1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
|
; Copyright (C) 2015, Regents of the University of Texas
; Written by Matt Kaufmann (October, 2015)
; License: A 3-clause BSD license. See the LICENSE file distributed with ACL2.
#||
This comment motivates the macro install-not-normalized, defined below.
;;; Eric Smith created the following example.
(defun return-nil (x) (declare (ignore x)) nil)
(defun foo (x) (return-nil x))
;Now we can't prove that foo equals its body in a theory that just includes foo:
(thm
(equal (foo x)
(return-nil x))
:hints (("Goal" :in-theory '(foo))))
;; Note that the defbodies property of foo no longer mentions return-nil, but
;; the unnormalized body of course does.
;;; This also fails:
(thm
(equal (foo x)
(return-nil x))
:hints (("Goal"
:expand ((foo x))
:in-theory (theory 'minimal-theory))))
;;; NEW (to be generated programmatically using make-event via new utility
;;; install-not-normalized, below):
(defthm foo$not-normalized
(equal (foo x) (return-nil x))
:rule-classes ((:definition :install-body t)))
; This succeeds.
(thm
(equal (foo x)
(return-nil x))
:hints (("Goal" :in-theory '(foo$not-normalized))))
; This succeeds.
(thm
(equal (foo x)
(return-nil x))
:hints (("Goal"
:expand ((foo x))
:in-theory (theory 'minimal-theory))))
||#
(in-package "ACL2")
(include-book "xdoc/top" :dir :system)
; For true-listp-all-fnnames:
(local (include-book "system/all-fnnames" :dir :system))
(defun install-not-normalized-name (name)
(declare (xargs :guard (symbolp name)))
(intern-in-package-of-symbol (concatenate 'string
(symbol-name name)
"$NOT-NORMALIZED")
name))
(defun install-not-normalized-fn-1 (name wrld clique defthm-name)
(declare (xargs :guard (and (symbolp name)
(symbolp defthm-name)
(plist-worldp wrld)
(symbol-listp clique))))
(let* ((formals (formals name wrld))
(body (getprop name 'unnormalized-body nil 'current-acl2-world wrld))
(defthm-name (or defthm-name
(install-not-normalized-name name)))
(controller-alist (let* ((def-bodies
(getprop name 'def-bodies nil
'current-acl2-world wrld))
(def-body ; (def-body name wrld)
(and (true-listp def-bodies)
(car def-bodies))))
(and (weak-def-body-p def-body) ; for guard proof
(access def-body def-body
:controller-alist))))
(cliquep (and clique
(pseudo-termp body) ; for guard proof
(intersectp-eq clique (all-fnnames body)))))
`((defthm ,defthm-name
(equal (,name ,@formals)
,body)
:hints (("Goal" :by ,name))
:rule-classes ((:definition :install-body t
,@(and cliquep
(list :clique
clique))
,@(and cliquep
controller-alist
(list :controller-alist
controller-alist)))))
(in-theory (disable ,name)))))
(defun install-not-normalized-fn-lst (fns wrld all-fns defthm-name-doublets)
(declare (xargs :guard (and (symbol-listp fns)
(symbol-listp all-fns)
(symbol-alistp defthm-name-doublets)
(doublet-listp defthm-name-doublets)
(symbol-listp (strip-cadrs defthm-name-doublets))
(plist-worldp wrld))))
(cond ((endp fns)
nil)
(t (append (install-not-normalized-fn-1
(car fns) wrld all-fns
(cadr (assoc-eq (car fns) defthm-name-doublets)))
(install-not-normalized-fn-lst
(cdr fns) wrld all-fns
defthm-name-doublets)))))
(defun install-not-normalized-fn (name wrld allp defthm-name)
(declare (xargs :guard (and (symbolp name)
(plist-worldp wrld))))
(let* ((ctx 'install-not-normalized)
(fns (getprop name 'recursivep nil 'current-acl2-world wrld))
(defthm-name-doublets
(and defthm-name
(cond ((symbolp defthm-name)
(list (list name defthm-name)))
((not (and (symbol-alistp defthm-name)
(doublet-listp defthm-name)
(symbol-listp
(strip-cadrs defthm-name))))
(er hard? ctx
"Illegal :defthm-name argument: ~x0"
defthm-name))
((and (true-listp fns) ; for guard; always true
(not (subsetp-eq (strip-cars defthm-name)
fns)))
(let ((bad (set-difference-eq (strip-cars defthm-name)
fns)))
(er hard? ctx
"Illegal :defthm-name argument: ~x0. The ~
name~#1~[~x1 is~/s ~&1 are~] bound in your ~
:defthm-name argument but not among the list of ~
candidate names, ~x2, for being given an ~
unnormalized definition."
defthm-name bad fns)))
(t defthm-name)))))
(cond
((symbol-listp fns) ; for guard verification
(install-not-normalized-fn-lst (or (and allp fns)
(list name))
wrld fns defthm-name-doublets))
(t (er hard? ctx
"Implementation error! Not a non-empty symbol-listp: ~x0"
fns)))))
(defmacro install-not-normalized (name &key (allp 't) defthm-name)
; Alessandro Coglio sent the following example, which failed until taking his
; suggestion to use encapsulate (originally we used progn) and call
; set-ignore-ok.
; (include-book "misc/install-not-normalized" :dir :system)
; (include-book "std/util/define" :dir :system)
; (define f (x) x)
; (install-not-normalized f) ; error
; The problem was that the DEFINE generated the term ((LAMBDA (__FUNCTION__ X)
; X) 'F X).
(declare (xargs :guard (and name (symbolp name))))
`(make-event
(list* 'encapsulate
()
'(set-ignore-ok t) ; see comment above
'(set-irrelevant-formals-ok t) ; perhaps not necessary, but harmless
(install-not-normalized-fn ',name (w state) ,allp ,defthm-name))))
(defun fn-is-body-name (name)
(declare (xargs :guard (symbolp name)))
(intern-in-package-of-symbol
(concatenate 'string (symbol-name name) "$IS-BODY")
name))
(defmacro fn-is-body (name &key hints thm-name rule-classes)
(declare (xargs :guard (and name (symbolp name))))
`(make-event
(let* ((name ',name)
(wrld (w state))
(formals (formals name wrld))
(body (getprop name 'unnormalized-body nil 'current-acl2-world wrld)))
(list* 'defthm
(or ',thm-name (fn-is-body-name name))
(list 'equal
(cons name formals)
body)
(append (and ',hints
(list :hints ',hints))
(list :rule-classes ',rule-classes))))))
(defxdoc install-not-normalized
:parents (proof-automation)
:short "Install an unnormalized definition"
:long "@({
General Form:
(install-not-normalized NAME :allp FLG :defthm-name DNAME-SPEC)
})
<p>We explain the arguments of @('install-not-normalized') below, but first
let us illustrate its use with an example.</p>
<p>By default, ACL2 simplifies definitions by ``normalizing'' their bodies;
see @(see normalize). If you prefer that ACL2 avoid such simplification when
expanding a function call, then you can assign the value of @('nil') to @(tsee
xargs) keyword @(':normalize') (see @(see defun)) instead of the default value
of @('t'). But that might not be a reasonable option, for example because the
definition in question occurs in an included book that you prefer not to edit.
An alternative is to call a macro, @('install-not-normalized').</p>
<p>Consider the following example from Eric Smith.</p>
@({
(defun return-nil (x) (declare (ignore x)) nil)
(defun foo (x) (return-nil x))
; Fails!
(thm (equal (foo x) (return-nil x))
:hints ((\"Goal\" :in-theory '(foo))))
; Also fails!
(thm (equal (foo x) (return-nil x))
:hints ((\"Goal\" :expand ((foo x))
:in-theory (theory 'minimal-theory))))
})
<p>The problem is that ACL2 stores @('nil') for the body of @('foo'), using
``type reasoning'' to deduce that @('return-nil') always returns the value,
@('nil'). So if @('foo') is the only enabled rule, then we are left trying to
prove that @('nil') equals @('(return-nil x)'). Of course, this example is
trivial to fix by enabling @('foo'); but we want to support development of
tools that leave @('foo') disabled for some reason.</p>
<p>To solve this problem, we can invoke @('(install-not-normalized foo)'),
which generates the following @(':')@(tsee definition) rule.</p>
@({
(DEFTHM FOO$NOT-NORMALIZED
(EQUAL (FOO X) (RETURN-NIL X))
:HINTS ((\"Goal\" :BY FOO))
:RULE-CLASSES ((:DEFINITION :INSTALL-BODY T)))
})
<p>Each of the following now succeeds. For the second, note that the rule
@('FOO$NOT-NORMALIZED') has installed a new body for @('FOO').</p>
@({
(thm (equal (foo x) (return-nil x))
:hints ((\"Goal\" :in-theory '(foo$not-normalized))))
(thm (equal (foo x) (return-nil x))
:hints ((\"Goal\"
:expand ((foo x))
:in-theory (theory 'minimal-theory))))
})
<p>Let us see some more example forms; then, we discuss the general form.</p>
@({
Example Forms:
(install-not-normalized NAME)
; Equivalent to the form above:
(install-not-normalized NAME :allp t)
; Generate a definition for NAME but not for others from its mutual-recursion:
(install-not-normalized NAME :allp nil)
; Give the name BAR to the new theorem:
(install-not-normalized NAME :defthm-name 'BAR)
; Give the name F1-DEF to the new theorem for F1 and
; give the name F2-DEF to the new theorem for F2:
(install-not-normalized NAME :defthm-name '((f1 f1-def) (f2 f1-def)))
General Form:
(install-not-normalized NAME :allp FLG :defthm-name DNAME-SPEC)
})
<p>where the keyword arguments are evaluated, but not @('NAME'), and:</p>
<ul>
<li>@('NAME') is the name of a function introduced by @(tsee defun) (or one of
its variants, including @(tsee defund) and @(tsee defun-nx)), possibly using
@(tsee mutual-recursion).</li>
<li>@('FLG') (if supplied) is a Boolean that is relevant only in the case that
@('NAME') was introduced using @('mutual-recursion'). When @('FLG') is nil, a
@(tsee defthm) event is to be introduced only for @('NAME'); otherwise, there
will be a new @('defthm') for every function defined with the same
@('mutual-recursion') as @('NAME').</li>
<li>@('DNAME-SPEC') (if supplied) is usually a symbol denoting the name of the
@('defthm') event to be introduced for @('NAME'), which is
@('NAME$NOT-NORMALIZED') by default — that is, the result of modifying
the @(tsee symbol-name) of @('F') by adding the suffix
@('\"$NOT-NORMALIZED\"'). Otherwise, of special interest when @('NAME') was
introduced with @('mutual-recursion'): @('DNAME-SPEC') is a list of doublets
of the form @('(F G)'), where @('F') is a symbol as described for @('NAME')
above, and the symbol @('G') is the name of the @('defthm') event generated
for the symbol @('F').</li>
</ul>
<p>Any such @('defthm') event has @(':')@(tsee rule-classes)
@('((:definition :install-body t))'), with suitable additional fields when
appropriate for keywords @(':clique') and @(':controller-alist'). To obtain
its default name programmatically:</p>
@({
ACL2 !>(install-not-normalized-name 'foo)
FOO$NOT-NORMALIZED
ACL2 !>
})
<p>For a somewhat related utility, see @(see fn-is-body).</p>
<p>For examples, see the Community Book
@('misc/install-not-normalized.lisp').</p>")
(defxdoc fn-is-body
:parents (proof-automation)
:short "Prove that a function called on its formals equals its body"
:long "@({
General Form:
(fn-is-body fn &key hints thm-name rule-classes)
})
<p>Evaluation of the form above generates a @(tsee defthm) event whose name is
@('thm-name') — by default, the result of adding the suffix \"$IS-BODY\"
to @('fn'), which is a function symbol. To obtain that name
programmatically:</p>
@({
ACL2 !>(fn-is-body-name 'foo)
FOO$IS-BODY
ACL2 !>
})
<p>That event is of the form @('(equal (fn x1 ... xn) <body>)'), where @('(x1
... xn)') is the list of formal parameters of @('fn') and @('<body>') is the
body of @('fn'). If @(':hints') or @(':rule-classes') are supplied, they will
be attached to the generated @('defthm') form.</p>
<p>For a somewhat related utility, see @(see install-not-normalized).</p>
<p>For examples, see the Community Book
@('misc/install-not-normalized.lisp').</p>")
|
