(in-package "ACL2S") ;; The following proof follows the strategy developed in std/oset. We ;; include the books to reason about sets and therefore omit some of ;; the lemmas in the oset-books. (encapsulate nil (local (in-theory (disable te-< te-<-definition-rule))) (local (in-theory (enable o-lo-tep-definition-rule))) (local (defthm head-tail-order-contrapositive (implies (and (o-lo-tep X) (not (te-< (car X) (car (cdr X))))) (endp (cdr X))))) (local (defthm head-minimal-2 (implies (and (o-lo-tep X) (timed-eventp a) (member-equal a X)) (not (te-< a (car X)))) :hints(("Goal" :in-theory (enable member-equal))))) (local (defthm empty-subset (implies (endp X) (subsetp-equal X Y)))) (local (defthm empty-subset-2 (implies (endp Y) (equal (subsetp-equal X Y) (endp X))))) (local (defthm in-tail-expand (implies (o-lo-tep X) (iff (member-equal a (cdr X)) (and (member-equal a X) (not (equal a (car X)))))))) (local (defthm head-minimal (implies (and (o-lo-tep X) (timed-eventp a) (te-< a (car X))) (not (member-equal a X))) :hints(("Goal" :in-theory (enable member-equal))))) (local (defthm subset-membership-tail (implies (and (o-lo-tep X) (o-lo-tep Y) (subsetp-equal X Y) (member-equal a (cdr X))) (member-equal a (cdr Y))))) (local (defthmd double-containment-lemma-head (implies (and (o-lo-tep X) (o-lo-tep Y) (subsetp-equal X Y) (subsetp-equal Y X)) (equal (car X) (car Y))) :hints (("Goal" :in-theory (enable subsetp-equal))))) (local (defthmd double-containment-lemma-in-tail (implies (and (o-lo-tep X) (o-lo-tep Y) (subsetp-equal X Y) (subsetp-equal Y X)) (implies (member-equal a (cdr X)) ; could be "equal" instead, (member-equal a (cdr Y)))) ; but that makes loops. :hints(("Goal" :in-theory (enable subsetp-equal) :use ((:instance in-tail-expand (a a) (X X)) (:instance in-tail-expand (a a) (X Y))))))) (local (defthm head-unique (implies (o-lo-tep X) (not (member-equal (car X) (cdr X)))) :hints(("Goal" :in-theory (enable member-equal))))) (local (defthm head-not-in-tail (implies (o-lo-tep (cons x1 x2)) (not (member-equal x1 x2))) :hints (("Goal" :in-theory (disable head-unique) :use ((:instance head-unique (X (cons x1 x2)))))))) (local (in-theory (enable double-containment-lemma-in-tail))) (local (defthm x1 (implies (and (subsetp-equal x (cons a y)) (not (member-equal a x))) (subsetp-equal x y)) :hints(("Goal" :in-theory (e/d (subsetp-equal) ()))))) (local (defthmd double-containment-lemma-tail (implies (and (o-lo-tep X) (o-lo-tep Y) (subsetp-equal X Y) (subsetp-equal Y X)) (subsetp-equal (cdr X) (cdr Y))) :hints(("Goal" :in-theory (e/d (subsetp-equal) (o-lo-tep-definition-rule)))))) (local (defun double-tail-induction (X Y) (declare (xargs :guard (and (o-lo-tep X) (o-lo-tep Y)))) (if (or (endp X) (endp Y)) (list X Y) (double-tail-induction (cdr X) (cdr Y))))) (local (defthm double-containment-is-equality-lemma (IMPLIES (AND (NOT (OR (ENDP X) (ENDP Y))) (IMPLIES (AND (SUBSETP-EQUAL (CDR X) (CDR Y)) (SUBSETP-EQUAL (CDR Y) (CDR X))) (EQUAL (EQUAL (CDR X) (CDR Y)) T)) (O-LO-TEP X) (O-LO-TEP Y) (SUBSETP-EQUAL X Y) (SUBSETP-EQUAL Y X)) (EQUAL (EQUAL X Y) T)) :hints(("Goal" :use ((:instance double-containment-lemma-tail (X X) (Y Y)) (:instance double-containment-lemma-tail (X Y) (Y X)) (:instance double-containment-lemma-head (X X) (Y Y))))))) (local (defthmd double-containment-is-equality (implies (and (o-lo-tep X) (o-lo-tep Y) (subsetp-equal X Y) (subsetp-equal Y X)) (equal (equal X Y) t)) :hints(("Goal" :induct (double-tail-induction X Y))))) (local (defthm double-containment (implies (and (o-lo-tep X) (o-lo-tep Y)) (equal (equal X Y) (and (subsetp-equal X Y) (subsetp-equal Y X)))) :rule-classes ((:rewrite :backchain-limit-lst 1)) :hints(("Goal" :use (:instance double-containment-is-equality))))) (defthm o-lo-tep-set-equiv-is-equal (implies (and (o-lo-tep x) (o-lo-tep y)) (equal (equal x y) (set-equiv x y))) :hints (("goal" :in-theory (e/d (set-equiv) (double-containment)) :use ((:instance double-containment))))) (in-theory (disable o-lo-tep-set-equiv-is-equal)) )