theorem Int.bmod_eq_of_ge_and_le (z : ℤ) (m : ℕ) (hlower_bound : ↑m / 2 ≤ z) (hupper_bound : z < ↑m / 2) : z.bmod m = z

theorem Int.bmod_ofNat_eq_of_lt (n : ℕ) (m : ℕ) (h : n < (m + 1) / 2) : (↑n).bmod m = ↑(n % m)

theorem Int.emod_eq_of_neg {a : ℤ} {b : ℤ} (H1 : a < 0) (H2 : 0 ≤ a + ↑b.natAbs) : a % b = ↑b.natAbs + a

Reflection

We have a decision procedure which operates on BitStream operations, but we'd like

def BitStream : Type

Equations

• BitStream = (ℕ → Bool)

Preliminaries

def BitStream.head (x : BitStream) : Bool

Equations

• x.head = x 0

def BitStream.tail (x : BitStream) : BitStream

Equations

• x✝.tail x = x✝ (x + 1)

def BitStream.concat (b : Bool) (x : BitStream) : BitStream

Append a single bit to the least significant end of a bitvector. That is, the new bit is the least significant bit.

Equations

• BitStream.concat b x 0 = b
• BitStream.concat b x i.succ = x i

@[reducible, inline]

abbrev BitStream.map (f : Bool → Bool) : BitStream → BitStream

map f maps a (unary) function over a bitstreams

Equations

• BitStream.map f x i = f (x i)

@[reducible, inline]

abbrev BitStream.map₂ (f : Bool → Bool → Bool) : BitStream → BitStream → BitStream

map₂ f maps a binary function over two bitstreams

Equations

• BitStream.map₂ f x y i = f (x i) (y i)

def BitStream.corec {β : Type u_1} (f : β → β × Bool) (b : β) : BitStream

Equations

• BitStream.corec f b i = (f ((Prod.fst ∘ f)^[i] b)).2

def BitStream.mapAccum₂ {α : Type u_1} (f : α → Bool → Bool → α × Bool) (init : α) (x : BitStream) (y : BitStream) : BitStream

mapAccum₂ ("binary map accumulate") maps a binary function f over two streams, while accumulating some state

Equations

• One or more equations did not get rendered due to their size.

theorem BitStream.ext {x : BitStream} {y : BitStream} (h : ∀ (i : ℕ), x i = y i) : x = y

theorem BitStream.compose_first {α : Type u₁} (i : ℕ) (a : α) (f : α → α × Bool) : (f ((Prod.fst ∘ f)^[i] a)).1 = (Prod.fst ∘ f)^[i] (f a).1

The field projection .1 distributes over function composition, so we can compute the first field of the result of the composition by repeatedly composing the first projection.

theorem BitStream.corec_eq_corec {α : Type u_1} {β : Type u_2} {a : α} {b : β} {f : α → α × Bool} {g : β → β × Bool} (R : α → β → Prop) (thing : R a b) (h : ∀ (a : α) (b : β), R a b → let x := f a; let y := g b; R x.1 y.1 ∧ x.2 = y.2) : BitStream.corec f a = BitStream.corec g b

Coinduction principle for corec. To show that corec f a = corec g b, we must show that:

• The relation R a b is inhabited ["base case"]
• Given that R a b holds, then R (f a) (g b) holds [coinductive case]

OfNat

def BitStream.ofNat (x : ℕ) : BitStream

Zero-extend a natural number to an infinite bitstream

Equations

• BitStream.ofNat x = x.testBit

instance BitStream.instOfNat {n : ℕ} : OfNat BitStream n

Equations

• BitStream.instOfNat = { ofNat := BitStream.ofNat n }

Conversions to and from BitVec

@[reducible, inline]

abbrev BitStream.ofBitVec {w : ℕ} (x : BitVec w) : BitStream

Sign-extend a finite bitvector x to the infinite stream (x.msb)^ω ⋅ x

Equations

• BitStream.ofBitVec x i = if i < w then x.getLsbD i else x.msb

def BitStream.toBitVec (w : ℕ) (x : BitStream) : BitVec w

x.toBitVec w returns the first w bits of bitstream x

Equations

• BitStream.toBitVec 0 x = 0#0
• BitStream.toBitVec i.succ x = BitVec.cons (x i) (BitStream.toBitVec i x)

def BitStream.EqualUpTo (w : ℕ) (x : BitStream) (y : BitStream) : Prop

EqualUpTo w x y holds iff x and y are equal in the first w bits

Equations

• BitStream.EqualUpTo w x y = ∀ i < w, x i = y i

def BitStream.printPrefix (x : BitStream) : ℕ → String

printPrefix x n returns a string with the first n digits of the bitstream x

Equations

• x.printPrefix 0 = "0b"
• x.printPrefix i.succ = x.tail.printPrefix i ++ if x.head = true then "1" else "0"

@[simp]

theorem BitStream.toBitVec_ofBitVec {w : ℕ} (x : BitVec w) (w' : ℕ) : BitStream.toBitVec w' (BitStream.ofBitVec x) = BitVec.signExtend w' x

theorem BitStream.toBitVec_eq_of_equalUpTo {w : ℕ} {x : BitStream} {y : BitStream} (h : BitStream.EqualUpTo w x y) : BitStream.toBitVec w x = BitStream.toBitVec w y

theorem BitStream.eq_of_ofBitVec_eq {w : ℕ} (x : BitVec w) (y : BitVec w) : BitStream.EqualUpTo w (BitStream.ofBitVec x) (BitStream.ofBitVec y) → x = y

Bitwise Operations

instance BitStream.instComplement : Complement BitStream

Equations

• BitStream.instComplement = { complement := BitStream.map not }

instance BitStream.instAndOp : AndOp BitStream

Equations

• BitStream.instAndOp = { and := BitStream.map₂ and }

instance BitStream.instOrOp : OrOp BitStream

Equations

• BitStream.instOrOp = { or := BitStream.map₂ or }

instance BitStream.instXor : Xor BitStream

Equations

• BitStream.instXor = { xor := BitStream.map₂ xor }

@[simp]

theorem BitStream.not_eq (x : BitStream) (i : ℕ) : (~~~x) i = !x i

@[simp]

theorem BitStream.and_eq (x : BitStream) (y : BitStream) (i : ℕ) : (x &&& y) i = (x i && y i)

@[simp]

theorem BitStream.or_eq (x : BitStream) (y : BitStream) (i : ℕ) : (x ||| y) i = (x i || y i)

@[simp]

theorem BitStream.xor_eq (x : BitStream) (y : BitStream) (i : ℕ) : (x ^^^ y) i = (x i ^^ y i)

@[simp]

theorem BitStream.ofBitVec_complement {w : ℕ} (x : BitVec (w + 1)) : BitStream.ofBitVec (~~~x) = ~~~BitStream.ofBitVec x

@[simp]

theorem BitStream.ofBitVec_and {w : ℕ} {x : BitVec w} {y : BitVec w} : BitStream.ofBitVec (x &&& y) = BitStream.ofBitVec x &&& BitStream.ofBitVec y

@[simp]

theorem BitStream.ofBitVec_or {w : ℕ} {x : BitVec w} {y : BitVec w} : BitStream.ofBitVec (x ||| y) = BitStream.ofBitVec x ||| BitStream.ofBitVec y

@[simp]

theorem BitStream.ofBitVec_xor {w : ℕ} {x : BitVec w} {y : BitVec w} : BitStream.ofBitVec (x ^^^ y) = BitStream.ofBitVec x ^^^ BitStream.ofBitVec y

@[simp]

theorem BitStream.ofBitVec_not {w : ℕ} (x : BitVec (w + 1)) : BitStream.ofBitVec (~~~x) = ~~~BitStream.ofBitVec x

Addition, Subtraction, Negation

def BitStream.addAux (x : BitStream) (y : BitStream) (i : ℕ) : Bool × Bool

Equations

• x.addAux y 0 = (BitVec.adcb (x 0) (y 0) false).swap
• x.addAux y i_1.succ = (BitVec.adcb (x i_1.succ) (y i_1.succ) (x.addAux y i_1).2).swap

def BitStream.add (x : BitStream) (y : BitStream) : BitStream

Equations

• x.add y n = (x.addAux y n).1

def BitStream.subAux (x : BitStream) (y : BitStream) : ℕ → Bool × Bool

Equations

• x.subAux y 0 = (x 0 ^^ y 0, !x 0 && y 0)
• x.subAux y i.succ = (x (i + 1) ^^ (y (i + 1) ^^ (x.subAux y i).2), !x (i + 1) && y (i + 1) || !(x (i + 1) ^^ y (i + 1)) && (x.subAux y i).2)

def BitStream.sub (x : BitStream) (y : BitStream) : BitStream

Equations

• x.sub y n = (x.subAux y n).1

def BitStream.negAux (x : BitStream) : ℕ → Bool × Bool

Equations

• x.negAux 0 = (x 0, !x 0)
• x.negAux i.succ = (!x (i + 1) ^^ (x.negAux i).2, !x (i + 1) && (x.negAux i).2)

def BitStream.neg (x : BitStream) : BitStream

Equations

• x.neg n = (x.negAux n).1

def BitStream.incrAux (x : BitStream) : ℕ → Bool × Bool

Equations

• x.incrAux 0 = (!x 0, x 0)
• x.incrAux i.succ = (x (i + 1) ^^ (x.incrAux i).2, x (i + 1) && (x.incrAux i).2)

def BitStream.incr (x : BitStream) : BitStream

Equations

• x.incr n = (x.incrAux n).1

def BitStream.decrAux (x : BitStream) : ℕ → Bool × Bool

Equations

• x.decrAux 0 = (!x 0, !x 0)
• x.decrAux i.succ = (x (i + 1) ^^ (x.decrAux i).2, !x (i + 1) && (x.decrAux i).2)

def BitStream.decr (x : BitStream) : BitStream

Equations

• x.decr n = (x.decrAux n).1

def BitStream.carry (x : BitStream) (y : BitStream) : BitStream

Equations

• x.carry y n = (x.addAux y n).1

instance BitStream.instAdd : Add BitStream

Equations

• BitStream.instAdd = { add := BitStream.add }

instance BitStream.instNeg : Neg BitStream

Equations

• BitStream.instNeg = { neg := BitStream.neg }

instance BitStream.instSub : Sub BitStream

Equations

• BitStream.instSub = { sub := BitStream.sub }

def BitStream.repeatBit (xs : BitStream) : BitStream

repeatBit xs will repeat the first bit of xs which is true. That is, it will be all-zeros iff xs is all-zeroes, otherwise, there's some number k so that after dropping the k least significant bits, repeatBit xs is all-ones.

Equations

• One or more equations did not get rendered due to their size.

TODO: We should define addition and carry in terms of mapAccum. For example: def add := mapAccum₂ BitVec.adcb false and

def carry : BitStream → BitStream → BitStream :=
  mapAccum₂ (fun c x₀ y₀ =>
    let c' := Bool.atLeastTwo c x₀ y₀
    (c', c')
  ) false

Following the same pattern as for ofBitVec_and, _or, etc., we would expect an equality like: ofBitVec (x + y) = (ofBitVec x) + (ofBitVec y) However, this is not actually true, since the left hand side does addition on the bitvector level, thus forgets the extra carry bit, while rhe rhs does addition on streams, thus could have a bit set in the w+1th position.

Crucially, our decision procedure works by considering which equalities hold for all widths,

theorem BitStream.neg_neg {a : BitStream} : a = - -a

def BitStream.subCarries? (a : BitStream) (b : BitStream) (i : ℕ) : Bool

Will subAux overflow/carry when computing a - b?

Equations

• a.subCarries? b 0 = (!a 0 && b 0 || !(a 0 ^^ b 0) && false)
• a.subCarries? b i_1.succ = (!a i_1.succ && b i_1.succ || !(a i_1.succ ^^ b i_1.succ) && a.subCarries? b i_1)

theorem BitStream.neg_or_add {a : BitStream} {b : BitStream} (i : ℕ) : (b.negAux i).2 = false ∨ (a.addAux b.neg i).2 = false

For any i : ℕ, either the ith bit of -b will not overflow, or the ith bit of (a + -b) will not overflow.

theorem BitStream.subCarries?_correct {a : BitStream} {b : BitStream} (i : ℕ) : a.subCarries? b i = ((b.negAux i).2 == (a.addAux b.neg i).2)

Whether a - b will overflow is equivalent to -b overflows = (a + - b) overflows.

theorem BitStream.subAux_inductive_lemma {a : BitStream} {b : BitStream} (i : ℕ) : a.subAux b i = ((a.addAux b.neg i).1, a.subCarries? b i)

theorem BitStream.sub_eq_add_neg {a : BitStream} {b : BitStream} : a - b = a + -b

@[simp]

theorem BitStream.ofBitVec_getLsbD {w : ℕ} {x : BitVec w} (n : ℕ) (h : n < w) : BitStream.ofBitVec x n = x.getLsbD n

theorem BitStream.ofBitVec_add {w : ℕ} {x : BitVec w} {y : BitVec w} : BitStream.EqualUpTo w (BitStream.ofBitVec (x + y)) (BitStream.ofBitVec x + BitStream.ofBitVec y)

theorem BitStream.equal_up_to_refl {w : ℕ} {a : BitStream} : BitStream.EqualUpTo w a a

theorem BitStream.equal_up_to_symm {w : ℕ} {a : BitStream} {b : BitStream} (e : BitStream.EqualUpTo w a b) : BitStream.EqualUpTo w b a

theorem BitStream.equal_up_to_trans {w : ℕ} {a : BitStream} {b : BitStream} {c : BitStream} (e1 : BitStream.EqualUpTo w a b) (e2 : BitStream.EqualUpTo w b c) : BitStream.EqualUpTo w a c

instance BitStream.congr_trans {w : ℕ} : Trans (BitStream.EqualUpTo w) (BitStream.EqualUpTo w) (BitStream.EqualUpTo w)

Equations

• BitStream.congr_trans = { trans := ⋯ }

theorem BitStream.add_congr {w : ℕ} {a : BitStream} {b : BitStream} {c : BitStream} {d : BitStream} (e1 : BitStream.EqualUpTo w a b) (e2 : BitStream.EqualUpTo w c d) : BitStream.EqualUpTo w (a + c) (b + d)

theorem BitStream.and_congr {w : ℕ} {a : BitStream} {b : BitStream} {c : BitStream} {d : BitStream} (e1 : BitStream.EqualUpTo w a b) (e2 : BitStream.EqualUpTo w c d) : BitStream.EqualUpTo w (a &&& c) (b &&& d)

theorem BitStream.or_congr {w : ℕ} {a : BitStream} {b : BitStream} {c : BitStream} {d : BitStream} (e1 : BitStream.EqualUpTo w a b) (e2 : BitStream.EqualUpTo w c d) : BitStream.EqualUpTo w (a ||| c) (b ||| d)

theorem BitStream.xor_congr {w : ℕ} {a : BitStream} {b : BitStream} {c : BitStream} {d : BitStream} (e1 : BitStream.EqualUpTo w a b) (e2 : BitStream.EqualUpTo w c d) : BitStream.EqualUpTo w (a ^^^ c) (b ^^^ d)

theorem BitStream.not_congr {w : ℕ} {a : BitStream} {b : BitStream} (e1 : BitStream.EqualUpTo w a b) : BitStream.EqualUpTo w (~~~a) (~~~b)

theorem BitStream.ofBitVec_not_eqTo {w : ℕ} {x : BitVec w} : BitStream.EqualUpTo w (BitStream.ofBitVec (~~~x)) (~~~BitStream.ofBitVec x)

theorem BitStream.negAux_eq_not_addAux {a : BitStream} : a.negAux = (~~~a).addAux 1

theorem BitStream.neg_eq_not_add {a : BitStream} : -a = ~~~a + 1

theorem BitStream.ofNat_one (i : ℕ) : BitStream.ofNat 1 i = decide (0 = i)

theorem BitStream.ofBitVec_one_eqTo_ofNat {w : ℕ} : BitStream.EqualUpTo w (BitStream.ofBitVec 1) (BitStream.ofNat 1)

theorem BitStream.ofBitVec_neg {w : ℕ} {x : BitVec w} : BitStream.EqualUpTo w (BitStream.ofBitVec (-x)) (-BitStream.ofBitVec x)

theorem BitStream.ofBitVec_sub {w : ℕ} {x : BitVec w} {y : BitVec w} : BitStream.EqualUpTo w (BitStream.ofBitVec (x - y)) (BitStream.ofBitVec x - BitStream.ofBitVec y)

theorem BitStream.incr_add {w : ℕ} {a : BitStream} : BitStream.EqualUpTo w (a + BitStream.ofBitVec 1) a.incr

theorem BitStream.ofBitVec_incr {w : ℕ} {n : ℕ} : BitStream.EqualUpTo w (BitStream.ofBitVec (BitVec.ofNat w n.succ)) (BitStream.ofBitVec (BitVec.ofNat w n)).incr

theorem BitStream.incr_congr {w : ℕ} {a : BitStream} {b : BitStream} (h : BitStream.EqualUpTo w a b) : BitStream.EqualUpTo w a.incr b.incr

theorem BitStream.sub_congr {w : ℕ} {a : BitStream} {b : BitStream} {c : BitStream} {d : BitStream} (e1 : BitStream.EqualUpTo w a b) (e2 : BitStream.EqualUpTo w c d) : BitStream.EqualUpTo w (a - c) (b - d)

theorem BitStream.neg_congr {w : ℕ} {a : BitStream} {b : BitStream} (e1 : BitStream.EqualUpTo w a b) : BitStream.EqualUpTo w (-a) (-b)

theorem BitStream.ofBitVec_add_congr {w : ℕ} {x : BitVec w} {y : BitVec w} {a : BitStream} {b : BitStream} (h1 : BitStream.EqualUpTo w (BitStream.ofBitVec x) a) (h2 : BitStream.EqualUpTo w (BitStream.ofBitVec y) b) : BitStream.EqualUpTo w (BitStream.ofBitVec (x + y)) (a + b)

theorem BitStream.ofBitVec_sub_congr {w : ℕ} {x : BitVec w} {y : BitVec w} {a : BitStream} {b : BitStream} (h1 : BitStream.EqualUpTo w (BitStream.ofBitVec x) a) (h2 : BitStream.EqualUpTo w (BitStream.ofBitVec y) b) : BitStream.EqualUpTo w (BitStream.ofBitVec (x - y)) (a - b)

theorem BitStream.ofBitVec_neg_congr {w : ℕ} {x : BitVec w} {a : BitStream} (h1 : BitStream.EqualUpTo w (BitStream.ofBitVec x) a) : BitStream.EqualUpTo w (BitStream.ofBitVec (-x)) (-a)

theorem BitStream.ofBitVec_xor_congr {w : ℕ} {x : BitVec w} {y : BitVec w} {a : BitStream} {b : BitStream} (h1 : BitStream.EqualUpTo w (BitStream.ofBitVec x) a) (h2 : BitStream.EqualUpTo w (BitStream.ofBitVec y) b) : BitStream.EqualUpTo w (BitStream.ofBitVec (x ^^^ y)) (a ^^^ b)

theorem BitStream.ofBitVec_and_congr {w : ℕ} {x : BitVec w} {y : BitVec w} {a : BitStream} {b : BitStream} (h1 : BitStream.EqualUpTo w (BitStream.ofBitVec x) a) (h2 : BitStream.EqualUpTo w (BitStream.ofBitVec y) b) : BitStream.EqualUpTo w (BitStream.ofBitVec (x &&& y)) (a &&& b)

theorem BitStream.ofBitVec_or_congr {w : ℕ} {x : BitVec w} {y : BitVec w} {a : BitStream} {b : BitStream} (h1 : BitStream.EqualUpTo w (BitStream.ofBitVec x) a) (h2 : BitStream.EqualUpTo w (BitStream.ofBitVec y) b) : BitStream.EqualUpTo w (BitStream.ofBitVec (x ||| y)) (a ||| b)

theorem BitStream.ofBitVec_not_congr {w : ℕ} {x : BitVec w} {a : BitStream} (h1 : BitStream.EqualUpTo w (BitStream.ofBitVec x) a) : BitStream.EqualUpTo w (BitStream.ofBitVec (~~~x)) (~~~a)

theorem BitStream.equal_congr_congr {w : ℕ} {a : BitStream} {b : BitStream} {c : BitStream} {d : BitStream} (e1 : BitStream.EqualUpTo w a b) (e2 : BitStream.EqualUpTo w c d) : BitStream.EqualUpTo w a c = BitStream.EqualUpTo w b d

OfInt

Using OfInt we can convert an Int into the infinite bitstream that represents that particular constant

def BitStream.ofInt : ℤ → BitStream

Sign-extend an integer to its representation as a 2-adic number (morally, an infinite width 2s complement representation)

Equations

• BitStream.ofInt (Int.ofNat n) = BitStream.ofNat n
• BitStream.ofInt (Int.negSucc n) = -BitStream.ofNat (n + 1)

@[reducible, inline]

abbrev BitStream.zero : BitStream

Equations

• BitStream.zero x = false

@[reducible, inline]

abbrev BitStream.one : BitStream

Equations

• BitStream.one x = (x == 0)

@[reducible, inline]

abbrev BitStream.negOne : BitStream

Equations

• BitStream.negOne x = true

@[simp]

theorem BitStream.zero_eq (i : ℕ) : BitStream.zero i = false

@[simp]

theorem BitStream.one_eq (i : ℕ) : BitStream.one i = (i == 0)

@[simp]

theorem BitStream.negOne_eq (i : ℕ) : BitStream.negOne i = true