singrdk/base/Imported/Bartok/runtime/verified/GCs/VerifiedBitVectorsBuiltin.bpl

//
// Copyright (c) Microsoft Corporation.  All rights reserved.
//

// NOTE: This file contains declarations of various lemmas proved by
// the implementations in VerifiedBitVectorsBuiltinImpl.bpl:
//   - Do not modify this file without verifying that the implementations in
//     that file still prove the declarations in this file!
//   - Do not add any declarations to this file without adding an
//     implementation in that file!  (All lemmas must be proved!)

function $Aligned(b:bv32) returns(bool)
{
  $and(b, 3bv32) == 0bv32
}

function $bbvec4(a:[int]int, off:int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, g1:int, g2:int) returns(bool)
{
  (forall i:int::{TV(i)} TV(i) && word(i - i0) && i1 <= i && i < i2 && $Aligned(B(i - i0)) ==>
       between(g1, g2, g1 + 4 * I($shr(B(i - i0), 7bv32)))
    && (a[aBase + (i - i0)] == off <==>
          0bv32 == $and(B(bb[g1 + 4 * I($shr(B(i - i0), 7bv32))]),
                        $shl(1bv32, $and($shr(B(i - i0), 2bv32), 31bv32)))))
}

function $bb2vec4(a:[int]int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, g1:int, g2:int) returns(bool)
{
  (forall i:int::{TV(i)} TV(i) && word(i - i0) && i1 <= i && i < i2 && $Aligned(B(i - i0)) ==>
       between(g1, g2, g1 + 4 * I($shr(B(i - i0), 6bv32)))
    && (B(a[aBase + (i - i0)]) == $and(
          $shr(B(bb[g1 + 4 * I($shr(B(i - i0), 6bv32))]), $and($shr(B(i - i0), 1bv32), 31bv32)),
          3bv32
          )))
}

procedure $AndAligned(x:bv32);
  ensures  $and(x, 3bv32) == 0bv32 <==> $Aligned(x);

procedure $AddAligned(x:bv32, y:bv32);
  ensures  $Aligned(x) ==>
             ($Aligned(y) <==> $Aligned($add(x, y)));

procedure $SubAligned(x:bv32, y:bv32);
  ensures  $Aligned(x) ==>
             ($Aligned(y) <==> $Aligned($sub(x, y)));

procedure $NotAligned(b:bv32);
  requires $Aligned(b);
  ensures  !$Aligned($add(b, 1bv32));
  ensures  !$Aligned($add(b, 2bv32));
  ensures  !$Aligned($add(b, 3bv32));
  ensures  $le(b, 4294967292bv32);

procedure $Initialize($unitSize:bv32);
  requires $le($unitSize, 16777215bv32);
  ensures  $shr(0bv32, 7bv32) == 0bv32;
  ensures  $shr($mul(128bv32, $unitSize), 7bv32) == $unitSize;
  ensures  $shr($mul(256bv32, $unitSize), 7bv32) == $add($unitSize, $unitSize);

procedure _BB4Zero(a:[int]int, off:int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, g1:int, g2:int, idx:int);
  requires (forall i:int::{TV(i)} TV(i) && i1 <= i && i < i2 + 128 ==> a[aBase + (i - i0)] == off);
  requires $bbvec4(a, off, aBase, bb, i0, i1, i2, g1, g2);
  requires $Aligned(B(idx)) && $Aligned(B(g1));
  requires B(i2 - i0) == $mul(32bv32, $sub(B(idx), B(g1)));
  requires i1 == i0;
  requires $le($shr(B(i2 - i0), 7bv32), 33554431bv32) && $mul(128bv32, $shr(B(i2 - i0), 7bv32)) == B(i2 - i0) ==>
    idx - g1 == 4 * I($shr(B(i2 - i0), 7bv32));
  requires (forall i:int::{TV(i)} TV(i) && i2 <= i && i < i2 + 128 ==>
    $le(B(i2 - i0), B(i - i0)) && $le(B(i - i0), $add(B(i2 - i0), 127bv32)));
  requires between(g1, g2, idx);
  requires B(0) == 0bv32;
  ensures  $bbvec4(a, off, aBase, bb[idx := 0], i0, i1, i2 + 128, g1, g2);

procedure _BB4GetBit(i0:int, k:int);
  ensures  $le($and($shr(B(k - i0), 2bv32), 31bv32), 31bv32);

procedure _BB4SetBit(a:[int]int, on:int, off:int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, k:int, idx:int, bbb:int, ret:[int]int, g1:int, g2:int);
  requires $bbvec4(a, off, aBase, bb, i0, i1, i2, g1, g2);
  requires TV(k) && word(k - i0) && i1 <= k && k < i2 && $Aligned(B(k - i0));
  requires on != off;
  requires idx == g1 + 4 * I($shr(B(k - i0), 7bv32));
  requires B(bbb) == $or(B(bb[idx]), $shl(1bv32, $and($shr(B(k - i0), 2bv32), 31bv32)));
  requires ret == bb[idx := bbb];
  ensures  $bbvec4(a[aBase + (k - i0) := on], off, aBase, ret, i0, i1, i2, g1, g2);
  ensures  between(g1, g2, idx);
  ensures  $le($and($shr(B(k - i0), 2bv32), 31bv32), 31bv32);

procedure _BB4Zero2(a:[int]int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, g1:int, g2:int, idx:int);
  requires (forall i:int::{TV(i)} TV(i) && i1 <= i && i < i2 + 64 ==> a[aBase + (i - i0)] == 0);
  requires $bb2vec4(a, aBase, bb, i0, i1, i2, g1, g2);
  requires $Aligned(B(idx)) && $Aligned(B(g1));
  requires B(i2 - i0) == $mul(16bv32, $sub(B(idx), B(g1)));
  requires i1 == i0;
  requires $le($shr(B(i2 - i0), 6bv32), 67108863bv32) && $mul(64bv32, $shr(B(i2 - i0), 6bv32)) == B(i2 - i0) ==>
    idx - g1 == 4 * I($shr(B(i2 - i0), 6bv32));
  requires (forall i:int::{TV(i)} TV(i) && i2 <= i && i < i2 + 64 ==>
    $le(B(i2 - i0), B(i - i0)) && $le(B(i - i0), $add(B(i2 - i0), 63bv32)));
  requires between(g1, g2, idx);
  requires B(0) == 0bv32;
  ensures  $bb2vec4(a, aBase, bb[idx := 0], i0, i1, i2 + 64, g1, g2);

procedure _BB4Get2Bit(i0:int, k:int);
  ensures  $le($and($shr(B(k - i0), 1bv32), 31bv32), 31bv32);

procedure _BB4Set2Bit(a:[int]int, val:int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, k:int, idx:int, bbb:int, _bbb:int, ret:[int]int, g1:int, g2:int);
  requires $bb2vec4(a, aBase, bb, i0, i1, i2, g1, g2);
  requires TV(k) && word(k - i0) && i1 <= k && k < i2 && $Aligned(B(k - i0));
  requires idx == g1 + 4 * I($shr(B(k - i0), 6bv32));
  requires $le(B(val), 3bv32);
  requires B(bbb) == $and(B(bb[idx]), $not($shl(3bv32, $and($shr(B(k - i0), 1bv32), 31bv32))));
  requires B(_bbb) == $or(B(bbb), $shl(B(val), $and($shr(B(k - i0), 1bv32), 31bv32)));
  requires ret == bb[idx := _bbb];
  ensures  $bb2vec4(a[aBase + (k - i0) := val], aBase, ret, i0, i1, i2, g1, g2);
  ensures  between(g1, g2, idx);
  ensures  $le($and($shr(B(k - i0), 1bv32), 31bv32), 31bv32);

procedure $Const();
  ensures $sub(1bv32, 1bv32) == 0bv32;
  ensures $add(1bv32, 1bv32) == 2bv32;
  ensures $add(2bv32, 1bv32) == 3bv32;
  ensures $add(2bv32, 2bv32) == 4bv32;
  ensures $add(4bv32, 1bv32) == 5bv32;
  ensures $add(5bv32, 1bv32) == 6bv32;
  ensures $add(5bv32, 2bv32) == 7bv32;
  ensures $mul(4bv32, 4bv32) == 16bv32;
  ensures $add(16bv32, 16bv32) == 32bv32;
  ensures $sub(32bv32, 1bv32) == 31bv32;
  ensures $add(32bv32, 32bv32) == 64bv32;
  ensures $sub(64bv32, 1bv32) == 63bv32;
  ensures $mul(32bv32, 4bv32) == 128bv32;
  ensures $sub(128bv32, 1bv32) == 127bv32;
  ensures $mul(16bv32, 16bv32) == 256bv32;
  ensures $add(256bv32, 256bv32) == 512bv32;
  ensures $mul(256bv32, 256bv32) == 65536bv32;
  ensures $sub(65536bv32, 1bv32) == 65535bv32;
  ensures $mul(65536bv32, 256bv32) == 16777216bv32;
  ensures $sub(16777216bv32, 1bv32) == 16777215bv32;
  ensures $mul(65536bv32, 512bv32) == 33554432bv32;
  ensures $sub(33554432bv32, 1bv32) == 33554431bv32;
  ensures $add(33554432bv32, 33554432bv32) == 67108864bv32;
  ensures $sub(67108864bv32, 1bv32) == 67108863bv32;
  ensures $mul(65536bv32, 65535bv32) == 4294901760bv32;
  ensures $add(4294901760bv32, 65535bv32) == 4294967295bv32;
  ensures $sub(4294967295bv32, 3bv32) == 4294967292bv32;
RDK 2.0 2008-11-17 18:29:00 -05:00			`//`
			`// Copyright (c) Microsoft Corporation. All rights reserved.`
			`//`

			`// NOTE: This file contains declarations of various lemmas proved by`
			`// the implementations in VerifiedBitVectorsBuiltinImpl.bpl:`
			`// - Do not modify this file without verifying that the implementations in`
			`// that file still prove the declarations in this file!`
			`// - Do not add any declarations to this file without adding an`
			`// implementation in that file! (All lemmas must be proved!)`

			`function $Aligned(b:bv32) returns(bool)`
			`{`
			`$and(b, 3bv32) == 0bv32`
			`}`

			`function $bbvec4(a:[int]int, off:int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, g1:int, g2:int) returns(bool)`
			`{`
			`(forall i:int::{TV(i)} TV(i) && word(i - i0) && i1 <= i && i < i2 && $Aligned(B(i - i0)) ==>`
			`between(g1, g2, g1 + 4 * I($shr(B(i - i0), 7bv32)))`
			`&& (a[aBase + (i - i0)] == off <==>`
			`0bv32 == $and(B(bb[g1 + 4 * I($shr(B(i - i0), 7bv32))]),`
			`$shl(1bv32, $and($shr(B(i - i0), 2bv32), 31bv32)))))`
			`}`

			`function $bb2vec4(a:[int]int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, g1:int, g2:int) returns(bool)`
			`{`
			`(forall i:int::{TV(i)} TV(i) && word(i - i0) && i1 <= i && i < i2 && $Aligned(B(i - i0)) ==>`
			`between(g1, g2, g1 + 4 * I($shr(B(i - i0), 6bv32)))`
			`&& (B(a[aBase + (i - i0)]) == $and(`
			`$shr(B(bb[g1 + 4 * I($shr(B(i - i0), 6bv32))]), $and($shr(B(i - i0), 1bv32), 31bv32)),`
			`3bv32`
			`)))`
			`}`

			`procedure $AndAligned(x:bv32);`
			`ensures $and(x, 3bv32) == 0bv32 <==> $Aligned(x);`

			`procedure $AddAligned(x:bv32, y:bv32);`
			`ensures $Aligned(x) ==>`
			`($Aligned(y) <==> $Aligned($add(x, y)));`

			`procedure $SubAligned(x:bv32, y:bv32);`
			`ensures $Aligned(x) ==>`
			`($Aligned(y) <==> $Aligned($sub(x, y)));`

			`procedure $NotAligned(b:bv32);`
			`requires $Aligned(b);`
			`ensures !$Aligned($add(b, 1bv32));`
			`ensures !$Aligned($add(b, 2bv32));`
			`ensures !$Aligned($add(b, 3bv32));`
			`ensures $le(b, 4294967292bv32);`

			`procedure $Initialize($unitSize:bv32);`
			`requires $le($unitSize, 16777215bv32);`
			`ensures $shr(0bv32, 7bv32) == 0bv32;`
			`ensures $shr($mul(128bv32, $unitSize), 7bv32) == $unitSize;`
			`ensures $shr($mul(256bv32, $unitSize), 7bv32) == $add($unitSize, $unitSize);`

			`procedure _BB4Zero(a:[int]int, off:int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, g1:int, g2:int, idx:int);`
			`requires (forall i:int::{TV(i)} TV(i) && i1 <= i && i < i2 + 128 ==> a[aBase + (i - i0)] == off);`
			`requires $bbvec4(a, off, aBase, bb, i0, i1, i2, g1, g2);`
			`requires $Aligned(B(idx)) && $Aligned(B(g1));`
			`requires B(i2 - i0) == $mul(32bv32, $sub(B(idx), B(g1)));`
			`requires i1 == i0;`
			`requires $le($shr(B(i2 - i0), 7bv32), 33554431bv32) && $mul(128bv32, $shr(B(i2 - i0), 7bv32)) == B(i2 - i0) ==>`
			`idx - g1 == 4 * I($shr(B(i2 - i0), 7bv32));`
			`requires (forall i:int::{TV(i)} TV(i) && i2 <= i && i < i2 + 128 ==>`
			`$le(B(i2 - i0), B(i - i0)) && $le(B(i - i0), $add(B(i2 - i0), 127bv32)));`
			`requires between(g1, g2, idx);`
			`requires B(0) == 0bv32;`
			`ensures $bbvec4(a, off, aBase, bb[idx := 0], i0, i1, i2 + 128, g1, g2);`

			`procedure _BB4GetBit(i0:int, k:int);`
			`ensures $le($and($shr(B(k - i0), 2bv32), 31bv32), 31bv32);`

			`procedure _BB4SetBit(a:[int]int, on:int, off:int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, k:int, idx:int, bbb:int, ret:[int]int, g1:int, g2:int);`
			`requires $bbvec4(a, off, aBase, bb, i0, i1, i2, g1, g2);`
			`requires TV(k) && word(k - i0) && i1 <= k && k < i2 && $Aligned(B(k - i0));`
			`requires on != off;`
			`requires idx == g1 + 4 * I($shr(B(k - i0), 7bv32));`
			`requires B(bbb) == $or(B(bb[idx]), $shl(1bv32, $and($shr(B(k - i0), 2bv32), 31bv32)));`
			`requires ret == bb[idx := bbb];`
			`ensures $bbvec4(a[aBase + (k - i0) := on], off, aBase, ret, i0, i1, i2, g1, g2);`
			`ensures between(g1, g2, idx);`
			`ensures $le($and($shr(B(k - i0), 2bv32), 31bv32), 31bv32);`

			`procedure _BB4Zero2(a:[int]int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, g1:int, g2:int, idx:int);`
			`requires (forall i:int::{TV(i)} TV(i) && i1 <= i && i < i2 + 64 ==> a[aBase + (i - i0)] == 0);`
			`requires $bb2vec4(a, aBase, bb, i0, i1, i2, g1, g2);`
			`requires $Aligned(B(idx)) && $Aligned(B(g1));`
			`requires B(i2 - i0) == $mul(16bv32, $sub(B(idx), B(g1)));`
			`requires i1 == i0;`
			`requires $le($shr(B(i2 - i0), 6bv32), 67108863bv32) && $mul(64bv32, $shr(B(i2 - i0), 6bv32)) == B(i2 - i0) ==>`
			`idx - g1 == 4 * I($shr(B(i2 - i0), 6bv32));`
			`requires (forall i:int::{TV(i)} TV(i) && i2 <= i && i < i2 + 64 ==>`
			`$le(B(i2 - i0), B(i - i0)) && $le(B(i - i0), $add(B(i2 - i0), 63bv32)));`
			`requires between(g1, g2, idx);`
			`requires B(0) == 0bv32;`
			`ensures $bb2vec4(a, aBase, bb[idx := 0], i0, i1, i2 + 64, g1, g2);`

			`procedure _BB4Get2Bit(i0:int, k:int);`
			`ensures $le($and($shr(B(k - i0), 1bv32), 31bv32), 31bv32);`

			`procedure _BB4Set2Bit(a:[int]int, val:int, aBase:int, bb:[int]int, i0:int, i1:int, i2:int, k:int, idx:int, bbb:int, _bbb:int, ret:[int]int, g1:int, g2:int);`
			`requires $bb2vec4(a, aBase, bb, i0, i1, i2, g1, g2);`
			`requires TV(k) && word(k - i0) && i1 <= k && k < i2 && $Aligned(B(k - i0));`
			`requires idx == g1 + 4 * I($shr(B(k - i0), 6bv32));`
			`requires $le(B(val), 3bv32);`
			`requires B(bbb) == $and(B(bb[idx]), $not($shl(3bv32, $and($shr(B(k - i0), 1bv32), 31bv32))));`
			`requires B(_bbb) == $or(B(bbb), $shl(B(val), $and($shr(B(k - i0), 1bv32), 31bv32)));`
			`requires ret == bb[idx := _bbb];`
			`ensures $bb2vec4(a[aBase + (k - i0) := val], aBase, ret, i0, i1, i2, g1, g2);`
			`ensures between(g1, g2, idx);`
			`ensures $le($and($shr(B(k - i0), 1bv32), 31bv32), 31bv32);`

			`procedure $Const();`
			`ensures $sub(1bv32, 1bv32) == 0bv32;`
			`ensures $add(1bv32, 1bv32) == 2bv32;`
			`ensures $add(2bv32, 1bv32) == 3bv32;`
			`ensures $add(2bv32, 2bv32) == 4bv32;`
			`ensures $add(4bv32, 1bv32) == 5bv32;`
			`ensures $add(5bv32, 1bv32) == 6bv32;`
			`ensures $add(5bv32, 2bv32) == 7bv32;`
			`ensures $mul(4bv32, 4bv32) == 16bv32;`
			`ensures $add(16bv32, 16bv32) == 32bv32;`
			`ensures $sub(32bv32, 1bv32) == 31bv32;`
			`ensures $add(32bv32, 32bv32) == 64bv32;`
			`ensures $sub(64bv32, 1bv32) == 63bv32;`
			`ensures $mul(32bv32, 4bv32) == 128bv32;`
			`ensures $sub(128bv32, 1bv32) == 127bv32;`
			`ensures $mul(16bv32, 16bv32) == 256bv32;`
			`ensures $add(256bv32, 256bv32) == 512bv32;`
			`ensures $mul(256bv32, 256bv32) == 65536bv32;`
			`ensures $sub(65536bv32, 1bv32) == 65535bv32;`
			`ensures $mul(65536bv32, 256bv32) == 16777216bv32;`
			`ensures $sub(16777216bv32, 1bv32) == 16777215bv32;`
			`ensures $mul(65536bv32, 512bv32) == 33554432bv32;`
			`ensures $sub(33554432bv32, 1bv32) == 33554431bv32;`
			`ensures $add(33554432bv32, 33554432bv32) == 67108864bv32;`
			`ensures $sub(67108864bv32, 1bv32) == 67108863bv32;`
			`ensures $mul(65536bv32, 65535bv32) == 4294901760bv32;`
			`ensures $add(4294901760bv32, 65535bv32) == 4294967295bv32;`
			`ensures $sub(4294967295bv32, 3bv32) == 4294967292bv32;`