VOD: https://www.youtube.com/watch?v=IcyFhrWyzdg
Work on https://github.com/l1mey112/bitbasher.
Agenda.
theorem congrApp {n} (f : iN n → iN n)
{wf : f poison = poison := by opt_poison_input}
{a a' : iN n} (h : a ~> a') : f a ~> f a'noUb, wF, ubEquiv',
ubEquiv, whatever works.)Proving.
1. Prove by rewriting based on what you already know (human).
2. Prove by the semantics of the actual program (human).
3. Automatically prove (machine).
At the moment, (1), (3). I guess we need (2).
/-
(h :
(x ≥ₛ 0) &&& (y ≥ₛ 0) &&& (z ≥ₛ 0) ~> 1 ∨
(x <ₛ 0) &&& (y <ₛ 0) &&& (z <ₛ 0) ~> 1)
-/
def hyp {n} (a b c : BitVec n) :=
!(a.sle 0) && !(b.sle 0) && !(c.sle 0) ∨
(a.slt 0) && (b.slt 0) && (c.slt 0)iN_convert_goal_bitvec there should be
another SimpSet to further reduce to the definition but don’t go further
than BitVec.@[opt ideal]
theorem add_zero {n} (x : iN n) : x + 0 ~> x := by
iN_convert_goal_bitvec
/-
case bitvec
n : Nat
a✝ : BitVec n
⊢ bitvec a✝ + 0 ~> bitvec a✝
-/simp only [iN_simp] you end up with the
below which isn’t really useful because you’re not going to the
definition. I would want to convert ~> bitvec to
something.⊢ (bitvec a✝).pBind₂ (bitvec 0#n) iN.add? ~> bitvec a✝