|
|
|---|
|
|
|
|---|
Correctness of the circuit.
Soundness is proved by expanding the existentially quantified boolean equality assertion predicate to the boolean equality and truth assertion predicates, using the correcness theorems of the latter two, and expanding all three specifications.
Completeness is proved also by expanding
the boolean equality and truth assertion predicates
and all the specifications,
but we we use the
The extension to the circuit is boilerplate.
Theorem:
(defthm boolean-assert-eq-pred-soundness (implies (and (primep prime) (pfield::fep x prime) (pfield::fep y prime) (bitp x) (bitp y)) (implies (boolean-assert-eq-pred x y prime) (boolean-assert-eq-spec x y prime))))
Theorem:
(defthm boolean-assert-eq-pred-completeness (implies (and (primep prime) (pfield::fep x prime) (pfield::fep y prime) (bitp x) (bitp y)) (implies (boolean-assert-eq-spec x y prime) (boolean-assert-eq-pred x y prime))))
Theorem:
(defthm boolean-assert-eq-pred-to-spec (implies (and (primep prime) (pfield::fep x prime) (pfield::fep y prime) (bitp x) (bitp y)) (equal (boolean-assert-eq-pred x y prime) (boolean-assert-eq-spec x y prime))))
Theorem:
(defthm boolean-assert-eq-circuit-to-spec (implies (and (equal (pfcs::lookup-definition (pfname "boolean_assert_eq") defs) (boolean-assert-eq-circuit)) (equal (pfcs::lookup-definition (pfname "boolean_assert_true") defs) (boolean-assert-true-circuit)) (equal (pfcs::lookup-definition (pfname "boolean_eq") defs) (boolean-eq-circuit)) (equal (pfcs::lookup-definition (pfname "boolean_neq") defs) (boolean-neq-circuit)) (equal (pfcs::lookup-definition (pfname "boolean_not") defs) (boolean-not-circuit)) (equal (pfcs::lookup-definition (pfname "boolean_xor") defs) (boolean-xor-circuit)) (primep prime) (pfield::fep x prime) (pfield::fep y prime) (bitp x) (bitp y)) (equal (pfcs::definition-satp (pfname "boolean_assert_eq") defs (list x y) prime) (boolean-assert-eq-spec x y prime))))