# Introduction to ACL2

## Basic Function Definitions

Definitions in ACL2 (like everything else in ACL2) are expressions. In languages like C++ or Java, when you define a function, you are describing a process for computing the answer. But in ACL2, what you write down is an expression that is the value you have in mind. This is much closer to the way functions are defined in math. For example, here is a function of the sort high school students investigate in algebra:

$$f(x) = 3x^2 + 8x + 12$$

Notice the definition is given by equality: $f(x)$ really **is the same as** $3x^2 + 8x + 12$. In ACL2, you define functions using the pattern

    (defun name (arg1 arg2 ... argn)
      ...expression...)

And this has the meaning

    (name arg1 arg2 ... argn) = ...expression...

Notice the similarity with the mathematical definition. In fact, here is the definition of that function in ACL2. You should submit it to ACL2 by running the next cell in this Jupyter notebook.


In [15]:
(defun f (x)
    (+ (* 3 x x) (* 8 x) 12))

ACL2S !>>(DEFUN F (X) (+ (* 3 X X) (* 8 X) 12))

The event ( DEFUN F ...) is redundant.  See :DOC redundant-events.

Summary
Form:  ( DEFUN F ...)
Rules: NIL
Time:  0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
 :REDUNDANT



When you submit this definition to ACL2, you should see output similar to the following:

    Since F is non-recursive, its admission is trivial.  We observe that
    the type of F is described by the theorem (ACL2-NUMBERP (F X)).  We
    used primitive type reasoning.

    Summary
    Form:  ( DEFUN F ...)
    Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL))
    Time:  0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
     F

The first paragraph tells you that ACL2 is very confident that this function will always terminate, since it's not recursive (so it doesn't have any loops, so it can't have an infinite loop.) ACL2 will not let you define functions unless it's sure that they always terminate, and this first paragraph tells you why it thinks your function is well-defined or if it disagrees. This is one place where people run into problems when they start using ACL2, so be careful.

The Summary section just tells you what ACL2 did. It defined a function called `F`, it did so in 0.00 seconds (rounded), and the result of executing this is the new function `F`. (If you love details, you probably noticed the extra space before the `F` in the last line of the output. That space is not a typo; it is there to let you know that this is the value returned by the definition. Remember, everything is an expression, so even function definitions have values.)

After defining the function, you can use it just like any of the ACL2 built-in functions. Go ahead and use the function $f$ defined above to find
* $f(1)$
* $f(0)$
* $f(10)$

In [3]:
(f 1)
(f 0)
(f 10)

ACL2S !>>(F 1)
23
ACL2S !>>(F 0)
12
ACL2S !>>(F 10)
392



## Aside on Function and Variable Names

The definition above has the "variable" `x` and several function names:
* `f`, the function being defined
* '+' and '*', functions used in the body of the definition

As you can see, ACL2 allows many more characters in names than languages like Java or Python. In fact, all of these names are valid in ACL2:
* `fred`
* `sally`
* `fred&sally`
* `fred-and-sally`
* `one-and-done`
* `1-and-done`
* `*-and-+-are-commutative`
* `but-/-and---are-not`
* `1+`

In fact, the last name is a built-in ACL2 function that adds one to its argument, e.g., `(1+ 3) = 4`. 

> It may seem strange at first that `x-y` is a single variable name instead of an arithmetic expression. Take a moment now to make peace with this fact, so it doesn't confuse you later :-)

## "Variables" in ACL2

What can we say about the `x` in this expression:

    (+ (* 3 x x) (* 8 x) 12)

It plays the same role as `x` in other programming languages, so we usually call it a *variable*. Like variables in other programming languages, `x` can have a value. But unlike other programming languages, ACL2 does not have assignment statements, so there is no way to set the value of `x`! This may seem strange, at first, so take a moment to let that sink in: ***There is no way to change the value of any variable in ACL2.***

How does `x` ever get a value, then? The answer is that variables only(*) appear in function definitions. The expression above appeared in the definition of `f`:

    (defun f (x)
        (+ (* 3 x x) (* 8 x) 12))

When ACL2 is evaluating `(f 3)`, the variable `x` has the value 3. When ACL2 evaluates `(f 10)`, the variable `x` has the value 10. There is no way to change the value of `x`. It is initialized when the function is called, and the value is fixed until the function returns, after which the variable `x` ceases to exist. This is actually how *parameters* behave in languages like C++ or Java, so when you think of "variables" in ACL2 try to think about "parameters" instead.

(*) OK, that's not entirely true. There are other places where variables can be defined, but the main point is still true, namely that a variable is initialized with a value, but after that the value never changes.

## Some Common Errors

Of course, when you define a function, many things can go wrong. For instance, consider the following definition, where the variable `x` was misspelled. Try submitting that to ACL2.

In [9]:
(defun bad-f (x)
    (+ (* 3 x x) (* 8 y) 12))

ACL2S !>>(DEFUN BAD-F (X)
                (+ (* 3 X X) (* 8 Y) 12))


ACL2 Error in ( DEFUN BAD-F ...):  The body of BAD-F contains a free
occurrence of the variable symbol Y.


Summary
Form:  ( DEFUN BAD-F ...)
Rules: NIL
Time:  0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)

ACL2 Error in ( DEFUN BAD-F ...):  See :DOC failure.

******** FAILED ********


When you submit this definition, ACL2 will respond with something like this:

    ACL2 Error in ( DEFUN BAD-F ...):  The body of BAD-F contains a free
    occurrence of the variable symbol Y.


    Summary
    Form:  ( DEFUN BAD-F ...)
    Rules: NIL
    Time:  0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)

    ACL2 Error in ( DEFUN BAD-F ...):  See :DOC failure.

    ******** FAILED ********

This time, the first paragraph is an error message letting you know something went wrong. If you read the error message, you see that the problem is "a free occurrence of the variable symbol Y". What does it mean to be "free"? This means that the symbol Y is never defined. A Java compiler may have complained that the variable Y is undefined in this exact situation.

Here's another bad function definition. Try submitting it to ACL2 and see if the error message tells you what went wrong.

In [10]:
(defun bad-f (x)
    (+ (* 3 x x) (^ 8 x) 12))

ACL2S !>>(DEFUN BAD-F (X)
                (+ (* 3 X X) (^ 8 X) 12))


ACL2 Error in ( DEFUN BAD-F ...):  The symbol ^ (in package "ACL2S")
has neither a function nor macro definition in ACL2.  Please define
it.  See :DOC near-misses.  Note:  this error occurred in the context
(^ 8 X).


Summary
Form:  ( DEFUN BAD-F ...)
Rules: NIL
Time:  0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)

ACL2 Error in ( DEFUN BAD-F ...):  See :DOC failure.

******** FAILED ********


The error message in the first paragraph says something like

    ACL2 Error in ( DEFUN BAD-F ...):  The symbol ^ (in package "ACL2S")
    has neither a function nor macro definition in ACL2.  Please define
    it.  See :DOC near-misses.  Note:  this error occurred in the context
    (^ 8 X).

This is complaining about the symbol "^", which it says has "neither a function nor macro definition in ACL2". This is just like the previous case. The program is using "^", but this is not declared anywhere. It's like calling a function that is not defined. 

> Note that ACL2 can tell if an undefined symbol is a variable or a function symbol. It's an undefined function if it's used right after a left parnthesis as in `(unknown-symbol a b c)`. It's an undefined variable if it's used anywhere elser, as in `(f a unknown-symbol c)`.


Another problem that crops up is that ACL2 does not let you redefine a function. Once you give a definition for `f`, you can't give a new definition, even to fix a bug. For example, try to enter the following definition for `f`:

In [16]:
(defun f (x)
    (+ (* 5 x x) (* 8 x) 12))

ACL2S !>>(DEFUN F (X) (+ (* 5 X X) (* 8 X) 12))


ACL2 Error in ( DEFUN F ...):  The name F is in use as a function.
Note that the proposed body for F,

(+ (* 5 X X) (* 8 X) 12),

differs from the existing body,

(+ (* 3 X X) (* 8 X) 12).

The redefinition feature is currently off.  See :DOC ld-redefinition-
action.


Note: F was previously defined at the top level.


Summary
Form:  ( DEFUN F ...)
Rules: NIL
Time:  0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)

ACL2 Error in ( DEFUN F ...):  See :DOC failure.

******** FAILED ********


Notice how ACL2 tells you that this definition is attempting to override a previous definition. To avoid this, you should take a snapshot of the code *before* defining the function. Consider the following definition and subsequent redefinition of `g`:

In [21]:
(defsnapshot define-g)
(defun g (x)
  (+ 1 x))
  
(defun h (x)
  (+ 2 x))
  
(defsnapshot define-g)
(defun g (x)
  (+ 3 x))

ACL2S !>>(DEFSNAPSHOT DEFINE-G)


ACL2 Error in TOP-LEVEL:  The symbol DEFSNAPSHOT (in package "ACL2S")
has neither a function nor macro definition in ACL2.  Please define
it; or perhaps you meant ACL2::DEFSNAPSHOT, which has the same name
but is in a different package.  See :DOC near-misses.  Note:  this
error occurred in the context (DEFSNAPSHOT DEFINE-G).



Notice that this time ACL2 lets you redefine `g`. But beware! This only works because ACL2 took a snapshot of the world before the (first) definition of `g`, so any other functions that you defined in between will be lost. In particular, the function `h` will not be defined at the end of the code above.

## Exercise

Now, use ACL2 to define the function `(discr a b c)` which is defined by the formula

$$discr(a, b, c) = b^2 - 4ac$$

Hint: Don't forget to take a snapshot, just in case you have to debug your function.


In [12]:
(defun discr (a b c)
  (- (* b b) (* 4 a c)))

ACL2S !>>(DEFUN DISCR (A B C)
                (- (* B B) (* 4 A C)))

Since DISCR is non-recursive, its admission is trivial.  We observe
that the type of DISCR is described by the theorem 
(ACL2-NUMBERP (DISCR A B C)).  We used primitive type reasoning.

Summary
Form:  ( DEFUN DISCR ...)
Rules: ((:FAKE-RUNE-FOR-TYPE-SET NIL))
Time:  0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
 DISCR



You may recognize $discr(a, b, c)$ as the funciton that computes the discriminant of the quadratic function $ax^2 + bx + c$. This can be used to determine if the quadratic equation has 0, 1, or 2 roots according to the rule
* 0, if the discriminant is negative
* 1, if the discriminant is equal to 0
* 2, if the discriminant is positive

Define the ACL2 function $nroots(a, b, c)$ that returns the number of roots in $ax^2 + bx + c$. Your function can (and should) call the $discr(a, b, c)$ function defined previously.

Use this function to find the number of roots of the following equations:
* $x^2 - 1$
* $x^2 + 1$
* $x^2 + 2x +1$

Hint: Remember that snapshots are your friend.

In [14]:
(defun nroots (a b c)
  (if (< (discr a b c) 0)
      0
      (if (= (discr a b c) 0)
          1
          2)))

(nroots 1 0 -1)
(nroots 1 0 1)
(nroots 1 2 1)

ACL2S !>>(DEFUN NROOTS (A B C)
                (IF (< (DISCR A B C) 0)
                    0 (IF (= (DISCR A B C) 0) 1 2)))

The event ( DEFUN NROOTS ...) is redundant.  See :DOC redundant-events.

Summary
Form:  ( DEFUN NROOTS ...)
Rules: NIL
Time:  0.00 seconds (prove: 0.00, print: 0.00, other: 0.00)
 :REDUNDANT
ACL2S !>>(NROOTS 1 0 -1)
2
ACL2S !>>(NROOTS 1 0 1)
0
ACL2S !>>(NROOTS 1 2 1)
1

