• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
    • Debugging
    • Std
    • Proof-automation
    • Macro-libraries
    • ACL2
      • Theories
      • Rule-classes
      • Proof-builder
      • Recursion-and-induction
      • Hons-and-memoization
      • Events
      • Parallelism
      • History
      • Programming
        • Defun
        • Declare
          • Xargs
            • Guard
              • Verify-guards
              • Mbe
              • Set-guard-checking
              • Ec-call
              • Print-gv
              • The
              • Guards-and-evaluation
              • Guard-debug
              • Set-check-invariant-risk
              • Guard-evaluation-table
              • Guard-evaluation-examples-log
              • Guard-example
              • Defthmg
              • Invariant-risk
              • With-guard-checking
              • Guard-miscellany
              • Guard-holders
              • Guard-formula-utilities
                • Guard-simplification
                • Guard-obligation
                • Gthm
                • Verify-guards-formula
                • Guard-theorem-example
                • Guard-theorem
                • Verify-guard-implication
              • Set-verify-guards-eagerness
              • Guard-quick-reference
              • Set-register-invariant-risk
              • Guards-for-specification
              • Guard-evaluation-examples-script
              • Guard-introduction
              • Program-only
              • Non-exec
              • Set-guard-msg
              • Safe-mode
              • Set-print-gv-defaults
              • Guard-theorem-example
              • With-guard-checking-event
              • With-guard-checking-error-triple
              • Guard-checking-inhibited
              • Extra-info
            • Otf-flg
            • Normalize
          • Type-spec
          • Declare-stobjs
          • Set-ignore-ok
          • Set-irrelevant-formals-ok
        • System-utilities
        • Stobj
        • State
        • Mutual-recursion
        • Memoize
        • Mbe
        • Io
        • Defpkg
        • Apply$
        • Loop$
        • Programming-with-state
        • Arrays
        • Characters
        • Time$
        • Defmacro
        • Loop$-primer
        • Fast-alists
        • Defconst
        • Evaluation
        • Guard
          • Verify-guards
          • Mbe
          • Set-guard-checking
          • Ec-call
          • Print-gv
          • The
          • Guards-and-evaluation
          • Guard-debug
          • Set-check-invariant-risk
          • Guard-evaluation-table
          • Guard-evaluation-examples-log
          • Guard-example
          • Defthmg
          • Invariant-risk
          • With-guard-checking
          • Guard-miscellany
          • Guard-holders
          • Guard-formula-utilities
            • Guard-simplification
            • Guard-obligation
            • Gthm
            • Verify-guards-formula
            • Guard-theorem-example
            • Guard-theorem
            • Verify-guard-implication
          • Set-verify-guards-eagerness
          • Guard-quick-reference
          • Set-register-invariant-risk
          • Guards-for-specification
          • Guard-evaluation-examples-script
          • Guard-introduction
          • Program-only
          • Non-exec
          • Set-guard-msg
          • Safe-mode
          • Set-print-gv-defaults
          • Guard-theorem-example
          • With-guard-checking-event
          • With-guard-checking-error-triple
          • Guard-checking-inhibited
          • Extra-info
        • Equality-variants
        • Compilation
        • Hons
        • ACL2-built-ins
        • Developers-guide
        • System-attachments
        • Advanced-features
        • Set-check-invariant-risk
        • Numbers
        • Efficiency
        • Irrelevant-formals
        • Introduction-to-programming-in-ACL2-for-those-who-know-lisp
        • Redefining-programs
        • Lists
        • Invariant-risk
        • Errors
        • Defabbrev
        • Conses
        • Alists
        • Set-register-invariant-risk
        • Strings
        • Program-wrapper
        • Get-internal-time
        • Basics
        • Packages
        • Oracle-eval
        • Defmacro-untouchable
        • <<
        • Primitive
        • Revert-world
        • Unmemoize
        • Set-duplicate-keys-action
        • Symbols
        • Def-list-constructor
        • Easy-simplify-term
        • Defiteration
        • Fake-oracle-eval
        • Defopen
        • Sleep
      • Operational-semantics
      • Real
      • Start-here
      • Debugging
      • Miscellaneous
      • Output-controls
      • Macros
      • Interfacing-tools
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Guard

Guard-formula-utilities

Utilities that show guard proof obligations

See verify-guards and see guard for discussions of guards. Here we discuss several utilities that provide the proof obligations for guards, and briefly compare what is offered by each. Of course, see the documentation of each utility for details.

The first pair of utilities captures formulas produced during guard verification.

Verify-guards-formula: Use this to see what the corresponding verify-guards event prints, but without following through with a proof attempt. This utility is only for output, without returning an interesting value.

Guard-obligation: This function is a programmatic version of the macro, verify-guards-formula. It provides the guard obligation as a set of clauses, along with other information.

The second pair of utilities captures the formula provided when a :guard-theorem is supplied for a :use hint.

Gthm: This macro returns a user-level (``untranslated'') representation of the term that is generated for a :guard-theorem lemma-instance. Options control whether or not simplification and guard-debug are used.

Guard-theorem: This utility is like gthm, except that it is a function rather than a macro and it returns a translated term (a termp).

We conclude by contrasting these two pairs of utilities.

  • The first pair can take as input as either a function symbol or a term; for the second pair a function symbol (not a term) is required.
  • The level of simplification differs between the two pairs. See guard-simplification for a detailed explanation; here are highlights. The first pair simplifies (by default) with respect to the current-theory before producing the guard proof obligation formula, as is typically done when verifying guards; but the second pair only performs the theory-independent simplification done for a :guard-theorem specified in a :use hint, or if a suitable option is supplied, no simplification at all.
  • The two pairs differ in their output signatures: in particular, the utilities in the first pair return multiple values while those in the second pair return a single value.

Subtopics

Guard-simplification
Levels of simplification for guard proof obligations
Guard-obligation
The guard proof obligation
Gthm
The guard theorem for a given function symbol
Verify-guards-formula
View the guard proof obligation, without proving it
Guard-theorem-example
How to use a previously-proved guard theorem
Guard-theorem
Use a previously-proved guard theorem
Verify-guard-implication
Guard implication for memoize keyword :invoke