• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
      • 100-theorems
      • Arithmetic
      • Bit-vectors
        • Sparseint
        • Bitops
          • Bitops/merge
          • Bitops-compatibility
          • Bitops-books
          • Logbitp-reasoning
          • Bitops/signed-byte-p
          • Fast-part-select
          • Bitops/integer-length
          • Bitops/extra-defs
          • Install-bit
          • Trailing-0-count
          • Bitops/defaults
          • Logbitp-mismatch
          • Trailing-1-count
          • Bitops/rotate
          • Bitops/equal-by-logbitp
          • Bitops/ash-bounds
          • Bitops/fast-logrev
          • Limited-shifts
          • Bitops/part-select
          • Bitops/parity
          • Bitops/saturate
            • Signed-saturate
            • Unsigned-saturate
              • Unsigned-saturate-fn
                • Unsigned-saturate8
                • Unsigned-saturate64
                • Unsigned-saturate32
                • Unsigned-saturate16
            • Bitops/part-install
            • Bitops/logbitp-bounds
            • Bitops/ihsext-basics
            • Bitops/fast-rotate
            • Bitops/fast-logext
            • Bitops/ihs-extensions
          • Bv
          • Ihs
          • Rtl
        • Algebra
      • Testing-utilities
    • Unsigned-saturate

    Unsigned-saturate-fn

    Logical definition of unsigned-saturate, and also its executable implementation in the general case.

    Signature
    (unsigned-saturate-fn n x) → saturated
    Arguments
    n — Guard (posp n).
    x — Guard (integerp x).
    Returns
    saturated — Type (natp saturated).

    Definitions and Theorems

    Function: unsigned-saturate-fn

    (defun unsigned-saturate-fn (n x)
  (declare (xargs :guard (and (posp n) (integerp x))))
  (let ((__function__ 'unsigned-saturate-fn))
    (declare (ignorable __function__))
    (b* ((n (lnfix n))
         (x (lifix x))
         (|2^N| (ash 1 n))
         (max (+ -1 |2^N|))
         ((when (>= x max)) max)
         ((when (<= x 0)) 0))
      x)))

    Theorem: natp-of-unsigned-saturate-fn

    (defthm acl2::natp-of-unsigned-saturate-fn
  (b* ((saturated (unsigned-saturate-fn n x)))
    (natp saturated))
  :rule-classes :type-prescription)

    Theorem: unsigned-byte-p-of-unsigned-saturate-fn

    (defthm unsigned-byte-p-of-unsigned-saturate-fn
  (implies (natp n)
           (unsigned-byte-p n (unsigned-saturate-fn n x))))

    Theorem: nat-equiv-implies-equal-unsigned-saturate-fn-1

    (defthm nat-equiv-implies-equal-unsigned-saturate-fn-1
  (implies (nat-equiv n n-equiv)
           (equal (unsigned-saturate-fn n x)
                  (unsigned-saturate-fn n-equiv x)))
  :rule-classes (:congruence))

    Theorem: int-equiv-implies-equal-unsigned-saturate-fn-2

    (defthm int-equiv-implies-equal-unsigned-saturate-fn-2
  (implies (int-equiv x x-equiv)
           (equal (unsigned-saturate-fn n x)
                  (unsigned-saturate-fn n x-equiv)))
  :rule-classes (:congruence))