diff --git a/projects/lib/GmpAux.v b/projects/lib/GmpAux.v index 640cbaa..8bdd8d1 100755 --- a/projects/lib/GmpAux.v +++ b/projects/lib/GmpAux.v @@ -25,13 +25,49 @@ Lemma Z_mod_add_carry: forall (a b m: Z), m > 0 -> 0 <= a < m -> 0 <= b < m -> (a + b) mod m < b -> a + b = (a + b) mod m + m. -Proof. Admitted. +Proof. + intros. + pose proof (Z_div_mod_eq_full (a + b) m). + assert (m <= a + b < 2 * m). { + assert (a + b >= m \/ b <= a + b < m). { lia. } + destruct H4. + + lia. + + assert ((a + b) mod m = a + b). { + apply Z.mod_small. + lia. + } + lia. + } + assert ((a + b) / m = 1). { + pose proof (Zdiv_le_lower_bound (a + b) m 1 ltac:(lia) ltac:(lia)). + pose proof (Z.div_lt_upper_bound (a + b) m 2 ltac:(lia) ltac:(lia)). + lia. + } + rewrite H5 in H3. + nia. +Qed. Lemma Z_mod_add_uncarry: forall (a b m: Z), m > 0 -> 0 <= a < m -> 0 <= b < m -> (a + b) mod m >= b -> a + b = (a + b) mod m. -Proof. Admitted. +Proof. + intros. + assert (b <= a + b < m). { + assert (a + b < m \/ m <= a + b < m + b). { lia. } + destruct H3. + + lia. + + assert ((a + b) / m = 1). { + pose proof (Zdiv_le_lower_bound (a + b) m 1 ltac:(lia) ltac:(lia)). + pose proof (Z.div_lt_upper_bound (a + b) m 2 ltac:(lia) ltac:(lia)). + lia. + } + pose proof (Z_div_mod_eq_full (a + b) m). + rewrite H4 in H5. + lia. + } + rewrite Z.mod_small; lia. +Qed. Lemma Z_mod_3add_carry10: forall (a b c m: Z), m > 0 -> 0 <= a < m -> 0 <= b < m -> 0 <= c < m -> @@ -354,11 +390,6 @@ Proof. split; tauto. Qed. -Lemma store_uint_array_rec_def2undef: forall x a b l, - store_uint_array_rec x a b l |-- - store_undef_uint_array_rec x a b. -Proof. Admitted. - Lemma store_undef_uint_array_rec_divide: forall x l mid r, 0 <= l <= r -> l <= mid <= r -> @@ -387,4 +418,45 @@ Proof. rewrite H1. split; entailer!. Qed. + +Lemma store_uint_array_rec_def2undef: forall x a b l, + 0 <= a <= b -> + store_uint_array_rec x a b l |-- + store_undef_uint_array_rec x a b. +Proof. + intros. + revert x a b H. + induction l; intros. + + unfold store_uint_array_rec. + simpl. + entailer!. + subst. + unfold store_undef_uint_array_rec. + assert (b - b = 0). { lia. } + rewrite H0; clear H0. + simpl. + entailer!. + + assert (a0 = b \/ a0 < b). { lia. } + destruct H0. + - unfold store_uint_array_rec. + simpl. + sep_apply store_array_rec_false; try lia. + entailer!. + - sep_apply store_uint_array_rec_cons; try lia. + pose proof (store_undef_uint_array_rec_divide x a0 (a0 + 1) b ltac:(lia) ltac:(lia)). + destruct H2 as [_ H2]. + rewrite <-H2; clear H2. + specialize (IHl x (a0 + 1) b ltac:(lia)). + sep_apply IHl; entailer!. + assert ((x + a0 * sizeof ( UINT )) # UInt |-> a |-- + store_uint_array_rec x a0 (a0 + 1) [a]). { + unfold store_uint_array_rec. + simpl. + entailer!. + } + sep_apply H2; clear H2. + sep_apply store_uint_array_single_to_undef. + entailer!. +Qed. + End Aux. \ No newline at end of file diff --git a/projects/lib/gmp_goal.v b/projects/lib/gmp_goal.v index ce71dac..779f75b 100755 --- a/projects/lib/gmp_goal.v +++ b/projects/lib/gmp_goal.v @@ -6071,6 +6071,521 @@ forall (n: Z) (u: Z) , ** ((&((u) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr)) . +(*----- Function mpz_swap -----*) + +Definition mpz_swap_return_wit_1_1 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) +|-- + (store_Z u_pre m ) + ** (store_Z v_pre n ) +. + +Definition mpz_swap_return_wit_1_2 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) +|-- + (store_Z u_pre m ) + ** (store_Z v_pre n ) +. + +Definition mpz_swap_return_wit_1_3 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) +|-- + (store_Z u_pre m ) + ** (store_Z v_pre n ) +. + +Definition mpz_swap_return_wit_1_4 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) +|-- + (store_Z u_pre m ) + ** (store_Z v_pre n ) +. + +Definition mpz_swap_partial_solve_wit_1 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) , + (store_Z u_pre n ) + ** (store_Z v_pre m ) +|-- + (store_Z u_pre n ) + ** (store_Z v_pre m ) +. + +Definition mpz_swap_partial_solve_wit_2 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) , + [| (size1 < 0) |] + && [| (n < 0) |] + && (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** (store_Z v_pre m ) +|-- + [| (size1 < 0) |] + && [| (n < 0) |] + && (store_Z v_pre m ) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +. + +Definition mpz_swap_partial_solve_wit_3 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) , + [| (size1 >= 0) |] + && [| (n >= 0) |] + && (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** (store_Z v_pre m ) +|-- + [| (size1 >= 0) |] + && [| (n >= 0) |] + && (store_Z v_pre m ) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +. + +Definition mpz_swap_partial_solve_wit_4 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +|-- + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +. + +Definition mpz_swap_partial_solve_wit_5 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +|-- + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +. + +Definition mpz_swap_partial_solve_wit_6 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +|-- + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +. + +Definition mpz_swap_partial_solve_wit_7 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +|-- + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +. + +Definition mpz_swap_partial_solve_wit_8 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +|-- + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) +. + +Definition mpz_swap_partial_solve_wit_9 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +|-- + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) +. + +Definition mpz_swap_partial_solve_wit_10 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +|-- + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) +. + +Definition mpz_swap_partial_solve_wit_11 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) +|-- + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) +. + +Definition mpz_swap_partial_solve_wit_12 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) +|-- + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) +. + +Definition mpz_swap_partial_solve_wit_13 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) +|-- + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 >= 0) |] + && [| (n >= 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** (mpd_store_Z_compact ptr1 n size1 cap1 ) +. + +Definition mpz_swap_partial_solve_wit_14 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) +|-- + [| (size2 >= 0) |] + && [| (m >= 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) +. + +Definition mpz_swap_partial_solve_wit_15 := +forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) +|-- + [| (size2 < 0) |] + && [| (m < 0) |] + && [| (size1 < 0) |] + && [| (n < 0) |] + && ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1) + ** ((&((u_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v_pre) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) +. + +Definition mpz_swap_which_implies_wit_1 := +forall (n: Z) (u: Z) , + (store_Z u n ) +|-- + (EX (ptr1: Z) (cap1: Z) (size1: Z) , + [| (size1 >= 0) |] + && [| (n >= 0) |] + && (mpd_store_Z_compact ptr1 n size1 cap1 ) + ** ((&((u) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1)) + || + (EX (ptr1: Z) (cap1: Z) (size1: Z) , + [| (size1 < 0) |] + && [| (n < 0) |] + && (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 ) + ** ((&((u) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size1) + ** ((&((u) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap1) + ** ((&((u) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr1)) +. + +Definition mpz_swap_which_implies_wit_2 := +forall (m: Z) (v: Z) , + (store_Z v m ) +|-- + (EX (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 >= 0) |] + && [| (m >= 0) |] + && (mpd_store_Z_compact ptr2 m size2 cap2 ) + ** ((&((v) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2)) + || + (EX (ptr2: Z) (cap2: Z) (size2: Z) , + [| (size2 < 0) |] + && [| (m < 0) |] + && (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 ) + ** ((&((v) # "__mpz_struct" ->ₛ "_mp_size")) # Int |-> size2) + ** ((&((v) # "__mpz_struct" ->ₛ "_mp_alloc")) # Int |-> cap2) + ** ((&((v) # "__mpz_struct" ->ₛ "_mp_d")) # Ptr |-> ptr2)) +. + Module Type VC_Correct. Axiom proof_of_gmp_abs_safety_wit_1 : gmp_abs_safety_wit_1. @@ -6249,5 +6764,26 @@ Axiom proof_of_mpz_sgn_partial_solve_wit_1 : mpz_sgn_partial_solve_wit_1. Axiom proof_of_mpz_sgn_partial_solve_wit_2 : mpz_sgn_partial_solve_wit_2. Axiom proof_of_mpz_sgn_partial_solve_wit_3 : mpz_sgn_partial_solve_wit_3. Axiom proof_of_mpz_sgn_which_implies_wit_1 : mpz_sgn_which_implies_wit_1. +Axiom proof_of_mpz_swap_return_wit_1_1 : mpz_swap_return_wit_1_1. +Axiom proof_of_mpz_swap_return_wit_1_2 : mpz_swap_return_wit_1_2. +Axiom proof_of_mpz_swap_return_wit_1_3 : mpz_swap_return_wit_1_3. +Axiom proof_of_mpz_swap_return_wit_1_4 : mpz_swap_return_wit_1_4. +Axiom proof_of_mpz_swap_partial_solve_wit_1 : mpz_swap_partial_solve_wit_1. +Axiom proof_of_mpz_swap_partial_solve_wit_2 : mpz_swap_partial_solve_wit_2. +Axiom proof_of_mpz_swap_partial_solve_wit_3 : mpz_swap_partial_solve_wit_3. +Axiom proof_of_mpz_swap_partial_solve_wit_4 : mpz_swap_partial_solve_wit_4. +Axiom proof_of_mpz_swap_partial_solve_wit_5 : mpz_swap_partial_solve_wit_5. +Axiom proof_of_mpz_swap_partial_solve_wit_6 : mpz_swap_partial_solve_wit_6. +Axiom proof_of_mpz_swap_partial_solve_wit_7 : mpz_swap_partial_solve_wit_7. +Axiom proof_of_mpz_swap_partial_solve_wit_8 : mpz_swap_partial_solve_wit_8. +Axiom proof_of_mpz_swap_partial_solve_wit_9 : mpz_swap_partial_solve_wit_9. +Axiom proof_of_mpz_swap_partial_solve_wit_10 : mpz_swap_partial_solve_wit_10. +Axiom proof_of_mpz_swap_partial_solve_wit_11 : mpz_swap_partial_solve_wit_11. +Axiom proof_of_mpz_swap_partial_solve_wit_12 : mpz_swap_partial_solve_wit_12. +Axiom proof_of_mpz_swap_partial_solve_wit_13 : mpz_swap_partial_solve_wit_13. +Axiom proof_of_mpz_swap_partial_solve_wit_14 : mpz_swap_partial_solve_wit_14. +Axiom proof_of_mpz_swap_partial_solve_wit_15 : mpz_swap_partial_solve_wit_15. +Axiom proof_of_mpz_swap_which_implies_wit_1 : mpz_swap_which_implies_wit_1. +Axiom proof_of_mpz_swap_which_implies_wit_2 : mpz_swap_which_implies_wit_2. End VC_Correct. diff --git a/projects/lib/gmp_proof_auto.v b/projects/lib/gmp_proof_auto.v index 91ba3d5..7cbae94 100755 --- a/projects/lib/gmp_proof_auto.v +++ b/projects/lib/gmp_proof_auto.v @@ -339,3 +339,48 @@ Proof. Admitted. Lemma proof_of_mpz_sgn_partial_solve_wit_3 : mpz_sgn_partial_solve_wit_3. Proof. Admitted. +Lemma proof_of_mpz_swap_partial_solve_wit_1 : mpz_swap_partial_solve_wit_1. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_2 : mpz_swap_partial_solve_wit_2. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_3 : mpz_swap_partial_solve_wit_3. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_4 : mpz_swap_partial_solve_wit_4. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_5 : mpz_swap_partial_solve_wit_5. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_6 : mpz_swap_partial_solve_wit_6. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_7 : mpz_swap_partial_solve_wit_7. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_8 : mpz_swap_partial_solve_wit_8. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_9 : mpz_swap_partial_solve_wit_9. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_10 : mpz_swap_partial_solve_wit_10. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_11 : mpz_swap_partial_solve_wit_11. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_12 : mpz_swap_partial_solve_wit_12. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_13 : mpz_swap_partial_solve_wit_13. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_14 : mpz_swap_partial_solve_wit_14. +Proof. Admitted. + +Lemma proof_of_mpz_swap_partial_solve_wit_15 : mpz_swap_partial_solve_wit_15. +Proof. Admitted. + diff --git a/projects/lib/gmp_proof_manual.v b/projects/lib/gmp_proof_manual.v index 5c88acf..c9c2d2d 100755 --- a/projects/lib/gmp_proof_manual.v +++ b/projects/lib/gmp_proof_manual.v @@ -692,7 +692,7 @@ Proof. entailer!. rewrite H20. entailer!. - apply store_uint_array_rec_def2undef. + apply store_uint_array_rec_def2undef; try lia. assert (Zlength l' = n_pre) by lia. rewrite <- H7. tauto. @@ -1261,7 +1261,7 @@ Proof. entailer!. rewrite H10. entailer!. - apply store_uint_array_rec_def2undef. + apply store_uint_array_rec_def2undef; try lia. rewrite <- H29. assert (val_a_prefix = val_a). { rewrite <-H18 in H7. @@ -1722,3 +1722,74 @@ Proof. Exists ptr cap size. entailer!. Qed. + +Lemma proof_of_mpz_swap_return_wit_1_1 : mpz_swap_return_wit_1_1. +Proof. + pre_process. + unfold store_Z. + Exists ptr2 cap2 size2. + Exists ptr1 cap1 size1. + Right; Right. + entailer!. +Qed. + +Lemma proof_of_mpz_swap_return_wit_1_2 : mpz_swap_return_wit_1_2. +Proof. + pre_process. + subst. + unfold store_Z. + Exists ptr2 cap2 size2. + Exists ptr1 cap1 size1. + Right; Left. + entailer!. +Qed. + +Lemma proof_of_mpz_swap_return_wit_1_3 : mpz_swap_return_wit_1_3. +Proof. + pre_process. + unfold store_Z. + Exists ptr2 cap2 size2. + Exists ptr1 cap1 size1. + Left; Right. + entailer!. +Qed. + +Lemma proof_of_mpz_swap_return_wit_1_4 : mpz_swap_return_wit_1_4. +Proof. + pre_process. + unfold store_Z. + Exists ptr2 cap2 size2. + Exists ptr1 cap1 size1. + Left; Left. + entailer!. +Qed. + +Lemma proof_of_mpz_swap_which_implies_wit_1 : mpz_swap_which_implies_wit_1. +Proof. + pre_process. + unfold store_Z. + Intros ptr cap size. + rewrite orp_sepcon_left. + Split. + + Right. + Exists ptr cap size. + entailer!. + + Left. + Exists ptr cap size. + entailer!. +Qed. + +Lemma proof_of_mpz_swap_which_implies_wit_2 : mpz_swap_which_implies_wit_2. +Proof. + pre_process. + unfold store_Z. + Intros ptr cap size. + rewrite orp_sepcon_left. + Split. + + Right. + Exists ptr cap size. + entailer!. + + Left. + Exists ptr cap size. + entailer!. +Qed. \ No newline at end of file diff --git a/projects/mini-gmp.c b/projects/mini-gmp.c index fa44022..5ba45f6 100755 --- a/projects/mini-gmp.c +++ b/projects/mini-gmp.c @@ -569,13 +569,44 @@ mpz_sgn (const mpz_t u) return gmp_cmp (u->_mp_size, 0); } -/*void +void mpz_swap (mpz_t u, mpz_t v) +/*@ + With + n m + Require + store_Z(u, n) * store_Z(v, m) + Ensure + store_Z(u@pre, m) * store_Z(v@pre, n) +*/ { - int_swap (u->_mp_alloc, v->_mp_alloc); - mp_ptr_swap(u->_mp_d, v->_mp_d); - int_swap (u->_mp_size, v->_mp_size); -}*/ + /*@ + store_Z(u, n) + which implies + exists ptr1 cap1 size1, + (size1 < 0 && n < 0 && mpd_store_Z_compact(ptr1, -n, -size1, cap1) || + size1 >= 0 && n >= 0 && mpd_store_Z_compact(ptr1, n, size1, cap1)) && + u->_mp_size == size1 && + u->_mp_alloc == cap1 && + u->_mp_d == ptr1 + */ + /*@ + store_Z(v, m) + which implies + exists ptr2 cap2 size2, + (size2 < 0 && m < 0 && mpd_store_Z_compact(ptr2, -m, -size2, cap2) || + size2 >= 0 && m >= 0 && mpd_store_Z_compact(ptr2, m, size2, cap2)) && + v->_mp_size == size2 && + v->_mp_alloc == cap2 && + v->_mp_d == ptr2 + */ + /*@ + Given ptr1 cap1 size1 ptr2 cap2 size2 + */ + int_swap (&u->_mp_alloc, &v->_mp_alloc); + mp_ptr_swap(&u->_mp_d, &v->_mp_d); + int_swap (&u->_mp_size, &v->_mp_size); +} /* MPZ addition and subtraction */ diff --git a/projects/mini-gmp.h b/projects/mini-gmp.h index 84f2deb..72670bb 100755 --- a/projects/mini-gmp.h +++ b/projects/mini-gmp.h @@ -30,18 +30,38 @@ typedef const __mpz_struct *mpz_srcptr; /* BEGIN Given Functions */ /* Swap functions. */ -void int_swap(int x, int y) +void int_swap(int *x, int *y) /*@ + With + px py Require - emp + *x == px && *y == py Ensure - x == y@pre && y == x@pre + *x@pre == py && *y@pre == px */ ; -void mp_ptr_swap(unsigned int *x, unsigned int *y); +void mp_ptr_swap(unsigned int **x, unsigned int **y) +/*@ + With + px py + Require + *x == px && *y == py + Ensure + *x@pre == py && *y@pre == px +*/ +; -void mpz_srcptr_swap(mpz_srcptr x, mpz_srcptr y); +void mpz_srcptr_swap(mpz_srcptr *x, mpz_srcptr *y) +/*@ + With + px py + Require + *x == px && *y == py + Ensure + *x@pre == py && *y@pre == px +*/ +; /* Memory allocation functions. */ static unsigned int * @@ -96,7 +116,7 @@ void mpz_clear (mpz_t r); int mpz_sgn (const mpz_t u); void mpz_neg (mpz_t, const mpz_t); -void mpz_swap (mpz_t, mpz_t); +void mpz_swap (mpz_t u, mpz_t v); void mpz_add (mpz_t, const mpz_t, const mpz_t); void mpz_sub (mpz_t, const mpz_t, const mpz_t);