ZYM/MiniGmp-Verification
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(mpz_swap): Proved correctness of mpz_swap. Proved some previously admitted lemmas.

Browse Source
This commit is contained in:
xiaoh105
2025-06-22 21:00:50 +08:00
parent 77ccdd3e50
commit ff1fd68eb1
6 changed files with 795 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
projects/lib/GmpAux.v
View File

@ -25,13 +25,49 @@ Lemma Z_mod_add_carry: forall (a b m: Z),
m > 0 -> 0 <= a < m -> 0 <= b < m ->
(a + b) mod m < b ->
a + b = (a + b) mod m + m.
Proof. Admitted.
Proof.
intros.
pose proof (Z_div_mod_eq_full (a + b) m).
assert (m <= a + b < 2 * m). {
assert (a + b >= m \/ b <= a + b < m). { lia. }
destruct H4.
+ lia.
+ assert ((a + b) mod m = a + b). {
apply Z.mod_small.
lia.
}
lia.
}
assert ((a + b) / m = 1). {
pose proof (Zdiv_le_lower_bound (a + b) m 1 ltac:(lia) ltac:(lia)).
pose proof (Z.div_lt_upper_bound (a + b) m 2 ltac:(lia) ltac:(lia)).
lia.
}
rewrite H5 in H3.
nia.
Qed.
Lemma Z_mod_add_uncarry: forall (a b m: Z),
m > 0 -> 0 <= a < m -> 0 <= b < m ->
(a + b) mod m >= b ->
a + b = (a + b) mod m.
Proof. Admitted.
Proof.
intros.
assert (b <= a + b < m). {
assert (a + b < m \/ m <= a + b < m + b). { lia. }
destruct H3.
+ lia.
+ assert ((a + b) / m = 1). {
pose proof (Zdiv_le_lower_bound (a + b) m 1 ltac:(lia) ltac:(lia)).
pose proof (Z.div_lt_upper_bound (a + b) m 2 ltac:(lia) ltac:(lia)).
lia.
}
pose proof (Z_div_mod_eq_full (a + b) m).
rewrite H4 in H5.
lia.
}
rewrite Z.mod_small; lia.
Qed.
Lemma Z_mod_3add_carry10: forall (a b c m: Z),
m > 0 -> 0 <= a < m -> 0 <= b < m -> 0 <= c < m ->
@ -354,11 +390,6 @@ Proof.
split; tauto.
Qed.
Lemma store_uint_array_rec_def2undef: forall x a b l,
store_uint_array_rec x a b l |--
store_undef_uint_array_rec x a b.
Proof. Admitted.
Lemma store_undef_uint_array_rec_divide: forall x l mid r,
0 <= l <= r ->
l <= mid <= r ->
@ -387,4 +418,45 @@ Proof.
rewrite H1.
split; entailer!.
Qed.
Lemma store_uint_array_rec_def2undef: forall x a b l,
0 <= a <= b ->
store_uint_array_rec x a b l |--
store_undef_uint_array_rec x a b.
Proof.
intros.
revert x a b H.
induction l; intros.
+ unfold store_uint_array_rec.
simpl.
entailer!.
subst.
unfold store_undef_uint_array_rec.
assert (b - b = 0). { lia. }
rewrite H0; clear H0.
simpl.
entailer!.
+ assert (a0 = b \/ a0 < b). { lia. }
destruct H0.
- unfold store_uint_array_rec.
simpl.
sep_apply store_array_rec_false; try lia.
entailer!.
- sep_apply store_uint_array_rec_cons; try lia.
pose proof (store_undef_uint_array_rec_divide x a0 (a0 + 1) b ltac:(lia) ltac:(lia)).
destruct H2 as [_ H2].
rewrite <-H2; clear H2.
specialize (IHl x (a0 + 1) b ltac:(lia)).
sep_apply IHl; entailer!.
assert ((x + a0 * sizeof ( UINT )) # UInt |-> a |--
store_uint_array_rec x a0 (a0 + 1) [a]). {
unfold store_uint_array_rec.
simpl.
entailer!.
}
sep_apply H2; clear H2.
sep_apply store_uint_array_single_to_undef.
entailer!.
Qed.
End Aux.

536
projects/lib/gmp_goal.v
View File

@ -6071,6 +6071,521 @@ forall (n: Z) (u: Z) ,
** ((&((u) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr))
.
(*----- Function mpz_swap -----*)
Definition mpz_swap_return_wit_1_1 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
|--
(store_Z u_pre m )
** (store_Z v_pre n )
.
Definition mpz_swap_return_wit_1_2 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
|--
(store_Z u_pre m )
** (store_Z v_pre n )
.
Definition mpz_swap_return_wit_1_3 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
|--
(store_Z u_pre m )
** (store_Z v_pre n )
.
Definition mpz_swap_return_wit_1_4 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
|--
(store_Z u_pre m )
** (store_Z v_pre n )
.
Definition mpz_swap_partial_solve_wit_1 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) ,
(store_Z u_pre n )
** (store_Z v_pre m )
|--
(store_Z u_pre n )
** (store_Z v_pre m )
.
Definition mpz_swap_partial_solve_wit_2 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) ,
[| (size1 < 0) |]
&& [| (n < 0) |]
&& (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** (store_Z v_pre m )
|--
[| (size1 < 0) |]
&& [| (n < 0) |]
&& (store_Z v_pre m )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_3 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) ,
[| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** (store_Z v_pre m )
|--
[| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (store_Z v_pre m )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_4 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_5 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_6 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_7 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_8 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
.
Definition mpz_swap_partial_solve_wit_9 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
.
Definition mpz_swap_partial_solve_wit_10 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
.
Definition mpz_swap_partial_solve_wit_11 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
.
Definition mpz_swap_partial_solve_wit_12 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
.
Definition mpz_swap_partial_solve_wit_13 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
.
Definition mpz_swap_partial_solve_wit_14 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
.
Definition mpz_swap_partial_solve_wit_15 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
.
Definition mpz_swap_which_implies_wit_1 :=
forall (n: Z) (u: Z) ,
(store_Z u n )
|--
(EX (ptr1: Z) (cap1: Z) (size1: Z) ,
[| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1))
||
(EX (ptr1: Z) (cap1: Z) (size1: Z) ,
[| (size1 < 0) |]
&& [| (n < 0) |]
&& (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1))
.
Definition mpz_swap_which_implies_wit_2 :=
forall (m: Z) (v: Z) ,
(store_Z v m )
|--
(EX (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2))
||
(EX (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2))
.
Module Type VC_Correct.
Axiom proof_of_gmp_abs_safety_wit_1 : gmp_abs_safety_wit_1.
@ -6249,5 +6764,26 @@ Axiom proof_of_mpz_sgn_partial_solve_wit_1 : mpz_sgn_partial_solve_wit_1.
Axiom proof_of_mpz_sgn_partial_solve_wit_2 : mpz_sgn_partial_solve_wit_2.
Axiom proof_of_mpz_sgn_partial_solve_wit_3 : mpz_sgn_partial_solve_wit_3.
Axiom proof_of_mpz_sgn_which_implies_wit_1 : mpz_sgn_which_implies_wit_1.
Axiom proof_of_mpz_swap_return_wit_1_1 : mpz_swap_return_wit_1_1.
Axiom proof_of_mpz_swap_return_wit_1_2 : mpz_swap_return_wit_1_2.
Axiom proof_of_mpz_swap_return_wit_1_3 : mpz_swap_return_wit_1_3.
Axiom proof_of_mpz_swap_return_wit_1_4 : mpz_swap_return_wit_1_4.
Axiom proof_of_mpz_swap_partial_solve_wit_1 : mpz_swap_partial_solve_wit_1.
Axiom proof_of_mpz_swap_partial_solve_wit_2 : mpz_swap_partial_solve_wit_2.
Axiom proof_of_mpz_swap_partial_solve_wit_3 : mpz_swap_partial_solve_wit_3.
Axiom proof_of_mpz_swap_partial_solve_wit_4 : mpz_swap_partial_solve_wit_4.
Axiom proof_of_mpz_swap_partial_solve_wit_5 : mpz_swap_partial_solve_wit_5.
Axiom proof_of_mpz_swap_partial_solve_wit_6 : mpz_swap_partial_solve_wit_6.
Axiom proof_of_mpz_swap_partial_solve_wit_7 : mpz_swap_partial_solve_wit_7.
Axiom proof_of_mpz_swap_partial_solve_wit_8 : mpz_swap_partial_solve_wit_8.
Axiom proof_of_mpz_swap_partial_solve_wit_9 : mpz_swap_partial_solve_wit_9.
Axiom proof_of_mpz_swap_partial_solve_wit_10 : mpz_swap_partial_solve_wit_10.
Axiom proof_of_mpz_swap_partial_solve_wit_11 : mpz_swap_partial_solve_wit_11.
Axiom proof_of_mpz_swap_partial_solve_wit_12 : mpz_swap_partial_solve_wit_12.
Axiom proof_of_mpz_swap_partial_solve_wit_13 : mpz_swap_partial_solve_wit_13.
Axiom proof_of_mpz_swap_partial_solve_wit_14 : mpz_swap_partial_solve_wit_14.
Axiom proof_of_mpz_swap_partial_solve_wit_15 : mpz_swap_partial_solve_wit_15.
Axiom proof_of_mpz_swap_which_implies_wit_1 : mpz_swap_which_implies_wit_1.
Axiom proof_of_mpz_swap_which_implies_wit_2 : mpz_swap_which_implies_wit_2.
End VC_Correct.

45
projects/lib/gmp_proof_auto.v
View File

@ -339,3 +339,48 @@ Proof. Admitted.
Lemma proof_of_mpz_sgn_partial_solve_wit_3 : mpz_sgn_partial_solve_wit_3.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_1 : mpz_swap_partial_solve_wit_1.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_2 : mpz_swap_partial_solve_wit_2.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_3 : mpz_swap_partial_solve_wit_3.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_4 : mpz_swap_partial_solve_wit_4.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_5 : mpz_swap_partial_solve_wit_5.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_6 : mpz_swap_partial_solve_wit_6.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_7 : mpz_swap_partial_solve_wit_7.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_8 : mpz_swap_partial_solve_wit_8.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_9 : mpz_swap_partial_solve_wit_9.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_10 : mpz_swap_partial_solve_wit_10.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_11 : mpz_swap_partial_solve_wit_11.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_12 : mpz_swap_partial_solve_wit_12.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_13 : mpz_swap_partial_solve_wit_13.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_14 : mpz_swap_partial_solve_wit_14.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_15 : mpz_swap_partial_solve_wit_15.
Proof. Admitted.

75
projects/lib/gmp_proof_manual.v
View File

@ -692,7 +692,7 @@ Proof.
entailer!.
rewrite H20.
entailer!.
apply store_uint_array_rec_def2undef.
apply store_uint_array_rec_def2undef; try lia.
assert (Zlength l' = n_pre) by lia.
rewrite <- H7.
tauto.
@ -1261,7 +1261,7 @@ Proof.
entailer!.
rewrite H10.
entailer!.
apply store_uint_array_rec_def2undef.
apply store_uint_array_rec_def2undef; try lia.
rewrite <- H29.
assert (val_a_prefix = val_a). {
rewrite <-H18 in H7.
@ -1722,3 +1722,74 @@ Proof.
Exists ptr cap size.
entailer!.
Qed.
Lemma proof_of_mpz_swap_return_wit_1_1 : mpz_swap_return_wit_1_1.
Proof.
pre_process.
unfold store_Z.
Exists ptr2 cap2 size2.
Exists ptr1 cap1 size1.
Right; Right.
entailer!.
Qed.
Lemma proof_of_mpz_swap_return_wit_1_2 : mpz_swap_return_wit_1_2.
Proof.
pre_process.
subst.
unfold store_Z.
Exists ptr2 cap2 size2.
Exists ptr1 cap1 size1.
Right; Left.
entailer!.
Qed.
Lemma proof_of_mpz_swap_return_wit_1_3 : mpz_swap_return_wit_1_3.
Proof.
pre_process.
unfold store_Z.
Exists ptr2 cap2 size2.
Exists ptr1 cap1 size1.
Left; Right.
entailer!.
Qed.
Lemma proof_of_mpz_swap_return_wit_1_4 : mpz_swap_return_wit_1_4.
Proof.
pre_process.
unfold store_Z.
Exists ptr2 cap2 size2.
Exists ptr1 cap1 size1.
Left; Left.
entailer!.
Qed.
Lemma proof_of_mpz_swap_which_implies_wit_1 : mpz_swap_which_implies_wit_1.
Proof.
pre_process.
unfold store_Z.
Intros ptr cap size.
rewrite orp_sepcon_left.
Split.
+ Right.
Exists ptr cap size.
entailer!.
+ Left.
Exists ptr cap size.
entailer!.
Qed.
Lemma proof_of_mpz_swap_which_implies_wit_2 : mpz_swap_which_implies_wit_2.
Proof.
pre_process.
unfold store_Z.
Intros ptr cap size.
rewrite orp_sepcon_left.
Split.
+ Right.
Exists ptr cap size.
entailer!.
+ Left.
Exists ptr cap size.
entailer!.
Qed.