ACL2 !>(certify-book "notes-version-1") CERTIFICATION ATTEMPT FOR "/Users/moore/courses/cs389r/spring-06/notes-version-1.lisp" ACL2 Version 2.9 * Step 1: Read "/Users/moore/courses/cs389r/spring-06/notes-version-1.lisp" and compute its check sum. * Step 2: There were 329 forms in the file. The check sum is 132297991. We now attempt to establish that each form, whether local or non-local, is indeed an admissible embedded event form in the context of the previously admitted ones. Note that proof-tree output is inhibited during this check; see :DOC proof-tree. ACL2 >>(DEFMACRO THEOREM (NAME FORM &KEY (RULE-CLASSES ':REWRITE RULE-CLASSES-SUPPLIEDP) HINTS) (LET ((OLD-HINTS HINTS) (HINTS (COND ((NULL HINTS) '(("Goal" :DO-NOT-INDUCT T))) ((AND (TRUE-LISTP HINTS) (EQUAL (LENGTH HINTS) 1) (EQUAL (CAR (CAR HINTS)) "Goal")) (CONS (CONS '"Goal" (CONS ':DO-NOT-INDUCT (CONS 'T (APPEND (CDR (CAR HINTS)) 'NIL)))) 'NIL)) (T NIL)))) (COND ((NULL HINTS) (CONS 'ER (CONS 'SOFT (CONS (CONS 'QUOTE (CONS 'THEOREM 'NIL)) (CONS '"The :hints value ~x0 is not allowed ~ by this macro." (CONS (CONS 'QUOTE (CONS OLD-HINTS 'NIL)) 'NIL)))))) ((AND RULE-CLASSES-SUPPLIEDP (EQUAL RULE-CLASSES NIL)) (CONS 'DEFTHM (CONS NAME (CONS FORM (CONS ':RULE-CLASSES (CONS 'NIL (CONS ':HINTS (CONS HINTS 'NIL)))))))) (T (CONS 'PROGN (CONS (CONS 'DEFTHM (CONS NAME (CONS FORM (APPEND (IF RULE-CLASSES-SUPPLIEDP (CONS ':RULE-CLASSES (CONS RULE-CLASSES 'NIL)) NIL) (CONS ':HINTS (CONS HINTS 'NIL)))))) (CONS (CONS 'IN-THEORY (CONS (CONS 'DISABLE (CONS NAME 'NIL)) 'NIL)) (CONS (CONS 'VALUE-TRIPLE (CONS (CONS 'QUOTE (CONS NAME 'NIL)) 'NIL)) 'NIL)))))))) Summary Form: ( DEFMACRO THEOREM ...) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) THEOREM ACL2 >>(DEFUN ADD-LABEL-TO-BUCKET (LABEL CONST BUCKETS) (IF (ENDP BUCKETS) (LIST (LIST CONST (LIST LABEL))) (IF (EQUAL CONST (CAR (CAR BUCKETS))) (CONS (LIST CONST (APPEND (CADR (CAR BUCKETS)) (LIST LABEL))) (CDR BUCKETS)) (CONS (CAR BUCKETS) (ADD-LABEL-TO-BUCKET LABEL CONST (CDR BUCKETS)))))) The admission of ADD-LABEL-TO-BUCKET is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O- P) and the measure (ACL2-COUNT BUCKETS). We observe that the type of ADD-LABEL-TO-BUCKET is described by the theorem (CONSP (ADD-LABEL-TO-BUCKET LABEL CONST BUCKETS)). We used primitive type reasoning. Summary Form: ( DEFUN ADD-LABEL-TO-BUCKET ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.06 seconds (prove: 0.00, print: 0.02, other: 0.04) ADD-LABEL-TO-BUCKET ACL2 >>(DEFUN MAKE-EQUIV-CLASSES (ALIST BUCKETS) (IF (ENDP ALIST) BUCKETS (MAKE-EQUIV-CLASSES (CDR ALIST) (ADD-LABEL-TO-BUCKET (CAAR ALIST) (CADR (CAR ALIST)) BUCKETS)))) The admission of MAKE-EQUIV-CLASSES is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O- P) and the measure (ACL2-COUNT ALIST). We observe that the type of MAKE-EQUIV-CLASSES is described by the theorem (OR (CONSP (MAKE-EQUIV-CLASSES ALIST BUCKETS)) (EQUAL (MAKE-EQUIV-CLASSES ALIST BUCKETS) BUCKETS)). We used the :type-prescription rule ADD-LABEL-TO-BUCKET. Summary Form: ( DEFUN MAKE-EQUIV-CLASSES ...) Rules: ((:TYPE-PRESCRIPTION ADD-LABEL-TO-BUCKET)) Warnings: None Time: 0.04 seconds (prove: 0.00, print: 0.02, other: 0.02) MAKE-EQUIV-CLASSES ACL2 >>(THEOREM PROBLEM-2 (EQUAL (MAKE-EQUIV-CLASSES '((1 (1 2 3)) (2 (NIL NIL NIL)) (3 ((NIL NIL))) (4 (1 (2 . 3) 4)) (5 (NIL NIL)) (6 (1 (2 . 3) 4)) (7 (HELLOWORLD !)) (8 (1 (2 3) 4)) (9 ((A . T) (B) (C))) (10 (NIL NIL)) (11 (1 2 3)) (12 (NIL NIL)) (13 (A B C)) (14 (A B C)) (15 (HELLO WORLD !)) (16 ((A . T) (B) (C)))) NIL) '(((1 2 3) (1 11)) ((NIL NIL NIL) (2)) (((NIL NIL)) (3)) ((1 (2 . 3) 4) (4 6)) ((NIL NIL) (5 10 12)) ((HELLOWORLD !) (7)) ((1 (2 3) 4) (8)) (((A . T) (B) (C)) (9 16)) ((A B C) (13 14)) ((HELLO WORLD !) (15)))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] But we reduce the conjecture to T, by the :executable-counterparts of EQUAL and MAKE-EQUIV-CLASSES. Q.E.D. Summary Form: ( DEFTHM PROBLEM-2 ...) Rules: ((:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART MAKE-EQUIV-CLASSES)) Warnings: None Time: 0.01 seconds (prove: 0.01, print: 0.00, other: 0.00) PROBLEM-2 ACL2 >>(THEOREM PROBLEM-4 (AND (EQUAL '((1 . 2) 3 . 4) (CONS (CONS '1 '2) (CONS '3 '4))) (EQUAL '(1 2 3) (CONS '1 (CONS '2 (CONS '3 'NIL)))) (EQUAL '((1 . T) (2) (3 . T)) (CONS (CONS '1 'T) (CONS (CONS '2 'NIL) (CONS (CONS '3 'T) 'NIL)))) (EQUAL '((A . 1) (B . 2)) (CONS (CONS 'A '1) (CONS (CONS 'B '2) 'NIL)))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] But we reduce the conjecture to T, by case analysis. Q.E.D. Summary Form: ( DEFTHM PROBLEM-4 ...) Rules: NIL Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-4 ACL2 >>(THEOREM PROBLEM-5 (AND (EQUAL (CONS (CONS '1 '2) (CONS (CONS '3 '4) 'NIL)) '((1 . 2) (3 . 4))) (EQUAL (CONS '1 (CONS '2 '3)) '(1 2 . 3)) (EQUAL (CONS 'NIL (CONS (CONS 'NIL 'NIL) 'NIL)) '(NIL (NIL))) (EQUAL (IF 'NIL '1 '2) '2) (EQUAL (IF '1 '2 '3) '2) (EQUAL (EQUAL 'NIL (CONS 'NIL 'NIL)) 'NIL) (EQUAL (EQUAL 'HELLO 'HELLO) 'T) (EQUAL (EQUAL (CONS '1 '2) (CONS '1 'TWO)) 'NIL)) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] But we reduce the conjecture to T, by case analysis. Q.E.D. Summary Form: ( DEFTHM PROBLEM-5 ...) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) PROBLEM-5 ACL2 >>(DEFUN APP (X Y) (IF (CONSP X) (CONS (CAR X) (APP (CDR X) Y)) Y)) The admission of APP is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of APP is described by the theorem (OR (CONSP (APP X Y)) (EQUAL (APP X Y) Y)). We used primitive type reasoning. Summary Form: ( DEFUN APP ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) APP ACL2 >>(DEFUN REV (X) (IF (CONSP X) (APP (REV (CDR X)) (CONS (CAR X) NIL)) NIL)) The admission of REV is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of REV is described by the theorem (OR (CONSP (REV X)) (EQUAL (REV X) NIL)). We used primitive type reasoning and the :type-prescription rule APP. Summary Form: ( DEFUN REV ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:TYPE-PRESCRIPTION APP)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) REV ACL2 >>(DEFUN MAPNIL (X) (IF (CONSP X) (CONS NIL (MAPNIL (CDR X))) NIL)) The admission of MAPNIL is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of MAPNIL is described by the theorem (TRUE-LISTP (MAPNIL X)). We used primitive type reasoning. Summary Form: ( DEFUN MAPNIL ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) MAPNIL ACL2 >>(DEFUN SWAP-TREE (X) (IF (CONSP X) (CONS (SWAP-TREE (CDR X)) (SWAP-TREE (CAR X))) X)) The admission of SWAP-TREE is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We could deduce no constraints on the type of SWAP-TREE. However, in normalizing the definition we used primitive type reasoning. Summary Form: ( DEFUN SWAP-TREE ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.01, other: 0.02) SWAP-TREE ACL2 >>(DEFUN MEM (E X) (IF (CONSP X) (IF (EQUAL E (CAR X)) T (MEM E (CDR X))) NIL)) The admission of MEM is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of MEM is described by the theorem (OR (EQUAL (MEM E X) T) (EQUAL (MEM E X) NIL)). Summary Form: ( DEFUN MEM ...) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) MEM ACL2 >>(DEFUN SUB (X Y) (IF (CONSP X) (IF (MEM (CAR X) Y) (SUB (CDR X) Y) NIL) T)) The admission of SUB is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of SUB is described by the theorem (OR (EQUAL (SUB X Y) T) (EQUAL (SUB X Y) NIL)). Summary Form: ( DEFUN SUB ...) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) SUB ACL2 >>(DEFUN INT (X Y) (IF (CONSP X) (IF (MEM (CAR X) Y) (CONS (CAR X) (INT (CDR X) Y)) (INT (CDR X) Y)) NIL)) The admission of INT is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of INT is described by the theorem (TRUE-LISTP (INT X Y)). We used primitive type reasoning. Summary Form: ( DEFUN INT ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) INT ACL2 >>(DEFUN TIP (E X) (IF (CONSP X) (OR (TIP E (CAR X)) (TIP E (CDR X))) (EQUAL E X))) The admission of TIP is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of TIP is described by the theorem (OR (EQUAL (TIP E X) T) (EQUAL (TIP E X) NIL)). We used primitive type reasoning. Summary Form: ( DEFUN TIP ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) TIP ACL2 >>(DEFUN FLATTEN (X) (IF (CONSP X) (APP (FLATTEN (CAR X)) (FLATTEN (CDR X))) (CONS X NIL))) The admission of FLATTEN is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of FLATTEN is described by the theorem (CONSP (FLATTEN X)). We used primitive type reasoning and the :type-prescription rule APP. Summary Form: ( DEFUN FLATTEN ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:TYPE-PRESCRIPTION APP)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) FLATTEN ACL2 >>(DEFUN EVENLEN (X) (IF (CONSP X) (IF (CONSP (CDR X)) (EVENLEN (CDR (CDR X))) NIL) T)) For the admission of EVENLEN we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). The non-trivial part of the measure conjecture is Goal (IMPLIES (AND (CONSP X) (CONSP (CDR X))) (O< (ACL2-COUNT (CDDR X)) (ACL2-COUNT X))). This simplifies, using the :definitions O-FINP and O< and the :type- prescription rule ACL2-COUNT, to Goal' (IMPLIES (AND (CONSP X) (CONSP (CDR X))) (< (ACL2-COUNT (CDDR X)) (ACL2-COUNT X))). The destructor terms (CAR X) and (CDR X) can be eliminated. Furthermore, those terms are at the root of a chain of two rounds of destructor elimination. (1) Use CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. (2) Use CAR-CDR-ELIM, again, to replace X2 by (CONS X3 X4), (CAR X2) by X3 and (CDR X2) by X4. These steps produce the following goal. Goal'' (IMPLIES (AND (CONSP (CONS X3 X4)) (CONSP (LIST* X1 X3 X4))) (< (ACL2-COUNT X4) (ACL2-COUNT (LIST* X1 X3 X4)))). This simplifies, using the :definition ACL2-COUNT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Goal''' (< (ACL2-COUNT X4) (+ 1 (ACL2-COUNT X1) 1 (ACL2-COUNT X3) (ACL2-COUNT X4))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule ACL2-COUNT. Q.E.D. That completes the proof of the measure theorem for EVENLEN. Thus, we admit this function under the principle of definition. We observe that the type of EVENLEN is described by the theorem (OR (EQUAL (EVENLEN X) T) (EQUAL (EVENLEN X) NIL)). Summary Form: ( DEFUN EVENLEN ...) Rules: ((:DEFINITION ACL2-COUNT) (:DEFINITION NOT) (:DEFINITION O-FINP) (:DEFINITION O<) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION ACL2-COUNT)) Warnings: None Time: 0.05 seconds (prove: 0.02, print: 0.02, other: 0.01) EVENLEN ACL2 >>(THEOREM PROBLEM-40 (EQUAL (APP (APP A B) C) (APP A (APP B C))) :HINTS (("Goal" :INDUCT (APP A B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP A B). This suggestion was produced using the :induction rule APP. If we let (:P A B C) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B C)) (IMPLIES (AND (CONSP A) (:P (CDR A) B C)) (:P A B C))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (EQUAL (APP (APP A B) C) (APP A (APP B C)))). But simplification reduces this to T, using the :definition APP and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL (APP (APP (CDR A) B) C) (APP (CDR A) (APP B C)))) (EQUAL (APP (APP A B) C) (APP A (APP B C)))). But simplification reduces this to T, using the :definition APP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-40 ...) Rules: ((:DEFINITION APP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.03, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-40 ACL2 >>(THEOREM PROBLEM-41-COUNTEREXAMPLE (NOT (EQUAL (APP '(1 2 3 . 4) NIL) '(1 2 3 . 4))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] But we reduce the conjecture to T, by the :executable-counterparts of APP and EQUAL. Q.E.D. Summary Form: ( DEFTHM PROBLEM-41-COUNTEREXAMPLE ...) Rules: ((:EXECUTABLE-COUNTERPART APP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART NOT)) Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-41-COUNTEREXAMPLE ACL2 >>(DEFUN PROPER (X) (IF (CONSP X) (PROPER (CDR X)) (EQUAL X NIL))) The admission of PROPER is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of PROPER is described by the theorem (OR (EQUAL (PROPER X) T) (EQUAL (PROPER X) NIL)). We used primitive type reasoning. Summary Form: ( DEFUN PROPER ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) PROPER ACL2 >>(THEOREM PROBLEM-41 (IMPLIES (PROPER X) (EQUAL (APP X NIL) X)) :HINTS (("Goal" :INDUCT (APP X NIL)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP X 'NIL). This suggestion was produced using the :induction rule APP. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (IMPLIES (PROPER X) (EQUAL (APP X NIL) X))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP X)) (PROPER X)) (EQUAL (APP X NIL) X)). But simplification reduces this to T, using the :definition PROPER, the :executable-counterparts of APP, CONSP and EQUAL and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP X) (IMPLIES (PROPER (CDR X)) (EQUAL (APP (CDR X) NIL) (CDR X)))) (IMPLIES (PROPER X) (EQUAL (APP X NIL) X))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (IMPLIES (PROPER (CDR X)) (EQUAL (APP (CDR X) NIL) (CDR X))) (PROPER X)) (EQUAL (APP X NIL) X)). But simplification reduces this to T, using the :definitions APP and PROPER, primitive type reasoning and the :rewrite rule CAR-CDR-ELIM. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-41 ...) Rules: ((:DEFINITION APP) (:DEFINITION NOT) (:DEFINITION PROPER) (:EXECUTABLE-COUNTERPART APP) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP) (:REWRITE CAR-CDR-ELIM)) Warnings: None Time: 0.05 seconds (prove: 0.01, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-41 ACL2 >>(THEOREM PROBLEM-42 (EQUAL (MAPNIL (APP A B)) (APP (MAPNIL A) (MAPNIL B))) :HINTS (("Goal" :INDUCT (APP A B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP A B). This suggestion was produced using the :induction rule APP. If we let (:P A B) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B)) (IMPLIES (AND (CONSP A) (:P (CDR A) B)) (:P A B))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (EQUAL (MAPNIL (APP A B)) (APP (MAPNIL A) (MAPNIL B)))). But simplification reduces this to T, using the :definitions APP and MAPNIL, the :executable-counterpart of CONSP and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL (MAPNIL (APP (CDR A) B)) (APP (MAPNIL (CDR A)) (MAPNIL B)))) (EQUAL (MAPNIL (APP A B)) (APP (MAPNIL A) (MAPNIL B)))). But simplification reduces this to T, using the :definitions APP and MAPNIL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR- CONS and the :type-prescription rule MAPNIL. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-42 ...) Rules: ((:DEFINITION APP) (:DEFINITION MAPNIL) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION MAPNIL)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-42 ACL2 >>(THEOREM PROBLEM-43 (EQUAL (REV (MAPNIL X)) (MAPNIL (REV X))) :HINTS (("Goal" :INDUCT (REV X) :IN-THEORY (ENABLE PROBLEM-42)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (REV X). This suggestion was produced using the :induction rule REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit REV, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (REV (MAPNIL X)) (MAPNIL (REV X)))). But simplification reduces this to T, using the :definitions MAPNIL and REV and the :executable-counterparts of EQUAL, MAPNIL and REV. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (REV (MAPNIL (CDR X))) (MAPNIL (REV (CDR X))))) (EQUAL (REV (MAPNIL X)) (MAPNIL (REV X)))). But simplification reduces this to T, using the :definitions MAPNIL and REV, the :executable-counterparts of CONS and MAPNIL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS and PROBLEM-42 and the :type-prescription rule MAPNIL. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-43 ...) Rules: ((:DEFINITION MAPNIL) (:DEFINITION REV) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART MAPNIL) (:EXECUTABLE-COUNTERPART REV) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION REV) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-42) (:TYPE-PRESCRIPTION MAPNIL)) Warnings: None Time: 0.04 seconds (prove: 0.00, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-43 ACL2 >>(THEOREM PROBLEM-44-COUNTEREXAMPLE (NOT (EQUAL (REV (REV '(1 2 3 . 4))) '(1 2 3 . 4))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] But we reduce the conjecture to T, by the :executable-counterparts of EQUAL and REV. Q.E.D. Summary Form: ( DEFTHM PROBLEM-44-COUNTEREXAMPLE ...) Rules: ((:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART REV)) Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-44-COUNTEREXAMPLE ACL2 >>(THEOREM PROBLEM-44C (EQUAL (PROPER (APP A B)) (PROPER B)) :HINTS (("Goal" :INDUCT (APP A B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP A B). This suggestion was produced using the :induction rule APP. If we let (:P A B) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B)) (IMPLIES (AND (CONSP A) (:P (CDR A) B)) (:P A B))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (EQUAL (PROPER (APP A B)) (PROPER B))). But simplification reduces this to T, using the :definition APP and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL (PROPER (APP (CDR A) B)) (PROPER B))) (EQUAL (PROPER (APP A B)) (PROPER B))). But simplification reduces this to T, using the :definitions APP and PROPER, primitive type reasoning and the :rewrite rule CDR-CONS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-44C ...) Rules: ((:DEFINITION APP) (:DEFINITION PROPER) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP) (:REWRITE CDR-CONS)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.03, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-44C ACL2 >>(THEOREM PROBLEM-44B (PROPER (REV X)) :HINTS (("Goal" :INDUCT (REV X) :IN-THEORY (ENABLE PROBLEM-44C)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (REV X). This suggestion was produced using the :induction rule REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit REV, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (PROPER (REV X))). But simplification reduces this to T, using the :definition REV and the :executable-counterpart of PROPER. Subgoal *1/1 (IMPLIES (AND (CONSP X) (PROPER (REV (CDR X)))) (PROPER (REV X))). But simplification reduces this to T, using the :definitions PROPER and REV, the :executable-counterpart of PROPER, primitive type reasoning and the :rewrite rules CDR-CONS and PROBLEM-44C. That completes the proof of *1. Q.E.D. The storage of PROBLEM-44B depends upon the :type-prescription rule PROPER. Summary Form: ( DEFTHM PROBLEM-44B ...) Rules: ((:DEFINITION PROPER) (:DEFINITION REV) (:EXECUTABLE-COUNTERPART PROPER) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION REV) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-44C) (:TYPE-PRESCRIPTION PROPER)) Warnings: None Time: 0.04 seconds (prove: 0.02, print: 0.01, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-44B ACL2 >>(THEOREM PROBLEM-44A (EQUAL (REV (APP A B)) (APP (REV B) (REV A))) :HINTS (("Goal" :INDUCT (APP A B) :IN-THEORY (ENABLE PROBLEM-40 PROBLEM-41 PROBLEM-44B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP A B). This suggestion was produced using the :induction rule APP. If we let (:P A B) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B)) (IMPLIES (AND (CONSP A) (:P (CDR A) B)) (:P A B))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (EQUAL (REV (APP A B)) (APP (REV B) (REV A)))). But simplification reduces this to T, using the :definitions APP and REV, primitive type reasoning and the :rewrite rules PROBLEM-41 and PROBLEM-44B. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL (REV (APP (CDR A) B)) (APP (REV B) (REV (CDR A))))) (EQUAL (REV (APP A B)) (APP (REV B) (REV A)))). This simplifies, using the :definitions APP and REV, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/1' (IMPLIES (AND (CONSP A) (EQUAL (REV (APP (CDR A) B)) (APP (REV B) (REV (CDR A))))) (EQUAL (APP (REV (APP (CDR A) B)) (LIST (CAR A))) (APP (REV B) (APP (REV (CDR A)) (LIST (CAR A)))))). The destructor terms (CAR A) and (CDR A) can be eliminated by using CAR-CDR-ELIM to replace A by (CONS A1 A2), (CAR A) by A1 and (CDR A) by A2. This produces the following goal. Subgoal *1/1'' (IMPLIES (AND (CONSP (CONS A1 A2)) (EQUAL (REV (APP A2 B)) (APP (REV B) (REV A2)))) (EQUAL (APP (REV (APP A2 B)) (LIST A1)) (APP (REV B) (APP (REV A2) (LIST A1))))). This simplifies, using primitive type reasoning, to Subgoal *1/1''' (IMPLIES (EQUAL (REV (APP A2 B)) (APP (REV B) (REV A2))) (EQUAL (APP (REV (APP A2 B)) (LIST A1)) (APP (REV B) (APP (REV A2) (LIST A1))))). We now use the hypothesis by substituting (APP (REV B) (REV A2)) for (REV (APP A2 B)) and throwing away the hypothesis. This produces Subgoal *1/1'4' (EQUAL (APP (APP (REV B) (REV A2)) (LIST A1)) (APP (REV B) (APP (REV A2) (LIST A1)))). But we reduce the conjecture to T, by the simple :rewrite rule PROBLEM- 40. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-44A ...) Rules: ((:DEFINITION APP) (:DEFINITION REV) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-40) (:REWRITE PROBLEM-41) (:REWRITE PROBLEM-44B)) Warnings: None Time: 0.12 seconds (prove: 0.04, print: 0.07, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-44A ACL2 >>(THEOREM PROBLEM-44 (IMPLIES (PROPER X) (EQUAL (REV (REV X)) X)) :HINTS (("Goal" :INDUCT (REV X) :IN-THEORY (ENABLE PROBLEM-44A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (REV X). This suggestion was produced using the :induction rule REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit REV, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (IMPLIES (PROPER X) (EQUAL (REV (REV X)) X))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP X)) (PROPER X)) (EQUAL (REV (REV X)) X)). But simplification reduces this to T, using the :definition PROPER, the :executable-counterparts of CONSP, EQUAL and REV and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP X) (IMPLIES (PROPER (CDR X)) (EQUAL (REV (REV (CDR X))) (CDR X)))) (IMPLIES (PROPER X) (EQUAL (REV (REV X)) X))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (IMPLIES (PROPER (CDR X)) (EQUAL (REV (REV (CDR X))) (CDR X))) (PROPER X)) (EQUAL (REV (REV X)) X)). But simplification reduces this to T, using the :definitions APP, PROPER and REV, the :executable-counterparts of CONSP and REV, primitive type reasoning and the :rewrite rules CAR-CDR-ELIM, CAR-CONS, CDR-CONS and PROBLEM-44A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-44 ...) Rules: ((:DEFINITION APP) (:DEFINITION NOT) (:DEFINITION PROPER) (:DEFINITION REV) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART REV) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION REV) (:REWRITE CAR-CDR-ELIM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-44A)) Warnings: None Time: 0.06 seconds (prove: 0.02, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-44 ACL2 >>(THEOREM PROBLEM-45 (EQUAL (SWAP-TREE (SWAP-TREE X)) X) :HINTS (("Goal" :INDUCT (SWAP-TREE X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (SWAP-TREE X). This suggestion was produced using the :induction rule SWAP-TREE. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X)) (:P (CAR X))) (:P X))). This induction is justified by the same argument used to admit SWAP- TREE, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (SWAP-TREE (SWAP-TREE X)) X)). But simplification reduces this to T, using the :definition SWAP-TREE and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (SWAP-TREE (SWAP-TREE (CDR X))) (CDR X)) (EQUAL (SWAP-TREE (SWAP-TREE (CAR X))) (CAR X))) (EQUAL (SWAP-TREE (SWAP-TREE X)) X)). But simplification reduces this to T, using the :definition SWAP-TREE, primitive type reasoning and the :rewrite rules CAR-CDR-ELIM, CAR-CONS and CDR-CONS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-45 ...) Rules: ((:DEFINITION SWAP-TREE) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SWAP-TREE) (:REWRITE CAR-CDR-ELIM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-45 ACL2 >>(THEOREM PROBLEM-46 (EQUAL (MEM E (APP A B)) (OR (MEM E A) (MEM E B))) :HINTS (("Goal" :INDUCT (MEM E A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MEM E A). This suggestion was produced using the :induction rule MEM. If we let (:P A B E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B E)) (IMPLIES (AND (CONSP A) (NOT (EQUAL E (CAR A))) (:P (CDR A) B E)) (:P A B E)) (IMPLIES (AND (CONSP A) (EQUAL E (CAR A))) (:P A B E))). This induction is justified by the same argument used to admit MEM, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP A)) (EQUAL (MEM E (APP A B)) (OR (MEM E A) (MEM E B)))). But simplification reduces this to T, using the :definitions APP and MEM and primitive type reasoning. Subgoal *1/2 (IMPLIES (AND (CONSP A) (NOT (EQUAL E (CAR A))) (EQUAL (MEM E (APP (CDR A) B)) (OR (MEM E (CDR A)) (MEM E B)))) (EQUAL (MEM E (APP A B)) (OR (MEM E A) (MEM E B)))). But simplification reduces this to T, using the :definitions APP and MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule MEM. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL E (CAR A))) (EQUAL (MEM E (APP A B)) (OR (MEM E A) (MEM E B)))). This simplifies, using the :definition MEM, primitive type reasoning and the :type-prescription rule MEM, to Subgoal *1/1' (IMPLIES (CONSP A) (MEM (CAR A) (APP A B))). The destructor terms (CAR A) and (CDR A) can be eliminated by using CAR-CDR-ELIM to replace A by (CONS A1 A2), (CAR A) by A1 and (CDR A) by A2. This produces the following goal. Subgoal *1/1'' (IMPLIES (CONSP (CONS A1 A2)) (MEM A1 (APP (CONS A1 A2) B))). But simplification reduces this to T, using the :definitions APP and MEM, primitive type reasoning and the :rewrite rules CAR-CONS and CDR- CONS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-46 ...) Rules: ((:DEFINITION APP) (:DEFINITION MEM) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MEM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.03 seconds (prove: 0.01, print: 0.02, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-46 ACL2 >>(THEOREM PROBLEM-47A (IMPLIES (NOT (MEM E B)) (NOT (MEM E (INT A B)))) :HINTS (("Goal" :INDUCT (INT A B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (INT A B). This suggestion was produced using the :induction rule INT. If we let (:P A B E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B E)) (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B)) (:P (CDR A) B E)) (:P A B E)) (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (:P (CDR A) B E)) (:P A B E))). This induction is justified by the same argument used to admit INT, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP A)) (IMPLIES (NOT (MEM E B)) (NOT (MEM E (INT A B))))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP A)) (NOT (MEM E B))) (NOT (MEM E (INT A B)))). But simplification reduces this to T, using the :definitions INT and MEM and the :executable-counterpart of CONSP. Subgoal *1/2 (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B)) (IMPLIES (NOT (MEM E B)) (NOT (MEM E (INT (CDR A) B))))) (IMPLIES (NOT (MEM E B)) (NOT (MEM E (INT A B))))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B)) (IMPLIES (NOT (MEM E B)) (NOT (MEM E (INT (CDR A) B)))) (NOT (MEM E B))) (NOT (MEM E (INT A B)))). But simplification reduces this to T, using the :definitions INT and NOT and the :executable-counterpart of NOT. Subgoal *1/1 (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (IMPLIES (NOT (MEM E B)) (NOT (MEM E (INT (CDR A) B))))) (IMPLIES (NOT (MEM E B)) (NOT (MEM E (INT A B))))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (IMPLIES (NOT (MEM E B)) (NOT (MEM E (INT (CDR A) B)))) (NOT (MEM E B))) (NOT (MEM E (INT A B)))). This simplifies, using the :definitions INT, MEM and NOT, the :executable- counterpart of NOT, primitive type reasoning, the :rewrite rules CAR- CONS and CDR-CONS and the :type-prescription rules INT and MEM, to Subgoal *1/1'' (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (NOT (MEM E (INT (CDR A) B))) (NOT (MEM E B))) (NOT (EQUAL E (CAR A)))). But simplification reduces this to T, using trivial observations. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-47A ...) Rules: ((:DEFINITION INT) (:DEFINITION MEM) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION INT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION INT) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.08 seconds (prove: 0.03, print: 0.05, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-47A ACL2 >>(THEOREM PROBLEM-47 (EQUAL (MEM E (INT A B)) (AND (MEM E A) (MEM E B))) :HINTS (("Goal" :INDUCT (MEM E A) :IN-THEORY (ENABLE PROBLEM-47A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MEM E A). This suggestion was produced using the :induction rule MEM. If we let (:P A B E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B E)) (IMPLIES (AND (CONSP A) (NOT (EQUAL E (CAR A))) (:P (CDR A) B E)) (:P A B E)) (IMPLIES (AND (CONSP A) (EQUAL E (CAR A))) (:P A B E))). This induction is justified by the same argument used to admit MEM, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP A)) (EQUAL (MEM E (INT A B)) (AND (MEM E A) (MEM E B)))). But simplification reduces this to T, using the :definitions INT and MEM and the :executable-counterparts of CONSP and EQUAL. Subgoal *1/2 (IMPLIES (AND (CONSP A) (NOT (EQUAL E (CAR A))) (EQUAL (MEM E (INT (CDR A) B)) (AND (MEM E (CDR A)) (MEM E B)))) (EQUAL (MEM E (INT A B)) (AND (MEM E A) (MEM E B)))). This simplifies, using the :definitions INT and MEM, the :executable- counterpart of NOT, primitive type reasoning and the :type-prescription rule MEM, to the following two conjectures. Subgoal *1/2.2 (IMPLIES (AND (CONSP A) (NOT (EQUAL E (CAR A))) (MEM E (CDR A)) (EQUAL (MEM E (INT (CDR A) B)) (MEM E B)) (MEM (CAR A) B)) (EQUAL (MEM E (CONS (CAR A) (INT (CDR A) B))) (MEM E B))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type- prescription rule INT. Subgoal *1/2.1 (IMPLIES (AND (CONSP A) (NOT (EQUAL E (CAR A))) (NOT (MEM E (CDR A))) (EQUAL (MEM E (INT (CDR A) B)) NIL) (MEM (CAR A) B)) (NOT (MEM E (CONS (CAR A) (INT (CDR A) B))))). By case analysis we reduce the conjecture to Subgoal *1/2.1' (IMPLIES (AND (CONSP A) (NOT (EQUAL E (CAR A))) (NOT (MEM E (CDR A))) (NOT (MEM E (INT (CDR A) B))) (MEM (CAR A) B)) (NOT (MEM E (CONS (CAR A) (INT (CDR A) B))))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type- prescription rule INT. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL E (CAR A))) (EQUAL (MEM E (INT A B)) (AND (MEM E A) (MEM E B)))). This simplifies, using the :definition MEM and primitive type reasoning, to Subgoal *1/1' (IMPLIES (CONSP A) (EQUAL (MEM (CAR A) (INT A B)) (MEM (CAR A) B))). The destructor terms (CAR A) and (CDR A) can be eliminated by using CAR-CDR-ELIM to replace A by (CONS A1 A2), (CAR A) by A1 and (CDR A) by A2. This produces the following goal. Subgoal *1/1'' (IMPLIES (CONSP (CONS A1 A2)) (EQUAL (MEM A1 (INT (CONS A1 A2) B)) (MEM A1 B))). This simplifies, using the :definition INT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (MEM A1 B) (EQUAL (MEM A1 (CONS A1 (INT A2 B))) (MEM A1 B))). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rule CAR-CONS and the :type-prescription rules INT and MEM. Subgoal *1/1.1 (IMPLIES (NOT (MEM A1 B)) (EQUAL (MEM A1 (INT A2 B)) (MEM A1 B))). But simplification reduces this to T, using the :executable-counterpart of EQUAL and the :rewrite rule PROBLEM-47A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-47 ...) Rules: ((:DEFINITION INT) (:DEFINITION MEM) (:DEFINITION NOT) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MEM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-47A) (:TYPE-PRESCRIPTION INT) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.13 seconds (prove: 0.04, print: 0.08, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-47 ACL2 >>(THEOREM PROBLEM-48A (IMPLIES (SUB X (CDR Y)) (SUB X Y)) :HINTS (("Goal" :INDUCT (SUB X Y)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (SUB X Y). This suggestion was produced using the :induction rule SUB. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X Y)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (:P X Y)) (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (:P (CDR X) Y)) (:P X Y))). This induction is justified by the same argument used to admit SUB, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (SUB X (CDR Y)) (SUB X Y))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (SUB X (CDR Y))) (SUB X Y)). But simplification reduces this to T, using the :definition SUB. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (IMPLIES (SUB X (CDR Y)) (SUB X Y))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (SUB X (CDR Y))) (SUB X Y)). But simplification reduces this to T, using the :definitions MEM and SUB, the :executable-counterpart of CONSP and the :rewrite rule DEFAULT- CDR. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (SUB (CDR X) (CDR Y)) (SUB (CDR X) Y))) (IMPLIES (SUB X (CDR Y)) (SUB X Y))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (SUB (CDR X) (CDR Y)) (SUB (CDR X) Y)) (SUB X (CDR Y))) (SUB X Y)). But simplification reduces this to T, using the :definitions MEM and SUB, primitive type reasoning and the :type-prescription rules MEM and SUB. That completes the proof of *1. Q.E.D. The storage of PROBLEM-48A depends upon the :type-prescription rule SUB. Summary Form: ( DEFTHM PROBLEM-48A ...) Rules: ((:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION SUB) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SUB) (:REWRITE DEFAULT-CDR) (:TYPE-PRESCRIPTION MEM) (:TYPE-PRESCRIPTION SUB)) Warnings: None Time: 0.05 seconds (prove: 0.01, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-48A ACL2 >>(THEOREM PROBLEM-48 (SUB X X) :HINTS (("Goal" :INDUCT (SUB X X) :IN-THEORY (ENABLE PROBLEM-48A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (SUB X X). This suggestion was produced using the :induction rule SUB. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) X))) (:P X)) (IMPLIES (AND (CONSP X) (MEM (CAR X) X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit SUB, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (SUB X X)). But simplification reduces this to T, using the :definition SUB, the :executable-counterpart of CDR and the :rewrite rules DEFAULT-CDR and PROBLEM-48A. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) X))) (SUB X X)). But simplification reduces this to T, using the :definition MEM and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) X) (SUB (CDR X) (CDR X))) (SUB X X)). But simplification reduces this to T, using the :definitions MEM and SUB, primitive type reasoning, the :rewrite rule PROBLEM-48A and the :type-prescription rule SUB. That completes the proof of *1. Q.E.D. The storage of PROBLEM-48 depends upon the :type-prescription rule SUB. Summary Form: ( DEFTHM PROBLEM-48 ...) Rules: ((:DEFINITION MEM) (:DEFINITION SUB) (:EXECUTABLE-COUNTERPART CDR) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SUB) (:REWRITE DEFAULT-CDR) (:REWRITE PROBLEM-48A) (:TYPE-PRESCRIPTION SUB)) Warnings: None Time: 0.10 seconds (prove: 0.01, print: 0.08, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-48 ACL2 >>(THEOREM PROBLEM-49A (IMPLIES (AND (MEM E A) (SUB A B)) (MEM E B)) :HINTS (("Goal" :INDUCT (SUB A B)))) ACL2 Warning [Free] in ( DEFTHM PROBLEM-49A ...): The :REWRITE rule generated from PROBLEM-49A contains the free variable A. This variable will be chosen by searching for an instance of (MEM E A) among the hypotheses of the conjecture being rewritten. This is generally a severe restriction on the applicability of the :REWRITE rule. See :DOC free-variables. [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (SUB A B). This suggestion was produced using the :induction rule SUB. If we let (:P A B E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B E)) (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B))) (:P A B E)) (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (:P (CDR A) B E)) (:P A B E))). This induction is justified by the same argument used to admit SUB, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP A)) (IMPLIES (AND (MEM E A) (SUB A B)) (MEM E B))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP A)) (MEM E A) (SUB A B)) (MEM E B)). But simplification reduces this to T, using the :definition MEM. Subgoal *1/2 (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B))) (IMPLIES (AND (MEM E A) (SUB A B)) (MEM E B))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B)) (MEM E A) (SUB A B)) (MEM E B)). But simplification reduces this to T, using the :definition SUB. Subgoal *1/1 (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (IMPLIES (AND (MEM E (CDR A)) (SUB (CDR A) B)) (MEM E B))) (IMPLIES (AND (MEM E A) (SUB A B)) (MEM E B))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (IMPLIES (AND (MEM E (CDR A)) (SUB (CDR A) B)) (MEM E B)) (MEM E A) (SUB A B)) (MEM E B)). But simplification reduces this to T, using the :definitions MEM and SUB, primitive type reasoning and the :type-prescription rule MEM. That completes the proof of *1. Q.E.D. The storage of PROBLEM-49A depends upon the :type-prescription rule MEM. Summary Form: ( DEFTHM PROBLEM-49A ...) Rules: ((:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION SUB) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SUB) (:TYPE-PRESCRIPTION MEM)) Warnings: Free Time: 0.07 seconds (prove: 0.02, print: 0.04, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-49A ACL2 >>(THEOREM PROBLEM-49 (IMPLIES (AND (SUB A B) (SUB B C)) (SUB A C)) :HINTS (("Goal" :INDUCT (SUB A C) :IN-THEORY (ENABLE PROBLEM-48A PROBLEM-49A)))) ACL2 Warning [Free] in ( DEFTHM PROBLEM-49 ...): The :REWRITE rule generated from PROBLEM-49 contains the free variable B. This variable will be chosen by searching for an instance of (SUB A B) among the hypotheses of the conjecture being rewritten. This is generally a severe restriction on the applicability of the :REWRITE rule. See :DOC free-variables. [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (SUB A C). This suggestion was produced using the :induction rule SUB. If we let (:P A B C) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B C)) (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) C))) (:P A B C)) (IMPLIES (AND (CONSP A) (MEM (CAR A) C) (:P (CDR A) B C)) (:P A B C))). This induction is justified by the same argument used to admit SUB, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP A)) (IMPLIES (AND (SUB A B) (SUB B C)) (SUB A C))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP A)) (SUB A B) (SUB B C)) (SUB A C)). But simplification reduces this to T, using the :definition SUB and the :rewrite rule PROBLEM-48A. Subgoal *1/2 (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) C))) (IMPLIES (AND (SUB A B) (SUB B C)) (SUB A C))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) C)) (SUB A B) (SUB B C)) (SUB A C)). This simplifies, using the :definition SUB, to Subgoal *1/2'' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) C)) (SUB A B)) (NOT (SUB B C))). The destructor terms (CAR A) and (CDR A) can be eliminated by using CAR-CDR-ELIM to replace A by (CONS A1 A2), (CAR A) by A1 and (CDR A) by A2. This produces the following goal. Subgoal *1/2''' (IMPLIES (AND (CONSP (CONS A1 A2)) (NOT (MEM A1 C)) (SUB (CONS A1 A2) B)) (NOT (SUB B C))). This simplifies, using the :definition SUB, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/2'4' (IMPLIES (AND (NOT (MEM A1 C)) (MEM A1 B) (SUB A2 B)) (NOT (SUB B C))). But simplification reduces this to T, using the :rewrite rule PROBLEM- 49A and the :type-prescription rules MEM and SUB. Subgoal *1/1 (IMPLIES (AND (CONSP A) (MEM (CAR A) C) (IMPLIES (AND (SUB (CDR A) B) (SUB B C)) (SUB (CDR A) C))) (IMPLIES (AND (SUB A B) (SUB B C)) (SUB A C))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP A) (MEM (CAR A) C) (IMPLIES (AND (SUB (CDR A) B) (SUB B C)) (SUB (CDR A) C)) (SUB A B) (SUB B C)) (SUB A C)). But simplification reduces this to T, using the :definition SUB, the :rewrite rule PROBLEM-49A and the :type-prescription rules MEM and SUB. That completes the proof of *1. Q.E.D. The storage of PROBLEM-49 depends upon the :type-prescription rule SUB. Summary Form: ( DEFTHM PROBLEM-49 ...) Rules: ((:DEFINITION NOT) (:DEFINITION SUB) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SUB) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-48A) (:REWRITE PROBLEM-49A) (:TYPE-PRESCRIPTION MEM) (:TYPE-PRESCRIPTION SUB)) Warnings: Free Time: 0.10 seconds (prove: 0.03, print: 0.06, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-49 ACL2 >>(THEOREM PROBLEM-50A (EQUAL (SUB (APP A B) C) (AND (SUB A C) (SUB B C))) :HINTS (("Goal" :INDUCT (SUB A C) :IN-THEORY (ENABLE PROBLEM-48A PROBLEM-48 PROBLEM-49A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (SUB A C). This suggestion was produced using the :induction rule SUB. If we let (:P A B C) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B C)) (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) C))) (:P A B C)) (IMPLIES (AND (CONSP A) (MEM (CAR A) C) (:P (CDR A) B C)) (:P A B C))). This induction is justified by the same argument used to admit SUB, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP A)) (EQUAL (SUB (APP A B) C) (AND (SUB A C) (SUB B C)))). But simplification reduces this to T, using the :definitions APP and SUB, primitive type reasoning and the :rewrite rule PROBLEM-48A. Subgoal *1/2 (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) C))) (EQUAL (SUB (APP A B) C) (AND (SUB A C) (SUB B C)))). This simplifies, using the :definition SUB and primitive type reasoning, to Subgoal *1/2' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) C))) (NOT (SUB (APP A B) C))). The destructor terms (CAR A) and (CDR A) can be eliminated by using CAR-CDR-ELIM to replace A by (CONS A1 A2), (CAR A) by A1 and (CDR A) by A2. This produces the following goal. Subgoal *1/2'' (IMPLIES (AND (CONSP (CONS A1 A2)) (NOT (MEM A1 C))) (NOT (SUB (APP (CONS A1 A2) B) C))). But simplification reduces this to T, using the :definitions APP and SUB, primitive type reasoning and the :rewrite rules CAR-CONS and CDR- CONS. Subgoal *1/1 (IMPLIES (AND (CONSP A) (MEM (CAR A) C) (EQUAL (SUB (APP (CDR A) B) C) (AND (SUB (CDR A) C) (SUB B C)))) (EQUAL (SUB (APP A B) C) (AND (SUB A C) (SUB B C)))). But simplification reduces this to T, using the :definitions APP and SUB, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-48 and PROBLEM-49A and the :type-prescription rules MEM and SUB. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-50A ...) Rules: ((:DEFINITION APP) (:DEFINITION SUB) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SUB) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-48) (:REWRITE PROBLEM-48A) (:REWRITE PROBLEM-49A) (:TYPE-PRESCRIPTION MEM) (:TYPE-PRESCRIPTION SUB)) Warnings: None Time: 0.08 seconds (prove: 0.03, print: 0.03, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-50A ACL2 >>(THEOREM PROBLEM-50 (SUB (APP A A) A) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-48 PROBLEM-50A))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] But we reduce the conjecture to T, by the :executable-counterpart of IF and the simple :rewrite rules PROBLEM-48 and PROBLEM-50A. Q.E.D. Summary Form: ( DEFTHM PROBLEM-50 ...) Rules: ((:EXECUTABLE-COUNTERPART IF) (:REWRITE PROBLEM-48) (:REWRITE PROBLEM-50A)) Warnings: None Time: 0.02 seconds (prove: 0.01, print: 0.00, other: 0.01) PROBLEM-50 ACL2 >>(DEFUN MAPNIL1 (X A) (IF (CONSP X) (MAPNIL1 (CDR X) (CONS NIL A)) A)) The admission of MAPNIL1 is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of MAPNIL1 is described by the theorem (OR (CONSP (MAPNIL1 X A)) (EQUAL (MAPNIL1 X A) A)). We used primitive type reasoning. Summary Form: ( DEFUN MAPNIL1 ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.02, other: 0.01) MAPNIL1 ACL2 >>(DEFUN NILS (X) (IF (CONSP X) (AND (EQUAL (CAR X) NIL) (NILS (CDR X))) (EQUAL X NIL))) The admission of NILS is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of NILS is described by the theorem (OR (EQUAL (NILS X) T) (EQUAL (NILS X) NIL)). We used primitive type reasoning. Summary Form: ( DEFUN NILS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.02, other: 0.01) NILS ACL2 >>(THEOREM PROBLEM-51A (EQUAL (MAPNIL1 A (CONS NIL B)) (CONS NIL (MAPNIL1 A B))) :HINTS (("Goal" :INDUCT (MAPNIL1 A B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MAPNIL1 A B). This suggestion was produced using the :induction rule MAPNIL1. If we let (:P A B) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B)) (IMPLIES (AND (CONSP A) (:P (CDR A) (CONS NIL B))) (:P A B))). This induction is justified by the same argument used to admit MAPNIL1, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable B is being instantiated. When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (EQUAL (MAPNIL1 A (CONS NIL B)) (CONS NIL (MAPNIL1 A B)))). But simplification reduces this to T, using the :definition MAPNIL1 and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL (MAPNIL1 (CDR A) (LIST* NIL NIL B)) (CONS NIL (MAPNIL1 (CDR A) (CONS NIL B))))) (EQUAL (MAPNIL1 A (CONS NIL B)) (CONS NIL (MAPNIL1 A B)))). But simplification reduces this to T, using the :definition MAPNIL1 and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-51A ...) Rules: ((:DEFINITION MAPNIL1) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MAPNIL1)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-51A ACL2 >>(THEOREM PROBLEM-51B (IMPLIES (NILS X) (EQUAL (MAPNIL1 X NIL) X)) :HINTS (("Goal" :INDUCT (NILS X) :IN-THEORY (ENABLE PROBLEM-51A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (NILS X). This suggestion was produced using the :induction rule NILS. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (CAR X)) (:P X)) (IMPLIES (AND (CONSP X) (NOT (CAR X)) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit NILS, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (NILS X) (EQUAL (MAPNIL1 X NIL) X))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (NILS X)) (EQUAL (MAPNIL1 X NIL) X)). But simplification reduces this to T, using the :definition NILS, the :executable-counterparts of CONSP, EQUAL and MAPNIL1 and primitive type reasoning. Subgoal *1/2 (IMPLIES (AND (CONSP X) (CAR X)) (IMPLIES (NILS X) (EQUAL (MAPNIL1 X NIL) X))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (CAR X) (NILS X)) (EQUAL (MAPNIL1 X NIL) X)). But simplification reduces this to T, using the :definition NILS and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP X) (NOT (CAR X)) (IMPLIES (NILS (CDR X)) (EQUAL (MAPNIL1 (CDR X) NIL) (CDR X)))) (IMPLIES (NILS X) (EQUAL (MAPNIL1 X NIL) X))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (NOT (CAR X)) (IMPLIES (NILS (CDR X)) (EQUAL (MAPNIL1 (CDR X) NIL) (CDR X))) (NILS X)) (EQUAL (MAPNIL1 X NIL) X)). This simplifies, using the :definition NILS and the :executable-counterpart of EQUAL, to Subgoal *1/1'' (IMPLIES (AND (CONSP X) (NOT (CAR X)) (EQUAL (MAPNIL1 (CDR X) NIL) (CDR X)) (NILS (CDR X))) (EQUAL (MAPNIL1 X NIL) X)). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal *1/1''' (IMPLIES (AND (CONSP (CONS X1 X2)) (NOT X1) (EQUAL (MAPNIL1 X2 NIL) X2) (NILS X2)) (EQUAL (MAPNIL1 (CONS X1 X2) NIL) (CONS X1 X2))). But simplification reduces this to T, using the :definition MAPNIL1, the :executable-counterpart of CONS, primitive type reasoning and the :rewrite rules CDR-CONS and PROBLEM-51A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-51B ...) Rules: ((:DEFINITION MAPNIL1) (:DEFINITION NILS) (:DEFINITION NOT) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART MAPNIL1) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION NILS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-51A)) Warnings: None Time: 0.14 seconds (prove: 0.02, print: 0.11, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-51B ACL2 >>(THEOREM PROBLEM-51 (IMPLIES (AND (NILS A) (NILS B)) (EQUAL (MAPNIL1 A B) (MAPNIL1 B A))) :HINTS (("Goal" :INDUCT (MAPNIL1 A B) :IN-THEORY (ENABLE PROBLEM-51A PROBLEM-51B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MAPNIL1 A B). This suggestion was produced using the :induction rule MAPNIL1. If we let (:P A B) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B)) (IMPLIES (AND (CONSP A) (:P (CDR A) (CONS NIL B))) (:P A B))). This induction is justified by the same argument used to admit MAPNIL1, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable B is being instantiated. When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (IMPLIES (AND (NILS A) (NILS B)) (EQUAL (MAPNIL1 A B) (MAPNIL1 B A)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP A)) (NILS A) (NILS B)) (EQUAL (MAPNIL1 A B) (MAPNIL1 B A))). But simplification reduces this to T, using the :definitions MAPNIL1 and NILS, the :executable-counterpart of CONSP, primitive type reasoning, the :rewrite rule PROBLEM-51B and the :type-prescription rule NILS. Subgoal *1/1 (IMPLIES (AND (CONSP A) (IMPLIES (AND (NILS (CDR A)) (NILS (CONS NIL B))) (EQUAL (MAPNIL1 (CDR A) (CONS NIL B)) (MAPNIL1 (CONS NIL B) (CDR A))))) (IMPLIES (AND (NILS A) (NILS B)) (EQUAL (MAPNIL1 A B) (MAPNIL1 B A)))). By the simple :rewrite rule PROBLEM-51A we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP A) (IMPLIES (AND (NILS (CDR A)) (NILS (CONS NIL B))) (EQUAL (CONS NIL (MAPNIL1 (CDR A) B)) (MAPNIL1 (CONS NIL B) (CDR A)))) (NILS A) (NILS B)) (EQUAL (MAPNIL1 A B) (MAPNIL1 B A))). This simplifies, using the :definitions MAPNIL1 and NILS, the :executable- counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, CONS-EQUAL and PROBLEM-51A and the :type-prescription rule NILS, to Subgoal *1/1'' (IMPLIES (AND (CONSP A) (EQUAL (MAPNIL1 (CDR A) B) (MAPNIL1 B (CDR A))) (NOT (CAR A)) (NILS (CDR A)) (NILS B)) (EQUAL (MAPNIL1 (CDR A) (CONS NIL B)) (MAPNIL1 B A))). By the simple :rewrite rule PROBLEM-51A we reduce the conjecture to Subgoal *1/1''' (IMPLIES (AND (CONSP A) (EQUAL (MAPNIL1 (CDR A) B) (MAPNIL1 B (CDR A))) (NOT (CAR A)) (NILS (CDR A)) (NILS B)) (EQUAL (CONS NIL (MAPNIL1 (CDR A) B)) (MAPNIL1 B A))). This simplifies, using trivial observations, to Subgoal *1/1'4' (IMPLIES (AND (CONSP A) (EQUAL (MAPNIL1 (CDR A) B) (MAPNIL1 B (CDR A))) (NOT (CAR A)) (NILS (CDR A)) (NILS B)) (EQUAL (CONS NIL (MAPNIL1 B (CDR A))) (MAPNIL1 B A))). The destructor terms (CAR A) and (CDR A) can be eliminated by using CAR-CDR-ELIM to replace A by (CONS A1 A2), (CAR A) by A1 and (CDR A) by A2. This produces the following goal. Subgoal *1/1'5' (IMPLIES (AND (CONSP (CONS A1 A2)) (EQUAL (MAPNIL1 A2 B) (MAPNIL1 B A2)) (NOT A1) (NILS A2) (NILS B)) (EQUAL (CONS NIL (MAPNIL1 B A2)) (MAPNIL1 B (CONS A1 A2)))). But simplification reduces this to T, using primitive type reasoning and the :rewrite rule PROBLEM-51A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-51 ...) Rules: ((:DEFINITION MAPNIL1) (:DEFINITION NILS) (:DEFINITION NOT) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MAPNIL1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE CONS-EQUAL) (:REWRITE PROBLEM-51A) (:REWRITE PROBLEM-51B) (:TYPE-PRESCRIPTION NILS)) Warnings: None Time: 0.07 seconds (prove: 0.02, print: 0.04, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-51 ACL2 >>(DEFUN RM (X Y) (IF (CONSP Y) (IF (EQUAL X (CAR Y)) (CDR Y) (CONS (CAR Y) (RM X (CDR Y)))) Y)) The admission of RM is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT Y). We could deduce no constraints on the type of RM. Summary Form: ( DEFUN RM ...) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.01, other: 0.02) RM ACL2 >>(DEFUN PERM (X Y) (IF (CONSP X) (AND (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y))) (NOT (CONSP Y)))) The admission of PERM is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of PERM is described by the theorem (OR (EQUAL (PERM X Y) T) (EQUAL (PERM X Y) NIL)). Summary Form: ( DEFUN PERM ...) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) PERM ACL2 >>(THEOREM PROBLEM-53 (PERM X X) :HINTS (("Goal" :INDUCT (PERM X X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PERM X X). This suggestion was produced using the :induction rule PERM. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) X))) (:P X)) (IMPLIES (AND (CONSP X) (MEM (CAR X) X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (PERM X X)). But simplification reduces this to T, using the :definition PERM. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) X))) (PERM X X)). But simplification reduces this to T, using the :definition MEM and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) X) (PERM (CDR X) (CDR X))) (PERM X X)). But simplification reduces this to T, using the :definitions MEM, PERM and RM, primitive type reasoning and the :type-prescription rule PERM. That completes the proof of *1. Q.E.D. The storage of PROBLEM-53 depends upon the :type-prescription rule PERM. Summary Form: ( DEFTHM PROBLEM-53 ...) Rules: ((:DEFINITION MEM) (:DEFINITION PERM) (:DEFINITION RM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PERM) (:TYPE-PRESCRIPTION PERM)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-53 ACL2 >>(THEOREM PROBLEM-54A (IMPLIES (MEM A X) (EQUAL (PERM X (CONS A Y)) (PERM (RM A X) Y))) :HINTS (("Goal" :INDUCT (PERM X Y)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PERM X Y). This suggestion was produced using the :induction rule PERM. If we let (:P A X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P A X Y)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (:P A X Y)) (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (:P A (CDR X) (RM (CAR X) Y))) (:P A X Y))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable Y is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (MEM A X) (EQUAL (PERM X (CONS A Y)) (PERM (RM A X) Y)))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (MEM A X)) (EQUAL (PERM X (CONS A Y)) (PERM (RM A X) Y))). But simplification reduces this to T, using the :definition MEM. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (IMPLIES (MEM A X) (EQUAL (PERM X (CONS A Y)) (PERM (RM A X) Y)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (MEM A X)) (EQUAL (PERM X (CONS A Y)) (PERM (RM A X) Y))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal *1/2'' (IMPLIES (AND (CONSP (CONS X1 X2)) (NOT (MEM X1 Y)) (MEM A (CONS X1 X2))) (EQUAL (PERM (CONS X1 X2) (CONS A Y)) (PERM (RM A (CONS X1 X2)) Y))). This simplifies, using the :definitions MEM, PERM and RM, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/2''' (IMPLIES (AND (NOT (MEM X1 Y)) (MEM A X2) (NOT (EQUAL X1 A))) (EQUAL NIL (PERM (CONS X1 (RM A X2)) Y))). But simplification reduces this to T, using the :definition PERM, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rule CAR-CONS. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (MEM A (CDR X)) (EQUAL (PERM (CDR X) (CONS A (RM (CAR X) Y))) (PERM (RM A (CDR X)) (RM (CAR X) Y))))) (IMPLIES (MEM A X) (EQUAL (PERM X (CONS A Y)) (PERM (RM A X) Y)))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (MEM A (CDR X)) (EQUAL (PERM (CDR X) (CONS A (RM (CAR X) Y))) (PERM (RM A (CDR X)) (RM (CAR X) Y)))) (MEM A X)) (EQUAL (PERM X (CONS A Y)) (PERM (RM A X) Y))). This simplifies, using the :definitions MEM, PERM and RM, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (EQUAL (PERM (CDR X) (CONS A (RM (CAR X) Y))) (PERM (RM A (CDR X)) (RM (CAR X) Y))) (MEM A (CDR X)) (EQUAL A (CAR X))) (EQUAL (PERM X (CONS A Y)) (PERM (CDR X) Y))). But simplification reduces this to T, using the :definitions MEM, PERM and RM, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (EQUAL (PERM (CDR X) (CONS A (RM (CAR X) Y))) (PERM (RM A (CDR X)) (RM (CAR X) Y))) (MEM A (CDR X)) (NOT (EQUAL A (CAR X)))) (EQUAL (PERM X (CONS A Y)) (PERM (CONS (CAR X) (RM A (CDR X))) Y))). But simplification reduces this to T, using the :definitions MEM, PERM and RM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR- CONS and the :type-prescription rule MEM. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-54A ...) Rules: ((:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION PERM) (:DEFINITION RM) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PERM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.12 seconds (prove: 0.07, print: 0.05, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-54A ACL2 >>(THEOREM PROBLEM-54 (IMPLIES (PERM X Y) (PERM Y X)) :HINTS (("Goal" :INDUCT (PERM X Y) :IN-THEORY (ENABLE PROBLEM-54A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PERM X Y). This suggestion was produced using the :induction rule PERM. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X Y)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (:P X Y)) (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (:P (CDR X) (RM (CAR X) Y))) (:P X Y))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable Y is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (PERM X Y) (PERM Y X))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (PERM X Y)) (PERM Y X)). But simplification reduces this to T, using the :definition PERM. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (IMPLIES (PERM X Y) (PERM Y X))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (PERM X Y)) (PERM Y X)). But simplification reduces this to T, using the :definition PERM. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (PERM (CDR X) (RM (CAR X) Y)) (PERM (RM (CAR X) Y) (CDR X)))) (IMPLIES (PERM X Y) (PERM Y X))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (PERM (CDR X) (RM (CAR X) Y)) (PERM (RM (CAR X) Y) (CDR X))) (PERM X Y)) (PERM Y X)). This simplifies, using the :definition PERM and the :type-prescription rule MEM, to Subgoal *1/1'' (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (PERM (RM (CAR X) Y) (CDR X)) (PERM (CDR X) (RM (CAR X) Y))) (PERM Y X)). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal *1/1''' (IMPLIES (AND (CONSP (CONS X1 X2)) (MEM X1 Y) (PERM (RM X1 Y) X2) (PERM X2 (RM X1 Y))) (PERM Y (CONS X1 X2))). But simplification reduces this to T, using primitive type reasoning, the :rewrite rule PROBLEM-54A and the :type-prescription rules MEM and PERM. That completes the proof of *1. Q.E.D. The storage of PROBLEM-54 depends upon the :type-prescription rule PERM. Summary Form: ( DEFTHM PROBLEM-54 ...) Rules: ((:DEFINITION NOT) (:DEFINITION PERM) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PERM) (:REWRITE PROBLEM-54A) (:TYPE-PRESCRIPTION MEM) (:TYPE-PRESCRIPTION PERM)) Warnings: None Time: 0.11 seconds (prove: 0.02, print: 0.08, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-54 ACL2 >>(THEOREM PROBLEM-55A (IMPLIES (MEM A (RM B X)) (MEM A X)) :HINTS (("Goal" :INDUCT (MEM A X)))) ACL2 Warning [Free] in ( DEFTHM PROBLEM-55A ...): The :REWRITE rule generated from PROBLEM-55A contains the free variable B. This variable will be chosen by searching for an instance of (MEM A (RM B X)) among the hypotheses of the conjecture being rewritten. This is generally a severe restriction on the applicability of the :REWRITE rule. See :DOC free-variables. [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MEM A X). This suggestion was produced using the :induction rule MEM. If we let (:P A B X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P A B X)) (IMPLIES (AND (CONSP X) (NOT (EQUAL A (CAR X))) (:P A B (CDR X))) (:P A B X)) (IMPLIES (AND (CONSP X) (EQUAL A (CAR X))) (:P A B X))). This induction is justified by the same argument used to admit MEM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (MEM A (RM B X)) (MEM A X))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (MEM A (RM B X))) (MEM A X)). But simplification reduces this to T, using the :definitions MEM and RM. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (EQUAL A (CAR X))) (IMPLIES (MEM A (RM B (CDR X))) (MEM A (CDR X)))) (IMPLIES (MEM A (RM B X)) (MEM A X))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (EQUAL A (CAR X))) (IMPLIES (MEM A (RM B (CDR X))) (MEM A (CDR X))) (MEM A (RM B X))) (MEM A X)). This simplifies, using the :definitions MEM and RM, primitive type reasoning and the :type-prescription rule MEM, to Subgoal *1/2'' (IMPLIES (AND (CONSP X) (NOT (EQUAL A (CAR X))) (NOT (MEM A (RM B (CDR X)))) (NOT (EQUAL B (CAR X))) (MEM A (CONS (CAR X) (RM B (CDR X))))) (MEM A (CDR X))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL A (CAR X))) (IMPLIES (MEM A (RM B X)) (MEM A X))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (EQUAL A (CAR X)) (MEM A (RM B X))) (MEM A X)). But simplification reduces this to T, using the :definition MEM and primitive type reasoning. That completes the proof of *1. Q.E.D. The storage of PROBLEM-55A depends upon the :type-prescription rule MEM. Summary Form: ( DEFTHM PROBLEM-55A ...) Rules: ((:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION RM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MEM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION MEM)) Warnings: Free Time: 0.06 seconds (prove: 0.03, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-55A ACL2 >>(THEOREM PROBLEM-55B (IMPLIES (AND (PERM X Y) (MEM A X)) (MEM A Y)) :HINTS (("Goal" :INDUCT (PERM X Y) :IN-THEORY (ENABLE PROBLEM-55A)))) ACL2 Warning [Free] in ( DEFTHM PROBLEM-55B ...): The :REWRITE rule generated from PROBLEM-55B contains the free variable X. This variable will be chosen by searching for an instance of (PERM X Y) among the hypotheses of the conjecture being rewritten. This is generally a severe restriction on the applicability of the :REWRITE rule. See :DOC free-variables. [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PERM X Y). This suggestion was produced using the :induction rule PERM. If we let (:P A X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P A X Y)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (:P A X Y)) (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (:P A (CDR X) (RM (CAR X) Y))) (:P A X Y))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable Y is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (AND (PERM X Y) (MEM A X)) (MEM A Y))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (PERM X Y) (MEM A X)) (MEM A Y)). But simplification reduces this to T, using the :definitions MEM and PERM. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (IMPLIES (AND (PERM X Y) (MEM A X)) (MEM A Y))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (PERM X Y) (MEM A X)) (MEM A Y)). But simplification reduces this to T, using the :definition PERM. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (AND (PERM (CDR X) (RM (CAR X) Y)) (MEM A (CDR X))) (MEM A (RM (CAR X) Y)))) (IMPLIES (AND (PERM X Y) (MEM A X)) (MEM A Y))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (AND (PERM (CDR X) (RM (CAR X) Y)) (MEM A (CDR X))) (MEM A (RM (CAR X) Y))) (PERM X Y) (MEM A X)) (MEM A Y)). This simplifies, using the :definitions MEM and PERM, primitive type reasoning, the :rewrite rule PROBLEM-55A and the :type-prescription rule MEM, to Subgoal *1/1'' (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (NOT (MEM A (CDR X))) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL A (CAR X))) (MEM A Y)). But simplification reduces this to T, using trivial observations. That completes the proof of *1. Q.E.D. The storage of PROBLEM-55B depends upon the :type-prescription rule MEM. Summary Form: ( DEFTHM PROBLEM-55B ...) Rules: ((:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION PERM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PERM) (:REWRITE PROBLEM-55A) (:TYPE-PRESCRIPTION MEM)) Warnings: Free Time: 0.15 seconds (prove: 0.01, print: 0.13, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-55B ACL2 >>(THEOREM PROBLEM-55C (EQUAL (RM A (RM B X)) (RM B (RM A X))) :HINTS (("Goal" :INDUCT (RM A X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (RM A X). This suggestion was produced using the :induction rule RM. If we let (:P A B X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P A B X)) (IMPLIES (AND (CONSP X) (NOT (EQUAL A (CAR X))) (:P A B (CDR X))) (:P A B X)) (IMPLIES (AND (CONSP X) (EQUAL A (CAR X))) (:P A B X))). This induction is justified by the same argument used to admit RM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (EQUAL (RM A (RM B X)) (RM B (RM A X)))). But simplification reduces this to T, using the :definition RM and primitive type reasoning. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (EQUAL A (CAR X))) (EQUAL (RM A (RM B (CDR X))) (RM B (RM A (CDR X))))) (EQUAL (RM A (RM B X)) (RM B (RM A X)))). This simplifies, using the :definition RM, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (EQUAL A (CAR X))) (EQUAL (RM A (RM B (CDR X))) (RM B (RM A (CDR X)))) (NOT (EQUAL B (CAR X)))) (EQUAL (RM A (CONS (CAR X) (RM B (CDR X)))) (CONS (CAR X) (RM A (RM B (CDR X)))))). But simplification reduces this to T, using the :definition RM, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL A (CAR X))) (EQUAL (RM A (RM B X)) (RM B (RM A X)))). This simplifies, using the :definition RM and primitive type reasoning, to Subgoal *1/1' (IMPLIES (CONSP X) (EQUAL (RM (CAR X) (RM B X)) (RM B (CDR X)))). This simplifies, using the :definition RM, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (EQUAL B (CAR X))) (EQUAL (RM (CAR X) (CDR X)) (RM B (CDR X)))). But simplification reduces this to T, using trivial observations. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (NOT (EQUAL B (CAR X)))) (EQUAL (RM (CAR X) (CONS (CAR X) (RM B (CDR X)))) (RM B (CDR X)))). But simplification reduces this to T, using the :definition RM, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-55C ...) Rules: ((:DEFINITION RM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION RM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS)) Warnings: None Time: 0.07 seconds (prove: 0.02, print: 0.05, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-55C ACL2 >>(THEOREM PROBLEM-55D (IMPLIES (AND (NOT (EQUAL E D)) (MEM E X)) (MEM E (RM D X))) :HINTS (("Goal" :INDUCT (RM D X) :IN-THEORY (ENABLE PROBLEM-48 PROBLEM-49A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (RM D X). This suggestion was produced using the :induction rule RM. If we let (:P D E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P D E X)) (IMPLIES (AND (CONSP X) (NOT (EQUAL D (CAR X))) (:P D E (CDR X))) (:P D E X)) (IMPLIES (AND (CONSP X) (EQUAL D (CAR X))) (:P D E X))). This induction is justified by the same argument used to admit RM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (AND (NOT (EQUAL E D)) (MEM E X)) (MEM E (RM D X)))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (NOT (EQUAL E D)) (MEM E X)) (MEM E (RM D X))). But simplification reduces this to T, using the :definition MEM. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (EQUAL D (CAR X))) (IMPLIES (AND (NOT (EQUAL E D)) (MEM E (CDR X))) (MEM E (RM D (CDR X))))) (IMPLIES (AND (NOT (EQUAL E D)) (MEM E X)) (MEM E (RM D X)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (EQUAL D (CAR X))) (IMPLIES (AND (NOT (EQUAL E D)) (MEM E (CDR X))) (MEM E (RM D (CDR X)))) (NOT (EQUAL E D)) (MEM E X)) (MEM E (RM D X))). But simplification reduces this to T, using the :definitions MEM and RM, the :executable-counterpart of NOT, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-48 and PROBLEM-49A and the :type-prescription rule MEM. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL D (CAR X))) (IMPLIES (AND (NOT (EQUAL E D)) (MEM E X)) (MEM E (RM D X)))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (EQUAL D (CAR X)) (NOT (EQUAL E D)) (MEM E X)) (MEM E (RM D X))). This simplifies, using the :definition RM and primitive type reasoning, to Subgoal *1/1'' (IMPLIES (AND (CONSP X) (NOT (EQUAL E (CAR X))) (MEM E X)) (MEM E (CDR X))). But simplification reduces this to T, using the :definition MEM and primitive type reasoning. That completes the proof of *1. Q.E.D. The storage of PROBLEM-55D depends upon the :type-prescription rule MEM. Summary Form: ( DEFTHM PROBLEM-55D ...) Rules: ((:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION RM) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION RM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-48) (:REWRITE PROBLEM-49A) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.13 seconds (prove: 0.01, print: 0.10, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-55D ACL2 >>(THEOREM PROBLEM-55E (IMPLIES (PERM X Y) (PERM (RM A X) (RM A Y))) :HINTS (("Goal" :INDUCT (PERM X Y) :IN-THEORY (ENABLE PROBLEM-54A PROBLEM-54 PROBLEM-55C PROBLEM-55D)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PERM X Y). This suggestion was produced using the :induction rule PERM. If we let (:P A X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P A X Y)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (:P A X Y)) (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (:P A (CDR X) (RM (CAR X) Y))) (:P A X Y))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable Y is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (PERM X Y) (PERM (RM A X) (RM A Y)))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (PERM X Y)) (PERM (RM A X) (RM A Y))). But simplification reduces this to T, using the :definitions PERM and RM and the :rewrite rule PROBLEM-54. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (IMPLIES (PERM X Y) (PERM (RM A X) (RM A Y)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (PERM X Y)) (PERM (RM A X) (RM A Y))). But simplification reduces this to T, using the :definition PERM. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (PERM (CDR X) (RM (CAR X) Y)) (PERM (RM A (CDR X)) (RM A (RM (CAR X) Y))))) (IMPLIES (PERM X Y) (PERM (RM A X) (RM A Y)))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (PERM (CDR X) (RM (CAR X) Y)) (PERM (RM A (CDR X)) (RM A (RM (CAR X) Y)))) (PERM X Y)) (PERM (RM A X) (RM A Y))). This simplifies, using the :definitions PERM and RM and the :type- prescription rule MEM, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (PERM (RM A (CDR X)) (RM A (RM (CAR X) Y))) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL A (CAR X))) (PERM (CDR X) (RM A Y))). But simplification reduces this to T, using trivial observations. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (PERM (RM A (CDR X)) (RM A (RM (CAR X) Y))) (PERM (CDR X) (RM (CAR X) Y)) (NOT (EQUAL A (CAR X)))) (PERM (CONS (CAR X) (RM A (CDR X))) (RM A Y))). But simplification reduces this to T, using primitive type reasoning, the :rewrite rules PROBLEM-54, PROBLEM-54A, PROBLEM-55C and PROBLEM- 55D and the :type-prescription rules MEM and PERM. That completes the proof of *1. Q.E.D. The storage of PROBLEM-55E depends upon the :type-prescription rule PERM. Summary Form: ( DEFTHM PROBLEM-55E ...) Rules: ((:DEFINITION NOT) (:DEFINITION PERM) (:DEFINITION RM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PERM) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-54A) (:REWRITE PROBLEM-55C) (:REWRITE PROBLEM-55D) (:TYPE-PRESCRIPTION MEM) (:TYPE-PRESCRIPTION PERM)) Warnings: None Time: 0.20 seconds (prove: 0.04, print: 0.15, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-55E ACL2 >>(THEOREM PROBLEM-55 (IMPLIES (AND (PERM X Y) (PERM Y Z)) (PERM X Z)) :HINTS (("Goal" :INDUCT (LIST (PERM X Y) (PERM X Z)) :IN-THEORY (ENABLE PROBLEM-54 PROBLEM-55B PROBLEM-55E)))) ACL2 Warning [Free] in ( DEFTHM PROBLEM-55 ...): The :REWRITE rule generated from PROBLEM-55 contains the free variable Y. This variable will be chosen by searching for an instance of (PERM X Y) among the hypotheses of the conjecture being rewritten. This is generally a severe restriction on the applicability of the :REWRITE rule. See :DOC free-variables. [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. Two induction schemes are suggested by the induction hint. These merge into one derived induction scheme. We will induct according to a scheme suggested by (PERM X Z), but modified to accommodate (PERM X Y). These suggestions were produced using the :induction rule PERM. If we let (:P X Y Z) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X Y Z)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Z))) (:P X Y Z)) (IMPLIES (AND (CONSP X) (MEM (CAR X) Z) (:P (CDR X) (RM (CAR X) Y) (RM (CAR X) Z))) (:P X Y Z))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variables Y and Z are being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (AND (PERM X Y) (PERM Y Z)) (PERM X Z))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (PERM X Y) (PERM Y Z)) (PERM X Z)). But simplification reduces this to T, using the :definition PERM and the :rewrite rule PROBLEM-54. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Z))) (IMPLIES (AND (PERM X Y) (PERM Y Z)) (PERM X Z))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Z)) (PERM X Y) (PERM Y Z)) (PERM X Z)). This simplifies, using the :definition PERM, the :rewrite rule PROBLEM- 55B and the :type-prescription rules MEM and PERM, to Subgoal *1/2'' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Z)) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (PERM Y Z)) (PERM (CDR X) (RM (CAR X) Z))). But simplification reduces this to T, using the :rewrite rule PROBLEM- 55B and the :type-prescription rules MEM and PERM. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Z) (IMPLIES (AND (PERM (CDR X) (RM (CAR X) Y)) (PERM (RM (CAR X) Y) (RM (CAR X) Z))) (PERM (CDR X) (RM (CAR X) Z)))) (IMPLIES (AND (PERM X Y) (PERM Y Z)) (PERM X Z))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (MEM (CAR X) Z) (IMPLIES (AND (PERM (CDR X) (RM (CAR X) Y)) (PERM (RM (CAR X) Y) (RM (CAR X) Z))) (PERM (CDR X) (RM (CAR X) Z))) (PERM X Y) (PERM Y Z)) (PERM X Z)). But simplification reduces this to T, using the :definition PERM, the :rewrite rules PROBLEM-55B and PROBLEM-55E and the :type-prescription rules MEM and PERM. That completes the proof of *1. Q.E.D. The storage of PROBLEM-55 depends upon the :type-prescription rule PERM. Summary Form: ( DEFTHM PROBLEM-55 ...) Rules: ((:DEFINITION NOT) (:DEFINITION PERM) (:INDUCTION PERM) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-55B) (:REWRITE PROBLEM-55E) (:TYPE-PRESCRIPTION MEM) (:TYPE-PRESCRIPTION PERM)) Warnings: Free Time: 0.12 seconds (prove: 0.02, print: 0.06, other: 0.04) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-55 ACL2 >>(DEFUN <<= (X Y) (LEXORDER X Y)) Since <<= is non-recursive, its admission is trivial. We observe that the type of <<= is described by the theorem (OR (EQUAL (<<= X Y) T) (EQUAL (<<= X Y) NIL)). We used the :type- prescription rule LEXORDER. Summary Form: ( DEFUN <<= ...) Rules: ((:TYPE-PRESCRIPTION LEXORDER)) Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) <<= ACL2 >>(THEOREM <<=-NON-STRICT-TOTAL-ORDER (AND (<<= X X) (IMPLIES (AND (<<= X Y) (<<= Y X)) (EQUAL X Y)) (IMPLIES (AND (<<= X Y) (<<= Y Z)) (<<= X Z)) (OR (<<= X Y) (<<= Y X))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] By the simple :definition <<= and the simple :rewrite rule LEXORDER- REFLEXIVE we reduce the conjecture to the following three conjectures. Subgoal 3 (IMPLIES (AND (LEXORDER X Y) (LEXORDER Y X)) (EQUAL X Y)). But we reduce the conjecture to T, by primitive type reasoning, the :forward-chaining rule LEXORDER-ANTI-SYMMETRIC and the :type-prescription rule LEXORDER. Subgoal 2 (IMPLIES (AND (LEXORDER X Y) (LEXORDER Y Z)) (LEXORDER X Z)). But simplification reduces this to T, using the :rewrite rule LEXORDER- TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal 1 (OR (LEXORDER X Y) (LEXORDER Y X)). But we reduce the conjecture to T, by primitive type reasoning, the :forward-chaining rule LEXORDER-TOTAL and the :type-prescription rule LEXORDER. Q.E.D. Summary Form: ( DEFTHM <<=-NON-STRICT-TOTAL-ORDER ...) Rules: ((:DEFINITION <<=) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING LEXORDER-ANTI-SYMMETRIC) (:FORWARD-CHAINING LEXORDER-TOTAL) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:TYPE-PRESCRIPTION LEXORDER)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.03, other: 0.00) <<=-NON-STRICT-TOTAL-ORDER ACL2 >>(DEFUN ORDERED (X) (IF (CONSP X) (IF (CONSP (CDR X)) (AND (<<= (CAR X) (CADR X)) (ORDERED (CDR X))) T) T)) The admission of ORDERED is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of ORDERED is described by the theorem (OR (EQUAL (ORDERED X) T) (EQUAL (ORDERED X) NIL)). Summary Form: ( DEFUN ORDERED ...) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) ORDERED ACL2 >>(DEFUN INSERT (E X) (IF (CONSP X) (IF (<<= E (CAR X)) (CONS E X) (CONS (CAR X) (INSERT E (CDR X)))) (CONS E NIL))) The admission of INSERT is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of INSERT is described by the theorem (CONSP (INSERT E X)). We used primitive type reasoning. Summary Form: ( DEFUN INSERT ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) INSERT ACL2 >>(DEFUN ISORT (X) (IF (CONSP X) (INSERT (CAR X) (ISORT (CDR X))) NIL)) The admission of ISORT is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of ISORT is described by the theorem (OR (CONSP (ISORT X)) (EQUAL (ISORT X) NIL)). We used the :type-prescription rule INSERT. Summary Form: ( DEFUN ISORT ...) Rules: ((:TYPE-PRESCRIPTION INSERT)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) ISORT ACL2 >>(THEOREM PROBLEM-58A (IMPLIES (ORDERED X) (ORDERED (INSERT E X))) :HINTS (("Goal" :INDUCT (INSERT E X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (INSERT E X). This suggestion was produced using the :induction rule INSERT. If we let (:P E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E X)) (IMPLIES (AND (CONSP X) (NOT (<<= E (CAR X))) (:P E (CDR X))) (:P E X)) (IMPLIES (AND (CONSP X) (<<= E (CAR X))) (:P E X))). This induction is justified by the same argument used to admit INSERT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (ORDERED X) (ORDERED (INSERT E X)))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (ORDERED X)) (ORDERED (INSERT E X))). But simplification reduces this to T, using the :definitions INSERT and ORDERED, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rule CDR-CONS. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (<<= E (CAR X))) (IMPLIES (ORDERED (CDR X)) (ORDERED (INSERT E (CDR X))))) (IMPLIES (ORDERED X) (ORDERED (INSERT E X)))). By the simple :definition <<= we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (IMPLIES (ORDERED (CDR X)) (ORDERED (INSERT E (CDR X)))) (ORDERED X)) (ORDERED (INSERT E X))). This simplifies, using the :definitions <<=, INSERT and ORDERED, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type- prescription rules INSERT, LEXORDER and ORDERED, to the following four conjectures. Subgoal *1/2.4 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (NOT (ORDERED (CDR X))) (NOT (CONSP (CDR X)))) (LEXORDER (CAR X) (CAR (INSERT E (CDR X))))). But simplification reduces this to T, using the :definition ORDERED. Subgoal *1/2.3 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (NOT (ORDERED (CDR X))) (NOT (CONSP (CDR X)))) (ORDERED (INSERT E (CDR X)))). But simplification reduces this to T, using the :definition ORDERED. Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (ORDERED (INSERT E (CDR X))) (NOT (CONSP (CDR X)))) (LEXORDER (CAR X) (CAR (INSERT E (CDR X))))). But simplification reduces this to T, using the :definitions INSERT and ORDERED, the :executable-counterpart of CONSP, primitive type reasoning, the :forward-chaining rule LEXORDER-TOTAL, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type- prescription rule LEXORDER. Subgoal *1/2.1 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (ORDERED (INSERT E (CDR X))) (LEXORDER (CAR X) (CADR X)) (ORDERED (CDR X))) (LEXORDER (CAR X) (CAR (INSERT E (CDR X))))). The destructor terms (CAR X) and (CDR X) can be eliminated. Furthermore, those terms are at the root of a chain of two rounds of destructor elimination. (1) Use CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. (2) Use CAR-CDR-ELIM, again, to replace X2 by (CONS X3 X4), (CAR X2) by X3 and (CDR X2) by X4. These steps produce the following two goals. Subgoal *1/2.1.2 (IMPLIES (AND (NOT (CONSP X2)) (CONSP (CONS X1 X2)) (NOT (LEXORDER E X1)) (ORDERED (INSERT E X2)) (LEXORDER X1 (CAR X2)) (ORDERED X2)) (LEXORDER X1 (CAR (INSERT E X2)))). But simplification reduces this to T, using the :definitions INSERT and ORDERED, the :executable-counterpart of CONSP, primitive type reasoning, the :forward-chaining rule LEXORDER-TOTAL, the :rewrite rules CAR-CONS, CDR-CONS, DEFAULT-CAR, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/2.1.1 (IMPLIES (AND (CONSP (CONS X3 X4)) (CONSP (LIST* X1 X3 X4)) (NOT (LEXORDER E X1)) (ORDERED (INSERT E (CONS X3 X4))) (LEXORDER X1 X3) (ORDERED (CONS X3 X4))) (LEXORDER X1 (CAR (INSERT E (CONS X3 X4))))). But simplification reduces this to T, using the :definitions <<=, INSERT and ORDERED, primitive type reasoning, the :forward-chaining rule LEXORDER- TOTAL, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/1 (IMPLIES (AND (CONSP X) (<<= E (CAR X))) (IMPLIES (ORDERED X) (ORDERED (INSERT E X)))). By the simple :definition <<= we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (LEXORDER E (CAR X)) (ORDERED X)) (ORDERED (INSERT E X))). But simplification reduces this to T, using the :definitions <<=, INSERT and ORDERED, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type- prescription rules LEXORDER and ORDERED. That completes the proof of *1. Q.E.D. The storage of PROBLEM-58A depends upon the :type-prescription rule ORDERED. Summary Form: ( DEFTHM PROBLEM-58A ...) Rules: ((:DEFINITION <<=) (:DEFINITION INSERT) (:DEFINITION NOT) (:DEFINITION ORDERED) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING LEXORDER-TOTAL) (:INDUCTION INSERT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-CAR) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:TYPE-PRESCRIPTION INSERT) (:TYPE-PRESCRIPTION LEXORDER) (:TYPE-PRESCRIPTION ORDERED)) Warnings: None Time: 0.10 seconds (prove: 0.02, print: 0.07, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-58A ACL2 >>(THEOREM PROBLEM-58 (ORDERED (ISORT X)) :HINTS (("Goal" :INDUCT (ISORT X) :IN-THEORY (ENABLE PROBLEM-58A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (ISORT X). This suggestion was produced using the :induction rule ISORT. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit ISORT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (ORDERED (ISORT X))). But simplification reduces this to T, using the :definition ISORT and the :executable-counterpart of ORDERED. Subgoal *1/1 (IMPLIES (AND (CONSP X) (ORDERED (ISORT (CDR X)))) (ORDERED (ISORT X))). But simplification reduces this to T, using the :definition ISORT, the :rewrite rule PROBLEM-58A and the :type-prescription rule ORDERED. That completes the proof of *1. Q.E.D. The storage of PROBLEM-58 depends upon the :type-prescription rule ORDERED. Summary Form: ( DEFTHM PROBLEM-58 ...) Rules: ((:DEFINITION ISORT) (:EXECUTABLE-COUNTERPART ORDERED) (:INDUCTION ISORT) (:REWRITE PROBLEM-58A) (:TYPE-PRESCRIPTION ORDERED)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-58 ACL2 >>(THEOREM PROBLEM-59A (IMPLIES (PERM A B) (PERM (INSERT E A) (CONS E B))) :HINTS (("Goal" :INDUCT (PERM A B) :IN-THEORY (ENABLE PROBLEM-48 PROBLEM-49A PROBLEM-54A PROBLEM-54)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PERM A B). This suggestion was produced using the :induction rule PERM. If we let (:P A B E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B E)) (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B))) (:P A B E)) (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (:P (CDR A) (RM (CAR A) B) E)) (:P A B E))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable B is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP A)) (IMPLIES (PERM A B) (PERM (INSERT E A) (CONS E B)))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP A)) (PERM A B)) (PERM (INSERT E A) (CONS E B))). But simplification reduces this to T, using the :definitions INSERT, MEM, PERM and RM, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-54 and PROBLEM-54A. Subgoal *1/2 (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B))) (IMPLIES (PERM A B) (PERM (INSERT E A) (CONS E B)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B)) (PERM A B)) (PERM (INSERT E A) (CONS E B))). But simplification reduces this to T, using the :definition PERM. Subgoal *1/1 (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (IMPLIES (PERM (CDR A) (RM (CAR A) B)) (PERM (INSERT E (CDR A)) (CONS E (RM (CAR A) B))))) (IMPLIES (PERM A B) (PERM (INSERT E A) (CONS E B)))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (IMPLIES (PERM (CDR A) (RM (CAR A) B)) (PERM (INSERT E (CDR A)) (CONS E (RM (CAR A) B)))) (PERM A B)) (PERM (INSERT E A) (CONS E B))). This simplifies, using the :definitions <<=, INSERT and PERM, the :rewrite rules PROBLEM-48 and PROBLEM-49A and the :type-prescription rule MEM, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (PERM (INSERT E (CDR A)) (CONS E (RM (CAR A) B))) (PERM (CDR A) (RM (CAR A) B)) (LEXORDER E (CAR A))) (PERM (CONS E A) (CONS E B))). But simplification reduces this to T, using the :definitions MEM, PERM and RM, primitive type reasoning, the :rewrite rules CAR-CONS, CDR- CONS, PROBLEM-48, PROBLEM-49A, PROBLEM-54 and PROBLEM-54A and the :type- prescription rules MEM and PERM. Subgoal *1/1.1 (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (PERM (INSERT E (CDR A)) (CONS E (RM (CAR A) B))) (PERM (CDR A) (RM (CAR A) B)) (NOT (LEXORDER E (CAR A)))) (PERM (CONS (CAR A) (INSERT E (CDR A))) (CONS E B))). This simplifies, using the :definitions MEM, PERM and RM, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-48 and PROBLEM-49A and the :type-prescription rule MEM, to Subgoal *1/1.1' (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (PERM (INSERT E (CDR A)) (CONS E (RM (CAR A) B))) (PERM (CDR A) (RM (CAR A) B)) (NOT (LEXORDER E (CAR A))) (EQUAL (CAR A) E)) (PERM (INSERT E (CDR A)) B)). But simplification reduces this to T, using primitive type reasoning and the :forward-chaining rule LEXORDER-TOTAL. That completes the proof of *1. Q.E.D. The storage of PROBLEM-59A depends upon the :type-prescription rule PERM. Summary Form: ( DEFTHM PROBLEM-59A ...) Rules: ((:DEFINITION <<=) (:DEFINITION INSERT) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION PERM) (:DEFINITION RM) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING LEXORDER-TOTAL) (:INDUCTION PERM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-48) (:REWRITE PROBLEM-49A) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-54A) (:TYPE-PRESCRIPTION MEM) (:TYPE-PRESCRIPTION PERM)) Warnings: None Time: 0.13 seconds (prove: 0.06, print: 0.07, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-59A ACL2 >>(THEOREM PROBLEM-59 (PERM (ISORT X) X) :HINTS (("Goal" :INDUCT (ISORT X) :IN-THEORY (ENABLE PROBLEM-54 PROBLEM-59A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (ISORT X). This suggestion was produced using the :induction rule ISORT. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit ISORT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (PERM (ISORT X) X)). But simplification reduces this to T, using the :definitions ISORT and PERM, the :executable-counterpart of CONSP and the :rewrite rule PROBLEM-54. Subgoal *1/1 (IMPLIES (AND (CONSP X) (PERM (ISORT (CDR X)) (CDR X))) (PERM (ISORT X) X)). This simplifies, using the :definition ISORT, to Subgoal *1/1' (IMPLIES (AND (CONSP X) (PERM (ISORT (CDR X)) (CDR X))) (PERM (INSERT (CAR X) (ISORT (CDR X))) X)). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal *1/1'' (IMPLIES (AND (CONSP (CONS X1 X2)) (PERM (ISORT X2) X2)) (PERM (INSERT X1 (ISORT X2)) (CONS X1 X2))). But simplification reduces this to T, using primitive type reasoning, the :rewrite rule PROBLEM-59A and the :type-prescription rule PERM. That completes the proof of *1. Q.E.D. The storage of PROBLEM-59 depends upon the :type-prescription rule PERM. Summary Form: ( DEFTHM PROBLEM-59 ...) Rules: ((:DEFINITION ISORT) (:DEFINITION PERM) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION ISORT) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-59A) (:TYPE-PRESCRIPTION PERM)) Warnings: None Time: 0.20 seconds (prove: 0.03, print: 0.17, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-59 ACL2 >>(THEOREM PROBLEM-60A (EQUAL (INSERT E (INSERT D X)) (INSERT D (INSERT E X))) :HINTS (("Goal" :INDUCT (INSERT E X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (INSERT E X). This suggestion was produced using the :induction rule INSERT. If we let (:P D E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P D E X)) (IMPLIES (AND (CONSP X) (NOT (<<= E (CAR X))) (:P D E (CDR X))) (:P D E X)) (IMPLIES (AND (CONSP X) (<<= E (CAR X))) (:P D E X))). This induction is justified by the same argument used to admit INSERT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (EQUAL (INSERT E (INSERT D X)) (INSERT D (INSERT E X)))). This simplifies, using the :definitions <<= and INSERT, the :executable- counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to the following two conjectures. Subgoal *1/3.2 (IMPLIES (AND (NOT (CONSP X)) (LEXORDER E D) (LEXORDER D E)) (EQUAL (LIST E D) (LIST D E))). But simplification reduces this to T, using primitive type reasoning, the :forward-chaining rule LEXORDER-ANTI-SYMMETRIC and the :type-prescription rule LEXORDER. Subgoal *1/3.1 (IMPLIES (AND (NOT (CONSP X)) (NOT (LEXORDER E D)) (NOT (LEXORDER D E))) (EQUAL (LIST D E) (LIST E D))). But simplification reduces this to T, using primitive type reasoning and the :forward-chaining rule LEXORDER-TOTAL. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (<<= E (CAR X))) (EQUAL (INSERT E (INSERT D (CDR X))) (INSERT D (INSERT E (CDR X))))) (EQUAL (INSERT E (INSERT D X)) (INSERT D (INSERT E X)))). By the simple :definition <<= we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (EQUAL (INSERT E (INSERT D (CDR X))) (INSERT D (INSERT E (CDR X))))) (EQUAL (INSERT E (INSERT D X)) (INSERT D (INSERT E X)))). This simplifies, using the :definitions <<= and INSERT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to the following two conjectures. Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (EQUAL (INSERT E (INSERT D (CDR X))) (INSERT D (INSERT E (CDR X)))) (LEXORDER D (CAR X))) (EQUAL (INSERT E (CONS D X)) (LIST* D (CAR X) (INSERT E (CDR X))))). This simplifies, using the :definitions <<= and INSERT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/2.2' (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (EQUAL (INSERT E (INSERT D (CDR X))) (INSERT D (INSERT E (CDR X)))) (LEXORDER D (CAR X)) (LEXORDER E D)) (EQUAL (LIST* E D X) (LIST* D (CAR X) (INSERT E (CDR X))))). But simplification reduces this to T, using the :rewrite rule LEXORDER- TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/2.1 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (EQUAL (INSERT E (INSERT D (CDR X))) (INSERT D (INSERT E (CDR X)))) (NOT (LEXORDER D (CAR X)))) (EQUAL (INSERT E (CONS (CAR X) (INSERT D (CDR X)))) (CONS (CAR X) (INSERT D (INSERT E (CDR X)))))). But simplification reduces this to T, using the :definitions <<= and INSERT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1 (IMPLIES (AND (CONSP X) (<<= E (CAR X))) (EQUAL (INSERT E (INSERT D X)) (INSERT D (INSERT E X)))). By the simple :definition <<= we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (LEXORDER E (CAR X))) (EQUAL (INSERT E (INSERT D X)) (INSERT D (INSERT E X)))). This simplifies, using the :definitions <<= and INSERT, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (LEXORDER E (CAR X)) (LEXORDER D E)) (EQUAL (INSERT E (INSERT D X)) (LIST* D E X))). This simplifies, using the :definitions <<= and INSERT, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER, to Subgoal *1/1.2' (IMPLIES (AND (CONSP X) (LEXORDER E (CAR X)) (LEXORDER D E) (LEXORDER E D)) (EQUAL (LIST* E D X) (LIST* D E X))). But simplification reduces this to T, using primitive type reasoning, the :forward-chaining rule LEXORDER-ANTI-SYMMETRIC and the :type-prescription rule LEXORDER. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (LEXORDER E (CAR X)) (NOT (LEXORDER D E))) (EQUAL (INSERT E (INSERT D X)) (CONS E (INSERT D X)))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal *1/1.1' (IMPLIES (AND (CONSP (CONS X1 X2)) (LEXORDER E X1) (NOT (LEXORDER D E))) (EQUAL (INSERT E (INSERT D (CONS X1 X2))) (CONS E (INSERT D (CONS X1 X2))))). This simplifies, using the :definitions <<= and INSERT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to the following two conjectures. Subgoal *1/1.1.2 (IMPLIES (AND (LEXORDER E X1) (NOT (LEXORDER D E)) (LEXORDER D X1)) (EQUAL (INSERT E (LIST* D X1 X2)) (LIST* E D X1 X2))). But simplification reduces this to T, using the :definitions <<= and INSERT, primitive type reasoning, the :forward-chaining rule LEXORDER- TOTAL, the :rewrite rules CAR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/1.1.1 (IMPLIES (AND (LEXORDER E X1) (NOT (LEXORDER D E)) (NOT (LEXORDER D X1))) (EQUAL (INSERT E (CONS X1 (INSERT D X2))) (LIST* E X1 (INSERT D X2)))). But simplification reduces this to T, using the :definitions <<= and INSERT, primitive type reasoning, the :rewrite rules CAR-CONS, LEXORDER- REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-60A ...) Rules: ((:DEFINITION <<=) (:DEFINITION INSERT) (:DEFINITION NOT) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING LEXORDER-ANTI-SYMMETRIC) (:FORWARD-CHAINING LEXORDER-TOTAL) (:INDUCTION INSERT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:TYPE-PRESCRIPTION LEXORDER)) Warnings: None Time: 0.13 seconds (prove: 0.04, print: 0.09, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-60A ACL2 >>(THEOREM PROBLEM-60B (EQUAL (ISORT (APP X (LIST E))) (INSERT E (ISORT X))) :HINTS (("Goal" :INDUCT (ISORT X) :IN-THEORY (ENABLE PROBLEM-60A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (ISORT X). This suggestion was produced using the :induction rule ISORT. If we let (:P E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E X)) (IMPLIES (AND (CONSP X) (:P E (CDR X))) (:P E X))). This induction is justified by the same argument used to admit ISORT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (ISORT (APP X (LIST E))) (INSERT E (ISORT X)))). But simplification reduces this to T, using the :definitions APP, INSERT and ISORT, the :executable-counterparts of CONSP and ISORT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (ISORT (APP (CDR X) (LIST E))) (INSERT E (ISORT (CDR X))))) (EQUAL (ISORT (APP X (LIST E))) (INSERT E (ISORT X)))). But simplification reduces this to T, using the :definitions APP and ISORT, primitive type reasoning and the :rewrite rules CAR-CONS, CDR- CONS and PROBLEM-60A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-60B ...) Rules: ((:DEFINITION APP) (:DEFINITION INSERT) (:DEFINITION ISORT) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART ISORT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION ISORT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-60A)) Warnings: None Time: 0.05 seconds (prove: 0.02, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-60B ACL2 >>(THEOREM PROBLEM-60C (EQUAL (ISORT (REV X)) (ISORT X)) :HINTS (("Goal" :INDUCT (ISORT X) :IN-THEORY (ENABLE PROBLEM-60B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (ISORT X). This suggestion was produced using the :induction rule ISORT. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit ISORT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (ISORT (REV X)) (ISORT X))). But simplification reduces this to T, using the :definitions ISORT and REV and the :executable-counterparts of EQUAL and ISORT. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (ISORT (REV (CDR X))) (ISORT (CDR X)))) (EQUAL (ISORT (REV X)) (ISORT X))). But simplification reduces this to T, using the :definitions ISORT and REV, primitive type reasoning and the :rewrite rule PROBLEM-60B. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-60C ...) Rules: ((:DEFINITION ISORT) (:DEFINITION REV) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART ISORT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION ISORT) (:REWRITE PROBLEM-60B)) Warnings: None Time: 0.05 seconds (prove: 0.01, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-60C ACL2 >>(THEOREM PROBLEM-60D (EQUAL (ISORT (INSERT E X)) (INSERT E (ISORT X))) :HINTS (("Goal" :INDUCT (INSERT E X) :IN-THEORY (ENABLE PROBLEM-60A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (INSERT E X). This suggestion was produced using the :induction rule INSERT. If we let (:P E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E X)) (IMPLIES (AND (CONSP X) (NOT (<<= E (CAR X))) (:P E (CDR X))) (:P E X)) (IMPLIES (AND (CONSP X) (<<= E (CAR X))) (:P E X))). This induction is justified by the same argument used to admit INSERT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (EQUAL (ISORT (INSERT E X)) (INSERT E (ISORT X)))). But simplification reduces this to T, using the :definitions INSERT and ISORT, the :executable-counterparts of CONSP and ISORT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (<<= E (CAR X))) (EQUAL (ISORT (INSERT E (CDR X))) (INSERT E (ISORT (CDR X))))) (EQUAL (ISORT (INSERT E X)) (INSERT E (ISORT X)))). By the simple :definition <<= we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (EQUAL (ISORT (INSERT E (CDR X))) (INSERT E (ISORT (CDR X))))) (EQUAL (ISORT (INSERT E X)) (INSERT E (ISORT X)))). But simplification reduces this to T, using the :definitions <<=, INSERT and ISORT, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and PROBLEM-60A. Subgoal *1/1 (IMPLIES (AND (CONSP X) (<<= E (CAR X))) (EQUAL (ISORT (INSERT E X)) (INSERT E (ISORT X)))). By the simple :definition <<= we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (LEXORDER E (CAR X))) (EQUAL (ISORT (INSERT E X)) (INSERT E (ISORT X)))). But simplification reduces this to T, using the :definitions <<=, INSERT and ISORT, primitive type reasoning, the :rewrite rules CAR-CONS, CDR- CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-60D ...) Rules: ((:DEFINITION <<=) (:DEFINITION INSERT) (:DEFINITION ISORT) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART ISORT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION INSERT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:REWRITE PROBLEM-60A) (:TYPE-PRESCRIPTION LEXORDER)) Warnings: None Time: 0.09 seconds (prove: 0.04, print: 0.04, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-60D ACL2 >>(THEOREM PROBLEM-60E (EQUAL (ISORT (ISORT X)) (ISORT X)) :HINTS (("Goal" :INDUCT (ISORT X) :IN-THEORY (ENABLE PROBLEM-60D)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (ISORT X). This suggestion was produced using the :induction rule ISORT. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit ISORT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (ISORT (ISORT X)) (ISORT X))). But simplification reduces this to T, using the :definition ISORT and the :executable-counterparts of EQUAL and ISORT. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (ISORT (ISORT (CDR X))) (ISORT (CDR X)))) (EQUAL (ISORT (ISORT X)) (ISORT X))). But simplification reduces this to T, using the :definition ISORT, primitive type reasoning and the :rewrite rule PROBLEM-60D. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-60E ...) Rules: ((:DEFINITION ISORT) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART ISORT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION ISORT) (:REWRITE PROBLEM-60D)) Warnings: None Time: 0.05 seconds (prove: 0.01, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-60E ACL2 >>(THEOREM PROBLEM-60 (EQUAL (ISORT (REV (ISORT L))) (ISORT L)) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-60C PROBLEM-60E)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] But we reduce the conjecture to T, by the simple :rewrite rules PROBLEM- 60C and PROBLEM-60E. Q.E.D. Summary Form: ( DEFTHM PROBLEM-60 ...) Rules: ((:REWRITE PROBLEM-60C) (:REWRITE PROBLEM-60E)) Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-60 ACL2 >>(DEFUN REV1 (X A) (IF (CONSP X) (REV1 (CDR X) (CONS (CAR X) A)) A)) The admission of REV1 is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of REV1 is described by the theorem (OR (CONSP (REV1 X A)) (EQUAL (REV1 X A) A)). We used primitive type reasoning. Summary Form: ( DEFUN REV1 ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) REV1 ACL2 >>(THEOREM PROBLEM-61A (EQUAL (REV1 X A) (APP (REV X) A)) :HINTS (("Goal" :INDUCT (REV1 X A) :IN-THEORY (ENABLE PROBLEM-40)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (REV1 X A). This suggestion was produced using the :induction rule REV1. If we let (:P A X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P A X)) (IMPLIES (AND (CONSP X) (:P (CONS (CAR X) A) (CDR X))) (:P A X))). This induction is justified by the same argument used to admit REV1, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable A is being instantiated. When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (REV1 X A) (APP (REV X) A))). But simplification reduces this to T, using the :definitions APP, REV and REV1, the :executable-counterpart of CONSP and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (REV1 (CDR X) (CONS (CAR X) A)) (APP (REV (CDR X)) (CONS (CAR X) A)))) (EQUAL (REV1 X A) (APP (REV X) A))). But simplification reduces this to T, using the :definitions APP, REV and REV1, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and PROBLEM-40. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-61A ...) Rules: ((:DEFINITION APP) (:DEFINITION REV) (:DEFINITION REV1) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION REV1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-40)) Warnings: None Time: 0.04 seconds (prove: 0.00, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-61A ACL2 >>(THEOREM PROBLEM-61 (EQUAL (REV1 X NIL) (REV X)) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-41 PROBLEM-44B PROBLEM-61A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] By the simple :rewrite rule PROBLEM-61A we reduce the conjecture to Goal' (EQUAL (APP (REV X) NIL) (REV X)). But simplification reduces this to T, using primitive type reasoning and the :rewrite rules PROBLEM-41 and PROBLEM-44B. Q.E.D. Summary Form: ( DEFTHM PROBLEM-61 ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE PROBLEM-41) (:REWRITE PROBLEM-44B) (:REWRITE PROBLEM-61A)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-61 ACL2 >>(THEOREM PROBLEM-62-DIRECT (EQUAL (MAPNIL1 A NIL) (MAPNIL A)) :HINTS (("Goal" :INDUCT (MAPNIL A) :IN-THEORY (ENABLE PROBLEM-51A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MAPNIL A). This suggestion was produced using the :induction rule MAPNIL. If we let (:P A) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A)) (IMPLIES (AND (CONSP A) (:P (CDR A))) (:P A))). This induction is justified by the same argument used to admit MAPNIL, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (EQUAL (MAPNIL1 A NIL) (MAPNIL A))). But simplification reduces this to T, using the :definitions MAPNIL and MAPNIL1 and the :executable-counterpart of EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL (MAPNIL1 (CDR A) NIL) (MAPNIL (CDR A)))) (EQUAL (MAPNIL1 A NIL) (MAPNIL A))). This simplifies, using the :definition MAPNIL, to Subgoal *1/1' (IMPLIES (AND (CONSP A) (EQUAL (MAPNIL1 (CDR A) NIL) (MAPNIL (CDR A)))) (EQUAL (MAPNIL1 A NIL) (CONS NIL (MAPNIL (CDR A))))). The destructor terms (CAR A) and (CDR A) can be eliminated by using CAR-CDR-ELIM to replace A by (CONS A1 A2), (CAR A) by A1 and (CDR A) by A2. This produces the following goal. Subgoal *1/1'' (IMPLIES (AND (CONSP (CONS A1 A2)) (EQUAL (MAPNIL1 A2 NIL) (MAPNIL A2))) (EQUAL (MAPNIL1 (CONS A1 A2) NIL) (CONS NIL (MAPNIL A2)))). But simplification reduces this to T, using the :definition MAPNIL1, the :executable-counterpart of CONS, primitive type reasoning and the :rewrite rules CDR-CONS and PROBLEM-51A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-62-DIRECT ...) Rules: ((:DEFINITION MAPNIL) (:DEFINITION MAPNIL1) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MAPNIL) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-51A)) Warnings: None Time: 0.08 seconds (prove: 0.00, print: 0.07, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-62-DIRECT ACL2 >>(THEOREM PROBLEM-62A (IMPLIES (NILS A) (EQUAL (APP A (CONS NIL B)) (CONS NIL (APP A B)))) :HINTS (("Goal" :INDUCT (APP A B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP A B). This suggestion was produced using the :induction rule APP. If we let (:P A B) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B)) (IMPLIES (AND (CONSP A) (:P (CDR A) B)) (:P A B))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (IMPLIES (NILS A) (EQUAL (APP A (CONS NIL B)) (CONS NIL (APP A B))))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP A)) (NILS A)) (EQUAL (APP A (CONS NIL B)) (CONS NIL (APP A B)))). But simplification reduces this to T, using the :definitions APP and NILS, the :executable-counterpart of CONSP and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP A) (IMPLIES (NILS (CDR A)) (EQUAL (APP (CDR A) (CONS NIL B)) (CONS NIL (APP (CDR A) B))))) (IMPLIES (NILS A) (EQUAL (APP A (CONS NIL B)) (CONS NIL (APP A B))))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP A) (IMPLIES (NILS (CDR A)) (EQUAL (APP (CDR A) (CONS NIL B)) (CONS NIL (APP (CDR A) B)))) (NILS A)) (EQUAL (APP A (CONS NIL B)) (CONS NIL (APP A B)))). But simplification reduces this to T, using the :definitions APP and NILS and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-62A ...) Rules: ((:DEFINITION APP) (:DEFINITION NILS) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP)) Warnings: None Time: 0.07 seconds (prove: 0.01, print: 0.06, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-62A ACL2 >>(THEOREM PROBLEM-62B (NILS (MAPNIL A)) :HINTS (("Goal" :INDUCT (MAPNIL A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MAPNIL A). This suggestion was produced using the :induction rule MAPNIL. If we let (:P A) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A)) (IMPLIES (AND (CONSP A) (:P (CDR A))) (:P A))). This induction is justified by the same argument used to admit MAPNIL, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (NILS (MAPNIL A))). But simplification reduces this to T, using the :definition MAPNIL and the :executable-counterpart of NILS. Subgoal *1/1 (IMPLIES (AND (CONSP A) (NILS (MAPNIL (CDR A)))) (NILS (MAPNIL A))). But simplification reduces this to T, using the :definitions MAPNIL and NILS, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rules MAPNIL and NILS. That completes the proof of *1. Q.E.D. The storage of PROBLEM-62B depends upon the :type-prescription rule NILS. Summary Form: ( DEFTHM PROBLEM-62B ...) Rules: ((:DEFINITION MAPNIL) (:DEFINITION NILS) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART NILS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MAPNIL) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION MAPNIL) (:TYPE-PRESCRIPTION NILS)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.03, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-62B ACL2 >>(THEOREM PROBLEM-62C (EQUAL (MAPNIL1 A B) (APP (MAPNIL A) B)) :HINTS (("Goal" :INDUCT (MAPNIL1 A B) :IN-THEORY (ENABLE PROBLEM-62A PROBLEM-62B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MAPNIL1 A B). This suggestion was produced using the :induction rule MAPNIL1. If we let (:P A B) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B)) (IMPLIES (AND (CONSP A) (:P (CDR A) (CONS NIL B))) (:P A B))). This induction is justified by the same argument used to admit MAPNIL1, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable B is being instantiated. When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (EQUAL (MAPNIL1 A B) (APP (MAPNIL A) B))). But simplification reduces this to T, using the :definitions APP, MAPNIL and MAPNIL1, the :executable-counterpart of CONSP and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP A) (EQUAL (MAPNIL1 (CDR A) (CONS NIL B)) (APP (MAPNIL (CDR A)) (CONS NIL B)))) (EQUAL (MAPNIL1 A B) (APP (MAPNIL A) B))). But simplification reduces this to T, using the :definitions APP, MAPNIL and MAPNIL1, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-62A and PROBLEM-62B and the :type-prescription rule MAPNIL. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-62C ...) Rules: ((:DEFINITION APP) (:DEFINITION MAPNIL) (:DEFINITION MAPNIL1) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MAPNIL1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-62A) (:REWRITE PROBLEM-62B) (:TYPE-PRESCRIPTION MAPNIL)) Warnings: None Time: 0.06 seconds (prove: 0.01, print: 0.03, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-62C ACL2 >>(THEOREM PROBLEM-62D (PROPER (MAPNIL A)) :HINTS (("Goal" :INDUCT (MAPNIL A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MAPNIL A). This suggestion was produced using the :induction rule MAPNIL. If we let (:P A) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A)) (IMPLIES (AND (CONSP A) (:P (CDR A))) (:P A))). This induction is justified by the same argument used to admit MAPNIL, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (PROPER (MAPNIL A))). But simplification reduces this to T, using the :definition MAPNIL and the :executable-counterpart of PROPER. Subgoal *1/1 (IMPLIES (AND (CONSP A) (PROPER (MAPNIL (CDR A)))) (PROPER (MAPNIL A))). But simplification reduces this to T, using the :definitions MAPNIL and PROPER, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rules MAPNIL and PROPER. That completes the proof of *1. Q.E.D. The storage of PROBLEM-62D depends upon the :type-prescription rule PROPER. Summary Form: ( DEFTHM PROBLEM-62D ...) Rules: ((:DEFINITION MAPNIL) (:DEFINITION PROPER) (:EXECUTABLE-COUNTERPART PROPER) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MAPNIL) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION MAPNIL) (:TYPE-PRESCRIPTION PROPER)) Warnings: None Time: 0.04 seconds (prove: 0.00, print: 0.04, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-62D ACL2 >>(THEOREM PROBLEM-62 (EQUAL (MAPNIL1 A NIL) (MAPNIL A)) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-41 PROBLEM-62C PROBLEM-62D)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] By the simple :rewrite rule PROBLEM-62C we reduce the conjecture to Goal' (EQUAL (APP (MAPNIL A) NIL) (MAPNIL A)). But simplification reduces this to T, using primitive type reasoning and the :rewrite rules PROBLEM-41 and PROBLEM-62D. Q.E.D. Summary Form: ( DEFTHM PROBLEM-62 ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE PROBLEM-41) (:REWRITE PROBLEM-62C) (:REWRITE PROBLEM-62D)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-62 ACL2 >>(DEFUN MCFLATTEN (X A) (IF (CONSP X) (MCFLATTEN (CAR X) (MCFLATTEN (CDR X) A)) (CONS X A))) The admission of MCFLATTEN is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of MCFLATTEN is described by the theorem (CONSP (MCFLATTEN X A)). We used primitive type reasoning. Summary Form: ( DEFUN MCFLATTEN ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) MCFLATTEN ACL2 >>(THEOREM PROBLEM-64A (EQUAL (MCFLATTEN X A) (APP (FLATTEN X) A)) :HINTS (("Goal" :INDUCT (MCFLATTEN X A) :IN-THEORY (ENABLE PROBLEM-40)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (MCFLATTEN X A). This suggestion was produced using the :induction rule MCFLATTEN. If we let (:P A X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P A X)) (IMPLIES (AND (CONSP X) (:P (MCFLATTEN (CDR X) A) (CAR X)) (:P A (CDR X))) (:P A X))). This induction is justified by the same argument used to admit MCFLATTEN, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable A is being instantiated. When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (MCFLATTEN X A) (APP (FLATTEN X) A))). But simplification reduces this to T, using the :definitions APP, FLATTEN and MCFLATTEN, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (MCFLATTEN (CAR X) (MCFLATTEN (CDR X) A)) (APP (FLATTEN (CAR X)) (MCFLATTEN (CDR X) A))) (EQUAL (MCFLATTEN (CDR X) A) (APP (FLATTEN (CDR X)) A))) (EQUAL (MCFLATTEN X A) (APP (FLATTEN X) A))). But simplification reduces this to T, using the :definitions FLATTEN and MCFLATTEN, primitive type reasoning and the :rewrite rule PROBLEM- 40. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-64A ...) Rules: ((:DEFINITION APP) (:DEFINITION FLATTEN) (:DEFINITION MCFLATTEN) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MCFLATTEN) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-40)) Warnings: None Time: 0.05 seconds (prove: 0.01, print: 0.01, other: 0.03) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-64A ACL2 >>(THEOREM PROBLEM-64B (PROPER (FLATTEN X)) :HINTS (("Goal" :INDUCT (FLATTEN X) :IN-THEORY (ENABLE PROBLEM-44C)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (FLATTEN X). This suggestion was produced using the :induction rule FLATTEN. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CAR X)) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit FLATTEN, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (PROPER (FLATTEN X))). But simplification reduces this to T, using the :definitions FLATTEN and PROPER, the :executable-counterpart of PROPER, primitive type reasoning and the :rewrite rule CDR-CONS. Subgoal *1/1 (IMPLIES (AND (CONSP X) (PROPER (FLATTEN (CAR X))) (PROPER (FLATTEN (CDR X)))) (PROPER (FLATTEN X))). But simplification reduces this to T, using the :definition FLATTEN, the :rewrite rule PROBLEM-44C and the :type-prescription rule PROPER. That completes the proof of *1. Q.E.D. The storage of PROBLEM-64B depends upon the :type-prescription rule PROPER. Summary Form: ( DEFTHM PROBLEM-64B ...) Rules: ((:DEFINITION FLATTEN) (:DEFINITION PROPER) (:EXECUTABLE-COUNTERPART PROPER) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION FLATTEN) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-44C) (:TYPE-PRESCRIPTION PROPER)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-64B ACL2 >>(THEOREM PROBLEM-64 (EQUAL (MCFLATTEN X NIL) (FLATTEN X)) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-41 PROBLEM-64A PROBLEM-64B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] By the simple :rewrite rule PROBLEM-64A we reduce the conjecture to Goal' (EQUAL (APP (FLATTEN X) NIL) (FLATTEN X)). But simplification reduces this to T, using primitive type reasoning and the :rewrite rules PROBLEM-41 and PROBLEM-64B. Q.E.D. Summary Form: ( DEFTHM PROBLEM-64 ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE PROBLEM-41) (:REWRITE PROBLEM-64A) (:REWRITE PROBLEM-64B)) Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-64 ACL2 >>(DEFUN NAT (X) (IF (CONSP X) (AND (EQUAL (CAR X) NIL) (NAT (CDR X))) (EQUAL X NIL))) The admission of NAT is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of NAT is described by the theorem (OR (EQUAL (NAT X) T) (EQUAL (NAT X) NIL)). We used primitive type reasoning. Summary Form: ( DEFUN NAT ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.01, other: 0.02) NAT ACL2 >>(DEFUN FIX-NAT (X) (IF (CONSP X) (CONS NIL (FIX-NAT (CDR X))) NIL)) The admission of FIX-NAT is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of FIX-NAT is described by the theorem (TRUE-LISTP (FIX-NAT X)). We used primitive type reasoning. Summary Form: ( DEFUN FIX-NAT ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.01, other: 0.02) FIX-NAT ACL2 >>(THEOREM PROBLEM-66A (NAT (FIX-NAT X)) :HINTS (("Goal" :INDUCT (FIX-NAT X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (FIX-NAT X). This suggestion was produced using the :induction rule FIX-NAT. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit FIX- NAT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (NAT (FIX-NAT X))). But simplification reduces this to T, using the :definition FIX-NAT and the :executable-counterpart of NAT. Subgoal *1/1 (IMPLIES (AND (CONSP X) (NAT (FIX-NAT (CDR X)))) (NAT (FIX-NAT X))). But simplification reduces this to T, using the :definitions FIX-NAT and NAT, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rules FIX-NAT and NAT. That completes the proof of *1. Q.E.D. The storage of PROBLEM-66A depends upon the :type-prescription rule NAT. Summary Form: ( DEFTHM PROBLEM-66A ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION NAT) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART NAT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION FIX-NAT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION FIX-NAT) (:TYPE-PRESCRIPTION NAT)) Warnings: None Time: 0.12 seconds (prove: 0.01, print: 0.10, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-66A ACL2 >>(THEOREM PROBLEM-66B (IMPLIES (NAT X) (EQUAL (FIX-NAT X) X)) :HINTS (("Goal" :INDUCT (NAT X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (NAT X). This suggestion was produced using the :induction rule NAT. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X)) (IMPLIES (AND (CONSP X) (CAR X)) (:P X)) (IMPLIES (AND (CONSP X) (NOT (CAR X)) (:P (CDR X))) (:P X))). This induction is justified by the same argument used to admit NAT, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (NAT X) (EQUAL (FIX-NAT X) X))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (NAT X)) (EQUAL (FIX-NAT X) X)). But simplification reduces this to T, using the :definition NAT, the :executable-counterparts of CONSP, EQUAL and FIX-NAT and primitive type reasoning. Subgoal *1/2 (IMPLIES (AND (CONSP X) (CAR X)) (IMPLIES (NAT X) (EQUAL (FIX-NAT X) X))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (CAR X) (NAT X)) (EQUAL (FIX-NAT X) X)). But simplification reduces this to T, using the :definition NAT and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP X) (NOT (CAR X)) (IMPLIES (NAT (CDR X)) (EQUAL (FIX-NAT (CDR X)) (CDR X)))) (IMPLIES (NAT X) (EQUAL (FIX-NAT X) X))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (NOT (CAR X)) (IMPLIES (NAT (CDR X)) (EQUAL (FIX-NAT (CDR X)) (CDR X))) (NAT X)) (EQUAL (FIX-NAT X) X)). But simplification reduces this to T, using the :definitions FIX-NAT and NAT, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FIX-NAT. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-66B ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION NAT) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART FIX-NAT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION NAT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION FIX-NAT)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.02, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-66B ACL2 >>(DEFUN PLUS (X Y) (IF (CONSP X) (CONS NIL (PLUS (CDR X) Y)) (FIX-NAT Y))) The admission of PLUS is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of PLUS is described by the theorem (TRUE-LISTP (PLUS X Y)). We used primitive type reasoning and the :type-prescription rule FIX-NAT. Summary Form: ( DEFUN PLUS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:TYPE-PRESCRIPTION FIX-NAT)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PLUS ACL2 >>(THEOREM PROBLEM-66C (NAT (PLUS X Y)) :HINTS (("Goal" :INDUCT (PLUS X Y) :IN-THEORY (ENABLE PROBLEM-66A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS X Y). This suggestion was produced using the :induction rule PLUS. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X Y)) (IMPLIES (AND (CONSP X) (:P (CDR X) Y)) (:P X Y))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (NAT (PLUS X Y))). But simplification reduces this to T, using the :definition PLUS and the :rewrite rule PROBLEM-66A. Subgoal *1/1 (IMPLIES (AND (CONSP X) (NAT (PLUS (CDR X) Y))) (NAT (PLUS X Y))). But simplification reduces this to T, using the :definitions NAT and PLUS, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rules NAT and PLUS. That completes the proof of *1. Q.E.D. The storage of PROBLEM-66C depends upon the :type-prescription rule NAT. Summary Form: ( DEFTHM PROBLEM-66C ...) Rules: ((:DEFINITION NAT) (:DEFINITION PLUS) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-66A) (:TYPE-PRESCRIPTION NAT) (:TYPE-PRESCRIPTION PLUS)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-66C ACL2 >>(THEOREM PROBLEM-66D (EQUAL (PLUS (FIX-NAT I) J) (PLUS I J)) :HINTS (("Goal" :INDUCT (PLUS I J)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS I J). This suggestion was produced using the :induction rule PLUS. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (:P (CDR I) J)) (:P I J))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (PLUS (FIX-NAT I) J) (PLUS I J))). But simplification reduces this to T, using the :definitions FIX-NAT and PLUS, the :executable-counterpart of CONSP and primitive type reasoning. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (PLUS (FIX-NAT (CDR I)) J) (PLUS (CDR I) J))) (EQUAL (PLUS (FIX-NAT I) J) (PLUS I J))). But simplification reduces this to T, using the :definitions FIX-NAT and PLUS, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rule FIX-NAT. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-66D ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION PLUS) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION FIX-NAT)) Warnings: None Time: 0.05 seconds (prove: 0.01, print: 0.04, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-66D ACL2 >>(THEOREM PROBLEM-66E (EQUAL (PLUS I (FIX-NAT J)) (PLUS I J)) :HINTS (("Goal" :INDUCT (PLUS I J) :IN-THEORY (ENABLE PROBLEM-66A PROBLEM-66B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS I J). This suggestion was produced using the :induction rule PLUS. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (:P (CDR I) J)) (:P I J))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (PLUS I (FIX-NAT J)) (PLUS I J))). But simplification reduces this to T, using the :definition PLUS, primitive type reasoning and the :rewrite rules PROBLEM-66A and PROBLEM-66B. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (PLUS (CDR I) (FIX-NAT J)) (PLUS (CDR I) J))) (EQUAL (PLUS I (FIX-NAT J)) (PLUS I J))). But simplification reduces this to T, using the :definition PLUS and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-66E ...) Rules: ((:DEFINITION PLUS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS) (:REWRITE PROBLEM-66A) (:REWRITE PROBLEM-66B)) Warnings: None Time: 0.06 seconds (prove: 0.01, print: 0.04, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-66E ACL2 >>(DEFUN TIMES (X Y) (IF (CONSP X) (PLUS Y (TIMES (CDR X) Y)) NIL)) The admission of TIMES is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of TIMES is described by the theorem (TRUE-LISTP (TIMES X Y)). We used the :type-prescription rule PLUS. Summary Form: ( DEFUN TIMES ...) Rules: ((:TYPE-PRESCRIPTION PLUS)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) TIMES ACL2 >>(THEOREM PROBLEM-67A (NAT (TIMES X Y)) :HINTS (("Goal" :INDUCT (TIMES X Y) :IN-THEORY (ENABLE PROBLEM-66C)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES X Y). This suggestion was produced using the :induction rule TIMES. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P X Y)) (IMPLIES (AND (CONSP X) (:P (CDR X) Y)) (:P X Y))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (NAT (TIMES X Y))). But simplification reduces this to T, using the :definition TIMES and the :executable-counterpart of NAT. Subgoal *1/1 (IMPLIES (AND (CONSP X) (NAT (TIMES (CDR X) Y))) (NAT (TIMES X Y))). But simplification reduces this to T, using the :definition TIMES and the :rewrite rule PROBLEM-66C. That completes the proof of *1. Q.E.D. The storage of PROBLEM-67A depends upon the :type-prescription rule NAT. Summary Form: ( DEFTHM PROBLEM-67A ...) Rules: ((:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART NAT) (:INDUCTION TIMES) (:REWRITE PROBLEM-66C) (:TYPE-PRESCRIPTION NAT)) Warnings: None Time: 0.07 seconds (prove: 0.03, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-67A ACL2 >>(THEOREM PROBLEM-67B (EQUAL (TIMES (FIX-NAT I) J) (TIMES I J)) :HINTS (("Goal" :INDUCT (TIMES I J)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I J). This suggestion was produced using the :induction rule TIMES. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (:P (CDR I) J)) (:P I J))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (TIMES (FIX-NAT I) J) (TIMES I J))). But simplification reduces this to T, using the :definitions FIX-NAT and TIMES and the :executable-counterparts of CONSP and EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (TIMES (FIX-NAT (CDR I)) J) (TIMES (CDR I) J))) (EQUAL (TIMES (FIX-NAT I) J) (TIMES I J))). But simplification reduces this to T, using the :definitions FIX-NAT and TIMES, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rule FIX-NAT. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-67B ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION FIX-NAT)) Warnings: None Time: 0.05 seconds (prove: 0.00, print: 0.04, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-67B ACL2 >>(THEOREM PROBLEM-67C (EQUAL (TIMES I (FIX-NAT J)) (TIMES I J)) :HINTS (("Goal" :INDUCT (TIMES I J) :IN-THEORY (ENABLE PROBLEM-66D)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I J). This suggestion was produced using the :induction rule TIMES. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (:P (CDR I) J)) (:P I J))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (TIMES I (FIX-NAT J)) (TIMES I J))). But simplification reduces this to T, using the :definition TIMES and the :executable-counterpart of EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (TIMES (CDR I) (FIX-NAT J)) (TIMES (CDR I) J))) (EQUAL (TIMES I (FIX-NAT J)) (TIMES I J))). But simplification reduces this to T, using the :definition TIMES, primitive type reasoning and the :rewrite rule PROBLEM-66D. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-67C ...) Rules: ((:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE PROBLEM-66D)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.03, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-67C ACL2 >>(DEFUN POWER (X Y) (IF (CONSP Y) (TIMES X (POWER X (CDR Y))) '(NIL))) The admission of POWER is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT Y). We observe that the type of POWER is described by the theorem (TRUE-LISTP (POWER X Y)). We used the :type-prescription rule TIMES. Summary Form: ( DEFUN POWER ...) Rules: ((:TYPE-PRESCRIPTION TIMES)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) POWER ACL2 >>(THEOREM PROBLEM-68A (NAT (POWER X Y)) :HINTS (("Goal" :INDUCT (POWER X Y) :IN-THEORY (ENABLE PROBLEM-67A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (POWER X Y). This suggestion was produced using the :induction rule POWER. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP Y)) (:P X Y)) (IMPLIES (AND (CONSP Y) (:P X (CDR Y))) (:P X Y))). This induction is justified by the same argument used to admit POWER, namely, the measure (ACL2-COUNT Y) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP Y)) (NAT (POWER X Y))). But simplification reduces this to T, using the :definition POWER and the :executable-counterpart of NAT. Subgoal *1/1 (IMPLIES (AND (CONSP Y) (NAT (POWER X (CDR Y)))) (NAT (POWER X Y))). But simplification reduces this to T, using the :definition POWER and the :rewrite rule PROBLEM-67A. That completes the proof of *1. Q.E.D. The storage of PROBLEM-68A depends upon the :type-prescription rule NAT. Summary Form: ( DEFTHM PROBLEM-68A ...) Rules: ((:DEFINITION POWER) (:EXECUTABLE-COUNTERPART NAT) (:INDUCTION POWER) (:REWRITE PROBLEM-67A) (:TYPE-PRESCRIPTION NAT)) Warnings: None Time: 0.04 seconds (prove: 0.00, print: 0.02, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-68A ACL2 >>(THEOREM PROBLEM-68B (EQUAL (POWER (FIX-NAT I) J) (POWER I J)) :HINTS (("Goal" :INDUCT (POWER I J) :IN-THEORY (ENABLE PROBLEM-67B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (POWER I J). This suggestion was produced using the :induction rule POWER. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP J)) (:P I J)) (IMPLIES (AND (CONSP J) (:P I (CDR J))) (:P I J))). This induction is justified by the same argument used to admit POWER, namely, the measure (ACL2-COUNT J) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP J)) (EQUAL (POWER (FIX-NAT I) J) (POWER I J))). But simplification reduces this to T, using the :definition POWER and the :executable-counterpart of EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP J) (EQUAL (POWER (FIX-NAT I) (CDR J)) (POWER I (CDR J)))) (EQUAL (POWER (FIX-NAT I) J) (POWER I J))). But simplification reduces this to T, using the :definition POWER, primitive type reasoning and the :rewrite rule PROBLEM-67B. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-68B ...) Rules: ((:DEFINITION POWER) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION POWER) (:REWRITE PROBLEM-67B)) Warnings: None Time: 0.06 seconds (prove: 0.03, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-68B ACL2 >>(THEOREM PROBLEM-68C (EQUAL (POWER I (FIX-NAT J)) (POWER I J)) :HINTS (("Goal" :INDUCT (POWER I J)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (POWER I J). This suggestion was produced using the :induction rule POWER. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP J)) (:P I J)) (IMPLIES (AND (CONSP J) (:P I (CDR J))) (:P I J))). This induction is justified by the same argument used to admit POWER, namely, the measure (ACL2-COUNT J) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP J)) (EQUAL (POWER I (FIX-NAT J)) (POWER I J))). But simplification reduces this to T, using the :definitions FIX-NAT and POWER and the :executable-counterparts of CONSP and EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP J) (EQUAL (POWER I (FIX-NAT (CDR J))) (POWER I (CDR J)))) (EQUAL (POWER I (FIX-NAT J)) (POWER I J))). But simplification reduces this to T, using the :definitions FIX-NAT and POWER, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rule FIX-NAT. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-68C ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION POWER) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION POWER) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION FIX-NAT)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.03, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-68C ACL2 >>(DEFUN LESSEQP (X Y) (IF (CONSP X) (IF (CONSP Y) (LESSEQP (CDR X) (CDR Y)) NIL) T)) The admission of LESSEQP is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of LESSEQP is described by the theorem (OR (EQUAL (LESSEQP X Y) T) (EQUAL (LESSEQP X Y) NIL)). Summary Form: ( DEFUN LESSEQP ...) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) LESSEQP ACL2 >>(THEOREM PROBLEM-69A (EQUAL (LESSEQP (FIX-NAT I) J) (LESSEQP I J)) :HINTS (("Goal" :INDUCT (LIST (FIX-NAT I) (LESSEQP I J))))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. Two induction schemes are suggested by the induction hint. Subsumption reduces that number to one. We will induct according to a scheme suggested by (LESSEQP I J). This suggestion was produced using the :induction rules FIX-NAT and LESSEQP. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (NOT (CONSP J))) (:P I J)) (IMPLIES (AND (CONSP I) (CONSP J) (:P (CDR I) (CDR J))) (:P I J))). This induction is justified by the same argument used to admit LESSEQP, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable J is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP I)) (EQUAL (LESSEQP (FIX-NAT I) J) (LESSEQP I J))). But simplification reduces this to T, using the :definitions FIX-NAT and LESSEQP and the :executable-counterparts of CONSP and EQUAL. Subgoal *1/2 (IMPLIES (AND (CONSP I) (NOT (CONSP J))) (EQUAL (LESSEQP (FIX-NAT I) J) (LESSEQP I J))). But simplification reduces this to T, using the :definitions FIX-NAT and LESSEQP, the :executable-counterpart of EQUAL, primitive type reasoning and the :type-prescription rule FIX-NAT. Subgoal *1/1 (IMPLIES (AND (CONSP I) (CONSP J) (EQUAL (LESSEQP (FIX-NAT (CDR I)) (CDR J)) (LESSEQP (CDR I) (CDR J)))) (EQUAL (LESSEQP (FIX-NAT I) J) (LESSEQP I J))). But simplification reduces this to T, using the :definitions FIX-NAT and LESSEQP, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rule FIX-NAT. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-69A ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION LESSEQP) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION FIX-NAT) (:INDUCTION LESSEQP) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION FIX-NAT)) Warnings: None Time: 0.09 seconds (prove: 0.00, print: 0.09, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-69A ACL2 >>(THEOREM PROBLEM-69B (EQUAL (LESSEQP I (FIX-NAT J)) (LESSEQP I J)) :HINTS (("Goal" :INDUCT (LESSEQP I J)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (LESSEQP I J). This suggestion was produced using the :induction rule LESSEQP. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (NOT (CONSP J))) (:P I J)) (IMPLIES (AND (CONSP I) (CONSP J) (:P (CDR I) (CDR J))) (:P I J))). This induction is justified by the same argument used to admit LESSEQP, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable J is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP I)) (EQUAL (LESSEQP I (FIX-NAT J)) (LESSEQP I J))). But simplification reduces this to T, using the :definition LESSEQP and the :executable-counterpart of EQUAL. Subgoal *1/2 (IMPLIES (AND (CONSP I) (NOT (CONSP J))) (EQUAL (LESSEQP I (FIX-NAT J)) (LESSEQP I J))). But simplification reduces this to T, using the :definitions FIX-NAT and LESSEQP and the :executable-counterparts of CONSP and EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP I) (CONSP J) (EQUAL (LESSEQP (CDR I) (FIX-NAT (CDR J))) (LESSEQP (CDR I) (CDR J)))) (EQUAL (LESSEQP I (FIX-NAT J)) (LESSEQP I J))). But simplification reduces this to T, using the :definitions FIX-NAT and LESSEQP, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rule FIX-NAT. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-69B ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION LESSEQP) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION LESSEQP) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION FIX-NAT)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.03, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-69B ACL2 >>(DEFUN EVENNAT (X) (IF (CONSP X) (IF (CONSP (CDR X)) (EVENNAT (CDR (CDR X))) NIL) T)) For the admission of EVENNAT we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). The non-trivial part of the measure conjecture is Goal (IMPLIES (AND (CONSP X) (CONSP (CDR X))) (O< (ACL2-COUNT (CDDR X)) (ACL2-COUNT X))). This simplifies, using the :definitions O-FINP and O< and the :type- prescription rule ACL2-COUNT, to Goal' (IMPLIES (AND (CONSP X) (CONSP (CDR X))) (< (ACL2-COUNT (CDDR X)) (ACL2-COUNT X))). The destructor terms (CAR X) and (CDR X) can be eliminated. Furthermore, those terms are at the root of a chain of two rounds of destructor elimination. (1) Use CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. (2) Use CAR-CDR-ELIM, again, to replace X2 by (CONS X3 X4), (CAR X2) by X3 and (CDR X2) by X4. These steps produce the following goal. Goal'' (IMPLIES (AND (CONSP (CONS X3 X4)) (CONSP (LIST* X1 X3 X4))) (< (ACL2-COUNT X4) (ACL2-COUNT (LIST* X1 X3 X4)))). This simplifies, using the :definition ACL2-COUNT, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Goal''' (< (ACL2-COUNT X4) (+ 1 (ACL2-COUNT X1) 1 (ACL2-COUNT X3) (ACL2-COUNT X4))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule ACL2-COUNT. Q.E.D. That completes the proof of the measure theorem for EVENNAT. Thus, we admit this function under the principle of definition. We observe that the type of EVENNAT is described by the theorem (OR (EQUAL (EVENNAT X) T) (EQUAL (EVENNAT X) NIL)). Summary Form: ( DEFUN EVENNAT ...) Rules: ((:DEFINITION ACL2-COUNT) (:DEFINITION NOT) (:DEFINITION O-FINP) (:DEFINITION O<) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION ACL2-COUNT)) Warnings: None Time: 0.03 seconds (prove: 0.02, print: 0.00, other: 0.01) EVENNAT ACL2 >>(THEOREM PROBLEM-70A (EQUAL (EVENNAT (FIX-NAT I)) (EVENNAT I)) :HINTS (("Goal" :INDUCT (EVENNAT I)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (EVENNAT I). This suggestion was produced using the :induction rule EVENNAT. If we let (:P I) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I)) (IMPLIES (AND (CONSP I) (NOT (CONSP (CDR I)))) (:P I)) (IMPLIES (AND (CONSP I) (CONSP (CDR I)) (:P (CDDR I))) (:P I))). This induction is justified by the same argument used to admit EVENNAT, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP I)) (EQUAL (EVENNAT (FIX-NAT I)) (EVENNAT I))). But simplification reduces this to T, using the :definitions EVENNAT and FIX-NAT and the :executable-counterparts of EQUAL and EVENNAT. Subgoal *1/2 (IMPLIES (AND (CONSP I) (NOT (CONSP (CDR I)))) (EQUAL (EVENNAT (FIX-NAT I)) (EVENNAT I))). But simplification reduces this to T, using the :definitions EVENNAT and FIX-NAT and the :executable-counterparts of CONS, EQUAL and EVENNAT. Subgoal *1/1 (IMPLIES (AND (CONSP I) (CONSP (CDR I)) (EQUAL (EVENNAT (FIX-NAT (CDDR I))) (EVENNAT (CDDR I)))) (EQUAL (EVENNAT (FIX-NAT I)) (EVENNAT I))). But simplification reduces this to T, using the :definitions EVENNAT and FIX-NAT, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rule FIX-NAT. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-70A ...) Rules: ((:DEFINITION EVENNAT) (:DEFINITION FIX-NAT) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EVENNAT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION EVENNAT) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION FIX-NAT)) Warnings: None Time: 0.05 seconds (prove: 0.00, print: 0.05, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.05 seconds (prove: 0.00, print: 0.00, other: 0.05) PROBLEM-70A ACL2 >>(THEOREM PROBLEM-71A (IMPLIES (NOT (CONSP Z)) (EQUAL (PLUS I Z) (FIX-NAT I))) :HINTS (("Goal" :INDUCT (PLUS I Z)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS I Z). This suggestion was produced using the :induction rule PLUS. If we let (:P I Z) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I Z)) (IMPLIES (AND (CONSP I) (:P (CDR I) Z)) (:P I Z))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (IMPLIES (NOT (CONSP Z)) (EQUAL (PLUS I Z) (FIX-NAT I)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP I)) (NOT (CONSP Z))) (EQUAL (PLUS I Z) (FIX-NAT I))). But simplification reduces this to T, using the :definitions FIX-NAT and PLUS and the :executable-counterpart of EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP I) (IMPLIES (NOT (CONSP Z)) (EQUAL (PLUS (CDR I) Z) (FIX-NAT (CDR I))))) (IMPLIES (NOT (CONSP Z)) (EQUAL (PLUS I Z) (FIX-NAT I)))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP I) (IMPLIES (NOT (CONSP Z)) (EQUAL (PLUS (CDR I) Z) (FIX-NAT (CDR I)))) (NOT (CONSP Z))) (EQUAL (PLUS I Z) (FIX-NAT I))). But simplification reduces this to T, using the :definitions FIX-NAT and PLUS, the :executable-counterpart of NOT and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-71A ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION NOT) (:DEFINITION PLUS) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-71A ACL2 >>(THEOREM PROBLEM-71 (IMPLIES (NAT I) (EQUAL (PLUS I NIL) I)) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-66B PROBLEM-71A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using primitive type reasoning, the :rewrite rules PROBLEM-66B and PROBLEM-71A and the :type-prescription rule NAT. Q.E.D. Summary Form: ( DEFTHM PROBLEM-71 ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE PROBLEM-66B) (:REWRITE PROBLEM-71A) (:TYPE-PRESCRIPTION NAT)) Warnings: None Time: 0.03 seconds (prove: 0.02, print: 0.00, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-71 ACL2 >>(THEOREM PROBLEM-72 (EQUAL (PLUS (PLUS I J) K) (PLUS I (PLUS J K))) :HINTS (("Goal" :INDUCT (PLUS I J) :IN-THEORY (ENABLE PROBLEM-66B PROBLEM-66C PROBLEM-66D)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS I J). This suggestion was produced using the :induction rule PLUS. If we let (:P I J K) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J K)) (IMPLIES (AND (CONSP I) (:P (CDR I) J K)) (:P I J K))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (PLUS (PLUS I J) K) (PLUS I (PLUS J K)))). But simplification reduces this to T, using the :definition PLUS, primitive type reasoning and the :rewrite rules PROBLEM-66B, PROBLEM-66C and PROBLEM-66D. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (PLUS (PLUS (CDR I) J) K) (PLUS (CDR I) (PLUS J K)))) (EQUAL (PLUS (PLUS I J) K) (PLUS I (PLUS J K)))). But simplification reduces this to T, using the :definition PLUS, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rule PLUS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-72 ...) Rules: ((:DEFINITION PLUS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-66B) (:REWRITE PROBLEM-66C) (:REWRITE PROBLEM-66D) (:TYPE-PRESCRIPTION PLUS)) Warnings: None Time: 0.06 seconds (prove: 0.03, print: 0.03, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-72 ACL2 >>(THEOREM PROBLEM-73A (EQUAL (PLUS I (CONS X J)) (CONS NIL (PLUS I J))) :HINTS (("Goal" :INDUCT (PLUS I J)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS I J). This suggestion was produced using the :induction rule PLUS. If we let (:P I J X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J X)) (IMPLIES (AND (CONSP I) (:P (CDR I) J X)) (:P I J X))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (PLUS I (CONS X J)) (CONS NIL (PLUS I J)))). But simplification reduces this to T, using the :definitions FIX-NAT and PLUS, primitive type reasoning and the :rewrite rule CDR-CONS. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (PLUS (CDR I) (CONS X J)) (CONS NIL (PLUS (CDR I) J)))) (EQUAL (PLUS I (CONS X J)) (CONS NIL (PLUS I J)))). But simplification reduces this to T, using the :definition PLUS and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-73A ...) Rules: ((:DEFINITION FIX-NAT) (:DEFINITION PLUS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS) (:REWRITE CDR-CONS)) Warnings: None Time: 0.03 seconds (prove: 0.01, print: 0.02, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-73A ACL2 >>(THEOREM PROBLEM-73 (EQUAL (PLUS I J) (PLUS J I)) :HINTS (("Goal" :INDUCT (PLUS I J) :IN-THEORY (ENABLE PROBLEM-71A PROBLEM-73A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS I J). This suggestion was produced using the :induction rule PLUS. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (:P (CDR I) J)) (:P I J))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (PLUS I J) (PLUS J I))). But simplification reduces this to T, using the :definition PLUS, primitive type reasoning and the :rewrite rule PROBLEM-71A. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (PLUS (CDR I) J) (PLUS J (CDR I)))) (EQUAL (PLUS I J) (PLUS J I))). This simplifies, using the :definition PLUS, to Subgoal *1/1' (IMPLIES (AND (CONSP I) (EQUAL (PLUS (CDR I) J) (PLUS J (CDR I)))) (EQUAL (CONS NIL (PLUS J (CDR I))) (PLUS J I))). The destructor terms (CAR I) and (CDR I) can be eliminated by using CAR-CDR-ELIM to replace I by (CONS I1 I2), (CAR I) by I1 and (CDR I) by I2. This produces the following goal. Subgoal *1/1'' (IMPLIES (AND (CONSP (CONS I1 I2)) (EQUAL (PLUS I2 J) (PLUS J I2))) (EQUAL (CONS NIL (PLUS J I2)) (PLUS J (CONS I1 I2)))). But we reduce the conjecture to T, by the simple :rewrite rule PROBLEM- 73A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-73 ...) Rules: ((:DEFINITION PLUS) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS) (:REWRITE PROBLEM-71A) (:REWRITE PROBLEM-73A)) Warnings: None Time: 0.04 seconds (prove: 0.02, print: 0.02, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-73 ACL2 >>(THEOREM PROBLEM-74A (EQUAL (PLUS I (PLUS J K)) (PLUS J (PLUS I K))) :HINTS (("Goal" :INDUCT (PLUS J K) :IN-THEORY (ENABLE PROBLEM-66B PROBLEM-66C PROBLEM-66E PROBLEM-73A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS J K). This suggestion was produced using the :induction rule PLUS. If we let (:P I J K) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP J)) (:P I J K)) (IMPLIES (AND (CONSP J) (:P I (CDR J) K)) (:P I J K))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT J) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP J)) (EQUAL (PLUS I (PLUS J K)) (PLUS J (PLUS I K)))). But simplification reduces this to T, using the :definition PLUS, primitive type reasoning and the :rewrite rules PROBLEM-66B, PROBLEM-66C and PROBLEM-66E. Subgoal *1/1 (IMPLIES (AND (CONSP J) (EQUAL (PLUS I (PLUS (CDR J) K)) (PLUS (CDR J) (PLUS I K)))) (EQUAL (PLUS I (PLUS J K)) (PLUS J (PLUS I K)))). But simplification reduces this to T, using the :definition PLUS, primitive type reasoning and the :rewrite rule PROBLEM-73A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-74A ...) Rules: ((:DEFINITION PLUS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS) (:REWRITE PROBLEM-66B) (:REWRITE PROBLEM-66C) (:REWRITE PROBLEM-66E) (:REWRITE PROBLEM-73A)) Warnings: None Time: 0.04 seconds (prove: 0.03, print: 0.00, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-74A ACL2 >>(THEOREM PROBLEM-74B (EQUAL (TIMES (PLUS I J) K) (PLUS (TIMES I K) (TIMES J K))) :HINTS (("Goal" :INDUCT (TIMES I K) :IN-THEORY (ENABLE PROBLEM-66B PROBLEM-67A PROBLEM-67B PROBLEM-73 PROBLEM-74A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I K). This suggestion was produced using the :induction rule TIMES. If we let (:P I J K) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J K)) (IMPLIES (AND (CONSP I) (:P (CDR I) J K)) (:P I J K))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (TIMES (PLUS I J) K) (PLUS (TIMES I K) (TIMES J K)))). But simplification reduces this to T, using the :definitions PLUS and TIMES, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules PROBLEM-66B, PROBLEM-67A and PROBLEM-67B. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (TIMES (PLUS (CDR I) J) K) (PLUS (TIMES (CDR I) K) (TIMES J K)))) (EQUAL (TIMES (PLUS I J) K) (PLUS (TIMES I K) (TIMES J K)))). But simplification reduces this to T, using the :definitions PLUS and TIMES, primitive type reasoning, the :rewrite rules CDR-CONS, PROBLEM- 73 and PROBLEM-74A and the :type-prescription rule PLUS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-74B ...) Rules: ((:DEFINITION PLUS) (:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-66B) (:REWRITE PROBLEM-67A) (:REWRITE PROBLEM-67B) (:REWRITE PROBLEM-73) (:REWRITE PROBLEM-74A) (:TYPE-PRESCRIPTION PLUS)) Warnings: None Time: 0.05 seconds (prove: 0.01, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-74B ACL2 >>(THEOREM PROBLEM-74 (EQUAL (TIMES (TIMES I J) K) (TIMES I (TIMES J K))) :HINTS (("Goal" :INDUCT (TIMES I J) :IN-THEORY (ENABLE PROBLEM-74B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I J). This suggestion was produced using the :induction rule TIMES. If we let (:P I J K) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J K)) (IMPLIES (AND (CONSP I) (:P (CDR I) J K)) (:P I J K))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (TIMES (TIMES I J) K) (TIMES I (TIMES J K)))). But simplification reduces this to T, using the :definition TIMES and the :executable-counterparts of CONSP and EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (TIMES (TIMES (CDR I) J) K) (TIMES (CDR I) (TIMES J K)))) (EQUAL (TIMES (TIMES I J) K) (TIMES I (TIMES J K)))). But simplification reduces this to T, using the :definition TIMES, primitive type reasoning and the :rewrite rule PROBLEM-74B. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-74 ...) Rules: ((:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE PROBLEM-74B)) Warnings: None Time: 0.06 seconds (prove: 0.02, print: 0.02, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-74 ACL2 >>(THEOREM PROBLEM-75A (IMPLIES (NOT (CONSP Z)) (EQUAL (TIMES I Z) NIL)) :HINTS (("Goal" :INDUCT (TIMES I Z) :IN-THEORY (ENABLE PROBLEM-71A PROBLEM-73)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I Z). This suggestion was produced using the :induction rule TIMES. If we let (:P I Z) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I Z)) (IMPLIES (AND (CONSP I) (:P (CDR I) Z)) (:P I Z))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (IMPLIES (NOT (CONSP Z)) (EQUAL (TIMES I Z) NIL))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP I)) (NOT (CONSP Z))) (EQUAL (TIMES I Z) NIL)). But simplification reduces this to T, using the :definition TIMES and the :executable-counterpart of EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP I) (IMPLIES (NOT (CONSP Z)) (EQUAL (TIMES (CDR I) Z) NIL))) (IMPLIES (NOT (CONSP Z)) (EQUAL (TIMES I Z) NIL))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP I) (IMPLIES (NOT (CONSP Z)) (EQUAL (TIMES (CDR I) Z) NIL)) (NOT (CONSP Z))) (EQUAL (TIMES I Z) NIL)). But simplification reduces this to T, using the :definition TIMES, the :executable-counterparts of EQUAL, FIX-NAT and NOT, primitive type reasoning and the :rewrite rules PROBLEM-71A and PROBLEM-73. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-75A ...) Rules: ((:DEFINITION NOT) (:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART FIX-NAT) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE PROBLEM-71A) (:REWRITE PROBLEM-73)) Warnings: None Time: 0.07 seconds (prove: 0.01, print: 0.06, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-75A ACL2 >>(THEOREM PROBLEM-75B (EQUAL (TIMES I (CONS X J)) (PLUS I (TIMES I J))) :HINTS (("Goal" :INDUCT (TIMES I J) :IN-THEORY (ENABLE PROBLEM-71A PROBLEM-73 PROBLEM-74A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I J). This suggestion was produced using the :induction rule TIMES. If we let (:P I J X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J X)) (IMPLIES (AND (CONSP I) (:P (CDR I) J X)) (:P I J X))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (TIMES I (CONS X J)) (PLUS I (TIMES I J)))). But simplification reduces this to T, using the :definition TIMES, the :executable-counterparts of EQUAL and FIX-NAT and the :rewrite rules PROBLEM-71A and PROBLEM-73. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (TIMES (CDR I) (CONS X J)) (PLUS (CDR I) (TIMES (CDR I) J)))) (EQUAL (TIMES I (CONS X J)) (PLUS I (TIMES I J)))). This simplifies, using the :definitions PLUS and TIMES, primitive type reasoning and the :rewrite rule CDR-CONS, to Subgoal *1/1' (IMPLIES (AND (CONSP I) (EQUAL (TIMES (CDR I) (CONS X J)) (PLUS (CDR I) (TIMES (CDR I) J)))) (EQUAL (CONS NIL (PLUS J (TIMES (CDR I) (CONS X J)))) (PLUS I (PLUS J (TIMES (CDR I) J))))). But simplification reduces this to T, using the :definition PLUS, primitive type reasoning and the :rewrite rule PROBLEM-74A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-75B ...) Rules: ((:DEFINITION PLUS) (:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART FIX-NAT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-71A) (:REWRITE PROBLEM-73) (:REWRITE PROBLEM-74A)) Warnings: None Time: 0.15 seconds (prove: 0.01, print: 0.13, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-75B ACL2 >>(THEOREM PROBLEM-75 (EQUAL (TIMES I J) (TIMES J I)) :HINTS (("Goal" :INDUCT (TIMES I J) :IN-THEORY (ENABLE PROBLEM-75A PROBLEM-75B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I J). This suggestion was produced using the :induction rule TIMES. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (:P (CDR I) J)) (:P I J))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (TIMES I J) (TIMES J I))). But simplification reduces this to T, using the :definition TIMES, the :executable-counterpart of EQUAL and the :rewrite rule PROBLEM- 75A. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (TIMES (CDR I) J) (TIMES J (CDR I)))) (EQUAL (TIMES I J) (TIMES J I))). This simplifies, using the :definition TIMES, to Subgoal *1/1' (IMPLIES (AND (CONSP I) (EQUAL (TIMES (CDR I) J) (TIMES J (CDR I)))) (EQUAL (PLUS J (TIMES J (CDR I))) (TIMES J I))). The destructor terms (CAR I) and (CDR I) can be eliminated by using CAR-CDR-ELIM to replace I by (CONS I1 I2), (CAR I) by I1 and (CDR I) by I2. This produces the following goal. Subgoal *1/1'' (IMPLIES (AND (CONSP (CONS I1 I2)) (EQUAL (TIMES I2 J) (TIMES J I2))) (EQUAL (PLUS J (TIMES J I2)) (TIMES J (CONS I1 I2)))). But we reduce the conjecture to T, by the simple :rewrite rule PROBLEM- 75B. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-75 ...) Rules: ((:DEFINITION TIMES) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART EQUAL) (:INDUCTION TIMES) (:REWRITE PROBLEM-75A) (:REWRITE PROBLEM-75B)) Warnings: None Time: 0.08 seconds (prove: 0.03, print: 0.04, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-75 ACL2 >>(THEOREM PROBLEM-76A (EQUAL (TIMES I (PLUS J K)) (PLUS (TIMES I J) (TIMES I K))) :HINTS (("Goal" :INDUCT (TIMES I K) :IN-THEORY (ENABLE PROBLEM-72 PROBLEM-73 PROBLEM-74A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I K). This suggestion was produced using the :induction rule TIMES. If we let (:P I J K) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J K)) (IMPLIES (AND (CONSP I) (:P (CDR I) J K)) (:P I J K))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (TIMES I (PLUS J K)) (PLUS (TIMES I J) (TIMES I K)))). But simplification reduces this to T, using the :definition TIMES and the :executable-counterparts of EQUAL and PLUS. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (TIMES (CDR I) (PLUS J K)) (PLUS (TIMES (CDR I) J) (TIMES (CDR I) K)))) (EQUAL (TIMES I (PLUS J K)) (PLUS (TIMES I J) (TIMES I K)))). But simplification reduces this to T, using the :definition TIMES, primitive type reasoning and the :rewrite rules PROBLEM-72, PROBLEM- 73 and PROBLEM-74A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-76A ...) Rules: ((:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART PLUS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE PROBLEM-72) (:REWRITE PROBLEM-73) (:REWRITE PROBLEM-74A)) Warnings: None Time: 0.07 seconds (prove: 0.00, print: 0.06, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-76A ACL2 >>(THEOREM PROBLEM-76B (EQUAL (TIMES I (TIMES J K)) (TIMES J (TIMES I K))) :HINTS (("Goal" :INDUCT (TIMES J K) :IN-THEORY (ENABLE PROBLEM-75 PROBLEM-76A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES J K). This suggestion was produced using the :induction rule TIMES. If we let (:P I J K) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP J)) (:P I J K)) (IMPLIES (AND (CONSP J) (:P I (CDR J) K)) (:P I J K))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT J) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP J)) (EQUAL (TIMES I (TIMES J K)) (TIMES J (TIMES I K)))). But simplification reduces this to T, using the :definition TIMES, the :executable-counterparts of CONSP and EQUAL and the :rewrite rule PROBLEM-75. Subgoal *1/1 (IMPLIES (AND (CONSP J) (EQUAL (TIMES I (TIMES (CDR J) K)) (TIMES (CDR J) (TIMES I K)))) (EQUAL (TIMES I (TIMES J K)) (TIMES J (TIMES I K)))). But simplification reduces this to T, using the :definition TIMES, primitive type reasoning and the :rewrite rule PROBLEM-76A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-76B ...) Rules: ((:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE PROBLEM-75) (:REWRITE PROBLEM-76A)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-76B ACL2 >>(THEOREM PROBLEM-76 (EQUAL (POWER B (PLUS I J)) (TIMES (POWER B I) (POWER B J))) :HINTS (("Goal" :INDUCT (POWER B I) :IN-THEORY (ENABLE PROBLEM-66B PROBLEM-68A PROBLEM-68C PROBLEM-73 PROBLEM-75 PROBLEM-76B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (POWER B I). This suggestion was produced using the :induction rule POWER. If we let (:P B I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P B I J)) (IMPLIES (AND (CONSP I) (:P B (CDR I) J)) (:P B I J))). This induction is justified by the same argument used to admit POWER, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (POWER B (PLUS I J)) (TIMES (POWER B I) (POWER B J)))). But simplification reduces this to T, using the :definitions PLUS, POWER and TIMES, the :executable-counterparts of CDR and CONSP, primitive type reasoning and the :rewrite rules PROBLEM-66B, PROBLEM-68A, PROBLEM- 68C and PROBLEM-73. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (POWER B (PLUS (CDR I) J)) (TIMES (POWER B (CDR I)) (POWER B J)))) (EQUAL (POWER B (PLUS I J)) (TIMES (POWER B I) (POWER B J)))). But simplification reduces this to T, using the :definitions PLUS and POWER, primitive type reasoning, the :rewrite rules CDR-CONS, PROBLEM- 73, PROBLEM-75 and PROBLEM-76B and the :type-prescription rule PLUS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-76 ...) Rules: ((:DEFINITION PLUS) (:DEFINITION POWER) (:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION POWER) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-66B) (:REWRITE PROBLEM-68A) (:REWRITE PROBLEM-68C) (:REWRITE PROBLEM-73) (:REWRITE PROBLEM-75) (:REWRITE PROBLEM-76B) (:TYPE-PRESCRIPTION PLUS)) Warnings: None Time: 0.07 seconds (prove: 0.01, print: 0.06, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-76 ACL2 >>(THEOREM PROBLEM-77A (EQUAL (POWER (TIMES A B) I) (TIMES (POWER A I) (POWER B I))) :HINTS (("Goal" :INDUCT (POWER B I) :IN-THEORY (ENABLE PROBLEM-74 PROBLEM-75 PROBLEM-76B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (POWER B I). This suggestion was produced using the :induction rule POWER. If we let (:P A B I) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P A B I)) (IMPLIES (AND (CONSP I) (:P A B (CDR I))) (:P A B I))). This induction is justified by the same argument used to admit POWER, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (POWER (TIMES A B) I) (TIMES (POWER A I) (POWER B I)))). But simplification reduces this to T, using the :definition POWER and the :executable-counterparts of EQUAL and TIMES. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (POWER (TIMES A B) (CDR I)) (TIMES (POWER A (CDR I)) (POWER B (CDR I))))) (EQUAL (POWER (TIMES A B) I) (TIMES (POWER A I) (POWER B I)))). But simplification reduces this to T, using the :definition POWER, primitive type reasoning and the :rewrite rules PROBLEM-74, PROBLEM- 75 and PROBLEM-76B. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-77A ...) Rules: ((:DEFINITION POWER) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART TIMES) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION POWER) (:REWRITE PROBLEM-74) (:REWRITE PROBLEM-75) (:REWRITE PROBLEM-76B)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-77A ACL2 >>(THEOREM PROBLEM-77B (EQUAL (POWER '(NIL) I) '(NIL)) :HINTS (("Goal" :INDUCT (POWER '(NIL) I)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (POWER '(NIL) I). This suggestion was produced using the :induction rule POWER. If we let (:P I) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I)) (IMPLIES (AND (CONSP I) (:P (CDR I))) (:P I))). This induction is justified by the same argument used to admit POWER, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (POWER '(NIL) I) '(NIL))). But simplification reduces this to T, using the :definition POWER and the :executable-counterpart of EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (POWER '(NIL) (CDR I)) '(NIL))) (EQUAL (POWER '(NIL) I) '(NIL))). But simplification reduces this to T, using the :definition POWER and the :executable-counterparts of EQUAL and TIMES. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-77B ...) Rules: ((:DEFINITION POWER) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART TIMES) (:INDUCTION POWER)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.02, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-77B ACL2 >>(THEOREM PROBLEM-77 (EQUAL (POWER (POWER B I) J) (POWER B (TIMES I J))) :HINTS (("Goal" :INDUCT (TIMES I J) :IN-THEORY (ENABLE PROBLEM-76 PROBLEM-77A PROBLEM-77B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (TIMES I J). This suggestion was produced using the :induction rule TIMES. If we let (:P B I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P B I J)) (IMPLIES (AND (CONSP I) (:P B (CDR I) J)) (:P B I J))). This induction is justified by the same argument used to admit TIMES, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (POWER (POWER B I) J) (POWER B (TIMES I J)))). But simplification reduces this to T, using the :definitions POWER and TIMES, the :executable-counterparts of CONSP and EQUAL and the :rewrite rule PROBLEM-77B. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (POWER (POWER B (CDR I)) J) (POWER B (TIMES (CDR I) J)))) (EQUAL (POWER (POWER B I) J) (POWER B (TIMES I J)))). But simplification reduces this to T, using the :definitions POWER and TIMES, primitive type reasoning and the :rewrite rules PROBLEM- 76 and PROBLEM-77A. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-77 ...) Rules: ((:DEFINITION POWER) (:DEFINITION TIMES) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION TIMES) (:REWRITE PROBLEM-76) (:REWRITE PROBLEM-77A) (:REWRITE PROBLEM-77B)) Warnings: None Time: 0.06 seconds (prove: 0.03, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-77 ACL2 >>(THEOREM PROBLEM-78 (LESSEQP I I) :HINTS (("Goal" :INDUCT (LESSEQP I I)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (LESSEQP I I). This suggestion was produced using the :induction rule LESSEQP. If we let (:P I) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I)) (IMPLIES (AND (CONSP I) (CONSP I) (:P (CDR I))) (:P I))). This induction is justified by the same argument used to admit LESSEQP, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (LESSEQP I I)). But simplification reduces this to T, using the :definition LESSEQP. Subgoal *1/1 (IMPLIES (AND (CONSP I) (CONSP I) (LESSEQP (CDR I) (CDR I))) (LESSEQP I I)). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP I) (LESSEQP (CDR I) (CDR I))) (LESSEQP I I)). But simplification reduces this to T, using the :definition LESSEQP and the :type-prescription rule LESSEQP. That completes the proof of *1. Q.E.D. The storage of PROBLEM-78 depends upon the :type-prescription rule LESSEQP. Summary Form: ( DEFTHM PROBLEM-78 ...) Rules: ((:DEFINITION LESSEQP) (:DEFINITION NOT) (:INDUCTION LESSEQP) (:TYPE-PRESCRIPTION LESSEQP)) Warnings: None Time: 0.03 seconds (prove: 0.01, print: 0.02, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-78 ACL2 >>(THEOREM PROBLEM-79 (IMPLIES (AND (LESSEQP I J) (LESSEQP J K)) (LESSEQP I K)) :HINTS (("Goal" :INDUCT (LIST (LESSEQP I J) (LESSEQP I K))))) ACL2 Warning [Free] in ( DEFTHM PROBLEM-79 ...): The :REWRITE rule generated from PROBLEM-79 contains the free variable J. This variable will be chosen by searching for an instance of (LESSEQP I J) among the hypotheses of the conjecture being rewritten. This is generally a severe restriction on the applicability of the :REWRITE rule. See :DOC free-variables. [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. Two induction schemes are suggested by the induction hint. These merge into one derived induction scheme. We will induct according to a scheme suggested by (LESSEQP I K), but modified to accommodate (LESSEQP I J). These suggestions were produced using the :induction rule LESSEQP. If we let (:P I J K) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J K)) (IMPLIES (AND (CONSP I) (NOT (CONSP K))) (:P I J K)) (IMPLIES (AND (CONSP I) (CONSP K) (:P (CDR I) (CDR J) (CDR K))) (:P I J K))). This induction is justified by the same argument used to admit LESSEQP, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variables J and K are being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP I)) (IMPLIES (AND (LESSEQP I J) (LESSEQP J K)) (LESSEQP I K))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP I)) (LESSEQP I J) (LESSEQP J K)) (LESSEQP I K)). But simplification reduces this to T, using the :definition LESSEQP. Subgoal *1/2 (IMPLIES (AND (CONSP I) (NOT (CONSP K))) (IMPLIES (AND (LESSEQP I J) (LESSEQP J K)) (LESSEQP I K))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP I) (NOT (CONSP K)) (LESSEQP I J) (LESSEQP J K)) (LESSEQP I K)). But simplification reduces this to T, using the :definition LESSEQP. Subgoal *1/1 (IMPLIES (AND (CONSP I) (CONSP K) (IMPLIES (AND (LESSEQP (CDR I) (CDR J)) (LESSEQP (CDR J) (CDR K))) (LESSEQP (CDR I) (CDR K)))) (IMPLIES (AND (LESSEQP I J) (LESSEQP J K)) (LESSEQP I K))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP I) (CONSP K) (IMPLIES (AND (LESSEQP (CDR I) (CDR J)) (LESSEQP (CDR J) (CDR K))) (LESSEQP (CDR I) (CDR K))) (LESSEQP I J) (LESSEQP J K)) (LESSEQP I K)). But simplification reduces this to T, using the :definition LESSEQP and the :type-prescription rule LESSEQP. That completes the proof of *1. Q.E.D. The storage of PROBLEM-79 depends upon the :type-prescription rule LESSEQP. Summary Form: ( DEFTHM PROBLEM-79 ...) Rules: ((:DEFINITION LESSEQP) (:DEFINITION NOT) (:INDUCTION LESSEQP) (:TYPE-PRESCRIPTION LESSEQP)) Warnings: Free Time: 0.11 seconds (prove: 0.04, print: 0.04, other: 0.03) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-79 ACL2 >>(THEOREM PROBLEM-80 (EQUAL (LESSEQP (PLUS I J) (PLUS I K)) (LESSEQP J K)) :HINTS (("Goal" :INDUCT (PLUS I K) :IN-THEORY (ENABLE PROBLEM-69A PROBLEM-69B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PLUS I K). This suggestion was produced using the :induction rule PLUS. If we let (:P I J K) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J K)) (IMPLIES (AND (CONSP I) (:P (CDR I) J K)) (:P I J K))). This induction is justified by the same argument used to admit PLUS, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP I)) (EQUAL (LESSEQP (PLUS I J) (PLUS I K)) (LESSEQP J K))). But simplification reduces this to T, using the :definition PLUS, primitive type reasoning and the :rewrite rules PROBLEM-69A and PROBLEM-69B. Subgoal *1/1 (IMPLIES (AND (CONSP I) (EQUAL (LESSEQP (PLUS (CDR I) J) (PLUS (CDR I) K)) (LESSEQP J K))) (EQUAL (LESSEQP (PLUS I J) (PLUS I K)) (LESSEQP J K))). But simplification reduces this to T, using the :definitions LESSEQP and PLUS, primitive type reasoning, the :rewrite rule CDR-CONS and the :type-prescription rule PLUS. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-80 ...) Rules: ((:DEFINITION LESSEQP) (:DEFINITION PLUS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PLUS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-69A) (:REWRITE PROBLEM-69B) (:TYPE-PRESCRIPTION PLUS)) Warnings: None Time: 0.06 seconds (prove: 0.00, print: 0.04, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-80 ACL2 >>(THEOREM PROBLEM-81 (IMPLIES (AND (EVENNAT I) (EVENNAT J)) (EVENNAT (PLUS I J))) :HINTS (("Goal" :INDUCT (EVENNAT I) :IN-THEORY (ENABLE PROBLEM-70A PROBLEM-73 PROBLEM-73A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (EVENNAT I). This suggestion was produced using the :induction rule EVENNAT. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP I)) (:P I J)) (IMPLIES (AND (CONSP I) (NOT (CONSP (CDR I)))) (:P I J)) (IMPLIES (AND (CONSP I) (CONSP (CDR I)) (:P (CDDR I) J)) (:P I J))). This induction is justified by the same argument used to admit EVENNAT, namely, the measure (ACL2-COUNT I) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP I)) (IMPLIES (AND (EVENNAT I) (EVENNAT J)) (EVENNAT (PLUS I J)))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP I)) (EVENNAT I) (EVENNAT J)) (EVENNAT (PLUS I J))). But simplification reduces this to T, using the :definitions EVENNAT and PLUS, the :rewrite rule PROBLEM-70A and the :type-prescription rule EVENNAT. Subgoal *1/2 (IMPLIES (AND (CONSP I) (NOT (CONSP (CDR I)))) (IMPLIES (AND (EVENNAT I) (EVENNAT J)) (EVENNAT (PLUS I J)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP I) (NOT (CONSP (CDR I))) (EVENNAT I) (EVENNAT J)) (EVENNAT (PLUS I J))). But simplification reduces this to T, using the :definition EVENNAT. Subgoal *1/1 (IMPLIES (AND (CONSP I) (CONSP (CDR I)) (IMPLIES (AND (EVENNAT (CDDR I)) (EVENNAT J)) (EVENNAT (PLUS (CDDR I) J)))) (IMPLIES (AND (EVENNAT I) (EVENNAT J)) (EVENNAT (PLUS I J)))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP I) (CONSP (CDR I)) (IMPLIES (AND (EVENNAT (CDDR I)) (EVENNAT J)) (EVENNAT (PLUS (CDDR I) J))) (EVENNAT I) (EVENNAT J)) (EVENNAT (PLUS I J))). This simplifies, using the :definitions EVENNAT and PLUS, the :rewrite rule PROBLEM-73 and the :type-prescription rule EVENNAT, to Subgoal *1/1'' (IMPLIES (AND (CONSP I) (CONSP (CDR I)) (EVENNAT (PLUS J (CDDR I))) (EVENNAT (CDDR I)) (EVENNAT J)) (EVENNAT (CONS NIL (PLUS J (CDR I))))). The destructor terms (CAR I) and (CDR I) can be eliminated. Furthermore, those terms are at the root of a chain of two rounds of destructor elimination. (1) Use CAR-CDR-ELIM to replace I by (CONS I1 I2), (CAR I) by I1 and (CDR I) by I2. (2) Use CAR-CDR-ELIM, again, to replace I2 by (CONS I3 I4), (CAR I2) by I3 and (CDR I2) by I4. These steps produce the following goal. Subgoal *1/1''' (IMPLIES (AND (CONSP (CONS I3 I4)) (CONSP (LIST* I1 I3 I4)) (EVENNAT (PLUS J I4)) (EVENNAT I4) (EVENNAT J)) (EVENNAT (CONS NIL (PLUS J (CONS I3 I4))))). By the simple :rewrite rule PROBLEM-73A we reduce the conjecture to Subgoal *1/1'4' (IMPLIES (AND (CONSP (CONS I3 I4)) (CONSP (LIST* I1 I3 I4)) (EVENNAT (PLUS J I4)) (EVENNAT I4) (EVENNAT J)) (EVENNAT (LIST* NIL NIL (PLUS J I4)))). But simplification reduces this to T, using the :definition EVENNAT, primitive type reasoning, the :rewrite rules CDR-CONS and PROBLEM-73 and the :type-prescription rules EVENNAT and PLUS. That completes the proof of *1. Q.E.D. The storage of PROBLEM-81 depends upon the :type-prescription rule EVENNAT. Summary Form: ( DEFTHM PROBLEM-81 ...) Rules: ((:DEFINITION EVENNAT) (:DEFINITION NOT) (:DEFINITION PLUS) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION EVENNAT) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-70A) (:REWRITE PROBLEM-73) (:REWRITE PROBLEM-73A) (:TYPE-PRESCRIPTION EVENNAT) (:TYPE-PRESCRIPTION PLUS)) Warnings: None Time: 0.12 seconds (prove: 0.03, print: 0.07, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-81 ACL2 >>(DEFUN CC (X) (IF (CONSP X) (+ 1 (+ (CC (CAR X)) (CC (CDR X)))) 0)) The admission of CC is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of CC is described by the theorem (AND (INTEGERP (CC X)) (<= 0 (CC X))). We used primitive type reasoning. Summary Form: ( DEFUN CC ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) CC ACL2 >>(THEOREM PROBLEM-85 (AND (IMPLIES (CONSP X) (< (CC (CAR X)) (CC X))) (IMPLIES (CONSP X) (< (CC (CDR X)) (CC X)))) :RULE-CLASSES :LINEAR) [Note: A hint was supplied for our processing of the goal above. Thanks!] By case analysis we reduce the conjecture to the following two conjectures. Subgoal 2 (IMPLIES (CONSP X) (< (CC (CAR X)) (CC X))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal 2' (IMPLIES (CONSP (CONS X1 X2)) (< (CC X1) (CC (CONS X1 X2)))). This simplifies, using the :definition CC, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal 2'' (< (CC X1) (+ 1 (CC X1) (CC X2))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal 1 (IMPLIES (CONSP X) (< (CC (CDR X)) (CC X))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal 1' (IMPLIES (CONSP (CONS X1 X2)) (< (CC X2) (CC (CONS X1 X2)))). This simplifies, using the :definition CC, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal 1'' (< (CC X2) (+ 1 (CC X1) (CC X2))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Q.E.D. Summary Form: ( DEFTHM PROBLEM-85 ...) Rules: ((:DEFINITION CC) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.11 seconds (prove: 0.00, print: 0.11, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-85 ACL2 >>(THEOREM PROBLEM-87A (IMPLIES (MEM E X) (< (CC (RM E X)) (CC X))) :HINTS (("Goal" :INDUCT (CC X))) :RULE-CLASSES :LINEAR) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (CC X). This suggestion was produced using the :induction rule CC. If we let (:P E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E X)) (IMPLIES (AND (CONSP X) (:P E (CAR X)) (:P E (CDR X))) (:P E X))). This induction is justified by the same argument used to admit CC, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (IMPLIES (MEM E X) (< (CC (RM E X)) (CC X)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP X)) (MEM E X)) (< (CC (RM E X)) (CC X))). But simplification reduces this to T, using the :definition MEM. Subgoal *1/1 (IMPLIES (AND (CONSP X) (IMPLIES (MEM E (CAR X)) (< (CC (RM E (CAR X))) (CC (CAR X)))) (IMPLIES (MEM E (CDR X)) (< (CC (RM E (CDR X))) (CC (CDR X))))) (IMPLIES (MEM E X) (< (CC (RM E X)) (CC X)))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (IMPLIES (MEM E (CAR X)) (< (CC (RM E (CAR X))) (CC (CAR X)))) (IMPLIES (MEM E (CDR X)) (< (CC (RM E (CDR X))) (CC (CDR X)))) (MEM E X)) (< (CC (RM E X)) (CC X))). This simplifies, using the :definitions CC, MEM and RM and primitive type reasoning, to the following eight conjectures. Subgoal *1/1.8 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (NOT (MEM E (CDR X))) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1.7 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1.6 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1.5 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (< (CC (CONS (CAR X) (RM E (CDR X)))) (+ 1 (CC (CAR X)) (CC (CDR X))))). This simplifies, using the :definition CC, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/1.5' (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (< (+ 1 (CC (CAR X)) (CC (RM E (CDR X)))) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1.4 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (NOT (MEM E (CDR X))) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1.3 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (< (CC (CONS (CAR X) (RM E (CDR X)))) (+ 1 (CC (CAR X)) (CC (CDR X))))). This simplifies, using the :definition CC, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/1.1' (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (< (+ 1 (CC (CAR X)) (CC (RM E (CDR X)))) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-87A ...) Rules: ((:DEFINITION CC) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION RM) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION CC) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.14 seconds (prove: 0.04, print: 0.10, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-87A ACL2 >>(DEFUN F23 (E X) (DECLARE (XARGS :MEASURE (CC X))) (IF (MEM E X) (F23 E (RM E X)) 23)) For the admission of F23 we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (CC X). The non-trivial part of the measure conjecture is Goal (AND (O-P (CC X)) (IMPLIES (MEM E X) (O< (CC (RM E X)) (CC X)))). By case analysis we reduce the conjecture to the following two conjectures. Subgoal 2 (O-P (CC X)). But simplification reduces this to T, using the :definitions NATP, O-FINP and O-P, primitive type reasoning and the :type-prescription rule CC. Subgoal 1 (IMPLIES (MEM E X) (O< (CC (RM E X)) (CC X))). This simplifies, using the :definitions O-FINP and O< and the :type- prescription rule CC, to Subgoal 1' (IMPLIES (MEM E X) (< (CC (RM E X)) (CC X))). Name the formula above *1. Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. Subsumption reduces that number to two. These merge into one derived induction scheme. We will induct according to a scheme suggested by (CC X), but modified to accommodate (RM E X). These suggestions were produced using the :induction rules CC, MEM and RM. If we let (:P E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E X)) (IMPLIES (AND (CONSP X) (:P E (CAR X)) (:P E (CDR X))) (:P E X))). This induction is justified by the same argument used to admit CC, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following five nontautological subgoals. Subgoal *1/5 (IMPLIES (AND (NOT (CONSP X)) (MEM E X)) (< (CC (RM E X)) (CC X))). But simplification reduces this to T, using the :definition MEM. Subgoal *1/4 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E X)) (< (CC (RM E X)) (CC X))). This simplifies, using the :definitions CC, MEM and RM and primitive type reasoning, to the following three conjectures. Subgoal *1/4.3 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/4.2 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/4.1 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (< (CC (CONS (CAR X) (RM E (CDR X)))) (+ 1 (CC (CAR X)) (CC (CDR X))))). This simplifies, using the :definition CC, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/4.1' (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (< (+ 1 (CC (CAR X)) (CC (RM E (CDR X)))) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/3 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E X)) (< (CC (RM E X)) (CC X))). This simplifies, using the :definitions CC, MEM and RM and primitive type reasoning, to the following three conjectures. Subgoal *1/3.3 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/3.2 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/3.1 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (< (CC (CONS (CAR X) (RM E (CDR X)))) (+ 1 (CC (CAR X)) (CC (CDR X))))). This simplifies, using the :definition CC, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/3.1' (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (< (CC (RM E (CDR X))) (CC (CDR X))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (< (+ 1 (CC (CAR X)) (CC (RM E (CDR X)))) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/2 (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (NOT (MEM E (CDR X))) (MEM E X)) (< (CC (RM E X)) (CC X))). This simplifies, using the :definitions CC, MEM and RM and primitive type reasoning, to Subgoal *1/2' (IMPLIES (AND (CONSP X) (< (CC (RM E (CAR X))) (CC (CAR X))) (NOT (MEM E (CDR X))) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1 (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (NOT (MEM E (CDR X))) (MEM E X)) (< (CC (RM E X)) (CC X))). This simplifies, using the :definitions CC, MEM and RM and primitive type reasoning, to Subgoal *1/1' (IMPLIES (AND (CONSP X) (NOT (MEM E (CAR X))) (NOT (MEM E (CDR X))) (EQUAL E (CAR X))) (< (CC (CDR X)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. That completes the proof of *1. Q.E.D. That completes the proof of the measure theorem for F23. Thus, we admit this function under the principle of definition. We observe that the type of F23 is described by the theorem (AND (INTEGERP (F23 E X)) (< 0 (F23 E X))). Summary Form: ( DEFUN F23 ...) Rules: ((:DEFINITION CC) (:DEFINITION MEM) (:DEFINITION NATP) (:DEFINITION NOT) (:DEFINITION O-FINP) (:DEFINITION O-P) (:DEFINITION O<) (:DEFINITION RM) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION CC) (:INDUCTION MEM) (:INDUCTION RM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.19 seconds (prove: 0.04, print: 0.14, other: 0.01) F23 ACL2 >>(INCLUDE-BOOK "ordinals/ordinals" :DIR :SYSTEM) Summary Form: ( INCLUDE-BOOK "ordinals/ordinals" ...) Rules: NIL Warnings: None Time: 3.58 seconds (prove: 0.00, print: 0.00, other: 3.58) "/v/filer3/v0q004/acl2/v2-9/acl2-sources/books/ordinals/ordinals.lisp" ACL2 >>(DEFUN CHECK-ROW (ROW) (LET ((A (CAR ROW)) (B (CADR ROW))) (IF (AND (O-P A) (O-P B)) (IF (O< A B) 'A>(DEFUN CHECK-ALL-ROWS (TAB I) (IF (ENDP TAB) NIL (CONS (LIST I (CAR (CAR TAB)) (CADR (CAR TAB)) (CHECK-ROW (CAR TAB))) (CHECK-ALL-ROWS (CDR TAB) (+ 1 I))))) The admission of CHECK-ALL-ROWS is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT TAB). We observe that the type of CHECK-ALL-ROWS is described by the theorem (TRUE-LISTP (CHECK-ALL-ROWS TAB I)). We used primitive type reasoning. Summary Form: ( DEFUN CHECK-ALL-ROWS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.04 seconds (prove: 0.00, print: 0.00, other: 0.04) CHECK-ALL-ROWS ACL2 >>(THEOREM PROBLEM-90 (EQUAL (CHECK-ALL-ROWS (LIST (LIST 23 100) (LIST 1000000 (OMEGA)) (LIST (O^ (OMEGA) 2) (O* (OMEGA) 2)) (LIST (O+ (O* (O^ (OMEGA) 3) 5) (O* (O^ (OMEGA) 1) 25) 7) (O+ (O* (O^ (OMEGA) 3) 5) (O* (O^ (OMEGA) 2) 1) 3)) (LIST (O+ (O* (O^ (OMEGA) (O^ (OMEGA) 2)) 5) 3) (O+ (O* (O^ (OMEGA) (OMEGA)) 5) (O* (O^ (OMEGA) 1) 25) 7))) 1) '((1 23 100 A>(DEFUN M2 (I J) (CONS (CONS 1 (+ 1 I)) J)) Since M2 is non-recursive, its admission is trivial. We observe that the type of M2 is described by the theorem (CONSP (M2 I J)). We used primitive type reasoning. Summary Form: ( DEFUN M2 ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) M2 ACL2 >>(IN-THEORY (ENABLE O< O+ O* OMEGA (OMEGA) O-FIRST-COEFF O-FIRST-EXPT O-RST O-FINP O-P)) Summary Form: (IN-THEORY (ENABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 2479 ACL2 >>(THEOREM PROBLEM-91 (IMPLIES (AND (NATP I1) (NATP J1) (NATP I2) (NATP J2)) (AND (O-P (M2 I1 J1)) (IFF (O< (M2 I1 J1) (M2 I2 J2)) (IF (EQUAL I1 I2) (< J1 J2) (< I1 I2))))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] By the simple :definition M2 we reduce the conjecture to Goal' (IMPLIES (AND (NATP I1) (NATP J1) (NATP I2) (NATP J2)) (AND (O-P (CONS (CONS 1 (+ 1 I1)) J1)) (COND ((O< (CONS (CONS 1 (+ 1 I1)) J1) (CONS (CONS 1 (+ 1 I2)) J2)) (IF (EQUAL I1 I2) (< J1 J2) (< I1 I2))) ((IF (EQUAL I1 I2) (< J1 J2) (< I1 I2)) NIL) (T T)))). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR, O-FINP-CR and POSP-CR, the :definitions FIX, O-FIRST- COEFF, O-FIRST-EXPT, O-P, O-RST and O<, the :executable-counterparts of EQUAL, O-P and O<, primitive type reasoning, the :forward-chaining rules NATP-FC-1 and NATP-FC-2, the :meta rules CANCEL_PLUS-EQUAL-CORRECT and CANCEL_PLUS-LESSP-CORRECT and the :rewrite rules CAR-CONS, CDR- CONS, O-FIRST-EXPT-DEF-O-FINP and O-P-DEF-O-FINP-1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-91 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:COMPOUND-RECOGNIZER POSP-CR) (:DEFINITION FIX) (:DEFINITION IFF) (:DEFINITION M2) (:DEFINITION O-FIRST-COEFF) (:DEFINITION O-FIRST-EXPT) (:DEFINITION O-P) (:DEFINITION O-RST) (:DEFINITION O<) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART O-P) (:EXECUTABLE-COUNTERPART O<) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING NATP-FC-1) (:FORWARD-CHAINING NATP-FC-2) (:META CANCEL_PLUS-EQUAL-CORRECT) (:META CANCEL_PLUS-LESSP-CORRECT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE O-FIRST-EXPT-DEF-O-FINP) (:REWRITE O-P-DEF-O-FINP-1)) Warnings: None Time: 0.02 seconds (prove: 0.02, print: 0.00, other: 0.00) PROBLEM-91 ACL2 >>(THEOREM PROBLEM-95 (AND (O-P (CC X)) (IMPLIES (NOT (ATOM X)) (O< (CC (FIRST X)) (CC X))) (IMPLIES (NOT (ATOM X)) (O< (CC (REST X)) (CC X)))) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-85))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] By the simple :definition ATOM we reduce the conjecture to the following three conjectures. Subgoal 3 (O-P (CC X)). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR and O-FINP-CR, the :rewrite rule O-P-DEF-O-FINP-1 and the :type-prescription rule CC. Subgoal 2 (IMPLIES (CONSP X) (O< (CC (CAR X)) (CC X))). But simplification reduces this to T, using the :compound-recognizer rule O-FINP-CR, linear arithmetic, the :linear rule PROBLEM-85, the :rewrite rule O-FINP-< and the :type-prescription rule CC. Subgoal 1 (IMPLIES (CONSP X) (O< (CC (CDR X)) (CC X))). But simplification reduces this to T, using the :compound-recognizer rule O-FINP-CR, linear arithmetic, the :linear rule PROBLEM-85, the :rewrite rule O-FINP-< and the :type-prescription rule CC. Q.E.D. Summary Form: ( DEFTHM PROBLEM-95 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:DEFINITION ATOM) (:DEFINITION NOT) (:FAKE-RUNE-FOR-LINEAR NIL) (:LINEAR PROBLEM-85) (:REWRITE O-FINP-<) (:REWRITE O-P-DEF-O-FINP-1) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.09 seconds (prove: 0.07, print: 0.01, other: 0.01) PROBLEM-95 ACL2 >>(DEFUN ACK (X Y) (DECLARE (XARGS :MEASURE (M2 (NFIX Y) (NFIX X)))) (IF (ZP X) 1 (IF (ZP Y) (IF (EQUAL X 1) 2 (+ X 2)) (ACK (ACK (- X 1) Y) (- Y 1))))) For the admission of ACK we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (M2 (NFIX Y) (NFIX X)). The non-trivial part of the measure conjecture is Goal (AND (O-P (M2 (NFIX Y) (NFIX X))) (IMPLIES (AND (NOT (ZP X)) (NOT (ZP Y))) (O< (M2 (NFIX Y) (NFIX (+ -1 X))) (M2 (NFIX Y) (NFIX X)))) (IMPLIES (AND (NOT (ZP X)) (NOT (ZP Y))) (O< (M2 (NFIX (+ -1 Y)) (NFIX (ACK (+ -1 X) Y))) (M2 (NFIX Y) (NFIX X))))). By the simple :definition M2 we reduce the conjecture to the following three conjectures. Subgoal 3 (O-P (CONS (CONS 1 (+ 1 (NFIX Y))) (NFIX X))). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR, O-FINP-CR and POSP-CR, the :definitions NFIX, O-FIRST- COEFF, O-FIRST-EXPT, O-P and O-RST, the :executable-counterparts of EQUAL, O-P and O<, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS, O-FIRST-EXPT-DEF-O-FINP and O-P-DEF-O-FINP-1. Subgoal 2 (IMPLIES (AND (NOT (ZP X)) (NOT (ZP Y))) (O< (CONS (CONS 1 (+ 1 (NFIX Y))) (NFIX (+ -1 X))) (CONS (CONS 1 (+ 1 (NFIX Y))) (NFIX X)))). But simplification reduces this to T, using the :compound-recognizer rules O-FINP-CR and ZP-COMPOUND-RECOGNIZER, the :definitions NFIX, O-FIRST-COEFF, O-FIRST-EXPT, O-RST and O<, the :executable-counterpart of EQUAL, linear arithmetic, primitive type reasoning and the :rewrite rules <-+-NEGATIVE-0-1, CAR-CONS, CDR-CONS and O-FINP-<. Subgoal 1 (IMPLIES (AND (NOT (ZP X)) (NOT (ZP Y))) (O< (CONS (CONS 1 (+ 1 (NFIX (+ -1 Y)))) (NFIX (ACK (+ -1 X) Y))) (CONS (CONS 1 (+ 1 (NFIX Y))) (NFIX X)))). But simplification reduces this to T, using the :compound-recognizer rules O-FINP-CR and ZP-COMPOUND-RECOGNIZER, the :definitions FIX, NFIX, O-FIRST-COEFF, O-FIRST-EXPT and SYNP, the :executable-counterparts of BINARY-+ and EQUAL, linear arithmetic, primitive type reasoning and the :rewrite rules <-+-NEGATIVE-0-1, CAR-CONS, CDR-CONS, FOLD-CONSTS- IN-+, O-FIRST-COEFF-< and UNICITY-OF-0. Q.E.D. That completes the proof of the measure theorem for ACK. Thus, we admit this function under the principle of definition. We observe that the type of ACK is described by the theorem (AND (INTEGERP (ACK X Y)) (< 0 (ACK X Y))). We used the :compound- recognizer rule ZP-COMPOUND-RECOGNIZER and primitive type reasoning. Summary Form: ( DEFUN ACK ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:COMPOUND-RECOGNIZER POSP-CR) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION FIX) (:DEFINITION M2) (:DEFINITION NFIX) (:DEFINITION O-FIRST-COEFF) (:DEFINITION O-FIRST-EXPT) (:DEFINITION O-P) (:DEFINITION O-RST) (:DEFINITION O<) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART O-P) (:EXECUTABLE-COUNTERPART O<) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE <-+-NEGATIVE-0-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE FOLD-CONSTS-IN-+) (:REWRITE O-FINP-<) (:REWRITE O-FIRST-COEFF-<) (:REWRITE O-FIRST-EXPT-DEF-O-FINP) (:REWRITE O-P-DEF-O-FINP-1) (:REWRITE UNICITY-OF-0)) Warnings: None Time: 0.10 seconds (prove: 0.01, print: 0.05, other: 0.04) ACK ACL2 >>(DEFUN F1 (I J) (DECLARE (XARGS :MEASURE (IF (AND (NATP I) (NATP J) (< I J)) (- J I) 0))) (IF (AND (NATP I) (NATP J) (< I J)) (F1 (+ 1 I) J) 1)) For the admission of F1 we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (IF (AND (NATP I) (NATP J) (< I J)) (+ J (- I)) 0). The non-trivial part of the measure conjecture is Goal (AND (O-P (IF (AND (NATP I) (NATP J) (< I J)) (+ J (- I)) 0)) (IMPLIES (AND (NATP I) (NATP J) (< I J)) (O< (IF (AND (NATP (+ 1 I)) (NATP J) (< (+ 1 I) J)) (+ J (- (+ 1 I))) 0) (IF (AND (NATP I) (NATP J) (< I J)) (+ J (- I)) 0)))). By the :executable-counterpart of UNARY-- and the simple :rewrite rule DISTRIBUTIVITY-OF-MINUS-OVER-+ we reduce the conjecture to the following two conjectures. Subgoal 2 (O-P (IF (AND (NATP I) (NATP J) (< I J)) (+ J (- I)) 0)). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR and O-FINP-CR, the :rewrite rules COMMUTATIVITY-OF-+ and O-P-DEF-O-FINP-1 and the :type-prescription rule |x < y => 0 < -x+y|. Subgoal 1 (IMPLIES (AND (NATP I) (NATP J) (< I J)) (O< (IF (AND (NATP (+ 1 I)) (NATP J) (< (+ 1 I) J)) (+ J -1 (- I)) 0) (IF (AND (NATP I) (NATP J) (< I J)) (+ J (- I)) 0))). This simplifies, using the :compound-recognizer rules NATP-CR and O- FINP-CR, the :definition O<, primitive type reasoning, the :forward- chaining rules NATP-FC-1 and NATP-FC-2, the :rewrite rules COMMUTATIVITY- 2-OF-+ and COMMUTATIVITY-OF-+ and the :type-prescription rule |x < y => 0 < -x+y|, to the following two conjectures. Subgoal 1.2 (IMPLIES (AND (NATP I) (NATP J) (< I J) (< (+ 1 I) J)) (< (+ -1 (- I) J) (+ (- I) J))). But simplification reduces this to T, using linear arithmetic. Subgoal 1.1 (IMPLIES (AND (NATP I) (NATP J) (< I J) (<= J (+ 1 I))) (< 0 (+ (- I) J))). But we reduce the conjecture to T, by the simple :rewrite rule <-0- +-NEGATIVE-1. Q.E.D. That completes the proof of the measure theorem for F1. Thus, we admit this function under the principle of definition. We observe that the type of F1 is described by the theorem (AND (INTEGERP (F1 I J)) (< 0 (F1 I J))). Summary Form: ( DEFUN F1 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:DEFINITION NOT) (:DEFINITION O<) (:EXECUTABLE-COUNTERPART UNARY--) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING NATP-FC-1) (:FORWARD-CHAINING NATP-FC-2) (:REWRITE <-0-+-NEGATIVE-1) (:REWRITE COMMUTATIVITY-2-OF-+) (:REWRITE COMMUTATIVITY-OF-+) (:REWRITE DISTRIBUTIVITY-OF-MINUS-OVER-+) (:REWRITE O-P-DEF-O-FINP-1) (:TYPE-PRESCRIPTION |x < y => 0 < -x+y|)) Warnings: None Time: 0.08 seconds (prove: 0.01, print: 0.06, other: 0.01) F1 ACL2 >>(DEFUN F2 (X) (DECLARE (XARGS :MEASURE (IF (EQUAL X NIL) 0 (+ 1 (CC X))))) (IF (EQUAL X NIL) 2 (AND (F2 (CAR X)) (F2 (CDR X))))) For the admission of F2 we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (IF (EQUAL X NIL) 0 (+ 1 (CC X))). The non-trivial part of the measure conjecture is Goal (AND (O-P (IF (EQUAL X NIL) 0 (+ 1 (CC X)))) (IMPLIES X (O< (IF (EQUAL (CAR X) NIL) 0 (+ 1 (CC (CAR X)))) (IF (EQUAL X NIL) 0 (+ 1 (CC X))))) (IMPLIES (AND X (F2 (CAR X))) (O< (IF (EQUAL (CDR X) NIL) 0 (+ 1 (CC (CDR X)))) (IF (EQUAL X NIL) 0 (+ 1 (CC X)))))). By case analysis we reduce the conjecture to the following three conjectures. Subgoal 3 (O-P (IF (EQUAL X NIL) 0 (+ 1 (CC X)))). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR and O-FINP-CR, primitive type reasoning, the :rewrite rule O-P-DEF-O-FINP-1 and the :type-prescription rule CC. Subgoal 2 (IMPLIES X (O< (IF (EQUAL (CAR X) NIL) 0 (+ 1 (CC (CAR X)))) (IF (EQUAL X NIL) 0 (+ 1 (CC X))))). This simplifies, using the :compound-recognizer rule O-FINP-CR, the :definition O<, primitive type reasoning and the :type-prescription rule CC, to the following two conjectures. Subgoal 2.2 (IMPLIES (AND X (CAR X)) (< (+ 1 (CC (CAR X))) (+ 1 (CC X)))). This simplifies, using the :meta rule CANCEL_PLUS-LESSP-CORRECT, to Subgoal 2.2' (IMPLIES (CAR X) (< (CC (CAR X)) (CC X))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following two goals. Subgoal 2.2.2 (IMPLIES (AND (NOT (CONSP X)) (CAR X)) (< (CC (CAR X)) (CC X))). But we reduce the conjecture to T, by case analysis. Subgoal 2.2.1 (IMPLIES (AND (CONSP (CONS X1 X2)) X1) (< (CC X1) (CC (CONS X1 X2)))). This simplifies, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT and the :rewrite rules CAR- CONS and CDR-CONS, to Subgoal 2.2.1' (IMPLIES X1 (< 0 (+ 1 (CC X2)))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal 2.1 (IMPLIES (AND X (NOT (CAR X))) (< 0 (+ 1 (CC X)))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal 1 (IMPLIES (AND X (F2 (CAR X))) (O< (IF (EQUAL (CDR X) NIL) 0 (+ 1 (CC (CDR X)))) (IF (EQUAL X NIL) 0 (+ 1 (CC X))))). This simplifies, using the :compound-recognizer rule O-FINP-CR, the :definitions CC and O<, primitive type reasoning and the :type-prescription rule CC, to the following three conjectures. Subgoal 1.3 (IMPLIES (AND X (F2 (CAR X)) (CDR X) (CONSP X)) (< (+ 1 (CC (CDR X))) (+ 1 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal 1.2 (IMPLIES (AND X (F2 (CAR X)) (NOT (CDR X)) (CONSP X)) (< 0 (+ 1 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal 1.1 (IMPLIES (AND X (F2 (CAR X)) (CDR X) (NOT (CONSP X))) (< (+ 1 (CC (CDR X))) 1)). But simplification reduces this to T, using primitive type reasoning. Q.E.D. That completes the proof of the measure theorem for F2. Thus, we admit this function under the principle of definition. We observe that the type of F2 is described by the theorem (AND (INTEGERP (F2 X)) (< 0 (F2 X))). Summary Form: ( DEFUN F2 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:DEFINITION CC) (:DEFINITION NOT) (:DEFINITION O<) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:META CANCEL_PLUS-LESSP-CORRECT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE O-P-DEF-O-FINP-1) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.26 seconds (prove: 0.15, print: 0.09, other: 0.02) F2 ACL2 >>(DEFUN F3 (X Y) (DECLARE (XARGS :MEASURE (+ (CC X) (CC Y)))) (IF (AND (ENDP X) (ENDP Y)) 3 (F3 (CDR X) (CDR Y)))) For the admission of F3 we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (+ (CC X) (CC Y)). The non-trivial part of the measure conjecture is Goal (AND (O-P (+ (CC X) (CC Y))) (IMPLIES (NOT (AND (ENDP X) (ENDP Y))) (O< (+ (CC (CDR X)) (CC (CDR Y))) (+ (CC X) (CC Y))))). By case analysis we reduce the conjecture to the following two conjectures. Subgoal 2 (O-P (+ (CC X) (CC Y))). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR and O-FINP-CR, primitive type reasoning, the :rewrite rule O-P-DEF-O-FINP-1 and the :type-prescription rule CC. Subgoal 1 (IMPLIES (NOT (AND (ENDP X) (ENDP Y))) (O< (+ (CC (CDR X)) (CC (CDR Y))) (+ (CC X) (CC Y)))). This simplifies, using the :compound-recognizer rule O-FINP-CR, the :definitions ENDP and O<, primitive type reasoning and the :type-prescription rule CC, to the following two conjectures. Subgoal 1.2 (IMPLIES (CONSP X) (< (+ (CC (CDR X)) (CC (CDR Y))) (+ (CC X) (CC Y)))). The destructor terms (CAR Y) and (CDR Y) can be eliminated by using CAR-CDR-ELIM to replace Y by (CONS Y1 Y2), (CAR Y) by Y1 and (CDR Y) by Y2. This produces the following two goals. Subgoal 1.2.2 (IMPLIES (AND (NOT (CONSP Y)) (CONSP X)) (< (+ (CC (CDR X)) (CC (CDR Y))) (+ (CC X) (CC Y)))). This simplifies, using the :definitions CC and FIX, the :executable- counterpart of CC, the :rewrite rules COMMUTATIVITY-OF-+, DEFAULT-CDR and UNICITY-OF-0 and the :type-prescription rule CC, to Subgoal 1.2.2' (IMPLIES (AND (NOT (CONSP Y)) (CONSP X)) (< (CC (CDR X)) (CC X))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal 1.2.2'' (IMPLIES (AND (CONSP (CONS X1 X2)) (NOT (CONSP Y))) (< (CC X2) (CC (CONS X1 X2)))). This simplifies, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT and the :rewrite rules CAR- CONS and CDR-CONS, to Subgoal 1.2.2''' (IMPLIES (NOT (CONSP Y)) (< 0 (+ 1 (CC X1)))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal 1.2.1 (IMPLIES (AND (CONSP (CONS Y1 Y2)) (CONSP X)) (< (+ (CC (CDR X)) (CC Y2)) (+ (CC X) (CC (CONS Y1 Y2))))). This simplifies, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT and the :rewrite rules CAR- CONS, CDR-CONS, COMMUTATIVITY-2-OF-+ and COMMUTATIVITY-OF-+, to Subgoal 1.2.1' (IMPLIES (CONSP X) (< (CC (CDR X)) (+ 1 (CC X) (CC Y1)))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal 1.2.1'' (IMPLIES (CONSP (CONS X1 X2)) (< (CC X2) (+ 1 (CC (CONS X1 X2)) (CC Y1)))). This simplifies, using the :definitions CC and SYNP, the :executable- counterpart of BINARY-+, primitive type reasoning, the :meta rule CANCEL_- PLUS-LESSP-CORRECT and the :rewrite rules CAR-CONS, CDR-CONS, COMMUTATIVITY- 2-OF-+, COMMUTATIVITY-OF-+ and FOLD-CONSTS-IN-+, to Subgoal 1.2.1''' (< 0 (+ 2 (CC X1) (CC Y1))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal 1.1 (IMPLIES (CONSP Y) (< (+ (CC (CDR X)) (CC (CDR Y))) (+ (CC X) (CC Y)))). The destructor terms (CAR Y) and (CDR Y) can be eliminated by using CAR-CDR-ELIM to replace Y by (CONS Y1 Y2), (CAR Y) by Y1 and (CDR Y) by Y2. This produces the following goal. Subgoal 1.1' (IMPLIES (CONSP (CONS Y1 Y2)) (< (+ (CC (CDR X)) (CC Y2)) (+ (CC X) (CC (CONS Y1 Y2))))). This simplifies, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT and the :rewrite rules CAR- CONS, CDR-CONS, COMMUTATIVITY-2-OF-+ and COMMUTATIVITY-OF-+, to Subgoal 1.1'' (< (CC (CDR X)) (+ 1 (CC X) (CC Y1))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following two goals. Subgoal 1.1.2 (IMPLIES (NOT (CONSP X)) (< (CC (CDR X)) (+ 1 (CC X) (CC Y1)))). This simplifies, using the :definitions CC and FIX, the :executable- counterpart of CC, the :rewrite rules DEFAULT-CDR and UNICITY-OF-0 and the :type-prescription rule CC, to Subgoal 1.1.2' (IMPLIES (NOT (CONSP X)) (< 0 (+ 1 (CC Y1)))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal 1.1.1 (IMPLIES (CONSP (CONS X1 X2)) (< (CC X2) (+ 1 (CC (CONS X1 X2)) (CC Y1)))). This simplifies, using the :definitions CC and SYNP, the :executable- counterpart of BINARY-+, primitive type reasoning, the :meta rule CANCEL_- PLUS-LESSP-CORRECT and the :rewrite rules CAR-CONS, CDR-CONS, COMMUTATIVITY- 2-OF-+, COMMUTATIVITY-OF-+ and FOLD-CONSTS-IN-+, to Subgoal 1.1.1' (< 0 (+ 2 (CC X1) (CC Y1))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Q.E.D. That completes the proof of the measure theorem for F3. Thus, we admit this function under the principle of definition. We observe that the type of F3 is described by the theorem (AND (INTEGERP (F3 X Y)) (< 0 (F3 X Y))). We used primitive type reasoning. Summary Form: ( DEFUN F3 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:DEFINITION CC) (:DEFINITION ENDP) (:DEFINITION FIX) (:DEFINITION O<) (:DEFINITION SYNP) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CC) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:META CANCEL_PLUS-LESSP-CORRECT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE COMMUTATIVITY-2-OF-+) (:REWRITE COMMUTATIVITY-OF-+) (:REWRITE DEFAULT-CDR) (:REWRITE FOLD-CONSTS-IN-+) (:REWRITE O-P-DEF-O-FINP-1) (:REWRITE UNICITY-OF-0) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.29 seconds (prove: 0.04, print: 0.24, other: 0.01) F3 ACL2 >>(ENCAPSULATE ((P (X) T) (DN (X) T) (UP (X) T) (M (X) T)) (LOCAL (DEFUN P (X) (NOT (ZP X)))) (LOCAL (DEFUN DN (X) (- X 1))) (LOCAL (DEFUN UP (X) X)) (LOCAL (DEFUN M (X) (ACL2-COUNT X))) (THEOREM PROBLEM-101A (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X)))))) To verify that the five encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 >>(LOCAL (DEFUN P (X) (NOT (ZP X)))) Since P is non-recursive, its admission is trivial. We observe that the type of P is described by the theorem (OR (EQUAL (P X) T) (EQUAL (P X) NIL)). Summary Form: ( DEFUN P ...) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) P ACL2 >>(LOCAL (DEFUN DN (X) (- X 1))) Since DN is non-recursive, its admission is trivial. We observe that the type of DN is described by the theorem (ACL2-NUMBERP (DN X)). We used primitive type reasoning. Summary Form: ( DEFUN DN ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) DN ACL2 >>(LOCAL (DEFUN UP (X) X)) Since UP is non-recursive, its admission is trivial. We observe that the type of UP is described by the theorem (EQUAL (UP X) X). Summary Form: ( DEFUN UP ...) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) UP ACL2 >>(LOCAL (DEFUN M (X) (ACL2-COUNT X))) Since M is non-recursive, its admission is trivial. We observe that the type of M is described by the theorem (AND (INTEGERP (M X)) (<= 0 (M X))). We used the :type-prescription rule ACL2-COUNT. Summary Form: ( DEFUN M ...) Rules: ((:TYPE-PRESCRIPTION ACL2-COUNT)) Warnings: None Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) M ACL2 >>(THEOREM PROBLEM-101A (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X))))) ACL2 Warning [Non-rec] in ( DEFTHM PROBLEM-101A ...): The :REWRITE rule generated from PROBLEM-101A will be triggered only by terms containing the non-recursive function symbol M. Unless this function is disabled, PROBLEM-101A is unlikely ever to be used. ACL2 Warning [Non-rec] in ( DEFTHM PROBLEM-101A ...): The :REWRITE rule generated from PROBLEM-101A will be triggered only by terms containing the non-recursive function symbols DN and M. Unless these functions are disabled, PROBLEM-101A is unlikely ever to be used. [Note: A hint was supplied for our processing of the goal above. Thanks!] By the simple :definitions DN, M and P we reduce the conjecture to the following two conjectures. Subgoal 2 (O-P (ACL2-COUNT X)). But we reduce the conjecture to T, by case analysis. Subgoal 1 (IMPLIES (NOT (ZP X)) (O< (ACL2-COUNT (+ -1 X)) (ACL2-COUNT X))). But we reduce the conjecture to T, by case analysis. Q.E.D. The storage of PROBLEM-101A depends upon the :type-prescription rules O-P and O<. Summary Form: ( DEFTHM PROBLEM-101A ...) Rules: ((:DEFINITION DN) (:DEFINITION M) (:DEFINITION P) (:TYPE-PRESCRIPTION O-P) (:TYPE-PRESCRIPTION O<)) Warnings: Non-rec Time: 0.02 seconds (prove: 0.00, print: 0.01, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-101A End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. The following constraint is associated with every one of the functions P, DN, UP and M: (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X)))) Summary Form: ( ENCAPSULATE ((P ...) ...) ...) Rules: NIL Warnings: Non-rec Time: 0.09 seconds (prove: 0.00, print: 0.02, other: 0.07) T ACL2 >>(THEOREM PROBLEM-101B (IMPLIES (P X) (NOT (EQUAL (M X) 0))) :HINTS (("Goal" :USE ((:INSTANCE PROBLEM-101A (X X)) (:INSTANCE PROBLEM-101A (X (DN X))))))) [Note: A hint was supplied for our processing of the goal above. Thanks!] We now augment the goal above by adding the hypotheses indicated by the :USE hint. These hypotheses can be derived from PROBLEM-101A via instantiation. The augmented goal is shown below. Goal' (IMPLIES (AND (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X)))) (AND (O-P (M (DN X))) (IMPLIES (P (DN X)) (O< (M (DN (DN X))) (M (DN X)))))) (IMPLIES (P X) (NOT (EQUAL (M X) 0)))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X))) (O-P (M (DN X))) (IMPLIES (P (DN X)) (O< (M (DN (DN X))) (M (DN X)))) (P X)) (NOT (EQUAL (M X) 0))). But simplification reduces this to T, using the :executable-counterparts of NOT and O-P, the :rewrite rule |~(a<0)| and the :type-prescription rule O-P. Q.E.D. Summary Form: ( DEFTHM PROBLEM-101B ...) Rules: ((:DEFINITION NOT) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART O-P) (:REWRITE |~(a<0)|) (:TYPE-PRESCRIPTION O-P)) Warnings: None Time: 0.04 seconds (prove: 0.03, print: 0.01, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-101B ACL2 >>(THEOREM PROBLEM-101C (OR (CONSP (M X)) (AND (INTEGERP (M X)) (<= 0 (M X)))) :RULE-CLASSES :TYPE-PRESCRIPTION :HINTS (("Goal" :USE ((:INSTANCE PROBLEM-101A (X X)) (:INSTANCE PROBLEM-101A (X (DN X))))))) ACL2 Observation in ( DEFTHM PROBLEM-101C ...): Our heuristics choose (M X) as the :TYPED-TERM. [Note: A hint was supplied for our processing of the goal above. Thanks!] We now augment the goal above by adding the hypotheses indicated by the :USE hint. These hypotheses can be derived from PROBLEM-101A via instantiation. The augmented goal is shown below. Goal' (IMPLIES (AND (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X)))) (AND (O-P (M (DN X))) (IMPLIES (P (DN X)) (O< (M (DN (DN X))) (M (DN X)))))) (OR (CONSP (M X)) (AND (INTEGERP (M X)) (<= 0 (M X))))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X))) (O-P (M (DN X))) (IMPLIES (P (DN X)) (O< (M (DN (DN X))) (M (DN X))))) (OR (CONSP (M X)) (AND (INTEGERP (M X)) (<= 0 (M X))))). But simplification reduces this to T, using the :compound-recognizer rule NATP-CR, primitive type reasoning and the :rewrite rule O-P-DEF- O-FINP-1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-101C ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:DEFINITION NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE O-P-DEF-O-FINP-1)) Warnings: None Time: 0.02 seconds (prove: 0.01, print: 0.01, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-101C ACL2 >>(THEOREM PROBLEM-101D (IMPLIES (P X) (NOT (EQUAL (M (DN X)) (M X)))) :HINTS (("Goal" :USE ((:INSTANCE PROBLEM-101A (X X)) (:INSTANCE PROBLEM-101A (X (DN X))))))) [Note: A hint was supplied for our processing of the goal above. Thanks!] We now augment the goal above by adding the hypotheses indicated by the :USE hint. These hypotheses can be derived from PROBLEM-101A via instantiation. The augmented goal is shown below. Goal' (IMPLIES (AND (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X)))) (AND (O-P (M (DN X))) (IMPLIES (P (DN X)) (O< (M (DN (DN X))) (M (DN X)))))) (IMPLIES (P X) (NOT (EQUAL (M (DN X)) (M X))))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (O-P (M X)) (IMPLIES (P X) (O< (M (DN X)) (M X))) (O-P (M (DN X))) (IMPLIES (P (DN X)) (O< (M (DN (DN X))) (M (DN X)))) (P X)) (NOT (EQUAL (M (DN X)) (M X)))). But simplification reduces this to T, using primitive type reasoning, the :forward-chaining rules |a <= b => (a < b <=> ~(a = b))|, |a <= b / b <= c => a <= c| and |a = b => (a <= b)| and the :type- prescription rules O-P and O<. Q.E.D. Summary Form: ( DEFTHM PROBLEM-101D ...) Rules: ((:DEFINITION NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING |a <= b => (a < b <=> ~(a = b))|) (:FORWARD-CHAINING |a <= b / b <= c => a <= c|) (:FORWARD-CHAINING |a = b => (a <= b)|) (:TYPE-PRESCRIPTION O-P) (:TYPE-PRESCRIPTION O<)) Warnings: None Time: 0.10 seconds (prove: 0.09, print: 0.01, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-101D ACL2 >>(DEFUN F4 (X Y Q) (DECLARE (XARGS :MEASURE (IF Q (IF (EQUAL (M X) 0) 1 (MAKE-ORD (M X) 1 1)) (IF (EQUAL (M Y) 0) 2 (MAKE-ORD (M Y) 1 2))) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-101A PROBLEM-101B))))) (IF (P X) (IF Q (F4 Y (DN X) (NOT Q)) (F4 Y (UP X) (NOT Q))) 4)) For the admission of F4 we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (COND (Q (IF (EQUAL (M X) 0) 1 (MAKE-ORD (M X) 1 1))) ((EQUAL (M Y) 0) 2) (T (MAKE-ORD (M Y) 1 2))). The non-trivial part of the measure conjecture is Goal (AND (O-P (COND (Q (IF (EQUAL (M X) 0) 1 (MAKE-ORD (M X) 1 1))) ((EQUAL (M Y) 0) 2) (T (MAKE-ORD (M Y) 1 2)))) (IMPLIES (AND (P X) (NOT Q)) (O< (COND ((NOT Q) (IF (EQUAL (M Y) 0) 1 (MAKE-ORD (M Y) 1 1))) ((EQUAL (M (UP X)) 0) 2) (T (MAKE-ORD (M (UP X)) 1 2))) (COND (Q (IF (EQUAL (M X) 0) 1 (MAKE-ORD (M X) 1 1))) ((EQUAL (M Y) 0) 2) (T (MAKE-ORD (M Y) 1 2))))) (IMPLIES (AND (P X) Q) (O< (COND ((NOT Q) (IF (EQUAL (M Y) 0) 1 (MAKE-ORD (M Y) 1 1))) ((EQUAL (M (DN X)) 0) 2) (T (MAKE-ORD (M (DN X)) 1 2))) (COND (Q (IF (EQUAL (M X) 0) 1 (MAKE-ORD (M X) 1 1))) ((EQUAL (M Y) 0) 2) (T (MAKE-ORD (M Y) 1 2)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] By case analysis we reduce the conjecture to the following three conjectures. Subgoal 3 (O-P (COND (Q (IF (EQUAL (M X) 0) 1 (MAKE-ORD (M X) 1 1))) ((EQUAL (M Y) 0) 2) (T (MAKE-ORD (M Y) 1 2)))). This simplifies, using trivial observations, to the following four conjectures. Subgoal 3.4 (IMPLIES (AND Q (EQUAL (M X) 0)) (O-P 1)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 3.3 (IMPLIES (AND Q (NOT (EQUAL (M X) 0))) (O-P (MAKE-ORD (M X) 1 1))). But simplification reduces this to T, using the :executable-counterparts of NOT, O-FIRST-EXPT, O-P and POSP, primitive type reasoning and the :rewrite rules |0 < a = ~(a = 0)|, MAKE-ORD-O-P and PROBLEM-101A. Subgoal 3.2 (IMPLIES (AND (NOT Q) (EQUAL (M Y) 0)) (O-P 2)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 3.1 (IMPLIES (AND (NOT Q) (NOT (EQUAL (M Y) 0))) (O-P (MAKE-ORD (M Y) 1 2))). But simplification reduces this to T, using the :executable-counterparts of NOT, O-FIRST-EXPT, O-P and POSP, primitive type reasoning and the :rewrite rules |0 < a = ~(a = 0)|, MAKE-ORD-O-P and PROBLEM-101A. Subgoal 2 (IMPLIES (AND (P X) (NOT Q)) (O< (COND ((NOT Q) (IF (EQUAL (M Y) 0) 1 (MAKE-ORD (M Y) 1 1))) ((EQUAL (M (UP X)) 0) 2) (T (MAKE-ORD (M (UP X)) 1 2))) (COND (Q (IF (EQUAL (M X) 0) 1 (MAKE-ORD (M X) 1 1))) ((EQUAL (M Y) 0) 2) (T (MAKE-ORD (M Y) 1 2))))). This simplifies, using the :executable-counterpart of NOT, to the following two conjectures. Subgoal 2.2 (IMPLIES (AND (P X) (EQUAL (M Y) 0)) (O< 1 2)). But we reduce the conjecture to T, by the :executable-counterpart of O<. Subgoal 2.1 (IMPLIES (AND (P X) (NOT (EQUAL (M Y) 0))) (O< (MAKE-ORD (M Y) 1 1) (MAKE-ORD (M Y) 1 2))). But simplification reduces this to T, using the :executable-counterpart of O< and the :rewrite rule O-RST-<. Subgoal 1 (IMPLIES (AND (P X) Q) (O< (COND ((NOT Q) (IF (EQUAL (M Y) 0) 1 (MAKE-ORD (M Y) 1 1))) ((EQUAL (M (DN X)) 0) 2) (T (MAKE-ORD (M (DN X)) 1 2))) (COND (Q (IF (EQUAL (M X) 0) 1 (MAKE-ORD (M X) 1 1))) ((EQUAL (M Y) 0) 2) (T (MAKE-ORD (M Y) 1 2))))). This simplifies, using the :congruence rule IFF-IMPLIES-EQUAL-NOT, the :executable-counterpart of NOT and the :rewrite rule PROBLEM-101B, to the following two conjectures. Subgoal 1.2 (IMPLIES (AND (P X) (EQUAL (M (DN X)) 0)) (O< 2 (MAKE-ORD (M X) 1 1))). But simplification reduces this to T, using the :compound-recognizer rule O-FINP-CR, primitive type reasoning, the :rewrite rule AC-< and the :type-prescription rule MAKE-ORD. Subgoal 1.1 (IMPLIES (AND (P X) (NOT (EQUAL (M (DN X)) 0))) (O< (MAKE-ORD (M (DN X)) 1 2) (MAKE-ORD (M X) 1 1))). But simplification reduces this to T, using the :executable-counterparts of NOT, O-FIRST-EXPT, O-P and POSP, primitive type reasoning and the :rewrite rules |0 < a = ~(a = 0)|, MAKE-ORD-O-FIRST-EXPT, MAKE-ORD- O-P, O-FIRST-EXPT-< and PROBLEM-101A. Q.E.D. That completes the proof of the measure theorem for F4. Thus, we admit this function under the principle of definition. We observe that the type of F4 is described by the theorem (AND (INTEGERP (F4 X Y Q)) (< 0 (F4 X Y Q))). Summary Form: ( DEFUN F4 ...) Rules: ((:COMPOUND-RECOGNIZER O-FINP-CR) (:CONGRUENCE IFF-IMPLIES-EQUAL-NOT) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART O-FIRST-EXPT) (:EXECUTABLE-COUNTERPART O-P) (:EXECUTABLE-COUNTERPART O<) (:EXECUTABLE-COUNTERPART POSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE |0 < a = ~(a = 0)|) (:REWRITE AC-<) (:REWRITE MAKE-ORD-O-FIRST-EXPT) (:REWRITE MAKE-ORD-O-P) (:REWRITE O-FIRST-EXPT-<) (:REWRITE O-RST-<) (:REWRITE PROBLEM-101A) (:REWRITE PROBLEM-101B) (:TYPE-PRESCRIPTION MAKE-ORD)) Warnings: None Time: 0.51 seconds (prove: 0.42, print: 0.06, other: 0.03) F4 ACL2 >>(THEOREM PROBLEM-102 (EQUAL (F1 I J) 1) :HINTS (("Goal" :INDUCT (F1 I J)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (F1 I J). This suggestion was produced using the :induction rule F1. If we let (:P I J) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (AND (NATP I) (NATP J) (< I J))) (:P I J)) (IMPLIES (AND (AND (NATP I) (NATP J) (< I J)) (:P (+ 1 I) J)) (:P I J))). This induction is justified by the same argument used to admit F1, namely, the measure (IF (IF (NATP I) (IF (NATP J) (< I J) 'NIL) 'NIL) (BINARY-+ J (UNARY-- I)) '0) is decreasing according to the relation O< (which is known to be well- founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (AND (NATP I) (NATP J) (< I J))) (EQUAL (F1 I J) 1)). But simplification reduces this to T, using the :compound-recognizer rule NATP-CR, the :definition F1 and the :executable-counterpart of EQUAL. Subgoal *1/1 (IMPLIES (AND (AND (NATP I) (NATP J) (< I J)) (EQUAL (F1 (+ 1 I) J) 1)) (EQUAL (F1 I J) 1)). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (NATP I) (NATP J) (< I J) (EQUAL (F1 (+ 1 I) J) 1)) (EQUAL (F1 I J) 1)). But simplification reduces this to T, using the :compound-recognizer rule NATP-CR, the :definition F1, the :executable-counterpart of EQUAL and the :forward-chaining rules NATP-FC-1 and NATP-FC-2. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-102 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:DEFINITION F1) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART EQUAL) (:FORWARD-CHAINING NATP-FC-1) (:FORWARD-CHAINING NATP-FC-2) (:INDUCTION F1)) Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.02, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-102 ACL2 >>(THEOREM PROBLEM-103 (EQUAL (F2 X) 2) :HINTS (("Goal" :INDUCT (F2 X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (F2 X). This suggestion was produced using the :induction rule F2. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND X (NOT (F2 (CAR X))) (:P (CAR X))) (:P X)) (IMPLIES (AND X (F2 (CAR X)) (:P (CAR X)) (:P (CDR X))) (:P X)) (IMPLIES (NOT X) (:P X))). This induction is justified by the same argument used to admit F2, namely, the measure (IF (EQUAL X 'NIL) '0 (BINARY-+ '1 (CC X))) is decreasing according to the relation O< (which is known to be well- founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following three nontautologica\ l subgoals. Subgoal *1/3 (IMPLIES (AND X (NOT (F2 (CAR X))) (EQUAL (F2 (CAR X)) 2)) (EQUAL (F2 X) 2)). But we reduce the conjecture to T, by the :type-prescription rule F2. Subgoal *1/2 (IMPLIES (AND X (F2 (CAR X)) (EQUAL (F2 (CAR X)) 2) (EQUAL (F2 (CDR X)) 2)) (EQUAL (F2 X) 2)). But simplification reduces this to T, using the :definition F2, the :executable-counterparts of EQUAL and NOT and primitive type reasoning. Subgoal *1/1 (IMPLIES (NOT X) (EQUAL (F2 X) 2)). But simplification reduces this to T, using the :executable-counterparts of EQUAL and F2. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-103 ...) Rules: ((:DEFINITION F2) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART F2) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION F2) (:TYPE-PRESCRIPTION F2)) Warnings: None Time: 0.09 seconds (prove: 0.02, print: 0.07, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-103 ACL2 >>(THEOREM PROBLEM-104 (EQUAL (F3 X Y) 3) :HINTS (("Goal" :INDUCT (F3 X Y)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (F3 X Y). This suggestion was produced using the :induction rule F3. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (AND (ENDP X) (ENDP Y))) (:P (CDR X) (CDR Y))) (:P X Y)) (IMPLIES (AND (ENDP X) (ENDP Y)) (:P X Y))). This induction is justified by the same argument used to admit F3, namely, the measure (BINARY-+ (CC X) (CC Y)) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (AND (NOT (AND (ENDP X) (ENDP Y))) (EQUAL (F3 (CDR X) (CDR Y)) 3)) (EQUAL (F3 X Y) 3)). This simplifies, using the :definitions ENDP and F3 and the :executable- counterpart of EQUAL, to Subgoal *1/2' (IMPLIES (AND (CONSP Y) (EQUAL (F3 (CDR X) (CDR Y)) 3) (NOT (CONSP X))) (EQUAL (F3 NIL (CDR Y)) 3)). But simplification reduces this to T, using the :rewrite rule DEFAULT- CDR. Subgoal *1/1 (IMPLIES (AND (ENDP X) (ENDP Y)) (EQUAL (F3 X Y) 3)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (NOT (CONSP X)) (NOT (CONSP Y))) (EQUAL (F3 X Y) 3)). But simplification reduces this to T, using the :definition F3 and the :executable-counterpart of EQUAL. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-104 ...) Rules: ((:DEFINITION ENDP) (:DEFINITION F3) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART EQUAL) (:INDUCTION F3) (:REWRITE DEFAULT-CDR)) Warnings: None Time: 0.05 seconds (prove: 0.00, print: 0.05, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-104 ACL2 >>(THEOREM PROBLEM-105 (EQUAL (F4 X Y Q) 4) :HINTS (("Goal" :INDUCT (F4 X Y Q)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (F4 X Y Q). This suggestion was produced using the :induction rule F4. If we let (:P Q X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (P X)) (:P Q X Y)) (IMPLIES (AND (P X) (NOT Q) (:P (NOT Q) Y (UP X))) (:P Q X Y)) (IMPLIES (AND (P X) Q (:P (NOT Q) Y (DN X))) (:P Q X Y))). This induction is justified by the same argument used to admit F4, namely, the measure (IF Q (IF (EQUAL (M X) '0) '1 (MAKE-ORD (M X) '1 '1)) (IF (EQUAL (M Y) '0) '2 (MAKE-ORD (M Y) '1 '2))) is decreasing according to the relation O< (which is known to be well- founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following three nontautologica\ l subgoals. Subgoal *1/3 (IMPLIES (NOT (P X)) (EQUAL (F4 X Y Q) 4)). But simplification reduces this to T, using the :definition F4 and the :executable-counterpart of EQUAL. Subgoal *1/2 (IMPLIES (AND (P X) (NOT Q) (EQUAL (F4 Y (UP X) (NOT Q)) 4)) (EQUAL (F4 X Y Q) 4)). But simplification reduces this to T, using the :definition F4 and the :executable-counterparts of EQUAL and NOT. Subgoal *1/1 (IMPLIES (AND (P X) Q (EQUAL (F4 Y (DN X) (NOT Q)) 4)) (EQUAL (F4 X Y Q) 4)). But simplification reduces this to T, using the :congruence rule IFF- IMPLIES-EQUAL-NOT, the :definition F4 and the :executable-counterparts of EQUAL and NOT. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-105 ...) Rules: ((:CONGRUENCE IFF-IMPLIES-EQUAL-NOT) (:DEFINITION F4) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART NOT) (:INDUCTION F4)) Warnings: None Time: 0.05 seconds (prove: 0.01, print: 0.04, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-105 ACL2 >>(DEFUN FLATTEN! (X) (DECLARE (XARGS :MEASURE (M2 (CC X) (CC (CAR X))))) (IF (ATOM X) (CONS X NIL) (IF (ATOM (CAR X)) (CONS (CAR X) (FLATTEN! (CDR X))) (FLATTEN! (CONS (CAAR X) (CONS (CDAR X) (CDR X))))))) For the admission of FLATTEN! we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (M2 (CC X) (CC (CAR X))). The non-trivial part of the measure conjecture is Goal (AND (O-P (M2 (CC X) (CC (CAR X)))) (IMPLIES (AND (NOT (ATOM X)) (NOT (ATOM (CAR X)))) (O< (M2 (CC (LIST* (CAAR X) (CDAR X) (CDR X))) (CC (CAR (LIST* (CAAR X) (CDAR X) (CDR X))))) (M2 (CC X) (CC (CAR X))))) (IMPLIES (AND (NOT (ATOM X)) (ATOM (CAR X))) (O< (M2 (CC (CDR X)) (CC (CADR X))) (M2 (CC X) (CC (CAR X)))))). By the simple :definitions ATOM and M2 and the simple :rewrite rule CAR-CONS we reduce the conjecture to the following three conjectures. Subgoal 3 (O-P (CONS (CONS 1 (+ 1 (CC X))) (CC (CAR X)))). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR, O-FINP-CR and POSP-CR, the :definitions O-FIRST-COEFF, O-FIRST-EXPT, O-P and O-RST, the :executable-counterparts of EQUAL, O-P and O<, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, O-FIRST-EXPT-DEF-O-FINP and O-P-DEF-O-FINP-1 and the :type- prescription rule CC. Subgoal 2 (IMPLIES (AND (CONSP X) (CONSP (CAR X))) (O< (CONS (CONS 1 (+ 1 (CC (LIST* (CAAR X) (CDAR X) (CDR X))))) (CC (CAAR X))) (CONS (CONS 1 (+ 1 (CC X))) (CC (CAR X))))). But simplification reduces this to T, using the :compound-recognizer rule O-FINP-CR, the :definitions CC, O-FIRST-COEFF, O-FIRST-EXPT, O- RST, O< and SYNP, the :executable-counterparts of BINARY-+ and EQUAL, linear arithmetic, primitive type reasoning, the :rewrite rules CAR- CONS, CDR-CONS, COMMUTATIVITY-2-OF-+, COMMUTATIVITY-OF-+, FOLD-CONSTS- IN-+ and O-FINP-< and the :type-prescription rule CC. Subgoal 1 (IMPLIES (AND (CONSP X) (NOT (CONSP (CAR X)))) (O< (CONS (CONS 1 (+ 1 (CC (CDR X)))) (CC (CADR X))) (CONS (CONS 1 (+ 1 (CC X))) (CC (CAR X))))). But simplification reduces this to T, using the :compound-recognizer rule O-FINP-CR, the :definitions CC, FIX, O-FIRST-COEFF, O-FIRST-EXPT and SYNP, the :executable-counterparts of BINARY-+ and EQUAL, linear arithmetic, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, FOLD-CONSTS-IN-+, O-FIRST-COEFF-< and UNICITY-OF-0 and the :type-prescription rule CC. Q.E.D. That completes the proof of the measure theorem for FLATTEN!. Thus, we admit this function under the principle of definition. We observe that the type of FLATTEN! is described by the theorem (AND (CONSP (FLATTEN! X)) (TRUE-LISTP (FLATTEN! X))). We used primitive type reasoning. Summary Form: ( DEFUN FLATTEN! ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:COMPOUND-RECOGNIZER POSP-CR) (:DEFINITION ATOM) (:DEFINITION CC) (:DEFINITION FIX) (:DEFINITION M2) (:DEFINITION NOT) (:DEFINITION O-FIRST-COEFF) (:DEFINITION O-FIRST-EXPT) (:DEFINITION O-P) (:DEFINITION O-RST) (:DEFINITION O<) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART O-P) (:EXECUTABLE-COUNTERPART O<) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE COMMUTATIVITY-2-OF-+) (:REWRITE COMMUTATIVITY-OF-+) (:REWRITE FOLD-CONSTS-IN-+) (:REWRITE O-FINP-<) (:REWRITE O-FIRST-COEFF-<) (:REWRITE O-FIRST-EXPT-DEF-O-FINP) (:REWRITE O-P-DEF-O-FINP-1) (:REWRITE UNICITY-OF-0) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.38 seconds (prove: 0.33, print: 0.03, other: 0.02) FLATTEN! ACL2 >>(THEOREM PROBLEM-107 (EQUAL (FLATTEN! X) (FLATTEN X)) :HINTS (("Goal" :INDUCT (FLATTEN! X) :IN-THEORY (ENABLE PROBLEM-40)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (FLATTEN! X). This suggestion was produced using the :induction rule FLATTEN!. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ATOM X)) (NOT (ATOM (CAR X))) (:P (LIST* (CAAR X) (CDAR X) (CDR X)))) (:P X)) (IMPLIES (AND (NOT (ATOM X)) (ATOM (CAR X)) (:P (CDR X))) (:P X)) (IMPLIES (ATOM X) (:P X))). This induction is justified by the same argument used to admit FLATTEN!, namely, the measure (M2 (CC X) (CC (CAR X))) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (AND (NOT (ATOM X)) (NOT (ATOM (CAR X))) (EQUAL (FLATTEN! (LIST* (CAAR X) (CDAR X) (CDR X))) (FLATTEN (LIST* (CAAR X) (CDAR X) (CDR X))))) (EQUAL (FLATTEN! X) (FLATTEN X))). By the simple :definition ATOM we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (CONSP X) (CONSP (CAR X)) (EQUAL (FLATTEN! (LIST* (CAAR X) (CDAR X) (CDR X))) (FLATTEN (LIST* (CAAR X) (CDAR X) (CDR X))))) (EQUAL (FLATTEN! X) (FLATTEN X))). But simplification reduces this to T, using the :definitions FLATTEN and FLATTEN!, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and PROBLEM-40. Subgoal *1/2 (IMPLIES (AND (NOT (ATOM X)) (ATOM (CAR X)) (EQUAL (FLATTEN! (CDR X)) (FLATTEN (CDR X)))) (EQUAL (FLATTEN! X) (FLATTEN X))). By the simple :definition ATOM we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (CONSP (CAR X))) (EQUAL (FLATTEN! (CDR X)) (FLATTEN (CDR X)))) (EQUAL (FLATTEN! X) (FLATTEN X))). But simplification reduces this to T, using the :definitions APP, FLATTEN and FLATTEN!, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1 (IMPLIES (ATOM X) (EQUAL (FLATTEN! X) (FLATTEN X))). By the simple :definition ATOM we reduce the conjecture to Subgoal *1/1' (IMPLIES (NOT (CONSP X)) (EQUAL (FLATTEN! X) (FLATTEN X))). But simplification reduces this to T, using the :definitions FLATTEN and FLATTEN! and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-107 ...) Rules: ((:DEFINITION APP) (:DEFINITION ATOM) (:DEFINITION FLATTEN) (:DEFINITION FLATTEN!) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION FLATTEN!) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-40)) Warnings: None Time: 0.28 seconds (prove: 0.22, print: 0.04, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-107 ACL2 >>(DEFUN GOPHER (X) (DECLARE (XARGS :MEASURE (CC (CAR X)))) (IF (OR (ATOM X) (ATOM (CAR X))) X (GOPHER (CONS (CAR (CAR X)) (CONS (CDR (CAR X)) (CDR X)))))) For the admission of GOPHER we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (CC (CAR X)). The non-trivial part of the measure conjecture is Goal (AND (O-P (CC (CAR X))) (IMPLIES (NOT (OR (ATOM X) (ATOM (CAR X)))) (O< (CC (CAR (LIST* (CAAR X) (CDAR X) (CDR X)))) (CC (CAR X))))). By the simple :rewrite rule CAR-CONS we reduce the conjecture to the following two conjectures. Subgoal 2 (O-P (CC (CAR X))). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR and O-FINP-CR, the :rewrite rule O-P-DEF-O-FINP-1 and the :type-prescription rule CC. Subgoal 1 (IMPLIES (NOT (OR (ATOM X) (ATOM (CAR X)))) (O< (CC (CAAR X)) (CC (CAR X)))). This simplifies, using the :compound-recognizer rule O-FINP-CR, the :definitions ATOM and O< and the :type-prescription rule CC, to Subgoal 1' (IMPLIES (AND (CONSP X) (CONSP (CAR X))) (< (CC (CAAR X)) (CC (CAR X)))). The destructor terms (CAR X) and (CDR X) can be eliminated. Furthermore, those terms are at the root of a chain of two rounds of destructor elimination. (1) Use CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. (2) Use CAR-CDR-ELIM, again, to replace X1 by (CONS X3 X4), (CAR X1) by X3 and (CDR X1) by X4. These steps produce the following goal. Subgoal 1'' (IMPLIES (AND (CONSP (CONS X3 X4)) (CONSP (CONS (CONS X3 X4) X2))) (< (CC X3) (CC (CONS X3 X4)))). This simplifies, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT and the :rewrite rules CAR- CONS and CDR-CONS, to Subgoal 1''' (< 0 (+ 1 (CC X4))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Q.E.D. That completes the proof of the measure theorem for GOPHER. Thus, we admit this function under the principle of definition. We could deduce no constraints on the type of GOPHER. Summary Form: ( DEFUN GOPHER ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:DEFINITION ATOM) (:DEFINITION CC) (:DEFINITION O<) (:ELIM CAR-CDR-ELIM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:META CANCEL_PLUS-LESSP-CORRECT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE O-P-DEF-O-FINP-1) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.21 seconds (prove: 0.16, print: 0.04, other: 0.01) GOPHER ACL2 >>(THEOREM PROBLEM-108A (<= (CC (GOPHER X)) (CC X)) :HINTS (("Goal" :INDUCT (GOPHER X))) :RULE-CLASSES :LINEAR) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (GOPHER X). This suggestion was produced using the :induction rule GOPHER. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (OR (ATOM X) (ATOM (CAR X)))) (:P (LIST* (CAAR X) (CDAR X) (CDR X)))) (:P X)) (IMPLIES (OR (ATOM X) (ATOM (CAR X))) (:P X))). This induction is justified by the same argument used to admit GOPHER, namely, the measure (CC (CAR X)) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (AND (NOT (OR (ATOM X) (ATOM (CAR X)))) (<= (CC (GOPHER (LIST* (CAAR X) (CDAR X) (CDR X)))) (CC (LIST* (CAAR X) (CDAR X) (CDR X))))) (<= (CC (GOPHER X)) (CC X))). But simplification reduces this to T, using the :definitions ATOM, CC, GOPHER and SYNP, the :executable-counterpart of BINARY-+, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS, COMMUTATIVITY- 2-OF-+, COMMUTATIVITY-OF-+ and FOLD-CONSTS-IN-+. Subgoal *1/1 (IMPLIES (OR (ATOM X) (ATOM (CAR X))) (<= (CC (GOPHER X)) (CC X))). This simplifies, using the :definitions ATOM, CC and GOPHER and the :executable-counterpart of <, to Subgoal *1/1' (IMPLIES (NOT (CONSP (CAR X))) (<= (CC X) (CC X))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-108A ...) Rules: ((:DEFINITION ATOM) (:DEFINITION CC) (:DEFINITION GOPHER) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART BINARY-+) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION GOPHER) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE COMMUTATIVITY-2-OF-+) (:REWRITE COMMUTATIVITY-OF-+) (:REWRITE FOLD-CONSTS-IN-+) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.36 seconds (prove: 0.19, print: 0.16, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-108A ACL2 >>(THEOREM PROBLEM-108B (EQUAL (CONSP (GOPHER X)) (CONSP X)) :HINTS (("Goal" :INDUCT (GOPHER X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (GOPHER X). This suggestion was produced using the :induction rule GOPHER. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (OR (ATOM X) (ATOM (CAR X)))) (:P (LIST* (CAAR X) (CDAR X) (CDR X)))) (:P X)) (IMPLIES (OR (ATOM X) (ATOM (CAR X))) (:P X))). This induction is justified by the same argument used to admit GOPHER, namely, the measure (CC (CAR X)) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (AND (NOT (OR (ATOM X) (ATOM (CAR X)))) (EQUAL (CONSP (GOPHER (LIST* (CAAR X) (CDAR X) (CDR X)))) (CONSP (LIST* (CAAR X) (CDAR X) (CDR X))))) (EQUAL (CONSP (GOPHER X)) (CONSP X))). But simplification reduces this to T, using the :definitions ATOM and GOPHER, the :executable-counterpart of EQUAL and primitive type reasoning. Subgoal *1/1 (IMPLIES (OR (ATOM X) (ATOM (CAR X))) (EQUAL (CONSP (GOPHER X)) (CONSP X))). But simplification reduces this to T, using the :definitions ATOM and GOPHER, the :executable-counterpart of EQUAL and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-108B ...) Rules: ((:DEFINITION ATOM) (:DEFINITION GOPHER) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION GOPHER)) Warnings: None Time: 0.18 seconds (prove: 0.13, print: 0.04, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-108B ACL2 >>(THEOREM PROBLEM-108C (IMPLIES (CONSP X) (< (CC (CDR X)) (CC X))) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-85))) :RULE-CLASSES :LINEAR) [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using linear arithmetic, the :linear rule PROBLEM-85 and the :type-prescription rule CC. Q.E.D. Summary Form: ( DEFTHM PROBLEM-108C ...) Rules: ((:FAKE-RUNE-FOR-LINEAR NIL) (:LINEAR PROBLEM-85) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.03 seconds (prove: 0.01, print: 0.01, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-108C ACL2 >>(THEOREM PROBLEM-108D (IMPLIES (CONSP X) (< (CC (CDR (GOPHER X))) (CC X))) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-108A PROBLEM-108B PROBLEM-108C)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using linear arithmetic, the :linear rules PROBLEM-108A and PROBLEM-108C, the :rewrite rule PROBLEM- 108B and the :type-prescription rule CC. Q.E.D. Summary Form: ( DEFTHM PROBLEM-108D ...) Rules: ((:FAKE-RUNE-FOR-LINEAR NIL) (:LINEAR PROBLEM-108A) (:LINEAR PROBLEM-108C) (:REWRITE PROBLEM-108B) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.07 seconds (prove: 0.04, print: 0.00, other: 0.03) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-108D ACL2 >>(DEFUN SAMEFRINGE (X Y) (DECLARE (XARGS :MEASURE (CC X) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-108D))))) (IF (OR (ATOM X) (ATOM Y)) (EQUAL X Y) (AND (EQUAL (CAR (GOPHER X)) (CAR (GOPHER Y))) (SAMEFRINGE (CDR (GOPHER X)) (CDR (GOPHER Y)))))) For the admission of SAMEFRINGE we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (CC X). The non-trivial part of the measure conjecture is Goal (AND (O-P (CC X)) (IMPLIES (AND (NOT (OR (ATOM X) (ATOM Y))) (EQUAL (CAR (GOPHER X)) (CAR (GOPHER Y)))) (O< (CC (CDR (GOPHER X))) (CC X)))). [Note: A hint was supplied for our processing of the goal above. Thanks!] By case analysis we reduce the conjecture to the following two conjectures. Subgoal 2 (O-P (CC X)). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR and O-FINP-CR, the :rewrite rule O-P-DEF-O-FINP-1 and the :type-prescription rule CC. Subgoal 1 (IMPLIES (AND (NOT (OR (ATOM X) (ATOM Y))) (EQUAL (CAR (GOPHER X)) (CAR (GOPHER Y)))) (O< (CC (CDR (GOPHER X))) (CC X))). But simplification reduces this to T, using the :compound-recognizer rule O-FINP-CR, the :definition ATOM, the :rewrite rules O-FINP-< and PROBLEM-108D and the :type-prescription rule CC. Q.E.D. That completes the proof of the measure theorem for SAMEFRINGE. Thus, we admit this function under the principle of definition. We observe that the type of SAMEFRINGE is described by the theorem (OR (EQUAL (SAMEFRINGE X Y) T) (EQUAL (SAMEFRINGE X Y) NIL)). We used primitive type reasoning. Summary Form: ( DEFUN SAMEFRINGE ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:DEFINITION ATOM) (:DEFINITION NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE O-FINP-<) (:REWRITE O-P-DEF-O-FINP-1) (:REWRITE PROBLEM-108D) (:TYPE-PRESCRIPTION CC)) Warnings: None Time: 0.15 seconds (prove: 0.09, print: 0.02, other: 0.04) SAMEFRINGE ACL2 >>(THEOREM PROBLEM-109A (EQUAL (CAR (GOPHER X)) (IF (CONSP X) (CAR (FLATTEN X)) NIL)) :HINTS (("Goal" :INDUCT (GOPHER X) :IN-THEORY (ENABLE PROBLEM-40)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (GOPHER X). This suggestion was produced using the :induction rule GOPHER. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (OR (ATOM X) (ATOM (CAR X)))) (:P (LIST* (CAAR X) (CDAR X) (CDR X)))) (:P X)) (IMPLIES (OR (ATOM X) (ATOM (CAR X))) (:P X))). This induction is justified by the same argument used to admit GOPHER, namely, the measure (CC (CAR X)) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (AND (NOT (OR (ATOM X) (ATOM (CAR X)))) (EQUAL (CAR (GOPHER (LIST* (CAAR X) (CDAR X) (CDR X)))) (AND (CONSP (LIST* (CAAR X) (CDAR X) (CDR X))) (CAR (FLATTEN (LIST* (CAAR X) (CDAR X) (CDR X))))))) (EQUAL (CAR (GOPHER X)) (AND (CONSP X) (CAR (FLATTEN X))))). But simplification reduces this to T, using the :definitions ATOM, FLATTEN and GOPHER, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and PROBLEM-40. Subgoal *1/1 (IMPLIES (OR (ATOM X) (ATOM (CAR X))) (EQUAL (CAR (GOPHER X)) (AND (CONSP X) (CAR (FLATTEN X))))). This simplifies, using the :definitions ATOM and GOPHER, the :executable- counterpart of EQUAL and the :rewrite rule DEFAULT-CAR, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (NOT (CONSP (CAR X))) (CONSP X)) (EQUAL (CAR X) (CAR (FLATTEN X)))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal *1/1.2' (IMPLIES (AND (CONSP (CONS X1 X2)) (NOT (CONSP X1))) (EQUAL X1 (CAR (FLATTEN (CONS X1 X2))))). But simplification reduces this to T, using the :definitions APP and FLATTEN, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1.1 (IMPLIES (AND (NOT (CONSP (CAR X))) (NOT (CONSP X))) (EQUAL (CAR X) NIL)). But simplification reduces this to T, using trivial observations. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-109A ...) Rules: ((:DEFINITION APP) (:DEFINITION ATOM) (:DEFINITION FLATTEN) (:DEFINITION GOPHER) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION GOPHER) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-CAR) (:REWRITE PROBLEM-40)) Warnings: None Time: 0.31 seconds (prove: 0.27, print: 0.03, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-109A ACL2 >>(THEOREM PROBLEM-109B (EQUAL (FLATTEN (CDR (GOPHER X))) (IF (CONSP X) (CDR (FLATTEN X)) (CONS NIL NIL))) :HINTS (("Goal" :INDUCT (GOPHER X) :IN-THEORY (ENABLE PROBLEM-40)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (GOPHER X). This suggestion was produced using the :induction rule GOPHER. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (OR (ATOM X) (ATOM (CAR X)))) (:P (LIST* (CAAR X) (CDAR X) (CDR X)))) (:P X)) (IMPLIES (OR (ATOM X) (ATOM (CAR X))) (:P X))). This induction is justified by the same argument used to admit GOPHER, namely, the measure (CC (CAR X)) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (AND (NOT (OR (ATOM X) (ATOM (CAR X)))) (EQUAL (FLATTEN (CDR (GOPHER (LIST* (CAAR X) (CDAR X) (CDR X))))) (IF (CONSP (LIST* (CAAR X) (CDAR X) (CDR X))) (CDR (FLATTEN (LIST* (CAAR X) (CDAR X) (CDR X)))) '(NIL)))) (EQUAL (FLATTEN (CDR (GOPHER X))) (IF (CONSP X) (CDR (FLATTEN X)) '(NIL)))). But simplification reduces this to T, using the :definitions ATOM, FLATTEN and GOPHER, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and PROBLEM-40. Subgoal *1/1 (IMPLIES (OR (ATOM X) (ATOM (CAR X))) (EQUAL (FLATTEN (CDR (GOPHER X))) (IF (CONSP X) (CDR (FLATTEN X)) '(NIL)))). This simplifies, using the :definitions ATOM and GOPHER, the :executable- counterparts of EQUAL and FLATTEN and the :rewrite rule DEFAULT-CDR, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (NOT (CONSP (CAR X))) (CONSP X)) (EQUAL (FLATTEN (CDR X)) (CDR (FLATTEN X)))). But simplification reduces this to T, using the :definitions APP and FLATTEN, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/1.1 (IMPLIES (AND (NOT (CONSP (CAR X))) (NOT (CONSP X))) (EQUAL (FLATTEN (CDR X)) '(NIL))). But simplification reduces this to T, using the :executable-counterparts of CONSP, EQUAL and FLATTEN and the :rewrite rules DEFAULT-CAR and DEFAULT-CDR. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-109B ...) Rules: ((:DEFINITION APP) (:DEFINITION ATOM) (:DEFINITION FLATTEN) (:DEFINITION GOPHER) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART FLATTEN) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION GOPHER) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-CAR) (:REWRITE DEFAULT-CDR) (:REWRITE PROBLEM-40)) Warnings: None Time: 0.46 seconds (prove: 0.23, print: 0.22, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-109B ACL2 >>(THEOREM PROBLEM-109C (EQUAL (EQUAL (CONS E NIL) (APP X Y)) (IF (CONSP X) (AND (EQUAL (CAR X) E) (ATOM (CDR X)) (EQUAL Y NIL)) (EQUAL Y (CONS E NIL)))) :HINTS (("Goal" :INDUCT (APP X Y)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP X Y). This suggestion was produced using the :induction rule APP. If we let (:P E X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E X Y)) (IMPLIES (AND (CONSP X) (:P E (CDR X) Y)) (:P E X Y))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (EQUAL (LIST E) (APP X Y)) (IF (CONSP X) (AND (EQUAL (CAR X) E) (ATOM (CDR X)) (EQUAL Y NIL)) (EQUAL Y (LIST E))))). This simplifies, using the :definition APP and primitive type reasoning, to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP X)) (EQUAL (LIST E) Y)) (EQUAL (EQUAL Y (LIST E)) T)). But simplification reduces this to T, using the :executable-counterpart of EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (EQUAL (LIST E) (APP (CDR X) Y)) (IF (CONSP (CDR X)) (AND (EQUAL (CADR X) E) (ATOM (CDDR X)) (EQUAL Y NIL)) (EQUAL Y (LIST E))))) (EQUAL (EQUAL (LIST E) (APP X Y)) (IF (CONSP X) (AND (EQUAL (CAR X) E) (ATOM (CDR X)) (EQUAL Y NIL)) (EQUAL Y (LIST E))))). This simplifies, using the :definitions APP and ATOM, the :executable- counterpart of EQUAL, primitive type reasoning, the :rewrite rules CDR-CONS and CONS-EQUAL and the :type-prescription rule APP, to the following four conjectures. Subgoal *1/1.4 (IMPLIES (AND (CONSP X) (NOT (EQUAL (LIST E) (APP (CDR X) Y))) (CONSP (CDR X)) (CONSP (CDDR X)) (EQUAL E (CAR X))) (APP (CDR X) Y)). This simplifies, using the :definition APP, primitive type reasoning and the :rewrite rule CONS-EQUAL, to the following two conjectures. Subgoal *1/1.4.2 (IMPLIES (AND (CONSP X) (NOT (EQUAL (CAR X) (CADR X))) (CONSP (CDR X)) (CONSP (CDDR X))) (CONS (CADR X) (APP (CDDR X) Y))). But simplification reduces this to T, using primitive type reasoning. Subgoal *1/1.4.1 (IMPLIES (AND (CONSP X) (APP (CDDR X) Y) (CONSP (CDR X)) (CONSP (CDDR X))) (CONS (CADR X) (APP (CDDR X) Y))). But simplification reduces this to T, using primitive type reasoning. Subgoal *1/1.3 (IMPLIES (AND (CONSP X) (NOT (EQUAL (LIST E) (APP (CDR X) Y))) (NOT (CONSP (CDR X))) (NOT (EQUAL Y (LIST E))) (EQUAL E (CAR X)) (NOT (APP (CDR X) Y))) (NOT Y)). But simplification reduces this to T, using the :type-prescription rule APP. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (NOT (EQUAL (LIST E) (APP (CDR X) NIL))) (NOT (CONSP (CDR X))) (LIST E) (EQUAL E (CAR X)) (APP (CDR X) NIL)) Y). But simplification reduces this to T, using the :definition APP and primitive type reasoning. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (NOT (EQUAL (LIST E) (APP (CDR X) Y))) (CONSP (CDR X)) (NOT (EQUAL (CADR X) E)) (EQUAL E (CAR X))) (APP (CDR X) Y)). This simplifies, using primitive type reasoning, to Subgoal *1/1.1' (IMPLIES (AND (CONSP X) (CONSP (CDR X)) (NOT (EQUAL (CADR X) (CAR X)))) (APP (CDR X) Y)). The destructor terms (CAR X) and (CDR X) can be eliminated. Furthermore, those terms are at the root of a chain of two rounds of destructor elimination. (1) Use CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. (2) Use CAR-CDR-ELIM, again, to replace X2 by (CONS X3 X4), (CAR X2) by X3 and (CDR X2) by X4. These steps produce the following goal. Subgoal *1/1.1'' (IMPLIES (AND (CONSP (CONS X3 X4)) (CONSP (LIST* X1 X3 X4)) (NOT (EQUAL X3 X1))) (APP (CONS X3 X4) Y)). This simplifies, using the :definition APP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS, to Subgoal *1/1.1''' (IMPLIES (NOT (EQUAL X3 X1)) (CONS X3 (APP X4 Y))). But simplification reduces this to T, using primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-109C ...) Rules: ((:DEFINITION APP) (:DEFINITION ATOM) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE CONS-EQUAL) (:TYPE-PRESCRIPTION APP)) Warnings: None Time: 0.17 seconds (prove: 0.05, print: 0.12, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-109C ACL2 >>(THEOREM PROBLEM-109D (EQUAL (EQUAL (FLATTEN X) (CONS A NIL)) (AND (ATOM X) (EQUAL X A))) :HINTS (("Goal" :INDUCT (FLATTEN X) :IN-THEORY (ENABLE PROBLEM-40 PROBLEM-109C)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (FLATTEN X). This suggestion was produced using the :induction rule FLATTEN. If we let (:P A X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P A X)) (IMPLIES (AND (CONSP X) (:P A (CAR X)) (:P A (CDR X))) (:P A X))). This induction is justified by the same argument used to admit FLATTEN, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (EQUAL (FLATTEN X) (LIST A)) (AND (ATOM X) (EQUAL X A)))). But simplification reduces this to T, using the :definition FLATTEN, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rule CONS-EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (EQUAL (FLATTEN (CAR X)) (LIST A)) (AND (ATOM (CAR X)) (EQUAL (CAR X) A))) (EQUAL (EQUAL (FLATTEN (CDR X)) (LIST A)) (AND (ATOM (CDR X)) (EQUAL (CDR X) A)))) (EQUAL (EQUAL (FLATTEN X) (LIST A)) (AND (ATOM X) (EQUAL X A)))). But simplification reduces this to T, using the :definitions ATOM and FLATTEN, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules PROBLEM-109C and PROBLEM-40 and the :type-prescription rules APP and FLATTEN. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-109D ...) Rules: ((:DEFINITION ATOM) (:DEFINITION FLATTEN) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION FLATTEN) (:REWRITE CONS-EQUAL) (:REWRITE PROBLEM-109C) (:REWRITE PROBLEM-40) (:TYPE-PRESCRIPTION APP) (:TYPE-PRESCRIPTION FLATTEN)) Warnings: None Time: 0.10 seconds (prove: 0.06, print: 0.02, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-109D ACL2 >>(THEOREM PROBLEM-109 (EQUAL (SAMEFRINGE X Y) (EQUAL (FLATTEN X) (FLATTEN Y))) :HINTS (("Goal" :INDUCT (SAMEFRINGE X Y) :IN-THEORY (ENABLE PROBLEM-109A PROBLEM-109B PROBLEM-109D)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (SAMEFRINGE X Y). This suggestion was produced using the :induction rule SAMEFRINGE. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (OR (ATOM X) (ATOM Y))) (NOT (EQUAL (CAR (GOPHER X)) (CAR (GOPHER Y))))) (:P X Y)) (IMPLIES (AND (NOT (OR (ATOM X) (ATOM Y))) (EQUAL (CAR (GOPHER X)) (CAR (GOPHER Y))) (:P (CDR (GOPHER X)) (CDR (GOPHER Y)))) (:P X Y)) (IMPLIES (OR (ATOM X) (ATOM Y)) (:P X Y))). This induction is justified by the same argument used to admit SAMEFRINGE, namely, the measure (CC X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable Y is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (AND (NOT (OR (ATOM X) (ATOM Y))) (NOT (EQUAL (CAR (GOPHER X)) (CAR (GOPHER Y))))) (EQUAL (SAMEFRINGE X Y) (EQUAL (FLATTEN X) (FLATTEN Y)))). But simplification reduces this to T, using the :definitions ATOM and SAMEFRINGE, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rule PROBLEM-109A and the :type-prescription rule FLATTEN. Subgoal *1/2 (IMPLIES (AND (NOT (OR (ATOM X) (ATOM Y))) (EQUAL (CAR (GOPHER X)) (CAR (GOPHER Y))) (EQUAL (SAMEFRINGE (CDR (GOPHER X)) (CDR (GOPHER Y))) (EQUAL (FLATTEN (CDR (GOPHER X))) (FLATTEN (CDR (GOPHER Y)))))) (EQUAL (SAMEFRINGE X Y) (EQUAL (FLATTEN X) (FLATTEN Y)))). But simplification reduces this to T, using the :definitions ATOM and SAMEFRINGE, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules PROBLEM-109A and PROBLEM-109B and the :type-prescription rule FLATTEN. Subgoal *1/1 (IMPLIES (OR (ATOM X) (ATOM Y)) (EQUAL (SAMEFRINGE X Y) (EQUAL (FLATTEN X) (FLATTEN Y)))). This simplifies, using the :definitions ATOM, FLATTEN and SAMEFRINGE, primitive type reasoning and the :rewrite rule PROBLEM-109D, to Subgoal *1/1' (IMPLIES (AND (NOT (CONSP X)) (EQUAL X Y)) (NOT (CONSP Y))). But simplification reduces this to T, using trivial observations. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-109 ...) Rules: ((:DEFINITION ATOM) (:DEFINITION FLATTEN) (:DEFINITION SAMEFRINGE) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION SAMEFRINGE) (:REWRITE PROBLEM-109A) (:REWRITE PROBLEM-109B) (:REWRITE PROBLEM-109D) (:TYPE-PRESCRIPTION FLATTEN)) Warnings: None Time: 0.41 seconds (prove: 0.35, print: 0.05, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-109 ACL2 >>(DEFUN REL (FN X Y) (IF (EQUAL FN '<<=) (<<= X Y) (IF (EQUAL FN '>>=) (<<= Y X) (IF (EQUAL FN '<<) (AND (<<= X Y) (NOT (EQUAL X Y))) (AND (<<= Y X) (NOT (EQUAL X Y))))))) Since REL is non-recursive, its admission is trivial. We observe that the type of REL is described by the theorem (OR (EQUAL (REL FN X Y) T) (EQUAL (REL FN X Y) NIL)). We used the :type-prescription rule <<=. Summary Form: ( DEFUN REL ...) Rules: ((:TYPE-PRESCRIPTION <<=)) Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.01, other: 0.02) REL ACL2 >>(DEFUN FILTER (FN X E) (COND ((ENDP X) NIL) ((REL FN (CAR X) E) (CONS (CAR X) (FILTER FN (CDR X) E))) (T (FILTER FN (CDR X) E)))) The admission of FILTER is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of FILTER is described by the theorem (TRUE-LISTP (FILTER FN X E)). We used primitive type reasoning. Summary Form: ( DEFUN FILTER ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) FILTER ACL2 >>(THEOREM PROBLEM-111A (<= (CC (FILTER FN X E)) (CC X)) :HINTS (("Goal" :INDUCT (CC X))) :RULE-CLASSES :LINEAR) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (CC X). This suggestion was produced using the :induction rule CC. If we let (:P E FN X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E FN X)) (IMPLIES (AND (CONSP X) (:P E FN (CAR X)) (:P E FN (CDR X))) (:P E FN X))). This induction is justified by the same argument used to admit CC, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (<= (CC (FILTER FN X E)) (CC X))). But simplification reduces this to T, using the :definitions CC and FILTER and the :executable-counterparts of < and CC. Subgoal *1/1 (IMPLIES (AND (CONSP X) (<= (CC (FILTER FN (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER FN (CDR X) E)) (CC (CDR X)))) (<= (CC (FILTER FN X E)) (CC X))). This simplifies, using the :definitions <<=, CC, FILTER and REL and the :executable-counterpart of EQUAL, to the following ten conjectures. Subgoal *1/1.10 (IMPLIES (AND (CONSP X) (<= (CC (FILTER '<<= (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER '<<= (CDR X) E)) (CC (CDR X))) (EQUAL FN '<<=) (LEXORDER (CAR X) E)) (<= (CC (CONS (CAR X) (FILTER '<<= (CDR X) E))) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.9 (IMPLIES (AND (CONSP X) (<= (CC (FILTER '<<= (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER '<<= (CDR X) E)) (CC (CDR X))) (EQUAL FN '<<=) (NOT (LEXORDER (CAR X) E))) (<= (CC (FILTER '<<= (CDR X) E)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/1.8 (IMPLIES (AND (CONSP X) (<= (CC (FILTER FN (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER FN (CDR X) E)) (CC (CDR X))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (LEXORDER E (CAR X)) (EQUAL (CAR X) E)) (<= (CC (FILTER FN (CDR X) E)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/1.7 (IMPLIES (AND (CONSP X) (<= (CC (FILTER '>>= (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER '>>= (CDR X) E)) (CC (CDR X))) (EQUAL FN '>>=) (NOT (LEXORDER E (CAR X)))) (<= (CC (FILTER '>>= (CDR X) E)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/1.6 (IMPLIES (AND (CONSP X) (<= (CC (FILTER '>>= (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER '>>= (CDR X) E)) (CC (CDR X))) (EQUAL FN '>>=) (LEXORDER E (CAR X))) (<= (CC (CONS (CAR X) (FILTER '>>= (CDR X) E))) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.5 (IMPLIES (AND (CONSP X) (<= (CC (FILTER '<< (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER '<< (CDR X) E)) (CC (CDR X))) (EQUAL FN '<<) (EQUAL (CAR X) E)) (<= (CC (FILTER '<< (CDR X) E)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/1.4 (IMPLIES (AND (CONSP X) (<= (CC (FILTER FN (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER FN (CDR X) E)) (CC (CDR X))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR X)))) (<= (CC (FILTER FN (CDR X) E)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/1.3 (IMPLIES (AND (CONSP X) (<= (CC (FILTER FN (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER FN (CDR X) E)) (CC (CDR X))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E))) (<= (CC (CONS (CAR X) (FILTER FN (CDR X) E))) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (<= (CC (FILTER '<< (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER '<< (CDR X) E)) (CC (CDR X))) (EQUAL FN '<<) (NOT (LEXORDER (CAR X) E))) (<= (CC (FILTER '<< (CDR X) E)) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (<= (CC (FILTER '<< (CAR X) E)) (CC (CAR X))) (<= (CC (FILTER '<< (CDR X) E)) (CC (CDR X))) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E))) (<= (CC (CONS (CAR X) (FILTER '<< (CDR X) E))) (+ 1 (CC (CAR X)) (CC (CDR X))))). But simplification reduces this to T, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111A ...) Rules: ((:DEFINITION <<=) (:DEFINITION CC) (:DEFINITION FILTER) (:DEFINITION REL) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART CC) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION CC) (:META CANCEL_PLUS-LESSP-CORRECT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION CC) (:TYPE-PRESCRIPTION FILTER)) Warnings: None Time: 0.73 seconds (prove: 0.55, print: 0.17, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-111A ACL2 >>(DEFUN QSORT (X) (DECLARE (XARGS :MEASURE (CC X))) (IF (ENDP X) NIL (IF (ENDP (CDR X)) X (APP (QSORT (FILTER '<< (CDR X) (CAR X))) (CONS (CAR X) (QSORT (FILTER '>>= (CDR X) (CAR X)))))))) For the admission of QSORT we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (CC X). The non-trivial part of the measure conjecture is Goal (AND (O-P (CC X)) (IMPLIES (AND (NOT (ENDP X)) (NOT (ENDP (CDR X)))) (O< (CC (FILTER '>>= (CDR X) (CAR X))) (CC X))) (IMPLIES (AND (NOT (ENDP X)) (NOT (ENDP (CDR X)))) (O< (CC (FILTER '<< (CDR X) (CAR X))) (CC X)))). By the simple :definition ENDP we reduce the conjecture to the following three conjectures. Subgoal 3 (O-P (CC X)). But simplification reduces this to T, using the :compound-recognizer rules NATP-CR and O-FINP-CR, the :rewrite rule O-P-DEF-O-FINP-1 and the :type-prescription rule CC. Subgoal 2 (IMPLIES (AND (CONSP X) (CONSP (CDR X))) (O< (CC (FILTER '>>= (CDR X) (CAR X))) (CC X))). This simplifies, using the :compound-recognizer rule O-FINP-CR, the :definitions CC and O<, primitive type reasoning and the :type-prescription rule CC, to Subgoal 2' (IMPLIES (AND (CONSP X) (CONSP (CDR X))) (< (CC (FILTER '>>= (CDR X) (CAR X))) (+ 1 (CC (CAR X)) (CC (CDR X))))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal 2'' (IMPLIES (AND (CONSP (CONS X1 X2)) (CONSP X2)) (< (CC (FILTER '>>= X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using primitive type reasoning, to Subgoal 2''' (IMPLIES (CONSP X2) (< (CC (FILTER '>>= X2 X1)) (+ 1 (CC X1) (CC X2)))). Name the formula above *1. Subgoal 1 (IMPLIES (AND (CONSP X) (CONSP (CDR X))) (O< (CC (FILTER '<< (CDR X) (CAR X))) (CC X))). This simplifies, using the :compound-recognizer rule O-FINP-CR, the :definitions CC and O<, primitive type reasoning and the :type-prescription rule CC, to Subgoal 1' (IMPLIES (AND (CONSP X) (CONSP (CDR X))) (< (CC (FILTER '<< (CDR X) (CAR X))) (+ 1 (CC (CAR X)) (CC (CDR X))))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal 1'' (IMPLIES (AND (CONSP (CONS X1 X2)) (CONSP X2)) (< (CC (FILTER '<< X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using primitive type reasoning, to Subgoal 1''' (IMPLIES (CONSP X2) (< (CC (FILTER '<< X2 X1)) (+ 1 (CC X1) (CC X2)))). Name the formula above *2. Perhaps we can prove *2 by induction. Three induction schemes are suggested by this conjecture. These merge into two derived induction schemes. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (CC X2), but modified to accommodate (FILTER '<< X2 X1). These suggestions were produced using the :induction rules CC and FILTER. If we let (:P X1 X2) denote *2 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X2)) (:P X1 X2)) (IMPLIES (AND (CONSP X2) (:P X1 (CAR X2)) (:P X1 (CDR X2))) (:P X1 X2))). This induction is justified by the same argument used to admit CC, namely, the measure (ACL2-COUNT X2) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following four nontautological subgoals. Subgoal *2/4 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2))))) (< (CC (FILTER '<< X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using the :definitions <<=, CC, FILTER, REL and SYNP, the :executable-counterparts of BINARY-+ and EQUAL and the :rewrite rules COMMUTATIVITY-2-OF-+ and FOLD-CONSTS-IN-+, to the following three conjectures. Subgoal *2/4.3 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (NOT (LEXORDER (CAR X2) X1))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *2/4.2 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (LEXORDER (CAR X2) X1) (NOT (EQUAL (CAR X2) X1))) (< (CC (CONS (CAR X2) (FILTER '<< (CDR X2) X1))) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER, to Subgoal *2/4.2' (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (LEXORDER (CAR X2) X1) (NOT (EQUAL (CAR X2) X1))) (< (+ 1 (CC (FILTER '<< (CDR X2) X1))) (+ 2 (CC X1) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *2/4.1 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (EQUAL (CAR X2) X1)) (< (CC (FILTER '<< (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *2/3 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2))))) (< (CC (FILTER '<< X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using the :definitions <<=, CC, FILTER, REL and SYNP, the :executable-counterparts of BINARY-+ and EQUAL and the :rewrite rules COMMUTATIVITY-2-OF-+ and FOLD-CONSTS-IN-+, to the following three conjectures. Subgoal *2/3.3 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (NOT (LEXORDER (CAR X2) X1))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *2/3.2 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (LEXORDER (CAR X2) X1) (NOT (EQUAL (CAR X2) X1))) (< (CC (CONS (CAR X2) (FILTER '<< (CDR X2) X1))) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC and FIX, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS and UNICITY-OF-0 and the :type-prescription rules CC and FILTER, to Subgoal *2/3.2' (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (LEXORDER (CAR X2) X1) (NOT (EQUAL (CAR X2) X1))) (< (+ 1 (CC (FILTER '<< (CDR X2) X1))) (+ 2 (CC X1) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *2/3.1 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (EQUAL (CAR X2) X1)) (< (CC (FILTER '<< (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *2/2 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2)))) (< (CC (FILTER '<< X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using the :definitions <<=, CC, FILTER, REL and SYNP, the :executable-counterparts of BINARY-+ and EQUAL and the :rewrite rules COMMUTATIVITY-2-OF-+ and FOLD-CONSTS-IN-+, to the following three conjectures. Subgoal *2/2.3 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (NOT (LEXORDER (CAR X2) X1))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterpart of CC, the :rewrite rules COMMUTATIVITY-OF-+ and UNICITY- OF-0 and the :type-prescription rule CC, to Subgoal *2/2.3' (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (NOT (LEXORDER (CAR X2) X1))) (< 0 (+ 2 (CC X1) (CC (CAR X2))))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal *2/2.2 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (LEXORDER (CAR X2) X1) (NOT (EQUAL (CAR X2) X1))) (< (CC (CONS (CAR X2) (FILTER '<< (CDR X2) X1))) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterpart of CC, primitive type reasoning, the :meta rule CANCEL_- PLUS-LESSP-CORRECT, the :rewrite rules CAR-CONS, CDR-CONS, COMMUTATIVITY- OF-+ and UNICITY-OF-0 and the :type-prescription rule CC, to Subgoal *2/2.2' (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (LEXORDER (CAR X2) X1) (NOT (EQUAL (CAR X2) X1))) (< 1 (+ 2 (CC X1)))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *2/2.1 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (EQUAL (CAR X2) X1)) (< (CC (FILTER '<< (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterpart of CC, the :rewrite rules COMMUTATIVITY-OF-+ and UNICITY- OF-0 and the :type-prescription rule CC, to Subgoal *2/2.1' (IMPLIES (AND (CONSP X2) (< (CC (FILTER '<< (CAR X2) (CAR X2))) (+ 1 (CC (CAR X2)) (CC (CAR X2)))) (NOT (CONSP (CDR X2)))) (< 0 (+ 2 (CC (CAR X2)) (CC (CAR X2))))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal *2/1 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2)))) (< (CC (FILTER '<< X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using the :definitions <<=, CC, FILTER, REL and SYNP, the :executable-counterparts of BINARY-+ and EQUAL and the :rewrite rules COMMUTATIVITY-2-OF-+ and FOLD-CONSTS-IN-+, to the following three conjectures. Subgoal *2/1.3 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (NOT (LEXORDER (CAR X2) X1))) (< (CC (FILTER '<< (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterparts of BINARY-+ and CC, the :rewrite rules COMMUTATIVITY-OF- + and UNICITY-OF-0 and the :type-prescription rule CC, to Subgoal *2/1.3' (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (NOT (LEXORDER (CAR X2) X1))) (< 0 (+ 2 (CC X1)))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal *2/1.2 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (LEXORDER (CAR X2) X1) (NOT (EQUAL (CAR X2) X1))) (< (CC (CONS (CAR X2) (FILTER '<< (CDR X2) X1))) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterparts of BINARY-+ and CC, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, COMMUTATIVITY-OF-+ and UNICITY-OF-0 and the :type-prescription rule CC, to Subgoal *2/1.2' (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (LEXORDER (CAR X2) X1) (NOT (EQUAL (CAR X2) X1))) (< 1 (+ 2 (CC X1)))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *2/1.1 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (EQUAL (CAR X2) X1)) (< (CC (FILTER '<< (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). But simplification reduces this to T, using the :definitions CC and FILTER and the :executable-counterparts of <, BINARY-+ and CC. That completes the proof of *2. We therefore turn our attention to *1, which is (IMPLIES (CONSP X2) (< (CC (FILTER '>>= X2 X1)) (+ 1 (CC X1) (CC X2)))). Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. These merge into two derived induction schemes. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (CC X2), but modified to accommodate (FILTER '>>= X2 X1). These suggestions were produced using the :induction rules CC and FILTER. If we let (:P X1 X2) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X2)) (:P X1 X2)) (IMPLIES (AND (CONSP X2) (:P X1 (CAR X2)) (:P X1 (CDR X2))) (:P X1 X2))). This induction is justified by the same argument used to admit CC, namely, the measure (ACL2-COUNT X2) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O-P). When applied to the goal at hand the above induction scheme produces the following four nontautological subgoals. Subgoal *1/4 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2))))) (< (CC (FILTER '>>= X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using the :definitions <<=, CC, FILTER, REL and SYNP, the :executable-counterparts of BINARY-+ and EQUAL and the :rewrite rules COMMUTATIVITY-2-OF-+ and FOLD-CONSTS-IN-+, to the following two conjectures. Subgoal *1/4.2 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (LEXORDER X1 (CAR X2))) (< (CC (CONS (CAR X2) (FILTER '>>= (CDR X2) X1))) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definition CC, primitive type reasoning, the :meta rule CANCEL_PLUS-LESSP-CORRECT, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER, to Subgoal *1/4.2' (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (LEXORDER X1 (CAR X2))) (< (+ 1 (CC (FILTER '>>= (CDR X2) X1))) (+ 2 (CC X1) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/4.1 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (NOT (LEXORDER X1 (CAR X2)))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/3 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2))))) (< (CC (FILTER '>>= X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using the :definitions <<=, CC, FILTER, REL and SYNP, the :executable-counterparts of BINARY-+ and EQUAL and the :rewrite rules COMMUTATIVITY-2-OF-+ and FOLD-CONSTS-IN-+, to the following two conjectures. Subgoal *1/3.2 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (LEXORDER X1 (CAR X2))) (< (CC (CONS (CAR X2) (FILTER '>>= (CDR X2) X1))) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC and FIX, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS and UNICITY-OF-0 and the :type-prescription rules CC and FILTER, to Subgoal *1/3.2' (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (LEXORDER X1 (CAR X2))) (< (+ 1 (CC (FILTER '>>= (CDR X2) X1))) (+ 2 (CC X1) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/3.1 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 1 (CC X1) (CC (CDR X2)))) (NOT (LEXORDER X1 (CAR X2)))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). But simplification reduces this to T, using linear arithmetic, primitive type reasoning and the :type-prescription rule CC. Subgoal *1/2 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2)))) (< (CC (FILTER '>>= X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using the :definitions <<=, CC, FILTER, REL and SYNP, the :executable-counterparts of BINARY-+ and EQUAL and the :rewrite rules COMMUTATIVITY-2-OF-+ and FOLD-CONSTS-IN-+, to the following two conjectures. Subgoal *1/2.2 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (LEXORDER X1 (CAR X2))) (< (CC (CONS (CAR X2) (FILTER '>>= (CDR X2) X1))) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterpart of CC, primitive type reasoning, the :meta rule CANCEL_- PLUS-LESSP-CORRECT, the :rewrite rules CAR-CONS, CDR-CONS, COMMUTATIVITY- OF-+ and UNICITY-OF-0 and the :type-prescription rule CC, to Subgoal *1/2.2' (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (LEXORDER X1 (CAR X2))) (< 1 (+ 2 (CC X1)))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/2.1 (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (NOT (LEXORDER X1 (CAR X2)))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterpart of CC, the :rewrite rules COMMUTATIVITY-OF-+ and UNICITY- OF-0 and the :type-prescription rule CC, to Subgoal *1/2.1' (IMPLIES (AND (CONSP X2) (< (CC (FILTER '>>= (CAR X2) X1)) (+ 1 (CC X1) (CC (CAR X2)))) (NOT (CONSP (CDR X2))) (NOT (LEXORDER X1 (CAR X2)))) (< 0 (+ 2 (CC X1) (CC (CAR X2))))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. Subgoal *1/1 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2)))) (< (CC (FILTER '>>= X2 X1)) (+ 1 (CC X1) (CC X2)))). This simplifies, using the :definitions <<=, CC, FILTER, REL and SYNP, the :executable-counterparts of BINARY-+ and EQUAL and the :rewrite rules COMMUTATIVITY-2-OF-+ and FOLD-CONSTS-IN-+, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (LEXORDER X1 (CAR X2))) (< (CC (CONS (CAR X2) (FILTER '>>= (CDR X2) X1))) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterparts of BINARY-+ and CC, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, COMMUTATIVITY-OF-+ and UNICITY-OF-0 and the :type-prescription rule CC, to Subgoal *1/1.2' (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (LEXORDER X1 (CAR X2))) (< 1 (+ 2 (CC X1)))). But simplification reduces this to T, using linear arithmetic and the :type-prescription rule CC. Subgoal *1/1.1 (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (NOT (LEXORDER X1 (CAR X2)))) (< (CC (FILTER '>>= (CDR X2) X1)) (+ 2 (CC X1) (CC (CAR X2)) (CC (CDR X2))))). This simplifies, using the :definitions CC, FILTER and FIX, the :executable- counterparts of BINARY-+ and CC, the :rewrite rules COMMUTATIVITY-OF- + and UNICITY-OF-0 and the :type-prescription rule CC, to Subgoal *1/1.1' (IMPLIES (AND (CONSP X2) (NOT (CONSP (CAR X2))) (NOT (CONSP (CDR X2))) (NOT (LEXORDER X1 (CAR X2)))) (< 0 (+ 2 (CC X1)))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule CC. That completes the proof of *1. Q.E.D. That completes the proof of the measure theorem for QSORT. Thus, we admit this function under the principle of definition. We observe that the type of QSORT is described by the theorem (OR (CONSP (QSORT X)) (EQUAL (QSORT X) NIL)). We used primitive type reasoning and the :type-prescription rule APP. Summary Form: ( DEFUN QSORT ...) Rules: ((:COMPOUND-RECOGNIZER NATP-CR) (:COMPOUND-RECOGNIZER O-FINP-CR) (:DEFINITION <<=) (:DEFINITION CC) (:DEFINITION ENDP) (:DEFINITION FILTER) (:DEFINITION FIX) (:DEFINITION O<) (:DEFINITION REL) (:DEFINITION SYNP) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CC) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION CC) (:INDUCTION FILTER) (:META CANCEL_PLUS-LESSP-CORRECT) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE COMMUTATIVITY-2-OF-+) (:REWRITE COMMUTATIVITY-OF-+) (:REWRITE FOLD-CONSTS-IN-+) (:REWRITE O-P-DEF-O-FINP-1) (:REWRITE UNICITY-OF-0) (:TYPE-PRESCRIPTION APP) (:TYPE-PRESCRIPTION CC) (:TYPE-PRESCRIPTION FILTER)) Warnings: None Time: 1.22 seconds (prove: 0.67, print: 0.53, other: 0.02) QSORT ACL2 >>(THEOREM PROBLEM-111B (AND (BOOLEANP (PERM X Y)) (PERM X X) (IMPLIES (PERM X Y) (PERM Y X)) (IMPLIES (AND (PERM X Y) (PERM Y Z)) (PERM X Z))) :HINTS (("Goal" :IN-THEORY (ENABLE PROBLEM-53 PROBLEM-54 PROBLEM-55))) :RULE-CLASSES (:EQUIVALENCE)) ACL2 Warning [Equiv] in ( DEFTHM PROBLEM-111B ...): Any lemma about (PERM X Y), proved before PERM is marked as an equivalence relation, is stored so as to rewrite (PERM X Y) to T. After PERM is known to be an equivalence relation, such a rule would rewrite the left-hand side to the right-hand side, preserving PERM. You have previously proved three possibly problematic rules about PERM, namely PROBLEM- 59, PROBLEM-59A and PROBLEM-55E. After PERM is marked as an equivalence relation you should reconsider each problematic rule. If the rule is merely in support of establishing that PERM is an equivalence relation, it may be appropriate to disable it permanently hereafter. If the rule is now intended to rewrite left to right, you must prove the lemma again after PERM is known to be an equivalence relation. [Note: A hint was supplied for our processing of the goal above. Thanks!] By the simple :rewrite rule PROBLEM-53 we reduce the conjecture to the following three conjectures. Subgoal 3 (BOOLEANP (PERM X Y)). But we reduce the conjecture to T, by the :compound-recognizer rule BOOLEANP-COMPOUND-RECOGNIZER and the :type-prescription rule PERM. Subgoal 2 (IMPLIES (PERM X Y) (PERM Y X)). But simplification reduces this to T, using the :rewrite rule PROBLEM- 54 and the :type-prescription rule PERM. Subgoal 1 (IMPLIES (AND (PERM X Y) (PERM Y Z)) (PERM X Z)). But simplification reduces this to T, using the :rewrite rule PROBLEM- 55 and the :type-prescription rule PERM. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111B ...) Rules: ((:COMPOUND-RECOGNIZER BOOLEANP-COMPOUND-RECOGNIZER) (:REWRITE PROBLEM-53) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-55) (:TYPE-PRESCRIPTION PERM)) Warnings: Equiv Time: 0.05 seconds (prove: 0.02, print: 0.01, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.04 seconds (prove: 0.00, print: 0.00, other: 0.04) PROBLEM-111B ACL2 >>(THEOREM PROBLEM-111C (IMPLIES (NOT (REL FN D E)) (EQUAL (FILTER FN (RM D Y) E) (FILTER FN Y E))) :HINTS (("Goal" :INDUCT (FILTER FN Y E)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (FILTER FN Y E). This suggestion was produced using the :induction rule FILTER. If we let (:P D E FN Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP Y)) (NOT (REL FN (CAR Y) E)) (:P D E FN (CDR Y))) (:P D E FN Y)) (IMPLIES (AND (NOT (ENDP Y)) (REL FN (CAR Y) E) (:P D E FN (CDR Y))) (:P D E FN Y)) (IMPLIES (ENDP Y) (:P D E FN Y))). This induction is justified by the same argument used to admit FILTER, namely, the measure (ACL2-COUNT Y) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (AND (NOT (ENDP Y)) (NOT (REL FN (CAR Y) E)) (IMPLIES (NOT (REL FN D E)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)))) (IMPLIES (NOT (REL FN D E)) (EQUAL (FILTER FN (RM D Y) E) (FILTER FN Y E)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (CONSP Y) (NOT (REL FN (CAR Y) E)) (IMPLIES (NOT (REL FN D E)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E))) (NOT (REL FN D E))) (EQUAL (FILTER FN (RM D Y) E) (FILTER FN Y E))). This simplifies, using the :definitions <<=, FILTER, NOT, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type- prescription rule LEXORDER, to the following 18 conjectures. Subgoal *1/3.18 (IMPLIES (AND (CONSP Y) (LEXORDER (CAR Y) E) (EQUAL (CAR Y) E) (NOT (LEXORDER D E)) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E)) (EQUAL FN '<<) (EQUAL D E)) (EQUAL (FILTER '<< (CDR Y) E) (FILTER '<< Y E))). But simplification reduces this to T, using trivial observations. Subgoal *1/3.17 (IMPLIES (AND (CONSP Y) (LEXORDER (CAR Y) E) (EQUAL (CAR Y) E) (NOT (LEXORDER D E)) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E)) (EQUAL FN '<<) (NOT (EQUAL D E))) (EQUAL (FILTER '<< (CONS E (RM D (CDR Y))) E) (FILTER '<< Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and LEXORDER-REFLEXIVE. Subgoal *1/3.16 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (LEXORDER (CAR Y) E) (EQUAL (CAR Y) E) (NOT (LEXORDER D E)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (LEXORDER E D)) (NOT (EQUAL D E))) (EQUAL (FILTER FN (CONS E (RM D (CDR Y))) E) (FILTER FN (CDR Y) E))). But simplification reduces this to T, using primitive type reasoning and the :forward-chaining rule LEXORDER-TOTAL. Subgoal *1/3.15 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (LEXORDER (CAR Y) E) (EQUAL (CAR Y) E) (NOT (EQUAL FN '<<)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (LEXORDER E D)) (NOT (EQUAL D E))) (EQUAL (FILTER FN (CONS E (RM D (CDR Y))) E) (FILTER FN (CDR Y) E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and LEXORDER-REFLEXIVE. Subgoal *1/3.14 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<=) (NOT (LEXORDER (CAR Y) E)) (EQUAL (FILTER '<<= (RM D (CDR Y)) E) (FILTER '<<= (CDR Y) E)) (NOT (LEXORDER D E)) (EQUAL D (CAR Y))) (EQUAL (FILTER '<<= (CDR Y) E) (FILTER '<<= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL and primitive type reasoning. Subgoal *1/3.13 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<=) (NOT (LEXORDER (CAR Y) E)) (EQUAL (FILTER '<<= (RM D (CDR Y)) E) (FILTER '<<= (CDR Y) E)) (NOT (LEXORDER D E)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '<<= (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER '<<= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.12 (IMPLIES (AND (CONSP Y) (NOT (LEXORDER E (CAR Y))) (EQUAL FN '>>=) (EQUAL (FILTER '>>= (RM D (CDR Y)) E) (FILTER '>>= (CDR Y) E)) (NOT (LEXORDER E D)) (EQUAL D (CAR Y))) (EQUAL (FILTER '>>= (CDR Y) E) (FILTER '>>= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL and primitive type reasoning. Subgoal *1/3.11 (IMPLIES (AND (CONSP Y) (NOT (LEXORDER E (CAR Y))) (EQUAL FN '>>=) (EQUAL (FILTER '>>= (RM D (CDR Y)) E) (FILTER '>>= (CDR Y) E)) (NOT (LEXORDER E D)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '>>= (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER '>>= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.10 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR Y))) (EQUAL D E) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL D (CAR Y))) (LEXORDER D (CAR Y))) (EQUAL (FILTER FN (CONS (CAR Y) (RM D (CDR Y))) D) (CONS (CAR Y) (FILTER FN (CDR Y) D)))). But simplification reduces this to T, using trivial observations. Subgoal *1/3.9 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR Y))) (EQUAL D E) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL D (CAR Y))) (NOT (LEXORDER D (CAR Y)))) (EQUAL (FILTER FN (CONS (CAR Y) (RM D (CDR Y))) D) (FILTER FN (CDR Y) D))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.8 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR Y))) (NOT (LEXORDER E D)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER FN (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER FN (CDR Y) E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.7 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (EQUAL (CAR Y) E) (NOT (LEXORDER E D)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (EQUAL D E))) (EQUAL (FILTER FN (CONS E (RM D (CDR Y))) E) (FILTER FN (CDR Y) E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and LEXORDER-REFLEXIVE. Subgoal *1/3.6 (IMPLIES (AND (CONSP Y) (EQUAL FN '>>=) (NOT (LEXORDER E (CAR Y))) (EQUAL (FILTER '>>= (RM D (CDR Y)) E) (FILTER '>>= (CDR Y) E)) (NOT (LEXORDER E D)) (EQUAL D (CAR Y))) (EQUAL (FILTER '>>= (CDR Y) E) (FILTER '>>= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL and primitive type reasoning. Subgoal *1/3.5 (IMPLIES (AND (CONSP Y) (EQUAL FN '>>=) (NOT (LEXORDER E (CAR Y))) (EQUAL (FILTER '>>= (RM D (CDR Y)) E) (FILTER '>>= (CDR Y) E)) (NOT (LEXORDER E D)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '>>= (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER '>>= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.4 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<) (NOT (LEXORDER (CAR Y) E)) (NOT (LEXORDER D E)) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E)) (EQUAL D (CAR Y))) (EQUAL (FILTER '<< (CDR Y) E) (FILTER '<< Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL and primitive type reasoning. Subgoal *1/3.3 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<) (NOT (LEXORDER (CAR Y) E)) (NOT (LEXORDER D E)) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '<< (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER '<< Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.2 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<) (NOT (LEXORDER (CAR Y) E)) (EQUAL D E) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E)) (EQUAL D (CAR Y))) (EQUAL (FILTER '<< (CDR Y) D) (FILTER '<< Y D))). But simplification reduces this to T, using primitive type reasoning and the :forward-chaining rule LEXORDER-TOTAL. Subgoal *1/3.1 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<) (NOT (LEXORDER (CAR Y) E)) (EQUAL D E) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '<< (CONS (CAR Y) (RM D (CDR Y))) D) (FILTER '<< Y D))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/2 (IMPLIES (AND (NOT (ENDP Y)) (REL FN (CAR Y) E) (IMPLIES (NOT (REL FN D E)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)))) (IMPLIES (NOT (REL FN D E)) (EQUAL (FILTER FN (RM D Y) E) (FILTER FN Y E)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP Y) (REL FN (CAR Y) E) (IMPLIES (NOT (REL FN D E)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E))) (NOT (REL FN D E))) (EQUAL (FILTER FN (RM D Y) E) (FILTER FN Y E))). This simplifies, using the :definitions <<=, FILTER, NOT, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rule LEXORDER, to the following thirteen conjectures. Subgoal *1/2.13 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<=) (LEXORDER (CAR Y) E) (EQUAL (FILTER '<<= (RM D (CDR Y)) E) (FILTER '<<= (CDR Y) E)) (NOT (LEXORDER D E)) (EQUAL D (CAR Y))) (EQUAL (FILTER '<<= (CDR Y) E) (FILTER '<<= Y E))). But simplification reduces this to T, using trivial observations. Subgoal *1/2.12 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<=) (LEXORDER (CAR Y) E) (EQUAL (FILTER '<<= (RM D (CDR Y)) E) (FILTER '<<= (CDR Y) E)) (NOT (LEXORDER D E)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '<<= (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER '<<= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/2.11 (IMPLIES (AND (CONSP Y) (EQUAL FN '>>=) (LEXORDER E (CAR Y)) (EQUAL (FILTER '>>= (RM D (CDR Y)) E) (FILTER '>>= (CDR Y) E)) (NOT (LEXORDER E D)) (EQUAL D (CAR Y))) (EQUAL (FILTER '>>= (CDR Y) E) (FILTER '>>= Y E))). But simplification reduces this to T, using trivial observations. Subgoal *1/2.10 (IMPLIES (AND (CONSP Y) (EQUAL FN '>>=) (LEXORDER E (CAR Y)) (EQUAL (FILTER '>>= (RM D (CDR Y)) E) (FILTER '>>= (CDR Y) E)) (NOT (LEXORDER E D)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '>>= (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER '>>= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/2.9 (IMPLIES (AND (CONSP Y) (LEXORDER E (CAR Y)) (NOT (EQUAL (CAR Y) E)) (EQUAL FN '>>=) (EQUAL (FILTER '>>= (RM D (CDR Y)) E) (FILTER '>>= (CDR Y) E)) (NOT (LEXORDER E D)) (EQUAL D (CAR Y))) (EQUAL (FILTER '>>= (CDR Y) E) (FILTER '>>= Y E))). But simplification reduces this to T, using trivial observations. Subgoal *1/2.8 (IMPLIES (AND (CONSP Y) (LEXORDER E (CAR Y)) (NOT (EQUAL (CAR Y) E)) (EQUAL FN '>>=) (EQUAL (FILTER '>>= (RM D (CDR Y)) E) (FILTER '>>= (CDR Y) E)) (NOT (LEXORDER E D)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '>>= (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER '>>= Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/2.7 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR Y)) (NOT (EQUAL (CAR Y) E)) (EQUAL D E) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (EQUAL FN '>>=)) (LEXORDER D (CAR Y))) (EQUAL (CONS (CAR Y) (FILTER FN (RM D (CDR Y)) D)) (CONS (CAR Y) (FILTER FN (CDR Y) D)))). But simplification reduces this to T, using primitive type reasoning. Subgoal *1/2.6 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR Y)) (NOT (EQUAL (CAR Y) E)) (EQUAL D E) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (EQUAL FN '>>=)) (NOT (LEXORDER D (CAR Y)))) (EQUAL (FILTER FN (RM D (CDR Y)) D) (FILTER FN (CDR Y) D))). But simplification reduces this to T, using trivial observations. Subgoal *1/2.5 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR Y)) (NOT (EQUAL (CAR Y) E)) (NOT (LEXORDER E D)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (EQUAL D (CAR Y))) (EQUAL (FILTER FN (CDR Y) E) (CONS (CAR Y) (FILTER FN (CDR Y) E)))). But simplification reduces this to T, using trivial observations. Subgoal *1/2.4 (IMPLIES (AND (CONSP Y) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR Y)) (NOT (EQUAL (CAR Y) E)) (NOT (LEXORDER E D)) (EQUAL (FILTER FN (RM D (CDR Y)) E) (FILTER FN (CDR Y) E)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER FN (CONS (CAR Y) (RM D (CDR Y))) E) (CONS (CAR Y) (FILTER FN (CDR Y) E)))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR- CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/2.3 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<) (LEXORDER (CAR Y) E) (NOT (EQUAL (CAR Y) E)) (NOT (LEXORDER D E)) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E)) (EQUAL D (CAR Y))) (EQUAL (FILTER '<< (CDR Y) E) (FILTER '<< Y E))). But simplification reduces this to T, using trivial observations. Subgoal *1/2.2 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<) (LEXORDER (CAR Y) E) (NOT (EQUAL (CAR Y) E)) (NOT (LEXORDER D E)) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E)) (NOT (EQUAL D (CAR Y)))) (EQUAL (FILTER '<< (CONS (CAR Y) (RM D (CDR Y))) E) (FILTER '<< Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/2.1 (IMPLIES (AND (CONSP Y) (EQUAL FN '<<) (LEXORDER (CAR Y) E) (NOT (EQUAL (CAR Y) E)) (EQUAL D E) (EQUAL (FILTER '<< (RM D (CDR Y)) E) (FILTER '<< (CDR Y) E))) (EQUAL (CONS (CAR Y) (FILTER '<< (RM D (CDR Y)) D)) (FILTER '<< Y D))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/1 (IMPLIES (ENDP Y) (IMPLIES (NOT (REL FN D E)) (EQUAL (FILTER FN (RM D Y) E) (FILTER FN Y E)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (NOT (CONSP Y)) (NOT (REL FN D E))) (EQUAL (FILTER FN (RM D Y) E) (FILTER FN Y E))). But simplification reduces this to T, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111C ...) Rules: ((:DEFINITION <<=) (:DEFINITION ENDP) (:DEFINITION FILTER) (:DEFINITION NOT) (:DEFINITION REL) (:DEFINITION RM) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING LEXORDER-TOTAL) (:INDUCTION FILTER) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:TYPE-PRESCRIPTION LEXORDER)) Warnings: None Time: 0.74 seconds (prove: 0.33, print: 0.41, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) PROBLEM-111C ACL2 >>(THEOREM PROBLEM-111D (EQUAL (MEM D (FILTER FN X E)) (AND (MEM D X) (REL FN D E))) :HINTS (("Goal" :INDUCT (LEN X) :IN-THEORY (ENABLE PROBLEM-48 PROBLEM-49A)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (LEN X). This suggestion was produced using the :induction rule LEN. If we let (:P D E FN X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P D E FN X)) (IMPLIES (AND (CONSP X) (:P D E FN (CDR X))) (:P D E FN X))). This induction is justified by the same argument used to admit LEN, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (EQUAL (MEM D (FILTER FN X E)) (AND (MEM D X) (REL FN D E)))). But simplification reduces this to T, using the :definitions FILTER and MEM and the :executable-counterparts of CONSP and EQUAL. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL (MEM D (FILTER FN (CDR X) E)) (AND (MEM D (CDR X)) (REL FN D E)))) (EQUAL (MEM D (FILTER FN X E)) (AND (MEM D X) (REL FN D E)))). This simplifies, using the :definitions <<=, FILTER, MEM and REL, the :executable-counterparts of EQUAL and NOT, primitive type reasoning, the :rewrite rules LEXORDER-REFLEXIVE, LEXORDER-TRANSITIVE, PROBLEM- 48 and PROBLEM-49A and the :type-prescription rules LEXORDER and MEM, to the following 29 conjectures. Subgoal *1/1.29 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<<= (CDR X) E)) NIL) (EQUAL FN '<<=) (LEXORDER (CAR X) E) (EQUAL D (CAR X))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<<= (CDR X) E))) (LEXORDER D E))). By case analysis we reduce the conjecture to Subgoal *1/1.29' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<<= (CDR X) E))) (EQUAL FN '<<=) (LEXORDER (CAR X) E) (EQUAL D (CAR X))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<<= (CDR X) E))) (LEXORDER D E))). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/1.28 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<<= (CDR X) E)) NIL) (EQUAL FN '<<=) (LEXORDER (CAR X) E) (NOT (EQUAL D (CAR X)))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<<= (CDR X) E))) NIL)). By case analysis we reduce the conjecture to Subgoal *1/1.28' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<<= (CDR X) E))) (EQUAL FN '<<=) (LEXORDER (CAR X) E) (NOT (EQUAL D (CAR X)))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<<= (CDR X) E))) NIL)). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.27 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<<= (CDR X) E)) NIL) (EQUAL FN '<<=) (NOT (LEXORDER (CAR X) E)) (EQUAL D (CAR X))) (EQUAL NIL (LEXORDER D E))). By case analysis we reduce the conjecture to Subgoal *1/1.27' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<<= (CDR X) E))) (EQUAL FN '<<=) (NOT (LEXORDER (CAR X) E)) (EQUAL D (CAR X))) (EQUAL NIL (LEXORDER D E))). But simplification reduces this to T, using primitive type reasoning. Subgoal *1/1.26 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL) (EQUAL FN '<<) (NOT (LEXORDER (CAR X) E)) (EQUAL D (CAR X)) (LEXORDER D E)) (EQUAL D E)). By case analysis we reduce the conjecture to Subgoal *1/1.26' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<< (CDR X) E))) (EQUAL FN '<<) (NOT (LEXORDER (CAR X) E)) (EQUAL D (CAR X)) (LEXORDER D E)) (EQUAL D E)). But simplification reduces this to T, using trivial observations. Subgoal *1/1.25 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (EQUAL D (CAR X)) (LEXORDER D E) (NOT (EQUAL D E))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))) T)). By case analysis we reduce the conjecture to Subgoal *1/1.25' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<< (CDR X) E))) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (EQUAL D (CAR X)) (LEXORDER D E) (NOT (EQUAL D E))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))) T)). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rule CAR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.24 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (EQUAL D E)) (EQUAL (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))) NIL)). By case analysis we reduce the conjecture to Subgoal *1/1.24' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<< (CDR X) E))) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (EQUAL D E)) (EQUAL (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))) NIL)). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.23 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (NOT (LEXORDER D E))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))) NIL)). By case analysis we reduce the conjecture to Subgoal *1/1.23' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<< (CDR X) E))) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (NOT (LEXORDER D E))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))) NIL)). This simplifies, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER, to Subgoal *1/1.23'' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<< (CDR X) E))) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (NOT (LEXORDER D E))) (NOT (EQUAL D (CAR X)))). But simplification reduces this to T, using trivial observations. Subgoal *1/1.22 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '>>= (CDR X) E)) NIL) (EQUAL FN '>>=) (LEXORDER E (CAR X)) (EQUAL D (CAR X))) (EQUAL (MEM D (CONS (CAR X) (FILTER '>>= (CDR X) E))) (LEXORDER E D))). By case analysis we reduce the conjecture to Subgoal *1/1.22' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '>>= (CDR X) E))) (EQUAL FN '>>=) (LEXORDER E (CAR X)) (EQUAL D (CAR X))) (EQUAL (MEM D (CONS (CAR X) (FILTER '>>= (CDR X) E))) (LEXORDER E D))). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/1.21 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '>>= (CDR X) E)) NIL) (EQUAL FN '>>=) (NOT (LEXORDER E (CAR X))) (EQUAL D (CAR X))) (EQUAL NIL (LEXORDER E D))). By case analysis we reduce the conjecture to Subgoal *1/1.21' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '>>= (CDR X) E))) (EQUAL FN '>>=) (NOT (LEXORDER E (CAR X))) (EQUAL D (CAR X))) (EQUAL NIL (LEXORDER E D))). But simplification reduces this to T, using primitive type reasoning. Subgoal *1/1.20 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '>>= (CDR X) E)) NIL) (EQUAL FN '>>=) (LEXORDER E (CAR X)) (NOT (EQUAL D (CAR X)))) (EQUAL (MEM D (CONS (CAR X) (FILTER '>>= (CDR X) E))) NIL)). By case analysis we reduce the conjecture to Subgoal *1/1.20' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '>>= (CDR X) E))) (EQUAL FN '>>=) (LEXORDER E (CAR X)) (NOT (EQUAL D (CAR X)))) (EQUAL (MEM D (CONS (CAR X) (FILTER '>>= (CDR X) E))) NIL)). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.19 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR X))) (EQUAL D (CAR X)) (LEXORDER E D)) (EQUAL D E)). By case analysis we reduce the conjecture to Subgoal *1/1.19' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR X))) (EQUAL D (CAR X)) (LEXORDER E D)) (EQUAL D E)). But simplification reduces this to T, using trivial observations. Subgoal *1/1.18 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (EQUAL D (CAR X)) (LEXORDER E D) (NOT (EQUAL D E))) (EQUAL (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))) T)). By case analysis we reduce the conjecture to Subgoal *1/1.18' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (EQUAL D (CAR X)) (LEXORDER E D) (NOT (EQUAL D E))) (EQUAL (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))) T)). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rule CAR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.17 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (NOT (LEXORDER E D))) (EQUAL (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))) NIL)). By case analysis we reduce the conjecture to Subgoal *1/1.17' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (NOT (LEXORDER E D))) (EQUAL (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))) NIL)). This simplifies, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER, to Subgoal *1/1.17'' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (NOT (LEXORDER E D))) (NOT (EQUAL D (CAR X)))). But simplification reduces this to T, using trivial observations. Subgoal *1/1.16 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (EQUAL D E)) (EQUAL (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))) NIL)). By case analysis we reduce the conjecture to Subgoal *1/1.16' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (EQUAL D E)) (EQUAL (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))) NIL)). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.15 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (EQUAL (CAR X) E) (EQUAL D (CAR X)) (LEXORDER E D)) (EQUAL D E)). By case analysis we reduce the conjecture to Subgoal *1/1.15' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (EQUAL (CAR X) E) (EQUAL D (CAR X)) (LEXORDER E D)) (EQUAL D E)). But we reduce the conjecture to T, by primitive type reasoning. Subgoal *1/1.14 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL) (EQUAL FN '<<) (EQUAL (CAR X) E) (EQUAL D (CAR X)) (LEXORDER D E)) (EQUAL D E)). By case analysis we reduce the conjecture to Subgoal *1/1.14' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<< (CDR X) E))) (EQUAL FN '<<) (EQUAL (CAR X) E) (EQUAL D (CAR X)) (LEXORDER D E)) (EQUAL D E)). But we reduce the conjecture to T, by primitive type reasoning. Subgoal *1/1.13 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (NOT (EQUAL D (CAR X)))) (EQUAL (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))) NIL)). By case analysis we reduce the conjecture to Subgoal *1/1.13' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (NOT (EQUAL D (CAR X)))) (EQUAL (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))) NIL)). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.12 (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (NOT (EQUAL D (CAR X)))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))) NIL)). By case analysis we reduce the conjecture to Subgoal *1/1.12' (IMPLIES (AND (CONSP X) (NOT (MEM D (CDR X))) (NOT (MEM D (FILTER '<< (CDR X) E))) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (NOT (EQUAL D (CAR X)))) (EQUAL (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))) NIL)). But simplification reduces this to T, using the :definition MEM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER. Subgoal *1/1.11 (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (EQUAL FN '<<=) (EQUAL (MEM D (FILTER '<<= (CDR X) E)) (LEXORDER D E))) (EQUAL (MEM D (FILTER '<<= X E)) (LEXORDER D E))). This simplifies, using the :definitions <<=, FILTER and REL and the :executable-counterpart of EQUAL, to Subgoal *1/1.11' (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (EQUAL (MEM D (FILTER '<<= (CDR X) E)) (LEXORDER D E)) (LEXORDER (CAR X) E)) (EQUAL (MEM D (CONS (CAR X) (FILTER '<<= (CDR X) E))) (LEXORDER D E))). This simplifies, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER, to Subgoal *1/1.11'' (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (EQUAL (MEM D (FILTER '<<= (CDR X) E)) (LEXORDER D E)) (LEXORDER (CAR X) E) (EQUAL D (CAR X))) (EQUAL T (LEXORDER D E))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule LEXORDER. Subgoal *1/1.10 (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (EQUAL FN '>>=) (EQUAL (MEM D (FILTER '>>= (CDR X) E)) (LEXORDER E D))) (EQUAL (MEM D (FILTER '>>= X E)) (LEXORDER E D))). This simplifies, using the :definitions <<=, FILTER and REL and the :executable-counterpart of EQUAL, to Subgoal *1/1.10' (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (EQUAL (MEM D (FILTER '>>= (CDR X) E)) (LEXORDER E D)) (LEXORDER E (CAR X))) (EQUAL (MEM D (CONS (CAR X) (FILTER '>>= (CDR X) E))) (LEXORDER E D))). This simplifies, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER, to Subgoal *1/1.10'' (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (EQUAL (MEM D (FILTER '>>= (CDR X) E)) (LEXORDER E D)) (LEXORDER E (CAR X)) (EQUAL D (CAR X))) (EQUAL T (LEXORDER E D))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule LEXORDER. Subgoal *1/1.9 (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (EQUAL FN '<<) (LEXORDER D E) (NOT (EQUAL D E)) (EQUAL (MEM D (FILTER '<< (CDR X) E)) T)) (MEM D (FILTER '<< X E))). This simplifies, using the :definitions <<=, FILTER and REL, the :executable- counterpart of EQUAL, primitive type reasoning and the :type-prescription rule MEM, to Subgoal *1/1.9' (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (LEXORDER D E) (NOT (EQUAL D E)) (MEM D (FILTER '<< (CDR X) E)) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E))) (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E)))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-48 and PROBLEM-49A and the :type-prescription rules FILTER and MEM. Subgoal *1/1.8 (IMPLIES (AND (CONSP X) (MEM D (CDR X)) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (LEXORDER E D) (NOT (EQUAL D E)) (EQUAL (MEM D (FILTER FN (CDR X) E)) T) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E))) (MEM D (CONS (CAR X) (FILTER FN (CDR X) E)))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-48 and PROBLEM-49A and the :type-prescription rules FILTER and MEM. Subgoal *1/1.7 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (EQUAL D E) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (EQUAL (CAR X) D)) (NOT (MEM D (FILTER FN (CDR X) D)))). By case analysis we reduce the conjecture to Subgoal *1/1.7' (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (EQUAL D E) (NOT (MEM D (FILTER FN (CDR X) E))) (EQUAL (CAR X) D)) (NOT (MEM D (FILTER FN (CDR X) D)))). But simplification reduces this to T, using trivial observations. Subgoal *1/1.6 (IMPLIES (AND (CONSP X) (EQUAL D E) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL) (EQUAL FN '<<) (LEXORDER (CAR X) D) (NOT (EQUAL (CAR X) D))) (NOT (MEM D (CONS (CAR X) (FILTER '<< (CDR X) D))))). By case analysis we reduce the conjecture to Subgoal *1/1.6' (IMPLIES (AND (CONSP X) (EQUAL D E) (NOT (MEM D (FILTER '<< (CDR X) E))) (EQUAL FN '<<) (LEXORDER (CAR X) D) (NOT (EQUAL (CAR X) D))) (NOT (MEM D (CONS (CAR X) (FILTER '<< (CDR X) D))))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type- prescription rule FILTER. Subgoal *1/1.5 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (EQUAL D E) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (NOT (EQUAL FN '<<)) (LEXORDER D (CAR X)) (NOT (EQUAL (CAR X) D))) (NOT (MEM D (CONS (CAR X) (FILTER FN (CDR X) D))))). By case analysis we reduce the conjecture to Subgoal *1/1.5' (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (EQUAL D E) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<)) (LEXORDER D (CAR X)) (NOT (EQUAL (CAR X) D))) (NOT (MEM D (CONS (CAR X) (FILTER FN (CDR X) D))))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type- prescription rule FILTER. Subgoal *1/1.4 (IMPLIES (AND (CONSP X) (EQUAL D E) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL) (EQUAL FN '<<) (NOT (LEXORDER (CAR X) D))) (NOT (MEM D (FILTER '<< (CDR X) D)))). By case analysis we reduce the conjecture to Subgoal *1/1.4' (IMPLIES (AND (CONSP X) (EQUAL D E) (NOT (MEM D (FILTER '<< (CDR X) E))) (EQUAL FN '<<) (NOT (LEXORDER (CAR X) D))) (NOT (MEM D (FILTER '<< (CDR X) D)))). But simplification reduces this to T, using trivial observations. Subgoal *1/1.3 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (EQUAL D E) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (NOT (EQUAL FN '<<)) (NOT (LEXORDER D (CAR X)))) (NOT (MEM D (FILTER FN (CDR X) D)))). By case analysis we reduce the conjecture to Subgoal *1/1.3' (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (EQUAL D E) (NOT (MEM D (FILTER FN (CDR X) E))) (NOT (EQUAL FN '<<)) (NOT (LEXORDER D (CAR X)))) (NOT (MEM D (FILTER FN (CDR X) D)))). But simplification reduces this to T, using trivial observations. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (EQUAL FN '<<) (NOT (LEXORDER D E)) (EQUAL (MEM D (FILTER '<< (CDR X) E)) NIL)) (NOT (MEM D (FILTER '<< X E)))). By case analysis we reduce the conjecture to Subgoal *1/1.2' (IMPLIES (AND (CONSP X) (EQUAL FN '<<) (NOT (LEXORDER D E)) (NOT (MEM D (FILTER '<< (CDR X) E)))) (NOT (MEM D (FILTER '<< X E)))). This simplifies, using the :definitions <<=, FILTER and REL and the :executable-counterpart of EQUAL, to Subgoal *1/1.2'' (IMPLIES (AND (CONSP X) (NOT (LEXORDER D E)) (NOT (MEM D (FILTER '<< (CDR X) E))) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E))) (NOT (MEM D (CONS (CAR X) (FILTER '<< (CDR X) E))))). This simplifies, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER, to Subgoal *1/1.2''' (IMPLIES (AND (CONSP X) (NOT (LEXORDER D E)) (NOT (MEM D (FILTER '<< (CDR X) E))) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E))) (NOT (EQUAL D (CAR X)))). But simplification reduces this to T, using trivial observations. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E D)) (EQUAL (MEM D (FILTER FN (CDR X) E)) NIL) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E))) (NOT (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))))). By case analysis we reduce the conjecture to Subgoal *1/1.1' (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E D)) (NOT (MEM D (FILTER FN (CDR X) E))) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E))) (NOT (MEM D (CONS (CAR X) (FILTER FN (CDR X) E))))). This simplifies, using the :definition MEM, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule FILTER, to Subgoal *1/1.1'' (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E D)) (NOT (MEM D (FILTER FN (CDR X) E))) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E))) (NOT (EQUAL D (CAR X)))). But simplification reduces this to T, using trivial observations. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111D ...) Rules: ((:DEFINITION <<=) (:DEFINITION FILTER) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REL) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION LEN) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:REWRITE PROBLEM-48) (:REWRITE PROBLEM-49A) (:TYPE-PRESCRIPTION FILTER) (:TYPE-PRESCRIPTION LEXORDER) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.97 seconds (prove: 0.39, print: 0.57, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-111D ACL2 >>(THEOREM PROBLEM-111E (IMPLIES (NOT (MEM D X)) (EQUAL (RM D X) X)) :HINTS (("Goal" :INDUCT (RM D X)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (RM D X). This suggestion was produced using the :induction rule RM. If we let (:P D X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P D X)) (IMPLIES (AND (CONSP X) (NOT (EQUAL D (CAR X))) (:P D (CDR X))) (:P D X)) (IMPLIES (AND (CONSP X) (EQUAL D (CAR X))) (:P D X))). This induction is justified by the same argument used to admit RM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (NOT (MEM D X)) (EQUAL (RM D X) X))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (NOT (MEM D X))) (EQUAL (RM D X) X)). But simplification reduces this to T, using the :definitions MEM and RM and primitive type reasoning. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (EQUAL D (CAR X))) (IMPLIES (NOT (MEM D (CDR X))) (EQUAL (RM D (CDR X)) (CDR X)))) (IMPLIES (NOT (MEM D X)) (EQUAL (RM D X) X))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (EQUAL D (CAR X))) (IMPLIES (NOT (MEM D (CDR X))) (EQUAL (RM D (CDR X)) (CDR X))) (NOT (MEM D X))) (EQUAL (RM D X) X)). But simplification reduces this to T, using the :definitions MEM, NOT and RM, primitive type reasoning, the :rewrite rule CAR-CDR-ELIM and the :type-prescription rule MEM. Subgoal *1/1 (IMPLIES (AND (CONSP X) (EQUAL D (CAR X))) (IMPLIES (NOT (MEM D X)) (EQUAL (RM D X) X))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (EQUAL D (CAR X)) (NOT (MEM D X))) (EQUAL (RM D X) X)). But simplification reduces this to T, using the :definition MEM and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111E ...) Rules: ((:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION RM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION RM) (:REWRITE CAR-CDR-ELIM) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.05 seconds (prove: 0.00, print: 0.05, other: 0.00) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) PROBLEM-111E ACL2 >>(THEOREM PROBLEM-111F (EQUAL (FILTER FN (RM D X) E) (RM D (FILTER FN X E))) :HINTS (("Goal" :INDUCT (FILTER FN X E) :IN-THEORY (ENABLE PROBLEM-111C PROBLEM-111D PROBLEM-111E)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (FILTER FN X E). This suggestion was produced using the :induction rule FILTER. If we let (:P D E FN X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (REL FN (CAR X) E)) (:P D E FN (CDR X))) (:P D E FN X)) (IMPLIES (AND (NOT (ENDP X)) (REL FN (CAR X) E) (:P D E FN (CDR X))) (:P D E FN X)) (IMPLIES (ENDP X) (:P D E FN X))). This induction is justified by the same argument used to admit FILTER, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (AND (NOT (ENDP X)) (NOT (REL FN (CAR X) E)) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E)))) (EQUAL (FILTER FN (RM D X) E) (RM D (FILTER FN X E)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (CONSP X) (NOT (REL FN (CAR X) E)) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E)))) (EQUAL (FILTER FN (RM D X) E) (RM D (FILTER FN X E)))). This simplifies, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rule LEXORDER-REFLEXIVE, to the following twelve conjectures. Subgoal *1/3.12 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (LEXORDER (CAR X) E) (EQUAL (CAR X) E) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E))) (EQUAL D E)) (EQUAL (FILTER FN (CDR X) E) (FILTER FN (RM D (CDR X)) E))). But simplification reduces this to T, using the :definitions <<= and REL, primitive type reasoning and the :rewrite rules LEXORDER-REFLEXIVE, PROBLEM-111C, PROBLEM-111D and PROBLEM-111E. Subgoal *1/3.11 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (LEXORDER (CAR X) E) (EQUAL (CAR X) E) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E))) (NOT (EQUAL D E))) (EQUAL (FILTER FN (CONS E (RM D (CDR X))) E) (FILTER FN (RM D (CDR X)) E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and LEXORDER-REFLEXIVE. Subgoal *1/3.10 (IMPLIES (AND (CONSP X) (EQUAL FN '<<=) (NOT (LEXORDER (CAR X) E)) (EQUAL (FILTER '<<= (RM D (CDR X)) E) (RM D (FILTER '<<= (CDR X) E))) (EQUAL D (CAR X))) (EQUAL (FILTER '<<= (CDR X) E) (RM D (FILTER '<<= X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules PROBLEM-111C, PROBLEM-111D and PROBLEM-111E and the :type-prescription rule LEXORDER. Subgoal *1/3.9 (IMPLIES (AND (CONSP X) (EQUAL FN '<<=) (NOT (LEXORDER (CAR X) E)) (EQUAL (FILTER '<<= (RM D (CDR X)) E) (RM D (FILTER '<<= (CDR X) E))) (NOT (EQUAL D (CAR X)))) (EQUAL (FILTER '<<= (CONS (CAR X) (RM D (CDR X))) E) (RM D (FILTER '<<= X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.8 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR X))) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E))) (EQUAL D (CAR X))) (EQUAL (FILTER FN (CDR X) E) (FILTER FN (RM D (CDR X)) E))). But simplification reduces this to T, using the :definitions <<= and REL, primitive type reasoning, the :rewrite rules PROBLEM-111C, PROBLEM- 111D and PROBLEM-111E and the :type-prescription rule LEXORDER. Subgoal *1/3.7 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR X))) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E))) (NOT (EQUAL D (CAR X)))) (EQUAL (FILTER FN (CONS (CAR X) (RM D (CDR X))) E) (FILTER FN (RM D (CDR X)) E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.6 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (EQUAL (CAR X) E) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E))) (EQUAL D E)) (EQUAL (FILTER FN (CDR X) E) (FILTER FN (RM D (CDR X)) E))). But simplification reduces this to T, using the :definitions <<= and REL, primitive type reasoning and the :rewrite rules LEXORDER-REFLEXIVE, PROBLEM-111C, PROBLEM-111D and PROBLEM-111E. Subgoal *1/3.5 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (NOT (EQUAL FN '<<)) (EQUAL (CAR X) E) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E))) (NOT (EQUAL D E))) (EQUAL (FILTER FN (CONS E (RM D (CDR X))) E) (FILTER FN (RM D (CDR X)) E))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and LEXORDER-REFLEXIVE. Subgoal *1/3.4 (IMPLIES (AND (CONSP X) (EQUAL FN '>>=) (NOT (LEXORDER E (CAR X))) (EQUAL (FILTER '>>= (RM D (CDR X)) E) (RM D (FILTER '>>= (CDR X) E))) (EQUAL D (CAR X))) (EQUAL (FILTER '>>= (CDR X) E) (RM D (FILTER '>>= X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules PROBLEM-111C, PROBLEM-111D and PROBLEM-111E and the :type-prescription rule LEXORDER. Subgoal *1/3.3 (IMPLIES (AND (CONSP X) (EQUAL FN '>>=) (NOT (LEXORDER E (CAR X))) (EQUAL (FILTER '>>= (RM D (CDR X)) E) (RM D (FILTER '>>= (CDR X) E))) (NOT (EQUAL D (CAR X)))) (EQUAL (FILTER '>>= (CONS (CAR X) (RM D (CDR X))) E) (RM D (FILTER '>>= X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/3.2 (IMPLIES (AND (CONSP X) (EQUAL FN '<<) (NOT (LEXORDER (CAR X) E)) (EQUAL (FILTER '<< (RM D (CDR X)) E) (RM D (FILTER '<< (CDR X) E))) (EQUAL D (CAR X))) (EQUAL (FILTER '<< (CDR X) E) (RM D (FILTER '<< X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules PROBLEM-111C, PROBLEM-111D and PROBLEM-111E. Subgoal *1/3.1 (IMPLIES (AND (CONSP X) (EQUAL FN '<<) (NOT (LEXORDER (CAR X) E)) (EQUAL (FILTER '<< (RM D (CDR X)) E) (RM D (FILTER '<< (CDR X) E))) (NOT (EQUAL D (CAR X)))) (EQUAL (FILTER '<< (CONS (CAR X) (RM D (CDR X))) E) (RM D (FILTER '<< X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. Subgoal *1/2 (IMPLIES (AND (NOT (ENDP X)) (REL FN (CAR X) E) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E)))) (EQUAL (FILTER FN (RM D X) E) (RM D (FILTER FN X E)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (REL FN (CAR X) E) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E)))) (EQUAL (FILTER FN (RM D X) E) (RM D (FILTER FN X E)))). This simplifies, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rules FILTER and LEXORDER, to the following seven conjectures. Subgoal *1/2.7 (IMPLIES (AND (CONSP X) (EQUAL FN '<<=) (LEXORDER (CAR X) E) (EQUAL (FILTER '<<= (RM D (CDR X)) E) (RM D (FILTER '<<= (CDR X) E))) (EQUAL D (CAR X))) (EQUAL (FILTER '<<= (CDR X) E) (RM D (FILTER '<<= X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/2.6 (IMPLIES (AND (CONSP X) (EQUAL FN '<<=) (LEXORDER (CAR X) E) (EQUAL (FILTER '<<= (RM D (CDR X)) E) (RM D (FILTER '<<= (CDR X) E))) (NOT (EQUAL D (CAR X)))) (EQUAL (FILTER '<<= (CONS (CAR X) (RM D (CDR X))) E) (RM D (FILTER '<<= X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/2.5 (IMPLIES (AND (CONSP X) (EQUAL FN '>>=) (LEXORDER E (CAR X)) (EQUAL (FILTER '>>= (RM D (CDR X)) E) (RM D (FILTER '>>= (CDR X) E))) (EQUAL D (CAR X))) (EQUAL (FILTER '>>= (CDR X) E) (RM D (FILTER '>>= X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/2.4 (IMPLIES (AND (CONSP X) (EQUAL FN '>>=) (LEXORDER E (CAR X)) (EQUAL (FILTER '>>= (RM D (CDR X)) E) (RM D (FILTER '>>= (CDR X) E))) (NOT (EQUAL D (CAR X)))) (EQUAL (FILTER '>>= (CONS (CAR X) (RM D (CDR X))) E) (RM D (FILTER '>>= X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/2.3 (IMPLIES (AND (CONSP X) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E)) (EQUAL (FILTER FN (RM D (CDR X)) E) (RM D (FILTER FN (CDR X) E))) (NOT (EQUAL D (CAR X)))) (EQUAL (FILTER FN (CONS (CAR X) (RM D (CDR X))) E) (CONS (CAR X) (FILTER FN (RM D (CDR X)) E)))). But simplification reduces this to T, using the :definitions <<=, FILTER and REL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR- CONS, LEXORDER-REFLEXIVE and LEXORDER-TRANSITIVE and the :type-prescription rule LEXORDER. Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (EQUAL (FILTER '<< (RM D (CDR X)) E) (RM D (FILTER '<< (CDR X) E))) (EQUAL D (CAR X))) (EQUAL (FILTER '<< (CDR X) E) (RM D (FILTER '<< X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/2.1 (IMPLIES (AND (CONSP X) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E)) (EQUAL (FILTER '<< (RM D (CDR X)) E) (RM D (FILTER '<< (CDR X) E))) (NOT (EQUAL D (CAR X)))) (EQUAL (FILTER '<< (CONS (CAR X) (RM D (CDR X))) E) (RM D (FILTER '<< X E)))). But simplification reduces this to T, using the :definitions <<=, FILTER, REL and RM, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE and LEXORDER- TRANSITIVE and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/1 (IMPLIES (ENDP X) (EQUAL (FILTER FN (RM D X) E) (RM D (FILTER FN X E)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/1' (IMPLIES (NOT (CONSP X)) (EQUAL (FILTER FN (RM D X) E) (RM D (FILTER FN X E)))). But simplification reduces this to T, using the :definitions FILTER and MEM, the :executable-counterparts of CONSP and EQUAL and the :rewrite rule PROBLEM-111E. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111F ...) Rules: ((:DEFINITION <<=) (:DEFINITION ENDP) (:DEFINITION FILTER) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REL) (:DEFINITION RM) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION FILTER) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:REWRITE PROBLEM-111C) (:REWRITE PROBLEM-111D) (:REWRITE PROBLEM-111E) (:TYPE-PRESCRIPTION FILTER) (:TYPE-PRESCRIPTION LEXORDER)) Warnings: None Time: 0.72 seconds (prove: 0.37, print: 0.33, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-111F ACL2 >>(THEOREM PROBLEM-111G (IMPLIES (PERM X Y) (PERM (FILTER FN X E) (FILTER FN Y E))) :HINTS (("Goal" :INDUCT (PERM X Y) :IN-THEORY (ENABLE PROBLEM-48 PROBLEM-49A PROBLEM-54A PROBLEM-54 PROBLEM-55B PROBLEM-55 PROBLEM-111B PROBLEM-111D PROBLEM-111E PROBLEM-111F))) :RULE-CLASSES :CONGRUENCE) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PERM X Y). This suggestion was produced using the :induction rule PERM. If we let (:P E FN X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E FN X Y)) (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (:P E FN X Y)) (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (:P E FN (CDR X) (RM (CAR X) Y))) (:P E FN X Y))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable Y is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP X)) (IMPLIES (PERM X Y) (PERM (FILTER FN X E) (FILTER FN Y E)))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP X)) (PERM X Y)) (PERM (FILTER FN X E) (FILTER FN Y E))). But simplification reduces this to T, using the :definitions FILTER and PERM and the :executable-counterpart of PERM. Subgoal *1/2 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y))) (IMPLIES (PERM X Y) (PERM (FILTER FN X E) (FILTER FN Y E)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (PERM X Y)) (PERM (FILTER FN X E) (FILTER FN Y E))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning and the :rewrite rule PROBLEM-55B. Subgoal *1/1 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (PERM (CDR X) (RM (CAR X) Y)) (PERM (FILTER FN (CDR X) E) (FILTER FN (RM (CAR X) Y) E)))) (IMPLIES (PERM X Y) (PERM (FILTER FN X E) (FILTER FN Y E)))). By the simple :rewrite rule PROBLEM-111F we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (MEM (CAR X) Y) (IMPLIES (PERM (CDR X) (RM (CAR X) Y)) (PERM (FILTER FN (CDR X) E) (RM (CAR X) (FILTER FN Y E)))) (PERM X Y)) (PERM (FILTER FN X E) (FILTER FN Y E))). This simplifies, using the :definitions <<=, FILTER, MEM, PERM and REL, the :executable-counterpart of EQUAL, primitive type reasoning and the :rewrite rule PROBLEM-55B, to the following ten conjectures. Subgoal *1/1.10 (IMPLIES (AND (CONSP X) (PERM (FILTER '<<= (CDR X) E) (RM (CAR X) (FILTER '<<= Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL FN '<<=) (LEXORDER (CAR X) E)) (PERM (CONS (CAR X) (FILTER '<<= (CDR X) E)) (FILTER '<<= Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :equivalence rule PROBLEM-111B, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules LEXORDER-REFLEXIVE, LEXORDER-TRANSITIVE, PROBLEM-111D, PROBLEM-48, PROBLEM-49A, PROBLEM- 54, PROBLEM-54A and PROBLEM-55 and the :type-prescription rules LEXORDER and MEM. Subgoal *1/1.9 (IMPLIES (AND (CONSP X) (PERM (FILTER '<<= (CDR X) E) (RM (CAR X) (FILTER '<<= Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL FN '<<=) (NOT (LEXORDER (CAR X) E))) (PERM (FILTER '<<= (CDR X) E) (FILTER '<<= Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :executable-counterpart of EQUAL, the :rewrite rules PROBLEM- 111D, PROBLEM-111E, PROBLEM-48 and PROBLEM-49A and the :type-prescription rules LEXORDER and MEM. Subgoal *1/1.8 (IMPLIES (AND (CONSP X) (PERM (FILTER FN (CDR X) E) (RM (CAR X) (FILTER FN Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '>>=)) (LEXORDER E (CAR X)) (EQUAL (CAR X) E)) (PERM (FILTER FN (CDR X) E) (FILTER FN Y E))). But simplification reduces this to T, using the :definitions <<= and REL, primitive type reasoning, the :rewrite rules LEXORDER-TRANSITIVE, PROBLEM-111D, PROBLEM-111E, PROBLEM-48 and PROBLEM-49A and the :type- prescription rules LEXORDER and MEM. Subgoal *1/1.7 (IMPLIES (AND (CONSP X) (PERM (FILTER '>>= (CDR X) E) (RM (CAR X) (FILTER '>>= Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL FN '>>=) (NOT (LEXORDER E (CAR X)))) (PERM (FILTER '>>= (CDR X) E) (FILTER '>>= Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :executable-counterpart of EQUAL, the :rewrite rules PROBLEM- 111D, PROBLEM-111E, PROBLEM-48 and PROBLEM-49A and the :type-prescription rules LEXORDER and MEM. Subgoal *1/1.6 (IMPLIES (AND (CONSP X) (PERM (FILTER '>>= (CDR X) E) (RM (CAR X) (FILTER '>>= Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL FN '>>=) (LEXORDER E (CAR X))) (PERM (CONS (CAR X) (FILTER '>>= (CDR X) E)) (FILTER '>>= Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :equivalence rule PROBLEM-111B, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules LEXORDER-REFLEXIVE, LEXORDER-TRANSITIVE, PROBLEM-111D, PROBLEM-48, PROBLEM-49A, PROBLEM- 54, PROBLEM-54A and PROBLEM-55 and the :type-prescription rules LEXORDER and MEM. Subgoal *1/1.5 (IMPLIES (AND (CONSP X) (PERM (FILTER '<< (CDR X) E) (RM (CAR X) (FILTER '<< Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL FN '<<) (EQUAL (CAR X) E)) (PERM (FILTER '<< (CDR X) E) (FILTER '<< Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules LEXORDER-REFLEXIVE, PROBLEM-111D, PROBLEM-111E, PROBLEM-48 and PROBLEM-49A and the :type-prescription rule MEM. Subgoal *1/1.4 (IMPLIES (AND (CONSP X) (PERM (FILTER FN (CDR X) E) (RM (CAR X) (FILTER FN Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (NOT (LEXORDER E (CAR X)))) (PERM (FILTER FN (CDR X) E) (FILTER FN Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :rewrite rules PROBLEM-111D, PROBLEM-111E, PROBLEM-48 and PROBLEM-49A and the :type-prescription rules LEXORDER and MEM. Subgoal *1/1.3 (IMPLIES (AND (CONSP X) (PERM (FILTER FN (CDR X) E) (RM (CAR X) (FILTER FN Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (NOT (EQUAL FN '<<=)) (NOT (EQUAL FN '<<)) (LEXORDER E (CAR X)) (NOT (EQUAL (CAR X) E))) (PERM (CONS (CAR X) (FILTER FN (CDR X) E)) (FILTER FN Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :equivalence rule PROBLEM-111B, primitive type reasoning, the :rewrite rules LEXORDER-REFLEXIVE, LEXORDER-TRANSITIVE, PROBLEM- 111D, PROBLEM-48, PROBLEM-49A, PROBLEM-54, PROBLEM-54A and PROBLEM- 55 and the :type-prescription rules LEXORDER and MEM. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (PERM (FILTER '<< (CDR X) E) (RM (CAR X) (FILTER '<< Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL FN '<<) (NOT (LEXORDER (CAR X) E))) (PERM (FILTER '<< (CDR X) E) (FILTER '<< Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :executable-counterpart of EQUAL, the :rewrite rules PROBLEM- 111D, PROBLEM-111E, PROBLEM-48 and PROBLEM-49A and the :type-prescription rule MEM. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (PERM (FILTER '<< (CDR X) E) (RM (CAR X) (FILTER '<< Y E))) (MEM (CAR X) Y) (PERM (CDR X) (RM (CAR X) Y)) (EQUAL FN '<<) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E))) (PERM (CONS (CAR X) (FILTER '<< (CDR X) E)) (FILTER '<< Y E))). But simplification reduces this to T, using the :definitions <<= and REL, the :equivalence rule PROBLEM-111B, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules LEXORDER-REFLEXIVE, LEXORDER-TRANSITIVE, PROBLEM-111D, PROBLEM-48, PROBLEM-49A, PROBLEM- 54, PROBLEM-54A and PROBLEM-55 and the :type-prescription rules LEXORDER and MEM. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111G ...) Rules: ((:DEFINITION <<=) (:DEFINITION FILTER) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION PERM) (:DEFINITION REL) (:EQUIVALENCE PROBLEM-111B) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART PERM) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PERM) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:REWRITE PROBLEM-111D) (:REWRITE PROBLEM-111E) (:REWRITE PROBLEM-111F) (:REWRITE PROBLEM-48) (:REWRITE PROBLEM-49A) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-54A) (:REWRITE PROBLEM-55) (:REWRITE PROBLEM-55B) (:TYPE-PRESCRIPTION LEXORDER) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.38 seconds (prove: 0.16, print: 0.19, other: 0.03) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.05 seconds (prove: 0.00, print: 0.00, other: 0.05) PROBLEM-111G ACL2 >>(THEOREM PROBLEM-111H (PERM (APP A (CONS E B)) (CONS E (APP A B))) :HINTS (("Goal" :INDUCT (APP A B) :IN-THEORY (ENABLE PROBLEM-46 PROBLEM-54A PROBLEM-54 PROBLEM-55 PROBLEM-111B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP A B). This suggestion was produced using the :induction rule APP. If we let (:P A B E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B E)) (IMPLIES (AND (CONSP A) (:P (CDR A) B E)) (:P A B E))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP A)) (PERM (APP A (CONS E B)) (CONS E (APP A B)))). But simplification reduces this to T, using the :definition APP, primitive type reasoning and the :rewrite rule PROBLEM-54. Subgoal *1/1 (IMPLIES (AND (CONSP A) (PERM (APP (CDR A) (CONS E B)) (CONS E (APP (CDR A) B)))) (PERM (APP A (CONS E B)) (CONS E (APP A B)))). But simplification reduces this to T, using the :definitions APP, MEM and RM, the :equivalence rule PROBLEM-111B, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-46, PROBLEM-54, PROBLEM-54A and PROBLEM-55. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111H ...) Rules: ((:DEFINITION APP) (:DEFINITION MEM) (:DEFINITION RM) (:EQUIVALENCE PROBLEM-111B) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-46) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-54A) (:REWRITE PROBLEM-55)) Warnings: None Time: 0.04 seconds (prove: 0.01, print: 0.02, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-111H ACL2 >>(THEOREM PROBLEM-111I (PERM (APP (FILTER '<< X E) (FILTER '>>= X E)) X) :HINTS (("Goal" :INDUCT (FILTER '>>= X E) :IN-THEORY (ENABLE PROBLEM-54A PROBLEM-54 PROBLEM-55 PROBLEM-111B PROBLEM-111H)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (FILTER '>>= X E). This suggestion was produced using the :induction rule FILTER. If we let (:P E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (REL '>>= (CAR X) E)) (:P E (CDR X))) (:P E X)) (IMPLIES (AND (NOT (ENDP X)) (REL '>>= (CAR X) E) (:P E (CDR X))) (:P E X)) (IMPLIES (ENDP X) (:P E X))). This induction is justified by the same argument used to admit FILTER, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (AND (NOT (ENDP X)) (NOT (REL '>>= (CAR X) E)) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) (CDR X))) (PERM (APP (FILTER '<< X E) (FILTER '>>= X E)) X)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (CONSP X) (NOT (REL '>>= (CAR X) E)) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) (CDR X))) (PERM (APP (FILTER '<< X E) (FILTER '>>= X E)) X)). This simplifies, using the :definitions <<=, FILTER and REL and the :executable-counterpart of EQUAL, to the following three conjectures. Subgoal *1/3.3 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) (CDR X)) (NOT (LEXORDER (CAR X) E))) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) X)). But simplification reduces this to T, using primitive type reasoning and the :forward-chaining rule LEXORDER-TOTAL. Subgoal *1/3.2 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) (CDR X)) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E))) (PERM (APP (CONS (CAR X) (FILTER '<< (CDR X) E)) (FILTER '>>= (CDR X) E)) X)). But simplification reduces this to T, using the :definitions APP, MEM and RM, the :equivalence rule PROBLEM-111B, primitive type reasoning, the :forward-chaining rule LEXORDER-TOTAL, the :rewrite rules CAR-CONS, CDR-CONS, LEXORDER-REFLEXIVE, LEXORDER-TRANSITIVE, PROBLEM-54, PROBLEM- 54A and PROBLEM-55 and the :type-prescription rules FILTER and LEXORDER. Subgoal *1/3.1 (IMPLIES (AND (CONSP X) (NOT (LEXORDER E (CAR X))) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) (CDR X)) (EQUAL (CAR X) E)) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) X)). But simplification reduces this to T, using primitive type reasoning and the :forward-chaining rule LEXORDER-TOTAL. Subgoal *1/2 (IMPLIES (AND (NOT (ENDP X)) (REL '>>= (CAR X) E) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) (CDR X))) (PERM (APP (FILTER '<< X E) (FILTER '>>= X E)) X)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (REL '>>= (CAR X) E) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) (CDR X))) (PERM (APP (FILTER '<< X E) (FILTER '>>= X E)) X)). This simplifies, using the :definitions <<=, FILTER, MEM, PERM, REL and RM, the :equivalence rule PROBLEM-111B, the :executable-counterpart of EQUAL, primitive type reasoning, the :rewrite rules CAR-CONS, CDR- CONS, LEXORDER-REFLEXIVE, LEXORDER-TRANSITIVE and PROBLEM-111H and the :type-prescription rule LEXORDER, to Subgoal *1/2'' (IMPLIES (AND (CONSP X) (LEXORDER E (CAR X)) (PERM (APP (FILTER '<< (CDR X) E) (FILTER '>>= (CDR X) E)) (CDR X)) (LEXORDER (CAR X) E) (NOT (EQUAL (CAR X) E))) (PERM (APP (CONS (CAR X) (FILTER '<< (CDR X) E)) (FILTER '>>= (CDR X) E)) (CDR X))). But simplification reduces this to T, using the :forward-chaining rule LEXORDER-ANTI-SYMMETRIC and the :type-prescription rule LEXORDER. Subgoal *1/1 (IMPLIES (ENDP X) (PERM (APP (FILTER '<< X E) (FILTER '>>= X E)) X)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/1' (IMPLIES (NOT (CONSP X)) (PERM (APP (FILTER '<< X E) (FILTER '>>= X E)) X)). But simplification reduces this to T, using the :definitions FILTER and PERM, the :executable-counterparts of APP and CONSP and the :rewrite rule PROBLEM-54. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111I ...) Rules: ((:DEFINITION <<=) (:DEFINITION APP) (:DEFINITION ENDP) (:DEFINITION FILTER) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION PERM) (:DEFINITION REL) (:DEFINITION RM) (:EQUIVALENCE PROBLEM-111B) (:EXECUTABLE-COUNTERPART APP) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING LEXORDER-ANTI-SYMMETRIC) (:FORWARD-CHAINING LEXORDER-TOTAL) (:INDUCTION FILTER) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LEXORDER-REFLEXIVE) (:REWRITE LEXORDER-TRANSITIVE) (:REWRITE PROBLEM-111H) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-54A) (:REWRITE PROBLEM-55) (:TYPE-PRESCRIPTION FILTER) (:TYPE-PRESCRIPTION LEXORDER)) Warnings: None Time: 0.15 seconds (prove: 0.04, print: 0.10, other: 0.01) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-111I ACL2 >>(THEOREM PROBLEM-111J (IMPLIES (MEM E X) (PERM (APP (RM E X) Y) (RM E (APP X Y)))) :HINTS (("Goal" :INDUCT (APP X Y) :IN-THEORY (ENABLE PROBLEM-53 PROBLEM-54 PROBLEM-54A PROBLEM-55 PROBLEM-111B)))) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP X Y). This suggestion was produced using the :induction rule APP. If we let (:P E X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP X)) (:P E X Y)) (IMPLIES (AND (CONSP X) (:P E (CDR X) Y)) (:P E X Y))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT X) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the above induction scheme produces the following two nontautological subgoals. Subgoal *1/2 (IMPLIES (NOT (CONSP X)) (IMPLIES (MEM E X) (PERM (APP (RM E X) Y) (RM E (APP X Y))))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (CONSP X)) (MEM E X)) (PERM (APP (RM E X) Y) (RM E (APP X Y)))). But simplification reduces this to T, using the :definition MEM. Subgoal *1/1 (IMPLIES (AND (CONSP X) (IMPLIES (MEM E (CDR X)) (PERM (APP (RM E (CDR X)) Y) (RM E (APP (CDR X) Y))))) (IMPLIES (MEM E X) (PERM (APP (RM E X) Y) (RM E (APP X Y))))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP X) (IMPLIES (MEM E (CDR X)) (PERM (APP (RM E (CDR X)) Y) (RM E (APP (CDR X) Y)))) (MEM E X)) (PERM (APP (RM E X) Y) (RM E (APP X Y)))). This simplifies, using the :definitions APP, MEM and RM, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS and PROBLEM- 54, to the following two conjectures. Subgoal *1/1.2 (IMPLIES (AND (CONSP X) (PERM (APP (RM E (CDR X)) Y) (RM E (APP (CDR X) Y))) (MEM E (CDR X)) (EQUAL E (CAR X))) (PERM (APP (CDR X) Y) (APP (CDR X) Y))). But we reduce the conjecture to T, by the simple :rewrite rule PROBLEM- 53. Subgoal *1/1.1 (IMPLIES (AND (CONSP X) (PERM (APP (RM E (CDR X)) Y) (RM E (APP (CDR X) Y))) (MEM E (CDR X)) (NOT (EQUAL E (CAR X)))) (PERM (APP (CONS (CAR X) (RM E (CDR X))) Y) (CONS (CAR X) (RM E (APP (CDR X) Y))))). But simplification reduces this to T, using the :definitions APP, MEM and RM, the :equivalence rule PROBLEM-111B, primitive type reasoning and the :rewrite rules CAR-CONS, CDR-CONS, PROBLEM-54, PROBLEM-54A and PROBLEM-55. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111J ...) Rules: ((:DEFINITION APP) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION RM) (:EQUIVALENCE PROBLEM-111B) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION APP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-53) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-54A) (:REWRITE PROBLEM-55)) Warnings: None Time: 0.08 seconds (prove: 0.01, print: 0.04, other: 0.03) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-111J ACL2 >>(THEOREM PROBLEM-111K (IMPLIES (PERM A B) (PERM (APP A C) (APP B C))) :HINTS (("Goal" :INDUCT (PERM A B) :IN-THEORY (ENABLE PROBLEM-46 PROBLEM-48 PROBLEM-49A PROBLEM-54A PROBLEM-54 PROBLEM-55B PROBLEM-55 PROBLEM-111B PROBLEM-111J))) :RULE-CLASSES :CONGRUENCE) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (PERM A B). This suggestion was produced using the :induction rule PERM. If we let (:P A B C) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP A)) (:P A B C)) (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B))) (:P A B C)) (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (:P (CDR A) (RM (CAR A) B) C)) (:P A B C))). This induction is justified by the same argument used to admit PERM, namely, the measure (ACL2-COUNT A) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). Note, however, that the unmeasured variable B is being instantiated. When applied to the goal at hand the above induction scheme produces the following three nontautological subgoals. Subgoal *1/3 (IMPLIES (NOT (CONSP A)) (IMPLIES (PERM A B) (PERM (APP A C) (APP B C)))). By case analysis we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (NOT (CONSP A)) (PERM A B)) (PERM (APP A C) (APP B C))). But simplification reduces this to T, using the :definitions APP and PERM, primitive type reasoning and the :rewrite rule PROBLEM-54. Subgoal *1/2 (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B))) (IMPLIES (PERM A B) (PERM (APP A C) (APP B C)))). By case analysis we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) B)) (PERM A B)) (PERM (APP A C) (APP B C))). But simplification reduces this to T, using the :definition MEM, primitive type reasoning and the :rewrite rule PROBLEM-55B. Subgoal *1/1 (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (IMPLIES (PERM (CDR A) (RM (CAR A) B)) (PERM (APP (CDR A) C) (APP (RM (CAR A) B) C)))) (IMPLIES (PERM A B) (PERM (APP A C) (APP B C)))). By case analysis we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (CONSP A) (MEM (CAR A) B) (IMPLIES (PERM (CDR A) (RM (CAR A) B)) (PERM (APP (CDR A) C) (APP (RM (CAR A) B) C))) (PERM A B)) (PERM (APP A C) (APP B C))). But simplification reduces this to T, using the :definitions APP, MEM and PERM, the :equivalence rule PROBLEM-111B, primitive type reasoning, the :rewrite rules PROBLEM-111J, PROBLEM-46, PROBLEM-48, PROBLEM-49A, PROBLEM-54, PROBLEM-54A, PROBLEM-55 and PROBLEM-55B and the :type- prescription rule MEM. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM PROBLEM-111K ...) Rules: ((:DEFINITION APP) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION PERM) (:EQUIVALENCE PROBLEM-111B) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION PERM) (:REWRITE PROBLEM-111J) (:REWRITE PROBLEM-46) (:REWRITE PROBLEM-48) (:REWRITE PROBLEM-49A) (:REWRITE PROBLEM-54) (:REWRITE PROBLEM-54A) (:REWRITE PROBLEM-55) (:REWRITE PROBLEM-55B) (:TYPE-PRESCRIPTION MEM)) Warnings: None Time: 0.19 seconds (prove: 0.02, print: 0.15, other: 0.02) Summary Form: (IN-THEORY (DISABLE ...)) Rules: NIL Warnings: None Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) PROBLEM-111K ACL2 >>(THEOREM PROBLEM-111L (IMPLIES (PERM A B) (PERM (APP C A) (APP C B))) :HINTS (("Goal" :INDUCT (APP C B) :IN-THEORY (ENABLE PROBLEM-54A PROBLEM-54 PROBLEM-55 PROBLEM-111B))) :RULE-CLASSES :CONGRUENCE) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (APP C B). This suggestion was produced using the :induction rule APP. If we let (:P A B C) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (NOT (CONSP C)) (:P A B C)) (IMPLIES (AND (CONSP C) (:P A B (CDR C))) (:P A B C))). This induction is justified by the same argument used to admit APP, namely, the measure (ACL2-COUNT C) is decreasing according to the relation O< (which is known to be well-founded on the domain recognized by O- P). When applied to the goal at hand the a