1 (* Author: Florian Haftmann, TUM |
|
2 *) |
|
3 |
|
4 section \<open>Proof of concept for purely algebraically founded lists of bits\<close> |
|
5 |
|
6 theory Bit_Operations |
|
7 imports |
|
8 "HOL-Library.Boolean_Algebra" |
|
9 Main |
|
10 begin |
|
11 |
|
12 subsection \<open>Bit operations in suitable algebraic structures\<close> |
|
13 |
|
14 class semiring_bit_operations = semiring_bit_shifts + |
|
15 fixes "and" :: \<open>'a \<Rightarrow> 'a \<Rightarrow> 'a\<close> (infixr \<open>AND\<close> 64) |
|
16 and or :: \<open>'a \<Rightarrow> 'a \<Rightarrow> 'a\<close> (infixr \<open>OR\<close> 59) |
|
17 and xor :: \<open>'a \<Rightarrow> 'a \<Rightarrow> 'a\<close> (infixr \<open>XOR\<close> 59) |
|
18 assumes bit_and_iff: \<open>\<And>n. bit (a AND b) n \<longleftrightarrow> bit a n \<and> bit b n\<close> |
|
19 and bit_or_iff: \<open>\<And>n. bit (a OR b) n \<longleftrightarrow> bit a n \<or> bit b n\<close> |
|
20 and bit_xor_iff: \<open>\<And>n. bit (a XOR b) n \<longleftrightarrow> bit a n \<noteq> bit b n\<close> |
|
21 begin |
|
22 |
|
23 text \<open> |
|
24 We want the bitwise operations to bind slightly weaker |
|
25 than \<open>+\<close> and \<open>-\<close>. |
|
26 For the sake of code generation |
|
27 the operations \<^const>\<open>and\<close>, \<^const>\<open>or\<close> and \<^const>\<open>xor\<close> |
|
28 are specified as definitional class operations. |
|
29 \<close> |
|
30 |
|
31 sublocale "and": semilattice \<open>(AND)\<close> |
|
32 by standard (auto simp add: bit_eq_iff bit_and_iff) |
|
33 |
|
34 sublocale or: semilattice_neutr \<open>(OR)\<close> 0 |
|
35 by standard (auto simp add: bit_eq_iff bit_or_iff) |
|
36 |
|
37 sublocale xor: comm_monoid \<open>(XOR)\<close> 0 |
|
38 by standard (auto simp add: bit_eq_iff bit_xor_iff) |
|
39 |
|
40 lemma even_and_iff: |
|
41 \<open>even (a AND b) \<longleftrightarrow> even a \<or> even b\<close> |
|
42 using bit_and_iff [of a b 0] by auto |
|
43 |
|
44 lemma even_or_iff: |
|
45 \<open>even (a OR b) \<longleftrightarrow> even a \<and> even b\<close> |
|
46 using bit_or_iff [of a b 0] by auto |
|
47 |
|
48 lemma even_xor_iff: |
|
49 \<open>even (a XOR b) \<longleftrightarrow> (even a \<longleftrightarrow> even b)\<close> |
|
50 using bit_xor_iff [of a b 0] by auto |
|
51 |
|
52 lemma zero_and_eq [simp]: |
|
53 "0 AND a = 0" |
|
54 by (simp add: bit_eq_iff bit_and_iff) |
|
55 |
|
56 lemma and_zero_eq [simp]: |
|
57 "a AND 0 = 0" |
|
58 by (simp add: bit_eq_iff bit_and_iff) |
|
59 |
|
60 lemma one_and_eq: |
|
61 "1 AND a = a mod 2" |
|
62 by (simp add: bit_eq_iff bit_and_iff) (auto simp add: bit_1_iff) |
|
63 |
|
64 lemma and_one_eq: |
|
65 "a AND 1 = a mod 2" |
|
66 using one_and_eq [of a] by (simp add: ac_simps) |
|
67 |
|
68 lemma one_or_eq: |
|
69 "1 OR a = a + of_bool (even a)" |
|
70 by (simp add: bit_eq_iff bit_or_iff add.commute [of _ 1] even_bit_succ_iff) (auto simp add: bit_1_iff) |
|
71 |
|
72 lemma or_one_eq: |
|
73 "a OR 1 = a + of_bool (even a)" |
|
74 using one_or_eq [of a] by (simp add: ac_simps) |
|
75 |
|
76 lemma one_xor_eq: |
|
77 "1 XOR a = a + of_bool (even a) - of_bool (odd a)" |
|
78 by (simp add: bit_eq_iff bit_xor_iff add.commute [of _ 1] even_bit_succ_iff) (auto simp add: bit_1_iff odd_bit_iff_bit_pred elim: oddE) |
|
79 |
|
80 lemma xor_one_eq: |
|
81 "a XOR 1 = a + of_bool (even a) - of_bool (odd a)" |
|
82 using one_xor_eq [of a] by (simp add: ac_simps) |
|
83 |
|
84 lemma take_bit_and [simp]: |
|
85 \<open>take_bit n (a AND b) = take_bit n a AND take_bit n b\<close> |
|
86 by (auto simp add: bit_eq_iff bit_take_bit_iff bit_and_iff) |
|
87 |
|
88 lemma take_bit_or [simp]: |
|
89 \<open>take_bit n (a OR b) = take_bit n a OR take_bit n b\<close> |
|
90 by (auto simp add: bit_eq_iff bit_take_bit_iff bit_or_iff) |
|
91 |
|
92 lemma take_bit_xor [simp]: |
|
93 \<open>take_bit n (a XOR b) = take_bit n a XOR take_bit n b\<close> |
|
94 by (auto simp add: bit_eq_iff bit_take_bit_iff bit_xor_iff) |
|
95 |
|
96 definition mask :: \<open>nat \<Rightarrow> 'a\<close> |
|
97 where mask_eq_exp_minus_1: \<open>mask n = 2 ^ n - 1\<close> |
|
98 |
|
99 lemma bit_mask_iff: |
|
100 \<open>bit (mask m) n \<longleftrightarrow> 2 ^ n \<noteq> 0 \<and> n < m\<close> |
|
101 by (simp add: mask_eq_exp_minus_1 bit_mask_iff) |
|
102 |
|
103 lemma even_mask_iff: |
|
104 \<open>even (mask n) \<longleftrightarrow> n = 0\<close> |
|
105 using bit_mask_iff [of n 0] by auto |
|
106 |
|
107 lemma mask_0 [simp, code]: |
|
108 \<open>mask 0 = 0\<close> |
|
109 by (simp add: mask_eq_exp_minus_1) |
|
110 |
|
111 lemma mask_Suc_exp [code]: |
|
112 \<open>mask (Suc n) = 2 ^ n OR mask n\<close> |
|
113 by (rule bit_eqI) |
|
114 (auto simp add: bit_or_iff bit_mask_iff bit_exp_iff not_less le_less_Suc_eq) |
|
115 |
|
116 lemma mask_Suc_double: |
|
117 \<open>mask (Suc n) = 2 * mask n OR 1\<close> |
|
118 proof (rule bit_eqI) |
|
119 fix q |
|
120 assume \<open>2 ^ q \<noteq> 0\<close> |
|
121 show \<open>bit (mask (Suc n)) q \<longleftrightarrow> bit (2 * mask n OR 1) q\<close> |
|
122 by (cases q) |
|
123 (simp_all add: even_mask_iff even_or_iff bit_or_iff bit_mask_iff bit_exp_iff bit_double_iff not_less le_less_Suc_eq bit_1_iff, auto simp add: mult_2) |
|
124 qed |
|
125 |
|
126 lemma take_bit_eq_mask [code]: |
|
127 \<open>take_bit n a = a AND mask n\<close> |
|
128 by (rule bit_eqI) |
|
129 (auto simp add: bit_take_bit_iff bit_and_iff bit_mask_iff) |
|
130 |
|
131 end |
|
132 |
|
133 class ring_bit_operations = semiring_bit_operations + ring_parity + |
|
134 fixes not :: \<open>'a \<Rightarrow> 'a\<close> (\<open>NOT\<close>) |
|
135 assumes bit_not_iff: \<open>\<And>n. bit (NOT a) n \<longleftrightarrow> 2 ^ n \<noteq> 0 \<and> \<not> bit a n\<close> |
|
136 assumes minus_eq_not_minus_1: \<open>- a = NOT (a - 1)\<close> |
|
137 begin |
|
138 |
|
139 text \<open> |
|
140 For the sake of code generation \<^const>\<open>not\<close> is specified as |
|
141 definitional class operation. Note that \<^const>\<open>not\<close> has no |
|
142 sensible definition for unlimited but only positive bit strings |
|
143 (type \<^typ>\<open>nat\<close>). |
|
144 \<close> |
|
145 |
|
146 lemma bits_minus_1_mod_2_eq [simp]: |
|
147 \<open>(- 1) mod 2 = 1\<close> |
|
148 by (simp add: mod_2_eq_odd) |
|
149 |
|
150 lemma not_eq_complement: |
|
151 \<open>NOT a = - a - 1\<close> |
|
152 using minus_eq_not_minus_1 [of \<open>a + 1\<close>] by simp |
|
153 |
|
154 lemma minus_eq_not_plus_1: |
|
155 \<open>- a = NOT a + 1\<close> |
|
156 using not_eq_complement [of a] by simp |
|
157 |
|
158 lemma bit_minus_iff: |
|
159 \<open>bit (- a) n \<longleftrightarrow> 2 ^ n \<noteq> 0 \<and> \<not> bit (a - 1) n\<close> |
|
160 by (simp add: minus_eq_not_minus_1 bit_not_iff) |
|
161 |
|
162 lemma even_not_iff [simp]: |
|
163 "even (NOT a) \<longleftrightarrow> odd a" |
|
164 using bit_not_iff [of a 0] by auto |
|
165 |
|
166 lemma bit_not_exp_iff: |
|
167 \<open>bit (NOT (2 ^ m)) n \<longleftrightarrow> 2 ^ n \<noteq> 0 \<and> n \<noteq> m\<close> |
|
168 by (auto simp add: bit_not_iff bit_exp_iff) |
|
169 |
|
170 lemma bit_minus_1_iff [simp]: |
|
171 \<open>bit (- 1) n \<longleftrightarrow> 2 ^ n \<noteq> 0\<close> |
|
172 by (simp add: bit_minus_iff) |
|
173 |
|
174 lemma bit_minus_exp_iff: |
|
175 \<open>bit (- (2 ^ m)) n \<longleftrightarrow> 2 ^ n \<noteq> 0 \<and> n \<ge> m\<close> |
|
176 oops |
|
177 |
|
178 lemma bit_minus_2_iff [simp]: |
|
179 \<open>bit (- 2) n \<longleftrightarrow> 2 ^ n \<noteq> 0 \<and> n > 0\<close> |
|
180 by (simp add: bit_minus_iff bit_1_iff) |
|
181 |
|
182 lemma not_one [simp]: |
|
183 "NOT 1 = - 2" |
|
184 by (simp add: bit_eq_iff bit_not_iff) (simp add: bit_1_iff) |
|
185 |
|
186 sublocale "and": semilattice_neutr \<open>(AND)\<close> \<open>- 1\<close> |
|
187 apply standard |
|
188 apply (simp add: bit_eq_iff bit_and_iff) |
|
189 apply (auto simp add: exp_eq_0_imp_not_bit bit_exp_iff) |
|
190 done |
|
191 |
|
192 sublocale bit: boolean_algebra \<open>(AND)\<close> \<open>(OR)\<close> NOT 0 \<open>- 1\<close> |
|
193 rewrites \<open>bit.xor = (XOR)\<close> |
|
194 proof - |
|
195 interpret bit: boolean_algebra \<open>(AND)\<close> \<open>(OR)\<close> NOT 0 \<open>- 1\<close> |
|
196 apply standard |
|
197 apply (simp_all add: bit_eq_iff bit_and_iff bit_or_iff bit_not_iff) |
|
198 apply (auto simp add: exp_eq_0_imp_not_bit bit_exp_iff) |
|
199 done |
|
200 show \<open>boolean_algebra (AND) (OR) NOT 0 (- 1)\<close> |
|
201 by standard |
|
202 show \<open>boolean_algebra.xor (AND) (OR) NOT = (XOR)\<close> |
|
203 apply (auto simp add: fun_eq_iff bit.xor_def bit_eq_iff bit_and_iff bit_or_iff bit_not_iff bit_xor_iff) |
|
204 apply (simp_all add: bit_exp_iff, simp_all add: bit_def) |
|
205 apply (metis local.bit_exp_iff local.bits_div_by_0) |
|
206 apply (metis local.bit_exp_iff local.bits_div_by_0) |
|
207 done |
|
208 qed |
|
209 |
|
210 lemma and_eq_not_not_or: |
|
211 \<open>a AND b = NOT (NOT a OR NOT b)\<close> |
|
212 by simp |
|
213 |
|
214 lemma or_eq_not_not_and: |
|
215 \<open>a OR b = NOT (NOT a AND NOT b)\<close> |
|
216 by simp |
|
217 |
|
218 lemma push_bit_minus: |
|
219 \<open>push_bit n (- a) = - push_bit n a\<close> |
|
220 by (simp add: push_bit_eq_mult) |
|
221 |
|
222 lemma take_bit_not_take_bit: |
|
223 \<open>take_bit n (NOT (take_bit n a)) = take_bit n (NOT a)\<close> |
|
224 by (auto simp add: bit_eq_iff bit_take_bit_iff bit_not_iff) |
|
225 |
|
226 lemma take_bit_not_iff: |
|
227 "take_bit n (NOT a) = take_bit n (NOT b) \<longleftrightarrow> take_bit n a = take_bit n b" |
|
228 apply (simp add: bit_eq_iff bit_not_iff bit_take_bit_iff) |
|
229 apply (simp add: bit_exp_iff) |
|
230 apply (use local.exp_eq_0_imp_not_bit in blast) |
|
231 done |
|
232 |
|
233 lemma take_bit_minus_one_eq_mask: |
|
234 \<open>take_bit n (- 1) = mask n\<close> |
|
235 by (simp add: bit_eq_iff bit_mask_iff bit_take_bit_iff conj_commute) |
|
236 |
|
237 lemma push_bit_minus_one_eq_not_mask: |
|
238 \<open>push_bit n (- 1) = NOT (mask n)\<close> |
|
239 proof (rule bit_eqI) |
|
240 fix m |
|
241 assume \<open>2 ^ m \<noteq> 0\<close> |
|
242 show \<open>bit (push_bit n (- 1)) m \<longleftrightarrow> bit (NOT (mask n)) m\<close> |
|
243 proof (cases \<open>n \<le> m\<close>) |
|
244 case True |
|
245 moreover define q where \<open>q = m - n\<close> |
|
246 ultimately have \<open>m = n + q\<close> \<open>m - n = q\<close> |
|
247 by simp_all |
|
248 with \<open>2 ^ m \<noteq> 0\<close> have \<open>2 ^ n * 2 ^ q \<noteq> 0\<close> |
|
249 by (simp add: power_add) |
|
250 then have \<open>2 ^ q \<noteq> 0\<close> |
|
251 using mult_not_zero by blast |
|
252 with \<open>m - n = q\<close> show ?thesis |
|
253 by (auto simp add: bit_not_iff bit_mask_iff bit_push_bit_iff not_less) |
|
254 next |
|
255 case False |
|
256 then show ?thesis |
|
257 by (simp add: bit_not_iff bit_mask_iff bit_push_bit_iff not_le) |
|
258 qed |
|
259 qed |
|
260 |
|
261 definition set_bit :: \<open>nat \<Rightarrow> 'a \<Rightarrow> 'a\<close> |
|
262 where \<open>set_bit n a = a OR 2 ^ n\<close> |
|
263 |
|
264 definition unset_bit :: \<open>nat \<Rightarrow> 'a \<Rightarrow> 'a\<close> |
|
265 where \<open>unset_bit n a = a AND NOT (2 ^ n)\<close> |
|
266 |
|
267 definition flip_bit :: \<open>nat \<Rightarrow> 'a \<Rightarrow> 'a\<close> |
|
268 where \<open>flip_bit n a = a XOR 2 ^ n\<close> |
|
269 |
|
270 lemma bit_set_bit_iff: |
|
271 \<open>bit (set_bit m a) n \<longleftrightarrow> bit a n \<or> (m = n \<and> 2 ^ n \<noteq> 0)\<close> |
|
272 by (auto simp add: set_bit_def bit_or_iff bit_exp_iff) |
|
273 |
|
274 lemma even_set_bit_iff: |
|
275 \<open>even (set_bit m a) \<longleftrightarrow> even a \<and> m \<noteq> 0\<close> |
|
276 using bit_set_bit_iff [of m a 0] by auto |
|
277 |
|
278 lemma bit_unset_bit_iff: |
|
279 \<open>bit (unset_bit m a) n \<longleftrightarrow> bit a n \<and> m \<noteq> n\<close> |
|
280 by (auto simp add: unset_bit_def bit_and_iff bit_not_iff bit_exp_iff exp_eq_0_imp_not_bit) |
|
281 |
|
282 lemma even_unset_bit_iff: |
|
283 \<open>even (unset_bit m a) \<longleftrightarrow> even a \<or> m = 0\<close> |
|
284 using bit_unset_bit_iff [of m a 0] by auto |
|
285 |
|
286 lemma bit_flip_bit_iff: |
|
287 \<open>bit (flip_bit m a) n \<longleftrightarrow> (m = n \<longleftrightarrow> \<not> bit a n) \<and> 2 ^ n \<noteq> 0\<close> |
|
288 by (auto simp add: flip_bit_def bit_xor_iff bit_exp_iff exp_eq_0_imp_not_bit) |
|
289 |
|
290 lemma even_flip_bit_iff: |
|
291 \<open>even (flip_bit m a) \<longleftrightarrow> \<not> (even a \<longleftrightarrow> m = 0)\<close> |
|
292 using bit_flip_bit_iff [of m a 0] by auto |
|
293 |
|
294 lemma set_bit_0 [simp]: |
|
295 \<open>set_bit 0 a = 1 + 2 * (a div 2)\<close> |
|
296 proof (rule bit_eqI) |
|
297 fix m |
|
298 assume *: \<open>2 ^ m \<noteq> 0\<close> |
|
299 then show \<open>bit (set_bit 0 a) m = bit (1 + 2 * (a div 2)) m\<close> |
|
300 by (simp add: bit_set_bit_iff bit_double_iff even_bit_succ_iff) |
|
301 (cases m, simp_all add: bit_Suc) |
|
302 qed |
|
303 |
|
304 lemma set_bit_Suc: |
|
305 \<open>set_bit (Suc n) a = a mod 2 + 2 * set_bit n (a div 2)\<close> |
|
306 proof (rule bit_eqI) |
|
307 fix m |
|
308 assume *: \<open>2 ^ m \<noteq> 0\<close> |
|
309 show \<open>bit (set_bit (Suc n) a) m \<longleftrightarrow> bit (a mod 2 + 2 * set_bit n (a div 2)) m\<close> |
|
310 proof (cases m) |
|
311 case 0 |
|
312 then show ?thesis |
|
313 by (simp add: even_set_bit_iff) |
|
314 next |
|
315 case (Suc m) |
|
316 with * have \<open>2 ^ m \<noteq> 0\<close> |
|
317 using mult_2 by auto |
|
318 show ?thesis |
|
319 by (cases a rule: parity_cases) |
|
320 (simp_all add: bit_set_bit_iff bit_double_iff even_bit_succ_iff *, |
|
321 simp_all add: Suc \<open>2 ^ m \<noteq> 0\<close> bit_Suc) |
|
322 qed |
|
323 qed |
|
324 |
|
325 lemma unset_bit_0 [simp]: |
|
326 \<open>unset_bit 0 a = 2 * (a div 2)\<close> |
|
327 proof (rule bit_eqI) |
|
328 fix m |
|
329 assume *: \<open>2 ^ m \<noteq> 0\<close> |
|
330 then show \<open>bit (unset_bit 0 a) m = bit (2 * (a div 2)) m\<close> |
|
331 by (simp add: bit_unset_bit_iff bit_double_iff) |
|
332 (cases m, simp_all add: bit_Suc) |
|
333 qed |
|
334 |
|
335 lemma unset_bit_Suc: |
|
336 \<open>unset_bit (Suc n) a = a mod 2 + 2 * unset_bit n (a div 2)\<close> |
|
337 proof (rule bit_eqI) |
|
338 fix m |
|
339 assume *: \<open>2 ^ m \<noteq> 0\<close> |
|
340 then show \<open>bit (unset_bit (Suc n) a) m \<longleftrightarrow> bit (a mod 2 + 2 * unset_bit n (a div 2)) m\<close> |
|
341 proof (cases m) |
|
342 case 0 |
|
343 then show ?thesis |
|
344 by (simp add: even_unset_bit_iff) |
|
345 next |
|
346 case (Suc m) |
|
347 show ?thesis |
|
348 by (cases a rule: parity_cases) |
|
349 (simp_all add: bit_unset_bit_iff bit_double_iff even_bit_succ_iff *, |
|
350 simp_all add: Suc bit_Suc) |
|
351 qed |
|
352 qed |
|
353 |
|
354 lemma flip_bit_0 [simp]: |
|
355 \<open>flip_bit 0 a = of_bool (even a) + 2 * (a div 2)\<close> |
|
356 proof (rule bit_eqI) |
|
357 fix m |
|
358 assume *: \<open>2 ^ m \<noteq> 0\<close> |
|
359 then show \<open>bit (flip_bit 0 a) m = bit (of_bool (even a) + 2 * (a div 2)) m\<close> |
|
360 by (simp add: bit_flip_bit_iff bit_double_iff even_bit_succ_iff) |
|
361 (cases m, simp_all add: bit_Suc) |
|
362 qed |
|
363 |
|
364 lemma flip_bit_Suc: |
|
365 \<open>flip_bit (Suc n) a = a mod 2 + 2 * flip_bit n (a div 2)\<close> |
|
366 proof (rule bit_eqI) |
|
367 fix m |
|
368 assume *: \<open>2 ^ m \<noteq> 0\<close> |
|
369 show \<open>bit (flip_bit (Suc n) a) m \<longleftrightarrow> bit (a mod 2 + 2 * flip_bit n (a div 2)) m\<close> |
|
370 proof (cases m) |
|
371 case 0 |
|
372 then show ?thesis |
|
373 by (simp add: even_flip_bit_iff) |
|
374 next |
|
375 case (Suc m) |
|
376 with * have \<open>2 ^ m \<noteq> 0\<close> |
|
377 using mult_2 by auto |
|
378 show ?thesis |
|
379 by (cases a rule: parity_cases) |
|
380 (simp_all add: bit_flip_bit_iff bit_double_iff even_bit_succ_iff, |
|
381 simp_all add: Suc \<open>2 ^ m \<noteq> 0\<close> bit_Suc) |
|
382 qed |
|
383 qed |
|
384 |
|
385 end |
|
386 |
|
387 |
|
388 subsubsection \<open>Instance \<^typ>\<open>int\<close>\<close> |
|
389 |
|
390 instantiation int :: ring_bit_operations |
|
391 begin |
|
392 |
|
393 definition not_int :: \<open>int \<Rightarrow> int\<close> |
|
394 where \<open>not_int k = - k - 1\<close> |
|
395 |
|
396 lemma not_int_rec: |
|
397 "NOT k = of_bool (even k) + 2 * NOT (k div 2)" for k :: int |
|
398 by (auto simp add: not_int_def elim: oddE) |
|
399 |
|
400 lemma even_not_iff_int: |
|
401 \<open>even (NOT k) \<longleftrightarrow> odd k\<close> for k :: int |
|
402 by (simp add: not_int_def) |
|
403 |
|
404 lemma not_int_div_2: |
|
405 \<open>NOT k div 2 = NOT (k div 2)\<close> for k :: int |
|
406 by (simp add: not_int_def) |
|
407 |
|
408 lemma bit_not_int_iff: |
|
409 \<open>bit (NOT k) n \<longleftrightarrow> \<not> bit k n\<close> |
|
410 for k :: int |
|
411 by (induction n arbitrary: k) (simp_all add: not_int_div_2 even_not_iff_int bit_Suc) |
|
412 |
|
413 function and_int :: \<open>int \<Rightarrow> int \<Rightarrow> int\<close> |
|
414 where \<open>(k::int) AND l = (if k \<in> {0, - 1} \<and> l \<in> {0, - 1} |
|
415 then - of_bool (odd k \<and> odd l) |
|
416 else of_bool (odd k \<and> odd l) + 2 * ((k div 2) AND (l div 2)))\<close> |
|
417 by auto |
|
418 |
|
419 termination |
|
420 by (relation \<open>measure (\<lambda>(k, l). nat (\<bar>k\<bar> + \<bar>l\<bar>))\<close>) auto |
|
421 |
|
422 declare and_int.simps [simp del] |
|
423 |
|
424 lemma and_int_rec: |
|
425 \<open>k AND l = of_bool (odd k \<and> odd l) + 2 * ((k div 2) AND (l div 2))\<close> |
|
426 for k l :: int |
|
427 proof (cases \<open>k \<in> {0, - 1} \<and> l \<in> {0, - 1}\<close>) |
|
428 case True |
|
429 then show ?thesis |
|
430 by auto (simp_all add: and_int.simps) |
|
431 next |
|
432 case False |
|
433 then show ?thesis |
|
434 by (auto simp add: ac_simps and_int.simps [of k l]) |
|
435 qed |
|
436 |
|
437 lemma bit_and_int_iff: |
|
438 \<open>bit (k AND l) n \<longleftrightarrow> bit k n \<and> bit l n\<close> for k l :: int |
|
439 proof (induction n arbitrary: k l) |
|
440 case 0 |
|
441 then show ?case |
|
442 by (simp add: and_int_rec [of k l]) |
|
443 next |
|
444 case (Suc n) |
|
445 then show ?case |
|
446 by (simp add: and_int_rec [of k l] bit_Suc) |
|
447 qed |
|
448 |
|
449 lemma even_and_iff_int: |
|
450 \<open>even (k AND l) \<longleftrightarrow> even k \<or> even l\<close> for k l :: int |
|
451 using bit_and_int_iff [of k l 0] by auto |
|
452 |
|
453 definition or_int :: \<open>int \<Rightarrow> int \<Rightarrow> int\<close> |
|
454 where \<open>k OR l = NOT (NOT k AND NOT l)\<close> for k l :: int |
|
455 |
|
456 lemma or_int_rec: |
|
457 \<open>k OR l = of_bool (odd k \<or> odd l) + 2 * ((k div 2) OR (l div 2))\<close> |
|
458 for k l :: int |
|
459 using and_int_rec [of \<open>NOT k\<close> \<open>NOT l\<close>] |
|
460 by (simp add: or_int_def even_not_iff_int not_int_div_2) |
|
461 (simp add: not_int_def) |
|
462 |
|
463 lemma bit_or_int_iff: |
|
464 \<open>bit (k OR l) n \<longleftrightarrow> bit k n \<or> bit l n\<close> for k l :: int |
|
465 by (simp add: or_int_def bit_not_int_iff bit_and_int_iff) |
|
466 |
|
467 definition xor_int :: \<open>int \<Rightarrow> int \<Rightarrow> int\<close> |
|
468 where \<open>k XOR l = k AND NOT l OR NOT k AND l\<close> for k l :: int |
|
469 |
|
470 lemma xor_int_rec: |
|
471 \<open>k XOR l = of_bool (odd k \<noteq> odd l) + 2 * ((k div 2) XOR (l div 2))\<close> |
|
472 for k l :: int |
|
473 by (simp add: xor_int_def or_int_rec [of \<open>k AND NOT l\<close> \<open>NOT k AND l\<close>] even_and_iff_int even_not_iff_int) |
|
474 (simp add: and_int_rec [of \<open>NOT k\<close> \<open>l\<close>] and_int_rec [of \<open>k\<close> \<open>NOT l\<close>] not_int_div_2) |
|
475 |
|
476 lemma bit_xor_int_iff: |
|
477 \<open>bit (k XOR l) n \<longleftrightarrow> bit k n \<noteq> bit l n\<close> for k l :: int |
|
478 by (auto simp add: xor_int_def bit_or_int_iff bit_and_int_iff bit_not_int_iff) |
|
479 |
|
480 instance proof |
|
481 fix k l :: int and n :: nat |
|
482 show \<open>- k = NOT (k - 1)\<close> |
|
483 by (simp add: not_int_def) |
|
484 show \<open>bit (k AND l) n \<longleftrightarrow> bit k n \<and> bit l n\<close> |
|
485 by (fact bit_and_int_iff) |
|
486 show \<open>bit (k OR l) n \<longleftrightarrow> bit k n \<or> bit l n\<close> |
|
487 by (fact bit_or_int_iff) |
|
488 show \<open>bit (k XOR l) n \<longleftrightarrow> bit k n \<noteq> bit l n\<close> |
|
489 by (fact bit_xor_int_iff) |
|
490 qed (simp_all add: bit_not_int_iff) |
|
491 |
|
492 end |
|
493 |
|
494 lemma not_nonnegative_int_iff [simp]: |
|
495 \<open>NOT k \<ge> 0 \<longleftrightarrow> k < 0\<close> for k :: int |
|
496 by (simp add: not_int_def) |
|
497 |
|
498 lemma not_negative_int_iff [simp]: |
|
499 \<open>NOT k < 0 \<longleftrightarrow> k \<ge> 0\<close> for k :: int |
|
500 by (subst Not_eq_iff [symmetric]) (simp add: not_less not_le) |
|
501 |
|
502 lemma and_nonnegative_int_iff [simp]: |
|
503 \<open>k AND l \<ge> 0 \<longleftrightarrow> k \<ge> 0 \<or> l \<ge> 0\<close> for k l :: int |
|
504 proof (induction k arbitrary: l rule: int_bit_induct) |
|
505 case zero |
|
506 then show ?case |
|
507 by simp |
|
508 next |
|
509 case minus |
|
510 then show ?case |
|
511 by simp |
|
512 next |
|
513 case (even k) |
|
514 then show ?case |
|
515 using and_int_rec [of \<open>k * 2\<close> l] by (simp add: pos_imp_zdiv_nonneg_iff) |
|
516 next |
|
517 case (odd k) |
|
518 from odd have \<open>0 \<le> k AND l div 2 \<longleftrightarrow> 0 \<le> k \<or> 0 \<le> l div 2\<close> |
|
519 by simp |
|
520 then have \<open>0 \<le> (1 + k * 2) div 2 AND l div 2 \<longleftrightarrow> 0 \<le> (1 + k * 2) div 2\<or> 0 \<le> l div 2\<close> |
|
521 by simp |
|
522 with and_int_rec [of \<open>1 + k * 2\<close> l] |
|
523 show ?case |
|
524 by auto |
|
525 qed |
|
526 |
|
527 lemma and_negative_int_iff [simp]: |
|
528 \<open>k AND l < 0 \<longleftrightarrow> k < 0 \<and> l < 0\<close> for k l :: int |
|
529 by (subst Not_eq_iff [symmetric]) (simp add: not_less) |
|
530 |
|
531 lemma or_nonnegative_int_iff [simp]: |
|
532 \<open>k OR l \<ge> 0 \<longleftrightarrow> k \<ge> 0 \<and> l \<ge> 0\<close> for k l :: int |
|
533 by (simp only: or_eq_not_not_and not_nonnegative_int_iff) simp |
|
534 |
|
535 lemma or_negative_int_iff [simp]: |
|
536 \<open>k OR l < 0 \<longleftrightarrow> k < 0 \<or> l < 0\<close> for k l :: int |
|
537 by (subst Not_eq_iff [symmetric]) (simp add: not_less) |
|
538 |
|
539 lemma xor_nonnegative_int_iff [simp]: |
|
540 \<open>k XOR l \<ge> 0 \<longleftrightarrow> (k \<ge> 0 \<longleftrightarrow> l \<ge> 0)\<close> for k l :: int |
|
541 by (simp only: bit.xor_def or_nonnegative_int_iff) auto |
|
542 |
|
543 lemma xor_negative_int_iff [simp]: |
|
544 \<open>k XOR l < 0 \<longleftrightarrow> (k < 0) \<noteq> (l < 0)\<close> for k l :: int |
|
545 by (subst Not_eq_iff [symmetric]) (auto simp add: not_less) |
|
546 |
|
547 lemma set_bit_nonnegative_int_iff [simp]: |
|
548 \<open>set_bit n k \<ge> 0 \<longleftrightarrow> k \<ge> 0\<close> for k :: int |
|
549 by (simp add: set_bit_def) |
|
550 |
|
551 lemma set_bit_negative_int_iff [simp]: |
|
552 \<open>set_bit n k < 0 \<longleftrightarrow> k < 0\<close> for k :: int |
|
553 by (simp add: set_bit_def) |
|
554 |
|
555 lemma unset_bit_nonnegative_int_iff [simp]: |
|
556 \<open>unset_bit n k \<ge> 0 \<longleftrightarrow> k \<ge> 0\<close> for k :: int |
|
557 by (simp add: unset_bit_def) |
|
558 |
|
559 lemma unset_bit_negative_int_iff [simp]: |
|
560 \<open>unset_bit n k < 0 \<longleftrightarrow> k < 0\<close> for k :: int |
|
561 by (simp add: unset_bit_def) |
|
562 |
|
563 lemma flip_bit_nonnegative_int_iff [simp]: |
|
564 \<open>flip_bit n k \<ge> 0 \<longleftrightarrow> k \<ge> 0\<close> for k :: int |
|
565 by (simp add: flip_bit_def) |
|
566 |
|
567 lemma flip_bit_negative_int_iff [simp]: |
|
568 \<open>flip_bit n k < 0 \<longleftrightarrow> k < 0\<close> for k :: int |
|
569 by (simp add: flip_bit_def) |
|
570 |
|
571 |
|
572 subsubsection \<open>Instance \<^typ>\<open>nat\<close>\<close> |
|
573 |
|
574 instantiation nat :: semiring_bit_operations |
|
575 begin |
|
576 |
|
577 definition and_nat :: \<open>nat \<Rightarrow> nat \<Rightarrow> nat\<close> |
|
578 where \<open>m AND n = nat (int m AND int n)\<close> for m n :: nat |
|
579 |
|
580 definition or_nat :: \<open>nat \<Rightarrow> nat \<Rightarrow> nat\<close> |
|
581 where \<open>m OR n = nat (int m OR int n)\<close> for m n :: nat |
|
582 |
|
583 definition xor_nat :: \<open>nat \<Rightarrow> nat \<Rightarrow> nat\<close> |
|
584 where \<open>m XOR n = nat (int m XOR int n)\<close> for m n :: nat |
|
585 |
|
586 instance proof |
|
587 fix m n q :: nat |
|
588 show \<open>bit (m AND n) q \<longleftrightarrow> bit m q \<and> bit n q\<close> |
|
589 by (auto simp add: and_nat_def bit_and_iff less_le bit_eq_iff) |
|
590 show \<open>bit (m OR n) q \<longleftrightarrow> bit m q \<or> bit n q\<close> |
|
591 by (auto simp add: or_nat_def bit_or_iff less_le bit_eq_iff) |
|
592 show \<open>bit (m XOR n) q \<longleftrightarrow> bit m q \<noteq> bit n q\<close> |
|
593 by (auto simp add: xor_nat_def bit_xor_iff less_le bit_eq_iff) |
|
594 qed |
|
595 |
|
596 end |
|
597 |
|
598 lemma and_nat_rec: |
|
599 \<open>m AND n = of_bool (odd m \<and> odd n) + 2 * ((m div 2) AND (n div 2))\<close> for m n :: nat |
|
600 by (simp add: and_nat_def and_int_rec [of \<open>int m\<close> \<open>int n\<close>] zdiv_int nat_add_distrib nat_mult_distrib) |
|
601 |
|
602 lemma or_nat_rec: |
|
603 \<open>m OR n = of_bool (odd m \<or> odd n) + 2 * ((m div 2) OR (n div 2))\<close> for m n :: nat |
|
604 by (simp add: or_nat_def or_int_rec [of \<open>int m\<close> \<open>int n\<close>] zdiv_int nat_add_distrib nat_mult_distrib) |
|
605 |
|
606 lemma xor_nat_rec: |
|
607 \<open>m XOR n = of_bool (odd m \<noteq> odd n) + 2 * ((m div 2) XOR (n div 2))\<close> for m n :: nat |
|
608 by (simp add: xor_nat_def xor_int_rec [of \<open>int m\<close> \<open>int n\<close>] zdiv_int nat_add_distrib nat_mult_distrib) |
|
609 |
|
610 lemma Suc_0_and_eq [simp]: |
|
611 \<open>Suc 0 AND n = n mod 2\<close> |
|
612 using one_and_eq [of n] by simp |
|
613 |
|
614 lemma and_Suc_0_eq [simp]: |
|
615 \<open>n AND Suc 0 = n mod 2\<close> |
|
616 using and_one_eq [of n] by simp |
|
617 |
|
618 lemma Suc_0_or_eq: |
|
619 \<open>Suc 0 OR n = n + of_bool (even n)\<close> |
|
620 using one_or_eq [of n] by simp |
|
621 |
|
622 lemma or_Suc_0_eq: |
|
623 \<open>n OR Suc 0 = n + of_bool (even n)\<close> |
|
624 using or_one_eq [of n] by simp |
|
625 |
|
626 lemma Suc_0_xor_eq: |
|
627 \<open>Suc 0 XOR n = n + of_bool (even n) - of_bool (odd n)\<close> |
|
628 using one_xor_eq [of n] by simp |
|
629 |
|
630 lemma xor_Suc_0_eq: |
|
631 \<open>n XOR Suc 0 = n + of_bool (even n) - of_bool (odd n)\<close> |
|
632 using xor_one_eq [of n] by simp |
|
633 |
|
634 |
|
635 subsubsection \<open>Instances for \<^typ>\<open>integer\<close> and \<^typ>\<open>natural\<close>\<close> |
|
636 |
|
637 unbundle integer.lifting natural.lifting |
|
638 |
|
639 context |
|
640 includes lifting_syntax |
|
641 begin |
|
642 |
|
643 lemma transfer_rule_bit_integer [transfer_rule]: |
|
644 \<open>((pcr_integer :: int \<Rightarrow> integer \<Rightarrow> bool) ===> (=)) bit bit\<close> |
|
645 by (unfold bit_def) transfer_prover |
|
646 |
|
647 lemma transfer_rule_bit_natural [transfer_rule]: |
|
648 \<open>((pcr_natural :: nat \<Rightarrow> natural \<Rightarrow> bool) ===> (=)) bit bit\<close> |
|
649 by (unfold bit_def) transfer_prover |
|
650 |
|
651 end |
|
652 |
|
653 instantiation integer :: ring_bit_operations |
|
654 begin |
|
655 |
|
656 lift_definition not_integer :: \<open>integer \<Rightarrow> integer\<close> |
|
657 is not . |
|
658 |
|
659 lift_definition and_integer :: \<open>integer \<Rightarrow> integer \<Rightarrow> integer\<close> |
|
660 is \<open>and\<close> . |
|
661 |
|
662 lift_definition or_integer :: \<open>integer \<Rightarrow> integer \<Rightarrow> integer\<close> |
|
663 is or . |
|
664 |
|
665 lift_definition xor_integer :: \<open>integer \<Rightarrow> integer \<Rightarrow> integer\<close> |
|
666 is xor . |
|
667 |
|
668 instance proof |
|
669 fix k l :: \<open>integer\<close> and n :: nat |
|
670 show \<open>- k = NOT (k - 1)\<close> |
|
671 by transfer (simp add: minus_eq_not_minus_1) |
|
672 show \<open>bit (NOT k) n \<longleftrightarrow> (2 :: integer) ^ n \<noteq> 0 \<and> \<not> bit k n\<close> |
|
673 by transfer (fact bit_not_iff) |
|
674 show \<open>bit (k AND l) n \<longleftrightarrow> bit k n \<and> bit l n\<close> |
|
675 by transfer (fact bit_and_iff) |
|
676 show \<open>bit (k OR l) n \<longleftrightarrow> bit k n \<or> bit l n\<close> |
|
677 by transfer (fact bit_or_iff) |
|
678 show \<open>bit (k XOR l) n \<longleftrightarrow> bit k n \<noteq> bit l n\<close> |
|
679 by transfer (fact bit_xor_iff) |
|
680 qed |
|
681 |
|
682 end |
|
683 |
|
684 instantiation natural :: semiring_bit_operations |
|
685 begin |
|
686 |
|
687 lift_definition and_natural :: \<open>natural \<Rightarrow> natural \<Rightarrow> natural\<close> |
|
688 is \<open>and\<close> . |
|
689 |
|
690 lift_definition or_natural :: \<open>natural \<Rightarrow> natural \<Rightarrow> natural\<close> |
|
691 is or . |
|
692 |
|
693 lift_definition xor_natural :: \<open>natural \<Rightarrow> natural \<Rightarrow> natural\<close> |
|
694 is xor . |
|
695 |
|
696 instance proof |
|
697 fix m n :: \<open>natural\<close> and q :: nat |
|
698 show \<open>bit (m AND n) q \<longleftrightarrow> bit m q \<and> bit n q\<close> |
|
699 by transfer (fact bit_and_iff) |
|
700 show \<open>bit (m OR n) q \<longleftrightarrow> bit m q \<or> bit n q\<close> |
|
701 by transfer (fact bit_or_iff) |
|
702 show \<open>bit (m XOR n) q \<longleftrightarrow> bit m q \<noteq> bit n q\<close> |
|
703 by transfer (fact bit_xor_iff) |
|
704 qed |
|
705 |
|
706 end |
|
707 |
|
708 lifting_update integer.lifting |
|
709 lifting_forget integer.lifting |
|
710 |
|
711 lifting_update natural.lifting |
|
712 lifting_forget natural.lifting |
|
713 |
|
714 |
|
715 subsection \<open>Key ideas of bit operations\<close> |
|
716 |
|
717 text \<open> |
|
718 When formalizing bit operations, it is tempting to represent |
|
719 bit values as explicit lists over a binary type. This however |
|
720 is a bad idea, mainly due to the inherent ambiguities in |
|
721 representation concerning repeating leading bits. |
|
722 |
|
723 Hence this approach avoids such explicit lists altogether |
|
724 following an algebraic path: |
|
725 |
|
726 \<^item> Bit values are represented by numeric types: idealized |
|
727 unbounded bit values can be represented by type \<^typ>\<open>int\<close>, |
|
728 bounded bit values by quotient types over \<^typ>\<open>int\<close>. |
|
729 |
|
730 \<^item> (A special case are idealized unbounded bit values ending |
|
731 in @{term [source] 0} which can be represented by type \<^typ>\<open>nat\<close> but |
|
732 only support a restricted set of operations). |
|
733 |
|
734 \<^item> From this idea follows that |
|
735 |
|
736 \<^item> multiplication by \<^term>\<open>2 :: int\<close> is a bit shift to the left and |
|
737 |
|
738 \<^item> division by \<^term>\<open>2 :: int\<close> is a bit shift to the right. |
|
739 |
|
740 \<^item> Concerning bounded bit values, iterated shifts to the left |
|
741 may result in eliminating all bits by shifting them all |
|
742 beyond the boundary. The property \<^prop>\<open>(2 :: int) ^ n \<noteq> 0\<close> |
|
743 represents that \<^term>\<open>n\<close> is \<^emph>\<open>not\<close> beyond that boundary. |
|
744 |
|
745 \<^item> The projection on a single bit is then @{thm bit_def [where ?'a = int, no_vars]}. |
|
746 |
|
747 \<^item> This leads to the most fundamental properties of bit values: |
|
748 |
|
749 \<^item> Equality rule: @{thm bit_eqI [where ?'a = int, no_vars]} |
|
750 |
|
751 \<^item> Induction rule: @{thm bits_induct [where ?'a = int, no_vars]} |
|
752 |
|
753 \<^item> Typical operations are characterized as follows: |
|
754 |
|
755 \<^item> Singleton \<^term>\<open>n\<close>th bit: \<^term>\<open>(2 :: int) ^ n\<close> |
|
756 |
|
757 \<^item> Bit mask upto bit \<^term>\<open>n\<close>: @{thm mask_eq_exp_minus_1 [where ?'a = int, no_vars]}} |
|
758 |
|
759 \<^item> Left shift: @{thm push_bit_eq_mult [where ?'a = int, no_vars]} |
|
760 |
|
761 \<^item> Right shift: @{thm drop_bit_eq_div [where ?'a = int, no_vars]} |
|
762 |
|
763 \<^item> Truncation: @{thm take_bit_eq_mod [where ?'a = int, no_vars]} |
|
764 |
|
765 \<^item> Negation: @{thm bit_not_iff [where ?'a = int, no_vars]} |
|
766 |
|
767 \<^item> And: @{thm bit_and_iff [where ?'a = int, no_vars]} |
|
768 |
|
769 \<^item> Or: @{thm bit_or_iff [where ?'a = int, no_vars]} |
|
770 |
|
771 \<^item> Xor: @{thm bit_xor_iff [where ?'a = int, no_vars]} |
|
772 |
|
773 \<^item> Set a single bit: @{thm set_bit_def [where ?'a = int, no_vars]} |
|
774 |
|
775 \<^item> Unset a single bit: @{thm unset_bit_def [where ?'a = int, no_vars]} |
|
776 |
|
777 \<^item> Flip a single bit: @{thm flip_bit_def [where ?'a = int, no_vars]} |
|
778 \<close> |
|
779 |
|
780 end |
|