(BOOT-STRAP NQTHM) [ 0.3 0.1 0.0 ] GROUND-ZERO (DEFN EXPT (M N) (IF (ZEROP N) 1 (TIMES M (EXPT M (SUB1 N))))) Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP inform us that the measure (COUNT N) decreases according to the well-founded relation LESSP in each recursive call. Hence, EXPT is accepted under the definitional principle. From the definition we can conclude that (NUMBERP (EXPT M N)) is a theorem. [ 0.0 0.0 0.0 ] EXPT (PROVE-LEMMA DISTRIBUTIVITY (REWRITE) (EQUAL (PLUS (TIMES U Y) (TIMES A Y)) (TIMES (PLUS U A) Y))) Call the conjecture *1. We will try to prove it by induction. There are three plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (ZEROP U) (p U Y A)) (IMPLIES (AND (NOT (ZEROP U)) (p (SUB1 U) Y A)) (p U Y A))). Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP inform us that the measure (COUNT U) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates two new goals: Case 2. (IMPLIES (ZEROP U) (EQUAL (PLUS (TIMES U Y) (TIMES A Y)) (TIMES (PLUS U A) Y))), which simplifies, opening up the functions ZEROP, EQUAL, TIMES, and PLUS, to two new formulas: Case 2.2. (IMPLIES (AND (EQUAL U 0) (NOT (NUMBERP A))) (EQUAL (TIMES A Y) (TIMES 0 Y))), which again simplifies, opening up TIMES and EQUAL, to: T. Case 2.1. (IMPLIES (AND (NOT (NUMBERP U)) (NOT (NUMBERP A))) (EQUAL (TIMES A Y) (TIMES 0 Y))), which again simplifies, opening up the definitions of TIMES and EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (ZEROP U)) (EQUAL (PLUS (TIMES (SUB1 U) Y) (TIMES A Y)) (TIMES (PLUS (SUB1 U) A) Y))) (EQUAL (PLUS (TIMES U Y) (TIMES A Y)) (TIMES (PLUS U A) Y))), which simplifies, applying the lemma SUB1-ADD1, and expanding ZEROP, TIMES, and PLUS, to: (IMPLIES (AND (NOT (EQUAL U 0)) (NUMBERP U) (EQUAL (PLUS (TIMES (SUB1 U) Y) (TIMES A Y)) (TIMES (PLUS (SUB1 U) A) Y))) (EQUAL (PLUS (PLUS Y (TIMES (SUB1 U) Y)) (TIMES A Y)) (PLUS Y (TIMES (PLUS (SUB1 U) A) Y)))). But this again simplifies, using linear arithmetic, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] DISTRIBUTIVITY (PROVE-LEMMA ASSOCIATIVITY-OF-TIMES (REWRITE) (EQUAL (TIMES M U Y) (TIMES (TIMES M U) Y))) Call the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (ZEROP M) (p M U Y)) (IMPLIES (AND (NOT (ZEROP M)) (p (SUB1 M) U Y)) (p M U Y))). Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP can be used to prove that the measure (COUNT M) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new goals: Case 2. (IMPLIES (ZEROP M) (EQUAL (TIMES M U Y) (TIMES (TIMES M U) Y))), which simplifies, opening up the definitions of ZEROP, EQUAL, and TIMES, to: T. Case 1. (IMPLIES (AND (NOT (ZEROP M)) (EQUAL (TIMES (SUB1 M) U Y) (TIMES (TIMES (SUB1 M) U) Y))) (EQUAL (TIMES M U Y) (TIMES (TIMES M U) Y))), which simplifies, expanding ZEROP and TIMES, to: (IMPLIES (AND (NOT (EQUAL M 0)) (NUMBERP M) (EQUAL (TIMES (SUB1 M) U Y) (TIMES (TIMES (SUB1 M) U) Y))) (EQUAL (PLUS (TIMES U Y) (TIMES (SUB1 M) U Y)) (TIMES (PLUS U (TIMES (SUB1 M) U)) Y))). Appealing to the lemma SUB1-ELIM, we now replace M by (ADD1 X) to eliminate (SUB1 M). We rely upon the type restriction lemma noted when SUB1 was introduced to constrain the new variable. This generates: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL (ADD1 X) 0)) (EQUAL (TIMES X U Y) (TIMES (TIMES X U) Y))) (EQUAL (PLUS (TIMES U Y) (TIMES X U Y)) (TIMES (PLUS U (TIMES X U)) Y))). This further simplifies, trivially, to: (IMPLIES (AND (NUMBERP X) (EQUAL (TIMES X U Y) (TIMES (TIMES X U) Y))) (EQUAL (PLUS (TIMES U Y) (TIMES X U Y)) (TIMES (PLUS U (TIMES X U)) Y))). We use the above equality hypothesis by substituting (TIMES (TIMES X U) Y) for (TIMES X U Y) and throwing away the equality. This generates the goal: (IMPLIES (NUMBERP X) (EQUAL (PLUS (TIMES U Y) (TIMES (TIMES X U) Y)) (TIMES (PLUS U (TIMES X U)) Y))). This further simplifies, rewriting with the lemma DISTRIBUTIVITY, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ASSOCIATIVITY-OF-TIMES (PROVE-LEMMA ADDITION-OF-EXPONENTS (REWRITE) (EQUAL (EXPT M (PLUS A B)) (TIMES (EXPT M A) (EXPT M B)))) Call the conjecture *1. We will try to prove it by induction. There are three plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (ZEROP A) (p M A B)) (IMPLIES (AND (NOT (ZEROP A)) (p M (SUB1 A) B)) (p M A B))). Linear arithmetic, the lemmas SUB1-LESSEQP and SUB1-LESSP, and the definition of ZEROP inform us that the measure (COUNT A) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates two new goals: Case 2. (IMPLIES (ZEROP A) (EQUAL (EXPT M (PLUS A B)) (TIMES (EXPT M A) (EXPT M B)))), which simplifies, opening up the functions ZEROP, EQUAL, PLUS, and EXPT, to four new formulas: Case 2.4. (IMPLIES (AND (EQUAL A 0) (NOT (NUMBERP B))) (EQUAL (EXPT M 0) (TIMES 1 (EXPT M B)))), which again simplifies, opening up EQUAL, EXPT, and TIMES, to: T. Case 2.3. (IMPLIES (AND (EQUAL A 0) (NUMBERP B)) (EQUAL (EXPT M B) (TIMES 1 (EXPT M B)))), which again simplifies, using linear arithmetic, to: T. Case 2.2. (IMPLIES (AND (NOT (NUMBERP A)) (NOT (NUMBERP B))) (EQUAL (EXPT M 0) (TIMES 1 (EXPT M B)))), which again simplifies, opening up the definitions of EQUAL, EXPT, and TIMES, to: T. Case 2.1. (IMPLIES (AND (NOT (NUMBERP A)) (NUMBERP B)) (EQUAL (EXPT M B) (TIMES 1 (EXPT M B)))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (ZEROP A)) (EQUAL (EXPT M (PLUS (SUB1 A) B)) (TIMES (EXPT M (SUB1 A)) (EXPT M B)))) (EQUAL (EXPT M (PLUS A B)) (TIMES (EXPT M A) (EXPT M B)))), which simplifies, rewriting with SUB1-ADD1, and opening up the functions ZEROP, PLUS, and EXPT, to: (IMPLIES (AND (NOT (EQUAL A 0)) (NUMBERP A) (EQUAL (EXPT M (PLUS (SUB1 A) B)) (TIMES (EXPT M (SUB1 A)) (EXPT M B)))) (EQUAL (TIMES M (EXPT M (PLUS (SUB1 A) B))) (TIMES (TIMES M (EXPT M (SUB1 A))) (EXPT M B)))). Applying the lemma SUB1-ELIM, replace A by (ADD1 X) to eliminate (SUB1 A). We employ the type restriction lemma noted when SUB1 was introduced to restrict the new variable. We thus obtain: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL (ADD1 X) 0)) (EQUAL (EXPT M (PLUS X B)) (TIMES (EXPT M X) (EXPT M B)))) (EQUAL (TIMES M (EXPT M (PLUS X B))) (TIMES (TIMES M (EXPT M X)) (EXPT M B)))), which further simplifies, clearly, to the new conjecture: (IMPLIES (AND (NUMBERP X) (EQUAL (EXPT M (PLUS X B)) (TIMES (EXPT M X) (EXPT M B)))) (EQUAL (TIMES M (EXPT M (PLUS X B))) (TIMES (TIMES M (EXPT M X)) (EXPT M B)))). We use the above equality hypothesis by substituting: (TIMES (EXPT M X) (EXPT M B)) for (EXPT M (PLUS X B)) and throwing away the equality. We must thus prove: (IMPLIES (NUMBERP X) (EQUAL (TIMES M (EXPT M X) (EXPT M B)) (TIMES (TIMES M (EXPT M X)) (EXPT M B)))). But this further simplifies, applying ASSOCIATIVITY-OF-TIMES, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ADDITION-OF-EXPONENTS (PROVE-LEMMA MONOTON-OF-EXP-1 NIL (IMPLIES (LEQ B1 B2) (LEQ (EXPT B1 E) (EXPT B2 E)))) Give the conjecture the name *1. Perhaps we can prove it by induction. There are four plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (ZEROP E) (p B2 E B1)) (IMPLIES (AND (NOT (ZEROP E)) (p B2 (SUB1 E) B1)) (p B2 E B1))). Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP can be used to show that the measure (COUNT E) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates two new conjectures: Case 2. (IMPLIES (AND (ZEROP E) (NOT (LESSP B2 B1))) (NOT (LESSP (EXPT B2 E) (EXPT B1 E)))), which simplifies, unfolding the definitions of ZEROP, EQUAL, EXPT, and LESSP, to: T. Case 1. (IMPLIES (AND (NOT (ZEROP E)) (NOT (LESSP (EXPT B2 (SUB1 E)) (EXPT B1 (SUB1 E)))) (NOT (LESSP B2 B1))) (NOT (LESSP (EXPT B2 E) (EXPT B1 E)))), which simplifies, unfolding the definitions of ZEROP and EXPT, to: (IMPLIES (AND (NOT (EQUAL E 0)) (NUMBERP E) (NOT (LESSP (EXPT B2 (SUB1 E)) (EXPT B1 (SUB1 E)))) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 (EXPT B2 (SUB1 E))) (TIMES B1 (EXPT B1 (SUB1 E)))))). Appealing to the lemma SUB1-ELIM, we now replace E by (ADD1 X) to eliminate (SUB1 E). We employ the type restriction lemma noted when SUB1 was introduced to constrain the new variable. We must thus prove: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL (ADD1 X) 0)) (NOT (LESSP (EXPT B2 X) (EXPT B1 X))) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 (EXPT B2 X)) (TIMES B1 (EXPT B1 X))))). This further simplifies, obviously, to the new goal: (IMPLIES (AND (NUMBERP X) (NOT (LESSP (EXPT B2 X) (EXPT B1 X))) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 (EXPT B2 X)) (TIMES B1 (EXPT B1 X))))), which we generalize by replacing (EXPT B1 X) by Y and (EXPT B2 X) by A. We restrict the new variables by recalling the type restriction lemma noted when EXPT was introduced. This produces: (IMPLIES (AND (NUMBERP Y) (NUMBERP A) (NUMBERP X) (NOT (LESSP A Y)) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 A) (TIMES B1 Y)))), which has an irrelevant term in it. By eliminating the term we get the new formula: (IMPLIES (AND (NUMBERP Y) (NUMBERP A) (NOT (LESSP A Y)) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 A) (TIMES B1 Y)))), which we will finally name *1.1. We will appeal to induction. The recursive terms in the conjecture suggest six inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (OR (EQUAL B1 0) (NOT (NUMBERP B1))) (p B2 A B1 Y)) (IMPLIES (AND (NOT (OR (EQUAL B1 0) (NOT (NUMBERP B1)))) (OR (EQUAL B2 0) (NOT (NUMBERP B2)))) (p B2 A B1 Y)) (IMPLIES (AND (NOT (OR (EQUAL B1 0) (NOT (NUMBERP B1)))) (NOT (OR (EQUAL B2 0) (NOT (NUMBERP B2)))) (p (SUB1 B2) A (SUB1 B1) Y)) (p B2 A B1 Y))). Linear arithmetic, the lemmas SUB1-LESSEQP and SUB1-LESSP, and the definitions of OR and NOT can be used to show that the measure (COUNT B2) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instance chosen for B1. The above induction scheme leads to four new conjectures: Case 4. (IMPLIES (AND (OR (EQUAL B1 0) (NOT (NUMBERP B1))) (NUMBERP Y) (NUMBERP A) (NOT (LESSP A Y)) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 A) (TIMES B1 Y)))), which simplifies, expanding the functions NOT, OR, EQUAL, LESSP, and TIMES, to: T. Case 3. (IMPLIES (AND (NOT (OR (EQUAL B1 0) (NOT (NUMBERP B1)))) (OR (EQUAL B2 0) (NOT (NUMBERP B2))) (NUMBERP Y) (NUMBERP A) (NOT (LESSP A Y)) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 A) (TIMES B1 Y)))), which simplifies, opening up NOT, OR, EQUAL, and LESSP, to: T. Case 2. (IMPLIES (AND (NOT (OR (EQUAL B1 0) (NOT (NUMBERP B1)))) (NOT (OR (EQUAL B2 0) (NOT (NUMBERP B2)))) (LESSP (SUB1 B2) (SUB1 B1)) (NUMBERP Y) (NUMBERP A) (NOT (LESSP A Y)) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 A) (TIMES B1 Y)))), which simplifies, using linear arithmetic, to: (IMPLIES (AND (LESSP B1 1) (NOT (OR (EQUAL B1 0) (NOT (NUMBERP B1)))) (NOT (OR (EQUAL B2 0) (NOT (NUMBERP B2)))) (LESSP (SUB1 B2) (SUB1 B1)) (NUMBERP Y) (NUMBERP A) (NOT (LESSP A Y)) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 A) (TIMES B1 Y)))). But this again simplifies, opening up the functions SUB1, NUMBERP, EQUAL, LESSP, NOT, and OR, to: T. Case 1. (IMPLIES (AND (NOT (OR (EQUAL B1 0) (NOT (NUMBERP B1)))) (NOT (OR (EQUAL B2 0) (NOT (NUMBERP B2)))) (NOT (LESSP (TIMES (SUB1 B2) A) (TIMES (SUB1 B1) Y))) (NUMBERP Y) (NUMBERP A) (NOT (LESSP A Y)) (NOT (LESSP B2 B1))) (NOT (LESSP (TIMES B2 A) (TIMES B1 Y)))), which simplifies, expanding the definitions of NOT, OR, LESSP, and TIMES, to the goal: (IMPLIES (AND (NOT (EQUAL B1 0)) (NUMBERP B1) (NOT (EQUAL B2 0)) (NUMBERP B2) (NOT (LESSP (TIMES (SUB1 B2) A) (TIMES (SUB1 B1) Y))) (NUMBERP Y) (NUMBERP A) (NOT (LESSP A Y)) (NOT (LESSP (SUB1 B2) (SUB1 B1)))) (NOT (LESSP (PLUS A (TIMES (SUB1 B2) A)) (PLUS Y (TIMES (SUB1 B1) Y))))). But this again simplifies, using linear arithmetic, to: T. That finishes the proof of *1.1, which finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MONOTON-OF-EXP-1 (PROVE-LEMMA PLUS-DIFFERENCE (REWRITE) (IMPLIES (AND (LEQ E1 E2) (NUMBERP E1) (NUMBERP E2)) (EQUAL (PLUS E1 (DIFFERENCE E2 E1)) E2))) This conjecture simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PLUS-DIFFERENCE (PROVE-LEMMA MONOTON-OF-EXP-AUX1 NIL (IMPLIES (AND (LEQ E1 E2) (NUMBERP E1) (NUMBERP E2)) (EQUAL (EXPT B E2) (TIMES (EXPT B E1) (EXPT B (DIFFERENCE E2 E1))))) ((DO-NOT-INDUCT T) (USE (ADDITION-OF-EXPONENTS (M B) (A E1) (B (DIFFERENCE E2 E1)))) (DISABLE ADDITION-OF-EXPONENTS))) This conjecture simplifies, applying PLUS-DIFFERENCE, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTON-OF-EXP-AUX1 (PROVE-LEMMA EXPT-IS-POSITIVE (REWRITE) (IMPLIES (NOT (ZEROP B)) (LESSP 0 (EXPT B E)))) WARNING: Note that the proposed lemma EXPT-IS-POSITIVE is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This formula can be simplified, using the abbreviations ZEROP, NOT, and IMPLIES, to: (IMPLIES (AND (NOT (EQUAL B 0)) (NUMBERP B)) (LESSP 0 (EXPT B E))), which simplifies, opening up EQUAL and LESSP, to: (IMPLIES (AND (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (EXPT B E) 0))). Give the above formula the name *1. Perhaps we can prove it by induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (ZEROP E) (p B E)) (IMPLIES (AND (NOT (ZEROP E)) (p B (SUB1 E))) (p B E))). Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP establish that the measure (COUNT E) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following two new conjectures: Case 2. (IMPLIES (AND (ZEROP E) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (EXPT B E) 0))). This simplifies, opening up the functions ZEROP, EQUAL, and EXPT, to: T. Case 1. (IMPLIES (AND (NOT (ZEROP E)) (NOT (EQUAL (EXPT B (SUB1 E)) 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (EXPT B E) 0))). This simplifies, opening up ZEROP and EXPT, to the new conjecture: (IMPLIES (AND (NOT (EQUAL E 0)) (NUMBERP E) (NOT (EQUAL (EXPT B (SUB1 E)) 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (TIMES B (EXPT B (SUB1 E))) 0))). Applying the lemma SUB1-ELIM, replace E by (ADD1 X) to eliminate (SUB1 E). We rely upon the type restriction lemma noted when SUB1 was introduced to restrict the new variable. We thus obtain: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL (ADD1 X) 0)) (NOT (EQUAL (EXPT B X) 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (TIMES B (EXPT B X)) 0))), which further simplifies, clearly, to: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL (EXPT B X) 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (TIMES B (EXPT B X)) 0))), which we generalize by replacing (EXPT B X) by Y. We restrict the new variable by recalling the type restriction lemma noted when EXPT was introduced. We would thus like to prove: (IMPLIES (AND (NUMBERP Y) (NUMBERP X) (NOT (EQUAL Y 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (TIMES B Y) 0))), which has an irrelevant term in it. By eliminating the term we get: (IMPLIES (AND (NUMBERP Y) (NOT (EQUAL Y 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (TIMES B Y) 0))), which we will finally name *1.1. We will appeal to induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (ZEROP B) (p B Y)) (IMPLIES (AND (NOT (ZEROP B)) (p (SUB1 B) Y)) (p B Y))). Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP establish that the measure (COUNT B) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following three new conjectures: Case 3. (IMPLIES (AND (ZEROP B) (NUMBERP Y) (NOT (EQUAL Y 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (TIMES B Y) 0))). This simplifies, unfolding ZEROP, to: T. Case 2. (IMPLIES (AND (NOT (ZEROP B)) (EQUAL (SUB1 B) 0) (NUMBERP Y) (NOT (EQUAL Y 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (TIMES B Y) 0))). This simplifies, opening up the functions ZEROP and TIMES, to: (IMPLIES (AND (EQUAL (SUB1 B) 0) (NUMBERP Y) (NOT (EQUAL Y 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (PLUS Y (TIMES (SUB1 B) Y)) 0))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (ZEROP B)) (NOT (EQUAL (TIMES (SUB1 B) Y) 0)) (NUMBERP Y) (NOT (EQUAL Y 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (TIMES B Y) 0))), which simplifies, unfolding the definitions of ZEROP and TIMES, to the goal: (IMPLIES (AND (NOT (EQUAL (TIMES (SUB1 B) Y) 0)) (NUMBERP Y) (NOT (EQUAL Y 0)) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (PLUS Y (TIMES (SUB1 B) Y)) 0))). This again simplifies, using linear arithmetic, to: T. That finishes the proof of *1.1, which, consequently, finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] EXPT-IS-POSITIVE (PROVE-LEMMA MONOTON-OF-EXP-AUX2 NIL (IMPLIES (NOT (ZEROP B)) (LEQ X (TIMES X (EXPT B E))))) This conjecture can be simplified, using the abbreviations ZEROP, NOT, and IMPLIES, to the goal: (IMPLIES (AND (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (LESSP (TIMES X (EXPT B E)) X))). Give the above formula the name *1. Perhaps we can prove it by induction. The recursive terms in the conjecture suggest three inductions. They merge into two likely candidate inductions, both of which are unflawed. Since both of these are equally likely, we will choose arbitrarily. We will induct according to the following scheme: (AND (IMPLIES (OR (EQUAL X 0) (NOT (NUMBERP X))) (p X B E)) (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (OR (EQUAL (TIMES X (EXPT B E)) 0) (NOT (NUMBERP (TIMES X (EXPT B E)))))) (p X B E)) (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (NOT (OR (EQUAL (TIMES X (EXPT B E)) 0) (NOT (NUMBERP (TIMES X (EXPT B E)))))) (p (SUB1 X) B E)) (p X B E))). Linear arithmetic, the lemmas SUB1-LESSEQP and SUB1-LESSP, and the definitions of OR and NOT can be used to prove that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates three new formulas: Case 3. (IMPLIES (AND (OR (EQUAL X 0) (NOT (NUMBERP X))) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (LESSP (TIMES X (EXPT B E)) X))), which simplifies, expanding NOT, OR, EQUAL, TIMES, and LESSP, to: T. Case 2. (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (OR (EQUAL (TIMES X (EXPT B E)) 0) (NOT (NUMBERP (TIMES X (EXPT B E))))) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (LESSP (TIMES X (EXPT B E)) X))), which simplifies, opening up NOT, OR, TIMES, EQUAL, and LESSP, to: (IMPLIES (AND (NOT (EQUAL X 0)) (NUMBERP X) (EQUAL (PLUS (EXPT B E) (TIMES (SUB1 X) (EXPT B E))) 0) (NOT (EQUAL B 0))) (NOT (NUMBERP B))). This again simplifies, using linear arithmetic and rewriting with EXPT-IS-POSITIVE, to: T. Case 1. (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (NOT (OR (EQUAL (TIMES X (EXPT B E)) 0) (NOT (NUMBERP (TIMES X (EXPT B E)))))) (NOT (LESSP (TIMES (SUB1 X) (EXPT B E)) (SUB1 X))) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (LESSP (TIMES X (EXPT B E)) X))). This simplifies, unfolding the functions NOT, OR, and TIMES, to: (IMPLIES (AND (NOT (EQUAL X 0)) (NUMBERP X) (NOT (EQUAL (PLUS (EXPT B E) (TIMES (SUB1 X) (EXPT B E))) 0)) (NOT (LESSP (TIMES (SUB1 X) (EXPT B E)) (SUB1 X))) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (LESSP (PLUS (EXPT B E) (TIMES (SUB1 X) (EXPT B E))) X))), which again simplifies, using linear arithmetic and applying EXPT-IS-POSITIVE, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MONOTON-OF-EXP-AUX2 (PROVE-LEMMA MONOTON-OF-EXP-2 NIL (IMPLIES (AND (LEQ E1 E2) (NUMBERP E1) (NUMBERP E2) (NOT (ZEROP B))) (LEQ (EXPT B E1) (EXPT B E2))) ((DO-NOT-INDUCT T) (USE (MONOTON-OF-EXP-AUX1 (B B) (E1 E1) (E2 E2)) (MONOTON-OF-EXP-AUX2 (B B) (X (EXPT B E1)) (E (DIFFERENCE E2 E1)))))) This conjecture can be simplified, using the abbreviations ZEROP, NOT, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (IF (LESSP E2 E1) F T) (NUMBERP E1) (NUMBERP E2)) (EQUAL (EXPT B E2) (TIMES (EXPT B E1) (EXPT B (DIFFERENCE E2 E1))))) (IMPLIES (NOT (ZEROP B)) (IF (LESSP (TIMES (EXPT B E1) (EXPT B (DIFFERENCE E2 E1))) (EXPT B E1)) F T)) (NOT (LESSP E2 E1)) (NUMBERP E1) (NUMBERP E2) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (LESSP (EXPT B E2) (EXPT B E1)))). This simplifies, expanding the functions AND, IMPLIES, ZEROP, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTON-OF-EXP-2 (DISABLE MONOTON-OF-EXP-AUX1) [ 0.0 0.0 0.0 ] MONOTON-OF-EXP-AUX1-OFF (DISABLE MONOTON-OF-EXP-AUX2) [ 0.0 0.0 0.0 ] MONOTON-OF-EXP-AUX2-OFF (DEFN MAGIC (S) (TIMES (PLUS (TIMES 3 S) 3) (EXPT (PLUS S 2) (PLUS S 2)))) From the definition we can conclude that (NUMBERP (MAGIC S)) is a theorem. [ 0.0 0.0 0.0 ] MAGIC (PROVE-LEMMA MAGIC-IS-A-NUMBER (REWRITE) (NUMBERP (MAGIC N))) This simplifies, trivially, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-IS-A-NUMBER (PROVE-LEMMA MAGIC-IS-MONOTONIC-AUX1 NIL (IMPLIES (LESSP M N) (LESSP (PLUS (TIMES 3 M) 3) (PLUS (TIMES 3 N) 3)))) This simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-IS-MONOTONIC-AUX1 (PROVE-LEMMA MAGIC-IS-MONOTONIC-AUX2 NIL (IMPLIES (LESSP M N) (LEQ (EXPT (PLUS M 2) (PLUS M 2)) (EXPT (PLUS N 2) (PLUS N 2)))) ((DO-NOT-INDUCT T) (USE (MONOTON-OF-EXP-1 (E (PLUS M 2)) (B1 (PLUS M 2)) (B2 (PLUS N 2))) (MONOTON-OF-EXP-2 (B (PLUS N 2)) (E1 (PLUS M 2)) (E2 (PLUS N 2)))))) This formula simplifies, applying ADDITION-OF-EXPONENTS, and expanding IMPLIES, ZEROP, NOT, AND, and EXPT, to the following four new conjectures: Case 4. (IMPLIES (AND (LESSP (PLUS N 2) (PLUS M 2)) (LESSP M N)) (NOT (LESSP (TIMES (EXPT (PLUS N 2) N) (EXPT (PLUS N 2) 2)) (TIMES (EXPT (PLUS M 2) M) (EXPT (PLUS M 2) 2))))). This again simplifies, using linear arithmetic, to: T. Case 3. (IMPLIES (AND (NOT (LESSP (TIMES (EXPT (PLUS N 2) M) (EXPT (PLUS N 2) 2)) (TIMES (EXPT (PLUS M 2) M) (EXPT (PLUS M 2) 2)))) (LESSP (PLUS N 2) (PLUS M 2)) (LESSP M N)) (NOT (LESSP (TIMES (EXPT (PLUS N 2) N) (EXPT (PLUS N 2) 2)) (TIMES (EXPT (PLUS M 2) M) (EXPT (PLUS M 2) 2))))), which again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (NOT (LESSP (TIMES (EXPT (PLUS N 2) M) (EXPT (PLUS N 2) 2)) (TIMES (EXPT (PLUS M 2) M) (EXPT (PLUS M 2) 2)))) (EQUAL (PLUS N 2) 0) (LESSP M N)) (NOT (LESSP 1 (TIMES (EXPT (PLUS M 2) M) (EXPT (PLUS M 2) 2))))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LESSP (TIMES (EXPT (PLUS N 2) M) (EXPT (PLUS N 2) 2)) (TIMES (EXPT (PLUS M 2) M) (EXPT (PLUS M 2) 2)))) (NOT (LESSP (TIMES (EXPT (PLUS N 2) N) (EXPT (PLUS N 2) 2)) (TIMES (EXPT (PLUS N 2) M) (EXPT (PLUS N 2) 2)))) (LESSP M N)) (NOT (LESSP (TIMES (EXPT (PLUS N 2) N) (EXPT (PLUS N 2) 2)) (TIMES (EXPT (PLUS M 2) M) (EXPT (PLUS M 2) 2))))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MAGIC-IS-MONOTONIC-AUX2 (PROVE-LEMMA MAGIC-IS-MONOTONIC-AUX3 (REWRITE) (LESSP 0 (EXPT (PLUS S 2) (PLUS S 2))) ((DO-NOT-INDUCT T) (USE (EXPT-IS-POSITIVE (B (PLUS S 2)) (E (PLUS S 2)))))) WARNING: Note that the proposed lemma MAGIC-IS-MONOTONIC-AUX3 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This simplifies, rewriting with ADDITION-OF-EXPONENTS, and opening up the functions ZEROP, NOT, EQUAL, LESSP, IMPLIES, and EXPT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-IS-MONOTONIC-AUX3 (PROVE-LEMMA MAGIC-IS-MONOTONIC-AUX4 NIL (IMPLIES (AND (LESSP X Y) (LEQ A B) (LESSP 0 A) (LESSP 0 B)) (LESSP (TIMES X A) (TIMES Y B)))) This formula simplifies, expanding the definitions of EQUAL and LESSP, to the new goal: (IMPLIES (AND (LESSP X Y) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (LESSP (TIMES X A) (TIMES Y B))), which we will name *1. Perhaps we can prove it by induction. There are six plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (OR (EQUAL Y 0) (NOT (NUMBERP Y))) (p X A Y B)) (IMPLIES (AND (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (OR (EQUAL X 0) (NOT (NUMBERP X)))) (p X A Y B)) (IMPLIES (AND (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (p (SUB1 X) A (SUB1 Y) B)) (p X A Y B))). Linear arithmetic, the lemmas SUB1-LESSEQP and SUB1-LESSP, and the definitions of OR and NOT establish that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instance chosen for Y. The above induction scheme generates the following four new goals: Case 4. (IMPLIES (AND (OR (EQUAL Y 0) (NOT (NUMBERP Y))) (LESSP X Y) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (LESSP (TIMES X A) (TIMES Y B))). This simplifies, unfolding the functions NOT, OR, EQUAL, and LESSP, to: T. Case 3. (IMPLIES (AND (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (OR (EQUAL X 0) (NOT (NUMBERP X))) (LESSP X Y) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (LESSP (TIMES X A) (TIMES Y B))). This simplifies, opening up NOT, OR, EQUAL, LESSP, and TIMES, to the following two new formulas: Case 3.2. (IMPLIES (AND (NOT (EQUAL Y 0)) (NUMBERP Y) (EQUAL X 0) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (PLUS B (TIMES (SUB1 Y) B)) 0))). But this again simplifies, using linear arithmetic, to: T. Case 3.1. (IMPLIES (AND (NOT (EQUAL Y 0)) (NUMBERP Y) (NOT (NUMBERP X)) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (NOT (EQUAL (PLUS B (TIMES (SUB1 Y) B)) 0))), which again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (NOT (LESSP (SUB1 X) (SUB1 Y))) (LESSP X Y) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (LESSP (TIMES X A) (TIMES Y B))), which simplifies, using linear arithmetic, to: (IMPLIES (AND (LESSP X 1) (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (NOT (LESSP (SUB1 X) (SUB1 Y))) (LESSP X Y) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (LESSP (TIMES X A) (TIMES Y B))). This again simplifies, opening up SUB1, NUMBERP, EQUAL, LESSP, NOT, and OR, to: T. Case 1. (IMPLIES (AND (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (LESSP (TIMES (SUB1 X) A) (TIMES (SUB1 Y) B)) (LESSP X Y) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (LESSP (TIMES X A) (TIMES Y B))), which simplifies, unfolding the functions NOT, OR, LESSP, and TIMES, to: (IMPLIES (AND (NOT (EQUAL Y 0)) (NUMBERP Y) (NOT (EQUAL X 0)) (NUMBERP X) (LESSP (TIMES (SUB1 X) A) (TIMES (SUB1 Y) B)) (LESSP (SUB1 X) (SUB1 Y)) (NOT (LESSP B A)) (NOT (EQUAL A 0)) (NUMBERP A) (NOT (EQUAL B 0)) (NUMBERP B)) (LESSP (PLUS A (TIMES (SUB1 X) A)) (PLUS B (TIMES (SUB1 Y) B)))). But this again simplifies, using linear arithmetic, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-IS-MONOTONIC-AUX4 (PROVE-LEMMA MAGIC-IS-MONOTONIC (REWRITE) (IMPLIES (LESSP M N) (LESSP (MAGIC M) (MAGIC N))) ((DO-NOT-INDUCT T) (USE (MAGIC-IS-MONOTONIC-AUX4 (X (PLUS (TIMES 3 M) 3)) (Y (PLUS (TIMES 3 N) 3)) (A (EXPT (PLUS M 2) (PLUS M 2))) (B (EXPT (PLUS N 2) (PLUS N 2)))) (MAGIC-IS-MONOTONIC-AUX3 (S M)) (MAGIC-IS-MONOTONIC-AUX3 (S N)) (MAGIC-IS-MONOTONIC-AUX1 (M M) (N N)) (MAGIC-IS-MONOTONIC-AUX2 (M M) (N N))) (DISABLE TIMES ADDITION-OF-EXPONENTS MAGIC-IS-MONOTONIC-AUX3))) WARNING: Note that the linear lemma MAGIC-IS-MONOTONIC is being stored under the term (MAGIC N), which is unusual because MAGIC is a nonrecursive function symbol. WARNING: Note that the linear lemma MAGIC-IS-MONOTONIC is being stored under the term (MAGIC M), which is unusual because MAGIC is a nonrecursive function symbol. WARNING: When the linear lemma MAGIC-IS-MONOTONIC is stored under (MAGIC N) it contains the free variable M which will be chosen by instantiating the hypothesis (LESSP M N). WARNING: When the linear lemma MAGIC-IS-MONOTONIC is stored under (MAGIC M) it contains the free variable N which will be chosen by instantiating the hypothesis (LESSP M N). WARNING: Note that the proposed lemma MAGIC-IS-MONOTONIC is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This simplifies, expanding the functions EQUAL, LESSP, AND, IMPLIES, and MAGIC, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-IS-MONOTONIC (DISABLE MAGIC-IS-MONOTONIC-AUX1) [ 0.0 0.0 0.0 ] MAGIC-IS-MONOTONIC-AUX1-OFF (DISABLE MAGIC-IS-MONOTONIC-AUX2) [ 0.0 0.0 0.0 ] MAGIC-IS-MONOTONIC-AUX2-OFF (DISABLE MAGIC-IS-MONOTONIC-AUX3) [ 0.0 0.0 0.0 ] MAGIC-IS-MONOTONIC-AUX3-OFF (DISABLE MAGIC-IS-MONOTONIC-AUX4) [ 0.0 0.0 0.0 ] MAGIC-IS-MONOTONIC-AUX4-OFF (DISABLE MAGIC) [ 0.0 0.0 0.0 ] MAGIC-OFF (PROVE-LEMMA MAGIC-IS-BIGGER-AUX1 (REWRITE) (IMPLIES (AND (NOT (EQUAL N 0)) (EQUAL (MAGIC N) 0)) (NOT (NUMBERP N))) ((USE (MAGIC-IS-MONOTONIC (M 0) (N N))))) WARNING: MAGIC-IS-BIGGER-AUX1 will slow down the theorem-prover because it will cause backward chaining on every instance of a primitive type expression. This conjecture simplifies, unfolding the functions EQUAL, LESSP, MAGIC, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-IS-BIGGER-AUX1 (PROVE-LEMMA MAGIC-IS-BIGGER-AUX2 (REWRITE) (IMPLIES (AND (NUMBERP N) (NOT (LESSP (MAGIC (SUB1 N)) (SUB1 N)))) (NOT (LESSP (MAGIC N) N))) ((USE (MAGIC-IS-MONOTONIC (M (SUB1 N)) (N N))))) WARNING: Note that the proposed lemma MAGIC-IS-BIGGER-AUX2 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This simplifies, opening up the definition of IMPLIES, to the following two new goals: Case 2. (IMPLIES (AND (NOT (LESSP (SUB1 N) N)) (NUMBERP N) (NOT (LESSP (MAGIC (SUB1 N)) (SUB1 N)))) (NOT (LESSP (MAGIC N) N))). But this again simplifies, using linear arithmetic, to: (IMPLIES (AND (EQUAL N 0) (NOT (LESSP (SUB1 N) N)) (NUMBERP N) (NOT (LESSP (MAGIC (SUB1 N)) (SUB1 N)))) (NOT (LESSP (MAGIC N) N))). However this again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (LESSP (MAGIC (SUB1 N)) (MAGIC N)) (NUMBERP N) (NOT (LESSP (MAGIC (SUB1 N)) (SUB1 N)))) (NOT (LESSP (MAGIC N) N))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-IS-BIGGER-AUX2 (PROVE-LEMMA MAGIC-IS-BIGGER (REWRITE) (IMPLIES (NUMBERP N) (NOT (LESSP (MAGIC N) N)))) WARNING: Note that the proposed lemma MAGIC-IS-BIGGER is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. Give the conjecture the name *1. Let us appeal to the induction principle. There is only one suggested induction. We will induct according to the following scheme: (AND (IMPLIES (OR (EQUAL N 0) (NOT (NUMBERP N))) (p N)) (IMPLIES (AND (NOT (OR (EQUAL N 0) (NOT (NUMBERP N)))) (OR (EQUAL (MAGIC N) 0) (NOT (NUMBERP (MAGIC N))))) (p N)) (IMPLIES (AND (NOT (OR (EQUAL N 0) (NOT (NUMBERP N)))) (NOT (OR (EQUAL (MAGIC N) 0) (NOT (NUMBERP (MAGIC N))))) (p (SUB1 N))) (p N))). Linear arithmetic, the lemmas SUB1-LESSEQP and SUB1-LESSP, and the definitions of OR and NOT establish that the measure (COUNT N) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates three new conjectures: Case 3. (IMPLIES (AND (OR (EQUAL N 0) (NOT (NUMBERP N))) (NUMBERP N)) (NOT (LESSP (MAGIC N) N))), which simplifies, expanding the functions NOT, OR, NUMBERP, MAGIC, and LESSP, to: T. Case 2. (IMPLIES (AND (NOT (OR (EQUAL N 0) (NOT (NUMBERP N)))) (OR (EQUAL (MAGIC N) 0) (NOT (NUMBERP (MAGIC N)))) (NUMBERP N)) (NOT (LESSP (MAGIC N) N))), which simplifies, appealing to the lemma MAGIC-IS-BIGGER-AUX1, and expanding NOT and OR, to: T. Case 1. (IMPLIES (AND (NOT (OR (EQUAL N 0) (NOT (NUMBERP N)))) (NOT (OR (EQUAL (MAGIC N) 0) (NOT (NUMBERP (MAGIC N))))) (NOT (LESSP (MAGIC (SUB1 N)) (SUB1 N))) (NUMBERP N)) (NOT (LESSP (MAGIC N) N))), which simplifies, using linear arithmetic and rewriting with the lemma MAGIC-IS-BIGGER-AUX2, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-IS-BIGGER (DISABLE MAGIC-IS-BIGGER-AUX1) [ 0.0 0.0 0.0 ] MAGIC-IS-BIGGER-AUX1-OFF (DISABLE MAGIC-IS-BIGGER-AUX2) [ 0.0 0.0 0.0 ] MAGIC-IS-BIGGER-AUX2-OFF (PROVE-LEMMA TIMES-IS-MONOTONIC NIL (IMPLIES (AND (LEQ X Y) (LEQ A B)) (LEQ (TIMES X A) (TIMES Y B)))) Give the conjecture the name *1. We will appeal to induction. Six inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (OR (EQUAL X 0) (NOT (NUMBERP X))) (p Y B X A)) (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (p Y B X A)) (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (p (SUB1 Y) B (SUB1 X) A)) (p Y B X A))). Linear arithmetic, the lemmas SUB1-LESSEQP and SUB1-LESSP, and the definitions of OR and NOT inform us that the measure (COUNT Y) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instance chosen for X. The above induction scheme produces the following four new formulas: Case 4. (IMPLIES (AND (OR (EQUAL X 0) (NOT (NUMBERP X))) (NOT (LESSP Y X)) (NOT (LESSP B A))) (NOT (LESSP (TIMES Y B) (TIMES X A)))). This simplifies, expanding the definitions of NOT, OR, EQUAL, LESSP, and TIMES, to: T. Case 3. (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (OR (EQUAL Y 0) (NOT (NUMBERP Y))) (NOT (LESSP Y X)) (NOT (LESSP B A))) (NOT (LESSP (TIMES Y B) (TIMES X A)))). This simplifies, opening up the functions NOT, OR, EQUAL, and LESSP, to: T. Case 2. (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (LESSP (SUB1 Y) (SUB1 X)) (NOT (LESSP Y X)) (NOT (LESSP B A))) (NOT (LESSP (TIMES Y B) (TIMES X A)))). This simplifies, using linear arithmetic, to: (IMPLIES (AND (LESSP X 1) (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (LESSP (SUB1 Y) (SUB1 X)) (NOT (LESSP Y X)) (NOT (LESSP B A))) (NOT (LESSP (TIMES Y B) (TIMES X A)))), which again simplifies, unfolding SUB1, NUMBERP, EQUAL, LESSP, NOT, and OR, to: T. Case 1. (IMPLIES (AND (NOT (OR (EQUAL X 0) (NOT (NUMBERP X)))) (NOT (OR (EQUAL Y 0) (NOT (NUMBERP Y)))) (NOT (LESSP (TIMES (SUB1 Y) B) (TIMES (SUB1 X) A))) (NOT (LESSP Y X)) (NOT (LESSP B A))) (NOT (LESSP (TIMES Y B) (TIMES X A)))), which simplifies, opening up the definitions of NOT, OR, LESSP, and TIMES, to the formula: (IMPLIES (AND (NOT (EQUAL X 0)) (NUMBERP X) (NOT (EQUAL Y 0)) (NUMBERP Y) (NOT (LESSP (TIMES (SUB1 Y) B) (TIMES (SUB1 X) A))) (NOT (LESSP (SUB1 Y) (SUB1 X))) (NOT (LESSP B A))) (NOT (LESSP (PLUS B (TIMES (SUB1 Y) B)) (PLUS A (TIMES (SUB1 X) A))))). However this again simplifies, using linear arithmetic, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] TIMES-IS-MONOTONIC (PROVE-LEMMA TIMES-RIGHT-IDENT (REWRITE) (IMPLIES (NUMBERP X) (EQUAL (TIMES X 1) X))) Name the conjecture *1. We will appeal to induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (ZEROP X) (p X)) (IMPLIES (AND (NOT (ZEROP X)) (p (SUB1 X))) (p X))). Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP inform us that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following two new formulas: Case 2. (IMPLIES (AND (ZEROP X) (NUMBERP X)) (EQUAL (TIMES X 1) X)). This simplifies, expanding the definitions of ZEROP, NUMBERP, TIMES, and EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (ZEROP X)) (EQUAL (TIMES (SUB1 X) 1) (SUB1 X)) (NUMBERP X)) (EQUAL (TIMES X 1) X)). This simplifies, expanding the definitions of ZEROP and TIMES, to: (IMPLIES (AND (NOT (EQUAL X 0)) (EQUAL (TIMES (SUB1 X) 1) (SUB1 X)) (NUMBERP X)) (EQUAL (PLUS 1 (SUB1 X)) X)), which again simplifies, using linear arithmetic, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] TIMES-RIGHT-IDENT (PROVE-LEMMA TIMES-LEFT-IDENT (REWRITE) (IMPLIES (NUMBERP X) (EQUAL (TIMES 1 X) X))) This conjecture simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] TIMES-LEFT-IDENT (ENABLE MAGIC) [ 0.0 0.0 0.0 ] MAGIC-ON (PROVE-LEMMA MAGIC-1 NIL (LEQ (PLUS (TIMES 2 S) 3) (MAGIC S)) ((DO-NOT-INDUCT T) (USE (EXPT-IS-POSITIVE (B (PLUS S 2)) (E (PLUS S 2))) (TIMES-IS-MONOTONIC (X (PLUS (TIMES 2 S) 3)) (A 1) (Y (PLUS (TIMES 3 S) 3)) (B (EXPT (PLUS S 2) (PLUS S 2))))) (DISABLE ADDITION-OF-EXPONENTS TIMES))) This simplifies, rewriting with TIMES-RIGHT-IDENT, and unfolding the definitions of ZEROP, NOT, EQUAL, LESSP, IMPLIES, EXPT, AND, and MAGIC, to three new goals: Case 3. (IMPLIES (EQUAL (PLUS S 2) 0) (NOT (LESSP (PLUS (TIMES 3 S) 3) (PLUS (TIMES 2 S) 3)))), which again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (NOT (EQUAL (EXPT (PLUS S 2) (PLUS S 2)) 0)) (LESSP (PLUS (TIMES 3 S) 3) (PLUS (TIMES 2 S) 3))) (NOT (LESSP (TIMES (PLUS (TIMES 3 S) 3) (EXPT (PLUS S 2) (PLUS S 2))) (PLUS (TIMES 2 S) 3)))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (EQUAL (EXPT (PLUS S 2) (PLUS S 2)) 0)) (LESSP (EXPT (PLUS S 2) (PLUS S 2)) 1)) (NOT (LESSP (TIMES (PLUS (TIMES 3 S) 3) (EXPT (PLUS S 2) (PLUS S 2))) (PLUS (TIMES 2 S) 3)))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-1 (PROVE-LEMMA MAGIC-2 NIL (IMPLIES (NUMBERP S) (LEQ (EXPT S S) (EXPT (PLUS S 2) (PLUS S 2)))) ((DO-NOT-INDUCT T) (USE (MONOTON-OF-EXP-1 (E S) (B1 S) (B2 (PLUS S 2))) (MONOTON-OF-EXP-2 (E1 S) (E2 (PLUS S 2)) (B (PLUS S 2)))))) This simplifies, rewriting with the lemma ADDITION-OF-EXPONENTS, and unfolding the definitions of IMPLIES, ZEROP, NOT, AND, and EXPT, to four new goals: Case 4. (IMPLIES (AND (LESSP (PLUS S 2) S) (NUMBERP S)) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT S S)))), which again simplifies, using linear arithmetic, to: T. Case 3. (IMPLIES (AND (NOT (LESSP (EXPT (PLUS S 2) S) (EXPT S S))) (LESSP (PLUS S 2) S) (NUMBERP S)) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT S S)))), which again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (NOT (LESSP (EXPT (PLUS S 2) S) (EXPT S S))) (EQUAL (PLUS S 2) 0) (NUMBERP S)) (NOT (LESSP 1 (EXPT S S)))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LESSP (EXPT (PLUS S 2) S) (EXPT S S))) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT (PLUS S 2) S))) (NUMBERP S)) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT S S)))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-2 (PROVE-LEMMA MAGIC-3 NIL (IMPLIES (NUMBERP R) (LEQ (TIMES (TIMES 3 R) (EXPT R R)) (MAGIC R))) ((DO-NOT-INDUCT T) (USE (MAGIC-2 (S R)) (TIMES-IS-MONOTONIC (X (TIMES 3 R)) (A (EXPT R R)) (Y (PLUS (TIMES 3 R) 3)) (B (EXPT (PLUS R 2) (PLUS R 2))))) (DISABLE ADDITION-OF-EXPONENTS TIMES))) This simplifies, unfolding IMPLIES, AND, and MAGIC, to: (IMPLIES (AND (NOT (LESSP (EXPT (PLUS R 2) (PLUS R 2)) (EXPT R R))) (LESSP (PLUS (TIMES 3 R) 3) (TIMES 3 R)) (NUMBERP R)) (NOT (LESSP (TIMES (PLUS (TIMES 3 R) 3) (EXPT (PLUS R 2) (PLUS R 2))) (TIMES (TIMES 3 R) (EXPT R R))))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-3 (PROVE-LEMMA MAGIC-4 NIL (IMPLIES (NUMBERP S) (LEQ (EXPT 2 S) (EXPT (PLUS S 2) (PLUS S 2)))) ((DO-NOT-INDUCT T) (USE (MONOTON-OF-EXP-1 (E S) (B1 2) (B2 (PLUS S 2))) (MONOTON-OF-EXP-2 (E1 S) (E2 (PLUS S 2)) (B (PLUS S 2)))))) This simplifies, applying the lemma ADDITION-OF-EXPONENTS, and expanding the definitions of IMPLIES, ZEROP, NOT, AND, and EXPT, to six new formulas: Case 6. (IMPLIES (AND (LESSP (PLUS S 2) 2) (LESSP (PLUS S 2) S) (NUMBERP S)) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT 2 S)))), which again simplifies, using linear arithmetic, to: T. Case 5. (IMPLIES (AND (LESSP (PLUS S 2) 2) (EQUAL (PLUS S 2) 0) (NUMBERP S)) (NOT (LESSP 1 (EXPT 2 S)))), which again simplifies, using linear arithmetic, to: T. Case 4. (IMPLIES (AND (LESSP (PLUS S 2) 2) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT (PLUS S 2) S))) (NUMBERP S)) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT 2 S)))), which again simplifies, using linear arithmetic, to: T. Case 3. (IMPLIES (AND (NOT (LESSP (EXPT (PLUS S 2) S) (EXPT 2 S))) (LESSP (PLUS S 2) S) (NUMBERP S)) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT 2 S)))), which again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (NOT (LESSP (EXPT (PLUS S 2) S) (EXPT 2 S))) (EQUAL (PLUS S 2) 0) (NUMBERP S)) (NOT (LESSP 1 (EXPT 2 S)))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LESSP (EXPT (PLUS S 2) S) (EXPT 2 S))) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT (PLUS S 2) S))) (NUMBERP S)) (NOT (LESSP (TIMES (EXPT (PLUS S 2) S) (EXPT (PLUS S 2) 2)) (EXPT 2 S)))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-4 (PROVE-LEMMA MAGIC-5 NIL (IMPLIES (NUMBERP S) (LEQ (EXPT 2 S) (MAGIC S))) ((DO-NOT-INDUCT T) (USE (MAGIC-4 (S S)) (TIMES-IS-MONOTONIC (X 1) (A (EXPT 2 S)) (Y (PLUS (TIMES 3 S) 3)) (B (EXPT (PLUS S 2) (PLUS S 2))))) (DISABLE ADDITION-OF-EXPONENTS TIMES))) This simplifies, appealing to the lemma TIMES-LEFT-IDENT, and expanding IMPLIES, AND, and MAGIC, to: (IMPLIES (AND (NOT (LESSP (EXPT (PLUS S 2) (PLUS S 2)) (EXPT 2 S))) (LESSP (PLUS (TIMES 3 S) 3) 1) (NUMBERP S)) (NOT (LESSP (TIMES (PLUS (TIMES 3 S) 3) (EXPT (PLUS S 2) (PLUS S 2))) (EXPT 2 S)))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-5 (PROVE-LEMMA MAGIC-6 NIL (IMPLIES (NUMBERP S) (LEQ (EXPT S (EXPT 2 S)) (EXPT (MAGIC S) (MAGIC S)))) ((DO-NOT-INDUCT T) (USE (MAGIC-5 (S S)) (MAGIC-IS-BIGGER (N N)) (MONOTON-OF-EXP-1 (B1 S) (B2 (MAGIC S)) (E (EXPT 2 S))) (MONOTON-OF-EXP-2 (B (MAGIC S)) (E1 (EXPT 2 S)) (E2 (MAGIC S)))) (DISABLE MAGIC ADDITION-OF-EXPONENTS TIMES) (HANDS-OFF MAGIC))) This formula simplifies, unfolding the functions IMPLIES, NOT, ZEROP, AND, EQUAL, and EXPT, to the following eight new goals: Case 8. (IMPLIES (AND (NOT (LESSP (MAGIC S) (EXPT 2 S))) (NOT (NUMBERP N)) (LESSP (MAGIC S) S) (EQUAL (MAGIC S) 0) (NUMBERP S)) (NOT (LESSP 1 (EXPT S (EXPT 2 S))))). However this again simplifies, using linear arithmetic and applying MAGIC-IS-BIGGER, to: T. Case 7. (IMPLIES (AND (NOT (LESSP (MAGIC S) (EXPT 2 S))) (NOT (NUMBERP N)) (LESSP (MAGIC S) S) (NOT (LESSP (EXPT (MAGIC S) (MAGIC S)) (EXPT (MAGIC S) (EXPT 2 S)))) (NUMBERP S)) (NOT (LESSP (EXPT (MAGIC S) (MAGIC S)) (EXPT S (EXPT 2 S))))). But this again simplifies, using linear arithmetic and applying MAGIC-IS-BIGGER, to: T. Case 6. (IMPLIES (AND (NOT (LESSP (MAGIC S) (EXPT 2 S))) (NOT (NUMBERP N)) (NOT (LESSP (EXPT (MAGIC S) (EXPT 2 S)) (EXPT S (EXPT 2 S)))) (EQUAL (MAGIC S) 0) (NUMBERP S)) (NOT (LESSP 1 (EXPT S (EXPT 2 S))))). This again simplifies, using linear arithmetic, rewriting with EXPT-IS-POSITIVE, and unfolding EQUAL, to: T. Case 5. (IMPLIES (AND (NOT (LESSP (MAGIC S) (EXPT 2 S))) (NOT (NUMBERP N)) (NOT (LESSP (EXPT (MAGIC S) (EXPT 2 S)) (EXPT S (EXPT 2 S)))) (NOT (LESSP (EXPT (MAGIC S) (MAGIC S)) (EXPT (MAGIC S) (EXPT 2 S)))) (NUMBERP S)) (NOT (LESSP (EXPT (MAGIC S) (MAGIC S)) (EXPT S (EXPT 2 S))))). But this again simplifies, using linear arithmetic, to: T. Case 4. (IMPLIES (AND (NOT (LESSP (MAGIC S) (EXPT 2 S))) (NOT (LESSP (MAGIC N) N)) (LESSP (MAGIC S) S) (EQUAL (MAGIC S) 0) (NUMBERP S)) (NOT (LESSP 1 (EXPT S (EXPT 2 S))))), which again simplifies, using linear arithmetic and applying the lemma MAGIC-IS-BIGGER, to: T. Case 3. (IMPLIES (AND (NOT (LESSP (MAGIC S) (EXPT 2 S))) (NOT (LESSP (MAGIC N) N)) (LESSP (MAGIC S) S) (NOT (LESSP (EXPT (MAGIC S) (MAGIC S)) (EXPT (MAGIC S) (EXPT 2 S)))) (NUMBERP S)) (NOT (LESSP (EXPT (MAGIC S) (MAGIC S)) (EXPT S (EXPT 2 S))))), which again simplifies, using linear arithmetic and applying the lemma MAGIC-IS-BIGGER, to: T. Case 2. (IMPLIES (AND (NOT (LESSP (MAGIC S) (EXPT 2 S))) (NOT (LESSP (MAGIC N) N)) (NOT (LESSP (EXPT (MAGIC S) (EXPT 2 S)) (EXPT S (EXPT 2 S)))) (EQUAL (MAGIC S) 0) (NUMBERP S)) (NOT (LESSP 1 (EXPT S (EXPT 2 S))))), which again simplifies, using linear arithmetic, rewriting with EXPT-IS-POSITIVE, and opening up the function EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (LESSP (MAGIC S) (EXPT 2 S))) (NOT (LESSP (MAGIC N) N)) (NOT (LESSP (EXPT (MAGIC S) (EXPT 2 S)) (EXPT S (EXPT 2 S)))) (NOT (LESSP (EXPT (MAGIC S) (MAGIC S)) (EXPT (MAGIC S) (EXPT 2 S)))) (NUMBERP S)) (NOT (LESSP (EXPT (MAGIC S) (MAGIC S)) (EXPT S (EXPT 2 S))))). However this again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-6 (PROVE-LEMMA MAGIC-7 NIL (IMPLIES (NUMBERP S) (LEQ (TIMES (TIMES 3 (MAGIC S)) (EXPT S (EXPT 2 S))) (TIMES (TIMES 3 (MAGIC S)) (EXPT (MAGIC S) (MAGIC S))))) ((DO-NOT-INDUCT T) (USE (MAGIC-6 (S S)) (TIMES-IS-MONOTONIC (X (TIMES 3 (MAGIC S))) (A (EXPT S (EXPT 2 S))) (Y (TIMES 3 (MAGIC S))) (B (EXPT (MAGIC S) (MAGIC S))))) (DISABLE MAGIC ADDITION-OF-EXPONENTS TIMES) (HANDS-OFF MAGIC))) This conjecture simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-7 (PROVE-LEMMA MAGIC-8 NIL (IMPLIES (NUMBERP S) (LEQ (TIMES (TIMES 3 (MAGIC S)) (EXPT S (EXPT 2 S))) (MAGIC (MAGIC S)))) ((DO-NOT-INDUCT T) (USE (MAGIC-7 (S S)) (MAGIC-3 (R (MAGIC S)))) (DISABLE MAGIC ADDITION-OF-EXPONENTS TIMES) (HANDS-OFF MAGIC))) This formula simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-8 (PROVE-LEMMA MAGIC-9 NIL (LEQ (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (TIMES 3 (MAGIC S))) ((DO-NOT-INDUCT T) (USE (MAGIC-1 (S S))) (DISABLE MAGIC ADDITION-OF-EXPONENTS TIMES) (HANDS-OFF MAGIC))) This formula simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-9 (PROVE-LEMMA MAGIC-10 NIL (IMPLIES (NUMBERP S) (LEQ (TIMES (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (EXPT S (EXPT 2 S))) (MAGIC (MAGIC S)))) ((DO-NOT-INDUCT T) (USE (TIMES-IS-MONOTONIC (X (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S)))) (Y (TIMES 3 (MAGIC S))) (A (EXPT S (EXPT 2 S))) (B (EXPT S (EXPT 2 S)))) (MAGIC-8 (S S)) (MAGIC-9 (S S))) (DISABLE MAGIC ADDITION-OF-EXPONENTS TIMES) (HANDS-OFF MAGIC))) This conjecture simplifies, expanding SUB1, NUMBERP, EQUAL, PLUS, AND, and IMPLIES, to two new conjectures: Case 2. (IMPLIES (AND (LESSP (EXPT S (EXPT 2 S)) (EXPT S (EXPT 2 S))) (NOT (LESSP (MAGIC (MAGIC S)) (TIMES (TIMES 3 (MAGIC S)) (EXPT S (EXPT 2 S))))) (NOT (LESSP (TIMES 3 (MAGIC S)) (PLUS (TIMES 2 S) (ADD1 (PLUS 2 (TIMES 2 (MAGIC S))))))) (NUMBERP S)) (NOT (LESSP (MAGIC (MAGIC S)) (TIMES (PLUS (TIMES 2 S) (ADD1 (PLUS 2 (TIMES 2 (MAGIC S))))) (EXPT S (EXPT 2 S)))))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LESSP (TIMES (TIMES 3 (MAGIC S)) (EXPT S (EXPT 2 S))) (TIMES (PLUS (TIMES 2 S) (ADD1 (PLUS 2 (TIMES 2 (MAGIC S))))) (EXPT S (EXPT 2 S))))) (NOT (LESSP (MAGIC (MAGIC S)) (TIMES (TIMES 3 (MAGIC S)) (EXPT S (EXPT 2 S))))) (NOT (LESSP (TIMES 3 (MAGIC S)) (PLUS (TIMES 2 S) (ADD1 (PLUS 2 (TIMES 2 (MAGIC S))))))) (NUMBERP S)) (NOT (LESSP (MAGIC (MAGIC S)) (TIMES (PLUS (TIMES 2 S) (ADD1 (PLUS 2 (TIMES 2 (MAGIC S))))) (EXPT S (EXPT 2 S)))))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-10 (PROVE-LEMMA MAGIC-11 NIL (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D)) (NOT (ZEROP C))) (LEQ (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))))) ((DO-NOT-INDUCT T) (USE (MAGIC-IS-MONOTONIC (M Z) (N (PLUS Z A C)))) (DISABLE MAGIC MAGIC-IS-MONOTONIC))) This conjecture can be simplified, using the abbreviations ZEROP, NOT, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (LESSP Z (PLUS Z A C)) (LESSP (MAGIC Z) (MAGIC (PLUS Z A C)))) (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D)) (NOT (EQUAL C 0)) (NUMBERP C)) (NOT (LESSP (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C)))). This simplifies, rewriting with TIMES-LEFT-IDENT, and opening up the definitions of IMPLIES, SUB1, NUMBERP, EQUAL, TIMES, and PLUS, to two new conjectures: Case 2. (IMPLIES (AND (NOT (LESSP Z (PLUS Z A C))) (NOT (EQUAL C 0)) (NUMBERP C)) (NOT (LESSP (PLUS (PLUS (PLUS Z A C) Z A C) 3 (MAGIC (PLUS Z A C)) (MAGIC (PLUS Z A C))) (PLUS (TIMES 2 A) (PLUS (MAGIC Z) (MAGIC Z)) (ADD1 (PLUS 2 C)))))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (LESSP (MAGIC Z) (MAGIC (PLUS Z A C))) (NOT (EQUAL C 0)) (NUMBERP C)) (NOT (LESSP (PLUS (PLUS (PLUS Z A C) Z A C) 3 (MAGIC (PLUS Z A C)) (MAGIC (PLUS Z A C))) (PLUS (TIMES 2 A) (PLUS (MAGIC Z) (MAGIC Z)) (ADD1 (PLUS 2 C)))))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-11 (PROVE-LEMMA MAGIC-12 NIL (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D))) (LEQ (EXPT 2 Z) (EXPT 2 S))) ((DO-NOT-INDUCT T) (USE (MONOTON-OF-EXP-2 (B 2) (E1 Z) (E2 S))) (DISABLE ADDITION-OF-EXPONENTS ASSOCIATIVITY-OF-TIMES))) This simplifies, unfolding the definitions of ZEROP, NOT, AND, IMPLIES, PLUS, and EXPT, to the following two new formulas: Case 2. (IMPLIES (LESSP (PLUS Z A C) Z) (NOT (LESSP (EXPT 2 (PLUS Z A C)) (EXPT 2 Z)))). This again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (NOT (NUMBERP Z)) (NOT (LESSP (EXPT 2 (PLUS A C)) 1))), which again simplifies, using linear arithmetic, rewriting with EXPT-IS-POSITIVE, and opening up the definition of EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-12 (PROVE-LEMMA MAGIC-13 NIL (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D))) (LEQ (EXPT C (EXPT 2 Z)) (EXPT S (EXPT 2 S)))) ((DO-NOT-INDUCT T) (USE (MAGIC-12 (D D) (A A) (C C) (S S) (Z Z)) (MONOTON-OF-EXP-1 (B1 C) (B2 S) (E (EXPT 2 Z))) (MONOTON-OF-EXP-2 (B S) (E1 (EXPT 2 Z)) (E2 (EXPT 2 S)))) (DISABLE ADDITION-OF-EXPONENTS ASSOCIATIVITY-OF-TIMES))) This formula simplifies, unfolding the functions AND, IMPLIES, ZEROP, NOT, EXPT, EQUAL, and LESSP, to the following four new conjectures: Case 4. (IMPLIES (AND (NOT (LESSP (EXPT 2 (PLUS Z A C)) (EXPT 2 Z))) (LESSP (PLUS Z A C) C) (EQUAL (PLUS Z A C) 0)) (EQUAL (EXPT C (EXPT 2 Z)) 0)). However this again simplifies, using linear arithmetic, to: T. Case 3. (IMPLIES (AND (NOT (LESSP (EXPT 2 (PLUS Z A C)) (EXPT 2 Z))) (LESSP (PLUS Z A C) C) (NOT (LESSP (EXPT (PLUS Z A C) (EXPT 2 (PLUS Z A C))) (EXPT (PLUS Z A C) (EXPT 2 Z))))) (NOT (LESSP (EXPT (PLUS Z A C) (EXPT 2 (PLUS Z A C))) (EXPT C (EXPT 2 Z))))), which again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (NOT (LESSP (EXPT 2 (PLUS Z A C)) (EXPT 2 Z))) (NOT (LESSP (EXPT (PLUS Z A C) (EXPT 2 Z)) (EXPT C (EXPT 2 Z)))) (EQUAL (PLUS Z A C) 0)) (EQUAL (EXPT C (EXPT 2 Z)) 0)), which again simplifies, opening up the functions EXPT, TIMES, and EQUAL, to two new conjectures: Case 2.2. (IMPLIES (AND (NOT (LESSP 1 (EXPT 2 Z))) (NOT (EQUAL (EXPT 2 Z) 0)) (NOT (LESSP 0 (EXPT C (EXPT 2 Z)))) (EQUAL (PLUS Z A C) 0)) (EQUAL (EXPT C (EXPT 2 Z)) 0)), which again simplifies, using linear arithmetic, to: T. Case 2.1. (IMPLIES (AND (NOT (LESSP 1 (EXPT 2 Z))) (EQUAL (EXPT 2 Z) 0) (NOT (LESSP 1 (EXPT C (EXPT 2 Z))))) (NOT (EQUAL (PLUS Z A C) 0))), which again simplifies, using linear arithmetic, appealing to the lemma EXPT-IS-POSITIVE, and unfolding the definition of EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (LESSP (EXPT 2 (PLUS Z A C)) (EXPT 2 Z))) (NOT (LESSP (EXPT (PLUS Z A C) (EXPT 2 Z)) (EXPT C (EXPT 2 Z)))) (NOT (LESSP (EXPT (PLUS Z A C) (EXPT 2 (PLUS Z A C))) (EXPT (PLUS Z A C) (EXPT 2 Z))))) (NOT (LESSP (EXPT (PLUS Z A C) (EXPT 2 (PLUS Z A C))) (EXPT C (EXPT 2 Z))))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MAGIC-13 (PROVE-LEMMA MAGIC-14 NIL (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D)) (NOT (ZEROP C))) (LEQ (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z))) (TIMES (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (EXPT S (EXPT 2 S))))) ((DO-NOT-INDUCT T) (USE (MAGIC-11 (D D) (A A) (C C) (S S) (Z Z)) (MAGIC-13 (D D) (A A) (C C) (S S) (Z Z)) (TIMES-IS-MONOTONIC (X (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C)) (Y (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S)))) (A (EXPT C (EXPT 2 Z))) (B (EXPT S (EXPT 2 S))))) (DISABLE ADDITION-OF-EXPONENTS ASSOCIATIVITY-OF-TIMES MAGIC TIMES))) This conjecture can be simplified, using the abbreviations ZEROP, NOT, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D)) (NOT (ZEROP C))) (IF (LESSP (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C)) F T)) (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D))) (IF (LESSP (EXPT S (EXPT 2 S)) (EXPT C (EXPT 2 Z))) F T)) (IMPLIES (AND (IF (LESSP (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C)) F T) (IF (LESSP (EXPT S (EXPT 2 S)) (EXPT C (EXPT 2 Z))) F T)) (IF (LESSP (TIMES (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (EXPT S (EXPT 2 S))) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z)))) F T)) (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D)) (NOT (EQUAL C 0)) (NUMBERP C)) (NOT (LESSP (TIMES (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (EXPT S (EXPT 2 S))) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z)))))). This simplifies, opening up the functions ZEROP, NOT, AND, SUB1, NUMBERP, EQUAL, PLUS, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-14 (PROVE-LEMMA MAGIC-15 NIL (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D)) (NOT (ZEROP C))) (LEQ (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z))) (MAGIC (MAGIC S)))) ((DO-NOT-INDUCT T) (USE (MAGIC-14 (D D) (A A) (C C) (S S) (Z Z)) (MAGIC-10 (S S))) (DISABLE ADDITION-OF-EXPONENTS ASSOCIATIVITY-OF-TIMES MAGIC TIMES))) This formula can be simplified, using the abbreviations ZEROP, NOT, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D)) (NOT (ZEROP C))) (IF (LESSP (TIMES (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (EXPT S (EXPT 2 S))) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z)))) F T)) (IMPLIES (NUMBERP S) (IF (LESSP (MAGIC (MAGIC S)) (TIMES (PLUS (TIMES 2 S) 3 (TIMES 2 (MAGIC S))) (EXPT S (EXPT 2 S)))) F T)) (EQUAL D (PLUS A C)) (EQUAL S (PLUS Z D)) (NOT (EQUAL C 0)) (NUMBERP C)) (NOT (LESSP (MAGIC (MAGIC S)) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z)))))), which simplifies, opening up ZEROP, NOT, AND, SUB1, NUMBERP, EQUAL, PLUS, and IMPLIES, to: (IMPLIES (AND (NOT (LESSP (TIMES (PLUS (TIMES 2 (PLUS Z A C)) 3 (TIMES 2 (MAGIC (PLUS Z A C)))) (EXPT (PLUS Z A C) (EXPT 2 (PLUS Z A C)))) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) (ADD1 (PLUS 2 C))) (EXPT C (EXPT 2 Z))))) (NOT (LESSP (MAGIC (MAGIC (PLUS Z A C))) (TIMES (PLUS (TIMES 2 (PLUS Z A C)) 3 (TIMES 2 (MAGIC (PLUS Z A C)))) (EXPT (PLUS Z A C) (EXPT 2 (PLUS Z A C)))))) (NOT (EQUAL C 0)) (NUMBERP C)) (NOT (LESSP (MAGIC (MAGIC (PLUS Z A C))) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) (ADD1 (PLUS 2 C))) (EXPT C (EXPT 2 Z)))))). However this again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-15 (PROVE-LEMMA MAGIC-16-AUX1 (REWRITE) (IMPLIES (NOT (NUMBERP V)) (EQUAL (TIMES W V) 0))) Call the conjecture *1. Perhaps we can prove it by induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (ZEROP W) (p W V)) (IMPLIES (AND (NOT (ZEROP W)) (p (SUB1 W) V)) (p W V))). Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP can be used to prove that the measure (COUNT W) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new goals: Case 2. (IMPLIES (AND (ZEROP W) (NOT (NUMBERP V))) (EQUAL (TIMES W V) 0)), which simplifies, opening up the definitions of ZEROP, EQUAL, and TIMES, to: T. Case 1. (IMPLIES (AND (NOT (ZEROP W)) (EQUAL (TIMES (SUB1 W) V) 0) (NOT (NUMBERP V))) (EQUAL (TIMES W V) 0)), which simplifies, expanding ZEROP, TIMES, NUMBERP, PLUS, and EQUAL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-16-AUX1 (PROVE-LEMMA MAGIC-16 NIL (IMPLIES (NOT (NUMBERP V)) (EQUAL (MAGIC V) 12))) This formula simplifies, applying MAGIC-16-AUX1, and opening up the functions TIMES, EXPT, NUMBERP, PLUS, MAGIC, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-16 (DISABLE MAGIC-16-AUX1) [ 0.0 0.0 0.0 ] MAGIC-16-AUX1-OFF (PROVE-LEMMA MAGIC-17 NIL (IMPLIES (LEQ V W) (LEQ (MAGIC V) (MAGIC W))) ((DO-NOT-INDUCT T) (USE (MAGIC-IS-MONOTONIC (M V) (N W)) (MAGIC-16 (V W)) (MAGIC-16 (V V))) (DISABLE MAGIC))) This simplifies, opening up the definitions of IMPLIES, NOT, and LESSP, to six new formulas: Case 6. (IMPLIES (AND (NOT (LESSP V W)) (NUMBERP W) (NUMBERP V) (NOT (LESSP W V))) (NOT (LESSP (MAGIC W) (MAGIC V)))), which again simplifies, using linear arithmetic, to the formula: (IMPLIES (AND (NOT (LESSP V V)) (NUMBERP V) (NUMBERP V) (NOT (LESSP V V))) (NOT (LESSP (MAGIC V) (MAGIC V)))). But this again simplifies, using linear arithmetic, to: T. Case 5. (IMPLIES (AND (NOT (LESSP V W)) (NUMBERP W) (EQUAL (MAGIC V) 12) (NOT (LESSP W V))) (NOT (LESSP (MAGIC W) 12))), which again simplifies, using linear arithmetic, to two new formulas: Case 5.2. (IMPLIES (AND (NOT (NUMBERP V)) (NOT (LESSP V W)) (NUMBERP W) (EQUAL (MAGIC V) 12) (NOT (LESSP W V))) (NOT (LESSP (MAGIC W) 12))), which again simplifies, unfolding the definitions of LESSP, NUMBERP, and MAGIC, to: T. Case 5.1. (IMPLIES (AND (NUMBERP V) (NOT (LESSP V V)) (EQUAL (MAGIC V) 12) (NOT (LESSP V V))) (NOT (LESSP (MAGIC V) 12))), which again simplifies, using linear arithmetic, to: T. Case 4. (IMPLIES (AND (NOT (LESSP V W)) (EQUAL (MAGIC W) 12) (NUMBERP V) (NOT (LESSP W V))) (NOT (LESSP 12 (MAGIC V)))), which again simplifies, using linear arithmetic, to two new conjectures: Case 4.2. (IMPLIES (AND (NOT (NUMBERP W)) (NOT (LESSP V W)) (EQUAL (MAGIC W) 12) (NUMBERP V) (NOT (LESSP W V))) (NOT (LESSP 12 (MAGIC V)))), which again simplifies, unfolding the definitions of LESSP and MAGIC, to: T. Case 4.1. (IMPLIES (AND (NUMBERP W) (NOT (LESSP V V)) (EQUAL (MAGIC V) 12) (NUMBERP V) (NOT (LESSP V V))) (NOT (LESSP 12 (MAGIC V)))), which again simplifies, using linear arithmetic, to: T. Case 3. (IMPLIES (AND (LESSP (MAGIC V) (MAGIC W)) (NUMBERP W) (NUMBERP V) (NOT (LESSP W V))) (NOT (LESSP (MAGIC W) (MAGIC V)))), which again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (LESSP (MAGIC V) (MAGIC W)) (NUMBERP W) (EQUAL (MAGIC V) 12) (NOT (LESSP W V))) (NOT (LESSP (MAGIC W) 12))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (LESSP (MAGIC V) (MAGIC W)) (EQUAL (MAGIC W) 12) (NUMBERP V) (NOT (LESSP W V))) (NOT (LESSP 12 (MAGIC V)))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-17 (PROVE-LEMMA MAGIC-18 NIL (IMPLIES (AND (EQUAL D (PLUS A C)) (LEQ (MAGIC (PLUS Z D)) Q) (NOT (ZEROP C))) (LEQ (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z))) (MAGIC Q))) ((DO-NOT-INDUCT T) (USE (MAGIC-17 (V (MAGIC (PLUS Z D))) (W Q)) (MAGIC-15 (D D) (A A) (C C) (S (PLUS Z D)) (Z Z))) (DISABLE ADDITION-OF-EXPONENTS ASSOCIATIVITY-OF-TIMES MAGIC TIMES))) This conjecture can be simplified, using the abbreviations ZEROP, NOT, IMPLIES, and AND, to the goal: (IMPLIES (AND (IMPLIES (IF (LESSP Q (MAGIC (PLUS Z D))) F T) (IF (LESSP (MAGIC Q) (MAGIC (MAGIC (PLUS Z D)))) F T)) (IMPLIES (AND (EQUAL D (PLUS A C)) (EQUAL (PLUS Z D) (PLUS Z D)) (NOT (ZEROP C))) (IF (LESSP (MAGIC (MAGIC (PLUS Z D))) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z)))) F T)) (EQUAL D (PLUS A C)) (NOT (LESSP Q (MAGIC (PLUS Z D)))) (NOT (EQUAL C 0)) (NUMBERP C)) (NOT (LESSP (MAGIC Q) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) 3 C) (EXPT C (EXPT 2 Z)))))). This simplifies, expanding IMPLIES, ZEROP, NOT, AND, SUB1, NUMBERP, EQUAL, and PLUS, to the new goal: (IMPLIES (AND (NOT (LESSP (MAGIC Q) (MAGIC (MAGIC (PLUS Z A C))))) (NOT (LESSP (MAGIC (MAGIC (PLUS Z A C))) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) (ADD1 (PLUS 2 C))) (EXPT C (EXPT 2 Z))))) (NOT (LESSP Q (MAGIC (PLUS Z A C)))) (NOT (EQUAL C 0)) (NUMBERP C)) (NOT (LESSP (MAGIC Q) (TIMES (PLUS (TIMES 2 A) (TIMES 2 (MAGIC Z)) (ADD1 (PLUS 2 C))) (EXPT C (EXPT 2 Z)))))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MAGIC-18 (DISABLE MAGIC) [ 0.0 0.0 0.0 ] MAGIC-OFF1 (PROVE-LEMMA APPEND-WORKS-LEFT (REWRITE) (IMPLIES (MEMBER X LST1) (MEMBER X (APPEND LST1 LST2)))) Give the conjecture the name *1. Let us appeal to the induction principle. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP LST1) (p X LST1 LST2)) (IMPLIES (AND (NOT (NLISTP LST1)) (EQUAL X (CAR LST1))) (p X LST1 LST2)) (IMPLIES (AND (NOT (NLISTP LST1)) (NOT (EQUAL X (CAR LST1))) (p X (CDR LST1) LST2)) (p X LST1 LST2))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT LST1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates four new conjectures: Case 4. (IMPLIES (AND (NLISTP LST1) (MEMBER X LST1)) (MEMBER X (APPEND LST1 LST2))), which simplifies, expanding the functions NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP LST1)) (EQUAL X (CAR LST1)) (MEMBER X LST1)) (MEMBER X (APPEND LST1 LST2))), which simplifies, appealing to the lemma CAR-CONS, and expanding NLISTP, MEMBER, and APPEND, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP LST1)) (NOT (EQUAL X (CAR LST1))) (NOT (MEMBER X (CDR LST1))) (MEMBER X LST1)) (MEMBER X (APPEND LST1 LST2))), which simplifies, opening up NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP LST1)) (NOT (EQUAL X (CAR LST1))) (MEMBER X (APPEND (CDR LST1) LST2)) (MEMBER X LST1)) (MEMBER X (APPEND LST1 LST2))), which simplifies, rewriting with the lemmas CDR-CONS and CAR-CONS, and expanding NLISTP, MEMBER, and APPEND, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] APPEND-WORKS-LEFT (PROVE-LEMMA APPEND-WORKS-RIGHT (REWRITE) (IMPLIES (MEMBER Y LST2) (MEMBER Y (APPEND LST1 LST2)))) Give the conjecture the name *1. Let us appeal to the induction principle. Two inductions are suggested by terms in the conjecture. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST1) (p Y (CDR LST1) LST2)) (p Y LST1 LST2)) (IMPLIES (NOT (LISTP LST1)) (p Y LST1 LST2))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT LST1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates two new conjectures: Case 2. (IMPLIES (AND (LISTP LST1) (MEMBER Y (APPEND (CDR LST1) LST2)) (MEMBER Y LST2)) (MEMBER Y (APPEND LST1 LST2))), which simplifies, applying CDR-CONS and CAR-CONS, and opening up APPEND and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (LISTP LST1)) (MEMBER Y LST2)) (MEMBER Y (APPEND LST1 LST2))). This simplifies, opening up the definition of APPEND, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] APPEND-WORKS-RIGHT (DEFN LENGTH (SET) (IF (LISTP SET) (ADD1 (LENGTH (CDR SET))) 0)) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each recursive call. Hence, LENGTH is accepted under the principle of definition. From the definition we can conclude that (NUMBERP (LENGTH SET)) is a theorem. [ 0.0 0.0 0.0 ] LENGTH (PROVE-LEMMA LENGTH-OF-APPEND (REWRITE) (EQUAL (LENGTH (APPEND LST1 LST2)) (PLUS (LENGTH LST1) (LENGTH LST2)))) Call the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST1) (p (CDR LST1) LST2)) (p LST1 LST2)) (IMPLIES (NOT (LISTP LST1)) (p LST1 LST2))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT LST1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new goals: Case 2. (IMPLIES (AND (LISTP LST1) (EQUAL (LENGTH (APPEND (CDR LST1) LST2)) (PLUS (LENGTH (CDR LST1)) (LENGTH LST2)))) (EQUAL (LENGTH (APPEND LST1 LST2)) (PLUS (LENGTH LST1) (LENGTH LST2)))), which simplifies, applying the lemmas CDR-CONS and SUB1-ADD1, and opening up the definitions of APPEND, LENGTH, and PLUS, to: T. Case 1. (IMPLIES (NOT (LISTP LST1)) (EQUAL (LENGTH (APPEND LST1 LST2)) (PLUS (LENGTH LST1) (LENGTH LST2)))), which simplifies, unfolding the functions APPEND, LENGTH, EQUAL, and PLUS, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] LENGTH-OF-APPEND (DEFN CONS-ALL (ITEM LST) (IF (LISTP LST) (CONS (CONS ITEM (CAR LST)) (CONS-ALL ITEM (CDR LST))) NIL)) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each recursive call. Hence, CONS-ALL is accepted under the principle of definition. Note that (OR (LITATOM (CONS-ALL ITEM LST)) (LISTP (CONS-ALL ITEM LST))) is a theorem. [ 0.0 0.0 0.0 ] CONS-ALL (DEFN PRODUCT (LST1 LST2) (IF (NLISTP LST1) NIL (APPEND (CONS-ALL (CAR LST1) LST2) (PRODUCT (CDR LST1) LST2)))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT LST1) decreases according to the well-founded relation LESSP in each recursive call. Hence, PRODUCT is accepted under the principle of definition. Note that: (OR (LITATOM (PRODUCT LST1 LST2)) (LISTP (PRODUCT LST1 LST2))) is a theorem. [ 0.0 0.0 0.0 ] PRODUCT (PROVE-LEMMA ALL-PAIRS-IN-CONS-ALL (REWRITE) (IMPLIES (MEMBER Y LST) (MEMBER (CONS ITEM Y) (CONS-ALL ITEM LST)))) Call the conjecture *1. Perhaps we can prove it by induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP LST) (p ITEM Y LST)) (IMPLIES (AND (NOT (NLISTP LST)) (EQUAL Y (CAR LST))) (p ITEM Y LST)) (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL Y (CAR LST))) (p ITEM Y (CDR LST))) (p ITEM Y LST))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to prove that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to four new goals: Case 4. (IMPLIES (AND (NLISTP LST) (MEMBER Y LST)) (MEMBER (CONS ITEM Y) (CONS-ALL ITEM LST))), which simplifies, opening up the definitions of NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP LST)) (EQUAL Y (CAR LST)) (MEMBER Y LST)) (MEMBER (CONS ITEM Y) (CONS-ALL ITEM LST))), which simplifies, applying CAR-CONS, and unfolding NLISTP, MEMBER, and CONS-ALL, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL Y (CAR LST))) (NOT (MEMBER Y (CDR LST))) (MEMBER Y LST)) (MEMBER (CONS ITEM Y) (CONS-ALL ITEM LST))). This simplifies, expanding the functions NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL Y (CAR LST))) (MEMBER (CONS ITEM Y) (CONS-ALL ITEM (CDR LST))) (MEMBER Y LST)) (MEMBER (CONS ITEM Y) (CONS-ALL ITEM LST))). This simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and expanding the functions NLISTP, MEMBER, and CONS-ALL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ALL-PAIRS-IN-CONS-ALL (PROVE-LEMMA ALL-PAIRS (REWRITE) (IMPLIES (AND (MEMBER X LST1) (MEMBER Y LST2)) (MEMBER (CONS X Y) (PRODUCT LST1 LST2)))) Call the conjecture *1. We will appeal to induction. There are three plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP LST1) (p X Y LST1 LST2)) (IMPLIES (AND (NOT (NLISTP LST1)) (EQUAL X (CAR LST1))) (p X Y LST1 LST2)) (IMPLIES (AND (NOT (NLISTP LST1)) (NOT (EQUAL X (CAR LST1))) (p X Y (CDR LST1) LST2)) (p X Y LST1 LST2))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to establish that the measure (COUNT LST1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates four new formulas: Case 4. (IMPLIES (AND (NLISTP LST1) (MEMBER X LST1) (MEMBER Y LST2)) (MEMBER (CONS X Y) (PRODUCT LST1 LST2))), which simplifies, expanding the definitions of NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP LST1)) (EQUAL X (CAR LST1)) (MEMBER X LST1) (MEMBER Y LST2)) (MEMBER (CONS X Y) (PRODUCT LST1 LST2))), which simplifies, applying the lemmas ALL-PAIRS-IN-CONS-ALL and APPEND-WORKS-LEFT, and unfolding the definitions of NLISTP, MEMBER, and PRODUCT, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP LST1)) (NOT (EQUAL X (CAR LST1))) (NOT (MEMBER X (CDR LST1))) (MEMBER X LST1) (MEMBER Y LST2)) (MEMBER (CONS X Y) (PRODUCT LST1 LST2))), which simplifies, expanding the definitions of NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP LST1)) (NOT (EQUAL X (CAR LST1))) (MEMBER (CONS X Y) (PRODUCT (CDR LST1) LST2)) (MEMBER X LST1) (MEMBER Y LST2)) (MEMBER (CONS X Y) (PRODUCT LST1 LST2))), which simplifies, applying APPEND-WORKS-RIGHT, and expanding the functions NLISTP, MEMBER, and PRODUCT, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ALL-PAIRS (DISABLE PRODUCT) [ 0.0 0.0 0.0 ] PRODUCT-OFF (DEFN SUBSETP (S1 S2) (IF (LISTP S1) (AND (MEMBER (CAR S1) S2) (SUBSETP (CDR S1) S2)) T)) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S1) decreases according to the well-founded relation LESSP in each recursive call. Hence, SUBSETP is accepted under the principle of definition. Note that (OR (FALSEP (SUBSETP S1 S2)) (TRUEP (SUBSETP S1 S2))) is a theorem. [ 0.0 0.0 0.0 ] SUBSETP (PROVE-LEMMA SUBSETP-WORKS-1 (REWRITE) (IMPLIES (AND (SUBSETP S1 S2) AND (MEMBER X S1)) (MEMBER X S2))) WARNING: Note that SUBSETP-WORKS-1 contains the free variables AND and S1 which will be chosen by instantiating the hypotheses (SUBSETP S1 S2) and AND. Call the conjecture *1. We will try to prove it by induction. There are three plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S1) (p X S2 (CDR S1) AND)) (p X S2 S1 AND)) (IMPLIES (NOT (LISTP S1)) (p X S2 S1 AND))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates three new goals: Case 3. (IMPLIES (AND (LISTP S1) (NOT (SUBSETP (CDR S1) S2)) (SUBSETP S1 S2) AND (MEMBER X S1)) (MEMBER X S2)), which simplifies, opening up the function SUBSETP, to: T. Case 2. (IMPLIES (AND (LISTP S1) (NOT (MEMBER X (CDR S1))) (SUBSETP S1 S2) AND (MEMBER X S1)) (MEMBER X S2)), which simplifies, expanding SUBSETP and MEMBER, to the conjecture: (IMPLIES (AND (LISTP S1) (NOT (MEMBER X (CDR S1))) (MEMBER (CAR S1) S2) (SUBSETP (CDR S1) S2) AND (EQUAL X (CAR S1))) (MEMBER X S2)). This again simplifies, trivially, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S1)) (SUBSETP S1 S2) AND (MEMBER X S1)) (MEMBER X S2)). This simplifies, expanding the definitions of SUBSETP and MEMBER, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SUBSETP-WORKS-1 (DEFN MEMB-OF-DIF (S1 S2) (IF (LISTP S1) (IF (MEMBER (CAR S1) S2) (MEMB-OF-DIF (CDR S1) S2) (CAR S1)) NIL)) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S1) decreases according to the well-founded relation LESSP in each recursive call. Hence, MEMB-OF-DIF is accepted under the definitional principle. [ 0.0 0.0 0.0 ] MEMB-OF-DIF (PROVE-LEMMA SUBSETP-WORKS-2 (REWRITE) (IMPLIES (NOT (SUBSETP S1 S2)) (AND (MEMBER (MEMB-OF-DIF S1 S2) S1) (NOT (MEMBER (MEMB-OF-DIF S1 S2) S2))))) WARNING: Note that the proposed lemma SUBSETP-WORKS-2 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This formula simplifies, opening up the definitions of NOT and AND, to the following two new formulas: Case 2. (IMPLIES (NOT (SUBSETP S1 S2)) (MEMBER (MEMB-OF-DIF S1 S2) S1)). Give the above formula the name *1. Case 1. (IMPLIES (NOT (SUBSETP S1 S2)) (NOT (MEMBER (MEMB-OF-DIF S1 S2) S2))), which we would usually push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us consider: (AND (IMPLIES (NOT (SUBSETP S1 S2)) (MEMBER (MEMB-OF-DIF S1 S2) S1)) (IMPLIES (NOT (SUBSETP S1 S2)) (NOT (MEMBER (MEMB-OF-DIF S1 S2) S2)))). We gave this the name *1 above. Perhaps we can prove it by induction. Six inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S1) (MEMBER (CAR S1) S2) (p (CDR S1) S2)) (p S1 S2)) (IMPLIES (AND (LISTP S1) (NOT (MEMBER (CAR S1) S2))) (p S1 S2)) (IMPLIES (NOT (LISTP S1)) (p S1 S2))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT S1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to eight new formulas: Case 8. (IMPLIES (AND (LISTP S1) (MEMBER (CAR S1) S2) (SUBSETP (CDR S1) S2) (NOT (SUBSETP S1 S2))) (MEMBER (MEMB-OF-DIF S1 S2) S1)), which simplifies, opening up SUBSETP, to: T. Case 7. (IMPLIES (AND (LISTP S1) (MEMBER (CAR S1) S2) (MEMBER (MEMB-OF-DIF (CDR S1) S2) (CDR S1)) (NOT (MEMBER (MEMB-OF-DIF (CDR S1) S2) S2)) (NOT (SUBSETP S1 S2))) (MEMBER (MEMB-OF-DIF S1 S2) S1)), which simplifies, unfolding the functions SUBSETP, MEMB-OF-DIF, and MEMBER, to: T. Case 6. (IMPLIES (AND (LISTP S1) (NOT (MEMBER (CAR S1) S2)) (NOT (SUBSETP S1 S2))) (MEMBER (MEMB-OF-DIF S1 S2) S1)), which simplifies, opening up the functions SUBSETP, MEMB-OF-DIF, and MEMBER, to: T. Case 5. (IMPLIES (AND (NOT (LISTP S1)) (NOT (SUBSETP S1 S2))) (MEMBER (MEMB-OF-DIF S1 S2) S1)), which simplifies, expanding the function SUBSETP, to: T. Case 4. (IMPLIES (AND (LISTP S1) (MEMBER (CAR S1) S2) (SUBSETP (CDR S1) S2) (NOT (SUBSETP S1 S2))) (NOT (MEMBER (MEMB-OF-DIF S1 S2) S2))), which simplifies, opening up the definition of SUBSETP, to: T. Case 3. (IMPLIES (AND (LISTP S1) (MEMBER (CAR S1) S2) (MEMBER (MEMB-OF-DIF (CDR S1) S2) (CDR S1)) (NOT (MEMBER (MEMB-OF-DIF (CDR S1) S2) S2)) (NOT (SUBSETP S1 S2))) (NOT (MEMBER (MEMB-OF-DIF S1 S2) S2))), which simplifies, opening up the definitions of SUBSETP and MEMB-OF-DIF, to: T. Case 2. (IMPLIES (AND (LISTP S1) (NOT (MEMBER (CAR S1) S2)) (NOT (SUBSETP S1 S2))) (NOT (MEMBER (MEMB-OF-DIF S1 S2) S2))), which simplifies, opening up SUBSETP and MEMB-OF-DIF, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S1)) (NOT (SUBSETP S1 S2))) (NOT (MEMBER (MEMB-OF-DIF S1 S2) S2))), which simplifies, unfolding the function SUBSETP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SUBSETP-WORKS-2 (DISABLE MEMB-OF-DIF) [ 0.0 0.0 0.0 ] MEMB-OF-DIF-OFF (PROVE-LEMMA SUBSET-OF-EMPTY-SET (REWRITE) (IMPLIES (LISTP S) (NOT (SUBSETP S NIL)))) This formula simplifies, opening up the definitions of MEMBER, LISTP, and SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUBSET-OF-EMPTY-SET (PROVE-LEMMA TRANSITIVITY-OF-SUBSET (REWRITE) (IMPLIES (AND (SUBSETP S1 S2) (SUBSETP S2 S3)) (SUBSETP S1 S3))) WARNING: Note that TRANSITIVITY-OF-SUBSET contains the free variable S2 which will be chosen by instantiating the hypothesis (SUBSETP S1 S2). Call the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S1) (p (CDR S1) S3 S2)) (p S1 S3 S2)) (IMPLIES (NOT (LISTP S1)) (p S1 S3 S2))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT S1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to three new goals: Case 3. (IMPLIES (AND (LISTP S1) (NOT (SUBSETP (CDR S1) S2)) (SUBSETP S1 S2) (SUBSETP S2 S3)) (SUBSETP S1 S3)), which simplifies, opening up the definition of SUBSETP, to: T. Case 2. (IMPLIES (AND (LISTP S1) (SUBSETP (CDR S1) S3) (SUBSETP S1 S2) (SUBSETP S2 S3)) (SUBSETP S1 S3)), which simplifies, applying SUBSETP-WORKS-1, and unfolding SUBSETP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S1)) (SUBSETP S1 S2) (SUBSETP S2 S3)) (SUBSETP S1 S3)). This simplifies, expanding the function SUBSETP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] TRANSITIVITY-OF-SUBSET (PROVE-LEMMA CDR-IS-SUBSET-AUX1 (REWRITE) (IMPLIES (MEMBER X (CDR S)) (MEMBER X S))) This conjecture simplifies, opening up the function MEMBER, to: (IMPLIES (MEMBER X (CDR S)) (LISTP S)), which again simplifies, rewriting with the lemma CDR-NLISTP, and expanding the definitions of LISTP and MEMBER, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDR-IS-SUBSET-AUX1 (PROVE-LEMMA CDR-IS-SUBSET (REWRITE) (SUBSETP (CDR S) S) ((USE (SUBSETP-WORKS-2 (S1 (CDR S)) (S2 S))))) This conjecture simplifies, appealing to the lemmas SUBSETP-WORKS-2 and CDR-IS-SUBSET-AUX1, and opening up NOT, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.2 ] CDR-IS-SUBSET (DISABLE CDR-IS-SUBSET-AUX1) [ 0.0 0.0 0.0 ] CDR-IS-SUBSET-AUX1-OFF (PROVE-LEMMA CDR-OF-SUBSET (REWRITE) (IMPLIES (AND (SUBSETP S1 S2) (LISTP S1)) (SUBSETP (CDR S1) S2))) This conjecture simplifies, unfolding SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDR-OF-SUBSET (PROVE-LEMMA NIL-IS-SUBSET (REWRITE) (SUBSETP NIL S)) This conjecture simplifies, opening up the definitions of LISTP and SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NIL-IS-SUBSET (PROVE-LEMMA SUBSET-OF-CDR (REWRITE) (IMPLIES (AND (SUBSETP S1 S2) (NOT (MEMBER (CAR S2) S1))) (SUBSETP S1 (CDR S2)))) . Applying the lemma CAR-CDR-ELIM, replace S2 by (CONS X Z) to eliminate (CAR S2) and (CDR S2). We thus obtain the following two new formulas: Case 2. (IMPLIES (AND (NOT (LISTP S2)) (SUBSETP S1 S2) (NOT (MEMBER (CAR S2) S1))) (SUBSETP S1 (CDR S2))). But this simplifies, appealing to the lemmas CAR-NLISTP and CDR-NLISTP, and expanding the definitions of MEMBER and SUBSETP, to: T. Case 1. (IMPLIES (AND (SUBSETP S1 (CONS X Z)) (NOT (MEMBER X S1))) (SUBSETP S1 Z)), which we would normally push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us return to: (IMPLIES (AND (SUBSETP S1 S2) (NOT (MEMBER (CAR S2) S1))) (SUBSETP S1 (CDR S2))). We named this *1. We will try to prove it by induction. Three inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S1) (p (CDR S1) S2)) (p S1 S2)) (IMPLIES (NOT (LISTP S1)) (p S1 S2))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates four new conjectures: Case 4. (IMPLIES (AND (LISTP S1) (NOT (SUBSETP (CDR S1) S2)) (SUBSETP S1 S2) (NOT (MEMBER (CAR S2) S1))) (SUBSETP S1 (CDR S2))), which simplifies, expanding the definition of SUBSETP, to: T. Case 3. (IMPLIES (AND (LISTP S1) (MEMBER (CAR S2) (CDR S1)) (SUBSETP S1 S2) (NOT (MEMBER (CAR S2) S1))) (SUBSETP S1 (CDR S2))), which simplifies, opening up the functions SUBSETP and MEMBER, to: T. Case 2. (IMPLIES (AND (LISTP S1) (SUBSETP (CDR S1) (CDR S2)) (SUBSETP S1 S2) (NOT (MEMBER (CAR S2) S1))) (SUBSETP S1 (CDR S2))), which simplifies, opening up the definitions of SUBSETP and MEMBER, to the conjecture: (IMPLIES (AND (LISTP S1) (SUBSETP (CDR S1) (CDR S2)) (MEMBER (CAR S1) S2) (SUBSETP (CDR S1) S2) (NOT (EQUAL (CAR S2) (CAR S1))) (NOT (MEMBER (CAR S2) (CDR S1)))) (MEMBER (CAR S1) (CDR S2))). But this again simplifies, opening up the function MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S1)) (SUBSETP S1 S2) (NOT (MEMBER (CAR S2) S1))) (SUBSETP S1 (CDR S2))), which simplifies, opening up the functions SUBSETP and MEMBER, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SUBSET-OF-CDR (PROVE-LEMMA NON-EMPTY-SUBSET (REWRITE) (IMPLIES (AND (SUBSETP LST1 LST2) (LISTP LST1)) (LISTP LST2))) WARNING: Note that NON-EMPTY-SUBSET contains the free variable LST1 which will be chosen by instantiating the hypothesis (SUBSETP LST1 LST2). This conjecture simplifies, expanding MEMBER and SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NON-EMPTY-SUBSET (PROVE-LEMMA CAR-OF-SUBSET (REWRITE) (IMPLIES (AND (SUBSETP LST1 LST2) (LISTP LST1)) (MEMBER (CAR LST1) LST2))) This conjecture simplifies, unfolding SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-SUBSET (DEFN SUBLISTP (LST1 LST2) (IF (LISTP LST2) (OR (SUBLISTP LST1 (CDR LST2)) (AND (LISTP LST1) (EQUAL (CAR LST1) (CAR LST2)) (SUBLISTP (CDR LST1) (CDR LST2)))) (NOT (LISTP LST1)))) Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT LST2) decreases according to the well-founded relation LESSP in each recursive call. Hence, SUBLISTP is accepted under the definitional principle. Note that (OR (FALSEP (SUBLISTP LST1 LST2)) (TRUEP (SUBLISTP LST1 LST2))) is a theorem. [ 0.0 0.0 0.0 ] SUBLISTP (PROVE-LEMMA SUBLIST-IMPLIES-SUBSET NIL (IMPLIES (SUBLISTP LST1 LST2) (SUBSETP LST1 LST2)) ((INDUCT (SUBLISTP LST1 LST2)))) This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and AND, to the following two new formulas: Case 2. (IMPLIES (AND (LISTP LST2) (IMPLIES (SUBLISTP (CDR LST1) (CDR LST2)) (SUBSETP (CDR LST1) (CDR LST2))) (IMPLIES (SUBLISTP LST1 (CDR LST2)) (SUBSETP LST1 (CDR LST2))) (SUBLISTP LST1 LST2)) (SUBSETP LST1 LST2)). This simplifies, applying TRANSITIVITY-OF-SUBSET and CDR-IS-SUBSET, and opening up the definitions of IMPLIES, SUBSETP, SUBLISTP, and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (LISTP LST2)) (SUBLISTP LST1 LST2)) (SUBSETP LST1 LST2)), which simplifies, unfolding the functions SUBLISTP and SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUBLIST-IMPLIES-SUBSET (PROVE-LEMMA TRANSITIVITY-OF-SUBLIST (REWRITE) (IMPLIES (AND (SUBLISTP S1 S2) (SUBLISTP S2 S3)) (SUBLISTP S1 S3))) WARNING: Note that TRANSITIVITY-OF-SUBLIST contains the free variable S2 which will be chosen by instantiating the hypothesis (SUBLISTP S1 S2). Call the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S3) (p S1 (CDR S3) S2) (p S1 (CDR S3) (CDR S2)) (p (CDR S1) (CDR S3) (CDR S2))) (p S1 S3 S2)) (IMPLIES (NOT (LISTP S3)) (p S1 S3 S2))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT S3) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for S1 and S2. The above induction scheme leads to seven new goals: Case 7. (IMPLIES (AND (LISTP S3) (NOT (SUBLISTP S2 (CDR S3))) (NOT (SUBLISTP S1 (CDR S2))) (NOT (SUBLISTP (CDR S1) (CDR S2))) (SUBLISTP S1 S2) (SUBLISTP S2 S3)) (SUBLISTP S1 S3)), which simplifies, opening up the definition of SUBLISTP, to three new conjectures: Case 7.3. (IMPLIES (AND (LISTP S3) (NOT (SUBLISTP S2 (CDR S3))) (NOT (SUBLISTP S1 (CDR S2))) (NOT (SUBLISTP (CDR S1) (CDR S2))) (SUBLISTP S1 S2) (LISTP S2) (EQUAL (CAR S2) (CAR S3)) (SUBLISTP (CDR S2) (CDR S3)) (NOT (SUBLISTP S1 (CDR S3)))) (SUBLISTP (CDR S1) (CDR S3))), which further simplifies, unfolding the function SUBLISTP, to: T. Case 7.2. (IMPLIES (AND (LISTP S3) (NOT (SUBLISTP S2 (CDR S3))) (NOT (SUBLISTP S1 (CDR S2))) (NOT (SUBLISTP (CDR S1) (CDR S2))) (SUBLISTP S1 S2) (LISTP S2) (EQUAL (CAR S2) (CAR S3)) (SUBLISTP (CDR S2) (CDR S3)) (NOT (SUBLISTP S1 (CDR S3)))) (EQUAL (CAR S1) (CAR S2))), which further simplifies, opening up the function SUBLISTP, to: T. Case 7.1. (IMPLIES (AND (LISTP S3) (NOT (SUBLISTP S2 (CDR S3))) (NOT (SUBLISTP S1 (CDR S2))) (NOT (SUBLISTP (CDR S1) (CDR S2))) (SUBLISTP S1 S2) (LISTP S2) (EQUAL (CAR S2) (CAR S3)) (SUBLISTP (CDR S2) (CDR S3)) (NOT (SUBLISTP S1 (CDR S3)))) (LISTP S1)), which further simplifies, applying the lemma CDR-NLISTP, and opening up SUBLISTP, to: T. Case 6. (IMPLIES (AND (LISTP S3) (SUBLISTP S1 (CDR S3)) (NOT (SUBLISTP (CDR S1) (CDR S2))) (SUBLISTP S1 S2) (SUBLISTP S2 S3)) (SUBLISTP S1 S3)), which simplifies, opening up the definition of SUBLISTP, to: T. Case 5. (IMPLIES (AND (LISTP S3) (NOT (SUBLISTP S2 (CDR S3))) (NOT (SUBLISTP S1 (CDR S2))) (SUBLISTP (CDR S1) (CDR S3)) (SUBLISTP S1 S2) (SUBLISTP S2 S3)) (SUBLISTP S1 S3)), which simplifies, expanding the definition of SUBLISTP, to two new formulas: Case 5.2. (IMPLIES (AND (LISTP S3) (NOT (SUBLISTP S2 (CDR S3))) (NOT (SUBLISTP S1 (CDR S2))) (SUBLISTP (CDR S1) (CDR S3)) (SUBLISTP S1 S2) (LISTP S2) (EQUAL (CAR S2) (CAR S3)) (SUBLISTP (CDR S2) (CDR S3)) (NOT (SUBLISTP S1 (CDR S3)))) (EQUAL (CAR S1) (CAR S2))), which further simplifies, expanding SUBLISTP, to: T. Case 5.1. (IMPLIES (AND (LISTP S3) (NOT (SUBLISTP S2 (CDR S3))) (NOT (SUBLISTP S1 (CDR S2))) (SUBLISTP (CDR S1) (CDR S3)) (SUBLISTP S1 S2) (LISTP S2) (EQUAL (CAR S2) (CAR S3)) (SUBLISTP (CDR S2) (CDR S3)) (NOT (SUBLISTP S1 (CDR S3)))) (LISTP S1)), which further simplifies, rewriting with CDR-NLISTP, and expanding SUBLISTP, to: T. Case 4. (IMPLIES (AND (LISTP S3) (NOT (SUBLISTP S2 (CDR S3))) (NOT (SUBLISTP (CDR S2) (CDR S3))) (SUBLISTP S1 S2) (SUBLISTP S2 S3)) (SUBLISTP S1 S3)). This simplifies, unfolding SUBLISTP, to: T. Case 3. (IMPLIES (AND (LISTP S3) (SUBLISTP S1 (CDR S3)) (NOT (SUBLISTP (CDR S2) (CDR S3))) (SUBLISTP S1 S2) (SUBLISTP S2 S3)) (SUBLISTP S1 S3)). This simplifies, expanding the function SUBLISTP, to: T. Case 2. (IMPLIES (AND (LISTP S3) (SUBLISTP S1 (CDR S3)) (SUBLISTP (CDR S1) (CDR S3)) (SUBLISTP S1 S2) (SUBLISTP S2 S3)) (SUBLISTP S1 S3)). This simplifies, expanding SUBLISTP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S3)) (SUBLISTP S1 S2) (SUBLISTP S2 S3)) (SUBLISTP S1 S3)). This simplifies, unfolding SUBLISTP, to: (IMPLIES (AND (NOT (LISTP S3)) (SUBLISTP S1 S2) (NOT (LISTP S2))) (NOT (LISTP S1))), which further simplifies, opening up the definition of SUBLISTP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] TRANSITIVITY-OF-SUBLIST (DEFN POWER-SET (SET) (IF (LISTP SET) (APPEND (CONS-ALL (CAR SET) (POWER-SET (CDR SET))) (POWER-SET (CDR SET))) (LIST NIL))) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each recursive call. Hence, POWER-SET is accepted under the definitional principle. Note that (LISTP (POWER-SET SET)) is a theorem. [ 0.0 0.0 0.0 ] POWER-SET (PROVE-LEMMA SIZE-OF-CONS-ALL (REWRITE) (EQUAL (LENGTH (CONS-ALL ITEM LST)) (LENGTH LST))) Call the conjecture *1. We will try to prove it by induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (p ITEM (CDR LST))) (p ITEM LST)) (IMPLIES (NOT (LISTP LST)) (p ITEM LST))). Linear arithmetic and the lemma CDR-LESSP can be used to establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following two new formulas: Case 2. (IMPLIES (AND (LISTP LST) (EQUAL (LENGTH (CONS-ALL ITEM (CDR LST))) (LENGTH (CDR LST)))) (EQUAL (LENGTH (CONS-ALL ITEM LST)) (LENGTH LST))). This simplifies, applying CDR-CONS, and expanding the functions CONS-ALL and LENGTH, to: T. Case 1. (IMPLIES (NOT (LISTP LST)) (EQUAL (LENGTH (CONS-ALL ITEM LST)) (LENGTH LST))), which simplifies, opening up the functions CONS-ALL, LENGTH, and EQUAL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SIZE-OF-CONS-ALL (PROVE-LEMMA SIZE-OF-POWER-SET (REWRITE) (EQUAL (LENGTH (POWER-SET SET)) (EXPT 2 (LENGTH SET)))) Give the conjecture the name *1. We will try to prove it by induction. There are two plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP SET) (p (CDR SET))) (p SET)) (IMPLIES (NOT (LISTP SET)) (p SET))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates two new goals: Case 2. (IMPLIES (AND (LISTP SET) (EQUAL (LENGTH (POWER-SET (CDR SET))) (EXPT 2 (LENGTH (CDR SET))))) (EQUAL (LENGTH (POWER-SET SET)) (EXPT 2 (LENGTH SET)))), which simplifies, applying SIZE-OF-CONS-ALL, LENGTH-OF-APPEND, TIMES-LEFT-IDENT, and SUB1-ADD1, and unfolding the functions POWER-SET, LENGTH, TIMES, EQUAL, NUMBERP, SUB1, and EXPT, to: T. Case 1. (IMPLIES (NOT (LISTP SET)) (EQUAL (LENGTH (POWER-SET SET)) (EXPT 2 (LENGTH SET)))). This simplifies, opening up POWER-SET, LENGTH, EXPT, and EQUAL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SIZE-OF-POWER-SET (DEFN PROPERP (LST) (IF (LISTP LST) (PROPERP (CDR LST)) (EQUAL LST NIL))) Linear arithmetic and the lemma CDR-LESSP can be used to establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each recursive call. Hence, PROPERP is accepted under the principle of definition. From the definition we can conclude that: (OR (FALSEP (PROPERP LST)) (TRUEP (PROPERP LST))) is a theorem. [ 0.0 0.0 0.0 ] PROPERP (PROVE-LEMMA CONS-PRESERVES-PROPER (REWRITE) (IMPLIES (PROPERP LST) (PROPERP (CONS ITEM LST)))) This simplifies, rewriting with CDR-CONS, and unfolding PROPERP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CONS-PRESERVES-PROPER (DEFN MEMBERS-ALL-PROPERP (BIGLST) (IF (LISTP BIGLST) (AND (PROPERP (CAR BIGLST)) (MEMBERS-ALL-PROPERP (CDR BIGLST))) T)) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT BIGLST) decreases according to the well-founded relation LESSP in each recursive call. Hence, MEMBERS-ALL-PROPERP is accepted under the definitional principle. Observe that: (OR (FALSEP (MEMBERS-ALL-PROPERP BIGLST)) (TRUEP (MEMBERS-ALL-PROPERP BIGLST))) is a theorem. [ 0.0 0.0 0.0 ] MEMBERS-ALL-PROPERP (PROVE-LEMMA APPEND-PRESERVES-MEMBERS-ALL-PROPERP (REWRITE) (IMPLIES (AND (MEMBERS-ALL-PROPERP BIGLST1) (MEMBERS-ALL-PROPERP BIGLST2)) (MEMBERS-ALL-PROPERP (APPEND BIGLST1 BIGLST2)))) Call the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP BIGLST1) (p (CDR BIGLST1) BIGLST2)) (p BIGLST1 BIGLST2)) (IMPLIES (NOT (LISTP BIGLST1)) (p BIGLST1 BIGLST2))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT BIGLST1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to three new goals: Case 3. (IMPLIES (AND (LISTP BIGLST1) (NOT (MEMBERS-ALL-PROPERP (CDR BIGLST1))) (MEMBERS-ALL-PROPERP BIGLST1) (MEMBERS-ALL-PROPERP BIGLST2)) (MEMBERS-ALL-PROPERP (APPEND BIGLST1 BIGLST2))), which simplifies, opening up the definition of MEMBERS-ALL-PROPERP, to: T. Case 2. (IMPLIES (AND (LISTP BIGLST1) (MEMBERS-ALL-PROPERP (APPEND (CDR BIGLST1) BIGLST2)) (MEMBERS-ALL-PROPERP BIGLST1) (MEMBERS-ALL-PROPERP BIGLST2)) (MEMBERS-ALL-PROPERP (APPEND BIGLST1 BIGLST2))), which simplifies, applying CDR-CONS and CAR-CONS, and unfolding MEMBERS-ALL-PROPERP and APPEND, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BIGLST1)) (MEMBERS-ALL-PROPERP BIGLST1) (MEMBERS-ALL-PROPERP BIGLST2)) (MEMBERS-ALL-PROPERP (APPEND BIGLST1 BIGLST2))). This simplifies, expanding the functions MEMBERS-ALL-PROPERP and APPEND, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] APPEND-PRESERVES-MEMBERS-ALL-PROPERP (PROVE-LEMMA CONS-ALL-PRESERVES-MEMBERS-ALL-PROPERP (REWRITE) (IMPLIES (MEMBERS-ALL-PROPERP BIGLST) (MEMBERS-ALL-PROPERP (CONS-ALL ITEM BIGLST)))) Call the conjecture *1. We will try to prove it by induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP BIGLST) (p ITEM (CDR BIGLST))) (p ITEM BIGLST)) (IMPLIES (NOT (LISTP BIGLST)) (p ITEM BIGLST))). Linear arithmetic and the lemma CDR-LESSP can be used to establish that the measure (COUNT BIGLST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following three new formulas: Case 3. (IMPLIES (AND (LISTP BIGLST) (NOT (MEMBERS-ALL-PROPERP (CDR BIGLST))) (MEMBERS-ALL-PROPERP BIGLST)) (MEMBERS-ALL-PROPERP (CONS-ALL ITEM BIGLST))). This simplifies, expanding the definition of MEMBERS-ALL-PROPERP, to: T. Case 2. (IMPLIES (AND (LISTP BIGLST) (MEMBERS-ALL-PROPERP (CONS-ALL ITEM (CDR BIGLST))) (MEMBERS-ALL-PROPERP BIGLST)) (MEMBERS-ALL-PROPERP (CONS-ALL ITEM BIGLST))). This simplifies, appealing to the lemmas CDR-CONS, CONS-PRESERVES-PROPER, and CAR-CONS, and opening up MEMBERS-ALL-PROPERP and CONS-ALL, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BIGLST)) (MEMBERS-ALL-PROPERP BIGLST)) (MEMBERS-ALL-PROPERP (CONS-ALL ITEM BIGLST))). This simplifies, unfolding MEMBERS-ALL-PROPERP and CONS-ALL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] CONS-ALL-PRESERVES-MEMBERS-ALL-PROPERP (PROVE-LEMMA MEMBERS-ALL-PROPERP-WORKS (REWRITE) (IMPLIES (AND (MEMBER LST BIGLST) (MEMBERS-ALL-PROPERP BIGLST)) (PROPERP LST))) WARNING: Note that MEMBERS-ALL-PROPERP-WORKS contains the free variable BIGLST which will be chosen by instantiating the hypothesis (MEMBER LST BIGLST). Name the conjecture *1. We will appeal to induction. The recursive terms in the conjecture suggest three inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP BIGLST) (p LST BIGLST)) (IMPLIES (AND (NOT (NLISTP BIGLST)) (EQUAL LST (CAR BIGLST))) (p LST BIGLST)) (IMPLIES (AND (NOT (NLISTP BIGLST)) (NOT (EQUAL LST (CAR BIGLST))) (p LST (CDR BIGLST))) (p LST BIGLST))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT BIGLST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following four new formulas: Case 4. (IMPLIES (AND (NLISTP BIGLST) (MEMBER LST BIGLST) (MEMBERS-ALL-PROPERP BIGLST)) (PROPERP LST)). This simplifies, expanding the definitions of NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP BIGLST)) (EQUAL LST (CAR BIGLST)) (MEMBER LST BIGLST) (MEMBERS-ALL-PROPERP BIGLST)) (PROPERP LST)). This simplifies, applying CDR-IS-SUBSET and CAR-OF-SUBSET, and expanding the definitions of NLISTP, SUBSETP, MEMBER, and MEMBERS-ALL-PROPERP, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP BIGLST)) (NOT (EQUAL LST (CAR BIGLST))) (NOT (MEMBER LST (CDR BIGLST))) (MEMBER LST BIGLST) (MEMBERS-ALL-PROPERP BIGLST)) (PROPERP LST)), which simplifies, opening up NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP BIGLST)) (NOT (EQUAL LST (CAR BIGLST))) (NOT (MEMBERS-ALL-PROPERP (CDR BIGLST))) (MEMBER LST BIGLST) (MEMBERS-ALL-PROPERP BIGLST)) (PROPERP LST)), which simplifies, opening up the definitions of NLISTP, MEMBER, and MEMBERS-ALL-PROPERP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MEMBERS-ALL-PROPERP-WORKS (PROVE-LEMMA ONLY-PROPER-AUX1 (REWRITE) (MEMBERS-ALL-PROPERP (POWER-SET LST))) Call the conjecture *1. Let us appeal to the induction principle. There is only one suggested induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (p (CDR LST))) (p LST)) (IMPLIES (NOT (LISTP LST)) (p LST))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new goals: Case 2. (IMPLIES (AND (LISTP LST) (MEMBERS-ALL-PROPERP (POWER-SET (CDR LST)))) (MEMBERS-ALL-PROPERP (POWER-SET LST))), which simplifies, applying CONS-ALL-PRESERVES-MEMBERS-ALL-PROPERP and APPEND-PRESERVES-MEMBERS-ALL-PROPERP, and expanding the function POWER-SET, to: T. Case 1. (IMPLIES (NOT (LISTP LST)) (MEMBERS-ALL-PROPERP (POWER-SET LST))). This simplifies, expanding POWER-SET and MEMBERS-ALL-PROPERP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ONLY-PROPER-AUX1 (PROVE-LEMMA ONLY-PROPER NIL (IMPLIES (MEMBER LST (POWER-SET SET)) (PROPERP LST))) This simplifies, rewriting with ONLY-PROPER-AUX1 and MEMBERS-ALL-PROPERP-WORKS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ONLY-PROPER (DISABLE ONLY-PROPER-AUX1) [ 0.0 0.0 0.0 ] ONLY-PROPER-AUX1-OFF (DEFN MEMBERS-ALL-SUBLISTP (BIGLST SET) (IF (LISTP BIGLST) (AND (SUBLISTP (CAR BIGLST) SET) (MEMBERS-ALL-SUBLISTP (CDR BIGLST) SET)) T)) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT BIGLST) decreases according to the well-founded relation LESSP in each recursive call. Hence, MEMBERS-ALL-SUBLISTP is accepted under the principle of definition. Note that: (OR (FALSEP (MEMBERS-ALL-SUBLISTP BIGLST SET)) (TRUEP (MEMBERS-ALL-SUBLISTP BIGLST SET))) is a theorem. [ 0.0 0.0 0.0 ] MEMBERS-ALL-SUBLISTP (PROVE-LEMMA APPEND-PRESERVES-MEMBERS-ALL-SUBLISTP (REWRITE) (IMPLIES (AND (MEMBERS-ALL-SUBLISTP BIGLST1 SET) (MEMBERS-ALL-SUBLISTP BIGLST2 SET)) (MEMBERS-ALL-SUBLISTP (APPEND BIGLST1 BIGLST2) SET))) Call the conjecture *1. We will try to prove it by induction. There are three plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP BIGLST1) (p (CDR BIGLST1) BIGLST2 SET)) (p BIGLST1 BIGLST2 SET)) (IMPLIES (NOT (LISTP BIGLST1)) (p BIGLST1 BIGLST2 SET))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT BIGLST1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates three new goals: Case 3. (IMPLIES (AND (LISTP BIGLST1) (NOT (MEMBERS-ALL-SUBLISTP (CDR BIGLST1) SET)) (MEMBERS-ALL-SUBLISTP BIGLST1 SET) (MEMBERS-ALL-SUBLISTP BIGLST2 SET)) (MEMBERS-ALL-SUBLISTP (APPEND BIGLST1 BIGLST2) SET)), which simplifies, opening up the function MEMBERS-ALL-SUBLISTP, to: T. Case 2. (IMPLIES (AND (LISTP BIGLST1) (MEMBERS-ALL-SUBLISTP (APPEND (CDR BIGLST1) BIGLST2) SET) (MEMBERS-ALL-SUBLISTP BIGLST1 SET) (MEMBERS-ALL-SUBLISTP BIGLST2 SET)) (MEMBERS-ALL-SUBLISTP (APPEND BIGLST1 BIGLST2) SET)), which simplifies, applying CDR-CONS and CAR-CONS, and unfolding the functions MEMBERS-ALL-SUBLISTP and APPEND, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BIGLST1)) (MEMBERS-ALL-SUBLISTP BIGLST1 SET) (MEMBERS-ALL-SUBLISTP BIGLST2 SET)) (MEMBERS-ALL-SUBLISTP (APPEND BIGLST1 BIGLST2) SET)). This simplifies, opening up the functions MEMBERS-ALL-SUBLISTP and APPEND, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] APPEND-PRESERVES-MEMBERS-ALL-SUBLISTP (PROVE-LEMMA CONS-ALL-PRESERVES-MEMBERS-ALL-SUBLISTP (REWRITE) (IMPLIES (MEMBERS-ALL-SUBLISTP BIGLST SET) (MEMBERS-ALL-SUBLISTP (CONS-ALL ITEM BIGLST) (CONS ITEM SET)))) Call the conjecture *1. Perhaps we can prove it by induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP BIGLST) (p ITEM (CDR BIGLST) SET)) (p ITEM BIGLST SET)) (IMPLIES (NOT (LISTP BIGLST)) (p ITEM BIGLST SET))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT BIGLST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to three new goals: Case 3. (IMPLIES (AND (LISTP BIGLST) (NOT (MEMBERS-ALL-SUBLISTP (CDR BIGLST) SET)) (MEMBERS-ALL-SUBLISTP BIGLST SET)) (MEMBERS-ALL-SUBLISTP (CONS-ALL ITEM BIGLST) (CONS ITEM SET))), which simplifies, opening up the definition of MEMBERS-ALL-SUBLISTP, to: T. Case 2. (IMPLIES (AND (LISTP BIGLST) (MEMBERS-ALL-SUBLISTP (CONS-ALL ITEM (CDR BIGLST)) (CONS ITEM SET)) (MEMBERS-ALL-SUBLISTP BIGLST SET)) (MEMBERS-ALL-SUBLISTP (CONS-ALL ITEM BIGLST) (CONS ITEM SET))), which simplifies, applying CDR-CONS and CAR-CONS, and unfolding MEMBERS-ALL-SUBLISTP, CONS-ALL, and SUBLISTP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BIGLST)) (MEMBERS-ALL-SUBLISTP BIGLST SET)) (MEMBERS-ALL-SUBLISTP (CONS-ALL ITEM BIGLST) (CONS ITEM SET))). This simplifies, expanding the functions MEMBERS-ALL-SUBLISTP, CONS-ALL, and LISTP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] CONS-ALL-PRESERVES-MEMBERS-ALL-SUBLISTP (PROVE-LEMMA MEMBERS-ALL-SUBLISTP-WORKS (REWRITE) (IMPLIES (AND (MEMBER LST BIGLST) (MEMBERS-ALL-SUBLISTP BIGLST SET)) (SUBLISTP LST SET))) WARNING: Note that MEMBERS-ALL-SUBLISTP-WORKS contains the free variable BIGLST which will be chosen by instantiating the hypothesis (MEMBER LST BIGLST). Call the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP BIGLST) (p LST SET BIGLST)) (IMPLIES (AND (NOT (NLISTP BIGLST)) (EQUAL LST (CAR BIGLST))) (p LST SET BIGLST)) (IMPLIES (AND (NOT (NLISTP BIGLST)) (NOT (EQUAL LST (CAR BIGLST))) (p LST SET (CDR BIGLST))) (p LST SET BIGLST))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to prove that the measure (COUNT BIGLST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to four new goals: Case 4. (IMPLIES (AND (NLISTP BIGLST) (MEMBER LST BIGLST) (MEMBERS-ALL-SUBLISTP BIGLST SET)) (SUBLISTP LST SET)), which simplifies, opening up the definitions of NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP BIGLST)) (EQUAL LST (CAR BIGLST)) (MEMBER LST BIGLST) (MEMBERS-ALL-SUBLISTP BIGLST SET)) (SUBLISTP LST SET)), which simplifies, applying CDR-IS-SUBSET and CAR-OF-SUBSET, and unfolding NLISTP, SUBSETP, MEMBER, and MEMBERS-ALL-SUBLISTP, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP BIGLST)) (NOT (EQUAL LST (CAR BIGLST))) (NOT (MEMBER LST (CDR BIGLST))) (MEMBER LST BIGLST) (MEMBERS-ALL-SUBLISTP BIGLST SET)) (SUBLISTP LST SET)). This simplifies, expanding the functions NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP BIGLST)) (NOT (EQUAL LST (CAR BIGLST))) (NOT (MEMBERS-ALL-SUBLISTP (CDR BIGLST) SET)) (MEMBER LST BIGLST) (MEMBERS-ALL-SUBLISTP BIGLST SET)) (SUBLISTP LST SET)). This simplifies, opening up the functions NLISTP, MEMBER, and MEMBERS-ALL-SUBLISTP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MEMBERS-ALL-SUBLISTP-WORKS (PROVE-LEMMA ONLY-SUBLISTS-AUX1 (REWRITE) (MEMBERS-ALL-SUBLISTP (POWER-SET SET) SET)) Name the conjecture *1. We will appeal to induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP SET) (p (CDR SET))) (p SET)) (IMPLIES (NOT (LISTP SET)) (p SET))). Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new goals: Case 2. (IMPLIES (AND (LISTP SET) (MEMBERS-ALL-SUBLISTP (POWER-SET (CDR SET)) (CDR SET))) (MEMBERS-ALL-SUBLISTP (POWER-SET SET) SET)), which simplifies, unfolding the definition of POWER-SET, to the goal: (IMPLIES (AND (LISTP SET) (MEMBERS-ALL-SUBLISTP (POWER-SET (CDR SET)) (CDR SET))) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL (CAR SET) (POWER-SET (CDR SET))) (POWER-SET (CDR SET))) SET)). Appealing to the lemma CAR-CDR-ELIM, we now replace SET by (CONS Z X) to eliminate (CDR SET) and (CAR SET). We must thus prove: (IMPLIES (MEMBERS-ALL-SUBLISTP (POWER-SET X) X) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z (POWER-SET X)) (POWER-SET X)) (CONS Z X))). We will try to prove the above formula by generalizing it, replacing (POWER-SET X) by Y. We restrict the new variable by recalling the type restriction lemma noted when POWER-SET was introduced. We thus obtain: (IMPLIES (AND (LISTP Y) (MEMBERS-ALL-SUBLISTP Y X)) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z Y) Y) (CONS Z X))), which we will name *1.1. Case 1. (IMPLIES (NOT (LISTP SET)) (MEMBERS-ALL-SUBLISTP (POWER-SET SET) SET)). This simplifies, unfolding the definitions of POWER-SET, CDR, SUBLISTP, CAR, LISTP, and MEMBERS-ALL-SUBLISTP, to: T. So next consider: (IMPLIES (AND (LISTP Y) (MEMBERS-ALL-SUBLISTP Y X)) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z Y) Y) (CONS Z X))), which is formula *1.1 above. Perhaps we can prove it by induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP Y) (p Z (CDR Y) X)) (p Z Y X)) (IMPLIES (NOT (LISTP Y)) (p Z Y X))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT Y) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following three new conjectures: Case 3. (IMPLIES (AND (NOT (LISTP (CDR Y))) (LISTP Y) (MEMBERS-ALL-SUBLISTP Y X)) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z Y) Y) (CONS Z X))). This simplifies, rewriting with the lemmas CDR-CONS, CAR-CONS, CONS-ALL-PRESERVES-MEMBERS-ALL-SUBLISTP, and APPEND-PRESERVES-MEMBERS-ALL-SUBLISTP, and opening up the definitions of MEMBERS-ALL-SUBLISTP, CONS-ALL, APPEND, and SUBLISTP, to: T. Case 2. (IMPLIES (AND (NOT (MEMBERS-ALL-SUBLISTP (CDR Y) X)) (LISTP Y) (MEMBERS-ALL-SUBLISTP Y X)) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z Y) Y) (CONS Z X))). This simplifies, opening up MEMBERS-ALL-SUBLISTP, to: T. Case 1. (IMPLIES (AND (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z (CDR Y)) (CDR Y)) (CONS Z X)) (LISTP Y) (MEMBERS-ALL-SUBLISTP Y X)) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z Y) Y) (CONS Z X))). This simplifies, applying CDR-CONS and CAR-CONS, and unfolding the definitions of MEMBERS-ALL-SUBLISTP, CONS-ALL, APPEND, and SUBLISTP, to: (IMPLIES (AND (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z (CDR Y)) (CDR Y)) (CONS Z X)) (LISTP Y) (SUBLISTP (CAR Y) X) (MEMBERS-ALL-SUBLISTP (CDR Y) X)) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z (CDR Y)) Y) (CONS Z X))). Appealing to the lemma CAR-CDR-ELIM, we now replace Y by (CONS W V) to eliminate (CDR Y) and (CAR Y). This generates the formula: (IMPLIES (AND (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z V) V) (CONS Z X)) (SUBLISTP W X) (MEMBERS-ALL-SUBLISTP V X)) (MEMBERS-ALL-SUBLISTP (APPEND (CONS-ALL Z V) (CONS W V)) (CONS Z X))). We will try to prove the above formula by generalizing it, replacing (CONS-ALL Z V) by A. This generates: (IMPLIES (AND (MEMBERS-ALL-SUBLISTP (APPEND A V) (CONS Z X)) (SUBLISTP W X) (MEMBERS-ALL-SUBLISTP V X)) (MEMBERS-ALL-SUBLISTP (APPEND A (CONS W V)) (CONS Z X))). Name the above subgoal *1.1.1. We will appeal to induction. There are four plausible inductions. They merge into three likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP A) (p (CDR A) W V Z X)) (p A W V Z X)) (IMPLIES (NOT (LISTP A)) (p A W V Z X))). Linear arithmetic and the lemma CDR-LESSP can be used to establish that the measure (COUNT A) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to three new conjectures: Case 3. (IMPLIES (AND (LISTP A) (NOT (MEMBERS-ALL-SUBLISTP (APPEND (CDR A) V) (CONS Z X))) (MEMBERS-ALL-SUBLISTP (APPEND A V) (CONS Z X)) (SUBLISTP W X) (MEMBERS-ALL-SUBLISTP V X)) (MEMBERS-ALL-SUBLISTP (APPEND A (CONS W V)) (CONS Z X))), which simplifies, rewriting with the lemmas CDR-CONS and CAR-CONS, and unfolding the definitions of APPEND, SUBLISTP, and MEMBERS-ALL-SUBLISTP, to: T. Case 2. (IMPLIES (AND (LISTP A) (MEMBERS-ALL-SUBLISTP (APPEND (CDR A) (CONS W V)) (CONS Z X)) (MEMBERS-ALL-SUBLISTP (APPEND A V) (CONS Z X)) (SUBLISTP W X) (MEMBERS-ALL-SUBLISTP V X)) (MEMBERS-ALL-SUBLISTP (APPEND A (CONS W V)) (CONS Z X))), which simplifies, applying CDR-CONS and CAR-CONS, and expanding APPEND, SUBLISTP, and MEMBERS-ALL-SUBLISTP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP A)) (MEMBERS-ALL-SUBLISTP (APPEND A V) (CONS Z X)) (SUBLISTP W X) (MEMBERS-ALL-SUBLISTP V X)) (MEMBERS-ALL-SUBLISTP (APPEND A (CONS W V)) (CONS Z X))). This simplifies, rewriting with CDR-CONS and CAR-CONS, and opening up APPEND, SUBLISTP, and MEMBERS-ALL-SUBLISTP, to: T. That finishes the proof of *1.1.1, which, in turn, finishes the proof of *1.1, which finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.1 ] ONLY-SUBLISTS-AUX1 (PROVE-LEMMA ONLY-SUBLISTS (REWRITE) (IMPLIES (MEMBER LST (POWER-SET SET)) (SUBLISTP LST SET))) This conjecture simplifies, appealing to the lemmas ONLY-SUBLISTS-AUX1 and MEMBERS-ALL-SUBLISTP-WORKS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ONLY-SUBLISTS (PROVE-LEMMA ALL-SUBLISTS (REWRITE) (IMPLIES (AND (SUBLISTP LST SET) (PROPERP LST)) (MEMBER LST (POWER-SET SET)))) Name the conjecture *1. Let us appeal to the induction principle. The recursive terms in the conjecture suggest three inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP SET) (p LST (CDR SET)) (p (CDR LST) (CDR SET))) (p LST SET)) (IMPLIES (NOT (LISTP SET)) (p LST SET))). Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for LST. The above induction scheme leads to the following seven new goals: Case 7. (IMPLIES (AND (LISTP SET) (NOT (SUBLISTP LST (CDR SET))) (NOT (SUBLISTP (CDR LST) (CDR SET))) (SUBLISTP LST SET) (PROPERP LST)) (MEMBER LST (POWER-SET SET))). This simplifies, expanding the definition of SUBLISTP, to: T. Case 6. (IMPLIES (AND (LISTP SET) (MEMBER LST (POWER-SET (CDR SET))) (NOT (SUBLISTP (CDR LST) (CDR SET))) (SUBLISTP LST SET) (PROPERP LST)) (MEMBER LST (POWER-SET SET))). This simplifies, rewriting with APPEND-WORKS-RIGHT, and unfolding the functions SUBLISTP and POWER-SET, to: T. Case 5. (IMPLIES (AND (LISTP SET) (NOT (SUBLISTP LST (CDR SET))) (NOT (PROPERP (CDR LST))) (SUBLISTP LST SET) (PROPERP LST)) (MEMBER LST (POWER-SET SET))), which simplifies, expanding the definitions of SUBLISTP and POWER-SET, to the conjecture: (IMPLIES (AND (LISTP SET) (NOT (SUBLISTP LST (CDR SET))) (NOT (PROPERP (CDR LST))) (LISTP LST) (EQUAL (CAR LST) (CAR SET)) (SUBLISTP (CDR LST) (CDR SET)) (PROPERP LST)) (MEMBER LST (APPEND (CONS-ALL (CAR LST) (POWER-SET (CDR SET))) (POWER-SET (CDR SET))))). However this further simplifies, expanding PROPERP, to: T. Case 4. (IMPLIES (AND (LISTP SET) (MEMBER LST (POWER-SET (CDR SET))) (NOT (PROPERP (CDR LST))) (SUBLISTP LST SET) (PROPERP LST)) (MEMBER LST (POWER-SET SET))), which simplifies, appealing to the lemma APPEND-WORKS-RIGHT, and unfolding the functions SUBLISTP and POWER-SET, to: T. Case 3. (IMPLIES (AND (LISTP SET) (NOT (SUBLISTP LST (CDR SET))) (MEMBER (CDR LST) (POWER-SET (CDR SET))) (SUBLISTP LST SET) (PROPERP LST)) (MEMBER LST (POWER-SET SET))), which simplifies, unfolding SUBLISTP and POWER-SET, to the conjecture: (IMPLIES (AND (LISTP SET) (NOT (SUBLISTP LST (CDR SET))) (MEMBER (CDR LST) (POWER-SET (CDR SET))) (LISTP LST) (EQUAL (CAR LST) (CAR SET)) (SUBLISTP (CDR LST) (CDR SET)) (PROPERP LST)) (MEMBER LST (APPEND (CONS-ALL (CAR LST) (POWER-SET (CDR SET))) (POWER-SET (CDR SET))))). This further simplifies, applying the lemma ONLY-SUBLISTS, and opening up the function PROPERP, to: (IMPLIES (AND (LISTP SET) (NOT (SUBLISTP LST (CDR SET))) (MEMBER (CDR LST) (POWER-SET (CDR SET))) (LISTP LST) (EQUAL (CAR LST) (CAR SET)) (PROPERP (CDR LST))) (MEMBER LST (APPEND (CONS-ALL (CAR LST) (POWER-SET (CDR SET))) (POWER-SET (CDR SET))))). Appealing to the lemma CAR-CDR-ELIM, we now replace SET by (CONS Z X) to eliminate (CDR SET) and (CAR SET). This generates: (IMPLIES (AND (NOT (SUBLISTP LST X)) (MEMBER (CDR LST) (POWER-SET X)) (LISTP LST) (EQUAL (CAR LST) Z) (PROPERP (CDR LST))) (MEMBER LST (APPEND (CONS-ALL (CAR LST) (POWER-SET X)) (POWER-SET X)))). This further simplifies, clearly, to: (IMPLIES (AND (NOT (SUBLISTP LST X)) (MEMBER (CDR LST) (POWER-SET X)) (LISTP LST) (PROPERP (CDR LST))) (MEMBER LST (APPEND (CONS-ALL (CAR LST) (POWER-SET X)) (POWER-SET X)))). Applying the lemma CAR-CDR-ELIM, replace LST by (CONS V Z) to eliminate (CDR LST) and (CAR LST). We thus obtain: (IMPLIES (AND (NOT (SUBLISTP (CONS V Z) X)) (MEMBER Z (POWER-SET X)) (PROPERP Z)) (MEMBER (CONS V Z) (APPEND (CONS-ALL V (POWER-SET X)) (POWER-SET X)))), which finally simplifies, rewriting with ALL-PAIRS-IN-CONS-ALL and APPEND-WORKS-LEFT, to: T. Case 2. (IMPLIES (AND (LISTP SET) (MEMBER LST (POWER-SET (CDR SET))) (MEMBER (CDR LST) (POWER-SET (CDR SET))) (SUBLISTP LST SET) (PROPERP LST)) (MEMBER LST (POWER-SET SET))). This simplifies, rewriting with APPEND-WORKS-RIGHT, and unfolding the functions SUBLISTP and POWER-SET, to: T. Case 1. (IMPLIES (AND (NOT (LISTP SET)) (SUBLISTP LST SET) (PROPERP LST)) (MEMBER LST (POWER-SET SET))), which simplifies, unfolding the functions SUBLISTP, POWER-SET, CDR, CAR, LISTP, and MEMBER, to: (IMPLIES (AND (NOT (LISTP SET)) (NOT (LISTP LST)) (PROPERP LST)) (EQUAL LST NIL)). This further simplifies, opening up the function PROPERP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] ALL-SUBLISTS (DEFN SETP (S) (IF (LISTP S) (AND (NUMBERP (CAR S)) (SETP (CDR S)) (OR (EQUAL (CDR S) NIL) (LESSP (CAR S) (CADR S)))) (EQUAL S NIL))) Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT S) decreases according to the well-founded relation LESSP in each recursive call. Hence, SETP is accepted under the principle of definition. From the definition we can conclude that: (OR (FALSEP (SETP S)) (TRUEP (SETP S))) is a theorem. [ 0.0 0.0 0.0 ] SETP (DEFN LARGEP (SET) (AND (SETP SET) (LISTP SET) (NOT (LESSP (LENGTH SET) (CAR SET))))) Note that (OR (FALSEP (LARGEP SET)) (TRUEP (LARGEP SET))) is a theorem. [ 0.0 0.0 0.0 ] LARGEP (PROVE-LEMMA EMPTY-IS-NIL (REWRITE) (IMPLIES (AND (SETP S) (NOT (LISTP S))) (EQUAL (EQUAL S NIL) T))) This conjecture simplifies, unfolding the definition of SETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EMPTY-IS-NIL (PROVE-LEMMA INCREASING (REWRITE) (IMPLIES (AND (SETP S) (MEMBER X (CDR S))) (LESSP (CAR S) X))) WARNING: When the linear lemma INCREASING is stored under (CAR S) it contains the free variable X which will be chosen by instantiating the hypothesis (MEMBER X (CDR S)). WARNING: Note that the proposed lemma INCREASING is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This simplifies, opening up the functions SETP, CDR, LISTP, and MEMBER, to the conjecture: (IMPLIES (AND (LISTP S) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (MEMBER X (CDR S))) (LESSP (CAR S) X)). Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to eliminate (CAR S) and (CDR S) and V by (CONS W D) to eliminate (CAR V) and (CDR V). We must thus prove two new goals: Case 2. (IMPLIES (AND (NOT (LISTP V)) (NUMBERP Z) (SETP V) (LESSP Z (CAR V)) (MEMBER X V)) (LESSP Z X)), which further simplifies, expanding SETP, CAR, EQUAL, and LESSP, to: T. Case 1. (IMPLIES (AND (NUMBERP Z) (SETP (CONS W D)) (LESSP Z W) (MEMBER X (CONS W D))) (LESSP Z X)), which further simplifies, applying CDR-CONS and CAR-CONS, and opening up the functions SETP, MEMBER, and LISTP, to: (IMPLIES (AND (NUMBERP Z) (NUMBERP W) (SETP D) (LESSP W (CAR D)) (LESSP Z W) (MEMBER X D)) (LESSP Z X)), which we would normally push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us return to: (IMPLIES (AND (SETP S) (MEMBER X (CDR S))) (LESSP (CAR S) X)). We named this *1. We will try to prove it by induction. The recursive terms in the conjecture suggest two inductions, both of which are unflawed. However, one of these is more likely than the other. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S) (p (CDR S) X)) (p S X)) (IMPLIES (NOT (LISTP S)) (p S X))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT S) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following four new goals: Case 4. (IMPLIES (AND (LISTP S) (NOT (SETP (CDR S))) (SETP S) (MEMBER X (CDR S))) (LESSP (CAR S) X)). This simplifies, opening up the function SETP, to: T. Case 3. (IMPLIES (AND (LISTP S) (NOT (MEMBER X (CDDR S))) (SETP S) (MEMBER X (CDR S))) (LESSP (CAR S) X)). This simplifies, unfolding the definitions of SETP, LISTP, and MEMBER, to the new conjecture: (IMPLIES (AND (LISTP S) (NOT (MEMBER X (CDDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LISTP (CDR S)) (EQUAL X (CADR S))) (LESSP (CAR S) X)), which again simplifies, clearly, to: T. Case 2. (IMPLIES (AND (LISTP S) (LESSP (CADR S) X) (SETP S) (MEMBER X (CDR S))) (LESSP (CAR S) X)). This simplifies, unfolding the definitions of SETP, LISTP, and MEMBER, to: (IMPLIES (AND (LISTP S) (LESSP (CADR S) X) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (MEMBER X (CDR S))) (LESSP (CAR S) X)), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S)) (SETP S) (MEMBER X (CDR S))) (LESSP (CAR S) X)), which simplifies, unfolding the definitions of SETP, CDR, LISTP, and MEMBER, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] INCREASING (PROVE-LEMMA NOT-AGAIN (REWRITE) (IMPLIES (SETP S) (NOT (MEMBER (CAR S) (CDR S))))) This formula simplifies, expanding the functions SETP, CAR, CDR, MEMBER, and LISTP, to the formula: (IMPLIES (AND (LISTP S) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S))) (NOT (MEMBER (CAR S) (CDR S)))). Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS X Z) to eliminate (CAR S) and (CDR S) and Z by (CONS V W) to eliminate (CAR Z) and (CDR Z). This generates two new formulas: Case 2. (IMPLIES (AND (NOT (LISTP Z)) (NUMBERP X) (SETP Z) (LESSP X (CAR Z))) (NOT (MEMBER X Z))), which further simplifies, opening up the functions SETP, CAR, EQUAL, and LESSP, to: T. Case 1. (IMPLIES (AND (NUMBERP X) (SETP (CONS V W)) (LESSP X V)) (NOT (MEMBER X (CONS V W)))), which further simplifies, applying the lemmas CDR-CONS and CAR-CONS, and unfolding the definitions of SETP, MEMBER, and LISTP, to three new formulas: Case 1.3. (IMPLIES (AND (NUMBERP X) (NUMBERP V) (SETP W) (EQUAL W NIL) (LESSP X V)) (NOT (EQUAL X V))), which again simplifies, using linear arithmetic, to: T. Case 1.2. (IMPLIES (AND (NUMBERP X) (NUMBERP V) (SETP W) (LESSP V (CAR W)) (LESSP X V)) (NOT (EQUAL X V))), which again simplifies, using linear arithmetic, to: T. Case 1.1. (IMPLIES (AND (NUMBERP X) (NUMBERP V) (SETP W) (LESSP V (CAR W)) (LESSP X V)) (NOT (MEMBER X W))), which we would normally push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us return to: (IMPLIES (SETP S) (NOT (MEMBER (CAR S) (CDR S)))), named *1. Let us appeal to the induction principle. There is only one suggested induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S) (p (CDR S))) (p S)) (IMPLIES (NOT (LISTP S)) (p S))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates three new formulas: Case 3. (IMPLIES (AND (LISTP S) (NOT (SETP (CDR S))) (SETP S)) (NOT (MEMBER (CAR S) (CDR S)))), which simplifies, unfolding the function SETP, to: T. Case 2. (IMPLIES (AND (LISTP S) (NOT (MEMBER (CADR S) (CDDR S))) (SETP S)) (NOT (MEMBER (CAR S) (CDR S)))), which simplifies, opening up the functions SETP, LISTP, and MEMBER, to two new goals: Case 2.2. (IMPLIES (AND (LISTP S) (NOT (MEMBER (CADR S) (CDDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LISTP (CDR S))) (NOT (MEMBER (CAR S) (CDDR S)))), which again simplifies, using linear arithmetic and applying the lemma INCREASING, to: T. Case 2.1. (IMPLIES (AND (LISTP S) (NOT (MEMBER (CADR S) (CDDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LISTP (CDR S))) (NOT (EQUAL (CAR S) (CADR S)))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S)) (SETP S)) (NOT (MEMBER (CAR S) (CDR S)))), which simplifies, opening up the definitions of SETP, CAR, CDR, and MEMBER, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NOT-AGAIN (PROVE-LEMMA MIN-IS-FIRST (REWRITE) (IMPLIES (AND (SETP S) (LESSP X (CAR S))) (NOT (MEMBER X S)))) . Appealing to the lemma CAR-CDR-ELIM, we now replace S by (CONS Z V) to eliminate (CAR S) and (CDR S). This generates two new conjectures: Case 2. (IMPLIES (AND (NOT (LISTP S)) (SETP S) (LESSP X (CAR S))) (NOT (MEMBER X S))), which simplifies, expanding SETP, CAR, EQUAL, and LESSP, to: T. Case 1. (IMPLIES (AND (SETP (CONS Z V)) (LESSP X Z)) (NOT (MEMBER X (CONS Z V)))), which simplifies, rewriting with CDR-CONS and CAR-CONS, and unfolding the definitions of SETP, MEMBER, and LISTP, to the following three new goals: Case 1.3. (IMPLIES (AND (NUMBERP Z) (SETP V) (EQUAL V NIL) (LESSP X Z)) (NOT (EQUAL X Z))). This again simplifies, using linear arithmetic, to: T. Case 1.2. (IMPLIES (AND (NUMBERP Z) (SETP V) (LESSP Z (CAR V)) (LESSP X Z)) (NOT (EQUAL X Z))), which again simplifies, using linear arithmetic, to: T. Case 1.1. (IMPLIES (AND (NUMBERP Z) (SETP V) (LESSP Z (CAR V)) (LESSP X Z)) (NOT (MEMBER X V))), which we would normally push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us return to: (IMPLIES (AND (SETP S) (LESSP X (CAR S))) (NOT (MEMBER X S))). We named this *1. We will try to prove it by induction. The recursive terms in the conjecture suggest three inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S) (p X (CDR S))) (p X S)) (IMPLIES (NOT (LISTP S)) (p X S))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT S) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following four new goals: Case 4. (IMPLIES (AND (LISTP S) (NOT (SETP (CDR S))) (SETP S) (LESSP X (CAR S))) (NOT (MEMBER X S))). This simplifies, opening up the function SETP, to: T. Case 3. (IMPLIES (AND (LISTP S) (NOT (LESSP X (CADR S))) (SETP S) (LESSP X (CAR S))) (NOT (MEMBER X S))). This simplifies, unfolding the definitions of SETP and MEMBER, to the following four new goals: Case 3.4. (IMPLIES (AND (LISTP S) (NOT (LESSP X (CADR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (EQUAL (CDR S) NIL) (LESSP X (CAR S))) (NOT (EQUAL X (CAR S)))). But this again simplifies, using linear arithmetic, to: T. Case 3.3. (IMPLIES (AND (LISTP S) (NOT (LESSP X (CADR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (EQUAL (CDR S) NIL) (LESSP X (CAR S))) (NOT (MEMBER X (CDR S)))), which again simplifies, opening up CAR, EQUAL, LESSP, SETP, LISTP, and MEMBER, to: T. Case 3.2. (IMPLIES (AND (LISTP S) (NOT (LESSP X (CADR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LESSP X (CAR S))) (NOT (EQUAL X (CAR S)))), which again simplifies, clearly, to: T. Case 3.1. (IMPLIES (AND (LISTP S) (NOT (LESSP X (CADR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LESSP X (CAR S))) (NOT (MEMBER X (CDR S)))). This again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (LISTP S) (NOT (MEMBER X (CDR S))) (SETP S) (LESSP X (CAR S))) (NOT (MEMBER X S))), which simplifies, unfolding the definitions of SETP and MEMBER, to two new formulas: Case 2.2. (IMPLIES (AND (LISTP S) (NOT (MEMBER X (CDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (EQUAL (CDR S) NIL) (LESSP X (CAR S))) (NOT (EQUAL X (CAR S)))), which again simplifies, using linear arithmetic, to: T. Case 2.1. (IMPLIES (AND (LISTP S) (NOT (MEMBER X (CDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LESSP X (CAR S))) (NOT (EQUAL X (CAR S)))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S)) (SETP S) (LESSP X (CAR S))) (NOT (MEMBER X S))), which simplifies, opening up the definitions of SETP, CAR, EQUAL, and LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MIN-IS-FIRST (DEFN LAST (SET) (IF (LISTP SET) (IF (LISTP (CDR SET)) (LAST (CDR SET)) (CAR SET)) 0)) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each recursive call. Hence, LAST is accepted under the principle of definition. [ 0.0 0.0 0.0 ] LAST (PROVE-LEMMA TAIL-OF-A-SET (REWRITE) (IMPLIES (AND (SETP S) (LISTP S)) (SETP (CDR S)))) This formula simplifies, expanding the function SETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] TAIL-OF-A-SET (PROVE-LEMMA FIRST-BEFORE-LAST (REWRITE) (IMPLIES (AND (SETP S) (LISTP (CDR S))) (LESSP (CAR S) (LAST S)))) WARNING: Note that the proposed lemma FIRST-BEFORE-LAST is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This conjecture simplifies, expanding the definitions of SETP, CDR, LISTP, and LAST, to the new conjecture: (IMPLIES (AND (LISTP S) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LISTP (CDR S))) (LESSP (CAR S) (LAST (CDR S)))). Applying the lemma CAR-CDR-ELIM, replace S by (CONS X Z) to eliminate (CAR S) and (CDR S) and Z by (CONS V W) to eliminate (CAR Z) and (CDR Z). We would thus like to prove the new goal: (IMPLIES (AND (NUMBERP X) (SETP (CONS V W)) (LESSP X V)) (LESSP X (LAST (CONS V W)))), which further simplifies, applying CDR-CONS and CAR-CONS, and opening up the functions SETP, LISTP, and LAST, to: (IMPLIES (AND (NUMBERP X) (NUMBERP V) (SETP W) (LESSP V (CAR W)) (LESSP X V) (LISTP W)) (LESSP X (LAST W))), which we would normally push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us return to: (IMPLIES (AND (SETP S) (LISTP (CDR S))) (LESSP (CAR S) (LAST S))). We named this *1. We will try to prove it by induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S) (LISTP (CDR S)) (p (CDR S))) (p S)) (IMPLIES (AND (LISTP S) (NOT (LISTP (CDR S)))) (p S)) (IMPLIES (NOT (LISTP S)) (p S))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT S) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to four new conjectures: Case 4. (IMPLIES (AND (LISTP S) (NOT (SETP (CDR S))) (SETP S) (LISTP (CDR S))) (LESSP (CAR S) (LAST S))), which simplifies, opening up SETP, to: T. Case 3. (IMPLIES (AND (LISTP S) (NOT (LISTP (CDDR S))) (SETP S) (LISTP (CDR S))) (LESSP (CAR S) (LAST S))), which simplifies, opening up SETP and LAST, to: (IMPLIES (AND (LISTP S) (NOT (LISTP (CDDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LISTP (CDR S))) (LESSP (CAR S) (LAST (CDR S)))). But this further simplifies, applying EMPTY-IS-NIL, and unfolding the definitions of SETP, LISTP, and LAST, to: T. Case 2. (IMPLIES (AND (LISTP S) (LESSP (CADR S) (LAST (CDR S))) (SETP S) (LISTP (CDR S))) (LESSP (CAR S) (LAST S))). This simplifies, unfolding the functions SETP and LAST, to: (IMPLIES (AND (LISTP S) (LESSP (CADR S) (LAST (CDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LISTP (CDR S))) (LESSP (CAR S) (LAST (CDR S)))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S)) (SETP S) (LISTP (CDR S))) (LESSP (CAR S) (LAST S))), which simplifies, opening up SETP, CDR, and LISTP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] FIRST-BEFORE-LAST (PROVE-LEMMA MAX-IS-LAST (REWRITE) (IMPLIES (AND (SETP S) (LESSP (LAST S) X)) (NOT (MEMBER X S))) ((DISABLE MIN-IS-FIRST))) Call the conjecture *1. We will try to prove it by induction. There are four plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S) (LISTP (CDR S)) (p X (CDR S))) (p X S)) (IMPLIES (AND (LISTP S) (NOT (LISTP (CDR S)))) (p X S)) (IMPLIES (NOT (LISTP S)) (p X S))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates five new goals: Case 5. (IMPLIES (AND (LISTP S) (LISTP (CDR S)) (NOT (SETP (CDR S))) (SETP S) (LESSP (LAST S) X)) (NOT (MEMBER X S))), which simplifies, opening up the function SETP, to: T. Case 4. (IMPLIES (AND (LISTP S) (LISTP (CDR S)) (NOT (LESSP (LAST (CDR S)) X)) (SETP S) (LESSP (LAST S) X)) (NOT (MEMBER X S))), which simplifies, expanding SETP and LAST, to: T. Case 3. (IMPLIES (AND (LISTP S) (LISTP (CDR S)) (NOT (MEMBER X (CDR S))) (SETP S) (LESSP (LAST S) X)) (NOT (MEMBER X S))), which simplifies, expanding the functions SETP, LAST, and MEMBER, to the goal: (IMPLIES (AND (LISTP S) (LISTP (CDR S)) (NOT (MEMBER X (CDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) (CADR S)) (LESSP (LAST (CDR S)) X)) (NOT (EQUAL X (CAR S)))). But this again simplifies, using linear arithmetic, applying FIRST-BEFORE-LAST, and unfolding LAST and SETP, to: T. Case 2. (IMPLIES (AND (LISTP S) (NOT (LISTP (CDR S))) (SETP S) (LESSP (LAST S) X)) (NOT (MEMBER X S))). This simplifies, applying EMPTY-IS-NIL, and opening up the functions SETP, LAST, and MEMBER, to two new goals: Case 2.2. (IMPLIES (AND (LISTP S) (NOT (LISTP (CDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) X)) (NOT (EQUAL X (CAR S)))), which again simplifies, using linear arithmetic, to: T. Case 2.1. (IMPLIES (AND (LISTP S) (NOT (LISTP (CDR S))) (NUMBERP (CAR S)) (SETP (CDR S)) (LESSP (CAR S) X)) (NOT (MEMBER X (CDR S)))), which further simplifies, expanding the functions SETP, LISTP, and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S)) (SETP S) (LESSP (LAST S) X)) (NOT (MEMBER X S))), which simplifies, opening up SETP, LAST, EQUAL, LESSP, LISTP, and MEMBER, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MAX-IS-LAST (PROVE-LEMMA SETS-ARE-PROPER (REWRITE) (IMPLIES (SETP S) (PROPERP S))) Call the conjecture *1. Perhaps we can prove it by induction. There are two plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S) (p (CDR S))) (p S)) (IMPLIES (NOT (LISTP S)) (p S))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT S) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following three new goals: Case 3. (IMPLIES (AND (LISTP S) (NOT (SETP (CDR S))) (SETP S)) (PROPERP S)). This simplifies, expanding the definition of SETP, to: T. Case 2. (IMPLIES (AND (LISTP S) (PROPERP (CDR S)) (SETP S)) (PROPERP S)). This simplifies, expanding SETP and PROPERP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S)) (SETP S)) (PROPERP S)). This simplifies, unfolding the functions SETP and PROPERP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SETS-ARE-PROPER (PROVE-LEMMA COMPARE-FIRST-ELTS (REWRITE) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2)) (NOT (LESSP (CAR S1) (CAR S2)))) ((DO-NOT-INDUCT T) (USE (CAR-OF-SUBSET (S1 S1) (S2 S2)) (MIN-IS-FIRST (X (CAR S1)) (S S2))) (DISABLE CAR-OF-SUBSET MIN-IS-FIRST SETP))) WARNING: When the linear lemma COMPARE-FIRST-ELTS is stored under (CAR S2) it contains the free variable S1 which will be chosen by instantiating the hypothesis (SETP S1). WARNING: When the linear lemma COMPARE-FIRST-ELTS is stored under (CAR S1) it contains the free variable S2 which will be chosen by instantiating the hypothesis (SETP S2). WARNING: Note that the proposed lemma COMPARE-FIRST-ELTS is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This conjecture simplifies, applying SUBSETP-WORKS-1, and unfolding AND, IMPLIES, MEMBER, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] COMPARE-FIRST-ELTS (PROVE-LEMMA SMALLER-CARS-IN-SUBSET (REWRITE) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2) (LESSP (CAR S2) (CAR S1))) (SUBSETP S1 (CDR S2))) ((DO-NOT-INDUCT T) (USE (SUBSET-OF-CDR (S1 S1) (S2 S2))) (DISABLE SUBSET-OF-CDR))) This simplifies, rewriting with the lemmas NON-EMPTY-SUBSET, CDR-IS-SUBSET, TRANSITIVITY-OF-SUBSET, and MIN-IS-FIRST, and expanding SUBSETP, MEMBER, NOT, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SMALLER-CARS-IN-SUBSET (PROVE-LEMMA SAME-CARS-IN-SUBSET-AUX1 (REWRITE) (IMPLIES (AND (SETP S1) (LISTP S1) (LISTP (CDR S1))) (LESSP (CAR S1) (CADR S1)))) WARNING: Note that the proposed lemma SAME-CARS-IN-SUBSET-AUX1 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This simplifies, using linear arithmetic, applying COMPARE-FIRST-ELTS, TAIL-OF-A-SET, CDR-IS-SUBSET, and CDR-OF-SUBSET, and unfolding SUBSETP and MEMBER, to the following three new formulas: Case 3. (IMPLIES (AND (NOT (NUMBERP (CADR S1))) (SETP S1) (LISTP S1) (LISTP (CDR S1))) (LESSP (CAR S1) (CADR S1))). But this again simplifies, opening up the functions LESSP and SETP, to: T. Case 2. (IMPLIES (AND (NOT (NUMBERP (CAR S1))) (SETP S1) (LISTP S1) (LISTP (CDR S1))) (LESSP (CAR S1) (CADR S1))), which again simplifies, opening up the definition of SETP, to: T. Case 1. (IMPLIES (AND (NUMBERP (CAR S1)) (NUMBERP (CADR S1)) (EQUAL (CADR S1) (CAR S1)) (SETP S1) (LISTP S1) (LISTP (CDR S1))) (LESSP (CAR S1) (CAR S1))), which again simplifies, unfolding the function SETP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] SAME-CARS-IN-SUBSET-AUX1 (PROVE-LEMMA SAME-CARS-IN-SUBSET-AUX2 (REWRITE) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2) (LISTP (CDR S1)) (EQUAL (CAR S2) (CAR S1))) (SUBSETP (CDR S1) (CDR S2))) ((USE (SMALLER-CARS-IN-SUBSET (S1 (CDR S1)) (S2 S2)) (SAME-CARS-IN-SUBSET-AUX1 (S1 S1))) (DO-NOT-INDUCT T) (DISABLE SMALLER-CARS-IN-SUBSET SAME-CARS-IN-SUBSET-AUX1 MIN-IS-FIRST NOT-AGAIN))) This formula simplifies, applying the lemmas TAIL-OF-A-SET, NON-EMPTY-SUBSET, and CDR-OF-SUBSET, and expanding the definitions of SETP, AND, IMPLIES, and LESSP, to: T. Q.E.D. [ 0.0 0.2 0.0 ] SAME-CARS-IN-SUBSET-AUX2 (PROVE-LEMMA SAME-CARS-IN-SUBSET (REWRITE) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2) (EQUAL (CAR S2) (CAR S1))) (SUBSETP (CDR S1) (CDR S2))) ((DO-NOT-INDUCT T) (USE (SAME-CARS-IN-SUBSET-AUX2 (S1 S1) (S2 S2))) (DISABLE SAME-CARS-IN-SUBSET-AUX2 NOT-AGAIN))) WARNING: the newly proposed lemma, SAME-CARS-IN-SUBSET, could be applied whenever the previously added lemma SAME-CARS-IN-SUBSET-AUX2 could. This conjecture simplifies, applying the lemmas TAIL-OF-A-SET, NON-EMPTY-SUBSET, CAR-OF-SUBSET, CDR-IS-SUBSET, TRANSITIVITY-OF-SUBSET, EMPTY-IS-NIL, NIL-IS-SUBSET, and SUBSET-OF-CDR, and expanding the functions SETP, SUBSETP, AND, IMPLIES, MEMBER, and LISTP, to: T. Q.E.D. [ 0.0 0.3 0.0 ] SAME-CARS-IN-SUBSET (DISABLE SAME-CARS-IN-SUBSET-AUX1) [ 0.0 0.0 0.0 ] SAME-CARS-IN-SUBSET-AUX1-OFF (DISABLE SAME-CARS-IN-SUBSET-AUX2) [ 0.0 0.0 0.0 ] SAME-CARS-IN-SUBSET-AUX2-OFF (DEFN BAD-FOR-SUBSET-IMPLIES-SUBLIST (SET1 SET2) (AND (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2) (NOT (SUBLISTP SET1 SET2)))) Note that: (OR (FALSEP (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2)) (TRUEP (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-SUBSET-IMPLIES-SUBLIST (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST-AUX1 (REWRITE) (IMPLIES (NOT (LISTP SET1)) (NOT (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2)))) WARNING: Note that the rewrite rule SUBSET-IMPLIES-SUBLIST-AUX1 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-SUBSET-IMPLIES-SUBLIST. This conjecture can be simplified, using the abbreviations BAD-FOR-SUBSET-IMPLIES-SUBLIST, NOT, and IMPLIES, to the conjecture: (IMPLIES (AND (NOT (LISTP SET1)) (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2)) (SUBLISTP SET1 SET2)). This simplifies, expanding SUBSETP and SETP, to: (IMPLIES (AND (NOT (LISTP SET1)) (EQUAL SET1 NIL) (SETP SET2)) (SUBLISTP NIL SET2)), which again simplifies, unfolding LISTP, to the conjecture: (IMPLIES (SETP SET2) (SUBLISTP NIL SET2)). Give the above formula the name *1. Perhaps we can prove it by induction. There are two plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP SET2) (p (CDR SET2))) (p SET2)) (IMPLIES (NOT (LISTP SET2)) (p SET2))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT SET2) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces three new formulas: Case 3. (IMPLIES (AND (LISTP SET2) (NOT (SETP (CDR SET2))) (SETP SET2)) (SUBLISTP NIL SET2)), which simplifies, expanding the definition of SETP, to: T. Case 2. (IMPLIES (AND (LISTP SET2) (SUBLISTP NIL (CDR SET2)) (SETP SET2)) (SUBLISTP NIL SET2)), which simplifies, rewriting with CDR-CONS, CAR-CONS, and ONLY-SUBLISTS, and unfolding the functions SETP, MEMBER, POWER-SET, CDR, CAR, LISTP, CONS-ALL, APPEND, and SUBLISTP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP SET2)) (SETP SET2)) (SUBLISTP NIL SET2)). This simplifies, opening up the functions SETP and SUBLISTP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX1 (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST-AUX2 (REWRITE) (IMPLIES (NOT (LISTP SET2)) (NOT (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2)))) WARNING: Note that the rewrite rule SUBSET-IMPLIES-SUBLIST-AUX2 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-SUBSET-IMPLIES-SUBLIST. This conjecture can be simplified, using the abbreviations BAD-FOR-SUBSET-IMPLIES-SUBLIST, NOT, and IMPLIES, to the conjecture: (IMPLIES (AND (NOT (LISTP SET2)) (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2)) (SUBLISTP SET1 SET2)). This simplifies, expanding MEMBER, SUBSETP, SETP, and SUBLISTP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX2 (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST-AUX3 (REWRITE) (IMPLIES (AND (LISTP SET1) (LISTP SET2) (EQUAL (CAR SET2) (CAR SET1)) (SUBLISTP (CDR SET1) (CDR SET2))) (SUBLISTP SET1 SET2))) This conjecture simplifies, expanding SUBLISTP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX3 (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST-AUX4 (REWRITE) (IMPLIES (AND (LISTP SET1) (LISTP SET2) (EQUAL (CAR SET2) (CAR SET1)) (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2)) (BAD-FOR-SUBSET-IMPLIES-SUBLIST (CDR SET1) (CDR SET2))) ((DO-NOT-INDUCT T) (DISABLE SUBSET-IMPLIES-SUBLIST-AUX1 SUBSET-IMPLIES-SUBLIST-AUX2 SUBLISTP EMPTY-IS-NIL NIL-IS-SUBSET POWER-SET NON-EMPTY-SUBSET))) WARNING: Note that the rewrite rule SUBSET-IMPLIES-SUBLIST-AUX4 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-SUBSET-IMPLIES-SUBLIST. This formula can be simplified, using the abbreviations BAD-FOR-SUBSET-IMPLIES-SUBLIST, AND, and IMPLIES, to: (IMPLIES (AND (LISTP SET1) (LISTP SET2) (EQUAL (CAR SET2) (CAR SET1)) (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2) (NOT (SUBLISTP SET1 SET2))) (BAD-FOR-SUBSET-IMPLIES-SUBLIST (CDR SET1) (CDR SET2))), which simplifies, applying TAIL-OF-A-SET, SUBSET-OF-CDR, SUBSET-IMPLIES-SUBLIST-AUX3, and SAME-CARS-IN-SUBSET, and opening up the definitions of MEMBER, SUBSETP, SETP, LISTP, BAD-FOR-SUBSET-IMPLIES-SUBLIST, and SUBLISTP, to the following three new formulas: Case 3. (IMPLIES (AND (LISTP SET1) (LISTP SET2) (EQUAL (CAR SET2) (CAR SET1)) (SUBSETP (CDR SET1) SET2) (NUMBERP (CAR SET1)) (SETP (CDR SET1)) (EQUAL (CDR SET1) NIL) (SETP (CDR SET2)) (LESSP (CAR SET1) (CADR SET2)) (NOT (SUBLISTP SET1 SET2))) (NOT (SUBLISTP NIL (CDR SET2)))). This again simplifies, rewriting with the lemmas ONLY-SUBLISTS, ALL-SUBLISTS, and SUBSET-IMPLIES-SUBLIST-AUX3, and expanding the definitions of LISTP, SUBSETP, SETP, and PROPERP, to: T. Case 2. (IMPLIES (AND (LISTP SET1) (LISTP SET2) (EQUAL (CAR SET2) (CAR SET1)) (SUBSETP (CDR SET1) SET2) (NUMBERP (CAR SET1)) (SETP (CDR SET1)) (LESSP (CAR SET1) (CADR SET1)) (SETP (CDR SET2)) (LESSP (CAR SET1) (CADR SET2)) (NOT (SUBLISTP SET1 SET2))) (NOT (SUBLISTP (CDR SET1) (CDR SET2)))), which again simplifies, applying SUBSET-IMPLIES-SUBLIST-AUX3, to: T. Case 1. (IMPLIES (AND (LISTP SET1) (LISTP SET2) (EQUAL (CAR SET2) (CAR SET1)) (SUBSETP (CDR SET1) SET2) (NUMBERP (CAR SET1)) (SETP (CDR SET1)) (LESSP (CAR SET1) (CADR SET1)) (SETP (CDR SET2)) (EQUAL (CDR SET2) NIL)) (SUBLISTP SET1 SET2)). However this again simplifies, using linear arithmetic, applying MAX-IS-LAST, and expanding the definitions of EQUAL, SETP, LISTP, LAST, SUBSETP, CAR, and LESSP, to: T. Q.E.D. [ 0.0 0.3 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX4 (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST-AUX5 (REWRITE) (IMPLIES (AND (LISTP SET1) (LISTP SET2) (LESSP (CAR SET2) (CAR SET1)) (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2)) (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 (CDR SET2)))) WARNING: Note that the rewrite rule SUBSET-IMPLIES-SUBLIST-AUX5 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-SUBSET-IMPLIES-SUBLIST. This formula can be simplified, using the abbreviations BAD-FOR-SUBSET-IMPLIES-SUBLIST, AND, and IMPLIES, to the new formula: (IMPLIES (AND (LISTP SET1) (LISTP SET2) (LESSP (CAR SET2) (CAR SET1)) (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2) (NOT (SUBLISTP SET1 SET2))) (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 (CDR SET2))), which simplifies, rewriting with NON-EMPTY-SUBSET, SUBSET-IMPLIES-SUBLIST-AUX2, TAIL-OF-A-SET, and SMALLER-CARS-IN-SUBSET, and expanding SETP and BAD-FOR-SUBSET-IMPLIES-SUBLIST, to the following four new formulas: Case 4. (IMPLIES (AND (LISTP SET1) (LESSP (CAR SET2) (CAR SET1)) (SUBSETP SET1 SET2) (SETP SET1) (NUMBERP (CAR SET2)) (SETP (CDR SET2)) (EQUAL (CDR SET2) NIL)) (SUBLISTP SET1 SET2)). This again simplifies, unfolding the definition of SETP, to: (IMPLIES (AND (LISTP SET1) (LESSP (CAR SET2) (CAR SET1)) (SUBSETP SET1 SET2) (SETP SET1) (NUMBERP (CAR SET2)) (EQUAL (CDR SET2) NIL)) (SUBLISTP SET1 SET2)). Appealing to the lemma CAR-CDR-ELIM, we now replace SET2 by (CONS X Z) to eliminate (CAR SET2) and (CDR SET2). We must thus prove two new formulas: Case 4.2. (IMPLIES (AND (NOT (LISTP SET2)) (LISTP SET1) (LESSP (CAR SET2) (CAR SET1)) (SUBSETP SET1 SET2) (SETP SET1) (NUMBERP (CAR SET2)) (EQUAL (CDR SET2) NIL)) (SUBLISTP SET1 SET2)), which further simplifies, appealing to the lemma NON-EMPTY-SUBSET, to: T. Case 4.1. (IMPLIES (AND (LISTP SET1) (LESSP X (CAR SET1)) (SUBSETP SET1 (CONS X Z)) (SETP SET1) (NUMBERP X) (EQUAL Z NIL)) (SUBLISTP SET1 (CONS X Z))), which further simplifies, using linear arithmetic, rewriting with MAX-IS-LAST, CDR-CONS, and CAR-CONS, and opening up the definitions of EQUAL, SETP, LISTP, LAST, and SUBSETP, to: T. Case 3. (IMPLIES (AND (LISTP SET1) (LESSP (CAR SET2) (CAR SET1)) (SUBSETP SET1 SET2) (SETP SET1) (NUMBERP (CAR SET2)) (SETP (CDR SET2)) (LESSP (CAR SET2) (CADR SET2)) (NOT (SUBLISTP SET1 SET2))) (NUMBERP (CAR SET1))). However this again simplifies, using linear arithmetic, applying COMPARE-FIRST-ELTS, NON-EMPTY-SUBSET, and SMALLER-CARS-IN-SUBSET, and opening up the definition of SETP, to: T. Case 2. (IMPLIES (AND (LISTP SET1) (LESSP (CAR SET2) (CAR SET1)) (SUBSETP SET1 SET2) (SETP SET1) (NUMBERP (CAR SET2)) (SETP (CDR SET2)) (LESSP (CAR SET2) (CADR SET2)) (NOT (SUBLISTP SET1 SET2)) (NOT (EQUAL (CDR SET1) NIL))) (LESSP (CAR SET1) (CADR SET1))). This again simplifies, unfolding SETP, to: T. Case 1. (IMPLIES (AND (LISTP SET1) (LESSP (CAR SET2) (CAR SET1)) (SUBSETP SET1 SET2) (SETP SET1) (NUMBERP (CAR SET2)) (SETP (CDR SET2)) (LESSP (CAR SET2) (CADR SET2)) (NOT (SUBLISTP SET1 SET2))) (NOT (SUBLISTP SET1 (CDR SET2)))), which again simplifies, applying ONLY-SUBLISTS, SETS-ARE-PROPER, ALL-SUBLISTS, and NON-EMPTY-SUBSET, and expanding the definition of SUBLISTP, to: T. Q.E.D. [ 0.0 0.3 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX5 (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST-AUX6 (REWRITE) (IMPLIES (AND (LISTP SET1) (LISTP SET2) (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2)) (OR (LESSP (CAR SET2) (CAR SET1)) (EQUAL (CAR SET2) (CAR SET1))))) WARNING: Note that the rewrite rule SUBSET-IMPLIES-SUBLIST-AUX6 will be stored so as to apply only to terms with the nonrecursive function symbol OR. This formula can be simplified, using the abbreviations OR, BAD-FOR-SUBSET-IMPLIES-SUBLIST, AND, and IMPLIES, to: (IMPLIES (AND (LISTP SET1) (LISTP SET2) (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2) (NOT (SUBLISTP SET1 SET2)) (NOT (LESSP (CAR SET2) (CAR SET1)))) (EQUAL (CAR SET2) (CAR SET1))), which simplifies, using linear arithmetic and applying COMPARE-FIRST-ELTS, to the following three new conjectures: Case 3. (IMPLIES (AND (NOT (NUMBERP (CAR SET2))) (LISTP SET1) (LISTP SET2) (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2) (NOT (SUBLISTP SET1 SET2)) (NOT (LESSP (CAR SET2) (CAR SET1)))) (EQUAL (CAR SET2) (CAR SET1))). However this again simplifies, applying NON-EMPTY-SUBSET, and unfolding the function SETP, to: T. Case 2. (IMPLIES (AND (NOT (NUMBERP (CAR SET1))) (LISTP SET1) (LISTP SET2) (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2) (NOT (SUBLISTP SET1 SET2)) (NOT (LESSP (CAR SET2) (CAR SET1)))) (EQUAL (CAR SET2) (CAR SET1))). This again simplifies, appealing to the lemma NON-EMPTY-SUBSET, and expanding the definition of SETP, to: T. Case 1. (IMPLIES (AND (NUMBERP (CAR SET1)) (NUMBERP (CAR SET2)) (EQUAL (CAR SET2) (CAR SET1)) (LISTP SET1) (LISTP SET2) (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2) (NOT (SUBLISTP SET1 SET2)) (NOT (LESSP (CAR SET1) (CAR SET1)))) (EQUAL (CAR SET1) (CAR SET1))), which again simplifies, clearly, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX6 (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST-AUX7 (REWRITE) (IMPLIES (AND (LISTP SET1) (LISTP SET2) (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2)) (OR (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 (CDR SET2)) (BAD-FOR-SUBSET-IMPLIES-SUBLIST (CDR SET1) (CDR SET2)))) ((DO-NOT-INDUCT T) (USE (SUBSET-IMPLIES-SUBLIST-AUX6 (SET1 SET1) (SET2 SET2))) (DISABLE SUBSET-IMPLIES-SUBLIST-AUX6 BAD-FOR-SUBSET-IMPLIES-SUBLIST))) WARNING: Note that the rewrite rule SUBSET-IMPLIES-SUBLIST-AUX7 will be stored so as to apply only to terms with the nonrecursive function symbol OR. This formula simplifies, rewriting with the lemmas SUBSET-IMPLIES-SUBLIST-AUX5 and SUBSET-IMPLIES-SUBLIST-AUX4, and opening up the functions AND, OR, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX7 (DEFN SUBSET-IMPLIES-SUBLIST-KLUDGE (SET1 SET2) (IF (LISTP SET1) (IF (LISTP SET2) (PLUS (SUBSET-IMPLIES-SUBLIST-KLUDGE (CDR SET1) (CDR SET2)) (SUBSET-IMPLIES-SUBLIST-KLUDGE SET1 (CDR SET2))) 0) 0)) Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT SET2) decreases according to the well-founded relation LESSP in each recursive call. Hence, SUBSET-IMPLIES-SUBLIST-KLUDGE is accepted under the principle of definition. Note that: (NUMBERP (SUBSET-IMPLIES-SUBLIST-KLUDGE SET1 SET2)) is a theorem. [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-KLUDGE (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST-AUX8 (REWRITE) (NOT (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2)) ((INDUCT (SUBSET-IMPLIES-SUBLIST-KLUDGE SET1 SET2)) (USE (SUBSET-IMPLIES-SUBLIST-AUX7 (SET1 SET1) (SET2 SET2))) (DISABLE BAD-FOR-SUBSET-IMPLIES-SUBLIST SUBSET-IMPLIES-SUBLIST-AUX7))) WARNING: Note that the rewrite rule SUBSET-IMPLIES-SUBLIST-AUX8 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-SUBSET-IMPLIES-SUBLIST. WARNING: the newly proposed lemma, SUBSET-IMPLIES-SUBLIST-AUX8, could be applied whenever the previously added lemma SUBSET-IMPLIES-SUBLIST-AUX2 could. WARNING: the newly proposed lemma, SUBSET-IMPLIES-SUBLIST-AUX8, could be applied whenever the previously added lemma SUBSET-IMPLIES-SUBLIST-AUX1 could. This simplifies, rewriting with the lemmas SUBSET-IMPLIES-SUBLIST-AUX1, CDR-NLISTP, and SUBSET-IMPLIES-SUBLIST-AUX2, and opening up the definitions of AND, OR, IMPLIES, and NOT, to the following four new formulas: Case 4. (IMPLIES (AND (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 (CDR SET2)) (NOT (LISTP SET2))) (NOT (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2))). However this again simplifies, applying CDR-NLISTP and SUBSET-IMPLIES-SUBLIST-AUX2, to: T. Case 3. (IMPLIES (AND (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 (CDR SET2)) (NOT (LISTP SET1))) (NOT (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2))). But this again simplifies, rewriting with the lemma SUBSET-IMPLIES-SUBLIST-AUX1, to: T. Case 2. (IMPLIES (AND (BAD-FOR-SUBSET-IMPLIES-SUBLIST (CDR SET1) (CDR SET2)) (NOT (LISTP SET2))) (NOT (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2))), which again simplifies, rewriting with CDR-NLISTP and SUBSET-IMPLIES-SUBLIST-AUX2, to: T. Case 1. (IMPLIES (AND (BAD-FOR-SUBSET-IMPLIES-SUBLIST (CDR SET1) (CDR SET2)) (NOT (LISTP SET1))) (NOT (BAD-FOR-SUBSET-IMPLIES-SUBLIST SET1 SET2))). But this again simplifies, applying CDR-NLISTP and SUBSET-IMPLIES-SUBLIST-AUX1, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX8 (DISABLE SUBSET-IMPLIES-SUBLIST-KLUDGE) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-KLUDGE-OFF (DISABLE SUBSET-IMPLIES-SUBLIST-AUX1) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX1-OFF (DISABLE SUBSET-IMPLIES-SUBLIST-AUX2) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX2-OFF (DISABLE SUBSET-IMPLIES-SUBLIST-AUX3) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX3-OFF (DISABLE SUBSET-IMPLIES-SUBLIST-AUX4) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX4-OFF (DISABLE SUBSET-IMPLIES-SUBLIST-AUX5) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX5-OFF (DISABLE SUBSET-IMPLIES-SUBLIST-AUX6) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX6-OFF (DISABLE SUBSET-IMPLIES-SUBLIST-AUX7) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX7-OFF (PROVE-LEMMA SUBSET-IMPLIES-SUBLIST NIL (IMPLIES (AND (SUBSETP SET1 SET2) (SETP SET1) (SETP SET2)) (SUBLISTP SET1 SET2)) ((USE (SUBSET-IMPLIES-SUBLIST-AUX8 (SET1 SET1) (SET2 SET2))) (DISABLE SUBSET-IMPLIES-SUBLIST-AUX8))) This conjecture simplifies, rewriting with the lemmas TAIL-OF-A-SET, EMPTY-IS-NIL, TRANSITIVITY-OF-SUBSET, and CDR-IS-SUBSET, and unfolding the functions SETP, MEMBER, SUBSETP, and BAD-FOR-SUBSET-IMPLIES-SUBLIST, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST (DISABLE SUBSET-IMPLIES-SUBLIST-AUX8) [ 0.0 0.0 0.0 ] SUBSET-IMPLIES-SUBLIST-AUX8-OFF (DISABLE BAD-FOR-SUBSET-IMPLIES-SUBLIST) [ 0.3 0.0 0.0 ] BAD-FOR-SUBSET-IMPLIES-SUBLIST-OFF (PROVE-LEMMA ALL-SUBSETS (REWRITE) (IMPLIES (AND (SETP SET) (SETP X) (SUBSETP X SET)) (MEMBER X (POWER-SET SET))) ((DO-NOT-INDUCT T) (USE (SUBSET-IMPLIES-SUBLIST (SET1 X) (SET2 SET)) (ALL-SUBLISTS (LST X) (SET SET))) (DISABLE SUBSET-IMPLIES-SUBLIST ALL-SUBLISTS TRANSITIVITY-OF-SUBSET))) This simplifies, applying CDR-OF-SUBSET, CAR-OF-SUBSET, EMPTY-IS-NIL, TAIL-OF-A-SET, and SETS-ARE-PROPER, and expanding the functions SUBSETP, SETP, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.1 0.0 ] ALL-SUBSETS (DEFN BAD-FOR-EXT (S1 S2) (AND (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1) (NOT (EQUAL S1 S2)))) Note that (OR (FALSEP (BAD-FOR-EXT S1 S2)) (TRUEP (BAD-FOR-EXT S1 S2))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-EXT (PROVE-LEMMA EXTENSIONALITY-AUX1 (REWRITE) (IMPLIES (NOT (LISTP S1)) (NOT (BAD-FOR-EXT S1 S2)))) WARNING: Note that the rewrite rule EXTENSIONALITY-AUX1 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-EXT. This conjecture can be simplified, using the abbreviations BAD-FOR-EXT, NOT, and IMPLIES, to the conjecture: (IMPLIES (AND (NOT (LISTP S1)) (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL S1 S2)). This simplifies, applying NIL-IS-SUBSET and EMPTY-IS-NIL, and unfolding the definitions of SETP, MEMBER, LISTP, and SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX1 (PROVE-LEMMA EXTENSIONALITY-AUX2 (REWRITE) (IMPLIES (NOT (LISTP S2)) (NOT (BAD-FOR-EXT S1 S2)))) WARNING: Note that the rewrite rule EXTENSIONALITY-AUX2 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-EXT. This conjecture can be simplified, using the abbreviations BAD-FOR-EXT, NOT, and IMPLIES, to the conjecture: (IMPLIES (AND (NOT (LISTP S2)) (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL S1 S2)). This simplifies, applying NIL-IS-SUBSET and EMPTY-IS-NIL, and unfolding the definitions of SETP, MEMBER, LISTP, and SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX2 (PROVE-LEMMA EXTENSIONALITY-AUX3 (REWRITE) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (LISTP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL (CAR S1) (CAR S2))) ((DO-NOT-INDUCT T) (USE (COMPARE-FIRST-ELTS (S1 S1) (S2 S2)) (COMPARE-FIRST-ELTS (S1 S2) (S2 S1))) (DISABLE COMPARE-FIRST-ELTS))) WARNING: Note that EXTENSIONALITY-AUX3 contains the free variable S2 which will be chosen by instantiating the hypothesis (SETP S2). This conjecture simplifies, appealing to the lemmas TAIL-OF-A-SET, TRANSITIVITY-OF-SUBSET, and NON-EMPTY-SUBSET, and unfolding the functions SETP, AND, NOT, IMPLIES, and LESSP, to: (IMPLIES (AND (NOT (LESSP (CAR S1) (CAR S2))) (NOT (LESSP (CAR S2) (CAR S1))) (SETP S1) (SETP S2) (LISTP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL (CAR S1) (CAR S2))). This again simplifies, using linear arithmetic, to three new formulas: Case 3. (IMPLIES (AND (NOT (NUMBERP (CAR S2))) (NOT (LESSP (CAR S1) (CAR S2))) (NOT (LESSP (CAR S2) (CAR S1))) (SETP S1) (SETP S2) (LISTP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL (CAR S1) (CAR S2))), which again simplifies, applying NON-EMPTY-SUBSET, and expanding LESSP and SETP, to: T. Case 2. (IMPLIES (AND (NOT (NUMBERP (CAR S1))) (NOT (LESSP (CAR S1) (CAR S2))) (NOT (LESSP (CAR S2) (CAR S1))) (SETP S1) (SETP S2) (LISTP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL (CAR S1) (CAR S2))). This again simplifies, rewriting with the lemma NON-EMPTY-SUBSET, and unfolding the functions LESSP and SETP, to: T. Case 1. (IMPLIES (AND (NUMBERP (CAR S1)) (NUMBERP (CAR S2)) (EQUAL (CAR S2) (CAR S1)) (NOT (LESSP (CAR S1) (CAR S1))) (NOT (LESSP (CAR S1) (CAR S1))) (SETP S1) (SETP S2) (LISTP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL (CAR S1) (CAR S1))), which again simplifies, clearly, to: T. Q.E.D. [ 0.0 0.1 0.0 ] EXTENSIONALITY-AUX3 (PROVE-LEMMA EXTENSIONALITY-AUX4 (REWRITE) (IMPLIES (AND (LISTP S1) (LISTP S2) (BAD-FOR-EXT S1 S2)) (EQUAL (CAR S1) (CAR S2))) ((DO-NOT-INDUCT T) (USE (EXTENSIONALITY-AUX3 (S1 S1) (S2 S2))) (DISABLE EXTENSIONALITY-AUX3))) WARNING: Note that EXTENSIONALITY-AUX4 contains the free variable S2 which will be chosen by instantiating the hypothesis (LISTP S2). This conjecture can be simplified, using the abbreviations BAD-FOR-EXT, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (LISTP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL (CAR S1) (CAR S2))) (LISTP S1) (LISTP S2) (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1) (NOT (EQUAL S1 S2))) (EQUAL (CAR S1) (CAR S2))). This simplifies, appealing to the lemmas TAIL-OF-A-SET, TRANSITIVITY-OF-SUBSET, and NON-EMPTY-SUBSET, and expanding SETP, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX4 (DISABLE EXTENSIONALITY-AUX3) [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX3-OFF (PROVE-LEMMA EXTENSIONALITY-AUX5 (REWRITE) (IMPLIES (AND (LISTP S1) (LISTP S2) (BAD-FOR-EXT S1 S2)) (BAD-FOR-EXT (CDR S1) (CDR S2))) ((USE (EXTENSIONALITY-AUX4 (S1 S1) (S2 S2)) (SAME-CARS-IN-SUBSET (S1 S1) (S2 S2)) (SAME-CARS-IN-SUBSET (S1 S2) (S2 S1))) (DISABLE EXTENSIONALITY-AUX4 SAME-CARS-IN-SUBSET TRANSITIVITY-OF-SUBSET SETP NOT-AGAIN MIN-IS-FIRST MAX-IS-LAST MEMBER SUBSETP))) WARNING: Note that the rewrite rule EXTENSIONALITY-AUX5 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-EXT. This conjecture can be simplified, using the abbreviations BAD-FOR-EXT, IMPLIES, and AND, to the formula: (IMPLIES (AND (IMPLIES (AND (LISTP S1) (LISTP S2) (BAD-FOR-EXT S1 S2)) (EQUAL (CAR S1) (CAR S2))) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2) (EQUAL (CAR S2) (CAR S1))) (SUBSETP (CDR S1) (CDR S2))) (IMPLIES (AND (SETP S2) (SETP S1) (LISTP S2) (SUBSETP S2 S1) (EQUAL (CAR S1) (CAR S2))) (SUBSETP (CDR S2) (CDR S1))) (LISTP S1) (LISTP S2) (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1) (NOT (EQUAL S1 S2))) (BAD-FOR-EXT (CDR S1) (CDR S2))). This simplifies, applying NON-EMPTY-SUBSET and TAIL-OF-A-SET, and unfolding the functions BAD-FOR-EXT, AND, and IMPLIES, to: (IMPLIES (AND (EQUAL (CAR S1) (CAR S2)) (SUBSETP (CDR S1) (CDR S2)) (SUBSETP (CDR S2) (CDR S1)) (LISTP S2) (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1) (NOT (EQUAL S1 S2))) (NOT (EQUAL (CDR S1) (CDR S2)))). This again simplifies, clearly, to the new formula: (IMPLIES (AND (EQUAL (CAR S1) (CAR S2)) (SUBSETP (CDR S1) (CDR S1)) (LISTP S2) (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1) (NOT (EQUAL S1 S2))) (NOT (EQUAL (CDR S1) (CDR S2)))). Applying the lemma CAR-CDR-ELIM, replace S1 by (CONS X Z) to eliminate (CAR S1) and (CDR S1). We would thus like to prove the following two new goals: Case 2. (IMPLIES (AND (NOT (LISTP S1)) (EQUAL (CAR S1) (CAR S2)) (SUBSETP (CDR S1) (CDR S1)) (LISTP S2) (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1) (NOT (EQUAL S1 S2))) (NOT (EQUAL (CDR S1) (CDR S2)))). This further simplifies, appealing to the lemma NON-EMPTY-SUBSET, to: T. Case 1. (IMPLIES (AND (EQUAL X (CAR S2)) (SUBSETP Z Z) (LISTP S2) (SETP (CONS X Z)) (SETP S2) (SUBSETP (CONS X Z) S2) (SUBSETP S2 (CONS X Z)) (NOT (EQUAL (CONS X Z) S2))) (NOT (EQUAL Z (CDR S2)))), which further simplifies, rewriting with NON-EMPTY-SUBSET, CONS-CAR-CDR, CAR-NLISTP, and CDR-NLISTP, and opening up the definition of CONS, to: (IMPLIES (AND (SUBSETP (CDR S2) (CDR S2)) (SETP S2) (NOT (LISTP S2)) (SUBSETP '(0 . 0) S2)) (NOT (SUBSETP S2 '(0 . 0)))), which again simplifies, applying the lemmas CDR-NLISTP and NON-EMPTY-SUBSET, and expanding the function SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX5 (DISABLE EXTENSIONALITY-AUX4) [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX4-OFF (DEFN EXTENSIONALITY-KLUDGE (S1 S2) (IF (NOT (LISTP S1)) 0 (IF (NOT (LISTP S2)) 0 (EXTENSIONALITY-KLUDGE (CDR S1) (CDR S2))))) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S1) decreases according to the well-founded relation LESSP in each recursive call. Hence, EXTENSIONALITY-KLUDGE is accepted under the principle of definition. The definition of EXTENSIONALITY-KLUDGE can be justified in another way. Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT S2) decreases according to the well-founded relation LESSP in each recursive call. Note that (NUMBERP (EXTENSIONALITY-KLUDGE S1 S2)) is a theorem. [ 0.0 0.0 0.0 ] EXTENSIONALITY-KLUDGE (PROVE-LEMMA EXTENSIONALITY-AUX6 (REWRITE) (NOT (BAD-FOR-EXT S1 S2)) ((INDUCT (EXTENSIONALITY-KLUDGE S1 S2)) (DISABLE BAD-FOR-EXT))) WARNING: Note that the rewrite rule EXTENSIONALITY-AUX6 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-EXT. WARNING: the newly proposed lemma, EXTENSIONALITY-AUX6, could be applied whenever the previously added lemma EXTENSIONALITY-AUX2 could. WARNING: the newly proposed lemma, EXTENSIONALITY-AUX6, could be applied whenever the previously added lemma EXTENSIONALITY-AUX1 could. This conjecture can be simplified, using the abbreviations NOT, OR, and AND, to three new conjectures: Case 3. (IMPLIES (NOT (LISTP S1)) (NOT (BAD-FOR-EXT S1 S2))), which simplifies, applying EXTENSIONALITY-AUX1, to: T. Case 2. (IMPLIES (AND (LISTP S1) (NOT (LISTP S2))) (NOT (BAD-FOR-EXT S1 S2))). This simplifies, rewriting with EXTENSIONALITY-AUX2, to: T. Case 1. (IMPLIES (AND (LISTP S1) (LISTP S2) (NOT (BAD-FOR-EXT (CDR S1) (CDR S2)))) (NOT (BAD-FOR-EXT S1 S2))), which simplifies, appealing to the lemma EXTENSIONALITY-AUX5, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX6 (DISABLE EXTENSIONALITY-AUX1) [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX1-OFF (DISABLE EXTENSIONALITY-AUX2) [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX2-OFF (DISABLE EXTENSIONALITY-AUX5) [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX5-OFF (DISABLE EXTENSIONALITY-AUX6) [ 0.0 0.0 0.0 ] EXTENSIONALITY-AUX6-OFF (PROVE-LEMMA EXTENSIONALITY NIL (IMPLIES (AND (SETP S1) (SETP S2) (SUBSETP S1 S2) (SUBSETP S2 S1)) (EQUAL S1 S2)) ((DO-NOT-INDUCT T) (USE (EXTENSIONALITY-AUX6 (S1 S1) (S2 S2))))) This conjecture simplifies, rewriting with the lemmas TRANSITIVITY-OF-SUBSET, TAIL-OF-A-SET, and EMPTY-IS-NIL, and unfolding the functions SETP and BAD-FOR-EXT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EXTENSIONALITY (DISABLE EXTENSIONALITY-KLUDGE) [ 0.0 0.0 0.0 ] EXTENSIONALITY-KLUDGE-OFF (DEFN SEGMENT (M N) (IF (AND (LEQ M N) (NUMBERP M) (NUMBERP N)) (CONS M (SEGMENT (ADD1 M) N)) NIL) ((LESSP (DIFFERENCE (ADD1 N) M)))) Linear arithmetic, the lemma SUB1-ADD1, and the definitions of AND and LESSP establish that the measure (DIFFERENCE (ADD1 N) M) decreases according to the well-founded relation LESSP in each recursive call. Hence, SEGMENT is accepted under the principle of definition. From the definition we can conclude that (OR (LITATOM (SEGMENT M N)) (LISTP (SEGMENT M N))) is a theorem. [ 0.0 0.0 0.0 ] SEGMENT (PROVE-LEMMA SIZE-OF-SEGMENT (REWRITE) (IMPLIES (AND (LEQ M N) (NUMBERP M) (NUMBERP N)) (EQUAL (LENGTH (SEGMENT M N)) (DIFFERENCE (ADD1 N) M)))) This formula simplifies, appealing to the lemma SUB1-ADD1, and expanding the definition of DIFFERENCE, to the following two new formulas: Case 2. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (NOT (EQUAL M 0))) (EQUAL (LENGTH (SEGMENT M N)) (DIFFERENCE N (SUB1 M)))). Appealing to the lemma SUB1-ELIM, we now replace M by (ADD1 X) to eliminate (SUB1 M). We employ the type restriction lemma noted when SUB1 was introduced to constrain the new variable. The result is: (IMPLIES (AND (NUMBERP X) (NOT (LESSP N (ADD1 X))) (NUMBERP N) (NOT (EQUAL (ADD1 X) 0))) (EQUAL (LENGTH (SEGMENT (ADD1 X) N)) (DIFFERENCE N X))). This further simplifies, applying SUB1-ADD1, and opening up the function LESSP, to: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL N 0)) (NOT (LESSP (SUB1 N) X)) (NUMBERP N)) (EQUAL (LENGTH (SEGMENT (ADD1 X) N)) (DIFFERENCE N X))). Applying the lemma SUB1-ELIM, replace N by (ADD1 Z) to eliminate (SUB1 N). We employ the type restriction lemma noted when SUB1 was introduced to restrict the new variable. This produces: (IMPLIES (AND (NUMBERP Z) (NUMBERP X) (NOT (EQUAL (ADD1 Z) 0)) (NOT (LESSP Z X))) (EQUAL (LENGTH (SEGMENT (ADD1 X) (ADD1 Z))) (DIFFERENCE (ADD1 Z) X))), which further simplifies, applying SUB1-ADD1, and opening up DIFFERENCE, to the following two new goals: Case 2.2. (IMPLIES (AND (NUMBERP Z) (NUMBERP X) (NOT (LESSP Z X)) (NOT (EQUAL X 0))) (EQUAL (LENGTH (SEGMENT (ADD1 X) (ADD1 Z))) (DIFFERENCE Z (SUB1 X)))), which we would usually push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us consider: (IMPLIES (AND (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N)) (EQUAL (LENGTH (SEGMENT M N)) (DIFFERENCE (ADD1 N) M))), which we named *1 above. We will appeal to induction. There are four plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (AND (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N)) (p (ADD1 M) N)) (p M N)) (IMPLIES (NOT (AND (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N))) (p M N))). Linear arithmetic, the lemma SUB1-ADD1, and the definitions of AND and LESSP inform us that the measure (DIFFERENCE (ADD1 N) M) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following three new conjectures: Case 3. (IMPLIES (AND (AND (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N)) (NOT (IF (LESSP N (ADD1 M)) F T)) (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N)) (EQUAL (LENGTH (SEGMENT M N)) (DIFFERENCE (ADD1 N) M))). This simplifies, applying SUB1-ADD1 and CDR-CONS, and opening up the functions AND, LESSP, EQUAL, NUMBERP, SEGMENT, LENGTH, ADD1, and DIFFERENCE, to two new goals: Case 3.2. (IMPLIES (AND (LESSP (SUB1 N) M) (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (NOT (EQUAL M 0))) (EQUAL (ADD1 (LENGTH (SEGMENT (ADD1 M) N))) (DIFFERENCE N (SUB1 M)))), which again simplifies, using linear arithmetic, to the formula: (IMPLIES (AND (LESSP (SUB1 M) M) (NOT (LESSP M M)) (NUMBERP M) (NUMBERP M) (NOT (EQUAL M 0))) (EQUAL (ADD1 (LENGTH (SEGMENT (ADD1 M) M))) (DIFFERENCE M (SUB1 M)))). This again simplifies, applying the lemma SUB1-ADD1, and expanding LESSP, SEGMENT, LENGTH, and ADD1, to: (IMPLIES (AND (LESSP (SUB1 M) M) (NOT (LESSP M M)) (NUMBERP M) (NOT (EQUAL M 0))) (EQUAL 1 (DIFFERENCE M (SUB1 M)))). But this again simplifies, using linear arithmetic, to: (IMPLIES (AND (LESSP M (SUB1 M)) (LESSP (SUB1 M) M) (NOT (LESSP M M)) (NUMBERP M) (NOT (EQUAL M 0))) (EQUAL 1 (DIFFERENCE M (SUB1 M)))). However this again simplifies, using linear arithmetic, to: T. Case 3.1. (IMPLIES (AND (LESSP (SUB1 N) M) (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL M 0)) (EQUAL (ADD1 (LENGTH (SEGMENT (ADD1 M) N))) (ADD1 N))), which again simplifies, unfolding the functions EQUAL and LESSP, to: T. Case 2. (IMPLIES (AND (AND (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N)) (EQUAL (LENGTH (SEGMENT (ADD1 M) N)) (DIFFERENCE (ADD1 N) (ADD1 M))) (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N)) (EQUAL (LENGTH (SEGMENT M N)) (DIFFERENCE (ADD1 N) M))), which simplifies, rewriting with the lemmas SUB1-ADD1 and CDR-CONS, and unfolding the definitions of AND, DIFFERENCE, SEGMENT, and LENGTH, to two new goals: Case 2.2. (IMPLIES (AND (EQUAL (LENGTH (SEGMENT (ADD1 M) N)) (DIFFERENCE N M)) (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (NOT (EQUAL M 0))) (EQUAL (ADD1 (DIFFERENCE N M)) (DIFFERENCE N (SUB1 M)))), which again simplifies, using linear arithmetic, to: (IMPLIES (AND (LESSP N (SUB1 M)) (EQUAL (LENGTH (SEGMENT (ADD1 M) N)) (DIFFERENCE N M)) (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (NOT (EQUAL M 0))) (EQUAL (ADD1 (DIFFERENCE N M)) (DIFFERENCE N (SUB1 M)))). However this again simplifies, using linear arithmetic, to: T. Case 2.1. (IMPLIES (AND (EQUAL (LENGTH (SEGMENT (ADD1 M) N)) (DIFFERENCE N M)) (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL M 0)) (EQUAL (ADD1 (DIFFERENCE N M)) (ADD1 N))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (AND (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N))) (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N)) (EQUAL (LENGTH (SEGMENT M N)) (DIFFERENCE (ADD1 N) M))), which simplifies, opening up AND, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SIZE-OF-SEGMENT (PROVE-LEMMA MEMBERS-OF-SEGMENT (REWRITE) (IMPLIES (AND (LEQ M N) (NUMBERP M) (NUMBERP N)) (EQUAL (MEMBER X (SEGMENT M N)) (AND (NUMBERP X) (LEQ X N) (LEQ M X)))) ((INDUCT (SEGMENT M N)))) This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and AND, to the following two new goals: Case 2. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (IMPLIES (AND (IF (LESSP N (ADD1 M)) F T) (NUMBERP (ADD1 M)) (NUMBERP N)) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) (AND (NUMBERP X) (IF (LESSP N X) F T) (IF (LESSP X (ADD1 M)) F T))))) (EQUAL (MEMBER X (SEGMENT M N)) (AND (NUMBERP X) (IF (LESSP N X) F T) (IF (LESSP X M) F T)))). This simplifies, appealing to the lemmas SUB1-ADD1, CDR-CONS, and CAR-CONS, and opening up the functions LESSP, AND, IMPLIES, CONS, SEGMENT, ADD1, NUMBERP, EQUAL, MEMBER, and LISTP, to the following 21 new conjectures: Case 2.21. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL N 0) (NOT (NUMBERP X)) (NOT (EQUAL M 0))) (EQUAL (MEMBER X NIL) F)). But this again simplifies, using linear arithmetic, to: T. Case 2.20. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL N 0) (NOT (EQUAL X 0)) (NOT (EQUAL M 0))) (EQUAL (MEMBER X NIL) F)), which again simplifies, using linear arithmetic, to: T. Case 2.19. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL N 0) (LESSP X M) (NOT (EQUAL M 0))) (EQUAL (MEMBER X NIL) F)), which again simplifies, using linear arithmetic, to: T. Case 2.18. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL N 0) (NOT (NUMBERP X)) (EQUAL M 0)) (EQUAL (MEMBER X '(0)) F)), which again simplifies, opening up the functions LESSP, NUMBERP, CDR, CAR, LISTP, MEMBER, and EQUAL, to: T. Case 2.17. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL N 0) (NOT (EQUAL X 0)) (EQUAL M 0)) (EQUAL (MEMBER X '(0)) F)), which again simplifies, using linear arithmetic, applying the lemma MAX-IS-LAST, and opening up LESSP, NUMBERP, LAST, SETP, and EQUAL, to the goal: (IMPLIES (AND (NOT (EQUAL X 0)) (NOT (NUMBERP X))) (EQUAL (MEMBER X '(0)) F)). This again simplifies, expanding the definitions of CDR, CAR, LISTP, MEMBER, and EQUAL, to: T. Case 2.16. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL N 0) (LESSP X M) (EQUAL M 0)) (EQUAL (MEMBER X '(0)) F)), which again simplifies, using linear arithmetic, to: T. Case 2.15. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL N 0) (NUMBERP X) (EQUAL X 0) (NOT (LESSP X M)) (NOT (EQUAL M 0))) (EQUAL (MEMBER X NIL) T)), which again simplifies, using linear arithmetic, to: T. Case 2.14. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL N 0) (NUMBERP X) (EQUAL X 0) (NOT (LESSP X M)) (EQUAL M 0)) (EQUAL (MEMBER X '(0)) T)), which again simplifies, opening up the functions LESSP, NUMBERP, MEMBER, and EQUAL, to: T. Case 2.13. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP (SUB1 N) M) (NOT (EQUAL X M)) (NUMBERP X) (NOT (LESSP N X))) (LESSP X M)), which again simplifies, using linear arithmetic, to: T. Case 2.12. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP (SUB1 N) M) (EQUAL X M)) (NOT (LESSP X M))), which again simplifies, using linear arithmetic, to: T. Case 2.11. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP (SUB1 N) M) (EQUAL X M)) (NOT (LESSP N X))), which again simplifies, obviously, to: T. Case 2.10. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP (SUB1 N) M) (EQUAL X M)) (NUMBERP X)). This again simplifies, clearly, to: T. Case 2.9. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP (SUB1 X) M) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) F) (NOT (EQUAL X M)) (NUMBERP X) (NOT (LESSP N X))) (LESSP X M)). This again simplifies, using linear arithmetic, to: T. Case 2.8. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP (SUB1 X) M) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) F) (EQUAL X M)) (NOT (LESSP X M))), which again simplifies, using linear arithmetic, to: T. Case 2.7. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP (SUB1 X) M) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) F) (EQUAL X M)) (NOT (LESSP N X))), which again simplifies, clearly, to: T. Case 2.6. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP (SUB1 X) M) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) F) (EQUAL X M)) (NUMBERP X)). This again simplifies, trivially, to: T. Case 2.5. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL X 0) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) F) (NOT (EQUAL M 0))) (NOT (EQUAL 0 M))). This again simplifies, clearly, to: T. Case 2.4. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL X 0) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) F) (NOT (EQUAL M 0))) (NOT (MEMBER 0 (SEGMENT (ADD1 M) N)))). This again simplifies, obviously, to: T. Case 2.3. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (EQUAL X 0) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) F) (EQUAL M 0) (NOT (EQUAL 0 M))) (EQUAL (MEMBER 0 (SEGMENT (ADD1 M) N)) T)). This again simplifies, clearly, to: T. Case 2.2. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (LESSP N X) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) F)) (NOT (EQUAL X M))). This again simplifies, clearly, to: T. Case 2.1. (IMPLIES (AND (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N) (NUMBERP X) (NOT (LESSP N X)) (NOT (EQUAL X 0)) (NOT (LESSP (SUB1 X) M)) (EQUAL (MEMBER X (SEGMENT (ADD1 M) N)) T)) (NOT (LESSP X M))). However this again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (AND (IF (LESSP N M) F T) (NUMBERP M) (NUMBERP N))) (NOT (LESSP N M)) (NUMBERP M) (NUMBERP N)) (EQUAL (MEMBER X (SEGMENT M N)) (AND (NUMBERP X) (IF (LESSP N X) F T) (IF (LESSP X M) F T)))), which simplifies, unfolding the function AND, to: T. Q.E.D. [ 0.0 0.2 0.0 ] MEMBERS-OF-SEGMENT (DISABLE SEGMENT) [ 0.0 0.0 0.0 ] SEGMENT-OFF (PROVE-LEMMA LENGTH-OF-SUBLIST (REWRITE) (IMPLIES (SUBLISTP LST1 LST2) (NOT (LESSP (LENGTH LST2) (LENGTH LST1)))) ((DISABLE SUBSETP SETP))) WARNING: When the linear lemma LENGTH-OF-SUBLIST is stored under (LENGTH LST2) it contains the free variable LST1 which will be chosen by instantiating the hypothesis (SUBLISTP LST1 LST2). WARNING: When the linear lemma LENGTH-OF-SUBLIST is stored under (LENGTH LST1) it contains the free variable LST2 which will be chosen by instantiating the hypothesis (SUBLISTP LST1 LST2). WARNING: Note that the proposed lemma LENGTH-OF-SUBLIST is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. Call the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST2) (p (CDR LST2) LST1) (p (CDR LST2) (CDR LST1))) (p LST2 LST1)) (IMPLIES (NOT (LISTP LST2)) (p LST2 LST1))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT LST2) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for LST1. The above induction scheme leads to five new goals: Case 5. (IMPLIES (AND (LISTP LST2) (NOT (SUBLISTP LST1 (CDR LST2))) (NOT (SUBLISTP (CDR LST1) (CDR LST2))) (SUBLISTP LST1 LST2)) (NOT (LESSP (LENGTH LST2) (LENGTH LST1)))), which simplifies, opening up the definition of SUBLISTP, to: T. Case 4. (IMPLIES (AND (LISTP LST2) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH LST1))) (NOT (SUBLISTP (CDR LST1) (CDR LST2))) (SUBLISTP LST1 LST2)) (NOT (LESSP (LENGTH LST2) (LENGTH LST1)))), which simplifies, applying SUB1-ADD1, and unfolding SUBLISTP, LENGTH, and LESSP, to the new conjecture: (IMPLIES (AND (LISTP LST2) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH LST1))) (NOT (SUBLISTP (CDR LST1) (CDR LST2))) (SUBLISTP LST1 (CDR LST2)) (NOT (EQUAL (LENGTH LST1) 0))) (NOT (LESSP (LENGTH (CDR LST2)) (SUB1 (LENGTH LST1))))), which again simplifies, using linear arithmetic, to: T. Case 3. (IMPLIES (AND (LISTP LST2) (NOT (SUBLISTP LST1 (CDR LST2))) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH (CDR LST1)))) (SUBLISTP LST1 LST2)) (NOT (LESSP (LENGTH LST2) (LENGTH LST1)))), which simplifies, applying the lemma SUB1-ADD1, and opening up SUBLISTP, LENGTH, and LESSP, to: (IMPLIES (AND (LISTP LST2) (NOT (SUBLISTP LST1 (CDR LST2))) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH (CDR LST1)))) (LISTP LST1) (EQUAL (CAR LST1) (CAR LST2)) (SUBLISTP (CDR LST1) (CDR LST2)) (NOT (EQUAL (LENGTH LST1) 0))) (NOT (LESSP (LENGTH (CDR LST2)) (SUB1 (LENGTH LST1))))). But this further simplifies, rewriting with the lemma SUB1-ADD1, and expanding the definition of LENGTH, to: T. Case 2. (IMPLIES (AND (LISTP LST2) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH LST1))) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH (CDR LST1)))) (SUBLISTP LST1 LST2)) (NOT (LESSP (LENGTH LST2) (LENGTH LST1)))), which simplifies, applying SUB1-ADD1, and expanding the definitions of SUBLISTP, LENGTH, and LESSP, to the following two new conjectures: Case 2.2. (IMPLIES (AND (LISTP LST2) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH LST1))) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH (CDR LST1)))) (SUBLISTP LST1 (CDR LST2)) (NOT (EQUAL (LENGTH LST1) 0))) (NOT (LESSP (LENGTH (CDR LST2)) (SUB1 (LENGTH LST1))))). However this again simplifies, using linear arithmetic, to: T. Case 2.1. (IMPLIES (AND (LISTP LST2) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH LST1))) (NOT (LESSP (LENGTH (CDR LST2)) (LENGTH (CDR LST1)))) (LISTP LST1) (EQUAL (CAR LST1) (CAR LST2)) (SUBLISTP (CDR LST1) (CDR LST2)) (NOT (EQUAL (LENGTH LST1) 0))) (NOT (LESSP (LENGTH (CDR LST2)) (SUB1 (LENGTH LST1))))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP LST2)) (SUBLISTP LST1 LST2)) (NOT (LESSP (LENGTH LST2) (LENGTH LST1)))), which simplifies, unfolding SUBLISTP, LENGTH, EQUAL, and LESSP, to: (IMPLIES (AND (NOT (LISTP LST2)) (NOT (LISTP LST1))) (EQUAL (LENGTH LST1) 0)). But this further simplifies, opening up the definitions of LENGTH and EQUAL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] LENGTH-OF-SUBLIST (PROVE-LEMMA LENGTH-OF-SUBSET (REWRITE) (IMPLIES (AND (SETP X) (SETP Y) (SUBSETP X Y)) (NOT (LESSP (LENGTH Y) (LENGTH X)))) ((DO-NOT-INDUCT T) (USE (LENGTH-OF-SUBLIST (LST1 X) (LST2 Y)) (SUBSET-IMPLIES-SUBLIST (SET1 X) (SET2 Y))))) WARNING: When the linear lemma LENGTH-OF-SUBSET is stored under (LENGTH Y) it contains the free variable X which will be chosen by instantiating the hypothesis (SETP X). WARNING: When the linear lemma LENGTH-OF-SUBSET is stored under (LENGTH X) it contains the free variable Y which will be chosen by instantiating the hypothesis (SETP Y). WARNING: Note that the proposed lemma LENGTH-OF-SUBSET is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This simplifies, rewriting with ALL-SUBSETS and ONLY-SUBLISTS, and opening up the definitions of NOT and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LENGTH-OF-SUBSET (PROVE-LEMMA EMPTY-SUBSET (REWRITE) (IMPLIES (NOT (LISTP S1)) (SUBSETP S1 S2))) This simplifies, unfolding SUBSETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EMPTY-SUBSET (PROVE-LEMMA CAR-BEFORE-CADR (REWRITE) (IMPLIES (AND (LISTP (CDR S)) (SETP S)) (LESSP (CAR S) (CADR S)))) WARNING: Note that the proposed lemma CAR-BEFORE-CADR is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This simplifies, unfolding the functions SETP, CAR, CDR, and LESSP, to: (IMPLIES (AND (LISTP (CDR S)) (NOT (LISTP S))) (NOT (EQUAL S NIL))), which again simplifies, opening up CDR and LISTP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-BEFORE-CADR (PROVE-LEMMA CDR-CDR-SUBSET-AUX1 NIL (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2)) (OR (EQUAL (CAR S2) (CAR S1)) (LESSP (CAR S2) (CAR S1)))) ((DO-NOT-INDUCT T) (USE (COMPARE-FIRST-ELTS (S1 S1) (S2 S2))))) This simplifies, using linear arithmetic and rewriting with COMPARE-FIRST-ELTS, to the following three new conjectures: Case 3. (IMPLIES (AND (NOT (NUMBERP (CAR S2))) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2)) (NOT (LESSP (CAR S1) (CAR S2)))) (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2) (NOT (EQUAL (CAR S2) (CAR S1)))) (LESSP (CAR S2) (CAR S1))). This again simplifies, applying TAIL-OF-A-SET, NON-EMPTY-SUBSET, CDR-IS-SUBSET, and TRANSITIVITY-OF-SUBSET, and opening up SETP, SUBSETP, MEMBER, AND, LESSP, NOT, and IMPLIES, to: T. Case 2. (IMPLIES (AND (NOT (NUMBERP (CAR S1))) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2)) (NOT (LESSP (CAR S1) (CAR S2)))) (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2) (NOT (EQUAL (CAR S2) (CAR S1)))) (LESSP (CAR S2) (CAR S1))). This again simplifies, appealing to the lemmas TAIL-OF-A-SET, NON-EMPTY-SUBSET, CDR-IS-SUBSET, and TRANSITIVITY-OF-SUBSET, and expanding the functions SETP, SUBSETP, MEMBER, AND, LESSP, NOT, and IMPLIES, to: T. Case 1. (IMPLIES (AND (NUMBERP (CAR S1)) (NUMBERP (CAR S2)) (EQUAL (CAR S2) (CAR S1)) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2)) (NOT (LESSP (CAR S1) (CAR S1)))) (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2) (NOT (EQUAL (CAR S1) (CAR S1)))) (LESSP (CAR S1) (CAR S1))), which again simplifies, trivially, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDR-CDR-SUBSET-AUX1 (PROVE-LEMMA CDR-CDR-SUBSET (REWRITE) (IMPLIES (AND (SETP S1) (SETP S2) (LISTP S1) (SUBSETP S1 S2)) (SUBSETP (CDR S1) (CDR S2))) ((DO-NOT-INDUCT T) (USE (CDR-CDR-SUBSET-AUX1 (S1 S1) (S2 S2))) (DISABLE SUBSETP SETP))) WARNING: the newly proposed lemma, CDR-CDR-SUBSET, could be applied whenever the previously added lemma SAME-CARS-IN-SUBSET could. This conjecture simplifies, applying SAME-CARS-IN-SUBSET, SMALLER-CARS-IN-SUBSET, and CDR-OF-SUBSET, and expanding AND, OR, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDR-CDR-SUBSET (DISABLE CDR-CDR-SUBSET-AUX1) [ 0.0 0.0 0.0 ] CDR-CDR-SUBSET-AUX1-OFF (DISABLE SUBSETP) [ 0.0 0.0 0.0 ] SUBSETP-OFF (DISABLE SETP) [ 0.0 0.0 0.0 ] SETP-OFF (DISABLE MAX-IS-LAST) [ 0.0 0.0 0.0 ] MAX-IS-LAST-OFF (DISABLE TAIL-OF-A-SET) [ 0.0 0.0 0.0 ] TAIL-OF-A-SET-OFF (DISABLE INCREASING) [ 0.0 0.0 0.0 ] INCREASING-OFF (DISABLE COMPARE-FIRST-ELTS) [ 0.0 0.0 0.0 ] COMPARE-FIRST-ELTS-OFF (PROVE-LEMMA IRREFLEX (REWRITE) (NOT (ORD-LESSP X X))) Name the conjecture *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NOT (LISTP X)) (p X)) (IMPLIES (AND (LISTP X) (ORD-LESSP (CAR X) (CAR X)) (p (CAR X))) (p X)) (IMPLIES (AND (LISTP X) (NOT (ORD-LESSP (CAR X) (CAR X))) (p (CAR X)) (p (CDR X))) (p X))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP can be used to show that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new goals: Case 2. (IMPLIES (NOT (LISTP X)) (NOT (ORD-LESSP X X))), which simplifies, unfolding the definition of ORD-LESSP, to the goal: (IMPLIES (NOT (LISTP X)) (NOT (LESSP X X))). This again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (LISTP X) (NOT (ORD-LESSP (CAR X) (CAR X))) (NOT (ORD-LESSP (CDR X) (CDR X)))) (NOT (ORD-LESSP X X))), which simplifies, unfolding ORD-LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] IRREFLEX (PROVE-LEMMA NOCYCLE (REWRITE) (NOT (AND (ORD-LESSP X Y) (ORD-LESSP Y X)))) WARNING: Note that the rewrite rule NOCYCLE will be stored so as to apply only to terms with the nonrecursive function symbol AND. Name the conjecture *1. Perhaps we can prove it by induction. There are four plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP X)) (NOT (LISTP Y))) (p Y X)) (IMPLIES (AND (NOT (LISTP X)) (LISTP Y)) (p Y X)) (IMPLIES (AND (LISTP X) (NOT (LISTP Y))) (p Y X)) (IMPLIES (AND (LISTP X) (LISTP Y) (ORD-LESSP (CAR X) (CAR Y)) (p (CAR Y) (CAR X))) (p Y X)) (IMPLIES (AND (LISTP X) (LISTP Y) (NOT (ORD-LESSP (CAR X) (CAR Y))) (p (CAR Y) (CAR X)) (p (CDR Y) (CDR X))) (p Y X))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP establish that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for Y. The above induction scheme produces the following six new goals: Case 6. (IMPLIES (AND (NOT (LISTP X)) (NOT (LISTP Y)) (ORD-LESSP X Y)) (NOT (ORD-LESSP Y X))). This simplifies, expanding ORD-LESSP, to: (IMPLIES (AND (NOT (LISTP X)) (NOT (LISTP Y)) (LESSP X Y)) (NOT (LESSP Y X))), which again simplifies, using linear arithmetic, to: T. Case 5. (IMPLIES (AND (NOT (LISTP X)) (LISTP Y) (ORD-LESSP X Y)) (NOT (ORD-LESSP Y X))), which simplifies, expanding the function ORD-LESSP, to: T. Case 4. (IMPLIES (AND (LISTP X) (NOT (LISTP Y)) (ORD-LESSP X Y)) (NOT (ORD-LESSP Y X))), which simplifies, expanding ORD-LESSP, to: T. Case 3. (IMPLIES (AND (LISTP X) (LISTP Y) (ORD-LESSP (CAR X) (CAR Y)) (NOT (ORD-LESSP (CAR Y) (CAR X))) (ORD-LESSP X Y)) (NOT (ORD-LESSP Y X))), which simplifies, unfolding ORD-LESSP, to: (IMPLIES (AND (LISTP X) (LISTP Y) (ORD-LESSP (CAR X) (CAR Y)) (NOT (ORD-LESSP (CAR Y) (CAR X))) (EQUAL (CAR Y) (CAR X))) (NOT (ORD-LESSP (CDR Y) (CDR X)))). But this further simplifies, rewriting with IRREFLEX, to: T. Case 2. (IMPLIES (AND (LISTP X) (LISTP Y) (NOT (ORD-LESSP (CAR X) (CAR Y))) (NOT (ORD-LESSP (CDR X) (CDR Y))) (ORD-LESSP X Y)) (NOT (ORD-LESSP Y X))). This simplifies, opening up the definition of ORD-LESSP, to: T. Case 1. (IMPLIES (AND (LISTP X) (LISTP Y) (NOT (ORD-LESSP (CAR X) (CAR Y))) (NOT (ORD-LESSP (CDR Y) (CDR X))) (ORD-LESSP X Y)) (NOT (ORD-LESSP Y X))). This simplifies, unfolding the definition of ORD-LESSP, to the new formula: (IMPLIES (AND (LISTP X) (LISTP Y) (NOT (ORD-LESSP (CAR X) (CAR Y))) (NOT (ORD-LESSP (CDR Y) (CDR X))) (EQUAL (CAR X) (CAR Y)) (ORD-LESSP (CDR X) (CDR Y))) (NOT (ORD-LESSP (CAR Y) (CAR X)))), which further simplifies, rewriting with IRREFLEX, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] NOCYCLE (PROVE-LEMMA NO-CYCLE-ALT (REWRITE) (IMPLIES (ORD-LESSP Y X) (NOT (ORD-LESSP X Y)))) Name the conjecture *1. Perhaps we can prove it by induction. There are four plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP Y)) (NOT (LISTP X))) (p X Y)) (IMPLIES (AND (NOT (LISTP Y)) (LISTP X)) (p X Y)) (IMPLIES (AND (LISTP Y) (NOT (LISTP X))) (p X Y)) (IMPLIES (AND (LISTP Y) (LISTP X) (ORD-LESSP (CAR Y) (CAR X)) (p (CAR X) (CAR Y))) (p X Y)) (IMPLIES (AND (LISTP Y) (LISTP X) (NOT (ORD-LESSP (CAR Y) (CAR X))) (p (CAR X) (CAR Y)) (p (CDR X) (CDR Y))) (p X Y))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP establish that the measure (COUNT Y) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for X. The above induction scheme produces the following six new goals: Case 6. (IMPLIES (AND (NOT (LISTP Y)) (NOT (LISTP X)) (ORD-LESSP Y X)) (NOT (ORD-LESSP X Y))). This simplifies, expanding ORD-LESSP, to: (IMPLIES (AND (NOT (LISTP Y)) (NOT (LISTP X)) (LESSP Y X)) (NOT (LESSP X Y))), which again simplifies, using linear arithmetic, to: T. Case 5. (IMPLIES (AND (NOT (LISTP Y)) (LISTP X) (ORD-LESSP Y X)) (NOT (ORD-LESSP X Y))), which simplifies, expanding the function ORD-LESSP, to: T. Case 4. (IMPLIES (AND (LISTP Y) (NOT (LISTP X)) (ORD-LESSP Y X)) (NOT (ORD-LESSP X Y))), which simplifies, expanding ORD-LESSP, to: T. Case 3. (IMPLIES (AND (LISTP Y) (LISTP X) (ORD-LESSP (CAR Y) (CAR X)) (NOT (ORD-LESSP (CAR X) (CAR Y))) (ORD-LESSP Y X)) (NOT (ORD-LESSP X Y))), which simplifies, unfolding ORD-LESSP, to: (IMPLIES (AND (LISTP Y) (LISTP X) (ORD-LESSP (CAR Y) (CAR X)) (NOT (ORD-LESSP (CAR X) (CAR Y))) (EQUAL (CAR X) (CAR Y))) (NOT (ORD-LESSP (CDR X) (CDR Y)))). But this further simplifies, rewriting with IRREFLEX, to: T. Case 2. (IMPLIES (AND (LISTP Y) (LISTP X) (NOT (ORD-LESSP (CAR Y) (CAR X))) (NOT (ORD-LESSP (CDR Y) (CDR X))) (ORD-LESSP Y X)) (NOT (ORD-LESSP X Y))). This simplifies, opening up the definition of ORD-LESSP, to: T. Case 1. (IMPLIES (AND (LISTP Y) (LISTP X) (NOT (ORD-LESSP (CAR Y) (CAR X))) (NOT (ORD-LESSP (CDR X) (CDR Y))) (ORD-LESSP Y X)) (NOT (ORD-LESSP X Y))). This simplifies, unfolding the definition of ORD-LESSP, to the new formula: (IMPLIES (AND (LISTP Y) (LISTP X) (NOT (ORD-LESSP (CAR Y) (CAR X))) (NOT (ORD-LESSP (CDR X) (CDR Y))) (EQUAL (CAR Y) (CAR X)) (ORD-LESSP (CDR Y) (CDR X))) (NOT (ORD-LESSP (CAR X) (CAR Y)))), which further simplifies, rewriting with IRREFLEX, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] NO-CYCLE-ALT (PROVE-LEMMA TRICHOTOMY (REWRITE) (IMPLIES (AND (ORDINALP SIGMA) (ORDINALP TAU)) (OR (EQUAL SIGMA TAU) (ORD-LESSP SIGMA TAU) (ORD-LESSP TAU SIGMA)))) WARNING: Note that the rewrite rule TRICHOTOMY will be stored so as to apply only to terms with the nonrecursive function symbol OR. Give the conjecture the name *1. We will appeal to induction. Six inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP SIGMA)) (NOT (LISTP TAU))) (p TAU SIGMA)) (IMPLIES (AND (NOT (LISTP SIGMA)) (LISTP TAU)) (p TAU SIGMA)) (IMPLIES (AND (LISTP SIGMA) (NOT (LISTP TAU))) (p TAU SIGMA)) (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (ORD-LESSP (CAR SIGMA) (CAR TAU)) (p (CAR TAU) (CAR SIGMA))) (p TAU SIGMA)) (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (p (CAR TAU) (CAR SIGMA)) (p (CDR TAU) (CDR SIGMA))) (p TAU SIGMA))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP can be used to establish that the measure (COUNT SIGMA) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for TAU. The above induction scheme leads to 24 new goals: Case 24.(IMPLIES (AND (NOT (LISTP SIGMA)) (NOT (LISTP TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding the functions ORDINALP and ORD-LESSP, to: (IMPLIES (AND (NOT (LISTP SIGMA)) (NOT (LISTP TAU)) (NUMBERP SIGMA) (NUMBERP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (LESSP SIGMA TAU))) (LESSP TAU SIGMA)). But this again simplifies, using linear arithmetic, to: T. Case 23.(IMPLIES (AND (NOT (LISTP SIGMA)) (LISTP TAU) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding ORDINALP and ORD-LESSP, to: T. Case 22.(IMPLIES (AND (LISTP SIGMA) (NOT (LISTP TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding ORDINALP and ORD-LESSP, to: T. Case 21.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR SIGMA))) (NOT (ORDINALP (CDR SIGMA))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding ORDINALP, to: T. Case 20.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR TAU))) (NOT (ORDINALP (CDR SIGMA))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding the function ORDINALP, to: T. Case 19.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (EQUAL (CAR SIGMA) (CAR TAU)) (NOT (ORDINALP (CDR SIGMA))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding the function ORDINALP, to: T. Case 18.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (ORD-LESSP (CAR TAU) (CAR SIGMA)) (NOT (ORDINALP (CDR SIGMA))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding ORDINALP, to: T. Case 17.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR SIGMA))) (NOT (ORDINALP (CDR TAU))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding the definition of ORDINALP, to: T. Case 16.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR TAU))) (NOT (ORDINALP (CDR TAU))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding ORDINALP, to: T. Case 15.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (EQUAL (CAR SIGMA) (CAR TAU)) (NOT (ORDINALP (CDR TAU))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding the definition of ORDINALP, to: T. Case 14.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (ORD-LESSP (CAR TAU) (CAR SIGMA)) (NOT (ORDINALP (CDR TAU))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding ORDINALP, to: T. Case 13.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR SIGMA))) (EQUAL (CDR SIGMA) (CDR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, opening up the definition of ORDINALP, to: T. Case 12.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR TAU))) (EQUAL (CDR SIGMA) (CDR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding the definition of ORDINALP, to: T. Case 11.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (EQUAL (CAR SIGMA) (CAR TAU)) (EQUAL (CDR SIGMA) (CDR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding the function ORDINALP, to: T. Case 10.(IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (ORD-LESSP (CAR TAU) (CAR SIGMA)) (EQUAL (CDR SIGMA) (CDR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding the definitions of ORDINALP and ORD-LESSP, to: T. Case 9. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR SIGMA))) (ORD-LESSP (CDR SIGMA) (CDR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, opening up ORDINALP, to: T. Case 8. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR TAU))) (ORD-LESSP (CDR SIGMA) (CDR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding the definition of ORDINALP, to: T. Case 7. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (EQUAL (CAR SIGMA) (CAR TAU)) (ORD-LESSP (CDR SIGMA) (CDR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding ORDINALP and ORD-LESSP, to: T. Case 6. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (ORD-LESSP (CAR TAU) (CAR SIGMA)) (ORD-LESSP (CDR SIGMA) (CDR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding the functions ORDINALP and ORD-LESSP, to: T. Case 5. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR SIGMA))) (ORD-LESSP (CDR TAU) (CDR SIGMA)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, expanding the definition of ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (NOT (ORDINALP (CAR TAU))) (ORD-LESSP (CDR TAU) (CDR SIGMA)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, opening up the function ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (EQUAL (CAR SIGMA) (CAR TAU)) (ORD-LESSP (CDR TAU) (CDR SIGMA)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding the functions ORDINALP and ORD-LESSP, to: T. Case 2. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (ORD-LESSP (CAR SIGMA) (CAR TAU)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, opening up the functions ORDINALP and ORD-LESSP, to: T. Case 1. (IMPLIES (AND (LISTP SIGMA) (LISTP TAU) (NOT (ORD-LESSP (CAR SIGMA) (CAR TAU))) (ORD-LESSP (CAR TAU) (CAR SIGMA)) (ORD-LESSP (CDR TAU) (CDR SIGMA)) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (EQUAL SIGMA TAU)) (NOT (ORD-LESSP SIGMA TAU))) (ORD-LESSP TAU SIGMA)), which simplifies, unfolding the functions ORDINALP and ORD-LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] TRICHOTOMY (PROVE-LEMMA TRANSITIVITY (REWRITE) (IMPLIES (AND (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA))) WARNING: Note that TRANSITIVITY contains the free variable BETA which will be chosen by instantiating the hypothesis (ORD-LESSP ALPHA BETA). Call the conjecture *1. Perhaps we can prove it by induction. Six inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA))) (p ALPHA GAMMA BETA)) (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA)) (p ALPHA GAMMA BETA)) (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA))) (p ALPHA GAMMA BETA)) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (p (CAR ALPHA) (CAR GAMMA) (CAR BETA))) (p ALPHA GAMMA BETA)) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (p (CAR ALPHA) (CAR GAMMA) (CAR BETA)) (p (CDR ALPHA) (CDR GAMMA) (CDR BETA))) (p ALPHA GAMMA BETA))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP can be used to prove that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for GAMMA and BETA. The above induction scheme leads to eight new goals: Case 8. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)), which simplifies, opening up the definition of ORD-LESSP, to the conjecture: (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (LESSP ALPHA BETA) (LESSP BETA GAMMA) (NOT (LISTP GAMMA))) (LESSP ALPHA GAMMA)). However this again simplifies, using linear arithmetic, to: T. Case 7. (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)), which simplifies, opening up the function ORD-LESSP, to: T. Case 6. (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA)) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)), which simplifies, applying the lemma NO-CYCLE-ALT, and opening up ORD-LESSP, to: T. Case 5. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (NOT (ORD-LESSP (CAR BETA) (CAR GAMMA))) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)), which simplifies, opening up the definition of ORD-LESSP, to two new formulas: Case 5.2. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (NOT (ORD-LESSP (CAR BETA) (CAR GAMMA))) (LISTP GAMMA) (EQUAL (CAR BETA) (CAR GAMMA)) (ORD-LESSP (CDR BETA) (CDR GAMMA)) (NOT (ORD-LESSP (CAR ALPHA) (CAR GAMMA)))) (ORD-LESSP (CDR ALPHA) (CDR GAMMA))), which further simplifies, rewriting with the lemma IRREFLEX, to: T. Case 5.1. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (NOT (ORD-LESSP (CAR BETA) (CAR GAMMA))) (LISTP GAMMA) (EQUAL (CAR BETA) (CAR GAMMA)) (ORD-LESSP (CDR BETA) (CDR GAMMA)) (NOT (ORD-LESSP (CAR ALPHA) (CAR GAMMA)))) (EQUAL (CAR ALPHA) (CAR BETA))), which further simplifies, applying IRREFLEX, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (ORD-LESSP (CAR ALPHA) (CAR GAMMA)) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)). This simplifies, expanding ORD-LESSP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (NOT (ORD-LESSP (CDR ALPHA) (CDR BETA))) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)). This simplifies, expanding the definition of ORD-LESSP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (NOT (ORD-LESSP (CDR BETA) (CDR GAMMA))) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)). This simplifies, unfolding ORD-LESSP, to the following two new goals: Case 2.2. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (NOT (ORD-LESSP (CDR BETA) (CDR GAMMA))) (EQUAL (CAR ALPHA) (CAR BETA)) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (LISTP GAMMA) (ORD-LESSP (CAR BETA) (CAR GAMMA)) (NOT (ORD-LESSP (CAR ALPHA) (CAR GAMMA)))) (ORD-LESSP (CDR ALPHA) (CDR GAMMA))). But this further simplifies, rewriting with IRREFLEX, to: T. Case 2.1. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (NOT (ORD-LESSP (CDR BETA) (CDR GAMMA))) (EQUAL (CAR ALPHA) (CAR BETA)) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (LISTP GAMMA) (ORD-LESSP (CAR BETA) (CAR GAMMA)) (NOT (ORD-LESSP (CAR ALPHA) (CAR GAMMA)))) (EQUAL (CAR ALPHA) (CAR GAMMA))). This further simplifies, rewriting with IRREFLEX, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORD-LESSP (CDR ALPHA) (CDR GAMMA)) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)). This simplifies, opening up the function ORD-LESSP, to: (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORD-LESSP (CDR ALPHA) (CDR GAMMA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (LISTP GAMMA) (ORD-LESSP (CAR BETA) (CAR GAMMA)) (NOT (ORD-LESSP (CAR ALPHA) (CAR GAMMA)))) (EQUAL (CAR ALPHA) (CAR GAMMA))), which further simplifies, applying IRREFLEX, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] TRANSITIVITY (PROVE-LEMMA TRANSITIVITY-ALT (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP GAMMA) (NOT (ORD-LESSP BETA ALPHA)) (ORD-LESSP BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)) ((DO-NOT-INDUCT T) (USE (TRICHOTOMY (SIGMA ALPHA) (TAU BETA))) (DISABLE TRICHOTOMY))) WARNING: Note that TRANSITIVITY-ALT contains the free variable BETA which will be chosen by instantiating the hypothesis (ORDINALP BETA). This simplifies, rewriting with the lemmas IRREFLEX, NO-CYCLE-ALT, and TRANSITIVITY, and expanding AND, OR, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] TRANSITIVITY-ALT (PROVE-LEMMA ORDS-BELOW-2 NIL (IMPLIES (AND (ORDINALP ALPHA) (NOT (ORD-LESSP 1 ALPHA))) (OR (EQUAL ALPHA 0) (EQUAL ALPHA 1)))) This formula simplifies, unfolding the functions LISTP and ORD-LESSP, to: (IMPLIES (AND (ORDINALP ALPHA) (NOT (LISTP ALPHA)) (NOT (LESSP 1 ALPHA)) (NOT (EQUAL ALPHA 0))) (EQUAL ALPHA 1)). However this again simplifies, using linear arithmetic, to the goal: (IMPLIES (AND (NOT (NUMBERP ALPHA)) (ORDINALP ALPHA) (NOT (LISTP ALPHA)) (NOT (LESSP 1 ALPHA)) (NOT (EQUAL ALPHA 0))) (EQUAL ALPHA 1)). However this again simplifies, unfolding the definition of ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ORDS-BELOW-2 (PROVE-LEMMA POSTIVE-ORD-LESSP (REWRITE) (IMPLIES (AND (ORDINALP GAMMA) (ORDINALP DELTA) (ORD-LESSP GAMMA DELTA)) (ORD-LESSP 0 DELTA))) WARNING: Note that POSTIVE-ORD-LESSP contains the free variable GAMMA which will be chosen by instantiating the hypothesis (ORDINALP GAMMA). This simplifies, unfolding the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to the following two new formulas: Case 2. (IMPLIES (AND (ORDINALP GAMMA) (ORDINALP DELTA) (ORD-LESSP GAMMA DELTA) (NOT (LISTP DELTA))) (NUMBERP DELTA)). But this again simplifies, opening up the function ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP GAMMA) (ORDINALP DELTA) (ORD-LESSP GAMMA DELTA) (NOT (LISTP DELTA))) (NOT (EQUAL DELTA 0))), which again simplifies, opening up the definitions of ORDINALP, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] POSTIVE-ORD-LESSP (DEFN SUCCESSORP (ALPHA) (IF (LISTP ALPHA) (SUCCESSORP (CDR ALPHA)) (LESSP 0 ALPHA))) Linear arithmetic and the lemma CDR-LESSP can be used to establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, SUCCESSORP is accepted under the principle of definition. From the definition we can conclude that: (OR (FALSEP (SUCCESSORP ALPHA)) (TRUEP (SUCCESSORP ALPHA))) is a theorem. [ 0.0 0.0 0.0 ] SUCCESSORP (DEFN LIMITP (ALPHA) (AND (LISTP ALPHA) (NOT (SUCCESSORP ALPHA)))) From the definition we can conclude that: (OR (FALSEP (LIMITP ALPHA)) (TRUEP (LIMITP ALPHA))) is a theorem. [ 0.0 0.0 0.0 ] LIMITP (PROVE-LEMMA SUCCESSORS-ARE-POSITIVE (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP 0 ALPHA))) This simplifies, unfolding the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to the following two new goals: Case 2. (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)). This again simplifies, opening up the definition of ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP ALPHA))) (NOT (EQUAL ALPHA 0))), which again simplifies, opening up the definitions of ORDINALP and SUCCESSORP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUCCESSORS-ARE-POSITIVE (PROVE-LEMMA THREE-KINDS (REWRITE) (IMPLIES (ORDINALP ALPHA) (OR (LIMITP ALPHA) (SUCCESSORP ALPHA) (EQUAL ALPHA 0)))) WARNING: Note that the rewrite rule THREE-KINDS will be stored so as to apply only to terms with the nonrecursive function symbol OR. This formula simplifies, expanding LIMITP, LESSP, EQUAL, and SUCCESSORP, to: (IMPLIES (AND (ORDINALP ALPHA) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)). This again simplifies, expanding the definition of ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] THREE-KINDS (DEFN SUCCESSOR (ALPHA) (IF (LISTP ALPHA) (CONS (CAR ALPHA) (SUCCESSOR (CDR ALPHA))) (ADD1 ALPHA))) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, SUCCESSOR is accepted under the definitional principle. From the definition we can conclude that: (OR (NUMBERP (SUCCESSOR ALPHA)) (LISTP (SUCCESSOR ALPHA))) is a theorem. [ 0.0 0.0 0.0 ] SUCCESSOR (PROVE-LEMMA SUCCESSOR-IS-AN-ORDINAL (REWRITE) (IMPLIES (ORDINALP ALPHA) (ORDINALP (SUCCESSOR ALPHA)))) Give the conjecture the name *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following five new conjectures: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (ORDINALP (SUCCESSOR ALPHA))). This simplifies, expanding the function ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (SUCCESSOR (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (ORDINALP (SUCCESSOR ALPHA))). This simplifies, opening up ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP (SUCCESSOR (CAR ALPHA))) (ORDINALP ALPHA)) (ORDINALP (SUCCESSOR ALPHA))). This simplifies, unfolding the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (SUCCESSOR (CDR ALPHA))) (ORDINALP (SUCCESSOR (CAR ALPHA))) (ORDINALP ALPHA)) (ORDINALP (SUCCESSOR ALPHA))). This simplifies, rewriting with CDR-CONS and CAR-CONS, and expanding the functions ORDINALP and SUCCESSOR, to two new goals: Case 2.2. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (SUCCESSOR (CDR ALPHA))) (ORDINALP (SUCCESSOR (CAR ALPHA))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (LISTP (SUCCESSOR (CDR ALPHA)))) (NOT (ORD-LESSP (CAR ALPHA) (CAR (SUCCESSOR (CDR ALPHA)))))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS Z X) to eliminate (CDR ALPHA) and (CAR ALPHA) and X by (CONS V W) to eliminate (CAR X) and (CDR X). This produces the following two new formulas: Case 2.2.2. (IMPLIES (AND (NOT (LISTP X)) (ORDINALP (SUCCESSOR X)) (ORDINALP (SUCCESSOR Z)) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP X) (NOT (ORD-LESSP Z (CAR X))) (LISTP (SUCCESSOR X))) (NOT (ORD-LESSP Z (CAR (SUCCESSOR X))))). However this further simplifies, using linear arithmetic, applying CAR-NLISTP and NO-CYCLE-ALT, and expanding the functions SUCCESSOR, ORDINALP, ORD-LESSP, and LISTP, to: T. Case 2.2.1. (IMPLIES (AND (ORDINALP (SUCCESSOR (CONS V W))) (ORDINALP (SUCCESSOR Z)) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP (CONS V W)) (NOT (ORD-LESSP Z V)) (LISTP (SUCCESSOR (CONS V W)))) (NOT (ORD-LESSP Z (CAR (SUCCESSOR (CONS V W)))))). However this further simplifies, rewriting with CDR-CONS and CAR-CONS, and opening up the definitions of SUCCESSOR and ORDINALP, to: T. Case 2.1. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (SUCCESSOR (CDR ALPHA))) (ORDINALP (SUCCESSOR (CAR ALPHA))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (LISTP (SUCCESSOR (CDR ALPHA)))) (NOT (ORD-LESSP (CAR ALPHA) (CAR (SUCCESSOR (CDR ALPHA)))))). This further simplifies, opening up the definitions of SUCCESSOR and ORDINALP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA)) (ORDINALP (SUCCESSOR ALPHA))), which simplifies, unfolding ORDINALP and SUCCESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.3 0.0 ] SUCCESSOR-IS-AN-ORDINAL (PROVE-LEMMA SUCCESSOR-IS-A-SUCCESSOR (REWRITE) (SUCCESSORP (SUCCESSOR ALPHA))) Call the conjecture *1. Let us appeal to the induction principle. There is only one suggested induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new goals: Case 2. (IMPLIES (AND (LISTP ALPHA) (SUCCESSORP (SUCCESSOR (CDR ALPHA)))) (SUCCESSORP (SUCCESSOR ALPHA))), which simplifies, applying CDR-CONS, and expanding the functions SUCCESSOR and SUCCESSORP, to: T. Case 1. (IMPLIES (NOT (LISTP ALPHA)) (SUCCESSORP (SUCCESSOR ALPHA))). This simplifies, expanding SUCCESSOR, LESSP, EQUAL, and SUCCESSORP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SUCCESSOR-IS-A-SUCCESSOR (PROVE-LEMMA SUCCESSOR-IS-BIGGER (REWRITE) (ORD-LESSP ALPHA (SUCCESSOR ALPHA))) Name the conjecture *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP (SUCCESSOR ALPHA)))) (p ALPHA)) (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP (SUCCESSOR ALPHA))) (p ALPHA)) (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP (SUCCESSOR ALPHA)))) (p ALPHA)) (IMPLIES (AND (LISTP ALPHA) (LISTP (SUCCESSOR ALPHA)) (ORD-LESSP (CAR ALPHA) (CAR (SUCCESSOR ALPHA))) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (AND (LISTP ALPHA) (LISTP (SUCCESSOR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CAR (SUCCESSOR ALPHA)))) (p (CAR ALPHA)) (p (CDR ALPHA))) (p ALPHA))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP can be used to show that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to five new goals: Case 5. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP (SUCCESSOR ALPHA)))) (ORD-LESSP ALPHA (SUCCESSOR ALPHA))), which simplifies, rewriting with SUB1-ADD1, and expanding the functions SUCCESSOR, LESSP, and ORD-LESSP, to: (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (EQUAL ALPHA 0)) (NUMBERP ALPHA)) (LESSP (SUB1 ALPHA) ALPHA)), which again simplifies, using linear arithmetic, to: T. Case 4. (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP (SUCCESSOR ALPHA))) (ORD-LESSP ALPHA (SUCCESSOR ALPHA))), which simplifies, unfolding the definition of SUCCESSOR, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP (SUCCESSOR ALPHA)))) (ORD-LESSP ALPHA (SUCCESSOR ALPHA))), which simplifies, opening up the definition of SUCCESSOR, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (LISTP (SUCCESSOR ALPHA)) (ORD-LESSP (CAR ALPHA) (CAR (SUCCESSOR ALPHA))) (ORD-LESSP (CAR ALPHA) (SUCCESSOR (CAR ALPHA)))) (ORD-LESSP ALPHA (SUCCESSOR ALPHA))), which simplifies, applying CAR-CONS and IRREFLEX, and unfolding the definition of SUCCESSOR, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (LISTP (SUCCESSOR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CAR (SUCCESSOR ALPHA)))) (ORD-LESSP (CAR ALPHA) (SUCCESSOR (CAR ALPHA))) (ORD-LESSP (CDR ALPHA) (SUCCESSOR (CDR ALPHA)))) (ORD-LESSP ALPHA (SUCCESSOR ALPHA))). This simplifies, rewriting with CAR-CONS, IRREFLEX, and CDR-CONS, and expanding the definitions of SUCCESSOR and ORD-LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] SUCCESSOR-IS-BIGGER (PROVE-LEMMA SUCC-PRESERVES-ORDER (REWRITE) (IMPLIES (ORD-LESSP ALPHA BETA) (ORD-LESSP (SUCCESSOR ALPHA) (SUCCESSOR BETA)))) Name the conjecture *1. We will appeal to induction. The recursive terms in the conjecture suggest four inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA))) (p ALPHA BETA)) (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA)) (p ALPHA BETA)) (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA))) (p ALPHA BETA)) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (p (CAR ALPHA) (CAR BETA))) (p ALPHA BETA)) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (p (CAR ALPHA) (CAR BETA)) (p (CDR ALPHA) (CDR BETA))) (p ALPHA BETA))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for BETA. The above induction scheme produces the following six new formulas: Case 6. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SUCCESSOR ALPHA) (SUCCESSOR BETA))). This simplifies, applying SUB1-ADD1, and expanding ORD-LESSP, SUCCESSOR, and LESSP, to three new conjectures: Case 6.3. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (LESSP ALPHA BETA) (NOT (NUMBERP BETA)) (NOT (NUMBERP ALPHA))) (LESSP 0 0)), which again simplifies, opening up the function LESSP, to: T. Case 6.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (LESSP ALPHA BETA) (NOT (NUMBERP BETA)) (NUMBERP ALPHA)) (LESSP ALPHA 0)), which again simplifies, opening up the function LESSP, to: T. Case 6.1. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (LESSP ALPHA BETA) (NUMBERP BETA) (NOT (NUMBERP ALPHA))) (LESSP 0 BETA)), which again simplifies, using linear arithmetic, to: T. Case 5. (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SUCCESSOR ALPHA) (SUCCESSOR BETA))), which simplifies, unfolding the functions ORD-LESSP and SUCCESSOR, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA)) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SUCCESSOR ALPHA) (SUCCESSOR BETA))), which simplifies, rewriting with NO-CYCLE-ALT, and unfolding ORD-LESSP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (ORD-LESSP (SUCCESSOR (CAR ALPHA)) (SUCCESSOR (CAR BETA))) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SUCCESSOR ALPHA) (SUCCESSOR BETA))). This simplifies, rewriting with CAR-CONS, and expanding the functions ORD-LESSP and SUCCESSOR, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (NOT (ORD-LESSP (CDR ALPHA) (CDR BETA))) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SUCCESSOR ALPHA) (SUCCESSOR BETA))), which simplifies, unfolding the function ORD-LESSP, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORD-LESSP (SUCCESSOR (CDR ALPHA)) (SUCCESSOR (CDR BETA))) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SUCCESSOR ALPHA) (SUCCESSOR BETA))), which simplifies, appealing to the lemmas CDR-CONS, IRREFLEX, and CAR-CONS, and expanding the functions ORD-LESSP and SUCCESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.3 0.0 ] SUCC-PRESERVES-ORDER (PROVE-LEMMA NOTHING-BETWEEN (REWRITE) (NOT (AND (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA (SUCCESSOR ALPHA))))) WARNING: Note that the rewrite rule NOTHING-BETWEEN will be stored so as to apply only to terms with the nonrecursive function symbol AND. Name the conjecture *1. We will appeal to induction. The recursive terms in the conjecture suggest four inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA))) (p BETA ALPHA)) (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA)) (p BETA ALPHA)) (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA))) (p BETA ALPHA)) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (p (CAR BETA) (CAR ALPHA))) (p BETA ALPHA)) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (p (CDR BETA) (CDR ALPHA)) (p (CAR BETA) (CAR ALPHA))) (p BETA ALPHA))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for BETA. The above induction scheme produces the following six new formulas: Case 6. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (ORD-LESSP ALPHA BETA)) (NOT (ORD-LESSP BETA (SUCCESSOR ALPHA)))). This simplifies, applying SUB1-ADD1, and expanding ORD-LESSP, SUCCESSOR, and LESSP, to four new conjectures: Case 6.4. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (LESSP ALPHA BETA)) (NOT (EQUAL BETA 0))), which again simplifies, using linear arithmetic, to: T. Case 6.3. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (LESSP ALPHA BETA)) (NUMBERP BETA)), which again simplifies, opening up LESSP, to: T. Case 6.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (LESSP ALPHA BETA) (NOT (NUMBERP ALPHA))) (NOT (LESSP (SUB1 BETA) 0))), which again simplifies, using linear arithmetic, to: T. Case 6.1. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (LESSP ALPHA BETA) (NUMBERP ALPHA)) (NOT (LESSP (SUB1 BETA) ALPHA))), which again simplifies, using linear arithmetic, to: T. Case 5. (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA) (ORD-LESSP ALPHA BETA)) (NOT (ORD-LESSP BETA (SUCCESSOR ALPHA)))), which simplifies, rewriting with NO-CYCLE-ALT, and opening up ORD-LESSP and SUCCESSOR, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA)) (ORD-LESSP ALPHA BETA)) (NOT (ORD-LESSP BETA (SUCCESSOR ALPHA)))). This simplifies, rewriting with NO-CYCLE-ALT, and unfolding the function ORD-LESSP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (NOT (ORD-LESSP (CAR BETA) (SUCCESSOR (CAR ALPHA)))) (ORD-LESSP ALPHA BETA)) (NOT (ORD-LESSP BETA (SUCCESSOR ALPHA)))), which simplifies, applying CAR-CONS and NO-CYCLE-ALT, and opening up the definitions of ORD-LESSP and SUCCESSOR, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CDR ALPHA) (CDR BETA))) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORD-LESSP ALPHA BETA)) (NOT (ORD-LESSP BETA (SUCCESSOR ALPHA)))). This simplifies, opening up the definition of ORD-LESSP, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CDR BETA) (SUCCESSOR (CDR ALPHA)))) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORD-LESSP ALPHA BETA)) (NOT (ORD-LESSP BETA (SUCCESSOR ALPHA)))). This simplifies, applying the lemmas CDR-CONS, IRREFLEX, and CAR-CONS, and opening up ORD-LESSP and SUCCESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.3 0.0 ] NOTHING-BETWEEN (DEFN PREDECESSOR (ALPHA) (IF (LISTP ALPHA) (CONS (CAR ALPHA) (PREDECESSOR (CDR ALPHA))) (SUB1 ALPHA))) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, PREDECESSOR is accepted under the definitional principle. From the definition we can conclude that: (OR (NUMBERP (PREDECESSOR ALPHA)) (LISTP (PREDECESSOR ALPHA))) is a theorem. [ 0.0 0.0 0.0 ] PREDECESSOR (PROVE-LEMMA PREDECESSOR-SUC (REWRITE) (IMPLIES (ORDINALP ALPHA) (EQUAL (PREDECESSOR (SUCCESSOR ALPHA)) ALPHA))) Give the conjecture the name *1. Let us appeal to the induction principle. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates five new conjectures: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (EQUAL (PREDECESSOR (SUCCESSOR ALPHA)) ALPHA)), which simplifies, expanding the function ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (EQUAL (PREDECESSOR (SUCCESSOR (CDR ALPHA))) (CDR ALPHA)) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (EQUAL (PREDECESSOR (SUCCESSOR ALPHA)) ALPHA)), which simplifies, opening up the function ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (EQUAL (PREDECESSOR (SUCCESSOR (CAR ALPHA))) (CAR ALPHA)) (ORDINALP ALPHA)) (EQUAL (PREDECESSOR (SUCCESSOR ALPHA)) ALPHA)), which simplifies, opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (PREDECESSOR (SUCCESSOR (CDR ALPHA))) (CDR ALPHA)) (EQUAL (PREDECESSOR (SUCCESSOR (CAR ALPHA))) (CAR ALPHA)) (ORDINALP ALPHA)) (EQUAL (PREDECESSOR (SUCCESSOR ALPHA)) ALPHA)), which simplifies, appealing to the lemmas CONS-CAR-CDR, CDR-CONS, and CAR-CONS, and opening up ORDINALP, SUCCESSOR, and PREDECESSOR, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA)) (EQUAL (PREDECESSOR (SUCCESSOR ALPHA)) ALPHA)), which simplifies, applying SUB1-ADD1, and expanding the functions ORDINALP, SUCCESSOR, and PREDECESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] PREDECESSOR-SUC (PROVE-LEMMA SUC-PREDECESSOR (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA))) Give the conjecture the name *1. We will appeal to induction. There are three plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following ten new formulas: Case 10.(IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, opening up ORDINALP, to: T. Case 9. (IMPLIES (AND (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, opening up the definition of ORDINALP, to: T. Case 8. (IMPLIES (AND (LISTP ALPHA) (EQUAL (SUCCESSOR (PREDECESSOR (CDR ALPHA))) (CDR ALPHA)) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, opening up the definition of ORDINALP, to: T. Case 7. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (SUCCESSORP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, opening up the definition of ORDINALP, to: T. Case 6. (IMPLIES (AND (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA))) (NOT (SUCCESSORP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, opening up the definitions of ORDINALP and SUCCESSORP, to: T. Case 5. (IMPLIES (AND (LISTP ALPHA) (EQUAL (SUCCESSOR (PREDECESSOR (CDR ALPHA))) (CDR ALPHA)) (NOT (SUCCESSORP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, appealing to the lemmas CONS-CAR-CDR, CDR-CONS, and CAR-CONS, and opening up the functions ORDINALP, SUCCESSORP, PREDECESSOR, and SUCCESSOR, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (EQUAL (SUCCESSOR (PREDECESSOR (CAR ALPHA))) (CAR ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, opening up the function ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA))) (EQUAL (SUCCESSOR (PREDECESSOR (CAR ALPHA))) (CAR ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, unfolding the functions ORDINALP and SUCCESSORP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (SUCCESSOR (PREDECESSOR (CDR ALPHA))) (CDR ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR (CAR ALPHA))) (CAR ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)). This simplifies, rewriting with CONS-CAR-CDR, CDR-CONS, and CAR-CONS, and opening up ORDINALP, SUCCESSORP, PREDECESSOR, and SUCCESSOR, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (SUCCESSOR (PREDECESSOR ALPHA)) ALPHA)), which simplifies, rewriting with ADD1-SUB1, and expanding the functions ORDINALP, SUCCESSORP, EQUAL, LESSP, PREDECESSOR, and SUCCESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] SUC-PREDECESSOR (PROVE-LEMMA PREDECESSOR-IS-AN-ORDINAL (REWRITE) (IMPLIES (ORDINALP ALPHA) (ORDINALP (PREDECESSOR ALPHA)))) Give the conjecture the name *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following five new conjectures: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (ORDINALP (PREDECESSOR ALPHA))). This simplifies, expanding the function ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (PREDECESSOR (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (ORDINALP (PREDECESSOR ALPHA))). This simplifies, opening up ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP (PREDECESSOR (CAR ALPHA))) (ORDINALP ALPHA)) (ORDINALP (PREDECESSOR ALPHA))). This simplifies, unfolding the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (PREDECESSOR (CDR ALPHA))) (ORDINALP (PREDECESSOR (CAR ALPHA))) (ORDINALP ALPHA)) (ORDINALP (PREDECESSOR ALPHA))). This simplifies, rewriting with CDR-CONS and CAR-CONS, and expanding the functions ORDINALP and PREDECESSOR, to two new goals: Case 2.2. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (PREDECESSOR (CDR ALPHA))) (ORDINALP (PREDECESSOR (CAR ALPHA))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (LISTP (PREDECESSOR (CDR ALPHA)))) (NOT (ORD-LESSP (CAR ALPHA) (CAR (PREDECESSOR (CDR ALPHA)))))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS Z X) to eliminate (CDR ALPHA) and (CAR ALPHA) and X by (CONS V W) to eliminate (CAR X) and (CDR X). This produces the following two new formulas: Case 2.2.2. (IMPLIES (AND (NOT (LISTP X)) (ORDINALP (PREDECESSOR X)) (ORDINALP (PREDECESSOR Z)) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP X) (NOT (ORD-LESSP Z (CAR X))) (LISTP (PREDECESSOR X))) (NOT (ORD-LESSP Z (CAR (PREDECESSOR X))))). However this further simplifies, using linear arithmetic, applying CAR-NLISTP and NO-CYCLE-ALT, and expanding the functions PREDECESSOR, ORDINALP, ORD-LESSP, and LISTP, to: T. Case 2.2.1. (IMPLIES (AND (ORDINALP (PREDECESSOR (CONS V W))) (ORDINALP (PREDECESSOR Z)) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP (CONS V W)) (NOT (ORD-LESSP Z V)) (LISTP (PREDECESSOR (CONS V W)))) (NOT (ORD-LESSP Z (CAR (PREDECESSOR (CONS V W)))))). However this further simplifies, rewriting with CDR-CONS and CAR-CONS, and opening up the definitions of PREDECESSOR and ORDINALP, to: T. Case 2.1. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (PREDECESSOR (CDR ALPHA))) (ORDINALP (PREDECESSOR (CAR ALPHA))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (LISTP (PREDECESSOR (CDR ALPHA)))) (NOT (ORD-LESSP (CAR ALPHA) (CAR (PREDECESSOR (CDR ALPHA)))))). This further simplifies, opening up the definitions of PREDECESSOR and ORDINALP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA)) (ORDINALP (PREDECESSOR ALPHA))), which simplifies, unfolding ORDINALP and PREDECESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.4 0.0 ] PREDECESSOR-IS-AN-ORDINAL (PROVE-LEMMA PREDECESSOR-IS-SMALLER (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA))) Call the conjecture *1. Perhaps we can prove it by induction. Four inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP (PREDECESSOR ALPHA))) (NOT (LISTP ALPHA))) (p ALPHA)) (IMPLIES (AND (NOT (LISTP (PREDECESSOR ALPHA))) (LISTP ALPHA)) (p ALPHA)) (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (NOT (LISTP ALPHA))) (p ALPHA)) (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (p (CAR ALPHA)) (p (CDR ALPHA))) (p ALPHA))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP can be used to prove that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to 15 new goals: Case 15.(IMPLIES (AND (NOT (LISTP (PREDECESSOR ALPHA))) (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)), which simplifies, opening up the definitions of PREDECESSOR, ORDINALP, SUCCESSORP, EQUAL, LESSP, and ORD-LESSP, to the conjecture: (IMPLIES (AND (NOT (LISTP ALPHA)) (NUMBERP ALPHA) (NOT (EQUAL ALPHA 0))) (LESSP (SUB1 ALPHA) ALPHA)). However this again simplifies, using linear arithmetic, to: T. Case 14.(IMPLIES (AND (NOT (LISTP (PREDECESSOR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)), which simplifies, opening up the function PREDECESSOR, to: T. Case 13.(IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)), which simplifies, opening up the definition of PREDECESSOR, to: T. Case 12.(IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA)) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)), which simplifies, applying CAR-CONS and IRREFLEX, and opening up the function PREDECESSOR, to: T. Case 11.(IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA)) (NOT (SUCCESSORP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)). This simplifies, rewriting with CAR-CONS and IRREFLEX, and expanding the definition of PREDECESSOR, to: T. Case 10.(IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA)) (ORD-LESSP (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)), which simplifies, applying CAR-CONS and IRREFLEX, and expanding the definition of PREDECESSOR, to: T. Case 9. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)). This simplifies, applying CAR-CONS and IRREFLEX, and unfolding the definitions of PREDECESSOR and ORDINALP, to: T. Case 8. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (NOT (SUCCESSORP (CAR ALPHA))) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)), which simplifies, applying CAR-CONS and IRREFLEX, and unfolding PREDECESSOR and ORDINALP, to: T. Case 7. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (ORD-LESSP (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)). This simplifies, applying CAR-CONS and IRREFLEX, and opening up the functions PREDECESSOR and ORDINALP, to: T. Case 6. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (NOT (SUCCESSORP (CDR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)), which simplifies, rewriting with CAR-CONS and IRREFLEX, and opening up the definitions of PREDECESSOR and ORDINALP, to: T. Case 5. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (NOT (SUCCESSORP (CAR ALPHA))) (NOT (SUCCESSORP (CDR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)). This simplifies, applying CAR-CONS and IRREFLEX, and opening up the functions PREDECESSOR, ORDINALP, and SUCCESSORP, to: T. Case 4. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (ORD-LESSP (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (NOT (SUCCESSORP (CDR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)), which simplifies, applying CAR-CONS and IRREFLEX, and expanding the definitions of PREDECESSOR, ORDINALP, and SUCCESSORP, to: T. Case 3. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORD-LESSP (PREDECESSOR (CDR ALPHA)) (CDR ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)). This simplifies, applying the lemmas CAR-CONS and IRREFLEX, and expanding the functions PREDECESSOR and ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (NOT (SUCCESSORP (CAR ALPHA))) (ORD-LESSP (PREDECESSOR (CDR ALPHA)) (CDR ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)). This simplifies, appealing to the lemmas CAR-CONS, IRREFLEX, and CDR-CONS, and expanding the functions PREDECESSOR, ORDINALP, SUCCESSORP, and ORD-LESSP, to: T. Case 1. (IMPLIES (AND (LISTP (PREDECESSOR ALPHA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR (PREDECESSOR ALPHA)) (CAR ALPHA))) (ORD-LESSP (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (ORD-LESSP (PREDECESSOR (CDR ALPHA)) (CDR ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PREDECESSOR ALPHA) ALPHA)). This simplifies, rewriting with CAR-CONS, IRREFLEX, and CDR-CONS, and unfolding PREDECESSOR, ORDINALP, SUCCESSORP, and ORD-LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] PREDECESSOR-IS-SMALLER (PROVE-LEMMA PREDECESSOR-OF-0 (REWRITE) (EQUAL (PREDECESSOR 0) 0)) This formula simplifies, unfolding the definitions of PREDECESSOR and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PREDECESSOR-OF-0 (PROVE-LEMMA PREDECESSOR-OF-LIMIT (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LIMITP ALPHA)) (EQUAL (PREDECESSOR ALPHA) ALPHA))) This formula can be simplified, using the abbreviations LIMITP, AND, and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which we will name *1. We will appeal to induction. There are three plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to show that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces 16 new conjectures: Case 16.(IMPLIES (AND (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, opening up the definition of ORDINALP, to: T. Case 15.(IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, unfolding the function ORDINALP, to: T. Case 14.(IMPLIES (AND (SUCCESSORP (CDR ALPHA)) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, opening up the function ORDINALP, to: T. Case 13.(IMPLIES (AND (EQUAL (PREDECESSOR (CDR ALPHA)) (CDR ALPHA)) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, opening up the definition of ORDINALP, to: T. Case 12.(IMPLIES (AND (NOT (ORDINALP (CDR ALPHA))) (NOT (LISTP (CAR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, expanding the function ORDINALP, to: T. Case 11.(IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (NOT (LISTP (CAR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, rewriting with the lemmas CAR-CONS and CDR-CONS, and expanding the definitions of ORDINALP, SUCCESSORP, and PREDECESSOR, to the conjecture: (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (NOT (LISTP (CAR ALPHA))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA)))) (EQUAL (CONS (CAR ALPHA) (PREDECESSOR (CDR ALPHA))) ALPHA)). This further simplifies, applying CAR-CONS and CDR-CONS, and expanding ORDINALP, LESSP, EQUAL, SUCCESSORP, and PREDECESSOR, to: T. Case 10.(IMPLIES (AND (SUCCESSORP (CDR ALPHA)) (NOT (LISTP (CAR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)). This simplifies, expanding the definitions of ORDINALP, ORD-LESSP, and SUCCESSORP, to: T. Case 9. (IMPLIES (AND (EQUAL (PREDECESSOR (CDR ALPHA)) (CDR ALPHA)) (NOT (LISTP (CAR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)). This simplifies, rewriting with CONS-CAR-CDR, and unfolding the definitions of ORDINALP, ORD-LESSP, SUCCESSORP, and PREDECESSOR, to: T. Case 8. (IMPLIES (AND (NOT (ORDINALP (CDR ALPHA))) (SUCCESSORP (CAR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, opening up the definition of ORDINALP, to: T. Case 7. (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (SUCCESSORP (CAR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, applying CAR-CONS and CDR-CONS, and unfolding ORDINALP, SUCCESSORP, and PREDECESSOR, to: (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (SUCCESSORP (CAR ALPHA)) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA)))) (EQUAL (CONS (CAR ALPHA) (PREDECESSOR (CDR ALPHA))) ALPHA)), which further simplifies, applying the lemmas CAR-CONS and CDR-CONS, and expanding the definitions of ORDINALP, LESSP, EQUAL, SUCCESSORP, and PREDECESSOR, to: T. Case 6. (IMPLIES (AND (SUCCESSORP (CDR ALPHA)) (SUCCESSORP (CAR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, unfolding the functions ORDINALP and SUCCESSORP, to: T. Case 5. (IMPLIES (AND (EQUAL (PREDECESSOR (CDR ALPHA)) (CDR ALPHA)) (SUCCESSORP (CAR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, applying the lemma CONS-CAR-CDR, and opening up the functions ORDINALP, SUCCESSORP, and PREDECESSOR, to: T. Case 4. (IMPLIES (AND (NOT (ORDINALP (CDR ALPHA))) (EQUAL (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, opening up the function ORDINALP, to: T. Case 3. (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (EQUAL (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)), which simplifies, rewriting with CAR-CONS and CDR-CONS, and unfolding ORDINALP, SUCCESSORP, and PREDECESSOR, to the new formula: (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (EQUAL (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA)))) (EQUAL (CONS (CAR ALPHA) (PREDECESSOR (CDR ALPHA))) ALPHA)), which further simplifies, applying CAR-CONS and CDR-CONS, and unfolding the functions ORDINALP, LESSP, EQUAL, SUCCESSORP, and PREDECESSOR, to: T. Case 2. (IMPLIES (AND (SUCCESSORP (CDR ALPHA)) (EQUAL (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)). This simplifies, opening up ORDINALP and SUCCESSORP, to: T. Case 1. (IMPLIES (AND (EQUAL (PREDECESSOR (CDR ALPHA)) (CDR ALPHA)) (EQUAL (PREDECESSOR (CAR ALPHA)) (CAR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (EQUAL (PREDECESSOR ALPHA) ALPHA)). This simplifies, appealing to the lemma CONS-CAR-CDR, and unfolding ORDINALP, SUCCESSORP, and PREDECESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.3 ] PREDECESSOR-OF-LIMIT (DEFN ORD-LEQ (ALPHA BETA) (NOT (ORD-LESSP BETA ALPHA))) Note that (OR (FALSEP (ORD-LEQ ALPHA BETA)) (TRUEP (ORD-LEQ ALPHA BETA))) is a theorem. [ 0.0 0.0 0.0 ] ORD-LEQ (PROVE-LEMMA LEQ-AS-AN-OR (REWRITE) (IMPLIES (AND (ORDINALP RHO) (ORDINALP SIGMA) (ORD-LEQ RHO SIGMA)) (OR (ORD-LESSP RHO SIGMA) (EQUAL RHO SIGMA))) ((DO-NOT-INDUCT T) (USE (TRICHOTOMY (SIGMA RHO) (TAU SIGMA))) (DISABLE ORD-LESSP))) WARNING: Note that the rewrite rule LEQ-AS-AN-OR will be stored so as to apply only to terms with the nonrecursive function symbol OR. This conjecture can be simplified, using the abbreviations OR, ORD-LEQ, AND, and IMPLIES, to the formula: (IMPLIES (AND (IMPLIES (AND (ORDINALP RHO) (ORDINALP SIGMA)) (OR (EQUAL RHO SIGMA) (ORD-LESSP RHO SIGMA) (ORD-LESSP SIGMA RHO))) (ORDINALP RHO) (ORDINALP SIGMA) (NOT (ORD-LESSP SIGMA RHO)) (NOT (ORD-LESSP RHO SIGMA))) (EQUAL RHO SIGMA)). This simplifies, opening up AND, OR, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LEQ-AS-AN-OR (PROVE-LEMMA LEQ-0 (REWRITE) (IMPLIES (AND (ORDINALP DELTA) (ORD-LEQ DELTA 0)) (EQUAL (EQUAL DELTA 0) T))) This formula can be simplified, using the abbreviations ORD-LEQ, AND, and IMPLIES, to the new conjecture: (IMPLIES (AND (ORDINALP DELTA) (NOT (ORD-LESSP 0 DELTA))) (EQUAL (EQUAL DELTA 0) T)), which simplifies, expanding LESSP, EQUAL, LISTP, and ORD-LESSP, to the goal: (IMPLIES (AND (ORDINALP DELTA) (NOT (LISTP DELTA))) (NUMBERP DELTA)). However this again simplifies, opening up the definition of ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LEQ-0 (PROVE-LEMMA CARS-GO-DOWN (REWRITE) (IMPLIES (ORDINALP BETA) (ORD-LEQ (CADR BETA) (CAR BETA)))) WARNING: Note that the rewrite rule CARS-GO-DOWN will be stored so as to apply only to terms with the nonrecursive function symbol ORD-LEQ. This conjecture can be simplified, using the abbreviations ORD-LEQ and IMPLIES, to: (IMPLIES (ORDINALP BETA) (NOT (ORD-LESSP (CAR BETA) (CADR BETA)))). This simplifies, applying CAR-NLISTP and CDR-NLISTP, and unfolding the functions ORDINALP, CAR, ORD-LESSP, LESSP, EQUAL, and LISTP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CARS-GO-DOWN (PROVE-LEMMA ORD-LEQ-IS-TRANSITIVE (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP GAMMA) (ORD-LEQ ALPHA BETA) (ORD-LEQ BETA GAMMA)) (ORD-LEQ ALPHA GAMMA))) WARNING: Note that the rewrite rule ORD-LEQ-IS-TRANSITIVE will be stored so as to apply only to terms with the nonrecursive function symbol ORD-LEQ. WARNING: Note that ORD-LEQ-IS-TRANSITIVE contains the free variable BETA which will be chosen by instantiating the hypothesis (ORDINALP BETA). This conjecture can be simplified, using the abbreviations ORD-LEQ, AND, and IMPLIES, to the formula: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP GAMMA) (NOT (ORD-LESSP BETA ALPHA)) (NOT (ORD-LESSP GAMMA BETA))) (NOT (ORD-LESSP GAMMA ALPHA))). This simplifies, rewriting with TRANSITIVITY-ALT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ORD-LEQ-IS-TRANSITIVE (PROVE-LEMMA ORD-LEQ-ZERO (REWRITE) (IMPLIES (AND (ORDINALP DELTA) (ORD-LEQ DELTA 0)) (EQUAL (EQUAL DELTA 0) T))) WARNING: the previously added lemma, LEQ-0, could be applied whenever the newly proposed ORD-LEQ-ZERO could! This formula can be simplified, using the abbreviations ORD-LEQ, AND, and IMPLIES, to the new conjecture: (IMPLIES (AND (ORDINALP DELTA) (NOT (ORD-LESSP 0 DELTA))) (EQUAL (EQUAL DELTA 0) T)), which simplifies, expanding LESSP, EQUAL, LISTP, and ORD-LESSP, to the goal: (IMPLIES (AND (ORDINALP DELTA) (NOT (LISTP DELTA))) (NUMBERP DELTA)). However this again simplifies, opening up the definition of ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ORD-LEQ-ZERO (PROVE-LEMMA CARS-ARE-ORDINALS (REWRITE) (IMPLIES (ORDINALP ALPHA) (ORDINALP (CAR ALPHA)))) This formula simplifies, rewriting with CAR-NLISTP, and expanding the function ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CARS-ARE-ORDINALS (PROVE-LEMMA CDRS-ARE-ORDINALS (REWRITE) (IMPLIES (ORDINALP ALPHA) (ORDINALP (CDR ALPHA)))) This formula simplifies, rewriting with CDR-NLISTP, and expanding the function ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDRS-ARE-ORDINALS (DEFN BAD-FOR-CDRS-ARE-SMALLER (ALPHA) (AND (ORDINALP ALPHA) (LISTP ALPHA) (NOT (ORD-LESSP (CDR ALPHA) ALPHA)))) Note that: (OR (FALSEP (BAD-FOR-CDRS-ARE-SMALLER ALPHA)) (TRUEP (BAD-FOR-CDRS-ARE-SMALLER ALPHA))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-CDRS-ARE-SMALLER (PROVE-LEMMA CDRS-ARE-SMALLER-AUX1 (REWRITE) (IMPLIES (NLISTP ALPHA) (NOT (BAD-FOR-CDRS-ARE-SMALLER ALPHA)))) WARNING: Note that the rewrite rule CDRS-ARE-SMALLER-AUX1 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-CDRS-ARE-SMALLER. This formula can be simplified, using the abbreviations BAD-FOR-CDRS-ARE-SMALLER, NOT, NLISTP, and IMPLIES, to: T, which simplifies, trivially, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX1 (PROVE-LEMMA CDRS-ARE-SMALLER-AUX2 (REWRITE) (IMPLIES (NLISTP (CDR ALPHA)) (NOT (BAD-FOR-CDRS-ARE-SMALLER ALPHA)))) WARNING: Note that the rewrite rule CDRS-ARE-SMALLER-AUX2 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-CDRS-ARE-SMALLER. This formula can be simplified, using the abbreviations BAD-FOR-CDRS-ARE-SMALLER, NOT, NLISTP, and IMPLIES, to the new conjecture: (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (ORDINALP ALPHA) (LISTP ALPHA)) (ORD-LESSP (CDR ALPHA) ALPHA)), which simplifies, opening up ORD-LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX2 (PROVE-LEMMA CDRS-ARE-SMALLER-AUX3 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LISTP (CDR ALPHA)) (EQUAL (CAR ALPHA) (CADR ALPHA)) (ORD-LESSP (CDDR ALPHA) (CDR ALPHA))) (ORD-LESSP (CDR ALPHA) ALPHA))) This conjecture simplifies, rewriting with IRREFLEX, CDR-NLISTP, NO-CYCLE-ALT, CDRS-ARE-ORDINALS, and TRANSITIVITY-ALT, and opening up ORDINALP, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.7 0.0 ] CDRS-ARE-SMALLER-AUX3 (PROVE-LEMMA CDRS-ARE-SMALLER-AUX4 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LISTP (CDR ALPHA)) (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORD-LESSP (CDR ALPHA) ALPHA))) This simplifies, rewriting with CDR-NLISTP, and expanding the functions ORDINALP and LISTP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX4 (PROVE-LEMMA CDRS-ARE-SMALLER-AUX5 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LISTP (CDR ALPHA))) (OR (EQUAL (CAR ALPHA) (CADR ALPHA)) (ORD-LESSP (CADR ALPHA) (CAR ALPHA)))) ((DO-NOT-INDUCT T) (USE (TRICHOTOMY (SIGMA (CAR ALPHA)) (TAU (CADR ALPHA)))))) WARNING: Note that the rewrite rule CDRS-ARE-SMALLER-AUX5 will be stored so as to apply only to terms with the nonrecursive function symbol OR. This simplifies, appealing to the lemmas CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, and CDR-NLISTP, and unfolding the definitions of AND, OR, IMPLIES, ORDINALP, and LISTP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] CDRS-ARE-SMALLER-AUX5 (DISABLE CDRS-ARE-SMALLER-AUX3) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX3-OFF (DISABLE CDRS-ARE-SMALLER-AUX4) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX4-OFF (DISABLE CDRS-ARE-SMALLER-AUX5) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX5-OFF (PROVE-LEMMA CDRS-ARE-SMALLER-AUX6 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LISTP (CDR ALPHA)) (ORD-LESSP (CDDR ALPHA) (CDR ALPHA))) (ORD-LESSP (CDR ALPHA) ALPHA)) ((DO-NOT-INDUCT T) (USE (CDRS-ARE-SMALLER-AUX3 (ALPHA ALPHA)) (CDRS-ARE-SMALLER-AUX4 (ALPHA ALPHA)) (CDRS-ARE-SMALLER-AUX5 (ALPHA ALPHA))) (DISABLE ORDINALP LISTP))) This conjecture simplifies, rewriting with IRREFLEX and NO-CYCLE-ALT, and opening up AND, ORD-LESSP, IMPLIES, and OR, to the new conjecture: (IMPLIES (AND (NOT (EQUAL (CAR ALPHA) (CADR ALPHA))) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORD-LESSP (CADR ALPHA) (CAR ALPHA)) (ORDINALP ALPHA) (LISTP (CDR ALPHA)) (ORD-LESSP (CDDR ALPHA) (CDR ALPHA))) (LISTP ALPHA)), which again simplifies, rewriting with the lemmas CAR-NLISTP and CDR-NLISTP, and unfolding the definitions of CAR and EQUAL, to: T. Q.E.D. [ 0.0 0.4 0.0 ] CDRS-ARE-SMALLER-AUX6 (PROVE-LEMMA CDRS-ARE-SMALLER-AUX7 (REWRITE) (IMPLIES (AND (LISTP (CDR ALPHA)) (BAD-FOR-CDRS-ARE-SMALLER ALPHA)) (BAD-FOR-CDRS-ARE-SMALLER (CDR ALPHA)))) WARNING: Note that the rewrite rule CDRS-ARE-SMALLER-AUX7 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-CDRS-ARE-SMALLER. This conjecture can be simplified, using the abbreviations BAD-FOR-CDRS-ARE-SMALLER, AND, and IMPLIES, to: (IMPLIES (AND (LISTP (CDR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (ORD-LESSP (CDR ALPHA) ALPHA))) (BAD-FOR-CDRS-ARE-SMALLER (CDR ALPHA))). This simplifies, applying CDRS-ARE-ORDINALS, and unfolding the definition of BAD-FOR-CDRS-ARE-SMALLER, to the goal: (IMPLIES (AND (LISTP (CDR ALPHA)) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (ORD-LESSP (CDR ALPHA) ALPHA))) (NOT (ORD-LESSP (CDDR ALPHA) (CDR ALPHA)))). This again simplifies, rewriting with CDRS-ARE-SMALLER-AUX6, to: T. Q.E.D. [ 0.0 0.1 0.0 ] CDRS-ARE-SMALLER-AUX7 (DISABLE CDRS-ARE-SMALLER-AUX2) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX2-OFF (PROVE-LEMMA CDRS-ARE-SMALLER-AUX8 (REWRITE) (IMPLIES (BAD-FOR-CDRS-ARE-SMALLER ALPHA) (BAD-FOR-CDRS-ARE-SMALLER (CDR ALPHA))) ((DO-NOT-INDUCT T) (USE (CDRS-ARE-SMALLER-AUX7 (ALPHA ALPHA)) (CDRS-ARE-SMALLER-AUX2 (ALPHA ALPHA))) (DISABLE BAD-FOR-CDRS-ARE-SMALLER))) WARNING: Note that the rewrite rule CDRS-ARE-SMALLER-AUX8 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-CDRS-ARE-SMALLER. WARNING: the newly proposed lemma, CDRS-ARE-SMALLER-AUX8, could be applied whenever the previously added lemma CDRS-ARE-SMALLER-AUX7 could. This formula simplifies, expanding the definitions of AND, IMPLIES, NLISTP, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX8 (PROVE-LEMMA CDRS-ARE-SMALLER-AUX9 (REWRITE) (NOT (BAD-FOR-CDRS-ARE-SMALLER ALPHA)) ((INDUCT (SUCCESSOR ALPHA)) (DISABLE BAD-FOR-CDRS-ARE-SMALLER))) WARNING: Note that the rewrite rule CDRS-ARE-SMALLER-AUX9 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-CDRS-ARE-SMALLER. WARNING: the newly proposed lemma, CDRS-ARE-SMALLER-AUX9, could be applied whenever the previously added lemma CDRS-ARE-SMALLER-AUX1 could. This conjecture can be simplified, using the abbreviations NOT, OR, and AND, to two new formulas: Case 2. (IMPLIES (AND (LISTP ALPHA) (NOT (BAD-FOR-CDRS-ARE-SMALLER (CDR ALPHA)))) (NOT (BAD-FOR-CDRS-ARE-SMALLER ALPHA))), which simplifies, applying CDRS-ARE-SMALLER-AUX8, to: T. Case 1. (IMPLIES (NOT (LISTP ALPHA)) (NOT (BAD-FOR-CDRS-ARE-SMALLER ALPHA))). This simplifies, rewriting with the lemma CDRS-ARE-SMALLER-AUX1, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX9 (DISABLE CDRS-ARE-SMALLER-AUX1) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX1-OFF (DISABLE CDRS-ARE-SMALLER-AUX6) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX6-OFF (DISABLE CDRS-ARE-SMALLER-AUX7) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX7-OFF (DISABLE CDRS-ARE-SMALLER-AUX8) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX8-OFF (DISABLE CDRS-ARE-SMALLER-AUX9) [ 0.0 0.0 0.0 ] CDRS-ARE-SMALLER-AUX9-OFF (PROVE-LEMMA CDRS-ARE-SMALLER (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LISTP ALPHA)) (ORD-LESSP (CDR ALPHA) ALPHA)) ((USE (CDRS-ARE-SMALLER-AUX9 (ALPHA ALPHA))))) This formula simplifies, applying the lemmas CARS-ARE-ORDINALS and CDRS-ARE-ORDINALS, and unfolding ORDINALP, BAD-FOR-CDRS-ARE-SMALLER, and EQUAL, to: T. Q.E.D. [ 0.0 0.1 0.0 ] CDRS-ARE-SMALLER (DISABLE BAD-FOR-CDRS-ARE-SMALLER) [ 0.0 0.0 0.0 ] BAD-FOR-CDRS-ARE-SMALLER-OFF (PROVE-LEMMA CARS-OF-SMALLER-ORDINALS (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP ALPHA BETA)) (OR (ORD-LESSP (CAR ALPHA) (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA))))) WARNING: Note that the rewrite rule CARS-OF-SMALLER-ORDINALS will be stored so as to apply only to terms with the nonrecursive function symbol OR. This conjecture simplifies, applying CAR-NLISTP, and unfolding the definitions of ORD-LESSP, LESSP, EQUAL, and LISTP, to two new goals: Case 2. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (NOT (LISTP ALPHA)) (LESSP ALPHA BETA) (NOT (LISTP (CAR BETA)))) (NUMBERP (CAR BETA))), which again simplifies, unfolding ORDINALP, to: (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP BETA) (LESSP ALPHA BETA) (NOT (LISTP (CAR BETA)))) (NUMBERP (CAR BETA))). Appealing to the lemma CAR-CDR-ELIM, we now replace BETA by (CONS X Z) to eliminate (CAR BETA) and (CDR BETA). We must thus prove two new conjectures: Case 2.2. (IMPLIES (AND (NOT (LISTP BETA)) (NUMBERP ALPHA) (ORDINALP BETA) (LESSP ALPHA BETA) (NOT (LISTP (CAR BETA)))) (NUMBERP (CAR BETA))), which further simplifies, applying CAR-NLISTP, and expanding ORDINALP, LISTP, and NUMBERP, to: T. Case 2.1. (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP (CONS X Z)) (LESSP ALPHA (CONS X Z)) (NOT (LISTP X))) (NUMBERP X)). This further simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (NOT (LISTP ALPHA)) (LISTP BETA) (NOT (LISTP (CAR BETA)))) (NUMBERP (CAR BETA))), which again simplifies, opening up the definition of ORDINALP, to: (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP BETA) (LISTP BETA) (NOT (LISTP (CAR BETA)))) (NUMBERP (CAR BETA))). Appealing to the lemma CAR-CDR-ELIM, we now replace BETA by (CONS X Z) to eliminate (CAR BETA) and (CDR BETA). This generates: (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP (CONS X Z)) (NOT (LISTP X))) (NUMBERP X)). This further simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and expanding ORD-LESSP, LESSP, and ORDINALP, to: T. Q.E.D. [ 0.0 0.2 0.0 ] CARS-OF-SMALLER-ORDINALS (PROVE-LEMMA LIMIT-NOT-SUCC (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (LIMITP ALPHA)) (NOT (EQUAL (SUCCESSOR DELTA) ALPHA)))) This conjecture can be simplified, using the abbreviations NOT, LIMITP, AND, and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (NOT (EQUAL (SUCCESSOR DELTA) ALPHA))). This simplifies, applying SUCCESSOR-IS-AN-ORDINAL and SUCCESSOR-IS-A-SUCCESSOR, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LIMIT-NOT-SUCC (PROVE-LEMMA SUCC-BELOW-LIMIT (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (ORD-LESSP DELTA ALPHA) (LIMITP ALPHA)) (ORD-LESSP (SUCCESSOR DELTA) ALPHA)) ((DO-NOT-INDUCT T) (USE (NOTHING-BETWEEN (ALPHA DELTA) (BETA ALPHA)) (TRICHOTOMY (SIGMA ALPHA) (TAU (SUCCESSOR DELTA)))))) This formula can be simplified, using the abbreviations LIMITP, IMPLIES, NOT, and AND, to the new goal: (IMPLIES (AND (NOT (AND (ORD-LESSP DELTA ALPHA) (ORD-LESSP ALPHA (SUCCESSOR DELTA)))) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP (SUCCESSOR DELTA))) (OR (EQUAL ALPHA (SUCCESSOR DELTA)) (ORD-LESSP ALPHA (SUCCESSOR DELTA)) (ORD-LESSP (SUCCESSOR DELTA) ALPHA))) (ORDINALP ALPHA) (ORDINALP DELTA) (ORD-LESSP DELTA ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (ORD-LESSP (SUCCESSOR DELTA) ALPHA)), which simplifies, appealing to the lemmas NO-CYCLE-ALT, TRANSITIVITY-ALT, CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, SUCCESSOR-IS-AN-ORDINAL, and LIMIT-NOT-SUCC, and expanding AND, ORDINALP, LIMITP, OR, IMPLIES, and EQUAL, to: T. Q.E.D. [ 0.0 0.1 0.0 ] SUCC-BELOW-LIMIT (PROVE-LEMMA IRREFLEX-OF-ORD-LEQ (REWRITE) (IMPLIES (AND (ORDINALP SIGMA) (ORDINALP TAU) (ORD-LEQ SIGMA TAU) (ORD-LEQ TAU SIGMA)) (EQUAL (EQUAL SIGMA TAU) T)) ((DO-NOT-INDUCT T) (USE (TRICHOTOMY (SIGMA SIGMA) (TAU TAU))) (DISABLE TRANSITIVITY-ALT NO-CYCLE-ALT ORD-LEQ-ZERO))) This formula can be simplified, using the abbreviations ORD-LEQ, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP SIGMA) (ORDINALP TAU)) (OR (EQUAL SIGMA TAU) (ORD-LESSP SIGMA TAU) (ORD-LESSP TAU SIGMA))) (ORDINALP SIGMA) (ORDINALP TAU) (NOT (ORD-LESSP TAU SIGMA)) (NOT (ORD-LESSP SIGMA TAU))) (EQUAL (EQUAL SIGMA TAU) T)), which simplifies, rewriting with CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and unfolding the definitions of ORDINALP, AND, OR, IMPLIES, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] IRREFLEX-OF-ORD-LEQ (PROVE-LEMMA TRANSITIVITY-ALT2 NIL (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP GAMMA) (ORD-LESSP ALPHA BETA) (ORD-LEQ BETA GAMMA)) (ORD-LESSP ALPHA GAMMA)) ((DO-NOT-INDUCT T) (USE (TRICHOTOMY (SIGMA BETA) (TAU GAMMA))) (DISABLE IRREFLEX-OF-ORD-LEQ TRANSITIVITY-ALT NO-CYCLE-ALT ORD-LEQ-ZERO))) This formula can be simplified, using the abbreviations ORD-LEQ, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP BETA) (ORDINALP GAMMA)) (OR (EQUAL BETA GAMMA) (ORD-LESSP BETA GAMMA) (ORD-LESSP GAMMA BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP GAMMA) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP GAMMA BETA))) (ORD-LESSP ALPHA GAMMA)), which simplifies, rewriting with CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, IRREFLEX, and TRANSITIVITY, and unfolding the definitions of ORDINALP, AND, OR, IMPLIES, EQUAL, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] TRANSITIVITY-ALT2 (DEFN NUMBER-PART (ALPHA) (IF (NLISTP ALPHA) ALPHA (NUMBER-PART (CDR ALPHA)))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, NUMBER-PART is accepted under the principle of definition. [ 0.0 0.0 0.0 ] NUMBER-PART (PROVE-LEMMA NUMBER-PART-IS-A-NUMBER (REWRITE) (IMPLIES (ORDINALP ALPHA) (NUMBERP (NUMBER-PART ALPHA)))) Give the conjecture the name *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CAR ALPHA)) (p (CDR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following five new conjectures: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CAR ALPHA))) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA)) (NUMBERP (NUMBER-PART ALPHA))). This simplifies, expanding the function ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (NUMBERP (NUMBER-PART (CAR ALPHA))) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA)) (NUMBERP (NUMBER-PART ALPHA))). This simplifies, opening up ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CAR ALPHA))) (NUMBERP (NUMBER-PART (CDR ALPHA))) (ORDINALP ALPHA)) (NUMBERP (NUMBER-PART ALPHA))). This simplifies, unfolding the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (NUMBERP (NUMBER-PART (CAR ALPHA))) (NUMBERP (NUMBER-PART (CDR ALPHA))) (ORDINALP ALPHA)) (NUMBERP (NUMBER-PART ALPHA))). This simplifies, unfolding the definitions of ORDINALP and NUMBER-PART, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA)) (NUMBERP (NUMBER-PART ALPHA))). This simplifies, opening up the functions ORDINALP and NUMBER-PART, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NUMBER-PART-IS-A-NUMBER (DEFN POS-MULT (DELTA ALPHA) (IF (NLISTP ALPHA) 0 (IF (EQUAL DELTA (CAR ALPHA)) (ADD1 (POS-MULT DELTA (CDR ALPHA))) (POS-MULT DELTA (CDR ALPHA))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, POS-MULT is accepted under the principle of definition. From the definition we can conclude that (NUMBERP (POS-MULT DELTA ALPHA)) is a theorem. [ 0.0 0.0 0.0 ] POS-MULT (PROVE-LEMMA POS-MULT-IS-A-NUMBER (REWRITE) (NUMBERP (POS-MULT DELTA ALPHA))) This conjecture simplifies, trivially, to: T. Q.E.D. [ 0.0 0.0 0.0 ] POS-MULT-IS-A-NUMBER (DEFN MULT (DELTA ALPHA) (IF (EQUAL DELTA 0) (NUMBER-PART ALPHA) (POS-MULT DELTA ALPHA))) [ 0.0 0.0 0.0 ] MULT (PROVE-LEMMA MULT-IS-A-NUMBER (REWRITE) (IMPLIES (ORDINALP ALPHA) (NUMBERP (MULT DELTA ALPHA)))) This simplifies, unfolding MULT, to: (IMPLIES (AND (ORDINALP ALPHA) (EQUAL DELTA 0)) (NUMBERP (NUMBER-PART ALPHA))). This again simplifies, rewriting with NUMBER-PART-IS-A-NUMBER, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MULT-IS-A-NUMBER (PROVE-LEMMA MULT-IN-A-NUMBER (REWRITE) (IMPLIES (AND (NUMBERP ALPHA) (NOT (EQUAL DELTA 0))) (EQUAL (MULT DELTA ALPHA) 0))) WARNING: Note that the rewrite rule MULT-IN-A-NUMBER will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This formula simplifies, opening up POS-MULT, MULT, and EQUAL, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MULT-IN-A-NUMBER (DEFN BAD-FOR-BOUND-ON-MULT (DELTA ALPHA) (AND (ORDINALP ALPHA) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL (MULT DELTA ALPHA) 0)))) From the definition we can conclude that: (OR (FALSEP (BAD-FOR-BOUND-ON-MULT DELTA ALPHA)) (TRUEP (BAD-FOR-BOUND-ON-MULT DELTA ALPHA))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-BOUND-ON-MULT (PROVE-LEMMA BOUND-ON-MULT-AUX1 (REWRITE) (IMPLIES (NLISTP ALPHA) (NOT (BAD-FOR-BOUND-ON-MULT DELTA ALPHA)))) WARNING: Note that the rewrite rule BOUND-ON-MULT-AUX1 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-BOUND-ON-MULT. This conjecture can be simplified, using the abbreviations BAD-FOR-BOUND-ON-MULT, NOT, NLISTP, and IMPLIES, to: (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA)) (EQUAL (MULT DELTA ALPHA) 0)). This simplifies, rewriting with CAR-NLISTP and MULT-IN-A-NUMBER, and expanding ORDINALP, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] BOUND-ON-MULT-AUX1 (PROVE-LEMMA BOUND-ON-MULT-AUX2 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (ORDINALP ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))))) This simplifies, rewriting with CAR-NLISTP, and opening up ORDINALP, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.2 0.0 ] BOUND-ON-MULT-AUX2 (PROVE-LEMMA BOUND-ON-MULT-AUX3 (REWRITE) (IMPLIES (ORDINALP ALPHA) (ORDINALP (CAR ALPHA)))) WARNING: the previously added lemma, CARS-ARE-ORDINALS, could be applied whenever the newly proposed BOUND-ON-MULT-AUX3 could! This formula simplifies, rewriting with CAR-NLISTP, and expanding the function ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX3 (PROVE-LEMMA BOUND-ON-MULT-AUX4 (REWRITE) (IMPLIES (ORDINALP ALPHA) (ORDINALP (CADR ALPHA)))) This conjecture simplifies, appealing to the lemmas CDRS-ARE-ORDINALS and BOUND-ON-MULT-AUX3, to: T. Q.E.D. [ 0.0 0.3 0.0 ] BOUND-ON-MULT-AUX4 (PROVE-LEMMA BOUND-ON-MULT-AUX5 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (ORDINALP ALPHA) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA)) (ORD-LESSP (CADR ALPHA) DELTA)) ((DO-NOT-INDUCT T) (USE (TRANSITIVITY-ALT (ALPHA (CADR ALPHA)) (BETA (CAR ALPHA)) (GAMMA DELTA))) (DISABLE TRANSITIVITY-ALT ORDINALP ORD-LESSP))) This conjecture simplifies, rewriting with BOUND-ON-MULT-AUX4, BOUND-ON-MULT-AUX3, and BOUND-ON-MULT-AUX2, and unfolding the functions NOT, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX5 (PROVE-LEMMA BOUND-ON-MULT-AUX6 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (BAD-FOR-BOUND-ON-MULT DELTA ALPHA)) (BAD-FOR-BOUND-ON-MULT DELTA (CDR ALPHA))) ((DISABLE ORD-LEQ TRANSITIVITY-ALT NO-CYCLE-ALT))) WARNING: Note that the rewrite rule BOUND-ON-MULT-AUX6 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-BOUND-ON-MULT. This conjecture can be simplified, using the abbreviations BAD-FOR-BOUND-ON-MULT, AND, and IMPLIES, to: (IMPLIES (AND (LISTP ALPHA) (ORDINALP ALPHA) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL (MULT DELTA ALPHA) 0))) (BAD-FOR-BOUND-ON-MULT DELTA (CDR ALPHA))). This simplifies, applying BOUND-ON-MULT-AUX3, CDRS-ARE-ORDINALS, BOUND-ON-MULT-AUX2, BOUND-ON-MULT-AUX5, and BOUND-ON-MULT-AUX1, and unfolding the definitions of ORDINALP, POS-MULT, NUMBER-PART, MULT, BAD-FOR-BOUND-ON-MULT, ORD-LESSP, LISTP, EQUAL, LESSP, and ADD1, to 11 new formulas: Case 11.(IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0)) (EQUAL DELTA (CAR ALPHA)) (NOT (EQUAL (ADD1 (POS-MULT DELTA (CDR ALPHA))) 0)) (NOT (LISTP (CDR ALPHA)))) (NUMBERP (CDR ALPHA))), which again simplifies, applying BOUND-ON-MULT-AUX3, and opening up ORDINALP, to: T. Case 10.(IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0)) (EQUAL DELTA (CAR ALPHA)) (NOT (EQUAL (ADD1 (POS-MULT DELTA (CDR ALPHA))) 0)) (LISTP (CDR ALPHA))) (NOT (EQUAL (CADR ALPHA) 0))). However this again simplifies, rewriting with the lemma BOUND-ON-MULT-AUX3, and expanding the definitions of ORDINALP, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 9. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0)) (EQUAL DELTA (CAR ALPHA)) (NOT (EQUAL (ADD1 (POS-MULT DELTA (CDR ALPHA))) 0)) (NOT (LISTP DELTA))) (NUMBERP DELTA)), which again simplifies, expanding the function ORDINALP, to: T. Case 8. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0)) (EQUAL DELTA (CAR ALPHA)) (NOT (EQUAL (ADD1 (POS-MULT DELTA (CDR ALPHA))) 0)) (LISTP DELTA)) (NOT (EQUAL (CAR DELTA) 0))), which again simplifies, applying BOUND-ON-MULT-AUX3, and unfolding the functions ORDINALP and EQUAL, to: T. Case 7. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0)) (EQUAL DELTA (CAR ALPHA)) (NOT (EQUAL (ADD1 (POS-MULT DELTA (CDR ALPHA))) 0))) (ORD-LESSP (CADR ALPHA) DELTA)). But this again simplifies, rewriting with BOUND-ON-MULT-AUX3 and IRREFLEX, and opening up the definition of ORDINALP, to: T. Case 6. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0)) (EQUAL DELTA (CAR ALPHA)) (NOT (EQUAL (ADD1 (POS-MULT DELTA (CDR ALPHA))) 0))) (NOT (EQUAL (POS-MULT DELTA (CDR ALPHA)) 0))). However this again simplifies, rewriting with the lemmas BOUND-ON-MULT-AUX3 and IRREFLEX, and expanding the definition of ORDINALP, to: T. Case 5. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0)) (NOT (EQUAL DELTA (CAR ALPHA))) (NOT (EQUAL (POS-MULT DELTA (CDR ALPHA)) 0)) (NOT (LISTP DELTA))) (NUMBERP DELTA)), which again simplifies, opening up the definition of ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0)) (NOT (EQUAL DELTA (CAR ALPHA))) (NOT (EQUAL (POS-MULT DELTA (CDR ALPHA)) 0)) (LISTP DELTA)) (NOT (EQUAL (CAR DELTA) 0))), which again simplifies, unfolding EQUAL and ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (EQUAL DELTA 0)) (EQUAL (NUMBER-PART (CDR ALPHA)) 0)), which again simplifies, unfolding the functions ORDINALP, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (NOT (EQUAL DELTA 0))) (NOT (EQUAL DELTA (CAR ALPHA)))), which again simplifies, applying BOUND-ON-MULT-AUX3 and IRREFLEX, and unfolding ORDINALP, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA) (EQUAL DELTA 0)) (EQUAL (CDR ALPHA) 0)). But this again simplifies, unfolding the definitions of ORDINALP, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.5 0.0 ] BOUND-ON-MULT-AUX6 (DEFN BOUND-ON-MULT-KLUDGE (ALPHA) (IF (NLISTP ALPHA) 0 (BOUND-ON-MULT-KLUDGE (CDR ALPHA)))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to prove that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, BOUND-ON-MULT-KLUDGE is accepted under the definitional principle. Note that (NUMBERP (BOUND-ON-MULT-KLUDGE ALPHA)) is a theorem. [ 0.0 0.0 0.0 ] BOUND-ON-MULT-KLUDGE (PROVE-LEMMA BOUND-ON-MULT-AUX7 NIL (NOT (BAD-FOR-BOUND-ON-MULT DELTA ALPHA)) ((DISABLE BAD-FOR-BOUND-ON-MULT) (INDUCT (BOUND-ON-MULT-KLUDGE ALPHA)))) This formula can be simplified, using the abbreviations NLISTP, NOT, OR, and AND, to the following two new formulas: Case 2. (IMPLIES (NOT (LISTP ALPHA)) (NOT (BAD-FOR-BOUND-ON-MULT DELTA ALPHA))). This simplifies, applying the lemma BOUND-ON-MULT-AUX1, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (NOT (BAD-FOR-BOUND-ON-MULT DELTA (CDR ALPHA)))) (NOT (BAD-FOR-BOUND-ON-MULT DELTA ALPHA))). This simplifies, rewriting with BOUND-ON-MULT-AUX6, to: T. Q.E.D. [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX7 (PROVE-LEMMA BOUND-ON-MULT (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (ORD-LESSP (CAR ALPHA) DELTA)) (EQUAL (MULT DELTA ALPHA) 0)) ((USE (BOUND-ON-MULT-AUX7 (DELTA DELTA) (ALPHA ALPHA))) (DISABLE ORD-LEQ TRANSITIVITY-ALT))) WARNING: Note that the rewrite rule BOUND-ON-MULT will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This formula simplifies, appealing to the lemmas BOUND-ON-MULT-AUX3, CDRS-ARE-ORDINALS, and BOUND-ON-MULT-AUX2, and expanding the definitions of MULT, ORDINALP, BAD-FOR-BOUND-ON-MULT, EQUAL, LESSP, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] BOUND-ON-MULT (DISABLE BOUND-ON-MULT-AUX1) [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX1-OFF (DISABLE BOUND-ON-MULT-AUX2) [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX2-OFF (DISABLE BOUND-ON-MULT-AUX3) [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX3-OFF (DISABLE BOUND-ON-MULT-AUX4) [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX4-OFF (DISABLE BOUND-ON-MULT-AUX5) [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX5-OFF (DISABLE BOUND-ON-MULT-AUX6) [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX6-OFF (DISABLE BOUND-ON-MULT-AUX7) [ 0.0 0.0 0.0 ] BOUND-ON-MULT-AUX7-OFF (DISABLE BAD-FOR-BOUND-ON-MULT) [ 0.0 0.0 0.0 ] BAD-FOR-BOUND-ON-MULT-OFF (DISABLE BOUND-ON-MULT-KLUDGE) [ 0.0 0.0 0.0 ] BOUND-ON-MULT-KLUDGE-OFF (DEFN DIFFERENT-MULT (ALPHA BETA) (IF (EQUAL (CAR ALPHA) (CAR BETA)) (IF (LISTP ALPHA) (DIFFERENT-MULT (CDR ALPHA) (CDR BETA)) 0) (IF (ORD-LESSP (CAR ALPHA) (CAR BETA)) (CAR BETA) (CAR ALPHA)))) Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, DIFFERENT-MULT is accepted under the principle of definition. [ 0.0 0.1 0.0 ] DIFFERENT-MULT (PROVE-LEMMA DIFFERENT-MULT-IS-ORD (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (DIFFERENT-MULT ALPHA BETA))) ((INDUCT (DIFFERENT-MULT ALPHA BETA)) (DISABLE ORDINALP ORD-LESSP))) This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and AND, to the following four new goals: Case 4. (IMPLIES (AND (EQUAL (CAR ALPHA) (CAR BETA)) (LISTP ALPHA) (IMPLIES (AND (ORDINALP (CDR ALPHA)) (ORDINALP (CDR BETA))) (ORDINALP (DIFFERENT-MULT (CDR ALPHA) (CDR BETA)))) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (DIFFERENT-MULT ALPHA BETA))). This simplifies, applying CDRS-ARE-ORDINALS, and expanding AND, IMPLIES, and DIFFERENT-MULT, to: T. Case 3. (IMPLIES (AND (EQUAL (CAR ALPHA) (CAR BETA)) (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (DIFFERENT-MULT ALPHA BETA))), which simplifies, applying CAR-NLISTP, and expanding the functions EQUAL, DIFFERENT-MULT, and ORDINALP, to: T. Case 2. (IMPLIES (AND (NOT (EQUAL (CAR ALPHA) (CAR BETA))) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (DIFFERENT-MULT ALPHA BETA))). This simplifies, applying CARS-ARE-ORDINALS, and unfolding the definition of DIFFERENT-MULT, to: T. Case 1. (IMPLIES (AND (NOT (EQUAL (CAR ALPHA) (CAR BETA))) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (DIFFERENT-MULT ALPHA BETA))), which simplifies, appealing to the lemma CARS-ARE-ORDINALS, and opening up the function DIFFERENT-MULT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-IS-ORD (PROVE-LEMMA DIFFERENT-MULT-FOR-NUMBERS (REWRITE) (IMPLIES (AND (NUMBERP ALPHA) (NUMBERP BETA)) (EQUAL (DIFFERENT-MULT ALPHA BETA) 0))) This simplifies, appealing to the lemma CAR-NLISTP, and opening up the definitions of EQUAL and DIFFERENT-MULT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-FOR-NUMBERS (DISABLE TRANSITIVITY-ALT) [ 0.0 0.0 0.0 ] TRANSITIVITY-ALT-OFF (DISABLE IRREFLEX-OF-ORD-LEQ) [ 0.0 0.0 0.0 ] IRREFLEX-OF-ORD-LEQ-OFF (PROVE-LEMMA DIFFERENT-MULT-NUMBER-LIST (REWRITE) (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP BETA) (LISTP BETA)) (EQUAL (DIFFERENT-MULT ALPHA BETA) (CAR BETA)))) This formula simplifies, rewriting with the lemma CAR-NLISTP, and expanding ORD-LESSP, LISTP, EQUAL, LESSP, and DIFFERENT-MULT, to the new formula: (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP BETA) (LISTP BETA) (NOT (EQUAL 0 (CAR BETA))) (NOT (LISTP (CAR BETA)))) (NUMBERP (CAR BETA))), which again simplifies, trivially, to: (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP BETA) (LISTP BETA) (NOT (LISTP (CAR BETA)))) (NUMBERP (CAR BETA))). Applying the lemma CAR-CDR-ELIM, replace BETA by (CONS X Z) to eliminate (CAR BETA) and (CDR BETA). We thus obtain: (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP (CONS X Z)) (NOT (LISTP X))) (NUMBERP X)), which further simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and expanding the definitions of ORD-LESSP, LESSP, and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-NUMBER-LIST (PROVE-LEMMA DIFFERENT-MULT-LIST-NUMBER (REWRITE) (IMPLIES (AND (NUMBERP BETA) (ORDINALP ALPHA) (LISTP ALPHA)) (EQUAL (DIFFERENT-MULT ALPHA BETA) (CAR ALPHA)))) . Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). This produces: (IMPLIES (AND (NUMBERP BETA) (ORDINALP (CONS X Z))) (EQUAL (DIFFERENT-MULT (CONS X Z) BETA) X)), which simplifies, applying CDR-CONS, CAR-CONS, and CAR-NLISTP, and unfolding the functions ORDINALP, ORD-LESSP, LISTP, EQUAL, LESSP, and DIFFERENT-MULT, to: T. Q.E.D. [ 0.0 0.1 0.0 ] DIFFERENT-MULT-LIST-NUMBER (PROVE-LEMMA DIFFERENT-MULT-FOR-LISTS-SAME-CAR (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (LISTP ALPHA) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA))) (EQUAL (DIFFERENT-MULT ALPHA BETA) (DIFFERENT-MULT (CDR ALPHA) (CDR BETA)))) ((DISABLE ORD-LEQ NO-CYCLE-ALT))) This simplifies, rewriting with the lemma CAR-NLISTP, and expanding the functions ORDINALP, DIFFERENT-MULT, ORD-LESSP, LISTP, EQUAL, and LESSP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] DIFFERENT-MULT-FOR-LISTS-SAME-CAR (PROVE-LEMMA DIFFERENT-MULT-FOR-SMALLER-CAR (REWRITE) (IMPLIES (ORD-LESSP (CAR ALPHA) (CAR BETA)) (EQUAL (DIFFERENT-MULT ALPHA BETA) (CAR BETA)))) . Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). This generates two new conjectures: Case 2. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORD-LESSP (CAR ALPHA) (CAR BETA))) (EQUAL (DIFFERENT-MULT ALPHA BETA) (CAR BETA))), which simplifies, applying CAR-NLISTP and SUCCESSORS-ARE-POSITIVE, and unfolding the functions LESSP, EQUAL, LISTP, ORD-LESSP, DIFFERENT-MULT, ORDINALP, and SUCCESSORP, to: T. Case 1. (IMPLIES (ORD-LESSP X (CAR BETA)) (EQUAL (DIFFERENT-MULT (CONS X Z) BETA) (CAR BETA))). However this simplifies, applying CDR-CONS and CAR-CONS, and unfolding the function DIFFERENT-MULT, to: (IMPLIES (AND (ORD-LESSP X (CAR BETA)) (EQUAL X (CAR BETA))) (EQUAL (DIFFERENT-MULT Z (CDR BETA)) (CAR BETA))), which again simplifies, applying the lemma IRREFLEX, to: T. Q.E.D. [ 0.0 0.2 0.0 ] DIFFERENT-MULT-FOR-SMALLER-CAR (PROVE-LEMMA DIFFERENT-MULT-FOR-LARGER-CAR (REWRITE) (IMPLIES (ORD-LESSP (CAR BETA) (CAR ALPHA)) (EQUAL (DIFFERENT-MULT ALPHA BETA) (CAR ALPHA)))) . Appealing to the lemma CAR-CDR-ELIM, we now replace BETA by (CONS X Z) to eliminate (CAR BETA) and (CDR BETA). This generates two new conjectures: Case 2. (IMPLIES (AND (NOT (LISTP BETA)) (ORD-LESSP (CAR BETA) (CAR ALPHA))) (EQUAL (DIFFERENT-MULT ALPHA BETA) (CAR ALPHA))), which simplifies, applying CAR-NLISTP, NO-CYCLE-ALT, and SUCCESSORS-ARE-POSITIVE, and unfolding the functions LESSP, EQUAL, LISTP, ORD-LESSP, DIFFERENT-MULT, SUCCESSORP, and ORDINALP, to: T. Case 1. (IMPLIES (ORD-LESSP X (CAR ALPHA)) (EQUAL (DIFFERENT-MULT ALPHA (CONS X Z)) (CAR ALPHA))). Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS V W) to eliminate (CAR ALPHA) and (CDR ALPHA). We must thus prove two new formulas: Case 1.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORD-LESSP X (CAR ALPHA))) (EQUAL (DIFFERENT-MULT ALPHA (CONS X Z)) (CAR ALPHA))), which simplifies, applying CAR-NLISTP, and opening up the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 1.1. (IMPLIES (ORD-LESSP X V) (EQUAL (DIFFERENT-MULT (CONS V W) (CONS X Z)) V)). But this simplifies, applying the lemmas NO-CYCLE-ALT, CDR-CONS, and CAR-CONS, and expanding DIFFERENT-MULT, to: (IMPLIES (AND (ORD-LESSP X V) (EQUAL V X)) (EQUAL (DIFFERENT-MULT W Z) V)). But this again simplifies, appealing to the lemma IRREFLEX, to: T. Q.E.D. [ 0.0 0.2 0.0 ] DIFFERENT-MULT-FOR-LARGER-CAR (DISABLE DIFFERENT-MULT) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-OFF (DEFN BAD-FOR-DIFFERENT-MULT-WORKS (ALPHA BETA) (AND (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA)) (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))) From the definition we can conclude that: (OR (FALSEP (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA)) (TRUEP (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-DIFFERENT-MULT-WORKS (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX1 (REWRITE) (IMPLIES (AND (ORDINALP SIGMA) (NOT (EQUAL (CAR SIGMA) 0))) (NOT (EQUAL (MULT (CAR SIGMA) SIGMA) 0)))) This simplifies, unfolding the definition of MULT, to the new conjecture: (IMPLIES (AND (ORDINALP SIGMA) (NOT (EQUAL (CAR SIGMA) 0))) (NOT (EQUAL (POS-MULT (CAR SIGMA) SIGMA) 0))). Applying the lemma CAR-CDR-ELIM, replace SIGMA by (CONS X Z) to eliminate (CAR SIGMA) and (CDR SIGMA). We thus obtain the following two new goals: Case 2. (IMPLIES (AND (NOT (LISTP SIGMA)) (ORDINALP SIGMA) (NOT (EQUAL (CAR SIGMA) 0))) (NOT (EQUAL (POS-MULT (CAR SIGMA) SIGMA) 0))). However this further simplifies, rewriting with CAR-NLISTP, and opening up the definitions of ORDINALP and EQUAL, to: T. Case 1. (IMPLIES (AND (ORDINALP (CONS X Z)) (NOT (EQUAL X 0))) (NOT (EQUAL (POS-MULT X (CONS X Z)) 0))). But this further simplifies, rewriting with the lemmas CDR-CONS and CAR-CONS, and unfolding the functions ORDINALP, POS-MULT, ADD1, and EQUAL, to: T. Q.E.D. [ 0.0 0.1 0.0 ] DIFFERENT-MULT-WORKS-AUX1 (DISABLE NO-CYCLE-ALT) [ 0.0 0.0 0.0 ] NO-CYCLE-ALT-OFF (DISABLE ORD-LEQ-IS-TRANSITIVE) [ 0.0 0.0 0.0 ] ORD-LEQ-IS-TRANSITIVE-OFF (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX2 (REWRITE) (IMPLIES (ORD-LESSP (CAR ALPHA) (CAR BETA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))) ((DO-NOT-INDUCT T) (USE (DIFFERENT-MULT-WORKS-AUX1 (SIGMA BETA)) (BOUND-ON-MULT (ALPHA ALPHA) (DELTA (CAR BETA)))) (DISABLE ORD-LEQ DIFFERENT-MULT-WORKS-AUX1 BOUND-ON-MULT))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX2 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This formula can be simplified, using the abbreviations BAD-FOR-DIFFERENT-MULT-WORKS, NOT, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP BETA) (NOT (EQUAL (CAR BETA) 0))) (NOT (EQUAL (MULT (CAR BETA) BETA) 0))) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP (CAR BETA)) (ORD-LESSP (CAR ALPHA) (CAR BETA))) (EQUAL (MULT (CAR BETA) ALPHA) 0)) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))), which simplifies, applying the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, CAR-NLISTP, and DIFFERENT-MULT-FOR-SMALLER-CAR, and expanding the definitions of ORDINALP, NOT, AND, MULT, IMPLIES, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] DIFFERENT-MULT-WORKS-AUX2 (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX3 (REWRITE) (IMPLIES (ORD-LESSP (CAR BETA) (CAR ALPHA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))) ((DO-NOT-INDUCT T) (USE (DIFFERENT-MULT-WORKS-AUX1 (SIGMA ALPHA)) (BOUND-ON-MULT (ALPHA BETA) (DELTA (CAR ALPHA)))) (DISABLE DIFFERENT-MULT-WORKS-AUX1 BOUND-ON-MULT))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX3 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This formula can be simplified, using the abbreviations BAD-FOR-DIFFERENT-MULT-WORKS, NOT, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP ALPHA) (NOT (EQUAL (CAR ALPHA) 0))) (NOT (EQUAL (MULT (CAR ALPHA) ALPHA) 0))) (IMPLIES (AND (ORDINALP BETA) (ORDINALP (CAR ALPHA)) (ORD-LESSP (CAR BETA) (CAR ALPHA))) (EQUAL (MULT (CAR ALPHA) BETA) 0)) (ORD-LESSP (CAR BETA) (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))), which simplifies, applying the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, CAR-NLISTP, and DIFFERENT-MULT-FOR-LARGER-CAR, and expanding the definitions of ORDINALP, NOT, AND, MULT, IMPLIES, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.2 0.0 ] DIFFERENT-MULT-WORKS-AUX3 (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX4 (REWRITE) (IMPLIES (AND (NUMBERP ALPHA) (NUMBERP BETA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA)))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX4 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This formula can be simplified, using the abbreviations BAD-FOR-DIFFERENT-MULT-WORKS, NOT, AND, and IMPLIES, to: (IMPLIES (AND (NUMBERP ALPHA) (NUMBERP BETA) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))), which simplifies, rewriting with the lemma DIFFERENT-MULT-FOR-NUMBERS, and expanding the functions ORDINALP, NUMBER-PART, EQUAL, and MULT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX4 (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX5 (REWRITE) (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP BETA) (LISTP BETA)) (ORD-LESSP (CAR ALPHA) (CAR BETA)))) This conjecture simplifies, rewriting with CAR-NLISTP, and expanding the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to the following two new goals: Case 2. (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP BETA) (LISTP BETA) (NOT (LISTP (CAR BETA)))) (NUMBERP (CAR BETA))). Appealing to the lemma CAR-CDR-ELIM, we now replace BETA by (CONS X Z) to eliminate (CAR BETA) and (CDR BETA). This generates the formula: (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP (CONS X Z)) (NOT (LISTP X))) (NUMBERP X)). However this further simplifies, applying CDR-CONS and CAR-CONS, and opening up the definitions of ORD-LESSP, LESSP, and ORDINALP, to: T. Case 1. (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP BETA) (LISTP BETA) (NOT (LISTP (CAR BETA)))) (NOT (EQUAL (CAR BETA) 0))). This again simplifies, expanding EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX5 (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX6 (REWRITE) (IMPLIES (AND (NLISTP ALPHA) (LISTP BETA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA)))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX6 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This formula can be simplified, using the abbreviations BAD-FOR-DIFFERENT-MULT-WORKS, NOT, NLISTP, AND, and IMPLIES, to: (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))), which simplifies, rewriting with the lemma DIFFERENT-MULT-NUMBER-LIST, and expanding the functions ORDINALP, POS-MULT, NUMBER-PART, and MULT, to two new conjectures: Case 2. (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA) (NUMBERP ALPHA) (ORDINALP BETA) (NOT (EQUAL (CAR BETA) 0))) (NOT (EQUAL 0 (POS-MULT (CAR BETA) BETA)))), which again simplifies, trivially, to: (IMPLIES (AND (LISTP BETA) (NUMBERP ALPHA) (ORDINALP BETA) (NOT (EQUAL (CAR BETA) 0))) (NOT (EQUAL 0 (POS-MULT (CAR BETA) BETA)))). Applying the lemma CAR-CDR-ELIM, replace BETA by (CONS X Z) to eliminate (CAR BETA) and (CDR BETA). This produces the new conjecture: (IMPLIES (AND (NUMBERP ALPHA) (ORDINALP (CONS X Z)) (NOT (EQUAL X 0))) (NOT (EQUAL 0 (POS-MULT X (CONS X Z))))), which further simplifies, rewriting with CDR-CONS and CAR-CONS, and opening up the functions ORDINALP, POS-MULT, ADD1, and EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA) (NUMBERP ALPHA) (ORDINALP BETA) (EQUAL (CAR BETA) 0)) (NOT (EQUAL ALPHA (NUMBER-PART BETA)))). But this again simplifies, applying NUMBER-PART-IS-A-NUMBER, and opening up the functions EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX6 (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX7 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (NLISTP BETA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA)))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX7 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This formula can be simplified, using the abbreviations BAD-FOR-DIFFERENT-MULT-WORKS, NOT, NLISTP, AND, and IMPLIES, to: (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))), which simplifies, rewriting with the lemma DIFFERENT-MULT-LIST-NUMBER, and expanding the functions ORDINALP, MULT, POS-MULT, and NUMBER-PART, to two new conjectures: Case 2. (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA)) (ORDINALP ALPHA) (NUMBERP BETA) (NOT (EQUAL (CAR ALPHA) 0))) (NOT (EQUAL (POS-MULT (CAR ALPHA) ALPHA) 0))), which again simplifies, trivially, to: (IMPLIES (AND (LISTP ALPHA) (ORDINALP ALPHA) (NUMBERP BETA) (NOT (EQUAL (CAR ALPHA) 0))) (NOT (EQUAL (POS-MULT (CAR ALPHA) ALPHA) 0))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). This produces the new conjecture: (IMPLIES (AND (ORDINALP (CONS X Z)) (NUMBERP BETA) (NOT (EQUAL X 0))) (NOT (EQUAL (POS-MULT X (CONS X Z)) 0))), which further simplifies, rewriting with CDR-CONS and CAR-CONS, and opening up the functions ORDINALP, POS-MULT, ADD1, and EQUAL, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA)) (ORDINALP ALPHA) (NUMBERP BETA) (EQUAL (CAR ALPHA) 0)) (NOT (EQUAL (NUMBER-PART ALPHA) BETA))). But this again simplifies, expanding the functions EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] DIFFERENT-MULT-WORKS-AUX7 (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX8 (REWRITE) (IMPLIES (AND (NLISTP ALPHA) (NLISTP BETA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA)))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX8 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This formula can be simplified, using the abbreviations BAD-FOR-DIFFERENT-MULT-WORKS, NOT, NLISTP, AND, and IMPLIES, to: (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))), which simplifies, rewriting with the lemma DIFFERENT-MULT-FOR-NUMBERS, and expanding the functions ORDINALP, NUMBER-PART, EQUAL, and MULT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX8 (DISABLE DIFFERENT-MULT-WORKS-AUX4) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX4-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX5) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX5-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX6) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX6-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX7) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX7-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX8) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX8-OFF (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX9 (REWRITE) (IMPLIES (OR (NLISTP ALPHA) (NLISTP BETA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))) ((DISABLE BAD-FOR-DIFFERENT-MULT-WORKS) (USE (DIFFERENT-MULT-WORKS-AUX6 (ALPHA ALPHA) (BETA BETA)) (DIFFERENT-MULT-WORKS-AUX7 (ALPHA ALPHA) (BETA BETA)) (DIFFERENT-MULT-WORKS-AUX8 (ALPHA ALPHA) (BETA BETA))))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX9 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This conjecture simplifies, expanding the definitions of NLISTP, AND, NOT, IMPLIES, and OR, to: T. Q.E.D. [ 0.0 0.1 0.0 ] DIFFERENT-MULT-WORKS-AUX9 (DISABLE DIFFERENT-MULT-WORKS-AUX1) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX1-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX2) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX2-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX3) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX3-OFF (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX10 (REWRITE) (IMPLIES (NOT (EQUAL (CAR BETA) (CAR ALPHA))) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))) ((USE (TRICHOTOMY (SIGMA (CAR ALPHA)) (TAU (CAR BETA))) (DIFFERENT-MULT-WORKS-AUX2 (ALPHA ALPHA) (BETA BETA)) (DIFFERENT-MULT-WORKS-AUX3 (ALPHA ALPHA) (BETA BETA))) (DISABLE DIFFERENT-MULT-WORKS-AUX9))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX10 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This conjecture can be simplified, using the abbreviations BAD-FOR-DIFFERENT-MULT-WORKS, NOT, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP (CAR ALPHA)) (ORDINALP (CAR BETA))) (OR (EQUAL (CAR ALPHA) (CAR BETA)) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (ORD-LESSP (CAR BETA) (CAR ALPHA)))) (IMPLIES (ORD-LESSP (CAR ALPHA) (CAR BETA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))) (IMPLIES (ORD-LESSP (CAR BETA) (CAR ALPHA)) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))) (NOT (EQUAL (CAR BETA) (CAR ALPHA))) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))). This simplifies, appealing to the lemmas CARS-ARE-ORDINALS, BOUND-ON-MULT, DIFFERENT-MULT-FOR-SMALLER-CAR, CDRS-ARE-ORDINALS, CAR-NLISTP, and DIFFERENT-MULT-FOR-LARGER-CAR, and unfolding AND, OR, IMPLIES, MULT, ORDINALP, BAD-FOR-DIFFERENT-MULT-WORKS, NOT, LESSP, EQUAL, LISTP, ORD-LESSP, and NUMBER-PART, to the following four new goals: Case 4. (IMPLIES (AND (ORD-LESSP (CAR ALPHA) (CAR BETA)) (EQUAL (CAR BETA) 0) (NOT (EQUAL 0 (NUMBER-PART BETA))) (NOT (LISTP (CAR ALPHA))) (NOT (NUMBERP (CAR ALPHA))) (ORDINALP ALPHA) (NOT (LISTP BETA)) (NUMBERP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (NUMBER-PART ALPHA) BETA))). This again simplifies, expanding LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 3. (IMPLIES (AND (ORD-LESSP (CAR ALPHA) (CAR BETA)) (EQUAL (CAR BETA) 0) (NOT (EQUAL 0 (NUMBER-PART BETA))) (NOT (EQUAL (NUMBER-PART ALPHA) (NUMBER-PART BETA))) (NOT (EQUAL 0 (CAR ALPHA))) (ORDINALP ALPHA) (NOT (LISTP BETA)) (NUMBERP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (NUMBER-PART ALPHA) BETA))), which again simplifies, opening up the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 2. (IMPLIES (AND (ORD-LESSP (CAR BETA) (CAR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (EQUAL (CAR ALPHA) 0) (NOT (EQUAL (NUMBER-PART ALPHA) 0)) (NOT (EQUAL (CAR BETA) 0)) (NOT (LISTP ALPHA)) (NUMBERP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL ALPHA (NUMBER-PART BETA)))), which again simplifies, expanding the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 1. (IMPLIES (AND (ORD-LESSP (CAR BETA) (CAR ALPHA)) (EQUAL (CAR ALPHA) 0) (NOT (EQUAL (NUMBER-PART ALPHA) 0)) (NOT (EQUAL (CAR BETA) 0)) (NOT (LISTP ALPHA)) (NUMBERP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL ALPHA (NUMBER-PART BETA)))), which again simplifies, expanding the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.6 0.0 ] DIFFERENT-MULT-WORKS-AUX10 (PROVE-LEMMA SAME-MULT-FOR-CDR (REWRITE) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA)) (EQUAL (MULT DELTA ALPHA) (MULT DELTA BETA))) (EQUAL (MULT DELTA (CDR ALPHA)) (MULT DELTA (CDR BETA))))) WARNING: Note that the rewrite rule SAME-MULT-FOR-CDR will be stored so as to apply only to terms with the nonrecursive function symbol MULT. WARNING: Note that SAME-MULT-FOR-CDR contains the free variable BETA which will be chosen by instantiating the hypothesis (LISTP BETA). This formula simplifies, expanding the definitions of POS-MULT, NUMBER-PART, MULT, and EQUAL, to the new goal: (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA)) (NOT (EQUAL DELTA 0)) (EQUAL DELTA (CAR ALPHA)) (EQUAL (ADD1 (POS-MULT DELTA (CDR ALPHA))) (ADD1 (POS-MULT DELTA (CDR BETA))))) (EQUAL (POS-MULT DELTA (CDR ALPHA)) (POS-MULT DELTA (CDR BETA)))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.5 0.0 ] SAME-MULT-FOR-CDR (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX11 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA)) (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA)) (BAD-FOR-DIFFERENT-MULT-WORKS (CDR ALPHA) (CDR BETA))) ((USE (SAME-MULT-FOR-CDR (ALPHA ALPHA) (BETA BETA) (DELTA (DIFFERENT-MULT ALPHA BETA)))) (DISABLE MULT ORDINALP ORD-LESSP SAME-MULT-FOR-CDR))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX11 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. This conjecture can be simplified, using the abbreviations BAD-FOR-DIFFERENT-MULT-WORKS, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA)) (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA))) (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) (CDR ALPHA)) (MULT (DIFFERENT-MULT ALPHA BETA) (CDR BETA)))) (LISTP ALPHA) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA)) (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA))) (BAD-FOR-DIFFERENT-MULT-WORKS (CDR ALPHA) (CDR BETA))). This simplifies, applying DIFFERENT-MULT-FOR-LISTS-SAME-CAR and CDRS-ARE-ORDINALS, and expanding the definitions of AND, IMPLIES, and BAD-FOR-DIFFERENT-MULT-WORKS, to: (IMPLIES (AND (EQUAL (MULT (DIFFERENT-MULT (CDR ALPHA) (CDR BETA)) (CDR ALPHA)) (MULT (DIFFERENT-MULT (CDR ALPHA) (CDR BETA)) (CDR BETA))) (LISTP ALPHA) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA)) (EQUAL (MULT (DIFFERENT-MULT (CDR ALPHA) (CDR BETA)) ALPHA) (MULT (DIFFERENT-MULT (CDR ALPHA) (CDR BETA)) BETA))) (NOT (EQUAL (CDR ALPHA) (CDR BETA)))). This again simplifies, clearly, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX11 (DISABLE DIFFERENT-MULT-WORKS-AUX10) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX10-OFF (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX12 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA)) (BAD-FOR-DIFFERENT-MULT-WORKS (CDR ALPHA) (CDR BETA))) ((DO-NOT-INDUCT T) (DISABLE BAD-FOR-DIFFERENT-MULT-WORKS) (USE (DIFFERENT-MULT-WORKS-AUX10 (ALPHA ALPHA) (BETA BETA))))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX12 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. WARNING: the newly proposed lemma, DIFFERENT-MULT-WORKS-AUX12, could be applied whenever the previously added lemma DIFFERENT-MULT-WORKS-AUX11 could. This simplifies, applying DIFFERENT-MULT-WORKS-AUX11, and unfolding NOT and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX12 (DEFN DIFFERENT-MULT-WORKS-KLUDGE (ALPHA BETA) (IF (AND (LISTP ALPHA) (LISTP BETA)) (DIFFERENT-MULT-WORKS-KLUDGE (CDR ALPHA) (CDR BETA)) 0)) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of AND establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, DIFFERENT-MULT-WORKS-KLUDGE is accepted under the definitional principle. The definition of: DIFFERENT-MULT-WORKS-KLUDGE can be justified in another way. Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of AND inform us that the measure (COUNT BETA) decreases according to the well-founded relation LESSP in each recursive call. Observe that: (NUMBERP (DIFFERENT-MULT-WORKS-KLUDGE ALPHA BETA)) is a theorem. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-KLUDGE (PROVE-LEMMA DIFFERENT-MULT-WORKS-AUX13 (REWRITE) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA)) ((INDUCT (DIFFERENT-MULT-WORKS-KLUDGE ALPHA BETA)) (DISABLE BAD-FOR-DIFFERENT-MULT-WORKS))) WARNING: Note that the rewrite rule DIFFERENT-MULT-WORKS-AUX13 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-DIFFERENT-MULT-WORKS. WARNING: the newly proposed lemma, DIFFERENT-MULT-WORKS-AUX13, could be applied whenever the previously added lemma DIFFERENT-MULT-WORKS-AUX9 could. This formula can be simplified, using the abbreviations NOT, OR, and AND, to the following two new conjectures: Case 2. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS (CDR ALPHA) (CDR BETA)))) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))). This simplifies, rewriting with the lemma DIFFERENT-MULT-WORKS-AUX12, to: T. Case 1. (IMPLIES (NOT (AND (LISTP ALPHA) (LISTP BETA))) (NOT (BAD-FOR-DIFFERENT-MULT-WORKS ALPHA BETA))). This simplifies, applying DIFFERENT-MULT-WORKS-AUX9, and expanding the functions AND, OR, and NLISTP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX13 (DISABLE DIFFERENT-MULT-WORKS-KLUDGE) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-KLUDGE-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX9) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX9-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX11) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX11-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX12) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX12-OFF (DISABLE DIFFERENT-MULT-WORKS-AUX13) [ 0.0 0.0 0.0 ] DIFFERENT-MULT-WORKS-AUX13-OFF (PROVE-LEMMA DIFFERENT-MULT-WORKS (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL ALPHA BETA))) (NOT (EQUAL (MULT (DIFFERENT-MULT ALPHA BETA) ALPHA) (MULT (DIFFERENT-MULT ALPHA BETA) BETA)))) ((USE (DIFFERENT-MULT-WORKS-AUX13 (ALPHA ALPHA) (BETA BETA))) (DISABLE MULT))) This simplifies, applying CARS-ARE-ORDINALS and CDRS-ARE-ORDINALS, and unfolding ORDINALP, BAD-FOR-DIFFERENT-MULT-WORKS, and EQUAL, to: T. Q.E.D. [ 0.0 0.1 0.0 ] DIFFERENT-MULT-WORKS (DISABLE BAD-FOR-DIFFERENT-MULT-WORKS) [ 0.0 0.0 0.0 ] BAD-FOR-DIFFERENT-MULT-WORKS-OFF (DEFN NUM-SHARP (ALPHA N) (IF (NLISTP ALPHA) (PLUS ALPHA N) (CONS (CAR ALPHA) (NUM-SHARP (CDR ALPHA) N)))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to show that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, NUM-SHARP is accepted under the definitional principle. From the definition we can conclude that: (OR (NUMBERP (NUM-SHARP ALPHA N)) (LISTP (NUM-SHARP ALPHA N))) is a theorem. [ 0.0 0.0 0.0 ] NUM-SHARP (PROVE-LEMMA NUM-SHARP-IS-AN-ORDINAL (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (NUMBERP N)) (ORDINALP (NUM-SHARP ALPHA N)))) Call the conjecture *1. Perhaps we can prove it by induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CAR ALPHA) N) (p (CDR ALPHA) N)) (p ALPHA N)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA N))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to prove that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to five new goals: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CAR ALPHA))) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA) (NUMBERP N)) (ORDINALP (NUM-SHARP ALPHA N))), which simplifies, opening up the definition of ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (NUM-SHARP (CAR ALPHA) N)) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA) (NUMBERP N)) (ORDINALP (NUM-SHARP ALPHA N))), which simplifies, expanding ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP (NUM-SHARP (CDR ALPHA) N)) (ORDINALP ALPHA) (NUMBERP N)) (ORDINALP (NUM-SHARP ALPHA N))), which simplifies, opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (NUM-SHARP (CAR ALPHA) N)) (ORDINALP (NUM-SHARP (CDR ALPHA) N)) (ORDINALP ALPHA) (NUMBERP N)) (ORDINALP (NUM-SHARP ALPHA N))), which simplifies, rewriting with CDR-CONS, CARS-ARE-ORDINALS, and CAR-CONS, and opening up the functions ORDINALP and NUM-SHARP, to the following two new goals: Case 2.2. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (NUM-SHARP (CAR ALPHA) N)) (ORDINALP (NUM-SHARP (CDR ALPHA) N)) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (NUMBERP N) (LISTP (NUM-SHARP (CDR ALPHA) N))) (NOT (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP (CDR ALPHA) N))))). Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA) and Z by (CONS V W) to eliminate (CAR Z) and (CDR Z). This generates two new conjectures: Case 2.2.2. (IMPLIES (AND (NOT (LISTP Z)) (ORDINALP (NUM-SHARP X N)) (ORDINALP (NUM-SHARP Z N)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (ORD-LESSP X (CAR Z))) (NUMBERP N) (LISTP (NUM-SHARP Z N))) (NOT (ORD-LESSP X (CAR (NUM-SHARP Z N))))), which further simplifies, applying CAR-NLISTP, and expanding the functions NUM-SHARP, ORDINALP, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 2.2.1. (IMPLIES (AND (ORDINALP (NUM-SHARP X N)) (ORDINALP (NUM-SHARP (CONS V W) N)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP (CONS V W)) (NOT (ORD-LESSP X V)) (NUMBERP N) (LISTP (NUM-SHARP (CONS V W) N))) (NOT (ORD-LESSP X (CAR (NUM-SHARP (CONS V W) N))))). This further simplifies, applying CDR-CONS and CAR-CONS, and unfolding the definitions of NUM-SHARP and ORDINALP, to: T. Case 2.1. (IMPLIES (AND (LISTP ALPHA) (ORDINALP (NUM-SHARP (CAR ALPHA) N)) (ORDINALP (NUM-SHARP (CDR ALPHA) N)) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (NUMBERP N) (LISTP (NUM-SHARP (CDR ALPHA) N))) (NOT (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP (CDR ALPHA) N))))). However this further simplifies, unfolding the definitions of NUM-SHARP and ORDINALP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (NUMBERP N)) (ORDINALP (NUM-SHARP ALPHA N))), which simplifies, unfolding ORDINALP and NUM-SHARP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.3 0.0 ] NUM-SHARP-IS-AN-ORDINAL (PROVE-LEMMA NUM-SHARP-AND-ZERO (REWRITE) (IMPLIES (ORDINALP ALPHA) (EQUAL (NUM-SHARP ALPHA 0) ALPHA))) Name the conjecture *1. We will appeal to induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CAR ALPHA)) (p (CDR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following five new formulas: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CAR ALPHA))) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA)) (EQUAL (NUM-SHARP ALPHA 0) ALPHA)). This simplifies, expanding the definition of ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (EQUAL (NUM-SHARP (CAR ALPHA) 0) (CAR ALPHA)) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA)) (EQUAL (NUM-SHARP ALPHA 0) ALPHA)). This simplifies, expanding the definition of ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CAR ALPHA))) (EQUAL (NUM-SHARP (CDR ALPHA) 0) (CDR ALPHA)) (ORDINALP ALPHA)) (EQUAL (NUM-SHARP ALPHA 0) ALPHA)). This simplifies, opening up the function ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (NUM-SHARP (CAR ALPHA) 0) (CAR ALPHA)) (EQUAL (NUM-SHARP (CDR ALPHA) 0) (CDR ALPHA)) (ORDINALP ALPHA)) (EQUAL (NUM-SHARP ALPHA 0) ALPHA)). This simplifies, appealing to the lemma CONS-CAR-CDR, and expanding the functions ORDINALP and NUM-SHARP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA)) (EQUAL (NUM-SHARP ALPHA 0) ALPHA)). This simplifies, opening up ORDINALP and NUM-SHARP, to the new formula: (IMPLIES (AND (NOT (LISTP ALPHA)) (NUMBERP ALPHA)) (EQUAL (PLUS ALPHA 0) ALPHA)), which again simplifies, using linear arithmetic, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] NUM-SHARP-AND-ZERO (PROVE-LEMMA NUM-SHARP-AND-SUCCESSOR (REWRITE) (EQUAL (NUM-SHARP ALPHA 1) (SUCCESSOR ALPHA))) Call the conjecture *1. We will try to prove it by induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP ALPHA) (p ALPHA)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (p (CDR ALPHA))) (p ALPHA))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following two new formulas: Case 2. (IMPLIES (NLISTP ALPHA) (EQUAL (NUM-SHARP ALPHA 1) (SUCCESSOR ALPHA))). This simplifies, expanding the definitions of NLISTP, NUM-SHARP, and SUCCESSOR, to the new goal: (IMPLIES (NOT (LISTP ALPHA)) (EQUAL (PLUS ALPHA 1) (ADD1 ALPHA))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP ALPHA)) (EQUAL (NUM-SHARP (CDR ALPHA) 1) (SUCCESSOR (CDR ALPHA)))) (EQUAL (NUM-SHARP ALPHA 1) (SUCCESSOR ALPHA))), which simplifies, expanding NLISTP, NUM-SHARP, and SUCCESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] NUM-SHARP-AND-SUCCESSOR (PROVE-LEMMA NUM-SHARP-GETS-BIGGER (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N)))) Call the conjecture *1. We will try to prove it by induction. The recursive terms in the conjecture suggest three inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP (NUM-SHARP ALPHA N)))) (p ALPHA N)) (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP (NUM-SHARP ALPHA N))) (p ALPHA N)) (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP (NUM-SHARP ALPHA N)))) (p ALPHA N)) (IMPLIES (AND (LISTP ALPHA) (LISTP (NUM-SHARP ALPHA N)) (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP ALPHA N))) (p (CAR ALPHA) N)) (p ALPHA N)) (IMPLIES (AND (LISTP ALPHA) (LISTP (NUM-SHARP ALPHA N)) (NOT (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP ALPHA N)))) (p (CDR ALPHA) N) (p (CAR ALPHA) N)) (p ALPHA N))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP can be used to prove that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following nine new goals: Case 9. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP (NUM-SHARP ALPHA N))) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))). This simplifies, opening up the definitions of NUM-SHARP, ORDINALP, and ORD-LESSP, to: (IMPLIES (AND (NOT (LISTP ALPHA)) (NUMBERP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (LESSP ALPHA (PLUS ALPHA N))), which again simplifies, using linear arithmetic, to: T. Case 8. (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP (NUM-SHARP ALPHA N)) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))), which simplifies, unfolding the function NUM-SHARP, to: T. Case 7. (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP (NUM-SHARP ALPHA N))) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))), which simplifies, unfolding the function NUM-SHARP, to: T. Case 6. (IMPLIES (AND (LISTP ALPHA) (LISTP (NUM-SHARP ALPHA N)) (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP ALPHA N))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))), which simplifies, applying CAR-CONS and IRREFLEX, and opening up the definition of NUM-SHARP, to: T. Case 5. (IMPLIES (AND (LISTP ALPHA) (LISTP (NUM-SHARP ALPHA N)) (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP ALPHA N))) (ORD-LESSP (CAR ALPHA) (NUM-SHARP (CAR ALPHA) N)) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))). This simplifies, rewriting with CAR-CONS and IRREFLEX, and unfolding the definition of NUM-SHARP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (LISTP (NUM-SHARP ALPHA N)) (NOT (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP ALPHA N)))) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))), which simplifies, rewriting with CAR-CONS and IRREFLEX, and expanding NUM-SHARP and ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (LISTP (NUM-SHARP ALPHA N)) (NOT (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP ALPHA N)))) (ORD-LESSP (CDR ALPHA) (NUM-SHARP (CDR ALPHA) N)) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))). This simplifies, applying CAR-CONS and IRREFLEX, and opening up the definitions of NUM-SHARP and ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (LISTP (NUM-SHARP ALPHA N)) (NOT (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP ALPHA N)))) (NOT (ORDINALP (CDR ALPHA))) (ORD-LESSP (CAR ALPHA) (NUM-SHARP (CAR ALPHA) N)) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))), which simplifies, applying CAR-CONS and IRREFLEX, and expanding the definitions of NUM-SHARP and ORDINALP, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (LISTP (NUM-SHARP ALPHA N)) (NOT (ORD-LESSP (CAR ALPHA) (CAR (NUM-SHARP ALPHA N)))) (ORD-LESSP (CDR ALPHA) (NUM-SHARP (CDR ALPHA) N)) (ORD-LESSP (CAR ALPHA) (NUM-SHARP (CAR ALPHA) N)) (ORDINALP ALPHA) (NUMBERP N) (NOT (EQUAL N 0))) (ORD-LESSP ALPHA (NUM-SHARP ALPHA N))). This simplifies, rewriting with CAR-CONS, IRREFLEX, and CDR-CONS, and opening up the definitions of NUM-SHARP, ORDINALP, and ORD-LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NUM-SHARP-GETS-BIGGER (PROVE-LEMMA CAR-OF-NUM-SHARP (REWRITE) (IMPLIES (NUMBERP N) (EQUAL (CAR (NUM-SHARP ALPHA N)) (CAR ALPHA)))) . Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). We would thus like to prove the following two new goals: Case 2. (IMPLIES (AND (NOT (LISTP ALPHA)) (NUMBERP N)) (EQUAL (CAR (NUM-SHARP ALPHA N)) (CAR ALPHA))). This simplifies, applying the lemma CAR-NLISTP, and opening up the definitions of NUM-SHARP and EQUAL, to: T. Case 1. (IMPLIES (NUMBERP N) (EQUAL (CAR (NUM-SHARP (CONS X Z) N)) X)), which simplifies, applying CDR-CONS and CAR-CONS, and unfolding NUM-SHARP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-NUM-SHARP (PROVE-LEMMA NUM-SHARP-IS-MONOTONIC (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N)))) Name the conjecture *1. We will try to prove it by induction. The recursive terms in the conjecture suggest six inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA))) (p ALPHA N BETA)) (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA)) (p ALPHA N BETA)) (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA))) (p ALPHA N BETA)) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (p (CAR ALPHA) N (CAR BETA))) (p ALPHA N BETA)) (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (p (CAR ALPHA) N (CAR BETA)) (p (CDR ALPHA) N (CDR BETA))) (p ALPHA N BETA))). Linear arithmetic and the lemmas CAR-LESSP and CDR-LESSP can be used to prove that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instances chosen for BETA. The above induction scheme generates the following ten new conjectures: Case 10.(IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))). This simplifies, expanding the functions ORDINALP, ORD-LESSP, and NUM-SHARP, to: (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (NUMBERP ALPHA) (NUMBERP BETA) (NUMBERP N) (LESSP ALPHA BETA)) (LESSP (PLUS ALPHA N) (PLUS BETA N))), which again simplifies, using linear arithmetic, to: T. Case 9. (IMPLIES (AND (NOT (LISTP ALPHA)) (LISTP BETA) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, unfolding ORDINALP, ORD-LESSP, and NUM-SHARP, to: T. Case 8. (IMPLIES (AND (LISTP ALPHA) (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, unfolding ORDINALP and ORD-LESSP, to: T. Case 7. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, unfolding ORDINALP, to: T. Case 6. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (NOT (ORDINALP (CAR BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, opening up ORDINALP, to: T. Case 5. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (ORD-LESSP (CAR ALPHA) (CAR BETA)) (ORD-LESSP (NUM-SHARP (CAR ALPHA) N) (NUM-SHARP (CAR BETA) N)) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, rewriting with the lemma CAR-CONS, and opening up ORDINALP, ORD-LESSP, and NUM-SHARP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, unfolding the definition of ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (NOT (ORDINALP (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, expanding ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (NOT (ORD-LESSP (CDR ALPHA) (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, unfolding ORDINALP and ORD-LESSP, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORD-LESSP (NUM-SHARP (CDR ALPHA) N) (NUM-SHARP (CDR BETA) N)) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (NUM-SHARP ALPHA N) (NUM-SHARP BETA N))), which simplifies, rewriting with CDR-CONS, IRREFLEX, and CAR-CONS, and unfolding the definitions of ORDINALP, ORD-LESSP, and NUM-SHARP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.1 ] NUM-SHARP-IS-MONOTONIC (PROVE-LEMMA NUMBER-PART-OF-NUM-SHARP (REWRITE) (EQUAL (NUMBER-PART (NUM-SHARP ALPHA N)) (PLUS (NUMBER-PART ALPHA) N))) Name the conjecture *1. We will appeal to induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP ALPHA) (p ALPHA N)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (p (CDR ALPHA) N)) (p ALPHA N))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following two new formulas: Case 2. (IMPLIES (NLISTP ALPHA) (EQUAL (NUMBER-PART (NUM-SHARP ALPHA N)) (PLUS (NUMBER-PART ALPHA) N))). This simplifies, expanding the definitions of NLISTP, NUM-SHARP, and NUMBER-PART, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP ALPHA)) (EQUAL (NUMBER-PART (NUM-SHARP (CDR ALPHA) N)) (PLUS (NUMBER-PART (CDR ALPHA)) N))) (EQUAL (NUMBER-PART (NUM-SHARP ALPHA N)) (PLUS (NUMBER-PART ALPHA) N))). This simplifies, applying CDR-CONS, and expanding the definitions of NLISTP, NUM-SHARP, and NUMBER-PART, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] NUMBER-PART-OF-NUM-SHARP (PROVE-LEMMA POS-MULT-OF-NUM-SHARP (REWRITE) (EQUAL (POS-MULT DELTA (NUM-SHARP ALPHA N)) (POS-MULT DELTA ALPHA))) Give the conjecture the name *1. Let us appeal to the induction principle. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP ALPHA) (p DELTA ALPHA N)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (p DELTA (CDR ALPHA) N)) (p DELTA ALPHA N))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates two new conjectures: Case 2. (IMPLIES (NLISTP ALPHA) (EQUAL (POS-MULT DELTA (NUM-SHARP ALPHA N)) (POS-MULT DELTA ALPHA))), which simplifies, expanding the functions NLISTP, NUM-SHARP, POS-MULT, and EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP ALPHA)) (EQUAL (POS-MULT DELTA (NUM-SHARP (CDR ALPHA) N)) (POS-MULT DELTA (CDR ALPHA)))) (EQUAL (POS-MULT DELTA (NUM-SHARP ALPHA N)) (POS-MULT DELTA ALPHA))), which simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and expanding NLISTP, NUM-SHARP, and POS-MULT, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] POS-MULT-OF-NUM-SHARP (PROVE-LEMMA MULT-OF-NUM-SHARP (REWRITE) (IMPLIES (AND (NUMBERP N) (ORDINALP DELTA) (ORDINALP ALPHA)) (EQUAL (MULT DELTA (NUM-SHARP ALPHA N)) (PLUS (MULT DELTA ALPHA) (MULT DELTA N))))) WARNING: Note that the rewrite rule MULT-OF-NUM-SHARP will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This conjecture simplifies, applying POS-MULT-OF-NUM-SHARP and NUMBER-PART-OF-NUM-SHARP, and unfolding the definitions of MULT, POS-MULT, and NUMBER-PART, to: (IMPLIES (AND (NUMBERP N) (ORDINALP DELTA) (ORDINALP ALPHA) (NOT (EQUAL DELTA 0))) (EQUAL (POS-MULT DELTA ALPHA) (PLUS (POS-MULT DELTA ALPHA) 0))). This again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MULT-OF-NUM-SHARP (DEFN INSERT (DELTA ALPHA) (IF (NLISTP ALPHA) (CONS DELTA ALPHA) (IF (ORD-LESSP DELTA (CAR ALPHA)) (CONS (CAR ALPHA) (INSERT DELTA (CDR ALPHA))) (CONS DELTA ALPHA)))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, INSERT is accepted under the principle of definition. Note that: (LISTP (INSERT DELTA ALPHA)) is a theorem. [ 0.0 0.0 0.0 ] INSERT (PROVE-LEMMA CAR-OF-INSERT-A (REWRITE) (IMPLIES (AND (ORD-LESSP DELTA (CAR ALPHA)) (ORDINALP ALPHA)) (EQUAL (CAR (INSERT DELTA ALPHA)) (CAR ALPHA)))) . Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). This produces the following two new formulas: Case 2. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (ORDINALP ALPHA)) (EQUAL (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))). This simplifies, appealing to the lemma CAR-NLISTP, and opening up LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 1. (IMPLIES (AND (ORD-LESSP DELTA X) (ORDINALP (CONS X Z))) (EQUAL (CAR (INSERT DELTA (CONS X Z))) X)), which simplifies, applying the lemmas CDR-CONS and CAR-CONS, and expanding the definitions of ORDINALP and INSERT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-INSERT-A (PROVE-LEMMA CAR-OF-INSERT-B (REWRITE) (IMPLIES (NOT (ORD-LESSP DELTA (CAR ALPHA))) (EQUAL (CAR (INSERT DELTA ALPHA)) DELTA))) This simplifies, appealing to the lemma CAR-CONS, and opening up the definition of INSERT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-INSERT-B (PROVE-LEMMA INSERT-IS-AN-ORDINAL (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORDINALP (INSERT DELTA ALPHA))) ((INDUCT (INSERT DELTA ALPHA)) (ENABLE NO-CYCLE-ALT) (DISABLE ORD-LEQ-ZERO LEQ-0 ORD-LEQ TRANSITIVITY CAR-OF-INSERT-A CAR-OF-INSERT-B))) This conjecture can be simplified, using the abbreviations IMPLIES, NLISTP, NOT, OR, and AND, to three new formulas: Case 3. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORDINALP (INSERT DELTA ALPHA))), which simplifies, applying CDR-CONS and CAR-CONS, and opening up the definitions of ORDINALP and INSERT, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (ORD-LESSP DELTA (CAR ALPHA)) (IMPLIES (AND (ORDINALP (CDR ALPHA)) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORDINALP (INSERT DELTA (CDR ALPHA)))) (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORDINALP (INSERT DELTA ALPHA))). This simplifies, rewriting with CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, CDR-CONS, CAR-CONS, and NO-CYCLE-ALT, and unfolding the definitions of ORDINALP, NOT, AND, IMPLIES, EQUAL, and INSERT, to the goal: (IMPLIES (AND (LISTP ALPHA) (ORD-LESSP DELTA (CAR ALPHA)) (ORDINALP (INSERT DELTA (CDR ALPHA))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (NOT (ORD-LESSP (CAR ALPHA) (CAR (INSERT DELTA (CDR ALPHA)))))). Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA) and Z by (CONS V W) to eliminate (CAR Z) and (CDR Z). We must thus prove two new conjectures: Case 2.2. (IMPLIES (AND (NOT (LISTP Z)) (ORD-LESSP DELTA X) (ORDINALP (INSERT DELTA Z)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (ORD-LESSP X (CAR Z))) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (NOT (ORD-LESSP X (CAR (INSERT DELTA Z))))), which further simplifies, applying CDR-CONS, CAR-CONS, CAR-NLISTP, POSTIVE-ORD-LESSP, and NO-CYCLE-ALT, and unfolding INSERT and ORDINALP, to: T. Case 2.1. (IMPLIES (AND (ORD-LESSP DELTA X) (ORDINALP (INSERT DELTA (CONS V W))) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP (CONS V W)) (NOT (ORD-LESSP X V)) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (NOT (ORD-LESSP X (CAR (INSERT DELTA (CONS V W)))))). However this further simplifies, applying CDR-CONS, CAR-CONS, and NO-CYCLE-ALT, and expanding the functions INSERT and ORDINALP, to: T. Case 1. (IMPLIES (AND (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA))) (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORDINALP (INSERT DELTA ALPHA))). This simplifies, applying the lemmas CDR-CONS and CAR-CONS, and expanding the definitions of INSERT and ORDINALP, to: T. Q.E.D. [ 0.0 0.3 0.0 ] INSERT-IS-AN-ORDINAL (PROVE-LEMMA INSERT-IS-CONS (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (EQUAL (INSERT DELTA ALPHA) (CONS DELTA ALPHA)))) This formula simplifies, expanding the definition of INSERT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] INSERT-IS-CONS (PROVE-LEMMA INSERT-IS-BIGGER-AUX1 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (ORD-LESSP ALPHA (INSERT DELTA ALPHA))) ((USE (TRICHOTOMY (SIGMA DELTA) (TAU (CAR ALPHA)))) (DISABLE TRICHOTOMY))) This conjecture simplifies, rewriting with CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, IRREFLEX, INSERT-IS-CONS, CDRS-ARE-SMALLER, CDR-CONS, and CAR-CONS, and unfolding the functions ORDINALP, AND, OR, IMPLIES, EQUAL, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] INSERT-IS-BIGGER-AUX1 (DEFN BAD-FOR-INSERT-IS-BIGGER (ALPHA DELTA) (AND (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (ORD-LESSP ALPHA (INSERT DELTA ALPHA))))) From the definition we can conclude that: (OR (FALSEP (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA)) (TRUEP (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-INSERT-IS-BIGGER (PROVE-LEMMA INSERT-IS-BIGGER-AUX2 (REWRITE) (IMPLIES (NLISTP ALPHA) (NOT (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA)))) WARNING: Note that the rewrite rule INSERT-IS-BIGGER-AUX2 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-INSERT-IS-BIGGER. This conjecture can be simplified, using the abbreviations BAD-FOR-INSERT-IS-BIGGER, NOT, NLISTP, and IMPLIES, to: (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORD-LESSP ALPHA (INSERT DELTA ALPHA))). This simplifies, using linear arithmetic, rewriting with CAR-NLISTP and INSERT-IS-CONS, and expanding ORDINALP, ORD-LESSP, and LISTP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX2 (PROVE-LEMMA INSERT-IS-BIGGER-AUX3 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (NOT (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA))) ((USE (INSERT-IS-BIGGER-AUX1 (ALPHA ALPHA) (DELTA DELTA))) (DISABLE INSERT-IS-BIGGER-AUX1) (DO-NOT-INDUCT T))) WARNING: Note that the rewrite rule INSERT-IS-BIGGER-AUX3 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-INSERT-IS-BIGGER. This formula can be simplified, using the abbreviations BAD-FOR-INSERT-IS-BIGGER, NOT, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (ORD-LESSP ALPHA (INSERT DELTA ALPHA))) (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA))) (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORD-LESSP ALPHA (INSERT DELTA ALPHA))), which simplifies, applying CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, INSERT-IS-CONS, CDRS-ARE-SMALLER, CDR-CONS, CAR-CONS, and IRREFLEX, and opening up the functions ORDINALP, NOT, AND, ORD-LESSP, IMPLIES, LESSP, EQUAL, and LISTP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] INSERT-IS-BIGGER-AUX3 (PROVE-LEMMA INSERT-SMALL-ORDINAL (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LISTP ALPHA) (ORD-LESSP DELTA (CAR ALPHA))) (EQUAL (INSERT DELTA ALPHA) (CONS (CAR ALPHA) (INSERT DELTA (CDR ALPHA)))))) This formula simplifies, unfolding the functions ORDINALP and INSERT, to: T. Q.E.D. [ 0.0 0.1 0.0 ] INSERT-SMALL-ORDINAL (PROVE-LEMMA INSERT-IS-BIGGER-AUX4 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LISTP ALPHA) (ORD-LESSP DELTA (CAR ALPHA)) (ORD-LESSP (CDR ALPHA) (INSERT DELTA (CDR ALPHA)))) (ORD-LESSP ALPHA (INSERT DELTA ALPHA))) ((USE (INSERT-SMALL-ORDINAL (ALPHA ALPHA) (DELTA DELTA))) (DISABLE ORDINALP INSERT INSERT-SMALL-ORDINAL))) This conjecture simplifies, applying CAR-OF-INSERT-A, CAR-CONS, and CDR-CONS, and unfolding AND and IMPLIES, to: (IMPLIES (AND (EQUAL (INSERT DELTA ALPHA) (CONS (CAR ALPHA) (INSERT DELTA (CDR ALPHA)))) (ORDINALP ALPHA) (LISTP ALPHA) (ORD-LESSP DELTA (CAR ALPHA)) (ORD-LESSP (CDR ALPHA) (INSERT DELTA (CDR ALPHA)))) (ORD-LESSP ALPHA (INSERT DELTA ALPHA))). Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). We must thus prove: (IMPLIES (AND (EQUAL (INSERT DELTA (CONS X Z)) (CONS X (INSERT DELTA Z))) (ORDINALP (CONS X Z)) (ORD-LESSP DELTA X) (ORD-LESSP Z (INSERT DELTA Z))) (ORD-LESSP (CONS X Z) (INSERT DELTA (CONS X Z)))). But this further simplifies, applying CAR-CONS, CAR-OF-INSERT-A, CDR-CONS, and IRREFLEX, and expanding the definition of ORD-LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX4 (PROVE-LEMMA INSERT-IS-BIGGER-AUX5 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (ORD-LESSP DELTA (CAR ALPHA)) (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA)) (BAD-FOR-INSERT-IS-BIGGER (CDR ALPHA) DELTA)) ((DO-NOT-INDUCT T) (USE (INSERT-IS-BIGGER-AUX4 (ALPHA ALPHA) (DELTA DELTA))) (DISABLE ORDINALP ORD-LESSP INSERT-IS-BIGGER-AUX4 INSERT-SMALL-ORDINAL INSERT))) WARNING: Note that the rewrite rule INSERT-IS-BIGGER-AUX5 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-INSERT-IS-BIGGER. This formula can be simplified, using the abbreviations BAD-FOR-INSERT-IS-BIGGER, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP ALPHA) (LISTP ALPHA) (ORD-LESSP DELTA (CAR ALPHA)) (ORD-LESSP (CDR ALPHA) (INSERT DELTA (CDR ALPHA)))) (ORD-LESSP ALPHA (INSERT DELTA ALPHA))) (LISTP ALPHA) (ORD-LESSP DELTA (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (ORD-LESSP ALPHA (INSERT DELTA ALPHA)))) (BAD-FOR-INSERT-IS-BIGGER (CDR ALPHA) DELTA)), which simplifies, applying CDRS-ARE-ORDINALS, and opening up the functions AND, IMPLIES, and BAD-FOR-INSERT-IS-BIGGER, to: T. Q.E.D. [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX5 (PROVE-LEMMA INSERT-IS-BIGGER-AUX6 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA)) (BAD-FOR-INSERT-IS-BIGGER (CDR ALPHA) DELTA)) ((DO-NOT-INDUCT T) (USE (INSERT-IS-BIGGER-AUX5 (ALPHA ALPHA) (DELTA DELTA))) (DISABLE BAD-FOR-INSERT-IS-BIGGER ORDINALP ORD-LESSP INSERT-IS-BIGGER-AUX5 INSERT-SMALL-ORDINAL INSERT))) WARNING: Note that the rewrite rule INSERT-IS-BIGGER-AUX6 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-INSERT-IS-BIGGER. WARNING: the newly proposed lemma, INSERT-IS-BIGGER-AUX6, could be applied whenever the previously added lemma INSERT-IS-BIGGER-AUX5 could. This simplifies, applying INSERT-IS-BIGGER-AUX3, and unfolding AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX6 (PROVE-LEMMA INSERT-IS-BIGGER-AUX7 (REWRITE) (NOT (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA)) ((INDUCT (SUCCESSOR ALPHA)) (DISABLE BAD-FOR-INSERT-IS-BIGGER))) WARNING: Note that the rewrite rule INSERT-IS-BIGGER-AUX7 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-INSERT-IS-BIGGER. WARNING: the newly proposed lemma, INSERT-IS-BIGGER-AUX7, could be applied whenever the previously added lemma INSERT-IS-BIGGER-AUX3 could. WARNING: the newly proposed lemma, INSERT-IS-BIGGER-AUX7, could be applied whenever the previously added lemma INSERT-IS-BIGGER-AUX2 could. This formula can be simplified, using the abbreviations NOT, OR, and AND, to the following two new formulas: Case 2. (IMPLIES (AND (LISTP ALPHA) (NOT (BAD-FOR-INSERT-IS-BIGGER (CDR ALPHA) DELTA))) (NOT (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA))). This simplifies, applying the lemma INSERT-IS-BIGGER-AUX6, to: T. Case 1. (IMPLIES (NOT (LISTP ALPHA)) (NOT (BAD-FOR-INSERT-IS-BIGGER ALPHA DELTA))). This simplifies, rewriting with INSERT-IS-BIGGER-AUX2, to: T. Q.E.D. [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX7 (PROVE-LEMMA INSERT-IS-BIGGER (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORD-LESSP ALPHA (INSERT DELTA ALPHA))) ((DO-NOT-INDUCT T) (USE (INSERT-IS-BIGGER-AUX7 (ALPHA ALPHA) (DELTA DELTA))) (DISABLE INSERT-IS-BIGGER-AUX7))) WARNING: the newly proposed lemma, INSERT-IS-BIGGER, could be applied whenever the previously added lemma INSERT-IS-BIGGER-AUX1 could. This formula simplifies, appealing to the lemmas CARS-ARE-ORDINALS and CDRS-ARE-ORDINALS, and expanding the definitions of ORDINALP, BAD-FOR-INSERT-IS-BIGGER, and EQUAL, to: T. Q.E.D. [ 0.0 0.1 0.0 ] INSERT-IS-BIGGER (DISABLE INSERT-IS-BIGGER-AUX1) [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX1-OFF (DISABLE INSERT-IS-BIGGER-AUX2) [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX2-OFF (DISABLE INSERT-IS-BIGGER-AUX3) [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX3-OFF (DISABLE INSERT-IS-BIGGER-AUX4) [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX4-OFF (DISABLE INSERT-IS-BIGGER-AUX5) [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX5-OFF (DISABLE INSERT-IS-BIGGER-AUX6) [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX6-OFF (DISABLE INSERT-IS-BIGGER-AUX7) [ 0.0 0.0 0.0 ] INSERT-IS-BIGGER-AUX7-OFF (PROVE-LEMMA NUMBER-PART-OF-INSERT (REWRITE) (EQUAL (NUMBER-PART (INSERT DELTA ALPHA)) (NUMBER-PART ALPHA))) Call the conjecture *1. We will try to prove it by induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP ALPHA) (p DELTA ALPHA)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (p DELTA (CDR ALPHA))) (p DELTA ALPHA)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (p DELTA ALPHA))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following three new formulas: Case 3. (IMPLIES (NLISTP ALPHA) (EQUAL (NUMBER-PART (INSERT DELTA ALPHA)) (NUMBER-PART ALPHA))). This simplifies, applying CDR-CONS, and expanding the functions NLISTP, INSERT, and NUMBER-PART, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (NUMBER-PART (INSERT DELTA (CDR ALPHA))) (NUMBER-PART (CDR ALPHA)))) (EQUAL (NUMBER-PART (INSERT DELTA ALPHA)) (NUMBER-PART ALPHA))), which simplifies, appealing to the lemma CDR-CONS, and unfolding the functions NLISTP, INSERT, and NUMBER-PART, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP ALPHA)) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (EQUAL (NUMBER-PART (INSERT DELTA ALPHA)) (NUMBER-PART ALPHA))), which simplifies, unfolding the definitions of NLISTP, INSERT, and NUMBER-PART, to: (IMPLIES (AND (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (EQUAL (NUMBER-PART (CONS DELTA ALPHA)) (NUMBER-PART (CDR ALPHA)))). This again simplifies, appealing to the lemma CDR-CONS, and opening up the definition of NUMBER-PART, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NUMBER-PART-OF-INSERT (PROVE-LEMMA POS-MULT-SAME (REWRITE) (EQUAL (POS-MULT DELTA (INSERT DELTA ALPHA)) (ADD1 (POS-MULT DELTA ALPHA)))) Give the conjecture the name *1. We will try to prove it by induction. There are two plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP ALPHA) (p DELTA ALPHA)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (p DELTA (CDR ALPHA))) (p DELTA ALPHA)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (p DELTA ALPHA))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates three new goals: Case 3. (IMPLIES (NLISTP ALPHA) (EQUAL (POS-MULT DELTA (INSERT DELTA ALPHA)) (ADD1 (POS-MULT DELTA ALPHA)))), which simplifies, applying CDR-CONS and CAR-CONS, and unfolding the functions NLISTP, INSERT, ADD1, POS-MULT, and EQUAL, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (POS-MULT DELTA (INSERT DELTA (CDR ALPHA))) (ADD1 (POS-MULT DELTA (CDR ALPHA))))) (EQUAL (POS-MULT DELTA (INSERT DELTA ALPHA)) (ADD1 (POS-MULT DELTA ALPHA)))). This simplifies, rewriting with the lemmas CDR-CONS and CAR-CONS, and expanding the functions NLISTP, INSERT, and POS-MULT, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP ALPHA)) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (EQUAL (POS-MULT DELTA (INSERT DELTA ALPHA)) (ADD1 (POS-MULT DELTA ALPHA)))). This simplifies, expanding the functions NLISTP, INSERT, and POS-MULT, to the following two new formulas: Case 1.2. (IMPLIES (AND (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA))) (NOT (EQUAL DELTA (CAR ALPHA)))) (EQUAL (POS-MULT DELTA (CONS DELTA ALPHA)) (ADD1 (POS-MULT DELTA (CDR ALPHA))))). But this again simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and opening up the definition of POS-MULT, to: T. Case 1.1. (IMPLIES (AND (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA))) (EQUAL DELTA (CAR ALPHA))) (EQUAL (POS-MULT DELTA (CONS DELTA ALPHA)) (ADD1 (ADD1 (POS-MULT DELTA (CDR ALPHA)))))), which again simplifies, applying the lemmas IRREFLEX, CDR-CONS, CAR-CONS, and ADD1-EQUAL, and unfolding POS-MULT, to: (IMPLIES (LISTP ALPHA) (EQUAL (POS-MULT (CAR ALPHA) ALPHA) (ADD1 (POS-MULT (CAR ALPHA) (CDR ALPHA))))). However this again simplifies, opening up the definition of POS-MULT, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] POS-MULT-SAME (PROVE-LEMMA POS-MULT-DIFFERENT (REWRITE) (IMPLIES (NOT (EQUAL X DELTA)) (EQUAL (POS-MULT X (INSERT DELTA ALPHA)) (POS-MULT X ALPHA)))) Give the conjecture the name *1. Let us appeal to the induction principle. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP ALPHA) (p X DELTA ALPHA)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (p X DELTA (CDR ALPHA))) (p X DELTA ALPHA)) (IMPLIES (AND (NOT (NLISTP ALPHA)) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (p X DELTA ALPHA))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to show that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following three new conjectures: Case 3. (IMPLIES (AND (NLISTP ALPHA) (NOT (EQUAL X DELTA))) (EQUAL (POS-MULT X (INSERT DELTA ALPHA)) (POS-MULT X ALPHA))). This simplifies, appealing to the lemmas CDR-CONS and CAR-CONS, and expanding the functions NLISTP, INSERT, POS-MULT, and EQUAL, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (POS-MULT X (INSERT DELTA (CDR ALPHA))) (POS-MULT X (CDR ALPHA))) (NOT (EQUAL X DELTA))) (EQUAL (POS-MULT X (INSERT DELTA ALPHA)) (POS-MULT X ALPHA))). This simplifies, applying CDR-CONS and CAR-CONS, and expanding the definitions of NLISTP, INSERT, and POS-MULT, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP ALPHA)) (NOT (ORD-LESSP DELTA (CAR ALPHA))) (NOT (EQUAL X DELTA))) (EQUAL (POS-MULT X (INSERT DELTA ALPHA)) (POS-MULT X ALPHA))), which simplifies, expanding the functions NLISTP, INSERT, and POS-MULT, to two new conjectures: Case 1.2. (IMPLIES (AND (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA))) (NOT (EQUAL X DELTA)) (NOT (EQUAL X (CAR ALPHA)))) (EQUAL (POS-MULT X (CONS DELTA ALPHA)) (POS-MULT X (CDR ALPHA)))), which again simplifies, rewriting with the lemmas CDR-CONS and CAR-CONS, and opening up POS-MULT, to: T. Case 1.1. (IMPLIES (AND (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA))) (NOT (EQUAL X DELTA)) (EQUAL X (CAR ALPHA))) (EQUAL (POS-MULT X (CONS DELTA ALPHA)) (ADD1 (POS-MULT X (CDR ALPHA))))), which again simplifies, applying CDR-CONS and CAR-CONS, and opening up POS-MULT, to the new conjecture: (IMPLIES (AND (LISTP ALPHA) (NOT (ORD-LESSP DELTA (CAR ALPHA))) (NOT (EQUAL (CAR ALPHA) DELTA))) (EQUAL (POS-MULT (CAR ALPHA) ALPHA) (ADD1 (POS-MULT (CAR ALPHA) (CDR ALPHA))))), which again simplifies, expanding the definition of POS-MULT, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] POS-MULT-DIFFERENT (PROVE-LEMMA MULT-OF-INSERT-A (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (NOT (EQUAL SIGMA DELTA))) (EQUAL (MULT SIGMA (INSERT DELTA ALPHA)) (MULT SIGMA ALPHA)))) WARNING: Note that the rewrite rule MULT-OF-INSERT-A will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This formula simplifies, applying the lemmas POS-MULT-DIFFERENT and NUMBER-PART-OF-INSERT, and unfolding MULT, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MULT-OF-INSERT-A (PROVE-LEMMA MULT-OF-INSERT-B (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (NOT (EQUAL DELTA 0))) (EQUAL (MULT DELTA (INSERT DELTA ALPHA)) (ADD1 (MULT DELTA ALPHA))))) WARNING: Note that the rewrite rule MULT-OF-INSERT-B will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This simplifies, rewriting with POS-MULT-SAME, and expanding the function MULT, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MULT-OF-INSERT-B (DEFN SHARP (ALPHA BETA) (IF (NLISTP BETA) (NUM-SHARP ALPHA BETA) (INSERT (CAR BETA) (SHARP ALPHA (CDR BETA))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to show that the measure (COUNT BETA) decreases according to the well-founded relation LESSP in each recursive call. Hence, SHARP is accepted under the definitional principle. From the definition we can conclude that: (OR (NUMBERP (SHARP ALPHA BETA)) (LISTP (SHARP ALPHA BETA))) is a theorem. [ 0.0 0.0 0.0 ] SHARP (PROVE-LEMMA SHARP-IS-AN-ORDINAL (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (SHARP ALPHA BETA)))) Call the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP BETA) (p ALPHA (CAR BETA)) (p ALPHA (CDR BETA))) (p ALPHA BETA)) (IMPLIES (NOT (LISTP BETA)) (p ALPHA BETA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to prove that the measure (COUNT BETA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to five new goals: Case 5. (IMPLIES (AND (LISTP BETA) (NOT (ORDINALP (CAR BETA))) (NOT (ORDINALP (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (SHARP ALPHA BETA))), which simplifies, opening up the definition of ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP BETA) (ORDINALP (SHARP ALPHA (CAR BETA))) (NOT (ORDINALP (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (SHARP ALPHA BETA))), which simplifies, expanding ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP BETA) (NOT (ORDINALP (CAR BETA))) (ORDINALP (SHARP ALPHA (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (SHARP ALPHA BETA))), which simplifies, opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP BETA) (ORDINALP (SHARP ALPHA (CAR BETA))) (ORDINALP (SHARP ALPHA (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (SHARP ALPHA BETA))), which simplifies, rewriting with INSERT-IS-AN-ORDINAL, and opening up the functions ORDINALP and SHARP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA)) (ORDINALP (SHARP ALPHA BETA))). This simplifies, rewriting with NUM-SHARP-IS-AN-ORDINAL, and expanding the functions ORDINALP and SHARP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] SHARP-IS-AN-ORDINAL (PROVE-LEMMA SHARP-WITH-0 (REWRITE) (IMPLIES (ORDINALP ALPHA) (EQUAL (SHARP ALPHA 0) ALPHA))) This conjecture simplifies, applying NUM-SHARP-AND-ZERO, and unfolding the functions LISTP and SHARP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SHARP-WITH-0 (PROVE-LEMMA SHARP-GETS-BIGGER (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL BETA 0))) (ORD-LESSP ALPHA (SHARP ALPHA BETA))) ((INDUCT (SUCCESSOR BETA)) (DISABLE NUM-SHARP INSERT))) This conjecture can be simplified, using the abbreviations IMPLIES, NOT, OR, and AND, to two new goals: Case 2. (IMPLIES (AND (LISTP BETA) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP (CDR BETA)) (NOT (EQUAL (CDR BETA) 0))) (ORD-LESSP ALPHA (SHARP ALPHA (CDR BETA)))) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL BETA 0))) (ORD-LESSP ALPHA (SHARP ALPHA BETA))), which simplifies, rewriting with CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, and SHARP-WITH-0, and unfolding the functions ORDINALP, NOT, AND, IMPLIES, EQUAL, and SHARP, to the following two new goals: Case 2.2. (IMPLIES (AND (LISTP BETA) (EQUAL (CDR BETA) 0) (ORDINALP ALPHA) (ORDINALP BETA)) (ORD-LESSP ALPHA (INSERT (CAR BETA) ALPHA))). Appealing to the lemma CAR-CDR-ELIM, we now replace BETA by (CONS Z X) to eliminate (CDR BETA) and (CAR BETA). The result is: (IMPLIES (AND (EQUAL X 0) (ORDINALP ALPHA) (ORDINALP (CONS Z X))) (ORD-LESSP ALPHA (INSERT Z ALPHA))). This further simplifies, applying CDR-CONS, CAR-CONS, and INSERT-IS-BIGGER, and opening up LISTP and ORDINALP, to: T. Case 2.1. (IMPLIES (AND (LISTP BETA) (ORD-LESSP ALPHA (SHARP ALPHA (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA)) (ORD-LESSP ALPHA (INSERT (CAR BETA) (SHARP ALPHA (CDR BETA))))). Appealing to the lemma CAR-CDR-ELIM, we now replace BETA by (CONS Z X) to eliminate (CDR BETA) and (CAR BETA). We must thus prove: (IMPLIES (AND (ORD-LESSP ALPHA (SHARP ALPHA X)) (ORDINALP ALPHA) (ORDINALP (CONS Z X))) (ORD-LESSP ALPHA (INSERT Z (SHARP ALPHA X)))). But this further simplifies, applying CDR-CONS, CAR-CONS, INSERT-IS-BIGGER, SHARP-IS-AN-ORDINAL, and TRANSITIVITY, and opening up ORDINALP and SHARP, to the new goal: (IMPLIES (AND (ORD-LESSP ALPHA (SHARP ALPHA X)) (ORDINALP ALPHA) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP X) (NOT (LISTP X))) (ORD-LESSP ALPHA (INSERT Z (NUM-SHARP ALPHA X)))), which again simplifies, appealing to the lemmas INSERT-IS-BIGGER, NUM-SHARP-IS-AN-ORDINAL, and TRANSITIVITY, and unfolding SHARP and ORDINALP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL BETA 0))) (ORD-LESSP ALPHA (SHARP ALPHA BETA))), which simplifies, rewriting with the lemma NUM-SHARP-GETS-BIGGER, and unfolding ORDINALP and SHARP, to: T. Q.E.D. [ 0.0 0.5 0.0 ] SHARP-GETS-BIGGER (PROVE-LEMMA CAR-OF-INSERT-AUX1 (REWRITE) (IMPLIES (AND (EQUAL DELTA (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP DELTA)) (EQUAL (CAR (INSERT DELTA ALPHA)) (CAR ALPHA)))) This formula simplifies, rewriting with CARS-ARE-ORDINALS, IRREFLEX, and CAR-CONS, and opening up the definition of INSERT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-INSERT-AUX1 (PROVE-LEMMA CAR-OF-INSERT-C (REWRITE) (IMPLIES (AND (ORD-LEQ DELTA (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP DELTA)) (EQUAL (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) ((DO-NOT-INDUCT T) (USE (LEQ-AS-AN-OR (RHO DELTA) (SIGMA (CAR ALPHA)))) (DISABLE ORD-LEQ ORDINALP LEQ-AS-AN-OR))) This formula simplifies, rewriting with CARS-ARE-ORDINALS, CAR-OF-INSERT-A, IRREFLEX, and CAR-CONS, and unfolding AND, OR, IMPLIES, and INSERT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-INSERT-C (PROVE-LEMMA CAR-OF-SHARP-AUX1 (REWRITE) (IMPLIES (AND (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (SHARP ALPHA BETA)) (CAR ALPHA))) ((INDUCT (SUCCESSOR BETA)) (DISABLE ORDINALP ORD-LEQ))) This formula can be simplified, using the abbreviations IMPLIES, NOT, OR, and AND, to the following two new formulas: Case 2. T. This simplifies, obviously, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (SHARP ALPHA BETA)) (CAR ALPHA))). This simplifies, opening up the definition of SHARP, to: (IMPLIES (AND (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (NUM-SHARP ALPHA BETA)) (CAR ALPHA))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). We thus obtain the following two new conjectures: Case 1.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (NUM-SHARP ALPHA BETA)) (CAR ALPHA))). However this further simplifies, rewriting with the lemma CAR-NLISTP, and expanding the functions NUM-SHARP and EQUAL, to: T. Case 1.1. (IMPLIES (AND (NOT (LISTP BETA)) (ORDINALP (CONS X Z)) (ORDINALP BETA)) (EQUAL (CAR (NUM-SHARP (CONS X Z) BETA)) X)), which further simplifies, applying CDR-CONS and CAR-CONS, and expanding NUM-SHARP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-SHARP-AUX1 (PROVE-LEMMA CAR-OF-SHARP-AUX2 (REWRITE) (IMPLIES (AND (ORD-LEQ (CAR BETA) (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP BETA)) (ORD-LEQ (CADR BETA) (CAR ALPHA))) ((DO-NOT-INDUCT T) (USE (ORD-LEQ-IS-TRANSITIVE (ALPHA (CADR BETA)) (BETA (CAR BETA)) (GAMMA (CAR ALPHA))) (CARS-GO-DOWN (BETA BETA))) (DISABLE ORDINALP ORD-LEQ CARS-GO-DOWN ORD-LEQ-IS-TRANSITIVE))) WARNING: Note that the rewrite rule CAR-OF-SHARP-AUX2 will be stored so as to apply only to terms with the nonrecursive function symbol ORD-LEQ. This formula simplifies, rewriting with CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and expanding the functions AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-SHARP-AUX2 (PROVE-LEMMA CAR-OF-SHARP-A (REWRITE) (IMPLIES (AND (ORD-LEQ (CAR BETA) (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (SHARP ALPHA BETA)) (CAR ALPHA))) ((INDUCT (SUCCESSOR BETA)) (DISABLE ORDINALP ORD-LEQ))) This conjecture can be simplified, using the abbreviations IMPLIES, NOT, OR, and AND, to two new conjectures: Case 2. (IMPLIES (AND (LISTP BETA) (IMPLIES (AND (ORD-LEQ (CADR BETA) (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP (CDR BETA))) (EQUAL (CAR (SHARP ALPHA (CDR BETA))) (CAR ALPHA))) (ORD-LEQ (CAR BETA) (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (SHARP ALPHA BETA)) (CAR ALPHA))), which simplifies, rewriting with CAR-OF-SHARP-AUX2, CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, SHARP-IS-AN-ORDINAL, and CAR-OF-INSERT-C, and expanding the definitions of AND, IMPLIES, and SHARP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BETA)) (ORD-LEQ (CAR BETA) (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (SHARP ALPHA BETA)) (CAR ALPHA))). This simplifies, applying CAR-NLISTP, and expanding the definition of SHARP, to the formula: (IMPLIES (AND (NOT (LISTP BETA)) (ORD-LEQ 0 (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (NUM-SHARP ALPHA BETA)) (CAR ALPHA))). Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). The result is two new goals: Case 1.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (LISTP BETA)) (ORD-LEQ 0 (CAR ALPHA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (NUM-SHARP ALPHA BETA)) (CAR ALPHA))), which further simplifies, appealing to the lemma CAR-NLISTP, and expanding the functions ORD-LEQ, NUM-SHARP, and EQUAL, to: T. Case 1.1. (IMPLIES (AND (NOT (LISTP BETA)) (ORD-LEQ 0 X) (ORDINALP (CONS X Z)) (ORDINALP BETA)) (EQUAL (CAR (NUM-SHARP (CONS X Z) BETA)) X)), which further simplifies, rewriting with CDR-CONS and CAR-CONS, and expanding NUM-SHARP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-SHARP-A (DISABLE CAR-OF-SHARP-AUX1) [ 0.0 0.0 0.0 ] CAR-OF-SHARP-AUX1-OFF (DISABLE CAR-OF-SHARP-AUX2) [ 0.0 0.0 0.0 ] CAR-OF-SHARP-AUX2-OFF (DEFN BAD-FOR-MULT-OF-SHARP (SIGMA ALPHA BETA) (AND (ORDINALP SIGMA) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL (MULT SIGMA (SHARP ALPHA BETA)) (PLUS (MULT SIGMA ALPHA) (MULT SIGMA BETA)))))) From the definition we can conclude that: (OR (FALSEP (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA)) (TRUEP (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-MULT-OF-SHARP (PROVE-LEMMA MULT-OF-SHARP-AUX1 (REWRITE) (IMPLIES (NLISTP BETA) (NOT (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA)))) WARNING: Note that the rewrite rule MULT-OF-SHARP-AUX1 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-MULT-OF-SHARP. This formula can be simplified, using the abbreviations BAD-FOR-MULT-OF-SHARP, NOT, NLISTP, and IMPLIES, to the new conjecture: (IMPLIES (AND (NOT (LISTP BETA)) (ORDINALP SIGMA) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (MULT SIGMA (SHARP ALPHA BETA)) (PLUS (MULT SIGMA ALPHA) (MULT SIGMA BETA)))), which simplifies, rewriting with the lemma MULT-OF-NUM-SHARP, and expanding the definitions of ORDINALP, SHARP, MULT, POS-MULT, and NUMBER-PART, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MULT-OF-SHARP-AUX1 (PROVE-LEMMA MULT-OF-SHARP-AUX2 (REWRITE) (IMPLIES (AND (LISTP BETA) (ORDINALP BETA)) (NOT (EQUAL (CAR BETA) 0)))) This conjecture simplifies, expanding the definitions of EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX2 (PROVE-LEMMA MULT-OF-SHARP-AUX3 (REWRITE) (IMPLIES (AND (LISTP BETA) (NOT (EQUAL SIGMA (CAR BETA))) (ORDINALP SIGMA) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (MULT SIGMA (SHARP ALPHA (CDR BETA))) (MULT SIGMA (SHARP ALPHA BETA)))) ((DO-NOT-INDUCT T) (USE (MULT-OF-INSERT-A (SIGMA SIGMA) (ALPHA (SHARP ALPHA (CDR BETA))) (DELTA (CAR BETA)))) (DISABLE SAME-MULT-FOR-CDR MULT-OF-INSERT-A MULT-OF-INSERT-B ORDINALP ORD-LEQ MULT INSERT))) WARNING: Note that the rewrite rule MULT-OF-SHARP-AUX3 will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This conjecture simplifies, applying CDRS-ARE-ORDINALS and SHARP-IS-AN-ORDINAL, and unfolding NOT, AND, IMPLIES, and SHARP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX3 (PROVE-LEMMA MULT-OF-SHARP-AUX4 (REWRITE) (IMPLIES (AND (LISTP BETA) (NOT (EQUAL SIGMA (CAR BETA)))) (EQUAL (MULT SIGMA (CDR BETA)) (MULT SIGMA BETA))) ((DISABLE BOUND-ON-MULT SAME-MULT-FOR-CDR))) WARNING: Note that the rewrite rule MULT-OF-SHARP-AUX4 will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This simplifies, expanding MULT, POS-MULT, and NUMBER-PART, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX4 (PROVE-LEMMA MULT-OF-SHARP-AUX5 (REWRITE) (IMPLIES (AND (LISTP BETA) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA) (NOT (EQUAL SIGMA (CAR BETA)))) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA (CDR BETA))) ((DO-NOT-INDUCT T) (DISABLE ORDINALP SHARP CAR-OF-SHARP-A))) WARNING: Note that the rewrite rule MULT-OF-SHARP-AUX5 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-MULT-OF-SHARP. This conjecture can be simplified, using the abbreviations NOT, BAD-FOR-MULT-OF-SHARP, AND, and IMPLIES, to: (IMPLIES (AND (LISTP BETA) (ORDINALP SIGMA) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL (MULT SIGMA (SHARP ALPHA BETA)) (PLUS (MULT SIGMA ALPHA) (MULT SIGMA BETA)))) (NOT (EQUAL SIGMA (CAR BETA)))) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA (CDR BETA))). This simplifies, rewriting with the lemmas MULT-OF-SHARP-AUX4, MULT-OF-SHARP-AUX3, CDRS-ARE-ORDINALS, and MULT-OF-SHARP-AUX2, and opening up the functions MULT, POS-MULT, NUMBER-PART, BAD-FOR-MULT-OF-SHARP, EQUAL, and ORDINALP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MULT-OF-SHARP-AUX5 (PROVE-LEMMA MULT-OF-SHARP-AUX6 (REWRITE) (IMPLIES (AND (LISTP BETA) (ORDINALP BETA)) (EQUAL (MULT (CAR BETA) BETA) (ADD1 (MULT (CAR BETA) (CDR BETA))))) ((DISABLE ORDINALP BOUND-ON-MULT SAME-MULT-FOR-CDR))) WARNING: Note that the rewrite rule MULT-OF-SHARP-AUX6 will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This conjecture simplifies, applying MULT-OF-SHARP-AUX2, and opening up the definitions of POS-MULT and MULT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX6 (PROVE-LEMMA MULT-OF-SHARP-AUX7 (REWRITE) (IMPLIES (AND (LISTP BETA) (BAD-FOR-MULT-OF-SHARP (CAR BETA) ALPHA BETA)) (BAD-FOR-MULT-OF-SHARP (CAR BETA) ALPHA (CDR BETA))) ((DO-NOT-INDUCT T) (DISABLE SAME-MULT-FOR-CDR MULT-OF-SHARP-AUX5 BOUND-ON-MULT ORDINALP CAR-OF-SHARP-A))) WARNING: Note that the rewrite rule MULT-OF-SHARP-AUX7 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-MULT-OF-SHARP. This conjecture can be simplified, using the abbreviations BAD-FOR-MULT-OF-SHARP, AND, and IMPLIES, to: (IMPLIES (AND (LISTP BETA) (ORDINALP (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL (MULT (CAR BETA) (SHARP ALPHA BETA)) (PLUS (MULT (CAR BETA) ALPHA) (MULT (CAR BETA) BETA))))) (BAD-FOR-MULT-OF-SHARP (CAR BETA) ALPHA (CDR BETA))). This simplifies, applying CARS-ARE-ORDINALS, MULT-OF-SHARP-AUX2, SHARP-IS-AN-ORDINAL, CDRS-ARE-ORDINALS, MULT-OF-INSERT-B, and MULT-OF-SHARP-AUX6, and opening up the definitions of SHARP, MULT, and BAD-FOR-MULT-OF-SHARP, to: (IMPLIES (AND (LISTP BETA) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (EQUAL (ADD1 (POS-MULT (CAR BETA) (SHARP ALPHA (CDR BETA)))) (PLUS (POS-MULT (CAR BETA) ALPHA) (ADD1 (POS-MULT (CAR BETA) (CDR BETA))))))) (NOT (EQUAL (POS-MULT (CAR BETA) (SHARP ALPHA (CDR BETA))) (PLUS (POS-MULT (CAR BETA) ALPHA) (POS-MULT (CAR BETA) (CDR BETA)))))). But this again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX7 (PROVE-LEMMA MULT-OF-SHARP-AUX8 (REWRITE) (IMPLIES (AND (LISTP BETA) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA)) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA (CDR BETA))) ((DO-NOT-INDUCT T) (USE (MULT-OF-SHARP-AUX7 (ALPHA ALPHA) (BETA BETA)) (MULT-OF-SHARP-AUX5 (ALPHA ALPHA) (BETA BETA) (SIGMA SIGMA))) (DISABLE BAD-FOR-MULT-OF-SHARP MULT-OF-SHARP-AUX5 MULT-OF-SHARP-AUX7))) WARNING: Note that the rewrite rule MULT-OF-SHARP-AUX8 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-MULT-OF-SHARP. WARNING: the newly proposed lemma, MULT-OF-SHARP-AUX8, could be applied whenever the previously added lemma MULT-OF-SHARP-AUX7 could. WARNING: the newly proposed lemma, MULT-OF-SHARP-AUX8, could be applied whenever the previously added lemma MULT-OF-SHARP-AUX5 could. This conjecture simplifies, expanding AND, IMPLIES, and NOT, to the following two new conjectures: Case 2. (IMPLIES (AND (NOT (BAD-FOR-MULT-OF-SHARP (CAR BETA) ALPHA BETA)) (EQUAL SIGMA (CAR BETA)) (LISTP BETA) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA)) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA (CDR BETA))). This again simplifies, obviously, to: T. Case 1. (IMPLIES (AND (BAD-FOR-MULT-OF-SHARP (CAR BETA) ALPHA (CDR BETA)) (EQUAL SIGMA (CAR BETA)) (LISTP BETA) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA)) (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA (CDR BETA))). This again simplifies, clearly, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX8 (PROVE-LEMMA MULT-OF-SHARP-AUX9 (REWRITE) (NOT (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA)) ((DISABLE BAD-FOR-MULT-OF-SHARP) (INDUCT (SHARP ALPHA BETA)))) WARNING: Note that the rewrite rule MULT-OF-SHARP-AUX9 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-MULT-OF-SHARP. WARNING: the newly proposed lemma, MULT-OF-SHARP-AUX9, could be applied whenever the previously added lemma MULT-OF-SHARP-AUX1 could. This conjecture can be simplified, using the abbreviations NLISTP, NOT, OR, and AND, to two new formulas: Case 2. (IMPLIES (NOT (LISTP BETA)) (NOT (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA))), which simplifies, rewriting with MULT-OF-SHARP-AUX1, to: T. Case 1. (IMPLIES (AND (LISTP BETA) (NOT (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA (CDR BETA)))) (NOT (BAD-FOR-MULT-OF-SHARP SIGMA ALPHA BETA))). This simplifies, rewriting with the lemma MULT-OF-SHARP-AUX8, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX9 (PROVE-LEMMA MULT-OF-SHARP (REWRITE) (IMPLIES (AND (ORDINALP SIGMA) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (MULT SIGMA (SHARP ALPHA BETA)) (PLUS (MULT SIGMA ALPHA) (MULT SIGMA BETA)))) ((DO-NOT-INDUCT T) (USE (MULT-OF-SHARP-AUX9 (ALPHA ALPHA) (BETA BETA) (SIGMA SIGMA))) (DISABLE MULT ORD-LEQ ORDINALP MULT-OF-SHARP-AUX2 MULT-OF-SHARP-AUX9))) WARNING: Note that the rewrite rule MULT-OF-SHARP will be stored so as to apply only to terms with the nonrecursive function symbol MULT. This formula simplifies, expanding the definition of BAD-FOR-MULT-OF-SHARP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MULT-OF-SHARP (DISABLE BAD-FOR-MULT-OF-SHARP) [ 0.0 0.0 0.0 ] BAD-FOR-MULT-OF-SHARP-OFF (DISABLE MULT-OF-SHARP-AUX1) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX1-OFF (DISABLE MULT-OF-SHARP-AUX2) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX2-OFF (DISABLE MULT-OF-SHARP-AUX3) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX3-OFF (DISABLE MULT-OF-SHARP-AUX4) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX4-OFF (DISABLE MULT-OF-SHARP-AUX5) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX5-OFF (DISABLE MULT-OF-SHARP-AUX6) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX6-OFF (DISABLE MULT-OF-SHARP-AUX7) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX7-OFF (DISABLE MULT-OF-SHARP-AUX8) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX8-OFF (DISABLE MULT-OF-SHARP-AUX9) [ 0.0 0.0 0.0 ] MULT-OF-SHARP-AUX9-OFF (PROVE-LEMMA COMMUT-OF-SHARP (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (SHARP ALPHA BETA) (SHARP BETA ALPHA))) ((DO-NOT-INDUCT T) (USE (DIFFERENT-MULT-WORKS (ALPHA (SHARP ALPHA BETA)) (BETA (SHARP BETA ALPHA)))) (DISABLE ORD-LEQ INSERT SHARP ORDINALP ORD-LESSP DIFFERENT-MULT-WORKS))) This simplifies, applying SHARP-IS-AN-ORDINAL, DIFFERENT-MULT-IS-ORD, and MULT-OF-SHARP, and unfolding the functions NOT, AND, MULT, and IMPLIES, to the following two new goals: Case 2. (IMPLIES (AND (NOT (EQUAL (DIFFERENT-MULT (SHARP ALPHA BETA) (SHARP BETA ALPHA)) 0)) (NOT (EQUAL (PLUS (POS-MULT (DIFFERENT-MULT (SHARP ALPHA BETA) (SHARP BETA ALPHA)) ALPHA) (POS-MULT (DIFFERENT-MULT (SHARP ALPHA BETA) (SHARP BETA ALPHA)) BETA)) (PLUS (POS-MULT (DIFFERENT-MULT (SHARP ALPHA BETA) (SHARP BETA ALPHA)) BETA) (POS-MULT (DIFFERENT-MULT (SHARP ALPHA BETA) (SHARP BETA ALPHA)) ALPHA)))) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (SHARP ALPHA BETA) (SHARP BETA ALPHA))). However this again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (EQUAL (DIFFERENT-MULT (SHARP ALPHA BETA) (SHARP BETA ALPHA)) 0) (NOT (EQUAL (PLUS (NUMBER-PART ALPHA) (NUMBER-PART BETA)) (PLUS (NUMBER-PART BETA) (NUMBER-PART ALPHA)))) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (SHARP ALPHA BETA) (SHARP BETA ALPHA))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] COMMUT-OF-SHARP (PROVE-LEMMA ASSOC-OF-SHARP (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP GAMMA)) (EQUAL (SHARP (SHARP ALPHA BETA) GAMMA) (SHARP ALPHA (SHARP BETA GAMMA)))) ((DO-NOT-INDUCT T) (USE (DIFFERENT-MULT-WORKS (ALPHA (SHARP (SHARP ALPHA BETA) GAMMA)) (BETA (SHARP ALPHA (SHARP BETA GAMMA))))) (DISABLE ORD-LEQ INSERT SHARP ORDINALP ORD-LESSP DIFFERENT-MULT-WORKS))) This formula simplifies, rewriting with SHARP-IS-AN-ORDINAL, COMMUT-OF-SHARP, DIFFERENT-MULT-IS-ORD, and MULT-OF-SHARP, and opening up the definitions of NOT, AND, MULT, and IMPLIES, to two new conjectures: Case 2. (IMPLIES (AND (NOT (EQUAL (DIFFERENT-MULT (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA))) 0)) (NOT (EQUAL (PLUS (POS-MULT (DIFFERENT-MULT (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA))) GAMMA) (POS-MULT (DIFFERENT-MULT (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA))) ALPHA) (POS-MULT (DIFFERENT-MULT (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA))) BETA)) (PLUS (POS-MULT (DIFFERENT-MULT (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA))) ALPHA) (POS-MULT (DIFFERENT-MULT (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA))) BETA) (POS-MULT (DIFFERENT-MULT (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA))) GAMMA)))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP GAMMA)) (EQUAL (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA)))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (EQUAL (DIFFERENT-MULT (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA))) 0) (NOT (EQUAL (PLUS (NUMBER-PART GAMMA) (NUMBER-PART ALPHA) (NUMBER-PART BETA)) (PLUS (NUMBER-PART ALPHA) (NUMBER-PART BETA) (NUMBER-PART GAMMA)))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP GAMMA)) (EQUAL (SHARP GAMMA (SHARP ALPHA BETA)) (SHARP ALPHA (SHARP BETA GAMMA)))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ASSOC-OF-SHARP (PROVE-LEMMA CAR-OF-SHARP-B (REWRITE) (IMPLIES (AND (ORD-LEQ (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (CAR (SHARP ALPHA BETA)) (CAR BETA))) ((DO-NOT-INDUCT T) (USE (CAR-OF-SHARP-A (ALPHA BETA) (BETA ALPHA)) (COMMUT-OF-SHARP (ALPHA ALPHA) (BETA BETA))) (DISABLE SHARP ORD-LEQ ORDINALP))) This simplifies, appealing to the lemma COMMUT-OF-SHARP, and unfolding the definitions of AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-SHARP-B (DISABLE CAR-OF-INSERT-AUX1) [ 0.0 0.0 0.0 ] CAR-OF-INSERT-AUX1-OFF (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX1 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA))) ((DO-NOT-INDUCT T) (USE (INSERT-IS-CONS (ALPHA ALPHA) (DELTA DELTA)) (INSERT-IS-CONS (ALPHA BETA) (DELTA DELTA))) (DISABLE CAR-OF-INSERT-A CAR-OF-INSERT-B CAR-OF-INSERT-C LEQ-0 INSERT ORD-LEQ INSERT-IS-CONS))) This formula simplifies, rewriting with CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, CAR-CONS, CDR-CONS, and IRREFLEX, and unfolding the functions ORDINALP, NOT, AND, IMPLIES, EQUAL, LESSP, and ORD-LESSP, to two new formulas: Case 2. (IMPLIES (AND (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) DELTA))) (ORD-LESSP (CDR (INSERT DELTA ALPHA)) BETA)). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). This produces the following two new conjectures: Case 2.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) DELTA))) (ORD-LESSP (CDR (INSERT DELTA ALPHA)) BETA)). However this further simplifies, applying CAR-NLISTP, and unfolding LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 2.1. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP (CONS X Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (ORD-LESSP (CONS X Z) BETA) (NOT (ORD-LESSP (CAR (INSERT DELTA (CONS X Z))) DELTA))) (ORD-LESSP (CDR (INSERT DELTA (CONS X Z))) BETA)). However this further simplifies, appealing to the lemmas CAR-CONS, CDR-CONS, and INSERT-SMALL-ORDINAL, and expanding ORDINALP and ORD-LESSP, to five new goals: Case 2.1.5. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (ORD-LESSP X (CAR Z))) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (EQUAL X (CAR BETA)) (ORD-LESSP Z (CDR BETA)) (NOT (ORD-LESSP X DELTA))) (ORD-LESSP (INSERT DELTA Z) BETA)), which again simplifies, trivially, to: T. Case 2.1.4. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (ORD-LESSP X (CAR Z))) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP X (CAR BETA)) (NOT (ORD-LESSP X DELTA))) (ORD-LESSP (INSERT DELTA Z) BETA)). This again simplifies, rewriting with CAR-CONS and TRANSITIVITY, to: T. Case 2.1.3. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (LISTP Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (EQUAL X (CAR BETA)) (LISTP (CDR BETA)) (NOT (ORD-LESSP X DELTA))) (ORD-LESSP (INSERT DELTA Z) BETA)). This again simplifies, clearly, to: T. Case 2.1.2. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (LISTP Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (EQUAL X (CAR BETA)) (LESSP Z (CDR BETA)) (NOT (ORD-LESSP X DELTA))) (ORD-LESSP (INSERT DELTA Z) BETA)). This again simplifies, obviously, to: T. Case 2.1.1. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (LISTP Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP X (CAR BETA)) (NOT (ORD-LESSP X DELTA))) (ORD-LESSP (INSERT DELTA Z) BETA)). However this again simplifies, rewriting with CAR-CONS and TRANSITIVITY, and opening up ORDINALP, to: T. Case 1. (IMPLIES (AND (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) DELTA))) (EQUAL (CAR (INSERT DELTA ALPHA)) DELTA)). Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). We must thus prove two new formulas: Case 1.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) DELTA))) (EQUAL (CAR (INSERT DELTA ALPHA)) DELTA)), which further simplifies, rewriting with CAR-NLISTP, and expanding the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 1.1. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP (CONS X Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (ORD-LESSP (CONS X Z) BETA) (NOT (ORD-LESSP (CAR (INSERT DELTA (CONS X Z))) DELTA))) (EQUAL (CAR (INSERT DELTA (CONS X Z))) DELTA)). But this further simplifies, rewriting with CAR-CONS, CDR-CONS, and INSERT-SMALL-ORDINAL, and expanding the definitions of ORDINALP and ORD-LESSP, to the following five new conjectures: Case 1.1.5. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (ORD-LESSP X (CAR Z))) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (EQUAL X (CAR BETA)) (ORD-LESSP Z (CDR BETA)) (NOT (ORD-LESSP X DELTA))) (EQUAL X DELTA)). This again simplifies, clearly, to: T. Case 1.1.4. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (ORD-LESSP X (CAR Z))) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP X (CAR BETA)) (NOT (ORD-LESSP X DELTA))) (EQUAL X DELTA)). This again simplifies, rewriting with CAR-CONS and TRANSITIVITY, to: T. Case 1.1.3. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (LISTP Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (EQUAL X (CAR BETA)) (LISTP (CDR BETA)) (NOT (ORD-LESSP X DELTA))) (EQUAL X DELTA)). This again simplifies, obviously, to: T. Case 1.1.2. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (LISTP Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (EQUAL X (CAR BETA)) (LESSP Z (CDR BETA)) (NOT (ORD-LESSP X DELTA))) (EQUAL X DELTA)). This again simplifies, trivially, to: T. Case 1.1.1. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL (INSERT DELTA BETA) (CONS DELTA BETA)) (ORDINALP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (LISTP Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (ORD-LESSP DELTA (CAR BETA))) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP X (CAR BETA)) (NOT (ORD-LESSP X DELTA))) (EQUAL X DELTA)). However this again simplifies, applying CAR-CONS and TRANSITIVITY, and expanding the definition of ORDINALP, to: T. Q.E.D. [ 0.0 0.3 0.0 ] MONOTONICITY-OF-INSERT-AUX1 (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX2 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP SIGMA) (ORDINALP DELTA) (ORD-LESSP DELTA SIGMA) (ORD-LESSP (CAR ALPHA) SIGMA)) (ORD-LESSP (CAR (INSERT DELTA ALPHA)) SIGMA)) ((DO-NOT-INDUCT T) (USE (CAR-OF-INSERT-B (DELTA DELTA) (ALPHA ALPHA)) (CAR-OF-INSERT-C (DELTA DELTA) (ALPHA ALPHA))) (DISABLE LEQ-0 ORDINALP CAR-OF-INSERT-B CAR-OF-INSERT-C))) This formula simplifies, rewriting with CAR-OF-INSERT-A, TRANSITIVITY, IRREFLEX, and CAR-CONS, and expanding NOT, IMPLIES, ORD-LEQ, AND, and INSERT, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MONOTONICITY-OF-INSERT-AUX2 (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX3 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (ORD-LESSP DELTA (CAR BETA)) (NOT (EQUAL DELTA 0)) (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORD-LESSP (INSERT DELTA ALPHA) BETA)) ((DO-NOT-INDUCT T) (DISABLE ORD-LEQ LEQ-0))) This simplifies, applying the lemmas MONOTONICITY-OF-INSERT-AUX2 and CARS-ARE-ORDINALS, and opening up the function ORD-LESSP, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (ORD-LESSP DELTA (CAR BETA)) (NOT (EQUAL DELTA 0)) (ORD-LESSP (CAR ALPHA) (CAR BETA))) (LISTP BETA)), which again simplifies, applying CAR-NLISTP, and expanding ORDINALP, LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX3 (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX4 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (ORD-LESSP DELTA (CAR BETA)) (NOT (EQUAL DELTA 0)) (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA))) ((DO-NOT-INDUCT T) (DISABLE ORD-LEQ LEQ-0))) This conjecture simplifies, applying CAR-OF-INSERT-A, INSERT-IS-AN-ORDINAL, and MONOTONICITY-OF-INSERT-AUX3, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX4 (DEFN BAD-FOR-MONOTONICITY-OF-INSERT (ALPHA BETA DELTA) (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA))))) Observe that: (OR (FALSEP (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA)) (TRUEP (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-MONOTONICITY-OF-INSERT (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX5 (REWRITE) (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (ORD-LESSP DELTA (CAR BETA))) ((DO-NOT-INDUCT T) (DISABLE INSERT-IS-CONS INSERT ORDINALP ORD-LESSP ORD-LEQ LEQ-0))) WARNING: Note that MONOTONICITY-OF-INSERT-AUX5 contains the free variable ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA). This conjecture can be simplified, using the abbreviations BAD-FOR-MONOTONICITY-OF-INSERT and IMPLIES, to the conjecture: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA)))) (ORD-LESSP DELTA (CAR BETA))). This simplifies, applying MONOTONICITY-OF-INSERT-AUX1, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX5 (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX6 (REWRITE) (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA)))) ((DO-NOT-INDUCT T) (USE (MONOTONICITY-OF-INSERT-AUX5 (ALPHA ALPHA) (BETA BETA) (DELTA DELTA))) (DISABLE INSERT-IS-CONS INSERT MONOTONICITY-OF-INSERT-AUX5 ORDINALP ORD-LESSP ORD-LEQ LEQ-0))) WARNING: Note that MONOTONICITY-OF-INSERT-AUX6 contains the free variable DELTA which will be chosen by instantiating the hypothesis: (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA). This conjecture can be simplified, using the abbreviations NOT, BAD-FOR-MONOTONICITY-OF-INSERT, and IMPLIES, to: (IMPLIES (AND (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (ORD-LESSP DELTA (CAR BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA)))) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA)))). This simplifies, appealing to the lemma MONOTONICITY-OF-INSERT-AUX4, and unfolding BAD-FOR-MONOTONICITY-OF-INSERT and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX6 (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX7 (REWRITE) (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (EQUAL (CAR ALPHA) (CAR BETA))) ((DO-NOT-INDUCT T) (USE (CARS-OF-SMALLER-ORDINALS (ALPHA ALPHA) (BETA BETA)) (MONOTONICITY-OF-INSERT-AUX6 (ALPHA ALPHA) (BETA BETA) (DELTA DELTA))) (DISABLE ORD-LESSP INSERT-IS-CONS INSERT MONOTONICITY-OF-INSERT-AUX6 ORDINALP ORD-LEQ LEQ-0))) WARNING: Note that MONOTONICITY-OF-INSERT-AUX7 contains the free variables DELTA and BETA which will be chosen by instantiating the hypothesis: (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA). This conjecture can be simplified, using the abbreviations BAD-FOR-MONOTONICITY-OF-INSERT, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP ALPHA BETA)) (OR (ORD-LESSP (CAR ALPHA) (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)))) (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA)))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA)))) (EQUAL (CAR ALPHA) (CAR BETA))). This simplifies, opening up AND, OR, IMPLIES, BAD-FOR-MONOTONICITY-OF-INSERT, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX7 (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX8 (REWRITE) (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (AND (LISTP ALPHA) (LISTP BETA))) ((DO-NOT-INDUCT T) (USE (MONOTONICITY-OF-INSERT-AUX5 (ALPHA ALPHA) (BETA BETA) (DELTA DELTA)) (MONOTONICITY-OF-INSERT-AUX7 (ALPHA ALPHA) (BETA BETA) (DELTA DELTA))) (DISABLE INSERT-IS-CONS INSERT MONOTONICITY-OF-INSERT-AUX7 BAD-FOR-MONOTONICITY-OF-INSERT MONOTONICITY-OF-INSERT-AUX5 ORDINALP ORD-LEQ LEQ-0))) WARNING: Note that MONOTONICITY-OF-INSERT-AUX8 contains the free variables DELTA and BETA which will be chosen by instantiating the hypothesis: (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA). WARNING: Note that MONOTONICITY-OF-INSERT-AUX8 contains the free variables DELTA and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA). WARNING: Note that the proposed lemma MONOTONICITY-OF-INSERT-AUX8 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This simplifies, opening up the definitions of IMPLIES and AND, to the following two new goals: Case 2. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA)) (LISTP ALPHA)). But this again simplifies, applying CAR-NLISTP, and expanding LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 1. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA)) (LISTP BETA)). But this again simplifies, rewriting with CAR-NLISTP, and opening up the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX8 (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX9 (REWRITE) (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (BAD-FOR-MONOTONICITY-OF-INSERT (CDR ALPHA) (CDR BETA) DELTA)) ((DO-NOT-INDUCT T) (USE (INSERT-IS-AN-ORDINAL (DELTA DELTA) (ALPHA (CDR ALPHA))) (INSERT-IS-AN-ORDINAL (DELTA DELTA) (ALPHA (CDR BETA))) (MONOTONICITY-OF-INSERT-AUX5 (ALPHA ALPHA) (BETA BETA) (DELTA DELTA)) (MONOTONICITY-OF-INSERT-AUX7 (ALPHA ALPHA) (BETA BETA) (DELTA DELTA))) (DISABLE ORDINALP INSERT MONOTONICITY-OF-INSERT-AUX3 MONOTONICITY-OF-INSERT-AUX4 CAR-OF-INSERT-A CAR-OF-INSERT-C CAR-OF-INSERT-B INSERT-IS-CONS MONOTONICITY-OF-INSERT-AUX7 MONOTONICITY-OF-INSERT-AUX5 ORDINALP ORD-LEQ LEQ-0))) WARNING: Note that the rewrite rule MONOTONICITY-OF-INSERT-AUX9 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-MONOTONICITY-OF-INSERT. This conjecture can be simplified, using the abbreviations BAD-FOR-MONOTONICITY-OF-INSERT, IMPLIES, and AND, to the formula: (IMPLIES (AND (IMPLIES (AND (ORDINALP (CDR ALPHA)) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORDINALP (INSERT DELTA (CDR ALPHA)))) (IMPLIES (AND (ORDINALP (CDR BETA)) (ORDINALP DELTA) (NOT (EQUAL DELTA 0))) (ORDINALP (INSERT DELTA (CDR BETA)))) (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (ORD-LESSP DELTA (CAR BETA))) (IMPLIES (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA) (EQUAL (CAR ALPHA) (CAR BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA) (NOT (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA)))) (BAD-FOR-MONOTONICITY-OF-INSERT (CDR ALPHA) (CDR BETA) DELTA)). This simplifies, rewriting with CDRS-ARE-ORDINALS, INSERT-IS-AN-ORDINAL, INSERT-SMALL-ORDINAL, CDR-CONS, CAR-CONS, IRREFLEX, CAR-NLISTP, and CDR-NLISTP, and opening up NOT, AND, IMPLIES, ORD-LESSP, BAD-FOR-MONOTONICITY-OF-INSERT, LESSP, EQUAL, LISTP, and ORDINALP, to 13 new formulas: Case 13.(IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA)) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) (NOT (ORD-LESSP (CDR (INSERT DELTA ALPHA)) (INSERT DELTA (CDR BETA))))) (NOT (ORD-LESSP (INSERT DELTA (CDR ALPHA)) (INSERT DELTA (CDR BETA))))), which again simplifies, applying IRREFLEX, INSERT-SMALL-ORDINAL, CAR-CONS, and CDR-CONS, to: T. Case 12.(IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (LISTP ALPHA) (NOT (ORD-LESSP (CAR ALPHA) (CAR BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (EQUAL (CAR ALPHA) (CAR BETA)) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) (NOT (EQUAL (CAR (INSERT DELTA ALPHA)) (CAR ALPHA)))) (NOT (ORD-LESSP (INSERT DELTA (CDR ALPHA)) (INSERT DELTA (CDR BETA))))). This again simplifies, rewriting with IRREFLEX, INSERT-SMALL-ORDINAL, and CAR-CONS, to: T. Case 11.(IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) (NOT (ORD-LESSP (CDR (INSERT DELTA ALPHA)) (INSERT DELTA (CDR BETA))))) (NOT (ORD-LESSP (INSERT DELTA (CDR ALPHA)) (INSERT DELTA (CDR BETA))))). This again simplifies, trivially, to: (IMPLIES (AND (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) (NOT (ORD-LESSP (CDR (INSERT DELTA ALPHA)) (INSERT DELTA (CDR BETA))))) (NOT (ORD-LESSP (INSERT DELTA (CDR ALPHA)) (INSERT DELTA (CDR BETA))))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). This produces the following two new conjectures: Case 11.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) (NOT (ORD-LESSP (CDR (INSERT DELTA ALPHA)) (INSERT DELTA (CDR BETA))))) (NOT (ORD-LESSP (INSERT DELTA (CDR ALPHA)) (INSERT DELTA (CDR BETA))))). However this further simplifies, rewriting with the lemma CAR-NLISTP, and unfolding LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 11.1. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL X (CAR BETA)) (ORDINALP (CONS X Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP Z (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA (CONS X Z))) X)) (NOT (ORD-LESSP (CDR (INSERT DELTA (CONS X Z))) (INSERT DELTA (CDR BETA))))) (NOT (ORD-LESSP (INSERT DELTA Z) (INSERT DELTA (CDR BETA))))), which further simplifies, applying CAR-CONS, CDR-CONS, INSERT-SMALL-ORDINAL, and IRREFLEX, to: T. Case 10.(IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) (NOT (EQUAL (CAR (INSERT DELTA ALPHA)) (CAR ALPHA)))) (NOT (ORD-LESSP (INSERT DELTA (CDR ALPHA)) (INSERT DELTA (CDR BETA))))). This again simplifies, obviously, to: (IMPLIES (AND (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) (NOT (EQUAL (CAR (INSERT DELTA ALPHA)) (CAR ALPHA)))) (NOT (ORD-LESSP (INSERT DELTA (CDR ALPHA)) (INSERT DELTA (CDR BETA))))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). We would thus like to prove the following two new formulas: Case 10.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORD-LESSP DELTA (CAR ALPHA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP (CDR ALPHA) (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA ALPHA)) (CAR ALPHA))) (NOT (EQUAL (CAR (INSERT DELTA ALPHA)) (CAR ALPHA)))) (NOT (ORD-LESSP (INSERT DELTA (CDR ALPHA)) (INSERT DELTA (CDR BETA))))). However this further simplifies, rewriting with the lemma CAR-NLISTP, and opening up the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 10.1. (IMPLIES (AND (ORD-LESSP DELTA X) (EQUAL X (CAR BETA)) (ORDINALP (CONS X Z)) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (LISTP BETA) (ORD-LESSP Z (CDR BETA)) (NOT (ORD-LESSP (CAR (INSERT DELTA (CONS X Z))) X)) (NOT (EQUAL (CAR (INSERT DELTA (CONS X Z))) X))) (NOT (ORD-LESSP (INSERT DELTA Z) (INSERT DELTA (CDR BETA))))), which further simplifies, applying the lemmas CAR-CONS, CDR-CONS, INSERT-SMALL-ORDINAL, and IRREFLEX, to: T. Case 9. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LISTP BETA) (NOT (EQUAL (CAR (INSERT DELTA ALPHA)) 0)) (NOT (LISTP (CDR BETA)))) (NUMBERP (CDR BETA))), which again simplifies, rewriting with the lemma CAR-NLISTP, and unfolding the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 8. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LISTP BETA) (NOT (EQUAL (CAR (INSERT DELTA ALPHA)) 0)) (NOT (LISTP (CDR BETA)))) (NOT (EQUAL (CDR BETA) 0))), which again simplifies, applying CAR-NLISTP, and unfolding the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 7. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LISTP BETA) (NOT (EQUAL (CAR (INSERT DELTA ALPHA)) 0))) (NOT (ORD-LESSP (INSERT DELTA 0) (INSERT DELTA (CDR BETA))))). But this again simplifies, applying CAR-NLISTP, and opening up the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 6. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LISTP BETA) (NOT (ORD-LESSP (CDR (INSERT DELTA ALPHA)) (INSERT DELTA (CDR BETA)))) (NOT (LISTP (CDR BETA)))) (NUMBERP (CDR BETA))). But this again simplifies, applying the lemma CAR-NLISTP, and unfolding the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 5. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LISTP BETA) (NOT (ORD-LESSP (CDR (INSERT DELTA ALPHA)) (INSERT DELTA (CDR BETA)))) (NOT (LISTP (CDR BETA)))) (NOT (EQUAL (CDR BETA) 0))), which again simplifies, applying CAR-NLISTP, and expanding the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 4. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LISTP BETA) (NOT (ORD-LESSP (CDR (INSERT DELTA ALPHA)) (INSERT DELTA (CDR BETA))))) (NOT (ORD-LESSP (INSERT DELTA 0) (INSERT DELTA (CDR BETA))))). But this again simplifies, rewriting with CAR-NLISTP, and opening up the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 3. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LESSP ALPHA BETA) (NOT (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA))) (NOT (LISTP (CDR BETA)))) (NUMBERP (CDR BETA))). This again simplifies, rewriting with CAR-NLISTP, and unfolding the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 2. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LESSP ALPHA BETA) (NOT (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA))) (NOT (LISTP (CDR BETA)))) (NOT (EQUAL (CDR BETA) 0))). However this again simplifies, rewriting with the lemma CAR-NLISTP, and opening up the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Case 1. (IMPLIES (AND (ORD-LESSP DELTA (CAR BETA)) (EQUAL (CAR ALPHA) (CAR BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (NOT (LISTP ALPHA)) (LESSP ALPHA BETA) (NOT (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA)))) (NOT (ORD-LESSP (INSERT DELTA 0) (INSERT DELTA (CDR BETA))))), which again simplifies, applying the lemma CAR-NLISTP, and opening up the definitions of LESSP, EQUAL, LISTP, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MONOTONICITY-OF-INSERT-AUX9 (DEFN MONOTONICITY-OF-INSERT-KLUDGE (ALPHA BETA) (IF (AND (LISTP ALPHA) (LISTP BETA)) (MONOTONICITY-OF-INSERT-KLUDGE (CDR ALPHA) (CDR BETA)) 0)) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of AND establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, MONOTONICITY-OF-INSERT-KLUDGE is accepted under the definitional principle. The definition of: MONOTONICITY-OF-INSERT-KLUDGE can be justified in another way. Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of AND inform us that the measure (COUNT BETA) decreases according to the well-founded relation LESSP in each recursive call. Observe that: (NUMBERP (MONOTONICITY-OF-INSERT-KLUDGE ALPHA BETA)) is a theorem. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-KLUDGE (PROVE-LEMMA MONOTONICITY-OF-INSERT-AUX10 (REWRITE) (NOT (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA)) ((DISABLE BAD-FOR-MONOTONICITY-OF-INSERT) (INDUCT (MONOTONICITY-OF-INSERT-KLUDGE ALPHA BETA)))) WARNING: Note that the rewrite rule MONOTONICITY-OF-INSERT-AUX10 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-MONOTONICITY-OF-INSERT. This conjecture can be simplified, using the abbreviations NOT, OR, and AND, to two new goals: Case 2. (IMPLIES (AND (LISTP ALPHA) (LISTP BETA) (NOT (BAD-FOR-MONOTONICITY-OF-INSERT (CDR ALPHA) (CDR BETA) DELTA))) (NOT (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA))), which simplifies, rewriting with MONOTONICITY-OF-INSERT-AUX8 and MONOTONICITY-OF-INSERT-AUX9, to: T. Case 1. (IMPLIES (NOT (AND (LISTP ALPHA) (LISTP BETA))) (NOT (BAD-FOR-MONOTONICITY-OF-INSERT ALPHA BETA DELTA))). This simplifies, rewriting with MONOTONICITY-OF-INSERT-AUX8, and expanding the definition of AND, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX10 (PROVE-LEMMA MONOTONICITY-OF-INSERT (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP DELTA) (NOT (EQUAL DELTA 0)) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (INSERT DELTA ALPHA) (INSERT DELTA BETA))) ((DO-NOT-INDUCT T) (USE (MONOTONICITY-OF-INSERT-AUX10 (ALPHA ALPHA) (BETA BETA) (DELTA DELTA))) (DISABLE ORDINALP ORD-LESSP MONOTONICITY-OF-INSERT-AUX10))) WARNING: the newly proposed lemma, MONOTONICITY-OF-INSERT, could be applied whenever the previously added lemma MONOTONICITY-OF-INSERT-AUX1 could. This conjecture simplifies, expanding the definition of BAD-FOR-MONOTONICITY-OF-INSERT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT (DISABLE MONOTONICITY-OF-INSERT-AUX1) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX1-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX2) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX2-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX3) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX3-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX4) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX4-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX5) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX5-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX6) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX6-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX7) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX7-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX8) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX8-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX9) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX9-OFF (DISABLE MONOTONICITY-OF-INSERT-AUX10) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-AUX10-OFF (DISABLE MONOTONICITY-OF-INSERT-KLUDGE) [ 0.0 0.0 0.0 ] MONOTONICITY-OF-INSERT-KLUDGE-OFF (DISABLE BAD-FOR-MONOTONICITY-OF-INSERT) [ 0.0 0.0 0.0 ] BAD-FOR-MONOTONICITY-OF-INSERT-OFF (PROVE-LEMMA MONOTONICITY-OF-SHARP (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP LAMBDA) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SHARP ALPHA LAMBDA) (SHARP BETA LAMBDA))) ((INDUCT (SHARP ALPHA LAMBDA)) (DISABLE ORD-LEQ INSERT-IS-CONS INSERT-SMALL-ORDINAL LEQ-0 INSERT ORD-LEQ))) This conjecture can be simplified, using the abbreviations IMPLIES, NLISTP, NOT, OR, and AND, to two new conjectures: Case 2. (IMPLIES (AND (NOT (LISTP LAMBDA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP LAMBDA) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SHARP ALPHA LAMBDA) (SHARP BETA LAMBDA))), which simplifies, rewriting with NUM-SHARP-IS-MONOTONIC, and expanding the definitions of ORDINALP and SHARP, to: T. Case 1. (IMPLIES (AND (LISTP LAMBDA) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP (CDR LAMBDA)) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SHARP ALPHA (CDR LAMBDA)) (SHARP BETA (CDR LAMBDA)))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP LAMBDA) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (SHARP ALPHA LAMBDA) (SHARP BETA LAMBDA))). This simplifies, applying CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and expanding the definitions of ORDINALP, AND, IMPLIES, EQUAL, and SHARP, to the formula: (IMPLIES (AND (LISTP LAMBDA) (ORD-LESSP (SHARP ALPHA (CDR LAMBDA)) (SHARP BETA (CDR LAMBDA))) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP LAMBDA) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (INSERT (CAR LAMBDA) (SHARP ALPHA (CDR LAMBDA))) (INSERT (CAR LAMBDA) (SHARP BETA (CDR LAMBDA))))). Appealing to the lemma CAR-CDR-ELIM, we now replace LAMBDA by (CONS Z X) to eliminate (CDR LAMBDA) and (CAR LAMBDA). The result is: (IMPLIES (AND (ORD-LESSP (SHARP ALPHA X) (SHARP BETA X)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP (CONS Z X)) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (INSERT Z (SHARP ALPHA X)) (INSERT Z (SHARP BETA X)))). But this further simplifies, appealing to the lemmas CDR-CONS, CAR-CONS, SHARP-IS-AN-ORDINAL, and MONOTONICITY-OF-INSERT, and expanding the functions ORDINALP and SHARP, to: (IMPLIES (AND (ORD-LESSP (SHARP ALPHA X) (SHARP BETA X)) (ORDINALP ALPHA) (ORDINALP BETA) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP X) (NOT (LISTP X)) (ORD-LESSP ALPHA BETA)) (ORD-LESSP (INSERT Z (NUM-SHARP ALPHA X)) (INSERT Z (NUM-SHARP BETA X)))). However this again simplifies, rewriting with NUM-SHARP-IS-AN-ORDINAL and MONOTONICITY-OF-INSERT, and unfolding the definitions of SHARP and ORDINALP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] MONOTONICITY-OF-SHARP (DISABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-OFF (DISABLE ORD-LEQ) [ 0.0 0.0 0.0 ] ORD-LEQ-OFF (DISABLE LEQ-0) [ 0.0 0.0 0.0 ] LEQ-0-OFF (DEFN NORM (X) (COUNT X)) Observe that (NUMBERP (NORM X)) is a theorem. [ 0.0 0.0 0.0 ] NORM (PROVE-LEMMA NORM-IS-A-NUMBER (REWRITE) (NUMBERP (NORM X))) This conjecture can be simplified, using the abbreviation NORM, to the goal: (NUMBERP (COUNT X)). This simplifies, trivially, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-IS-A-NUMBER (PROVE-LEMMA NORM-OF-A-NUMBER (REWRITE) (IMPLIES (NUMBERP N) (EQUAL (NORM N) N))) WARNING: Note that the rewrite rule NORM-OF-A-NUMBER will be stored so as to apply only to terms with the nonrecursive function symbol NORM. This conjecture can be simplified, using the abbreviations IMPLIES and NORM, to: (IMPLIES (NUMBERP N) (EQUAL (COUNT N) N)). This simplifies, rewriting with COUNT-NUMBERP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-A-NUMBER (PROVE-LEMMA NORM-OF-SUCCESSOR (REWRITE) (IMPLIES (ORDINALP ALPHA) (EQUAL (NORM (SUCCESSOR ALPHA)) (ADD1 (NORM ALPHA))))) WARNING: Note that the rewrite rule NORM-OF-SUCCESSOR will be stored so as to apply only to terms with the nonrecursive function symbol NORM. This conjecture can be simplified, using the abbreviations IMPLIES and NORM, to: (IMPLIES (ORDINALP ALPHA) (EQUAL (COUNT (SUCCESSOR ALPHA)) (ADD1 (COUNT ALPHA)))). Call the above conjecture *1. We will appeal to induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following five new goals: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (EQUAL (COUNT (SUCCESSOR ALPHA)) (ADD1 (COUNT ALPHA)))). This simplifies, opening up ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (EQUAL (COUNT (SUCCESSOR (CDR ALPHA))) (ADD1 (COUNT (CDR ALPHA)))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (EQUAL (COUNT (SUCCESSOR ALPHA)) (ADD1 (COUNT ALPHA)))). This simplifies, opening up the function ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (EQUAL (COUNT (SUCCESSOR (CAR ALPHA))) (ADD1 (COUNT (CAR ALPHA)))) (ORDINALP ALPHA)) (EQUAL (COUNT (SUCCESSOR ALPHA)) (ADD1 (COUNT ALPHA)))). This simplifies, expanding the function ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (COUNT (SUCCESSOR (CDR ALPHA))) (ADD1 (COUNT (CDR ALPHA)))) (EQUAL (COUNT (SUCCESSOR (CAR ALPHA))) (ADD1 (COUNT (CAR ALPHA)))) (ORDINALP ALPHA)) (EQUAL (COUNT (SUCCESSOR ALPHA)) (ADD1 (COUNT ALPHA)))). This simplifies, rewriting with the lemmas COUNT-CONS and ADD1-EQUAL, and expanding the definitions of ORDINALP and SUCCESSOR, to the following two new goals: Case 2.2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (COUNT (SUCCESSOR (CDR ALPHA))) (ADD1 (COUNT (CDR ALPHA)))) (EQUAL (COUNT (SUCCESSOR (CAR ALPHA))) (ADD1 (COUNT (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA)))) (EQUAL (PLUS (COUNT (CAR ALPHA)) (ADD1 (COUNT (CDR ALPHA)))) (COUNT ALPHA))). Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS Z X) to eliminate (CDR ALPHA) and (CAR ALPHA) and X by (CONS V W) to eliminate (CAR X) and (CDR X). This generates two new goals: Case 2.2.2. (IMPLIES (AND (NOT (LISTP X)) (EQUAL (COUNT (SUCCESSOR X)) (ADD1 (COUNT X))) (EQUAL (COUNT (SUCCESSOR Z)) (ADD1 (COUNT Z))) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP X) (NOT (ORD-LESSP Z (CAR X)))) (EQUAL (PLUS (COUNT Z) (ADD1 (COUNT X))) (COUNT (CONS Z X)))), which further simplifies, rewriting with COUNT-NUMBERP, ADD1-EQUAL, CAR-NLISTP, and COUNT-CONS, and unfolding the functions SUCCESSOR and ORDINALP, to: (IMPLIES (AND (NOT (LISTP X)) (NUMBERP X) (EQUAL X (COUNT X)) (EQUAL (COUNT (SUCCESSOR Z)) (ADD1 (COUNT Z))) (ORDINALP Z) (NOT (EQUAL Z 0)) (NOT (ORD-LESSP Z 0))) (EQUAL (PLUS (COUNT Z) (ADD1 X)) (ADD1 (PLUS (COUNT Z) X)))), which again simplifies, using linear arithmetic, to: T. Case 2.2.1. (IMPLIES (AND (EQUAL (COUNT (SUCCESSOR (CONS V W))) (ADD1 (COUNT (CONS V W)))) (EQUAL (COUNT (SUCCESSOR Z)) (ADD1 (COUNT Z))) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP (CONS V W)) (NOT (ORD-LESSP Z V))) (EQUAL (PLUS (COUNT Z) (ADD1 (COUNT (CONS V W)))) (COUNT (CONS Z (CONS V W))))), which further simplifies, applying the lemmas CDR-CONS, CAR-CONS, COUNT-CONS, and ADD1-EQUAL, and opening up the functions SUCCESSOR and ORDINALP, to two new formulas: Case 2.2.1.2. (IMPLIES (AND (EQUAL (PLUS (COUNT V) (COUNT (SUCCESSOR W))) (ADD1 (PLUS (COUNT V) (COUNT W)))) (EQUAL (COUNT (SUCCESSOR Z)) (ADD1 (COUNT Z))) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP V) (NOT (EQUAL V 0)) (ORDINALP W) (NOT (ORD-LESSP V (CAR W))) (NOT (ORD-LESSP Z V))) (EQUAL (PLUS (COUNT Z) (ADD1 (ADD1 (PLUS (COUNT V) (COUNT W))))) (ADD1 (PLUS (COUNT Z) (ADD1 (PLUS (COUNT V) (COUNT W))))))), which again simplifies, using linear arithmetic, to: T. Case 2.2.1.1. (IMPLIES (AND (EQUAL (PLUS (COUNT V) (COUNT (SUCCESSOR W))) (ADD1 (PLUS (COUNT V) (COUNT W)))) (EQUAL (COUNT (SUCCESSOR Z)) (ADD1 (COUNT Z))) (ORDINALP Z) (NOT (EQUAL Z 0)) (ORDINALP V) (NOT (EQUAL V 0)) (ORDINALP W) (NOT (LISTP W)) (NOT (ORD-LESSP Z V))) (EQUAL (PLUS (COUNT Z) (ADD1 (ADD1 (PLUS (COUNT V) (COUNT W))))) (ADD1 (PLUS (COUNT Z) (ADD1 (PLUS (COUNT V) (COUNT W))))))), which again simplifies, using linear arithmetic, to: T. Case 2.1. (IMPLIES (AND (LISTP ALPHA) (EQUAL (COUNT (SUCCESSOR (CDR ALPHA))) (ADD1 (COUNT (CDR ALPHA)))) (EQUAL (COUNT (SUCCESSOR (CAR ALPHA))) (ADD1 (COUNT (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA)))) (EQUAL (PLUS (COUNT (CAR ALPHA)) (ADD1 (COUNT (CDR ALPHA)))) (COUNT ALPHA))), which further simplifies, applying COUNT-NUMBERP, ADD1-EQUAL, and CDRS-ARE-ORDINALS, and unfolding SUCCESSOR and ORDINALP, to: (IMPLIES (AND (LISTP ALPHA) (NUMBERP (CDR ALPHA)) (EQUAL (CDR ALPHA) (COUNT (CDR ALPHA))) (EQUAL (COUNT (SUCCESSOR (CAR ALPHA))) (ADD1 (COUNT (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0))) (EQUAL (PLUS (COUNT (CAR ALPHA)) (ADD1 (CDR ALPHA))) (COUNT ALPHA))), which again simplifies, obviously, to: (IMPLIES (AND (LISTP ALPHA) (EQUAL (CDR ALPHA) (COUNT (CDR ALPHA))) (EQUAL (COUNT (SUCCESSOR (CAR ALPHA))) (ADD1 (COUNT (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0))) (EQUAL (PLUS (COUNT (CAR ALPHA)) (ADD1 (CDR ALPHA))) (COUNT ALPHA))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS Z X) to eliminate (CDR ALPHA) and (CAR ALPHA). We thus obtain: (IMPLIES (AND (EQUAL X (COUNT X)) (EQUAL (COUNT (SUCCESSOR Z)) (ADD1 (COUNT Z))) (ORDINALP Z) (NOT (EQUAL Z 0))) (EQUAL (PLUS (COUNT Z) (ADD1 X)) (COUNT (CONS Z X)))), which further simplifies, applying the lemmas COUNT-NUMBERP and COUNT-CONS, to: (IMPLIES (AND (EQUAL X (COUNT X)) (EQUAL (COUNT (SUCCESSOR Z)) (ADD1 (COUNT Z))) (ORDINALP Z) (NOT (EQUAL Z 0))) (EQUAL (PLUS (COUNT Z) (ADD1 X)) (ADD1 (PLUS (COUNT Z) X)))). This finally simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA)) (EQUAL (COUNT (SUCCESSOR ALPHA)) (ADD1 (COUNT ALPHA)))), which simplifies, appealing to the lemma COUNT-NUMBERP, and opening up the functions ORDINALP and SUCCESSOR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NORM-OF-SUCCESSOR (PROVE-LEMMA NORM-OF-PREDECESSOR (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (NORM (PREDECESSOR ALPHA)) (SUB1 (NORM ALPHA)))) ((DO-NOT-INDUCT T) (USE (NORM-OF-SUCCESSOR (ALPHA (PREDECESSOR ALPHA)))))) WARNING: Note that the rewrite rule NORM-OF-PREDECESSOR will be stored so as to apply only to terms with the nonrecursive function symbol NORM. This formula can be simplified, using the abbreviations AND, IMPLIES, and NORM, to the new goal: (IMPLIES (AND (IMPLIES (ORDINALP (PREDECESSOR ALPHA)) (EQUAL (COUNT (SUCCESSOR (PREDECESSOR ALPHA))) (ADD1 (COUNT (PREDECESSOR ALPHA))))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (COUNT (PREDECESSOR ALPHA)) (SUB1 (COUNT ALPHA)))), which simplifies, appealing to the lemmas PREDECESSOR-IS-AN-ORDINAL and SUC-PREDECESSOR, and expanding the definition of IMPLIES, to: (IMPLIES (AND (EQUAL (COUNT ALPHA) (ADD1 (COUNT (PREDECESSOR ALPHA)))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (COUNT (PREDECESSOR ALPHA)) (SUB1 (COUNT ALPHA)))). But this again simplifies, using linear arithmetic, to: (IMPLIES (AND (EQUAL (COUNT ALPHA) 0) (EQUAL (COUNT ALPHA) (ADD1 (COUNT (PREDECESSOR ALPHA)))) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (COUNT (PREDECESSOR ALPHA)) (SUB1 (COUNT ALPHA)))). This again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-PREDECESSOR (PROVE-LEMMA NORM-OF-CONS (REWRITE) (IMPLIES (LISTP ALPHA) (EQUAL (NORM ALPHA) (ADD1 (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))))))) WARNING: Note that the rewrite rule NORM-OF-CONS will be stored so as to apply only to terms with the nonrecursive function symbol NORM. This formula can be simplified, using the abbreviations IMPLIES and NORM, to the new conjecture: (IMPLIES (LISTP ALPHA) (EQUAL (COUNT ALPHA) (ADD1 (PLUS (COUNT (CAR ALPHA)) (COUNT (CDR ALPHA)))))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). We would thus like to prove: (EQUAL (COUNT (CONS X Z)) (ADD1 (PLUS (COUNT X) (COUNT Z)))), which simplifies, rewriting with the lemma COUNT-CONS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-CONS (PROVE-LEMMA NORM-NON-ZERO (REWRITE) (IMPLIES (LISTP ALPHA) (NOT (EQUAL (NORM ALPHA) 0))) ((USE (NORM-OF-CONS (ALPHA ALPHA)) (NORM-IS-A-NUMBER (X (CAR ALPHA))) (NORM-IS-A-NUMBER (X (CDR ALPHA)))) (DISABLE NORM-OF-CONS NORM-IS-A-NUMBER))) This formula can be simplified, using the abbreviations NOT, IMPLIES, and NORM, to the new conjecture: (IMPLIES (AND (IMPLIES (LISTP ALPHA) (EQUAL (COUNT ALPHA) (ADD1 (PLUS (COUNT (CAR ALPHA)) (COUNT (CDR ALPHA)))))) (LISTP ALPHA)) (NOT (EQUAL (COUNT ALPHA) 0))), which simplifies, expanding IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-NON-ZERO (DISABLE NORM) [ 0.0 0.0 0.0 ] NORM-OFF (DEFN NORM-UP-TO (N) (IF (ZEROP N) (LIST 0) (APPEND (SEGMENT 0 N) (PRODUCT (NORM-UP-TO (SUB1 N)) (NORM-UP-TO (SUB1 N)))))) Linear arithmetic, the lemma COUNT-NUMBERP, and the definition of ZEROP inform us that the measure (COUNT N) decreases according to the well-founded relation LESSP in each recursive call. Hence, NORM-UP-TO is accepted under the principle of definition. Note that: (OR (LITATOM (NORM-UP-TO N)) (LISTP (NORM-UP-TO N))) is a theorem. [ 0.0 0.0 0.0 ] NORM-UP-TO (PROVE-LEMMA NORM-UP-TO-BIG-ENUF-AUX1 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LEQ (NORM ALPHA) N) (NLISTP ALPHA)) (MEMBER ALPHA (NORM-UP-TO N)))) This formula can be simplified, using the abbreviations NLISTP, AND, and IMPLIES, to the new formula: (IMPLIES (AND (ORDINALP ALPHA) (NOT (LESSP N (NORM ALPHA))) (NOT (LISTP ALPHA))) (MEMBER ALPHA (NORM-UP-TO N))), which simplifies, rewriting with NORM-OF-A-NUMBER, and expanding ORDINALP, to: (IMPLIES (AND (NUMBERP ALPHA) (NOT (LESSP N ALPHA))) (MEMBER ALPHA (NORM-UP-TO N))), which we will name *1. We will appeal to induction. Three inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA))) (p ALPHA N)) (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (OR (EQUAL N 0) (NOT (NUMBERP N)))) (p ALPHA N)) (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (NOT (OR (EQUAL N 0) (NOT (NUMBERP N)))) (p (SUB1 ALPHA) (SUB1 N))) (p ALPHA N))). Linear arithmetic, the lemmas SUB1-LESSEQP and SUB1-LESSP, and the definitions of OR and NOT inform us that the measure (COUNT N) decreases according to the well-founded relation LESSP in each induction step of the scheme. Note, however, the inductive instance chosen for ALPHA. The above induction scheme leads to the following four new conjectures: Case 4. (IMPLIES (AND (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA))) (NUMBERP ALPHA) (NOT (LESSP N ALPHA))) (MEMBER ALPHA (NORM-UP-TO N))). This simplifies, unfolding NOT, OR, NUMBERP, EQUAL, LESSP, and NORM-UP-TO, to the following three new conjectures: Case 4.3. (IMPLIES (AND (EQUAL ALPHA 0) (NOT (EQUAL N 0)) (NUMBERP N)) (MEMBER 0 (APPEND (SEGMENT 0 N) (PRODUCT (NORM-UP-TO (SUB1 N)) (NORM-UP-TO (SUB1 N)))))). But this again simplifies, using linear arithmetic, rewriting with MEMBERS-OF-SEGMENT and APPEND-WORKS-LEFT, and opening up LESSP, EQUAL, and NUMBERP, to: T. Case 4.2. (IMPLIES (AND (EQUAL ALPHA 0) (EQUAL N 0)) (MEMBER 0 '(0))). This again simplifies, unfolding MEMBER, to: T. Case 4.1. (IMPLIES (AND (EQUAL ALPHA 0) (NOT (NUMBERP N))) (MEMBER 0 '(0))), which again simplifies, expanding MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (OR (EQUAL N 0) (NOT (NUMBERP N))) (NUMBERP ALPHA) (NOT (LESSP N ALPHA))) (MEMBER ALPHA (NORM-UP-TO N))), which simplifies, unfolding NOT, OR, EQUAL, and LESSP, to: T. Case 2. (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (NOT (OR (EQUAL N 0) (NOT (NUMBERP N)))) (LESSP (SUB1 N) (SUB1 ALPHA)) (NUMBERP ALPHA) (NOT (LESSP N ALPHA))) (MEMBER ALPHA (NORM-UP-TO N))), which simplifies, using linear arithmetic, to: (IMPLIES (AND (EQUAL ALPHA 0) (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (NOT (OR (EQUAL N 0) (NOT (NUMBERP N)))) (LESSP (SUB1 N) (SUB1 ALPHA)) (NUMBERP ALPHA) (NOT (LESSP N ALPHA))) (MEMBER ALPHA (NORM-UP-TO N))). This again simplifies, expanding the functions EQUAL, NUMBERP, NOT, and OR, to: T. Case 1. (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (NOT (OR (EQUAL N 0) (NOT (NUMBERP N)))) (MEMBER (SUB1 ALPHA) (NORM-UP-TO (SUB1 N))) (NUMBERP ALPHA) (NOT (LESSP N ALPHA))) (MEMBER ALPHA (NORM-UP-TO N))), which simplifies, using linear arithmetic, rewriting with the lemmas MEMBERS-OF-SEGMENT and APPEND-WORKS-LEFT, and expanding the functions NOT, OR, LESSP, NORM-UP-TO, and EQUAL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NORM-UP-TO-BIG-ENUF-AUX1 (PROVE-LEMMA NORM-UP-TO-BIG-ENUF-AUX2 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (LEQ (NORM ALPHA) N)) (NOT (ZEROP N)))) WARNING: Note that the rewrite rule NORM-UP-TO-BIG-ENUF-AUX2 will be stored so as to apply only to terms with the nonrecursive function symbol ZEROP. WARNING: Note that NORM-UP-TO-BIG-ENUF-AUX2 contains the free variable ALPHA which will be chosen by instantiating the hypothesis (LISTP ALPHA). This formula simplifies, applying the lemmas NORM-OF-CONS and SUB1-ADD1, and unfolding LESSP and ZEROP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX2 (PROVE-LEMMA NORM-UP-TO-BIG-ENUF-AUX3 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LEQ (NORM ALPHA) N) (ZEROP N)) (MEMBER ALPHA (NORM-UP-TO N))) ((DO-NOT-INDUCT T) (USE (NORM-NON-ZERO (ALPHA ALPHA))) (DISABLE NORM-UP-TO NORM-NON-ZERO))) This simplifies, applying NORM-OF-A-NUMBER, and opening up NOT, IMPLIES, ORDINALP, ZEROP, NORM-UP-TO, CDR, CAR, LISTP, and MEMBER, to four new conjectures: Case 4. (IMPLIES (AND (NOT (LISTP ALPHA)) (NUMBERP ALPHA) (NOT (LESSP N ALPHA)) (EQUAL N 0)) (EQUAL ALPHA 0)), which again simplifies, using linear arithmetic, to: T. Case 3. (IMPLIES (AND (NOT (LISTP ALPHA)) (NUMBERP ALPHA) (NOT (LESSP N ALPHA)) (NOT (NUMBERP N))) (MEMBER ALPHA (NORM-UP-TO N))), which again simplifies, using linear arithmetic, applying NORM-UP-TO-BIG-ENUF-AUX1, and opening up LESSP, NORM, and ORDINALP, to: T. Case 2. (IMPLIES (AND (NOT (EQUAL (NORM ALPHA) 0)) (ORDINALP ALPHA) (NOT (LESSP N (NORM ALPHA))) (EQUAL N 0)) (EQUAL ALPHA 0)). However this again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (EQUAL (NORM ALPHA) 0)) (ORDINALP ALPHA) (NOT (LESSP N (NORM ALPHA))) (NOT (NUMBERP N))) (MEMBER ALPHA (NORM-UP-TO N))), which again simplifies, unfolding the function LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX3 (PROVE-LEMMA NORM-UP-TO-BIG-ENUF-AUX4 (REWRITE) (IMPLIES (AND (MEMBER X (NORM-UP-TO N)) (MEMBER Y (NORM-UP-TO N))) (MEMBER (CONS X Y) (NORM-UP-TO (ADD1 N))))) This simplifies, applying SUB1-ADD1, and unfolding NORM-UP-TO, to the following two new formulas: Case 2. (IMPLIES (AND (MEMBER X (NORM-UP-TO N)) (MEMBER Y (NORM-UP-TO N)) (NOT (NUMBERP N))) (MEMBER (CONS X Y) (APPEND (SEGMENT 0 (ADD1 N)) (PRODUCT (NORM-UP-TO 0) (NORM-UP-TO 0))))). But this again simplifies, appealing to the lemma SUB1-TYPE-RESTRICTION, and expanding the definitions of NORM-UP-TO, CDR, CAR, LISTP, MEMBER, CONS, SEGMENT, PRODUCT, and APPEND, to: T. Case 1. (IMPLIES (AND (MEMBER X (NORM-UP-TO N)) (MEMBER Y (NORM-UP-TO N)) (NUMBERP N)) (MEMBER (CONS X Y) (APPEND (SEGMENT 0 (ADD1 N)) (PRODUCT (NORM-UP-TO N) (NORM-UP-TO N))))), which again simplifies, rewriting with ALL-PAIRS and APPEND-WORKS-RIGHT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX4 (DISABLE NORM-UP-TO) [ 0.0 0.0 0.0 ] NORM-UP-TO-OFF (DISABLE NORM-OF-CONS) [ 0.0 0.0 0.0 ] NORM-OF-CONS-OFF (DEFN NORM-UP-TO-BIG-ENUF-KLUDGE (ALPHA N) (IF (AND (LISTP ALPHA) (NOT (ZEROP N))) (PLUS (NORM-UP-TO-BIG-ENUF-KLUDGE (CAR ALPHA) (SUB1 N)) (NORM-UP-TO-BIG-ENUF-KLUDGE (CDR ALPHA) (SUB1 N))) 0)) Linear arithmetic, the lemmas CDR-LESSEQP, CDR-LESSP, CAR-LESSEQP, and CAR-LESSP, and the definitions of AND, NOT, and ZEROP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each recursive call. Hence, NORM-UP-TO-BIG-ENUF-KLUDGE is accepted under the definitional principle. The definition of NORM-UP-TO-BIG-ENUF-KLUDGE can be justified in another way. Linear arithmetic, the lemma COUNT-NUMBERP, and the definitions of AND, NOT, and ZEROP establish that the measure (COUNT N) decreases according to the well-founded relation LESSP in each recursive call. Note that (NUMBERP (NORM-UP-TO-BIG-ENUF-KLUDGE ALPHA N)) is a theorem. [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-KLUDGE (ENABLE NORM-OF-CONS) [ 0.0 0.0 0.0 ] NORM-OF-CONS-ON (DEFN BAD-FOR-NORM-UP-TO-BIG-ENUF (ALPHA N) (AND (ORDINALP ALPHA) (LEQ (NORM ALPHA) N) (NOT (MEMBER ALPHA (NORM-UP-TO N))))) From the definition we can conclude that: (OR (FALSEP (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N)) (TRUEP (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-NORM-UP-TO-BIG-ENUF (PROVE-LEMMA NORM-UP-TO-BIG-ENUF-AUX5 (REWRITE) (IMPLIES (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N) (AND (LISTP ALPHA) (NOT (ZEROP N))))) WARNING: Note that NORM-UP-TO-BIG-ENUF-AUX5 contains the free variable N which will be chosen by instantiating the hypothesis: (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N). WARNING: Note that the rewrite rule NORM-UP-TO-BIG-ENUF-AUX5 will be stored so as to apply only to terms with the nonrecursive function symbol ZEROP. WARNING: Note that NORM-UP-TO-BIG-ENUF-AUX5 contains the free variable ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N). WARNING: Note that the proposed lemma NORM-UP-TO-BIG-ENUF-AUX5 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This formula can be simplified, using the abbreviations BAD-FOR-NORM-UP-TO-BIG-ENUF and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (NOT (LESSP N (NORM ALPHA))) (NOT (MEMBER ALPHA (NORM-UP-TO N)))) (AND (LISTP ALPHA) (NOT (ZEROP N)))), which simplifies, opening up ZEROP, NOT, and AND, to three new goals: Case 3. (IMPLIES (AND (ORDINALP ALPHA) (NOT (LESSP N (NORM ALPHA))) (NOT (MEMBER ALPHA (NORM-UP-TO N)))) (LISTP ALPHA)), which again simplifies, applying the lemmas NORM-OF-A-NUMBER and NORM-UP-TO-BIG-ENUF-AUX1, and opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (ORDINALP ALPHA) (NOT (LESSP N (NORM ALPHA))) (NOT (MEMBER ALPHA (NORM-UP-TO N)))) (NOT (EQUAL N 0))), which again simplifies, unfolding the functions EQUAL, LESSP, NORM-UP-TO, CDR, CAR, LISTP, and MEMBER, to the goal: (IMPLIES (AND (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)). Call the above conjecture *1. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (NOT (LESSP N (NORM ALPHA))) (NOT (MEMBER ALPHA (NORM-UP-TO N)))) (NUMBERP N)). But this again simplifies, using linear arithmetic, rewriting with the lemma NORM-UP-TO-BIG-ENUF-AUX3, and expanding the functions LESSP and ZEROP, to: T. So next consider: (IMPLIES (AND (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)), which we named *1 above. Let us appeal to the induction principle. There is only one suggested induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates ten new formulas: Case 10.(IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)), which simplifies, expanding ORDINALP, to: T. Case 9. (IMPLIES (AND (LISTP ALPHA) (NOT (EQUAL (NORM (CDR ALPHA)) 0)) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)), which simplifies, unfolding the definition of ORDINALP, to: T. Case 8. (IMPLIES (AND (LISTP ALPHA) (EQUAL (CDR ALPHA) 0) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)), which simplifies, expanding ORDINALP, to: T. Case 7. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (EQUAL (NORM (CAR ALPHA)) 0)) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)), which simplifies, unfolding the definition of ORDINALP, to: T. Case 6. (IMPLIES (AND (LISTP ALPHA) (NOT (EQUAL (NORM (CDR ALPHA)) 0)) (NOT (EQUAL (NORM (CAR ALPHA)) 0)) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)), which simplifies, applying the lemma NORM-OF-CONS, and unfolding the function ORDINALP, to: T. Case 5. (IMPLIES (AND (LISTP ALPHA) (EQUAL (CDR ALPHA) 0) (NOT (EQUAL (NORM (CAR ALPHA)) 0)) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)), which simplifies, rewriting with NORM-OF-CONS, and expanding the functions ORDINALP, LISTP, and NORM, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (EQUAL (CAR ALPHA) 0) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)). This simplifies, expanding the definitions of ORDINALP and EQUAL, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (EQUAL (NORM (CDR ALPHA)) 0)) (EQUAL (CAR ALPHA) 0) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)). This simplifies, unfolding ORDINALP and EQUAL, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (CDR ALPHA) 0) (EQUAL (CAR ALPHA) 0) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)). This simplifies, expanding the functions ORDINALP and EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (EQUAL (NORM ALPHA) 0)) (EQUAL ALPHA 0)). This simplifies, appealing to the lemma NORM-OF-A-NUMBER, and expanding the function ORDINALP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NORM-UP-TO-BIG-ENUF-AUX5 (PROVE-LEMMA NORM-UP-TO-BIG-ENUF-AUX6 (REWRITE) (IMPLIES (AND (LISTP ALPHA) (NOT (ZEROP N)) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CAR ALPHA) (SUB1 N))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CDR ALPHA) (SUB1 N)))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N))) ((DO-NOT-INDUCT T) (USE (NORM-UP-TO-BIG-ENUF-AUX4 (X (CAR ALPHA)) (Y (CDR ALPHA)) (N (SUB1 N)))) (DISABLE NORM-UP-TO-BIG-ENUF-AUX4 ORDINALP))) WARNING: Note that the rewrite rule NORM-UP-TO-BIG-ENUF-AUX6 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-NORM-UP-TO-BIG-ENUF. This formula can be simplified, using the abbreviations BAD-FOR-NORM-UP-TO-BIG-ENUF, ZEROP, NOT, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (MEMBER (CAR ALPHA) (NORM-UP-TO (SUB1 N))) (MEMBER (CDR ALPHA) (NORM-UP-TO (SUB1 N)))) (MEMBER (CONS (CAR ALPHA) (CDR ALPHA)) (NORM-UP-TO (ADD1 (SUB1 N))))) (LISTP ALPHA) (NOT (EQUAL N 0)) (NUMBERP N) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CAR ALPHA) (SUB1 N))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CDR ALPHA) (SUB1 N))) (ORDINALP ALPHA) (NOT (LESSP N (NORM ALPHA)))) (MEMBER ALPHA (NORM-UP-TO N))), which simplifies, applying the lemmas CONS-CAR-CDR, ADD1-SUB1, CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, NORM-OF-CONS, and SUB1-ADD1, and opening up AND, IMPLIES, BAD-FOR-NORM-UP-TO-BIG-ENUF, and LESSP, to four new conjectures: Case 4. (IMPLIES (AND (NOT (MEMBER (CAR ALPHA) (NORM-UP-TO (SUB1 N)))) (LISTP ALPHA) (NOT (EQUAL N 0)) (NUMBERP N) (LESSP (SUB1 N) (NORM (CAR ALPHA))) (LESSP (SUB1 N) (NORM (CDR ALPHA))) (ORDINALP ALPHA) (NOT (LESSP (SUB1 N) (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA)))))) (MEMBER ALPHA (NORM-UP-TO N))), which again simplifies, using linear arithmetic, to: T. Case 3. (IMPLIES (AND (NOT (MEMBER (CAR ALPHA) (NORM-UP-TO (SUB1 N)))) (LISTP ALPHA) (NOT (EQUAL N 0)) (NUMBERP N) (LESSP (SUB1 N) (NORM (CAR ALPHA))) (MEMBER (CDR ALPHA) (NORM-UP-TO (SUB1 N))) (ORDINALP ALPHA) (NOT (LESSP (SUB1 N) (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA)))))) (MEMBER ALPHA (NORM-UP-TO N))), which again simplifies, using linear arithmetic, to: T. Case 2. (IMPLIES (AND (NOT (MEMBER (CDR ALPHA) (NORM-UP-TO (SUB1 N)))) (LISTP ALPHA) (NOT (EQUAL N 0)) (NUMBERP N) (LESSP (SUB1 N) (NORM (CAR ALPHA))) (LESSP (SUB1 N) (NORM (CDR ALPHA))) (ORDINALP ALPHA) (NOT (LESSP (SUB1 N) (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA)))))) (MEMBER ALPHA (NORM-UP-TO N))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (MEMBER (CDR ALPHA) (NORM-UP-TO (SUB1 N)))) (LISTP ALPHA) (NOT (EQUAL N 0)) (NUMBERP N) (MEMBER (CAR ALPHA) (NORM-UP-TO (SUB1 N))) (LESSP (SUB1 N) (NORM (CDR ALPHA))) (ORDINALP ALPHA) (NOT (LESSP (SUB1 N) (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA)))))) (MEMBER ALPHA (NORM-UP-TO N))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX6 (PROVE-LEMMA NORM-UP-TO-BIG-ENUF-AUX7 (REWRITE) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N)) ((DISABLE BAD-FOR-NORM-UP-TO-BIG-ENUF) (INDUCT (NORM-UP-TO-BIG-ENUF-KLUDGE ALPHA N)))) WARNING: Note that the rewrite rule NORM-UP-TO-BIG-ENUF-AUX7 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-NORM-UP-TO-BIG-ENUF. WARNING: the newly proposed lemma, NORM-UP-TO-BIG-ENUF-AUX7, could be applied whenever the previously added lemma NORM-UP-TO-BIG-ENUF-AUX6 could. This formula can be simplified, using the abbreviations ZEROP, NOT, OR, and AND, to the following two new conjectures: Case 2. (IMPLIES (AND (LISTP ALPHA) (NOT (EQUAL N 0)) (NUMBERP N) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CDR ALPHA) (SUB1 N))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CAR ALPHA) (SUB1 N)))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N))). This simplifies, rewriting with NORM-UP-TO-BIG-ENUF-AUX5, to the goal: (IMPLIES (AND (NOT (EQUAL N 0)) (NUMBERP N) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CDR ALPHA) (SUB1 N))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CAR ALPHA) (SUB1 N)))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N))). Appealing to the lemma CAR-CDR-ELIM, we now replace ALPHA by (CONS Z X) to eliminate (CDR ALPHA) and (CAR ALPHA). The result is two new formulas: Case 2.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (NOT (EQUAL N 0)) (NUMBERP N) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CDR ALPHA) (SUB1 N))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CAR ALPHA) (SUB1 N)))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N))), which further simplifies, rewriting with NORM-UP-TO-BIG-ENUF-AUX5, to: T. Case 2.1. (IMPLIES (AND (NOT (EQUAL N 0)) (NUMBERP N) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF X (SUB1 N))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF Z (SUB1 N)))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF (CONS Z X) N))). However this further simplifies, rewriting with CDR-CONS, CAR-CONS, and NORM-UP-TO-BIG-ENUF-AUX6, to: T. Case 1. (IMPLIES (NOT (AND (LISTP ALPHA) (NOT (ZEROP N)))) (NOT (BAD-FOR-NORM-UP-TO-BIG-ENUF ALPHA N))). This simplifies, rewriting with NORM-UP-TO-BIG-ENUF-AUX5, and opening up the definitions of NOT and AND, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX7 (PROVE-LEMMA NORM-UP-TO-BIG-ENUF (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LEQ (NORM ALPHA) N)) (MEMBER ALPHA (NORM-UP-TO N))) ((USE (NORM-UP-TO-BIG-ENUF-AUX7 (ALPHA ALPHA) (N N))) (DISABLE NORM-UP-TO-BIG-ENUF-AUX7))) WARNING: the newly proposed lemma, NORM-UP-TO-BIG-ENUF, could be applied whenever the previously added lemma NORM-UP-TO-BIG-ENUF-AUX3 could. WARNING: the newly proposed lemma, NORM-UP-TO-BIG-ENUF, could be applied whenever the previously added lemma NORM-UP-TO-BIG-ENUF-AUX1 could. This formula simplifies, appealing to the lemmas CARS-ARE-ORDINALS and CDRS-ARE-ORDINALS, and expanding the definitions of ORDINALP, BAD-FOR-NORM-UP-TO-BIG-ENUF, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF (DISABLE NORM-UP-TO-BIG-ENUF-AUX1) [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX1-OFF (DISABLE NORM-UP-TO-BIG-ENUF-AUX2) [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX2-OFF (DISABLE NORM-UP-TO-BIG-ENUF-AUX3) [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX3-OFF (DISABLE NORM-UP-TO-BIG-ENUF-AUX4) [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX4-OFF (DISABLE NORM-UP-TO-BIG-ENUF-AUX5) [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX5-OFF (DISABLE NORM-UP-TO-BIG-ENUF-AUX6) [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX6-OFF (DISABLE NORM-UP-TO-BIG-ENUF-AUX7) [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-AUX7-OFF (DISABLE NORM-UP-TO-BIG-ENUF-KLUDGE) [ 0.0 0.0 0.0 ] NORM-UP-TO-BIG-ENUF-KLUDGE-OFF (DISABLE BAD-FOR-NORM-UP-TO-BIG-ENUF) [ 0.0 0.0 0.0 ] BAD-FOR-NORM-UP-TO-BIG-ENUF-OFF (PROVE-LEMMA NORM-OF-NUM-SHARP (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (NUMBERP N)) (EQUAL (NORM (NUM-SHARP ALPHA N)) (PLUS (NORM ALPHA) (NORM N))))) This formula simplifies, applying the lemma NORM-OF-A-NUMBER, to: (IMPLIES (AND (ORDINALP ALPHA) (NUMBERP N)) (EQUAL (NORM (NUM-SHARP ALPHA N)) (PLUS (NORM ALPHA) N))), which we will name *1. We will appeal to induction. There are two plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CAR ALPHA) N) (p (CDR ALPHA) N)) (p ALPHA N)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA N))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following five new formulas: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CAR ALPHA))) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA) (NUMBERP N)) (EQUAL (NORM (NUM-SHARP ALPHA N)) (PLUS (NORM ALPHA) N))). This simplifies, unfolding the function ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (EQUAL (NORM (NUM-SHARP (CAR ALPHA) N)) (PLUS (NORM (CAR ALPHA)) N)) (NOT (ORDINALP (CDR ALPHA))) (ORDINALP ALPHA) (NUMBERP N)) (EQUAL (NORM (NUM-SHARP ALPHA N)) (PLUS (NORM ALPHA) N))). This simplifies, unfolding the definition of ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CAR ALPHA))) (EQUAL (NORM (NUM-SHARP (CDR ALPHA) N)) (PLUS (NORM (CDR ALPHA)) N)) (ORDINALP ALPHA) (NUMBERP N)) (EQUAL (NORM (NUM-SHARP ALPHA N)) (PLUS (NORM ALPHA) N))). This simplifies, unfolding the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (NORM (NUM-SHARP (CAR ALPHA) N)) (PLUS (NORM (CAR ALPHA)) N)) (EQUAL (NORM (NUM-SHARP (CDR ALPHA) N)) (PLUS (NORM (CDR ALPHA)) N)) (ORDINALP ALPHA) (NUMBERP N)) (EQUAL (NORM (NUM-SHARP ALPHA N)) (PLUS (NORM ALPHA) N))). This simplifies, rewriting with the lemmas CAR-CONS, CDR-CONS, NORM-OF-CONS, SUB1-ADD1, and ADD1-EQUAL, and unfolding the functions ORDINALP, NUM-SHARP, and PLUS, to the following two new conjectures: Case 2.2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (NORM (NUM-SHARP (CAR ALPHA) N)) (PLUS (NORM (CAR ALPHA)) N)) (EQUAL (NORM (NUM-SHARP (CDR ALPHA) N)) (PLUS (NORM (CDR ALPHA)) N)) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (NUMBERP N)) (EQUAL (PLUS (NORM (CAR ALPHA)) (NORM (NUM-SHARP (CDR ALPHA) N))) (PLUS (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))) N))). This again simplifies, using linear arithmetic, to: T. Case 2.1. (IMPLIES (AND (LISTP ALPHA) (EQUAL (NORM (NUM-SHARP (CAR ALPHA) N)) (PLUS (NORM (CAR ALPHA)) N)) (EQUAL (NORM (NUM-SHARP (CDR ALPHA) N)) (PLUS (NORM (CDR ALPHA)) N)) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (NUMBERP N)) (EQUAL (PLUS (NORM (CAR ALPHA)) (NORM (NUM-SHARP (CDR ALPHA) N))) (PLUS (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))) N))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (NUMBERP N)) (EQUAL (NORM (NUM-SHARP ALPHA N)) (PLUS (NORM ALPHA) N))), which simplifies, rewriting with NORM-OF-A-NUMBER, and unfolding the functions ORDINALP and NUM-SHARP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-NUM-SHARP (PROVE-LEMMA NORM-OF-INSERT (REWRITE) (IMPLIES (ORDINALP ALPHA) (EQUAL (NORM (INSERT DELTA ALPHA)) (ADD1 (PLUS (NORM DELTA) (NORM ALPHA)))))) This conjecture simplifies, rewriting with NORM-OF-CONS and ADD1-EQUAL, to: (IMPLIES (ORDINALP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA ALPHA))) (NORM (CDR (INSERT DELTA ALPHA)))) (PLUS (NORM DELTA) (NORM ALPHA)))), which we will name *1. Perhaps we can prove it by induction. There are three plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p DELTA (CDR ALPHA)) (p DELTA (CAR ALPHA))) (p DELTA ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p DELTA ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following five new goals: Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (EQUAL (PLUS (NORM (CAR (INSERT DELTA ALPHA))) (NORM (CDR (INSERT DELTA ALPHA)))) (PLUS (NORM DELTA) (NORM ALPHA)))). This simplifies, opening up ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CDR ALPHA)))) (NORM (CDR (INSERT DELTA (CDR ALPHA))))) (PLUS (NORM DELTA) (NORM (CDR ALPHA)))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA)) (EQUAL (PLUS (NORM (CAR (INSERT DELTA ALPHA))) (NORM (CDR (INSERT DELTA ALPHA)))) (PLUS (NORM DELTA) (NORM ALPHA)))). This simplifies, opening up the definition of ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CAR ALPHA)))) (NORM (CDR (INSERT DELTA (CAR ALPHA))))) (PLUS (NORM DELTA) (NORM (CAR ALPHA)))) (ORDINALP ALPHA)) (EQUAL (PLUS (NORM (CAR (INSERT DELTA ALPHA))) (NORM (CDR (INSERT DELTA ALPHA)))) (PLUS (NORM DELTA) (NORM ALPHA)))). This simplifies, opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CDR ALPHA)))) (NORM (CDR (INSERT DELTA (CDR ALPHA))))) (PLUS (NORM DELTA) (NORM (CDR ALPHA)))) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CAR ALPHA)))) (NORM (CDR (INSERT DELTA (CAR ALPHA))))) (PLUS (NORM DELTA) (NORM (CAR ALPHA)))) (ORDINALP ALPHA)) (EQUAL (PLUS (NORM (CAR (INSERT DELTA ALPHA))) (NORM (CDR (INSERT DELTA ALPHA)))) (PLUS (NORM DELTA) (NORM ALPHA)))). This simplifies, applying NORM-OF-CONS, and unfolding the definitions of ORDINALP and INSERT, to four new conjectures: Case 2.4. (IMPLIES (AND (LISTP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CDR ALPHA)))) (NORM (CDR (INSERT DELTA (CDR ALPHA))))) (PLUS (NORM DELTA) (NORM (CDR ALPHA)))) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CAR ALPHA)))) (NORM (CDR (INSERT DELTA (CAR ALPHA))))) (PLUS (NORM DELTA) (NORM (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (EQUAL (PLUS (NORM (CAR (CONS DELTA ALPHA))) (NORM (CDR (CONS DELTA ALPHA)))) (PLUS (NORM DELTA) (ADD1 (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))))))), which again simplifies, applying CAR-CONS, CDR-CONS, and NORM-OF-CONS, to: T. Case 2.3. (IMPLIES (AND (LISTP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CDR ALPHA)))) (NORM (CDR (INSERT DELTA (CDR ALPHA))))) (PLUS (NORM DELTA) (NORM (CDR ALPHA)))) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CAR ALPHA)))) (NORM (CDR (INSERT DELTA (CAR ALPHA))))) (PLUS (NORM DELTA) (NORM (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORD-LESSP DELTA (CAR ALPHA))) (EQUAL (PLUS (NORM (CAR (CONS (CAR ALPHA) (INSERT DELTA (CDR ALPHA))))) (NORM (CDR (CONS (CAR ALPHA) (INSERT DELTA (CDR ALPHA)))))) (PLUS (NORM DELTA) (ADD1 (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))))))). This again simplifies, applying CAR-CONS, CDR-CONS, and NORM-OF-CONS, to: (IMPLIES (AND (LISTP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CDR ALPHA)))) (NORM (CDR (INSERT DELTA (CDR ALPHA))))) (PLUS (NORM DELTA) (NORM (CDR ALPHA)))) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CAR ALPHA)))) (NORM (CDR (INSERT DELTA (CAR ALPHA))))) (PLUS (NORM DELTA) (NORM (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (ORD-LESSP DELTA (CAR ALPHA))) (EQUAL (PLUS (NORM (CAR ALPHA)) (ADD1 (PLUS (NORM DELTA) (NORM (CDR ALPHA))))) (PLUS (NORM DELTA) (ADD1 (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))))))), which again simplifies, using linear arithmetic, to: T. Case 2.2. (IMPLIES (AND (LISTP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CDR ALPHA)))) (NORM (CDR (INSERT DELTA (CDR ALPHA))))) (PLUS (NORM DELTA) (NORM (CDR ALPHA)))) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CAR ALPHA)))) (NORM (CDR (INSERT DELTA (CAR ALPHA))))) (PLUS (NORM DELTA) (NORM (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (NOT (ORD-LESSP DELTA (CAR ALPHA)))) (EQUAL (PLUS (NORM (CAR (CONS DELTA ALPHA))) (NORM (CDR (CONS DELTA ALPHA)))) (PLUS (NORM DELTA) (ADD1 (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))))))), which again simplifies, applying the lemmas CAR-CONS, CDR-CONS, and NORM-OF-CONS, to: T. Case 2.1. (IMPLIES (AND (LISTP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CDR ALPHA)))) (NORM (CDR (INSERT DELTA (CDR ALPHA))))) (PLUS (NORM DELTA) (NORM (CDR ALPHA)))) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CAR ALPHA)))) (NORM (CDR (INSERT DELTA (CAR ALPHA))))) (PLUS (NORM DELTA) (NORM (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (ORD-LESSP DELTA (CAR ALPHA))) (EQUAL (PLUS (NORM (CAR (CONS (CAR ALPHA) (INSERT DELTA (CDR ALPHA))))) (NORM (CDR (CONS (CAR ALPHA) (INSERT DELTA (CDR ALPHA)))))) (PLUS (NORM DELTA) (ADD1 (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))))))), which again simplifies, rewriting with CAR-CONS, CDR-CONS, and NORM-OF-CONS, to the new formula: (IMPLIES (AND (LISTP ALPHA) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CDR ALPHA)))) (NORM (CDR (INSERT DELTA (CDR ALPHA))))) (PLUS (NORM DELTA) (NORM (CDR ALPHA)))) (EQUAL (PLUS (NORM (CAR (INSERT DELTA (CAR ALPHA)))) (NORM (CDR (INSERT DELTA (CAR ALPHA))))) (PLUS (NORM DELTA) (NORM (CAR ALPHA)))) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA)) (NOT (LISTP (CDR ALPHA))) (ORD-LESSP DELTA (CAR ALPHA))) (EQUAL (PLUS (NORM (CAR ALPHA)) (ADD1 (PLUS (NORM DELTA) (NORM (CDR ALPHA))))) (PLUS (NORM DELTA) (ADD1 (PLUS (NORM (CAR ALPHA)) (NORM (CDR ALPHA))))))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA)) (EQUAL (PLUS (NORM (CAR (INSERT DELTA ALPHA))) (NORM (CDR (INSERT DELTA ALPHA)))) (PLUS (NORM DELTA) (NORM ALPHA)))), which simplifies, rewriting with CAR-CONS, CDR-CONS, and NORM-OF-A-NUMBER, and expanding the functions ORDINALP and INSERT, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NORM-OF-INSERT (PROVE-LEMMA NORM-OF-SHARP (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (NORM (SHARP ALPHA BETA)) (PLUS (NORM ALPHA) (NORM BETA))))) Give the conjecture the name *1. We will appeal to induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP BETA) (p ALPHA (CAR BETA)) (p ALPHA (CDR BETA))) (p ALPHA BETA)) (IMPLIES (NOT (LISTP BETA)) (p ALPHA BETA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to establish that the measure (COUNT BETA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to five new goals: Case 5. (IMPLIES (AND (LISTP BETA) (NOT (ORDINALP (CAR BETA))) (NOT (ORDINALP (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (NORM (SHARP ALPHA BETA)) (PLUS (NORM ALPHA) (NORM BETA)))), which simplifies, unfolding the function ORDINALP, to: T. Case 4. (IMPLIES (AND (LISTP BETA) (EQUAL (NORM (SHARP ALPHA (CAR BETA))) (PLUS (NORM ALPHA) (NORM (CAR BETA)))) (NOT (ORDINALP (CDR BETA))) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (NORM (SHARP ALPHA BETA)) (PLUS (NORM ALPHA) (NORM BETA)))), which simplifies, opening up ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP BETA) (NOT (ORDINALP (CAR BETA))) (EQUAL (NORM (SHARP ALPHA (CDR BETA))) (PLUS (NORM ALPHA) (NORM (CDR BETA)))) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (NORM (SHARP ALPHA BETA)) (PLUS (NORM ALPHA) (NORM BETA)))), which simplifies, expanding ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP BETA) (EQUAL (NORM (SHARP ALPHA (CAR BETA))) (PLUS (NORM ALPHA) (NORM (CAR BETA)))) (EQUAL (NORM (SHARP ALPHA (CDR BETA))) (PLUS (NORM ALPHA) (NORM (CDR BETA)))) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (NORM (SHARP ALPHA BETA)) (PLUS (NORM ALPHA) (NORM BETA)))), which simplifies, applying SHARP-IS-AN-ORDINAL, NORM-OF-INSERT, and NORM-OF-CONS, and unfolding ORDINALP and SHARP, to the following two new formulas: Case 2.2. (IMPLIES (AND (LISTP BETA) (EQUAL (NORM (SHARP ALPHA (CAR BETA))) (PLUS (NORM ALPHA) (NORM (CAR BETA)))) (EQUAL (NORM (SHARP ALPHA (CDR BETA))) (PLUS (NORM ALPHA) (NORM (CDR BETA)))) (ORDINALP ALPHA) (ORDINALP (CAR BETA)) (NOT (EQUAL (CAR BETA) 0)) (ORDINALP (CDR BETA)) (NOT (ORD-LESSP (CAR BETA) (CADR BETA)))) (EQUAL (ADD1 (PLUS (NORM (CAR BETA)) (NORM (SHARP ALPHA (CDR BETA))))) (PLUS (NORM ALPHA) (ADD1 (PLUS (NORM (CAR BETA)) (NORM (CDR BETA))))))). But this again simplifies, using linear arithmetic, to: T. Case 2.1. (IMPLIES (AND (LISTP BETA) (EQUAL (NORM (SHARP ALPHA (CAR BETA))) (PLUS (NORM ALPHA) (NORM (CAR BETA)))) (EQUAL (NORM (SHARP ALPHA (CDR BETA))) (PLUS (NORM ALPHA) (NORM (CDR BETA)))) (ORDINALP ALPHA) (ORDINALP (CAR BETA)) (NOT (EQUAL (CAR BETA) 0)) (ORDINALP (CDR BETA)) (NOT (LISTP (CDR BETA)))) (EQUAL (ADD1 (PLUS (NORM (CAR BETA)) (NORM (SHARP ALPHA (CDR BETA))))) (PLUS (NORM ALPHA) (ADD1 (PLUS (NORM (CAR BETA)) (NORM (CDR BETA))))))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP BETA)) (ORDINALP ALPHA) (ORDINALP BETA)) (EQUAL (NORM (SHARP ALPHA BETA)) (PLUS (NORM ALPHA) (NORM BETA)))), which simplifies, rewriting with NORM-OF-A-NUMBER and NORM-OF-NUM-SHARP, and opening up the functions ORDINALP and SHARP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-SHARP (DEFN MAX-BELOW (ALPHA LST N) (IF (LISTP LST) (IF (AND (ORDINALP (CAR LST)) (LEQ (NORM (CAR LST)) N) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA)) (CAR LST) (MAX-BELOW ALPHA (CDR LST) N)) 0)) Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each recursive call. Hence, MAX-BELOW is accepted under the principle of definition. [ 0.0 0.0 0.0 ] MAX-BELOW (PROVE-LEMMA MAX-BELOW-IS-AN-ORDINAL (REWRITE) (ORDINALP (MAX-BELOW ALPHA LST N))) Give the conjecture the name *1. We will try to prove it by induction. There is only one suggested induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA)) (p ALPHA (CDR LST) N)) (p ALPHA LST N)) (IMPLIES (AND (LISTP LST) (NOT (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA))) (p ALPHA (CDR LST) N)) (p ALPHA LST N)) (IMPLIES (NOT (LISTP LST)) (p ALPHA LST N))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to three new formulas: Case 3. (IMPLIES (AND (LISTP LST) (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA)) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N))) (ORDINALP (MAX-BELOW ALPHA LST N))), which simplifies, applying CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and opening up the definitions of AND, MAX-BELOW, and ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP LST) (NOT (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N))) (ORDINALP (MAX-BELOW ALPHA LST N))). This simplifies, applying CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and unfolding AND, MAX-BELOW, and ORDINALP, to 12 new conjectures: Case 2.12. (IMPLIES (AND (LISTP LST) (NOT (ORDINALP (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (NOT (LISTP (MAX-BELOW ALPHA (CDR LST) N)))) (NUMBERP (MAX-BELOW ALPHA (CDR LST) N))), which again simplifies, unfolding ORDINALP, to: T. Case 2.11. (IMPLIES (AND (LISTP LST) (NOT (ORDINALP (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (CDR (MAX-BELOW ALPHA (CDR LST) N)))) (NOT (ORD-LESSP (CAR (MAX-BELOW ALPHA (CDR LST) N)) (CADR (MAX-BELOW ALPHA (CDR LST) N))))), which again simplifies, opening up ORDINALP, to: T. Case 2.10. (IMPLIES (AND (LISTP LST) (NOT (ORDINALP (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (MAX-BELOW ALPHA (CDR LST) N))) (NOT (EQUAL (CAR (MAX-BELOW ALPHA (CDR LST) N)) 0))), which again simplifies, opening up the functions EQUAL and ORDINALP, to: T. Case 2.9. (IMPLIES (AND (LISTP LST) (LESSP N (NORM (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (NOT (LISTP (MAX-BELOW ALPHA (CDR LST) N)))) (NUMBERP (MAX-BELOW ALPHA (CDR LST) N))), which again simplifies, expanding ORDINALP, to: T. Case 2.8. (IMPLIES (AND (LISTP LST) (LESSP N (NORM (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (CDR (MAX-BELOW ALPHA (CDR LST) N)))) (NOT (ORD-LESSP (CAR (MAX-BELOW ALPHA (CDR LST) N)) (CADR (MAX-BELOW ALPHA (CDR LST) N))))), which again simplifies, unfolding the definition of ORDINALP, to: T. Case 2.7. (IMPLIES (AND (LISTP LST) (LESSP N (NORM (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (MAX-BELOW ALPHA (CDR LST) N))) (NOT (EQUAL (CAR (MAX-BELOW ALPHA (CDR LST) N)) 0))), which again simplifies, unfolding the definitions of EQUAL and ORDINALP, to: T. Case 2.6. (IMPLIES (AND (LISTP LST) (NOT (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (NOT (LISTP (MAX-BELOW ALPHA (CDR LST) N)))) (NUMBERP (MAX-BELOW ALPHA (CDR LST) N))), which again simplifies, unfolding the definition of ORDINALP, to: T. Case 2.5. (IMPLIES (AND (LISTP LST) (NOT (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (CDR (MAX-BELOW ALPHA (CDR LST) N)))) (NOT (ORD-LESSP (CAR (MAX-BELOW ALPHA (CDR LST) N)) (CADR (MAX-BELOW ALPHA (CDR LST) N))))), which again simplifies, expanding the function ORDINALP, to: T. Case 2.4. (IMPLIES (AND (LISTP LST) (NOT (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST))) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (MAX-BELOW ALPHA (CDR LST) N))) (NOT (EQUAL (CAR (MAX-BELOW ALPHA (CDR LST) N)) 0))), which again simplifies, expanding the functions EQUAL and ORDINALP, to: T. Case 2.3. (IMPLIES (AND (LISTP LST) (NOT (ORD-LESSP (CAR LST) ALPHA)) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (NOT (LISTP (MAX-BELOW ALPHA (CDR LST) N)))) (NUMBERP (MAX-BELOW ALPHA (CDR LST) N))), which again simplifies, opening up the definition of ORDINALP, to: T. Case 2.2. (IMPLIES (AND (LISTP LST) (NOT (ORD-LESSP (CAR LST) ALPHA)) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (CDR (MAX-BELOW ALPHA (CDR LST) N)))) (NOT (ORD-LESSP (CAR (MAX-BELOW ALPHA (CDR LST) N)) (CADR (MAX-BELOW ALPHA (CDR LST) N))))), which again simplifies, expanding ORDINALP, to: T. Case 2.1. (IMPLIES (AND (LISTP LST) (NOT (ORD-LESSP (CAR LST) ALPHA)) (ORDINALP (MAX-BELOW ALPHA (CDR LST) N)) (LISTP (MAX-BELOW ALPHA (CDR LST) N))) (NOT (EQUAL (CAR (MAX-BELOW ALPHA (CDR LST) N)) 0))), which again simplifies, unfolding EQUAL and ORDINALP, to: T. Case 1. (IMPLIES (NOT (LISTP LST)) (ORDINALP (MAX-BELOW ALPHA LST N))), which simplifies, opening up the functions MAX-BELOW and ORDINALP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.3 0.0 ] MAX-BELOW-IS-AN-ORDINAL (PROVE-LEMMA MAX-BELOW-IS-BELOW (REWRITE) (IMPLIES (ORD-LESSP 0 ALPHA) (ORD-LESSP (MAX-BELOW ALPHA LST N) ALPHA))) Call the conjecture *1. Perhaps we can prove it by induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA)) (p ALPHA (CDR LST) N)) (p ALPHA LST N)) (IMPLIES (AND (LISTP LST) (NOT (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA))) (p ALPHA (CDR LST) N)) (p ALPHA LST N)) (IMPLIES (NOT (LISTP LST)) (p ALPHA LST N))). Linear arithmetic and the lemma CDR-LESSP can be used to prove that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to three new goals: Case 3. (IMPLIES (AND (LISTP LST) (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA)) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) ALPHA) (ORD-LESSP 0 ALPHA)) (ORD-LESSP (MAX-BELOW ALPHA LST N) ALPHA)), which simplifies, applying the lemmas TRANSITIVITY, CDRS-ARE-ORDINALS, and CARS-ARE-ORDINALS, and opening up the definitions of AND, MAX-BELOW, and ORDINALP, to three new formulas: Case 3.3. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA) (ORD-LESSP 0 ALPHA) (NOT (LISTP (CAR LST))) (NOT (NUMBERP (CAR LST)))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) ALPHA)), which again simplifies, opening up the definition of ORDINALP, to: T. Case 3.2. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA) (ORD-LESSP 0 ALPHA) (LISTP (CAR LST)) (LISTP (CDAR LST)) (ORD-LESSP (CAAR LST) (CADAR LST))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) ALPHA)), which again simplifies, unfolding the function ORDINALP, to: T. Case 3.1. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA) (ORD-LESSP 0 ALPHA) (LISTP (CAR LST)) (EQUAL (CAAR LST) 0)) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) ALPHA)), which again simplifies, opening up EQUAL and ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP LST) (NOT (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) ALPHA) (ORD-LESSP 0 ALPHA)) (ORD-LESSP (MAX-BELOW ALPHA LST N) ALPHA)), which simplifies, opening up the definitions of AND and MAX-BELOW, to: T. Case 1. (IMPLIES (AND (NOT (LISTP LST)) (ORD-LESSP 0 ALPHA)) (ORD-LESSP (MAX-BELOW ALPHA LST N) ALPHA)), which simplifies, expanding the definition of MAX-BELOW, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] MAX-BELOW-IS-BELOW (PROVE-LEMMA MAX-BELOW-IS-MAX (REWRITE) (IMPLIES (AND (ORDINALP BETA) (LEQ (NORM BETA) N) (MEMBER BETA LST) (ORD-LESSP BETA ALPHA)) (NOT (ORD-LESSP (MAX-BELOW ALPHA LST N) BETA)))) Give the conjecture the name *1. We will try to prove it by induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP LST) (p ALPHA LST N BETA)) (IMPLIES (AND (NOT (NLISTP LST)) (EQUAL BETA (CAR LST))) (p ALPHA LST N BETA)) (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL BETA (CAR LST))) (p ALPHA (CDR LST) N BETA)) (p ALPHA LST N BETA))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to four new goals: Case 4. (IMPLIES (AND (NLISTP LST) (ORDINALP BETA) (NOT (LESSP N (NORM BETA))) (MEMBER BETA LST) (ORD-LESSP BETA ALPHA)) (NOT (ORD-LESSP (MAX-BELOW ALPHA LST N) BETA))), which simplifies, unfolding the definitions of NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP LST)) (EQUAL BETA (CAR LST)) (ORDINALP BETA) (NOT (LESSP N (NORM BETA))) (MEMBER BETA LST) (ORD-LESSP BETA ALPHA)) (NOT (ORD-LESSP (MAX-BELOW ALPHA LST N) BETA))), which simplifies, rewriting with CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and unfolding the definitions of NLISTP, MEMBER, MAX-BELOW, and ORDINALP, to the following six new conjectures: Case 3.6. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (CAR LST) ALPHA) (LISTP (CAR LST)) (LISTP (CDAR LST)) (ORD-LESSP (CAAR LST) (CADAR LST))) (NOT (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)))). However this again simplifies, expanding the function ORDINALP, to: T. Case 3.5. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (CAR LST) ALPHA) (LISTP (CAR LST)) (EQUAL (CAAR LST) 0)) (NOT (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)))), which again simplifies, opening up EQUAL and ORDINALP, to: T. Case 3.4. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (CAR LST) ALPHA) (NOT (LISTP (CAR LST))) (NOT (NUMBERP (CAR LST)))) (NOT (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)))), which again simplifies, opening up the definition of ORDINALP, to: T. Case 3.3. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (CAR LST) ALPHA) (NOT (LISTP (CAR LST))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST))) (NOT (ORD-LESSP (CAR LST) (CAR LST)))), which again simplifies, appealing to the lemmas NORM-OF-A-NUMBER and IRREFLEX, and opening up the definition of ORDINALP, to: T. Case 3.2. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (CAR LST) ALPHA) (NOT (LISTP (CDAR LST))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST))) (NOT (ORD-LESSP (CAR LST) (CAR LST)))), which again simplifies, rewriting with the lemma IRREFLEX, to: T. Case 3.1. (IMPLIES (AND (LISTP LST) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (CAR LST) ALPHA) (NOT (ORD-LESSP (CAAR LST) (CADAR LST))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST))) (NOT (ORD-LESSP (CAR LST) (CAR LST)))), which again simplifies, applying the lemma IRREFLEX, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL BETA (CAR LST))) (NOT (MEMBER BETA (CDR LST))) (ORDINALP BETA) (NOT (LESSP N (NORM BETA))) (MEMBER BETA LST) (ORD-LESSP BETA ALPHA)) (NOT (ORD-LESSP (MAX-BELOW ALPHA LST N) BETA))), which simplifies, expanding NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL BETA (CAR LST))) (NOT (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) BETA)) (ORDINALP BETA) (NOT (LESSP N (NORM BETA))) (MEMBER BETA LST) (ORD-LESSP BETA ALPHA)) (NOT (ORD-LESSP (MAX-BELOW ALPHA LST N) BETA))), which simplifies, unfolding NLISTP, MEMBER, and MAX-BELOW, to: (IMPLIES (AND (LISTP LST) (NOT (EQUAL BETA (CAR LST))) (NOT (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) BETA)) (ORDINALP BETA) (NOT (LESSP N (NORM BETA))) (MEMBER BETA (CDR LST)) (ORD-LESSP BETA ALPHA) (ORDINALP (CAR LST)) (NOT (LESSP N (NORM (CAR LST)))) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA)) (NOT (ORD-LESSP (CAR LST) BETA))). But this again simplifies, applying TRANSITIVITY, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MAX-BELOW-IS-MAX (PROVE-LEMMA NORM-OF-MAX-BELOW NIL (LEQ (NORM (MAX-BELOW ALPHA LST N)) N)) Give the conjecture the name *1. We will appeal to induction. There are two plausible inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA)) (p N ALPHA (CDR LST))) (p N ALPHA LST)) (IMPLIES (AND (LISTP LST) (NOT (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA))) (p N ALPHA (CDR LST))) (p N ALPHA LST)) (IMPLIES (NOT (LISTP LST)) (p N ALPHA LST))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following three new formulas: Case 3. (IMPLIES (AND (LISTP LST) (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA)) (NOT (LESSP N (NORM (MAX-BELOW ALPHA (CDR LST) N))))) (NOT (LESSP N (NORM (MAX-BELOW ALPHA LST N))))). This simplifies, rewriting with the lemmas CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and unfolding AND, MAX-BELOW, and ORDINALP, to: T. Case 2. (IMPLIES (AND (LISTP LST) (NOT (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW ALPHA (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) ALPHA))) (NOT (LESSP N (NORM (MAX-BELOW ALPHA (CDR LST) N))))) (NOT (LESSP N (NORM (MAX-BELOW ALPHA LST N))))). This simplifies, unfolding the definitions of AND and MAX-BELOW, to: T. Case 1. (IMPLIES (NOT (LISTP LST)) (NOT (LESSP N (NORM (MAX-BELOW ALPHA LST N))))). This simplifies, opening up MAX-BELOW, NORM, EQUAL, and LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NORM-OF-MAX-BELOW (ENABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-ON (PROVE-LEMMA MAX-BELOW-OF-0 (REWRITE) (EQUAL (MAX-BELOW 0 LST N) 0)) Name the conjecture *1. Perhaps we can prove it by induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW 0 (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) 0)) (p (CDR LST) N)) (p LST N)) (IMPLIES (AND (LISTP LST) (NOT (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW 0 (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) 0))) (p (CDR LST) N)) (p LST N)) (IMPLIES (NOT (LISTP LST)) (p LST N))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following three new goals: Case 3. (IMPLIES (AND (LISTP LST) (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW 0 (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) 0)) (EQUAL (MAX-BELOW 0 (CDR LST) N) 0)) (EQUAL (MAX-BELOW 0 LST N) 0)). This simplifies, expanding LESSP, EQUAL, LISTP, ORD-LESSP, and AND, to: T. Case 2. (IMPLIES (AND (LISTP LST) (NOT (AND (ORDINALP (CAR LST)) (IF (LESSP N (NORM (CAR LST))) F T) (ORD-LESSP (MAX-BELOW 0 (CDR LST) N) (CAR LST)) (ORD-LESSP (CAR LST) 0))) (EQUAL (MAX-BELOW 0 (CDR LST) N) 0)) (EQUAL (MAX-BELOW 0 LST N) 0)). This simplifies, unfolding LESSP, EQUAL, LISTP, ORD-LESSP, AND, and MAX-BELOW, to: T. Case 1. (IMPLIES (NOT (LISTP LST)) (EQUAL (MAX-BELOW 0 LST N) 0)). This simplifies, opening up MAX-BELOW and EQUAL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] MAX-BELOW-OF-0 (DISABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-OFF1 (DISABLE MAX-BELOW) [ 0.0 0.0 0.0 ] MAX-BELOW-OFF (DEFN PRED (ALPHA N) (MAX-BELOW ALPHA (NORM-UP-TO (PLUS (NORM ALPHA) (MAGIC N))) (PLUS (NORM ALPHA) (MAGIC N)))) [ 0.0 0.0 0.0 ] PRED (PROVE-LEMMA PRED-OF-0 (REWRITE) (EQUAL (PRED 0 N) 0)) WARNING: Note that the rewrite rule PRED-OF-0 will be stored so as to apply only to terms with the nonrecursive function symbol PRED. This simplifies, rewriting with MAX-BELOW-OF-0, and unfolding PLUS, EQUAL, NORM, and PRED, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-0 (PROVE-LEMMA PRED-IS-BELOW (REWRITE) (IMPLIES (ORD-LESSP 0 ALPHA) (ORD-LESSP (PRED ALPHA N) ALPHA))) This formula simplifies, applying MAX-BELOW-IS-BELOW, and opening up the function PRED, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-IS-BELOW (PROVE-LEMMA PRED-IS-AN-ORDINAL (REWRITE) (ORDINALP (PRED ALPHA N))) This conjecture simplifies, applying the lemma MAX-BELOW-IS-AN-ORDINAL, and unfolding the definition of PRED, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-IS-AN-ORDINAL (PROVE-LEMMA UPPER-BOUND-ON-NORM-OF-PRED NIL (LEQ (NORM (PRED ALPHA N)) (PLUS (NORM ALPHA) (MAGIC N))) ((DO-NOT-INDUCT T) (USE (NORM-OF-MAX-BELOW (ALPHA ALPHA) (N (PLUS (NORM ALPHA) (MAGIC N))) (LST (NORM-UP-TO (PLUS (NORM ALPHA) (MAGIC N)))))))) This conjecture simplifies, opening up the definition of PRED, to: T. Q.E.D. [ 0.0 0.0 0.0 ] UPPER-BOUND-ON-NORM-OF-PRED (PROVE-LEMMA PRED-IS-LARGEST (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (LEQ (NORM BETA) (PLUS (NORM ALPHA) (MAGIC N))) (ORD-LESSP BETA ALPHA)) (ORD-LEQ BETA (PRED ALPHA N))) ((DO-NOT-INDUCT T) (USE (MAX-BELOW-IS-MAX (ALPHA ALPHA) (BETA BETA) (N (PLUS (NORM ALPHA) (MAGIC N))) (LST (NORM-UP-TO (PLUS (NORM ALPHA) (MAGIC N))))) (NORM-UP-TO-BIG-ENUF (ALPHA BETA) (N (PLUS (NORM ALPHA) (MAGIC N))))) (DISABLE NORM-UP-TO-BIG-ENUF MAX-BELOW-IS-MAX) (ENABLE ORD-LEQ))) This conjecture can be simplified, using the abbreviations ORD-LEQ, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP BETA) (IF (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM BETA)) F T) (MEMBER BETA (NORM-UP-TO (PLUS (NORM ALPHA) (MAGIC N)))) (ORD-LESSP BETA ALPHA)) (NOT (ORD-LESSP (MAX-BELOW ALPHA (NORM-UP-TO (PLUS (NORM ALPHA) (MAGIC N))) (PLUS (NORM ALPHA) (MAGIC N))) BETA))) (IMPLIES (AND (ORDINALP BETA) (IF (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM BETA)) F T)) (MEMBER BETA (NORM-UP-TO (PLUS (NORM ALPHA) (MAGIC N))))) (ORDINALP ALPHA) (ORDINALP BETA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM BETA))) (ORD-LESSP BETA ALPHA)) (NOT (ORD-LESSP (PRED ALPHA N) BETA))). This simplifies, applying CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, NORM-OF-CONS, and SUB1-ADD1, and opening up the functions ORDINALP, AND, NOT, IMPLIES, LESSP, EQUAL, NORM, PLUS, and PRED, to: T. Q.E.D. [ 0.0 0.1 0.0 ] PRED-IS-LARGEST (DISABLE PRED) [ 0.0 0.0 0.0 ] PRED-OFF (ENABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-ON1 (PROVE-LEMMA PRED-BELOW-LIMIT (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LIMITP ALPHA)) (ORD-LESSP (PRED ALPHA N) ALPHA))) This conjecture can be simplified, using the abbreviations LIMITP, AND, and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (ORD-LESSP (PRED ALPHA N) ALPHA)). This simplifies, applying PRED-IS-BELOW, and unfolding the definitions of ORD-LESSP and LISTP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-BELOW-LIMIT (DISABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-OFF2 (PROVE-LEMMA NORM-OF-PRED-OF-LIMIT-AUX1 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LIMITP ALPHA)) (ORD-LESSP (SUCCESSOR (PRED ALPHA N)) ALPHA))) This conjecture can be simplified, using the abbreviations LIMITP, AND, and IMPLIES, to the goal: (IMPLIES (AND (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (ORD-LESSP (SUCCESSOR (PRED ALPHA N)) ALPHA)). This simplifies, applying the lemmas PRED-BELOW-LIMIT, PRED-IS-AN-ORDINAL, and SUCC-BELOW-LIMIT, and unfolding the function LIMITP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-PRED-OF-LIMIT-AUX1 (PROVE-LEMMA NORM-OF-PRED-OF-LIMIT-AUX2 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LIMITP ALPHA)) (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM (SUCCESSOR (PRED ALPHA N))))) ((DO-NOT-INDUCT T) (USE (PRED-IS-LARGEST (ALPHA ALPHA) (BETA (SUCCESSOR (PRED ALPHA N))))) (DISABLE PRED-IS-LARGEST NORM-OF-CONS) (ENABLE ORD-LEQ))) WARNING: Note that the proposed lemma NORM-OF-PRED-OF-LIMIT-AUX2 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This conjecture can be simplified, using the abbreviations LIMITP, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP (SUCCESSOR (PRED ALPHA N))) (IF (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM (SUCCESSOR (PRED ALPHA N)))) F T) (ORD-LESSP (SUCCESSOR (PRED ALPHA N)) ALPHA)) (ORD-LEQ (SUCCESSOR (PRED ALPHA N)) (PRED ALPHA N))) (ORDINALP ALPHA) (LISTP ALPHA) (NOT (SUCCESSORP ALPHA))) (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM (SUCCESSOR (PRED ALPHA N))))). This simplifies, applying the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, PRED-IS-AN-ORDINAL, SUCCESSOR-IS-AN-ORDINAL, NORM-OF-SUCCESSOR, SUB1-ADD1, NORM-OF-PRED-OF-LIMIT-AUX1, and SUCCESSOR-IS-BIGGER, and opening up ORDINALP, LESSP, LIMITP, AND, ORD-LEQ, IMPLIES, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-PRED-OF-LIMIT-AUX2 (PROVE-LEMMA NORM-OF-PRED-OF-LIMIT-AUX3 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LIMITP ALPHA)) (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (ADD1 (NORM (PRED ALPHA N))))) ((DO-NOT-INDUCT T) (USE (NORM-OF-PRED-OF-LIMIT-AUX2 (ALPHA ALPHA) (N N)) (NORM-OF-SUCCESSOR (ALPHA (PRED ALPHA N)))) (DISABLE ORDINALP NORM-OF-SUCCESSOR LIMITP NORM-OF-CONS))) WARNING: Note that the proposed lemma NORM-OF-PRED-OF-LIMIT-AUX3 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This simplifies, appealing to the lemmas PRED-IS-AN-ORDINAL and SUB1-ADD1, and unfolding the definitions of AND, IMPLIES, and LESSP, to the formula: (IMPLIES (AND (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM (SUCCESSOR (PRED ALPHA N)))) (EQUAL (NORM (SUCCESSOR (PRED ALPHA N))) (ADD1 (NORM (PRED ALPHA N)))) (ORDINALP ALPHA) (LIMITP ALPHA) (NOT (EQUAL (PLUS (NORM ALPHA) (MAGIC N)) 0))) (LESSP (SUB1 (PLUS (NORM ALPHA) (MAGIC N))) (NORM (PRED ALPHA N)))). This again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-PRED-OF-LIMIT-AUX3 (PROVE-LEMMA NORM-OF-PRED-OF-LIMIT (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (LIMITP ALPHA)) (EQUAL (NORM (PRED ALPHA N)) (PLUS (NORM ALPHA) (MAGIC N)))) ((DO-NOT-INDUCT T) (USE (UPPER-BOUND-ON-NORM-OF-PRED (ALPHA ALPHA) (N N)) (NORM-OF-PRED-OF-LIMIT-AUX3 (ALPHA ALPHA) (N N))) (DISABLE NORM-OF-PRED-OF-LIMIT-AUX3 ORDINALP LIMITP NORM-OF-CONS))) This formula simplifies, applying SUB1-ADD1, and opening up the definitions of AND, LESSP, and IMPLIES, to the following two new conjectures: Case 2. (IMPLIES (AND (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM (PRED ALPHA N)))) (EQUAL (PLUS (NORM ALPHA) (MAGIC N)) 0) (ORDINALP ALPHA) (LIMITP ALPHA)) (EQUAL (NORM (PRED ALPHA N)) 0)). This again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM (PRED ALPHA N)))) (LESSP (SUB1 (PLUS (NORM ALPHA) (MAGIC N))) (NORM (PRED ALPHA N))) (ORDINALP ALPHA) (LIMITP ALPHA)) (EQUAL (NORM (PRED ALPHA N)) (PLUS (NORM ALPHA) (MAGIC N)))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-PRED-OF-LIMIT (DISABLE NORM-OF-PRED-OF-LIMIT-AUX1) [ 0.0 0.0 0.0 ] NORM-OF-PRED-OF-LIMIT-AUX1-OFF (DISABLE NORM-OF-PRED-OF-LIMIT-AUX2) [ 0.0 0.0 0.0 ] NORM-OF-PRED-OF-LIMIT-AUX2-OFF (DISABLE NORM-OF-PRED-OF-LIMIT-AUX3) [ 0.0 0.0 0.0 ] NORM-OF-PRED-OF-LIMIT-AUX3-OFF (PROVE-LEMMA PRED-OF-SUCC-AUX1 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PRED ALPHA N) ALPHA))) This conjecture simplifies, rewriting with SUCCESSORS-ARE-POSITIVE and PRED-IS-BELOW, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-SUCC-AUX1 (PROVE-LEMMA PRED-OF-SUCC-AUX2 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LEQ (PRED ALPHA N) (PREDECESSOR ALPHA))) ((DO-NOT-INDUCT T) (USE (NOTHING-BETWEEN (ALPHA (PREDECESSOR ALPHA)) (BETA (PRED ALPHA N))) (PRED-OF-SUCC-AUX1 (ALPHA ALPHA) (N N))) (DISABLE PRED-OF-SUCC-AUX1) (ENABLE ORD-LEQ))) This conjecture can be simplified, using the abbreviations ORD-LEQ, IMPLIES, NOT, and AND, to: (IMPLIES (AND (NOT (AND (ORD-LESSP (PREDECESSOR ALPHA) (PRED ALPHA N)) (ORD-LESSP (PRED ALPHA N) (SUCCESSOR (PREDECESSOR ALPHA))))) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LESSP (PRED ALPHA N) ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (NOT (ORD-LESSP (PREDECESSOR ALPHA) (PRED ALPHA N)))). This simplifies, appealing to the lemmas SUC-PREDECESSOR, SUCCESSORS-ARE-POSITIVE, and PRED-IS-BELOW, and opening up AND, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-SUCC-AUX2 (PROVE-LEMMA PRED-OF-SUCC-AUX3 NIL (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (LEQ (NORM (PREDECESSOR ALPHA)) (PLUS (NORM ALPHA) (MAGIC N))))) This simplifies, applying NORM-OF-PREDECESSOR, to: (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (SUB1 (NORM ALPHA))))), which again simplifies, using linear arithmetic, to: (IMPLIES (AND (EQUAL (NORM ALPHA) 0) (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (SUB1 (NORM ALPHA))))). However this again simplifies, unfolding the functions EQUAL, PLUS, SUB1, and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-SUCC-AUX3 (PROVE-LEMMA PRED-OF-SUCC-AUX4 NIL (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (ORD-LEQ (PREDECESSOR ALPHA) (PRED ALPHA N))) ((USE (PRED-OF-SUCC-AUX3 (ALPHA ALPHA) (N N))))) This formula simplifies, using linear arithmetic, rewriting with the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, NORM-OF-PREDECESSOR, PREDECESSOR-IS-SMALLER, PREDECESSOR-IS-AN-ORDINAL, and PRED-IS-LARGEST, and unfolding the definitions of ORDINALP, AND, IMPLIES, and EQUAL, to the formula: (IMPLIES (AND (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (SUB1 (NORM ALPHA)))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (EQUAL (NORM ALPHA) 0)) (ORD-LEQ (PREDECESSOR ALPHA) (PRED ALPHA N))). This again simplifies, using linear arithmetic, appealing to the lemmas PREDECESSOR-IS-SMALLER, NORM-OF-PREDECESSOR, PREDECESSOR-IS-AN-ORDINAL, and PRED-IS-LARGEST, and unfolding the functions EQUAL, PLUS, SUB1, and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-SUCC-AUX4 (PROVE-LEMMA PRED-OF-SUCC (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (PRED ALPHA N) (PREDECESSOR ALPHA))) ((DO-NOT-INDUCT T) (USE (PRED-OF-SUCC-AUX2 (N N) (ALPHA ALPHA)) (PRED-OF-SUCC-AUX4 (N N) (ALPHA ALPHA))) (DISABLE PREDECESSOR-IS-SMALLER NORM-OF-PREDECESSOR PRED-OF-SUCC-AUX4 PRED-OF-SUCC-AUX2 ORDINALP) (ENABLE IRREFLEX-OF-ORD-LEQ))) This simplifies, rewriting with the lemmas PREDECESSOR-IS-AN-ORDINAL, PRED-IS-AN-ORDINAL, and IRREFLEX-OF-ORD-LEQ, and expanding AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-SUCC (DISABLE PRED-OF-SUCC-AUX1) [ 0.0 0.0 0.0 ] PRED-OF-SUCC-AUX1-OFF (DISABLE PRED-OF-SUCC-AUX2) [ 0.0 0.0 0.0 ] PRED-OF-SUCC-AUX2-OFF (DISABLE PRED-OF-SUCC-AUX3) [ 0.0 0.0 0.0 ] PRED-OF-SUCC-AUX3-OFF (DISABLE PRED-OF-SUCC-AUX4) [ 0.0 0.0 0.0 ] PRED-OF-SUCC-AUX4-OFF (PROVE-LEMMA NORM-OF-PRED-OF-SUCC (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (NORM (PRED ALPHA N)) (SUB1 (NORM ALPHA))))) This conjecture simplifies, rewriting with PRED-OF-SUCC and NORM-OF-PREDECESSOR, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-PRED-OF-SUCC (PROVE-LEMMA LOWER-BOUND-ON-NORM-OF-PRED (REWRITE) (IMPLIES (ORDINALP ALPHA) (NOT (LESSP (NORM (PRED ALPHA N)) (SUB1 (NORM ALPHA))))) ((DO-NOT-INDUCT T) (USE (THREE-KINDS (ALPHA ALPHA))) (DISABLE ORDINALP LIMITP))) WARNING: Note that the proposed lemma LOWER-BOUND-ON-NORM-OF-PRED is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This formula simplifies, applying NORM-OF-PRED-OF-LIMIT, PRED-OF-SUCC, NORM-OF-PREDECESSOR, and PRED-OF-0, and expanding the functions OR, IMPLIES, ORDINALP, NORM, SUB1, and LESSP, to two new goals: Case 2. (IMPLIES (AND (LIMITP ALPHA) (ORDINALP ALPHA)) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (SUB1 (NORM ALPHA))))), which again simplifies, using linear arithmetic, to the conjecture: (IMPLIES (AND (EQUAL (NORM ALPHA) 0) (LIMITP ALPHA) (ORDINALP ALPHA)) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (SUB1 (NORM ALPHA))))). But this again simplifies, opening up EQUAL, PLUS, SUB1, and LESSP, to: T. Case 1. (IMPLIES (AND (SUCCESSORP ALPHA) (ORDINALP ALPHA)) (NOT (LESSP (SUB1 (NORM ALPHA)) (SUB1 (NORM ALPHA))))), which again simplifies, using linear arithmetic, to the formula: (IMPLIES (AND (EQUAL (NORM ALPHA) 0) (SUCCESSORP ALPHA) (ORDINALP ALPHA)) (NOT (LESSP (SUB1 (NORM ALPHA)) (SUB1 (NORM ALPHA))))). However this again simplifies, opening up the definitions of SUB1 and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LOWER-BOUND-ON-NORM-OF-PRED (PROVE-LEMMA PRED-SHARP-BELOW (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA)) (ORD-LESSP (SHARP ALPHA (PRED BETA N)) (SHARP ALPHA BETA))) ((DO-NOT-INDUCT T) (USE (MONOTONICITY-OF-SHARP (ALPHA (PRED BETA N)) (BETA BETA) (LAMBDA ALPHA)) (PRED-IS-BELOW (ALPHA BETA) (N N))) (DISABLE ORDINALP PRED-IS-BELOW MONOTONICITY-OF-SHARP))) This formula simplifies, rewriting with PRED-IS-AN-ORDINAL and COMMUT-OF-SHARP, and expanding AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-SHARP-BELOW (PROVE-LEMMA NORM-OF-PRED-SHARP NIL (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N)) (LEQ (NORM (SHARP ALPHA (PRED BETA N))) (PLUS (NORM (SHARP ALPHA BETA)) (MAGIC N)))) ((DO-NOT-INDUCT T) (USE (UPPER-BOUND-ON-NORM-OF-PRED (ALPHA BETA) (N N))))) This formula simplifies, rewriting with NORM-OF-SHARP and PRED-IS-AN-ORDINAL, to: (IMPLIES (AND (NOT (LESSP (PLUS (NORM BETA) (MAGIC N)) (NORM (PRED BETA N)))) (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N)) (NOT (LESSP (PLUS (PLUS (NORM ALPHA) (NORM BETA)) (MAGIC N)) (PLUS (NORM ALPHA) (NORM (PRED BETA N)))))). This again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-OF-PRED-SHARP (PROVE-LEMMA PRED-SHARP NIL (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (NUMBERP N) (ORD-LESSP 0 BETA)) (ORD-LEQ (SHARP ALPHA (PRED BETA N)) (PRED (SHARP ALPHA BETA) N))) ((DO-NOT-INDUCT T) (USE (NORM-OF-PRED-SHARP (ALPHA ALPHA) (BETA BETA) (N N))))) This simplifies, appealing to the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, NORM-OF-SHARP, PRED-IS-AN-ORDINAL, PRED-SHARP-BELOW, SHARP-IS-AN-ORDINAL, and PRED-IS-LARGEST, and unfolding the definitions of ORDINALP, AND, IMPLIES, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-SHARP (ENABLE ORD-LEQ) [ 0.0 0.0 0.0 ] ORD-LEQ-ON (PROVE-LEMMA ORD-LEQ-IS-IDEMPOTENT (REWRITE) (ORD-LEQ X X)) WARNING: Note that the rewrite rule ORD-LEQ-IS-IDEMPOTENT will be stored so as to apply only to terms with the nonrecursive function symbol ORD-LEQ. This formula can be simplified, using the abbreviations NOT and ORD-LEQ, to: (NOT (ORD-LESSP X X)), which simplifies, applying IRREFLEX, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ORD-LEQ-IS-IDEMPOTENT (DISABLE ORD-LEQ) [ 0.0 0.0 0.0 ] ORD-LEQ-OFF1 (PROVE-LEMMA MONOT-OF-PRED-AUX1 (REWRITE) (IMPLIES (AND (ORD-LESSP 0 ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (LEQ M N)) (ORD-LEQ (PRED ALPHA M) (PRED ALPHA N))) ((DO-NOT-INDUCT T) (USE (MAGIC-IS-MONOTONIC (M M) (N N)) (UPPER-BOUND-ON-NORM-OF-PRED (ALPHA ALPHA) (N M)) (PRED-IS-LARGEST (N N) (ALPHA ALPHA) (BETA (PRED ALPHA M)))) (DISABLE MAGIC-IS-MONOTONIC PRED-IS-LARGEST UPPER-BOUND-ON-NORM-OF-PRED ORDINALP))) This formula simplifies, rewriting with PRED-IS-AN-ORDINAL and PRED-IS-BELOW, and opening up the definitions of IMPLIES and AND, to two new conjectures: Case 2. (IMPLIES (AND (NOT (LESSP M N)) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC M)) (NORM (PRED ALPHA M)))) (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM (PRED ALPHA M))) (ORD-LESSP 0 ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (ORD-LEQ (PRED ALPHA M) (PRED ALPHA N))), which again simplifies, using linear arithmetic, to the goal: (IMPLIES (AND (NOT (LESSP M M)) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC M)) (NORM (PRED ALPHA M)))) (LESSP (PLUS (NORM ALPHA) (MAGIC M)) (NORM (PRED ALPHA M))) (ORD-LESSP 0 ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP M) (NOT (LESSP M M))) (ORD-LEQ (PRED ALPHA M) (PRED ALPHA M))). This again simplifies, obviously, to: T. Case 1. (IMPLIES (AND (LESSP (MAGIC M) (MAGIC N)) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC M)) (NORM (PRED ALPHA M)))) (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (NORM (PRED ALPHA M))) (ORD-LESSP 0 ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (ORD-LEQ (PRED ALPHA M) (PRED ALPHA N))). This again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOT-OF-PRED-AUX1 (PROVE-LEMMA MONOT-OF-PRED-AUX2 (REWRITE) (IMPLIES (AND (NOT (ORD-LESSP 0 ALPHA)) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (LEQ M N)) (ORD-LEQ (PRED ALPHA M) (PRED ALPHA N))) ((USE (PRED-OF-0 (ALPHA ALPHA) (N N)) (PRED-OF-0 (ALPHA ALPHA) (N M))) (DISABLE PRED-OF-0) (ENABLE ORD-LESSP) (DO-NOT-INDUCT T))) This conjecture simplifies, expanding LESSP, EQUAL, LISTP, ORD-LESSP, ORDINALP, and ORD-LEQ, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOT-OF-PRED-AUX2 (PROVE-LEMMA MONOT-OF-PRED (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (LEQ M N)) (ORD-LEQ (PRED ALPHA M) (PRED ALPHA N))) ((DO-NOT-INDUCT T) (USE (MONOT-OF-PRED-AUX1 (ALPHA ALPHA) (M M) (N N)) (MONOT-OF-PRED-AUX2 (ALPHA ALPHA) (M M) (N N))) (DISABLE MONOT-OF-PRED-AUX1 MONOT-OF-PRED-AUX2 ORDINALP))) WARNING: the newly proposed lemma, MONOT-OF-PRED, could be applied whenever the previously added lemma MONOT-OF-PRED-AUX2 could. WARNING: the newly proposed lemma, MONOT-OF-PRED, could be applied whenever the previously added lemma MONOT-OF-PRED-AUX1 could. This simplifies, expanding the functions AND, IMPLIES, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOT-OF-PRED (DISABLE MONOT-OF-PRED-AUX1) [ 0.0 0.0 0.0 ] MONOT-OF-PRED-AUX1-OFF (DISABLE MONOT-OF-PRED-AUX2) [ 0.0 0.0 0.0 ] MONOT-OF-PRED-AUX2-OFF (PROVE-LEMMA MONOT-OF-NORM-OF-PRED-AUX1 (REWRITE) (IMPLIES (AND (EQUAL ALPHA 0) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (LEQ M N)) (NOT (LESSP (NORM (PRED ALPHA N)) (NORM (PRED ALPHA M)))))) WARNING: When the linear lemma MONOT-OF-NORM-OF-PRED-AUX1 is stored under (NORM (PRED ALPHA N)) it contains the free variable M which will be chosen by instantiating the hypothesis (NUMBERP M). WARNING: When the linear lemma MONOT-OF-NORM-OF-PRED-AUX1 is stored under (NORM (PRED ALPHA M)) it contains the free variable N which will be chosen by instantiating the hypothesis (NUMBERP N). WARNING: Note that the proposed lemma MONOT-OF-NORM-OF-PRED-AUX1 is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This conjecture simplifies, applying PRED-OF-0, and expanding ORDINALP, NORM, and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOT-OF-NORM-OF-PRED-AUX1 (PROVE-LEMMA MONOT-OF-NORM-OF-PRED-AUX2 (REWRITE) (IMPLIES (AND (LIMITP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (LEQ M N)) (NOT (LESSP (NORM (PRED ALPHA N)) (NORM (PRED ALPHA M))))) ((DO-NOT-INDUCT T) (USE (MAGIC-IS-MONOTONIC (M M) (N N))) (DISABLE LIMITP MAGIC-IS-MONOTONIC))) WARNING: When the linear lemma MONOT-OF-NORM-OF-PRED-AUX2 is stored under (NORM (PRED ALPHA N)) it contains the free variable M which will be chosen by instantiating the hypothesis (NUMBERP M). WARNING: When the linear lemma MONOT-OF-NORM-OF-PRED-AUX2 is stored under (NORM (PRED ALPHA M)) it contains the free variable N which will be chosen by instantiating the hypothesis (NUMBERP N). WARNING: Note that the proposed lemma MONOT-OF-NORM-OF-PRED-AUX2 is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This simplifies, rewriting with NORM-OF-PRED-OF-LIMIT, and opening up the definition of IMPLIES, to the following two new goals: Case 2. (IMPLIES (AND (NOT (LESSP M N)) (LIMITP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (PLUS (NORM ALPHA) (MAGIC M))))). However this again simplifies, using linear arithmetic, to the conjecture: (IMPLIES (AND (NOT (LESSP M M)) (LIMITP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP M) (NOT (LESSP M M))) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC M)) (PLUS (NORM ALPHA) (MAGIC M))))). But this again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (LESSP (MAGIC M) (MAGIC N)) (LIMITP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC N)) (PLUS (NORM ALPHA) (MAGIC M))))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOT-OF-NORM-OF-PRED-AUX2 (PROVE-LEMMA MONOT-OF-NORM-OF-PRED-AUX3 (REWRITE) (IMPLIES (AND (SUCCESSORP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (LEQ M N)) (NOT (LESSP (NORM (PRED ALPHA N)) (NORM (PRED ALPHA M)))))) WARNING: When the linear lemma MONOT-OF-NORM-OF-PRED-AUX3 is stored under (NORM (PRED ALPHA N)) it contains the free variable M which will be chosen by instantiating the hypothesis (NUMBERP M). WARNING: When the linear lemma MONOT-OF-NORM-OF-PRED-AUX3 is stored under (NORM (PRED ALPHA M)) it contains the free variable N which will be chosen by instantiating the hypothesis (NUMBERP N). WARNING: Note that the proposed lemma MONOT-OF-NORM-OF-PRED-AUX3 is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This simplifies, applying the lemmas PRED-OF-SUCC and NORM-OF-PREDECESSOR, to the new formula: (IMPLIES (AND (SUCCESSORP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (NOT (LESSP (SUB1 (NORM ALPHA)) (SUB1 (NORM ALPHA))))), which again simplifies, using linear arithmetic, to: (IMPLIES (AND (EQUAL (NORM ALPHA) 0) (SUCCESSORP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (NOT (LESSP (SUB1 (NORM ALPHA)) (SUB1 (NORM ALPHA))))). However this again simplifies, opening up the definitions of SUB1 and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOT-OF-NORM-OF-PRED-AUX3 (PROVE-LEMMA MONOT-OF-NORM-OF-PRED (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (LEQ M N)) (NOT (LESSP (NORM (PRED ALPHA N)) (NORM (PRED ALPHA M))))) ((DO-NOT-INDUCT T) (USE (THREE-KINDS (ALPHA ALPHA))) (DISABLE NORM-OF-PRED-OF-SUCC LIMITP NORM-OF-PRED-OF-LIMIT ORDINALP THREE-KINDS PRED-OF-0 PRED-OF-SUCC))) WARNING: When the linear lemma MONOT-OF-NORM-OF-PRED is stored under (NORM (PRED ALPHA N)) it contains the free variable M which will be chosen by instantiating the hypothesis (NUMBERP M). WARNING: When the linear lemma MONOT-OF-NORM-OF-PRED is stored under (NORM (PRED ALPHA M)) it contains the free variable N which will be chosen by instantiating the hypothesis (NUMBERP N). WARNING: Note that the proposed lemma MONOT-OF-NORM-OF-PRED is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This formula simplifies, opening up OR, IMPLIES, and ORDINALP, to three new goals: Case 3. (IMPLIES (AND (LIMITP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (NOT (LESSP (NORM (PRED ALPHA N)) (NORM (PRED ALPHA M))))), which again simplifies, using linear arithmetic and rewriting with the lemma MONOT-OF-NORM-OF-PRED-AUX2, to: T. Case 2. (IMPLIES (AND (SUCCESSORP ALPHA) (ORDINALP ALPHA) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (NOT (LESSP (NORM (PRED ALPHA N)) (NORM (PRED ALPHA M))))), which again simplifies, using linear arithmetic and rewriting with MONOT-OF-NORM-OF-PRED-AUX3, to: T. Case 1. (IMPLIES (AND (EQUAL ALPHA 0) (NUMBERP M) (NUMBERP N) (NOT (LESSP N M))) (NOT (LESSP (NORM (PRED 0 N)) (NORM (PRED 0 M))))). However this again simplifies, using linear arithmetic, rewriting with the lemma MONOT-OF-NORM-OF-PRED-AUX1, and unfolding EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] MONOT-OF-NORM-OF-PRED (DISABLE MONOT-OF-NORM-OF-PRED-AUX1) [ 0.0 0.0 0.0 ] MONOT-OF-NORM-OF-PRED-AUX1-OFF (DISABLE MONOT-OF-NORM-OF-PRED-AUX2) [ 0.0 0.0 0.0 ] MONOT-OF-NORM-OF-PRED-AUX2-OFF (DISABLE MONOT-OF-NORM-OF-PRED-AUX3) [ 0.0 0.0 0.0 ] MONOT-OF-NORM-OF-PRED-AUX3-OFF (DEFN O-LARGEP (SET ALPHA) (IF (EQUAL ALPHA 0) T (IF (NLISTP SET) F (O-LARGEP (CDR SET) (PRED ALPHA (CAR SET)))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each recursive call. Hence, O-LARGEP is accepted under the principle of definition. From the definition we can conclude that: (OR (FALSEP (O-LARGEP SET ALPHA)) (TRUEP (O-LARGEP SET ALPHA))) is a theorem. [ 0.0 0.0 0.0 ] O-LARGEP (PROVE-LEMMA ALL-ZERO-LARGE (REWRITE) (O-LARGEP SET 0)) This conjecture simplifies, opening up the definitions of EQUAL and O-LARGEP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ALL-ZERO-LARGE (PROVE-LEMMA EMPTY-NOT-LARGE (REWRITE) (IMPLIES (AND (NOT (EQUAL ALPHA 0)) (NLISTP SET)) (NOT (O-LARGEP SET ALPHA)))) This conjecture can be simplified, using the abbreviations NLISTP, NOT, AND, and IMPLIES, to: (IMPLIES (AND (NOT (EQUAL ALPHA 0)) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))). This simplifies, expanding the definition of O-LARGEP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] EMPTY-NOT-LARGE (PROVE-LEMMA RECURSIVE-CASE-FOR-LARGE (REWRITE) (IMPLIES (AND (LISTP SET) (NOT (EQUAL ALPHA 0))) (EQUAL (O-LARGEP SET ALPHA) (O-LARGEP (CDR SET) (PRED ALPHA (CAR SET)))))) This formula simplifies, opening up the function O-LARGEP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] RECURSIVE-CASE-FOR-LARGE (PROVE-LEMMA POSITIVE-LARGE (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (NOT (O-LARGEP SET ALPHA))) (ORD-LESSP 0 ALPHA)) ((ENABLE ORD-LESSP))) WARNING: Note that POSITIVE-LARGE contains the free variable SET which will be chosen by instantiating the hypothesis (NOT (O-LARGEP SET ALPHA)). This simplifies, opening up the functions LESSP, EQUAL, LISTP, and ORD-LESSP, to two new conjectures: Case 2. (IMPLIES (AND (ORDINALP ALPHA) (NOT (O-LARGEP SET ALPHA)) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)), which again simplifies, expanding ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (NOT (O-LARGEP SET ALPHA)) (NOT (LISTP ALPHA))) (NOT (EQUAL ALPHA 0))), which again simplifies, rewriting with ALL-ZERO-LARGE, and unfolding the definition of ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] POSITIVE-LARGE (DISABLE O-LARGEP) [ 0.0 0.0 0.0 ] O-LARGEP-OFF (PROVE-LEMMA SUCCESSOR-LARGE-NON-EMPTY (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA)))) Name the conjecture *1. We will try to prove it by induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p SET (CDR ALPHA)) (p SET (CAR ALPHA))) (p SET ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p SET ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates ten new conjectures: Case 10.(IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, opening up ORDINALP, to: T. Case 9. (IMPLIES (AND (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, unfolding ORDINALP, to: T. Case 8. (IMPLIES (AND (LISTP ALPHA) (NOT (O-LARGEP SET (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, expanding the definition of ORDINALP, to: T. Case 7. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (SUCCESSORP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, expanding ORDINALP, to: T. Case 6. (IMPLIES (AND (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA))) (NOT (SUCCESSORP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, unfolding the definitions of ORDINALP and SUCCESSORP, to: T. Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (O-LARGEP SET (CDR ALPHA))) (NOT (SUCCESSORP (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, rewriting with the lemma EMPTY-NOT-LARGE, and expanding the definitions of ORDINALP and SUCCESSORP, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (NOT (ORDINALP (CDR ALPHA))) (NOT (O-LARGEP SET (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, expanding ORDINALP, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (SUCCESSORP (CDR ALPHA))) (NOT (O-LARGEP SET (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, unfolding the definitions of ORDINALP and SUCCESSORP, to: T. Case 2. (IMPLIES (AND (LISTP ALPHA) (NOT (O-LARGEP SET (CDR ALPHA))) (NOT (O-LARGEP SET (CAR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))), which simplifies, rewriting with EMPTY-NOT-LARGE, and unfolding ORDINALP and SUCCESSORP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (NOT (O-LARGEP SET ALPHA))). This simplifies, rewriting with EMPTY-NOT-LARGE, and unfolding the definitions of ORDINALP, SUCCESSORP, EQUAL, and LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] SUCCESSOR-LARGE-NON-EMPTY (PROVE-LEMMA SUCCESSOR-LARGE (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SUCCESSORP ALPHA)) (EQUAL (O-LARGEP SET ALPHA) (AND (LISTP SET) (O-LARGEP (CDR SET) (PREDECESSOR ALPHA))))) ((DO-NOT-INDUCT T) (USE (RECURSIVE-CASE-FOR-LARGE (SET SET) (ALPHA ALPHA))) (DISABLE RECURSIVE-CASE-FOR-LARGE))) This simplifies, applying PRED-OF-SUCC, SUCCESSOR-LARGE-NON-EMPTY, and CDR-NLISTP, and expanding the functions NOT, AND, IMPLIES, EQUAL, ORDINALP, and SUCCESSORP, to: (IMPLIES (AND (EQUAL (O-LARGEP SET ALPHA) (O-LARGEP (CDR SET) (PREDECESSOR ALPHA))) (ORDINALP ALPHA) (SUCCESSORP ALPHA) (NOT (LISTP SET))) (EQUAL (O-LARGEP SET ALPHA) F)). However this again simplifies, applying SUCCESSOR-LARGE-NON-EMPTY and CDR-NLISTP, and opening up the function EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUCCESSOR-LARGE (PROVE-LEMMA NUMBER-LARGE (REWRITE) (IMPLIES (NUMBERP N) (EQUAL (O-LARGEP SET N) (LEQ N (LENGTH SET)))) ((INDUCT (O-LARGEP SET N)))) This conjecture can be simplified, using the abbreviations NLISTP, IMPLIES, NOT, OR, and AND, to three new formulas: Case 3. (IMPLIES (AND (EQUAL N 0) (NUMBERP N)) (EQUAL (O-LARGEP SET N) (IF (LESSP (LENGTH SET) N) F T))), which simplifies, applying ALL-ZERO-LARGE, and opening up NUMBERP, EQUAL, and LESSP, to: T. Case 2. (IMPLIES (AND (NOT (EQUAL N 0)) (NOT (LISTP SET)) (NUMBERP N)) (EQUAL (O-LARGEP SET N) (IF (LESSP (LENGTH SET) N) F T))). This simplifies, using linear arithmetic, rewriting with SUCCESSOR-LARGE, and expanding the functions SUCCESSORP, ORDINALP, LENGTH, EQUAL, and LESSP, to: T. Case 1. (IMPLIES (AND (NOT (EQUAL N 0)) (LISTP SET) (IMPLIES (NUMBERP (PRED N (CAR SET))) (EQUAL (O-LARGEP (CDR SET) (PRED N (CAR SET))) (IF (LESSP (LENGTH (CDR SET)) (PRED N (CAR SET))) F T))) (NUMBERP N)) (EQUAL (O-LARGEP SET N) (IF (LESSP (LENGTH SET) N) F T))), which simplifies, using linear arithmetic, applying PRED-OF-SUCC, SUCCESSOR-LARGE, and SUB1-ADD1, and opening up the functions SUCCESSORP, ORDINALP, PREDECESSOR, IMPLIES, LENGTH, LESSP, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NUMBER-LARGE (PROVE-LEMMA OMEGA-IS-A-LIMIT (REWRITE) (LIMITP '(1 . 0))) WARNING: Note that the rewrite rule OMEGA-IS-A-LIMIT will be stored so as to apply only to terms with the nonrecursive function symbol LIMITP. This formula can be simplified, using the abbreviations NOT and LIMITP, to the following two new conjectures: Case 2. (LISTP '(1 . 0)). This simplifies, clearly, to: T. Case 1. (NOT (SUCCESSORP '(1 . 0))). This simplifies, expanding SUCCESSORP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] OMEGA-IS-A-LIMIT (ENABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-ON2 (PROVE-LEMMA NUMBERS-BELOW-OMEGA (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORD-LESSP ALPHA '(1 . 0))) (NUMBERP ALPHA))) WARNING: NUMBERS-BELOW-OMEGA will slow down the theorem-prover because it will cause backward chaining on every instance of a primitive type expression. This conjecture simplifies, unfolding CDR, CAR, LISTP, ORD-LESSP, LESSP, and EQUAL, to two new conjectures: Case 2. (IMPLIES (AND (ORDINALP ALPHA) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)), which again simplifies, opening up ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (NOT (LISTP (CAR ALPHA))) (LESSP (CAR ALPHA) 1)) (NUMBERP ALPHA)). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). We would thus like to prove the following two new formulas: Case 1.2. (IMPLIES (AND (NOT (LISTP ALPHA)) (ORDINALP ALPHA) (NOT (LISTP (CAR ALPHA))) (LESSP (CAR ALPHA) 1)) (NUMBERP ALPHA)). However this further simplifies, opening up ORDINALP, to: T. Case 1.1. (IMPLIES (AND (ORDINALP (CONS X Z)) (NOT (LISTP X))) (NOT (LESSP X 1))), which further simplifies, applying the lemmas CDR-CONS and CAR-CONS, and expanding the functions ORD-LESSP and ORDINALP, to two new conjectures: Case 1.1.2. (IMPLIES (AND (NUMBERP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (LISTP (CAR Z))) (NOT (LESSP X (CAR Z)))) (NOT (LESSP X 1))), which again simplifies, using linear arithmetic, to: T. Case 1.1.1. (IMPLIES (AND (NUMBERP X) (NOT (EQUAL X 0)) (ORDINALP Z) (NOT (LISTP Z))) (NOT (LESSP X 1))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NUMBERS-BELOW-OMEGA (DISABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-OFF3 (PROVE-LEMMA PRED-OF-OMEGA-AUX1 (REWRITE) (NUMBERP (PRED '(1 . 0) N))) This conjecture simplifies, rewriting with PRED-BELOW-LIMIT, PRED-IS-AN-ORDINAL, and NUMBERS-BELOW-OMEGA, and expanding the functions ORDINALP and LIMITP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-OMEGA-AUX1 (PROVE-LEMMA PRED-OF-OMEGA-AUX2 (REWRITE) (IMPLIES (NUMBERP N) (EQUAL (NORM (PRED '(1 . 0) N)) (PLUS (MAGIC N) 2)))) This formula simplifies, rewriting with the lemma NORM-OF-PRED-OF-LIMIT, and expanding LIMITP, ORDINALP, and NORM, to the new formula: (IMPLIES (NUMBERP N) (EQUAL (PLUS 2 (MAGIC N)) (PLUS (MAGIC N) 2))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-OMEGA-AUX2 (PROVE-LEMMA PRED-OF-OMEGA (REWRITE) (IMPLIES (NUMBERP N) (EQUAL (PRED '(1 . 0) N) (PLUS (MAGIC N) 2))) ((DO-NOT-INDUCT T) (USE (PRED-OF-OMEGA-AUX2 (N N)) (NORM-OF-PRED-OF-LIMIT (ALPHA '(1 . 0)) (N N)) (NORM-OF-A-NUMBER (N (PRED '(1 . 0) N)))) (DISABLE LIMITP ORDINALP PRED-OF-OMEGA-AUX2 NORM-OF-A-NUMBER NORM-OF-PRED-OF-LIMIT))) This simplifies, appealing to the lemma PRED-OF-OMEGA-AUX1, and opening up the functions IMPLIES, ORDINALP, LIMITP, AND, and NORM, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-OF-OMEGA (DISABLE PRED-OF-OMEGA-AUX1) [ 0.0 0.0 0.0 ] PRED-OF-OMEGA-AUX1-OFF (DISABLE PRED-OF-OMEGA-AUX2) [ 0.0 0.0 0.0 ] PRED-OF-OMEGA-AUX2-OFF (ENABLE SETP) [ 0.0 0.0 0.0 ] SETP-ON (PROVE-LEMMA CAR-OF-A-SET (REWRITE) (IMPLIES (SETP (CONS X TAIL)) (NUMBERP X))) WARNING: Note that CAR-OF-A-SET contains the free variable TAIL which will be chosen by instantiating the hypothesis (SETP (CONS X TAIL)). This simplifies, rewriting with CAR-CONS, and unfolding SETP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CAR-OF-A-SET (DISABLE SETP) [ 0.0 0.0 0.0 ] SETP-OFF1 (PROVE-LEMMA OMEGA-LARGE NIL (IMPLIES (AND (SETP SET) (O-LARGEP SET '(1 . 0))) (AND (LISTP SET) (LEQ (PLUS (MAGIC (CAR SET)) 3) (LENGTH SET))))) This conjecture simplifies, unfolding the function AND, to the following two new conjectures: Case 2. (IMPLIES (AND (SETP SET) (O-LARGEP SET '(1 . 0))) (LISTP SET)). However this again simplifies, applying EMPTY-NOT-LARGE, to: T. Case 1. (IMPLIES (AND (SETP SET) (O-LARGEP SET '(1 . 0))) (NOT (LESSP (LENGTH SET) (PLUS (MAGIC (CAR SET)) 3)))). Appealing to the lemma CAR-CDR-ELIM, we now replace SET by (CONS X Z) to eliminate (CAR SET) and (CDR SET). This generates two new conjectures: Case 1.2. (IMPLIES (AND (NOT (LISTP SET)) (SETP SET) (O-LARGEP SET '(1 . 0))) (NOT (LESSP (LENGTH SET) (PLUS (MAGIC (CAR SET)) 3)))), which further simplifies, rewriting with EMPTY-NOT-LARGE, to: T. Case 1.1. (IMPLIES (AND (SETP (CONS X Z)) (O-LARGEP (CONS X Z) '(1 . 0))) (NOT (LESSP (LENGTH (CONS X Z)) (PLUS (MAGIC X) 3)))). This further simplifies, applying the lemmas CDR-CONS, CAR-CONS, CAR-OF-A-SET, PRED-OF-OMEGA, NUMBER-LARGE, RECURSIVE-CASE-FOR-LARGE, and SUB1-ADD1, and opening up the definitions of LENGTH and LESSP, to: (IMPLIES (AND (SETP (CONS X Z)) (NOT (LESSP (LENGTH Z) (PLUS (MAGIC X) 2))) (NOT (EQUAL (PLUS (MAGIC X) 3) 0))) (NOT (LESSP (LENGTH Z) (SUB1 (PLUS (MAGIC X) 3))))). This again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.0 0.0 ] OMEGA-LARGE (PROVE-LEMMA OMEGA-LARGE-IMPLIES-LARGE NIL (IMPLIES (AND (SETP SET) (O-LARGEP SET '(1 . 0))) (LARGEP SET))) This conjecture simplifies, unfolding LARGEP, to two new conjectures: Case 2. (IMPLIES (AND (SETP SET) (O-LARGEP SET '(1 . 0))) (LISTP SET)), which again simplifies, rewriting with the lemma EMPTY-NOT-LARGE, to: T. Case 1. (IMPLIES (AND (SETP SET) (O-LARGEP SET '(1 . 0))) (NOT (LESSP (LENGTH SET) (CAR SET)))). Applying the lemma CAR-CDR-ELIM, replace SET by (CONS X Z) to eliminate (CAR SET) and (CDR SET). We would thus like to prove the following two new formulas: Case 1.2. (IMPLIES (AND (NOT (LISTP SET)) (SETP SET) (O-LARGEP SET '(1 . 0))) (NOT (LESSP (LENGTH SET) (CAR SET)))). However this further simplifies, rewriting with the lemma EMPTY-NOT-LARGE, to: T. Case 1.1. (IMPLIES (AND (SETP (CONS X Z)) (O-LARGEP (CONS X Z) '(1 . 0))) (NOT (LESSP (LENGTH (CONS X Z)) X))), which further simplifies, applying the lemmas CDR-CONS, CAR-CONS, CAR-OF-A-SET, PRED-OF-OMEGA, NUMBER-LARGE, RECURSIVE-CASE-FOR-LARGE, and SUB1-ADD1, and expanding the functions LENGTH and LESSP, to: (IMPLIES (AND (SETP (CONS X Z)) (NOT (LESSP (LENGTH Z) (PLUS (MAGIC X) 2))) (NOT (EQUAL X 0))) (NOT (LESSP (LENGTH Z) (SUB1 X)))). This again simplifies, using linear arithmetic and applying the lemmas MAGIC-IS-BIGGER and CAR-OF-A-SET, to the formula: (IMPLIES (AND (LESSP X 1) (SETP (CONS X Z)) (NOT (LESSP (LENGTH Z) (PLUS (MAGIC X) 2))) (NOT (EQUAL X 0))) (NOT (LESSP (LENGTH Z) (SUB1 X)))). This again simplifies, using linear arithmetic, to: (IMPLIES (AND (NOT (NUMBERP X)) (LESSP X 1) (SETP (CONS X Z)) (NOT (LESSP (LENGTH Z) (PLUS (MAGIC X) 2))) (NOT (EQUAL X 0))) (NOT (LESSP (LENGTH Z) (SUB1 X)))). But this finally simplifies, applying CAR-OF-A-SET, to: T. Q.E.D. [ 0.0 0.0 0.0 ] OMEGA-LARGE-IMPLIES-LARGE (PROVE-LEMMA NORM-ABOVE-1-AUX1 (REWRITE) (IMPLIES (AND (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA) (ORDINALP ALPHA)) (LESSP 1 (NORM ALPHA)))) WARNING: Note that the proposed lemma NORM-ABOVE-1-AUX1 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This formula simplifies, applying the lemma NORM-OF-A-NUMBER, and unfolding ORDINALP, to: (IMPLIES (AND (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA)) (LESSP 1 ALPHA)), which we will name *1. Perhaps we can prove it by induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA))) (p ALPHA)) (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (OR (EQUAL 1 0) (NOT (NUMBERP 1)))) (p ALPHA)) (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (NOT (OR (EQUAL 1 0) (NOT (NUMBERP 1)))) (p (SUB1 ALPHA))) (p ALPHA))). Linear arithmetic, the lemmas SUB1-LESSEQP and SUB1-LESSP, and the definitions of OR and NOT inform us that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following four new conjectures: Case 4. (IMPLIES (AND (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA))) (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA)) (LESSP 1 ALPHA)). This simplifies, unfolding the functions NOT, OR, NUMBERP, and ORD-LESSP, to: T. Case 3. (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (OR (EQUAL 1 0) (NOT (NUMBERP 1))) (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA)) (LESSP 1 ALPHA)). This simplifies, unfolding the functions NOT, OR, EQUAL, and NUMBERP, to: T. Case 2. (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (NOT (OR (EQUAL 1 0) (NOT (NUMBERP 1)))) (NOT (ORD-LESSP 1 (SUB1 ALPHA))) (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA)) (LESSP 1 ALPHA)). This simplifies, unfolding NOT, OR, EQUAL, NUMBERP, LESSP, and SUB1, to the new formula: (IMPLIES (AND (NOT (EQUAL ALPHA 0)) (NOT (ORD-LESSP 1 (SUB1 ALPHA))) (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA)) (NOT (EQUAL (SUB1 ALPHA) 0))), which again simplifies, expanding the function ORD-LESSP, to: (IMPLIES (AND (NOT (EQUAL ALPHA 0)) (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA)) (NOT (EQUAL (SUB1 ALPHA) 0))). Appealing to the lemma SUB1-ELIM, we now replace ALPHA by (ADD1 X) to eliminate (SUB1 ALPHA). We use the type restriction lemma noted when SUB1 was introduced to constrain the new variable. The result is: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL (ADD1 X) 0)) (ORD-LESSP 1 (ADD1 X))) (NOT (EQUAL X 0))). But this further simplifies, expanding the definitions of NUMBERP, EQUAL, and ORD-LESSP, to: T. Case 1. (IMPLIES (AND (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (NOT (OR (EQUAL 1 0) (NOT (NUMBERP 1)))) (LESSP 1 (SUB1 ALPHA)) (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA)) (LESSP 1 ALPHA)), which simplifies, using linear arithmetic, to: (IMPLIES (AND (EQUAL ALPHA 0) (NOT (OR (EQUAL ALPHA 0) (NOT (NUMBERP ALPHA)))) (NOT (OR (EQUAL 1 0) (NOT (NUMBERP 1)))) (LESSP 1 (SUB1 ALPHA)) (NUMBERP ALPHA) (ORD-LESSP 1 ALPHA)) (LESSP 1 ALPHA)). However this again simplifies, expanding the definitions of EQUAL, NUMBERP, NOT, and OR, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] NORM-ABOVE-1-AUX1 (ENABLE NORM) [ 0.0 0.0 0.0 ] NORM-ON (ENABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-ON3 (PROVE-LEMMA NORM-ABOVE-1-AUX2 (REWRITE) (IMPLIES (AND (NOT (NUMBERP ALPHA)) (ORD-LESSP 1 ALPHA) (ORDINALP ALPHA)) (LESSP 1 (NORM ALPHA)))) WARNING: Note that the linear lemma NORM-ABOVE-1-AUX2 is being stored under the term (NORM ALPHA), which is unusual because NORM is a nonrecursive function symbol. WARNING: Note that the proposed lemma NORM-ABOVE-1-AUX2 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This formula can be simplified, using the abbreviations NOT, AND, IMPLIES, and NORM, to: (IMPLIES (AND (NOT (NUMBERP ALPHA)) (ORD-LESSP 1 ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))), which simplifies, unfolding LESSP, LISTP, and ORD-LESSP, to: (IMPLIES (AND (NOT (NUMBERP ALPHA)) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))). This again simplifies, clearly, to: (IMPLIES (AND (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))), which we will name *1. Perhaps we can prove it by induction. There is only one plausible induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP ALPHA) (p (CDR ALPHA)) (p (CAR ALPHA))) (p ALPHA)) (IMPLIES (NOT (LISTP ALPHA)) (p ALPHA))). Linear arithmetic and the lemmas CDR-LESSP and CAR-LESSP can be used to establish that the measure (COUNT ALPHA) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to nine new conjectures: Case 9. (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (NOT (LISTP (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))), which simplifies, opening up the definition of ORDINALP, to the goal: (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (NOT (LISTP (CAR ALPHA))) (LISTP ALPHA) (ORDINALP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (ORDINALP (CDR ALPHA))) (LESSP 1 (COUNT ALPHA))). However this further simplifies, expanding ORDINALP, to: (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (NOT (LISTP (CAR ALPHA))) (LISTP ALPHA) (NUMBERP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (NUMBERP (CDR ALPHA))) (LESSP 1 (COUNT ALPHA))). This again simplifies, obviously, to: (IMPLIES (AND (LISTP ALPHA) (NUMBERP (CAR ALPHA)) (NOT (EQUAL (CAR ALPHA) 0)) (NUMBERP (CDR ALPHA))) (LESSP 1 (COUNT ALPHA))). Applying the lemma CAR-CDR-ELIM, replace ALPHA by (CONS X Z) to eliminate (CAR ALPHA) and (CDR ALPHA). This produces: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL X 0)) (NUMBERP Z)) (LESSP 1 (COUNT (CONS X Z)))), which further simplifies, applying COUNT-NUMBERP, COUNT-CONS, and SUB1-ADD1, and opening up the functions SUB1, NUMBERP, EQUAL, and LESSP, to: (IMPLIES (AND (NUMBERP X) (NOT (EQUAL X 0)) (NUMBERP Z)) (NOT (EQUAL (PLUS X Z) 0))), which finally simplifies, using linear arithmetic, to: T. Case 8. (IMPLIES (AND (NOT (ORDINALP (CDR ALPHA))) (NOT (LISTP (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))), which simplifies, unfolding the definition of ORDINALP, to: T. Case 7. (IMPLIES (AND (LESSP 1 (COUNT (CDR ALPHA))) (NOT (LISTP (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))), which simplifies, using linear arithmetic and rewriting with CDR-LESSEQP, to: T. Case 6. (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))). This simplifies, opening up the definition of ORDINALP, to: T. Case 5. (IMPLIES (AND (NOT (ORDINALP (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))). This simplifies, expanding the definition of ORDINALP, to: T. Case 4. (IMPLIES (AND (LESSP 1 (COUNT (CDR ALPHA))) (NOT (ORDINALP (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))). This simplifies, using linear arithmetic and rewriting with CDR-LESSEQP, to: T. Case 3. (IMPLIES (AND (NOT (LISTP (CDR ALPHA))) (LESSP 1 (COUNT (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))), which simplifies, using linear arithmetic and applying CAR-LESSEQP, to: T. Case 2. (IMPLIES (AND (NOT (ORDINALP (CDR ALPHA))) (LESSP 1 (COUNT (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))). This simplifies, using linear arithmetic and rewriting with CAR-LESSEQP, to: T. Case 1. (IMPLIES (AND (LESSP 1 (COUNT (CDR ALPHA))) (LESSP 1 (COUNT (CAR ALPHA))) (LISTP ALPHA) (ORDINALP ALPHA)) (LESSP 1 (COUNT ALPHA))), which simplifies, using linear arithmetic and rewriting with CAR-LESSEQP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] NORM-ABOVE-1-AUX2 (DISABLE NORM) [ 0.0 0.0 0.0 ] NORM-OFF1 (DISABLE ORD-LESSP) [ 0.0 0.0 0.0 ] ORD-LESSP-OFF4 (PROVE-LEMMA NORM-ABOVE-1 (REWRITE) (IMPLIES (AND (ORD-LESSP 1 ALPHA) (ORDINALP ALPHA)) (LESSP 1 (NORM ALPHA))) ((DO-NOT-INDUCT T) (USE (NORM-ABOVE-1-AUX1 (ALPHA ALPHA)) (NORM-ABOVE-1-AUX2 (ALPHA ALPHA))))) WARNING: Note that the proposed lemma NORM-ABOVE-1 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This formula simplifies, appealing to the lemmas CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and opening up the functions ORDINALP, AND, IMPLIES, NOT, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] NORM-ABOVE-1 (DISABLE NORM-ABOVE-1-AUX1) [ 0.0 0.0 0.0 ] NORM-ABOVE-1-AUX1-OFF (DISABLE NORM-ABOVE-1-AUX2) [ 0.0 0.0 0.0 ] NORM-ABOVE-1-AUX2-OFF (PROVE-LEMMA PRED-NOT-0 (REWRITE) (IMPLIES (AND (ORD-LESSP 1 ALPHA) (ORDINALP ALPHA)) (ORD-LEQ 1 (PRED ALPHA N))) ((DO-NOT-INDUCT T) (USE (PRED-IS-LARGEST (N N) (BETA 1) (ALPHA ALPHA))) (DISABLE PRED-IS-LARGEST ORDINALP))) This conjecture simplifies, unfolding ORDINALP, NORM, AND, and IMPLIES, to the formula: (IMPLIES (AND (LESSP (PLUS (NORM ALPHA) (MAGIC N)) 1) (ORD-LESSP 1 ALPHA) (ORDINALP ALPHA)) (ORD-LEQ 1 (PRED ALPHA N))). But this again simplifies, using linear arithmetic and rewriting with NORM-ABOVE-1, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRED-NOT-0 (PROVE-LEMMA SINGLETONS-NOT-LARGE (REWRITE) (IMPLIES (AND (O-LARGEP SET ALPHA) (ORDINALP ALPHA) (ORD-LESSP 1 ALPHA)) (LISTP (CDR SET))) ((DO-NOT-INDUCT T) (USE (PRED-NOT-0 (ALPHA ALPHA) (N (CAR SET)))) (DISABLE PRED-IS-LARGEST NORM-ABOVE-1 PRED-NOT-0 RECURSIVE-CASE-FOR-LARGE EMPTY-NOT-LARGE) (ENABLE O-LARGEP))) WARNING: Note that SINGLETONS-NOT-LARGE contains the free variable ALPHA which will be chosen by instantiating the hypothesis (O-LARGEP SET ALPHA). This conjecture simplifies, applying CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and expanding ORDINALP, AND, IMPLIES, O-LARGEP, EQUAL, and ORD-LESSP, to: (IMPLIES (AND (ORD-LEQ 1 (PRED ALPHA (CAR SET))) (LISTP SET) (EQUAL (PRED ALPHA (CAR SET)) 0) (ORDINALP ALPHA) (ORD-LESSP 1 ALPHA)) (LISTP (CDR SET))), which again simplifies, expanding the function ORD-LEQ, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SINGLETONS-NOT-LARGE (DEFN BAD-FOR-LARGE-SUPERSET-ORD (ALPHA BETA X Y) (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (LEQ (NORM ALPHA) (PLUS (NORM BETA) (MAGIC (CAR X)))) (NOT (O-LARGEP Y ALPHA)))) Observe that: (OR (FALSEP (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y)) (TRUEP (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-LARGE-SUPERSET-ORD (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX1 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP 0 ALPHA)) ((ENABLE ORD-LESSP))) WARNING: Note that LARGE-SUPERSET-ORD-AUX1 contains the free variables Y, X, and BETA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (ORD-LESSP 0 ALPHA)), which simplifies, appealing to the lemma POSITIVE-LARGE, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX1 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX2 NIL (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 ALPHA) (ORD-LEQ ALPHA BETA)) (ORD-LESSP 0 BETA)) ((DO-NOT-INDUCT T) (ENABLE ORD-LEQ) (USE (TRICHOTOMY (SIGMA ALPHA) (TAU BETA))))) This conjecture can be simplified, using the abbreviations ORD-LEQ, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA)) (OR (EQUAL ALPHA BETA) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA ALPHA))) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 ALPHA) (NOT (ORD-LESSP BETA ALPHA))) (ORD-LESSP 0 BETA)). This simplifies, applying CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, IRREFLEX, and TRANSITIVITY, and unfolding the functions ORDINALP, AND, OR, IMPLIES, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX2 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX3 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP 0 BETA)) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX1 (ALPHA ALPHA) (X X) (Y Y) (BETA BETA)) (LARGE-SUPERSET-ORD-AUX2 (ALPHA ALPHA) (BETA BETA))) (DISABLE LARGE-SUPERSET-ORD-AUX1))) WARNING: Note that LARGE-SUPERSET-ORD-AUX3 contains the free variables Y, X, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This conjecture can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP 0 ALPHA)) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 ALPHA) (ORD-LEQ ALPHA BETA)) (ORD-LESSP 0 BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (ORD-LESSP 0 BETA)). This simplifies, applying the lemmas CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, and POSITIVE-LARGE, and expanding the definitions of ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, AND, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX3 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX4 (REWRITE) (NOT (BAD-FOR-LARGE-SUPERSET-ORD 1 1 X Y))) WARNING: Note that the rewrite rule LARGE-SUPERSET-ORD-AUX4 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-LARGE-SUPERSET-ORD. This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and NOT, to the new conjecture: (IMPLIES (AND (ORDINALP 1) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X 1) (ORD-LEQ 1 1) (NOT (LESSP (PLUS (NORM 1) (MAGIC (CAR X))) (NORM 1)))) (O-LARGEP Y 1)), which simplifies, rewriting with the lemma NUMBER-LARGE, and expanding the definitions of ORDINALP, ORD-LEQ, and NORM, to: (IMPLIES (AND (SETP X) (SETP Y) (SUBSETP X Y) (NOT (LESSP (LENGTH X) 1)) (NOT (LESSP (PLUS 1 (MAGIC (CAR X))) 1))) (NOT (LESSP (LENGTH Y) 1))). However this again simplifies, using linear arithmetic and rewriting with LENGTH-OF-SUBSET, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX4 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX5 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (ORDINALP ALPHA) (ORDINALP BETA)))) WARNING: Note that LARGE-SUPERSET-ORD-AUX5 contains the free variables Y, X, and BETA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). WARNING: Note that LARGE-SUPERSET-ORD-AUX5 contains the free variables Y, X, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). WARNING: Note that the proposed lemma LARGE-SUPERSET-ORD-AUX5 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (AND (ORDINALP ALPHA) (ORDINALP BETA))), which simplifies, rewriting with the lemmas CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and expanding the functions ORDINALP and AND, to six new conjectures: Case 6. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)), which again simplifies, opening up the definition of ORDINALP, to: T. Case 5. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (LISTP ALPHA) (LISTP (CDR ALPHA))) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA)))), which again simplifies, unfolding the function ORDINALP, to: T. Case 4. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (LISTP ALPHA)) (NOT (EQUAL (CAR ALPHA) 0))), which again simplifies, opening up the functions EQUAL and ORDINALP, to: T. Case 3. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (NOT (LISTP BETA))) (NUMBERP BETA)), which again simplifies, opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (LISTP BETA) (LISTP (CDR BETA))) (NOT (ORD-LESSP (CAR BETA) (CADR BETA)))), which again simplifies, expanding the function ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (LISTP BETA)) (NOT (EQUAL (CAR BETA) 0))), which again simplifies, opening up EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.3 0.0 ] LARGE-SUPERSET-ORD-AUX5 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX6 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (OR (ORD-LESSP 1 ALPHA) (ORD-LESSP 1 BETA))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX1 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX3 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (ORDS-BELOW-2 (ALPHA ALPHA)) (ORDS-BELOW-2 (ALPHA BETA))) (DISABLE TRANSITIVITY LARGE-SUPERSET-ORD-AUX1 LARGE-SUPERSET-ORD-AUX3 BAD-FOR-LARGE-SUPERSET-ORD ORD-LESSP))) WARNING: Note that the rewrite rule LARGE-SUPERSET-ORD-AUX6 will be stored so as to apply only to terms with the nonrecursive function symbol OR. WARNING: Note that LARGE-SUPERSET-ORD-AUX6 contains the free variables Y and X which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This simplifies, rewriting with LARGE-SUPERSET-ORD-AUX5 and LARGE-SUPERSET-ORD-AUX4, and opening up IMPLIES, NOT, AND, OR, and ORD-LESSP, to the following three new conjectures: Case 3. (IMPLIES (AND (ORD-LESSP 0 ALPHA) (ORD-LESSP 0 BETA) (EQUAL ALPHA 0) (EQUAL BETA 0)) (NOT (BAD-FOR-LARGE-SUPERSET-ORD 0 0 X Y))). This again simplifies, unfolding the function ORD-LESSP, to: T. Case 2. (IMPLIES (AND (ORD-LESSP 0 ALPHA) (ORD-LESSP 0 BETA) (EQUAL ALPHA 0) (EQUAL BETA 1)) (NOT (BAD-FOR-LARGE-SUPERSET-ORD 0 1 X Y))), which again simplifies, unfolding the function ORD-LESSP, to: T. Case 1. (IMPLIES (AND (ORD-LESSP 0 ALPHA) (ORD-LESSP 0 BETA) (EQUAL ALPHA 1) (EQUAL BETA 0)) (NOT (BAD-FOR-LARGE-SUPERSET-ORD 1 0 X Y))), which again simplifies, unfolding ORD-LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX6 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX7 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LEQ ALPHA BETA))) WARNING: Note that LARGE-SUPERSET-ORD-AUX7 contains the free variables Y and X which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and IMPLIES, to the new conjecture: T, which simplifies, trivially, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX7 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX8 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP 1 BETA)) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX6 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (TRANSITIVITY-ALT2 (ALPHA 1) (BETA ALPHA) (GAMMA BETA))) (DISABLE LARGE-SUPERSET-ORD-AUX6 BAD-FOR-LARGE-SUPERSET-ORD))) WARNING: Note that LARGE-SUPERSET-ORD-AUX8 contains the free variables Y, X, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This simplifies, rewriting with LARGE-SUPERSET-ORD-AUX5 and LARGE-SUPERSET-ORD-AUX7, and expanding the definitions of OR, IMPLIES, ORDINALP, and AND, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX8 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX9 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (LISTP (CDR X))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX8 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y))) (DISABLE LARGE-SUPERSET-ORD-AUX8))) WARNING: Note that LARGE-SUPERSET-ORD-AUX9 contains the free variables Y, BETA, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and IMPLIES, to the new formula: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP 1 BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (LISTP (CDR X))), which simplifies, rewriting with CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, and SINGLETONS-NOT-LARGE, and expanding ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX9 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX10 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (ORDINALP (PRED ALPHA (CAR Y))) (ORDINALP (PRED BETA (CAR X)))))) WARNING: Note that LARGE-SUPERSET-ORD-AUX10 contains the free variables X and BETA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). WARNING: the previously added lemma, PRED-IS-AN-ORDINAL, could be applied whenever the newly proposed LARGE-SUPERSET-ORD-AUX10 could! WARNING: Note that LARGE-SUPERSET-ORD-AUX10 contains the free variables Y and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). WARNING: the previously added lemma, PRED-IS-AN-ORDINAL, could be applied whenever the newly proposed LARGE-SUPERSET-ORD-AUX10 could! WARNING: Note that the proposed lemma LARGE-SUPERSET-ORD-AUX10 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and IMPLIES, to the new formula: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (AND (ORDINALP (PRED ALPHA (CAR Y))) (ORDINALP (PRED BETA (CAR X))))), which simplifies, appealing to the lemma PRED-IS-AN-ORDINAL, and unfolding the function AND, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX10 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX11 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (LISTP X) (LISTP Y))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX9 (X X) (Y Y) (ALPHA ALPHA) (BETA BETA))))) WARNING: Note that LARGE-SUPERSET-ORD-AUX11 contains the free variables Y, BETA, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). WARNING: Note that LARGE-SUPERSET-ORD-AUX11 contains the free variables X, BETA, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). WARNING: Note that the proposed lemma LARGE-SUPERSET-ORD-AUX11 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and IMPLIES, to: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (LISTP (CDR X))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (AND (LISTP X) (LISTP Y))), which simplifies, applying CARS-ARE-ORDINALS and CDRS-ARE-ORDINALS, and opening up the definitions of ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, EQUAL, and AND, to the following two new formulas: Case 2. (IMPLIES (AND (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (LISTP X)). This again simplifies, rewriting with the lemma CDR-NLISTP, and expanding the definition of LISTP, to: T. Case 1. (IMPLIES (AND (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (LISTP Y)). Applying the lemma CAR-CDR-ELIM, replace X by (CONS V Z) to eliminate (CDR X) and (CAR X). We would thus like to prove the following two new formulas: Case 1.2. (IMPLIES (AND (NOT (LISTP X)) (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (LISTP Y)). This further simplifies, applying CDR-NLISTP, and opening up the function LISTP, to: T. Case 1.1. (IMPLIES (AND (LISTP Z) (ORDINALP ALPHA) (ORDINALP BETA) (SETP (CONS V Z)) (SETP Y) (SUBSETP (CONS V Z) Y) (O-LARGEP (CONS V Z) BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC V)) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (LISTP Y)). This further simplifies, applying NON-EMPTY-SUBSET, to: T. Q.E.D. [ 0.0 0.1 0.0 ] LARGE-SUPERSET-ORD-AUX11 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX12 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (SETP (CDR X)) (SETP (CDR Y)))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX11 (X X) (Y Y) (ALPHA ALPHA) (BETA BETA)) (TAIL-OF-A-SET (S X)) (TAIL-OF-A-SET (S Y))) (DISABLE CAR-NLISTP CDR-NLISTP LARGE-SUPERSET-ORD-AUX11 TRANSITIVITY-OF-SUBSET LARGE-SUPERSET-ORD-AUX10 ORD-LEQ-IS-IDEMPOTENT CDR-CDR-SUBSET TAIL-OF-A-SET))) WARNING: Note that LARGE-SUPERSET-ORD-AUX12 contains the free variables Y, BETA, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). WARNING: Note that LARGE-SUPERSET-ORD-AUX12 contains the free variables X, BETA, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). WARNING: Note that the proposed lemma LARGE-SUPERSET-ORD-AUX12 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This conjecture can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (LISTP X) (LISTP Y))) (IMPLIES (AND (SETP X) (LISTP X)) (SETP (CDR X))) (IMPLIES (AND (SETP Y) (LISTP Y)) (SETP (CDR Y))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (AND (SETP (CDR X)) (SETP (CDR Y)))). This simplifies, rewriting with CARS-ARE-ORDINALS and CDRS-ARE-ORDINALS, and expanding the functions ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, AND, IMPLIES, and EQUAL, to: T. Q.E.D. [ 0.0 0.1 0.0 ] LARGE-SUPERSET-ORD-AUX12 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX13 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (SUBSETP (CDR X) (CDR Y))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX11 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (CDR-CDR-SUBSET (S1 X) (S2 Y)) (TAIL-OF-A-SET (S X)) (TAIL-OF-A-SET (S Y))) (DISABLE IRREFLEX-OF-ORD-LEQ ORD-LEQ-IS-TRANSITIVE MIN-IS-FIRST ORD-LEQ CARS-ARE-ORDINALS NUMBERS-BELOW-OMEGA TRANSITIVITY-OF-SUBSET LARGE-SUPERSET-ORD-AUX11 ORD-LEQ-IS-IDEMPOTENT CDR-CDR-SUBSET TAIL-OF-A-SET))) WARNING: Note that LARGE-SUPERSET-ORD-AUX13 contains the free variables BETA and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to the new goal: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (LISTP X) (LISTP Y))) (IMPLIES (AND (SETP X) (SETP Y) (LISTP X) (SUBSETP X Y)) (SUBSETP (CDR X) (CDR Y))) (IMPLIES (AND (SETP X) (LISTP X)) (SETP (CDR X))) (IMPLIES (AND (SETP Y) (LISTP Y)) (SETP (CDR Y))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (SUBSETP (CDR X) (CDR Y))), which simplifies, opening up BAD-FOR-LARGE-SUPERSET-ORD, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX13 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX14 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (O-LARGEP (CDR X) (PRED BETA (CAR X)))) ((DO-NOT-INDUCT T) (USE (RECURSIVE-CASE-FOR-LARGE (SET X) (ALPHA BETA)) (LARGE-SUPERSET-ORD-AUX11 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y))) (DISABLE RECURSIVE-CASE-FOR-LARGE LARGE-SUPERSET-ORD-AUX11))) WARNING: Note that LARGE-SUPERSET-ORD-AUX14 contains the free variables Y and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (LISTP X) (NOT (EQUAL BETA 0))) (EQUAL (O-LARGEP X BETA) (O-LARGEP (CDR X) (PRED BETA (CAR X))))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (LISTP X) (LISTP Y))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (O-LARGEP (CDR X) (PRED BETA (CAR X)))), which simplifies, applying CAR-NLISTP, EMPTY-SUBSET, CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, NUMBER-LARGE, and PRED-OF-0, and expanding the functions NOT, AND, EQUAL, IMPLIES, MAGIC, ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, PLUS, NORM, LESSP, and LENGTH, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX14 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX15 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (ORD-LEQ (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)))) ((DO-NOT-INDUCT T) (USE (COMPARE-FIRST-ELTS (S1 X) (S2 Y)) (LARGE-SUPERSET-ORD-AUX11 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y))) (DISABLE LARGE-SUPERSET-ORD-AUX11 COMPARE-FIRST-ELTS))) This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to the new goal: (IMPLIES (AND (IMPLIES (AND (SETP X) (SETP Y) (LISTP X) (SUBSETP X Y)) (NOT (LESSP (CAR X) (CAR Y)))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (AND (LISTP X) (LISTP Y))) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (ORD-LEQ ALPHA ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (ORD-LEQ (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)))), which simplifies, applying CAR-NLISTP, ORD-LEQ-IS-IDEMPOTENT, EMPTY-SUBSET, CARS-ARE-ORDINALS, and CDRS-ARE-ORDINALS, and expanding the functions AND, NOT, IMPLIES, MAGIC, ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, and EQUAL, to: (IMPLIES (AND (NOT (LESSP (CAR X) (CAR Y))) (LISTP X) (LISTP Y) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (ORD-LEQ (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)))), which again simplifies, rewriting with NON-EMPTY-SUBSET, to: (IMPLIES (AND (NOT (LESSP (CAR X) (CAR Y))) (LISTP X) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (ORD-LEQ (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)))). Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate (CAR X) and (CDR X). We would thus like to prove: (IMPLIES (AND (NOT (LESSP Z (CAR Y))) (ORDINALP ALPHA) (SETP (CONS Z V)) (SETP Y) (SUBSETP (CONS Z V) Y) (O-LARGEP (CONS Z V) ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC Z)) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (ORD-LEQ (PRED ALPHA (CAR Y)) (PRED ALPHA Z))). Applying the lemma CAR-CDR-ELIM, replace Y by (CONS W D) to eliminate (CAR Y) and (CDR Y). We would thus like to prove the following two new formulas: Case 2. (IMPLIES (AND (NOT (LISTP Y)) (NOT (LESSP Z (CAR Y))) (ORDINALP ALPHA) (SETP (CONS Z V)) (SETP Y) (SUBSETP (CONS Z V) Y) (O-LARGEP (CONS Z V) ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC Z)) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (ORD-LEQ (PRED ALPHA (CAR Y)) (PRED ALPHA Z))). This further simplifies, rewriting with the lemma NON-EMPTY-SUBSET, to: T. Case 1. (IMPLIES (AND (NOT (LESSP Z W)) (ORDINALP ALPHA) (SETP (CONS Z V)) (SETP (CONS W D)) (SUBSETP (CONS Z V) (CONS W D)) (O-LARGEP (CONS Z V) ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC Z)) (NORM ALPHA))) (NOT (O-LARGEP (CONS W D) ALPHA))) (ORD-LEQ (PRED ALPHA W) (PRED ALPHA Z))), which further simplifies, rewriting with CAR-OF-A-SET and MONOT-OF-PRED, to: T. Q.E.D. [ 0.0 0.1 0.0 ] LARGE-SUPERSET-ORD-AUX15 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX16 NIL (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (LEQ (NORM (PRED ALPHA (CAR Y))) (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CAR (CDR X)))))) ((DO-NOT-INDUCT T) (USE (MONOT-OF-NORM-OF-PRED (ALPHA ALPHA) (M (CAR Y)) (N (CAR X))) (COMPARE-FIRST-ELTS (S1 X) (S2 Y)) (LARGE-SUPERSET-ORD-AUX11 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y))) (DISABLE LARGE-SUPERSET-ORD-AUX11 COMPARE-FIRST-ELTS))) This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP ALPHA) (NUMBERP (CAR Y)) (NUMBERP (CAR X)) (IF (LESSP (CAR X) (CAR Y)) F T)) (NOT (LESSP (NORM (PRED ALPHA (CAR X))) (NORM (PRED ALPHA (CAR Y)))))) (IMPLIES (AND (SETP X) (SETP Y) (LISTP X) (SUBSETP X Y)) (NOT (LESSP (CAR X) (CAR Y)))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (AND (LISTP X) (LISTP Y))) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (ORD-LEQ ALPHA ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA (CAR Y)))))), which simplifies, appealing to the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, ORD-LEQ-IS-IDEMPOTENT, CAR-NLISTP, and EMPTY-SUBSET, and expanding ORDINALP, AND, NOT, IMPLIES, BAD-FOR-LARGE-SUPERSET-ORD, EQUAL, LESSP, and MAGIC, to four new formulas: Case 4. (IMPLIES (AND (NOT (NUMBERP (CAR Y))) (LISTP X) (LISTP Y) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA (CAR Y)))))), which again simplifies, rewriting with NON-EMPTY-SUBSET, to the new conjecture: (IMPLIES (AND (NOT (NUMBERP (CAR Y))) (LISTP X) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA (CAR Y)))))). Applying the lemma CAR-CDR-ELIM, replace Y by (CONS Z V) to eliminate (CAR Y) and (CDR Y). We thus obtain the following two new formulas: Case 4.2. (IMPLIES (AND (NOT (LISTP Y)) (NOT (NUMBERP (CAR Y))) (LISTP X) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA (CAR Y)))))). However this further simplifies, rewriting with the lemma NON-EMPTY-SUBSET, to: T. Case 4.1. (IMPLIES (AND (NOT (NUMBERP Z)) (LISTP X) (ORDINALP ALPHA) (SETP X) (SETP (CONS Z V)) (SUBSETP X (CONS Z V)) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP (CONS Z V) ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA Z))))), which further simplifies, applying the lemma CAR-OF-A-SET, to: T. Case 3. (IMPLIES (AND (NOT (NUMBERP (CAR X))) (EQUAL (CAR Y) 0) (LISTP X) (LISTP Y) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA 0))))), which again simplifies, applying NON-EMPTY-SUBSET, to the new formula: (IMPLIES (AND (NOT (NUMBERP (CAR X))) (EQUAL (CAR Y) 0) (LISTP X) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA 0))))). Applying the lemma CAR-CDR-ELIM, replace X by (CONS Z V) to eliminate (CAR X) and (CDR X) and V by (CONS W D) to eliminate (CAR V) and (CDR V). We would thus like to prove the following two new formulas: Case 3.2. (IMPLIES (AND (NOT (LISTP V)) (NOT (NUMBERP Z)) (EQUAL (CAR Y) 0) (ORDINALP ALPHA) (SETP (CONS Z V)) (SETP Y) (SUBSETP (CONS Z V) Y) (O-LARGEP (CONS Z V) ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC Z)) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA Z)) (MAGIC (CAR V))) (NORM (PRED ALPHA 0))))). However this further simplifies, applying the lemma CAR-OF-A-SET, to: T. Case 3.1. (IMPLIES (AND (NOT (NUMBERP Z)) (EQUAL (CAR Y) 0) (ORDINALP ALPHA) (SETP (CONS Z (CONS W D))) (SETP Y) (SUBSETP (CONS Z (CONS W D)) Y) (O-LARGEP (CONS Z (CONS W D)) ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC Z)) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA Z)) (MAGIC W)) (NORM (PRED ALPHA 0))))), which further simplifies, applying CAR-OF-A-SET, to: T. Case 2. (IMPLIES (AND (NOT (NUMBERP (CAR X))) (NOT (NUMBERP (CAR Y))) (LISTP X) (LISTP Y) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA (CAR Y)))))). This again simplifies, rewriting with the lemma NON-EMPTY-SUBSET, to: (IMPLIES (AND (NOT (NUMBERP (CAR X))) (NOT (NUMBERP (CAR Y))) (LISTP X) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA (CAR Y)))))). Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to eliminate (CAR X) and (CDR X) and V by (CONS W D) to eliminate (CAR V) and (CDR V). This generates two new goals: Case 2.2. (IMPLIES (AND (NOT (LISTP V)) (NOT (NUMBERP Z)) (NOT (NUMBERP (CAR Y))) (ORDINALP ALPHA) (SETP (CONS Z V)) (SETP Y) (SUBSETP (CONS Z V) Y) (O-LARGEP (CONS Z V) ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC Z)) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA Z)) (MAGIC (CAR V))) (NORM (PRED ALPHA (CAR Y)))))), which further simplifies, rewriting with CAR-OF-A-SET, to: T. Case 2.1. (IMPLIES (AND (NOT (NUMBERP Z)) (NOT (NUMBERP (CAR Y))) (ORDINALP ALPHA) (SETP (CONS Z (CONS W D))) (SETP Y) (SUBSETP (CONS Z (CONS W D)) Y) (O-LARGEP (CONS Z (CONS W D)) ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC Z)) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA Z)) (MAGIC W)) (NORM (PRED ALPHA (CAR Y)))))). This further simplifies, rewriting with CAR-OF-A-SET, to: T. Case 1. (IMPLIES (AND (NOT (LESSP (NORM (PRED ALPHA (CAR X))) (NORM (PRED ALPHA (CAR Y))))) (NOT (LESSP (CAR X) (CAR Y))) (LISTP X) (LISTP Y) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA (CAR Y)))))). This again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.4 0.0 ] LARGE-SUPERSET-ORD-AUX16 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX17 NIL (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (NOT (O-LARGEP (CDR Y) (PRED ALPHA (CAR Y))))) ((DO-NOT-INDUCT T) (USE (RECURSIVE-CASE-FOR-LARGE (SET Y) (ALPHA ALPHA)) (LARGE-SUPERSET-ORD-AUX11 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y))) (DISABLE LARGE-SUPERSET-ORD-AUX11 RECURSIVE-CASE-FOR-LARGE))) This formula can be simplified, using the abbreviations NOT, BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to the new goal: (IMPLIES (AND (IMPLIES (AND (LISTP Y) (NOT (EQUAL ALPHA 0))) (EQUAL (O-LARGEP Y ALPHA) (O-LARGEP (CDR Y) (PRED ALPHA (CAR Y))))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (AND (LISTP X) (LISTP Y))) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (ORD-LEQ ALPHA ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (NOT (O-LARGEP (CDR Y) (PRED ALPHA (CAR Y))))), which simplifies, applying ORD-LEQ-IS-IDEMPOTENT, TRANSITIVITY-OF-SUBSET, EMPTY-SUBSET, CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, and NUMBER-LARGE, and expanding the functions NOT, AND, EQUAL, IMPLIES, ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, LENGTH, PLUS, NORM, ORD-LEQ, and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX17 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX18 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (BAD-FOR-LARGE-SUPERSET-ORD (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)) (CDR X) (CDR Y))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX10 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX11 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX12 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX13 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX14 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX15 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX16 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX17 (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y))) (DISABLE SUBSETP ORD-LEQ CDR-OF-SUBSET SUBSET-OF-CDR NUMBERS-BELOW-OMEGA PRED-IS-LARGEST NORM CARS-ARE-ORDINALS LARGE-SUPERSET-ORD-AUX10 LARGE-SUPERSET-ORD-AUX11 LARGE-SUPERSET-ORD-AUX12 LARGE-SUPERSET-ORD-AUX13 LARGE-SUPERSET-ORD-AUX14 LARGE-SUPERSET-ORD-AUX15 LARGE-SUPERSET-ORD-AUX16 LARGE-SUPERSET-ORD-AUX17))) WARNING: Note that the rewrite rule LARGE-SUPERSET-ORD-AUX18 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-LARGE-SUPERSET-ORD. This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to the new conjecture: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (AND (ORDINALP (PRED ALPHA (CAR Y))) (ORDINALP (PRED ALPHA (CAR X))))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (AND (LISTP X) (LISTP Y))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (AND (SETP (CDR X)) (SETP (CDR Y)))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (SUBSETP (CDR X) (CDR Y))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (O-LARGEP (CDR X) (PRED ALPHA (CAR X)))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (ORD-LEQ (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (IF (LESSP (PLUS (NORM (PRED ALPHA (CAR X))) (MAGIC (CADR X))) (NORM (PRED ALPHA (CAR Y)))) F T)) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA ALPHA X Y) (NOT (O-LARGEP (CDR Y) (PRED ALPHA (CAR Y))))) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA) (ORD-LEQ ALPHA ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (BAD-FOR-LARGE-SUPERSET-ORD (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)) (CDR X) (CDR Y))), which simplifies, rewriting with ORD-LEQ-IS-IDEMPOTENT, PRED-IS-AN-ORDINAL, and CDR-CDR-SUBSET, and expanding BAD-FOR-LARGE-SUPERSET-ORD, AND, IMPLIES, and NOT, to: T. Q.E.D. [ 0.0 0.1 0.0 ] LARGE-SUPERSET-ORD-AUX18 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX19 (REWRITE) (IMPLIES (AND (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP ALPHA BETA)) (ORD-LEQ ALPHA (PRED BETA (CAR X))))) WARNING: Note that LARGE-SUPERSET-ORD-AUX19 contains the free variable Y which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This conjecture can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, AND, and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA)) (ORD-LEQ ALPHA (PRED BETA (CAR X)))). This simplifies, applying PRED-IS-LARGEST, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX19 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX20 NIL (IMPLIES (AND (ORDINALP BETA) (NUMBERP V) (NUMBERP Z) (LESSP V Z)) (LEQ (PLUS (NORM BETA) (MAGIC V)) (PLUS (NORM (PRED BETA Z)) (MAGIC Z))))) This simplifies, using linear arithmetic and applying the lemmas MAGIC-IS-MONOTONIC and LOWER-BOUND-ON-NORM-OF-PRED, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX20 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX21 NIL (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (LESSP (CAR X) (CADR X))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX9 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y))))) This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and IMPLIES, to: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (LISTP (CDR X))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (LESSP (CAR X) (CADR X))), which simplifies, applying CARS-ARE-ORDINALS and CDRS-ARE-ORDINALS, and opening up the functions ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and EQUAL, to: (IMPLIES (AND (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (LESSP (CAR X) (CADR X))), which again simplifies, using linear arithmetic and appealing to the lemma CAR-BEFORE-CADR, to: T. Q.E.D. [ 0.0 0.1 0.0 ] LARGE-SUPERSET-ORD-AUX21 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX22 NIL (IMPLIES (AND (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP ALPHA BETA)) (LEQ (NORM ALPHA) (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CAR (CDR X)))))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX21 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX20 (BETA BETA) (V (CAR X)) (Z (CADR X)))))) This conjecture can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to the conjecture: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (LESSP (CAR X) (CADR X))) (IMPLIES (AND (ORDINALP BETA) (NUMBERP (CAR X)) (NUMBERP (CADR X)) (LESSP (CAR X) (CADR X))) (IF (LESSP (PLUS (NORM (PRED BETA (CADR X))) (MAGIC (CADR X))) (PLUS (NORM BETA) (MAGIC (CAR X)))) F T)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA)) (NOT (LESSP (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CADR X))) (NORM ALPHA)))). This simplifies, applying the lemmas CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, NORM-OF-CONS, and SUB1-ADD1, and expanding the functions ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, AND, EQUAL, PLUS, LESSP, and NORM, to the following three new formulas: Case 3. (IMPLIES (AND (LESSP (CAR X) (CADR X)) (NOT (NUMBERP (CAR X))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA)) (NOT (LESSP (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CADR X))) (NORM ALPHA)))). However this again simplifies, using linear arithmetic and rewriting with the lemmas LOWER-BOUND-ON-NORM-OF-PRED and MAGIC-IS-MONOTONIC, to: T. Case 2. (IMPLIES (AND (LESSP (CAR X) (CADR X)) (NOT (NUMBERP (CADR X))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA)) (NOT (LESSP (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CADR X))) (NORM ALPHA)))), which again simplifies, using linear arithmetic and appealing to the lemmas LOWER-BOUND-ON-NORM-OF-PRED and MAGIC-IS-MONOTONIC, to: T. Case 1. (IMPLIES (AND (LESSP (CAR X) (CADR X)) (NOT (LESSP (PLUS (NORM (PRED BETA (CADR X))) (MAGIC (CADR X))) (PLUS (NORM BETA) (MAGIC (CAR X))))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA)) (NOT (LESSP (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CADR X))) (NORM ALPHA)))), which again simplifies, using linear arithmetic and rewriting with LOWER-BOUND-ON-NORM-OF-PRED and MAGIC-IS-MONOTONIC, to: T. Q.E.D. [ 0.0 0.5 0.0 ] LARGE-SUPERSET-ORD-AUX22 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX23 NIL (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (SUBSETP (CDR X) Y)) ((DO-NOT-INDUCT T) (USE (CDR-IS-SUBSET (S X))) (DISABLE CDR-IS-SUBSET))) This conjecture can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD and IMPLIES, to the goal: (IMPLIES (AND (SUBSETP (CDR X) X) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA))) (SUBSETP (CDR X) Y)). This simplifies, rewriting with TRANSITIVITY-OF-SUBSET, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX23 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX24 NIL (IMPLIES (AND (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP ALPHA BETA)) (BAD-FOR-LARGE-SUPERSET-ORD ALPHA (PRED BETA (CAR X)) (CDR X) Y)) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX23 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX10 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX12 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX14 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX19 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX22 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y))) (DISABLE LARGE-SUPERSET-ORD-AUX23 LARGE-SUPERSET-ORD-AUX10 LARGE-SUPERSET-ORD-AUX11 LARGE-SUPERSET-ORD-AUX12 LARGE-SUPERSET-ORD-AUX14 LARGE-SUPERSET-ORD-AUX19 LARGE-SUPERSET-ORD-AUX22))) This formula can be simplified, using the abbreviations BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (SUBSETP (CDR X) Y)) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (ORDINALP (PRED ALPHA (CAR Y))) (ORDINALP (PRED BETA (CAR X))))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (AND (SETP (CDR X)) (SETP (CDR Y)))) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (O-LARGEP (CDR X) (PRED BETA (CAR X)))) (IMPLIES (AND (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP ALPHA BETA)) (ORD-LEQ ALPHA (PRED BETA (CAR X)))) (IMPLIES (AND (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (ORD-LESSP ALPHA BETA)) (IF (LESSP (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CADR X))) (NORM ALPHA)) F T)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA)) (BAD-FOR-LARGE-SUPERSET-ORD ALPHA (PRED BETA (CAR X)) (CDR X) Y)), which simplifies, applying CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, PRED-IS-AN-ORDINAL, PRED-IS-LARGEST, NORM-OF-CONS, and SUB1-ADD1, and opening up ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, IMPLIES, AND, LESSP, EQUAL, NORM, and PLUS, to the following three new goals: Case 3. (IMPLIES (AND (SUBSETP (CDR X) Y) (SETP (CDR X)) (SETP (CDR Y)) (O-LARGEP (CDR X) (PRED BETA (CAR X))) (NOT (LESSP (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CADR X))) (NORM ALPHA))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)). This again simplifies, opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (SUBSETP (CDR X) Y) (SETP (CDR X)) (SETP (CDR Y)) (O-LARGEP (CDR X) (PRED BETA (CAR X))) (NOT (LESSP (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CADR X))) (NORM ALPHA))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA) (LISTP ALPHA) (LISTP (CDR ALPHA))) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA)))), which again simplifies, appealing to the lemmas NORM-OF-CONS and SUB1-ADD1, and opening up LESSP and ORDINALP, to: T. Case 1. (IMPLIES (AND (SUBSETP (CDR X) Y) (SETP (CDR X)) (SETP (CDR Y)) (O-LARGEP (CDR X) (PRED BETA (CAR X))) (NOT (LESSP (PLUS (NORM (PRED BETA (CAR X))) (MAGIC (CADR X))) (NORM ALPHA))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (ORD-LESSP ALPHA BETA) (LISTP ALPHA)) (NOT (EQUAL (CAR ALPHA) 0))), which again simplifies, applying NORM-OF-CONS and SUB1-ADD1, and expanding the functions NORM, EQUAL, PLUS, LESSP, and ORDINALP, to: T. Q.E.D. [ 0.0 0.4 0.0 ] LARGE-SUPERSET-ORD-AUX24 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX25 NIL (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (OR (ORD-LESSP ALPHA BETA) (EQUAL ALPHA BETA))) ((DO-NOT-INDUCT T) (USE (TRICHOTOMY (SIGMA ALPHA) (TAU BETA))) (ENABLE ORD-LEQ))) This conjecture can be simplified, using the abbreviations OR, ORD-LEQ, BAD-FOR-LARGE-SUPERSET-ORD, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA)) (OR (EQUAL ALPHA BETA) (ORD-LESSP ALPHA BETA) (ORD-LESSP BETA ALPHA))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (NOT (ORD-LESSP BETA ALPHA)) (NOT (LESSP (PLUS (NORM BETA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (O-LARGEP Y ALPHA)) (NOT (ORD-LESSP ALPHA BETA))) (EQUAL ALPHA BETA)). This simplifies, rewriting with CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and unfolding ORDINALP, AND, OR, IMPLIES, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX25 (DISABLE LARGE-SUPERSET-ORD-AUX1) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX1-OFF (DISABLE LARGE-SUPERSET-ORD-AUX2) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX2-OFF (DISABLE LARGE-SUPERSET-ORD-AUX3) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX3-OFF (DISABLE LARGE-SUPERSET-ORD-AUX4) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX4-OFF (DISABLE LARGE-SUPERSET-ORD-AUX5) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX5-OFF (DISABLE LARGE-SUPERSET-ORD-AUX6) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX6-OFF (DISABLE LARGE-SUPERSET-ORD-AUX7) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX7-OFF (DISABLE LARGE-SUPERSET-ORD-AUX8) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX8-OFF (DISABLE LARGE-SUPERSET-ORD-AUX9) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX9-OFF (DISABLE LARGE-SUPERSET-ORD-AUX10) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX10-OFF (DISABLE LARGE-SUPERSET-ORD-AUX11) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX11-OFF (DISABLE LARGE-SUPERSET-ORD-AUX12) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX12-OFF (DISABLE LARGE-SUPERSET-ORD-AUX13) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX13-OFF (DISABLE LARGE-SUPERSET-ORD-AUX14) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX14-OFF (DISABLE LARGE-SUPERSET-ORD-AUX15) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX15-OFF (DISABLE LARGE-SUPERSET-ORD-AUX16) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX16-OFF (DISABLE LARGE-SUPERSET-ORD-AUX17) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX17-OFF (DISABLE LARGE-SUPERSET-ORD-AUX18) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX18-OFF (DISABLE LARGE-SUPERSET-ORD-AUX19) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX19-OFF (DISABLE LARGE-SUPERSET-ORD-AUX21) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX21-OFF (DISABLE LARGE-SUPERSET-ORD-AUX22) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX22-OFF (DISABLE LARGE-SUPERSET-ORD-AUX23) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX23-OFF (DISABLE LARGE-SUPERSET-ORD-AUX24) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX24-OFF (DISABLE LARGE-SUPERSET-ORD-AUX25) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX25-OFF (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX26 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (OR (BAD-FOR-LARGE-SUPERSET-ORD ALPHA (PRED BETA (CAR X)) (CDR X) Y) (BAD-FOR-LARGE-SUPERSET-ORD (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)) (CDR X) (CDR Y)))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX24 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX25 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y)) (LARGE-SUPERSET-ORD-AUX18 (ALPHA ALPHA) (X X) (Y Y))) (DISABLE BAD-FOR-LARGE-SUPERSET-ORD))) WARNING: Note that the rewrite rule LARGE-SUPERSET-ORD-AUX26 will be stored so as to apply only to terms with the nonrecursive function symbol OR. This simplifies, unfolding the functions AND, IMPLIES, and OR, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX26 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX27 (REWRITE) (IMPLIES (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y) (LISTP X)) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX9 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y))) (DISABLE BAD-FOR-LARGE-SUPERSET-ORD))) WARNING: Note that LARGE-SUPERSET-ORD-AUX27 contains the free variables Y, BETA, and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y). This formula simplifies, rewriting with CDR-NLISTP, and opening up the definitions of LISTP and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX27 (DEFN LARGE-SUPERSET-ORD-KLUDGE (ALPHA BETA X Y) (IF (NLISTP X) 0 (PLUS (LARGE-SUPERSET-ORD-KLUDGE ALPHA (PRED BETA (CAR X)) (CDR X) Y) (LARGE-SUPERSET-ORD-KLUDGE (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)) (CDR X) (CDR Y))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to show that the measure (COUNT X) decreases according to the well-founded relation LESSP in each recursive call. Hence, LARGE-SUPERSET-ORD-KLUDGE is accepted under the principle of definition. From the definition we can conclude that (NUMBERP (LARGE-SUPERSET-ORD-KLUDGE ALPHA BETA X Y)) is a theorem. [ 0.0 0.1 0.0 ] LARGE-SUPERSET-ORD-KLUDGE (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX28 (REWRITE) (IMPLIES (AND (NOT (BAD-FOR-LARGE-SUPERSET-ORD ALPHA (PRED BETA (CAR X)) (CDR X) Y)) (NOT (BAD-FOR-LARGE-SUPERSET-ORD (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)) (CDR X) (CDR Y)))) (NOT (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y))) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX26 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y))) (DISABLE BAD-FOR-LARGE-SUPERSET-ORD LARGE-SUPERSET-ORD-AUX26))) WARNING: Note that the rewrite rule LARGE-SUPERSET-ORD-AUX28 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-LARGE-SUPERSET-ORD. This simplifies, expanding the definitions of OR and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX28 (PROVE-LEMMA LARGE-SUPERSET-ORD-AUX29 (REWRITE) (NOT (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y)) ((INDUCT (LARGE-SUPERSET-ORD-KLUDGE ALPHA BETA X Y)) (DISABLE BAD-FOR-LARGE-SUPERSET-ORD))) WARNING: Note that the rewrite rule LARGE-SUPERSET-ORD-AUX29 will be stored so as to apply only to terms with the nonrecursive function symbol: BAD-FOR-LARGE-SUPERSET-ORD. WARNING: the newly proposed lemma, LARGE-SUPERSET-ORD-AUX29, could be applied whenever the previously added lemma LARGE-SUPERSET-ORD-AUX28 could. This conjecture can be simplified, using the abbreviations NLISTP, NOT, OR, and AND, to two new formulas: Case 2. (IMPLIES (NOT (LISTP X)) (NOT (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y))), which simplifies, appealing to the lemma LARGE-SUPERSET-ORD-AUX27, to: T. Case 1. (IMPLIES (AND (LISTP X) (NOT (BAD-FOR-LARGE-SUPERSET-ORD (PRED ALPHA (CAR Y)) (PRED ALPHA (CAR X)) (CDR X) (CDR Y))) (NOT (BAD-FOR-LARGE-SUPERSET-ORD ALPHA (PRED BETA (CAR X)) (CDR X) Y))) (NOT (BAD-FOR-LARGE-SUPERSET-ORD ALPHA BETA X Y))), which simplifies, applying the lemmas LARGE-SUPERSET-ORD-AUX27 and LARGE-SUPERSET-ORD-AUX28, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX29 (PROVE-LEMMA LARGE-SUPERSET-ORD (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (LEQ (NORM ALPHA) (PLUS (NORM BETA) (MAGIC (CAR X))))) (O-LARGEP Y ALPHA)) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD-AUX29 (ALPHA ALPHA) (BETA BETA) (X X) (Y Y))) (DISABLE LARGE-SUPERSET-ORD-AUX29))) WARNING: Note that LARGE-SUPERSET-ORD contains the free variables X and BETA which will be chosen by instantiating the hypotheses (ORDINALP BETA) and (SETP X). This simplifies, rewriting with CARS-ARE-ORDINALS and CDRS-ARE-ORDINALS, and expanding the definitions of ORDINALP, BAD-FOR-LARGE-SUPERSET-ORD, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD (DISABLE LARGE-SUPERSET-ORD-AUX26) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX26-OFF (DISABLE LARGE-SUPERSET-ORD-AUX27) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX27-OFF (DISABLE LARGE-SUPERSET-ORD-AUX28) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX28-OFF (DISABLE LARGE-SUPERSET-ORD-AUX29) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-AUX29-OFF (DISABLE LARGE-SUPERSET-ORD-KLUDGE) [ 0.0 0.0 0.0 ] LARGE-SUPERSET-ORD-KLUDGE-OFF (PROVE-LEMMA LARGE-GOES-UP (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA)) (O-LARGEP Y ALPHA)) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD (ALPHA ALPHA) (BETA ALPHA) (X X) (Y Y))))) WARNING: Note that LARGE-GOES-UP contains the free variable X which will be chosen by instantiating the hypothesis (SETP X). This simplifies, applying the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, ORD-LEQ-IS-IDEMPOTENT, and NUMBER-LARGE, and opening up the functions ORDINALP, AND, IMPLIES, and EQUAL, to six new conjectures: Case 6. (IMPLIES (AND (LISTP ALPHA) (NOT (EQUAL (CAR ALPHA) 0)) (NOT (LISTP (CDR ALPHA))) (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA)) (NOT (AND T F)) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA)) (O-LARGEP Y ALPHA)), which again simplifies, using linear arithmetic, to: T. Case 5. (IMPLIES (AND (LISTP ALPHA) (NOT (EQUAL (CAR ALPHA) 0)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA)) (NOT (AND T F)) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA)) (O-LARGEP Y ALPHA)), which again simplifies, using linear arithmetic, to: T. Case 4. (IMPLIES (AND (LISTP ALPHA) (NOT (EQUAL (CAR ALPHA) 0)) (NOT (LISTP (CDR ALPHA))) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (AND T T)) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA)) (O-LARGEP Y ALPHA)), which again simplifies, rewriting with the lemmas NORM-OF-CONS and SUB1-ADD1, and expanding PLUS, LESSP, and AND, to: T. Case 3. (IMPLIES (AND (LISTP ALPHA) (NOT (EQUAL (CAR ALPHA) 0)) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA))) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (AND T T)) (ORDINALP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (O-LARGEP X ALPHA)) (O-LARGEP Y ALPHA)), which again simplifies, appealing to the lemmas NORM-OF-CONS and SUB1-ADD1, and expanding the functions PLUS, LESSP, and AND, to: T. Case 2. (IMPLIES (AND (NOT (LISTP ALPHA)) (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA)) (NOT (AND (NUMBERP ALPHA) F)) (NUMBERP ALPHA) (SETP X) (SETP Y) (SUBSETP X Y) (NOT (LESSP (LENGTH X) ALPHA))) (NOT (LESSP (LENGTH Y) ALPHA))), which again simplifies, using linear arithmetic, to: T. Case 1. (IMPLIES (AND (NOT (LISTP ALPHA)) (NUMBERP ALPHA) (NOT (LESSP (PLUS (NORM ALPHA) (MAGIC (CAR X))) (NORM ALPHA))) (NOT (AND (NUMBERP ALPHA) T)) (SETP X) (SETP Y) (SUBSETP X Y) (NOT (LESSP (LENGTH X) ALPHA))) (NOT (LESSP (LENGTH Y) ALPHA))), which again simplifies, using linear arithmetic and applying the lemma LENGTH-OF-SUBSET, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-GOES-UP (PROVE-LEMMA SUBSETP-IS-IDEMPOTENT (REWRITE) (SUBSETP S S) ((USE (SUBSETP-WORKS-2 (S1 S) (S2 S))) (DISABLE SUBSETP-WORKS-2))) This formula simplifies, unfolding the functions NOT, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SUBSETP-IS-IDEMPOTENT (PROVE-LEMMA LARGE-WITH-SMALLER-ORD (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP X) (O-LARGEP X BETA) (ORD-LEQ ALPHA BETA) (LEQ (NORM ALPHA) (PLUS (NORM BETA) (MAGIC (CAR X))))) (O-LARGEP X ALPHA)) ((DO-NOT-INDUCT T) (USE (LARGE-SUPERSET-ORD (ALPHA ALPHA) (BETA BETA) (X X) (Y X))))) WARNING: Note that LARGE-WITH-SMALLER-ORD contains the free variable BETA which will be chosen by instantiating the hypothesis (ORDINALP BETA). This simplifies, rewriting with the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, SUBSETP-IS-IDEMPOTENT, LARGE-GOES-UP, and LARGE-SUPERSET-ORD, and opening up the functions ORDINALP, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LARGE-WITH-SMALLER-ORD (DEFN COVERS (A B X) (IF (NLISTP X) T (AND (COVERS A B (CDR X)) (OR (MEMBER (CAR X) A) (MEMBER (CAR X) B))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT X) decreases according to the well-founded relation LESSP in each recursive call. Hence, COVERS is accepted under the principle of definition. Note that: (OR (FALSEP (COVERS A B X)) (TRUEP (COVERS A B X))) is a theorem. [ 0.0 0.0 0.0 ] COVERS (PROVE-LEMMA COVERS-EMPTY (REWRITE) (IMPLIES (NLISTP X) (COVERS A B X))) This formula can be simplified, using the abbreviations NLISTP and IMPLIES, to: (IMPLIES (NOT (LISTP X)) (COVERS A B X)), which simplifies, opening up the definition of COVERS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] COVERS-EMPTY (PROVE-LEMMA COVERS-NEGATIVE (REWRITE) (IMPLIES (AND (LISTP X) (NOT (MEMBER (CAR X) A)) (NOT (MEMBER (CAR X) B))) (NOT (COVERS A B X)))) This formula simplifies, opening up the function COVERS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] COVERS-NEGATIVE (PROVE-LEMMA COVERS-POSITIVE-A (REWRITE) (IMPLIES (AND (LISTP X) (COVERS A B (CDR X)) (MEMBER (CAR X) A)) (COVERS A B X))) This simplifies, expanding COVERS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] COVERS-POSITIVE-A (PROVE-LEMMA COVERS-POSITIVE-B (REWRITE) (IMPLIES (AND (LISTP X) (COVERS A B (CDR X)) (MEMBER (CAR X) B)) (COVERS A B X))) This simplifies, expanding COVERS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] COVERS-POSITIVE-B (PROVE-LEMMA MEMBER-OF-COVERED-SET (REWRITE) (IMPLIES (AND (MEMBER U X) (COVERS A B X)) (OR (MEMBER U A) (MEMBER U B)))) WARNING: Note that the rewrite rule MEMBER-OF-COVERED-SET will be stored so as to apply only to terms with the nonrecursive function symbol OR. WARNING: Note that MEMBER-OF-COVERED-SET contains the free variable X which will be chosen by instantiating the hypothesis (MEMBER U X). Name the conjecture *1. We will try to prove it by induction. Four inductions are suggested by terms in the conjecture. They merge into three likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP X) (p U B A X)) (IMPLIES (AND (NOT (NLISTP X)) (EQUAL U (CAR X))) (p U B A X)) (IMPLIES (AND (NOT (NLISTP X)) (NOT (EQUAL U (CAR X))) (p U B A (CDR X))) (p U B A X))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates four new conjectures: Case 4. (IMPLIES (AND (NLISTP X) (MEMBER U X) (COVERS A B X) (NOT (MEMBER U A))) (MEMBER U B)), which simplifies, opening up NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP X)) (EQUAL U (CAR X)) (MEMBER U X) (COVERS A B X) (NOT (MEMBER U A))) (MEMBER U B)), which simplifies, rewriting with SUBSETP-IS-IDEMPOTENT, CAR-OF-SUBSET, and COVERS-NEGATIVE, and unfolding the definition of NLISTP, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP X)) (NOT (EQUAL U (CAR X))) (NOT (MEMBER U (CDR X))) (MEMBER U X) (COVERS A B X) (NOT (MEMBER U A))) (MEMBER U B)). This simplifies, expanding the definitions of NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP X)) (NOT (EQUAL U (CAR X))) (NOT (COVERS A B (CDR X))) (MEMBER U X) (COVERS A B X) (NOT (MEMBER U A))) (MEMBER U B)). This simplifies, unfolding NLISTP, MEMBER, and COVERS, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MEMBER-OF-COVERED-SET (DEFN UNCOVERED (A B X) (IF (NLISTP X) NIL (IF (COVERS A B (CDR X)) (CAR X) (UNCOVERED A B (CDR X))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT X) decreases according to the well-founded relation LESSP in each recursive call. Hence, UNCOVERED is accepted under the principle of definition. [ 0.0 0.0 0.0 ] UNCOVERED (PROVE-LEMMA UNCOVERED-ISNT-COVERED (REWRITE) (IMPLIES (NOT (COVERS A B X)) (AND (MEMBER (UNCOVERED A B X) X) (NOT (MEMBER (UNCOVERED A B X) A)) (NOT (MEMBER (UNCOVERED A B X) B))))) WARNING: Note that the proposed lemma UNCOVERED-ISNT-COVERED is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and three replacement rules. This simplifies, expanding NOT and AND, to three new formulas: Case 3. (IMPLIES (NOT (COVERS A B X)) (MEMBER (UNCOVERED A B X) X)), which we will name *1. Case 2. (IMPLIES (NOT (COVERS A B X)) (NOT (MEMBER (UNCOVERED A B X) A))), which we would usually push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us consider: (AND (IMPLIES (NOT (COVERS A B X)) (MEMBER (UNCOVERED A B X) X)) (IMPLIES (NOT (COVERS A B X)) (NOT (MEMBER (UNCOVERED A B X) A))) (IMPLIES (NOT (COVERS A B X)) (NOT (MEMBER (UNCOVERED A B X) B)))). We gave this the name *1 above. Perhaps we can prove it by induction. There are nine plausible inductions. They merge into three likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP X) (p A B X)) (IMPLIES (AND (NOT (NLISTP X)) (COVERS A B (CDR X))) (p A B X)) (IMPLIES (AND (NOT (NLISTP X)) (NOT (COVERS A B (CDR X))) (p A B (CDR X))) (p A B X))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to prove that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to nine new conjectures: Case 9. (IMPLIES (AND (NLISTP X) (NOT (COVERS A B X))) (MEMBER (UNCOVERED A B X) X)), which simplifies, rewriting with the lemma COVERS-EMPTY, and expanding the definition of NLISTP, to: T. Case 8. (IMPLIES (AND (NOT (NLISTP X)) (COVERS A B (CDR X)) (NOT (COVERS A B X))) (MEMBER (UNCOVERED A B X) X)), which simplifies, applying SUBSETP-IS-IDEMPOTENT and CAR-OF-SUBSET, and expanding the definitions of NLISTP, COVERS, and UNCOVERED, to: T. Case 7. (IMPLIES (AND (NOT (NLISTP X)) (NOT (COVERS A B (CDR X))) (MEMBER (UNCOVERED A B (CDR X)) (CDR X)) (NOT (MEMBER (UNCOVERED A B (CDR X)) A)) (NOT (MEMBER (UNCOVERED A B (CDR X)) B)) (NOT (COVERS A B X))) (MEMBER (UNCOVERED A B X) X)). This simplifies, opening up the functions NLISTP, COVERS, UNCOVERED, and MEMBER, to: T. Case 6. (IMPLIES (AND (NLISTP X) (NOT (COVERS A B X))) (NOT (MEMBER (UNCOVERED A B X) A))). This simplifies, applying the lemma COVERS-EMPTY, and unfolding the definition of NLISTP, to: T. Case 5. (IMPLIES (AND (NOT (NLISTP X)) (COVERS A B (CDR X)) (NOT (COVERS A B X))) (NOT (MEMBER (UNCOVERED A B X) A))). This simplifies, opening up NLISTP, COVERS, and UNCOVERED, to: T. Case 4. (IMPLIES (AND (NOT (NLISTP X)) (NOT (COVERS A B (CDR X))) (MEMBER (UNCOVERED A B (CDR X)) (CDR X)) (NOT (MEMBER (UNCOVERED A B (CDR X)) A)) (NOT (MEMBER (UNCOVERED A B (CDR X)) B)) (NOT (COVERS A B X))) (NOT (MEMBER (UNCOVERED A B X) A))). This simplifies, opening up the definitions of NLISTP, COVERS, and UNCOVERED, to: T. Case 3. (IMPLIES (AND (NLISTP X) (NOT (COVERS A B X))) (NOT (MEMBER (UNCOVERED A B X) B))). This simplifies, applying the lemma COVERS-EMPTY, and unfolding the function NLISTP, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP X)) (COVERS A B (CDR X)) (NOT (COVERS A B X))) (NOT (MEMBER (UNCOVERED A B X) B))). This simplifies, unfolding the functions NLISTP, COVERS, and UNCOVERED, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP X)) (NOT (COVERS A B (CDR X))) (MEMBER (UNCOVERED A B (CDR X)) (CDR X)) (NOT (MEMBER (UNCOVERED A B (CDR X)) A)) (NOT (MEMBER (UNCOVERED A B (CDR X)) B)) (NOT (COVERS A B X))) (NOT (MEMBER (UNCOVERED A B X) B))). This simplifies, expanding the definitions of NLISTP, COVERS, and UNCOVERED, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] UNCOVERED-ISNT-COVERED (PROVE-LEMMA CDR-IS-COVERED (REWRITE) (IMPLIES (COVERS A B X) (COVERS A B (CDR X)))) This conjecture simplifies, applying CDR-NLISTP and COVERS-EMPTY, and unfolding the function COVERS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDR-IS-COVERED (DISABLE COVERS) [ 0.0 0.0 0.0 ] COVERS-OFF (PROVE-LEMMA COVERS-IS-SYMMETRIC NIL (IMPLIES (COVERS A B X) (COVERS B A X)) ((DO-NOT-INDUCT T) (USE (MEMBER-OF-COVERED-SET (A A) (B B) (X X) (U (UNCOVERED B A X))) (UNCOVERED-ISNT-COVERED (A B) (B A) (X X))) (DISABLE UNCOVERED-ISNT-COVERED MEMBER-OF-COVERED-SET))) This conjecture simplifies, opening up the functions AND, OR, IMPLIES, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] COVERS-IS-SYMMETRIC (PROVE-LEMMA DISCARD-THE-CAR-A (REWRITE) (IMPLIES (AND (COVERS A B X) (LISTP A) (NOT (MEMBER (CAR A) X))) (COVERS (CDR A) B X)) ((DO-NOT-INDUCT T) (USE (MEMBER-OF-COVERED-SET (A A) (B B) (X X) (U (UNCOVERED (CDR A) B X))) (UNCOVERED-ISNT-COVERED (A (CDR A)) (B B) (X X))) (DISABLE UNCOVERED-ISNT-COVERED MEMBER-OF-COVERED-SET))) This simplifies, opening up AND, MEMBER, OR, IMPLIES, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DISCARD-THE-CAR-A (PROVE-LEMMA DISCARD-THE-CAR-B (REWRITE) (IMPLIES (AND (COVERS A B X) (LISTP B) (NOT (MEMBER (CAR B) X))) (COVERS A (CDR B) X)) ((DO-NOT-INDUCT T) (USE (MEMBER-OF-COVERED-SET (A A) (B B) (X X) (U (UNCOVERED A (CDR B) X))) (UNCOVERED-ISNT-COVERED (A A) (B (CDR B)) (X X))) (DISABLE UNCOVERED-ISNT-COVERED MEMBER-OF-COVERED-SET))) This simplifies, opening up AND, MEMBER, OR, IMPLIES, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DISCARD-THE-CAR-B (PROVE-LEMMA DISCARD-THE-CAR-SET-A (REWRITE) (IMPLIES (AND (SETP A) (LISTP A) (SETP X) (COVERS A B X) (LESSP (CAR A) (CAR X))) (COVERS (CDR A) B X))) This conjecture simplifies, appealing to the lemmas MIN-IS-FIRST and DISCARD-THE-CAR-A, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DISCARD-THE-CAR-SET-A (PROVE-LEMMA DISCARD-THE-CAR-SET-B (REWRITE) (IMPLIES (AND (SETP B) (LISTP B) (SETP X) (COVERS A B X) (LESSP (CAR B) (CAR X))) (COVERS A (CDR B) X))) This conjecture simplifies, appealing to the lemmas MIN-IS-FIRST and DISCARD-THE-CAR-B, to: T. Q.E.D. [ 0.0 0.0 0.0 ] DISCARD-THE-CAR-SET-B (PROVE-LEMMA SMALLER-CAR-WHEN-COVERED (REWRITE) (IMPLIES (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X)) (OR (AND (LISTP A) (LEQ (CAR A) (CAR X))) (AND (LISTP B) (LEQ (CAR B) (CAR X)))))) WARNING: Note that the rewrite rule SMALLER-CAR-WHEN-COVERED will be stored so as to apply only to terms with the nonrecursive function symbol OR. This formula simplifies, opening up AND, to four new goals: Case 4. (IMPLIES (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X) (NOT (LISTP A))) (LISTP B)), which again simplifies, rewriting with the lemma COVERS-NEGATIVE, and opening up MEMBER, to: T. Case 3. (IMPLIES (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X) (NOT (LISTP A))) (NOT (LESSP (CAR X) (CAR B)))), which again simplifies, rewriting with MIN-IS-FIRST and COVERS-NEGATIVE, and expanding the function MEMBER, to: T. Case 2. (IMPLIES (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X) (LESSP (CAR X) (CAR A))) (LISTP B)). However this again simplifies, rewriting with MIN-IS-FIRST and COVERS-NEGATIVE, and expanding MEMBER, to: T. Case 1. (IMPLIES (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X) (LESSP (CAR X) (CAR A))) (NOT (LESSP (CAR X) (CAR B)))). However this again simplifies, applying MIN-IS-FIRST and COVERS-NEGATIVE, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SMALLER-CAR-WHEN-COVERED (PROVE-LEMMA CDR-IS-COVERED-SET-A-AUX1 (REWRITE) (IMPLIES (AND (LISTP (CDR X)) (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X) (LISTP A) (LEQ (CAR A) (CAR X))) (LESSP (CAR A) (CADR X)))) WARNING: When the linear lemma CDR-IS-COVERED-SET-A-AUX1 is stored under (CADR X) it contains the free variables B and A which will be chosen by instantiating the hypotheses (SETP A) and (SETP B). WARNING: When the linear lemma CDR-IS-COVERED-SET-A-AUX1 is stored under (CAR A) it contains the free variables B and X which will be chosen by instantiating the hypotheses (LISTP (CDR X)) and (SETP B). WARNING: Note that the proposed lemma CDR-IS-COVERED-SET-A-AUX1 is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and zero replacement rules. This conjecture simplifies, using linear arithmetic and rewriting with CAR-BEFORE-CADR, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDR-IS-COVERED-SET-A-AUX1 (PROVE-LEMMA CDR-IS-COVERED-SET-A-AUX2 (REWRITE) (IMPLIES (AND (LISTP (CDR X)) (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X) (LISTP A) (LEQ (CAR A) (CAR X))) (COVERS (CDR A) B (CDR X))) ((USE (TAIL-OF-A-SET (S X)) (CDR-IS-COVERED-SET-A-AUX1 (A A) (B B) (X X)) (DISCARD-THE-CAR-SET-A (A A) (B B) (X (CDR X)))) (DISABLE DISCARD-THE-CAR-SET-A TAIL-OF-A-SET))) This conjecture simplifies, rewriting with CDR-IS-COVERED, MIN-IS-FIRST, and DISCARD-THE-CAR-A, and expanding the definitions of AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.1 0.0 ] CDR-IS-COVERED-SET-A-AUX2 (PROVE-LEMMA CDR-IS-COVERED-SET-A (REWRITE) (IMPLIES (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X) (LISTP A) (LEQ (CAR A) (CAR X))) (COVERS (CDR A) B (CDR X))) ((DO-NOT-INDUCT T) (USE (CDR-IS-COVERED-SET-A-AUX2 (A A) (B B) (X X))) (DISABLE CDR-IS-COVERED-SET-A-AUX2))) WARNING: the newly proposed lemma, CDR-IS-COVERED-SET-A, could be applied whenever the previously added lemma CDR-IS-COVERED-SET-A-AUX2 could. This simplifies, applying CDR-IS-COVERED and DISCARD-THE-CAR-A, and expanding AND, IMPLIES, and MEMBER, to: T. Q.E.D. [ 0.0 0.1 0.0 ] CDR-IS-COVERED-SET-A (DISABLE CDR-IS-COVERED-SET-A-AUX1) [ 0.0 0.0 0.0 ] CDR-IS-COVERED-SET-A-AUX1-OFF (DISABLE CDR-IS-COVERED-SET-A-AUX2) [ 0.0 0.0 0.0 ] CDR-IS-COVERED-SET-A-AUX2-OFF (PROVE-LEMMA CDR-IS-COVERED-SET-B (REWRITE) (IMPLIES (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X) (LISTP B) (LEQ (CAR B) (CAR X))) (COVERS A (CDR B) (CDR X))) ((DO-NOT-INDUCT T) (USE (CDR-IS-COVERED-SET-A (A B) (B A) (X X)) (COVERS-IS-SYMMETRIC (A A) (B B) (X X)) (COVERS-IS-SYMMETRIC (A (CDR B)) (B A) (X (CDR X)))) (DISABLE COVERS-NEGATIVE MIN-IS-FIRST CARS-ARE-ORDINALS CAR-OF-A-SET CDR-IS-COVERED-SET-A COVERS-IS-SYMMETRIC CDR-IS-COVERED))) This conjecture simplifies, unfolding the functions AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] CDR-IS-COVERED-SET-B (ENABLE O-LARGEP) [ 0.0 0.0 0.0 ] O-LARGEP-ON (PROVE-LEMMA SHARP-AND-CDR-AUX1 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (LISTP X) (O-LARGEP X (SHARP ALPHA BETA))) (O-LARGEP (CDR X) (PRED (SHARP ALPHA BETA) (CAR X))))) This formula simplifies, appealing to the lemmas PRED-OF-0 and NUMBER-LARGE, and expanding the definitions of O-LARGEP, EQUAL, and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX1 (PROVE-LEMMA SHARP-AND-CDR-AUX2 (REWRITE) (IMPLIES (AND (NLISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (LISTP X) (O-LARGEP X (SHARP ALPHA BETA))) (EQUAL (PRED (SHARP ALPHA BETA) (CAR X)) 0))) This conjecture can be simplified, using the abbreviations NLISTP, AND, and IMPLIES, to the goal: (IMPLIES (AND (NOT (LISTP (CDR X))) (ORDINALP ALPHA) (ORDINALP BETA) (LISTP X) (O-LARGEP X (SHARP ALPHA BETA))) (EQUAL (PRED (SHARP ALPHA BETA) (CAR X)) 0)). This simplifies, rewriting with EMPTY-NOT-LARGE and PRED-OF-0, and unfolding the functions O-LARGEP and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX2 (DISABLE O-LARGEP) [ 0.0 0.0 0.0 ] O-LARGEP-OFF1 (PROVE-LEMMA SHARP-AND-CDR-AUX3 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (NUMBERP M) (NUMBERP N) (LEQ M N)) (ORD-LEQ (SHARP ALPHA (PRED BETA M)) (PRED (SHARP ALPHA BETA) N))) ((DO-NOT-INDUCT T) (USE (ORD-LEQ-IS-TRANSITIVE (ALPHA (SHARP ALPHA (PRED BETA M))) (BETA (PRED (SHARP ALPHA BETA) M)) (GAMMA (PRED (SHARP ALPHA BETA) N))) (PRED-SHARP (ALPHA ALPHA) (BETA BETA) (N M)) (MONOT-OF-PRED (M M) (N N) (ALPHA (SHARP ALPHA BETA)))) (DISABLE ORDINALP PRED-SHARP MONOT-OF-PRED ORD-LEQ-IS-TRANSITIVE))) This simplifies, applying PRED-IS-AN-ORDINAL and SHARP-IS-AN-ORDINAL, and opening up the definitions of AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.1 0.0 ] SHARP-AND-CDR-AUX3 (PROVE-LEMMA SHARP-AND-CDR-AUX4 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (NUMBERP M) (LEQ M (CAR X))) (ORD-LEQ (SHARP ALPHA (PRED BETA M)) (PRED (SHARP ALPHA BETA) (CAR X)))) ((DO-NOT-INDUCT T) (USE (SHARP-AND-CDR-AUX3 (ALPHA ALPHA) (BETA BETA) (M M) (N (CAR X)))) (DISABLE CARS-ARE-ORDINALS CDRS-ARE-ORDINALS ORDINALP SHARP-AND-CDR-AUX3))) This conjecture simplifies, expanding AND, IMPLIES, and LESSP, to: (IMPLIES (AND (NOT (NUMBERP (CAR X))) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (NUMBERP M) (EQUAL M 0)) (ORD-LEQ (SHARP ALPHA (PRED BETA 0)) (PRED (SHARP ALPHA BETA) (CAR X)))). This again simplifies, expanding NUMBERP, to: (IMPLIES (AND (NOT (NUMBERP (CAR X))) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X)) (ORD-LEQ (SHARP ALPHA (PRED BETA 0)) (PRED (SHARP ALPHA BETA) (CAR X)))). Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to eliminate (CAR X) and (CDR X). This generates two new conjectures: Case 2. (IMPLIES (AND (NOT (LISTP X)) (NOT (NUMBERP (CAR X))) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X)) (ORD-LEQ (SHARP ALPHA (PRED BETA 0)) (PRED (SHARP ALPHA BETA) (CAR X)))), which further simplifies, applying CAR-NLISTP, and expanding the function NUMBERP, to: T. Case 1. (IMPLIES (AND (NOT (NUMBERP Z)) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP (CONS Z V))) (ORD-LEQ (SHARP ALPHA (PRED BETA 0)) (PRED (SHARP ALPHA BETA) Z))). However this further simplifies, appealing to the lemma CAR-OF-A-SET, to: T. Q.E.D. [ 0.0 0.1 0.0 ] SHARP-AND-CDR-AUX4 (PROVE-LEMMA SHARP-AND-CDR-AUX5 (REWRITE) (IMPLIES (AND (LISTP X) (NOT (LISTP (CDR X))) (O-LARGEP X (SHARP ALPHA BETA)) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (NUMBERP M) (LEQ M (CAR X))) (EQUAL (SHARP ALPHA (PRED BETA M)) 0)) ((DO-NOT-INDUCT T) (USE (SHARP-AND-CDR-AUX2 (X X) (ALPHA ALPHA) (BETA BETA)) (SHARP-AND-CDR-AUX4 (X X) (M M) (ALPHA ALPHA) (BETA BETA))) (DISABLE SUBSETP-IS-IDEMPOTENT LARGE-GOES-UP ORD-LEQ PRED-IS-LARGEST ORDINALP SHARP-AND-CDR-AUX2 SHARP-AND-CDR-AUX3 SHARP-AND-CDR-AUX4))) WARNING: Note that SHARP-AND-CDR-AUX5 contains the free variable X which will be chosen by instantiating the hypothesis (LISTP X). This conjecture simplifies, applying the lemmas SHARP-IS-AN-ORDINAL, PRED-IS-AN-ORDINAL, and ORD-LEQ-ZERO, and expanding NLISTP, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX5 (PROVE-LEMMA SHARP-AND-CDR-AUX6 (REWRITE) (IMPLIES (AND (NOT (LISTP (CDR X))) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (LISTP X) (NUMBERP M) (LEQ M (CAR X)) (O-LARGEP X (SHARP ALPHA BETA))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA M))))) This formula simplifies, applying SHARP-AND-CDR-AUX5 and NUMBER-LARGE, and opening up the definitions of LENGTH and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX6 (PROVE-LEMMA SHARP-AND-CDR-AUX7 (REWRITE) (IMPLIES (AND (SETP X) (LISTP (CDR X)) (NUMBERP M) (LEQ M (CAR X))) (LESSP M (CADR X)))) WARNING: When the linear lemma SHARP-AND-CDR-AUX7 is stored under (CADR X) it contains the free variable M which will be chosen by instantiating the hypothesis (NUMBERP M). WARNING: Note that the proposed lemma SHARP-AND-CDR-AUX7 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. This simplifies, using linear arithmetic and applying CAR-BEFORE-CADR, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX7 (PROVE-LEMMA SHARP-AND-CDR-AUX8 NIL (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (NUMBERP M) (NUMBERP X0) (LESSP M X1)) (LEQ (NORM (SHARP ALPHA (PRED BETA M))) (PLUS (NORM (PRED (SHARP ALPHA BETA) X0)) (MAGIC X1)))) ((DO-NOT-INDUCT T) (USE (UPPER-BOUND-ON-NORM-OF-PRED (ALPHA BETA) (N M)) (MAGIC-IS-MONOTONIC (M M) (N X1)) (LOWER-BOUND-ON-NORM-OF-PRED (ALPHA (SHARP ALPHA BETA)) (N X0))))) This formula simplifies, applying SHARP-IS-AN-ORDINAL, NORM-OF-SHARP, and PRED-IS-AN-ORDINAL, and expanding the functions IMPLIES and NOT, to the new formula: (IMPLIES (AND (NOT (LESSP (PLUS (NORM BETA) (MAGIC M)) (NORM (PRED BETA M)))) (LESSP (MAGIC M) (MAGIC X1)) (NOT (LESSP (NORM (PRED (SHARP ALPHA BETA) X0)) (SUB1 (PLUS (NORM ALPHA) (NORM BETA))))) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (NUMBERP M) (NUMBERP X0) (LESSP M X1)) (NOT (LESSP (PLUS (NORM (PRED (SHARP ALPHA BETA) X0)) (MAGIC X1)) (PLUS (NORM ALPHA) (NORM (PRED BETA M)))))), which again simplifies, using linear arithmetic, to: T. Q.E.D. [ 0.0 0.1 0.0 ] SHARP-AND-CDR-AUX8 (PROVE-LEMMA SHARP-AND-CDR-AUX9 NIL (IMPLIES (AND (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (LISTP X) (NUMBERP M) (LEQ M (CAR X))) (LEQ (NORM (SHARP ALPHA (PRED BETA M))) (PLUS (NORM (PRED (SHARP ALPHA BETA) (CAR X))) (MAGIC (CADR X))))) ((USE (SHARP-AND-CDR-AUX8 (ALPHA ALPHA) (BETA BETA) (X0 (CAR X)) (X1 (CADR X)))) (DISABLE NORM LOWER-BOUND-ON-NORM-OF-PRED PRED SHARP ORD-LEQ-ZERO NUMBERS-BELOW-OMEGA ORD-LEQ))) This conjecture simplifies, appealing to the lemmas CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, PRED-IS-AN-ORDINAL, and NORM-OF-SHARP, and opening up the functions ORDINALP, AND, IMPLIES, EQUAL, and LESSP, to two new goals: Case 2. (IMPLIES (AND (NOT (NUMBERP (CAR X))) (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (LISTP X) (NUMBERP M) (EQUAL M 0)) (NOT (LESSP (PLUS (NORM (PRED (SHARP ALPHA BETA) (CAR X))) (MAGIC (CADR X))) (PLUS (NORM ALPHA) (NORM (PRED BETA 0)))))), which again simplifies, expanding the definition of NUMBERP, to the goal: (IMPLIES (AND (NOT (NUMBERP (CAR X))) (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (LISTP X)) (NOT (LESSP (PLUS (NORM (PRED (SHARP ALPHA BETA) (CAR X))) (MAGIC (CADR X))) (PLUS (NORM ALPHA) (NORM (PRED BETA 0)))))). Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS Z V) to eliminate (CAR X) and (CDR X) and V by (CONS W D) to eliminate (CAR V) and (CDR V). We must thus prove: (IMPLIES (AND (NOT (NUMBERP Z)) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP (CONS Z (CONS W D)))) (NOT (LESSP (PLUS (NORM (PRED (SHARP ALPHA BETA) Z)) (MAGIC W)) (PLUS (NORM ALPHA) (NORM (PRED BETA 0)))))). This further simplifies, rewriting with the lemma CAR-OF-A-SET, to: T. Case 1. (IMPLIES (AND (NOT (LESSP M (CADR X))) (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (LISTP X) (NUMBERP M) (NOT (LESSP (CAR X) M))) (NOT (LESSP (PLUS (NORM (PRED (SHARP ALPHA BETA) (CAR X))) (MAGIC (CADR X))) (PLUS (NORM ALPHA) (NORM (PRED BETA M)))))), which again simplifies, using linear arithmetic and applying the lemma SHARP-AND-CDR-AUX7, to: T. Q.E.D. [ 0.0 0.3 0.0 ] SHARP-AND-CDR-AUX9 (PROVE-LEMMA SHARP-AND-CDR-AUX10 (REWRITE) (IMPLIES (AND (LISTP (CDR X)) (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (LISTP X) (NUMBERP M) (LEQ M (CAR X)) (O-LARGEP X (SHARP ALPHA BETA))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA M)))) ((DO-NOT-INDUCT T) (USE (LARGE-WITH-SMALLER-ORD (ALPHA (SHARP ALPHA (PRED BETA M))) (BETA (PRED (SHARP ALPHA BETA) (CAR X))) (X (CDR X))) (TAIL-OF-A-SET (S X)) (SHARP-AND-CDR-AUX1 (ALPHA ALPHA) (BETA BETA) (X X)) (SHARP-AND-CDR-AUX4 (ALPHA ALPHA) (BETA BETA) (M M) (X X)) (SHARP-AND-CDR-AUX9 (ALPHA ALPHA) (BETA BETA) (M M) (X X))) (DISABLE LARGE-WITH-SMALLER-ORD TAIL-OF-A-SET FIRST-BEFORE-LAST LARGE-SUPERSET-ORD NORM-OF-PRED-OF-SUCC SUBSETP SUBSETP-IS-IDEMPOTENT LARGE-GOES-UP NORM-OF-A-NUMBER SHARP-AND-CDR-AUX3 SINGLETONS-NOT-LARGE NORM-OF-PRED-OF-LIMIT PRED-OF-SUCC SUCCESSORP TRANSITIVITY SHARP NORM PRED-IS-LARGEST INSERT-IS-CONS NORM-OF-SHARP SHARP-AND-CDR-AUX9 SHARP-AND-CDR-AUX1 SHARP-AND-CDR-AUX4 ORD-LEQ INSERT ORD-LEQ-ZERO NUMBERS-BELOW-OMEGA))) This simplifies, applying PRED-IS-AN-ORDINAL, SHARP-IS-AN-ORDINAL, CDRS-ARE-ORDINALS, and CARS-ARE-ORDINALS, and opening up the definitions of AND, IMPLIES, ORDINALP, and EQUAL, to: T. Q.E.D. [ 0.0 0.2 0.0 ] SHARP-AND-CDR-AUX10 (PROVE-LEMMA SHARP-AND-CDR-B (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (LISTP X) (NUMBERP M) (LEQ M (CAR X)) (O-LARGEP X (SHARP ALPHA BETA))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA M)))) ((DO-NOT-INDUCT T) (USE (SHARP-AND-CDR-AUX10 (ALPHA ALPHA) (BETA BETA) (M M) (X X))) (DISABLE SHARP-AND-CDR-AUX10))) WARNING: the newly proposed lemma, SHARP-AND-CDR-B, could be applied whenever the previously added lemma SHARP-AND-CDR-AUX10 could. WARNING: the newly proposed lemma, SHARP-AND-CDR-B, could be applied whenever the previously added lemma SHARP-AND-CDR-AUX6 could. This formula simplifies, rewriting with CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, SUBSETP-IS-IDEMPOTENT, SHARP-IS-AN-ORDINAL, LARGE-GOES-UP, SHARP-AND-CDR-AUX5, and NUMBER-LARGE, and opening up the definitions of ORDINALP, AND, IMPLIES, LENGTH, LESSP, and EQUAL, to: T. Q.E.D. [ 0.0 0.1 0.0 ] SHARP-AND-CDR-B (DISABLE SHARP-AND-CDR-AUX1) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX1-OFF (DISABLE SHARP-AND-CDR-AUX2) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX2-OFF (DISABLE SHARP-AND-CDR-AUX3) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX3-OFF (DISABLE SHARP-AND-CDR-AUX4) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX4-OFF (DISABLE SHARP-AND-CDR-AUX5) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX5-OFF (DISABLE SHARP-AND-CDR-AUX6) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX6-OFF (DISABLE SHARP-AND-CDR-AUX7) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX7-OFF (DISABLE SHARP-AND-CDR-AUX8) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX8-OFF (DISABLE SHARP-AND-CDR-AUX9) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX9-OFF (DISABLE SHARP-AND-CDR-AUX10) [ 0.0 0.0 0.0 ] SHARP-AND-CDR-AUX10-OFF (PROVE-LEMMA SHARP-AND-CDR-A (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 ALPHA) (SETP X) (LISTP X) (NUMBERP M) (LEQ M (CAR X)) (O-LARGEP X (SHARP ALPHA BETA))) (O-LARGEP (CDR X) (SHARP (PRED ALPHA M) BETA)))) This conjecture simplifies, applying the lemmas PRED-IS-AN-ORDINAL, COMMUT-OF-SHARP, LARGE-GOES-UP, SHARP-IS-AN-ORDINAL, SUBSETP-IS-IDEMPOTENT, and SHARP-AND-CDR-B, to: T. Q.E.D. [ 0.0 0.0 0.0 ] SHARP-AND-CDR-A (DEFN BAD-FOR-PIGEON-2 (A B X ALPHA BETA) (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)))) Note that: (OR (FALSEP (BAD-FOR-PIGEON-2 A B X ALPHA BETA)) (TRUEP (BAD-FOR-PIGEON-2 A B X ALPHA BETA))) is a theorem. [ 0.0 0.0 0.0 ] BAD-FOR-PIGEON-2 (PROVE-LEMMA PIGEON-2-AUX1 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (ORD-LESSP 0 ALPHA))) WARNING: Note that PIGEON-2-AUX1 contains the free variables BETA, X, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This conjecture can be simplified, using the abbreviations BAD-FOR-PIGEON-2 and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (ORD-LESSP 0 ALPHA)). This simplifies, applying POSITIVE-LARGE, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX1 (PROVE-LEMMA PIGEON-2-AUX2 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (ORD-LESSP 0 BETA))) WARNING: Note that PIGEON-2-AUX2 contains the free variables ALPHA, X, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This conjecture can be simplified, using the abbreviations BAD-FOR-PIGEON-2 and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (ORD-LESSP 0 BETA)). This simplifies, applying POSITIVE-LARGE, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX2 (PROVE-LEMMA PIGEON-2-AUX3 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (AND (ORDINALP ALPHA) (ORDINALP BETA)))) WARNING: Note that PIGEON-2-AUX3 contains the free variables BETA, X, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that PIGEON-2-AUX3 contains the free variables ALPHA, X, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that the proposed lemma PIGEON-2-AUX3 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This conjecture can be simplified, using the abbreviations BAD-FOR-PIGEON-2 and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (AND (ORDINALP ALPHA) (ORDINALP BETA))). This simplifies, applying CDRS-ARE-ORDINALS and CARS-ARE-ORDINALS, and unfolding the definitions of ORDINALP and AND, to six new formulas: Case 6. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)), which again simplifies, expanding the function ORDINALP, to: T. Case 5. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP ALPHA) (LISTP (CDR ALPHA))) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA)))), which again simplifies, unfolding the function ORDINALP, to: T. Case 4. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP ALPHA)) (NOT (EQUAL (CAR ALPHA) 0))), which again simplifies, expanding the definitions of EQUAL and ORDINALP, to: T. Case 3. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (NOT (LISTP BETA))) (NUMBERP BETA)), which again simplifies, expanding the function ORDINALP, to: T. Case 2. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP BETA) (LISTP (CDR BETA))) (NOT (ORD-LESSP (CAR BETA) (CADR BETA)))), which again simplifies, expanding ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP BETA)) (NOT (EQUAL (CAR BETA) 0))), which again simplifies, opening up the functions EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX3 (PROVE-LEMMA PIGEON-2-AUX4 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (ORD-LESSP 0 (SHARP ALPHA BETA))) ((DO-NOT-INDUCT T) (USE (POSTIVE-ORD-LESSP (GAMMA ALPHA) (DELTA (SHARP ALPHA BETA))) (SHARP-GETS-BIGGER (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX2 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))) (DISABLE ORDINALP POSTIVE-ORD-LESSP BAD-FOR-PIGEON-2 PIGEON-2-AUX2))) WARNING: Note that PIGEON-2-AUX4 contains the free variables X, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This simplifies, rewriting with PIGEON-2-AUX3 and SHARP-IS-AN-ORDINAL, and expanding the definitions of AND, IMPLIES, NOT, and ORD-LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX4 (PROVE-LEMMA PIGEON-2-AUX5 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP X)) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX4 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (EMPTY-NOT-LARGE (SET X) (ALPHA (SHARP ALPHA BETA)))) (DISABLE PIGEON-2-AUX4 INSERT SHARP O-LARGEP NUMBERS-BELOW-OMEGA ORD-LEQ ORD-LEQ-IS-TRANSITIVE EMPTY-NOT-LARGE SUBSETP-IS-IDEMPOTENT))) WARNING: Note that PIGEON-2-AUX5 contains the free variables BETA, ALPHA, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This formula can be simplified, using the abbreviations BAD-FOR-PIGEON-2, IMPLIES, and AND, to the new conjecture: (IMPLIES (AND (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (ORD-LESSP 0 (SHARP ALPHA BETA))) (IMPLIES (AND (NOT (EQUAL (SHARP ALPHA BETA) 0)) (NLISTP X)) (NOT (O-LARGEP X (SHARP ALPHA BETA)))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (LISTP X)), which simplifies, applying the lemmas LARGE-GOES-UP, SHARP-IS-AN-ORDINAL, EMPTY-SUBSET, COVERS-EMPTY, CARS-ARE-ORDINALS, CDRS-ARE-ORDINALS, and NUMBER-LARGE, and unfolding the functions ORDINALP, BAD-FOR-PIGEON-2, IMPLIES, NOT, NLISTP, AND, EQUAL, LESSP, and LENGTH, to: (IMPLIES (AND (ORD-LESSP 0 (SHARP ALPHA BETA)) (EQUAL (SHARP ALPHA BETA) 0) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (LISTP X)). However this again simplifies, opening up the definition of ORD-LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX5 (PROVE-LEMMA PIGEON-2-AUX6 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X))) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX5 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))) (HANDS-OFF ORDINALP SETP O-LARGEP) (DISABLE PIGEON-2-AUX5 LARGE-GOES-UP SHARP-IS-AN-ORDINAL))) WARNING: Note that PIGEON-2-AUX6 contains the free variables BETA, ALPHA, X, and B which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that PIGEON-2-AUX6 contains the free variables BETA, ALPHA, X, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that PIGEON-2-AUX6 contains the free variables BETA, ALPHA, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that PIGEON-2-AUX6 contains the free variables BETA, ALPHA, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: the previously added lemma, PIGEON-2-AUX5, could be applied whenever the newly proposed PIGEON-2-AUX6 could! WARNING: Note that PIGEON-2-AUX6 contains the free variables BETA and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that the proposed lemma PIGEON-2-AUX6 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and five replacement rules. This conjecture can be simplified, using the abbreviations BAD-FOR-PIGEON-2 and IMPLIES, to the goal: (IMPLIES (AND (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP X)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (AND (SETP A) (SETP B) (SETP X) (LISTP X) (COVERS A B X))). This simplifies, expanding the definitions of BAD-FOR-PIGEON-2, IMPLIES, and AND, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX6 (PROVE-LEMMA PIGEON-2-AUX7 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (OR (AND (LISTP A) (LEQ (CAR A) (CAR X))) (AND (LISTP B) (LEQ (CAR B) (CAR X))))) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX6 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (SMALLER-CAR-WHEN-COVERED (A A) (B B) (X X))) (DISABLE SMALLER-CAR-WHEN-COVERED COVERS-EMPTY PIGEON-2-AUX6 O-LARGEP BAD-FOR-PIGEON-2 CARS-ARE-ORDINALS) (HANDS-OFF ORDINALP))) WARNING: Note that the rewrite rule PIGEON-2-AUX7 will be stored so as to apply only to terms with the nonrecursive function symbol OR. WARNING: Note that PIGEON-2-AUX7 contains the free variables BETA and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This conjecture simplifies, rewriting with PIGEON-2-AUX5, and unfolding AND, IMPLIES, and OR, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX7 (PROVE-LEMMA PIGEON-2-AUX8 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (AND (ORDINALP (PRED ALPHA (CAR A))) (ORDINALP BETA)))) WARNING: Note that PIGEON-2-AUX8 contains the free variables BETA, X, and B which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: the previously added lemma, PRED-IS-AN-ORDINAL, could be applied whenever the newly proposed PIGEON-2-AUX8 could! WARNING: Note that PIGEON-2-AUX8 contains the free variables ALPHA, X, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: the previously added lemma, PIGEON-2-AUX3, could be applied whenever the newly proposed PIGEON-2-AUX8 could! WARNING: Note that the proposed lemma PIGEON-2-AUX8 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This formula can be simplified, using the abbreviations BAD-FOR-PIGEON-2 and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (AND (ORDINALP (PRED ALPHA (CAR A))) (ORDINALP BETA))), which simplifies, rewriting with PRED-IS-AN-ORDINAL, CDRS-ARE-ORDINALS, and CARS-ARE-ORDINALS, and expanding the functions ORDINALP and AND, to the following three new goals: Case 3. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (NOT (LISTP BETA))) (NUMBERP BETA)). This again simplifies, opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP BETA) (LISTP (CDR BETA))) (NOT (ORD-LESSP (CAR BETA) (CADR BETA)))), which again simplifies, unfolding the definition of ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP BETA)) (NOT (EQUAL (CAR BETA) 0))), which again simplifies, expanding the definitions of EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX8 (PROVE-LEMMA PIGEON-2-AUX9 (REWRITE) (IMPLIES (AND (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP A) (LEQ (CAR A) (CAR X))) (AND (SETP (CDR A)) (SETP B) (SETP (CDR X)) (COVERS (CDR A) B (CDR X)))) ((DO-NOT-INDUCT T) (USE (TAIL-OF-A-SET (S A)) (TAIL-OF-A-SET (S X)) (CDR-IS-COVERED-SET-A (A A) (B B) (X X)) (PIGEON-2-AUX6 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))) (DISABLE CARS-ARE-ORDINALS IRREFLEX-OF-ORD-LEQ ORD-LEQ-ZERO NUMBERS-BELOW-OMEGA BAD-FOR-PIGEON-2 PIGEON-2-AUX6 CDR-IS-COVERED-SET-A) (HANDS-OFF COVERS ORD-LEQ))) WARNING: Note that PIGEON-2-AUX9 contains the free variables BETA, ALPHA, X, and B which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that PIGEON-2-AUX9 contains the free variables BETA, ALPHA, X, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: the previously added lemma, PIGEON-2-AUX6, could be applied whenever the newly proposed PIGEON-2-AUX9 could! WARNING: Note that PIGEON-2-AUX9 contains the free variables BETA, ALPHA, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that PIGEON-2-AUX9 contains the free variables BETA and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that the proposed lemma PIGEON-2-AUX9 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and four replacement rules. This simplifies, applying PIGEON-2-AUX5, and unfolding the definitions of AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX9 (PROVE-LEMMA PIGEON-2-AUX10 (REWRITE) (IMPLIES (AND (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LEQ (CAR A) (CAR X))) (O-LARGEP (CDR X) (SHARP (PRED ALPHA (CAR A)) BETA))) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX5 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (SHARP-AND-CDR-A (X X) (ALPHA ALPHA) (BETA BETA) (M (CAR A)))) (DISABLE CARS-ARE-ORDINALS O-LARGEP NUMBERS-BELOW-OMEGA IRREFLEX-OF-ORD-LEQ ORD-LEQ-ZERO PIGEON-2-AUX5 O-LARGEP SHARP SHARP-AND-CDR-A) (HANDS-OFF O-LARGEP))) WARNING: Note that PIGEON-2-AUX10 contains the free variable B which will be chosen by instantiating the hypothesis (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This formula can be simplified, using the abbreviations BAD-FOR-PIGEON-2, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP X)) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 ALPHA) (SETP X) (LISTP X) (NUMBERP (CAR A)) (IF (LESSP (CAR X) (CAR A)) F T) (O-LARGEP X (SHARP ALPHA BETA))) (O-LARGEP (CDR X) (SHARP (PRED ALPHA (CAR A)) BETA))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (NOT (LESSP (CAR X) (CAR A)))) (O-LARGEP (CDR X) (SHARP (PRED ALPHA (CAR A)) BETA))), which simplifies, rewriting with POSITIVE-LARGE, PRED-IS-AN-ORDINAL, and COMMUT-OF-SHARP, and opening up BAD-FOR-PIGEON-2, IMPLIES, AND, and LESSP, to the following two new goals: Case 2. (IMPLIES (AND (LISTP X) (NOT (NUMBERP (CAR A))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (O-LARGEP (CDR X) (SHARP BETA (PRED ALPHA (CAR A))))). Appealing to the lemma CAR-CDR-ELIM, we now replace A by (CONS Z V) to eliminate (CAR A) and (CDR A). This generates two new formulas: Case 2.2. (IMPLIES (AND (NOT (LISTP A)) (LISTP X) (NOT (NUMBERP (CAR A))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (O-LARGEP (CDR X) (SHARP BETA (PRED ALPHA (CAR A))))), which further simplifies, rewriting with the lemma CAR-NLISTP, and expanding the function NUMBERP, to: T. Case 2.1. (IMPLIES (AND (LISTP X) (NOT (NUMBERP Z)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP (CONS Z V)) (SETP B) (SETP X) (COVERS (CONS Z V) B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP (CONS Z V) ALPHA)) (NOT (O-LARGEP B BETA))) (O-LARGEP (CDR X) (SHARP BETA (PRED ALPHA Z)))), which further simplifies, applying CAR-OF-A-SET, to: T. Case 1. (IMPLIES (AND (LISTP X) (O-LARGEP (CDR X) (SHARP BETA (PRED ALPHA (CAR A)))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (NOT (LESSP (CAR X) (CAR A)))) (O-LARGEP (CDR X) (SHARP BETA (PRED ALPHA (CAR A))))). This again simplifies, trivially, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX10 (PROVE-LEMMA PIGEON-2-AUX11 (REWRITE) (IMPLIES (AND (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP A)) (NOT (O-LARGEP (CDR A) (PRED ALPHA (CAR A))))) ((DO-NOT-INDUCT T) (USE (RECURSIVE-CASE-FOR-LARGE (SET A) (ALPHA ALPHA))) (DISABLE RECURSIVE-CASE-FOR-LARGE))) WARNING: Note that PIGEON-2-AUX11 contains the free variables BETA, X, and B which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This formula can be simplified, using the abbreviations NOT, BAD-FOR-PIGEON-2, AND, and IMPLIES, to the new conjecture: (IMPLIES (AND (IMPLIES (AND (LISTP A) (NOT (EQUAL ALPHA 0))) (EQUAL (O-LARGEP A ALPHA) (O-LARGEP (CDR A) (PRED ALPHA (CAR A))))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP A)) (NOT (O-LARGEP (CDR A) (PRED ALPHA (CAR A))))), which simplifies, applying the lemma NUMBER-LARGE, and unfolding the functions NOT, AND, EQUAL, IMPLIES, ORDINALP, LENGTH, and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX11 (PROVE-LEMMA PIGEON-2-AUX12 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (NOT (O-LARGEP B BETA)))) WARNING: Note that PIGEON-2-AUX12 contains the free variables ALPHA, X, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This conjecture can be simplified, using the abbreviations NOT, BAD-FOR-PIGEON-2, and IMPLIES, to: T. This simplifies, obviously, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX12 (PROVE-LEMMA PIGEON-2-AUX13 (REWRITE) (IMPLIES (AND (ORDINALP (PRED ALPHA (CAR A))) (ORDINALP BETA) (SETP (CDR A)) (SETP B) (SETP (CDR X)) (COVERS (CDR A) B (CDR X)) (O-LARGEP (CDR X) (SHARP (PRED ALPHA (CAR A)) BETA)) (NOT (O-LARGEP (CDR A) (PRED ALPHA (CAR A)))) (NOT (O-LARGEP B BETA))) (BAD-FOR-PIGEON-2 (CDR A) B (CDR X) (PRED ALPHA (CAR A)) BETA))) WARNING: Note that the rewrite rule PIGEON-2-AUX13 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-PIGEON-2. This simplifies, rewriting with PRED-IS-AN-ORDINAL, COMMUT-OF-SHARP, LARGE-GOES-UP, SHARP-IS-AN-ORDINAL, SUBSETP-IS-IDEMPOTENT, CARS-ARE-ORDINALS, and CDRS-ARE-ORDINALS, and expanding the definitions of ORDINALP and BAD-FOR-PIGEON-2, to three new goals: Case 3. (IMPLIES (AND (ORDINALP BETA) (SETP (CDR A)) (SETP B) (SETP (CDR X)) (COVERS (CDR A) B (CDR X)) (O-LARGEP (CDR X) (SHARP BETA (PRED ALPHA (CAR A)))) (NOT (O-LARGEP (CDR A) (PRED ALPHA (CAR A)))) (NOT (O-LARGEP B BETA)) (NOT (LISTP BETA))) (NUMBERP BETA)), which again simplifies, unfolding the function ORDINALP, to: T. Case 2. (IMPLIES (AND (ORDINALP BETA) (SETP (CDR A)) (SETP B) (SETP (CDR X)) (COVERS (CDR A) B (CDR X)) (O-LARGEP (CDR X) (SHARP BETA (PRED ALPHA (CAR A)))) (NOT (O-LARGEP (CDR A) (PRED ALPHA (CAR A)))) (NOT (O-LARGEP B BETA)) (LISTP BETA) (LISTP (CDR BETA))) (NOT (ORD-LESSP (CAR BETA) (CADR BETA)))), which again simplifies, expanding the function ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP BETA) (SETP (CDR A)) (SETP B) (SETP (CDR X)) (COVERS (CDR A) B (CDR X)) (O-LARGEP (CDR X) (SHARP BETA (PRED ALPHA (CAR A)))) (NOT (O-LARGEP (CDR A) (PRED ALPHA (CAR A)))) (NOT (O-LARGEP B BETA)) (LISTP BETA)) (NOT (EQUAL (CAR BETA) 0))), which again simplifies, unfolding the functions EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.1 0.0 ] PIGEON-2-AUX13 (PROVE-LEMMA PIGEON-2-AUX14 (REWRITE) (IMPLIES (AND (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP A) (LEQ (CAR A) (CAR X))) (BAD-FOR-PIGEON-2 (CDR A) B (CDR X) (PRED ALPHA (CAR A)) BETA)) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX8 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX9 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX10 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX11 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX12 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX13 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))) (HANDS-OFF ORDINALP SETP O-LARGEP SHARP INSERT) (DISABLE PIGEON-2-AUX8 PIGEON-2-AUX9 PIGEON-2-AUX10 PIGEON-2-AUX11 PIGEON-2-AUX12 BAD-FOR-PIGEON-2 SETP))) WARNING: Note that the rewrite rule PIGEON-2-AUX14 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-PIGEON-2. This simplifies, rewriting with the lemma PIGEON-2-AUX13, and opening up the definitions of AND, IMPLIES, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX14 (PROVE-LEMMA PIGEON-2-AUX15 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (AND (ORDINALP ALPHA) (ORDINALP (PRED BETA (CAR B)))))) WARNING: Note that PIGEON-2-AUX15 contains the free variables BETA, X, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: the previously added lemma, PIGEON-2-AUX3, could be applied whenever the newly proposed PIGEON-2-AUX15 could! WARNING: Note that PIGEON-2-AUX15 contains the free variables ALPHA, X, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: the previously added lemma, PRED-IS-AN-ORDINAL, could be applied whenever the newly proposed PIGEON-2-AUX15 could! WARNING: Note that the proposed lemma PIGEON-2-AUX15 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and two replacement rules. This formula can be simplified, using the abbreviations BAD-FOR-PIGEON-2 and IMPLIES, to: (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (AND (ORDINALP ALPHA) (ORDINALP (PRED BETA (CAR B))))), which simplifies, rewriting with CDRS-ARE-ORDINALS, CARS-ARE-ORDINALS, and PRED-IS-AN-ORDINAL, and expanding the functions ORDINALP and AND, to the following three new goals: Case 3. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)). This again simplifies, opening up the definition of ORDINALP, to: T. Case 2. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP ALPHA) (LISTP (CDR ALPHA))) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA)))), which again simplifies, unfolding the definition of ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP ALPHA)) (NOT (EQUAL (CAR ALPHA) 0))), which again simplifies, expanding the definitions of EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX15 (PROVE-LEMMA PIGEON-2-AUX16 (REWRITE) (IMPLIES (AND (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP B) (LEQ (CAR B) (CAR X))) (AND (SETP A) (SETP (CDR B)) (SETP (CDR X)) (COVERS A (CDR B) (CDR X)))) ((DO-NOT-INDUCT T) (USE (TAIL-OF-A-SET (S B)) (TAIL-OF-A-SET (S X)) (CDR-IS-COVERED-SET-B (A A) (B B) (X X)) (PIGEON-2-AUX6 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))) (DISABLE CARS-ARE-ORDINALS IRREFLEX-OF-ORD-LEQ ORD-LEQ-ZERO NUMBERS-BELOW-OMEGA BAD-FOR-PIGEON-2 PIGEON-2-AUX6 CDR-IS-COVERED-SET-A) (HANDS-OFF COVERS ORD-LEQ))) WARNING: Note that PIGEON-2-AUX16 contains the free variables BETA, ALPHA, X, and B which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: the previously added lemma, PIGEON-2-AUX6, could be applied whenever the newly proposed PIGEON-2-AUX16 could! WARNING: Note that PIGEON-2-AUX16 contains the free variables BETA, ALPHA, X, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that PIGEON-2-AUX16 contains the free variables BETA, ALPHA, B, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that PIGEON-2-AUX16 contains the free variables BETA and ALPHA which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). WARNING: Note that the proposed lemma PIGEON-2-AUX16 is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and four replacement rules. This simplifies, applying PIGEON-2-AUX5, and unfolding the definitions of AND and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX16 (PROVE-LEMMA PIGEON-2-AUX17 (REWRITE) (IMPLIES (AND (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LEQ (CAR B) (CAR X))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B))))) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX5 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (SHARP-AND-CDR-B (X X) (ALPHA ALPHA) (BETA BETA) (M (CAR B)))) (DISABLE CARS-ARE-ORDINALS O-LARGEP NUMBERS-BELOW-OMEGA IRREFLEX-OF-ORD-LEQ ORD-LEQ-ZERO PIGEON-2-AUX5 O-LARGEP SHARP SHARP-AND-CDR-B) (HANDS-OFF O-LARGEP))) WARNING: Note that PIGEON-2-AUX17 contains the free variable A which will be chosen by instantiating the hypothesis (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This formula can be simplified, using the abbreviations BAD-FOR-PIGEON-2, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP X)) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (ORD-LESSP 0 BETA) (SETP X) (LISTP X) (NUMBERP (CAR B)) (IF (LESSP (CAR X) (CAR B)) F T) (O-LARGEP X (SHARP ALPHA BETA))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B))))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (NOT (LESSP (CAR X) (CAR B)))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B))))), which simplifies, rewriting with POSITIVE-LARGE, and opening up BAD-FOR-PIGEON-2, IMPLIES, AND, and LESSP, to the new conjecture: (IMPLIES (AND (LISTP X) (NOT (NUMBERP (CAR B))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B))))). Applying the lemma CAR-CDR-ELIM, replace B by (CONS Z V) to eliminate (CAR B) and (CDR B). We thus obtain the following two new formulas: Case 2. (IMPLIES (AND (NOT (LISTP B)) (LISTP X) (NOT (NUMBERP (CAR B))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B))))). But this further simplifies, applying CAR-NLISTP, and opening up the function NUMBERP, to: T. Case 1. (IMPLIES (AND (LISTP X) (NOT (NUMBERP Z)) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP (CONS Z V)) (SETP X) (COVERS A (CONS Z V) X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP (CONS Z V) BETA))) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA Z)))). This further simplifies, applying CAR-OF-A-SET, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX17 (PROVE-LEMMA PIGEON-2-AUX18 (REWRITE) (IMPLIES (AND (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP B)) (NOT (O-LARGEP (CDR B) (PRED BETA (CAR B))))) ((DO-NOT-INDUCT T) (USE (RECURSIVE-CASE-FOR-LARGE (SET B) (ALPHA BETA))) (DISABLE RECURSIVE-CASE-FOR-LARGE))) WARNING: Note that PIGEON-2-AUX18 contains the free variables ALPHA, X, and A which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This formula can be simplified, using the abbreviations NOT, BAD-FOR-PIGEON-2, AND, and IMPLIES, to the new conjecture: (IMPLIES (AND (IMPLIES (AND (LISTP B) (NOT (EQUAL BETA 0))) (EQUAL (O-LARGEP B BETA) (O-LARGEP (CDR B) (PRED BETA (CAR B))))) (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA)) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP B BETA)) (LISTP B)) (NOT (O-LARGEP (CDR B) (PRED BETA (CAR B))))), which simplifies, applying the lemmas COMMUT-OF-SHARP and NUMBER-LARGE, and unfolding the functions NOT, AND, EQUAL, IMPLIES, ORDINALP, LENGTH, and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX18 (PROVE-LEMMA PIGEON-2-AUX19 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (NOT (O-LARGEP A ALPHA)))) WARNING: Note that PIGEON-2-AUX19 contains the free variables BETA, X, and B which will be chosen by instantiating the hypothesis: (BAD-FOR-PIGEON-2 A B X ALPHA BETA). This conjecture can be simplified, using the abbreviations NOT, BAD-FOR-PIGEON-2, and IMPLIES, to: T. This simplifies, obviously, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX19 (PROVE-LEMMA PIGEON-2-AUX20 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP (PRED BETA (CAR B))) (SETP A) (SETP (CDR B)) (SETP (CDR X)) (COVERS A (CDR B) (CDR X)) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B)))) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP (CDR B) (PRED BETA (CAR B))))) (BAD-FOR-PIGEON-2 A (CDR B) (CDR X) ALPHA (PRED BETA (CAR B))))) WARNING: Note that the rewrite rule PIGEON-2-AUX20 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-PIGEON-2. This simplifies, rewriting with PRED-IS-AN-ORDINAL, LARGE-GOES-UP, SHARP-IS-AN-ORDINAL, SUBSETP-IS-IDEMPOTENT, CARS-ARE-ORDINALS, and CDRS-ARE-ORDINALS, and expanding the definitions of ORDINALP and BAD-FOR-PIGEON-2, to three new goals: Case 3. (IMPLIES (AND (ORDINALP ALPHA) (SETP A) (SETP (CDR B)) (SETP (CDR X)) (COVERS A (CDR B) (CDR X)) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B)))) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP (CDR B) (PRED BETA (CAR B)))) (NOT (LISTP ALPHA))) (NUMBERP ALPHA)), which again simplifies, unfolding the function ORDINALP, to: T. Case 2. (IMPLIES (AND (ORDINALP ALPHA) (SETP A) (SETP (CDR B)) (SETP (CDR X)) (COVERS A (CDR B) (CDR X)) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B)))) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP (CDR B) (PRED BETA (CAR B)))) (LISTP ALPHA) (LISTP (CDR ALPHA))) (NOT (ORD-LESSP (CAR ALPHA) (CADR ALPHA)))), which again simplifies, expanding the function ORDINALP, to: T. Case 1. (IMPLIES (AND (ORDINALP ALPHA) (SETP A) (SETP (CDR B)) (SETP (CDR X)) (COVERS A (CDR B) (CDR X)) (O-LARGEP (CDR X) (SHARP ALPHA (PRED BETA (CAR B)))) (NOT (O-LARGEP A ALPHA)) (NOT (O-LARGEP (CDR B) (PRED BETA (CAR B)))) (LISTP ALPHA)) (NOT (EQUAL (CAR ALPHA) 0))), which again simplifies, unfolding the functions EQUAL and ORDINALP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX20 (PROVE-LEMMA PIGEON-2-AUX21 (REWRITE) (IMPLIES (AND (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (LISTP B) (LEQ (CAR B) (CAR X))) (BAD-FOR-PIGEON-2 A (CDR B) (CDR X) ALPHA (PRED BETA (CAR B)))) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX15 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX16 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX17 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX18 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX19 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX20 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))) (HANDS-OFF ORDINALP SETP O-LARGEP SHARP INSERT) (DISABLE PIGEON-2-AUX15 PIGEON-2-AUX16 PIGEON-2-AUX17 PIGEON-2-AUX18 PIGEON-2-AUX19 BAD-FOR-PIGEON-2 SETP))) WARNING: Note that the rewrite rule PIGEON-2-AUX21 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-PIGEON-2. This simplifies, rewriting with the lemma PIGEON-2-AUX20, and opening up the definitions of AND, IMPLIES, and NOT, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX21 (PROVE-LEMMA PIGEON-2-AUX22 (REWRITE) (IMPLIES (BAD-FOR-PIGEON-2 A B X ALPHA BETA) (OR (BAD-FOR-PIGEON-2 (CDR A) B (CDR X) (PRED ALPHA (CAR A)) BETA) (BAD-FOR-PIGEON-2 A (CDR B) (CDR X) ALPHA (PRED BETA (CAR B))))) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX7 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX14 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA)) (PIGEON-2-AUX21 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))) (DISABLE BAD-FOR-PIGEON-2 CARS-ARE-ORDINALS IRREFLEX-OF-ORD-LEQ ORD-LEQ-ZERO NUMBERS-BELOW-OMEGA ORD-LEQ) (HANDS-OFF ORD-LEQ))) WARNING: Note that the rewrite rule PIGEON-2-AUX22 will be stored so as to apply only to terms with the nonrecursive function symbol OR. This conjecture simplifies, applying PIGEON-2-AUX14, PIGEON-2-AUX21, CDR-NLISTP, and CAR-NLISTP, and unfolding AND, OR, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX22 (DEFN PIGEON-2-KLUDGE (A B X ALPHA BETA) (IF (NLISTP X) 0 (PLUS (PIGEON-2-KLUDGE (CDR A) B (CDR X) (PRED ALPHA (CAR A)) BETA) (PIGEON-2-KLUDGE A (CDR B) (CDR X) ALPHA (PRED BETA (CAR B)))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to show that the measure (COUNT X) decreases according to the well-founded relation LESSP in each recursive call. Hence, PIGEON-2-KLUDGE is accepted under the principle of definition. From the definition we can conclude that (NUMBERP (PIGEON-2-KLUDGE A B X ALPHA BETA)) is a theorem. [ 0.0 0.1 0.0 ] PIGEON-2-KLUDGE (PROVE-LEMMA PIGEON-2-AUX23 (REWRITE) (NOT (BAD-FOR-PIGEON-2 A B X ALPHA BETA)) ((DISABLE BAD-FOR-PIGEON-2) (INDUCT (PIGEON-2-KLUDGE A B X ALPHA BETA)) (USE (PIGEON-2-AUX22 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))))) WARNING: Note that the rewrite rule PIGEON-2-AUX23 will be stored so as to apply only to terms with the nonrecursive function symbol BAD-FOR-PIGEON-2. This formula simplifies, opening up the definitions of OR, IMPLIES, NLISTP, NOT, and AND, to the following two new conjectures: Case 2. (IMPLIES (AND (BAD-FOR-PIGEON-2 (CDR A) B (CDR X) (PRED ALPHA (CAR A)) BETA) (NOT (LISTP X))) (NOT (BAD-FOR-PIGEON-2 A B X ALPHA BETA))). But this again simplifies, rewriting with CDR-NLISTP and PIGEON-2-AUX6, to: T. Case 1. (IMPLIES (AND (BAD-FOR-PIGEON-2 A (CDR B) (CDR X) ALPHA (PRED BETA (CAR B))) (NOT (LISTP X))) (NOT (BAD-FOR-PIGEON-2 A B X ALPHA BETA))). But this again simplifies, rewriting with CDR-NLISTP and PIGEON-2-AUX6, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2-AUX23 (PROVE-LEMMA PIGEON-2 (REWRITE) (IMPLIES (AND (ORDINALP ALPHA) (ORDINALP BETA) (SETP A) (SETP B) (SETP X) (COVERS A B X) (O-LARGEP X (SHARP ALPHA BETA))) (OR (O-LARGEP A ALPHA) (O-LARGEP B BETA))) ((DO-NOT-INDUCT T) (USE (PIGEON-2-AUX23 (A A) (B B) (X X) (ALPHA ALPHA) (BETA BETA))) (DISABLE PIGEON-2-AUX23))) WARNING: Note that the rewrite rule PIGEON-2 will be stored so as to apply only to terms with the nonrecursive function symbol OR. WARNING: Note that PIGEON-2 contains the free variable X which will be chosen by instantiating the hypothesis (SETP X). This formula simplifies, applying LARGE-GOES-UP, SHARP-IS-AN-ORDINAL, SUBSETP-IS-IDEMPOTENT, CARS-ARE-ORDINALS, and CDRS-ARE-ORDINALS, and opening up the definitions of ORDINALP, BAD-FOR-PIGEON-2, and EQUAL, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PIGEON-2 (DISABLE BAD-FOR-PIGEON-2) [ 0.0 0.0 0.0 ] BAD-FOR-PIGEON-2-OFF (DISABLE PIGEON-2-KLUDGE) [ 0.0 0.0 0.0 ] PIGEON-2-KLUDGE-OFF (DISABLE PIGEON-2-AUX1) [ 0.0 0.0 0.0 ] PIGEON-2-AUX1-OFF (DISABLE PIGEON-2-AUX2) [ 0.0 0.0 0.0 ] PIGEON-2-AUX2-OFF (DISABLE PIGEON-2-AUX3) [ 0.0 0.0 0.0 ] PIGEON-2-AUX3-OFF (DISABLE PIGEON-2-AUX4) [ 0.0 0.0 0.0 ] PIGEON-2-AUX4-OFF (DISABLE PIGEON-2-AUX5) [ 0.0 0.0 0.0 ] PIGEON-2-AUX5-OFF (DISABLE PIGEON-2-AUX6) [ 0.0 0.0 0.0 ] PIGEON-2-AUX6-OFF (DISABLE PIGEON-2-AUX7) [ 0.0 0.0 0.0 ] PIGEON-2-AUX7-OFF (DISABLE PIGEON-2-AUX8) [ 0.0 0.0 0.0 ] PIGEON-2-AUX8-OFF (DISABLE PIGEON-2-AUX9) [ 0.0 0.0 0.0 ] PIGEON-2-AUX9-OFF (DISABLE PIGEON-2-AUX10) [ 0.0 0.0 0.0 ] PIGEON-2-AUX10-OFF (DISABLE PIGEON-2-AUX11) [ 0.0 0.0 0.0 ] PIGEON-2-AUX11-OFF (DISABLE PIGEON-2-AUX12) [ 0.0 0.0 0.0 ] PIGEON-2-AUX12-OFF (DISABLE PIGEON-2-AUX13) [ 0.0 0.0 0.0 ] PIGEON-2-AUX13-OFF (DISABLE PIGEON-2-AUX14) [ 0.0 0.0 0.0 ] PIGEON-2-AUX14-OFF (DISABLE PIGEON-2-AUX15) [ 0.0 0.0 0.0 ] PIGEON-2-AUX15-OFF (DISABLE PIGEON-2-AUX16) [ 0.0 0.0 0.0 ] PIGEON-2-AUX16-OFF (DISABLE PIGEON-2-AUX17) [ 0.0 0.0 0.0 ] PIGEON-2-AUX17-OFF (DISABLE PIGEON-2-AUX18) [ 0.0 0.0 0.0 ] PIGEON-2-AUX18-OFF (DISABLE PIGEON-2-AUX19) [ 0.0 0.0 0.0 ] PIGEON-2-AUX19-OFF (DISABLE PIGEON-2-AUX20) [ 0.0 0.0 0.0 ] PIGEON-2-AUX20-OFF (DISABLE PIGEON-2-AUX21) [ 0.0 0.0 0.0 ] PIGEON-2-AUX21-OFF (DISABLE PIGEON-2-AUX22) [ 0.0 0.0 0.0 ] PIGEON-2-AUX22-OFF (DISABLE PIGEON-2-AUX23) [ 0.0 0.0 0.0 ] PIGEON-2-AUX23-OFF (DEFN FUNCALL (G X) (CADR (ASSOC X G))) [ 0.0 0.0 0.0 ] FUNCALL (DEFN RANGE (G) (IF (NLISTP G) (LIST 0) (CONS (CADAR G) (RANGE (CDR G))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT G) decreases according to the well-founded relation LESSP in each recursive call. Hence, RANGE is accepted under the principle of definition. Note that (LISTP (RANGE G)) is a theorem. [ 0.0 0.0 0.0 ] RANGE (PROVE-LEMMA RANGE-IS-BIG-ENUF (REWRITE) (MEMBER (FUNCALL G X) (RANGE G))) This conjecture can be simplified, using the abbreviation FUNCALL, to: (MEMBER (CADR (ASSOC X G)) (RANGE G)). Give the above formula the name *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP G) (p X G)) (IMPLIES (AND (NOT (NLISTP G)) (EQUAL X (CAAR G))) (p X G)) (IMPLIES (AND (NOT (NLISTP G)) (NOT (EQUAL X (CAAR G))) (p X (CDR G))) (p X G))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT G) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following three new conjectures: Case 3. (IMPLIES (NLISTP G) (MEMBER (CADR (ASSOC X G)) (RANGE G))). This simplifies, expanding NLISTP, ASSOC, CDR, CAR, RANGE, and MEMBER, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP G)) (EQUAL X (CAAR G))) (MEMBER (CADR (ASSOC X G)) (RANGE G))). This simplifies, applying CAR-CONS, and unfolding NLISTP, ASSOC, RANGE, and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP G)) (NOT (EQUAL X (CAAR G))) (MEMBER (CADR (ASSOC X (CDR G))) (RANGE (CDR G)))) (MEMBER (CADR (ASSOC X G)) (RANGE G))), which simplifies, rewriting with CDR-CONS and CAR-CONS, and unfolding NLISTP, ASSOC, RANGE, and MEMBER, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] RANGE-IS-BIG-ENUF (DISABLE RANGE) [ 0.0 0.0 0.0 ] RANGE-OFF (DISABLE FUNCALL) [ 0.0 0.0 0.0 ] FUNCALL-OFF (DEFN MAPSTO (G SET1 SET2) (IF (NLISTP SET1) T (AND (MAPSTO G (CDR SET1) SET2) (MEMBER (FUNCALL G (CAR SET1)) SET2)))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT SET1) decreases according to the well-founded relation LESSP in each recursive call. Hence, MAPSTO is accepted under the definitional principle. From the definition we can conclude that: (OR (FALSEP (MAPSTO G SET1 SET2)) (TRUEP (MAPSTO G SET1 SET2))) is a theorem. [ 0.0 0.0 0.0 ] MAPSTO (PROVE-LEMMA MAPSTO-WORKS (REWRITE) (IMPLIES (AND (MAPSTO G SET1 SET2) (MEMBER X SET1)) (MEMBER (FUNCALL G X) SET2))) WARNING: Note that MAPSTO-WORKS contains the free variable SET1 which will be chosen by instantiating the hypothesis (MAPSTO G SET1 SET2). Name the conjecture *1. Perhaps we can prove it by induction. Three inductions are suggested by terms in the conjecture. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP SET1) (p G X SET2 SET1)) (IMPLIES (AND (NOT (NLISTP SET1)) (p G X SET2 (CDR SET1))) (p G X SET2 SET1))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT SET1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following three new conjectures: Case 3. (IMPLIES (AND (NLISTP SET1) (MAPSTO G SET1 SET2) (MEMBER X SET1)) (MEMBER (FUNCALL G X) SET2)). This simplifies, opening up NLISTP, MAPSTO, and MEMBER, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP SET1)) (NOT (MAPSTO G (CDR SET1) SET2)) (MAPSTO G SET1 SET2) (MEMBER X SET1)) (MEMBER (FUNCALL G X) SET2)). This simplifies, unfolding the definitions of NLISTP and MAPSTO, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP SET1)) (NOT (MEMBER X (CDR SET1))) (MAPSTO G SET1 SET2) (MEMBER X SET1)) (MEMBER (FUNCALL G X) SET2)). This simplifies, expanding NLISTP, MAPSTO, and MEMBER, to: (IMPLIES (AND (LISTP SET1) (NOT (MEMBER X (CDR SET1))) (MAPSTO G (CDR SET1) SET2) (MEMBER (FUNCALL G (CAR SET1)) SET2) (EQUAL X (CAR SET1))) (MEMBER (FUNCALL G X) SET2)), which again simplifies, trivially, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MAPSTO-WORKS (DISABLE MAPSTO) [ 0.0 0.0 0.0 ] MAPSTO-OFF (DISABLE NUMBERS-BELOW-OMEGA) [ 0.0 0.0 0.0 ] NUMBERS-BELOW-OMEGA-OFF (DISABLE CDRS-ARE-ORDINALS) [ 0.0 0.0 0.0 ] CDRS-ARE-ORDINALS-OFF (DISABLE ORD-LEQ-ZERO) [ 0.0 0.0 0.0 ] ORD-LEQ-ZERO-OFF (DISABLE ORD-LEQ-IS-TRANSITIVE) [ 0.0 0.0 0.0 ] ORD-LEQ-IS-TRANSITIVE-OFF1 (DEFN HOM-BAD-PAIRP (X Y SET G N) (AND (SUBLISTP X SET) (SUBLISTP Y SET) (SETP X) (SETP Y) (EQUAL (LENGTH X) N) (EQUAL (LENGTH Y) N) (NOT (EQUAL (FUNCALL G X) (FUNCALL G Y))))) Note that: (OR (FALSEP (HOM-BAD-PAIRP X Y SET G N)) (TRUEP (HOM-BAD-PAIRP X Y SET G N))) is a theorem. [ 0.0 0.0 0.0 ] HOM-BAD-PAIRP (DISABLE HOM-BAD-PAIRP) [ 0.0 0.0 0.0 ] HOM-BAD-PAIRP-OFF (DEFN COUNTER-HOM (SET G N PAIRS) (IF (NLISTP PAIRS) 0 (IF (LISTP (COUNTER-HOM SET G N (CDR PAIRS))) (COUNTER-HOM SET G N (CDR PAIRS)) (IF (HOM-BAD-PAIRP (CAAR PAIRS) (CDAR PAIRS) SET G N) (CONS (CAAR PAIRS) (CDAR PAIRS)) 0)))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to establish that the measure (COUNT PAIRS) decreases according to the well-founded relation LESSP in each recursive call. Hence, COUNTER-HOM is accepted under the definitional principle. Observe that: (OR (NUMBERP (COUNTER-HOM SET G N PAIRS)) (LISTP (COUNTER-HOM SET G N PAIRS))) is a theorem. [ 0.0 0.0 0.0 ] COUNTER-HOM (PROVE-LEMMA BAD-PAIR-IS-BAD (REWRITE) (IMPLIES (LISTP (COUNTER-HOM SET G N PAIRS)) (HOM-BAD-PAIRP (CAR (COUNTER-HOM SET G N PAIRS)) (CDR (COUNTER-HOM SET G N PAIRS)) SET G N))) Name the conjecture *1. We will try to prove it by induction. The recursive terms in the conjecture suggest three inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP PAIRS) (p SET G N PAIRS)) (IMPLIES (AND (NOT (NLISTP PAIRS)) (LISTP (COUNTER-HOM SET G N (CDR PAIRS))) (p SET G N (CDR PAIRS))) (p SET G N PAIRS)) (IMPLIES (AND (NOT (NLISTP PAIRS)) (NOT (LISTP (COUNTER-HOM SET G N (CDR PAIRS)))) (HOM-BAD-PAIRP (CAAR PAIRS) (CDAR PAIRS) SET G N) (p SET G N (CDR PAIRS))) (p SET G N PAIRS)) (IMPLIES (AND (NOT (NLISTP PAIRS)) (NOT (LISTP (COUNTER-HOM SET G N (CDR PAIRS)))) (NOT (HOM-BAD-PAIRP (CAAR PAIRS) (CDAR PAIRS) SET G N)) (p SET G N (CDR PAIRS))) (p SET G N PAIRS))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to prove that the measure (COUNT PAIRS) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following four new conjectures: Case 4. (IMPLIES (AND (NLISTP PAIRS) (LISTP (COUNTER-HOM SET G N PAIRS))) (HOM-BAD-PAIRP (CAR (COUNTER-HOM SET G N PAIRS)) (CDR (COUNTER-HOM SET G N PAIRS)) SET G N)). This simplifies, expanding the functions NLISTP, COUNTER-HOM, and LISTP, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP PAIRS)) (LISTP (COUNTER-HOM SET G N (CDR PAIRS))) (HOM-BAD-PAIRP (CAR (COUNTER-HOM SET G N (CDR PAIRS))) (CDR (COUNTER-HOM SET G N (CDR PAIRS))) SET G N) (LISTP (COUNTER-HOM SET G N PAIRS))) (HOM-BAD-PAIRP (CAR (COUNTER-HOM SET G N PAIRS)) (CDR (COUNTER-HOM SET G N PAIRS)) SET G N)). This simplifies, opening up the functions NLISTP and COUNTER-HOM, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP PAIRS)) (HOM-BAD-PAIRP (CAAR PAIRS) (CDAR PAIRS) SET G N) (NOT (LISTP (COUNTER-HOM SET G N (CDR PAIRS)))) (LISTP (COUNTER-HOM SET G N PAIRS))) (HOM-BAD-PAIRP (CAR (COUNTER-HOM SET G N PAIRS)) (CDR (COUNTER-HOM SET G N PAIRS)) SET G N)). This simplifies, rewriting with CONS-CAR-CDR, and unfolding the definitions of NLISTP and COUNTER-HOM, to: (IMPLIES (AND (LISTP PAIRS) (HOM-BAD-PAIRP (CAAR PAIRS) (CDAR PAIRS) SET G N) (NOT (LISTP (COUNTER-HOM SET G N (CDR PAIRS)))) (NOT (LISTP (CAR PAIRS)))) (HOM-BAD-PAIRP (CAR '(0 . 0)) (CDR '(0 . 0)) SET G N)). This again simplifies, rewriting with CAR-NLISTP and CDR-NLISTP, and unfolding the functions CAR and CDR, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP PAIRS)) (NOT (HOM-BAD-PAIRP (CAAR PAIRS) (CDAR PAIRS) SET G N)) (NOT (LISTP (COUNTER-HOM SET G N (CDR PAIRS)))) (LISTP (COUNTER-HOM SET G N PAIRS))) (HOM-BAD-PAIRP (CAR (COUNTER-HOM SET G N PAIRS)) (CDR (COUNTER-HOM SET G N PAIRS)) SET G N)). This simplifies, unfolding the definitions of NLISTP, COUNTER-HOM, and LISTP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] BAD-PAIR-IS-BAD (PROVE-LEMMA COUNTER-HOM-FINDS-ONE (REWRITE) (IMPLIES (AND (MEMBER (CONS X Y) PAIRS) (HOM-BAD-PAIRP X Y SET G N)) (LISTP (COUNTER-HOM SET G N PAIRS)))) WARNING: Note that COUNTER-HOM-FINDS-ONE contains the free variables Y and X which will be chosen by instantiating the hypothesis (MEMBER (CONS X Y) PAIRS). Give the conjecture the name *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP PAIRS) (p SET G N PAIRS X Y)) (IMPLIES (AND (NOT (NLISTP PAIRS)) (EQUAL (CONS X Y) (CAR PAIRS))) (p SET G N PAIRS X Y)) (IMPLIES (AND (NOT (NLISTP PAIRS)) (NOT (EQUAL (CONS X Y) (CAR PAIRS))) (p SET G N (CDR PAIRS) X Y)) (p SET G N PAIRS X Y))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to establish that the measure (COUNT PAIRS) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to four new goals: Case 4. (IMPLIES (AND (NLISTP PAIRS) (MEMBER (CONS X Y) PAIRS) (HOM-BAD-PAIRP X Y SET G N)) (LISTP (COUNTER-HOM SET G N PAIRS))), which simplifies, unfolding the functions NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP PAIRS)) (EQUAL (CONS X Y) (CAR PAIRS)) (MEMBER (CONS X Y) PAIRS) (HOM-BAD-PAIRP X Y SET G N)) (LISTP (COUNTER-HOM SET G N PAIRS))), which simplifies, rewriting with the lemmas SUBSETP-IS-IDEMPOTENT, CAR-OF-SUBSET, and CONS-CAR-CDR, and opening up NLISTP and COUNTER-HOM, to: (IMPLIES (AND (LISTP PAIRS) (EQUAL (CONS X Y) (CAR PAIRS)) (HOM-BAD-PAIRP X Y SET G N) (NOT (LISTP (COUNTER-HOM SET G N (CDR PAIRS))))) (HOM-BAD-PAIRP (CAAR PAIRS) (CDAR PAIRS) SET G N)). Appealing to the lemma CAR-CDR-ELIM, we now replace PAIRS by (CONS Z V) to eliminate (CAR PAIRS) and (CDR PAIRS) and Z by (CONS W D) to eliminate (CAR Z) and (CDR Z). We must thus prove two new formulas: Case 3.2. (IMPLIES (AND (NOT (LISTP Z)) (EQUAL (CONS X Y) Z) (HOM-BAD-PAIRP X Y SET G N) (NOT (LISTP (COUNTER-HOM SET G N V)))) (HOM-BAD-PAIRP (CAR Z) (CDR Z) SET G N)), which further simplifies, obviously, to: T. Case 3.1. (IMPLIES (AND (EQUAL (CONS X Y) (CONS W D)) (HOM-BAD-PAIRP X Y SET G N) (NOT (LISTP (COUNTER-HOM SET G N V)))) (HOM-BAD-PAIRP W D SET G N)). But this further simplifies, applying CAR-CONS and CONS-EQUAL, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP PAIRS)) (NOT (EQUAL (CONS X Y) (CAR PAIRS))) (NOT (MEMBER (CONS X Y) (CDR PAIRS))) (MEMBER (CONS X Y) PAIRS) (HOM-BAD-PAIRP X Y SET G N)) (LISTP (COUNTER-HOM SET G N PAIRS))). This simplifies, opening up NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP PAIRS)) (NOT (EQUAL (CONS X Y) (CAR PAIRS))) (LISTP (COUNTER-HOM SET G N (CDR PAIRS))) (MEMBER (CONS X Y) PAIRS) (HOM-BAD-PAIRP X Y SET G N)) (LISTP (COUNTER-HOM SET G N PAIRS))). This simplifies, expanding NLISTP, MEMBER, and COUNTER-HOM, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] COUNTER-HOM-FINDS-ONE (DISABLE COUNTER-HOM) [ 0.0 0.0 0.0 ] COUNTER-HOM-OFF (DEFN HOMP (SET G N) (NLISTP (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET))))) Observe that (OR (FALSEP (HOMP SET G N)) (TRUEP (HOMP SET G N))) is a theorem. [ 0.0 0.0 0.0 ] HOMP (ENABLE HOM-BAD-PAIRP) [ 0.0 0.0 0.0 ] HOM-BAD-PAIRP-ON (PROVE-LEMMA HOMP-IS-SUFFICIENT-A (REWRITE) (IMPLIES (AND (HOMP SET G N) (SUBLISTP X SET) (SUBLISTP Y SET) (SETP X) (SETP Y) (EQUAL (LENGTH X) N) (EQUAL (LENGTH Y) N)) (EQUAL (FUNCALL G X) (FUNCALL G Y))) ((DO-NOT-INDUCT T) (USE (ALL-PAIRS (X X) (Y Y) (LST1 (POWER-SET SET)) (LST2 (POWER-SET SET)))) (DISABLE ALL-PAIRS))) WARNING: Note that HOMP-IS-SUFFICIENT-A contains the free variables Y, N, and SET which will be chosen by instantiating the hypotheses (HOMP SET G N) and (SUBLISTP Y SET). This formula can be simplified, using the abbreviations HOMP, AND, and IMPLIES, to the new conjecture: (IMPLIES (AND (IMPLIES (AND (MEMBER X (POWER-SET SET)) (MEMBER Y (POWER-SET SET))) (MEMBER (CONS X Y) (PRODUCT (POWER-SET SET) (POWER-SET SET)))) (NOT (LISTP (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET))))) (SUBLISTP X SET) (SUBLISTP Y SET) (SETP X) (SETP Y) (EQUAL (LENGTH X) N) (EQUAL (LENGTH Y) N)) (EQUAL (FUNCALL G X) (FUNCALL G Y))), which simplifies, applying SETS-ARE-PROPER, ALL-SUBLISTS, ONLY-SUBLISTS, and COUNTER-HOM-FINDS-ONE, and unfolding the functions AND, IMPLIES, and HOM-BAD-PAIRP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] HOMP-IS-SUFFICIENT-A (PROVE-LEMMA HOMP-IS-SUFFICIENT (REWRITE) (IMPLIES (AND (HOMP SET G N) (SUBSETP X SET) (SUBSETP Y SET) (SETP SET) (SETP X) (SETP Y) (EQUAL (LENGTH X) N) (EQUAL (LENGTH Y) N)) (EQUAL (FUNCALL G X) (FUNCALL G Y))) ((DO-NOT-INDUCT T) (USE (HOMP-IS-SUFFICIENT-A)) (DISABLE HOMP-IS-SUFFICIENT-A))) WARNING: Note that HOMP-IS-SUFFICIENT contains the free variables Y, N, and SET which will be chosen by instantiating the hypotheses (HOMP SET G N) and (SUBSETP Y SET). This formula can be simplified, using the abbreviations HOMP, AND, and IMPLIES, to: (IMPLIES (AND (IMPLIES (AND (HOMP SET G N) (SUBLISTP X SET) (SUBLISTP Y SET) (SETP X) (SETP Y) (EQUAL (LENGTH X) N) (EQUAL (LENGTH Y) N)) (EQUAL (FUNCALL G X) (FUNCALL G Y))) (NOT (LISTP (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET))))) (SUBSETP X SET) (SUBSETP Y SET) (SETP SET) (SETP X) (SETP Y) (EQUAL (LENGTH X) N) (EQUAL (LENGTH Y) N)) (EQUAL (FUNCALL G X) (FUNCALL G Y))), which simplifies, applying the lemmas ALL-SUBSETS and ONLY-SUBLISTS, and opening up the definitions of HOMP, AND, and IMPLIES, to: T. Q.E.D. [ 0.0 0.0 0.0 ] HOMP-IS-SUFFICIENT (DEFN COUNTER-HOM-X (SET G N) (CAR (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET))))) [ 0.0 0.0 0.0 ] COUNTER-HOM-X (DEFN COUNTER-HOM-Y (SET G N) (CDR (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET))))) [ 0.0 0.0 0.0 ] COUNTER-HOM-Y (PROVE-LEMMA HOMP-IS-NECESSARY (REWRITE) (IMPLIES (NOT (HOMP SET G N)) (AND (SUBLISTP (COUNTER-HOM-X SET G N) SET) (SUBLISTP (COUNTER-HOM-Y SET G N) SET) (SETP (COUNTER-HOM-X SET G N)) (SETP (COUNTER-HOM-Y SET G N)) (EQUAL (LENGTH (COUNTER-HOM-X SET G N)) N) (EQUAL (LENGTH (COUNTER-HOM-Y SET G N)) N) (NOT (EQUAL (FUNCALL G (COUNTER-HOM-X SET G N)) (FUNCALL G (COUNTER-HOM-Y SET G N)))))) ((USE (BAD-PAIR-IS-BAD (G G) (N N) (SET SET) (PAIRS (PRODUCT (POWER-SET SET) (POWER-SET SET))))) (DO-NOT-INDUCT T) (DISABLE BAD-PAIR-IS-BAD LENGTH LENGTH-OF-SUBSET LENGTH-OF-SUBLIST) (HANDS-OFF LENGTH SUBLISTP POWER-SET SUBSETP))) WARNING: Note that the proposed lemma HOMP-IS-NECESSARY is to be stored as zero type prescription rules, zero compound recognizer rules, zero linear rules, and seven replacement rules. This formula can be simplified, using the abbreviations HOMP, NOT, and IMPLIES, to the new goal: (IMPLIES (AND (IMPLIES (LISTP (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET)))) (HOM-BAD-PAIRP (CAR (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET)))) (CDR (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET)))) SET G N)) (LISTP (COUNTER-HOM SET G N (PRODUCT (POWER-SET SET) (POWER-SET SET))))) (AND (SUBLISTP (COUNTER-HOM-X SET G N) SET) (SUBLISTP (COUNTER-HOM-Y SET G N) SET) (SETP (COUNTER-HOM-X SET G N)) (SETP (COUNTER-HOM-Y SET G N)) (EQUAL (LENGTH (COUNTER-HOM-X SET G N)) N) (EQUAL (LENGTH (COUNTER-HOM-Y SET G N)) N) (NOT (EQUAL (FUNCALL G (COUNTER-HOM-X SET G N)) (FUNCALL G (COUNTER-HOM-Y SET G N)))))), which simplifies, opening up the functions HOM-BAD-PAIRP, IMPLIES, COUNTER-HOM-X, COUNTER-HOM-Y, NOT, and AND, to: T. Q.E.D. [ 0.0 0.0 0.0 ] HOMP-IS-NECESSARY (DISABLE HOMP) [ 0.0 0.0 0.0 ] HOMP-OFF (DISABLE HOM-BAD-PAIRP) [ 0.0 0.0 0.0 ] HOM-BAD-PAIRP-OFF1 (DISABLE COUNTER-HOM-X) [ 0.0 0.0 0.0 ] COUNTER-HOM-X-OFF (DISABLE COUNTER-HOM-Y) [ 0.0 0.0 0.0 ] COUNTER-HOM-Y-OFF (DEFN ADD-ON-END (ITEM SET) (IF (NLISTP SET) (LIST ITEM) (CONS (CAR SET) (ADD-ON-END ITEM (CDR SET))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each recursive call. Hence, ADD-ON-END is accepted under the principle of definition. Note that: (LISTP (ADD-ON-END ITEM SET)) is a theorem. [ 0.0 0.0 0.0 ] ADD-ON-END (PROVE-LEMMA ADD-IN-END-IS-LAST (REWRITE) (EQUAL (LAST (ADD-ON-END ITEM SET)) ITEM)) Name the conjecture *1. Let us appeal to the induction principle. There is only one suggested induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP SET) (p ITEM SET)) (IMPLIES (AND (NOT (NLISTP SET)) (p ITEM (CDR SET))) (p ITEM SET))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new conjectures: Case 2. (IMPLIES (NLISTP SET) (EQUAL (LAST (ADD-ON-END ITEM SET)) ITEM)), which simplifies, applying CAR-CONS and CDR-CONS, and unfolding the functions NLISTP, ADD-ON-END, LISTP, and LAST, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP SET)) (EQUAL (LAST (ADD-ON-END ITEM (CDR SET))) ITEM)) (EQUAL (LAST (ADD-ON-END ITEM SET)) ITEM)). This simplifies, applying CDR-CONS, and opening up the definitions of NLISTP, ADD-ON-END, and LAST, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ADD-IN-END-IS-LAST (PROVE-LEMMA ADD-IN-END-AND-LENGTH (REWRITE) (EQUAL (LENGTH (ADD-ON-END ITEM SET)) (ADD1 (LENGTH SET)))) Give the conjecture the name *1. Let us appeal to the induction principle. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP SET) (p ITEM SET)) (IMPLIES (AND (NOT (NLISTP SET)) (p ITEM (CDR SET))) (p ITEM SET))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates two new conjectures: Case 2. (IMPLIES (NLISTP SET) (EQUAL (LENGTH (ADD-ON-END ITEM SET)) (ADD1 (LENGTH SET)))), which simplifies, applying CDR-CONS, and opening up NLISTP, ADD-ON-END, ADD1, LENGTH, and EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP SET)) (EQUAL (LENGTH (ADD-ON-END ITEM (CDR SET))) (ADD1 (LENGTH (CDR SET))))) (EQUAL (LENGTH (ADD-ON-END ITEM SET)) (ADD1 (LENGTH SET)))). This simplifies, applying the lemma CDR-CONS, and unfolding the functions NLISTP, ADD-ON-END, and LENGTH, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ADD-IN-END-AND-LENGTH (PROVE-LEMMA ALL-BUT-LAST-AUX1 (REWRITE) (IMPLIES (LISTP (CDR LST)) (LISTP LST))) WARNING: ALL-BUT-LAST-AUX1 will slow down the theorem-prover because it will cause backward chaining on every instance of a primitive type expression. This formula simplifies, rewriting with CDR-NLISTP, and expanding the function LISTP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ALL-BUT-LAST-AUX1 (DEFN ALL-BUT-LAST (LST) (IF (NLISTP (CDR LST)) NIL (CONS (CAR LST) (ALL-BUT-LAST (CDR LST))))) Linear arithmetic, the lemmas CDR-LESSEQP, ALL-BUT-LAST-AUX1, and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each recursive call. Hence, ALL-BUT-LAST is accepted under the definitional principle. Observe that (OR (LITATOM (ALL-BUT-LAST LST)) (LISTP (ALL-BUT-LAST LST))) is a theorem. [ 0.0 0.0 0.0 ] ALL-BUT-LAST (DISABLE ALL-BUT-LAST-AUX1) [ 0.0 0.0 0.0 ] ALL-BUT-LAST-AUX1-OFF (PROVE-LEMMA ALL-BUT-LAST-AND-LENGTH (REWRITE) (IMPLIES (LISTP (CDR LST)) (EQUAL (LENGTH (ALL-BUT-LAST LST)) (SUB1 (LENGTH LST))))) This simplifies, appealing to the lemma CDR-CONS, and opening up the definitions of ALL-BUT-LAST and LENGTH, to two new goals: Case 2. (IMPLIES (AND (LISTP (CDR LST)) (NOT (LISTP LST))) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (SUB1 0))), which again simplifies, appealing to the lemma CDR-NLISTP, and unfolding LISTP, to: T. Case 1. (IMPLIES (AND (LISTP (CDR LST)) (LISTP LST)) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (SUB1 (ADD1 (LENGTH (CDR LST)))))), which again simplifies, rewriting with the lemma SUB1-ADD1, to: (IMPLIES (AND (LISTP (CDR LST)) (LISTP LST)) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (LENGTH (CDR LST)))). Appealing to the lemma CAR-CDR-ELIM, we now replace LST by (CONS Z X) to eliminate (CDR LST) and (CAR LST). The result is the goal: (IMPLIES (LISTP X) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST X))) (LENGTH X))), which we would usually push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us consider: (IMPLIES (LISTP (CDR LST)) (EQUAL (LENGTH (ALL-BUT-LAST LST)) (SUB1 (LENGTH LST)))). We gave this the name *1 above. Perhaps we can prove it by induction. There are two plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP (CDR LST)) (p LST)) (IMPLIES (AND (NOT (NLISTP (CDR LST))) (p (CDR LST))) (p LST))). Linear arithmetic, the lemmas CDR-LESSEQP, ALL-BUT-LAST-AUX1, and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following three new formulas: Case 3. (IMPLIES (AND (NLISTP (CDR LST)) (LISTP (CDR LST))) (EQUAL (LENGTH (ALL-BUT-LAST LST)) (SUB1 (LENGTH LST)))). This simplifies, expanding the function NLISTP, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP (CDR LST))) (NOT (LISTP (CDDR LST))) (LISTP (CDR LST))) (EQUAL (LENGTH (ALL-BUT-LAST LST)) (SUB1 (LENGTH LST)))). This simplifies, appealing to the lemma CDR-CONS, and expanding the functions NLISTP, ALL-BUT-LAST, and LENGTH, to the following two new conjectures: Case 2.2. (IMPLIES (AND (NOT (LISTP (CDDR LST))) (LISTP (CDR LST)) (NOT (LISTP LST))) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (SUB1 0))). But this again simplifies, applying CDR-NLISTP, and expanding the definitions of CDR and LISTP, to: T. Case 2.1. (IMPLIES (AND (NOT (LISTP (CDDR LST))) (LISTP (CDR LST)) (LISTP LST)) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (SUB1 (ADD1 (LENGTH (CDR LST)))))). This again simplifies, rewriting with SUB1-ADD1, to: (IMPLIES (AND (NOT (LISTP (CDDR LST))) (LISTP (CDR LST)) (LISTP LST)) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (LENGTH (CDR LST)))), which further simplifies, expanding ALL-BUT-LAST, LENGTH, ADD1, and EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP (CDR LST))) (EQUAL (LENGTH (ALL-BUT-LAST (CDR LST))) (SUB1 (LENGTH (CDR LST)))) (LISTP (CDR LST))) (EQUAL (LENGTH (ALL-BUT-LAST LST)) (SUB1 (LENGTH LST)))), which simplifies, rewriting with CDR-CONS, and expanding the functions NLISTP, ALL-BUT-LAST, and LENGTH, to the following two new goals: Case 1.2. (IMPLIES (AND (EQUAL (LENGTH (ALL-BUT-LAST (CDR LST))) (SUB1 (LENGTH (CDR LST)))) (LISTP (CDR LST)) (NOT (LISTP LST))) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (SUB1 0))). However this again simplifies, applying CDR-NLISTP, and unfolding LISTP, to: T. Case 1.1. (IMPLIES (AND (EQUAL (LENGTH (ALL-BUT-LAST (CDR LST))) (SUB1 (LENGTH (CDR LST)))) (LISTP (CDR LST)) (LISTP LST)) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (SUB1 (ADD1 (LENGTH (CDR LST)))))). But this again simplifies, using linear arithmetic, to the conjecture: (IMPLIES (AND (EQUAL (LENGTH (CDR LST)) 0) (EQUAL (LENGTH (ALL-BUT-LAST (CDR LST))) (SUB1 (LENGTH (CDR LST)))) (LISTP (CDR LST)) (LISTP LST)) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR LST)))) (SUB1 (ADD1 (LENGTH (CDR LST)))))). This again simplifies, unfolding the functions SUB1, ADD1, and EQUAL, to: (IMPLIES (AND (EQUAL (LENGTH (CDR LST)) 0) (EQUAL (LENGTH (ALL-BUT-LAST (CDR LST))) 0) (LISTP (CDR LST))) (NOT (LISTP LST))). Appealing to the lemma CAR-CDR-ELIM, we now replace LST by (CONS Z X) to eliminate (CDR LST) and (CAR LST). The result is the goal: (IMPLIES (AND (EQUAL (LENGTH X) 0) (EQUAL (LENGTH (ALL-BUT-LAST X)) 0)) (NOT (LISTP X))). Give the above formula the name *1.1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP X) (p (CDR X))) (p X)) (IMPLIES (NOT (LISTP X)) (p X))). Linear arithmetic and the lemma CDR-LESSP can be used to establish that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to three new goals: Case 3. (IMPLIES (AND (NOT (EQUAL (LENGTH (CDR X)) 0)) (EQUAL (LENGTH X) 0) (EQUAL (LENGTH (ALL-BUT-LAST X)) 0)) (NOT (LISTP X))), which simplifies, expanding the definition of LENGTH, to: T. Case 2. (IMPLIES (AND (NOT (EQUAL (LENGTH (ALL-BUT-LAST (CDR X))) 0)) (EQUAL (LENGTH X) 0) (EQUAL (LENGTH (ALL-BUT-LAST X)) 0)) (NOT (LISTP X))), which simplifies, opening up the definition of LENGTH, to: T. Case 1. (IMPLIES (AND (NOT (LISTP (CDR X))) (EQUAL (LENGTH X) 0) (EQUAL (LENGTH (ALL-BUT-LAST X)) 0)) (NOT (LISTP X))), which simplifies, unfolding the definition of LENGTH, to: T. That finishes the proof of *1.1, which, consequently, finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ALL-BUT-LAST-AND-LENGTH (PROVE-LEMMA ALL-BUT-LAST-OF-ADD-ON-END (REWRITE) (IMPLIES (PROPERP LST) (EQUAL (ALL-BUT-LAST (ADD-ON-END ITEM LST)) LST))) Name the conjecture *1. We will appeal to induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (p ITEM (CDR LST))) (p ITEM LST)) (IMPLIES (NOT (LISTP LST)) (p ITEM LST))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following three new formulas: Case 3. (IMPLIES (AND (LISTP LST) (NOT (PROPERP (CDR LST))) (PROPERP LST)) (EQUAL (ALL-BUT-LAST (ADD-ON-END ITEM LST)) LST)). This simplifies, expanding the definition of PROPERP, to: T. Case 2. (IMPLIES (AND (LISTP LST) (EQUAL (ALL-BUT-LAST (ADD-ON-END ITEM (CDR LST))) (CDR LST)) (PROPERP LST)) (EQUAL (ALL-BUT-LAST (ADD-ON-END ITEM LST)) LST)). This simplifies, applying CONS-CAR-CDR, CAR-CONS, and CDR-CONS, and expanding the definitions of PROPERP, ADD-ON-END, and ALL-BUT-LAST, to: T. Case 1. (IMPLIES (AND (NOT (LISTP LST)) (PROPERP LST)) (EQUAL (ALL-BUT-LAST (ADD-ON-END ITEM LST)) LST)), which simplifies, rewriting with the lemma CDR-CONS, and opening up the functions PROPERP, LISTP, ADD-ON-END, ALL-BUT-LAST, and EQUAL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ALL-BUT-LAST-OF-ADD-ON-END (ENABLE SETP) [ 0.0 0.0 0.0 ] SETP-ON1 (PROVE-LEMMA ADD-ON-END-MAKES-SETS (REWRITE) (IMPLIES (AND (SETP SET) (NUMBERP N) (LESSP (LAST SET) N)) (SETP (ADD-ON-END N SET)))) Give the conjecture the name *1. Perhaps we can prove it by induction. The recursive terms in the conjecture suggest four inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP SET) (LISTP (CDR SET)) (p N (CDR SET))) (p N SET)) (IMPLIES (AND (LISTP SET) (NOT (LISTP (CDR SET)))) (p N SET)) (IMPLIES (NOT (LISTP SET)) (p N SET))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following five new conjectures: Case 5. (IMPLIES (AND (LISTP SET) (LISTP (CDR SET)) (NOT (SETP (CDR SET))) (SETP SET) (NUMBERP N) (LESSP (LAST SET) N)) (SETP (ADD-ON-END N SET))). This simplifies, opening up the function SETP, to: T. Case 4. (IMPLIES (AND (LISTP SET) (LISTP (CDR SET)) (NOT (LESSP (LAST (CDR SET)) N)) (SETP SET) (NUMBERP N) (LESSP (LAST SET) N)) (SETP (ADD-ON-END N SET))). This simplifies, opening up the functions SETP and LAST, to: T. Case 3. (IMPLIES (AND (LISTP SET) (LISTP (CDR SET)) (SETP (ADD-ON-END N (CDR SET))) (SETP SET) (NUMBERP N) (LESSP (LAST SET) N)) (SETP (ADD-ON-END N SET))). This simplifies, applying CDR-CONS and CAR-CONS, and opening up the functions SETP, LAST, and ADD-ON-END, to: (IMPLIES (AND (LISTP SET) (LISTP (CDR SET)) (SETP (ADD-ON-END N (CDR SET))) (NUMBERP (CAR SET)) (SETP (CDR SET)) (LESSP (CAR SET) (CADR SET)) (NUMBERP N) (LESSP (LAST (CDR SET)) N)) (LESSP (CAR SET) (CAR (ADD-ON-END N (CDR SET))))). Appealing to the lemma CAR-CDR-ELIM, we now replace SET by (CONS Z X) to eliminate (CDR SET) and (CAR SET) and X by (CONS V W) to eliminate (CAR X) and (CDR X). This generates: (IMPLIES (AND (SETP (ADD-ON-END N (CONS V W))) (NUMBERP Z) (SETP (CONS V W)) (LESSP Z V) (NUMBERP N) (LESSP (LAST (CONS V W)) N)) (LESSP Z (CAR (ADD-ON-END N (CONS V W))))). This further simplifies, applying CDR-CONS, CAR-CONS, and CAR-OF-A-SET, and opening up the functions ADD-ON-END, SETP, LISTP, and LAST, to: T. Case 2. (IMPLIES (AND (LISTP SET) (NOT (LISTP (CDR SET))) (SETP SET) (NUMBERP N) (LESSP (LAST SET) N)) (SETP (ADD-ON-END N SET))). This simplifies, applying EMPTY-IS-NIL, CDR-CONS, and CAR-CONS, and unfolding the definitions of SETP, LAST, and ADD-ON-END, to two new goals: Case 2.2. (IMPLIES (AND (LISTP SET) (NOT (LISTP (CDR SET))) (NUMBERP (CAR SET)) (SETP (CDR SET)) (NUMBERP N) (LESSP (CAR SET) N)) (SETP (ADD-ON-END N (CDR SET)))), which further simplifies, applying CDR-CONS and CAR-CONS, and unfolding the definitions of SETP, LISTP, ADD-ON-END, and EQUAL, to: T. Case 2.1. (IMPLIES (AND (LISTP SET) (NOT (LISTP (CDR SET))) (NUMBERP (CAR SET)) (SETP (CDR SET)) (NUMBERP N) (LESSP (CAR SET) N)) (LESSP (CAR SET) (CAR (ADD-ON-END N (CDR SET))))). This further simplifies, rewriting with CAR-CONS, and expanding the definitions of SETP, LISTP, and ADD-ON-END, to: T. Case 1. (IMPLIES (AND (NOT (LISTP SET)) (SETP SET) (NUMBERP N) (LESSP (LAST SET) N)) (SETP (ADD-ON-END N SET))). This simplifies, rewriting with CDR-CONS and CAR-CONS, and expanding the functions SETP, LAST, EQUAL, LESSP, LISTP, and ADD-ON-END, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] ADD-ON-END-MAKES-SETS (DISABLE SETP) [ 0.0 0.0 0.0 ] SETP-OFF2 (PROVE-LEMMA ALL-BUT-LAST-IS-SUBLIST (REWRITE) (SUBLISTP (ALL-BUT-LAST LST) LST)) Name the conjecture *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (p (CDR LST))) (p LST)) (IMPLIES (NOT (LISTP LST)) (p LST))). Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to two new goals: Case 2. (IMPLIES (AND (LISTP LST) (SUBLISTP (ALL-BUT-LAST (CDR LST)) (CDR LST))) (SUBLISTP (ALL-BUT-LAST LST) LST)), which simplifies, unfolding the definition of ALL-BUT-LAST, to two new formulas: Case 2.2. (IMPLIES (AND (LISTP LST) (SUBLISTP (ALL-BUT-LAST (CDR LST)) (CDR LST)) (NOT (LISTP (CDR LST)))) (SUBLISTP NIL LST)), which again simplifies, applying CAR-CONS, CDR-CONS, and ONLY-SUBLISTS, and unfolding MEMBER, APPEND, CONS-ALL, LISTP, CAR, CDR, and POWER-SET, to: T. Case 2.1. (IMPLIES (AND (LISTP LST) (SUBLISTP (ALL-BUT-LAST (CDR LST)) (CDR LST)) (LISTP (CDR LST))) (SUBLISTP (CONS (CAR LST) (ALL-BUT-LAST (CDR LST))) LST)). However this again simplifies, applying the lemmas CDR-CONS and CAR-CONS, and expanding SUBLISTP, to: T. Case 1. (IMPLIES (NOT (LISTP LST)) (SUBLISTP (ALL-BUT-LAST LST) LST)), which simplifies, applying CDR-NLISTP and ONLY-SUBLISTS, and opening up ALL-BUT-LAST, LISTP, MEMBER, and POWER-SET, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ALL-BUT-LAST-IS-SUBLIST (PROVE-LEMMA ALL-BUT-LAST-IS-SUBLIST-A (REWRITE) (IMPLIES (SUBLISTP S1 SET) (SUBLISTP (ALL-BUT-LAST S1) SET)) ((DO-NOT-INDUCT T) (USE (ALL-BUT-LAST-IS-SUBLIST (LST S1))) (DISABLE ALL-BUT-LAST-IS-SUBLIST))) This conjecture simplifies, rewriting with TRANSITIVITY-OF-SUBLIST, to: T. Q.E.D. [ 0.0 0.0 0.0 ] ALL-BUT-LAST-IS-SUBLIST-A (PROVE-LEMMA ALL-BUT-LAST-IS-NON-EMPTY (REWRITE) (IMPLIES (LEQ 2 (LENGTH LST)) (LISTP (ALL-BUT-LAST LST)))) Name the conjecture *1. We will try to prove it by induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (p (CDR LST))) (p LST)) (IMPLIES (NOT (LISTP LST)) (p LST))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates three new conjectures: Case 3. (IMPLIES (AND (LISTP LST) (LESSP (LENGTH (CDR LST)) 2) (NOT (LESSP (LENGTH LST) 2))) (LISTP (ALL-BUT-LAST LST))), which simplifies, rewriting with the lemma SUB1-ADD1, and unfolding the functions LENGTH, SUB1, NUMBERP, EQUAL, LESSP, and ALL-BUT-LAST, to: (IMPLIES (AND (LISTP LST) (LESSP (LENGTH (CDR LST)) 2) (NOT (LESSP (LENGTH (CDR LST)) 1))) (LISTP (CDR LST))). This again simplifies, using linear arithmetic, to: (IMPLIES (AND (EQUAL (LENGTH (CDR LST)) 1) (LISTP LST) (LESSP 1 2) (NOT (LESSP 1 1))) (LISTP (CDR LST))). This again simplifies, expanding LESSP, to: (IMPLIES (AND (EQUAL (LENGTH (CDR LST)) 1) (LISTP LST)) (LISTP (CDR LST))). However this further simplifies, unfolding the definitions of LENGTH and EQUAL, to: T. Case 2. (IMPLIES (AND (LISTP LST) (LISTP (ALL-BUT-LAST (CDR LST))) (NOT (LESSP (LENGTH LST) 2))) (LISTP (ALL-BUT-LAST LST))), which simplifies, applying SUB1-ADD1, and expanding the definitions of LENGTH, SUB1, NUMBERP, EQUAL, LESSP, and ALL-BUT-LAST, to the new formula: (IMPLIES (AND (LISTP LST) (LISTP (ALL-BUT-LAST (CDR LST))) (NOT (LESSP (LENGTH (CDR LST)) 1))) (LISTP (CDR LST))), which further simplifies, rewriting with CDR-NLISTP, and expanding the functions LISTP and ALL-BUT-LAST, to: T. Case 1. (IMPLIES (AND (NOT (LISTP LST)) (NOT (LESSP (LENGTH LST) 2))) (LISTP (ALL-BUT-LAST LST))). This simplifies, unfolding LENGTH and LESSP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] ALL-BUT-LAST-IS-NON-EMPTY (ENABLE SETP) [ 0.0 0.0 0.0 ] SETP-ON2 (PROVE-LEMMA ALL-BUT-LAST-IS-A-SET (REWRITE) (IMPLIES (SETP SET) (SETP (ALL-BUT-LAST SET)))) Give the conjecture the name *1. We will appeal to induction. Two inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP SET) (p (CDR SET))) (p SET)) (IMPLIES (NOT (LISTP SET)) (p SET))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following three new conjectures: Case 3. (IMPLIES (AND (LISTP SET) (NOT (SETP (CDR SET))) (SETP SET)) (SETP (ALL-BUT-LAST SET))). This simplifies, expanding the function SETP, to: T. Case 2. (IMPLIES (AND (LISTP SET) (SETP (ALL-BUT-LAST (CDR SET))) (SETP SET)) (SETP (ALL-BUT-LAST SET))). This simplifies, opening up SETP, ALL-BUT-LAST, and LISTP, to the following two new formulas: Case 2.2. (IMPLIES (AND (LISTP SET) (SETP (ALL-BUT-LAST (CDR SET))) (NUMBERP (CAR SET)) (SETP (CDR SET)) (LESSP (CAR SET) (CADR SET)) (NOT (LISTP (CDR SET)))) (SETP NIL)). This again simplifies, applying CAR-NLISTP, and unfolding the definitions of EQUAL and LESSP, to: T. Case 2.1. (IMPLIES (AND (LISTP SET) (SETP (ALL-BUT-LAST (CDR SET))) (NUMBERP (CAR SET)) (SETP (CDR SET)) (LESSP (CAR SET) (CADR SET)) (LISTP (CDR SET))) (SETP (CONS (CAR SET) (ALL-BUT-LAST (CDR SET))))). However this again simplifies, applying the lemmas CDR-CONS and CAR-CONS, and unfolding the function SETP, to: (IMPLIES (AND (LISTP SET) (SETP (ALL-BUT-LAST (CDR SET))) (NUMBERP (CAR SET)) (SETP (CDR SET)) (LESSP (CAR SET) (CADR SET)) (LISTP (CDR SET)) (NOT (EQUAL (ALL-BUT-LAST (CDR SET)) NIL))) (LESSP (CAR SET) (CAR (ALL-BUT-LAST (CDR SET))))). Appealing to the lemma CAR-CDR-ELIM, we now replace SET by (CONS Z X) to eliminate (CDR SET) and (CAR SET) and X by (CONS V W) to eliminate (CAR X) and (CDR X). This generates: (IMPLIES (AND (SETP (ALL-BUT-LAST (CONS V W))) (NUMBERP Z) (SETP (CONS V W)) (LESSP Z V) (NOT (EQUAL (ALL-BUT-LAST (CONS V W)) NIL))) (LESSP Z (CAR (ALL-BUT-LAST (CONS V W))))). But this further simplifies, rewriting with CAR-CONS, CDR-CONS, EMPTY-IS-NIL, and CAR-OF-A-SET, and unfolding ALL-BUT-LAST, SETP, LISTP, and EQUAL, to: T. Case 1. (IMPLIES (AND (NOT (LISTP SET)) (SETP SET)) (SETP (ALL-BUT-LAST SET))). This simplifies, opening up the definitions of SETP and ALL-BUT-LAST, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.1 0.0 ] ALL-BUT-LAST-IS-A-SET (DISABLE SETP) [ 0.0 0.0 0.0 ] SETP-OFF3 (PROVE-LEMMA RE-ASSEMBLE-AT-END (REWRITE) (IMPLIES (AND (PROPERP LST) (LISTP LST)) (EQUAL (ADD-ON-END (LAST LST) (ALL-BUT-LAST LST)) LST))) Give the conjecture the name *1. Let us appeal to the induction principle. The recursive terms in the conjecture suggest three inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP LST) (LISTP (CDR LST)) (p (CDR LST))) (p LST)) (IMPLIES (AND (LISTP LST) (NOT (LISTP (CDR LST)))) (p LST)) (IMPLIES (NOT (LISTP LST)) (p LST))). Linear arithmetic and the lemma CDR-LESSP can be used to show that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following three new conjectures: Case 3. (IMPLIES (AND (LISTP (CDR LST)) (NOT (PROPERP (CDR LST))) (PROPERP LST) (LISTP LST)) (EQUAL (ADD-ON-END (LAST LST) (ALL-BUT-LAST LST)) LST)). This simplifies, opening up the function PROPERP, to: T. Case 2. (IMPLIES (AND (LISTP (CDR LST)) (EQUAL (ADD-ON-END (LAST (CDR LST)) (ALL-BUT-LAST (CDR LST))) (CDR LST)) (PROPERP LST) (LISTP LST)) (EQUAL (ADD-ON-END (LAST LST) (ALL-BUT-LAST LST)) LST)). This simplifies, rewriting with CONS-CAR-CDR, CDR-CONS, and CAR-CONS, and opening up the definitions of PROPERP, LAST, ALL-BUT-LAST, and ADD-ON-END, to: T. Case 1. (IMPLIES (AND (NOT (LISTP (CDR LST))) (PROPERP LST) (LISTP LST)) (EQUAL (ADD-ON-END (LAST LST) (ALL-BUT-LAST LST)) LST)), which simplifies, rewriting with CAR-CONS and CDR-CONS, and opening up the definitions of PROPERP, LAST, ALL-BUT-LAST, LISTP, and ADD-ON-END, to the new conjecture: (IMPLIES (AND (NOT (LISTP (CDR LST))) (PROPERP (CDR LST)) (LISTP LST)) (EQUAL (LIST (CAR LST)) LST)), which further simplifies, rewriting with the lemmas CAR-CONS and CDR-CONS, and opening up PROPERP and EQUAL, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.3 0.0 ] RE-ASSEMBLE-AT-END (PROVE-LEMMA LENGTH-OF-ALL-BUT-LAST (REWRITE) (IMPLIES (LISTP X) (EQUAL (LENGTH (ALL-BUT-LAST X)) (SUB1 (LENGTH X))))) Name the conjecture *1. Let us appeal to the induction principle. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP (CDR X)) (p X)) (IMPLIES (AND (NOT (NLISTP (CDR X))) (p (CDR X))) (p X))). Linear arithmetic, the lemmas CDR-LESSEQP, ALL-BUT-LAST-AUX1, and CDR-LESSP, and the definition of NLISTP can be used to show that the measure (COUNT X) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following three new goals: Case 3. (IMPLIES (AND (NLISTP (CDR X)) (LISTP X)) (EQUAL (LENGTH (ALL-BUT-LAST X)) (SUB1 (LENGTH X)))). This simplifies, applying SUB1-ADD1, and expanding the functions NLISTP, ALL-BUT-LAST, and LENGTH, to: (IMPLIES (AND (NOT (LISTP (CDR X))) (LISTP X)) (EQUAL 0 (LENGTH (CDR X)))). However this further simplifies, opening up LENGTH and EQUAL, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP (CDR X))) (NOT (LISTP (CDR X))) (LISTP X)) (EQUAL (LENGTH (ALL-BUT-LAST X)) (SUB1 (LENGTH X)))), which simplifies, opening up the definition of NLISTP, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP (CDR X))) (EQUAL (LENGTH (ALL-BUT-LAST (CDR X))) (SUB1 (LENGTH (CDR X)))) (LISTP X)) (EQUAL (LENGTH (ALL-BUT-LAST X)) (SUB1 (LENGTH X)))), which simplifies, rewriting with CDR-CONS and SUB1-ADD1, and expanding the definitions of NLISTP, ALL-BUT-LAST, and LENGTH, to: (IMPLIES (AND (LISTP (CDR X)) (EQUAL (LENGTH (ALL-BUT-LAST (CDR X))) (SUB1 (LENGTH (CDR X)))) (LISTP X)) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR X)))) (LENGTH (CDR X)))), which again simplifies, using linear arithmetic, to the formula: (IMPLIES (AND (EQUAL (LENGTH (CDR X)) 0) (LISTP (CDR X)) (EQUAL (LENGTH (ALL-BUT-LAST (CDR X))) (SUB1 (LENGTH (CDR X)))) (LISTP X)) (EQUAL (ADD1 (LENGTH (ALL-BUT-LAST (CDR X)))) (LENGTH (CDR X)))). This again simplifies, unfolding SUB1, ADD1, and EQUAL, to the conjecture: (IMPLIES (AND (EQUAL (LENGTH (CDR X)) 0) (LISTP (CDR X)) (EQUAL (LENGTH (ALL-BUT-LAST (CDR X))) 0)) (NOT (LISTP X))). Appealing to the lemma CAR-CDR-ELIM, we now replace X by (CONS V Z) to eliminate (CDR X) and (CAR X). The result is the goal: (IMPLIES (AND (EQUAL (LENGTH Z) 0) (LISTP Z)) (NOT (EQUAL (LENGTH (ALL-BUT-LAST Z)) 0))). Call the above conjecture *1.1. Perhaps we can prove it by induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP Z) (p (CDR Z))) (p Z)) (IMPLIES (NOT (LISTP Z)) (p Z))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT Z) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following three new formulas: Case 3. (IMPLIES (AND (NOT (EQUAL (LENGTH (CDR Z)) 0)) (EQUAL (LENGTH Z) 0) (LISTP Z)) (NOT (EQUAL (LENGTH (ALL-BUT-LAST Z)) 0))). This simplifies, unfolding LENGTH, to: T. Case 2. (IMPLIES (AND (NOT (LISTP (CDR Z))) (EQUAL (LENGTH Z) 0) (LISTP Z)) (NOT (EQUAL (LENGTH (ALL-BUT-LAST Z)) 0))). This simplifies, expanding LENGTH, to: T. Case 1. (IMPLIES (AND (NOT (EQUAL (LENGTH (ALL-BUT-LAST (CDR Z))) 0)) (EQUAL (LENGTH Z) 0) (LISTP Z)) (NOT (EQUAL (LENGTH (ALL-BUT-LAST Z)) 0))). This simplifies, unfolding the function LENGTH, to: T. That finishes the proof of *1.1, which also finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] LENGTH-OF-ALL-BUT-LAST (DEFN PRE-HOM-BAD-TRIPLEP (Y Z S1 SET G) (AND (SUBLISTP S1 SET) (LISTP S1) (SETP S1) (MEMBER Y SET) (MEMBER Z SET) (LESSP (LAST S1) Y) (LESSP (LAST S1) Z) (NOT (EQUAL (FUNCALL G (ADD-ON-END Y S1)) (FUNCALL G (ADD-ON-END Z S1)))))) From the definition we can conclude that: (OR (FALSEP (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G)) (TRUEP (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G))) is a theorem. [ 0.0 0.0 0.0 ] PRE-HOM-BAD-TRIPLEP (DISABLE PRE-HOM-BAD-TRIPLEP) [ 0.0 0.0 0.0 ] PRE-HOM-BAD-TRIPLEP-OFF (DEFN COUNTER-PRE-HOM (SET G TRIPLES) (IF (NLISTP TRIPLES) 0 (IF (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES))) (COUNTER-PRE-HOM SET G (CDR TRIPLES)) (IF (PRE-HOM-BAD-TRIPLEP (CAAAR TRIPLES) (CDAAR TRIPLES) (CDAR TRIPLES) SET G) (CONS (CONS (CAAAR TRIPLES) (CDAAR TRIPLES)) (CDAR TRIPLES)) 0)))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT TRIPLES) decreases according to the well-founded relation LESSP in each recursive call. Hence, COUNTER-PRE-HOM is accepted under the principle of definition. Note that: (OR (NUMBERP (COUNTER-PRE-HOM SET G TRIPLES)) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))) is a theorem. [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM (PROVE-LEMMA BAD-TRIPLE-IS-BAD (REWRITE) (IMPLIES (LISTP (COUNTER-PRE-HOM SET G TRIPLES)) (PRE-HOM-BAD-TRIPLEP (CAAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDR (COUNTER-PRE-HOM SET G TRIPLES)) SET G))) Give the conjecture the name *1. We will appeal to induction. There are four plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP TRIPLES) (p SET G TRIPLES)) (IMPLIES (AND (NOT (NLISTP TRIPLES)) (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES))) (p SET G (CDR TRIPLES))) (p SET G TRIPLES)) (IMPLIES (AND (NOT (NLISTP TRIPLES)) (NOT (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES)))) (PRE-HOM-BAD-TRIPLEP (CAAAR TRIPLES) (CDAAR TRIPLES) (CDAR TRIPLES) SET G) (p SET G (CDR TRIPLES))) (p SET G TRIPLES)) (IMPLIES (AND (NOT (NLISTP TRIPLES)) (NOT (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES)))) (NOT (PRE-HOM-BAD-TRIPLEP (CAAAR TRIPLES) (CDAAR TRIPLES) (CDAR TRIPLES) SET G)) (p SET G (CDR TRIPLES))) (p SET G TRIPLES))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT TRIPLES) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following four new formulas: Case 4. (IMPLIES (AND (NLISTP TRIPLES) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))) (PRE-HOM-BAD-TRIPLEP (CAAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDR (COUNTER-PRE-HOM SET G TRIPLES)) SET G)). This simplifies, unfolding NLISTP, COUNTER-PRE-HOM, and LISTP, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP TRIPLES)) (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES))) (PRE-HOM-BAD-TRIPLEP (CAAR (COUNTER-PRE-HOM SET G (CDR TRIPLES))) (CDAR (COUNTER-PRE-HOM SET G (CDR TRIPLES))) (CDR (COUNTER-PRE-HOM SET G (CDR TRIPLES))) SET G) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))) (PRE-HOM-BAD-TRIPLEP (CAAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDR (COUNTER-PRE-HOM SET G TRIPLES)) SET G)). This simplifies, opening up the definitions of NLISTP and COUNTER-PRE-HOM, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP TRIPLES)) (PRE-HOM-BAD-TRIPLEP (CAAAR TRIPLES) (CDAAR TRIPLES) (CDAR TRIPLES) SET G) (NOT (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES)))) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))) (PRE-HOM-BAD-TRIPLEP (CAAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDR (COUNTER-PRE-HOM SET G TRIPLES)) SET G)). This simplifies, appealing to the lemmas CONS-CAR-CDR, CAR-CONS, and CDR-CONS, and unfolding the definitions of NLISTP and COUNTER-PRE-HOM, to the new goal: (IMPLIES (AND (LISTP TRIPLES) (PRE-HOM-BAD-TRIPLEP (CAAAR TRIPLES) (CDAAR TRIPLES) (CDAR TRIPLES) SET G) (NOT (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES)))) (NOT (LISTP (CAAR TRIPLES)))) (PRE-HOM-BAD-TRIPLEP (CAR '(0 . 0)) (CDR '(0 . 0)) (CDAR TRIPLES) SET G)), which again simplifies, rewriting with CAR-NLISTP and CDR-NLISTP, and opening up the definitions of CAR and CDR, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP TRIPLES)) (NOT (PRE-HOM-BAD-TRIPLEP (CAAAR TRIPLES) (CDAAR TRIPLES) (CDAR TRIPLES) SET G)) (NOT (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES)))) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))) (PRE-HOM-BAD-TRIPLEP (CAAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDAR (COUNTER-PRE-HOM SET G TRIPLES)) (CDR (COUNTER-PRE-HOM SET G TRIPLES)) SET G)). This simplifies, expanding the functions NLISTP, COUNTER-PRE-HOM, and LISTP, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] BAD-TRIPLE-IS-BAD (PROVE-LEMMA COUNTER-PRE-HOM-FINDS-ONE (REWRITE) (IMPLIES (AND (MEMBER (CONS (CONS Y Z) S1) TRIPLES) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G)) (LISTP (COUNTER-PRE-HOM SET G TRIPLES)))) WARNING: Note that COUNTER-PRE-HOM-FINDS-ONE contains the free variables S1, Z, and Y which will be chosen by instantiating the hypothesis: (MEMBER (CONS (CONS Y Z) S1) TRIPLES). Name the conjecture *1. Perhaps we can prove it by induction. There are two plausible inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP TRIPLES) (p SET G TRIPLES Y Z S1)) (IMPLIES (AND (NOT (NLISTP TRIPLES)) (EQUAL (CONS (CONS Y Z) S1) (CAR TRIPLES))) (p SET G TRIPLES Y Z S1)) (IMPLIES (AND (NOT (NLISTP TRIPLES)) (NOT (EQUAL (CONS (CONS Y Z) S1) (CAR TRIPLES))) (p SET G (CDR TRIPLES) Y Z S1)) (p SET G TRIPLES Y Z S1))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP establish that the measure (COUNT TRIPLES) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme leads to the following four new formulas: Case 4. (IMPLIES (AND (NLISTP TRIPLES) (MEMBER (CONS (CONS Y Z) S1) TRIPLES) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G)) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))). This simplifies, opening up the definitions of NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP TRIPLES)) (EQUAL (CONS (CONS Y Z) S1) (CAR TRIPLES)) (MEMBER (CONS (CONS Y Z) S1) TRIPLES) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G)) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))). This simplifies, applying SUBSETP-IS-IDEMPOTENT, CAR-OF-SUBSET, and CONS-CAR-CDR, and unfolding NLISTP and COUNTER-PRE-HOM, to: (IMPLIES (AND (LISTP TRIPLES) (EQUAL (CONS (CONS Y Z) S1) (CAR TRIPLES)) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G) (NOT (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES))))) (PRE-HOM-BAD-TRIPLEP (CAAAR TRIPLES) (CDAAR TRIPLES) (CDAR TRIPLES) SET G)). Appealing to the lemma CAR-CDR-ELIM, we now replace TRIPLES by (CONS X V) to eliminate (CAR TRIPLES) and (CDR TRIPLES), X by (CONS W D) to eliminate (CAR X) and (CDR X), and W by (CONS X C) to eliminate (CAR W) and (CDR W). The result is three new formulas: Case 3.3. (IMPLIES (AND (NOT (LISTP X)) (EQUAL (CONS (CONS Y Z) S1) X) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G) (NOT (LISTP (COUNTER-PRE-HOM SET G V)))) (PRE-HOM-BAD-TRIPLEP (CAAR X) (CDAR X) (CDR X) SET G)), which further simplifies, trivially, to: T. Case 3.2. (IMPLIES (AND (NOT (LISTP W)) (EQUAL (CONS (CONS Y Z) S1) (CONS W D)) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G) (NOT (LISTP (COUNTER-PRE-HOM SET G V)))) (PRE-HOM-BAD-TRIPLEP (CAR W) (CDR W) D SET G)). But this further simplifies, rewriting with CAR-CONS, to: T. Case 3.1. (IMPLIES (AND (EQUAL (CONS (CONS Y Z) S1) (CONS (CONS X C) D)) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G) (NOT (LISTP (COUNTER-PRE-HOM SET G V)))) (PRE-HOM-BAD-TRIPLEP X C D SET G)). This further simplifies, applying CAR-CONS and CONS-EQUAL, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP TRIPLES)) (NOT (EQUAL (CONS (CONS Y Z) S1) (CAR TRIPLES))) (NOT (MEMBER (CONS (CONS Y Z) S1) (CDR TRIPLES))) (MEMBER (CONS (CONS Y Z) S1) TRIPLES) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G)) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))). This simplifies, unfolding NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP TRIPLES)) (NOT (EQUAL (CONS (CONS Y Z) S1) (CAR TRIPLES))) (LISTP (COUNTER-PRE-HOM SET G (CDR TRIPLES))) (MEMBER (CONS (CONS Y Z) S1) TRIPLES) (PRE-HOM-BAD-TRIPLEP Y Z S1 SET G)) (LISTP (COUNTER-PRE-HOM SET G TRIPLES))). This simplifies, unfolding NLISTP, MEMBER, and COUNTER-PRE-HOM, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM-FINDS-ONE (DISABLE COUNTER-PRE-HOM) [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM-OFF (DEFN PRE-HOMP (SET G) (NLISTP (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET))))) From the definition we can conclude that: (OR (FALSEP (PRE-HOMP SET G)) (TRUEP (PRE-HOMP SET G))) is a theorem. [ 0.0 0.0 0.0 ] PRE-HOMP (ENABLE PRE-HOM-BAD-TRIPLEP) [ 0.0 0.0 0.0 ] PRE-HOM-BAD-TRIPLEP-ON (PROVE-LEMMA PRE-HOMP-IS-SUFFICIENT (REWRITE) (IMPLIES (AND (PRE-HOMP SET G) (SUBLISTP S1 SET) (LISTP S1) (SETP S1) (MEMBER Y SET) (MEMBER Z SET) (LESSP (LAST S1) Y) (LESSP (LAST S1) Z)) (EQUAL (FUNCALL G (ADD-ON-END Y S1)) (FUNCALL G (ADD-ON-END Z S1)))) ((DO-NOT-INDUCT T) (USE (ALL-PAIRS (X Y) (Y Z) (LST1 SET) (LST2 SET)) (ALL-PAIRS (X (CONS Y Z)) (Y S1) (LST1 (PRODUCT SET SET)) (LST2 (POWER-SET SET)))) (DISABLE ALL-PAIRS))) WARNING: Note that PRE-HOMP-IS-SUFFICIENT contains the free variables Z and SET which will be chosen by instantiating the hypotheses (PRE-HOMP SET G) and (MEMBER Z SET). This conjecture can be simplified, using the abbreviations PRE-HOMP, IMPLIES, and AND, to: (IMPLIES (AND (IMPLIES (AND (MEMBER Y SET) (MEMBER Z SET)) (MEMBER (CONS Y Z) (PRODUCT SET SET))) (IMPLIES (AND (MEMBER (CONS Y Z) (PRODUCT SET SET)) (MEMBER S1 (POWER-SET SET))) (MEMBER (CONS (CONS Y Z) S1) (PRODUCT (PRODUCT SET SET) (POWER-SET SET)))) (NOT (LISTP (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET))))) (SUBLISTP S1 SET) (LISTP S1) (SETP S1) (MEMBER Y SET) (MEMBER Z SET) (LESSP (LAST S1) Y) (LESSP (LAST S1) Z)) (EQUAL (FUNCALL G (ADD-ON-END Y S1)) (FUNCALL G (ADD-ON-END Z S1)))). This simplifies, applying SETS-ARE-PROPER, ALL-SUBLISTS, ONLY-SUBLISTS, and COUNTER-PRE-HOM-FINDS-ONE, and opening up AND, IMPLIES, and PRE-HOM-BAD-TRIPLEP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRE-HOMP-IS-SUFFICIENT (DEFN COUNTER-PRE-HOM-Y (SET G) (CAAR (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET))))) [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM-Y (DEFN COUNTER-PRE-HOM-Z (SET G) (CDAR (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET))))) [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM-Z (DEFN COUNTER-PRE-HOM-S1 (SET G) (CDR (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET))))) [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM-S1 (PROVE-LEMMA PRE-HOMP-IS-NECESSARY (REWRITE) (IMPLIES (NOT (PRE-HOMP SET G)) (AND (SUBLISTP (COUNTER-PRE-HOM-S1 SET G) SET) (LISTP (COUNTER-PRE-HOM-S1 SET G)) (SETP (COUNTER-PRE-HOM-S1 SET G)) (MEMBER (COUNTER-PRE-HOM-Y SET G) SET) (MEMBER (COUNTER-PRE-HOM-Z SET G) SET) (LESSP (LAST (COUNTER-PRE-HOM-S1 SET G)) (COUNTER-PRE-HOM-Y SET G)) (LESSP (LAST (COUNTER-PRE-HOM-S1 SET G)) (COUNTER-PRE-HOM-Z SET G)) (NOT (EQUAL (FUNCALL G (ADD-ON-END (COUNTER-PRE-HOM-Y SET G) (COUNTER-PRE-HOM-S1 SET G))) (FUNCALL G (ADD-ON-END (COUNTER-PRE-HOM-Z SET G) (COUNTER-PRE-HOM-S1 SET G))))))) ((DO-NOT-INDUCT T) (USE (BAD-TRIPLE-IS-BAD (G G) (SET SET) (TRIPLES (PRODUCT (PRODUCT SET SET) (POWER-SET SET))))) (DISABLE BAD-TRIPLE-IS-BAD LENGTH LENGTH-OF-SUBSET LENGTH-OF-SUBLIST) (HANDS-OFF LENGTH SUBLISTP POWER-SET SUBSETP))) WARNING: Note that the proposed lemma PRE-HOMP-IS-NECESSARY is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and six replacement rules. This formula can be simplified, using the abbreviations PRE-HOMP, NOT, and IMPLIES, to: (IMPLIES (AND (IMPLIES (LISTP (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET)))) (PRE-HOM-BAD-TRIPLEP (CAAR (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET)))) (CDAR (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET)))) (CDR (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET)))) SET G)) (LISTP (COUNTER-PRE-HOM SET G (PRODUCT (PRODUCT SET SET) (POWER-SET SET))))) (AND (SUBLISTP (COUNTER-PRE-HOM-S1 SET G) SET) (LISTP (COUNTER-PRE-HOM-S1 SET G)) (SETP (COUNTER-PRE-HOM-S1 SET G)) (MEMBER (COUNTER-PRE-HOM-Y SET G) SET) (MEMBER (COUNTER-PRE-HOM-Z SET G) SET) (LESSP (LAST (COUNTER-PRE-HOM-S1 SET G)) (COUNTER-PRE-HOM-Y SET G)) (LESSP (LAST (COUNTER-PRE-HOM-S1 SET G)) (COUNTER-PRE-HOM-Z SET G)) (NOT (EQUAL (FUNCALL G (ADD-ON-END (COUNTER-PRE-HOM-Y SET G) (COUNTER-PRE-HOM-S1 SET G))) (FUNCALL G (ADD-ON-END (COUNTER-PRE-HOM-Z SET G) (COUNTER-PRE-HOM-S1 SET G))))))), which simplifies, expanding the definitions of PRE-HOM-BAD-TRIPLEP, IMPLIES, COUNTER-PRE-HOM-S1, COUNTER-PRE-HOM-Y, COUNTER-PRE-HOM-Z, NOT, and AND, to: T. Q.E.D. [ 0.0 0.0 0.0 ] PRE-HOMP-IS-NECESSARY (DISABLE PRE-HOMP) [ 0.0 0.0 0.0 ] PRE-HOMP-OFF (DISABLE PRE-HOM-BAD-TRIPLEP) [ 0.0 0.0 0.0 ] PRE-HOM-BAD-TRIPLEP-OFF1 (DISABLE COUNTER-PRE-HOM-Y) [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM-Y-OFF (DISABLE COUNTER-PRE-HOM-Z) [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM-Z-OFF (DISABLE COUNTER-PRE-HOM-S1) [ 0.0 0.0 0.0 ] COUNTER-PRE-HOM-S1-OFF (DEFN FIND-LARGER-ELEMENT (S1 SET) (IF (NLISTP SET) NIL (IF (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET))) (CAR SET) (FIND-LARGER-ELEMENT S1 (CDR SET))))) Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definitions of AND and NLISTP can be used to show that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each recursive call. Hence, FIND-LARGER-ELEMENT is accepted under the definitional principle. Note that: (OR (NUMBERP (FIND-LARGER-ELEMENT S1 SET)) (LITATOM (FIND-LARGER-ELEMENT S1 SET))) is a theorem. [ 0.0 0.0 0.0 ] FIND-LARGER-ELEMENT (PROVE-LEMMA FIND-LARGER-ELEMENT-WORKS-A (REWRITE) (IMPLIES (NUMBERP (FIND-LARGER-ELEMENT S1 SET)) (AND (MEMBER (FIND-LARGER-ELEMENT S1 SET) SET) (NUMBERP (FIND-LARGER-ELEMENT S1 SET)) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 SET))))) WARNING: When the linear lemma FIND-LARGER-ELEMENT-WORKS-A is stored under (LAST S1) it contains the free variable SET which will be chosen by instantiating the hypothesis (NUMBERP (FIND-LARGER-ELEMENT S1 SET)). WARNING: Note that the proposed lemma FIND-LARGER-ELEMENT-WORKS-A is to be stored as zero type prescription rules, zero compound recognizer rules, two linear rules, and two replacement rules. This conjecture simplifies, expanding AND, to the following two new conjectures: Case 2. (IMPLIES (NUMBERP (FIND-LARGER-ELEMENT S1 SET)) (MEMBER (FIND-LARGER-ELEMENT S1 SET) SET)). Name the above subgoal *1. Case 1. (IMPLIES (NUMBERP (FIND-LARGER-ELEMENT S1 SET)) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 SET))), which we would usually push and work on later by induction. But if we must use induction to prove the input conjecture, we prefer to induct on the original formulation of the problem. Thus we will disregard all that we have previously done, give the name *1 to the original input, and work on it. So now let us consider: (AND (IMPLIES (NUMBERP (FIND-LARGER-ELEMENT S1 SET)) (MEMBER (FIND-LARGER-ELEMENT S1 SET) SET)) (IMPLIES (NUMBERP (FIND-LARGER-ELEMENT S1 SET)) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (IMPLIES (NUMBERP (FIND-LARGER-ELEMENT S1 SET)) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 SET)))). We gave this the name *1 above. Perhaps we can prove it by induction. There are eight plausible inductions. They merge into two likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP SET) (p S1 SET)) (IMPLIES (AND (NOT (NLISTP SET)) (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET)))) (p S1 SET)) (IMPLIES (AND (NOT (NLISTP SET)) (NOT (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET)))) (p S1 (CDR SET))) (p S1 SET))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definitions of AND and NLISTP can be used to show that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates eight new goals: Case 8. (IMPLIES (AND (NLISTP SET) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (MEMBER (FIND-LARGER-ELEMENT S1 SET) SET)), which simplifies, unfolding the functions NLISTP, FIND-LARGER-ELEMENT, and NUMBERP, to: T. Case 7. (IMPLIES (AND (NOT (NLISTP SET)) (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET))) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (MEMBER (FIND-LARGER-ELEMENT S1 SET) SET)), which simplifies, applying SUBSETP-IS-IDEMPOTENT and CAR-OF-SUBSET, and opening up the functions NLISTP, AND, and FIND-LARGER-ELEMENT, to: T. Case 6. (IMPLIES (AND (NOT (NLISTP SET)) (NOT (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET)))) (NOT (NUMBERP (FIND-LARGER-ELEMENT S1 (CDR SET)))) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (MEMBER (FIND-LARGER-ELEMENT S1 SET) SET)). This simplifies, opening up the definitions of NLISTP, AND, and FIND-LARGER-ELEMENT, to: T. Case 5. (IMPLIES (AND (NOT (NLISTP SET)) (NOT (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET)))) (MEMBER (FIND-LARGER-ELEMENT S1 (CDR SET)) (CDR SET)) (NUMBERP (FIND-LARGER-ELEMENT S1 (CDR SET))) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 (CDR SET))) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (MEMBER (FIND-LARGER-ELEMENT S1 SET) SET)). This simplifies, unfolding the definitions of NLISTP, AND, FIND-LARGER-ELEMENT, and MEMBER, to: T. Case 4. (IMPLIES (AND (NLISTP SET) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 SET))). This simplifies, opening up the definitions of NLISTP, FIND-LARGER-ELEMENT, and NUMBERP, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP SET)) (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET))) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 SET))). This simplifies, expanding the definitions of NLISTP, AND, and FIND-LARGER-ELEMENT, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP SET)) (NOT (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET)))) (NOT (NUMBERP (FIND-LARGER-ELEMENT S1 (CDR SET)))) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 SET))). This simplifies, unfolding NLISTP, AND, and FIND-LARGER-ELEMENT, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP SET)) (NOT (AND (NUMBERP (CAR SET)) (LESSP (LAST S1) (CAR SET)))) (MEMBER (FIND-LARGER-ELEMENT S1 (CDR SET)) (CDR SET)) (NUMBERP (FIND-LARGER-ELEMENT S1 (CDR SET))) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 (CDR SET))) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))) (LESSP (LAST S1) (FIND-LARGER-ELEMENT S1 SET))). This simplifies, unfolding NLISTP, AND, and FIND-LARGER-ELEMENT, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] FIND-LARGER-ELEMENT-WORKS-A (PROVE-LEMMA FIND-LARGER-ELEMENT-WORKS-B (REWRITE) (IMPLIES (AND (MEMBER X SET) (NUMBERP X) (LESSP (LAST S1) X)) (NUMBERP (FIND-LARGER-ELEMENT S1 SET)))) WARNING: Note that FIND-LARGER-ELEMENT-WORKS-B contains the free variable X which will be chosen by instantiating the hypothesis (MEMBER X SET). Call the conjecture *1. Let us appeal to the induction principle. There are four plausible inductions. They merge into three likely candidate inductions. However, only one is unflawed. We will induct according to the following scheme: (AND (IMPLIES (NLISTP SET) (p S1 SET X)) (IMPLIES (AND (NOT (NLISTP SET)) (EQUAL X (CAR SET))) (p S1 SET X)) (IMPLIES (AND (NOT (NLISTP SET)) (NOT (EQUAL X (CAR SET))) (p S1 (CDR SET) X)) (p S1 SET X))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces four new formulas: Case 4. (IMPLIES (AND (NLISTP SET) (MEMBER X SET) (NUMBERP X) (LESSP (LAST S1) X)) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))), which simplifies, opening up the definitions of NLISTP and MEMBER, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP SET)) (EQUAL X (CAR SET)) (MEMBER X SET) (NUMBERP X) (LESSP (LAST S1) X)) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))), which simplifies, applying SUBSETP-IS-IDEMPOTENT and CAR-OF-SUBSET, and expanding the definitions of NLISTP and FIND-LARGER-ELEMENT, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP SET)) (NOT (EQUAL X (CAR SET))) (NOT (MEMBER X (CDR SET))) (MEMBER X SET) (NUMBERP X) (LESSP (LAST S1) X)) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))). This simplifies, unfolding the functions NLISTP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP SET)) (NOT (EQUAL X (CAR SET))) (NUMBERP (FIND-LARGER-ELEMENT S1 (CDR SET))) (MEMBER X SET) (NUMBERP X) (LESSP (LAST S1) X)) (NUMBERP (FIND-LARGER-ELEMENT S1 SET))). This simplifies, expanding the definitions of NLISTP, MEMBER, and FIND-LARGER-ELEMENT, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] FIND-LARGER-ELEMENT-WORKS-B (DISABLE FIND-LARGER-ELEMENT) [ 0.0 0.0 0.0 ] FIND-LARGER-ELEMENT-OFF (PROVE-LEMMA LAST-IS-A-MEMBER (REWRITE) (IMPLIES (LISTP LST) (MEMBER (LAST LST) LST))) Call the conjecture *1. We will try to prove it by induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (NLISTP LST) (p LST)) (IMPLIES (AND (NOT (NLISTP LST)) (EQUAL (LAST LST) (CAR LST))) (p LST)) (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL (LAST LST) (CAR LST))) (p (CDR LST))) (p LST))). Linear arithmetic, the lemmas CDR-LESSEQP and CDR-LESSP, and the definition of NLISTP can be used to establish that the measure (COUNT LST) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme generates the following four new formulas: Case 4. (IMPLIES (AND (NLISTP LST) (LISTP LST)) (MEMBER (LAST LST) LST)). This simplifies, expanding the definition of NLISTP, to: T. Case 3. (IMPLIES (AND (NOT (NLISTP LST)) (EQUAL (LAST LST) (CAR LST)) (LISTP LST)) (MEMBER (LAST LST) LST)). This simplifies, appealing to the lemmas SUBSETP-IS-IDEMPOTENT and CAR-OF-SUBSET, and opening up NLISTP and LAST, to: T. Case 2. (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL (LAST LST) (CAR LST))) (NOT (LISTP (CDR LST))) (LISTP LST)) (MEMBER (LAST LST) LST)). This simplifies, unfolding NLISTP and LAST, to: T. Case 1. (IMPLIES (AND (NOT (NLISTP LST)) (NOT (EQUAL (LAST LST) (CAR LST))) (MEMBER (LAST (CDR LST)) (CDR LST)) (LISTP LST)) (MEMBER (LAST LST) LST)). This simplifies, unfolding the definitions of NLISTP, LAST, and MEMBER, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] LAST-IS-A-MEMBER (PROVE-LEMMA LAST-IS-A-CANDIDATE-1 (REWRITE) (IMPLIES (AND (SUBLISTP S1 SET) (LEQ 2 (LENGTH S1))) (MEMBER (LAST S1) SET)) ((DO-NOT-INDUCT T) (USE (LAST-IS-A-MEMBER (LST S1)) (SUBLIST-IMPLIES-SUBSET (LST1 S1) (LST2 SET))) (DISABLE LAST-IS-A-MEMBER SUBLIST-IMPLIES-SUBSET))) This simplifies, rewriting with the lemmas EMPTY-SUBSET and SUBSETP-WORKS-1, and unfolding IMPLIES, LENGTH, and LESSP, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LAST-IS-A-CANDIDATE-1 (ENABLE SETP) [ 0.0 0.0 0.0 ] SETP-ON3 (PROVE-LEMMA MEMBERS-ARE-NUMBERS (REWRITE) (IMPLIES (AND (SETP SET) (MEMBER X SET)) (NUMBERP X))) WARNING: Note that MEMBERS-ARE-NUMBERS contains the free variable SET which will be chosen by instantiating the hypothesis (SETP SET). Name the conjecture *1. We will appeal to induction. The recursive terms in the conjecture suggest two inductions. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP SET) (p X (CDR SET))) (p X SET)) (IMPLIES (NOT (LISTP SET)) (p X SET))). Linear arithmetic and the lemma CDR-LESSP inform us that the measure (COUNT SET) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces the following three new formulas: Case 3. (IMPLIES (AND (LISTP SET) (NOT (SETP (CDR SET))) (SETP SET) (MEMBER X SET)) (NUMBERP X)). This simplifies, expanding the definition of SETP, to: T. Case 2. (IMPLIES (AND (LISTP SET) (NOT (MEMBER X (CDR SET))) (SETP SET) (MEMBER X SET)) (NUMBERP X)). This simplifies, expanding the definitions of SETP and MEMBER, to: T. Case 1. (IMPLIES (AND (NOT (LISTP SET)) (SETP SET) (MEMBER X SET)) (NUMBERP X)). This simplifies, opening up the functions SETP, LISTP, and MEMBER, to: T. That finishes the proof of *1. Q.E.D. [ 0.0 0.0 0.0 ] MEMBERS-ARE-NUMBERS (DISABLE SETP) [ 0.0 0.0 0.0 ] SETP-OFF4 (PROVE-LEMMA LAST-IS-A-CANDIDATE-2 (REWRITE) (IMPLIES (AND (SETP S1) (LEQ 2 (LENGTH S1))) (NUMBERP (LAST S1)))) This conjecture simplifies, applying LAST-IS-A-CANDIDATE-1, ALL-SUBSETS, SUBSETP-IS-IDEMPOTENT, ONLY-SUBLISTS, and MEMBERS-ARE-NUMBERS, to: T. Q.E.D. [ 0.0 0.0 0.0 ] LAST-IS-A-CANDIDATE-2 (ENABLE SETP) [ 0.0 0.0 0.0 ] SETP-ON4 (PROVE-LEMMA LAST-IS-A-CANDIDATE-3 (REWRITE) (IMPLIES (AND (SETP S1) (LEQ 2 (LENGTH S1))) (LESSP (LAST (ALL-BUT-LAST S1)) (LAST S1)))) WARNING: Note that the proposed lemma LAST-IS-A-CANDIDATE-3 is to be stored as zero type prescription rules, zero compound recognizer rules, one linear rule, and zero replacement rules. Call the conjecture *1. Let us appeal to the induction principle. Four inductions are suggested by terms in the conjecture. However, they merge into one likely candidate induction. We will induct according to the following scheme: (AND (IMPLIES (AND (LISTP S1) (LISTP (CDR S1)) (p (CDR S1))) (p S1)) (IMPLIES (AND (LISTP S1) (NOT (LISTP (CDR S1)))) (p S1)) (IMPLIES (NOT (LISTP S1)) (p S1))). Linear arithmetic and the lemma CDR-LESSP establish that the measure (COUNT S1) decreases according to the well-founded relation LESSP in each induction step of the scheme. The above induction scheme produces five new goals: Case 5. (IMPLIES (AND (LISTP S1) (LISTP (CDR S1)) (NOT (SETP (CDR S1))) (SETP S1) (NOT (LESSP (LENGTH S1) 2))) (LESSP (LAST (ALL-BUT-LAST S1)) (LAST S1))), which simplifies, unfolding the function SETP, to: T. Case 4. (IMPLIES (AND (LISTP S1) (LISTP (CDR S1)) (LESSP (LENGTH (CDR S1)) 2) (SETP S1) (NOT (LESSP (LENGTH S1) 2))) (LESSP (LAST (ALL-BUT-LAST S1)) (LAST S1))), which simplifies, applying SUB1-ADD1, CAR-CONS, and CDR-CONS, and opening up the definitions of SETP, LENGTH, SUB1, NUMBERP, EQUAL, LESSP, ALL-BUT-LAST, and LAST, to the following two new goals: Case 4.2. (IMPLIES (AND (LISTP S1) (LISTP (CDR S1)) (LESSP (LENGTH (CDR S1)) 2) (NUMBERP (CAR S1)) (SETP (CDR S1)) (LESSP (CAR S1) (CADR S1)) (NOT (LESSP (LENGTH (CDR S1)) 1)) (NOT (LISTP (ALL-BUT-LAST (CDR S1))))) (LESSP (CAR S1) (LAST (CDR S1)))). This again simplifies, using linear arithmetic, to the goal: (IMPLIES (AND (EQUAL (LENGTH (CDR S1)) 1) (LISTP S1) (LISTP (CDR S1)) (LESSP 1 2) (NUMBERP (CAR S1)) (SETP (CDR S1)) (LESSP (CAR S1) (CADR S1)) (NOT (LESSP 1 1)) (NOT (LISTP (ALL-BUT-LAST (CDR S1))))) (LESSP (CAR S1) (LAST (CDR S1)))). This again simplifies, unfolding the function LESSP, to the goal: (IMPLIES (AND (EQUAL (LENGTH (CDR S1)) 1) (LISTP S1) (LISTP (CDR S1)) (NUMBERP (CAR S1)) (SETP (CDR S1)) (LESSP (CAR S1) (CADR S1)) (NOT (LISTP (ALL-BUT-LAST (CDR S1))))) (LESSP (CAR S1) (LAST (CDR S1)))). Appealing to the lemma CAR-CDR-ELIM, we now replace S1 by (CONS Z X) to eliminate (CDR S1) and (CAR S1) and X by (CONS V W) to eliminate (CAR X) and (CDR X). The result is: (IMPLIES (AND (EQUAL (LENGTH (CONS V W)) 1) (NUMBERP Z) (SETP (CONS V W)) (LESSP Z V) (NOT (LISTP (ALL-BUT-LAST (CONS V W))))) (LESSP Z (LAST (CONS V W)))). However this further simplifies, appealing to the lemmas CDR-CONS, ADD1-EQUAL, and CAR-CONS, and expanding the definitions of LENGTH, NUMBERP, SETP, LISTP, ALL-BUT-LAST, and LAST, to: T. Case 4.1. (IMPLIES (AND (LISTP S1) (LISTP (CDR S1)) (LESSP (LENGTH (CDR S1)) 2) (NUMBERP (CAR S1)) (SETP (CDR S1)) (LESSP (CAR S1) (CADR S1)) (NOT (LESSP (LENGTH (CDR S1)) 1)) (LISTP (ALL-BUT-LAST (CDR S1)))) (LESSP (LAST (ALL-BUT-LAST (CDR S1))) (LAST (CDR S1)))), which again simplifies, using linear arithmetic, to the goal: (IMPLIES (AND (EQUAL (LENGTH (CDR S1)) 1) (LISTP S1) (LISTP (CDR S1)) (LESSP 1 2) (NUMBERP (CAR S1)) (SETP (CDR S1)) (LESSP (CAR S1) (CADR S1)) (NOT (LESSP 1 1)) (LISTP (ALL-BUT-LAST (CDR S1)))) (LESSP (LAST (ALL-BUT-LAST (CDR S1))) (LAST (CDR S1)))). However this again simplifies, expanding the definition of LESSP, to the goal: (IMPLIES (AND (EQUAL (LENGTH (CDR S1)) 1) (LISTP S1) (LISTP (CDR S1)) (NUMBERP (CAR S1)) (SETP (CDR S1)) (LESSP (CAR S1) (CADR S1)) (LISTP (ALL-BUT-LAST (CDR S1)))) (LESSP (LAST (ALL-BUT-LAST (CDR S1))) (LAST (CDR S1)))). Appealing to the lemma CAR-CDR-ELIM, we now replace S1 by (CONS Z X) to eliminate (CDR S1) and (CAR S1) and X by (CONS V W) to eliminate (CAR X) and (CDR X). We must thus prove: (IMPLIES (AND (EQUAL (LENGTH (CONS V W)) 1) (NUMBERP Z) (SETP (CONS V W)) (LESSP Z V) (LISTP (ALL-BUT-LAST (CONS V W)))) (LESSP (LAST (ALL-BUT-LAST (CONS V W))) (LAST (CONS V W)))). This further simplifies, rewriting with the lemmas CDR-CONS, ADD1-EQUAL, and CAR-CONS, and expanding the definitions of LENGTH, NUMBERP, SETP, LISTP, ALL-BUT-LAST, and LAST, to two new conjectures: Case 4.1.2. (IMPLIES (AND (EQUAL (LENGTH W) 0) (NUMBERP Z) (NUMBERP V) (SETP W) (LESSP V (CAR W)) (LESSP Z V) (LISTP W) (NOT (LISTP (ALL-BUT-LAST W)))) (LESSP V (LAST W))), which we will finally name *1.1. Case 4.1.1. (IMPLIES (AND (EQUAL (LENGTH W) 0) (NUMBERP Z) (NUMBERP V) (SETP W) (LESSP V (CAR W)) (LESSP Z V) (LISTP W) (LISTP (ALL-BUT-LAST W))) (LESSP (LAST (ALL-BUT-LAST W)) (LAST W))). We will try to prove the above formula by generalizing it, replacing (ALL-BUT-LAST W) by Y. The result is: (IMPLIES (AND (EQUAL (LENGTH W) 0) (NUMBERP Z) (NUMBERP V) (SETP W) (LESSP V (CAR W)) (LESSP Z V) (LISTP W) (LISTP Y)) (LESSP (LAST Y) (LAST W))). Finally name the above subgoal *1.2. Case 3. (IMPLIES (AND (LISTP S1) (LISTP (CDR S1)) (LESSP (LAST (ALL-BUT-LAST (CDR S1))) (LAST (CDR S1))) (SETP S1) (NOT (LESSP (LENGTH S1) 2))) (LESSP (LAST (ALL-BUT-LAST S1)) (LAST S1))). This simplifies, rewriting with the lemmas SUB1-ADD1, CAR-CONS, and CDR-CONS, and unfolding SETP, LENGTH, SUB1, NUMBERP, EQUAL, LESSP, ALL-BUT-LAST, and LAST, to the new conjecture: (IMPLIES (AND (LISTP S1) (LISTP (CDR S1)) (LESSP (LAST (ALL-BUT-LAST (CDR S1))) (LAST (CDR S1))) (NUMBERP (CAR S1)) (SETP (CDR S1)) (LESSP (CAR S1) (CADR S1)) (NOT (LESSP (LENGTH (CDR S1)) 1)) (NOT (LISTP (ALL-BUT-LAST (CDR S1))))) (LESSP (CAR S1) (LAST (CDR S1)))), which again simplifies, using linear arithmetic, rewriting with the lemma FIRST-BEFORE-LAST, and opening up LAST and SETP, to: T. Case 2. (IMPLIES (AND (LISTP S1) (NOT (LISTP (CDR S1))) (SETP S1) (NOT (LESSP (LENGTH S1) 2))) (LESSP (LAST (ALL-BUT-LAST S1)) (LAST S1))), which simplifies, rewriting with EMPTY-IS-NIL and SUB1-ADD1, and unfolding the definitions of SETP, LENGTH, SUB1, NUMBERP, EQUAL, LESSP, ALL-BUT-LAST, and LAST, to: (IMPLIES (AND (LISTP S1) (NOT (LISTP (CDR S1))) (NUMBERP (CAR S1)) (SETP (CDR S1)) (NOT (LESSP (LENGTH (CDR S1)) 1))) (NOT (EQUAL (CAR S1) 0))), which again simplifies, expanding the function NUMBERP, to the formula: (IMPLIES (AND (LISTP S1) (NOT (LISTP (CDR S1))) (SETP (CDR S1)) (NOT (LESSP (LENGTH (CDR S1)) 1))) (NOT (EQUAL (CAR S1) 0))). But this further simplifies, opening up SETP, LENGTH, and LESSP, to: T. Case 1. (IMPLIES (AND (NOT (LISTP S1)) (SETP S1) (NOT (LESSP (LENGTH S1) 2))) (LESSP (LAST (ALL-BUT-LAST S1)) (LAST S1))), which simplifies, expandi