From c295f0772c77b5335c70b59f8e01efd064cabd61 Mon Sep 17 00:00:00 2001 From: Jean-Christophe Date: Thu, 26 Jul 2012 01:46:27 +0200 Subject: [PATCH] simplified example power, by making use of int.Power Coq realization for int.Power (mostly to keep Coq proofs that were in power.mlw) --- Makefile.in | 2 +- examples/programs/power.mlw | 27 +- ...wer_M_WP_parameter_fast_exp_imperative_1.v | 54 ++++ .../power/power_Power_Power_mult2_1.v | 60 ---- .../programs/power/power_Power_Power_mult_1.v | 55 ---- .../programs/power/power_Power_Power_sum_1.v | 41 --- ..._WP_M_WP_parameter_fast_exp_imperative_3.v | 62 ++-- examples/programs/power/why3session.xml | 268 +++++++----------- lib/coq/int/Power.v | 95 +++++++ modules/array.mlw | 1 + theories/int.why | 5 +- 11 files changed, 278 insertions(+), 392 deletions(-) create mode 100644 examples/programs/power/power_M_WP_parameter_fast_exp_imperative_1.v delete mode 100644 examples/programs/power/power_Power_Power_mult2_1.v delete mode 100644 examples/programs/power/power_Power_Power_mult_1.v delete mode 100644 examples/programs/power/power_Power_Power_sum_1.v create mode 100644 lib/coq/int/Power.v diff --git a/Makefile.in b/Makefile.in index bbc7400c6..b06c9be09 100644 --- a/Makefile.in +++ b/Makefile.in @@ -877,7 +877,7 @@ endif ifeq (@enable_coq_libs@,yes) -COQLIBS_INT_FILES = Abs ComputerDivision EuclideanDivision Int MinMax +COQLIBS_INT_FILES = Abs ComputerDivision EuclideanDivision Int MinMax Power COQLIBS_INT = $(addprefix lib/coq/int/, $(COQLIBS_INT_FILES)) COQLIBS_REAL_FILES = Abs ExpLog FromInt MinMax Real Square RealInfix diff --git a/examples/programs/power.mlw b/examples/programs/power.mlw index d48919646..3d3a06dc8 100644 --- a/examples/programs/power.mlw +++ b/examples/programs/power.mlw @@ -1,32 +1,11 @@ -theory Power +(* fast exponentiation *) - use import int.Int - - function power int int : int - - axiom Power_0 : forall x : int. power x 0 = 1 - - axiom Power_s : forall x n : int. 0 < n -> power x n = x * power x (n-1) - - lemma Power_1 : forall x : int. power x 1 = x - - lemma Power_sum : forall x n m : int. 0 <= n -> 0 <= m -> - power x (n + m) = power x n * power x m - - lemma Power_mult : forall x n m : int. 0 <= n -> 0 <= m -> - power x (n * m) = power (power x n) m - - lemma Power_mult2 : forall x y n : int. 0 <= n -> - power (x * y) n = power x n * power y n - -end - -module M +module FastExponentiation use import int.Int + use import int.Power use import int.ComputerDivision - use import Power (* recursive implementation *) diff --git a/examples/programs/power/power_M_WP_parameter_fast_exp_imperative_1.v b/examples/programs/power/power_M_WP_parameter_fast_exp_imperative_1.v new file mode 100644 index 000000000..46f0778d7 --- /dev/null +++ b/examples/programs/power/power_M_WP_parameter_fast_exp_imperative_1.v @@ -0,0 +1,54 @@ +(* This file is generated by Why3's Coq driver *) +(* Beware! Only edit allowed sections below *) +Require Import ZArith. +Require Import Rbase. +Require Import ZOdiv. +Require int.Int. +Require int.Abs. +Require int.ComputerDivision. +Require int.Power. + +(* Why3 assumption *) +Definition unit := unit. + +(* Why3 assumption *) +Inductive ref (a:Type) := + | mk_ref : a -> ref a. +Implicit Arguments mk_ref. + +(* Why3 assumption *) +Definition contents (a:Type)(v:(ref a)): a := + match v with + | (mk_ref x) => x + end. +Implicit Arguments contents. + +Import int.ComputerDivision. +Import Power. + +(* Why3 goal *) +Theorem WP_parameter_fast_exp_imperative : forall (x:Z) (n:Z), + (0%Z <= n)%Z -> forall (e:Z) (p:Z) (r:Z), ((0%Z <= e)%Z /\ + ((r * (int.Power.power p e))%Z = (int.Power.power x n))) -> ((0%Z < e)%Z -> + (((ZOmod e 2%Z) = 1%Z) -> forall (r1:Z), (r1 = (r * p)%Z) -> forall (p1:Z), + (p1 = (p * p)%Z) -> forall (e1:Z), (e1 = (ZOdiv e 2%Z)) -> + ((r1 * (int.Power.power p1 e1))%Z = (int.Power.power x n)))). +intros x n h1 e p r (h2,h3) h4 h5 r1 h6 p1 h7 e1 h8. +subst. +assert (h: (2 <> 0)%Z) by omega. +generalize (Div_mod e 2 h). clear h. +assert (h: (0 < 2)%Z) by omega. +generalize (Div_bound e 2 (conj h2 h)). clear h. +rewrite h5; clear h5. +intros. +rewrite <- h3; clear h3. +rewrite H0 at 2. clear H0. +rewrite Power_sum. 2:omega. +replace (2 * (e / 2))%Z with (e/2 + e/2)%Z by omega. +rewrite Power_sum. 2:omega. +rewrite Power_mult2. 2:omega. +rewrite Power_1. +ring. +Qed. + + diff --git a/examples/programs/power/power_Power_Power_mult2_1.v b/examples/programs/power/power_Power_Power_mult2_1.v deleted file mode 100644 index 57a4d5610..000000000 --- a/examples/programs/power/power_Power_Power_mult2_1.v +++ /dev/null @@ -1,60 +0,0 @@ -(* This file is generated by Why3's Coq driver *) -(* Beware! Only edit allowed sections below *) -Require Import ZArith. -Require Import Rbase. -Definition unit := unit. - -Parameter ignore: forall (a:Type), a -> unit. - -Implicit Arguments ignore. - -Parameter label_ : Type. - -Parameter at1: forall (a:Type), a -> label_ -> a. - -Implicit Arguments at1. - -Parameter old: forall (a:Type), a -> a. - -Implicit Arguments old. - -Parameter power: Z -> Z -> Z. - - -Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). - -Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x - n) = (x * (power x (n - 1%Z)%Z))%Z). - -Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x). - -Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> - ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)). - -Axiom Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> - ((power x (n * m)%Z) = (power (power x n) m))). - -Theorem Power_mult2 : forall (x:Z) (y:Z) (n:Z), (0%Z <= n)%Z -> - ((power (x * y)%Z n) = ((power x n) * (power y n))%Z). -(* YOU MAY EDIT THE PROOF BELOW *) -intros x y n Hn. -generalize Hn. -pattern n. -apply natlike_ind; auto. -intros; do 3 rewrite Power_0. -omega. -intros. -rewrite Power_s. -2:omega. -rewrite (Power_s x (Zsucc x0)). -rewrite (Power_s y (Zsucc x0)). -replace (Zsucc x0 - 1)%Z with x0 by omega. -rewrite H0. -ring. -omega. -omega. -omega. -Qed. -(* DO NOT EDIT BELOW *) - - diff --git a/examples/programs/power/power_Power_Power_mult_1.v b/examples/programs/power/power_Power_Power_mult_1.v deleted file mode 100644 index b93242742..000000000 --- a/examples/programs/power/power_Power_Power_mult_1.v +++ /dev/null @@ -1,55 +0,0 @@ -(* This file is generated by Why3's Coq driver *) -(* Beware! Only edit allowed sections below *) -Require Import ZArith. -Require Import Rbase. -Definition unit := unit. - -Parameter ignore: forall (a:Type), a -> unit. - -Implicit Arguments ignore. - -Parameter label_ : Type. - -Parameter at1: forall (a:Type), a -> label_ -> a. - -Implicit Arguments at1. - -Parameter old: forall (a:Type), a -> a. - -Implicit Arguments old. - -Parameter power: Z -> Z -> Z. - - -Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). - -Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x - n) = (x * (power x (n - 1%Z)%Z))%Z). - -Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x). - -Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> - ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)). - -Theorem Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> - ((0%Z <= m)%Z -> ((power x (n * m)%Z) = (power (power x n) m))). -(* YOU MAY EDIT THE PROOF BELOW *) -intros x n m Hn Hm. -generalize Hm. -pattern m. -apply Z_lt_induction; auto. -intros n0 Hind Hn0. -assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega. -destruct h. -subst n0; rewrite Power_0; ring_simplify (n * 0)%Z. -apply Power_0. -replace (n*n0)%Z with (n*(n0-1)+n)%Z by ring. -rewrite Power_sum; auto with zarith. -rewrite Hind; auto with zarith. -rewrite <- (Power_1 (power x n)) at 2. -rewrite <- Power_sum; auto with zarith. -ring_simplify (n0 - 1 + 1)%Z; auto. -Qed. -(* DO NOT EDIT BELOW *) - - diff --git a/examples/programs/power/power_Power_Power_sum_1.v b/examples/programs/power/power_Power_Power_sum_1.v deleted file mode 100644 index a14e866bb..000000000 --- a/examples/programs/power/power_Power_Power_sum_1.v +++ /dev/null @@ -1,41 +0,0 @@ -(* This file is generated by Why3's Coq driver *) -(* Beware! Only edit allowed sections below *) -Require Import ZArith. -Require Import Rbase. -Require int.Int. - -Parameter power: Z -> Z -> Z. - -Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). - -Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x - n) = (x * (power x (n - 1%Z)%Z))%Z). - -Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x). - -Require Import Why3. - -(* Why3 goal *) -Theorem Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> - ((0%Z <= m)%Z -> ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)). -(* YOU MAY EDIT THE PROOF BELOW *) -intros x n m Hn Hm. -generalize Hm. -pattern m. -apply Z_lt_induction; auto. -why3 "alt-ergo". -(* -intros n0 Hind Hn0. -assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega. -destruct h. -subst n0; rewrite Power_0; ring_simplify (n+0)%Z; ring. -rewrite Power_s; auto with zarith. -replace (n+n0-1)%Z with (n+(n0-1))%Z by omega. -rewrite Hind; auto with zarith. -rewrite (Power_s x n0). -ring. -omega. -*) -Qed. - - diff --git a/examples/programs/power/power_WP_M_WP_parameter_fast_exp_imperative_3.v b/examples/programs/power/power_WP_M_WP_parameter_fast_exp_imperative_3.v index 312b7960c..42ecfe547 100644 --- a/examples/programs/power/power_WP_M_WP_parameter_fast_exp_imperative_3.v +++ b/examples/programs/power/power_WP_M_WP_parameter_fast_exp_imperative_3.v @@ -3,60 +3,35 @@ Require Import ZArith. Require Import Rbase. Require Import ZOdiv. -Definition unit := unit. - -Parameter mark : Type. - -Parameter at1: forall (a:Type), a -> mark -> a. - -Implicit Arguments at1. - -Parameter old: forall (a:Type), a -> a. - -Implicit Arguments old. - -Axiom Abs_le : forall (x:Z) (y:Z), ((Zabs x) <= y)%Z <-> (((-y)%Z <= x)%Z /\ - (x <= y)%Z). - -Parameter power: Z -> Z -> Z. +Require int.Int. +Require int.Abs. +Require int.ComputerDivision. +Require int.Power. +(* Why3 assumption *) +Definition unit := unit. -Axiom Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). - -Axiom Power_s : forall (x:Z) (n:Z), (0%Z < n)%Z -> ((power x - n) = (x * (power x (n - 1%Z)%Z))%Z). - -Axiom Power_1 : forall (x:Z), ((power x 1%Z) = x). - -Axiom Power_sum : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> - ((power x (n + m)%Z) = ((power x n) * (power x m))%Z)). - -Axiom Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> - ((power x (n * m)%Z) = (power (power x n) m))). - -Axiom Power_mult2 : forall (x:Z) (y:Z) (n:Z), (0%Z <= n)%Z -> - ((power (x * y)%Z n) = ((power x n) * (power y n))%Z). - +(* Why3 assumption *) Inductive ref (a:Type) := | mk_ref : a -> ref a. Implicit Arguments mk_ref. -Definition contents (a:Type)(u:(ref a)): a := - match u with - | mk_ref contents1 => contents1 +(* Why3 assumption *) +Definition contents (a:Type)(v:(ref a)): a := + match v with + | (mk_ref x) => x end. Implicit Arguments contents. -(* YOU MAY EDIT THE CONTEXT BELOW *) - -(* DO NOT EDIT BELOW *) +Import Power. -Theorem WP_parameter_fast_exp_imperative : forall (x:Z), forall (n:Z), - (0%Z <= n)%Z -> forall (e:Z), forall (p:Z), forall (r:Z), ((0%Z <= e)%Z /\ - ((r * (power p e))%Z = (power x n))) -> ((0%Z < e)%Z -> +(* Why3 goal *) +Theorem WP_parameter_fast_exp_imperative : forall (x:Z) (n:Z), + (0%Z <= n)%Z -> forall (e:Z) (p:Z) (r:Z), ((0%Z <= e)%Z /\ + ((r * (int.Power.power p e))%Z = (int.Power.power x n))) -> ((0%Z < e)%Z -> ((~ ((ZOmod e 2%Z) = 1%Z)) -> forall (p1:Z), (p1 = (p * p)%Z) -> - forall (e1:Z), (e1 = (ZOdiv e 2%Z)) -> ((r * (power p1 e1))%Z = (power x - n)))). + forall (e1:Z), (e1 = (ZOdiv e 2%Z)) -> ((r * (int.Power.power p1 + e1))%Z = (int.Power.power x n)))). (* YOU MAY EDIT THE PROOF BELOW *) intros x n Hn e0 p0 r0 (He0,Hind). intros He0' Hmod p1 Hp e1 He. @@ -72,6 +47,5 @@ rewrite Power_mult2; auto with zarith. rewrite h at 3. rewrite Power_sum; omega. Qed. -(* DO NOT EDIT BELOW *) diff --git a/examples/programs/power/why3session.xml b/examples/programs/power/why3session.xml index 5939dcc30..a47e93e59 100644 --- a/examples/programs/power/why3session.xml +++ b/examples/programs/power/why3session.xml @@ -1,7 +1,7 @@ - + + name="power/why3session.xml" shape_version="2"> + expanded="true"> - - - - - - - - - - - - - - - - - - - - - - - - - @@ -127,19 +41,19 @@ name="expl:parameter fast_exp"/> - + @@ -151,10 +65,10 @@ expanded="true"> @@ -174,7 +88,7 @@ memlimit="0" obsolete="false" archived="false"> - + - + @@ -230,7 +174,7 @@ memlimit="0" obsolete="false" archived="false"> - + - + - + @@ -266,10 +210,10 @@ expanded="true"> @@ -281,7 +225,7 @@ memlimit="0" obsolete="false" archived="false"> - + - + - + @@ -313,22 +257,22 @@ name="expl:parameter fast_exp_imperative"/> - + @@ -340,7 +284,7 @@ memlimit="0" obsolete="false" archived="false"> - + - + - + @@ -376,30 +320,22 @@ expanded="true"> diff --git a/lib/coq/int/Power.v b/lib/coq/int/Power.v new file mode 100644 index 000000000..5a1306e9b --- /dev/null +++ b/lib/coq/int/Power.v @@ -0,0 +1,95 @@ +(* This file is generated by Why3's Coq driver *) +(* Beware! Only edit allowed sections below *) +Require Import ZArith. +Require Import Rbase. +Require int.Int. + +(* Why3 goal *) +Definition power: Z -> Z -> Z. +Admitted. + +(* Why3 goal *) +Lemma Power_0 : forall (x:Z), ((power x 0%Z) = 1%Z). +intros x. + +Admitted. + +(* Why3 goal *) +Lemma Power_s : forall (x:Z) (n:Z), (0%Z <= n)%Z -> ((power x + (n + 1%Z)%Z) = (x * (power x n))%Z). +intros x n h1. + +Admitted. + +(* Why3 goal *) +Lemma Power_1 : forall (x:Z), ((power x 1%Z) = x). +intros x. + +Admitted. + +(* Why3 goal *) +Lemma Power_sum : forall (x:Z) (n:Z) (m:Z), ((0%Z <= n)%Z /\ (0%Z <= m)%Z) -> + ((power x (n + m)%Z) = ((power x n) * (power x m))%Z). +intros x n m (Hn, Hm). +generalize Hm. +pattern m. +apply Z_lt_induction; auto. +intros n0 Hind Hn0. +assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega. +destruct h. +subst n0; rewrite Power_0; ring_simplify (n+0)%Z; ring. +replace (n+n0)%Z with ((n+n0-1)+1)%Z by omega. +rewrite Power_s; auto with zarith. +replace (n+n0-1)%Z with (n+(n0-1))%Z by omega. +rewrite Hind; auto with zarith. +replace (power x n0) with (power x ((n0-1)+1)%Z). +rewrite (Power_s x (n0-1)%Z). +ring. +omega. +apply f_equal2; auto. +omega. +Qed. + +(* Why3 goal *) +Lemma Power_mult : forall (x:Z) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> + ((power x (n * m)%Z) = (power (power x n) m))). +intros x n m Hn Hm. +generalize Hm. +pattern m. +apply Z_lt_induction; auto. +intros n0 Hind Hn0. +assert (h:(n0 = 0 \/ n0 > 0)%Z) by omega. +destruct h. +subst n0; rewrite Power_0; ring_simplify (n * 0)%Z. +apply Power_0. +replace (n*n0)%Z with (n*(n0-1)+n)%Z by ring. +rewrite Power_sum; auto with zarith. +rewrite Hind; auto with zarith. +rewrite <- (Power_1 (power x n)) at 2. +rewrite <- Power_sum; auto with zarith. +ring_simplify (n0 - 1 + 1)%Z; auto. +Qed. + +(* Why3 goal *) +Lemma Power_mult2 : forall (x:Z) (y:Z) (n:Z), (0%Z <= n)%Z -> + ((power (x * y)%Z n) = ((power x n) * (power y n))%Z). +intros x y n Hn. +generalize Hn. +pattern n. +apply natlike_ind; auto. +intros; do 3 rewrite Power_0. +omega. +intros. +replace (Zsucc x0) with (x0+1)%Z by omega. +rewrite Power_s. +2:omega. +rewrite (Power_s x x0). +rewrite (Power_s y x0). +rewrite H0. +ring. +omega. +omega. +omega. +Qed. + + diff --git a/modules/array.mlw b/modules/array.mlw index 994d146f9..621509dab 100644 --- a/modules/array.mlw +++ b/modules/array.mlw @@ -217,6 +217,7 @@ module NumOfParam predicate pr_ (p: param_) (i: int) = let (a, p) = p in pr p i a[i] clone import int.NumOfParam with type param = param_, predicate pr = pr_ + (* the number of a[i] such that [l <= i < u] and [pr p i a[i]] *) function numof (a: array elt) (p: param) (l u: int) : int = num_of (a, p) l u end diff --git a/theories/int.why b/theories/int.why index 94ba5670f..1e65a290c 100644 --- a/theories/int.why +++ b/theories/int.why @@ -205,6 +205,9 @@ theory Exponentiation lemma Power_mult : forall x:t, n m : int. 0 <= n -> 0 <= m -> power x (Int.(*) n m) = power (power x n) m + lemma Power_mult2 : forall x y: t, n: int. 0 <= n -> + power (x * y) n = power x n * power y n + end (** {2 Power of an integer to an integer } *) @@ -234,7 +237,7 @@ theory NumOfParam predicate pr param int - (** number of [n] such that [a <= n < b] and [pr(p,n)] *) + (** number of [n] such that [a <= n < b] and [pr p n] *) function num_of (p : param) (a b : int) : int axiom Num_of_empty : -- GitLab