How to deal with a failure to admit an event

There are many reasons why an event can fail to be admitted.
Generally, an error message will explain the failure, sometimes pointing to
documentation that is specific to the relevant issue. There are tools that
can sometimes help: for example, to debug failures of `encapsulate` or
`progn` events, as well as `certify-book` failures, see redo-flat.

However, proof failures are typically not as trivial to debug as, for
example, syntactic errors (such as spelling errors in the name of a function).
Fortunately, ACL2 offers a variety of techniques for dealing with proof
failures, and some are discussed below. Also see relevant subtopics of the
topic, debugging. Some frequently-used tools for proof debugging that
are discussed in those subtopics include accumulated-persistence, break-rewrite, cgen, and proof-builder. Also see nil-goal for ideas about how to proceed when the prover generates a goal of

We turn now to the problem of dealing with proof failures.

When ACL2 gives up it does not mean that the submitted conjecture is invalid, even if the last formula ACL2 printed in its proof attempt is manifestly false. Since ACL2 sometimes generalizes the goal being proved, it is possible it adopted an invalid subgoal as a legitimate (but doomed) strategy for proving a valid goal. Nevertheless, conjectures submitted to ACL2 are often invalid and the proof attempt often leads the careful reader to the realization that a hypothesis has been omitted or that some special case has been forgotten. It is good practice to ask yourself, when you see a proof attempt fail, whether the conjecture submitted is actually a theorem.

If you think the conjecture is a theorem, then you must figure out from
ACL2's output what you know that ACL2 doesn't about the functions in the
conjecture and how to impart that knowledge to ACL2 in the form of rules. The
``key checkpoint'' information printed at the end of the summary
provides a fine place to start. See the-method for a general
discussion of how to prove theorems with ACL2, and see introduction-to-the-theorem-prover for a more detailed tutorial. Also see
set-gag-mode for discussion of key checkpoints and an abbreviated
output mode that focuses attention on them. You may find it most useful to
start by focusing on key checkpoints that are not under a proof by induction,
if any, both because these are more likely to suggest useful lemmas and
because they are more likely to be theorems; for example, generalization may
have occurred before a proof by induction has begun. If you need more
information than is provided by the key checkpoints — although this
should rarely be necessary — then you can look at the full proof,
perhaps with the aid of certain utilities: see pso, set-gag-mode, and proof-tree. System hackers may want to consider
using the utility, `checkpoint-list`.

Again, see the-method for a general discussion of how to prove theorems with ACL2, and see introduction-to-the-theorem-prover for a more detailed tutorial. See also the book ``Computer-Aided Reasoning: An Approach'' (Kaufmann, Manolios, Moore), as well as the discussion of how to read Nqthm proofs and how to use Nqthm rules in ``A Computational Logic Handbook'' by Boyer and Moore (Academic Press, 1988).

If the failure occurred during a forcing round, see failed-forcing.