• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Community
  • Std
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
    • Kestrel-books
      • Crypto-hdwallet
      • Apt
      • Error-checking
      • Fty-extensions
      • Isar
      • Kestrel-utilities
      • Set
      • C
        • Syntax-for-tools
          • Formalized-subset
          • Mapping-to-language-definition
          • Input-files
          • Compilation-database
          • Printer
          • Output-files
          • Abstract-syntax-operations
          • Implementation-environments
          • Abstract-syntax
          • Concrete-syntax
          • Disambiguation
          • Validation
            • Validator
            • Validation-information
              • Abstract-syntax-annop
              • Types
              • Abstract-syntax-anno-additional-theroems
              • Valid-ext-info
              • Valid-table
              • Valid-ord-info
              • Uid
              • Stmts-types
              • Lifetime
              • Init-declor-info
              • Fundef-types
              • Expr-type
              • Valid-defstatus
              • Var-info
              • Valid-ord-info-option
              • Valid-ext-info-option
              • Uid-option
              • Linkage-option
              • Linkage
              • Lifetime-option
              • Valid-table-option
              • Iconst-info
              • Param-declor-nonabstract-info
              • Fundef-info
              • Expr-null-pointer-constp
              • Valid-scope
              • Const-expr-null-pointer-constp
              • Expr-string-info
              • Expr-funcall-info
              • Expr-arrsub-info
              • Tyname-info
              • Transunit-info
              • Expr-unary-info
              • Expr-const-info
              • Expr-binary-info
              • Stmt-types
              • Block-item-list-types
              • Initer-type
              • Valid-ord-scope
              • Uid-increment
              • Uid-equal
              • Coerce-var-info
              • Valid-externals
              • Irr-var-info
              • Valid-scope-list
              • Irr-valid-table
              • Irr-lifetime
              • Irr-uid
              • Irr-linkage
              • Block-item-types
              • Comp-stmt-types
          • Gcc-builtins
          • Preprocessing
          • Parsing
        • Atc
        • Transformation-tools
        • Language
        • Representation
        • Insertion-sort
        • Pack
      • Soft
      • Bv
      • Imp-language
      • Ethereum
      • Event-macros
      • Java
      • Riscv
      • Bitcoin
      • Zcash
      • Yul
      • ACL2-programming-language
      • Prime-fields
      • Json
      • Syntheto
      • File-io-light
      • Cryptography
      • Number-theory
      • Axe
      • Lists-light
      • Builtins
      • Solidity
      • Helpers
      • Htclient
      • Typed-lists-light
      • Arithmetic-light
    • X86isa
    • Axe
    • Execloader
  • Math
  • Testing-utilities

• Validation-information

Fundef-types

Types of the values returned by a function, from the validation information.

Signature

(fundef-types fundef) → types

Arguments

fundef — Guard (fundefp fundef).

Returns

types — Type (type-setp types).

The set of possible types returned by the function is the set of possible types returned by the body, roughly speaking. More precisely, the latter is a set of optional types, where nil means that the body terminates without a return. For a function, this is equivalent to a return without expression. Thus, we turn the nil in the set of types, if any, into void type, obtaining the set of types (not optional types) of the function's result. We use that in the theorem about the function, which says that the result, which is an optional value in our formal semantics, has a type in the set; we use c::type-of-value-option to map values to their types, and nil to void.

Although a function definition has one return type (possibly void), its body may return values of slightly different types, possibly subject to conversions. However, our formal semantics of C does not cover those conversions yet, so we adopt the more general view here.

Definitions and Theorems

Function: fundef-types

(defun fundef-types (fundef)
  (declare (xargs :guard (fundefp fundef)))
  (declare (xargs :guard (and (fundef-unambp fundef)
                              (fundef-annop fundef))))
  (b* ((types (comp-stmt-types (fundef->body fundef)))
       (types (if (in nil types)
                  (insert (type-void) (delete nil types))
                types)))
    types))

Theorem: type-setp-of-fundef-types

(defthm type-setp-of-fundef-types
  (b* ((types (fundef-types fundef)))
    (type-setp types))
  :rule-classes :rewrite)

Theorem: fundef-types-of-fundef-fix-fundef

(defthm fundef-types-of-fundef-fix-fundef
  (equal (fundef-types (fundef-fix fundef))
         (fundef-types fundef)))

Theorem: fundef-types-fundef-equiv-congruence-on-fundef

(defthm fundef-types-fundef-equiv-congruence-on-fundef
  (implies (fundef-equiv fundef fundef-equiv)
           (equal (fundef-types fundef)
                  (fundef-types fundef-equiv)))
  :rule-classes :congruence)