We don't check for ill-formed environment very rigorously.
For example, one can have STANDARD-INPUT's mode as
O_WRONLY, and it'll still be a good
'((:FILE-DESCRIPTORS . ((0 . ((:NAME . "STANDARD-INPUT") (:OFFSET . 0) (:MODE . 0))) (1 . ((:NAME . "STANDARD-OUTPUT") (:OFFSET . 0) (:MODE . 1))) (2 . ((:NAME . "ERROR") (:OFFSET . 0) (:MODE . 2))) (3 . ((:NAME . "FOO.TXT") (:OFFSET . 0) (:MODE . 8))))) (:FILE-CONTENTS . (("STANDARD-INPUT" . ((:CONTENTS . "Contents 0"))) ("STANDARD-OUTPUT" . ((:CONTENTS . "Contents 1"))) ("ERROR" . ((:CONTENTS . "Contents 2"))) ("FOO.TXT" . ((:CONTENTS . "Contents 3"))) )) (:ORACLE . ((1 . ((-1 . "hello") 5000)) (2 . (0)))))
Theorem:
(defthm alistp-put-assoc-equal-equal (implies (force (alistp x)) (alistp (put-assoc-equal i y x))) :rule-classes :type-prescription)
Theorem:
(defthm alistp-remove1-assoc-equal-equal (implies (force (alistp x)) (alistp (remove1-assoc-equal i x))) :rule-classes :type-prescription)
Function:
(defun env-read-logic (x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard t)) (let ((__function__ 'env-read-logic)) (declare (ignorable __function__)) (env x86)))
Function:
(defun env-read$notinline (x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard t)) (let ((__function__ 'env-read)) (declare (ignorable __function__)) (env-read-logic x86)))
Theorem:
(defthm env-alistp-env-read (implies (x86p x86) (env-alistp (env-read x86))) :rule-classes :forward-chaining)
Function:
(defun env-write-logic (env x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (env-alistp env))) (let ((__function__ 'env-write-logic)) (declare (ignorable __function__)) (!env env x86)))
Function:
(defun env-write$notinline (env x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (env-alistp env))) (let ((__function__ 'env-write)) (declare (ignorable __function__)) (env-write-logic env x86)))
Theorem:
(defthm x86p-env-write (implies (and (x86p x86) (env-alistp env)) (x86p (env-write env x86))))
Theorem:
(defthm alistp-of-xr-env (alistp (xr :env i x86$a)))
Function:
(defun read-x86-file-des-logic (id x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (integerp id))) (let ((__function__ 'read-x86-file-des-logic)) (declare (ignorable __function__)) (b* ((env (env-read x86)) (file-des-field (assoc-equal :file-descriptors env)) (fd-name-field (if (atom file-des-field) nil (assoc-equal id (cdr file-des-field)))) (name-field (if (atom fd-name-field) nil (cdr fd-name-field)))) name-field)))
Function:
(defun read-x86-file-des$notinline (id x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (integerp id))) (let ((__function__ 'read-x86-file-des)) (declare (ignorable __function__)) (read-x86-file-des-logic id x86)))
Theorem:
(defthm read-x86-file-des-xw (implies (not (equal fld :env)) (equal (read-x86-file-des id (xw fld index value x86)) (read-x86-file-des id x86))))
Theorem:
(defthm rip-ret-alistp-of-xr-env (rip-ret-alistp (cdr (assoc-equal :oracle (xr :env i x86$a)))))
Function:
(defun write-x86-file-des-logic (fd fd-field x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (integerp fd))) (let ((__function__ 'write-x86-file-des-logic)) (declare (ignorable __function__)) (b* ((env (env-read x86)) (file-des-field (cdr (assoc-equal :file-descriptors env))) (x86 (env-write (acons ':file-descriptors (put-assoc-equal fd fd-field file-des-field) (acons ':file-contents (cdr (assoc-equal :file-contents env)) (acons ':oracle (cdr (assoc-equal :oracle env)) nil))) x86))) x86)))
Function:
(defun write-x86-file-des$notinline (fd fd-field x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (integerp fd))) (let ((__function__ 'write-x86-file-des)) (declare (ignorable __function__)) (write-x86-file-des-logic fd fd-field x86)))
Theorem:
(defthm x86p-write-x86-file-des (implies (and (x86p x86) (integerp fd)) (x86p (write-x86-file-des fd fd-field x86))))
Theorem:
(defthm xr-write-x86-file-des (implies (not (equal fld :env)) (equal (xr fld index (write-x86-file-des fd fd-field x86)) (xr fld index x86))))
Theorem:
(defthm 64-bit-modep-of-write-x86-file-des (equal (64-bit-modep (write-x86-file-des fd fd-field x86)) (64-bit-modep x86)))
Theorem:
(defthm x86-operation-mode-of-write-x86-file-des (equal (x86-operation-mode (write-x86-file-des fd fd-field x86)) (x86-operation-mode x86)))
Theorem:
(defthm write-x86-file-des-xw (implies (not (equal fld :env)) (equal (write-x86-file-des i v (xw fld index value x86)) (xw fld index value (write-x86-file-des i v x86)))))
Function:
(defun delete-x86-file-des-logic (fd x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (integerp fd))) (let ((__function__ 'delete-x86-file-des-logic)) (declare (ignorable __function__)) (b* ((env (env-read x86)) (file-des-field (cdr (assoc-equal :file-descriptors env))) (x86 (env-write (acons ':file-descriptors (remove1-assoc-equal fd file-des-field) (acons ':file-contents (cdr (assoc-equal :file-contents env)) (acons ':oracle (cdr (assoc-equal :oracle env)) nil))) x86))) x86)))
Function:
(defun delete-x86-file-des$notinline (fd x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (integerp fd))) (let ((__function__ 'delete-x86-file-des)) (declare (ignorable __function__)) (delete-x86-file-des-logic fd x86)))
Theorem:
(defthm x86p-delete-x86-file-des (implies (and (x86p x86) (integerp fd)) (x86p (delete-x86-file-des fd x86))))
Theorem:
(defthm xr-delete-x86-file-des (implies (not (equal fld :env)) (equal (xr fld index (delete-x86-file-des fd x86)) (xr fld index x86))))
Theorem:
(defthm delete-x86-file-des-xw (implies (not (equal fld :env)) (equal (delete-x86-file-des i (xw fld index value x86)) (xw fld index value (delete-x86-file-des i x86)))))
Function:
(defun read-x86-file-contents-logic (name x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (stringp name))) (let ((__function__ 'read-x86-file-contents-logic)) (declare (ignorable __function__)) (b* ((env (env-read x86)) (name-file-contents-field (assoc-equal :file-contents env)) (file-contents-field (if (atom name-file-contents-field) nil (cdr (assoc-equal name (cdr name-file-contents-field)))))) file-contents-field)))
Function:
(defun read-x86-file-contents$notinline (name x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (stringp name))) (let ((__function__ 'read-x86-file-contents)) (declare (ignorable __function__)) (read-x86-file-contents-logic name x86)))
Theorem:
(defthm read-x86-file-contents-xw (implies (not (equal fld :env)) (equal (read-x86-file-contents name (xw fld index value x86)) (read-x86-file-contents name x86))))
Function:
(defun write-x86-file-contents-logic (name contents-field x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (stringp name))) (let ((__function__ 'write-x86-file-contents-logic)) (declare (ignorable __function__)) (b* ((env (env-read x86)) (file-contents-field (cdr (assoc-equal :file-contents env))) (x86 (env-write (acons ':file-descriptors (cdr (assoc-equal :file-descriptors env)) (acons ':file-contents (put-assoc-equal name contents-field file-contents-field) (acons ':oracle (cdr (assoc-equal :oracle env)) nil))) x86))) x86)))
Function:
(defun write-x86-file-contents$notinline (name contents x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (stringp name))) (let ((__function__ 'write-x86-file-contents)) (declare (ignorable __function__)) (write-x86-file-contents-logic name contents x86)))
Theorem:
(defthm x86p-write-x86-file-contents (implies (and (x86p x86) (stringp name)) (x86p (write-x86-file-contents name contents x86))))
Theorem:
(defthm xr-write-x86-file-contents (implies (not (equal fld :env)) (equal (xr fld index (write-x86-file-contents name contents x86)) (xr fld index x86))))
Theorem:
(defthm write-x86-file-contents-xw (implies (not (equal fld :env)) (equal (write-x86-file-contents i v (xw fld index value x86)) (xw fld index value (write-x86-file-contents i v x86)))))
Function:
(defun delete-x86-file-contents-logic (name x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (stringp name))) (let ((__function__ 'delete-x86-file-contents-logic)) (declare (ignorable __function__)) (b* ((env (env-read x86)) (file-contents-field (cdr (assoc-equal :file-contents env))) (x86 (env-write (acons ':file-descriptors (cdr (assoc-equal :file-descriptors env)) (acons ':file-contents (remove1-assoc-equal name file-contents-field) (acons ':oracle (cdr (assoc-equal :oracle env)) nil))) x86))) x86)))
Function:
(defun delete-x86-file-contents$notinline (name x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard (stringp name))) (let ((__function__ 'delete-x86-file-contents)) (declare (ignorable __function__)) (delete-x86-file-contents-logic name x86)))
Theorem:
(defthm x86p-delete-x86-file-contents (implies (and (x86p x86) (stringp name)) (x86p (delete-x86-file-contents name x86))))
Theorem:
(defthm xr-delete-x86-file-contents (implies (not (equal fld :env)) (equal (xr fld index (delete-x86-file-contents name x86)) (xr fld index x86))))
Theorem:
(defthm delete-x86-file-contents-xw (implies (not (equal fld :env)) (equal (delete-x86-file-contents i (xw fld index value x86)) (xw fld index value (delete-x86-file-contents i x86)))))
Theorem:
(defthm alistp-of-oracle-of-xr-env (alistp (cdr (assoc-equal :oracle (xr :env i x86$a)))) :rule-classes (:rewrite :type-prescription))
Function:
(defun pop-x86-oracle-logic (x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard t)) (let ((__function__ 'pop-x86-oracle-logic)) (declare (ignorable __function__)) (b* ((rip (rip x86)) (env (env-read x86)) (oracle (cdr (assoc-equal :oracle env))) (vals (assoc-equal rip oracle)) (lst (if (consp vals) (if (consp (cdr vals)) (cdr vals) nil) nil)) ((mv val x86) (if (atom lst) (let ((x86 (!ms (list :syscall-oracle-pop-empty rip) x86))) (mv -1 x86)) (let ((x86 (env-write (acons ':file-descriptors (cdr (assoc-equal :file-descriptors env)) (acons ':file-contents (cdr (assoc-equal :file-contents env)) (acons ':oracle (put-assoc-equal rip (cdr lst) oracle) nil))) x86))) (mv (car lst) x86))))) (mv val x86))))
Function:
(defun pop-x86-oracle$notinline (x86) (declare (xargs :stobjs (x86))) (declare (xargs :guard t)) (let ((__function__ 'pop-x86-oracle)) (declare (ignorable __function__)) (pop-x86-oracle-logic x86)))
Theorem:
(defthm x86p-mv-nth-1-pop-x86-oracle (implies (x86p x86) (x86p (mv-nth 1 (pop-x86-oracle x86)))))
Theorem:
(defthm xr-pop-x86-oracle-state (implies (and (not (equal fld :env)) (not (equal fld :ms))) (equal (xr fld index (mv-nth 1 (pop-x86-oracle x86))) (xr fld index x86))))
Theorem:
(defthm pop-x86-oracle-xw (implies (and (not (equal fld :env)) (not (equal fld :rip))) (equal (mv-nth 0 (pop-x86-oracle (xw fld index value x86))) (mv-nth 0 (pop-x86-oracle x86)))))
Theorem:
(defthm xw-pop-x86-oracle-state (implies (and (not (equal fld :env)) (not (equal fld :rip)) (not (equal fld :ms))) (equal (mv-nth 1 (pop-x86-oracle (xw fld index value x86))) (xw fld index value (mv-nth 1 (pop-x86-oracle x86))))))