• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
    • Debugging
    • Std
      • Std/lists
        • Std/lists/abstract
        • Rev
        • Defsort
        • List-fix
        • Std/lists/nth
        • Hons-remove-duplicates
        • Std/lists/update-nth
        • Set-equiv
        • Duplicity
        • Prefixp
        • Std/lists/take
        • Std/lists/intersection$
        • Nats-equiv
        • Repeat
        • Index-of
        • All-equalp
        • Sublistp
        • Std/lists/nthcdr
        • Listpos
        • List-equiv
        • Final-cdr
        • Std/lists/append
        • Std/lists/remove
        • Subseq-list
        • Rcons
        • Std/lists/revappend
        • Std/lists/remove-duplicates-equal
        • Std/lists/reverse
        • Std/lists/last
        • Std/lists/resize-list
        • Flatten
        • Suffixp
        • Std/lists/butlast
        • Std/lists/set-difference
        • Std/lists/len
        • Std/lists/intersectp
        • Std/lists/true-listp
        • Intersectp-witness
        • Subsetp-witness
          • Std/lists/remove1-equal
          • Rest-n
          • First-n
          • Std/lists/union
          • Std/lists/add-to-set
          • Append-without-guard
          • Std/lists/subsetp
          • Std/lists/member
        • Std/alists
        • Obags
        • Std/util
        • Std/strings
        • Std/osets
        • Std/io
        • Std/basic
        • Std/system
        • Std/typed-lists
        • Std/bitsets
        • Std/testing
        • Std/typed-alists
        • Std/stobjs
      • Proof-automation
      • Macro-libraries
      • ACL2
      • Interfacing-tools
      • Hardware-verification
      • Software-verification
      • Math
      • Testing-utilities
    • Std/lists

    Subsetp-witness

    (subsetp-witness x y) finds an element of x that is not a member of y, if one exists.

    This function is useful for basic pick-a-point style reasoning about subsets.

    Definitions and Theorems

    Function: subsetp-witness

    (defun subsetp-witness (x y)
  (if (atom x)
      nil
    (if (member (car x) y)
        (subsetp-witness (cdr x) y)
      (car x))))

    Theorem: subsetp-witness-correct

    (defthm subsetp-witness-correct
  (let ((a (subsetp-witness x y)))
    (iff (subsetp x y)
         (implies (member a x) (member a y)))))

    Theorem: subsetp-witness-rw

    (defthm subsetp-witness-rw
 (implies (rewriting-positive-literal (cons 'subsetp-equal
                                            (cons x (cons y 'nil))))
          (let ((a (subsetp-witness x y)))
            (iff (subsetp x y)
                 (implies (member a x) (member a y))))))