Cause an error if a value is a member of a list.
(ensure-value-is-not-in-list x list list-description description error-erp error-val ctx state) → (mv erp val state)
Function:
(defun ensure-value-is-not-in-list (x list list-description description error-erp error-val ctx state) (declare (xargs :stobjs (state))) (declare (xargs :guard (and (true-listp list) (msgp list-description) (msgp description)))) (b* (((when (member-equal x list)) (er-soft+ ctx error-erp error-val "~@0 must not be ~@1, but it is." description list-description))) (value nil)))
Theorem:
(defthm return-type-of-ensure-value-is-not-in-list.erp (b* (((mv ?erp ?val ?state) (ensure-value-is-not-in-list x list list-description description error-erp error-val ctx state))) (implies erp (equal erp error-erp))) :rule-classes :rewrite)
Theorem:
(defthm return-type-of-ensure-value-is-not-in-list.val (b* (((mv ?erp ?val ?state) (ensure-value-is-not-in-list x list list-description description error-erp error-val ctx state))) (and (implies erp (equal val error-val)) (implies (and (not erp) error-erp) (not val)))) :rule-classes :rewrite)