Verification of Parameterised FPGA Circuit Descriptions with Layout ...

CHAPTER 4. VERIFYING CIRCUIT LAYOUTS 76
Block operations and definitions in QuartzLayout are sufficiently powerful to allow the proofs
of some (functional) Quartz Laws, such as: fst A ; sndB = [A, B]. This kind of theorem can
be described in QuartzLayout as:
!! a b c d. Def ((a, b) ;;; fst $ A ;; snd $ B ;;; (c, d)) = Def ((a, b) ;;;
[[ A , B ]] ;;; (c, d))
(where “!!” is Isabelle’s meta-logic operator for universal quantification). This can be proved
using Isabelle’s simplifier to expand the definitions of parallel composition, fst and snd.
4.4.3 Expressions
HOL arithmetic expressions will be used to model Quartz expressions. The IntAlgebra theory
defines several additional operators that are required by Quartz but are not provided in
Isabelle/HOL - such as a greater-than ordering and a power function for integers. The
IntAlgebra theory also includes proofs of many useful theorems for re-arranging arithmetic
inequalities of the kinds that will be needed to reason about circuit layouts. Most of these
theorems can be proved easily using Isabelle’s simplifier, classical reasoner or arithmetic
decision procedure. Some particularly useful and simple theorems concern the max function:
Theorem 8 ∀ m n. n ≤ max n m
Theorem 9 ∀ f g n. n ≤ f ∨ n ≤ g ⇒ n ≤ max f g
Theorem 10 ∀ m n. 0 ≤ n ⇒ max(m + n) m = (m + n)
Proof Trivial, by expanding the definition of the max function. Mechanised proofs are
given in Appendix B.1 as theorems max nm nleq, max geq n disj and max xyge0.
Another theorem that is simple and extremely useful is:
Theorem 11 (0 ≤ a ∧ 0 ≤ b ∧ 0 ≤ c ∧ a ≤ b) ⇒ a ≤ (b + c)
Proof Trivial, given as theorem z aleq bc in Appendix B.1.