max/lean4-htt
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

feat: BitVec unsigned order theoretic results (#5297)

Browse source 
Proves that `<` and `<=` on `BitVec` are (strict) (total) partial
orders. This is required for the `UInt` as `BitVec` refactor.

This does open the question how to state these theorems "correctly" for
`BitVec`, we have both `<` living in `Prop` and `BitVec.ult` living in
`Bool`. We might of course say to always use `<` but: Once we start
adding `IntX` we need to prove the same results for `BitVec.slt` to
provide an equivalent API. So it would appear that it is unavoidable to
have a `= true` variant of these theorems there?

Question answered: Use `<` and `slt`.
This commit is contained in:
Henrik Böving 2024-09-10 14:32:44 +02:00 committed by GitHub
parent c1da100997
commit f869018447
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 35 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
src/Init/Data/BitVec/Lemmas.lean
View file

@ -1631,12 +1631,41 @@ theorem ofInt_mul {n} (x y : Int) : BitVec.ofInt n (x * y) =
@[simp] theorem ofNat_lt_ofNat {n} (x y : Nat) : BitVec.ofNat n x < BitVec.ofNat n y ↔ x % 2^n < y % 2^n := by
simp [lt_def]
protected theorem lt_of_le_ne (x y : BitVec n) (h1 : x <= y) (h2 : ¬ x = y) : x < y := by
revert h1 h2
let ⟨x, lt⟩ := x
let ⟨y, lt⟩ := y
simp
exact Nat.lt_of_le_of_ne
@[simp] protected theorem not_le {x y : BitVec n} : ¬ x ≤ y ↔ y < x := by
simp [le_def, lt_def]
@[simp] protected theorem not_lt {x y : BitVec n} : ¬ x < y ↔ y ≤ x := by
simp [le_def, lt_def]
@[simp] protected theorem le_refl (x : BitVec n) : x ≤ x := by
simp [le_def]
@[simp] protected theorem lt_irrefl (x : BitVec n) : ¬x < x := by
simp [lt_def]
protected theorem le_trans {x y z : BitVec n} : x ≤ y → y ≤ z → x ≤ z := by
simp only [le_def]
apply Nat.le_trans
protected theorem lt_trans {x y z : BitVec n} : x < y → y < z → x < z := by
simp only [lt_def]
apply Nat.lt_trans
protected theorem le_total (x y : BitVec n) : x ≤ y y ≤ x := by
simp only [le_def]
apply Nat.le_total
protected theorem le_antisymm {x y : BitVec n} : x ≤ y → y ≤ x → x = y := by
simp only [le_def, BitVec.toNat_eq]
apply Nat.le_antisymm
protected theorem lt_asymm {x y : BitVec n} : x < y → ¬ y < x := by
simp only [lt_def]
apply Nat.lt_asymm
protected theorem lt_of_le_ne {x y : BitVec n} : x ≤ y → ¬ x = y → x < y := by
simp only [lt_def, le_def, BitVec.toNat_eq]
apply Nat.lt_of_le_of_ne
/-! ### ofBoolList -/