feat(normalized_size): Proved correctness of mpd_normalized_size. Fix minor bugs in previous proves.

2025-06-12 22:11:54 +08:00
parent f7432dca84
commit 257241df90
6 changed files with 643 additions and 81 deletions
--- a/projects/lib/gmp_proof_manual.v
+++ b/projects/lib/gmp_proof_manual.v
@ -134,14 +134,14 @@ Proof.
    unfold store_uint_array, store_array.
    simpl.
    entailer!.
-  + pose proof (Aux.store_uarray_rec_equals_store_uarray d 0 i (sublist 0 i l) ltac:(lia)).
+  + pose proof (Aux.uint_array_rec_to_uint_array d 0 i (sublist 0 i l) ltac:(lia)).
    destruct H4 as [_ H4].
    assert (d + sizeof(UINT) * 0 = d). { lia. }
    rewrite H5 in H4; clear H5.
    assert (i - 0 = i). { lia. }
    rewrite H5 in H4; clear H5.
    sep_apply H4; clear H4.
-    pose proof (Aux.store_uarray_rec_equals_store_uarray d 0 (i + 1) (sublist 0 i l ++ z :: nil) ltac:(lia)).
+    pose proof (Aux.uint_array_rec_to_uint_array d 0 (i + 1) (sublist 0 i l ++ z :: nil) ltac:(lia)).
    destruct H4 as [H4 _].
    assert (i + 1 - 0 = i + 1). { lia. }
    rewrite H5 in H4; clear H5.
@ -151,11 +151,6 @@ Proof.
    sep_apply store_uint_array_rec_tail_merge; [ reflexivity | lia ].
 Qed.

-Lemma proof_of_mpn_cmp_safety_wit_1 : mpn_cmp_safety_wit_1.
-Proof.
-  pre_process.
-Qed.
-
 Lemma proof_of_mpn_cmp_entail_wit_1 : mpn_cmp_entail_wit_1.
 Proof.
  pre_process.
@ -296,4 +291,123 @@ Proof.
  Intros l1 l2.
  Exists l1 l2.
  entailer!.
+Qed.
+
+Lemma proof_of_mpn_normalized_size_entail_wit_2 : mpn_normalized_size_entail_wit_2.
+Proof.
+  pre_process.
+  entailer!.
+  + pose proof (store_uint_array_divide_rec 
+      xp_pre n (sublist 0 n l) (n - 1) ltac:(lia)).
+    rewrite (Zlength_sublist0 n l ltac:(lia)) in H12.
+    specialize (H12 ltac:(lia)).
+    destruct H12 as [H12 _].
+    rewrite H12; clear H12.
+    rewrite (sublist_sublist00 (n - 1) n l ltac:(lia)).
+    rewrite (sublist_sublist0 n n (n - 1) l ltac:(lia) ltac:(lia)).
+    pose proof (Aux.uint_array_rec_to_uint_array xp_pre 0 (n - 1) (sublist 0 (n - 1) l) ltac:(lia)).
+    destruct H12 as [H12 _].
+    rewrite Z.mul_0_r, Z.add_0_r, Z.sub_0_r in H12.
+    rewrite H12; clear H12.
+    entailer!.
+    assert (n - 1 < Z.of_nat (Datatypes.length l)). {
+      rewrite <-Zlength_correct.
+      lia.
+    }
+    pose proof (sublist_single (n - 1) l 0 ltac:(lia)).
+    clear H12.
+    pose proof (Aux.store_uint_array_single_to_undef xp_pre (n - 1) (Znth (n - 1) l 0)).
+    assert (n - 1 + 1 = n). { lia. }
+    rewrite H14 in H12, H13; clear H14.
+    rewrite H13, H12; clear H13 H12.
+    pose proof (Aux.store_undef_uint_array_rec_divide xp_pre (n - 1) n cap ltac:(lia) ltac:(lia)).
+    rewrite <-H12.
+    entailer!.
+  + assert (n <= Z.of_nat (Datatypes.length l)). {
+      rewrite <-Zlength_correct.
+      lia.
+    }
+    pose proof (sublist_split 0 n (n - 1) l ltac:(lia) ltac:(lia)).
+    clear H12.
+    rewrite H13 in H6.
+    apply (list_store_Z_split) in H6; destruct H6.
+    assert (Z.of_nat (Datatypes.length l) = Zlength l). {
+      rewrite (Zlength_correct l); reflexivity.
+    }
+    pose proof (sublist_single (n - 1) l 0 ltac:(lia)).
+    assert (n - 1 + 1 = n). { lia. }
+    rewrite H16 in H15; clear H16.
+    rewrite H15 in H12.
+    unfold list_store_Z in H12; destruct H12.
+    simpl in H12.
+    rewrite Znth_sublist0 in H; try lia.
+    rewrite H in H12.
+    rewrite (Zlength_sublist0 (n - 1) l) in *; try lia.
+    pose proof (Z_div_mod_eq_full val (UINT_MOD ^ (n - 1))).
+    rewrite <-H12, Z.mul_0_r, Z.add_0_l in H17.
+    rewrite <-H17 in H6.
+    tauto.
+Qed.
+
+Lemma proof_of_mpn_normalized_size_return_wit_1_1 : mpn_normalized_size_return_wit_1_1.
+Proof.
+  pre_process.
+  assert (n = 0). { lia. }
+  clear H H0.
+  rewrite H11 in *.
+  unfold mpd_store_Z_compact, mpd_store_list.
+  Exists nil.
+  entailer!.
+  + rewrite Zlength_nil.
+    lia.
+  + unfold list_store_Z_compact.
+    simpl.
+    rewrite sublist_nil in H5; try lia.
+    unfold list_store_Z in H5; simpl in H5.
+    destruct H5.
+    lia.
+Qed.
+
+Lemma proof_of_mpn_normalized_size_return_wit_1_2 : mpn_normalized_size_return_wit_1_2.
+Proof.
+  pre_process.
+  unfold mpd_store_Z_compact, mpd_store_list.
+  Exists (sublist 0 n l).
+  entailer!.
+  + rewrite Zlength_sublist0; try lia.
+    entailer!.
+  + rewrite Zlength_sublist0; lia.
+  + rewrite Zlength_sublist0; lia.
+  + unfold list_store_Z_compact.
+    unfold list_store_Z in H6.
+    destruct H6.
+    rewrite Aux.list_last_to_Znth.
+    - rewrite Zlength_sublist0; try lia.
+      repeat split; try tauto.
+      pose proof (list_within_bound_Znth (sublist 0 n l) (n - 1)).
+      rewrite Zlength_sublist0 in H13; try lia.
+      specialize (H13 ltac:(lia) H12).
+      lia.
+    - assert (sublist 0 n l = nil \/ sublist 0 n l <> nil). { tauto. }
+      destruct H13.
+      * pose proof (Zlength_sublist0 n l ltac:(lia)).
+        rewrite H13 in H14.
+        rewrite Zlength_nil in H14.
+        lia.
+      * tauto.
+Qed.
+
+Lemma proof_of_mpn_normalized_size_which_implies_wit_1 : mpn_normalized_size_which_implies_wit_1.
+Proof. 
+  pre_process.
+  unfold mpd_store_Z.
+  Intros l.
+  Exists l.
+  unfold mpd_store_list.
+  entailer!.
+  + rewrite H0.
+    rewrite sublist_self; try lia.
+    entailer!.
+  + rewrite sublist_self; try lia.
+    tauto.
 Qed.