Major Section: SWITCHES-PARAMETERS-AND-MODES
This event provides a way to limit the number of so-called ``prover steps''
permitted for an event. See with-prover-step-limit for a way to specify the
limit on prover steps for a single event, rather than globally. For a
related utility based on time instead of prover steps,
see with-prover-time-limit. For examples of how step limits work, see the
books/misc/misc2/step-limits.lisp. For a utility that
returns an indicator of the number of prover steps most recently taken,
Note: This is an event! It does not print the usual event summary
but nevertheless changes the ACL2 logical world and is so
recorded. Moreover, its effect is to set the
hence its effect is
local to the book or
containing it; see acl2-defaults-table.
Example Forms: (set-prover-step-limit *default-step-limit*) ; no limit on prover steps (set-prover-step-limit nil) ; abbreviation for the form just above (set-prover-step-limit 10000) ; allow at most 10,000 prover steps per event General Form: (set-prover-step-limit expr)where
exprevaluates either to
nilor else to a natural number not exceeding the value of
*default-step-limit*. If that value is
nilor the value of
*default-step-limit*, then no default limit is placed on the number of prover ``steps'' (see below) during processing of an event. Otherwise, that value is the maximum number of prover steps permitted before an error occurs.
This event specifies the limit on the number of ``steps'' counted by the ACL2
prover during processing of an event. Currently, a step is counted for each
call of the system functions
However, the steps counted may change in future releases of ACL2, so users
would probably be well served by avoiding the assumption that only the above
two calls are counted as prover steps.
Depending on the computer you are using, you may have less than a half-hour
of time before the number of prover steps exceeds the maximum step-limit,
which is one less than the value of
*default-step-limit*. Note however
the exception stated above: if the ``limit'' is
nil or is the value of
*default-step-limit*, then no limit is imposed.
There is at best a loose connection between the counting of steps and
with-prover-time-limit. In particular, for a call of
mfc-rw or any
mfc- function (see extended-metafunctions), the steps taken during that
call are forgotten when returning from that call.
The limit is relevant for every event, as well as for calls of
certify-book -- and more generally, to any form that creates a
``summary context'' to print the usual event summary. The limit is also put
in force when entering the proof-checker. A call of
set-prover-step-limit applies to each subsequent form unless the call of
set-prover-step-limit is within a summary context, in which case its
effect disappears when exiting that summary context.
The limit applies to each event, not just ``atomic'' events. Consider the following example.
(set-prover-step-limit 500) (encapsulate () (defthm lemma-1 ; takes 380 steps (equal (append (append x y) z) (append x y z)) :rule-classes nil) (defthm lemma-2 ; would take 319 steps (equal (len (append x y)) (+ (len x) (len y))) :rule-classes nil))The first
lemma-1takes 380 steps (as of this writing), as shown in the summary:
Prover steps counted: 380 LEMMA-1The second
lemma-2, takes 319 steps (as of this writing) when evaluated at the top level. However, in the context above, 380 steps of the available 500 steps (from the
set-prover-step-limitevent above) have already been taken under the above
encapsulateevent. Thus, when the number of steps would exceed 120, the proof of
ACL2 Error in STEP-LIMIT: The prover step-limit, which is 120 in the current context, has been exceeded. See :DOC set-prover-step-limit.The summary for
lemma-2reflects that situation:
Prover steps counted: More than 120The summary for the
encapsulateevent then indicates that the available steps for that event have also been exceeded:
Prover steps counted: More than 500The discussion above applies to any event that contains other events, hence applies similarly to
For those who use
make-event, we note that prover steps in the
expansion phase similarly contribute to the total number of steps counted.
For example, suppose that the limit is 500 prover steps as above, and you
(make-event EXPR), where 300 prover steps take place during
EXPR, producing event
EV. Then evaluation of
will cause an error if it takes more than 200 prover steps. This observation
actually can be used to count prover steps for sequences of forms that are
not all legal
events (see embedded-event-form), such as calls of
thm. For example, a small built-in ACL2 test suite that includes
thm forms can be run by evaluating the form
the steps can be counted as shown below. (Here we assume a fresh ACL2
session; an error would occur if first, we evaluate the event
(set-prover-step-limit 500) displayed above.)
ACL2 !>(make-event (er-progn (mini-proveall) (value '(value-triple nil)))) [[... output omitted here ...]] Summary Form: ( MAKE-EVENT (ER-PROGN ...)) Rules: NIL Warnings: Double-rewrite, Equiv, Subsume and Non-rec Time: 0.38 seconds (prove: 0.04, print: 0.29, other: 0.05) Prover steps counted: 41090 NIL ACL2 !>