SET-PROVER-STEP-LIMIT.html -- ACL2 Version 6.3

SET-PROVER-STEP-LIMIT

sets the step-limit used by the ACL2 prover

Major Section:  SWITCHES-PARAMETERS-AND-MODES

This event provides a way to limit the number of so-called ``prover steps'' permitted for an event. See with-prover-step-limit for a way to specify the limit on prover steps for a single event, rather than globally. For a related utility based on time instead of prover steps, see with-prover-time-limit. For examples of how step limits work, see the community book books/misc/misc2/step-limits.lisp. For a utility that returns an indicator of the number of prover steps most recently taken, see last-prover-steps.

Note: This is an event! It does not print the usual event summary but nevertheless changes the ACL2 logical world and is so recorded. Moreover, its effect is to set the acl2-defaults-table, and hence its effect is local to the book or encapsulate form containing it; see acl2-defaults-table.

Example Forms:
(set-prover-step-limit *default-step-limit*) ; no limit on prover steps
(set-prover-step-limit nil)   ; abbreviation for the form just above
(set-prover-step-limit 10000) ; allow at most 10,000 prover steps per event

General Form:
(set-prover-step-limit expr)

where expr evaluates either to nil or else to a natural number not exceeding the value of *default-step-limit*. If that value is nil or the value of *default-step-limit*, then no default limit is placed on the number of prover ``steps'' (see below) during processing of an event. Otherwise, that value is the maximum number of prover steps permitted before an error occurs.

This event specifies the limit on the number of ``steps'' counted by the ACL2 prover during processing of an event. Currently, a step is counted for each call of the system functions rewrite and expand-abbreviations. However, the steps counted may change in future releases of ACL2, so users would probably be well served by avoiding the assumption that only the above two calls are counted as prover steps.

Depending on the computer you are using, you may have less than a half-hour of time before the number of prover steps exceeds the maximum step-limit, which is one less than the value of *default-step-limit*. Note however the exception stated above: if the ``limit'' is nil or is the value of *default-step-limit*, then no limit is imposed.

There is at best a loose connection between the counting of steps and with-prover-time-limit. In particular, for a call of mfc-rw or any mfc- function (see extended-metafunctions), the steps taken during that call are forgotten when returning from that call.

The limit is relevant for every event, as well as for calls of thm and certify-book -- and more generally, to any form that creates a ``summary context'' to print the usual event summary. The limit is also put in force when entering the proof-checker. A call of set-prover-step-limit applies to each subsequent form unless the call of set-prover-step-limit is within a summary context, in which case its effect disappears when exiting that summary context.

The limit applies to each event, not just ``atomic'' events. Consider the following example.

(set-prover-step-limit 500)

(encapsulate
  ()
  (defthm lemma-1 ; takes 380 steps
    (equal (append (append x y) z) (append x y z))
    :rule-classes nil)
  (defthm lemma-2 ; would take 319 steps
    (equal (len (append x y)) (+ (len x) (len y)))
    :rule-classes nil))

The first defthm event, lemma-1 takes 380 steps (as of this writing), as shown in the summary:

Prover steps counted:  380
LEMMA-1

The second defthm event, lemma-2, takes 319 steps (as of this writing) when evaluated at the top level. However, in the context above, 380 steps of the available 500 steps (from the set-prover-step-limit event above) have already been taken under the above encapsulate event. Thus, when the number of steps would exceed 120, the proof of lemma-2 is aborted:

ACL2 Error in STEP-LIMIT:  The prover step-limit, which is 120 in the
current context, has been exceeded.  See :DOC set-prover-step-limit.

The summary for lemma-2 reflects that situation:

Prover steps counted:  More than 120

The summary for the encapsulate event then indicates that the available steps for that event have also been exceeded:

Prover steps counted:  More than 500

The discussion above applies to any event that contains other events, hence applies similarly to progn events.

For those who use make-event, we note that prover steps in the expansion phase similarly contribute to the total number of steps counted. For example, suppose that the limit is 500 prover steps as above, and you submit (make-event EXPR), where 300 prover steps take place during evaluation of EXPR, producing event EV. Then evaluation of EV will cause an error if it takes more than 200 prover steps. This observation actually can be used to count prover steps for sequences of forms that are not all legal events (see embedded-event-form), such as calls of thm. For example, a small built-in ACL2 test suite that includes thm forms can be run by evaluating the form (mini-proveall), and the steps can be counted as shown below. (Here we assume a fresh ACL2 session; an error would occur if first, we evaluate the event (set-prover-step-limit 500) displayed above.)

ACL2 !>(make-event (er-progn (mini-proveall) (value '(value-triple nil))))
[[... output omitted here ...]]
Summary
Form:  ( MAKE-EVENT (ER-PROGN ...))
Rules: NIL
Warnings:  Double-rewrite, Equiv, Subsume and Non-rec
Time:  0.38 seconds (prove: 0.04, print: 0.29, other: 0.05)
Prover steps counted:  41090
 NIL
ACL2 !>