The FM 8501 microprocessor used to be invented as a favourite microprocessor a little bit just like a PDP-11. The important proposal of the FM 8501 attempt used to be to determine if it was once attainable to specific the user-level specification and the layout implementation utilizing a proper good judgment, the Boyer-Moore common sense; this method accepted an entire robotically checked evidence that the FM 8501 implementation absolutely applied its specification. The implementation version for the FM 8501 used to be insufficient for business layout however the attempt was once a tremendous step within the evolution to the layout verification method now hired through the author.

The unique model of this monograph used to be submitted as a dissertation on the college of Texas at Austin less than the advisorship of R. Boyer and J. Moore.

Shown below are functions for converting integers into two's complement bit-vectors and back again. 2. I N T E G E R N U M B E R R E P R E S E N T A T I O N 25 (defn compl (x) (if (bitvp x) (if (equal x (btm)) (btm) (bitv (not (bit x)) (compl (vec x)))) (btm))) (defn incr (c x) (if (bitvp x) (if (equal x (btm)) (btm) (bitv (xor c (bit x)) (incr (and c (bit x)) (vec x)))) (btm))) (defn bitn (x n) (if (zerop n) f (if (equal n i) (bit x) (bitn (vec x) (subl n ) ) ) ) ) (defn tc-to-bv (x size) (if (negativep x) (incrt (compl (nat-to-bv (negative-guts x) size))) (nat-to-by x size))) (defn bv-to-tc (x) (if (bitn x (size x)) (minus (bv-to-nat (incrt (by-to-nat x) ) ) (compl x)))) T h e f u n ct i o n s co m p l and i n c r c o m p l e m e n t a b i t - v e c t o r a n d i n c r e m e n t a bitvector respectively.

If they are not bit-vectors or are empty we return the 1-bit wide vector containing the carry input c. Otherwise, we create a new bit-vector with b i t v . The least significant bit is generated by exclusive or'ing together the input carry and the least significant bits of a and b. The rest of the vector is obtained by recursively adding the other bits in a and b with an input carry computed combinationally as the majority function of the bits just exclusive or'ed. Assuming (and ( s i z e p a 4) ( s i z e p b 4) ( b o o l p c ) ) we can prove that the natural number represented by ( b y - a d d e r f a b) is the mathematical sum of those represented by a and b.

The function b y - t o - n a t converts a bit-vector into a natural number. The length of the bit-vector is immaterial. The following two lemmas describe the relationship of composing the above functions. In the Boyer-Moore theorem-proving system, a p r o v e - l e m m a is a request for the system to prove a statement within the logic. If the l e m m a can be proved, knowledge concerning the l e m m a is added to the theorem-prover database. This knowledge can be used later, when the theorem-prover is invoked with another request.