• Top
  • Documentation
  • Books
  • Boolean-reasoning
  • Projects
  • Debugging
  • Std
    • Std/lists
    • Std/alists
    • Obags
    • Std/util
    • Std/strings
    • Std/io
    • Std/osets
    • Std/basic
    • Std/system
    • Std/typed-lists
    • Std/bitsets
    • Std/testing
      • Must-fail
        • Must-fail-with-soft-error
        • Must-fail-with-hard-error
        • Must-fail-with-error
        • Must-fail-local
      • Assert!-stobj
      • Must-eval-to
      • Assert!
      • Must-succeed
      • Must-succeed*
      • Assert?
      • Must-fail-with-soft-error
      • Must-fail-with-hard-error
      • Must-fail-with-error
      • Must-eval-to-t
      • Must-prove
      • Must-not-prove
      • Must-not-be-table-key
      • Must-be-redundant
      • Must-fail-local
      • Must-be-table-key
      • Assert-equal
    • Std/typed-alists
    • Std/stobjs
  • Proof-automation
  • Macro-libraries
  • ACL2
  • Interfacing-tools
  • Hardware-verification
  • Software-verification
  • Math
  • Testing-utilities

• Std/testing
• Errors

Must-fail

A top-level assert$-like command. Ensures that a command which returns an error-triple—e.g., defun or defthm—will not be successful.

This can be useful for adding simple unit tests of macros, theories, etc. to your books. Basic examples:

(must-fail                      ;; succeeds
  (defun 5))                    ;;   (invalid defun will indeed fail)

(must-fail                      ;; causes an error
  (thm t))                      ;;   (because this thm proves fine)

(must-fail (mv nil (hard-error 'foo "MESSAGE" nil) state))
                                ;; causes an error
                                ;;   (because hard errors propagate past
                                ;;    must-fail by default)

(must-fail (mv nil (hard-error 'foo "MESSAGE" nil) state)
           :expected :hard)     ;; succeeds

(must-fail                      ;; causes an error
  (in-theory (enable floor)))   ;;   (because this works fine)

(must-fail                      ;; causes an error
  (* 3 4))                      ;;   (doesn't return an error triple)

Must-fail is almost just like must-succeed, except that the event is expected to fail instead of succeed. The option :expected is described below; for everything else, please see the documentation for must-succeed for syntax, options, and additional discussion.

Also see must-fail-with-error, must-fail-with-soft-error, and must-fail-with-hard-error, which are essentially aliases for must-fail with different values for the option, :expected, which we now describe.

When the value of keyword :expected is :any, then must-fail succeeds if and only if ACL2 causes an error during evaluation of the supplied form. However :expected is :soft by default, in which case success requires that the error is ``soft'', not ``hard'': hard errors are caused by guard violations, by calls of illegal and hard-error, and by calls of er that are not ``soft''. Finally, if :expected is :hard, then the call of must-fail succeeds if and only if evaluation of the form causes a hard error.

CAVEAT: If a book contains a non-local form that causes proofs to be done, such as one of the form (must-fail (thm ...)), then it might not be possible to include that book. That is because proofs are generally skipped during include-book, and any thm will succeed if proofs are skipped. One fix is to make such forms local. Another fix is to use a wrapper must-fail! that creates a call of must-fail with :check-expansion to t; that causes proofs to be done even when including a book (because of the way that must-fail is implemented using make-event).

Subtopics

Must-fail-with-soft-error

A specialization of must-fail to ensure that a soft error occurs.

Must-fail-with-hard-error

A specialization of must-fail to ensure that a hard error occurs.

Must-fail-with-error

A specialization of must-fail to ensure that an error occurs.

Must-fail-local

A local variant of must-fail.