Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
S
stdpp
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package Registry
Model registry
Operate
Terraform modules
Monitor
Service Desk
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Adam
stdpp
Commits
9016a9b5
Commit
9016a9b5
authored
3 years ago
by
Michael Sammler
Browse files
Options
Downloads
Patches
Plain Diff
tweak comment and fix proofs
parent
23a5f06b
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
theories/list_numbers.v
+13
-7
13 additions, 7 deletions
theories/list_numbers.v
with
13 additions
and
7 deletions
theories/list_numbers.v
+
13
−
7
View file @
9016a9b5
...
@@ -28,7 +28,9 @@ Notation max_list := (max_list_with id).
...
@@ -28,7 +28,9 @@ Notation max_list := (max_list_with id).
(** ** Conversion of integers to and from little endian *)
(** ** Conversion of integers to and from little endian *)
(** [Z_to_little_endian m n z] converts [z] into a list of [m] [n]-bit
(** [Z_to_little_endian m n z] converts [z] into a list of [m] [n]-bit
integers in the little endian format. *)
integers in the little endian format. A negative [z] is encoded using
two's-complement. If [z] uses more than [m * n] bits, these additional
bits are discarded (see [Z_of_to_little_endian]). [n] should be non-negative. *)
Fixpoint
Z_to_little_endian
(
m
:
nat
)
(
n
:
Z
)
(
z
:
Z
)
:
list
Z
:=
Fixpoint
Z_to_little_endian
(
m
:
nat
)
(
n
:
Z
)
(
z
:
Z
)
:
list
Z
:=
match
m
with
match
m
with
|
O
=>
[]
|
O
=>
[]
...
@@ -238,11 +240,12 @@ Section Z_little_endian.
...
@@ -238,11 +240,12 @@ Section Z_little_endian.
rewrite
orb_false_l
.
f_equal
.
lia
.
rewrite
orb_false_l
.
f_equal
.
lia
.
Qed
.
Qed
.
(* TODO: replace the calls to [nia] by [lia] after dropping support for Coq 8.10.2. *)
Lemma
Z_of_to_little_endian
m
n
z
:
Lemma
Z_of_to_little_endian
m
n
z
:
0
≤
n
→
0
≤
n
→
Z_of_little_endian
n
(
Z_to_little_endian
m
n
z
)
=
z
`
mod
`
2
^
(
m
*
n
)
.
Z_of_little_endian
n
(
Z_to_little_endian
m
n
z
)
=
z
`
mod
`
2
^
(
m
*
n
)
.
Proof
.
Proof
.
intros
.
rewrite
<-
Z
.
land_ones
by
l
ia
.
intros
.
rewrite
<-
Z
.
land_ones
by
n
ia
.
revert
z
.
induction
m
as
[|
m
IH
];
intros
z
;
simpl
.
revert
z
.
induction
m
as
[|
m
IH
];
intros
z
;
simpl
.
{
Z
.
bitwise
.
by
rewrite
andb_false_r
.
}
{
Z
.
bitwise
.
by
rewrite
andb_false_r
.
}
rewrite
IH
.
rewrite
IH
.
...
@@ -250,12 +253,15 @@ Section Z_little_endian.
...
@@ -250,12 +253,15 @@ Section Z_little_endian.
rewrite
Z
.
land_spec
,
Z
.
lor_spec
,
Z
.
shiftl_spec
,
!
Z
.
land_spec
by
lia
.
rewrite
Z
.
land_spec
,
Z
.
lor_spec
,
Z
.
shiftl_spec
,
!
Z
.
land_spec
by
lia
.
rewrite
(
Z_ones_spec
n
z'
)
by
lia
.
case_bool_decide
.
rewrite
(
Z_ones_spec
n
z'
)
by
lia
.
case_bool_decide
.
-
rewrite
andb_true_r
,
(
Z
.
testbit_neg_r
_
(
z'
-
n
)),
orb_false_r
by
lia
.
simpl
.
-
rewrite
andb_true_r
,
(
Z
.
testbit_neg_r
_
(
z'
-
n
)),
orb_false_r
by
lia
.
simpl
.
by
rewrite
Z_ones_spec
,
bool_decide_true
,
andb_true_r
by
l
ia
.
by
rewrite
Z_ones_spec
,
bool_decide_true
,
andb_true_r
by
n
ia
.
-
rewrite
andb_false_r
,
orb_false_l
.
-
rewrite
andb_false_r
,
orb_false_l
.
rewrite
Z
.
shiftr_spec
by
lia
.
f_equal
;
[
f_equal
;
lia
|]
.
rewrite
Z
.
shiftr_spec
by
lia
.
f_equal
;
[
f_equal
;
lia
|]
.
rewrite
!
Z_ones_spec
by
l
ia
.
apply
bool_decide_iff
.
lia
.
rewrite
!
Z_ones_spec
by
n
ia
.
apply
bool_decide_iff
.
lia
.
Qed
.
Qed
.
Lemma
Z_to_little_endian_length
m
n
z
:
length
(
Z_to_little_endian
m
n
z
)
=
m
.
Proof
.
revert
z
.
induction
m
;
naive_solver
.
Qed
.
Lemma
Z_to_little_endian_bound
m
n
z
:
Lemma
Z_to_little_endian_bound
m
n
z
:
0
≤
n
→
0
≤
n
→
Forall
(
λ
b
,
0
≤
b
<
2
^
n
)
(
Z_to_little_endian
m
n
z
)
.
Forall
(
λ
b
,
0
≤
b
<
2
^
n
)
(
Z_to_little_endian
m
n
z
)
.
...
@@ -272,11 +278,11 @@ Section Z_little_endian.
...
@@ -272,11 +278,11 @@ Section Z_little_endian.
0
≤
Z_of_little_endian
n
bs
<
2
^
(
length
bs
*
n
)
.
0
≤
Z_of_little_endian
n
bs
<
2
^
(
length
bs
*
n
)
.
Proof
.
Proof
.
intros
?
.
induction
1
as
[|
b
bs
Hb
?
IH
];
[
done
|];
simpl
.
intros
?
.
induction
1
as
[|
b
bs
Hb
?
IH
];
[
done
|];
simpl
.
apply
Z_bounded_iff_bits_nonneg'
;
[
l
ia
|..]
.
apply
Z_bounded_iff_bits_nonneg'
;
[
n
ia
|..]
.
{
apply
Z
.
lor_nonneg
.
split
;
[
lia
|]
.
apply
Z
.
shiftl_nonneg
.
lia
.
}
{
apply
Z
.
lor_nonneg
.
split
;
[
lia
|]
.
apply
Z
.
shiftl_nonneg
.
lia
.
}
intros
z'
?
.
rewrite
Z
.
lor_spec
.
intros
z'
?
.
rewrite
Z
.
lor_spec
.
rewrite
Z_bounded_iff_bits_nonneg'
in
Hb
by
lia
.
rewrite
Z_bounded_iff_bits_nonneg'
in
Hb
by
lia
.
rewrite
Hb
,
orb_false_l
,
Z
.
shiftl_spec
by
l
ia
.
rewrite
Hb
,
orb_false_l
,
Z
.
shiftl_spec
by
n
ia
.
apply
(
Z_bounded_iff_bits_nonneg'
(
length
bs
*
n
));
l
ia
.
apply
(
Z_bounded_iff_bits_nonneg'
(
length
bs
*
n
));
n
ia
.
Qed
.
Qed
.
End
Z_little_endian
.
End
Z_little_endian
.
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
