Cause an error if a function or lambda expression is a non-guard-verified function or a lambda expression that calls some non-guard-verified function.
(ensure-function/lambda-guard-verified-fns fn/lambda description error-erp error-val ctx state) → (mv erp val state)
This error-checking function is useful
after calling ensure-function/macro/lambda
(which returns the pseudo-termfnp)
to handle functions and lambda expressions uniformly.
The
Function:
(defun ensure-function/lambda-guard-verified-fns (fn/lambda description error-erp error-val ctx state) (declare (xargs :stobjs (state))) (declare (xargs :guard (and (pseudo-termfnp fn/lambda) (msgp description)))) (let ((__function__ 'ensure-function/lambda-guard-verified-fns)) (declare (ignorable __function__)) (if (symbolp fn/lambda) (ensure-function-is-guard-verified$ fn/lambda description error-erp error-val) (ensure-lambda-guard-verified-fns$ fn/lambda description error-erp error-val))))
Theorem:
(defthm return-type-of-ensure-function/lambda-guard-verified-fns.erp (b* (((mv ?erp ?val ?state) (ensure-function/lambda-guard-verified-fns fn/lambda description error-erp error-val ctx state))) (implies erp (equal erp error-erp))) :rule-classes :rewrite)
Theorem:
(defthm return-type-of-ensure-function/lambda-guard-verified-fns.val (b* (((mv ?erp ?val ?state) (ensure-function/lambda-guard-verified-fns fn/lambda description error-erp error-val ctx state))) (and (implies erp (equal val error-val)) (implies (and (not erp) error-erp) (not val)))) :rule-classes :rewrite)