other
(in-package "ACL2")
pida-make-mstatetheorem
(defthm pida-make-mstate (equal (pida (make-mstate alist mem code)) alist))
mem-make-mstatetheorem
(defthm mem-make-mstate (equal (mem (make-mstate alist mem code)) mem))
code-make-mstatetheorem
(defthm code-make-mstate (equal (code (make-mstate alist mem code)) code))
in-theory
(in-theory (disable make-mstate pida mem code))
modifymacro
(defmacro modify (s &key (pcn 'nil pcnp) (regs 'nil regsp) (pida 'nil pidap) (mem 'nil memp) (code 'nil codep)) (if (or pcnp regsp) `(make-ls ,(IF PCNP PCN `(PCN ,S)) ,(IF REGSP REGS `(REGS ,S))) `(make-mstate ,(IF PIDAP PIDA `(PIDA ,S)) ,(IF MEMP MEM `(MEM ,S)) ,(IF CODEP CODE `(CODE ,S)))))
bindfunction
(defun bind (x y alist) (cond ((endp alist) (list (cons x y))) ((equal x (car (car alist))) (cons (cons x y) (cdr alist))) (t (cons (car alist) (bind x y (cdr alist))))))
bound?function
(defun bound? (x alist) (cond ((endp alist) nil) ((equal x (caar alist)) (car alist)) (t (bound? x (cdr alist)))))
bound?-bindtheorem
(defthm bound?-bind (equal (bound? var1 (bind var2 val alist)) (if (equal var1 var2) (cons var1 val) (bound? var1 alist))))
load-stepfunction
(defun load-step (ins ls mem) (let ((reg (cadr ins)) (loc (caddr ins))) (mv (modify ls :pcn (1+ (pcn ls)) :regs (bind reg (binding loc mem) (regs ls))) mem)))
incr-stepfunction
(defun incr-step (ins ls mem) (let ((reg1 (cadr ins)) (reg2 (caddr ins))) (mv (modify ls :pcn (1+ (pcn ls)) :regs (bind reg1 (1+ (binding reg2 (regs ls))) (regs ls))) mem)))
cas-stepfunction
(defun cas-step (ins ls mem) (let ((loc (cadr ins)) (reg1 (caddr ins)) (reg2 (cadddr ins))) (cond ((equal (binding reg1 (regs ls)) (binding loc mem)) (mv (modify ls :pcn (1+ (pcn ls)) :regs (bind reg2 nil (regs ls))) (bind loc (binding reg2 (regs ls)) mem))) (t (mv (modify ls :pcn (1+ (pcn ls)) :regs (bind reg1 (binding loc mem) (bind reg2 t (regs ls)))) mem)))))
br-stepfunction
(defun br-step (ins ls mem) (let ((reg (cadr ins)) (adr (caddr ins))) (mv (modify ls :pcn (if (binding reg (regs ls)) adr (1+ (pcn ls)))) mem)))
jump-stepfunction
(defun jump-step (ins ls mem) (let ((adr (cadr ins))) (mv (modify ls :pcn adr) mem)))
executefunction
(defun execute (pid ins s) (let ((ls (ls pid s))) (mv-let (new-ls new-mem) (case (car ins) (load (load-step ins ls (mem s))) (incr (incr-step ins ls (mem s))) (cas (cas-step ins ls (mem s))) (br (br-step ins ls (mem s))) (jump (jump-step ins ls (mem s))) (otherwise (mv ls (mem s)))) (modify s :pida (bind pid new-ls (pida s)) :mem new-mem))))
mstepfunction
(defun mstep (pid s) (cond ((bound? pid (pida s)) (execute pid (current-instruction pid s) s)) (t s)))
mrunfunction
(defun mrun (oracle s) (if (endp oracle) s (mrun (cdr oracle) (mstep (car oracle) s))))
multrun-openertheorem
(defthm multrun-opener (equal (mrun (cons pid l) s) (mrun l (mstep pid s))) :hints (("goal" :in-theory (disable mstep))))
mstep-openertheorem
(defthm mstep-opener (implies (consp (current-instruction pid s)) (equal (mstep pid s) (if (bound? pid (pida s)) (execute pid (current-instruction pid s) s) s))))
code-msteptheorem
(defthm code-mstep (equal (code (mstep pid s)) (code s)) :hints (("Goal" :in-theory (enable mstep))))
bound?-msteptheorem
(defthm bound?-mstep (iff (bound? pid (pida (mstep active-pid s))) (bound? pid (pida s))) :hints (("Goal" :in-theory (enable mstep))))
bound?-pidatheorem
(defthm bound?-pida (implies (not (member-equal pid l)) (equal (bound? pid (pida (mrun l s))) (bound? pid (pida s)))) :hints (("Goal" :in-theory (enable mstep))))
uls-make-ustatetheorem
(defthm uls-make-ustate (equal (uls (make-ustate uls umem ucode)) uls))
umem-make-ustatetheorem
(defthm umem-make-ustate (equal (umem (make-ustate uls umem ucode)) umem))
ucode-make-ustatetheorem
(defthm ucode-make-ustate (equal (ucode (make-ustate uls umem ucode)) ucode))
in-theory
(in-theory (disable make-ustate uls umem ucode))
uexecutefunction
(defun uexecute (ins us actual-mem) (let ((ls (uls us))) (mv-let (new-ls new-mem) (case (car ins) (load (load-step ins ls actual-mem)) (incr (incr-step ins ls actual-mem)) (cas (cas-step ins ls actual-mem)) (br (br-step ins ls actual-mem)) (jump (jump-step ins ls actual-mem)) (otherwise (mv ls actual-mem))) (make-ustate new-ls new-mem (ucode us)))))
ustepfunction
(defun ustep (us actual-mem) (uexecute (current-uinstruction us) us actual-mem))
urunfunction
(defun urun (us m) (cond ((endp m) us) ((endp (cdr m)) (make-ustate (uls us) (car m) (ucode us))) (t (urun (ustep us (car m)) (cdr m)))))
urun-openertheorem
(defthm urun-opener (equal (urun us (cons mem m)) (if (endp m) (make-ustate (uls us) mem (ucode us)) (urun (ustep us mem) m))) :hints (("goal" :in-theory (disable ustep))))
ustep-openertheorem
(defthm ustep-opener (implies (consp (current-uinstruction us)) (equal (ustep us mem) (uexecute (current-uinstruction us) us mem))))
initial-subsequencefunction
(defun initial-subsequence (l pid) (cond ((endp l) nil) ((equal (car l) pid) nil) (t (cons (car l) (initial-subsequence (cdr l) pid)))))
acl2-count-member-equaltheorem
(defthm acl2-count-member-equal (implies (member-equal pid l) (<= (acl2-count (member-equal pid l)) (acl2-count l))) :rule-classes :linear)
partition-oraclefunction
(defun partition-oracle (pid l) (cond ((member-equal pid l) (cons (initial-subsequence l pid) (partition-oracle pid (cdr (member-equal pid l))))) (t (list l))))
new-oraclefunction
(defun new-oracle (pid s partitions) (cond ((endp partitions) nil) (t (cons (mem (mrun (car partitions) s)) (new-oracle pid (mstep pid (mrun (car partitions) s)) (cdr partitions))))))
proj-oraclefunction
(defun proj-oracle (pid s l) (new-oracle pid s (partition-oracle pid l)))
new-oracle-openertheorem
(defthm new-oracle-opener (equal (new-oracle pid s (cons part l)) (cons (mem (mrun part s)) (new-oracle pid (mstep pid (mrun part s)) l))))
mrun-is-urun-hintfunction
(defun mrun-is-urun-hint (pid l s) (cond ((member-equal pid l) (mrun-is-urun-hint pid (cdr (member-equal pid l)) (mstep pid (mrun (initial-subsequence l pid) s)))) (t s)))
consp-new-oracletheorem
(defthm consp-new-oracle (iff (consp (new-oracle pid s l)) (consp l)))
initial-subsequence-elimtheorem
(defthm initial-subsequence-elim (implies (member-equal pid l) (equal (append (initial-subsequence l pid) (cons pid (cdr (member-equal pid l)))) l)) :rule-classes :elim)
ustep-is-msteptheorem
(defthm ustep-is-mstep (implies (and (not (member-equal pid l)) (bound? pid (pida s)) (equal code (code s))) (equal (ustep (make-ustate (binding pid (pida s)) (mem s) code) (mem (mrun l s))) (make-ustate (binding pid (pida (mstep pid (mrun l s)))) (mem (mstep pid (mrun l s))) (code s)))) :hints (("Goal" :do-not-induct t :in-theory (set-difference-theories (enable ustep mstep) '(load-step incr-step cas-step br-step jump-step)))))
member-equal-initial-subsequencetheorem
(defthm member-equal-initial-subsequence (not (member-equal pid (initial-subsequence l pid))))
commutative-diagramtheorem
(defthm commutative-diagram (implies (processp pid s) (equal (urun (proj pid s) (proj-oracle pid s l)) (proj pid (mrun l s)))) :hints (("Goal" :induct (mrun-is-urun-hint pid l s))))
commutative-diagram-corollarytheorem
(defthm commutative-diagram-corollary (implies (processp pid s) (equal (mem (mrun l s)) (umem (urun (proj pid s) (proj-oracle pid s l))))) :hints (("Goal" :in-theory (disable proj proj-oracle))))
in-theory
(in-theory (disable commutative-diagram-corollary))
len-new-oracletheorem
(defthm len-new-oracle (equal (len (new-oracle pid s l)) (len l)))
ucode-projtheorem
(defthm ucode-proj (equal (ucode (proj pid s)) (code s)))
r-reflexiveencapsulate
(encapsulate ((p (s) t) (r (mem1 mem2) t)) (local (defun p (s) (declare (ignore s)) t)) (local (defun r (mem1 mem2) (declare (ignore mem1 mem2)) t)) (defthm r-reflexive (implies (p s) (r (mem s) (mem s)))) (defthm r-transitive (implies (and (r mem1 mem2) (r mem2 mem3)) (r mem1 mem3))) (defthm p-mstep (implies (p s) (p (mstep pid s)))) (defthm r-mstep (implies (p s) (r (mem s) (mem (mstep pid s))))))
r-urunpfunction
(defun r-urunp (us m) (declare (xargs :measure (acl2-count m))) (cond ((endp m) t) ((r (umem us) (car m)) (r-urunp (ustep us (car m)) (cdr m))) (t nil)))
r-urunp-openertheorem
(defthm r-urunp-opener (equal (r-urunp us (cons mem m)) (and (r (umem us) mem) (r-urunp (ustep us mem) m))))
r-mruntheorem
(defthm r-mrun (implies (p s) (r (mem s) (mem (mrun l s)))) :hints (("Subgoal *1/3" :use (:instance r-mstep (pid (car l)) (s s)) :in-theory (disable r-mstep))))
preorder-projectiontheorem
(defthm preorder-projection (implies (and (p s) (bound? pid (pida s))) (r-urunp (proj pid s) (proj-oracle pid s l))) :hints (("Goal" :induct (mrun-is-urun-hint pid l s))))
occurrencesfunction
(defun occurrences (pid l) (cond ((endp l) 0) ((equal pid (car l)) (1+ (occurrences pid (cdr l)))) (t (occurrences pid (cdr l)))))
equal-len-ntheorem
(defthm equal-len-n (implies (and (syntaxp (quotep n)) (< 0 n)) (equal (equal (len x) n) (and (consp x) (equal (len (cdr x)) (1- n))))))
in-theory
(in-theory (disable equal-len-n))
equal-len-0theorem
(defthm equal-len-0 (equal (equal (len x) 0) (endp x)))
alt-occurrencestheorem
(defthm alt-occurrences (equal (occurrences pid l) (if (member-equal pid l) (1+ (occurrences pid (cdr (member-equal pid l)))) 0)) :rule-classes ((:definition :clique (occurrences) :controller-alist ((occurrences nil t)))))
occurrences-non-0-implies-member-equaltheorem
(defthm occurrences-non-0-implies-member-equal (implies (< 0 (occurrences pid l)) (member-equal pid l)))
len-partition-oracletheorem
(defthm len-partition-oracle (equal (len (partition-oracle pid l)) (1+ (occurrences pid l))))
len-proj-oracletheorem
(defthm len-proj-oracle (equal (len (proj-oracle pid s l)) (1+ (occurrences pid l))))
good-local-statepfunction
(defun good-local-statep (ls) (and (integerp (pcn ls)) (<= 0 (pcn ls)) (<= (pcn ls) 4) (integerp (binding 'old (regs ls))) (implies (equal (pcn ls) 2) (equal (1+ (binding 'old (regs ls))) (binding 'new (regs ls))))))
pida-invariantpfunction
(defun pida-invariantp (alist) (cond ((endp alist) (equal alist nil)) (t (and (consp (car alist)) (good-local-statep (cdar alist)) (pida-invariantp (cdr alist))))))
good-statepfunction
(defun good-statep (s) (and (pida-invariantp (pida s)) (integerp (ctr s)) (equal (code s) '((load old ctr) (incr new old) (cas ctr old new) (br new 1) (jump 0)))))
good-local-statep!theorem
(defthm good-local-statep! (implies (good-local-statep ls) (and (integerp (pcn ls)) (<= 0 (pcn ls)) (<= (pcn ls) 4) (integerp (binding 'old (regs ls))) (implies (equal (pcn ls) 2) (equal (1+ (binding 'old (regs ls))) (binding 'new (regs ls)))))) :rule-classes ((:type-prescription :corollary (implies (good-local-statep ls) (integerp (pcn ls)))) (:type-prescription :corollary (implies (good-local-statep ls) (integerp (binding 'old (regs ls))))) (:rewrite :corollary (implies (and (good-local-statep ls) (equal (pcn ls) 2)) (equal (binding 'new (regs ls)) (1+ (binding 'old (regs ls)))))) (:linear :corollary (implies (good-local-statep ls) (and (<= 0 (pcn ls)) (<= (pcn ls) 4))))))
pida-invariantp!theorem
(defthm pida-invariantp! (implies (and (pida-invariantp alist) (bound? pid alist)) (good-local-statep (binding pid alist))) :rule-classes :type-prescription)
pida-invariantp-bindtheorem
(defthm pida-invariantp-bind (implies (pida-invariantp alist) (equal (pida-invariantp (bind pid ls alist)) (good-local-statep ls))))
pcn-case-splittheorem
(defthm pcn-case-split (equal (nth pcn '((load old ctr) (incr new old) (cas ctr old new) (br new 1) (jump 0))) (case pcn (0 '(load old ctr)) (1 '(incr new old)) (2 '(cas ctr old new)) (3 '(br new 1)) (4 '(jump 0)) (otherwise (if (zp pcn) '(load old ctr) nil)))))
good-statep-msteptheorem
(defthm good-statep-mstep (implies (good-statep s) (good-statep (mstep pid s))) :hints (("Goal" :in-theory (enable mstep))))
good-statep-mruntheorem
(defthm good-statep-mrun (implies (good-statep s) (good-statep (mrun l s))))
ascendingpfunction
(defun ascendingp (us m) (declare (xargs :measure (acl2-count m))) (cond ((endp m) t) (t (and (integerp (binding 'ctr (car m))) (<= (binding 'ctr (umem us)) (binding 'ctr (car m))) (ascendingp (ustep us (car m)) (cdr m))))))
ctr-<=-ctr-msteptheorem
(defthm ctr-<=-ctr-mstep (implies (good-statep s) (<= (ctr s) (ctr (mstep pid s)))) :rule-classes :linear :hints (("Goal" :in-theory (enable mstep))))
integerp-ctr-msteptheorem
(defthm integerp-ctr-mstep (implies (good-statep s) (integerp (ctr (mstep pid s)))) :hints (("Goal" :in-theory (enable mstep))) :rule-classes (:rewrite :type-prescription))
preorder-projection-corollarytheorem
(defthm preorder-projection-corollary (implies (and (good-statep s) (processp pid s)) (ascendingp (proj pid s) (proj-oracle pid s l))) :hints (("Goal" :use ((:functional-instance preorder-projection (p good-statep) (r (lambda (mem1 mem2) (and (integerp (binding 'ctr mem2)) (<= (binding 'ctr mem1) (binding 'ctr mem2))))) (r-urunp ascendingp))))))
ascendingp-openertheorem
(defthm ascendingp-opener (equal (ascendingp us (cons mem m)) (and (integerp (binding 'ctr mem)) (<= (binding 'ctr (umem us)) (binding 'ctr mem)) (ascendingp (ustep us mem) m))) :hints (("goal" :in-theory (disable ustep))))
crux-lemmatheorem
(defthm crux-lemma (let ((m (list* m1 m2 m3 m4 m5 m6 m7 end))) (implies (and (endp end) (ascendingp us m) (good-local-statep (uls us)) (equal (ucode us) '((load old ctr) (incr new old) (cas ctr old new) (br new 1) (jump 0)))) (< (binding 'ctr (umem us)) (binding 'ctr (umem (urun us m)))))) :rule-classes nil :hints (("Goal" :cases ((equal (pcn (uls us)) 0) (equal (pcn (uls us)) 1) (equal (pcn (uls us)) 2) (equal (pcn (uls us)) 3) (equal (pcn (uls us)) 4)))))
good-u-statepfunction
(defun good-u-statep (us) (and (good-local-statep (uls us)) (equal (ucode us) '((load old ctr) (incr new old) (cas ctr old new) (br new 1) (jump 0)))))
cruxtheorem
(defthm crux (implies (and (equal (len m) 7) (ascendingp us m) (good-u-statep us)) (< (binding 'ctr (umem us)) (binding 'ctr (umem (urun us m))))) :rule-classes ((:rewrite :corollary (implies (and (equal (len m) 7) (equal mem (umem us)) (ascendingp us m) (good-u-statep us)) (< (binding 'ctr mem) (binding 'ctr (umem (urun us m))))))) :hints (("Goal" :do-not-induct t :use (:instance crux-lemma (m1 (car m)) (m2 (cadr m)) (m3 (caddr m)) (m4 (cadddr m)) (m5 (car (cddddr m))) (m6 (cadr (cddddr m))) (m7 (caddr (cddddr m))) (end (cdddr (cddddr m)))) :in-theory (set-difference-theories (enable equal-len-n) '(len umem ascendingp good-local-statep uls ucode urun urun-opener ascendingp-opener)))))
lemmatheorem
(defthm lemma (implies (and (good-statep s) (processp pid s) (equal 6 (occurrences pid l))) (< (ctr s) (ctr (mrun l s)))) :rule-classes nil :hints (("Goal" :do-not-induct t :in-theory (union-theories '(commutative-diagram-corollary) (disable proj proj-oracle good-local-statep ustep-is-mstep commutative-diagram)))))
cardinalityfunction
(defun cardinality (x) (if (endp x) 0 (if (member-equal (car x) (cdr x)) (cardinality (cdr x)) (1+ (cardinality (cdr x))))))
delete-allfunction
(defun delete-all (x l) (cond ((endp l) l) ((equal x (car l)) (delete-all x (cdr l))) (t (cons (car l) (delete-all x (cdr l))))))
acl2-count-delete-alltheorem
(defthm acl2-count-delete-all (<= (acl2-count (delete-all x l)) (acl2-count l)) :rule-classes :linear)
not-member-equal-delete-alltheorem
(defthm not-member-equal-delete-all (implies (not (member-equal x l)) (equal (delete-all x l) l)))
member-equal-delete-alltheorem
(defthm member-equal-delete-all (iff (member-equal x (delete-all y l)) (if (equal x y) nil (member-equal x l))))
choosefunction
(defun choose (n l) (cond ((endp l) nil) ((<= n (occurrences (car l) (cdr l))) (car l)) (t (choose n (delete-all (car l) (cdr l))))))
cardinality<=lentheorem
(defthm cardinality<=len (<= (cardinality x) (len x)) :rule-classes :linear)
weird-induction-hintfunction
(defun weird-induction-hint (l) (cond ((endp l) t) (t (weird-induction-hint (delete-all (car l) (cdr l))))))
in-theory
(in-theory (disable initial-subsequence-elim))
cardinality-delete-alltheorem
(defthm cardinality-delete-all (equal (cardinality (delete-all x l)) (if (member-equal x l) (1- (cardinality l)) (cardinality l))))
alt-cardinalitytheorem
(defthm alt-cardinality (equal (cardinality l) (if (endp l) 0 (1+ (cardinality (delete-all (car l) (cdr l)))))) :rule-classes ((:definition :clique (cardinality) :controller-alist ((cardinality t)))))
in-theory
(in-theory (disable cardinality-delete-all))
len-delete-alltheorem
(defthm len-delete-all (equal (len (delete-all x l)) (- (len l) (occurrences x l))))
occurrence-delete-alltheorem
(defthm occurrence-delete-all (equal (occurrences x (delete-all y l)) (if (equal x y) 0 (occurrences x l))))
pigeon-hole-principletheorem
(defthm pigeon-hole-principle (implies (and (integerp i) (<= 0 i) (< (* i (cardinality l)) (len l))) (< i (occurrences (choose i l) l))) :rule-classes :linear)
first-n-occurrencesfunction
(defun first-n-occurrences (n x l) (cond ((zp n) nil) ((endp l) l) ((equal x (car l)) (cons (car l) (first-n-occurrences (1- n) x (cdr l)))) (t (cons (car l) (first-n-occurrences n x (cdr l))))))
all-but-first-n-occurrencesfunction
(defun all-but-first-n-occurrences (n x l) (cond ((zp n) l) ((endp l) l) ((equal x (car l)) (all-but-first-n-occurrences (1- n) x (cdr l))) (t (all-but-first-n-occurrences n x (cdr l)))))
partition-after-first-ntheorem
(defthm partition-after-first-n (implies (<= n (occurrences x l)) (equal l (append (first-n-occurrences n x l) (all-but-first-n-occurrences n x l)))) :rule-classes nil)
all-bound?function
(defun all-bound? (l alist) (cond ((endp l) t) (t (and (bound? (car l) alist) (all-bound? (cdr l) alist)))))
all-bound?-implies-choose-boundtheorem
(defthm all-bound?-implies-choose-bound (implies (and (all-bound? l alist) (integerp n) (<= 0 n) (< n (occurrences (choose n l) l))) (bound? (choose n l) alist)))
pida-invariantp-msteptheorem
(defthm pida-invariantp-mstep (implies (good-statep s) (pida-invariantp (pida (mstep pid s)))) :hints (("Goal" :in-theory (disable good-statep-mstep) :use good-statep-mstep)))
ctr-<=-ctr-mruntheorem
(defthm ctr-<=-ctr-mrun (implies (good-statep s) (<= (ctr s) (ctr (mrun l s)))) :rule-classes :linear)
occurrences-first-n-occurrencestheorem
(defthm occurrences-first-n-occurrences (implies (and (integerp n) (<= 0 n) (<= n (occurrences x l))) (equal (occurrences x (first-n-occurrences n x l)) n)))
every-element-a-processpfunction
(defun every-element-a-processp (l s) (all-bound? l (pida s)))
theoremtheorem
(defthm theorem (implies (and (good-statep s) (every-element-a-processp l s) (< (* 5 (cardinality l)) (len l))) (< (ctr s) (ctr (mrun l s)))) :hints (("Goal" :in-theory (disable good-statep) :use ((:instance lemma (s s) (pid (choose 5 l)) (l (first-n-occurrences 6 (choose 5 l) l))) (:instance partition-after-first-n (n 6) (x (choose 5 l)) (l l))))))
pida0function
(defun pida0 (n) (cond ((zp n) nil) (t (cons (cons n (make-ls 0 '((old . 0) (new . 0)))) (pida0 (1- n))))))
n-processor-s0function
(defun n-processor-s0 (n mem) (make-mstate (pida0 n) mem '((load old ctr) (incr new old) (cas ctr old new) (br new 1) (jump 0))))
good-states-existtheorem
(defthm good-states-exist (implies (integerp (binding 'ctr mem)) (good-statep (n-processor-s0 n mem))))