• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Std
    • Std/lists
    • Std/alists
    • Obags
    • Std/util
    • Std/strings
    • Std/osets
    • Std/io
    • Std/basic
      • Maybe-stringp
      • Maybe-natp
      • Two-nats-measure
      • Impossible
      • Bytep
      • Nat-list-measure
        • Nat-list-<
      • Maybe-posp
      • Nibblep
      • Organize-symbols-by-pkg
      • Organize-symbols-by-name
      • Lnfix
      • Good-valuep
      • Streqv
      • Chareqv
      • Symbol-package-name-non-cl
      • Arith-equivs
      • Induction-schemes
      • Maybe-integerp
      • Char-fix
      • Pos-fix
      • Symbol-package-name-lst
      • Mbt$
      • Maybe-bitp
      • Good-pseudo-termp
      • Str-fix
      • Maybe-string-fix
      • Nonkeyword-listp
      • Lifix
      • Bfix
      • Std/basic/if*
      • Impliez
      • Tuplep
      • Std/basic/intern-in-package-of-symbol
      • Lbfix
      • Std/basic/symbol-name-lst
      • True
      • Std/basic/rfix
      • Std/basic/realfix
      • Std/basic/member-symbol-name
      • Std/basic/fix
      • False
      • Std/basic/nfix
      • Std/basic/ifix
    • Std/system
    • Std/typed-lists
    • Std/bitsets
    • Std/testing
    • Std/typed-alists
    • Std/stobjs
  • Community
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
  • Math
  • Testing-utilities

• Std/basic
• Ordinals
• ACL2-count

Nat-list-measure

An ordinal measure for admitting functions: lexicographic ordering of a list of natural numbers.

(nat-list-measure a) constructs an ordinal that can be used to prove that recursive functions terminate. It essentially provides a lexicographic order of a list of naturals. That is,

(o< (nat-list-measure (list a1 b1 c1))
    (nat-list-measure (list a2 b2 c2)))

Will be true when either:

• a1 < a2, or else
• a1 == a2 and b1 < b2, or else
• a1 == a2 and b1 == b2 and c1 < c2.

Typical usage is, e.g.,:

(defun f (a b c)
  (declare (xargs :measure (nat-list-measure (list a b c))))
  ...)

See also the simpler (but more limited) two-nats-measure for some additional discussion on how such a measure might be useful.

See also nat-list-< for a somewhat fancier alternative.

Definitions and Theorems

Function: nat-list-measure

(defun nat-list-measure (a)
  (declare (xargs :guard t))
  (if (atom a)
      (nfix a)
    (make-ord (len a)
              (+ 1 (nfix (car a)))
              (nat-list-measure (cdr a)))))

Theorem: consp-nat-list-measure

(defthm consp-nat-list-measure
  (equal (consp (nat-list-measure a))
         (consp a)))

Theorem: atom-caar-nat-list-measure

(defthm atom-caar-nat-list-measure
  (equal (caar (nat-list-measure a))
         (and (consp a) (len a))))

Theorem: o-p-of-nat-list-measure

(defthm o-p-of-nat-list-measure
  (o-p (nat-list-measure a)))

Function: cons-list-or-quotep

(defun cons-list-or-quotep (x)
  (if (atom x)
      (equal x nil)
    (case (car x)
      't
      (cons (and (eql (len x) 3)
                 (cons-list-or-quotep (third x)))))))

Theorem: o<-of-nat-list-measure

(defthm o<-of-nat-list-measure
 (implies
  (syntaxp (and (cons-list-or-quotep a)
                (cons-list-or-quotep b)))
  (equal (o< (nat-list-measure a)
             (nat-list-measure b))
         (or (< (len a) (len b))
             (and (equal (len a) (len b))
                  (if (consp a)
                      (or (< (nfix (car a)) (nfix (car b)))
                          (and (equal (nfix (car a)) (nfix (car b)))
                               (o< (nat-list-measure (cdr a))
                                   (nat-list-measure (cdr b)))))
                    (< (nfix a) (nfix b))))))))

Subtopics

Nat-list-<

An alternate well-founded-relation that allows lists of naturals to be used directly as measures.