|
|
|---|
|
|
|
|---|
Inducting over insert without exposing the set order.
When we want to insert an element into an ordered set, the set
order obviously has to be involved so that we can decide where to put the new
element. Accordingly, the set order plays a role in the induction scheme that
we get from insert's definition. This makes insert somewhat different
than other set operations (membership, union, cardinality, etc.) that just use
a simple tail-based induction, where the set order is already hidden by
When we are proving theorems about sets, we generally want to avoid thinking
about the set order, but we sometimes need to induct over
Theorem:
(defthm weak-insert-induction-helper-1 (implies (and (not (in a x)) (not (equal (head (insert a x)) a))) (equal (head (insert a x)) (head x))))
Theorem:
(defthm weak-insert-induction-helper-2 (implies (and (not (in a x)) (not (equal (head (insert a x)) a))) (equal (tail (insert a x)) (insert a (tail x)))))
Theorem:
(defthm weak-insert-induction-helper-3 (implies (and (not (in a x)) (equal (head (insert a x)) a)) (equal (tail (insert a x)) (sfix x))))
Function:
(defun weak-insert-induction (a x) (declare (xargs :guard (setp x))) (cond ((emptyp x) nil) ((in a x) nil) ((equal (head (insert a x)) a) nil) (t (list (weak-insert-induction a (tail x))))))
Theorem:
(defthm use-weak-insert-induction t :rule-classes ((:induction :pattern (insert a x) :scheme (weak-insert-induction a x))))