Waverly% v41 Welcome to Clozure Common Lisp Version 1.6-dev-r14316M-trunk (DarwinX8632)! ACL2 Version 4.1 built October 1, 2010 14:31:52. Copyright (C) 2010 University of Texas at Austin ACL2 comes with ABSOLUTELY NO WARRANTY. This is free software and you are welcome to redistribute it under certain conditions. For details, see the GNU General Public License. Initialized with (INITIALIZE-ACL2 'INCLUDE-BOOK *ACL2-PASS-2-FILES*). See the documentation topic note-4-1 for recent changes. Note: We have modified the prompt in some underlying Lisps to further distinguish it from the ACL2 prompt. ACL2 Version 4.1. Level 1. Cbd "/Users/moore/". Distributed books directory "/Users/moore/work/v4-1/acl2-sources/books/". Type :help for help. Type (good-bye) to quit completely out of ACL2. ACL2 !>(ld "/v/filer4b/v11q001/text/acl2-work-01/reset-margins-for-demo.lisp") ACL2 Version 4.1. Level 2. Cbd "/v/filer4b/v11q001/text/acl2-work-01/". Distributed books directory "/Users/moore/work/v4-1/acl2-sources/books/". Type :help for help. Type (good-bye) to quit completely out of ACL2. ACL2 !>> "ACL2" ACL2 !>> ACL2 !>> ACL2 !>> (:WARN! . :OVERWRITE) ACL2 !>> TTAG NOTE: Adding ttag SHORT-MARGINS from the top level loop. SHORT-MARGINS ACL2 !>> ACL2 Warning [Redef] in ( DEFCONST *PROOF-FAILURE-STRING* ...): *PROOF-FAILURE-STRING* redefined. Summary Form: ( DEFCONST *PROOF-FAILURE-STRING* ...) Rules: NIL Warnings: Redef Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) *PROOF-FAILURE-STRING* ACL2 !>> (:QUERY . :OVERWRITE) ACL2 !>> Summary Form: ( RESET-PREHISTORY NIL) Rules: NIL Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.03) :NEW-PREHISTORY-SET ACL2 !>>Bye. :EOF ACL2 !>(defun ap (x y) (if (endp x) y (cons (car x) (ap (cdr x) y)))) The admission of AP is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of AP is described by the theorem (OR (CONSP (AP X Y)) (EQUAL (AP X Y) Y)). We used primitive type reasoning. Summary Form: ( DEFUN AP ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) AP ACL2 !>(defun rev (x) (if (endp x) nil (ap (rev (cdr x)) (list (car x))))) The admission of REV is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of REV is described by the theorem (OR (CONSP (REV X)) (EQUAL (REV X) NIL)). We used primitive type reasoning and the :type-prescription rule AP. Summary Form: ( DEFUN REV ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:TYPE-PRESCRIPTION AP)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) REV ACL2 !>(rev '(1 2 3 0 1 2 3)) (3 2 1 0 3 2 1) ACL2 !>(defun mem (e x) (if (endp x) nil (if (equal e (car x)) t (mem e (cdr x))))) The admission of MEM is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of MEM is described by the theorem (OR (EQUAL (MEM E X) T) (EQUAL (MEM E X) NIL)). Summary Form: ( DEFUN MEM ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) MEM ACL2 !>(mem 2 '(1 2 3 0 1 2 3)) T ACL2 !>(mem 4 '(1 2 3 0 1 2 3)) NIL ACL2 !>(defun has-dups (x) (if (endp x) nil (if (mem (car x) (cdr x)) t (has-dups (cdr x))))) The admission of HAS-DUPS is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of HAS-DUPS is described by the theorem (OR (EQUAL (HAS-DUPS X) T) (EQUAL (HAS-DUPS X) NIL)). Summary Form: ( DEFUN HAS-DUPS ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) HAS-DUPS ACL2 !>(has-dups '(1 2 3 4 5)) NIL ACL2 !>(has-dups '(1 2 3 4 3 1 5)) T ACL2 !>(defthm problem-1 (equal (has-dups (rev x)) (has-dups x))) Name the formula above *1. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (HAS-DUPS X). This suggestion was produced using the :induction rules HAS-DUPS and REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (MEM (CAR X) (CDR X))) (:P (CDR X))) (:P X)) (IMPLIES (AND (NOT (ENDP X)) (MEM (CAR X) (CDR X))) (:P X)) (IMPLIES (ENDP X) (:P X))). This induction is justified by the same argument used to admit HAS-DUPS. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 (IMPLIES (AND (NOT (ENDP X)) (NOT (MEM (CAR X) (CDR X))) (EQUAL (HAS-DUPS (REV (CDR X))) (HAS-DUPS (CDR X)))) (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/3' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) (CDR X))) (EQUAL (HAS-DUPS (REV (CDR X))) (HAS-DUPS (CDR X)))) (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))). This simplifies, using the :definitions HAS-DUPS and REV, to Subgoal *1/3'' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) (CDR X))) (EQUAL (HAS-DUPS (REV (CDR X))) (HAS-DUPS (CDR X)))) (EQUAL (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X)))) (HAS-DUPS (CDR X)))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal *1/3''' (IMPLIES (AND (CONSP (CONS X1 X2)) (NOT (MEM X1 X2)) (EQUAL (HAS-DUPS (REV X2)) (HAS-DUPS X2))) (EQUAL (HAS-DUPS (AP (REV X2) (LIST X1))) (HAS-DUPS X2))). This simplifies, using primitive type reasoning, to Subgoal *1/3'4' (IMPLIES (AND (NOT (MEM X1 X2)) (EQUAL (HAS-DUPS (REV X2)) (HAS-DUPS X2))) (EQUAL (HAS-DUPS (AP (REV X2) (LIST X1))) (HAS-DUPS X2))). We now use the second hypothesis by substituting (HAS-DUPS (REV X2)) for (HAS-DUPS X2) and throwing away the hypothesis. This produces Subgoal *1/3'5' (IMPLIES (NOT (MEM X1 X2)) (EQUAL (HAS-DUPS (AP (REV X2) (LIST X1))) (HAS-DUPS (REV X2)))). We generalize this conjecture, replacing (REV X2) by RV. This produces Subgoal *1/3'6' (IMPLIES (NOT (MEM X1 X2)) (EQUAL (HAS-DUPS (AP RV (LIST X1))) (HAS-DUPS RV))). Name the formula above *1.1. Subgoal *1/2 (IMPLIES (AND (NOT (ENDP X)) (MEM (CAR X) (CDR X))) (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X))) (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))). This simplifies, using the :definitions HAS-DUPS and REV, primitive type reasoning and the :type-prescription rules HAS-DUPS and MEM, to Subgoal *1/2'' (IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X))) (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))). The destructor terms (CAR X) and (CDR X) can be eliminated by using CAR-CDR-ELIM to replace X by (CONS X1 X2), (CAR X) by X1 and (CDR X) by X2. This produces the following goal. Subgoal *1/2''' (IMPLIES (AND (CONSP (CONS X1 X2)) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). This simplifies, using primitive type reasoning, to Subgoal *1/2'4' (IMPLIES (MEM X1 X2) (HAS-DUPS (AP (REV X2) (LIST X1)))). Name the formula above *1.2. Subgoal *1/1 (IMPLIES (ENDP X) (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1/1' (IMPLIES (NOT (CONSP X)) (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X))). But simplification reduces this to T, using the :definitions HAS-DUPS and REV and the :executable-counterparts of EQUAL and HAS-DUPS. So we now return to *1.2, which is (IMPLIES (MEM X1 X2) (HAS-DUPS (AP (REV X2) (LIST X1)))). Perhaps we can prove *1.2 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (MEM X1 X2). This suggestion was produced using the :induction rules MEM and REV. If we let (:P X1 X2) denote *1.2 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X2)) (NOT (EQUAL X1 (CAR X2))) (:P X1 (CDR X2))) (:P X1 X2)) (IMPLIES (AND (NOT (ENDP X2)) (EQUAL X1 (CAR X2))) (:P X1 X2)) (IMPLIES (ENDP X2) (:P X1 X2))). This induction is justified by the same argument used to admit MEM. When applied to the goal at hand the above induction scheme produces four nontautological subgoals. Subgoal *1.2/4 (IMPLIES (AND (NOT (ENDP X2)) (NOT (EQUAL X1 (CAR X2))) (HAS-DUPS (AP (REV (CDR X2)) (LIST X1))) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2/4' (IMPLIES (AND (CONSP X2) (NOT (EQUAL X1 (CAR X2))) (HAS-DUPS (AP (REV (CDR X2)) (LIST X1))) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). This simplifies, using the :definitions MEM and REV and primitive type reasoning, to Subgoal *1.2/4'' (IMPLIES (AND (CONSP X2) (NOT (EQUAL X1 (CAR X2))) (HAS-DUPS (AP (REV (CDR X2)) (LIST X1))) (MEM X1 (CDR X2))) (HAS-DUPS (AP (AP (REV (CDR X2)) (LIST (CAR X2))) (LIST X1)))). The destructor terms (CAR X2) and (CDR X2) can be eliminated by using CAR-CDR-ELIM to replace X2 by (CONS X3 X4), (CAR X2) by X3 and (CDR X2) by X4. This produces the following goal. Subgoal *1.2/4''' (IMPLIES (AND (CONSP (CONS X3 X4)) (NOT (EQUAL X1 X3)) (HAS-DUPS (AP (REV X4) (LIST X1))) (MEM X1 X4)) (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X1)))). This simplifies, using primitive type reasoning, to Subgoal *1.2/4'4' (IMPLIES (AND (NOT (EQUAL X1 X3)) (HAS-DUPS (AP (REV X4) (LIST X1))) (MEM X1 X4)) (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X1)))). We generalize this conjecture, replacing (REV X4) by RV. This produces Subgoal *1.2/4'5' (IMPLIES (AND (NOT (EQUAL X1 X3)) (HAS-DUPS (AP RV (LIST X1))) (MEM X1 X4)) (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X1)))). Name the formula above *1.2.1. Subgoal *1.2/3 (IMPLIES (AND (NOT (ENDP X2)) (NOT (EQUAL X1 (CAR X2))) (NOT (MEM X1 (CDR X2))) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2/3' (IMPLIES (AND (CONSP X2) (NOT (EQUAL X1 (CAR X2))) (NOT (MEM X1 (CDR X2))) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). But simplification reduces this to T, using the :definition MEM and primitive type reasoning. Subgoal *1.2/2 (IMPLIES (AND (NOT (ENDP X2)) (EQUAL X1 (CAR X2)) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2/2' (IMPLIES (AND (CONSP X2) (EQUAL X1 (CAR X2)) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). This simplifies, using the :definitions MEM and REV and primitive type reasoning, to Subgoal *1.2/2'' (IMPLIES (CONSP X2) (HAS-DUPS (AP (AP (REV (CDR X2)) (LIST (CAR X2))) (LIST (CAR X2))))). The destructor terms (CAR X2) and (CDR X2) can be eliminated by using CAR-CDR-ELIM to replace X2 by (CONS X3 X4), (CAR X2) by X3 and (CDR X2) by X4. This produces the following goal. Subgoal *1.2/2''' (IMPLIES (CONSP (CONS X3 X4)) (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3)))). This simplifies, using primitive type reasoning, to Subgoal *1.2/2'4' (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3))). Name the formula above *1.2.2. Subgoal *1.2/1 (IMPLIES (AND (ENDP X2) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2/1' (IMPLIES (AND (NOT (CONSP X2)) (MEM X1 X2)) (HAS-DUPS (AP (REV X2) (LIST X1)))). But simplification reduces this to T, using the :definition MEM. So we now return to *1.2.2, which is (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3))). Perhaps we can prove *1.2.2 by induction. One induction scheme is suggested by this conjecture. We will induct according to a scheme suggested by (REV X4). This suggestion was produced using the :induction rule REV. If we let (:P X3 X4) denote *1.2.2 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X4)) (:P X3 (CDR X4))) (:P X3 X4)) (IMPLIES (ENDP X4) (:P X3 X4))). This induction is justified by the same argument used to admit REV. When applied to the goal at hand the above induction scheme produces two nontautological subgoals. Subgoal *1.2.2/2 (IMPLIES (AND (NOT (ENDP X4)) (HAS-DUPS (AP (AP (REV (CDR X4)) (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2/2' (IMPLIES (AND (CONSP X4) (HAS-DUPS (AP (AP (REV (CDR X4)) (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3)))). This simplifies, using the :definition REV, to Subgoal *1.2.2/2'' (IMPLIES (AND (CONSP X4) (HAS-DUPS (AP (AP (REV (CDR X4)) (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (AP (REV (CDR X4)) (LIST (CAR X4))) (LIST X3)) (LIST X3)))). The destructor terms (CAR X4) and (CDR X4) can be eliminated by using CAR-CDR-ELIM to replace X4 by (CONS X5 X6), (CAR X4) by X5 and (CDR X4) by X6. This produces the following goal. Subgoal *1.2.2/2''' (IMPLIES (AND (CONSP (CONS X5 X6)) (HAS-DUPS (AP (AP (REV X6) (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (AP (REV X6) (LIST X5)) (LIST X3)) (LIST X3)))). This simplifies, using primitive type reasoning, to Subgoal *1.2.2/2'4' (IMPLIES (HAS-DUPS (AP (AP (REV X6) (LIST X3)) (LIST X3))) (HAS-DUPS (AP (AP (AP (REV X6) (LIST X5)) (LIST X3)) (LIST X3)))). We generalize this conjecture, replacing (REV X6) by RV. This produces Subgoal *1.2.2/2'5' (IMPLIES (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). Name the formula above *1.2.2.1. Subgoal *1.2.2/1 (IMPLIES (ENDP X4) (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2/1' (IMPLIES (NOT (CONSP X4)) (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3)))). But simplification reduces this to T, using the :definitions AP, HAS-DUPS, MEM and REV, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. So we now return to *1.2.2.1, which is (IMPLIES (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). Perhaps we can prove *1.2.2.1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (AP RV (CONS X5 'NIL)). This suggestion was produced using the :induction rule AP. If we let (:P RV X3 X5) denote *1.2.2.1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP RV)) (:P (CDR RV) X3 X5)) (:P RV X3 X5)) (IMPLIES (ENDP RV) (:P RV X3 X5))). This induction is justified by the same argument used to admit AP. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1.2.2.1/3 (IMPLIES (AND (NOT (ENDP RV)) (HAS-DUPS (AP (AP (AP (CDR RV) (LIST X5)) (LIST X3)) (LIST X3))) (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1/3' (IMPLIES (AND (CONSP RV) (HAS-DUPS (AP (AP (AP (CDR RV) (LIST X5)) (LIST X3)) (LIST X3))) (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). But simplification reduces this to T, using the :definitions AP and HAS-DUPS, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule HAS-DUPS. Subgoal *1.2.2.1/2 (IMPLIES (AND (NOT (ENDP RV)) (NOT (HAS-DUPS (AP (AP (CDR RV) (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1/2' (IMPLIES (AND (CONSP RV) (NOT (HAS-DUPS (AP (AP (CDR RV) (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). This simplifies, using the :definitions AP and HAS-DUPS, primitive type reasoning, the :rewrite rules CAR-CONS and CDR-CONS and the :type-prescription rule MEM, to Subgoal *1.2.2.1/2'' (IMPLIES (AND (CONSP RV) (NOT (HAS-DUPS (AP (AP (CDR RV) (LIST X3)) (LIST X3)))) (MEM (CAR RV) (AP (AP (CDR RV) (LIST X3)) (LIST X3))) (NOT (MEM (CAR RV) (AP (AP (AP (CDR RV) (LIST X5)) (LIST X3)) (LIST X3))))) (HAS-DUPS (AP (AP (AP (CDR RV) (LIST X5)) (LIST X3)) (LIST X3)))). The destructor terms (CAR RV) and (CDR RV) can be eliminated by using CAR-CDR-ELIM to replace RV by (CONS RV1 RV2), (CAR RV) by RV1 and (CDR RV) by RV2. This produces the following goal. Subgoal *1.2.2.1/2''' (IMPLIES (AND (CONSP (CONS RV1 RV2)) (NOT (HAS-DUPS (AP (AP RV2 (LIST X3)) (LIST X3)))) (MEM RV1 (AP (AP RV2 (LIST X3)) (LIST X3))) (NOT (MEM RV1 (AP (AP (AP RV2 (LIST X5)) (LIST X3)) (LIST X3))))) (HAS-DUPS (AP (AP (AP RV2 (LIST X5)) (LIST X3)) (LIST X3)))). This simplifies, using primitive type reasoning, to Subgoal *1.2.2.1/2'4' (IMPLIES (AND (NOT (HAS-DUPS (AP (AP RV2 (LIST X3)) (LIST X3)))) (MEM RV1 (AP (AP RV2 (LIST X3)) (LIST X3))) (NOT (MEM RV1 (AP (AP (AP RV2 (LIST X5)) (LIST X3)) (LIST X3))))) (HAS-DUPS (AP (AP (AP RV2 (LIST X5)) (LIST X3)) (LIST X3)))). We generalize this conjecture, replacing (AP RV2 (LIST X5)) by L and (AP RV2 (LIST X3)) by LST and restricting the types of the new variables L and LST to be those of the terms they replace, as established by primitive type reasoning and AP. This produces Subgoal *1.2.2.1/2'5' (IMPLIES (AND (CONSP L) (CONSP LST) (NOT (HAS-DUPS (AP LST (LIST X3)))) (MEM RV1 (AP LST (LIST X3))) (NOT (MEM RV1 (AP (AP L (LIST X3)) (LIST X3))))) (HAS-DUPS (AP (AP L (LIST X3)) (LIST X3)))). We generalize this conjecture, replacing (AP L (LIST X3)) by L0 and (AP LST (LIST X3)) by L1 and restricting the types of the new variables L0 and L1 to be those of the terms they replace, as established by primitive type reasoning and AP. This produces Subgoal *1.2.2.1/2'6' (IMPLIES (AND (CONSP L0) (CONSP L1) (CONSP L) (CONSP LST) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 (AP L0 (LIST X3))))) (HAS-DUPS (AP L0 (LIST X3)))). We generalize this conjecture, replacing (AP L0 (LIST X3)) by L2 and restricting the type of the new variable L2 to be that of the term it replaces, as established by primitive type reasoning and AP. This produces Subgoal *1.2.2.1/2'7' (IMPLIES (AND (CONSP L2) (CONSP L0) (CONSP L1) (CONSP L) (CONSP LST) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). We suspect that the terms (CONSP LST), (CONSP L) and (CONSP L0) are irrelevant to the truth of this conjecture and throw them out. We will thus try to prove Subgoal *1.2.2.1/2'8' (IMPLIES (AND (CONSP L2) (CONSP L1) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). Name the formula above *1.2.2.1.1. Subgoal *1.2.2.1/1 (IMPLIES (AND (ENDP RV) (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1/1' (IMPLIES (AND (NOT (CONSP RV)) (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3)))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). But simplification reduces this to T, using the :definitions AP, HAS-DUPS and MEM, the :executable-counterpart of CONSP, primitive type reasoning and the :rewrite rules CAR-CONS and CDR-CONS. So we now return to *1.2.2.1.1, which is (IMPLIES (AND (CONSP L2) (CONSP L1) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). Perhaps we can prove *1.2.2.1.1 by induction. Four induction schemes are suggested by this conjecture. These merge into two derived induction schemes. We will choose arbitrarily among these. We will induct according to a scheme suggested by (MEM RV1 L1). This suggestion was produced using the :induction rules HAS-DUPS and MEM. If we let (:P L1 L2 RV1) denote *1.2.2.1.1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP L1)) (NOT (EQUAL RV1 (CAR L1))) (:P (CDR L1) L2 RV1)) (:P L1 L2 RV1)) (IMPLIES (AND (NOT (ENDP L1)) (EQUAL RV1 (CAR L1))) (:P L1 L2 RV1)) (IMPLIES (ENDP L1) (:P L1 L2 RV1))). This induction is justified by the same argument used to admit MEM. When applied to the goal at hand the above induction scheme produces five nontautological subgoals. Subgoal *1.2.2.1.1/5 (IMPLIES (AND (NOT (ENDP L1)) (NOT (EQUAL RV1 (CAR L1))) (NOT (MEM RV1 (CDR L1))) (CONSP L2) (CONSP L1) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1.1/5' (IMPLIES (AND (CONSP L1) (NOT (EQUAL RV1 (CAR L1))) (NOT (MEM RV1 (CDR L1))) (CONSP L2) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). But simplification reduces this to T, using the :definitions HAS-DUPS and MEM and primitive type reasoning. Subgoal *1.2.2.1.1/4 (IMPLIES (AND (NOT (ENDP L1)) (NOT (EQUAL RV1 (CAR L1))) (HAS-DUPS (CDR L1)) (CONSP L2) (CONSP L1) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1.1/4' (IMPLIES (AND (CONSP L1) (NOT (EQUAL RV1 (CAR L1))) (HAS-DUPS (CDR L1)) (CONSP L2) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). But simplification reduces this to T, using the :definition HAS-DUPS and the :type-prescription rule HAS-DUPS. Subgoal *1.2.2.1.1/3 (IMPLIES (AND (NOT (ENDP L1)) (NOT (EQUAL RV1 (CAR L1))) (NOT (CONSP (CDR L1))) (CONSP L2) (CONSP L1) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1.1/3' (IMPLIES (AND (CONSP L1) (NOT (EQUAL RV1 (CAR L1))) (NOT (CONSP (CDR L1))) (CONSP L2) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). This simplifies, using the :definitions HAS-DUPS and MEM and primitive type reasoning, to Subgoal *1.2.2.1.1/3'' (IMPLIES (AND (CONSP L1) (NOT (EQUAL RV1 (CAR L1))) (NOT (CONSP (CDR L1))) (CONSP L2) (NOT (HAS-DUPS (CDR L1))) (MEM RV1 (CDR L1)) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). But simplification reduces this to T, using the :definitions HAS-DUPS and MEM. Subgoal *1.2.2.1.1/2 (IMPLIES (AND (NOT (ENDP L1)) (EQUAL RV1 (CAR L1)) (CONSP L2) (CONSP L1) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1.1/2' (IMPLIES (AND (CONSP L1) (EQUAL RV1 (CAR L1)) (CONSP L2) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). This simplifies, using the :definitions HAS-DUPS and MEM and primitive type reasoning, to Subgoal *1.2.2.1.1/2'' (IMPLIES (AND (CONSP L1) (CONSP L2) (NOT (MEM (CAR L1) (CDR L1))) (NOT (HAS-DUPS (CDR L1))) (NOT (MEM (CAR L1) L2))) (HAS-DUPS L2)). The destructor terms (CAR L1) and (CDR L1) can be eliminated by using CAR-CDR-ELIM to replace L1 by (CONS L3 L4), (CAR L1) by L3 and (CDR L1) by L4. This produces the following goal. Subgoal *1.2.2.1.1/2''' (IMPLIES (AND (CONSP (CONS L3 L4)) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). This simplifies, using primitive type reasoning, to Subgoal *1.2.2.1.1/2'4' (IMPLIES (AND (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). Name the formula above *1.2.2.1.1.1. Subgoal *1.2.2.1.1/1 (IMPLIES (AND (ENDP L1) (CONSP L2) (CONSP L1) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). But we reduce the conjecture to T, by case analysis. So we now return to *1.2.2.1.1.1, which is (IMPLIES (AND (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). Perhaps we can prove *1.2.2.1.1.1 by induction. Four induction schemes are suggested by this conjecture. These merge into two derived induction schemes. We will choose arbitrarily among these. We will induct according to a scheme suggested by (HAS-DUPS L4), but modified to accommodate (MEM L3 L4). These suggestions were produced using the :induction rules HAS-DUPS and MEM. If we let (:P L2 L3 L4) denote *1.2.2.1.1.1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP L4)) (NOT (MEM (CAR L4) (CDR L4))) (:P L2 L3 (CDR L4))) (:P L2 L3 L4)) (IMPLIES (AND (NOT (ENDP L4)) (MEM (CAR L4) (CDR L4))) (:P L2 L3 L4)) (IMPLIES (ENDP L4) (:P L2 L3 L4))). This induction is justified by the same argument used to admit HAS-DUPS. When applied to the goal at hand the above induction scheme produces four nontautological subgoals. Subgoal *1.2.2.1.1.1/4 (IMPLIES (AND (NOT (ENDP L4)) (NOT (MEM (CAR L4) (CDR L4))) (HAS-DUPS (CDR L4)) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1.1.1/4' (IMPLIES (AND (CONSP L4) (NOT (MEM (CAR L4) (CDR L4))) (HAS-DUPS (CDR L4)) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). But simplification reduces this to T, using the :definitions HAS-DUPS and MEM and the :type-prescription rule HAS-DUPS. Subgoal *1.2.2.1.1.1/3 (IMPLIES (AND (NOT (ENDP L4)) (NOT (MEM (CAR L4) (CDR L4))) (MEM L3 (CDR L4)) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1.1.1/3' (IMPLIES (AND (CONSP L4) (NOT (MEM (CAR L4) (CDR L4))) (MEM L3 (CDR L4)) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). But simplification reduces this to T, using the :definition MEM and the :type-prescription rule MEM. Subgoal *1.2.2.1.1.1/2 (IMPLIES (AND (NOT (ENDP L4)) (MEM (CAR L4) (CDR L4)) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1.1.1/2' (IMPLIES (AND (CONSP L4) (MEM (CAR L4) (CDR L4)) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). But simplification reduces this to T, using the :definitions HAS-DUPS and MEM and the :type-prescription rule MEM. Subgoal *1.2.2.1.1.1/1 (IMPLIES (AND (ENDP L4) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). By the simple :definition ENDP we reduce the conjecture to Subgoal *1.2.2.1.1.1/1' (IMPLIES (AND (NOT (CONSP L4)) (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). This simplifies, using the :definitions HAS-DUPS and MEM, to Subgoal *1.2.2.1.1.1/1'' (IMPLIES (AND (NOT (CONSP L4)) (CONSP L2) (NOT (MEM L3 L2))) (HAS-DUPS L2)). We suspect that the term (NOT (CONSP L4)) is irrelevant to the truth of this conjecture and throw it out. We will thus try to prove Subgoal *1.2.2.1.1.1/1''' (IMPLIES (AND (CONSP L2) (NOT (MEM L3 L2))) (HAS-DUPS L2)). Name the formula above *1.2.2.1.1.1.1. The formula above is subsumed by one of its parents, *1.2.2.1.1.1, which we're in the process of trying to prove by induction. When an inductive proof pushes a subgoal for induction that is less general than the original goal, it may be a sign that either an inappropriate induction was chosen or that the original goal is insufficien\ tly general. In any case, our proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-1 ...) Rules: ((:DEFINITION AP) (:DEFINITION ENDP) (:DEFINITION HAS-DUPS) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART HAS-DUPS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION HAS-DUPS) (:INDUCTION MEM) (:INDUCTION REV) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION AP) (:TYPE-PRESCRIPTION HAS-DUPS) (:TYPE-PRESCRIPTION MEM)) Time: 0.15 seconds (prove: 0.07, print: 0.08, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoint at the top level: *** Goal (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X)) *** Key checkpoints under a top-level induction: *** Subgoal *1/3'' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) (CDR X))) (EQUAL (HAS-DUPS (REV (CDR X))) (HAS-DUPS (CDR X)))) (EQUAL (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X)))) (HAS-DUPS (CDR X)))) Subgoal *1/2'' (IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X))) (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))) ACL2 Error in ( DEFTHM PROBLEM-1 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(set-gag-mode :goals) ACL2 !>(defthm problem-1 (equal (has-dups (rev x)) (has-dups x))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (HAS-DUPS X). This suggestion was produced using the :induction rules HAS-DUPS and REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (MEM (CAR X) (CDR X))) (:P (CDR X))) (:P X)) (IMPLIES (AND (NOT (ENDP X)) (MEM (CAR X) (CDR X))) (:P X)) (IMPLIES (ENDP X) (:P X))). This induction is justified by the same argument used to admit HAS-DUPS. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/3'' Subgoal *1/3''' Subgoal *1/3'4' Subgoal *1/3'5' Subgoal *1/3'6' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/3'' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) (CDR X))) (EQUAL (HAS-DUPS (REV (CDR X))) (HAS-DUPS (CDR X)))) (EQUAL (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X)))) (HAS-DUPS (CDR X)))) *1.1 (Subgoal *1/3'6') is pushed for proof by induction. ]) Subgoal *1/2 Subgoal *1/2' Subgoal *1/2'' Subgoal *1/2''' Subgoal *1/2'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2'' (IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X))) (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))) *1.2 (Subgoal *1/2'4') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.2, which is (IMPLIES (MEM X1 X2) (HAS-DUPS (AP (REV X2) (LIST X1)))). Subgoal *1.2/4 Subgoal *1.2/4' Subgoal *1.2/4'' Subgoal *1.2/4''' Subgoal *1.2/4'4' Subgoal *1.2/4'5' *1.2.1 (Subgoal *1.2/4'5') is pushed for proof by induction. Subgoal *1.2/3 Subgoal *1.2/3' Subgoal *1.2/2 Subgoal *1.2/2' Subgoal *1.2/2'' Subgoal *1.2/2''' Subgoal *1.2/2'4' *1.2.2 (Subgoal *1.2/2'4') is pushed for proof by induction. Subgoal *1.2/1 Subgoal *1.2/1' So we now return to *1.2.2, which is (HAS-DUPS (AP (AP (REV X4) (LIST X3)) (LIST X3))). Subgoal *1.2.2/2 Subgoal *1.2.2/2' Subgoal *1.2.2/2'' Subgoal *1.2.2/2''' Subgoal *1.2.2/2'4' Subgoal *1.2.2/2'5' *1.2.2.1 (Subgoal *1.2.2/2'5') is pushed for proof by induction. Subgoal *1.2.2/1 Subgoal *1.2.2/1' So we now return to *1.2.2.1, which is (IMPLIES (HAS-DUPS (AP (AP RV (LIST X3)) (LIST X3))) (HAS-DUPS (AP (AP (AP RV (LIST X5)) (LIST X3)) (LIST X3)))). Subgoal *1.2.2.1/3 Subgoal *1.2.2.1/3' Subgoal *1.2.2.1/2 Subgoal *1.2.2.1/2' Subgoal *1.2.2.1/2'' Subgoal *1.2.2.1/2''' Subgoal *1.2.2.1/2'4' Subgoal *1.2.2.1/2'5' Subgoal *1.2.2.1/2'6' Subgoal *1.2.2.1/2'7' Subgoal *1.2.2.1/2'8' *1.2.2.1.1 (Subgoal *1.2.2.1/2'8') is pushed for proof by induction. Subgoal *1.2.2.1/1 Subgoal *1.2.2.1/1' So we now return to *1.2.2.1.1, which is (IMPLIES (AND (CONSP L2) (CONSP L1) (NOT (HAS-DUPS L1)) (MEM RV1 L1) (NOT (MEM RV1 L2))) (HAS-DUPS L2)). Subgoal *1.2.2.1.1/5 Subgoal *1.2.2.1.1/5' Subgoal *1.2.2.1.1/4 Subgoal *1.2.2.1.1/4' Subgoal *1.2.2.1.1/3 Subgoal *1.2.2.1.1/3' Subgoal *1.2.2.1.1/3'' Subgoal *1.2.2.1.1/2 Subgoal *1.2.2.1.1/2' Subgoal *1.2.2.1.1/2'' Subgoal *1.2.2.1.1/2''' Subgoal *1.2.2.1.1/2'4' *1.2.2.1.1.1 (Subgoal *1.2.2.1.1/2'4') is pushed for proof by induction. Subgoal *1.2.2.1.1/1 So we now return to *1.2.2.1.1.1, which is (IMPLIES (AND (CONSP L2) (NOT (MEM L3 L4)) (NOT (HAS-DUPS L4)) (NOT (MEM L3 L2))) (HAS-DUPS L2)). Subgoal *1.2.2.1.1.1/4 Subgoal *1.2.2.1.1.1/4' Subgoal *1.2.2.1.1.1/3 Subgoal *1.2.2.1.1.1/3' Subgoal *1.2.2.1.1.1/2 Subgoal *1.2.2.1.1.1/2' Subgoal *1.2.2.1.1.1/1 Subgoal *1.2.2.1.1.1/1' Subgoal *1.2.2.1.1.1/1'' Subgoal *1.2.2.1.1.1/1''' *1.2.2.1.1.1.1 (Subgoal *1.2.2.1.1.1/1''') is pushed for proof by induction. So we now return to *1.2.2.1.1.1.1, which is (IMPLIES (AND (CONSP L2) (NOT (MEM L3 L2))) (HAS-DUPS L2)). The formula above is subsumed by one of its parents, *1.2.2.1.1.1, which we're in the process of trying to prove by induction. When an inductive proof pushes a subgoal for induction that is less general than the original goal, it may be a sign that either an inappropriate induction was chosen or that the original goal is insufficien\ tly general. In any case, our proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-1 ...) Rules: ((:DEFINITION AP) (:DEFINITION ENDP) (:DEFINITION HAS-DUPS) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART HAS-DUPS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION HAS-DUPS) (:INDUCTION MEM) (:INDUCTION REV) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION AP) (:TYPE-PRESCRIPTION HAS-DUPS) (:TYPE-PRESCRIPTION MEM)) Time: 0.08 seconds (prove: 0.06, print: 0.02, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoint at the top level: *** Goal (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X)) *** Key checkpoints under a top-level induction: *** Subgoal *1/3'' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) (CDR X))) (EQUAL (HAS-DUPS (REV (CDR X))) (HAS-DUPS (CDR X)))) (EQUAL (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X)))) (HAS-DUPS (CDR X)))) Subgoal *1/2'' (IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X))) (HAS-DUPS (AP (REV (CDR X)) (LIST (CAR X))))) ACL2 Error in ( DEFTHM PROBLEM-1 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(quote (Hint -- Think about (HAS-DUPS (AP A (LIST E))))) (HINT -- THINK ABOUT (HAS-DUPS (AP A (LIST E)))) ACL2 !>(defthm problem-1-lemma-1 (equal (has-dups (ap a (list e))) (or (mem e a) (has-dups a)))) Subgoal 2 Subgoal 2' ([ A key checkpoint: Subgoal 2' (IMPLIES (MEM E A) (HAS-DUPS (AP A (LIST E)))) *1 (Subgoal 2') is pushed for proof by induction. ]) Subgoal 1 ([ A key checkpoint: Subgoal 1 (IMPLIES (NOT (MEM E A)) (EQUAL (HAS-DUPS (AP A (LIST E))) (HAS-DUPS A))) Normally we would attempt to prove Subgoal 1 by induction. However, we prefer in this instance to focus on the original input conjecture rather than this simplified special case. We therefore abandon our previous work on this conjecture and reassign the name *1 to the original conjecture. (See :DOC otf-flg.) ]) Perhaps we can prove *1 by induction. Four induction schemes are suggested by this conjecture. Subsumption reduces that number to two. These merge into one derived induction scheme. We will induct according to a scheme suggested by (HAS-DUPS A), but modified to accommodate (MEM E A). These suggestions were produced using the :induction rules AP, HAS-DUPS and MEM. If we let (:P A E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP A)) (NOT (MEM (CAR A) (CDR A))) (:P (CDR A) E)) (:P A E)) (IMPLIES (AND (NOT (ENDP A)) (MEM (CAR A) (CDR A))) (:P A E)) (IMPLIES (ENDP A) (:P A E))). This induction is justified by the same argument used to admit HAS-DUPS. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/3.2 Subgoal *1/3.2' Subgoal *1/3.2'' Subgoal *1/3.2''' Subgoal *1/3.2'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/3.2' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) (CDR A))) (NOT (MEM E (CDR A))) (NOT (HAS-DUPS (AP (CDR A) (LIST E)))) (MEM (CAR A) (AP (CDR A) (LIST E))) (NOT (EQUAL E (CAR A)))) (HAS-DUPS (CDR A))) *1.1 (Subgoal *1/3.2'4') is pushed for proof by induction. ]) Subgoal *1/3.1 Subgoal *1/3.1' Subgoal *1/3.1'' Subgoal *1/3.1''' Subgoal *1/3.1'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/3.1' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) (CDR A))) (NOT (HAS-DUPS (AP (CDR A) (LIST (CAR A))))) (NOT (MEM (CAR A) (AP (CDR A) (LIST (CAR A)))))) (HAS-DUPS (CDR A))) *1.2 (Subgoal *1/3.1'4') is pushed for proof by induction. ]) Subgoal *1/2 Subgoal *1/2' Subgoal *1/2.4 Subgoal *1/2.4' Subgoal *1/2.4'' Subgoal *1/2.4''' Subgoal *1/2.4'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.4' (IMPLIES (AND (CONSP A) (MEM (CAR A) (CDR A)) (NOT (MEM (CAR A) (AP (CDR A) (LIST (CAR A)))))) (HAS-DUPS (AP (CDR A) (LIST (CAR A))))) *1.3 (Subgoal *1/2.4'4') is pushed for proof by induction. ]) Subgoal *1/2.3 Subgoal *1/2.2 Subgoal *1/2.2' Subgoal *1/2.2'' Subgoal *1/2.2''' Subgoal *1/2.2'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.2' (IMPLIES (AND (CONSP A) (MEM (CAR A) (CDR A)) (NOT (MEM (CAR A) (AP (CDR A) (LIST E)))) (NOT (EQUAL E (CAR A))) (MEM E (CDR A))) (HAS-DUPS (AP (CDR A) (LIST E)))) *1.4 (Subgoal *1/2.2'4') is pushed for proof by induction. ]) Subgoal *1/2.1 Subgoal *1/2.1' Subgoal *1/2.1'' Subgoal *1/2.1''' Subgoal *1/2.1'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.1' (IMPLIES (AND (CONSP A) (MEM (CAR A) (CDR A)) (NOT (MEM (CAR A) (AP (CDR A) (LIST E)))) (NOT (MEM E (CDR A)))) (HAS-DUPS (AP (CDR A) (LIST E)))) *1.5 (Subgoal *1/2.1'4') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.5, which is (IMPLIES (AND (CONSP L) (MEM A1 A2) (NOT (MEM A1 L)) (NOT (MEM E A2))) (HAS-DUPS L)). But the formula above is subsumed by *1.3, which we'll try to prove later. We therefore regard *1.5 as proved (pending the proof of the more general *1.3). Subgoal *1/2.1' COMPLETED! We next consider *1.4, which is (IMPLIES (AND (CONSP L) (MEM A1 A2) (NOT (MEM A1 L)) (NOT (EQUAL E A1)) (MEM E A2)) (HAS-DUPS L)). But the formula above is subsumed by *1.3, which we'll try to prove later. We therefore regard *1.4 as proved (pending the proof of the more general *1.3). Subgoal *1/2.2' COMPLETED! We next consider *1.3, which is (IMPLIES (AND (CONSP L) (MEM A1 A2) (NOT (MEM A1 L))) (HAS-DUPS L)). But the formula above is subsumed by *1.2, which we'll try to prove later. We therefore regard *1.3 as proved (pending the proof of the more general *1.2). Subgoal *1/2.4' COMPLETED! We next consider *1.2, which is (IMPLIES (AND (CONSP L) (NOT (MEM A1 A2)) (NOT (HAS-DUPS L)) (NOT (MEM A1 L))) (HAS-DUPS A2)). Subgoal *1.2/5 Subgoal *1.2/5' Subgoal *1.2/4 Subgoal *1.2/4' Subgoal *1.2/3 Subgoal *1.2/3' Subgoal *1.2/3'' Subgoal *1.2/3''' Subgoal *1.2/3'4' Subgoal *1.2/3'5' Subgoal *1.2/3'6' *1.2.1 (Subgoal *1.2/3'6') is pushed for proof by induction. Subgoal *1.2/2 Subgoal *1.2/2' Subgoal *1.2/1 So we now return to *1.2.1, which is (IMPLIES (AND (NOT (EQUAL A1 L1)) (NOT (MEM A1 A2))) (HAS-DUPS A2)). Subgoal *1.2.1/4 Subgoal *1.2.1/4' Subgoal *1.2.1/3 Subgoal *1.2.1/3' Subgoal *1.2.1/2 Subgoal *1.2.1/2' Subgoal *1.2.1/1 Subgoal *1.2.1/1' Subgoal *1.2.1/1'' Subgoal *1.2.1/1''' A goal of NIL, Subgoal *1.2.1/1''', has been generated! Obviously, the proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-1-LEMMA-1 ...) Rules: ((:DEFINITION AP) (:DEFINITION ENDP) (:DEFINITION HAS-DUPS) (:DEFINITION MEM) (:DEFINITION NOT) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART HAS-DUPS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION HAS-DUPS) (:INDUCTION MEM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION AP) (:TYPE-PRESCRIPTION HAS-DUPS) (:TYPE-PRESCRIPTION MEM)) Time: 0.06 seconds (prove: 0.05, print: 0.02, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoints before reverting to proof by induction: *** Subgoal 2' (IMPLIES (MEM E A) (HAS-DUPS (AP A (LIST E)))) Subgoal 1 (IMPLIES (NOT (MEM E A)) (EQUAL (HAS-DUPS (AP A (LIST E))) (HAS-DUPS A))) *** Key checkpoints under a top-level induction: *** Subgoal *1/3.2' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) (CDR A))) (NOT (MEM E (CDR A))) (NOT (HAS-DUPS (AP (CDR A) (LIST E)))) (MEM (CAR A) (AP (CDR A) (LIST E))) (NOT (EQUAL E (CAR A)))) (HAS-DUPS (CDR A))) Subgoal *1/3.1' (IMPLIES (AND (CONSP A) (NOT (MEM (CAR A) (CDR A))) (NOT (HAS-DUPS (AP (CDR A) (LIST (CAR A))))) (NOT (MEM (CAR A) (AP (CDR A) (LIST (CAR A)))))) (HAS-DUPS (CDR A))) ACL2 Error in ( DEFTHM PROBLEM-1-LEMMA-1 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(quote (Hint -- Think about (MEM E (AP A B)))) (HINT -- THINK ABOUT (MEM E (AP A B))) ACL2 !>(defthm problem-1-lemma-2 (equal (mem e (ap a b)) (or (mem e a) (mem e b)))) Subgoal 2 Subgoal 2' ([ A key checkpoint: Subgoal 2' (IMPLIES (MEM E A) (MEM E (AP A B))) *1 (Subgoal 2') is pushed for proof by induction. ]) Subgoal 1 ([ A key checkpoint: Subgoal 1 (IMPLIES (NOT (MEM E A)) (EQUAL (MEM E (AP A B)) (MEM E B))) Normally we would attempt to prove Subgoal 1 by induction. However, we prefer in this instance to focus on the original input conjecture rather than this simplified special case. We therefore abandon our previous work on this conjecture and reassign the name *1 to the original conjecture. (See :DOC otf-flg.) ]) Perhaps we can prove *1 by induction. Four induction schemes are suggested by this conjecture. Subsumption reduces that number to three. These merge into two derived induction schemes. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (MEM E A), but modified to accommodate (AP A B). These suggestions were produced using the :induction rules AP and MEM. If we let (:P A B E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP A)) (NOT (EQUAL E (CAR A))) (:P (CDR A) B E)) (:P A B E)) (IMPLIES (AND (NOT (ENDP A)) (EQUAL E (CAR A))) (:P A B E)) (IMPLIES (ENDP A) (:P A B E))). This induction is justified by the same argument used to admit MEM. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/2 Subgoal *1/2' Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal is COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-1-LEMMA-2 ...) Rules: ((:DEFINITION AP) (:DEFINITION ENDP) (:DEFINITION MEM) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION MEM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION MEM)) Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) PROBLEM-1-LEMMA-2 ACL2 !>(defthm problem-1-lemma-1 (equal (has-dups (ap a (list e))) (or (mem e a) (has-dups a)))) Subgoal 2 Subgoal 2' ([ A key checkpoint: Subgoal 2' (IMPLIES (MEM E A) (HAS-DUPS (AP A (LIST E)))) *1 (Subgoal 2') is pushed for proof by induction. ]) Subgoal 1 ([ A key checkpoint: Subgoal 1 (IMPLIES (NOT (MEM E A)) (EQUAL (HAS-DUPS (AP A (LIST E))) (HAS-DUPS A))) Normally we would attempt to prove Subgoal 1 by induction. However, we prefer in this instance to focus on the original input conjecture rather than this simplified special case. We therefore abandon our previous work on this conjecture and reassign the name *1 to the original conjecture. (See :DOC otf-flg.) ]) Perhaps we can prove *1 by induction. Four induction schemes are suggested by this conjecture. Subsumption reduces that number to two. These merge into one derived induction scheme. We will induct according to a scheme suggested by (HAS-DUPS A), but modified to accommodate (MEM E A). These suggestions were produced using the :induction rules AP, HAS-DUPS and MEM. If we let (:P A E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP A)) (NOT (MEM (CAR A) (CDR A))) (:P (CDR A) E)) (:P A E)) (IMPLIES (AND (NOT (ENDP A)) (MEM (CAR A) (CDR A))) (:P A E)) (IMPLIES (ENDP A) (:P A E))). This induction is justified by the same argument used to admit HAS-DUPS. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/2 Subgoal *1/2' Subgoal *1/2'' Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal is COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-1-LEMMA-1 ...) Rules: ((:DEFINITION AP) (:DEFINITION ENDP) (:DEFINITION HAS-DUPS) (:DEFINITION MEM) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART HAS-DUPS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION HAS-DUPS) (:INDUCTION MEM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-1-LEMMA-2) (:TYPE-PRESCRIPTION MEM)) Time: 0.02 seconds (prove: 0.01, print: 0.00, other: 0.00) PROBLEM-1-LEMMA-1 ACL2 !>(defthm problem-1 (equal (has-dups (rev x)) (has-dups x))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (HAS-DUPS X). This suggestion was produced using the :induction rules HAS-DUPS and REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (MEM (CAR X) (CDR X))) (:P (CDR X))) (:P X)) (IMPLIES (AND (NOT (ENDP X)) (MEM (CAR X) (CDR X))) (:P X)) (IMPLIES (ENDP X) (:P X))). This induction is justified by the same argument used to admit HAS-DUPS. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/3'' Subgoal *1/3''' Subgoal *1/3'4' Subgoal *1/3'5' Subgoal *1/3'6' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/3''' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) (CDR X))) (NOT (HAS-DUPS (REV (CDR X)))) (MEM (CAR X) (REV (CDR X)))) (HAS-DUPS (CDR X))) *1.1 (Subgoal *1/3'6') is pushed for proof by induction. ]) Subgoal *1/2 Subgoal *1/2' Subgoal *1/2'' Subgoal *1/2''' Subgoal *1/2'4' Subgoal *1/2'5' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2'' (IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X)) (NOT (MEM (CAR X) (REV (CDR X))))) (HAS-DUPS (REV (CDR X)))) *1.2 (Subgoal *1/2'5') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.2, which is (IMPLIES (AND (MEM X1 X2) (NOT (MEM X1 RV))) (HAS-DUPS RV)). Subgoal *1.2/4 Subgoal *1.2/4' Subgoal *1.2/3 Subgoal *1.2/3' Subgoal *1.2/2 Subgoal *1.2/2' Subgoal *1.2/1 Subgoal *1.2/1' Subgoal *1.2/1'' Subgoal *1.2/1''' A goal of NIL, Subgoal *1.2/1''', has been generated! Obviously, the proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-1 ...) Rules: ((:DEFINITION ENDP) (:DEFINITION HAS-DUPS) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART HAS-DUPS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION HAS-DUPS) (:INDUCTION MEM) (:INDUCTION REV) (:REWRITE PROBLEM-1-LEMMA-1) (:TYPE-PRESCRIPTION HAS-DUPS) (:TYPE-PRESCRIPTION MEM)) Time: 0.03 seconds (prove: 0.02, print: 0.01, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoint at the top level: *** Goal (EQUAL (HAS-DUPS (REV X)) (HAS-DUPS X)) *** Key checkpoints under a top-level induction: *** Subgoal *1/3''' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) (CDR X))) (NOT (HAS-DUPS (REV (CDR X)))) (MEM (CAR X) (REV (CDR X)))) (HAS-DUPS (CDR X))) Subgoal *1/2'' (IMPLIES (AND (CONSP X) (MEM (CAR X) (CDR X)) (NOT (MEM (CAR X) (REV (CDR X))))) (HAS-DUPS (REV (CDR X)))) ACL2 Error in ( DEFTHM PROBLEM-1 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(quote (Hint -- Well?)) (HINT -- WELL?) ACL2 !>(defthm problem-1-lemma-3 (equal (mem e (rev x)) (mem e x))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (MEM E X). This suggestion was produced using the :induction rules MEM and REV. If we let (:P E X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (EQUAL E (CAR X))) (:P E (CDR X))) (:P E X)) (IMPLIES (AND (NOT (ENDP X)) (EQUAL E (CAR X))) (:P E X)) (IMPLIES (ENDP X) (:P E X))). This induction is justified by the same argument used to admit MEM. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/2 Subgoal *1/2' Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal is COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-1-LEMMA-3 ...) Rules: ((:DEFINITION ENDP) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION MEM) (:INDUCTION REV) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-1-LEMMA-2) (:TYPE-PRESCRIPTION MEM)) Time: 0.01 seconds (prove: 0.00, print: 0.01, other: 0.00) PROBLEM-1-LEMMA-3 ACL2 !>(defthm problem-1 (equal (has-dups (rev x)) (has-dups x))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (HAS-DUPS X). This suggestion was produced using the :induction rules HAS-DUPS and REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (MEM (CAR X) (CDR X))) (:P (CDR X))) (:P X)) (IMPLIES (AND (NOT (ENDP X)) (MEM (CAR X) (CDR X))) (:P X)) (IMPLIES (ENDP X) (:P X))). This induction is justified by the same argument used to admit HAS-DUPS. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/2 Subgoal *1/2' Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal is COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-1 ...) Rules: ((:DEFINITION ENDP) (:DEFINITION HAS-DUPS) (:DEFINITION NOT) (:DEFINITION REV) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART HAS-DUPS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION HAS-DUPS) (:INDUCTION REV) (:REWRITE PROBLEM-1-LEMMA-1) (:REWRITE PROBLEM-1-LEMMA-3) (:TYPE-PRESCRIPTION MEM)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-1 ACL2 !>(pbt 1) L 1 (DEFUN AP (X Y) ...) L 2 (DEFUN REV (X) ...) L 3 (DEFUN MEM (E X) ...) L 4 (DEFUN HAS-DUPS (X) ...) 5 (DEFTHM PROBLEM-1-LEMMA-2 ...) 6 (DEFTHM PROBLEM-1-LEMMA-1 ...) 7 (DEFTHM PROBLEM-1-LEMMA-3 ...) 8:x(DEFTHM PROBLEM-1 ...) ACL2 !>(quote (end of demo 1)) (END OF DEMO 1) ACL2 !>(defun collect-last (x) (if (endp x) nil (if (mem (car x) (cdr x)) (collect-last (cdr x)) (cons (car x) (collect-last (cdr x)))))) The admission of COLLECT-LAST is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of COLLECT-LAST is described by the theorem (TRUE-LISTP (COLLECT-LAST X)). We used primitive type reasoning. Summary Form: ( DEFUN COLLECT-LAST ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) COLLECT-LAST ACL2 !>(collect-last '(1 3 2 3 1 4)) (2 3 1 4) ACL2 !>(defun collect-first (x a) (if (endp x) a (collect-first (cdr x) (if (mem (car x) a) a (cons (car x) a))))) The admission of COLLECT-FIRST is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of COLLECT-FIRST is described by the theorem (OR (CONSP (COLLECT-FIRST X A)) (EQUAL (COLLECT-FIRST X A) A)). We used primitive type reasoning. Summary Form: ( DEFUN COLLECT-FIRST ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) COLLECT-FIRST ACL2 !>(collect-first '(1 3 2 3 1 4) nil) (4 2 3 1) ACL2 !>(collect-last (rev '(1 3 2 3 1 4))) (4 2 3 1) ACL2 !>(defthm problem-2 (equal (collect-first x nil) (collect-last (rev x)))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (REV X). This suggestion was produced using the :induction rules COLLECT-FIRST and REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (:P (CDR X))) (:P X)) (IMPLIES (ENDP X) (:P X))). This induction is justified by the same argument used to admit REV. When applied to the goal at hand the above induction scheme produces two nontautological subgoals. Subgoal *1/2 Subgoal *1/2' Subgoal *1/2'' Subgoal *1/2''' Subgoal *1/2'4' Subgoal *1/2'5' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2'' (IMPLIES (AND (CONSP X) (EQUAL (COLLECT-FIRST (CDR X) NIL) (COLLECT-LAST (REV (CDR X))))) (EQUAL (COLLECT-FIRST (CDR X) (LIST (CAR X))) (COLLECT-LAST (AP (REV (CDR X)) (LIST (CAR X)))))) *1.1 (Subgoal *1/2'5') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.1, which is (IMPLIES (EQUAL (COLLECT-FIRST X2 NIL) (COLLECT-LAST RV)) (EQUAL (COLLECT-FIRST X2 (LIST X1)) (COLLECT-LAST (AP RV (LIST X1))))). Subgoal *1.1/3 Subgoal *1.1/3' Subgoal *1.1/3'' Subgoal *1.1/3''' Subgoal *1.1/3'4' Subgoal *1.1/3'5' *1.1.1 (Subgoal *1.1/3'5') is pushed for proof by induction. Subgoal *1.1/2 Subgoal *1.1/2' Subgoal *1.1/2.2 Subgoal *1.1/2.2' Subgoal *1.1/2.2'' Subgoal *1.1/2.2''' Subgoal *1.1/2.2'4' *1.1.2 (Subgoal *1.1/2.2'4') is pushed for proof by induction. Subgoal *1.1/2.1 Subgoal *1.1/2.1' Subgoal *1.1/2.1'' Subgoal *1.1/2.1''' *1.1.3 (Subgoal *1.1/2.1''') is pushed for proof by induction. Subgoal *1.1/1 Subgoal *1.1/1' Subgoal *1.1/1'' Subgoal *1.1/1''' *1.1.4 (Subgoal *1.1/1''') is pushed for proof by induction. So we now return to *1.1.4, which is (IMPLIES (NOT (COLLECT-LAST RV)) (EQUAL (LIST X1) (COLLECT-LAST (AP RV (LIST X1))))). Subgoal *1.1.4/5 Subgoal *1.1.4/5' Subgoal *1.1.4/4 Subgoal *1.1.4/4' Subgoal *1.1.4/3 Subgoal *1.1.4/3' Subgoal *1.1.4/2 Subgoal *1.1.4/2' Subgoal *1.1.4/1 Subgoal *1.1.4/1' *1.1.4 is COMPLETED! We therefore turn our attention to *1.1.3, which is (IMPLIES (AND (NOT (EQUAL (COLLECT-FIRST X4 NIL) (COLLECT-FIRST X4 (LIST X3)))) (NOT (EQUAL X3 X1))) (EQUAL (COLLECT-FIRST X4 (LIST X3 X1)) (COLLECT-LAST (AP RV (LIST X1))))). Subgoal *1.1.3/3 Subgoal *1.1.3/3' Subgoal *1.1.3/3'' Subgoal *1.1.3/3''' Subgoal *1.1.3/3'4' Subgoal *1.1.3/3'5' *1.1.3.1 (Subgoal *1.1.3/3'5') is pushed for proof by induction. Subgoal *1.1.3/2 Subgoal *1.1.3/2' Subgoal *1.1.3/2.3 Subgoal *1.1.3/2.2 Subgoal *1.1.3/2.2' Subgoal *1.1.3/2.2'' Subgoal *1.1.3/2.2''' *1.1.3.2 (Subgoal *1.1.3/2.2''') is pushed for proof by induction. Subgoal *1.1.3/2.1 Subgoal *1.1.3/2.1' Subgoal *1.1.3/2.1'' *1.1.3.3 (Subgoal *1.1.3/2.1'') is pushed for proof by induction. Subgoal *1.1.3/1 Subgoal *1.1.3/1' Subgoal *1.1.3/1'' Subgoal *1.1.3/1''' *1.1.3.4 (Subgoal *1.1.3/1''') is pushed for proof by induction. So we now return to *1.1.3.4, which is (IMPLIES (NOT (EQUAL X3 X1)) (EQUAL (LIST X3 X1) (COLLECT-LAST (AP RV (LIST X1))))). Subgoal *1.1.3.4/2 Subgoal *1.1.3.4/2' Subgoal *1.1.3.4/2'' Subgoal *1.1.3.4/2''' Subgoal *1.1.3.4/2'4' Subgoal *1.1.3.4/2'5' *1.1.3.4.1 (Subgoal *1.1.3.4/2'5') is pushed for proof by induction. Subgoal *1.1.3.4/1 Subgoal *1.1.3.4/1' Subgoal *1.1.3.4/1'' Subgoal *1.1.3.4/1''' A goal of NIL, Subgoal *1.1.3.4/1''', has been generated! Obviously, the proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-2 ...) Rules: ((:DEFINITION AP) (:DEFINITION COLLECT-FIRST) (:DEFINITION COLLECT-LAST) (:DEFINITION ENDP) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART COLLECT-LAST) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION COLLECT-FIRST) (:INDUCTION COLLECT-LAST) (:INDUCTION REV) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-1-LEMMA-2) (:TYPE-PRESCRIPTION COLLECT-LAST) (:TYPE-PRESCRIPTION MEM)) Time: 0.14 seconds (prove: 0.13, print: 0.01, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoint at the top level: *** Goal (EQUAL (COLLECT-FIRST X NIL) (COLLECT-LAST (REV X))) *** Key checkpoint under a top-level induction: *** Subgoal *1/2'' (IMPLIES (AND (CONSP X) (EQUAL (COLLECT-FIRST (CDR X) NIL) (COLLECT-LAST (REV (CDR X))))) (EQUAL (COLLECT-FIRST (CDR X) (LIST (CAR X))) (COLLECT-LAST (AP (REV (CDR X)) (LIST (CAR X)))))) ACL2 Error in ( DEFTHM PROBLEM-2 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(collect-first '(1 3 2 3 1 4) '(3 4)) (2 1 3 4) ACL2 !>(defun list-minus (x y) (if (endp x) nil (if (mem (car x) y) (list-minus (cdr x) y) (cons (car x) (list-minus (cdr x) y))))) The admission of LIST-MINUS is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of LIST-MINUS is described by the theorem (TRUE-LISTP (LIST-MINUS X Y)). We used primitive type reasoning. Summary Form: ( DEFUN LIST-MINUS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) LIST-MINUS ACL2 !>(list-minus '(1 3 2 3 1 4) '(3 4)) (1 2 1) ACL2 !>(defthm problem-2-lemma-1 (equal (collect-first x a) (ap (collect-last (list-minus (rev x) a)) a))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (COLLECT-FIRST X A). This suggestion was produced using the :induction rules COLLECT-FIRST and REV. If we let (:P A X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (:P (IF (MEM (CAR X) A) A (CONS (CAR X) A)) (CDR X))) (:P A X)) (IMPLIES (ENDP X) (:P A X))). This induction is justified by the same argument used to admit COLLECT-FIRST. Note, however, that the unmeasured variable A is being instantiated. When applied to the goal at hand the above induction scheme produces two nontautological subgoals. Subgoal *1/2 Subgoal *1/2' Subgoal *1/2.2 Subgoal *1/2.2' Subgoal *1/2.2'' Subgoal *1/2.2''' Subgoal *1/2.2'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (MEM (CAR X) A) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A)) A))) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (LIST-MINUS (AP (REV (CDR X)) (LIST (CAR X))) A)) A))) *1.1 (Subgoal *1/2.2'4') is pushed for proof by induction. ]) Subgoal *1/2.1 Subgoal *1/2.1' Subgoal *1/2.1'' Subgoal *1/2.1''' Subgoal *1/2.1'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.1 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) A)) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) (CONS (CAR X) A))) (CONS (CAR X) A)))) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (LIST-MINUS (AP (REV (CDR X)) (LIST (CAR X))) A)) A))) *1.2 (Subgoal *1/2.1'4') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.2, which is (IMPLIES (NOT (MEM X1 A)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV (CONS X1 A))) (CONS X1 A)) (AP (COLLECT-LAST (LIST-MINUS (AP RV (LIST X1)) A)) A))). Subgoal *1.2/4 Subgoal *1.2/4' Subgoal *1.2/4'' Subgoal *1.2/4''' Subgoal *1.2/4'4' Subgoal *1.2/4'5' *1.2.1 (Subgoal *1.2/4'5') is pushed for proof by induction. Subgoal *1.2/3 Subgoal *1.2/3' Subgoal *1.2/2 Subgoal *1.2/2' Subgoal *1.2/1 Subgoal *1.2/1' Subgoal *1.2/1'' *1.2.2 (Subgoal *1.2/1'') is pushed for proof by induction. So we now return to *1.2.2, which is (IMPLIES (NOT (CONSP A)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV (CONS X1 A))) (CONS X1 A)) (AP (COLLECT-LAST (LIST-MINUS (AP RV (LIST X1)) A)) A))). Subgoal *1.2.2/3 Subgoal *1.2.2/3' Subgoal *1.2.2/3.3 Subgoal *1.2.2/3.3' Subgoal *1.2.2/3.3'' Subgoal *1.2.2/3.3''' Subgoal *1.2.2/3.3'4' Subgoal *1.2.2/3.3'5' Subgoal *1.2.2/3.3'6' *1.2.2.1 (Subgoal *1.2.2/3.3'6') is pushed for proof by induction. Subgoal *1.2.2/3.2 Subgoal *1.2.2/3.1 Subgoal *1.2.2/3.1' Subgoal *1.2.2/3.1'' Subgoal *1.2.2/3.1''' Subgoal *1.2.2/3.1'4' Subgoal *1.2.2/3.1'5' Subgoal *1.2.2/3.1'6' *1.2.2.2 (Subgoal *1.2.2/3.1'6') is pushed for proof by induction. Subgoal *1.2.2/2 Subgoal *1.2.2/2' Subgoal *1.2.2/2'' Subgoal *1.2.2/2''' Subgoal *1.2.2/2'4' Subgoal *1.2.2/2'5' Subgoal *1.2.2/2'6' Subgoal *1.2.2/2'7' Subgoal *1.2.2/2'8' *1.2.2.3 (Subgoal *1.2.2/2'8') is pushed for proof by induction. Subgoal *1.2.2/1 Subgoal *1.2.2/1' So we now return to *1.2.2.3, which is (IMPLIES (AND (TRUE-LISTP LMS) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A))) (CONS RV1 A)) (AP (COLLECT-LAST LMS) A)) (NOT (CONSP A))) (MEM RV1 LMS)). Subgoal *1.2.2.3/5 Subgoal *1.2.2.3/5' Subgoal *1.2.2.3/4 Subgoal *1.2.2.3/4' Subgoal *1.2.2.3/4.2 Subgoal *1.2.2.3/4.1 Subgoal *1.2.2.3/4.1' Subgoal *1.2.2.3/4.1'' Subgoal *1.2.2.3/4.1''' *1.2.2.3.1 (Subgoal *1.2.2.3/4.1''') is pushed for proof by induction. Subgoal *1.2.2.3/3 Subgoal *1.2.2.3/2 Subgoal *1.2.2.3/2' Subgoal *1.2.2.3/1 Subgoal *1.2.2.3/1' So we now return to *1.2.2.3.1, which is (IMPLIES (AND (NOT (EQUAL RV1 LMS1)) (TRUE-LISTP LMS2) (NOT (MEM LMS1 LMS2)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A))) (CONS RV1 A)) (CONS LMS1 (AP (COLLECT-LAST LMS2) A))) (NOT (CONSP A))) (MEM RV1 LMS2)). Subgoal *1.2.2.3.1/6 Subgoal *1.2.2.3.1/6' Subgoal *1.2.2.3.1/5 Subgoal *1.2.2.3.1/5' Subgoal *1.2.2.3.1/5.2 Subgoal *1.2.2.3.1/5.1 Subgoal *1.2.2.3.1/5.1' Subgoal *1.2.2.3.1/5.1'' Subgoal *1.2.2.3.1/5.1''' *1.2.2.3.1.1 (Subgoal *1.2.2.3.1/5.1''') is pushed for proof by induction. Subgoal *1.2.2.3.1/4 Subgoal *1.2.2.3.1/4' Subgoal *1.2.2.3.1/3 Subgoal *1.2.2.3.1/2 Subgoal *1.2.2.3.1/2' Subgoal *1.2.2.3.1/1 Subgoal *1.2.2.3.1/1' Subgoal *1.2.2.3.1/1'' Subgoal *1.2.2.3.1/1''' *1.2.2.3.1.2 (Subgoal *1.2.2.3.1/1''') is pushed for proof by induction. So we now return to *1.2.2.3.1.2, which is (IMPLIES (AND (NOT (EQUAL RV1 LMS1)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A))) (CONS RV1 A)) (CONS LMS1 A))) (CONSP A)). Subgoal *1.2.2.3.1.2/3 Subgoal *1.2.2.3.1.2/3' Subgoal *1.2.2.3.1.2/3'' Subgoal *1.2.2.3.1.2/2 Subgoal *1.2.2.3.1.2/2' Subgoal *1.2.2.3.1.2/1 Subgoal *1.2.2.3.1.2/1' *1.2.2.3.1.2 is COMPLETED! We therefore turn our attention to *1.2.2.3.1.1, which is (IMPLIES (AND (NOT (EQUAL RV1 LMS3)) (NOT (EQUAL RV1 LMS1)) (TRUE-LISTP LMS4) (NOT (EQUAL LMS1 LMS3)) (NOT (MEM LMS1 LMS4)) (NOT (MEM LMS3 LMS4)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A))) (CONS RV1 A)) (LIST* LMS1 LMS3 (AP (COLLECT-LAST LMS4) A))) (NOT (CONSP A))) (MEM RV1 LMS4)). Subgoal *1.2.2.3.1.1/7 Subgoal *1.2.2.3.1.1/7' Subgoal *1.2.2.3.1.1/6 Subgoal *1.2.2.3.1.1/6' Subgoal *1.2.2.3.1.1/6.2 Subgoal *1.2.2.3.1.1/6.1 Subgoal *1.2.2.3.1.1/6.1' Subgoal *1.2.2.3.1.1/6.1'' Subgoal *1.2.2.3.1.1/6.1''' *1.2.2.3.1.1.1 (Subgoal *1.2.2.3.1.1/6.1''') is pushed for proof by induction. Subgoal *1.2.2.3.1.1/5 Subgoal *1.2.2.3.1.1/5' Subgoal *1.2.2.3.1.1/4 Subgoal *1.2.2.3.1.1/4' Subgoal *1.2.2.3.1.1/3 Subgoal *1.2.2.3.1.1/2 Subgoal *1.2.2.3.1.1/2' Subgoal *1.2.2.3.1.1/1 Subgoal *1.2.2.3.1.1/1' Subgoal *1.2.2.3.1.1/1'' Subgoal *1.2.2.3.1.1/1''' *1.2.2.3.1.1.2 (Subgoal *1.2.2.3.1.1/1''') is pushed for proof by induction. So we now return to *1.2.2.3.1.1.2, which is (IMPLIES (AND (NOT (EQUAL RV1 LMS3)) (NOT (EQUAL RV1 LMS1)) (NOT (EQUAL LMS1 LMS3)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A))) (CONS RV1 A)) (LIST* LMS1 LMS3 A))) (CONSP A)). Subgoal *1.2.2.3.1.1.2/3 Subgoal *1.2.2.3.1.1.2/3' Subgoal *1.2.2.3.1.1.2/3'' Subgoal *1.2.2.3.1.1.2/3''' Subgoal *1.2.2.3.1.1.2/3'4' Subgoal *1.2.2.3.1.1.2/3'5' Subgoal *1.2.2.3.1.1.2/3'6' Subgoal *1.2.2.3.1.1.2/3'7' *1.2.2.3.1.1.2.1 (Subgoal *1.2.2.3.1.1.2/3'7') is pushed for proof by induction. Subgoal *1.2.2.3.1.1.2/2 Subgoal *1.2.2.3.1.1.2/2' Subgoal *1.2.2.3.1.1.2/1 Subgoal *1.2.2.3.1.1.2/1' So we now return to *1.2.2.3.1.1.2.1, which is (IMPLIES (AND (TRUE-LISTP LMS) (NOT (EQUAL RV1 LMS3)) (NOT (EQUAL RV1 RV3)) (NOT (EQUAL RV3 LMS3)) (NOT (MEM RV3 LMS)) (EQUAL (AP (COLLECT-LAST LMS) (CONS RV1 A)) (CONS LMS3 A))) (CONSP A)). Subgoal *1.2.2.3.1.1.2.1/7 Subgoal *1.2.2.3.1.1.2.1/7' Subgoal *1.2.2.3.1.1.2.1/6 Subgoal *1.2.2.3.1.1.2.1/6' Subgoal *1.2.2.3.1.1.2.1/5 Subgoal *1.2.2.3.1.1.2.1/4 Subgoal *1.2.2.3.1.1.2.1/4' Subgoal *1.2.2.3.1.1.2.1/3 Subgoal *1.2.2.3.1.1.2.1/3' Subgoal *1.2.2.3.1.1.2.1/2 Subgoal *1.2.2.3.1.1.2.1/1 Subgoal *1.2.2.3.1.1.2.1/1' *1.2.2.3.1.1.2.1 and *1.2.2.3.1.1.2 are COMPLETED! We therefore turn our attention to *1.2.2.3.1.1.1, which is (IMPLIES (AND (NOT (EQUAL RV1 LMS5)) (NOT (EQUAL RV1 LMS3)) (NOT (EQUAL RV1 LMS1)) (TRUE-LISTP LMS6) (NOT (EQUAL LMS1 LMS3)) (NOT (EQUAL LMS1 LMS5)) (NOT (MEM LMS1 LMS6)) (NOT (EQUAL LMS3 LMS5)) (NOT (MEM LMS3 LMS6)) (NOT (MEM LMS5 LMS6)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A))) (CONS RV1 A)) (LIST* LMS1 LMS3 LMS5 (AP (COLLECT-LAST LMS6) A))) (NOT (CONSP A))) (MEM RV1 LMS6)). Subgoal *1.2.2.3.1.1.1/8 Subgoal *1.2.2.3.1.1.1/8' Subgoal *1.2.2.3.1.1.1/7 Subgoal *1.2.2.3.1.1.1/7' Subgoal *1.2.2.3.1.1.1/7'' Subgoal *1.2.2.3.1.1.1/7''' Subgoal *1.2.2.3.1.1.1/7'4' Subgoal *1.2.2.3.1.1.1/7'5' Subgoal *1.2.2.3.1.1.1/7'6' Subgoal *1.2.2.3.1.1.1/7'7' Subgoal *1.2.2.3.1.1.1/7'8' *1.2.2.3.1.1.1.1 (Subgoal *1.2.2.3.1.1.1/7'8') is pushed for proof by induction. Subgoal *1.2.2.3.1.1.1/6 Subgoal *1.2.2.3.1.1.1/6' Subgoal *1.2.2.3.1.1.1/5 Subgoal *1.2.2.3.1.1.1/5' Subgoal *1.2.2.3.1.1.1/4 Subgoal *1.2.2.3.1.1.1/4' Subgoal *1.2.2.3.1.1.1/3 Subgoal *1.2.2.3.1.1.1/2 Subgoal *1.2.2.3.1.1.1/2' Subgoal *1.2.2.3.1.1.1/1 Subgoal *1.2.2.3.1.1.1/1' Subgoal *1.2.2.3.1.1.1/1'' Subgoal *1.2.2.3.1.1.1/1''' *1.2.2.3.1.1.1.2 (Subgoal *1.2.2.3.1.1.1/1''') is pushed for proof by induction. So we now return to *1.2.2.3.1.1.1.2, which is (IMPLIES (AND (NOT (EQUAL RV1 LMS5)) (NOT (EQUAL RV1 LMS3)) (NOT (EQUAL RV1 LMS1)) (NOT (EQUAL LMS1 LMS3)) (NOT (EQUAL LMS1 LMS5)) (NOT (EQUAL LMS3 LMS5)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV2 (CONS RV1 A))) (CONS RV1 A)) (LIST* LMS1 LMS3 LMS5 A))) (CONSP A)). Subgoal *1.2.2.3.1.1.1.2/3 Subgoal *1.2.2.3.1.1.1.2/3' Subgoal *1.2.2.3.1.1.1.2/3'' Subgoal *1.2.2.3.1.1.1.2/3''' Subgoal *1.2.2.3.1.1.1.2/3'4' Subgoal *1.2.2.3.1.1.1.2/3'5' Subgoal *1.2.2.3.1.1.1.2/3'6' Subgoal *1.2.2.3.1.1.1.2/3'7' *1.2.2.3.1.1.1.2.1 (Subgoal *1.2.2.3.1.1.1.2/3'7') is pushed for proof by induction. Subgoal *1.2.2.3.1.1.1.2/2 Subgoal *1.2.2.3.1.1.1.2/2' Subgoal *1.2.2.3.1.1.1.2/1 Subgoal *1.2.2.3.1.1.1.2/1' So we now return to *1.2.2.3.1.1.1.2.1, which is (IMPLIES (AND (TRUE-LISTP LMS) (NOT (EQUAL RV1 LMS5)) (NOT (EQUAL RV1 LMS3)) (NOT (EQUAL RV1 RV3)) (NOT (EQUAL RV3 LMS3)) (NOT (EQUAL RV3 LMS5)) (NOT (EQUAL LMS3 LMS5)) (NOT (MEM RV3 LMS)) (EQUAL (AP (COLLECT-LAST LMS) (CONS RV1 A)) (LIST* LMS3 LMS5 A))) (CONSP A)). Subgoal *1.2.2.3.1.1.1.2.1/7 Subgoal *1.2.2.3.1.1.1.2.1/7' Subgoal *1.2.2.3.1.1.1.2.1/7'' Subgoal *1.2.2.3.1.1.1.2.1/7''' Subgoal *1.2.2.3.1.1.1.2.1/7'4' Subgoal *1.2.2.3.1.1.1.2.1/7'5' *1.2.2.3.1.1.1.2.1.1 (Subgoal *1.2.2.3.1.1.1.2.1/7'5') is pushed for proof by induction. Subgoal *1.2.2.3.1.1.1.2.1/6 Subgoal *1.2.2.3.1.1.1.2.1/6' Subgoal *1.2.2.3.1.1.1.2.1/5 Subgoal *1.2.2.3.1.1.1.2.1/4 Subgoal *1.2.2.3.1.1.1.2.1/4' Subgoal *1.2.2.3.1.1.1.2.1/3 Subgoal *1.2.2.3.1.1.1.2.1/3' Subgoal *1.2.2.3.1.1.1.2.1/2 Subgoal *1.2.2.3.1.1.1.2.1/1 Subgoal *1.2.2.3.1.1.1.2.1/1' So we now return to *1.2.2.3.1.1.1.2.1.1, which is (IMPLIES (AND (NOT (MEM LMS1 LMS2)) (TRUE-LISTP LMS2) (NOT (EQUAL RV1 LMS5)) (NOT (EQUAL RV1 LMS1)) (NOT (EQUAL RV1 RV3)) (NOT (EQUAL RV3 LMS5)) (NOT (EQUAL LMS1 LMS5)) (NOT (EQUAL RV3 LMS1)) (NOT (MEM RV3 LMS2)) (EQUAL (AP (COLLECT-LAST LMS2) (CONS RV1 A)) (CONS LMS5 A))) (CONSP A)). Subgoal *1.2.2.3.1.1.1.2.1.1/9 Subgoal *1.2.2.3.1.1.1.2.1.1/9' Subgoal *1.2.2.3.1.1.1.2.1.1/8 Subgoal *1.2.2.3.1.1.1.2.1.1/8' Subgoal *1.2.2.3.1.1.1.2.1.1/7 Subgoal *1.2.2.3.1.1.1.2.1.1/6 Subgoal *1.2.2.3.1.1.1.2.1.1/6' Subgoal *1.2.2.3.1.1.1.2.1.1/5 Subgoal *1.2.2.3.1.1.1.2.1.1/5' Subgoal *1.2.2.3.1.1.1.2.1.1/4 Subgoal *1.2.2.3.1.1.1.2.1.1/4' Subgoal *1.2.2.3.1.1.1.2.1.1/3 Subgoal *1.2.2.3.1.1.1.2.1.1/2 Subgoal *1.2.2.3.1.1.1.2.1.1/2' Subgoal *1.2.2.3.1.1.1.2.1.1/1 Subgoal *1.2.2.3.1.1.1.2.1.1/1' *1.2.2.3.1.1.1.2.1.1, *1.2.2.3.1.1.1.2.1 and *1.2.2.3.1.1.1. 2 are COMPLETED! We therefore turn our attention to *1.2.2.3.1.1.1.1, which is (IMPLIES (AND (NOT (EQUAL RV1 LMS7)) (NOT (EQUAL RV1 LMS5)) (NOT (EQUAL RV1 LMS3)) (NOT (EQUAL RV1 LMS1)) (TRUE-LISTP LMS8) (NOT (EQUAL LMS1 LMS3)) (NOT (EQUAL LMS1 LMS5)) (NOT (EQUAL LMS1 LMS7)) (NOT (MEM LMS1 LMS8)) (NOT (EQUAL LMS3 LMS5)) (NOT (EQUAL LMS3 LMS7)) (NOT (MEM LMS3 LMS8)) (NOT (EQUAL LMS5 LMS7)) (NOT (MEM LMS5 LMS8)) (NOT (MEM LMS7 LMS8))) (MEM RV1 LMS8)). Subgoal *1.2.2.3.1.1.1.1/8 Subgoal *1.2.2.3.1.1.1.1/8' Subgoal *1.2.2.3.1.1.1.1/7 Subgoal *1.2.2.3.1.1.1.1/7' Subgoal *1.2.2.3.1.1.1.1/6 Subgoal *1.2.2.3.1.1.1.1/6' Subgoal *1.2.2.3.1.1.1.1/5 Subgoal *1.2.2.3.1.1.1.1/5' Subgoal *1.2.2.3.1.1.1.1/4 Subgoal *1.2.2.3.1.1.1.1/4' Subgoal *1.2.2.3.1.1.1.1/3 Subgoal *1.2.2.3.1.1.1.1/2 Subgoal *1.2.2.3.1.1.1.1/2' Subgoal *1.2.2.3.1.1.1.1/1 Subgoal *1.2.2.3.1.1.1.1/1' Subgoal *1.2.2.3.1.1.1.1/1'' Subgoal *1.2.2.3.1.1.1.1/1''' Subgoal *1.2.2.3.1.1.1.1/1'4' A goal of NIL, Subgoal *1.2.2.3.1.1.1.1/1'4', has been generated! Obviously, the proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-2-LEMMA-1 ...) Rules: ((:DEFINITION AP) (:DEFINITION COLLECT-FIRST) (:DEFINITION COLLECT-LAST) (:DEFINITION ENDP) (:DEFINITION LIST-MINUS) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:DEFINITION TRUE-LISTP) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART COLLECT-LAST) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION COLLECT-FIRST) (:INDUCTION COLLECT-LAST) (:INDUCTION LIST-MINUS) (:INDUCTION MEM) (:INDUCTION REV) (:INDUCTION TRUE-LISTP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE CONS-EQUAL) (:TYPE-PRESCRIPTION AP) (:TYPE-PRESCRIPTION COLLECT-LAST) (:TYPE-PRESCRIPTION LIST-MINUS) (:TYPE-PRESCRIPTION MEM)) Time: 0.50 seconds (prove: 0.45, print: 0.05, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoint at the top level: *** Goal (EQUAL (COLLECT-FIRST X A) (AP (COLLECT-LAST (LIST-MINUS (REV X) A)) A)) *** Key checkpoints under a top-level induction: *** Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (MEM (CAR X) A) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A)) A))) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (LIST-MINUS (AP (REV (CDR X)) (LIST (CAR X))) A)) A))) Subgoal *1/2.1 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) A)) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) (CONS (CAR X) A))) (CONS (CAR X) A)))) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (LIST-MINUS (AP (REV (CDR X)) (LIST (CAR X))) A)) A))) ACL2 Error in ( DEFTHM PROBLEM-2-LEMMA-1 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(quote (Hint -- Think about (LIST-MINUS (AP X Y) Z))) (HINT -- THINK ABOUT (LIST-MINUS (AP X Y) Z)) ACL2 !>(defthm list-minus-ap (equal (list-minus (ap x y) z) (ap (list-minus x z) (list-minus y z)))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. These merge into two derived induction schemes. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (LIST-MINUS X Z), but modified to accommodate (AP X Y). These suggestions were produced using the :induction rules AP and LIST-MINUS. If we let (:P X Y Z) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (MEM (CAR X) Z)) (:P (CDR X) Y Z)) (:P X Y Z)) (IMPLIES (AND (NOT (ENDP X)) (MEM (CAR X) Z) (:P (CDR X) Y Z)) (:P X Y Z)) (IMPLIES (ENDP X) (:P X Y Z))). This induction is justified by the same argument used to admit LIST-MINUS. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/2 Subgoal *1/2' Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal is COMPLETED! Q.E.D. Summary Form: ( DEFTHM LIST-MINUS-AP ...) Rules: ((:DEFINITION AP) (:DEFINITION ENDP) (:DEFINITION LIST-MINUS) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION LIST-MINUS) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION LIST-MINUS) (:TYPE-PRESCRIPTION MEM)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.00) LIST-MINUS-AP ACL2 !>(defthm problem-2-lemma-1 (equal (collect-first x a) (ap (collect-last (list-minus (rev x) a)) a))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (COLLECT-FIRST X A). This suggestion was produced using the :induction rules COLLECT-FIRST and REV. If we let (:P A X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (:P (IF (MEM (CAR X) A) A (CONS (CAR X) A)) (CDR X))) (:P A X)) (IMPLIES (ENDP X) (:P A X))). This induction is justified by the same argument used to admit COLLECT-FIRST. Note, however, that the unmeasured variable A is being instantiated. When applied to the goal at hand the above induction scheme produces two nontautological subgoals. Subgoal *1/2 Subgoal *1/2' Subgoal *1/2.2 Subgoal *1/2.2' Subgoal *1/2.2'' Subgoal *1/2.2''' Subgoal *1/2.2'4' Subgoal *1/2.2'5' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (MEM (CAR X) A) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A)) A))) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (AP (LIST-MINUS (REV (CDR X)) A) NIL)) A))) *1.1 (Subgoal *1/2.2'5') is pushed for proof by induction. ]) Subgoal *1/2.1 Subgoal *1/2.1' Subgoal *1/2.1'' Subgoal *1/2.1''' Subgoal *1/2.1'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.1 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) A)) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) (CONS (CAR X) A))) (CONS (CAR X) A)))) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (AP (LIST-MINUS (REV (CDR X)) A) (LIST (CAR X)))) A))) *1.2 (Subgoal *1/2.1'4') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.2, which is (IMPLIES (NOT (MEM X1 A)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV (CONS X1 A))) (CONS X1 A)) (AP (COLLECT-LAST (AP (LIST-MINUS RV A) (LIST X1))) A))). Subgoal *1.2/3 Subgoal *1.2/3' Subgoal *1.2/3.2 Subgoal *1.2/3.2' Subgoal *1.2/3.2'' Subgoal *1.2/3.2''' Subgoal *1.2/3.2'4' Subgoal *1.2/3.2'5' *1.2.1 (Subgoal *1.2/3.2'5') is pushed for proof by induction. Subgoal *1.2/3.1 Subgoal *1.2/3.1.2 Subgoal *1.2/3.1.2' Subgoal *1.2/3.1.2'' Subgoal *1.2/3.1.2''' Subgoal *1.2/3.1.2'4' *1.2.2 (Subgoal *1.2/3.1.2'4') is pushed for proof by induction. Subgoal *1.2/3.1.1 Subgoal *1.2/2 Subgoal *1.2/2' Subgoal *1.2/1 Subgoal *1.2/1' So we now return to *1.2.2, which is (IMPLIES (AND (TRUE-LISTP LMS) (TRUE-LISTP LMS0) (NOT (MEM RV1 A)) (EQUAL (AP (COLLECT-LAST LMS) (CONS X1 A)) (AP (COLLECT-LAST (AP LMS0 (LIST X1))) A)) (NOT (MEM X1 A)) (NOT (EQUAL RV1 X1)) (NOT (MEM RV1 LMS0))) (NOT (MEM RV1 LMS))). Subgoal *1.2.2/5 Subgoal *1.2.2/5' Subgoal *1.2.2/4 Subgoal *1.2.2/4' Subgoal *1.2.2/4.2 Subgoal *1.2.2/4.1 Subgoal *1.2.2/4.1' Subgoal *1.2.2/4.1'' Subgoal *1.2.2/4.1''' *1.2.2.1 (Subgoal *1.2.2/4.1''') is pushed for proof by induction. Subgoal *1.2.2/3 Subgoal *1.2.2/2 Subgoal *1.2.2/2' Subgoal *1.2.2/2.2 Subgoal *1.2.2/2.2' Subgoal *1.2.2/2.2'' *1.2.2.2 (Subgoal *1.2.2/2.2'') is pushed for proof by induction. Subgoal *1.2.2/2.1 Subgoal *1.2.2/2.1' Subgoal *1.2.2/2.1'' Subgoal *1.2.2/2.1''' *1.2.2.3 (Subgoal *1.2.2/2.1''') is pushed for proof by induction. Subgoal *1.2.2/1 Subgoal *1.2.2/1' So we now return to *1.2.2.3, which is (IMPLIES (AND (TRUE-LISTP LMS2) (TRUE-LISTP LMS0) (NOT (MEM LMS1 A)) (NOT (MEM LMS1 LMS2)) (EQUAL (CONS LMS1 (AP (COLLECT-LAST LMS2) (CONS X1 A))) (AP (COLLECT-LAST (AP LMS0 (LIST X1))) A)) (NOT (MEM X1 A)) (NOT (EQUAL LMS1 X1))) (MEM LMS1 LMS0)). Subgoal *1.2.2.3/7 Subgoal *1.2.2.3/7' Subgoal *1.2.2.3/7'' Subgoal *1.2.2.3/7''' Subgoal *1.2.2.3/7'4' Subgoal *1.2.2.3/7'5' Subgoal *1.2.2.3/7'6' *1.2.2.3.1 (Subgoal *1.2.2.3/7'6') is pushed for proof by induction. Subgoal *1.2.2.3/6 Subgoal *1.2.2.3/6' Subgoal *1.2.2.3/5 Subgoal *1.2.2.3/4 Subgoal *1.2.2.3/4' Subgoal *1.2.2.3/3 Subgoal *1.2.2.3/3' Subgoal *1.2.2.3/2 Subgoal *1.2.2.3/1 Subgoal *1.2.2.3/1' Subgoal *1.2.2.3/1'' Subgoal *1.2.2.3/1''' *1.2.2.3.2 (Subgoal *1.2.2.3/1''') is pushed for proof by induction. So we now return to *1.2.2.3.2, which is (IMPLIES (AND (TRUE-LISTP LMS0) (NOT (MEM LMS1 A)) (EQUAL (LIST* LMS1 X1 A) (AP (COLLECT-LAST (AP LMS0 (LIST X1))) A)) (NOT (MEM X1 A)) (NOT (EQUAL LMS1 X1))) (MEM LMS1 LMS0)). Subgoal *1.2.2.3.2/5 Subgoal *1.2.2.3.2/5' Subgoal *1.2.2.3.2/4 Subgoal *1.2.2.3.2/4' Subgoal *1.2.2.3.2/4'' Subgoal *1.2.2.3.2/3 Subgoal *1.2.2.3.2/2 Subgoal *1.2.2.3.2/2' Subgoal *1.2.2.3.2/1 Subgoal *1.2.2.3.2/1' *1.2.2.3.2 is COMPLETED! We therefore turn our attention to *1.2.2.3.1, which is (IMPLIES (AND (NOT (MEM LMS3 LMS4)) (TRUE-LISTP LMS4) (TRUE-LISTP LMS0) (NOT (MEM LMS1 A)) (NOT (EQUAL LMS1 LMS3)) (NOT (MEM LMS1 LMS4)) (NOT (MEM X1 A)) (NOT (EQUAL LMS1 X1))) (MEM LMS1 LMS0)). Subgoal *1.2.2.3.1/5 Subgoal *1.2.2.3.1/5' Subgoal *1.2.2.3.1/4 Subgoal *1.2.2.3.1/3 Subgoal *1.2.2.3.1/3' Subgoal *1.2.2.3.1/2 Subgoal *1.2.2.3.1/2' Subgoal *1.2.2.3.1/1 Subgoal *1.2.2.3.1/1' Subgoal *1.2.2.3.1/1'' Subgoal *1.2.2.3.1/1''' *1.2.2.3.1.1 (Subgoal *1.2.2.3.1/1''') is pushed for proof by induction. So we now return to *1.2.2.3.1.1, which is (IMPLIES (AND (TRUE-LISTP LMS0) (NOT (MEM LMS1 A)) (NOT (EQUAL LMS1 LMS3)) (NOT (MEM X1 A)) (NOT (EQUAL LMS1 X1))) (MEM LMS1 LMS0)). Subgoal *1.2.2.3.1.1/4 Subgoal *1.2.2.3.1.1/4' Subgoal *1.2.2.3.1.1/3 Subgoal *1.2.2.3.1.1/3' Subgoal *1.2.2.3.1.1/2 Subgoal *1.2.2.3.1.1/2' Subgoal *1.2.2.3.1.1/1 Subgoal *1.2.2.3.1.1/1' Subgoal *1.2.2.3.1.1/1'' Subgoal *1.2.2.3.1.1/1''' *1.2.2.3.1.1.1 (Subgoal *1.2.2.3.1.1/1''') is pushed for proof by induction. So we now return to *1.2.2.3.1.1.1, which is (IMPLIES (AND (TRUE-LISTP LMS0) (NOT (EQUAL LMS1 LMS3)) (NOT (EQUAL LMS1 X1))) (MEM LMS1 LMS0)). Subgoal *1.2.2.3.1.1.1/4 Subgoal *1.2.2.3.1.1.1/4' Subgoal *1.2.2.3.1.1.1/3 Subgoal *1.2.2.3.1.1.1/2 Subgoal *1.2.2.3.1.1.1/2' Subgoal *1.2.2.3.1.1.1/1 Subgoal *1.2.2.3.1.1.1/1' Subgoal *1.2.2.3.1.1.1/1'' Subgoal *1.2.2.3.1.1.1/1''' Subgoal *1.2.2.3.1.1.1/1'4' A goal of NIL, Subgoal *1.2.2.3.1.1.1/1'4', has been generated! Obviously, the proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-2-LEMMA-1 ...) Rules: ((:DEFINITION AP) (:DEFINITION COLLECT-FIRST) (:DEFINITION COLLECT-LAST) (:DEFINITION ENDP) (:DEFINITION LIST-MINUS) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:DEFINITION TRUE-LISTP) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART COLLECT-LAST) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION COLLECT-FIRST) (:INDUCTION COLLECT-LAST) (:INDUCTION LIST-MINUS) (:INDUCTION MEM) (:INDUCTION REV) (:INDUCTION TRUE-LISTP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LIST-MINUS-AP) (:REWRITE PROBLEM-1-LEMMA-2) (:TYPE-PRESCRIPTION COLLECT-LAST) (:TYPE-PRESCRIPTION LIST-MINUS) (:TYPE-PRESCRIPTION MEM)) Time: 0.24 seconds (prove: 0.22, print: 0.02, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoint at the top level: *** Goal (EQUAL (COLLECT-FIRST X A) (AP (COLLECT-LAST (LIST-MINUS (REV X) A)) A)) *** Key checkpoints under a top-level induction: *** Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (MEM (CAR X) A) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A)) A))) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (AP (LIST-MINUS (REV (CDR X)) A) NIL)) A))) Subgoal *1/2.1 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) A)) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) (CONS (CAR X) A))) (CONS (CAR X) A)))) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (AP (LIST-MINUS (REV (CDR X)) A) (LIST (CAR X)))) A))) ACL2 Error in ( DEFTHM PROBLEM-2-LEMMA-1 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(quote (Hint -- Think about (COLLECT-LAST (AP X Y)))) (HINT -- THINK ABOUT (COLLECT-LAST (AP X Y))) ACL2 !>(defthm problem-2-lemma-2 (equal (collect-last (ap x y)) (ap (collect-last (list-minus x y)) (collect-last y)))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. Subsumption reduces that number to two. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (LIST-MINUS X Y). This suggestion was produced using the :induction rules AP and LIST-MINUS. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (MEM (CAR X) Y)) (:P (CDR X) Y)) (:P X Y)) (IMPLIES (AND (NOT (ENDP X)) (MEM (CAR X) Y) (:P (CDR X) Y)) (:P X Y)) (IMPLIES (ENDP X) (:P X Y))). This induction is justified by the same argument used to admit LIST-MINUS. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/3.3 Subgoal *1/3.3' Subgoal *1/3.3'' Subgoal *1/3.3''' Subgoal *1/3.3'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/3.3' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (EQUAL (COLLECT-LAST (AP (CDR X) Y)) (AP (COLLECT-LAST (LIST-MINUS (CDR X) Y)) (COLLECT-LAST Y))) (MEM (CAR X) (CDR X))) (MEM (CAR X) (LIST-MINUS (CDR X) Y))) *1.1 (Subgoal *1/3.3'4') is pushed for proof by induction. ]) Subgoal *1/3.2 Subgoal *1/3.1 Subgoal *1/3.1' Subgoal *1/3.1'' Subgoal *1/3.1''' Subgoal *1/3.1'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/3.1' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (EQUAL (COLLECT-LAST (AP (CDR X) Y)) (AP (COLLECT-LAST (LIST-MINUS (CDR X) Y)) (COLLECT-LAST Y))) (NOT (MEM (CAR X) (CDR X)))) (NOT (MEM (CAR X) (LIST-MINUS (CDR X) Y)))) *1.2 (Subgoal *1/3.1'4') is pushed for proof by induction. ]) Subgoal *1/2 Subgoal *1/2' Subgoal *1/1 Subgoal *1/1' So we now return to *1.2, which is (IMPLIES (AND (TRUE-LISTP LMS) (NOT (MEM X1 Y)) (EQUAL (COLLECT-LAST (AP X2 Y)) (AP (COLLECT-LAST LMS) (COLLECT-LAST Y))) (NOT (MEM X1 X2))) (NOT (MEM X1 LMS))). Subgoal *1.2/5 Subgoal *1.2/5' Subgoal *1.2/4 Subgoal *1.2/4' Subgoal *1.2/4'' Subgoal *1.2/4''' Subgoal *1.2/4'4' Subgoal *1.2/4'5' Subgoal *1.2/4'6' Subgoal *1.2/4'7' *1.2.1 (Subgoal *1.2/4'7') is pushed for proof by induction. Subgoal *1.2/3 Subgoal *1.2/2 Subgoal *1.2/2' Subgoal *1.2/2.2 Subgoal *1.2/2.2' Subgoal *1.2/2.2'' *1.2.2 (Subgoal *1.2/2.2'') is pushed for proof by induction. Subgoal *1.2/2.1 Subgoal *1.2/2.1' Subgoal *1.2/2.1'' Subgoal *1.2/2.1''' *1.2.3 (Subgoal *1.2/2.1''') is pushed for proof by induction. Subgoal *1.2/1 Subgoal *1.2/1' So we now return to *1.2.3, which is (IMPLIES (AND (TRUE-LISTP LMS2) (NOT (MEM LMS1 Y)) (NOT (MEM LMS1 LMS2)) (EQUAL (COLLECT-LAST (AP X2 Y)) (CONS LMS1 (AP (COLLECT-LAST LMS2) (COLLECT-LAST Y))))) (MEM LMS1 X2)). Subgoal *1.2.3/7 Subgoal *1.2.3/7' Subgoal *1.2.3/7'' Subgoal *1.2.3/7''' Subgoal *1.2.3/7'4' Subgoal *1.2.3/7'5' Subgoal *1.2.3/7'6' *1.2.3.1 (Subgoal *1.2.3/7'6') is pushed for proof by induction. Subgoal *1.2.3/6 Subgoal *1.2.3/6' Subgoal *1.2.3/5 Subgoal *1.2.3/4 Subgoal *1.2.3/4' Subgoal *1.2.3/3 Subgoal *1.2.3/3' Subgoal *1.2.3/2 Subgoal *1.2.3/1 Subgoal *1.2.3/1' Subgoal *1.2.3/1'' Subgoal *1.2.3/1''' *1.2.3.2 (Subgoal *1.2.3/1''') is pushed for proof by induction. So we now return to *1.2.3.2, which is (IMPLIES (AND (NOT (MEM LMS1 Y)) (EQUAL (COLLECT-LAST (AP X2 Y)) (CONS LMS1 (COLLECT-LAST Y)))) (MEM LMS1 X2)). Subgoal *1.2.3.2/4 Subgoal *1.2.3.2/4' Subgoal *1.2.3.2/3 Subgoal *1.2.3.2/3' Subgoal *1.2.3.2/3.3 Subgoal *1.2.3.2/3.2 Subgoal *1.2.3.2/3.1 Subgoal *1.2.3.2/2 Subgoal *1.2.3.2/2' Subgoal *1.2.3.2/1 Subgoal *1.2.3.2/1' *1.2.3.2 is COMPLETED! We therefore turn our attention to *1.2.3.1, which is (IMPLIES (AND (NOT (MEM LMS3 LMS4)) (TRUE-LISTP LMS4) (NOT (MEM LMS1 Y)) (NOT (EQUAL LMS1 LMS3)) (NOT (MEM LMS1 LMS4))) (MEM LMS1 X2)). Subgoal *1.2.3.1/5 Subgoal *1.2.3.1/5' Subgoal *1.2.3.1/4 Subgoal *1.2.3.1/3 Subgoal *1.2.3.1/3' Subgoal *1.2.3.1/2 Subgoal *1.2.3.1/2' Subgoal *1.2.3.1/1 Subgoal *1.2.3.1/1' Subgoal *1.2.3.1/1'' Subgoal *1.2.3.1/1''' *1.2.3.1.1 (Subgoal *1.2.3.1/1''') is pushed for proof by induction. So we now return to *1.2.3.1.1, which is (IMPLIES (AND (NOT (MEM LMS1 Y)) (NOT (EQUAL LMS1 LMS3))) (MEM LMS1 X2)). Subgoal *1.2.3.1.1/3 Subgoal *1.2.3.1.1/3' Subgoal *1.2.3.1.1/2 Subgoal *1.2.3.1.1/2' Subgoal *1.2.3.1.1/1 Subgoal *1.2.3.1.1/1' Subgoal *1.2.3.1.1/1'' Subgoal *1.2.3.1.1/1''' *1.2.3.1.1.1 (Subgoal *1.2.3.1.1/1''') is pushed for proof by induction. So we now return to *1.2.3.1.1.1, which is (IMPLIES (NOT (EQUAL LMS1 LMS3)) (MEM LMS1 X2)). The formula above is subsumed by one of its parents, *1.2.3.1.1, which we're in the process of trying to prove by induction. When an inductive proof pushes a subgoal for induction that is less general than the original goal, it may be a sign that either an inappropriate induction was chosen or that the original goal is insufficien\ tly general. In any case, our proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-2-LEMMA-2 ...) Rules: ((:DEFINITION AP) (:DEFINITION COLLECT-LAST) (:DEFINITION ENDP) (:DEFINITION LIST-MINUS) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION TRUE-LISTP) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART COLLECT-LAST) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION COLLECT-LAST) (:INDUCTION LIST-MINUS) (:INDUCTION MEM) (:INDUCTION TRUE-LISTP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE CONS-EQUAL) (:REWRITE PROBLEM-1-LEMMA-2) (:TYPE-PRESCRIPTION COLLECT-LAST) (:TYPE-PRESCRIPTION LIST-MINUS) (:TYPE-PRESCRIPTION MEM)) Time: 0.15 seconds (prove: 0.13, print: 0.02, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoint at the top level: *** Goal (EQUAL (COLLECT-LAST (AP X Y)) (AP (COLLECT-LAST (LIST-MINUS X Y)) (COLLECT-LAST Y))) *** Key checkpoints under a top-level induction: *** Subgoal *1/3.3' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (EQUAL (COLLECT-LAST (AP (CDR X) Y)) (AP (COLLECT-LAST (LIST-MINUS (CDR X) Y)) (COLLECT-LAST Y))) (MEM (CAR X) (CDR X))) (MEM (CAR X) (LIST-MINUS (CDR X) Y))) Subgoal *1/3.1' (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) Y)) (EQUAL (COLLECT-LAST (AP (CDR X) Y)) (AP (COLLECT-LAST (LIST-MINUS (CDR X) Y)) (COLLECT-LAST Y))) (NOT (MEM (CAR X) (CDR X)))) (NOT (MEM (CAR X) (LIST-MINUS (CDR X) Y)))) ACL2 Error in ( DEFTHM PROBLEM-2-LEMMA-2 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(quote (Hint -- Think about (mem e (list-minus x y)))) (HINT -- THINK ABOUT (MEM E (LIST-MINUS X Y))) ACL2 !>(defthm problem-2-lemma-3 (iff (mem e (list-minus x y)) (and (mem e x) (not (mem e y))))) Goal' Subgoal 3 ([ A key checkpoint: Subgoal 3 (IMPLIES (AND (NOT (MEM E (LIST-MINUS X Y))) (MEM E X)) (MEM E Y)) *1 (Subgoal 3) is pushed for proof by induction. ]) Subgoal 2 ([ A key checkpoint: Subgoal 2 (IMPLIES (MEM E (LIST-MINUS X Y)) (NOT (MEM E Y))) Normally we would attempt to prove Subgoal 2 by induction. However, we prefer in this instance to focus on the original input conjecture rather than this simplified special case. We therefore abandon our previous work on this conjecture and reassign the name *1 to the original conjecture. (See :DOC otf-flg.) ]) Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. These merge into two derived induction schemes. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (MEM E X), but modified to accommodate (LIST-MINUS X Y). These suggestions were produced using the :induction rules LIST-MINUS and MEM. If we let (:P E X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (EQUAL E (CAR X))) (:P E (CDR X) Y)) (:P E X Y)) (IMPLIES (AND (NOT (ENDP X)) (EQUAL E (CAR X))) (:P E X Y)) (IMPLIES (ENDP X) (:P E X Y))). This induction is justified by the same argument used to admit MEM. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/3.3 Subgoal *1/3.2 Subgoal *1/3.1 Subgoal *1/2 Subgoal *1/2' Subgoal *1/2.2 Subgoal *1/2.2' Subgoal *1/2.2'' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (MEM (CAR X) Y)) (NOT (MEM (CAR X) (LIST-MINUS (CDR X) Y)))) *1.1 (Subgoal *1/2.2'') is pushed for proof by induction. ]) Subgoal *1/2.1 Subgoal *1/1 Subgoal *1/1' So we now return to *1.1, which is (IMPLIES (MEM X1 Y) (NOT (MEM X1 (LIST-MINUS X2 Y)))). Subgoal *1.1/3 Subgoal *1.1/3' Subgoal *1.1/3'' Subgoal *1.1/2 Subgoal *1.1/2' Subgoal *1.1/1 Subgoal *1.1/1' *1.1 and *1 are COMPLETED! Thus key checkpoints Subgoal *1/2.2 and Goal are COMPLETED! Q.E.D. The storage of PROBLEM-2-LEMMA-3 depends upon the :type- prescription rule MEM. Summary Form: ( DEFTHM PROBLEM-2-LEMMA-3 ...) Rules: ((:DEFINITION ENDP) (:DEFINITION IFF) (:DEFINITION LIST-MINUS) (:DEFINITION MEM) (:DEFINITION NOT) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION LIST-MINUS) (:INDUCTION MEM) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:TYPE-PRESCRIPTION LIST-MINUS) (:TYPE-PRESCRIPTION MEM)) Time: 0.02 seconds (prove: 0.01, print: 0.01, other: 0.00) PROBLEM-2-LEMMA-3 ACL2 !>(defthm problem-2-lemma-2 (equal (collect-last (ap x y)) (ap (list-minus (collect-last x) y) (collect-last y)))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. These merge into two derived induction schemes. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (COLLECT-LAST X), but modified to accommodate (AP X Y). These suggestions were produced using the :induction rules AP and COLLECT-LAST. If we let (:P X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (NOT (MEM (CAR X) (CDR X))) (:P (CDR X) Y)) (:P X Y)) (IMPLIES (AND (NOT (ENDP X)) (MEM (CAR X) (CDR X)) (:P (CDR X) Y)) (:P X Y)) (IMPLIES (ENDP X) (:P X Y))). This induction is justified by the same argument used to admit COLLECT-LAST. When applied to the goal at hand the above induction scheme produces three nontautologica\ l subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/3'' Subgoal *1/2 Subgoal *1/2' Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal is COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-2-LEMMA-2 ...) Rules: ((:DEFINITION AP) (:DEFINITION COLLECT-LAST) (:DEFINITION ENDP) (:DEFINITION LIST-MINUS) (:DEFINITION NOT) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION COLLECT-LAST) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE PROBLEM-1-LEMMA-2) (:TYPE-PRESCRIPTION COLLECT-LAST) (:TYPE-PRESCRIPTION LIST-MINUS) (:TYPE-PRESCRIPTION MEM)) Time: 0.02 seconds (prove: 0.01, print: 0.00, other: 0.00) PROBLEM-2-LEMMA-2 ACL2 !>(quote (Note that PROBLEM-1-LEMMA-2 from our earlier proof is used above)) (NOTE THAT PROBLEM-1-LEMMA-2 FROM OUR EARLIER PROOF IS USED ABOVE) ACL2 !>(defthm problem-2-lemma-1 (equal (collect-first x a) (ap (collect-last (list-minus (rev x) a)) a))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (COLLECT-FIRST X A). This suggestion was produced using the :induction rules COLLECT-FIRST and REV. If we let (:P A X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (:P (IF (MEM (CAR X) A) A (CONS (CAR X) A)) (CDR X))) (:P A X)) (IMPLIES (ENDP X) (:P A X))). This induction is justified by the same argument used to admit COLLECT-FIRST. Note, however, that the unmeasured variable A is being instantiated. When applied to the goal at hand the above induction scheme produces two nontautological subgoals. Subgoal *1/2 Subgoal *1/2' Subgoal *1/2.2 Subgoal *1/2.2' Subgoal *1/2.2'' Subgoal *1/2.2''' Subgoal *1/2.2'4' Subgoal *1/2.2'5' Subgoal *1/2.2'6' Subgoal *1/2.2'7' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.2 (IMPLIES (AND (CONSP X) (MEM (CAR X) A) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A)) A))) (EQUAL (COLLECT-FIRST (CDR X) A) (AP (AP (LIST-MINUS (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A)) NIL) NIL) A))) *1.1 (Subgoal *1/2.2'7') is pushed for proof by induction. ]) Subgoal *1/2.1 Subgoal *1/2.1' Subgoal *1/2.1'' Subgoal *1/2.1''' Subgoal *1/2.1'4' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2.1 (IMPLIES (AND (CONSP X) (NOT (MEM (CAR X) A)) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) (CONS (CAR X) A))) (CONS (CAR X) A)))) (EQUAL (COLLECT-FIRST (CDR X) (CONS (CAR X) A)) (AP (AP (LIST-MINUS (COLLECT-LAST (LIST-MINUS (REV (CDR X)) A)) (LIST (CAR X))) (LIST (CAR X))) A))) *1.2 (Subgoal *1/2.1'4') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.2, which is (IMPLIES (NOT (MEM X1 A)) (EQUAL (AP (COLLECT-LAST (LIST-MINUS RV (CONS X1 A))) (CONS X1 A)) (AP (AP (LIST-MINUS (COLLECT-LAST (LIST-MINUS RV A)) (LIST X1)) (LIST X1)) A))). Subgoal *1.2/3 Subgoal *1.2/3' Subgoal *1.2/3.3 Subgoal *1.2/3.2 Subgoal *1.2/3.1 Subgoal *1.2/2 Subgoal *1.2/2' Subgoal *1.2/1 Subgoal *1.2/1' *1.2 is COMPLETED! Thus key checkpoint Subgoal *1/2.1 is COMPLETED! We therefore turn our attention to *1.1, which is (IMPLIES (AND (TRUE-LISTP CLT) (MEM X1 A)) (EQUAL (AP CLT A) (AP (AP (LIST-MINUS CLT NIL) NIL) A))). Subgoal *1.1/5 Subgoal *1.1/5' Subgoal *1.1/4 Subgoal *1.1/3 Subgoal *1.1/3' Subgoal *1.1/2 Subgoal *1.1/1 Subgoal *1.1/1' *1.1 and *1 are COMPLETED! Thus key checkpoints Subgoal *1/2.2 and Goal are COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-2-LEMMA-1 ...) Rules: ((:DEFINITION AP) (:DEFINITION COLLECT-FIRST) (:DEFINITION COLLECT-LAST) (:DEFINITION ENDP) (:DEFINITION LIST-MINUS) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:DEFINITION TRUE-LISTP) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART AP) (:EXECUTABLE-COUNTERPART COLLECT-LAST) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART LIST-MINUS) (:EXECUTABLE-COUNTERPART NOT) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION COLLECT-FIRST) (:INDUCTION LIST-MINUS) (:INDUCTION REV) (:INDUCTION TRUE-LISTP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LIST-MINUS-AP) (:REWRITE PROBLEM-2-LEMMA-2) (:REWRITE PROBLEM-2-LEMMA-3) (:TYPE-PRESCRIPTION COLLECT-LAST) (:TYPE-PRESCRIPTION LIST-MINUS) (:TYPE-PRESCRIPTION MEM)) Time: 0.09 seconds (prove: 0.08, print: 0.01, other: 0.00) PROBLEM-2-LEMMA-1 ACL2 !>(defthm problem-2 (equal (collect-first x nil) (collect-last (rev x)))) ACL2 Warning [Subsume] in ( DEFTHM PROBLEM-2 ...): The previously added rule PROBLEM-2-LEMMA-1 subsumes a newly proposed :REWRITE rule generated from PROBLEM-2, in the sense that the old rule rewrites a more general target. Because the new rule will be tried first, it may nonetheless find application. Goal' ([ A key checkpoint: Goal' (EQUAL (AP (COLLECT-LAST (LIST-MINUS (REV X) NIL)) NIL) (COLLECT-LAST (REV X))) *1 (Goal') is pushed for proof by induction. ]) Perhaps we can prove *1 by induction. Two induction schemes are suggested by this conjecture. Subsumption reduces that number to one. We will induct according to a scheme suggested by (REV X). This suggestion was produced using the :induction rule REV. If we let (:P X) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP X)) (:P (CDR X))) (:P X)) (IMPLIES (ENDP X) (:P X))). This induction is justified by the same argument used to admit REV. When applied to the goal at hand the above induction scheme produces two nontautological subgoals. Subgoal *1/2 Subgoal *1/2' Subgoal *1/2'' Subgoal *1/2''' Subgoal *1/2'4' Subgoal *1/2'5' Subgoal *1/2'6' Subgoal *1/2'7' Subgoal *1/2'8' Subgoal *1/2'9' Subgoal *1/2'10' Subgoal *1/2'11' ([ A key checkpoint while proving *1 (descended from Goal'): Subgoal *1/2'' (IMPLIES (AND (CONSP X) (EQUAL (AP (COLLECT-LAST (LIST-MINUS (REV (CDR X)) NIL)) NIL) (COLLECT-LAST (REV (CDR X))))) (EQUAL (AP (AP (LIST-MINUS (COLLECT-LAST (LIST-MINUS (REV (CDR X)) NIL)) (LIST (CAR X))) (LIST (CAR X))) NIL) (AP (LIST-MINUS (COLLECT-LAST (REV (CDR X))) (LIST (CAR X))) (LIST (CAR X))))) *1.1 (Subgoal *1/2'11') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.1, which is (IMPLIES (TRUE-LISTP LMS0) (EQUAL (AP (AP LMS0 (LIST X1)) NIL) (AP (AP LMS0 NIL) (LIST X1)))). Subgoal *1.1/3 Subgoal *1.1/3' Subgoal *1.1/2 Subgoal *1.1/1 Subgoal *1.1/1' *1.1 and *1 are COMPLETED! Thus key checkpoints Subgoal *1/2'' and Goal' are COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-2 ...) Rules: ((:DEFINITION AP) (:DEFINITION COLLECT-LAST) (:DEFINITION ENDP) (:DEFINITION LIST-MINUS) (:DEFINITION MEM) (:DEFINITION NOT) (:DEFINITION REV) (:DEFINITION TRUE-LISTP) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART AP) (:EXECUTABLE-COUNTERPART COLLECT-LAST) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART LIST-MINUS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION REV) (:INDUCTION TRUE-LISTP) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE LIST-MINUS-AP) (:REWRITE PROBLEM-2-LEMMA-1) (:REWRITE PROBLEM-2-LEMMA-2) (:TYPE-PRESCRIPTION COLLECT-LAST) (:TYPE-PRESCRIPTION LIST-MINUS)) Warnings: Subsume Time: 0.04 seconds (prove: 0.04, print: 0.00, other: 0.00) PROBLEM-2 ACL2 !>(pbt 1) L 1 (DEFUN AP (X Y) ...) L 2 (DEFUN REV (X) ...) L 3 (DEFUN MEM (E X) ...) L 4 (DEFUN HAS-DUPS (X) ...) 5 (DEFTHM PROBLEM-1-LEMMA-2 ...) 6 (DEFTHM PROBLEM-1-LEMMA-1 ...) 7 (DEFTHM PROBLEM-1-LEMMA-3 ...) 8 (DEFTHM PROBLEM-1 ...) L 9 (DEFUN COLLECT-LAST (X) ...) L 10 (DEFUN COLLECT-FIRST (X A) ...) L 11 (DEFUN LIST-MINUS (X Y) ...) 12 (DEFTHM LIST-MINUS-AP ...) 13 (DEFTHM PROBLEM-2-LEMMA-3 ...) 14 (DEFTHM PROBLEM-2-LEMMA-2 ...) 15 (DEFTHM PROBLEM-2-LEMMA-1 ...) 16:x(DEFTHM PROBLEM-2 ...) ACL2 !>(quote (the end -- unless you want a really simple one)) (THE END -- UNLESS YOU WANT A REALLY SIMPLE ONE) ACL2 !>(defun how-many (e x) (if (endp x) 0 (if (equal e (car x)) (+ 1 (how-many e (cdr x))) (how-many e (cdr x))))) The admission of HOW-MANY is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT X). We observe that the type of HOW-MANY is described by the theorem (AND (INTEGERP (HOW-MANY E X)) (<= 0 (HOW-MANY E X))). We used primitive type reasoning. Summary Form: ( DEFUN HOW-MANY ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) HOW-MANY ACL2 !>(how-many 2 '(1 2 3 2 4 6 2 7)) 3 ACL2 !>(defun splice (x e y) (if (endp y) nil (if (equal e (car y)) (ap x (splice x e (cdr y))) (cons (car y) (splice x e (cdr y)))))) The admission of SPLICE is trivial, using the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (ACL2-COUNT Y). We observe that the type of SPLICE is described by the theorem (OR (CONSP (SPLICE X E Y)) (EQUAL (SPLICE X E Y) NIL)). We used primitive type reasoning and the :type-prescription rule AP. Summary Form: ( DEFUN SPLICE ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL) (:TYPE-PRESCRIPTION AP)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) SPLICE ACL2 !>(splice '(0 0 0) 1 '(1 2 3 1 4 1 5)) (0 0 0 2 3 0 0 0 4 0 0 0 5) ACL2 !>(defthm problem-0 (equal (how-many e (splice x e y)) (* (how-many e x) (how-many e y)))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. Subsumption reduces that number to two. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (SPLICE X E Y). This suggestion was produced using the :induction rules HOW-MANY and SPLICE. If we let (:P E X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP Y)) (NOT (EQUAL E (CAR Y))) (:P E X (CDR Y))) (:P E X Y)) (IMPLIES (AND (NOT (ENDP Y)) (EQUAL E (CAR Y)) (:P E X (CDR Y))) (:P E X Y)) (IMPLIES (ENDP Y) (:P E X Y))). This induction is justified by the same argument used to admit SPLICE. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/2 Subgoal *1/2' Subgoal *1/2'' Subgoal *1/2''' Subgoal *1/2'4' Subgoal *1/2'5' ([ A key checkpoint while proving *1 (descended from Goal): Subgoal *1/2'' (IMPLIES (AND (CONSP Y) (EQUAL (HOW-MANY (CAR Y) (SPLICE X (CAR Y) (CDR Y))) (* (HOW-MANY (CAR Y) X) (HOW-MANY (CAR Y) (CDR Y))))) (EQUAL (HOW-MANY (CAR Y) (AP X (SPLICE X (CAR Y) (CDR Y)))) (+ (HOW-MANY (CAR Y) X) (HOW-MANY (CAR Y) (SPLICE X (CAR Y) (CDR Y)))))) *1.1 (Subgoal *1/2'5') is pushed for proof by induction. ]) Subgoal *1/1 Subgoal *1/1' So we now return to *1.1, which is (EQUAL (HOW-MANY Y1 (AP X (SPLICE X Y1 Y2))) (+ (HOW-MANY Y1 X) (* (HOW-MANY Y1 X) (HOW-MANY Y1 Y2)))). Subgoal *1.1/3 Subgoal *1.1/3' Subgoal *1.1/3'' Subgoal *1.1/3''' Subgoal *1.1/3'4' Subgoal *1.1/3'5' *1.1.1 (Subgoal *1.1/3'5') is pushed for proof by induction. Subgoal *1.1/2 Subgoal *1.1/2' Subgoal *1.1/2'' Subgoal *1.1/2''' Subgoal *1.1/2'4' Subgoal *1.1/2'5' *1.1.2 (Subgoal *1.1/2'5') is pushed for proof by induction. Subgoal *1.1/1 Subgoal *1.1/1' Subgoal *1.1/1'' Subgoal *1.1/1''' *1.1.3 (Subgoal *1.1/1''') is pushed for proof by induction. So we now return to *1.1.3, which is (EQUAL (HOW-MANY Y1 (AP X NIL)) (+ (HOW-MANY Y1 X) (* 0 (HOW-MANY Y1 X)))). Subgoal *1.1.3/3 Subgoal *1.1.3/3' Subgoal *1.1.3/2 Subgoal *1.1.3/2' Subgoal *1.1.3/2'' Subgoal *1.1.3/1 Subgoal *1.1.3/1' *1.1.3 is COMPLETED! We therefore turn our attention to *1.1.2, which is (EQUAL (HOW-MANY Y3 (AP X (AP X (SPLICE X Y3 Y4)))) (+ (HOW-MANY Y3 X) (HOW-MANY Y3 X) (* (HOW-MANY Y3 X) (HOW-MANY Y3 Y4)))). Subgoal *1.1.2/3 Subgoal *1.1.2/3' Subgoal *1.1.2/3'' Subgoal *1.1.2/3''' Subgoal *1.1.2/3'4' Subgoal *1.1.2/3'5' *1.1.2.1 (Subgoal *1.1.2/3'5') is pushed for proof by induction. Subgoal *1.1.2/2 Subgoal *1.1.2/2' Subgoal *1.1.2/2'' Subgoal *1.1.2/2''' Subgoal *1.1.2/2'4' Subgoal *1.1.2/2'5' *1.1.2.2 (Subgoal *1.1.2/2'5') is pushed for proof by induction. Subgoal *1.1.2/1 Subgoal *1.1.2/1' Subgoal *1.1.2/1'' Subgoal *1.1.2/1''' *1.1.2.3 (Subgoal *1.1.2/1''') is pushed for proof by induction. So we now return to *1.1.2.3, which is (EQUAL (HOW-MANY Y3 (AP X (AP X NIL))) (+ (HOW-MANY Y3 X) (HOW-MANY Y3 X) (* 0 (HOW-MANY Y3 X)))). Subgoal *1.1.2.3/3 Subgoal *1.1.2.3/3' Subgoal *1.1.2.3/3'' Subgoal *1.1.2.3/3''' Subgoal *1.1.2.3/3'4' Subgoal *1.1.2.3/3'5' Subgoal *1.1.2.3/3'6' *1.1.2.3.1 (Subgoal *1.1.2.3/3'6') is pushed for proof by induction. Subgoal *1.1.2.3/2 Subgoal *1.1.2.3/2' Subgoal *1.1.2.3/2'' Subgoal *1.1.2.3/2''' Subgoal *1.1.2.3/2'4' Subgoal *1.1.2.3/2'5' Subgoal *1.1.2.3/2'6' Subgoal *1.1.2.3/2'7' Subgoal *1.1.2.3/2'8' Subgoal *1.1.2.3/2'9' *1.1.2.3.2 (Subgoal *1.1.2.3/2'9') is pushed for proof by induction. Subgoal *1.1.2.3/1 Subgoal *1.1.2.3/1' So we now return to *1.1.2.3.2, which is (IMPLIES (AND (INTEGERP I) (<= 0 I) (EQUAL (HOW-MANY X1 (AP X2 AP)) (+ I I))) (EQUAL (+ 1 (HOW-MANY X1 (AP X2 (CONS X1 AP)))) (+ 1 I 1 I))). Subgoal *1.1.2.3.2/3 Subgoal *1.1.2.3.2/3' Subgoal *1.1.2.3.2/3'' Subgoal *1.1.2.3.2/3''' Subgoal *1.1.2.3.2/3'4' Subgoal *1.1.2.3.2/3'5' Subgoal *1.1.2.3.2/3'6' *1.1.2.3.2.1 (Subgoal *1.1.2.3.2/3'6') is pushed for proof by induction. Subgoal *1.1.2.3.2/2 Subgoal *1.1.2.3.2/2' Subgoal *1.1.2.3.2/2'' Subgoal *1.1.2.3.2/2''' Subgoal *1.1.2.3.2/2'4' Subgoal *1.1.2.3.2/2'5' Subgoal *1.1.2.3.2/2'6' Subgoal *1.1.2.3.2/2'7' Subgoal *1.1.2.3.2/2'8' Subgoal *1.1.2.3.2/2'9' *1.1.2.3.2.2 (Subgoal *1.1.2.3.2/2'9') is pushed for proof by induction. Subgoal *1.1.2.3.2/1 Subgoal *1.1.2.3.2/1' Subgoal *1.1.2.3.2/1'' So we now return to *1.1.2.3.2.2, which is (IMPLIES (AND (INTEGERP J) (<= 0 J) (NOT (EQUAL J (+ 1 J))) (INTEGERP I) (<= 0 I)) (EQUAL (+ 1 1 (HOW-MANY X3 (AP X4 (CONS X3 AP)))) (+ 1 I 1 I))). Subgoal *1.1.2.3.2.2/2 Subgoal *1.1.2.3.2.2/2' Subgoal *1.1.2.3.2.2/2'' Subgoal *1.1.2.3.2.2/2''' Subgoal *1.1.2.3.2.2/2'4' Subgoal *1.1.2.3.2.2/2'5' Subgoal *1.1.2.3.2.2/2'6' *1.1.2.3.2.2.1 (Subgoal *1.1.2.3.2.2/2'6') is pushed for proof by induction. Subgoal *1.1.2.3.2.2/1 Subgoal *1.1.2.3.2.2/1' Subgoal *1.1.2.3.2.2/1'' Subgoal *1.1.2.3.2.2/1''' *1.1.2.3.2.2.2 (Subgoal *1.1.2.3.2.2/1''') is pushed for proof by induction. So we now return to *1.1.2.3.2.2.2, which is (IMPLIES (AND (INTEGERP J) (<= 0 J) (NOT (EQUAL J (+ 1 J))) (INTEGERP I) (<= 0 I)) (EQUAL (+ 1 1 1 (HOW-MANY X3 AP)) (+ 1 I 1 I))). Subgoal *1.1.2.3.2.2.2/3 Subgoal *1.1.2.3.2.2.2/3' Subgoal *1.1.2.3.2.2.2/2 Subgoal *1.1.2.3.2.2.2/2' Subgoal *1.1.2.3.2.2.2/2'' Subgoal *1.1.2.3.2.2.2/2''' Subgoal *1.1.2.3.2.2.2/2'4' Subgoal *1.1.2.3.2.2.2/2'5' *1.1.2.3.2.2.2.1 (Subgoal *1.1.2.3.2.2.2/2'5') is pushed for proof by induction. Subgoal *1.1.2.3.2.2.2/1 Subgoal *1.1.2.3.2.2.2/1' Subgoal *1.1.2.3.2.2.2/1'' Subgoal *1.1.2.3.2.2.2/1''' *1.1.2.3.2.2.2.2 (Subgoal *1.1.2.3.2.2.2/1''') is pushed for proof by induction. So we now return to *1.1.2.3.2.2.2.2, which is (IMPLIES (AND (INTEGERP J) (<= 0 J) (NOT (EQUAL J (+ 1 J))) (INTEGERP I) (<= 0 I)) (EQUAL 3 (+ 1 I 1 I))). No induction schemes are suggested by *1.1.2.3.2.2.2.2. Consequently, the proof attempt has failed. Summary Form: ( DEFTHM PROBLEM-0 ...) Rules: ((:DEFINITION AP) (:DEFINITION ENDP) (:DEFINITION FIX) (:DEFINITION HOW-MANY) (:DEFINITION NOT) (:DEFINITION SPLICE) (:ELIM CAR-CDR-ELIM) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION HOW-MANY) (:INDUCTION SPLICE) (:REWRITE ASSOCIATIVITY-OF-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE COMMUTATIVITY-OF-*) (:REWRITE COMMUTATIVITY-OF-+) (:REWRITE DISTRIBUTIVITY) (:REWRITE UNICITY-OF-0) (:REWRITE UNICITY-OF-1) (:TYPE-PRESCRIPTION HOW-MANY)) Time: 0.21 seconds (prove: 0.18, print: 0.02, other: 0.00) --- The key checkpoint goals, below, may help you to debug this failure. See :DOC failure and see :DOC set-checkpoint- summary-limit. --- *** Key checkpoint at the top level: *** Goal (EQUAL (HOW-MANY E (SPLICE X E Y)) (* (HOW-MANY E X) (HOW-MANY E Y))) *** Key checkpoint under a top-level induction: *** Subgoal *1/2'' (IMPLIES (AND (CONSP Y) (EQUAL (HOW-MANY (CAR Y) (SPLICE X (CAR Y) (CDR Y))) (* (HOW-MANY (CAR Y) X) (HOW-MANY (CAR Y) (CDR Y))))) (EQUAL (HOW-MANY (CAR Y) (AP X (SPLICE X (CAR Y) (CDR Y)))) (+ (HOW-MANY (CAR Y) X) (HOW-MANY (CAR Y) (SPLICE X (CAR Y) (CDR Y)))))) ACL2 Error in ( DEFTHM PROBLEM-0 ...): See :DOC failure. **************** FAILED **************** ACL2 !>(defthm problem-0-lemma-1 (equal (how-many e (ap a b)) (+ (how-many e a) (how-many e b)))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. These merge into two derived induction schemes. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (HOW-MANY E A), but modified to accommodate (AP A B). These suggestions were produced using the :induction rules AP and HOW-MANY. If we let (:P A B E) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP A)) (NOT (EQUAL E (CAR A))) (:P (CDR A) B E)) (:P A B E)) (IMPLIES (AND (NOT (ENDP A)) (EQUAL E (CAR A)) (:P (CDR A) B E)) (:P A B E)) (IMPLIES (ENDP A) (:P A B E))). This induction is justified by the same argument used to admit HOW-MANY. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/2 Subgoal *1/2' Subgoal *1/2'' Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal is COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-0-LEMMA-1 ...) Rules: ((:DEFINITION AP) (:DEFINITION ENDP) (:DEFINITION FIX) (:DEFINITION HOW-MANY) (:DEFINITION NOT) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION AP) (:INDUCTION HOW-MANY) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE COMMUTATIVITY-OF-+) (:REWRITE UNICITY-OF-0) (:TYPE-PRESCRIPTION HOW-MANY)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.00) PROBLEM-0-LEMMA-1 ACL2 !>(defthm problem-0 (equal (how-many e (splice x e y)) (* (how-many e x) (how-many e y)))) *1 (the initial Goal, a key checkpoint) is pushed for proof by induction. Perhaps we can prove *1 by induction. Three induction schemes are suggested by this conjecture. Subsumption reduces that number to two. However, one of these is flawed and so we are left with one viable candidate. We will induct according to a scheme suggested by (SPLICE X E Y). This suggestion was produced using the :induction rules HOW-MANY and SPLICE. If we let (:P E X Y) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ENDP Y)) (NOT (EQUAL E (CAR Y))) (:P E X (CDR Y))) (:P E X Y)) (IMPLIES (AND (NOT (ENDP Y)) (EQUAL E (CAR Y)) (:P E X (CDR Y))) (:P E X Y)) (IMPLIES (ENDP Y) (:P E X Y))). This induction is justified by the same argument used to admit SPLICE. When applied to the goal at hand the above induction scheme produces three nontautological subgoals. Subgoal *1/3 Subgoal *1/3' Subgoal *1/2 Subgoal *1/2' Subgoal *1/1 Subgoal *1/1' *1 is COMPLETED! Thus key checkpoint Goal is COMPLETED! Q.E.D. Summary Form: ( DEFTHM PROBLEM-0 ...) Rules: ((:DEFINITION ENDP) (:DEFINITION FIX) (:DEFINITION HOW-MANY) (:DEFINITION NOT) (:DEFINITION SPLICE) (:EXECUTABLE-COUNTERPART CONSP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION HOW-MANY) (:INDUCTION SPLICE) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE COMMUTATIVITY-OF-*) (:REWRITE DISTRIBUTIVITY) (:REWRITE PROBLEM-0-LEMMA-1) (:REWRITE UNICITY-OF-1) (:TYPE-PRESCRIPTION HOW-MANY)) Time: 0.01 seconds (prove: 0.01, print: 0.00, other: 0.00) PROBLEM-0 ACL2 !>(quote (the end)) (THE END) ACL2 !>