|
|
|---|
|
|
|
|---|
Error theorems about execution.
These theorems say that if the execution of a sub-construct yields an error, so does the execution of the super-construct.
Transformations use these theorems in proof generation to actually show that if the super-construct does not yield an error, neither do its sub-constructs.
The theorem
Theorem:
(defthm expr-unary-errors (implies (c::errorp (mv-nth 0 (c::exec-expr arg compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-unary op arg) compst fenv limit)))))
Theorem:
(defthm expr-cast-errors (implies (c::errorp (mv-nth 0 (c::exec-expr arg compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-cast tyname arg) compst fenv limit)))))
Theorem:
(defthm expr-binary-pure-strict-errors (b* (((mv eval1 compst1) (c::exec-expr arg1 compst fenv (1- limit))) ((mv eval2 &) (c::exec-expr arg2 compst1 fenv (1- limit)))) (implies (and (c::binop-strictp op) (c::binop-purep op) (or (c::errorp eval1) (c::errorp eval2))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-binary op arg1 arg2) compst fenv limit))))))
Theorem:
(defthm expr-binary-logand-first-errors (implies (c::errorp (mv-nth 0 (c::exec-expr arg1 compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-binary (c::binop-logand) arg1 arg2) compst fenv limit)))))
Theorem:
(defthm expr-binary-logand-second-errors (b* (((mv eval compst1) (c::exec-expr arg1 compst fenv (1- limit)))) (implies (and (not (c::errorp eval)) (c::type-nonchar-integerp (c::type-of-value (c::expr-value->value eval))) (c::test-value (c::expr-value->value eval)) (c::errorp (mv-nth 0 (c::exec-expr arg2 compst1 fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-binary (c::binop-logand) arg1 arg2) compst fenv limit))))))
Theorem:
(defthm expr-binary-logor-first-errors (implies (c::errorp (mv-nth 0 (c::exec-expr arg1 compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-binary (c::binop-logor) arg1 arg2) compst fenv limit)))))
Theorem:
(defthm expr-binary-logor-second-errors (b* (((mv eval compst1) (c::exec-expr arg1 compst fenv (1- limit)))) (implies (and (not (c::errorp eval)) (c::type-nonchar-integerp (c::type-of-value (c::expr-value->value eval))) (not (c::test-value (c::expr-value->value eval))) (c::errorp (mv-nth 0 (c::exec-expr arg2 compst1 fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-binary (c::binop-logor) arg1 arg2) compst fenv limit))))))
Theorem:
(defthm expr-binary-asg-errors (implies (or (c::errorp (mv-nth 0 (c::exec-expr (c::expr-ident var) compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-expr expr compst fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-binary (c::binop-asg) (c::expr-ident var) expr) compst fenv limit)))))
Theorem:
(defthm expr-cond-test-errors (implies (c::errorp (mv-nth 0 (c::exec-expr test compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-cond test then else) compst fenv limit)))))
Theorem:
(defthm expr-cond-then-errors (b* (((mv eval compst1) (c::exec-expr test compst fenv (1- limit)))) (implies (and (not (c::errorp eval)) (c::type-nonchar-integerp (c::type-of-value (c::expr-value->value eval))) (c::test-value (c::expr-value->value eval)) (c::errorp (mv-nth 0 (c::exec-expr then compst1 fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-cond test then else) compst fenv limit))))))
Theorem:
(defthm expr-cond-else-errors (b* (((mv eval compst1) (c::exec-expr test compst fenv (1- limit)))) (implies (and (not (c::errorp eval)) (c::type-nonchar-integerp (c::type-of-value (c::expr-value->value eval))) (not (c::test-value (c::expr-value->value eval))) (c::errorp (mv-nth 0 (c::exec-expr else compst1 fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-expr (c::expr-cond test then else) compst fenv limit))))))
Theorem:
(defthm initer-single-errors (implies (c::errorp (mv-nth 0 (c::exec-expr expr compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-initer (c::initer-single expr) compst fenv limit)))))
Theorem:
(defthm stmt-expr-errors (implies (c::errorp (mv-nth 0 (c::exec-expr expr compst fenv (- limit 1)))) (c::errorp (mv-nth 0 (c::exec-stmt (c::stmt-expr expr) compst fenv limit)))))
Theorem:
(defthm stmt-return-errors (implies (and expr (c::errorp (mv-nth 0 (c::exec-expr expr compst fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-stmt (c::stmt-return expr) compst fenv limit)))))
Theorem:
(defthm stmt-if-test-errors (implies (c::errorp (mv-nth 0 (c::exec-expr test compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-stmt (c::stmt-if test then) compst fenv limit)))))
Theorem:
(defthm stmt-if-then-errors (b* (((mv test-eval compst1) (c::exec-expr test compst fenv (1- limit)))) (implies (and (not (c::errorp test-eval)) (c::type-nonchar-integerp (c::type-of-value (c::expr-value->value test-eval))) (c::test-value (c::expr-value->value test-eval)) (c::errorp (mv-nth 0 (c::exec-stmt then compst1 fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-stmt (c::stmt-if test then) compst fenv limit))))))
Theorem:
(defthm stmt-ifelse-test-errors (implies (c::errorp (mv-nth 0 (c::exec-expr test compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-stmt (c::stmt-ifelse test then else) compst fenv limit)))))
Theorem:
(defthm stmt-ifelse-then-errors (b* (((mv test-eval compst1) (c::exec-expr test compst fenv (1- limit)))) (implies (and (not (c::errorp test-eval)) (c::type-nonchar-integerp (c::type-of-value (c::expr-value->value test-eval))) (c::test-value (c::expr-value->value test-eval)) (c::errorp (mv-nth 0 (c::exec-stmt then compst1 fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-stmt (c::stmt-ifelse test then else) compst fenv limit))))))
Theorem:
(defthm stmt-ifelse-else-errors (b* (((mv test-eval compst1) (c::exec-expr test compst fenv (1- limit)))) (implies (and (not (c::errorp test-eval)) (c::type-nonchar-integerp (c::type-of-value (c::expr-value->value test-eval))) (not (c::test-value (c::expr-value->value test-eval))) (c::errorp (mv-nth 0 (c::exec-stmt else compst1 fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-stmt (c::stmt-ifelse test then else) compst fenv limit))))))
Theorem:
(defthm stmt-compound-errors (implies (c::errorp (mv-nth 0 (c::exec-block-item-list items (c::enter-scope compst) fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-stmt (c::stmt-compound items) compst fenv limit)))))
Theorem:
(defthm decl-decl-errors (b* ((declor (c::obj-declor-ident var)) (declon (c::obj-declon (c::scspecseq-none) tyspecs declor initer))) (implies (and initer (c::errorp (mv-nth 0 (c::exec-initer initer compst fenv (1- limit))))) (c::errorp (c::exec-obj-declon declon compst fenv limit)))))
Theorem:
(defthm block-item-stmt-errors (implies (c::errorp (mv-nth 0 (c::exec-stmt stmt compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-block-item (c::block-item-stmt stmt) compst fenv limit)))))
Theorem:
(defthm block-item-decl-errors (implies (c::errorp (c::exec-obj-declon declon compst fenv (1- limit))) (c::errorp (mv-nth 0 (c::exec-block-item (c::block-item-declon declon) compst fenv limit)))))
Theorem:
(defthm block-item-list-cons-first-errors (implies (c::errorp (mv-nth 0 (c::exec-block-item item compst fenv (1- limit)))) (c::errorp (mv-nth 0 (c::exec-block-item-list (cons item items) compst fenv limit)))))
Theorem:
(defthm block-item-list-cons-rest-errors (b* (((mv sval compst1) (c::exec-block-item item compst fenv (1- limit)))) (implies (and (not (c::errorp sval)) (equal (c::stmt-value-kind sval) :none) (c::errorp (mv-nth 0 (c::exec-block-item-list items compst1 fenv (1- limit))))) (c::errorp (mv-nth 0 (c::exec-block-item-list (cons item items) compst fenv limit))))))