• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
      • Theories
      • Rule-classes
      • Proof-builder
      • Recursion-and-induction
      • Hons-and-memoization
      • Events
      • Parallelism
      • History
      • Programming
        • Defun
        • Declare
        • System-utilities
        • Stobj
        • State
        • Mutual-recursion
        • Memoize
        • Mbe
        • Io
        • Defpkg
        • Apply$
        • Loop$
        • Programming-with-state
        • Arrays
        • Characters
        • Time$
        • Defmacro
        • Loop$-primer
        • Fast-alists
        • Defconst
        • Evaluation
        • Guard
        • Equality-variants
        • Compilation
        • Hons
        • ACL2-built-ins
        • Developers-guide
        • System-attachments
        • Advanced-features
        • Set-check-invariant-risk
        • Numbers
        • Efficiency
        • Irrelevant-formals
        • Introduction-to-programming-in-ACL2-for-those-who-know-lisp
        • Redefining-programs
        • Lists
        • Invariant-risk
        • Errors
          • Er
          • Value-triple
          • Error-checking
          • Error-triple
          • Assert-event
          • Set-warnings-as-errors
          • Hard-error
          • Set-inhibit-er
          • Must-fail
          • Assert!-stobj
          • Breaks
          • Must-eval-to
            • Must-eval-to-t
          • Ctx
          • Assert!
          • Must-succeed
          • Assert$
          • Ctxp
          • Illegal
          • Er-progn
          • Error1
          • Er-hard
          • Must-succeed*
          • Toggle-inhibit-er
          • Break$
          • Assert*
          • Assert?
          • Er-soft+
          • Er-hard?
          • Must-fail-with-soft-error
          • Must-fail-with-hard-error
          • Must-fail-with-error
          • Must-eval-to-t
          • Er-soft-logic
          • Er-soft
          • Convert-soft-error
          • Toggle-inhibit-er!
          • Set-inhibit-er!
          • Must-prove
          • Must-not-prove
          • Must-fail!
          • Must-be-redundant
          • Must-succeed!
          • Must-fail-local
          • Assert-equal
        • Defabbrev
        • Conses
        • Alists
        • Set-register-invariant-risk
        • Strings
        • Program-wrapper
        • Get-internal-time
        • Basics
        • Packages
        • Oracle-eval
        • Defmacro-untouchable
        • <<
        • Primitive
        • Revert-world
        • Unmemoize
        • Set-duplicate-keys-action
        • Symbols
        • Def-list-constructor
        • Easy-simplify-term
        • Defiteration
        • Fake-oracle-eval
        • Defopen
        • Sleep
      • Operational-semantics
      • Real
      • Start-here
      • Debugging
      • Miscellaneous
      • Output-controls
      • Macros
      • Interfacing-tools
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Std/testing
  • Errors

Must-eval-to

A top-level assert$-like command to ensure that a form evaluates to a non-erroneous error triple with the value of a specified expression.

(must-eval-to form
              expr
              :ld-skip-proofsp ...
              :with-output-off ...
              :check-expansion ....)

Form should evaluate to an error triple (mv erp val state). If erp is nil and val is the value of expr then (must-eval-to form expr) expands to (value-triple 'val); otherwise expansion causes an appropriate soft error. Note that both form and expr are evaluated.

The :ld-skip-proofsp option sets the value of ld-skip-proofsp to use for evaluating form, unless it is :default, which is the default, in which case ld-skip-proofsp retains its current value.

The :with-output-off option serves to suppress output from form: when not nil, it is used as the :off argument of with-output. The default is :all, i.e., all output is suppressed.

The :check-expansion option determines whether form is re-run and re-checked at include-book time; see make-event. By default, it is not.

Macro: must-eval-to

(defmacro must-eval-to (&whole must-eval-to-form form
                               expr &key (ld-skip-proofsp ':default)
                               (with-output-off ':all)
                               (check-expansion 'nil
                                                check-expansion-p))
 (declare (xargs :guard (booleanp check-expansion)))
 (let*
  ((body
    (cons
     'er-let*
     (cons
      (cons (cons 'form-val-use-nowhere-else
                  (cons form 'nil))
            'nil)
      (cons
       (cons
        'let
        (cons
         (cons (cons 'expr-val
                     (cons (cons 'check-vars-not-free
                                 (cons '(form-val-use-nowhere-else)
                                       (cons expr 'nil)))
                           'nil))
               'nil)
         (cons
          (cons
           'cond
           (cons
            '((equal form-val-use-nowhere-else expr-val)
              (value (list 'value-triple
                           (list 'quote expr-val))))
            (cons
             (cons
              't
              (cons
               (cons
                'er
                (cons
                 'soft
                 (cons
                  (cons
                   'msg
                   (cons
                    '"( MUST-EVAL-TO ~@0 ~@1)"
                    (cons
                     (cons 'tilde-@-abbreviate-object-phrase
                           (cons (cons 'quote (cons form 'nil))
                                 'nil))
                     (cons
                          (cons 'tilde-@-abbreviate-object-phrase
                                (cons (cons 'quote (cons expr 'nil))
                                      'nil))
                          'nil))))
                  (cons
                   '"Evaluation returned ~X01, not the value ~x2 of ~
                            the expression ~x3."
                   (cons
                    'form-val-use-nowhere-else
                    (cons '(evisc-tuple 4 3 nil nil)
                          (cons 'expr-val
                                (cons (cons 'quote (cons expr 'nil))
                                      'nil))))))))
               'nil))
             'nil)))
          'nil)))
       'nil))))
   (form
    (cons
     'make-event
     (cons
          (if (eq ld-skip-proofsp :default)
              body
            (cons 'state-global-let*
                  (cons (cons (cons 'ld-skip-proofsp
                                    (cons ld-skip-proofsp 'nil))
                              'nil)
                        (cons body 'nil))))
          (cons ':on-behalf-of
                (cons must-eval-to-form
                      (and check-expansion-p
                           (cons ':check-expansion
                                 (cons check-expansion 'nil)))))))))
  (cond (with-output-off
             (cons 'with-output
                   (cons ':off
                         (cons with-output-off (cons form 'nil)))))
        (t form))))

Subtopics

Must-eval-to-t
A specialization of must-eval-to to ensure that a form evaluates to a non-erroneous error triple with value t.