Welcome to Clozure Common Lisp Version 1.6-dev-r14316M-trunk (DarwinX8632)! ACL2 Version 4.2 built March 10, 2011 14:24:49. Copyright (C) 2011 University of Texas at Austin ACL2 comes with ABSOLUTELY NO WARRANTY. This is free software and you are welcome to redistribute it under certain conditions. For details, see the GNU General Public License. Initialized with (INITIALIZE-ACL2 'INCLUDE-BOOK *ACL2-PASS-2-FILES*). See the documentation topic note-4-2 for recent changes. Note: We have modified the prompt in some underlying Lisps to further distinguish it from the ACL2 prompt. ACL2 Version 4.2. Level 1. Cbd "/Users/moore/work/hyper/proof_4/". Distributed books directory "/Users/moore/work/v4-2/acl2-sources/books/". Type :help for help. Type (good-bye) to quit completely out of ACL2. ACL2 !>(include-book "code-proof-utilities-2") ACL2 Warning [Defaxioms] in ( INCLUDE-BOOK "code-proof-utilities-2" ...): The book "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" contains one or more DEFAXIOM events. To turn on non-linear arithmetic, execute : (SET-DEFAULT-HINTS '((NONLINEARP-DEFAULT-HINT STABLE-UNDER-SIMPLIFICATIONP HIST PSPV))) or : (SET-DEFAULT-HINTS '((NONLINEARP-DEFAULT-HINT++ ID STABLE-UNDER-SIMPLIFICATIONP HIST NIL))) See the README for more about non-linear arithmetic and general information about using this library. Summary Form: ( INCLUDE-BOOK "code-proof-utilities-2" ...) Rules: NIL Warnings: Defaxioms Time: 0.62 seconds (prove: 0.00, print: 0.00, other: 0.62) "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ACL2 !>(encapsulate nil (encapsulate nil (local (SET-DEFAULT-HINTS '((NONLINEARP-DEFAULT-HINT STABLE-UNDER-SIMPLIFICATIONP HIST PSPV)))) (defthm sum-arith-lemma2 (implies (and (natp n) (< n (expt 2 16))) (< (+ (* 1/2 n) (* 1/2 (expt n 2))) (expt 2 31))) :rule-classes :linear)) ; ??? The induction hint is a crock. (local (defthm hack1 (implies (natp n) (evenp (* n (+ n 1)))) :hints (("Goal" :induct (nthcdr n xxx))) :rule-classes nil)) (local (defthm hack2 (implies (natp n) (evenp (* n (- n 1)))) :hints (("Goal" :use (:instance hack1 (n (- n 1))))) :rule-classes nil)) (defthm sum-arith-lemma1 (implies (natp n) (natp (+ (* 1/2 n) (* 1/2 (expt n 2))))) :hints (("Goal" :use (:instance hack1))) :rule-classes :type-prescription) (defthm sum-arith-lemma3 (implies (natp n) (natp (+ (* -1/2 n) (* 1/2 (expt n 2))))) :hints (("Goal" :use (:instance hack2))) :rule-classes :type-prescription)) To verify that the five encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(ENCAPSULATE NIL (LOCAL (SET-DEFAULT-HINTS '((NONLINEARP-DEFAULT-HINT STABLE-UNDER-SIMPLIFICATIONP HIST PSPV)))) (DEFTHM SUM-ARITH-LEMMA2 (IMPLIES (AND (NATP N) (< N (EXPT 2 16))) (< (+ (* 1/2 N) (* 1/2 (EXPT N 2))) (EXPT 2 31))) :RULE-CLASSES :LINEAR)) To verify that the two encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(LOCAL (SET-DEFAULT-HINTS '((NONLINEARP-DEFAULT-HINT STABLE-UNDER-SIMPLIFICATIONP HIST PSPV)))) ((NONLINEARP-DEFAULT-HINT STABLE-UNDER-SIMPLIFICATIONP HIST PSPV)) ACL2 !>>(DEFTHM SUM-ARITH-LEMMA2 (IMPLIES (AND (NATP N) (< N (EXPT 2 16))) (< (+ (* 1/2 N) (* 1/2 (EXPT N 2))) (EXPT 2 31))) :RULE-CLASSES :LINEAR) By the simple :definition NATP and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (INTEGERP N) (<= 0 N) (< N 65536)) (< (+ (* 1/2 N) (* 1/2 (EXPT N 2))) 2147483648)). [Note: We now enable non-linear arithmetic.] [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :definition SYNP, the :executable-counterparts of < and BINARY-+, linear arithmetic, primitive type reasoning and the :rewrite rules |arith (* -1 x)|, |arith (* x 1)|, |arith (expt x 0)| and |arith (expt x c)|. Q.E.D. Summary Form: ( DEFTHM SUM-ARITH-LEMMA2 ...) Rules: ((:DEFINITION NATP) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART EXPT) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE |arith (* -1 x)|) (:REWRITE |arith (* x 1)|) (:REWRITE |arith (expt x 0)|) (:REWRITE |arith (expt x c)|)) Time: 0.03 seconds (prove: 0.03, print: 0.00, other: 0.00) SUM-ARITH-LEMMA2 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. Summary Form: ( ENCAPSULATE NIL (LOCAL ...) ...) Rules: NIL Time: 0.03 seconds (prove: 0.03, print: 0.00, other: 0.00) T ACL2 !>>(LOCAL (DEFTHM HACK1 (IMPLIES (NATP N) (EVENP (* N (+ N 1)))) :HINTS (("Goal" :INDUCT (NTHCDR N XXX))) :RULE-CLASSES NIL)) [Note: A hint was supplied for our processing of the goal above. Thanks!] Name the formula above *1. We have been told to use induction. One induction scheme is suggested by the induction hint. We will induct according to a scheme suggested by (NTHCDR N XXX). This suggestion was produced using the :induction rule NTHCDR. If we let (:P N) denote *1 above then the induction scheme we'll use is (AND (IMPLIES (AND (NOT (ZP N)) (:P (+ N -1))) (:P N)) (IMPLIES (ZP N) (:P N))). This induction is justified by the same argument used to admit NTHCDR. Note, however, that the unmeasured variable XXX is being instantiated. When applied to the goal at hand the above induction scheme produces two nontautological subgoals. Subgoal *1/2 (IMPLIES (AND (NOT (ZP N)) (IMPLIES (NATP (+ N -1)) (EVENP (* (+ N -1) (+ (+ N -1) 1))))) (IMPLIES (NATP N) (EVENP (* N (+ N 1))))). By the simple :definitions EVENP and NATP, the :executable-counterpart of BINARY-+ and the simple :rewrite rules |(* (* x y) z)| and |(+ (+ x y) z)| we reduce the conjecture to Subgoal *1/2' (IMPLIES (AND (NOT (ZP N)) (IMPLIES (NATP (+ N -1)) (INTEGERP (* (+ N -1) (+ N 0) 1/2))) (INTEGERP N) (<= 0 N)) (INTEGERP (* N (+ N 1) 1/2))). This simplifies, using the :compound-recognizer rules NATP-COMPOUND-RECOGNIZER and ZP-COMPOUND-RECOGNIZER, the :definitions NOT and SYNP, the :executable-counterparts of <, BINARY-* and UNARY--, primitive type reasoning, the :rewrite rules |(* -1 x)|, |(* x (+ y z))|, |(* x (- y))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ 0 x)|, |(+ y x)|, |(- (* c x))|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS, REMOVE-WEAK-INEQUALITIES and SUM-IS-EVEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE and EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, to the following two conjectures. Subgoal *1/2.2 (IMPLIES (AND (NOT (ZP N)) (INTEGERP (+ (* -1/2 N) (* 1/2 (EXPT N 2)))) (NOT (INTEGERP (* 1/2 N)))) (NOT (INTEGERP (* 1/2 (EXPT N 2))))). But simplification reduces this to T, using the :compound-recognizer rule ZP-COMPOUND-RECOGNIZER, the :definition SYNP, the :executable- counterparts of <, BINARY-+ and UNARY--, primitive type reasoning, the :rewrite rules |(* 0 x)|, |(+ (* c x) (* d x))|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, BUBBLE-DOWN-+-MATCH-1, INTEGERP-MINUS-X, NORMALIZE-ADDENDS and REDUCE-INTEGERP-+ and the :type- prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE and EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE. Subgoal *1/2.1 (IMPLIES (AND (NOT (ZP N)) (INTEGERP (+ (* -1/2 N) (* 1/2 (EXPT N 2)))) (INTEGERP (* 1/2 N))) (INTEGERP (* 1/2 (EXPT N 2)))). But simplification reduces this to T, using the :compound-recognizer rule ZP-COMPOUND-RECOGNIZER, the :executable-counterpart of <, primitive type reasoning and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE and EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE. Subgoal *1/1 (IMPLIES (ZP N) (IMPLIES (NATP N) (EVENP (* N (+ N 1))))). By the simple :definitions EVENP and NATP and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Subgoal *1/1' (IMPLIES (AND (ZP N) (INTEGERP N) (<= 0 N)) (INTEGERP (* N (+ N 1) 1/2))). But we reduce the conjecture to T, by the :compound-recognizer rule ZP-COMPOUND-RECOGNIZER and primitive type reasoning. That completes the proof of *1. Q.E.D. Summary Form: ( DEFTHM HACK1 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION EVENP) (:DEFINITION NATP) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART UNARY--) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:INDUCTION NTHCDR) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* -1 x)|) (:REWRITE |(* 0 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (- y))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (* c x) (* d x))|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE INTEGERP-MINUS-X) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REDUCE-INTEGERP-+) (:REWRITE REMOVE-WEAK-INEQUALITIES) (:REWRITE SUM-IS-EVEN . 1) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE)) Time: 0.05 seconds (prove: 0.04, print: 0.01, other: 0.00) HACK1 ACL2 !>>(LOCAL (DEFTHM HACK2 (IMPLIES (NATP N) (EVENP (* N (- N 1)))) :HINTS (("Goal" :USE (:INSTANCE HACK1 (N (- N 1))))) :RULE-CLASSES NIL)) [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from HACK1 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (NATP (+ -1 N)) (EVENP (* (+ -1 N) (+ (+ -1 N) 1)))) (IMPLIES (NATP N) (EVENP (* N (+ -1 N))))). By the simple :definitions EVENP and NATP and the simple :rewrite rules |(* (* x y) z)| and |(+ (+ x y) z)| we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (NATP (+ -1 N)) (INTEGERP (* (+ -1 N) (+ -1 N 1) 1/2))) (INTEGERP N) (<= 0 N)) (INTEGERP (* N (+ -1 N) 1/2))). This simplifies, using the :definitions NATP and SYNP, the :executable- counterparts of BINARY-*, BINARY-+ and UNARY--, primitive type reasoning and the :rewrite rules |(* -1 x)|, |(* x (+ y z))|, |(* x (- y))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, BUBBLE-DOWN-*-MATCH-1 and NORMALIZE-FACTORS-GATHER-EXPONENTS, to Goal''' (IMPLIES (AND (< (+ -1 N) 0) (INTEGERP N) (<= 0 N)) (INTEGERP (+ (* -1/2 N) (* 1/2 (EXPT N 2))))). But simplification reduces this to T, using the :executable-counterparts of <, BINARY-*, BINARY-+, EXPT, INTEGERP and NOT, linear arithmetic and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM HACK2 ...) Rules: ((:DEFINITION EVENP) (:DEFINITION NATP) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART UNARY--) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* -1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (- y))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS)) Time: 0.03 seconds (prove: 0.02, print: 0.01, other: 0.00) HACK2 ACL2 !>>(DEFTHM SUM-ARITH-LEMMA1 (IMPLIES (NATP N) (NATP (+ (* 1/2 N) (* 1/2 (EXPT N 2))))) :HINTS (("Goal" :USE (:INSTANCE HACK1))) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM SUM-ARITH-LEMMA1 ...): Our heuristics choose (+ (* 1/2 N) (* 1/2 (EXPT N 2))) as the :TYPED-TERM. ACL2 Warning [Non-rec] in ( DEFTHM SUM-ARITH-LEMMA1 ...): The hypothesis of the :type-prescription rule generated from SUM-ARITH-LEMMA1 contains the non-recursive function symbol NATP. Since the hypotheses of :type- prescription rules are relieved by type reasoning alone (and not rewriting) this function is liable to make the rule inapplicable. See :DOC type- prescription. [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from HACK1 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (NATP N) (EVENP (* N (+ N 1)))) (IMPLIES (NATP N) (NATP (+ (* 1/2 N) (* 1/2 (EXPT N 2)))))). By the simple :definitions EVENP and NATP and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (NATP N) (INTEGERP (* N (+ N 1) 1/2))) (INTEGERP N) (<= 0 N)) (NATP (+ (* 1/2 N) (* 1/2 (EXPT N 2))))). But simplification reduces this to T, using the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER, the :definition SYNP, the :executable- counterparts of < and BINARY-*, primitive type reasoning, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1 and NORMALIZE-FACTORS-GATHER-EXPONENTS and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE and EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE. Q.E.D. The storage of SUM-ARITH-LEMMA1 depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM SUM-ARITH-LEMMA1 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION EVENP) (:DEFINITION NATP) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART BINARY-*) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ y x)|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE)) Warnings: Non-rec Time: 0.02 seconds (prove: 0.01, print: 0.00, other: 0.00) SUM-ARITH-LEMMA1 ACL2 !>>(DEFTHM SUM-ARITH-LEMMA3 (IMPLIES (NATP N) (NATP (+ (* -1/2 N) (* 1/2 (EXPT N 2))))) :HINTS (("Goal" :USE (:INSTANCE HACK2))) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM SUM-ARITH-LEMMA3 ...): Our heuristics choose (+ (* -1/2 N) (* 1/2 (EXPT N 2))) as the :TYPED-TERM. ACL2 Warning [Non-rec] in ( DEFTHM SUM-ARITH-LEMMA3 ...): The hypothesis of the :type-prescription rule generated from SUM-ARITH-LEMMA3 contains the non-recursive function symbol NATP. Since the hypotheses of :type- prescription rules are relieved by type reasoning alone (and not rewriting) this function is liable to make the rule inapplicable. See :DOC type- prescription. [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from HACK2 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (NATP N) (EVENP (* N (+ -1 N)))) (IMPLIES (NATP N) (NATP (+ (* -1/2 N) (* 1/2 (EXPT N 2)))))). By the simple :definitions EVENP and NATP and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (NATP N) (INTEGERP (* N (+ -1 N) 1/2))) (INTEGERP N) (<= 0 N)) (NATP (+ (* -1/2 N) (* 1/2 (EXPT N 2))))). This simplifies, using the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER, the :definitions NATP and SYNP, the :executable- counterparts of <, BINARY-*, BINARY-+, EQUAL and UNARY-/, linear arithmetic, primitive type reasoning, the :rewrite rules |(* (/ x) (expt x n))|, |(* 0 x)|, |(* a (/ a) b)|, |(* a (/ a))|, |(* x (+ y z))|, |(* x (if a b c))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (* c x) (* d x))|, |(+ 0 x)|, |(+ y x)|, |(/ (/ x))|, |(< (if a b c) x)|, |(< x (if a b c))|, |(<= (/ x) y) with (< 0 x)|, |(equal (/ x) c)|, |(expt x 1)|, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-MATCH-3, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, PREFER-POSITIVE-ADDENDS-< and SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-< and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE and EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, to Goal''' (IMPLIES (AND (EQUAL N 0) (IMPLIES (NATP N) (INTEGERP (* N (+ -1 N) 1/2))) (INTEGERP N) (<= 0 N)) (NATP (+ (* -1/2 N) (* 1/2 (EXPT N 2))))). But simplification reduces this to T, using the :executable-counterparts of <, BINARY-*, BINARY-+, EXPT, IMPLIES, INTEGERP, NATP and NOT. Q.E.D. The storage of SUM-ARITH-LEMMA3 depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM SUM-ARITH-LEMMA3 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION EVENP) (:DEFINITION NATP) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART IMPLIES) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART NATP) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* (/ x) (expt x n))|) (:REWRITE |(* 0 x)|) (:REWRITE |(* a (/ a) b)|) (:REWRITE |(* a (/ a))|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (if a b c))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (* c x) (* d x))|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y x)|) (:REWRITE |(/ (/ x))|) (:REWRITE |(< (if a b c) x)|) (:REWRITE |(< x (if a b c))|) (:REWRITE |(<= (/ x) y) with (< 0 x)|) (:REWRITE |(equal (/ x) c)|) (:REWRITE |(expt x 1)|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE PREFER-POSITIVE-ADDENDS-<) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE)) Warnings: Non-rec Time: 0.03 seconds (prove: 0.02, print: 0.00, other: 0.00) SUM-ARITH-LEMMA3 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. Summary Form: ( ENCAPSULATE NIL (ENCAPSULATE NIL ...) ...) Rules: NIL Warnings: Non-rec Time: 0.17 seconds (prove: 0.13, print: 0.02, other: 0.01) T ACL2 !>(encapsulate nil (encapsulate nil (local (SET-DEFAULT-HINTS '((NONLINEARP-DEFAULT-HINT STABLE-UNDER-SIMPLIFICATIONP HIST PSPV)))) (defthm sum-arith-lemma2 (implies (and (natp n) (< n (expt 2 16))) (< (+ (* 1/2 n) (* 1/2 (expt n 2))) (expt 2 31))) :rule-classes :linear)) ; ??? The induction hint is a crock. (local (defthm hack1 (implies (natp n) (evenp (* n (+ n 1)))) :hints (("Goal" :induct (nthcdr n xxx))) :rule-classes nil)) (local (defthm hack2 (implies (natp n) (evenp (* n (- n 1)))) :hints (("Goal" :use (:instance hack1 (n (- n 1))))) :rule-classes nil)) (defthm sum-arith-lemma1 (implies (natp n) (natp (+ (* 1/2 n) (* 1/2 (expt n 2))))) :hints (("Goal" :use (:instance hack1))) :rule-classes :type-prescription) (defthm sum-arith-lemma3 (implies (natp n) (natp (+ (* -1/2 n) (* 1/2 (expt n 2))))) :hints (("Goal" :use (:instance hack2))) :rule-classes :type-prescription)) The event ( ENCAPSULATE NIL (ENCAPSULATE NIL ...) ...) is redundant. See :DOC redundant-events. Summary Form: ( ENCAPSULATE NIL (ENCAPSULATE NIL ...) ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) :REDUNDANT ACL2 !>:pe s* d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L (DEFUN S* (LST S) (IF (ENDP LST) S (IF (EQ (CAR (CAR LST)) :MEM) (S :MEM (W32* (CADR (CAR LST)) (G :MEM S)) (S* (CDR LST) S)) (S (CAR (CAR LST)) (CADR (CAR LST)) (S* (CDR LST) S))))) ACL2 !>(with-output :off :all (def-y86-sys :prog-space (0 50000) :stack-space (50000 100000) :data-space (100000 105000) :code ((big1 ; Here is a loop that iterates 1000 times, incrementing mem[8+%esp] each ; iteration, where %esp is 50000. Thus, if x is the initial ; value of mem[50008] then 1000+x is the final value. This proof ; takes about 50 seconds. ; Note: If we change the program, deleting the first irmovl, so that %esp+8 is ; just some arbitrary legal address outside the program segment, the proof ; slows down significantly because we then have to establish, 1000 times, that ; %esp+8 is not in the program segment. ; This code uses ; %eax as a temp ; %ebx to hold the loop counter which goes down from 1000 ; %ecx to hold the constant 1, and ; %edx to hold the constant -1 ; I plan to verify this by symbolic execution around the loop 1000 times, ; executing a total of 7+1000*5 = 5007 instructions. (irmovl 50000 %esp) ;;; %esp <- 50000 (irmovl 1000 %ebx) ;;; %ebx <- 1000 (irmovl 1 %ecx) ;;; %ecx <- 1 (irmovl 0 %edx) (subl %ecx %edx) ;;; %edx <- (%edx - 1) = (0 - 1) = -1 big1-loop (mrmovl 8(%esp) %eax) (addl %ecx %eax) (rmmovl %eax 8(%esp)) ;;; mem[50008] <- 1+mem[50008] (addl %edx %ebx) ;;; %ebx <- %ebx - 1 (jg big1-loop) ;;; jump to big1-loop if %ebx > 0 big1-halt (halt)) ; The next callable procedure takes %eax as input and ; computes the sum of the nats from there down. It leaves ; its answer in mem[%edi+100]. It protects all of the ; registers (except, of course, %eip). (iterative ;;; cost of call: 6 stack words (pushl %ebp) (rrmovl %esp %ebp) (pushl %eax) (pushl %ebx) (pushl %ecx) (pushl %edx) iterative-start (xorl %ebx %ebx) ;;; %ebx <- 0 (irmovl -1 %ecx) ;;; %ecx <- -1 iterative-loop (addl %eax %ebx) ;;; %ebx <- %eax + %ebx (addl %ecx %eax) ;;; %eax <- %eax - 1 (jg iterative-loop) ;;; jump iterative-loop [if n greater than zero] iterative-finish (rmmovl %ebx 100(%edi));;; mem[%edi+100] <- %ebx iterative-exit (mrmovl -16(%ebp) %edx) (mrmovl -12(%ebp) %ecx) (mrmovl -8(%ebp) %ebx) (mrmovl -4(%ebp) %eax) (rrmovl %ebp %esp) (popl %ebp) (ret)) ; The next callable procedure takes %eax as input and computes the sum of the ; nats from there down. It leaves its answer in mem[%edi+100]. It protects ; all of the normal registers. This is very inefficient code, because we ; protect the temp registers on call/ret but don't exploit that. (recursive (pushl %ebp) ;;; Standard entry (rrmovl %esp %ebp) (pushl %eax) (pushl %ebx) (pushl %ecx) (pushl %edx) recursive-body (xorl %ebx %ebx) ;;; %ebx <- 0 (addl %ebx %eax) ;;; %eax <- %eax + 0 (but sets status flags) (jg recursive-pre-step) recursive-base (rmmovl %ebx 100(%edi));;; mem[%edi+100] <- 0 (jmp recursive-exit) recursive-pre-step (pushl %eax) ;;; save our argument because we must smash it to call (irmovl -1 %ebx) (addl %ebx %eax) ;;; %eax <- %eax-1 recursive-call (call recursive) ;;; mem[%edi+100] <- recursive(``%eax-1'') recursive-post-step (popl %eax) ;;; restore our argument, %eax (mrmovl 100(%edi) %ebx);;; get recursive call's result, %ebx (addl %eax %ebx) ;;; add them to form our answer, in %ebx (rmmovl %ebx 100(%edi));;; mem[%edi+100] <- answer recursive-exit (mrmovl -16(%ebp) %edx);;; Standard exit (mrmovl -12(%ebp) %ecx) (mrmovl -8(%ebp) %ebx) (mrmovl -4(%ebp) %eax) (rrmovl %ebp %esp) (popl %ebp) (ret)) (main (irmovl 1000 %eax) (call recursive) main-halt (halt)) ))) T ACL2 !>(time$ (defthm-code-seq big1 (and (equal (g :eip s) *big1*) (big1-programp (g :mem s)) (< (+ 1000 (r32 50008 (g :mem s))) (expt 2 31))) (effects (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (list (list 50008 (+ 1000 (r32 50008 (g :mem s))))))) (:eip *big1-halt*) ) :intentionalp t :k (+ 5 (* 5 1000)) )) To verify that the seven encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFUN BIG1-CLK (S) (DECLARE (IGNORABLE S)) (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 5)))))))))))))))))))))))))) Since BIG1-CLK is non-recursive, its admission is trivial. We observe that the type of BIG1-CLK is described by the theorem (AND (INTEGERP (BIG1-CLK S)) (<= 0 (BIG1-CLK S))). We used the :executable- counterpart of NATP and the :type-prescription rule NATP-C+. Summary Form: ( DEFUN BIG1-CLK ...) Rules: ((:EXECUTABLE-COUNTERPART NATP) (:TYPE-PRESCRIPTION NATP-C+)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) BIG1-CLK ACL2 !>>(DEFUN BIG1-PRECONDITION (S) (DECLARE (IGNORABLE S)) (AND (EQUAL (G :EIP S) *BIG1*) (BIG1-PROGRAMP (G :MEM S)) (< (+ 1000 (R32 50008 (G :MEM S))) (EXPT 2 31)))) Since BIG1-PRECONDITION is non-recursive, its admission is trivial. We observe that the type of BIG1-PRECONDITION is described by the theorem (OR (EQUAL (BIG1-PRECONDITION S) T) (EQUAL (BIG1-PRECONDITION S) NIL)). Summary Form: ( DEFUN BIG1-PRECONDITION ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) BIG1-PRECONDITION ACL2 !>>(DEFUN BIG1-EFFECTS (S) (DECLARE (IGNORABLE S)) (EFFECTS (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (LIST (LIST 50008 (+ 1000 (R32 50008 (G :MEM S))))))) (:EIP *BIG1-HALT*))) Since BIG1-EFFECTS is non-recursive, its admission is trivial. We observe that the type of BIG1-EFFECTS is described by the theorem (AND (CONSP (BIG1-EFFECTS S)) (TRUE-LISTP (BIG1-EFFECTS S))). We used primitive type reasoning. Summary Form: ( DEFUN BIG1-EFFECTS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) BIG1-EFFECTS ACL2 !>>(DEFTHM BIG1-INTENTIONALP (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (INTENTIONAL-EFFECTSP (BIG1-EFFECTS S)))) ACL2 Warning [Non-rec] in ( DEFTHM BIG1-INTENTIONALP ...): A :REWRITE rule generated from BIG1-INTENTIONALP will be triggered only by terms containing the non-recursive function symbols INTENTIONAL-EFFECTSP and BIG1-EFFECTS. Unless these functions are disabled, this rule is unlikely ever to be used. By the simple :definition BIG1-PRECONDITION and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 0) (BIG1-PROGRAMP (G :MEM S)) (< (+ 1000 (R32 50008 (G :MEM S))) 2147483648)) (INTENTIONAL-EFFECTSP (BIG1-EFFECTS S))). But simplification reduces this to T, using the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, BIG1-EFFECTS, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and SYNP, the :executable-counterparts of ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, BINARY-+, EQUAL, EXPT, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, REDUCE-ADDITIVE-CONSTANT-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type- prescription rules MOD-ZERO, N08P-ALISTP, NATP-R32, XTR and Y86-GUARD. Q.E.D. The storage of BIG1-INTENTIONALP depends upon the :type-prescription rule INTENTIONAL-EFFECTSP. Summary Form: ( DEFTHM BIG1-INTENTIONALP ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION BIG1-EFFECTS) (:DEFINITION BIG1-PRECONDITION) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION NON-NIL-KEYS) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:TYPE-PRESCRIPTION INTENTIONAL-EFFECTSP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION NATP-R32) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Non-rec Time: 0.02 seconds (prove: 0.01, print: 0.00, other: 0.01) BIG1-INTENTIONALP ACL2 !>>(DEFTHM BIG1-IY86 (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (IY86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (IETC S (BIG1-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM BIG1-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM BIG1-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM BIG1-IY86 ...): A :REWRITE rule generated from BIG1-IY86 will be triggered only by terms containing the non-recursive function symbol BIG1-CLK. Unless this function is disabled, this rule is unlikely ever to be used. By the simple :definitions BIG1-CLK and BIG1-PRECONDITION and the :executable- counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 0) (BIG1-PROGRAMP (G :MEM S)) (< (+ 1000 (R32 50008 (G :MEM S))) 2147483648)) (~=> (IY86 S (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 5)))))))))))))))))))))))))) (BIG1-EFFECTS S))). This simplifies, using the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER, the :definitions BIG1-EFFECTS, IR08-CNT, IR32-CNT, IW32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, N32+, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, ADDR-EQUAL, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, MV-NTH, N32+, NAT-TO-BOOLEAN, NATP, NUMR, OP2-WITH-HIDING, R08, R32, RA, RB, UNARY--, UNARY-/, UNHIDE, XOR and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule R32-BOUNDED, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-C+, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N32-MINUS-N, R08-BIG1, R32-BIG1, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32-BIG1 and W32-W32-SAME and the :type- prescription rules BIG1-PROGRAMP, MOD-ZERO, N08P-ALISTP, NATP-C+, NATP-R32 and Y86-GUARD, to Goal'' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 0) (BIG1-PROGRAMP (G :MEM S)) (< (R32 50008 (G :MEM S)) 2147482648)) (~=> (S :EAX (+ 1000 (R32 50008 (G :MEM S))) (S :EBX 0 (S :ECX 1 (S :EDX 4294967295 (S :EIP 47 (S :ESP 50000 (S :MEM (W32 50008 (+ 1000 (R32 50008 (G :MEM S))) (G :MEM S)) (S :F-OF 0 (S :F-SF 0 (S :F-ZF 1 S)))))))))) (CONS (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (LIST (LIST 50008 (+ 1000 (R32 50008 (G :MEM S))))))) '((:EIP 47))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER, the :executable-counterparts of <, ACL2-NUMBERP, ADDR-EQUAL, ASSOC, ASSOC-EQUAL, BINARY-*, EQUAL, EXPT, GOOD-MEM-LISTP, INTEGERP, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, RATIONALP, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, R32-W32-MOD-4, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules MOD-ZERO, N08P-ALISTP, NATP-R32, XTR and Y86-GUARD. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (IY86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (IETC S (BIG1-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM BIG1-IY86 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (BIG1-PRECONDITION S))) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (Y86-GUARD S) (BIG1-PRECONDITION S)) (EQUAL (IY86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (IY86 S (BIG1-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM BIG1-IY86 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION BIG1-CLK) (:DEFINITION BIG1-EFFECTS) (:DEFINITION BIG1-PRECONDITION) (:DEFINITION FORCE) (:DEFINITION IETC) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION IW32-CNT) (:DEFINITION JUMP-P-WITH-UNHIDING) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION REGVAL) (:DEFINITION SYNP) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ADDR-EQUAL) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART GOOD-MEM-LISTP) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART MV-NTH) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NAT-TO-BOOLEAN) (:EXECUTABLE-COUNTERPART NATP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART OP2-WITH-HIDING) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNHIDE) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART XOR) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR R32-BOUNDED) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-OPEN) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ALL-EQUAL-R32-XTR-W32) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE IY86-C+) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N08P-ALISTP-W32) (:REWRITE N32-MINUS-N) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE R08-BIG1) (:REWRITE R32-BIG1) (:REWRITE R32-W32-MOD-4) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32-BIG1) (:REWRITE W32-W32-SAME) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION BIG1-PROGRAMP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION NATP-C+) (:TYPE-PRESCRIPTION NATP-R32) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Disable, Non-rec and Theory Time: 48.08 seconds (prove: 48.07, print: 0.01, other: 0.01) BIG1-IY86 ACL2 !>>(DEFTHM BIG1 (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) :HINTS (("Goal" :USE (:INSTANCE BIG1-IY86) :IN-THEORY (E/D (IY86-CONVERSION) (Y86-GUARD BIG1-PRECONDITION BIG1-CLK BIG1-EFFECTS BIG1-IY86 INTENTIONAL-EFFECTSP)))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (Y86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (ETC S (BIG1-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> ETC)))))) ACL2 Warning [Theory] in ( DEFTHM BIG1 ...): The value of the theory expression '(~=> ETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM BIG1 ...): The value of the theory expression '(~=> ETC) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM BIG1 ...): A :REWRITE rule generated from BIG1 will be triggered only by terms containing the non-recursive function symbol BIG1-CLK. Unless this function is disabled, this rule is unlikely ever to be used. [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from BIG1-IY86 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S)))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))). But simplification reduces this to T, using the :rewrite rules BIG1-INTENTIONALP, IY86-CONVERSION and N08P-ALISTP-G-MEM-IY86 and the :type-prescription rules BIG1-PRECONDITION, Y86-GUARD and ~=>. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (Y86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (ETC S (BIG1-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM BIG1 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions ETC and FORCE we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (BIG1-PRECONDITION S))) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (Y86-GUARD S) (BIG1-PRECONDITION S)) (EQUAL (Y86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (Y86 S (BIG1-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM BIG1 ...) Rules: ((:DEFINITION ETC) (:DEFINITION FORCE) (:DEFINITION NOT) (:DEFINITION ~=>) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE BIG1-INTENTIONALP) (:REWRITE IY86-CONVERSION) (:REWRITE N08P-ALISTP-G-MEM-IY86) (:TYPE-PRESCRIPTION BIG1-PRECONDITION) (:TYPE-PRESCRIPTION Y86-GUARD) (:TYPE-PRESCRIPTION ~=>)) Warnings: Disable, Non-rec and Theory Time: 0.03 seconds (prove: 0.01, print: 0.00, other: 0.01) BIG1 ACL2 !>>(IN-THEORY (DISABLE BIG1-CLK)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4714 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. We export BIG1-EFFECTS, BIG1-PRECONDITION and BIG1-CLK. Summary Form: ( ENCAPSULATE NIL (DEFUN BIG1-CLK ...) ...) Rules: NIL Warnings: Disable, Theory and Non-rec Time: 48.17 seconds (prove: 48.09, print: 0.01, other: 0.06) ; (EV-REC *RETURN-LAST-ARG3* ...) took ; 50.74 seconds realtime, 48.18 seconds runtime ; (3,190,388,688 bytes allocated). T ACL2 !>(defthm-code-loop iterative-loop ; verification of loop in iterative (and (equal (g :eip s) *iterative-loop*) ; pc at loop (iterative-programp (g :mem s)) (<= *stack-lo* (g :esp s)) ; standard esp invariant (<= (g :esp s) *stack-hi*) (equal (mod (g :esp s) 4) 0) (< (g :eax s) (expt 2 16)) ; input legal (< (+ (/ (* (g :eax s) (+ (g :eax s) 1)) 2) ; sufficient room for final answer (g :ebx s)) (expt 2 31)) (equal (g :ecx s) 4294967295) ; ecx = -1 ) (effects (:eax (if (zp (g :eax s)) 4294967295 0)) (:ebx (+ (/ (* (g :eax s) (+ (g :eax s) 1)) 2) (g :ebx s))) (:eip *iterative-finish*) (:esp (g :esp s)) ; preserve esp, ebp, edi, and esi! (:ebp (g :ebp s)) (:edi (g :edi s)) (:esi (g :esi s)) (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (xtr (g :esp s) *stack-hi* (g :mem s)) (xtr *data-lo* *data-hi* (g :mem s))))) :intentionalp t :m (g :eax s) :test (<= (g :eax s) 1) :k 3 :alpha (effects (:eax (if (zp (g :eax s)) 4294967295 (+ (g :eax s) -1))) (:ebx (+ (g :eax s) (g :ebx s))) (:ecx (g :ecx s)) (:eip (if (or (zp (g :eax s)) (equal (g :eax s) 1)) *iterative-finish* *iterative-loop*)) (:esp (g :esp s)) ; preserve esp, ebp, edi, and esi! (:ebp (g :ebp s)) (:edi (g :edi s)) (:esi (g :esi s)) (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (xtr (g :esp s) *stack-hi* (g :mem s)) (xtr *data-lo* *data-hi* (g :mem s)))))) To verify that the 18 encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFUN ITERATIVE-LOOP-PRECONDITION (S) (DECLARE (IGNORABLE S)) (AND (EQUAL (G :EIP S) *ITERATIVE-LOOP*) (ITERATIVE-PROGRAMP (G :MEM S)) (<= *STACK-LO* (G :ESP S)) (<= (G :ESP S) *STACK-HI*) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) (EXPT 2 16)) (< (+ (/ (* (G :EAX S) (+ (G :EAX S) 1)) 2) (G :EBX S)) (EXPT 2 31)) (EQUAL (G :ECX S) 4294967295))) Since ITERATIVE-LOOP-PRECONDITION is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-PRECONDITION is described by the theorem (OR (EQUAL (ITERATIVE-LOOP-PRECONDITION S) T) (EQUAL (ITERATIVE-LOOP-PRECONDITION S) NIL)). We used primitive type reasoning. Summary Form: ( DEFUN ITERATIVE-LOOP-PRECONDITION ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) ITERATIVE-LOOP-PRECONDITION ACL2 !>>(DEFUN ITERATIVE-LOOP-EFFECTS (S) (DECLARE (IGNORABLE S)) (EFFECTS (:EAX (IF (ZP (G :EAX S)) 4294967295 0)) (:EBX (+ (/ (* (G :EAX S) (+ (G :EAX S) 1)) 2) (G :EBX S))) (:EIP *ITERATIVE-FINISH*) (:ESP (G :ESP S)) (:EBP (G :EBP S)) (:EDI (G :EDI S)) (:ESI (G :ESI S)) (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (XTR (G :ESP S) *STACK-HI* (G :MEM S)) (XTR *DATA-LO* *DATA-HI* (G :MEM S)))))) Since ITERATIVE-LOOP-EFFECTS is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-EFFECTS is described by the theorem (AND (CONSP (ITERATIVE-LOOP-EFFECTS S)) (TRUE-LISTP (ITERATIVE-LOOP-EFFECTS S))). We used primitive type reasoning. Summary Form: ( DEFUN ITERATIVE-LOOP-EFFECTS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) ITERATIVE-LOOP-EFFECTS ACL2 !>>(DEFUN ITERATIVE-LOOP-M (S) (DECLARE (IGNORABLE S)) (G :EAX S)) Since ITERATIVE-LOOP-M is non-recursive, its admission is trivial. We could deduce no constraints on the type of ITERATIVE-LOOP-M. Summary Form: ( DEFUN ITERATIVE-LOOP-M ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-M ACL2 !>>(DEFUN ITERATIVE-LOOP-TEST (S) (DECLARE (IGNORABLE S)) (<= (G :EAX S) 1)) Since ITERATIVE-LOOP-TEST is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-TEST is described by the theorem (OR (EQUAL (ITERATIVE-LOOP-TEST S) T) (EQUAL (ITERATIVE-LOOP-TEST S) NIL)). Summary Form: ( DEFUN ITERATIVE-LOOP-TEST ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-TEST ACL2 !>>(DEFUN ITERATIVE-LOOP-K (S) (DECLARE (IGNORABLE S)) 3) Since ITERATIVE-LOOP-K is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-K is described by the theorem (AND (INTEGERP (ITERATIVE-LOOP-K S)) (< 0 (ITERATIVE-LOOP-K S))). Summary Form: ( DEFUN ITERATIVE-LOOP-K ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-K ACL2 !>>(DEFUN ITERATIVE-LOOP-ALPHA (S) (DECLARE (IGNORABLE S)) (EFFECTS (:EAX (IF (ZP (G :EAX S)) 4294967295 (+ (G :EAX S) -1))) (:EBX (+ (G :EAX S) (G :EBX S))) (:ECX (G :ECX S)) (:EIP (IF (OR (ZP (G :EAX S)) (EQUAL (G :EAX S) 1)) *ITERATIVE-FINISH* *ITERATIVE-LOOP*)) (:ESP (G :ESP S)) (:EBP (G :EBP S)) (:EDI (G :EDI S)) (:ESI (G :ESI S)) (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (XTR (G :ESP S) *STACK-HI* (G :MEM S)) (XTR *DATA-LO* *DATA-HI* (G :MEM S)))))) Since ITERATIVE-LOOP-ALPHA is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-ALPHA is described by the theorem (AND (CONSP (ITERATIVE-LOOP-ALPHA S)) (TRUE-LISTP (ITERATIVE-LOOP-ALPHA S))). We used the :compound-recognizer rule ZP-COMPOUND-RECOGNIZER and primitive type reasoning. Summary Form: ( DEFUN ITERATIVE-LOOP-ALPHA ...) Rules: ((:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) ITERATIVE-LOOP-ALPHA ACL2 !>>(DEFTHM ITERATIVE-LOOP-NATP-K (NATP (ITERATIVE-LOOP-K S)) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM ITERATIVE-LOOP-NATP-K ...): Our heuristics choose (ITERATIVE-LOOP-K S) as the :TYPED-TERM. But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rule ITERATIVE-LOOP-K. Q.E.D. The storage of ITERATIVE-LOOP-NATP-K depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM ITERATIVE-LOOP-NATP-K ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-K)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-NATP-K ACL2 !>>(DEFTHM ITERATIVE-LOOP-O-P-M (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-M and ITERATIVE-LOOP-PRECONDITION, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (O-P (G :EAX S))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions O-FINP, O-P and SYNP, the :executable-counterpart of BINARY-*, the :forward- chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1 and NORMALIZE-FACTORS-GATHER-EXPONENTS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-O-P-M ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ITERATIVE-LOOP-M) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION O-FINP) (:DEFINITION O-P) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART EXPT) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.09 seconds (prove: 0.08, print: 0.00, other: 0.00) ITERATIVE-LOOP-O-P-M ACL2 !>>(DEFTHM-CODE-SEQ ITERATIVE-LOOP-ONE-PASS-EFFECTS (ITERATIVE-LOOP-PRECONDITION S) (ITERATIVE-LOOP-ALPHA S) :INTENTIONALP T :USE-EXISTING-NAMESP T :K (ITERATIVE-LOOP-K S) :RULE-CLASSES NIL) To verify that the four encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (INTENTIONAL-EFFECTSP (ITERATIVE-LOOP-ALPHA S)))) ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP ...): A :REWRITE rule generated from ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP will be triggered only by terms containing the non-recursive function symbols INTENTIONAL-EFFECTSP and ITERATIVE-LOOP-ALPHA. Unless these functions are disabled, this rule is unlikely ever to be used. By the simple :definition ITERATIVE-LOOP-PRECONDITION, the :executable- counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (INTENTIONAL-EFFECTSP (ITERATIVE-LOOP-ALPHA S))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-ALPHA, NOT and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS and ZP-OPEN and the :type-prescription rule Y86-GUARD, to the following three conjectures. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 0)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+, EXPT and NOT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 3' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 1) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (INTENTIONAL-EFFECTSP (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Q.E.D. The storage of ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP depends upon the :type-prescription rule INTENTIONAL-EFFECTSP. Summary Form: ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION INTENTIONAL-EFFECTSP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Non-rec Time: 0.64 seconds (prove: 0.63, print: 0.01, other: 0.00) ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP ACL2 !>>(DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (IETC S (ITERATIVE-LOOP-K S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...): A :REWRITE rule generated from ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 will be triggered only by terms containing the non-recursive function symbol ITERATIVE-LOOP-K. Unless this function is disabled, this rule is unlikely ever to be used. By the simple :definitions ITERATIVE-LOOP-K and ITERATIVE-LOOP-PRECONDITION, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S 3) (ITERATIVE-LOOP-ALPHA S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, ITERATIVE-LOOP-ALPHA, MV-NTH, N32+, NOT, OP2-WITH-HIDING, REGVAL and SYNP, the :executable- counterparts of <, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N32+, NOT, NUMR, R08, RA, RB, UNARY-- and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N32-MINUS-N, NORMALIZE-FACTORS-GATHER-EXPONENTS, R08-ITERATIVE, S-DIFF-S, S-SAME-S and ZP-OPEN and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to the following five conjectures. Subgoal 5 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< (G :EAX S) 1) (<= (G :EAX S) 0)) (~=> (IY86 (S :EAX (CAR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+, EXPT and NOT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 5' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 (S :EAX (CAR (LET ((RESULT 4294967295) (CRB 0) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ 0 (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT 4294967295) (CRB 0) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT 4294967295) (CRB 0) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT 4294967295) (CRB 0) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :rewrite rules CAR-CONS and CDR-CONS we reduce the conjecture to Subgoal 5'' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 (S :EAX 4294967295 (S :EBX (N32 (+ 0 (G :EBX S))) (S :EIP 72 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) 1) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, NOT, SYNP and XOR, the :executable-counterparts of BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N32+, NOT, R08, R32 and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ y x)|, |(equal (if a b c) x)|, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N32-OPEN, R08-ITERATIVE, R32-ITERATIVE, S-DIFF-S, S-SAME-S and UNHIDE-NAT-TO-BOOLEAN-HIDE and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to the following four conjectures. Subgoal 5.4 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= 0 (N32-TO-I32 4294967295)) (NOT (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))))) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 77 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But we reduce the conjecture to T, by the :executable-counterparts of <, =, BINARY-+, IF and N32-TO-I32. Subgoal 5.3 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295) (< (N32-TO-I32 4294967295) 0) (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0)))) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 77 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the :executable-counterparts of <, =, BINARY-+ and N32-TO-I32 we reduce the conjecture to Subgoal 5.3' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 77 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-XTR-SAME, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 5.2 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295) (< (N32-TO-I32 4294967295) 0) (NOT (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))))) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 68 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But we reduce the conjecture to T, by the :executable-counterparts of <, =, BINARY-+, IF and N32-TO-I32. Subgoal 5.1 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= 0 (N32-TO-I32 4294967295)) (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0)))) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 68 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But we reduce the conjecture to T, by the :executable-counterparts of <, =, BINARY-+ and N32-TO-I32. Subgoal 4 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= 1 (G :EAX S)) (<= (G :EAX S) 0)) (~=> (IY86 (S :EAX (CAR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using primitive type reasoning. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= 1 (G :EAX S)) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (~=> (IY86 (S :EAX (CAR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, NOT, SYNP and XOR, the :executable-counterparts of BITS-04, CAR, CONS, EQL, EQUAL, N32+, R08, R32 and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, R08-ITERATIVE, R32-ITERATIVE, REMOVE-WEAK-INEQUALITIES, S-DIFF-S, S-SAME-S and UNHIDE-NAT-TO-BOOLEAN-HIDE and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to the following six conjectures. Subgoal 3.6 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.6' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, EQUAL, EXPT and N32-TO-I32, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rule N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD. Subgoal 3.5 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.5' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rule N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD. Subgoal 3.4 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.4' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (EQUAL RESULT 0) 1 0)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definition SYNP, the :executable-counterparts of <, EQUAL, EXPT and N32-TO-I32, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rules |(equal (if a b c) x)|, N32-OPEN and N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD, to Subgoal 3.4'' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (+ -1 (G :EAX S)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (+ (G :EAX S) (G :EBX S)) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definition SYNP, the :executable-counterpart of BINARY-+, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))| and REDUCE-ADDITIVE-CONSTANT-EQUAL and the :type-prescription rule Y86-GUARD, to Subgoal 3.4''' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (+ (G :EAX S) (G :EBX S)) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-XTR-SAME, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 3.3 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.3' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (EQUAL RESULT 0) 1 0)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rule N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD. Subgoal 3.2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.2' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (EQUAL RESULT 0) 1 0)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rule N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD. Subgoal 3.1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.1' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (EQUAL RESULT 0) 1 0)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definition SYNP, the :executable-counterparts of <, CONS, EQUAL, EXPT and N32-TO-I32, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rules |(equal (if a b c) x)|, N32-OPEN and N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD, to Subgoal 3.1'' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (+ -1 (G :EAX S)) 0)) (~=> (S :EAX 0 (S :EBX (+ (G :EAX S) (G :EBX S)) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST '(:EAX 0) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< (G :EAX S) 1) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (~=> (IY86 (S :EAX (CAR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 1) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1)) (~=> (IY86 (S :EAX (CAR (LET ((RESULT 0) (CRB 1) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ 1 (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT 0) (CRB 1) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT 0) (CRB 1) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT 0) (CRB 1) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :rewrite rules CAR-CONS and CDR-CONS we reduce the conjecture to Subgoal 1' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 1) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1)) (~=> (IY86 (S :EAX 0 (S :EBX (N32 (+ 1 (G :EBX S))) (S :EIP 72 (S :F-OF (HIDE (IF (= (N32-TO-I32 0) (+ (N32-TO-I32 4294967295) (N32-TO-I32 1))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 0) 0) 1 0)) (S :F-ZF (HIDE (IF (= 0 0) 1 0)) S)))))) 1) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definition SYNP, the :executable-counterparts of <, BINARY-+, EXPT and UNARY--, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ y x)| and N32-MINUS-N and the :type-prescription rule Y86-GUARD, to the following two conjectures. Subgoal 1.2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ 1 (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1) (< (G :EBX S) 4294967295)) (~=> (IY86 (S :EAX 0 (S :EBX (+ 1 (G :EBX S)) (S :EIP 72 (S :F-OF (HIDE (IF (= (N32-TO-I32 0) (+ (N32-TO-I32 4294967295) (N32-TO-I32 1))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 0) 0) 1 0)) (S :F-ZF (HIDE (IF (= 0 0) 1 0)) S)))))) 1) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions JUMP-P-WITH-UNHIDING, NOT, SYNP and XOR, the :executable-counterparts of BINARY-+, BITS-04, EQL, EQUAL, N32+, NOT and R08, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(equal (if a b c) x)|, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, R08-ITERATIVE, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S and UNHIDE-NAT-TO-BOOLEAN-HIDE and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to Subgoal 1.2' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483647) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1) (< (G :EBX S) 4294967295)) (~=> (S :EAX 0 (S :EBX (+ 1 (G :EBX S)) (S :EIP 77 (S :F-OF (HIDE (IF (= (N32-TO-I32 0) (+ (N32-TO-I32 4294967295) (N32-TO-I32 1))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 0) 0) 1 0)) (S :F-ZF (HIDE (IF (= 0 0) 1 0)) S)))))) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-XTR-SAME, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1.1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ 1 (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1) (<= 4294967295 (G :EBX S))) (~=> (IY86 (S :EAX 0 (S :EBX (+ -4294967295 (G :EBX S)) (S :EIP 72 (S :F-OF (HIDE (IF (= (N32-TO-I32 0) (+ (N32-TO-I32 4294967295) (N32-TO-I32 1))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 0) 0) 1 0)) (S :F-ZF (HIDE (IF (= 0 0) 1 0)) S)))))) 1) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (IETC S (ITERATIVE-LOOP-K S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (EQUAL (IY86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (IY86 S (ITERATIVE-LOOP-K S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION =) (:DEFINITION ASSOC-EQUAL) (:DEFINITION FORCE) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IETC) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-K) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION JUMP-P-WITH-UNHIDING) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION REGVAL) (:DEFINITION SYNP) (:DEFINITION XOR) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART =) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART IF) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32-TO-I32) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR EXPT-X->=-X) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(equal (if a b c) x)|) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N32-MINUS-N) (:REWRITE N32-OPEN) (:REWRITE N32-TO-I32-OPEN) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE R08-ITERATIVE) (:REWRITE R32-ITERATIVE) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE REDUCE-ADDITIVE-CONSTANT-EQUAL) (:REWRITE REMOVE-WEAK-INEQUALITIES) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE UNHIDE-NAT-TO-BOOLEAN-HIDE) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE ZP-OPEN) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE) (:TYPE-PRESCRIPTION ITERATIVE-PROGRAMP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA1) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Disable, Non-rec and Theory Time: 2.62 seconds (prove: 2.45, print: 0.15, other: 0.01) ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ACL2 !>>(DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) :HINTS (("Goal" :USE (:INSTANCE ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86) :IN-THEORY (E/D (IY86-CONVERSION) (Y86-GUARD ITERATIVE-LOOP-PRECONDITION ITERATIVE-LOOP-K ITERATIVE-LOOP-ALPHA ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 INTENTIONAL-EFFECTSP)))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S)))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))). But simplification reduces this to T, using the :rewrite rules ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP, IY86-CONVERSION and N08P-ALISTP-G-MEM-IY86 and the :type-prescription rules ITERATIVE-LOOP-PRECONDITION, Y86-GUARD and ~=>. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS ...) Rules: ((:DEFINITION NOT) (:REWRITE ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP) (:REWRITE IY86-CONVERSION) (:REWRITE N08P-ALISTP-G-MEM-IY86) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-PRECONDITION) (:TYPE-PRESCRIPTION Y86-GUARD) (:TYPE-PRESCRIPTION ~=>)) Time: 0.03 seconds (prove: 0.01, print: 0.00, other: 0.01) ITERATIVE-LOOP-ONE-PASS-EFFECTS ACL2 !>>(IN-THEORY (DISABLE ITERATIVE-LOOP-K)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4734 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. Summary Form: ( ENCAPSULATE NIL (DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP ...) ...) Rules: NIL Warnings: Disable, Theory and Non-rec Time: 3.30 seconds (prove: 3.09, print: 0.17, other: 0.03) T ACL2 !>>(DEFTHM ITERATIVE-LOOP-M-DEC (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) (ITERATIVE-LOOP-M S))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-M, ITERATIVE-LOOP-PRECONDITION and ITERATIVE-LOOP-TEST, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S))) (O< (G :EAX (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) (G :EAX S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-ALPHA, O-FINP, O< and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, DEFAULT-LESS-THAN-1 and NORMALIZE-FACTORS-GATHER-EXPONENTS and the :type-prescription rule Y86-GUARD, to the following three conjectures. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (NOT (CONSP (G :EAX (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :definition S*, the :executable-counterparts of ACL2-NUMBERP, BINARY-*, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules CAR-CONS, CDR-CONS, G-SAME-S, S-DIFF-S, W32*-APPEND and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (ACL2-NUMBERP (G :EAX (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))) (< (G :EAX (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)) (G :EAX S))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :definitions S* and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-+-MATCH-1, CAR-CONS, CDR-CONS, G-SAME-S, NORMALIZE-ADDENDS, S-DIFF-S, SIMPLIFY-SUMS-<, W32*-APPEND and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (ACL2-NUMBERP (G :EAX (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1))))) (< 0 (G :EAX S))). But simplification reduces this to T, using primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-M-DEC ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-M) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-TEST) (:DEFINITION NOT) (:DEFINITION O-FINP) (:DEFINITION O<) (:DEFINITION S*) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-LESS-THAN-1) (:REWRITE G-SAME-S) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE S-DIFF-S) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-W32*-XTR) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.46 seconds (prove: 0.44, print: 0.01, other: 0.00) ITERATIVE-LOOP-M-DEC ACL2 !>>(DEFTHM ITERATIVE-LOOP-HYP-INVARIANT (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-PRECONDITION and ITERATIVE-LOOP-TEST, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-ALPHA and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1 and NORMALIZE-FACTORS-GATHER-EXPONENTS and the :type-prescription rule Y86-GUARD, to Goal'' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (ITERATIVE-LOOP-PRECONDITION (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-PRECONDITION, S* and SYNP, the :executable- counterparts of ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONSP, EQUAL, EXPT, INTEGERP, N32P, RATIONALP, UNARY-- and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* -1 x)|, |(* x (+ y z))|, |(* x (- y))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (* c x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-BUBBLE-DOWN, BUBBLE-DOWN-+-MATCH-3, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32*-XTR, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, S-DIFF-S, W32*-APPEND, W32*-XTR-ITERATIVE and W32*-XTR-W32*-XTR and the :type-prescription rules ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP and Y86-GUARD, to Goal''' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (< (+ -1 (G :EAX S)) 65536)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-HYP-INVARIANT ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-TEST) (:DEFINITION NOT) (:DEFINITION S*) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* -1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (- y))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (* c x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-BUBBLE-DOWN) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE S-DIFF-S) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-ITERATIVE) (:REWRITE W32*-XTR-W32*-XTR) (:TYPE-PRESCRIPTION ITERATIVE-PROGRAMP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.52 seconds (prove: 0.51, print: 0.01, other: 0.00) ITERATIVE-LOOP-HYP-INVARIANT ACL2 !>>(DEFUN ITERATIVE-LOOP-CLK (S) (DECLARE (XARGS :MEASURE (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0) :HINTS (("Goal" :USE ((:INSTANCE ITERATIVE-LOOP-O-P-M) (:INSTANCE ITERATIVE-LOOP-M-DEC (ARBITRARY-S1 (ETC S (ITERATIVE-LOOP-K S)))) (:INSTANCE ITERATIVE-LOOP-HYP-INVARIANT (ARBITRARY-S1 (ETC S (ITERATIVE-LOOP-K S)))) (:INSTANCE ITERATIVE-LOOP-ONE-PASS-EFFECTS)) :IN-THEORY '(~=> ETC (:EXECUTABLE-COUNTERPART O-P) Y86-GUARD-INVARIANT))))) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (IF (ITERATIVE-LOOP-TEST S) (ITERATIVE-LOOP-K S) (C+ (ITERATIVE-LOOP-K S) (ITERATIVE-LOOP-CLK (Y86 S (ITERATIVE-LOOP-K S))))) 0)) ACL2 Warning [Theory] in ( DEFUN ITERATIVE-LOOP-CLK ...): The value of the theory expression '(~=> ETC (:EXECUTABLE-COUNTERPART O-P) Y86-GUARD-INVARIANT) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFUN ITERATIVE-LOOP-CLK ...): The value of the theory expression '(~=> ETC (:EXECUTABLE-COUNTERPART O-P) Y86-GUARD-INVARIANT) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). For the admission of ITERATIVE-LOOP-CLK we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0). The non-trivial part of the measure conjecture is Goal (AND (O-P (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0)) (IMPLIES (AND (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (NOT (ITERATIVE-LOOP-TEST S))) (O< (IF (AND (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M (Y86 S (ITERATIVE-LOOP-K S))) 0) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0)))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFUN ITERATIVE-LOOP-CLK ...): Forcing has transitioned from enabled to disabled. See :DOC force. We augment the goal with the hypotheses provided by the :USE hint. These hypotheses can be derived from ITERATIVE-LOOP-O-P-M, ITERATIVE-LOOP-M-DEC, ITERATIVE-LOOP-HYP-INVARIANT and ITERATIVE-LOOP-ONE-PASS-EFFECTS via instantiation. We are left with the following subgoal. Goal' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))) (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD (ETC S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (ETC S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S))) (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD (ETC S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (ETC S (ITERATIVE-LOOP-K S))))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S)))) (AND (O-P (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0)) (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (ITERATIVE-LOOP-TEST S) (O< (IF (AND (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M (Y86 S (ITERATIVE-LOOP-K S))) 0) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0))))). By the simple :definition ETC we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))) (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S))) (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S))))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S)))) (AND (O-P (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0)) (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (ITERATIVE-LOOP-TEST S) (O< (IF (AND (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M (Y86 S (ITERATIVE-LOOP-K S))) 0) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0))))). This simplifies, using the :definition ~=>, the :executable-counterpart of O-P and the :rewrite rule Y86-GUARD-INVARIANT, to the following eight conjectures. Subgoal 8 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-TEST S) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 7 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-TEST S) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (ITERATIVE-LOOP-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 6 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-TEST S) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 5 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-TEST S) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (ITERATIVE-LOOP-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 4 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 3 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S)) (NOT (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S))))) (O< 0 (ITERATIVE-LOOP-M S))). But simplification reduces this to T, using primitive type reasoning. Subgoal 2 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S)) (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S)))) (O< (ITERATIVE-LOOP-M (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-M S))). But simplification reduces this to T, using primitive type reasoning. Subgoal 1 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (ITERATIVE-LOOP-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Q.E.D. That completes the proof of the measure theorem for ITERATIVE-LOOP-CLK. Thus, we admit this function under the principle of definition. We observe that the type of ITERATIVE-LOOP-CLK is described by the theorem (AND (INTEGERP (ITERATIVE-LOOP-CLK S)) (<= 0 (ITERATIVE-LOOP-CLK S))). We used the :type-prescription rules ITERATIVE-LOOP-K, ITERATIVE-LOOP-NATP-K and NATP-C+. Summary Form: ( DEFUN ITERATIVE-LOOP-CLK ...) Rules: ((:DEFINITION ETC) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART O-P) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE Y86-GUARD-INVARIANT) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-K) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-NATP-K) (:TYPE-PRESCRIPTION NATP-C+)) Warnings: Disable and Theory Time: 0.04 seconds (prove: 0.01, print: 0.02, other: 0.01) ITERATIVE-LOOP-CLK ACL2 !>>(DEFTHM ITERATIVE-LOOP-BASE-CASE (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (ITERATIVE-LOOP-TEST S)) (EQUAL (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1) (S* (ITERATIVE-LOOP-EFFECTS S) (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-PRECONDITION and ITERATIVE-LOOP-TEST, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 1)) (EQUAL (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1) (S* (ITERATIVE-LOOP-EFFECTS S) (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-ALPHA, ITERATIVE-LOOP-EFFECTS, NOT and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS, REMOVE-STRICT-INEQUALITIES and ZP-OPEN and the :type-prescription rule Y86-GUARD, to the following three conjectures. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 1) (<= (G :EAX S) 0)) (EQUAL (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1) (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+ and EXPT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 3' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (EQUAL (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1) (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, NON-NIL-KEYS and S*, the :executable-counterparts of ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, RATIONALP and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-SAME-S, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-XTR, S-DIFF-S, S-S*-COMMUTES, S-SAME-S, UNIQUE-KEYS-XTR, W32*-APPEND, W32*-W32*-SAME and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 1) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1)) (EQUAL (S* (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1) (S* (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) 1)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) (S* (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, NON-NIL-KEYS and S*, the :executable-counterparts of ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, RATIONALP and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-SAME-S, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-XTR, S-DIFF-S, S-S*-COMMUTES, S-SAME-S, UNIQUE-KEYS-XTR, W32*-APPEND, W32*-W32*-SAME and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 1) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (EQUAL (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1) (S* (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-BASE-CASE ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-TEST) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION S*) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-SAME-S) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REMOVE-STRICT-INEQUALITIES) (:REWRITE S-DIFF-S) (:REWRITE S-S*-COMMUTES) (:REWRITE S-SAME-S) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32*-APPEND) (:REWRITE W32*-W32*-SAME) (:REWRITE W32*-XTR-W32*-XTR) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.74 seconds (prove: 0.71, print: 0.02, other: 0.00) ITERATIVE-LOOP-BASE-CASE ACL2 !>>(DEFTHM ITERATIVE-LOOP-INDUCTION-STEP (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (ITERATIVE-LOOP-EFFECTS S) ARBITRARY-S2))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-PRECONDITION and ITERATIVE-LOOP-TEST, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (ITERATIVE-LOOP-EFFECTS S) ARBITRARY-S2))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-ALPHA, ITERATIVE-LOOP-EFFECTS, S* and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONS, CONSP, EQUAL, EXPT, INTEGERP, N32P, NOT and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CAR-CONS, CDR-CONS, NORMALIZE-FACTORS-GATHER-EXPONENTS, S-DIFF-S, W32*-APPEND and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD, to Goal'' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)) ARBITRARY-S2) (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :EDI (G :EDI S) (S :EIP 77 (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (G :ESP S) 100000 (G :MEM S)) (G :MEM ARBITRARY-S2)))) ARBITRARY-S2)))))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-EFFECTS, NOT, S* and SYNP, the :executable- counterparts of ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P, RATIONALP, UNARY-- and UNARY-/, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* -1 x)|, |(* x (+ y z))|, |(* x (- y))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (* c x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-BUBBLE-DOWN, BUBBLE-DOWN-+-MATCH-3, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32*-XTR, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, S-DIFF-S, W32*-APPEND, W32*-XTR-W32*-XTR, XTR-W32*-XTR-CASE-1, XTR-W32*-XTR-CASE-2, XTR-W32*-XTR-CASE-3 and ZP-OPEN and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (< 0 (+ -1 (G :EAX S)))) (EQUAL (S* (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S2) (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :EDI (G :EDI S) (S :EIP 77 (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (G :ESP S) 100000 (G :MEM S)) (G :MEM ARBITRARY-S2)))) ARBITRARY-S2)))))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :definitions S* and SYNP, the :executable-counterparts of ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P and UNARY-/, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, CAR-CONS, CDR-CONS, REDUCE-ADDITIVE-CONSTANT-<, REMOVE-STRICT-INEQUALITIES, S-DIFF-S, W32*-APPEND and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (<= (+ -1 (G :EAX S)) 0)) (EQUAL (S* (LIST '(:EAX 4294967295) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S2) (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :EDI (G :EDI S) (S :EIP 77 (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (G :ESP S) 100000 (G :MEM S)) (G :MEM ARBITRARY-S2)))) ARBITRARY-S2)))))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-INDUCTION-STEP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-TEST) (:DEFINITION NOT) (:DEFINITION S*) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* -1 x)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (- y))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (* c x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-BUBBLE-DOWN) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE REMOVE-STRICT-INEQUALITIES) (:REWRITE S-DIFF-S) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-W32*-XTR) (:REWRITE XTR-W32*-XTR-CASE-1) (:REWRITE XTR-W32*-XTR-CASE-2) (:REWRITE XTR-W32*-XTR-CASE-3) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.67 seconds (prove: 0.66, print: 0.02, other: 0.00) ITERATIVE-LOOP-INDUCTION-STEP ACL2 !>>(DEFTHM ITERATIVE-LOOP (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) :HINTS (("Goal" :USE (:FUNCTIONAL-INSTANCE IRULE (HYP ITERATIVE-LOOP-PRECONDITION) (CLK ITERATIVE-LOOP-CLK) (ALPHA ITERATIVE-LOOP-ALPHA) (BETA ITERATIVE-LOOP-EFFECTS) (TEST ITERATIVE-LOOP-TEST) (K ITERATIVE-LOOP-K) (M ITERATIVE-LOOP-M)) :IN-THEORY (DISABLE Y86-GUARD NATP ITERATIVE-LOOP-PRECONDITION ITERATIVE-LOOP-CLK ITERATIVE-LOOP-ALPHA ITERATIVE-LOOP-EFFECTS ITERATIVE-LOOP-TEST ITERATIVE-LOOP-K ITERATIVE-LOOP-M)) ("Subgoal 8" :BY ITERATIVE-LOOP-INDUCTION-STEP) ("Subgoal 7" :BY ITERATIVE-LOOP-BASE-CASE) ("Subgoal 6" :BY ITERATIVE-LOOP-HYP-INVARIANT) ("Subgoal 5" :BY ITERATIVE-LOOP-M-DEC) ("Subgoal 4" :BY ITERATIVE-LOOP-ONE-PASS-EFFECTS) ("Subgoal 3" :BY ITERATIVE-LOOP-O-P-M) ("Subgoal 2" :BY ITERATIVE-LOOP-NATP-K) ("Subgoal 1" :BY ITERATIVE-LOOP-CLK)) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (Y86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (ETC S (ITERATIVE-LOOP-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> ETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP ...): The value of the theory expression '(~=> ETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP ...): The value of the theory expression '(~=> ETC) does not include the :EXECUTABLE- COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Use] in ( DEFTHM ITERATIVE-LOOP ...): It is unusual to :USE an enabled :REWRITE or :DEFINITION rule, so you may want to consider disabling (:REWRITE IRULE). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from IRULE via functional instantiation, provided we can establish the eight constraints generated; the constraints can be simplified using case analysis. We are left with the following eight subgoals. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 8 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (ITERATIVE-LOOP-EFFECTS S) ARBITRARY-S2))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (ITERATIVE-LOOP-EFFECTS S) ARBITRARY-S2))), which can be obtained from ITERATIVE-LOOP-INDUCTION-STEP. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 7 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (ITERATIVE-LOOP-TEST S)) (EQUAL (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1) (S* (ITERATIVE-LOOP-EFFECTS S) (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (ITERATIVE-LOOP-TEST S)) (EQUAL (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1) (S* (ITERATIVE-LOOP-EFFECTS S) (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)))), which can be obtained from ITERATIVE-LOOP-BASE-CASE. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 6 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1))), which can be obtained from ITERATIVE-LOOP-HYP-INVARIANT. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 5 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) (ITERATIVE-LOOP-M S))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) (ITERATIVE-LOOP-M S))), which can be obtained from ITERATIVE-LOOP-M-DEC. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 4 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))), which can be obtained from ITERATIVE-LOOP-ONE-PASS-EFFECTS. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))), which can be obtained from ITERATIVE-LOOP-O-P-M. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 2 (NATP (ITERATIVE-LOOP-K S)). But, as indicated by the hint, this goal is subsumed by (NATP (ITERATIVE-LOOP-K S)), which can be obtained from ITERATIVE-LOOP-NATP-K. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 1 (EQUAL (ITERATIVE-LOOP-CLK S) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (IF (ITERATIVE-LOOP-TEST S) (ITERATIVE-LOOP-K S) (C+ (ITERATIVE-LOOP-K S) (ITERATIVE-LOOP-CLK (Y86 S (ITERATIVE-LOOP-K S))))) 0)). But, as indicated by the hint, this goal is subsumed by (EQUAL (ITERATIVE-LOOP-CLK S) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (IF (ITERATIVE-LOOP-TEST S) (ITERATIVE-LOOP-K S) (C+ (ITERATIVE-LOOP-K S) (ITERATIVE-LOOP-CLK (Y86 S (ITERATIVE-LOOP-K S))))) 0)), which can be obtained from ITERATIVE-LOOP-CLK. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (Y86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (ETC S (ITERATIVE-LOOP-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-LOOP ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions ETC and FORCE we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (EQUAL (Y86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (Y86 S (ITERATIVE-LOOP-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP ...) Rules: ((:DEFINITION ETC) (:DEFINITION FORCE) (:DEFINITION NOT) (:DEFINITION ~=>) (:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: Disable, Use and Theory Time: 0.05 seconds (prove: 0.02, print: 0.01, other: 0.02) ITERATIVE-LOOP ACL2 !>>(IN-THEORY (DISABLE ITERATIVE-LOOP-CLK)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4737 ACL2 !>>(DEFTHM ITERATIVE-LOOP-INTENTIONALP (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (INTENTIONAL-EFFECTSP (ITERATIVE-LOOP-EFFECTS S)))) ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-LOOP-INTENTIONALP ...): A :REWRITE rule generated from ITERATIVE-LOOP-INTENTIONALP will be triggered only by terms containing the non-recursive function symbols INTENTIONAL-EFFECTSP and ITERATIVE-LOOP-EFFECTS. Unless these functions are disabled, this rule is unlikely ever to be used. By the simple :definition ITERATIVE-LOOP-PRECONDITION, the :executable- counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (INTENTIONAL-EFFECTSP (ITERATIVE-LOOP-EFFECTS S))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-EFFECTS, NOT and SYNP, the :executable- counterparts of BINARY-* and BINARY-+, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS and ZP-OPEN and the :type-prescription rule Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 0)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+, EXPT and NOT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 1' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Q.E.D. The storage of ITERATIVE-LOOP-INTENTIONALP depends upon the :type- prescription rule INTENTIONAL-EFFECTSP. Summary Form: ( DEFTHM ITERATIVE-LOOP-INTENTIONALP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION INTENTIONAL-EFFECTSP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Non-rec Time: 0.49 seconds (prove: 0.48, print: 0.01, other: 0.00) ITERATIVE-LOOP-INTENTIONALP ACL2 !>>(DEFTHM ITERATIVE-LOOP-IY86 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) :HINTS (("Goal" :USE (:INSTANCE ITERATIVE-LOOP) :IN-THEORY (E/D (IY86-CONVERSION) (INTENTIONAL-EFFECTSP ITERATIVE-LOOP)))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (IETC S (ITERATIVE-LOOP-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE- COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from ITERATIVE-LOOP via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S)))). By the simple :definition ITERATIVE-LOOP-PRECONDITION, the :executable- counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-EFFECTS, ITERATIVE-LOOP-PRECONDITION, NOT and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, EQUAL, EXPT and ZP, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS and ZP-OPEN and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (<= (G :EAX S) 0) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterpart of <, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 2' (IMPLIES (AND (EQUAL (G :EAX S) 0) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But forced simplification reduces this to T, using the :rewrite rules IY86-CONVERSION (forced) and N08P-ALISTP-G-MEM-IY86 and the :type- prescription rule Y86-GUARD. Subgoal 1 (IMPLIES (AND (< 0 (G :EAX S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But forced simplification reduces this to T, using the :rewrite rules IY86-CONVERSION (forced) and N08P-ALISTP-G-MEM-IY86 and the :type- prescription rule Y86-GUARD. q.e.d. (given two forced hypotheses) Modulo the following two forced goals, that completes the proof of the input Goal. See :DOC forcing-round. [1]Subgoal 2, below, will focus on (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))), which was forced in Subgoal 1 by applying (:REWRITE IY86-CONVERSION) to (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))). [1]Subgoal 1, below, will focus on (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))), which was forced in Subgoal 2' by applying (:REWRITE IY86-CONVERSION) to (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))). We now undertake Forcing Round 1. [1]Subgoal 2 (IMPLIES (AND S (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S))) (AND (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S))) (AND (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S))) (AND (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S))) (AND (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S))) (AND (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S))) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (AND (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S))) (EQUAL (N01P (G :F-SF S)) T) (AND (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S))) (EQUAL (N01P (G :F-ZF S)) T) (AND (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S))) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (AND (INTEGERP (G :EBP S)) (<= 0 (G :EBP S))) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (AND (INTEGERP (G :EDI S)) (<= 0 (G :EDI S))) (EQUAL (N32P (G :ESI S)) T) (AND (INTEGERP (G :ESI S)) (<= 0 (G :ESI S))) (EQUAL (N32P (G :EBX S)) T) (AND (INTEGERP (G :EBX S)) (<= 0 (G :EBX S))) (EQUAL (N32P (G :EDX S)) T) (AND (INTEGERP (G :EDX S)) (<= 0 (G :EDX S))) (EQUAL (N32P (G :ECX S)) T) (EQUAL (N32P (G :EAX S)) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (AND (INTEGERP (G :EAX S)) (< 0 (G :EAX S))) (EQUAL (< 0 (G :EAX S)) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EAX S) 65536) T) (EQUAL (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By case analysis we reduce the conjecture to [1]Subgoal 2' (IMPLIES (AND S (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (INTEGERP (G :EBP S)) (<= 0 (G :EBP S)) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (INTEGERP (G :EDI S)) (<= 0 (G :EDI S)) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (EQUAL (N32P (G :EAX S)) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (INTEGERP (G :EAX S)) (< 0 (G :EAX S)) (EQUAL (< 0 (G :EAX S)) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (INTEGERP (G :EIP S)) (< 0 (G :EIP S)) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (INTEGERP (G :ESP S)) (< 0 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EAX S) 65536) T) (EQUAL (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (INTEGERP (G :ECX S)) (< 0 (G :ECX S)) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But forced simplification reduces this to T, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, EXPT, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rules NON-NIL-IF-G-NON-NIL and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(< (if a b c) x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, DEFAULT-PLUS-1, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR (forced), NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, REMOVE-STRICT-INEQUALITIES, REMOVE-WEAK-INEQUALITIES, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type- prescription rules ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP, N32P-ALISTP, XTR and Y86-GUARD. [1]Subgoal 1 (IMPLIES (AND S (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S))) (AND (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S))) (AND (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S))) (AND (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S))) (AND (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S))) (AND (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S))) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (AND (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S))) (EQUAL (N01P (G :F-SF S)) T) (AND (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S))) (EQUAL (N01P (G :F-ZF S)) T) (AND (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S))) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (AND (INTEGERP (G :EBP S)) (<= 0 (G :EBP S))) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (AND (INTEGERP (G :EDI S)) (<= 0 (G :EDI S))) (EQUAL (N32P (G :ESI S)) T) (AND (INTEGERP (G :ESI S)) (<= 0 (G :ESI S))) (EQUAL (N32P (G :EBX S)) T) (AND (INTEGERP (G :EBX S)) (<= 0 (G :EBX S))) (EQUAL (N32P (G :EDX S)) T) (AND (INTEGERP (G :EDX S)) (<= 0 (G :EDX S))) (EQUAL (N32P (G :ECX S)) T) (EQUAL (N32P (G :EAX S)) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (EQUAL (G :EAX S) 0) T) (EQUAL (G :EAX S) 0) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EBX S) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By case analysis we reduce the conjecture to [1]Subgoal 1' (IMPLIES (AND S (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (INTEGERP (G :EBP S)) (<= 0 (G :EBP S)) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (INTEGERP (G :EDI S)) (<= 0 (G :EDI S)) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (EQUAL (N32P (G :EAX S)) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (EQUAL (G :EAX S) 0) T) (EQUAL (G :EAX S) 0) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (INTEGERP (G :EIP S)) (< 0 (G :EIP S)) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (INTEGERP (G :ESP S)) (< 0 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EBX S) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (INTEGERP (G :ECX S)) (< 0 (G :ECX S)) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :executable-counterparts of <, EQUAL, N32P and NOT, linear arithmetic and primitive type reasoning, to [1]Subgoal 1'' (IMPLIES (AND (EQUAL (G :EAX S) 0) S (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (INTEGERP (G :EBP S)) (<= 0 (G :EBP S)) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (INTEGERP (G :EDI S)) (<= 0 (G :EDI S)) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (INTEGERP (G :EIP S)) (< 0 (G :EIP S)) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (INTEGERP (G :ESP S)) (< 0 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (< (G :EBX S) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (INTEGERP (G :ECX S)) (< 0 (G :ECX S)) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But forced simplification reduces this to T, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, EXPT, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rules NON-NIL-IF-G-NON-NIL and Y86-GUARD-IMPLICATIONS, the :rewrite rules ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, DEFAULT-LESS-THAN-1, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR (forced), NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, REMOVE-STRICT-INEQUALITIES, REMOVE-WEAK-INEQUALITIES, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type- prescription rules ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP, N32P-ALISTP, XTR and Y86-GUARD. q.e.d. (given twelve forced hypotheses) Modulo the following four newly forced goals, that completes Forcing Round 1. For what it is worth, the four new goals were generated by cleaning up twelve forced hypotheses. See :DOC forcing-round. [2]Subgoal 4, below, will focus on (N08P-ALISTP (G :MEM S)), which was forced in [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 0 50000 (G :MEM S))), [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR (G :ESP S) 100000 (G :MEM S))), and [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 100000 105000 (G :MEM S))). [2]Subgoal 3, below, will focus on (N08P-ALISTP (G :MEM S)), which was forced in [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 0 50000 (G :MEM S))), [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR (G :ESP S) 100000 (G :MEM S))), and [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 100000 105000 (G :MEM S))). [2]Subgoal 2, below, will focus on (N08P-ALISTP (G :MEM S)), which was forced in [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 0 50000 (G :MEM S))), [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR (G :ESP S) 100000 (G :MEM S))), and [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 100000 105000 (G :MEM S))). [2]Subgoal 1, below, will focus on (N08P-ALISTP (G :MEM S)), which was forced in [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 0 50000 (G :MEM S))), [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR (G :ESP S) 100000 (G :MEM S))), and [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 100000 105000 (G :MEM S))). We now undertake Forcing Round 2. [2]Subgoal 4 (IMPLIES (AND S (EQUAL (EQUAL (G :EAX S) 0) T) (EQUAL (G :EAX S) 0) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EBX S) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (N08P-ALISTP (G :MEM S))). But we reduce the conjecture to T, by the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [2]Subgoal 3 (IMPLIES (AND S (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (OR (AND (RATIONALP (G :EAX S)) (< 0 (G :EAX S))) (COMPLEX-RATIONALP (G :EAX S))) (EQUAL (< 0 (G :EAX S)) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EAX S) 65536) T) (NOT (ACL2-NUMBERP (G :EBX S))) (EQUAL (< (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (N08P-ALISTP (G :MEM S))). But we reduce the conjecture to T, by the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [2]Subgoal 2 (IMPLIES (AND S (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (OR (AND (RATIONALP (G :EAX S)) (< 0 (G :EAX S))) (COMPLEX-RATIONALP (G :EAX S))) (EQUAL (< 0 (G :EAX S)) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EAX S) 65536) T) (ACL2-NUMBERP (G :EBX S)) (EQUAL (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (N08P-ALISTP (G :MEM S))). But we reduce the conjecture to T, by the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [2]Subgoal 1 (IMPLIES (AND S (EQUAL (EQUAL (G :EAX S) 0) T) (EQUAL (G :EAX S) 0) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (NOT (ACL2-NUMBERP (G :EBX S))) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (N08P-ALISTP (G :MEM S))). But we reduce the conjecture to T, by the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (IETC S (ITERATIVE-LOOP-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-LOOP-IY86 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (EQUAL (IY86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (IY86 S (ITERATIVE-LOOP-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-IY86 ...) Rules: ((:COMPOUND-RECOGNIZER N01P-TYPE) (:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION FORCE) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IETC) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION SYNP) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N01P-BOUND) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING NON-NIL-IF-G-NON-NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(< (if a b c) x)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-LESS-THAN-1) (:REWRITE DEFAULT-PLUS-1) (:REWRITE IY86-CONVERSION) (:REWRITE N08P-ALISTP-G-MEM-IY86) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REMOVE-STRICT-INEQUALITIES) (:REWRITE REMOVE-WEAK-INEQUALITIES) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION INTEGERP-MOD-1) (:TYPE-PRESCRIPTION ITERATIVE-PROGRAMP) (:TYPE-PRESCRIPTION MOD-NONNEGATIVE) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION N32P-ALISTP) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Disable and Theory Time: 1.58 seconds (prove: 1.47, print: 0.10, other: 0.02) ITERATIVE-LOOP-IY86 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. We export ITERATIVE-LOOP-CLK, ITERATIVE-LOOP-ALPHA, ITERATIVE-LOOP-K, ITERATIVE-LOOP-TEST, ITERATIVE-LOOP-M, ITERATIVE-LOOP-EFFECTS and ITERATIVE-LOOP-PRECONDITION. Summary Form: ( ENCAPSULATE NIL (DEFUN ITERATIVE-LOOP-PRECONDITION ...) ...) Rules: NIL Warnings: Use, Disable, Theory and Non-rec Time: 8.00 seconds (prove: 7.47, print: 0.37, other: 0.16) T ACL2 !>(defthm-code-seq iterative-correct ; verification of iterative routine (and (equal (r08 (g :eip s) (g :mem s)) 128) ; call of iterative (equal (r32 (+ 1 (g :eip s)) (g :mem s)) *iterative*) (< (+ (g :eip s) 5) *prog-hi*) ; (instr entirely in prog space) (iterative-programp (g :mem s)) (<= *stack-lo* (- (g :esp s) (* 4 6))) ; standard esp invariant EXCEPT: room for 6 words (<= (g :esp s) *stack-hi*) (equal (mod (g :esp s) 4) 0) (<= *stack-lo* (g :ebp s)) ; standard ebp invariant (<= (g :ebp s) *stack-hi*) (equal (mod (g :ebp s) 4) 0) (<= (g :esp s) (g :ebp s)) (<= *data-lo* (g :edi s)) ; standard edi invariant (< (g :edi s) *data-hi*) (equal (mod (g :edi s) 4) 0) (< (+ (g :edi s) 100) *data-hi*) ; can write at edi+100 (< (g :eax s) (expt 2 16)) ; input legal ) (effects (:eax (g :eax s)) ; no register is changed (:ebx (g :ebx s)) (:ecx (g :ecx s)) (:edx (g :edx s)) (:esp (g :esp s)) (:ebp (g :ebp s)) (:edi (g :edi s)) (:esi (g :esi s)) (:eip (+ 5 (g :eip s))) ; except pc is advanced over call ; I prove a very strong condition on memory: the program segment, the active ; stack segment, and all of the data segment except %edi+100 are unchanged. ; The correct answer is found in mem[%edi+100]. (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (xtr (g :esp s) *stack-hi* (g :mem s)) (xtr *data-lo* (+ (g :edi s) 100) (g :mem s)) (xtr (+ (g :edi s) 104) *data-hi* (g :mem s)) (list (list (+ 100 (g :edi s)) (/ (* (g :eax s) (+ (g :eax s) 1)) 2)))))) :intentionalp t ; Both of these clocks work: :k (compose-clks (7 2 iterative-loop-clk 1 7) s) ; :k (compose-clks ( 9 iterative-loop-clk 8 ) s) ) To verify that the seven encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFUN ITERATIVE-CORRECT-CLK (S) (DECLARE (IGNORABLE S)) (C+ 7 (C+ 2 (C+ (ITERATIVE-LOOP-CLK (IY86 (IY86 S 7) 2)) (C+ 1 7))))) Since ITERATIVE-CORRECT-CLK is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-CORRECT-CLK is described by the theorem (AND (INTEGERP (ITERATIVE-CORRECT-CLK S)) (<= 0 (ITERATIVE-CORRECT-CLK S))). We used the :executable-counterpart of NATP and the :type-prescription rules ITERATIVE-LOOP-CLK and NATP-C+. Summary Form: ( DEFUN ITERATIVE-CORRECT-CLK ...) Rules: ((:EXECUTABLE-COUNTERPART NATP) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-CLK) (:TYPE-PRESCRIPTION NATP-C+)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-CORRECT-CLK ACL2 !>>(DEFUN ITERATIVE-CORRECT-PRECONDITION (S) (DECLARE (IGNORABLE S)) (AND (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) *ITERATIVE*) (< (+ (G :EIP S) 5) *PROG-HI*) (ITERATIVE-PROGRAMP (G :MEM S)) (<= *STACK-LO* (- (G :ESP S) (* 4 6))) (<= (G :ESP S) *STACK-HI*) (EQUAL (MOD (G :ESP S) 4) 0) (<= *STACK-LO* (G :EBP S)) (<= (G :EBP S) *STACK-HI*) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= *DATA-LO* (G :EDI S)) (< (G :EDI S) *DATA-HI*) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) *DATA-HI*) (< (G :EAX S) (EXPT 2 16)))) Since ITERATIVE-CORRECT-PRECONDITION is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-CORRECT-PRECONDITION is described by the theorem (OR (EQUAL (ITERATIVE-CORRECT-PRECONDITION S) T) (EQUAL (ITERATIVE-CORRECT-PRECONDITION S) NIL)). Summary Form: ( DEFUN ITERATIVE-CORRECT-PRECONDITION ...) Rules: NIL Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) ITERATIVE-CORRECT-PRECONDITION ACL2 !>>(DEFUN ITERATIVE-CORRECT-EFFECTS (S) (DECLARE (IGNORABLE S)) (EFFECTS (:EAX (G :EAX S)) (:EBX (G :EBX S)) (:ECX (G :ECX S)) (:EDX (G :EDX S)) (:ESP (G :ESP S)) (:EBP (G :EBP S)) (:EDI (G :EDI S)) (:ESI (G :ESI S)) (:EIP (+ 5 (G :EIP S))) (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (XTR (G :ESP S) *STACK-HI* (G :MEM S)) (XTR *DATA-LO* (+ (G :EDI S) 100) (G :MEM S)) (XTR (+ (G :EDI S) 104) *DATA-HI* (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (/ (* (G :EAX S) (+ (G :EAX S) 1)) 2))))))) Since ITERATIVE-CORRECT-EFFECTS is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-CORRECT-EFFECTS is described by the theorem (AND (CONSP (ITERATIVE-CORRECT-EFFECTS S)) (TRUE-LISTP (ITERATIVE-CORRECT-EFFECTS S))). We used primitive type reasoning. Summary Form: ( DEFUN ITERATIVE-CORRECT-EFFECTS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) ITERATIVE-CORRECT-EFFECTS ACL2 !>>(DEFTHM ITERATIVE-CORRECT-INTENTIONALP (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (INTENTIONAL-EFFECTSP (ITERATIVE-CORRECT-EFFECTS S)))) ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-CORRECT-INTENTIONALP ...): A :REWRITE rule generated from ITERATIVE-CORRECT-INTENTIONALP will be triggered only by terms containing the non-recursive function symbols INTENTIONAL-EFFECTSP and ITERATIVE-CORRECT-EFFECTS. Unless these functions are disabled, this rule is unlikely ever to be used. By the simple :definition ITERATIVE-CORRECT-PRECONDITION and the :executable- counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ (G :EIP S) 5) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) -24)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (INTENTIONAL-EFFECTSP (ITERATIVE-CORRECT-EFFECTS S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, ITERATIVE-CORRECT-EFFECTS, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(* 1 x)|, |(* a (/ a))|, |(* x (+ y z))|, |(* x x)|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< x (/ y)) with (< 0 y)|, ASSOC-IS-ASSOC-EQUAL, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type- prescription rules MOD-ZERO, N08P-ALISTP, SUM-ARITH-LEMMA1, XTR and Y86-GUARD, to the following three conjectures. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (+ 104 (G :EDI S)) 105000)) (<= 50000 (+ 104 (G :EDI S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :ESP S) 100000) (< (+ 104 (G :EDI S)) 105000)) (<= 100000 (+ 104 (G :EDI S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :ESP S) 100000)) (<= 50000 (G :ESP S))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. The storage of ITERATIVE-CORRECT-INTENTIONALP depends upon the :type- prescription rule INTENTIONAL-EFFECTSP. Summary Form: ( DEFTHM ITERATIVE-CORRECT-INTENTIONALP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION ITERATIVE-CORRECT-EFFECTS) (:DEFINITION ITERATIVE-CORRECT-PRECONDITION) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR SUM-ARITH-LEMMA2) (:REWRITE |(* 1 x)|) (:REWRITE |(* a (/ a))|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y x)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(< x (/ y)) with (< 0 y)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE CANCEL-MOD-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:TYPE-PRESCRIPTION INTENTIONAL-EFFECTSP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA1) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Non-rec Time: 1.10 seconds (prove: 1.09, print: 0.01, other: 0.00) ITERATIVE-CORRECT-INTENTIONALP ACL2 !>>(DEFTHM ITERATIVE-CORRECT-IY86 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-CORRECT-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (IETC S (ITERATIVE-CORRECT-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-CORRECT-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-CORRECT-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE- COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-CORRECT-IY86 ...): A :REWRITE rule generated from ITERATIVE-CORRECT-IY86 will be triggered only by terms containing the non-recursive function symbol ITERATIVE-CORRECT-CLK. Unless this function is disabled, this rule is unlikely ever to be used. By the simple :definitions ITERATIVE-CORRECT-CLK and ITERATIVE-CORRECT-PRECONDITION and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ (G :EIP S) 5) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) -24)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (~=> (IY86 S (C+ 7 (C+ 2 (C+ (ITERATIVE-LOOP-CLK (IY86 (IY86 S 7) 2)) (C+ 1 7))))) (ITERATIVE-CORRECT-EFFECTS S))). This forcibly simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, ITERATIVE-CORRECT-EFFECTS, MV-NTH, N32+ and SYNP, the :executable- counterparts of <, BINARY-+, BITS-04, EQL, EQUAL, EXPT, NATP, UNARY-- and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y x)|, |(+ c (+ d x))|, |(+ x (if a b c))|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CAR-CONS, CDR-CONS, ITERATIVE-LOOP-IY86 (forced), IY86-C+, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N32+-COMMUTES, N32-MINUS-N, NORMALIZE-FACTORS-GATHER-EXPONENTS and S-DIFF-S and the :type-prescription rules ITERATIVE-LOOP-CLK, NATP-C+ and Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (~=> (IY86 (IY86 (S* (ITERATIVE-LOOP-EFFECTS (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 6) 2)) (IETC (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 6) 2) (ITERATIVE-LOOP-CLK (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 6) 2)))) 1) 7) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, ITERATIVE-LOOP-EFFECTS, IW32-CNT, MV-NTH, N32+, NATP, NOT, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, N32, N32+, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, NORMALIZE-FACTORS-GATHER-EXPONENTS, R08-ITERATIVE, R32-ITERATIVE, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32-ITERATIVE, W32-W32-COMMUTES, XTR-W32 and ZP-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP and Y86-GUARD, to the following two conjectures. Subgoal 2.2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (< 0 (G :EAX S))) (~=> (IY86 (IY86 (S* (LIST '(:EAX 0) (LIST :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (+ -24 (G :ESP S))) (LIST :EBP (+ -8 (G :ESP S))) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (XTR 100000 105000 (G :MEM S))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))) 1) 7) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions DOUBLE-REWRITE, IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, REGVAL, S* and SYNP, the :executable- counterparts of <, =, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CDR, CONS, CONSP, EQL, EQUAL, EXPT, INTEGERP, N01P, N32+, N32-TO-I32, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, ASSOC-IS-ASSOC-EQUAL, ASSOC-XTR, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N01P-HIDE, N08P-ALISTP-G-MEM-IETC, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, N32P-DOUBLETSP-XTR, R08-ITERATIVE, R32-ITERATIVE, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32*-APPEND, W32*-XTR-ITERATIVE, W32*-XTR-W32*-XTR, W32-W32*-COMMUTES, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF and Y86-GUARD-S-MEM and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP, SUM-ARITH-LEMMA1 and Y86-GUARD, to Subgoal 2.2' (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (< 0 (G :EAX S))) (~=> (S :EAX (G :EAX S) (S :EBP (G :EBP S) (S :EBX (G :EBX S) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP (+ 5 (G :EIP S)) (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (G :MEM (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))))))))))))))) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, DOUBLE-REWRITE, GOOD-MEM-LISTP, NATP, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, =, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, N01P, N32-TO-I32, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY--, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward- chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(* a (/ a))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (+ (- c) x) y)|, |(< x (/ y)) with (< 0 y)|, ADDR-EQUAL-X-X, ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, ALL-EQUAL-R32-XTR-W32*-CASE-1, ALL-EQUAL-R32-XTR-W32*-CASE-2, ALL-EQUAL-R32-XTR-W32*-CASE-3, ASSOC-IS-ASSOC-EQUAL, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N01P-HIDE, N08P-ALISTP-G-MEM-IETC, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF, Y86-GUARD-S-MEM, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, SUM-ARITH-LEMMA1, XTR and Y86-GUARD. Subgoal 2.1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (<= (G :EAX S) 0)) (~=> (IY86 (IY86 (S* (LIST '(:EAX 4294967295) '(:EBX 0) '(:EIP 77) (LIST :ESP (+ -24 (G :ESP S))) (LIST :EBP (+ -8 (G :ESP S))) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (XTR 100000 105000 (G :MEM S))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))) 1) 7) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 2.1' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EIP S) 4294967295)) (~=> (IY86 (IY86 (S* (LIST '(:EAX 4294967295) '(:EBX 0) '(:EIP 77) (LIST :ESP (+ -24 (G :ESP S))) (LIST :EBP (+ -8 (G :ESP S))) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (XTR 100000 105000 (G :MEM S))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))) 1) 7) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions DOUBLE-REWRITE, IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, REGVAL, S* and SYNP, the :executable- counterparts of <, =, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CDR, CONS, CONSP, EQL, EQUAL, EXPT, INTEGERP, N01P, N32+, N32-TO-I32, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, ASSOC-IS-ASSOC-EQUAL, ASSOC-XTR, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N01P-HIDE, N08P-ALISTP-G-MEM-IETC, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, N32P-DOUBLETSP-XTR, R08-ITERATIVE, R32-ITERATIVE, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32*-APPEND, W32*-XTR-ITERATIVE, W32*-XTR-W32*-XTR, W32-W32*-COMMUTES, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF and Y86-GUARD-S-MEM and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP and Y86-GUARD, to Subgoal 2.1'' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EIP S) 4294967295)) (~=> (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (G :EBX S) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP (+ 5 (G :EIP S)) (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) 0 (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (G :MEM (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))))))))))))))) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, DOUBLE-REWRITE, GOOD-MEM-LISTP, NATP, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, =, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, N01P, N32-TO-I32, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY--, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward- chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* a (/ a))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (+ (- c) x) y)|, |(< x (/ y)) with (< 0 y)|, ADDR-EQUAL-X-X, ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, ALL-EQUAL-R32-XTR-W32*-CASE-1, ALL-EQUAL-R32-XTR-W32*-CASE-2, ALL-EQUAL-R32-XTR-W32*-CASE-3, ASSOC-IS-ASSOC-EQUAL, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N01P-HIDE, N08P-ALISTP-G-MEM-IETC, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF, Y86-GUARD-S-MEM, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (<= 4294967295 (G :EIP S))) (~=> (IY86 (IY86 (S* (ITERATIVE-LOOP-EFFECTS (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 6) 2)) (IETC (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 6) 2) (ITERATIVE-LOOP-CLK (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 6) 2)))) 1) 7) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. q.e.d. (given two forced hypotheses) Modulo the following two forced goals, that completes the proof of the input Goal. See :DOC forcing-round. [1]Subgoal 2, below, will focus on (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2)), which was forced in Goal' by applying (:REWRITE ITERATIVE-LOOP-IY86) to (IY86 (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2) (ITERATIVE-LOOP-CLK (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). [1]Subgoal 1, below, will focus on (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2)), which was forced in Goal' by applying (:REWRITE ITERATIVE-LOOP-IY86) to (IY86 (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2) (ITERATIVE-LOOP-CLK (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). We now undertake Forcing Round 1. [1]Subgoal 2 (IMPLIES (AND (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S))) (AND (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S))) (AND (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S))) (AND (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S))) (AND (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S))) (AND (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S))) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (AND (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S))) (EQUAL (N01P (G :F-SF S)) T) (AND (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S))) (EQUAL (N01P (G :F-ZF S)) T) (AND (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S))) (EQUAL (N32P (G :EIP S)) T) (AND (INTEGERP (G :EIP S)) (<= 0 (G :EIP S))) (EQUAL (N32P (G :EBP S)) T) (EQUAL (N32P (G :ESP S)) T) (AND (INTEGERP (G :ESP S)) (<= 0 (G :ESP S))) (EQUAL (N32P (G :EDI S)) T) (EQUAL (N32P (G :ESI S)) T) (AND (INTEGERP (G :ESI S)) (<= 0 (G :ESI S))) (EQUAL (N32P (G :EBX S)) T) (AND (INTEGERP (G :EBX S)) (<= 0 (G :EBX S))) (EQUAL (N32P (G :EDX S)) T) (AND (INTEGERP (G :EDX S)) (<= 0 (G :EDX S))) (EQUAL (N32P (G :ECX S)) T) (AND (INTEGERP (G :ECX S)) (<= 0 (G :ECX S))) (EQUAL (N32P (G :EAX S)) T) (AND (INTEGERP (G :EAX S)) (<= 0 (G :EAX S))) S (EQUAL (< (R08 (G :EIP S) (G :MEM S)) 256) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) T) (AND (INTEGERP (R08 (G :EIP S) (G :MEM S))) (< 0 (R08 (G :EIP S) (G :MEM S)))) (EQUAL (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) T) (AND (INTEGERP (R32 (+ 1 (G :EIP S)) (G :MEM S))) (< 0 (R32 (+ 1 (G :EIP S)) (G :MEM S)))) (EQUAL (< (+ 5 (G :EIP S)) 50000) T) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (+ -24 (G :ESP S))) (AND (INTEGERP (+ -24 (G :ESP S))) (< 0 (+ -24 (G :ESP S)))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (AND (INTEGERP (G :EBP S)) (< 0 (G :EBP S))) (<= (G :EBP S) 100000) (EQUAL (EQUAL (MOD (G :EBP S) 4) 0) T) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (AND (INTEGERP (G :EDI S)) (< 0 (G :EDI S))) (EQUAL (< (G :EDI S) 105000) T) (EQUAL (EQUAL (MOD (G :EDI S) 4) 0) T) (EQUAL (MOD (G :EDI S) 4) 0) (EQUAL (< (+ 100 (G :EDI S)) 105000) T) (EQUAL (< (G :EAX S) 65536) T)) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). By case analysis we reduce the conjecture to [1]Subgoal 2' (IMPLIES (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (INTEGERP (G :EIP S)) (<= 0 (G :EIP S)) (EQUAL (N32P (G :EBP S)) T) (EQUAL (N32P (G :ESP S)) T) (INTEGERP (G :ESP S)) (<= 0 (G :ESP S)) (EQUAL (N32P (G :EDI S)) T) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (INTEGERP (G :ECX S)) (<= 0 (G :ECX S)) (EQUAL (N32P (G :EAX S)) T) (INTEGERP (G :EAX S)) (<= 0 (G :EAX S)) S (EQUAL (< (R08 (G :EIP S) (G :MEM S)) 256) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) T) (INTEGERP (R08 (G :EIP S) (G :MEM S))) (< 0 (R08 (G :EIP S) (G :MEM S))) (EQUAL (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) T) (INTEGERP (R32 (+ 1 (G :EIP S)) (G :MEM S))) (< 0 (R32 (+ 1 (G :EIP S)) (G :MEM S))) (EQUAL (< (+ 5 (G :EIP S)) 50000) T) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (+ -24 (G :ESP S))) (INTEGERP (+ -24 (G :ESP S))) (< 0 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (< 0 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (EQUAL (MOD (G :EBP S) 4) 0) T) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< 0 (G :EDI S)) (EQUAL (< (G :EDI S) 105000) T) (EQUAL (EQUAL (MOD (G :EDI S) 4) 0) T) (EQUAL (MOD (G :EDI S) 4) 0) (EQUAL (< (+ 100 (G :EDI S)) 105000) T) (EQUAL (< (G :EAX S) 65536) T)) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). This simplifies, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IW32-CNT, NATP and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-+, EQUAL, EXPT, FLOOR, INTEGERP, N32, NOT and UNARY--, linear arithmetic, primitive type reasoning, the :forward-chaining rules NON-NIL-IF-G-NON-NIL and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(< (if a b c) x)|, DEFAULT-LESS-THAN-1, DEFAULT-PLUS-2, G-DIFF-S, INTEGERP-+-REDUCE-CONSTANT, N32-OPEN, REDUCE-ADDITIVE-CONSTANT-<, REMOVE-STRICT-INEQUALITIES, REMOVE-WEAK-INEQUALITIES, S-DIFF-S and SUFF-N32P and the :type-prescription rules ITERATIVE-PROGRAMP, N08P-ALISTP, N32P-ALISTP and Y86-GUARD, to the following six conjectures. [1]Subgoal 2.6 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (< (G :EIP S) 4294967295)) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ 5 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 2.5 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (<= 4294967295 (G :EIP S))) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ -4294967291 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 2.4 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ 5 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions DOUBLE-REWRITE, IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, =, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N01P, N32, N32+, N32-TO-I32, N32P, NUMR, R08, R32, RA, RB, UNARY-- and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N01P-BOUND, N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N01P-HIDE, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, R08-ITERATIVE, R32-ITERATIVE, REDUCE-ADDITIVE-CONSTANT-<, REMOVE-STRICT-INEQUALITIES, S-DIFF-S, S-SAME-S, SUFF-N32P, W32-ITERATIVE, W32-W32-COMMUTES, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF and Y86-GUARD-S-MEM and the :type- prescription rules ITERATIVE-PROGRAMP, N08P-ALISTP and Y86-GUARD. [1]Subgoal 2.3 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (<= 4294967295 (G :EIP S))) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ -4294967291 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 2.2 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (Y86-GUARD (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 2.1 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (Y86-GUARD (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1 (IMPLIES (AND (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S))) (AND (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S))) (AND (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S))) (AND (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S))) (AND (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S))) (AND (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S))) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (AND (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S))) (EQUAL (N01P (G :F-SF S)) T) (AND (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S))) (EQUAL (N01P (G :F-ZF S)) T) (AND (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S))) (EQUAL (N32P (G :EIP S)) T) (AND (INTEGERP (G :EIP S)) (<= 0 (G :EIP S))) (EQUAL (N32P (G :EBP S)) T) (EQUAL (N32P (G :ESP S)) T) (AND (INTEGERP (G :ESP S)) (<= 0 (G :ESP S))) (EQUAL (N32P (G :EDI S)) T) (EQUAL (N32P (G :ESI S)) T) (AND (INTEGERP (G :ESI S)) (<= 0 (G :ESI S))) (EQUAL (N32P (G :EBX S)) T) (AND (INTEGERP (G :EBX S)) (<= 0 (G :EBX S))) (EQUAL (N32P (G :EDX S)) T) (AND (INTEGERP (G :EDX S)) (<= 0 (G :EDX S))) (EQUAL (N32P (G :ECX S)) T) (AND (INTEGERP (G :ECX S)) (<= 0 (G :ECX S))) (EQUAL (N32P (G :EAX S)) T) (AND (INTEGERP (G :EAX S)) (<= 0 (G :EAX S))) S (EQUAL (< (R08 (G :EIP S) (G :MEM S)) 256) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) T) (AND (INTEGERP (R08 (G :EIP S) (G :MEM S))) (< 0 (R08 (G :EIP S) (G :MEM S)))) (EQUAL (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) T) (AND (INTEGERP (R32 (+ 1 (G :EIP S)) (G :MEM S))) (< 0 (R32 (+ 1 (G :EIP S)) (G :MEM S)))) (EQUAL (< (+ 5 (G :EIP S)) 50000) T) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (+ -24 (G :ESP S))) (AND (INTEGERP (+ -24 (G :ESP S))) (< 0 (+ -24 (G :ESP S)))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (AND (INTEGERP (G :EBP S)) (< 0 (G :EBP S))) (<= (G :EBP S) 100000) (EQUAL (EQUAL (MOD (G :EBP S) 4) 0) T) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (AND (INTEGERP (G :EDI S)) (< 0 (G :EDI S))) (EQUAL (< (G :EDI S) 105000) T) (EQUAL (EQUAL (MOD (G :EDI S) 4) 0) T) (EQUAL (MOD (G :EDI S) 4) 0) (EQUAL (< (+ 100 (G :EDI S)) 105000) T) (EQUAL (< (G :EAX S) 65536) T)) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). By case analysis we reduce the conjecture to [1]Subgoal 1' (IMPLIES (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (INTEGERP (G :EIP S)) (<= 0 (G :EIP S)) (EQUAL (N32P (G :EBP S)) T) (EQUAL (N32P (G :ESP S)) T) (INTEGERP (G :ESP S)) (<= 0 (G :ESP S)) (EQUAL (N32P (G :EDI S)) T) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (INTEGERP (G :ECX S)) (<= 0 (G :ECX S)) (EQUAL (N32P (G :EAX S)) T) (INTEGERP (G :EAX S)) (<= 0 (G :EAX S)) S (EQUAL (< (R08 (G :EIP S) (G :MEM S)) 256) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) T) (INTEGERP (R08 (G :EIP S) (G :MEM S))) (< 0 (R08 (G :EIP S) (G :MEM S))) (EQUAL (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) T) (INTEGERP (R32 (+ 1 (G :EIP S)) (G :MEM S))) (< 0 (R32 (+ 1 (G :EIP S)) (G :MEM S))) (EQUAL (< (+ 5 (G :EIP S)) 50000) T) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (+ -24 (G :ESP S))) (INTEGERP (+ -24 (G :ESP S))) (< 0 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (< 0 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (EQUAL (MOD (G :EBP S) 4) 0) T) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< 0 (G :EDI S)) (EQUAL (< (G :EDI S) 105000) T) (EQUAL (EQUAL (MOD (G :EDI S) 4) 0) T) (EQUAL (MOD (G :EDI S) 4) 0) (EQUAL (< (+ 100 (G :EDI S)) 105000) T) (EQUAL (< (G :EAX S) 65536) T)) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). This simplifies, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-PRECONDITION, IW32-CNT, NATP and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, EQUAL, EXPT, FLOOR, INTEGERP, N32, NOT, UNARY-- and UNARY-/, linear arithmetic, primitive type reasoning, the :forward- chaining rules NON-NIL-IF-G-NON-NIL and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* (if a b c) x)|, |(* 1 x)|, |(* a (/ a) b)|, |(* x (+ y z))|, |(* x (if a b c))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ (if a b c) x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (if a b c) x)|, |(equal (if a b c) x)|, BUBBLE-DOWN-*-MATCH-1, DEFAULT-LESS-THAN-1, DEFAULT-MOD-RATIO, DEFAULT-PLUS-1, DEFAULT-PLUS-2, DEFAULT-TIMES-1, G-DIFF-S, INTEGERP-+-REDUCE-CONSTANT, N32-OPEN, NORMALIZE-FACTORS-GATHER-EXPONENTS, REDUCE-ADDITIVE-CONSTANT-<, REDUCE-RATIONALP-*, REMOVE-STRICT-INEQUALITIES, REMOVE-WEAK-INEQUALITIES, S-DIFF-S and SUFF-N32P and the :type-prescription rules ITERATIVE-PROGRAMP, N08P-ALISTP, N32P-ALISTP and Y86-GUARD, to the following 32 conjectures. [1]Subgoal 1.32 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (< (G :EIP S) 4294967295)) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ 5 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.31 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (<= 4294967295 (G :EIP S))) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ -4294967291 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.30 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ 5 (G :EIP S)))) 6) 2))). This simplifies, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, ITERATIVE-LOOP-PRECONDITION, IW32-CNT, MV-NTH, N32+, NATP, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N32, N32+, NUMR, R08, R32, RA, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N01P-BOUND, N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, NORMALIZE-FACTORS-GATHER-EXPONENTS, R08-ITERATIVE, R32-ITERATIVE, REDUCE-ADDITIVE-CONSTANT-<, REMOVE-STRICT-INEQUALITIES, S-DIFF-S, S-SAME-S, W32-ITERATIVE and W32-W32-COMMUTES and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, ITERATIVE-PROGRAMP, N08P-ALISTP and Y86-GUARD, to the following three conjectures. [1]Subgoal 1.30.3 (IMPLIES (AND (<= 0 (G :ESP S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= 50000 (+ -24 (G :ESP S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.30.2 (IMPLIES (AND (<= 0 (G :ESP S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (< (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterpart of EXPT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2 and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.30.1 (IMPLIES (AND (<= 0 (G :ESP S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= (+ -24 (G :ESP S)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.29 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (<= 4294967295 (G :EIP S))) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ -4294967291 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.28 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (EQUAL (G :EIP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 68)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.27 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (ITERATIVE-PROGRAMP (G :MEM (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.26 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (<= (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.25 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (ACL2-NUMBERP (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.24 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (RATIONALP (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.23 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (<= 50000 (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.22 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (EQUAL (MOD (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4) 0)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.21 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 65536)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.20 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.19 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (NOT (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))))) (< (+ (* 1/2 (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (* 1/2 (EXPT (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.18 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (NOT (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.17 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (+ (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) (* 1/2 (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (* 1/2 (EXPT (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.16 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (< (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2147483648)) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.15 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (NOT (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))))) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.14 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (EQUAL (G :EIP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 68)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.13 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (ITERATIVE-PROGRAMP (G :MEM (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.12 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (<= (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.11 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (ACL2-NUMBERP (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.10 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (RATIONALP (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.9 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (<= 50000 (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.8 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (EQUAL (MOD (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4) 0)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.7 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 65536)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.6 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.5 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (NOT (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))))) (< (+ (* 1/2 (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (* 1/2 (EXPT (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.4 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (NOT (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.3 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (+ (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) (* 1/2 (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (* 1/2 (EXPT (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.2 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2147483648)) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.1 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (NOT (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))))) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-CORRECT-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (IETC S (ITERATIVE-CORRECT-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-CORRECT-IY86 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S))) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (EQUAL (IY86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (IY86 S (ITERATIVE-CORRECT-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-CORRECT-IY86 ...) Rules: ((:COMPOUND-RECOGNIZER N01P-TYPE) (:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION DOUBLE-REWRITE) (:DEFINITION FORCE) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IETC) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION ITERATIVE-CORRECT-CLK) (:DEFINITION ITERATIVE-CORRECT-EFFECTS) (:DEFINITION ITERATIVE-CORRECT-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION IW32-CNT) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION NATP) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION REGVAL) (:DEFINITION S*) (:DEFINITION SYNP) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART =) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART FLOOR) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N01P) (:EXECUTABLE-COUNTERPART N32) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32-TO-I32) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NATP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N01P-BOUND) (:FORWARD-CHAINING N08P-R08) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING NON-NIL-IF-G-NON-NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR SUM-ARITH-LEMMA2) (:REWRITE |(* (if a b c) x)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* a (/ a) b)|) (:REWRITE |(* a (/ a))|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (if a b c))|) (:REWRITE |(* x x)|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ (if a b c) x)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ x (if a b c))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(< (+ (- c) x) y)|) (:REWRITE |(< (if a b c) x)|) (:REWRITE |(< x (/ y)) with (< 0 y)|) (:REWRITE |(equal (if a b c) x)|) (:REWRITE ADDR-EQUAL-X-X) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-OPEN) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ALL-EQUAL-R32-XTR-W32) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-1) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-2) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-3) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE ASSOC-XTR) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE CANCEL-MOD-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-LESS-THAN-1) (:REWRITE DEFAULT-MOD-RATIO) (:REWRITE DEFAULT-PLUS-1) (:REWRITE DEFAULT-PLUS-2) (:REWRITE DEFAULT-TIMES-1) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE INTEGERP-+-REDUCE-CONSTANT) (:REWRITE ITERATIVE-LOOP-IY86) (:REWRITE IY86-C+) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE LOGXOR-X-X) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N01P-HIDE) (:REWRITE N08P-ALISTP-G-MEM-IETC) (:REWRITE N08P-ALISTP-W32) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE N32+-COMMUTES) (:REWRITE N32-MINUS-N) (:REWRITE N32-OPEN) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE R08-ITERATIVE) (:REWRITE R32-ITERATIVE) (:REWRITE R32-W32*-XTR) (:REWRITE R32-W32-MOD-4) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE REDUCE-RATIONALP-*) (:REWRITE REMOVE-STRICT-INEQUALITIES) (:REWRITE REMOVE-WEAK-INEQUALITIES) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-ITERATIVE) (:REWRITE W32*-XTR-W32*-XTR) (:REWRITE W32-ITERATIVE) (:REWRITE W32-W32*-COMMUTES) (:REWRITE W32-W32-COMMUTES) (:REWRITE XTR-W32) (:REWRITE Y86-GUARD-S-EBP) (:REWRITE Y86-GUARD-S-EBX) (:REWRITE Y86-GUARD-S-ECX) (:REWRITE Y86-GUARD-S-EIP) (:REWRITE Y86-GUARD-S-ESP) (:REWRITE Y86-GUARD-S-F-OF) (:REWRITE Y86-GUARD-S-F-SF) (:REWRITE Y86-GUARD-S-F-ZF) (:REWRITE Y86-GUARD-S-MEM) (:REWRITE ZP-OPEN) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE) (:TYPE-PRESCRIPTION INTEGERP-MOD-1) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-CLK) (:TYPE-PRESCRIPTION ITERATIVE-PROGRAMP) (:TYPE-PRESCRIPTION MOD-NONNEGATIVE) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION N08P-R08) (:TYPE-PRESCRIPTION N32P-ALISTP) (:TYPE-PRESCRIPTION NATP-C+) (:TYPE-PRESCRIPTION NATP-R32) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA1) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Disable, Non-rec and Theory Time: 53.97 seconds (prove: 53.64, print: 0.32, other: 0.01) ITERATIVE-CORRECT-IY86 ACL2 !>>(DEFTHM ITERATIVE-CORRECT (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) :HINTS (("Goal" :USE (:INSTANCE ITERATIVE-CORRECT-IY86) :IN-THEORY (E/D (IY86-CONVERSION) (Y86-GUARD ITERATIVE-CORRECT-PRECONDITION ITERATIVE-CORRECT-CLK ITERATIVE-CORRECT-EFFECTS ITERATIVE-CORRECT-IY86 INTENTIONAL-EFFECTSP)))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-CORRECT-PRECONDITION S))) (EQUAL (Y86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (ETC S (ITERATIVE-CORRECT-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> ETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-CORRECT ...): The value of the theory expression '(~=> ETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-CORRECT ...): The value of the theory expression '(~=> ETC) does not include the :EXECUTABLE- COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-CORRECT ...): A :REWRITE rule generated from ITERATIVE-CORRECT will be triggered only by terms containing the non-recursive function symbol ITERATIVE-CORRECT-CLK. Unless this function is disabled, this rule is unlikely ever to be used. [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from ITERATIVE-CORRECT-IY86 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S)))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))). But simplification reduces this to T, using the :rewrite rules ITERATIVE-CORRECT-INTENTIONALP, IY86-CONVERSION and N08P-ALISTP-G-MEM-IY86 and the :type-prescription rules ITERATIVE-CORRECT-PRECONDITION, Y86-GUARD and ~=>. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-CORRECT-PRECONDITION S))) (EQUAL (Y86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (ETC S (ITERATIVE-CORRECT-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-CORRECT ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions ETC and FORCE we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S))) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (EQUAL (Y86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (Y86 S (ITERATIVE-CORRECT-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-CORRECT ...) Rules: ((:DEFINITION ETC) (:DEFINITION FORCE) (:DEFINITION NOT) (:DEFINITION ~=>) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE ITERATIVE-CORRECT-INTENTIONALP) (:REWRITE IY86-CONVERSION) (:REWRITE N08P-ALISTP-G-MEM-IY86) (:TYPE-PRESCRIPTION ITERATIVE-CORRECT-PRECONDITION) (:TYPE-PRESCRIPTION Y86-GUARD) (:TYPE-PRESCRIPTION ~=>)) Warnings: Disable, Non-rec and Theory Time: 0.03 seconds (prove: 0.01, print: 0.00, other: 0.02) ITERATIVE-CORRECT ACL2 !>>(IN-THEORY (DISABLE ITERATIVE-CORRECT-CLK)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4750 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. We export ITERATIVE-CORRECT-EFFECTS, ITERATIVE-CORRECT-PRECONDITION and ITERATIVE-CORRECT-CLK. Summary Form: ( ENCAPSULATE NIL (DEFUN ITERATIVE-CORRECT-CLK ...) ...) Rules: NIL Warnings: Disable, Theory and Non-rec Time: 55.18 seconds (prove: 54.74, print: 0.34, other: 0.10) T ACL2 !>(defthm-code-rec recursive (and ; (y86-guard s) -- implicit (equal (r08 (g :eip s) (g :mem s)) 128) ; call of RECURSIVE (equal (r32 (+ 1 (g :eip s)) (g :mem s)) *recursive*) (< (+ (g :eip s) 5) *prog-hi*) ; (instr entirely in prog space) (recursive-programp (g :mem s)) (<= *stack-lo* (- (g :esp s) ; standard esp invariant EXCEPT: room for (* (+ 1 (g :eax s)) (* 4 7)))) ; 7 words per recursive call (<= (g :esp s) *stack-hi*) (equal (mod (g :esp s) 4) 0) (<= *stack-lo* (g :ebp s)) ; standard ebp invariant (<= (g :ebp s) *stack-hi*) (equal (mod (g :ebp s) 4) 0) (<= (g :esp s) (g :ebp s)) (<= *data-lo* (g :edi s)) ; standard edi invariant (< (g :edi s) *data-hi*) (equal (mod (g :edi s) 4) 0) (< (+ (g :edi s) 100) *data-hi*) ; can write at edi+100 (< (g :eax s) (expt 2 16)) ; input legal ) (effects (:eax (g :eax s)) ; no register is changed (:ebx (g :ebx s)) (:ecx (g :ecx s)) (:edx (g :edx s)) (:esp (g :esp s)) (:ebp (g :ebp s)) (:edi (g :edi s)) (:esi (g :esi s)) (:eip (+ 5 (g :eip s))) ; except pc is advanced over call ; I prove a very strong condition on memory: the program segment, the active ; stack segment, and all of the data segment except %edi+100 are unchanged. ; The correct answer is found in mem[%edi+100]. (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (xtr (g :esp s) *stack-hi* (g :mem s)) (xtr *data-lo* (+ (g :edi s) 100) (g :mem s)) (xtr (+ (g :edi s) 104) *data-hi* (g :mem s)) (list (list (+ 100 (g :edi s)) (/ (* (g :eax s) (+ (g :eax s) 1)) 2)))))) :intentionalp t :rm (g :eax s) :rtest (zp (g :eax s)) :rkb 19 :rkc 13 :rkd 11) To verify that the 19 encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFUN RECURSIVE-PRECONDITION (S) (DECLARE (IGNORABLE S)) (AND (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) *RECURSIVE*) (< (+ (G :EIP S) 5) *PROG-HI*) (RECURSIVE-PROGRAMP (G :MEM S)) (<= *STACK-LO* (- (G :ESP S) (* (+ 1 (G :EAX S)) (* 4 7)))) (<= (G :ESP S) *STACK-HI*) (EQUAL (MOD (G :ESP S) 4) 0) (<= *STACK-LO* (G :EBP S)) (<= (G :EBP S) *STACK-HI*) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= *DATA-LO* (G :EDI S)) (< (G :EDI S) *DATA-HI*) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) *DATA-HI*) (< (G :EAX S) (EXPT 2 16)))) Since RECURSIVE-PRECONDITION is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-PRECONDITION is described by the theorem (OR (EQUAL (RECURSIVE-PRECONDITION S) T) (EQUAL (RECURSIVE-PRECONDITION S) NIL)). Summary Form: ( DEFUN RECURSIVE-PRECONDITION ...) Rules: NIL Time: 0.03 seconds (prove: 0.00, print: 0.00, other: 0.02) RECURSIVE-PRECONDITION ACL2 !>>(DEFUN RECURSIVE-EFFECTS (S) (DECLARE (IGNORABLE S)) (EFFECTS (:EAX (G :EAX S)) (:EBX (G :EBX S)) (:ECX (G :ECX S)) (:EDX (G :EDX S)) (:ESP (G :ESP S)) (:EBP (G :EBP S)) (:EDI (G :EDI S)) (:ESI (G :ESI S)) (:EIP (+ 5 (G :EIP S))) (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (XTR (G :ESP S) *STACK-HI* (G :MEM S)) (XTR *DATA-LO* (+ (G :EDI S) 100) (G :MEM S)) (XTR (+ (G :EDI S) 104) *DATA-HI* (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (/ (* (G :EAX S) (+ (G :EAX S) 1)) 2))))))) Since RECURSIVE-EFFECTS is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-EFFECTS is described by the theorem (AND (CONSP (RECURSIVE-EFFECTS S)) (TRUE-LISTP (RECURSIVE-EFFECTS S))). We used primitive type reasoning. Summary Form: ( DEFUN RECURSIVE-EFFECTS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) RECURSIVE-EFFECTS ACL2 !>>(DEFUN RECURSIVE-M (S) (DECLARE (IGNORABLE S)) (G :EAX S)) Since RECURSIVE-M is non-recursive, its admission is trivial. We could deduce no constraints on the type of RECURSIVE-M. Summary Form: ( DEFUN RECURSIVE-M ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-M ACL2 !>>(DEFUN RECURSIVE-TEST (S) (DECLARE (IGNORABLE S)) (ZP (G :EAX S))) Since RECURSIVE-TEST is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-TEST is described by the theorem (OR (EQUAL (RECURSIVE-TEST S) T) (EQUAL (RECURSIVE-TEST S) NIL)). We used the :compound-recognizer rule ZP-COMPOUND-RECOGNIZER. Summary Form: ( DEFUN RECURSIVE-TEST ...) Rules: ((:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-TEST ACL2 !>>(DEFUN RECURSIVE-KB (S) (DECLARE (IGNORABLE S)) 19) Since RECURSIVE-KB is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-KB is described by the theorem (AND (INTEGERP (RECURSIVE-KB S)) (< 0 (RECURSIVE-KB S))). Summary Form: ( DEFUN RECURSIVE-KB ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-KB ACL2 !>>(DEFUN RECURSIVE-KC (S) (DECLARE (IGNORABLE S)) 13) Since RECURSIVE-KC is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-KC is described by the theorem (AND (INTEGERP (RECURSIVE-KC S)) (< 0 (RECURSIVE-KC S))). Summary Form: ( DEFUN RECURSIVE-KC ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-KC ACL2 !>>(DEFUN RECURSIVE-KD (S) (DECLARE (IGNORABLE S)) 11) Since RECURSIVE-KD is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-KD is described by the theorem (AND (INTEGERP (RECURSIVE-KD S)) (< 0 (RECURSIVE-KD S))). Summary Form: ( DEFUN RECURSIVE-KD ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-KD ACL2 !>>(DEFTHM RECURSIVE-NATP-KB (NATP (RECURSIVE-KB S)) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM RECURSIVE-NATP-KB ...): Our heuristics choose (RECURSIVE-KB S) as the :TYPED-TERM. But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rule RECURSIVE-KB. Q.E.D. The storage of RECURSIVE-NATP-KB depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM RECURSIVE-NATP-KB ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:TYPE-PRESCRIPTION RECURSIVE-KB)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-NATP-KB ACL2 !>>(DEFTHM RECURSIVE-NATP-KC (NATP (RECURSIVE-KC S)) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM RECURSIVE-NATP-KC ...): Our heuristics choose (RECURSIVE-KC S) as the :TYPED-TERM. But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rule RECURSIVE-KC. Q.E.D. The storage of RECURSIVE-NATP-KC depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM RECURSIVE-NATP-KC ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:TYPE-PRESCRIPTION RECURSIVE-KC)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-NATP-KC ACL2 !>>(DEFTHM RECURSIVE-NATP-KD (NATP (RECURSIVE-KD S)) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM RECURSIVE-NATP-KD ...): Our heuristics choose (RECURSIVE-KD S) as the :TYPED-TERM. But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rule RECURSIVE-KD. Q.E.D. The storage of RECURSIVE-NATP-KD depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM RECURSIVE-NATP-KD ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:TYPE-PRESCRIPTION RECURSIVE-KD)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-NATP-KD ACL2 !>>(DEFTHM RECURSIVE-O-P-M (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))) :RULE-CLASSES NIL) By the simple :definitions RECURSIVE-M and RECURSIVE-PRECONDITION and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ (G :EIP S) 5) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) (- (* (+ 1 (G :EAX S)) 28)))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (O-P (G :EAX S))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions O-FINP, O-P and SYNP, the :executable-counterparts of BINARY-* and UNARY--, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* y x)|, |(+ 0 x)|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, |(- (+ x y))|, |(< (- x) c)|, BUBBLE-DOWN-+-MATCH-3, NORMALIZE-ADDENDS and PREFER-POSITIVE-ADDENDS-< and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM RECURSIVE-O-P-M ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION O-FINP) (:DEFINITION O-P) (:DEFINITION RECURSIVE-M) (:DEFINITION RECURSIVE-PRECONDITION) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART UNARY--) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE |(- (+ x y))|) (:REWRITE |(< (- x) c)|) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE PREFER-POSITIVE-ADDENDS-<) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.21 seconds (prove: 0.21, print: 0.00, other: 0.00) RECURSIVE-O-P-M ACL2 !>>(DEFTHM RECURSIVE-BASE-CASE (IMPLIES (AND (RECURSIVE-TEST S) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-KB S)) (RECURSIVE-EFFECTS S))) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES NIL) By the simple :definitions RECURSIVE-KB, RECURSIVE-PRECONDITION and RECURSIVE-TEST and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (ZP (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ (G :EIP S) 5) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) (- (* (+ 1 (G :EAX S)) 28)))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (~=> (IY86 S 19) (RECURSIVE-EFFECTS S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :executable-counterparts of <, BINARY-*, BINARY-+, NOT, UNARY-- and ZP, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Goal'' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ (G :EIP S) 5) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) -28)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000)) (~=> (IY86 S 19) (RECURSIVE-EFFECTS S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, MV-NTH, N32+, RECURSIVE-EFFECTS and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, BITS-04, CONS, EQL, EQUAL, EXPT, UNARY-- and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ c (+ d x))|, |(+ x (if a b c))|, |(+ y (+ x z))|, |(+ y x)|, CAR-CONS, CDR-CONS, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N32+-COMMUTES, N32-MINUS-N and S-DIFF-S and the :type-prescription rule Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ 5 (G :EIP S)) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -28 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EIP S) 4294967295)) (~=> (IY86 (IW32-CNT (S :EIP 112 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 18) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, IW32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, N32+, NATP, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, MV-NTH, N32, N32+, NAT-TO-BOOLEAN, NUMR, OP2-WITH-HIDING, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/, UNHIDE, XOR and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, R08-RECURSIVE, R32-RECURSIVE, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, W32-RECURSIVE and W32-W32-COMMUTES and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, N08P-ALISTP, RECURSIVE-PROGRAMP and Y86-GUARD, to Subgoal 2' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50028 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EIP S) 4294967295)) (~=> (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (G :EBX S) (S :ECX (G :ECX S) (S :EDX (G :EDX S) (S :EIP (+ 5 (G :EIP S)) (S :ESP (G :ESP S) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ 100 (G :EDI S)) 0 (G :MEM S)))))))) (S :F-OF 0 (S :F-SF 0 (S :F-ZF 1 S))))))))))) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NATP, NON-NIL-KEYS, NOT and SYNP, the :executable- counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY--, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* a (/ a))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (+ (- c) x) y)|, |(< x (/ y)) with (< 0 y)|, ADDR-EQUAL-X-X, ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, ASSOC-IS-ASSOC-EQUAL, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-2, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ 5 (G :EIP S)) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -28 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (<= 4294967295 (G :EIP S))) (~=> (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 18) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM RECURSIVE-BASE-CASE ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION IW32-CNT) (:DEFINITION JUMP-P-WITH-UNHIDING) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION NATP) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION RECURSIVE-EFFECTS) (:DEFINITION RECURSIVE-KB) (:DEFINITION RECURSIVE-PRECONDITION) (:DEFINITION RECURSIVE-TEST) (:DEFINITION REGVAL) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART MV-NTH) (:EXECUTABLE-COUNTERPART N32) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NAT-TO-BOOLEAN) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART OP2-WITH-HIDING) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNHIDE) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART XOR) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* a (/ a))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ x (if a b c))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(< (+ (- c) x) y)|) (:REWRITE |(< x (/ y)) with (< 0 y)|) (:REWRITE ADDR-EQUAL-X-X) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-OPEN) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ALL-EQUAL-R32-XTR-W32) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-EQUAL-2) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE CANCEL-MOD-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE LOGXOR-X-X) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N08P-ALISTP-W32) (:REWRITE N32+-COMMUTES) (:REWRITE N32-MINUS-N) (:REWRITE N32-OPEN) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE R08-RECURSIVE) (:REWRITE R32-RECURSIVE) (:REWRITE R32-W32-MOD-4) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32-RECURSIVE) (:REWRITE W32-W32-COMMUTES) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION RECURSIVE-PROGRAMP) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 18.68 seconds (prove: 18.65, print: 0.02, other: 0.00) RECURSIVE-BASE-CASE ACL2 !>>(DEFUN RECURSIVE-WRAPPER (S-PRIME S ARBITRARY-S1) (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (IMPLIES (Y86-GUARD ARBITRARY-S1) (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S))))) Since RECURSIVE-WRAPPER is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-WRAPPER is described by the theorem (OR (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) T) (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) NIL)). We used the :type-prescription rule ~=>. Summary Form: ( DEFUN RECURSIVE-WRAPPER ...) Rules: ((:TYPE-PRESCRIPTION ~=>)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-WRAPPER ACL2 !>>(DEFTHM RECURSIVE-WRAPPER-OPENER (IMPLIES (SYNTAXP (NOT (CONTAINS-A-BAD-FNP S-PRIME))) (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (IMPLIES (Y86-GUARD ARBITRARY-S1) (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)))))) :HINTS (("Goal" :IN-THEORY (DISABLE RECURSIVE-PRECONDITION RECURSIVE-M RECURSIVE-EFFECTS RECURSIVE-KD)))) ACL2 Warning [Non-rec] in ( DEFTHM RECURSIVE-WRAPPER-OPENER ...): A :REWRITE rule generated from RECURSIVE-WRAPPER-OPENER will be triggered only by terms containing the non-recursive function symbol RECURSIVE-WRAPPER. Unless this function is disabled, this rule is unlikely ever to be used. [Note: A hint was supplied for our processing of the goal above. Thanks!] By the :executable-counterpart of SYNP we reduce the conjecture to Goal' (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (OR (NOT (Y86-GUARD ARBITRARY-S1)) (AND (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)) T)))). But simplification reduces this to T, using the :definition RECURSIVE-WRAPPER, primitive type reasoning and the :type-prescription rule ~=>. Q.E.D. Summary Form: ( DEFTHM RECURSIVE-WRAPPER-OPENER ...) Rules: ((:DEFINITION RECURSIVE-WRAPPER) (:EXECUTABLE-COUNTERPART SYNP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:TYPE-PRESCRIPTION ~=>)) Warnings: Non-rec Time: 0.04 seconds (prove: 0.02, print: 0.00, other: 0.01) RECURSIVE-WRAPPER-OPENER ACL2 !>>(IN-THEORY (DISABLE RECURSIVE-WRAPPER)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4777 ACL2 !>>(DEFTHM RECURSIVE-INDUCTION-STEP (IMPLIES (AND (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S ARBITRARY-S1)) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES NIL) By the simple :definitions RECURSIVE-KC, RECURSIVE-PRECONDITION and RECURSIVE-TEST and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (NOT (ZP (G :EAX S))) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ (G :EIP S) 5) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) (- (* (+ 1 (G :EAX S)) 28)))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (RECURSIVE-WRAPPER (IY86 S 13) S ARBITRARY-S1)). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, MV-NTH, N32+, NOT and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, BITS-04, EQL, EQUAL, EXPT, UNARY-- and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ x (if a b c))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, |(- (+ x y))|, |(< (- x) c)|, BUBBLE-DOWN-+-MATCH-3, CAR-CONS, CDR-CONS, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N32+-COMMUTES, N32-MINUS-N, NORMALIZE-ADDENDS, PREFER-POSITIVE-ADDENDS-<, S-DIFF-S and ZP-OPEN and the :type-prescription rule Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ 5 (G :EIP S)) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 28 (* 28 (G :EAX S))) (+ -50000 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (RECURSIVE-WRAPPER (IY86 (IW32-CNT (S :EIP 112 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 12) S ARBITRARY-S1)). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IW32-CNT and SYNP, the :executable- counterparts of <, BINARY-+, EXPT and UNARY--, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, G-DIFF-S, N32-MINUS-N, REDUCE-ADDITIVE-CONSTANT-< and S-DIFF-S and the :type-prescription rule Y86-GUARD, to Subgoal 2' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (RECURSIVE-WRAPPER (IY86 (S :EIP 112 (S :ESP (N32 (+ -4 (G :ESP S))) (S :MEM (W32 (N32 (+ -4 (G :ESP S))) (+ 5 (G :EIP S)) (G :MEM S)) S))) 12) S ARBITRARY-S1)). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, IW32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, N32+, NATP, NOT, OP2-WITH-HIDING, REGVAL, SYNP and XOR, the :executable-counterparts of BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N32, N32+, NOT, NUMR, R08, R32, RA, RB and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ (+ x y) z)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-0, N32+-COMMUTES, N32-OPEN, R08-RECURSIVE, R32-RECURSIVE, S-DIFF-S, S-SAME-S, UNHIDE-NAT-TO-BOOLEAN-HIDE, W32-RECURSIVE and W32-W32-COMMUTES and the :type-prescription rules N08P-ALISTP, RECURSIVE-PROGRAMP and Y86-GUARD, to the following four conjectures. Subgoal 2.4 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (NOT (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 144 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). By the simple :definition = we reduce the conjecture to Subgoal 2.4' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (NOT (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 144 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rule N32-TO-I32-OPEN and the :type- prescription rule Y86-GUARD. Subgoal 2.3 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 144 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). By the simple :definition = we reduce the conjecture to Subgoal 2.3' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 144 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, NOT, O-FINP, O<, OP2-WITH-HIDING, RECURSIVE-EFFECTS, RECURSIVE-KD, RECURSIVE-M, RECURSIVE-PRECONDITION, REGVAL, S*, SYNP and W32*, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CDR, CONS, CONSP, EQL, EQUAL, EXPT, INTEGERP, N32+, N32-TO-I32, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward- chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* -1 x)|, |(* 1 x)|, |(* x (+ y z))|, |(* x (- y))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, |(- (+ x y))|, |(< (- x) c)|, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-MATCH-1, BUBBLE-DOWN-+-MATCH-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, N32-TO-I32-OPEN, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, PREFER-POSITIVE-ADDENDS-<, R08-RECURSIVE, R32-RECURSIVE, RECURSIVE-WRAPPER-OPENER, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SIMPLIFY-SUMS-<, SUFF-N32P, W32*-APPEND, W32-RECURSIVE, W32-W32-COMMUTES and XTR-W32 and the :type-prescription rules MOD-ZERO, N08P-ALISTP, RECURSIVE-PROGRAMP and Y86-GUARD, to the following seven conjectures. Subgoal 2.3.7 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= (+ 28 (* 28 (G :EAX S))) (+ -50000 (G :ESP S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.6 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= (+ -8 (G :ESP S)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.5 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= (+ -28 (G :ESP S)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.4 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= 50000 (+ -8 (G :ESP S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.3 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (< (+ -1 (G :EAX S)) 65536)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.2 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (< (+ 100 (G :EDI S)) 105000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.1 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1)) (~=> (IY86 (S :EAX (+ -1 (G :EAX S)) (S :EBP (+ -8 (G :ESP S)) (S :EBX 4294967295 (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 159 (S :ESI (G :ESI S) (S :ESP (+ -28 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) ARBITRARY-S1)))))))))) 11) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, OP2-WITH-HIDING, REGVAL and SYNP, the :executable- counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, N32+, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (* c x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, ASSOC-IS-ASSOC-EQUAL, ASSOC-XTR, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, BUBBLE-DOWN-+-MATCH-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, N32P-DOUBLETSP-XTR, NORMALIZE-ADDENDS, R08-RECURSIVE, R32-RECURSIVE, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32*-XTR-RECURSIVE, W32*-XTR-W32*-XTR, W32-W32*-COMMUTES and W32-W32-SAME and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, RECURSIVE-PROGRAMP, SUM-ARITH-LEMMA1, SUM-ARITH-LEMMA3 and Y86-GUARD, to the following two conjectures. Subgoal 2.3.1.2 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (< (G :ESP S) 24)) (~=> (IY86 (S :EDX (CADR (LET ((MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (ISA-ST (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1)))))))))))))) (ADDRESS (+ 4294967272 (G :ESP S)))) (LET ((VAL (R32 ADDRESS MEM))) (LIST ISA-ST VAL)))) (S :EIP 181 (CAR (LET ((MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (ISA-ST (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1)))))))))))))) (ADDRESS (+ 4294967272 (G :ESP S)))) (LET ((VAL (R32 ADDRESS MEM))) (LIST ISA-ST VAL)))))) 6) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). By the simple :rewrite rules CAR-CONS and CDR-CONS we reduce the conjecture to Subgoal 2.3.1.2' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (< (G :ESP S) 24)) (~=> (IY86 (S :EDX (R32 (+ 4294967272 (G :ESP S)) (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (S :EIP 181 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1))))))))))))))) 6) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.1.1 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (<= 24 (G :ESP S))) (~=> (IY86 (S :EDX (CADR (LET ((MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (ISA-ST (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1)))))))))))))) (ADDRESS (+ -24 (G :ESP S)))) (LET ((VAL (R32 ADDRESS MEM))) (LIST ISA-ST VAL)))) (S :EIP 181 (CAR (LET ((MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (ISA-ST (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1)))))))))))))) (ADDRESS (+ -24 (G :ESP S)))) (LET ((VAL (R32 ADDRESS MEM))) (LIST ISA-ST VAL)))))) 6) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). By the simple :rewrite rules CAR-CONS and CDR-CONS we reduce the conjecture to Subgoal 2.3.1.1' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (<= 24 (G :ESP S))) (~=> (IY86 (S :EDX (R32 (+ -24 (G :ESP S)) (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (S :EIP 181 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1))))))))))))))) 6) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, MV-NTH, N32+, NATP, REGVAL and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, N32+, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, R08-RECURSIVE, R32-RECURSIVE, R32-W32*-XTR, R32-W32-MOD-4, S-DIFF-S, S-SAME-S, SUFF-N32P and W32*-XTR-RECURSIVE and the :type- prescription rules MOD-ZERO, N08P-ALISTP, RECURSIVE-PROGRAMP and Y86-GUARD, to Subgoal 2.3.1.1'' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (<= 24 (G :ESP S))) (~=> (S :EAX (G :EAX S) (S :EBP (G :EBP S) (S :EBX (G :EBX S) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP (+ 5 (G :EIP S)) (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1))))))))))))) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NATP, NON-NIL-KEYS, NOT and SYNP, the :executable- counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY--, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(* a (/ a))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (+ (- c) x) y)|, |(< x (/ y)) with (< 0 y)|, ADDR-EQUAL-X-X, ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, ALL-EQUAL-R32-XTR-W32*-CASE-1, ALL-EQUAL-R32-XTR-W32*-CASE-2, ALL-EQUAL-R32-XTR-W32*-CASE-3, ASSOC-IS-ASSOC-EQUAL, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, SUM-ARITH-LEMMA1, XTR and Y86-GUARD. Subgoal 2.2 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (NOT (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 133 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). By the simple :definition = we reduce the conjecture to Subgoal 2.2' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (NOT (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 133 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of EQUAL, EXPT and N32-TO-I32, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)| and N32-TO-I32-OPEN and the :type-prescription rule Y86-GUARD. Subgoal 2.1 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (NOT (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 133 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). By the simple :definition = we reduce the conjecture to Subgoal 2.1' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (NOT (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 133 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rule N32-TO-I32-OPEN and the :type- prescription rule Y86-GUARD. Subgoal 1 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ 5 (G :EIP S)) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 28 (* 28 (G :EAX S))) (+ -50000 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (<= 4294967295 (G :EIP S))) (RECURSIVE-WRAPPER (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 12) S ARBITRARY-S1)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM RECURSIVE-INDUCTION-STEP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION =) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION IW32-CNT) (:DEFINITION JUMP-P-WITH-UNHIDING) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION NATP) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION O-FINP) (:DEFINITION O<) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION RECURSIVE-EFFECTS) (:DEFINITION RECURSIVE-KC) (:DEFINITION RECURSIVE-KD) (:DEFINITION RECURSIVE-M) (:DEFINITION RECURSIVE-PRECONDITION) (:DEFINITION RECURSIVE-TEST) (:DEFINITION REGVAL) (:DEFINITION S*) (:DEFINITION SYNP) (:DEFINITION W32*) (:DEFINITION XOR) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32-TO-I32) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR SUM-ARITH-LEMMA2) (:REWRITE |(* -1 x)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* a (/ a))|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (- y))|) (:REWRITE |(* x x)|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (* c x))|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ x (if a b c))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE |(- (+ x y))|) (:REWRITE |(< (+ (- c) x) y)|) (:REWRITE |(< (- x) c)|) (:REWRITE |(< x (/ y)) with (< 0 y)|) (:REWRITE ADDR-EQUAL-X-X) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-OPEN) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ALL-EQUAL-R32-XTR-W32) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-1) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-2) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-3) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE ASSOC-XTR) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE CANCEL-MOD-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE LOGXOR-X-X) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N08P-ALISTP-W32) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE N32+-0) (:REWRITE N32+-COMMUTES) (:REWRITE N32-MINUS-N) (:REWRITE N32-OPEN) (:REWRITE N32-TO-I32-OPEN) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE PREFER-POSITIVE-ADDENDS-<) (:REWRITE R08-RECURSIVE) (:REWRITE R32-RECURSIVE) (:REWRITE R32-W32*-XTR) (:REWRITE R32-W32-MOD-4) (:REWRITE RECURSIVE-WRAPPER-OPENER) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE SUFF-N32P) (:REWRITE UNHIDE-NAT-TO-BOOLEAN-HIDE) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-RECURSIVE) (:REWRITE W32*-XTR-W32*-XTR) (:REWRITE W32-RECURSIVE) (:REWRITE W32-W32*-COMMUTES) (:REWRITE W32-W32-COMMUTES) (:REWRITE W32-W32-SAME) (:REWRITE XTR-W32) (:REWRITE ZP-OPEN) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION RECURSIVE-PROGRAMP) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA1) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA3) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 38.20 seconds (prove: 38.03, print: 0.17, other: 0.00) RECURSIVE-INDUCTION-STEP ACL2 !>>(DEFUN RECURSIVE-CLK (S) (DECLARE (XARGS :MEASURE (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0) :HINTS (("Goal" :USE ((:INSTANCE RECURSIVE-O-P-M) (:INSTANCE RECURSIVE-INDUCTION-STEP (ARBITRARY-S1 (IY86 S (RECURSIVE-KC S))))) :IN-THEORY (E/D (RECURSIVE-WRAPPER) (Y86-GUARD RECURSIVE-PRECONDITION RECURSIVE-M RECURSIVE-TEST RECURSIVE-EFFECTS RECURSIVE-KB RECURSIVE-KC RECURSIVE-KD)))))) (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (IF (RECURSIVE-TEST S) (RECURSIVE-KB S) (C+ (RECURSIVE-KC S) (C+ (RECURSIVE-CLK (IY86 S (RECURSIVE-KC S))) (RECURSIVE-KD S)))) 0)) For the admission of RECURSIVE-CLK we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0). The non-trivial part of the measure conjecture is Goal (AND (O-P (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0)) (IMPLIES (AND (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (NOT (RECURSIVE-TEST S))) (O< (IF (AND (Y86-GUARD (IY86 S (RECURSIVE-KC S))) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S)))) (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) 0) (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0)))). [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypotheses provided by the :USE hint. These hypotheses can be derived from RECURSIVE-O-P-M and RECURSIVE-INDUCTION-STEP via instantiation. We are left with the following subgoal. Goal' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))) (IMPLIES (AND (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S (IY86 S (RECURSIVE-KC S))))) (AND (O-P (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0)) (OR (NOT (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S))) (RECURSIVE-TEST S) (O< (IF (AND (Y86-GUARD (IY86 S (RECURSIVE-KC S))) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S)))) (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) 0) (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0))))). This simplifies, using the :definitions NOT and RECURSIVE-WRAPPER, the :executable-counterparts of NOT and O-P, the :rewrite rule IY86-GUARD-INVARIANT and the :type-prescription rules O-P, O<, RECURSIVE-PRECONDITION, RECURSIVE-TEST and Y86-GUARD, to the following six conjectures. Subgoal 6 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-TEST S) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 5 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-TEST S) (NOT (RECURSIVE-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 4 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S))) (O< (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) (RECURSIVE-M S)) (~=> (IY86 (S* (RECURSIVE-EFFECTS (IY86 S (RECURSIVE-KC S))) (IY86 S (RECURSIVE-KC S))) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 3 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S))) (O< (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) (RECURSIVE-M S)) (~=> (IY86 (S* (RECURSIVE-EFFECTS (IY86 S (RECURSIVE-KC S))) (IY86 S (RECURSIVE-KC S))) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)) (NOT (RECURSIVE-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 2 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S))) (O< (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) (RECURSIVE-M S)) (NOT (Y86-GUARD (IY86 S (RECURSIVE-KC S)))) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 1 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S))) (O< (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) (RECURSIVE-M S)) (NOT (Y86-GUARD (IY86 S (RECURSIVE-KC S)))) (NOT (RECURSIVE-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Q.E.D. That completes the proof of the measure theorem for RECURSIVE-CLK. Thus, we admit this function under the principle of definition. We observe that the type of RECURSIVE-CLK is described by the theorem (AND (INTEGERP (RECURSIVE-CLK S)) (<= 0 (RECURSIVE-CLK S))). We used the :type-prescription rules NATP-C+, RECURSIVE-KB, RECURSIVE-KC, RECURSIVE-KD, RECURSIVE-NATP-KB, RECURSIVE-NATP-KC and RECURSIVE-NATP-KD. Summary Form: ( DEFUN RECURSIVE-CLK ...) Rules: ((:DEFINITION NOT) (:DEFINITION RECURSIVE-WRAPPER) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART O-P) (:REWRITE IY86-GUARD-INVARIANT) (:TYPE-PRESCRIPTION NATP-C+) (:TYPE-PRESCRIPTION O-P) (:TYPE-PRESCRIPTION O<) (:TYPE-PRESCRIPTION RECURSIVE-KB) (:TYPE-PRESCRIPTION RECURSIVE-KC) (:TYPE-PRESCRIPTION RECURSIVE-KD) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KB) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KC) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KD) (:TYPE-PRESCRIPTION RECURSIVE-PRECONDITION) (:TYPE-PRESCRIPTION RECURSIVE-TEST) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.11 seconds (prove: 0.08, print: 0.01, other: 0.02) RECURSIVE-CLK ACL2 !>>(DEFTHM RECURSIVE (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-CLK S)) (RECURSIVE-EFFECTS S))) :HINTS (("Goal" :USE (:FUNCTIONAL-INSTANCE RRULE (RHYP RECURSIVE-PRECONDITION) (RCLK RECURSIVE-CLK) (RBETA RECURSIVE-EFFECTS) (RTEST RECURSIVE-TEST) (RKB RECURSIVE-KB) (RKC RECURSIVE-KC) (RKD RECURSIVE-KD) (RM RECURSIVE-M) (RRULE-S-PRIME-WRAPPER RECURSIVE-WRAPPER)) :IN-THEORY (DISABLE Y86-GUARD NATP RECURSIVE-PRECONDITION RECURSIVE-EFFECTS RECURSIVE-TEST RECURSIVE-KB RECURSIVE-KC RECURSIVE-KD RECURSIVE-M RECURSIVE-WRAPPER)) ("Subgoal 8" :USE (:INSTANCE RECURSIVE-INDUCTION-STEP)) ("Subgoal 7" :USE (:INSTANCE RECURSIVE-BASE-CASE)) ("Subgoal 6" :USE (:INSTANCE RECURSIVE-O-P-M))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (RECURSIVE-PRECONDITION S))) (EQUAL (IY86 S (RECURSIVE-CLK S)) (S* (RECURSIVE-EFFECTS S) (IETC S (RECURSIVE-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM RECURSIVE ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM RECURSIVE ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Use] in ( DEFTHM RECURSIVE ...): It is unusual to :USE an enabled :REWRITE or :DEFINITION rule, so you may want to consider disabling (:REWRITE RRULE). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from RRULE via functional instantiation, provided we can establish the eight constraints generated; the constraints can be simplified using case analysis. We are left with the following eight subgoals. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 8 (IMPLIES (AND (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S ARBITRARY-S1)). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from RECURSIVE-INDUCTION-STEP via instantiation. We are left with the following subgoal. Subgoal 8' (IMPLIES (AND (IMPLIES (AND (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S ARBITRARY-S1)) (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S ARBITRARY-S1)). But we reduce the conjecture to T, by case analysis. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 7 (IMPLIES (AND (RECURSIVE-TEST S) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-KB S)) (RECURSIVE-EFFECTS S))). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from RECURSIVE-BASE-CASE via instantiation. We are left with the following subgoal. Subgoal 7' (IMPLIES (AND (IMPLIES (AND (RECURSIVE-TEST S) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-KB S)) (RECURSIVE-EFFECTS S))) (RECURSIVE-TEST S) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-KB S)) (RECURSIVE-EFFECTS S))). But we reduce the conjecture to T, by case analysis. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 6 (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from RECURSIVE-O-P-M via instantiation. We are left with the following subgoal. Subgoal 6' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))). But we reduce the conjecture to T, by case analysis. Subgoal 5 (NATP (RECURSIVE-KD S)). But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rules RECURSIVE-KD and RECURSIVE-NATP-KD. Subgoal 4 (NATP (RECURSIVE-KC S)). But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rules RECURSIVE-KC and RECURSIVE-NATP-KC. Subgoal 3 (NATP (RECURSIVE-KB S)). But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rules RECURSIVE-KB and RECURSIVE-NATP-KB. Subgoal 2 (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (OR (NOT (Y86-GUARD ARBITRARY-S1)) (AND (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)) T)))). This simplifies, using the :definition SYNP, the :rewrite rule RECURSIVE-WRAPPER-OPENER and the :type-prescription rule ~=>, to the following two conjectures. Subgoal 2.2 (IMPLIES (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (Y86-GUARD ARBITRARY-S1) (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S))) (EQUAL T (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule ~=>. Subgoal 2.1 (IMPLIES (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (Y86-GUARD ARBITRARY-S1) (NOT (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)))) (EQUAL NIL (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)))). But simplification reduces this to T, using primitive type reasoning. Subgoal 1 (EQUAL (RECURSIVE-CLK S) (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (IF (RECURSIVE-TEST S) (RECURSIVE-KB S) (C+ (RECURSIVE-KC S) (C+ (RECURSIVE-CLK (IY86 S (RECURSIVE-KC S))) (RECURSIVE-KD S)))) 0)). But simplification reduces this to T, using the :definition RECURSIVE-CLK. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-CLK S)) (RECURSIVE-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (RECURSIVE-PRECONDITION S))) (EQUAL (IY86 S (RECURSIVE-CLK S)) (S* (RECURSIVE-EFFECTS S) (IETC S (RECURSIVE-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM RECURSIVE ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S))) (~=> (IY86 S (RECURSIVE-CLK S)) (RECURSIVE-EFFECTS S))) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (EQUAL (IY86 S (RECURSIVE-CLK S)) (S* (RECURSIVE-EFFECTS S) (IY86 S (RECURSIVE-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM RECURSIVE ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION FORCE) (:DEFINITION IETC) (:DEFINITION NOT) (:DEFINITION RECURSIVE-CLK) (:DEFINITION SYNP) (:DEFINITION ~=>) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE RECURSIVE-WRAPPER-OPENER) (:TYPE-PRESCRIPTION RECURSIVE-KB) (:TYPE-PRESCRIPTION RECURSIVE-KC) (:TYPE-PRESCRIPTION RECURSIVE-KD) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KB) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KC) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KD) (:TYPE-PRESCRIPTION ~=>)) Warnings: Disable, Use and Theory Time: 0.07 seconds (prove: 0.03, print: 0.02, other: 0.02) RECURSIVE ACL2 !>>(IN-THEORY (DISABLE RECURSIVE-CLK)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4780 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. We export RECURSIVE-CLK, RECURSIVE-WRAPPER, RECURSIVE-KD, RECURSIVE-KC, RECURSIVE-KB, RECURSIVE-TEST, RECURSIVE-M, RECURSIVE-EFFECTS and RECURSIVE-PRECONDITION. Summary Form: ( ENCAPSULATE NIL (DEFUN RECURSIVE-PRECONDITION ...) ...) Rules: NIL Warnings: Disable, Use, Theory and Non-rec Time: 57.41 seconds (prove: 57.02, print: 0.23, other: 0.16) T ACL2 !>:u d 6:x(DEFTHM-CODE-SEQ ITERATIVE-CORRECT (AND # # ...) ...) ACL2 !>:u d 5:x(DEFTHM-CODE-LOOP ITERATIVE-LOOP (AND # # ...) ...) ACL2 !>:u d 4:x(TIME$ (DEFTHM-CODE-SEQ BIG1 # ...)) ACL2 !>:u d 3:x(WITH-OUTPUT :OFF :ALL ...) ACL2 !>:u 2:x(ENCAPSULATE NIL ...) ACL2 !>(with-output :off :all (def-y86-sys :prog-space (0 50000) :stack-space (50000 100000) :data-space (100000 105000) :code ((big1 ; Here is a loop that iterates 1000 times, incrementing mem[8+%esp] each ; iteration, where %esp is 50000. Thus, if x is the initial ; value of mem[50008] then 1000+x is the final value. This proof ; takes about 50 seconds. ; Note: If we change the program, deleting the first irmovl, so that %esp+8 is ; just some arbitrary legal address outside the program segment, the proof ; slows down significantly because we then have to establish, 1000 times, that ; %esp+8 is not in the program segment. ; This code uses ; %eax as a temp ; %ebx to hold the loop counter which goes down from 1000 ; %ecx to hold the constant 1, and ; %edx to hold the constant -1 ; I plan to verify this by symbolic execution around the loop 1000 times, ; executing a total of 7+1000*5 = 5007 instructions. (irmovl 50000 %esp) ;;; %esp <- 50000 (irmovl 1000 %ebx) ;;; %ebx <- 1000 (irmovl 1 %ecx) ;;; %ecx <- 1 (irmovl 0 %edx) (subl %ecx %edx) ;;; %edx <- (%edx - 1) = (0 - 1) = -1 big1-loop (mrmovl 8(%esp) %eax) (addl %ecx %eax) (rmmovl %eax 8(%esp)) ;;; mem[50008] <- 1+mem[50008] (addl %edx %ebx) ;;; %ebx <- %ebx - 1 (jg big1-loop) ;;; jump to big1-loop if %ebx > 0 big1-halt (halt)) ; The next callable procedure takes %eax as input and ; computes the sum of the nats from there down. It leaves ; its answer in mem[%edi+100]. It protects all of the ; registers (except, of course, %eip). (iterative ;;; cost of call: 6 stack words (pushl %ebp) (rrmovl %esp %ebp) (pushl %eax) (pushl %ebx) (pushl %ecx) (pushl %edx) iterative-start (xorl %ebx %ebx) ;;; %ebx <- 0 (irmovl -1 %ecx) ;;; %ecx <- -1 iterative-loop (addl %eax %ebx) ;;; %ebx <- %eax + %ebx (addl %ecx %eax) ;;; %eax <- %eax - 1 (jg iterative-loop) ;;; jump iterative-loop [if n greater than zero] iterative-finish (rmmovl %ebx 100(%edi));;; mem[%edi+100] <- %ebx iterative-exit (mrmovl -16(%ebp) %edx) (mrmovl -12(%ebp) %ecx) (mrmovl -8(%ebp) %ebx) (mrmovl -4(%ebp) %eax) (rrmovl %ebp %esp) (popl %ebp) (ret)) ; The next callable procedure takes %eax as input and computes the sum of the ; nats from there down. It leaves its answer in mem[%edi+100]. It protects ; all of the normal registers. This is very inefficient code, because we ; protect the temp registers on call/ret but don't exploit that. (recursive (pushl %ebp) ;;; Standard entry (rrmovl %esp %ebp) (pushl %eax) (pushl %ebx) (pushl %ecx) (pushl %edx) recursive-body (xorl %ebx %ebx) ;;; %ebx <- 0 (addl %ebx %eax) ;;; %eax <- %eax + 0 (but sets status flags) (jg recursive-pre-step) recursive-base (rmmovl %ebx 100(%edi));;; mem[%edi+100] <- 0 (jmp recursive-exit) recursive-pre-step (pushl %eax) ;;; save our argument because we must smash it to call (irmovl -1 %ebx) (addl %ebx %eax) ;;; %eax <- %eax-1 recursive-call (call recursive) ;;; mem[%edi+100] <- recursive(``%eax-1'') recursive-post-step (popl %eax) ;;; restore our argument, %eax (mrmovl 100(%edi) %ebx);;; get recursive call's result, %ebx (addl %eax %ebx) ;;; add them to form our answer, in %ebx (rmmovl %ebx 100(%edi));;; mem[%edi+100] <- answer recursive-exit (mrmovl -16(%ebp) %edx);;; Standard exit (mrmovl -12(%ebp) %ecx) (mrmovl -8(%ebp) %ebx) (mrmovl -4(%ebp) %eax) (rrmovl %ebp %esp) (popl %ebp) (ret)) (main (irmovl 1000 %eax) (call recursive) main-halt (halt)) ))) T ACL2 !>:pcb :x d 3:x(WITH-OUTPUT :OFF :ALL ...) v (ENCAPSULATE NIL ...) (DEFCONST *CODE* '#) (DEFCONST *PROG-LO* 0) (DEFCONST *PROG-HI* 50000) (DEFCONST *STACK-LO* 50000) (DEFCONST *STACK-HI* 100000) (DEFCONST *DATA-LO* 100000) (DEFCONST *DATA-HI* 105000) (DEFCONST *S0* '#) (DEFMACRO SHOW-MEM NIL ...) (DEFCONST *MAIN-HALT* 215) (DEFCONST *MAIN* 204) (DEFCONST *RECURSIVE-EXIT* 175) (DEFCONST *RECURSIVE-POST-STEP* 159) (DEFCONST *RECURSIVE-CALL* 154) (DEFCONST *RECURSIVE-PRE-STEP* 144) (DEFCONST *RECURSIVE-BASE* 133) (DEFCONST *RECURSIVE-BODY* 124) (DEFCONST *RECURSIVE* 112) (DEFCONST *ITERATIVE-EXIT* 83) (DEFCONST *ITERATIVE-FINISH* 77) (DEFCONST *ITERATIVE-LOOP* 68) (DEFCONST *ITERATIVE-START* 60) (DEFCONST *ITERATIVE* 48) (DEFCONST *BIG1-HALT* 47) (DEFCONST *BIG1-LOOP* 26) (DEFCONST *BIG1* 0) (DEFCONST *BIG1-MEM* '#) L d (DEFUN BIG1-PROGRAMP (MEM) ...) (DEFTHM R08-BIG1 ...) (DEFTHM R32-BIG1 ...) (DEFTHM W32-BIG1 ...) (DEFTHM W32*-XTR-BIG1 ...) (IN-THEORY (DISABLE BIG1-PROGRAMP)) (DEFCONST *ITERATIVE-MEM* '#) L d (DEFUN ITERATIVE-PROGRAMP (MEM) ...) (DEFTHM R08-ITERATIVE ...) (DEFTHM R32-ITERATIVE ...) (DEFTHM W32-ITERATIVE ...) (DEFTHM W32*-XTR-ITERATIVE ...) (IN-THEORY (DISABLE ITERATIVE-PROGRAMP)) (DEFCONST *RECURSIVE-MEM* '#) L d (DEFUN RECURSIVE-PROGRAMP (MEM) ...) (DEFTHM R08-RECURSIVE ...) (DEFTHM R32-RECURSIVE ...) (DEFTHM W32-RECURSIVE ...) (DEFTHM W32*-XTR-RECURSIVE ...) (IN-THEORY (DISABLE RECURSIVE-PROGRAMP)) (DEFCONST *MAIN-MEM* '#) L d (DEFUN MAIN-PROGRAMP (MEM) ...) (DEFTHM R08-MAIN ...) (DEFTHM R32-MAIN ...) (DEFTHM W32-MAIN ...) (DEFTHM W32*-XTR-MAIN ...) (IN-THEORY (DISABLE MAIN-PROGRAMP)) V (DEFUN META-ADDR-EQUAL-HYP (X) ...) V (DEFUN META-ADDR-EQUAL (X) ...) D (DEFTHM META-ADDR-EQUAL-CORRECT ...) (IN-THEORY (DISABLE ADDR-EQUAL)) V (DEFUN META-ADDR-IN-INTERVAL-HYP (X) ...) V (DEFUN META-ADDR-IN-INTERVAL (X) ...) D (DEFTHM META-ADDR-IN-INTERVAL-CORRECT ...) (IN-THEORY (DISABLE ADDR-IN-INTERVAL)) (IN-THEORY (DISABLE META-ADDR-EQUAL-CORRECT META-ADDR-IN-INTERVAL-CORRECT)) (DEFMACRO SET-ADDRESS-EQUALITY-MODE (MODE) ...) ACL2 !>(pe '*s0*) d 3:x(WITH-OUTPUT :OFF :ALL ...) \ > (DEFCONST *S0* '((:CYCLES . 0) (:EAX . 0) (:EBP . 100000) (:EBX . 0) (:ECX . 0) (:EDI . 100000) (:EDX . 0) (:EIP . 204) (:ESI . 0) (:ESP . 100000) (:F-OF . 0) (:F-SF . 0) (:F-ZF . 0) (:MEM (0 . 48) (1 . 132) (2 . 80) (3 . 195) (6 . 48) (7 . 131) (8 . 232) (9 . 3) (12 . 48) (13 . 129) (14 . 1) (18 . 48) (19 . 130) (24 . 97) (25 . 18) (26 . 80) (27 . 4) (28 . 8) (32 . 96) (33 . 16) (34 . 64) (35 . 4) (36 . 8) (40 . 96) (41 . 35) (42 . 118) (43 . 26) (47 . 16) (48 . 160) (49 . 88) (50 . 32) (51 . 69) (52 . 160) (53 . 8) (54 . 160) (55 . 56) (56 . 160) (57 . 24) (58 . 160) (59 . 40) (60 . 99) (61 . 51) (62 . 48) (63 . 129) (64 . 255) (65 . 255) (66 . 255) (67 . 255) (68 . 96) (69 . 3) (70 . 96) (71 . 16) (72 . 118) (73 . 68) (77 . 64) (78 . 55) (79 . 100) (83 . 80) (84 . 37) (85 . 240) (86 . 255) (87 . 255) (88 . 255) (89 . 80) (90 . 21) (91 . 244) (92 . 255) (93 . 255) (94 . 255) (95 . 80) (96 . 53) (97 . 248) (98 . 255) (99 . 255) (100 . 255) (101 . 80) (102 . 5) (103 . 252) (104 . 255) (105 . 255) (106 . 255) (107 . 32) (108 . 84) (109 . 176) (110 . 88) (111 . 144) (112 . 160) (113 . 88) (114 . 32) (115 . 69) (116 . 160) (117 . 8) (118 . 160) (119 . 56) (120 . 160) (121 . 24) (122 . 160) (123 . 40) (124 . 99) (125 . 51) (126 . 96) (127 . 48) (128 . 118) (129 . 144) (133 . 64) (134 . 55) (135 . 100) (139 . 112) (140 . 175) (144 . 160) (145 . 8) (146 . 48) (147 . 131) (148 . 255) (149 . 255) (150 . 255) (151 . 255) (152 . 96) (153 . 48) (154 . 128) (155 . 112) (159 . 176) (160 . 8) (161 . 80) (162 . 55) (163 . 100) (167 . 96) (168 . 3) (169 . 64) (170 . 55) (171 . 100) (175 . 80) (176 . 37) (177 . 240) (178 . 255) (179 . 255) (180 . 255) (181 . 80) (182 . 21) (183 . 244) (184 . 255) (185 . 255) (186 . 255) (187 . 80) (188 . 53) (189 . 248) (190 . 255) (191 . 255) (192 . 255) (193 . 80) (194 . 5) (195 . 252) (196 . 255) (197 . 255) (198 . 255) (199 . 32) (200 . 84) (201 . 176) (202 . 88) (203 . 144) (204 . 48) (205 . 128) (206 . 232) (207 . 3) (210 . 128) (211 . 112) (215 . 16)) (:READ-MISSES . 0) (:READS-DATA . 0) (:READS-INST . 0) (:WRITES-DATA . 0) (:ZTEPS . 0))) ACL2 !>(pe 'y86) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" "/Users/moore/work/hyper/proof_4/y86-asm.lisp" "/Users/moore/work/hyper/proof_4/y86.lisp" ] \ >L d (DEFUN Y86 (ISA-ST N) (DECLARE (XARGS :MEASURE (ACL2-COUNT N))) (IF (ZP N) ISA-ST (LET* ((EIP (G :EIP ISA-ST)) (MEM (G :MEM ISA-ST)) (CURRENT-STEP (G :ZTEPS ISA-ST)) (INSTRUCTION (R08 EIP MEM)) (OPCODE (BITS-04 INSTRUCTION 1))) (IF (EQUAL OPCODE 1) ISA-ST (LET ((ISA-ST (S :ZTEPS (1+ CURRENT-STEP) ISA-ST))) (Y86 (Y86-STEP ISA-ST) (1- N))))))) ACL2 !>(pe 'y86-step) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" "/Users/moore/work/hyper/proof_4/y86-asm.lisp" "/Users/moore/work/hyper/proof_4/y86.lisp" ] \ >L d (DEFUN Y86-STEP (ISA-ST) (LET ((EIP (G :EIP ISA-ST))) (MV-LET (ISA-ST INSTRUCTION) (R08-CNT ISA-ST EIP 'INSTRUCTION-READ) (LET* ((EIP+1 (N32+ EIP 1)) (OPCODE (BITS-04 INSTRUCTION 1)) (FUNCTION (BITS-04 INSTRUCTION 0))) (CASE OPCODE (0 (S :EIP EIP+1 ISA-ST)) (1 ISA-ST) (2 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (NAMEB (NUMR (RB REG))) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S NAMEB VALA ISA-ST))) ISA-ST))) (3 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEB (NUMR (RB REG)))) (MV-LET (ISA-ST IMM) (R32-CNT ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (S NAMEB IMM ISA-ST))) ISA-ST))))) (4 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST DISP) (R32-CNT ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (EA (N32+ VALB DISP)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (W32-CNT ISA-ST EA VALA))) ISA-ST))))) (5 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEA (NUMR (RA REG))) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST DISP) (R32-CNT ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (EA (N32+ VALB DISP))) (MV-LET (ISA-ST MVAL) (R32-CNT ISA-ST EA 'DATA-READ) (LET* ((ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (S NAMEA MVAL ISA-ST))) ISA-ST))))))) (6 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (NAMEB (NUMR (RB REG))) (VALB (REGVAL (RB REG) ISA-ST)) (ISA-ST (S :EIP EIP+2 ISA-ST))) (MV-LET (RESULT ZF SF OF) (OP2 FUNCTION VALA VALB) (LET* ((ISA-ST (S NAMEB RESULT ISA-ST)) (ISA-ST (S :F-ZF ZF ISA-ST)) (ISA-ST (S :F-SF SF ISA-ST)) (ISA-ST (S :F-OF OF ISA-ST))) ISA-ST))))) (7 (IF (JUMP-P FUNCTION ISA-ST) (MV-LET (ISA-ST DEST) (R32-CNT ISA-ST EIP+1 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((ISA-ST (S :EIP DEST ISA-ST)) (ISA-ST (S :CYCLES (+ 3 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST)) (LET* ((EIP+5 (N32+ EIP+1 4)) (ISA-ST (S :EIP EIP+5 ISA-ST))) ISA-ST))) (8 (MV-LET (ISA-ST DEST) (R32-CNT ISA-ST EIP+1 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((ESP (G :ESP ISA-ST)) (EIP+5 (N32+ EIP+1 4)) (ESP-4 (N32+ ESP -4)) (ISA-ST (S :EIP DEST ISA-ST)) (ISA-ST (S :ESP ESP-4 ISA-ST)) (ISA-ST (W32-CNT ISA-ST ESP-4 EIP+5)) (ISA-ST (S :CYCLES (+ 3 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST))) (9 (LET ((ESP (G :ESP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT ISA-ST ESP 'DATA-READ) (LET* ((ESP+ (N32+ ESP 4)) (ISA-ST (S :EIP MVALUE ISA-ST)) (ISA-ST (S :ESP ESP+ ISA-ST)) (ISA-ST (S :CYCLES (+ 2 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST)))) (10 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((ESP (G :ESP ISA-ST)) (EIP+2 (N32+ EIP+1 1)) (ESP-4 (N32+ ESP -4)) (VALA (REGVAL (RA REG) ISA-ST)) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S :ESP ESP-4 ISA-ST)) (ISA-ST (W32-CNT ISA-ST ESP-4 VALA))) ISA-ST))) (11 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((ESP (G :ESP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT ISA-ST ESP 'DATA-READ) (LET* ((ESP+4 (N32+ ESP 4)) (EIP+2 (N32+ EIP+1 1)) (NAMEA (NUMR (RA REG))) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S :ESP ESP+4 ISA-ST)) (ISA-ST (S NAMEA MVALUE ISA-ST))) ISA-ST))))) (12 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEB (NUMR (RB REG))) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST IMM) (R32-CNT ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (IMM+B (N32+ VALB IMM)) (ISA-ST (S NAMEB IMM+B ISA-ST))) ISA-ST))))) (13 (LET* ((ESP (G :EBP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT ISA-ST ESP 'DATA) (LET* ((ESP+4 (N32+ ESP 4)) (ISA-ST (S :EIP EIP+1 ISA-ST)) (ISA-ST (S :ESP ESP+4 ISA-ST)) (ISA-ST (S :EBP MVALUE ISA-ST))) ISA-ST)))) (OTHERWISE ISA-ST)))))) ACL2 !>(quote (end of demo 1)) (END OF DEMO 1) ACL2 !>:pe effects d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ > (DEFMACRO EFFECTS (&REST RST) (DECLARE (XARGS :GUARD (EFFECTS-LISTP RST))) (CONS 'LIST (EFFECTS-FN RST))) ACL2 !>:pe effects-fn d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L (DEFUN EFFECTS-FN (X) (COND ((ENDP X) NIL) (T (CONS (LIST 'LIST (CAAR X) (CADAR X)) (EFFECTS-FN (CDR X)))))) ACL2 !>:pe s* d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L (DEFUN S* (LST S) (IF (ENDP LST) S (IF (EQ (CAR (CAR LST)) :MEM) (S :MEM (W32* (CADR (CAR LST)) (G :MEM S)) (S* (CDR LST) S)) (S (CAR (CAR LST)) (CADR (CAR LST)) (S* (CDR LST) S))))) ACL2 !>(s :a 1 (s :b 2 nil)) ((:A . 1) (:B . 2)) ACL2 !>(s :a 1 (s :b 2 (s :c 3 (s :d 4 nil)))) ((:A . 1) (:B . 2) (:C . 3) (:D . 4)) ACL2 !>(s* '((:b 22) (:d 44)) '((:A . 1) (:B . 2) (:C . 3) (:D . 4))) ((:A . 1) (:B . 22) (:C . 3) (:D . 44)) ACL2 !>:trans1 (s* '((:b 22) (:d 44)) '((:A . 1) (:B . 2) (:C . 3) (:D . 4))) ACL2 Error in TOP-LEVEL: TRANS1 may only be applied to a non-atom form that begins with a symbol with a 'macro-body property. ACL2 !>(pe 'Y86) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" "/Users/moore/work/hyper/proof_4/y86-asm.lisp" "/Users/moore/work/hyper/proof_4/y86.lisp" ] \ >L d (DEFUN Y86 (ISA-ST N) (DECLARE (XARGS :MEASURE (ACL2-COUNT N))) (IF (ZP N) ISA-ST (LET* ((EIP (G :EIP ISA-ST)) (MEM (G :MEM ISA-ST)) (CURRENT-STEP (G :ZTEPS ISA-ST)) (INSTRUCTION (R08 EIP MEM)) (OPCODE (BITS-04 INSTRUCTION 1))) (IF (EQUAL OPCODE 1) ISA-ST (LET ((ISA-ST (S :ZTEPS (1+ CURRENT-STEP) ISA-ST))) (Y86 (Y86-STEP ISA-ST) (1- N))))))) ACL2 !>(pe 'iY86) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L d (DEFUN IY86 (ISA-ST N) (DECLARE (XARGS :MEASURE (ACL2-COUNT N))) (IF (ZP N) ISA-ST (LET* ((EIP (G :EIP ISA-ST)) (MEM (G :MEM ISA-ST)) (INSTRUCTION (R08 EIP MEM)) (OPCODE (BITS-04 INSTRUCTION 1))) (IF (EQUAL OPCODE 1) ISA-ST (IY86 (IY86-STEP ISA-ST) (1- N)))))) ACL2 !>:pe y86-step d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" "/Users/moore/work/hyper/proof_4/y86-asm.lisp" "/Users/moore/work/hyper/proof_4/y86.lisp" ] \ >L d (DEFUN Y86-STEP (ISA-ST) (LET ((EIP (G :EIP ISA-ST))) (MV-LET (ISA-ST INSTRUCTION) (R08-CNT ISA-ST EIP 'INSTRUCTION-READ) (LET* ((EIP+1 (N32+ EIP 1)) (OPCODE (BITS-04 INSTRUCTION 1)) (FUNCTION (BITS-04 INSTRUCTION 0))) (CASE OPCODE (0 (S :EIP EIP+1 ISA-ST)) (1 ISA-ST) (2 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (NAMEB (NUMR (RB REG))) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S NAMEB VALA ISA-ST))) ISA-ST))) (3 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEB (NUMR (RB REG)))) (MV-LET (ISA-ST IMM) (R32-CNT ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (S NAMEB IMM ISA-ST))) ISA-ST))))) (4 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST DISP) (R32-CNT ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (EA (N32+ VALB DISP)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (W32-CNT ISA-ST EA VALA))) ISA-ST))))) (5 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEA (NUMR (RA REG))) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST DISP) (R32-CNT ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (EA (N32+ VALB DISP))) (MV-LET (ISA-ST MVAL) (R32-CNT ISA-ST EA 'DATA-READ) (LET* ((ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (S NAMEA MVAL ISA-ST))) ISA-ST))))))) (6 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (NAMEB (NUMR (RB REG))) (VALB (REGVAL (RB REG) ISA-ST)) (ISA-ST (S :EIP EIP+2 ISA-ST))) (MV-LET (RESULT ZF SF OF) (OP2 FUNCTION VALA VALB) (LET* ((ISA-ST (S NAMEB RESULT ISA-ST)) (ISA-ST (S :F-ZF ZF ISA-ST)) (ISA-ST (S :F-SF SF ISA-ST)) (ISA-ST (S :F-OF OF ISA-ST))) ISA-ST))))) (7 (IF (JUMP-P FUNCTION ISA-ST) (MV-LET (ISA-ST DEST) (R32-CNT ISA-ST EIP+1 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((ISA-ST (S :EIP DEST ISA-ST)) (ISA-ST (S :CYCLES (+ 3 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST)) (LET* ((EIP+5 (N32+ EIP+1 4)) (ISA-ST (S :EIP EIP+5 ISA-ST))) ISA-ST))) (8 (MV-LET (ISA-ST DEST) (R32-CNT ISA-ST EIP+1 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((ESP (G :ESP ISA-ST)) (EIP+5 (N32+ EIP+1 4)) (ESP-4 (N32+ ESP -4)) (ISA-ST (S :EIP DEST ISA-ST)) (ISA-ST (S :ESP ESP-4 ISA-ST)) (ISA-ST (W32-CNT ISA-ST ESP-4 EIP+5)) (ISA-ST (S :CYCLES (+ 3 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST))) (9 (LET ((ESP (G :ESP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT ISA-ST ESP 'DATA-READ) (LET* ((ESP+ (N32+ ESP 4)) (ISA-ST (S :EIP MVALUE ISA-ST)) (ISA-ST (S :ESP ESP+ ISA-ST)) (ISA-ST (S :CYCLES (+ 2 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST)))) (10 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((ESP (G :ESP ISA-ST)) (EIP+2 (N32+ EIP+1 1)) (ESP-4 (N32+ ESP -4)) (VALA (REGVAL (RA REG) ISA-ST)) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S :ESP ESP-4 ISA-ST)) (ISA-ST (W32-CNT ISA-ST ESP-4 VALA))) ISA-ST))) (11 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((ESP (G :ESP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT ISA-ST ESP 'DATA-READ) (LET* ((ESP+4 (N32+ ESP 4)) (EIP+2 (N32+ EIP+1 1)) (NAMEA (NUMR (RA REG))) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S :ESP ESP+4 ISA-ST)) (ISA-ST (S NAMEA MVALUE ISA-ST))) ISA-ST))))) (12 (MV-LET (ISA-ST REG) (R08-CNT ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEB (NUMR (RB REG))) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST IMM) (R32-CNT ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (IMM+B (N32+ VALB IMM)) (ISA-ST (S NAMEB IMM+B ISA-ST))) ISA-ST))))) (13 (LET* ((ESP (G :EBP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT ISA-ST ESP 'DATA) (LET* ((ESP+4 (N32+ ESP 4)) (ISA-ST (S :EIP EIP+1 ISA-ST)) (ISA-ST (S :ESP ESP+4 ISA-ST)) (ISA-ST (S :EBP MVALUE ISA-ST))) ISA-ST)))) (OTHERWISE ISA-ST)))))) ACL2 !>(pe 'r32-cnt) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" "/Users/moore/work/hyper/proof_4/y86-asm.lisp" "/Users/moore/work/hyper/proof_4/y86.lisp" ] \ >L (DEFUN R32-CNT (ISA-ST ADDRESS TYPE) (LET* ((MEM (G :MEM ISA-ST)) (VAL (R32 ADDRESS MEM)) (ISA-ST (CYCLE-COUNT ISA-ST TYPE 4 ADDRESS))) (MV ISA-ST VAL))) ACL2 !>(pe 'cycle-count) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" "/Users/moore/work/hyper/proof_4/y86-asm.lisp" "/Users/moore/work/hyper/proof_4/y86.lisp" ] \ >L (DEFUN CYCLE-COUNT (ISA-ST OPERATION BYTES ADDRESS) (LET* ((CYCLE-CNT (G :CYCLES ISA-ST)) (READS-INST (G :READS-INST ISA-ST)) (READS-DATA (G :READS-DATA ISA-ST)) (CACHE (G :CACHE ISA-ST)) (TAG (LOGAND ADDRESS 4294967040)) (INDEX (ASH (LOGAND ADDRESS 240) -4)) (ENTRY (CDR (ASSOC-EQUAL INDEX CACHE))) (HIT? (AND (NATP ENTRY) (EQUAL ENTRY TAG)))) (CASE OPERATION (INSTRUCTION-READ (LET* ((ISA-ST (S :READS-INST (+ BYTES READS-INST) ISA-ST)) (ISA-ST (S :CYCLES (+ 1 CYCLE-CNT) ISA-ST))) ISA-ST)) (INSTRUCTION-READ-SECOND-BYTE (LET* ((ISA-ST (S :READS-INST (+ BYTES READS-INST) ISA-ST)) (ISA-ST (S :CYCLES (+ 0 CYCLE-CNT) ISA-ST))) ISA-ST)) (INSTRUCTION-READ-32-BIT-WORD (LET* ((ISA-ST (S :READS-INST (+ BYTES READS-INST) ISA-ST)) (ISA-ST (S :CYCLES (+ 0 CYCLE-CNT) ISA-ST))) ISA-ST)) (DATA-READ (LET* ((READ-MISSES (G :READ-MISSES ISA-ST)) (ISA-ST (S :READS-DATA (+ BYTES READS-DATA) ISA-ST)) (ISA-ST (S :CYCLES (+ (IF HIT? 3 10) CYCLE-CNT) ISA-ST)) (ISA-ST (S :READ-MISSES (+ (IF HIT? 0 1) READ-MISSES) ISA-ST))) ISA-ST)) (DATA-WRITE (LET* ((WRITE-CNT (G :WRITES-DATA ISA-ST)) (ISA-ST (S :WRITES-DATA (+ BYTES WRITE-CNT) ISA-ST)) (ISA-ST (S :CYCLES (+ 4 CYCLE-CNT) ISA-ST)) (ISA-ST (S :CACHE (PUT-ORDERED-ALIST INDEX TAG CACHE) ISA-ST))) ISA-ST)) (OTHERWISE ISA-ST)))) ACL2 !>(pe 'ir32-cnt) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L (DEFUN IR32-CNT (ISA-ST ADDRESS TYPE) (DECLARE (IGNORE TYPE)) (LET* ((MEM (G :MEM ISA-ST)) (VAL (R32 ADDRESS MEM))) (MV ISA-ST VAL))) ACL2 !>(pe 'iy86-conversion) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ > D (DEFTHM IY86-CONVERSION (IMPLIES (AND (Y86-GUARD S) (FORCE (INTENTIONAL-EFFECTSP LST)) (FORCE (N08P-ALISTP (G :MEM (IY86 S N))))) (IFF (~=> (Y86 S N) LST) (~=> (IY86 S N) LST))) :HINTS (("Goal" :USE (ISTATE!-Y86 IY86-ISTATE! (:INSTANCE Y86-GUARD-INVARIANT) (:INSTANCE IY86-CONVERSION-LEMMA (S (Y86 S N))) (:INSTANCE IY86-CONVERSION-LEMMA (S (IY86 S N)))) :IN-THEORY (DISABLE IY86 ISTATE! Y86-GUARD-INVARIANT)))) ACL2 !>:pe ISTATE!-Y86 d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ > (DEFTHM ISTATE!-Y86 (EQUAL (ISTATE! (Y86 S N)) (IY86 (ISTATE! S) N)) :HINTS (("Goal" :IN-THEORY (E/D (Y86) (R08 BITS-04 IY86-STEP ISTATE!)))) :RULE-CLASSES NIL) ACL2 !>(quote (end of demo 2)) (END OF DEMO 2) ACL2 !>(time$ (defthm-code-seq big1 (and (equal (g :eip s) *big1*) (big1-programp (g :mem s)) (< (+ 1000 (r32 50008 (g :mem s))) (expt 2 31))) (effects (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (list (list 50008 (+ 1000 (r32 50008 (g :mem s))))))) (:eip *big1-halt*) ) :intentionalp t :k (+ 5 (* 5 1000)) )) To verify that the seven encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFUN BIG1-CLK (S) (DECLARE (IGNORABLE S)) (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 5)))))))))))))))))))))))))) Since BIG1-CLK is non-recursive, its admission is trivial. We observe that the type of BIG1-CLK is described by the theorem (AND (INTEGERP (BIG1-CLK S)) (<= 0 (BIG1-CLK S))). We used the :executable- counterpart of NATP and the :type-prescription rule NATP-C+. Summary Form: ( DEFUN BIG1-CLK ...) Rules: ((:EXECUTABLE-COUNTERPART NATP) (:TYPE-PRESCRIPTION NATP-C+)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) BIG1-CLK ACL2 !>>(DEFUN BIG1-PRECONDITION (S) (DECLARE (IGNORABLE S)) (AND (EQUAL (G :EIP S) *BIG1*) (BIG1-PROGRAMP (G :MEM S)) (< (+ 1000 (R32 50008 (G :MEM S))) (EXPT 2 31)))) Since BIG1-PRECONDITION is non-recursive, its admission is trivial. We observe that the type of BIG1-PRECONDITION is described by the theorem (OR (EQUAL (BIG1-PRECONDITION S) T) (EQUAL (BIG1-PRECONDITION S) NIL)). Summary Form: ( DEFUN BIG1-PRECONDITION ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) BIG1-PRECONDITION ACL2 !>>(DEFUN BIG1-EFFECTS (S) (DECLARE (IGNORABLE S)) (EFFECTS (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (LIST (LIST 50008 (+ 1000 (R32 50008 (G :MEM S))))))) (:EIP *BIG1-HALT*))) Since BIG1-EFFECTS is non-recursive, its admission is trivial. We observe that the type of BIG1-EFFECTS is described by the theorem (AND (CONSP (BIG1-EFFECTS S)) (TRUE-LISTP (BIG1-EFFECTS S))). We used primitive type reasoning. Summary Form: ( DEFUN BIG1-EFFECTS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) BIG1-EFFECTS ACL2 !>>(DEFTHM BIG1-INTENTIONALP (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (INTENTIONAL-EFFECTSP (BIG1-EFFECTS S)))) ACL2 Warning [Non-rec] in ( DEFTHM BIG1-INTENTIONALP ...): A :REWRITE rule generated from BIG1-INTENTIONALP will be triggered only by terms containing the non-recursive function symbols INTENTIONAL-EFFECTSP and BIG1-EFFECTS. Unless these functions are disabled, this rule is unlikely ever to be used. By the simple :definition BIG1-PRECONDITION and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 0) (BIG1-PROGRAMP (G :MEM S)) (< (+ 1000 (R32 50008 (G :MEM S))) 2147483648)) (INTENTIONAL-EFFECTSP (BIG1-EFFECTS S))). But simplification reduces this to T, using the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, BIG1-EFFECTS, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and SYNP, the :executable-counterparts of ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, BINARY-+, EQUAL, EXPT, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, REDUCE-ADDITIVE-CONSTANT-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type- prescription rules MOD-ZERO, N08P-ALISTP, NATP-R32, XTR and Y86-GUARD. Q.E.D. The storage of BIG1-INTENTIONALP depends upon the :type-prescription rule INTENTIONAL-EFFECTSP. Summary Form: ( DEFTHM BIG1-INTENTIONALP ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION BIG1-EFFECTS) (:DEFINITION BIG1-PRECONDITION) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION NON-NIL-KEYS) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:TYPE-PRESCRIPTION INTENTIONAL-EFFECTSP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION NATP-R32) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Non-rec Time: 0.02 seconds (prove: 0.02, print: 0.00, other: 0.00) BIG1-INTENTIONALP ACL2 !>>(DEFTHM BIG1-IY86 (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (IY86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (IETC S (BIG1-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM BIG1-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM BIG1-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM BIG1-IY86 ...): A :REWRITE rule generated from BIG1-IY86 will be triggered only by terms containing the non-recursive function symbol BIG1-CLK. Unless this function is disabled, this rule is unlikely ever to be used. By the simple :definitions BIG1-CLK and BIG1-PRECONDITION and the :executable- counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 0) (BIG1-PROGRAMP (G :MEM S)) (< (+ 1000 (R32 50008 (G :MEM S))) 2147483648)) (~=> (IY86 S (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 (C+ 200 5)))))))))))))))))))))))))) (BIG1-EFFECTS S))). This simplifies, using the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER, the :definitions BIG1-EFFECTS, IR08-CNT, IR32-CNT, IW32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, N32+, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, ADDR-EQUAL, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, MV-NTH, N32+, NAT-TO-BOOLEAN, NATP, NUMR, OP2-WITH-HIDING, R08, R32, RA, RB, UNARY--, UNARY-/, UNHIDE, XOR and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule R32-BOUNDED, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-C+, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N32-MINUS-N, R08-BIG1, R32-BIG1, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32-BIG1 and W32-W32-SAME and the :type- prescription rules BIG1-PROGRAMP, MOD-ZERO, N08P-ALISTP, NATP-C+, NATP-R32 and Y86-GUARD, to Goal'' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 0) (BIG1-PROGRAMP (G :MEM S)) (< (R32 50008 (G :MEM S)) 2147482648)) (~=> (S :EAX (+ 1000 (R32 50008 (G :MEM S))) (S :EBX 0 (S :ECX 1 (S :EDX 4294967295 (S :EIP 47 (S :ESP 50000 (S :MEM (W32 50008 (+ 1000 (R32 50008 (G :MEM S))) (G :MEM S)) (S :F-OF 0 (S :F-SF 0 (S :F-ZF 1 S)))))))))) (CONS (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (LIST (LIST 50008 (+ 1000 (R32 50008 (G :MEM S))))))) '((:EIP 47))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER, the :executable-counterparts of <, ACL2-NUMBERP, ADDR-EQUAL, ASSOC, ASSOC-EQUAL, BINARY-*, EQUAL, EXPT, GOOD-MEM-LISTP, INTEGERP, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, RATIONALP, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, R32-W32-MOD-4, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules MOD-ZERO, N08P-ALISTP, NATP-R32, XTR and Y86-GUARD. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (IY86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (IETC S (BIG1-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM BIG1-IY86 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (BIG1-PRECONDITION S))) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (Y86-GUARD S) (BIG1-PRECONDITION S)) (EQUAL (IY86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (IY86 S (BIG1-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM BIG1-IY86 ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION BIG1-CLK) (:DEFINITION BIG1-EFFECTS) (:DEFINITION BIG1-PRECONDITION) (:DEFINITION FORCE) (:DEFINITION IETC) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION IW32-CNT) (:DEFINITION JUMP-P-WITH-UNHIDING) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION REGVAL) (:DEFINITION SYNP) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ADDR-EQUAL) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART GOOD-MEM-LISTP) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART MV-NTH) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NAT-TO-BOOLEAN) (:EXECUTABLE-COUNTERPART NATP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART OP2-WITH-HIDING) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNHIDE) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART XOR) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR R32-BOUNDED) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-OPEN) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ALL-EQUAL-R32-XTR-W32) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE IY86-C+) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N08P-ALISTP-W32) (:REWRITE N32-MINUS-N) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE R08-BIG1) (:REWRITE R32-BIG1) (:REWRITE R32-W32-MOD-4) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32-BIG1) (:REWRITE W32-W32-SAME) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION BIG1-PROGRAMP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION NATP-C+) (:TYPE-PRESCRIPTION NATP-R32) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Disable, Non-rec and Theory Time: 46.63 seconds (prove: 46.62, print: 0.01, other: 0.01) BIG1-IY86 ACL2 !>>(DEFTHM BIG1 (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) :HINTS (("Goal" :USE (:INSTANCE BIG1-IY86) :IN-THEORY (E/D (IY86-CONVERSION) (Y86-GUARD BIG1-PRECONDITION BIG1-CLK BIG1-EFFECTS BIG1-IY86 INTENTIONAL-EFFECTSP)))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (Y86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (ETC S (BIG1-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> ETC)))))) ACL2 Warning [Theory] in ( DEFTHM BIG1 ...): The value of the theory expression '(~=> ETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM BIG1 ...): The value of the theory expression '(~=> ETC) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM BIG1 ...): A :REWRITE rule generated from BIG1 will be triggered only by terms containing the non-recursive function symbol BIG1-CLK. Unless this function is disabled, this rule is unlikely ever to be used. [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from BIG1-IY86 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S)))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (IY86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))). But simplification reduces this to T, using the :rewrite rules BIG1-INTENTIONALP, IY86-CONVERSION and N08P-ALISTP-G-MEM-IY86 and the :type-prescription rules BIG1-PRECONDITION, Y86-GUARD and ~=>. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (Y86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (ETC S (BIG1-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM BIG1 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions ETC and FORCE we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (BIG1-PRECONDITION S))) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) (Y86-GUARD S) (BIG1-PRECONDITION S)) (EQUAL (Y86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (Y86 S (BIG1-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM BIG1 ...) Rules: ((:DEFINITION ETC) (:DEFINITION FORCE) (:DEFINITION NOT) (:DEFINITION ~=>) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE BIG1-INTENTIONALP) (:REWRITE IY86-CONVERSION) (:REWRITE N08P-ALISTP-G-MEM-IY86) (:TYPE-PRESCRIPTION BIG1-PRECONDITION) (:TYPE-PRESCRIPTION Y86-GUARD) (:TYPE-PRESCRIPTION ~=>)) Warnings: Disable, Non-rec and Theory Time: 0.03 seconds (prove: 0.01, print: 0.00, other: 0.02) BIG1 ACL2 !>>(IN-THEORY (DISABLE BIG1-CLK)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4714 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. We export BIG1-EFFECTS, BIG1-PRECONDITION and BIG1-CLK. Summary Form: ( ENCAPSULATE NIL (DEFUN BIG1-CLK ...) ...) Rules: NIL Warnings: Disable, Theory and Non-rec Time: 46.72 seconds (prove: 46.64, print: 0.02, other: 0.07) ; (EV-REC *RETURN-LAST-ARG3* ...) took ; 49.51 seconds realtime, 46.74 seconds runtime ; (3,190,385,416 bytes allocated). T ACL2 !>:pe big1-effects d 4:x(TIME$ (DEFTHM-CODE-SEQ BIG1 # ...)) \ >L (DEFUN BIG1-EFFECTS (S) (DECLARE (IGNORABLE S)) : (EFFECTS (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (LIST (LIST 50008 (+ 1000 (R32 50008 (G :MEM S))))))) (:EIP *BIG1-HALT*))) ACL2 !>:pe big1 d 4:x(TIME$ (DEFTHM-CODE-SEQ BIG1 # ...)) \ > (DEFTHM BIG1 (IMPLIES (AND (Y86-GUARD S) (BIG1-PRECONDITION S)) (~=> (Y86 S (BIG1-CLK S)) (BIG1-EFFECTS S))) :HINTS (("Goal" :USE (:INSTANCE BIG1-IY86) :IN-THEORY (E/D (IY86-CONVERSION) (Y86-GUARD BIG1-PRECONDITION BIG1-CLK BIG1-EFFECTS BIG1-IY86 INTENTIONAL-EFFECTSP)))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (BIG1-PRECONDITION S))) (EQUAL (Y86 S (BIG1-CLK S)) (S* (BIG1-EFFECTS S) (ETC S (BIG1-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> ETC)))))) ACL2 !>(pe 'hyp) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >v (ENCAPSULATE (((HYP *) => *) ((ALPHA *) => *) ((BETA *) => *) ((TEST *) => *) ((K *) => *) ((M *) => *)) (LOCAL (DEFUN HYP (S) (DECLARE (IGNORE S)) T)) (LOCAL (DEFUN ALPHA (S) (DECLARE (IGNORE S)) NIL)) (LOCAL (DEFUN BETA (S) (DECLARE (IGNORE S)) NIL)) (LOCAL (DEFUN TEST (S) (DECLARE (IGNORE S)) T)) (LOCAL (DEFUN K (S) (DECLARE (IGNORE S)) 1)) (LOCAL (DEFUN M (S) (DECLARE (IGNORE S)) 0)) (LOCAL (IN-THEORY (DISABLE Y86-GUARD))) (DEFTHM NATP-K (NATP (K S)) :RULE-CLASSES :TYPE-PRESCRIPTION) (DEFTHM O-P-M (IMPLIES (AND (Y86-GUARD S) (HYP S)) (O-P (M S))) :RULE-CLASSES NIL) (DEFTHM ONE-PASS-EFFECTS (IMPLIES (AND (Y86-GUARD S) (HYP S)) (~=> (Y86 S (K S)) (ALPHA S))) :RULE-CLASSES NIL) (DEFTHM M-DEC (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (HYP S) (NOT (TEST S))) (O< (M (S* (ALPHA S) ARBITRARY-S1)) (M S))) :RULE-CLASSES NIL) (DEFTHM HYP-INVARIANT (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (HYP S) (NOT (TEST S))) (HYP (S* (ALPHA S) ARBITRARY-S1))) :RULE-CLASSES NIL) (DEFTHM BASE-CASE (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (HYP S) (TEST S)) (EQUAL (S* (ALPHA S) ARBITRARY-S1) (S* (BETA S) (S* (ALPHA S) ARBITRARY-S1)))) :RULE-CLASSES NIL) (DEFTHM INDUCTION-STEP (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (HYP S) (NOT (TEST S))) (EQUAL (S* (BETA (S* (ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (BETA S) ARBITRARY-S2))) :RULE-CLASSES NIL)) ACL2 !>(pe 'clk) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L (DEFUN CLK (S) (DECLARE (XARGS :MEASURE (IF (AND (Y86-GUARD S) (HYP S)) (M S) 0) :HINTS (("Goal" :USE ((:INSTANCE O-P-M) (:INSTANCE HYP-INVARIANT (ARBITRARY-S1 (Y86 S (K S)))) (:INSTANCE M-DEC (ARBITRARY-S1 (Y86 S (K S)))) (:INSTANCE ONE-PASS-EFFECTS)) :IN-THEORY (E/D (~=>) (Y86-GUARD)))))) (IF (AND (Y86-GUARD S) (HYP S)) (IF (TEST S) (K S) (C+ (K S) (CLK (Y86 S (K S))))) 0)) ACL2 !>(pe 'irule) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ > (DEFTHM IRULE (IMPLIES (AND (Y86-GUARD S) (HYP S)) (~=> (Y86 S (CLK S)) (BETA S))) :HINTS (("Goal" :IN-THEORY (E/D (~=>) (Y86-GUARD))) ("Subgoal *1/1''" :USE ((:INSTANCE ONE-PASS-EFFECTS) (:INSTANCE BASE-CASE (ARBITRARY-S1 (Y86 S (K S)))))) ("Subgoal *1/3'''" :USE ((:INSTANCE ONE-PASS-EFFECTS) (:INSTANCE HYP-INVARIANT (ARBITRARY-S1 (Y86 S (K S)))))) ("Subgoal *1/4''" :USE ((:INSTANCE ONE-PASS-EFFECTS) (:INSTANCE INDUCTION-STEP (ARBITRARY-S1 (Y86 S (K S))) (ARBITRARY-S2 (Y86 (Y86 S (K S)) (CLK (Y86 S (K S)))))))))) ACL2 !>(quote (end of demo 4)) (END OF DEMO 4) ACL2 !>(defthm-code-loop iterative-loop ; verification of loop in iterative (and (equal (g :eip s) *iterative-loop*) ; pc at loop (iterative-programp (g :mem s)) (<= *stack-lo* (g :esp s)) ; standard esp invariant (<= (g :esp s) *stack-hi*) (equal (mod (g :esp s) 4) 0) (< (g :eax s) (expt 2 16)) ; input legal (< (+ (/ (* (g :eax s) (+ (g :eax s) 1)) 2) ; sufficient room for final answer (g :ebx s)) (expt 2 31)) (equal (g :ecx s) 4294967295) ; ecx = -1 ) (effects (:eax (if (zp (g :eax s)) 4294967295 0)) (:ebx (+ (/ (* (g :eax s) (+ (g :eax s) 1)) 2) (g :ebx s))) (:eip *iterative-finish*) (:esp (g :esp s)) ; preserve esp, ebp, edi, and esi! (:ebp (g :ebp s)) (:edi (g :edi s)) (:esi (g :esi s)) (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (xtr (g :esp s) *stack-hi* (g :mem s)) (xtr *data-lo* *data-hi* (g :mem s))))) :intentionalp t :m (g :eax s) :test (<= (g :eax s) 1) :k 3 :alpha (effects (:eax (if (zp (g :eax s)) 4294967295 (+ (g :eax s) -1))) (:ebx (+ (g :eax s) (g :ebx s))) (:ecx (g :ecx s)) (:eip (if (or (zp (g :eax s)) (equal (g :eax s) 1)) *iterative-finish* *iterative-loop*)) (:esp (g :esp s)) ; preserve esp, ebp, edi, and esi! (:ebp (g :ebp s)) (:edi (g :edi s)) (:esi (g :esi s)) (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (xtr (g :esp s) *stack-hi* (g :mem s)) (xtr *data-lo* *data-hi* (g :mem s)))))) To verify that the 18 encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFUN ITERATIVE-LOOP-PRECONDITION (S) (DECLARE (IGNORABLE S)) (AND (EQUAL (G :EIP S) *ITERATIVE-LOOP*) (ITERATIVE-PROGRAMP (G :MEM S)) (<= *STACK-LO* (G :ESP S)) (<= (G :ESP S) *STACK-HI*) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) (EXPT 2 16)) (< (+ (/ (* (G :EAX S) (+ (G :EAX S) 1)) 2) (G :EBX S)) (EXPT 2 31)) (EQUAL (G :ECX S) 4294967295))) Since ITERATIVE-LOOP-PRECONDITION is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-PRECONDITION is described by the theorem (OR (EQUAL (ITERATIVE-LOOP-PRECONDITION S) T) (EQUAL (ITERATIVE-LOOP-PRECONDITION S) NIL)). We used primitive type reasoning. Summary Form: ( DEFUN ITERATIVE-LOOP-PRECONDITION ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) ITERATIVE-LOOP-PRECONDITION ACL2 !>>(DEFUN ITERATIVE-LOOP-EFFECTS (S) (DECLARE (IGNORABLE S)) (EFFECTS (:EAX (IF (ZP (G :EAX S)) 4294967295 0)) (:EBX (+ (/ (* (G :EAX S) (+ (G :EAX S) 1)) 2) (G :EBX S))) (:EIP *ITERATIVE-FINISH*) (:ESP (G :ESP S)) (:EBP (G :EBP S)) (:EDI (G :EDI S)) (:ESI (G :ESI S)) (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (XTR (G :ESP S) *STACK-HI* (G :MEM S)) (XTR *DATA-LO* *DATA-HI* (G :MEM S)))))) Since ITERATIVE-LOOP-EFFECTS is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-EFFECTS is described by the theorem (AND (CONSP (ITERATIVE-LOOP-EFFECTS S)) (TRUE-LISTP (ITERATIVE-LOOP-EFFECTS S))). We used primitive type reasoning. Summary Form: ( DEFUN ITERATIVE-LOOP-EFFECTS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-EFFECTS ACL2 !>>(DEFUN ITERATIVE-LOOP-M (S) (DECLARE (IGNORABLE S)) (G :EAX S)) Since ITERATIVE-LOOP-M is non-recursive, its admission is trivial. We could deduce no constraints on the type of ITERATIVE-LOOP-M. Summary Form: ( DEFUN ITERATIVE-LOOP-M ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-M ACL2 !>>(DEFUN ITERATIVE-LOOP-TEST (S) (DECLARE (IGNORABLE S)) (<= (G :EAX S) 1)) Since ITERATIVE-LOOP-TEST is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-TEST is described by the theorem (OR (EQUAL (ITERATIVE-LOOP-TEST S) T) (EQUAL (ITERATIVE-LOOP-TEST S) NIL)). Summary Form: ( DEFUN ITERATIVE-LOOP-TEST ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-TEST ACL2 !>>(DEFUN ITERATIVE-LOOP-K (S) (DECLARE (IGNORABLE S)) 3) Since ITERATIVE-LOOP-K is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-K is described by the theorem (AND (INTEGERP (ITERATIVE-LOOP-K S)) (< 0 (ITERATIVE-LOOP-K S))). Summary Form: ( DEFUN ITERATIVE-LOOP-K ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-K ACL2 !>>(DEFUN ITERATIVE-LOOP-ALPHA (S) (DECLARE (IGNORABLE S)) (EFFECTS (:EAX (IF (ZP (G :EAX S)) 4294967295 (+ (G :EAX S) -1))) (:EBX (+ (G :EAX S) (G :EBX S))) (:ECX (G :ECX S)) (:EIP (IF (OR (ZP (G :EAX S)) (EQUAL (G :EAX S) 1)) *ITERATIVE-FINISH* *ITERATIVE-LOOP*)) (:ESP (G :ESP S)) (:EBP (G :EBP S)) (:EDI (G :EDI S)) (:ESI (G :ESI S)) (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (XTR (G :ESP S) *STACK-HI* (G :MEM S)) (XTR *DATA-LO* *DATA-HI* (G :MEM S)))))) Since ITERATIVE-LOOP-ALPHA is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-LOOP-ALPHA is described by the theorem (AND (CONSP (ITERATIVE-LOOP-ALPHA S)) (TRUE-LISTP (ITERATIVE-LOOP-ALPHA S))). We used the :compound-recognizer rule ZP-COMPOUND-RECOGNIZER and primitive type reasoning. Summary Form: ( DEFUN ITERATIVE-LOOP-ALPHA ...) Rules: ((:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) ITERATIVE-LOOP-ALPHA ACL2 !>>(DEFTHM ITERATIVE-LOOP-NATP-K (NATP (ITERATIVE-LOOP-K S)) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM ITERATIVE-LOOP-NATP-K ...): Our heuristics choose (ITERATIVE-LOOP-K S) as the :TYPED-TERM. But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rule ITERATIVE-LOOP-K. Q.E.D. The storage of ITERATIVE-LOOP-NATP-K depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM ITERATIVE-LOOP-NATP-K ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-K)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-LOOP-NATP-K ACL2 !>>(DEFTHM ITERATIVE-LOOP-O-P-M (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-M and ITERATIVE-LOOP-PRECONDITION, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (O-P (G :EAX S))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions O-FINP, O-P and SYNP, the :executable-counterpart of BINARY-*, the :forward- chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1 and NORMALIZE-FACTORS-GATHER-EXPONENTS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-O-P-M ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ITERATIVE-LOOP-M) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION O-FINP) (:DEFINITION O-P) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART EXPT) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.09 seconds (prove: 0.08, print: 0.00, other: 0.00) ITERATIVE-LOOP-O-P-M ACL2 !>>(DEFTHM-CODE-SEQ ITERATIVE-LOOP-ONE-PASS-EFFECTS (ITERATIVE-LOOP-PRECONDITION S) (ITERATIVE-LOOP-ALPHA S) :INTENTIONALP T :USE-EXISTING-NAMESP T :K (ITERATIVE-LOOP-K S) :RULE-CLASSES NIL) To verify that the four encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (INTENTIONAL-EFFECTSP (ITERATIVE-LOOP-ALPHA S)))) ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP ...): A :REWRITE rule generated from ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP will be triggered only by terms containing the non-recursive function symbols INTENTIONAL-EFFECTSP and ITERATIVE-LOOP-ALPHA. Unless these functions are disabled, this rule is unlikely ever to be used. By the simple :definition ITERATIVE-LOOP-PRECONDITION, the :executable- counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (INTENTIONAL-EFFECTSP (ITERATIVE-LOOP-ALPHA S))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-ALPHA, NOT and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS and ZP-OPEN and the :type-prescription rule Y86-GUARD, to the following three conjectures. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 0)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+, EXPT and NOT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 3' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 1) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (INTENTIONAL-EFFECTSP (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Q.E.D. The storage of ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP depends upon the :type-prescription rule INTENTIONAL-EFFECTSP. Summary Form: ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION INTENTIONAL-EFFECTSP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Non-rec Time: 0.64 seconds (prove: 0.63, print: 0.01, other: 0.00) ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP ACL2 !>>(DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (IETC S (ITERATIVE-LOOP-K S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...): A :REWRITE rule generated from ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 will be triggered only by terms containing the non-recursive function symbol ITERATIVE-LOOP-K. Unless this function is disabled, this rule is unlikely ever to be used. By the simple :definitions ITERATIVE-LOOP-K and ITERATIVE-LOOP-PRECONDITION, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S 3) (ITERATIVE-LOOP-ALPHA S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, ITERATIVE-LOOP-ALPHA, MV-NTH, N32+, NOT, OP2-WITH-HIDING, REGVAL and SYNP, the :executable- counterparts of <, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N32+, NOT, NUMR, R08, RA, RB, UNARY-- and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N32-MINUS-N, NORMALIZE-FACTORS-GATHER-EXPONENTS, R08-ITERATIVE, S-DIFF-S, S-SAME-S and ZP-OPEN and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to the following five conjectures. Subgoal 5 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< (G :EAX S) 1) (<= (G :EAX S) 0)) (~=> (IY86 (S :EAX (CAR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+, EXPT and NOT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 5' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 (S :EAX (CAR (LET ((RESULT 4294967295) (CRB 0) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ 0 (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT 4294967295) (CRB 0) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT 4294967295) (CRB 0) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT 4294967295) (CRB 0) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :rewrite rules CAR-CONS and CDR-CONS we reduce the conjecture to Subgoal 5'' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 (S :EAX 4294967295 (S :EBX (N32 (+ 0 (G :EBX S))) (S :EIP 72 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) 1) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, NOT, SYNP and XOR, the :executable-counterparts of BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N32+, NOT, R08, R32 and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ y x)|, |(equal (if a b c) x)|, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N32-OPEN, R08-ITERATIVE, R32-ITERATIVE, S-DIFF-S, S-SAME-S and UNHIDE-NAT-TO-BOOLEAN-HIDE and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to the following four conjectures. Subgoal 5.4 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= 0 (N32-TO-I32 4294967295)) (NOT (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))))) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 77 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But we reduce the conjecture to T, by the :executable-counterparts of <, =, BINARY-+, IF and N32-TO-I32. Subgoal 5.3 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295) (< (N32-TO-I32 4294967295) 0) (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0)))) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 77 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the :executable-counterparts of <, =, BINARY-+ and N32-TO-I32 we reduce the conjecture to Subgoal 5.3' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 77 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-XTR-SAME, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 5.2 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295) (< (N32-TO-I32 4294967295) 0) (NOT (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))))) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 68 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But we reduce the conjecture to T, by the :executable-counterparts of <, =, BINARY-+, IF and N32-TO-I32. Subgoal 5.1 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= 0 (N32-TO-I32 4294967295)) (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0)))) (~=> (S :EAX 4294967295 (S :EBX (G :EBX S) (S :EIP 68 (S :F-OF (HIDE (IF (= (N32-TO-I32 4294967295) (+ (N32-TO-I32 4294967295) (N32-TO-I32 0))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 4294967295) 0) 1 0)) (S :F-ZF (HIDE (IF (= 4294967295 0) 1 0)) S)))))) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But we reduce the conjecture to T, by the :executable-counterparts of <, =, BINARY-+ and N32-TO-I32. Subgoal 4 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= 1 (G :EAX S)) (<= (G :EAX S) 0)) (~=> (IY86 (S :EAX (CAR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using primitive type reasoning. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= 1 (G :EAX S)) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (~=> (IY86 (S :EAX (CAR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, NOT, SYNP and XOR, the :executable-counterparts of BITS-04, CAR, CONS, EQL, EQUAL, N32+, R08, R32 and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, R08-ITERATIVE, R32-ITERATIVE, REMOVE-WEAK-INEQUALITIES, S-DIFF-S, S-SAME-S and UNHIDE-NAT-TO-BOOLEAN-HIDE and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to the following six conjectures. Subgoal 3.6 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.6' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, EQUAL, EXPT and N32-TO-I32, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rule N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD. Subgoal 3.5 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.5' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rule N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD. Subgoal 3.4 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.4' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (EQUAL RESULT 0) 1 0)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definition SYNP, the :executable-counterparts of <, EQUAL, EXPT and N32-TO-I32, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rules |(equal (if a b c) x)|, N32-OPEN and N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD, to Subgoal 3.4'' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (+ -1 (G :EAX S)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (+ (G :EAX S) (G :EBX S)) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definition SYNP, the :executable-counterpart of BINARY-+, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))| and REDUCE-ADDITIVE-CONSTANT-EQUAL and the :type-prescription rule Y86-GUARD, to Subgoal 3.4''' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (+ (G :EAX S) (G :EBX S)) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-XTR-SAME, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 3.3 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.3' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (EQUAL RESULT 0) 1 0)) 0)) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 68 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rule N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD. Subgoal 3.2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.2' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (EQUAL RESULT 0) 1 0)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rule N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD. Subgoal 3.1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :definition = we reduce the conjecture to Subgoal 3.1' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0) (NOT (EQUAL (LET ((RESULT (+ -1 (G :EAX S)))) (IF (EQUAL RESULT 0) 1 0)) 0))) (~=> (S :EAX (+ -1 (G :EAX S)) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definition SYNP, the :executable-counterparts of <, CONS, EQUAL, EXPT and N32-TO-I32, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule EXPT-X->=-X, the :rewrite rules |(equal (if a b c) x)|, N32-OPEN and N32-TO-I32-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, SUM-ARITH-LEMMA1 and Y86-GUARD, to Subgoal 3.1'' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (EQUAL (+ -1 (G :EAX S)) 0)) (~=> (S :EAX 0 (S :EBX (+ (G :EAX S) (G :EBX S)) (S :EIP 77 (S :F-OF (HIDE (LET ((RESULT (+ -1 (G :EAX S))) (CRB (G :EAX S)) (CRA 4294967295)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ -1 (G :EAX S)))) (IF (= RESULT 0) 1 0))) S)))))) (LIST '(:EAX 0) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< (G :EAX S) 1) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (~=> (IY86 (S :EAX (CAR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ (G :EAX S) (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT 4294967295) (CRB (G :EAX S)) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 1) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1)) (~=> (IY86 (S :EAX (CAR (LET ((RESULT 0) (CRB 1) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :EBX (N32 (+ 1 (G :EBX S))) (S :EIP 72 (S :F-OF (CADDDR (LET ((RESULT 0) (CRB 1) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-SF (CADDR (LET ((RESULT 0) (CRB 1) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) (S :F-ZF (CADR (LET ((RESULT 0) (CRB 1) (CRA 4294967295)) (LIST RESULT (HIDE (IF (= RESULT 0) 1 0)) (HIDE (IF (< (N32-TO-I32 RESULT) 0) 1 0)) (HIDE (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))))) S)))))) 1) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By the simple :rewrite rules CAR-CONS and CDR-CONS we reduce the conjecture to Subgoal 1' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 1) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1)) (~=> (IY86 (S :EAX 0 (S :EBX (N32 (+ 1 (G :EBX S))) (S :EIP 72 (S :F-OF (HIDE (IF (= (N32-TO-I32 0) (+ (N32-TO-I32 4294967295) (N32-TO-I32 1))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 0) 0) 1 0)) (S :F-ZF (HIDE (IF (= 0 0) 1 0)) S)))))) 1) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definition SYNP, the :executable-counterparts of <, BINARY-+, EXPT and UNARY--, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ y x)| and N32-MINUS-N and the :type-prescription rule Y86-GUARD, to the following two conjectures. Subgoal 1.2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ 1 (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1) (< (G :EBX S) 4294967295)) (~=> (IY86 (S :EAX 0 (S :EBX (+ 1 (G :EBX S)) (S :EIP 72 (S :F-OF (HIDE (IF (= (N32-TO-I32 0) (+ (N32-TO-I32 4294967295) (N32-TO-I32 1))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 0) 0) 1 0)) (S :F-ZF (HIDE (IF (= 0 0) 1 0)) S)))))) 1) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions JUMP-P-WITH-UNHIDING, NOT, SYNP and XOR, the :executable-counterparts of BINARY-+, BITS-04, EQL, EQUAL, N32+, NOT and R08, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(equal (if a b c) x)|, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, R08-ITERATIVE, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S and UNHIDE-NAT-TO-BOOLEAN-HIDE and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to Subgoal 1.2' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483647) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1) (< (G :EBX S) 4294967295)) (~=> (S :EAX 0 (S :EBX (+ 1 (G :EBX S)) (S :EIP 77 (S :F-OF (HIDE (IF (= (N32-TO-I32 0) (+ (N32-TO-I32 4294967295) (N32-TO-I32 1))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 0) 0) 1 0)) (S :F-ZF (HIDE (IF (= 0 0) 1 0)) S)))))) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-XTR-SAME, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1.1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ 1 (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1) (<= 4294967295 (G :EBX S))) (~=> (IY86 (S :EAX 0 (S :EBX (+ -4294967295 (G :EBX S)) (S :EIP 72 (S :F-OF (HIDE (IF (= (N32-TO-I32 0) (+ (N32-TO-I32 4294967295) (N32-TO-I32 1))) 0 1)) (S :F-SF (HIDE (IF (< (N32-TO-I32 0) 0) 1 0)) (S :F-ZF (HIDE (IF (= 0 0) 1 0)) S)))))) 1) (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (IETC S (ITERATIVE-LOOP-K S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (EQUAL (IY86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (IY86 S (ITERATIVE-LOOP-K S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION =) (:DEFINITION ASSOC-EQUAL) (:DEFINITION FORCE) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IETC) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-K) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION JUMP-P-WITH-UNHIDING) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION REGVAL) (:DEFINITION SYNP) (:DEFINITION XOR) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART =) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART IF) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32-TO-I32) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR EXPT-X->=-X) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(equal (if a b c) x)|) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N32-MINUS-N) (:REWRITE N32-OPEN) (:REWRITE N32-TO-I32-OPEN) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE R08-ITERATIVE) (:REWRITE R32-ITERATIVE) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE REDUCE-ADDITIVE-CONSTANT-EQUAL) (:REWRITE REMOVE-WEAK-INEQUALITIES) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE UNHIDE-NAT-TO-BOOLEAN-HIDE) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE ZP-OPEN) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE) (:TYPE-PRESCRIPTION ITERATIVE-PROGRAMP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA1) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Disable, Non-rec and Theory Time: 2.65 seconds (prove: 2.48, print: 0.16, other: 0.01) ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 ACL2 !>>(DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) :HINTS (("Goal" :USE (:INSTANCE ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86) :IN-THEORY (E/D (IY86-CONVERSION) (Y86-GUARD ITERATIVE-LOOP-PRECONDITION ITERATIVE-LOOP-K ITERATIVE-LOOP-ALPHA ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 INTENTIONAL-EFFECTSP)))) :RULE-CLASSES NIL) [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from ITERATIVE-LOOP-ONE-PASS-EFFECTS-IY86 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S)))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))). But simplification reduces this to T, using the :rewrite rules ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP, IY86-CONVERSION and N08P-ALISTP-G-MEM-IY86 and the :type-prescription rules ITERATIVE-LOOP-PRECONDITION, Y86-GUARD and ~=>. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS ...) Rules: ((:DEFINITION NOT) (:REWRITE ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP) (:REWRITE IY86-CONVERSION) (:REWRITE N08P-ALISTP-G-MEM-IY86) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-PRECONDITION) (:TYPE-PRESCRIPTION Y86-GUARD) (:TYPE-PRESCRIPTION ~=>)) Time: 0.02 seconds (prove: 0.01, print: 0.00, other: 0.01) ITERATIVE-LOOP-ONE-PASS-EFFECTS ACL2 !>>(IN-THEORY (DISABLE ITERATIVE-LOOP-K)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4734 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. Summary Form: ( ENCAPSULATE NIL (DEFTHM ITERATIVE-LOOP-ONE-PASS-EFFECTS-INTENTIONALP ...) ...) Rules: NIL Warnings: Disable, Theory and Non-rec Time: 3.33 seconds (prove: 3.12, print: 0.18, other: 0.03) T ACL2 !>>(DEFTHM ITERATIVE-LOOP-M-DEC (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) (ITERATIVE-LOOP-M S))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-M, ITERATIVE-LOOP-PRECONDITION and ITERATIVE-LOOP-TEST, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S))) (O< (G :EAX (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) (G :EAX S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-ALPHA, O-FINP, O< and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, DEFAULT-LESS-THAN-1 and NORMALIZE-FACTORS-GATHER-EXPONENTS and the :type-prescription rule Y86-GUARD, to the following three conjectures. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (NOT (CONSP (G :EAX (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :definition S*, the :executable-counterparts of ACL2-NUMBERP, BINARY-*, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules CAR-CONS, CDR-CONS, G-SAME-S, S-DIFF-S, W32*-APPEND and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (ACL2-NUMBERP (G :EAX (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))) (< (G :EAX (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)) (G :EAX S))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :definitions S* and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-+-MATCH-1, CAR-CONS, CDR-CONS, G-SAME-S, NORMALIZE-ADDENDS, S-DIFF-S, SIMPLIFY-SUMS-<, W32*-APPEND and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (NOT (ACL2-NUMBERP (G :EAX (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1))))) (< 0 (G :EAX S))). But simplification reduces this to T, using primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-M-DEC ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-M) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-TEST) (:DEFINITION NOT) (:DEFINITION O-FINP) (:DEFINITION O<) (:DEFINITION S*) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-LESS-THAN-1) (:REWRITE G-SAME-S) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE S-DIFF-S) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-W32*-XTR) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.45 seconds (prove: 0.44, print: 0.01, other: 0.00) ITERATIVE-LOOP-M-DEC ACL2 !>>(DEFTHM ITERATIVE-LOOP-HYP-INVARIANT (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-PRECONDITION and ITERATIVE-LOOP-TEST, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-ALPHA and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1 and NORMALIZE-FACTORS-GATHER-EXPONENTS and the :type-prescription rule Y86-GUARD, to Goal'' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (ITERATIVE-LOOP-PRECONDITION (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-PRECONDITION, S* and SYNP, the :executable- counterparts of ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONSP, EQUAL, EXPT, INTEGERP, N32P, RATIONALP, UNARY-- and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* -1 x)|, |(* x (+ y z))|, |(* x (- y))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (* c x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-BUBBLE-DOWN, BUBBLE-DOWN-+-MATCH-3, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32*-XTR, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, S-DIFF-S, W32*-APPEND, W32*-XTR-ITERATIVE and W32*-XTR-W32*-XTR and the :type-prescription rules ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP and Y86-GUARD, to Goal''' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (< (+ -1 (G :EAX S)) 65536)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-HYP-INVARIANT ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-TEST) (:DEFINITION NOT) (:DEFINITION S*) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* -1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (- y))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (* c x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-BUBBLE-DOWN) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE S-DIFF-S) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-ITERATIVE) (:REWRITE W32*-XTR-W32*-XTR) (:TYPE-PRESCRIPTION ITERATIVE-PROGRAMP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.52 seconds (prove: 0.51, print: 0.01, other: 0.00) ITERATIVE-LOOP-HYP-INVARIANT ACL2 !>>(DEFUN ITERATIVE-LOOP-CLK (S) (DECLARE (XARGS :MEASURE (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0) :HINTS (("Goal" :USE ((:INSTANCE ITERATIVE-LOOP-O-P-M) (:INSTANCE ITERATIVE-LOOP-M-DEC (ARBITRARY-S1 (ETC S (ITERATIVE-LOOP-K S)))) (:INSTANCE ITERATIVE-LOOP-HYP-INVARIANT (ARBITRARY-S1 (ETC S (ITERATIVE-LOOP-K S)))) (:INSTANCE ITERATIVE-LOOP-ONE-PASS-EFFECTS)) :IN-THEORY '(~=> ETC (:EXECUTABLE-COUNTERPART O-P) Y86-GUARD-INVARIANT))))) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (IF (ITERATIVE-LOOP-TEST S) (ITERATIVE-LOOP-K S) (C+ (ITERATIVE-LOOP-K S) (ITERATIVE-LOOP-CLK (Y86 S (ITERATIVE-LOOP-K S))))) 0)) ACL2 Warning [Theory] in ( DEFUN ITERATIVE-LOOP-CLK ...): The value of the theory expression '(~=> ETC (:EXECUTABLE-COUNTERPART O-P) Y86-GUARD-INVARIANT) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFUN ITERATIVE-LOOP-CLK ...): The value of the theory expression '(~=> ETC (:EXECUTABLE-COUNTERPART O-P) Y86-GUARD-INVARIANT) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). For the admission of ITERATIVE-LOOP-CLK we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0). The non-trivial part of the measure conjecture is Goal (AND (O-P (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0)) (IMPLIES (AND (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (NOT (ITERATIVE-LOOP-TEST S))) (O< (IF (AND (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M (Y86 S (ITERATIVE-LOOP-K S))) 0) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0)))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFUN ITERATIVE-LOOP-CLK ...): Forcing has transitioned from enabled to disabled. See :DOC force. We augment the goal with the hypotheses provided by the :USE hint. These hypotheses can be derived from ITERATIVE-LOOP-O-P-M, ITERATIVE-LOOP-M-DEC, ITERATIVE-LOOP-HYP-INVARIANT and ITERATIVE-LOOP-ONE-PASS-EFFECTS via instantiation. We are left with the following subgoal. Goal' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))) (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD (ETC S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (ETC S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S))) (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD (ETC S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (ETC S (ITERATIVE-LOOP-K S))))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S)))) (AND (O-P (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0)) (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (ITERATIVE-LOOP-TEST S) (O< (IF (AND (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M (Y86 S (ITERATIVE-LOOP-K S))) 0) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0))))). By the simple :definition ETC we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))) (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S))) (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S))))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S)))) (AND (O-P (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0)) (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (ITERATIVE-LOOP-TEST S) (O< (IF (AND (Y86-GUARD (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M (Y86 S (ITERATIVE-LOOP-K S))) 0) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (ITERATIVE-LOOP-M S) 0))))). This simplifies, using the :definition ~=>, the :executable-counterpart of O-P and the :rewrite rule Y86-GUARD-INVARIANT, to the following eight conjectures. Subgoal 8 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-TEST S) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 7 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-TEST S) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (ITERATIVE-LOOP-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 6 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-TEST S) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 5 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-TEST S) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (ITERATIVE-LOOP-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 4 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 3 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S)) (NOT (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S))))) (O< 0 (ITERATIVE-LOOP-M S))). But simplification reduces this to T, using primitive type reasoning. Subgoal 2 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S)) (ITERATIVE-LOOP-PRECONDITION (Y86 S (ITERATIVE-LOOP-K S)))) (O< (ITERATIVE-LOOP-M (Y86 S (ITERATIVE-LOOP-K S))) (ITERATIVE-LOOP-M S))). But simplification reduces this to T, using primitive type reasoning. Subgoal 1 (IMPLIES (AND (O-P (ITERATIVE-LOOP-M S)) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (ITERATIVE-LOOP-M S)) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (EQUAL (Y86 S (ITERATIVE-LOOP-K S)) (S* (ITERATIVE-LOOP-ALPHA S) (Y86 S (ITERATIVE-LOOP-K S)))) (NOT (ITERATIVE-LOOP-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Q.E.D. That completes the proof of the measure theorem for ITERATIVE-LOOP-CLK. Thus, we admit this function under the principle of definition. We observe that the type of ITERATIVE-LOOP-CLK is described by the theorem (AND (INTEGERP (ITERATIVE-LOOP-CLK S)) (<= 0 (ITERATIVE-LOOP-CLK S))). We used the :type-prescription rules ITERATIVE-LOOP-K, ITERATIVE-LOOP-NATP-K and NATP-C+. Summary Form: ( DEFUN ITERATIVE-LOOP-CLK ...) Rules: ((:DEFINITION ETC) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART O-P) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE Y86-GUARD-INVARIANT) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-K) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-NATP-K) (:TYPE-PRESCRIPTION NATP-C+)) Warnings: Disable and Theory Time: 0.04 seconds (prove: 0.01, print: 0.02, other: 0.01) ITERATIVE-LOOP-CLK ACL2 !>>(DEFTHM ITERATIVE-LOOP-BASE-CASE (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (ITERATIVE-LOOP-TEST S)) (EQUAL (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1) (S* (ITERATIVE-LOOP-EFFECTS S) (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-PRECONDITION and ITERATIVE-LOOP-TEST, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 1)) (EQUAL (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1) (S* (ITERATIVE-LOOP-EFFECTS S) (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-ALPHA, ITERATIVE-LOOP-EFFECTS, NOT and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS, REMOVE-STRICT-INEQUALITIES and ZP-OPEN and the :type-prescription rule Y86-GUARD, to the following three conjectures. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 1) (<= (G :EAX S) 0)) (EQUAL (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1) (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+ and EXPT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 3' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (EQUAL (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1) (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) (S* (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, NON-NIL-KEYS and S*, the :executable-counterparts of ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, RATIONALP and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-SAME-S, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-XTR, S-DIFF-S, S-S*-COMMUTES, S-SAME-S, UNIQUE-KEYS-XTR, W32*-APPEND, W32*-W32*-SAME and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 1) 2147483648) (EQUAL (G :ECX S) 4294967295) (EQUAL (G :EAX S) 1)) (EQUAL (S* (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1) (S* (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) 1)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) (S* (LIST '(:EAX 0) (LIST :EBX (+ 1 (G :EBX S))) '(:ECX 4294967295) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, NON-NIL-KEYS and S*, the :executable-counterparts of ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P, NON-NIL-KEYS, RATIONALP and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, G-SAME-S, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-XTR, S-DIFF-S, S-S*-COMMUTES, S-SAME-S, UNIQUE-KEYS-XTR, W32*-APPEND, W32*-W32*-SAME and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 1) (< 0 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (EQUAL (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1) (S* (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-BASE-CASE ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-TEST) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION S*) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-SAME-S) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REMOVE-STRICT-INEQUALITIES) (:REWRITE S-DIFF-S) (:REWRITE S-S*-COMMUTES) (:REWRITE S-SAME-S) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32*-APPEND) (:REWRITE W32*-W32*-SAME) (:REWRITE W32*-XTR-W32*-XTR) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.73 seconds (prove: 0.71, print: 0.02, other: 0.00) ITERATIVE-LOOP-BASE-CASE ACL2 !>>(DEFTHM ITERATIVE-LOOP-INDUCTION-STEP (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (ITERATIVE-LOOP-EFFECTS S) ARBITRARY-S2))) :RULE-CLASSES NIL) By the simple :definitions ITERATIVE-LOOP-PRECONDITION and ITERATIVE-LOOP-TEST, the :executable-counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (ITERATIVE-LOOP-EFFECTS S) ARBITRARY-S2))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-ALPHA, ITERATIVE-LOOP-EFFECTS, S* and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONS, CONSP, EQUAL, EXPT, INTEGERP, N32P, NOT and UNARY-/, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CAR-CONS, CDR-CONS, NORMALIZE-FACTORS-GATHER-EXPONENTS, S-DIFF-S, W32*-APPEND and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD, to Goal'' (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (LIST (LIST :EAX (+ -1 (G :EAX S))) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:ECX 4294967295) '(:EIP 68) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S1)) ARBITRARY-S2) (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :EDI (G :EDI S) (S :EIP 77 (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (G :ESP S) 100000 (G :MEM S)) (G :MEM ARBITRARY-S2)))) ARBITRARY-S2)))))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-EFFECTS, NOT, S* and SYNP, the :executable- counterparts of ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P, RATIONALP, UNARY-- and UNARY-/, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* -1 x)|, |(* x (+ y z))|, |(* x (- y))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (* c x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-BUBBLE-DOWN, BUBBLE-DOWN-+-MATCH-3, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32*-XTR, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, S-DIFF-S, W32*-APPEND, W32*-XTR-W32*-XTR, XTR-W32*-XTR-CASE-1, XTR-W32*-XTR-CASE-2, XTR-W32*-XTR-CASE-3 and ZP-OPEN and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (< 0 (+ -1 (G :EAX S)))) (EQUAL (S* (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S2) (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :EDI (G :EDI S) (S :EIP 77 (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (G :ESP S) 100000 (G :MEM S)) (G :MEM ARBITRARY-S2)))) ARBITRARY-S2)))))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :definitions S* and SYNP, the :executable-counterparts of ACL2-NUMBERP, BINARY-*, BINARY-+, CAR, CDR, CONSP, EQUAL, INTEGERP, N32P and UNARY-/, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, CAR-CONS, CDR-CONS, REDUCE-ADDITIVE-CONSTANT-<, REMOVE-STRICT-INEQUALITIES, S-DIFF-S, W32*-APPEND and W32*-XTR-W32*-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 1 (G :EAX S)) (NOT (EQUAL (G :EAX S) 1)) (<= (+ -1 (G :EAX S)) 0)) (EQUAL (S* (LIST '(:EAX 4294967295) (LIST :EBX (+ (G :EAX S) (G :EBX S))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))) ARBITRARY-S2) (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :EDI (G :EDI S) (S :EIP 77 (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (G :ESP S) 100000 (G :MEM S)) (G :MEM ARBITRARY-S2)))) ARBITRARY-S2)))))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-INDUCTION-STEP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ITERATIVE-LOOP-ALPHA) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-TEST) (:DEFINITION NOT) (:DEFINITION S*) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* -1 x)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (- y))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (* c x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-BUBBLE-DOWN) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE REMOVE-STRICT-INEQUALITIES) (:REWRITE S-DIFF-S) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-W32*-XTR) (:REWRITE XTR-W32*-XTR-CASE-1) (:REWRITE XTR-W32*-XTR-CASE-2) (:REWRITE XTR-W32*-XTR-CASE-3) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.66 seconds (prove: 0.64, print: 0.02, other: 0.00) ITERATIVE-LOOP-INDUCTION-STEP ACL2 !>>(DEFTHM ITERATIVE-LOOP (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) :HINTS (("Goal" :USE (:FUNCTIONAL-INSTANCE IRULE (HYP ITERATIVE-LOOP-PRECONDITION) (CLK ITERATIVE-LOOP-CLK) (ALPHA ITERATIVE-LOOP-ALPHA) (BETA ITERATIVE-LOOP-EFFECTS) (TEST ITERATIVE-LOOP-TEST) (K ITERATIVE-LOOP-K) (M ITERATIVE-LOOP-M)) :IN-THEORY (DISABLE Y86-GUARD NATP ITERATIVE-LOOP-PRECONDITION ITERATIVE-LOOP-CLK ITERATIVE-LOOP-ALPHA ITERATIVE-LOOP-EFFECTS ITERATIVE-LOOP-TEST ITERATIVE-LOOP-K ITERATIVE-LOOP-M)) ("Subgoal 8" :BY ITERATIVE-LOOP-INDUCTION-STEP) ("Subgoal 7" :BY ITERATIVE-LOOP-BASE-CASE) ("Subgoal 6" :BY ITERATIVE-LOOP-HYP-INVARIANT) ("Subgoal 5" :BY ITERATIVE-LOOP-M-DEC) ("Subgoal 4" :BY ITERATIVE-LOOP-ONE-PASS-EFFECTS) ("Subgoal 3" :BY ITERATIVE-LOOP-O-P-M) ("Subgoal 2" :BY ITERATIVE-LOOP-NATP-K) ("Subgoal 1" :BY ITERATIVE-LOOP-CLK)) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (Y86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (ETC S (ITERATIVE-LOOP-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> ETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP ...): The value of the theory expression '(~=> ETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP ...): The value of the theory expression '(~=> ETC) does not include the :EXECUTABLE- COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Use] in ( DEFTHM ITERATIVE-LOOP ...): It is unusual to :USE an enabled :REWRITE or :DEFINITION rule, so you may want to consider disabling (:REWRITE IRULE). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from IRULE via functional instantiation, provided we can establish the eight constraints generated; the constraints can be simplified using case analysis. We are left with the following eight subgoals. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 8 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (ITERATIVE-LOOP-EFFECTS S) ARBITRARY-S2))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (Y86-GUARD ARBITRARY-S2) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (EQUAL (S* (ITERATIVE-LOOP-EFFECTS (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) ARBITRARY-S2) (S* (ITERATIVE-LOOP-EFFECTS S) ARBITRARY-S2))), which can be obtained from ITERATIVE-LOOP-INDUCTION-STEP. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 7 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (ITERATIVE-LOOP-TEST S)) (EQUAL (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1) (S* (ITERATIVE-LOOP-EFFECTS S) (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (ITERATIVE-LOOP-TEST S)) (EQUAL (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1) (S* (ITERATIVE-LOOP-EFFECTS S) (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)))), which can be obtained from ITERATIVE-LOOP-BASE-CASE. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 6 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (ITERATIVE-LOOP-PRECONDITION (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1))), which can be obtained from ITERATIVE-LOOP-HYP-INVARIANT. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 5 (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) (ITERATIVE-LOOP-M S))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (Y86-GUARD ARBITRARY-S1) (ITERATIVE-LOOP-PRECONDITION S) (NOT (ITERATIVE-LOOP-TEST S))) (O< (ITERATIVE-LOOP-M (S* (ITERATIVE-LOOP-ALPHA S) ARBITRARY-S1)) (ITERATIVE-LOOP-M S))), which can be obtained from ITERATIVE-LOOP-M-DEC. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 4 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-K S)) (ITERATIVE-LOOP-ALPHA S))), which can be obtained from ITERATIVE-LOOP-ONE-PASS-EFFECTS. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))). But, as indicated by the hint, this goal is subsumed by (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (O-P (ITERATIVE-LOOP-M S))), which can be obtained from ITERATIVE-LOOP-O-P-M. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 2 (NATP (ITERATIVE-LOOP-K S)). But, as indicated by the hint, this goal is subsumed by (NATP (ITERATIVE-LOOP-K S)), which can be obtained from ITERATIVE-LOOP-NATP-K. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 1 (EQUAL (ITERATIVE-LOOP-CLK S) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (IF (ITERATIVE-LOOP-TEST S) (ITERATIVE-LOOP-K S) (C+ (ITERATIVE-LOOP-K S) (ITERATIVE-LOOP-CLK (Y86 S (ITERATIVE-LOOP-K S))))) 0)). But, as indicated by the hint, this goal is subsumed by (EQUAL (ITERATIVE-LOOP-CLK S) (IF (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (IF (ITERATIVE-LOOP-TEST S) (ITERATIVE-LOOP-K S) (C+ (ITERATIVE-LOOP-K S) (ITERATIVE-LOOP-CLK (Y86 S (ITERATIVE-LOOP-K S))))) 0)), which can be obtained from ITERATIVE-LOOP-CLK. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (Y86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (ETC S (ITERATIVE-LOOP-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-LOOP ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions ETC and FORCE we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (EQUAL (Y86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (Y86 S (ITERATIVE-LOOP-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP ...) Rules: ((:DEFINITION ETC) (:DEFINITION FORCE) (:DEFINITION NOT) (:DEFINITION ~=>) (:FAKE-RUNE-FOR-TYPE-SET NIL)) Warnings: Disable, Use and Theory Time: 0.04 seconds (prove: 0.01, print: 0.01, other: 0.02) ITERATIVE-LOOP ACL2 !>>(IN-THEORY (DISABLE ITERATIVE-LOOP-CLK)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4737 ACL2 !>>(DEFTHM ITERATIVE-LOOP-INTENTIONALP (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (INTENTIONAL-EFFECTSP (ITERATIVE-LOOP-EFFECTS S)))) ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-LOOP-INTENTIONALP ...): A :REWRITE rule generated from ITERATIVE-LOOP-INTENTIONALP will be triggered only by terms containing the non-recursive function symbols INTENTIONAL-EFFECTSP and ITERATIVE-LOOP-EFFECTS. Unless these functions are disabled, this rule is unlikely ever to be used. By the simple :definition ITERATIVE-LOOP-PRECONDITION, the :executable- counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (INTENTIONAL-EFFECTSP (ITERATIVE-LOOP-EFFECTS S))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :definitions ITERATIVE-LOOP-EFFECTS, NOT and SYNP, the :executable- counterparts of BINARY-* and BINARY-+, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS and ZP-OPEN and the :type-prescription rule Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (< 0 (G :EAX S))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295) (<= (G :EAX S) 0)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+, EXPT and NOT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 1' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (+ (G :EBX S) 0) 2147483648) (EQUAL (G :ECX S) 4294967295)) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS and NOT, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ y x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type-prescription rules MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Q.E.D. The storage of ITERATIVE-LOOP-INTENTIONALP depends upon the :type- prescription rule INTENTIONAL-EFFECTSP. Summary Form: ( DEFTHM ITERATIVE-LOOP-INTENTIONALP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION INTENTIONAL-EFFECTSP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Non-rec Time: 0.48 seconds (prove: 0.47, print: 0.01, other: 0.00) ITERATIVE-LOOP-INTENTIONALP ACL2 !>>(DEFTHM ITERATIVE-LOOP-IY86 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) :HINTS (("Goal" :USE (:INSTANCE ITERATIVE-LOOP) :IN-THEORY (E/D (IY86-CONVERSION) (INTENTIONAL-EFFECTSP ITERATIVE-LOOP)))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (IETC S (ITERATIVE-LOOP-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-LOOP-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE- COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from ITERATIVE-LOOP via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S)))). By the simple :definition ITERATIVE-LOOP-PRECONDITION, the :executable- counterpart of EXPT and the simple :rewrite rule |(* (* x y) z)| we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (* (G :EAX S) (+ (G :EAX S) 1) 1/2) (G :EBX S)) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-EFFECTS, ITERATIVE-LOOP-PRECONDITION, NOT and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, EQUAL, EXPT and ZP, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y (* x z))|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, NORMALIZE-FACTORS-GATHER-EXPONENTS and ZP-OPEN and the :type-prescription rules ITERATIVE-PROGRAMP and Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (<= (G :EAX S) 0) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterpart of <, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 2' (IMPLIES (AND (EQUAL (G :EAX S) 0) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EBX S) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But forced simplification reduces this to T, using the :rewrite rules IY86-CONVERSION (forced) and N08P-ALISTP-G-MEM-IY86 and the :type- prescription rule Y86-GUARD. Subgoal 1 (IMPLIES (AND (< 0 (G :EAX S)) (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))) (Y86-GUARD S) (EQUAL (G :EIP S) 68) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (< (G :EAX S) 65536) (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) (EQUAL (G :ECX S) 4294967295)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But forced simplification reduces this to T, using the :rewrite rules IY86-CONVERSION (forced) and N08P-ALISTP-G-MEM-IY86 and the :type- prescription rule Y86-GUARD. q.e.d. (given two forced hypotheses) Modulo the following two forced goals, that completes the proof of the input Goal. See :DOC forcing-round. [1]Subgoal 2, below, will focus on (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))), which was forced in Subgoal 1 by applying (:REWRITE IY86-CONVERSION) to (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))). [1]Subgoal 1, below, will focus on (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))), which was forced in Subgoal 2' by applying (:REWRITE IY86-CONVERSION) to (~=> (Y86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))). We now undertake Forcing Round 1. [1]Subgoal 2 (IMPLIES (AND S (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S))) (AND (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S))) (AND (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S))) (AND (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S))) (AND (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S))) (AND (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S))) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (AND (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S))) (EQUAL (N01P (G :F-SF S)) T) (AND (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S))) (EQUAL (N01P (G :F-ZF S)) T) (AND (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S))) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (AND (INTEGERP (G :EBP S)) (<= 0 (G :EBP S))) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (AND (INTEGERP (G :EDI S)) (<= 0 (G :EDI S))) (EQUAL (N32P (G :ESI S)) T) (AND (INTEGERP (G :ESI S)) (<= 0 (G :ESI S))) (EQUAL (N32P (G :EBX S)) T) (AND (INTEGERP (G :EBX S)) (<= 0 (G :EBX S))) (EQUAL (N32P (G :EDX S)) T) (AND (INTEGERP (G :EDX S)) (<= 0 (G :EDX S))) (EQUAL (N32P (G :ECX S)) T) (EQUAL (N32P (G :EAX S)) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (AND (INTEGERP (G :EAX S)) (< 0 (G :EAX S))) (EQUAL (< 0 (G :EAX S)) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EAX S) 65536) T) (EQUAL (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By case analysis we reduce the conjecture to [1]Subgoal 2' (IMPLIES (AND S (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (INTEGERP (G :EBP S)) (<= 0 (G :EBP S)) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (INTEGERP (G :EDI S)) (<= 0 (G :EDI S)) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (EQUAL (N32P (G :EAX S)) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (INTEGERP (G :EAX S)) (< 0 (G :EAX S)) (EQUAL (< 0 (G :EAX S)) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (INTEGERP (G :EIP S)) (< 0 (G :EIP S)) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (INTEGERP (G :ESP S)) (< 0 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EAX S) 65536) T) (EQUAL (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (INTEGERP (G :ECX S)) (< 0 (G :ECX S)) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But forced simplification reduces this to T, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, EXPT, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rules NON-NIL-IF-G-NON-NIL and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(< (if a b c) x)|, ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, DEFAULT-PLUS-1, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR (forced), NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, REMOVE-STRICT-INEQUALITIES, REMOVE-WEAK-INEQUALITIES, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type- prescription rules ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP, N32P-ALISTP, XTR and Y86-GUARD. [1]Subgoal 1 (IMPLIES (AND S (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S))) (AND (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S))) (AND (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S))) (AND (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S))) (AND (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S))) (AND (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S))) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (AND (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S))) (EQUAL (N01P (G :F-SF S)) T) (AND (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S))) (EQUAL (N01P (G :F-ZF S)) T) (AND (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S))) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (AND (INTEGERP (G :EBP S)) (<= 0 (G :EBP S))) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (AND (INTEGERP (G :EDI S)) (<= 0 (G :EDI S))) (EQUAL (N32P (G :ESI S)) T) (AND (INTEGERP (G :ESI S)) (<= 0 (G :ESI S))) (EQUAL (N32P (G :EBX S)) T) (AND (INTEGERP (G :EBX S)) (<= 0 (G :EBX S))) (EQUAL (N32P (G :EDX S)) T) (AND (INTEGERP (G :EDX S)) (<= 0 (G :EDX S))) (EQUAL (N32P (G :ECX S)) T) (EQUAL (N32P (G :EAX S)) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (EQUAL (G :EAX S) 0) T) (EQUAL (G :EAX S) 0) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EBX S) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). By case analysis we reduce the conjecture to [1]Subgoal 1' (IMPLIES (AND S (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (INTEGERP (G :EBP S)) (<= 0 (G :EBP S)) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (INTEGERP (G :EDI S)) (<= 0 (G :EDI S)) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (EQUAL (N32P (G :EAX S)) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (EQUAL (G :EAX S) 0) T) (EQUAL (G :EAX S) 0) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (INTEGERP (G :EIP S)) (< 0 (G :EIP S)) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (INTEGERP (G :ESP S)) (< 0 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EBX S) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (INTEGERP (G :ECX S)) (< 0 (G :ECX S)) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). This simplifies, using the :executable-counterparts of <, EQUAL, N32P and NOT, linear arithmetic and primitive type reasoning, to [1]Subgoal 1'' (IMPLIES (AND (EQUAL (G :EAX S) 0) S (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (EQUAL (N32P (G :EBP S)) T) (INTEGERP (G :EBP S)) (<= 0 (G :EBP S)) (EQUAL (N32P (G :ESP S)) T) (EQUAL (N32P (G :EDI S)) T) (INTEGERP (G :EDI S)) (<= 0 (G :EDI S)) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (INTEGERP (G :EIP S)) (< 0 (G :EIP S)) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (INTEGERP (G :ESP S)) (< 0 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (< (G :EBX S) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (INTEGERP (G :ECX S)) (< 0 (G :ECX S)) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (INTENTIONAL-EFFECTSP (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S))))))). But forced simplification reduces this to T, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, CAR, CONSP, EQUAL, EXPT, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rules NON-NIL-IF-G-NON-NIL and Y86-GUARD-IMPLICATIONS, the :rewrite rules ASSOC-IS-ASSOC-EQUAL, CAR-CONS, CDR-CONS, DEFAULT-LESS-THAN-1, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-XTR (forced), NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-XTR-XTR, REMOVE-STRICT-INEQUALITIES, REMOVE-WEAK-INEQUALITIES, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type- prescription rules ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP, N32P-ALISTP, XTR and Y86-GUARD. q.e.d. (given twelve forced hypotheses) Modulo the following four newly forced goals, that completes Forcing Round 1. For what it is worth, the four new goals were generated by cleaning up twelve forced hypotheses. See :DOC forcing-round. [2]Subgoal 4, below, will focus on (N08P-ALISTP (G :MEM S)), which was forced in [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 0 50000 (G :MEM S))), [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR (G :ESP S) 100000 (G :MEM S))), and [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 100000 105000 (G :MEM S))). [2]Subgoal 3, below, will focus on (N08P-ALISTP (G :MEM S)), which was forced in [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 0 50000 (G :MEM S))), [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR (G :ESP S) 100000 (G :MEM S))), and [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 100000 105000 (G :MEM S))). [2]Subgoal 2, below, will focus on (N08P-ALISTP (G :MEM S)), which was forced in [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 0 50000 (G :MEM S))), [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR (G :ESP S) 100000 (G :MEM S))), and [1]Subgoal 2' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 100000 105000 (G :MEM S))). [2]Subgoal 1, below, will focus on (N08P-ALISTP (G :MEM S)), which was forced in [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 0 50000 (G :MEM S))), [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR (G :ESP S) 100000 (G :MEM S))), and [1]Subgoal 1'' by applying (:REWRITE N32P-DOUBLETSP-XTR) to (N32P-DOUBLETSP (XTR 100000 105000 (G :MEM S))). We now undertake Forcing Round 2. [2]Subgoal 4 (IMPLIES (AND S (EQUAL (EQUAL (G :EAX S) 0) T) (EQUAL (G :EAX S) 0) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EBX S) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (N08P-ALISTP (G :MEM S))). But we reduce the conjecture to T, by the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [2]Subgoal 3 (IMPLIES (AND S (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (OR (AND (RATIONALP (G :EAX S)) (< 0 (G :EAX S))) (COMPLEX-RATIONALP (G :EAX S))) (EQUAL (< 0 (G :EAX S)) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EAX S) 65536) T) (NOT (ACL2-NUMBERP (G :EBX S))) (EQUAL (< (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (N08P-ALISTP (G :MEM S))). But we reduce the conjecture to T, by the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [2]Subgoal 2 (IMPLIES (AND S (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (OR (AND (RATIONALP (G :EAX S)) (< 0 (G :EAX S))) (COMPLEX-RATIONALP (G :EAX S))) (EQUAL (< 0 (G :EAX S)) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (EQUAL (< (G :EAX S) 65536) T) (ACL2-NUMBERP (G :EBX S)) (EQUAL (< (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648) T) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 0) (LIST :EBX (+ (G :EBX S) (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (N08P-ALISTP (G :MEM S))). But we reduce the conjecture to T, by the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [2]Subgoal 1 (IMPLIES (AND S (EQUAL (EQUAL (G :EAX S) 0) T) (EQUAL (G :EAX S) 0) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (G :EIP S) 68) T) (AND (INTEGERP (G :EIP S)) (< 0 (G :EIP S))) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (G :ESP S)) (AND (INTEGERP (G :ESP S)) (< 0 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (NOT (ACL2-NUMBERP (G :EBX S))) (EQUAL (EQUAL (G :ECX S) 4294967295) T) (AND (INTEGERP (G :ECX S)) (< 0 (G :ECX S))) (NOT (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (LIST '(:EAX 4294967295) (LIST :EBX (G :EBX S)) '(:EIP 77) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 105000 (G :MEM S)))))))) (N08P-ALISTP (G :MEM S))). But we reduce the conjecture to T, by the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-LOOP-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (IETC S (ITERATIVE-LOOP-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-LOOP-IY86 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S))) (~=> (IY86 S (ITERATIVE-LOOP-CLK S)) (ITERATIVE-LOOP-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-LOOP-PRECONDITION S)) (EQUAL (IY86 S (ITERATIVE-LOOP-CLK S)) (S* (ITERATIVE-LOOP-EFFECTS S) (IY86 S (ITERATIVE-LOOP-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-LOOP-IY86 ...) Rules: ((:COMPOUND-RECOGNIZER N01P-TYPE) (:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION FORCE) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IETC) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION SYNP) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N01P-BOUND) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING NON-NIL-IF-G-NON-NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* (* x y) z)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y (* x z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(< (if a b c) x)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-LESS-THAN-1) (:REWRITE DEFAULT-PLUS-1) (:REWRITE IY86-CONVERSION) (:REWRITE N08P-ALISTP-G-MEM-IY86) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REMOVE-STRICT-INEQUALITIES) (:REWRITE REMOVE-WEAK-INEQUALITIES) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE ZP-OPEN) (:TYPE-PRESCRIPTION INTEGERP-MOD-1) (:TYPE-PRESCRIPTION ITERATIVE-PROGRAMP) (:TYPE-PRESCRIPTION MOD-NONNEGATIVE) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION N32P-ALISTP) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Disable and Theory Time: 1.54 seconds (prove: 1.45, print: 0.08, other: 0.02) ITERATIVE-LOOP-IY86 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. We export ITERATIVE-LOOP-CLK, ITERATIVE-LOOP-ALPHA, ITERATIVE-LOOP-K, ITERATIVE-LOOP-TEST, ITERATIVE-LOOP-M, ITERATIVE-LOOP-EFFECTS and ITERATIVE-LOOP-PRECONDITION. Summary Form: ( ENCAPSULATE NIL (DEFUN ITERATIVE-LOOP-PRECONDITION ...) ...) Rules: NIL Warnings: Use, Disable, Theory and Non-rec Time: 7.96 seconds (prove: 7.44, print: 0.36, other: 0.16) T ACL2 !>(defthm-code-seq iterative-correct ; verification of iterative routine (and (equal (r08 (g :eip s) (g :mem s)) 128) ; call of iterative (equal (r32 (+ 1 (g :eip s)) (g :mem s)) *iterative*) (< (+ (g :eip s) 5) *prog-hi*) ; (instr entirely in prog space) (iterative-programp (g :mem s)) (<= *stack-lo* (- (g :esp s) (* 4 6))) ; standard esp invariant EXCEPT: room for 6 words (<= (g :esp s) *stack-hi*) (equal (mod (g :esp s) 4) 0) (<= *stack-lo* (g :ebp s)) ; standard ebp invariant (<= (g :ebp s) *stack-hi*) (equal (mod (g :ebp s) 4) 0) (<= (g :esp s) (g :ebp s)) (<= *data-lo* (g :edi s)) ; standard edi invariant (< (g :edi s) *data-hi*) (equal (mod (g :edi s) 4) 0) (< (+ (g :edi s) 100) *data-hi*) ; can write at edi+100 (< (g :eax s) (expt 2 16)) ; input legal ) (effects (:eax (g :eax s)) ; no register is changed (:ebx (g :ebx s)) (:ecx (g :ecx s)) (:edx (g :edx s)) (:esp (g :esp s)) (:ebp (g :ebp s)) (:edi (g :edi s)) (:esi (g :esi s)) (:eip (+ 5 (g :eip s))) ; except pc is advanced over call ; I prove a very strong condition on memory: the program segment, the active ; stack segment, and all of the data segment except %edi+100 are unchanged. ; The correct answer is found in mem[%edi+100]. (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (xtr (g :esp s) *stack-hi* (g :mem s)) (xtr *data-lo* (+ (g :edi s) 100) (g :mem s)) (xtr (+ (g :edi s) 104) *data-hi* (g :mem s)) (list (list (+ 100 (g :edi s)) (/ (* (g :eax s) (+ (g :eax s) 1)) 2)))))) :intentionalp t ; Both of these clocks work: :k (compose-clks (7 2 iterative-loop-clk 1 7) s) ; :k (compose-clks ( 9 iterative-loop-clk 8 ) s) ) To verify that the seven encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFUN ITERATIVE-CORRECT-CLK (S) (DECLARE (IGNORABLE S)) (C+ 7 (C+ 2 (C+ (ITERATIVE-LOOP-CLK (IY86 (IY86 S 7) 2)) (C+ 1 7))))) Since ITERATIVE-CORRECT-CLK is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-CORRECT-CLK is described by the theorem (AND (INTEGERP (ITERATIVE-CORRECT-CLK S)) (<= 0 (ITERATIVE-CORRECT-CLK S))). We used the :executable-counterpart of NATP and the :type-prescription rules ITERATIVE-LOOP-CLK and NATP-C+. Summary Form: ( DEFUN ITERATIVE-CORRECT-CLK ...) Rules: ((:EXECUTABLE-COUNTERPART NATP) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-CLK) (:TYPE-PRESCRIPTION NATP-C+)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) ITERATIVE-CORRECT-CLK ACL2 !>>(DEFUN ITERATIVE-CORRECT-PRECONDITION (S) (DECLARE (IGNORABLE S)) (AND (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) *ITERATIVE*) (< (+ (G :EIP S) 5) *PROG-HI*) (ITERATIVE-PROGRAMP (G :MEM S)) (<= *STACK-LO* (- (G :ESP S) (* 4 6))) (<= (G :ESP S) *STACK-HI*) (EQUAL (MOD (G :ESP S) 4) 0) (<= *STACK-LO* (G :EBP S)) (<= (G :EBP S) *STACK-HI*) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= *DATA-LO* (G :EDI S)) (< (G :EDI S) *DATA-HI*) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) *DATA-HI*) (< (G :EAX S) (EXPT 2 16)))) Since ITERATIVE-CORRECT-PRECONDITION is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-CORRECT-PRECONDITION is described by the theorem (OR (EQUAL (ITERATIVE-CORRECT-PRECONDITION S) T) (EQUAL (ITERATIVE-CORRECT-PRECONDITION S) NIL)). Summary Form: ( DEFUN ITERATIVE-CORRECT-PRECONDITION ...) Rules: NIL Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) ITERATIVE-CORRECT-PRECONDITION ACL2 !>>(DEFUN ITERATIVE-CORRECT-EFFECTS (S) (DECLARE (IGNORABLE S)) (EFFECTS (:EAX (G :EAX S)) (:EBX (G :EBX S)) (:ECX (G :ECX S)) (:EDX (G :EDX S)) (:ESP (G :ESP S)) (:EBP (G :EBP S)) (:EDI (G :EDI S)) (:ESI (G :ESI S)) (:EIP (+ 5 (G :EIP S))) (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (XTR (G :ESP S) *STACK-HI* (G :MEM S)) (XTR *DATA-LO* (+ (G :EDI S) 100) (G :MEM S)) (XTR (+ (G :EDI S) 104) *DATA-HI* (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (/ (* (G :EAX S) (+ (G :EAX S) 1)) 2))))))) Since ITERATIVE-CORRECT-EFFECTS is non-recursive, its admission is trivial. We observe that the type of ITERATIVE-CORRECT-EFFECTS is described by the theorem (AND (CONSP (ITERATIVE-CORRECT-EFFECTS S)) (TRUE-LISTP (ITERATIVE-CORRECT-EFFECTS S))). We used primitive type reasoning. Summary Form: ( DEFUN ITERATIVE-CORRECT-EFFECTS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) ITERATIVE-CORRECT-EFFECTS ACL2 !>>(DEFTHM ITERATIVE-CORRECT-INTENTIONALP (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (INTENTIONAL-EFFECTSP (ITERATIVE-CORRECT-EFFECTS S)))) ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-CORRECT-INTENTIONALP ...): A :REWRITE rule generated from ITERATIVE-CORRECT-INTENTIONALP will be triggered only by terms containing the non-recursive function symbols INTENTIONAL-EFFECTSP and ITERATIVE-CORRECT-EFFECTS. Unless these functions are disabled, this rule is unlikely ever to be used. By the simple :definition ITERATIVE-CORRECT-PRECONDITION and the :executable- counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ (G :EIP S) 5) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) -24)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (INTENTIONAL-EFFECTSP (ITERATIVE-CORRECT-EFFECTS S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, INTENTIONAL-EFFECTSP, INTENTIONAL-KEYS, ITERATIVE-CORRECT-EFFECTS, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, INTENTIONAL-KEYS, MEMBER, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(* 1 x)|, |(* a (/ a))|, |(* x (+ y z))|, |(* x x)|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< x (/ y)) with (< 0 y)|, ASSOC-IS-ASSOC-EQUAL, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN and UNIQUE-KEYS-XTR and the :type- prescription rules MOD-ZERO, N08P-ALISTP, SUM-ARITH-LEMMA1, XTR and Y86-GUARD, to the following three conjectures. Subgoal 3 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (+ 104 (G :EDI S)) 105000)) (<= 50000 (+ 104 (G :EDI S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :ESP S) 100000) (< (+ 104 (G :EDI S)) 105000)) (<= 100000 (+ 104 (G :EDI S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :ESP S) 100000)) (<= 50000 (G :ESP S))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. The storage of ITERATIVE-CORRECT-INTENTIONALP depends upon the :type- prescription rule INTENTIONAL-EFFECTSP. Summary Form: ( DEFTHM ITERATIVE-CORRECT-INTENTIONALP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION INTENTIONAL-EFFECTSP) (:DEFINITION INTENTIONAL-KEYS) (:DEFINITION ITERATIVE-CORRECT-EFFECTS) (:DEFINITION ITERATIVE-CORRECT-PRECONDITION) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART INTENTIONAL-KEYS) (:EXECUTABLE-COUNTERPART MEMBER) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR SUM-ARITH-LEMMA2) (:REWRITE |(* 1 x)|) (:REWRITE |(* a (/ a))|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x x)|) (:REWRITE |(* y x)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(< x (/ y)) with (< 0 y)|) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE CANCEL-MOD-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:TYPE-PRESCRIPTION INTENTIONAL-EFFECTSP) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA1) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Non-rec Time: 1.10 seconds (prove: 1.08, print: 0.01, other: 0.00) ITERATIVE-CORRECT-INTENTIONALP ACL2 !>>(DEFTHM ITERATIVE-CORRECT-IY86 (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-CORRECT-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (IETC S (ITERATIVE-CORRECT-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-CORRECT-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-CORRECT-IY86 ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE- COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-CORRECT-IY86 ...): A :REWRITE rule generated from ITERATIVE-CORRECT-IY86 will be triggered only by terms containing the non-recursive function symbol ITERATIVE-CORRECT-CLK. Unless this function is disabled, this rule is unlikely ever to be used. By the simple :definitions ITERATIVE-CORRECT-CLK and ITERATIVE-CORRECT-PRECONDITION and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ (G :EIP S) 5) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) -24)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (~=> (IY86 S (C+ 7 (C+ 2 (C+ (ITERATIVE-LOOP-CLK (IY86 (IY86 S 7) 2)) (C+ 1 7))))) (ITERATIVE-CORRECT-EFFECTS S))). This forcibly simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, ITERATIVE-CORRECT-EFFECTS, MV-NTH, N32+ and SYNP, the :executable- counterparts of <, BINARY-+, BITS-04, EQL, EQUAL, EXPT, NATP, UNARY-- and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y x)|, |(+ c (+ d x))|, |(+ x (if a b c))|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CAR-CONS, CDR-CONS, ITERATIVE-LOOP-IY86 (forced), IY86-C+, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N32+-COMMUTES, N32-MINUS-N, NORMALIZE-FACTORS-GATHER-EXPONENTS and S-DIFF-S and the :type-prescription rules ITERATIVE-LOOP-CLK, NATP-C+ and Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (~=> (IY86 (IY86 (S* (ITERATIVE-LOOP-EFFECTS (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 6) 2)) (IETC (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 6) 2) (ITERATIVE-LOOP-CLK (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 6) 2)))) 1) 7) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, ITERATIVE-LOOP-EFFECTS, IW32-CNT, MV-NTH, N32+, NATP, NOT, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, N32, N32+, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, NORMALIZE-FACTORS-GATHER-EXPONENTS, R08-ITERATIVE, R32-ITERATIVE, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32-ITERATIVE, W32-W32-COMMUTES, XTR-W32 and ZP-OPEN and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP and Y86-GUARD, to the following two conjectures. Subgoal 2.2 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (< 0 (G :EAX S))) (~=> (IY86 (IY86 (S* (LIST '(:EAX 0) (LIST :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) '(:EIP 77) (LIST :ESP (+ -24 (G :ESP S))) (LIST :EBP (+ -8 (G :ESP S))) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (XTR 100000 105000 (G :MEM S))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))) 1) 7) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions DOUBLE-REWRITE, IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, REGVAL, S* and SYNP, the :executable- counterparts of <, =, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CDR, CONS, CONSP, EQL, EQUAL, EXPT, INTEGERP, N01P, N32+, N32-TO-I32, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, ASSOC-IS-ASSOC-EQUAL, ASSOC-XTR, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N01P-HIDE, N08P-ALISTP-G-MEM-IETC, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, N32P-DOUBLETSP-XTR, R08-ITERATIVE, R32-ITERATIVE, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32*-APPEND, W32*-XTR-ITERATIVE, W32*-XTR-W32*-XTR, W32-W32*-COMMUTES, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF and Y86-GUARD-S-MEM and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP, SUM-ARITH-LEMMA1 and Y86-GUARD, to Subgoal 2.2' (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (< 0 (G :EAX S))) (~=> (S :EAX (G :EAX S) (S :EBP (G :EBP S) (S :EBX (G :EBX S) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP (+ 5 (G :EIP S)) (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (G :MEM (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))))))))))))))) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, DOUBLE-REWRITE, GOOD-MEM-LISTP, NATP, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, =, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, N01P, N32-TO-I32, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY--, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward- chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(* a (/ a))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (+ (- c) x) y)|, |(< x (/ y)) with (< 0 y)|, ADDR-EQUAL-X-X, ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, ALL-EQUAL-R32-XTR-W32*-CASE-1, ALL-EQUAL-R32-XTR-W32*-CASE-2, ALL-EQUAL-R32-XTR-W32*-CASE-3, ASSOC-IS-ASSOC-EQUAL, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N01P-HIDE, N08P-ALISTP-G-MEM-IETC, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF, Y86-GUARD-S-MEM, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, SUM-ARITH-LEMMA1, XTR and Y86-GUARD. Subgoal 2.1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (<= (G :EAX S) 0)) (~=> (IY86 (IY86 (S* (LIST '(:EAX 4294967295) '(:EBX 0) '(:EIP 77) (LIST :ESP (+ -24 (G :ESP S))) (LIST :EBP (+ -8 (G :ESP S))) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (XTR 100000 105000 (G :MEM S))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))) 1) 7) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of <, BINARY-*, BINARY-+, CONS, EXPT and NOT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Subgoal 2.1' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EIP S) 4294967295)) (~=> (IY86 (IY86 (S* (LIST '(:EAX 4294967295) '(:EBX 0) '(:EIP 77) (LIST :ESP (+ -24 (G :ESP S))) (LIST :EBP (+ -8 (G :ESP S))) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (XTR 100000 105000 (G :MEM S))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))) 1) 7) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions DOUBLE-REWRITE, IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, REGVAL, S* and SYNP, the :executable- counterparts of <, =, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CDR, CONS, CONSP, EQL, EQUAL, EXPT, INTEGERP, N01P, N32+, N32-TO-I32, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, ASSOC-IS-ASSOC-EQUAL, ASSOC-XTR, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N01P-HIDE, N08P-ALISTP-G-MEM-IETC, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, N32P-DOUBLETSP-XTR, R08-ITERATIVE, R32-ITERATIVE, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32*-APPEND, W32*-XTR-ITERATIVE, W32*-XTR-W32*-XTR, W32-W32*-COMMUTES, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF and Y86-GUARD-S-MEM and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, ITERATIVE-PROGRAMP, MOD-ZERO, N08P-ALISTP and Y86-GUARD, to Subgoal 2.1'' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EIP S) 4294967295)) (~=> (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (G :EBX S) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP (+ 5 (G :EIP S)) (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) 0 (W32* (XTR 100000 105000 (G :MEM S)) (W32* (XTR (+ -24 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S)))))))) (G :MEM (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S)))))))))))))))) (IETC (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))) (ITERATIVE-LOOP-CLK (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :ECX 4294967295 (S :EIP 68 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF 0 (S :F-SF (HIDE (LET ((RESULT 0)) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT 0)) (IF (= RESULT 0) 1 0))) S))))))))))))))))))))) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, DOUBLE-REWRITE, GOOD-MEM-LISTP, NATP, NON-NIL-KEYS, NOT and SYNP, the :executable-counterparts of <, =, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, N01P, N32-TO-I32, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY--, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward- chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* a (/ a))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (+ (- c) x) y)|, |(< x (/ y)) with (< 0 y)|, ADDR-EQUAL-X-X, ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, ALL-EQUAL-R32-XTR-W32*-CASE-1, ALL-EQUAL-R32-XTR-W32*-CASE-2, ALL-EQUAL-R32-XTR-W32*-CASE-3, ASSOC-IS-ASSOC-EQUAL, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N01P-HIDE, N08P-ALISTP-G-MEM-IETC, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF, Y86-GUARD-S-MEM, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1 (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (<= 4294967295 (G :EIP S))) (~=> (IY86 (IY86 (S* (ITERATIVE-LOOP-EFFECTS (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 6) 2)) (IETC (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 6) 2) (ITERATIVE-LOOP-CLK (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 6) 2)))) 1) 7) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. q.e.d. (given two forced hypotheses) Modulo the following two forced goals, that completes the proof of the input Goal. See :DOC forcing-round. [1]Subgoal 2, below, will focus on (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2)), which was forced in Goal' by applying (:REWRITE ITERATIVE-LOOP-IY86) to (IY86 (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2) (ITERATIVE-LOOP-CLK (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). [1]Subgoal 1, below, will focus on (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2)), which was forced in Goal' by applying (:REWRITE ITERATIVE-LOOP-IY86) to (IY86 (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2) (ITERATIVE-LOOP-CLK (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). We now undertake Forcing Round 1. [1]Subgoal 2 (IMPLIES (AND (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S))) (AND (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S))) (AND (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S))) (AND (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S))) (AND (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S))) (AND (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S))) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (AND (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S))) (EQUAL (N01P (G :F-SF S)) T) (AND (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S))) (EQUAL (N01P (G :F-ZF S)) T) (AND (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S))) (EQUAL (N32P (G :EIP S)) T) (AND (INTEGERP (G :EIP S)) (<= 0 (G :EIP S))) (EQUAL (N32P (G :EBP S)) T) (EQUAL (N32P (G :ESP S)) T) (AND (INTEGERP (G :ESP S)) (<= 0 (G :ESP S))) (EQUAL (N32P (G :EDI S)) T) (EQUAL (N32P (G :ESI S)) T) (AND (INTEGERP (G :ESI S)) (<= 0 (G :ESI S))) (EQUAL (N32P (G :EBX S)) T) (AND (INTEGERP (G :EBX S)) (<= 0 (G :EBX S))) (EQUAL (N32P (G :EDX S)) T) (AND (INTEGERP (G :EDX S)) (<= 0 (G :EDX S))) (EQUAL (N32P (G :ECX S)) T) (AND (INTEGERP (G :ECX S)) (<= 0 (G :ECX S))) (EQUAL (N32P (G :EAX S)) T) (AND (INTEGERP (G :EAX S)) (<= 0 (G :EAX S))) S (EQUAL (< (R08 (G :EIP S) (G :MEM S)) 256) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) T) (AND (INTEGERP (R08 (G :EIP S) (G :MEM S))) (< 0 (R08 (G :EIP S) (G :MEM S)))) (EQUAL (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) T) (AND (INTEGERP (R32 (+ 1 (G :EIP S)) (G :MEM S))) (< 0 (R32 (+ 1 (G :EIP S)) (G :MEM S)))) (EQUAL (< (+ 5 (G :EIP S)) 50000) T) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (+ -24 (G :ESP S))) (AND (INTEGERP (+ -24 (G :ESP S))) (< 0 (+ -24 (G :ESP S)))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (AND (INTEGERP (G :EBP S)) (< 0 (G :EBP S))) (<= (G :EBP S) 100000) (EQUAL (EQUAL (MOD (G :EBP S) 4) 0) T) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (AND (INTEGERP (G :EDI S)) (< 0 (G :EDI S))) (EQUAL (< (G :EDI S) 105000) T) (EQUAL (EQUAL (MOD (G :EDI S) 4) 0) T) (EQUAL (MOD (G :EDI S) 4) 0) (EQUAL (< (+ 100 (G :EDI S)) 105000) T) (EQUAL (< (G :EAX S) 65536) T)) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). By case analysis we reduce the conjecture to [1]Subgoal 2' (IMPLIES (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (INTEGERP (G :EIP S)) (<= 0 (G :EIP S)) (EQUAL (N32P (G :EBP S)) T) (EQUAL (N32P (G :ESP S)) T) (INTEGERP (G :ESP S)) (<= 0 (G :ESP S)) (EQUAL (N32P (G :EDI S)) T) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (INTEGERP (G :ECX S)) (<= 0 (G :ECX S)) (EQUAL (N32P (G :EAX S)) T) (INTEGERP (G :EAX S)) (<= 0 (G :EAX S)) S (EQUAL (< (R08 (G :EIP S) (G :MEM S)) 256) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) T) (INTEGERP (R08 (G :EIP S) (G :MEM S))) (< 0 (R08 (G :EIP S) (G :MEM S))) (EQUAL (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) T) (INTEGERP (R32 (+ 1 (G :EIP S)) (G :MEM S))) (< 0 (R32 (+ 1 (G :EIP S)) (G :MEM S))) (EQUAL (< (+ 5 (G :EIP S)) 50000) T) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (+ -24 (G :ESP S))) (INTEGERP (+ -24 (G :ESP S))) (< 0 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (< 0 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (EQUAL (MOD (G :EBP S) 4) 0) T) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< 0 (G :EDI S)) (EQUAL (< (G :EDI S) 105000) T) (EQUAL (EQUAL (MOD (G :EDI S) 4) 0) T) (EQUAL (MOD (G :EDI S) 4) 0) (EQUAL (< (+ 100 (G :EDI S)) 105000) T) (EQUAL (< (G :EAX S) 65536) T)) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). This simplifies, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IW32-CNT, NATP and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-+, EQUAL, EXPT, FLOOR, INTEGERP, N32, NOT and UNARY--, linear arithmetic, primitive type reasoning, the :forward-chaining rules NON-NIL-IF-G-NON-NIL and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(< (if a b c) x)|, DEFAULT-LESS-THAN-1, DEFAULT-PLUS-2, G-DIFF-S, INTEGERP-+-REDUCE-CONSTANT, N32-OPEN, REDUCE-ADDITIVE-CONSTANT-<, REMOVE-STRICT-INEQUALITIES, REMOVE-WEAK-INEQUALITIES, S-DIFF-S and SUFF-N32P and the :type-prescription rules ITERATIVE-PROGRAMP, N08P-ALISTP, N32P-ALISTP and Y86-GUARD, to the following six conjectures. [1]Subgoal 2.6 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (< (G :EIP S) 4294967295)) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ 5 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 2.5 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (<= 4294967295 (G :EIP S))) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ -4294967291 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 2.4 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ 5 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions DOUBLE-REWRITE, IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, =, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N01P, N32, N32+, N32-TO-I32, N32P, NUMR, R08, R32, RA, RB, UNARY-- and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N01P-BOUND, N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N01P-HIDE, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, R08-ITERATIVE, R32-ITERATIVE, REDUCE-ADDITIVE-CONSTANT-<, REMOVE-STRICT-INEQUALITIES, S-DIFF-S, S-SAME-S, SUFF-N32P, W32-ITERATIVE, W32-W32-COMMUTES, Y86-GUARD-S-EBP, Y86-GUARD-S-EBX, Y86-GUARD-S-ECX, Y86-GUARD-S-EIP, Y86-GUARD-S-ESP, Y86-GUARD-S-F-OF, Y86-GUARD-S-F-SF, Y86-GUARD-S-F-ZF and Y86-GUARD-S-MEM and the :type- prescription rules ITERATIVE-PROGRAMP, N08P-ALISTP and Y86-GUARD. [1]Subgoal 2.3 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (<= 4294967295 (G :EIP S))) (Y86-GUARD (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ -4294967291 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 2.2 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (Y86-GUARD (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 2.1 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (Y86-GUARD (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1 (IMPLIES (AND (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S))) (AND (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S))) (AND (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S))) (AND (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S))) (AND (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S))) (AND (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S))) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (AND (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S))) (EQUAL (N01P (G :F-SF S)) T) (AND (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S))) (EQUAL (N01P (G :F-ZF S)) T) (AND (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S))) (EQUAL (N32P (G :EIP S)) T) (AND (INTEGERP (G :EIP S)) (<= 0 (G :EIP S))) (EQUAL (N32P (G :EBP S)) T) (EQUAL (N32P (G :ESP S)) T) (AND (INTEGERP (G :ESP S)) (<= 0 (G :ESP S))) (EQUAL (N32P (G :EDI S)) T) (EQUAL (N32P (G :ESI S)) T) (AND (INTEGERP (G :ESI S)) (<= 0 (G :ESI S))) (EQUAL (N32P (G :EBX S)) T) (AND (INTEGERP (G :EBX S)) (<= 0 (G :EBX S))) (EQUAL (N32P (G :EDX S)) T) (AND (INTEGERP (G :EDX S)) (<= 0 (G :EDX S))) (EQUAL (N32P (G :ECX S)) T) (AND (INTEGERP (G :ECX S)) (<= 0 (G :ECX S))) (EQUAL (N32P (G :EAX S)) T) (AND (INTEGERP (G :EAX S)) (<= 0 (G :EAX S))) S (EQUAL (< (R08 (G :EIP S) (G :MEM S)) 256) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) T) (AND (INTEGERP (R08 (G :EIP S) (G :MEM S))) (< 0 (R08 (G :EIP S) (G :MEM S)))) (EQUAL (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) T) (AND (INTEGERP (R32 (+ 1 (G :EIP S)) (G :MEM S))) (< 0 (R32 (+ 1 (G :EIP S)) (G :MEM S)))) (EQUAL (< (+ 5 (G :EIP S)) 50000) T) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (+ -24 (G :ESP S))) (AND (INTEGERP (+ -24 (G :ESP S))) (< 0 (+ -24 (G :ESP S)))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (AND (INTEGERP (G :EBP S)) (< 0 (G :EBP S))) (<= (G :EBP S) 100000) (EQUAL (EQUAL (MOD (G :EBP S) 4) 0) T) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (AND (INTEGERP (G :EDI S)) (< 0 (G :EDI S))) (EQUAL (< (G :EDI S) 105000) T) (EQUAL (EQUAL (MOD (G :EDI S) 4) 0) T) (EQUAL (MOD (G :EDI S) 4) 0) (EQUAL (< (+ 100 (G :EDI S)) 105000) T) (EQUAL (< (G :EAX S) 65536) T)) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). By case analysis we reduce the conjecture to [1]Subgoal 1' (IMPLIES (AND (INTEGERP (G :ZTEPS S)) (<= 0 (G :ZTEPS S)) (INTEGERP (G :WRITES-DATA S)) (<= 0 (G :WRITES-DATA S)) (INTEGERP (G :READ-MISSES S)) (<= 0 (G :READ-MISSES S)) (INTEGERP (G :READS-DATA S)) (<= 0 (G :READS-DATA S)) (INTEGERP (G :READS-INST S)) (<= 0 (G :READS-INST S)) (INTEGERP (G :CYCLES S)) (<= 0 (G :CYCLES S)) (EQUAL (N32P-ALISTP (G :CACHE S)) T) (EQUAL (N08P-ALISTP (G :MEM S)) T) (EQUAL (N01P (G :F-OF S)) T) (INTEGERP (G :F-OF S)) (<= 0 (G :F-OF S)) (EQUAL (N01P (G :F-SF S)) T) (INTEGERP (G :F-SF S)) (<= 0 (G :F-SF S)) (EQUAL (N01P (G :F-ZF S)) T) (INTEGERP (G :F-ZF S)) (<= 0 (G :F-ZF S)) (EQUAL (N32P (G :EIP S)) T) (INTEGERP (G :EIP S)) (<= 0 (G :EIP S)) (EQUAL (N32P (G :EBP S)) T) (EQUAL (N32P (G :ESP S)) T) (INTEGERP (G :ESP S)) (<= 0 (G :ESP S)) (EQUAL (N32P (G :EDI S)) T) (EQUAL (N32P (G :ESI S)) T) (INTEGERP (G :ESI S)) (<= 0 (G :ESI S)) (EQUAL (N32P (G :EBX S)) T) (INTEGERP (G :EBX S)) (<= 0 (G :EBX S)) (EQUAL (N32P (G :EDX S)) T) (INTEGERP (G :EDX S)) (<= 0 (G :EDX S)) (EQUAL (N32P (G :ECX S)) T) (INTEGERP (G :ECX S)) (<= 0 (G :ECX S)) (EQUAL (N32P (G :EAX S)) T) (INTEGERP (G :EAX S)) (<= 0 (G :EAX S)) S (EQUAL (< (R08 (G :EIP S) (G :MEM S)) 256) T) (EQUAL (< (G :EAX S) 4294967296) T) (EQUAL (< (G :ECX S) 4294967296) T) (EQUAL (< (G :EDX S) 4294967296) T) (EQUAL (< (G :EBX S) 4294967296) T) (EQUAL (< (G :ESI S) 4294967296) T) (EQUAL (< (G :EDI S) 4294967296) T) (EQUAL (< (G :ESP S) 4294967296) T) (EQUAL (< (G :EBP S) 4294967296) T) (EQUAL (< (G :EIP S) 4294967296) T) (EQUAL (< (G :F-ZF S) 2) T) (EQUAL (< (G :F-SF S) 2) T) (EQUAL (< (G :F-OF S) 2) T) (EQUAL (Y86-GUARD S) T) (EQUAL (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) T) (INTEGERP (R08 (G :EIP S) (G :MEM S))) (< 0 (R08 (G :EIP S) (G :MEM S))) (EQUAL (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) T) (INTEGERP (R32 (+ 1 (G :EIP S)) (G :MEM S))) (< 0 (R32 (+ 1 (G :EIP S)) (G :MEM S))) (EQUAL (< (+ 5 (G :EIP S)) 50000) T) (EQUAL (ITERATIVE-PROGRAMP (G :MEM S)) T) (<= 50000 (+ -24 (G :ESP S))) (INTEGERP (+ -24 (G :ESP S))) (< 0 (+ -24 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (EQUAL (MOD (G :ESP S) 4) 0) T) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (< 0 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (EQUAL (MOD (G :EBP S) 4) 0) T) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< 0 (G :EDI S)) (EQUAL (< (G :EDI S) 105000) T) (EQUAL (EQUAL (MOD (G :EDI S) 4) 0) T) (EQUAL (MOD (G :EDI S) 4) 0) (EQUAL (< (+ 100 (G :EDI S)) 105000) T) (EQUAL (< (G :EAX S) 65536) T)) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (IF (< (G :EIP S) 4294967295) (+ 1 (G :EIP S)) (+ -4294967295 (G :EIP S))) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (IF (< (G :EIP S) 4294967295) (+ 5 (G :EIP S)) (+ -4294967291 (G :EIP S))))) 6) 2))). This simplifies, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ITERATIVE-LOOP-PRECONDITION, IW32-CNT, NATP and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, EQUAL, EXPT, FLOOR, INTEGERP, N32, NOT, UNARY-- and UNARY-/, linear arithmetic, primitive type reasoning, the :forward- chaining rules NON-NIL-IF-G-NON-NIL and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* (if a b c) x)|, |(* 1 x)|, |(* a (/ a) b)|, |(* x (+ y z))|, |(* x (if a b c))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ (if a b c) x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (if a b c) x)|, |(equal (if a b c) x)|, BUBBLE-DOWN-*-MATCH-1, DEFAULT-LESS-THAN-1, DEFAULT-MOD-RATIO, DEFAULT-PLUS-1, DEFAULT-PLUS-2, DEFAULT-TIMES-1, G-DIFF-S, INTEGERP-+-REDUCE-CONSTANT, N32-OPEN, NORMALIZE-FACTORS-GATHER-EXPONENTS, REDUCE-ADDITIVE-CONSTANT-<, REDUCE-RATIONALP-*, REMOVE-STRICT-INEQUALITIES, REMOVE-WEAK-INEQUALITIES, S-DIFF-S and SUFF-N32P and the :type-prescription rules ITERATIVE-PROGRAMP, N08P-ALISTP, N32P-ALISTP and Y86-GUARD, to the following 32 conjectures. [1]Subgoal 1.32 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (< (G :EIP S) 4294967295)) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ 5 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.31 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (<= 4294967295 (G :EIP S))) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ -4294967291 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.30 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ 5 (G :EIP S)))) 6) 2))). This simplifies, using the :compound-recognizer rules N01P-TYPE, N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, ITERATIVE-LOOP-PRECONDITION, IW32-CNT, MV-NTH, N32+, NATP, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N32, N32+, NUMR, R08, R32, RA, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N01P-BOUND, N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* 1 x)|, |(* x (+ y z))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, BUBBLE-DOWN-*-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, NORMALIZE-FACTORS-GATHER-EXPONENTS, R08-ITERATIVE, R32-ITERATIVE, REDUCE-ADDITIVE-CONSTANT-<, REMOVE-STRICT-INEQUALITIES, S-DIFF-S, S-SAME-S, W32-ITERATIVE and W32-W32-COMMUTES and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, ITERATIVE-PROGRAMP, N08P-ALISTP and Y86-GUARD, to the following three conjectures. [1]Subgoal 1.30.3 (IMPLIES (AND (<= 0 (G :ESP S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= 50000 (+ -24 (G :ESP S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.30.2 (IMPLIES (AND (<= 0 (G :ESP S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (< (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterpart of EXPT, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2 and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.30.1 (IMPLIES (AND (<= 0 (G :ESP S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (G :EIP S) 49995) (ITERATIVE-PROGRAMP (G :MEM S)) (<= 50024 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= (+ -24 (G :ESP S)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.29 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (ACL2-NUMBERP (G :EIP S)) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 48) (< (+ 5 (G :EIP S)) 50000) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (<= 4294967295 (G :EIP S))) (ITERATIVE-LOOP-PRECONDITION (IY86 (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (+ -4 (G :ESP S)) S)) (+ -4 (G :ESP S)) (N32 (+ -4294967291 (G :EIP S)))) 6) 2))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.28 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (EQUAL (G :EIP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 68)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.27 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (ITERATIVE-PROGRAMP (G :MEM (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.26 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (<= (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.25 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (ACL2-NUMBERP (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.24 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (RATIONALP (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.23 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (<= 50000 (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.22 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S)))) (EQUAL (MOD (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4) 0)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.21 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 65536)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.20 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.19 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (NOT (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))))) (< (+ (* 1/2 (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (* 1/2 (EXPT (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.18 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (NOT (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.17 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (+ (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) (* 1/2 (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (* 1/2 (EXPT (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.16 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (< (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2147483648)) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.15 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (NOT (ACL2-NUMBERP (G :EAX S))) (NOT (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))))) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.14 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (EQUAL (G :EIP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 68)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.13 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (ITERATIVE-PROGRAMP (G :MEM (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.12 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (<= (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.11 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (ACL2-NUMBERP (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.10 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (RATIONALP (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.9 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (<= 50000 (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.8 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536)) (EQUAL (MOD (G :ESP (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4) 0)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.7 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 65536)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.6 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.5 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (NOT (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))))) (< (+ (* 1/2 (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (* 1/2 (EXPT (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.4 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (NOT (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.3 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (ACL2-NUMBERP (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)))) (< (+ (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) (* 1/2 (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))) (* 1/2 (EXPT (G :EAX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2))) 2147483648)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.2 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 2147483648)) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. [1]Subgoal 1.1 (IMPLIES (AND (<= 0 (G :ESP S)) (< (G :ECX S) 4294967296) (< (G :EDX S) 4294967296) (< (G :EBX S) 4294967296) (< (G :ESI S) 4294967296) (< (G :EIP S) 4294967296) (< (G :F-ZF S) 2) (< (G :F-SF S) 2) (< (G :F-OF S) 2) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (NOT (ACL2-NUMBERP (G :EIP S))) (EQUAL (R32 1 (G :MEM S)) 48) (ITERATIVE-PROGRAMP (G :MEM S)) (ACL2-NUMBERP (G :ESP S)) (<= 50024 (G :ESP S)) (INTEGERP (G :ESP S)) (< 24 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (INTEGERP (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (INTEGERP (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (NOT (ACL2-NUMBERP (G :EBX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2))))) (EQUAL (G :ECX (IY86 (IY86 (S :EIP 48 (S :ESP (+ -4 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) 5 (G :MEM S)) S))) 6) 2)) 4294967295)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-CORRECT-PRECONDITION S))) (EQUAL (IY86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (IETC S (ITERATIVE-CORRECT-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-CORRECT-IY86 ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S))) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (EQUAL (IY86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (IY86 S (ITERATIVE-CORRECT-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-CORRECT-IY86 ...) Rules: ((:COMPOUND-RECOGNIZER N01P-TYPE) (:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION DOUBLE-REWRITE) (:DEFINITION FORCE) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IETC) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION ITERATIVE-CORRECT-CLK) (:DEFINITION ITERATIVE-CORRECT-EFFECTS) (:DEFINITION ITERATIVE-CORRECT-PRECONDITION) (:DEFINITION ITERATIVE-LOOP-EFFECTS) (:DEFINITION ITERATIVE-LOOP-PRECONDITION) (:DEFINITION IW32-CNT) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION NATP) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION REGVAL) (:DEFINITION S*) (:DEFINITION SYNP) (:DEFINITION ~=>) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART =) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART FLOOR) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N01P) (:EXECUTABLE-COUNTERPART N32) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32-TO-I32) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NATP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N01P-BOUND) (:FORWARD-CHAINING N08P-R08) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING NON-NIL-IF-G-NON-NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR SUM-ARITH-LEMMA2) (:REWRITE |(* (if a b c) x)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* a (/ a) b)|) (:REWRITE |(* a (/ a))|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (if a b c))|) (:REWRITE |(* x x)|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ (if a b c) x)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ x (if a b c))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(< (+ (- c) x) y)|) (:REWRITE |(< (if a b c) x)|) (:REWRITE |(< x (/ y)) with (< 0 y)|) (:REWRITE |(equal (if a b c) x)|) (:REWRITE ADDR-EQUAL-X-X) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-OPEN) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ALL-EQUAL-R32-XTR-W32) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-1) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-2) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-3) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE ASSOC-XTR) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE CANCEL-MOD-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE DEFAULT-LESS-THAN-1) (:REWRITE DEFAULT-MOD-RATIO) (:REWRITE DEFAULT-PLUS-1) (:REWRITE DEFAULT-PLUS-2) (:REWRITE DEFAULT-TIMES-1) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE INTEGERP-+-REDUCE-CONSTANT) (:REWRITE ITERATIVE-LOOP-IY86) (:REWRITE IY86-C+) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE LOGXOR-X-X) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N01P-HIDE) (:REWRITE N08P-ALISTP-G-MEM-IETC) (:REWRITE N08P-ALISTP-W32) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE N32+-COMMUTES) (:REWRITE N32-MINUS-N) (:REWRITE N32-OPEN) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE R08-ITERATIVE) (:REWRITE R32-ITERATIVE) (:REWRITE R32-W32*-XTR) (:REWRITE R32-W32-MOD-4) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE REDUCE-RATIONALP-*) (:REWRITE REMOVE-STRICT-INEQUALITIES) (:REWRITE REMOVE-WEAK-INEQUALITIES) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-ITERATIVE) (:REWRITE W32*-XTR-W32*-XTR) (:REWRITE W32-ITERATIVE) (:REWRITE W32-W32*-COMMUTES) (:REWRITE W32-W32-COMMUTES) (:REWRITE XTR-W32) (:REWRITE Y86-GUARD-S-EBP) (:REWRITE Y86-GUARD-S-EBX) (:REWRITE Y86-GUARD-S-ECX) (:REWRITE Y86-GUARD-S-EIP) (:REWRITE Y86-GUARD-S-ESP) (:REWRITE Y86-GUARD-S-F-OF) (:REWRITE Y86-GUARD-S-F-SF) (:REWRITE Y86-GUARD-S-F-ZF) (:REWRITE Y86-GUARD-S-MEM) (:REWRITE ZP-OPEN) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE) (:TYPE-PRESCRIPTION INTEGERP-MOD-1) (:TYPE-PRESCRIPTION ITERATIVE-LOOP-CLK) (:TYPE-PRESCRIPTION ITERATIVE-PROGRAMP) (:TYPE-PRESCRIPTION MOD-NONNEGATIVE) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION N08P-R08) (:TYPE-PRESCRIPTION N32P-ALISTP) (:TYPE-PRESCRIPTION NATP-C+) (:TYPE-PRESCRIPTION NATP-R32) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA1) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Warnings: Disable, Non-rec and Theory Time: 52.75 seconds (prove: 52.42, print: 0.32, other: 0.01) ITERATIVE-CORRECT-IY86 ACL2 !>>(DEFTHM ITERATIVE-CORRECT (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) :HINTS (("Goal" :USE (:INSTANCE ITERATIVE-CORRECT-IY86) :IN-THEORY (E/D (IY86-CONVERSION) (Y86-GUARD ITERATIVE-CORRECT-PRECONDITION ITERATIVE-CORRECT-CLK ITERATIVE-CORRECT-EFFECTS ITERATIVE-CORRECT-IY86 INTENTIONAL-EFFECTSP)))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-CORRECT-PRECONDITION S))) (EQUAL (Y86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (ETC S (ITERATIVE-CORRECT-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> ETC)))))) ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-CORRECT ...): The value of the theory expression '(~=> ETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM ITERATIVE-CORRECT ...): The value of the theory expression '(~=> ETC) does not include the :EXECUTABLE- COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Non-rec] in ( DEFTHM ITERATIVE-CORRECT ...): A :REWRITE rule generated from ITERATIVE-CORRECT will be triggered only by terms containing the non-recursive function symbol ITERATIVE-CORRECT-CLK. Unless this function is disabled, this rule is unlikely ever to be used. [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from ITERATIVE-CORRECT-IY86 via instantiation. We are left with the following subgoal. Goal' (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S)))). By case analysis we reduce the conjecture to Goal'' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (IY86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))). But simplification reduces this to T, using the :rewrite rules ITERATIVE-CORRECT-INTENTIONALP, IY86-CONVERSION and N08P-ALISTP-G-MEM-IY86 and the :type-prescription rules ITERATIVE-CORRECT-PRECONDITION, Y86-GUARD and ~=>. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (ITERATIVE-CORRECT-PRECONDITION S))) (EQUAL (Y86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (ETC S (ITERATIVE-CORRECT-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM ITERATIVE-CORRECT ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions ETC and FORCE we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S))) (~=> (Y86 S (ITERATIVE-CORRECT-CLK S)) (ITERATIVE-CORRECT-EFFECTS S))) (Y86-GUARD S) (ITERATIVE-CORRECT-PRECONDITION S)) (EQUAL (Y86 S (ITERATIVE-CORRECT-CLK S)) (S* (ITERATIVE-CORRECT-EFFECTS S) (Y86 S (ITERATIVE-CORRECT-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM ITERATIVE-CORRECT ...) Rules: ((:DEFINITION ETC) (:DEFINITION FORCE) (:DEFINITION NOT) (:DEFINITION ~=>) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE ITERATIVE-CORRECT-INTENTIONALP) (:REWRITE IY86-CONVERSION) (:REWRITE N08P-ALISTP-G-MEM-IY86) (:TYPE-PRESCRIPTION ITERATIVE-CORRECT-PRECONDITION) (:TYPE-PRESCRIPTION Y86-GUARD) (:TYPE-PRESCRIPTION ~=>)) Warnings: Disable, Non-rec and Theory Time: 0.03 seconds (prove: 0.01, print: 0.00, other: 0.02) ITERATIVE-CORRECT ACL2 !>>(IN-THEORY (DISABLE ITERATIVE-CORRECT-CLK)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4750 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. We export ITERATIVE-CORRECT-EFFECTS, ITERATIVE-CORRECT-PRECONDITION and ITERATIVE-CORRECT-CLK. Summary Form: ( ENCAPSULATE NIL (DEFUN ITERATIVE-CORRECT-CLK ...) ...) Rules: NIL Warnings: Disable, Theory and Non-rec Time: 53.95 seconds (prove: 53.51, print: 0.34, other: 0.09) T ACL2 !>(quote (end of demo 5)) (END OF DEMO 5) ACL2 !>(pe 'rhyp) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >v (ENCAPSULATE ((RKB (S) T) (RKC (S) T) (RKD (S) T) (RHYP (S) T) (RM (S) T) (RTEST (S) T) (RBETA (S) T)) (LOCAL (DEFUN RKB (S) (DECLARE (IGNORE S)) 0)) (LOCAL (DEFUN RKC (S) (DECLARE (IGNORE S)) 0)) (LOCAL (DEFUN RKD (S) (DECLARE (IGNORE S)) 0)) (LOCAL (DEFUN RHYP (S) (DECLARE (IGNORE S)) T)) (LOCAL (DEFUN RM (S) (DECLARE (IGNORE S)) 0)) (LOCAL (DEFUN RTEST (S) (DECLARE (IGNORE S)) T)) (LOCAL (DEFUN RBETA (S) (DECLARE (IGNORE S)) NIL)) (DEFTHM NATP-RKB (NATP (RKB S)) :RULE-CLASSES :TYPE-PRESCRIPTION) (DEFTHM NATP-RKC (NATP (RKC S)) :RULE-CLASSES :TYPE-PRESCRIPTION) (DEFTHM NATP-RKD (NATP (RKD S)) :RULE-CLASSES :TYPE-PRESCRIPTION) (DEFTHM O-P-RM (IMPLIES (AND (Y86-GUARD S) (RHYP S)) (O-P (RM S))) :RULE-CLASSES NIL) (DEFTHM RBASE-CASE (IMPLIES (AND (RTEST S) (Y86-GUARD S) (RHYP S)) (~=> (IY86 S (RKB S)) (RBETA S))) :RULE-CLASSES NIL) (DEFUN RRULE-S-PRIME-WRAPPER (S-PRIME S ARBITRARY-S1) (AND (RHYP S-PRIME) (O< (RM S-PRIME) (RM S)) (IMPLIES (Y86-GUARD ARBITRARY-S1) (~=> (IY86 (S* (RBETA S-PRIME) ARBITRARY-S1) (RKD S)) (RBETA S))))) (DEFTHM RINDUCTION-STEP (IMPLIES (AND (NOT (RTEST S)) (Y86-GUARD S) (RHYP S)) (RRULE-S-PRIME-WRAPPER (IY86 S (RKC S)) S ARBITRARY-S1)) :RULE-CLASSES NIL)) ACL2 !>(pe 'rclk) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L (DEFUN RCLK (S) (DECLARE (XARGS :MEASURE (IF (AND (Y86-GUARD S) (RHYP S)) (RM S) 0) :HINTS (("Goal" :USE ((:INSTANCE O-P-RM) (:INSTANCE RINDUCTION-STEP (ARBITRARY-S1 (IY86 S (RKC S))))))))) (IF (AND (Y86-GUARD S) (RHYP S)) (IF (RTEST S) (RKB S) (C+ (RKC S) (C+ (RCLK (IY86 S (RKC S))) (RKD S)))) 0)) ACL2 !>(pe 'rrule) d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ > (DEFTHM RRULE (IMPLIES (AND (Y86-GUARD S) (RHYP S)) (~=> (IY86 S (RCLK S)) (RBETA S))) :HINTS (("Goal" :IN-THEORY (E/D (~=>) (Y86-GUARD))) ("Subgoal *1/1''" :USE (:INSTANCE RBASE-CASE)) ("Subgoal *1/3'''" :USE (:INSTANCE RINDUCTION-STEP)) ("Subgoal *1/4''" :USE (:INSTANCE RINDUCTION-STEP (ARBITRARY-S1 (IY86 (IY86 S (RKC S)) (RCLK (IY86 S (RKC S))))))))) ACL2 !>(defthm-code-rec recursive (and ; (y86-guard s) -- implicit (equal (r08 (g :eip s) (g :mem s)) 128) ; call of RECURSIVE (equal (r32 (+ 1 (g :eip s)) (g :mem s)) *recursive*) (< (+ (g :eip s) 5) *prog-hi*) ; (instr entirely in prog space) (recursive-programp (g :mem s)) (<= *stack-lo* (- (g :esp s) ; standard esp invariant EXCEPT: room for (* (+ 1 (g :eax s)) (* 4 7)))) ; 7 words per recursive call (<= (g :esp s) *stack-hi*) (equal (mod (g :esp s) 4) 0) (<= *stack-lo* (g :ebp s)) ; standard ebp invariant (<= (g :ebp s) *stack-hi*) (equal (mod (g :ebp s) 4) 0) (<= (g :esp s) (g :ebp s)) (<= *data-lo* (g :edi s)) ; standard edi invariant (< (g :edi s) *data-hi*) (equal (mod (g :edi s) 4) 0) (< (+ (g :edi s) 100) *data-hi*) ; can write at edi+100 (< (g :eax s) (expt 2 16)) ; input legal ) (effects (:eax (g :eax s)) ; no register is changed (:ebx (g :ebx s)) (:ecx (g :ecx s)) (:edx (g :edx s)) (:esp (g :esp s)) (:ebp (g :ebp s)) (:edi (g :edi s)) (:esi (g :esi s)) (:eip (+ 5 (g :eip s))) ; except pc is advanced over call ; I prove a very strong condition on memory: the program segment, the active ; stack segment, and all of the data segment except %edi+100 are unchanged. ; The correct answer is found in mem[%edi+100]. (:mem (append (xtr *prog-lo* *prog-hi* (g :mem s)) (xtr (g :esp s) *stack-hi* (g :mem s)) (xtr *data-lo* (+ (g :edi s) 100) (g :mem s)) (xtr (+ (g :edi s) 104) *data-hi* (g :mem s)) (list (list (+ 100 (g :edi s)) (/ (* (g :eax s) (+ (g :eax s) 1)) 2)))))) :intentionalp t :rm (g :eax s) :rtest (zp (g :eax s)) :rkb 19 :rkc 13 :rkd 11) To verify that the 19 encapsulated events correctly extend the current theory we will evaluate them. The theory thus constructed is only ephemeral. Encapsulated Events: ACL2 !>>(DEFUN RECURSIVE-PRECONDITION (S) (DECLARE (IGNORABLE S)) (AND (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) *RECURSIVE*) (< (+ (G :EIP S) 5) *PROG-HI*) (RECURSIVE-PROGRAMP (G :MEM S)) (<= *STACK-LO* (- (G :ESP S) (* (+ 1 (G :EAX S)) (* 4 7)))) (<= (G :ESP S) *STACK-HI*) (EQUAL (MOD (G :ESP S) 4) 0) (<= *STACK-LO* (G :EBP S)) (<= (G :EBP S) *STACK-HI*) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= *DATA-LO* (G :EDI S)) (< (G :EDI S) *DATA-HI*) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) *DATA-HI*) (< (G :EAX S) (EXPT 2 16)))) Since RECURSIVE-PRECONDITION is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-PRECONDITION is described by the theorem (OR (EQUAL (RECURSIVE-PRECONDITION S) T) (EQUAL (RECURSIVE-PRECONDITION S) NIL)). Summary Form: ( DEFUN RECURSIVE-PRECONDITION ...) Rules: NIL Time: 0.02 seconds (prove: 0.00, print: 0.00, other: 0.02) RECURSIVE-PRECONDITION ACL2 !>>(DEFUN RECURSIVE-EFFECTS (S) (DECLARE (IGNORABLE S)) (EFFECTS (:EAX (G :EAX S)) (:EBX (G :EBX S)) (:ECX (G :ECX S)) (:EDX (G :EDX S)) (:ESP (G :ESP S)) (:EBP (G :EBP S)) (:EDI (G :EDI S)) (:ESI (G :ESI S)) (:EIP (+ 5 (G :EIP S))) (:MEM (APPEND (XTR *PROG-LO* *PROG-HI* (G :MEM S)) (XTR (G :ESP S) *STACK-HI* (G :MEM S)) (XTR *DATA-LO* (+ (G :EDI S) 100) (G :MEM S)) (XTR (+ (G :EDI S) 104) *DATA-HI* (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (/ (* (G :EAX S) (+ (G :EAX S) 1)) 2))))))) Since RECURSIVE-EFFECTS is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-EFFECTS is described by the theorem (AND (CONSP (RECURSIVE-EFFECTS S)) (TRUE-LISTP (RECURSIVE-EFFECTS S))). We used primitive type reasoning. Summary Form: ( DEFUN RECURSIVE-EFFECTS ...) Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL)) Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) RECURSIVE-EFFECTS ACL2 !>>(DEFUN RECURSIVE-M (S) (DECLARE (IGNORABLE S)) (G :EAX S)) Since RECURSIVE-M is non-recursive, its admission is trivial. We could deduce no constraints on the type of RECURSIVE-M. Summary Form: ( DEFUN RECURSIVE-M ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-M ACL2 !>>(DEFUN RECURSIVE-TEST (S) (DECLARE (IGNORABLE S)) (ZP (G :EAX S))) Since RECURSIVE-TEST is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-TEST is described by the theorem (OR (EQUAL (RECURSIVE-TEST S) T) (EQUAL (RECURSIVE-TEST S) NIL)). We used the :compound-recognizer rule ZP-COMPOUND-RECOGNIZER. Summary Form: ( DEFUN RECURSIVE-TEST ...) Rules: ((:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-TEST ACL2 !>>(DEFUN RECURSIVE-KB (S) (DECLARE (IGNORABLE S)) 19) Since RECURSIVE-KB is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-KB is described by the theorem (AND (INTEGERP (RECURSIVE-KB S)) (< 0 (RECURSIVE-KB S))). Summary Form: ( DEFUN RECURSIVE-KB ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-KB ACL2 !>>(DEFUN RECURSIVE-KC (S) (DECLARE (IGNORABLE S)) 13) Since RECURSIVE-KC is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-KC is described by the theorem (AND (INTEGERP (RECURSIVE-KC S)) (< 0 (RECURSIVE-KC S))). Summary Form: ( DEFUN RECURSIVE-KC ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-KC ACL2 !>>(DEFUN RECURSIVE-KD (S) (DECLARE (IGNORABLE S)) 11) Since RECURSIVE-KD is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-KD is described by the theorem (AND (INTEGERP (RECURSIVE-KD S)) (< 0 (RECURSIVE-KD S))). Summary Form: ( DEFUN RECURSIVE-KD ...) Rules: NIL Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-KD ACL2 !>>(DEFTHM RECURSIVE-NATP-KB (NATP (RECURSIVE-KB S)) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM RECURSIVE-NATP-KB ...): Our heuristics choose (RECURSIVE-KB S) as the :TYPED-TERM. But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rule RECURSIVE-KB. Q.E.D. The storage of RECURSIVE-NATP-KB depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM RECURSIVE-NATP-KB ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:TYPE-PRESCRIPTION RECURSIVE-KB)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-NATP-KB ACL2 !>>(DEFTHM RECURSIVE-NATP-KC (NATP (RECURSIVE-KC S)) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM RECURSIVE-NATP-KC ...): Our heuristics choose (RECURSIVE-KC S) as the :TYPED-TERM. But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rule RECURSIVE-KC. Q.E.D. The storage of RECURSIVE-NATP-KC depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM RECURSIVE-NATP-KC ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:TYPE-PRESCRIPTION RECURSIVE-KC)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-NATP-KC ACL2 !>>(DEFTHM RECURSIVE-NATP-KD (NATP (RECURSIVE-KD S)) :RULE-CLASSES :TYPE-PRESCRIPTION) ACL2 Observation in ( DEFTHM RECURSIVE-NATP-KD ...): Our heuristics choose (RECURSIVE-KD S) as the :TYPED-TERM. But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rule RECURSIVE-KD. Q.E.D. The storage of RECURSIVE-NATP-KD depends upon the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER. Summary Form: ( DEFTHM RECURSIVE-NATP-KD ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:TYPE-PRESCRIPTION RECURSIVE-KD)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-NATP-KD ACL2 !>>(DEFTHM RECURSIVE-O-P-M (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))) :RULE-CLASSES NIL) By the simple :definitions RECURSIVE-M and RECURSIVE-PRECONDITION and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ (G :EIP S) 5) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) (- (* (+ 1 (G :EAX S)) 28)))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (O-P (G :EAX S))). But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions O-FINP, O-P and SYNP, the :executable-counterparts of BINARY-* and UNARY--, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* y x)|, |(+ 0 x)|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, |(- (+ x y))|, |(< (- x) c)|, BUBBLE-DOWN-+-MATCH-3, NORMALIZE-ADDENDS and PREFER-POSITIVE-ADDENDS-< and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM RECURSIVE-O-P-M ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION O-FINP) (:DEFINITION O-P) (:DEFINITION RECURSIVE-M) (:DEFINITION RECURSIVE-PRECONDITION) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART UNARY--) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* y x)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE |(- (+ x y))|) (:REWRITE |(< (- x) c)|) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE PREFER-POSITIVE-ADDENDS-<) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.21 seconds (prove: 0.20, print: 0.00, other: 0.00) RECURSIVE-O-P-M ACL2 !>>(DEFTHM RECURSIVE-BASE-CASE (IMPLIES (AND (RECURSIVE-TEST S) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-KB S)) (RECURSIVE-EFFECTS S))) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES NIL) By the simple :definitions RECURSIVE-KB, RECURSIVE-PRECONDITION and RECURSIVE-TEST and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (ZP (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ (G :EIP S) 5) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) (- (* (+ 1 (G :EAX S)) 28)))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (~=> (IY86 S 19) (RECURSIVE-EFFECTS S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and ZP-COMPOUND-RECOGNIZER, the :executable-counterparts of <, BINARY-*, BINARY-+, NOT, UNARY-- and ZP, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD, to Goal'' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ (G :EIP S) 5) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) -28)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000)) (~=> (IY86 S 19) (RECURSIVE-EFFECTS S))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, MV-NTH, N32+, RECURSIVE-EFFECTS and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, BITS-04, CONS, EQL, EQUAL, EXPT, UNARY-- and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ c (+ d x))|, |(+ x (if a b c))|, |(+ y (+ x z))|, |(+ y x)|, CAR-CONS, CDR-CONS, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N32+-COMMUTES, N32-MINUS-N and S-DIFF-S and the :type-prescription rule Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ 5 (G :EIP S)) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -28 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EIP S) 4294967295)) (~=> (IY86 (IW32-CNT (S :EIP 112 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 18) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, IW32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, N32+, NATP, OP2-WITH-HIDING, REGVAL and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, MV-NTH, N32, N32+, NAT-TO-BOOLEAN, NUMR, OP2-WITH-HIDING, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/, UNHIDE, XOR and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, R08-RECURSIVE, R32-RECURSIVE, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, W32-RECURSIVE and W32-W32-COMMUTES and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, N08P-ALISTP, RECURSIVE-PROGRAMP and Y86-GUARD, to Subgoal 2' (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50028 (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EIP S) 4294967295)) (~=> (S :EAX 0 (S :EBP (G :EBP S) (S :EBX (G :EBX S) (S :ECX (G :ECX S) (S :EDX (G :EDX S) (S :EIP (+ 5 (G :EIP S)) (S :ESP (G :ESP S) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) 0 (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ 100 (G :EDI S)) 0 (G :MEM S)))))))) (S :F-OF 0 (S :F-SF 0 (S :F-ZF 1 S))))))))))) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NATP, NON-NIL-KEYS, NOT and SYNP, the :executable- counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY--, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* a (/ a))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (+ (- c) x) y)|, |(< x (/ y)) with (< 0 y)|, ADDR-EQUAL-X-X, ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, ASSOC-IS-ASSOC-EQUAL, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-2, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, XTR and Y86-GUARD. Subgoal 1 (IMPLIES (AND (EQUAL (G :EAX S) 0) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ 5 (G :EIP S)) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ -28 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (<= 4294967295 (G :EIP S))) (~=> (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 18) (LIST '(:EAX 0) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (CONS (+ 100 (G :EDI S)) '(0)))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM RECURSIVE-BASE-CASE ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:COMPOUND-RECOGNIZER ZP-COMPOUND-RECOGNIZER) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION IW32-CNT) (:DEFINITION JUMP-P-WITH-UNHIDING) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION NATP) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION RECURSIVE-EFFECTS) (:DEFINITION RECURSIVE-KB) (:DEFINITION RECURSIVE-PRECONDITION) (:DEFINITION RECURSIVE-TEST) (:DEFINITION REGVAL) (:DEFINITION SYNP) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART MV-NTH) (:EXECUTABLE-COUNTERPART N32) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NAT-TO-BOOLEAN) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART OP2-WITH-HIDING) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNHIDE) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART XOR) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:REWRITE |(* a (/ a))|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ x (if a b c))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(< (+ (- c) x) y)|) (:REWRITE |(< x (/ y)) with (< 0 y)|) (:REWRITE ADDR-EQUAL-X-X) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-OPEN) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ALL-EQUAL-R32-XTR-W32) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-EQUAL-2) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE CANCEL-MOD-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE LOGXOR-X-X) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N08P-ALISTP-W32) (:REWRITE N32+-COMMUTES) (:REWRITE N32-MINUS-N) (:REWRITE N32-OPEN) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE R08-RECURSIVE) (:REWRITE R32-RECURSIVE) (:REWRITE R32-W32-MOD-4) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE SUFF-N32P) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32-RECURSIVE) (:REWRITE W32-W32-COMMUTES) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION RECURSIVE-PROGRAMP) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 18.28 seconds (prove: 18.26, print: 0.02, other: 0.00) RECURSIVE-BASE-CASE ACL2 !>>(DEFUN RECURSIVE-WRAPPER (S-PRIME S ARBITRARY-S1) (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (IMPLIES (Y86-GUARD ARBITRARY-S1) (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S))))) Since RECURSIVE-WRAPPER is non-recursive, its admission is trivial. We observe that the type of RECURSIVE-WRAPPER is described by the theorem (OR (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) T) (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) NIL)). We used the :type-prescription rule ~=>. Summary Form: ( DEFUN RECURSIVE-WRAPPER ...) Rules: ((:TYPE-PRESCRIPTION ~=>)) Time: 0.00 seconds (prove: 0.00, print: 0.00, other: 0.00) RECURSIVE-WRAPPER ACL2 !>>(DEFTHM RECURSIVE-WRAPPER-OPENER (IMPLIES (SYNTAXP (NOT (CONTAINS-A-BAD-FNP S-PRIME))) (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (IMPLIES (Y86-GUARD ARBITRARY-S1) (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)))))) :HINTS (("Goal" :IN-THEORY (DISABLE RECURSIVE-PRECONDITION RECURSIVE-M RECURSIVE-EFFECTS RECURSIVE-KD)))) ACL2 Warning [Non-rec] in ( DEFTHM RECURSIVE-WRAPPER-OPENER ...): A :REWRITE rule generated from RECURSIVE-WRAPPER-OPENER will be triggered only by terms containing the non-recursive function symbol RECURSIVE-WRAPPER. Unless this function is disabled, this rule is unlikely ever to be used. [Note: A hint was supplied for our processing of the goal above. Thanks!] By the :executable-counterpart of SYNP we reduce the conjecture to Goal' (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (OR (NOT (Y86-GUARD ARBITRARY-S1)) (AND (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)) T)))). But simplification reduces this to T, using the :definition RECURSIVE-WRAPPER, primitive type reasoning and the :type-prescription rule ~=>. Q.E.D. Summary Form: ( DEFTHM RECURSIVE-WRAPPER-OPENER ...) Rules: ((:DEFINITION RECURSIVE-WRAPPER) (:EXECUTABLE-COUNTERPART SYNP) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:TYPE-PRESCRIPTION ~=>)) Warnings: Non-rec Time: 0.04 seconds (prove: 0.03, print: 0.00, other: 0.01) RECURSIVE-WRAPPER-OPENER ACL2 !>>(IN-THEORY (DISABLE RECURSIVE-WRAPPER)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4777 ACL2 !>>(DEFTHM RECURSIVE-INDUCTION-STEP (IMPLIES (AND (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S ARBITRARY-S1)) :HINTS ((PRIORITY-PHASED-SIMPLIFICATION WORLD STABLE-UNDER-SIMPLIFICATIONP 0)) :RULE-CLASSES NIL) By the simple :definitions RECURSIVE-KC, RECURSIVE-PRECONDITION and RECURSIVE-TEST and the :executable-counterpart of EXPT we reduce the conjecture to Goal' (IMPLIES (AND (NOT (ZP (G :EAX S))) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ (G :EIP S) 5) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= 50000 (+ (G :ESP S) (- (* (+ 1 (G :EAX S)) 28)))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ (G :EDI S) 100) 105000) (< (G :EAX S) 65536)) (RECURSIVE-WRAPPER (IY86 S 13) S ARBITRARY-S1)). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR32-CNT, MV-NTH, N32+, NOT and SYNP, the :executable-counterparts of <, BINARY-*, BINARY-+, BITS-04, EQL, EQUAL, EXPT, UNARY-- and ZP, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* x (+ y z))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ x (if a b c))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, |(- (+ x y))|, |(< (- x) c)|, BUBBLE-DOWN-+-MATCH-3, CAR-CONS, CDR-CONS, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N32+-COMMUTES, N32-MINUS-N, NORMALIZE-ADDENDS, PREFER-POSITIVE-ADDENDS-<, S-DIFF-S and ZP-OPEN and the :type-prescription rule Y86-GUARD, to the following two conjectures. Subgoal 2 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ 5 (G :EIP S)) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 28 (* 28 (G :EAX S))) (+ -50000 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (RECURSIVE-WRAPPER (IY86 (IW32-CNT (S :EIP 112 (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ 5 (G :EIP S)))) 12) S ARBITRARY-S1)). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IW32-CNT and SYNP, the :executable- counterparts of <, BINARY-+, EXPT and UNARY--, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, G-DIFF-S, N32-MINUS-N, REDUCE-ADDITIVE-CONSTANT-< and S-DIFF-S and the :type-prescription rule Y86-GUARD, to Subgoal 2' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (RECURSIVE-WRAPPER (IY86 (S :EIP 112 (S :ESP (N32 (+ -4 (G :ESP S))) (S :MEM (W32 (N32 (+ -4 (G :ESP S))) (+ 5 (G :EIP S)) (G :MEM S)) S))) 12) S ARBITRARY-S1)). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, IW32-CNT, JUMP-P-WITH-UNHIDING, MV-NTH, N32+, NATP, NOT, OP2-WITH-HIDING, REGVAL, SYNP and XOR, the :executable-counterparts of BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, N32, N32+, NOT, NUMR, R08, R32, RA, RB and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ (+ x y) z)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, LOGXOR-X-X, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-0, N32+-COMMUTES, N32-OPEN, R08-RECURSIVE, R32-RECURSIVE, S-DIFF-S, S-SAME-S, UNHIDE-NAT-TO-BOOLEAN-HIDE, W32-RECURSIVE and W32-W32-COMMUTES and the :type-prescription rules N08P-ALISTP, RECURSIVE-PROGRAMP and Y86-GUARD, to the following four conjectures. Subgoal 2.4 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (NOT (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 144 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). By the simple :definition = we reduce the conjecture to Subgoal 2.4' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (NOT (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (NOT (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 144 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rule N32-TO-I32-OPEN and the :type- prescription rule Y86-GUARD. Subgoal 2.3 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 144 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). By the simple :definition = we reduce the conjecture to Subgoal 2.3' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 144 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, NOT, O-FINP, O<, OP2-WITH-HIDING, RECURSIVE-EFFECTS, RECURSIVE-KD, RECURSIVE-M, RECURSIVE-PRECONDITION, REGVAL, S*, SYNP and W32*, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CDR, CONS, CONSP, EQL, EQUAL, EXPT, INTEGERP, N32+, N32-TO-I32, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward- chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(* -1 x)|, |(* 1 x)|, |(* x (+ y z))|, |(* x (- y))|, |(* x x)|, |(* y x)|, |(+ (+ x y) z)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(- (* c x))|, |(- (+ x y))|, |(< (- x) c)|, BUBBLE-DOWN-*-MATCH-1, BUBBLE-DOWN-+-MATCH-1, BUBBLE-DOWN-+-MATCH-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, N32-TO-I32-OPEN, NORMALIZE-ADDENDS, NORMALIZE-FACTORS-GATHER-EXPONENTS, PREFER-POSITIVE-ADDENDS-<, R08-RECURSIVE, R32-RECURSIVE, RECURSIVE-WRAPPER-OPENER, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SIMPLIFY-SUMS-<, SUFF-N32P, W32*-APPEND, W32-RECURSIVE, W32-W32-COMMUTES and XTR-W32 and the :type-prescription rules MOD-ZERO, N08P-ALISTP, RECURSIVE-PROGRAMP and Y86-GUARD, to the following seven conjectures. Subgoal 2.3.7 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= (+ 28 (* 28 (G :EAX S))) (+ -50000 (G :ESP S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.6 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= (+ -8 (G :ESP S)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.5 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= (+ -28 (G :ESP S)) 100000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.4 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (<= 50000 (+ -8 (G :ESP S)))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.3 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (< (+ -1 (G :EAX S)) 65536)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, the :forward-chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.2 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295)) (< (+ 100 (G :EDI S)) 105000)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.1 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1)) (~=> (IY86 (S :EAX (+ -1 (G :EAX S)) (S :EBP (+ -8 (G :ESP S)) (S :EBX 4294967295 (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 159 (S :ESI (G :ESI S) (S :ESP (+ -28 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) ARBITRARY-S1)))))))))) 11) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, IW32-CNT, MV-NTH, N32+, NATP, OP2-WITH-HIDING, REGVAL and SYNP, the :executable- counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, N32+, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (* c x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, ASSOC-IS-ASSOC-EQUAL, ASSOC-XTR, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, BUBBLE-DOWN-+-MATCH-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, MV-NTH-2-IS-CADDR, MV-NTH-3-IS-CADDDR, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, N32P-DOUBLETSP-XTR, NORMALIZE-ADDENDS, R08-RECURSIVE, R32-RECURSIVE, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, S-DIFF-S, S-SAME-S, SUFF-N32P, W32*-XTR-RECURSIVE, W32*-XTR-W32*-XTR, W32-W32*-COMMUTES and W32-W32-SAME and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, RECURSIVE-PROGRAMP, SUM-ARITH-LEMMA1, SUM-ARITH-LEMMA3 and Y86-GUARD, to the following two conjectures. Subgoal 2.3.1.2 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (< (G :ESP S) 24)) (~=> (IY86 (S :EDX (CADR (LET ((MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (ISA-ST (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1)))))))))))))) (ADDRESS (+ 4294967272 (G :ESP S)))) (LET ((VAL (R32 ADDRESS MEM))) (LIST ISA-ST VAL)))) (S :EIP 181 (CAR (LET ((MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (ISA-ST (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1)))))))))))))) (ADDRESS (+ 4294967272 (G :ESP S)))) (LET ((VAL (R32 ADDRESS MEM))) (LIST ISA-ST VAL)))))) 6) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). By the simple :rewrite rules CAR-CONS and CDR-CONS we reduce the conjecture to Subgoal 2.3.1.2' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (< (G :ESP S) 24)) (~=> (IY86 (S :EDX (R32 (+ 4294967272 (G :ESP S)) (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (S :EIP 181 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1))))))))))))))) 6) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Subgoal 2.3.1.1 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (<= 24 (G :ESP S))) (~=> (IY86 (S :EDX (CADR (LET ((MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (ISA-ST (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1)))))))))))))) (ADDRESS (+ -24 (G :ESP S)))) (LET ((VAL (R32 ADDRESS MEM))) (LIST ISA-ST VAL)))) (S :EIP 181 (CAR (LET ((MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (ISA-ST (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1)))))))))))))) (ADDRESS (+ -24 (G :ESP S)))) (LET ((VAL (R32 ADDRESS MEM))) (LIST ISA-ST VAL)))))) 6) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). By the simple :rewrite rules CAR-CONS and CDR-CONS we reduce the conjecture to Subgoal 2.3.1.1' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (<= 24 (G :ESP S))) (~=> (IY86 (S :EDX (R32 (+ -24 (G :ESP S)) (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1))))))) (S :EIP 181 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP 175 (S :ESI (G :ESI S) (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1))))))))))))))) 6) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). This simplifies, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions IR08-CNT, IR32-CNT, MV-NTH, N32+, NATP, REGVAL and SYNP, the :executable-counterparts of <, ACL2-NUMBERP, BINARY-*, BINARY-+, BITS-04, CAR, CONS, EQL, EQUAL, EXPT, INTEGERP, N32+, N32P, NUMR, R08, R32, RA, RATIONALP, RB, UNARY--, UNARY-/ and ZP, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)|, |(+ c (+ d x))|, |(+ y (+ x z))|, |(+ y x)|, ADDR-EQUAL-X-X, BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, IY86-NAT, IY86-STEP-OPENER, MV-NTH-1-IS-CADR, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32+-COMMUTES, N32-MINUS-N, N32-OPEN, R08-RECURSIVE, R32-RECURSIVE, R32-W32*-XTR, R32-W32-MOD-4, S-DIFF-S, S-SAME-S, SUFF-N32P and W32*-XTR-RECURSIVE and the :type- prescription rules MOD-ZERO, N08P-ALISTP, RECURSIVE-PROGRAMP and Y86-GUARD, to Subgoal 2.3.1.1'' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (Y86-GUARD ARBITRARY-S1) (<= 24 (G :ESP S))) (~=> (S :EAX (G :EAX S) (S :EBP (G :EBP S) (S :EBX (G :EBX S) (S :ECX (G :ECX S) (S :EDI (G :EDI S) (S :EDX (G :EDX S) (S :EIP (+ 5 (G :EIP S)) (S :ESI (G :ESI S) (S :ESP (G :ESP S) (S :MEM (W32* (XTR 0 50000 (G :MEM S)) (W32* (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (W32* (XTR (+ -28 (G :ESP S)) 100000 (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (W32 (+ -28 (G :ESP S)) (G :EAX S) (G :MEM S))))))))) (W32* (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (W32 (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))) (G :MEM ARBITRARY-S1)))))) (S :F-OF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRB (+ (* -1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))) (CRA (G :EAX S))) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2))))) (IF (= RESULT 0) 1 0))) ARBITRARY-S1))))))))))))) (LIST (LIST :EAX (G :EAX S)) (LIST :EBX (G :EBX S)) (LIST :ECX (G :ECX S)) (LIST :EDX (G :EDX S)) (LIST :ESP (G :ESP S)) (LIST :EBP (G :EBP S)) (LIST :EDI (G :EDI S)) (LIST :ESI (G :ESI S)) (LIST :EIP (+ 5 (G :EIP S))) (LIST :MEM (APPEND (XTR 0 50000 (G :MEM S)) (XTR (G :ESP S) 100000 (G :MEM S)) (XTR 100000 (+ 100 (G :EDI S)) (G :MEM S)) (XTR (+ 104 (G :EDI S)) 105000 (G :MEM S)) (LIST (LIST (+ 100 (G :EDI S)) (+ (* 1/2 (G :EAX S)) (* 1/2 (EXPT (G :EAX S) 2)))))))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] But simplification reduces this to T, using the :compound-recognizer rules N32P-TYPE and NATP-COMPOUND-RECOGNIZER, the :definitions ASSOC-EQUAL, GOOD-MEM-LISTP, NATP, NON-NIL-KEYS, NOT and SYNP, the :executable- counterparts of <, ACL2-NUMBERP, ASSOC, ASSOC-EQUAL, BINARY-*, BINARY-+, CONSP, EQUAL, EXPT, INTEGERP, N32P, N32P-DOUBLETSP, NON-NIL-KEYS, NOT, RATIONALP, UNARY--, UNARY-/ and UNIQUE-KEYS, linear arithmetic, primitive type reasoning, the :forward-chaining rules N32P-BOUND and Y86-GUARD-IMPLICATIONS, the :linear rule SUM-ARITH-LEMMA2, the :rewrite rules |(* a (/ a))|, |(* y x)|, |(+ 0 x)|, |(+ c (+ d x))|, |(+ x (- x))|, |(+ y (+ x z))|, |(+ y x)|, |(< (+ (- c) x) y)|, |(< x (/ y)) with (< 0 y)|, ADDR-EQUAL-X-X, ALL-EQUAL-R32-APPEND, ALL-EQUAL-R32-OPEN, ALL-EQUAL-R32-XTR-SAME, ALL-EQUAL-R32-XTR-W32, ALL-EQUAL-R32-XTR-W32*-CASE-1, ALL-EQUAL-R32-XTR-W32*-CASE-2, ALL-EQUAL-R32-XTR-W32*-CASE-3, ASSOC-IS-ASSOC-EQUAL, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2, BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3, BUBBLE-DOWN-+-MATCH-1, CANCEL-MOD-+, CAR-CONS, CDR-CONS, G-DIFF-S, G-SAME-S, N08P-ALISTP-W32, N08P-ALISTP-W32*-XTR, N32P-DOUBLETSP-APPEND, N32P-DOUBLETSP-IMPLIES-ALISTP, N32P-DOUBLETSP-OPEN, N32P-DOUBLETSP-XTR, NO-COMMON-KEYS-APPEND, NO-COMMON-KEYS-NIL, NO-COMMON-KEYS-XTR-CONS, NO-COMMON-KEYS-XTR-XTR, NORMALIZE-ADDENDS, R32-W32*-XTR, R32-W32-MOD-4, REDUCE-ADDITIVE-CONSTANT-<, SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<, SIMPLIFY-SUMS-<, SUFF-N32P, UNIQUE-KEYS-APPEND, UNIQUE-KEYS-OPEN, UNIQUE-KEYS-XTR, ~=>-CONS-MEM, ~=>-CONS-NON-MEM and ~=>-NIL and the :type-prescription rules EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE, EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE, EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE, MOD-ZERO, N08P-ALISTP, SUM-ARITH-LEMMA1, XTR and Y86-GUARD. Subgoal 2.2 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (NOT (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 133 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). By the simple :definition = we reduce the conjecture to Subgoal 2.2' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0) (NOT (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0))) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 133 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of EQUAL, EXPT and N32-TO-I32, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rules |(+ 0 x)| and N32-TO-I32-OPEN and the :type-prescription rule Y86-GUARD. Subgoal 2.1 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (NOT (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 133 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). By the simple :definition = we reduce the conjecture to Subgoal 2.1' (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (G :EIP S) 49995) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 50028 (* 28 (G :EAX S))) (G :ESP S)) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (G :EDI S) 104900) (< (G :EAX S) 65536) (< (G :EIP S) 4294967295) (NOT (EQUAL (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0)) 0)) (EQUAL (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (EQUAL (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1)) 0)) (RECURSIVE-WRAPPER (IY86 (S :EAX (G :EAX S) (S :EBP (+ -8 (G :ESP S)) (S :EBX 0 (S :EIP 133 (S :ESP (+ -24 (G :ESP S)) (S :MEM (W32 (+ -4 (G :ESP S)) (+ 5 (G :EIP S)) (W32 (+ -8 (G :ESP S)) (G :EBP S) (W32 (+ -12 (G :ESP S)) (G :EAX S) (W32 (+ -16 (G :ESP S)) (G :EBX S) (W32 (+ -20 (G :ESP S)) (G :ECX S) (W32 (+ -24 (G :ESP S)) (G :EDX S) (G :MEM S))))))) (S :F-OF (HIDE (LET ((RESULT (G :EAX S)) (CRB (G :EAX S)) (CRA 0)) (IF (= (N32-TO-I32 RESULT) (+ (N32-TO-I32 CRA) (N32-TO-I32 CRB))) 0 1))) (S :F-SF (HIDE (LET ((RESULT (G :EAX S))) (IF (< (N32-TO-I32 RESULT) 0) 1 0))) (S :F-ZF (HIDE (LET ((RESULT (G :EAX S))) (IF (= RESULT 0) 1 0))) S))))))))) 3) S ARBITRARY-S1)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, the :executable-counterparts of EQUAL and EXPT, linear arithmetic, primitive type reasoning, the :forward-chaining rule Y86-GUARD-IMPLICATIONS, the :rewrite rule N32-TO-I32-OPEN and the :type- prescription rule Y86-GUARD. Subgoal 1 (IMPLIES (AND (< 0 (G :EAX S)) (Y86-GUARD S) (EQUAL (R08 (G :EIP S) (G :MEM S)) 128) (EQUAL (R32 (+ 1 (G :EIP S)) (G :MEM S)) 112) (< (+ 5 (G :EIP S)) 50000) (RECURSIVE-PROGRAMP (G :MEM S)) (<= (+ 28 (* 28 (G :EAX S))) (+ -50000 (G :ESP S))) (<= (G :ESP S) 100000) (EQUAL (MOD (G :ESP S) 4) 0) (<= 50000 (G :EBP S)) (<= (G :EBP S) 100000) (EQUAL (MOD (G :EBP S) 4) 0) (<= (G :ESP S) (G :EBP S)) (<= 100000 (G :EDI S)) (< (G :EDI S) 105000) (EQUAL (MOD (G :EDI S) 4) 0) (< (+ 100 (G :EDI S)) 105000) (< (G :EAX S) 65536) (<= 4294967295 (G :EIP S))) (RECURSIVE-WRAPPER (IY86 (IW32-CNT (S :EIP (R32 (+ -4294967295 (G :EIP S)) (G :MEM S)) (S :ESP (N32 (+ -4 (G :ESP S))) S)) (N32 (+ -4 (G :ESP S))) (N32 (+ -4294967291 (G :EIP S)))) 12) S ARBITRARY-S1)). But simplification reduces this to T, using the :compound-recognizer rule N32P-TYPE, linear arithmetic, primitive type reasoning, the :forward- chaining rule Y86-GUARD-IMPLICATIONS and the :type-prescription rule Y86-GUARD. Q.E.D. Summary Form: ( DEFTHM RECURSIVE-INDUCTION-STEP ...) Rules: ((:COMPOUND-RECOGNIZER N32P-TYPE) (:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION =) (:DEFINITION ASSOC-EQUAL) (:DEFINITION GOOD-MEM-LISTP) (:DEFINITION IR08-CNT) (:DEFINITION IR32-CNT) (:DEFINITION IW32-CNT) (:DEFINITION JUMP-P-WITH-UNHIDING) (:DEFINITION MV-NTH) (:DEFINITION N32+) (:DEFINITION NATP) (:DEFINITION NON-NIL-KEYS) (:DEFINITION NOT) (:DEFINITION O-FINP) (:DEFINITION O<) (:DEFINITION OP2-WITH-HIDING) (:DEFINITION RECURSIVE-EFFECTS) (:DEFINITION RECURSIVE-KC) (:DEFINITION RECURSIVE-KD) (:DEFINITION RECURSIVE-M) (:DEFINITION RECURSIVE-PRECONDITION) (:DEFINITION RECURSIVE-TEST) (:DEFINITION REGVAL) (:DEFINITION S*) (:DEFINITION SYNP) (:DEFINITION W32*) (:DEFINITION XOR) (:EXECUTABLE-COUNTERPART <) (:EXECUTABLE-COUNTERPART ACL2-NUMBERP) (:EXECUTABLE-COUNTERPART ASSOC) (:EXECUTABLE-COUNTERPART ASSOC-EQUAL) (:EXECUTABLE-COUNTERPART BINARY-*) (:EXECUTABLE-COUNTERPART BINARY-+) (:EXECUTABLE-COUNTERPART BITS-04) (:EXECUTABLE-COUNTERPART CAR) (:EXECUTABLE-COUNTERPART CDR) (:EXECUTABLE-COUNTERPART CONS) (:EXECUTABLE-COUNTERPART CONSP) (:EXECUTABLE-COUNTERPART EQL) (:EXECUTABLE-COUNTERPART EQUAL) (:EXECUTABLE-COUNTERPART EXPT) (:EXECUTABLE-COUNTERPART INTEGERP) (:EXECUTABLE-COUNTERPART N32) (:EXECUTABLE-COUNTERPART N32+) (:EXECUTABLE-COUNTERPART N32-TO-I32) (:EXECUTABLE-COUNTERPART N32P) (:EXECUTABLE-COUNTERPART N32P-DOUBLETSP) (:EXECUTABLE-COUNTERPART NON-NIL-KEYS) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART NUMR) (:EXECUTABLE-COUNTERPART R08) (:EXECUTABLE-COUNTERPART R32) (:EXECUTABLE-COUNTERPART RA) (:EXECUTABLE-COUNTERPART RATIONALP) (:EXECUTABLE-COUNTERPART RB) (:EXECUTABLE-COUNTERPART UNARY--) (:EXECUTABLE-COUNTERPART UNARY-/) (:EXECUTABLE-COUNTERPART UNIQUE-KEYS) (:EXECUTABLE-COUNTERPART ZP) (:FAKE-RUNE-FOR-LINEAR NIL) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:FORWARD-CHAINING N32P-BOUND) (:FORWARD-CHAINING Y86-GUARD-IMPLICATIONS) (:LINEAR SUM-ARITH-LEMMA2) (:REWRITE |(* -1 x)|) (:REWRITE |(* 1 x)|) (:REWRITE |(* a (/ a))|) (:REWRITE |(* x (+ y z))|) (:REWRITE |(* x (- y))|) (:REWRITE |(* x x)|) (:REWRITE |(* y x)|) (:REWRITE |(+ (+ x y) z)|) (:REWRITE |(+ 0 x)|) (:REWRITE |(+ c (+ d x))|) (:REWRITE |(+ x (* c x))|) (:REWRITE |(+ x (- x))|) (:REWRITE |(+ x (if a b c))|) (:REWRITE |(+ y (+ x z))|) (:REWRITE |(+ y x)|) (:REWRITE |(- (* c x))|) (:REWRITE |(- (+ x y))|) (:REWRITE |(< (+ (- c) x) y)|) (:REWRITE |(< (- x) c)|) (:REWRITE |(< x (/ y)) with (< 0 y)|) (:REWRITE ADDR-EQUAL-X-X) (:REWRITE ALL-EQUAL-R32-APPEND) (:REWRITE ALL-EQUAL-R32-OPEN) (:REWRITE ALL-EQUAL-R32-XTR-SAME) (:REWRITE ALL-EQUAL-R32-XTR-W32) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-1) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-2) (:REWRITE ALL-EQUAL-R32-XTR-W32*-CASE-3) (:REWRITE ASSOC-IS-ASSOC-EQUAL) (:REWRITE ASSOC-XTR) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-EQUAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-1) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-2) (:REWRITE BACKCHAIN-TO-LINEAR-ADDR-IN-INTERVAL-3) (:REWRITE BUBBLE-DOWN-*-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-1) (:REWRITE BUBBLE-DOWN-+-MATCH-3) (:REWRITE CANCEL-MOD-+) (:REWRITE CAR-CONS) (:REWRITE CDR-CONS) (:REWRITE G-DIFF-S) (:REWRITE G-SAME-S) (:REWRITE IY86-NAT) (:REWRITE IY86-STEP-OPENER) (:REWRITE LOGXOR-X-X) (:REWRITE MV-NTH-1-IS-CADR) (:REWRITE MV-NTH-2-IS-CADDR) (:REWRITE MV-NTH-3-IS-CADDDR) (:REWRITE N08P-ALISTP-W32) (:REWRITE N08P-ALISTP-W32*-XTR) (:REWRITE N32+-0) (:REWRITE N32+-COMMUTES) (:REWRITE N32-MINUS-N) (:REWRITE N32-OPEN) (:REWRITE N32-TO-I32-OPEN) (:REWRITE N32P-DOUBLETSP-APPEND) (:REWRITE N32P-DOUBLETSP-IMPLIES-ALISTP) (:REWRITE N32P-DOUBLETSP-OPEN) (:REWRITE N32P-DOUBLETSP-XTR) (:REWRITE NO-COMMON-KEYS-APPEND) (:REWRITE NO-COMMON-KEYS-NIL) (:REWRITE NO-COMMON-KEYS-XTR-CONS) (:REWRITE NO-COMMON-KEYS-XTR-XTR) (:REWRITE NORMALIZE-ADDENDS) (:REWRITE NORMALIZE-FACTORS-GATHER-EXPONENTS) (:REWRITE PREFER-POSITIVE-ADDENDS-<) (:REWRITE R08-RECURSIVE) (:REWRITE R32-RECURSIVE) (:REWRITE R32-W32*-XTR) (:REWRITE R32-W32-MOD-4) (:REWRITE RECURSIVE-WRAPPER-OPENER) (:REWRITE REDUCE-ADDITIVE-CONSTANT-<) (:REWRITE S-DIFF-S) (:REWRITE S-SAME-S) (:REWRITE SIMPLIFY-PRODUCTS-GATHER-EXPONENTS-<) (:REWRITE SIMPLIFY-SUMS-<) (:REWRITE SUFF-N32P) (:REWRITE UNHIDE-NAT-TO-BOOLEAN-HIDE) (:REWRITE UNIQUE-KEYS-APPEND) (:REWRITE UNIQUE-KEYS-OPEN) (:REWRITE UNIQUE-KEYS-XTR) (:REWRITE W32*-APPEND) (:REWRITE W32*-XTR-RECURSIVE) (:REWRITE W32*-XTR-W32*-XTR) (:REWRITE W32-RECURSIVE) (:REWRITE W32-W32*-COMMUTES) (:REWRITE W32-W32-COMMUTES) (:REWRITE W32-W32-SAME) (:REWRITE XTR-W32) (:REWRITE ZP-OPEN) (:REWRITE ~=>-CONS-MEM) (:REWRITE ~=>-CONS-NON-MEM) (:REWRITE ~=>-NIL) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-INTEGERP-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-NONNEGATIVE-BASE) (:TYPE-PRESCRIPTION EXPT-TYPE-PRESCRIPTION-POSITIVE-BASE) (:TYPE-PRESCRIPTION MOD-ZERO . 1) (:TYPE-PRESCRIPTION MOD-ZERO . 2) (:TYPE-PRESCRIPTION N08P-ALISTP) (:TYPE-PRESCRIPTION RECURSIVE-PROGRAMP) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA1) (:TYPE-PRESCRIPTION SUM-ARITH-LEMMA3) (:TYPE-PRESCRIPTION XTR) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 37.86 seconds (prove: 37.68, print: 0.18, other: 0.00) RECURSIVE-INDUCTION-STEP ACL2 !>>(DEFUN RECURSIVE-CLK (S) (DECLARE (XARGS :MEASURE (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0) :HINTS (("Goal" :USE ((:INSTANCE RECURSIVE-O-P-M) (:INSTANCE RECURSIVE-INDUCTION-STEP (ARBITRARY-S1 (IY86 S (RECURSIVE-KC S))))) :IN-THEORY (E/D (RECURSIVE-WRAPPER) (Y86-GUARD RECURSIVE-PRECONDITION RECURSIVE-M RECURSIVE-TEST RECURSIVE-EFFECTS RECURSIVE-KB RECURSIVE-KC RECURSIVE-KD)))))) (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (IF (RECURSIVE-TEST S) (RECURSIVE-KB S) (C+ (RECURSIVE-KC S) (C+ (RECURSIVE-CLK (IY86 S (RECURSIVE-KC S))) (RECURSIVE-KD S)))) 0)) For the admission of RECURSIVE-CLK we will use the relation O< (which is known to be well-founded on the domain recognized by O-P) and the measure (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0). The non-trivial part of the measure conjecture is Goal (AND (O-P (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0)) (IMPLIES (AND (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (NOT (RECURSIVE-TEST S))) (O< (IF (AND (Y86-GUARD (IY86 S (RECURSIVE-KC S))) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S)))) (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) 0) (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0)))). [Note: A hint was supplied for our processing of the goal above. Thanks!] We augment the goal with the hypotheses provided by the :USE hint. These hypotheses can be derived from RECURSIVE-O-P-M and RECURSIVE-INDUCTION-STEP via instantiation. We are left with the following subgoal. Goal' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))) (IMPLIES (AND (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S (IY86 S (RECURSIVE-KC S))))) (AND (O-P (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0)) (OR (NOT (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S))) (RECURSIVE-TEST S) (O< (IF (AND (Y86-GUARD (IY86 S (RECURSIVE-KC S))) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S)))) (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) 0) (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-M S) 0))))). This simplifies, using the :definitions NOT and RECURSIVE-WRAPPER, the :executable-counterparts of NOT and O-P, the :rewrite rule IY86-GUARD-INVARIANT and the :type-prescription rules O-P, O<, RECURSIVE-PRECONDITION, RECURSIVE-TEST and Y86-GUARD, to the following six conjectures. Subgoal 6 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-TEST S) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 5 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-TEST S) (NOT (RECURSIVE-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 4 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S))) (O< (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) (RECURSIVE-M S)) (~=> (IY86 (S* (RECURSIVE-EFFECTS (IY86 S (RECURSIVE-KC S))) (IY86 S (RECURSIVE-KC S))) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 3 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S))) (O< (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) (RECURSIVE-M S)) (~=> (IY86 (S* (RECURSIVE-EFFECTS (IY86 S (RECURSIVE-KC S))) (IY86 S (RECURSIVE-KC S))) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)) (NOT (RECURSIVE-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 2 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S))) (O< (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) (RECURSIVE-M S)) (NOT (Y86-GUARD (IY86 S (RECURSIVE-KC S)))) (NOT (Y86-GUARD S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Subgoal 1 (IMPLIES (AND (O-P (RECURSIVE-M S)) (RECURSIVE-PRECONDITION (IY86 S (RECURSIVE-KC S))) (O< (RECURSIVE-M (IY86 S (RECURSIVE-KC S))) (RECURSIVE-M S)) (NOT (Y86-GUARD (IY86 S (RECURSIVE-KC S)))) (NOT (RECURSIVE-PRECONDITION S))) (O-P 0)). But we reduce the conjecture to T, by the :executable-counterpart of O-P. Q.E.D. That completes the proof of the measure theorem for RECURSIVE-CLK. Thus, we admit this function under the principle of definition. We observe that the type of RECURSIVE-CLK is described by the theorem (AND (INTEGERP (RECURSIVE-CLK S)) (<= 0 (RECURSIVE-CLK S))). We used the :type-prescription rules NATP-C+, RECURSIVE-KB, RECURSIVE-KC, RECURSIVE-KD, RECURSIVE-NATP-KB, RECURSIVE-NATP-KC and RECURSIVE-NATP-KD. Summary Form: ( DEFUN RECURSIVE-CLK ...) Rules: ((:DEFINITION NOT) (:DEFINITION RECURSIVE-WRAPPER) (:EXECUTABLE-COUNTERPART NOT) (:EXECUTABLE-COUNTERPART O-P) (:REWRITE IY86-GUARD-INVARIANT) (:TYPE-PRESCRIPTION NATP-C+) (:TYPE-PRESCRIPTION O-P) (:TYPE-PRESCRIPTION O<) (:TYPE-PRESCRIPTION RECURSIVE-KB) (:TYPE-PRESCRIPTION RECURSIVE-KC) (:TYPE-PRESCRIPTION RECURSIVE-KD) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KB) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KC) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KD) (:TYPE-PRESCRIPTION RECURSIVE-PRECONDITION) (:TYPE-PRESCRIPTION RECURSIVE-TEST) (:TYPE-PRESCRIPTION Y86-GUARD)) Time: 0.10 seconds (prove: 0.08, print: 0.01, other: 0.02) RECURSIVE-CLK ACL2 !>>(DEFTHM RECURSIVE (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-CLK S)) (RECURSIVE-EFFECTS S))) :HINTS (("Goal" :USE (:FUNCTIONAL-INSTANCE RRULE (RHYP RECURSIVE-PRECONDITION) (RCLK RECURSIVE-CLK) (RBETA RECURSIVE-EFFECTS) (RTEST RECURSIVE-TEST) (RKB RECURSIVE-KB) (RKC RECURSIVE-KC) (RKD RECURSIVE-KD) (RM RECURSIVE-M) (RRULE-S-PRIME-WRAPPER RECURSIVE-WRAPPER)) :IN-THEORY (DISABLE Y86-GUARD NATP RECURSIVE-PRECONDITION RECURSIVE-EFFECTS RECURSIVE-TEST RECURSIVE-KB RECURSIVE-KC RECURSIVE-KD RECURSIVE-M RECURSIVE-WRAPPER)) ("Subgoal 8" :USE (:INSTANCE RECURSIVE-INDUCTION-STEP)) ("Subgoal 7" :USE (:INSTANCE RECURSIVE-BASE-CASE)) ("Subgoal 6" :USE (:INSTANCE RECURSIVE-O-P-M))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (RECURSIVE-PRECONDITION S))) (EQUAL (IY86 S (RECURSIVE-CLK S)) (S* (RECURSIVE-EFFECTS S) (IETC S (RECURSIVE-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 Warning [Theory] in ( DEFTHM RECURSIVE ...): The value of the theory expression '(~=> IETC) does not include the :DEFINITION rules for DOUBLE-REWRITE, MV-NTH, THE-ERROR, IFF, WORMHOLE-EVAL, MV-LIST, MINUSP, PLUSP, ZEROP, LISTP, SYNP, CASE-SPLIT, FORCE, RETURN-LAST, /=, =, EQL, NULL, ENDP, ATOM, EQ, NOT or IMPLIES. But these functions are among a set of primitive functions whose definitions are built into the ACL2 system in various places. This set consists of the functions MV-NTH, IFF, NOT, IMPLIES, EQ, ATOM, EQL, =, /=, NULL, ENDP, ZEROP, SYNP, PLUSP, MINUSP, LISTP, RETURN-LAST, MV-LIST, THE-ERROR, WORMHOLE-EVAL, FORCE, CASE-SPLIT and DOUBLE-REWRITE. While excluding them from the current theory will prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). ACL2 Warning [Theory] in ( DEFTHM RECURSIVE ...): The value of the theory expression '(~=> IETC) does not include the :EXECUTABLE-COUNTERPART rules for NOT, SYMBOLP, SYMBOL-PACKAGE-NAME, SYMBOL-NAME, STRINGP, REALPART, RATIONALP, PKG-WITNESS, PKG-IMPORTS, NUMERATOR, INTERN-IN-PACKAGE-OF-SYMBOL, INTEGERP, IMAGPART, IF, EQUAL, DENOMINATOR, CONSP, CONS, COERCE, COMPLEX-RATIONALP, COMPLEX, CODE-CHAR, CHARACTERP, CHAR-CODE, CDR, CAR, <, UNARY-/, UNARY--, BINARY-+, BINARY-* or ACL2-NUMBERP. But these functions are among a set of primitive functions whose executable counterparts are built into the ACL2 system. This set consists of the functions ACL2-NUMBERP, BINARY-*, BINARY-+, UNARY--, UNARY-/, <, CAR, CDR, CHAR-CODE, CHARACTERP, CODE-CHAR, COMPLEX, COMPLEX-RATIONALP, COERCE, CONS, CONSP, DENOMINATOR, EQUAL, IF, IMAGPART, INTEGERP, INTERN-IN-PACKAGE-OF-SYMBOL, NUMERATOR, PKG-WITNESS, PKG-IMPORTS, RATIONALP, REALPART, STRINGP, SYMBOL-NAME, SYMBOL-PACKAGE-NAME, SYMBOLP and NOT. While excluding them from the current theory may prevent certain expansions it will not prevent others. Good luck! To inhibit this warning, evaluate: (ASSIGN VERBOSE-THEORY-WARNING NIL). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Use] in ( DEFTHM RECURSIVE ...): It is unusual to :USE an enabled :REWRITE or :DEFINITION rule, so you may want to consider disabling (:REWRITE RRULE). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from RRULE via functional instantiation, provided we can establish the eight constraints generated; the constraints can be simplified using case analysis. We are left with the following eight subgoals. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 8 (IMPLIES (AND (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S ARBITRARY-S1)). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from RECURSIVE-INDUCTION-STEP via instantiation. We are left with the following subgoal. Subgoal 8' (IMPLIES (AND (IMPLIES (AND (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S ARBITRARY-S1)) (NOT (RECURSIVE-TEST S)) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (RECURSIVE-WRAPPER (IY86 S (RECURSIVE-KC S)) S ARBITRARY-S1)). But we reduce the conjecture to T, by case analysis. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 7 (IMPLIES (AND (RECURSIVE-TEST S) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-KB S)) (RECURSIVE-EFFECTS S))). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from RECURSIVE-BASE-CASE via instantiation. We are left with the following subgoal. Subgoal 7' (IMPLIES (AND (IMPLIES (AND (RECURSIVE-TEST S) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-KB S)) (RECURSIVE-EFFECTS S))) (RECURSIVE-TEST S) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-KB S)) (RECURSIVE-EFFECTS S))). But we reduce the conjecture to T, by case analysis. [Note: A hint was supplied for our processing of the goal below. Thanks!] Subgoal 6 (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))). We augment the goal with the hypothesis provided by the :USE hint. The hypothesis can be derived from RECURSIVE-O-P-M via instantiation. We are left with the following subgoal. Subgoal 6' (IMPLIES (AND (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (O-P (RECURSIVE-M S))). But we reduce the conjecture to T, by case analysis. Subgoal 5 (NATP (RECURSIVE-KD S)). But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rules RECURSIVE-KD and RECURSIVE-NATP-KD. Subgoal 4 (NATP (RECURSIVE-KC S)). But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rules RECURSIVE-KC and RECURSIVE-NATP-KC. Subgoal 3 (NATP (RECURSIVE-KB S)). But we reduce the conjecture to T, by the :compound-recognizer rule NATP-COMPOUND-RECOGNIZER and the :type-prescription rules RECURSIVE-KB and RECURSIVE-NATP-KB. Subgoal 2 (EQUAL (RECURSIVE-WRAPPER S-PRIME S ARBITRARY-S1) (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (OR (NOT (Y86-GUARD ARBITRARY-S1)) (AND (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)) T)))). This simplifies, using the :definition SYNP, the :rewrite rule RECURSIVE-WRAPPER-OPENER and the :type-prescription rule ~=>, to the following two conjectures. Subgoal 2.2 (IMPLIES (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (Y86-GUARD ARBITRARY-S1) (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S))) (EQUAL T (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)))). But simplification reduces this to T, using primitive type reasoning and the :type-prescription rule ~=>. Subgoal 2.1 (IMPLIES (AND (RECURSIVE-PRECONDITION S-PRIME) (O< (RECURSIVE-M S-PRIME) (RECURSIVE-M S)) (Y86-GUARD ARBITRARY-S1) (NOT (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)))) (EQUAL NIL (~=> (IY86 (S* (RECURSIVE-EFFECTS S-PRIME) ARBITRARY-S1) (RECURSIVE-KD S)) (RECURSIVE-EFFECTS S)))). But simplification reduces this to T, using primitive type reasoning. Subgoal 1 (EQUAL (RECURSIVE-CLK S) (IF (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (IF (RECURSIVE-TEST S) (RECURSIVE-KB S) (C+ (RECURSIVE-KC S) (C+ (RECURSIVE-CLK (IY86 S (RECURSIVE-KC S))) (RECURSIVE-KD S)))) 0)). But simplification reduces this to T, using the :definition RECURSIVE-CLK. Q.E.D. We now consider the corollary claimed in the specified rule class. The goal is (IMPLIES (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-CLK S)) (RECURSIVE-EFFECTS S))) (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (RECURSIVE-PRECONDITION S))) (EQUAL (IY86 S (RECURSIVE-CLK S)) (S* (RECURSIVE-EFFECTS S) (IETC S (RECURSIVE-CLK S)))))). [Note: A hint was supplied for our processing of the goal above. Thanks!] ACL2 Warning [Disable] in ( DEFTHM RECURSIVE ...): Forcing has transitioned from enabled to disabled. See :DOC force. By the simple :definitions FORCE and IETC we reduce the conjecture to Goal' (IMPLIES (AND (OR (NOT (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S))) (~=> (IY86 S (RECURSIVE-CLK S)) (RECURSIVE-EFFECTS S))) (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (EQUAL (IY86 S (RECURSIVE-CLK S)) (S* (RECURSIVE-EFFECTS S) (IY86 S (RECURSIVE-CLK S))))). But simplification reduces this to T, using the :definition ~=> and primitive type reasoning. Q.E.D. Summary Form: ( DEFTHM RECURSIVE ...) Rules: ((:COMPOUND-RECOGNIZER NATP-COMPOUND-RECOGNIZER) (:DEFINITION FORCE) (:DEFINITION IETC) (:DEFINITION NOT) (:DEFINITION RECURSIVE-CLK) (:DEFINITION SYNP) (:DEFINITION ~=>) (:FAKE-RUNE-FOR-TYPE-SET NIL) (:REWRITE RECURSIVE-WRAPPER-OPENER) (:TYPE-PRESCRIPTION RECURSIVE-KB) (:TYPE-PRESCRIPTION RECURSIVE-KC) (:TYPE-PRESCRIPTION RECURSIVE-KD) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KB) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KC) (:TYPE-PRESCRIPTION RECURSIVE-NATP-KD) (:TYPE-PRESCRIPTION ~=>)) Warnings: Disable, Use and Theory Time: 0.07 seconds (prove: 0.03, print: 0.02, other: 0.02) RECURSIVE ACL2 !>>(IN-THEORY (DISABLE RECURSIVE-CLK)) Summary Form: ( IN-THEORY (DISABLE ...)) Rules: NIL Time: 0.01 seconds (prove: 0.00, print: 0.00, other: 0.01) 4780 End of Encapsulated Events. Having verified that the encapsulated events validate the signatures of the ENCAPSULATE event, we discard the ephemeral theory and extend the original theory as directed by the signatures and the non-LOCAL events. We export RECURSIVE-CLK, RECURSIVE-WRAPPER, RECURSIVE-KD, RECURSIVE-KC, RECURSIVE-KB, RECURSIVE-TEST, RECURSIVE-M, RECURSIVE-EFFECTS and RECURSIVE-PRECONDITION. Summary Form: ( ENCAPSULATE NIL (DEFUN RECURSIVE-PRECONDITION ...) ...) Rules: NIL Warnings: Disable, Use, Theory and Non-rec Time: 56.65 seconds (prove: 56.28, print: 0.23, other: 0.14) T ACL2 !>:pcb :x d 7:x(DEFTHM-CODE-REC RECURSIVE (AND # # ...) ...) v (ENCAPSULATE NIL ...) L (DEFUN RECURSIVE-PRECONDITION (S) ...) L (DEFUN RECURSIVE-EFFECTS (S) ...) L (DEFUN RECURSIVE-M (S) ...) L (DEFUN RECURSIVE-TEST (S) ...) L (DEFUN RECURSIVE-KB (S) ...) L (DEFUN RECURSIVE-KC (S) ...) L (DEFUN RECURSIVE-KD (S) ...) (DEFTHM RECURSIVE-NATP-KB ...) (DEFTHM RECURSIVE-NATP-KC ...) (DEFTHM RECURSIVE-NATP-KD ...) (DEFTHM RECURSIVE-O-P-M ...) (DEFTHM RECURSIVE-BASE-CASE ...) L d (DEFUN RECURSIVE-WRAPPER (S-PRIME S ARBITRARY-S1) ...) (DEFTHM RECURSIVE-WRAPPER-OPENER ...) (IN-THEORY (DISABLE RECURSIVE-WRAPPER)) (DEFTHM RECURSIVE-INDUCTION-STEP ...) L d (DEFUN RECURSIVE-CLK (S) ...) (DEFTHM RECURSIVE ...) (IN-THEORY (DISABLE RECURSIVE-CLK)) ACL2 !>:pe RECURSIVE d 7:x(DEFTHM-CODE-REC RECURSIVE (AND # # ...) ...) \ > (DEFTHM RECURSIVE (IMPLIES (AND (Y86-GUARD S) (RECURSIVE-PRECONDITION S)) (~=> (IY86 S (RECURSIVE-CLK S)) (RECURSIVE-EFFECTS S))) :HINTS (("Goal" :USE (:FUNCTIONAL-INSTANCE RRULE (RHYP RECURSIVE-PRECONDITION) (RCLK RECURSIVE-CLK) (RBETA RECURSIVE-EFFECTS) (RTEST RECURSIVE-TEST) (RKB RECURSIVE-KB) (RKC RECURSIVE-KC) (RKD RECURSIVE-KD) (RM RECURSIVE-M) (RRULE-S-PRIME-WRAPPER RECURSIVE-WRAPPER)) :IN-THEORY (DISABLE Y86-GUARD NATP RECURSIVE-PRECONDITION RECURSIVE-EFFECTS RECURSIVE-TEST RECURSIVE-KB RECURSIVE-KC RECURSIVE-KD RECURSIVE-M RECURSIVE-WRAPPER)) ("Subgoal 8" :USE (:INSTANCE RECURSIVE-INDUCTION-STEP)) ("Subgoal 7" :USE (:INSTANCE RECURSIVE-BASE-CASE)) ("Subgoal 6" :USE (:INSTANCE RECURSIVE-O-P-M))) :RULE-CLASSES ((:REWRITE :COROLLARY (IMPLIES (AND (FORCE (Y86-GUARD S)) (FORCE (RECURSIVE-PRECONDITION S))) (EQUAL (IY86 S (RECURSIVE-CLK S)) (S* (RECURSIVE-EFFECTS S) (IETC S (RECURSIVE-CLK S))))) :HINTS (("Goal" :IN-THEORY '(~=> IETC)))))) ACL2 !>:pe y86-step-opener d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ > (DEFTHM Y86-STEP-OPENER (IMPLIES (AND (EQUAL PC (G :EIP ISA-ST)) (EQUAL OPCODE (N04 (FLOOR (R08 PC (G :MEM ISA-ST)) 16))) (SYNTAXP (OK-TO-STEP? 'Y86-STEP-OPENER PC OPCODE ISA-ST))) (EQUAL (Y86-STEP ISA-ST) (LET ((EIP (G :EIP ISA-ST))) (MV-LET (ISA-ST INSTRUCTION) (R08-CNT-WITH-HIDING ISA-ST EIP 'INSTRUCTION-READ) (LET* ((EIP+1 (N32+ EIP 1)) (OPCODE (BITS-04 INSTRUCTION 1)) (FUNCTION (BITS-04 INSTRUCTION 0))) (CASE OPCODE (0 (S :EIP EIP+1 ISA-ST)) (1 ISA-ST) (2 (MV-LET (ISA-ST REG) (R08-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (NAMEB (NUMR (RB REG))) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S NAMEB VALA ISA-ST))) ISA-ST))) (3 (MV-LET (ISA-ST REG) (R08-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEB (NUMR (RB REG)))) (MV-LET (ISA-ST IMM) (R32-CNT-WITH-HIDING ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (S NAMEB IMM ISA-ST))) ISA-ST))))) (4 (MV-LET (ISA-ST REG) (R08-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST DISP) (R32-CNT-WITH-HIDING ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (EA (N32+ VALB DISP)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (W32-CNT-WITH-HIDING ISA-ST EA VALA))) ISA-ST))))) (5 (MV-LET (ISA-ST REG) (R08-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEA (NUMR (RA REG))) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST DISP) (R32-CNT-WITH-HIDING ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (EA (N32+ VALB DISP))) (MV-LET (ISA-ST MVAL) (R32-CNT-WITH-HIDING ISA-ST EA 'DATA-READ) (LET* ((ISA-ST (S :EIP EIP+6 ISA-ST)) (ISA-ST (S NAMEA MVAL ISA-ST))) ISA-ST))))))) (6 (MV-LET (ISA-ST REG) (R08-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (VALA (REGVAL (RA REG) ISA-ST)) (NAMEB (NUMR (RB REG))) (VALB (REGVAL (RB REG) ISA-ST)) (ISA-ST (S :EIP EIP+2 ISA-ST))) (MV-LET (RESULT ZF SF OF) (OP2-WITH-HIDING FUNCTION VALA VALB) (LET* ((ISA-ST (S NAMEB RESULT ISA-ST)) (ISA-ST (S :F-ZF ZF ISA-ST)) (ISA-ST (S :F-SF SF ISA-ST)) (ISA-ST (S :F-OF OF ISA-ST))) ISA-ST))))) (7 (IF (JUMP-P-WITH-UNHIDING FUNCTION ISA-ST) (MV-LET (ISA-ST DEST) (R32-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((ISA-ST (S :EIP DEST ISA-ST)) (ISA-ST (S :CYCLES (+ 3 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST)) (LET* ((EIP+5 (N32+ EIP+1 4)) (ISA-ST (S :EIP EIP+5 ISA-ST))) ISA-ST))) (8 (MV-LET (ISA-ST DEST) (R32-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((ESP (G :ESP ISA-ST)) (EIP+5 (N32+ EIP+1 4)) (ESP-4 (N32+ ESP -4)) (ISA-ST (S :EIP DEST ISA-ST)) (ISA-ST (S :ESP ESP-4 ISA-ST)) (ISA-ST (W32-CNT-WITH-HIDING ISA-ST ESP-4 EIP+5)) (ISA-ST (S :CYCLES (+ 3 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST))) (9 (LET ((ESP (G :ESP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT-WITH-HIDING ISA-ST ESP 'DATA-READ) (LET* ((ESP+ (N32+ ESP 4)) (ISA-ST (S :EIP MVALUE ISA-ST)) (ISA-ST (S :ESP ESP+ ISA-ST)) (ISA-ST (S :CYCLES (+ 2 (G :CYCLES ISA-ST)) ISA-ST))) ISA-ST)))) (10 (MV-LET (ISA-ST REG) (R08-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((ESP (G :ESP ISA-ST)) (EIP+2 (N32+ EIP+1 1)) (ESP-4 (N32+ ESP -4)) (VALA (REGVAL (RA REG) ISA-ST)) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S :ESP ESP-4 ISA-ST)) (ISA-ST (W32-CNT-WITH-HIDING ISA-ST ESP-4 VALA))) ISA-ST))) (11 (MV-LET (ISA-ST REG) (R08-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((ESP (G :ESP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT-WITH-HIDING ISA-ST ESP 'DATA-READ) (LET* ((ESP+4 (N32+ ESP 4)) (EIP+2 (N32+ EIP+1 1)) (NAMEA (NUMR (RA REG))) (ISA-ST (S :EIP EIP+2 ISA-ST)) (ISA-ST (S :ESP ESP+4 ISA-ST)) (ISA-ST (S NAMEA MVALUE ISA-ST))) ISA-ST))))) (12 (MV-LET (ISA-ST REG) (R08-CNT-WITH-HIDING ISA-ST EIP+1 'INSTRUCTION-READ-SECOND-BYTE) (LET* ((EIP+2 (N32+ EIP+1 1)) (NAMEB (NUMR (RB REG))) (VALB (REGVAL (RB REG) ISA-ST))) (MV-LET (ISA-ST IMM) (R32-CNT-WITH-HIDING ISA-ST EIP+2 'INSTRUCTION-READ-32-BIT-WORD) (LET* ((EIP+6 (N32+ EIP+2 4)) (ISA-ST (S :EIP EIP+6 ISA-ST)) (IMM+B (N32+ VALB IMM)) (ISA-ST (S NAMEB IMM+B ISA-ST))) ISA-ST))))) (13 (LET* ((ESP (G :EBP ISA-ST))) (MV-LET (ISA-ST MVALUE) (R32-CNT-WITH-HIDING ISA-ST ESP 'DATA) (LET* ((ESP+4 (N32+ ESP 4)) (ISA-ST (S :EIP EIP+1 ISA-ST)) (ISA-ST (S :ESP ESP+4 ISA-ST)) (ISA-ST (S :EBP MVALUE ISA-ST))) ISA-ST)))) (OTHERWISE ISA-ST))))))) :HINTS (("Goal" :IN-THEORY '(Y86-STEP OP2 OP2-WITH-HIDING JUMP-P JUMP-P-WITH-UNHIDING UNHIDE NAT-TO-BOOLEAN HIDE-WHEN-UGLY CYCLE-COUNT CYCLE-COUNT-WITH-HIDING R08-CNT R08-CNT-WITH-HIDING R32-CNT R32-CNT-WITH-HIDING W32-CNT W32-CNT-WITH-HIDING) :EXPAND ((:FREE (X) (HIDE X)))))) ACL2 !>:pe R08-CNT-WITH-HIDING d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L (DEFUN R08-CNT-WITH-HIDING (ISA-ST ADDRESS TYPE) (LET* ((MEM (G :MEM ISA-ST)) (VAL (R08 ADDRESS MEM)) (ISA-ST (CYCLE-COUNT-WITH-HIDING ISA-ST TYPE 1 ADDRESS))) (MV ISA-ST VAL))) ACL2 !>:pe CYCLE-COUNT-WITH-HIDING d 1 (INCLUDE-BOOK "code-proof-utilities-2") \ [Included books, outermost to innermost: "/Users/moore/work/hyper/proof_4/code-proof-utilities-2.lisp" ] \ >L (DEFUN CYCLE-COUNT-WITH-HIDING (ISA-ST OPERATION BYTES ADDRESS) (DECLARE (XARGS :NORMALIZE NIL)) (LET* ((CYCLE-CNT (G :CYCLES ISA-ST)) (READS-INST (G :READS-INST ISA-ST)) (READS-DATA (G :READS-DATA ISA-ST)) (CACHE (G :CACHE ISA-ST)) (TAG (LOGAND ADDRESS 4294967040)) (INDEX (ASH (LOGAND ADDRESS 240) -4)) (ENTRY (CDR (ASSOC-EQUAL INDEX CACHE))) (HIT? (HIDE-WHEN-UGLY (AND (NATP ENTRY) (EQUAL ENTRY TAG))))) (CASE OPERATION (INSTRUCTION-READ (LET* ((ISA-ST (S :READS-INST (+ BYTES READS-INST) ISA-ST)) (ISA-ST (S :CYCLES (+ 1 CYCLE-CNT) ISA-ST))) ISA-ST)) (INSTRUCTION-READ-SECOND-BYTE (LET* ((ISA-ST (S :READS-INST (+ BYTES READS-INST) ISA-ST)) (ISA-ST (S :CYCLES (+ 0 CYCLE-CNT) ISA-ST))) ISA-ST)) (INSTRUCTION-READ-32-BIT-WORD (LET* ((ISA-ST (S :READS-INST (+ BYTES READS-INST) ISA-ST)) (ISA-ST (S :CYCLES (+ 0 CYCLE-CNT) ISA-ST))) ISA-ST)) (DATA-READ (LET* ((READ-MISSES (G :READ-MISSES ISA-ST)) (ISA-ST (S :READS-DATA (+ BYTES READS-DATA) ISA-ST)) (ISA-ST (S :CYCLES (+ (HIDE-WHEN-UGLY (IF HIT? 3 10)) CYCLE-CNT) ISA-ST)) (ISA-ST (S :READ-MISSES (+ (HIDE-WHEN-UGLY (IF HIT? 0 1)) READ-MISSES) ISA-ST))) ISA-ST)) (DATA-WRITE (LET* ((WRITE-CNT (G :WRITES-DATA ISA-ST)) (ISA-ST (S :WRITES-DATA (+ BYTES WRITE-CNT) ISA-ST)) (ISA-ST (S :CYCLES (+ 4 CYCLE-CNT) ISA-ST)) (ISA-ST (S :CACHE (PUT-ORDERED-ALIST INDEX TAG CACHE) ISA-ST))) ISA-ST)) (OTHERWISE ISA-ST)))) ACL2 !>