author | haftmann |
Sun, 09 Feb 2020 10:46:32 +0000 | |
changeset 71424 | e83fe2c31088 |
parent 71418 | bd9d27ccb3a3 |
child 71443 | ff6394cfc05c |
permissions | -rw-r--r-- |
64015 | 1 |
(* Author: Florian Haftmann, TUM |
2 |
*) |
|
3 |
||
4 |
section \<open>Proof of concept for algebraically founded bit word types\<close> |
|
5 |
||
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
6 |
theory Word |
64015 | 7 |
imports |
8 |
Main |
|
66453
cc19f7ca2ed6
session-qualified theory imports: isabelle imports -U -i -d '~~/src/Benchmarks' -a;
wenzelm
parents:
64593
diff
changeset
|
9 |
"HOL-Library.Type_Length" |
71095 | 10 |
"HOL-ex.Bit_Operations" |
64015 | 11 |
begin |
12 |
||
70925 | 13 |
subsection \<open>Preliminaries\<close> |
14 |
||
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
15 |
definition signed_take_bit :: "nat \<Rightarrow> int \<Rightarrow> int" |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
16 |
where signed_take_bit_eq_take_bit: |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
17 |
"signed_take_bit n k = take_bit (Suc n) (k + 2 ^ n) - 2 ^ n" |
64015 | 18 |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
19 |
lemma signed_take_bit_eq_take_bit': |
70171 | 20 |
"signed_take_bit (n - Suc 0) k = take_bit n (k + 2 ^ (n - 1)) - 2 ^ (n - 1)" if "n > 0" |
21 |
using that by (simp add: signed_take_bit_eq_take_bit) |
|
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
22 |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
23 |
lemma signed_take_bit_0 [simp]: |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
24 |
"signed_take_bit 0 k = - (k mod 2)" |
64015 | 25 |
proof (cases "even k") |
26 |
case True |
|
27 |
then have "odd (k + 1)" |
|
28 |
by simp |
|
29 |
then have "(k + 1) mod 2 = 1" |
|
30 |
by (simp add: even_iff_mod_2_eq_zero) |
|
31 |
with True show ?thesis |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
32 |
by (simp add: signed_take_bit_eq_take_bit) |
64015 | 33 |
next |
34 |
case False |
|
35 |
then show ?thesis |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
36 |
by (simp add: signed_take_bit_eq_take_bit odd_iff_mod_2_eq_one) |
64015 | 37 |
qed |
38 |
||
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
39 |
lemma signed_take_bit_Suc [simp]: |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
40 |
"signed_take_bit (Suc n) k = signed_take_bit n (k div 2) * 2 + k mod 2" |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
41 |
by (simp add: odd_iff_mod_2_eq_one signed_take_bit_eq_take_bit algebra_simps) |
64015 | 42 |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
43 |
lemma signed_take_bit_of_0 [simp]: |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
44 |
"signed_take_bit n 0 = 0" |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
45 |
by (simp add: signed_take_bit_eq_take_bit take_bit_eq_mod) |
64015 | 46 |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
47 |
lemma signed_take_bit_of_minus_1 [simp]: |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
48 |
"signed_take_bit n (- 1) = - 1" |
64015 | 49 |
by (induct n) simp_all |
50 |
||
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
51 |
lemma signed_take_bit_eq_iff_take_bit_eq: |
70171 | 52 |
"signed_take_bit (n - Suc 0) k = signed_take_bit (n - Suc 0) l \<longleftrightarrow> take_bit n k = take_bit n l" (is "?P \<longleftrightarrow> ?Q") |
53 |
if "n > 0" |
|
64015 | 54 |
proof - |
70171 | 55 |
from that obtain m where m: "n = Suc m" |
64015 | 56 |
by (cases n) auto |
57 |
show ?thesis |
|
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
58 |
proof |
64015 | 59 |
assume ?Q |
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
60 |
have "take_bit (Suc m) (k + 2 ^ m) = |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
61 |
take_bit (Suc m) (take_bit (Suc m) k + take_bit (Suc m) (2 ^ m))" |
67961 | 62 |
by (simp only: take_bit_add) |
64015 | 63 |
also have "\<dots> = |
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
64 |
take_bit (Suc m) (take_bit (Suc m) l + take_bit (Suc m) (2 ^ m))" |
64015 | 65 |
by (simp only: \<open>?Q\<close> m [symmetric]) |
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
66 |
also have "\<dots> = take_bit (Suc m) (l + 2 ^ m)" |
67961 | 67 |
by (simp only: take_bit_add) |
64015 | 68 |
finally show ?P |
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
69 |
by (simp only: signed_take_bit_eq_take_bit m) simp |
64015 | 70 |
next |
71 |
assume ?P |
|
70171 | 72 |
with that have "(k + 2 ^ (n - Suc 0)) mod 2 ^ n = (l + 2 ^ (n - Suc 0)) mod 2 ^ n" |
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
73 |
by (simp add: signed_take_bit_eq_take_bit' take_bit_eq_mod) |
64015 | 74 |
then have "(i + (k + 2 ^ (n - Suc 0))) mod 2 ^ n = (i + (l + 2 ^ (n - Suc 0))) mod 2 ^ n" for i |
75 |
by (metis mod_add_eq) |
|
76 |
then have "k mod 2 ^ n = l mod 2 ^ n" |
|
77 |
by (metis add_diff_cancel_right' uminus_add_conv_diff) |
|
78 |
then show ?Q |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
79 |
by (simp add: take_bit_eq_mod) |
64015 | 80 |
qed |
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
81 |
qed |
64015 | 82 |
|
83 |
||
84 |
subsection \<open>Bit strings as quotient type\<close> |
|
85 |
||
86 |
subsubsection \<open>Basic properties\<close> |
|
87 |
||
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
88 |
quotient_type (overloaded) 'a word = int / "\<lambda>k l. take_bit LENGTH('a) k = take_bit LENGTH('a::len0) l" |
64015 | 89 |
by (auto intro!: equivpI reflpI sympI transpI) |
90 |
||
91 |
instantiation word :: (len0) "{semiring_numeral, comm_semiring_0, comm_ring}" |
|
92 |
begin |
|
93 |
||
94 |
lift_definition zero_word :: "'a word" |
|
95 |
is 0 |
|
96 |
. |
|
97 |
||
98 |
lift_definition one_word :: "'a word" |
|
99 |
is 1 |
|
100 |
. |
|
101 |
||
102 |
lift_definition plus_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> 'a word" |
|
103 |
is plus |
|
67961 | 104 |
by (subst take_bit_add [symmetric]) (simp add: take_bit_add) |
64015 | 105 |
|
106 |
lift_definition uminus_word :: "'a word \<Rightarrow> 'a word" |
|
107 |
is uminus |
|
71424 | 108 |
by (subst take_bit_minus [symmetric]) (simp add: take_bit_minus) |
64015 | 109 |
|
110 |
lift_definition minus_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> 'a word" |
|
111 |
is minus |
|
71424 | 112 |
by (subst take_bit_diff [symmetric]) (simp add: take_bit_diff) |
64015 | 113 |
|
114 |
lift_definition times_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> 'a word" |
|
115 |
is times |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
116 |
by (auto simp add: take_bit_eq_mod intro: mod_mult_cong) |
64015 | 117 |
|
118 |
instance |
|
119 |
by standard (transfer; simp add: algebra_simps)+ |
|
120 |
||
121 |
end |
|
122 |
||
123 |
instance word :: (len) comm_ring_1 |
|
124 |
by standard (transfer; simp)+ |
|
125 |
||
70903 | 126 |
quickcheck_generator word |
127 |
constructors: |
|
128 |
"zero_class.zero :: ('a::len0) word", |
|
129 |
"numeral :: num \<Rightarrow> ('a::len0) word", |
|
130 |
"uminus :: ('a::len0) word \<Rightarrow> ('a::len0) word" |
|
131 |
||
70973 | 132 |
context |
133 |
includes lifting_syntax |
|
134 |
notes power_transfer [transfer_rule] |
|
135 |
begin |
|
136 |
||
137 |
lemma power_transfer_word [transfer_rule]: |
|
138 |
\<open>(pcr_word ===> (=) ===> pcr_word) (^) (^)\<close> |
|
139 |
by transfer_prover |
|
140 |
||
141 |
end |
|
142 |
||
64015 | 143 |
|
144 |
subsubsection \<open>Conversions\<close> |
|
145 |
||
70927 | 146 |
context |
147 |
includes lifting_syntax |
|
71182 | 148 |
notes |
149 |
transfer_rule_of_bool [transfer_rule] |
|
150 |
transfer_rule_numeral [transfer_rule] |
|
70927 | 151 |
transfer_rule_of_nat [transfer_rule] |
152 |
transfer_rule_of_int [transfer_rule] |
|
153 |
begin |
|
70348
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
154 |
|
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
155 |
lemma [transfer_rule]: |
71182 | 156 |
"((=) ===> (pcr_word :: int \<Rightarrow> 'a::len word \<Rightarrow> bool)) of_bool of_bool" |
157 |
by transfer_prover |
|
158 |
||
159 |
lemma [transfer_rule]: |
|
70927 | 160 |
"((=) ===> (pcr_word :: int \<Rightarrow> 'a::len word \<Rightarrow> bool)) numeral numeral" |
161 |
by transfer_prover |
|
162 |
||
163 |
lemma [transfer_rule]: |
|
164 |
"((=) ===> pcr_word) int of_nat" |
|
165 |
by transfer_prover |
|
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
166 |
|
64015 | 167 |
lemma [transfer_rule]: |
70927 | 168 |
"((=) ===> pcr_word) (\<lambda>k. k) of_int" |
64015 | 169 |
proof - |
70927 | 170 |
have "((=) ===> pcr_word) of_int of_int" |
64015 | 171 |
by transfer_prover |
172 |
then show ?thesis by (simp add: id_def) |
|
173 |
qed |
|
174 |
||
70927 | 175 |
end |
176 |
||
70973 | 177 |
lemma abs_word_eq: |
178 |
"abs_word = of_int" |
|
179 |
by (rule ext) (transfer, rule) |
|
180 |
||
64015 | 181 |
context semiring_1 |
182 |
begin |
|
183 |
||
184 |
lift_definition unsigned :: "'b::len0 word \<Rightarrow> 'a" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
185 |
is "of_nat \<circ> nat \<circ> take_bit LENGTH('b)" |
64015 | 186 |
by simp |
187 |
||
188 |
lemma unsigned_0 [simp]: |
|
189 |
"unsigned 0 = 0" |
|
190 |
by transfer simp |
|
191 |
||
192 |
end |
|
193 |
||
194 |
context semiring_char_0 |
|
195 |
begin |
|
196 |
||
197 |
lemma word_eq_iff_unsigned: |
|
198 |
"a = b \<longleftrightarrow> unsigned a = unsigned b" |
|
199 |
by safe (transfer; simp add: eq_nat_nat_iff) |
|
200 |
||
201 |
end |
|
202 |
||
70903 | 203 |
instantiation word :: (len0) equal |
204 |
begin |
|
205 |
||
206 |
definition equal_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> bool" |
|
207 |
where "equal_word a b \<longleftrightarrow> (unsigned a :: int) = unsigned b" |
|
208 |
||
209 |
instance proof |
|
210 |
fix a b :: "'a word" |
|
211 |
show "HOL.equal a b \<longleftrightarrow> a = b" |
|
212 |
using word_eq_iff_unsigned [of a b] by (auto simp add: equal_word_def) |
|
213 |
qed |
|
214 |
||
215 |
end |
|
216 |
||
64015 | 217 |
context ring_1 |
218 |
begin |
|
219 |
||
220 |
lift_definition signed :: "'b::len word \<Rightarrow> 'a" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
221 |
is "of_int \<circ> signed_take_bit (LENGTH('b) - 1)" |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
222 |
by (simp add: signed_take_bit_eq_iff_take_bit_eq [symmetric]) |
64015 | 223 |
|
224 |
lemma signed_0 [simp]: |
|
225 |
"signed 0 = 0" |
|
226 |
by transfer simp |
|
227 |
||
228 |
end |
|
229 |
||
230 |
lemma unsigned_of_nat [simp]: |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
231 |
"unsigned (of_nat n :: 'a word) = take_bit LENGTH('a::len) n" |
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
232 |
by transfer (simp add: nat_eq_iff take_bit_eq_mod zmod_int) |
64015 | 233 |
|
234 |
lemma of_nat_unsigned [simp]: |
|
235 |
"of_nat (unsigned a) = a" |
|
236 |
by transfer simp |
|
237 |
||
238 |
lemma of_int_unsigned [simp]: |
|
239 |
"of_int (unsigned a) = a" |
|
240 |
by transfer simp |
|
241 |
||
70973 | 242 |
lemma unsigned_nat_less: |
243 |
\<open>unsigned a < (2 ^ LENGTH('a) :: nat)\<close> for a :: \<open>'a::len0 word\<close> |
|
244 |
by transfer (simp add: take_bit_eq_mod) |
|
245 |
||
246 |
lemma unsigned_int_less: |
|
247 |
\<open>unsigned a < (2 ^ LENGTH('a) :: int)\<close> for a :: \<open>'a::len0 word\<close> |
|
248 |
by transfer (simp add: take_bit_eq_mod) |
|
249 |
||
64015 | 250 |
context ring_char_0 |
251 |
begin |
|
252 |
||
253 |
lemma word_eq_iff_signed: |
|
254 |
"a = b \<longleftrightarrow> signed a = signed b" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
255 |
by safe (transfer; auto simp add: signed_take_bit_eq_iff_take_bit_eq) |
64015 | 256 |
|
257 |
end |
|
258 |
||
259 |
lemma signed_of_int [simp]: |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
260 |
"signed (of_int k :: 'a word) = signed_take_bit (LENGTH('a::len) - 1) k" |
64015 | 261 |
by transfer simp |
262 |
||
263 |
lemma of_int_signed [simp]: |
|
264 |
"of_int (signed a) = a" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
265 |
by transfer (simp add: signed_take_bit_eq_take_bit take_bit_eq_mod mod_simps) |
64015 | 266 |
|
267 |
||
268 |
subsubsection \<open>Properties\<close> |
|
269 |
||
71196 | 270 |
lemma exp_eq_zero_iff: |
271 |
\<open>(2 :: 'a::len word) ^ n = 0 \<longleftrightarrow> LENGTH('a) \<le> n\<close> |
|
272 |
by transfer simp |
|
273 |
||
64015 | 274 |
|
275 |
subsubsection \<open>Division\<close> |
|
276 |
||
277 |
instantiation word :: (len0) modulo |
|
278 |
begin |
|
279 |
||
280 |
lift_definition divide_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> 'a word" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
281 |
is "\<lambda>a b. take_bit LENGTH('a) a div take_bit LENGTH('a) b" |
64015 | 282 |
by simp |
283 |
||
284 |
lift_definition modulo_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> 'a word" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
285 |
is "\<lambda>a b. take_bit LENGTH('a) a mod take_bit LENGTH('a) b" |
64015 | 286 |
by simp |
287 |
||
288 |
instance .. |
|
289 |
||
290 |
end |
|
291 |
||
70973 | 292 |
lemma zero_word_div_eq [simp]: |
293 |
\<open>0 div a = 0\<close> for a :: \<open>'a::len0 word\<close> |
|
294 |
by transfer simp |
|
295 |
||
296 |
lemma div_zero_word_eq [simp]: |
|
297 |
\<open>a div 0 = 0\<close> for a :: \<open>'a::len0 word\<close> |
|
298 |
by transfer simp |
|
299 |
||
70927 | 300 |
context |
301 |
includes lifting_syntax |
|
302 |
begin |
|
303 |
||
70348
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
304 |
lemma [transfer_rule]: |
70927 | 305 |
"(pcr_word ===> (\<longleftrightarrow>)) even ((dvd) 2 :: 'a::len word \<Rightarrow> bool)" |
70348
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
306 |
proof - |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
307 |
have even_word_unfold: "even k \<longleftrightarrow> (\<exists>l. take_bit LENGTH('a) k = take_bit LENGTH('a) (2 * l))" (is "?P \<longleftrightarrow> ?Q") |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
308 |
for k :: int |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
309 |
proof |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
310 |
assume ?P |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
311 |
then show ?Q |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
312 |
by auto |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
313 |
next |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
314 |
assume ?Q |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
315 |
then obtain l where "take_bit LENGTH('a) k = take_bit LENGTH('a) (2 * l)" .. |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
316 |
then have "even (take_bit LENGTH('a) k)" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
317 |
by simp |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
318 |
then show ?P |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
319 |
by simp |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
320 |
qed |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
321 |
show ?thesis by (simp only: even_word_unfold [abs_def] dvd_def [where ?'a = "'a word", abs_def]) |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
322 |
transfer_prover |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
323 |
qed |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
324 |
|
70927 | 325 |
end |
326 |
||
70348
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
327 |
instance word :: (len) semiring_modulo |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
328 |
proof |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
329 |
show "a div b * b + a mod b = a" for a b :: "'a word" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
330 |
proof transfer |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
331 |
fix k l :: int |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
332 |
define r :: int where "r = 2 ^ LENGTH('a)" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
333 |
then have r: "take_bit LENGTH('a) k = k mod r" for k |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
334 |
by (simp add: take_bit_eq_mod) |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
335 |
have "k mod r = ((k mod r) div (l mod r) * (l mod r) |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
336 |
+ (k mod r) mod (l mod r)) mod r" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
337 |
by (simp add: div_mult_mod_eq) |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
338 |
also have "... = (((k mod r) div (l mod r) * (l mod r)) mod r |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
339 |
+ (k mod r) mod (l mod r)) mod r" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
340 |
by (simp add: mod_add_left_eq) |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
341 |
also have "... = (((k mod r) div (l mod r) * l) mod r |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
342 |
+ (k mod r) mod (l mod r)) mod r" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
343 |
by (simp add: mod_mult_right_eq) |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
344 |
finally have "k mod r = ((k mod r) div (l mod r) * l |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
345 |
+ (k mod r) mod (l mod r)) mod r" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
346 |
by (simp add: mod_simps) |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
347 |
with r show "take_bit LENGTH('a) (take_bit LENGTH('a) k div take_bit LENGTH('a) l * l |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
348 |
+ take_bit LENGTH('a) k mod take_bit LENGTH('a) l) = take_bit LENGTH('a) k" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
349 |
by simp |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
350 |
qed |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
351 |
qed |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
352 |
|
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
353 |
instance word :: (len) semiring_parity |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
354 |
proof |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
355 |
show "\<not> 2 dvd (1::'a word)" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
356 |
by transfer simp |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
357 |
show even_iff_mod_2_eq_0: "2 dvd a \<longleftrightarrow> a mod 2 = 0" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
358 |
for a :: "'a word" |
71195 | 359 |
by transfer (simp_all add: mod_2_eq_odd) |
70348
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
360 |
show "\<not> 2 dvd a \<longleftrightarrow> a mod 2 = 1" |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
361 |
for a :: "'a word" |
71195 | 362 |
by transfer (simp_all add: mod_2_eq_odd) |
70348
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
363 |
qed |
bde161c740ca
more theorems for proof of concept for word type
haftmann
parents:
70171
diff
changeset
|
364 |
|
64015 | 365 |
|
366 |
subsubsection \<open>Orderings\<close> |
|
367 |
||
368 |
instantiation word :: (len0) linorder |
|
369 |
begin |
|
370 |
||
371 |
lift_definition less_eq_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> bool" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
372 |
is "\<lambda>a b. take_bit LENGTH('a) a \<le> take_bit LENGTH('a) b" |
64015 | 373 |
by simp |
374 |
||
375 |
lift_definition less_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> bool" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
376 |
is "\<lambda>a b. take_bit LENGTH('a) a < take_bit LENGTH('a) b" |
64015 | 377 |
by simp |
378 |
||
379 |
instance |
|
380 |
by standard (transfer; auto)+ |
|
381 |
||
382 |
end |
|
383 |
||
384 |
context linordered_semidom |
|
385 |
begin |
|
386 |
||
387 |
lemma word_less_eq_iff_unsigned: |
|
388 |
"a \<le> b \<longleftrightarrow> unsigned a \<le> unsigned b" |
|
389 |
by (transfer fixing: less_eq) (simp add: nat_le_eq_zle) |
|
390 |
||
391 |
lemma word_less_iff_unsigned: |
|
392 |
"a < b \<longleftrightarrow> unsigned a < unsigned b" |
|
67907
02a14c1cb917
prefer convention to place operation name before type name
haftmann
parents:
67816
diff
changeset
|
393 |
by (transfer fixing: less) (auto dest: preorder_class.le_less_trans [OF take_bit_nonnegative]) |
64015 | 394 |
|
395 |
end |
|
396 |
||
70973 | 397 |
lemma word_greater_zero_iff: |
398 |
\<open>a > 0 \<longleftrightarrow> a \<noteq> 0\<close> for a :: \<open>'a::len0 word\<close> |
|
399 |
by transfer (simp add: less_le) |
|
400 |
||
401 |
lemma of_nat_word_eq_iff: |
|
402 |
\<open>of_nat m = (of_nat n :: 'a::len word) \<longleftrightarrow> take_bit LENGTH('a) m = take_bit LENGTH('a) n\<close> |
|
403 |
by transfer (simp add: take_bit_of_nat) |
|
404 |
||
405 |
lemma of_nat_word_less_eq_iff: |
|
406 |
\<open>of_nat m \<le> (of_nat n :: 'a::len word) \<longleftrightarrow> take_bit LENGTH('a) m \<le> take_bit LENGTH('a) n\<close> |
|
407 |
by transfer (simp add: take_bit_of_nat) |
|
408 |
||
409 |
lemma of_nat_word_less_iff: |
|
410 |
\<open>of_nat m < (of_nat n :: 'a::len word) \<longleftrightarrow> take_bit LENGTH('a) m < take_bit LENGTH('a) n\<close> |
|
411 |
by transfer (simp add: take_bit_of_nat) |
|
412 |
||
413 |
lemma of_nat_word_eq_0_iff: |
|
414 |
\<open>of_nat n = (0 :: 'a::len word) \<longleftrightarrow> 2 ^ LENGTH('a) dvd n\<close> |
|
415 |
using of_nat_word_eq_iff [where ?'a = 'a, of n 0] by (simp add: take_bit_eq_0_iff) |
|
416 |
||
417 |
lemma of_int_word_eq_iff: |
|
418 |
\<open>of_int k = (of_int l :: 'a::len word) \<longleftrightarrow> take_bit LENGTH('a) k = take_bit LENGTH('a) l\<close> |
|
419 |
by transfer rule |
|
420 |
||
421 |
lemma of_int_word_less_eq_iff: |
|
422 |
\<open>of_int k \<le> (of_int l :: 'a::len word) \<longleftrightarrow> take_bit LENGTH('a) k \<le> take_bit LENGTH('a) l\<close> |
|
423 |
by transfer rule |
|
424 |
||
425 |
lemma of_int_word_less_iff: |
|
426 |
\<open>of_int k < (of_int l :: 'a::len word) \<longleftrightarrow> take_bit LENGTH('a) k < take_bit LENGTH('a) l\<close> |
|
427 |
by transfer rule |
|
428 |
||
429 |
lemma of_int_word_eq_0_iff: |
|
430 |
\<open>of_int k = (0 :: 'a::len word) \<longleftrightarrow> 2 ^ LENGTH('a) dvd k\<close> |
|
431 |
using of_int_word_eq_iff [where ?'a = 'a, of k 0] by (simp add: take_bit_eq_0_iff) |
|
432 |
||
433 |
||
434 |
subsection \<open>Bit structure on \<^typ>\<open>'a word\<close>\<close> |
|
435 |
||
436 |
lemma word_bit_induct [case_names zero even odd]: |
|
437 |
\<open>P a\<close> if word_zero: \<open>P 0\<close> |
|
438 |
and word_even: \<open>\<And>a. P a \<Longrightarrow> 0 < a \<Longrightarrow> a < 2 ^ (LENGTH('a) - 1) \<Longrightarrow> P (2 * a)\<close> |
|
439 |
and word_odd: \<open>\<And>a. P a \<Longrightarrow> a < 2 ^ (LENGTH('a) - 1) \<Longrightarrow> P (1 + 2 * a)\<close> |
|
440 |
for P and a :: \<open>'a::len word\<close> |
|
441 |
proof - |
|
442 |
define m :: nat where \<open>m = LENGTH('a) - 1\<close> |
|
443 |
then have l: \<open>LENGTH('a) = Suc m\<close> |
|
444 |
by simp |
|
445 |
define n :: nat where \<open>n = unsigned a\<close> |
|
446 |
then have \<open>n < 2 ^ LENGTH('a)\<close> |
|
447 |
by (simp add: unsigned_nat_less) |
|
448 |
then have \<open>n < 2 * 2 ^ m\<close> |
|
449 |
by (simp add: l) |
|
450 |
then have \<open>P (of_nat n)\<close> |
|
451 |
proof (induction n rule: nat_bit_induct) |
|
452 |
case zero |
|
453 |
show ?case |
|
454 |
by simp (rule word_zero) |
|
455 |
next |
|
456 |
case (even n) |
|
457 |
then have \<open>n < 2 ^ m\<close> |
|
458 |
by simp |
|
459 |
with even.IH have \<open>P (of_nat n)\<close> |
|
460 |
by simp |
|
461 |
moreover from \<open>n < 2 ^ m\<close> even.hyps have \<open>0 < (of_nat n :: 'a word)\<close> |
|
462 |
by (auto simp add: word_greater_zero_iff of_nat_word_eq_0_iff l) |
|
463 |
moreover from \<open>n < 2 ^ m\<close> have \<open>(of_nat n :: 'a word) < 2 ^ (LENGTH('a) - 1)\<close> |
|
464 |
using of_nat_word_less_iff [where ?'a = 'a, of n \<open>2 ^ m\<close>] |
|
465 |
by (cases \<open>m = 0\<close>) (simp_all add: not_less take_bit_eq_self ac_simps l) |
|
466 |
ultimately have \<open>P (2 * of_nat n)\<close> |
|
467 |
by (rule word_even) |
|
468 |
then show ?case |
|
469 |
by simp |
|
470 |
next |
|
471 |
case (odd n) |
|
472 |
then have \<open>Suc n \<le> 2 ^ m\<close> |
|
473 |
by simp |
|
474 |
with odd.IH have \<open>P (of_nat n)\<close> |
|
475 |
by simp |
|
476 |
moreover from \<open>Suc n \<le> 2 ^ m\<close> have \<open>(of_nat n :: 'a word) < 2 ^ (LENGTH('a) - 1)\<close> |
|
477 |
using of_nat_word_less_iff [where ?'a = 'a, of n \<open>2 ^ m\<close>] |
|
478 |
by (cases \<open>m = 0\<close>) (simp_all add: not_less take_bit_eq_self ac_simps l) |
|
479 |
ultimately have \<open>P (1 + 2 * of_nat n)\<close> |
|
480 |
by (rule word_odd) |
|
481 |
then show ?case |
|
482 |
by simp |
|
483 |
qed |
|
484 |
then show ?thesis |
|
485 |
by (simp add: n_def) |
|
486 |
qed |
|
487 |
||
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
488 |
lemma bit_word_half_eq: |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
489 |
\<open>(of_bool b + a * 2) div 2 = a\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
490 |
if \<open>a < 2 ^ (LENGTH('a) - Suc 0)\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
491 |
for a :: \<open>'a::len word\<close> |
71195 | 492 |
proof (cases \<open>2 \<le> LENGTH('a::len)\<close>) |
493 |
case False |
|
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
494 |
have \<open>of_bool (odd k) < (1 :: int) \<longleftrightarrow> even k\<close> for k :: int |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
495 |
by auto |
71195 | 496 |
with False that show ?thesis |
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
497 |
by (auto; transfer) simp_all |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
498 |
next |
71195 | 499 |
case True |
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
500 |
obtain n where length: \<open>LENGTH('a) = Suc n\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
501 |
by (cases \<open>LENGTH('a)\<close>) simp_all |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
502 |
show ?thesis proof (cases b) |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
503 |
case False |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
504 |
moreover have \<open>a * 2 div 2 = a\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
505 |
using that proof transfer |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
506 |
fix k :: int |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
507 |
from length have \<open>k * 2 mod 2 ^ LENGTH('a) = (k mod 2 ^ n) * 2\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
508 |
by simp |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
509 |
moreover assume \<open>take_bit LENGTH('a) k < take_bit LENGTH('a) (2 ^ (LENGTH('a) - Suc 0))\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
510 |
with \<open>LENGTH('a) = Suc n\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
511 |
have \<open>k mod 2 ^ LENGTH('a) = k mod 2 ^ n\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
512 |
by (simp add: take_bit_eq_mod divmod_digit_0) |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
513 |
ultimately have \<open>take_bit LENGTH('a) (k * 2) = take_bit LENGTH('a) k * 2\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
514 |
by (simp add: take_bit_eq_mod) |
71195 | 515 |
with True show \<open>take_bit LENGTH('a) (take_bit LENGTH('a) (k * 2) div take_bit LENGTH('a) 2) |
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
516 |
= take_bit LENGTH('a) k\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
517 |
by simp |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
518 |
qed |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
519 |
ultimately show ?thesis |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
520 |
by simp |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
521 |
next |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
522 |
case True |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
523 |
moreover have \<open>(1 + a * 2) div 2 = a\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
524 |
using that proof transfer |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
525 |
fix k :: int |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
526 |
from length have \<open>(1 + k * 2) mod 2 ^ LENGTH('a) = 1 + (k mod 2 ^ n) * 2\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
527 |
using pos_zmod_mult_2 [of \<open>2 ^ n\<close> k] by (simp add: ac_simps) |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
528 |
moreover assume \<open>take_bit LENGTH('a) k < take_bit LENGTH('a) (2 ^ (LENGTH('a) - Suc 0))\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
529 |
with \<open>LENGTH('a) = Suc n\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
530 |
have \<open>k mod 2 ^ LENGTH('a) = k mod 2 ^ n\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
531 |
by (simp add: take_bit_eq_mod divmod_digit_0) |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
532 |
ultimately have \<open>take_bit LENGTH('a) (1 + k * 2) = 1 + take_bit LENGTH('a) k * 2\<close> |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
533 |
by (simp add: take_bit_eq_mod) |
71195 | 534 |
with True show \<open>take_bit LENGTH('a) (take_bit LENGTH('a) (1 + k * 2) div take_bit LENGTH('a) 2) |
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
535 |
= take_bit LENGTH('a) k\<close> |
71195 | 536 |
by auto |
71042
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
537 |
qed |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
538 |
ultimately show ?thesis |
400e9512f1d3
proof-of-concept theory for bit operations without a constructivistic representation and a minimal common logical foundation
haftmann
parents:
70973
diff
changeset
|
539 |
by simp |
70925 | 540 |
qed |
541 |
qed |
|
542 |
||
71409 | 543 |
lemma even_mult_exp_div_word_iff: |
544 |
\<open>even (a * 2 ^ m div 2 ^ n) \<longleftrightarrow> \<not> ( |
|
545 |
m \<le> n \<and> |
|
546 |
n < LENGTH('a) \<and> odd (a div 2 ^ (n - m)))\<close> for a :: \<open>'a::len word\<close> |
|
547 |
by transfer |
|
548 |
(auto simp flip: drop_bit_eq_div simp add: even_drop_bit_iff_not_bit bit_take_bit_iff, |
|
71412 | 549 |
simp_all flip: push_bit_eq_mult add: bit_push_bit_iff_int) |
71409 | 550 |
|
71094 | 551 |
instance word :: (len) semiring_bits |
552 |
proof |
|
553 |
show \<open>P a\<close> if stable: \<open>\<And>a. a div 2 = a \<Longrightarrow> P a\<close> |
|
554 |
and rec: \<open>\<And>a b. P a \<Longrightarrow> (of_bool b + 2 * a) div 2 = a \<Longrightarrow> P (of_bool b + 2 * a)\<close> |
|
555 |
for P and a :: \<open>'a word\<close> |
|
556 |
proof (induction a rule: word_bit_induct) |
|
557 |
case zero |
|
558 |
from stable [of 0] show ?case |
|
559 |
by simp |
|
560 |
next |
|
561 |
case (even a) |
|
562 |
with rec [of a False] show ?case |
|
563 |
using bit_word_half_eq [of a False] by (simp add: ac_simps) |
|
564 |
next |
|
565 |
case (odd a) |
|
566 |
with rec [of a True] show ?case |
|
567 |
using bit_word_half_eq [of a True] by (simp add: ac_simps) |
|
568 |
qed |
|
71138 | 569 |
show \<open>0 div a = 0\<close> |
570 |
for a :: \<open>'a word\<close> |
|
571 |
by transfer simp |
|
572 |
show \<open>a div 1 = a\<close> |
|
573 |
for a :: \<open>'a word\<close> |
|
574 |
by transfer simp |
|
575 |
show \<open>a mod b div b = 0\<close> |
|
576 |
for a b :: \<open>'a word\<close> |
|
577 |
apply transfer |
|
578 |
apply (simp add: take_bit_eq_mod) |
|
579 |
apply (subst (3) mod_pos_pos_trivial [of _ \<open>2 ^ LENGTH('a)\<close>]) |
|
580 |
apply simp_all |
|
581 |
apply (metis le_less mod_by_0 pos_mod_conj zero_less_numeral zero_less_power) |
|
582 |
using pos_mod_bound [of \<open>2 ^ LENGTH('a)\<close>] apply simp |
|
583 |
proof - |
|
584 |
fix aa :: int and ba :: int |
|
585 |
have f1: "\<And>i n. (i::int) mod 2 ^ n = 0 \<or> 0 < i mod 2 ^ n" |
|
586 |
by (metis le_less take_bit_eq_mod take_bit_nonnegative) |
|
587 |
have "(0::int) < 2 ^ len_of (TYPE('a)::'a itself) \<and> ba mod 2 ^ len_of (TYPE('a)::'a itself) \<noteq> 0 \<or> aa mod 2 ^ len_of (TYPE('a)::'a itself) mod (ba mod 2 ^ len_of (TYPE('a)::'a itself)) < 2 ^ len_of (TYPE('a)::'a itself)" |
|
588 |
by (metis (no_types) mod_by_0 unique_euclidean_semiring_numeral_class.pos_mod_bound zero_less_numeral zero_less_power) |
|
589 |
then show "aa mod 2 ^ len_of (TYPE('a)::'a itself) mod (ba mod 2 ^ len_of (TYPE('a)::'a itself)) < 2 ^ len_of (TYPE('a)::'a itself)" |
|
590 |
using f1 by (meson le_less less_le_trans unique_euclidean_semiring_numeral_class.pos_mod_bound) |
|
591 |
qed |
|
592 |
show \<open>(1 + a) div 2 = a div 2\<close> |
|
593 |
if \<open>even a\<close> |
|
594 |
for a :: \<open>'a word\<close> |
|
595 |
using that by transfer (auto dest: le_Suc_ex) |
|
71182 | 596 |
show \<open>(2 :: 'a word) ^ m div 2 ^ n = of_bool ((2 :: 'a word) ^ m \<noteq> 0 \<and> n \<le> m) * 2 ^ (m - n)\<close> |
597 |
for m n :: nat |
|
598 |
by transfer (simp, simp add: exp_div_exp_eq) |
|
71138 | 599 |
show "a div 2 ^ m div 2 ^ n = a div 2 ^ (m + n)" |
600 |
for a :: "'a word" and m n :: nat |
|
601 |
apply transfer |
|
602 |
apply (auto simp add: not_less take_bit_drop_bit ac_simps simp flip: drop_bit_eq_div) |
|
603 |
apply (simp add: drop_bit_take_bit) |
|
604 |
done |
|
605 |
show "a mod 2 ^ m mod 2 ^ n = a mod 2 ^ min m n" |
|
606 |
for a :: "'a word" and m n :: nat |
|
71195 | 607 |
by transfer (auto simp flip: take_bit_eq_mod simp add: ac_simps) |
71138 | 608 |
show \<open>a * 2 ^ m mod 2 ^ n = a mod 2 ^ (n - m) * 2 ^ m\<close> |
609 |
if \<open>m \<le> n\<close> for a :: "'a word" and m n :: nat |
|
610 |
using that apply transfer |
|
611 |
apply (auto simp flip: take_bit_eq_mod) |
|
612 |
apply (auto simp flip: push_bit_eq_mult simp add: push_bit_take_bit split: split_min_lin) |
|
613 |
done |
|
614 |
show \<open>a div 2 ^ n mod 2 ^ m = a mod (2 ^ (n + m)) div 2 ^ n\<close> |
|
615 |
for a :: "'a word" and m n :: nat |
|
71195 | 616 |
by transfer (auto simp add: not_less take_bit_drop_bit ac_simps simp flip: take_bit_eq_mod drop_bit_eq_div split: split_min_lin) |
71413 | 617 |
show \<open>even ((2 ^ m - 1) div (2::'a word) ^ n) \<longleftrightarrow> 2 ^ n = (0::'a word) \<or> m \<le> n\<close> |
618 |
for m n :: nat |
|
619 |
by transfer (auto simp add: take_bit_of_mask even_mask_div_iff) |
|
71424 | 620 |
show \<open>even (a * 2 ^ m div 2 ^ n) \<longleftrightarrow> n < m \<or> (2::'a word) ^ n = 0 \<or> m \<le> n \<and> even (a div 2 ^ (n - m))\<close> |
621 |
for a :: \<open>'a word\<close> and m n :: nat |
|
622 |
proof transfer |
|
623 |
show \<open>even (take_bit LENGTH('a) (k * 2 ^ m) div take_bit LENGTH('a) (2 ^ n)) \<longleftrightarrow> |
|
624 |
n < m |
|
625 |
\<or> take_bit LENGTH('a) ((2::int) ^ n) = take_bit LENGTH('a) 0 |
|
626 |
\<or> (m \<le> n \<and> even (take_bit LENGTH('a) k div take_bit LENGTH('a) (2 ^ (n - m))))\<close> |
|
627 |
for m n :: nat and k l :: int |
|
628 |
by (auto simp flip: take_bit_eq_mod drop_bit_eq_div push_bit_eq_mult |
|
629 |
simp add: div_push_bit_of_1_eq_drop_bit drop_bit_take_bit drop_bit_push_bit_int [of n m]) |
|
630 |
qed |
|
71094 | 631 |
qed |
632 |
||
71183 | 633 |
context |
634 |
includes lifting_syntax |
|
635 |
begin |
|
636 |
||
71186 | 637 |
lemma transfer_rule_bit_word [transfer_rule]: |
71183 | 638 |
\<open>((pcr_word :: int \<Rightarrow> 'a::len word \<Rightarrow> bool) ===> (=)) (\<lambda>k n. n < LENGTH('a) \<and> bit k n) bit\<close> |
639 |
proof - |
|
640 |
let ?t = \<open>\<lambda>a n. odd (take_bit LENGTH('a) a div take_bit LENGTH('a) ((2::int) ^ n))\<close> |
|
641 |
have \<open>((pcr_word :: int \<Rightarrow> 'a word \<Rightarrow> bool) ===> (=)) ?t bit\<close> |
|
642 |
by (unfold bit_def) transfer_prover |
|
643 |
also have \<open>?t = (\<lambda>k n. n < LENGTH('a) \<and> bit k n)\<close> |
|
644 |
by (simp add: fun_eq_iff bit_take_bit_iff flip: bit_def) |
|
645 |
finally show ?thesis . |
|
646 |
qed |
|
647 |
||
648 |
end |
|
649 |
||
71094 | 650 |
instantiation word :: (len) semiring_bit_shifts |
651 |
begin |
|
652 |
||
653 |
lift_definition push_bit_word :: \<open>nat \<Rightarrow> 'a word \<Rightarrow> 'a word\<close> |
|
654 |
is push_bit |
|
655 |
proof - |
|
71195 | 656 |
show \<open>take_bit LENGTH('a) (push_bit n k) = take_bit LENGTH('a) (push_bit n l)\<close> |
657 |
if \<open>take_bit LENGTH('a) k = take_bit LENGTH('a) l\<close> for k l :: int and n :: nat |
|
71094 | 658 |
proof - |
659 |
from that |
|
71195 | 660 |
have \<open>take_bit (LENGTH('a) - n) (take_bit LENGTH('a) k) |
661 |
= take_bit (LENGTH('a) - n) (take_bit LENGTH('a) l)\<close> |
|
71094 | 662 |
by simp |
663 |
moreover have \<open>min (LENGTH('a) - n) LENGTH('a) = LENGTH('a) - n\<close> |
|
664 |
by simp |
|
665 |
ultimately show ?thesis |
|
666 |
by (simp add: take_bit_push_bit) |
|
667 |
qed |
|
668 |
qed |
|
669 |
||
670 |
lift_definition drop_bit_word :: \<open>nat \<Rightarrow> 'a word \<Rightarrow> 'a word\<close> |
|
671 |
is \<open>\<lambda>n. drop_bit n \<circ> take_bit LENGTH('a)\<close> |
|
672 |
by (simp add: take_bit_eq_mod) |
|
673 |
||
674 |
instance proof |
|
675 |
show \<open>push_bit n a = a * 2 ^ n\<close> for n :: nat and a :: "'a word" |
|
676 |
by transfer (simp add: push_bit_eq_mult) |
|
677 |
show \<open>drop_bit n a = a div 2 ^ n\<close> for n :: nat and a :: "'a word" |
|
71195 | 678 |
by transfer (simp flip: drop_bit_eq_div add: drop_bit_take_bit) |
71094 | 679 |
qed |
680 |
||
70925 | 681 |
end |
71094 | 682 |
|
71095 | 683 |
instantiation word :: (len) ring_bit_operations |
684 |
begin |
|
685 |
||
686 |
lift_definition not_word :: "'a word \<Rightarrow> 'a word" |
|
687 |
is not |
|
71418 | 688 |
by (simp add: take_bit_not_iff) |
71095 | 689 |
|
690 |
lift_definition and_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> 'a word" |
|
71409 | 691 |
is \<open>and\<close> |
71095 | 692 |
by simp |
693 |
||
694 |
lift_definition or_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> 'a word" |
|
695 |
is or |
|
696 |
by simp |
|
697 |
||
698 |
lift_definition xor_word :: "'a word \<Rightarrow> 'a word \<Rightarrow> 'a word" |
|
699 |
is xor |
|
700 |
by simp |
|
701 |
||
702 |
instance proof |
|
71186 | 703 |
fix a b :: \<open>'a word\<close> and n :: nat |
71409 | 704 |
show \<open>- a = NOT (a - 1)\<close> |
705 |
by transfer (simp add: minus_eq_not_minus_1) |
|
71186 | 706 |
show \<open>bit (NOT a) n \<longleftrightarrow> (2 :: 'a word) ^ n \<noteq> 0 \<and> \<not> bit a n\<close> |
707 |
by transfer (simp add: bit_not_iff) |
|
708 |
show \<open>bit (a AND b) n \<longleftrightarrow> bit a n \<and> bit b n\<close> |
|
709 |
by transfer (auto simp add: bit_and_iff) |
|
710 |
show \<open>bit (a OR b) n \<longleftrightarrow> bit a n \<or> bit b n\<close> |
|
711 |
by transfer (auto simp add: bit_or_iff) |
|
712 |
show \<open>bit (a XOR b) n \<longleftrightarrow> bit a n \<noteq> bit b n\<close> |
|
713 |
by transfer (auto simp add: bit_xor_iff) |
|
71095 | 714 |
qed |
715 |
||
71094 | 716 |
end |
71095 | 717 |
|
718 |
end |