Commit c295f077 by Jean-Christophe Filliâtre

### simplified example power, by making use of int.Power

`Coq realization for int.Power (mostly to keep Coq proofs that were in power.mlw)`
parent 0654f137
 ... ... @@ -877,7 +877,7 @@ endif ifeq (@enable_coq_libs@,yes) COQLIBS_INT_FILES = Abs ComputerDivision EuclideanDivision Int MinMax COQLIBS_INT_FILES = Abs ComputerDivision EuclideanDivision Int MinMax Power COQLIBS_INT = \$(addprefix lib/coq/int/, \$(COQLIBS_INT_FILES)) COQLIBS_REAL_FILES = Abs ExpLog FromInt MinMax Real Square RealInfix ... ...
 theory Power (* fast exponentiation *) use import int.Int function power int int : int axiom Power_0 : forall x : int. power x 0 = 1 axiom Power_s : forall x n : int. 0 < n -> power x n = x * power x (n-1) lemma Power_1 : forall x : int. power x 1 = x lemma Power_sum : forall x n m : int. 0 <= n -> 0 <= m -> power x (n + m) = power x n * power x m lemma Power_mult : forall x n m : int. 0 <= n -> 0 <= m -> power x (n * m) = power (power x n) m lemma Power_mult2 : forall x y n : int. 0 <= n -> power (x * y) n = power x n * power y n end module M module FastExponentiation use import int.Int use import int.Power use import int.ComputerDivision use import Power (* recursive implementation *) ... ...
 (* This file is generated by Why3's Coq driver *) (* Beware! Only edit allowed sections below *) Require Import ZArith. Require Import Rbase. Require Import ZOdiv. Require int.Int. Require int.Abs. Require int.ComputerDivision. Require int.Power. (* Why3 assumption *) Definition unit := unit. (* Why3 assumption *) Inductive ref (a:Type) := | mk_ref : a -> ref a. Implicit Arguments mk_ref. (* Why3 assumption *) Definition contents (a:Type)(v:(ref a)): a := match v with | (mk_ref x) => x end. Implicit Arguments contents. Import int.ComputerDivision. Import Power. (* Why3 goal *) Theorem WP_parameter_fast_exp_imperative : forall (x:Z) (n:Z), (0%Z <= n)%Z -> forall (e:Z) (p:Z) (r:Z), ((0%Z <= e)%Z /\ ((r * (int.Power.power p e))%Z = (int.Power.power x n))) -> ((0%Z < e)%Z -> (((ZOmod e 2%Z) = 1%Z) -> forall (r1:Z), (r1 = (r * p)%Z) -> forall (p1:Z), (p1 = (p * p)%Z) -> forall (e1:Z), (e1 = (ZOdiv e 2%Z)) -> ((r1 * (int.Power.power p1 e1))%Z = (int.Power.power x n)))). intros x n h1 e p r (h2,h3) h4 h5 r1 h6 p1 h7 e1 h8. subst. assert (h: (2 <> 0)%Z) by omega. generalize (Div_mod e 2 h). clear h. assert (h: (0 < 2)%Z) by omega. generalize (Div_bound e 2 (conj h2 h)). clear h. rewrite h5; clear h5. intros. rewrite <- h3; clear h3. rewrite H0 at 2. clear H0. rewrite Power_sum. 2:omega. replace (2 * (e / 2))%Z with (e/2 + e/2)%Z by omega. rewrite Power_sum. 2:omega. rewrite Power_mult2. 2:omega. rewrite Power_1. ring. Qed.
 (* This file is generated by Why3's Coq driver *) (* Beware! Only edit allowed sections below *) Require Import ZArith. Require Import Rbase. Definition unit := unit. Parameter ignore: forall (a:Type), a -> unit. Implicit Arguments ignore. Parameter label_ : Type. Parameter at1: forall (a:Type), a -> label_ -> a. Implicit Arguments at1. Parameter old: forall (a:Type), a -> a. Implicit Arguments old. Parameter power: Z -> Z -> Z. Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x n) = (x * (power x (n - 1%Z)%Z))%Z). Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x). Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)). Axiom Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n * m)%Z) = (power (power x n) m))). Theorem Power_mult2 : forall (x:Z) (y:Z) (n:Z), (0%Z <= n)%Z -> ((power (x * y)%Z n) = ((power x n) * (power y n))%Z). (* YOU MAY EDIT THE PROOF BELOW *) intros x y n Hn. generalize Hn. pattern n. apply natlike_ind; auto. intros; do 3 rewrite Power_0. omega. intros. rewrite Power_s. 2:omega. rewrite (Power_s x (Zsucc x0)). rewrite (Power_s y (Zsucc x0)). replace (Zsucc x0 - 1)%Z with x0 by omega. rewrite H0. ring. omega. omega. omega. Qed. (* DO NOT EDIT BELOW *)
 (* This file is generated by Why3's Coq driver *) (* Beware! Only edit allowed sections below *) Require Import ZArith. Require Import Rbase. Definition unit := unit. Parameter ignore: forall (a:Type), a -> unit. Implicit Arguments ignore. Parameter label_ : Type. Parameter at1: forall (a:Type), a -> label_ -> a. Implicit Arguments at1. Parameter old: forall (a:Type), a -> a. Implicit Arguments old. Parameter power: Z -> Z -> Z. Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x n) = (x * (power x (n - 1%Z)%Z))%Z). Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x). Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)). Theorem Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n * m)%Z) = (power (power x n) m))). (* YOU MAY EDIT THE PROOF BELOW *) intros x n m Hn Hm. generalize Hm. pattern m. apply Z_lt_induction; auto. intros n0 Hind Hn0. assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega. destruct h. subst n0; rewrite Power_0; ring_simplify (n * 0)%Z. apply Power_0. replace (n*n0)%Z with (n*(n0-1)+n)%Z by ring. rewrite Power_sum; auto with zarith. rewrite Hind; auto with zarith. rewrite <- (Power_1 (power x n)) at 2. rewrite <- Power_sum; auto with zarith. ring_simplify (n0 - 1 + 1)%Z; auto. Qed. (* DO NOT EDIT BELOW *)
 (* This file is generated by Why3's Coq driver *) (* Beware! Only edit allowed sections below *) Require Import ZArith. Require Import Rbase. Require int.Int. Parameter power: Z -> Z -> Z. Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x n) = (x * (power x (n - 1%Z)%Z))%Z). Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x). Require Import Why3. (* Why3 goal *) Theorem Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)). (* YOU MAY EDIT THE PROOF BELOW *) intros x n m Hn Hm. generalize Hm. pattern m. apply Z_lt_induction; auto. why3 "alt-ergo". (* intros n0 Hind Hn0. assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega. destruct h. subst n0; rewrite Power_0; ring_simplify (n+0)%Z; ring. rewrite Power_s; auto with zarith. replace (n+n0-1)%Z with (n+(n0-1))%Z by omega. rewrite Hind; auto with zarith. rewrite (Power_s x n0). ring. omega. *) Qed.
 ... ... @@ -3,60 +3,35 @@ Require Import ZArith. Require Import Rbase. Require Import ZOdiv. Definition unit := unit. Parameter mark : Type. Parameter at1: forall (a:Type), a -> mark -> a. Implicit Arguments at1. Parameter old: forall (a:Type), a -> a. Implicit Arguments old. Axiom Abs_le : forall (x:Z) (y:Z), ((Zabs x) <= y)%Z <-> (((-y)%Z <= x)%Z /\ (x <= y)%Z). Parameter power: Z -> Z -> Z. Require int.Int. Require int.Abs. Require int.ComputerDivision. Require int.Power. (* Why3 assumption *) Definition unit := unit. Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x n) = (x * (power x (n - 1%Z)%Z))%Z). Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x). Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)). Axiom Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n * m)%Z) = (power (power x n) m))). Axiom Power_mult2 : forall (x:Z) (y:Z) (n:Z), (0%Z <= n)%Z -> ((power (x * y)%Z n) = ((power x n) * (power y n))%Z). (* Why3 assumption *) Inductive ref (a:Type) := | mk_ref : a -> ref a. Implicit Arguments mk_ref. Definition contents (a:Type)(u:(ref a)): a := match u with | mk_ref contents1 => contents1 (* Why3 assumption *) Definition contents (a:Type)(v:(ref a)): a := match v with | (mk_ref x) => x end. Implicit Arguments contents. (* YOU MAY EDIT THE CONTEXT BELOW *) (* DO NOT EDIT BELOW *) Import Power. Theorem WP_parameter_fast_exp_imperative : forall (x:Z), forall (n:Z), (0%Z <= n)%Z -> forall (e:Z), forall (p:Z), forall (r:Z), ((0%Z <= e)%Z /\ ((r * (power p e))%Z = (power x n))) -> ((0%Z < e)%Z -> (* Why3 goal *) Theorem WP_parameter_fast_exp_imperative : forall (x:Z) (n:Z), (0%Z <= n)%Z -> forall (e:Z) (p:Z) (r:Z), ((0%Z <= e)%Z /\ ((r * (int.Power.power p e))%Z = (int.Power.power x n))) -> ((0%Z < e)%Z -> ((~ ((ZOmod e 2%Z) = 1%Z)) -> forall (p1:Z), (p1 = (p * p)%Z) -> forall (e1:Z), (e1 = (ZOdiv e 2%Z)) -> ((r * (power p1 e1))%Z = (power x n)))). forall (e1:Z), (e1 = (ZOdiv e 2%Z)) -> ((r * (int.Power.power p1 e1))%Z = (int.Power.power x n)))). (* YOU MAY EDIT THE PROOF BELOW *) intros x n Hn e0 p0 r0 (He0,Hind). intros He0' Hmod p1 Hp e1 He. ... ... @@ -72,6 +47,5 @@ rewrite Power_mult2; auto with zarith. rewrite h at 3. rewrite Power_sum; omega. Qed. (* DO NOT EDIT BELOW *)
 name="power/why3session.xml" shape_version="2"> expanded="true"> ... ... @@ -127,19 +41,19 @@ name="expl:parameter fast_exp"/> ... ... @@ -151,10 +65,10 @@ expanded="true"> ... ... @@ -174,7 +88,7 @@ memlimit="0" obsolete="false" archived="false">