|
|
|---|
|
|
|
|---|
Generate the theorem asserting that
the guard of the base term is satisfied
if the guard of the target function is
(
(tailrec-gen-base-guard-thm old$ base alpha-name test-of-alpha-name
old-guard-of-alpha-name
names-to-avoid state)
→
(mv event name updated-names-to-avoid)The hints follow the proof in the design notes.
This theorem is local, because it is just a lemma used to prove other theorems.
Function:
(defun tailrec-gen-base-guard-thm (old$ base alpha-name test-of-alpha-name old-guard-of-alpha-name names-to-avoid state) (declare (xargs :stobjs (state))) (declare (xargs :guard (and (symbolp old$) (pseudo-termp base) (symbolp alpha-name) (symbolp test-of-alpha-name) (symbolp old-guard-of-alpha-name) (symbol-listp names-to-avoid)))) (let ((__function__ 'tailrec-gen-base-guard-thm)) (declare (ignorable __function__)) (b* ((wrld (w state)) ((mv name names-to-avoid) (fresh-logical-name-with-$s-suffix 'base-guard nil names-to-avoid wrld)) (formula (implicate (guard old$ nil wrld) (term-guard-obligation base :limited state))) (formals (formals old$ wrld)) (alpha-comps (tailrec-gen-alpha-component-terms alpha-name old$ wrld)) (hints (cons (cons '"Goal" (cons ':in-theory (cons 'nil (cons ':use (cons (cons old-guard-of-alpha-name (cons test-of-alpha-name (cons (cons ':instance (cons (cons ':guard-theorem (cons old$ 'nil)) (cons ':extra-bindings-ok (alist-to-doublets (pairlis$ formals alpha-comps))))) 'nil))) 'nil))))) 'nil)) (event (cons 'local (cons (cons 'defthm (cons name (cons formula (cons ':rule-classes (cons 'nil (cons ':hints (cons hints 'nil))))))) 'nil)))) (mv event name names-to-avoid))))