• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Community
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
    • Theories
    • Rule-classes
    • Proof-builder
    • Recursion-and-induction
    • Hons-and-memoization
    • Events
    • Parallelism
    • History
    • Programming
      • Defun
      • Declare
      • System-utilities
      • Stobj
      • State
      • Mutual-recursion
      • Memoize
      • Mbe
      • Io
      • Defpkg
      • Apply$
      • Loop$
      • Programming-with-state
      • Arrays
      • Characters
      • Time$
      • Defconst
      • Fast-alists
      • Defmacro
      • Loop$-primer
      • Evaluation
      • Guard
      • Equality-variants
      • Compilation
      • Hons
      • ACL2-built-ins
      • Developers-guide
      • System-attachments
      • Advanced-features
      • Set-check-invariant-risk
      • Numbers
      • Efficiency
      • Irrelevant-formals
      • Introduction-to-programming-in-ACL2-for-those-who-know-lisp
      • Redefining-programs
      • Lists
      • Invariant-risk
      • Errors
        • Er
        • Value-triple
        • Error-checking
          • Def-error-checker
          • Ensure-function/macro/lambda
          • Ensure-symbol-is-fresh-event-name
          • Ensure-function/lambda/term-number-of-results
          • Ensure-function/lambda-arity
          • Ensure-function/lambda-no-stobjs
          • Ensure-function/lambda-guard-verified-fns
          • Ensure-function-name-or-numbered-wildcard
          • Ensure-function/lambda-logic-mode
          • Ensure-function/lambda-closed
          • Ensure-value-is-untranslated-term
          • Ensure-function-number-of-results
          • Ensure-boolean-or-auto-and-return-boolean
          • Ensure-is-hints-specifier
          • Ensure-term-if-call
          • Ensure-value-is-not-in-list
            • Ensure-value-is-not-in-list$
          • Ensure-term-free-vars-subset
          • Ensure-symbol-new-event-name
          • Ensure-symbol-different
          • Ensure-function/lambda-guard-verified-exec-fns
          • Ensure-value-is-in-list
          • Ensure-list-subset
          • Ensure-function-no-stobjs
          • Ensure-function-known-measure
          • Ensure-term-not-call-of
          • Ensure-lambda-guard-verified-fns
          • Ensure-term-guard-verified-fns
          • Ensure-term-does-not-call
          • Ensure-lambda-logic-mode
          • Ensure-lambda-arity
          • Ensure-function-singly-recursive
          • Ensure-function-is-pure-if-raw
          • Ensure-function-arity
          • Ensure-term-no-stobjs
          • Ensure-term-logic-mode
          • Ensure-list-functions
          • Ensure-keyword-value-list
          • Ensure-function-program-mode
          • Ensure-function-non-recursive
          • Ensure-function-is-logic-mode
          • Ensure-function-is-guard-verified
          • Ensure-function-is-defined
          • Ensure-value-is-legal-variable-name
          • Ensure-value-is-function-name
          • Ensure-value-is-constant-name
          • Ensure-term-ground
          • Ensure-symbol-truelist-alist
          • Ensure-symbol-not-stobj
          • Ensure-symbol-function
          • Ensure-list-has-no-duplicates
          • Ensure-lambda-closed
          • Ensure-function-recursive
          • Ensure-function-name-list
          • Ensure-function-has-args
          • Ensure-value-is-true-list
          • Ensure-value-is-symbol-list
          • Ensure-tuple
          • Ensure-symbol-not-keyword
          • Ensure-defun-mode-or-auto
          • Ensure-value-is-symbol
          • Ensure-value-is-string
          • Ensure-value-is-boolean
          • Ensure-symbol-alist
          • Ensure-string-or-nil
          • Ensure-doublet-list
          • Ensure-defun-mode
          • Ensure-constant-name
          • Ensure-boolean-or-auto
          • Ensure-value-is-nil
          • Ensure-function-not-in-termination-thm
          • Ensure-lambda-guard-verified-exec-fns
          • Ensure-term-guard-verified-exec-fns
        • Error-triple
        • Assert-event
        • Set-warnings-as-errors
        • Hard-error
        • Set-inhibit-er
        • Must-fail
        • Assert!-stobj
        • Error1
        • Breaks
        • Must-eval-to
        • Ctx
        • Ctxp
        • Assert!
        • Must-succeed
        • Assert$
        • Illegal
        • Er-progn
        • Er-hard
        • Must-succeed*
        • Toggle-inhibit-er
        • Er-soft+
        • Break$
        • Assert*
        • Assert?
        • Er-soft-logic
        • Er-hard?
        • Must-fail-with-soft-error
        • Must-fail-with-hard-error
        • Must-fail-with-error
        • Must-eval-to-t
        • Er-soft
        • Convert-soft-error
        • Toggle-inhibit-er!
        • Set-inhibit-er!
        • Must-prove
        • Must-not-prove
        • Must-fail!
        • Must-be-redundant
        • Must-succeed!
        • Must-fail-local
        • Assert-equal
      • Defabbrev
      • Conses
      • Alists
      • Set-register-invariant-risk
      • Strings
      • Program-wrapper
      • Get-internal-time
      • Basics
      • Packages
      • Oracle-eval
      • Defmacro-untouchable
      • <<
      • Primitive
      • Revert-world
      • Unmemoize
      • Set-duplicate-keys-action
      • Symbols
      • Def-list-constructor
      • Easy-simplify-term
      • Defiteration
      • Fake-oracle-eval
      • Defopen
      • Sleep
    • Operational-semantics
    • Real
    • Start-here
    • Miscellaneous
    • Output-controls
    • Bdd
    • Macros
    • Installation
    • Mailing-lists
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
  • Math
  • Testing-utilities

• Error-checking

Ensure-value-is-not-in-list

Cause an error if a value is a member of a list.

Signature

(ensure-value-is-not-in-list x list list-description description 
                             error-erp error-val ctx state) 
 
  → 
(mv erp val state)

Arguments

x — Value to check.

list — List that must not include x as member.
    Guard (true-listp list).

list-description — Description of list for the error message.
    Guard (msgp list-description).

description — Guard (msgp description).

error-erp — Flag to return in case of error.

error-val — Value to return in case of error.

ctx — Context for errors.

Returns

erp — Type (implies erp (equal erp error-erp)).

val — Type (and (implies erp (equal val error-val)) (implies (and (not erp) error-erp) (not val))) .

Definitions and Theorems

Function: ensure-value-is-not-in-list

(defun ensure-value-is-not-in-list
       (x list list-description description
          error-erp error-val ctx state)
  (declare (xargs :stobjs (state)))
  (declare (xargs :guard (and (true-listp list)
                              (msgp list-description)
                              (msgp description))))
  (b* (((when (member-equal x list))
        (er-soft+ ctx error-erp error-val
                  "~@0 must not be ~@1, but it is."
                  description list-description)))
    (value nil)))

Theorem: return-type-of-ensure-value-is-not-in-list.erp

(defthm return-type-of-ensure-value-is-not-in-list.erp
 (b*
  (((mv ?erp ?val ?state)
    (ensure-value-is-not-in-list x list list-description description
                                 error-erp error-val ctx state)))
  (implies erp (equal erp error-erp)))
 :rule-classes :rewrite)

Theorem: return-type-of-ensure-value-is-not-in-list.val

(defthm return-type-of-ensure-value-is-not-in-list.val
 (b*
  (((mv ?erp ?val ?state)
    (ensure-value-is-not-in-list x list list-description description
                                 error-erp error-val ctx state)))
  (and (implies erp (equal val error-val))
       (implies (and (not erp) error-erp)
                (not val))))
 :rule-classes :rewrite)

Subtopics

Ensure-value-is-not-in-list$

Calls ensure-value-is-not-in-list with ctx and state as the last two arguments.