Review the Axioms on page 10 of the Recursion and Induction notes.

---
Problem 39.  Consider the definition:

(defun f (x)
  (if (consp x)
      (f (cdr x))
    t))

What does this function return?  Every computer science student will know that it
returns t.  It's obvious.

So can you prove (f x) = t?

Well, you can't prove it by case analysis because it just keeps going:

Proof attempt for (f x) = t:

Case 1:  (not (consp x))
 (f x) = t {by def}

Case 2:  (consp x)
 (f x) = (f (cdr x))  {by def}

 Proof attempt for (f (cdr x)) = t

 Case 2.1 (not (consp (cdr x)))
 (f (cdr x)) = t  {by def}

 Case 2.2 (consp (cdr x))
 (f (cdr x)) = (f (cdr (cdr x)))   {by def}

 ...

Clearly, we need a way to handle recursive calls.  That's what induction is for.

Induction is not mysterious.  The need for induction is not obscure or rare.

Induction is as "obvious" as it is that (f x) = t: f always returns something
and the only answer it generates is t.

Inductive Proof that (f x) = t.

Base Case:  (not (consp x))                 1. {test}
(f x) = t                                      {by def}

Induction Step:  (consp x)                  1. {test}
                 (f (cdr x)) = t            2. {IH}

(f x) = (f (cdr x))                            {by def}
      = t                                      {by 2 (IH)}

Q.E.D.

---
Review Structural Induction on page 15.
---
Review the proof of (tree-copy x) = x on page 16.
---
What are the alphas doing for us?

(defun f (x y)
  (if (consp x)
      (f (cdr x) (g y))
    t))

What does (f x y) return?  Obviosly, t.  Prove it:

Proof of (f x y) = t

Base Case:  (not (consp x))                  1. {test}
(f x y) = t                                     {by def}

Induction Step:  (consp x)                   1. {test}
                 (f (cdr x) (g y)) = t       2. {IH}  <-- note ``alpha_1'' is (g y)!

(f x y) = (f (cdr x) (g y))                     {by def}
        = t                                     {IH}

Q.E.D.
---
Dealing with falsehoods!

(defun app (x y)
  (if (consp x)
      (cons (car x) (app (cdr x) y))
    y))

Proof attempt for (app x nil) = x.

Base Case:  (not (consp x))                   1. {test}

(app x nil) =  nil                               {by def}
            =? x                                 {?}

Oops!  We need to prove (not (consp x)) -> x=nil.  But is x the only non-cons?  No!
3 is not a cons.  So is (app 3 nil) = 3?  No.

This formula is not a theorem! 

So what is?  Maybe:

Proof attempt for (consp x) -> (app x nil) = x.

Base Case:  (not (consp x))                    1. {test}

 Since we're trying to prove
 (consp x) -> (app x nil) = x
 we can also assume

            (consp x)                          2. {hyp}

and try to prove

 (app x nil) = x.

But 1 and 2 ({test} and {hyp}) contradict each other.  So the base case is done.

Induction Step:  (consp x)                     1. {test}
                 (consp (cdr x)) -> (app (cdr x) nil) = (cdr x)   2. {IH}

 Since we're trying to prove
 (consp x) -> (app x nil) = x
 we can also assume:

                 (consp x)                     3. {hyp}

and try to prove

 (app x nil) = x.

Well,

 (app x nil) = (cons (car x) (app (cdr x) nil))   {by def}

We'd like to use our IH to replace (app (cdr x) nil) by (cdr x).
But the IH has a hypothesis we have to establish, namely (consp (cdr x)).
We don't know (consp (cdr x)) is true.  In fact, it could be false!

Consider (app (cons 1 3) nil) = (cons 1 3)?  No!

         (app (cons 1 3) nil)
         =
         (cons 1 nil) /= (cons 1 3)

But (consp (cons 1 3)) is true. 

So (consp x) -> (app x nil) = x isn't a theorem either!

What to do?  Think semantically.  What does (app x nil) do?  It replaces the
"last cdr" of x by nil.  So when is that a no-op?  When the last cdr of x is
already nil.

So we need the concept:  The last cdr of x is nil.

(defun properp (x)
  (if (consp x)
      (properp (cdr x))
    (equal x nil)))

Proof of (properp x) -> (app x nil) = x.

Base Case:  (not (consp x))                      1. {test}
            (properp x)                          2. {hyp}
            x = nil                              3. {def of properp given 1}

 (app x nil) = nil                                  {def app}
             = x                                    {3}

Induction Step:  (consp x)                       1. {test}
                 (properp (cdr x)) -> (app (cdr x) nil) = (cdr x) 2. {IH}
                 (properp x)                     3. {hyp}
                 (properp (cdr x))               4. {def properp given 1}
                 (app (cdr x) nil) = (cdr x)     5. {IH and 4}

(app x nil) = (cons (car x) (app (cdr x) nil))      {def app}
            = (cons (car x) (cdr x))                {5}
            = x                                     {axiom}

Q.E.D.

---
A sample proof about arithmetic

Proof of (len (app a b)) = (+ (len a) (len b))

Base Case:  (not (consp a))                       1. {test}

lhs = (len (app a b))                                {convention}
    = (len b)                                        {def app}

rhs = (+ (len a) (len b))
    = (+ 0 (len b))                                  {def len}
    = (len b)                                        {arith}
    = lhs

Induction Step: (consp a)                         1. {test}
                (len (app (cdr a) b)) = (+ (len (cdr a)) (len b))  2. {IH}

lhs = (len (app a b))
    = (len (cons (car a) (app (cdr a) b)))           {def app}
    = (+ 1 (len (app (cdr a) b)))                    {def len and axioms}
    = (+ 1 (+ (len (cdr a)) (len b)))                {IH}

rhs = (+ (len a) (len b))
    = (+ (+ 1 (len (cdr a))) (len b))                {def len}
    = (+ 1 (+ (len (cdr a)) (len b)))                {arith}
    = lhs.

Q.E.D.