#|
; If you are using ACL2s, delete the hash-bar above and the bar-hash below.
(include-book "m1")
(begin-book t :ttags :all)
; If you are using ACL2s, delete the bar-hash below.
|#
; If you are certifying this book in raw ACL2, execute the
; include-book above and then (certify-book "m1-lemmas" 1)
(in-package "M1")
; Now I develop some rules that allow ACL2 to prove theorems
; about M1 programs.
; Arithmetic
(include-book "arithmetic-5/top" :dir :system)
; Abstract Data Type Stuff
(defthm stacks
(and (equal (top (push x s)) x)
(equal (pop (push x s)) s)
; These next two are needed because some push expressions evaluate to
; list constants, e.g., (push 1 (push 2 nil)) becomes '(1 2) and '(1
; 2) pattern-matches with (cons x s) but not with (push x s).
(equal (top (cons x s)) x)
(equal (pop (cons x s)) s)))
(in-theory (disable push top pop (:executable-counterpart push)))
(defthm states
(and (equal (pc (make-state pc locals stack program)) pc)
(equal (locals (make-state pc locals stack program)) locals)
(equal (stack (make-state pc locals stack program)) stack)
(equal (program (make-state pc locals stack program)) program)
; And we add the rules to handle constant states:
(equal (pc (cons pc x)) pc)
(equal (locals (cons pc (cons locals x))) locals)
(equal (stack (cons pc (cons locals (cons stack x)))) stack)
(equal (program (cons pc (cons locals (cons stack (cons program x)))))
program)))
(in-theory (disable make-state pc locals stack program
(:executable-counterpart make-state)))
; Step Stuff
(defthm step-opener
(implies (consp (next-inst s))
(equal (step s)
(do-inst (next-inst s) s))))
(in-theory (disable step))
; Schedules and Run
(defthm run-ap
(equal (run (ap a b) s)
(run b (run a s))))
(defthm run-opener
(and (equal (run nil s) s)
(equal (run (cons th sched) s)
(run sched (step s)))))
(in-theory (disable run))
; Nth and update-nth
(defthm nth-add1!
(implies (natp n)
(equal (nth (+ 1 n) list)
(nth n (cdr list)))))
(defthm nth-update-nth
(implies (and (natp i) (natp j))
(equal (nth i (update-nth j v list))
(if (equal i j)
v
(nth i list)))))
(defthm update-nth-update-nth-1
(implies (and (natp i) (natp j) (not (equal i j)))
(equal (update-nth i v (update-nth j w list))
(update-nth j w (update-nth i v list))))
:rule-classes ((:rewrite :loop-stopper ((i j update-nth)))))
(defthm update-nth-update-nth-2
(equal (update-nth i v (update-nth i w list))
(update-nth i v list)))