ZYM/MiniGmp-Verification
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(mpz_swap): Proved correctness of mpz_swap. Proved some previously admitted lemmas.

Browse Source
This commit is contained in:
xiaoh105
2025-06-22 21:00:50 +08:00
parent 77ccdd3e50
commit ff1fd68eb1
6 changed files with 795 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
projects/lib/GmpAux.v
View File

@@ -25,13 +25,49 @@ Lemma Z_mod_add_carry: forall (a b m: Z),
m > 0 -> 0 <= a < m -> 0 <= b < m -> m > 0 -> 0 <= a < m -> 0 <= b < m ->
(a + b) mod m < b -> (a + b) mod m < b ->
a + b = (a + b) mod m + m. a + b = (a + b) mod m + m.
Proof. Admitted. Proof.
intros.
pose proof (Z_div_mod_eq_full (a + b) m).
assert (m <= a + b < 2 * m). {
assert (a + b >= m \/ b <= a + b < m). { lia. }
destruct H4.
+ lia.
+ assert ((a + b) mod m = a + b). {
apply Z.mod_small.
lia.
}
lia.
}
assert ((a + b) / m = 1). {
pose proof (Zdiv_le_lower_bound (a + b) m 1 ltac:(lia) ltac:(lia)).
pose proof (Z.div_lt_upper_bound (a + b) m 2 ltac:(lia) ltac:(lia)).
lia.
}
rewrite H5 in H3.
nia.
Qed.
Lemma Z_mod_add_uncarry: forall (a b m: Z), Lemma Z_mod_add_uncarry: forall (a b m: Z),
m > 0 -> 0 <= a < m -> 0 <= b < m -> m > 0 -> 0 <= a < m -> 0 <= b < m ->
(a + b) mod m >= b -> (a + b) mod m >= b ->
a + b = (a + b) mod m. a + b = (a + b) mod m.
Proof. Admitted. Proof.
intros.
assert (b <= a + b < m). {
assert (a + b < m \/ m <= a + b < m + b). { lia. }
destruct H3.
+ lia.
+ assert ((a + b) / m = 1). {
pose proof (Zdiv_le_lower_bound (a + b) m 1 ltac:(lia) ltac:(lia)).
pose proof (Z.div_lt_upper_bound (a + b) m 2 ltac:(lia) ltac:(lia)).
lia.
}
pose proof (Z_div_mod_eq_full (a + b) m).
rewrite H4 in H5.
lia.
}
rewrite Z.mod_small; lia.
Qed.
Lemma Z_mod_3add_carry10: forall (a b c m: Z), Lemma Z_mod_3add_carry10: forall (a b c m: Z),
m > 0 -> 0 <= a < m -> 0 <= b < m -> 0 <= c < m -> m > 0 -> 0 <= a < m -> 0 <= b < m -> 0 <= c < m ->
@@ -354,11 +390,6 @@ Proof.
split; tauto. split; tauto.
Qed. Qed.
Lemma store_uint_array_rec_def2undef: forall x a b l,
store_uint_array_rec x a b l |--
store_undef_uint_array_rec x a b.
Proof. Admitted.
Lemma store_undef_uint_array_rec_divide: forall x l mid r, Lemma store_undef_uint_array_rec_divide: forall x l mid r,
0 <= l <= r -> 0 <= l <= r ->
l <= mid <= r -> l <= mid <= r ->
@@ -387,4 +418,45 @@ Proof.
rewrite H1. rewrite H1.
split; entailer!. split; entailer!.
Qed. Qed.
Lemma store_uint_array_rec_def2undef: forall x a b l,
0 <= a <= b ->
store_uint_array_rec x a b l |--
store_undef_uint_array_rec x a b.
Proof.
intros.
revert x a b H.
induction l; intros.
+ unfold store_uint_array_rec.
simpl.
entailer!.
subst.
unfold store_undef_uint_array_rec.
assert (b - b = 0). { lia. }
rewrite H0; clear H0.
simpl.
entailer!.
+ assert (a0 = b \/ a0 < b). { lia. }
destruct H0.
- unfold store_uint_array_rec.
simpl.
sep_apply store_array_rec_false; try lia.
entailer!.
- sep_apply store_uint_array_rec_cons; try lia.
pose proof (store_undef_uint_array_rec_divide x a0 (a0 + 1) b ltac:(lia) ltac:(lia)).
destruct H2 as [_ H2].
rewrite <-H2; clear H2.
specialize (IHl x (a0 + 1) b ltac:(lia)).
sep_apply IHl; entailer!.
assert ((x + a0 * sizeof ( UINT )) # UInt |-> a |--
store_uint_array_rec x a0 (a0 + 1) [a]). {
unfold store_uint_array_rec.
simpl.
entailer!.
}
sep_apply H2; clear H2.
sep_apply store_uint_array_single_to_undef.
entailer!.
Qed.
End Aux. End Aux.

536
projects/lib/gmp_goal.v
View File

@@ -6071,6 +6071,521 @@ forall (n: Z) (u: Z) ,
** ((&((u) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr)) ** ((&((u) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr))
. .
(*----- Function mpz_swap -----*)
Definition mpz_swap_return_wit_1_1 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
|--
(store_Z u_pre m )
** (store_Z v_pre n )
.
Definition mpz_swap_return_wit_1_2 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
|--
(store_Z u_pre m )
** (store_Z v_pre n )
.
Definition mpz_swap_return_wit_1_3 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
|--
(store_Z u_pre m )
** (store_Z v_pre n )
.
Definition mpz_swap_return_wit_1_4 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
|--
(store_Z u_pre m )
** (store_Z v_pre n )
.
Definition mpz_swap_partial_solve_wit_1 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) ,
(store_Z u_pre n )
** (store_Z v_pre m )
|--
(store_Z u_pre n )
** (store_Z v_pre m )
.
Definition mpz_swap_partial_solve_wit_2 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) ,
[| (size1 < 0) |]
&& [| (n < 0) |]
&& (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** (store_Z v_pre m )
|--
[| (size1 < 0) |]
&& [| (n < 0) |]
&& (store_Z v_pre m )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_3 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) ,
[| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** (store_Z v_pre m )
|--
[| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (store_Z v_pre m )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_4 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_5 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_6 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_7 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
.
Definition mpz_swap_partial_solve_wit_8 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
.
Definition mpz_swap_partial_solve_wit_9 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
.
Definition mpz_swap_partial_solve_wit_10 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
.
Definition mpz_swap_partial_solve_wit_11 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
.
Definition mpz_swap_partial_solve_wit_12 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
.
Definition mpz_swap_partial_solve_wit_13 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 >= 0) |]
&& [| (n >= 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** (mpd_store_Z_compact ptr1 n size1 cap1 )
.
Definition mpz_swap_partial_solve_wit_14 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
|--
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 m size2 cap2 )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
.
Definition mpz_swap_partial_solve_wit_15 :=
forall (v_pre: Z) (u_pre: Z) (m: Z) (n: Z) (ptr1: Z) (cap1: Z) (size1: Z) (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
|--
[| (size2 < 0) |]
&& [| (m < 0) |]
&& [| (size1 < 0) |]
&& [| (n < 0) |]
&& ((&((u_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((v_pre) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((u_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1)
** ((&((u_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v_pre) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
.
Definition mpz_swap_which_implies_wit_1 :=
forall (n: Z) (u: Z) ,
(store_Z u n )
|--
(EX (ptr1: Z) (cap1: Z) (size1: Z) ,
[| (size1 >= 0) |]
&& [| (n >= 0) |]
&& (mpd_store_Z_compact ptr1 n size1 cap1 )
** ((&((u) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1))
||
(EX (ptr1: Z) (cap1: Z) (size1: Z) ,
[| (size1 < 0) |]
&& [| (n < 0) |]
&& (mpd_store_Z_compact ptr1 (-n) (-size1) cap1 )
** ((&((u) # "__mpz_struct" -> "_mp_size")) # Int |-> size1)
** ((&((u) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap1)
** ((&((u) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr1))
.
Definition mpz_swap_which_implies_wit_2 :=
forall (m: Z) (v: Z) ,
(store_Z v m )
|--
(EX (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 >= 0) |]
&& [| (m >= 0) |]
&& (mpd_store_Z_compact ptr2 m size2 cap2 )
** ((&((v) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2))
||
(EX (ptr2: Z) (cap2: Z) (size2: Z) ,
[| (size2 < 0) |]
&& [| (m < 0) |]
&& (mpd_store_Z_compact ptr2 (-m) (-size2) cap2 )
** ((&((v) # "__mpz_struct" -> "_mp_size")) # Int |-> size2)
** ((&((v) # "__mpz_struct" -> "_mp_alloc")) # Int |-> cap2)
** ((&((v) # "__mpz_struct" -> "_mp_d")) # Ptr |-> ptr2))
.
Module Type VC_Correct. Module Type VC_Correct.
Axiom proof_of_gmp_abs_safety_wit_1 : gmp_abs_safety_wit_1. Axiom proof_of_gmp_abs_safety_wit_1 : gmp_abs_safety_wit_1.
@@ -6249,5 +6764,26 @@ Axiom proof_of_mpz_sgn_partial_solve_wit_1 : mpz_sgn_partial_solve_wit_1.
Axiom proof_of_mpz_sgn_partial_solve_wit_2 : mpz_sgn_partial_solve_wit_2. Axiom proof_of_mpz_sgn_partial_solve_wit_2 : mpz_sgn_partial_solve_wit_2.
Axiom proof_of_mpz_sgn_partial_solve_wit_3 : mpz_sgn_partial_solve_wit_3. Axiom proof_of_mpz_sgn_partial_solve_wit_3 : mpz_sgn_partial_solve_wit_3.
Axiom proof_of_mpz_sgn_which_implies_wit_1 : mpz_sgn_which_implies_wit_1. Axiom proof_of_mpz_sgn_which_implies_wit_1 : mpz_sgn_which_implies_wit_1.
Axiom proof_of_mpz_swap_return_wit_1_1 : mpz_swap_return_wit_1_1.
Axiom proof_of_mpz_swap_return_wit_1_2 : mpz_swap_return_wit_1_2.
Axiom proof_of_mpz_swap_return_wit_1_3 : mpz_swap_return_wit_1_3.
Axiom proof_of_mpz_swap_return_wit_1_4 : mpz_swap_return_wit_1_4.
Axiom proof_of_mpz_swap_partial_solve_wit_1 : mpz_swap_partial_solve_wit_1.
Axiom proof_of_mpz_swap_partial_solve_wit_2 : mpz_swap_partial_solve_wit_2.
Axiom proof_of_mpz_swap_partial_solve_wit_3 : mpz_swap_partial_solve_wit_3.
Axiom proof_of_mpz_swap_partial_solve_wit_4 : mpz_swap_partial_solve_wit_4.
Axiom proof_of_mpz_swap_partial_solve_wit_5 : mpz_swap_partial_solve_wit_5.
Axiom proof_of_mpz_swap_partial_solve_wit_6 : mpz_swap_partial_solve_wit_6.
Axiom proof_of_mpz_swap_partial_solve_wit_7 : mpz_swap_partial_solve_wit_7.
Axiom proof_of_mpz_swap_partial_solve_wit_8 : mpz_swap_partial_solve_wit_8.
Axiom proof_of_mpz_swap_partial_solve_wit_9 : mpz_swap_partial_solve_wit_9.
Axiom proof_of_mpz_swap_partial_solve_wit_10 : mpz_swap_partial_solve_wit_10.
Axiom proof_of_mpz_swap_partial_solve_wit_11 : mpz_swap_partial_solve_wit_11.
Axiom proof_of_mpz_swap_partial_solve_wit_12 : mpz_swap_partial_solve_wit_12.
Axiom proof_of_mpz_swap_partial_solve_wit_13 : mpz_swap_partial_solve_wit_13.
Axiom proof_of_mpz_swap_partial_solve_wit_14 : mpz_swap_partial_solve_wit_14.
Axiom proof_of_mpz_swap_partial_solve_wit_15 : mpz_swap_partial_solve_wit_15.
Axiom proof_of_mpz_swap_which_implies_wit_1 : mpz_swap_which_implies_wit_1.
Axiom proof_of_mpz_swap_which_implies_wit_2 : mpz_swap_which_implies_wit_2.
End VC_Correct. End VC_Correct.

45
projects/lib/gmp_proof_auto.v
View File

@@ -339,3 +339,48 @@ Proof. Admitted.
Lemma proof_of_mpz_sgn_partial_solve_wit_3 : mpz_sgn_partial_solve_wit_3. Lemma proof_of_mpz_sgn_partial_solve_wit_3 : mpz_sgn_partial_solve_wit_3.
Proof. Admitted. Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_1 : mpz_swap_partial_solve_wit_1.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_2 : mpz_swap_partial_solve_wit_2.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_3 : mpz_swap_partial_solve_wit_3.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_4 : mpz_swap_partial_solve_wit_4.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_5 : mpz_swap_partial_solve_wit_5.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_6 : mpz_swap_partial_solve_wit_6.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_7 : mpz_swap_partial_solve_wit_7.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_8 : mpz_swap_partial_solve_wit_8.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_9 : mpz_swap_partial_solve_wit_9.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_10 : mpz_swap_partial_solve_wit_10.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_11 : mpz_swap_partial_solve_wit_11.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_12 : mpz_swap_partial_solve_wit_12.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_13 : mpz_swap_partial_solve_wit_13.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_14 : mpz_swap_partial_solve_wit_14.
Proof. Admitted.
Lemma proof_of_mpz_swap_partial_solve_wit_15 : mpz_swap_partial_solve_wit_15.
Proof. Admitted.

75
projects/lib/gmp_proof_manual.v
View File

@@ -692,7 +692,7 @@ Proof.
entailer!. entailer!.
rewrite H20. rewrite H20.
entailer!. entailer!.
apply store_uint_array_rec_def2undef. apply store_uint_array_rec_def2undef; try lia.
assert (Zlength l' = n_pre) by lia. assert (Zlength l' = n_pre) by lia.
rewrite <- H7. rewrite <- H7.
tauto. tauto.
@@ -1261,7 +1261,7 @@ Proof.
entailer!. entailer!.
rewrite H10. rewrite H10.
entailer!. entailer!.
apply store_uint_array_rec_def2undef. apply store_uint_array_rec_def2undef; try lia.
rewrite <- H29. rewrite <- H29.
assert (val_a_prefix = val_a). { assert (val_a_prefix = val_a). {
rewrite <-H18 in H7. rewrite <-H18 in H7.
@@ -1722,3 +1722,74 @@ Proof.
Exists ptr cap size. Exists ptr cap size.
entailer!. entailer!.
Qed. Qed.
Lemma proof_of_mpz_swap_return_wit_1_1 : mpz_swap_return_wit_1_1.
Proof.
pre_process.
unfold store_Z.
Exists ptr2 cap2 size2.
Exists ptr1 cap1 size1.
Right; Right.
entailer!.
Qed.
Lemma proof_of_mpz_swap_return_wit_1_2 : mpz_swap_return_wit_1_2.
Proof.
pre_process.
subst.
unfold store_Z.
Exists ptr2 cap2 size2.
Exists ptr1 cap1 size1.
Right; Left.
entailer!.
Qed.
Lemma proof_of_mpz_swap_return_wit_1_3 : mpz_swap_return_wit_1_3.
Proof.
pre_process.
unfold store_Z.
Exists ptr2 cap2 size2.
Exists ptr1 cap1 size1.
Left; Right.
entailer!.
Qed.
Lemma proof_of_mpz_swap_return_wit_1_4 : mpz_swap_return_wit_1_4.
Proof.
pre_process.
unfold store_Z.
Exists ptr2 cap2 size2.
Exists ptr1 cap1 size1.
Left; Left.
entailer!.
Qed.
Lemma proof_of_mpz_swap_which_implies_wit_1 : mpz_swap_which_implies_wit_1.
Proof.
pre_process.
unfold store_Z.
Intros ptr cap size.
rewrite orp_sepcon_left.
Split.
+ Right.
Exists ptr cap size.
entailer!.
+ Left.
Exists ptr cap size.
entailer!.
Qed.
Lemma proof_of_mpz_swap_which_implies_wit_2 : mpz_swap_which_implies_wit_2.
Proof.
pre_process.
unfold store_Z.
Intros ptr cap size.
rewrite orp_sepcon_left.
Split.
+ Right.
Exists ptr cap size.
entailer!.
+ Left.
Exists ptr cap size.
entailer!.
Qed.

41
projects/mini-gmp.c
View File

@@ -569,13 +569,44 @@ mpz_sgn (const mpz_t u)
return gmp_cmp (u->_mp_size, 0); return gmp_cmp (u->_mp_size, 0);
} }
/*void void
mpz_swap (mpz_t u, mpz_t v) mpz_swap (mpz_t u, mpz_t v)
/*@
With
n m
Require
store_Z(u, n) * store_Z(v, m)
Ensure
store_Z(u@pre, m) * store_Z(v@pre, n)
*/
{ {
int_swap (u->_mp_alloc, v->_mp_alloc); /*@
mp_ptr_swap(u->_mp_d, v->_mp_d); store_Z(u, n)
int_swap (u->_mp_size, v->_mp_size); which implies
}*/ exists ptr1 cap1 size1,
(size1 < 0 && n < 0 && mpd_store_Z_compact(ptr1, -n, -size1, cap1) ||
size1 >= 0 && n >= 0 && mpd_store_Z_compact(ptr1, n, size1, cap1)) &&
u->_mp_size == size1 &&
u->_mp_alloc == cap1 &&
u->_mp_d == ptr1
*/
/*@
store_Z(v, m)
which implies
exists ptr2 cap2 size2,
(size2 < 0 && m < 0 && mpd_store_Z_compact(ptr2, -m, -size2, cap2) ||
size2 >= 0 && m >= 0 && mpd_store_Z_compact(ptr2, m, size2, cap2)) &&
v->_mp_size == size2 &&
v->_mp_alloc == cap2 &&
v->_mp_d == ptr2
*/
/*@
Given ptr1 cap1 size1 ptr2 cap2 size2
*/
int_swap (&u->_mp_alloc, &v->_mp_alloc);
mp_ptr_swap(&u->_mp_d, &v->_mp_d);
int_swap (&u->_mp_size, &v->_mp_size);
}
/* MPZ addition and subtraction */ /* MPZ addition and subtraction */

32
projects/mini-gmp.h
View File

@@ -30,18 +30,38 @@ typedef const __mpz_struct *mpz_srcptr;
/* BEGIN Given Functions */ /* BEGIN Given Functions */
/* Swap functions. */ /* Swap functions. */
void int_swap(int x, int y) void int_swap(int *x, int *y)
/*@ /*@
With
px py
Require Require
emp *x == px && *y == py
Ensure Ensure
x == y@pre && y == x@pre *x@pre == py && *y@pre == px
*/ */
; ;
void mp_ptr_swap(unsigned int *x, unsigned int *y); void mp_ptr_swap(unsigned int **x, unsigned int **y)
/*@
With
px py
Require
*x == px && *y == py
Ensure
*x@pre == py && *y@pre == px
*/
;
void mpz_srcptr_swap(mpz_srcptr x, mpz_srcptr y); void mpz_srcptr_swap(mpz_srcptr *x, mpz_srcptr *y)
/*@
With
px py
Require
*x == px && *y == py
Ensure
*x@pre == py && *y@pre == px
*/
;
/* Memory allocation functions. */ /* Memory allocation functions. */
static unsigned int * static unsigned int *
@@ -96,7 +116,7 @@ void mpz_clear (mpz_t r);
int mpz_sgn (const mpz_t u); int mpz_sgn (const mpz_t u);
void mpz_neg (mpz_t, const mpz_t); void mpz_neg (mpz_t, const mpz_t);
void mpz_swap (mpz_t, mpz_t); void mpz_swap (mpz_t u, mpz_t v);
void mpz_add (mpz_t, const mpz_t, const mpz_t); void mpz_add (mpz_t, const mpz_t, const mpz_t);
void mpz_sub (mpz_t, const mpz_t, const mpz_t); void mpz_sub (mpz_t, const mpz_t, const mpz_t);