• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
    • Debugging
    • Community
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
      • Theories
      • Rule-classes
      • Proof-builder
      • Recursion-and-induction
      • Hons-and-memoization
      • Events
        • Defun
        • Verify-guards
        • Table
        • Mutual-recursion
        • Memoize
        • Make-event
        • Include-book
        • Encapsulate
        • Defun-sk
          • Define-sk
          • Quantifier-tutorial
            • Solution-to-ACL2-quantifier-exercise-2
            • Defun-sk-queries
            • Quantifiers
            • Defun-sk-example
            • Defund-sk
            • Forall
            • Def::un-sk
            • Equiv
            • Exists
            • Congruence
          • Defttag
          • Defstobj
          • Defpkg
          • Defattach
          • Defabsstobj
          • Defchoose
          • Progn
          • Defconst
          • Verify-termination
          • Redundant-events
          • Defmacro
          • Skip-proofs
          • In-theory
          • Embedded-event-form
          • Value-triple
          • Comp
          • Local
          • Defthm
          • Progn!
          • Defevaluator
          • Theory-invariant
          • Assert-event
          • Defun-inline
          • Project-dir-alist
          • Partial-encapsulate
          • Define-trusted-clause-processor
          • Defproxy
          • Defexec
          • Defun-nx
          • Defthmg
          • Defpun
          • Defabbrev
          • Set-table-guard
          • Name
          • Defrec
          • Add-custom-keyword-hint
          • Regenerate-tau-database
          • Defcong
          • Deftheory
          • Defaxiom
          • Deftheory-static
          • Defund
          • Evisc-table
          • Verify-guards+
          • Logical-name
          • Profile
          • Defequiv
          • Defmacro-untouchable
          • Add-global-stobj
          • Defthmr
          • Defstub
          • Defrefinement
          • Deflabel
          • In-arithmetic-theory
          • Unmemoize
          • Defabsstobj-missing-events
          • Defthmd
          • Fake-event
          • Set-body
          • Defun-notinline
          • Functions-after
          • Macros-after
          • Dump-events
          • Defund-nx
          • Defun$
          • Remove-global-stobj
          • Remove-custom-keyword-hint
          • Dft
          • Defthy
          • Defund-notinline
          • Defnd
          • Defn
          • Defund-inline
          • Defmacro-last
        • Parallelism
        • History
        • Programming
        • Operational-semantics
        • Real
        • Start-here
        • Miscellaneous
        • Output-controls
        • Bdd
        • Macros
        • Installation
        • Mailing-lists
      • Interfacing-tools
      • Hardware-verification
      • Software-verification
      • Math
      • Testing-utilities
    • Quantifier-tutorial

    Solution-to-ACL2-quantifier-exercise-2

    A solution to quantifier-tutorial Exercise 2

    In quantifier-tutorial exercise 2, it asks if we can prove or disprove the conjecture below.

    Exercise 2. If there is an ACL2 object x which satisfies M, then there exists a least ACL2 object y that satisfies M.

    This hypothesis can be disproved. Here is one possible solution, provided by Yan Peng..

    (in-package "ACL2")
(include-book "misc/total-order" :dir :system)

;; This hypothesis can be disproved.
;; The intuition: find a function M that can be satisfied and does not have a
;; minimal object that satisfies it.

;; For example, if M is evenp, then for any ACL2 object that satisfies M, one
;; can always construct a smaller object by subtracting 2 from it, which also
;; satisfies M.

;; Instead of using defstub, we provide an implementation for M which calls
;; evenp.
(defun M (x) (evenp x))

;; We prove a helper lemma that says if x satisfies M, then (- x 2) also
;; satisfies M and it is a smaller object.
(defthm -2-satisfies-M-and-<<
  (implies (M x)
           (and (M (- x 2)) (<< (- x 2) x)))
  :hints (("Goal"
           :in-theory (enable << lexorder alphorder))))
(in-theory (disable evenp M))

(defun-sk some-M () (exists x (M x)))
(in-theory (disable some-M some-M-suff))

;; We prove M can be satisfied by providing a witness 0.
(defthm some-M-lemma
  (some-M)
  :hints (("Goal" :use ((:instance some-M-suff (x 0))))))

;; We negate none-below-2
(defun-sk exists-below (y)
  (exists r (and (<< r y) (M r))))
(in-theory (disable exists-below exists-below-suff))

;; We negate min-M2
(defun-sk not-min-M () (forall y (implies (M y) (exists-below y))))
(in-theory (disable not-min-M not-min-M-necc))

;; We prove that forall y, if y satisfies M, then there exists another smaller
;; object that satisfies M.
(defthm not-min-M-lemma
  (not-min-M)
  :hints (("Goal"
           :use (;; The definition of not-min-M provides a witness
                 ;; (not-min-M-witness) that satisfies M but doesn't satisfy
                 ;; exists-below.
                 (:instance (:definition not-min-M))
                 ;; By instantiating exists-below-suff, we provide a smaller
                 ;; object r:(- (not-min-M-witness) 2) than
                 ;; y:(not-min-M-witness), and satisfies M. This makes
                 ;; (not-min-M-witness) vacuous, allowing us to prove the
                 ;; forall.
                 (:instance exists-below-suff
                            (r (- (not-min-M-witness) 2))
                            (y (not-min-M-witness)))))))

;; We prove both some-M and not-min-M
(defthm |minimal does not exist|
  (and (some-M) (not-min-M)))