|
|
|---|
|
|
|
|---|
Leo tuple writing operation.
(op-tuple-write tupval index newval) → result
This formalizes the replacement of a tuple component with a new value. The new value must have the same type as the old one, otherwise we defensively return an error indication: this ensures that tuples maintain their types under writing, an invariant that we will eventually prove.
Function:
(defun op-tuple-write (tupval index newval) (declare (xargs :guard (and (valuep tupval) (natp index) (valuep newval)))) (let ((__function__ 'op-tuple-write)) (declare (ignorable __function__)) (b* ((err (reserrf (list :op-tuple-write (value-fix tupval) (nfix index) (value-fix newval)))) ((unless (value-case tupval :tuple)) err) (vals (value-tuple->components tupval)) ((unless (< (nfix index) (len vals))) err) (oldval (nth (nfix index) vals)) ((unless (equal (type-of-value newval) (type-of-value oldval))) err)) (value-tuple (update-nth (nfix index) newval vals)))))
Theorem:
(defthm value-resultp-of-op-tuple-write (b* ((result (op-tuple-write tupval index newval))) (value-resultp result)) :rule-classes :rewrite)
Theorem:
(defthm op-tuple-write-of-value-fix-tupval (equal (op-tuple-write (value-fix tupval) index newval) (op-tuple-write tupval index newval)))
Theorem:
(defthm op-tuple-write-value-equiv-congruence-on-tupval (implies (value-equiv tupval tupval-equiv) (equal (op-tuple-write tupval index newval) (op-tuple-write tupval-equiv index newval))) :rule-classes :congruence)
Theorem:
(defthm op-tuple-write-of-nfix-index (equal (op-tuple-write tupval (nfix index) newval) (op-tuple-write tupval index newval)))
Theorem:
(defthm op-tuple-write-nat-equiv-congruence-on-index (implies (acl2::nat-equiv index index-equiv) (equal (op-tuple-write tupval index newval) (op-tuple-write tupval index-equiv newval))) :rule-classes :congruence)
Theorem:
(defthm op-tuple-write-of-value-fix-newval (equal (op-tuple-write tupval index (value-fix newval)) (op-tuple-write tupval index newval)))
Theorem:
(defthm op-tuple-write-value-equiv-congruence-on-newval (implies (value-equiv newval newval-equiv) (equal (op-tuple-write tupval index newval) (op-tuple-write tupval index newval-equiv))) :rule-classes :congruence)