|
|
|---|
|
|
|
|---|
Correctness of the circuit.
Soundness is proved by expanding the predicate and specification,
as well as
Completeness is proved by expanding all the specifications,
the correctness theorems for the called circuits,
and using the
The extension to the circuit is boilerplate.
Theorem:
(defthm field-div-flagged-soundness (implies (and (primep prime) (pfield::fep x prime) (pfield::fep y prime) (pfield::fep z prime) (pfield::fep e prime)) (implies (field-div-flagged-pred x y z e prime) (field-div-flagged-spec x y z e prime))))
Theorem:
(defthm field-div-flagged-completeness (implies (and (primep prime) (pfield::fep x prime) (pfield::fep y prime) (pfield::fep z prime) (pfield::fep e prime)) (implies (field-div-flagged-spec x y z e prime) (field-div-flagged-pred x y z e prime))))
Theorem:
(defthm field-div-flagged-pred-to-spec (implies (and (primep prime) (pfield::fep x prime) (pfield::fep y prime) (pfield::fep z prime) (pfield::fep e prime)) (equal (field-div-flagged-pred x y z e prime) (field-div-flagged-spec x y z e prime))))
Theorem:
(defthm field-div-flagged-circuit-to-spec (implies (and (equal (pfcs::lookup-definition (pfname "field_div_flagged") defs) (field-div-flagged-circuit)) (primep prime) (pfield::fep x prime) (pfield::fep y prime) (pfield::fep z prime) (pfield::fep e prime)) (equal (pfcs::definition-satp (pfname "field_div_flagged") defs (list x y z e) prime) (field-div-flagged-spec x y z e prime))))