• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
    • Debugging
    • Std
      • Std/lists
      • Std/alists
      • Obags
      • Std/util
      • Std/strings
      • Std/io
      • Std/osets
      • Std/basic
      • Std/system
        • Fresh-logical-name-with-$s-suffix
        • Irrelevant-formals-info
        • Std/system/function-queries
          • Defun-sk-queries
          • Tail-recursive-p
          • Termination-theorem$
          • Unwrapped-nonexec-body+
          • Measure
          • Arity+
          • Ubody
          • Ruler-extenders+
          • Recursive-calls
          • Guard-theorem-no-simplify$
          • Well-founded-relation+
          • Unwrapped-nonexec-body
          • Measured-subset+
            • Ruler-extenders
            • Measure+
            • Number-of-results+
            • Induction-machine+
            • Non-executablep+
            • Pure-raw-p
            • Irecursivep+
            • Formals+
            • Stobjs-out+
            • Definedp+
            • Number-of-results
            • Induction-machine
            • Ubody+
            • Guard-theorem-no-simplify
            • Uguard
            • Rawp
            • Defchoose-queries
            • Uguard+
            • Stobjs-in+
            • No-stobjs-p+
            • Irecursivep
            • Well-founded-relation
            • Definedp
            • Guard-verified-p+
            • Primitivep+
            • No-stobjs-p
            • Measured-subset
            • Guard-verified-p
            • Primitivep
            • Non-executablep
            • Fundef-disabledp
            • Ibody
            • Fundef-enabledp
            • Std/system/arity
          • Std/system/term-queries
          • Std/system/term-transformations
          • Std/system/enhanced-utilities
          • Install-not-normalized-event
          • Install-not-normalized-event-lst
          • Std/system/term-function-recognizers
          • Genvar$
          • Std/system/event-name-queries
          • Pseudo-tests-and-call-listp
          • Maybe-pseudo-event-formp
          • Add-suffix-to-fn-or-const
          • Chk-irrelevant-formals-ok
          • Table-alist+
          • Pseudo-tests-and-callp
          • Add-suffix-to-fn-or-const-lst
          • Known-packages+
          • Add-suffix-to-fn-lst
          • Unquote-term
          • Event-landmark-names
          • Add-suffix-lst
          • Std/system/theorem-queries
          • Unquote-term-list
          • Std/system/macro-queries
          • Pseudo-command-landmark-listp
          • Install-not-normalized$
          • Pseudo-event-landmark-listp
          • Known-packages
          • Std/system/partition-rest-and-keyword-args
          • Rune-enabledp
          • Rune-disabledp
          • Included-books
          • Std/system/pseudo-event-formp
          • Std/system/plist-worldp-with-formals
          • Std/system/w
          • Std/system/geprops
          • Std/system/arglistp
          • Std/system/constant-queries
        • Std/typed-lists
        • Std/bitsets
        • Std/testing
        • Std/typed-alists
        • Std/stobjs
      • Proof-automation
      • Macro-libraries
      • ACL2
      • Interfacing-tools
      • Hardware-verification
      • Software-verification
      • Math
      • Testing-utilities
    • Std/system/function-queries

    Measured-subset+

    Enhanced variant of measured-subset.

    Signature
    (measured-subset+ fn wrld) → measured-subset
    Arguments
    fn — Guard (symbolp fn).
    wrld — Guard (plist-worldp wrld).
    Returns
    measured-subset — Type (symbol-listp measured-subset).

    This returns the same result as measured-subset, but it is guard-verified and includes a run-time check (which should always succeed) on the result that allows us to prove the return type theorem without strengthening the guard on wrld. This utility also includes a run-time check (which should always succeed) on the form of the justification property of the function that allows us to verify the guards without strengthening the guard of wrld. Furthermore, this utility causes an error if called on a symbol that does not name a recursive logic-mode function; the reason for ensuring logic-mode is that recursive program-mode functions do not have a measured subset.

    Definitions and Theorems

    Function: measured-subset+

    (defun measured-subset+ (fn wrld)
 (declare (xargs :guard (and (symbolp fn) (plist-worldp wrld))))
 (let ((__function__ 'measured-subset+))
  (declare (ignorable __function__))
  (if (not (irecursivep+ fn wrld))
      (raise "The function ~x0 is not recursive." fn)
   (b*
    ((justification (getpropc fn 'justification nil wrld))
     ((unless (weak-justification-p justification))
      (raise
       "Internal error: ~
                  the JUSTIFICATION property ~x0 of ~x1 is not well-formed."
       justification fn))
     (measured-subset (access justification justification :subset))
     ((unless (symbol-listp measured-subset))
      (raise
       "Internal error: ~
                  the measured subset ~x0 of ~x1 is not a true list of symbols."
       measured-subset fn)))
    measured-subset))))

    Theorem: symbol-listp-of-measured-subset+

    (defthm symbol-listp-of-measured-subset+
  (b* ((measured-subset (measured-subset+ fn wrld)))
    (symbol-listp measured-subset))
  :rule-classes :rewrite)