summaryrefslogtreecommitdiff
path: root/theories/IntMap/Addec.v
blob: 7dba9ef6e39d77b03f73110ac16693e7ed4ba091 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
(************************************************************************)
(*  v      *   The Coq Proof Assistant  /  The Coq Development Team     *)
(* <O___,, * CNRS-Ecole Polytechnique-INRIA Futurs-Universite Paris Sud *)
(*   \VV/  **************************************************************)
(*    //   *      This file is distributed under the terms of the       *)
(*         *       GNU Lesser General Public License Version 2.1        *)
(************************************************************************)
(*i 	$Id: Addec.v,v 1.7.2.1 2004/07/16 19:31:04 herbelin Exp $	 i*)

(** Equality on adresses *)

Require Import Bool.
Require Import Sumbool.
Require Import ZArith.
Require Import Addr.

Fixpoint ad_eq_1 (p1 p2:positive) {struct p2} : bool :=
  match p1, p2 with
  | xH, xH => true
  | xO p'1, xO p'2 => ad_eq_1 p'1 p'2
  | xI p'1, xI p'2 => ad_eq_1 p'1 p'2
  | _, _ => false
  end.

Definition ad_eq (a a':ad) :=
  match a, a' with
  | ad_z, ad_z => true
  | ad_x p, ad_x p' => ad_eq_1 p p'
  | _, _ => false
  end.

Lemma ad_eq_correct : forall a:ad, ad_eq a a = true.
Proof.
  destruct a; trivial.
  induction p; trivial.
Qed.

Lemma ad_eq_complete : forall a a':ad, ad_eq a a' = true -> a = a'.
Proof.
  destruct a. destruct a'; trivial. destruct p.
  discriminate 1.
  discriminate 1.
  discriminate 1.
  destruct a'. intros. discriminate H.
  unfold ad_eq in |- *. intros. cut (p = p0). intros. rewrite H0. reflexivity.
  generalize dependent p0.
  induction p as [p IHp| p IHp| ]. destruct p0; intro H.
  rewrite (IHp p0). reflexivity.
  exact H.
  discriminate H.
  discriminate H.
  destruct p0; intro H. discriminate H.
  rewrite (IHp p0 H). reflexivity.
  discriminate H.
  destruct p0 as [p| p| ]; intro H. discriminate H.
  discriminate H.
  trivial.
Qed.

Lemma ad_eq_comm : forall a a':ad, ad_eq a a' = ad_eq a' a.
Proof.
  intros. cut (forall b b':bool, ad_eq a a' = b -> ad_eq a' a = b' -> b = b').
  intros. apply H. reflexivity.
  reflexivity.
  destruct b. intros. cut (a = a').
  intro. rewrite H1 in H0. rewrite (ad_eq_correct a') in H0. exact H0.
  apply ad_eq_complete. exact H.
  destruct b'. intros. cut (a' = a).
  intro. rewrite H1 in H. rewrite H1 in H0. rewrite <- H. exact H0.
  apply ad_eq_complete. exact H0.
  trivial.
Qed.

Lemma ad_xor_eq_true :
 forall a a':ad, ad_xor a a' = ad_z -> ad_eq a a' = true.
Proof.
  intros. rewrite (ad_xor_eq a a' H). apply ad_eq_correct.
Qed.

Lemma ad_xor_eq_false :
 forall (a a':ad) (p:positive), ad_xor a a' = ad_x p -> ad_eq a a' = false.
Proof.
  intros. elim (sumbool_of_bool (ad_eq a a')). intro H0.
  rewrite (ad_eq_complete a a' H0) in H. rewrite (ad_xor_nilpotent a') in H. discriminate H.
  trivial.
Qed.

Lemma ad_bit_0_1_not_double :
 forall a:ad,
   ad_bit_0 a = true -> forall a0:ad, ad_eq (ad_double a0) a = false.
Proof.
  intros. elim (sumbool_of_bool (ad_eq (ad_double a0) a)). intro H0.
  rewrite <- (ad_eq_complete _ _ H0) in H. rewrite (ad_double_bit_0 a0) in H. discriminate H.
  trivial.
Qed.

Lemma ad_not_div_2_not_double :
 forall a a0:ad,
   ad_eq (ad_div_2 a) a0 = false -> ad_eq a (ad_double a0) = false.
Proof.
  intros. elim (sumbool_of_bool (ad_eq (ad_double a0) a)). intro H0.
  rewrite <- (ad_eq_complete _ _ H0) in H. rewrite (ad_double_div_2 a0) in H.
  rewrite (ad_eq_correct a0) in H. discriminate H.
  intro. rewrite ad_eq_comm. assumption.
Qed.

Lemma ad_bit_0_0_not_double_plus_un :
 forall a:ad,
   ad_bit_0 a = false -> forall a0:ad, ad_eq (ad_double_plus_un a0) a = false.
Proof.
  intros. elim (sumbool_of_bool (ad_eq (ad_double_plus_un a0) a)). intro H0.
  rewrite <- (ad_eq_complete _ _ H0) in H. rewrite (ad_double_plus_un_bit_0 a0) in H.
  discriminate H.
  trivial.
Qed.

Lemma ad_not_div_2_not_double_plus_un :
 forall a a0:ad,
   ad_eq (ad_div_2 a) a0 = false -> ad_eq (ad_double_plus_un a0) a = false.
Proof.
  intros. elim (sumbool_of_bool (ad_eq a (ad_double_plus_un a0))). intro H0.
  rewrite (ad_eq_complete _ _ H0) in H. rewrite (ad_double_plus_un_div_2 a0) in H.
  rewrite (ad_eq_correct a0) in H. discriminate H.
  intro H0. rewrite ad_eq_comm. assumption.
Qed.

Lemma ad_bit_0_neq :
 forall a a':ad,
   ad_bit_0 a = false -> ad_bit_0 a' = true -> ad_eq a a' = false.
Proof.
  intros. elim (sumbool_of_bool (ad_eq a a')). intro H1. rewrite (ad_eq_complete _ _ H1) in H.
  rewrite H in H0. discriminate H0.
  trivial.
Qed.

Lemma ad_div_eq :
 forall a a':ad, ad_eq a a' = true -> ad_eq (ad_div_2 a) (ad_div_2 a') = true.
Proof.
  intros. cut (a = a'). intros. rewrite H0. apply ad_eq_correct.
  apply ad_eq_complete. exact H.
Qed.

Lemma ad_div_neq :
 forall a a':ad,
   ad_eq (ad_div_2 a) (ad_div_2 a') = false -> ad_eq a a' = false.
Proof.
  intros. elim (sumbool_of_bool (ad_eq a a')). intro H0.
  rewrite (ad_eq_complete _ _ H0) in H. rewrite (ad_eq_correct (ad_div_2 a')) in H. discriminate H.
  trivial.
Qed.

Lemma ad_div_bit_eq :
 forall a a':ad,
   ad_bit_0 a = ad_bit_0 a' -> ad_div_2 a = ad_div_2 a' -> a = a'.
Proof.
  intros. apply ad_faithful. unfold eqf in |- *. destruct n.
  rewrite ad_bit_0_correct. rewrite ad_bit_0_correct. assumption.
  rewrite <- ad_div_2_correct. rewrite <- ad_div_2_correct.
  rewrite H0. reflexivity.
Qed.

Lemma ad_div_bit_neq :
 forall a a':ad,
   ad_eq a a' = false ->
   ad_bit_0 a = ad_bit_0 a' -> ad_eq (ad_div_2 a) (ad_div_2 a') = false.
Proof.
  intros. elim (sumbool_of_bool (ad_eq (ad_div_2 a) (ad_div_2 a'))). intro H1.
  rewrite (ad_div_bit_eq _ _ H0 (ad_eq_complete _ _ H1)) in H.
  rewrite (ad_eq_correct a') in H. discriminate H.
  trivial.
Qed.

Lemma ad_neq :
 forall a a':ad,
   ad_eq a a' = false ->
   ad_bit_0 a = negb (ad_bit_0 a') \/
   ad_eq (ad_div_2 a) (ad_div_2 a') = false.
Proof.
  intros. cut (ad_bit_0 a = ad_bit_0 a' \/ ad_bit_0 a = negb (ad_bit_0 a')).
  intros. elim H0. intro. right. apply ad_div_bit_neq. assumption.
  assumption.
  intro. left. assumption.
  case (ad_bit_0 a); case (ad_bit_0 a'); auto.
Qed.

Lemma ad_double_or_double_plus_un :
 forall a:ad,
   {a0 : ad | a = ad_double a0} + {a1 : ad | a = ad_double_plus_un a1}.
Proof.
  intro. elim (sumbool_of_bool (ad_bit_0 a)). intro H. right. split with (ad_div_2 a).
  rewrite (ad_div_2_double_plus_un a H). reflexivity.
  intro H. left. split with (ad_div_2 a). rewrite (ad_div_2_double a H). reflexivity.
Qed.