simplified example power, by making use of int.Power

Coq realization for int.Power (mostly to keep Coq proofs that were in power.mlw)
parent 0654f137
......@@ -877,7 +877,7 @@ endif
ifeq (@enable_coq_libs@,yes)
COQLIBS_INT_FILES = Abs ComputerDivision EuclideanDivision Int MinMax
COQLIBS_INT_FILES = Abs ComputerDivision EuclideanDivision Int MinMax Power
COQLIBS_INT = $(addprefix lib/coq/int/, $(COQLIBS_INT_FILES))
COQLIBS_REAL_FILES = Abs ExpLog FromInt MinMax Real Square RealInfix
......
theory Power
(* fast exponentiation *)
use import int.Int
function power int int : int
axiom Power_0 : forall x : int. power x 0 = 1
axiom Power_s : forall x n : int. 0 < n -> power x n = x * power x (n-1)
lemma Power_1 : forall x : int. power x 1 = x
lemma Power_sum : forall x n m : int. 0 <= n -> 0 <= m ->
power x (n + m) = power x n * power x m
lemma Power_mult : forall x n m : int. 0 <= n -> 0 <= m ->
power x (n * m) = power (power x n) m
lemma Power_mult2 : forall x y n : int. 0 <= n ->
power (x * y) n = power x n * power y n
end
module M
module FastExponentiation
use import int.Int
use import int.Power
use import int.ComputerDivision
use import Power
(* recursive implementation *)
......
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Require Import ZOdiv.
Require int.Int.
Require int.Abs.
Require int.ComputerDivision.
Require int.Power.
(* Why3 assumption *)
Definition unit := unit.
(* Why3 assumption *)
Inductive ref (a:Type) :=
| mk_ref : a -> ref a.
Implicit Arguments mk_ref.
(* Why3 assumption *)
Definition contents (a:Type)(v:(ref a)): a :=
match v with
| (mk_ref x) => x
end.
Implicit Arguments contents.
Import int.ComputerDivision.
Import Power.
(* Why3 goal *)
Theorem WP_parameter_fast_exp_imperative : forall (x:Z) (n:Z),
(0%Z <= n)%Z -> forall (e:Z) (p:Z) (r:Z), ((0%Z <= e)%Z /\
((r * (int.Power.power p e))%Z = (int.Power.power x n))) -> ((0%Z < e)%Z ->
(((ZOmod e 2%Z) = 1%Z) -> forall (r1:Z), (r1 = (r * p)%Z) -> forall (p1:Z),
(p1 = (p * p)%Z) -> forall (e1:Z), (e1 = (ZOdiv e 2%Z)) ->
((r1 * (int.Power.power p1 e1))%Z = (int.Power.power x n)))).
intros x n h1 e p r (h2,h3) h4 h5 r1 h6 p1 h7 e1 h8.
subst.
assert (h: (2 <> 0)%Z) by omega.
generalize (Div_mod e 2 h). clear h.
assert (h: (0 < 2)%Z) by omega.
generalize (Div_bound e 2 (conj h2 h)). clear h.
rewrite h5; clear h5.
intros.
rewrite <- h3; clear h3.
rewrite H0 at 2. clear H0.
rewrite Power_sum. 2:omega.
replace (2 * (e / 2))%Z with (e/2 + e/2)%Z by omega.
rewrite Power_sum. 2:omega.
rewrite Power_mult2. 2:omega.
rewrite Power_1.
ring.
Qed.
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Parameter ignore: forall (a:Type), a -> unit.
Implicit Arguments ignore.
Parameter label_ : Type.
Parameter at1: forall (a:Type), a -> label_ -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Parameter power: Z -> Z -> Z.
Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z).
Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x
n) = (x * (power x (n - 1%Z)%Z))%Z).
Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x).
Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z ->
((power x (n + m)%Z) = ((power x n) * (power x m))%Z)).
Axiom Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z ->
((power x (n * m)%Z) = (power (power x n) m))).
Theorem Power_mult2 : forall (x:Z) (y:Z) (n:Z), (0%Z <= n)%Z ->
((power (x * y)%Z n) = ((power x n) * (power y n))%Z).
(* YOU MAY EDIT THE PROOF BELOW *)
intros x y n Hn.
generalize Hn.
pattern n.
apply natlike_ind; auto.
intros; do 3 rewrite Power_0.
omega.
intros.
rewrite Power_s.
2:omega.
rewrite (Power_s x (Zsucc x0)).
rewrite (Power_s y (Zsucc x0)).
replace (Zsucc x0 - 1)%Z with x0 by omega.
rewrite H0.
ring.
omega.
omega.
omega.
Qed.
(* DO NOT EDIT BELOW *)
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Definition unit := unit.
Parameter ignore: forall (a:Type), a -> unit.
Implicit Arguments ignore.
Parameter label_ : Type.
Parameter at1: forall (a:Type), a -> label_ -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Parameter power: Z -> Z -> Z.
Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z).
Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x
n) = (x * (power x (n - 1%Z)%Z))%Z).
Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x).
Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z ->
((power x (n + m)%Z) = ((power x n) * (power x m))%Z)).
Theorem Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z ->
((0%Z <= m)%Z -> ((power x (n * m)%Z) = (power (power x n) m))).
(* YOU MAY EDIT THE PROOF BELOW *)
intros x n m Hn Hm.
generalize Hm.
pattern m.
apply Z_lt_induction; auto.
intros n0 Hind Hn0.
assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega.
destruct h.
subst n0; rewrite Power_0; ring_simplify (n * 0)%Z.
apply Power_0.
replace (n*n0)%Z with (n*(n0-1)+n)%Z by ring.
rewrite Power_sum; auto with zarith.
rewrite Hind; auto with zarith.
rewrite <- (Power_1 (power x n)) at 2.
rewrite <- Power_sum; auto with zarith.
ring_simplify (n0 - 1 + 1)%Z; auto.
Qed.
(* DO NOT EDIT BELOW *)
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Require int.Int.
Parameter power: Z -> Z -> Z.
Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z).
Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x
n) = (x * (power x (n - 1%Z)%Z))%Z).
Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x).
Require Import Why3.
(* Why3 goal *)
Theorem Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z ->
((0%Z <= m)%Z -> ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)).
(* YOU MAY EDIT THE PROOF BELOW *)
intros x n m Hn Hm.
generalize Hm.
pattern m.
apply Z_lt_induction; auto.
why3 "alt-ergo".
(*
intros n0 Hind Hn0.
assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega.
destruct h.
subst n0; rewrite Power_0; ring_simplify (n+0)%Z; ring.
rewrite Power_s; auto with zarith.
replace (n+n0-1)%Z with (n+(n0-1))%Z by omega.
rewrite Hind; auto with zarith.
rewrite (Power_s x n0).
ring.
omega.
*)
Qed.
......@@ -3,60 +3,35 @@
Require Import ZArith.
Require Import Rbase.
Require Import ZOdiv.
Definition unit := unit.
Parameter mark : Type.
Parameter at1: forall (a:Type), a -> mark -> a.
Implicit Arguments at1.
Parameter old: forall (a:Type), a -> a.
Implicit Arguments old.
Axiom Abs_le : forall (x:Z) (y:Z), ((Zabs x) <= y)%Z <-> (((-y)%Z <= x)%Z /\
(x <= y)%Z).
Parameter power: Z -> Z -> Z.
Require int.Int.
Require int.Abs.
Require int.ComputerDivision.
Require int.Power.
(* Why3 assumption *)
Definition unit := unit.
Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z).
Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x
n) = (x * (power x (n - 1%Z)%Z))%Z).
Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x).
Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z ->
((power x (n + m)%Z) = ((power x n) * (power x m))%Z)).
Axiom Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z ->
((power x (n * m)%Z) = (power (power x n) m))).
Axiom Power_mult2 : forall (x:Z) (y:Z) (n:Z), (0%Z <= n)%Z ->
((power (x * y)%Z n) = ((power x n) * (power y n))%Z).
(* Why3 assumption *)
Inductive ref (a:Type) :=
| mk_ref : a -> ref a.
Implicit Arguments mk_ref.
Definition contents (a:Type)(u:(ref a)): a :=
match u with
| mk_ref contents1 => contents1
(* Why3 assumption *)
Definition contents (a:Type)(v:(ref a)): a :=
match v with
| (mk_ref x) => x
end.
Implicit Arguments contents.
(* YOU MAY EDIT THE CONTEXT BELOW *)
(* DO NOT EDIT BELOW *)
Import Power.
Theorem WP_parameter_fast_exp_imperative : forall (x:Z), forall (n:Z),
(0%Z <= n)%Z -> forall (e:Z), forall (p:Z), forall (r:Z), ((0%Z <= e)%Z /\
((r * (power p e))%Z = (power x n))) -> ((0%Z < e)%Z ->
(* Why3 goal *)
Theorem WP_parameter_fast_exp_imperative : forall (x:Z) (n:Z),
(0%Z <= n)%Z -> forall (e:Z) (p:Z) (r:Z), ((0%Z <= e)%Z /\
((r * (int.Power.power p e))%Z = (int.Power.power x n))) -> ((0%Z < e)%Z ->
((~ ((ZOmod e 2%Z) = 1%Z)) -> forall (p1:Z), (p1 = (p * p)%Z) ->
forall (e1:Z), (e1 = (ZOdiv e 2%Z)) -> ((r * (power p1 e1))%Z = (power x
n)))).
forall (e1:Z), (e1 = (ZOdiv e 2%Z)) -> ((r * (int.Power.power p1
e1))%Z = (int.Power.power x n)))).
(* YOU MAY EDIT THE PROOF BELOW *)
intros x n Hn e0 p0 r0 (He0,Hind).
intros He0' Hmod p1 Hp e1 He.
......@@ -72,6 +47,5 @@ rewrite Power_mult2; auto with zarith.
rewrite h at 3.
rewrite Power_sum; omega.
Qed.
(* DO NOT EDIT BELOW *)
This diff is collapsed.
(* This file is generated by Why3's Coq driver *)
(* Beware! Only edit allowed sections below *)
Require Import ZArith.
Require Import Rbase.
Require int.Int.
(* Why3 goal *)
Definition power: Z -> Z -> Z.
Admitted.
(* Why3 goal *)
Lemma Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z).
intros x.
Admitted.
(* Why3 goal *)
Lemma Power_s : forall (x:Z) (n:Z), (0%Z <= n)%Z -> ((power x
(n + 1%Z)%Z) = (x * (power x n))%Z).
intros x n h1.
Admitted.
(* Why3 goal *)
Lemma Power_1 : forall (x:Z), ((power x 1%Z) = x).
intros x.
Admitted.
(* Why3 goal *)
Lemma Power_sum : forall (x:Z) (n:Z) (m:Z), ((0%Z <= n)%Z /\ (0%Z <= m)%Z) ->
((power x (n + m)%Z) = ((power x n) * (power x m))%Z).
intros x n m (Hn, Hm).
generalize Hm.
pattern m.
apply Z_lt_induction; auto.
intros n0 Hind Hn0.
assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega.
destruct h.
subst n0; rewrite Power_0; ring_simplify (n+0)%Z; ring.
replace (n+n0)%Z with ((n+n0-1)+1)%Z by omega.
rewrite Power_s; auto with zarith.
replace (n+n0-1)%Z with (n+(n0-1))%Z by omega.
rewrite Hind; auto with zarith.
replace (power x n0) with (power x ((n0-1)+1)%Z).
rewrite (Power_s x (n0-1)%Z).
ring.
omega.
apply f_equal2; auto.
omega.
Qed.
(* Why3 goal *)
Lemma Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z ->
((power x (n * m)%Z) = (power (power x n) m))).
intros x n m Hn Hm.
generalize Hm.
pattern m.
apply Z_lt_induction; auto.
intros n0 Hind Hn0.
assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega.
destruct h.
subst n0; rewrite Power_0; ring_simplify (n * 0)%Z.
apply Power_0.
replace (n*n0)%Z with (n*(n0-1)+n)%Z by ring.
rewrite Power_sum; auto with zarith.
rewrite Hind; auto with zarith.
rewrite <- (Power_1 (power x n)) at 2.
rewrite <- Power_sum; auto with zarith.
ring_simplify (n0 - 1 + 1)%Z; auto.
Qed.
(* Why3 goal *)
Lemma Power_mult2 : forall (x:Z) (y:Z) (n:Z), (0%Z <= n)%Z ->
((power (x * y)%Z n) = ((power x n) * (power y n))%Z).
intros x y n Hn.
generalize Hn.
pattern n.
apply natlike_ind; auto.
intros; do 3 rewrite Power_0.
omega.
intros.
replace (Zsucc x0) with (x0+1)%Z by omega.
rewrite Power_s.
2:omega.
rewrite (Power_s x x0).
rewrite (Power_s y x0).
rewrite H0.
ring.
omega.
omega.
omega.
Qed.
......@@ -217,6 +217,7 @@ module NumOfParam
predicate pr_ (p: param_) (i: int) = let (a, p) = p in pr p i a[i]
clone import int.NumOfParam with type param = param_, predicate pr = pr_
(* the number of a[i] such that [l <= i < u] and [pr p i a[i]] *)
function numof (a: array elt) (p: param) (l u: int) : int = num_of (a, p) l u
end
......
......@@ -205,6 +205,9 @@ theory Exponentiation
lemma Power_mult : forall x:t, n m : int. 0 <= n -> 0 <= m ->
power x (Int.(*) n m) = power (power x n) m
lemma Power_mult2 : forall x y: t, n: int. 0 <= n ->
power (x * y) n = power x n * power y n
end
(** {2 Power of an integer to an integer } *)
......@@ -234,7 +237,7 @@ theory NumOfParam
predicate pr param int
(** number of [n] such that [a <= n < b] and [pr(p,n)] *)
(** number of [n] such that [a <= n < b] and [pr p n] *)
function num_of (p : param) (a b : int) : int
axiom Num_of_empty :
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment