Add annotations to gmp.c

projects/lib/GmpAux.v

@@ -21,6 +21,10 @@ Local Open Scope sac.
 
 Module Aux.
 
+Lemma Z_of_nat_succ: forall (n: nat),
+  Z.of_nat (S n) = Z.of_nat n + 1.
+Proof. lia. Qed.
+
 Lemma Zpow_add_1: forall (a b: Z),
   a >= 0 -> b >= 0 ->
   a ^ (b + 1) = a ^ b * a.
@@ -29,8 +33,29 @@ Proof.
   rewrite (Z.pow_add_r a b 1); lia.
 Qed.
 
-Lemma Z_of_nat_succ: forall (n: nat),
-  Z.of_nat (S n) = Z.of_nat n + 1.
+Lemma Zmul_mod_cancel: forall (n a b: Z),
+  n >= 0 -> a > 0 -> b >= 0 ->
+  (n * a) mod (a ^ (b + 1)) = a * (n mod (a ^ b)).
+Proof.
+  intros.
+  pose proof (Z_div_mod_eq_full n (a ^ b)).
+  pose proof (Z.mod_bound_pos n (a ^ b) ltac:(lia) ltac:(nia)).
+  remember (n / a ^ b) as q eqn:Hq.
+  remember (n mod a ^ b) as rem eqn:Hrem.
+  rewrite H2.
+  rewrite Z.mul_add_distr_r.
+  rewrite (Z.mul_comm (a ^ b) q); rewrite <-Z.mul_assoc.
+  rewrite <-Zpow_add_1; try lia.
+  assert (0 <= rem * a < a ^ (b + 1)). { 
+    rewrite Zpow_add_1; try lia.
+    nia.
+  }
+  rewrite <-(Zmod_unique_full (q * a ^ (b + 1) + rem * a) (a ^ (b + 1)) q (rem * a)).
+  + lia.
+  + unfold Remainder.
+    lia.
+  + lia.
+Qed.
 
 Lemma Zdiv_mod_pow: forall (n a b: Z),
   a > 0 -> b >= 0 -> n >= 0 ->
@@ -59,5 +84,21 @@ Proof.
     exists q.
     lia.
 Qed.
+
+Lemma list_app_cons: forall (l1 l2: list Z) (a: Z),
+  app l1 (a :: l2) = app (app l1 (a :: nil)) l2.
+Proof.
+  intros.
+  revert a l2.
+  induction l1.
+  + intros.
+    rewrite app_nil_l.
+    reflexivity.
+  + intros.
+    simpl in *.
+    specialize (IHl1 a0 l2).
+    rewrite IHl1.
+    reflexivity.
+Qed.
       
 End Aux.

projects/lib/GmpNumber.v

@@ -9,6 +9,7 @@ Require Import String.
 From AUXLib Require Import int_auto Axioms Feq Idents List_lemma VMap.
 Require Import SetsClass.SetsClass. Import SetsNotation.
 From SimpleC.SL Require Import CommonAssertion Mem SeparationLogic IntLib.
+Require Import GmpLib.GmpAux.
 Require Import Logic.LogicGenerator.demo932.Interface.
 Local Open Scope Z_scope.
 Local Open Scope sets.
@@ -21,95 +22,11 @@ Local Open Scope sac.
 
 Notation "'UINT_MOD'" := (4294967296).
 
-Module Aux.
-
-Lemma Z_of_nat_succ: forall (n: nat),
-  Z.of_nat (S n) = Z.of_nat n + 1.
-Proof. lia. Qed.
-
-Lemma Zpow_add_1: forall (a b: Z),
-  a >= 0 -> b >= 0 ->
-  a ^ (b + 1) = a ^ b * a.
-Proof.
-  intros.
-  rewrite (Z.pow_add_r a b 1); lia.
-Qed.
-
-Lemma Zmul_mod_cancel: forall (n a b: Z),
-  n >= 0 -> a > 0 -> b >= 0 ->
-  (n * a) mod (a ^ (b + 1)) = a * (n mod (a ^ b)).
-Proof.
-  intros.
-  pose proof (Z_div_mod_eq_full n (a ^ b)).
-  pose proof (Z.mod_bound_pos n (a ^ b) ltac:(lia) ltac:(nia)).
-  remember (n / a ^ b) as q eqn:Hq.
-  remember (n mod a ^ b) as rem eqn:Hrem.
-  rewrite H2.
-  rewrite Z.mul_add_distr_r.
-  rewrite (Z.mul_comm (a ^ b) q); rewrite <-Z.mul_assoc.
-  rewrite <-Zpow_add_1; try lia.
-  assert (0 <= rem * a < a ^ (b + 1)). { 
-    rewrite Zpow_add_1; try lia.
-    nia.
-  }
-  rewrite <-(Zmod_unique_full (q * a ^ (b + 1) + rem * a) (a ^ (b + 1)) q (rem * a)).
-  + lia.
-  + unfold Remainder.
-    lia.
-  + lia.
-Qed.
-
-Lemma Zdiv_mod_pow: forall (n a b: Z),
-  a > 0 -> b >= 0 -> n >= 0 ->
-  (n / a) mod (a ^ b) = (n mod (a ^ (b + 1))) / a.
-Proof.
-  intros.
-  pose proof (Z_div_mod_eq_full n (a ^ (b + 1))).
-  remember (n / (a ^ (b + 1))) as q eqn:Hq.
-  remember (n mod a ^ (b + 1)) as rem eqn:Hrem.
-  assert (n / a = a ^ b * q + rem / a). {
-    rewrite H2.
-    rewrite Zpow_add_1; try lia.
-    pose proof (Z_div_plus_full_l (a ^ b * q) a rem ltac:(lia)).
-    assert (a ^ b * q * a + rem = a ^ b * a * q + rem). { lia. }
-    rewrite H4 in H3.
-    tauto.
-  }
-  apply Znumtheory.Zdivide_mod_minus.
-  + pose proof (Z.mod_bound_pos n (a ^ (b + 1)) ltac:(lia) (Z.pow_pos_nonneg a (b + 1) ltac:(lia) ltac:(lia))).
-    rewrite <-Hrem in H4.
-    rewrite Zpow_add_1 in H4; try lia.
-    pose proof (Z.div_lt_upper_bound rem a (a ^ b) ltac:(lia) ltac:(lia)).
-    split; try lia.
-    apply (Z_div_pos rem a ltac:(lia) ltac:(lia)).
-  + unfold Z.divide.
-    exists q.
-    lia.
-Qed.
-
-Lemma list_app_cons: forall (l1 l2: list Z) (a: Z),
-  app l1 (a :: l2) = app (app l1 (a :: nil)) l2.
-Proof.
-  intros.
-  revert a l2.
-  induction l1.
-  + intros.
-    rewrite app_nil_l.
-    reflexivity.
-  + intros.
-    simpl in *.
-    specialize (IHl1 a0 l2).
-    rewrite IHl1.
-    reflexivity.
-Qed.
-      
-End Aux.
-
 Module Internal.
 
 Definition mpd_store_list (ptr: addr) (data: list Z) (cap: Z): Assertion :=
   [| Zlength data <= cap |] &&
-  store_uint_array ptr (Zlength data) data &&
+  store_uint_array ptr (Zlength data) data **
   store_undef_uint_array_rec ptr ((Zlength data) + 1) cap.
 
 Fixpoint list_to_Z (data: list Z): Z :=
@@ -440,7 +357,7 @@ Record bigint_ent: Type := {
     sign: Prop;
 }.
 
-Definition store_bigint_ent (x: addr) (n: bigint_ent): Asrtion :=
+Definition store_bigint_ent (x: addr) (n: bigint_ent): Assertion :=
     EX size, 
       &(x # "__mpz_struct" ->ₛ "_mp_size") # Int |-> size &&
       ([| size < 0 |] && [| sign n |] && [| size = -Zlength (data n) |] ||