Commit b67fb7c0 authored by Andrei Paskevich's avatar Andrei Paskevich

update sessions

parent 61127a19
This source diff could not be displayed because it is too large. You can view the blob instead.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
locfile="../arm.mlw" locfile="../arm.mlw"
loclnum="16" loccnumb="6" loccnume="20" loclnum="16" loccnumb="6" loccnume="20"
expl="VC for insertion_sort" expl="VC for insertion_sort"
sum="0253f804b94902a25f1e77e1d4c459c1" sum="7a48ddec008b758b68d1b8f7bf242745"
proved="false" proved="false"
expanded="false" expanded="false"
shape="iainfix <=V6c45Aainfix =V7c9Aainfix <=c0V0iainfix <ainfix -c10V16ainfix -c10V5Aainfix <=c0ainfix -c10V5Aainfix <=ainfix *c2V12ainfix *ainfix -V16c2ainfix -V16c1Aainfix =V10ainfix -V16c2AainvV14Aainfix <=V16c11Aainfix <=c2V16Iainfix =V16ainfix +V5c1Fainfix <V22V11Aainfix <=c0V11Aainfix <=ainfix *c2V17ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V22Aainvamk arrayV0V21Aainfix <=V22V5Aainfix <=c1V22Iainfix =V22ainfix -V11c1FIainfix =V21asetV19V20agetV13V11Aainfix <=c0V0FAainfix <V20V0Aainfix <=c0V20Lainfix -V11c1Iainfix =V19asetV13V11agetV13V18Aainfix <=c0V0FAainfix <V11V0Aainfix <=c0V11Aainfix <V18V0Aainfix <=c0V18Lainfix -V11c1Aainfix <V11V0Aainfix <=c0V11Iainfix =V17ainfix +V12c1Fainfix <agetV13V11agetV13V15Aainfix <V11V0Aainfix <=c0V11Aainfix <V15V0Aainfix <=c0V15Aainfix <=c0V0Lainfix -V11c1Iainfix <=ainfix *c2V12ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V11AainvV14Aainfix <=V11V5Aainfix <=c1V11Lamk arrayV0V13FAainfix <=ainfix *c2V6ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V5AainvV9Aainfix <=V5V5Aainfix <=c1V5Iainfix =V10ainfix +V7c1Fainfix <=V5c10Iainfix <=ainfix *c2V6ainfix *ainfix -V5c2ainfix -V5c1Aainfix =V7ainfix -V5c2AainvV9Aainfix <=V5c11Aainfix <=c2V5Lamk arrayV0V8FAainfix <=ainfix *c2V1ainfix *ainfix -c2c2ainfix -c2c1Aainfix =V2ainfix -c2c2AainvV4Aainfix <=c2c11Aainfix <=c2c2Iainfix =V1c0Aainfix =V2c0AainvV4Aainfix <=c0V0Lamk arrayV0V3FF"> shape="iainfix <=V6c45Aainfix =V7c9Aainfix <=c0V0iainfix <ainfix -c10V16ainfix -c10V5Aainfix <=c0ainfix -c10V5Aainfix <=ainfix *c2V12ainfix *ainfix -V16c2ainfix -V16c1Aainfix =V10ainfix -V16c2AainvV14Aainfix <=V16c11Aainfix <=c2V16Iainfix =V16ainfix +V5c1Fainfix <V22V11Aainfix <=c0V11Aainfix <=ainfix *c2V17ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V22Aainvamk arrayV0V21Aainfix <=V22V5Aainfix <=c1V22Iainfix =V22ainfix -V11c1FIainfix =V21asetV19V20agetV13V11Aainfix <=c0V0FAainfix <V20V0Aainfix <=c0V20Lainfix -V11c1Iainfix =V19asetV13V11agetV13V18Aainfix <=c0V0FAainfix <V11V0Aainfix <=c0V11Aainfix <V18V0Aainfix <=c0V18Lainfix -V11c1Aainfix <V11V0Aainfix <=c0V11Iainfix =V17ainfix +V12c1Fainfix <agetV13V11agetV13V15Aainfix <V11V0Aainfix <=c0V11Aainfix <V15V0Aainfix <=c0V15Aainfix <=c0V0Lainfix -V11c1Iainfix <=ainfix *c2V12ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V11AainvV14Aainfix <=V11V5Aainfix <=c1V11Lamk arrayV0V13FAainfix <=ainfix *c2V6ainfix +ainfix *ainfix -V5c2ainfix -V5c1ainfix *c2ainfix -V5V5AainvV9Aainfix <=V5V5Aainfix <=c1V5Iainfix =V10ainfix +V7c1Fainfix <=V5c10Iainfix <=ainfix *c2V6ainfix *ainfix -V5c2ainfix -V5c1Aainfix =V7ainfix -V5c2AainvV9Aainfix <=V5c11Aainfix <=c2V5Lamk arrayV0V8FAainfix <=ainfix *c2V1ainfix *ainfix -c2c2ainfix -c2c1Aainfix =V2ainfix -c2c2AainvV4Aainfix <=c2c11Aainfix <=c2c2Iainfix =V1c0Aainfix =V2c0AainvV4Aainfix <=c0V0Lamk arrayV0V3FF">
...@@ -50,7 +50,7 @@ ...@@ -50,7 +50,7 @@
locfile="../arm.mlw" locfile="../arm.mlw"
loclnum="120" loccnumb="6" loccnume="18" loclnum="120" loccnumb="6" loccnume="18"
expl="VC for path_init_l2" expl="VC for path_init_l2"
sum="beb23c3645199bfd98a3ca8ba1a81b49" sum="b7f073634088aae7b5aaf2b40c15baf4"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainv_l2V5V0V2Iainfix =V5amixfix [<-]V1ainfix -V0c16V4FIainfix =V4c2FIainfix =V3c0FIainfix =V2c0FIainvV1AaseparationV0F"> shape="ainv_l2V5V0V2Iainfix =V5amixfix [<-]V1ainfix -V0c16V4FIainfix =V4c2FIainfix =V3c0FIainfix =V2c0FIainvV1AaseparationV0F">
...@@ -78,7 +78,7 @@ ...@@ -78,7 +78,7 @@
locfile="../arm.mlw" locfile="../arm.mlw"
loclnum="127" loccnumb="6" loccnume="18" loclnum="127" loccnumb="6" loccnume="18"
expl="VC for path_l2_exit" expl="VC for path_l2_exit"
sum="25c0115faf8097c35ae492323795ad51" sum="7985bd31cb47c770cc076d13e2aa0786"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =V0c9Iainfix =V4aFalseIainfix <=V3c10qainfix =V4aTrueFIainfix =V3amixfix []V2ainfix -V1c16FIainv_l2V2V1V0AaseparationV1F"> shape="ainfix =V0c9Iainfix =V4aFalseIainfix <=V3c10qainfix =V4aTrueFIainfix =V3amixfix []V2ainfix -V1c16FIainv_l2V2V1V0AaseparationV1F">
......
...@@ -24,7 +24,7 @@ ...@@ -24,7 +24,7 @@
locfile="../assigning_meanings_to_programs.mlw" locfile="../assigning_meanings_to_programs.mlw"
loclnum="12" loccnumb="6" loccnume="9" loclnum="12" loccnumb="6" loccnume="9"
expl="VC for sum" expl="VC for sum"
sum="6ec85216e9bf59221efb91729e5526a9" sum="a22a8b12b1c0d38016349831b652911b"
proved="true" proved="true"
expanded="true" expanded="true"
shape="iainfix =V3asumV1c1ainfix +V2c1ainfix <ainfix -V2V6ainfix -V2V4Aainfix <=c0ainfix -V2V4Aainfix =V5asumV1c1V6Aainfix <=V6ainfix +V2c1Aainfix <=c1V6Iainfix =V6ainfix +V4c1FIainfix =V5ainfix +V3agetV1V4FAainfix <V4V0Aainfix <=c0V4ainfix <=V4V2Iainfix =V3asumV1c1V4Aainfix <=V4ainfix +V2c1Aainfix <=c1V4FAainfix =c0asumV1c1c1Aainfix <=c1ainfix +V2c1Aainfix <=c1c1Iainfix <V2V0Aainfix <=c0V2Aainfix <=c0V0F"> shape="iainfix =V3asumV1c1ainfix +V2c1ainfix <ainfix -V2V6ainfix -V2V4Aainfix <=c0ainfix -V2V4Aainfix =V5asumV1c1V6Aainfix <=V6ainfix +V2c1Aainfix <=c1V6Iainfix =V6ainfix +V4c1FIainfix =V5ainfix +V3agetV1V4FAainfix <V4V0Aainfix <=c0V4ainfix <=V4V2Iainfix =V3asumV1c1V4Aainfix <=V4ainfix +V2c1Aainfix <=c1V4FAainfix =c0asumV1c1c1Aainfix <=c1ainfix +V2c1Aainfix <=c1c1Iainfix <V2V0Aainfix <=c0V2Aainfix <=c0V0F">
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
(* This file is generated by Why3's Coq driver *) (* This file is generated by Why3's Coq 8.4 driver *)
(* Beware! Only edit allowed sections below *) (* Beware! Only edit allowed sections below *)
Require Import BuiltIn. Require Import BuiltIn.
Require BuiltIn. Require BuiltIn.
Require bool.Bool.
Require int.Int. Require int.Int.
Require int.Abs. Require int.Abs.
Require int.EuclideanDivision. Require int.EuclideanDivision.
...@@ -148,13 +149,24 @@ Axiom pow2_62 : ((pow2 62%Z) = 4611686018427387904%Z). ...@@ -148,13 +149,24 @@ Axiom pow2_62 : ((pow2 62%Z) = 4611686018427387904%Z).
Axiom pow2_63 : ((pow2 63%Z) = 9223372036854775808%Z). Axiom pow2_63 : ((pow2 63%Z) = 9223372036854775808%Z).
Axiom Div_pow : forall (x:Z) (i:Z), (((pow2 (i - 1%Z)%Z) <= x)%Z /\ Axiom Div_mult_inst : forall (x:Z) (z:Z), (0%Z < x)%Z ->
(x < (pow2 i))%Z) -> ((int.EuclideanDivision.div x ((int.EuclideanDivision.div ((x * 1%Z)%Z + z)%Z
(pow2 (i - 1%Z)%Z)) = 1%Z). x) = (1%Z + (int.EuclideanDivision.div z x))%Z).
Axiom Div_pow2 : forall (x:Z) (i:Z), (((-(pow2 i))%Z <= x)%Z /\ Axiom Div_double : forall (x:Z) (y:Z), ((0%Z < y)%Z /\ ((y <= x)%Z /\
(x < (-(pow2 (i - 1%Z)%Z))%Z)%Z) -> ((int.EuclideanDivision.div x (x < (2%Z * y)%Z)%Z)) -> ((int.EuclideanDivision.div x y) = 1%Z).
(pow2 (i - 1%Z)%Z)) = (-2%Z)%Z).
Axiom Div_pow : forall (x:Z) (i:Z), (0%Z < i)%Z ->
((((pow2 (i - 1%Z)%Z) <= x)%Z /\ (x < (pow2 i))%Z) ->
((int.EuclideanDivision.div x (pow2 (i - 1%Z)%Z)) = 1%Z)).
Axiom Div_double_neg : forall (x:Z) (y:Z), ((((-2%Z)%Z * y)%Z <= x)%Z /\
((x < (-y)%Z)%Z /\ ((-y)%Z < 0%Z)%Z)) -> ((int.EuclideanDivision.div x
y) = (-2%Z)%Z).
Axiom Div_pow2 : forall (x:Z) (i:Z), (0%Z < i)%Z ->
((((-(pow2 i))%Z <= x)%Z /\ (x < (-(pow2 (i - 1%Z)%Z))%Z)%Z) ->
((int.EuclideanDivision.div x (pow2 (i - 1%Z)%Z)) = (-2%Z)%Z)).
Axiom Mod_pow2_gen : forall (x:Z) (i:Z) (k:Z), ((0%Z <= k)%Z /\ (k < i)%Z) -> Axiom Mod_pow2_gen : forall (x:Z) (i:Z) (k:Z), ((0%Z <= k)%Z /\ (k < i)%Z) ->
((int.EuclideanDivision.mod1 (int.EuclideanDivision.div (x + (pow2 i))%Z ((int.EuclideanDivision.mod1 (int.EuclideanDivision.div (x + (pow2 i))%Z
...@@ -182,7 +194,7 @@ Axiom Nth_one : forall (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> ((nth bvone ...@@ -182,7 +194,7 @@ Axiom Nth_one : forall (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> ((nth bvone
n) = true). n) = true).
(* Why3 assumption *) (* Why3 assumption *)
Definition eq(v1:bv) (v2:bv): Prop := forall (n:Z), ((0%Z <= n)%Z /\ Definition eq (v1:bv) (v2:bv): Prop := forall (n:Z), ((0%Z <= n)%Z /\
(n < size)%Z) -> ((nth v1 n) = (nth v2 n)). (n < size)%Z) -> ((nth v1 n) = (nth v2 n)).
Axiom extensionality : forall (v1:bv) (v2:bv), (eq v1 v2) -> (v1 = v2). Axiom extensionality : forall (v1:bv) (v2:bv), (eq v1 v2) -> (v1 = v2).
...@@ -255,19 +267,19 @@ Axiom lsl_nth_low : forall (b:bv) (n:Z) (s:Z), ((0%Z <= n)%Z /\ ...@@ -255,19 +267,19 @@ Axiom lsl_nth_low : forall (b:bv) (n:Z) (s:Z), ((0%Z <= n)%Z /\
Parameter to_nat_sub: bv -> Z -> Z -> Z. Parameter to_nat_sub: bv -> Z -> Z -> Z.
Axiom to_nat_sub_zero : forall (b:bv) (j:Z) (i:Z), (((0%Z <= i)%Z /\ Axiom to_nat_sub_zero : forall (b:bv) (j:Z) (i:Z), ((0%Z <= i)%Z /\
(i <= j)%Z) /\ (j < size)%Z) -> (((nth b j) = false) -> ((to_nat_sub b j ((i <= j)%Z /\ (j < size)%Z)) -> (((nth b j) = false) -> ((to_nat_sub b j
i) = (to_nat_sub b (j - 1%Z)%Z i))). i) = (to_nat_sub b (j - 1%Z)%Z i))).
Axiom to_nat_sub_one : forall (b:bv) (j:Z) (i:Z), (((0%Z <= i)%Z /\ Axiom to_nat_sub_one : forall (b:bv) (j:Z) (i:Z), ((0%Z <= i)%Z /\
(i <= j)%Z) /\ (j < size)%Z) -> (((nth b j) = true) -> ((to_nat_sub b j ((i <= j)%Z /\ (j < size)%Z)) -> (((nth b j) = true) -> ((to_nat_sub b j
i) = ((pow2 (j - i)%Z) + (to_nat_sub b (j - 1%Z)%Z i))%Z)). i) = ((pow2 (j - i)%Z) + (to_nat_sub b (j - 1%Z)%Z i))%Z)).
Axiom to_nat_sub_high : forall (b:bv) (j:Z) (i:Z), (j < i)%Z -> Axiom to_nat_sub_high : forall (b:bv) (j:Z) (i:Z), (j < i)%Z ->
((to_nat_sub b j i) = 0%Z). ((to_nat_sub b j i) = 0%Z).
Axiom to_nat_of_zero2 : forall (b:bv) (i:Z) (j:Z), (((j < size)%Z /\ Axiom to_nat_of_zero2 : forall (b:bv) (i:Z) (j:Z), ((j < size)%Z /\
(i <= j)%Z) /\ (0%Z <= i)%Z) -> ((forall (k:Z), ((k <= j)%Z /\ ((i <= j)%Z /\ (0%Z <= i)%Z)) -> ((forall (k:Z), ((k <= j)%Z /\
(i < k)%Z) -> ((nth b k) = false)) -> ((to_nat_sub b j 0%Z) = (to_nat_sub b (i < k)%Z) -> ((nth b k) = false)) -> ((to_nat_sub b j 0%Z) = (to_nat_sub b
i 0%Z))). i 0%Z))).
...@@ -279,14 +291,14 @@ Require Import Why3. ...@@ -279,14 +291,14 @@ Require Import Why3.
Open Scope Z_scope. Open Scope Z_scope.
(* Why3 goal *) (* Why3 goal *)
Theorem to_nat_of_one : forall (b:bv) (i:Z) (j:Z), (((j < size)%Z /\ Theorem to_nat_of_one : forall (b:bv) (i:Z) (j:Z), ((j < size)%Z /\
(i <= j)%Z) /\ (0%Z <= i)%Z) -> ((forall (k:Z), ((k <= j)%Z /\ ((i <= j)%Z /\ (0%Z <= i)%Z)) -> ((forall (k:Z), ((k <= j)%Z /\
(i <= k)%Z) -> ((nth b k) = true)) -> ((to_nat_sub b j (i <= k)%Z) -> ((nth b k) = true)) -> ((to_nat_sub b j
i) = ((pow2 ((j - i)%Z + 1%Z)%Z) - 1%Z)%Z)). i) = ((pow2 ((j - i)%Z + 1%Z)%Z) - 1%Z)%Z)).
intros b i j ((Hj,Hij),Hi). (* Why3 intros b i j (h1,(h2,h3)) h4. *)
intros b i j (Hj,(Hij,Hi)).
generalize Hij Hj. generalize Hij Hj.
pattern j; apply Zlt_lower_bound_ind with (z:=i); auto. pattern j; apply Zlt_lower_bound_ind with (z:=i); auto.
why3 "cvc3" timelimit 3. why3 "cvc3" timelimit 3.
Qed. Qed.
(* This file is generated by Why3's Coq driver *) (* This file is generated by Why3's Coq 8.4 driver *)
(* Beware! Only edit allowed sections below *) (* Beware! Only edit allowed sections below *)
Require Import BuiltIn. Require Import BuiltIn.
Require BuiltIn. Require BuiltIn.
Require bool.Bool.
Require int.Int. Require int.Int.
Require int.Abs. Require int.Abs.
Require int.EuclideanDivision. Require int.EuclideanDivision.
...@@ -148,13 +149,24 @@ Axiom pow2_62 : ((pow2 62%Z) = 4611686018427387904%Z). ...@@ -148,13 +149,24 @@ Axiom pow2_62 : ((pow2 62%Z) = 4611686018427387904%Z).
Axiom pow2_63 : ((pow2 63%Z) = 9223372036854775808%Z). Axiom pow2_63 : ((pow2 63%Z) = 9223372036854775808%Z).
Axiom Div_pow : forall (x:Z) (i:Z), (((pow2 (i - 1%Z)%Z) <= x)%Z /\ Axiom Div_mult_inst : forall (x:Z) (z:Z), (0%Z < x)%Z ->
(x < (pow2 i))%Z) -> ((int.EuclideanDivision.div x ((int.EuclideanDivision.div ((x * 1%Z)%Z + z)%Z
(pow2 (i - 1%Z)%Z)) = 1%Z). x) = (1%Z + (int.EuclideanDivision.div z x))%Z).
Axiom Div_pow2 : forall (x:Z) (i:Z), (((-(pow2 i))%Z <= x)%Z /\ Axiom Div_double : forall (x:Z) (y:Z), ((0%Z < y)%Z /\ ((y <= x)%Z /\
(x < (-(pow2 (i - 1%Z)%Z))%Z)%Z) -> ((int.EuclideanDivision.div x (x < (2%Z * y)%Z)%Z)) -> ((int.EuclideanDivision.div x y) = 1%Z).
(pow2 (i - 1%Z)%Z)) = (-2%Z)%Z).
Axiom Div_pow : forall (x:Z) (i:Z), (0%Z < i)%Z ->
((((pow2 (i - 1%Z)%Z) <= x)%Z /\ (x < (pow2 i))%Z) ->
((int.EuclideanDivision.div x (pow2 (i - 1%Z)%Z)) = 1%Z)).
Axiom Div_double_neg : forall (x:Z) (y:Z), ((((-2%Z)%Z * y)%Z <= x)%Z /\
((x < (-y)%Z)%Z /\ ((-y)%Z < 0%Z)%Z)) -> ((int.EuclideanDivision.div x
y) = (-2%Z)%Z).
Axiom Div_pow2 : forall (x:Z) (i:Z), (0%Z < i)%Z ->
((((-(pow2 i))%Z <= x)%Z /\ (x < (-(pow2 (i - 1%Z)%Z))%Z)%Z) ->
((int.EuclideanDivision.div x (pow2 (i - 1%Z)%Z)) = (-2%Z)%Z)).
Axiom Mod_pow2_gen : forall (x:Z) (i:Z) (k:Z), ((0%Z <= k)%Z /\ (k < i)%Z) -> Axiom Mod_pow2_gen : forall (x:Z) (i:Z) (k:Z), ((0%Z <= k)%Z /\ (k < i)%Z) ->
((int.EuclideanDivision.mod1 (int.EuclideanDivision.div (x + (pow2 i))%Z ((int.EuclideanDivision.mod1 (int.EuclideanDivision.div (x + (pow2 i))%Z
...@@ -182,7 +194,7 @@ Axiom Nth_one : forall (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> ((nth bvone ...@@ -182,7 +194,7 @@ Axiom Nth_one : forall (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> ((nth bvone
n) = true). n) = true).
(* Why3 assumption *) (* Why3 assumption *)
Definition eq(v1:bv) (v2:bv): Prop := forall (n:Z), ((0%Z <= n)%Z /\ Definition eq (v1:bv) (v2:bv): Prop := forall (n:Z), ((0%Z <= n)%Z /\
(n < size)%Z) -> ((nth v1 n) = (nth v2 n)). (n < size)%Z) -> ((nth v1 n) = (nth v2 n)).
Axiom extensionality : forall (v1:bv) (v2:bv), (eq v1 v2) -> (v1 = v2). Axiom extensionality : forall (v1:bv) (v2:bv), (eq v1 v2) -> (v1 = v2).
...@@ -255,12 +267,12 @@ Axiom lsl_nth_low : forall (b:bv) (n:Z) (s:Z), ((0%Z <= n)%Z /\ ...@@ -255,12 +267,12 @@ Axiom lsl_nth_low : forall (b:bv) (n:Z) (s:Z), ((0%Z <= n)%Z /\
Parameter to_nat_sub: bv -> Z -> Z -> Z. Parameter to_nat_sub: bv -> Z -> Z -> Z.
Axiom to_nat_sub_zero : forall (b:bv) (j:Z) (i:Z), (((0%Z <= i)%Z /\ Axiom to_nat_sub_zero : forall (b:bv) (j:Z) (i:Z), ((0%Z <= i)%Z /\
(i <= j)%Z) /\ (j < size)%Z) -> (((nth b j) = false) -> ((to_nat_sub b j ((i <= j)%Z /\ (j < size)%Z)) -> (((nth b j) = false) -> ((to_nat_sub b j
i) = (to_nat_sub b (j - 1%Z)%Z i))). i) = (to_nat_sub b (j - 1%Z)%Z i))).
Axiom to_nat_sub_one : forall (b:bv) (j:Z) (i:Z), (((0%Z <= i)%Z /\ Axiom to_nat_sub_one : forall (b:bv) (j:Z) (i:Z), ((0%Z <= i)%Z /\
(i <= j)%Z) /\ (j < size)%Z) -> (((nth b j) = true) -> ((to_nat_sub b j ((i <= j)%Z /\ (j < size)%Z)) -> (((nth b j) = true) -> ((to_nat_sub b j
i) = ((pow2 (j - i)%Z) + (to_nat_sub b (j - 1%Z)%Z i))%Z)). i) = ((pow2 (j - i)%Z) + (to_nat_sub b (j - 1%Z)%Z i))%Z)).
Axiom to_nat_sub_high : forall (b:bv) (j:Z) (i:Z), (j < i)%Z -> Axiom to_nat_sub_high : forall (b:bv) (j:Z) (i:Z), (j < i)%Z ->
...@@ -273,11 +285,12 @@ Ltac ae := why3 "alt-ergo" timelimit 3. ...@@ -273,11 +285,12 @@ Ltac ae := why3 "alt-ergo" timelimit 3.
Open Scope Z_scope. Open Scope Z_scope.
(* Why3 goal *) (* Why3 goal *)
Theorem to_nat_of_zero2 : forall (b:bv) (i:Z) (j:Z), (((j < size)%Z /\ Theorem to_nat_of_zero2 : forall (b:bv) (i:Z) (j:Z), ((j < size)%Z /\
(i <= j)%Z) /\ (0%Z <= i)%Z) -> ((forall (k:Z), ((k <= j)%Z /\ ((i <= j)%Z /\ (0%Z <= i)%Z)) -> ((forall (k:Z), ((k <= j)%Z /\
(i < k)%Z) -> ((nth b k) = false)) -> ((to_nat_sub b j 0%Z) = (to_nat_sub b (i < k)%Z) -> ((nth b k) = false)) -> ((to_nat_sub b j 0%Z) = (to_nat_sub b
i 0%Z))). i 0%Z))).
intros b i j ((Hj,Hij),Hipos). (* Why3 intros b i j (h1,(h2,h3)) h4. *)
intros b i j (Hj,(Hij,Hipos)).
generalize Hj. generalize Hj.
pattern j; apply Zlt_lower_bound_ind with (z:=i); auto. pattern j; apply Zlt_lower_bound_ind with (z:=i); auto.
clear j Hj Hij. clear j Hj Hij.
...@@ -289,4 +302,3 @@ intros Hbits Hnth. ...@@ -289,4 +302,3 @@ intros Hbits Hnth.
rewrite to_nat_sub_zero; auto with zarith. rewrite to_nat_sub_zero; auto with zarith.
Qed. Qed.
...@@ -46,7 +46,7 @@ ...@@ -46,7 +46,7 @@
name="nth_one1" name="nth_one1"
locfile="../double.why" locfile="../double.why"
loclnum="73" loccnumb="8" loccnume="16" loclnum="73" loccnumb="8" loccnume="16"
sum="53e20bd87a3e79b72c5512963842d539" sum="9426856b7db1eaa0a7fbf98d0a1d6511"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =anthaoneV0aFalseIainfix &lt;=V0c51Aainfix &lt;=c0V0F"> shape="ainfix =anthaoneV0aFalseIainfix &lt;=V0c51Aainfix &lt;=c0V0F">
...@@ -63,7 +63,7 @@ ...@@ -63,7 +63,7 @@
name="nth_one2" name="nth_one2"
locfile="../double.why" locfile="../double.why"
loclnum="74" loccnumb="8" loccnume="16" loclnum="74" loccnumb="8" loccnume="16"
sum="5c6b679bdaf6e72da6f008127d4dae8b" sum="b1c633079fda4d75118758023d1bd9d6"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =anthaoneV0aTrueIainfix &lt;=V0c61Aainfix &lt;=c52V0F"> shape="ainfix =anthaoneV0aTrueIainfix &lt;=V0c61Aainfix &lt;=c52V0F">
...@@ -80,7 +80,7 @@ ...@@ -80,7 +80,7 @@
name="nth_one3" name="nth_one3"
locfile="../double.why" locfile="../double.why"
loclnum="75" loccnumb="8" loccnume="16" loclnum="75" loccnumb="8" loccnume="16"
sum="46bc15aba4d6b67856522de76992c667" sum="7b13e3cc4204cfbf0bcadc9604a16925"
proved="true" proved="true"
expanded="false" expanded="false"
shape="ainfix =anthaoneV0aFalseIainfix &lt;=V0c63Aainfix &lt;=c62V0F"> shape="ainfix =anthaoneV0aFalseIainfix &lt;=V0c63Aainfix &lt;=c62V0F">
...@@ -97,7 +97,7 @@ ...@@ -97,7 +97,7 @@
name="sign_one" name="sign_one"
locfile="../double.why" locfile="../double.why"
loclnum="77" loccnumb="8" loccnume="16" loclnum="77" loccnumb="8" loccnume="16"
sum="ab82e666da6cf4defbf0468de247ca8e" sum="bdda75f77974f193214e8a50e2cd6d59"
proved="true" proved="true"
expanded="false" expanded="false"
shape="ainfix =asignaoneaFalse"> shape="ainfix =asignaoneaFalse">
...@@ -146,7 +146,7 @@ ...@@ -146,7 +146,7 @@
name="exp_one" name="exp_one"
locfile="../double.why" locfile="../double.why"
loclnum="78" loccnumb="8" loccnume="15" loclnum="78" loccnumb="8" loccnume="15"
sum="d0092b130cd4ba2ae1480e7e7a7fb7d5" sum="0c3504d58a9734848a0cbc03bc51d27d"
proved="true" proved="true"
expanded="false" expanded="false"
shape="ainfix =aexpaonec1023"> shape="ainfix =aexpaonec1023">
...@@ -172,7 +172,7 @@ ...@@ -172,7 +172,7 @@
name="mantissa_one" name="mantissa_one"
locfile="../double.why" locfile="../double.why"
loclnum="79" loccnumb="8" loccnume="20" loclnum="79" loccnumb="8" loccnume="20"
sum="645707f7b8a77e5360f0735d5a5b932d" sum="e7fa2f72bb2aada4371ebb33b3cc263e"
proved="true" proved="true"
expanded="false" expanded="false"
shape="ainfix =amantissaaonec0"> shape="ainfix =amantissaaonec0">
...@@ -205,7 +205,7 @@ ...@@ -205,7 +205,7 @@
name="double_value_of_1" name="double_value_of_1"
locfile="../double.why" locfile="../double.why"
loclnum="81" loccnumb="8" loccnume="25" loclnum="81" loccnumb="8" loccnume="25"
sum="ba4b977489801faa24193df21c2ca712" sum="a43ae53878e69bc2d59a96e436eb69b9"
proved="true" proved="true"
expanded="false" expanded="false"
shape="ainfix =adouble_of_bv64aonec1.0"> shape="ainfix =adouble_of_bv64aonec1.0">
......
...@@ -39,7 +39,7 @@ ...@@ -39,7 +39,7 @@
name="Nth_j" name="Nth_j"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="13" loccnumb="8" loccnume="13" loclnum="13" loccnumb="8" loccnume="13"
sum="a7d9cf0929603ad3efb0168530924828" sum="b0c07d6787ca3814d68d37a55958ed88"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =anthajV0aFalseIainfix &lt;=V0c62Aainfix &lt;=c0V0F"> shape="ainfix =anthajV0aFalseIainfix &lt;=V0c62Aainfix &lt;=c0V0F">
...@@ -56,7 +56,7 @@ ...@@ -56,7 +56,7 @@
name="sign_of_j" name="sign_of_j"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="15" loccnumb="8" loccnume="17" loclnum="15" loccnumb="8" loccnume="17"
sum="db878064435f19d2d1ff550e668e5ef7" sum="11d2d005ac052841fddb064ceec1a224"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =asignajaTrue"> shape="ainfix =asignajaTrue">
...@@ -73,7 +73,7 @@ ...@@ -73,7 +73,7 @@
name="mantissa_of_j" name="mantissa_of_j"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="16" loccnumb="8" loccnume="21" loclnum="16" loccnumb="8" loccnume="21"
sum="9bc445592e04784060be698711ed7011" sum="0ec22cf2da947df79bbac64e800d2037"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =amantissaajc0"> shape="ainfix =amantissaajc0">
...@@ -122,7 +122,7 @@ ...@@ -122,7 +122,7 @@
name="exp_of_j" name="exp_of_j"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="17" loccnumb="8" loccnume="16" loclnum="17" loccnumb="8" loccnume="16"
sum="43cea4ec0bdced8115798182e3eec086" sum="d3fd5439e0a062e21d4b47d51da10f85"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =aexpajc0"> shape="ainfix =aexpajc0">
...@@ -171,7 +171,7 @@ ...@@ -171,7 +171,7 @@
name="int_of_bv" name="int_of_bv"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="18" loccnumb="8" loccnume="17" loclnum="18" loccnumb="8" loccnume="17"
sum="13b8c9db73db1dac2c7bad49f600634e" sum="062b16a1b9b8983f80b40b9ca9c1b7c1"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =adouble_of_bv64ajc0.0"> shape="ainfix =adouble_of_bv64ajc0.0">
...@@ -220,7 +220,7 @@ ...@@ -220,7 +220,7 @@
name="MainResultBits" name="MainResultBits"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="20" loccnumb="8" loccnume="22" loclnum="20" loccnumb="8" loccnume="22"
sum="b8c642e5737eee9e8f8dede7b5d40cd8" sum="e67e8ff64626154fd727262483f22583"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =anthabw_xorV0ajV1anthV0V1Iainfix &lt;V1c63Aainfix &lt;=c0V1FF"> shape="ainfix =anthabw_xorV0ajV1anthV0V1Iainfix &lt;V1c63Aainfix &lt;=c0V1FF">
...@@ -245,7 +245,7 @@ ...@@ -245,7 +245,7 @@
name="MainResultSign" name="MainResultSign"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="23" loccnumb="8" loccnume="22" loclnum="23" loccnumb="8" loccnume="22"
sum="75b0e6c8ac543c3dd0ddec53a5fb9557" sum="aa318a184dd710f5d456887f3f3c9e06"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =anthabw_xorV0ajc63anotbanthV0c63F"> shape="ainfix =anthabw_xorV0ajc63anotbanthV0c63F">
...@@ -270,7 +270,7 @@ ...@@ -270,7 +270,7 @@
name="Sign_of_xor_j" name="Sign_of_xor_j"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="25" loccnumb="8" loccnume="21" loclnum="25" loccnumb="8" loccnume="21"
sum="8728de3c3203b4e08ad9c90f5a6bbb65" sum="16129089ff40de7b992dc83878b2e424"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =asignabw_xorV0ajanotbasignV0F"> shape="ainfix =asignabw_xorV0ajanotbasignV0F">
...@@ -319,7 +319,7 @@ ...@@ -319,7 +319,7 @@
name="Exp_of_xor_j" name="Exp_of_xor_j"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="27" loccnumb="8" loccnume="20" loclnum="27" loccnumb="8" loccnume="20"
sum="455b0069043d71e599dfecc63a8758c0" sum="1d7f25cf0479a1b4653fb5da53c80932"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =aexpabw_xorV0ajaexpV0F"> shape="ainfix =aexpabw_xorV0ajaexpV0F">
...@@ -360,7 +360,7 @@ ...@@ -360,7 +360,7 @@
name="Mantissa_of_xor_j" name="Mantissa_of_xor_j"
locfile="../neg_as_xor.why" locfile="../neg_as_xor.why"
loclnum="29" loccnumb="8" loccnume="25" loclnum="29" loccnumb="8" loccnume="25"
sum="1f02e9a2a57fd9292ecd416dbb186109" sum="358f2775fb8ab653ffd112e0011f0f81"
proved="true" proved="true"
expanded="true" expanded="true"
shape="ainfix =amantissaabw_xorV0ajamantissaV0F"> shape="ainfix =amantissaabw_xorV0ajamantissaV0F">
...@@ -401,7 +401,7 @@ ...@@ -401,7 +401,7 @@