Theory: words

Definitions

INT_MAX_def

⊢ INT_MAX (:α) = INT_MIN (:α) − 1

INT_MIN_def

⊢ INT_MIN (:α) = 2 ** (dimindex (:α) − 1)

UINT_MAX_def

⊢ UINT_MAX (:α) = dimword (:α) − 1

add_with_carry_def

⊢ ∀x y carry_in.
    add_with_carry (x,y,carry_in) =
    (let
       unsigned_sum = w2n x + w2n y + if carry_in then 1 else 0;
       result = n2w unsigned_sum;
       carry_out = (w2n result ≠ unsigned_sum) and
       overflow =
         ((word_msb x ⇔ word_msb y) ∧ (word_msb x ⇎ word_msb result))
     in
       (result,carry_out,overflow))

bit_count_def

⊢ ∀w. bit_count w = bit_count_upto (dimindex (:α)) w

bit_count_upto_def

⊢ ∀n w. bit_count_upto n w = SUM n (λi. if w ' i then 1 else 0)

bit_field_insert_def

⊢ ∀h l a.
    bit_field_insert h l a =
    word_modify (λi. COND (l ≤ i ∧ i ≤ h) (a ' (i − l)))

concat_word_list_def

⊢ concat_word_list [] = 0w ∧
  ∀h t.
    concat_word_list (h::t) = w2w h ‖ concat_word_list t ≪ dimindex (:α)

dimword_def

⊢ dimword (:α) = 2 ** dimindex (:α)

l2w_def

⊢ ∀b l. l2w b l = n2w (l2n b l)

n2w_def

⊢ ∀n. n2w n = FCP i. BIT i n

n2w_itself_def_primitive

⊢ n2w_itself =
  WFREC (@R. WF R) (λn2w_itself a. case a of (v,v1) => I (n2w v))

nzcv_def

⊢ ∀a b.
    nzcv a b =
    (let
       q = w2n a + w2n (-b);
       r = n2w q
     in
       (word_msb r,r = 0w,BIT (dimindex (:α)) q ∨ b = 0w,
        (word_msb a ⇎ word_msb b) ∧ (word_msb r ⇎ word_msb a)))

reduce_and_def

⊢ reduce_and = word_reduce $/\

reduce_nand_def

⊢ reduce_nand = word_reduce (λa b. ¬(a ∧ b))

reduce_nor_def

⊢ reduce_nor = word_reduce (λa b. ¬(a ∨ b))

reduce_or_def

⊢ reduce_or = word_reduce $\/

reduce_xnor_def

⊢ reduce_xnor = word_reduce $<=>

reduce_xor_def

⊢ reduce_xor = word_reduce (λx y. x ⇎ y)

s2w_def

⊢ ∀b f s. s2w b f s = n2w (s2n b f s)

saturate_add_def

⊢ ∀a b. saturate_add a b = saturate_n2w (w2n a + w2n b)

saturate_mul_def

⊢ ∀a b. saturate_mul a b = saturate_n2w (w2n a * w2n b)

saturate_n2w_def

⊢ ∀n. saturate_n2w n = if dimword (:α) ≤ n then Tw else n2w n

saturate_sub_def

⊢ ∀a b. saturate_sub a b = n2w (w2n a − w2n b)

saturate_w2w_def

⊢ ∀w. saturate_w2w w = saturate_n2w (w2n w)

sw2sw_def

⊢ ∀w. sw2sw w = n2w (SIGN_EXTEND (dimindex (:α)) (dimindex (:β)) (w2n w))

w2l_def

⊢ ∀b w. w2l b w = n2l b (w2n w)

w2n_def

⊢ ∀w. w2n w = SUM (dimindex (:α)) (λi. SBIT (w ' i) i)

w2s_def

⊢ ∀b f w. w2s b f w = n2s b f (w2n w)

w2w_def

⊢ ∀w. w2w w = n2w (w2n w)

word_1comp_def

⊢ ∀w. ¬w = FCP i. ¬w ' i

word_2comp_def

⊢ ∀w. -w = n2w (dimword (:α) − w2n w)

word_H_def

⊢ INT_MAXw = n2w (INT_MAX (:α))

word_L2_def

⊢ word_L2 = INT_MINw * INT_MINw

word_L_def

⊢ INT_MINw = n2w (INT_MIN (:α))

word_T_def

⊢ Tw = n2w (UINT_MAX (:α))

word_abs_def

⊢ ∀w. word_abs w = if w < 0w then -w else w

word_add_def

⊢ ∀v w. v + w = n2w (w2n v + w2n w)

word_and_def

⊢ ∀v w. v && w = FCP i. v ' i ∧ w ' i

word_asr_bv_def

⊢ ∀w n. w >>~ n = w ≫ w2n n

word_asr_def

⊢ ∀w n.
    w ≫ n =
    FCP i. if dimindex (:α) ≤ i + n then word_msb w else w ' (i + n)

word_bit_def

⊢ ∀b w. word_bit b w ⇔ b ≤ dimindex (:α) − 1 ∧ w ' b

word_bits_def

⊢ ∀h l.
    (h -- l) = (λw. FCP i. i + l ≤ MIN h (dimindex (:α) − 1) ∧ w ' (i + l))

word_compare_def

⊢ ∀a b. word_compare a b = if a = b then 1w else 0w

word_concat_def

⊢ ∀v w. v @@ w = w2w (word_join v w)

word_div_def

⊢ ∀v w. v // w = n2w (w2n v DIV w2n w)

word_exp_def

⊢ ∀v w. v ** w = n2w (w2n v ** w2n w)

word_extract_def

⊢ ∀h l. (h >< l) = w2w ∘ (h -- l)

word_from_bin_list_def

⊢ word_from_bin_list = l2w 2

word_from_bin_string_def

⊢ word_from_bin_string = s2w 2 UNHEX

word_from_dec_list_def

⊢ word_from_dec_list = l2w 10

word_from_dec_string_def

⊢ word_from_dec_string = s2w 10 UNHEX

word_from_hex_list_def

⊢ word_from_hex_list = l2w 16

word_from_hex_string_def

⊢ word_from_hex_string = s2w 16 UNHEX

word_from_oct_list_def

⊢ word_from_oct_list = l2w 8

word_from_oct_string_def

⊢ word_from_oct_string = s2w 8 UNHEX

word_ge_def

⊢ ∀a b. a ≥ b ⇔ (let (n,z,c,v) = nzcv a b in n ⇔ v)

word_gt_def

⊢ ∀a b. a > b ⇔ (let (n,z,c,v) = nzcv a b in ¬z ∧ (n ⇔ v))

word_hi_def

⊢ ∀a b. a >₊ b ⇔ (let (n,z,c,v) = nzcv a b in c ∧ ¬z)

word_hs_def

⊢ ∀a b. a ≥₊ b ⇔ (let (n,z,c,v) = nzcv a b in c)

word_join_def

⊢ ∀v w.
    word_join v w =
    (let cv = w2w v and cw = w2w w in cv ≪ dimindex (:β) ‖ cw)

word_le_def

⊢ ∀a b. a ≤ b ⇔ (let (n,z,c,v) = nzcv a b in z ∨ (n ⇎ v))

word_len_def

⊢ ∀w. word_len w = dimindex (:α)

word_lo_def

⊢ ∀a b. a <₊ b ⇔ (let (n,z,c,v) = nzcv a b in ¬c)

word_log2_def

⊢ ∀w. word_log2 w = n2w (LOG2 (w2n w))

word_ls_def

⊢ ∀a b. a ≤₊ b ⇔ (let (n,z,c,v) = nzcv a b in ¬c ∨ z)

word_lsb_def

⊢ ∀w. word_lsb w ⇔ w ' 0

word_lsl_bv_def

⊢ ∀w n. w <<~ n = w ≪ w2n n

word_lsl_def

⊢ ∀w n. w ≪ n = FCP i. i < dimindex (:α) ∧ n ≤ i ∧ w ' (i − n)

word_lsr_bv_def

⊢ ∀w n. w >>>~ n = w ⋙ w2n n

word_lsr_def

⊢ ∀w n. w ⋙ n = FCP i. i + n < dimindex (:α) ∧ w ' (i + n)

word_lt_def

⊢ ∀a b. a < b ⇔ (let (n,z,c,v) = nzcv a b in n ⇎ v)

word_max_def

⊢ ∀a b. word_max a b = if a <₊ b then b else a

word_min_def

⊢ ∀a b. word_min a b = if a <₊ b then a else b

word_mod_def

⊢ ∀v w. word_mod v w = n2w (w2n v MOD w2n w)

word_modify_def

⊢ ∀f w. word_modify f w = FCP i. f i (w ' i)

word_msb_def

⊢ ∀w. word_msb w ⇔ w ' (dimindex (:α) − 1)

word_mul_def

⊢ ∀v w. v * w = n2w (w2n v * w2n w)

word_nand_def

⊢ ∀v w. v ~&& w = FCP i. ¬(v ' i ∧ w ' i)

word_nor_def

⊢ ∀v w. v ~|| w = FCP i. ¬(v ' i ∨ w ' i)

word_or_def

⊢ ∀v w. v ‖ w = FCP i. v ' i ∨ w ' i

word_quot_def

⊢ ∀a b.
    a / b =
    if word_msb a then if word_msb b then -a // -b else -(-a // b)
    else if word_msb b then -(a // -b)
    else a // b

word_reduce_def

⊢ ∀f w.
    word_reduce f w =
    $FCP
      (K
         (let
            l = GENLIST (λi. w ' (dimindex (:α) − 1 − i)) (dimindex (:α))
          in
            FOLDL f (HD l) (TL l)))

word_rem_def

⊢ ∀a b.
    word_rem a b =
    if word_msb a then
      if word_msb b then -word_mod (-a) (-b) else -word_mod (-a) b
    else if word_msb b then word_mod a (-b)
    else word_mod a b

word_replicate_def

⊢ ∀n w.
    word_replicate n w =
    FCP i. i < n * dimindex (:α) ∧ w ' (i MOD dimindex (:α))

word_reverse_def

⊢ ∀w. word_reverse w = FCP i. w ' (dimindex (:α) − 1 − i)

word_rol_bv_def

⊢ ∀w n. w #<<~ n = w ⇆ w2n n

word_rol_def

⊢ ∀w n. w ⇆ n = w ⇄ (dimindex (:α) − n MOD dimindex (:α))

word_ror_bv_def

⊢ ∀w n. w #>>~ n = w ⇄ w2n n

word_ror_def

⊢ ∀w n. w ⇄ n = FCP i. w ' ((i + n) MOD dimindex (:α))

word_rrx_def

⊢ ∀c w.
    word_rrx (c,w) =
    (word_lsb w,FCP i. if i = dimindex (:α) − 1 then c else (w ⋙ 1) ' i)

word_sign_extend_def

⊢ ∀n w. word_sign_extend n w = n2w (SIGN_EXTEND n (dimindex (:α)) (w2n w))

word_signed_bits_def

⊢ ∀h l.
    (h --- l) =
    (λw.
         FCP i.
           l ≤ MIN h (dimindex (:α) − 1) ∧
           w ' (MIN (i + l) (MIN h (dimindex (:α) − 1))))

word_slice_def

⊢ ∀h l.
    (h '' l) = (λw. FCP i. l ≤ i ∧ i ≤ MIN h (dimindex (:α) − 1) ∧ w ' i)

word_smax_def

⊢ ∀a b. word_smax a b = if a < b then b else a

word_smin_def

⊢ ∀a b. word_smin a b = if a < b then a else b

word_sub_def

⊢ ∀v w. v − w = v + -w

word_to_bin_list_def

⊢ word_to_bin_list = w2l 2

word_to_bin_string_def

⊢ word_to_bin_string = w2s 2 HEX

word_to_dec_list_def

⊢ word_to_dec_list = w2l 10

word_to_dec_string_def

⊢ word_to_dec_string = w2s 10 HEX

word_to_hex_list_def

⊢ word_to_hex_list = w2l 16

word_to_hex_string_def

⊢ word_to_hex_string = w2s 16 HEX

word_to_oct_list_def

⊢ word_to_oct_list = w2l 8

word_to_oct_string_def

⊢ word_to_oct_string = w2s 8 HEX

word_xnor_def

⊢ ∀v w. v ~?? w = FCP i. v ' i ⇔ w ' i

word_xor_def

⊢ ∀v w. v ⊕ w = FCP i. v ' i ⇎ w ' i

Theorems

ADD_WITH_CARRY_SUB

⊢ ∀x y.
    add_with_carry (x,¬y,T) =
    (x − y,y ≤₊ x,
     (word_msb x ⇎ word_msb y) ∧ (word_msb (x − y) ⇎ word_msb x))

ASR_ADD

⊢ ∀w m n. w ≫ m ≫ n = w ≫ (m + n)

ASR_LIMIT

⊢ ∀w n. dimindex (:α) ≤ n ⇒ w ≫ n = if word_msb w then Tw else 0w

ASR_UINT_MAX

⊢ ∀n. Tw ≫ n = Tw

BITS_ZEROL_DIMINDEX

⊢ ∀n. n < dimword (:α) ⇒ BITS (dimindex (:α) − 1) 0 n = n

BIT_SET

⊢ ∀i n. BIT i n ⇔ i ∈ BIT_SET 0 n

BIT_SET_def

⊢ ∀n i.
    BIT_SET i n =
    if n = 0 then ∅
    else if ODD n then i INSERT BIT_SET (SUC i) (n DIV 2)
    else BIT_SET (SUC i) (n DIV 2)

BIT_SET_ind

⊢ ∀P. (∀i n.
         (n ≠ 0 ∧ ODD n ⇒ P (SUC i) (n DIV 2)) ∧
         (n ≠ 0 ∧ ¬ODD n ⇒ P (SUC i) (n DIV 2)) ⇒
         P i n) ⇒
      ∀v v1. P v v1

BIT_UPDATE

⊢ ∀n x. (n :+ x) = word_modify (λi b. if i = n then x else b)

BOUND_ORDER

⊢ INT_MAX (:α) < INT_MIN (:α) ∧ INT_MIN (:α) ≤ UINT_MAX (:α) ∧
  UINT_MAX (:α) < dimword (:α)

CARD_WORD

⊢ FINITE 𝕌(:'N) ⇒ CARD 𝕌(:'N word) = 2 ** dimindex (:'N)

CONCAT_EXTRACT

⊢ ∀h m l w.
    h − m = dimindex (:β) ∧ m + 1 − l = dimindex (:γ) ∧
    h + 1 − l = dimindex (:δ) ∧ dimindex (:β + γ) ≠ 1 ⇒
    (h >< m + 1) w @@ (m >< l) w = (h >< l) w

DIMINDEX_GT_0

⊢ 0 < dimindex (:α)

EXISTS_HB

⊢ ∃m. dimindex (:α) = SUC m

EXTEND_EXTRACT

⊢ ∀h l w. dimindex (:γ) = h + 1 − l ⇒ (h >< l) w = w2w ((h >< l) w)

EXTRACT_ALL_BITS

⊢ ∀h w. dimindex (:α) − 1 ≤ h ⇒ (h >< 0) w = w2w w

EXTRACT_CONCAT

⊢ ∀v w.
    FINITE 𝕌(:α) ∧ FINITE 𝕌(:β) ∧
    dimindex (:α) + dimindex (:β) ≤ dimindex (:γ) ⇒
    (dimindex (:β) − 1 >< 0) (v @@ w) = w ∧
    (dimindex (:α) + dimindex (:β) − 1 >< dimindex (:β)) (v @@ w) = v

EXTRACT_JOIN

⊢ ∀h m m' l s w.
    l ≤ m ∧ m' ≤ h ∧ m' = m + 1 ∧ s = m' − l ⇒
    (h >< m') w ≪ s ‖ (m >< l) w =
    (MIN h (MIN (dimindex (:β) + l − 1) (dimindex (:α) − 1)) >< l) w

EXTRACT_JOIN_ADD

⊢ ∀h m m' l s w.
    l ≤ m ∧ m' ≤ h ∧ m' = m + 1 ∧ s = m' − l ⇒
    (h >< m') w ≪ s + (m >< l) w =
    (MIN h (MIN (dimindex (:β) + l − 1) (dimindex (:α) − 1)) >< l) w

EXTRACT_JOIN_ADD_LSL

⊢ ∀h m m' l s n w.
    l ≤ m ∧ m' ≤ h ∧ m' = m + 1 ∧ s = m' − l + n ⇒
    (h >< m') w ≪ s + (m >< l) w ≪ n =
    (MIN h (MIN (dimindex (:β) + l − 1) (dimindex (:α) − 1)) >< l) w ≪ n

EXTRACT_JOIN_LSL

⊢ ∀h m m' l s n w.
    l ≤ m ∧ m' ≤ h ∧ m' = m + 1 ∧ s = m' − l + n ⇒
    (h >< m') w ≪ s ‖ (m >< l) w ≪ n =
    (MIN h (MIN (dimindex (:β) + l − 1) (dimindex (:α) − 1)) >< l) w ≪ n

FCP_T_F

⊢ $FCP (K T) = Tw ∧ $FCP (K F) = 0w

FST_ADD_WITH_CARRY

⊢ ((∀a b. FST (add_with_carry (a,b,F)) = a + b) ∧
   (∀a b. FST (add_with_carry (a,¬b,T)) = a − b) ∧
   ∀a b. FST (add_with_carry (¬a,b,T)) = b − a) ∧
  (∀n a. FST (add_with_carry (a,n2w n,T)) = a − ¬n2w n) ∧
  ∀n b. FST (add_with_carry (n2w n,b,T)) = b − ¬n2w n

INT_MAX_LT_DIMWORD

⊢ INT_MAX (:α) < dimword (:α)

INT_MIN_1

⊢ INT_MIN (:unit) = 1

INT_MIN_10

⊢ INT_MIN (:10) = 512

INT_MIN_11

⊢ INT_MIN (:11) = 1024

INT_MIN_12

⊢ INT_MIN (:12) = 2048

INT_MIN_128

⊢ INT_MIN (:128) = 170141183460469231731687303715884105728

INT_MIN_16

⊢ INT_MIN (:16) = 32768

INT_MIN_2

⊢ INT_MIN (:2) = 2

INT_MIN_20

⊢ INT_MIN (:20) = 524288

INT_MIN_24

⊢ INT_MIN (:24) = 8388608

INT_MIN_28

⊢ INT_MIN (:28) = 134217728

INT_MIN_3

⊢ INT_MIN (:3) = 4

INT_MIN_30

⊢ INT_MIN (:30) = 536870912

INT_MIN_32

⊢ INT_MIN (:32) = 2147483648

INT_MIN_4

⊢ INT_MIN (:4) = 8

INT_MIN_48

⊢ INT_MIN (:48) = 140737488355328

INT_MIN_5

⊢ INT_MIN (:5) = 16

INT_MIN_56

⊢ INT_MIN (:56) = 36028797018963968

INT_MIN_6

⊢ INT_MIN (:6) = 32

INT_MIN_64

⊢ INT_MIN (:64) = 9223372036854775808

INT_MIN_7

⊢ INT_MIN (:7) = 64

INT_MIN_8

⊢ INT_MIN (:8) = 128

INT_MIN_9

⊢ INT_MIN (:9) = 256

INT_MIN_96

⊢ INT_MIN (:96) = 39614081257132168796771975168

INT_MIN_LT_DIMWORD

⊢ INT_MIN (:α) < dimword (:α)

INT_MIN_SUM

⊢ INT_MIN (:α + β) =
  if FINITE 𝕌(:α) ∧ FINITE 𝕌(:β) then dimword (:α) * INT_MIN (:β)
  else INT_MIN (:α + β)

LEAST_BIT_LT

⊢ ∀w. w ≠ 0w ⇒ (LEAST i. w ' i) < dimindex (:α)

LENGTH_word_to_bin_list_bound

⊢ LENGTH (word_to_bin_list w) ≤ dimindex (:α)

LOG2_w2n

⊢ ∀w. w ≠ 0w ⇒
      LOG2 (w2n w) =
      dimindex (:α) − 1 − LEAST i. w ' (dimindex (:α) − 1 − i)

LOG2_w2n_lt

⊢ ∀w. w ≠ 0w ⇒ LOG2 (w2n w) < dimindex (:α)

LSL_ADD

⊢ ∀w m n. w ≪ m ≪ n = w ≪ (m + n)

LSL_BITWISE

⊢ (∀n v w. w ≪ n && v ≪ n = (w && v) ≪ n) ∧
  (∀n v w. w ≪ n ‖ v ≪ n = (w ‖ v) ≪ n) ∧
  ∀n v w. w ≪ n ⊕ v ≪ n = (w ⊕ v) ≪ n

LSL_LIMIT

⊢ ∀w n. dimindex (:α) ≤ n ⇒ w ≪ n = 0w

LSL_ONE

⊢ ∀w. w ≪ 1 = w + w

LSL_UINT_MAX

⊢ ∀n. Tw ≪ n = n2w (dimword (:α) − 2 ** n)

LSR_ADD

⊢ ∀w m n. w ⋙ m ⋙ n = w ⋙ (m + n)

LSR_BITWISE

⊢ (∀n v w. w ⋙ n && v ⋙ n = (w && v) ⋙ n) ∧
  (∀n v w. w ⋙ n ‖ v ⋙ n = (w ‖ v) ⋙ n) ∧
  ∀n v w. w ⋙ n ⊕ v ⋙ n = (w ⊕ v) ⋙ n

LSR_LESS

⊢ ∀m y. y ≠ 0w ∧ 0 < m ⇒ w2n (y ⋙ m) < w2n y

LSR_LIMIT

⊢ ∀w n. dimindex (:α) ≤ n ⇒ w ⋙ n = 0w

MEM_w2l_less

⊢ 1 < b ∧ MEM x (w2l b w) ⇒ x < b

MOD_2EXP_DIMINDEX

⊢ ∀n. n MOD dimword (:α) = MOD_2EXP (dimindex (:α)) n

MOD_COMPLEMENT

⊢ ∀n q a.
    0 < n ∧ 0 < q ∧ a < q * n ⇒ (q * n − a) MOD n = (n − a MOD n) MOD n

MOD_DIMINDEX

⊢ ∀n. n MOD dimword (:α) = BITS (dimindex (:α) − 1) 0 n

NOT_0w

⊢ ∀w. w ≠ 0w ⇒ ∃i. i < dimindex (:α) ∧ w ' i

NOT_FINITE_IMP_dimword_2

⊢ INFINITE 𝕌(:α) ⇒ dimword (:α) = 2

NOT_INT_MIN_ZERO

⊢ INT_MINw ≠ 0w

NOT_UINTMAXw

⊢ ∀w. w ≠ Tw ⇒ ∃i. i < dimindex (:α) ∧ ¬w ' i

NUMERAL_LESS_THM

⊢ (∀m n.
     m < NUMERAL (BIT1 n) ⇔
     m = NUMERAL (BIT1 n) − 1 ∨ m < NUMERAL (BIT1 n) − 1) ∧
  ∀m n. m < NUMERAL (BIT2 n) ⇔ m = NUMERAL (BIT1 n) ∨ m < NUMERAL (BIT1 n)

ONE_LT_dimword

⊢ 1 < dimword (:α)

ROL_ADD

⊢ ∀w m n. w ⇆ m ⇆ n = w ⇆ (m + n)

ROL_BITWISE

⊢ (∀n v w. w ⇆ n && v ⇆ n = (w && v) ⇆ n) ∧
  (∀n v w. w ⇆ n ‖ v ⇆ n = (w ‖ v) ⇆ n) ∧
  ∀n v w. w ⇆ n ⊕ v ⇆ n = (w ⊕ v) ⇆ n

ROL_MOD

⊢ ∀w n. w ⇆ (n MOD dimindex (:α)) = w ⇆ n

ROR_ADD

⊢ ∀w m n. w ⇄ m ⇄ n = w ⇄ (m + n)

ROR_BITWISE

⊢ (∀n v w. w ⇄ n && v ⇄ n = (w && v) ⇄ n) ∧
  (∀n v w. w ⇄ n ‖ v ⇄ n = (w ‖ v) ⇄ n) ∧
  ∀n v w. w ⇄ n ⊕ v ⇄ n = (w ⊕ v) ⇄ n

ROR_CYCLE

⊢ ∀w n. w ⇄ (n * dimindex (:α)) = w

ROR_MOD

⊢ ∀w n. w ⇄ (n MOD dimindex (:α)) = w ⇄ n

ROR_ROL

⊢ ∀w n. w ⇄ n ⇆ n = w ∧ w ⇆ n ⇄ n = w

ROR_UINT_MAX

⊢ ∀n. Tw ⇄ n = Tw

SHIFT_1_SUB_1

⊢ ∀i n. i < dimindex (:α) ⇒ ((1w ≪ n − 1w) ' i ⇔ i < n)

SHIFT_ZERO

⊢ (∀a. a ≪ 0 = a) ∧ (∀a. a ≫ 0 = a) ∧ (∀a. a ⋙ 0 = a) ∧ (∀a. a ⇆ 0 = a) ∧
  ∀a. a ⇄ 0 = a

SUC_WORD_PRED

⊢ ∀x. x ≠ 0w ⇒ SUC (w2n (x − 1w)) = w2n x

TWO_COMP_NEG

⊢ ∀a. word_msb a ⇒
      if dimindex (:α) − 1 = 0 ∨ a = INT_MINw then word_msb (-a)
      else ¬word_msb (-a)

TWO_COMP_POS

⊢ ∀a. ¬word_msb a ⇒ a = 0w ∨ word_msb (-a)

TWO_COMP_POS_NEG

⊢ ∀a. a ≠ 0w ∧ a ≠ INT_MINw ⇒ (¬word_msb a ⇔ word_msb (-a))

WORD_0_LS

⊢ ∀w. 0w ≤₊ w

WORD_0_POS

⊢ ¬word_msb 0w

WORD_2COMP_LSL

⊢ ∀n a. -a ≪ n = -(a ≪ n)

WORD_ADD_0

⊢ (∀w. w + 0w = w) ∧ ∀w. 0w + w = w

WORD_ADD_ASSOC

⊢ ∀v w x. v + (w + x) = v + w + x

WORD_ADD_BIT

⊢ ∀n a b.
    n < dimindex (:α) ⇒
    ((a + b) ' n ⇔
     if n = 0 then a ' 0 ⇎ b ' 0
     else if ((n − 1 -- 0) a + (n − 1 -- 0) b) ' n then a ' n ⇔ b ' n
     else a ' n ⇎ b ' n)

WORD_ADD_BIT0

⊢ ∀a b. (a + b) ' 0 ⇔ (a ' 0 ⇎ b ' 0)

WORD_ADD_COMM

⊢ ∀v w. v + w = w + v

WORD_ADD_EQ_SUB

⊢ ∀v w x. v + w = x ⇔ v = x − w

WORD_ADD_INV_0_EQ

⊢ ∀v w. v + w = v ⇔ w = 0w

WORD_ADD_LEFT_LO

⊢ ∀b c a.
    a + b <₊ c ⇔
    if b ≤₊ c then
      (let x = n2w (w2n c − w2n b) in a <₊ x ∨ b ≠ 0w ∧ -c + x ≤₊ a)
    else -b ≤₊ a ∧ a <₊ -b + c

WORD_ADD_LEFT_LO2

⊢ ∀c a. c + a <₊ a ⇔ a ≠ 0w ∧ (c ≠ 0w ∧ -c <₊ a ∨ a = -c)

WORD_ADD_LEFT_LS

⊢ ∀b c a.
    a + b ≤₊ c ⇔
    if b ≤₊ c then
      (let x = n2w (w2n c − w2n b) in a ≤₊ x ∨ b ≠ 0w ∧ -c + x ≤₊ a)
    else -b ≤₊ a ∧ a ≤₊ -b + c

WORD_ADD_LEFT_LS2

⊢ ∀c a. c + a ≤₊ a ⇔ c = 0w ∨ a ≠ 0w ∧ (-c <₊ a ∨ a = -c)

WORD_ADD_LID_UNIQ

⊢ ∀v w. v + w = w ⇔ v = 0w

WORD_ADD_LINV

⊢ ∀w. -w + w = 0w

WORD_ADD_LSL

⊢ ∀n a b. (a + b) ≪ n = a ≪ n + b ≪ n

WORD_ADD_OR

⊢ ∀a b. a && b = 0w ⇒ a + b = a ‖ b

WORD_ADD_RID_UNIQ

⊢ ∀v w. v + w = v ⇔ w = 0w

WORD_ADD_RIGHT_LO

⊢ ∀c a b.
    a <₊ b + c ⇔
    if c ≤₊ a then
      (let x = n2w (w2n a − w2n c) in x <₊ b ∧ (c = 0w ∨ b <₊ -a + x))
    else b <₊ -c ∨ -c + a <₊ b

WORD_ADD_RIGHT_LO2

⊢ ∀c a. a <₊ c + a ⇔ c ≠ 0w ∧ (a = 0w ∨ a <₊ -c)

WORD_ADD_RIGHT_LS

⊢ ∀c a b.
    a ≤₊ b + c ⇔
    if c ≤₊ a then
      (let x = n2w (w2n a − w2n c) in x ≤₊ b ∧ (c = 0w ∨ b <₊ -a + x))
    else b <₊ -c ∨ -c + a ≤₊ b

WORD_ADD_RIGHT_LS2

⊢ ∀c a. a ≤₊ c + a ⇔ a = 0w ∨ c = 0w ∨ a <₊ -c

WORD_ADD_RINV

⊢ ∀w. w + -w = 0w

WORD_ADD_SUB

⊢ ∀v w. v + w − w = v

WORD_ADD_SUB2

⊢ ∀v w. w + v − w = v

WORD_ADD_SUB3

⊢ ∀v x. v − (v + x) = -x

WORD_ADD_SUB_ASSOC

⊢ ∀v w x. v + w − x = v + (w − x)

WORD_ADD_SUB_SYM

⊢ ∀v w x. v + w − x = v − x + w

WORD_ADD_XOR

⊢ ∀a b. a && b = 0w ⇒ a + b = a ⊕ b

WORD_ALL_BITS

⊢ ∀w h. dimindex (:α) − 1 ≤ h ⇒ (h -- 0) w = w

WORD_AND_ABSORD

⊢ ∀a b. a ‖ a && b = a

WORD_AND_ASSOC

⊢ ∀a b c. (a && b) && c = a && b && c

WORD_AND_CLAUSES

⊢ ∀a. Tw && a = a ∧ a && Tw = a ∧ 0w && a = 0w ∧ a && 0w = 0w ∧ a && a = a

WORD_AND_COMM

⊢ ∀a b. a && b = b && a

WORD_AND_COMP

⊢ ∀a. a && ¬a = 0w

WORD_AND_EXP_SUB1

⊢ ∀m n. n2w n && n2w (2 ** m − 1) = n2w (n MOD 2 ** m)

WORD_AND_IDEM

⊢ ∀a. a && a = a

WORD_BITS_COMP_THM

⊢ ∀h1 l1 h2 l2 w.
    (h2 -- l2) ((h1 -- l1) w) = (MIN h1 (h2 + l1) -- l2 + l1) w

WORD_BITS_EXTRACT

⊢ ∀h l w. (h -- l) w = (h >< l) w

WORD_BITS_LSL

⊢ ∀h l n w.
    h < dimindex (:α) ⇒
    (h -- l) (w ≪ n) = if n ≤ h then (h − n -- l − n) w ≪ (n − l) else 0w

WORD_BITS_LSR

⊢ ∀h l w n. (h -- l) w ⋙ n = (h -- l + n) w

WORD_BITS_LT

⊢ ∀h l w. w2n ((h -- l) w) < 2 ** (SUC h − l)

WORD_BITS_MIN_HIGH

⊢ ∀w h l. dimindex (:α) − 1 < h ⇒ (h -- l) w = (dimindex (:α) − 1 -- l) w

WORD_BITS_OVER_BITWISE

⊢ (∀h l v w. (h -- l) v && (h -- l) w = (h -- l) (v && w)) ∧
  (∀h l v w. (h -- l) v ‖ (h -- l) w = (h -- l) (v ‖ w)) ∧
  ∀h l v w. (h -- l) v ⊕ (h -- l) w = (h -- l) (v ⊕ w)

WORD_BITS_SLICE_THM

⊢ ∀h l w. (h -- l) ((h '' l) w) = (h -- l) w

WORD_BITS_ZERO

⊢ ∀h l w. h < l ⇒ (h -- l) w = 0w

WORD_BITS_ZERO2

⊢ ∀h l. (h -- l) 0w = 0w

WORD_BITS_ZERO3

⊢ ∀h l w. dimindex (:α) ≤ l ⇒ (h -- l) w = 0w

WORD_BIT_BITS

⊢ ∀b w. word_bit b w ⇔ (b -- b) w = 1w

WORD_DE_MORGAN_THM

⊢ ∀a b. ¬(a && b) = ¬a ‖ ¬b ∧ ¬(a ‖ b) = ¬a && ¬b

WORD_DIVISION

⊢ ∀w. w ≠ 0w ⇒ ∀v. v = v // w * w + word_mod v w ∧ word_mod v w <₊ w

WORD_DIV_LSR

⊢ ∀m n. n < dimindex (:α) ⇒ m ⋙ n = m // n2w (2 ** n)

WORD_EQ

⊢ ∀v w. (∀x. x < dimindex (:α) ⇒ (word_bit x v ⇔ word_bit x w)) ⇔ v = w

WORD_EQ_ADD_LCANCEL

⊢ ∀v w x. v + w = v + x ⇔ w = x

WORD_EQ_ADD_RCANCEL

⊢ ∀v w x. v + w = x + w ⇔ v = x

WORD_EQ_NEG

⊢ ∀v w. -v = -w ⇔ v = w

WORD_EQ_SUB_LADD

⊢ ∀v w x. v = w − x ⇔ v + x = w

WORD_EQ_SUB_RADD

⊢ ∀v w x. v − w = x ⇔ v = x + w

WORD_EQ_SUB_ZERO

⊢ ∀w v. v − w = 0w ⇔ v = w

WORD_EXTRACT_BITS_COMP

⊢ ∀n l k j h. (j >< k) ((h -- l) n) = (MIN h (j + l) >< k + l) n

WORD_EXTRACT_COMP_THM

⊢ ∀w h l m n.
    (h >< l) ((m >< n) w) =
    (MIN m (MIN (h + n) (MIN (dimindex (:γ) − 1) (dimindex (:β) + n − 1))) ><
     l + n) w

WORD_EXTRACT_ID

⊢ ∀w h. w2n w < 2 ** SUC h ⇒ (h >< 0) w = w

WORD_EXTRACT_LSL

⊢ ∀h l n w.
    h < dimindex (:α) ⇒
    (h >< l) (w ≪ n) = if n ≤ h then (h − n >< l − n) w ≪ (n − l) else 0w

WORD_EXTRACT_LSL2

⊢ ∀h l n w.
    dimindex (:β) + l ≤ h + n ⇒
    (h >< l) w ≪ n = (dimindex (:β) + l − (n + 1) >< l) w ≪ n

WORD_EXTRACT_LT

⊢ ∀h l w. w2n ((h >< l) w) < 2 ** (SUC h − l)

WORD_EXTRACT_MIN_HIGH

⊢ (∀h l w.
     dimindex (:α) ≤ dimindex (:β) + l ∧ dimindex (:α) ≤ h ⇒
     (h >< l) w = (dimindex (:α) − 1 >< l) w) ∧
  ∀h l w.
    dimindex (:β) + l < dimindex (:α) ∧ dimindex (:β) + l ≤ h ⇒
    (h >< l) w = (dimindex (:β) + l − 1 >< l) w

WORD_EXTRACT_OVER_ADD

⊢ ∀a b h.
    dimindex (:β) − 1 ≤ h ∧ dimindex (:β) ≤ dimindex (:α) ⇒
    (h >< 0) (a + b) = (h >< 0) a + (h >< 0) b

WORD_EXTRACT_OVER_ADD2

⊢ ∀a b h.
    h < dimindex (:α) ⇒
    (h >< 0) ((h >< 0) a + (h >< 0) b) = (h >< 0) (a + b)

WORD_EXTRACT_OVER_BITWISE

⊢ (∀h l v w. (h >< l) v && (h >< l) w = (h >< l) (v && w)) ∧
  (∀h l v w. (h >< l) v ‖ (h >< l) w = (h >< l) (v ‖ w)) ∧
  ∀h l v w. (h >< l) v ⊕ (h >< l) w = (h >< l) (v ⊕ w)

WORD_EXTRACT_OVER_MUL

⊢ ∀a b h.
    dimindex (:β) − 1 ≤ h ∧ dimindex (:β) ≤ dimindex (:α) ⇒
    (h >< 0) (a * b) = (h >< 0) a * (h >< 0) b

WORD_EXTRACT_OVER_MUL2

⊢ ∀a b h.
    h < dimindex (:α) ⇒
    (h >< 0) ((h >< 0) a * (h >< 0) b) = (h >< 0) (a * b)

WORD_EXTRACT_ZERO

⊢ ∀h l w. h < l ⇒ (h >< l) w = 0w

WORD_EXTRACT_ZERO2

⊢ ∀h l. (h >< l) 0w = 0w

WORD_EXTRACT_ZERO3

⊢ ∀h l w. dimindex (:α) ≤ l ⇒ (h >< l) w = 0w

WORD_FINITE

⊢ ∀s. FINITE s

WORD_GE

⊢ ∀a b.
    a ≥ b ⇔
    (word_msb b ⇔ word_msb a) ∧ w2n a ≥ w2n b ∨ word_msb b ∧ ¬word_msb a

WORD_GREATER

⊢ ∀a b. a > b ⇔ b < a

WORD_GREATER_EQ

⊢ ∀a b. a ≥ b ⇔ b ≤ a

WORD_GREATER_OR_EQ

⊢ ∀a b. a ≥ b ⇔ a > b ∨ a = b

WORD_GT

⊢ ∀a b.
    a > b ⇔
    (word_msb b ⇔ word_msb a) ∧ w2n a > w2n b ∨ word_msb b ∧ ¬word_msb a

WORD_HI

⊢ ∀a b. a >₊ b ⇔ w2n a > w2n b

WORD_HIGHER

⊢ ∀a b. a >₊ b ⇔ b <₊ a

WORD_HIGHER_EQ

⊢ ∀a b. a ≥₊ b ⇔ b ≤₊ a

WORD_HIGHER_OR_EQ

⊢ ∀a b. a ≥₊ b ⇔ a >₊ b ∨ a = b

WORD_HS

⊢ ∀a b. a ≥₊ b ⇔ w2n a ≥ w2n b

WORD_H_POS

⊢ ¬word_msb INT_MAXw

WORD_H_WORD_L

⊢ INT_MAXw = INT_MINw − 1w

WORD_INDUCT

⊢ ∀P. P 0w ∧ (∀n. SUC n < dimword (:α) ⇒ P (n2w n) ⇒ P (n2w (SUC n))) ⇒
      ∀x. P x

WORD_LCANCEL_SUB

⊢ ∀v w x. v − w = x − w ⇔ v = x

WORD_LE

⊢ ∀a b.
    a ≤ b ⇔
    (word_msb a ⇔ word_msb b) ∧ w2n a ≤ w2n b ∨ word_msb a ∧ ¬word_msb b

WORD_LEFT_ADD_DISTRIB

⊢ ∀v w x. v * (w + x) = v * w + v * x

WORD_LEFT_AND_OVER_OR

⊢ ∀a b c. a && (b ‖ c) = a && b ‖ a && c

WORD_LEFT_AND_OVER_XOR

⊢ ∀a b c. a && (b ⊕ c) = a && b ⊕ a && c

WORD_LEFT_OR_OVER_AND

⊢ ∀a b c. a ‖ b && c = (a ‖ b) && (a ‖ c)

WORD_LEFT_SUB_DISTRIB

⊢ ∀v w x. v * (w − x) = v * w − v * x

WORD_LESS_0_word_T

⊢ ¬(0w < -1w) ∧ ¬(0w ≤ -1w) ∧ -1w < 0w ∧ -1w ≤ 0w

WORD_LESS_ANTISYM

⊢ ∀a b. ¬(a < b ∧ b < a)

WORD_LESS_CASES

⊢ ∀a b. a < b ∨ b ≤ a

WORD_LESS_CASES_IMP

⊢ ∀a b. ¬(a < b) ∧ a ≠ b ⇒ b < a

WORD_LESS_EQUAL_ANTISYM

⊢ ∀a b. a ≤ b ∧ b ≤ a ⇒ a = b

WORD_LESS_EQ_ANTISYM

⊢ ∀a b. ¬(a < b ∧ b ≤ a)

WORD_LESS_EQ_CASES

⊢ ∀a b. a ≤ b ∨ b ≤ a

WORD_LESS_EQ_H

⊢ ∀a. a ≤ INT_MAXw

WORD_LESS_EQ_LESS_TRANS

⊢ ∀a b c. a ≤ b ∧ b < c ⇒ a < c

WORD_LESS_EQ_REFL

⊢ ∀a. a ≤ a

WORD_LESS_EQ_TRANS

⊢ ∀a b c. a ≤ b ∧ b ≤ c ⇒ a ≤ c

WORD_LESS_IMP_LESS_OR_EQ

⊢ ∀a b. a < b ⇒ a ≤ b

WORD_LESS_LESS_CASES

⊢ ∀a b. a = b ∨ a < b ∨ b < a

WORD_LESS_LESS_EQ_TRANS

⊢ ∀a b c. a < b ∧ b ≤ c ⇒ a < c

WORD_LESS_NEG_LEFT

⊢ ∀a b. -a <₊ b ⇔ b ≠ 0w ∧ (a = 0w ∨ -b <₊ a)

WORD_LESS_NEG_RIGHT

⊢ ∀a b. a <₊ -b ⇔ b ≠ 0w ∧ (a = 0w ∨ b <₊ -a)

WORD_LESS_NOT_EQ

⊢ ∀a b. a < b ⇒ a ≠ b

WORD_LESS_OR_EQ

⊢ ∀a b. a ≤ b ⇔ a < b ∨ a = b

WORD_LESS_REFL

⊢ ∀a. ¬(a < a)

WORD_LESS_TRANS

⊢ ∀a b c. a < b ∧ b < c ⇒ a < c

WORD_LE_EQ_LS

⊢ ∀x y. 0w ≤ x ∧ 0w ≤ y ⇒ (x ≤ y ⇔ x ≤₊ y)

WORD_LE_LS

⊢ ∀a b.
    a ≤ b ⇔
    INT_MINw ≤₊ a ∧ (b <₊ INT_MINw ∨ a ≤₊ b) ∨
    a <₊ INT_MINw ∧ b <₊ INT_MINw ∧ a ≤₊ b

WORD_LITERAL_ADD

⊢ (∀m n. -n2w m + -n2w n = -n2w (m + n)) ∧
  ∀m n. n2w m + -n2w n = if n ≤ m then n2w (m − n) else -n2w (n − m)

WORD_LITERAL_AND

⊢ (∀n m.
     n2w n && n2w m = n2w (BITWISE (SUC (MIN (LOG2 n) (LOG2 m))) $/\ n m)) ∧
  (∀n m. n2w n && ¬n2w m = n2w (BITWISE (SUC (LOG2 n)) (λa b. a ∧ ¬b) n m)) ∧
  (∀n m. ¬n2w m && n2w n = n2w (BITWISE (SUC (LOG2 n)) (λa b. a ∧ ¬b) n m)) ∧
  ∀n m.
    ¬n2w n && ¬n2w m = ¬n2w (BITWISE (SUC (MAX (LOG2 n) (LOG2 m))) $\/ n m)

WORD_LITERAL_MULT

⊢ (∀m n. n2w m * -n2w n = -n2w (m * n)) ∧
  ∀m n. -n2w m * -n2w n = n2w (m * n)

WORD_LITERAL_OR

⊢ (∀n m.
     n2w n ‖ n2w m = n2w (BITWISE (SUC (MAX (LOG2 n) (LOG2 m))) $\/ n m)) ∧
  (∀n m. n2w n ‖ ¬n2w m = ¬n2w (BITWISE (SUC (LOG2 m)) (λa b. a ∧ ¬b) m n)) ∧
  (∀n m. ¬n2w m ‖ n2w n = ¬n2w (BITWISE (SUC (LOG2 m)) (λa b. a ∧ ¬b) m n)) ∧
  ∀n m.
    ¬n2w n ‖ ¬n2w m = ¬n2w (BITWISE (SUC (MIN (LOG2 n) (LOG2 m))) $/\ n m)

WORD_LITERAL_XOR

⊢ ∀n m.
    n2w n ⊕ n2w m =
    n2w (BITWISE (SUC (MAX (LOG2 n) (LOG2 m))) (λx y. x ⇎ y) n m)

WORD_LO

⊢ ∀a b. a <₊ b ⇔ w2n a < w2n b

WORD_LOWER_ANTISYM

⊢ ∀a b. ¬(a <₊ b ∧ b <₊ a)

WORD_LOWER_CASES

⊢ ∀a b. a <₊ b ∨ b ≤₊ a

WORD_LOWER_CASES_IMP

⊢ ∀a b. ¬(a <₊ b) ∧ a ≠ b ⇒ b <₊ a

WORD_LOWER_EQUAL_ANTISYM

⊢ ∀a b. a ≤₊ b ∧ b ≤₊ a ⇒ a = b

WORD_LOWER_EQ_ANTISYM

⊢ ∀a b. ¬(a <₊ b ∧ b ≤₊ a)

WORD_LOWER_EQ_CASES

⊢ ∀a b. a ≤₊ b ∨ b ≤₊ a

WORD_LOWER_EQ_LOWER_TRANS

⊢ ∀a b c. a ≤₊ b ∧ b <₊ c ⇒ a <₊ c

WORD_LOWER_EQ_REFL

⊢ ∀a. a ≤₊ a

WORD_LOWER_EQ_TRANS

⊢ ∀a b c. a ≤₊ b ∧ b ≤₊ c ⇒ a ≤₊ c

WORD_LOWER_IMP_LOWER_OR_EQ

⊢ ∀a b. a <₊ b ⇒ a ≤₊ b

WORD_LOWER_LOWER_CASES

⊢ ∀a b. a = b ∨ a <₊ b ∨ b <₊ a

WORD_LOWER_LOWER_EQ_TRANS

⊢ ∀a b c. a <₊ b ∧ b ≤₊ c ⇒ a <₊ c

WORD_LOWER_NOT_EQ

⊢ ∀a b. a <₊ b ⇒ a ≠ b

WORD_LOWER_OR_EQ

⊢ ∀a b. a ≤₊ b ⇔ a <₊ b ∨ a = b

WORD_LOWER_REFL

⊢ ∀a. ¬(a <₊ a)

WORD_LOWER_TRANS

⊢ ∀a b c. a <₊ b ∧ b <₊ c ⇒ a <₊ c

WORD_LO_word_0

⊢ (∀n. 0w <₊ n ⇔ n ≠ 0w) ∧ ∀n. ¬(n <₊ 0w)

WORD_LO_word_0R

⊢ ∀n. ¬(n <₊ 0w)

WORD_LO_word_T

⊢ (∀n. ¬(-1w <₊ n)) ∧ ∀n. n <₊ -1w ⇔ n ≠ -1w

WORD_LO_word_T_L

⊢ ∀n. ¬(-1w <₊ n)

WORD_LO_word_T_R

⊢ ∀n. ¬(n <₊ -1w) ⇔ n = -1w

WORD_LS

⊢ ∀a b. a ≤₊ b ⇔ w2n a ≤ w2n b

WORD_LS_T

⊢ ∀w. w ≤₊ Tw

WORD_LS_word_0

⊢ ∀n. n ≤₊ 0w ⇔ n = 0w

WORD_LS_word_T

⊢ (∀n. -1w ≤₊ n ⇔ n = -1w) ∧ ∀n. n ≤₊ -1w

WORD_LT

⊢ ∀a b.
    a < b ⇔
    (word_msb a ⇔ word_msb b) ∧ w2n a < w2n b ∨ word_msb a ∧ ¬word_msb b

WORD_LT_EQ_LO

⊢ ∀x y. 0w ≤ x ∧ 0w ≤ y ⇒ (x < y ⇔ x <₊ y)

WORD_LT_LO

⊢ ∀a b.
    a < b ⇔
    INT_MINw ≤₊ a ∧ (b <₊ INT_MINw ∨ a <₊ b) ∨
    a <₊ INT_MINw ∧ b <₊ INT_MINw ∧ a <₊ b

WORD_LT_SUB_UPPER

⊢ ∀x y. 0w < y ∧ y < x ⇒ x − y < x

WORD_L_LESS_EQ

⊢ ∀a. INT_MINw ≤ a

WORD_L_LESS_H

⊢ INT_MINw < INT_MAXw

WORD_L_NEG

⊢ word_msb INT_MINw

WORD_L_PLUS_H

⊢ INT_MINw + INT_MAXw = Tw

WORD_MODIFY_BIT

⊢ ∀f w i. i < dimindex (:α) ⇒ (word_modify f w ' i ⇔ f i (w ' i))

WORD_MOD_1

⊢ ∀m. word_mod m 1w = 0w

WORD_MOD_POW2

⊢ ∀m v. v < dimindex (:α) − 1 ⇒ word_mod m (n2w (2 ** SUC v)) = (v -- 0) m

WORD_MSB_1COMP

⊢ ∀w. word_msb (¬w) ⇔ ¬word_msb w

WORD_MSB_INT_MIN_LS

⊢ ∀a. word_msb a ⇔ INT_MINw ≤₊ a

WORD_MULT_ASSOC

⊢ ∀v w x. v * (w * x) = v * w * x

WORD_MULT_CLAUSES

⊢ ∀v w.
    0w * v = 0w ∧ v * 0w = 0w ∧ 1w * v = v ∧ v * 1w = v ∧
    (v + 1w) * w = v * w + w ∧ v * (w + 1w) = v + v * w

WORD_MULT_COMM

⊢ ∀v w. v * w = w * v

WORD_MULT_SUC

⊢ ∀v n. v * n2w (n + 1) = v * n2w n + v

WORD_MUL_LSL

⊢ ∀a n. a ≪ n = n2w (2 ** n) * a

WORD_NAND_NOT_AND

⊢ ∀a b. a ~&& b = ¬(a && b)

WORD_NEG

⊢ ∀w. -w = ¬w + 1w

WORD_NEG1_MUL_LCANCEL

⊢ ∀v w. -1w * v = -1w * w ⇔ v = w

WORD_NEG1_MUL_RCANCEL

⊢ ∀v w. v * -1w = w * -1w ⇔ v = w

WORD_NEG_0

⊢ -0w = 0w

WORD_NEG_1

⊢ -1w = Tw

WORD_NEG_1_T

⊢ ∀i. i < dimindex (:α) ⇒ (-1w) ' i

WORD_NEG_ADD

⊢ ∀v w. -(v + w) = -v + -w

WORD_NEG_EQ

⊢ ∀w v. -v = w ⇔ v = -w

WORD_NEG_EQ_0

⊢ -v = 0w ⇔ v = 0w

WORD_NEG_L

⊢ -INT_MINw = INT_MINw

WORD_NEG_LMUL

⊢ ∀v w. -(v * w) = -v * w

WORD_NEG_MUL

⊢ ∀w. -w = -1w * w

WORD_NEG_NEG

⊢ ∀w. - -w = w

WORD_NEG_RMUL

⊢ ∀v w. -(v * w) = v * -w

WORD_NEG_SUB

⊢ ∀w v. -(v − w) = w − v

WORD_NEG_T

⊢ -Tw = 1w

WORD_NOR_NOT_OR

⊢ ∀a b. a ~|| b = ¬(a ‖ b)

WORD_NOT

⊢ ∀w. ¬w = -w − 1w

WORD_NOT_0

⊢ ¬0w = Tw

WORD_NOT_GREATER

⊢ ∀a b. ¬(a > b) ⇔ a ≤ b

WORD_NOT_HIGHER

⊢ ∀a b. ¬(a >₊ b) ⇔ a ≤₊ b

WORD_NOT_LESS

⊢ ∀a b. ¬(a < b) ⇔ b ≤ a

WORD_NOT_LESS_EQ

⊢ ∀a b. a = b ⇒ ¬(a < b)

WORD_NOT_LESS_EQUAL

⊢ ∀a b. ¬(a ≤ b) ⇔ b < a

WORD_NOT_LOWER

⊢ ∀a b. ¬(a <₊ b) ⇔ b ≤₊ a

WORD_NOT_LOWER_EQ

⊢ ∀a b. a = b ⇒ ¬(a <₊ b)

WORD_NOT_LOWER_EQUAL

⊢ ∀a b. ¬(a ≤₊ b) ⇔ b <₊ a

WORD_NOT_NOT

⊢ ∀a. ¬¬a = a

WORD_NOT_T

⊢ ¬Tw = 0w

WORD_NOT_XOR

⊢ ∀a b. ¬a ⊕ ¬b = a ⊕ b ∧ a ⊕ ¬b = ¬(a ⊕ b) ∧ ¬a ⊕ b = ¬(a ⊕ b)

WORD_OR_ABSORB

⊢ ∀a b. a && (a ‖ b) = a

WORD_OR_ASSOC

⊢ ∀a b c. (a ‖ b) ‖ c = a ‖ b ‖ c

WORD_OR_CLAUSES

⊢ ∀a. Tw ‖ a = Tw ∧ a ‖ Tw = Tw ∧ 0w ‖ a = a ∧ a ‖ 0w = a ∧ a ‖ a = a

WORD_OR_COMM

⊢ ∀a b. a ‖ b = b ‖ a

WORD_OR_COMP

⊢ ∀a. a ‖ ¬a = Tw

WORD_OR_IDEM

⊢ ∀a. a ‖ a = a

WORD_PRED_THM

⊢ ∀m. m ≠ 0w ⇒ w2n (m − 1w) < w2n m

WORD_RCANCEL_SUB

⊢ ∀v w x. v − w = v − x ⇔ w = x

WORD_RIGHT_ADD_DISTRIB

⊢ ∀v w x. (v + w) * x = v * x + w * x

WORD_RIGHT_AND_OVER_OR

⊢ ∀a b c. (a ‖ b) && c = a && c ‖ b && c

WORD_RIGHT_AND_OVER_XOR

⊢ ∀a b c. (a ⊕ b) && c = a && c ⊕ b && c

WORD_RIGHT_OR_OVER_AND

⊢ ∀a b c. a && b ‖ c = (a ‖ c) && (b ‖ c)

WORD_RIGHT_SUB_DISTRIB

⊢ ∀v w x. (w − x) * v = w * v − x * v

WORD_SET_INDUCT

⊢ ∀P. P ∅ ∧ (∀s. P s ⇒ ∀e. e ∉ s ⇒ P (e INSERT s)) ⇒ ∀s. P s

WORD_SLICE_BITS_THM

⊢ ∀h w. (h '' 0) w = (h -- 0) w

WORD_SLICE_COMP_THM

⊢ ∀h m' m l w.
    l ≤ m ∧ m' = m + 1 ∧ m < h ⇒ (h '' m') w ‖ (m '' l) w = (h '' l) w

WORD_SLICE_OVER_BITWISE

⊢ (∀h l v w. (h '' l) v && (h '' l) w = (h '' l) (v && w)) ∧
  (∀h l v w. (h '' l) v ‖ (h '' l) w = (h '' l) (v ‖ w)) ∧
  ∀h l v w. (h '' l) v ⊕ (h '' l) w = (h '' l) (v ⊕ w)

WORD_SLICE_THM

⊢ ∀h l w. (h '' l) w = (h -- l) w ≪ l

WORD_SLICE_ZERO

⊢ ∀h l w. h < l ⇒ (h '' l) w = 0w

WORD_SLICE_ZERO2

⊢ ∀l h. (h '' l) 0w = 0w

WORD_SUB

⊢ ∀v w. -w + v = v − w

WORD_SUB_ADD

⊢ ∀v w. v − w + w = v

WORD_SUB_ADD2

⊢ ∀v w. v + (w − v) = w

WORD_SUB_INTRO

⊢ (∀x y. -y + x = x − y) ∧ (∀x y. x + -y = x − y) ∧
  (∀x y z. -x * y + z = z − x * y) ∧ (∀x y z. z + -x * y = z − x * y) ∧
  (∀x. -1w * x = -x) ∧ (∀x y z. z − -x * y = z + x * y) ∧
  ∀x y z. -x * y − z = -(x * y + z)

WORD_SUB_LE

⊢ ∀x y. 0w ≤ y ∧ y ≤ x ⇒ 0w ≤ x − y ∧ x − y ≤ x

WORD_SUB_LNEG

⊢ ∀v w. -v − w = -(v + w)

WORD_SUB_LT

⊢ ∀x y. 0w < y ∧ y < x ⇒ 0w < x − y ∧ x − y < x

WORD_SUB_LZERO

⊢ ∀w. 0w − w = -w

WORD_SUB_NEG

⊢ ∀v w. -v − -w = w − v

WORD_SUB_PLUS

⊢ ∀v w x. v − (w + x) = v − w − x

WORD_SUB_REFL

⊢ ∀w. w − w = 0w

WORD_SUB_RNEG

⊢ ∀v w. v − -w = v + w

WORD_SUB_RZERO

⊢ ∀w. w − 0w = w

WORD_SUB_SUB

⊢ ∀v w x. v − (w − x) = v + x − w

WORD_SUB_SUB2

⊢ ∀v w. v − (v − w) = w

WORD_SUB_SUB3

⊢ ∀w v. v − w − v = -w

WORD_SUB_TRIANGLE

⊢ ∀v w x. v − w + (w − x) = v − x

WORD_SUM_ZERO

⊢ ∀a b. a + b = 0w ⇔ a = -b

WORD_XNOR_NOT_XOR

⊢ ∀a b. a ~?? b = ¬(a ⊕ b)

WORD_XOR

⊢ ∀a b. a ⊕ b = a && ¬b ‖ b && ¬a

WORD_XOR_ASSOC

⊢ ∀a b c. (a ⊕ b) ⊕ c = a ⊕ b ⊕ c

WORD_XOR_CLAUSES

⊢ ∀a. Tw ⊕ a = ¬a ∧ a ⊕ Tw = ¬a ∧ 0w ⊕ a = a ∧ a ⊕ 0w = a ∧ a ⊕ a = 0w

WORD_XOR_COMM

⊢ ∀a b. a ⊕ b = b ⊕ a

WORD_XOR_COMP

⊢ ∀a. a ⊕ ¬a = Tw

WORD_ZERO_LE

⊢ ∀w. 0w ≤ w ⇔ w2n w < INT_MIN (:α)

WORD_w2w_EXTRACT

⊢ ∀w. w2w w = (dimindex (:α) − 1 >< 0) w

WORD_w2w_OVER_ADD

⊢ ∀a b. w2w (a + b) = (dimindex (:α) − 1 -- 0) (w2w a + w2w b)

WORD_w2w_OVER_BITWISE

⊢ (∀v w. w2w v && w2w w = w2w (v && w)) ∧
  (∀v w. w2w v ‖ w2w w = w2w (v ‖ w)) ∧ ∀v w. w2w v ⊕ w2w w = w2w (v ⊕ w)

WORD_w2w_OVER_MUL

⊢ ∀a b. w2w (a * b) = (dimindex (:α) − 1 -- 0) (w2w a * w2w b)

ZERO_LE_INT_MAX

⊢ 0 ≤ INT_MAX (:α)

ZERO_LO_INT_MIN

⊢ 0w <₊ INT_MINw

ZERO_LT_INT_MAX

⊢ 1 < dimindex (:α) ⇒ 0 < INT_MAX (:α)

ZERO_LT_INT_MIN

⊢ 0 < INT_MIN (:α)

ZERO_LT_UINT_MAX

⊢ 0 < UINT_MAX (:α)

ZERO_LT_dimword

⊢ 0 < dimword (:α)

ZERO_SHIFT

⊢ (∀n. 0w ≪ n = 0w) ∧ (∀n. 0w ≫ n = 0w) ∧ (∀n. 0w ⋙ n = 0w) ∧
  (∀n. 0w ⇆ n = 0w) ∧ ∀n. 0w ⇄ n = 0w

bit_count_is_zero

⊢ ∀w. bit_count w = 0 ⇔ w = 0w

bit_count_upto_0

⊢ ∀w. bit_count_upto 0 w = 0

bit_count_upto_SUC

⊢ ∀w n.
    bit_count_upto (SUC n) w =
    (if w ' n then 1 else 0) + bit_count_upto n w

bit_count_upto_is_zero

⊢ ∀n w. bit_count_upto n w = 0 ⇔ ∀i. i < n ⇒ ¬w ' i

bit_field_insert

⊢ ∀h l a b.
    h < l + dimindex (:α) ⇒
    bit_field_insert h l a b =
    (let mask = (h '' l) (-1w) in w2w a ≪ l && mask ‖ b && ¬mask)

bit_field_insert_transpose

⊢ h1 < l2 ∨ h2 < l1 ⇒
  bit_field_insert h1 l1 a1 (bit_field_insert h2 l2 a2 b) =
  bit_field_insert h2 l2 a2 (bit_field_insert h1 l1 a1 b)

bit_field_insert_w2w

⊢ h + 1 − l ≤ dimindex (:α) ∧ h + 1 − l ≤ dimindex (:β) ⇒
  bit_field_insert h l (w2w a) b = bit_field_insert h l a b

card_word1

⊢ CARD 𝕌(:word1) = 2 ** 1

card_word10

⊢ CARD 𝕌(:word10) = 2 ** 10

card_word11

⊢ CARD 𝕌(:word11) = 2 ** 11

card_word12

⊢ CARD 𝕌(:word12) = 2 ** 12

card_word128

⊢ CARD 𝕌(:word128) = 2 ** 128

card_word16

⊢ CARD 𝕌(:word16) = 2 ** 16

card_word2

⊢ CARD 𝕌(:word2) = 2²

card_word20

⊢ CARD 𝕌(:word20) = 2 ** 20

card_word24

⊢ CARD 𝕌(:word24) = 2 ** 24

card_word28

⊢ CARD 𝕌(:word28) = 2 ** 28

card_word3

⊢ CARD 𝕌(:word3) = 2³

card_word30

⊢ CARD 𝕌(:word30) = 2 ** 30

card_word32

⊢ CARD 𝕌(:word32) = 2 ** 32

card_word4

⊢ CARD 𝕌(:word4) = 2 ** 4

card_word48

⊢ CARD 𝕌(:word48) = 2 ** 48

card_word5

⊢ CARD 𝕌(:word5) = 2 ** 5

card_word56

⊢ CARD 𝕌(:word56) = 2 ** 56

card_word6

⊢ CARD 𝕌(:word6) = 2 ** 6

card_word64

⊢ CARD 𝕌(:word64) = 2 ** 64

card_word7

⊢ CARD 𝕌(:word7) = 2 ** 7

card_word8

⊢ CARD 𝕌(:word8) = 2 ** 8

card_word9

⊢ CARD 𝕌(:word9) = 2 ** 9

card_word96

⊢ CARD 𝕌(:word96) = 2 ** 96

dimindex_1

⊢ dimindex (:unit) = 1

dimindex_10

⊢ dimindex (:10) = 10

dimindex_11

⊢ dimindex (:11) = 11

dimindex_12

⊢ dimindex (:12) = 12

dimindex_128

⊢ dimindex (:128) = 128

dimindex_16

⊢ dimindex (:16) = 16

dimindex_1_cases

⊢ ∀a. dimindex (:α) = 1 ⇒ a = 0w ∨ a = 1w

dimindex_2

⊢ dimindex (:2) = 2

dimindex_20

⊢ dimindex (:20) = 20

dimindex_24

⊢ dimindex (:24) = 24

dimindex_28

⊢ dimindex (:28) = 28

dimindex_3

⊢ dimindex (:3) = 3

dimindex_30

⊢ dimindex (:30) = 30

dimindex_32

⊢ dimindex (:32) = 32

dimindex_4

⊢ dimindex (:4) = 4

dimindex_48

⊢ dimindex (:48) = 48

dimindex_5

⊢ dimindex (:5) = 5

dimindex_56

⊢ dimindex (:56) = 56

dimindex_6

⊢ dimindex (:6) = 6

dimindex_64

⊢ dimindex (:64) = 64

dimindex_7

⊢ dimindex (:7) = 7

dimindex_8

⊢ dimindex (:8) = 8

dimindex_9

⊢ dimindex (:9) = 9

dimindex_96

⊢ dimindex (:96) = 96

dimindex_dimword_iso

⊢ dimindex (:α) = dimindex (:β) ⇔ dimword (:α) = dimword (:β)

dimindex_dimword_le_iso

⊢ dimindex (:α) ≤ dimindex (:β) ⇔ dimword (:α) ≤ dimword (:β)

dimindex_dimword_lt_iso

⊢ dimindex (:α) < dimindex (:β) ⇔ dimword (:α) < dimword (:β)

dimindex_int_max_iso

⊢ dimindex (:α) = dimindex (:β) ⇔ INT_MAX (:α) = INT_MAX (:β)

dimindex_int_max_le_iso

⊢ dimindex (:α) ≤ dimindex (:β) ⇔ INT_MAX (:α) ≤ INT_MAX (:β)

dimindex_int_max_lt_iso

⊢ dimindex (:α) < dimindex (:β) ⇔ INT_MAX (:α) < INT_MAX (:β)

dimindex_int_min_iso

⊢ dimindex (:α) = dimindex (:β) ⇔ INT_MIN (:α) = INT_MIN (:β)

dimindex_int_min_le_iso

⊢ dimindex (:α) ≤ dimindex (:β) ⇔ INT_MIN (:α) ≤ INT_MIN (:β)

dimindex_int_min_lt_iso

⊢ dimindex (:α) < dimindex (:β) ⇔ INT_MIN (:α) < INT_MIN (:β)

dimindex_lt_dimword

⊢ dimindex (:α) < dimword (:α)

dimindex_uint_max_iso

⊢ dimindex (:α) = dimindex (:β) ⇔ UINT_MAX (:α) = UINT_MAX (:β)

dimindex_uint_max_le_iso

⊢ dimindex (:α) ≤ dimindex (:β) ⇔ UINT_MAX (:α) ≤ UINT_MAX (:β)

dimindex_uint_max_lt_iso

⊢ dimindex (:α) < dimindex (:β) ⇔ UINT_MAX (:α) < UINT_MAX (:β)

dimword_1

⊢ dimword (:unit) = 2

dimword_10

⊢ dimword (:10) = 1024

dimword_11

⊢ dimword (:11) = 2048

dimword_12

⊢ dimword (:12) = 4096

dimword_128

⊢ dimword (:128) = 340282366920938463463374607431768211456

dimword_16

⊢ dimword (:16) = 65536

dimword_2

⊢ dimword (:2) = 4

dimword_20

⊢ dimword (:20) = 1048576

dimword_24

⊢ dimword (:24) = 16777216

dimword_28

⊢ dimword (:28) = 268435456

dimword_3

⊢ dimword (:3) = 8

dimword_30

⊢ dimword (:30) = 1073741824

dimword_32

⊢ dimword (:32) = 4294967296

dimword_4

⊢ dimword (:4) = 16

dimword_48

⊢ dimword (:48) = 281474976710656

dimword_5

⊢ dimword (:5) = 32

dimword_56

⊢ dimword (:56) = 72057594037927936

dimword_6

⊢ dimword (:6) = 64

dimword_64

⊢ dimword (:64) = 18446744073709551616

dimword_7

⊢ dimword (:7) = 128

dimword_8

⊢ dimword (:8) = 256

dimword_9

⊢ dimword (:9) = 512

dimword_96

⊢ dimword (:96) = 79228162514264337593543950336

dimword_IS_TWICE_INT_MIN

⊢ dimword (:α) = 2 * INT_MIN (:α)

dimword_sub_int_min

⊢ dimword (:α) − INT_MIN (:α) = INT_MIN (:α)

fcp_n2w

⊢ ∀f. $FCP f = word_modify (λi b. f i) 0w

finite_1

⊢ FINITE 𝕌(:unit)

finite_10

⊢ FINITE 𝕌(:10)

finite_11

⊢ FINITE 𝕌(:11)

finite_12

⊢ FINITE 𝕌(:12)

finite_128

⊢ FINITE 𝕌(:128)

finite_16

⊢ FINITE 𝕌(:16)

finite_2

⊢ FINITE 𝕌(:2)

finite_20

⊢ FINITE 𝕌(:20)

finite_24

⊢ FINITE 𝕌(:24)

finite_28

⊢ FINITE 𝕌(:28)

finite_3

⊢ FINITE 𝕌(:3)

finite_30

⊢ FINITE 𝕌(:30)

finite_32

⊢ FINITE 𝕌(:32)

finite_4

⊢ FINITE 𝕌(:4)

finite_48

⊢ FINITE 𝕌(:48)

finite_5

⊢ FINITE 𝕌(:5)

finite_56

⊢ FINITE 𝕌(:56)

finite_6

⊢ FINITE 𝕌(:6)

finite_64

⊢ FINITE 𝕌(:64)

finite_7

⊢ FINITE 𝕌(:7)

finite_8

⊢ FINITE 𝕌(:8)

finite_9

⊢ FINITE 𝕌(:9)

finite_96

⊢ FINITE 𝕌(:96)

foldl_reduce_and

⊢ ∀w. reduce_and w =
      (let
         l =
           GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
             (dimindex (:α))
       in
         FOLDL $&& (HD l) (TL l))

foldl_reduce_nand

⊢ ∀w. reduce_nand w =
      (let
         l =
           GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
             (dimindex (:α))
       in
         FOLDL $~&& (HD l) (TL l))

foldl_reduce_nor

⊢ ∀w. reduce_nor w =
      (let
         l =
           GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
             (dimindex (:α))
       in
         FOLDL $~|| (HD l) (TL l))

foldl_reduce_or

⊢ ∀w. reduce_or w =
      (let
         l =
           GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
             (dimindex (:α))
       in
         FOLDL $|| (HD l) (TL l))

foldl_reduce_xnor

⊢ ∀w. reduce_xnor w =
      (let
         l =
           GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
             (dimindex (:α))
       in
         FOLDL $~?? (HD l) (TL l))

foldl_reduce_xor

⊢ ∀w. reduce_xor w =
      (let
         l =
           GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
             (dimindex (:α))
       in
         FOLDL $?? (HD l) (TL l))

l2w_PAD_RIGHT_0

⊢ 0 < b ⇒ l2w b (PAD_RIGHT 0 h ls) = l2w b ls

l2w_w2l

⊢ ∀b w. 1 < b ⇒ l2w b (w2l b w) = w

lsl_lsr

⊢ ∀w n. w2n w * 2 ** n < dimword (:α) ⇒ w ≪ n ⋙ n = w

lsr_1_word_T

⊢ -1w ⋙ 1 = INT_MAXw

mod_dimindex

⊢ ∀n. n MOD dimindex (:α) < dimword (:α)

n2w_11

⊢ ∀m n. n2w m = n2w n ⇔ m MOD dimword (:α) = n MOD dimword (:α)

n2w_BITS

⊢ ∀h l n. h < dimindex (:α) ⇒ n2w (BITS h l n) = (h -- l) (n2w n)

n2w_DIV

⊢ ∀a n. a < dimword (:α) ⇒ n2w (a DIV 2 ** n) = n2w a ⋙ n

n2w_SUC

⊢ ∀n. n2w (SUC n) = n2w n + 1w

n2w_dimword

⊢ n2w (dimword (:α)) = 0w

n2w_itself_def

⊢ n2w_itself (n,(:α)) = n2w n

n2w_itself_ind

⊢ ∀P. (∀n. P (n,(:α))) ⇒ ∀v v1. P (v,v1)

n2w_mod

⊢ ∀n. n2w (n MOD dimword (:α)) = n2w n

n2w_sub

⊢ ∀a b. b ≤ a ⇒ n2w (a − b) = n2w a − n2w b

n2w_sub_eq_0

⊢ ∀a b. a ≤ b ⇒ n2w (a − b) = 0w

n2w_w2n

⊢ ∀w. n2w (w2n w) = w

ranged_word_nchotomy

⊢ ∀w. ∃n. w = n2w n ∧ n < dimword (:α)

reduce_and

⊢ ∀w. reduce_and w = if w = Tw then 1w else 0w

reduce_or

⊢ ∀w. reduce_or w = if w = 0w then 0w else 1w

s2w_w2s

⊢ ∀c2n n2c b w.
    1 < b ∧ (∀x. x < b ⇒ c2n (n2c x) = x) ⇒ s2w b c2n (w2s b n2c w) = w

saturate_add

⊢ ∀a b. saturate_add a b = if Tw − a ≤₊ b then Tw else a + b

saturate_mul

⊢ ∀a b.
    saturate_mul a b =
    if FINITE 𝕌(:α) ∧ w2w Tw ≤₊ w2w a * w2w b then Tw else a * b

saturate_sub

⊢ ∀a b. saturate_sub a b = if a ≤₊ b then 0w else a − b

saturate_w2w

⊢ ∀w. saturate_w2w w =
      if dimindex (:β) ≤ dimindex (:α) ∧ w2w Tw ≤₊ w then Tw else w2w w

saturate_w2w_n2w

⊢ ∀n. saturate_w2w (n2w n) =
      (let
         m = n MOD dimword (:α)
       in
         if dimindex (:β) ≤ dimindex (:α) ∧ dimword (:β) ≤ m then Tw
         else n2w m)

sw2sw

⊢ ∀w i.
    i < dimindex (:β) ⇒
    (sw2sw w ' i ⇔
     if i < dimindex (:α) ∨ dimindex (:β) < dimindex (:α) then w ' i
     else word_msb w)

sw2sw_0

⊢ sw2sw 0w = 0w

sw2sw_id

⊢ ∀w. sw2sw w = w

sw2sw_sw2sw

⊢ ∀w. sw2sw (sw2sw w) =
      if dimindex (:β) < dimindex (:α) ∧ dimindex (:β) < dimindex (:γ) then
        sw2sw (w2w w)
      else sw2sw w

sw2sw_w2w

⊢ ∀w. sw2sw w = (if word_msb w then -1w ≪ dimindex (:α) else 0w) ‖ w2w w

sw2sw_w2w_add

⊢ ∀w. sw2sw w = (if word_msb w then -1w ≪ dimindex (:α) else 0w) + w2w w

sw2sw_word_T

⊢ sw2sw (-1w) = -1w

w2l_l2w

⊢ ∀b l. w2l b (l2w b l) = n2l b (l2n b l MOD dimword (:α))

w2n_11

⊢ ∀v w. w2n v = w2n w ⇔ v = w

w2n_11_lift

⊢ ∀a b.
    dimindex (:α) ≤ dimindex (:γ) ∧ dimindex (:β) ≤ dimindex (:γ) ⇒
    (w2n a = w2n b ⇔ w2w a = w2w b)

w2n_add

⊢ ∀a b. ¬word_msb a ∧ ¬word_msb b ⇒ w2n (a + b) = w2n a + w2n b

w2n_add_2

⊢ w2n a + w2n b < dimword (:α) ⇒ w2n (a + b) = w2n a + w2n b

w2n_eq_0

⊢ ∀w. w2n w = 0 ⇔ w = 0w

w2n_lsr

⊢ ∀w m. w2n (w ⋙ m) = w2n w DIV 2 ** m

w2n_lt

⊢ ∀w. w2n w < dimword (:α)

w2n_minus1

⊢ w2n (-1w) = dimword (:α) − 1

w2n_n2w

⊢ ∀n. w2n (n2w n) = n MOD dimword (:α)

w2n_plus1

⊢ ∀a. w2n a + 1 = if a = Tw then dimword (:α) else w2n (a + 1w)

w2n_w2w

⊢ ∀w. w2n (w2w w) =
      if dimindex (:α) ≤ dimindex (:β) then w2n w
      else w2n ((dimindex (:β) − 1 -- 0) w)

w2n_w2w_le

⊢ ∀w. w2n (w2w w) ≤ w2n w

w2s_s2w

⊢ ∀b c2n n2c s.
    w2s b n2c (s2w b c2n s) = n2s b n2c (s2n b c2n s MOD dimword (:α))

w2w

⊢ ∀w i. i < dimindex (:β) ⇒ (w2w w ' i ⇔ i < dimindex (:α) ∧ w ' i)

w2w_0

⊢ w2w 0w = 0w

w2w_LSL

⊢ ∀w n.
    w2w (w ≪ n) =
    if n < dimindex (:α) then w2w ((dimindex (:α) − 1 − n -- 0) w) ≪ n
    else 0w

w2w_eq_n2w

⊢ ∀x y.
    dimindex (:α) ≤ dimindex (:β) ∧ y < dimword (:α) ⇒
    (w2w x = n2w y ⇔ x = n2w y)

w2w_id

⊢ ∀w. w2w w = w

w2w_lt

⊢ ∀w. w2n (w2w w) < dimword (:α)

w2w_n2w

⊢ ∀n. w2w (n2w n) =
      if dimindex (:β) ≤ dimindex (:α) then n2w n
      else n2w (BITS (dimindex (:α) − 1) 0 n)

w2w_w2w

⊢ ∀w. w2w (w2w w) = w2w ((dimindex (:β) − 1 -- 0) w)

word_0

⊢ ∀i. i < dimindex (:α) ⇒ ¬0w ' i

word_0_n2w

⊢ w2n 0w = 0

word_1_lsl

⊢ ∀n. 1w ≪ n = n2w (2 ** n)

word_1_n2w

⊢ w2n 1w = 1

word_1comp_n2w

⊢ ∀n. ¬n2w n = n2w (dimword (:α) − 1 − n MOD dimword (:α))

word_2comp_dimindex_1

⊢ ∀w. dimindex (:α) = 1 ⇒ -w = w

word_2comp_n2w

⊢ ∀n. -n2w n = n2w (dimword (:α) − n MOD dimword (:α))

word_H

⊢ ∀n. n < dimindex (:α) ⇒ (INT_MAXw ' n ⇔ n < dimindex (:α) − 1)

word_L

⊢ ∀n. n < dimindex (:α) ⇒ (INT_MINw ' n ⇔ n = dimindex (:α) − 1)

word_L2

⊢ word_L2 = if 1 < dimindex (:α) then 0w else INT_MINw

word_L2_MULT

⊢ word_L2 * word_L2 = word_L2 ∧ INT_MINw * word_L2 = word_L2 ∧
  (∀n. n2w n * word_L2 = if EVEN n then 0w else word_L2) ∧
  ∀n. -n2w n * word_L2 = if EVEN n then 0w else word_L2

word_L_MULT

⊢ ∀n. n2w n * INT_MINw = if EVEN n then 0w else INT_MINw

word_L_MULT_NEG

⊢ ∀n. -n2w n * INT_MINw = if EVEN n then 0w else INT_MINw

word_T

⊢ ∀i. i < dimindex (:α) ⇒ Tw ' i

word_T_not_zero

⊢ -1w ≠ 0w

word_abs

⊢ ∀w. word_abs w = FCP i. ¬word_msb w ∧ w ' i ∨ word_msb w ∧ (-w) ' i

word_abs_diff

⊢ ∀a b. word_abs (a − b) = word_abs (b − a)

word_abs_neg

⊢ ∀w. word_abs (-w) = word_abs w

word_abs_word_abs

⊢ ∀w. word_abs (word_abs w) = word_abs w

word_add_n2w

⊢ ∀m n. n2w m + n2w n = n2w (m + n)

word_and_lsl_eq_0

⊢ w2n w1 < 2 ** n ⇒ w1 && w2 ≪ n = 0w

word_and_n2w

⊢ ∀n m. n2w n && n2w m = n2w (BITWISE (dimindex (:α)) $/\ n m)

word_asr

⊢ ∀w n.
    w ≫ n =
    if word_msb w then (dimindex (:α) − 1 '' dimindex (:α) − n) Tw ‖ w ⋙ n
    else w ⋙ n

word_asr_n2w

⊢ ∀n w.
    w ≫ n =
    if word_msb w then
      n2w (dimword (:α) − 2 ** (dimindex (:α) − MIN n (dimindex (:α)))) ‖
      w ⋙ n
    else w ⋙ n

word_bin_list

⊢ word_from_bin_list ∘ word_to_bin_list = I

word_bin_string

⊢ word_from_bin_string ∘ word_to_bin_string = I

word_bit

⊢ ∀w b. b < dimindex (:α) ⇒ (w ' b ⇔ word_bit b w)

word_bit_0

⊢ ∀h. ¬word_bit h 0w

word_bit_0_word_T

⊢ word_bit 0 (-1w)

word_bit_and

⊢ word_bit n (w1 && w2) ⇔ word_bit n w1 ∧ word_bit n w2

word_bit_lsl

⊢ word_bit n (w ≪ i) ⇔ word_bit (n − i) w ∧ n < dimindex (:α) ∧ i ≤ n

word_bit_n2w

⊢ ∀b n. word_bit b (n2w n) ⇔ b ≤ dimindex (:α) − 1 ∧ BIT b n

word_bit_or

⊢ word_bit n (w1 ‖ w2) ⇔ word_bit n w1 ∨ word_bit n w2

word_bit_test

⊢ word_bit n w ⇔ w && n2w (2 ** n) ≠ 0w

word_bit_thm

⊢ ∀n w. word_bit n w ⇔ n < dimindex (:α) ∧ w ' n

word_bits_mask

⊢ ∀h l a. (h -- l) a = if l ≤ h then a ⋙ l && 2w ≪ (h − l) − 1w else 0w

word_bits_n2w

⊢ ∀h l n. (h -- l) (n2w n) = n2w (BITS (MIN h (dimindex (:α) − 1)) l n)

word_bits_w2w

⊢ ∀w h l. (h -- l) (w2w w) = w2w ((MIN h (dimindex (:β) − 1) -- l) w)

word_concat_0

⊢ ∀x. FINITE 𝕌(:α) ∧ x < dimword (:β) ⇒ 0w @@ n2w x = n2w x

word_concat_0_0

⊢ 0w @@ 0w = 0w

word_concat_0_eq

⊢ ∀x y.
    FINITE 𝕌(:α) ∧ dimindex (:β) ≤ dimindex (:γ) ∧ y < dimword (:β) ⇒
    (0w @@ x = n2w y ⇔ x = n2w y)

word_concat_assoc

⊢ ∀a b c.
    FINITE 𝕌(:α) ∧ FINITE 𝕌(:β) ∧ FINITE 𝕌(:γ) ∧
    dimindex (:δ) = dimindex (:α) + dimindex (:β) ∧
    dimindex (:ε) = dimindex (:β) + dimindex (:γ) ∧
    dimindex (:ζ) = dimindex (:δ) + dimindex (:γ) ⇒
    (a @@ b) @@ c = a @@ b @@ c

word_concat_word_T

⊢ -1w @@ -1w = w2w (-1w)

word_dec_list

⊢ word_from_dec_list ∘ word_to_dec_list = I

word_dec_string

⊢ word_from_dec_string ∘ word_to_dec_string = I

word_div_1

⊢ ∀v. v // 1w = v

word_eq_0

⊢ ∀w. w = 0w ⇔ ∀i. i < dimindex (:α) ⇒ ¬w ' i

word_eq_n2w

⊢ (∀m n. n2w m = n2w n ⇔ MOD_2EXP_EQ (dimindex (:α)) m n) ∧
  (∀n. n2w n = -1w ⇔ MOD_2EXP_MAX (dimindex (:α)) n) ∧
  ∀n. -1w = n2w n ⇔ MOD_2EXP_MAX (dimindex (:α)) n

word_exp_tailrec

⊢ b ** e = word_exp_tailrec b e 1w

word_exp_tailrec_def

⊢ ∀e b a.
    word_exp_tailrec b e a =
    if e = 0w then a
    else if word_mod e 2w = 0w then word_exp_tailrec (b * b) (e // 2w) a
    else word_exp_tailrec b (e − 1w) (b * a)

word_exp_tailrec_ind

⊢ ∀P. (∀b e a.
         (e ≠ 0w ∧ word_mod e 2w ≠ 0w ⇒ P b (e − 1w) (b * a)) ∧
         (e ≠ 0w ∧ word_mod e 2w = 0w ⇒ P (b * b) (e // 2w) a) ⇒
         P b e a) ⇒
      ∀v v1 v2. P v v1 v2

word_extract_eq_n2w

⊢ ∀x h y.
    dimindex (:α) ≤ dimindex (:β) ∧ dimindex (:α) − 1 ≤ h ∧
    y < dimword (:α) ⇒
    ((h >< 0) x = n2w y ⇔ x = n2w y)

word_extract_mask

⊢ ∀h l a. (h >< l) a = if l ≤ h then a ⋙ l && 2w ≪ (h − l) − 1w else 0w

word_extract_n2w

⊢ (h >< l) (n2w n) =
  if dimindex (:β) ≤ dimindex (:α) then
    n2w (BITS (MIN h (dimindex (:α) − 1)) l n)
  else
    n2w
      (BITS (MIN (MIN h (dimindex (:α) − 1)) (dimindex (:α) − 1 + l)) l n)

word_extract_w2w

⊢ ∀w h l. dimindex (:α) ≤ dimindex (:β) ⇒ (h >< l) (w2w w) = (h >< l) w

word_extract_w2w_mask

⊢ ∀h l a.
    (h >< l) a = w2w (if l ≤ h then a ⋙ l && 2w ≪ (h − l) − 1w else 0w)

word_from_bin_list_and

⊢ LENGTH l1 = dimindex (:α) ∧ LENGTH l2 = dimindex (:α) ⇒
  word_from_bin_list l1 && word_from_bin_list l2 =
  word_from_bin_list (MAP2 (λx y. bool_to_bit (ODD x ∧ ODD y)) l1 l2)

word_from_bin_list_not

⊢ LENGTH ls = dimindex (:α) ∧ EVERY ($> 2) ls ⇒
  ¬word_from_bin_list ls = word_from_bin_list (MAP (λx. 1 − x) ls)

word_from_bin_list_rol

⊢ x < dimindex (:α) ∧ LENGTH ls = dimindex (:α) ⇒
  word_from_bin_list ls ⇆ x =
  word_from_bin_list (LASTN x ls ⧺ BUTLASTN x ls)

word_from_bin_list_ror

⊢ x < dimindex (:α) ∧ LENGTH ls = dimindex (:α) ⇒
  word_from_bin_list ls ⇄ x = word_from_bin_list (DROP x ls ⧺ TAKE x ls)

word_from_bin_list_xor

⊢ LENGTH b1 = LENGTH b2 ⇒
  word_from_bin_list b1 ⊕ word_from_bin_list b2 =
  word_from_bin_list (MAP (λ(x,y). (x + y) MOD 2) (ZIP (b1,b2)))

word_ge_n2w

⊢ ∀a b.
    n2w a ≥ n2w b ⇔
    (let
       sa = BIT (dimindex (:α) − 1) a and sb = BIT (dimindex (:α) − 1) b
     in
       (sa ⇔ sb) ∧ a MOD dimword (:α) ≥ b MOD dimword (:α) ∨ ¬sa ∧ sb)

word_gt_n2w

⊢ ∀a b.
    n2w a > n2w b ⇔
    (let
       sa = BIT (dimindex (:α) − 1) a and sb = BIT (dimindex (:α) − 1) b
     in
       (sa ⇔ sb) ∧ a MOD dimword (:α) > b MOD dimword (:α) ∨ ¬sa ∧ sb)

word_hex_list

⊢ word_from_hex_list ∘ word_to_hex_list = I

word_hex_string

⊢ word_from_hex_string ∘ word_to_hex_string = I

word_hi_n2w

⊢ ∀a b. n2w a >₊ n2w b ⇔ a MOD dimword (:α) > b MOD dimword (:α)

word_hs_n2w

⊢ ∀a b. n2w a ≥₊ n2w b ⇔ a MOD dimword (:α) ≥ b MOD dimword (:α)

word_index

⊢ ∀n i. i < dimindex (:α) ⇒ (n2w n ' i ⇔ BIT i n)

word_index_n2w

⊢ ∀n i.
    n2w n ' i ⇔
    if i < dimindex (:α) then BIT i n
    else FAIL $' $var$(index too large) (n2w n) i

word_join_0

⊢ ∀a. word_join 0w a = w2w a

word_join_index

⊢ ∀i a b.
    FINITE 𝕌(:α) ∧ FINITE 𝕌(:β) ∧ i < dimindex (:α + β) ⇒
    (word_join a b ' i ⇔
     if i < dimindex (:β) then b ' i else a ' (i − dimindex (:β)))

word_join_word_T

⊢ word_join (-1w) (-1w) = -1w

word_le_n2w

⊢ ∀a b.
    n2w a ≤ n2w b ⇔
    (let
       sa = BIT (dimindex (:α) − 1) a and sb = BIT (dimindex (:α) − 1) b
     in
       (sa ⇔ sb) ∧ a MOD dimword (:α) ≤ b MOD dimword (:α) ∨ sa ∧ ¬sb)

word_lo_n2w

⊢ ∀a b. n2w a <₊ n2w b ⇔ a MOD dimword (:α) < b MOD dimword (:α)

word_log2_1

⊢ word_log2 1w = 0w

word_log2_n2w

⊢ ∀n. word_log2 (n2w n) = n2w (LOG2 (n MOD dimword (:α)))

word_ls_n2w

⊢ ∀a b. n2w a ≤₊ n2w b ⇔ a MOD dimword (:α) ≤ b MOD dimword (:α)

word_lsb

⊢ word_lsb = word_bit 0

word_lsb_n2w

⊢ ∀n. word_lsb (n2w n) ⇔ ODD n

word_lsb_word_T

⊢ word_lsb (-1w)

word_lsl_n2w

⊢ ∀n m. n2w m ≪ n = if dimindex (:α) − 1 < n then 0w else n2w (m * 2 ** n)

word_lsr_n2w

⊢ ∀w n. w ⋙ n = (dimindex (:α) − 1 -- n) w

word_lt_n2w

⊢ ∀a b.
    n2w a < n2w b ⇔
    (let
       sa = BIT (dimindex (:α) − 1) a and sb = BIT (dimindex (:α) − 1) b
     in
       (sa ⇔ sb) ∧ a MOD dimword (:α) < b MOD dimword (:α) ∨ sa ∧ ¬sb)

word_modify_n2w

⊢ ∀f n. word_modify f (n2w n) = n2w (BIT_MODIFY (dimindex (:α)) f n)

word_msb

⊢ word_msb = word_bit (dimindex (:α) − 1)

word_msb_add_word_L

⊢ ∀a. word_msb (a + INT_MINw) ⇔ ¬word_msb a

word_msb_n2w

⊢ ∀n. word_msb (n2w n) ⇔ BIT (dimindex (:α) − 1) n

word_msb_n2w_numeric

⊢ word_msb (n2w n) ⇔ INT_MIN (:α) ≤ n MOD dimword (:α)

word_msb_neg

⊢ ∀w. word_msb w ⇔ w < 0w

word_msb_word_T

⊢ word_msb (-1w)

word_mul_n2w

⊢ ∀m n. n2w m * n2w n = n2w (m * n)

word_nand_n2w

⊢ ∀n m.
    n2w n ~&& n2w m = n2w (BITWISE (dimindex (:α)) (λx y. ¬(x ∧ y)) n m)

word_nchotomy

⊢ ∀w. ∃n. w = n2w n

word_nor_n2w

⊢ ∀n m.
    n2w n ~|| n2w m = n2w (BITWISE (dimindex (:α)) (λx y. ¬(x ∨ y)) n m)

word_oct_list

⊢ word_from_oct_list ∘ word_to_oct_list = I

word_oct_string

⊢ word_from_oct_string ∘ word_to_oct_string = I

word_or_n2w

⊢ ∀n m. n2w n ‖ n2w m = n2w (BITWISE (dimindex (:α)) $\/ n m)

word_reduce_n2w

⊢ ∀n f.
    word_reduce f (n2w n) =
    $FCP
      (K (let l = BOOLIFY (dimindex (:α)) n [] in FOLDL f (HD l) (TL l)))

word_replicate_concat_word_list

⊢ ∀n w. word_replicate n w = concat_word_list (GENLIST (K w) n)

word_reverse_0

⊢ word_reverse 0w = 0w

word_reverse_n2w

⊢ ∀n. word_reverse (n2w n) = n2w (BIT_REVERSE (dimindex (:α)) n)

word_reverse_thm

⊢ ∀w v n.
    word_reverse (word_reverse w) = w ∧
    word_reverse (w ≪ n) = word_reverse w ⋙ n ∧
    word_reverse (w ⋙ n) = word_reverse w ≪ n ∧
    word_reverse (w ‖ v) = word_reverse w ‖ word_reverse v ∧
    word_reverse (w && v) = word_reverse w && word_reverse v ∧
    word_reverse (w ⊕ v) = word_reverse w ⊕ word_reverse v ∧
    word_reverse (¬w) = ¬word_reverse w ∧ word_reverse 0w = 0w ∧
    word_reverse (-1w) = -1w ∧ (word_reverse w = 0w ⇔ w = 0w) ∧
    (word_reverse w = -1w ⇔ w = -1w)

word_reverse_word_T

⊢ word_reverse (-1w) = -1w

word_ror

⊢ ∀w n.
    w ⇄ n =
    (let
       x = n MOD dimindex (:α)
     in
       (dimindex (:α) − 1 -- x) w ‖ (x − 1 -- 0) w ≪ (dimindex (:α) − x))

word_ror_n2w

⊢ ∀n a.
    n2w a ⇄ n =
    (let
       x = n MOD dimindex (:α)
     in
       n2w
         (BITS (dimindex (:α) − 1) x a +
          BITS (x − 1) 0 a * 2 ** (dimindex (:α) − x)))

word_rrx_0

⊢ word_rrx (F,0w) = (F,0w) ∧ word_rrx (T,0w) = (F,INT_MINw)

word_rrx_n2w

⊢ ∀c a.
    word_rrx (c,n2w a) =
    (ODD a,n2w (BITS (dimindex (:α) − 1) 1 a + SBIT c (dimindex (:α) − 1)))

word_rrx_word_T

⊢ word_rrx (F,-1w) = (T,INT_MAXw) ∧ word_rrx (T,-1w) = (T,-1w)

word_shift_bv

⊢ (∀w n. n < dimword (:α) ⇒ w ≪ n = w <<~ n2w n) ∧
  (∀w n. n < dimword (:α) ⇒ w ≫ n = w >>~ n2w n) ∧
  (∀w n. n < dimword (:α) ⇒ w ⋙ n = w >>>~ n2w n) ∧
  (∀w n. w ⇄ n = w #>>~ n2w (n MOD dimindex (:α))) ∧
  ∀w n. w ⇆ n = w #<<~ n2w (n MOD dimindex (:α))

word_sign_extend_bits

⊢ ∀h l w.
    (h --- l) w =
    word_sign_extend (MIN (SUC h) (dimindex (:α)) − l) ((h -- l) w)

word_signed_bits_n2w

⊢ ∀h l n.
    (h --- l) (n2w n) =
    n2w
      (SIGN_EXTEND (MIN (SUC h) (dimindex (:α)) − l) (dimindex (:α))
         (BITS (MIN h (dimindex (:α) − 1)) l n))

word_slice_n2w

⊢ ∀h l n. (h '' l) (n2w n) = n2w (SLICE (MIN h (dimindex (:α) − 1)) l n)

word_sub_w2n

⊢ ∀x y. y ≤₊ x ⇒ w2n (x − y) = w2n x − w2n y

word_xnor_n2w

⊢ ∀n m. n2w n ~?? n2w m = n2w (BITWISE (dimindex (:α)) $<=> n m)

word_xor_n2w

⊢ ∀n m. n2w n ⊕ n2w m = n2w (BITWISE (dimindex (:α)) (λx y. x ⇎ y) n m)

Theory words

Parents

Contents

Type operators

Constants

Definitions

Theorems

Definitions

Theorems