In this proof, I use ``alpha < beta'' to denote the idea that alpha can be proved by proving beta. Unexplained steps are just the usual propositional calculus. In the proof below I do an abbreviated kind of case analysis. If you are proving (a | b) --> c you can prove it by proving Case 1: a --> c Case 2: b --> c You should be able to justify this step by our usual rules and tautologies. ----------------------------------------------------------------- Theorem: (sub x y) --> (all e : (mem e x) --> (mem e y)) Proof. By induction on x. BC: (endp x) (endp x) --> (sub x y) --> (all e : (mem e x) --> (mem e y)) <--> (endp x) & (sub x y) --> (all e : (mem e x) --> (mem e y)) <--> {def sub} (endp x) --> (all e : (mem e x) --> (mem e y)) > {all-concl} (endp x) --> (mem e x) --> (mem e y) <--> (endp x) & (mem e x) --> (mem e y) <--> {def mem} (endp x) & nil --> (mem e y) <--> t IS: !(endp x) & [(sub (cdr x) y) --> (all e : (mem e (cdr x)) --> (mem e y))] --> (sub x y) --> (all e : (mem e x) --> (mem e y)) <--> !(endp x) & [(sub (cdr x) y) --> (all e : (mem e (cdr x)) --> (mem e y))] & (sub x y) --> (all e : (mem e x) --> (mem e y)) <--> {def sub} !(endp x) & [(sub (cdr x) y) --> (all e : (mem e (cdr x)) --> (mem e y))] & (mem (car x) y) & (sub (cdr x) y) --> (all e : (mem e x) --> (mem e y)) <--> !(endp x) & (all e : (mem e (cdr x)) --> (mem e y)) & (mem (car x) y) & (sub (cdr x) y) --> (all e : (mem e x) --> (mem e y)) <--> {all-concl} !(endp x) & (all e : (mem e (cdr x)) --> (mem e y)) & (mem (car x) y) & (sub (cdr x) y) --> (mem e x) --> (mem e y) <--> !(endp x) & (all e : (mem e (cdr x)) --> (mem e y)) & (mem (car x) y) & (sub (cdr x) y) & (mem e x) --> (mem e y) <--> {def mem} !(endp x) & (all e : (mem e (cdr x)) --> (mem e y)) & (mem (car x) y) & (sub (cdr x) y) & [e(car x) | (mem e (cdr x)) --> (mem e y) < {Cases} Case 1: e(car x) & !(endp x) & (all e : (mem e (cdr x)) --> (mem e y)) & (mem (car x) y) & (sub (cdr x) y) & [e(car x) | (mem e (cdr x)) --> (mem e y) <--> {rewrite concl with hyp 1} T Case 2: (mem e (cdr x)) & !(endp x) & (all e : (mem e (cdr x)) --> (mem e y)) & (mem (car x) y) & (sub (cdr x) y) & [e(car x) | (mem e (cdr x)) --> (mem e y) < {all-hyp} (mem e (cdr x)) & !(endp x) & (mem e (cdr x)) --> (mem e y) & (mem (car x) y) & (sub (cdr x) y) & [e(car x) | (mem e (cdr x)) --> (mem e y) <--> (mem e (cdr x)) & !(endp x) & (mem e y) & (mem (car x) y) & (sub (cdr x) y) & [e(car x) | (mem e (cdr x)) --> (mem e y) <--> T Q.E.D.