Commit 201e0da2 by Guillaume Melquiond

Update parts of Coq realizations whose printing looks sane.

parent a9bccabd
 ... ... @@ -271,8 +271,7 @@ Defined. (* Why3 goal *) Lemma Nth_bw_and : forall (v1:t) (v2:t) (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> forall (v1:t) (v2:t) (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> ((nth (bw_and v1 v2) n) = (Init.Datatypes.andb (nth v1 n) (nth v2 n))). symmetry. apply nth_aux_map2 with (f := fun x y => x && y); easy. ... ... @@ -285,8 +284,7 @@ Defined. (* Why3 goal *) Lemma Nth_bw_or : forall (v1:t) (v2:t) (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> forall (v1:t) (v2:t) (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> ((nth (bw_or v1 v2) n) = (Init.Datatypes.orb (nth v1 n) (nth v2 n))). symmetry. apply nth_aux_map2; easy. ... ... @@ -299,8 +297,7 @@ Defined. (* Why3 goal *) Lemma Nth_bw_xor : forall (v1:t) (v2:t) (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> forall (v1:t) (v2:t) (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> ((nth (bw_xor v1 v2) n) = (Init.Datatypes.xorb (nth v1 n) (nth v2 n))). symmetry. apply nth_aux_map2; easy. ... ... @@ -313,8 +310,7 @@ Defined. (* Why3 goal *) Lemma Nth_bw_not : forall (v:t) (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> forall (v:t) (n:Z), ((0%Z <= n)%Z /\ (n < size)%Z) -> ((nth (bw_not v) n) = (Init.Datatypes.negb (nth v n))). symmetry. apply nth_aux_map; easy. ... ... @@ -342,17 +338,18 @@ Lemma bshiftRl_iter_nth : forall b s m, Qed. (* Why3 goal *) Lemma Lsr_nth_low : forall (b:t) (n:Z) (s:Z), (0%Z <= s)%Z -> ((0%Z <= n)%Z -> (((n + s)%Z < size)%Z -> ((nth (lsr b s) n) = (nth b (n + s)%Z)))). Lemma Lsr_nth_low : forall (b:t) (n:Z) (s:Z), (0%Z <= s)%Z -> (0%Z <= n)%Z -> ((n + s)%Z < size)%Z -> ((nth (lsr b s) n) = (nth b (n + s)%Z)). intros b n s h1 h2 h3. rewrite <-Z2Nat.id with (n := s) at 2; auto. apply bshiftRl_iter_nth; omega. Qed. (* Why3 goal *) Lemma Lsr_nth_high : forall (b:t) (n:Z) (s:Z), (0%Z <= s)%Z -> ((0%Z <= n)%Z -> ((size <= (n + s)%Z)%Z -> ((nth (lsr b s) n) = false))). Lemma Lsr_nth_high : forall (b:t) (n:Z) (s:Z), (0%Z <= s)%Z -> (0%Z <= n)%Z -> (size <= (n + s)%Z)%Z -> ((nth (lsr b s) n) = false). intros b n s h1 h2 h3. unfold nth,lsr. cut (nth_aux b (n + Z.of_nat (Z.to_nat s)) = false). ... ... @@ -445,9 +442,9 @@ Lemma BshiftRa_iter_nth_low : forall (b:t) (s:nat) (n:Z), Qed. (* Why3 goal *) Lemma Asr_nth_low : forall (b:t) (n:Z) (s:Z), (0%Z <= s)%Z -> (((0%Z <= n)%Z /\ (n < size)%Z) -> (((n + s)%Z < size)%Z -> ((nth (asr b s) n) = (nth b (n + s)%Z)))). Lemma Asr_nth_low : forall (b:t) (n:Z) (s:Z), (0%Z <= s)%Z -> ((0%Z <= n)%Z /\ (n < size)%Z) -> ((n + s)%Z < size)%Z -> ((nth (asr b s) n) = (nth b (n + s)%Z)). unfold nth, lsr. intros. assert ((n + s)%Z = (n + Z.of_nat (Z.to_nat s))%Z). ... ... @@ -491,9 +488,9 @@ Lemma BhiftRa_iter_nth_high : forall (b:t) (s:nat) (n:Z), Qed. (* Why3 goal *) Lemma Asr_nth_high : forall (b:t) (n:Z) (s:Z), (0%Z <= s)%Z -> (((0%Z <= n)%Z /\ (n < size)%Z) -> ((size <= (n + s)%Z)%Z -> ((nth (asr b s) n) = (nth b (size - 1%Z)%Z)))). Lemma Asr_nth_high : forall (b:t) (n:Z) (s:Z), (0%Z <= s)%Z -> ((0%Z <= n)%Z /\ (n < size)%Z) -> (size <= (n + s)%Z)%Z -> ((nth (asr b s) n) = (nth b (size - 1%Z)%Z)). unfold nth, asr. intros. apply BhiftRa_iter_nth_high. ... ... @@ -529,8 +526,7 @@ Qed. (* Why3 goal *) Lemma Lsl_nth_high : forall (b:t) (n:Z) (s:Z), ((0%Z <= s)%Z /\ ((s <= n)%Z /\ (n < size)%Z)) -> forall (b:t) (n:Z) (s:Z), ((0%Z <= s)%Z /\ ((s <= n)%Z /\ (n < size)%Z)) -> ((nth (lsl b s) n) = (nth b (n - s)%Z)). intros. unfold lsl, nth. ... ... @@ -560,8 +556,8 @@ Qed. (* Why3 goal *) Lemma Lsl_nth_low : forall (b:t) (n:Z) (s:Z), ((0%Z <= n)%Z /\ (n < s)%Z) -> ((nth (lsl b s) n) = false). forall (b:t) (n:Z) (s:Z), ((0%Z <= n)%Z /\ (n < s)%Z) -> ((nth (lsl b s) n) = false). intros. apply Lsl_nth_low_aux. rewrite Z2Nat.id; omega. ... ... @@ -1100,9 +1096,10 @@ Definition rotate_right : t -> Z -> t. Defined. (* Why3 goal *) Lemma Nth_rotate_right : forall (v:t) (n:Z) (i:Z), ((0%Z <= i)%Z /\ (i < size)%Z) -> ((0%Z <= n)%Z -> ((nth (rotate_right v n) i) = (nth v (int.EuclideanDivision.mod1 (i + n)%Z size)))). Lemma Nth_rotate_right : forall (v:t) (n:Z) (i:Z), ((0%Z <= i)%Z /\ (i < size)%Z) -> (0%Z <= n)%Z -> ((nth (rotate_right v n) i) = (nth v (int.EuclideanDivision.mod1 (i + n)%Z size))). intros v n i h1 h2. revert h2; revert n. apply Z_of_nat_prop. ... ... @@ -1123,9 +1120,10 @@ Definition rotate_left : t -> Z -> t. Defined. (* Why3 goal *) Lemma Nth_rotate_left : forall (v:t) (n:Z) (i:Z), ((0%Z <= i)%Z /\ (i < size)%Z) -> ((0%Z <= n)%Z -> ((nth (rotate_left v n) i) = (nth v (int.EuclideanDivision.mod1 (i - n)%Z size)))). Lemma Nth_rotate_left : forall (v:t) (n:Z) (i:Z), ((0%Z <= i)%Z /\ (i < size)%Z) -> (0%Z <= n)%Z -> ((nth (rotate_left v n) i) = (nth v (int.EuclideanDivision.mod1 (i - n)%Z size))). intros v n i h1 h2. revert h2; revert n. apply Z_of_nat_prop. ... ... @@ -1185,9 +1183,11 @@ Definition to_int : t -> Z. Defined. (* Why3 goal *) Lemma to_int_def : forall (x:t), ((is_signed_positive x) -> ((to_int x) = (to_uint x))) /\ ((~ (is_signed_positive x)) -> ((to_int x) = (-(two_power_size - (to_uint x))%Z)%Z)). Lemma to_int_def : forall (x:t), ((is_signed_positive x) -> ((to_int x) = (to_uint x))) /\ (~ (is_signed_positive x) -> ((to_int x) = (-(two_power_size - (to_uint x))%Z)%Z)). intros. split. - unfold to_int, to_uint,is_signed_positive, twos_complement, size_nat. intros. ... ... @@ -1331,8 +1331,9 @@ Qed. (* end of to_uint helpers *) (* Why3 goal *) Lemma to_uint_of_int : forall (i:Z), ((0%Z <= i)%Z /\ (i < two_power_size)%Z) -> ((to_uint (of_int i)) = i). Lemma to_uint_of_int : forall (i:Z), ((0%Z <= i)%Z /\ (i < two_power_size)%Z) -> ((to_uint (of_int i)) = i). intros i h1; destruct h1. unfold to_uint, of_int. rewrite bvec_to_nat_nat_to_bvec. ... ... @@ -1462,18 +1463,21 @@ Definition add : t -> t -> t. Defined. (* Why3 goal *) Lemma to_uint_add : forall (v1:t) (v2:t), ((to_uint (add v1 v2)) = (int.EuclideanDivision.mod1 ((to_uint v1) + (to_uint v2))%Z two_power_size)). Lemma to_uint_add : forall (v1:t) (v2:t), ((to_uint (add v1 v2)) = (int.EuclideanDivision.mod1 ((to_uint v1) + (to_uint v2))%Z two_power_size)). intros v1 v2. apply to_uint_of_int. apply mod1_in_range2. Qed. (* Why3 goal *) Lemma to_uint_add_bounded : forall (v1:t) (v2:t), (((to_uint v1) + (to_uint v2))%Z < two_power_size)%Z -> ((to_uint (add v1 v2)) = ((to_uint v1) + (to_uint v2))%Z). Lemma to_uint_add_bounded : forall (v1:t) (v2:t), (((to_uint v1) + (to_uint v2))%Z < two_power_size)%Z -> ((to_uint (add v1 v2)) = ((to_uint v1) + (to_uint v2))%Z). intros v1 v2 h1. rewrite <-(mod1_out (to_uint v1 + to_uint v2) two_power_size). apply to_uint_add. ... ... @@ -1486,9 +1490,11 @@ Definition sub : t -> t -> t. Defined. (* Why3 goal *) Lemma to_uint_sub : forall (v1:t) (v2:t), ((to_uint (sub v1 v2)) = (int.EuclideanDivision.mod1 ((to_uint v1) - (to_uint v2))%Z two_power_size)). Lemma to_uint_sub : forall (v1:t) (v2:t), ((to_uint (sub v1 v2)) = (int.EuclideanDivision.mod1 ((to_uint v1) - (to_uint v2))%Z two_power_size)). intros v1 v2. apply to_uint_of_int, mod1_in_range2. Qed. ... ... @@ -1524,9 +1530,11 @@ Definition mul : t -> t -> t. Defined. (* Why3 goal *) Lemma to_uint_mul : forall (v1:t) (v2:t), ((to_uint (mul v1 v2)) = (int.EuclideanDivision.mod1 ((to_uint v1) * (to_uint v2))%Z two_power_size)). Lemma to_uint_mul : forall (v1:t) (v2:t), ((to_uint (mul v1 v2)) = (int.EuclideanDivision.mod1 ((to_uint v1) * (to_uint v2))%Z two_power_size)). intros v1 v2. apply to_uint_of_int, mod1_in_range2. Qed. ... ... @@ -1634,9 +1642,11 @@ Lemma lsl_bv_is_lsl : Qed. (* Why3 goal *) Lemma to_uint_lsl : forall (v:t) (n:t), ((to_uint (lsl_bv v n)) = (int.EuclideanDivision.mod1 ((to_uint v) * (bv.Pow2int.pow2 (to_uint n)))%Z two_power_size)). Lemma to_uint_lsl : forall (v:t) (n:t), ((to_uint (lsl_bv v n)) = (int.EuclideanDivision.mod1 ((to_uint v) * (bv.Pow2int.pow2 (to_uint n)))%Z two_power_size)). intros v n. apply to_uint_lsl_aux. Qed. ... ... @@ -1735,8 +1745,7 @@ Qed. (* Why3 goal *) Lemma Nth_bv_is_nth2 : forall (x:t) (i:Z), ((0%Z <= i)%Z /\ (i < two_power_size)%Z) -> forall (x:t) (i:Z), ((0%Z <= i)%Z /\ (i < two_power_size)%Z) -> ((nth_bv x (of_int i)) = (nth x i)). intros x i h1. rewrite <-Nth_bv_is_nth. ... ...
 ... ... @@ -38,8 +38,7 @@ Qed. (* Why3 goal *) Lemma Power_sum : forall (n:Z) (m:Z), ((0%Z <= n)%Z /\ (0%Z <= m)%Z) -> forall (n:Z) (m:Z), ((0%Z <= n)%Z /\ (0%Z <= m)%Z) -> ((pow2 (n + m)%Z) = ((pow2 n) * (pow2 m))%Z). unfold pow2. intros n m [H1 H2]. ... ...
 ... ... @@ -67,27 +67,32 @@ Qed. (* Why3 goal *) Lemma Round_monotonic : forall (m:floating_point.Rounding.mode) (x:R) (y:R), (x <= y)%R -> ((round m x) <= (round m y))%R. forall (m:floating_point.Rounding.mode) (x:R) (y:R), (x <= y)%R -> ((round m x) <= (round m y))%R. now apply Round_monotonic. Qed. (* Why3 goal *) Lemma Round_idempotent : forall (m1:floating_point.Rounding.mode) (m2:floating_point.Rounding.mode) (x:R), ((round m1 (round m2 x)) = (round m2 x)). Lemma Round_idempotent : forall (m1:floating_point.Rounding.mode) (m2:floating_point.Rounding.mode) (x:R), ((round m1 (round m2 x)) = (round m2 x)). now apply Round_idempotent. Qed. (* Why3 goal *) Lemma Round_value : forall (m:floating_point.Rounding.mode) (x:floating_point.DoubleFormat.double), ((round m (value x)) = (value x)). Lemma Round_value : forall (m:floating_point.Rounding.mode) (x:floating_point.DoubleFormat.double), ((round m (value x)) = (value x)). now apply Round_value. Qed. (* Why3 goal *) Lemma Bounded_value : forall (x:floating_point.DoubleFormat.double), ((Reals.Rbasic_fun.Rabs (value x)) <= (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R. Lemma Bounded_value : forall (x:floating_point.DoubleFormat.double), ((Reals.Rbasic_fun.Rabs (value x)) <= (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R. now apply Bounded_value. Qed. ... ... @@ -137,8 +142,8 @@ Defined. (* Why3 goal *) Lemma Round_logic_def : forall (m:floating_point.Rounding.mode) (x:R), (no_overflow m x) -> ((value (round_logic m x)) = (round m x)). forall (m:floating_point.Rounding.mode) (x:R), (no_overflow m x) -> ((value (round_logic m x)) = (round m x)). Proof. exact (Round_logic_def 53 1024 (refl_equal true) (refl_equal true)). Qed. ... ...
 ... ... @@ -65,7 +65,8 @@ Qed. Lemma Bounded_real_no_overflow : forall (m:floating_point.Rounding.mode) (x:R), ((Reals.Rbasic_fun.Rabs x) <= (33554430 * 10141204801825835211973625643008)%R)%R -> no_overflow m x. (33554430 * 10141204801825835211973625643008)%R)%R -> no_overflow m x. intros m x Hx. unfold no_overflow. rewrite max_single_eq in *. ... ... @@ -74,22 +75,25 @@ Qed. (* Why3 goal *) Lemma Round_monotonic : forall (m:floating_point.Rounding.mode) (x:R) (y:R), (x <= y)%R -> ((round m x) <= (round m y))%R. forall (m:floating_point.Rounding.mode) (x:R) (y:R), (x <= y)%R -> ((round m x) <= (round m y))%R. apply Round_monotonic. easy. Qed. (* Why3 goal *) Lemma Round_idempotent : forall (m1:floating_point.Rounding.mode) (m2:floating_point.Rounding.mode) (x:R), ((round m1 (round m2 x)) = (round m2 x)). Lemma Round_idempotent : forall (m1:floating_point.Rounding.mode) (m2:floating_point.Rounding.mode) (x:R), ((round m1 (round m2 x)) = (round m2 x)). now apply Round_idempotent. Qed. (* Why3 goal *) Lemma Round_value : forall (m:floating_point.Rounding.mode) (x:floating_point.SingleFormat.single), ((round m (value x)) = (value x)). Lemma Round_value : forall (m:floating_point.Rounding.mode) (x:floating_point.SingleFormat.single), ((round m (value x)) = (value x)). now apply Round_value. Qed. ... ... @@ -148,8 +152,8 @@ Defined. (* Why3 goal *) Lemma Round_logic_def : forall (m:floating_point.Rounding.mode) (x:R), (no_overflow m x) -> ((value (round_logic m x)) = (round m x)). forall (m:floating_point.Rounding.mode) (x:R), (no_overflow m x) -> ((value (round_logic m x)) = (round m x)). Proof. intros m x. unfold no_overflow. ... ...
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
 ... ... @@ -25,7 +25,8 @@ Require Import Zquot. (* mod1 is replaced with (ZArith.BinInt.Z.rem x x1) by the coq driver *) (* Why3 goal *) Lemma Div_mod : forall (x:Z) (y:Z), (~ (y = 0%Z)) -> Lemma Div_mod : forall (x:Z) (y:Z), ~ (y = 0%Z) -> (x = ((y * (ZArith.BinInt.Z.quot x y))%Z + (ZArith.BinInt.Z.rem x y))%Z). intros x y _. apply Z.quot_rem'. ... ... @@ -33,8 +34,7 @@ Qed. (* Why3 goal *) Lemma Div_bound : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) -> forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) -> (0%Z <= (ZArith.BinInt.Z.quot x y))%Z /\ ((ZArith.BinInt.Z.quot x y) <= x)%Z. intros x y (Hx,Hy). ... ... @@ -52,8 +52,7 @@ Qed. (* Why3 goal *) Lemma Mod_bound : forall (x:Z) (y:Z), ~ (y = 0%Z) -> forall (x:Z) (y:Z), ~ (y = 0%Z) -> ((-(ZArith.BinInt.Z.abs y))%Z < (ZArith.BinInt.Z.rem x y))%Z /\ ((ZArith.BinInt.Z.rem x y) < (ZArith.BinInt.Z.abs y))%Z. intros x y Zy. ... ... @@ -69,16 +68,16 @@ Qed. (* Why3 goal *) Lemma Div_sign_pos : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) -> (0%Z <= (ZArith.BinInt.Z.quot x y))%Z. forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) -> (0%Z <= (ZArith.BinInt.Z.quot x y))%Z. intros x y (Hx, Hy). now apply Z.quot_pos. Qed. (* Why3 goal *) Lemma Div_sign_neg : forall (x:Z) (y:Z), ((x <= 0%Z)%Z /\ (0%Z < y)%Z) -> ((ZArith.BinInt.Z.quot x y) <= 0%Z)%Z. forall (x:Z) (y:Z), ((x <= 0%Z)%Z /\ (0%Z < y)%Z) -> ((ZArith.BinInt.Z.quot x y) <= 0%Z)%Z. intros x y (Hx, Hy). generalize (Z.quot_pos (-x) y). rewrite Zquot_opp_l. ... ... @@ -87,22 +86,23 @@ Qed. (* Why3 goal *) Lemma Mod_sign_pos : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ ~ (y = 0%Z)) -> (0%Z <= (ZArith.BinInt.Z.rem x y))%Z. forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ ~ (y = 0%Z)) -> (0%Z <= (ZArith.BinInt.Z.rem x y))%Z. intros x y (Hx, Zy). now apply Zrem_lt_pos. Qed. (* Why3 goal *) Lemma Mod_sign_neg : forall (x:Z) (y:Z), ((x <= 0%Z)%Z /\ ~ (y = 0%Z)) -> ((ZArith.BinInt.Z.rem x y) <= 0%Z)%Z. forall (x:Z) (y:Z), ((x <= 0%Z)%Z /\ ~ (y = 0%Z)) -> ((ZArith.BinInt.Z.rem x y) <= 0%Z)%Z. intros x y (Hx, Zy). now apply Zrem_lt_neg. Qed. (* Why3 goal *) Lemma Rounds_toward_zero : forall (x:Z) (y:Z), (~ (y = 0%Z)) -> Lemma Rounds_toward_zero : forall (x:Z) (y:Z), ~ (y = 0%Z) -> ((ZArith.BinInt.Z.abs ((ZArith.BinInt.Z.quot x y) * y)%Z) <= (ZArith.BinInt.Z.abs x))%Z. intros x y Zy. ... ... @@ -125,15 +125,15 @@ Qed. (* Why3 goal *) Lemma Div_inf : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (x < y)%Z) -> ((ZArith.BinInt.Z.quot x y) = 0%Z). forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (x < y)%Z) -> ((ZArith.BinInt.Z.quot x y) = 0%Z). exact Z.quot_small. Qed. (* Why3 goal *) Lemma Mod_inf : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (x < y)%Z) -> ((ZArith.BinInt.Z.rem x y) = x). forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (x < y)%Z) -> ((ZArith.BinInt.Z.rem x y) = x). exact Z.rem_small. Qed. ... ...
 ... ... @@ -40,8 +40,7 @@ Qed. (* Why3 goal *) Lemma Mod_bound : forall (x:Z) (y:Z), ~ (y = 0%Z) -> forall (x:Z) (y:Z), ~ (y = 0%Z) -> (0%Z <= (mod1 x y))%Z /\ ((mod1 x y) < (ZArith.BinInt.Z.abs y))%Z. intros x y Zy. zify. ... ... @@ -57,7 +56,8 @@ omega. Qed. (* Why3 goal *) Lemma Div_unique : forall (x:Z) (y:Z) (q:Z), (0%Z < y)%Z -> Lemma Div_unique : forall (x:Z) (y:Z) (q:Z), (0%Z < y)%Z -> (((q * y)%Z <= x)%Z /\ (x < ((q * y)%Z + y)%Z)%Z) -> ((div x y) = q). intros x y q h1 (h2,h3). assert (h:(~(y=0))%Z) by omega. ... ... @@ -80,8 +80,8 @@ Qed. (* Why3 goal *) Lemma Div_bound : forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) -> (0%Z <= (div x y))%Z /\ ((div x y) <= x)%Z. forall (x:Z) (y:Z), ((0%Z <= x)%Z /\ (0%Z < y)%Z) -> (0%Z <= (div x y))%Z /\ ((div x y) <= x)%Z. intros x y (Hx,Hy). unfold div. case Z_le_dec ; intros H. ... ... @@ -127,8 +127,8 @@ Qed. (* Why3 goal *) Lemma Div_inf_neg : forall (x:Z) (y:Z), ((0%Z < x)%Z /\ (x <= y)%Z) -> ((div (-x)%Z y) = (-1%Z)%Z). forall (x:Z) (y:Z), ((0%Z < x)%Z /\ (x <= y)%Z) -> ((div (-x)%Z y) = (-1%Z)%Z). intros x y Hxy. assert (h: (x < y \/ x = y)%Z) by omega. destruct h. ... ... @@ -207,8 +207,8 @@ Open Scope Z_scope. (* Why3 goal *) Lemma Div_mult : forall (x:Z) (y:Z) (z:Z), (0%Z < x)%Z -> ((div ((x * y)%Z + z)%Z x) = (y + (div z x))%Z). forall (x:Z) (y:Z) (z:Z), (0%Z < x)%Z -> ((div ((x * y)%Z + z)%Z x) = (y + (div z x))%Z). intros x y z h. unfold div. destruct (Z_le_dec 0 (z mod x)). ... ... @@ -221,8 +221,8 @@ Qed. (* Why3 goal *) Lemma Mod_mult : forall (x:Z) (y:Z) (z:Z), (0%Z < x)%Z -> ((mod1 ((x * y)%Z + z)%Z x) = (mod1 z x)). forall (x:Z) (y:Z) (z:Z), (0%Z < x)%Z -> ((mod1 ((x * y)%Z + z)%Z x) = (mod1 z x)). intros x y z h. unfold mod1. rewrite Div_mult. ... ...
 ... ... @@ -53,8 +53,8 @@ Qed. (* Why3 goal *) Lemma Power_s : forall (x:t) (n:Z), (0%Z <= n)%Z -> ((power x (n + 1%Z)%Z) = (infix_as x (power x n))). forall (x:t) (n:Z), (0%Z <= n)%Z -> ((power x (n + 1%Z)%Z) = (infix_as x (power x n))). Proof. intros x n h1. unfold power. ... ... @@ -64,8 +64,8 @@ Qed. (* Why3 goal *) Lemma Power_s_alt : forall (x:t) (n:Z), (0%Z < n)%Z -> ((power x n) = (infix_as x (power x (n - 1%Z)%Z))). forall (x:t) (n:Z), (0%Z < n)%Z -> ((power x n) = (infix_as x (power x (n - 1%Z)%Z))). Proof. intros x n h1. rewrite <- Power_s; auto with zarith. ... ... @@ -79,8 +79,9 @@ exact Unit_def_r. Qed. (* Why3 goal *) Lemma Power_sum : forall (x:t) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n + m)%Z) = (infix_as (power x n) (power x m)))). Lemma Power_sum : forall (x:t) (n:Z) (m:Z), (0%Z <= n)%Z -> (0%Z <= m)%Z -> ((power x (n + m)%Z) = (infix_as (power x n) (power x m))). Proof. intros x n m Hn Hm. revert n Hn. ... ... @@ -94,8 +95,9 @@ now rewrite <- Assoc, <- Power_s. Qed. (* Why3 goal *) Lemma Power_mult : forall (x:t) (n:Z) (m:Z), (0%Z <= n)%Z -> ((0%Z <= m)%Z -> ((power x (n * m)%Z) = (power (power x n) m))). Lemma Power_mult : forall (x:t) (n:Z) (m:Z), (0%Z <= n)%Z -> (0%Z <= m)%Z -> ((power x (n * m)%Z) = (power (power x n) m)). Proof. intros x n m Hn Hm. revert m Hm. ... ... @@ -109,9 +111,9 @@ now rewrite <- Power_s. Qed. (* Why3 goal *) Lemma Power_comm1 : forall (x:t) (y:t), ((infix_as x y) = (infix_as y x)) -> forall (n:Z), (0%Z <= n)%Z -> ((infix_as (power x n) y) = (infix_as y (power x n))). Lemma Power_comm1 : forall (x:t) (y:t), ((infix_as x y) = (infix_as y x)) -> forall (n:Z), (0%Z <= n)%Z -> ((infix_as (power x n) y) = (infix_as y (power x n))). Proof. intros x y comm. apply natlike_ind. ... ... @@ -127,9 +129,10 @@ now rewrite comm. Qed. (* Why3 goal *) Lemma Power_comm2 : forall (x:t) (y:t), ((infix_as x y) = (infix_as y x)) -> forall (n:Z), (0%Z <= n)%Z -> ((power (infix_as x y) n) = (infix_as (power x n) (power y n))). Lemma Power_comm2 : forall (x:t) (y:t), ((infix_as x y) = (infix_as y x)) -> forall (n:Z), (0%Z <= n)%Z -> ((power (infix_as x y) n) = (infix_as (power x n) (power y n))). Proof. intros x y comm. apply natlike_ind. ... ...
 ... ... @@ -166,8 +166,8 @@ Qed. (* Why3 goal *) Lemma CompatOrderMult : forall (x:Z) (y:Z) (z:Z), (x <= y)%Z -> (0%Z <= z)%Z -> ((x * z)%Z <= (y * z)%Z)%Z. forall (x:Z) (y:Z) (z:Z), (x <= y)%Z -> (0%Z <= z)%Z -> ((x * z)%Z <= (y * z)%Z)%Z. Proof. exact Zmult_le_compat_r. Qed. ... ...
 ... ... @@ -29,10 +29,13 @@ Proof. Defined. (* Why3 goal *) Lemma numof_def : forall (p:(Z -> bool)) (a:Z) (b:Z), ((b <= a)%Z -> ((numof p a b) = 0%Z)) /\ ((~ (b <= a)%Z) -> ((((p (b - 1%Z)%Z) = true) -> ((numof p a b) = (1%Z + (numof p a (b - 1%Z)%Z))%Z)) /\ ((~ ((p (b - 1%Z)%Z) = true)) -> ((numof p a b) = (numof p a (b - 1%Z)%Z))))). Lemma numof_def : forall (p:Z -> bool) (a:Z) (b:Z), ((b <= a)%Z -> ((numof p a b) = 0%Z)) /\ (~ (b <= a)%Z -> (((p (b - 1%Z)%Z) = true) -> ((numof p a b) = (1%Z + (numof p a (b - 1%Z)%Z))%Z)) /\ (~ ((p (b - 1%Z)%Z) = true) -> ((numof p a b) = (numof p a (b - 1%Z)%Z)))). Proof. intros p a b. unfold numof. ... ... @@ -66,8 +69,8 @@ Qed. (* Why3 goal *) Lemma Numof_bounds : forall (p:(Z -> bool)) (a:Z) (b:Z), (a < b)%Z -> (0%Z <= (numof p a b))%Z /\ ((numof p a b) <= (b - a)%Z)%Z. forall (p:Z -> bool) (a:Z) (