDR Y) Z)))
(MEMBER (CAR Y) X))
(NOT (DISJOINT Z (INTERSECTION X Y)))).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS V W) to eliminate
(CAR Y) and (CDR Y). We would thus like to prove:
(IMPLIES (AND (MEMBER V Z)
(EQUAL (DISJOINT Z (INTERSECTION X W))
(DISJOINT X (INTERSECTION W Z)))
(MEMBER V X))
(NOT (DISJOINT Z
(INTERSECTION X (CONS V W))))),
which further simplifies, applying MEMBER-INTERSECTION, MEMBER-CONS,
MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, and DISJOINT-NON-MEMBER, to:
T.
Case 2. (IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(EQUAL (DISJOINT Z (INTERSECTION X (CDR Y)))
(DISJOINT X
(INTERSECTION (CDR Y) Z))))
(EQUAL (DISJOINT Z (INTERSECTION X Y))
(DISJOINT X (INTERSECTION Y Z)))).
This simplifies, unfolding the definition of INTERSECTION, to:
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(EQUAL (DISJOINT Z (INTERSECTION X (CDR Y)))
(DISJOINT X
(INTERSECTION (CDR Y) Z))))
(EQUAL (DISJOINT Z (INTERSECTION X Y))
(DISJOINT X
(INTERSECTION (CDR Y) Z)))).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS V W) to eliminate
(CAR Y) and (CDR Y). This produces:
(IMPLIES (AND (NOT (MEMBER V Z))
(EQUAL (DISJOINT Z (INTERSECTION X W))
(DISJOINT X (INTERSECTION W Z))))
(EQUAL (DISJOINT Z
(INTERSECTION X (CONS V W)))
(DISJOINT X (INTERSECTION W Z)))).
We use the above equality hypothesis by substituting:
(DISJOINT Z (INTERSECTION X W))
for (DISJOINT X (INTERSECTION W Z)) and throwing away the equality. We must
thus prove:
(IMPLIES (NOT (MEMBER V Z))
(EQUAL (DISJOINT Z
(INTERSECTION X (CONS V W)))
(DISJOINT Z (INTERSECTION X W)))).
Call the above conjecture *1.1.
Case 1. (IMPLIES (NOT (LISTP Y))
(EQUAL (DISJOINT Z (INTERSECTION X Y))
(DISJOINT X (INTERSECTION Y Z)))).
This simplifies, appealing to the lemmas INTERSECTION-NLISTP,
DISJOINT-NLISTP, DISJOINT-SYMMETRY, SUBSETP-NLISTP, FIX-PROPERP-NLISTP, and
INTERSECTION-ELIMINATION, and expanding OR, NLISTP, and EQUAL, to:
T.
So next consider:
(IMPLIES (NOT (MEMBER V Z))
(EQUAL (DISJOINT Z
(INTERSECTION X (CONS V W)))
(DISJOINT Z (INTERSECTION X W)))),
which we named *1.1 above. Perhaps we can prove it by induction. The
recursive terms in the conjecture suggest two inductions. However, they merge
into one likely candidate induction. We will induct according to the
following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CONS V W))
(p Z (CDR X) V W))
(p Z X V W))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CONS V W)))
(p Z (CDR X) V W))
(p Z X V W))
(IMPLIES (NOT (LISTP X))
(p Z X V W))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CONS V W))
(EQUAL (DISJOINT Z
(INTERSECTION (CDR X) (CONS V W)))
(DISJOINT Z (INTERSECTION (CDR X) W)))
(NOT (MEMBER V Z)))
(EQUAL (DISJOINT Z
(INTERSECTION X (CONS V W)))
(DISJOINT Z (INTERSECTION X W)))).
This simplifies, applying MEMBER-CONS, DISJOINT-CONS-2, SUBSETP-CONS-2,
SUBSETP-REFLEXIVITY, and MEMBER-SUBSETP, and expanding INTERSECTION, to:
(IMPLIES (AND (LISTP X)
(EQUAL (CAR X) V)
(EQUAL (DISJOINT Z
(INTERSECTION (CDR X) (CONS V W)))
(DISJOINT Z (INTERSECTION (CDR X) W)))
(NOT (MEMBER V Z))
(MEMBER V W))
(EQUAL (DISJOINT Z (INTERSECTION (CDR X) W))
(DISJOINT Z
(CONS V (INTERSECTION (CDR X) W))))).
This again simplifies, applying the lemma DISJOINT-CONS-2, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CONS V W)))
(EQUAL (DISJOINT Z
(INTERSECTION (CDR X) (CONS V W)))
(DISJOINT Z (INTERSECTION (CDR X) W)))
(NOT (MEMBER V Z)))
(EQUAL (DISJOINT Z
(INTERSECTION X (CONS V W)))
(DISJOINT Z (INTERSECTION X W)))),
which simplifies, applying the lemma MEMBER-CONS, and opening up the
function INTERSECTION, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER V Z)))
(EQUAL (DISJOINT Z
(INTERSECTION X (CONS V W)))
(DISJOINT Z (INTERSECTION X W)))),
which simplifies, rewriting with SUBSETP-CONS-NOT-MEMBER, SUBSETP-NLISTP,
MEMBER-NLISTP, FIX-PROPERP-NLISTP, INTERSECTION-ELIMINATION, DISJOINT-NLISTP,
and DISJOINT-SYMMETRY, and unfolding OR, NLISTP, and EQUAL, to:
T.
That finishes the proof of *1.1, which, in turn, also finishes the proof
of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
DISJOINT-INTERSECTION
(PROVE-LEMMA SUBSETP-INTERSECTION-MONOTONE-1
(REWRITE)
(IMPLIES (AND (SUBSETP (INTERSECTION X Y) Z)
(SUBSETP X1 X))
(SUBSETP (INTERSECTION X1 Y) Z))
((ENABLE DISJOINT SUBSETP)))
WARNING: Note that SUBSETP-INTERSECTION-MONOTONE-1 contains the free variable
X which will be chosen by instantiating the hypothesis:
(SUBSETP (INTERSECTION X Y) Z).
Call the conjecture *1.
We will appeal to induction. There are three plausible inductions. They
merge into two likely candidate inductions. However, only one is unflawed.
We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X1) (p X1 Y Z X))
(IMPLIES (AND (NOT (NLISTP X1))
(p (CDR X1) Y Z X))
(p X1 Y Z X))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to establish that the measure (COUNT X1) decreases
according to the well-founded relation LESSP in each induction step of the
scheme. The above induction scheme generates three new formulas:
Case 3. (IMPLIES (AND (NLISTP X1)
(SUBSETP (INTERSECTION X Y) Z)
(SUBSETP X1 X))
(SUBSETP (INTERSECTION X1 Y) Z)),
which simplifies, applying SUBSETP-NLISTP, FIX-PROPERP-NLISTP, and
INTERSECTION-ELIMINATION, and expanding the function NLISTP, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X1))
(NOT (SUBSETP (CDR X1) X))
(SUBSETP (INTERSECTION X Y) Z)
(SUBSETP X1 X))
(SUBSETP (INTERSECTION X1 Y) Z)).
This simplifies, expanding NLISTP and SUBSETP, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X1))
(SUBSETP (INTERSECTION (CDR X1) Y) Z)
(SUBSETP (INTERSECTION X Y) Z)
(SUBSETP X1 X))
(SUBSETP (INTERSECTION X1 Y) Z)).
This simplifies, expanding the definitions of NLISTP, SUBSETP, and
INTERSECTION, to:
(IMPLIES (AND (LISTP X1)
(SUBSETP (INTERSECTION (CDR X1) Y) Z)
(SUBSETP (INTERSECTION X Y) Z)
(MEMBER (CAR X1) X)
(SUBSETP (CDR X1) X)
(MEMBER (CAR X1) Y))
(SUBSETP (CONS (CAR X1)
(INTERSECTION (CDR X1) Y))
Z)),
which again simplifies, applying SUBSETP-REFLEXIVITY, SUBSETP-IS-TRANSITIVE,
and SUBSETP-CONS-1, to:
(IMPLIES (AND (LISTP X1)
(SUBSETP (INTERSECTION (CDR X1) Y) Z)
(SUBSETP (INTERSECTION X Y) Z)
(MEMBER (CAR X1) X)
(SUBSETP (CDR X1) X)
(MEMBER (CAR X1) Y))
(MEMBER (CAR X1) Z)),
which again simplifies, appealing to the lemma SUBSETP-INTERSECTION-MEMBER,
to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
SUBSETP-INTERSECTION-MONOTONE-1
(PROVE-LEMMA SUBSETP-INTERSECTION-COMMUTER
(REWRITE)
(EQUAL (SUBSETP (INTERSECTION X Y) Z)
(SUBSETP (INTERSECTION Y X) Z))
((USE (SUBSETP-WIT-WITNESSES (X (INTERSECTION Y X))
(Y Z))
(SUBSETP-WIT-WITNESSES (X (INTERSECTION X Y))
(Y Z)))))
WARNING: the newly proposed lemma, SUBSETP-INTERSECTION-COMMUTER, could be
applied whenever the previously added lemma SUBSETP-INTERSECTION-APPEND could.
WARNING: the newly proposed lemma, SUBSETP-INTERSECTION-COMMUTER, could be
applied whenever the previously added lemma INTERSECTION-CONS-3 could.
This formula simplifies, applying MEMBER-INTERSECTION, and opening up NOT, AND,
and EQUAL, to the following six new conjectures:
Case 6. (IMPLIES (AND (NOT (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Y))
(EQUAL (SUBSETP (INTERSECTION Y X) Z)
T)
(MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
X)
(MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Y)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Z)))
(NOT (EQUAL (SUBSETP (INTERSECTION X Y) Z)
F))).
However this again simplifies, applying the lemma
SUBSETP-INTERSECTION-MEMBER, to:
T.
Case 5. (IMPLIES (AND (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Z)
(EQUAL (SUBSETP (INTERSECTION Y X) Z)
T)
(MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
X)
(MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Y)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Z)))
(NOT (EQUAL (SUBSETP (INTERSECTION X Y) Z)
F))),
which again simplifies, rewriting with SUBSETP-INTERSECTION-MEMBER, to:
T.
Case 4. (IMPLIES (AND (NOT (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
X))
(EQUAL (SUBSETP (INTERSECTION Y X) Z)
T)
(MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
X)
(MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Y)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Z)))
(NOT (EQUAL (SUBSETP (INTERSECTION X Y) Z)
F))).
However this again simplifies, appealing to the lemma
SUBSETP-INTERSECTION-MEMBER, to:
T.
Case 3. (IMPLIES (AND (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Y)
(MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
X)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Z))
(EQUAL (SUBSETP (INTERSECTION Y X) Z)
F)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
X)))
(NOT (EQUAL (SUBSETP (INTERSECTION X Y) Z)
T))),
which again simplifies, trivially, to:
(IMPLIES (AND (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Y)
(MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
X)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Z))
(NOT (SUBSETP (INTERSECTION Y X) Z))
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
X)))
(NOT (SUBSETP (INTERSECTION X Y) Z))),
which again simplifies, rewriting with SUBSETP-INTERSECTION-MEMBER, to:
T.
Case 2. (IMPLIES (AND (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Y)
(MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
X)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Z))
(EQUAL (SUBSETP (INTERSECTION Y X) Z)
F)
(MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Z))
(NOT (EQUAL (SUBSETP (INTERSECTION X Y) Z)
T))).
This again simplifies, obviously, to the new formula:
(IMPLIES (AND (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Y)
(MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
X)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Z))
(NOT (SUBSETP (INTERSECTION Y X) Z))
(MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Z))
(NOT (SUBSETP (INTERSECTION X Y) Z))),
which again simplifies, rewriting with the lemma SUBSETP-INTERSECTION-MEMBER,
to:
T.
Case 1. (IMPLIES (AND (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Y)
(MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
X)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Z))
(EQUAL (SUBSETP (INTERSECTION Y X) Z)
F)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Y)))
(NOT (EQUAL (SUBSETP (INTERSECTION X Y) Z)
T))),
which again simplifies, trivially, to the new goal:
(IMPLIES (AND (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Y)
(MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
X)
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION Y X) Z)
Z))
(NOT (SUBSETP (INTERSECTION Y X) Z))
(NOT (MEMBER (SUBSETP-WIT (INTERSECTION X Y) Z)
Y)))
(NOT (SUBSETP (INTERSECTION X Y) Z))),
which again simplifies, appealing to the lemma SUBSETP-INTERSECTION-MEMBER,
to:
T.
Q.E.D.
[ 0.0 0.1 0.0 ]
SUBSETP-INTERSECTION-COMMUTER
(PROVE-LEMMA SUBSETP-INTERSECTION-MONOTONE-2
(REWRITE)
(IMPLIES (AND (SUBSETP (INTERSECTION Y X) Z)
(SUBSETP X1 X))
(SUBSETP (INTERSECTION X1 Y) Z)))
WARNING: Note that SUBSETP-INTERSECTION-MONOTONE-2 contains the free variable
X which will be chosen by instantiating the hypothesis:
(SUBSETP (INTERSECTION Y X) Z).
This simplifies, rewriting with SUBSETP-INTERSECTION-COMMUTER and
SUBSETP-INTERSECTION-MONOTONE-1, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-INTERSECTION-MONOTONE-2
(PROVE-LEMMA DISJOINT-INTERSECTION-COMMUTER
(REWRITE)
(EQUAL (DISJOINT X (INTERSECTION Y Z))
(DISJOINT X (INTERSECTION Z Y)))
((USE (DISJOINT-WIT-WITNESSES (X X)
(Y (INTERSECTION Y Z)))
(DISJOINT-WIT-WITNESSES (X X)
(Y (INTERSECTION Z Y))))
(DISABLE INTERSECTION)))
WARNING: the newly proposed lemma, DISJOINT-INTERSECTION-COMMUTER, could be
applied whenever the previously added lemma DISJOINT-INTERSECTION-APPEND could.
WARNING: the previously added lemma, DISJOINT-SYMMETRY, could be applied
whenever the newly proposed DISJOINT-INTERSECTION-COMMUTER could!
This conjecture simplifies, appealing to the lemmas MEMBER-INTERSECTION,
MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, and DISJOINT-NON-MEMBER, and expanding
the definitions of AND, NOT, and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-INTERSECTION-COMMUTER
(PROVE-LEMMA DISJOINT-INTERSECTION3
(REWRITE)
(IMPLIES (DISJOINT FREE (INTERSECTION VARS X))
(EQUAL (INTERSECTION X
(INTERSECTION VARS FREE))
NIL))
((USE (DISJOINT-WIT-WITNESSES (X X)
(Y (INTERSECTION VARS FREE))))))
This formula can be simplified, using the abbreviations IMPLIES and
INTERSECTION-DISJOINT, to:
(IMPLIES
(AND (EQUAL (DISJOINT X (INTERSECTION VARS FREE))
(NOT (AND (MEMBER (DISJOINT-WIT X
(INTERSECTION VARS FREE))
X)
(MEMBER (DISJOINT-WIT X
(INTERSECTION VARS FREE))
(INTERSECTION VARS FREE)))))
(DISJOINT FREE (INTERSECTION VARS X)))
(DISJOINT X
(INTERSECTION VARS FREE))),
which simplifies, rewriting with DISJOINT-INTERSECTION-COMMUTER,
MEMBER-INTERSECTION, and DISJOINT-NON-MEMBER, and unfolding the definitions of
AND and NOT, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-INTERSECTION3
(DISABLE INTERSECTION)
[ 0.0 0.0 0.0 ]
INTERSECTION-OFF
(PROVE-LEMMA MEMBER-SET-DIFF
(REWRITE)
(EQUAL (MEMBER A (SET-DIFF Y Z))
(AND (MEMBER A Y)
(NOT (MEMBER A Z)))))
This formula simplifies, expanding NOT and AND, to three new conjectures:
Case 3. (IMPLIES (MEMBER A Z)
(EQUAL (MEMBER A (SET-DIFF Y Z)) F)),
which again simplifies, clearly, to:
(IMPLIES (MEMBER A Z)
(NOT (MEMBER A (SET-DIFF Y Z)))),
which we will name *1.
Case 2. (IMPLIES (NOT (MEMBER A Y))
(EQUAL (MEMBER A (SET-DIFF Y Z)) F)).
This again simplifies, trivially, to:
(IMPLIES (NOT (MEMBER A Y))
(NOT (MEMBER A (SET-DIFF Y Z)))),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (MEMBER A (SET-DIFF Y Z))
(AND (MEMBER A Y)
(NOT (MEMBER A Z)))).
We named this *1. We will try to prove it by induction. There is only one
suggested induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(p A (CDR Y) Z))
(p A Y Z))
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(p A (CDR Y) Z))
(p A Y Z))
(IMPLIES (NOT (LISTP Y)) (p A Y Z))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT Y)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces three new conjectures:
Case 3. (IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(EQUAL (MEMBER A (SET-DIFF (CDR Y) Z))
(AND (MEMBER A (CDR Y))
(NOT (MEMBER A Z)))))
(EQUAL (MEMBER A (SET-DIFF Y Z))
(AND (MEMBER A Y)
(NOT (MEMBER A Z))))),
which simplifies, rewriting with the lemmas SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and CDR-SUBSETP, and opening up NOT, AND, SET-DIFF, and
EQUAL, to:
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(NOT (MEMBER A (CDR Y)))
(EQUAL (MEMBER A (SET-DIFF (CDR Y) Z))
F)
(MEMBER A Y))
(MEMBER A Z)).
This again simplifies, obviously, to the new conjecture:
(IMPLIES (AND (LISTP Y)
(MEMBER (CAR Y) Z)
(NOT (MEMBER A (CDR Y)))
(NOT (MEMBER A (SET-DIFF (CDR Y) Z)))
(MEMBER A Y))
(MEMBER A Z)).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS X V) to eliminate
(CAR Y) and (CDR Y). We would thus like to prove:
(IMPLIES (AND (MEMBER X Z)
(NOT (MEMBER A V))
(NOT (MEMBER A (SET-DIFF V Z)))
(MEMBER A (CONS X V)))
(MEMBER A Z)),
which further simplifies, applying MEMBER-CONS, to:
(IMPLIES (AND (MEMBER X Z)
(NOT (MEMBER A V))
(NOT (MEMBER A (SET-DIFF V Z)))
(EQUAL A X))
(MEMBER A Z)),
which again simplifies, trivially, to:
T.
Case 2. (IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(EQUAL (MEMBER A (SET-DIFF (CDR Y) Z))
(AND (MEMBER A (CDR Y))
(NOT (MEMBER A Z)))))
(EQUAL (MEMBER A (SET-DIFF Y Z))
(AND (MEMBER A Y)
(NOT (MEMBER A Z))))).
This simplifies, applying MEMBER-CONS, SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and CDR-SUBSETP, and opening up the definitions of NOT, AND, SET-DIFF, and
EQUAL, to four new conjectures:
Case 2.4.
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(MEMBER A Z)
(EQUAL (MEMBER A (SET-DIFF (CDR Y) Z))
F))
(NOT (EQUAL A (CAR Y)))),
which again simplifies, obviously, to:
T.
Case 2.3.
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(NOT (MEMBER A (CDR Y)))
(EQUAL (MEMBER A (SET-DIFF (CDR Y) Z))
F)
(EQUAL A (CAR Y)))
(MEMBER A Y)).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(NOT (MEMBER (CAR Y) (CDR Y)))
(NOT (MEMBER (CAR Y)
(SET-DIFF (CDR Y) Z))))
(MEMBER (CAR Y) Y)).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS X V) to eliminate
(CAR Y) and (CDR Y). This produces:
(IMPLIES (AND (NOT (MEMBER X Z))
(NOT (MEMBER X V))
(NOT (MEMBER X (SET-DIFF V Z))))
(MEMBER X (CONS X V))),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(NOT (MEMBER A (CDR Y)))
(EQUAL (MEMBER A (SET-DIFF (CDR Y) Z))
F)
(EQUAL A (CAR Y)))
(NOT (MEMBER A Z))).
This again simplifies, clearly, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(NOT (MEMBER A (CDR Y)))
(EQUAL (MEMBER A (SET-DIFF (CDR Y) Z))
F)
(NOT (EQUAL A (CAR Y)))
(MEMBER A Y))
(MEMBER A Z)).
This again simplifies, obviously, to:
(IMPLIES (AND (LISTP Y)
(NOT (MEMBER (CAR Y) Z))
(NOT (MEMBER A (CDR Y)))
(NOT (MEMBER A (SET-DIFF (CDR Y) Z)))
(NOT (EQUAL A (CAR Y)))
(MEMBER A Y))
(MEMBER A Z)).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS X V) to eliminate
(CAR Y) and (CDR Y). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER X Z))
(NOT (MEMBER A V))
(NOT (MEMBER A (SET-DIFF V Z)))
(NOT (EQUAL A X))
(MEMBER A (CONS X V)))
(MEMBER A Z)),
which further simplifies, appealing to the lemma MEMBER-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP Y))
(EQUAL (MEMBER A (SET-DIFF Y Z))
(AND (MEMBER A Y)
(NOT (MEMBER A Z))))),
which simplifies, applying MEMBER-NLISTP, and unfolding the functions
SET-DIFF, NOT, AND, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-SET-DIFF
(PROVE-LEMMA SUBSETP-SET-DIFF-1
(REWRITE)
(SUBSETP (SET-DIFF X Y) X))
Give the conjecture the name *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to three new formulas:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (SET-DIFF (CDR X) Y)
(CDR X)))
(SUBSETP (SET-DIFF X Y) X)),
which simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, CDR-SUBSETP,
and SUBSETP-IS-TRANSITIVE, and opening up the definition of SET-DIFF, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (SET-DIFF (CDR X) Y)
(CDR X)))
(SUBSETP (SET-DIFF X Y) X)).
This simplifies, applying CDR-SUBSETP, SUBSETP-IS-TRANSITIVE, and
SUBSETP-CONS-1, and unfolding SET-DIFF, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (SET-DIFF (CDR X) Y)
(CDR X)))
(MEMBER (CAR X) X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). This generates:
(IMPLIES (AND (NOT (MEMBER Z Y))
(SUBSETP (SET-DIFF V Y) V))
(MEMBER Z (CONS Z V))).
But this further simplifies, rewriting with the lemma MEMBER-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(SUBSETP (SET-DIFF X Y) X)),
which simplifies, appealing to the lemma SUBSETP-NLISTP, and unfolding the
definitions of SET-DIFF and LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-SET-DIFF-1
(PROVE-LEMMA DISJOINTP-SET-DIFF
(REWRITE)
(DISJOINT (SET-DIFF X Y) Y))
This formula simplifies, applying DISJOINT-SYMMETRY, to:
(DISJOINT Y (SET-DIFF X Y)),
which we will name *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p Y (CDR X)))
(p Y X))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p Y (CDR X)))
(p Y X))
(IMPLIES (NOT (LISTP X)) (p Y X))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme produces three
new goals:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(DISJOINT Y (SET-DIFF (CDR X) Y)))
(DISJOINT Y (SET-DIFF X Y))),
which simplifies, applying the lemmas SUBSETP-REFLEXIVITY and MEMBER-SUBSETP,
and unfolding SET-DIFF, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(DISJOINT Y (SET-DIFF (CDR X) Y)))
(DISJOINT Y (SET-DIFF X Y))),
which simplifies, appealing to the lemma DISJOINT-CONS-2, and unfolding
SET-DIFF, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(DISJOINT Y (SET-DIFF X Y))),
which simplifies, rewriting with the lemmas DISJOINT-NLISTP and
DISJOINT-SYMMETRY, and expanding SET-DIFF, OR, and NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINTP-SET-DIFF
(PROVE-LEMMA SUBSETP-SET-DIFF-2
(REWRITE)
(EQUAL (SUBSETP X (SET-DIFF Y Z))
(AND (SUBSETP X Y) (DISJOINT X Z)))
((ENABLE-THEORY SET-DEFNS)))
This simplifies, opening up the function AND, to two new conjectures:
Case 2. (IMPLIES (NOT (SUBSETP X Y))
(EQUAL (SUBSETP X (SET-DIFF Y Z)) F)),
which again simplifies, applying SUBSETP-SET-DIFF-1 and
SUBSETP-IS-TRANSITIVE, to:
T.
Case 1. (IMPLIES (SUBSETP X Y)
(EQUAL (SUBSETP X (SET-DIFF Y Z))
(DISJOINT X Z))).
Give the above formula the name *1.
We will appeal to induction. The recursive terms in the conjecture
suggest four inductions. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (NLISTP X) (p X Y Z))
(IMPLIES (AND (NOT (NLISTP X)) (p (CDR X) Y Z))
(p X Y Z))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to show that the measure (COUNT X) decreases according to
the well-founded relation LESSP in each induction step of the scheme. The
above induction scheme leads to three new formulas:
Case 3. (IMPLIES (AND (NLISTP X) (SUBSETP X Y))
(EQUAL (SUBSETP X (SET-DIFF Y Z))
(DISJOINT X Z))),
which simplifies, applying the lemmas SUBSETP-NLISTP and DISJOINT-NLISTP,
and opening up the definitions of NLISTP, OR, and EQUAL, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(EQUAL (SUBSETP X (SET-DIFF Y Z))
(DISJOINT X Z))),
which simplifies, expanding NLISTP and SUBSETP, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(EQUAL (SUBSETP (CDR X) (SET-DIFF Y Z))
(DISJOINT (CDR X) Z))
(SUBSETP X Y))
(EQUAL (SUBSETP X (SET-DIFF Y Z))
(DISJOINT X Z))),
which simplifies, applying the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and MEMBER-SET-DIFF, and opening up the functions NLISTP, SUBSETP, and
DISJOINT, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-SET-DIFF-2
(PROVE-LEMMA SET-DIFF-CONS
(REWRITE)
(EQUAL (SET-DIFF (CONS A X) Y)
(IF (MEMBER A Y)
(SET-DIFF X Y)
(CONS A (SET-DIFF X Y)))))
This formula simplifies, applying the lemmas CDR-CONS and CAR-CONS, and
unfolding SET-DIFF, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SET-DIFF-CONS
(PROVE-LEMMA SET-DIFF-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (SET-DIFF X Y) NIL)))
This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to:
(IMPLIES (NOT (LISTP X))
(EQUAL (SET-DIFF X Y) NIL)),
which simplifies, opening up the functions SET-DIFF and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SET-DIFF-NLISTP
(PROVE-LEMMA DISJOINT-SET-DIFF-GENERAL
(REWRITE)
(EQUAL (DISJOINT X (SET-DIFF Y Z))
(SUBSETP (INTERSECTION X Y) Z))
((INDUCT (INTERSECTION X Y))))
WARNING: the previously added lemma, DISJOINT-SYMMETRY, could be applied
whenever the newly proposed DISJOINT-SET-DIFF-GENERAL could!
This conjecture can be simplified, using the abbreviations NOT, OR, and AND,
to three new conjectures:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (DISJOINT (CDR X) (SET-DIFF Y Z))
(SUBSETP (INTERSECTION (CDR X) Y) Z)))
(EQUAL (DISJOINT X (SET-DIFF Y Z))
(SUBSETP (INTERSECTION X Y) Z))),
which simplifies, rewriting with SUBSETP-INTERSECTION-COMMUTER, to the new
goal:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (DISJOINT (CDR X) (SET-DIFF Y Z))
(SUBSETP (INTERSECTION Y (CDR X)) Z)))
(EQUAL (DISJOINT X (SET-DIFF Y Z))
(SUBSETP (INTERSECTION X Y) Z))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V W) to eliminate
(CAR X) and (CDR X). We thus obtain the new goal:
(IMPLIES (AND (MEMBER V Y)
(EQUAL (DISJOINT W (SET-DIFF Y Z))
(SUBSETP (INTERSECTION Y W) Z)))
(EQUAL (DISJOINT (CONS V W) (SET-DIFF Y Z))
(SUBSETP (INTERSECTION (CONS V W) Y)
Z))),
which further simplifies, rewriting with SUBSETP-INTERSECTION-COMMUTER,
SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, MEMBER-SET-DIFF, DISJOINT-CONS-1,
INTERSECTION-CONS-1, and SUBSETP-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (DISJOINT (CDR X) (SET-DIFF Y Z))
(SUBSETP (INTERSECTION (CDR X) Y) Z)))
(EQUAL (DISJOINT X (SET-DIFF Y Z))
(SUBSETP (INTERSECTION X Y) Z))).
This simplifies, applying SUBSETP-INTERSECTION-COMMUTER, to the conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (DISJOINT (CDR X) (SET-DIFF Y Z))
(SUBSETP (INTERSECTION Y (CDR X)) Z)))
(EQUAL (DISJOINT X (SET-DIFF Y Z))
(SUBSETP (INTERSECTION X Y) Z))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V W) to
eliminate (CAR X) and (CDR X). The result is:
(IMPLIES (AND (NOT (MEMBER V Y))
(EQUAL (DISJOINT W (SET-DIFF Y Z))
(SUBSETP (INTERSECTION Y W) Z)))
(EQUAL (DISJOINT (CONS V W) (SET-DIFF Y Z))
(SUBSETP (INTERSECTION (CONS V W) Y)
Z))).
However this further simplifies, rewriting with the lemmas
SUBSETP-INTERSECTION-COMMUTER, MEMBER-SET-DIFF, DISJOINT-CONS-1, and
INTERSECTION-CONS-1, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (DISJOINT X (SET-DIFF Y Z))
(SUBSETP (INTERSECTION X Y) Z))),
which simplifies, rewriting with DISJOINT-NLISTP, SUBSETP-NLISTP,
FIX-PROPERP-NLISTP, and INTERSECTION-ELIMINATION, and opening up OR, NLISTP,
and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-SET-DIFF-GENERAL
(PROVE-LEMMA INTERSECTION-SUBSETP-IDENTITY
(REWRITE)
(IMPLIES (AND (PROPERP X) (SUBSETP X Y))
(EQUAL (INTERSECTION X Y) X))
((ENABLE SUBSETP)))
WARNING: the previously added lemma, INTERSECTION-ELIMINATION, could be
applied whenever the newly proposed INTERSECTION-SUBSETP-IDENTITY could!
This formula simplifies, appealing to the lemmas FIX-PROPERP-PROPERP and
INTERSECTION-ELIMINATION, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-SUBSETP-IDENTITY
(PROVE-LEMMA INTERSECTION-X-X
(REWRITE)
(IMPLIES (PROPERP X)
(EQUAL (INTERSECTION X X) X)))
This conjecture simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY and
INTERSECTION-SUBSETP-IDENTITY, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
INTERSECTION-X-X
(PROVE-LEMMA SUBSETP-SET-DIFF-MONONONE-2
(REWRITE)
(SUBSETP (SET-DIFF X (APPEND Y Z))
(SET-DIFF X Z))
((DISABLE SET-DIFF)))
This conjecture can be simplified, using the abbreviation SUBSETP-SET-DIFF-2,
to two new conjectures:
Case 2. (SUBSETP (SET-DIFF X (APPEND Y Z)) X),
which simplifies, applying the lemma SUBSETP-SET-DIFF-1, to:
T.
Case 1. (DISJOINT (SET-DIFF X (APPEND Y Z))
Z),
which simplifies, applying SUBSETP-OF-APPEND-SUFFICIENCY,
SUBSETP-REFLEXIVITY, SUBSETP-INTERSECTION-SUFFICIENCY-1,
SUBSETP-INTERSECTION-COMMUTER, DISJOINT-SET-DIFF-GENERAL, and
DISJOINT-SYMMETRY, and opening up OR, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-SET-DIFF-MONONONE-2
(PROVE-LEMMA SUBSETP-SET-DIFF-MONOTONE-SECOND
(REWRITE)
(EQUAL (SUBSETP (SET-DIFF X Y)
(SET-DIFF X Z))
(SUBSETP (INTERSECTION X Z) Y))
((ENABLE INTERSECTION)))
WARNING: the previously added lemma, SUBSETP-SET-DIFF-2, could be applied
whenever the newly proposed SUBSETP-SET-DIFF-MONOTONE-SECOND could!
This simplifies, appealing to the lemmas SUBSETP-SET-DIFF-1,
SUBSETP-INTERSECTION-COMMUTER, DISJOINT-SET-DIFF-GENERAL, DISJOINT-SYMMETRY,
and SUBSETP-SET-DIFF-2, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-SET-DIFF-MONOTONE-SECOND
(PROVE-LEMMA SET-DIFF-NIL
(REWRITE)
(EQUAL (SET-DIFF X NIL)
(FIX-PROPERP X)))
Call the conjecture *1.
We will try to prove it by induction. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) NIL)
(p (CDR X)))
(p X))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) NIL))
(p (CDR X)))
(p X))
(IMPLIES (NOT (LISTP X)) (p X))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following three new formulas:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) NIL)
(EQUAL (SET-DIFF (CDR X) NIL)
(FIX-PROPERP (CDR X))))
(EQUAL (SET-DIFF X NIL)
(FIX-PROPERP X))).
This simplifies, applying MEMBER-NLISTP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) NIL))
(EQUAL (SET-DIFF (CDR X) NIL)
(FIX-PROPERP (CDR X))))
(EQUAL (SET-DIFF X NIL)
(FIX-PROPERP X))),
which simplifies, applying MEMBER-NLISTP, and opening up the functions
SET-DIFF and FIX-PROPERP, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (SET-DIFF X NIL)
(FIX-PROPERP X))).
This simplifies, applying the lemmas SET-DIFF-NLISTP and FIX-PROPERP-NLISTP,
and unfolding EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SET-DIFF-NIL
(PROVE-LEMMA SET-DIFF-CONS-NON-MEMBER-1
(REWRITE)
(IMPLIES (NOT (MEMBER A X))
(EQUAL (SET-DIFF X (CONS A Y))
(SET-DIFF X Y))))
Give the conjecture the name *1.
Let us appeal to the induction principle. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CONS A Y))
(p (CDR X) A Y))
(p X A Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CONS A Y)))
(p (CDR X) A Y))
(p X A Y))
(IMPLIES (NOT (LISTP X)) (p X A Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme generates the
following five new conjectures:
Case 5. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CONS A Y))
(MEMBER A (CDR X))
(NOT (MEMBER A X)))
(EQUAL (SET-DIFF X (CONS A Y))
(SET-DIFF X Y))).
This simplifies, appealing to the lemmas MEMBER-CONS, CDR-SUBSETP, and
MEMBER-SUBSETP, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CONS A Y))
(EQUAL (SET-DIFF (CDR X) (CONS A Y))
(SET-DIFF (CDR X) Y))
(NOT (MEMBER A X)))
(EQUAL (SET-DIFF X (CONS A Y))
(SET-DIFF X Y))).
This simplifies, rewriting with MEMBER-CONS, SUBSETP-CONS-2,
SUBSETP-REFLEXIVITY, and MEMBER-SUBSETP, and opening up the definition of
SET-DIFF, to:
(IMPLIES (AND (LISTP X)
(EQUAL (CAR X) A)
(EQUAL (SET-DIFF (CDR X) (CONS A Y))
(SET-DIFF (CDR X) Y))
(NOT (MEMBER A X))
(NOT (MEMBER A Y)))
(EQUAL (SET-DIFF (CDR X) Y)
(CONS A (SET-DIFF (CDR X) Y)))).
This again simplifies, clearly, to the new conjecture:
(IMPLIES (AND (LISTP X)
(EQUAL (SET-DIFF (CDR X) (CONS (CAR X) Y))
(SET-DIFF (CDR X) Y))
(NOT (MEMBER (CAR X) X)))
(MEMBER (CAR X) Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain:
(IMPLIES (AND (EQUAL (SET-DIFF Z (CONS V Y))
(SET-DIFF Z Y))
(NOT (MEMBER V (CONS V Z))))
(MEMBER V Y)),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CONS A Y)))
(MEMBER A (CDR X))
(NOT (MEMBER A X)))
(EQUAL (SET-DIFF X (CONS A Y))
(SET-DIFF X Y))).
This simplifies, rewriting with the lemmas MEMBER-CONS, CDR-SUBSETP, and
MEMBER-SUBSETP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CONS A Y)))
(EQUAL (SET-DIFF (CDR X) (CONS A Y))
(SET-DIFF (CDR X) Y))
(NOT (MEMBER A X)))
(EQUAL (SET-DIFF X (CONS A Y))
(SET-DIFF X Y))).
This simplifies, applying MEMBER-CONS, and expanding SET-DIFF, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER A X)))
(EQUAL (SET-DIFF X (CONS A Y))
(SET-DIFF X Y))),
which simplifies, applying MEMBER-NLISTP and SET-DIFF-NLISTP, and expanding
the definition of EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SET-DIFF-CONS-NON-MEMBER-1
(PROVE-LEMMA LENGTH-INTERSECTION-SET-DIFF NIL
(EQUAL (LENGTH X)
(PLUS (LENGTH (SET-DIFF X Y))
(LENGTH (INTERSECTION X Y))))
((ENABLE SET-DIFF INTERSECTION LENGTH)))
Call the conjecture *1.
We will try to prove it by induction. There are three plausible
inductions. However, they merge into one likely candidate induction. We will
induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates three new goals:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (LENGTH (CDR X))
(PLUS (LENGTH (SET-DIFF (CDR X) Y))
(LENGTH (INTERSECTION (CDR X) Y)))))
(EQUAL (LENGTH X)
(PLUS (LENGTH (SET-DIFF X Y))
(LENGTH (INTERSECTION X Y))))),
which simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and LENGTH-CONS, and unfolding LENGTH, SET-DIFF, and
INTERSECTION, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (LENGTH (CDR X))
(PLUS (LENGTH (SET-DIFF (CDR X) Y))
(LENGTH (INTERSECTION (CDR X) Y)))))
(EQUAL (ADD1 (LENGTH (CDR X)))
(PLUS (LENGTH (SET-DIFF (CDR X) Y))
(ADD1 (LENGTH (INTERSECTION (CDR X) Y)))))).
But this again simplifies, using linear arithmetic, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (LENGTH (CDR X))
(PLUS (LENGTH (SET-DIFF (CDR X) Y))
(LENGTH (INTERSECTION (CDR X) Y)))))
(EQUAL (LENGTH X)
(PLUS (LENGTH (SET-DIFF X Y))
(LENGTH (INTERSECTION X Y))))),
which simplifies, applying the lemmas LENGTH-CONS and SUB1-ADD1, and opening
up the definitions of LENGTH, SET-DIFF, INTERSECTION, and PLUS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (LENGTH X)
(PLUS (LENGTH (SET-DIFF X Y))
(LENGTH (INTERSECTION X Y))))),
which simplifies, applying LENGTH-NLISTP, SET-DIFF-NLISTP, SUBSETP-NLISTP,
FIX-PROPERP-NLISTP, and INTERSECTION-ELIMINATION, and unfolding LENGTH, PLUS,
and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
LENGTH-INTERSECTION-SET-DIFF
(PROVE-LEMMA LENGTH-SET-DIFF-OPENER
(REWRITE)
(EQUAL (LENGTH (SET-DIFF X Y))
(DIFFERENCE (LENGTH X)
(LENGTH (INTERSECTION X Y))))
((USE (LENGTH-INTERSECTION-SET-DIFF))))
This formula simplifies, using linear arithmetic, to:
(IMPLIES (AND (LESSP (LENGTH X)
(LENGTH (INTERSECTION X Y)))
(EQUAL (LENGTH X)
(PLUS (LENGTH (SET-DIFF X Y))
(LENGTH (INTERSECTION X Y)))))
(EQUAL (LENGTH (SET-DIFF X Y))
(DIFFERENCE (LENGTH X)
(LENGTH (INTERSECTION X Y))))).
This again simplifies, using linear arithmetic, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
LENGTH-SET-DIFF-OPENER
(PROVE-LEMMA LISTP-SET-DIFF
(REWRITE)
(EQUAL (LISTP (SET-DIFF X Y))
(NOT (SUBSETP X Y)))
((ENABLE SET-DIFF)))
This conjecture simplifies, expanding NOT, to the following two new goals:
Case 2. (IMPLIES (NOT (SUBSETP X Y))
(EQUAL (LISTP (SET-DIFF X Y)) T)).
This again simplifies, clearly, to:
(IMPLIES (NOT (SUBSETP X Y))
(LISTP (SET-DIFF X Y))),
which we will name *1.
Case 1. (IMPLIES (SUBSETP X Y)
(EQUAL (LISTP (SET-DIFF X Y)) F)).
This again simplifies, clearly, to:
(IMPLIES (SUBSETP X Y)
(NOT (LISTP (SET-DIFF X Y)))),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (LISTP (SET-DIFF X Y))
(NOT (SUBSETP X Y))).
We named this *1. We will try to prove it by induction. There is only one
suggested induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates three new formulas:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (LISTP (SET-DIFF (CDR X) Y))
(NOT (SUBSETP (CDR X) Y))))
(EQUAL (LISTP (SET-DIFF X Y))
(NOT (SUBSETP X Y)))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
opening up NOT and SET-DIFF, to the following two new formulas:
Case 3.2.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SUBSETP (CDR X) Y))
(EQUAL (LISTP (SET-DIFF (CDR X) Y))
T))
(NOT (SUBSETP X Y))).
This again simplifies, clearly, to the new goal:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SUBSETP (CDR X) Y))
(LISTP (SET-DIFF (CDR X) Y)))
(NOT (SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (MEMBER Z Y)
(NOT (SUBSETP V Y))
(LISTP (SET-DIFF V Y)))
(NOT (SUBSETP (CONS Z V) Y))),
which further simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and SUBSETP-CONS-1, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (CDR X) Y)
(EQUAL (LISTP (SET-DIFF (CDR X) Y))
F))
(SUBSETP X Y)).
This again simplifies, trivially, to the new formula:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SUBSETP (CDR X) Y)
(NOT (LISTP (SET-DIFF (CDR X) Y))))
(SUBSETP X Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain the new formula:
(IMPLIES (AND (MEMBER Z Y)
(SUBSETP V Y)
(NOT (LISTP (SET-DIFF V Y))))
(SUBSETP (CONS Z V) Y)),
which further simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
SUBSETP-IS-TRANSITIVE, and SUBSETP-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (LISTP (SET-DIFF (CDR X) Y))
(NOT (SUBSETP (CDR X) Y))))
(EQUAL (LISTP (SET-DIFF X Y))
(NOT (SUBSETP X Y)))).
This simplifies, unfolding the functions NOT and SET-DIFF, to the following
two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SUBSETP (CDR X) Y))
(EQUAL (LISTP (SET-DIFF (CDR X) Y))
T))
(NOT (SUBSETP X Y))).
This again simplifies, clearly, to the new formula:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SUBSETP (CDR X) Y))
(LISTP (SET-DIFF (CDR X) Y)))
(NOT (SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (SUBSETP V Y))
(LISTP (SET-DIFF V Y)))
(NOT (SUBSETP (CONS Z V) Y))),
which further simplifies, applying the lemma SUBSETP-CONS-1, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (CDR X) Y)
(EQUAL (LISTP (SET-DIFF (CDR X) Y))
F))
(NOT (SUBSETP X Y))),
which again simplifies, clearly, to the new conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SUBSETP (CDR X) Y)
(NOT (LISTP (SET-DIFF (CDR X) Y))))
(NOT (SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain the new formula:
(IMPLIES (AND (NOT (MEMBER Z Y))
(SUBSETP V Y)
(NOT (LISTP (SET-DIFF V Y))))
(NOT (SUBSETP (CONS Z V) Y))),
which further simplifies, applying SUBSETP-CONS-1, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (LISTP (SET-DIFF X Y))
(NOT (SUBSETP X Y)))).
This simplifies, rewriting with SET-DIFF-NLISTP and SUBSETP-NLISTP, and
unfolding LISTP, NOT, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
LISTP-SET-DIFF
(PROVE-LEMMA DISJOINT-INTERSECTION-SET-DIFF-INTERSECTION
(REWRITE)
(DISJOINT X
(INTERSECTION Y
(SET-DIFF Z (INTERSECTION Y X))))
((ENABLE DISJOINT-WIT-WITNESSES)
(DISABLE SET-DIFF)))
This conjecture can be simplified, using the abbreviations MEMBER-SET-DIFF,
MEMBER-INTERSECTION, and DISJOINT-WIT-WITNESSES, to the conjecture:
(IMPLIES
(AND
(MEMBER (DISJOINT-WIT X
(INTERSECTION Y
(SET-DIFF Z (INTERSECTION Y X))))
X)
(MEMBER (DISJOINT-WIT X
(INTERSECTION Y
(SET-DIFF Z (INTERSECTION Y X))))
Y)
(MEMBER (DISJOINT-WIT X
(INTERSECTION Y
(SET-DIFF Z (INTERSECTION Y X))))
Z))
(MEMBER (DISJOINT-WIT X
(INTERSECTION Y
(SET-DIFF Z (INTERSECTION Y X))))
(INTERSECTION Y X))).
This simplifies, applying MEMBER-INTERSECTION, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-INTERSECTION-SET-DIFF-INTERSECTION
(DISABLE SET-DIFF)
[ 0.0 0.0 0.0 ]
SET-DIFF-OFF
(PROVE-LEMMA MEMBER-FIX-PROPERP
(REWRITE)
(EQUAL (MEMBER A (FIX-PROPERP X))
(MEMBER A X)))
Name the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p A (CDR X)))
(p A X))
(IMPLIES (NOT (LISTP X)) (p A X))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following two new
goals:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (MEMBER A (FIX-PROPERP (CDR X)))
(MEMBER A (CDR X))))
(EQUAL (MEMBER A (FIX-PROPERP X))
(MEMBER A X))).
This simplifies, applying MEMBER-CONS, and unfolding the definition of
FIX-PROPERP, to two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP X)
(EQUAL (MEMBER A (FIX-PROPERP (CDR X)))
(MEMBER A (CDR X)))
(NOT (EQUAL A (CAR X))))
(EQUAL (MEMBER A (CDR X))
(MEMBER A X))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new conjecture:
(IMPLIES (AND (EQUAL (MEMBER A (FIX-PROPERP Z))
(MEMBER A Z))
(NOT (EQUAL A V)))
(EQUAL (MEMBER A Z)
(MEMBER A (CONS V Z)))),
which further simplifies, rewriting with the lemma MEMBER-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(EQUAL (MEMBER A (FIX-PROPERP (CDR X)))
(MEMBER A (CDR X)))
(EQUAL A (CAR X)))
(EQUAL T (MEMBER A X))),
which again simplifies, clearly, to:
(IMPLIES (AND (LISTP X)
(EQUAL (MEMBER (CAR X) (FIX-PROPERP (CDR X)))
(MEMBER (CAR X) (CDR X))))
(MEMBER (CAR X) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces the new goal:
(IMPLIES (EQUAL (MEMBER Z (FIX-PROPERP V))
(MEMBER Z V))
(MEMBER Z (CONS Z V))),
which further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (MEMBER A (FIX-PROPERP X))
(MEMBER A X))).
This simplifies, applying the lemmas FIX-PROPERP-NLISTP and MEMBER-NLISTP,
and unfolding the definition of EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-FIX-PROPERP
(PROVE-LEMMA SETP-APPEND
(REWRITE)
(EQUAL (SETP (APPEND X Y))
(AND (DISJOINT X Y)
(SETP (FIX-PROPERP X))
(SETP Y))))
This formula simplifies, opening up AND, to the following three new formulas:
Case 3. (IMPLIES (NOT (SETP (FIX-PROPERP X)))
(EQUAL (SETP (APPEND X Y)) F)).
This again simplifies, trivially, to the new formula:
(IMPLIES (NOT (SETP (FIX-PROPERP X)))
(NOT (SETP (APPEND X Y)))),
which we will name *1.
Case 2. (IMPLIES (NOT (DISJOINT X Y))
(EQUAL (SETP (APPEND X Y)) F)).
This again simplifies, clearly, to:
(IMPLIES (NOT (DISJOINT X Y))
(NOT (SETP (APPEND X Y)))),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (SETP (APPEND X Y))
(AND (DISJOINT X Y)
(SETP (FIX-PROPERP X))
(SETP Y))).
We named this *1. We will try to prove it by induction. There are three
plausible inductions. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme generates the
following two new conjectures:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (SETP (APPEND (CDR X) Y))
(AND (DISJOINT (CDR X) Y)
(SETP (FIX-PROPERP (CDR X)))
(SETP Y))))
(EQUAL (SETP (APPEND X Y))
(AND (DISJOINT X Y)
(SETP (FIX-PROPERP X))
(SETP Y)))).
This simplifies, applying DISJOINT-SYMMETRY, MEMBER-APPEND, CDR-CONS,
CAR-CONS, and MEMBER-FIX-PROPERP, and expanding the definitions of AND,
APPEND, SETP, FIX-PROPERP, and EQUAL, to three new conjectures:
Case 2.3.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT Y (CDR X)))
(EQUAL (SETP (APPEND (CDR X) Y)) F)
(DISJOINT X Y)
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (FIX-PROPERP (CDR X))))
(NOT (SETP Y))),
which again simplifies, obviously, to:
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT Y (CDR X)))
(NOT (SETP (APPEND (CDR X) Y)))
(DISJOINT X Y)
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (FIX-PROPERP (CDR X))))
(NOT (SETP Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new conjecture:
(IMPLIES (AND (NOT (DISJOINT Y Z))
(NOT (SETP (APPEND Z Y)))
(DISJOINT (CONS V Z) Y)
(NOT (MEMBER V Z))
(SETP (FIX-PROPERP Z)))
(NOT (SETP Y))),
which further simplifies, applying DISJOINT-CONS-2 and DISJOINT-SYMMETRY,
to:
T.
Case 2.2.
(IMPLIES (AND (LISTP X)
(DISJOINT Y (CDR X))
(SETP (FIX-PROPERP (CDR X)))
(EQUAL (SETP (APPEND (CDR X) Y))
(SETP Y))
(NOT (DISJOINT X Y))
(NOT (MEMBER (CAR X) (CDR X)))
(NOT (MEMBER (CAR X) Y)))
(EQUAL (SETP Y) F)).
This again simplifies, clearly, to the new goal:
(IMPLIES (AND (LISTP X)
(DISJOINT Y (CDR X))
(SETP (FIX-PROPERP (CDR X)))
(SETP (APPEND (CDR X) Y))
(NOT (DISJOINT X Y))
(NOT (MEMBER (CAR X) (CDR X)))
(NOT (MEMBER (CAR X) Y)))
(NOT (SETP Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new goal:
(IMPLIES (AND (DISJOINT Y Z)
(SETP (FIX-PROPERP Z))
(SETP (APPEND Z Y))
(NOT (DISJOINT (CONS V Z) Y))
(NOT (MEMBER V Z))
(NOT (MEMBER V Y)))
(NOT (SETP Y))),
which further simplifies, rewriting with DISJOINT-CONS-2 and
DISJOINT-SYMMETRY, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(DISJOINT Y (CDR X))
(SETP (FIX-PROPERP (CDR X)))
(EQUAL (SETP (APPEND (CDR X) Y))
(SETP Y))
(DISJOINT X Y)
(NOT (MEMBER (CAR X) (CDR X)))
(MEMBER (CAR X) Y))
(EQUAL F (SETP Y))).
This again simplifies, obviously, to the new goal:
(IMPLIES (AND (LISTP X)
(DISJOINT Y (CDR X))
(SETP (FIX-PROPERP (CDR X)))
(SETP (APPEND (CDR X) Y))
(DISJOINT X Y)
(NOT (MEMBER (CAR X) (CDR X)))
(MEMBER (CAR X) Y))
(NOT (SETP Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces:
(IMPLIES (AND (DISJOINT Y Z)
(SETP (FIX-PROPERP Z))
(SETP (APPEND Z Y))
(DISJOINT (CONS V Z) Y)
(NOT (MEMBER V Z))
(MEMBER V Y))
(NOT (SETP Y))),
which further simplifies, appealing to the lemmas MEMBER-CONS,
DISJOINT-NON-MEMBER, and DISJOINT-SYMMETRY, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (SETP (APPEND X Y))
(AND (DISJOINT X Y)
(SETP (FIX-PROPERP X))
(SETP Y)))),
which simplifies, applying DISJOINT-NLISTP and FIX-PROPERP-NLISTP, and
opening up the definitions of APPEND, OR, NLISTP, SETP, and AND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.3 0.0 0.0 ]
SETP-APPEND
(PROVE-LEMMA SETP-CONS
(REWRITE)
(EQUAL (SETP (CONS A X))
(AND (NOT (MEMBER A X)) (SETP X))))
This simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and opening up
the definitions of SETP, NOT, and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SETP-CONS
(PROVE-LEMMA SETP-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (SETP X) (EQUAL X NIL))))
This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to:
(IMPLIES (NOT (LISTP X))
(EQUAL (SETP X) (EQUAL X NIL))),
which simplifies, opening up SETP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SETP-NLISTP
(DEFN MAKE-SET
(L)
(IF (NOT (LISTP L))
NIL
(IF (MEMBER (CAR L) (CDR L))
(MAKE-SET (CDR L))
(CONS (CAR L) (MAKE-SET (CDR L))))))
Linear arithmetic and the lemma CDR-LESSP can be used to show that the
measure (COUNT L) decreases according to the well-founded relation LESSP in
each recursive call. Hence, MAKE-SET is accepted under the definitional
principle. Note that (OR (LITATOM (MAKE-SET L)) (LISTP (MAKE-SET L))) is a
theorem.
[ 0.0 0.0 0.0 ]
MAKE-SET
(PROVE-LEMMA MAKE-SET-PRESERVES-MEMBER
(REWRITE)
(EQUAL (MEMBER X (MAKE-SET L))
(MEMBER X L)))
Name the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (NOT (LISTP L)) (p X L))
(IMPLIES (AND (LISTP L)
(MEMBER (CAR L) (CDR L))
(p X (CDR L)))
(p X L))
(IMPLIES (AND (LISTP L)
(NOT (MEMBER (CAR L) (CDR L)))
(p X (CDR L)))
(p X L))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT L)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (NOT (LISTP L))
(EQUAL (MEMBER X (MAKE-SET L))
(MEMBER X L))).
This simplifies, applying MEMBER-NLISTP, and unfolding the definitions of
MAKE-SET and EQUAL, to:
T.
Case 2. (IMPLIES (AND (LISTP L)
(MEMBER (CAR L) (CDR L))
(EQUAL (MEMBER X (MAKE-SET (CDR L)))
(MEMBER X (CDR L))))
(EQUAL (MEMBER X (MAKE-SET L))
(MEMBER X L))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding the definition of MAKE-SET, to the new conjecture:
(IMPLIES (AND (LISTP L)
(MEMBER (CAR L) (CDR L))
(EQUAL (MEMBER X (MAKE-SET (CDR L)))
(MEMBER X (CDR L))))
(EQUAL (MEMBER X (CDR L))
(MEMBER X L))).
Applying the lemma CAR-CDR-ELIM, replace L by (CONS Z V) to eliminate
(CAR L) and (CDR L). We thus obtain:
(IMPLIES (AND (MEMBER Z V)
(EQUAL (MEMBER X (MAKE-SET V))
(MEMBER X V)))
(EQUAL (MEMBER X V)
(MEMBER X (CONS Z V)))),
which further simplifies, applying MEMBER-CONS, to:
(IMPLIES (AND (MEMBER Z V)
(EQUAL (MEMBER X (MAKE-SET V))
(MEMBER X V))
(EQUAL X Z))
(EQUAL (MEMBER X V) T)),
which again simplifies, obviously, to:
T.
Case 1. (IMPLIES (AND (LISTP L)
(NOT (MEMBER (CAR L) (CDR L)))
(EQUAL (MEMBER X (MAKE-SET (CDR L)))
(MEMBER X (CDR L))))
(EQUAL (MEMBER X (MAKE-SET L))
(MEMBER X L))).
This simplifies, applying the lemma MEMBER-CONS, and opening up MAKE-SET, to
the following two new conjectures:
Case 1.2.
(IMPLIES (AND (LISTP L)
(NOT (MEMBER (CAR L) (CDR L)))
(EQUAL (MEMBER X (MAKE-SET (CDR L)))
(MEMBER X (CDR L)))
(NOT (EQUAL X (CAR L))))
(EQUAL (MEMBER X (CDR L))
(MEMBER X L))).
Appealing to the lemma CAR-CDR-ELIM, we now replace L by (CONS Z V) to
eliminate (CAR L) and (CDR L). We must thus prove:
(IMPLIES (AND (NOT (MEMBER Z V))
(EQUAL (MEMBER X (MAKE-SET V))
(MEMBER X V))
(NOT (EQUAL X Z)))
(EQUAL (MEMBER X V)
(MEMBER X (CONS Z V)))).
However this further simplifies, applying MEMBER-CONS, to:
T.
Case 1.1.
(IMPLIES (AND (LISTP L)
(NOT (MEMBER (CAR L) (CDR L)))
(EQUAL (MEMBER X (MAKE-SET (CDR L)))
(MEMBER X (CDR L)))
(EQUAL X (CAR L)))
(EQUAL T (MEMBER X L))).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP L)
(NOT (MEMBER (CAR L) (CDR L)))
(NOT (MEMBER (CAR L) (MAKE-SET (CDR L)))))
(MEMBER (CAR L) L)).
Applying the lemma CAR-CDR-ELIM, replace L by (CONS Z V) to eliminate
(CAR L) and (CDR L). We thus obtain:
(IMPLIES (AND (NOT (MEMBER Z V))
(NOT (MEMBER Z (MAKE-SET V))))
(MEMBER Z (CONS Z V))),
which further simplifies, applying MEMBER-CONS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MAKE-SET-PRESERVES-MEMBER
(PROVE-LEMMA MAKE-SET-PRESERVES-SUBSETP-1
(REWRITE)
(EQUAL (SUBSETP (MAKE-SET X) (MAKE-SET Y))
(SUBSETP X Y)))
Name the conjecture *1.
We will appeal to induction. The recursive terms in the conjecture
suggest two inductions, both of which are unflawed. Since both of these are
equally likely, we will choose arbitrarily. We will induct according to the
following scheme:
(AND (IMPLIES (NOT (LISTP X)) (p X Y))
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(p (CDR X) Y))
(p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
formulas:
Case 3. (IMPLIES (NOT (LISTP X))
(EQUAL (SUBSETP (MAKE-SET X) (MAKE-SET Y))
(SUBSETP X Y))).
This simplifies, applying SUBSETP-NLISTP, and expanding MAKE-SET and EQUAL,
to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(EQUAL (SUBSETP (MAKE-SET (CDR X))
(MAKE-SET Y))
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP (MAKE-SET X) (MAKE-SET Y))
(SUBSETP X Y))),
which simplifies, applying SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding the function MAKE-SET, to the new formula:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(EQUAL (SUBSETP (MAKE-SET (CDR X))
(MAKE-SET Y))
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP (CDR X) Y)
(SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (MEMBER Z V)
(EQUAL (SUBSETP (MAKE-SET V) (MAKE-SET Y))
(SUBSETP V Y)))
(EQUAL (SUBSETP V Y)
(SUBSETP (CONS Z V) Y))),
which further simplifies, rewriting with SUBSETP-CONS-1, to the new goal:
(IMPLIES (AND (MEMBER Z V)
(EQUAL (SUBSETP (MAKE-SET V) (MAKE-SET Y))
(SUBSETP V Y))
(NOT (MEMBER Z Y)))
(EQUAL (SUBSETP V Y) F)),
which again simplifies, rewriting with SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, and MEMBER-SUBSETP, to:
T.
Case 1. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (SUBSETP (MAKE-SET (CDR X))
(MAKE-SET Y))
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP (MAKE-SET X) (MAKE-SET Y))
(SUBSETP X Y))).
This simplifies, rewriting with MAKE-SET-PRESERVES-MEMBER and SUBSETP-CONS-1,
and expanding the function MAKE-SET, to two new goals:
Case 1.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (SUBSETP (MAKE-SET (CDR X))
(MAKE-SET Y))
(SUBSETP (CDR X) Y))
(NOT (MEMBER (CAR X) Y)))
(EQUAL F (SUBSETP X Y))),
which again simplifies, clearly, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (SUBSETP (MAKE-SET (CDR X))
(MAKE-SET Y))
(SUBSETP (CDR X) Y))
(NOT (MEMBER (CAR X) Y)))
(NOT (SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove the new goal:
(IMPLIES (AND (NOT (MEMBER Z V))
(EQUAL (SUBSETP (MAKE-SET V) (MAKE-SET Y))
(SUBSETP V Y))
(NOT (MEMBER Z Y)))
(NOT (SUBSETP (CONS Z V) Y))),
which further simplifies, rewriting with the lemma SUBSETP-CONS-1, to:
T.
Case 1.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (SUBSETP (MAKE-SET (CDR X))
(MAKE-SET Y))
(SUBSETP (CDR X) Y))
(MEMBER (CAR X) Y))
(EQUAL (SUBSETP (CDR X) Y)
(SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain the new formula:
(IMPLIES (AND (NOT (MEMBER Z V))
(EQUAL (SUBSETP (MAKE-SET V) (MAKE-SET Y))
(SUBSETP V Y))
(MEMBER Z Y))
(EQUAL (SUBSETP V Y)
(SUBSETP (CONS Z V) Y))),
which further simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and SUBSETP-CONS-1, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MAKE-SET-PRESERVES-SUBSETP-1
(PROVE-LEMMA MAKE-SET-PRESERVES-SUBSETP-2
(REWRITE)
(EQUAL (SUBSETP X (MAKE-SET Y))
(SUBSETP X Y))
((ENABLE SUBSETP)))
WARNING: the newly proposed lemma, MAKE-SET-PRESERVES-SUBSETP-2, could be
applied whenever the previously added lemma MAKE-SET-PRESERVES-SUBSETP-1 could.
Name the conjecture *1.
Perhaps we can prove it by induction. There are three plausible
inductions. They merge into two likely candidate inductions. However, only
one is unflawed. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p X Y))
(IMPLIES (AND (NOT (NLISTP X)) (p (CDR X) Y))
(p X Y))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP establish that the measure (COUNT X) decreases according to the
well-founded relation LESSP in each induction step of the scheme. The above
induction scheme produces the following two new goals:
Case 2. (IMPLIES (NLISTP X)
(EQUAL (SUBSETP X (MAKE-SET Y))
(SUBSETP X Y))).
This simplifies, applying SUBSETP-NLISTP, and unfolding the definitions of
NLISTP and EQUAL, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(EQUAL (SUBSETP (CDR X) (MAKE-SET Y))
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP X (MAKE-SET Y))
(SUBSETP X Y))),
which simplifies, rewriting with MAKE-SET-PRESERVES-MEMBER, and expanding
the definitions of NLISTP and SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MAKE-SET-PRESERVES-SUBSETP-2
(PROVE-LEMMA MAKE-SET-PRESERVES-SUBSETP-3
(REWRITE)
(EQUAL (SUBSETP (MAKE-SET X) Y)
(SUBSETP X Y)))
WARNING: the newly proposed lemma, MAKE-SET-PRESERVES-SUBSETP-3, could be
applied whenever the previously added lemma MAKE-SET-PRESERVES-SUBSETP-1 could.
Name the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (NOT (LISTP X)) (p X Y))
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(p (CDR X) Y))
(p X Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (NOT (LISTP X))
(EQUAL (SUBSETP (MAKE-SET X) Y)
(SUBSETP X Y))).
This simplifies, applying SUBSETP-NLISTP, and unfolding the definitions of
MAKE-SET and EQUAL, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(EQUAL (SUBSETP (MAKE-SET (CDR X)) Y)
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP (MAKE-SET X) Y)
(SUBSETP X Y))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding the definition of MAKE-SET, to the new conjecture:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(EQUAL (SUBSETP (MAKE-SET (CDR X)) Y)
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP (CDR X) Y)
(SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (MEMBER Z V)
(EQUAL (SUBSETP (MAKE-SET V) Y)
(SUBSETP V Y)))
(EQUAL (SUBSETP V Y)
(SUBSETP (CONS Z V) Y))),
which further simplifies, applying SUBSETP-CONS-1, to:
(IMPLIES (AND (MEMBER Z V)
(EQUAL (SUBSETP (MAKE-SET V) Y)
(SUBSETP V Y))
(NOT (MEMBER Z Y)))
(EQUAL (SUBSETP V Y) F)),
which again simplifies, rewriting with SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, and MEMBER-SUBSETP, to:
T.
Case 1. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (SUBSETP (MAKE-SET (CDR X)) Y)
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP (MAKE-SET X) Y)
(SUBSETP X Y))).
This simplifies, applying the lemma SUBSETP-CONS-1, and opening up MAKE-SET,
to the following two new conjectures:
Case 1.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (SUBSETP (MAKE-SET (CDR X)) Y)
(SUBSETP (CDR X) Y))
(NOT (MEMBER (CAR X) Y)))
(EQUAL F (SUBSETP X Y))).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (SUBSETP (MAKE-SET (CDR X)) Y)
(SUBSETP (CDR X) Y))
(NOT (MEMBER (CAR X) Y)))
(NOT (SUBSETP X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z V))
(EQUAL (SUBSETP (MAKE-SET V) Y)
(SUBSETP V Y))
(NOT (MEMBER Z Y)))
(NOT (SUBSETP (CONS Z V) Y))),
which further simplifies, applying SUBSETP-CONS-1, to:
T.
Case 1.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (SUBSETP (MAKE-SET (CDR X)) Y)
(SUBSETP (CDR X) Y))
(MEMBER (CAR X) Y))
(EQUAL (SUBSETP (CDR X) Y)
(SUBSETP X Y))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). This generates the goal:
(IMPLIES (AND (NOT (MEMBER Z V))
(EQUAL (SUBSETP (MAKE-SET V) Y)
(SUBSETP V Y))
(MEMBER Z Y))
(EQUAL (SUBSETP V Y)
(SUBSETP (CONS Z V) Y))).
This further simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
SUBSETP-CONS-1, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MAKE-SET-PRESERVES-SUBSETP-3
(PROVE-LEMMA MAKE-SET-GIVES-SETP
(REWRITE)
(SETP (MAKE-SET X)))
Call the conjecture *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (NOT (LISTP X)) (p X))
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(p (CDR X)))
(p X))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(p (CDR X)))
(p X))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to three new goals:
Case 3. (IMPLIES (NOT (LISTP X))
(SETP (MAKE-SET X))),
which simplifies, expanding the definitions of MAKE-SET and SETP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(SETP (MAKE-SET (CDR X))))
(SETP (MAKE-SET X))),
which simplifies, applying SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding MAKE-SET, to:
T.
Case 1. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(SETP (MAKE-SET (CDR X))))
(SETP (MAKE-SET X))).
This simplifies, applying MAKE-SET-PRESERVES-MEMBER and SETP-CONS, and
expanding the definition of MAKE-SET, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MAKE-SET-GIVES-SETP
(PROVE-LEMMA MAKE-SET-SET-DIFF
(REWRITE)
(EQUAL (MAKE-SET (SET-DIFF X Y))
(SET-DIFF (MAKE-SET X) (MAKE-SET Y))))
Call the conjecture *1.
Perhaps we can prove it by induction. Two inductions are suggested by
terms in the conjecture, both of which are unflawed. Since both of these are
equally likely, we will choose arbitrarily. We will induct according to the
following scheme:
(AND (IMPLIES (NOT (LISTP X)) (p X Y))
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(p (CDR X) Y))
(p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to three
new goals:
Case 3. (IMPLIES (NOT (LISTP X))
(EQUAL (MAKE-SET (SET-DIFF X Y))
(SET-DIFF (MAKE-SET X)
(MAKE-SET Y)))),
which simplifies, applying the lemma SET-DIFF-NLISTP, and opening up the
definitions of MAKE-SET and EQUAL, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(EQUAL (MAKE-SET (SET-DIFF (CDR X) Y))
(SET-DIFF (MAKE-SET (CDR X))
(MAKE-SET Y))))
(EQUAL (MAKE-SET (SET-DIFF X Y))
(SET-DIFF (MAKE-SET X)
(MAKE-SET Y)))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
opening up the function MAKE-SET, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(EQUAL (MAKE-SET (SET-DIFF (CDR X) Y))
(SET-DIFF (MAKE-SET (CDR X))
(MAKE-SET Y))))
(EQUAL (MAKE-SET (SET-DIFF X Y))
(MAKE-SET (SET-DIFF (CDR X) Y)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces the new conjecture:
(IMPLIES (AND (MEMBER Z V)
(EQUAL (MAKE-SET (SET-DIFF V Y))
(SET-DIFF (MAKE-SET V) (MAKE-SET Y))))
(EQUAL (MAKE-SET (SET-DIFF (CONS Z V) Y))
(MAKE-SET (SET-DIFF V Y)))),
which further simplifies, applying SET-DIFF-CONS, to the new conjecture:
(IMPLIES (AND (MEMBER Z V)
(EQUAL (MAKE-SET (SET-DIFF V Y))
(SET-DIFF (MAKE-SET V) (MAKE-SET Y)))
(NOT (MEMBER Z Y)))
(EQUAL (MAKE-SET (CONS Z (SET-DIFF V Y)))
(MAKE-SET (SET-DIFF V Y)))),
which again simplifies, applying MEMBER-SET-DIFF, MEMBER-SUBSETP,
SUBSETP-REFLEXIVITY, CDR-CONS, and CAR-CONS, and expanding the function
MAKE-SET, to:
T.
Case 1. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (MAKE-SET (SET-DIFF (CDR X) Y))
(SET-DIFF (MAKE-SET (CDR X))
(MAKE-SET Y))))
(EQUAL (MAKE-SET (SET-DIFF X Y))
(SET-DIFF (MAKE-SET X)
(MAKE-SET Y)))).
This simplifies, applying MAKE-SET-PRESERVES-MEMBER and SET-DIFF-CONS, and
expanding MAKE-SET, to two new conjectures:
Case 1.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (MAKE-SET (SET-DIFF (CDR X) Y))
(SET-DIFF (MAKE-SET (CDR X))
(MAKE-SET Y)))
(NOT (MEMBER (CAR X) Y)))
(EQUAL (MAKE-SET (SET-DIFF X Y))
(CONS (CAR X)
(MAKE-SET (SET-DIFF (CDR X) Y))))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces:
(IMPLIES (AND (NOT (MEMBER Z V))
(EQUAL (MAKE-SET (SET-DIFF V Y))
(SET-DIFF (MAKE-SET V) (MAKE-SET Y)))
(NOT (MEMBER Z Y)))
(EQUAL (MAKE-SET (SET-DIFF (CONS Z V) Y))
(CONS Z (MAKE-SET (SET-DIFF V Y))))),
which further simplifies, rewriting with SET-DIFF-CONS, MEMBER-SET-DIFF,
CDR-CONS, and CAR-CONS, and unfolding MAKE-SET, to:
T.
Case 1.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (MAKE-SET (SET-DIFF (CDR X) Y))
(SET-DIFF (MAKE-SET (CDR X))
(MAKE-SET Y)))
(MEMBER (CAR X) Y))
(EQUAL (MAKE-SET (SET-DIFF X Y))
(MAKE-SET (SET-DIFF (CDR X) Y)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). This generates the formula:
(IMPLIES (AND (NOT (MEMBER Z V))
(EQUAL (MAKE-SET (SET-DIFF V Y))
(SET-DIFF (MAKE-SET V) (MAKE-SET Y)))
(MEMBER Z Y))
(EQUAL (MAKE-SET (SET-DIFF (CONS Z V) Y))
(MAKE-SET (SET-DIFF V Y)))).
This further simplifies, rewriting with SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and SET-DIFF-CONS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
MAKE-SET-SET-DIFF
(PROVE-LEMMA SET-DIFF-MAKE-SET
(REWRITE)
(EQUAL (SET-DIFF X (MAKE-SET Y))
(SET-DIFF X Y))
((ENABLE SET-DIFF)))
Name the conjecture *1.
Perhaps we can prove it by induction. There are three plausible
inductions. They merge into two likely candidate inductions. However, only
one is unflawed. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (MAKE-SET Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (MAKE-SET Y)))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (MAKE-SET Y))
(EQUAL (SET-DIFF (CDR X) (MAKE-SET Y))
(SET-DIFF (CDR X) Y)))
(EQUAL (SET-DIFF X (MAKE-SET Y))
(SET-DIFF X Y))).
This simplifies, applying MAKE-SET-PRESERVES-MEMBER, SUBSETP-REFLEXIVITY,
and MEMBER-SUBSETP, and unfolding the definition of SET-DIFF, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (MAKE-SET Y)))
(EQUAL (SET-DIFF (CDR X) (MAKE-SET Y))
(SET-DIFF (CDR X) Y)))
(EQUAL (SET-DIFF X (MAKE-SET Y))
(SET-DIFF X Y))),
which simplifies, rewriting with MAKE-SET-PRESERVES-MEMBER, and expanding
the definition of SET-DIFF, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (SET-DIFF X (MAKE-SET Y))
(SET-DIFF X Y))).
This simplifies, applying SET-DIFF-NLISTP, and expanding EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SET-DIFF-MAKE-SET
(PROVE-LEMMA LISTP-MAKE-SET
(REWRITE)
(EQUAL (LISTP (MAKE-SET X))
(LISTP X)))
Give the conjecture the name *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (NOT (LISTP X)) (p X))
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(p (CDR X)))
(p X))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(p (CDR X)))
(p X))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
conjectures:
Case 3. (IMPLIES (NOT (LISTP X))
(EQUAL (LISTP (MAKE-SET X))
(LISTP X))).
This simplifies, expanding the functions MAKE-SET, LISTP, and EQUAL, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(EQUAL (LISTP (MAKE-SET (CDR X)))
(LISTP (CDR X))))
(EQUAL (LISTP (MAKE-SET X))
(LISTP X))).
This simplifies, rewriting with the lemmas SUBSETP-REFLEXIVITY and
MEMBER-SUBSETP, and opening up MAKE-SET, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) (CDR X))
(EQUAL (LISTP (MAKE-SET (CDR X)))
(LISTP (CDR X))))
(LISTP (CDR X))),
which again simplifies, applying MEMBER-NLISTP, to:
T.
Case 1. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) (CDR X)))
(EQUAL (LISTP (MAKE-SET (CDR X)))
(LISTP (CDR X))))
(EQUAL (LISTP (MAKE-SET X))
(LISTP X))).
This simplifies, opening up MAKE-SET and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
LISTP-MAKE-SET
(DISABLE SETP)
[ 0.0 0.0 0.0 ]
SETP-OFF
(PROVE-LEMMA SET-DIFF-APPEND
(REWRITE)
(EQUAL (SET-DIFF X (APPEND Y Z))
(SET-DIFF (SET-DIFF X Z) Y))
((INDUCT (SET-DIFF X Z))))
This conjecture can be simplified, using the abbreviations NOT, OR, and AND,
to three new conjectures:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Z)
(EQUAL (SET-DIFF (CDR X) (APPEND Y Z))
(SET-DIFF (SET-DIFF (CDR X) Z) Y)))
(EQUAL (SET-DIFF X (APPEND Y Z))
(SET-DIFF (SET-DIFF X Z) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V W) to eliminate
(CAR X) and (CDR X). This produces the new goal:
(IMPLIES (AND (MEMBER V Z)
(EQUAL (SET-DIFF W (APPEND Y Z))
(SET-DIFF (SET-DIFF W Z) Y)))
(EQUAL (SET-DIFF (CONS V W) (APPEND Y Z))
(SET-DIFF (SET-DIFF (CONS V W) Z)
Y))),
which simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, MEMBER-APPEND, and SET-DIFF-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Z))
(EQUAL (SET-DIFF (CDR X) (APPEND Y Z))
(SET-DIFF (SET-DIFF (CDR X) Z) Y)))
(EQUAL (SET-DIFF X (APPEND Y Z))
(SET-DIFF (SET-DIFF X Z) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V W) to eliminate
(CAR X) and (CDR X). This produces:
(IMPLIES (AND (NOT (MEMBER V Z))
(EQUAL (SET-DIFF W (APPEND Y Z))
(SET-DIFF (SET-DIFF W Z) Y)))
(EQUAL (SET-DIFF (CONS V W) (APPEND Y Z))
(SET-DIFF (SET-DIFF (CONS V W) Z)
Y))),
which simplifies, applying the lemmas MEMBER-APPEND and SET-DIFF-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (SET-DIFF X (APPEND Y Z))
(SET-DIFF (SET-DIFF X Z) Y))),
which simplifies, applying SET-DIFF-NLISTP, and unfolding EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SET-DIFF-APPEND
(PROVE-LEMMA LENGTH-SET-DIFF-LEQ
(REWRITE)
(NOT (LESSP (LENGTH X)
(LENGTH (SET-DIFF X Y)))))
WARNING: Note that the proposed lemma LENGTH-SET-DIFF-LEQ is to be stored as
zero type prescription rules, zero compound recognizer rules, one linear rule,
and zero replacement rules.
This formula simplifies, applying the lemma LENGTH-SET-DIFF-OPENER, to:
(NOT (LESSP (LENGTH X)
(DIFFERENCE (LENGTH X)
(LENGTH (INTERSECTION X Y))))).
But this again simplifies, using linear arithmetic, to:
(IMPLIES (LESSP (LENGTH X)
(LENGTH (INTERSECTION X Y)))
(NOT (LESSP (LENGTH X)
(DIFFERENCE (LENGTH X)
(LENGTH (INTERSECTION X Y)))))).
This again simplifies, using linear arithmetic and rewriting with
LENGTH-INTERSECTION, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
LENGTH-SET-DIFF-LEQ
(PROVE-LEMMA LESSP-LENGTH
(REWRITE)
(IMPLIES (LISTP X)
(LESSP 0 (LENGTH X)))
((ENABLE LENGTH)))
WARNING: Note that the proposed lemma LESSP-LENGTH is to be stored as zero
type prescription rules, zero compound recognizer rules, one linear rule, and
zero replacement rules.
This formula simplifies, opening up the definitions of EQUAL and LESSP, to:
(IMPLIES (LISTP X)
(NOT (EQUAL (LENGTH X) 0))).
Give the above formula the name *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X)))
(p X))
(IMPLIES (NOT (LISTP X)) (p X))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates the following two new
formulas:
Case 2. (IMPLIES (AND (NOT (LISTP (CDR X))) (LISTP X))
(NOT (EQUAL (LENGTH X) 0))).
This simplifies, opening up the definition of LENGTH, to:
T.
Case 1. (IMPLIES (AND (NOT (EQUAL (LENGTH (CDR X)) 0))
(LISTP X))
(NOT (EQUAL (LENGTH X) 0))).
This simplifies, expanding the function LENGTH, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
LESSP-LENGTH
(PROVE-LEMMA LISTP-INTERSECTION
(REWRITE)
(EQUAL (LISTP (INTERSECTION X Y))
(NOT (DISJOINT X Y)))
((ENABLE INTERSECTION)))
This conjecture simplifies, expanding NOT, to the following two new goals:
Case 2. (IMPLIES (NOT (DISJOINT X Y))
(EQUAL (LISTP (INTERSECTION X Y)) T)).
This again simplifies, clearly, to:
(IMPLIES (NOT (DISJOINT X Y))
(LISTP (INTERSECTION X Y))),
which we will name *1.
Case 1. (IMPLIES (DISJOINT X Y)
(EQUAL (LISTP (INTERSECTION X Y)) F)).
This again simplifies, clearly, to:
(IMPLIES (DISJOINT X Y)
(NOT (LISTP (INTERSECTION X Y)))),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (LISTP (INTERSECTION X Y))
(NOT (DISJOINT X Y))).
We named this *1. We will try to prove it by induction. There is only one
suggested induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates three new formulas:
Case 3. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(EQUAL (LISTP (INTERSECTION (CDR X) Y))
(NOT (DISJOINT (CDR X) Y))))
(EQUAL (LISTP (INTERSECTION X Y))
(NOT (DISJOINT X Y)))),
which simplifies, rewriting with DISJOINT-SYMMETRY, SUBSETP-REFLEXIVITY, and
MEMBER-SUBSETP, and opening up NOT and INTERSECTION, to the following two
new formulas:
Case 3.2.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (DISJOINT Y (CDR X)))
(EQUAL (LISTP (INTERSECTION (CDR X) Y))
T))
(NOT (DISJOINT X Y))).
This again simplifies, clearly, to the new goal:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (DISJOINT Y (CDR X)))
(LISTP (INTERSECTION (CDR X) Y)))
(NOT (DISJOINT X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (MEMBER Z Y)
(NOT (DISJOINT Y V))
(LISTP (INTERSECTION V Y)))
(NOT (DISJOINT (CONS Z V) Y))),
which further simplifies, applying DISJOINT-SYMMETRY, MEMBER-CONS, and
DISJOINT-NON-MEMBER, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(DISJOINT Y (CDR X))
(EQUAL (LISTP (INTERSECTION (CDR X) Y))
F))
(NOT (DISJOINT X Y))).
This again simplifies, trivially, to the new formula:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(DISJOINT Y (CDR X))
(NOT (LISTP (INTERSECTION (CDR X) Y))))
(NOT (DISJOINT X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain the new formula:
(IMPLIES (AND (MEMBER Z Y)
(DISJOINT Y V)
(NOT (LISTP (INTERSECTION V Y))))
(NOT (DISJOINT (CONS Z V) Y))),
which further simplifies, applying DISJOINT-SYMMETRY, MEMBER-CONS, and
DISJOINT-NON-MEMBER, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(EQUAL (LISTP (INTERSECTION (CDR X) Y))
(NOT (DISJOINT (CDR X) Y))))
(EQUAL (LISTP (INTERSECTION X Y))
(NOT (DISJOINT X Y)))).
This simplifies, rewriting with DISJOINT-SYMMETRY, and opening up the
definitions of NOT and INTERSECTION, to two new conjectures:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (DISJOINT Y (CDR X)))
(EQUAL (LISTP (INTERSECTION (CDR X) Y))
T))
(NOT (DISJOINT X Y))),
which again simplifies, clearly, to the new formula:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (DISJOINT Y (CDR X)))
(LISTP (INTERSECTION (CDR X) Y)))
(NOT (DISJOINT X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (DISJOINT Y V))
(LISTP (INTERSECTION V Y)))
(NOT (DISJOINT (CONS Z V) Y))),
which further simplifies, applying the lemmas DISJOINT-SYMMETRY and
DISJOINT-CONS-2, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(DISJOINT Y (CDR X))
(EQUAL (LISTP (INTERSECTION (CDR X) Y))
F))
(DISJOINT X Y)),
which again simplifies, clearly, to the new conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(DISJOINT Y (CDR X))
(NOT (LISTP (INTERSECTION (CDR X) Y))))
(DISJOINT X Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain the new formula:
(IMPLIES (AND (NOT (MEMBER Z Y))
(DISJOINT Y V)
(NOT (LISTP (INTERSECTION V Y))))
(DISJOINT (CONS Z V) Y)),
which further simplifies, applying DISJOINT-SYMMETRY and DISJOINT-CONS-2,
to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (LISTP (INTERSECTION X Y))
(NOT (DISJOINT X Y)))).
This simplifies, rewriting with SUBSETP-NLISTP, FIX-PROPERP-NLISTP,
INTERSECTION-ELIMINATION, and DISJOINT-NLISTP, and unfolding LISTP, OR,
NLISTP, NOT, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
LISTP-INTERSECTION
(PROVE-LEMMA LENGTH-SET-DIFF-LESSP
(REWRITE)
(IMPLIES (NOT (DISJOINT X NEW))
(LESSP (LENGTH (SET-DIFF X NEW))
(LENGTH X))))
WARNING: Note that the proposed lemma LENGTH-SET-DIFF-LESSP is to be stored
as zero type prescription rules, zero compound recognizer rules, one linear
rule, and zero replacement rules.
This simplifies, appealing to the lemmas DISJOINT-SYMMETRY and
LENGTH-SET-DIFF-OPENER, to the conjecture:
(IMPLIES (NOT (DISJOINT NEW X))
(LESSP (DIFFERENCE (LENGTH X)
(LENGTH (INTERSECTION X NEW)))
(LENGTH X))).
This again simplifies, using linear arithmetic and appealing to the lemmas
LESSP-LENGTH, DISJOINT-SYMMETRY, and LISTP-INTERSECTION, to:
(IMPLIES (AND (LESSP (LENGTH X)
(LENGTH (INTERSECTION X NEW)))
(NOT (DISJOINT NEW X)))
(LESSP (DIFFERENCE (LENGTH X)
(LENGTH (INTERSECTION X NEW)))
(LENGTH X))).
This again simplifies, using linear arithmetic and rewriting with the lemma
LENGTH-INTERSECTION, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
LENGTH-SET-DIFF-LESSP
(PROVE-LEMMA DISJOINT-IMPLIES-EMPTY-INTERSECTION
(REWRITE)
(IMPLIES (DISJOINT X Y)
(EQUAL (INTERSECTION X Y) NIL)))
This conjecture can be simplified, using the abbreviations IMPLIES and
INTERSECTION-DISJOINT, to:
T.
This simplifies, obviously, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-IMPLIES-EMPTY-INTERSECTION
(PROVE-LEMMA DISJOINT-INTERSECTION3-MIDDLE
(REWRITE)
(IMPLIES (DISJOINT Y (INTERSECTION X Z))
(EQUAL (INTERSECTION X (INTERSECTION Y Z))
NIL))
((USE (DISJOINT-WIT-WITNESSES (X X)
(Y (INTERSECTION Y Z))))))
This formula can be simplified, using the abbreviations IMPLIES and
INTERSECTION-DISJOINT, to:
(IMPLIES
(AND (EQUAL (DISJOINT X (INTERSECTION Y Z))
(NOT (AND (MEMBER (DISJOINT-WIT X (INTERSECTION Y Z))
X)
(MEMBER (DISJOINT-WIT X (INTERSECTION Y Z))
(INTERSECTION Y Z)))))
(DISJOINT Y (INTERSECTION X Z)))
(DISJOINT X (INTERSECTION Y Z))),
which simplifies, rewriting with MEMBER-INTERSECTION, MEMBER-SUBSETP,
SUBSETP-REFLEXIVITY, and DISJOINT-NON-MEMBER, and unfolding the definitions of
AND and NOT, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-INTERSECTION3-MIDDLE
(PROVE-LEMMA DISJOINT-SUBSETP-HACK
(REWRITE)
(IMPLIES (AND (DISJOINT X (INTERSECTION U V))
(SUBSETP W X))
(DISJOINT U (INTERSECTION W V)))
((USE (DISJOINT-WIT-WITNESSES (X U)
(Y (INTERSECTION W V)))
(DISJOINT-NON-MEMBER (A (DISJOINT-WIT U (INTERSECTION W V)))
(X X)
(Y (INTERSECTION U V)))
(MEMBER-SUBSETP (X (DISJOINT-WIT U (INTERSECTION W V)))
(Y W)
(Z X)))
(DISABLE DISJOINT-NON-MEMBER MEMBER-SUBSETP)))
WARNING: Note that DISJOINT-SUBSETP-HACK contains the free variable X which
will be chosen by instantiating the hypothesis (DISJOINT X (INTERSECTION U V)).
This conjecture simplifies, applying DISJOINT-INTERSECTION-COMMUTER,
MEMBER-INTERSECTION, SUBSETP-REFLEXIVITY, and SUBSETP-IS-TRANSITIVE, and
unfolding the definitions of AND, NOT, and IMPLIES, to:
T.
Q.E.D.
[ 0.0 0.1 0.0 ]
DISJOINT-SUBSETP-HACK
(PROVE-LEMMA SUBSETP-SET-DIFF-SUFFICIENCY
(REWRITE)
(IMPLIES (SUBSETP X Y)
(SUBSETP (SET-DIFF X Z) Y))
((ENABLE SET-DIFF)))
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Z)
(p (CDR X) Z Y))
(p X Z Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Z))
(p (CDR X) Z Y))
(p X Z Y))
(IMPLIES (NOT (LISTP X)) (p X Z Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates five new conjectures:
Case 5. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Z)
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (SET-DIFF X Z) Y)),
which simplifies, applying SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
opening up SET-DIFF, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Z)
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (SET-DIFF (CDR X) Z) Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V W) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (MEMBER V Z)
(NOT (SUBSETP W Y))
(SUBSETP (CONS V W) Y))
(SUBSETP (SET-DIFF W Z) Y)),
which further simplifies, rewriting with the lemma SUBSETP-CONS-1, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Z)
(SUBSETP (SET-DIFF (CDR X) Z) Y)
(SUBSETP X Y))
(SUBSETP (SET-DIFF X Z) Y)),
which simplifies, rewriting with the lemmas SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and SUBSETP-IS-TRANSITIVE, and expanding SET-DIFF, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Z))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (SET-DIFF X Z) Y)),
which simplifies, applying the lemma SUBSETP-CONS-1, and unfolding SET-DIFF,
to two new conjectures:
Case 3.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Z))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(MEMBER (CAR X) Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V W) to eliminate
(CAR X) and (CDR X). We thus obtain the new conjecture:
(IMPLIES (AND (NOT (MEMBER V Z))
(NOT (SUBSETP W Y))
(SUBSETP (CONS V W) Y))
(MEMBER V Y)),
which further simplifies, rewriting with SUBSETP-CONS-1, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Z))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (SET-DIFF (CDR X) Z) Y)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V W) to
eliminate (CAR X) and (CDR X). We must thus prove:
(IMPLIES (AND (NOT (MEMBER V Z))
(NOT (SUBSETP W Y))
(SUBSETP (CONS V W) Y))
(SUBSETP (SET-DIFF W Z) Y)).
This further simplifies, applying SUBSETP-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Z))
(SUBSETP (SET-DIFF (CDR X) Z) Y)
(SUBSETP X Y))
(SUBSETP (SET-DIFF X Z) Y)).
This simplifies, applying the lemmas SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, and SUBSETP-CONS-1, and expanding SET-DIFF, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Z))
(SUBSETP (SET-DIFF (CDR X) Z) Y)
(SUBSETP X Y))
(MEMBER (CAR X) Y)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V W) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (NOT (MEMBER V Z))
(SUBSETP (SET-DIFF W Z) Y)
(SUBSETP (CONS V W) Y))
(MEMBER V Y)),
which further simplifies, rewriting with SUBSETP-CONS-1, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SUBSETP X Y))
(SUBSETP (SET-DIFF X Z) Y)).
This simplifies, rewriting with SUBSETP-NLISTP and SET-DIFF-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-SET-DIFF-SUFFICIENCY
(PROVE-LEMMA SETP-INTERSECTION-SUFFICIENCY
(REWRITE)
(IMPLIES (SETP X)
(SETP (INTERSECTION X Y)))
((ENABLE INTERSECTION)))
Call the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following five new formulas:
Case 5. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SETP (CDR X)))
(SETP X))
(SETP (INTERSECTION X Y))).
This simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
MEMBER-INTERSECTION, and SETP-CONS, and expanding the function INTERSECTION,
to two new goals:
Case 5.2.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SETP (CDR X)))
(SETP X))
(NOT (MEMBER (CAR X) (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces the new formula:
(IMPLIES (AND (MEMBER Z Y)
(NOT (SETP V))
(SETP (CONS Z V)))
(NOT (MEMBER Z V))),
which further simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and SETP-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SETP (CDR X)))
(SETP X))
(SETP (INTERSECTION (CDR X) Y))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). The result is the goal:
(IMPLIES (AND (MEMBER Z Y)
(NOT (SETP V))
(SETP (CONS Z V)))
(SETP (INTERSECTION V Y))).
But this further simplifies, applying the lemma SETP-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SETP (INTERSECTION (CDR X) Y))
(SETP X))
(SETP (INTERSECTION X Y))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
MEMBER-INTERSECTION, and SETP-CONS, and opening up the definition of
INTERSECTION, to the new conjecture:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SETP (INTERSECTION (CDR X) Y))
(SETP X))
(NOT (MEMBER (CAR X) (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (MEMBER Z Y)
(SETP (INTERSECTION V Y))
(SETP (CONS Z V)))
(NOT (MEMBER Z V))),
which further simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and SETP-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SETP (CDR X)))
(SETP X))
(SETP (INTERSECTION X Y))).
This simplifies, opening up INTERSECTION, to the new conjecture:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SETP (CDR X)))
(SETP X))
(SETP (INTERSECTION (CDR X) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (SETP V))
(SETP (CONS Z V)))
(SETP (INTERSECTION V Y))),
which further simplifies, applying SETP-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SETP (INTERSECTION (CDR X) Y))
(SETP X))
(SETP (INTERSECTION X Y))).
This simplifies, opening up the function INTERSECTION, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SETP X))
(SETP (INTERSECTION X Y))).
This simplifies, applying SETP-NLISTP, DISJOINT-NLISTP, and
DISJOINT-IMPLIES-EMPTY-INTERSECTION, and opening up the definitions of
NLISTP, OR, and SETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SETP-INTERSECTION-SUFFICIENCY
(PROVE-LEMMA SETP-SET-DIFF-SUFFICIENCY
(REWRITE)
(IMPLIES (SETP X)
(SETP (SET-DIFF X Y)))
((ENABLE SET-DIFF)))
Call the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following five new formulas:
Case 5. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SETP (CDR X)))
(SETP X))
(SETP (SET-DIFF X Y))).
This simplifies, applying SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding the function SET-DIFF, to:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (SETP (CDR X)))
(SETP X))
(SETP (SET-DIFF (CDR X) Y))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). This generates:
(IMPLIES (AND (MEMBER Z Y)
(NOT (SETP V))
(SETP (CONS Z V)))
(SETP (SET-DIFF V Y))).
This further simplifies, rewriting with SETP-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(SETP (SET-DIFF (CDR X) Y))
(SETP X))
(SETP (SET-DIFF X Y))).
This simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding the definition of SET-DIFF, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SETP (CDR X)))
(SETP X))
(SETP (SET-DIFF X Y))),
which simplifies, applying the lemmas MEMBER-SET-DIFF and SETP-CONS, and
opening up SET-DIFF, to two new conjectures:
Case 3.2.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SETP (CDR X)))
(SETP X))
(NOT (MEMBER (CAR X) (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces the new goal:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (SETP V))
(SETP (CONS Z V)))
(NOT (MEMBER Z V))),
which further simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and SETP-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (SETP (CDR X)))
(SETP X))
(SETP (SET-DIFF (CDR X) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (SETP V))
(SETP (CONS Z V)))
(SETP (SET-DIFF V Y))),
which further simplifies, applying SETP-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SETP (SET-DIFF (CDR X) Y))
(SETP X))
(SETP (SET-DIFF X Y))).
This simplifies, applying the lemmas MEMBER-SET-DIFF and SETP-CONS, and
expanding the definition of SET-DIFF, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(SETP (SET-DIFF (CDR X) Y))
(SETP X))
(NOT (MEMBER (CAR X) (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER Z Y))
(SETP (SET-DIFF V Y))
(SETP (CONS Z V)))
(NOT (MEMBER Z V))),
which further simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
SETP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SETP X))
(SETP (SET-DIFF X Y))).
This simplifies, appealing to the lemmas SETP-NLISTP and SET-DIFF-NLISTP,
and expanding the function SETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SETP-SET-DIFF-SUFFICIENCY
(DISABLE FIX-PROPERP)
[ 0.0 0.0 0.0 ]
FIX-PROPERP-OFF
(PROVE-LEMMA SUBSETP-FIX-PROPERP-1
(REWRITE)
(EQUAL (SUBSETP (FIX-PROPERP X) Y)
(SUBSETP X Y))
((ENABLE SUBSETP)))
Name the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p X Y))
(IMPLIES (AND (NOT (NLISTP X)) (p (CDR X) Y))
(p X Y))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP establish that the measure (COUNT X) decreases according to the
well-founded relation LESSP in each induction step of the scheme. The above
induction scheme produces the following two new goals:
Case 2. (IMPLIES (NLISTP X)
(EQUAL (SUBSETP (FIX-PROPERP X) Y)
(SUBSETP X Y))).
This simplifies, applying FIX-PROPERP-NLISTP and SUBSETP-NLISTP, and
unfolding the definitions of NLISTP and EQUAL, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(EQUAL (SUBSETP (FIX-PROPERP (CDR X)) Y)
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP (FIX-PROPERP X) Y)
(SUBSETP X Y))),
which simplifies, unfolding the definitions of NLISTP and SUBSETP, to two
new goals:
Case 1.2.
(IMPLIES (AND (LISTP X)
(EQUAL (SUBSETP (FIX-PROPERP (CDR X)) Y)
(SUBSETP (CDR X) Y))
(NOT (MEMBER (CAR X) Y)))
(EQUAL (SUBSETP (FIX-PROPERP X) Y)
F)),
which again simplifies, clearly, to:
(IMPLIES (AND (LISTP X)
(EQUAL (SUBSETP (FIX-PROPERP (CDR X)) Y)
(SUBSETP (CDR X) Y))
(NOT (MEMBER (CAR X) Y)))
(NOT (SUBSETP (FIX-PROPERP X) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces:
(IMPLIES (AND (EQUAL (SUBSETP (FIX-PROPERP Z) Y)
(SUBSETP Z Y))
(NOT (MEMBER V Y)))
(NOT (SUBSETP (FIX-PROPERP (CONS V Z))
Y))),
which further simplifies, appealing to the lemmas FIX-PROPERP-CONS and
SUBSETP-CONS-1, to:
T.
Case 1.1.
(IMPLIES (AND (LISTP X)
(EQUAL (SUBSETP (FIX-PROPERP (CDR X)) Y)
(SUBSETP (CDR X) Y))
(MEMBER (CAR X) Y))
(EQUAL (SUBSETP (FIX-PROPERP X) Y)
(SUBSETP (CDR X) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces the new goal:
(IMPLIES (AND (EQUAL (SUBSETP (FIX-PROPERP Z) Y)
(SUBSETP Z Y))
(MEMBER V Y))
(EQUAL (SUBSETP (FIX-PROPERP (CONS V Z)) Y)
(SUBSETP Z Y))),
which further simplifies, applying FIX-PROPERP-CONS, SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, and SUBSETP-CONS-1, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-FIX-PROPERP-1
(PROVE-LEMMA SUBSETP-FIX-PROPERP-2
(REWRITE)
(EQUAL (SUBSETP X (FIX-PROPERP Y))
(SUBSETP X Y))
((ENABLE SUBSETP)))
Name the conjecture *1.
Perhaps we can prove it by induction. There are two plausible inductions.
However, they merge into one likely candidate induction. We will induct
according to the following scheme:
(AND (IMPLIES (NLISTP X) (p X Y))
(IMPLIES (AND (NOT (NLISTP X)) (p (CDR X) Y))
(p X Y))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP establish that the measure (COUNT X) decreases according to the
well-founded relation LESSP in each induction step of the scheme. The above
induction scheme produces the following two new goals:
Case 2. (IMPLIES (NLISTP X)
(EQUAL (SUBSETP X (FIX-PROPERP Y))
(SUBSETP X Y))).
This simplifies, applying SUBSETP-NLISTP, and unfolding the definitions of
NLISTP and EQUAL, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(EQUAL (SUBSETP (CDR X) (FIX-PROPERP Y))
(SUBSETP (CDR X) Y)))
(EQUAL (SUBSETP X (FIX-PROPERP Y))
(SUBSETP X Y))),
which simplifies, rewriting with MEMBER-FIX-PROPERP, and expanding the
definitions of NLISTP and SUBSETP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-FIX-PROPERP-2
(DEFN ALISTP
(X)
(IF (LISTP X)
(AND (LISTP (CAR X)) (ALISTP (CDR X)))
(EQUAL X NIL)))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, ALISTP is accepted under the principle of definition.
Note that (OR (FALSEP (ALISTP X)) (TRUEP (ALISTP X))) is a theorem.
[ 0.0 0.0 0.0 ]
ALISTP
(PROVE-LEMMA ALISTP-IMPLIES-PROPERP
(REWRITE)
(IMPLIES (ALISTP X) (PROPERP X)))
Call the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X)))
(p X))
(IMPLIES (NOT (LISTP X)) (p X))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(NOT (ALISTP (CDR X)))
(ALISTP X))
(PROPERP X)).
This simplifies, expanding the definition of ALISTP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(PROPERP (CDR X))
(ALISTP X))
(PROPERP X)).
This simplifies, expanding ALISTP, to:
(IMPLIES (AND (LISTP X)
(PROPERP (CDR X))
(LISTP (CAR X))
(ALISTP (CDR X)))
(PROPERP X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain the new formula:
(IMPLIES (AND (PROPERP Z) (LISTP V) (ALISTP Z))
(PROPERP (CONS V Z))),
which further simplifies, applying PROPERP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (ALISTP X))
(PROPERP X)).
This simplifies, opening up the functions ALISTP and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALISTP-IMPLIES-PROPERP
(PROVE-LEMMA ALISTP-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (ALISTP X) (EQUAL X NIL))))
This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to:
(IMPLIES (NOT (LISTP X))
(EQUAL (ALISTP X) (EQUAL X NIL))),
which simplifies, opening up ALISTP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
ALISTP-NLISTP
(PROVE-LEMMA ALISTP-CONS
(REWRITE)
(EQUAL (ALISTP (CONS A X))
(AND (LISTP A) (ALISTP X))))
This simplifies, rewriting with CDR-CONS and CAR-CONS, and expanding ALISTP
and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
ALISTP-CONS
(DISABLE ALISTP)
[ 0.0 0.0 0.0 ]
ALISTP-OFF
(PROVE-LEMMA ALISTP-APPEND
(REWRITE)
(EQUAL (ALISTP (APPEND X Y))
(AND (ALISTP (FIX-PROPERP X))
(ALISTP Y))))
This formula simplifies, opening up the function AND, to the following two new
goals:
Case 2. (IMPLIES (NOT (ALISTP (FIX-PROPERP X)))
(EQUAL (ALISTP (APPEND X Y)) F)).
This again simplifies, obviously, to the new formula:
(IMPLIES (NOT (ALISTP (FIX-PROPERP X)))
(NOT (ALISTP (APPEND X Y)))),
which we will name *1.
Case 1. (IMPLIES (ALISTP (FIX-PROPERP X))
(EQUAL (ALISTP (APPEND X Y))
(ALISTP Y))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(EQUAL (ALISTP (APPEND X Y))
(AND (ALISTP (FIX-PROPERP X))
(ALISTP Y))),
which we named *1 above. We will appeal to induction. There is only one
plausible induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to the following two new
conjectures:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (ALISTP (APPEND (CDR X) Y))
(AND (ALISTP (FIX-PROPERP (CDR X)))
(ALISTP Y))))
(EQUAL (ALISTP (APPEND X Y))
(AND (ALISTP (FIX-PROPERP X))
(ALISTP Y)))).
This simplifies, applying the lemma ALISTP-CONS, and opening up AND and
APPEND, to the following three new goals:
Case 2.3.
(IMPLIES (AND (LISTP X)
(NOT (ALISTP (FIX-PROPERP (CDR X))))
(EQUAL (ALISTP (APPEND (CDR X) Y)) F)
(ALISTP (FIX-PROPERP X)))
(NOT (ALISTP Y))).
This again simplifies, trivially, to the new goal:
(IMPLIES (AND (LISTP X)
(NOT (ALISTP (FIX-PROPERP (CDR X))))
(NOT (ALISTP (APPEND (CDR X) Y)))
(ALISTP (FIX-PROPERP X)))
(NOT (ALISTP Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain the new formula:
(IMPLIES (AND (NOT (ALISTP (FIX-PROPERP Z)))
(NOT (ALISTP (APPEND Z Y)))
(ALISTP (FIX-PROPERP (CONS V Z))))
(NOT (ALISTP Y))),
which further simplifies, applying the lemmas FIX-PROPERP-CONS and
ALISTP-CONS, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP X)
(ALISTP (FIX-PROPERP (CDR X)))
(EQUAL (ALISTP (APPEND (CDR X) Y))
(ALISTP Y))
(NOT (ALISTP (FIX-PROPERP X)))
(LISTP (CAR X)))
(EQUAL (ALISTP Y) F)),
which again simplifies, trivially, to:
(IMPLIES (AND (LISTP X)
(ALISTP (FIX-PROPERP (CDR X)))
(ALISTP (APPEND (CDR X) Y))
(NOT (ALISTP (FIX-PROPERP X)))
(LISTP (CAR X)))
(NOT (ALISTP Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (ALISTP (FIX-PROPERP Z))
(ALISTP (APPEND Z Y))
(NOT (ALISTP (FIX-PROPERP (CONS V Z))))
(LISTP V))
(NOT (ALISTP Y))),
which further simplifies, applying FIX-PROPERP-CONS and ALISTP-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(ALISTP (FIX-PROPERP (CDR X)))
(EQUAL (ALISTP (APPEND (CDR X) Y))
(ALISTP Y))
(ALISTP (FIX-PROPERP X))
(NOT (LISTP (CAR X))))
(EQUAL F (ALISTP Y))).
This again simplifies, trivially, to:
(IMPLIES (AND (LISTP X)
(ALISTP (FIX-PROPERP (CDR X)))
(ALISTP (APPEND (CDR X) Y))
(ALISTP (FIX-PROPERP X))
(NOT (LISTP (CAR X))))
(NOT (ALISTP Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new conjecture:
(IMPLIES (AND (ALISTP (FIX-PROPERP Z))
(ALISTP (APPEND Z Y))
(ALISTP (FIX-PROPERP (CONS V Z)))
(NOT (LISTP V)))
(NOT (ALISTP Y))),
which further simplifies, appealing to the lemmas FIX-PROPERP-CONS and
ALISTP-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (ALISTP (APPEND X Y))
(AND (ALISTP (FIX-PROPERP X))
(ALISTP Y)))),
which simplifies, applying FIX-PROPERP-NLISTP, and expanding the definitions
of APPEND, ALISTP, and AND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALISTP-APPEND
(DEFN DOMAIN
(MAP)
(IF (LISTP MAP)
(IF (LISTP (CAR MAP))
(CONS (CAR (CAR MAP))
(DOMAIN (CDR MAP)))
(DOMAIN (CDR MAP)))
NIL))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
recursive call. Hence, DOMAIN is accepted under the definitional principle.
Note that (OR (LITATOM (DOMAIN MAP)) (LISTP (DOMAIN MAP))) is a theorem.
[ 0.0 0.0 0.0 ]
DOMAIN
(PROVE-LEMMA PROPERP-DOMAIN
(REWRITE)
(PROPERP (DOMAIN MAP)))
Call the conjecture *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(p (CDR MAP)))
(p MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p (CDR MAP)))
(p MAP))
(IMPLIES (NOT (LISTP MAP)) (p MAP))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to three new
goals:
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(PROPERP (DOMAIN (CDR MAP))))
(PROPERP (DOMAIN MAP))),
which simplifies, applying PROPERP-CONS, and expanding the function DOMAIN,
to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(PROPERP (DOMAIN (CDR MAP))))
(PROPERP (DOMAIN MAP))).
This simplifies, expanding DOMAIN, to:
T.
Case 1. (IMPLIES (NOT (LISTP MAP))
(PROPERP (DOMAIN MAP))).
This simplifies, expanding the definitions of DOMAIN and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-DOMAIN
(PROVE-LEMMA DOMAIN-APPEND
(REWRITE)
(EQUAL (DOMAIN (APPEND X Y))
(APPEND (DOMAIN X) (DOMAIN Y))))
Call the conjecture *1.
Perhaps we can prove it by induction. Three inductions are suggested by
terms in the conjecture. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to two
new goals:
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (DOMAIN (APPEND (CDR X) Y))
(APPEND (DOMAIN (CDR X)) (DOMAIN Y))))
(EQUAL (DOMAIN (APPEND X Y))
(APPEND (DOMAIN X) (DOMAIN Y)))),
which simplifies, applying the lemmas CDR-CONS and CAR-CONS, and opening up
the definitions of APPEND and DOMAIN, to two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP X)
(EQUAL (DOMAIN (APPEND (CDR X) Y))
(APPEND (DOMAIN (CDR X)) (DOMAIN Y)))
(NOT (LISTP (CAR X))))
(EQUAL (DOMAIN (APPEND (CDR X) Y))
(APPEND (DOMAIN (CDR X))
(DOMAIN Y)))),
which again simplifies, trivially, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(EQUAL (DOMAIN (APPEND (CDR X) Y))
(APPEND (DOMAIN (CDR X)) (DOMAIN Y)))
(LISTP (CAR X)))
(EQUAL (CONS (CAAR X)
(DOMAIN (APPEND (CDR X) Y)))
(APPEND (CONS (CAAR X) (DOMAIN (CDR X)))
(DOMAIN Y)))).
But this again simplifies, rewriting with CDR-CONS and CAR-CONS, and
opening up the function APPEND, to:
T.
Case 1. (IMPLIES (NOT (LISTP X))
(EQUAL (DOMAIN (APPEND X Y))
(APPEND (DOMAIN X) (DOMAIN Y)))).
This simplifies, unfolding the definitions of APPEND, DOMAIN, and LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DOMAIN-APPEND
(PROVE-LEMMA DOMAIN-NLISTP
(REWRITE)
(IMPLIES (NLISTP MAP)
(EQUAL (DOMAIN MAP) NIL)))
This conjecture can be simplified, using the abbreviations NLISTP and IMPLIES,
to the conjecture:
(IMPLIES (NOT (LISTP MAP))
(EQUAL (DOMAIN MAP) NIL)).
This simplifies, expanding DOMAIN and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DOMAIN-NLISTP
(PROVE-LEMMA DOMAIN-CONS
(REWRITE)
(EQUAL (DOMAIN (CONS A MAP))
(IF (LISTP A)
(CONS (CAR A) (DOMAIN MAP))
(DOMAIN MAP))))
This formula simplifies, rewriting with the lemmas CDR-CONS and CAR-CONS, and
expanding DOMAIN, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DOMAIN-CONS
(PROVE-LEMMA MEMBER-DOMAIN-SUFFICIENCY
(REWRITE)
(IMPLIES (MEMBER (CONS A X) Y)
(MEMBER A (DOMAIN Y))))
WARNING: Note that MEMBER-DOMAIN-SUFFICIENCY contains the free variable X
which will be chosen by instantiating the hypothesis (MEMBER (CONS A X) Y).
Give the conjecture the name *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP Y)
(LISTP (CAR Y))
(p A (CDR Y) X))
(p A Y X))
(IMPLIES (AND (LISTP Y)
(NOT (LISTP (CAR Y)))
(p A (CDR Y) X))
(p A Y X))
(IMPLIES (NOT (LISTP Y)) (p A Y X))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT Y)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates five new goals:
Case 5. (IMPLIES (AND (LISTP Y)
(LISTP (CAR Y))
(NOT (MEMBER (CONS A X) (CDR Y)))
(MEMBER (CONS A X) Y))
(MEMBER A (DOMAIN Y))),
which simplifies, applying MEMBER-CONS, and unfolding the function DOMAIN,
to:
(IMPLIES (AND (LISTP Y)
(LISTP (CAR Y))
(NOT (MEMBER (CONS A X) (CDR Y)))
(MEMBER (CONS A X) Y)
(NOT (EQUAL A (CAAR Y))))
(MEMBER A (DOMAIN (CDR Y)))).
Applying the lemma CAR-CDR-ELIM, replace Y by (CONS Z V) to eliminate
(CAR Y) and (CDR Y) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
This produces:
(IMPLIES (AND (NOT (MEMBER (CONS A X) V))
(MEMBER (CONS A X)
(CONS (CONS W D) V))
(NOT (EQUAL A W)))
(MEMBER A (DOMAIN V))),
which further simplifies, rewriting with CAR-CONS and MEMBER-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP Y)
(LISTP (CAR Y))
(MEMBER A (DOMAIN (CDR Y)))
(MEMBER (CONS A X) Y))
(MEMBER A (DOMAIN Y))).
This simplifies, rewriting with SUBSETP-CONS-2, SUBSETP-REFLEXIVITY, and
MEMBER-SUBSETP, and unfolding the function DOMAIN, to:
T.
Case 3. (IMPLIES (AND (LISTP Y)
(NOT (LISTP (CAR Y)))
(NOT (MEMBER (CONS A X) (CDR Y)))
(MEMBER (CONS A X) Y))
(MEMBER A (DOMAIN Y))),
which simplifies, opening up the function DOMAIN, to the conjecture:
(IMPLIES (AND (LISTP Y)
(NOT (LISTP (CAR Y)))
(NOT (MEMBER (CONS A X) (CDR Y)))
(MEMBER (CONS A X) Y))
(MEMBER A (DOMAIN (CDR Y)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace Y by (CONS Z V) to
eliminate (CAR Y) and (CDR Y). The result is:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (MEMBER (CONS A X) V))
(MEMBER (CONS A X) (CONS Z V)))
(MEMBER A (DOMAIN V))).
This further simplifies, rewriting with MEMBER-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP Y)
(NOT (LISTP (CAR Y)))
(MEMBER A (DOMAIN (CDR Y)))
(MEMBER (CONS A X) Y))
(MEMBER A (DOMAIN Y))).
This simplifies, applying SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
opening up the function DOMAIN, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP Y))
(MEMBER (CONS A X) Y))
(MEMBER A (DOMAIN Y))),
which simplifies, rewriting with MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-DOMAIN-SUFFICIENCY
(PROVE-LEMMA SUBSETP-DOMAIN
(REWRITE)
(IMPLIES (SUBSETP X Y)
(SUBSETP (DOMAIN X) (DOMAIN Y))))
Name the conjecture *1.
We will appeal to induction. The recursive terms in the conjecture
suggest two inductions, both of which are unflawed. Since both of these are
equally likely, we will choose arbitrarily. We will induct according to the
following scheme:
(AND (IMPLIES (AND (LISTP X)
(LISTP (CAR X))
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (LISTP (CAR X)))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following five new
formulas:
Case 5. (IMPLIES (AND (LISTP X)
(LISTP (CAR X))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (DOMAIN X) (DOMAIN Y))).
This simplifies, applying SUBSETP-CONS-1, and expanding DOMAIN, to two new
conjectures:
Case 5.2.
(IMPLIES (AND (LISTP X)
(LISTP (CAR X))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(MEMBER (CAAR X) (DOMAIN Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We thus obtain the new formula:
(IMPLIES (AND (NOT (SUBSETP V Y))
(SUBSETP (CONS (CONS W D) V) Y))
(MEMBER W (DOMAIN Y))),
which further simplifies, applying the lemma SUBSETP-CONS-1, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP X)
(LISTP (CAR X))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (DOMAIN (CDR X))
(DOMAIN Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). This produces the new goal:
(IMPLIES (AND (LISTP Z)
(NOT (SUBSETP V Y))
(SUBSETP (CONS Z V) Y))
(SUBSETP (DOMAIN V) (DOMAIN Y))),
which further simplifies, rewriting with SUBSETP-CONS-1, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(LISTP (CAR X))
(SUBSETP (DOMAIN (CDR X)) (DOMAIN Y))
(SUBSETP X Y))
(SUBSETP (DOMAIN X) (DOMAIN Y))).
This simplifies, rewriting with SUBSETP-REFLEXIVITY, SUBSETP-IS-TRANSITIVE,
and SUBSETP-CONS-1, and expanding the function DOMAIN, to:
(IMPLIES (AND (LISTP X)
(LISTP (CAR X))
(SUBSETP (DOMAIN (CDR X)) (DOMAIN Y))
(SUBSETP X Y))
(MEMBER (CAAR X) (DOMAIN Y))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This generates:
(IMPLIES (AND (SUBSETP (DOMAIN V) (DOMAIN Y))
(SUBSETP (CONS (CONS W D) V) Y))
(MEMBER W (DOMAIN Y))).
But this further simplifies, applying SUBSETP-CONS-1 and
MEMBER-DOMAIN-SUFFICIENCY, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (LISTP (CAR X)))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (DOMAIN X) (DOMAIN Y))).
This simplifies, opening up the function DOMAIN, to the new formula:
(IMPLIES (AND (LISTP X)
(NOT (LISTP (CAR X)))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (DOMAIN (CDR X))
(DOMAIN Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain the new formula:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (SUBSETP V Y))
(SUBSETP (CONS Z V) Y))
(SUBSETP (DOMAIN V) (DOMAIN Y))),
which further simplifies, applying SUBSETP-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (LISTP (CAR X)))
(SUBSETP (DOMAIN (CDR X)) (DOMAIN Y))
(SUBSETP X Y))
(SUBSETP (DOMAIN X) (DOMAIN Y))).
This simplifies, rewriting with SUBSETP-REFLEXIVITY and
SUBSETP-IS-TRANSITIVE, and opening up the definition of DOMAIN, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SUBSETP X Y))
(SUBSETP (DOMAIN X) (DOMAIN Y))),
which simplifies, applying the lemmas SUBSETP-NLISTP and DOMAIN-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-DOMAIN
(DISABLE DOMAIN)
[ 0.0 0.0 0.0 ]
DOMAIN-OFF
(DEFN RANGE
(MAP)
(IF (LISTP MAP)
(IF (LISTP (CAR MAP))
(CONS (CDR (CAR MAP))
(RANGE (CDR MAP)))
(RANGE (CDR MAP)))
NIL))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
recursive call. Hence, RANGE is accepted under the definitional principle.
Note that (OR (LITATOM (RANGE MAP)) (LISTP (RANGE MAP))) is a theorem.
[ 0.0 0.0 0.0 ]
RANGE
(PROVE-LEMMA PROPERP-RANGE
(REWRITE)
(PROPERP (RANGE MAP)))
Call the conjecture *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(p (CDR MAP)))
(p MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p (CDR MAP)))
(p MAP))
(IMPLIES (NOT (LISTP MAP)) (p MAP))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to three new
goals:
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(PROPERP (RANGE (CDR MAP))))
(PROPERP (RANGE MAP))),
which simplifies, applying PROPERP-CONS, and expanding the function RANGE,
to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(PROPERP (RANGE (CDR MAP))))
(PROPERP (RANGE MAP))).
This simplifies, expanding RANGE, to:
T.
Case 1. (IMPLIES (NOT (LISTP MAP))
(PROPERP (RANGE MAP))).
This simplifies, expanding the definitions of RANGE and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-RANGE
(PROVE-LEMMA RANGE-APPEND
(REWRITE)
(EQUAL (RANGE (APPEND S1 S2))
(APPEND (RANGE S1) (RANGE S2))))
Call the conjecture *1.
Perhaps we can prove it by induction. Three inductions are suggested by
terms in the conjecture. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP S1) (p (CDR S1) S2))
(p S1 S2))
(IMPLIES (NOT (LISTP S1)) (p S1 S2))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT S1) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to two
new goals:
Case 2. (IMPLIES (AND (LISTP S1)
(EQUAL (RANGE (APPEND (CDR S1) S2))
(APPEND (RANGE (CDR S1)) (RANGE S2))))
(EQUAL (RANGE (APPEND S1 S2))
(APPEND (RANGE S1) (RANGE S2)))),
which simplifies, applying the lemmas CDR-CONS and CAR-CONS, and opening up
the definitions of APPEND and RANGE, to two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP S1)
(EQUAL (RANGE (APPEND (CDR S1) S2))
(APPEND (RANGE (CDR S1)) (RANGE S2)))
(NOT (LISTP (CAR S1))))
(EQUAL (RANGE (APPEND (CDR S1) S2))
(APPEND (RANGE (CDR S1))
(RANGE S2)))),
which again simplifies, trivially, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S1)
(EQUAL (RANGE (APPEND (CDR S1) S2))
(APPEND (RANGE (CDR S1)) (RANGE S2)))
(LISTP (CAR S1)))
(EQUAL (CONS (CDAR S1)
(RANGE (APPEND (CDR S1) S2)))
(APPEND (CONS (CDAR S1) (RANGE (CDR S1)))
(RANGE S2)))).
But this again simplifies, rewriting with CDR-CONS and CAR-CONS, and
opening up the function APPEND, to:
T.
Case 1. (IMPLIES (NOT (LISTP S1))
(EQUAL (RANGE (APPEND S1 S2))
(APPEND (RANGE S1) (RANGE S2)))).
This simplifies, unfolding the definitions of APPEND, RANGE, and LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
RANGE-APPEND
(PROVE-LEMMA RANGE-NLISTP
(REWRITE)
(IMPLIES (NLISTP MAP)
(EQUAL (RANGE MAP) NIL)))
This conjecture can be simplified, using the abbreviations NLISTP and IMPLIES,
to the conjecture:
(IMPLIES (NOT (LISTP MAP))
(EQUAL (RANGE MAP) NIL)).
This simplifies, expanding RANGE and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
RANGE-NLISTP
(PROVE-LEMMA RANGE-CONS
(REWRITE)
(EQUAL (RANGE (CONS A MAP))
(IF (LISTP A)
(CONS (CDR A) (RANGE MAP))
(RANGE MAP))))
This formula simplifies, rewriting with the lemmas CDR-CONS and CAR-CONS, and
expanding RANGE, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
RANGE-CONS
(DISABLE RANGE)
[ 0.0 0.0 0.0 ]
RANGE-OFF
(DEFN VALUE
(X MAP)
(IF (LISTP MAP)
(IF (AND (LISTP (CAR MAP))
(EQUAL X (CAAR MAP)))
(CDAR MAP)
(VALUE X (CDR MAP)))
0))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
recursive call. Hence, VALUE is accepted under the principle of definition.
[ 0.0 0.0 0.0 ]
VALUE
(PROVE-LEMMA VALUE-NLISTP
(REWRITE)
(IMPLIES (NLISTP MAP)
(EQUAL (VALUE X MAP) 0)))
This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to:
(IMPLIES (NOT (LISTP MAP))
(EQUAL (VALUE X MAP) 0)),
which simplifies, opening up the functions VALUE and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VALUE-NLISTP
(PROVE-LEMMA VALUE-CONS
(REWRITE)
(EQUAL (VALUE X (CONS PAIR MAP))
(IF (AND (LISTP PAIR)
(EQUAL X (CAR PAIR)))
(CDR PAIR)
(VALUE X MAP))))
This formula simplifies, rewriting with CDR-CONS and CAR-CONS, and opening up
the definitions of VALUE and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.2 ]
VALUE-CONS
(DISABLE VALUE)
[ 0.0 0.0 0.0 ]
VALUE-OFF
(DEFN BIND
(X V MAP)
(IF (LISTP MAP)
(IF (LISTP (CAR MAP))
(IF (EQUAL X (CAAR MAP))
(CONS (CONS X V) (CDR MAP))
(CONS (CAR MAP) (BIND X V (CDR MAP))))
(CONS (CAR MAP) (BIND X V (CDR MAP))))
(CONS (CONS X V) NIL)))
Linear arithmetic and the lemma CDR-LESSP can be used to show that the
measure (COUNT MAP) decreases according to the well-founded relation LESSP in
each recursive call. Hence, BIND is accepted under the principle of
definition. Note that (LISTP (BIND X V MAP)) is a theorem.
[ 0.0 0.0 0.0 ]
BIND
(DEFN REMBIND
(X MAP)
(IF (LISTP MAP)
(IF (LISTP (CAR MAP))
(IF (EQUAL X (CAAR MAP))
(CDR MAP)
(CONS (CAR MAP)
(REMBIND X (CDR MAP))))
(CONS (CAR MAP)
(REMBIND X (CDR MAP))))
NIL))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
recursive call. Hence, REMBIND is accepted under the principle of definition.
[ 0.0 0.0 0.0 ]
REMBIND
(DEFN INVERT
(MAP)
(IF (LISTP MAP)
(IF (LISTP (CAR MAP))
(CONS (CONS (CDR (CAR MAP)) (CAR (CAR MAP)))
(INVERT (CDR MAP)))
(INVERT (CDR MAP)))
NIL))
Linear arithmetic and the lemma CDR-LESSP establish that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
recursive call. Hence, INVERT is accepted under the principle of definition.
Note that (OR (LITATOM (INVERT MAP)) (LISTP (INVERT MAP))) is a theorem.
[ 0.0 0.0 0.0 ]
INVERT
(PROVE-LEMMA PROPERP-INVERT
(REWRITE)
(PROPERP (INVERT MAP)))
Call the conjecture *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(p (CDR MAP)))
(p MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p (CDR MAP)))
(p MAP))
(IMPLIES (NOT (LISTP MAP)) (p MAP))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to three new
goals:
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(PROPERP (INVERT (CDR MAP))))
(PROPERP (INVERT MAP))),
which simplifies, applying PROPERP-CONS, and expanding the function INVERT,
to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(PROPERP (INVERT (CDR MAP))))
(PROPERP (INVERT MAP))).
This simplifies, expanding INVERT, to:
T.
Case 1. (IMPLIES (NOT (LISTP MAP))
(PROPERP (INVERT MAP))).
This simplifies, expanding the definitions of INVERT and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-INVERT
(PROVE-LEMMA INVERT-NLISTP
(REWRITE)
(IMPLIES (NLISTP MAP)
(EQUAL (INVERT MAP) NIL)))
This conjecture can be simplified, using the abbreviations NLISTP and IMPLIES,
to the conjecture:
(IMPLIES (NOT (LISTP MAP))
(EQUAL (INVERT MAP) NIL)).
This simplifies, expanding INVERT and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
INVERT-NLISTP
(PROVE-LEMMA INVERT-CONS
(REWRITE)
(EQUAL (INVERT (CONS PAIR MAP))
(IF (LISTP PAIR)
(CONS (CONS (CDR PAIR) (CAR PAIR))
(INVERT MAP))
(INVERT MAP))))
This formula simplifies, rewriting with CDR-CONS and CAR-CONS, and opening up
the definition of INVERT, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
INVERT-CONS
(PROVE-LEMMA VALUE-INVERT-NOT-MEMBER-OF-DOMAIN
(REWRITE)
(IMPLIES (AND (MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT SG))
(DOMAIN S)))))
Name the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(p G (CDR SG) S))
(p G SG S))
(IMPLIES (AND (LISTP SG)
(NOT (LISTP (CAR SG)))
(p G (CDR SG) S))
(p G SG S))
(IMPLIES (NOT (LISTP SG))
(p G SG S))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT SG) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following seven new conjectures:
Case 7. (IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (MEMBER G (RANGE (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT SG))
(DOMAIN S)))).
This simplifies, applying CAR-CONS, CDR-CONS, and VALUE-CONS, and opening up
the definition of INVERT, to two new goals:
Case 7.2.
(IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (MEMBER G (RANGE (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG))
(NOT (EQUAL G (CDAR SG))))
(NOT (MEMBER (VALUE G (INVERT (CDR SG)))
(DOMAIN S)))).
Applying the lemma CAR-CDR-ELIM, replace SG by (CONS X Z) to eliminate
(CAR SG) and (CDR SG) and X by (CONS W V) to eliminate (CDR X) and (CAR X).
This produces:
(IMPLIES (AND (NOT (MEMBER G (RANGE Z)))
(MEMBER G (RANGE (CONS (CONS W V) Z)))
(DISJOINT (DOMAIN S)
(DOMAIN (CONS (CONS W V) Z)))
(NOT (EQUAL G V)))
(NOT (MEMBER (VALUE G (INVERT Z))
(DOMAIN S)))),
which further simplifies, rewriting with CDR-CONS, RANGE-CONS, and
MEMBER-CONS, to:
T.
Case 7.1.
(IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (MEMBER G (RANGE (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG))
(EQUAL G (CDAR SG)))
(NOT (MEMBER (CAAR SG) (DOMAIN S)))).
This again simplifies, obviously, to:
(IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (MEMBER (CDAR SG) (RANGE (CDR SG))))
(MEMBER (CDAR SG) (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (CAAR SG) (DOMAIN S)))).
Applying the lemma CAR-CDR-ELIM, replace SG by (CONS X Z) to eliminate
(CAR SG) and (CDR SG) and X by (CONS W V) to eliminate (CDR X) and (CAR X).
We thus obtain:
(IMPLIES (AND (NOT (MEMBER V (RANGE Z)))
(MEMBER V (RANGE (CONS (CONS W V) Z)))
(DISJOINT (DOMAIN S)
(DOMAIN (CONS (CONS W V) Z))))
(NOT (MEMBER W (DOMAIN S)))),
which further simplifies, rewriting with the lemmas CDR-CONS, RANGE-CONS,
MEMBER-CONS, CAR-CONS, DOMAIN-CONS, and DISJOINT-NON-MEMBER, to:
T.
Case 6. (IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (DISJOINT (DOMAIN S)
(DOMAIN (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT SG))
(DOMAIN S)))),
which simplifies, applying CAR-CONS, CDR-CONS, and VALUE-CONS, and opening
up INVERT, to the following two new goals:
Case 6.2.
(IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (DISJOINT (DOMAIN S)
(DOMAIN (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG))
(NOT (EQUAL G (CDAR SG))))
(NOT (MEMBER (VALUE G (INVERT (CDR SG)))
(DOMAIN S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace SG by (CONS X Z) to
eliminate (CAR SG) and (CDR SG) and X by (CONS W V) to eliminate (CDR X)
and (CAR X). We must thus prove:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S) (DOMAIN Z)))
(MEMBER G (RANGE (CONS (CONS W V) Z)))
(DISJOINT (DOMAIN S)
(DOMAIN (CONS (CONS W V) Z)))
(NOT (EQUAL G V)))
(NOT (MEMBER (VALUE G (INVERT Z))
(DOMAIN S)))).
However this further simplifies, applying CDR-CONS, RANGE-CONS,
MEMBER-CONS, CAR-CONS, DOMAIN-CONS, and DISJOINT-CONS-2, to:
T.
Case 6.1.
(IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (DISJOINT (DOMAIN S)
(DOMAIN (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG))
(EQUAL G (CDAR SG)))
(NOT (MEMBER (CAAR SG) (DOMAIN S)))).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (DISJOINT (DOMAIN S)
(DOMAIN (CDR SG))))
(MEMBER (CDAR SG) (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (CAAR SG) (DOMAIN S)))).
Applying the lemma CAR-CDR-ELIM, replace SG by (CONS X Z) to eliminate
(CAR SG) and (CDR SG) and X by (CONS W V) to eliminate (CDR X) and (CAR X).
We would thus like to prove the new goal:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S) (DOMAIN Z)))
(MEMBER V (RANGE (CONS (CONS W V) Z)))
(DISJOINT (DOMAIN S)
(DOMAIN (CONS (CONS W V) Z))))
(NOT (MEMBER W (DOMAIN S)))),
which further simplifies, applying CDR-CONS, RANGE-CONS, MEMBER-CONS,
CAR-CONS, DOMAIN-CONS, and DISJOINT-NON-MEMBER, to:
T.
Case 5. (IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (MEMBER (VALUE G (INVERT (CDR SG)))
(DOMAIN S)))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT SG))
(DOMAIN S)))).
This simplifies, applying CAR-CONS, CDR-CONS, and VALUE-CONS, and expanding
INVERT, to:
(IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (MEMBER (VALUE G (INVERT (CDR SG)))
(DOMAIN S)))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG))
(EQUAL G (CDAR SG)))
(NOT (MEMBER (CAAR SG) (DOMAIN S)))).
This again simplifies, trivially, to:
(IMPLIES (AND (LISTP SG)
(LISTP (CAR SG))
(NOT (MEMBER (VALUE (CDAR SG) (INVERT (CDR SG)))
(DOMAIN S)))
(MEMBER (CDAR SG) (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (CAAR SG) (DOMAIN S)))).
Applying the lemma CAR-CDR-ELIM, replace SG by (CONS X Z) to eliminate
(CAR SG) and (CDR SG) and X by (CONS W V) to eliminate (CDR X) and (CAR X).
We thus obtain:
(IMPLIES (AND (NOT (MEMBER (VALUE V (INVERT Z))
(DOMAIN S)))
(MEMBER V (RANGE (CONS (CONS W V) Z)))
(DISJOINT (DOMAIN S)
(DOMAIN (CONS (CONS W V) Z))))
(NOT (MEMBER W (DOMAIN S)))),
which further simplifies, rewriting with CDR-CONS, RANGE-CONS, MEMBER-CONS,
CAR-CONS, DOMAIN-CONS, and DISJOINT-NON-MEMBER, to:
T.
Case 4. (IMPLIES (AND (LISTP SG)
(NOT (LISTP (CAR SG)))
(NOT (MEMBER G (RANGE (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT SG))
(DOMAIN S)))).
This simplifies, opening up INVERT, to:
(IMPLIES (AND (LISTP SG)
(NOT (LISTP (CAR SG)))
(NOT (MEMBER G (RANGE (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT (CDR SG)))
(DOMAIN S)))).
Applying the lemma CAR-CDR-ELIM, replace SG by (CONS X Z) to eliminate
(CAR SG) and (CDR SG). We thus obtain:
(IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER G (RANGE Z)))
(MEMBER G (RANGE (CONS X Z)))
(DISJOINT (DOMAIN S)
(DOMAIN (CONS X Z))))
(NOT (MEMBER (VALUE G (INVERT Z))
(DOMAIN S)))),
which further simplifies, rewriting with RANGE-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP SG)
(NOT (LISTP (CAR SG)))
(NOT (DISJOINT (DOMAIN S)
(DOMAIN (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT SG))
(DOMAIN S)))).
This simplifies, opening up INVERT, to the new conjecture:
(IMPLIES (AND (LISTP SG)
(NOT (LISTP (CAR SG)))
(NOT (DISJOINT (DOMAIN S)
(DOMAIN (CDR SG))))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT (CDR SG)))
(DOMAIN S)))).
Applying the lemma CAR-CDR-ELIM, replace SG by (CONS X Z) to eliminate
(CAR SG) and (CDR SG). We would thus like to prove:
(IMPLIES (AND (NOT (LISTP X))
(NOT (DISJOINT (DOMAIN S) (DOMAIN Z)))
(MEMBER G (RANGE (CONS X Z)))
(DISJOINT (DOMAIN S)
(DOMAIN (CONS X Z))))
(NOT (MEMBER (VALUE G (INVERT Z))
(DOMAIN S)))),
which further simplifies, applying RANGE-CONS and DOMAIN-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP SG)
(NOT (LISTP (CAR SG)))
(NOT (MEMBER (VALUE G (INVERT (CDR SG)))
(DOMAIN S)))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT SG))
(DOMAIN S)))).
This simplifies, opening up the function INVERT, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP SG))
(MEMBER G (RANGE SG))
(DISJOINT (DOMAIN S) (DOMAIN SG)))
(NOT (MEMBER (VALUE G (INVERT SG))
(DOMAIN S)))).
This simplifies, applying RANGE-NLISTP and MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VALUE-INVERT-NOT-MEMBER-OF-DOMAIN
(DISABLE INVERT)
[ 0.0 0.0 0.0 ]
INVERT-OFF
(DEFN MAPPING
(MAP)
(AND (ALISTP MAP)
(SETP (DOMAIN MAP))))
From the definition we can conclude that:
(OR (FALSEP (MAPPING MAP))
(TRUEP (MAPPING MAP)))
is a theorem.
[ 0.0 0.0 0.0 ]
MAPPING
(PROVE-LEMMA MAPPING-IMPLIES-ALISTP
(REWRITE)
(IMPLIES (MAPPING MAP) (ALISTP MAP)))
This formula can be simplified, using the abbreviations MAPPING and IMPLIES,
to:
T,
which simplifies, trivially, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MAPPING-IMPLIES-ALISTP
(PROVE-LEMMA MAPPING-IMPLIES-SETP-DOMAIN
(REWRITE)
(IMPLIES (MAPPING MAP)
(SETP (DOMAIN MAP))))
This formula can be simplified, using the abbreviations MAPPING and IMPLIES,
to:
T,
which simplifies, trivially, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MAPPING-IMPLIES-SETP-DOMAIN
(DEFN RESTRICT
(S NEW-DOMAIN)
(IF (LISTP S)
(IF (AND (LISTP (CAR S))
(MEMBER (CAAR S) NEW-DOMAIN))
(CONS (CAR S)
(RESTRICT (CDR S) NEW-DOMAIN))
(RESTRICT (CDR S) NEW-DOMAIN))
NIL))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT S) decreases according to the well-founded relation LESSP in each
recursive call. Hence, RESTRICT is accepted under the principle of definition.
Note that:
(OR (LITATOM (RESTRICT S NEW-DOMAIN))
(LISTP (RESTRICT S NEW-DOMAIN)))
is a theorem.
[ 0.0 0.0 0.0 ]
RESTRICT
(DEFN CO-RESTRICT
(S NEW-DOMAIN)
(IF (LISTP S)
(IF (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) NEW-DOMAIN)))
(CONS (CAR S)
(CO-RESTRICT (CDR S) NEW-DOMAIN))
(CO-RESTRICT (CDR S) NEW-DOMAIN))
NIL))
Linear arithmetic and the lemma CDR-LESSP establish that the measure
(COUNT S) decreases according to the well-founded relation LESSP in each
recursive call. Hence, CO-RESTRICT is accepted under the principle of
definition. From the definition we can conclude that:
(OR (LITATOM (CO-RESTRICT S NEW-DOMAIN))
(LISTP (CO-RESTRICT S NEW-DOMAIN)))
is a theorem.
[ 0.0 0.0 0.0 ]
CO-RESTRICT
(DEFTHEORY ALIST-DEFNS
(ALISTP DOMAIN RANGE VALUE BIND REMBIND INVERT MAPPING RESTRICT
CO-RESTRICT))
[ 0.0 0.0 0.0 ]
ALIST-DEFNS
(PROVE-LEMMA DOMAIN-RESTRICT
(REWRITE)
(EQUAL (DOMAIN (RESTRICT S DOM))
(INTERSECTION (DOMAIN S) DOM))
((ENABLE RESTRICT)))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) DOM))
(p (CDR S) DOM))
(p S DOM))
(IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) DOM)))
(p (CDR S) DOM))
(p S DOM))
(IMPLIES (NOT (LISTP S)) (p S DOM))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
formulas:
Case 3. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) DOM))
(EQUAL (DOMAIN (RESTRICT (CDR S) DOM))
(INTERSECTION (DOMAIN (CDR S)) DOM)))
(EQUAL (DOMAIN (RESTRICT S DOM))
(INTERSECTION (DOMAIN S) DOM))).
This simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
DOMAIN-CONS, and expanding AND and RESTRICT, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER (CAAR S) DOM)
(EQUAL (DOMAIN (RESTRICT (CDR S) DOM))
(INTERSECTION (DOMAIN (CDR S)) DOM)))
(EQUAL (CONS (CAAR S)
(DOMAIN (RESTRICT (CDR S) DOM)))
(INTERSECTION (DOMAIN S) DOM))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). The result is the goal:
(IMPLIES (AND (MEMBER V DOM)
(EQUAL (DOMAIN (RESTRICT Z DOM))
(INTERSECTION (DOMAIN Z) DOM)))
(EQUAL (CONS V (DOMAIN (RESTRICT Z DOM)))
(INTERSECTION (DOMAIN (CONS (CONS V W) Z))
DOM))).
But this further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS,
SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and INTERSECTION-CONS-1, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) DOM)))
(EQUAL (DOMAIN (RESTRICT (CDR S) DOM))
(INTERSECTION (DOMAIN (CDR S)) DOM)))
(EQUAL (DOMAIN (RESTRICT S DOM))
(INTERSECTION (DOMAIN S) DOM))),
which simplifies, unfolding the functions AND and RESTRICT, to two new goals:
Case 2.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (DOMAIN (RESTRICT (CDR S) DOM))
(INTERSECTION (DOMAIN (CDR S)) DOM)))
(EQUAL (DOMAIN (RESTRICT (CDR S) DOM))
(INTERSECTION (DOMAIN S) DOM))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). This produces the new formula:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (DOMAIN (RESTRICT Z DOM))
(INTERSECTION (DOMAIN Z) DOM)))
(EQUAL (DOMAIN (RESTRICT Z DOM))
(INTERSECTION (DOMAIN (CONS X Z))
DOM))),
which further simplifies, applying DOMAIN-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S)
(NOT (MEMBER (CAAR S) DOM))
(EQUAL (DOMAIN (RESTRICT (CDR S) DOM))
(INTERSECTION (DOMAIN (CDR S)) DOM)))
(EQUAL (DOMAIN (RESTRICT (CDR S) DOM))
(INTERSECTION (DOMAIN S) DOM))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). This generates two new formulas:
Case 2.1.2.
(IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER (CAR X) DOM))
(EQUAL (DOMAIN (RESTRICT Z DOM))
(INTERSECTION (DOMAIN Z) DOM)))
(EQUAL (DOMAIN (RESTRICT Z DOM))
(INTERSECTION (DOMAIN (CONS X Z))
DOM))),
which further simplifies, applying CAR-NLISTP and DOMAIN-CONS, to:
T.
Case 2.1.1.
(IMPLIES (AND (NOT (MEMBER V DOM))
(EQUAL (DOMAIN (RESTRICT Z DOM))
(INTERSECTION (DOMAIN Z) DOM)))
(EQUAL (DOMAIN (RESTRICT Z DOM))
(INTERSECTION (DOMAIN (CONS (CONS V W) Z))
DOM))).
However this further simplifies, appealing to the lemmas CAR-CONS,
DOMAIN-CONS, and INTERSECTION-CONS-1, to:
T.
Case 1. (IMPLIES (NOT (LISTP S))
(EQUAL (DOMAIN (RESTRICT S DOM))
(INTERSECTION (DOMAIN S) DOM))),
which simplifies, appealing to the lemmas DOMAIN-NLISTP, DISJOINT-NLISTP,
and DISJOINT-IMPLIES-EMPTY-INTERSECTION, and opening up the functions
RESTRICT, DOMAIN, NLISTP, OR, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
DOMAIN-RESTRICT
(PROVE-LEMMA DOMAIN-CO-RESTRICT
(REWRITE)
(EQUAL (DOMAIN (CO-RESTRICT S DOM))
(SET-DIFF (DOMAIN S) DOM))
((ENABLE CO-RESTRICT)))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) DOM)))
(p (CDR S) DOM))
(p S DOM))
(IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) DOM))))
(p (CDR S) DOM))
(p S DOM))
(IMPLIES (NOT (LISTP S)) (p S DOM))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
formulas:
Case 3. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) DOM)))
(EQUAL (DOMAIN (CO-RESTRICT (CDR S) DOM))
(SET-DIFF (DOMAIN (CDR S)) DOM)))
(EQUAL (DOMAIN (CO-RESTRICT S DOM))
(SET-DIFF (DOMAIN S) DOM))).
This simplifies, applying DOMAIN-CONS, and expanding NOT, AND, and
CO-RESTRICT, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) DOM))
(EQUAL (DOMAIN (CO-RESTRICT (CDR S) DOM))
(SET-DIFF (DOMAIN (CDR S)) DOM)))
(EQUAL (CONS (CAAR S)
(DOMAIN (CO-RESTRICT (CDR S) DOM)))
(SET-DIFF (DOMAIN S) DOM))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). The result is the goal:
(IMPLIES (AND (NOT (MEMBER V DOM))
(EQUAL (DOMAIN (CO-RESTRICT Z DOM))
(SET-DIFF (DOMAIN Z) DOM)))
(EQUAL (CONS V (DOMAIN (CO-RESTRICT Z DOM)))
(SET-DIFF (DOMAIN (CONS (CONS V W) Z))
DOM))).
But this further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS, and
SET-DIFF-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) DOM))))
(EQUAL (DOMAIN (CO-RESTRICT (CDR S) DOM))
(SET-DIFF (DOMAIN (CDR S)) DOM)))
(EQUAL (DOMAIN (CO-RESTRICT S DOM))
(SET-DIFF (DOMAIN S) DOM))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
opening up NOT, AND, and CO-RESTRICT, to the following two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (DOMAIN (CO-RESTRICT (CDR S) DOM))
(SET-DIFF (DOMAIN (CDR S)) DOM)))
(EQUAL (DOMAIN (CO-RESTRICT (CDR S) DOM))
(SET-DIFF (DOMAIN S) DOM))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). This generates:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (DOMAIN (CO-RESTRICT Z DOM))
(SET-DIFF (DOMAIN Z) DOM)))
(EQUAL (DOMAIN (CO-RESTRICT Z DOM))
(SET-DIFF (DOMAIN (CONS X Z)) DOM))).
This further simplifies, applying DOMAIN-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S)
(MEMBER (CAAR S) DOM)
(EQUAL (DOMAIN (CO-RESTRICT (CDR S) DOM))
(SET-DIFF (DOMAIN (CDR S)) DOM)))
(EQUAL (DOMAIN (CO-RESTRICT (CDR S) DOM))
(SET-DIFF (DOMAIN S) DOM))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). This generates two new formulas:
Case 2.1.2.
(IMPLIES (AND (NOT (LISTP X))
(MEMBER (CAR X) DOM)
(EQUAL (DOMAIN (CO-RESTRICT Z DOM))
(SET-DIFF (DOMAIN Z) DOM)))
(EQUAL (DOMAIN (CO-RESTRICT Z DOM))
(SET-DIFF (DOMAIN (CONS X Z)) DOM))),
which further simplifies, applying CAR-NLISTP and DOMAIN-CONS, to:
T.
Case 2.1.1.
(IMPLIES (AND (MEMBER V DOM)
(EQUAL (DOMAIN (CO-RESTRICT Z DOM))
(SET-DIFF (DOMAIN Z) DOM)))
(EQUAL (DOMAIN (CO-RESTRICT Z DOM))
(SET-DIFF (DOMAIN (CONS (CONS V W) Z))
DOM))).
However this further simplifies, appealing to the lemmas CAR-CONS,
DOMAIN-CONS, SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and SET-DIFF-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP S))
(EQUAL (DOMAIN (CO-RESTRICT S DOM))
(SET-DIFF (DOMAIN S) DOM))),
which simplifies, appealing to the lemmas DOMAIN-NLISTP and SET-DIFF-NLISTP,
and opening up the functions CO-RESTRICT, DOMAIN, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DOMAIN-CO-RESTRICT
(PROVE-LEMMA DOMAIN-BIND
(REWRITE)
(EQUAL (DOMAIN (BIND X V MAP))
(IF (MEMBER X (DOMAIN MAP))
(DOMAIN MAP)
(APPEND (DOMAIN MAP) (LIST X)))))
This conjecture simplifies, trivially, to the following two new formulas:
Case 2. (IMPLIES (NOT (MEMBER X (DOMAIN MAP)))
(EQUAL (DOMAIN (BIND X V MAP))
(APPEND (DOMAIN MAP) (LIST X)))).
Name the above subgoal *1.
Case 1. (IMPLIES (MEMBER X (DOMAIN MAP))
(EQUAL (DOMAIN (BIND X V MAP))
(DOMAIN MAP))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(EQUAL (DOMAIN (BIND X V MAP))
(IF (MEMBER X (DOMAIN MAP))
(DOMAIN MAP)
(APPEND (DOMAIN MAP) (LIST X)))),
which we named *1 above. We will appeal to induction. There is only one
plausible induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL X (CAAR MAP)))
(p X V MAP))
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP)))
(p X V (CDR MAP)))
(p X V MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p X V (CDR MAP)))
(p X V MAP))
(IMPLIES (NOT (LISTP MAP))
(p X V MAP))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to the
following four new goals:
Case 4. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL X (CAAR MAP)))
(EQUAL (DOMAIN (BIND X V MAP))
(IF (MEMBER X (DOMAIN MAP))
(DOMAIN MAP)
(APPEND (DOMAIN MAP) (LIST X))))).
This simplifies, rewriting with CAR-CONS and DOMAIN-CONS, and unfolding the
definition of BIND, to two new formulas:
Case 4.2.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (MEMBER (CAAR MAP) (DOMAIN MAP))))
(EQUAL (CONS (CAAR MAP) (DOMAIN (CDR MAP)))
(APPEND (DOMAIN MAP)
(LIST (CAAR MAP))))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z W) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS D C) to eliminate (CAR Z) and
(CDR Z). This produces:
(IMPLIES (NOT (MEMBER D
(DOMAIN (CONS (CONS D C) W))))
(EQUAL (CONS D (DOMAIN W))
(APPEND (DOMAIN (CONS (CONS D C) W))
(LIST D)))),
which further simplifies, rewriting with the lemmas CAR-CONS, DOMAIN-CONS,
and MEMBER-CONS, to:
T.
Case 4.1.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(MEMBER (CAAR MAP) (DOMAIN MAP)))
(EQUAL (CONS (CAAR MAP) (DOMAIN (CDR MAP)))
(DOMAIN MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z W) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS D C) to eliminate (CAR Z) and
(CDR Z). We thus obtain:
(IMPLIES (MEMBER D
(DOMAIN (CONS (CONS D C) W)))
(EQUAL (CONS D (DOMAIN W))
(DOMAIN (CONS (CONS D C) W)))),
which further simplifies, applying CAR-CONS, DOMAIN-CONS, and MEMBER-CONS,
to:
T.
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP)))
(EQUAL (DOMAIN (BIND X V (CDR MAP)))
(IF (MEMBER X (DOMAIN (CDR MAP)))
(DOMAIN (CDR MAP))
(APPEND (DOMAIN (CDR MAP))
(LIST X)))))
(EQUAL (DOMAIN (BIND X V MAP))
(IF (MEMBER X (DOMAIN MAP))
(DOMAIN MAP)
(APPEND (DOMAIN MAP) (LIST X))))).
This simplifies, applying DOMAIN-CONS, SUBSETP-DOMAIN, CDR-SUBSETP, and
MEMBER-SUBSETP, and opening up the definition of BIND, to three new formulas:
Case 3.3.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP)))
(NOT (MEMBER X (DOMAIN (CDR MAP))))
(EQUAL (DOMAIN (BIND X V (CDR MAP)))
(APPEND (DOMAIN (CDR MAP)) (LIST X)))
(NOT (MEMBER X (DOMAIN MAP))))
(EQUAL (CONS (CAAR MAP)
(APPEND (DOMAIN (CDR MAP)) (LIST X)))
(APPEND (DOMAIN MAP) (LIST X)))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z W) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS D C) to eliminate (CAR Z) and
(CDR Z). This produces:
(IMPLIES (AND (NOT (EQUAL X D))
(NOT (MEMBER X (DOMAIN W)))
(EQUAL (DOMAIN (BIND X V W))
(APPEND (DOMAIN W) (LIST X)))
(NOT (MEMBER X
(DOMAIN (CONS (CONS D C) W)))))
(EQUAL (CONS D (APPEND (DOMAIN W) (LIST X)))
(APPEND (DOMAIN (CONS (CONS D C) W))
(LIST X)))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, and CDR-CONS, and unfolding the definition of APPEND, to:
T.
Case 3.2.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP)))
(NOT (MEMBER X (DOMAIN (CDR MAP))))
(EQUAL (DOMAIN (BIND X V (CDR MAP)))
(APPEND (DOMAIN (CDR MAP)) (LIST X)))
(MEMBER X (DOMAIN MAP)))
(EQUAL (CONS (CAAR MAP)
(APPEND (DOMAIN (CDR MAP)) (LIST X)))
(DOMAIN MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z W) to
eliminate (CAR MAP) and (CDR MAP) and Z by (CONS D C) to eliminate (CAR Z)
and (CDR Z). This generates:
(IMPLIES (AND (NOT (EQUAL X D))
(NOT (MEMBER X (DOMAIN W)))
(EQUAL (DOMAIN (BIND X V W))
(APPEND (DOMAIN W) (LIST X)))
(MEMBER X
(DOMAIN (CONS (CONS D C) W))))
(EQUAL (CONS D (APPEND (DOMAIN W) (LIST X)))
(DOMAIN (CONS (CONS D C) W)))).
But this further simplifies, rewriting with CAR-CONS, DOMAIN-CONS, and
MEMBER-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP)))
(MEMBER X (DOMAIN (CDR MAP)))
(EQUAL (DOMAIN (BIND X V (CDR MAP)))
(DOMAIN (CDR MAP))))
(EQUAL (CONS (CAAR MAP) (DOMAIN (CDR MAP)))
(DOMAIN MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z W) to
eliminate (CAR MAP) and (CDR MAP) and Z by (CONS D C) to eliminate (CAR Z)
and (CDR Z). We must thus prove:
(IMPLIES (AND (NOT (EQUAL X D))
(MEMBER X (DOMAIN W))
(EQUAL (DOMAIN (BIND X V W))
(DOMAIN W)))
(EQUAL (CONS D (DOMAIN W))
(DOMAIN (CONS (CONS D C) W)))).
This further simplifies, applying CAR-CONS and DOMAIN-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (DOMAIN (BIND X V (CDR MAP)))
(IF (MEMBER X (DOMAIN (CDR MAP)))
(DOMAIN (CDR MAP))
(APPEND (DOMAIN (CDR MAP))
(LIST X)))))
(EQUAL (DOMAIN (BIND X V MAP))
(IF (MEMBER X (DOMAIN MAP))
(DOMAIN MAP)
(APPEND (DOMAIN MAP) (LIST X))))).
This simplifies, appealing to the lemmas DOMAIN-CONS, SUBSETP-DOMAIN,
CDR-SUBSETP, and MEMBER-SUBSETP, and expanding the function BIND, to the
following three new goals:
Case 2.3.
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(NOT (MEMBER X (DOMAIN (CDR MAP))))
(EQUAL (DOMAIN (BIND X V (CDR MAP)))
(APPEND (DOMAIN (CDR MAP)) (LIST X)))
(NOT (MEMBER X (DOMAIN MAP))))
(EQUAL (APPEND (DOMAIN (CDR MAP)) (LIST X))
(APPEND (DOMAIN MAP) (LIST X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z W) to
eliminate (CAR MAP) and (CDR MAP). The result is:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (MEMBER X (DOMAIN W)))
(EQUAL (DOMAIN (BIND X V W))
(APPEND (DOMAIN W) (LIST X)))
(NOT (MEMBER X (DOMAIN (CONS Z W)))))
(EQUAL (APPEND (DOMAIN W) (LIST X))
(APPEND (DOMAIN (CONS Z W))
(LIST X)))).
This further simplifies, rewriting with DOMAIN-CONS, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(NOT (MEMBER X (DOMAIN (CDR MAP))))
(EQUAL (DOMAIN (BIND X V (CDR MAP)))
(APPEND (DOMAIN (CDR MAP)) (LIST X)))
(MEMBER X (DOMAIN MAP)))
(EQUAL (APPEND (DOMAIN (CDR MAP)) (LIST X))
(DOMAIN MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z W) to
eliminate (CAR MAP) and (CDR MAP). This generates the goal:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (MEMBER X (DOMAIN W)))
(EQUAL (DOMAIN (BIND X V W))
(APPEND (DOMAIN W) (LIST X)))
(MEMBER X (DOMAIN (CONS Z W))))
(EQUAL (APPEND (DOMAIN W) (LIST X))
(DOMAIN (CONS Z W)))).
However this further simplifies, applying DOMAIN-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(MEMBER X (DOMAIN (CDR MAP)))
(EQUAL (DOMAIN (BIND X V (CDR MAP)))
(DOMAIN (CDR MAP))))
(EQUAL (DOMAIN (CDR MAP))
(DOMAIN MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z W) to
eliminate (CAR MAP) and (CDR MAP). This generates:
(IMPLIES (AND (NOT (LISTP Z))
(MEMBER X (DOMAIN W))
(EQUAL (DOMAIN (BIND X V W))
(DOMAIN W)))
(EQUAL (DOMAIN W)
(DOMAIN (CONS Z W)))).
This further simplifies, applying DOMAIN-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP MAP))
(EQUAL (DOMAIN (BIND X V MAP))
(IF (MEMBER X (DOMAIN MAP))
(DOMAIN MAP)
(APPEND (DOMAIN MAP) (LIST X))))).
This simplifies, applying CAR-CONS, DOMAIN-CONS, DOMAIN-NLISTP, and
MEMBER-NLISTP, and expanding BIND, DOMAIN, LISTP, and APPEND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.1 ]
DOMAIN-BIND
(PROVE-LEMMA DOMAIN-REMBIND
(REWRITE)
(EQUAL (DOMAIN (REMBIND X MAP))
(DELETE X (DOMAIN MAP))))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL X (CAAR MAP)))
(p X MAP))
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP)))
(p X (CDR MAP)))
(p X MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p X (CDR MAP)))
(p X MAP))
(IMPLIES (NOT (LISTP MAP))
(p X MAP))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme produces the
following four new formulas:
Case 4. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL X (CAAR MAP)))
(EQUAL (DOMAIN (REMBIND X MAP))
(DELETE X (DOMAIN MAP)))).
This simplifies, expanding the definition of REMBIND, to:
(IMPLIES (AND (LISTP MAP) (LISTP (CAR MAP)))
(EQUAL (DOMAIN (CDR MAP))
(DELETE (CAAR MAP) (DOMAIN MAP)))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We would thus like to prove:
(EQUAL (DOMAIN V)
(DELETE W
(DOMAIN (CONS (CONS W D) V)))),
which further simplifies, rewriting with the lemmas CAR-CONS, DOMAIN-CONS,
and DELETE-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP)))
(EQUAL (DOMAIN (REMBIND X (CDR MAP)))
(DELETE X (DOMAIN (CDR MAP)))))
(EQUAL (DOMAIN (REMBIND X MAP))
(DELETE X (DOMAIN MAP)))),
which simplifies, applying the lemma DOMAIN-CONS, and opening up REMBIND, to:
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP)))
(EQUAL (DOMAIN (REMBIND X (CDR MAP)))
(DELETE X (DOMAIN (CDR MAP)))))
(EQUAL (CONS (CAAR MAP)
(DELETE X (DOMAIN (CDR MAP))))
(DELETE X (DOMAIN MAP)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z V) to
eliminate (CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z)
and (CDR Z). This generates:
(IMPLIES (AND (NOT (EQUAL X W))
(EQUAL (DOMAIN (REMBIND X V))
(DELETE X (DOMAIN V))))
(EQUAL (CONS W (DELETE X (DOMAIN V)))
(DELETE X
(DOMAIN (CONS (CONS W D) V))))).
However this further simplifies, applying CAR-CONS, DOMAIN-CONS, and
DELETE-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (DOMAIN (REMBIND X (CDR MAP)))
(DELETE X (DOMAIN (CDR MAP)))))
(EQUAL (DOMAIN (REMBIND X MAP))
(DELETE X (DOMAIN MAP)))).
This simplifies, applying the lemma DOMAIN-CONS, and opening up REMBIND, to
the new formula:
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (DOMAIN (REMBIND X (CDR MAP)))
(DELETE X (DOMAIN (CDR MAP)))))
(EQUAL (DELETE X (DOMAIN (CDR MAP)))
(DELETE X (DOMAIN MAP)))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP). We would thus like to prove the new goal:
(IMPLIES (AND (NOT (LISTP Z))
(EQUAL (DOMAIN (REMBIND X V))
(DELETE X (DOMAIN V))))
(EQUAL (DELETE X (DOMAIN V))
(DELETE X (DOMAIN (CONS Z V))))),
which further simplifies, rewriting with the lemma DOMAIN-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP MAP))
(EQUAL (DOMAIN (REMBIND X MAP))
(DELETE X (DOMAIN MAP)))),
which simplifies, appealing to the lemmas DOMAIN-NLISTP, MEMBER-NLISTP, and
DELETE-NON-MEMBER, and opening up REMBIND, DOMAIN, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DOMAIN-REMBIND
(PROVE-LEMMA DOMAIN-INVERT
(REWRITE)
(EQUAL (DOMAIN (INVERT MAP))
(RANGE MAP))
((ENABLE-THEORY ALIST-DEFNS)))
Give the conjecture the name *1.
We will appeal to induction. Two inductions are suggested by terms in
the conjecture. However, they merge into one likely candidate induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(p (CDR MAP)))
(p MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p (CDR MAP)))
(p MAP))
(IMPLIES (NOT (LISTP MAP)) (p MAP))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme produces the
following three new conjectures:
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL (DOMAIN (INVERT (CDR MAP)))
(RANGE (CDR MAP))))
(EQUAL (DOMAIN (INVERT MAP))
(RANGE MAP))).
This simplifies, applying CAR-CONS and DOMAIN-CONS, and opening up the
functions INVERT and RANGE, to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (DOMAIN (INVERT (CDR MAP)))
(RANGE (CDR MAP))))
(EQUAL (DOMAIN (INVERT MAP))
(RANGE MAP))),
which simplifies, unfolding the functions INVERT and RANGE, to:
T.
Case 1. (IMPLIES (NOT (LISTP MAP))
(EQUAL (DOMAIN (INVERT MAP))
(RANGE MAP))),
which simplifies, applying INVERT-NLISTP and RANGE-NLISTP, and unfolding the
definitions of DOMAIN and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DOMAIN-INVERT
(PROVE-LEMMA RANGE-INVERT
(REWRITE)
(EQUAL (RANGE (INVERT MAP))
(DOMAIN MAP))
((ENABLE-THEORY ALIST-DEFNS)))
Give the conjecture the name *1.
We will appeal to induction. Two inductions are suggested by terms in
the conjecture. However, they merge into one likely candidate induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(p (CDR MAP)))
(p MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p (CDR MAP)))
(p MAP))
(IMPLIES (NOT (LISTP MAP)) (p MAP))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT MAP) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme produces the
following three new conjectures:
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL (RANGE (INVERT (CDR MAP)))
(DOMAIN (CDR MAP))))
(EQUAL (RANGE (INVERT MAP))
(DOMAIN MAP))).
This simplifies, applying CDR-CONS and RANGE-CONS, and opening up the
functions INVERT and DOMAIN, to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (RANGE (INVERT (CDR MAP)))
(DOMAIN (CDR MAP))))
(EQUAL (RANGE (INVERT MAP))
(DOMAIN MAP))),
which simplifies, unfolding the functions INVERT and DOMAIN, to:
T.
Case 1. (IMPLIES (NOT (LISTP MAP))
(EQUAL (RANGE (INVERT MAP))
(DOMAIN MAP))),
which simplifies, applying INVERT-NLISTP and DOMAIN-NLISTP, and unfolding
the definitions of RANGE and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
RANGE-INVERT
(PROVE-LEMMA BOUNDP-BIND
(REWRITE)
(EQUAL (MEMBER X (DOMAIN (BIND Y V MAP)))
(OR (EQUAL X Y)
(MEMBER X (DOMAIN MAP)))))
This formula simplifies, rewriting with the lemma DOMAIN-BIND, and expanding
OR, to the following three new conjectures:
Case 3. (IMPLIES (AND (NOT (EQUAL X Y))
(NOT (MEMBER Y (DOMAIN MAP))))
(EQUAL (MEMBER X
(APPEND (DOMAIN MAP) (LIST Y)))
(MEMBER X (DOMAIN MAP)))).
But this again simplifies, rewriting with the lemmas MEMBER-NLISTP,
MEMBER-CONS, and MEMBER-APPEND, to:
T.
Case 2. (IMPLIES (AND (EQUAL X Y)
(NOT (MEMBER Y (DOMAIN MAP))))
(EQUAL (MEMBER X
(APPEND (DOMAIN MAP) (LIST Y)))
T)),
which again simplifies, applying the lemmas MEMBER-CONS and MEMBER-APPEND,
and expanding the definition of EQUAL, to:
T.
Case 1. (IMPLIES (AND (EQUAL X Y)
(MEMBER Y (DOMAIN MAP)))
(EQUAL (MEMBER X (DOMAIN MAP)) T)),
which again simplifies, clearly, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
BOUNDP-BIND
(PROVE-LEMMA BOUNDP-REMBIND
(REWRITE)
(IMPLIES (MAPPING MAP)
(EQUAL (MEMBER X (DOMAIN (REMBIND Y MAP)))
(IF (EQUAL X Y)
F
(MEMBER X (DOMAIN MAP))))))
This conjecture can be simplified, using the abbreviations MAPPING, IMPLIES,
and DOMAIN-REMBIND, to the formula:
(IMPLIES (AND (ALISTP MAP) (SETP (DOMAIN MAP)))
(EQUAL (MEMBER X (DELETE Y (DOMAIN MAP)))
(IF (EQUAL X Y)
F
(MEMBER X (DOMAIN MAP))))).
This simplifies, rewriting with MEMBER-DELETE, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
BOUNDP-REMBIND
(PROVE-LEMMA BOUNDP-SUBSETP NIL
(IMPLIES (AND (SUBSETP MAP1 MAP2)
(MEMBER NAME (DOMAIN MAP1)))
(MEMBER NAME (DOMAIN MAP2))))
This conjecture simplifies, applying SUBSETP-DOMAIN and MEMBER-SUBSETP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
BOUNDP-SUBSETP
(PROVE-LEMMA DISJOINT-DOMAIN-SINGLETON
(REWRITE)
(AND (EQUAL (DISJOINT (DOMAIN S) (LIST X))
(NOT (MEMBER X (DOMAIN S))))
(EQUAL (DISJOINT (LIST X) (DOMAIN S))
(NOT (MEMBER X (DOMAIN S))))))
WARNING: the previously added lemma, DISJOINT-SYMMETRY, could be applied
whenever the newly proposed DISJOINT-DOMAIN-SINGLETON could!
WARNING: the previously added lemma, DISJOINT-CONS-2, could be applied
whenever the newly proposed DISJOINT-DOMAIN-SINGLETON could!
WARNING: the previously added lemma, DISJOINT-SYMMETRY, could be applied
whenever the newly proposed DISJOINT-DOMAIN-SINGLETON could!
WARNING: the previously added lemma, DISJOINT-CONS-1, could be applied
whenever the newly proposed DISJOINT-DOMAIN-SINGLETON could!
WARNING: Note that the proposed lemma DISJOINT-DOMAIN-SINGLETON is to be
stored as zero type prescription rules, zero compound recognizer rules, zero
linear rules, and two replacement rules.
This formula can be simplified, using the abbreviation AND, to the following
two new formulas:
Case 2. (EQUAL (DISJOINT (DOMAIN S) (LIST X))
(NOT (MEMBER X (DOMAIN S)))).
This simplifies, applying DISJOINT-NLISTP, DISJOINT-SYMMETRY, and
DISJOINT-CONS-2, and expanding OR, NLISTP, and NOT, to:
T.
Case 1. (EQUAL (DISJOINT (LIST X) (DOMAIN S))
(NOT (MEMBER X (DOMAIN S)))),
which simplifies, rewriting with DISJOINT-NLISTP, DISJOINT-SYMMETRY, and
DISJOINT-CONS-2, and expanding the definitions of OR, NLISTP, and NOT, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-DOMAIN-SINGLETON
(PROVE-LEMMA BOUNDP-VALUE-INVERT
(REWRITE)
(IMPLIES (MEMBER X (RANGE MAP))
(MEMBER (VALUE X (INVERT MAP))
(DOMAIN MAP)))
((INDUCT (DOMAIN MAP))))
This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and
AND, to the following three new formulas:
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(IMPLIES (MEMBER X (RANGE (CDR MAP)))
(MEMBER (VALUE X (INVERT (CDR MAP)))
(DOMAIN (CDR MAP))))
(MEMBER X (RANGE MAP)))
(MEMBER (VALUE X (INVERT MAP))
(DOMAIN MAP))).
This simplifies, expanding the function IMPLIES, to the following two new
formulas:
Case 3.2.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (MEMBER X (RANGE (CDR MAP))))
(MEMBER X (RANGE MAP)))
(MEMBER (VALUE X (INVERT MAP))
(DOMAIN MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z V) to
eliminate (CAR MAP) and (CDR MAP). The result is the formula:
(IMPLIES (AND (LISTP Z)
(NOT (MEMBER X (RANGE V)))
(MEMBER X (RANGE (CONS Z V))))
(MEMBER (VALUE X (INVERT (CONS Z V)))
(DOMAIN (CONS Z V)))).
But this further simplifies, rewriting with RANGE-CONS, MEMBER-CONS,
INVERT-CONS, CAR-CONS, CDR-CONS, VALUE-CONS, and DOMAIN-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(MEMBER (VALUE X (INVERT (CDR MAP)))
(DOMAIN (CDR MAP)))
(MEMBER X (RANGE MAP)))
(MEMBER (VALUE X (INVERT MAP))
(DOMAIN MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z V) to
eliminate (CAR MAP) and (CDR MAP). This generates the formula:
(IMPLIES (AND (LISTP Z)
(MEMBER (VALUE X (INVERT V))
(DOMAIN V))
(MEMBER X (RANGE (CONS Z V))))
(MEMBER (VALUE X (INVERT (CONS Z V)))
(DOMAIN (CONS Z V)))).
But this further simplifies, rewriting with RANGE-CONS, MEMBER-CONS,
INVERT-CONS, CAR-CONS, CDR-CONS, VALUE-CONS, and DOMAIN-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(IMPLIES (MEMBER X (RANGE (CDR MAP)))
(MEMBER (VALUE X (INVERT (CDR MAP)))
(DOMAIN (CDR MAP))))
(MEMBER X (RANGE MAP)))
(MEMBER (VALUE X (INVERT MAP))
(DOMAIN MAP))).
This simplifies, unfolding the definition of IMPLIES, to the following two
new goals:
Case 2.2.
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(NOT (MEMBER X (RANGE (CDR MAP))))
(MEMBER X (RANGE MAP)))
(MEMBER (VALUE X (INVERT MAP))
(DOMAIN MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z V) to
eliminate (CAR MAP) and (CDR MAP). This generates:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (MEMBER X (RANGE V)))
(MEMBER X (RANGE (CONS Z V))))
(MEMBER (VALUE X (INVERT (CONS Z V)))
(DOMAIN (CONS Z V)))).
But this further simplifies, rewriting with RANGE-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(MEMBER (VALUE X (INVERT (CDR MAP)))
(DOMAIN (CDR MAP)))
(MEMBER X (RANGE MAP)))
(MEMBER (VALUE X (INVERT MAP))
(DOMAIN MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z V) to
eliminate (CAR MAP) and (CDR MAP). This generates:
(IMPLIES (AND (NOT (LISTP Z))
(MEMBER (VALUE X (INVERT V))
(DOMAIN V))
(MEMBER X (RANGE (CONS Z V))))
(MEMBER (VALUE X (INVERT (CONS Z V)))
(DOMAIN (CONS Z V)))).
However this further simplifies, rewriting with RANGE-CONS, INVERT-CONS,
DOMAIN-CONS, SUBSETP-DOMAIN, SUBSETP-REFLEXIVITY, and MEMBER-SUBSETP, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP MAP))
(MEMBER X (RANGE MAP)))
(MEMBER (VALUE X (INVERT MAP))
(DOMAIN MAP))).
This simplifies, appealing to the lemmas RANGE-NLISTP and MEMBER-NLISTP, to:
T.
Q.E.D.
[ 0.0 0.1 0.0 ]
BOUNDP-VALUE-INVERT
(PROVE-LEMMA VALUE-WHEN-NOT-BOUND
(REWRITE)
(IMPLIES (NOT (MEMBER NAME (DOMAIN MAP)))
(EQUAL (VALUE NAME MAP) 0))
((INDUCT (DOMAIN MAP))))
This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and
AND, to the following three new conjectures:
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(IMPLIES (NOT (MEMBER NAME (DOMAIN (CDR MAP))))
(EQUAL (VALUE NAME (CDR MAP)) 0))
(NOT (MEMBER NAME (DOMAIN MAP))))
(EQUAL (VALUE NAME MAP) 0)).
This simplifies, rewriting with SUBSETP-DOMAIN, CDR-SUBSETP, and
MEMBER-SUBSETP, and unfolding the definitions of NOT and IMPLIES, to:
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL (VALUE NAME (CDR MAP)) 0)
(NOT (MEMBER NAME (DOMAIN MAP))))
(EQUAL (VALUE NAME MAP) 0)).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS X Z) to
eliminate (CAR MAP) and (CDR MAP). The result is:
(IMPLIES (AND (LISTP X)
(EQUAL (VALUE NAME Z) 0)
(NOT (MEMBER NAME (DOMAIN (CONS X Z)))))
(EQUAL (VALUE NAME (CONS X Z)) 0)).
But this further simplifies, rewriting with DOMAIN-CONS, MEMBER-CONS, and
VALUE-CONS, and expanding the function EQUAL, to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(IMPLIES (NOT (MEMBER NAME (DOMAIN (CDR MAP))))
(EQUAL (VALUE NAME (CDR MAP)) 0))
(NOT (MEMBER NAME (DOMAIN MAP))))
(EQUAL (VALUE NAME MAP) 0)).
This simplifies, rewriting with SUBSETP-DOMAIN, CDR-SUBSETP, and
MEMBER-SUBSETP, and unfolding the functions NOT and IMPLIES, to:
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (VALUE NAME (CDR MAP)) 0)
(NOT (MEMBER NAME (DOMAIN MAP))))
(EQUAL (VALUE NAME MAP) 0)).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS X Z) to
eliminate (CAR MAP) and (CDR MAP). This generates:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (VALUE NAME Z) 0)
(NOT (MEMBER NAME (DOMAIN (CONS X Z)))))
(EQUAL (VALUE NAME (CONS X Z)) 0)).
But this further simplifies, applying DOMAIN-CONS and VALUE-CONS, and
expanding the definition of EQUAL, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP MAP))
(NOT (MEMBER NAME (DOMAIN MAP))))
(EQUAL (VALUE NAME MAP) 0)).
This simplifies, rewriting with the lemmas DOMAIN-NLISTP, MEMBER-NLISTP, and
VALUE-NLISTP, and unfolding the function EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VALUE-WHEN-NOT-BOUND
(PROVE-LEMMA VALUE-BIND
(REWRITE)
(EQUAL (VALUE X (BIND Y V MAP))
(IF (EQUAL X Y) V (VALUE X MAP))))
This formula simplifies, clearly, to the following two new formulas:
Case 2. (IMPLIES (NOT (EQUAL X Y))
(EQUAL (VALUE X (BIND Y V MAP))
(VALUE X MAP))).
Name the above subgoal *1.
Case 1. (IMPLIES (EQUAL X Y)
(EQUAL (VALUE X (BIND Y V MAP)) V)).
This again simplifies, trivially, to the new conjecture:
(EQUAL (VALUE Y (BIND Y V MAP)) V),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (VALUE X (BIND Y V MAP))
(IF (EQUAL X Y) V (VALUE X MAP))),
named *1. Let us appeal to the induction principle. There is only one
suggested induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL Y (CAAR MAP)))
(p X Y V MAP))
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(p X Y V (CDR MAP)))
(p X Y V MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p X Y V (CDR MAP)))
(p X Y V MAP))
(IMPLIES (NOT (LISTP MAP))
(p X Y V MAP))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT MAP) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following four new formulas:
Case 4. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL Y (CAAR MAP)))
(EQUAL (VALUE X (BIND Y V MAP))
(IF (EQUAL X Y) V (VALUE X MAP)))).
This simplifies, appealing to the lemmas CAR-CONS, CDR-CONS, and VALUE-CONS,
and unfolding the function BIND, to:
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL X (CAAR MAP))))
(EQUAL (VALUE X (CDR MAP))
(VALUE X MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z W) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS D C) to eliminate (CAR Z) and (CDR Z).
We would thus like to prove the new goal:
(IMPLIES (NOT (EQUAL X D))
(EQUAL (VALUE X W)
(VALUE X (CONS (CONS D C) W)))),
which further simplifies, applying CAR-CONS and VALUE-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(EQUAL (VALUE X (BIND Y V (CDR MAP)))
(IF (EQUAL X Y)
V
(VALUE X (CDR MAP)))))
(EQUAL (VALUE X (BIND Y V MAP))
(IF (EQUAL X Y) V (VALUE X MAP)))).
This simplifies, applying VALUE-CONS, and expanding the definition of BIND,
to four new formulas:
Case 3.4.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(NOT (EQUAL X Y))
(EQUAL (VALUE X (BIND Y V (CDR MAP)))
(VALUE X (CDR MAP)))
(NOT (EQUAL X (CAAR MAP))))
(EQUAL (VALUE X (CDR MAP))
(VALUE X MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z W) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS D C) to eliminate (CAR Z) and
(CDR Z). We thus obtain the new conjecture:
(IMPLIES (AND (NOT (EQUAL Y D))
(NOT (EQUAL X Y))
(EQUAL (VALUE X (BIND Y V W))
(VALUE X W))
(NOT (EQUAL X D)))
(EQUAL (VALUE X W)
(VALUE X (CONS (CONS D C) W)))),
which further simplifies, applying CAR-CONS and VALUE-CONS, to:
T.
Case 3.3.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(NOT (EQUAL X Y))
(EQUAL (VALUE X (BIND Y V (CDR MAP)))
(VALUE X (CDR MAP)))
(EQUAL X (CAAR MAP)))
(EQUAL (CDAR MAP) (VALUE X MAP))).
This again simplifies, obviously, to the new goal:
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL (CAAR MAP) Y))
(EQUAL (VALUE (CAAR MAP)
(BIND Y V (CDR MAP)))
(VALUE (CAAR MAP) (CDR MAP))))
(EQUAL (CDAR MAP)
(VALUE (CAAR MAP) MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z W) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS D C) to eliminate (CAR Z) and
(CDR Z). This produces the new formula:
(IMPLIES (AND (NOT (EQUAL D Y))
(EQUAL (VALUE D (BIND Y V W))
(VALUE D W)))
(EQUAL C
(VALUE D (CONS (CONS D C) W)))),
which further simplifies, rewriting with CAR-CONS, CDR-CONS, and
VALUE-CONS, to:
T.
Case 3.2.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(EQUAL X Y)
(EQUAL (VALUE X (BIND Y V (CDR MAP)))
V)
(NOT (EQUAL X (CAAR MAP))))
(EQUAL (VALUE X
(CONS (CAR MAP) (BIND X V (CDR MAP))))
V)).
However this again simplifies, applying VALUE-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(EQUAL X Y)
(EQUAL (VALUE X (BIND Y V (CDR MAP)))
V)
(EQUAL X (CAAR MAP)))
(EQUAL (VALUE X (CONS (CONS X V) (CDR MAP)))
V)).
This again simplifies, obviously, to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (VALUE X (BIND Y V (CDR MAP)))
(IF (EQUAL X Y)
V
(VALUE X (CDR MAP)))))
(EQUAL (VALUE X (BIND Y V MAP))
(IF (EQUAL X Y) V (VALUE X MAP)))).
This simplifies, rewriting with VALUE-CONS, and expanding BIND, to two new
formulas:
Case 2.2.
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(NOT (EQUAL X Y))
(EQUAL (VALUE X (BIND Y V (CDR MAP)))
(VALUE X (CDR MAP))))
(EQUAL (VALUE X (CDR MAP))
(VALUE X MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z W) to eliminate
(CAR MAP) and (CDR MAP). This produces:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (EQUAL X Y))
(EQUAL (VALUE X (BIND Y V W))
(VALUE X W)))
(EQUAL (VALUE X W)
(VALUE X (CONS Z W)))),
which further simplifies, rewriting with the lemma VALUE-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL X Y)
(EQUAL (VALUE X (BIND Y V (CDR MAP)))
V))
(EQUAL (VALUE X (BIND X V (CDR MAP)))
V)),
which again simplifies, obviously, to:
T.
Case 1. (IMPLIES (NOT (LISTP MAP))
(EQUAL (VALUE X (BIND Y V MAP))
(IF (EQUAL X Y) V (VALUE X MAP)))).
This simplifies, rewriting with CAR-CONS, CDR-CONS, MEMBER-NLISTP,
VALUE-WHEN-NOT-BOUND, VALUE-CONS, and DOMAIN-NLISTP, and opening up the
functions BIND and DOMAIN, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VALUE-BIND
(PROVE-LEMMA VALUE-REMBIND
(REWRITE)
(IMPLIES (MAPPING MAP)
(EQUAL (VALUE X (REMBIND Y MAP))
(IF (EQUAL X Y) 0 (VALUE X MAP)))))
This conjecture can be simplified, using the abbreviations MAPPING and IMPLIES,
to:
(IMPLIES (AND (ALISTP MAP) (SETP (DOMAIN MAP)))
(EQUAL (VALUE X (REMBIND Y MAP))
(IF (EQUAL X Y) 0 (VALUE X MAP)))).
This simplifies, obviously, to the following two new goals:
Case 2. (IMPLIES (AND (ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))).
Give the above formula the name *1.
Case 1. (IMPLIES (AND (ALISTP MAP)
(SETP (DOMAIN MAP))
(EQUAL X Y))
(EQUAL (VALUE X (REMBIND Y MAP)) 0)).
This again simplifies, applying the lemmas MEMBER-DELETE, DOMAIN-REMBIND,
and VALUE-WHEN-NOT-BOUND, and unfolding the definition of EQUAL, to:
T.
So we now return to:
(IMPLIES (AND (ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))),
named *1 above. Let us appeal to the induction principle. There is only one
suggested induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL Y (CAAR MAP)))
(p X Y MAP))
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(p X Y (CDR MAP)))
(p X Y MAP))
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(p X Y (CDR MAP)))
(p X Y MAP))
(IMPLIES (NOT (LISTP MAP))
(p X Y MAP))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT MAP) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme produces the
following eight new conjectures:
Case 8. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL Y (CAAR MAP))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))).
This simplifies, expanding the function REMBIND, to:
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X (CAAR MAP))))
(EQUAL (VALUE X (CDR MAP))
(VALUE X MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We thus obtain:
(IMPLIES (AND (ALISTP (CONS (CONS W D) V))
(SETP (DOMAIN (CONS (CONS W D) V)))
(NOT (EQUAL X W)))
(EQUAL (VALUE X V)
(VALUE X (CONS (CONS W D) V)))),
which further simplifies, rewriting with ALISTP-CONS, CAR-CONS, DOMAIN-CONS,
SETP-CONS, and VALUE-CONS, to:
T.
Case 7. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(NOT (ALISTP (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))).
This simplifies, applying VALUE-CONS, and opening up the definition of
REMBIND, to two new formulas:
Case 7.2.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(NOT (ALISTP (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y))
(NOT (EQUAL X (CAAR MAP))))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). We would thus like to prove:
(IMPLIES (AND (NOT (EQUAL Y W))
(NOT (ALISTP V))
(ALISTP (CONS (CONS W D) V))
(SETP (DOMAIN (CONS (CONS W D) V)))
(NOT (EQUAL X Y))
(NOT (EQUAL X W)))
(EQUAL (VALUE X (REMBIND Y V))
(VALUE X (CONS (CONS W D) V)))),
which further simplifies, applying the lemma ALISTP-CONS, to:
T.
Case 7.1.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(NOT (ALISTP (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y))
(EQUAL X (CAAR MAP)))
(EQUAL (CDAR MAP) (VALUE X MAP))),
which again simplifies, obviously, to the new formula:
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (ALISTP (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL (CAAR MAP) Y)))
(EQUAL (CDAR MAP)
(VALUE (CAAR MAP) MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This produces:
(IMPLIES (AND (NOT (ALISTP V))
(ALISTP (CONS (CONS W D) V))
(SETP (DOMAIN (CONS (CONS W D) V)))
(NOT (EQUAL W Y)))
(EQUAL D
(VALUE W (CONS (CONS W D) V)))),
which further simplifies, rewriting with the lemma ALISTP-CONS, to:
T.
Case 6. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(NOT (SETP (DOMAIN (CDR MAP))))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))),
which simplifies, rewriting with VALUE-CONS, and opening up the definition
of REMBIND, to the following two new goals:
Case 6.2.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(NOT (SETP (DOMAIN (CDR MAP))))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y))
(NOT (EQUAL X (CAAR MAP))))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z V) to
eliminate (CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z)
and (CDR Z). This generates:
(IMPLIES (AND (NOT (EQUAL Y W))
(NOT (SETP (DOMAIN V)))
(ALISTP (CONS (CONS W D) V))
(SETP (DOMAIN (CONS (CONS W D) V)))
(NOT (EQUAL X Y))
(NOT (EQUAL X W)))
(EQUAL (VALUE X (REMBIND Y V))
(VALUE X (CONS (CONS W D) V)))).
However this further simplifies, applying the lemmas ALISTP-CONS, CAR-CONS,
DOMAIN-CONS, and SETP-CONS, to:
T.
Case 6.1.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(NOT (SETP (DOMAIN (CDR MAP))))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y))
(EQUAL X (CAAR MAP)))
(EQUAL (CDAR MAP) (VALUE X MAP))),
which again simplifies, clearly, to:
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (SETP (DOMAIN (CDR MAP))))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL (CAAR MAP) Y)))
(EQUAL (CDAR MAP)
(VALUE (CAAR MAP) MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). We would thus like to prove:
(IMPLIES (AND (NOT (SETP (DOMAIN V)))
(ALISTP (CONS (CONS W D) V))
(SETP (DOMAIN (CONS (CONS W D) V)))
(NOT (EQUAL W Y)))
(EQUAL D
(VALUE W (CONS (CONS W D) V)))),
which further simplifies, applying ALISTP-CONS, CAR-CONS, DOMAIN-CONS, and
SETP-CONS, to:
T.
Case 5. (IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))).
This simplifies, rewriting with VALUE-CONS, and unfolding the function
REMBIND, to two new formulas:
Case 5.2.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y))
(NOT (EQUAL X (CAAR MAP))))
(EQUAL (VALUE X (CDR MAP))
(VALUE X MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This produces the new goal:
(IMPLIES (AND (NOT (EQUAL Y W))
(EQUAL (VALUE X (REMBIND Y V))
(VALUE X V))
(ALISTP (CONS (CONS W D) V))
(SETP (DOMAIN (CONS (CONS W D) V)))
(NOT (EQUAL X Y))
(NOT (EQUAL X W)))
(EQUAL (VALUE X V)
(VALUE X (CONS (CONS W D) V)))),
which further simplifies, rewriting with ALISTP-CONS, CAR-CONS,
DOMAIN-CONS, SETP-CONS, and VALUE-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(NOT (EQUAL Y (CAAR MAP)))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y))
(EQUAL X (CAAR MAP)))
(EQUAL (CDAR MAP) (VALUE X MAP))).
This again simplifies, clearly, to the new formula:
(IMPLIES (AND (LISTP MAP)
(LISTP (CAR MAP))
(EQUAL (VALUE (CAAR MAP)
(REMBIND Y (CDR MAP)))
(VALUE (CAAR MAP) (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL (CAAR MAP) Y)))
(EQUAL (CDAR MAP)
(VALUE (CAAR MAP) MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). We thus obtain:
(IMPLIES (AND (EQUAL (VALUE W (REMBIND Y V))
(VALUE W V))
(ALISTP (CONS (CONS W D) V))
(SETP (DOMAIN (CONS (CONS W D) V)))
(NOT (EQUAL W Y)))
(EQUAL D
(VALUE W (CONS (CONS W D) V)))),
which further simplifies, appealing to the lemmas ALISTP-CONS, CAR-CONS,
DOMAIN-CONS, SETP-CONS, CDR-CONS, and VALUE-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(NOT (ALISTP (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))),
which simplifies, rewriting with VALUE-CONS, and opening up the definition
of REMBIND, to the new goal:
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(NOT (ALISTP (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP). We thus obtain:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (ALISTP V))
(ALISTP (CONS Z V))
(SETP (DOMAIN (CONS Z V)))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y V))
(VALUE X (CONS Z V)))),
which further simplifies, rewriting with ALISTP-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(NOT (SETP (DOMAIN (CDR MAP))))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))).
This simplifies, applying VALUE-CONS, and unfolding REMBIND, to:
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(NOT (SETP (DOMAIN (CDR MAP))))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X MAP))).
Appealing to the lemma CAR-CDR-ELIM, we now replace MAP by (CONS Z V) to
eliminate (CAR MAP) and (CDR MAP). The result is:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (SETP (DOMAIN V)))
(ALISTP (CONS Z V))
(SETP (DOMAIN (CONS Z V)))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y V))
(VALUE X (CONS Z V)))).
But this further simplifies, applying ALISTP-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))).
This simplifies, rewriting with the lemma VALUE-CONS, and unfolding REMBIND,
to:
(IMPLIES (AND (LISTP MAP)
(NOT (LISTP (CAR MAP)))
(EQUAL (VALUE X (REMBIND Y (CDR MAP)))
(VALUE X (CDR MAP)))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (CDR MAP))
(VALUE X MAP))).
Applying the lemma CAR-CDR-ELIM, replace MAP by (CONS Z V) to eliminate
(CAR MAP) and (CDR MAP). We thus obtain the new goal:
(IMPLIES (AND (NOT (LISTP Z))
(EQUAL (VALUE X (REMBIND Y V))
(VALUE X V))
(ALISTP (CONS Z V))
(SETP (DOMAIN (CONS Z V)))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X V)
(VALUE X (CONS Z V)))),
which further simplifies, rewriting with the lemma ALISTP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP MAP))
(ALISTP MAP)
(SETP (DOMAIN MAP))
(NOT (EQUAL X Y)))
(EQUAL (VALUE X (REMBIND Y MAP))
(VALUE X MAP))),
which simplifies, applying the lemmas ALISTP-NLISTP, MEMBER-NLISTP, and
VALUE-WHEN-NOT-BOUND, and opening up DOMAIN, SETP, LISTP, REMBIND, and EQUAL,
to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VALUE-REMBIND
(PROVE-LEMMA VALUE-APPEND
(REWRITE)
(EQUAL (VALUE X (APPEND S1 S2))
(IF (MEMBER X (DOMAIN S1))
(VALUE X S1)
(VALUE X S2))))
This simplifies, trivially, to the following two new goals:
Case 2. (IMPLIES (NOT (MEMBER X (DOMAIN S1)))
(EQUAL (VALUE X (APPEND S1 S2))
(VALUE X S2))).
Give the above formula the name *1.
Case 1. (IMPLIES (MEMBER X (DOMAIN S1))
(EQUAL (VALUE X (APPEND S1 S2))
(VALUE X S1))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(EQUAL (VALUE X (APPEND S1 S2))
(IF (MEMBER X (DOMAIN S1))
(VALUE X S1)
(VALUE X S2))).
We gave this the name *1 above. Perhaps we can prove it by induction. There
is only one plausible induction. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP S1) (p X (CDR S1) S2))
(p X S1 S2))
(IMPLIES (NOT (LISTP S1))
(p X S1 S2))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT S1) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme generates two new
formulas:
Case 2. (IMPLIES (AND (LISTP S1)
(EQUAL (VALUE X (APPEND (CDR S1) S2))
(IF (MEMBER X (DOMAIN (CDR S1)))
(VALUE X (CDR S1))
(VALUE X S2))))
(EQUAL (VALUE X (APPEND S1 S2))
(IF (MEMBER X (DOMAIN S1))
(VALUE X S1)
(VALUE X S2)))),
which simplifies, rewriting with the lemmas VALUE-CONS, SUBSETP-DOMAIN,
CDR-SUBSETP, and MEMBER-SUBSETP, and expanding the definition of APPEND, to
seven new formulas:
Case 2.7.
(IMPLIES (AND (LISTP S1)
(NOT (MEMBER X (DOMAIN (CDR S1))))
(EQUAL (VALUE X (APPEND (CDR S1) S2))
(VALUE X S2))
(NOT (MEMBER X (DOMAIN S1)))
(LISTP (CAR S1))
(EQUAL X (CAAR S1)))
(EQUAL (CDAR S1) (VALUE X S2))),
which again simplifies, trivially, to:
(IMPLIES (AND (LISTP S1)
(NOT (MEMBER (CAAR S1) (DOMAIN (CDR S1))))
(EQUAL (VALUE (CAAR S1) (APPEND (CDR S1) S2))
(VALUE (CAAR S1) S2))
(NOT (MEMBER (CAAR S1) (DOMAIN S1)))
(LISTP (CAR S1)))
(EQUAL (CDAR S1)
(VALUE (CAAR S1) S2))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z V) to eliminate
(CAR S1) and (CDR S1) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We thus obtain:
(IMPLIES (AND (NOT (MEMBER W (DOMAIN V)))
(EQUAL (VALUE W (APPEND V S2))
(VALUE W S2))
(NOT (MEMBER W
(DOMAIN (CONS (CONS W D) V)))))
(EQUAL D (VALUE W S2))),
which further simplifies, rewriting with the lemmas CAR-CONS, DOMAIN-CONS,
and MEMBER-CONS, to:
T.
Case 2.6.
(IMPLIES (AND (LISTP S1)
(NOT (MEMBER X (DOMAIN (CDR S1))))
(EQUAL (VALUE X (APPEND (CDR S1) S2))
(VALUE X S2))
(MEMBER X (DOMAIN S1))
(NOT (EQUAL X (CAAR S1))))
(EQUAL (VALUE X S2) (VALUE X S1))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS V Z) to eliminate
(CDR S1) and (CAR S1) and V by (CONS W D) to eliminate (CAR V) and (CDR V).
We thus obtain the following two new conjectures:
Case 2.6.2.
(IMPLIES (AND (NOT (LISTP V))
(NOT (MEMBER X (DOMAIN Z)))
(EQUAL (VALUE X (APPEND Z S2))
(VALUE X S2))
(MEMBER X (DOMAIN (CONS V Z)))
(NOT (EQUAL X (CAR V))))
(EQUAL (VALUE X S2)
(VALUE X (CONS V Z)))).
This further simplifies, appealing to the lemma DOMAIN-CONS, to:
T.
Case 2.6.1.
(IMPLIES (AND (NOT (MEMBER X (DOMAIN Z)))
(EQUAL (VALUE X (APPEND Z S2))
(VALUE X S2))
(MEMBER X
(DOMAIN (CONS (CONS W D) Z)))
(NOT (EQUAL X W)))
(EQUAL (VALUE X S2)
(VALUE X (CONS (CONS W D) Z)))),
which further simplifies, applying CAR-CONS, DOMAIN-CONS, and
MEMBER-CONS, to:
T.
Case 2.5.
(IMPLIES (AND (LISTP S1)
(NOT (MEMBER X (DOMAIN (CDR S1))))
(EQUAL (VALUE X (APPEND (CDR S1) S2))
(VALUE X S2))
(MEMBER X (DOMAIN S1))
(NOT (LISTP (CAR S1))))
(EQUAL (VALUE X S2) (VALUE X S1))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S1 by (CONS V Z) to
eliminate (CDR S1) and (CAR S1). We must thus prove:
(IMPLIES (AND (NOT (MEMBER X (DOMAIN Z)))
(EQUAL (VALUE X (APPEND Z S2))
(VALUE X S2))
(MEMBER X (DOMAIN (CONS V Z)))
(NOT (LISTP V)))
(EQUAL (VALUE X S2)
(VALUE X (CONS V Z)))).
But this further simplifies, rewriting with DOMAIN-CONS, to:
T.
Case 2.4.
(IMPLIES (AND (LISTP S1)
(NOT (MEMBER X (DOMAIN (CDR S1))))
(EQUAL (VALUE X (APPEND (CDR S1) S2))
(VALUE X S2))
(MEMBER X (DOMAIN S1))
(LISTP (CAR S1))
(EQUAL X (CAAR S1)))
(EQUAL (CDAR S1) (VALUE X S1))).
This again simplifies, clearly, to the new goal:
(IMPLIES (AND (LISTP S1)
(NOT (MEMBER (CAAR S1) (DOMAIN (CDR S1))))
(EQUAL (VALUE (CAAR S1) (APPEND (CDR S1) S2))
(VALUE (CAAR S1) S2))
(MEMBER (CAAR S1) (DOMAIN S1))
(LISTP (CAR S1)))
(EQUAL (CDAR S1)
(VALUE (CAAR S1) S1))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z V) to eliminate
(CAR S1) and (CDR S1) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We thus obtain the new formula:
(IMPLIES (AND (NOT (MEMBER W (DOMAIN V)))
(EQUAL (VALUE W (APPEND V S2))
(VALUE W S2))
(MEMBER W
(DOMAIN (CONS (CONS W D) V))))
(EQUAL D
(VALUE W (CONS (CONS W D) V)))),
which further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to:
T.
Case 2.3.
(IMPLIES (AND (LISTP S1)
(MEMBER X (DOMAIN (CDR S1)))
(EQUAL (VALUE X (APPEND (CDR S1) S2))
(VALUE X (CDR S1)))
(NOT (EQUAL X (CAAR S1))))
(EQUAL (VALUE X (CDR S1))
(VALUE X S1))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS V Z) to eliminate
(CDR S1) and (CAR S1) and V by (CONS W D) to eliminate (CAR V) and (CDR V).
This produces the following two new conjectures:
Case 2.3.2.
(IMPLIES (AND (NOT (LISTP V))
(MEMBER X (DOMAIN Z))
(EQUAL (VALUE X (APPEND Z S2))
(VALUE X Z))
(NOT (EQUAL X (CAR V))))
(EQUAL (VALUE X Z)
(VALUE X (CONS V Z)))).
But this further simplifies, applying the lemmas CAR-NLISTP and
VALUE-CONS, to:
T.
Case 2.3.1.
(IMPLIES (AND (MEMBER X (DOMAIN Z))
(EQUAL (VALUE X (APPEND Z S2))
(VALUE X Z))
(NOT (EQUAL X W)))
(EQUAL (VALUE X Z)
(VALUE X (CONS (CONS W D) Z)))),
which further simplifies, rewriting with CAR-CONS and VALUE-CONS, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP S1)
(MEMBER X (DOMAIN (CDR S1)))
(EQUAL (VALUE X (APPEND (CDR S1) S2))
(VALUE X (CDR S1)))
(NOT (LISTP (CAR S1))))
(EQUAL (VALUE X (CDR S1))
(VALUE X S1))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S1 by (CONS V Z) to
eliminate (CDR S1) and (CAR S1). We must thus prove:
(IMPLIES (AND (MEMBER X (DOMAIN Z))
(EQUAL (VALUE X (APPEND Z S2))
(VALUE X Z))
(NOT (LISTP V)))
(EQUAL (VALUE X Z)
(VALUE X (CONS V Z)))).
This further simplifies, rewriting with the lemma VALUE-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S1)
(MEMBER X (DOMAIN (CDR S1)))
(EQUAL (VALUE X (APPEND (CDR S1) S2))
(VALUE X (CDR S1)))
(LISTP (CAR S1))
(EQUAL X (CAAR S1)))
(EQUAL (CDAR S1) (VALUE X S1))),
which again simplifies, trivially, to:
(IMPLIES (AND (LISTP S1)
(MEMBER (CAAR S1) (DOMAIN (CDR S1)))
(EQUAL (VALUE (CAAR S1) (APPEND (CDR S1) S2))
(VALUE (CAAR S1) (CDR S1)))
(LISTP (CAR S1)))
(EQUAL (CDAR S1)
(VALUE (CAAR S1) S1))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z V) to eliminate
(CAR S1) and (CDR S1) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We would thus like to prove:
(IMPLIES (AND (MEMBER W (DOMAIN V))
(EQUAL (VALUE W (APPEND V S2))
(VALUE W V)))
(EQUAL D
(VALUE W (CONS (CONS W D) V)))),
which further simplifies, rewriting with CAR-CONS, CDR-CONS, and
VALUE-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP S1))
(EQUAL (VALUE X (APPEND S1 S2))
(IF (MEMBER X (DOMAIN S1))
(VALUE X S1)
(VALUE X S2)))).
This simplifies, rewriting with DOMAIN-NLISTP and MEMBER-NLISTP, and
unfolding APPEND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VALUE-APPEND
(PROVE-LEMMA VALUE-VALUE-INVERT
(REWRITE)
(IMPLIES (AND (MEMBER X (RANGE S)) (MAPPING S))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X))
((ENABLE-THEORY ALIST-DEFNS)))
This conjecture can be simplified, using the abbreviations MAPPING, AND, and
IMPLIES, to the goal:
(IMPLIES (AND (MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)).
Give the above formula the name *1.
Perhaps we can prove it by induction. The recursive terms in the
conjecture suggest five inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p X (CDR S)))
(p X S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p X (CDR S)))
(p X S))
(IMPLIES (NOT (LISTP S)) (p X S))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT S) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates nine
new formulas:
Case 9. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER X (RANGE (CDR S))))
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)),
which simplifies, applying MEMBER-CONS, SETP-CONS, CAR-CONS, CDR-CONS, and
VALUE-CONS, and unfolding the definitions of RANGE, ALISTP, DOMAIN, INVERT,
and VALUE, to:
T.
Case 8. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (ALISTP (CDR S)))
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)).
This simplifies, rewriting with MEMBER-CONS, and expanding the definitions
of RANGE and ALISTP, to:
T.
Case 7. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (SETP (DOMAIN (CDR S))))
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)),
which simplifies, rewriting with MEMBER-CONS and SETP-CONS, and unfolding
the functions RANGE, ALISTP, and DOMAIN, to:
T.
Case 6. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE (VALUE X (INVERT (CDR S)))
(CDR S))
X)
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)).
This simplifies, rewriting with MEMBER-CONS, SETP-CONS, CAR-CONS, CDR-CONS,
and VALUE-CONS, and opening up the definitions of RANGE, ALISTP, DOMAIN,
INVERT, and VALUE, to two new formulas:
Case 6.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE (VALUE X (INVERT (CDR S)))
(CDR S))
X)
(MEMBER X (RANGE (CDR S)))
(ALISTP (CDR S))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))
(SETP (DOMAIN (CDR S)))
(NOT (EQUAL X (CDAR S))))
(EQUAL (VALUE (VALUE X (INVERT (CDR S))) S)
X)),
which again simplifies, expanding the definition of VALUE, to the
conjecture:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE (VALUE X (INVERT (CDR S)))
(CDR S))
X)
(MEMBER X (RANGE (CDR S)))
(ALISTP (CDR S))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))
(SETP (DOMAIN (CDR S)))
(NOT (EQUAL X (CDAR S))))
(NOT (EQUAL (VALUE X (INVERT (CDR S)))
(CAAR S)))).
This further simplifies, appealing to the lemma VALUE-WHEN-NOT-BOUND, to
the conjecture:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL 0 X)
(MEMBER 0 (RANGE (CDR S)))
(ALISTP (CDR S))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))
(SETP (DOMAIN (CDR S)))
(NOT (EQUAL 0 (CDAR S))))
(NOT (EQUAL (VALUE 0 (INVERT (CDR S)))
(CAAR S)))).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER 0 (RANGE (CDR S)))
(ALISTP (CDR S))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))
(SETP (DOMAIN (CDR S)))
(NOT (EQUAL 0 (CDAR S))))
(NOT (EQUAL (VALUE 0 (INVERT (CDR S)))
(CAAR S)))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS Z V) to eliminate
(CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
This produces:
(IMPLIES (AND (MEMBER 0 (RANGE V))
(ALISTP V)
(NOT (MEMBER W (DOMAIN V)))
(SETP (DOMAIN V))
(NOT (EQUAL 0 D)))
(NOT (EQUAL (VALUE 0 (INVERT V)) W))),
which finally simplifies, applying BOUNDP-VALUE-INVERT, to:
T.
Case 6.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE (VALUE X (INVERT (CDR S)))
(CDR S))
X)
(MEMBER X (RANGE (CDR S)))
(ALISTP (CDR S))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))
(SETP (DOMAIN (CDR S)))
(EQUAL X (CDAR S)))
(EQUAL (VALUE (CAAR S) S) X)).
But this again simplifies, expanding VALUE, to:
T.
Case 5. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER X (RANGE (CDR S))))
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)),
which simplifies, unfolding RANGE, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (ALISTP (CDR S)))
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)),
which simplifies, opening up the definitions of RANGE and ALISTP, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (SETP (DOMAIN (CDR S))))
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)),
which simplifies, unfolding RANGE and ALISTP, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (VALUE (VALUE X (INVERT (CDR S)))
(CDR S))
X)
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)),
which simplifies, opening up the definitions of RANGE and ALISTP, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(MEMBER X (RANGE S))
(ALISTP S)
(SETP (DOMAIN S)))
(EQUAL (VALUE (VALUE X (INVERT S)) S)
X)),
which simplifies, applying the lemmas RANGE-NLISTP and MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VALUE-VALUE-INVERT
(PROVE-LEMMA MAPPING-APPEND
(REWRITE)
(EQUAL (MAPPING (APPEND S1 S2))
(AND (DISJOINT (DOMAIN S1) (DOMAIN S2))
(MAPPING (FIX-PROPERP S1))
(MAPPING S2))))
WARNING: Note that the rewrite rule MAPPING-APPEND will be stored so as to
apply only to terms with the nonrecursive function symbol MAPPING.
This conjecture simplifies, applying SETP-APPEND, FIX-PROPERP-PROPERP,
PROPERP-DOMAIN, DOMAIN-APPEND, and ALISTP-APPEND, and opening up the
definitions of MAPPING and AND, to two new formulas:
Case 2. (IMPLIES (AND (DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (SETP (DOMAIN S1))))
(EQUAL F (SETP (DOMAIN S2)))),
which again simplifies, clearly, to the new conjecture:
(IMPLIES (AND (DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (SETP (DOMAIN S1))))
(NOT (SETP (DOMAIN S2)))),
which we will name *1.
Case 1. (IMPLIES (AND (DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(NOT (SETP (DOMAIN (FIX-PROPERP S1))))
(ALISTP S2)
(SETP (DOMAIN S1)))
(EQUAL (SETP (DOMAIN S2)) F)).
This again simplifies, obviously, to:
(IMPLIES (AND (DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(NOT (SETP (DOMAIN (FIX-PROPERP S1))))
(ALISTP S2)
(SETP (DOMAIN S1)))
(NOT (SETP (DOMAIN S2)))),
which we would normally push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us return to:
(EQUAL (MAPPING (APPEND S1 S2))
(AND (DISJOINT (DOMAIN S1) (DOMAIN S2))
(MAPPING (FIX-PROPERP S1))
(MAPPING S2))).
We named this *1. We will try to prove it by induction. There is only one
suggested induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S1) (p (CDR S1) S2))
(p S1 S2))
(IMPLIES (NOT (LISTP S1)) (p S1 S2))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT S1) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to two new
goals:
Case 2. (IMPLIES (AND (LISTP S1)
(EQUAL (MAPPING (APPEND (CDR S1) S2))
(AND (DISJOINT (DOMAIN (CDR S1))
(DOMAIN S2))
(MAPPING (FIX-PROPERP (CDR S1)))
(MAPPING S2))))
(EQUAL (MAPPING (APPEND S1 S2))
(AND (DISJOINT (DOMAIN S1) (DOMAIN S2))
(MAPPING (FIX-PROPERP S1))
(MAPPING S2)))),
which simplifies, applying SETP-APPEND, FIX-PROPERP-PROPERP, PROPERP-DOMAIN,
DISJOINT-SYMMETRY, DOMAIN-APPEND, ALISTP-APPEND, DOMAIN-CONS, and
ALISTP-CONS, and unfolding the definitions of MAPPING, AND, APPEND, and
EQUAL, to the following 21 new formulas:
Case 2.21.
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(NOT (DISJOINT (DOMAIN S1) (DOMAIN S2)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)).
However this again simplifies, rewriting with MEMBER-APPEND,
DISJOINT-SYMMETRY, SETP-APPEND, and SETP-CONS, and unfolding EQUAL, to:
T.
Case 2.20.
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(NOT (ALISTP (FIX-PROPERP S1)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)).
This again simplifies, applying MEMBER-APPEND, DISJOINT-SYMMETRY,
SETP-APPEND, and SETP-CONS, and opening up the function EQUAL, to:
T.
Case 2.19.
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(NOT (SETP (DOMAIN (FIX-PROPERP S1))))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)).
This again simplifies, appealing to the lemmas MEMBER-APPEND,
DISJOINT-SYMMETRY, SETP-APPEND, and SETP-CONS, and unfolding the
definition of EQUAL, to:
T.
Case 2.18.
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (LISTP (CAR S1))))
(EQUAL F (SETP (DOMAIN S2)))),
which again simplifies, obviously, to the new goal:
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (LISTP (CAR S1))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). We thus obtain:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S2) (DOMAIN X)))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(NOT (LISTP Z)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, applying DOMAIN-CONS and DISJOINT-SYMMETRY, to:
T.
Case 2.17.
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP (CDR S1)))))
(EQUAL F (SETP (DOMAIN S2)))).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). We would thus like to prove:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S2) (DOMAIN X)))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP X))))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, rewriting with the lemmas DOMAIN-CONS,
DISJOINT-SYMMETRY, FIX-PROPERP-CONS, and ALISTP-CONS, to:
T.
Case 2.16.
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1))))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
(SETP (DOMAIN S2)))),
which again simplifies, applying MEMBER-APPEND, DISJOINT-SYMMETRY,
SETP-APPEND, and SETP-CONS, to:
(IMPLIES (AND (LISTP S1)
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). This produces the new conjecture:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S2) (DOMAIN X)))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(LISTP Z)
(ALISTP (FIX-PROPERP X)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, applying DOMAIN-CONS, DISJOINT-CONS-2, and
DISJOINT-SYMMETRY, to:
T.
Case 2.15.
(IMPLIES (AND (LISTP S1)
(NOT (ALISTP (FIX-PROPERP (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2))
(NOT (SETP (DOMAIN S2)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S1 by (CONS Z X) to
eliminate (CDR S1) and (CAR S1). We must thus prove:
(IMPLIES (AND (NOT (ALISTP (FIX-PROPERP X)))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2))
(NOT (SETP (DOMAIN S2)))).
This further simplifies, applying the lemmas DOMAIN-CONS,
DISJOINT-SYMMETRY, FIX-PROPERP-CONS, and ALISTP-CONS, to:
T.
Case 2.14.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(NOT (DISJOINT (DOMAIN S1) (DOMAIN S2)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)),
which again simplifies, applying the lemmas MEMBER-APPEND,
DISJOINT-SYMMETRY, PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and
SETP-CONS, to:
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(NOT (DISJOINT (DOMAIN S1) (DOMAIN S2)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2)
(NOT (MEMBER (CAAR S1) (DOMAIN (CDR S1))))
(NOT (MEMBER (CAAR S1) (DOMAIN S2)))
(DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(NOT (SETP (DOMAIN S2)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S1 by (CONS Z X) to
eliminate (CDR S1) and (CAR S1) and Z by (CONS V W) to eliminate (CAR Z)
and (CDR Z). We must thus prove:
(IMPLIES (AND (SETP (DOMAIN (FIX-PROPERP X)))
(SETP (DOMAIN X))
(NOT (DISJOINT (DOMAIN (CONS (CONS V W) X))
(DOMAIN S2)))
(ALISTP (FIX-PROPERP X))
(ALISTP S2)
(NOT (MEMBER V (DOMAIN X)))
(NOT (MEMBER V (DOMAIN S2)))
(DISJOINT (DOMAIN S2) (DOMAIN X)))
(NOT (SETP (DOMAIN S2)))).
This further simplifies, applying CAR-CONS, DOMAIN-CONS, DISJOINT-CONS-2,
and DISJOINT-SYMMETRY, to:
T.
Case 2.13.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(NOT (ALISTP (FIX-PROPERP S1)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)).
However this again simplifies, applying MEMBER-APPEND, DISJOINT-SYMMETRY,
PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and SETP-CONS, to the
new formula:
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(NOT (ALISTP (FIX-PROPERP S1)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2)
(NOT (MEMBER (CAAR S1) (DOMAIN (CDR S1))))
(NOT (MEMBER (CAAR S1) (DOMAIN S2)))
(DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1) and Z by (CONS V W) to eliminate (CAR Z) and (CDR Z).
We thus obtain the new conjecture:
(IMPLIES (AND (SETP (DOMAIN (FIX-PROPERP X)))
(SETP (DOMAIN X))
(NOT (ALISTP (FIX-PROPERP (CONS (CONS V W) X))))
(ALISTP (FIX-PROPERP X))
(ALISTP S2)
(NOT (MEMBER V (DOMAIN X)))
(NOT (MEMBER V (DOMAIN S2)))
(DISJOINT (DOMAIN S2) (DOMAIN X)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, appealing to the lemmas FIX-PROPERP-CONS,
MAPPING-IMPLIES-ALISTP, and ALISTP-CONS, and opening up the definition of
MAPPING, to:
T.
Case 2.12.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(NOT (SETP (DOMAIN (FIX-PROPERP S1))))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)),
which again simplifies, applying MEMBER-APPEND, DISJOINT-SYMMETRY,
PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and SETP-CONS, to the
new goal:
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(NOT (SETP (DOMAIN (FIX-PROPERP S1))))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2)
(NOT (MEMBER (CAAR S1) (DOMAIN (CDR S1))))
(NOT (MEMBER (CAAR S1) (DOMAIN S2)))
(DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1) and Z by (CONS V W) to eliminate (CAR Z) and (CDR Z).
We would thus like to prove:
(IMPLIES (AND (SETP (DOMAIN (FIX-PROPERP X)))
(SETP (DOMAIN X))
(NOT (SETP (DOMAIN (FIX-PROPERP (CONS (CONS V W) X)))))
(ALISTP (FIX-PROPERP X))
(ALISTP S2)
(NOT (MEMBER V (DOMAIN X)))
(NOT (MEMBER V (DOMAIN S2)))
(DISJOINT (DOMAIN S2) (DOMAIN X)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, rewriting with FIX-PROPERP-CONS, CAR-CONS,
DOMAIN-CONS, MAPPING-IMPLIES-SETP-DOMAIN, SETP-CONS, SUBSETP-DOMAIN,
SUBSETP-REFLEXIVITY, SUBSETP-FIX-PROPERP-1, and MEMBER-SUBSETP, and
opening up the definition of MAPPING, to:
T.
Case 2.11.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (LISTP (CAR S1))))
(EQUAL F (SETP (DOMAIN S2)))).
This again simplifies, obviously, to the new formula:
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (LISTP (CAR S1))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). We thus obtain:
(IMPLIES (AND (SETP (DOMAIN (FIX-PROPERP X)))
(SETP (DOMAIN X))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(NOT (LISTP Z)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, rewriting with DOMAIN-CONS, DISJOINT-SYMMETRY,
FIX-PROPERP-CONS, and ALISTP-CONS, to:
T.
Case 2.10.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP (CDR S1)))))
(EQUAL F (SETP (DOMAIN S2)))).
This again simplifies, clearly, to the new goal:
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). This produces:
(IMPLIES (AND (SETP (DOMAIN (FIX-PROPERP X)))
(SETP (DOMAIN X))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP X))))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, applying DOMAIN-CONS, DISJOINT-SYMMETRY,
FIX-PROPERP-CONS, and ALISTP-CONS, to:
T.
Case 2.9.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1))))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
(SETP (DOMAIN S2)))).
But this again simplifies, appealing to the lemmas MEMBER-APPEND,
DISJOINT-SYMMETRY, PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and
SETP-CONS, to three new formulas:
Case 2.9.3.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(MEMBER (CAAR S1) (DOMAIN (CDR S1))))
(EQUAL F (SETP (DOMAIN S2)))),
which again simplifies, obviously, to:
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(MEMBER (CAAR S1) (DOMAIN (CDR S1))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1) and Z by (CONS V W) to eliminate (CAR Z) and
(CDR Z). This produces:
(IMPLIES (AND (SETP (DOMAIN (FIX-PROPERP X)))
(SETP (DOMAIN X))
(DISJOINT (DOMAIN (CONS (CONS V W) X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS (CONS V W) X)))
(SETP (DOMAIN (FIX-PROPERP (CONS (CONS V W) X))))
(ALISTP S2)
(ALISTP (FIX-PROPERP X))
(MEMBER V (DOMAIN X)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
DISJOINT-CONS-2, DISJOINT-SYMMETRY, FIX-PROPERP-CONS,
MAPPING-IMPLIES-ALISTP, ALISTP-CONS, SUBSETP-DOMAIN, SUBSETP-REFLEXIVITY,
SUBSETP-FIX-PROPERP-2, MEMBER-SUBSETP, and SETP-CONS, and expanding the
definition of MAPPING, to:
T.
Case 2.9.2.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(MEMBER (CAAR S1) (DOMAIN S2)))
(EQUAL F (SETP (DOMAIN S2)))).
This again simplifies, obviously, to:
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(MEMBER (CAAR S1) (DOMAIN S2)))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1) and Z by (CONS V W) to eliminate (CAR Z) and
(CDR Z). We thus obtain the new goal:
(IMPLIES (AND (SETP (DOMAIN (FIX-PROPERP X)))
(SETP (DOMAIN X))
(DISJOINT (DOMAIN (CONS (CONS V W) X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS (CONS V W) X)))
(SETP (DOMAIN (FIX-PROPERP (CONS (CONS V W) X))))
(ALISTP S2)
(ALISTP (FIX-PROPERP X))
(MEMBER V (DOMAIN S2)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, applying CAR-CONS, DOMAIN-CONS, MEMBER-CONS,
DISJOINT-NON-MEMBER, and DISJOINT-SYMMETRY, to:
T.
Case 2.9.1.
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1)))))
(EQUAL F (SETP (DOMAIN S2)))).
This again simplifies, clearly, to the new formula:
(IMPLIES (AND (LISTP S1)
(SETP (DOMAIN (FIX-PROPERP (CDR S1))))
(SETP (DOMAIN (CDR S1)))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(NOT (DISJOINT (DOMAIN S2)
(DOMAIN (CDR S1)))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). This produces:
(IMPLIES (AND (SETP (DOMAIN (FIX-PROPERP X)))
(SETP (DOMAIN X))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(LISTP Z)
(ALISTP (FIX-PROPERP X))
(NOT (DISJOINT (DOMAIN S2) (DOMAIN X))))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, applying DOMAIN-CONS, DISJOINT-CONS-2, and
DISJOINT-SYMMETRY, to:
T.
Case 2.8.
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(NOT (DISJOINT (DOMAIN S1) (DOMAIN S2)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)).
This again simplifies, applying MEMBER-APPEND, DISJOINT-SYMMETRY,
PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and SETP-CONS, and
opening up the function EQUAL, to:
T.
Case 2.7.
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(NOT (ALISTP (FIX-PROPERP S1)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)).
But this again simplifies, applying MEMBER-APPEND, DISJOINT-SYMMETRY,
PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and SETP-CONS, and
opening up the definition of EQUAL, to:
T.
Case 2.6.
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(NOT (SETP (DOMAIN (FIX-PROPERP S1))))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
F)).
But this again simplifies, appealing to the lemmas MEMBER-APPEND,
DISJOINT-SYMMETRY, PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and
SETP-CONS, and unfolding EQUAL, to:
T.
Case 2.5.
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (LISTP (CAR S1))))
(EQUAL F (SETP (DOMAIN S2)))),
which again simplifies, trivially, to the new goal:
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (LISTP (CAR S1))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). This produces:
(IMPLIES (AND (NOT (SETP (DOMAIN (FIX-PROPERP X))))
(NOT (SETP (DOMAIN X)))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(NOT (LISTP Z)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, applying DOMAIN-CONS, DISJOINT-SYMMETRY,
FIX-PROPERP-CONS, and ALISTP-CONS, to:
T.
Case 2.4.
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP (CDR S1)))))
(EQUAL F (SETP (DOMAIN S2)))).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). We thus obtain:
(IMPLIES (AND (NOT (SETP (DOMAIN (FIX-PROPERP X))))
(NOT (SETP (DOMAIN X)))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(NOT (ALISTP (FIX-PROPERP X))))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, rewriting with DOMAIN-CONS, DISJOINT-SYMMETRY,
FIX-PROPERP-CONS, and ALISTP-CONS, to:
T.
Case 2.3.
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1))))
(EQUAL (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2))))
(SETP (DOMAIN S2)))).
But this again simplifies, rewriting with MEMBER-APPEND, DISJOINT-SYMMETRY,
PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and SETP-CONS, to:
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(NOT (SETP (DOMAIN (CDR S1))))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(ALISTP (FIX-PROPERP S1))
(SETP (DOMAIN (FIX-PROPERP S1)))
(ALISTP S2)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1))))
(NOT (SETP (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS Z X) to eliminate
(CDR S1) and (CAR S1). This produces the new conjecture:
(IMPLIES (AND (NOT (SETP (DOMAIN (FIX-PROPERP X))))
(NOT (SETP (DOMAIN X)))
(DISJOINT (DOMAIN (CONS Z X))
(DOMAIN S2))
(ALISTP (FIX-PROPERP (CONS Z X)))
(SETP (DOMAIN (FIX-PROPERP (CONS Z X))))
(ALISTP S2)
(LISTP Z)
(ALISTP (FIX-PROPERP X)))
(NOT (SETP (DOMAIN S2)))),
which further simplifies, applying DOMAIN-CONS, DISJOINT-CONS-2,
DISJOINT-SYMMETRY, FIX-PROPERP-CONS, ALISTP-CONS, and SETP-CONS, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (CDR S1))))
(EQUAL F (SETP (DOMAIN S2)))
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(NOT (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2)))))).
This again simplifies, rewriting with MEMBER-APPEND, DISJOINT-SYMMETRY,
PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and SETP-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S1)
(NOT (SETP (DOMAIN (FIX-PROPERP (CDR S1)))))
(EQUAL (SETP (DOMAIN S2)) F)
(LISTP (CAR S1))
(ALISTP (FIX-PROPERP (CDR S1)))
(ALISTP S2))
(NOT (SETP (CONS (CAAR S1)
(APPEND (DOMAIN (CDR S1))
(DOMAIN S2)))))).
This again simplifies, rewriting with the lemmas MEMBER-APPEND,
DISJOINT-SYMMETRY, PROPERP-DOMAIN, FIX-PROPERP-PROPERP, SETP-APPEND, and
SETP-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP S1))
(EQUAL (MAPPING (APPEND S1 S2))
(AND (DISJOINT (DOMAIN S1) (DOMAIN S2))
(MAPPING (FIX-PROPERP S1))
(MAPPING S2)))),
which simplifies, appealing to the lemmas DOMAIN-NLISTP, DISJOINT-NLISTP,
and FIX-PROPERP-NLISTP, and expanding the definitions of APPEND, MAPPING, OR,
NLISTP, and AND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.5 0.1 ]
MAPPING-APPEND
(DISABLE MAPPING)
[ 0.0 0.0 0.0 ]
MAPPING-OFF
(PROVE-LEMMA ALISTP-RESTRICT
(REWRITE)
(ALISTP (RESTRICT S R)))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) R))
(p (CDR S) R))
(p S R))
(IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) R)))
(p (CDR S) R))
(p S R))
(IMPLIES (NOT (LISTP S)) (p S R))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT S) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to three new
goals:
Case 3. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) R))
(ALISTP (RESTRICT (CDR S) R)))
(ALISTP (RESTRICT S R))),
which simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
ALISTP-CONS, and expanding the functions AND and RESTRICT, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) R)))
(ALISTP (RESTRICT (CDR S) R)))
(ALISTP (RESTRICT S R))).
This simplifies, unfolding the definitions of AND and RESTRICT, to:
T.
Case 1. (IMPLIES (NOT (LISTP S))
(ALISTP (RESTRICT S R))).
This simplifies, expanding RESTRICT and ALISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALISTP-RESTRICT
(PROVE-LEMMA ALISTP-CO-RESTRICT
(REWRITE)
(ALISTP (CO-RESTRICT S R)))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R)))
(p (CDR S) R))
(p S R))
(IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))))
(p (CDR S) R))
(p S R))
(IMPLIES (NOT (LISTP S)) (p S R))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT S) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to three new
goals:
Case 3. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R)))
(ALISTP (CO-RESTRICT (CDR S) R)))
(ALISTP (CO-RESTRICT S R))),
which simplifies, rewriting with ALISTP-CONS, and expanding the functions
NOT, AND, and CO-RESTRICT, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))))
(ALISTP (CO-RESTRICT (CDR S) R)))
(ALISTP (CO-RESTRICT S R))).
This simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
expanding NOT, AND, and CO-RESTRICT, to:
T.
Case 1. (IMPLIES (NOT (LISTP S))
(ALISTP (CO-RESTRICT S R))),
which simplifies, unfolding CO-RESTRICT and ALISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALISTP-CO-RESTRICT
(PROVE-LEMMA VALUE-RESTRICT
(REWRITE)
(IMPLIES (AND (MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (RESTRICT S R))
(VALUE A S))))
Call the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) R))
(p A (CDR S) R))
(p A S R))
(IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) R)))
(p A (CDR S) R))
(p A S R))
(IMPLIES (NOT (LISTP S)) (p A S R))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT S) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to the
following five new goals:
Case 5. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) R))
(NOT (MEMBER A (DOMAIN (CDR S))))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (RESTRICT S R))
(VALUE A S))).
This simplifies, applying the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
MEMBER-INTERSECTION, DOMAIN-RESTRICT, VALUE-WHEN-NOT-BOUND, and VALUE-CONS,
and expanding the functions AND and RESTRICT, to the following two new
formulas:
Case 5.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER (CAAR S) R)
(NOT (MEMBER A (DOMAIN (CDR S))))
(MEMBER A R)
(MEMBER A (DOMAIN S))
(NOT (EQUAL A (CAAR S))))
(EQUAL 0 (VALUE A S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). This generates:
(IMPLIES (AND (MEMBER V R)
(NOT (MEMBER A (DOMAIN Z)))
(MEMBER A R)
(MEMBER A
(DOMAIN (CONS (CONS V W) Z)))
(NOT (EQUAL A V)))
(EQUAL 0
(VALUE A (CONS (CONS V W) Z)))).
However this further simplifies, rewriting with the lemmas CAR-CONS,
DOMAIN-CONS, and MEMBER-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER (CAAR S) R)
(NOT (MEMBER A (DOMAIN (CDR S))))
(MEMBER A R)
(MEMBER A (DOMAIN S))
(EQUAL A (CAAR S)))
(EQUAL (CDAR S) (VALUE A S))),
which again simplifies, clearly, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))
(MEMBER (CAAR S) R)
(MEMBER (CAAR S) (DOMAIN S)))
(EQUAL (CDAR S) (VALUE (CAAR S) S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
This produces:
(IMPLIES (AND (NOT (MEMBER V (DOMAIN Z)))
(MEMBER V R)
(MEMBER V
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL W
(VALUE V (CONS (CONS V W) Z)))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) R))
(EQUAL (VALUE A (RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (RESTRICT S R))
(VALUE A S))).
This simplifies, applying the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and VALUE-CONS, and expanding the functions AND and RESTRICT, to the
following two new formulas:
Case 4.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER (CAAR S) R)
(EQUAL (VALUE A (RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(MEMBER A R)
(MEMBER A (DOMAIN S))
(NOT (EQUAL A (CAAR S))))
(EQUAL (VALUE A (CDR S))
(VALUE A S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). The result is:
(IMPLIES (AND (MEMBER V R)
(EQUAL (VALUE A (RESTRICT Z R))
(VALUE A Z))
(MEMBER A R)
(MEMBER A
(DOMAIN (CONS (CONS V W) Z)))
(NOT (EQUAL A V)))
(EQUAL (VALUE A Z)
(VALUE A (CONS (CONS V W) Z)))).
But this further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, and VALUE-CONS, to:
T.
Case 4.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER (CAAR S) R)
(EQUAL (VALUE A (RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(MEMBER A R)
(MEMBER A (DOMAIN S))
(EQUAL A (CAAR S)))
(EQUAL (CDAR S) (VALUE A S))),
which again simplifies, obviously, to the new formula:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE (CAAR S) (RESTRICT (CDR S) R))
(VALUE (CAAR S) (CDR S)))
(MEMBER (CAAR S) R)
(MEMBER (CAAR S) (DOMAIN S)))
(EQUAL (CDAR S) (VALUE (CAAR S) S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
This produces:
(IMPLIES (AND (EQUAL (VALUE V (RESTRICT Z R))
(VALUE V Z))
(MEMBER V R)
(MEMBER V
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL W
(VALUE V (CONS (CONS V W) Z)))),
which further simplifies, rewriting with the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) R)))
(NOT (MEMBER A (DOMAIN (CDR S))))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (RESTRICT S R))
(VALUE A S))),
which simplifies, rewriting with MEMBER-INTERSECTION, DOMAIN-RESTRICT, and
VALUE-WHEN-NOT-BOUND, and opening up the definitions of AND and RESTRICT, to
the following two new goals:
Case 3.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER A (DOMAIN (CDR S))))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL 0 (VALUE A S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). This generates:
(IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER A (DOMAIN Z)))
(MEMBER A R)
(MEMBER A (DOMAIN (CONS X Z))))
(EQUAL 0 (VALUE A (CONS X Z)))).
However this further simplifies, applying the lemma DOMAIN-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP S)
(NOT (MEMBER (CAAR S) R))
(NOT (MEMBER A (DOMAIN (CDR S))))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL 0 (VALUE A S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
We would thus like to prove the following two new conjectures:
Case 3.1.2.
(IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER (CAR X) R))
(NOT (MEMBER A (DOMAIN Z)))
(MEMBER A R)
(MEMBER A (DOMAIN (CONS X Z))))
(EQUAL 0 (VALUE A (CONS X Z)))).
This further simplifies, applying the lemmas CAR-NLISTP and DOMAIN-CONS,
to:
T.
Case 3.1.1.
(IMPLIES (AND (NOT (MEMBER V R))
(NOT (MEMBER A (DOMAIN Z)))
(MEMBER A R)
(MEMBER A
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL 0
(VALUE A (CONS (CONS V W) Z)))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to:
(IMPLIES (AND (NOT (MEMBER V R))
(NOT (MEMBER A (DOMAIN Z)))
(MEMBER A R)
(EQUAL A V))
(EQUAL 0 W)),
which again simplifies, trivially, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) R)))
(EQUAL (VALUE A (RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (RESTRICT S R))
(VALUE A S))).
This simplifies, unfolding AND and RESTRICT, to the following two new goals:
Case 2.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (VALUE A (RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CDR S))
(VALUE A S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (VALUE A (RESTRICT Z R))
(VALUE A Z))
(MEMBER A R)
(MEMBER A (DOMAIN (CONS X Z))))
(EQUAL (VALUE A Z)
(VALUE A (CONS X Z)))).
But this further simplifies, applying DOMAIN-CONS and VALUE-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S)
(NOT (MEMBER (CAAR S) R))
(EQUAL (VALUE A (RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CDR S))
(VALUE A S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). We must thus prove two new goals:
Case 2.1.2.
(IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER (CAR X) R))
(EQUAL (VALUE A (RESTRICT Z R))
(VALUE A Z))
(MEMBER A R)
(MEMBER A (DOMAIN (CONS X Z))))
(EQUAL (VALUE A Z)
(VALUE A (CONS X Z)))),
which further simplifies, rewriting with the lemmas CAR-NLISTP,
DOMAIN-CONS, and VALUE-CONS, to:
T.
Case 2.1.1.
(IMPLIES (AND (NOT (MEMBER V R))
(EQUAL (VALUE A (RESTRICT Z R))
(VALUE A Z))
(MEMBER A R)
(MEMBER A
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL (VALUE A Z)
(VALUE A (CONS (CONS V W) Z)))),
which further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to two new goals:
Case 2.1.1.2.
(IMPLIES (AND (NOT (MEMBER V R))
(EQUAL (VALUE A (RESTRICT Z R))
(VALUE A Z))
(MEMBER A R)
(EQUAL A V))
(EQUAL (VALUE A Z) W)),
which again simplifies, trivially, to:
T.
Case 2.1.1.1.
(IMPLIES (AND (NOT (MEMBER V R))
(EQUAL (VALUE A (RESTRICT Z R))
(VALUE A Z))
(MEMBER A R)
(MEMBER A (DOMAIN Z))
(EQUAL A V))
(EQUAL (VALUE A Z) W)).
This again simplifies, trivially, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(MEMBER A R)
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (RESTRICT S R))
(VALUE A S))).
This simplifies, applying DOMAIN-NLISTP and MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VALUE-RESTRICT
(PROVE-LEMMA VALUE-CO-RESTRICT
(REWRITE)
(IMPLIES (AND (NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CO-RESTRICT S R))
(VALUE A S))))
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R)))
(p A (CDR S) R))
(p A S R))
(IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))))
(p A (CDR S) R))
(p A S R))
(IMPLIES (NOT (LISTP S)) (p A S R))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces five new goals:
Case 5. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R)))
(NOT (MEMBER A (DOMAIN (CDR S))))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CO-RESTRICT S R))
(VALUE A S))),
which simplifies, rewriting with the lemmas MEMBER-SET-DIFF,
DOMAIN-CO-RESTRICT, VALUE-WHEN-NOT-BOUND, and VALUE-CONS, and unfolding the
functions NOT, AND, and CO-RESTRICT, to two new conjectures:
Case 5.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))
(NOT (MEMBER A (DOMAIN (CDR S))))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S))
(NOT (EQUAL A (CAAR S))))
(EQUAL 0 (VALUE A S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
This produces:
(IMPLIES (AND (NOT (MEMBER V R))
(NOT (MEMBER A (DOMAIN Z)))
(NOT (MEMBER A R))
(MEMBER A
(DOMAIN (CONS (CONS V W) Z)))
(NOT (EQUAL A V)))
(EQUAL 0
(VALUE A (CONS (CONS V W) Z)))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS, and
MEMBER-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))
(NOT (MEMBER A (DOMAIN (CDR S))))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S))
(EQUAL A (CAAR S)))
(EQUAL (CDAR S) (VALUE A S))).
This again simplifies, trivially, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))
(NOT (MEMBER (CAAR S) R))
(MEMBER (CAAR S) (DOMAIN S)))
(EQUAL (CDAR S) (VALUE (CAAR S) S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
We thus obtain:
(IMPLIES (AND (NOT (MEMBER V (DOMAIN Z)))
(NOT (MEMBER V R))
(MEMBER V
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL W
(VALUE V (CONS (CONS V W) Z)))),
which further simplifies, rewriting with the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R)))
(EQUAL (VALUE A (CO-RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CO-RESTRICT S R))
(VALUE A S))),
which simplifies, appealing to the lemma VALUE-CONS, and expanding the
functions NOT, AND, and CO-RESTRICT, to two new conjectures:
Case 4.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))
(EQUAL (VALUE A (CO-RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S))
(NOT (EQUAL A (CAAR S))))
(EQUAL (VALUE A (CDR S))
(VALUE A S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
This produces:
(IMPLIES (AND (NOT (MEMBER V R))
(EQUAL (VALUE A (CO-RESTRICT Z R))
(VALUE A Z))
(NOT (MEMBER A R))
(MEMBER A
(DOMAIN (CONS (CONS V W) Z)))
(NOT (EQUAL A V)))
(EQUAL (VALUE A Z)
(VALUE A (CONS (CONS V W) Z)))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, and VALUE-CONS, to:
T.
Case 4.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))
(EQUAL (VALUE A (CO-RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S))
(EQUAL A (CAAR S)))
(EQUAL (CDAR S) (VALUE A S))).
This again simplifies, obviously, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE (CAAR S)
(CO-RESTRICT (CDR S) R))
(VALUE (CAAR S) (CDR S)))
(NOT (MEMBER (CAAR S) R))
(MEMBER (CAAR S) (DOMAIN S)))
(EQUAL (CDAR S) (VALUE (CAAR S) S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
We thus obtain:
(IMPLIES (AND (EQUAL (VALUE V (CO-RESTRICT Z R))
(VALUE V Z))
(NOT (MEMBER V R))
(MEMBER V
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL W
(VALUE V (CONS (CONS V W) Z)))),
which further simplifies, applying CAR-CONS, DOMAIN-CONS, MEMBER-CONS,
CDR-CONS, and VALUE-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))))
(NOT (MEMBER A (DOMAIN (CDR S))))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CO-RESTRICT S R))
(VALUE A S))).
This simplifies, applying the lemmas MEMBER-SET-DIFF, DOMAIN-CO-RESTRICT,
VALUE-WHEN-NOT-BOUND, SUBSETP-REFLEXIVITY, and MEMBER-SUBSETP, and opening
up NOT, AND, and CO-RESTRICT, to the following two new conjectures:
Case 3.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER A (DOMAIN (CDR S))))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL 0 (VALUE A S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). The result is the conjecture:
(IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER A (DOMAIN Z)))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN (CONS X Z))))
(EQUAL 0 (VALUE A (CONS X Z)))).
This further simplifies, appealing to the lemma DOMAIN-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP S)
(MEMBER (CAAR S) R)
(NOT (MEMBER A (DOMAIN (CDR S))))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL 0 (VALUE A S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
We would thus like to prove the following two new formulas:
Case 3.1.2.
(IMPLIES (AND (NOT (LISTP X))
(MEMBER (CAR X) R)
(NOT (MEMBER A (DOMAIN Z)))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN (CONS X Z))))
(EQUAL 0 (VALUE A (CONS X Z)))).
This further simplifies, applying CAR-NLISTP and DOMAIN-CONS, to:
T.
Case 3.1.1.
(IMPLIES (AND (MEMBER V R)
(NOT (MEMBER A (DOMAIN Z)))
(NOT (MEMBER A R))
(MEMBER A
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL 0
(VALUE A (CONS (CONS V W) Z)))).
However this further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to:
(IMPLIES (AND (MEMBER V R)
(NOT (MEMBER A (DOMAIN Z)))
(NOT (MEMBER A R))
(EQUAL A V))
(EQUAL 0 W)),
which again simplifies, obviously, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) R))))
(EQUAL (VALUE A (CO-RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CO-RESTRICT S R))
(VALUE A S))).
This simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY and
MEMBER-SUBSETP, and opening up the functions NOT, AND, and CO-RESTRICT, to
the following two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (VALUE A (CO-RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CDR S))
(VALUE A S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove the formula:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (VALUE A (CO-RESTRICT Z R))
(VALUE A Z))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN (CONS X Z))))
(EQUAL (VALUE A Z)
(VALUE A (CONS X Z)))).
This further simplifies, appealing to the lemmas DOMAIN-CONS and
VALUE-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S)
(MEMBER (CAAR S) R)
(EQUAL (VALUE A (CO-RESTRICT (CDR S) R))
(VALUE A (CDR S)))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CDR S))
(VALUE A S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
We thus obtain the following two new conjectures:
Case 2.1.2.
(IMPLIES (AND (NOT (LISTP X))
(MEMBER (CAR X) R)
(EQUAL (VALUE A (CO-RESTRICT Z R))
(VALUE A Z))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN (CONS X Z))))
(EQUAL (VALUE A Z)
(VALUE A (CONS X Z)))).
This further simplifies, rewriting with CAR-NLISTP, DOMAIN-CONS, and
VALUE-CONS, to:
T.
Case 2.1.1.
(IMPLIES (AND (MEMBER V R)
(EQUAL (VALUE A (CO-RESTRICT Z R))
(VALUE A Z))
(NOT (MEMBER A R))
(MEMBER A
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL (VALUE A Z)
(VALUE A (CONS (CONS V W) Z)))).
However this further simplifies, appealing to the lemmas CAR-CONS,
DOMAIN-CONS, MEMBER-CONS, CDR-CONS, and VALUE-CONS, to two new goals:
Case 2.1.1.2.
(IMPLIES (AND (MEMBER V R)
(EQUAL (VALUE A (CO-RESTRICT Z R))
(VALUE A Z))
(NOT (MEMBER A R))
(EQUAL A V))
(EQUAL (VALUE A Z) W)),
which again simplifies, clearly, to:
T.
Case 2.1.1.1.
(IMPLIES (AND (MEMBER V R)
(EQUAL (VALUE A (CO-RESTRICT Z R))
(VALUE A Z))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN Z))
(EQUAL A V))
(EQUAL (VALUE A Z) W)).
This again simplifies, clearly, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(NOT (MEMBER A R))
(MEMBER A (DOMAIN S)))
(EQUAL (VALUE A (CO-RESTRICT S R))
(VALUE A S))).
This simplifies, rewriting with DOMAIN-NLISTP and MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VALUE-CO-RESTRICT
(PROVE-LEMMA MAPPING-RESTRICT
(REWRITE)
(IMPLIES (MAPPING S)
(MAPPING (RESTRICT S X)))
((ENABLE MAPPING)))
This conjecture can be simplified, using the abbreviations MAPPING and IMPLIES,
to:
(IMPLIES (AND (ALISTP S) (SETP (DOMAIN S)))
(MAPPING (RESTRICT S X))).
This simplifies, rewriting with SETP-INTERSECTION-SUFFICIENCY, DOMAIN-RESTRICT,
and ALISTP-RESTRICT, and expanding MAPPING, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MAPPING-RESTRICT
(PROVE-LEMMA MAPPING-CO-RESTRICT
(REWRITE)
(IMPLIES (MAPPING S)
(MAPPING (CO-RESTRICT S X)))
((ENABLE MAPPING)))
This conjecture can be simplified, using the abbreviations MAPPING and IMPLIES,
to:
(IMPLIES (AND (ALISTP S) (SETP (DOMAIN S)))
(MAPPING (CO-RESTRICT S X))).
This simplifies, rewriting with SETP-SET-DIFF-SUFFICIENCY, DOMAIN-CO-RESTRICT,
and ALISTP-CO-RESTRICT, and expanding MAPPING, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MAPPING-CO-RESTRICT
(DISABLE RESTRICT)
[ 0.0 0.0 0.0 ]
RESTRICT-OFF
(DISABLE CO-RESTRICT)
[ 0.0 0.0 0.0 ]
CO-RESTRICT-OFF
(CONSTRAIN VARIABLEP-INTRO
(REWRITE)
(AND (IMPLIES (LISTP X)
(NOT (VARIABLEP X)))
(OR (TRUEP (VARIABLEP X))
(FALSEP (VARIABLEP X))))
((VARIABLEP NLISTP)))
WARNING: Note that the proposed lemma VARIABLEP-INTRO is to be stored as one
type prescription rule, zero compound recognizer rules, zero linear rules, and
one replacement rule.
We will verify the consistency and the conservative nature of this constraint
by attempting to prove:
(AND (IMPLIES (LISTP X) (NOT (NLISTP X)))
(OR (TRUEP (NLISTP X))
(FALSEP (NLISTP X)))).
This formula can be simplified, using the abbreviations OR, NLISTP, NOT,
IMPLIES, and AND, to the following two new formulas:
Case 2. T.
This simplifies, clearly, to:
T.
Case 1. (IMPLIES (NOT (TRUEP (NLISTP X)))
(FALSEP (NLISTP X))).
This simplifies, trivially, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLEP-INTRO
(DEFN VARIABLE-LISTP
(X)
(IF (LISTP X)
(AND (VARIABLEP (CAR X))
(VARIABLE-LISTP (CDR X)))
(EQUAL X NIL)))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, VARIABLE-LISTP is accepted under the principle of
definition. Note that:
(OR (FALSEP (VARIABLE-LISTP X))
(TRUEP (VARIABLE-LISTP X)))
is a theorem.
[ 0.0 0.0 0.0 ]
VARIABLE-LISTP
(PROVE-LEMMA VARIABLE-LISTP-IMPLIES-PROPERP
(REWRITE)
(IMPLIES (VARIABLE-LISTP X)
(PROPERP X)))
Call the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X)))
(p X))
(IMPLIES (NOT (LISTP X)) (p X))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP X))
(PROPERP X)).
This simplifies, expanding the definition of VARIABLE-LISTP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(PROPERP (CDR X))
(VARIABLE-LISTP X))
(PROPERP X)).
This simplifies, expanding VARIABLE-LISTP, to:
(IMPLIES (AND (LISTP X)
(PROPERP (CDR X))
(VARIABLEP (CAR X))
(VARIABLE-LISTP (CDR X)))
(PROPERP X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain the new formula:
(IMPLIES (AND (PROPERP Z)
(VARIABLEP V)
(VARIABLE-LISTP Z))
(PROPERP (CONS V Z))),
which further simplifies, applying PROPERP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(VARIABLE-LISTP X))
(PROPERP X)).
This simplifies, opening up the functions VARIABLE-LISTP and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLE-LISTP-IMPLIES-PROPERP
(PROVE-LEMMA VARIABLE-LISTP-CONS
(REWRITE)
(EQUAL (VARIABLE-LISTP (CONS A X))
(AND (VARIABLEP A)
(VARIABLE-LISTP X))))
This simplifies, rewriting with CDR-CONS and CAR-CONS, and expanding
VARIABLE-LISTP and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLE-LISTP-CONS
(PROVE-LEMMA VARIABLE-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (VARIABLE-LISTP X)
(EQUAL X NIL))))
This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to:
(IMPLIES (NOT (LISTP X))
(EQUAL (VARIABLE-LISTP X)
(EQUAL X NIL))),
which simplifies, opening up VARIABLE-LISTP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLE-NLISTP
(DISABLE VARIABLE-LISTP)
[ 0.0 0.0 0.0 ]
VARIABLE-LISTP-OFF
(CONSTRAIN FUNCTION-SYMBOL-INTRO
(REWRITE)
(FUNCTION-SYMBOL-P (FN))
((FUNCTION-SYMBOL-P LITATOM)
(FN (LAMBDA NIL 'ZERO))))
We will verify the consistency and the conservative nature of this constraint
by attempting to prove (LITATOM (QUOTE ZERO)).
This simplifies, trivially, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
FUNCTION-SYMBOL-INTRO
(DEFN TERMP
(FLG X)
(IF FLG
(IF (VARIABLEP X)
T
(IF (LISTP X)
(AND (FUNCTION-SYMBOL-P (CAR X))
(TERMP F (CDR X)))
F))
(IF (LISTP X)
(AND (TERMP T (CAR X))
(TERMP F (CDR X)))
(EQUAL X NIL))))
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that
the measure (COUNT X) decreases according to the well-founded relation LESSP
in each recursive call. Hence, TERMP is accepted under the definitional
principle. Observe that (OR (FALSEP (TERMP FLG X)) (TRUEP (TERMP FLG X))) is
a theorem.
[ 0.0 0.0 0.0 ]
TERMP
(PROVE-LEMMA TERMP-LIST-CONS
(REWRITE)
(EQUAL (TERMP F (CONS A X))
(AND (TERMP T A) (TERMP F X))))
This simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and opening up
the functions TERMP and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-LIST-CONS
(PROVE-LEMMA TERMP-LIST-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (TERMP F X) (EQUAL X NIL))))
This conjecture can be simplified, using the abbreviations NLISTP and IMPLIES,
to the goal:
(IMPLIES (NOT (LISTP X))
(EQUAL (TERMP F X) (EQUAL X NIL))).
This simplifies, opening up the definition of TERMP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-LIST-NLISTP
(PROVE-LEMMA TERMP-T-CONS
(REWRITE)
(IMPLIES FLG
(EQUAL (TERMP FLG (CONS A X))
(AND (FUNCTION-SYMBOL-P A)
(TERMP F X)))))
This conjecture simplifies, rewriting with CDR-CONS, CAR-CONS, and
VARIABLEP-INTRO, and expanding the definitions of TERMP and AND, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-T-CONS
(PROVE-LEMMA TERMP-T-NLISTP
(REWRITE)
(IMPLIES (AND FLG (NOT (LISTP X)))
(EQUAL (TERMP FLG X) (VARIABLEP X))))
This simplifies, opening up the function TERMP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-T-NLISTP
(DISABLE TERMP)
[ 0.0 0.0 0.0 ]
TERMP-OFF
(PROVE-LEMMA TERMP-LIST-IMPLIES-PROPERP
(REWRITE)
(IMPLIES (TERMP F X) (PROPERP X))
((INDUCT (PROPERP X))))
This conjecture can be simplified, using the abbreviations IMPLIES, NOT, OR,
and AND, to two new goals:
Case 2. (IMPLIES (AND (LISTP X)
(IMPLIES (TERMP F (CDR X))
(PROPERP (CDR X)))
(TERMP F X))
(PROPERP X)),
which simplifies, expanding the definition of IMPLIES, to two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP F X))
(PROPERP X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces:
(IMPLIES (AND (NOT (TERMP F Z))
(TERMP F (CONS V Z)))
(PROPERP (CONS V Z))),
which further simplifies, applying TERMP-LIST-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(PROPERP (CDR X))
(TERMP F X))
(PROPERP X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (PROPERP Z) (TERMP F (CONS V Z)))
(PROPERP (CONS V Z))).
But this further simplifies, rewriting with the lemmas TERMP-LIST-CONS and
PROPERP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (TERMP F X))
(PROPERP X)),
which simplifies, appealing to the lemma TERMP-LIST-NLISTP, and opening up
PROPERP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-LIST-IMPLIES-PROPERP
(DEFN ALL-VARS
(FLG X)
(IF FLG
(IF (VARIABLEP X)
(LIST X)
(IF (LISTP X)
(ALL-VARS F (CDR X))
NIL))
(IF (LISTP X)
(APPEND (ALL-VARS T (CAR X))
(ALL-VARS F (CDR X)))
NIL)))
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that
the measure (COUNT X) decreases according to the well-founded relation LESSP
in each recursive call. Hence, ALL-VARS is accepted under the principle of
definition. Observe that:
(OR (LITATOM (ALL-VARS FLG X))
(LISTP (ALL-VARS FLG X)))
is a theorem.
[ 0.0 0.0 0.0 ]
ALL-VARS
(PROVE-LEMMA PROPERP-ALL-VARS
(REWRITE)
(PROPERP (ALL-VARS FLG X)))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND FLG (VARIABLEP X))
(p FLG X))
(IMPLIES (AND FLG
(NOT (VARIABLEP X))
(LISTP X)
(p F (CDR X)))
(p FLG X))
(IMPLIES (AND FLG
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p F (CDR X))
(p T (CAR X)))
(p FLG X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p FLG X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to show
that the measure (COUNT X) decreases according to the well-founded relation
LESSP in each induction step of the scheme. Note, however, the inductive
instances chosen for FLG. The above induction scheme leads to five new goals:
Case 5. (IMPLIES (AND FLG (VARIABLEP X))
(PROPERP (ALL-VARS FLG X))),
which simplifies, rewriting with VARIABLE-LISTP-CONS and
VARIABLE-LISTP-IMPLIES-PROPERP, and expanding the functions ALL-VARS and
VARIABLE-LISTP, to:
T.
Case 4. (IMPLIES (AND FLG
(NOT (VARIABLEP X))
(LISTP X)
(PROPERP (ALL-VARS F (CDR X))))
(PROPERP (ALL-VARS FLG X))).
This simplifies, rewriting with VARIABLEP-INTRO, and expanding ALL-VARS, to:
T.
Case 3. (IMPLIES (AND FLG
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(PROPERP (ALL-VARS FLG X))),
which simplifies, unfolding ALL-VARS and PROPERP, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(PROPERP (ALL-VARS F (CDR X)))
(PROPERP (ALL-VARS T (CAR X))))
(PROPERP (ALL-VARS FLG X))),
which simplifies, applying PROPERP-APPEND, and unfolding the definition of
ALL-VARS, to:
T.
Case 1. (IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(PROPERP (ALL-VARS FLG X))).
This simplifies, opening up ALL-VARS and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-ALL-VARS
(PROVE-LEMMA ALL-VARS-LIST-CONS
(REWRITE)
(EQUAL (ALL-VARS F (CONS A X))
(APPEND (ALL-VARS T A)
(ALL-VARS F X)))
((ENABLE ALL-VARS)))
This simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and opening up
the function ALL-VARS, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-LIST-CONS
(PROVE-LEMMA ALL-VARS-T-CONS
(REWRITE)
(IMPLIES FLG
(EQUAL (ALL-VARS FLG (CONS A X))
(ALL-VARS F X))))
This formula simplifies, appealing to the lemmas CDR-CONS and VARIABLEP-INTRO,
and expanding the function ALL-VARS, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-T-CONS
(PROVE-LEMMA ALL-VARS-SUBSETP-APPEND-HACK
(REWRITE)
(IMPLIES (AND FLG1 FLG2)
(AND (SUBSETP (ALL-VARS FLG1 X)
(APPEND (ALL-VARS FLG2 X) Y))
(SUBSETP (ALL-VARS FLG1 X)
(APPEND Y (ALL-VARS FLG2 X))))))
WARNING: Note that the proposed lemma ALL-VARS-SUBSETP-APPEND-HACK is to be
stored as zero type prescription rules, zero compound recognizer rules, zero
linear rules, and two replacement rules.
This conjecture simplifies, expanding AND, to the following two new
conjectures:
Case 2. (IMPLIES (AND FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND (ALL-VARS FLG2 X) Y))).
Name the above subgoal *1.
Case 1. (IMPLIES (AND FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND Y (ALL-VARS FLG2 X)))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(AND (IMPLIES (AND FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND (ALL-VARS FLG2 X) Y)))
(IMPLIES (AND FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND Y (ALL-VARS FLG2 X))))).
We gave this the name *1 above. Perhaps we can prove it by induction. There
are five plausible inductions. They merge into two likely candidate
inductions, both of which are unflawed. So we will choose the one suggested
by the largest number of nonprimitive recursive functions. We will induct
according to the following scheme:
(AND (IMPLIES (AND FLG1 (VARIABLEP X))
(p FLG1 X Y FLG2))
(IMPLIES (AND FLG1
(NOT (VARIABLEP X))
(LISTP X)
(p F (CDR X) Y F))
(p FLG1 X Y FLG2))
(IMPLIES (AND FLG1
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG1 X Y FLG2))
(IMPLIES (AND (NOT FLG1)
(LISTP X)
(p F (CDR X) Y F)
(p T (CAR X) Y T))
(p FLG1 X Y FLG2))
(IMPLIES (AND (NOT FLG1) (NOT (LISTP X)))
(p FLG1 X Y FLG2))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to show
that the measure (COUNT X) decreases according to the well-founded relation
LESSP in each induction step of the scheme. Note, however, the inductive
instances chosen for FLG2 and FLG1. The above induction scheme generates six
new goals:
Case 6. (IMPLIES (AND (VARIABLEP X) FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND (ALL-VARS FLG2 X) Y))),
which simplifies, rewriting with CDR-CONS, CAR-CONS, MEMBER-CONS,
MEMBER-NLISTP, SUBSETP-NLISTP, SUBSETP-CONS-NOT-MEMBER, and SUBSETP-CONS-1,
and opening up the definitions of ALL-VARS, APPEND, and LISTP, to:
T.
Case 5. (IMPLIES (AND (NOT (VARIABLEP X))
(LISTP X)
FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND (ALL-VARS FLG2 X) Y))).
This simplifies, appealing to the lemmas VARIABLEP-INTRO,
SUBSETP-REFLEXIVITY, and SUBSETP-OF-APPEND-SUFFICIENCY, and expanding the
definitions of ALL-VARS and OR, to:
T.
Case 4. (IMPLIES (AND (NOT (VARIABLEP X))
(NOT (LISTP X))
FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND (ALL-VARS FLG2 X) Y))).
This simplifies, rewriting with the lemma SUBSETP-NLISTP, and unfolding the
definitions of ALL-VARS, LISTP, and APPEND, to:
T.
Case 3. (IMPLIES (AND (VARIABLEP X) FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND Y (ALL-VARS FLG2 X)))).
This simplifies, applying the lemmas SUBSETP-REFLEXIVITY, SUBSETP-CONS-1,
SUBSETP-NLISTP, and SUBSETP-OF-APPEND-SUFFICIENCY, and unfolding the
definitions of ALL-VARS and OR, to:
T.
Case 2. (IMPLIES (AND (NOT (VARIABLEP X))
(LISTP X)
FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND Y (ALL-VARS FLG2 X)))).
This simplifies, rewriting with the lemmas VARIABLEP-INTRO,
SUBSETP-REFLEXIVITY, and SUBSETP-OF-APPEND-SUFFICIENCY, and unfolding
ALL-VARS and OR, to:
T.
Case 1. (IMPLIES (AND (NOT (VARIABLEP X))
(NOT (LISTP X))
FLG1 FLG2)
(SUBSETP (ALL-VARS FLG1 X)
(APPEND Y (ALL-VARS FLG2 X)))).
This simplifies, rewriting with APPEND-NIL, SUBSETP-NLISTP, and
SUBSETP-FIX-PROPERP-2, and unfolding the function ALL-VARS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-SUBSETP-APPEND-HACK
(PROVE-LEMMA ALL-VARS-FLG-BOOLEAN NIL
(IMPLIES FLG
(EQUAL (ALL-VARS FLG X)
(ALL-VARS T X)))
((ENABLE-THEORY T)))
Give the conjecture the name *1.
We will try to prove it by induction. There are two plausible inductions.
However, they merge into one likely candidate induction. We will induct
according to the following scheme:
(AND (IMPLIES (AND FLG (VARIABLEP X))
(p FLG X))
(IMPLIES (AND FLG
(NOT (VARIABLEP X))
(LISTP X)
(p F (CDR X)))
(p FLG X))
(IMPLIES (AND FLG
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p T (CAR X))
(p F (CDR X)))
(p FLG X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p FLG X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. Note, however, the inductive instances
chosen for FLG. The above induction scheme generates three new goals:
Case 3. (IMPLIES (AND (VARIABLEP X) FLG)
(EQUAL (ALL-VARS FLG X)
(ALL-VARS T X))),
which simplifies, expanding ALL-VARS, to:
T.
Case 2. (IMPLIES (AND (NOT (VARIABLEP X))
(LISTP X)
FLG)
(EQUAL (ALL-VARS FLG X)
(ALL-VARS T X))),
which simplifies, appealing to the lemma VARIABLEP-INTRO, and unfolding the
definition of ALL-VARS, to:
T.
Case 1. (IMPLIES (AND (NOT (VARIABLEP X))
(NOT (LISTP X))
FLG)
(EQUAL (ALL-VARS FLG X)
(ALL-VARS T X))),
which simplifies, unfolding the definitions of ALL-VARS and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-FLG-BOOLEAN
(DISABLE ALL-VARS)
[ 0.0 0.0 0.0 ]
ALL-VARS-OFF
(DEFTHEORY TERM-DEFNS
(VARIABLEP-INTRO VARIABLE-LISTP TERMP FUNCTION-SYMBOL-INTRO
ALL-VARS))
[ 0.0 0.0 0.0 ]
TERM-DEFNS
(PROVE-LEMMA VARIABLE-LISTP-SET-DIFF
(REWRITE)
(IMPLIES (VARIABLE-LISTP X)
(VARIABLE-LISTP (SET-DIFF X Y)))
((ENABLE-THEORY TERM-DEFNS)))
Call the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following three new formulas:
Case 3. (IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (SET-DIFF X Y))).
This simplifies, expanding the definition of VARIABLE-LISTP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(VARIABLE-LISTP (SET-DIFF (CDR X) Y))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (SET-DIFF X Y))).
This simplifies, opening up the function VARIABLE-LISTP, to the new goal:
(IMPLIES (AND (LISTP X)
(VARIABLE-LISTP (SET-DIFF (CDR X) Y))
(VARIABLEP (CAR X))
(VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP (SET-DIFF X Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces:
(IMPLIES (AND (VARIABLE-LISTP (SET-DIFF Z Y))
(VARIABLEP V)
(VARIABLE-LISTP Z))
(VARIABLE-LISTP (SET-DIFF (CONS V Z) Y))),
which further simplifies, applying SET-DIFF-CONS, to:
(IMPLIES (AND (VARIABLE-LISTP (SET-DIFF Z Y))
(VARIABLEP V)
(VARIABLE-LISTP Z)
(NOT (MEMBER V Y)))
(VARIABLE-LISTP (CONS V (SET-DIFF Z Y)))),
which again simplifies, applying the lemma VARIABLE-LISTP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (SET-DIFF X Y))),
which simplifies, applying the lemmas VARIABLE-NLISTP and SET-DIFF-NLISTP,
and expanding the definition of VARIABLE-LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLE-LISTP-SET-DIFF
(PROVE-LEMMA ALL-VARS-VARIABLEP
(REWRITE)
(IMPLIES (AND FLG (VARIABLEP X))
(EQUAL (ALL-VARS FLG X) (LIST X)))
((ENABLE-THEORY T)))
This conjecture simplifies, expanding the definition of ALL-VARS, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-VARIABLEP
(PROVE-LEMMA MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP
(REWRITE)
(IMPLIES (AND (MEMBER A X) (VARIABLE-LISTP X))
(VARIABLEP A))
((ENABLE-THEORY T)))
WARNING: Note that MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP contains the free
variable X which will be chosen by instantiating the hypothesis (MEMBER A X).
Name the conjecture *1.
We will appeal to induction. The recursive terms in the conjecture
suggest two inductions. However, they merge into one likely candidate
induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p A X))
(IMPLIES (AND (NOT (NLISTP X))
(EQUAL A (CAR X)))
(p A X))
(IMPLIES (AND (NOT (NLISTP X))
(NOT (EQUAL A (CAR X)))
(p A (CDR X)))
(p A X))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP inform us that the measure (COUNT X) decreases according to the
well-founded relation LESSP in each induction step of the scheme. The above
induction scheme produces the following four new formulas:
Case 4. (IMPLIES (AND (NLISTP X)
(MEMBER A X)
(VARIABLE-LISTP X))
(VARIABLEP A)).
This simplifies, applying MEMBER-NLISTP, and expanding NLISTP, to:
T.
Case 3. (IMPLIES (AND (NOT (NLISTP X))
(EQUAL A (CAR X))
(MEMBER A X)
(VARIABLE-LISTP X))
(VARIABLEP A)),
which simplifies, expanding the definitions of NLISTP, MEMBER, and
VARIABLE-LISTP, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X))
(NOT (EQUAL A (CAR X)))
(NOT (MEMBER A (CDR X)))
(MEMBER A X)
(VARIABLE-LISTP X))
(VARIABLEP A)),
which simplifies, opening up NLISTP and MEMBER, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(NOT (EQUAL A (CAR X)))
(NOT (VARIABLE-LISTP (CDR X)))
(MEMBER A X)
(VARIABLE-LISTP X))
(VARIABLEP A)),
which simplifies, opening up the definitions of NLISTP, MEMBER, and
VARIABLE-LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP
(PROVE-LEMMA VARIABLE-LISTP-INTERSECTION
(REWRITE)
(IMPLIES (OR (VARIABLE-LISTP X)
(VARIABLE-LISTP Y))
(VARIABLE-LISTP (INTERSECTION X Y)))
((ENABLE INTERSECTION)))
This simplifies, unfolding the definition of OR, to the following two new
goals:
Case 2. (IMPLIES (VARIABLE-LISTP X)
(VARIABLE-LISTP (INTERSECTION X Y))).
Name the above subgoal *1.
Case 1. (IMPLIES (VARIABLE-LISTP Y)
(VARIABLE-LISTP (INTERSECTION X Y))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(AND (IMPLIES (VARIABLE-LISTP Y)
(VARIABLE-LISTP (INTERSECTION X Y)))
(IMPLIES (VARIABLE-LISTP X)
(VARIABLE-LISTP (INTERSECTION X Y)))),
which we named *1 above. We will appeal to induction. There are two
plausible inductions. However, they merge into one likely candidate induction.
We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates the following eight new
formulas:
Case 8. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(VARIABLE-LISTP (INTERSECTION (CDR X) Y))
(VARIABLE-LISTP Y))
(VARIABLE-LISTP (INTERSECTION X Y))).
This simplifies, applying SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, and VARIABLE-LISTP-CONS, and
opening up the function INTERSECTION, to:
T.
Case 7. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(VARIABLE-LISTP (INTERSECTION (CDR X) Y))
(VARIABLE-LISTP Y))
(VARIABLE-LISTP (INTERSECTION X Y))),
which simplifies, opening up the definition of INTERSECTION, to:
T.
Case 6. (IMPLIES (AND (NOT (LISTP X))
(VARIABLE-LISTP Y))
(VARIABLE-LISTP (INTERSECTION X Y))),
which simplifies, applying DISJOINT-NLISTP and
DISJOINT-IMPLIES-EMPTY-INTERSECTION, and opening up the functions NLISTP, OR,
and VARIABLE-LISTP, to:
T.
Case 5. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (VARIABLE-LISTP Y))
(NOT (VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (INTERSECTION X Y))).
This simplifies, rewriting with SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
VARIABLE-LISTP-CONS, and expanding the definition of INTERSECTION, to two
new formulas:
Case 5.2.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (VARIABLE-LISTP Y))
(NOT (VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP X))
(VARIABLEP (CAR X))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (MEMBER Z Y)
(NOT (VARIABLE-LISTP Y))
(NOT (VARIABLE-LISTP V))
(VARIABLE-LISTP (CONS Z V)))
(VARIABLEP Z)),
which further simplifies, rewriting with VARIABLE-LISTP-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(NOT (VARIABLE-LISTP Y))
(NOT (VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (INTERSECTION (CDR X) Y))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). The result is:
(IMPLIES (AND (MEMBER Z Y)
(NOT (VARIABLE-LISTP Y))
(NOT (VARIABLE-LISTP V))
(VARIABLE-LISTP (CONS Z V)))
(VARIABLE-LISTP (INTERSECTION V Y))).
However this further simplifies, rewriting with VARIABLE-LISTP-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(VARIABLE-LISTP (INTERSECTION (CDR X) Y))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (INTERSECTION X Y))).
This simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
and VARIABLE-LISTP-CONS, and expanding INTERSECTION, to the new formula:
(IMPLIES (AND (LISTP X)
(MEMBER (CAR X) Y)
(VARIABLE-LISTP (INTERSECTION (CDR X) Y))
(VARIABLE-LISTP X))
(VARIABLEP (CAR X))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain the new conjecture:
(IMPLIES (AND (MEMBER Z Y)
(VARIABLE-LISTP (INTERSECTION V Y))
(VARIABLE-LISTP (CONS Z V)))
(VARIABLEP Z)),
which further simplifies, applying VARIABLE-LISTP-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (VARIABLE-LISTP Y))
(NOT (VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (INTERSECTION X Y))).
This simplifies, opening up the definition of INTERSECTION, to:
(IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(NOT (VARIABLE-LISTP Y))
(NOT (VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (INTERSECTION (CDR X) Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain the new conjecture:
(IMPLIES (AND (NOT (MEMBER Z Y))
(NOT (VARIABLE-LISTP Y))
(NOT (VARIABLE-LISTP V))
(VARIABLE-LISTP (CONS Z V)))
(VARIABLE-LISTP (INTERSECTION V Y))),
which further simplifies, applying VARIABLE-LISTP-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (MEMBER (CAR X) Y))
(VARIABLE-LISTP (INTERSECTION (CDR X) Y))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (INTERSECTION X Y))).
This simplifies, unfolding INTERSECTION, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(VARIABLE-LISTP X))
(VARIABLE-LISTP (INTERSECTION X Y))).
This simplifies, rewriting with VARIABLE-NLISTP, DISJOINT-NLISTP, and
DISJOINT-IMPLIES-EMPTY-INTERSECTION, and expanding the definitions of NLISTP,
OR, and VARIABLE-LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VARIABLE-LISTP-INTERSECTION
(PROVE-LEMMA VARIABLE-LISTP-DOMAIN-RESTRICT
(REWRITE)
(IMPLIES (VARIABLE-LISTP (DOMAIN S))
(VARIABLE-LISTP (DOMAIN (RESTRICT S X)))))
This conjecture can be simplified, using the abbreviations IMPLIES and
DOMAIN-RESTRICT, to:
(IMPLIES (VARIABLE-LISTP (DOMAIN S))
(VARIABLE-LISTP (INTERSECTION (DOMAIN S) X))).
This simplifies, applying VARIABLE-LISTP-INTERSECTION, and unfolding the
function OR, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLE-LISTP-DOMAIN-RESTRICT
(PROVE-LEMMA VARIABLE-LISTP-DOMAIN-CO-RESTRICT
(REWRITE)
(IMPLIES (VARIABLE-LISTP (DOMAIN S))
(VARIABLE-LISTP (DOMAIN (CO-RESTRICT S X)))))
This conjecture can be simplified, using the abbreviations IMPLIES and
DOMAIN-CO-RESTRICT, to:
(IMPLIES (VARIABLE-LISTP (DOMAIN S))
(VARIABLE-LISTP (SET-DIFF (DOMAIN S) X))).
This simplifies, applying VARIABLE-LISTP-SET-DIFF, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLE-LISTP-DOMAIN-CO-RESTRICT
(PROVE-LEMMA TERMP-RANGE-RESTRICT
(REWRITE)
(IMPLIES (TERMP F (RANGE S))
(TERMP F (RANGE (RESTRICT S X))))
((ENABLE RESTRICT)))
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) X))
(p (CDR S) X))
(p S X))
(IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) X)))
(p (CDR S) X))
(p S X))
(IMPLIES (NOT (LISTP S)) (p S X))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT S) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme generates the
following five new conjectures:
Case 5. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) X))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F (RANGE (RESTRICT S X)))).
This simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
RANGE-CONS, and TERMP-LIST-CONS, and expanding the functions AND and
RESTRICT, to the following two new goals:
Case 5.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER (CAAR S) X)
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP T (CDAR S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). The result is:
(IMPLIES (AND (MEMBER W X)
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP T D)).
This further simplifies, rewriting with CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER (CAAR S) X)
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F
(RANGE (RESTRICT (CDR S) X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This generates the goal:
(IMPLIES (AND (MEMBER W X)
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP F (RANGE (RESTRICT V X)))).
However this further simplifies, applying CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(MEMBER (CAAR S) X))
(TERMP F (RANGE (RESTRICT (CDR S) X)))
(TERMP F (RANGE S)))
(TERMP F (RANGE (RESTRICT S X)))).
This simplifies, applying the lemmas SUBSETP-REFLEXIVITY, MEMBER-SUBSETP,
RANGE-CONS, and TERMP-LIST-CONS, and expanding the definitions of AND and
RESTRICT, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MEMBER (CAAR S) X)
(TERMP F (RANGE (RESTRICT (CDR S) X)))
(TERMP F (RANGE S)))
(TERMP T (CDAR S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS Z V) to eliminate
(CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We would thus like to prove:
(IMPLIES (AND (MEMBER W X)
(TERMP F (RANGE (RESTRICT V X)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP T D)),
which further simplifies, applying CDR-CONS, RANGE-CONS, and TERMP-LIST-CONS,
to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) X)))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F (RANGE (RESTRICT S X)))).
This simplifies, opening up the functions AND and RESTRICT, to the following
two new goals:
Case 3.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F
(RANGE (RESTRICT (CDR S) X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). The result is the formula:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP F (RANGE (RESTRICT V X)))).
But this further simplifies, applying RANGE-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP S)
(NOT (MEMBER (CAAR S) X))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F
(RANGE (RESTRICT (CDR S) X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This generates two new formulas:
Case 3.1.2.
(IMPLIES (AND (NOT (LISTP Z))
(NOT (MEMBER (CAR Z) X))
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP F (RANGE (RESTRICT V X)))),
which further simplifies, rewriting with CAR-NLISTP and RANGE-CONS, to:
T.
Case 3.1.1.
(IMPLIES (AND (NOT (MEMBER W X))
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP F (RANGE (RESTRICT V X)))).
However this further simplifies, applying CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(MEMBER (CAAR S) X)))
(TERMP F (RANGE (RESTRICT (CDR S) X)))
(TERMP F (RANGE S)))
(TERMP F (RANGE (RESTRICT S X)))).
This simplifies, unfolding AND and RESTRICT, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(TERMP F (RANGE S)))
(TERMP F (RANGE (RESTRICT S X)))).
This simplifies, rewriting with RANGE-NLISTP, and expanding TERMP, RESTRICT,
and RANGE, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-RANGE-RESTRICT
(PROVE-LEMMA TERMP-RANGE-CO-RESTRICT
(REWRITE)
(IMPLIES (TERMP F (RANGE S))
(TERMP F (RANGE (CO-RESTRICT S X))))
((ENABLE CO-RESTRICT)))
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) X)))
(p (CDR S) X))
(p S X))
(IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) X))))
(p (CDR S) X))
(p S X))
(IMPLIES (NOT (LISTP S)) (p S X))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT S) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme generates the
following five new conjectures:
Case 5. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) X)))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F (RANGE (CO-RESTRICT S X)))).
This simplifies, appealing to the lemmas RANGE-CONS and TERMP-LIST-CONS, and
expanding the functions NOT, AND, and CO-RESTRICT, to the following two new
goals:
Case 5.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) X))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP T (CDAR S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). The result is:
(IMPLIES (AND (NOT (MEMBER W X))
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP T D)).
This further simplifies, rewriting with CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) X))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F
(RANGE (CO-RESTRICT (CDR S) X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This generates the goal:
(IMPLIES (AND (NOT (MEMBER W X))
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP F (RANGE (CO-RESTRICT V X)))).
However this further simplifies, applying CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) X)))
(TERMP F
(RANGE (CO-RESTRICT (CDR S) X)))
(TERMP F (RANGE S)))
(TERMP F (RANGE (CO-RESTRICT S X)))).
This simplifies, applying the lemmas RANGE-CONS and TERMP-LIST-CONS, and
expanding the definitions of NOT, AND, and CO-RESTRICT, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) X))
(TERMP F
(RANGE (CO-RESTRICT (CDR S) X)))
(TERMP F (RANGE S)))
(TERMP T (CDAR S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS Z V) to eliminate
(CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We would thus like to prove:
(IMPLIES (AND (NOT (MEMBER W X))
(TERMP F (RANGE (CO-RESTRICT V X)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP T D)),
which further simplifies, applying CDR-CONS, RANGE-CONS, and TERMP-LIST-CONS,
to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) X))))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F (RANGE (CO-RESTRICT S X)))).
This simplifies, appealing to the lemmas SUBSETP-REFLEXIVITY and
MEMBER-SUBSETP, and expanding the functions NOT, AND, and CO-RESTRICT, to
the following two new conjectures:
Case 3.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F
(RANGE (CO-RESTRICT (CDR S) X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). This generates:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP F (RANGE (CO-RESTRICT V X)))).
But this further simplifies, applying RANGE-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP S)
(MEMBER (CAAR S) X)
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(TERMP F
(RANGE (CO-RESTRICT (CDR S) X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This generates two new formulas:
Case 3.1.2.
(IMPLIES (AND (NOT (LISTP Z))
(MEMBER (CAR Z) X)
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP F (RANGE (CO-RESTRICT V X)))),
which further simplifies, rewriting with CAR-NLISTP and RANGE-CONS, to:
T.
Case 3.1.1.
(IMPLIES (AND (MEMBER W X)
(NOT (TERMP F (RANGE V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP F (RANGE (CO-RESTRICT V X)))).
However this further simplifies, applying CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(NOT (MEMBER (CAAR S) X))))
(TERMP F
(RANGE (CO-RESTRICT (CDR S) X)))
(TERMP F (RANGE S)))
(TERMP F (RANGE (CO-RESTRICT S X)))).
This simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
unfolding NOT, AND, and CO-RESTRICT, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(TERMP F (RANGE S)))
(TERMP F (RANGE (CO-RESTRICT S X)))),
which simplifies, applying RANGE-NLISTP, and unfolding TERMP, CO-RESTRICT,
and RANGE, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-RANGE-CO-RESTRICT
(PROVE-LEMMA MEMBER-PRESERVES-DISJOINT-ALL-VARS-LEMMA NIL
(IMPLIES (AND (DISJOINT Y (ALL-VARS F X))
(MEMBER G X))
(DISJOINT Y (ALL-VARS T G)))
((INDUCT (MEMBER G X))))
This conjecture can be simplified, using the abbreviations IMPLIES, NLISTP,
NOT, OR, and AND, to three new formulas:
Case 3. (IMPLIES (AND (NOT (LISTP X))
(DISJOINT Y (ALL-VARS F X))
(MEMBER G X))
(DISJOINT Y (ALL-VARS T G))),
which simplifies, applying MEMBER-NLISTP, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL G (CAR X))
(DISJOINT Y (ALL-VARS F X))
(MEMBER G X))
(DISJOINT Y (ALL-VARS T G))).
This simplifies, trivially, to:
(IMPLIES (AND (LISTP X)
(DISJOINT Y (ALL-VARS F X))
(MEMBER (CAR X) X))
(DISJOINT Y (ALL-VARS T (CAR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We thus obtain:
(IMPLIES (AND (DISJOINT Y (ALL-VARS F (CONS Z V)))
(MEMBER Z (CONS Z V)))
(DISJOINT Y (ALL-VARS T Z))),
which further simplifies, applying ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, to:
T.
Case 1. (IMPLIES (AND (LISTP X)
(NOT (EQUAL G (CAR X)))
(IMPLIES (AND (DISJOINT Y (ALL-VARS F (CDR X)))
(MEMBER G (CDR X)))
(DISJOINT Y (ALL-VARS T G)))
(DISJOINT Y (ALL-VARS F X))
(MEMBER G X))
(DISJOINT Y (ALL-VARS T G))).
This simplifies, expanding AND and IMPLIES, to the following two new
conjectures:
Case 1.2.
(IMPLIES (AND (LISTP X)
(NOT (EQUAL G (CAR X)))
(NOT (DISJOINT Y (ALL-VARS F (CDR X))))
(DISJOINT Y (ALL-VARS F X))
(MEMBER G X))
(DISJOINT Y (ALL-VARS T G))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). We must thus prove:
(IMPLIES (AND (NOT (EQUAL G Z))
(NOT (DISJOINT Y (ALL-VARS F V)))
(DISJOINT Y (ALL-VARS F (CONS Z V)))
(MEMBER G (CONS Z V)))
(DISJOINT Y (ALL-VARS T G))).
This further simplifies, applying the lemmas ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, to:
T.
Case 1.1.
(IMPLIES (AND (LISTP X)
(NOT (EQUAL G (CAR X)))
(NOT (MEMBER G (CDR X)))
(DISJOINT Y (ALL-VARS F X))
(MEMBER G X))
(DISJOINT Y (ALL-VARS T G))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove:
(IMPLIES (AND (NOT (EQUAL G Z))
(NOT (MEMBER G V))
(DISJOINT Y (ALL-VARS F (CONS Z V)))
(MEMBER G (CONS Z V)))
(DISJOINT Y (ALL-VARS T G))),
which further simplifies, applying ALL-VARS-LIST-CONS,
DISJOINT-APPEND-RIGHT, and MEMBER-CONS, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-PRESERVES-DISJOINT-ALL-VARS-LEMMA
(PROVE-LEMMA MEMBER-PRESERVES-DISJOINT-ALL-VARS
(REWRITE)
(IMPLIES (AND FLG
(DISJOINT Y (ALL-VARS F X))
(MEMBER G X))
(DISJOINT Y (ALL-VARS FLG G)))
((USE (MEMBER-PRESERVES-DISJOINT-ALL-VARS-LEMMA)
(ALL-VARS-FLG-BOOLEAN (X G)))))
WARNING: Note that MEMBER-PRESERVES-DISJOINT-ALL-VARS contains the free
variable X which will be chosen by instantiating the hypothesis:
(DISJOINT Y (ALL-VARS F X)).
This simplifies, rewriting with SUBSETP-REFLEXIVITY and MEMBER-SUBSETP, and
opening up the definitions of AND and IMPLIES, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-PRESERVES-DISJOINT-ALL-VARS
(PROVE-LEMMA MEMBER-ALL-VARS-SUBSETP
(REWRITE)
(IMPLIES (AND FLG (MEMBER A X))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F X)))
((ENABLE MEMBER)))
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (NLISTP X) (p FLG A X))
(IMPLIES (AND (NOT (NLISTP X))
(EQUAL A (CAR X)))
(p FLG A X))
(IMPLIES (AND (NOT (NLISTP X))
(NOT (EQUAL A (CAR X)))
(p FLG A (CDR X)))
(p FLG A X))).
Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of
NLISTP can be used to show that the measure (COUNT X) decreases according to
the well-founded relation LESSP in each induction step of the scheme. The
above induction scheme generates the following four new conjectures:
Case 4. (IMPLIES (AND (NLISTP X) FLG (MEMBER A X))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F X))).
This simplifies, appealing to the lemma MEMBER-NLISTP, and expanding the
function NLISTP, to:
T.
Case 3. (IMPLIES (AND (NOT (NLISTP X))
(EQUAL A (CAR X))
FLG
(MEMBER A X))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F X))).
This simplifies, expanding the definitions of NLISTP and MEMBER, to:
(IMPLIES (AND (LISTP X) FLG)
(SUBSETP (ALL-VARS FLG (CAR X))
(ALL-VARS F X))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate
(CAR X) and (CDR X). We would thus like to prove the new conjecture:
(IMPLIES FLG
(SUBSETP (ALL-VARS FLG Z)
(ALL-VARS F (CONS Z V)))),
which further simplifies, rewriting with the lemmas ALL-VARS-LIST-CONS and
ALL-VARS-SUBSETP-APPEND-HACK, to:
T.
Case 2. (IMPLIES (AND (NOT (NLISTP X))
(NOT (EQUAL A (CAR X)))
(NOT (MEMBER A (CDR X)))
FLG
(MEMBER A X))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F X))),
which simplifies, unfolding the functions NLISTP and MEMBER, to:
T.
Case 1. (IMPLIES (AND (NOT (NLISTP X))
(NOT (EQUAL A (CAR X)))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F (CDR X)))
FLG
(MEMBER A X))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F X))),
which simplifies, unfolding the functions NLISTP and MEMBER, to:
(IMPLIES (AND (LISTP X)
(NOT (EQUAL A (CAR X)))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F (CDR X)))
FLG
(MEMBER A (CDR X)))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F X))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to
eliminate (CAR X) and (CDR X). We must thus prove:
(IMPLIES (AND (NOT (EQUAL A Z))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F V))
FLG
(MEMBER A V))
(SUBSETP (ALL-VARS FLG A)
(ALL-VARS F (CONS Z V)))).
This further simplifies, applying ALL-VARS-LIST-CONS, SUBSETP-IS-TRANSITIVE,
SUBSETP-REFLEXIVITY, and SUBSETP-OF-APPEND-SUFFICIENCY, and unfolding the
definition of OR, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
MEMBER-ALL-VARS-SUBSETP
(PROVE-LEMMA ALL-VARS-F-MONOTONE
(REWRITE)
(IMPLIES (SUBSETP X Y)
(SUBSETP (ALL-VARS F X)
(ALL-VARS F Y)))
((ENABLE SUBSETP ALL-VARS)))
Name the conjecture *1.
Perhaps we can prove it by induction. Three inductions are suggested by
terms in the conjecture. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X)
(p (CAR X) Y)
(p (CDR X) Y))
(p X Y))
(IMPLIES (NOT (LISTP X)) (p X Y))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to the
following five new conjectures:
Case 5. (IMPLIES (AND (LISTP X)
(NOT (SUBSETP (CAR X) Y))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (ALL-VARS F X)
(ALL-VARS F Y))).
This simplifies, opening up SUBSETP, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(SUBSETP (ALL-VARS F (CAR X))
(ALL-VARS F Y))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (ALL-VARS F X)
(ALL-VARS F Y))).
This simplifies, unfolding the definition of SUBSETP, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (SUBSETP (CAR X) Y))
(SUBSETP (ALL-VARS F (CDR X))
(ALL-VARS F Y))
(SUBSETP X Y))
(SUBSETP (ALL-VARS F X)
(ALL-VARS F Y))).
This simplifies, applying MEMBER-ALL-VARS-SUBSETP, SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, and SUBSETP-APPEND, and unfolding SUBSETP and
ALL-VARS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(SUBSETP (ALL-VARS F (CAR X))
(ALL-VARS F Y))
(SUBSETP (ALL-VARS F (CDR X))
(ALL-VARS F Y))
(SUBSETP X Y))
(SUBSETP (ALL-VARS F X)
(ALL-VARS F Y))),
which simplifies, applying the lemmas MEMBER-ALL-VARS-SUBSETP,
SUBSETP-REFLEXIVITY, SUBSETP-IS-TRANSITIVE, and SUBSETP-APPEND, and
expanding SUBSETP and ALL-VARS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SUBSETP X Y))
(SUBSETP (ALL-VARS F X)
(ALL-VARS F Y))),
which simplifies, applying SUBSETP-NLISTP, and opening up the function
ALL-VARS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-F-MONOTONE
(DEFN VAR-SUBSTP
(S)
(AND (MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S))))
Note that (OR (FALSEP (VAR-SUBSTP S)) (TRUEP (VAR-SUBSTP S))) is a
theorem.
[ 0.0 0.0 0.0 ]
VAR-SUBSTP
(DEFN SUBST
(FLG S X)
(IF FLG
(IF (MEMBER X (DOMAIN S))
(VALUE X S)
(IF (VARIABLEP X)
X
(IF (LISTP X)
(CONS (CAR X) (SUBST F S (CDR X)))
F)))
(IF (LISTP X)
(CONS (SUBST T S (CAR X))
(SUBST F S (CDR X)))
NIL)))
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that
the measure (COUNT X) decreases according to the well-founded relation LESSP
in each recursive call. Hence, SUBST is accepted under the principle of
definition.
[ 0.0 0.0 0.0 ]
SUBST
(DEFN APPLY-TO-SUBST
(S1 S2)
(IF (LISTP S2)
(IF (LISTP (CAR S2))
(CONS (CONS (CAAR S2)
(SUBST T S1 (CDAR S2)))
(APPLY-TO-SUBST S1 (CDR S2)))
(APPLY-TO-SUBST S1 (CDR S2)))
NIL))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT S2) decreases according to the well-founded relation LESSP in each
recursive call. Hence, APPLY-TO-SUBST is accepted under the definitional
principle. From the definition we can conclude that:
(OR (LITATOM (APPLY-TO-SUBST S1 S2))
(LISTP (APPLY-TO-SUBST S1 S2)))
is a theorem.
[ 0.0 0.0 0.0 ]
APPLY-TO-SUBST
(DEFN COMPOSE
(S1 S2)
(APPEND (APPLY-TO-SUBST S2 S1) S2))
Observe that (OR (LISTP (COMPOSE S1 S2)) (EQUAL (COMPOSE S1 S2) S2)) is a
theorem.
[ 0.0 0.0 0.0 ]
COMPOSE
(PROVE-LEMMA SUBST-LIST-CONS
(REWRITE)
(EQUAL (SUBST F S (CONS A X))
(CONS (SUBST T S A) (SUBST F S X))))
This conjecture simplifies, applying CDR-CONS and CAR-CONS, and opening up the
definition of SUBST, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBST-LIST-CONS
(PROVE-LEMMA SUBST-LIST-NLISTP
(REWRITE)
(IMPLIES (NLISTP X)
(EQUAL (SUBST F S X) NIL)))
This conjecture can be simplified, using the abbreviations NLISTP and IMPLIES,
to:
(IMPLIES (NOT (LISTP X))
(EQUAL (SUBST F S X) NIL)).
This simplifies, expanding SUBST and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBST-LIST-NLISTP
(PROVE-LEMMA SUBST-T-VARIABLEP
(REWRITE)
(IMPLIES (AND FLG (VARIABLEP X))
(EQUAL (SUBST FLG S X)
(IF (MEMBER X (DOMAIN S))
(VALUE X S)
X))))
This conjecture simplifies, expanding the function SUBST, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBST-T-VARIABLEP
(PROVE-LEMMA SUBST-T-NON-VARIABLEP
(REWRITE)
(IMPLIES FLG
(EQUAL (SUBST FLG S (CONS FN X))
(IF (MEMBER (CONS FN X) (DOMAIN S))
(VALUE (CONS FN X) S)
(CONS FN (SUBST F S X)))))
((ENABLE SUBST)))
This simplifies, applying CDR-CONS, CAR-CONS, and VARIABLEP-INTRO, and
unfolding the function SUBST, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBST-T-NON-VARIABLEP
(PROVE-LEMMA ALL-VARS-SUBST-LEMMA
(REWRITE)
(IMPLIES (AND FLG (MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(ALL-VARS F (RANGE S))))
((ENABLE RANGE)))
Name the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p FLG X (CDR S)))
(p FLG X S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p FLG X (CDR S)))
(p FLG X S))
(IMPLIES (NOT (LISTP S))
(p FLG X S))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to the following five new
formulas:
Case 5. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER X (DOMAIN (CDR S))))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(ALL-VARS F (RANGE S)))).
This simplifies, applying the lemma ALL-VARS-LIST-CONS, and expanding the
function RANGE, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER X (DOMAIN (CDR S))))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(APPEND (ALL-VARS T (CDAR S))
(ALL-VARS F (RANGE (CDR S)))))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS Z V) to eliminate
(CAR S) and (CDR S) and Z by (CONS D W) to eliminate (CDR Z) and (CAR Z).
This produces:
(IMPLIES (AND (NOT (MEMBER X (DOMAIN V)))
FLG
(MEMBER X
(DOMAIN (CONS (CONS D W) V))))
(SUBSETP (ALL-VARS FLG
(VALUE X (CONS (CONS D W) V)))
(APPEND (ALL-VARS T W)
(ALL-VARS F (RANGE V))))),
which further simplifies, rewriting with the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, VALUE-CONS, and ALL-VARS-SUBSETP-APPEND-HACK, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(SUBSETP (ALL-VARS FLG (VALUE X (CDR S)))
(ALL-VARS F (RANGE (CDR S))))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(ALL-VARS F (RANGE S)))),
which simplifies, rewriting with the lemma ALL-VARS-LIST-CONS, and opening
up the function RANGE, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(SUBSETP (ALL-VARS FLG (VALUE X (CDR S)))
(ALL-VARS F (RANGE (CDR S))))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(APPEND (ALL-VARS T (CDAR S))
(ALL-VARS F (RANGE (CDR S)))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS D W) to eliminate (CDR Z) and
(CAR Z). We must thus prove:
(IMPLIES (AND (SUBSETP (ALL-VARS FLG (VALUE X V))
(ALL-VARS F (RANGE V)))
FLG
(MEMBER X
(DOMAIN (CONS (CONS D W) V))))
(SUBSETP (ALL-VARS FLG
(VALUE X (CONS (CONS D W) V)))
(APPEND (ALL-VARS T W)
(ALL-VARS F (RANGE V))))).
However this further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, VALUE-CONS, and ALL-VARS-SUBSETP-APPEND-HACK, to the
following two new formulas:
Case 4.2.
(IMPLIES (AND (SUBSETP (ALL-VARS FLG (VALUE X V))
(ALL-VARS F (RANGE V)))
FLG
(MEMBER X (DOMAIN V))
(NOT (EQUAL X D)))
(SUBSETP (ALL-VARS FLG (VALUE X V))
(APPEND (ALL-VARS T W)
(ALL-VARS F (RANGE V))))).
However this again simplifies, applying SUBSETP-IS-TRANSITIVE,
SUBSETP-REFLEXIVITY, ALL-VARS-F-MONOTONE, and
SUBSETP-OF-APPEND-SUFFICIENCY, and opening up the definition of OR, to:
T.
Case 4.1.
(IMPLIES (AND (SUBSETP (ALL-VARS FLG (VALUE X V))
(ALL-VARS F (RANGE V)))
FLG
(MEMBER X (DOMAIN V))
(EQUAL X D))
(SUBSETP (ALL-VARS FLG W)
(APPEND (ALL-VARS T W)
(ALL-VARS F (RANGE V))))).
But this again simplifies, applying ALL-VARS-SUBSETP-APPEND-HACK, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER X (DOMAIN (CDR S))))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(ALL-VARS F (RANGE S)))).
This simplifies, opening up RANGE, to:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER X (DOMAIN (CDR S))))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(ALL-VARS F (RANGE (CDR S))))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS Z V) to eliminate
(CAR S) and (CDR S). This produces the new goal:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (MEMBER X (DOMAIN V)))
FLG
(MEMBER X (DOMAIN (CONS Z V))))
(SUBSETP (ALL-VARS FLG (VALUE X (CONS Z V)))
(ALL-VARS F (RANGE V)))),
which further simplifies, applying the lemma DOMAIN-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(SUBSETP (ALL-VARS FLG (VALUE X (CDR S)))
(ALL-VARS F (RANGE (CDR S))))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(ALL-VARS F (RANGE S)))),
which simplifies, expanding RANGE, to:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(SUBSETP (ALL-VARS FLG (VALUE X (CDR S)))
(ALL-VARS F (RANGE (CDR S))))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(ALL-VARS F (RANGE (CDR S))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). We must thus prove:
(IMPLIES (AND (NOT (LISTP Z))
(SUBSETP (ALL-VARS FLG (VALUE X V))
(ALL-VARS F (RANGE V)))
FLG
(MEMBER X (DOMAIN (CONS Z V))))
(SUBSETP (ALL-VARS FLG (VALUE X (CONS Z V)))
(ALL-VARS F (RANGE V)))).
This further simplifies, rewriting with DOMAIN-CONS, VALUE-CONS,
ALL-VARS-F-MONOTONE, SUBSETP-REFLEXIVITY, and SUBSETP-IS-TRANSITIVE, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
FLG
(MEMBER X (DOMAIN S)))
(SUBSETP (ALL-VARS FLG (VALUE X S))
(ALL-VARS F (RANGE S)))).
This simplifies, rewriting with DOMAIN-NLISTP and MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-SUBST-LEMMA
(PROVE-LEMMA ALL-VARS-SUBST
(REWRITE)
(IMPLIES (TERMP FLG X)
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S)))))
((ENABLE TERMP)))
Call the conjecture *1.
We will appeal to induction. Two inductions are suggested by terms in
the conjecture. However, they merge into one likely candidate induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND FLG (MEMBER X (DOMAIN S)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(p F S (CDR X)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p F S (CDR X))
(p T S (CAR X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p FLG S X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. Note, however, the inductive instances
chosen for FLG. The above induction scheme leads to the following ten new
conjectures:
Case 10.(IMPLIES (AND FLG
(MEMBER X (DOMAIN S))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))).
This simplifies, rewriting with SUBSETP-DOMAIN, SUBSETP-REFLEXIVITY,
MEMBER-SUBSETP, SUBST-T-VARIABLEP, ALL-VARS-VARIABLEP, CDR-CONS, CAR-CONS,
ALL-VARS-SUBST-LEMMA, SUBSETP-CONS-2, and SUBSETP-OF-APPEND-SUFFICIENCY, and
opening up the functions TERMP, APPEND, LISTP, SUBST, and OR, to:
T.
Case 9. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X)
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))),
which simplifies, rewriting with SUBST-T-VARIABLEP, ALL-VARS-VARIABLEP,
CDR-CONS, CAR-CONS, MEMBER-CONS, MEMBER-NLISTP, SUBSETP-NLISTP,
SUBSETP-CONS-NOT-MEMBER, and SUBSETP-CONS-1, and opening up the definitions
of TERMP, APPEND, and LISTP, to:
T.
Case 8. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))).
This simplifies, appealing to the lemma VARIABLEP-INTRO, and unfolding TERMP,
to:
T.
Case 7. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(SUBSETP (ALL-VARS F (SUBST F S (CDR X)))
(APPEND (ALL-VARS F (CDR X))
(ALL-VARS F (RANGE S))))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))).
This simplifies, applying VARIABLEP-INTRO and ALL-VARS-T-CONS, and expanding
the definitions of TERMP and SUBST, to the conjecture:
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(LISTP X)
(SUBSETP (ALL-VARS F (SUBST F S (CDR X)))
(APPEND (ALL-VARS F (CDR X))
(ALL-VARS F (RANGE S))))
(FUNCTION-SYMBOL-P (CAR X))
(TERMP F (CDR X)))
(SUBSETP (ALL-VARS F (SUBST F S (CDR X)))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND FLG
(NOT (MEMBER (CONS V Z) (DOMAIN S)))
(SUBSETP (ALL-VARS F (SUBST F S Z))
(APPEND (ALL-VARS F Z)
(ALL-VARS F (RANGE S))))
(FUNCTION-SYMBOL-P V)
(TERMP F Z))
(SUBSETP (ALL-VARS F (SUBST F S Z))
(APPEND (ALL-VARS FLG (CONS V Z))
(ALL-VARS F (RANGE S))))).
This further simplifies, applying ALL-VARS-T-CONS, SUBSETP-APPEND,
SUBSETP-OF-APPEND-SUFFICIENCY, SUBSETP-REFLEXIVITY, ALL-VARS-F-MONOTONE, and
SUBSETP-IS-TRANSITIVE, and opening up the function OR, to:
T.
Case 6. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))).
This simplifies, applying TERMP-T-NLISTP, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))),
which simplifies, opening up the function TERMP, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP X)
(SUBSETP (ALL-VARS F (SUBST F S (CDR X)))
(APPEND (ALL-VARS F (CDR X))
(ALL-VARS F (RANGE S))))
(NOT (TERMP T (CAR X)))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))),
which simplifies, expanding TERMP, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(SUBSETP (ALL-VARS T (SUBST T S (CAR X)))
(APPEND (ALL-VARS T (CAR X))
(ALL-VARS F (RANGE S))))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))),
which simplifies, expanding the definition of TERMP, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(SUBSETP (ALL-VARS F (SUBST F S (CDR X)))
(APPEND (ALL-VARS F (CDR X))
(ALL-VARS F (RANGE S))))
(SUBSETP (ALL-VARS T (SUBST T S (CAR X)))
(APPEND (ALL-VARS T (CAR X))
(ALL-VARS F (RANGE S))))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))),
which simplifies, applying ALL-VARS-LIST-CONS, SUBSETP-APPEND,
SUBSETP-REFLEXIVITY, SUBSETP-OF-APPEND-SUFFICIENCY, CDR-SUBSETP,
ALL-VARS-F-MONOTONE, and SUBSETP-IS-TRANSITIVE, and expanding TERMP, SUBST,
and OR, to:
(IMPLIES (AND (LISTP X)
(SUBSETP (ALL-VARS F (SUBST F S (CDR X)))
(APPEND (ALL-VARS F (CDR X))
(ALL-VARS F (RANGE S))))
(SUBSETP (ALL-VARS T (SUBST T S (CAR X)))
(APPEND (ALL-VARS T (CAR X))
(ALL-VARS F (RANGE S))))
(TERMP T (CAR X))
(TERMP F (CDR X)))
(SUBSETP (ALL-VARS T (SUBST T S (CAR X)))
(APPEND (ALL-VARS F X)
(ALL-VARS F (RANGE S))))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new conjecture:
(IMPLIES (AND (SUBSETP (ALL-VARS F (SUBST F S Z))
(APPEND (ALL-VARS F Z)
(ALL-VARS F (RANGE S))))
(SUBSETP (ALL-VARS T (SUBST T S V))
(APPEND (ALL-VARS T V)
(ALL-VARS F (RANGE S))))
(TERMP T V)
(TERMP F Z))
(SUBSETP (ALL-VARS T (SUBST T S V))
(APPEND (ALL-VARS F (CONS V Z))
(ALL-VARS F (RANGE S))))),
which further simplifies, rewriting with ALL-VARS-LIST-CONS, APPEND-ASSOC,
SUBSETP-APPEND, ALL-VARS-F-MONOTONE, SUBSETP-REFLEXIVITY,
SUBSETP-OF-APPEND-SUFFICIENCY, ALL-VARS-SUBSETP-APPEND-HACK, and
SUBSETP-IS-TRANSITIVE, and opening up the function OR, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP X))
(TERMP FLG X))
(SUBSETP (ALL-VARS FLG (SUBST FLG S X))
(APPEND (ALL-VARS FLG X)
(ALL-VARS F (RANGE S))))).
This simplifies, rewriting with TERMP-LIST-NLISTP, SUBST-LIST-NLISTP, and
SUBSETP-NLISTP, and opening up the definitions of ALL-VARS, LISTP, and
APPEND, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.3 ]
ALL-VARS-SUBST
(PROVE-LEMMA SUBST-OCCUR
(REWRITE)
(IMPLIES (AND FLG (MEMBER X (DOMAIN S)))
(EQUAL (SUBST FLG S X) (VALUE X S))))
This simplifies, rewriting with MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, and
SUBSETP-DOMAIN, and opening up SUBST, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBST-OCCUR
(PROVE-LEMMA BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP
(REWRITE)
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN S))
(NOT (VARIABLEP A)))
(NOT (MEMBER A (DOMAIN S))))
((INDUCT (DOMAIN S))))
This conjecture can be simplified, using the abbreviations IMPLIES, NOT, OR,
and AND, to three new formulas:
Case 3. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN (CDR S)))
(NOT (VARIABLEP A)))
(NOT (MEMBER A (DOMAIN (CDR S)))))
(VARIABLE-LISTP (DOMAIN S))
(NOT (VARIABLEP A)))
(NOT (MEMBER A (DOMAIN S)))),
which simplifies, applying MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, and
opening up NOT, AND, and IMPLIES, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN (CDR S)))
(NOT (VARIABLEP A)))
(NOT (MEMBER A (DOMAIN (CDR S)))))
(VARIABLE-LISTP (DOMAIN S))
(NOT (VARIABLEP A)))
(NOT (MEMBER A (DOMAIN S)))).
This simplifies, rewriting with MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, and
expanding the functions NOT, AND, and IMPLIES, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(VARIABLE-LISTP (DOMAIN S))
(NOT (VARIABLEP A)))
(NOT (MEMBER A (DOMAIN S)))),
which simplifies, applying DOMAIN-NLISTP and MEMBER-NLISTP, and opening up
the function VARIABLE-LISTP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP
(PROVE-LEMMA VARIABLEP-VALUE-INVERT
(REWRITE)
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S))))
((INDUCT (RANGE S))))
This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and
AND, to the following three new formulas:
Case 3. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN (CDR S)))
(MEMBER X (RANGE (CDR S))))
(VARIABLEP (VALUE X (INVERT (CDR S)))))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))).
This simplifies, expanding AND and IMPLIES, to the following three new goals:
Case 3.3.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (VARIABLE-LISTP (DOMAIN (CDR S))))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). This generates:
(IMPLIES (AND (LISTP Z)
(NOT (VARIABLE-LISTP (DOMAIN V)))
(VARIABLE-LISTP (DOMAIN (CONS Z V)))
(MEMBER X (RANGE (CONS Z V))))
(VARIABLEP (VALUE X (INVERT (CONS Z V))))).
However this further simplifies, applying the lemmas DOMAIN-CONS and
VARIABLE-LISTP-CONS, to:
T.
Case 3.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER X (RANGE (CDR S))))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS Z V) to eliminate
(CAR S) and (CDR S). We would thus like to prove the new conjecture:
(IMPLIES (AND (LISTP Z)
(NOT (MEMBER X (RANGE V)))
(VARIABLE-LISTP (DOMAIN (CONS Z V)))
(MEMBER X (RANGE (CONS Z V))))
(VARIABLEP (VALUE X (INVERT (CONS Z V))))),
which further simplifies, applying DOMAIN-CONS, VARIABLE-LISTP-CONS,
RANGE-CONS, MEMBER-CONS, INVERT-CONS, CAR-CONS, CDR-CONS, and VALUE-CONS,
to:
T.
Case 3.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(VARIABLEP (VALUE X (INVERT (CDR S))))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). The result is:
(IMPLIES (AND (LISTP Z)
(VARIABLEP (VALUE X (INVERT V)))
(VARIABLE-LISTP (DOMAIN (CONS Z V)))
(MEMBER X (RANGE (CONS Z V))))
(VARIABLEP (VALUE X (INVERT (CONS Z V))))).
This further simplifies, rewriting with the lemmas DOMAIN-CONS,
VARIABLE-LISTP-CONS, RANGE-CONS, MEMBER-CONS, INVERT-CONS, CAR-CONS,
CDR-CONS, and VALUE-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN (CDR S)))
(MEMBER X (RANGE (CDR S))))
(VARIABLEP (VALUE X (INVERT (CDR S)))))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))),
which simplifies, expanding AND and IMPLIES, to three new conjectures:
Case 2.3.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (VARIABLE-LISTP (DOMAIN (CDR S))))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS Z V) to eliminate
(CAR S) and (CDR S). We thus obtain:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (VARIABLE-LISTP (DOMAIN V)))
(VARIABLE-LISTP (DOMAIN (CONS Z V)))
(MEMBER X (RANGE (CONS Z V))))
(VARIABLEP (VALUE X (INVERT (CONS Z V))))),
which further simplifies, rewriting with DOMAIN-CONS, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER X (RANGE (CDR S))))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). The result is the formula:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (MEMBER X (RANGE V)))
(VARIABLE-LISTP (DOMAIN (CONS Z V)))
(MEMBER X (RANGE (CONS Z V))))
(VARIABLEP (VALUE X (INVERT (CONS Z V))))).
This further simplifies, rewriting with DOMAIN-CONS and RANGE-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(VARIABLEP (VALUE X (INVERT (CDR S))))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). The result is the formula:
(IMPLIES (AND (NOT (LISTP Z))
(VARIABLEP (VALUE X (INVERT V)))
(VARIABLE-LISTP (DOMAIN (CONS Z V)))
(MEMBER X (RANGE (CONS Z V))))
(VARIABLEP (VALUE X (INVERT (CONS Z V))))).
However this further simplifies, applying DOMAIN-CONS, RANGE-CONS, and
INVERT-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(VARIABLE-LISTP (DOMAIN S))
(MEMBER X (RANGE S)))
(VARIABLEP (VALUE X (INVERT S)))).
This simplifies, appealing to the lemmas DOMAIN-NLISTP, RANGE-NLISTP, and
MEMBER-NLISTP, and opening up the definition of VARIABLE-LISTP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLEP-VALUE-INVERT
(PROVE-LEMMA SUBST-INVERT
(REWRITE)
(IMPLIES (AND (TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(VAR-SUBSTP S))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X))
((ENABLE TERMP)))
This formula can be simplified, using the abbreviations VAR-SUBSTP, AND, and
IMPLIES, to:
(IMPLIES (AND (TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)),
which we will name *1.
We will appeal to induction. Two inductions are suggested by terms in
the conjecture. However, they merge into one likely candidate induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND FLG
(MEMBER X (DOMAIN (INVERT S))))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN (INVERT S))))
(VARIABLEP X))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN (INVERT S))))
(NOT (VARIABLEP X))
(LISTP X)
(p F S (CDR X)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN (INVERT S))))
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p F S (CDR X))
(p T S (CAR X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p FLG S X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. Note, however, the inductive instances
chosen for FLG. The above induction scheme produces the following 16 new
conjectures:
Case 16.(IMPLIES (AND FLG
(MEMBER X (DOMAIN (INVERT S)))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, rewriting with the lemmas DOMAIN-INVERT, ALL-VARS-VARIABLEP,
DISJOINT-DOMAIN-SINGLETON, MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, SUBST-OCCUR,
BOUNDP-VALUE-INVERT, and VALUE-VALUE-INVERT, and expanding the definition of
TERMP, to:
T.
Case 15.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN (INVERT S))))
(VARIABLEP X)
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, rewriting with the lemmas DOMAIN-INVERT, ALL-VARS-VARIABLEP,
DISJOINT-DOMAIN-SINGLETON, and SUBST-T-VARIABLEP, and opening up the
definition of TERMP, to:
T.
Case 14.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN (INVERT S))))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, applying DOMAIN-INVERT and VARIABLEP-INTRO, and expanding
TERMP, to:
T.
Case 13.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN (INVERT S))))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)),
which simplifies, rewriting with DOMAIN-INVERT, VARIABLEP-INTRO,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, SUBST-T-NON-VARIABLEP, CAR-CONS, and
CDR-CONS, and opening up the definitions of TERMP and SUBST, to:
(IMPLIES (AND FLG
(NOT (MEMBER X (RANGE S)))
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(FUNCTION-SYMBOL-P (CAR X))
(TERMP F (CDR X))
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (CONS (CAR X)
(SUBST F S
(SUBST F (INVERT S) (CDR X))))
X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND FLG
(NOT (MEMBER (CONS V Z) (RANGE S)))
(NOT (DISJOINT (DOMAIN S) (ALL-VARS F Z)))
(FUNCTION-SYMBOL-P V)
(TERMP F Z)
(DISJOINT (DOMAIN S)
(ALL-VARS FLG (CONS V Z)))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (CONS V
(SUBST F S (SUBST F (INVERT S) Z)))
(CONS V Z))),
which further simplifies, rewriting with the lemma ALL-VARS-T-CONS, to:
T.
Case 12.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN (INVERT S))))
(NOT (VARIABLEP X))
(LISTP X)
(EQUAL (SUBST F S
(SUBST F (INVERT S) (CDR X)))
(CDR X))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)),
which simplifies, applying DOMAIN-INVERT, VARIABLEP-INTRO,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, CONS-CAR-CDR, and
SUBST-T-NON-VARIABLEP, and unfolding the definitions of TERMP and SUBST, to:
T.
Case 11.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN (INVERT S))))
(NOT (VARIABLEP X))
(NOT (LISTP X))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, applying the lemmas DOMAIN-INVERT and TERMP-T-NLISTP, to:
T.
Case 10.(IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, unfolding the definition of TERMP, to:
T.
Case 9. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, unfolding the definition of TERMP, to:
T.
Case 8. (IMPLIES (AND (NOT FLG)
(LISTP X)
(EQUAL (SUBST F S
(SUBST F (INVERT S) (CDR X)))
(CDR X))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, unfolding the function TERMP, to:
T.
Case 7. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, expanding the function TERMP, to:
T.
Case 6. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, rewriting with SUBST-LIST-CONS and CAR-CONS, and opening up
TERMP and SUBST, to:
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP T (CAR X))
(TERMP F (CDR X))
(DISJOINT (DOMAIN S) (ALL-VARS F X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (CONS (SUBST T S
(SUBST T (INVERT S) (CAR X)))
(SUBST F S
(SUBST F (INVERT S) (CDR X))))
X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S) (ALL-VARS F Z)))
(NOT (DISJOINT (DOMAIN S) (ALL-VARS T V)))
(TERMP T V)
(TERMP F Z)
(DISJOINT (DOMAIN S)
(ALL-VARS F (CONS V Z)))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (CONS (SUBST T S (SUBST T (INVERT S) V))
(SUBST F S (SUBST F (INVERT S) Z)))
(CONS V Z))).
However this further simplifies, applying MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP X)
(EQUAL (SUBST F S
(SUBST F (INVERT S) (CDR X)))
(CDR X))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, rewriting with SUBST-LIST-CONS and CAR-CONS, and unfolding
TERMP and SUBST, to the conjecture:
(IMPLIES (AND (LISTP X)
(EQUAL (SUBST F S
(SUBST F (INVERT S) (CDR X)))
(CDR X))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP T (CAR X))
(TERMP F (CDR X))
(DISJOINT (DOMAIN S) (ALL-VARS F X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (CONS (SUBST T S
(SUBST T (INVERT S) (CAR X)))
(CDR X))
X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove the goal:
(IMPLIES (AND (EQUAL (SUBST F S (SUBST F (INVERT S) Z))
Z)
(NOT (DISJOINT (DOMAIN S) (ALL-VARS T V)))
(TERMP T V)
(TERMP F Z)
(DISJOINT (DOMAIN S)
(ALL-VARS F (CONS V Z)))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (CONS (SUBST T S (SUBST T (INVERT S) V))
Z)
(CONS V Z))).
This further simplifies, applying MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(EQUAL (SUBST T S
(SUBST T (INVERT S) (CAR X)))
(CAR X))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, opening up the definition of TERMP, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(EQUAL (SUBST T S
(SUBST T (INVERT S) (CAR X)))
(CAR X))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, rewriting with SUBST-LIST-CONS, CAR-CONS, and CDR-CONS, and
unfolding the functions TERMP and SUBST, to:
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(EQUAL (SUBST T S
(SUBST T (INVERT S) (CAR X)))
(CAR X))
(TERMP T (CAR X))
(TERMP F (CDR X))
(DISJOINT (DOMAIN S) (ALL-VARS F X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (CONS (CAR X)
(SUBST F S
(SUBST F (INVERT S) (CDR X))))
X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). The result is:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S) (ALL-VARS F Z)))
(EQUAL (SUBST T S (SUBST T (INVERT S) V))
V)
(TERMP T V)
(TERMP F Z)
(DISJOINT (DOMAIN S)
(ALL-VARS F (CONS V Z)))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (CONS V
(SUBST F S (SUBST F (INVERT S) Z)))
(CONS V Z))).
However this further simplifies, applying ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(EQUAL (SUBST F S
(SUBST F (INVERT S) (CDR X)))
(CDR X))
(EQUAL (SUBST T S
(SUBST T (INVERT S) (CAR X)))
(CAR X))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, appealing to the lemmas CONS-CAR-CDR and SUBST-LIST-CONS,
and unfolding the definitions of TERMP and SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP X))
(TERMP FLG X)
(DISJOINT (DOMAIN S) (ALL-VARS FLG X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(EQUAL (SUBST FLG S (SUBST FLG (INVERT S) X))
X)).
This simplifies, appealing to the lemmas TERMP-LIST-NLISTP, DISJOINT-NLISTP,
DISJOINT-SYMMETRY, and SUBST-LIST-NLISTP, and unfolding the definitions of
ALL-VARS, OR, NLISTP, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
SUBST-INVERT
(PROVE-LEMMA BOUNDP-APPLY-TO-SUBST
(REWRITE)
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 S2)))
(MEMBER X (DOMAIN S2))))
Name the conjecture *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(p X S1 (CDR S2)))
(p X S1 S2))
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(p X S1 (CDR S2)))
(p X S1 S2))
(IMPLIES (NOT (LISTP S2))
(p X S1 S2))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT S2) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to the
following three new goals:
Case 3. (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 (CDR S2))))
(MEMBER X (DOMAIN (CDR S2)))))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 S2)))
(MEMBER X (DOMAIN S2)))).
This simplifies, applying CAR-CONS, DOMAIN-CONS, and MEMBER-CONS, and
expanding the function APPLY-TO-SUBST, to two new formulas:
Case 3.2.
(IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 (CDR S2))))
(MEMBER X (DOMAIN (CDR S2))))
(NOT (EQUAL X (CAAR S2))))
(EQUAL (MEMBER X (DOMAIN (CDR S2)))
(MEMBER X (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS Z V) to eliminate
(CAR S2) and (CDR S2) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We thus obtain:
(IMPLIES (AND (EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 V)))
(MEMBER X (DOMAIN V)))
(NOT (EQUAL X W)))
(EQUAL (MEMBER X (DOMAIN V))
(MEMBER X
(DOMAIN (CONS (CONS W D) V))))),
which further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS, and
MEMBER-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 (CDR S2))))
(MEMBER X (DOMAIN (CDR S2))))
(EQUAL X (CAAR S2)))
(EQUAL T (MEMBER X (DOMAIN S2)))),
which again simplifies, obviously, to:
(IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(EQUAL (MEMBER (CAAR S2)
(DOMAIN (APPLY-TO-SUBST S1 (CDR S2))))
(MEMBER (CAAR S2) (DOMAIN (CDR S2)))))
(MEMBER (CAAR S2) (DOMAIN S2))).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS Z V) to eliminate
(CAR S2) and (CDR S2) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We thus obtain:
(IMPLIES (EQUAL (MEMBER W
(DOMAIN (APPLY-TO-SUBST S1 V)))
(MEMBER W (DOMAIN V)))
(MEMBER W
(DOMAIN (CONS (CONS W D) V)))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS, and
MEMBER-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 (CDR S2))))
(MEMBER X (DOMAIN (CDR S2)))))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 S2)))
(MEMBER X (DOMAIN S2)))).
This simplifies, unfolding APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 (CDR S2))))
(MEMBER X (DOMAIN (CDR S2)))))
(EQUAL (MEMBER X (DOMAIN (CDR S2)))
(MEMBER X (DOMAIN S2)))).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS Z V) to eliminate
(CAR S2) and (CDR S2). We would thus like to prove:
(IMPLIES (AND (NOT (LISTP Z))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 V)))
(MEMBER X (DOMAIN V))))
(EQUAL (MEMBER X (DOMAIN V))
(MEMBER X (DOMAIN (CONS Z V))))),
which further simplifies, applying the lemma DOMAIN-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP S2))
(EQUAL (MEMBER X
(DOMAIN (APPLY-TO-SUBST S1 S2)))
(MEMBER X (DOMAIN S2)))),
which simplifies, rewriting with MEMBER-NLISTP and DOMAIN-NLISTP, and
unfolding APPLY-TO-SUBST, DOMAIN, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
BOUNDP-APPLY-TO-SUBST
(PROVE-LEMMA MAPPING-APPLY-TO-SUBST
(REWRITE)
(IMPLIES (MAPPING S)
(MAPPING (APPLY-TO-SUBST S1 S)))
((ENABLE MAPPING)))
This conjecture can be simplified, using the abbreviations MAPPING and IMPLIES,
to:
(IMPLIES (AND (ALISTP S) (SETP (DOMAIN S)))
(MAPPING (APPLY-TO-SUBST S1 S))).
This simplifies, unfolding the definition of MAPPING, to the following two new
formulas:
Case 2. (IMPLIES (AND (ALISTP S) (SETP (DOMAIN S)))
(ALISTP (APPLY-TO-SUBST S1 S))).
Name the above subgoal *1.
Case 1. (IMPLIES (AND (ALISTP S) (SETP (DOMAIN S)))
(SETP (DOMAIN (APPLY-TO-SUBST S1 S)))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(IMPLIES (MAPPING S)
(MAPPING (APPLY-TO-SUBST S1 S))),
which we named *1 above. We will appeal to induction. There is only one
plausible induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p S1 (CDR S)))
(p S1 S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p S1 (CDR S)))
(p S1 S))
(IMPLIES (NOT (LISTP S)) (p S1 S))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to the following five new
conjectures:
Case 5. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MAPPING (CDR S)))
(MAPPING S))
(MAPPING (APPLY-TO-SUBST S1 S))).
This simplifies, applying SETP-CONS, BOUNDP-APPLY-TO-SUBST, DOMAIN-CONS,
CAR-CONS, and ALISTP-CONS, and expanding MAPPING and APPLY-TO-SUBST, to six
new conjectures:
Case 5.6.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(SETP (DOMAIN S)))
(ALISTP (APPLY-TO-SUBST S1 (CDR S)))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). We thus obtain:
(IMPLIES (AND (LISTP X)
(NOT (ALISTP Z))
(ALISTP (CONS X Z))
(SETP (DOMAIN (CONS X Z))))
(ALISTP (APPLY-TO-SUBST S1 Z))),
which further simplifies, applying the lemma ALISTP-CONS, to:
T.
Case 5.5.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(SETP (DOMAIN S)))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
This produces the new goal:
(IMPLIES (AND (NOT (ALISTP Z))
(ALISTP (CONS (CONS V W) Z))
(SETP (DOMAIN (CONS (CONS V W) Z))))
(NOT (MEMBER V (DOMAIN Z)))),
which further simplifies, appealing to the lemma ALISTP-CONS, to:
T.
Case 5.4.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(SETP (DOMAIN S)))
(SETP (DOMAIN (APPLY-TO-SUBST S1 (CDR S))))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). We thus obtain:
(IMPLIES (AND (LISTP X)
(NOT (ALISTP Z))
(ALISTP (CONS X Z))
(SETP (DOMAIN (CONS X Z))))
(SETP (DOMAIN (APPLY-TO-SUBST S1 Z)))),
which further simplifies, applying ALISTP-CONS, to:
T.
Case 5.3.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(SETP (DOMAIN S)))
(ALISTP (APPLY-TO-SUBST S1 (CDR S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). This generates:
(IMPLIES (AND (LISTP X)
(NOT (SETP (DOMAIN Z)))
(ALISTP (CONS X Z))
(SETP (DOMAIN (CONS X Z))))
(ALISTP (APPLY-TO-SUBST S1 Z))).
This further simplifies, applying ALISTP-CONS, DOMAIN-CONS, and SETP-CONS,
to:
T.
Case 5.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(SETP (DOMAIN S)))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). The result is:
(IMPLIES (AND (NOT (SETP (DOMAIN Z)))
(ALISTP (CONS (CONS V W) Z))
(SETP (DOMAIN (CONS (CONS V W) Z))))
(NOT (MEMBER V (DOMAIN Z)))).
This further simplifies, appealing to the lemmas ALISTP-CONS, CAR-CONS,
DOMAIN-CONS, SUBSETP-DOMAIN, SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
SETP-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(SETP (DOMAIN S)))
(SETP (DOMAIN (APPLY-TO-SUBST S1 (CDR S))))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). We thus obtain:
(IMPLIES (AND (LISTP X)
(NOT (SETP (DOMAIN Z)))
(ALISTP (CONS X Z))
(SETP (DOMAIN (CONS X Z))))
(SETP (DOMAIN (APPLY-TO-SUBST S1 Z)))),
which further simplifies, appealing to the lemmas ALISTP-CONS, DOMAIN-CONS,
and SETP-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(MAPPING (APPLY-TO-SUBST S1 (CDR S)))
(MAPPING S))
(MAPPING (APPLY-TO-SUBST S1 S))),
which simplifies, appealing to the lemmas SETP-CONS, BOUNDP-APPLY-TO-SUBST,
DOMAIN-CONS, CAR-CONS, and ALISTP-CONS, and expanding the definitions of
MAPPING and APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(ALISTP (APPLY-TO-SUBST S1 (CDR S)))
(SETP (DOMAIN (APPLY-TO-SUBST S1 (CDR S))))
(ALISTP S)
(SETP (DOMAIN S)))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). We must thus prove:
(IMPLIES (AND (ALISTP (APPLY-TO-SUBST S1 Z))
(SETP (DOMAIN (APPLY-TO-SUBST S1 Z)))
(ALISTP (CONS (CONS V W) Z))
(SETP (DOMAIN (CONS (CONS V W) Z))))
(NOT (MEMBER V (DOMAIN Z)))).
However this further simplifies, rewriting with ALISTP-CONS, CAR-CONS,
DOMAIN-CONS, SUBSETP-DOMAIN, SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
SETP-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MAPPING (CDR S)))
(MAPPING S))
(MAPPING (APPLY-TO-SUBST S1 S))).
This simplifies, expanding the functions MAPPING and APPLY-TO-SUBST, to the
following four new formulas:
Case 3.4.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(SETP (DOMAIN S)))
(ALISTP (APPLY-TO-SUBST S1 (CDR S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove:
(IMPLIES (AND (NOT (LISTP X))
(NOT (ALISTP Z))
(ALISTP (CONS X Z))
(SETP (DOMAIN (CONS X Z))))
(ALISTP (APPLY-TO-SUBST S1 Z))).
However this further simplifies, appealing to the lemma ALISTP-CONS, to:
T.
Case 3.3.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(SETP (DOMAIN S)))
(SETP (DOMAIN (APPLY-TO-SUBST S1 (CDR S))))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). We would thus like to prove:
(IMPLIES (AND (NOT (LISTP X))
(NOT (ALISTP Z))
(ALISTP (CONS X Z))
(SETP (DOMAIN (CONS X Z))))
(SETP (DOMAIN (APPLY-TO-SUBST S1 Z)))),
which further simplifies, applying ALISTP-CONS, to:
T.
Case 3.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(SETP (DOMAIN S)))
(ALISTP (APPLY-TO-SUBST S1 (CDR S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). The result is:
(IMPLIES (AND (NOT (LISTP X))
(NOT (SETP (DOMAIN Z)))
(ALISTP (CONS X Z))
(SETP (DOMAIN (CONS X Z))))
(ALISTP (APPLY-TO-SUBST S1 Z))).
But this further simplifies, rewriting with ALISTP-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(SETP (DOMAIN S)))
(SETP (DOMAIN (APPLY-TO-SUBST S1 (CDR S))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). The result is:
(IMPLIES (AND (NOT (LISTP X))
(NOT (SETP (DOMAIN Z)))
(ALISTP (CONS X Z))
(SETP (DOMAIN (CONS X Z))))
(SETP (DOMAIN (APPLY-TO-SUBST S1 Z)))).
This further simplifies, applying the lemma ALISTP-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(MAPPING (APPLY-TO-SUBST S1 (CDR S)))
(MAPPING S))
(MAPPING (APPLY-TO-SUBST S1 S))),
which simplifies, unfolding MAPPING and APPLY-TO-SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S)) (MAPPING S))
(MAPPING (APPLY-TO-SUBST S1 S))),
which simplifies, applying ALISTP-NLISTP, and opening up SETP, DOMAIN,
MAPPING, LISTP, and APPLY-TO-SUBST, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.1 ]
MAPPING-APPLY-TO-SUBST
(PROVE-LEMMA ALISTP-APPLY-TO-SUBST
(REWRITE)
(ALISTP (APPLY-TO-SUBST S1 S2)))
Name the conjecture *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(p S1 (CDR S2)))
(p S1 S2))
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(p S1 (CDR S2)))
(p S1 S2))
(IMPLIES (NOT (LISTP S2)) (p S1 S2))).
Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure
(COUNT S2) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme leads to three new
goals:
Case 3. (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(ALISTP (APPLY-TO-SUBST S1 (CDR S2))))
(ALISTP (APPLY-TO-SUBST S1 S2))),
which simplifies, rewriting with ALISTP-CONS, and expanding the function
APPLY-TO-SUBST, to:
T.
Case 2. (IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(ALISTP (APPLY-TO-SUBST S1 (CDR S2))))
(ALISTP (APPLY-TO-SUBST S1 S2))).
This simplifies, unfolding the definition of APPLY-TO-SUBST, to:
T.
Case 1. (IMPLIES (NOT (LISTP S2))
(ALISTP (APPLY-TO-SUBST S1 S2))).
This simplifies, expanding APPLY-TO-SUBST and ALISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALISTP-APPLY-TO-SUBST
(PROVE-LEMMA SUBST-FLG-NOT-LIST
(REWRITE)
(IMPLIES FLG
(AND (EQUAL (EQUAL (SUBST FLG S X) (SUBST T S X))
T)
(EQUAL (EQUAL (SUBST T S X) (SUBST FLG S X))
T))))
WARNING: Note that the proposed lemma SUBST-FLG-NOT-LIST is to be stored as
zero type prescription rules, zero compound recognizer rules, zero linear
rules, and two replacement rules.
Give the conjecture the name *1.
We will try to prove it by induction. Two inductions are suggested by
terms in the conjecture. However, they merge into one likely candidate
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND FLG (MEMBER X (DOMAIN S)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(p F S (CDR X)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p T S (CAR X))
(p F S (CDR X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p FLG S X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. Note, however, the inductive instances
chosen for FLG. The above induction scheme leads to four new goals:
Case 4. (IMPLIES (AND (MEMBER X (DOMAIN S)) FLG)
(EQUAL (SUBST FLG S X)
(SUBST T S X))),
which simplifies, rewriting with SUBST-OCCUR, to:
T.
Case 3. (IMPLIES (AND (NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X)
FLG)
(EQUAL (SUBST FLG S X)
(SUBST T S X))).
This simplifies, applying SUBST-T-VARIABLEP, to:
T.
Case 2. (IMPLIES (AND (NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
FLG)
(EQUAL (SUBST FLG S X)
(SUBST T S X))),
which simplifies, applying VARIABLEP-INTRO, and opening up the definition of
SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X))
FLG)
(EQUAL (SUBST FLG S X)
(SUBST T S X))).
This simplifies, expanding the definitions of SUBST and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBST-FLG-NOT-LIST
(PROVE-LEMMA SUBST-CO-RESTRICT
(REWRITE)
(IMPLIES (AND (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))))
Name the conjecture *1.
We will appeal to induction. There are two plausible inductions.
However, they merge into one likely candidate induction. We will induct
according to the following scheme:
(AND (IMPLIES (AND FLG
(MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(p FLG S X TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(VARIABLEP TERM))
(p FLG S X TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(p F S X (CDR TERM)))
(p FLG S X TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(NOT (VARIABLEP TERM))
(NOT (LISTP TERM)))
(p FLG S X TERM))
(IMPLIES (AND (NOT FLG)
(LISTP TERM)
(p T S X (CAR TERM))
(p F S X (CDR TERM)))
(p FLG S X TERM))
(IMPLIES (AND (NOT FLG) (NOT (LISTP TERM)))
(p FLG S X TERM))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to show
that the measure (COUNT TERM) decreases according to the well-founded relation
LESSP in each induction step of the scheme. Note, however, the inductive
instances chosen for FLG. The above induction scheme generates 16 new
conjectures:
Case 16.(IMPLIES (AND FLG
(MEMBER TERM
(DOMAIN (CO-RESTRICT S X)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, appealing to the lemmas DOMAIN-CO-RESTRICT,
MEMBER-SET-DIFF, MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, ALL-VARS-VARIABLEP,
MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, SUBSETP-DOMAIN, VALUE-CO-RESTRICT, and
SUBST-OCCUR, to:
T.
Case 15.(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(VARIABLEP TERM)
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, applying the lemmas DOMAIN-CO-RESTRICT, MEMBER-SET-DIFF,
ALL-VARS-VARIABLEP, DISJOINT-DOMAIN-SINGLETON,
DISJOINT-IMPLIES-EMPTY-INTERSECTION, DISJOINT-NLISTP, DISJOINT-SYMMETRY, and
SUBST-T-VARIABLEP, and unfolding the definitions of OR and NLISTP, to:
(IMPLIES (AND FLG
(MEMBER TERM X)
(VARIABLEP TERM)
(DISJOINT X
(INTERSECTION (DOMAIN S) (LIST TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM)
(MEMBER TERM (DOMAIN S)))
(EQUAL TERM (VALUE TERM S))).
But this again simplifies, applying the lemmas
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, MEMBER-INTERSECTION, MEMBER-CONS,
MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, SUBSETP-DOMAIN, and DISJOINT-NON-MEMBER,
to:
T.
Case 14.(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, applying DOMAIN-CO-RESTRICT,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, MEMBER-SET-DIFF, VARIABLEP-INTRO,
CAR-CONS, CDR-CONS, and CONS-EQUAL, and opening up the definition of SUBST,
to the new formula:
(IMPLIES (AND FLG
(LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS V Z) to eliminate
(CDR TERM) and (CAR TERM). We thus obtain:
(IMPLIES (AND FLG
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F Z))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG (CONS V Z))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG (CONS V Z)))
(EQUAL (SUBST F (CO-RESTRICT S X) Z)
(SUBST F S Z))),
which further simplifies, rewriting with ALL-VARS-T-CONS, to:
T.
Case 13.(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, applying DOMAIN-CO-RESTRICT,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, MEMBER-SET-DIFF, VARIABLEP-INTRO,
CAR-CONS, CDR-CONS, and CONS-EQUAL, and expanding the function SUBST, to:
(IMPLIES (AND FLG
(LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS V Z) to
eliminate (CDR TERM) and (CAR TERM). We must thus prove:
(IMPLIES (AND FLG
(NOT (TERMP F Z))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG (CONS V Z))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG (CONS V Z)))
(EQUAL (SUBST F (CO-RESTRICT S X) Z)
(SUBST F S Z))).
But this further simplifies, applying ALL-VARS-T-CONS and TERMP-T-CONS, to:
T.
Case 12.(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, applying the lemmas DOMAIN-CO-RESTRICT,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, MEMBER-SET-DIFF, and VARIABLEP-INTRO,
and opening up the function SUBST, to:
T.
Case 11.(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (CO-RESTRICT S X))))
(NOT (VARIABLEP TERM))
(NOT (LISTP TERM))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, rewriting with the lemmas DOMAIN-CO-RESTRICT,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, MEMBER-SET-DIFF, and TERMP-T-NLISTP,
to:
T.
Case 10.(IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, rewriting with CAR-CONS and CONS-EQUAL, and opening up
SUBST, to two new formulas:
Case 10.2.
(IMPLIES (AND (LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). We would thus like to prove the new formula:
(IMPLIES (AND (NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T Z))))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F V))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (CO-RESTRICT S X) Z)
(SUBST T S Z))),
which further simplifies, rewriting with ALL-VARS-LIST-CONS and
DISJOINT-INTERSECTION-APPEND, to:
T.
Case 10.1.
(IMPLIES (AND (LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). The result is:
(IMPLIES (AND (NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T Z))))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F V))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (CO-RESTRICT S X) V)
(SUBST F S V))).
However this further simplifies, applying ALL-VARS-LIST-CONS and
DISJOINT-INTERSECTION-APPEND, to:
T.
Case 9. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, applying CAR-CONS and CONS-EQUAL, and opening up SUBST, to
two new formulas:
Case 9.2.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). We would thus like to prove the new conjecture:
(IMPLIES (AND (NOT (TERMP T Z))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F V))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (CO-RESTRICT S X) Z)
(SUBST T S Z))),
which further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS and
DISJOINT-INTERSECTION-APPEND, to:
T.
Case 9.1.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). This produces:
(IMPLIES (AND (NOT (TERMP T Z))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F V))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (CO-RESTRICT S X) V)
(SUBST F S V))),
which further simplifies, rewriting with the lemmas ALL-VARS-LIST-CONS and
DISJOINT-INTERSECTION-APPEND, to:
T.
Case 8. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, appealing to the lemmas CAR-CONS, CDR-CONS, and CONS-EQUAL,
and opening up the definition of SUBST, to the goal:
(IMPLIES (AND (LISTP TERM)
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). This generates the conjecture:
(IMPLIES (AND (EQUAL (SUBST T (CO-RESTRICT S X) Z)
(SUBST T S Z))
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F V))))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (CO-RESTRICT S X) V)
(SUBST F S V))).
But this further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS and
DISJOINT-INTERSECTION-APPEND, to:
T.
Case 7. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))))
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, appealing to the lemmas CAR-CONS and CONS-EQUAL, and
opening up SUBST, to two new conjectures:
Case 7.2.
(IMPLIES (AND (LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))))
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). This produces the new conjecture:
(IMPLIES (AND (NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T Z))))
(NOT (TERMP F V))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (CO-RESTRICT S X) Z)
(SUBST T S Z))),
which further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS and
DISJOINT-INTERSECTION-APPEND, to:
T.
Case 7.1.
(IMPLIES (AND (LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))))
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). We would thus like to prove:
(IMPLIES (AND (NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T Z))))
(NOT (TERMP F V))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (CO-RESTRICT S X) V)
(SUBST F S V))),
which further simplifies, rewriting with ALL-VARS-LIST-CONS and
DISJOINT-INTERSECTION-APPEND, to:
T.
Case 6. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, rewriting with CAR-CONS and CONS-EQUAL, and unfolding the
definition of SUBST, to two new formulas:
Case 6.2.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). We would thus like to prove:
(IMPLIES (AND (NOT (TERMP T Z))
(NOT (TERMP F V))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (CO-RESTRICT S X) Z)
(SUBST T S Z))),
which further simplifies, applying the lemmas ALL-VARS-LIST-CONS,
DISJOINT-INTERSECTION-APPEND, and TERMP-LIST-CONS, to:
T.
Case 6.1.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). We thus obtain:
(IMPLIES (AND (NOT (TERMP T Z))
(NOT (TERMP F V))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (CO-RESTRICT S X) V)
(SUBST F S V))),
which further simplifies, rewriting with ALL-VARS-LIST-CONS,
DISJOINT-INTERSECTION-APPEND, and TERMP-LIST-CONS, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, applying CAR-CONS, CDR-CONS, and CONS-EQUAL, and opening up
SUBST, to the goal:
(IMPLIES (AND (LISTP TERM)
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). The result is the conjecture:
(IMPLIES (AND (EQUAL (SUBST T (CO-RESTRICT S X) Z)
(SUBST T S Z))
(NOT (TERMP F V))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (CO-RESTRICT S X) V)
(SUBST F S V))).
But this further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS,
DISJOINT-INTERSECTION-APPEND, and TERMP-LIST-CONS, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, appealing to the lemmas CAR-CONS and CONS-EQUAL, and
expanding the function SUBST, to:
(IMPLIES (AND (LISTP TERM)
(NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). This generates:
(IMPLIES (AND (NOT (DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS T Z))))
(EQUAL (SUBST F (CO-RESTRICT S X) V)
(SUBST F S V))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (CO-RESTRICT S X) Z)
(SUBST T S Z))).
This further simplifies, rewriting with ALL-VARS-LIST-CONS and
DISJOINT-INTERSECTION-APPEND, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, applying CAR-CONS and CONS-EQUAL, and expanding the
definition of SUBST, to:
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). The result is:
(IMPLIES (AND (NOT (TERMP T Z))
(EQUAL (SUBST F (CO-RESTRICT S X) V)
(SUBST F S V))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V))))
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (CO-RESTRICT S X) Z)
(SUBST T S Z))).
But this further simplifies, rewriting with the lemmas ALL-VARS-LIST-CONS,
DISJOINT-INTERSECTION-APPEND, and TERMP-LIST-CONS, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(EQUAL (SUBST T (CO-RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(EQUAL (SUBST F (CO-RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, expanding SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP TERM))
(DISJOINT X
(INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM)))
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (CO-RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, rewriting with TERMP-LIST-NLISTP and SUBST-LIST-NLISTP,
and opening up EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.4 0.1 ]
SUBST-CO-RESTRICT
(PROVE-LEMMA SUBST-RESTRICT
(REWRITE)
(IMPLIES (AND (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))))
Name the conjecture *1.
We will appeal to induction. There are two plausible inductions.
However, they merge into one likely candidate induction. We will induct
according to the following scheme:
(AND (IMPLIES (AND FLG
(MEMBER TERM (DOMAIN (RESTRICT S X))))
(p FLG S X TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN (RESTRICT S X))))
(VARIABLEP TERM))
(p FLG S X TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN (RESTRICT S X))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(p F S X (CDR TERM)))
(p FLG S X TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN (RESTRICT S X))))
(NOT (VARIABLEP TERM))
(NOT (LISTP TERM)))
(p FLG S X TERM))
(IMPLIES (AND (NOT FLG)
(LISTP TERM)
(p T S X (CAR TERM))
(p F S X (CDR TERM)))
(p FLG S X TERM))
(IMPLIES (AND (NOT FLG) (NOT (LISTP TERM)))
(p FLG S X TERM))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to show
that the measure (COUNT TERM) decreases according to the well-founded relation
LESSP in each induction step of the scheme. Note, however, the inductive
instances chosen for FLG. The above induction scheme generates 16 new
conjectures:
Case 16.(IMPLIES (AND FLG
(MEMBER TERM (DOMAIN (RESTRICT S X)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, appealing to the lemmas DOMAIN-RESTRICT,
MEMBER-INTERSECTION, MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, VALUE-RESTRICT,
and SUBST-OCCUR, to:
T.
Case 15.(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN (RESTRICT S X))))
(VARIABLEP TERM)
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, applying the lemmas DOMAIN-RESTRICT, MEMBER-INTERSECTION,
ALL-VARS-VARIABLEP, DISJOINT-DOMAIN-SINGLETON,
DISJOINT-IMPLIES-EMPTY-INTERSECTION, SUBSETP-NLISTP, SUBST-T-VARIABLEP,
MEMBER-CONS, and SUBSETP-INTERSECTION-MEMBER, to:
T.
Case 14.(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN (RESTRICT S X))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, applying DOMAIN-RESTRICT,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, MEMBER-INTERSECTION, VARIABLEP-INTRO,
CAR-CONS, CDR-CONS, and CONS-EQUAL, and opening up the function SUBST, to:
(IMPLIES (AND FLG
(LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS V Z) to eliminate
(CDR TERM) and (CAR TERM). This produces:
(IMPLIES (AND FLG
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F Z))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG (CONS V Z)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG (CONS V Z)))
(EQUAL (SUBST F (RESTRICT S X) Z)
(SUBST F S Z))),
which further simplifies, applying ALL-VARS-T-CONS, to:
T.
Case 13.(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN (RESTRICT S X))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, rewriting with DOMAIN-RESTRICT,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, MEMBER-INTERSECTION, VARIABLEP-INTRO,
CAR-CONS, CDR-CONS, and CONS-EQUAL, and opening up the function SUBST, to
the goal:
(IMPLIES (AND FLG
(LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS V Z) to
eliminate (CDR TERM) and (CAR TERM). We must thus prove:
(IMPLIES (AND FLG
(NOT (TERMP F Z))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG (CONS V Z)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG (CONS V Z)))
(EQUAL (SUBST F (RESTRICT S X) Z)
(SUBST F S Z))).
This further simplifies, rewriting with ALL-VARS-T-CONS and TERMP-T-CONS, to:
T.
Case 12.(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN (RESTRICT S X))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, rewriting with DOMAIN-RESTRICT,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, MEMBER-INTERSECTION, and
VARIABLEP-INTRO, and unfolding the definition of SUBST, to:
T.
Case 11.(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN (RESTRICT S X))))
(NOT (VARIABLEP TERM))
(NOT (LISTP TERM))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, applying DOMAIN-RESTRICT,
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP, MEMBER-INTERSECTION, and
TERMP-T-NLISTP, to:
T.
Case 10.(IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))
X))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, applying the lemmas CAR-CONS and CONS-EQUAL, and opening up
the function SUBST, to the following two new goals:
Case 10.2.
(IMPLIES (AND (LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))
X))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). We must thus prove:
(IMPLIES (AND (NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T Z))
X))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F V))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (RESTRICT S X) Z)
(SUBST T S Z))).
But this further simplifies, rewriting with ALL-VARS-LIST-CONS and
SUBSETP-INTERSECTION-APPEND, to:
T.
Case 10.1.
(IMPLIES (AND (LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))
X))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). We must thus prove:
(IMPLIES (AND (NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T Z))
X))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F V))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (RESTRICT S X) V)
(SUBST F S V))).
This further simplifies, rewriting with ALL-VARS-LIST-CONS and
SUBSETP-INTERSECTION-APPEND, to:
T.
Case 9. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, appealing to the lemmas CAR-CONS and CONS-EQUAL, and
expanding the definition of SUBST, to the following two new formulas:
Case 9.2.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). We must thus prove:
(IMPLIES (AND (NOT (TERMP T Z))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F V))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (RESTRICT S X) Z)
(SUBST T S Z))).
But this further simplifies, rewriting with ALL-VARS-LIST-CONS and
SUBSETP-INTERSECTION-APPEND, to:
T.
Case 9.1.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). We must thus prove:
(IMPLIES (AND (NOT (TERMP T Z))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F V))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (RESTRICT S X) V)
(SUBST F S V))).
But this further simplifies, rewriting with ALL-VARS-LIST-CONS and
SUBSETP-INTERSECTION-APPEND, to:
T.
Case 8. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, applying the lemmas CAR-CONS, CDR-CONS, and CONS-EQUAL, and
unfolding SUBST, to:
(IMPLIES (AND (LISTP TERM)
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CDR TERM)))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). We thus obtain:
(IMPLIES (AND (EQUAL (SUBST T (RESTRICT S X) Z)
(SUBST T S Z))
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F V))
X))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (RESTRICT S X) V)
(SUBST F S V))),
which further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS and
SUBSETP-INTERSECTION-APPEND, to:
T.
Case 7. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))
X))
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, applying the lemmas CAR-CONS and CONS-EQUAL, and opening
up SUBST, to two new goals:
Case 7.2.
(IMPLIES (AND (LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))
X))
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). We would thus like to prove:
(IMPLIES (AND (NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T Z))
X))
(NOT (TERMP F V))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (RESTRICT S X) Z)
(SUBST T S Z))),
which further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS and
SUBSETP-INTERSECTION-APPEND, to:
T.
Case 7.1.
(IMPLIES (AND (LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))
X))
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z V) to eliminate
(CAR TERM) and (CDR TERM). We thus obtain the new formula:
(IMPLIES (AND (NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T Z))
X))
(NOT (TERMP F V))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (RESTRICT S X) V)
(SUBST F S V))),
which further simplifies, rewriting with ALL-VARS-LIST-CONS and
SUBSETP-INTERSECTION-APPEND, to:
T.
Case 6. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, applying the lemmas CAR-CONS and CONS-EQUAL, and expanding
the definition of SUBST, to the following two new goals:
Case 6.2.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). This generates:
(IMPLIES (AND (NOT (TERMP T Z))
(NOT (TERMP F V))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (RESTRICT S X) Z)
(SUBST T S Z))).
This further simplifies, rewriting with ALL-VARS-LIST-CONS,
SUBSETP-INTERSECTION-APPEND, and TERMP-LIST-CONS, to:
T.
Case 6.1.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). We must thus prove:
(IMPLIES (AND (NOT (TERMP T Z))
(NOT (TERMP F V))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (RESTRICT S X) V)
(SUBST F S V))).
But this further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS,
SUBSETP-INTERSECTION-APPEND, and TERMP-LIST-CONS, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, applying the lemmas CAR-CONS, CDR-CONS, and CONS-EQUAL,
and opening up the definition of SUBST, to:
(IMPLIES (AND (LISTP TERM)
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(NOT (TERMP F (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). The result is:
(IMPLIES (AND (EQUAL (SUBST T (RESTRICT S X) Z)
(SUBST T S Z))
(NOT (TERMP F V))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST F (RESTRICT S X) V)
(SUBST F S V))).
However this further simplifies, applying ALL-VARS-LIST-CONS,
SUBSETP-INTERSECTION-APPEND, and TERMP-LIST-CONS, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))
X))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, rewriting with CAR-CONS and CONS-EQUAL, and opening up the
function SUBST, to the goal:
(IMPLIES (AND (LISTP TERM)
(NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T (CAR TERM)))
X))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). We must thus prove:
(IMPLIES (AND (NOT (SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS T Z))
X))
(EQUAL (SUBST F (RESTRICT S X) V)
(SUBST F S V))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (RESTRICT S X) Z)
(SUBST T S Z))).
But this further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS and
SUBSETP-INTERSECTION-APPEND, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))),
which simplifies, appealing to the lemmas CAR-CONS and CONS-EQUAL, and
expanding the function SUBST, to:
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP T (CAR TERM)))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F TERM))
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z V) to
eliminate (CAR TERM) and (CDR TERM). This generates:
(IMPLIES (AND (NOT (TERMP T Z))
(EQUAL (SUBST F (RESTRICT S X) V)
(SUBST F S V))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS F (CONS Z V)))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (CONS Z V)))
(EQUAL (SUBST T (RESTRICT S X) Z)
(SUBST T S Z))).
This further simplifies, rewriting with ALL-VARS-LIST-CONS,
SUBSETP-INTERSECTION-APPEND, and TERMP-LIST-CONS, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(EQUAL (SUBST T (RESTRICT S X) (CAR TERM))
(SUBST T S (CAR TERM)))
(EQUAL (SUBST F (RESTRICT S X) (CDR TERM))
(SUBST F S (CDR TERM)))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, expanding the definition of SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP TERM))
(SUBSETP (INTERSECTION (DOMAIN S)
(ALL-VARS FLG TERM))
X)
(VARIABLE-LISTP (DOMAIN S))
(TERMP FLG TERM))
(EQUAL (SUBST FLG (RESTRICT S X) TERM)
(SUBST FLG S TERM))).
This simplifies, rewriting with TERMP-LIST-NLISTP and SUBST-LIST-NLISTP, and
unfolding the definition of EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.5 0.1 ]
SUBST-RESTRICT
(PROVE-LEMMA TERMP-VALUE
(REWRITE)
(IMPLIES (AND FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S)))
((ENABLE TERMP) (INDUCT (VALUE X S))))
This conjecture can be simplified, using the abbreviations IMPLIES, NOT, OR,
and AND, to three new formulas:
Case 3. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL X (CAAR S))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))),
which simplifies, obviously, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
FLG
(MEMBER (CAAR S) (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE (CAAR S) S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS Z V) to eliminate
(CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z).
We would thus like to prove the new goal:
(IMPLIES (AND FLG
(MEMBER W
(DOMAIN (CONS (CONS W D) V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP FLG
(VALUE W (CONS (CONS W D) V)))),
which further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, RANGE-CONS, TERMP-LIST-CONS, and VALUE-CONS, to:
(IMPLIES (AND FLG
(TERMP T D)
(TERMP F (RANGE V)))
(TERMP FLG D)).
Give the above formula the name *1.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (AND (LISTP (CAR S))
(EQUAL X (CAAR S))))
(IMPLIES (AND FLG
(MEMBER X (DOMAIN (CDR S)))
(TERMP F (RANGE (CDR S))))
(TERMP FLG (VALUE X (CDR S))))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))).
This simplifies, expanding the functions AND and IMPLIES, to the following
six new formulas:
Case 2.6.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER X (DOMAIN (CDR S))))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). This generates:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (MEMBER X (DOMAIN V)))
FLG
(MEMBER X (DOMAIN (CONS Z V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP FLG (VALUE X (CONS Z V)))).
But this further simplifies, applying DOMAIN-CONS, to:
T.
Case 2.5.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (TERMP F (RANGE (CDR S))))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). We must thus prove the goal:
(IMPLIES (AND (NOT (LISTP Z))
(NOT (TERMP F (RANGE V)))
FLG
(MEMBER X (DOMAIN (CONS Z V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP FLG (VALUE X (CONS Z V)))).
However this further simplifies, applying DOMAIN-CONS and RANGE-CONS, to:
T.
Case 2.4.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(TERMP FLG (VALUE X (CDR S)))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S). This generates:
(IMPLIES (AND (NOT (LISTP Z))
(TERMP FLG (VALUE X V))
FLG
(MEMBER X (DOMAIN (CONS Z V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP FLG (VALUE X (CONS Z V)))).
This further simplifies, applying DOMAIN-CONS, RANGE-CONS, and VALUE-CONS,
to:
T.
Case 2.3.
(IMPLIES (AND (LISTP S)
(NOT (EQUAL X (CAAR S)))
(NOT (MEMBER X (DOMAIN (CDR S))))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). We must thus prove two new formulas:
Case 2.3.2.
(IMPLIES (AND (NOT (LISTP Z))
(NOT (EQUAL X (CAR Z)))
(NOT (MEMBER X (DOMAIN V)))
FLG
(MEMBER X (DOMAIN (CONS Z V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP FLG (VALUE X (CONS Z V)))),
which further simplifies, applying CAR-NLISTP and DOMAIN-CONS, to:
T.
Case 2.3.1.
(IMPLIES (AND (NOT (EQUAL X W))
(NOT (MEMBER X (DOMAIN V)))
FLG
(MEMBER X
(DOMAIN (CONS (CONS W D) V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP FLG
(VALUE X (CONS (CONS W D) V)))).
This further simplifies, rewriting with CAR-CONS, DOMAIN-CONS, and
MEMBER-CONS, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP S)
(NOT (EQUAL X (CAAR S)))
(NOT (TERMP F (RANGE (CDR S))))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This generates two new conjectures:
Case 2.2.2.
(IMPLIES (AND (NOT (LISTP Z))
(NOT (EQUAL X (CAR Z)))
(NOT (TERMP F (RANGE V)))
FLG
(MEMBER X (DOMAIN (CONS Z V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP FLG (VALUE X (CONS Z V)))),
which further simplifies, rewriting with the lemmas CAR-NLISTP,
DOMAIN-CONS, and RANGE-CONS, to:
T.
Case 2.2.1.
(IMPLIES (AND (NOT (EQUAL X W))
(NOT (TERMP F (RANGE V)))
FLG
(MEMBER X
(DOMAIN (CONS (CONS W D) V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP FLG
(VALUE X (CONS (CONS W D) V)))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, RANGE-CONS, and TERMP-LIST-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S)
(NOT (EQUAL X (CAAR S)))
(TERMP FLG (VALUE X (CDR S)))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to
eliminate (CAR S) and (CDR S) and Z by (CONS W D) to eliminate (CAR Z) and
(CDR Z). This generates two new formulas:
Case 2.1.2.
(IMPLIES (AND (NOT (LISTP Z))
(NOT (EQUAL X (CAR Z)))
(TERMP FLG (VALUE X V))
FLG
(MEMBER X (DOMAIN (CONS Z V)))
(TERMP F (RANGE (CONS Z V))))
(TERMP FLG (VALUE X (CONS Z V)))),
which further simplifies, rewriting with the lemmas CAR-NLISTP,
DOMAIN-CONS, RANGE-CONS, and VALUE-CONS, to:
T.
Case 2.1.1.
(IMPLIES (AND (NOT (EQUAL X W))
(TERMP FLG (VALUE X V))
FLG
(MEMBER X
(DOMAIN (CONS (CONS W D) V)))
(TERMP F (RANGE (CONS (CONS W D) V))))
(TERMP FLG
(VALUE X (CONS (CONS W D) V)))),
which further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, RANGE-CONS, TERMP-LIST-CONS, and VALUE-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
FLG
(MEMBER X (DOMAIN S))
(TERMP F (RANGE S)))
(TERMP FLG (VALUE X S))),
which simplifies, appealing to the lemmas DOMAIN-NLISTP and MEMBER-NLISTP,
to:
T.
So let us turn our attention to:
(IMPLIES (AND FLG
(TERMP T D)
(TERMP F (RANGE V)))
(TERMP FLG D)),
which we named *1 above. We will try to prove it by induction. There are two
plausible inductions. However, they merge into one likely candidate induction.
We will induct according to the following scheme:
(AND (IMPLIES (VARIABLEP D) (p FLG D V))
(IMPLIES (AND (NOT (VARIABLEP D))
(LISTP D)
(p F (CDR D) V))
(p FLG D V))
(IMPLIES (AND (NOT (VARIABLEP D))
(NOT (LISTP D)))
(p FLG D V))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to show
that the measure (COUNT D) decreases according to the well-founded relation
LESSP in each induction step of the scheme. Note, however, the inductive
instances chosen for FLG. The above induction scheme generates the following
three new conjectures:
Case 3. (IMPLIES (AND (VARIABLEP D)
FLG
(TERMP T D)
(TERMP F (RANGE V)))
(TERMP FLG D)).
This simplifies, expanding the definition of TERMP, to:
T.
Case 2. (IMPLIES (AND (NOT (VARIABLEP D))
(LISTP D)
FLG
(TERMP T D)
(TERMP F (RANGE V)))
(TERMP FLG D)).
This simplifies, applying VARIABLEP-INTRO, and opening up the function TERMP,
to:
T.
Case 1. (IMPLIES (AND (NOT (VARIABLEP D))
(NOT (LISTP D))
FLG
(TERMP T D)
(TERMP F (RANGE V)))
(TERMP FLG D)),
which simplifies, applying TERMP-T-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
TERMP-VALUE
(PROVE-LEMMA TERMP-SUBST
(REWRITE)
(IMPLIES (AND (TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X)))
((ENABLE TERMP)))
Give the conjecture the name *1.
Perhaps we can prove it by induction. The recursive terms in the
conjecture suggest two inductions. However, they merge into one likely
candidate induction. We will induct according to the following scheme:
(AND (IMPLIES (AND FLG (MEMBER X (DOMAIN S)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(p F S (CDR X)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p F S (CDR X))
(p T S (CAR X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p FLG S X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. Note, however, the inductive instances
chosen for FLG. The above induction scheme leads to the following ten new
conjectures:
Case 10.(IMPLIES (AND FLG
(MEMBER X (DOMAIN S))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))).
This simplifies, appealing to the lemmas SUBST-OCCUR and TERMP-VALUE, and
unfolding TERMP, to:
T.
Case 9. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X)
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))).
This simplifies, applying SUBST-T-VARIABLEP, and expanding the definition of
TERMP, to:
T.
Case 8. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))),
which simplifies, applying VARIABLEP-INTRO, and expanding TERMP, to:
T.
Case 7. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(TERMP F (SUBST F S (CDR X)))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))).
This simplifies, applying VARIABLEP-INTRO and TERMP-T-CONS, and expanding
the definitions of TERMP and SUBST, to:
T.
Case 6. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))),
which simplifies, applying the lemma TERMP-T-NLISTP, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))),
which simplifies, unfolding the definition of TERMP, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP X)
(TERMP F (SUBST F S (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))),
which simplifies, unfolding the definition of TERMP, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP T (SUBST T S (CAR X)))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))),
which simplifies, expanding the function TERMP, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(TERMP F (SUBST F S (CDR X)))
(TERMP T (SUBST T S (CAR X)))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))),
which simplifies, rewriting with TERMP-LIST-CONS, and expanding the
definitions of TERMP and SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP X))
(TERMP FLG X)
(TERMP F (RANGE S)))
(TERMP FLG (SUBST FLG S X))).
This simplifies, rewriting with TERMP-LIST-NLISTP and SUBST-LIST-NLISTP, and
expanding the function TERMP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-SUBST
(PROVE-LEMMA TERMP-DOMAIN
(REWRITE)
(IMPLIES (VARIABLE-LISTP (DOMAIN S))
(TERMP F (DOMAIN S)))
((ENABLE TERMP) (INDUCT (DOMAIN S))))
This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and
AND, to the following three new conjectures:
Case 3. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(IMPLIES (VARIABLE-LISTP (DOMAIN (CDR S)))
(TERMP F (DOMAIN (CDR S))))
(VARIABLE-LISTP (DOMAIN S)))
(TERMP F (DOMAIN S))).
This simplifies, expanding the function IMPLIES, to the following two new
formulas:
Case 3.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (VARIABLE-LISTP (DOMAIN (CDR S))))
(VARIABLE-LISTP (DOMAIN S)))
(TERMP F (DOMAIN S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove the formula:
(IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (DOMAIN Z)))
(VARIABLE-LISTP (DOMAIN (CONS X Z))))
(TERMP F (DOMAIN (CONS X Z)))).
But this further simplifies, rewriting with DOMAIN-CONS and
VARIABLE-LISTP-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(TERMP F (DOMAIN (CDR S)))
(VARIABLE-LISTP (DOMAIN S)))
(TERMP F (DOMAIN S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove:
(IMPLIES (AND (LISTP X)
(TERMP F (DOMAIN Z))
(VARIABLE-LISTP (DOMAIN (CONS X Z))))
(TERMP F (DOMAIN (CONS X Z)))).
But this further simplifies, appealing to the lemmas DOMAIN-CONS,
VARIABLE-LISTP-CONS, and TERMP-LIST-CONS, and opening up TERMP, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(IMPLIES (VARIABLE-LISTP (DOMAIN (CDR S)))
(TERMP F (DOMAIN (CDR S))))
(VARIABLE-LISTP (DOMAIN S)))
(TERMP F (DOMAIN S))),
which simplifies, expanding IMPLIES, to two new goals:
Case 2.2.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (VARIABLE-LISTP (DOMAIN (CDR S))))
(VARIABLE-LISTP (DOMAIN S)))
(TERMP F (DOMAIN S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). This produces:
(IMPLIES (AND (NOT (LISTP X))
(NOT (VARIABLE-LISTP (DOMAIN Z)))
(VARIABLE-LISTP (DOMAIN (CONS X Z))))
(TERMP F (DOMAIN (CONS X Z)))),
which further simplifies, rewriting with DOMAIN-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(TERMP F (DOMAIN (CDR S)))
(VARIABLE-LISTP (DOMAIN S)))
(TERMP F (DOMAIN S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove the formula:
(IMPLIES (AND (NOT (LISTP X))
(TERMP F (DOMAIN Z))
(VARIABLE-LISTP (DOMAIN (CONS X Z))))
(TERMP F (DOMAIN (CONS X Z)))).
However this further simplifies, applying DOMAIN-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(VARIABLE-LISTP (DOMAIN S)))
(TERMP F (DOMAIN S))).
This simplifies, applying the lemma DOMAIN-NLISTP, and opening up
VARIABLE-LISTP and TERMP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-DOMAIN
(PROVE-LEMMA DOMAIN-APPLY-TO-SUBST
(REWRITE)
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 S2))
(DOMAIN S2)))
Call the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(p S1 (CDR S2)))
(p S1 S2))
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(p S1 (CDR S2)))
(p S1 S2))
(IMPLIES (NOT (LISTP S2)) (p S1 S2))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT S2) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following three new formulas:
Case 3. (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 (CDR S2)))
(DOMAIN (CDR S2))))
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 S2))
(DOMAIN S2))).
This simplifies, applying CAR-CONS and DOMAIN-CONS, and expanding the
function APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 (CDR S2)))
(DOMAIN (CDR S2))))
(EQUAL (CONS (CAAR S2) (DOMAIN (CDR S2)))
(DOMAIN S2))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S2 by (CONS X Z) to
eliminate (CAR S2) and (CDR S2) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). This generates:
(IMPLIES (EQUAL (DOMAIN (APPLY-TO-SUBST S1 Z))
(DOMAIN Z))
(EQUAL (CONS V (DOMAIN Z))
(DOMAIN (CONS (CONS V W) Z)))).
This further simplifies, rewriting with CAR-CONS and DOMAIN-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 (CDR S2)))
(DOMAIN (CDR S2))))
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 S2))
(DOMAIN S2))).
This simplifies, unfolding the definition of APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 (CDR S2)))
(DOMAIN (CDR S2))))
(EQUAL (DOMAIN (CDR S2))
(DOMAIN S2))).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS X Z) to eliminate
(CAR S2) and (CDR S2). We thus obtain:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 Z))
(DOMAIN Z)))
(EQUAL (DOMAIN Z)
(DOMAIN (CONS X Z)))),
which further simplifies, applying the lemma DOMAIN-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP S2))
(EQUAL (DOMAIN (APPLY-TO-SUBST S1 S2))
(DOMAIN S2))),
which simplifies, rewriting with DOMAIN-NLISTP, and opening up the
definitions of APPLY-TO-SUBST, DOMAIN, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DOMAIN-APPLY-TO-SUBST
(PROVE-LEMMA VAR-SUBSTP-APPLY-TO-SUBST
(REWRITE)
(IMPLIES (AND (TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG S))))
((ENABLE TERMP)))
Name the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p SG (CDR S)))
(p SG S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p SG (CDR S)))
(p SG S))
(IMPLIES (NOT (LISTP S)) (p SG S))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT S) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates the
following five new conjectures:
Case 5. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG S)))).
This simplifies, applying CDR-CONS, RANGE-CONS, and TERMP-LIST-CONS, and
opening up the definition of APPLY-TO-SUBST, to two new goals:
Case 5.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP T (SUBST T SG (CDAR S)))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS W V) to eliminate (CDR X) and (CAR X).
This produces:
(IMPLIES (AND (NOT (TERMP F (RANGE Z)))
(TERMP F (RANGE (CONS (CONS W V) Z)))
(TERMP F (RANGE SG)))
(TERMP T (SUBST T SG V))),
which further simplifies, rewriting with CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG (CDR S))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). This generates:
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (RANGE Z)))
(TERMP F (RANGE (CONS X Z)))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG Z)))).
But this further simplifies, rewriting with the lemmas RANGE-CONS and
TERMP-LIST-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(TERMP F
(RANGE (APPLY-TO-SUBST SG (CDR S))))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG S)))),
which simplifies, rewriting with the lemmas CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, and opening up APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(TERMP F
(RANGE (APPLY-TO-SUBST SG (CDR S))))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP T (SUBST T SG (CDAR S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS W V) to eliminate (CDR X) and
(CAR X). The result is the conjecture:
(IMPLIES (AND (TERMP F
(RANGE (APPLY-TO-SUBST SG Z)))
(TERMP F (RANGE (CONS (CONS W V) Z)))
(TERMP F (RANGE SG)))
(TERMP T (SUBST T SG V))).
However this further simplifies, rewriting with CDR-CONS, RANGE-CONS,
TERMP-LIST-CONS, and TERMP-SUBST, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG S)))).
This simplifies, unfolding APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG (CDR S))))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). We would thus like to prove the new goal:
(IMPLIES (AND (NOT (LISTP X))
(NOT (TERMP F (RANGE Z)))
(TERMP F (RANGE (CONS X Z)))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG Z)))),
which further simplifies, rewriting with RANGE-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG (CDR S))))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG S)))).
This simplifies, unfolding APPLY-TO-SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(TERMP F (RANGE S))
(TERMP F (RANGE SG)))
(TERMP F
(RANGE (APPLY-TO-SUBST SG S)))).
This simplifies, rewriting with RANGE-NLISTP, and expanding the definitions
of TERMP, APPLY-TO-SUBST, and RANGE, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
VAR-SUBSTP-APPLY-TO-SUBST
(PROVE-LEMMA VALUE-APPLY-TO-SUBST
(REWRITE)
(IMPLIES (MEMBER G (DOMAIN S))
(EQUAL (VALUE G (APPLY-TO-SUBST SG S))
(SUBST T SG (VALUE G S)))))
Call the conjecture *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p G SG (CDR S)))
(p G SG S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p G SG (CDR S)))
(p G SG S))
(IMPLIES (NOT (LISTP S)) (p G SG S))).
Linear arithmetic and the lemma CDR-LESSP can be used to prove that the
measure (COUNT S) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme leads to the
following five new goals:
Case 5. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER G (DOMAIN (CDR S))))
(MEMBER G (DOMAIN S)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG S))
(SUBST T SG (VALUE G S)))).
This simplifies, applying the lemmas CAR-CONS, CDR-CONS,
DOMAIN-APPLY-TO-SUBST, VALUE-WHEN-NOT-BOUND, and VALUE-CONS, and expanding
the function APPLY-TO-SUBST, to the following two new formulas:
Case 5.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER G (DOMAIN (CDR S))))
(MEMBER G (DOMAIN S))
(NOT (EQUAL G (CAAR S))))
(EQUAL 0 (SUBST T SG (VALUE G S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). This generates:
(IMPLIES (AND (NOT (MEMBER G (DOMAIN Z)))
(MEMBER G
(DOMAIN (CONS (CONS V W) Z)))
(NOT (EQUAL G V)))
(EQUAL 0
(SUBST T SG
(VALUE G (CONS (CONS V W) Z))))).
However this further simplifies, rewriting with the lemmas CAR-CONS,
DOMAIN-CONS, and MEMBER-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER G (DOMAIN (CDR S))))
(MEMBER G (DOMAIN S))
(EQUAL G (CAAR S)))
(EQUAL (SUBST T SG (CDAR S))
(SUBST T SG (VALUE G S)))),
which again simplifies, clearly, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (MEMBER (CAAR S) (DOMAIN (CDR S))))
(MEMBER (CAAR S) (DOMAIN S)))
(EQUAL (SUBST T SG (CDAR S))
(SUBST T SG (VALUE (CAAR S) S)))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
This produces:
(IMPLIES (AND (NOT (MEMBER V (DOMAIN Z)))
(MEMBER V
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL (SUBST T SG W)
(SUBST T SG
(VALUE V (CONS (CONS V W) Z))))),
which further simplifies, rewriting with CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE G (APPLY-TO-SUBST SG (CDR S)))
(SUBST T SG (VALUE G (CDR S))))
(MEMBER G (DOMAIN S)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG S))
(SUBST T SG (VALUE G S)))).
This simplifies, applying the lemmas CAR-CONS, CDR-CONS, and VALUE-CONS, and
expanding the function APPLY-TO-SUBST, to the following two new formulas:
Case 4.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE G (APPLY-TO-SUBST SG (CDR S)))
(SUBST T SG (VALUE G (CDR S))))
(MEMBER G (DOMAIN S))
(NOT (EQUAL G (CAAR S))))
(EQUAL (VALUE G (APPLY-TO-SUBST SG (CDR S)))
(SUBST T SG (VALUE G S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). The result is:
(IMPLIES (AND (EQUAL (VALUE G (APPLY-TO-SUBST SG Z))
(SUBST T SG (VALUE G Z)))
(MEMBER G
(DOMAIN (CONS (CONS V W) Z)))
(NOT (EQUAL G V)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG Z))
(SUBST T SG
(VALUE G (CONS (CONS V W) Z))))).
But this further simplifies, applying the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, and VALUE-CONS, to:
T.
Case 4.1.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE G (APPLY-TO-SUBST SG (CDR S)))
(SUBST T SG (VALUE G (CDR S))))
(MEMBER G (DOMAIN S))
(EQUAL G (CAAR S)))
(EQUAL (SUBST T SG (CDAR S))
(SUBST T SG (VALUE G S)))),
which again simplifies, obviously, to the new formula:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (VALUE (CAAR S)
(APPLY-TO-SUBST SG (CDR S)))
(SUBST T SG (VALUE (CAAR S) (CDR S))))
(MEMBER (CAAR S) (DOMAIN S)))
(EQUAL (SUBST T SG (CDAR S))
(SUBST T SG (VALUE (CAAR S) S)))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
This produces:
(IMPLIES (AND (EQUAL (VALUE V (APPLY-TO-SUBST SG Z))
(SUBST T SG (VALUE V Z)))
(MEMBER V
(DOMAIN (CONS (CONS V W) Z))))
(EQUAL (SUBST T SG W)
(SUBST T SG
(VALUE V (CONS (CONS V W) Z))))),
which further simplifies, rewriting with the lemmas CAR-CONS, DOMAIN-CONS,
MEMBER-CONS, CDR-CONS, and VALUE-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER G (DOMAIN (CDR S))))
(MEMBER G (DOMAIN S)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG S))
(SUBST T SG (VALUE G S)))),
which simplifies, rewriting with DOMAIN-APPLY-TO-SUBST and
VALUE-WHEN-NOT-BOUND, and opening up the definition of APPLY-TO-SUBST, to
the new formula:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (MEMBER G (DOMAIN (CDR S))))
(MEMBER G (DOMAIN S)))
(EQUAL 0 (SUBST T SG (VALUE G S)))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). We would thus like to prove:
(IMPLIES (AND (NOT (LISTP X))
(NOT (MEMBER G (DOMAIN Z)))
(MEMBER G (DOMAIN (CONS X Z))))
(EQUAL 0
(SUBST T SG (VALUE G (CONS X Z))))),
which further simplifies, applying the lemma DOMAIN-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG (CDR S)))
(SUBST T SG (VALUE G (CDR S))))
(MEMBER G (DOMAIN S)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG S))
(SUBST T SG (VALUE G S)))),
which simplifies, expanding APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG (CDR S)))
(SUBST T SG (VALUE G (CDR S))))
(MEMBER G (DOMAIN S)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG (CDR S)))
(SUBST T SG (VALUE G S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove the conjecture:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (VALUE G (APPLY-TO-SUBST SG Z))
(SUBST T SG (VALUE G Z)))
(MEMBER G (DOMAIN (CONS X Z))))
(EQUAL (VALUE G (APPLY-TO-SUBST SG Z))
(SUBST T SG (VALUE G (CONS X Z))))).
However this further simplifies, rewriting with DOMAIN-CONS and VALUE-CONS,
to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(MEMBER G (DOMAIN S)))
(EQUAL (VALUE G (APPLY-TO-SUBST SG S))
(SUBST T SG (VALUE G S)))).
This simplifies, rewriting with DOMAIN-NLISTP and MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.1 ]
VALUE-APPLY-TO-SUBST
(PROVE-LEMMA NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP
(REWRITE)
(IMPLIES (AND (VARIABLE-LISTP D)
(NOT (VARIABLEP TERM)))
(NOT (MEMBER TERM D)))
((INDUCT (MEMBER TERM D))))
WARNING: the newly proposed lemma, NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP,
could be applied whenever the previously added lemma:
BOUNDP-IN-VAR-SUBSTP-IMPLIES-VARIABLEP
could.
This conjecture can be simplified, using the abbreviations IMPLIES, NLISTP,
NOT, OR, and AND, to three new goals:
Case 3. (IMPLIES (AND (NOT (LISTP D))
(VARIABLE-LISTP D)
(NOT (VARIABLEP TERM)))
(NOT (MEMBER TERM D))),
which simplifies, applying VARIABLE-NLISTP and
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, and unfolding the definition of
VARIABLE-LISTP, to:
T.
Case 2. (IMPLIES (AND (LISTP D)
(EQUAL TERM (CAR D))
(VARIABLE-LISTP D)
(NOT (VARIABLEP TERM)))
(NOT (MEMBER TERM D))).
This simplifies, rewriting with the lemma
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, to:
T.
Case 1. (IMPLIES (AND (LISTP D)
(NOT (EQUAL TERM (CAR D)))
(IMPLIES (AND (VARIABLE-LISTP (CDR D))
(NOT (VARIABLEP TERM)))
(NOT (MEMBER TERM (CDR D))))
(VARIABLE-LISTP D)
(NOT (VARIABLEP TERM)))
(NOT (MEMBER TERM D))).
This simplifies, rewriting with the lemma
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, and opening up NOT, AND, and
IMPLIES, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP
(PROVE-LEMMA COMPOSE-PROPERTY
(REWRITE)
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG (COMPOSE S1 S2) X)
(SUBST FLG S2 (SUBST FLG S1 X))))
((ENABLE TERMP)))
This formula simplifies, opening up the function COMPOSE, to:
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))),
which we will name *1.
Perhaps we can prove it by induction. The recursive terms in the
conjecture suggest four inductions. They merge into two likely candidate
inductions. However, only one is unflawed. We will induct according to the
following scheme:
(AND
(IMPLIES (AND FLG
(MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2))))
(p FLG S2 S1 X))
(IMPLIES (AND FLG
(NOT (MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2))))
(VARIABLEP X))
(p FLG S2 S1 X))
(IMPLIES (AND FLG
(NOT (MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2))))
(NOT (VARIABLEP X))
(LISTP X)
(p F S2 S1 (CDR X)))
(p FLG S2 S1 X))
(IMPLIES (AND FLG
(NOT (MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2))))
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG S2 S1 X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p T S2 S1 (CAR X))
(p F S2 S1 (CDR X)))
(p FLG S2 S1 X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p FLG S2 S1 X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. Note, however, the inductive instances
chosen for FLG. The above induction scheme leads to the following ten new
formulas:
Case 10.(IMPLIES (AND FLG
(MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2)))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, rewriting with the lemmas DOMAIN-APPLY-TO-SUBST,
DOMAIN-APPEND, MEMBER-APPEND, MEMBER-SUBSETP, SUBSETP-REFLEXIVITY,
SUBSETP-DOMAIN, VALUE-APPLY-TO-SUBST, VALUE-APPEND, SUBST-OCCUR,
SUBST-FLG-NOT-LIST, MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, and
SUBST-T-VARIABLEP, and expanding the definition of TERMP, to the following
two new goals:
Case 10.2.
(IMPLIES (AND FLG
(MEMBER X (DOMAIN S2))
(VARIABLE-LISTP (DOMAIN S2))
(NOT (MEMBER X (DOMAIN S1))))
(EQUAL (VALUE X S2)
(SUBST FLG S2 X))).
However this again simplifies, applying SUBST-OCCUR, to:
T.
Case 10.1.
(IMPLIES (AND FLG
(MEMBER X (DOMAIN S2))
(VARIABLE-LISTP (DOMAIN S2))
(MEMBER X (DOMAIN S1)))
(EQUAL (SUBST T S2 (VALUE X S1))
(SUBST FLG S2 (VALUE X S1)))).
But this again simplifies, rewriting with SUBST-FLG-NOT-LIST, to:
T.
Case 9. (IMPLIES
(AND FLG
(NOT (MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2))))
(VARIABLEP X)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, applying the lemmas DOMAIN-APPLY-TO-SUBST, DOMAIN-APPEND,
MEMBER-APPEND, and SUBST-T-VARIABLEP, and opening up TERMP, to:
T.
Case 8. (IMPLIES
(AND FLG
(NOT (MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2))))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (TERMP F (CDR X)))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, applying the lemmas DOMAIN-APPLY-TO-SUBST, DOMAIN-APPEND,
NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP, MEMBER-APPEND, and
VARIABLEP-INTRO, and unfolding the definition of TERMP, to:
T.
Case 7. (IMPLIES
(AND FLG
(NOT (MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2))))
(NOT (VARIABLEP X))
(LISTP X)
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST S2 S1) S2)
(CDR X))
(SUBST F S2 (SUBST F S1 (CDR X))))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, rewriting with DOMAIN-APPLY-TO-SUBST, DOMAIN-APPEND,
NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP, MEMBER-APPEND, VARIABLEP-INTRO,
and SUBST-T-NON-VARIABLEP, and expanding TERMP and SUBST, to:
T.
Case 6. (IMPLIES
(AND FLG
(NOT (MEMBER X
(DOMAIN (APPEND (APPLY-TO-SUBST S2 S1) S2))))
(NOT (VARIABLEP X))
(NOT (LISTP X))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))),
which simplifies, applying DOMAIN-APPLY-TO-SUBST, DOMAIN-APPEND,
NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP, MEMBER-APPEND, and
TERMP-T-NLISTP, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP T (CAR X)))
(NOT (TERMP F (CDR X)))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, opening up the function TERMP, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP X)
(EQUAL (SUBST T
(APPEND (APPLY-TO-SUBST S2 S1) S2)
(CAR X))
(SUBST T S2 (SUBST T S1 (CAR X))))
(NOT (TERMP F (CDR X)))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, unfolding the definition of TERMP, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP T (CAR X)))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST S2 S1) S2)
(CDR X))
(SUBST F S2 (SUBST F S1 (CDR X))))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, unfolding the function TERMP, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(EQUAL (SUBST T
(APPEND (APPLY-TO-SUBST S2 S1) S2)
(CAR X))
(SUBST T S2 (SUBST T S1 (CAR X))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST S2 S1) S2)
(CDR X))
(SUBST F S2 (SUBST F S1 (CDR X))))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, rewriting with the lemma SUBST-LIST-CONS, and unfolding the
definitions of TERMP and SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP X))
(VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST S2 S1) S2)
X)
(SUBST FLG S2 (SUBST FLG S1 X)))).
This simplifies, appealing to the lemmas TERMP-LIST-NLISTP and
SUBST-LIST-NLISTP, and opening up the function EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.3 0.0 ]
COMPOSE-PROPERTY
(PROVE-LEMMA COMPOSE-PROPERTY-REVERSED
(REWRITE)
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN S2))
(TERMP FLG X))
(EQUAL (SUBST FLG S2 (SUBST FLG S1 X))
(SUBST FLG (COMPOSE S1 S2) X)))
((DISABLE COMPOSE)))
This formula simplifies, appealing to the lemma COMPOSE-PROPERTY, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
COMPOSE-PROPERTY-REVERSED
(DISABLE COMPOSE-PROPERTY)
[ 0.0 0.0 0.0 ]
COMPOSE-PROPERTY-OFF
(PROVE-LEMMA SUBST-NOT-OCCUR
(REWRITE)
(IMPLIES (AND (TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X))
((ENABLE TERMP)))
Give the conjecture the name *1.
Perhaps we can prove it by induction. There are two plausible inductions.
However, they merge into one likely candidate induction. We will induct
according to the following scheme:
(AND (IMPLIES (AND FLG (MEMBER X (DOMAIN S)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(p F S (CDR X)))
(p FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p F S (CDR X))
(p T S (CAR X)))
(p FLG S X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p FLG S X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to show
that the measure (COUNT X) decreases according to the well-founded relation
LESSP in each induction step of the scheme. Note, however, the inductive
instances chosen for FLG. The above induction scheme generates 16 new
conjectures:
Case 16.(IMPLIES (AND FLG
(MEMBER X (DOMAIN S))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)),
which simplifies, rewriting with MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP,
ALL-VARS-VARIABLEP, SUBSETP-DOMAIN, SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and
DISJOINT-DOMAIN-SINGLETON, and expanding the definition of TERMP, to:
T.
Case 15.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X)
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, applying ALL-VARS-VARIABLEP, DISJOINT-DOMAIN-SINGLETON, and
SUBST-T-VARIABLEP, and expanding TERMP, to:
T.
Case 14.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)),
which simplifies, rewriting with NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP
and VARIABLEP-INTRO, and unfolding the definition of TERMP, to:
T.
Case 13.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, rewriting with the lemmas
NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP, VARIABLEP-INTRO, CAR-CONS, and
CDR-CONS, and opening up TERMP and SUBST, to the new goal:
(IMPLIES (AND FLG
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(FUNCTION-SYMBOL-P (CAR X))
(TERMP F (CDR X))
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (CONS (CAR X) (SUBST F S (CDR X)))
X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new formula:
(IMPLIES (AND FLG
(NOT (DISJOINT (DOMAIN S) (ALL-VARS F Z)))
(FUNCTION-SYMBOL-P V)
(TERMP F Z)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG (CONS V Z))))
(EQUAL (CONS V (SUBST F S Z))
(CONS V Z))),
which further simplifies, rewriting with ALL-VARS-T-CONS, to:
T.
Case 12.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(EQUAL (SUBST F S (CDR X)) (CDR X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, rewriting with NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP,
VARIABLEP-INTRO, and CONS-CAR-CDR, and expanding the definitions of TERMP
and SUBST, to:
T.
Case 11.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)),
which simplifies, applying NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP and
TERMP-T-NLISTP, to:
T.
Case 10.(IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, expanding the function TERMP, to:
T.
Case 9. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, opening up the definition of TERMP, to:
T.
Case 8. (IMPLIES (AND (NOT FLG)
(LISTP X)
(EQUAL (SUBST F S (CDR X)) (CDR X))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, opening up the function TERMP, to:
T.
Case 7. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, unfolding the definition of TERMP, to:
T.
Case 6. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, appealing to the lemma CAR-CONS, and opening up the
functions TERMP and SUBST, to:
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP T (CAR X))
(TERMP F (CDR X))
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S) (ALL-VARS F X)))
(EQUAL (CONS (SUBST T S (CAR X))
(SUBST F S (CDR X)))
X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S) (ALL-VARS F Z)))
(NOT (DISJOINT (DOMAIN S) (ALL-VARS T V)))
(TERMP T V)
(TERMP F Z)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS F (CONS V Z))))
(EQUAL (CONS (SUBST T S V) (SUBST F S Z))
(CONS V Z))),
which further simplifies, applying MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP X)
(EQUAL (SUBST F S (CDR X)) (CDR X))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, applying CAR-CONS, and opening up the functions TERMP and
SUBST, to the formula:
(IMPLIES (AND (LISTP X)
(EQUAL (SUBST F S (CDR X)) (CDR X))
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS T (CAR X))))
(TERMP T (CAR X))
(TERMP F (CDR X))
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S) (ALL-VARS F X)))
(EQUAL (CONS (SUBST T S (CAR X)) (CDR X))
X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates the formula:
(IMPLIES (AND (EQUAL (SUBST F S Z) Z)
(NOT (DISJOINT (DOMAIN S) (ALL-VARS T V)))
(TERMP T V)
(TERMP F Z)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS F (CONS V Z))))
(EQUAL (CONS (SUBST T S V) Z)
(CONS V Z))).
But this further simplifies, rewriting with MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(EQUAL (SUBST T S (CAR X)) (CAR X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, expanding TERMP, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(EQUAL (SUBST T S (CAR X)) (CAR X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, applying the lemmas CAR-CONS and CDR-CONS, and unfolding
TERMP and SUBST, to:
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S)
(ALL-VARS F (CDR X))))
(EQUAL (SUBST T S (CAR X)) (CAR X))
(TERMP T (CAR X))
(TERMP F (CDR X))
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S) (ALL-VARS F X)))
(EQUAL (CONS (CAR X) (SUBST F S (CDR X)))
X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S) (ALL-VARS F Z)))
(EQUAL (SUBST T S V) V)
(TERMP T V)
(TERMP F Z)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS F (CONS V Z))))
(EQUAL (CONS V (SUBST F S Z))
(CONS V Z))),
which further simplifies, appealing to the lemmas ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(EQUAL (SUBST F S (CDR X)) (CDR X))
(EQUAL (SUBST T S (CAR X)) (CAR X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)),
which simplifies, rewriting with CONS-CAR-CDR, and opening up the
definitions of TERMP and SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S))
(DISJOINT (DOMAIN S)
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG S X) X)).
This simplifies, appealing to the lemmas TERMP-LIST-NLISTP, DISJOINT-NLISTP,
DISJOINT-SYMMETRY, and SUBST-LIST-NLISTP, and expanding the definitions of
ALL-VARS, OR, NLISTP, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
SUBST-NOT-OCCUR
(PROVE-LEMMA DISJOINT-RANGE-IMPLIES-DISJOINT-VALUE
(REWRITE)
(IMPLIES (AND (MEMBER X (DOMAIN S))
FLG
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (VALUE X S))))
((USE (SUBSETP-DISJOINT-2 (X (ALL-VARS FLG (VALUE X S)))
(Y (ALL-VARS F (RANGE S)))
(Z Z)))))
This conjecture simplifies, rewriting with ALL-VARS-SUBST-LEMMA and
DISJOINT-SYMMETRY, and unfolding the functions AND and IMPLIES, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
DISJOINT-RANGE-IMPLIES-DISJOINT-VALUE
(PROVE-LEMMA DISJOINT-ALL-VARS-SUBST
(REWRITE)
(IMPLIES (AND (TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X))))
((ENABLE TERMP)))
Name the conjecture *1.
We will try to prove it by induction. There are two plausible inductions.
However, they merge into one likely candidate induction. We will induct
according to the following scheme:
(AND (IMPLIES (AND FLG (MEMBER X (DOMAIN S)))
(p Z FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X))
(p Z FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(p Z F S (CDR X)))
(p Z FLG S X))
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X)))
(p Z FLG S X))
(IMPLIES (AND (NOT FLG)
(LISTP X)
(p Z F S (CDR X))
(p Z T S (CAR X)))
(p Z FLG S X))
(IMPLIES (AND (NOT FLG) (NOT (LISTP X)))
(p Z FLG S X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. Note, however, the inductive instances
chosen for FLG. The above induction scheme leads to 16 new formulas:
Case 16.(IMPLIES (AND FLG
(MEMBER X (DOMAIN S))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))),
which simplifies, rewriting with ALL-VARS-VARIABLEP, DISJOINT-NLISTP,
DISJOINT-SYMMETRY, DISJOINT-CONS-2, SUBST-OCCUR, and
DISJOINT-RANGE-IMPLIES-DISJOINT-VALUE, and opening up TERMP, OR, and NLISTP,
to:
T.
Case 15.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(VARIABLEP X)
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, rewriting with ALL-VARS-VARIABLEP, DISJOINT-NLISTP,
DISJOINT-SYMMETRY, DISJOINT-CONS-2, and SUBST-T-VARIABLEP, and opening up
TERMP, OR, and NLISTP, to:
T.
Case 14.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))),
which simplifies, applying VARIABLEP-INTRO, and unfolding the function TERMP,
to:
T.
Case 13.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(NOT (DISJOINT Z (ALL-VARS F (CDR X))))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, rewriting with VARIABLEP-INTRO and ALL-VARS-T-CONS, and
unfolding the functions TERMP and SUBST, to:
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(LISTP X)
(NOT (DISJOINT Z (ALL-VARS F (CDR X))))
(FUNCTION-SYMBOL-P (CAR X))
(TERMP F (CDR X))
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS F (SUBST F S (CDR X))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS W V) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND FLG
(NOT (MEMBER (CONS W V) (DOMAIN S)))
(NOT (DISJOINT Z (ALL-VARS F V)))
(FUNCTION-SYMBOL-P W)
(TERMP F V)
(DISJOINT Z (ALL-VARS FLG (CONS W V)))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS F (SUBST F S V)))).
This further simplifies, rewriting with ALL-VARS-T-CONS, to:
T.
Case 12.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(LISTP X)
(DISJOINT Z
(ALL-VARS F (SUBST F S (CDR X))))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, applying VARIABLEP-INTRO and ALL-VARS-T-CONS, and unfolding
TERMP and SUBST, to:
T.
Case 11.(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S)))
(NOT (VARIABLEP X))
(NOT (LISTP X))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))),
which simplifies, applying TERMP-T-NLISTP, to:
T.
Case 10.(IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, unfolding TERMP, to:
T.
Case 9. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT Z (ALL-VARS F (CDR X))))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, opening up the definition of TERMP, to:
T.
Case 8. (IMPLIES (AND (NOT FLG)
(LISTP X)
(DISJOINT Z
(ALL-VARS F (SUBST F S (CDR X))))
(NOT (TERMP T (CAR X)))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, unfolding the definition of TERMP, to:
T.
Case 7. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (DISJOINT Z (ALL-VARS T (CAR X))))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, unfolding the function TERMP, to:
T.
Case 6. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT Z (ALL-VARS F (CDR X))))
(NOT (DISJOINT Z (ALL-VARS T (CAR X))))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, applying ALL-VARS-LIST-CONS and DISJOINT-APPEND-RIGHT, and
unfolding the definitions of TERMP and SUBST, to two new goals:
Case 6.2.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT Z (ALL-VARS F (CDR X))))
(NOT (DISJOINT Z (ALL-VARS T (CAR X))))
(TERMP T (CAR X))
(TERMP F (CDR X))
(DISJOINT Z (ALL-VARS F X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS T (SUBST T S (CAR X))))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS W V) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new conjecture:
(IMPLIES (AND (NOT (DISJOINT Z (ALL-VARS F V)))
(NOT (DISJOINT Z (ALL-VARS T W)))
(TERMP T W)
(TERMP F V)
(DISJOINT Z (ALL-VARS F (CONS W V)))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS T (SUBST T S W)))),
which further simplifies, rewriting with the lemmas ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, to:
T.
Case 6.1.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT Z (ALL-VARS F (CDR X))))
(NOT (DISJOINT Z (ALL-VARS T (CAR X))))
(TERMP T (CAR X))
(TERMP F (CDR X))
(DISJOINT Z (ALL-VARS F X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS F (SUBST F S (CDR X))))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS W V) to eliminate
(CDR X) and (CAR X). This produces:
(IMPLIES (AND (NOT (DISJOINT Z (ALL-VARS F V)))
(NOT (DISJOINT Z (ALL-VARS T W)))
(TERMP T W)
(TERMP F V)
(DISJOINT Z (ALL-VARS F (CONS W V)))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS F (SUBST F S V)))),
which further simplifies, applying ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP X)
(DISJOINT Z
(ALL-VARS F (SUBST F S (CDR X))))
(NOT (DISJOINT Z (ALL-VARS T (CAR X))))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, rewriting with ALL-VARS-LIST-CONS and DISJOINT-APPEND-RIGHT,
and expanding the functions TERMP and SUBST, to:
(IMPLIES (AND (LISTP X)
(DISJOINT Z
(ALL-VARS F (SUBST F S (CDR X))))
(NOT (DISJOINT Z (ALL-VARS T (CAR X))))
(TERMP T (CAR X))
(TERMP F (CDR X))
(DISJOINT Z (ALL-VARS F X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS T (SUBST T S (CAR X))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS W V) to
eliminate (CDR X) and (CAR X). The result is the goal:
(IMPLIES (AND (DISJOINT Z
(ALL-VARS F (SUBST F S V)))
(NOT (DISJOINT Z (ALL-VARS T W)))
(TERMP T W)
(TERMP F V)
(DISJOINT Z (ALL-VARS F (CONS W V)))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS T (SUBST T S W)))).
However this further simplifies, rewriting with ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (TERMP F (CDR X)))
(DISJOINT Z
(ALL-VARS T (SUBST T S (CAR X))))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, unfolding the function TERMP, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP X)
(NOT (DISJOINT Z (ALL-VARS F (CDR X))))
(DISJOINT Z
(ALL-VARS T (SUBST T S (CAR X))))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, rewriting with ALL-VARS-LIST-CONS and DISJOINT-APPEND-RIGHT,
and unfolding the functions TERMP and SUBST, to the conjecture:
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT Z (ALL-VARS F (CDR X))))
(DISJOINT Z
(ALL-VARS T (SUBST T S (CAR X))))
(TERMP T (CAR X))
(TERMP F (CDR X))
(DISJOINT Z (ALL-VARS F X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS F (SUBST F S (CDR X))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS W V) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (NOT (DISJOINT Z (ALL-VARS F V)))
(DISJOINT Z
(ALL-VARS T (SUBST T S W)))
(TERMP T W)
(TERMP F V)
(DISJOINT Z (ALL-VARS F (CONS W V)))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS F (SUBST F S V)))).
However this further simplifies, rewriting with ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(DISJOINT Z
(ALL-VARS F (SUBST F S (CDR X))))
(DISJOINT Z
(ALL-VARS T (SUBST T S (CAR X))))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))).
This simplifies, applying ALL-VARS-LIST-CONS and DISJOINT-APPEND-RIGHT, and
expanding the functions TERMP and SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP X))
(TERMP FLG X)
(DISJOINT Z (ALL-VARS FLG X))
(DISJOINT Z (ALL-VARS F (RANGE S))))
(DISJOINT Z
(ALL-VARS FLG (SUBST FLG S X)))),
which simplifies, applying TERMP-LIST-NLISTP, DISJOINT-NLISTP,
DISJOINT-SYMMETRY, and SUBST-LIST-NLISTP, and expanding ALL-VARS, OR, and
NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
DISJOINT-ALL-VARS-SUBST
(PROVE-LEMMA ALL-VARS-VARIABLE-LISTP
(REWRITE)
(IMPLIES (VARIABLE-LISTP X)
(EQUAL (ALL-VARS F X) X))
((INDUCT (VARIABLE-LISTP X))))
This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and
AND, to the following two new conjectures:
Case 2. (IMPLIES (AND (LISTP X)
(IMPLIES (VARIABLE-LISTP (CDR X))
(EQUAL (ALL-VARS F (CDR X)) (CDR X)))
(VARIABLE-LISTP X))
(EQUAL (ALL-VARS F X) X)).
This simplifies, expanding IMPLIES, to the following two new conjectures:
Case 2.2.
(IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (CDR X)))
(VARIABLE-LISTP X))
(EQUAL (ALL-VARS F X) X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (NOT (VARIABLE-LISTP Z))
(VARIABLE-LISTP (CONS V Z)))
(EQUAL (ALL-VARS F (CONS V Z))
(CONS V Z))).
But this further simplifies, applying the lemma VARIABLE-LISTP-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(EQUAL (ALL-VARS F (CDR X)) (CDR X))
(VARIABLE-LISTP X))
(EQUAL (ALL-VARS F X) X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (EQUAL (ALL-VARS F Z) Z)
(VARIABLE-LISTP (CONS V Z)))
(EQUAL (ALL-VARS F (CONS V Z))
(CONS V Z))),
which further simplifies, rewriting with VARIABLE-LISTP-CONS,
ALL-VARS-VARIABLEP, CDR-CONS, CAR-CONS, and ALL-VARS-LIST-CONS, and
unfolding the definitions of APPEND and LISTP, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(VARIABLE-LISTP X))
(EQUAL (ALL-VARS F X) X)).
This simplifies, applying the lemma VARIABLE-NLISTP, and unfolding the
definitions of ALL-VARS and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-VARIABLE-LISTP
(PROVE-LEMMA VARIABLE-LISTP-APPEND
(REWRITE)
(EQUAL (VARIABLE-LISTP (APPEND X Y))
(AND (VARIABLE-LISTP (FIX-PROPERP X))
(VARIABLE-LISTP Y)))
((INDUCT (DOMAIN S))))
This conjecture simplifies, unfolding the definition of AND, to two new
conjectures:
Case 2. (IMPLIES (AND (NOT (LISTP S))
(NOT (VARIABLE-LISTP (FIX-PROPERP X))))
(EQUAL (VARIABLE-LISTP (APPEND X Y))
F)),
which again simplifies, obviously, to the new formula:
(IMPLIES (AND (NOT (LISTP S))
(NOT (VARIABLE-LISTP (FIX-PROPERP X))))
(NOT (VARIABLE-LISTP (APPEND X Y)))),
which we will name *1.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X)))
(EQUAL (VARIABLE-LISTP (APPEND X Y))
(VARIABLE-LISTP Y))).
Call the above conjecture *2.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y S))
(p X Y S))
(IMPLIES (NOT (LISTP X)) (p X Y S))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates the following three new
conjectures:
Case 3. (IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (FIX-PROPERP (CDR X))))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X)))
(EQUAL (VARIABLE-LISTP (APPEND X Y))
(VARIABLE-LISTP Y))).
This simplifies, rewriting with VARIABLE-LISTP-CONS, and unfolding the
definition of APPEND, to two new conjectures:
Case 3.2.
(IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (FIX-PROPERP (CDR X))))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X))
(NOT (VARIABLEP (CAR X))))
(EQUAL F (VARIABLE-LISTP Y))),
which again simplifies, trivially, to:
(IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (FIX-PROPERP (CDR X))))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X))
(NOT (VARIABLEP (CAR X))))
(NOT (VARIABLE-LISTP Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new formula:
(IMPLIES (AND (NOT (VARIABLE-LISTP (FIX-PROPERP Z)))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP (CONS V Z)))
(NOT (VARIABLEP V)))
(NOT (VARIABLE-LISTP Y))),
which further simplifies, rewriting with FIX-PROPERP-CONS and
VARIABLE-LISTP-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (FIX-PROPERP (CDR X))))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X))
(VARIABLEP (CAR X)))
(EQUAL (VARIABLE-LISTP (APPEND (CDR X) Y))
(VARIABLE-LISTP Y))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). The result is:
(IMPLIES (AND (NOT (VARIABLE-LISTP (FIX-PROPERP Z)))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP (CONS V Z)))
(VARIABLEP V))
(EQUAL (VARIABLE-LISTP (APPEND Z Y))
(VARIABLE-LISTP Y))).
However this further simplifies, rewriting with FIX-PROPERP-CONS and
VARIABLE-LISTP-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (VARIABLE-LISTP (APPEND (CDR X) Y))
(VARIABLE-LISTP Y))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X)))
(EQUAL (VARIABLE-LISTP (APPEND X Y))
(VARIABLE-LISTP Y))).
This simplifies, applying VARIABLE-LISTP-CONS, and unfolding the function
APPEND, to:
(IMPLIES (AND (LISTP X)
(EQUAL (VARIABLE-LISTP (APPEND (CDR X) Y))
(VARIABLE-LISTP Y))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X))
(NOT (VARIABLEP (CAR X))))
(EQUAL F (VARIABLE-LISTP Y))).
This again simplifies, clearly, to:
(IMPLIES (AND (LISTP X)
(VARIABLE-LISTP (APPEND (CDR X) Y))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X))
(NOT (VARIABLEP (CAR X))))
(NOT (VARIABLE-LISTP Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces:
(IMPLIES (AND (VARIABLE-LISTP (APPEND Z Y))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP (CONS V Z)))
(NOT (VARIABLEP V)))
(NOT (VARIABLE-LISTP Y))),
which further simplifies, applying the lemmas FIX-PROPERP-CONS and
VARIABLE-LISTP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(NOT (LISTP S))
(VARIABLE-LISTP (FIX-PROPERP X)))
(EQUAL (VARIABLE-LISTP (APPEND X Y))
(VARIABLE-LISTP Y))),
which simplifies, rewriting with FIX-PROPERP-NLISTP, and expanding
VARIABLE-LISTP and APPEND, to:
T.
That finishes the proof of *2.
So let us turn our attention to:
(IMPLIES (AND (NOT (LISTP S))
(NOT (VARIABLE-LISTP (FIX-PROPERP X))))
(NOT (VARIABLE-LISTP (APPEND X Y)))),
which is formula *1 above. We will appeal to induction. There is only one
plausible induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y S))
(p X Y S))
(IMPLIES (NOT (LISTP X)) (p X Y S))).
Linear arithmetic and the lemma CDR-LESSP can be used to establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates three
new goals:
Case 3. (IMPLIES (AND (LISTP X)
(VARIABLE-LISTP (FIX-PROPERP (CDR X)))
(NOT (LISTP S))
(NOT (VARIABLE-LISTP (FIX-PROPERP X))))
(NOT (VARIABLE-LISTP (APPEND X Y)))),
which simplifies, applying VARIABLE-LISTP-CONS, and opening up the function
APPEND, to the new goal:
(IMPLIES (AND (LISTP X)
(VARIABLE-LISTP (FIX-PROPERP (CDR X)))
(NOT (LISTP S))
(NOT (VARIABLE-LISTP (FIX-PROPERP X)))
(VARIABLEP (CAR X)))
(NOT (VARIABLE-LISTP (APPEND (CDR X) Y)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain:
(IMPLIES (AND (VARIABLE-LISTP (FIX-PROPERP Z))
(NOT (LISTP S))
(NOT (VARIABLE-LISTP (FIX-PROPERP (CONS V Z))))
(VARIABLEP V))
(NOT (VARIABLE-LISTP (APPEND Z Y)))),
which further simplifies, appealing to the lemmas FIX-PROPERP-CONS and
VARIABLE-LISTP-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (VARIABLE-LISTP (APPEND (CDR X) Y)))
(NOT (LISTP S))
(NOT (VARIABLE-LISTP (FIX-PROPERP X))))
(NOT (VARIABLE-LISTP (APPEND X Y)))),
which simplifies, applying VARIABLE-LISTP-CONS, and opening up the
definition of APPEND, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(NOT (LISTP S))
(NOT (VARIABLE-LISTP (FIX-PROPERP X))))
(NOT (VARIABLE-LISTP (APPEND X Y)))).
This simplifies, rewriting with FIX-PROPERP-NLISTP, and unfolding
VARIABLE-LISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
VARIABLE-LISTP-APPEND
(PROVE-LEMMA TERMP-LIST-APPEND
(REWRITE)
(EQUAL (TERMP F (APPEND X Y))
(AND (TERMP F (FIX-PROPERP X))
(TERMP F Y)))
((INDUCT (RANGE S))))
This formula simplifies, opening up the function AND, to the following two new
conjectures:
Case 2. (IMPLIES (AND (NOT (LISTP S))
(NOT (TERMP F (FIX-PROPERP X))))
(EQUAL (TERMP F (APPEND X Y)) F)).
This again simplifies, obviously, to:
(IMPLIES (AND (NOT (LISTP S))
(NOT (TERMP F (FIX-PROPERP X))))
(NOT (TERMP F (APPEND X Y)))),
which we will name *1.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(TERMP F (FIX-PROPERP X)))
(EQUAL (TERMP F (APPEND X Y))
(TERMP F Y))).
Name the above subgoal *2.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y S))
(p X Y S))
(IMPLIES (NOT (LISTP X)) (p X Y S))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates the following three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(NOT (TERMP F (FIX-PROPERP (CDR X))))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP X)))
(EQUAL (TERMP F (APPEND X Y))
(TERMP F Y))).
This simplifies, rewriting with TERMP-LIST-CONS, and expanding APPEND, to
two new goals:
Case 3.2.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (FIX-PROPERP (CDR X))))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP X))
(NOT (TERMP T (CAR X))))
(EQUAL F (TERMP F Y))),
which again simplifies, obviously, to the new goal:
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (FIX-PROPERP (CDR X))))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP X))
(NOT (TERMP T (CAR X))))
(NOT (TERMP F Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new formula:
(IMPLIES (AND (NOT (TERMP F (FIX-PROPERP Z)))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP (CONS V Z)))
(NOT (TERMP T V)))
(NOT (TERMP F Y))),
which further simplifies, rewriting with FIX-PROPERP-CONS and
TERMP-LIST-CONS, to:
T.
Case 3.1.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (FIX-PROPERP (CDR X))))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP X))
(TERMP T (CAR X)))
(EQUAL (TERMP F (APPEND (CDR X) Y))
(TERMP F Y))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (NOT (TERMP F (FIX-PROPERP Z)))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP (CONS V Z)))
(TERMP T V))
(EQUAL (TERMP F (APPEND Z Y))
(TERMP F Y))).
This further simplifies, applying FIX-PROPERP-CONS and TERMP-LIST-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(EQUAL (TERMP F (APPEND (CDR X) Y))
(TERMP F Y))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP X)))
(EQUAL (TERMP F (APPEND X Y))
(TERMP F Y))).
This simplifies, applying TERMP-LIST-CONS, and opening up APPEND, to:
(IMPLIES (AND (LISTP X)
(EQUAL (TERMP F (APPEND (CDR X) Y))
(TERMP F Y))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP X))
(NOT (TERMP T (CAR X))))
(EQUAL F (TERMP F Y))).
This again simplifies, trivially, to the new goal:
(IMPLIES (AND (LISTP X)
(TERMP F (APPEND (CDR X) Y))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP X))
(NOT (TERMP T (CAR X))))
(NOT (TERMP F Y))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (TERMP F (APPEND Z Y))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP (CONS V Z)))
(NOT (TERMP T V)))
(NOT (TERMP F Y))),
which further simplifies, appealing to the lemmas FIX-PROPERP-CONS and
TERMP-LIST-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(NOT (LISTP S))
(TERMP F (FIX-PROPERP X)))
(EQUAL (TERMP F (APPEND X Y))
(TERMP F Y))),
which simplifies, rewriting with FIX-PROPERP-NLISTP, and unfolding the
functions TERMP and APPEND, to:
T.
That finishes the proof of *2.
So let us turn our attention to:
(IMPLIES (AND (NOT (LISTP S))
(NOT (TERMP F (FIX-PROPERP X))))
(NOT (TERMP F (APPEND X Y)))),
which we named *1 above. Perhaps we can prove it by induction. There is only
one plausible induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X) (p (CDR X) Y S))
(p X Y S))
(IMPLIES (NOT (LISTP X)) (p X Y S))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates the following three new
goals:
Case 3. (IMPLIES (AND (LISTP X)
(TERMP F (FIX-PROPERP (CDR X)))
(NOT (LISTP S))
(NOT (TERMP F (FIX-PROPERP X))))
(NOT (TERMP F (APPEND X Y)))).
This simplifies, applying TERMP-LIST-CONS, and unfolding APPEND, to:
(IMPLIES (AND (LISTP X)
(TERMP F (FIX-PROPERP (CDR X)))
(NOT (LISTP S))
(NOT (TERMP F (FIX-PROPERP X)))
(TERMP T (CAR X)))
(NOT (TERMP F (APPEND (CDR X) Y)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (TERMP F (FIX-PROPERP Z))
(NOT (LISTP S))
(NOT (TERMP F (FIX-PROPERP (CONS V Z))))
(TERMP T V))
(NOT (TERMP F (APPEND Z Y)))).
But this further simplifies, rewriting with FIX-PROPERP-CONS and
TERMP-LIST-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(NOT (TERMP F (APPEND (CDR X) Y)))
(NOT (LISTP S))
(NOT (TERMP F (FIX-PROPERP X))))
(NOT (TERMP F (APPEND X Y)))).
This simplifies, applying TERMP-LIST-CONS, and unfolding the definition of
APPEND, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(NOT (LISTP S))
(NOT (TERMP F (FIX-PROPERP X))))
(NOT (TERMP F (APPEND X Y)))),
which simplifies, applying FIX-PROPERP-NLISTP, and unfolding TERMP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
TERMP-LIST-APPEND
(PROVE-LEMMA APPLY-TO-SUBST-APPEND
(REWRITE)
(EQUAL (APPLY-TO-SUBST SG (APPEND S1 S2))
(APPEND (APPLY-TO-SUBST SG S1)
(APPLY-TO-SUBST SG S2))))
Call the conjecture *1.
We will try to prove it by induction. There are three plausible
inductions. They merge into two likely candidate inductions. However, only
one is unflawed. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S1) (p SG (CDR S1) S2))
(p SG S1 S2))
(IMPLIES (NOT (LISTP S1))
(p SG S1 S2))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT S1) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme generates two new
goals:
Case 2. (IMPLIES (AND (LISTP S1)
(EQUAL (APPLY-TO-SUBST SG
(APPEND (CDR S1) S2))
(APPEND (APPLY-TO-SUBST SG (CDR S1))
(APPLY-TO-SUBST SG S2))))
(EQUAL (APPLY-TO-SUBST SG (APPEND S1 S2))
(APPEND (APPLY-TO-SUBST SG S1)
(APPLY-TO-SUBST SG S2)))),
which simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and
unfolding APPEND and APPLY-TO-SUBST, to two new formulas:
Case 2.2.
(IMPLIES (AND (LISTP S1)
(EQUAL (APPLY-TO-SUBST SG
(APPEND (CDR S1) S2))
(APPEND (APPLY-TO-SUBST SG (CDR S1))
(APPLY-TO-SUBST SG S2)))
(NOT (LISTP (CAR S1))))
(EQUAL (APPLY-TO-SUBST SG
(APPEND (CDR S1) S2))
(APPEND (APPLY-TO-SUBST SG (CDR S1))
(APPLY-TO-SUBST SG S2)))),
which again simplifies, clearly, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP S1)
(EQUAL (APPLY-TO-SUBST SG
(APPEND (CDR S1) S2))
(APPEND (APPLY-TO-SUBST SG (CDR S1))
(APPLY-TO-SUBST SG S2)))
(LISTP (CAR S1)))
(EQUAL (CONS (CONS (CAAR S1)
(SUBST T SG (CDAR S1)))
(APPLY-TO-SUBST SG
(APPEND (CDR S1) S2)))
(APPEND (CONS (CONS (CAAR S1)
(SUBST T SG (CDAR S1)))
(APPLY-TO-SUBST SG (CDR S1)))
(APPLY-TO-SUBST SG S2)))).
But this again simplifies, applying the lemmas CDR-CONS and CAR-CONS, and
opening up the definition of APPEND, to:
T.
Case 1. (IMPLIES (NOT (LISTP S1))
(EQUAL (APPLY-TO-SUBST SG (APPEND S1 S2))
(APPEND (APPLY-TO-SUBST SG S1)
(APPLY-TO-SUBST SG S2)))),
which simplifies, unfolding the functions APPEND, APPLY-TO-SUBST, and LISTP,
to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
APPLY-TO-SUBST-APPEND
(PROVE-LEMMA SUBST-APPLY-TO-SUBST
(REWRITE)
(IMPLIES (AND FLG (MEMBER G (DOMAIN S)))
(EQUAL (SUBST FLG (APPLY-TO-SUBST SG S) G)
(SUBST FLG SG (VALUE G S)))))
This formula simplifies, rewriting with MEMBER-SUBSETP, SUBSETP-REFLEXIVITY,
SUBSETP-DOMAIN, DOMAIN-APPLY-TO-SUBST, VALUE-APPLY-TO-SUBST, SUBST-OCCUR, and
SUBST-FLG-NOT-LIST, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
SUBST-APPLY-TO-SUBST
(PROVE-LEMMA SUBST-APPEND-NOT-OCCUR-1
(REWRITE)
(IMPLIES (AND (TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S2 X)))
((INDUCT (SUBST FLG S2 X))))
This conjecture can be simplified, using the abbreviations IMPLIES, NOT, OR,
and AND, to six new goals:
Case 6. (IMPLIES (AND FLG
(MEMBER X (DOMAIN S2))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S2 X))),
which simplifies, rewriting with ALL-VARS-VARIABLE-LISTP, MEMBER-APPEND,
MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, SUBSETP-DOMAIN, DOMAIN-APPEND,
VALUE-APPEND, and SUBST-OCCUR, to:
(IMPLIES (AND FLG
(MEMBER X (DOMAIN S2))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS FLG X))
(MEMBER X (DOMAIN S1)))
(EQUAL (VALUE X S1) (VALUE X S2))),
which again simplifies, applying the lemmas
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, ALL-VARS-VARIABLEP, SUBSETP-DOMAIN,
SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and DISJOINT-DOMAIN-SINGLETON, to:
T.
Case 5. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S2)))
(VARIABLEP X)
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S2 X))),
which simplifies, rewriting with ALL-VARS-VARIABLE-LISTP, ALL-VARS-VARIABLEP,
DISJOINT-DOMAIN-SINGLETON, DOMAIN-APPEND, MEMBER-APPEND, and
SUBST-T-VARIABLEP, to:
T.
Case 4. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S2)))
(NOT (VARIABLEP X))
(LISTP X)
(IMPLIES (AND (TERMP F (CDR X))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS F (CDR X))))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S2 X))).
This simplifies, applying VARIABLEP-INTRO, ALL-VARS-VARIABLE-LISTP,
MEMBER-APPEND, NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP, DOMAIN-APPEND,
CAR-CONS, CDR-CONS, and CONS-EQUAL, and expanding AND, IMPLIES, and SUBST,
to two new formulas:
Case 4.2.
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S2)))
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS FLG X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces the new formula:
(IMPLIES (AND FLG
(NOT (MEMBER (CONS V Z) (DOMAIN S2)))
(NOT (TERMP F Z))
(TERMP FLG (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS FLG (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))),
which further simplifies, rewriting with TERMP-T-CONS, to:
T.
Case 4.1.
(IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S2)))
(LISTP X)
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (CDR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS FLG X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove the formula:
(IMPLIES (AND FLG
(NOT (MEMBER (CONS V Z) (DOMAIN S2)))
(NOT (DISJOINT (DOMAIN S1) (ALL-VARS F Z)))
(TERMP FLG (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS FLG (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))).
However this further simplifies, applying TERMP-T-CONS and ALL-VARS-T-CONS,
to:
T.
Case 3. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S2)))
(NOT (VARIABLEP X))
(NOT (LISTP X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S2 X))).
This simplifies, applying TERMP-T-NLISTP, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(IMPLIES (AND (TERMP F (CDR X))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS F (CDR X))))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X))))
(IMPLIES (AND (TERMP T (CAR X))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS T (CAR X))))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S2 X))),
which simplifies, rewriting with ALL-VARS-VARIABLE-LISTP, CAR-CONS,
CONS-EQUAL, and CDR-CONS, and expanding the definitions of AND, IMPLIES, and
SUBST, to the following 12 new formulas:
Case 2.12.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove the conjecture:
(IMPLIES (AND (NOT (TERMP F Z))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S2 V))).
However this further simplifies, applying TERMP-LIST-CONS, to:
T.
Case 2.11.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (NOT (TERMP F Z))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))).
However this further simplifies, rewriting with TERMP-LIST-CONS, to:
T.
Case 2.10.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (NOT (TERMP F Z))
(NOT (DISJOINT (DOMAIN S1) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S2 V))).
However this further simplifies, rewriting with MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 2.9.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (NOT (TERMP F Z))
(NOT (DISJOINT (DOMAIN S1) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))).
However this further simplifies, rewriting with the lemmas MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 2.8.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces:
(IMPLIES (AND (NOT (TERMP F Z))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S2 V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))),
which further simplifies, rewriting with the lemma TERMP-LIST-CONS, to:
T.
Case 2.7.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (CDR X))))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S1) (ALL-VARS F Z)))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S2 V))),
which further simplifies, rewriting with TERMP-LIST-CONS, to:
T.
Case 2.6.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (CDR X))))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S1) (ALL-VARS F Z)))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))).
However this further simplifies, appealing to the lemma TERMP-LIST-CONS,
to:
T.
Case 2.5.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (CDR X))))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S1) (ALL-VARS F Z)))
(NOT (DISJOINT (DOMAIN S1) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S2 V))),
which further simplifies, rewriting with MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 2.4.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (CDR X))))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). The result is:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S1) (ALL-VARS F Z)))
(NOT (DISJOINT (DOMAIN S1) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))).
This further simplifies, appealing to the lemmas MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 2.3.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (CDR X))))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S1) (ALL-VARS F Z)))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S2 V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))),
which further simplifies, rewriting with TERMP-LIST-CONS,
ALL-VARS-LIST-CONS, and DISJOINT-APPEND-RIGHT, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP X)
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S2 V))).
However this further simplifies, rewriting with the lemma TERMP-LIST-CONS,
to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S2 (CDR X)))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S2 (CAR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new formula:
(IMPLIES (AND (EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S2 Z))
(NOT (DISJOINT (DOMAIN S1) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S2 V))),
which further simplifies, rewriting with MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S1))
(DISJOINT (ALL-VARS F (DOMAIN S1))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S2 X))).
This simplifies, rewriting with TERMP-LIST-NLISTP, ALL-VARS-VARIABLE-LISTP,
DISJOINT-NLISTP, DISJOINT-SYMMETRY, and SUBST-LIST-NLISTP, and opening up
ALL-VARS, OR, NLISTP, and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.3 0.0 ]
SUBST-APPEND-NOT-OCCUR-1
(PROVE-LEMMA SUBST-APPEND-NOT-OCCUR-2
(REWRITE)
(IMPLIES (AND (TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S1 X)))
((INDUCT (SUBST FLG S2 X))))
This conjecture can be simplified, using the abbreviations IMPLIES, NOT, OR,
and AND, to six new goals:
Case 6. (IMPLIES (AND FLG
(MEMBER X (DOMAIN S2))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S1 X))),
which simplifies, rewriting with ALL-VARS-VARIABLE-LISTP,
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP, ALL-VARS-VARIABLEP, SUBSETP-DOMAIN,
SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, and DISJOINT-DOMAIN-SINGLETON, to:
T.
Case 5. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S2)))
(VARIABLEP X)
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S1 X))).
This simplifies, appealing to the lemmas ALL-VARS-VARIABLE-LISTP,
ALL-VARS-VARIABLEP, DISJOINT-DOMAIN-SINGLETON, DOMAIN-APPEND, MEMBER-APPEND,
SUBSETP-DOMAIN, SUBSETP-REFLEXIVITY, MEMBER-SUBSETP, VALUE-APPEND, and
SUBST-T-VARIABLEP, to:
T.
Case 4. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S2)))
(NOT (VARIABLEP X))
(LISTP X)
(IMPLIES (AND (TERMP F (CDR X))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS F (CDR X))))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S1 X))).
This simplifies, applying NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP,
VARIABLEP-INTRO, ALL-VARS-VARIABLE-LISTP, VALUE-APPEND, MEMBER-SUBSETP,
SUBSETP-REFLEXIVITY, SUBSETP-DOMAIN, MEMBER-APPEND, and DOMAIN-APPEND, and
unfolding the functions AND, IMPLIES, and SUBST, to two new conjectures:
Case 4.2.
(IMPLIES (AND FLG
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS FLG X))
(NOT (MEMBER X (DOMAIN S1))))
(EQUAL (CONS (CAR X)
(SUBST F (APPEND S1 S2) (CDR X)))
(CONS (CAR X) (SUBST F S1 (CDR X))))),
which again simplifies, rewriting with the lemmas CAR-CONS, CDR-CONS, and
CONS-EQUAL, to:
(IMPLIES (AND FLG
(LISTP X)
(NOT (TERMP F (CDR X)))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS FLG X))
(NOT (MEMBER X (DOMAIN S1))))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND FLG
(NOT (TERMP F Z))
(TERMP FLG (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS FLG (CONS V Z)))
(NOT (MEMBER (CONS V Z) (DOMAIN S1))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))).
However this further simplifies, rewriting with TERMP-T-CONS, to:
T.
Case 4.1.
(IMPLIES (AND FLG
(LISTP X)
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS F (CDR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS FLG X))
(NOT (MEMBER X (DOMAIN S1))))
(EQUAL (CONS (CAR X)
(SUBST F (APPEND S1 S2) (CDR X)))
(CONS (CAR X) (SUBST F S1 (CDR X))))).
However this again simplifies, rewriting with the lemmas CAR-CONS,
CDR-CONS, and CONS-EQUAL, to:
(IMPLIES (AND FLG
(LISTP X)
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS F (CDR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS FLG X))
(NOT (MEMBER X (DOMAIN S1))))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND FLG
(NOT (DISJOINT (DOMAIN S2) (ALL-VARS F Z)))
(TERMP FLG (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS FLG (CONS V Z)))
(NOT (MEMBER (CONS V Z) (DOMAIN S1))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))).
However this further simplifies, applying TERMP-T-CONS and ALL-VARS-T-CONS,
to:
T.
Case 3. (IMPLIES (AND FLG
(NOT (MEMBER X (DOMAIN S2)))
(NOT (VARIABLEP X))
(NOT (LISTP X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S1 X))).
This simplifies, applying NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP and
TERMP-T-NLISTP, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP X)
(IMPLIES (AND (TERMP F (CDR X))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS F (CDR X))))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X))))
(IMPLIES (AND (TERMP T (CAR X))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS T (CAR X))))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X))))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S1 X))),
which simplifies, rewriting with ALL-VARS-VARIABLE-LISTP, CAR-CONS,
CONS-EQUAL, and CDR-CONS, and unfolding AND, IMPLIES, and SUBST, to the
following 12 new goals:
Case 2.12.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (NOT (TERMP F Z))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S1 V))).
This further simplifies, rewriting with the lemma TERMP-LIST-CONS, to:
T.
Case 2.11.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces the new formula:
(IMPLIES (AND (NOT (TERMP F Z))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))),
which further simplifies, applying TERMP-LIST-CONS, to:
T.
Case 2.10.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (NOT (TERMP F Z))
(NOT (DISJOINT (DOMAIN S2) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S1 V))).
However this further simplifies, rewriting with MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 2.9.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove the goal:
(IMPLIES (AND (NOT (TERMP F Z))
(NOT (DISJOINT (DOMAIN S2) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))).
However this further simplifies, applying the lemmas MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 2.8.
(IMPLIES (AND (LISTP X)
(NOT (TERMP F (CDR X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). This produces:
(IMPLIES (AND (NOT (TERMP F Z))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S1 V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))),
which further simplifies, applying TERMP-LIST-CONS, to:
T.
Case 2.7.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS F (CDR X))))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). The result is:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S2) (ALL-VARS F Z)))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S1 V))).
This further simplifies, rewriting with TERMP-LIST-CONS, to:
T.
Case 2.6.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS F (CDR X))))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S2) (ALL-VARS F Z)))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))).
But this further simplifies, rewriting with the lemma TERMP-LIST-CONS, to:
T.
Case 2.5.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS F (CDR X))))
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S2) (ALL-VARS F Z)))
(NOT (DISJOINT (DOMAIN S2) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S1 V))),
which further simplifies, applying MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 2.4.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS F (CDR X))))
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S2) (ALL-VARS F Z)))
(NOT (DISJOINT (DOMAIN S2) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))).
This further simplifies, appealing to the lemmas MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 2.3.
(IMPLIES (AND (LISTP X)
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS F (CDR X))))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain the new formula:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S2) (ALL-VARS F Z)))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S1 V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))),
which further simplifies, rewriting with the lemmas TERMP-LIST-CONS,
ALL-VARS-LIST-CONS, and DISJOINT-APPEND-RIGHT, to:
T.
Case 2.2.
(IMPLIES (AND (LISTP X)
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))
(NOT (TERMP T (CAR X)))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X)))).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We would thus like to prove the new formula:
(IMPLIES (AND (EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))
(NOT (TERMP T V))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S1 V))),
which further simplifies, rewriting with TERMP-LIST-CONS, to:
T.
Case 2.1.
(IMPLIES (AND (LISTP X)
(EQUAL (SUBST F (APPEND S1 S2) (CDR X))
(SUBST F S1 (CDR X)))
(NOT (DISJOINT (DOMAIN S2)
(ALL-VARS T (CAR X))))
(TERMP F X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2) (ALL-VARS F X)))
(EQUAL (SUBST T (APPEND S1 S2) (CAR X))
(SUBST T S1 (CAR X)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove the formula:
(IMPLIES (AND (EQUAL (SUBST F (APPEND S1 S2) Z)
(SUBST F S1 Z))
(NOT (DISJOINT (DOMAIN S2) (ALL-VARS T V)))
(TERMP F (CONS V Z))
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (DOMAIN S2)
(ALL-VARS F (CONS V Z))))
(EQUAL (SUBST T (APPEND S1 S2) V)
(SUBST T S1 V))).
However this further simplifies, rewriting with the lemmas MEMBER-CONS and
MEMBER-PRESERVES-DISJOINT-ALL-VARS, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP X))
(TERMP FLG X)
(VARIABLE-LISTP (DOMAIN S2))
(DISJOINT (ALL-VARS F (DOMAIN S2))
(ALL-VARS FLG X)))
(EQUAL (SUBST FLG (APPEND S1 S2) X)
(SUBST FLG S1 X))),
which simplifies, rewriting with TERMP-LIST-NLISTP, ALL-VARS-VARIABLE-LISTP,
DISJOINT-NLISTP, DISJOINT-SYMMETRY, and SUBST-LIST-NLISTP, and expanding
ALL-VARS, OR, NLISTP, and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.3 0.0 ]
SUBST-APPEND-NOT-OCCUR-2
(PROVE-LEMMA APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN
(REWRITE)
(IMPLIES (AND (VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)))
Call the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(p S1 (CDR S2)))
(p S1 S2))
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(p S1 (CDR S2)))
(p S1 S2))
(IMPLIES (NOT (LISTP S2)) (p S1 S2))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure
(COUNT S2) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme produces the
following nine new conjectures:
Case 9. (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(NOT (ALISTP (CDR S2)))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)).
This simplifies, applying CAR-CONS and CDR-CONS, and unfolding the
definition of APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(NOT (ALISTP (CDR S2)))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (CONS (CONS (CAAR S2)
(SUBST T S1 (CDAR S2)))
(APPLY-TO-SUBST S1 (CDR S2)))
S2)).
Appealing to the lemma CAR-CDR-ELIM, we now replace S2 by (CONS X Z) to
eliminate (CAR S2) and (CDR S2) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). The result is:
(IMPLIES (AND (NOT (ALISTP Z))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP (CONS (CONS V W) Z))
(TERMP F (RANGE (CONS (CONS V W) Z)))
(DISJOINT (DOMAIN S1)
(ALL-VARS F
(RANGE (CONS (CONS V W) Z)))))
(EQUAL (CONS (CONS V (SUBST T S1 W))
(APPLY-TO-SUBST S1 Z))
(CONS (CONS V W) Z))).
However this further simplifies, rewriting with ALISTP-CONS, to:
T.
Case 8. (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(NOT (TERMP F (RANGE (CDR S2))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)).
This simplifies, appealing to the lemmas CAR-CONS and CDR-CONS, and
unfolding APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(NOT (TERMP F (RANGE (CDR S2))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (CONS (CONS (CAAR S2)
(SUBST T S1 (CDAR S2)))
(APPLY-TO-SUBST S1 (CDR S2)))
S2)).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS X Z) to eliminate
(CAR S2) and (CDR S2) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
This produces:
(IMPLIES (AND (NOT (TERMP F (RANGE Z)))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP (CONS (CONS V W) Z))
(TERMP F (RANGE (CONS (CONS V W) Z)))
(DISJOINT (DOMAIN S1)
(ALL-VARS F
(RANGE (CONS (CONS V W) Z)))))
(EQUAL (CONS (CONS V (SUBST T S1 W))
(APPLY-TO-SUBST S1 Z))
(CONS (CONS V W) Z))),
which further simplifies, appealing to the lemmas ALISTP-CONS, CDR-CONS,
RANGE-CONS, and TERMP-LIST-CONS, to:
T.
Case 7. (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE (CDR S2)))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)),
which simplifies, rewriting with CAR-CONS and CDR-CONS, and unfolding the
function APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE (CDR S2)))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (CONS (CONS (CAAR S2)
(SUBST T S1 (CDAR S2)))
(APPLY-TO-SUBST S1 (CDR S2)))
S2)).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS X Z) to eliminate
(CAR S2) and (CDR S2) and X by (CONS V W) to eliminate (CAR X) and (CDR X).
We thus obtain the new goal:
(IMPLIES (AND (NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE Z))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP (CONS (CONS V W) Z))
(TERMP F (RANGE (CONS (CONS V W) Z)))
(DISJOINT (DOMAIN S1)
(ALL-VARS F
(RANGE (CONS (CONS V W) Z)))))
(EQUAL (CONS (CONS V (SUBST T S1 W))
(APPLY-TO-SUBST S1 Z))
(CONS (CONS V W) Z))),
which further simplifies, applying ALISTP-CONS, CDR-CONS, RANGE-CONS,
TERMP-LIST-CONS, ALL-VARS-LIST-CONS, and DISJOINT-APPEND-RIGHT, to:
T.
Case 6. (IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(EQUAL (APPLY-TO-SUBST S1 (CDR S2))
(CDR S2))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)).
This simplifies, rewriting with CAR-CONS and CDR-CONS, and unfolding
APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(LISTP (CAR S2))
(EQUAL (APPLY-TO-SUBST S1 (CDR S2))
(CDR S2))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (CONS (CONS (CAAR S2)
(SUBST T S1 (CDAR S2)))
(CDR S2))
S2)).
Appealing to the lemma CAR-CDR-ELIM, we now replace S2 by (CONS X Z) to
eliminate (CAR S2) and (CDR S2) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). We must thus prove:
(IMPLIES (AND (EQUAL (APPLY-TO-SUBST S1 Z) Z)
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP (CONS (CONS V W) Z))
(TERMP F (RANGE (CONS (CONS V W) Z)))
(DISJOINT (DOMAIN S1)
(ALL-VARS F
(RANGE (CONS (CONS V W) Z)))))
(EQUAL (CONS (CONS V (SUBST T S1 W)) Z)
(CONS (CONS V W) Z))).
But this further simplifies, rewriting with ALISTP-CONS, CDR-CONS,
RANGE-CONS, TERMP-LIST-CONS, ALL-VARS-LIST-CONS, DISJOINT-APPEND-RIGHT, and
SUBST-NOT-OCCUR, to:
T.
Case 5. (IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(NOT (ALISTP (CDR S2)))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)).
This simplifies, unfolding the definition of APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(NOT (ALISTP (CDR S2)))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 (CDR S2))
S2)).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS X Z) to eliminate
(CAR S2) and (CDR S2). This produces the new conjecture:
(IMPLIES (AND (NOT (LISTP X))
(NOT (ALISTP Z))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP (CONS X Z))
(TERMP F (RANGE (CONS X Z)))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE (CONS X Z)))))
(EQUAL (APPLY-TO-SUBST S1 Z)
(CONS X Z))),
which further simplifies, applying ALISTP-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(NOT (TERMP F (RANGE (CDR S2))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)).
This simplifies, expanding the definition of APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(NOT (TERMP F (RANGE (CDR S2))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 (CDR S2))
S2)).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS X Z) to eliminate
(CAR S2) and (CDR S2). This produces:
(IMPLIES (AND (NOT (LISTP X))
(NOT (TERMP F (RANGE Z)))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP (CONS X Z))
(TERMP F (RANGE (CONS X Z)))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE (CONS X Z)))))
(EQUAL (APPLY-TO-SUBST S1 Z)
(CONS X Z))),
which further simplifies, appealing to the lemma ALISTP-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE (CDR S2)))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)),
which simplifies, opening up APPLY-TO-SUBST, to the formula:
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE (CDR S2)))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 (CDR S2))
S2)).
Appealing to the lemma CAR-CDR-ELIM, we now replace S2 by (CONS X Z) to
eliminate (CAR S2) and (CDR S2). The result is:
(IMPLIES (AND (NOT (LISTP X))
(NOT (DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE Z))))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP (CONS X Z))
(TERMP F (RANGE (CONS X Z)))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE (CONS X Z)))))
(EQUAL (APPLY-TO-SUBST S1 Z)
(CONS X Z))).
This further simplifies, applying ALISTP-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(EQUAL (APPLY-TO-SUBST S1 (CDR S2))
(CDR S2))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)).
This simplifies, opening up the function APPLY-TO-SUBST, to the new goal:
(IMPLIES (AND (LISTP S2)
(NOT (LISTP (CAR S2)))
(EQUAL (APPLY-TO-SUBST S1 (CDR S2))
(CDR S2))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (CDR S2) S2)).
Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS X Z) to eliminate
(CAR S2) and (CDR S2). We thus obtain the new conjecture:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (APPLY-TO-SUBST S1 Z) Z)
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP (CONS X Z))
(TERMP F (RANGE (CONS X Z)))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE (CONS X Z)))))
(EQUAL Z (CONS X Z))),
which further simplifies, applying the lemma ALISTP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S2))
(VARIABLE-LISTP (DOMAIN S1))
(ALISTP S2)
(TERMP F (RANGE S2))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE S2))))
(EQUAL (APPLY-TO-SUBST S1 S2) S2)),
which simplifies, applying ALISTP-NLISTP, DISJOINT-NLISTP, and
DISJOINT-SYMMETRY, and unfolding RANGE, TERMP, ALL-VARS, OR, NLISTP, LISTP,
APPLY-TO-SUBST, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN
(PROVE-LEMMA MEMBER-SUBST
(REWRITE)
(IMPLIES (AND FLG (MEMBER A X))
(MEMBER (SUBST FLG S A)
(SUBST F S X)))
((ENABLE MEMBER)))
Name the conjecture *1.
We will try to prove it by induction. Three inductions are suggested by
terms in the conjecture. They merge into two likely candidate inductions.
However, only one is unflawed. We will induct according to the following
scheme:
(AND (IMPLIES (AND (LISTP X)
(p FLG S A (CAR X))
(p FLG S A (CDR X)))
(p FLG S A X))
(IMPLIES (NOT (LISTP X))
(p FLG S A X))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the
measure (COUNT X) decreases according to the well-founded relation LESSP in
each induction step of the scheme. The above induction scheme generates five
new conjectures:
Case 5. (IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CAR X)))
(NOT (MEMBER A (CDR X)))
FLG
(MEMBER A X))
(MEMBER (SUBST FLG S A)
(SUBST F S X))),
which simplifies, rewriting with the lemmas SUBST-FLG-NOT-LIST and
MEMBER-CONS, and unfolding the functions MEMBER and SUBST, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(MEMBER (SUBST FLG S A)
(SUBST F S (CAR X)))
(NOT (MEMBER A (CDR X)))
FLG
(MEMBER A X))
(MEMBER (SUBST FLG S A)
(SUBST F S X))),
which simplifies, applying SUBST-FLG-NOT-LIST and MEMBER-CONS, and opening
up the definitions of MEMBER and SUBST, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (MEMBER A (CAR X)))
(MEMBER (SUBST FLG S A)
(SUBST F S (CDR X)))
FLG
(MEMBER A X))
(MEMBER (SUBST FLG S A)
(SUBST F S X))).
This simplifies, applying the lemmas SUBSETP-CONS-2, SUBSETP-REFLEXIVITY,
and MEMBER-SUBSETP, and unfolding MEMBER and SUBST, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(MEMBER (SUBST FLG S A)
(SUBST F S (CAR X)))
(MEMBER (SUBST FLG S A)
(SUBST F S (CDR X)))
FLG
(MEMBER A X))
(MEMBER (SUBST FLG S A)
(SUBST F S X))).
This simplifies, applying SUBSETP-CONS-2, SUBSETP-REFLEXIVITY, and
MEMBER-SUBSETP, and unfolding the definitions of MEMBER and SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) FLG (MEMBER A X))
(MEMBER (SUBST FLG S A)
(SUBST F S X))),
which simplifies, applying MEMBER-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
MEMBER-SUBST
(PROVE-LEMMA SUBSETP-SUBST
(REWRITE)
(IMPLIES (SUBSETP X Y)
(SUBSETP (SUBST F S X) (SUBST F S Y)))
((ENABLE SUBSETP)))
Call the conjecture *1.
We will appeal to induction. There are three plausible inductions. They
merge into two likely candidate inductions. However, only one is unflawed.
We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP X)
(p S (CAR X) Y)
(p S (CDR X) Y))
(p S X Y))
(IMPLIES (NOT (LISTP X)) (p S X Y))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to
establish that the measure (COUNT X) decreases according to the well-founded
relation LESSP in each induction step of the scheme. The above induction
scheme generates five new formulas:
Case 5. (IMPLIES (AND (LISTP X)
(NOT (SUBSETP (CAR X) Y))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (SUBST F S X)
(SUBST F S Y))),
which simplifies, expanding the definition of SUBSETP, to:
T.
Case 4. (IMPLIES (AND (LISTP X)
(SUBSETP (SUBST F S (CAR X))
(SUBST F S Y))
(NOT (SUBSETP (CDR X) Y))
(SUBSETP X Y))
(SUBSETP (SUBST F S X)
(SUBST F S Y))),
which simplifies, opening up the definition of SUBSETP, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (SUBSETP (CAR X) Y))
(SUBSETP (SUBST F S (CDR X))
(SUBST F S Y))
(SUBSETP X Y))
(SUBSETP (SUBST F S X)
(SUBST F S Y))),
which simplifies, applying the lemmas MEMBER-SUBST, SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, and SUBSETP-CONS-1, and expanding the definitions of
SUBSETP and SUBST, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(SUBSETP (SUBST F S (CAR X))
(SUBST F S Y))
(SUBSETP (SUBST F S (CDR X))
(SUBST F S Y))
(SUBSETP X Y))
(SUBSETP (SUBST F S X)
(SUBST F S Y))),
which simplifies, applying MEMBER-SUBST, SUBSETP-REFLEXIVITY,
SUBSETP-IS-TRANSITIVE, and SUBSETP-CONS-1, and expanding the functions
SUBSETP and SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X)) (SUBSETP X Y))
(SUBSETP (SUBST F S X)
(SUBST F S Y))).
This simplifies, appealing to the lemmas SUBSETP-NLISTP and
SUBST-LIST-NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
SUBSETP-SUBST
(DISABLE APPLY-TO-SUBST)
[ 0.0 0.0 0.0 ]
APPLY-TO-SUBST-OFF
(DISABLE SUBST)
[ 0.0 0.0 0.0 ]
SUBST-OFF
(DISABLE REMBIND)
[ 0.0 0.0 0.0 ]
REMBIND-OFF
(DISABLE BIND)
[ 0.0 0.0 0.0 ]
BIND-OFF
(DEFN NULLIFY-SUBST
(S)
(IF (LISTP S)
(IF (LISTP (CAR S))
(CONS (CONS (CAAR S) (LIST (FN)))
(NULLIFY-SUBST (CDR S)))
(NULLIFY-SUBST (CDR S)))
NIL))
Linear arithmetic and the lemma CDR-LESSP can be used to show that the
measure (COUNT S) decreases according to the well-founded relation LESSP in
each recursive call. Hence, NULLIFY-SUBST is accepted under the definitional
principle. From the definition we can conclude that:
(OR (LITATOM (NULLIFY-SUBST S))
(LISTP (NULLIFY-SUBST S)))
is a theorem.
[ 0.0 0.0 0.0 ]
NULLIFY-SUBST
(PROVE-LEMMA PROPERP-NULLIFY-SUBST
(REWRITE)
(PROPERP (NULLIFY-SUBST S)))
Call the conjecture *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p (CDR S)))
(p S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p (CDR S)))
(p S))
(IMPLIES (NOT (LISTP S)) (p S))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to three new goals:
Case 3. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(PROPERP (NULLIFY-SUBST (CDR S))))
(PROPERP (NULLIFY-SUBST S))),
which simplifies, applying PROPERP-CONS, and expanding the function
NULLIFY-SUBST, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(PROPERP (NULLIFY-SUBST (CDR S))))
(PROPERP (NULLIFY-SUBST S))).
This simplifies, expanding NULLIFY-SUBST, to:
T.
Case 1. (IMPLIES (NOT (LISTP S))
(PROPERP (NULLIFY-SUBST S))).
This simplifies, expanding the definitions of NULLIFY-SUBST and PROPERP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
PROPERP-NULLIFY-SUBST
(PROVE-LEMMA ALL-VARS-F-RANGE-NULLIFY-SUBST
(REWRITE)
(EQUAL (ALL-VARS F (RANGE (NULLIFY-SUBST S)))
NIL))
Give the conjecture the name *1.
We will try to prove it by induction. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p (CDR S)))
(p S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p (CDR S)))
(p S))
(IMPLIES (NOT (LISTP S)) (p S))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates three new goals:
Case 3. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (ALL-VARS F
(RANGE (NULLIFY-SUBST (CDR S))))
NIL))
(EQUAL (ALL-VARS F (RANGE (NULLIFY-SUBST S)))
NIL)),
which simplifies, applying CDR-CONS, RANGE-CONS, ALL-VARS-T-CONS, and
ALL-VARS-LIST-CONS, and unfolding the functions NULLIFY-SUBST, ALL-VARS,
APPEND, and EQUAL, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (ALL-VARS F
(RANGE (NULLIFY-SUBST (CDR S))))
NIL))
(EQUAL (ALL-VARS F (RANGE (NULLIFY-SUBST S)))
NIL)).
This simplifies, opening up NULLIFY-SUBST and EQUAL, to:
T.
Case 1. (IMPLIES (NOT (LISTP S))
(EQUAL (ALL-VARS F (RANGE (NULLIFY-SUBST S)))
NIL)).
This simplifies, expanding NULLIFY-SUBST, RANGE, ALL-VARS, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
ALL-VARS-F-RANGE-NULLIFY-SUBST
(PROVE-LEMMA TERMP-RANGE-NULLIFY-SUBST
(REWRITE)
(TERMP F (RANGE (NULLIFY-SUBST S))))
Give the conjecture the name *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p (CDR S)))
(p S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p (CDR S)))
(p S))
(IMPLIES (NOT (LISTP S)) (p S))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
conjectures:
Case 3. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(TERMP F
(RANGE (NULLIFY-SUBST (CDR S)))))
(TERMP F (RANGE (NULLIFY-SUBST S)))).
This simplifies, applying CDR-CONS, RANGE-CONS, FUNCTION-SYMBOL-INTRO,
TERMP-T-CONS, and TERMP-LIST-CONS, and opening up the functions
NULLIFY-SUBST and TERMP, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(TERMP F
(RANGE (NULLIFY-SUBST (CDR S)))))
(TERMP F (RANGE (NULLIFY-SUBST S)))),
which simplifies, unfolding the function NULLIFY-SUBST, to:
T.
Case 1. (IMPLIES (NOT (LISTP S))
(TERMP F (RANGE (NULLIFY-SUBST S)))),
which simplifies, expanding NULLIFY-SUBST, RANGE, and TERMP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
TERMP-RANGE-NULLIFY-SUBST
(PROVE-LEMMA DOMAIN-NULLIFY-SUBST
(REWRITE)
(EQUAL (DOMAIN (NULLIFY-SUBST S))
(DOMAIN S)))
Give the conjecture the name *1.
We will appeal to induction. There is only one plausible induction. We
will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p (CDR S)))
(p S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p (CDR S)))
(p S))
(IMPLIES (NOT (LISTP S)) (p S))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme produces the following three new
conjectures:
Case 3. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (DOMAIN (NULLIFY-SUBST (CDR S)))
(DOMAIN (CDR S))))
(EQUAL (DOMAIN (NULLIFY-SUBST S))
(DOMAIN S))).
This simplifies, applying CAR-CONS and DOMAIN-CONS, and opening up the
function NULLIFY-SUBST, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(EQUAL (DOMAIN (NULLIFY-SUBST (CDR S)))
(DOMAIN (CDR S))))
(EQUAL (CONS (CAAR S) (DOMAIN (CDR S)))
(DOMAIN S))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). This generates:
(IMPLIES (EQUAL (DOMAIN (NULLIFY-SUBST Z))
(DOMAIN Z))
(EQUAL (CONS V (DOMAIN Z))
(DOMAIN (CONS (CONS V W) Z)))).
This further simplifies, applying CAR-CONS and DOMAIN-CONS, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (DOMAIN (NULLIFY-SUBST (CDR S)))
(DOMAIN (CDR S))))
(EQUAL (DOMAIN (NULLIFY-SUBST S))
(DOMAIN S))).
This simplifies, opening up NULLIFY-SUBST, to the new conjecture:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(EQUAL (DOMAIN (NULLIFY-SUBST (CDR S)))
(DOMAIN (CDR S))))
(EQUAL (DOMAIN (CDR S)) (DOMAIN S))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). This produces the new goal:
(IMPLIES (AND (NOT (LISTP X))
(EQUAL (DOMAIN (NULLIFY-SUBST Z))
(DOMAIN Z)))
(EQUAL (DOMAIN Z)
(DOMAIN (CONS X Z)))),
which further simplifies, applying the lemma DOMAIN-CONS, to:
T.
Case 1. (IMPLIES (NOT (LISTP S))
(EQUAL (DOMAIN (NULLIFY-SUBST S))
(DOMAIN S))),
which simplifies, rewriting with DOMAIN-NLISTP, and opening up the
definitions of NULLIFY-SUBST, DOMAIN, and EQUAL, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
DOMAIN-NULLIFY-SUBST
(PROVE-LEMMA MAPPING-NULLIFY-SUBST
(REWRITE)
(IMPLIES (ALISTP S)
(EQUAL (MAPPING (NULLIFY-SUBST S))
(MAPPING S)))
((ENABLE MAPPING)))
This formula simplifies, applying DOMAIN-NULLIFY-SUBST, and opening up the
function MAPPING, to:
(IMPLIES (AND (ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(EQUAL F (SETP (DOMAIN S)))),
which again simplifies, trivially, to the new formula:
(IMPLIES (AND (ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(NOT (SETP (DOMAIN S)))),
which we will name *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p (CDR S)))
(p S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p (CDR S)))
(p S))
(IMPLIES (NOT (LISTP S)) (p S))).
Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to the following seven new
goals:
Case 7. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(NOT (SETP (DOMAIN S)))).
This simplifies, applying ALISTP-CONS, and opening up NULLIFY-SUBST, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST (CDR S)))))
(NOT (SETP (DOMAIN S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). This generates the goal:
(IMPLIES (AND (LISTP X)
(NOT (ALISTP Z))
(ALISTP (CONS X Z))
(NOT (ALISTP (NULLIFY-SUBST Z))))
(NOT (SETP (DOMAIN (CONS X Z))))).
This further simplifies, applying the lemma ALISTP-CONS, to:
T.
Case 6. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(ALISTP (NULLIFY-SUBST (CDR S)))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(NOT (SETP (DOMAIN S)))),
which simplifies, applying ALISTP-CONS, and unfolding NULLIFY-SUBST, to:
T.
Case 5. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(NOT (SETP (DOMAIN S)))).
This simplifies, applying ALISTP-CONS, and opening up the function
NULLIFY-SUBST, to:
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST (CDR S)))))
(NOT (SETP (DOMAIN S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove the goal:
(IMPLIES (AND (LISTP X)
(NOT (SETP (DOMAIN Z)))
(ALISTP (CONS X Z))
(NOT (ALISTP (NULLIFY-SUBST Z))))
(NOT (SETP (DOMAIN (CONS X Z))))).
But this further simplifies, applying the lemmas ALISTP-CONS, DOMAIN-CONS,
and SETP-CONS, to:
T.
Case 4. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(NOT (SETP (DOMAIN S)))),
which simplifies, expanding the function NULLIFY-SUBST, to:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (ALISTP (CDR S)))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST (CDR S)))))
(NOT (SETP (DOMAIN S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove:
(IMPLIES (AND (NOT (LISTP X))
(NOT (ALISTP Z))
(ALISTP (CONS X Z))
(NOT (ALISTP (NULLIFY-SUBST Z))))
(NOT (SETP (DOMAIN (CONS X Z))))).
This further simplifies, rewriting with the lemma ALISTP-CONS, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(ALISTP (NULLIFY-SUBST (CDR S)))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(NOT (SETP (DOMAIN S)))),
which simplifies, unfolding NULLIFY-SUBST, to:
T.
Case 2. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(NOT (SETP (DOMAIN S)))),
which simplifies, expanding the definition of NULLIFY-SUBST, to:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (SETP (DOMAIN (CDR S))))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST (CDR S)))))
(NOT (SETP (DOMAIN S)))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). This generates the goal:
(IMPLIES (AND (NOT (LISTP X))
(NOT (SETP (DOMAIN Z)))
(ALISTP (CONS X Z))
(NOT (ALISTP (NULLIFY-SUBST Z))))
(NOT (SETP (DOMAIN (CONS X Z))))).
This further simplifies, applying ALISTP-CONS, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(ALISTP S)
(NOT (ALISTP (NULLIFY-SUBST S))))
(NOT (SETP (DOMAIN S)))).
This simplifies, rewriting with the lemma ALISTP-NLISTP, and unfolding
NULLIFY-SUBST and ALISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
MAPPING-NULLIFY-SUBST
(PROVE-LEMMA DISJOINT-ALL-VARS-SUBST-NULLIFY-SUBST
(REWRITE)
(IMPLIES (TERMP FLG TERM)
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG (NULLIFY-SUBST SG) TERM))))
((ENABLE SUBST)
(DISABLE NULLIFY-SUBST)))
Give the conjecture the name *1.
Let us appeal to the induction principle. There is only one suggested
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND FLG
(MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG))))
(p SG FLG TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG))))
(VARIABLEP TERM))
(p SG FLG TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(p SG F (CDR TERM)))
(p SG FLG TERM))
(IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG))))
(NOT (VARIABLEP TERM))
(NOT (LISTP TERM)))
(p SG FLG TERM))
(IMPLIES (AND (NOT FLG)
(LISTP TERM)
(p SG F (CDR TERM))
(p SG T (CAR TERM)))
(p SG FLG TERM))
(IMPLIES (AND (NOT FLG) (NOT (LISTP TERM)))
(p SG FLG TERM))).
Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to show
that the measure (COUNT TERM) decreases according to the well-founded relation
LESSP in each induction step of the scheme. Note, however, the inductive
instances chosen for FLG. The above induction scheme generates the following
ten new conjectures:
Case 10.(IMPLIES (AND FLG
(MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG)))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))).
This simplifies, appealing to the lemmas DOMAIN-NULLIFY-SUBST,
MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, SUBSETP-DOMAIN, SUBST-OCCUR,
DISJOINT-SYMMETRY, DISJOINT-NLISTP, ALL-VARS-F-RANGE-NULLIFY-SUBST, and
DISJOINT-RANGE-IMPLIES-DISJOINT-VALUE, and expanding the functions NLISTP
and OR, to:
T.
Case 9. (IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG))))
(VARIABLEP TERM)
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))).
This simplifies, applying DOMAIN-NULLIFY-SUBST, SUBST-T-VARIABLEP,
ALL-VARS-VARIABLEP, and DISJOINT-DOMAIN-SINGLETON, to:
T.
Case 8. (IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))),
which simplifies, rewriting with DOMAIN-NULLIFY-SUBST, VARIABLEP-INTRO, and
ALL-VARS-T-CONS, and opening up the definition of SUBST, to the new
conjecture:
(IMPLIES (AND FLG
(NOT (MEMBER TERM (DOMAIN SG)))
(LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F
(NULLIFY-SUBST SG)
(CDR TERM))))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z X) to eliminate
(CDR TERM) and (CAR TERM). We thus obtain:
(IMPLIES (AND FLG
(NOT (MEMBER (CONS Z X) (DOMAIN SG)))
(NOT (TERMP F X))
(TERMP FLG (CONS Z X)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F (NULLIFY-SUBST SG) X)))),
which further simplifies, rewriting with TERMP-T-CONS, to:
T.
Case 7. (IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG))))
(NOT (VARIABLEP TERM))
(LISTP TERM)
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F
(NULLIFY-SUBST SG)
(CDR TERM))))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))).
This simplifies, rewriting with the lemmas DOMAIN-NULLIFY-SUBST,
VARIABLEP-INTRO, and ALL-VARS-T-CONS, and opening up the definition of SUBST,
to:
T.
Case 6. (IMPLIES (AND FLG
(NOT (MEMBER TERM
(DOMAIN (NULLIFY-SUBST SG))))
(NOT (VARIABLEP TERM))
(NOT (LISTP TERM))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))).
This simplifies, rewriting with DOMAIN-NULLIFY-SUBST and TERMP-T-NLISTP, to:
T.
Case 5. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(NOT (TERMP T (CAR TERM)))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))),
which simplifies, applying ALL-VARS-LIST-CONS and DISJOINT-APPEND-RIGHT, and
expanding the definition of SUBST, to the following two new conjectures:
Case 5.2.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(NOT (TERMP T (CAR TERM)))
(TERMP F TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T
(NULLIFY-SUBST SG)
(CAR TERM))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z X) to
eliminate (CDR TERM) and (CAR TERM). This generates the goal:
(IMPLIES (AND (NOT (TERMP F X))
(NOT (TERMP T Z))
(TERMP F (CONS Z X)))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T (NULLIFY-SUBST SG) Z)))).
This further simplifies, appealing to the lemma TERMP-LIST-CONS, to:
T.
Case 5.1.
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(NOT (TERMP T (CAR TERM)))
(TERMP F TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F
(NULLIFY-SUBST SG)
(CDR TERM))))).
Applying the lemma CAR-CDR-ELIM, replace TERM by (CONS Z X) to eliminate
(CDR TERM) and (CAR TERM). We thus obtain the new conjecture:
(IMPLIES (AND (NOT (TERMP F X))
(NOT (TERMP T Z))
(TERMP F (CONS Z X)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F (NULLIFY-SUBST SG) X)))),
which further simplifies, rewriting with TERMP-LIST-CONS, to:
T.
Case 4. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F
(NULLIFY-SUBST SG)
(CDR TERM))))
(NOT (TERMP T (CAR TERM)))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))).
This simplifies, applying ALL-VARS-LIST-CONS and DISJOINT-APPEND-RIGHT, and
unfolding the function SUBST, to:
(IMPLIES (AND (LISTP TERM)
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F
(NULLIFY-SUBST SG)
(CDR TERM))))
(NOT (TERMP T (CAR TERM)))
(TERMP F TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T
(NULLIFY-SUBST SG)
(CAR TERM))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z X) to
eliminate (CDR TERM) and (CAR TERM). The result is the formula:
(IMPLIES (AND (DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F (NULLIFY-SUBST SG) X)))
(NOT (TERMP T Z))
(TERMP F (CONS Z X)))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T (NULLIFY-SUBST SG) Z)))).
This further simplifies, applying TERMP-LIST-CONS, to:
T.
Case 3. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T
(NULLIFY-SUBST SG)
(CAR TERM))))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))).
This simplifies, rewriting with ALL-VARS-LIST-CONS and DISJOINT-APPEND-RIGHT,
and opening up the function SUBST, to:
(IMPLIES (AND (LISTP TERM)
(NOT (TERMP F (CDR TERM)))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T
(NULLIFY-SUBST SG)
(CAR TERM))))
(TERMP F TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F
(NULLIFY-SUBST SG)
(CDR TERM))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace TERM by (CONS Z X) to
eliminate (CDR TERM) and (CAR TERM). We must thus prove the conjecture:
(IMPLIES (AND (NOT (TERMP F X))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T (NULLIFY-SUBST SG) Z)))
(TERMP F (CONS Z X)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F (NULLIFY-SUBST SG) X)))).
However this further simplifies, applying TERMP-LIST-CONS, to:
T.
Case 2. (IMPLIES (AND (NOT FLG)
(LISTP TERM)
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(SUBST F
(NULLIFY-SUBST SG)
(CDR TERM))))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T
(NULLIFY-SUBST SG)
(CAR TERM))))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))).
This simplifies, rewriting with the lemmas ALL-VARS-LIST-CONS and
DISJOINT-APPEND-RIGHT, and expanding the function SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT FLG)
(NOT (LISTP TERM))
(TERMP FLG TERM))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG
(SUBST FLG
(NULLIFY-SUBST SG)
TERM)))).
This simplifies, applying TERMP-LIST-NLISTP, SUBST-LIST-NLISTP,
DISJOINT-NLISTP, and DISJOINT-SYMMETRY, and expanding the functions ALL-VARS,
OR, and NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.1 0.0 ]
DISJOINT-ALL-VARS-SUBST-NULLIFY-SUBST
(PROVE-LEMMA DISJOINT-ALL-VARS-RANGE-APPLY-SUBST-NULLIFY-SUBST
(REWRITE)
(IMPLIES (TERMP F (RANGE S))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
S)))))
((ENABLE APPLY-TO-SUBST)
(DISABLE NULLIFY-SUBST)))
Name the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(p SG (CDR S)))
(p SG S))
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(p SG (CDR S)))
(p SG S))
(IMPLIES (NOT (LISTP S)) (p SG S))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT S)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme leads to the following five new
formulas:
Case 5. (IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
S))))).
This simplifies, applying the lemmas CDR-CONS, RANGE-CONS,
ALL-VARS-LIST-CONS, and DISJOINT-APPEND-RIGHT, and expanding the function
APPLY-TO-SUBST, to the following two new formulas:
Case 5.2.
(IMPLIES (AND (LISTP S)
(LISTP (CAR S))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T
(NULLIFY-SUBST SG)
(CDAR S))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS W V) to eliminate (CDR X) and
(CAR X). We must thus prove:
(IMPLIES (AND (NOT (TERMP F (RANGE Z)))
(TERMP F (RANGE (CONS (CONS W V) Z))))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T (NULLIFY-SUBST SG) V)))).
But this further simplifies, applying the lemmas CDR-CONS, RANGE-CONS, and
TERMP-LIST-CONS, to:
T.
Case 5.1.
(IMPLIES
(AND (LISTP S)
(LISTP (CAR S))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
(CDR S)))))).
Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate
(CAR S) and (CDR S). We thus obtain the new goal:
(IMPLIES
(AND (LISTP X)
(NOT (TERMP F (RANGE Z)))
(TERMP F (RANGE (CONS X Z))))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
Z))))),
which further simplifies, applying RANGE-CONS and TERMP-LIST-CONS, to:
T.
Case 4. (IMPLIES
(AND (LISTP S)
(LISTP (CAR S))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
(CDR S)))))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
S))))).
This simplifies, rewriting with CDR-CONS, RANGE-CONS, ALL-VARS-LIST-CONS,
and DISJOINT-APPEND-RIGHT, and unfolding APPLY-TO-SUBST, to:
(IMPLIES
(AND (LISTP S)
(LISTP (CAR S))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
(CDR S)))))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T
(NULLIFY-SUBST SG)
(CDAR S))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S) and X by (CONS W V) to eliminate (CDR X) and
(CAR X). We must thus prove:
(IMPLIES
(AND (DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
Z))))
(TERMP F (RANGE (CONS (CONS W V) Z))))
(DISJOINT (DOMAIN SG)
(ALL-VARS T
(SUBST T (NULLIFY-SUBST SG) V)))).
This further simplifies, rewriting with the lemmas CDR-CONS, RANGE-CONS,
TERMP-LIST-CONS, and DISJOINT-ALL-VARS-SUBST-NULLIFY-SUBST, to:
T.
Case 3. (IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
S))))),
which simplifies, opening up the function APPLY-TO-SUBST, to:
(IMPLIES (AND (LISTP S)
(NOT (LISTP (CAR S)))
(NOT (TERMP F (RANGE (CDR S))))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
(CDR S)))))).
Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to
eliminate (CAR S) and (CDR S). We must thus prove:
(IMPLIES (AND (NOT (LISTP X))
(NOT (TERMP F (RANGE Z)))
(TERMP F (RANGE (CONS X Z))))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
Z))))).
However this further simplifies, applying RANGE-CONS, to:
T.
Case 2. (IMPLIES
(AND (LISTP S)
(NOT (LISTP (CAR S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
(CDR S)))))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
S))))).
This simplifies, expanding the definition of APPLY-TO-SUBST, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP S))
(TERMP F (RANGE S)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F
(RANGE (APPLY-TO-SUBST (NULLIFY-SUBST SG)
S))))).
This simplifies, rewriting with RANGE-NLISTP, DISJOINT-NLISTP, and
DISJOINT-SYMMETRY, and unfolding the functions TERMP, APPLY-TO-SUBST, RANGE,
ALL-VARS, OR, and NLISTP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.3 ]
DISJOINT-ALL-VARS-RANGE-APPLY-SUBST-NULLIFY-SUBST
(DISABLE NULLIFY-SUBST)
[ 0.0 0.0 0.0 ]
NULLIFY-SUBST-OFF
(DEFTHEORY SUBSTITUTION-DEFNS
(VAR-SUBSTP COMPOSE APPLY-TO-SUBST SUBST NULLIFY-SUBST))
[ 0.0 0.0 0.0 ]
SUBSTITUTION-DEFNS
(CONSTRAIN THEOREM-INTRO
(REWRITE)
(AND (IMPLIES (AND (THEOREM X) FLG)
(TERMP FLG X))
(IMPLIES (AND (THEOREM X) FLG (VAR-SUBSTP S))
(THEOREM (SUBST FLG S X))))
((THEOREM (LAMBDA (X) F))))
WARNING: Note that the proposed lemma THEOREM-INTRO is to be stored as zero
type prescription rules, zero compound recognizer rules, zero linear rules,
and two replacement rules.
We will verify the consistency and the conservative nature of this constraint
by attempting to prove:
(AND (IMPLIES (AND F FLG) (TERMP FLG X))
(IMPLIES (AND F FLG (VAR-SUBSTP S))
F)).
This formula can be simplified, using the abbreviations VAR-SUBSTP, IMPLIES,
and AND, to the following two new conjectures:
Case 2. T.
This simplifies, clearly, to:
T.
Case 1. T.
This simplifies, trivially, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
THEOREM-INTRO
(DEFN THEOREM-LIST
(X)
(IF (LISTP X)
(AND (THEOREM (CAR X))
(THEOREM-LIST (CDR X)))
(EQUAL X NIL)))
Linear arithmetic and the lemma CDR-LESSP inform us that the measure
(COUNT X) decreases according to the well-founded relation LESSP in each
recursive call. Hence, THEOREM-LIST is accepted under the principle of
definition. Note that (OR (FALSEP (THEOREM-LIST X)) (TRUEP (THEOREM-LIST X)))
is a theorem.
[ 0.0 0.0 0.0 ]
THEOREM-LIST
(PROVE-LEMMA THEOREM-LIST-PROPERTIES
(REWRITE)
(AND (IMPLIES (THEOREM-LIST X) (TERMP F X))
(IMPLIES (AND (THEOREM-LIST X) (VAR-SUBSTP S))
(THEOREM-LIST (SUBST F S X)))))
WARNING: Note that the proposed lemma THEOREM-LIST-PROPERTIES is to be stored
as zero type prescription rules, zero compound recognizer rules, zero linear
rules, and two replacement rules.
This formula can be simplified, using the abbreviations VAR-SUBSTP, IMPLIES,
and AND, to the following two new goals:
Case 2. (IMPLIES (THEOREM-LIST X)
(TERMP F X)).
Name the above subgoal *1.
Case 1. (IMPLIES (AND (THEOREM-LIST X)
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(THEOREM-LIST (SUBST F S X))),
which we would usually push and work on later by induction. But if we must
use induction to prove the input conjecture, we prefer to induct on the
original formulation of the problem. Thus we will disregard all that we
have previously done, give the name *1 to the original input, and work on it.
So now let us consider:
(AND (IMPLIES (THEOREM-LIST X) (TERMP F X))
(IMPLIES (AND (THEOREM-LIST X) (VAR-SUBSTP S))
(THEOREM-LIST (SUBST F S X)))).
We gave this the name *1 above. Perhaps we can prove it by induction. The
recursive terms in the conjecture suggest two inductions. However, they merge
into one likely candidate induction. We will induct according to the
following scheme:
(AND (IMPLIES (AND (LISTP X) (p S (CDR X)))
(p S X))
(IMPLIES (NOT (LISTP X)) (p S X))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT X)
decreases according to the well-founded relation LESSP in each induction step
of the scheme. The above induction scheme generates the following seven new
formulas:
Case 7. (IMPLIES (AND (LISTP X)
(TERMP F (CDR X))
(NOT (VAR-SUBSTP S))
(THEOREM-LIST X))
(TERMP F X)).
This simplifies, unfolding the functions VAR-SUBSTP and THEOREM-LIST, to the
following three new formulas:
Case 7.3.
(IMPLIES (AND (LISTP X)
(TERMP F (CDR X))
(NOT (MAPPING S))
(THEOREM (CAR X))
(THEOREM-LIST (CDR X)))
(TERMP F X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove the formula:
(IMPLIES (AND (TERMP F Z)
(NOT (MAPPING S))
(THEOREM V)
(THEOREM-LIST Z))
(TERMP F (CONS V Z))).
However this further simplifies, applying THEOREM-INTRO and
TERMP-LIST-CONS, to:
T.
Case 7.2.
(IMPLIES (AND (LISTP X)
(TERMP F (CDR X))
(NOT (VARIABLE-LISTP (DOMAIN S)))
(THEOREM (CAR X))
(THEOREM-LIST (CDR X)))
(TERMP F X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (TERMP F Z)
(NOT (VARIABLE-LISTP (DOMAIN S)))
(THEOREM V)
(THEOREM-LIST Z))
(TERMP F (CONS V Z))).
This further simplifies, applying THEOREM-INTRO and TERMP-LIST-CONS, to:
T.
Case 7.1.
(IMPLIES (AND (LISTP X)
(TERMP F (CDR X))
(NOT (TERMP F (RANGE S)))
(THEOREM (CAR X))
(THEOREM-LIST (CDR X)))
(TERMP F X)).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). We must thus prove:
(IMPLIES (AND (TERMP F Z)
(NOT (TERMP F (RANGE S)))
(THEOREM V)
(THEOREM-LIST Z))
(TERMP F (CONS V Z))).
This further simplifies, applying THEOREM-INTRO and TERMP-LIST-CONS, to:
T.
Case 6. (IMPLIES (AND (LISTP X)
(NOT (THEOREM-LIST (CDR X)))
(THEOREM-LIST X))
(TERMP F X)).
This simplifies, opening up the function THEOREM-LIST, to:
T.
Case 5. (IMPLIES (AND (LISTP X)
(TERMP F (CDR X))
(THEOREM-LIST (SUBST F S (CDR X)))
(THEOREM-LIST X))
(TERMP F X)).
This simplifies, unfolding the definition of THEOREM-LIST, to the new
formula:
(IMPLIES (AND (LISTP X)
(TERMP F (CDR X))
(THEOREM-LIST (SUBST F S (CDR X)))
(THEOREM (CAR X))
(THEOREM-LIST (CDR X)))
(TERMP F X)).
Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate
(CDR X) and (CAR X). We thus obtain the new formula:
(IMPLIES (AND (TERMP F Z)
(THEOREM-LIST (SUBST F S Z))
(THEOREM V)
(THEOREM-LIST Z))
(TERMP F (CONS V Z))),
which further simplifies, appealing to the lemmas THEOREM-INTRO and
TERMP-LIST-CONS, to:
T.
Case 4. (IMPLIES (AND (NOT (LISTP X)) (THEOREM-LIST X))
(TERMP F X)),
which simplifies, opening up the definitions of THEOREM-LIST and TERMP, to:
T.
Case 3. (IMPLIES (AND (LISTP X)
(NOT (THEOREM-LIST (CDR X)))
(THEOREM-LIST X)
(VAR-SUBSTP S))
(THEOREM-LIST (SUBST F S X))),
which simplifies, opening up the definition of THEOREM-LIST, to:
T.
Case 2. (IMPLIES (AND (LISTP X)
(TERMP F (CDR X))
(THEOREM-LIST (SUBST F S (CDR X)))
(THEOREM-LIST X)
(VAR-SUBSTP S))
(THEOREM-LIST (SUBST F S X))),
which simplifies, expanding the definitions of THEOREM-LIST and VAR-SUBSTP,
to:
(IMPLIES (AND (LISTP X)
(TERMP F (CDR X))
(THEOREM-LIST (SUBST F S (CDR X)))
(THEOREM (CAR X))
(THEOREM-LIST (CDR X))
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(THEOREM-LIST (SUBST F S X))).
Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to
eliminate (CDR X) and (CAR X). This generates the formula:
(IMPLIES (AND (TERMP F Z)
(THEOREM-LIST (SUBST F S Z))
(THEOREM V)
(THEOREM-LIST Z)
(MAPPING S)
(VARIABLE-LISTP (DOMAIN S))
(TERMP F (RANGE S)))
(THEOREM-LIST (SUBST F S (CONS V Z)))).
However this further simplifies, appealing to the lemmas SUBST-LIST-CONS,
CDR-CONS, THEOREM-INTRO, and CAR-CONS, and unfolding the definitions of
VAR-SUBSTP and THEOREM-LIST, to:
T.
Case 1. (IMPLIES (AND (NOT (LISTP X))
(THEOREM-LIST X)
(VAR-SUBSTP S))
(THEOREM-LIST (SUBST F S X))),
which simplifies, rewriting with DISJOINT-SYMMETRY, DISJOINT-NLISTP, and
SUBST-NOT-OCCUR, and opening up the definitions of THEOREM-LIST, VAR-SUBSTP,
NLISTP, OR, ALL-VARS, and TERMP, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
THEOREM-LIST-PROPERTIES
(DEFN STATEP
(STATE)
(AND (LISTP STATE)
(TERMP F (CAR STATE))
(VARIABLE-LISTP (CDR STATE))))
Note that (OR (FALSEP (STATEP STATE)) (TRUEP (STATEP STATE))) is a
theorem.
[ 0.0 0.0 0.0 ]
STATEP
(DCL WITNESSING-INSTANTIATION (STATE))
[ 0.0 0.0 0.0 ]
WITNESSING-INSTANTIATION
(DCL VALID-STATE (STATE))
[ 0.0 0.0 0.0 ]
VALID-STATE
(ADD-AXIOM VALID-STATE-INTRO
(REWRITE)
(AND (IMPLIES (AND (STATEP STATE)
(VAR-SUBSTP WITNESSING-INSTANTIATION)
(SUBSETP (DOMAIN WITNESSING-INSTANTIATION)
(CDR STATE))
(THEOREM-LIST (SUBST F WITNESSING-INSTANTIATION
(CAR STATE))))
(VALID-STATE STATE))
(IMPLIES (NOT (AND (STATEP STATE)
(VAR-SUBSTP (WITNESSING-INSTANTIATION STATE))
(SUBSETP (DOMAIN (WITNESSING-INSTANTIATION STATE))
(CDR STATE))
(THEOREM-LIST (SUBST F
(WITNESSING-INSTANTIATION STATE)
(CAR STATE)))))
(NOT (VALID-STATE STATE)))))
WARNING: Note that VALID-STATE-INTRO contains the free variable
WITNESSING-INSTANTIATION which will be chosen by instantiating the hypothesis:
(VAR-SUBSTP WITNESSING-INSTANTIATION).
WARNING: Note that the proposed lemma VALID-STATE-INTRO is to be stored as
zero type prescription rules, zero compound recognizer rules, zero linear
rules, and two replacement rules.
[ 0.0 0.0 0.0 ]
VALID-STATE-INTRO
(ADD-AXIOM VALID-STATE-TYPE
(REWRITE)
(OR (TRUEP (VALID-STATE STATE))
(FALSEP (VALID-STATE STATE))))
WARNING: Note that the proposed lemma VALID-STATE-TYPE is to be stored as one
type prescription rule, zero compound recognizer rules, zero linear rules, and
zero replacement rules.
[ 0.0 0.0 0.0 ]
VALID-STATE-TYPE
(DEFN NEW-GEN-VARS
(GOALS FREE VARS)
(IF (LISTP GOALS)
(LET ((CURRENT-FREE-VARS (INTERSECTION FREE
(ALL-VARS T (CAR GOALS)))))
(IF (DISJOINT CURRENT-FREE-VARS VARS)
(NEW-GEN-VARS (CDR GOALS) FREE VARS)
(APPEND CURRENT-FREE-VARS
(NEW-GEN-VARS (CDR GOALS)
FREE VARS))))
NIL))
Linear arithmetic and the lemma CDR-LESSP establish that the measure
(COUNT GOALS) decreases according to the well-founded relation LESSP in each
recursive call. Hence, NEW-GEN-VARS is accepted under the principle of
definition. Note that:
(OR (LITATOM (NEW-GEN-VARS GOALS FREE VARS))
(LISTP (NEW-GEN-VARS GOALS FREE VARS)))
is a theorem.
[ 0.0 0.0 0.0 ]
NEW-GEN-VARS
(DEFN CARDINALITY
(X)
(LENGTH (MAKE-SET X)))
From the definition we can conclude that (NUMBERP (CARDINALITY X)) is a
theorem.
[ 0.0 0.0 0.0 ]
CARDINALITY
(PROVE-LEMMA NEW-GEN-VARS-SUBSET
(REWRITE)
(SUBSETP (NEW-GEN-VARS GOALS FREE VARS)
FREE))
Call the conjecture *1.
Perhaps we can prove it by induction. There is only one plausible
induction. We will induct according to the following scheme:
(AND (IMPLIES (AND (LISTP GOALS)
(DISJOINT (INTERSECTION FREE
(ALL-VARS T (CAR GOALS)))
VARS)
(p (CDR GOALS) FREE VARS))
(p GOALS FREE VARS))
(IMPLIES (AND (LISTP GOALS)
(NOT (DISJOINT (INTERSECTION FREE
(ALL-VARS T (CAR GOALS)))
VARS))
(p (CDR GOALS) FREE VARS))
(p GOALS FREE VARS))
(IMPLIES (NOT (LISTP GOALS))
(p GOALS FREE VARS))).
Linear arithmetic and the lemma CDR-LESSP establish that the measure
(COUNT GOALS) decreases according to the well-founded relation LESSP in each
induction step of the scheme. The above induction scheme produces the
following three new goals:
Case 3. (IMPLIES (AND (LISTP GOALS)
(DISJOINT (INTERSECTION FREE
(ALL-VARS T (CAR GOALS)))
VARS)
(SUBSETP (NEW-GEN-VARS (CDR GOALS) FREE VARS)
FREE))
(SUBSETP (NEW-GEN-VARS GOALS FREE VARS)
FREE)).
This simplifies, applying DISJOINT-INTERSECTION-COMMUTER,
DISJOINT-INTERSECTION, SUBSETP-REFLEXIVITY, and SUBSETP-IS-TRANSITIVE, and
expanding NEW-GEN-VARS, to:
T.
Case 2. (IMPLIES (AND (LISTP GOALS)
(NOT (DISJOINT (INTERSECTION FREE
(ALL-VARS T (CAR GOALS)))
VARS))
(SUBSETP (NEW-GEN-VARS (CDR GOALS) FREE VARS)
FREE))
(SUBSETP (NEW-GEN-VARS GOALS FREE VARS)
FREE)),
which simplifies, rewriting with DISJOINT-INTERSECTION-COMMUTER,
DISJOINT-INTERSECTION, SUBSETP-REFLEXIVITY,
SUBSETP-INTERSECTION-SUFFICIENCY-2, SUBSETP-IS-TRANSITIVE, and
SUBSETP-APPEND, and unfolding the function NEW-GEN-VARS, to:
T.
Case 1. (IMPLIES (NOT (LISTP GOALS))
(SUBSETP (NEW-GEN-VARS GOALS FREE VARS)
FREE)).
This simplifies, applying the lemma SUBSETP-NLISTP, and unfolding
NEW-GEN-VARS, to:
T.
That finishes the proof of *1. Q.E.D.
[ 0.0 0.0 0.0 ]
NEW-GEN-VARS-SUBSET
(PROVE-LEMMA GEN-CLOSURE-ACCEPT
(REWRITE)
(IMPLIES
(AND (NOT (SUBSETP NEW FREE-VARS-SO-FAR))
(SUBSETP NEW FREE))
(LESSP (DIFFERENCE (DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR)))
(LENGTH (INTERSECTION (SET-DIFF (MAKE-SET FREE)
FREE-VARS-SO-FAR)
NEW)))
(DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR))))))
WARNING: Note that the proposed lemma GEN-CLOSURE-ACCEPT is to be stored as
zero type prescription rules, zero compound recognizer rules, one linear rule,
and zero replacement rules.
This conjecture simplifies, using linear arithmetic and applying LESSP-LENGTH,
MAKE-SET-PRESERVES-SUBSETP-2, SUBSETP-IS-TRANSITIVE, SUBSETP-REFLEXIVITY,
INTERSECTION-ELIMINATION, SUBSETP-FIX-PROPERP-1, DISJOINT-SET-DIFF-GENERAL,
DISJOINT-SYMMETRY, and LISTP-INTERSECTION, to the following two new
conjectures:
Case 2. (IMPLIES
(AND (LESSP (DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR)))
(LENGTH (INTERSECTION (SET-DIFF (MAKE-SET FREE)
FREE-VARS-SO-FAR)
NEW)))
(NOT (SUBSETP NEW FREE-VARS-SO-FAR))
(SUBSETP NEW FREE))
(LESSP
(DIFFERENCE (DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR)))
(LENGTH (INTERSECTION (SET-DIFF (MAKE-SET FREE)
FREE-VARS-SO-FAR)
NEW)))
(DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR))))).
However this again simplifies, using linear arithmetic and applying the
lemmas LENGTH-INTERSECTION and LENGTH-SET-DIFF-OPENER, to the conjecture:
(IMPLIES
(AND (LESSP (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR)))
(LESSP (DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR)))
(LENGTH (INTERSECTION (SET-DIFF (MAKE-SET FREE)
FREE-VARS-SO-FAR)
NEW)))
(NOT (SUBSETP NEW FREE-VARS-SO-FAR))
(SUBSETP NEW FREE))
(LESSP
(DIFFERENCE (DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR)))
(LENGTH (INTERSECTION (SET-DIFF (MAKE-SET FREE)
FREE-VARS-SO-FAR)
NEW)))
(DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR))))).
This again simplifies, using linear arithmetic and applying the lemma
LENGTH-INTERSECTION, to:
T.
Case 1. (IMPLIES
(AND (LESSP (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR)))
(NOT (SUBSETP NEW FREE-VARS-SO-FAR))
(SUBSETP NEW FREE))
(LESSP
(DIFFERENCE (DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR)))
(LENGTH (INTERSECTION (SET-DIFF (MAKE-SET FREE)
FREE-VARS-SO-FAR)
NEW)))
(DIFFERENCE (LENGTH (MAKE-SET FREE))
(LENGTH (INTERSECTION (MAKE-SET FREE)
FREE-VARS-SO-FAR))))),
which again simplifies, using linear arithmetic and rewriting with
LENGTH-INTERSECTION, to:
T.
Q.E.D.
[ 0.0 0.1 0.0 ]
GEN-CLOSURE-ACCEPT
(DEFN GEN-CLOSURE
(GOALS FREE FREE-VARS-SO-FAR)
(LET ((NEW-FREE-VARS (NEW-GEN-VARS GOALS FREE FREE-VARS-SO-FAR)))
(IF (SUBSETP NEW-FREE-VARS FREE-VARS-SO-FAR)
(INTERSECTION FREE-VARS-SO-FAR FREE)
(GEN-CLOSURE GOALS FREE
(APPEND NEW-FREE-VARS FREE-VARS-SO-FAR))))
((LESSP (CARDINALITY (SET-DIFF FREE FREE-VARS-SO-FAR)))))
Linear arithmetic, the lemmas SET-DIFF-MAKE-SET, MAKE-SET-SET-DIFF,
LENGTH-SET-DIFF-OPENER, SET-DIFF-APPEND, NEW-GEN-VARS-SUBSET,
GEN-CLOSURE-ACCEPT, and LENGTH-INTERSECTION, and the definition of CARDINALITY
establish that the measure (CARDINALITY (SET-DIFF FREE FREE-VARS-SO-FAR))
decreases according to the well-founded relation LESSP in each recursive call.
Hence, GEN-CLOSURE is accepted under the definitional principle. Note that:
(OR (LITATOM (GEN-CLOSURE GOALS FREE FREE-VARS-SO-FAR))
(LISTP (GEN-CLOSURE GOALS FREE FREE-VARS-SO-FAR)))
is a theorem.
[ 0.0 0.1 0.0 ]
GEN-CLOSURE
(DEFN GENERALIZE-OKP
(SG STATE)
(AND (VAR-SUBSTP SG)
(STATEP STATE)
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CAR STATE)))
(LISTP (CAR STATE))
(DISJOINT (DOMAIN SG) (CDR STATE))))
From the definition we can conclude that:
(OR (FALSEP (GENERALIZE-OKP SG STATE))
(TRUEP (GENERALIZE-OKP SG STATE)))
is a theorem.
[ 0.0 0.0 0.0 ]
GENERALIZE-OKP
(DEFN GENERALIZE
(SG STATE)
(LET
((G (CAAR STATE))
(P (CDAR STATE))
(FREE (CDR STATE))
(SG-VARS (ALL-VARS F (RANGE SG))))
(LET ((NEW-G (SUBST T (INVERT SG) G)))
(LET ((NEW-FREE (SET-DIFF FREE
(INTERSECTION (GEN-CLOSURE (CONS NEW-G P)
FREE
(ALL-VARS T NEW-G))
(ALL-VARS F (RANGE SG))))))
(CONS (CONS NEW-G P) NEW-FREE)))))
Observe that (LISTP (GENERALIZE SG STATE)) is a theorem.
[ 0.0 0.0 0.0 ]
GENERALIZE
(PROVE-LEMMA GENERALIZE-STATEP NIL
(IMPLIES (GENERALIZE-OKP SG STATE)
(STATEP (GENERALIZE SG STATE))))
This formula can be simplified, using the abbreviations STATEP, VAR-SUBSTP,
GENERALIZE-OKP, and IMPLIES, to the new conjecture:
(IMPLIES (AND (MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(LISTP STATE)
(TERMP F (CAR STATE))
(VARIABLE-LISTP (CDR STATE))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CAR STATE)))
(LISTP (CAR STATE))
(DISJOINT (DOMAIN SG) (CDR STATE)))
(STATEP (GENERALIZE SG STATE))),
which simplifies, rewriting with the lemmas DISJOINT-SYMMETRY,
VARIABLE-LISTP-SET-DIFF, CDR-CONS, TERMP-LIST-CONS, and CAR-CONS, and
expanding the definitions of GENERALIZE and STATEP, to two new conjectures:
Case 2. (IMPLIES (AND (MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(LISTP STATE)
(TERMP F (CAR STATE))
(VARIABLE-LISTP (CDR STATE))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CAR STATE)))
(LISTP (CAR STATE))
(DISJOINT (CDR STATE) (DOMAIN SG)))
(TERMP T
(SUBST T (INVERT SG) (CAAR STATE)))).
Applying the lemma CAR-CDR-ELIM, replace STATE by (CONS X Z) to eliminate
(CAR STATE) and (CDR STATE) and X by (CONS V W) to eliminate (CAR X) and
(CDR X). This produces:
(IMPLIES (AND (MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(TERMP F (CONS V W))
(VARIABLE-LISTP Z)
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CONS V W)))
(DISJOINT Z (DOMAIN SG)))
(TERMP T (SUBST T (INVERT SG) V))),
which further simplifies, rewriting with TERMP-LIST-CONS, ALL-VARS-LIST-CONS,
DISJOINT-APPEND-RIGHT, TERMP-DOMAIN, RANGE-INVERT, and TERMP-SUBST, to:
T.
Case 1. (IMPLIES (AND (MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(LISTP STATE)
(TERMP F (CAR STATE))
(VARIABLE-LISTP (CDR STATE))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CAR STATE)))
(LISTP (CAR STATE))
(DISJOINT (CDR STATE) (DOMAIN SG)))
(TERMP F (CDAR STATE))).
Appealing to the lemma CAR-CDR-ELIM, we now replace STATE by (CONS X Z) to
eliminate (CAR STATE) and (CDR STATE) and X by (CONS W V) to eliminate
(CDR X) and (CAR X). We must thus prove the formula:
(IMPLIES (AND (MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(TERMP F (CONS W V))
(VARIABLE-LISTP Z)
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CONS W V)))
(DISJOINT Z (DOMAIN SG)))
(TERMP F V)).
This further simplifies, appealing to the lemma TERMP-LIST-CONS, to:
T.
Q.E.D.
[ 0.0 0.1 0.0 ]
GENERALIZE-STATEP
(DEFN GEN-INST
(SG STATE)
(LET ((S (WITNESSING-INSTANTIATION (GENERALIZE SG STATE)))
(DOMAIN-1 (GEN-CLOSURE (CONS (SUBST T (INVERT SG) (CAAR STATE))
(CDAR STATE))
(CDR STATE)
(ALL-VARS T
(SUBST T (INVERT SG) (CAAR STATE))))))
(LET ((S1 (RESTRICT S DOMAIN-1))
(S2 (APPLY-TO-SUBST (NULLIFY-SUBST SG)
(CO-RESTRICT S DOMAIN-1))))
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2)))))
Note that (OR (LITATOM (GEN-INST SG STATE)) (LISTP (GEN-INST SG STATE)))
is a theorem.
[ 0.0 0.0 0.0 ]
GEN-INST
(PROVE-LEMMA MAIN-THEOREM-1-CASE-1
(REWRITE)
(IMPLIES (GENERALIZE-OKP SG STATE)
(STATEP STATE)))
WARNING: Note that the rewrite rule MAIN-THEOREM-1-CASE-1 will be stored so
as to apply only to terms with the nonrecursive function symbol STATEP.
WARNING: Note that MAIN-THEOREM-1-CASE-1 contains the free variable SG which
will be chosen by instantiating the hypothesis (GENERALIZE-OKP SG STATE).
This conjecture can be simplified, using the abbreviations STATEP, VAR-SUBSTP,
GENERALIZE-OKP, and IMPLIES, to:
(IMPLIES (AND (MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(LISTP STATE)
(TERMP F (CAR STATE))
(VARIABLE-LISTP (CDR STATE))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CAR STATE)))
(LISTP (CAR STATE))
(DISJOINT (DOMAIN SG) (CDR STATE)))
(STATEP STATE)).
This simplifies, rewriting with DISJOINT-SYMMETRY, and expanding the
definition of STATEP, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
MAIN-THEOREM-1-CASE-1
(PROVE-LEMMA VALID-STATE-OPENER
(REWRITE)
(EQUAL (VALID-STATE STATE)
(AND (STATEP STATE)
(LET ((WITNESSING-INSTANTIATION (WITNESSING-INSTANTIATION STATE)))
(AND (VAR-SUBSTP WITNESSING-INSTANTIATION)
(SUBSETP (DOMAIN WITNESSING-INSTANTIATION)
(CDR STATE))
(THEOREM-LIST (SUBST F WITNESSING-INSTANTIATION
(CAR STATE)))))))
((DISABLE-THEORY T)
(ENABLE-THEORY GROUND-ZERO)
(USE
(VALID-STATE-INTRO
(WITNESSING-INSTANTIATION (WITNESSING-INSTANTIATION STATE))))))
This conjecture simplifies, expanding the definitions of AND, IMPLIES, NOT,
and EQUAL, to:
T.
Q.E.D.
[ 0.0 0.0 0.0 ]
VALID-STATE-OPENER
(PROVE-LEMMA MAIN-THEOREM-1-CASE-2
(REWRITE)
(LET ((WIT (GEN-INST SG STATE)))
(IMPLIES (AND (GENERALIZE-OKP SG STATE)
(VALID-STATE (GENERALIZE SG STATE)))
(VAR-SUBSTP WIT)))
((DISABLE GENERALIZE)))
WARNING: Note that the rewrite rule MAIN-THEOREM-1-CASE-2 will be stored so
as to apply only to terms with the nonrecursive function symbol VAR-SUBSTP.
This formula can be simplified, using the abbreviations VALID-STATE-OPENER,
STATEP, VAR-SUBSTP, GENERALIZE-OKP, AND, and IMPLIES, to:
(IMPLIES
(AND
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(LISTP STATE)
(TERMP F (CAR STATE))
(VARIABLE-LISTP (CDR STATE))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CAR STATE)))
(LISTP (CAR STATE))
(DISJOINT (DOMAIN SG) (CDR STATE))
(LISTP (GENERALIZE SG STATE))
(TERMP F (CAR (GENERALIZE SG STATE)))
(VARIABLE-LISTP (CDR (GENERALIZE SG STATE)))
(MAPPING (WITNESSING-INSTANTIATION (GENERALIZE SG STATE)))
(VARIABLE-LISTP
(DOMAIN (WITNESSING-INSTANTIATION (GENERALIZE SG STATE))))
(TERMP F
(RANGE (WITNESSING-INSTANTIATION (GENERALIZE SG STATE))))
(SUBSETP (DOMAIN (WITNESSING-INSTANTIATION (GENERALIZE SG STATE)))
(CDR (GENERALIZE SG STATE)))
(THEOREM-LIST (SUBST F
(WITNESSING-INSTANTIATION (GENERALIZE SG STATE))
(CAR (GENERALIZE SG STATE)))))
(VAR-SUBSTP (GEN-INST SG STATE))),
which simplifies, rewriting with DISJOINT-SYMMETRY, APPLY-TO-SUBST-APPEND,
APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN, DOMAIN-APPLY-TO-SUBST,
ALISTP-APPLY-TO-SUBST, TERMP-RANGE-NULLIFY-SUBST, TERMP-RANGE-CO-RESTRICT,
VAR-SUBSTP-APPLY-TO-SUBST, DISJOINT-ALL-VARS-RANGE-APPLY-SUBST-NULLIFY-SUBST,
TERMP-LIST-APPEND, TERMP-RANGE-RESTRICT, TERMP-LIST-IMPLIES-PROPERP,
RANGE-APPEND, VARIABLE-LISTP-APPEND, VARIABLE-LISTP-SET-DIFF, DOMAIN-APPEND,
MAPPING-APPEND, MAPPING-CO-RESTRICT, MAPPING-APPLY-TO-SUBST, MAPPING-RESTRICT,
FIX-PROPERP-PROPERP, ALISTP-IMPLIES-PROPERP, DISJOINT-SET-DIFF-GENERAL,
SUBSETP-INTERSECTION-SUFFICIENCY-1, INTERSECTION-SUBSETP-IDENTITY,
VARIABLE-LISTP-INTERSECTION, VARIABLE-LISTP-IMPLIES-PROPERP, SUBSETP-DOMAIN,
SUBSETP-REFLEXIVITY, SUBSETP-INTERSECTION-SUFFICIENCY-2, DOMAIN-CO-RESTRICT,
and DOMAIN-RESTRICT, and expanding the definitions of GEN-INST, OR, and
VAR-SUBSTP, to:
T.
Q.E.D.
[ 0.0 0.4 0.0 ]
MAIN-THEOREM-1-CASE-2
(PROVE-LEMMA SUBSETP-CDR-GENERALIZE
(REWRITE)
(SUBSETP (CDR (GENERALIZE SG STATE))
(CDR STATE)))
This simplifies, rewriting with CDR-CONS, SUBSETP-REFLEXIVITY, and
SUBSETP-SET-DIFF-SUFFICIENCY, and unfolding GENERALIZE, to:
T.
Q.E.D.
[ 0.0 0.1 0.0 ]
SUBSETP-CDR-GENERALIZE
(PROVE-LEMMA MAIN-THEOREM-1-CASE-3
(REWRITE)
(LET ((WIT (GEN-INST SG STATE)))
(IMPLIES (VALID-STATE (GENERALIZE SG STATE))
(SUBSETP (DOMAIN WIT) (CDR STATE))))
((DISABLE GENERALIZE)))
This conjecture can be simplified, using the abbreviations VAR-SUBSTP, STATEP,
VALID-STATE-OPENER, and IMPLIES, to the goal:
(IMPLIES
(AND
(LISTP (GENERALIZE SG STATE))
(TERMP F (CAR (GENERALIZE SG STATE)))
(VARIABLE-LISTP (CDR (GENERALIZE SG STATE)))
(MAPPING (WITNESSING-INSTANTIATION (GENERALIZE SG STATE)))
(VARIABLE-LISTP
(DOMAIN (WITNESSING-INSTANTIATION (GENERALIZE SG STATE))))
(TERMP F
(RANGE (WITNESSING-INSTANTIATION (GENERALIZE SG STATE))))
(SUBSETP (DOMAIN (WITNESSING-INSTANTIATION (GENERALIZE SG STATE)))
(CDR (GENERALIZE SG STATE)))
(THEOREM-LIST (SUBST F
(WITNESSING-INSTANTIATION (GENERALIZE SG STATE))
(CAR (GENERALIZE SG STATE)))))
(SUBSETP (DOMAIN (GEN-INST SG STATE))
(CDR STATE))).
This simplifies, applying the lemmas APPLY-TO-SUBST-APPEND, DOMAIN-RESTRICT,
DOMAIN-APPLY-TO-SUBST, DOMAIN-CO-RESTRICT, DOMAIN-APPEND,
SUBSETP-IS-TRANSITIVE, SUBSETP-CDR-GENERALIZE,
SUBSETP-INTERSECTION-SUFFICIENCY-2, SUBSETP-SET-DIFF-SUFFICIENCY, and
SUBSETP-APPEND, and unfolding the function GEN-INST, to:
T.
Q.E.D.
[ 0.0 0.1 0.0 ]
MAIN-THEOREM-1-CASE-3
(DEFN GEN-SETTING-SUBSTITUTIONS
(S1 S2 SG)
(AND (VAR-SUBSTP S1)
(VAR-SUBSTP S2)
(VAR-SUBSTP SG)
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (ALL-VARS F (RANGE SG))
(DOMAIN S1))
(DISJOINT (ALL-VARS F (RANGE S2))
(DOMAIN SG))))
Observe that:
(OR (FALSEP (GEN-SETTING-SUBSTITUTIONS S1 S2 SG))
(TRUEP (GEN-SETTING-SUBSTITUTIONS S1 S2 SG)))
is a theorem.
[ 0.0 0.0 0.0 ]
GEN-SETTING-SUBSTITUTIONS
(DEFN MAIN-HYPS
(S1 S2 SG G P)
(AND (TERMP T G)
(DISJOINT (ALL-VARS T G) (DOMAIN SG))
(TERMP F P)
(DISJOINT (ALL-VARS F P) (DOMAIN SG))
(GEN-SETTING-SUBSTITUTIONS S1 S2 SG)
(THEOREM-LIST (SUBST F
(APPEND S1 S2)
(CONS (SUBST T (INVERT SG) G) P)))))
Note that:
(OR (FALSEP (MAIN-HYPS S1 S2 SG G P))
(TRUEP (MAIN-HYPS S1 S2 SG G P)))
is a theorem.
[ 0.0 0.0 0.0 ]
MAIN-HYPS
(PROVE-LEMMA MAIN-HYPS-SUFFICE-FIRST-LEMMA-GENERAL NIL
(IMPLIES (AND (TERMP FLG G)
(DISJOINT (ALL-VARS FLG G)
(DOMAIN SG))
(GEN-SETTING-SUBSTITUTIONS S1 S2 SG)
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST FLG
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
G)
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
(SUBST FLG
(APPEND S1 S2)
(SUBST FLG SG-1 G)))))
((INDUCT (SUBST FLG SG-1 G))))
This formula can be simplified, using the abbreviations VAR-SUBSTP,
GEN-SETTING-SUBSTITUTIONS, IMPLIES, NOT, OR, and AND, to the following six new
formulas:
Case 6. (IMPLIES (AND FLG
(MEMBER G (DOMAIN SG-1))
(TERMP FLG G)
(DISJOINT (ALL-VARS FLG G)
(DOMAIN SG))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (ALL-VARS F (RANGE SG))
(DOMAIN S1))
(DISJOINT (ALL-VARS F (RANGE S2))
(DOMAIN SG))
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST FLG
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
G)
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
(SUBST FLG
(APPEND S1 S2)
(SUBST FLG SG-1 G))))).
This simplifies, applying the lemmas DOMAIN-INVERT, DISJOINT-SYMMETRY,
MAPPING-IMPLIES-ALISTP, DOMAIN-APPLY-TO-SUBST,
APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN, APPLY-TO-SUBST-APPEND,
MEMBER-PRESERVES-DISJOINT-ALL-VARS, ALL-VARS-VARIABLE-LISTP,
SUBST-APPEND-NOT-OCCUR-1, MEMBER-SUBSETP, SUBSETP-REFLEXIVITY, SUBST-OCCUR,
DISJOINT-DOMAIN-SINGLETON, VALUE-INVERT-NOT-MEMBER-OF-DOMAIN,
ALL-VARS-VARIABLEP, VARIABLEP-VALUE-INVERT, TERMP-VALUE, RANGE-INVERT,
TERMP-DOMAIN, SUBST-NOT-OCCUR, SUBST-APPEND-NOT-OCCUR-2, BOUNDP-VALUE-INVERT,
VALUE-VALUE-INVERT, and SUBST-APPLY-TO-SUBST, to:
T.
Case 5. (IMPLIES (AND FLG
(NOT (MEMBER G (DOMAIN SG-1)))
(VARIABLEP G)
(TERMP FLG G)
(DISJOINT (ALL-VARS FLG G)
(DOMAIN SG))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (ALL-VARS F (RANGE SG))
(DOMAIN S1))
(DISJOINT (ALL-VARS F (RANGE S2))
(DOMAIN SG))
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST FLG
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
G)
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
(SUBST FLG
(APPEND S1 S2)
(SUBST FLG SG-1 G))))).
This simplifies, rewriting with DOMAIN-INVERT, ALL-VARS-VARIABLEP,
DISJOINT-DOMAIN-SINGLETON, DISJOINT-SYMMETRY, MAPPING-IMPLIES-ALISTP,
DOMAIN-APPLY-TO-SUBST, APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN,
APPLY-TO-SUBST-APPEND, DOMAIN-APPEND, MEMBER-APPEND, VALUE-APPLY-TO-SUBST,
VALUE-APPEND, and SUBST-T-VARIABLEP, to three new formulas:
Case 5.3.
(IMPLIES (AND FLG
(NOT (MEMBER G (RANGE SG)))
(VARIABLEP G)
(TERMP FLG G)
(NOT (MEMBER G (DOMAIN SG)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2)))
(MEMBER G (DOMAIN S1)))
(EQUAL (SUBST T
(APPLY-TO-SUBST S2 SG)
(VALUE G S1))
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
(VALUE G S1)))),
which again simplifies, rewriting with the lemmas
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP and SUBST-FLG-NOT-LIST, to:
T.
Case 5.2.
(IMPLIES (AND FLG
(NOT (MEMBER G (RANGE SG)))
(VARIABLEP G)
(TERMP FLG G)
(NOT (MEMBER G (DOMAIN SG)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2)))
(NOT (MEMBER G (DOMAIN S1)))
(NOT (MEMBER G (DOMAIN S2))))
(EQUAL G
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
G))),
which again simplifies, appealing to the lemmas DISJOINT-DOMAIN-SINGLETON,
ALL-VARS-VARIABLEP, DOMAIN-APPLY-TO-SUBST, and SUBST-NOT-OCCUR, to:
T.
Case 5.1.
(IMPLIES (AND FLG
(NOT (MEMBER G (RANGE SG)))
(VARIABLEP G)
(TERMP FLG G)
(NOT (MEMBER G (DOMAIN SG)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2)))
(NOT (MEMBER G (DOMAIN S1)))
(MEMBER G (DOMAIN S2)))
(EQUAL (VALUE G S2)
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
(VALUE G S2)))),
which again simplifies, rewriting with the lemmas
MEMBER-VARIABLE-LISTP-IMPLIES-VARIABLEP,
DISJOINT-RANGE-IMPLIES-DISJOINT-VALUE, DOMAIN-APPLY-TO-SUBST, TERMP-VALUE,
and SUBST-NOT-OCCUR, to:
T.
Case 4. (IMPLIES
(AND FLG
(NOT (MEMBER G (DOMAIN SG-1)))
(NOT (VARIABLEP G))
(LISTP G)
(IMPLIES (AND (TERMP F (CDR G))
(DISJOINT (ALL-VARS F (CDR G))
(DOMAIN SG))
(GEN-SETTING-SUBSTITUTIONS S1 S2 SG)
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST F
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
(CDR G))
(SUBST F
(APPLY-TO-SUBST S2 SG)
(SUBST F
(APPEND S1 S2)
(SUBST F SG-1 (CDR G))))))
(TERMP FLG G)
(DISJOINT (ALL-VARS FLG G)
(DOMAIN SG))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (ALL-VARS F (RANGE SG))
(DOMAIN S1))
(DISJOINT (ALL-VARS F (RANGE S2))
(DOMAIN SG))
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST FLG
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
G)
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
(SUBST FLG
(APPEND S1 S2)
(SUBST FLG SG-1 G))))),
which simplifies, appealing to the lemmas DOMAIN-INVERT, VARIABLEP-INTRO,
DISJOINT-SYMMETRY, APPLY-TO-SUBST-APPEND, MAPPING-IMPLIES-ALISTP,
DOMAIN-APPLY-TO-SUBST, APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN,
VARIABLE-LISTP-APPEND, FIX-PROPERP-PROPERP, TERMP-DOMAIN,
TERMP-LIST-IMPLIES-PROPERP, DOMAIN-APPEND, COMPOSE-PROPERTY-REVERSED, and
APPEND-ASSOC, and opening up VAR-SUBSTP, GEN-SETTING-SUBSTITUTIONS, AND,
IMPLIES, and COMPOSE, to three new goals:
Case 4.3.
(IMPLIES
(AND FLG
(NOT (MEMBER G (RANGE SG)))
(LISTP G)
(NOT (TERMP F (CDR G)))
(TERMP FLG G)
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))).
Applying the lemma CAR-CDR-ELIM, replace G by (CONS Z X) to eliminate
(CDR G) and (CAR G). This produces the new conjecture:
(IMPLIES
(AND FLG
(NOT (MEMBER (CONS Z X) (RANGE SG)))
(NOT (TERMP F X))
(TERMP FLG (CONS Z X))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG (CONS Z X)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
(CONS Z X))
(SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
(CONS Z X)))),
which further simplifies, rewriting with the lemma TERMP-T-CONS, to:
T.
Case 4.2.
(IMPLIES
(AND FLG
(NOT (MEMBER G (RANGE SG)))
(LISTP G)
(NOT (DISJOINT (DOMAIN SG)
(ALL-VARS F (CDR G))))
(TERMP FLG G)
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))).
Applying the lemma CAR-CDR-ELIM, replace G by (CONS Z X) to eliminate
(CDR G) and (CAR G). We would thus like to prove the new conjecture:
(IMPLIES
(AND FLG
(NOT (MEMBER (CONS Z X) (RANGE SG)))
(NOT (DISJOINT (DOMAIN SG) (ALL-VARS F X)))
(TERMP FLG (CONS Z X))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG (CONS Z X)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
(CONS Z X))
(SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
(CONS Z X)))),
which further simplifies, rewriting with TERMP-T-CONS and ALL-VARS-T-CONS,
to:
T.
Case 4.1.
(IMPLIES
(AND FLG
(NOT (MEMBER G (RANGE SG)))
(LISTP G)
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S2))
(CDR G))
(SUBST F
(APPLY-TO-SUBST S2 SG)
(SUBST F
(APPEND S1 S2)
(SUBST F (INVERT SG) (CDR G)))))
(TERMP FLG G)
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))).
This again simplifies, rewriting with the lemmas MAPPING-IMPLIES-ALISTP,
DOMAIN-APPLY-TO-SUBST, and APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN, to
the goal:
(IMPLIES
(AND FLG
(NOT (MEMBER G (RANGE SG)))
(LISTP G)
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
(CDR G))
(SUBST F
(APPLY-TO-SUBST S2 SG)
(SUBST F
(APPEND S1 S2)
(SUBST F (INVERT SG) (CDR G)))))
(TERMP FLG G)
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))).
Appealing to the lemma CAR-CDR-ELIM, we now replace G by (CONS Z X) to
eliminate (CDR G) and (CAR G). We must thus prove:
(IMPLIES
(AND FLG
(NOT (MEMBER (CONS Z X) (RANGE SG)))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
X)
(SUBST F
(APPLY-TO-SUBST S2 SG)
(SUBST F
(APPEND S1 S2)
(SUBST F (INVERT SG) X))))
(TERMP FLG (CONS Z X))
(DISJOINT (DOMAIN SG)
(ALL-VARS FLG (CONS Z X)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
(CONS Z X))
(SUBST FLG
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
(CONS Z X)))).
But this further simplifies, appealing to the lemmas TERMP-T-CONS,
ALL-VARS-T-CONS, DOMAIN-APPLY-TO-SUBST, DOMAIN-APPEND, VARIABLEP-INTRO,
VARIABLE-LISTP-APPEND, FIX-PROPERP-PROPERP, TERMP-DOMAIN,
TERMP-LIST-IMPLIES-PROPERP, NON-VARIABLEP-NOT-MEMBER-OF-VARIABLE-LISTP,
SUBST-T-NON-VARIABLEP, DOMAIN-INVERT, MEMBER-APPEND, CAR-CONS, CDR-CONS,
and CONS-EQUAL, to the goal:
(IMPLIES
(AND FLG
(NOT (MEMBER (CONS Z X) (RANGE SG)))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
X)
(SUBST F
(APPLY-TO-SUBST S2 SG)
(SUBST F
(APPEND S1 S2)
(SUBST F (INVERT SG) X))))
(FUNCTION-SYMBOL-P Z)
(TERMP F X)
(DISJOINT (DOMAIN SG) (ALL-VARS F X))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
X)
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
X))).
This again simplifies, applying VARIABLE-LISTP-APPEND, FIX-PROPERP-PROPERP,
TERMP-DOMAIN, TERMP-LIST-IMPLIES-PROPERP, DOMAIN-APPEND,
COMPOSE-PROPERTY-REVERSED, DOMAIN-APPLY-TO-SUBST, APPEND-ASSOC,
APPLY-TO-SUBST-APPEND, APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN, and
MAPPING-IMPLIES-ALISTP, and unfolding COMPOSE, to:
T.
Case 3. (IMPLIES (AND FLG
(NOT (MEMBER G (DOMAIN SG-1)))
(NOT (VARIABLEP G))
(NOT (LISTP G))
(TERMP FLG G)
(DISJOINT (ALL-VARS FLG G)
(DOMAIN SG))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (ALL-VARS F (RANGE SG))
(DOMAIN S1))
(DISJOINT (ALL-VARS F (RANGE S2))
(DOMAIN SG))
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST FLG
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
G)
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
(SUBST FLG
(APPEND S1 S2)
(SUBST FLG SG-1 G))))).
This simplifies, applying the lemmas DOMAIN-INVERT and TERMP-T-NLISTP, to:
T.
Case 2. (IMPLIES
(AND (NOT FLG)
(LISTP G)
(IMPLIES (AND (TERMP F (CDR G))
(DISJOINT (ALL-VARS F (CDR G))
(DOMAIN SG))
(GEN-SETTING-SUBSTITUTIONS S1 S2 SG)
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST F
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
(CDR G))
(SUBST F
(APPLY-TO-SUBST S2 SG)
(SUBST F
(APPEND S1 S2)
(SUBST F SG-1 (CDR G))))))
(IMPLIES (AND (TERMP T (CAR G))
(DISJOINT (ALL-VARS T (CAR G))
(DOMAIN SG))
(GEN-SETTING-SUBSTITUTIONS S1 S2 SG)
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST T
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
(CAR G))
(SUBST T
(APPLY-TO-SUBST S2 SG)
(SUBST T
(APPEND S1 S2)
(SUBST T SG-1 (CAR G))))))
(TERMP FLG G)
(DISJOINT (ALL-VARS FLG G)
(DOMAIN SG))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (ALL-VARS F (RANGE SG))
(DOMAIN S1))
(DISJOINT (ALL-VARS F (RANGE S2))
(DOMAIN SG))
(EQUAL SG-1 (INVERT SG)))
(EQUAL (SUBST FLG
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPEND S1 S2))
G)
(SUBST FLG
(APPLY-TO-SUBST S2 SG)
(SUBST FLG
(APPEND S1 S2)
(SUBST FLG SG-1 G))))).
This simplifies, rewriting with DISJOINT-SYMMETRY, APPLY-TO-SUBST-APPEND,
MAPPING-IMPLIES-ALISTP, DOMAIN-APPLY-TO-SUBST,
APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN, VARIABLE-LISTP-APPEND,
FIX-PROPERP-PROPERP, TERMP-DOMAIN, TERMP-LIST-IMPLIES-PROPERP, DOMAIN-APPEND,
COMPOSE-PROPERTY-REVERSED, and APPEND-ASSOC, and opening up the definitions
of VAR-SUBSTP, GEN-SETTING-SUBSTITUTIONS, AND, IMPLIES, and COMPOSE, to nine
new formulas:
Case 2.9.
(IMPLIES
(AND (LISTP G)
(NOT (TERMP F (CDR G)))
(NOT (TERMP T (CAR G)))
(TERMP F G)
(DISJOINT (DOMAIN SG) (ALL-VARS F G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))).
Applying the lemma CAR-CDR-ELIM, replace G by (CONS Z X) to eliminate
(CDR G) and (CAR G). We thus obtain the new formula:
(IMPLIES
(AND (NOT (TERMP F X))
(NOT (TERMP T Z))
(TERMP F (CONS Z X))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CONS Z X)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
(CONS Z X))
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
(CONS Z X)))),
which further simplifies, rewriting with the lemma TERMP-LIST-CONS, to:
T.
Case 2.8.
(IMPLIES
(AND (LISTP G)
(NOT (TERMP F (CDR G)))
(NOT (DISJOINT (DOMAIN SG)
(ALL-VARS T (CAR G))))
(TERMP F G)
(DISJOINT (DOMAIN SG) (ALL-VARS F G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))).
Applying the lemma CAR-CDR-ELIM, replace G by (CONS Z X) to eliminate
(CDR G) and (CAR G). We thus obtain the new conjecture:
(IMPLIES
(AND (NOT (TERMP F X))
(NOT (DISJOINT (DOMAIN SG) (ALL-VARS T Z)))
(TERMP F (CONS Z X))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CONS Z X)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
(CONS Z X))
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
(CONS Z X)))),
which further simplifies, rewriting with the lemma TERMP-LIST-CONS, to:
T.
Case 2.7.
(IMPLIES
(AND (LISTP G)
(NOT (TERMP F (CDR G)))
(EQUAL (SUBST T
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S2))
(CAR G))
(SUBST T
(APPLY-TO-SUBST S2 SG)
(SUBST T
(APPEND S1 S2)
(SUBST T (INVERT SG) (CAR G)))))
(TERMP F G)
(DISJOINT (DOMAIN SG) (ALL-VARS F G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))),
which again simplifies, rewriting with MAPPING-IMPLIES-ALISTP,
DOMAIN-APPLY-TO-SUBST, and APPLY-TO-SUBST-IS-NO-OP-FOR-DISJOINT-DOMAIN, to:
(IMPLIES
(AND (LISTP G)
(NOT (TERMP F (CDR G)))
(EQUAL (SUBST T
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
(CAR G))
(SUBST T
(APPLY-TO-SUBST S2 SG)
(SUBST T
(APPEND S1 S2)
(SUBST T (INVERT SG) (CAR G)))))
(TERMP F G)
(DISJOINT (DOMAIN SG) (ALL-VARS F G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))).
Applying the lemma CAR-CDR-ELIM, replace G by (CONS Z X) to eliminate
(CDR G) and (CAR G). We would thus like to prove the new conjecture:
(IMPLIES
(AND (NOT (TERMP F X))
(EQUAL (SUBST T
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
Z)
(SUBST T
(APPLY-TO-SUBST S2 SG)
(SUBST T
(APPEND S1 S2)
(SUBST T (INVERT SG) Z))))
(TERMP F (CONS Z X))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (CONS Z X)))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
(CONS Z X))
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
(CONS Z X)))),
which further simplifies, applying TERMP-LIST-CONS, to:
T.
Case 2.6.
(IMPLIES
(AND (LISTP G)
(NOT (DISJOINT (DOMAIN SG)
(ALL-VARS F (CDR G))))
(NOT (TERMP T (CAR G)))
(TERMP F G)
(DISJOINT (DOMAIN SG) (ALL-VARS F G))
(MAPPING S1)
(VARIABLE-LISTP (DOMAIN S1))
(TERMP F (RANGE S1))
(MAPPING S2)
(VARIABLE-LISTP (DOMAIN S2))
(TERMP F (RANGE S2))
(MAPPING SG)
(VARIABLE-LISTP (DOMAIN SG))
(TERMP F (RANGE SG))
(DISJOINT (DOMAIN S1) (DOMAIN S2))
(DISJOINT (DOMAIN S1) (DOMAIN SG))
(DISJOINT (DOMAIN S2) (DOMAIN SG))
(DISJOINT (DOMAIN S1)
(ALL-VARS F (RANGE SG)))
(DISJOINT (DOMAIN SG)
(ALL-VARS F (RANGE S2))))
(EQUAL (SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
S2)
G)
(SUBST F
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
(APPLY-TO-SUBST (APPEND S1 S2)
(INVERT SG)))
(APPEND (APPLY-TO-SUBST (APPLY-TO-SUBST S2 SG)
S1)
(APPEND S2 (APPLY-TO-SUBST S2 SG))))
G))).
Appealing to the lemma CAR-CDR-ELIM, we now replace G by (CONS Z X) to
eliminate (CDR G) and (CAR G). We must thus prove:
(IMPLIES
(AND (NOT (DISJOINT (DOMAIN SG