-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathIntegersOld.v
176 lines (143 loc) · 5.5 KB
/
IntegersOld.v
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
(* *********************************************************************)
(* *)
(* The Compcert verified compiler *)
(* *)
(* Xavier Leroy, INRIA Paris-Rocquencourt *)
(* *)
(* Copyright Institut National de Recherche en Informatique et en *)
(* Automatique. All rights reserved. This file is distributed *)
(* under the terms of the GNU General Public License as published by *)
(* the Free Software Foundation, either version 2 of the License, or *)
(* (at your option) any later version. This file is also distributed *)
(* under the terms of the INRIA Non-Commercial License Agreement. *)
(* *)
(* *********************************************************************)
(* These are selected benchmarks from the CompCert Integers.v git history,
minimized to what is relevant, and modified slightly to work with existing
constructs.
They test simple changes in constructors of inductive types,
keeping theorem conclusions the same. *)
(** Formalizations of machine integers modulo $2^N$ #2<sup>N</sup>#. *)
Add LoadPath "coq".
Require Import Axioms.
Require Import CoqLib.
(* FILE: From Integers.v *)
(** * Parameterization by the word size, in bits. *)
Module Type WORDSIZE.
Variable wordsize: nat.
Axiom wordsize_not_zero: wordsize <> 0%nat.
End WORDSIZE.
Module Make(WS: WORDSIZE).
Definition wordsize: nat := WS.wordsize.
Definition modulus : Z := two_power_nat wordsize.
(** * Representation of machine integers *)
(** A machine integer (type [int]) is represented as a Coq arbitrary-precision
integer (type [Z]) plus a proof that it is in the range 0 (included) to
[modulus] (excluded. *)
Record int: Type := mkint { intval: Z; intrange: 0 <= intval < modulus }.
Definition int_ind :=
fun (P : int -> Type) (f : forall (intval : Z) (intrange : 0 <= intval < modulus),
P {| intval := intval; intrange := intrange |}) (i : int) =>
match i as i0 return (P i0) with
| {| intval := x; intrange := x0 |} => f x x0
end.
(** Binary decomposition of integers (type [Z]) *)
Definition Z_bin_decomp (x: Z) : bool * Z :=
match x with
| Z0 => (false, 0)
| Zpos p =>
match p with
| xI q => (true, Zpos q)
| xO q => (false, Zpos q)
| xH => (true, 0)
end
| Zneg p =>
match p with
| xI q => (true, Zneg q - 1)
| xO q => (false, Zneg q)
| xH => (true, -1)
end
end.
Definition Z_bin_comp (b: bool) (x: Z) : Z :=
if b then Zdouble_plus_one x else Zdouble x.
Lemma Z_bin_comp_eq:
forall b x, Z_bin_comp b x = 2 * x + (if b then 1 else 0).
Proof.
unfold Z_bin_comp; intros. destruct b.
apply Zdouble_plus_one_mult.
rewrite Zdouble_mult. omega.
Qed.
Lemma Z_bin_comp_decomp:
forall x, Z_bin_comp (fst (Z_bin_decomp x)) (snd (Z_bin_decomp x)) = x.
Proof.
destruct x; simpl.
auto.
destruct p; auto.
destruct p; auto. simpl.
rewrite <- Pplus_one_succ_r. rewrite Pdouble_minus_one_o_succ_eq_xI. auto.
Qed.
Lemma Z_bin_comp_decomp2:
forall x b y, Z_bin_decomp x = (b, y) -> x = Z_bin_comp b y.
Proof.
intros. rewrite <- (Z_bin_comp_decomp x). rewrite H; auto.
Qed.
(** Fast normalization modulo [2^n]. *)
Fixpoint Z_mod_two_p (x: Z) (n: nat) {struct n} : Z :=
match n with
| O => 0
| S m => let (b, y) := Z_bin_decomp x in Z_bin_comp b (Z_mod_two_p y m)
end.
Lemma Z_mod_two_p_range:
forall n x, 0 <= Z_mod_two_p x n < two_power_nat n.
Proof.
induction n; simpl; intros.
rewrite two_power_nat_O. omega.
rewrite two_power_nat_S. destruct (Z_bin_decomp x) as [b y] eqn:?.
rewrite Z_bin_comp_eq. generalize (IHn y). destruct b; omega.
Qed.
Lemma Z_mod_two_p_eq:
forall n x, Z_mod_two_p x n = Zmod x (two_power_nat n).
Proof.
assert (forall n x, exists y, x = y * two_power_nat n + Z_mod_two_p x n).
induction n; simpl; intros.
rewrite two_power_nat_O. exists x. ring.
rewrite two_power_nat_S.
destruct (Z_bin_decomp x) as [b y] eqn:?.
destruct (IHn y) as [z EQ].
exists z. rewrite (Z_bin_comp_decomp2 _ _ _ Heqp).
repeat rewrite Z_bin_comp_eq. rewrite EQ at 1. ring.
intros.
destruct (H n x) as [y EQ].
symmetry. apply Zmod_unique with y. auto. apply Z_mod_two_p_range.
Qed.
(** The [unsigned] and [signed] functions return the Coq integer corresponding
to the given machine integer, interpreted as unsigned or signed
respectively. *)
Definition unsigned (n: int) : Z := intval n.
(** Conversely, [repr] takes a Coq integer and returns the corresponding
machine integer. The argument is treated modulo [modulus]. *)
Definition repr (x: Z) : int :=
mkint (Z_mod_two_p x wordsize) (Z_mod_two_p_range wordsize x).
Lemma mkint_eq:
forall x y Px Py, x = y -> mkint x Px = mkint y Py.
Proof.
intros. subst y.
generalize (proof_irr Px Py); intro.
subst Py. reflexivity.
Qed.
(** * Properties of integers and integer arithmetic *)
(** ** Properties of the coercions between [Z] and [int] *)
Theorem unsigned_range:
forall i, 0 <= unsigned i < modulus.
Proof.
intros i. destruct i; auto.
Qed.
Hint Resolve unsigned_range: ints.
Theorem repr_unsigned:
forall i, repr (unsigned i) = i.
Proof.
intros i. destruct i; simpl. unfold repr. apply mkint_eq.
rewrite Z_mod_two_p_eq. apply Zmod_small; auto.
Qed.
Hint Resolve repr_unsigned : ints.
End Make.