Cause an error if any element of a true list is not a member of another true list.
(ensure-list-subset list super description error-erp error-val ctx state) → (mv erp val state)
Function:
(defun ensure-list-subset (list super description error-erp error-val ctx state) (declare (xargs :stobjs (state))) (declare (xargs :guard (and (true-listp list) (true-listp super) (msgp description)))) (b* (((unless (subsetp-equal list super)) (er-soft+ ctx error-erp error-val "~@0 must have only elements in the list ~x1, but it includes the ~@2." description super (let ((extra (remove-duplicates-equal (set-difference-equal list super)))) (if (= (len extra) 1) (msg "element ~x0" (car extra)) (msg "elements ~&0" extra)))))) (value nil)))
Theorem:
(defthm return-type-of-ensure-list-subset.erp (b* (((mv ?erp ?val ?state) (ensure-list-subset list super description error-erp error-val ctx state))) (implies erp (equal erp error-erp))) :rule-classes :rewrite)
Theorem:
(defthm return-type-of-ensure-list-subset.val (b* (((mv ?erp ?val ?state) (ensure-list-subset list super description error-erp error-val ctx state))) (and (implies erp (equal val error-val)) (implies (and (not erp) error-erp) (not val)))) :rule-classes :rewrite)