diff --git a/src/plugins/wp/tests/wp_acsl/chunk_typing_usable.i b/src/plugins/wp/tests/wp_acsl/chunk_typing_usable.i
index 8d1a09b6a1ca58a360ad45f3818594492d796d13..3f4b3a0a572362e7f43dfd91cd9ab2f354642fc1 100644
--- a/src/plugins/wp/tests/wp_acsl/chunk_typing_usable.i
+++ b/src/plugins/wp/tests/wp_acsl/chunk_typing_usable.i
@@ -2,7 +2,7 @@
OPT: -wp-gen -wp-rte -wp-prover why3 -wp-msg-key print-generated
*/
/* run.config_qualif
- OPT: -wp-rte -wp-prover alt-ergo,coq
+ OPT: -wp-rte -wp-prover alt-ergo
*/
/*@
diff --git a/src/plugins/wp/tests/wp_acsl/chunk_typing_usable.script b/src/plugins/wp/tests/wp_acsl/chunk_typing_usable.script
deleted file mode 100644
index 7e86db5b5e787c3126afb74e22e641ba12b9c35c..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_acsl/chunk_typing_usable.script
+++ /dev/null
@@ -1,37 +0,0 @@
-(* Generated by Frama-C WP *)
-
-Goal typed_lemma_provable_lemma.
-Hint property,provable_lemma.
-Proof.
- Import Compound.
-
- Ltac norm := repeat(match goal with
- | [ _ : _ |- context [ (?i + 1 - 1)%Z ]] => replace (i + 1 - 1)%Z with i by omega
- | [ _ : _ |- context [ (0 + ?i)%Z ]] => replace (0 + i)%Z with i by omega
- | [ _ : _ |- context [ (?i + 0)%Z ]] => replace (i + 0)%Z with i by omega
- end).
- intros e from cut to.
- generalize dependent cut.
- induction to using Z_induction with (m := from) ; intros cut mem page Hct Hfc Hm He.
- * repeat(rewrite A_Occ.Q_empty ; auto ; try omega).
- * assert(EqNeq: { mem.[ (shift_sint32 page to) ] = e } + { mem.[ (shift_sint32 page to) ] <> e }) by
- repeat(decide equality).
- assert(Cut: (cut < to + 1 \/ cut = to + 1)%Z ) by omega ; inversion Cut as [ Inf | Eq ].
- + inversion_clear EqNeq as [ Eq | Neq ].
- - rewrite <- Eq.
- replace (mem .[ shift_sint32 page to]) with (mem .[ shift_sint32 page (to + 1 - 1)]) by (norm ; auto).
- rewrite <- A_Occ.Q_is with (i := (to+1)%Z) ;
- [ rewrite <- A_Occ.Q_is with (i := (to+1)%Z) | | | | |] ;
- norm ; try rewrite Eq ; auto ; try omega.
- assert(Simpl: forall x y z : Z, (x + y = z)%Z -> (1 + x + y = 1 + z)%Z) by (intros ; omega).
- apply Simpl.
- apply IHto ; auto ; omega.
- - rewrite <- A_Occ.Q_isnt with (i := (to+1)%Z) ;
- [ rewrite <- A_Occ.Q_isnt with (i := (to+1)%Z) | | | | |] ;
- norm ; auto ; try omega.
- apply IHto ; auto ; omega.
- + rewrite Eq.
- rewrite A_Occ.Q_empty ; auto ; try omega.
-Qed.
-
-
diff --git a/src/plugins/wp/tests/wp_acsl/classify_float.c b/src/plugins/wp/tests/wp_acsl/classify_float.c
index f281877af31f474fbf324a3b138fb504d312138b..dd45b597a3fee283dab0d234f794f6a8ba3cc867 100644
--- a/src/plugins/wp/tests/wp_acsl/classify_float.c
+++ b/src/plugins/wp/tests/wp_acsl/classify_float.c
@@ -1,6 +1,5 @@
/* run.config_qualif
OPT: -wp-prover alt-ergo
- OPT: -wp-prover coq
OPT: -wp-model real
*/
diff --git a/src/plugins/wp/tests/wp_acsl/classify_float.script b/src/plugins/wp/tests/wp_acsl/classify_float.script
deleted file mode 100644
index 0b2ca5d38ec8c0ff75950cbbd9cf6debdf566330..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_acsl/classify_float.script
+++ /dev/null
@@ -1,25 +0,0 @@
-(* Generated by Frama-C WP *)
-
-Goal typed_lemma_InfN_not_finite.
-Hint InfN_not_finite,property.
-Proof.
-(* auto with zarith. *)
-admit.
-Admitted.
-
-Goal typed_lemma_InfP_not_finite.
-Hint InfP_not_finite,property.
-Proof.
-(* auto with zarith. *)
-admit.
-Admitted.
-
-Goal typed_lemma_NaN_not_finite.
-Hint NaN_not_finite,property.
-Proof.
-(* auto with zarith. *)
-admit.
-Admitted.
-
-
-
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/chunk_typing_usable.0.session/interactive/lemma_provable_lemma.v b/src/plugins/wp/tests/wp_acsl/oracle_qualif/chunk_typing_usable.0.session/interactive/lemma_provable_lemma.v
deleted file mode 100644
index 1b3be3b8b35c241e8e2ef77e3af64c923aa96bb2..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/chunk_typing_usable.0.session/interactive/lemma_provable_lemma.v
+++ /dev/null
@@ -1,622 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.FromInt.
-Require map.Map.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-(* Why3 assumption *)
-Inductive addr :=
- | addr'mk : Numbers.BinNums.Z -> Numbers.BinNums.Z -> addr.
-Axiom addr_WhyType : WhyType addr.
-Existing Instance addr_WhyType.
-
-(* Why3 assumption *)
-Definition offset (v:addr) : Numbers.BinNums.Z :=
- match v with
- | addr'mk x x1 => x1
- end.
-
-(* Why3 assumption *)
-Definition base (v:addr) : Numbers.BinNums.Z :=
- match v with
- | addr'mk x x1 => x
- end.
-
-Parameter addr_le: addr -> addr -> Prop.
-
-Parameter addr_lt: addr -> addr -> Prop.
-
-Parameter addr_le_bool: addr -> addr -> Init.Datatypes.bool.
-
-Parameter addr_lt_bool: addr -> addr -> Init.Datatypes.bool.
-
-Axiom addr_le_def :
- forall (p:addr) (q:addr), ((base p) = (base q)) ->
- addr_le p q <-> ((offset p) <= (offset q))%Z.
-
-Axiom addr_lt_def :
- forall (p:addr) (q:addr), ((base p) = (base q)) ->
- addr_lt p q <-> ((offset p) < (offset q))%Z.
-
-Axiom addr_le_bool_def :
- forall (p:addr) (q:addr),
- addr_le p q <-> ((addr_le_bool p q) = Init.Datatypes.true).
-
-Axiom addr_lt_bool_def :
- forall (p:addr) (q:addr),
- addr_lt p q <-> ((addr_lt_bool p q) = Init.Datatypes.true).
-
-(* Why3 assumption *)
-Definition null : addr := addr'mk 0%Z 0%Z.
-
-(* Why3 assumption *)
-Definition global (b:Numbers.BinNums.Z) : addr := addr'mk b 0%Z.
-
-(* Why3 assumption *)
-Definition shift (p:addr) (k:Numbers.BinNums.Z) : addr :=
- addr'mk (base p) ((offset p) + k)%Z.
-
-(* Why3 assumption *)
-Definition included (p:addr) (a:Numbers.BinNums.Z) (q:addr)
- (b:Numbers.BinNums.Z) : Prop :=
- (0%Z < a)%Z ->
- (0%Z <= b)%Z /\
- ((base p) = (base q)) /\
- ((offset q) <= (offset p))%Z /\
- (((offset p) + a)%Z <= ((offset q) + b)%Z)%Z.
-
-(* Why3 assumption *)
-Definition separated (p:addr) (a:Numbers.BinNums.Z) (q:addr)
- (b:Numbers.BinNums.Z) : Prop :=
- (a <= 0%Z)%Z \/
- (b <= 0%Z)%Z \/
- ~ ((base p) = (base q)) \/
- (((offset q) + b)%Z <= (offset p))%Z \/
- (((offset p) + a)%Z <= (offset q))%Z.
-
-(* Why3 assumption *)
-Definition eqmem {a:Type} {a_WT:WhyType a} (m1:addr -> a) (m2:addr -> a)
- (p:addr) (a1:Numbers.BinNums.Z) : Prop :=
- forall (q:addr), included q 1%Z p a1 -> ((m1 q) = (m2 q)).
-
-Parameter havoc:
- forall {a:Type} {a_WT:WhyType a}, (addr -> a) -> (addr -> a) -> addr ->
- Numbers.BinNums.Z -> addr -> a.
-
-(* Why3 assumption *)
-Definition valid_rw (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- (0%Z < (base p))%Z /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (m (base p)))%Z.
-
-(* Why3 assumption *)
-Definition valid_rd (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- ~ (0%Z = (base p)) /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (m (base p)))%Z.
-
-(* Why3 assumption *)
-Definition valid_obj (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- (p = null) \/
- ~ (0%Z = (base p)) /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (1%Z + (m (base p)))%Z)%Z.
-
-(* Why3 assumption *)
-Definition invalid (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (n <= 0%Z)%Z \/
- ((base p) = 0%Z) \/
- ((m (base p)) <= (offset p))%Z \/ (((offset p) + n)%Z <= 0%Z)%Z.
-
-Axiom valid_rw_rd :
- forall (m:Numbers.BinNums.Z -> Numbers.BinNums.Z), forall (p:addr),
- forall (n:Numbers.BinNums.Z), valid_rw m p n -> valid_rd m p n.
-
-Axiom valid_string :
- forall (m:Numbers.BinNums.Z -> Numbers.BinNums.Z), forall (p:addr),
- ((base p) < 0%Z)%Z ->
- (0%Z <= (offset p))%Z /\ ((offset p) < (m (base p)))%Z ->
- valid_rd m p 1%Z /\ ~ valid_rw m p 1%Z.
-
-Axiom separated_1 :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (i:Numbers.BinNums.Z)
- (j:Numbers.BinNums.Z),
- separated p a q b -> ((offset p) <= i)%Z /\ (i < ((offset p) + a)%Z)%Z ->
- ((offset q) <= j)%Z /\ (j < ((offset q) + b)%Z)%Z ->
- ~ ((addr'mk (base p) i) = (addr'mk (base q) j)).
-
-Parameter region: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter linked: (Numbers.BinNums.Z -> Numbers.BinNums.Z) -> Prop.
-
-Parameter sconst: (addr -> Numbers.BinNums.Z) -> Prop.
-
-(* Why3 assumption *)
-Definition framed (m:addr -> addr) : Prop :=
- forall (p:addr), ((region (base p)) <= 0%Z)%Z ->
- ((region (base (m p))) <= 0%Z)%Z.
-
-Axiom separated_included :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z), (0%Z < a)%Z ->
- (0%Z < b)%Z -> separated p a q b -> ~ included p a q b.
-
-Axiom included_trans :
- forall (p:addr) (q:addr) (r:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (c:Numbers.BinNums.Z),
- included p a q b -> included q b r c -> included p a r c.
-
-Axiom separated_trans :
- forall (p:addr) (q:addr) (r:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (c:Numbers.BinNums.Z),
- included p a q b -> separated q b r c -> separated p a r c.
-
-Axiom separated_sym :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z),
- separated p a q b <-> separated q b p a.
-
-Axiom eqmem_included :
- forall {a:Type} {a_WT:WhyType a},
- forall (m1:addr -> a) (m2:addr -> a), forall (p:addr) (q:addr),
- forall (a1:Numbers.BinNums.Z) (b:Numbers.BinNums.Z), included p a1 q b ->
- eqmem m1 m2 q b -> eqmem m1 m2 p a1.
-
-Axiom eqmem_sym :
- forall {a:Type} {a_WT:WhyType a},
- forall (m1:addr -> a) (m2:addr -> a), forall (p:addr),
- forall (a1:Numbers.BinNums.Z), eqmem m1 m2 p a1 -> eqmem m2 m1 p a1.
-
-Axiom havoc_access :
- forall {a:Type} {a_WT:WhyType a},
- forall (m0:addr -> a) (m1:addr -> a), forall (q:addr) (p:addr),
- forall (a1:Numbers.BinNums.Z),
- (separated q 1%Z p a1 -> ((havoc m0 m1 p a1 q) = (m1 q))) /\
- (~ separated q 1%Z p a1 -> ((havoc m0 m1 p a1 q) = (m0 q))).
-
-Parameter cinits: (addr -> Init.Datatypes.bool) -> Prop.
-
-(* Why3 assumption *)
-Definition is_init_range (m:addr -> Init.Datatypes.bool) (p:addr)
- (l:Numbers.BinNums.Z) : Prop :=
- forall (i:Numbers.BinNums.Z), (0%Z <= i)%Z /\ (i < l)%Z ->
- ((m (shift p i)) = Init.Datatypes.true).
-
-Parameter set_init:
- (addr -> Init.Datatypes.bool) -> addr -> Numbers.BinNums.Z ->
- addr -> Init.Datatypes.bool.
-
-Axiom set_init_access :
- forall (m:addr -> Init.Datatypes.bool), forall (q:addr) (p:addr),
- forall (a:Numbers.BinNums.Z),
- (separated q 1%Z p a -> ((set_init m p a q) = (m q))) /\
- (~ separated q 1%Z p a -> ((set_init m p a q) = Init.Datatypes.true)).
-
-(* Why3 assumption *)
-Definition monotonic_init (m1:addr -> Init.Datatypes.bool)
- (m2:addr -> Init.Datatypes.bool) : Prop :=
- forall (p:addr), ((m1 p) = Init.Datatypes.true) ->
- ((m2 p) = Init.Datatypes.true).
-
-Parameter int_of_addr: addr -> Numbers.BinNums.Z.
-
-Parameter addr_of_int: Numbers.BinNums.Z -> addr.
-
-Axiom table : Type.
-Parameter table_WhyType : WhyType table.
-Existing Instance table_WhyType.
-
-Parameter table_of_base: Numbers.BinNums.Z -> table.
-
-Parameter table_to_offset: table -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom table_to_offset_zero :
- forall (t:table), ((table_to_offset t 0%Z) = 0%Z).
-
-Axiom table_to_offset_monotonic :
- forall (t:table), forall (o1:Numbers.BinNums.Z) (o2:Numbers.BinNums.Z),
- (o1 <= o2)%Z <-> ((table_to_offset t o1) <= (table_to_offset t o2))%Z.
-
-Axiom int_of_addr_bijection :
- forall (a:Numbers.BinNums.Z), ((int_of_addr (addr_of_int a)) = a).
-
-Axiom addr_of_int_bijection :
- forall (p:addr), ((addr_of_int (int_of_addr p)) = p).
-
-Axiom addr_of_null : ((int_of_addr null) = 0%Z).
-
-(* Why3 assumption *)
-Definition is_bool (x:Numbers.BinNums.Z) : Prop := (x = 0%Z) \/ (x = 1%Z).
-
-(* Why3 assumption *)
-Definition is_uint8 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 256%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint8 (x:Numbers.BinNums.Z) : Prop :=
- ((-128%Z)%Z <= x)%Z /\ (x < 128%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint16 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 65536%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint16 (x:Numbers.BinNums.Z) : Prop :=
- ((-32768%Z)%Z <= x)%Z /\ (x < 32768%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint32 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 4294967296%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint32 (x:Numbers.BinNums.Z) : Prop :=
- ((-2147483648%Z)%Z <= x)%Z /\ (x < 2147483648%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint64 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 18446744073709551616%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint64 (x:Numbers.BinNums.Z) : Prop :=
- ((-9223372036854775808%Z)%Z <= x)%Z /\ (x < 9223372036854775808%Z)%Z.
-
-Axiom is_bool0 : is_bool 0%Z.
-
-Axiom is_bool1 : is_bool 1%Z.
-
-Parameter to_bool: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom to_bool'def :
- forall (x:Numbers.BinNums.Z),
- ((x = 0%Z) -> ((to_bool x) = 0%Z)) /\ (~ (x = 0%Z) -> ((to_bool x) = 1%Z)).
-
-Parameter to_uint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter two_power_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom two_power_abs_is_positive :
- forall (n:Numbers.BinNums.Z), (0%Z < (two_power_abs n))%Z.
-
-Axiom two_power_abs_plus_pos :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- (0%Z <= m)%Z ->
- ((two_power_abs (n + m)%Z) = ((two_power_abs n) * (two_power_abs m))%Z).
-
-Axiom two_power_abs_plus_one :
- forall (n:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- ((two_power_abs (n + 1%Z)%Z) = (2%Z * (two_power_abs n))%Z).
-
-(* Why3 assumption *)
-Definition is_uint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-(* Why3 assumption *)
-Definition is_sint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- ((-(two_power_abs n))%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-Parameter to_uint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom is_to_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n (to_uint n x).
-
-Axiom is_to_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_sint n (to_sint n x).
-
-Axiom is_to_uint8 : forall (x:Numbers.BinNums.Z), is_uint8 (to_uint8 x).
-
-Axiom is_to_sint8 : forall (x:Numbers.BinNums.Z), is_sint8 (to_sint8 x).
-
-Axiom is_to_uint16 : forall (x:Numbers.BinNums.Z), is_uint16 (to_uint16 x).
-
-Axiom is_to_sint16 : forall (x:Numbers.BinNums.Z), is_sint16 (to_sint16 x).
-
-Axiom is_to_uint32 : forall (x:Numbers.BinNums.Z), is_uint32 (to_uint32 x).
-
-Axiom is_to_sint32 : forall (x:Numbers.BinNums.Z), is_sint32 (to_sint32 x).
-
-Axiom is_to_uint64 : forall (x:Numbers.BinNums.Z), is_uint64 (to_uint64 x).
-
-Axiom is_to_sint64 : forall (x:Numbers.BinNums.Z), is_sint64 (to_sint64 x).
-
-Axiom id_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_uint n x <-> ((to_uint n x) = x).
-
-Axiom id_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_sint n x <-> ((to_sint n x) = x).
-
-Axiom id_uint8 :
- forall (x:Numbers.BinNums.Z), is_uint8 x -> ((to_uint8 x) = x).
-
-Axiom id_sint8 :
- forall (x:Numbers.BinNums.Z), is_sint8 x -> ((to_sint8 x) = x).
-
-Axiom id_uint16 :
- forall (x:Numbers.BinNums.Z), is_uint16 x -> ((to_uint16 x) = x).
-
-Axiom id_sint16 :
- forall (x:Numbers.BinNums.Z), is_sint16 x -> ((to_sint16 x) = x).
-
-Axiom id_uint32 :
- forall (x:Numbers.BinNums.Z), is_uint32 x -> ((to_uint32 x) = x).
-
-Axiom id_sint32 :
- forall (x:Numbers.BinNums.Z), is_sint32 x -> ((to_sint32 x) = x).
-
-Axiom id_uint64 :
- forall (x:Numbers.BinNums.Z), is_uint64 x -> ((to_uint64 x) = x).
-
-Axiom id_sint64 :
- forall (x:Numbers.BinNums.Z), is_sint64 x -> ((to_sint64 x) = x).
-
-Axiom proj_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_uint n (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_sint n x)) = (to_sint n x)).
-
-Axiom proj_uint8 :
- forall (x:Numbers.BinNums.Z), ((to_uint8 (to_uint8 x)) = (to_uint8 x)).
-
-Axiom proj_sint8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_sint8 x)) = (to_sint8 x)).
-
-Axiom proj_uint16 :
- forall (x:Numbers.BinNums.Z), ((to_uint16 (to_uint16 x)) = (to_uint16 x)).
-
-Axiom proj_sint16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_sint16 x)) = (to_sint16 x)).
-
-Axiom proj_uint32 :
- forall (x:Numbers.BinNums.Z), ((to_uint32 (to_uint32 x)) = (to_uint32 x)).
-
-Axiom proj_sint32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_sint32 x)) = (to_sint32 x)).
-
-Axiom proj_uint64 :
- forall (x:Numbers.BinNums.Z), ((to_uint64 (to_uint64 x)) = (to_uint64 x)).
-
-Axiom proj_sint64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_sint64 x)) = (to_sint64 x)).
-
-Axiom proj_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_uint n x)) = (to_uint n x)).
-
-Axiom incl_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n x ->
- is_sint n x.
-
-Axiom proj_su_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint (m + n)%Z (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_su_sint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint n (to_uint (m + (n + 1%Z)%Z)%Z x)) = (to_sint n x)).
-
-Axiom proj_int8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_uint8 x)) = (to_sint8 x)).
-
-Axiom proj_int16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_uint16 x)) = (to_sint16 x)).
-
-Axiom proj_int32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_uint32 x)) = (to_sint32 x)).
-
-Axiom proj_int64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_uint64 x)) = (to_sint64 x)).
-
-Axiom proj_us_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_uint (n + 1%Z)%Z (to_sint (m + n)%Z x)) = (to_uint (n + 1%Z)%Z x)).
-
-Axiom incl_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_uint (n + i)%Z x.
-
-Axiom incl_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_sint n x -> is_sint (n + i)%Z x.
-
-Axiom incl_int :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_sint (n + i)%Z x.
-
-(* Why3 assumption *)
-Definition is_sint32_chunk (m:addr -> Numbers.BinNums.Z) : Prop :=
- forall (a:addr), is_sint32 (m a).
-
-Parameter L_occ:
- (addr -> Numbers.BinNums.Z) -> Numbers.BinNums.Z -> addr ->
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom Q_empty :
- forall (Mint:addr -> Numbers.BinNums.Z) (v:Numbers.BinNums.Z) (p:addr)
- (f:Numbers.BinNums.Z) (t:Numbers.BinNums.Z),
- (t <= f)%Z -> is_sint32_chunk Mint -> is_sint32 v ->
- ((L_occ Mint v p f t) = 0%Z).
-
-Axiom Q_is :
- forall (Mint:addr -> Numbers.BinNums.Z) (v:Numbers.BinNums.Z) (p:addr)
- (f:Numbers.BinNums.Z) (t:Numbers.BinNums.Z),
- let x := ((-1%Z)%Z + t)%Z in
- let x1 := Mint (shift p x) in
- (x1 = v) -> (f < t)%Z -> is_sint32_chunk Mint -> is_sint32 v ->
- is_sint32 x1 -> ((1%Z + (L_occ Mint v p f x))%Z = (L_occ Mint v p f t)).
-
-Axiom Q_isnt :
- forall (Mint:addr -> Numbers.BinNums.Z) (v:Numbers.BinNums.Z) (p:addr)
- (f:Numbers.BinNums.Z) (t:Numbers.BinNums.Z),
- let x := ((-1%Z)%Z + t)%Z in
- let x1 := Mint (shift p x) in
- ~ (x1 = v) -> (f < t)%Z -> is_sint32_chunk Mint -> is_sint32 v ->
- is_sint32 x1 -> ((L_occ Mint v p f x) = (L_occ Mint v p f t)).
-
-Theorem Z_induction(m : Z)(P : Z -> Prop) :
- (forall n, (n <= m)%Z -> P n ) ->
- (forall n, (n >= m)%Z -> P n -> P (n+1)%Z) ->
- (forall n, P n).
-Proof.
- intros.
- induction (Z_le_dec n m) ; auto with zarith.
- apply Z.le_ind with (n := m) ; auto with zarith.
- unfold Morphisms.Proper.
- unfold Morphisms.respectful.
- intros. rewrite H1. intuition.
- intros. apply H0; auto with zarith.
-Qed.
-
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (t:addr -> Numbers.BinNums.Z) (i:Numbers.BinNums.Z) (a:addr)
- (i1:Numbers.BinNums.Z) (i2:Numbers.BinNums.Z) (i3:Numbers.BinNums.Z),
- (i2 <= i3)%Z -> (i1 <= i2)%Z -> is_sint32_chunk t -> is_sint32 i ->
- (((L_occ t i a i1 i2) + (L_occ t i a i2 i3))%Z = (L_occ t i a i1 i3)).
-Proof.
- Require Import Psatz.
- Ltac norm := repeat(match goal with
- | [ _ : _ |- context [ (-1 + (?i + 1))%Z ]] => replace (-1 + (i + 1))%Z with i by lia
- | [ _ : _ |- context [ (-(1) + (?i + 1))%Z ]] => replace (-(1) + (i + 1))%Z with i by lia
- | [ _ : _ |- context [ (0 + ?i)%Z ]] => replace (0 + i)%Z with i by lia
- | [ _ : _ |- context [ (?i + 0)%Z ]] => replace (i + 0)%Z with i by lia
- end).
-
- intros M x p b s e.
- generalize dependent s.
- induction e using Z_induction with (m := b) ; intros s Us Ls TM Tx.
- - repeat (rewrite Q_empty) ; auto ; lia.
- - assert(EqNeq: { M (shift p e) = x } + { M (shift p e) <> x }) by
- repeat(decide equality).
- assert(Split: (s < e + 1 \/ s = e + 1)%Z) by lia.
- inversion_clear Split as [ Low | Eq ] ; subst.
- + inversion_clear EqNeq as [ Eq | Neq ] ; subst.
- * replace (M (shift p e)) with (M (shift p ((-1) + (e + 1))))%Z by (norm ; auto).
- rewrite <- Q_is with (t := (e + 1)%Z) ; [ rewrite <- Q_is with (t := (e + 1)%Z) | | | | |] ;
- norm ; try rewrite Eq ; auto ; try lia.
- assert(Simpl: forall x y z : Z, (x + y = z)%Z -> (x + (1 + y) = 1 + z)%Z) by (intros ; lia).
- apply Simpl.
- apply IHe ; auto ; lia.
- * rewrite <- Q_isnt with (t := (e + 1)%Z) ; [ rewrite <- Q_isnt with (t := (e + 1)%Z) | | | | |] ;
- norm ; auto ; try lia.
- apply IHe ; auto ; lia.
- + rewrite Q_empty with (f := (e+1)%Z) ; auto ; lia.
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/chunk_typing_usable.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle_qualif/chunk_typing_usable.res.oracle
index e7f7757e41296b5db9a8f1075c8af95cd6ddde0b..5569268205364aef072e778f13495cf836d3c0b8 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/chunk_typing_usable.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle_qualif/chunk_typing_usable.res.oracle
@@ -4,16 +4,15 @@
[rte:annot] annotating function usable_axiom
[rte:annot] annotating function usable_lemma
[wp] 3 goals scheduled
-[wp] [Coq] Goal typed_lemma_provable_lemma : Valid
+[wp] [Alt-Ergo] Goal typed_lemma_provable_lemma : Unsuccess
[wp] [Alt-Ergo] Goal typed_usable_axiom_ensures : Valid
[wp] [Alt-Ergo] Goal typed_usable_lemma_ensures : Valid
-[wp] Proved goals: 3 / 3
+[wp] Proved goals: 2 / 3
Qed: 0
Alt-Ergo: 2 (unsuccess: 1)
- Coq: 1
------------------------------------------------------------
Axiomatics WP Alt-Ergo Total Success
- Lemma - - 1 100%
+ Lemma - - 1 0.0%
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
usable_axiom - 1 1 100%
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.res.oracle b/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.res.oracle
index c2926ee4347068dc2e99f9c518571b7f1044d456..d56892bed73e2320f69ba98f7d23a947f7420d22 100644
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.res.oracle
+++ b/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.res.oracle
@@ -1,14 +1,13 @@
-# frama-c -wp [...]
+# frama-c -wp -wp-model 'Typed (Real)' [...]
[kernel] Parsing classify_float.c (with preprocessing)
[wp] Running WP plugin...
[wp] 3 goals scheduled
-[wp] [Coq] Goal typed_lemma_InfN_not_finite : Valid
-[wp] [Coq] Goal typed_lemma_InfP_not_finite : Valid
-[wp] [Coq] Goal typed_lemma_NaN_not_finite : Valid
+[wp] [Qed] Goal typed_real_lemma_InfN_not_finite : Valid
+[wp] [Qed] Goal typed_real_lemma_InfP_not_finite : Valid
+[wp] [Qed] Goal typed_real_lemma_NaN_not_finite : Valid
[wp] Proved goals: 3 / 3
- Qed: 0
- Coq: 3
+ Qed: 3
------------------------------------------------------------
Axiomatics WP Alt-Ergo Total Success
- Lemma - - 3 100%
+ Lemma 3 - 3 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_InfN_not_finite.v b/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_InfN_not_finite.v
deleted file mode 100644
index 9742dfb3d3c6aa053e0fe2d70b2e1b0238dac89a..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_InfN_not_finite.v
+++ /dev/null
@@ -1,1768 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require Reals.Rbasic_fun.
-Require Reals.R_sqrt.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.Abs.
-Require real.FromInt.
-Require real.Square.
-Require map.Map.
-Require bv.Pow2int.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-Axiom abs_def :
- forall (x:Numbers.BinNums.Z),
- ((0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = x)) /\
- (~ (0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = (-x)%Z)).
-
-Axiom sqrt_lin1 :
- forall (x:Reals.Rdefinitions.R), (1%R < x)%R ->
- ((Reals.R_sqrt.sqrt x) < x)%R.
-
-Axiom sqrt_lin0 :
- forall (x:Reals.Rdefinitions.R), (0%R < x)%R /\ (x < 1%R)%R ->
- (x < (Reals.R_sqrt.sqrt x))%R.
-
-Axiom sqrt_0 : ((Reals.R_sqrt.sqrt 0%R) = 0%R).
-
-Axiom sqrt_1 : ((Reals.R_sqrt.sqrt 1%R) = 1%R).
-
-(* Why3 assumption *)
-Inductive mode :=
- | RNE : mode
- | RNA : mode
- | RTP : mode
- | RTN : mode
- | RTZ : mode.
-Axiom mode_WhyType : WhyType mode.
-Existing Instance mode_WhyType.
-
-(* Why3 assumption *)
-Definition to_nearest (m:mode) : Prop := (m = RNE) \/ (m = RNA).
-
-Axiom t : Type.
-Parameter t_WhyType : WhyType t.
-Existing Instance t_WhyType.
-
-Parameter t'real: t -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite: t -> Prop.
-
-Axiom t'axiom :
- forall (x:t), t'isFinite x ->
- ((-340282346638528859811704183484516925440%R)%R <= (t'real x))%R /\
- ((t'real x) <= 340282346638528859811704183484516925440%R)%R.
-
-Parameter truncate: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Truncate_int :
- forall (i:Numbers.BinNums.Z), ((truncate (BuiltIn.IZR i)) = i).
-
-Axiom Truncate_down_pos :
- forall (x:Reals.Rdefinitions.R), (0%R <= x)%R ->
- ((BuiltIn.IZR (truncate x)) <= x)%R /\
- (x < (BuiltIn.IZR ((truncate x) + 1%Z)%Z))%R.
-
-Axiom Truncate_up_neg :
- forall (x:Reals.Rdefinitions.R), (x <= 0%R)%R ->
- ((BuiltIn.IZR ((truncate x) - 1%Z)%Z) < x)%R /\
- (x <= (BuiltIn.IZR (truncate x)))%R.
-
-Axiom Real_of_truncate :
- forall (x:Reals.Rdefinitions.R),
- ((x - 1%R)%R <= (BuiltIn.IZR (truncate x)))%R /\
- ((BuiltIn.IZR (truncate x)) <= (x + 1%R)%R)%R.
-
-Axiom Truncate_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((truncate x) <= (truncate y))%Z.
-
-Axiom Truncate_monotonic_int1 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- (x <= (BuiltIn.IZR i))%R -> ((truncate x) <= i)%Z.
-
-Axiom Truncate_monotonic_int2 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- ((BuiltIn.IZR i) <= x)%R -> (i <= (truncate x))%Z.
-
-Parameter floor: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Parameter ceil: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Floor_int :
- forall (i:Numbers.BinNums.Z), ((floor (BuiltIn.IZR i)) = i).
-
-Axiom Ceil_int : forall (i:Numbers.BinNums.Z), ((ceil (BuiltIn.IZR i)) = i).
-
-Axiom Floor_down :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR (floor x)) <= x)%R /\
- (x < (BuiltIn.IZR ((floor x) + 1%Z)%Z))%R.
-
-Axiom Ceil_up :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR ((ceil x) - 1%Z)%Z) < x)%R /\ (x <= (BuiltIn.IZR (ceil x)))%R.
-
-Axiom Floor_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((floor x) <= (floor y))%Z.
-
-Axiom Ceil_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((ceil x) <= (ceil y))%Z.
-
-Parameter zeroF: t.
-
-Parameter add: mode -> t -> t -> t.
-
-Parameter sub: mode -> t -> t -> t.
-
-Parameter mul: mode -> t -> t -> t.
-
-Parameter div: mode -> t -> t -> t.
-
-Parameter abs: t -> t.
-
-Parameter neg: t -> t.
-
-Parameter fma: mode -> t -> t -> t -> t.
-
-Parameter sqrt: mode -> t -> t.
-
-Parameter roundToIntegral: mode -> t -> t.
-
-Parameter min: t -> t -> t.
-
-Parameter max: t -> t -> t.
-
-Parameter le: t -> t -> Prop.
-
-Parameter lt: t -> t -> Prop.
-
-Parameter eq: t -> t -> Prop.
-
-Parameter is_normal: t -> Prop.
-
-Parameter is_subnormal: t -> Prop.
-
-Parameter is_zero: t -> Prop.
-
-Parameter is_infinite: t -> Prop.
-
-Parameter is_nan: t -> Prop.
-
-Parameter is_positive: t -> Prop.
-
-Parameter is_negative: t -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity (x:t) : Prop := is_infinite x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity (x:t) : Prop := is_infinite x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_plus_zero (x:t) : Prop := is_zero x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_zero (x:t) : Prop := is_zero x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_not_nan (x:t) : Prop := t'isFinite x \/ is_infinite x.
-
-Axiom is_not_nan1 : forall (x:t), is_not_nan x <-> ~ is_nan x.
-
-Axiom is_not_finite :
- forall (x:t), ~ t'isFinite x <-> is_infinite x \/ is_nan x.
-
-Axiom zeroF_is_positive : is_positive zeroF.
-
-Axiom zeroF_is_zero : is_zero zeroF.
-
-Axiom zero_to_real :
- forall (x:t), is_zero x <-> t'isFinite x /\ ((t'real x) = 0%R).
-
-Parameter of_int: mode -> Numbers.BinNums.Z -> t.
-
-Parameter to_int: mode -> t -> Numbers.BinNums.Z.
-
-Axiom zero_of_int : forall (m:mode), (zeroF = (of_int m 0%Z)).
-
-Parameter round: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int: Numbers.BinNums.Z.
-
-Axiom max_real_int :
- ((33554430 * 10141204801825835211973625643008)%R = (BuiltIn.IZR max_int)).
-
-(* Why3 assumption *)
-Definition in_range (x:Reals.Rdefinitions.R) : Prop :=
- ((-(33554430 * 10141204801825835211973625643008)%R)%R <= x)%R /\
- (x <= (33554430 * 10141204801825835211973625643008)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int)%Z <= i)%Z /\ (i <= max_int)%Z.
-
-Axiom is_finite : forall (x:t), t'isFinite x -> in_range (t'real x).
-
-(* Why3 assumption *)
-Definition no_overflow (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range (round m x).
-
-Axiom Bounded_real_no_overflow :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range x -> no_overflow m x.
-
-Axiom Round_monotonic :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round m x) <= (round m y))%R.
-
-Axiom Round_idempotent :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round m1 (round m2 x)) = (round m2 x)).
-
-Axiom Round_to_real :
- forall (m:mode) (x:t), t'isFinite x -> ((round m (t'real x)) = (t'real x)).
-
-Axiom Round_down_le :
- forall (x:Reals.Rdefinitions.R), ((round RTN x) <= x)%R.
-
-Axiom Round_up_ge : forall (x:Reals.Rdefinitions.R), (x <= (round RTP x))%R.
-
-Axiom Round_down_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTN (-x)%R) = (-(round RTP x))%R).
-
-Axiom Round_up_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTP (-x)%R) = (-(round RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-16777216%Z)%Z <= i)%Z /\ (i <= 16777216%Z)%Z.
-
-Axiom Exact_rounding_for_integers :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((round m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_positive y \/ is_negative x /\ is_negative y.
-
-(* Why3 assumption *)
-Definition diff_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_negative y \/ is_negative x /\ is_positive y.
-
-Axiom feq_eq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero x ->
- eq x y -> (x = y).
-
-Axiom eq_feq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> (x = y) -> eq x y.
-
-Axiom eq_refl : forall (x:t), t'isFinite x -> eq x x.
-
-Axiom eq_sym : forall (x:t) (y:t), eq x y -> eq y x.
-
-Axiom eq_trans : forall (x:t) (y:t) (z:t), eq x y -> eq y z -> eq x z.
-
-Axiom eq_zero : eq zeroF (neg zeroF).
-
-Axiom eq_to_real_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- eq x y <-> ((t'real x) = (t'real y)).
-
-Axiom eq_special :
- forall (x:t) (y:t), eq x y ->
- is_not_nan x /\
- is_not_nan y /\
- (t'isFinite x /\ t'isFinite y \/
- is_infinite x /\ is_infinite y /\ same_sign x y).
-
-Axiom lt_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- lt x y <-> ((t'real x) < (t'real y))%R.
-
-Axiom le_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- le x y <-> ((t'real x) <= (t'real y))%R.
-
-Axiom le_lt_trans : forall (x:t) (y:t) (z:t), le x y /\ lt y z -> lt x z.
-
-Axiom lt_le_trans : forall (x:t) (y:t) (z:t), lt x y /\ le y z -> lt x z.
-
-Axiom le_ge_asym : forall (x:t) (y:t), le x y /\ le y x -> eq x y.
-
-Axiom not_lt_ge :
- forall (x:t) (y:t), ~ lt x y /\ is_not_nan x /\ is_not_nan y -> le y x.
-
-Axiom not_gt_le :
- forall (x:t) (y:t), ~ lt y x /\ is_not_nan x /\ is_not_nan y -> le x y.
-
-Axiom le_special :
- forall (x:t) (y:t), le x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y \/ is_not_nan x /\ is_plus_infinity y.
-
-Axiom lt_special :
- forall (x:t) (y:t), lt x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y /\ ~ is_minus_infinity y \/
- is_not_nan x /\ ~ is_plus_infinity x /\ is_plus_infinity y.
-
-Axiom lt_lt_finite :
- forall (x:t) (y:t) (z:t), lt x y -> lt y z -> t'isFinite y.
-
-Axiom positive_to_real :
- forall (x:t), t'isFinite x -> is_positive x -> (0%R <= (t'real x))%R.
-
-Axiom to_real_positive :
- forall (x:t), t'isFinite x -> (0%R < (t'real x))%R -> is_positive x.
-
-Axiom negative_to_real :
- forall (x:t), t'isFinite x -> is_negative x -> ((t'real x) <= 0%R)%R.
-
-Axiom to_real_negative :
- forall (x:t), t'isFinite x -> ((t'real x) < 0%R)%R -> is_negative x.
-
-Axiom negative_xor_positive :
- forall (x:t), ~ (is_positive x /\ is_negative x).
-
-Axiom negative_or_positive :
- forall (x:t), is_not_nan x -> is_positive x \/ is_negative x.
-
-Axiom diff_sign_trans :
- forall (x:t) (y:t) (z:t), diff_sign x y /\ diff_sign y z -> same_sign x z.
-
-Axiom diff_sign_product :
- forall (x:t) (y:t),
- t'isFinite x /\ t'isFinite y /\ (((t'real x) * (t'real y))%R < 0%R)%R ->
- diff_sign x y.
-
-Axiom same_sign_product :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y /\ same_sign x y ->
- (0%R <= ((t'real x) * (t'real y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign (z:t) (x:t) (y:t) : Prop :=
- (same_sign x y -> is_positive z) /\ (diff_sign x y -> is_negative z).
-
-(* Why3 assumption *)
-Definition overflow_value (m:mode) (x:t) : Prop :=
- match m with
- | RTN =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x -> is_infinite x)
- | RTP =>
- (is_positive x -> is_infinite x) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RTZ =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RNA|RNE => is_infinite x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result (m:mode) (x:t) : Prop :=
- is_zero x -> match m with
- | RTN => is_negative x
- | _ => is_positive x
- end.
-
-Axiom add_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) + (t'real y))%R ->
- t'isFinite (add m x y) /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom add_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (add m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom add_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (add m x y) ->
- no_overflow m ((t'real x) + (t'real y))%R /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom sub_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) - (t'real y))%R ->
- t'isFinite (sub m x y) /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom sub_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (sub m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom sub_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (sub m x y) ->
- no_overflow m ((t'real x) - (t'real y))%R /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom mul_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) * (t'real y))%R ->
- t'isFinite (mul m x y) /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom mul_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (mul m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom mul_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (mul m x y) ->
- no_overflow m ((t'real x) * (t'real y))%R /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom div_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero y ->
- no_overflow m ((t'real x) / (t'real y))%R ->
- t'isFinite (div m x y) /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom div_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (div m x y) ->
- t'isFinite x /\ t'isFinite y /\ ~ is_zero y \/
- t'isFinite x /\ is_infinite y /\ ((t'real (div m x y)) = 0%R).
-
-Axiom div_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (div m x y) ->
- t'isFinite y ->
- no_overflow m ((t'real x) / (t'real y))%R /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom neg_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (neg x) /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom neg_finite_rev :
- forall (x:t), t'isFinite (neg x) ->
- t'isFinite x /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom abs_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (abs x) /\
- ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))) /\
- is_positive (abs x).
-
-Axiom abs_finite_rev :
- forall (x:t), t'isFinite (abs x) ->
- t'isFinite x /\ ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))).
-
-Axiom abs_universal : forall (x:t), ~ is_negative (abs x).
-
-Axiom fma_finite :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite x -> t'isFinite y ->
- t'isFinite z ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- t'isFinite (fma m x y z) /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom fma_finite_rev :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite (fma m x y z) ->
- t'isFinite x /\ t'isFinite y /\ t'isFinite z.
-
-Axiom fma_finite_rev_n :
- forall (m:mode) (x:t) (y:t) (z:t), to_nearest m ->
- t'isFinite (fma m x y z) ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom sqrt_finite :
- forall (m:mode) (x:t), t'isFinite x -> (0%R <= (t'real x))%R ->
- t'isFinite (sqrt m x) /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-Axiom sqrt_finite_rev :
- forall (m:mode) (x:t), t'isFinite (sqrt m x) ->
- t'isFinite x /\
- (0%R <= (t'real x))%R /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real (x:t) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive x /\ (0%R < r)%R \/ is_negative x /\ (r < 0%R)%R.
-
-Axiom add_special :
- forall (m:mode) (x:t) (y:t),
- let r := add m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ same_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) + (t'real y))%R ->
- same_sign_real r ((t'real x) + (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (same_sign x y -> same_sign r x) /\
- (~ same_sign x y -> sign_zero_result m r)).
-
-Axiom sub_special :
- forall (m:mode) (x:t) (y:t),
- let r := sub m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ diff_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y -> is_nan r) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) - (t'real y))%R ->
- same_sign_real r ((t'real x) - (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (diff_sign x y -> same_sign r x) /\
- (~ diff_sign x y -> sign_zero_result m r)).
-
-Axiom mul_special :
- forall (m:mode) (x:t) (y:t),
- let r := mul m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y /\ ~ is_zero x -> is_infinite r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_infinite r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) * (t'real y))%R ->
- overflow_value m r) /\
- (~ is_nan r -> product_sign r x y).
-
-Axiom div_special :
- forall (m:mode) (x:t) (y:t),
- let r := div m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_zero r) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ is_zero y /\ ~ no_overflow m ((t'real x) / (t'real y))%R ->
- overflow_value m r) /\
- (t'isFinite x /\ is_zero y /\ ~ is_zero x -> is_infinite r) /\
- (is_zero x /\ is_zero y -> is_nan r) /\ (~ is_nan r -> product_sign r x y).
-
-Axiom neg_special :
- forall (x:t),
- (is_nan x -> is_nan (neg x)) /\
- (is_infinite x -> is_infinite (neg x)) /\
- (~ is_nan x -> diff_sign x (neg x)).
-
-Axiom abs_special :
- forall (x:t),
- (is_nan x -> is_nan (abs x)) /\
- (is_infinite x -> is_infinite (abs x)) /\
- (~ is_nan x -> is_positive (abs x)).
-
-Axiom fma_special :
- forall (m:mode) (x:t) (y:t) (z:t),
- let r := fma m x y z in
- (is_nan x \/ is_nan y \/ is_nan z -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ t'isFinite y /\ is_infinite z ->
- is_infinite r /\ same_sign r z) /\
- (is_infinite x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (t'isFinite x /\
- t'isFinite y /\
- t'isFinite z /\
- ~ no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- same_sign_real r (((t'real x) * (t'real y))%R + (t'real z))%R /\
- overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y /\ t'isFinite z ->
- (product_sign z x y -> same_sign r z) /\
- (~ product_sign z x y ->
- ((((t'real x) * (t'real y))%R + (t'real z))%R = 0%R) ->
- ((m = RTN) -> is_negative r) /\ (~ (m = RTN) -> is_positive r))).
-
-Axiom sqrt_special :
- forall (m:mode) (x:t),
- let r := sqrt m x in
- (is_nan x -> is_nan r) /\
- (is_plus_infinity x -> is_plus_infinity r) /\
- (is_minus_infinity x -> is_nan r) /\
- (t'isFinite x /\ ((t'real x) < 0%R)%R -> is_nan r) /\
- (is_zero x -> same_sign r x) /\
- (t'isFinite x /\ (0%R < (t'real x))%R -> is_positive r).
-
-Axiom of_int_add_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i + j)%Z ->
- eq (of_int m (i + j)%Z) (add n (of_int m i) (of_int m j)).
-
-Axiom of_int_sub_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i - j)%Z ->
- eq (of_int m (i - j)%Z) (sub n (of_int m i) (of_int m j)).
-
-Axiom of_int_mul_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i * j)%Z ->
- eq (of_int m (i * j)%Z) (mul n (of_int m i) (of_int m j)).
-
-Axiom Min_r : forall (x:t) (y:t), le y x -> eq (min x y) y.
-
-Axiom Min_l : forall (x:t) (y:t), le x y -> eq (min x y) x.
-
-Axiom Max_r : forall (x:t) (y:t), le y x -> eq (max x y) x.
-
-Axiom Max_l : forall (x:t) (y:t), le x y -> eq (max x y) y.
-
-Parameter is_int: t -> Prop.
-
-Axiom zeroF_is_int : is_int zeroF.
-
-Axiom of_int_is_int :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range x ->
- is_int (of_int m x).
-
-Axiom big_float_is_int :
- forall (m:mode) (i:t), t'isFinite i ->
- le i (neg (of_int m 16777216%Z)) \/ le (of_int m 16777216%Z) i -> is_int i.
-
-Axiom roundToIntegral_is_int :
- forall (m:mode) (x:t), t'isFinite x -> is_int (roundToIntegral m x).
-
-Axiom eq_is_int : forall (x:t) (y:t), eq x y -> is_int x -> is_int y.
-
-Axiom add_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (add m x y) -> is_int (add m x y).
-
-Axiom sub_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (sub m x y) -> is_int (sub m x y).
-
-Axiom mul_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (mul m x y) -> is_int (mul m x y).
-
-Axiom fma_int :
- forall (x:t) (y:t) (z:t) (m:mode), is_int x -> is_int y -> is_int z ->
- t'isFinite (fma m x y z) -> is_int (fma m x y z).
-
-Axiom neg_int : forall (x:t), is_int x -> is_int (neg x).
-
-Axiom abs_int : forall (x:t), is_int x -> is_int (abs x).
-
-Axiom is_int_of_int :
- forall (x:t) (m:mode) (m':mode), is_int x -> eq x (of_int m' (to_int m x)).
-
-Axiom is_int_to_int :
- forall (m:mode) (x:t), is_int x -> in_int_range (to_int m x).
-
-Axiom is_int_is_finite : forall (x:t), is_int x -> t'isFinite x.
-
-Axiom int_to_real :
- forall (m:mode) (x:t), is_int x ->
- ((t'real x) = (BuiltIn.IZR (to_int m x))).
-
-Axiom truncate_int :
- forall (m:mode) (i:t), is_int i -> eq (roundToIntegral m i) i.
-
-Axiom truncate_neg :
- forall (x:t), t'isFinite x -> is_negative x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTP x)).
-
-Axiom truncate_pos :
- forall (x:t), t'isFinite x -> is_positive x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTN x)).
-
-Axiom ceil_le : forall (x:t), t'isFinite x -> le x (roundToIntegral RTP x).
-
-Axiom ceil_lest :
- forall (x:t) (y:t), le x y /\ is_int y -> le (roundToIntegral RTP x) y.
-
-Axiom ceil_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTP x)) = (BuiltIn.IZR (ceil (t'real x)))).
-
-Axiom ceil_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTP x)) = (ceil (t'real x))).
-
-Axiom floor_le : forall (x:t), t'isFinite x -> le (roundToIntegral RTN x) x.
-
-Axiom floor_lest :
- forall (x:t) (y:t), le y x /\ is_int y -> le y (roundToIntegral RTN x).
-
-Axiom floor_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTN x)) = (BuiltIn.IZR (floor (t'real x)))).
-
-Axiom floor_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTN x)) = (floor (t'real x))).
-
-Axiom RNA_down :
- forall (x:t),
- lt (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up :
- forall (x:t),
- lt (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom RNA_down_tie :
- forall (x:t),
- eq (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- is_negative x -> ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up_tie :
- forall (x:t),
- eq (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- is_positive x -> ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom to_int_roundToIntegral :
- forall (m:mode) (x:t), ((to_int m x) = (to_int m (roundToIntegral m x))).
-
-Axiom to_int_monotonic :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> le x y ->
- ((to_int m x) <= (to_int m y))%Z.
-
-Axiom to_int_of_int :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((to_int m (of_int m i)) = i).
-
-Axiom eq_to_int :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> eq x y ->
- ((to_int m x) = (to_int m y)).
-
-Axiom neg_to_int :
- forall (m:mode) (x:t), is_int x -> ((to_int m (neg x)) = (-(to_int m x))%Z).
-
-Axiom roundToIntegral_is_finite :
- forall (m:mode) (x:t), t'isFinite x -> t'isFinite (roundToIntegral m x).
-
-Axiom round_bound_ne :
- forall (x:Reals.Rdefinitions.R), no_overflow RNE x ->
- (((x - ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 1427247692705959881058285969449495136382746624)%R)%R
- <= (round RNE x))%R /\
- ((round RNE x) <=
- ((x + ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 1427247692705959881058285969449495136382746624)%R)%R)%R.
-
-Axiom round_bound :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow m x ->
- (((x - ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 713623846352979940529142984724747568191373312)%R)%R
- <= (round m x))%R /\
- ((round m x) <=
- ((x + ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 713623846352979940529142984724747568191373312)%R)%R)%R.
-
-Axiom t1 : Type.
-Parameter t1_WhyType : WhyType t1.
-Existing Instance t1_WhyType.
-
-Parameter t'real1: t1 -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite1: t1 -> Prop.
-
-Axiom t'axiom1 :
- forall (x:t1), t'isFinite1 x ->
- ((-179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R
- <= (t'real1 x))%R /\
- ((t'real1 x) <=
- 179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R.
-
-Parameter zeroF1: t1.
-
-Parameter add1: mode -> t1 -> t1 -> t1.
-
-Parameter sub1: mode -> t1 -> t1 -> t1.
-
-Parameter mul1: mode -> t1 -> t1 -> t1.
-
-Parameter div1: mode -> t1 -> t1 -> t1.
-
-Parameter abs1: t1 -> t1.
-
-Parameter neg1: t1 -> t1.
-
-Parameter fma1: mode -> t1 -> t1 -> t1 -> t1.
-
-Parameter sqrt1: mode -> t1 -> t1.
-
-Parameter roundToIntegral1: mode -> t1 -> t1.
-
-Parameter min1: t1 -> t1 -> t1.
-
-Parameter max1: t1 -> t1 -> t1.
-
-Parameter le1: t1 -> t1 -> Prop.
-
-Parameter lt1: t1 -> t1 -> Prop.
-
-Parameter eq1: t1 -> t1 -> Prop.
-
-Parameter is_normal1: t1 -> Prop.
-
-Parameter is_subnormal1: t1 -> Prop.
-
-Parameter is_zero1: t1 -> Prop.
-
-Parameter is_infinite1: t1 -> Prop.
-
-Parameter is_nan1: t1 -> Prop.
-
-Parameter is_positive1: t1 -> Prop.
-
-Parameter is_negative1: t1 -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_plus_zero1 (x:t1) : Prop := is_zero1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_zero1 (x:t1) : Prop := is_zero1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_not_nan2 (x:t1) : Prop := t'isFinite1 x \/ is_infinite1 x.
-
-Axiom is_not_nan3 : forall (x:t1), is_not_nan2 x <-> ~ is_nan1 x.
-
-Axiom is_not_finite1 :
- forall (x:t1), ~ t'isFinite1 x <-> is_infinite1 x \/ is_nan1 x.
-
-Axiom zeroF_is_positive1 : is_positive1 zeroF1.
-
-Axiom zeroF_is_zero1 : is_zero1 zeroF1.
-
-Axiom zero_to_real1 :
- forall (x:t1), is_zero1 x <-> t'isFinite1 x /\ ((t'real1 x) = 0%R).
-
-Parameter of_int1: mode -> Numbers.BinNums.Z -> t1.
-
-Parameter to_int1: mode -> t1 -> Numbers.BinNums.Z.
-
-Axiom zero_of_int1 : forall (m:mode), (zeroF1 = (of_int1 m 0%Z)).
-
-Parameter round1: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int1: Numbers.BinNums.Z.
-
-Axiom max_real_int1 :
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- = (BuiltIn.IZR max_int1)).
-
-(* Why3 assumption *)
-Definition in_range1 (x:Reals.Rdefinitions.R) : Prop :=
- ((-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R
- <= x)%R /\
- (x <=
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int1)%Z <= i)%Z /\ (i <= max_int1)%Z.
-
-Axiom is_finite1 : forall (x:t1), t'isFinite1 x -> in_range1 (t'real1 x).
-
-(* Why3 assumption *)
-Definition no_overflow1 (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range1 (round1 m x).
-
-Axiom Bounded_real_no_overflow1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range1 x -> no_overflow1 m x.
-
-Axiom Round_monotonic1 :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round1 m x) <= (round1 m y))%R.
-
-Axiom Round_idempotent1 :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round1 m2 x)) = (round1 m2 x)).
-
-Axiom Round_to_real1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((round1 m (t'real1 x)) = (t'real1 x)).
-
-Axiom Round_down_le1 :
- forall (x:Reals.Rdefinitions.R), ((round1 RTN x) <= x)%R.
-
-Axiom Round_up_ge1 :
- forall (x:Reals.Rdefinitions.R), (x <= (round1 RTP x))%R.
-
-Axiom Round_down_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTN (-x)%R) = (-(round1 RTP x))%R).
-
-Axiom Round_up_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTP (-x)%R) = (-(round1 RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-9007199254740992%Z)%Z <= i)%Z /\ (i <= 9007199254740992%Z)%Z.
-
-Axiom Exact_rounding_for_integers1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((round1 m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_positive1 y \/ is_negative1 x /\ is_negative1 y.
-
-(* Why3 assumption *)
-Definition diff_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_negative1 y \/ is_negative1 x /\ is_positive1 y.
-
-Axiom feq_eq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> ~ is_zero1 x ->
- eq1 x y -> (x = y).
-
-Axiom eq_feq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> (x = y) -> eq1 x y.
-
-Axiom eq_refl1 : forall (x:t1), t'isFinite1 x -> eq1 x x.
-
-Axiom eq_sym1 : forall (x:t1) (y:t1), eq1 x y -> eq1 y x.
-
-Axiom eq_trans1 : forall (x:t1) (y:t1) (z:t1), eq1 x y -> eq1 y z -> eq1 x z.
-
-Axiom eq_zero1 : eq1 zeroF1 (neg1 zeroF1).
-
-Axiom eq_to_real_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- eq1 x y <-> ((t'real1 x) = (t'real1 y)).
-
-Axiom eq_special1 :
- forall (x:t1) (y:t1), eq1 x y ->
- is_not_nan2 x /\
- is_not_nan2 y /\
- (t'isFinite1 x /\ t'isFinite1 y \/
- is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y).
-
-Axiom lt_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- lt1 x y <-> ((t'real1 x) < (t'real1 y))%R.
-
-Axiom le_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- le1 x y <-> ((t'real1 x) <= (t'real1 y))%R.
-
-Axiom le_lt_trans1 :
- forall (x:t1) (y:t1) (z:t1), le1 x y /\ lt1 y z -> lt1 x z.
-
-Axiom lt_le_trans1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y /\ le1 y z -> lt1 x z.
-
-Axiom le_ge_asym1 : forall (x:t1) (y:t1), le1 x y /\ le1 y x -> eq1 x y.
-
-Axiom not_lt_ge1 :
- forall (x:t1) (y:t1), ~ lt1 x y /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 y x.
-
-Axiom not_gt_le1 :
- forall (x:t1) (y:t1), ~ lt1 y x /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 x y.
-
-Axiom le_special1 :
- forall (x:t1) (y:t1), le1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y \/
- is_not_nan2 x /\ is_plus_infinity1 y.
-
-Axiom lt_special1 :
- forall (x:t1) (y:t1), lt1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y /\ ~ is_minus_infinity1 y \/
- is_not_nan2 x /\ ~ is_plus_infinity1 x /\ is_plus_infinity1 y.
-
-Axiom lt_lt_finite1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y -> lt1 y z -> t'isFinite1 y.
-
-Axiom positive_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x -> (0%R <= (t'real1 x))%R.
-
-Axiom to_real_positive1 :
- forall (x:t1), t'isFinite1 x -> (0%R < (t'real1 x))%R -> is_positive1 x.
-
-Axiom negative_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x -> ((t'real1 x) <= 0%R)%R.
-
-Axiom to_real_negative1 :
- forall (x:t1), t'isFinite1 x -> ((t'real1 x) < 0%R)%R -> is_negative1 x.
-
-Axiom negative_xor_positive1 :
- forall (x:t1), ~ (is_positive1 x /\ is_negative1 x).
-
-Axiom negative_or_positive1 :
- forall (x:t1), is_not_nan2 x -> is_positive1 x \/ is_negative1 x.
-
-Axiom diff_sign_trans1 :
- forall (x:t1) (y:t1) (z:t1), diff_sign1 x y /\ diff_sign1 y z ->
- same_sign1 x z.
-
-Axiom diff_sign_product1 :
- forall (x:t1) (y:t1),
- t'isFinite1 x /\ t'isFinite1 y /\ (((t'real1 x) * (t'real1 y))%R < 0%R)%R ->
- diff_sign1 x y.
-
-Axiom same_sign_product1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y /\ same_sign1 x y ->
- (0%R <= ((t'real1 x) * (t'real1 y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign1 (z:t1) (x:t1) (y:t1) : Prop :=
- (same_sign1 x y -> is_positive1 z) /\ (diff_sign1 x y -> is_negative1 z).
-
-(* Why3 assumption *)
-Definition overflow_value1 (m:mode) (x:t1) : Prop :=
- match m with
- | RTN =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x -> is_infinite1 x)
- | RTP =>
- (is_positive1 x -> is_infinite1 x) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RTZ =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RNA|RNE => is_infinite1 x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result1 (m:mode) (x:t1) : Prop :=
- is_zero1 x -> match m with
- | RTN => is_negative1 x
- | _ => is_positive1 x
- end.
-
-Axiom add_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- t'isFinite1 (add1 m x y) /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom add_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (add1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom add_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (add1 m x y) ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom sub_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- t'isFinite1 (sub1 m x y) /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom sub_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (sub1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom sub_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (sub1 m x y) ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom mul_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- t'isFinite1 (mul1 m x y) /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom mul_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (mul1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom mul_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (mul1 m x y) ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom div_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- ~ is_zero1 y -> no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- t'isFinite1 (div1 m x y) /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom div_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (div1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y \/
- t'isFinite1 x /\ is_infinite1 y /\ ((t'real1 (div1 m x y)) = 0%R).
-
-Axiom div_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (div1 m x y) ->
- t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) / (t'real1 y))%R /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom neg_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (neg1 x) /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom neg_finite_rev1 :
- forall (x:t1), t'isFinite1 (neg1 x) ->
- t'isFinite1 x /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom abs_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (abs1 x) /\
- ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))) /\
- is_positive1 (abs1 x).
-
-Axiom abs_finite_rev1 :
- forall (x:t1), t'isFinite1 (abs1 x) ->
- t'isFinite1 x /\ ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))).
-
-Axiom abs_universal1 : forall (x:t1), ~ is_negative1 (abs1 x).
-
-Axiom fma_finite1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 x -> t'isFinite1 y ->
- t'isFinite1 z ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- t'isFinite1 (fma1 m x y z) /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom fma_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 (fma1 m x y z) ->
- t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z.
-
-Axiom fma_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), to_nearest m ->
- t'isFinite1 (fma1 m x y z) ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom sqrt_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> (0%R <= (t'real1 x))%R ->
- t'isFinite1 (sqrt1 m x) /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-Axiom sqrt_finite_rev1 :
- forall (m:mode) (x:t1), t'isFinite1 (sqrt1 m x) ->
- t'isFinite1 x /\
- (0%R <= (t'real1 x))%R /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real1 (x:t1) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive1 x /\ (0%R < r)%R \/ is_negative1 x /\ (r < 0%R)%R.
-
-Axiom add_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := add1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ same_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) + (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (same_sign1 x y -> same_sign1 r x) /\
- (~ same_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom sub_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := sub1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ diff_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y -> is_nan1 r) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) - (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (diff_sign1 x y -> same_sign1 r x) /\
- (~ diff_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom mul_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := mul1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_infinite1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- overflow_value1 m r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom div_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := div1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_zero1 r) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- ~ is_zero1 y /\ ~ no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- overflow_value1 m r) /\
- (t'isFinite1 x /\ is_zero1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_zero1 x /\ is_zero1 y -> is_nan1 r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom neg_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (neg1 x)) /\
- (is_infinite1 x -> is_infinite1 (neg1 x)) /\
- (~ is_nan1 x -> diff_sign1 x (neg1 x)).
-
-Axiom abs_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (abs1 x)) /\
- (is_infinite1 x -> is_infinite1 (abs1 x)) /\
- (~ is_nan1 x -> is_positive1 (abs1 x)).
-
-Axiom fma_special1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1),
- let r := fma1 m x y z in
- (is_nan1 x \/ is_nan1 y \/ is_nan1 z -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ is_infinite1 z ->
- is_infinite1 r /\ same_sign1 r z) /\
- (is_infinite1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- t'isFinite1 z /\
- ~ no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- same_sign_real1 r (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z ->
- (product_sign1 z x y -> same_sign1 r z) /\
- (~ product_sign1 z x y ->
- ((((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R = 0%R) ->
- ((m = RTN) -> is_negative1 r) /\ (~ (m = RTN) -> is_positive1 r))).
-
-Axiom sqrt_special1 :
- forall (m:mode) (x:t1),
- let r := sqrt1 m x in
- (is_nan1 x -> is_nan1 r) /\
- (is_plus_infinity1 x -> is_plus_infinity1 r) /\
- (is_minus_infinity1 x -> is_nan1 r) /\
- (t'isFinite1 x /\ ((t'real1 x) < 0%R)%R -> is_nan1 r) /\
- (is_zero1 x -> same_sign1 r x) /\
- (t'isFinite1 x /\ (0%R < (t'real1 x))%R -> is_positive1 r).
-
-Axiom of_int_add_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i + j)%Z ->
- eq1 (of_int1 m (i + j)%Z) (add1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_sub_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i - j)%Z ->
- eq1 (of_int1 m (i - j)%Z) (sub1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_mul_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i * j)%Z ->
- eq1 (of_int1 m (i * j)%Z) (mul1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom Min_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (min1 x y) y.
-
-Axiom Min_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (min1 x y) x.
-
-Axiom Max_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (max1 x y) x.
-
-Axiom Max_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (max1 x y) y.
-
-Parameter is_int1: t1 -> Prop.
-
-Axiom zeroF_is_int1 : is_int1 zeroF1.
-
-Axiom of_int_is_int1 :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range1 x ->
- is_int1 (of_int1 m x).
-
-Axiom big_float_is_int1 :
- forall (m:mode) (i:t1), t'isFinite1 i ->
- le1 i (neg1 (of_int1 m 9007199254740992%Z)) \/
- le1 (of_int1 m 9007199254740992%Z) i -> is_int1 i.
-
-Axiom roundToIntegral_is_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> is_int1 (roundToIntegral1 m x).
-
-Axiom eq_is_int1 : forall (x:t1) (y:t1), eq1 x y -> is_int1 x -> is_int1 y.
-
-Axiom add_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (add1 m x y) -> is_int1 (add1 m x y).
-
-Axiom sub_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (sub1 m x y) -> is_int1 (sub1 m x y).
-
-Axiom mul_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (mul1 m x y) -> is_int1 (mul1 m x y).
-
-Axiom fma_int1 :
- forall (x:t1) (y:t1) (z:t1) (m:mode), is_int1 x -> is_int1 y ->
- is_int1 z -> t'isFinite1 (fma1 m x y z) -> is_int1 (fma1 m x y z).
-
-Axiom neg_int1 : forall (x:t1), is_int1 x -> is_int1 (neg1 x).
-
-Axiom abs_int1 : forall (x:t1), is_int1 x -> is_int1 (abs1 x).
-
-Axiom is_int_of_int1 :
- forall (x:t1) (m:mode) (m':mode), is_int1 x ->
- eq1 x (of_int1 m' (to_int1 m x)).
-
-Axiom is_int_to_int1 :
- forall (m:mode) (x:t1), is_int1 x -> in_int_range1 (to_int1 m x).
-
-Axiom is_int_is_finite1 : forall (x:t1), is_int1 x -> t'isFinite1 x.
-
-Axiom int_to_real1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((t'real1 x) = (BuiltIn.IZR (to_int1 m x))).
-
-Axiom truncate_int1 :
- forall (m:mode) (i:t1), is_int1 i -> eq1 (roundToIntegral1 m i) i.
-
-Axiom truncate_neg1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTP x)).
-
-Axiom truncate_pos1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTN x)).
-
-Axiom ceil_le1 :
- forall (x:t1), t'isFinite1 x -> le1 x (roundToIntegral1 RTP x).
-
-Axiom ceil_lest1 :
- forall (x:t1) (y:t1), le1 x y /\ is_int1 y ->
- le1 (roundToIntegral1 RTP x) y.
-
-Axiom ceil_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTP x)) = (BuiltIn.IZR (ceil (t'real1 x)))).
-
-Axiom ceil_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTP x)) = (ceil (t'real1 x))).
-
-Axiom floor_le1 :
- forall (x:t1), t'isFinite1 x -> le1 (roundToIntegral1 RTN x) x.
-
-Axiom floor_lest1 :
- forall (x:t1) (y:t1), le1 y x /\ is_int1 y ->
- le1 y (roundToIntegral1 RTN x).
-
-Axiom floor_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTN x)) = (BuiltIn.IZR (floor (t'real1 x)))).
-
-Axiom floor_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTN x)) = (floor (t'real1 x))).
-
-Axiom RNA_down1 :
- forall (x:t1),
- lt1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up1 :
- forall (x:t1),
- lt1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom RNA_down_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) -> is_negative1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) -> is_positive1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom to_int_roundToIntegral1 :
- forall (m:mode) (x:t1),
- ((to_int1 m x) = (to_int1 m (roundToIntegral1 m x))).
-
-Axiom to_int_monotonic1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> le1 x y ->
- ((to_int1 m x) <= (to_int1 m y))%Z.
-
-Axiom to_int_of_int1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((to_int1 m (of_int1 m i)) = i).
-
-Axiom eq_to_int1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> eq1 x y ->
- ((to_int1 m x) = (to_int1 m y)).
-
-Axiom neg_to_int1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((to_int1 m (neg1 x)) = (-(to_int1 m x))%Z).
-
-Axiom roundToIntegral_is_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> t'isFinite1 (roundToIntegral1 m x).
-
-Axiom round_bound_ne1 :
- forall (x:Reals.Rdefinitions.R), no_overflow1 RNE x ->
- (((x - ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R
- <= (round1 RNE x))%R /\
- ((round1 RNE x) <=
- ((x + ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R)%R.
-
-Axiom round_bound1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow1 m x ->
- (((x - ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R
- <= (round1 m x))%R /\
- ((round1 m x) <=
- ((x + ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R)%R.
-
-Parameter to_float64: mode -> t -> t1.
-
-Parameter to_float32: mode -> t1 -> t.
-
-Axiom round_double_single :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round m2 x)) = (round m2 x)).
-
-Axiom to_float64_exact :
- forall (m:mode) (x:t), t'isFinite x ->
- t'isFinite1 (to_float64 m x) /\ ((t'real1 (to_float64 m x)) = (t'real x)).
-
-Axiom to_float32_conv :
- forall (m:mode) (x:t1), t'isFinite1 x -> no_overflow m (t'real1 x) ->
- t'isFinite (to_float32 m x) /\
- ((t'real (to_float32 m x)) = (round m (t'real1 x))).
-
-(* Why3 assumption *)
-Definition f32 := t.
-
-(* Why3 assumption *)
-Definition f64 := t1.
-
-Parameter to_f32: Reals.Rdefinitions.R -> t.
-
-Parameter to_f64: Reals.Rdefinitions.R -> t1.
-
-Axiom to_float_is_finite_32 :
- forall (f:t), t'isFinite f -> eq (to_f32 (t'real f)) f.
-
-Axiom to_f32_range_round :
- forall (x:Reals.Rdefinitions.R), in_range x ->
- ((t'real (to_f32 x)) = (round RNE x)).
-
-Axiom to_f32_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range x -> t'isFinite (to_f32 x).
-
-Axiom to_f32_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x < (-(33554430 * 10141204801825835211973625643008)%R)%R)%R ->
- is_minus_infinity (to_f32 x).
-
-Axiom to_f32_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((33554430 * 10141204801825835211973625643008)%R < x)%R ->
- is_plus_infinity (to_f32 x).
-
-Axiom to_float_is_finite_64 :
- forall (f:t1), t'isFinite1 f -> eq1 (to_f64 (t'real1 f)) f.
-
-Axiom to_f64_range_round :
- forall (x:Reals.Rdefinitions.R), in_range1 x ->
- ((t'real1 (to_f64 x)) = (round1 RNE x)).
-
-Axiom to_f64_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range1 x -> t'isFinite1 (to_f64 x).
-
-Axiom to_f64_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x <
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R)%R ->
- is_minus_infinity1 (to_f64 x).
-
-Axiom to_f64_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- < x)%R ->
- is_plus_infinity1 (to_f64 x).
-
-(* Why3 assumption *)
-Definition round_float (m:mode) (r:Reals.Rdefinitions.R) : t :=
- to_f32 (round m r).
-
-(* Why3 assumption *)
-Definition round_double (m:mode) (r:Reals.Rdefinitions.R) : t1 :=
- to_f64 (round1 m r).
-
-Axiom is_zero_to_f32_zero : is_zero (to_f32 0%R).
-
-Axiom is_zero_to_f64_zero : is_zero1 (to_f64 0%R).
-
-Axiom real_0_is_zero_f32 : forall (f:t), (0%R = (t'real f)) -> is_zero f.
-
-Axiom real_0_is_zero_f64 : forall (f:t1), (0%R = (t'real1 f)) -> is_zero1 f.
-
-Axiom f32_to_f64 : forall (f:t), ((to_f64 (t'real f)) = (to_float64 RNE f)).
-
-Axiom f64_to_f32 :
- forall (f:t1), ((to_f32 (t'real1 f)) = (to_float32 RNE f)).
-
-(* Why3 assumption *)
-Definition finite (x:Reals.Rdefinitions.R) : Prop :=
- t'isFinite (to_f32 x) /\ t'isFinite1 (to_f64 x).
-
-Parameter eq_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom eq_f32b'def :
- forall (x:t) (y:t),
- (eq x y -> ((eq_f32b x y) = Init.Datatypes.true)) /\
- (~ eq x y -> ((eq_f32b x y) = Init.Datatypes.false)).
-
-Parameter eq_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom eq_f64b'def :
- forall (x:t1) (y:t1),
- (eq1 x y -> ((eq_f64b x y) = Init.Datatypes.true)) /\
- (~ eq1 x y -> ((eq_f64b x y) = Init.Datatypes.false)).
-
-(* Why3 assumption *)
-Definition ne_f32 (x:t) (y:t) : Prop := ~ eq x y.
-
-(* Why3 assumption *)
-Definition ne_f64 (x:t1) (y:t1) : Prop := ~ eq1 x y.
-
-Parameter ne_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom ne_f32b'def :
- forall (x:t) (y:t),
- (ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.true)) /\
- (~ ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.false)).
-
-Parameter ne_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom ne_f64b'def :
- forall (x:t1) (y:t1),
- (ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.true)) /\
- (~ ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.false)).
-
-Parameter le_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom le_f32b'def :
- forall (x:t) (y:t),
- (le x y -> ((le_f32b x y) = Init.Datatypes.true)) /\
- (~ le x y -> ((le_f32b x y) = Init.Datatypes.false)).
-
-Parameter le_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom le_f64b'def :
- forall (x:t1) (y:t1),
- (le1 x y -> ((le_f64b x y) = Init.Datatypes.true)) /\
- (~ le1 x y -> ((le_f64b x y) = Init.Datatypes.false)).
-
-Parameter lt_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom lt_f32b'def :
- forall (x:t) (y:t),
- (lt x y -> ((lt_f32b x y) = Init.Datatypes.true)) /\
- (~ lt x y -> ((lt_f32b x y) = Init.Datatypes.false)).
-
-Parameter lt_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom lt_f64b'def :
- forall (x:t1) (y:t1),
- (lt1 x y -> ((lt_f64b x y) = Init.Datatypes.true)) /\
- (~ lt1 x y -> ((lt_f64b x y) = Init.Datatypes.false)).
-
-Parameter model_f32: t -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f32 (f:t) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real f) - (model_f32 f))%R.
-
-(* Why3 assumption *)
-Definition error_f32 (f:t) : Reals.Rdefinitions.R :=
- ((delta_f32 f) / (Reals.Rbasic_fun.Rabs (model_f32 f)))%R.
-
-Parameter model_f64: t1 -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f64 (f:t1) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real1 f) - (model_f64 f))%R.
-
-(* Why3 assumption *)
-Definition error_f64 (f:t1) : Reals.Rdefinitions.R :=
- ((delta_f64 f) / (Reals.Rbasic_fun.Rabs (model_f64 f)))%R.
-
-Axiom Q_InfP_not_finite :
- forall (x:t1), ~ t'isFinite1 x \/ ~ is_plus_infinity1 x.
-
-Axiom Q_NaN_not_finite : forall (x:t1), ~ t'isFinite1 x \/ ~ is_nan1 x.
-
-(* Why3 goal *)
-Theorem wp_goal : forall (f:t1), ~ t'isFinite1 f \/ ~ is_minus_infinity1 f.
-Proof.
- admit.
-Admitted.
-
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_InfP_not_finite.v b/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_InfP_not_finite.v
deleted file mode 100644
index e544d62b139f1aa7e83b17bb15e1c8babbef5568..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_InfP_not_finite.v
+++ /dev/null
@@ -1,1765 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require Reals.Rbasic_fun.
-Require Reals.R_sqrt.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.Abs.
-Require real.FromInt.
-Require real.Square.
-Require map.Map.
-Require bv.Pow2int.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-Axiom abs_def :
- forall (x:Numbers.BinNums.Z),
- ((0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = x)) /\
- (~ (0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = (-x)%Z)).
-
-Axiom sqrt_lin1 :
- forall (x:Reals.Rdefinitions.R), (1%R < x)%R ->
- ((Reals.R_sqrt.sqrt x) < x)%R.
-
-Axiom sqrt_lin0 :
- forall (x:Reals.Rdefinitions.R), (0%R < x)%R /\ (x < 1%R)%R ->
- (x < (Reals.R_sqrt.sqrt x))%R.
-
-Axiom sqrt_0 : ((Reals.R_sqrt.sqrt 0%R) = 0%R).
-
-Axiom sqrt_1 : ((Reals.R_sqrt.sqrt 1%R) = 1%R).
-
-(* Why3 assumption *)
-Inductive mode :=
- | RNE : mode
- | RNA : mode
- | RTP : mode
- | RTN : mode
- | RTZ : mode.
-Axiom mode_WhyType : WhyType mode.
-Existing Instance mode_WhyType.
-
-(* Why3 assumption *)
-Definition to_nearest (m:mode) : Prop := (m = RNE) \/ (m = RNA).
-
-Axiom t : Type.
-Parameter t_WhyType : WhyType t.
-Existing Instance t_WhyType.
-
-Parameter t'real: t -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite: t -> Prop.
-
-Axiom t'axiom :
- forall (x:t), t'isFinite x ->
- ((-340282346638528859811704183484516925440%R)%R <= (t'real x))%R /\
- ((t'real x) <= 340282346638528859811704183484516925440%R)%R.
-
-Parameter truncate: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Truncate_int :
- forall (i:Numbers.BinNums.Z), ((truncate (BuiltIn.IZR i)) = i).
-
-Axiom Truncate_down_pos :
- forall (x:Reals.Rdefinitions.R), (0%R <= x)%R ->
- ((BuiltIn.IZR (truncate x)) <= x)%R /\
- (x < (BuiltIn.IZR ((truncate x) + 1%Z)%Z))%R.
-
-Axiom Truncate_up_neg :
- forall (x:Reals.Rdefinitions.R), (x <= 0%R)%R ->
- ((BuiltIn.IZR ((truncate x) - 1%Z)%Z) < x)%R /\
- (x <= (BuiltIn.IZR (truncate x)))%R.
-
-Axiom Real_of_truncate :
- forall (x:Reals.Rdefinitions.R),
- ((x - 1%R)%R <= (BuiltIn.IZR (truncate x)))%R /\
- ((BuiltIn.IZR (truncate x)) <= (x + 1%R)%R)%R.
-
-Axiom Truncate_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((truncate x) <= (truncate y))%Z.
-
-Axiom Truncate_monotonic_int1 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- (x <= (BuiltIn.IZR i))%R -> ((truncate x) <= i)%Z.
-
-Axiom Truncate_monotonic_int2 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- ((BuiltIn.IZR i) <= x)%R -> (i <= (truncate x))%Z.
-
-Parameter floor: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Parameter ceil: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Floor_int :
- forall (i:Numbers.BinNums.Z), ((floor (BuiltIn.IZR i)) = i).
-
-Axiom Ceil_int : forall (i:Numbers.BinNums.Z), ((ceil (BuiltIn.IZR i)) = i).
-
-Axiom Floor_down :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR (floor x)) <= x)%R /\
- (x < (BuiltIn.IZR ((floor x) + 1%Z)%Z))%R.
-
-Axiom Ceil_up :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR ((ceil x) - 1%Z)%Z) < x)%R /\ (x <= (BuiltIn.IZR (ceil x)))%R.
-
-Axiom Floor_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((floor x) <= (floor y))%Z.
-
-Axiom Ceil_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((ceil x) <= (ceil y))%Z.
-
-Parameter zeroF: t.
-
-Parameter add: mode -> t -> t -> t.
-
-Parameter sub: mode -> t -> t -> t.
-
-Parameter mul: mode -> t -> t -> t.
-
-Parameter div: mode -> t -> t -> t.
-
-Parameter abs: t -> t.
-
-Parameter neg: t -> t.
-
-Parameter fma: mode -> t -> t -> t -> t.
-
-Parameter sqrt: mode -> t -> t.
-
-Parameter roundToIntegral: mode -> t -> t.
-
-Parameter min: t -> t -> t.
-
-Parameter max: t -> t -> t.
-
-Parameter le: t -> t -> Prop.
-
-Parameter lt: t -> t -> Prop.
-
-Parameter eq: t -> t -> Prop.
-
-Parameter is_normal: t -> Prop.
-
-Parameter is_subnormal: t -> Prop.
-
-Parameter is_zero: t -> Prop.
-
-Parameter is_infinite: t -> Prop.
-
-Parameter is_nan: t -> Prop.
-
-Parameter is_positive: t -> Prop.
-
-Parameter is_negative: t -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity (x:t) : Prop := is_infinite x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity (x:t) : Prop := is_infinite x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_plus_zero (x:t) : Prop := is_zero x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_zero (x:t) : Prop := is_zero x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_not_nan (x:t) : Prop := t'isFinite x \/ is_infinite x.
-
-Axiom is_not_nan1 : forall (x:t), is_not_nan x <-> ~ is_nan x.
-
-Axiom is_not_finite :
- forall (x:t), ~ t'isFinite x <-> is_infinite x \/ is_nan x.
-
-Axiom zeroF_is_positive : is_positive zeroF.
-
-Axiom zeroF_is_zero : is_zero zeroF.
-
-Axiom zero_to_real :
- forall (x:t), is_zero x <-> t'isFinite x /\ ((t'real x) = 0%R).
-
-Parameter of_int: mode -> Numbers.BinNums.Z -> t.
-
-Parameter to_int: mode -> t -> Numbers.BinNums.Z.
-
-Axiom zero_of_int : forall (m:mode), (zeroF = (of_int m 0%Z)).
-
-Parameter round: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int: Numbers.BinNums.Z.
-
-Axiom max_real_int :
- ((33554430 * 10141204801825835211973625643008)%R = (BuiltIn.IZR max_int)).
-
-(* Why3 assumption *)
-Definition in_range (x:Reals.Rdefinitions.R) : Prop :=
- ((-(33554430 * 10141204801825835211973625643008)%R)%R <= x)%R /\
- (x <= (33554430 * 10141204801825835211973625643008)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int)%Z <= i)%Z /\ (i <= max_int)%Z.
-
-Axiom is_finite : forall (x:t), t'isFinite x -> in_range (t'real x).
-
-(* Why3 assumption *)
-Definition no_overflow (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range (round m x).
-
-Axiom Bounded_real_no_overflow :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range x -> no_overflow m x.
-
-Axiom Round_monotonic :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round m x) <= (round m y))%R.
-
-Axiom Round_idempotent :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round m1 (round m2 x)) = (round m2 x)).
-
-Axiom Round_to_real :
- forall (m:mode) (x:t), t'isFinite x -> ((round m (t'real x)) = (t'real x)).
-
-Axiom Round_down_le :
- forall (x:Reals.Rdefinitions.R), ((round RTN x) <= x)%R.
-
-Axiom Round_up_ge : forall (x:Reals.Rdefinitions.R), (x <= (round RTP x))%R.
-
-Axiom Round_down_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTN (-x)%R) = (-(round RTP x))%R).
-
-Axiom Round_up_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTP (-x)%R) = (-(round RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-16777216%Z)%Z <= i)%Z /\ (i <= 16777216%Z)%Z.
-
-Axiom Exact_rounding_for_integers :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((round m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_positive y \/ is_negative x /\ is_negative y.
-
-(* Why3 assumption *)
-Definition diff_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_negative y \/ is_negative x /\ is_positive y.
-
-Axiom feq_eq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero x ->
- eq x y -> (x = y).
-
-Axiom eq_feq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> (x = y) -> eq x y.
-
-Axiom eq_refl : forall (x:t), t'isFinite x -> eq x x.
-
-Axiom eq_sym : forall (x:t) (y:t), eq x y -> eq y x.
-
-Axiom eq_trans : forall (x:t) (y:t) (z:t), eq x y -> eq y z -> eq x z.
-
-Axiom eq_zero : eq zeroF (neg zeroF).
-
-Axiom eq_to_real_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- eq x y <-> ((t'real x) = (t'real y)).
-
-Axiom eq_special :
- forall (x:t) (y:t), eq x y ->
- is_not_nan x /\
- is_not_nan y /\
- (t'isFinite x /\ t'isFinite y \/
- is_infinite x /\ is_infinite y /\ same_sign x y).
-
-Axiom lt_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- lt x y <-> ((t'real x) < (t'real y))%R.
-
-Axiom le_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- le x y <-> ((t'real x) <= (t'real y))%R.
-
-Axiom le_lt_trans : forall (x:t) (y:t) (z:t), le x y /\ lt y z -> lt x z.
-
-Axiom lt_le_trans : forall (x:t) (y:t) (z:t), lt x y /\ le y z -> lt x z.
-
-Axiom le_ge_asym : forall (x:t) (y:t), le x y /\ le y x -> eq x y.
-
-Axiom not_lt_ge :
- forall (x:t) (y:t), ~ lt x y /\ is_not_nan x /\ is_not_nan y -> le y x.
-
-Axiom not_gt_le :
- forall (x:t) (y:t), ~ lt y x /\ is_not_nan x /\ is_not_nan y -> le x y.
-
-Axiom le_special :
- forall (x:t) (y:t), le x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y \/ is_not_nan x /\ is_plus_infinity y.
-
-Axiom lt_special :
- forall (x:t) (y:t), lt x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y /\ ~ is_minus_infinity y \/
- is_not_nan x /\ ~ is_plus_infinity x /\ is_plus_infinity y.
-
-Axiom lt_lt_finite :
- forall (x:t) (y:t) (z:t), lt x y -> lt y z -> t'isFinite y.
-
-Axiom positive_to_real :
- forall (x:t), t'isFinite x -> is_positive x -> (0%R <= (t'real x))%R.
-
-Axiom to_real_positive :
- forall (x:t), t'isFinite x -> (0%R < (t'real x))%R -> is_positive x.
-
-Axiom negative_to_real :
- forall (x:t), t'isFinite x -> is_negative x -> ((t'real x) <= 0%R)%R.
-
-Axiom to_real_negative :
- forall (x:t), t'isFinite x -> ((t'real x) < 0%R)%R -> is_negative x.
-
-Axiom negative_xor_positive :
- forall (x:t), ~ (is_positive x /\ is_negative x).
-
-Axiom negative_or_positive :
- forall (x:t), is_not_nan x -> is_positive x \/ is_negative x.
-
-Axiom diff_sign_trans :
- forall (x:t) (y:t) (z:t), diff_sign x y /\ diff_sign y z -> same_sign x z.
-
-Axiom diff_sign_product :
- forall (x:t) (y:t),
- t'isFinite x /\ t'isFinite y /\ (((t'real x) * (t'real y))%R < 0%R)%R ->
- diff_sign x y.
-
-Axiom same_sign_product :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y /\ same_sign x y ->
- (0%R <= ((t'real x) * (t'real y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign (z:t) (x:t) (y:t) : Prop :=
- (same_sign x y -> is_positive z) /\ (diff_sign x y -> is_negative z).
-
-(* Why3 assumption *)
-Definition overflow_value (m:mode) (x:t) : Prop :=
- match m with
- | RTN =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x -> is_infinite x)
- | RTP =>
- (is_positive x -> is_infinite x) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RTZ =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RNA|RNE => is_infinite x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result (m:mode) (x:t) : Prop :=
- is_zero x -> match m with
- | RTN => is_negative x
- | _ => is_positive x
- end.
-
-Axiom add_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) + (t'real y))%R ->
- t'isFinite (add m x y) /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom add_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (add m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom add_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (add m x y) ->
- no_overflow m ((t'real x) + (t'real y))%R /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom sub_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) - (t'real y))%R ->
- t'isFinite (sub m x y) /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom sub_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (sub m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom sub_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (sub m x y) ->
- no_overflow m ((t'real x) - (t'real y))%R /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom mul_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) * (t'real y))%R ->
- t'isFinite (mul m x y) /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom mul_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (mul m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom mul_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (mul m x y) ->
- no_overflow m ((t'real x) * (t'real y))%R /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom div_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero y ->
- no_overflow m ((t'real x) / (t'real y))%R ->
- t'isFinite (div m x y) /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom div_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (div m x y) ->
- t'isFinite x /\ t'isFinite y /\ ~ is_zero y \/
- t'isFinite x /\ is_infinite y /\ ((t'real (div m x y)) = 0%R).
-
-Axiom div_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (div m x y) ->
- t'isFinite y ->
- no_overflow m ((t'real x) / (t'real y))%R /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom neg_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (neg x) /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom neg_finite_rev :
- forall (x:t), t'isFinite (neg x) ->
- t'isFinite x /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom abs_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (abs x) /\
- ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))) /\
- is_positive (abs x).
-
-Axiom abs_finite_rev :
- forall (x:t), t'isFinite (abs x) ->
- t'isFinite x /\ ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))).
-
-Axiom abs_universal : forall (x:t), ~ is_negative (abs x).
-
-Axiom fma_finite :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite x -> t'isFinite y ->
- t'isFinite z ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- t'isFinite (fma m x y z) /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom fma_finite_rev :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite (fma m x y z) ->
- t'isFinite x /\ t'isFinite y /\ t'isFinite z.
-
-Axiom fma_finite_rev_n :
- forall (m:mode) (x:t) (y:t) (z:t), to_nearest m ->
- t'isFinite (fma m x y z) ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom sqrt_finite :
- forall (m:mode) (x:t), t'isFinite x -> (0%R <= (t'real x))%R ->
- t'isFinite (sqrt m x) /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-Axiom sqrt_finite_rev :
- forall (m:mode) (x:t), t'isFinite (sqrt m x) ->
- t'isFinite x /\
- (0%R <= (t'real x))%R /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real (x:t) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive x /\ (0%R < r)%R \/ is_negative x /\ (r < 0%R)%R.
-
-Axiom add_special :
- forall (m:mode) (x:t) (y:t),
- let r := add m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ same_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) + (t'real y))%R ->
- same_sign_real r ((t'real x) + (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (same_sign x y -> same_sign r x) /\
- (~ same_sign x y -> sign_zero_result m r)).
-
-Axiom sub_special :
- forall (m:mode) (x:t) (y:t),
- let r := sub m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ diff_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y -> is_nan r) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) - (t'real y))%R ->
- same_sign_real r ((t'real x) - (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (diff_sign x y -> same_sign r x) /\
- (~ diff_sign x y -> sign_zero_result m r)).
-
-Axiom mul_special :
- forall (m:mode) (x:t) (y:t),
- let r := mul m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y /\ ~ is_zero x -> is_infinite r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_infinite r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) * (t'real y))%R ->
- overflow_value m r) /\
- (~ is_nan r -> product_sign r x y).
-
-Axiom div_special :
- forall (m:mode) (x:t) (y:t),
- let r := div m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_zero r) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ is_zero y /\ ~ no_overflow m ((t'real x) / (t'real y))%R ->
- overflow_value m r) /\
- (t'isFinite x /\ is_zero y /\ ~ is_zero x -> is_infinite r) /\
- (is_zero x /\ is_zero y -> is_nan r) /\ (~ is_nan r -> product_sign r x y).
-
-Axiom neg_special :
- forall (x:t),
- (is_nan x -> is_nan (neg x)) /\
- (is_infinite x -> is_infinite (neg x)) /\
- (~ is_nan x -> diff_sign x (neg x)).
-
-Axiom abs_special :
- forall (x:t),
- (is_nan x -> is_nan (abs x)) /\
- (is_infinite x -> is_infinite (abs x)) /\
- (~ is_nan x -> is_positive (abs x)).
-
-Axiom fma_special :
- forall (m:mode) (x:t) (y:t) (z:t),
- let r := fma m x y z in
- (is_nan x \/ is_nan y \/ is_nan z -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ t'isFinite y /\ is_infinite z ->
- is_infinite r /\ same_sign r z) /\
- (is_infinite x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (t'isFinite x /\
- t'isFinite y /\
- t'isFinite z /\
- ~ no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- same_sign_real r (((t'real x) * (t'real y))%R + (t'real z))%R /\
- overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y /\ t'isFinite z ->
- (product_sign z x y -> same_sign r z) /\
- (~ product_sign z x y ->
- ((((t'real x) * (t'real y))%R + (t'real z))%R = 0%R) ->
- ((m = RTN) -> is_negative r) /\ (~ (m = RTN) -> is_positive r))).
-
-Axiom sqrt_special :
- forall (m:mode) (x:t),
- let r := sqrt m x in
- (is_nan x -> is_nan r) /\
- (is_plus_infinity x -> is_plus_infinity r) /\
- (is_minus_infinity x -> is_nan r) /\
- (t'isFinite x /\ ((t'real x) < 0%R)%R -> is_nan r) /\
- (is_zero x -> same_sign r x) /\
- (t'isFinite x /\ (0%R < (t'real x))%R -> is_positive r).
-
-Axiom of_int_add_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i + j)%Z ->
- eq (of_int m (i + j)%Z) (add n (of_int m i) (of_int m j)).
-
-Axiom of_int_sub_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i - j)%Z ->
- eq (of_int m (i - j)%Z) (sub n (of_int m i) (of_int m j)).
-
-Axiom of_int_mul_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i * j)%Z ->
- eq (of_int m (i * j)%Z) (mul n (of_int m i) (of_int m j)).
-
-Axiom Min_r : forall (x:t) (y:t), le y x -> eq (min x y) y.
-
-Axiom Min_l : forall (x:t) (y:t), le x y -> eq (min x y) x.
-
-Axiom Max_r : forall (x:t) (y:t), le y x -> eq (max x y) x.
-
-Axiom Max_l : forall (x:t) (y:t), le x y -> eq (max x y) y.
-
-Parameter is_int: t -> Prop.
-
-Axiom zeroF_is_int : is_int zeroF.
-
-Axiom of_int_is_int :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range x ->
- is_int (of_int m x).
-
-Axiom big_float_is_int :
- forall (m:mode) (i:t), t'isFinite i ->
- le i (neg (of_int m 16777216%Z)) \/ le (of_int m 16777216%Z) i -> is_int i.
-
-Axiom roundToIntegral_is_int :
- forall (m:mode) (x:t), t'isFinite x -> is_int (roundToIntegral m x).
-
-Axiom eq_is_int : forall (x:t) (y:t), eq x y -> is_int x -> is_int y.
-
-Axiom add_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (add m x y) -> is_int (add m x y).
-
-Axiom sub_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (sub m x y) -> is_int (sub m x y).
-
-Axiom mul_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (mul m x y) -> is_int (mul m x y).
-
-Axiom fma_int :
- forall (x:t) (y:t) (z:t) (m:mode), is_int x -> is_int y -> is_int z ->
- t'isFinite (fma m x y z) -> is_int (fma m x y z).
-
-Axiom neg_int : forall (x:t), is_int x -> is_int (neg x).
-
-Axiom abs_int : forall (x:t), is_int x -> is_int (abs x).
-
-Axiom is_int_of_int :
- forall (x:t) (m:mode) (m':mode), is_int x -> eq x (of_int m' (to_int m x)).
-
-Axiom is_int_to_int :
- forall (m:mode) (x:t), is_int x -> in_int_range (to_int m x).
-
-Axiom is_int_is_finite : forall (x:t), is_int x -> t'isFinite x.
-
-Axiom int_to_real :
- forall (m:mode) (x:t), is_int x ->
- ((t'real x) = (BuiltIn.IZR (to_int m x))).
-
-Axiom truncate_int :
- forall (m:mode) (i:t), is_int i -> eq (roundToIntegral m i) i.
-
-Axiom truncate_neg :
- forall (x:t), t'isFinite x -> is_negative x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTP x)).
-
-Axiom truncate_pos :
- forall (x:t), t'isFinite x -> is_positive x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTN x)).
-
-Axiom ceil_le : forall (x:t), t'isFinite x -> le x (roundToIntegral RTP x).
-
-Axiom ceil_lest :
- forall (x:t) (y:t), le x y /\ is_int y -> le (roundToIntegral RTP x) y.
-
-Axiom ceil_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTP x)) = (BuiltIn.IZR (ceil (t'real x)))).
-
-Axiom ceil_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTP x)) = (ceil (t'real x))).
-
-Axiom floor_le : forall (x:t), t'isFinite x -> le (roundToIntegral RTN x) x.
-
-Axiom floor_lest :
- forall (x:t) (y:t), le y x /\ is_int y -> le y (roundToIntegral RTN x).
-
-Axiom floor_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTN x)) = (BuiltIn.IZR (floor (t'real x)))).
-
-Axiom floor_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTN x)) = (floor (t'real x))).
-
-Axiom RNA_down :
- forall (x:t),
- lt (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up :
- forall (x:t),
- lt (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom RNA_down_tie :
- forall (x:t),
- eq (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- is_negative x -> ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up_tie :
- forall (x:t),
- eq (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- is_positive x -> ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom to_int_roundToIntegral :
- forall (m:mode) (x:t), ((to_int m x) = (to_int m (roundToIntegral m x))).
-
-Axiom to_int_monotonic :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> le x y ->
- ((to_int m x) <= (to_int m y))%Z.
-
-Axiom to_int_of_int :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((to_int m (of_int m i)) = i).
-
-Axiom eq_to_int :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> eq x y ->
- ((to_int m x) = (to_int m y)).
-
-Axiom neg_to_int :
- forall (m:mode) (x:t), is_int x -> ((to_int m (neg x)) = (-(to_int m x))%Z).
-
-Axiom roundToIntegral_is_finite :
- forall (m:mode) (x:t), t'isFinite x -> t'isFinite (roundToIntegral m x).
-
-Axiom round_bound_ne :
- forall (x:Reals.Rdefinitions.R), no_overflow RNE x ->
- (((x - ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 1427247692705959881058285969449495136382746624)%R)%R
- <= (round RNE x))%R /\
- ((round RNE x) <=
- ((x + ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 1427247692705959881058285969449495136382746624)%R)%R)%R.
-
-Axiom round_bound :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow m x ->
- (((x - ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 713623846352979940529142984724747568191373312)%R)%R
- <= (round m x))%R /\
- ((round m x) <=
- ((x + ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 713623846352979940529142984724747568191373312)%R)%R)%R.
-
-Axiom t1 : Type.
-Parameter t1_WhyType : WhyType t1.
-Existing Instance t1_WhyType.
-
-Parameter t'real1: t1 -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite1: t1 -> Prop.
-
-Axiom t'axiom1 :
- forall (x:t1), t'isFinite1 x ->
- ((-179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R
- <= (t'real1 x))%R /\
- ((t'real1 x) <=
- 179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R.
-
-Parameter zeroF1: t1.
-
-Parameter add1: mode -> t1 -> t1 -> t1.
-
-Parameter sub1: mode -> t1 -> t1 -> t1.
-
-Parameter mul1: mode -> t1 -> t1 -> t1.
-
-Parameter div1: mode -> t1 -> t1 -> t1.
-
-Parameter abs1: t1 -> t1.
-
-Parameter neg1: t1 -> t1.
-
-Parameter fma1: mode -> t1 -> t1 -> t1 -> t1.
-
-Parameter sqrt1: mode -> t1 -> t1.
-
-Parameter roundToIntegral1: mode -> t1 -> t1.
-
-Parameter min1: t1 -> t1 -> t1.
-
-Parameter max1: t1 -> t1 -> t1.
-
-Parameter le1: t1 -> t1 -> Prop.
-
-Parameter lt1: t1 -> t1 -> Prop.
-
-Parameter eq1: t1 -> t1 -> Prop.
-
-Parameter is_normal1: t1 -> Prop.
-
-Parameter is_subnormal1: t1 -> Prop.
-
-Parameter is_zero1: t1 -> Prop.
-
-Parameter is_infinite1: t1 -> Prop.
-
-Parameter is_nan1: t1 -> Prop.
-
-Parameter is_positive1: t1 -> Prop.
-
-Parameter is_negative1: t1 -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_plus_zero1 (x:t1) : Prop := is_zero1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_zero1 (x:t1) : Prop := is_zero1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_not_nan2 (x:t1) : Prop := t'isFinite1 x \/ is_infinite1 x.
-
-Axiom is_not_nan3 : forall (x:t1), is_not_nan2 x <-> ~ is_nan1 x.
-
-Axiom is_not_finite1 :
- forall (x:t1), ~ t'isFinite1 x <-> is_infinite1 x \/ is_nan1 x.
-
-Axiom zeroF_is_positive1 : is_positive1 zeroF1.
-
-Axiom zeroF_is_zero1 : is_zero1 zeroF1.
-
-Axiom zero_to_real1 :
- forall (x:t1), is_zero1 x <-> t'isFinite1 x /\ ((t'real1 x) = 0%R).
-
-Parameter of_int1: mode -> Numbers.BinNums.Z -> t1.
-
-Parameter to_int1: mode -> t1 -> Numbers.BinNums.Z.
-
-Axiom zero_of_int1 : forall (m:mode), (zeroF1 = (of_int1 m 0%Z)).
-
-Parameter round1: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int1: Numbers.BinNums.Z.
-
-Axiom max_real_int1 :
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- = (BuiltIn.IZR max_int1)).
-
-(* Why3 assumption *)
-Definition in_range1 (x:Reals.Rdefinitions.R) : Prop :=
- ((-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R
- <= x)%R /\
- (x <=
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int1)%Z <= i)%Z /\ (i <= max_int1)%Z.
-
-Axiom is_finite1 : forall (x:t1), t'isFinite1 x -> in_range1 (t'real1 x).
-
-(* Why3 assumption *)
-Definition no_overflow1 (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range1 (round1 m x).
-
-Axiom Bounded_real_no_overflow1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range1 x -> no_overflow1 m x.
-
-Axiom Round_monotonic1 :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round1 m x) <= (round1 m y))%R.
-
-Axiom Round_idempotent1 :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round1 m2 x)) = (round1 m2 x)).
-
-Axiom Round_to_real1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((round1 m (t'real1 x)) = (t'real1 x)).
-
-Axiom Round_down_le1 :
- forall (x:Reals.Rdefinitions.R), ((round1 RTN x) <= x)%R.
-
-Axiom Round_up_ge1 :
- forall (x:Reals.Rdefinitions.R), (x <= (round1 RTP x))%R.
-
-Axiom Round_down_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTN (-x)%R) = (-(round1 RTP x))%R).
-
-Axiom Round_up_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTP (-x)%R) = (-(round1 RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-9007199254740992%Z)%Z <= i)%Z /\ (i <= 9007199254740992%Z)%Z.
-
-Axiom Exact_rounding_for_integers1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((round1 m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_positive1 y \/ is_negative1 x /\ is_negative1 y.
-
-(* Why3 assumption *)
-Definition diff_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_negative1 y \/ is_negative1 x /\ is_positive1 y.
-
-Axiom feq_eq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> ~ is_zero1 x ->
- eq1 x y -> (x = y).
-
-Axiom eq_feq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> (x = y) -> eq1 x y.
-
-Axiom eq_refl1 : forall (x:t1), t'isFinite1 x -> eq1 x x.
-
-Axiom eq_sym1 : forall (x:t1) (y:t1), eq1 x y -> eq1 y x.
-
-Axiom eq_trans1 : forall (x:t1) (y:t1) (z:t1), eq1 x y -> eq1 y z -> eq1 x z.
-
-Axiom eq_zero1 : eq1 zeroF1 (neg1 zeroF1).
-
-Axiom eq_to_real_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- eq1 x y <-> ((t'real1 x) = (t'real1 y)).
-
-Axiom eq_special1 :
- forall (x:t1) (y:t1), eq1 x y ->
- is_not_nan2 x /\
- is_not_nan2 y /\
- (t'isFinite1 x /\ t'isFinite1 y \/
- is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y).
-
-Axiom lt_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- lt1 x y <-> ((t'real1 x) < (t'real1 y))%R.
-
-Axiom le_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- le1 x y <-> ((t'real1 x) <= (t'real1 y))%R.
-
-Axiom le_lt_trans1 :
- forall (x:t1) (y:t1) (z:t1), le1 x y /\ lt1 y z -> lt1 x z.
-
-Axiom lt_le_trans1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y /\ le1 y z -> lt1 x z.
-
-Axiom le_ge_asym1 : forall (x:t1) (y:t1), le1 x y /\ le1 y x -> eq1 x y.
-
-Axiom not_lt_ge1 :
- forall (x:t1) (y:t1), ~ lt1 x y /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 y x.
-
-Axiom not_gt_le1 :
- forall (x:t1) (y:t1), ~ lt1 y x /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 x y.
-
-Axiom le_special1 :
- forall (x:t1) (y:t1), le1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y \/
- is_not_nan2 x /\ is_plus_infinity1 y.
-
-Axiom lt_special1 :
- forall (x:t1) (y:t1), lt1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y /\ ~ is_minus_infinity1 y \/
- is_not_nan2 x /\ ~ is_plus_infinity1 x /\ is_plus_infinity1 y.
-
-Axiom lt_lt_finite1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y -> lt1 y z -> t'isFinite1 y.
-
-Axiom positive_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x -> (0%R <= (t'real1 x))%R.
-
-Axiom to_real_positive1 :
- forall (x:t1), t'isFinite1 x -> (0%R < (t'real1 x))%R -> is_positive1 x.
-
-Axiom negative_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x -> ((t'real1 x) <= 0%R)%R.
-
-Axiom to_real_negative1 :
- forall (x:t1), t'isFinite1 x -> ((t'real1 x) < 0%R)%R -> is_negative1 x.
-
-Axiom negative_xor_positive1 :
- forall (x:t1), ~ (is_positive1 x /\ is_negative1 x).
-
-Axiom negative_or_positive1 :
- forall (x:t1), is_not_nan2 x -> is_positive1 x \/ is_negative1 x.
-
-Axiom diff_sign_trans1 :
- forall (x:t1) (y:t1) (z:t1), diff_sign1 x y /\ diff_sign1 y z ->
- same_sign1 x z.
-
-Axiom diff_sign_product1 :
- forall (x:t1) (y:t1),
- t'isFinite1 x /\ t'isFinite1 y /\ (((t'real1 x) * (t'real1 y))%R < 0%R)%R ->
- diff_sign1 x y.
-
-Axiom same_sign_product1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y /\ same_sign1 x y ->
- (0%R <= ((t'real1 x) * (t'real1 y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign1 (z:t1) (x:t1) (y:t1) : Prop :=
- (same_sign1 x y -> is_positive1 z) /\ (diff_sign1 x y -> is_negative1 z).
-
-(* Why3 assumption *)
-Definition overflow_value1 (m:mode) (x:t1) : Prop :=
- match m with
- | RTN =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x -> is_infinite1 x)
- | RTP =>
- (is_positive1 x -> is_infinite1 x) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RTZ =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RNA|RNE => is_infinite1 x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result1 (m:mode) (x:t1) : Prop :=
- is_zero1 x -> match m with
- | RTN => is_negative1 x
- | _ => is_positive1 x
- end.
-
-Axiom add_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- t'isFinite1 (add1 m x y) /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom add_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (add1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom add_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (add1 m x y) ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom sub_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- t'isFinite1 (sub1 m x y) /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom sub_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (sub1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom sub_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (sub1 m x y) ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom mul_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- t'isFinite1 (mul1 m x y) /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom mul_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (mul1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom mul_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (mul1 m x y) ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom div_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- ~ is_zero1 y -> no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- t'isFinite1 (div1 m x y) /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom div_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (div1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y \/
- t'isFinite1 x /\ is_infinite1 y /\ ((t'real1 (div1 m x y)) = 0%R).
-
-Axiom div_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (div1 m x y) ->
- t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) / (t'real1 y))%R /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom neg_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (neg1 x) /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom neg_finite_rev1 :
- forall (x:t1), t'isFinite1 (neg1 x) ->
- t'isFinite1 x /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom abs_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (abs1 x) /\
- ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))) /\
- is_positive1 (abs1 x).
-
-Axiom abs_finite_rev1 :
- forall (x:t1), t'isFinite1 (abs1 x) ->
- t'isFinite1 x /\ ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))).
-
-Axiom abs_universal1 : forall (x:t1), ~ is_negative1 (abs1 x).
-
-Axiom fma_finite1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 x -> t'isFinite1 y ->
- t'isFinite1 z ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- t'isFinite1 (fma1 m x y z) /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom fma_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 (fma1 m x y z) ->
- t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z.
-
-Axiom fma_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), to_nearest m ->
- t'isFinite1 (fma1 m x y z) ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom sqrt_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> (0%R <= (t'real1 x))%R ->
- t'isFinite1 (sqrt1 m x) /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-Axiom sqrt_finite_rev1 :
- forall (m:mode) (x:t1), t'isFinite1 (sqrt1 m x) ->
- t'isFinite1 x /\
- (0%R <= (t'real1 x))%R /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real1 (x:t1) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive1 x /\ (0%R < r)%R \/ is_negative1 x /\ (r < 0%R)%R.
-
-Axiom add_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := add1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ same_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) + (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (same_sign1 x y -> same_sign1 r x) /\
- (~ same_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom sub_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := sub1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ diff_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y -> is_nan1 r) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) - (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (diff_sign1 x y -> same_sign1 r x) /\
- (~ diff_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom mul_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := mul1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_infinite1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- overflow_value1 m r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom div_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := div1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_zero1 r) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- ~ is_zero1 y /\ ~ no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- overflow_value1 m r) /\
- (t'isFinite1 x /\ is_zero1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_zero1 x /\ is_zero1 y -> is_nan1 r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom neg_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (neg1 x)) /\
- (is_infinite1 x -> is_infinite1 (neg1 x)) /\
- (~ is_nan1 x -> diff_sign1 x (neg1 x)).
-
-Axiom abs_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (abs1 x)) /\
- (is_infinite1 x -> is_infinite1 (abs1 x)) /\
- (~ is_nan1 x -> is_positive1 (abs1 x)).
-
-Axiom fma_special1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1),
- let r := fma1 m x y z in
- (is_nan1 x \/ is_nan1 y \/ is_nan1 z -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ is_infinite1 z ->
- is_infinite1 r /\ same_sign1 r z) /\
- (is_infinite1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- t'isFinite1 z /\
- ~ no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- same_sign_real1 r (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z ->
- (product_sign1 z x y -> same_sign1 r z) /\
- (~ product_sign1 z x y ->
- ((((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R = 0%R) ->
- ((m = RTN) -> is_negative1 r) /\ (~ (m = RTN) -> is_positive1 r))).
-
-Axiom sqrt_special1 :
- forall (m:mode) (x:t1),
- let r := sqrt1 m x in
- (is_nan1 x -> is_nan1 r) /\
- (is_plus_infinity1 x -> is_plus_infinity1 r) /\
- (is_minus_infinity1 x -> is_nan1 r) /\
- (t'isFinite1 x /\ ((t'real1 x) < 0%R)%R -> is_nan1 r) /\
- (is_zero1 x -> same_sign1 r x) /\
- (t'isFinite1 x /\ (0%R < (t'real1 x))%R -> is_positive1 r).
-
-Axiom of_int_add_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i + j)%Z ->
- eq1 (of_int1 m (i + j)%Z) (add1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_sub_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i - j)%Z ->
- eq1 (of_int1 m (i - j)%Z) (sub1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_mul_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i * j)%Z ->
- eq1 (of_int1 m (i * j)%Z) (mul1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom Min_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (min1 x y) y.
-
-Axiom Min_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (min1 x y) x.
-
-Axiom Max_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (max1 x y) x.
-
-Axiom Max_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (max1 x y) y.
-
-Parameter is_int1: t1 -> Prop.
-
-Axiom zeroF_is_int1 : is_int1 zeroF1.
-
-Axiom of_int_is_int1 :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range1 x ->
- is_int1 (of_int1 m x).
-
-Axiom big_float_is_int1 :
- forall (m:mode) (i:t1), t'isFinite1 i ->
- le1 i (neg1 (of_int1 m 9007199254740992%Z)) \/
- le1 (of_int1 m 9007199254740992%Z) i -> is_int1 i.
-
-Axiom roundToIntegral_is_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> is_int1 (roundToIntegral1 m x).
-
-Axiom eq_is_int1 : forall (x:t1) (y:t1), eq1 x y -> is_int1 x -> is_int1 y.
-
-Axiom add_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (add1 m x y) -> is_int1 (add1 m x y).
-
-Axiom sub_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (sub1 m x y) -> is_int1 (sub1 m x y).
-
-Axiom mul_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (mul1 m x y) -> is_int1 (mul1 m x y).
-
-Axiom fma_int1 :
- forall (x:t1) (y:t1) (z:t1) (m:mode), is_int1 x -> is_int1 y ->
- is_int1 z -> t'isFinite1 (fma1 m x y z) -> is_int1 (fma1 m x y z).
-
-Axiom neg_int1 : forall (x:t1), is_int1 x -> is_int1 (neg1 x).
-
-Axiom abs_int1 : forall (x:t1), is_int1 x -> is_int1 (abs1 x).
-
-Axiom is_int_of_int1 :
- forall (x:t1) (m:mode) (m':mode), is_int1 x ->
- eq1 x (of_int1 m' (to_int1 m x)).
-
-Axiom is_int_to_int1 :
- forall (m:mode) (x:t1), is_int1 x -> in_int_range1 (to_int1 m x).
-
-Axiom is_int_is_finite1 : forall (x:t1), is_int1 x -> t'isFinite1 x.
-
-Axiom int_to_real1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((t'real1 x) = (BuiltIn.IZR (to_int1 m x))).
-
-Axiom truncate_int1 :
- forall (m:mode) (i:t1), is_int1 i -> eq1 (roundToIntegral1 m i) i.
-
-Axiom truncate_neg1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTP x)).
-
-Axiom truncate_pos1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTN x)).
-
-Axiom ceil_le1 :
- forall (x:t1), t'isFinite1 x -> le1 x (roundToIntegral1 RTP x).
-
-Axiom ceil_lest1 :
- forall (x:t1) (y:t1), le1 x y /\ is_int1 y ->
- le1 (roundToIntegral1 RTP x) y.
-
-Axiom ceil_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTP x)) = (BuiltIn.IZR (ceil (t'real1 x)))).
-
-Axiom ceil_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTP x)) = (ceil (t'real1 x))).
-
-Axiom floor_le1 :
- forall (x:t1), t'isFinite1 x -> le1 (roundToIntegral1 RTN x) x.
-
-Axiom floor_lest1 :
- forall (x:t1) (y:t1), le1 y x /\ is_int1 y ->
- le1 y (roundToIntegral1 RTN x).
-
-Axiom floor_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTN x)) = (BuiltIn.IZR (floor (t'real1 x)))).
-
-Axiom floor_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTN x)) = (floor (t'real1 x))).
-
-Axiom RNA_down1 :
- forall (x:t1),
- lt1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up1 :
- forall (x:t1),
- lt1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom RNA_down_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) -> is_negative1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) -> is_positive1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom to_int_roundToIntegral1 :
- forall (m:mode) (x:t1),
- ((to_int1 m x) = (to_int1 m (roundToIntegral1 m x))).
-
-Axiom to_int_monotonic1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> le1 x y ->
- ((to_int1 m x) <= (to_int1 m y))%Z.
-
-Axiom to_int_of_int1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((to_int1 m (of_int1 m i)) = i).
-
-Axiom eq_to_int1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> eq1 x y ->
- ((to_int1 m x) = (to_int1 m y)).
-
-Axiom neg_to_int1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((to_int1 m (neg1 x)) = (-(to_int1 m x))%Z).
-
-Axiom roundToIntegral_is_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> t'isFinite1 (roundToIntegral1 m x).
-
-Axiom round_bound_ne1 :
- forall (x:Reals.Rdefinitions.R), no_overflow1 RNE x ->
- (((x - ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R
- <= (round1 RNE x))%R /\
- ((round1 RNE x) <=
- ((x + ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R)%R.
-
-Axiom round_bound1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow1 m x ->
- (((x - ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R
- <= (round1 m x))%R /\
- ((round1 m x) <=
- ((x + ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R)%R.
-
-Parameter to_float64: mode -> t -> t1.
-
-Parameter to_float32: mode -> t1 -> t.
-
-Axiom round_double_single :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round m2 x)) = (round m2 x)).
-
-Axiom to_float64_exact :
- forall (m:mode) (x:t), t'isFinite x ->
- t'isFinite1 (to_float64 m x) /\ ((t'real1 (to_float64 m x)) = (t'real x)).
-
-Axiom to_float32_conv :
- forall (m:mode) (x:t1), t'isFinite1 x -> no_overflow m (t'real1 x) ->
- t'isFinite (to_float32 m x) /\
- ((t'real (to_float32 m x)) = (round m (t'real1 x))).
-
-(* Why3 assumption *)
-Definition f32 := t.
-
-(* Why3 assumption *)
-Definition f64 := t1.
-
-Parameter to_f32: Reals.Rdefinitions.R -> t.
-
-Parameter to_f64: Reals.Rdefinitions.R -> t1.
-
-Axiom to_float_is_finite_32 :
- forall (f:t), t'isFinite f -> eq (to_f32 (t'real f)) f.
-
-Axiom to_f32_range_round :
- forall (x:Reals.Rdefinitions.R), in_range x ->
- ((t'real (to_f32 x)) = (round RNE x)).
-
-Axiom to_f32_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range x -> t'isFinite (to_f32 x).
-
-Axiom to_f32_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x < (-(33554430 * 10141204801825835211973625643008)%R)%R)%R ->
- is_minus_infinity (to_f32 x).
-
-Axiom to_f32_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((33554430 * 10141204801825835211973625643008)%R < x)%R ->
- is_plus_infinity (to_f32 x).
-
-Axiom to_float_is_finite_64 :
- forall (f:t1), t'isFinite1 f -> eq1 (to_f64 (t'real1 f)) f.
-
-Axiom to_f64_range_round :
- forall (x:Reals.Rdefinitions.R), in_range1 x ->
- ((t'real1 (to_f64 x)) = (round1 RNE x)).
-
-Axiom to_f64_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range1 x -> t'isFinite1 (to_f64 x).
-
-Axiom to_f64_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x <
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R)%R ->
- is_minus_infinity1 (to_f64 x).
-
-Axiom to_f64_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- < x)%R ->
- is_plus_infinity1 (to_f64 x).
-
-(* Why3 assumption *)
-Definition round_float (m:mode) (r:Reals.Rdefinitions.R) : t :=
- to_f32 (round m r).
-
-(* Why3 assumption *)
-Definition round_double (m:mode) (r:Reals.Rdefinitions.R) : t1 :=
- to_f64 (round1 m r).
-
-Axiom is_zero_to_f32_zero : is_zero (to_f32 0%R).
-
-Axiom is_zero_to_f64_zero : is_zero1 (to_f64 0%R).
-
-Axiom real_0_is_zero_f32 : forall (f:t), (0%R = (t'real f)) -> is_zero f.
-
-Axiom real_0_is_zero_f64 : forall (f:t1), (0%R = (t'real1 f)) -> is_zero1 f.
-
-Axiom f32_to_f64 : forall (f:t), ((to_f64 (t'real f)) = (to_float64 RNE f)).
-
-Axiom f64_to_f32 :
- forall (f:t1), ((to_f32 (t'real1 f)) = (to_float32 RNE f)).
-
-(* Why3 assumption *)
-Definition finite (x:Reals.Rdefinitions.R) : Prop :=
- t'isFinite (to_f32 x) /\ t'isFinite1 (to_f64 x).
-
-Parameter eq_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom eq_f32b'def :
- forall (x:t) (y:t),
- (eq x y -> ((eq_f32b x y) = Init.Datatypes.true)) /\
- (~ eq x y -> ((eq_f32b x y) = Init.Datatypes.false)).
-
-Parameter eq_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom eq_f64b'def :
- forall (x:t1) (y:t1),
- (eq1 x y -> ((eq_f64b x y) = Init.Datatypes.true)) /\
- (~ eq1 x y -> ((eq_f64b x y) = Init.Datatypes.false)).
-
-(* Why3 assumption *)
-Definition ne_f32 (x:t) (y:t) : Prop := ~ eq x y.
-
-(* Why3 assumption *)
-Definition ne_f64 (x:t1) (y:t1) : Prop := ~ eq1 x y.
-
-Parameter ne_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom ne_f32b'def :
- forall (x:t) (y:t),
- (ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.true)) /\
- (~ ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.false)).
-
-Parameter ne_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom ne_f64b'def :
- forall (x:t1) (y:t1),
- (ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.true)) /\
- (~ ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.false)).
-
-Parameter le_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom le_f32b'def :
- forall (x:t) (y:t),
- (le x y -> ((le_f32b x y) = Init.Datatypes.true)) /\
- (~ le x y -> ((le_f32b x y) = Init.Datatypes.false)).
-
-Parameter le_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom le_f64b'def :
- forall (x:t1) (y:t1),
- (le1 x y -> ((le_f64b x y) = Init.Datatypes.true)) /\
- (~ le1 x y -> ((le_f64b x y) = Init.Datatypes.false)).
-
-Parameter lt_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom lt_f32b'def :
- forall (x:t) (y:t),
- (lt x y -> ((lt_f32b x y) = Init.Datatypes.true)) /\
- (~ lt x y -> ((lt_f32b x y) = Init.Datatypes.false)).
-
-Parameter lt_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom lt_f64b'def :
- forall (x:t1) (y:t1),
- (lt1 x y -> ((lt_f64b x y) = Init.Datatypes.true)) /\
- (~ lt1 x y -> ((lt_f64b x y) = Init.Datatypes.false)).
-
-Parameter model_f32: t -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f32 (f:t) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real f) - (model_f32 f))%R.
-
-(* Why3 assumption *)
-Definition error_f32 (f:t) : Reals.Rdefinitions.R :=
- ((delta_f32 f) / (Reals.Rbasic_fun.Rabs (model_f32 f)))%R.
-
-Parameter model_f64: t1 -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f64 (f:t1) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real1 f) - (model_f64 f))%R.
-
-(* Why3 assumption *)
-Definition error_f64 (f:t1) : Reals.Rdefinitions.R :=
- ((delta_f64 f) / (Reals.Rbasic_fun.Rabs (model_f64 f)))%R.
-
-Axiom Q_NaN_not_finite : forall (x:t1), ~ t'isFinite1 x \/ ~ is_nan1 x.
-
-(* Why3 goal *)
-Theorem wp_goal : forall (f:t1), ~ t'isFinite1 f \/ ~ is_plus_infinity1 f.
-Proof.
- admit.
-Admitted.
-
diff --git a/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_NaN_not_finite.v b/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_NaN_not_finite.v
deleted file mode 100644
index a86828893bd332312c7da8814d7a4d82552eae36..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_acsl/oracle_qualif/classify_float.1.session/interactive/lemma_NaN_not_finite.v
+++ /dev/null
@@ -1,1763 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require Reals.Rbasic_fun.
-Require Reals.R_sqrt.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.Abs.
-Require real.FromInt.
-Require real.Square.
-Require map.Map.
-Require bv.Pow2int.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-Axiom abs_def :
- forall (x:Numbers.BinNums.Z),
- ((0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = x)) /\
- (~ (0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = (-x)%Z)).
-
-Axiom sqrt_lin1 :
- forall (x:Reals.Rdefinitions.R), (1%R < x)%R ->
- ((Reals.R_sqrt.sqrt x) < x)%R.
-
-Axiom sqrt_lin0 :
- forall (x:Reals.Rdefinitions.R), (0%R < x)%R /\ (x < 1%R)%R ->
- (x < (Reals.R_sqrt.sqrt x))%R.
-
-Axiom sqrt_0 : ((Reals.R_sqrt.sqrt 0%R) = 0%R).
-
-Axiom sqrt_1 : ((Reals.R_sqrt.sqrt 1%R) = 1%R).
-
-(* Why3 assumption *)
-Inductive mode :=
- | RNE : mode
- | RNA : mode
- | RTP : mode
- | RTN : mode
- | RTZ : mode.
-Axiom mode_WhyType : WhyType mode.
-Existing Instance mode_WhyType.
-
-(* Why3 assumption *)
-Definition to_nearest (m:mode) : Prop := (m = RNE) \/ (m = RNA).
-
-Axiom t : Type.
-Parameter t_WhyType : WhyType t.
-Existing Instance t_WhyType.
-
-Parameter t'real: t -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite: t -> Prop.
-
-Axiom t'axiom :
- forall (x:t), t'isFinite x ->
- ((-340282346638528859811704183484516925440%R)%R <= (t'real x))%R /\
- ((t'real x) <= 340282346638528859811704183484516925440%R)%R.
-
-Parameter truncate: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Truncate_int :
- forall (i:Numbers.BinNums.Z), ((truncate (BuiltIn.IZR i)) = i).
-
-Axiom Truncate_down_pos :
- forall (x:Reals.Rdefinitions.R), (0%R <= x)%R ->
- ((BuiltIn.IZR (truncate x)) <= x)%R /\
- (x < (BuiltIn.IZR ((truncate x) + 1%Z)%Z))%R.
-
-Axiom Truncate_up_neg :
- forall (x:Reals.Rdefinitions.R), (x <= 0%R)%R ->
- ((BuiltIn.IZR ((truncate x) - 1%Z)%Z) < x)%R /\
- (x <= (BuiltIn.IZR (truncate x)))%R.
-
-Axiom Real_of_truncate :
- forall (x:Reals.Rdefinitions.R),
- ((x - 1%R)%R <= (BuiltIn.IZR (truncate x)))%R /\
- ((BuiltIn.IZR (truncate x)) <= (x + 1%R)%R)%R.
-
-Axiom Truncate_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((truncate x) <= (truncate y))%Z.
-
-Axiom Truncate_monotonic_int1 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- (x <= (BuiltIn.IZR i))%R -> ((truncate x) <= i)%Z.
-
-Axiom Truncate_monotonic_int2 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- ((BuiltIn.IZR i) <= x)%R -> (i <= (truncate x))%Z.
-
-Parameter floor: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Parameter ceil: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Floor_int :
- forall (i:Numbers.BinNums.Z), ((floor (BuiltIn.IZR i)) = i).
-
-Axiom Ceil_int : forall (i:Numbers.BinNums.Z), ((ceil (BuiltIn.IZR i)) = i).
-
-Axiom Floor_down :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR (floor x)) <= x)%R /\
- (x < (BuiltIn.IZR ((floor x) + 1%Z)%Z))%R.
-
-Axiom Ceil_up :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR ((ceil x) - 1%Z)%Z) < x)%R /\ (x <= (BuiltIn.IZR (ceil x)))%R.
-
-Axiom Floor_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((floor x) <= (floor y))%Z.
-
-Axiom Ceil_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((ceil x) <= (ceil y))%Z.
-
-Parameter zeroF: t.
-
-Parameter add: mode -> t -> t -> t.
-
-Parameter sub: mode -> t -> t -> t.
-
-Parameter mul: mode -> t -> t -> t.
-
-Parameter div: mode -> t -> t -> t.
-
-Parameter abs: t -> t.
-
-Parameter neg: t -> t.
-
-Parameter fma: mode -> t -> t -> t -> t.
-
-Parameter sqrt: mode -> t -> t.
-
-Parameter roundToIntegral: mode -> t -> t.
-
-Parameter min: t -> t -> t.
-
-Parameter max: t -> t -> t.
-
-Parameter le: t -> t -> Prop.
-
-Parameter lt: t -> t -> Prop.
-
-Parameter eq: t -> t -> Prop.
-
-Parameter is_normal: t -> Prop.
-
-Parameter is_subnormal: t -> Prop.
-
-Parameter is_zero: t -> Prop.
-
-Parameter is_infinite: t -> Prop.
-
-Parameter is_nan: t -> Prop.
-
-Parameter is_positive: t -> Prop.
-
-Parameter is_negative: t -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity (x:t) : Prop := is_infinite x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity (x:t) : Prop := is_infinite x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_plus_zero (x:t) : Prop := is_zero x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_zero (x:t) : Prop := is_zero x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_not_nan (x:t) : Prop := t'isFinite x \/ is_infinite x.
-
-Axiom is_not_nan1 : forall (x:t), is_not_nan x <-> ~ is_nan x.
-
-Axiom is_not_finite :
- forall (x:t), ~ t'isFinite x <-> is_infinite x \/ is_nan x.
-
-Axiom zeroF_is_positive : is_positive zeroF.
-
-Axiom zeroF_is_zero : is_zero zeroF.
-
-Axiom zero_to_real :
- forall (x:t), is_zero x <-> t'isFinite x /\ ((t'real x) = 0%R).
-
-Parameter of_int: mode -> Numbers.BinNums.Z -> t.
-
-Parameter to_int: mode -> t -> Numbers.BinNums.Z.
-
-Axiom zero_of_int : forall (m:mode), (zeroF = (of_int m 0%Z)).
-
-Parameter round: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int: Numbers.BinNums.Z.
-
-Axiom max_real_int :
- ((33554430 * 10141204801825835211973625643008)%R = (BuiltIn.IZR max_int)).
-
-(* Why3 assumption *)
-Definition in_range (x:Reals.Rdefinitions.R) : Prop :=
- ((-(33554430 * 10141204801825835211973625643008)%R)%R <= x)%R /\
- (x <= (33554430 * 10141204801825835211973625643008)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int)%Z <= i)%Z /\ (i <= max_int)%Z.
-
-Axiom is_finite : forall (x:t), t'isFinite x -> in_range (t'real x).
-
-(* Why3 assumption *)
-Definition no_overflow (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range (round m x).
-
-Axiom Bounded_real_no_overflow :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range x -> no_overflow m x.
-
-Axiom Round_monotonic :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round m x) <= (round m y))%R.
-
-Axiom Round_idempotent :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round m1 (round m2 x)) = (round m2 x)).
-
-Axiom Round_to_real :
- forall (m:mode) (x:t), t'isFinite x -> ((round m (t'real x)) = (t'real x)).
-
-Axiom Round_down_le :
- forall (x:Reals.Rdefinitions.R), ((round RTN x) <= x)%R.
-
-Axiom Round_up_ge : forall (x:Reals.Rdefinitions.R), (x <= (round RTP x))%R.
-
-Axiom Round_down_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTN (-x)%R) = (-(round RTP x))%R).
-
-Axiom Round_up_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTP (-x)%R) = (-(round RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-16777216%Z)%Z <= i)%Z /\ (i <= 16777216%Z)%Z.
-
-Axiom Exact_rounding_for_integers :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((round m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_positive y \/ is_negative x /\ is_negative y.
-
-(* Why3 assumption *)
-Definition diff_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_negative y \/ is_negative x /\ is_positive y.
-
-Axiom feq_eq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero x ->
- eq x y -> (x = y).
-
-Axiom eq_feq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> (x = y) -> eq x y.
-
-Axiom eq_refl : forall (x:t), t'isFinite x -> eq x x.
-
-Axiom eq_sym : forall (x:t) (y:t), eq x y -> eq y x.
-
-Axiom eq_trans : forall (x:t) (y:t) (z:t), eq x y -> eq y z -> eq x z.
-
-Axiom eq_zero : eq zeroF (neg zeroF).
-
-Axiom eq_to_real_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- eq x y <-> ((t'real x) = (t'real y)).
-
-Axiom eq_special :
- forall (x:t) (y:t), eq x y ->
- is_not_nan x /\
- is_not_nan y /\
- (t'isFinite x /\ t'isFinite y \/
- is_infinite x /\ is_infinite y /\ same_sign x y).
-
-Axiom lt_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- lt x y <-> ((t'real x) < (t'real y))%R.
-
-Axiom le_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- le x y <-> ((t'real x) <= (t'real y))%R.
-
-Axiom le_lt_trans : forall (x:t) (y:t) (z:t), le x y /\ lt y z -> lt x z.
-
-Axiom lt_le_trans : forall (x:t) (y:t) (z:t), lt x y /\ le y z -> lt x z.
-
-Axiom le_ge_asym : forall (x:t) (y:t), le x y /\ le y x -> eq x y.
-
-Axiom not_lt_ge :
- forall (x:t) (y:t), ~ lt x y /\ is_not_nan x /\ is_not_nan y -> le y x.
-
-Axiom not_gt_le :
- forall (x:t) (y:t), ~ lt y x /\ is_not_nan x /\ is_not_nan y -> le x y.
-
-Axiom le_special :
- forall (x:t) (y:t), le x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y \/ is_not_nan x /\ is_plus_infinity y.
-
-Axiom lt_special :
- forall (x:t) (y:t), lt x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y /\ ~ is_minus_infinity y \/
- is_not_nan x /\ ~ is_plus_infinity x /\ is_plus_infinity y.
-
-Axiom lt_lt_finite :
- forall (x:t) (y:t) (z:t), lt x y -> lt y z -> t'isFinite y.
-
-Axiom positive_to_real :
- forall (x:t), t'isFinite x -> is_positive x -> (0%R <= (t'real x))%R.
-
-Axiom to_real_positive :
- forall (x:t), t'isFinite x -> (0%R < (t'real x))%R -> is_positive x.
-
-Axiom negative_to_real :
- forall (x:t), t'isFinite x -> is_negative x -> ((t'real x) <= 0%R)%R.
-
-Axiom to_real_negative :
- forall (x:t), t'isFinite x -> ((t'real x) < 0%R)%R -> is_negative x.
-
-Axiom negative_xor_positive :
- forall (x:t), ~ (is_positive x /\ is_negative x).
-
-Axiom negative_or_positive :
- forall (x:t), is_not_nan x -> is_positive x \/ is_negative x.
-
-Axiom diff_sign_trans :
- forall (x:t) (y:t) (z:t), diff_sign x y /\ diff_sign y z -> same_sign x z.
-
-Axiom diff_sign_product :
- forall (x:t) (y:t),
- t'isFinite x /\ t'isFinite y /\ (((t'real x) * (t'real y))%R < 0%R)%R ->
- diff_sign x y.
-
-Axiom same_sign_product :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y /\ same_sign x y ->
- (0%R <= ((t'real x) * (t'real y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign (z:t) (x:t) (y:t) : Prop :=
- (same_sign x y -> is_positive z) /\ (diff_sign x y -> is_negative z).
-
-(* Why3 assumption *)
-Definition overflow_value (m:mode) (x:t) : Prop :=
- match m with
- | RTN =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x -> is_infinite x)
- | RTP =>
- (is_positive x -> is_infinite x) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RTZ =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RNA|RNE => is_infinite x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result (m:mode) (x:t) : Prop :=
- is_zero x -> match m with
- | RTN => is_negative x
- | _ => is_positive x
- end.
-
-Axiom add_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) + (t'real y))%R ->
- t'isFinite (add m x y) /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom add_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (add m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom add_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (add m x y) ->
- no_overflow m ((t'real x) + (t'real y))%R /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom sub_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) - (t'real y))%R ->
- t'isFinite (sub m x y) /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom sub_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (sub m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom sub_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (sub m x y) ->
- no_overflow m ((t'real x) - (t'real y))%R /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom mul_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) * (t'real y))%R ->
- t'isFinite (mul m x y) /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom mul_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (mul m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom mul_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (mul m x y) ->
- no_overflow m ((t'real x) * (t'real y))%R /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom div_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero y ->
- no_overflow m ((t'real x) / (t'real y))%R ->
- t'isFinite (div m x y) /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom div_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (div m x y) ->
- t'isFinite x /\ t'isFinite y /\ ~ is_zero y \/
- t'isFinite x /\ is_infinite y /\ ((t'real (div m x y)) = 0%R).
-
-Axiom div_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (div m x y) ->
- t'isFinite y ->
- no_overflow m ((t'real x) / (t'real y))%R /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom neg_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (neg x) /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom neg_finite_rev :
- forall (x:t), t'isFinite (neg x) ->
- t'isFinite x /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom abs_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (abs x) /\
- ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))) /\
- is_positive (abs x).
-
-Axiom abs_finite_rev :
- forall (x:t), t'isFinite (abs x) ->
- t'isFinite x /\ ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))).
-
-Axiom abs_universal : forall (x:t), ~ is_negative (abs x).
-
-Axiom fma_finite :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite x -> t'isFinite y ->
- t'isFinite z ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- t'isFinite (fma m x y z) /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom fma_finite_rev :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite (fma m x y z) ->
- t'isFinite x /\ t'isFinite y /\ t'isFinite z.
-
-Axiom fma_finite_rev_n :
- forall (m:mode) (x:t) (y:t) (z:t), to_nearest m ->
- t'isFinite (fma m x y z) ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom sqrt_finite :
- forall (m:mode) (x:t), t'isFinite x -> (0%R <= (t'real x))%R ->
- t'isFinite (sqrt m x) /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-Axiom sqrt_finite_rev :
- forall (m:mode) (x:t), t'isFinite (sqrt m x) ->
- t'isFinite x /\
- (0%R <= (t'real x))%R /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real (x:t) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive x /\ (0%R < r)%R \/ is_negative x /\ (r < 0%R)%R.
-
-Axiom add_special :
- forall (m:mode) (x:t) (y:t),
- let r := add m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ same_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) + (t'real y))%R ->
- same_sign_real r ((t'real x) + (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (same_sign x y -> same_sign r x) /\
- (~ same_sign x y -> sign_zero_result m r)).
-
-Axiom sub_special :
- forall (m:mode) (x:t) (y:t),
- let r := sub m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ diff_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y -> is_nan r) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) - (t'real y))%R ->
- same_sign_real r ((t'real x) - (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (diff_sign x y -> same_sign r x) /\
- (~ diff_sign x y -> sign_zero_result m r)).
-
-Axiom mul_special :
- forall (m:mode) (x:t) (y:t),
- let r := mul m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y /\ ~ is_zero x -> is_infinite r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_infinite r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) * (t'real y))%R ->
- overflow_value m r) /\
- (~ is_nan r -> product_sign r x y).
-
-Axiom div_special :
- forall (m:mode) (x:t) (y:t),
- let r := div m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_zero r) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ is_zero y /\ ~ no_overflow m ((t'real x) / (t'real y))%R ->
- overflow_value m r) /\
- (t'isFinite x /\ is_zero y /\ ~ is_zero x -> is_infinite r) /\
- (is_zero x /\ is_zero y -> is_nan r) /\ (~ is_nan r -> product_sign r x y).
-
-Axiom neg_special :
- forall (x:t),
- (is_nan x -> is_nan (neg x)) /\
- (is_infinite x -> is_infinite (neg x)) /\
- (~ is_nan x -> diff_sign x (neg x)).
-
-Axiom abs_special :
- forall (x:t),
- (is_nan x -> is_nan (abs x)) /\
- (is_infinite x -> is_infinite (abs x)) /\
- (~ is_nan x -> is_positive (abs x)).
-
-Axiom fma_special :
- forall (m:mode) (x:t) (y:t) (z:t),
- let r := fma m x y z in
- (is_nan x \/ is_nan y \/ is_nan z -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ t'isFinite y /\ is_infinite z ->
- is_infinite r /\ same_sign r z) /\
- (is_infinite x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (t'isFinite x /\
- t'isFinite y /\
- t'isFinite z /\
- ~ no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- same_sign_real r (((t'real x) * (t'real y))%R + (t'real z))%R /\
- overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y /\ t'isFinite z ->
- (product_sign z x y -> same_sign r z) /\
- (~ product_sign z x y ->
- ((((t'real x) * (t'real y))%R + (t'real z))%R = 0%R) ->
- ((m = RTN) -> is_negative r) /\ (~ (m = RTN) -> is_positive r))).
-
-Axiom sqrt_special :
- forall (m:mode) (x:t),
- let r := sqrt m x in
- (is_nan x -> is_nan r) /\
- (is_plus_infinity x -> is_plus_infinity r) /\
- (is_minus_infinity x -> is_nan r) /\
- (t'isFinite x /\ ((t'real x) < 0%R)%R -> is_nan r) /\
- (is_zero x -> same_sign r x) /\
- (t'isFinite x /\ (0%R < (t'real x))%R -> is_positive r).
-
-Axiom of_int_add_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i + j)%Z ->
- eq (of_int m (i + j)%Z) (add n (of_int m i) (of_int m j)).
-
-Axiom of_int_sub_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i - j)%Z ->
- eq (of_int m (i - j)%Z) (sub n (of_int m i) (of_int m j)).
-
-Axiom of_int_mul_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i * j)%Z ->
- eq (of_int m (i * j)%Z) (mul n (of_int m i) (of_int m j)).
-
-Axiom Min_r : forall (x:t) (y:t), le y x -> eq (min x y) y.
-
-Axiom Min_l : forall (x:t) (y:t), le x y -> eq (min x y) x.
-
-Axiom Max_r : forall (x:t) (y:t), le y x -> eq (max x y) x.
-
-Axiom Max_l : forall (x:t) (y:t), le x y -> eq (max x y) y.
-
-Parameter is_int: t -> Prop.
-
-Axiom zeroF_is_int : is_int zeroF.
-
-Axiom of_int_is_int :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range x ->
- is_int (of_int m x).
-
-Axiom big_float_is_int :
- forall (m:mode) (i:t), t'isFinite i ->
- le i (neg (of_int m 16777216%Z)) \/ le (of_int m 16777216%Z) i -> is_int i.
-
-Axiom roundToIntegral_is_int :
- forall (m:mode) (x:t), t'isFinite x -> is_int (roundToIntegral m x).
-
-Axiom eq_is_int : forall (x:t) (y:t), eq x y -> is_int x -> is_int y.
-
-Axiom add_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (add m x y) -> is_int (add m x y).
-
-Axiom sub_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (sub m x y) -> is_int (sub m x y).
-
-Axiom mul_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (mul m x y) -> is_int (mul m x y).
-
-Axiom fma_int :
- forall (x:t) (y:t) (z:t) (m:mode), is_int x -> is_int y -> is_int z ->
- t'isFinite (fma m x y z) -> is_int (fma m x y z).
-
-Axiom neg_int : forall (x:t), is_int x -> is_int (neg x).
-
-Axiom abs_int : forall (x:t), is_int x -> is_int (abs x).
-
-Axiom is_int_of_int :
- forall (x:t) (m:mode) (m':mode), is_int x -> eq x (of_int m' (to_int m x)).
-
-Axiom is_int_to_int :
- forall (m:mode) (x:t), is_int x -> in_int_range (to_int m x).
-
-Axiom is_int_is_finite : forall (x:t), is_int x -> t'isFinite x.
-
-Axiom int_to_real :
- forall (m:mode) (x:t), is_int x ->
- ((t'real x) = (BuiltIn.IZR (to_int m x))).
-
-Axiom truncate_int :
- forall (m:mode) (i:t), is_int i -> eq (roundToIntegral m i) i.
-
-Axiom truncate_neg :
- forall (x:t), t'isFinite x -> is_negative x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTP x)).
-
-Axiom truncate_pos :
- forall (x:t), t'isFinite x -> is_positive x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTN x)).
-
-Axiom ceil_le : forall (x:t), t'isFinite x -> le x (roundToIntegral RTP x).
-
-Axiom ceil_lest :
- forall (x:t) (y:t), le x y /\ is_int y -> le (roundToIntegral RTP x) y.
-
-Axiom ceil_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTP x)) = (BuiltIn.IZR (ceil (t'real x)))).
-
-Axiom ceil_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTP x)) = (ceil (t'real x))).
-
-Axiom floor_le : forall (x:t), t'isFinite x -> le (roundToIntegral RTN x) x.
-
-Axiom floor_lest :
- forall (x:t) (y:t), le y x /\ is_int y -> le y (roundToIntegral RTN x).
-
-Axiom floor_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTN x)) = (BuiltIn.IZR (floor (t'real x)))).
-
-Axiom floor_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTN x)) = (floor (t'real x))).
-
-Axiom RNA_down :
- forall (x:t),
- lt (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up :
- forall (x:t),
- lt (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom RNA_down_tie :
- forall (x:t),
- eq (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- is_negative x -> ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up_tie :
- forall (x:t),
- eq (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- is_positive x -> ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom to_int_roundToIntegral :
- forall (m:mode) (x:t), ((to_int m x) = (to_int m (roundToIntegral m x))).
-
-Axiom to_int_monotonic :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> le x y ->
- ((to_int m x) <= (to_int m y))%Z.
-
-Axiom to_int_of_int :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((to_int m (of_int m i)) = i).
-
-Axiom eq_to_int :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> eq x y ->
- ((to_int m x) = (to_int m y)).
-
-Axiom neg_to_int :
- forall (m:mode) (x:t), is_int x -> ((to_int m (neg x)) = (-(to_int m x))%Z).
-
-Axiom roundToIntegral_is_finite :
- forall (m:mode) (x:t), t'isFinite x -> t'isFinite (roundToIntegral m x).
-
-Axiom round_bound_ne :
- forall (x:Reals.Rdefinitions.R), no_overflow RNE x ->
- (((x - ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 1427247692705959881058285969449495136382746624)%R)%R
- <= (round RNE x))%R /\
- ((round RNE x) <=
- ((x + ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 1427247692705959881058285969449495136382746624)%R)%R)%R.
-
-Axiom round_bound :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow m x ->
- (((x - ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 713623846352979940529142984724747568191373312)%R)%R
- <= (round m x))%R /\
- ((round m x) <=
- ((x + ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 713623846352979940529142984724747568191373312)%R)%R)%R.
-
-Axiom t1 : Type.
-Parameter t1_WhyType : WhyType t1.
-Existing Instance t1_WhyType.
-
-Parameter t'real1: t1 -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite1: t1 -> Prop.
-
-Axiom t'axiom1 :
- forall (x:t1), t'isFinite1 x ->
- ((-179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R
- <= (t'real1 x))%R /\
- ((t'real1 x) <=
- 179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R.
-
-Parameter zeroF1: t1.
-
-Parameter add1: mode -> t1 -> t1 -> t1.
-
-Parameter sub1: mode -> t1 -> t1 -> t1.
-
-Parameter mul1: mode -> t1 -> t1 -> t1.
-
-Parameter div1: mode -> t1 -> t1 -> t1.
-
-Parameter abs1: t1 -> t1.
-
-Parameter neg1: t1 -> t1.
-
-Parameter fma1: mode -> t1 -> t1 -> t1 -> t1.
-
-Parameter sqrt1: mode -> t1 -> t1.
-
-Parameter roundToIntegral1: mode -> t1 -> t1.
-
-Parameter min1: t1 -> t1 -> t1.
-
-Parameter max1: t1 -> t1 -> t1.
-
-Parameter le1: t1 -> t1 -> Prop.
-
-Parameter lt1: t1 -> t1 -> Prop.
-
-Parameter eq1: t1 -> t1 -> Prop.
-
-Parameter is_normal1: t1 -> Prop.
-
-Parameter is_subnormal1: t1 -> Prop.
-
-Parameter is_zero1: t1 -> Prop.
-
-Parameter is_infinite1: t1 -> Prop.
-
-Parameter is_nan1: t1 -> Prop.
-
-Parameter is_positive1: t1 -> Prop.
-
-Parameter is_negative1: t1 -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_plus_zero1 (x:t1) : Prop := is_zero1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_zero1 (x:t1) : Prop := is_zero1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_not_nan2 (x:t1) : Prop := t'isFinite1 x \/ is_infinite1 x.
-
-Axiom is_not_nan3 : forall (x:t1), is_not_nan2 x <-> ~ is_nan1 x.
-
-Axiom is_not_finite1 :
- forall (x:t1), ~ t'isFinite1 x <-> is_infinite1 x \/ is_nan1 x.
-
-Axiom zeroF_is_positive1 : is_positive1 zeroF1.
-
-Axiom zeroF_is_zero1 : is_zero1 zeroF1.
-
-Axiom zero_to_real1 :
- forall (x:t1), is_zero1 x <-> t'isFinite1 x /\ ((t'real1 x) = 0%R).
-
-Parameter of_int1: mode -> Numbers.BinNums.Z -> t1.
-
-Parameter to_int1: mode -> t1 -> Numbers.BinNums.Z.
-
-Axiom zero_of_int1 : forall (m:mode), (zeroF1 = (of_int1 m 0%Z)).
-
-Parameter round1: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int1: Numbers.BinNums.Z.
-
-Axiom max_real_int1 :
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- = (BuiltIn.IZR max_int1)).
-
-(* Why3 assumption *)
-Definition in_range1 (x:Reals.Rdefinitions.R) : Prop :=
- ((-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R
- <= x)%R /\
- (x <=
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int1)%Z <= i)%Z /\ (i <= max_int1)%Z.
-
-Axiom is_finite1 : forall (x:t1), t'isFinite1 x -> in_range1 (t'real1 x).
-
-(* Why3 assumption *)
-Definition no_overflow1 (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range1 (round1 m x).
-
-Axiom Bounded_real_no_overflow1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range1 x -> no_overflow1 m x.
-
-Axiom Round_monotonic1 :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round1 m x) <= (round1 m y))%R.
-
-Axiom Round_idempotent1 :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round1 m2 x)) = (round1 m2 x)).
-
-Axiom Round_to_real1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((round1 m (t'real1 x)) = (t'real1 x)).
-
-Axiom Round_down_le1 :
- forall (x:Reals.Rdefinitions.R), ((round1 RTN x) <= x)%R.
-
-Axiom Round_up_ge1 :
- forall (x:Reals.Rdefinitions.R), (x <= (round1 RTP x))%R.
-
-Axiom Round_down_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTN (-x)%R) = (-(round1 RTP x))%R).
-
-Axiom Round_up_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTP (-x)%R) = (-(round1 RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-9007199254740992%Z)%Z <= i)%Z /\ (i <= 9007199254740992%Z)%Z.
-
-Axiom Exact_rounding_for_integers1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((round1 m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_positive1 y \/ is_negative1 x /\ is_negative1 y.
-
-(* Why3 assumption *)
-Definition diff_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_negative1 y \/ is_negative1 x /\ is_positive1 y.
-
-Axiom feq_eq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> ~ is_zero1 x ->
- eq1 x y -> (x = y).
-
-Axiom eq_feq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> (x = y) -> eq1 x y.
-
-Axiom eq_refl1 : forall (x:t1), t'isFinite1 x -> eq1 x x.
-
-Axiom eq_sym1 : forall (x:t1) (y:t1), eq1 x y -> eq1 y x.
-
-Axiom eq_trans1 : forall (x:t1) (y:t1) (z:t1), eq1 x y -> eq1 y z -> eq1 x z.
-
-Axiom eq_zero1 : eq1 zeroF1 (neg1 zeroF1).
-
-Axiom eq_to_real_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- eq1 x y <-> ((t'real1 x) = (t'real1 y)).
-
-Axiom eq_special1 :
- forall (x:t1) (y:t1), eq1 x y ->
- is_not_nan2 x /\
- is_not_nan2 y /\
- (t'isFinite1 x /\ t'isFinite1 y \/
- is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y).
-
-Axiom lt_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- lt1 x y <-> ((t'real1 x) < (t'real1 y))%R.
-
-Axiom le_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- le1 x y <-> ((t'real1 x) <= (t'real1 y))%R.
-
-Axiom le_lt_trans1 :
- forall (x:t1) (y:t1) (z:t1), le1 x y /\ lt1 y z -> lt1 x z.
-
-Axiom lt_le_trans1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y /\ le1 y z -> lt1 x z.
-
-Axiom le_ge_asym1 : forall (x:t1) (y:t1), le1 x y /\ le1 y x -> eq1 x y.
-
-Axiom not_lt_ge1 :
- forall (x:t1) (y:t1), ~ lt1 x y /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 y x.
-
-Axiom not_gt_le1 :
- forall (x:t1) (y:t1), ~ lt1 y x /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 x y.
-
-Axiom le_special1 :
- forall (x:t1) (y:t1), le1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y \/
- is_not_nan2 x /\ is_plus_infinity1 y.
-
-Axiom lt_special1 :
- forall (x:t1) (y:t1), lt1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y /\ ~ is_minus_infinity1 y \/
- is_not_nan2 x /\ ~ is_plus_infinity1 x /\ is_plus_infinity1 y.
-
-Axiom lt_lt_finite1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y -> lt1 y z -> t'isFinite1 y.
-
-Axiom positive_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x -> (0%R <= (t'real1 x))%R.
-
-Axiom to_real_positive1 :
- forall (x:t1), t'isFinite1 x -> (0%R < (t'real1 x))%R -> is_positive1 x.
-
-Axiom negative_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x -> ((t'real1 x) <= 0%R)%R.
-
-Axiom to_real_negative1 :
- forall (x:t1), t'isFinite1 x -> ((t'real1 x) < 0%R)%R -> is_negative1 x.
-
-Axiom negative_xor_positive1 :
- forall (x:t1), ~ (is_positive1 x /\ is_negative1 x).
-
-Axiom negative_or_positive1 :
- forall (x:t1), is_not_nan2 x -> is_positive1 x \/ is_negative1 x.
-
-Axiom diff_sign_trans1 :
- forall (x:t1) (y:t1) (z:t1), diff_sign1 x y /\ diff_sign1 y z ->
- same_sign1 x z.
-
-Axiom diff_sign_product1 :
- forall (x:t1) (y:t1),
- t'isFinite1 x /\ t'isFinite1 y /\ (((t'real1 x) * (t'real1 y))%R < 0%R)%R ->
- diff_sign1 x y.
-
-Axiom same_sign_product1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y /\ same_sign1 x y ->
- (0%R <= ((t'real1 x) * (t'real1 y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign1 (z:t1) (x:t1) (y:t1) : Prop :=
- (same_sign1 x y -> is_positive1 z) /\ (diff_sign1 x y -> is_negative1 z).
-
-(* Why3 assumption *)
-Definition overflow_value1 (m:mode) (x:t1) : Prop :=
- match m with
- | RTN =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x -> is_infinite1 x)
- | RTP =>
- (is_positive1 x -> is_infinite1 x) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RTZ =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RNA|RNE => is_infinite1 x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result1 (m:mode) (x:t1) : Prop :=
- is_zero1 x -> match m with
- | RTN => is_negative1 x
- | _ => is_positive1 x
- end.
-
-Axiom add_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- t'isFinite1 (add1 m x y) /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom add_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (add1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom add_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (add1 m x y) ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom sub_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- t'isFinite1 (sub1 m x y) /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom sub_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (sub1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom sub_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (sub1 m x y) ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom mul_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- t'isFinite1 (mul1 m x y) /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom mul_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (mul1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom mul_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (mul1 m x y) ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom div_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- ~ is_zero1 y -> no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- t'isFinite1 (div1 m x y) /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom div_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (div1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y \/
- t'isFinite1 x /\ is_infinite1 y /\ ((t'real1 (div1 m x y)) = 0%R).
-
-Axiom div_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (div1 m x y) ->
- t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) / (t'real1 y))%R /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom neg_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (neg1 x) /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom neg_finite_rev1 :
- forall (x:t1), t'isFinite1 (neg1 x) ->
- t'isFinite1 x /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom abs_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (abs1 x) /\
- ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))) /\
- is_positive1 (abs1 x).
-
-Axiom abs_finite_rev1 :
- forall (x:t1), t'isFinite1 (abs1 x) ->
- t'isFinite1 x /\ ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))).
-
-Axiom abs_universal1 : forall (x:t1), ~ is_negative1 (abs1 x).
-
-Axiom fma_finite1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 x -> t'isFinite1 y ->
- t'isFinite1 z ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- t'isFinite1 (fma1 m x y z) /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom fma_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 (fma1 m x y z) ->
- t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z.
-
-Axiom fma_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), to_nearest m ->
- t'isFinite1 (fma1 m x y z) ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom sqrt_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> (0%R <= (t'real1 x))%R ->
- t'isFinite1 (sqrt1 m x) /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-Axiom sqrt_finite_rev1 :
- forall (m:mode) (x:t1), t'isFinite1 (sqrt1 m x) ->
- t'isFinite1 x /\
- (0%R <= (t'real1 x))%R /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real1 (x:t1) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive1 x /\ (0%R < r)%R \/ is_negative1 x /\ (r < 0%R)%R.
-
-Axiom add_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := add1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ same_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) + (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (same_sign1 x y -> same_sign1 r x) /\
- (~ same_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom sub_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := sub1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ diff_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y -> is_nan1 r) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) - (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (diff_sign1 x y -> same_sign1 r x) /\
- (~ diff_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom mul_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := mul1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_infinite1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- overflow_value1 m r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom div_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := div1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_zero1 r) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- ~ is_zero1 y /\ ~ no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- overflow_value1 m r) /\
- (t'isFinite1 x /\ is_zero1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_zero1 x /\ is_zero1 y -> is_nan1 r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom neg_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (neg1 x)) /\
- (is_infinite1 x -> is_infinite1 (neg1 x)) /\
- (~ is_nan1 x -> diff_sign1 x (neg1 x)).
-
-Axiom abs_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (abs1 x)) /\
- (is_infinite1 x -> is_infinite1 (abs1 x)) /\
- (~ is_nan1 x -> is_positive1 (abs1 x)).
-
-Axiom fma_special1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1),
- let r := fma1 m x y z in
- (is_nan1 x \/ is_nan1 y \/ is_nan1 z -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ is_infinite1 z ->
- is_infinite1 r /\ same_sign1 r z) /\
- (is_infinite1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- t'isFinite1 z /\
- ~ no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- same_sign_real1 r (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z ->
- (product_sign1 z x y -> same_sign1 r z) /\
- (~ product_sign1 z x y ->
- ((((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R = 0%R) ->
- ((m = RTN) -> is_negative1 r) /\ (~ (m = RTN) -> is_positive1 r))).
-
-Axiom sqrt_special1 :
- forall (m:mode) (x:t1),
- let r := sqrt1 m x in
- (is_nan1 x -> is_nan1 r) /\
- (is_plus_infinity1 x -> is_plus_infinity1 r) /\
- (is_minus_infinity1 x -> is_nan1 r) /\
- (t'isFinite1 x /\ ((t'real1 x) < 0%R)%R -> is_nan1 r) /\
- (is_zero1 x -> same_sign1 r x) /\
- (t'isFinite1 x /\ (0%R < (t'real1 x))%R -> is_positive1 r).
-
-Axiom of_int_add_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i + j)%Z ->
- eq1 (of_int1 m (i + j)%Z) (add1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_sub_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i - j)%Z ->
- eq1 (of_int1 m (i - j)%Z) (sub1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_mul_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i * j)%Z ->
- eq1 (of_int1 m (i * j)%Z) (mul1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom Min_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (min1 x y) y.
-
-Axiom Min_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (min1 x y) x.
-
-Axiom Max_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (max1 x y) x.
-
-Axiom Max_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (max1 x y) y.
-
-Parameter is_int1: t1 -> Prop.
-
-Axiom zeroF_is_int1 : is_int1 zeroF1.
-
-Axiom of_int_is_int1 :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range1 x ->
- is_int1 (of_int1 m x).
-
-Axiom big_float_is_int1 :
- forall (m:mode) (i:t1), t'isFinite1 i ->
- le1 i (neg1 (of_int1 m 9007199254740992%Z)) \/
- le1 (of_int1 m 9007199254740992%Z) i -> is_int1 i.
-
-Axiom roundToIntegral_is_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> is_int1 (roundToIntegral1 m x).
-
-Axiom eq_is_int1 : forall (x:t1) (y:t1), eq1 x y -> is_int1 x -> is_int1 y.
-
-Axiom add_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (add1 m x y) -> is_int1 (add1 m x y).
-
-Axiom sub_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (sub1 m x y) -> is_int1 (sub1 m x y).
-
-Axiom mul_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (mul1 m x y) -> is_int1 (mul1 m x y).
-
-Axiom fma_int1 :
- forall (x:t1) (y:t1) (z:t1) (m:mode), is_int1 x -> is_int1 y ->
- is_int1 z -> t'isFinite1 (fma1 m x y z) -> is_int1 (fma1 m x y z).
-
-Axiom neg_int1 : forall (x:t1), is_int1 x -> is_int1 (neg1 x).
-
-Axiom abs_int1 : forall (x:t1), is_int1 x -> is_int1 (abs1 x).
-
-Axiom is_int_of_int1 :
- forall (x:t1) (m:mode) (m':mode), is_int1 x ->
- eq1 x (of_int1 m' (to_int1 m x)).
-
-Axiom is_int_to_int1 :
- forall (m:mode) (x:t1), is_int1 x -> in_int_range1 (to_int1 m x).
-
-Axiom is_int_is_finite1 : forall (x:t1), is_int1 x -> t'isFinite1 x.
-
-Axiom int_to_real1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((t'real1 x) = (BuiltIn.IZR (to_int1 m x))).
-
-Axiom truncate_int1 :
- forall (m:mode) (i:t1), is_int1 i -> eq1 (roundToIntegral1 m i) i.
-
-Axiom truncate_neg1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTP x)).
-
-Axiom truncate_pos1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTN x)).
-
-Axiom ceil_le1 :
- forall (x:t1), t'isFinite1 x -> le1 x (roundToIntegral1 RTP x).
-
-Axiom ceil_lest1 :
- forall (x:t1) (y:t1), le1 x y /\ is_int1 y ->
- le1 (roundToIntegral1 RTP x) y.
-
-Axiom ceil_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTP x)) = (BuiltIn.IZR (ceil (t'real1 x)))).
-
-Axiom ceil_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTP x)) = (ceil (t'real1 x))).
-
-Axiom floor_le1 :
- forall (x:t1), t'isFinite1 x -> le1 (roundToIntegral1 RTN x) x.
-
-Axiom floor_lest1 :
- forall (x:t1) (y:t1), le1 y x /\ is_int1 y ->
- le1 y (roundToIntegral1 RTN x).
-
-Axiom floor_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTN x)) = (BuiltIn.IZR (floor (t'real1 x)))).
-
-Axiom floor_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTN x)) = (floor (t'real1 x))).
-
-Axiom RNA_down1 :
- forall (x:t1),
- lt1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up1 :
- forall (x:t1),
- lt1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom RNA_down_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) -> is_negative1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) -> is_positive1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom to_int_roundToIntegral1 :
- forall (m:mode) (x:t1),
- ((to_int1 m x) = (to_int1 m (roundToIntegral1 m x))).
-
-Axiom to_int_monotonic1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> le1 x y ->
- ((to_int1 m x) <= (to_int1 m y))%Z.
-
-Axiom to_int_of_int1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((to_int1 m (of_int1 m i)) = i).
-
-Axiom eq_to_int1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> eq1 x y ->
- ((to_int1 m x) = (to_int1 m y)).
-
-Axiom neg_to_int1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((to_int1 m (neg1 x)) = (-(to_int1 m x))%Z).
-
-Axiom roundToIntegral_is_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> t'isFinite1 (roundToIntegral1 m x).
-
-Axiom round_bound_ne1 :
- forall (x:Reals.Rdefinitions.R), no_overflow1 RNE x ->
- (((x - ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R
- <= (round1 RNE x))%R /\
- ((round1 RNE x) <=
- ((x + ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R)%R.
-
-Axiom round_bound1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow1 m x ->
- (((x - ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R
- <= (round1 m x))%R /\
- ((round1 m x) <=
- ((x + ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R)%R.
-
-Parameter to_float64: mode -> t -> t1.
-
-Parameter to_float32: mode -> t1 -> t.
-
-Axiom round_double_single :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round m2 x)) = (round m2 x)).
-
-Axiom to_float64_exact :
- forall (m:mode) (x:t), t'isFinite x ->
- t'isFinite1 (to_float64 m x) /\ ((t'real1 (to_float64 m x)) = (t'real x)).
-
-Axiom to_float32_conv :
- forall (m:mode) (x:t1), t'isFinite1 x -> no_overflow m (t'real1 x) ->
- t'isFinite (to_float32 m x) /\
- ((t'real (to_float32 m x)) = (round m (t'real1 x))).
-
-(* Why3 assumption *)
-Definition f32 := t.
-
-(* Why3 assumption *)
-Definition f64 := t1.
-
-Parameter to_f32: Reals.Rdefinitions.R -> t.
-
-Parameter to_f64: Reals.Rdefinitions.R -> t1.
-
-Axiom to_float_is_finite_32 :
- forall (f:t), t'isFinite f -> eq (to_f32 (t'real f)) f.
-
-Axiom to_f32_range_round :
- forall (x:Reals.Rdefinitions.R), in_range x ->
- ((t'real (to_f32 x)) = (round RNE x)).
-
-Axiom to_f32_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range x -> t'isFinite (to_f32 x).
-
-Axiom to_f32_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x < (-(33554430 * 10141204801825835211973625643008)%R)%R)%R ->
- is_minus_infinity (to_f32 x).
-
-Axiom to_f32_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((33554430 * 10141204801825835211973625643008)%R < x)%R ->
- is_plus_infinity (to_f32 x).
-
-Axiom to_float_is_finite_64 :
- forall (f:t1), t'isFinite1 f -> eq1 (to_f64 (t'real1 f)) f.
-
-Axiom to_f64_range_round :
- forall (x:Reals.Rdefinitions.R), in_range1 x ->
- ((t'real1 (to_f64 x)) = (round1 RNE x)).
-
-Axiom to_f64_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range1 x -> t'isFinite1 (to_f64 x).
-
-Axiom to_f64_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x <
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R)%R ->
- is_minus_infinity1 (to_f64 x).
-
-Axiom to_f64_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- < x)%R ->
- is_plus_infinity1 (to_f64 x).
-
-(* Why3 assumption *)
-Definition round_float (m:mode) (r:Reals.Rdefinitions.R) : t :=
- to_f32 (round m r).
-
-(* Why3 assumption *)
-Definition round_double (m:mode) (r:Reals.Rdefinitions.R) : t1 :=
- to_f64 (round1 m r).
-
-Axiom is_zero_to_f32_zero : is_zero (to_f32 0%R).
-
-Axiom is_zero_to_f64_zero : is_zero1 (to_f64 0%R).
-
-Axiom real_0_is_zero_f32 : forall (f:t), (0%R = (t'real f)) -> is_zero f.
-
-Axiom real_0_is_zero_f64 : forall (f:t1), (0%R = (t'real1 f)) -> is_zero1 f.
-
-Axiom f32_to_f64 : forall (f:t), ((to_f64 (t'real f)) = (to_float64 RNE f)).
-
-Axiom f64_to_f32 :
- forall (f:t1), ((to_f32 (t'real1 f)) = (to_float32 RNE f)).
-
-(* Why3 assumption *)
-Definition finite (x:Reals.Rdefinitions.R) : Prop :=
- t'isFinite (to_f32 x) /\ t'isFinite1 (to_f64 x).
-
-Parameter eq_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom eq_f32b'def :
- forall (x:t) (y:t),
- (eq x y -> ((eq_f32b x y) = Init.Datatypes.true)) /\
- (~ eq x y -> ((eq_f32b x y) = Init.Datatypes.false)).
-
-Parameter eq_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom eq_f64b'def :
- forall (x:t1) (y:t1),
- (eq1 x y -> ((eq_f64b x y) = Init.Datatypes.true)) /\
- (~ eq1 x y -> ((eq_f64b x y) = Init.Datatypes.false)).
-
-(* Why3 assumption *)
-Definition ne_f32 (x:t) (y:t) : Prop := ~ eq x y.
-
-(* Why3 assumption *)
-Definition ne_f64 (x:t1) (y:t1) : Prop := ~ eq1 x y.
-
-Parameter ne_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom ne_f32b'def :
- forall (x:t) (y:t),
- (ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.true)) /\
- (~ ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.false)).
-
-Parameter ne_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom ne_f64b'def :
- forall (x:t1) (y:t1),
- (ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.true)) /\
- (~ ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.false)).
-
-Parameter le_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom le_f32b'def :
- forall (x:t) (y:t),
- (le x y -> ((le_f32b x y) = Init.Datatypes.true)) /\
- (~ le x y -> ((le_f32b x y) = Init.Datatypes.false)).
-
-Parameter le_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom le_f64b'def :
- forall (x:t1) (y:t1),
- (le1 x y -> ((le_f64b x y) = Init.Datatypes.true)) /\
- (~ le1 x y -> ((le_f64b x y) = Init.Datatypes.false)).
-
-Parameter lt_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom lt_f32b'def :
- forall (x:t) (y:t),
- (lt x y -> ((lt_f32b x y) = Init.Datatypes.true)) /\
- (~ lt x y -> ((lt_f32b x y) = Init.Datatypes.false)).
-
-Parameter lt_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom lt_f64b'def :
- forall (x:t1) (y:t1),
- (lt1 x y -> ((lt_f64b x y) = Init.Datatypes.true)) /\
- (~ lt1 x y -> ((lt_f64b x y) = Init.Datatypes.false)).
-
-Parameter model_f32: t -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f32 (f:t) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real f) - (model_f32 f))%R.
-
-(* Why3 assumption *)
-Definition error_f32 (f:t) : Reals.Rdefinitions.R :=
- ((delta_f32 f) / (Reals.Rbasic_fun.Rabs (model_f32 f)))%R.
-
-Parameter model_f64: t1 -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f64 (f:t1) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real1 f) - (model_f64 f))%R.
-
-(* Why3 assumption *)
-Definition error_f64 (f:t1) : Reals.Rdefinitions.R :=
- ((delta_f64 f) / (Reals.Rbasic_fun.Rabs (model_f64 f)))%R.
-
-(* Why3 goal *)
-Theorem wp_goal : forall (f:t1), ~ t'isFinite1 f \/ ~ is_nan1 f.
-Proof.
- admit.
-Admitted.
-
diff --git a/src/plugins/wp/tests/wp_acsl/tset.i b/src/plugins/wp/tests/wp_acsl/tset.i
index 0f955192f57d0c52ae914f739ad62070abf049fd..25b3086279f47a8140a381d0e01d80ba94451228 100644
--- a/src/plugins/wp/tests/wp_acsl/tset.i
+++ b/src/plugins/wp/tests/wp_acsl/tset.i
@@ -1,5 +1,5 @@
/* run.config_qualif
- OPT: -wp -wp-prover alt-ergo,coq
+ OPT: -wp -wp-prover alt-ergo
*/
/*@
diff --git a/src/plugins/wp/tests/wp_acsl/tset.s b/src/plugins/wp/tests/wp_acsl/tset.s
deleted file mode 100644
index f8e5168a8acca70cb731d128acafedef528c92b8..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_acsl/tset.s
+++ /dev/null
@@ -1,9 +0,0 @@
-(* Generated by Frama-C WP *)
-
-Goal typed_lemma_UNION_DESCR.
-Hint UNION_DESCR,property.
-Proof.
- intros. exists (i_1-i). intuition (auto with zarith).
-Qed.
-
-
diff --git a/src/plugins/wp/tests/wp_bts/bts_1174.i b/src/plugins/wp/tests/wp_bts/bts_1174.i
index 244cce0d7ad738f2232736b9deeaaf492e0c83ca..48e3199393a79307d4cfb2bd8883c896c4580e3b 100644
--- a/src/plugins/wp/tests/wp_bts/bts_1174.i
+++ b/src/plugins/wp/tests/wp_bts/bts_1174.i
@@ -1,5 +1,5 @@
/* run.config_qualif
- OPT: -wp -wp-prover coq -wp-model +real
+ OPT: -wp -wp-model +real
*/
/*@ requires -10. <= x && x <= 10.; */
diff --git a/src/plugins/wp/tests/wp_bts/bts_1174.s b/src/plugins/wp/tests/wp_bts/bts_1174.s
deleted file mode 100644
index c1d443b3b02a23d7bd40478f0e9968e91bae2842..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/bts_1174.s
+++ /dev/null
@@ -1,47 +0,0 @@
-(* Generated by Frama-C WP *)
-
-Goal store_job_assert_qed_ok.
-Hint job,property,qed_ok.
-Proof.
- intros.
- Require Import Fourier.
- unfold r_1.
- fourier.
-Qed.
-
-Goal store_main_assert_qed_ok.
-Hint main,property,qed_ok.
-Proof.
- intros.
- Require Import Fourier.
- unfold r_1.
- fourier.
-Qed.
-
-Goal store_main_pre.
-Hint default,main,property.
-Proof.
- intros.
- Require Import Fourier.
- unfold r_1.
- fourier.
-Qed.
-
-Goal typed_job_assert_qed_ok.
-Hint job,property,qed_ok.
-Proof.
- intros.
- Require Import Fourier.
- unfold r_1.
- fourier.
-Qed.
-
-Goal typed_real_job_assert_qed_ok.
-Hint job,property,qed_ok.
-Proof.
- intros.
- Require Import Fourier.
- fourier.
-Qed.
-
-
diff --git a/src/plugins/wp/tests/wp_bts/bts_2471.i b/src/plugins/wp/tests/wp_bts/bts_2471.i
index 5a4e280a22389387dc6650724ac5e079a110930d..813a965c35d1ea71a74e62632119a040c7b40b91 100644
--- a/src/plugins/wp/tests/wp_bts/bts_2471.i
+++ b/src/plugins/wp/tests/wp_bts/bts_2471.i
@@ -4,7 +4,6 @@
/* run.config_qualif
OPT: -wp-timeout 1
- OPT: -wp-prover coq
*/
/*@ axiomatic maps {
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_qed_ok.v b/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_qed_ok.v
deleted file mode 100644
index 1719a11c0bd459923bf8c6e49accdd5e546bfe5f..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_qed_ok.v
+++ /dev/null
@@ -1,326 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.FromInt.
-Require map.Map.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-(* Why3 assumption *)
-Definition is_bool (x:Numbers.BinNums.Z) : Prop := (x = 0%Z) \/ (x = 1%Z).
-
-(* Why3 assumption *)
-Definition is_uint8 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 256%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint8 (x:Numbers.BinNums.Z) : Prop :=
- ((-128%Z)%Z <= x)%Z /\ (x < 128%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint16 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 65536%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint16 (x:Numbers.BinNums.Z) : Prop :=
- ((-32768%Z)%Z <= x)%Z /\ (x < 32768%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint32 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 4294967296%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint32 (x:Numbers.BinNums.Z) : Prop :=
- ((-2147483648%Z)%Z <= x)%Z /\ (x < 2147483648%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint64 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 18446744073709551616%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint64 (x:Numbers.BinNums.Z) : Prop :=
- ((-9223372036854775808%Z)%Z <= x)%Z /\ (x < 9223372036854775808%Z)%Z.
-
-Axiom is_bool0 : is_bool 0%Z.
-
-Axiom is_bool1 : is_bool 1%Z.
-
-Parameter to_bool: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom to_bool'def :
- forall (x:Numbers.BinNums.Z),
- ((x = 0%Z) -> ((to_bool x) = 0%Z)) /\ (~ (x = 0%Z) -> ((to_bool x) = 1%Z)).
-
-Parameter to_uint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter two_power_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom two_power_abs_is_positive :
- forall (n:Numbers.BinNums.Z), (0%Z < (two_power_abs n))%Z.
-
-Axiom two_power_abs_plus_pos :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- (0%Z <= m)%Z ->
- ((two_power_abs (n + m)%Z) = ((two_power_abs n) * (two_power_abs m))%Z).
-
-Axiom two_power_abs_plus_one :
- forall (n:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- ((two_power_abs (n + 1%Z)%Z) = (2%Z * (two_power_abs n))%Z).
-
-(* Why3 assumption *)
-Definition is_uint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-(* Why3 assumption *)
-Definition is_sint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- ((-(two_power_abs n))%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-Parameter to_uint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom is_to_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n (to_uint n x).
-
-Axiom is_to_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_sint n (to_sint n x).
-
-Axiom is_to_uint8 : forall (x:Numbers.BinNums.Z), is_uint8 (to_uint8 x).
-
-Axiom is_to_sint8 : forall (x:Numbers.BinNums.Z), is_sint8 (to_sint8 x).
-
-Axiom is_to_uint16 : forall (x:Numbers.BinNums.Z), is_uint16 (to_uint16 x).
-
-Axiom is_to_sint16 : forall (x:Numbers.BinNums.Z), is_sint16 (to_sint16 x).
-
-Axiom is_to_uint32 : forall (x:Numbers.BinNums.Z), is_uint32 (to_uint32 x).
-
-Axiom is_to_sint32 : forall (x:Numbers.BinNums.Z), is_sint32 (to_sint32 x).
-
-Axiom is_to_uint64 : forall (x:Numbers.BinNums.Z), is_uint64 (to_uint64 x).
-
-Axiom is_to_sint64 : forall (x:Numbers.BinNums.Z), is_sint64 (to_sint64 x).
-
-Axiom id_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_uint n x <-> ((to_uint n x) = x).
-
-Axiom id_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_sint n x <-> ((to_sint n x) = x).
-
-Axiom id_uint8 :
- forall (x:Numbers.BinNums.Z), is_uint8 x -> ((to_uint8 x) = x).
-
-Axiom id_sint8 :
- forall (x:Numbers.BinNums.Z), is_sint8 x -> ((to_sint8 x) = x).
-
-Axiom id_uint16 :
- forall (x:Numbers.BinNums.Z), is_uint16 x -> ((to_uint16 x) = x).
-
-Axiom id_sint16 :
- forall (x:Numbers.BinNums.Z), is_sint16 x -> ((to_sint16 x) = x).
-
-Axiom id_uint32 :
- forall (x:Numbers.BinNums.Z), is_uint32 x -> ((to_uint32 x) = x).
-
-Axiom id_sint32 :
- forall (x:Numbers.BinNums.Z), is_sint32 x -> ((to_sint32 x) = x).
-
-Axiom id_uint64 :
- forall (x:Numbers.BinNums.Z), is_uint64 x -> ((to_uint64 x) = x).
-
-Axiom id_sint64 :
- forall (x:Numbers.BinNums.Z), is_sint64 x -> ((to_sint64 x) = x).
-
-Axiom proj_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_uint n (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_sint n x)) = (to_sint n x)).
-
-Axiom proj_uint8 :
- forall (x:Numbers.BinNums.Z), ((to_uint8 (to_uint8 x)) = (to_uint8 x)).
-
-Axiom proj_sint8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_sint8 x)) = (to_sint8 x)).
-
-Axiom proj_uint16 :
- forall (x:Numbers.BinNums.Z), ((to_uint16 (to_uint16 x)) = (to_uint16 x)).
-
-Axiom proj_sint16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_sint16 x)) = (to_sint16 x)).
-
-Axiom proj_uint32 :
- forall (x:Numbers.BinNums.Z), ((to_uint32 (to_uint32 x)) = (to_uint32 x)).
-
-Axiom proj_sint32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_sint32 x)) = (to_sint32 x)).
-
-Axiom proj_uint64 :
- forall (x:Numbers.BinNums.Z), ((to_uint64 (to_uint64 x)) = (to_uint64 x)).
-
-Axiom proj_sint64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_sint64 x)) = (to_sint64 x)).
-
-Axiom proj_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_uint n x)) = (to_uint n x)).
-
-Axiom incl_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n x ->
- is_sint n x.
-
-Axiom proj_su_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint (m + n)%Z (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_su_sint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint n (to_uint (m + (n + 1%Z)%Z)%Z x)) = (to_sint n x)).
-
-Axiom proj_int8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_uint8 x)) = (to_sint8 x)).
-
-Axiom proj_int16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_uint16 x)) = (to_sint16 x)).
-
-Axiom proj_int32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_uint32 x)) = (to_sint32 x)).
-
-Axiom proj_int64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_uint64 x)) = (to_sint64 x)).
-
-Axiom proj_us_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_uint (n + 1%Z)%Z (to_sint (m + n)%Z x)) = (to_uint (n + 1%Z)%Z x)).
-
-Axiom incl_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_uint (n + i)%Z x.
-
-Axiom incl_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_sint n x -> is_sint (n + i)%Z x.
-
-Axiom incl_int :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_sint (n + i)%Z x.
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (i:Numbers.BinNums.Z) (r:Reals.Rdefinitions.R), ~ (i = 0%Z) ->
- (r <= 10%R)%R -> ((-10%R)%R <= r)%R -> (0%R <= r)%R -> is_sint32 i ->
- (0%R <= (2%R * r)%R)%R.
-Proof.
- intros.
- Require Import Fourier.
- fourier.
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_rte_is_nan_or_infinite.v b/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_rte_is_nan_or_infinite.v
deleted file mode 100644
index 5b6c4be6ab5fb2f3e2580d9c03a5f35d1cb93401..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_rte_is_nan_or_infinite.v
+++ /dev/null
@@ -1,1996 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require Reals.Rbasic_fun.
-Require Reals.R_sqrt.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.Abs.
-Require real.FromInt.
-Require real.Square.
-Require map.Map.
-Require bv.Pow2int.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-Axiom abs_def :
- forall (x:Numbers.BinNums.Z),
- ((0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = x)) /\
- (~ (0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = (-x)%Z)).
-
-Axiom sqrt_lin1 :
- forall (x:Reals.Rdefinitions.R), (1%R < x)%R ->
- ((Reals.R_sqrt.sqrt x) < x)%R.
-
-Axiom sqrt_lin0 :
- forall (x:Reals.Rdefinitions.R), (0%R < x)%R /\ (x < 1%R)%R ->
- (x < (Reals.R_sqrt.sqrt x))%R.
-
-Axiom sqrt_0 : ((Reals.R_sqrt.sqrt 0%R) = 0%R).
-
-Axiom sqrt_1 : ((Reals.R_sqrt.sqrt 1%R) = 1%R).
-
-(* Why3 assumption *)
-Inductive mode :=
- | RNE : mode
- | RNA : mode
- | RTP : mode
- | RTN : mode
- | RTZ : mode.
-Axiom mode_WhyType : WhyType mode.
-Existing Instance mode_WhyType.
-
-(* Why3 assumption *)
-Definition to_nearest (m:mode) : Prop := (m = RNE) \/ (m = RNA).
-
-Axiom t : Type.
-Parameter t_WhyType : WhyType t.
-Existing Instance t_WhyType.
-
-Parameter t'real: t -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite: t -> Prop.
-
-Axiom t'axiom :
- forall (x:t), t'isFinite x ->
- ((-340282346638528859811704183484516925440%R)%R <= (t'real x))%R /\
- ((t'real x) <= 340282346638528859811704183484516925440%R)%R.
-
-Parameter truncate: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Truncate_int :
- forall (i:Numbers.BinNums.Z), ((truncate (BuiltIn.IZR i)) = i).
-
-Axiom Truncate_down_pos :
- forall (x:Reals.Rdefinitions.R), (0%R <= x)%R ->
- ((BuiltIn.IZR (truncate x)) <= x)%R /\
- (x < (BuiltIn.IZR ((truncate x) + 1%Z)%Z))%R.
-
-Axiom Truncate_up_neg :
- forall (x:Reals.Rdefinitions.R), (x <= 0%R)%R ->
- ((BuiltIn.IZR ((truncate x) - 1%Z)%Z) < x)%R /\
- (x <= (BuiltIn.IZR (truncate x)))%R.
-
-Axiom Real_of_truncate :
- forall (x:Reals.Rdefinitions.R),
- ((x - 1%R)%R <= (BuiltIn.IZR (truncate x)))%R /\
- ((BuiltIn.IZR (truncate x)) <= (x + 1%R)%R)%R.
-
-Axiom Truncate_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((truncate x) <= (truncate y))%Z.
-
-Axiom Truncate_monotonic_int1 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- (x <= (BuiltIn.IZR i))%R -> ((truncate x) <= i)%Z.
-
-Axiom Truncate_monotonic_int2 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- ((BuiltIn.IZR i) <= x)%R -> (i <= (truncate x))%Z.
-
-Parameter floor: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Parameter ceil: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Floor_int :
- forall (i:Numbers.BinNums.Z), ((floor (BuiltIn.IZR i)) = i).
-
-Axiom Ceil_int : forall (i:Numbers.BinNums.Z), ((ceil (BuiltIn.IZR i)) = i).
-
-Axiom Floor_down :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR (floor x)) <= x)%R /\
- (x < (BuiltIn.IZR ((floor x) + 1%Z)%Z))%R.
-
-Axiom Ceil_up :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR ((ceil x) - 1%Z)%Z) < x)%R /\ (x <= (BuiltIn.IZR (ceil x)))%R.
-
-Axiom Floor_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((floor x) <= (floor y))%Z.
-
-Axiom Ceil_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((ceil x) <= (ceil y))%Z.
-
-Parameter zeroF: t.
-
-Parameter add: mode -> t -> t -> t.
-
-Parameter sub: mode -> t -> t -> t.
-
-Parameter mul: mode -> t -> t -> t.
-
-Parameter div: mode -> t -> t -> t.
-
-Parameter abs: t -> t.
-
-Parameter neg: t -> t.
-
-Parameter fma: mode -> t -> t -> t -> t.
-
-Parameter sqrt: mode -> t -> t.
-
-Parameter roundToIntegral: mode -> t -> t.
-
-Parameter min: t -> t -> t.
-
-Parameter max: t -> t -> t.
-
-Parameter le: t -> t -> Prop.
-
-Parameter lt: t -> t -> Prop.
-
-Parameter eq: t -> t -> Prop.
-
-Parameter is_normal: t -> Prop.
-
-Parameter is_subnormal: t -> Prop.
-
-Parameter is_zero: t -> Prop.
-
-Parameter is_infinite: t -> Prop.
-
-Parameter is_nan: t -> Prop.
-
-Parameter is_positive: t -> Prop.
-
-Parameter is_negative: t -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity (x:t) : Prop := is_infinite x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity (x:t) : Prop := is_infinite x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_plus_zero (x:t) : Prop := is_zero x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_zero (x:t) : Prop := is_zero x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_not_nan (x:t) : Prop := t'isFinite x \/ is_infinite x.
-
-Axiom is_not_nan1 : forall (x:t), is_not_nan x <-> ~ is_nan x.
-
-Axiom is_not_finite :
- forall (x:t), ~ t'isFinite x <-> is_infinite x \/ is_nan x.
-
-Axiom zeroF_is_positive : is_positive zeroF.
-
-Axiom zeroF_is_zero : is_zero zeroF.
-
-Axiom zero_to_real :
- forall (x:t), is_zero x <-> t'isFinite x /\ ((t'real x) = 0%R).
-
-Parameter of_int: mode -> Numbers.BinNums.Z -> t.
-
-Parameter to_int: mode -> t -> Numbers.BinNums.Z.
-
-Axiom zero_of_int : forall (m:mode), (zeroF = (of_int m 0%Z)).
-
-Parameter round: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int: Numbers.BinNums.Z.
-
-Axiom max_real_int :
- ((33554430 * 10141204801825835211973625643008)%R = (BuiltIn.IZR max_int)).
-
-(* Why3 assumption *)
-Definition in_range (x:Reals.Rdefinitions.R) : Prop :=
- ((-(33554430 * 10141204801825835211973625643008)%R)%R <= x)%R /\
- (x <= (33554430 * 10141204801825835211973625643008)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int)%Z <= i)%Z /\ (i <= max_int)%Z.
-
-Axiom is_finite : forall (x:t), t'isFinite x -> in_range (t'real x).
-
-(* Why3 assumption *)
-Definition no_overflow (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range (round m x).
-
-Axiom Bounded_real_no_overflow :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range x -> no_overflow m x.
-
-Axiom Round_monotonic :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round m x) <= (round m y))%R.
-
-Axiom Round_idempotent :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round m1 (round m2 x)) = (round m2 x)).
-
-Axiom Round_to_real :
- forall (m:mode) (x:t), t'isFinite x -> ((round m (t'real x)) = (t'real x)).
-
-Axiom Round_down_le :
- forall (x:Reals.Rdefinitions.R), ((round RTN x) <= x)%R.
-
-Axiom Round_up_ge : forall (x:Reals.Rdefinitions.R), (x <= (round RTP x))%R.
-
-Axiom Round_down_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTN (-x)%R) = (-(round RTP x))%R).
-
-Axiom Round_up_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTP (-x)%R) = (-(round RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-16777216%Z)%Z <= i)%Z /\ (i <= 16777216%Z)%Z.
-
-Axiom Exact_rounding_for_integers :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((round m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_positive y \/ is_negative x /\ is_negative y.
-
-(* Why3 assumption *)
-Definition diff_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_negative y \/ is_negative x /\ is_positive y.
-
-Axiom feq_eq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero x ->
- eq x y -> (x = y).
-
-Axiom eq_feq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> (x = y) -> eq x y.
-
-Axiom eq_refl : forall (x:t), t'isFinite x -> eq x x.
-
-Axiom eq_sym : forall (x:t) (y:t), eq x y -> eq y x.
-
-Axiom eq_trans : forall (x:t) (y:t) (z:t), eq x y -> eq y z -> eq x z.
-
-Axiom eq_zero : eq zeroF (neg zeroF).
-
-Axiom eq_to_real_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- eq x y <-> ((t'real x) = (t'real y)).
-
-Axiom eq_special :
- forall (x:t) (y:t), eq x y ->
- is_not_nan x /\
- is_not_nan y /\
- (t'isFinite x /\ t'isFinite y \/
- is_infinite x /\ is_infinite y /\ same_sign x y).
-
-Axiom lt_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- lt x y <-> ((t'real x) < (t'real y))%R.
-
-Axiom le_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- le x y <-> ((t'real x) <= (t'real y))%R.
-
-Axiom le_lt_trans : forall (x:t) (y:t) (z:t), le x y /\ lt y z -> lt x z.
-
-Axiom lt_le_trans : forall (x:t) (y:t) (z:t), lt x y /\ le y z -> lt x z.
-
-Axiom le_ge_asym : forall (x:t) (y:t), le x y /\ le y x -> eq x y.
-
-Axiom not_lt_ge :
- forall (x:t) (y:t), ~ lt x y /\ is_not_nan x /\ is_not_nan y -> le y x.
-
-Axiom not_gt_le :
- forall (x:t) (y:t), ~ lt y x /\ is_not_nan x /\ is_not_nan y -> le x y.
-
-Axiom le_special :
- forall (x:t) (y:t), le x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y \/ is_not_nan x /\ is_plus_infinity y.
-
-Axiom lt_special :
- forall (x:t) (y:t), lt x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y /\ ~ is_minus_infinity y \/
- is_not_nan x /\ ~ is_plus_infinity x /\ is_plus_infinity y.
-
-Axiom lt_lt_finite :
- forall (x:t) (y:t) (z:t), lt x y -> lt y z -> t'isFinite y.
-
-Axiom positive_to_real :
- forall (x:t), t'isFinite x -> is_positive x -> (0%R <= (t'real x))%R.
-
-Axiom to_real_positive :
- forall (x:t), t'isFinite x -> (0%R < (t'real x))%R -> is_positive x.
-
-Axiom negative_to_real :
- forall (x:t), t'isFinite x -> is_negative x -> ((t'real x) <= 0%R)%R.
-
-Axiom to_real_negative :
- forall (x:t), t'isFinite x -> ((t'real x) < 0%R)%R -> is_negative x.
-
-Axiom negative_xor_positive :
- forall (x:t), ~ (is_positive x /\ is_negative x).
-
-Axiom negative_or_positive :
- forall (x:t), is_not_nan x -> is_positive x \/ is_negative x.
-
-Axiom diff_sign_trans :
- forall (x:t) (y:t) (z:t), diff_sign x y /\ diff_sign y z -> same_sign x z.
-
-Axiom diff_sign_product :
- forall (x:t) (y:t),
- t'isFinite x /\ t'isFinite y /\ (((t'real x) * (t'real y))%R < 0%R)%R ->
- diff_sign x y.
-
-Axiom same_sign_product :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y /\ same_sign x y ->
- (0%R <= ((t'real x) * (t'real y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign (z:t) (x:t) (y:t) : Prop :=
- (same_sign x y -> is_positive z) /\ (diff_sign x y -> is_negative z).
-
-(* Why3 assumption *)
-Definition overflow_value (m:mode) (x:t) : Prop :=
- match m with
- | RTN =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x -> is_infinite x)
- | RTP =>
- (is_positive x -> is_infinite x) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RTZ =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RNA|RNE => is_infinite x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result (m:mode) (x:t) : Prop :=
- is_zero x -> match m with
- | RTN => is_negative x
- | _ => is_positive x
- end.
-
-Axiom add_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) + (t'real y))%R ->
- t'isFinite (add m x y) /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom add_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (add m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom add_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (add m x y) ->
- no_overflow m ((t'real x) + (t'real y))%R /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom sub_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) - (t'real y))%R ->
- t'isFinite (sub m x y) /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom sub_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (sub m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom sub_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (sub m x y) ->
- no_overflow m ((t'real x) - (t'real y))%R /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom mul_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) * (t'real y))%R ->
- t'isFinite (mul m x y) /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom mul_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (mul m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom mul_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (mul m x y) ->
- no_overflow m ((t'real x) * (t'real y))%R /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom div_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero y ->
- no_overflow m ((t'real x) / (t'real y))%R ->
- t'isFinite (div m x y) /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom div_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (div m x y) ->
- t'isFinite x /\ t'isFinite y /\ ~ is_zero y \/
- t'isFinite x /\ is_infinite y /\ ((t'real (div m x y)) = 0%R).
-
-Axiom div_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (div m x y) ->
- t'isFinite y ->
- no_overflow m ((t'real x) / (t'real y))%R /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom neg_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (neg x) /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom neg_finite_rev :
- forall (x:t), t'isFinite (neg x) ->
- t'isFinite x /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom abs_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (abs x) /\
- ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))) /\
- is_positive (abs x).
-
-Axiom abs_finite_rev :
- forall (x:t), t'isFinite (abs x) ->
- t'isFinite x /\ ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))).
-
-Axiom abs_universal : forall (x:t), ~ is_negative (abs x).
-
-Axiom fma_finite :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite x -> t'isFinite y ->
- t'isFinite z ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- t'isFinite (fma m x y z) /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom fma_finite_rev :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite (fma m x y z) ->
- t'isFinite x /\ t'isFinite y /\ t'isFinite z.
-
-Axiom fma_finite_rev_n :
- forall (m:mode) (x:t) (y:t) (z:t), to_nearest m ->
- t'isFinite (fma m x y z) ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom sqrt_finite :
- forall (m:mode) (x:t), t'isFinite x -> (0%R <= (t'real x))%R ->
- t'isFinite (sqrt m x) /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-Axiom sqrt_finite_rev :
- forall (m:mode) (x:t), t'isFinite (sqrt m x) ->
- t'isFinite x /\
- (0%R <= (t'real x))%R /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real (x:t) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive x /\ (0%R < r)%R \/ is_negative x /\ (r < 0%R)%R.
-
-Axiom add_special :
- forall (m:mode) (x:t) (y:t),
- let r := add m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ same_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) + (t'real y))%R ->
- same_sign_real r ((t'real x) + (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (same_sign x y -> same_sign r x) /\
- (~ same_sign x y -> sign_zero_result m r)).
-
-Axiom sub_special :
- forall (m:mode) (x:t) (y:t),
- let r := sub m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ diff_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y -> is_nan r) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) - (t'real y))%R ->
- same_sign_real r ((t'real x) - (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (diff_sign x y -> same_sign r x) /\
- (~ diff_sign x y -> sign_zero_result m r)).
-
-Axiom mul_special :
- forall (m:mode) (x:t) (y:t),
- let r := mul m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y /\ ~ is_zero x -> is_infinite r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_infinite r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) * (t'real y))%R ->
- overflow_value m r) /\
- (~ is_nan r -> product_sign r x y).
-
-Axiom div_special :
- forall (m:mode) (x:t) (y:t),
- let r := div m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_zero r) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ is_zero y /\ ~ no_overflow m ((t'real x) / (t'real y))%R ->
- overflow_value m r) /\
- (t'isFinite x /\ is_zero y /\ ~ is_zero x -> is_infinite r) /\
- (is_zero x /\ is_zero y -> is_nan r) /\ (~ is_nan r -> product_sign r x y).
-
-Axiom neg_special :
- forall (x:t),
- (is_nan x -> is_nan (neg x)) /\
- (is_infinite x -> is_infinite (neg x)) /\
- (~ is_nan x -> diff_sign x (neg x)).
-
-Axiom abs_special :
- forall (x:t),
- (is_nan x -> is_nan (abs x)) /\
- (is_infinite x -> is_infinite (abs x)) /\
- (~ is_nan x -> is_positive (abs x)).
-
-Axiom fma_special :
- forall (m:mode) (x:t) (y:t) (z:t),
- let r := fma m x y z in
- (is_nan x \/ is_nan y \/ is_nan z -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ t'isFinite y /\ is_infinite z ->
- is_infinite r /\ same_sign r z) /\
- (is_infinite x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (t'isFinite x /\
- t'isFinite y /\
- t'isFinite z /\
- ~ no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- same_sign_real r (((t'real x) * (t'real y))%R + (t'real z))%R /\
- overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y /\ t'isFinite z ->
- (product_sign z x y -> same_sign r z) /\
- (~ product_sign z x y ->
- ((((t'real x) * (t'real y))%R + (t'real z))%R = 0%R) ->
- ((m = RTN) -> is_negative r) /\ (~ (m = RTN) -> is_positive r))).
-
-Axiom sqrt_special :
- forall (m:mode) (x:t),
- let r := sqrt m x in
- (is_nan x -> is_nan r) /\
- (is_plus_infinity x -> is_plus_infinity r) /\
- (is_minus_infinity x -> is_nan r) /\
- (t'isFinite x /\ ((t'real x) < 0%R)%R -> is_nan r) /\
- (is_zero x -> same_sign r x) /\
- (t'isFinite x /\ (0%R < (t'real x))%R -> is_positive r).
-
-Axiom of_int_add_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i + j)%Z ->
- eq (of_int m (i + j)%Z) (add n (of_int m i) (of_int m j)).
-
-Axiom of_int_sub_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i - j)%Z ->
- eq (of_int m (i - j)%Z) (sub n (of_int m i) (of_int m j)).
-
-Axiom of_int_mul_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i * j)%Z ->
- eq (of_int m (i * j)%Z) (mul n (of_int m i) (of_int m j)).
-
-Axiom Min_r : forall (x:t) (y:t), le y x -> eq (min x y) y.
-
-Axiom Min_l : forall (x:t) (y:t), le x y -> eq (min x y) x.
-
-Axiom Max_r : forall (x:t) (y:t), le y x -> eq (max x y) x.
-
-Axiom Max_l : forall (x:t) (y:t), le x y -> eq (max x y) y.
-
-Parameter is_int: t -> Prop.
-
-Axiom zeroF_is_int : is_int zeroF.
-
-Axiom of_int_is_int :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range x ->
- is_int (of_int m x).
-
-Axiom big_float_is_int :
- forall (m:mode) (i:t), t'isFinite i ->
- le i (neg (of_int m 16777216%Z)) \/ le (of_int m 16777216%Z) i -> is_int i.
-
-Axiom roundToIntegral_is_int :
- forall (m:mode) (x:t), t'isFinite x -> is_int (roundToIntegral m x).
-
-Axiom eq_is_int : forall (x:t) (y:t), eq x y -> is_int x -> is_int y.
-
-Axiom add_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (add m x y) -> is_int (add m x y).
-
-Axiom sub_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (sub m x y) -> is_int (sub m x y).
-
-Axiom mul_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (mul m x y) -> is_int (mul m x y).
-
-Axiom fma_int :
- forall (x:t) (y:t) (z:t) (m:mode), is_int x -> is_int y -> is_int z ->
- t'isFinite (fma m x y z) -> is_int (fma m x y z).
-
-Axiom neg_int : forall (x:t), is_int x -> is_int (neg x).
-
-Axiom abs_int : forall (x:t), is_int x -> is_int (abs x).
-
-Axiom is_int_of_int :
- forall (x:t) (m:mode) (m':mode), is_int x -> eq x (of_int m' (to_int m x)).
-
-Axiom is_int_to_int :
- forall (m:mode) (x:t), is_int x -> in_int_range (to_int m x).
-
-Axiom is_int_is_finite : forall (x:t), is_int x -> t'isFinite x.
-
-Axiom int_to_real :
- forall (m:mode) (x:t), is_int x ->
- ((t'real x) = (BuiltIn.IZR (to_int m x))).
-
-Axiom truncate_int :
- forall (m:mode) (i:t), is_int i -> eq (roundToIntegral m i) i.
-
-Axiom truncate_neg :
- forall (x:t), t'isFinite x -> is_negative x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTP x)).
-
-Axiom truncate_pos :
- forall (x:t), t'isFinite x -> is_positive x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTN x)).
-
-Axiom ceil_le : forall (x:t), t'isFinite x -> le x (roundToIntegral RTP x).
-
-Axiom ceil_lest :
- forall (x:t) (y:t), le x y /\ is_int y -> le (roundToIntegral RTP x) y.
-
-Axiom ceil_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTP x)) = (BuiltIn.IZR (ceil (t'real x)))).
-
-Axiom ceil_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTP x)) = (ceil (t'real x))).
-
-Axiom floor_le : forall (x:t), t'isFinite x -> le (roundToIntegral RTN x) x.
-
-Axiom floor_lest :
- forall (x:t) (y:t), le y x /\ is_int y -> le y (roundToIntegral RTN x).
-
-Axiom floor_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTN x)) = (BuiltIn.IZR (floor (t'real x)))).
-
-Axiom floor_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTN x)) = (floor (t'real x))).
-
-Axiom RNA_down :
- forall (x:t),
- lt (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up :
- forall (x:t),
- lt (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom RNA_down_tie :
- forall (x:t),
- eq (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- is_negative x -> ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up_tie :
- forall (x:t),
- eq (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- is_positive x -> ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom to_int_roundToIntegral :
- forall (m:mode) (x:t), ((to_int m x) = (to_int m (roundToIntegral m x))).
-
-Axiom to_int_monotonic :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> le x y ->
- ((to_int m x) <= (to_int m y))%Z.
-
-Axiom to_int_of_int :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((to_int m (of_int m i)) = i).
-
-Axiom eq_to_int :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> eq x y ->
- ((to_int m x) = (to_int m y)).
-
-Axiom neg_to_int :
- forall (m:mode) (x:t), is_int x -> ((to_int m (neg x)) = (-(to_int m x))%Z).
-
-Axiom roundToIntegral_is_finite :
- forall (m:mode) (x:t), t'isFinite x -> t'isFinite (roundToIntegral m x).
-
-Axiom round_bound_ne :
- forall (x:Reals.Rdefinitions.R), no_overflow RNE x ->
- (((x - ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 1427247692705959881058285969449495136382746624)%R)%R
- <= (round RNE x))%R /\
- ((round RNE x) <=
- ((x + ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 1427247692705959881058285969449495136382746624)%R)%R)%R.
-
-Axiom round_bound :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow m x ->
- (((x - ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 713623846352979940529142984724747568191373312)%R)%R
- <= (round m x))%R /\
- ((round m x) <=
- ((x + ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 713623846352979940529142984724747568191373312)%R)%R)%R.
-
-Axiom t1 : Type.
-Parameter t1_WhyType : WhyType t1.
-Existing Instance t1_WhyType.
-
-Parameter t'real1: t1 -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite1: t1 -> Prop.
-
-Axiom t'axiom1 :
- forall (x:t1), t'isFinite1 x ->
- ((-179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R
- <= (t'real1 x))%R /\
- ((t'real1 x) <=
- 179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R.
-
-Parameter zeroF1: t1.
-
-Parameter add1: mode -> t1 -> t1 -> t1.
-
-Parameter sub1: mode -> t1 -> t1 -> t1.
-
-Parameter mul1: mode -> t1 -> t1 -> t1.
-
-Parameter div1: mode -> t1 -> t1 -> t1.
-
-Parameter abs1: t1 -> t1.
-
-Parameter neg1: t1 -> t1.
-
-Parameter fma1: mode -> t1 -> t1 -> t1 -> t1.
-
-Parameter sqrt1: mode -> t1 -> t1.
-
-Parameter roundToIntegral1: mode -> t1 -> t1.
-
-Parameter min1: t1 -> t1 -> t1.
-
-Parameter max1: t1 -> t1 -> t1.
-
-Parameter le1: t1 -> t1 -> Prop.
-
-Parameter lt1: t1 -> t1 -> Prop.
-
-Parameter eq1: t1 -> t1 -> Prop.
-
-Parameter is_normal1: t1 -> Prop.
-
-Parameter is_subnormal1: t1 -> Prop.
-
-Parameter is_zero1: t1 -> Prop.
-
-Parameter is_infinite1: t1 -> Prop.
-
-Parameter is_nan1: t1 -> Prop.
-
-Parameter is_positive1: t1 -> Prop.
-
-Parameter is_negative1: t1 -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_plus_zero1 (x:t1) : Prop := is_zero1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_zero1 (x:t1) : Prop := is_zero1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_not_nan2 (x:t1) : Prop := t'isFinite1 x \/ is_infinite1 x.
-
-Axiom is_not_nan3 : forall (x:t1), is_not_nan2 x <-> ~ is_nan1 x.
-
-Axiom is_not_finite1 :
- forall (x:t1), ~ t'isFinite1 x <-> is_infinite1 x \/ is_nan1 x.
-
-Axiom zeroF_is_positive1 : is_positive1 zeroF1.
-
-Axiom zeroF_is_zero1 : is_zero1 zeroF1.
-
-Axiom zero_to_real1 :
- forall (x:t1), is_zero1 x <-> t'isFinite1 x /\ ((t'real1 x) = 0%R).
-
-Parameter of_int1: mode -> Numbers.BinNums.Z -> t1.
-
-Parameter to_int1: mode -> t1 -> Numbers.BinNums.Z.
-
-Axiom zero_of_int1 : forall (m:mode), (zeroF1 = (of_int1 m 0%Z)).
-
-Parameter round1: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int1: Numbers.BinNums.Z.
-
-Axiom max_real_int1 :
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- = (BuiltIn.IZR max_int1)).
-
-(* Why3 assumption *)
-Definition in_range1 (x:Reals.Rdefinitions.R) : Prop :=
- ((-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R
- <= x)%R /\
- (x <=
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int1)%Z <= i)%Z /\ (i <= max_int1)%Z.
-
-Axiom is_finite1 : forall (x:t1), t'isFinite1 x -> in_range1 (t'real1 x).
-
-(* Why3 assumption *)
-Definition no_overflow1 (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range1 (round1 m x).
-
-Axiom Bounded_real_no_overflow1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range1 x -> no_overflow1 m x.
-
-Axiom Round_monotonic1 :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round1 m x) <= (round1 m y))%R.
-
-Axiom Round_idempotent1 :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round1 m2 x)) = (round1 m2 x)).
-
-Axiom Round_to_real1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((round1 m (t'real1 x)) = (t'real1 x)).
-
-Axiom Round_down_le1 :
- forall (x:Reals.Rdefinitions.R), ((round1 RTN x) <= x)%R.
-
-Axiom Round_up_ge1 :
- forall (x:Reals.Rdefinitions.R), (x <= (round1 RTP x))%R.
-
-Axiom Round_down_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTN (-x)%R) = (-(round1 RTP x))%R).
-
-Axiom Round_up_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTP (-x)%R) = (-(round1 RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-9007199254740992%Z)%Z <= i)%Z /\ (i <= 9007199254740992%Z)%Z.
-
-Axiom Exact_rounding_for_integers1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((round1 m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_positive1 y \/ is_negative1 x /\ is_negative1 y.
-
-(* Why3 assumption *)
-Definition diff_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_negative1 y \/ is_negative1 x /\ is_positive1 y.
-
-Axiom feq_eq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> ~ is_zero1 x ->
- eq1 x y -> (x = y).
-
-Axiom eq_feq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> (x = y) -> eq1 x y.
-
-Axiom eq_refl1 : forall (x:t1), t'isFinite1 x -> eq1 x x.
-
-Axiom eq_sym1 : forall (x:t1) (y:t1), eq1 x y -> eq1 y x.
-
-Axiom eq_trans1 : forall (x:t1) (y:t1) (z:t1), eq1 x y -> eq1 y z -> eq1 x z.
-
-Axiom eq_zero1 : eq1 zeroF1 (neg1 zeroF1).
-
-Axiom eq_to_real_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- eq1 x y <-> ((t'real1 x) = (t'real1 y)).
-
-Axiom eq_special1 :
- forall (x:t1) (y:t1), eq1 x y ->
- is_not_nan2 x /\
- is_not_nan2 y /\
- (t'isFinite1 x /\ t'isFinite1 y \/
- is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y).
-
-Axiom lt_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- lt1 x y <-> ((t'real1 x) < (t'real1 y))%R.
-
-Axiom le_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- le1 x y <-> ((t'real1 x) <= (t'real1 y))%R.
-
-Axiom le_lt_trans1 :
- forall (x:t1) (y:t1) (z:t1), le1 x y /\ lt1 y z -> lt1 x z.
-
-Axiom lt_le_trans1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y /\ le1 y z -> lt1 x z.
-
-Axiom le_ge_asym1 : forall (x:t1) (y:t1), le1 x y /\ le1 y x -> eq1 x y.
-
-Axiom not_lt_ge1 :
- forall (x:t1) (y:t1), ~ lt1 x y /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 y x.
-
-Axiom not_gt_le1 :
- forall (x:t1) (y:t1), ~ lt1 y x /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 x y.
-
-Axiom le_special1 :
- forall (x:t1) (y:t1), le1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y \/
- is_not_nan2 x /\ is_plus_infinity1 y.
-
-Axiom lt_special1 :
- forall (x:t1) (y:t1), lt1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y /\ ~ is_minus_infinity1 y \/
- is_not_nan2 x /\ ~ is_plus_infinity1 x /\ is_plus_infinity1 y.
-
-Axiom lt_lt_finite1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y -> lt1 y z -> t'isFinite1 y.
-
-Axiom positive_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x -> (0%R <= (t'real1 x))%R.
-
-Axiom to_real_positive1 :
- forall (x:t1), t'isFinite1 x -> (0%R < (t'real1 x))%R -> is_positive1 x.
-
-Axiom negative_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x -> ((t'real1 x) <= 0%R)%R.
-
-Axiom to_real_negative1 :
- forall (x:t1), t'isFinite1 x -> ((t'real1 x) < 0%R)%R -> is_negative1 x.
-
-Axiom negative_xor_positive1 :
- forall (x:t1), ~ (is_positive1 x /\ is_negative1 x).
-
-Axiom negative_or_positive1 :
- forall (x:t1), is_not_nan2 x -> is_positive1 x \/ is_negative1 x.
-
-Axiom diff_sign_trans1 :
- forall (x:t1) (y:t1) (z:t1), diff_sign1 x y /\ diff_sign1 y z ->
- same_sign1 x z.
-
-Axiom diff_sign_product1 :
- forall (x:t1) (y:t1),
- t'isFinite1 x /\ t'isFinite1 y /\ (((t'real1 x) * (t'real1 y))%R < 0%R)%R ->
- diff_sign1 x y.
-
-Axiom same_sign_product1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y /\ same_sign1 x y ->
- (0%R <= ((t'real1 x) * (t'real1 y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign1 (z:t1) (x:t1) (y:t1) : Prop :=
- (same_sign1 x y -> is_positive1 z) /\ (diff_sign1 x y -> is_negative1 z).
-
-(* Why3 assumption *)
-Definition overflow_value1 (m:mode) (x:t1) : Prop :=
- match m with
- | RTN =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x -> is_infinite1 x)
- | RTP =>
- (is_positive1 x -> is_infinite1 x) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RTZ =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RNA|RNE => is_infinite1 x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result1 (m:mode) (x:t1) : Prop :=
- is_zero1 x -> match m with
- | RTN => is_negative1 x
- | _ => is_positive1 x
- end.
-
-Axiom add_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- t'isFinite1 (add1 m x y) /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom add_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (add1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom add_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (add1 m x y) ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom sub_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- t'isFinite1 (sub1 m x y) /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom sub_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (sub1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom sub_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (sub1 m x y) ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom mul_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- t'isFinite1 (mul1 m x y) /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom mul_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (mul1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom mul_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (mul1 m x y) ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom div_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- ~ is_zero1 y -> no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- t'isFinite1 (div1 m x y) /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom div_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (div1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y \/
- t'isFinite1 x /\ is_infinite1 y /\ ((t'real1 (div1 m x y)) = 0%R).
-
-Axiom div_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (div1 m x y) ->
- t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) / (t'real1 y))%R /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom neg_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (neg1 x) /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom neg_finite_rev1 :
- forall (x:t1), t'isFinite1 (neg1 x) ->
- t'isFinite1 x /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom abs_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (abs1 x) /\
- ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))) /\
- is_positive1 (abs1 x).
-
-Axiom abs_finite_rev1 :
- forall (x:t1), t'isFinite1 (abs1 x) ->
- t'isFinite1 x /\ ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))).
-
-Axiom abs_universal1 : forall (x:t1), ~ is_negative1 (abs1 x).
-
-Axiom fma_finite1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 x -> t'isFinite1 y ->
- t'isFinite1 z ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- t'isFinite1 (fma1 m x y z) /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom fma_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 (fma1 m x y z) ->
- t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z.
-
-Axiom fma_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), to_nearest m ->
- t'isFinite1 (fma1 m x y z) ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom sqrt_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> (0%R <= (t'real1 x))%R ->
- t'isFinite1 (sqrt1 m x) /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-Axiom sqrt_finite_rev1 :
- forall (m:mode) (x:t1), t'isFinite1 (sqrt1 m x) ->
- t'isFinite1 x /\
- (0%R <= (t'real1 x))%R /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real1 (x:t1) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive1 x /\ (0%R < r)%R \/ is_negative1 x /\ (r < 0%R)%R.
-
-Axiom add_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := add1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ same_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) + (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (same_sign1 x y -> same_sign1 r x) /\
- (~ same_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom sub_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := sub1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ diff_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y -> is_nan1 r) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) - (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (diff_sign1 x y -> same_sign1 r x) /\
- (~ diff_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom mul_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := mul1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_infinite1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- overflow_value1 m r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom div_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := div1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_zero1 r) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- ~ is_zero1 y /\ ~ no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- overflow_value1 m r) /\
- (t'isFinite1 x /\ is_zero1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_zero1 x /\ is_zero1 y -> is_nan1 r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom neg_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (neg1 x)) /\
- (is_infinite1 x -> is_infinite1 (neg1 x)) /\
- (~ is_nan1 x -> diff_sign1 x (neg1 x)).
-
-Axiom abs_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (abs1 x)) /\
- (is_infinite1 x -> is_infinite1 (abs1 x)) /\
- (~ is_nan1 x -> is_positive1 (abs1 x)).
-
-Axiom fma_special1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1),
- let r := fma1 m x y z in
- (is_nan1 x \/ is_nan1 y \/ is_nan1 z -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ is_infinite1 z ->
- is_infinite1 r /\ same_sign1 r z) /\
- (is_infinite1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- t'isFinite1 z /\
- ~ no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- same_sign_real1 r (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z ->
- (product_sign1 z x y -> same_sign1 r z) /\
- (~ product_sign1 z x y ->
- ((((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R = 0%R) ->
- ((m = RTN) -> is_negative1 r) /\ (~ (m = RTN) -> is_positive1 r))).
-
-Axiom sqrt_special1 :
- forall (m:mode) (x:t1),
- let r := sqrt1 m x in
- (is_nan1 x -> is_nan1 r) /\
- (is_plus_infinity1 x -> is_plus_infinity1 r) /\
- (is_minus_infinity1 x -> is_nan1 r) /\
- (t'isFinite1 x /\ ((t'real1 x) < 0%R)%R -> is_nan1 r) /\
- (is_zero1 x -> same_sign1 r x) /\
- (t'isFinite1 x /\ (0%R < (t'real1 x))%R -> is_positive1 r).
-
-Axiom of_int_add_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i + j)%Z ->
- eq1 (of_int1 m (i + j)%Z) (add1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_sub_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i - j)%Z ->
- eq1 (of_int1 m (i - j)%Z) (sub1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_mul_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i * j)%Z ->
- eq1 (of_int1 m (i * j)%Z) (mul1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom Min_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (min1 x y) y.
-
-Axiom Min_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (min1 x y) x.
-
-Axiom Max_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (max1 x y) x.
-
-Axiom Max_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (max1 x y) y.
-
-Parameter is_int1: t1 -> Prop.
-
-Axiom zeroF_is_int1 : is_int1 zeroF1.
-
-Axiom of_int_is_int1 :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range1 x ->
- is_int1 (of_int1 m x).
-
-Axiom big_float_is_int1 :
- forall (m:mode) (i:t1), t'isFinite1 i ->
- le1 i (neg1 (of_int1 m 9007199254740992%Z)) \/
- le1 (of_int1 m 9007199254740992%Z) i -> is_int1 i.
-
-Axiom roundToIntegral_is_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> is_int1 (roundToIntegral1 m x).
-
-Axiom eq_is_int1 : forall (x:t1) (y:t1), eq1 x y -> is_int1 x -> is_int1 y.
-
-Axiom add_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (add1 m x y) -> is_int1 (add1 m x y).
-
-Axiom sub_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (sub1 m x y) -> is_int1 (sub1 m x y).
-
-Axiom mul_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (mul1 m x y) -> is_int1 (mul1 m x y).
-
-Axiom fma_int1 :
- forall (x:t1) (y:t1) (z:t1) (m:mode), is_int1 x -> is_int1 y ->
- is_int1 z -> t'isFinite1 (fma1 m x y z) -> is_int1 (fma1 m x y z).
-
-Axiom neg_int1 : forall (x:t1), is_int1 x -> is_int1 (neg1 x).
-
-Axiom abs_int1 : forall (x:t1), is_int1 x -> is_int1 (abs1 x).
-
-Axiom is_int_of_int1 :
- forall (x:t1) (m:mode) (m':mode), is_int1 x ->
- eq1 x (of_int1 m' (to_int1 m x)).
-
-Axiom is_int_to_int1 :
- forall (m:mode) (x:t1), is_int1 x -> in_int_range1 (to_int1 m x).
-
-Axiom is_int_is_finite1 : forall (x:t1), is_int1 x -> t'isFinite1 x.
-
-Axiom int_to_real1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((t'real1 x) = (BuiltIn.IZR (to_int1 m x))).
-
-Axiom truncate_int1 :
- forall (m:mode) (i:t1), is_int1 i -> eq1 (roundToIntegral1 m i) i.
-
-Axiom truncate_neg1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTP x)).
-
-Axiom truncate_pos1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTN x)).
-
-Axiom ceil_le1 :
- forall (x:t1), t'isFinite1 x -> le1 x (roundToIntegral1 RTP x).
-
-Axiom ceil_lest1 :
- forall (x:t1) (y:t1), le1 x y /\ is_int1 y ->
- le1 (roundToIntegral1 RTP x) y.
-
-Axiom ceil_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTP x)) = (BuiltIn.IZR (ceil (t'real1 x)))).
-
-Axiom ceil_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTP x)) = (ceil (t'real1 x))).
-
-Axiom floor_le1 :
- forall (x:t1), t'isFinite1 x -> le1 (roundToIntegral1 RTN x) x.
-
-Axiom floor_lest1 :
- forall (x:t1) (y:t1), le1 y x /\ is_int1 y ->
- le1 y (roundToIntegral1 RTN x).
-
-Axiom floor_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTN x)) = (BuiltIn.IZR (floor (t'real1 x)))).
-
-Axiom floor_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTN x)) = (floor (t'real1 x))).
-
-Axiom RNA_down1 :
- forall (x:t1),
- lt1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up1 :
- forall (x:t1),
- lt1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom RNA_down_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) -> is_negative1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) -> is_positive1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom to_int_roundToIntegral1 :
- forall (m:mode) (x:t1),
- ((to_int1 m x) = (to_int1 m (roundToIntegral1 m x))).
-
-Axiom to_int_monotonic1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> le1 x y ->
- ((to_int1 m x) <= (to_int1 m y))%Z.
-
-Axiom to_int_of_int1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((to_int1 m (of_int1 m i)) = i).
-
-Axiom eq_to_int1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> eq1 x y ->
- ((to_int1 m x) = (to_int1 m y)).
-
-Axiom neg_to_int1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((to_int1 m (neg1 x)) = (-(to_int1 m x))%Z).
-
-Axiom roundToIntegral_is_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> t'isFinite1 (roundToIntegral1 m x).
-
-Axiom round_bound_ne1 :
- forall (x:Reals.Rdefinitions.R), no_overflow1 RNE x ->
- (((x - ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R
- <= (round1 RNE x))%R /\
- ((round1 RNE x) <=
- ((x + ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R)%R.
-
-Axiom round_bound1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow1 m x ->
- (((x - ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R
- <= (round1 m x))%R /\
- ((round1 m x) <=
- ((x + ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R)%R.
-
-Parameter to_float64: mode -> t -> t1.
-
-Parameter to_float32: mode -> t1 -> t.
-
-Axiom round_double_single :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round m2 x)) = (round m2 x)).
-
-Axiom to_float64_exact :
- forall (m:mode) (x:t), t'isFinite x ->
- t'isFinite1 (to_float64 m x) /\ ((t'real1 (to_float64 m x)) = (t'real x)).
-
-Axiom to_float32_conv :
- forall (m:mode) (x:t1), t'isFinite1 x -> no_overflow m (t'real1 x) ->
- t'isFinite (to_float32 m x) /\
- ((t'real (to_float32 m x)) = (round m (t'real1 x))).
-
-(* Why3 assumption *)
-Definition f32 := t.
-
-(* Why3 assumption *)
-Definition f64 := t1.
-
-Parameter to_f32: Reals.Rdefinitions.R -> t.
-
-Parameter to_f64: Reals.Rdefinitions.R -> t1.
-
-Axiom to_float_is_finite_32 :
- forall (f:t), t'isFinite f -> eq (to_f32 (t'real f)) f.
-
-Axiom to_f32_range_round :
- forall (x:Reals.Rdefinitions.R), in_range x ->
- ((t'real (to_f32 x)) = (round RNE x)).
-
-Axiom to_f32_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range x -> t'isFinite (to_f32 x).
-
-Axiom to_f32_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x < (-(33554430 * 10141204801825835211973625643008)%R)%R)%R ->
- is_minus_infinity (to_f32 x).
-
-Axiom to_f32_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((33554430 * 10141204801825835211973625643008)%R < x)%R ->
- is_plus_infinity (to_f32 x).
-
-Axiom to_float_is_finite_64 :
- forall (f:t1), t'isFinite1 f -> eq1 (to_f64 (t'real1 f)) f.
-
-Axiom to_f64_range_round :
- forall (x:Reals.Rdefinitions.R), in_range1 x ->
- ((t'real1 (to_f64 x)) = (round1 RNE x)).
-
-Axiom to_f64_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range1 x -> t'isFinite1 (to_f64 x).
-
-Axiom to_f64_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x <
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R)%R ->
- is_minus_infinity1 (to_f64 x).
-
-Axiom to_f64_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- < x)%R ->
- is_plus_infinity1 (to_f64 x).
-
-(* Why3 assumption *)
-Definition round_float (m:mode) (r:Reals.Rdefinitions.R) : t :=
- to_f32 (round m r).
-
-(* Why3 assumption *)
-Definition round_double (m:mode) (r:Reals.Rdefinitions.R) : t1 :=
- to_f64 (round1 m r).
-
-Axiom is_zero_to_f32_zero : is_zero (to_f32 0%R).
-
-Axiom is_zero_to_f64_zero : is_zero1 (to_f64 0%R).
-
-Axiom real_0_is_zero_f32 : forall (f:t), (0%R = (t'real f)) -> is_zero f.
-
-Axiom real_0_is_zero_f64 : forall (f:t1), (0%R = (t'real1 f)) -> is_zero1 f.
-
-Axiom f32_to_f64 : forall (f:t), ((to_f64 (t'real f)) = (to_float64 RNE f)).
-
-Axiom f64_to_f32 :
- forall (f:t1), ((to_f32 (t'real1 f)) = (to_float32 RNE f)).
-
-(* Why3 assumption *)
-Definition finite (x:Reals.Rdefinitions.R) : Prop :=
- t'isFinite (to_f32 x) /\ t'isFinite1 (to_f64 x).
-
-Parameter eq_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom eq_f32b'def :
- forall (x:t) (y:t),
- (eq x y -> ((eq_f32b x y) = Init.Datatypes.true)) /\
- (~ eq x y -> ((eq_f32b x y) = Init.Datatypes.false)).
-
-Parameter eq_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom eq_f64b'def :
- forall (x:t1) (y:t1),
- (eq1 x y -> ((eq_f64b x y) = Init.Datatypes.true)) /\
- (~ eq1 x y -> ((eq_f64b x y) = Init.Datatypes.false)).
-
-(* Why3 assumption *)
-Definition ne_f32 (x:t) (y:t) : Prop := ~ eq x y.
-
-(* Why3 assumption *)
-Definition ne_f64 (x:t1) (y:t1) : Prop := ~ eq1 x y.
-
-Parameter ne_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom ne_f32b'def :
- forall (x:t) (y:t),
- (ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.true)) /\
- (~ ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.false)).
-
-Parameter ne_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom ne_f64b'def :
- forall (x:t1) (y:t1),
- (ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.true)) /\
- (~ ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.false)).
-
-Parameter le_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom le_f32b'def :
- forall (x:t) (y:t),
- (le x y -> ((le_f32b x y) = Init.Datatypes.true)) /\
- (~ le x y -> ((le_f32b x y) = Init.Datatypes.false)).
-
-Parameter le_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom le_f64b'def :
- forall (x:t1) (y:t1),
- (le1 x y -> ((le_f64b x y) = Init.Datatypes.true)) /\
- (~ le1 x y -> ((le_f64b x y) = Init.Datatypes.false)).
-
-Parameter lt_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom lt_f32b'def :
- forall (x:t) (y:t),
- (lt x y -> ((lt_f32b x y) = Init.Datatypes.true)) /\
- (~ lt x y -> ((lt_f32b x y) = Init.Datatypes.false)).
-
-Parameter lt_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom lt_f64b'def :
- forall (x:t1) (y:t1),
- (lt1 x y -> ((lt_f64b x y) = Init.Datatypes.true)) /\
- (~ lt1 x y -> ((lt_f64b x y) = Init.Datatypes.false)).
-
-Parameter model_f32: t -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f32 (f:t) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real f) - (model_f32 f))%R.
-
-(* Why3 assumption *)
-Definition error_f32 (f:t) : Reals.Rdefinitions.R :=
- ((delta_f32 f) / (Reals.Rbasic_fun.Rabs (model_f32 f)))%R.
-
-Parameter model_f64: t1 -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f64 (f:t1) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real1 f) - (model_f64 f))%R.
-
-(* Why3 assumption *)
-Definition error_f64 (f:t1) : Reals.Rdefinitions.R :=
- ((delta_f64 f) / (Reals.Rbasic_fun.Rabs (model_f64 f)))%R.
-
-(* Why3 assumption *)
-Definition is_bool (x:Numbers.BinNums.Z) : Prop := (x = 0%Z) \/ (x = 1%Z).
-
-(* Why3 assumption *)
-Definition is_uint8 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 256%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint8 (x:Numbers.BinNums.Z) : Prop :=
- ((-128%Z)%Z <= x)%Z /\ (x < 128%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint16 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 65536%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint16 (x:Numbers.BinNums.Z) : Prop :=
- ((-32768%Z)%Z <= x)%Z /\ (x < 32768%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint32 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 4294967296%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint32 (x:Numbers.BinNums.Z) : Prop :=
- ((-2147483648%Z)%Z <= x)%Z /\ (x < 2147483648%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint64 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 18446744073709551616%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint64 (x:Numbers.BinNums.Z) : Prop :=
- ((-9223372036854775808%Z)%Z <= x)%Z /\ (x < 9223372036854775808%Z)%Z.
-
-Axiom is_bool0 : is_bool 0%Z.
-
-Axiom is_bool1 : is_bool 1%Z.
-
-Parameter to_bool: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom to_bool'def :
- forall (x:Numbers.BinNums.Z),
- ((x = 0%Z) -> ((to_bool x) = 0%Z)) /\ (~ (x = 0%Z) -> ((to_bool x) = 1%Z)).
-
-Parameter to_uint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter two_power_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom two_power_abs_is_positive :
- forall (n:Numbers.BinNums.Z), (0%Z < (two_power_abs n))%Z.
-
-Axiom two_power_abs_plus_pos :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- (0%Z <= m)%Z ->
- ((two_power_abs (n + m)%Z) = ((two_power_abs n) * (two_power_abs m))%Z).
-
-Axiom two_power_abs_plus_one :
- forall (n:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- ((two_power_abs (n + 1%Z)%Z) = (2%Z * (two_power_abs n))%Z).
-
-(* Why3 assumption *)
-Definition is_uint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-(* Why3 assumption *)
-Definition is_sint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- ((-(two_power_abs n))%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-Parameter to_uint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom is_to_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n (to_uint n x).
-
-Axiom is_to_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_sint n (to_sint n x).
-
-Axiom is_to_uint8 : forall (x:Numbers.BinNums.Z), is_uint8 (to_uint8 x).
-
-Axiom is_to_sint8 : forall (x:Numbers.BinNums.Z), is_sint8 (to_sint8 x).
-
-Axiom is_to_uint16 : forall (x:Numbers.BinNums.Z), is_uint16 (to_uint16 x).
-
-Axiom is_to_sint16 : forall (x:Numbers.BinNums.Z), is_sint16 (to_sint16 x).
-
-Axiom is_to_uint32 : forall (x:Numbers.BinNums.Z), is_uint32 (to_uint32 x).
-
-Axiom is_to_sint32 : forall (x:Numbers.BinNums.Z), is_sint32 (to_sint32 x).
-
-Axiom is_to_uint64 : forall (x:Numbers.BinNums.Z), is_uint64 (to_uint64 x).
-
-Axiom is_to_sint64 : forall (x:Numbers.BinNums.Z), is_sint64 (to_sint64 x).
-
-Axiom id_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_uint n x <-> ((to_uint n x) = x).
-
-Axiom id_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_sint n x <-> ((to_sint n x) = x).
-
-Axiom id_uint8 :
- forall (x:Numbers.BinNums.Z), is_uint8 x -> ((to_uint8 x) = x).
-
-Axiom id_sint8 :
- forall (x:Numbers.BinNums.Z), is_sint8 x -> ((to_sint8 x) = x).
-
-Axiom id_uint16 :
- forall (x:Numbers.BinNums.Z), is_uint16 x -> ((to_uint16 x) = x).
-
-Axiom id_sint16 :
- forall (x:Numbers.BinNums.Z), is_sint16 x -> ((to_sint16 x) = x).
-
-Axiom id_uint32 :
- forall (x:Numbers.BinNums.Z), is_uint32 x -> ((to_uint32 x) = x).
-
-Axiom id_sint32 :
- forall (x:Numbers.BinNums.Z), is_sint32 x -> ((to_sint32 x) = x).
-
-Axiom id_uint64 :
- forall (x:Numbers.BinNums.Z), is_uint64 x -> ((to_uint64 x) = x).
-
-Axiom id_sint64 :
- forall (x:Numbers.BinNums.Z), is_sint64 x -> ((to_sint64 x) = x).
-
-Axiom proj_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_uint n (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_sint n x)) = (to_sint n x)).
-
-Axiom proj_uint8 :
- forall (x:Numbers.BinNums.Z), ((to_uint8 (to_uint8 x)) = (to_uint8 x)).
-
-Axiom proj_sint8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_sint8 x)) = (to_sint8 x)).
-
-Axiom proj_uint16 :
- forall (x:Numbers.BinNums.Z), ((to_uint16 (to_uint16 x)) = (to_uint16 x)).
-
-Axiom proj_sint16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_sint16 x)) = (to_sint16 x)).
-
-Axiom proj_uint32 :
- forall (x:Numbers.BinNums.Z), ((to_uint32 (to_uint32 x)) = (to_uint32 x)).
-
-Axiom proj_sint32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_sint32 x)) = (to_sint32 x)).
-
-Axiom proj_uint64 :
- forall (x:Numbers.BinNums.Z), ((to_uint64 (to_uint64 x)) = (to_uint64 x)).
-
-Axiom proj_sint64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_sint64 x)) = (to_sint64 x)).
-
-Axiom proj_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_uint n x)) = (to_uint n x)).
-
-Axiom incl_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n x ->
- is_sint n x.
-
-Axiom proj_su_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint (m + n)%Z (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_su_sint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint n (to_uint (m + (n + 1%Z)%Z)%Z x)) = (to_sint n x)).
-
-Axiom proj_int8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_uint8 x)) = (to_sint8 x)).
-
-Axiom proj_int16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_uint16 x)) = (to_sint16 x)).
-
-Axiom proj_int32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_uint32 x)) = (to_sint32 x)).
-
-Axiom proj_int64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_uint64 x)) = (to_sint64 x)).
-
-Axiom proj_us_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_uint (n + 1%Z)%Z (to_sint (m + n)%Z x)) = (to_uint (n + 1%Z)%Z x)).
-
-Axiom incl_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_uint (n + i)%Z x.
-
-Axiom incl_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_sint n x -> is_sint (n + i)%Z x.
-
-Axiom incl_int :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_sint (n + i)%Z x.
-
-Parameter fliteral: t1.
-
-Axiom fliteral_axiom :
- t'isFinite1 fliteral /\ ((t'real1 fliteral) = (1 * 2)%R).
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (i:Numbers.BinNums.Z) (f:t1),
- let r := t'real1 f in
- ~ (i = 0%Z) -> (r <= 10%R)%R -> ((-10%R)%R <= r)%R -> is_sint32 i ->
- t'isFinite1 (mul1 RNE f fliteral).
-(* Why3 intros i f r h1 h2 h3 h4. *)
-Proof.
-intros i f r h1 h2 h3 h4.
-
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_rte_is_nan_or_infinite.v.save b/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_rte_is_nan_or_infinite.v.save
deleted file mode 100644
index 49de7a734f986fa183b54c89b6c446aabb7986c6..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.0.session/interactive/job_assert_rte_is_nan_or_infinite.v.save
+++ /dev/null
@@ -1,1995 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require Reals.Rbasic_fun.
-Require Reals.R_sqrt.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.Abs.
-Require real.FromInt.
-Require real.Square.
-Require map.Map.
-Require bv.Pow2int.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-Axiom abs_def :
- forall (x:Numbers.BinNums.Z),
- ((0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = x)) /\
- (~ (0%Z <= x)%Z -> ((ZArith.BinInt.Z.abs x) = (-x)%Z)).
-
-Axiom sqrt_lin1 :
- forall (x:Reals.Rdefinitions.R), (1%R < x)%R ->
- ((Reals.R_sqrt.sqrt x) < x)%R.
-
-Axiom sqrt_lin0 :
- forall (x:Reals.Rdefinitions.R), (0%R < x)%R /\ (x < 1%R)%R ->
- (x < (Reals.R_sqrt.sqrt x))%R.
-
-Axiom sqrt_0 : ((Reals.R_sqrt.sqrt 0%R) = 0%R).
-
-Axiom sqrt_1 : ((Reals.R_sqrt.sqrt 1%R) = 1%R).
-
-(* Why3 assumption *)
-Inductive mode :=
- | RNE : mode
- | RNA : mode
- | RTP : mode
- | RTN : mode
- | RTZ : mode.
-Axiom mode_WhyType : WhyType mode.
-Existing Instance mode_WhyType.
-
-(* Why3 assumption *)
-Definition to_nearest (m:mode) : Prop := (m = RNE) \/ (m = RNA).
-
-Axiom t : Type.
-Parameter t_WhyType : WhyType t.
-Existing Instance t_WhyType.
-
-Parameter t'real: t -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite: t -> Prop.
-
-Axiom t'axiom :
- forall (x:t), t'isFinite x ->
- ((-340282346638528859811704183484516925440%R)%R <= (t'real x))%R /\
- ((t'real x) <= 340282346638528859811704183484516925440%R)%R.
-
-Parameter truncate: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Truncate_int :
- forall (i:Numbers.BinNums.Z), ((truncate (BuiltIn.IZR i)) = i).
-
-Axiom Truncate_down_pos :
- forall (x:Reals.Rdefinitions.R), (0%R <= x)%R ->
- ((BuiltIn.IZR (truncate x)) <= x)%R /\
- (x < (BuiltIn.IZR ((truncate x) + 1%Z)%Z))%R.
-
-Axiom Truncate_up_neg :
- forall (x:Reals.Rdefinitions.R), (x <= 0%R)%R ->
- ((BuiltIn.IZR ((truncate x) - 1%Z)%Z) < x)%R /\
- (x <= (BuiltIn.IZR (truncate x)))%R.
-
-Axiom Real_of_truncate :
- forall (x:Reals.Rdefinitions.R),
- ((x - 1%R)%R <= (BuiltIn.IZR (truncate x)))%R /\
- ((BuiltIn.IZR (truncate x)) <= (x + 1%R)%R)%R.
-
-Axiom Truncate_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((truncate x) <= (truncate y))%Z.
-
-Axiom Truncate_monotonic_int1 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- (x <= (BuiltIn.IZR i))%R -> ((truncate x) <= i)%Z.
-
-Axiom Truncate_monotonic_int2 :
- forall (x:Reals.Rdefinitions.R) (i:Numbers.BinNums.Z),
- ((BuiltIn.IZR i) <= x)%R -> (i <= (truncate x))%Z.
-
-Parameter floor: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Parameter ceil: Reals.Rdefinitions.R -> Numbers.BinNums.Z.
-
-Axiom Floor_int :
- forall (i:Numbers.BinNums.Z), ((floor (BuiltIn.IZR i)) = i).
-
-Axiom Ceil_int : forall (i:Numbers.BinNums.Z), ((ceil (BuiltIn.IZR i)) = i).
-
-Axiom Floor_down :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR (floor x)) <= x)%R /\
- (x < (BuiltIn.IZR ((floor x) + 1%Z)%Z))%R.
-
-Axiom Ceil_up :
- forall (x:Reals.Rdefinitions.R),
- ((BuiltIn.IZR ((ceil x) - 1%Z)%Z) < x)%R /\ (x <= (BuiltIn.IZR (ceil x)))%R.
-
-Axiom Floor_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((floor x) <= (floor y))%Z.
-
-Axiom Ceil_monotonic :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R), (x <= y)%R ->
- ((ceil x) <= (ceil y))%Z.
-
-Parameter zeroF: t.
-
-Parameter add: mode -> t -> t -> t.
-
-Parameter sub: mode -> t -> t -> t.
-
-Parameter mul: mode -> t -> t -> t.
-
-Parameter div: mode -> t -> t -> t.
-
-Parameter abs: t -> t.
-
-Parameter neg: t -> t.
-
-Parameter fma: mode -> t -> t -> t -> t.
-
-Parameter sqrt: mode -> t -> t.
-
-Parameter roundToIntegral: mode -> t -> t.
-
-Parameter min: t -> t -> t.
-
-Parameter max: t -> t -> t.
-
-Parameter le: t -> t -> Prop.
-
-Parameter lt: t -> t -> Prop.
-
-Parameter eq: t -> t -> Prop.
-
-Parameter is_normal: t -> Prop.
-
-Parameter is_subnormal: t -> Prop.
-
-Parameter is_zero: t -> Prop.
-
-Parameter is_infinite: t -> Prop.
-
-Parameter is_nan: t -> Prop.
-
-Parameter is_positive: t -> Prop.
-
-Parameter is_negative: t -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity (x:t) : Prop := is_infinite x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity (x:t) : Prop := is_infinite x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_plus_zero (x:t) : Prop := is_zero x /\ is_positive x.
-
-(* Why3 assumption *)
-Definition is_minus_zero (x:t) : Prop := is_zero x /\ is_negative x.
-
-(* Why3 assumption *)
-Definition is_not_nan (x:t) : Prop := t'isFinite x \/ is_infinite x.
-
-Axiom is_not_nan1 : forall (x:t), is_not_nan x <-> ~ is_nan x.
-
-Axiom is_not_finite :
- forall (x:t), ~ t'isFinite x <-> is_infinite x \/ is_nan x.
-
-Axiom zeroF_is_positive : is_positive zeroF.
-
-Axiom zeroF_is_zero : is_zero zeroF.
-
-Axiom zero_to_real :
- forall (x:t), is_zero x <-> t'isFinite x /\ ((t'real x) = 0%R).
-
-Parameter of_int: mode -> Numbers.BinNums.Z -> t.
-
-Parameter to_int: mode -> t -> Numbers.BinNums.Z.
-
-Axiom zero_of_int : forall (m:mode), (zeroF = (of_int m 0%Z)).
-
-Parameter round: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int: Numbers.BinNums.Z.
-
-Axiom max_real_int :
- ((33554430 * 10141204801825835211973625643008)%R = (BuiltIn.IZR max_int)).
-
-(* Why3 assumption *)
-Definition in_range (x:Reals.Rdefinitions.R) : Prop :=
- ((-(33554430 * 10141204801825835211973625643008)%R)%R <= x)%R /\
- (x <= (33554430 * 10141204801825835211973625643008)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int)%Z <= i)%Z /\ (i <= max_int)%Z.
-
-Axiom is_finite : forall (x:t), t'isFinite x -> in_range (t'real x).
-
-(* Why3 assumption *)
-Definition no_overflow (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range (round m x).
-
-Axiom Bounded_real_no_overflow :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range x -> no_overflow m x.
-
-Axiom Round_monotonic :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round m x) <= (round m y))%R.
-
-Axiom Round_idempotent :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round m1 (round m2 x)) = (round m2 x)).
-
-Axiom Round_to_real :
- forall (m:mode) (x:t), t'isFinite x -> ((round m (t'real x)) = (t'real x)).
-
-Axiom Round_down_le :
- forall (x:Reals.Rdefinitions.R), ((round RTN x) <= x)%R.
-
-Axiom Round_up_ge : forall (x:Reals.Rdefinitions.R), (x <= (round RTP x))%R.
-
-Axiom Round_down_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTN (-x)%R) = (-(round RTP x))%R).
-
-Axiom Round_up_neg :
- forall (x:Reals.Rdefinitions.R), ((round RTP (-x)%R) = (-(round RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range (i:Numbers.BinNums.Z) : Prop :=
- ((-16777216%Z)%Z <= i)%Z /\ (i <= 16777216%Z)%Z.
-
-Axiom Exact_rounding_for_integers :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((round m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_positive y \/ is_negative x /\ is_negative y.
-
-(* Why3 assumption *)
-Definition diff_sign (x:t) (y:t) : Prop :=
- is_positive x /\ is_negative y \/ is_negative x /\ is_positive y.
-
-Axiom feq_eq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero x ->
- eq x y -> (x = y).
-
-Axiom eq_feq :
- forall (x:t) (y:t), t'isFinite x -> t'isFinite y -> (x = y) -> eq x y.
-
-Axiom eq_refl : forall (x:t), t'isFinite x -> eq x x.
-
-Axiom eq_sym : forall (x:t) (y:t), eq x y -> eq y x.
-
-Axiom eq_trans : forall (x:t) (y:t) (z:t), eq x y -> eq y z -> eq x z.
-
-Axiom eq_zero : eq zeroF (neg zeroF).
-
-Axiom eq_to_real_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- eq x y <-> ((t'real x) = (t'real y)).
-
-Axiom eq_special :
- forall (x:t) (y:t), eq x y ->
- is_not_nan x /\
- is_not_nan y /\
- (t'isFinite x /\ t'isFinite y \/
- is_infinite x /\ is_infinite y /\ same_sign x y).
-
-Axiom lt_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- lt x y <-> ((t'real x) < (t'real y))%R.
-
-Axiom le_finite :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y ->
- le x y <-> ((t'real x) <= (t'real y))%R.
-
-Axiom le_lt_trans : forall (x:t) (y:t) (z:t), le x y /\ lt y z -> lt x z.
-
-Axiom lt_le_trans : forall (x:t) (y:t) (z:t), lt x y /\ le y z -> lt x z.
-
-Axiom le_ge_asym : forall (x:t) (y:t), le x y /\ le y x -> eq x y.
-
-Axiom not_lt_ge :
- forall (x:t) (y:t), ~ lt x y /\ is_not_nan x /\ is_not_nan y -> le y x.
-
-Axiom not_gt_le :
- forall (x:t) (y:t), ~ lt y x /\ is_not_nan x /\ is_not_nan y -> le x y.
-
-Axiom le_special :
- forall (x:t) (y:t), le x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y \/ is_not_nan x /\ is_plus_infinity y.
-
-Axiom lt_special :
- forall (x:t) (y:t), lt x y ->
- t'isFinite x /\ t'isFinite y \/
- is_minus_infinity x /\ is_not_nan y /\ ~ is_minus_infinity y \/
- is_not_nan x /\ ~ is_plus_infinity x /\ is_plus_infinity y.
-
-Axiom lt_lt_finite :
- forall (x:t) (y:t) (z:t), lt x y -> lt y z -> t'isFinite y.
-
-Axiom positive_to_real :
- forall (x:t), t'isFinite x -> is_positive x -> (0%R <= (t'real x))%R.
-
-Axiom to_real_positive :
- forall (x:t), t'isFinite x -> (0%R < (t'real x))%R -> is_positive x.
-
-Axiom negative_to_real :
- forall (x:t), t'isFinite x -> is_negative x -> ((t'real x) <= 0%R)%R.
-
-Axiom to_real_negative :
- forall (x:t), t'isFinite x -> ((t'real x) < 0%R)%R -> is_negative x.
-
-Axiom negative_xor_positive :
- forall (x:t), ~ (is_positive x /\ is_negative x).
-
-Axiom negative_or_positive :
- forall (x:t), is_not_nan x -> is_positive x \/ is_negative x.
-
-Axiom diff_sign_trans :
- forall (x:t) (y:t) (z:t), diff_sign x y /\ diff_sign y z -> same_sign x z.
-
-Axiom diff_sign_product :
- forall (x:t) (y:t),
- t'isFinite x /\ t'isFinite y /\ (((t'real x) * (t'real y))%R < 0%R)%R ->
- diff_sign x y.
-
-Axiom same_sign_product :
- forall (x:t) (y:t), t'isFinite x /\ t'isFinite y /\ same_sign x y ->
- (0%R <= ((t'real x) * (t'real y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign (z:t) (x:t) (y:t) : Prop :=
- (same_sign x y -> is_positive z) /\ (diff_sign x y -> is_negative z).
-
-(* Why3 assumption *)
-Definition overflow_value (m:mode) (x:t) : Prop :=
- match m with
- | RTN =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x -> is_infinite x)
- | RTP =>
- (is_positive x -> is_infinite x) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RTZ =>
- (is_positive x ->
- t'isFinite x /\
- ((t'real x) = (33554430 * 10141204801825835211973625643008)%R)) /\
- (~ is_positive x ->
- t'isFinite x /\
- ((t'real x) = (-(33554430 * 10141204801825835211973625643008)%R)%R))
- | RNA|RNE => is_infinite x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result (m:mode) (x:t) : Prop :=
- is_zero x -> match m with
- | RTN => is_negative x
- | _ => is_positive x
- end.
-
-Axiom add_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) + (t'real y))%R ->
- t'isFinite (add m x y) /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom add_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (add m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom add_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (add m x y) ->
- no_overflow m ((t'real x) + (t'real y))%R /\
- ((t'real (add m x y)) = (round m ((t'real x) + (t'real y))%R)).
-
-Axiom sub_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) - (t'real y))%R ->
- t'isFinite (sub m x y) /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom sub_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (sub m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom sub_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (sub m x y) ->
- no_overflow m ((t'real x) - (t'real y))%R /\
- ((t'real (sub m x y)) = (round m ((t'real x) - (t'real y))%R)).
-
-Axiom mul_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y ->
- no_overflow m ((t'real x) * (t'real y))%R ->
- t'isFinite (mul m x y) /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom mul_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (mul m x y) ->
- t'isFinite x /\ t'isFinite y.
-
-Axiom mul_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (mul m x y) ->
- no_overflow m ((t'real x) * (t'real y))%R /\
- ((t'real (mul m x y)) = (round m ((t'real x) * (t'real y))%R)).
-
-Axiom div_finite :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> ~ is_zero y ->
- no_overflow m ((t'real x) / (t'real y))%R ->
- t'isFinite (div m x y) /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom div_finite_rev :
- forall (m:mode) (x:t) (y:t), t'isFinite (div m x y) ->
- t'isFinite x /\ t'isFinite y /\ ~ is_zero y \/
- t'isFinite x /\ is_infinite y /\ ((t'real (div m x y)) = 0%R).
-
-Axiom div_finite_rev_n :
- forall (m:mode) (x:t) (y:t), to_nearest m -> t'isFinite (div m x y) ->
- t'isFinite y ->
- no_overflow m ((t'real x) / (t'real y))%R /\
- ((t'real (div m x y)) = (round m ((t'real x) / (t'real y))%R)).
-
-Axiom neg_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (neg x) /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom neg_finite_rev :
- forall (x:t), t'isFinite (neg x) ->
- t'isFinite x /\ ((t'real (neg x)) = (-(t'real x))%R).
-
-Axiom abs_finite :
- forall (x:t), t'isFinite x ->
- t'isFinite (abs x) /\
- ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))) /\
- is_positive (abs x).
-
-Axiom abs_finite_rev :
- forall (x:t), t'isFinite (abs x) ->
- t'isFinite x /\ ((t'real (abs x)) = (Reals.Rbasic_fun.Rabs (t'real x))).
-
-Axiom abs_universal : forall (x:t), ~ is_negative (abs x).
-
-Axiom fma_finite :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite x -> t'isFinite y ->
- t'isFinite z ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- t'isFinite (fma m x y z) /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom fma_finite_rev :
- forall (m:mode) (x:t) (y:t) (z:t), t'isFinite (fma m x y z) ->
- t'isFinite x /\ t'isFinite y /\ t'isFinite z.
-
-Axiom fma_finite_rev_n :
- forall (m:mode) (x:t) (y:t) (z:t), to_nearest m ->
- t'isFinite (fma m x y z) ->
- no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R /\
- ((t'real (fma m x y z)) =
- (round m (((t'real x) * (t'real y))%R + (t'real z))%R)).
-
-Axiom sqrt_finite :
- forall (m:mode) (x:t), t'isFinite x -> (0%R <= (t'real x))%R ->
- t'isFinite (sqrt m x) /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-Axiom sqrt_finite_rev :
- forall (m:mode) (x:t), t'isFinite (sqrt m x) ->
- t'isFinite x /\
- (0%R <= (t'real x))%R /\
- ((t'real (sqrt m x)) = (round m (Reals.R_sqrt.sqrt (t'real x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real (x:t) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive x /\ (0%R < r)%R \/ is_negative x /\ (r < 0%R)%R.
-
-Axiom add_special :
- forall (m:mode) (x:t) (y:t),
- let r := add m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ same_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) + (t'real y))%R ->
- same_sign_real r ((t'real x) + (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (same_sign x y -> same_sign r x) /\
- (~ same_sign x y -> sign_zero_result m r)).
-
-Axiom sub_special :
- forall (m:mode) (x:t) (y:t),
- let r := sub m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_infinite r /\ diff_sign r y) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r /\ same_sign r x) /\
- (is_infinite x /\ is_infinite y /\ same_sign x y -> is_nan r) /\
- (is_infinite x /\ is_infinite y /\ diff_sign x y ->
- is_infinite r /\ same_sign r x) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) - (t'real y))%R ->
- same_sign_real r ((t'real x) - (t'real y))%R /\ overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y ->
- (diff_sign x y -> same_sign r x) /\
- (~ diff_sign x y -> sign_zero_result m r)).
-
-Axiom mul_special :
- forall (m:mode) (x:t) (y:t),
- let r := mul m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y /\ ~ is_zero x -> is_infinite r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_infinite r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ no_overflow m ((t'real x) * (t'real y))%R ->
- overflow_value m r) /\
- (~ is_nan r -> product_sign r x y).
-
-Axiom div_special :
- forall (m:mode) (x:t) (y:t),
- let r := div m x y in
- (is_nan x \/ is_nan y -> is_nan r) /\
- (t'isFinite x /\ is_infinite y -> is_zero r) /\
- (is_infinite x /\ t'isFinite y -> is_infinite r) /\
- (is_infinite x /\ is_infinite y -> is_nan r) /\
- (t'isFinite x /\
- t'isFinite y /\ ~ is_zero y /\ ~ no_overflow m ((t'real x) / (t'real y))%R ->
- overflow_value m r) /\
- (t'isFinite x /\ is_zero y /\ ~ is_zero x -> is_infinite r) /\
- (is_zero x /\ is_zero y -> is_nan r) /\ (~ is_nan r -> product_sign r x y).
-
-Axiom neg_special :
- forall (x:t),
- (is_nan x -> is_nan (neg x)) /\
- (is_infinite x -> is_infinite (neg x)) /\
- (~ is_nan x -> diff_sign x (neg x)).
-
-Axiom abs_special :
- forall (x:t),
- (is_nan x -> is_nan (abs x)) /\
- (is_infinite x -> is_infinite (abs x)) /\
- (~ is_nan x -> is_positive (abs x)).
-
-Axiom fma_special :
- forall (m:mode) (x:t) (y:t) (z:t),
- let r := fma m x y z in
- (is_nan x \/ is_nan y \/ is_nan z -> is_nan r) /\
- (is_zero x /\ is_infinite y -> is_nan r) /\
- (is_infinite x /\ is_zero y -> is_nan r) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ ~ is_zero x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (is_infinite x /\ t'isFinite y /\ ~ is_zero y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (is_infinite x /\ is_infinite y /\ t'isFinite z ->
- is_infinite r /\ product_sign r x y) /\
- (t'isFinite x /\ t'isFinite y /\ is_infinite z ->
- is_infinite r /\ same_sign r z) /\
- (is_infinite x /\ is_infinite y /\ is_infinite z ->
- (product_sign z x y -> is_infinite r /\ same_sign r z) /\
- (~ product_sign z x y -> is_nan r)) /\
- (t'isFinite x /\
- t'isFinite y /\
- t'isFinite z /\
- ~ no_overflow m (((t'real x) * (t'real y))%R + (t'real z))%R ->
- same_sign_real r (((t'real x) * (t'real y))%R + (t'real z))%R /\
- overflow_value m r) /\
- (t'isFinite x /\ t'isFinite y /\ t'isFinite z ->
- (product_sign z x y -> same_sign r z) /\
- (~ product_sign z x y ->
- ((((t'real x) * (t'real y))%R + (t'real z))%R = 0%R) ->
- ((m = RTN) -> is_negative r) /\ (~ (m = RTN) -> is_positive r))).
-
-Axiom sqrt_special :
- forall (m:mode) (x:t),
- let r := sqrt m x in
- (is_nan x -> is_nan r) /\
- (is_plus_infinity x -> is_plus_infinity r) /\
- (is_minus_infinity x -> is_nan r) /\
- (t'isFinite x /\ ((t'real x) < 0%R)%R -> is_nan r) /\
- (is_zero x -> same_sign r x) /\
- (t'isFinite x /\ (0%R < (t'real x))%R -> is_positive r).
-
-Axiom of_int_add_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i + j)%Z ->
- eq (of_int m (i + j)%Z) (add n (of_int m i) (of_int m j)).
-
-Axiom of_int_sub_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i - j)%Z ->
- eq (of_int m (i - j)%Z) (sub n (of_int m i) (of_int m j)).
-
-Axiom of_int_mul_exact :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range i -> in_safe_int_range j ->
- in_safe_int_range (i * j)%Z ->
- eq (of_int m (i * j)%Z) (mul n (of_int m i) (of_int m j)).
-
-Axiom Min_r : forall (x:t) (y:t), le y x -> eq (min x y) y.
-
-Axiom Min_l : forall (x:t) (y:t), le x y -> eq (min x y) x.
-
-Axiom Max_r : forall (x:t) (y:t), le y x -> eq (max x y) x.
-
-Axiom Max_l : forall (x:t) (y:t), le x y -> eq (max x y) y.
-
-Parameter is_int: t -> Prop.
-
-Axiom zeroF_is_int : is_int zeroF.
-
-Axiom of_int_is_int :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range x ->
- is_int (of_int m x).
-
-Axiom big_float_is_int :
- forall (m:mode) (i:t), t'isFinite i ->
- le i (neg (of_int m 16777216%Z)) \/ le (of_int m 16777216%Z) i -> is_int i.
-
-Axiom roundToIntegral_is_int :
- forall (m:mode) (x:t), t'isFinite x -> is_int (roundToIntegral m x).
-
-Axiom eq_is_int : forall (x:t) (y:t), eq x y -> is_int x -> is_int y.
-
-Axiom add_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (add m x y) -> is_int (add m x y).
-
-Axiom sub_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (sub m x y) -> is_int (sub m x y).
-
-Axiom mul_int :
- forall (x:t) (y:t) (m:mode), is_int x -> is_int y ->
- t'isFinite (mul m x y) -> is_int (mul m x y).
-
-Axiom fma_int :
- forall (x:t) (y:t) (z:t) (m:mode), is_int x -> is_int y -> is_int z ->
- t'isFinite (fma m x y z) -> is_int (fma m x y z).
-
-Axiom neg_int : forall (x:t), is_int x -> is_int (neg x).
-
-Axiom abs_int : forall (x:t), is_int x -> is_int (abs x).
-
-Axiom is_int_of_int :
- forall (x:t) (m:mode) (m':mode), is_int x -> eq x (of_int m' (to_int m x)).
-
-Axiom is_int_to_int :
- forall (m:mode) (x:t), is_int x -> in_int_range (to_int m x).
-
-Axiom is_int_is_finite : forall (x:t), is_int x -> t'isFinite x.
-
-Axiom int_to_real :
- forall (m:mode) (x:t), is_int x ->
- ((t'real x) = (BuiltIn.IZR (to_int m x))).
-
-Axiom truncate_int :
- forall (m:mode) (i:t), is_int i -> eq (roundToIntegral m i) i.
-
-Axiom truncate_neg :
- forall (x:t), t'isFinite x -> is_negative x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTP x)).
-
-Axiom truncate_pos :
- forall (x:t), t'isFinite x -> is_positive x ->
- ((roundToIntegral RTZ x) = (roundToIntegral RTN x)).
-
-Axiom ceil_le : forall (x:t), t'isFinite x -> le x (roundToIntegral RTP x).
-
-Axiom ceil_lest :
- forall (x:t) (y:t), le x y /\ is_int y -> le (roundToIntegral RTP x) y.
-
-Axiom ceil_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTP x)) = (BuiltIn.IZR (ceil (t'real x)))).
-
-Axiom ceil_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTP x)) = (ceil (t'real x))).
-
-Axiom floor_le : forall (x:t), t'isFinite x -> le (roundToIntegral RTN x) x.
-
-Axiom floor_lest :
- forall (x:t) (y:t), le y x /\ is_int y -> le y (roundToIntegral RTN x).
-
-Axiom floor_to_real :
- forall (x:t), t'isFinite x ->
- ((t'real (roundToIntegral RTN x)) = (BuiltIn.IZR (floor (t'real x)))).
-
-Axiom floor_to_int :
- forall (m:mode) (x:t), t'isFinite x ->
- ((to_int m (roundToIntegral RTN x)) = (floor (t'real x))).
-
-Axiom RNA_down :
- forall (x:t),
- lt (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up :
- forall (x:t),
- lt (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom RNA_down_tie :
- forall (x:t),
- eq (sub RNE x (roundToIntegral RTN x)) (sub RNE (roundToIntegral RTP x) x) ->
- is_negative x -> ((roundToIntegral RNA x) = (roundToIntegral RTN x)).
-
-Axiom RNA_up_tie :
- forall (x:t),
- eq (sub RNE (roundToIntegral RTP x) x) (sub RNE x (roundToIntegral RTN x)) ->
- is_positive x -> ((roundToIntegral RNA x) = (roundToIntegral RTP x)).
-
-Axiom to_int_roundToIntegral :
- forall (m:mode) (x:t), ((to_int m x) = (to_int m (roundToIntegral m x))).
-
-Axiom to_int_monotonic :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> t'isFinite y -> le x y ->
- ((to_int m x) <= (to_int m y))%Z.
-
-Axiom to_int_of_int :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range i ->
- ((to_int m (of_int m i)) = i).
-
-Axiom eq_to_int :
- forall (m:mode) (x:t) (y:t), t'isFinite x -> eq x y ->
- ((to_int m x) = (to_int m y)).
-
-Axiom neg_to_int :
- forall (m:mode) (x:t), is_int x -> ((to_int m (neg x)) = (-(to_int m x))%Z).
-
-Axiom roundToIntegral_is_finite :
- forall (m:mode) (x:t), t'isFinite x -> t'isFinite (roundToIntegral m x).
-
-Axiom round_bound_ne :
- forall (x:Reals.Rdefinitions.R), no_overflow RNE x ->
- (((x - ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 1427247692705959881058285969449495136382746624)%R)%R
- <= (round RNE x))%R /\
- ((round RNE x) <=
- ((x + ((1 / 16777216)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 1427247692705959881058285969449495136382746624)%R)%R)%R.
-
-Axiom round_bound :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow m x ->
- (((x - ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 713623846352979940529142984724747568191373312)%R)%R
- <= (round m x))%R /\
- ((round m x) <=
- ((x + ((1 / 8388608)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 713623846352979940529142984724747568191373312)%R)%R)%R.
-
-Axiom t1 : Type.
-Parameter t1_WhyType : WhyType t1.
-Existing Instance t1_WhyType.
-
-Parameter t'real1: t1 -> Reals.Rdefinitions.R.
-
-Parameter t'isFinite1: t1 -> Prop.
-
-Axiom t'axiom1 :
- forall (x:t1), t'isFinite1 x ->
- ((-179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R
- <= (t'real1 x))%R /\
- ((t'real1 x) <=
- 179769313486231570814527423731704356798070567525844996598917476803157260780028538760589558632766878171540458953514382464234321326889464182768467546703537516986049910576551282076245490090389328944075868508455133942304583236903222948165808559332123348274797826204144723168738177180919299881250404026184124858368%R)%R.
-
-Parameter zeroF1: t1.
-
-Parameter add1: mode -> t1 -> t1 -> t1.
-
-Parameter sub1: mode -> t1 -> t1 -> t1.
-
-Parameter mul1: mode -> t1 -> t1 -> t1.
-
-Parameter div1: mode -> t1 -> t1 -> t1.
-
-Parameter abs1: t1 -> t1.
-
-Parameter neg1: t1 -> t1.
-
-Parameter fma1: mode -> t1 -> t1 -> t1 -> t1.
-
-Parameter sqrt1: mode -> t1 -> t1.
-
-Parameter roundToIntegral1: mode -> t1 -> t1.
-
-Parameter min1: t1 -> t1 -> t1.
-
-Parameter max1: t1 -> t1 -> t1.
-
-Parameter le1: t1 -> t1 -> Prop.
-
-Parameter lt1: t1 -> t1 -> Prop.
-
-Parameter eq1: t1 -> t1 -> Prop.
-
-Parameter is_normal1: t1 -> Prop.
-
-Parameter is_subnormal1: t1 -> Prop.
-
-Parameter is_zero1: t1 -> Prop.
-
-Parameter is_infinite1: t1 -> Prop.
-
-Parameter is_nan1: t1 -> Prop.
-
-Parameter is_positive1: t1 -> Prop.
-
-Parameter is_negative1: t1 -> Prop.
-
-(* Why3 assumption *)
-Definition is_plus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_infinity1 (x:t1) : Prop :=
- is_infinite1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_plus_zero1 (x:t1) : Prop := is_zero1 x /\ is_positive1 x.
-
-(* Why3 assumption *)
-Definition is_minus_zero1 (x:t1) : Prop := is_zero1 x /\ is_negative1 x.
-
-(* Why3 assumption *)
-Definition is_not_nan2 (x:t1) : Prop := t'isFinite1 x \/ is_infinite1 x.
-
-Axiom is_not_nan3 : forall (x:t1), is_not_nan2 x <-> ~ is_nan1 x.
-
-Axiom is_not_finite1 :
- forall (x:t1), ~ t'isFinite1 x <-> is_infinite1 x \/ is_nan1 x.
-
-Axiom zeroF_is_positive1 : is_positive1 zeroF1.
-
-Axiom zeroF_is_zero1 : is_zero1 zeroF1.
-
-Axiom zero_to_real1 :
- forall (x:t1), is_zero1 x <-> t'isFinite1 x /\ ((t'real1 x) = 0%R).
-
-Parameter of_int1: mode -> Numbers.BinNums.Z -> t1.
-
-Parameter to_int1: mode -> t1 -> Numbers.BinNums.Z.
-
-Axiom zero_of_int1 : forall (m:mode), (zeroF1 = (of_int1 m 0%Z)).
-
-Parameter round1: mode -> Reals.Rdefinitions.R -> Reals.Rdefinitions.R.
-
-Parameter max_int1: Numbers.BinNums.Z.
-
-Axiom max_real_int1 :
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- = (BuiltIn.IZR max_int1)).
-
-(* Why3 assumption *)
-Definition in_range1 (x:Reals.Rdefinitions.R) : Prop :=
- ((-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R
- <= x)%R /\
- (x <=
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R.
-
-(* Why3 assumption *)
-Definition in_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-max_int1)%Z <= i)%Z /\ (i <= max_int1)%Z.
-
-Axiom is_finite1 : forall (x:t1), t'isFinite1 x -> in_range1 (t'real1 x).
-
-(* Why3 assumption *)
-Definition no_overflow1 (m:mode) (x:Reals.Rdefinitions.R) : Prop :=
- in_range1 (round1 m x).
-
-Axiom Bounded_real_no_overflow1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), in_range1 x -> no_overflow1 m x.
-
-Axiom Round_monotonic1 :
- forall (m:mode) (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- (x <= y)%R -> ((round1 m x) <= (round1 m y))%R.
-
-Axiom Round_idempotent1 :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round1 m2 x)) = (round1 m2 x)).
-
-Axiom Round_to_real1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((round1 m (t'real1 x)) = (t'real1 x)).
-
-Axiom Round_down_le1 :
- forall (x:Reals.Rdefinitions.R), ((round1 RTN x) <= x)%R.
-
-Axiom Round_up_ge1 :
- forall (x:Reals.Rdefinitions.R), (x <= (round1 RTP x))%R.
-
-Axiom Round_down_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTN (-x)%R) = (-(round1 RTP x))%R).
-
-Axiom Round_up_neg1 :
- forall (x:Reals.Rdefinitions.R),
- ((round1 RTP (-x)%R) = (-(round1 RTN x))%R).
-
-(* Why3 assumption *)
-Definition in_safe_int_range1 (i:Numbers.BinNums.Z) : Prop :=
- ((-9007199254740992%Z)%Z <= i)%Z /\ (i <= 9007199254740992%Z)%Z.
-
-Axiom Exact_rounding_for_integers1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((round1 m (BuiltIn.IZR i)) = (BuiltIn.IZR i)).
-
-(* Why3 assumption *)
-Definition same_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_positive1 y \/ is_negative1 x /\ is_negative1 y.
-
-(* Why3 assumption *)
-Definition diff_sign1 (x:t1) (y:t1) : Prop :=
- is_positive1 x /\ is_negative1 y \/ is_negative1 x /\ is_positive1 y.
-
-Axiom feq_eq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> ~ is_zero1 x ->
- eq1 x y -> (x = y).
-
-Axiom eq_feq1 :
- forall (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> (x = y) -> eq1 x y.
-
-Axiom eq_refl1 : forall (x:t1), t'isFinite1 x -> eq1 x x.
-
-Axiom eq_sym1 : forall (x:t1) (y:t1), eq1 x y -> eq1 y x.
-
-Axiom eq_trans1 : forall (x:t1) (y:t1) (z:t1), eq1 x y -> eq1 y z -> eq1 x z.
-
-Axiom eq_zero1 : eq1 zeroF1 (neg1 zeroF1).
-
-Axiom eq_to_real_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- eq1 x y <-> ((t'real1 x) = (t'real1 y)).
-
-Axiom eq_special1 :
- forall (x:t1) (y:t1), eq1 x y ->
- is_not_nan2 x /\
- is_not_nan2 y /\
- (t'isFinite1 x /\ t'isFinite1 y \/
- is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y).
-
-Axiom lt_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- lt1 x y <-> ((t'real1 x) < (t'real1 y))%R.
-
-Axiom le_finite1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y ->
- le1 x y <-> ((t'real1 x) <= (t'real1 y))%R.
-
-Axiom le_lt_trans1 :
- forall (x:t1) (y:t1) (z:t1), le1 x y /\ lt1 y z -> lt1 x z.
-
-Axiom lt_le_trans1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y /\ le1 y z -> lt1 x z.
-
-Axiom le_ge_asym1 : forall (x:t1) (y:t1), le1 x y /\ le1 y x -> eq1 x y.
-
-Axiom not_lt_ge1 :
- forall (x:t1) (y:t1), ~ lt1 x y /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 y x.
-
-Axiom not_gt_le1 :
- forall (x:t1) (y:t1), ~ lt1 y x /\ is_not_nan2 x /\ is_not_nan2 y ->
- le1 x y.
-
-Axiom le_special1 :
- forall (x:t1) (y:t1), le1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y \/
- is_not_nan2 x /\ is_plus_infinity1 y.
-
-Axiom lt_special1 :
- forall (x:t1) (y:t1), lt1 x y ->
- t'isFinite1 x /\ t'isFinite1 y \/
- is_minus_infinity1 x /\ is_not_nan2 y /\ ~ is_minus_infinity1 y \/
- is_not_nan2 x /\ ~ is_plus_infinity1 x /\ is_plus_infinity1 y.
-
-Axiom lt_lt_finite1 :
- forall (x:t1) (y:t1) (z:t1), lt1 x y -> lt1 y z -> t'isFinite1 y.
-
-Axiom positive_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x -> (0%R <= (t'real1 x))%R.
-
-Axiom to_real_positive1 :
- forall (x:t1), t'isFinite1 x -> (0%R < (t'real1 x))%R -> is_positive1 x.
-
-Axiom negative_to_real1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x -> ((t'real1 x) <= 0%R)%R.
-
-Axiom to_real_negative1 :
- forall (x:t1), t'isFinite1 x -> ((t'real1 x) < 0%R)%R -> is_negative1 x.
-
-Axiom negative_xor_positive1 :
- forall (x:t1), ~ (is_positive1 x /\ is_negative1 x).
-
-Axiom negative_or_positive1 :
- forall (x:t1), is_not_nan2 x -> is_positive1 x \/ is_negative1 x.
-
-Axiom diff_sign_trans1 :
- forall (x:t1) (y:t1) (z:t1), diff_sign1 x y /\ diff_sign1 y z ->
- same_sign1 x z.
-
-Axiom diff_sign_product1 :
- forall (x:t1) (y:t1),
- t'isFinite1 x /\ t'isFinite1 y /\ (((t'real1 x) * (t'real1 y))%R < 0%R)%R ->
- diff_sign1 x y.
-
-Axiom same_sign_product1 :
- forall (x:t1) (y:t1), t'isFinite1 x /\ t'isFinite1 y /\ same_sign1 x y ->
- (0%R <= ((t'real1 x) * (t'real1 y))%R)%R.
-
-(* Why3 assumption *)
-Definition product_sign1 (z:t1) (x:t1) (y:t1) : Prop :=
- (same_sign1 x y -> is_positive1 z) /\ (diff_sign1 x y -> is_negative1 z).
-
-(* Why3 assumption *)
-Definition overflow_value1 (m:mode) (x:t1) : Prop :=
- match m with
- | RTN =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x -> is_infinite1 x)
- | RTP =>
- (is_positive1 x -> is_infinite1 x) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RTZ =>
- (is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)) /\
- (~ is_positive1 x ->
- t'isFinite1 x /\
- ((t'real1 x) =
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R))
- | RNA|RNE => is_infinite1 x
- end.
-
-(* Why3 assumption *)
-Definition sign_zero_result1 (m:mode) (x:t1) : Prop :=
- is_zero1 x -> match m with
- | RTN => is_negative1 x
- | _ => is_positive1 x
- end.
-
-Axiom add_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- t'isFinite1 (add1 m x y) /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom add_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (add1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom add_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (add1 m x y) ->
- no_overflow1 m ((t'real1 x) + (t'real1 y))%R /\
- ((t'real1 (add1 m x y)) = (round1 m ((t'real1 x) + (t'real1 y))%R)).
-
-Axiom sub_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- t'isFinite1 (sub1 m x y) /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom sub_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (sub1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom sub_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (sub1 m x y) ->
- no_overflow1 m ((t'real1 x) - (t'real1 y))%R /\
- ((t'real1 (sub1 m x y)) = (round1 m ((t'real1 x) - (t'real1 y))%R)).
-
-Axiom mul_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- t'isFinite1 (mul1 m x y) /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom mul_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (mul1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y.
-
-Axiom mul_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (mul1 m x y) ->
- no_overflow1 m ((t'real1 x) * (t'real1 y))%R /\
- ((t'real1 (mul1 m x y)) = (round1 m ((t'real1 x) * (t'real1 y))%R)).
-
-Axiom div_finite1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y ->
- ~ is_zero1 y -> no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- t'isFinite1 (div1 m x y) /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom div_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 (div1 m x y) ->
- t'isFinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y \/
- t'isFinite1 x /\ is_infinite1 y /\ ((t'real1 (div1 m x y)) = 0%R).
-
-Axiom div_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1), to_nearest m -> t'isFinite1 (div1 m x y) ->
- t'isFinite1 y ->
- no_overflow1 m ((t'real1 x) / (t'real1 y))%R /\
- ((t'real1 (div1 m x y)) = (round1 m ((t'real1 x) / (t'real1 y))%R)).
-
-Axiom neg_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (neg1 x) /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom neg_finite_rev1 :
- forall (x:t1), t'isFinite1 (neg1 x) ->
- t'isFinite1 x /\ ((t'real1 (neg1 x)) = (-(t'real1 x))%R).
-
-Axiom abs_finite1 :
- forall (x:t1), t'isFinite1 x ->
- t'isFinite1 (abs1 x) /\
- ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))) /\
- is_positive1 (abs1 x).
-
-Axiom abs_finite_rev1 :
- forall (x:t1), t'isFinite1 (abs1 x) ->
- t'isFinite1 x /\ ((t'real1 (abs1 x)) = (Reals.Rbasic_fun.Rabs (t'real1 x))).
-
-Axiom abs_universal1 : forall (x:t1), ~ is_negative1 (abs1 x).
-
-Axiom fma_finite1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 x -> t'isFinite1 y ->
- t'isFinite1 z ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- t'isFinite1 (fma1 m x y z) /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom fma_finite_rev1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), t'isFinite1 (fma1 m x y z) ->
- t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z.
-
-Axiom fma_finite_rev_n1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1), to_nearest m ->
- t'isFinite1 (fma1 m x y z) ->
- no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- ((t'real1 (fma1 m x y z)) =
- (round1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R)).
-
-Axiom sqrt_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> (0%R <= (t'real1 x))%R ->
- t'isFinite1 (sqrt1 m x) /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-Axiom sqrt_finite_rev1 :
- forall (m:mode) (x:t1), t'isFinite1 (sqrt1 m x) ->
- t'isFinite1 x /\
- (0%R <= (t'real1 x))%R /\
- ((t'real1 (sqrt1 m x)) = (round1 m (Reals.R_sqrt.sqrt (t'real1 x)))).
-
-(* Why3 assumption *)
-Definition same_sign_real1 (x:t1) (r:Reals.Rdefinitions.R) : Prop :=
- is_positive1 x /\ (0%R < r)%R \/ is_negative1 x /\ (r < 0%R)%R.
-
-Axiom add_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := add1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ same_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) + (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) + (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (same_sign1 x y -> same_sign1 r x) /\
- (~ same_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom sub_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := sub1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_infinite1 r /\ diff_sign1 r y) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r /\ same_sign1 r x) /\
- (is_infinite1 x /\ is_infinite1 y /\ same_sign1 x y -> is_nan1 r) /\
- (is_infinite1 x /\ is_infinite1 y /\ diff_sign1 x y ->
- is_infinite1 r /\ same_sign1 r x) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) - (t'real1 y))%R ->
- same_sign_real1 r ((t'real1 x) - (t'real1 y))%R /\ overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y ->
- (diff_sign1 x y -> same_sign1 r x) /\
- (~ diff_sign1 x y -> sign_zero_result1 m r)).
-
-Axiom mul_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := mul1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_infinite1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\ ~ no_overflow1 m ((t'real1 x) * (t'real1 y))%R ->
- overflow_value1 m r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom div_special1 :
- forall (m:mode) (x:t1) (y:t1),
- let r := div1 m x y in
- (is_nan1 x \/ is_nan1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ is_infinite1 y -> is_zero1 r) /\
- (is_infinite1 x /\ t'isFinite1 y -> is_infinite1 r) /\
- (is_infinite1 x /\ is_infinite1 y -> is_nan1 r) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- ~ is_zero1 y /\ ~ no_overflow1 m ((t'real1 x) / (t'real1 y))%R ->
- overflow_value1 m r) /\
- (t'isFinite1 x /\ is_zero1 y /\ ~ is_zero1 x -> is_infinite1 r) /\
- (is_zero1 x /\ is_zero1 y -> is_nan1 r) /\
- (~ is_nan1 r -> product_sign1 r x y).
-
-Axiom neg_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (neg1 x)) /\
- (is_infinite1 x -> is_infinite1 (neg1 x)) /\
- (~ is_nan1 x -> diff_sign1 x (neg1 x)).
-
-Axiom abs_special1 :
- forall (x:t1),
- (is_nan1 x -> is_nan1 (abs1 x)) /\
- (is_infinite1 x -> is_infinite1 (abs1 x)) /\
- (~ is_nan1 x -> is_positive1 (abs1 x)).
-
-Axiom fma_special1 :
- forall (m:mode) (x:t1) (y:t1) (z:t1),
- let r := fma1 m x y z in
- (is_nan1 x \/ is_nan1 y \/ is_nan1 z -> is_nan1 r) /\
- (is_zero1 x /\ is_infinite1 y -> is_nan1 r) /\
- (is_infinite1 x /\ is_zero1 y -> is_nan1 r) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ ~ is_zero1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (is_infinite1 x /\ t'isFinite1 y /\ ~ is_zero1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (is_infinite1 x /\ is_infinite1 y /\ t'isFinite1 z ->
- is_infinite1 r /\ product_sign1 r x y) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ is_infinite1 z ->
- is_infinite1 r /\ same_sign1 r z) /\
- (is_infinite1 x /\ is_infinite1 y /\ is_infinite1 z ->
- (product_sign1 z x y -> is_infinite1 r /\ same_sign1 r z) /\
- (~ product_sign1 z x y -> is_nan1 r)) /\
- (t'isFinite1 x /\
- t'isFinite1 y /\
- t'isFinite1 z /\
- ~ no_overflow1 m (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R ->
- same_sign_real1 r (((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R /\
- overflow_value1 m r) /\
- (t'isFinite1 x /\ t'isFinite1 y /\ t'isFinite1 z ->
- (product_sign1 z x y -> same_sign1 r z) /\
- (~ product_sign1 z x y ->
- ((((t'real1 x) * (t'real1 y))%R + (t'real1 z))%R = 0%R) ->
- ((m = RTN) -> is_negative1 r) /\ (~ (m = RTN) -> is_positive1 r))).
-
-Axiom sqrt_special1 :
- forall (m:mode) (x:t1),
- let r := sqrt1 m x in
- (is_nan1 x -> is_nan1 r) /\
- (is_plus_infinity1 x -> is_plus_infinity1 r) /\
- (is_minus_infinity1 x -> is_nan1 r) /\
- (t'isFinite1 x /\ ((t'real1 x) < 0%R)%R -> is_nan1 r) /\
- (is_zero1 x -> same_sign1 r x) /\
- (t'isFinite1 x /\ (0%R < (t'real1 x))%R -> is_positive1 r).
-
-Axiom of_int_add_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i + j)%Z ->
- eq1 (of_int1 m (i + j)%Z) (add1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_sub_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i - j)%Z ->
- eq1 (of_int1 m (i - j)%Z) (sub1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom of_int_mul_exact1 :
- forall (m:mode) (n:mode) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z),
- in_safe_int_range1 i -> in_safe_int_range1 j ->
- in_safe_int_range1 (i * j)%Z ->
- eq1 (of_int1 m (i * j)%Z) (mul1 n (of_int1 m i) (of_int1 m j)).
-
-Axiom Min_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (min1 x y) y.
-
-Axiom Min_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (min1 x y) x.
-
-Axiom Max_r1 : forall (x:t1) (y:t1), le1 y x -> eq1 (max1 x y) x.
-
-Axiom Max_l1 : forall (x:t1) (y:t1), le1 x y -> eq1 (max1 x y) y.
-
-Parameter is_int1: t1 -> Prop.
-
-Axiom zeroF_is_int1 : is_int1 zeroF1.
-
-Axiom of_int_is_int1 :
- forall (m:mode) (x:Numbers.BinNums.Z), in_int_range1 x ->
- is_int1 (of_int1 m x).
-
-Axiom big_float_is_int1 :
- forall (m:mode) (i:t1), t'isFinite1 i ->
- le1 i (neg1 (of_int1 m 9007199254740992%Z)) \/
- le1 (of_int1 m 9007199254740992%Z) i -> is_int1 i.
-
-Axiom roundToIntegral_is_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> is_int1 (roundToIntegral1 m x).
-
-Axiom eq_is_int1 : forall (x:t1) (y:t1), eq1 x y -> is_int1 x -> is_int1 y.
-
-Axiom add_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (add1 m x y) -> is_int1 (add1 m x y).
-
-Axiom sub_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (sub1 m x y) -> is_int1 (sub1 m x y).
-
-Axiom mul_int1 :
- forall (x:t1) (y:t1) (m:mode), is_int1 x -> is_int1 y ->
- t'isFinite1 (mul1 m x y) -> is_int1 (mul1 m x y).
-
-Axiom fma_int1 :
- forall (x:t1) (y:t1) (z:t1) (m:mode), is_int1 x -> is_int1 y ->
- is_int1 z -> t'isFinite1 (fma1 m x y z) -> is_int1 (fma1 m x y z).
-
-Axiom neg_int1 : forall (x:t1), is_int1 x -> is_int1 (neg1 x).
-
-Axiom abs_int1 : forall (x:t1), is_int1 x -> is_int1 (abs1 x).
-
-Axiom is_int_of_int1 :
- forall (x:t1) (m:mode) (m':mode), is_int1 x ->
- eq1 x (of_int1 m' (to_int1 m x)).
-
-Axiom is_int_to_int1 :
- forall (m:mode) (x:t1), is_int1 x -> in_int_range1 (to_int1 m x).
-
-Axiom is_int_is_finite1 : forall (x:t1), is_int1 x -> t'isFinite1 x.
-
-Axiom int_to_real1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((t'real1 x) = (BuiltIn.IZR (to_int1 m x))).
-
-Axiom truncate_int1 :
- forall (m:mode) (i:t1), is_int1 i -> eq1 (roundToIntegral1 m i) i.
-
-Axiom truncate_neg1 :
- forall (x:t1), t'isFinite1 x -> is_negative1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTP x)).
-
-Axiom truncate_pos1 :
- forall (x:t1), t'isFinite1 x -> is_positive1 x ->
- ((roundToIntegral1 RTZ x) = (roundToIntegral1 RTN x)).
-
-Axiom ceil_le1 :
- forall (x:t1), t'isFinite1 x -> le1 x (roundToIntegral1 RTP x).
-
-Axiom ceil_lest1 :
- forall (x:t1) (y:t1), le1 x y /\ is_int1 y ->
- le1 (roundToIntegral1 RTP x) y.
-
-Axiom ceil_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTP x)) = (BuiltIn.IZR (ceil (t'real1 x)))).
-
-Axiom ceil_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTP x)) = (ceil (t'real1 x))).
-
-Axiom floor_le1 :
- forall (x:t1), t'isFinite1 x -> le1 (roundToIntegral1 RTN x) x.
-
-Axiom floor_lest1 :
- forall (x:t1) (y:t1), le1 y x /\ is_int1 y ->
- le1 y (roundToIntegral1 RTN x).
-
-Axiom floor_to_real1 :
- forall (x:t1), t'isFinite1 x ->
- ((t'real1 (roundToIntegral1 RTN x)) = (BuiltIn.IZR (floor (t'real1 x)))).
-
-Axiom floor_to_int1 :
- forall (m:mode) (x:t1), t'isFinite1 x ->
- ((to_int1 m (roundToIntegral1 RTN x)) = (floor (t'real1 x))).
-
-Axiom RNA_down1 :
- forall (x:t1),
- lt1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up1 :
- forall (x:t1),
- lt1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom RNA_down_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE x (roundToIntegral1 RTN x))
- (sub1 RNE (roundToIntegral1 RTP x) x) -> is_negative1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTN x)).
-
-Axiom RNA_up_tie1 :
- forall (x:t1),
- eq1 (sub1 RNE (roundToIntegral1 RTP x) x)
- (sub1 RNE x (roundToIntegral1 RTN x)) -> is_positive1 x ->
- ((roundToIntegral1 RNA x) = (roundToIntegral1 RTP x)).
-
-Axiom to_int_roundToIntegral1 :
- forall (m:mode) (x:t1),
- ((to_int1 m x) = (to_int1 m (roundToIntegral1 m x))).
-
-Axiom to_int_monotonic1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> t'isFinite1 y -> le1 x y ->
- ((to_int1 m x) <= (to_int1 m y))%Z.
-
-Axiom to_int_of_int1 :
- forall (m:mode) (i:Numbers.BinNums.Z), in_safe_int_range1 i ->
- ((to_int1 m (of_int1 m i)) = i).
-
-Axiom eq_to_int1 :
- forall (m:mode) (x:t1) (y:t1), t'isFinite1 x -> eq1 x y ->
- ((to_int1 m x) = (to_int1 m y)).
-
-Axiom neg_to_int1 :
- forall (m:mode) (x:t1), is_int1 x ->
- ((to_int1 m (neg1 x)) = (-(to_int1 m x))%Z).
-
-Axiom roundToIntegral_is_finite1 :
- forall (m:mode) (x:t1), t'isFinite1 x -> t'isFinite1 (roundToIntegral1 m x).
-
-Axiom round_bound_ne1 :
- forall (x:Reals.Rdefinitions.R), no_overflow1 RNE x ->
- (((x - ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R
- <= (round1 RNE x))%R /\
- ((round1 RNE x) <=
- ((x + ((1 / 9007199254740992)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 404804506614621236704990693437834614099113299528284236713802716054860679135990693783920767402874248990374155728633623822779617474771586953734026799881477019843034848553132722728933815484186432682479535356945490137124014966849385397236206711298319112681620113024717539104666829230461005064372655017292012526615415482186989568)%R)%R)%R.
-
-Axiom round_bound1 :
- forall (m:mode) (x:Reals.Rdefinitions.R), no_overflow1 m x ->
- (((x - ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R -
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R
- <= (round1 m x))%R /\
- ((round1 m x) <=
- ((x + ((1 / 4503599627370496)%R * (Reals.Rbasic_fun.Rabs x))%R)%R +
- (1 / 202402253307310618352495346718917307049556649764142118356901358027430339567995346891960383701437124495187077864316811911389808737385793476867013399940738509921517424276566361364466907742093216341239767678472745068562007483424692698618103355649159556340810056512358769552333414615230502532186327508646006263307707741093494784)%R)%R)%R.
-
-Parameter to_float64: mode -> t -> t1.
-
-Parameter to_float32: mode -> t1 -> t.
-
-Axiom round_double_single :
- forall (m1:mode) (m2:mode) (x:Reals.Rdefinitions.R),
- ((round1 m1 (round m2 x)) = (round m2 x)).
-
-Axiom to_float64_exact :
- forall (m:mode) (x:t), t'isFinite x ->
- t'isFinite1 (to_float64 m x) /\ ((t'real1 (to_float64 m x)) = (t'real x)).
-
-Axiom to_float32_conv :
- forall (m:mode) (x:t1), t'isFinite1 x -> no_overflow m (t'real1 x) ->
- t'isFinite (to_float32 m x) /\
- ((t'real (to_float32 m x)) = (round m (t'real1 x))).
-
-(* Why3 assumption *)
-Definition f32 := t.
-
-(* Why3 assumption *)
-Definition f64 := t1.
-
-Parameter to_f32: Reals.Rdefinitions.R -> t.
-
-Parameter to_f64: Reals.Rdefinitions.R -> t1.
-
-Axiom to_float_is_finite_32 :
- forall (f:t), t'isFinite f -> eq (to_f32 (t'real f)) f.
-
-Axiom to_f32_range_round :
- forall (x:Reals.Rdefinitions.R), in_range x ->
- ((t'real (to_f32 x)) = (round RNE x)).
-
-Axiom to_f32_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range x -> t'isFinite (to_f32 x).
-
-Axiom to_f32_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x < (-(33554430 * 10141204801825835211973625643008)%R)%R)%R ->
- is_minus_infinity (to_f32 x).
-
-Axiom to_f32_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((33554430 * 10141204801825835211973625643008)%R < x)%R ->
- is_plus_infinity (to_f32 x).
-
-Axiom to_float_is_finite_64 :
- forall (f:t1), t'isFinite1 f -> eq1 (to_f64 (t'real1 f)) f.
-
-Axiom to_f64_range_round :
- forall (x:Reals.Rdefinitions.R), in_range1 x ->
- ((t'real1 (to_f64 x)) = (round1 RNE x)).
-
-Axiom to_f64_range_finite :
- forall (x:Reals.Rdefinitions.R), in_range1 x -> t'isFinite1 (to_f64 x).
-
-Axiom to_f64_minus_infinity :
- forall (x:Reals.Rdefinitions.R),
- (x <
- (-(9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R)%R)%R ->
- is_minus_infinity1 (to_f64 x).
-
-Axiom to_f64_plus_infinity :
- forall (x:Reals.Rdefinitions.R),
- ((9007199254740991 * 19958403095347198116563727130368385660674512604354575415025472424372118918689640657849579654926357010893424468441924952439724379883935936607391717982848314203200056729510856765175377214443629871826533567445439239933308104551208703888888552684480441575071209068757560416423584952303440099278848)%R
- < x)%R ->
- is_plus_infinity1 (to_f64 x).
-
-(* Why3 assumption *)
-Definition round_float (m:mode) (r:Reals.Rdefinitions.R) : t :=
- to_f32 (round m r).
-
-(* Why3 assumption *)
-Definition round_double (m:mode) (r:Reals.Rdefinitions.R) : t1 :=
- to_f64 (round1 m r).
-
-Axiom is_zero_to_f32_zero : is_zero (to_f32 0%R).
-
-Axiom is_zero_to_f64_zero : is_zero1 (to_f64 0%R).
-
-Axiom real_0_is_zero_f32 : forall (f:t), (0%R = (t'real f)) -> is_zero f.
-
-Axiom real_0_is_zero_f64 : forall (f:t1), (0%R = (t'real1 f)) -> is_zero1 f.
-
-Axiom f32_to_f64 : forall (f:t), ((to_f64 (t'real f)) = (to_float64 RNE f)).
-
-Axiom f64_to_f32 :
- forall (f:t1), ((to_f32 (t'real1 f)) = (to_float32 RNE f)).
-
-(* Why3 assumption *)
-Definition finite (x:Reals.Rdefinitions.R) : Prop :=
- t'isFinite (to_f32 x) /\ t'isFinite1 (to_f64 x).
-
-Parameter eq_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom eq_f32b'def :
- forall (x:t) (y:t),
- (eq x y -> ((eq_f32b x y) = Init.Datatypes.true)) /\
- (~ eq x y -> ((eq_f32b x y) = Init.Datatypes.false)).
-
-Parameter eq_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom eq_f64b'def :
- forall (x:t1) (y:t1),
- (eq1 x y -> ((eq_f64b x y) = Init.Datatypes.true)) /\
- (~ eq1 x y -> ((eq_f64b x y) = Init.Datatypes.false)).
-
-(* Why3 assumption *)
-Definition ne_f32 (x:t) (y:t) : Prop := ~ eq x y.
-
-(* Why3 assumption *)
-Definition ne_f64 (x:t1) (y:t1) : Prop := ~ eq1 x y.
-
-Parameter ne_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom ne_f32b'def :
- forall (x:t) (y:t),
- (ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.true)) /\
- (~ ne_f32 x y -> ((ne_f32b x y) = Init.Datatypes.false)).
-
-Parameter ne_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom ne_f64b'def :
- forall (x:t1) (y:t1),
- (ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.true)) /\
- (~ ne_f64 x y -> ((ne_f64b x y) = Init.Datatypes.false)).
-
-Parameter le_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom le_f32b'def :
- forall (x:t) (y:t),
- (le x y -> ((le_f32b x y) = Init.Datatypes.true)) /\
- (~ le x y -> ((le_f32b x y) = Init.Datatypes.false)).
-
-Parameter le_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom le_f64b'def :
- forall (x:t1) (y:t1),
- (le1 x y -> ((le_f64b x y) = Init.Datatypes.true)) /\
- (~ le1 x y -> ((le_f64b x y) = Init.Datatypes.false)).
-
-Parameter lt_f32b: t -> t -> Init.Datatypes.bool.
-
-Axiom lt_f32b'def :
- forall (x:t) (y:t),
- (lt x y -> ((lt_f32b x y) = Init.Datatypes.true)) /\
- (~ lt x y -> ((lt_f32b x y) = Init.Datatypes.false)).
-
-Parameter lt_f64b: t1 -> t1 -> Init.Datatypes.bool.
-
-Axiom lt_f64b'def :
- forall (x:t1) (y:t1),
- (lt1 x y -> ((lt_f64b x y) = Init.Datatypes.true)) /\
- (~ lt1 x y -> ((lt_f64b x y) = Init.Datatypes.false)).
-
-Parameter model_f32: t -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f32 (f:t) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real f) - (model_f32 f))%R.
-
-(* Why3 assumption *)
-Definition error_f32 (f:t) : Reals.Rdefinitions.R :=
- ((delta_f32 f) / (Reals.Rbasic_fun.Rabs (model_f32 f)))%R.
-
-Parameter model_f64: t1 -> Reals.Rdefinitions.R.
-
-(* Why3 assumption *)
-Definition delta_f64 (f:t1) : Reals.Rdefinitions.R :=
- Reals.Rbasic_fun.Rabs ((t'real1 f) - (model_f64 f))%R.
-
-(* Why3 assumption *)
-Definition error_f64 (f:t1) : Reals.Rdefinitions.R :=
- ((delta_f64 f) / (Reals.Rbasic_fun.Rabs (model_f64 f)))%R.
-
-(* Why3 assumption *)
-Definition is_bool (x:Numbers.BinNums.Z) : Prop := (x = 0%Z) \/ (x = 1%Z).
-
-(* Why3 assumption *)
-Definition is_uint8 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 256%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint8 (x:Numbers.BinNums.Z) : Prop :=
- ((-128%Z)%Z <= x)%Z /\ (x < 128%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint16 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 65536%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint16 (x:Numbers.BinNums.Z) : Prop :=
- ((-32768%Z)%Z <= x)%Z /\ (x < 32768%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint32 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 4294967296%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint32 (x:Numbers.BinNums.Z) : Prop :=
- ((-2147483648%Z)%Z <= x)%Z /\ (x < 2147483648%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint64 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 18446744073709551616%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint64 (x:Numbers.BinNums.Z) : Prop :=
- ((-9223372036854775808%Z)%Z <= x)%Z /\ (x < 9223372036854775808%Z)%Z.
-
-Axiom is_bool0 : is_bool 0%Z.
-
-Axiom is_bool1 : is_bool 1%Z.
-
-Parameter to_bool: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom to_bool'def :
- forall (x:Numbers.BinNums.Z),
- ((x = 0%Z) -> ((to_bool x) = 0%Z)) /\ (~ (x = 0%Z) -> ((to_bool x) = 1%Z)).
-
-Parameter to_uint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter two_power_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom two_power_abs_is_positive :
- forall (n:Numbers.BinNums.Z), (0%Z < (two_power_abs n))%Z.
-
-Axiom two_power_abs_plus_pos :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- (0%Z <= m)%Z ->
- ((two_power_abs (n + m)%Z) = ((two_power_abs n) * (two_power_abs m))%Z).
-
-Axiom two_power_abs_plus_one :
- forall (n:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- ((two_power_abs (n + 1%Z)%Z) = (2%Z * (two_power_abs n))%Z).
-
-(* Why3 assumption *)
-Definition is_uint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-(* Why3 assumption *)
-Definition is_sint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- ((-(two_power_abs n))%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-Parameter to_uint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom is_to_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n (to_uint n x).
-
-Axiom is_to_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_sint n (to_sint n x).
-
-Axiom is_to_uint8 : forall (x:Numbers.BinNums.Z), is_uint8 (to_uint8 x).
-
-Axiom is_to_sint8 : forall (x:Numbers.BinNums.Z), is_sint8 (to_sint8 x).
-
-Axiom is_to_uint16 : forall (x:Numbers.BinNums.Z), is_uint16 (to_uint16 x).
-
-Axiom is_to_sint16 : forall (x:Numbers.BinNums.Z), is_sint16 (to_sint16 x).
-
-Axiom is_to_uint32 : forall (x:Numbers.BinNums.Z), is_uint32 (to_uint32 x).
-
-Axiom is_to_sint32 : forall (x:Numbers.BinNums.Z), is_sint32 (to_sint32 x).
-
-Axiom is_to_uint64 : forall (x:Numbers.BinNums.Z), is_uint64 (to_uint64 x).
-
-Axiom is_to_sint64 : forall (x:Numbers.BinNums.Z), is_sint64 (to_sint64 x).
-
-Axiom id_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_uint n x <-> ((to_uint n x) = x).
-
-Axiom id_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_sint n x <-> ((to_sint n x) = x).
-
-Axiom id_uint8 :
- forall (x:Numbers.BinNums.Z), is_uint8 x -> ((to_uint8 x) = x).
-
-Axiom id_sint8 :
- forall (x:Numbers.BinNums.Z), is_sint8 x -> ((to_sint8 x) = x).
-
-Axiom id_uint16 :
- forall (x:Numbers.BinNums.Z), is_uint16 x -> ((to_uint16 x) = x).
-
-Axiom id_sint16 :
- forall (x:Numbers.BinNums.Z), is_sint16 x -> ((to_sint16 x) = x).
-
-Axiom id_uint32 :
- forall (x:Numbers.BinNums.Z), is_uint32 x -> ((to_uint32 x) = x).
-
-Axiom id_sint32 :
- forall (x:Numbers.BinNums.Z), is_sint32 x -> ((to_sint32 x) = x).
-
-Axiom id_uint64 :
- forall (x:Numbers.BinNums.Z), is_uint64 x -> ((to_uint64 x) = x).
-
-Axiom id_sint64 :
- forall (x:Numbers.BinNums.Z), is_sint64 x -> ((to_sint64 x) = x).
-
-Axiom proj_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_uint n (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_sint n x)) = (to_sint n x)).
-
-Axiom proj_uint8 :
- forall (x:Numbers.BinNums.Z), ((to_uint8 (to_uint8 x)) = (to_uint8 x)).
-
-Axiom proj_sint8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_sint8 x)) = (to_sint8 x)).
-
-Axiom proj_uint16 :
- forall (x:Numbers.BinNums.Z), ((to_uint16 (to_uint16 x)) = (to_uint16 x)).
-
-Axiom proj_sint16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_sint16 x)) = (to_sint16 x)).
-
-Axiom proj_uint32 :
- forall (x:Numbers.BinNums.Z), ((to_uint32 (to_uint32 x)) = (to_uint32 x)).
-
-Axiom proj_sint32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_sint32 x)) = (to_sint32 x)).
-
-Axiom proj_uint64 :
- forall (x:Numbers.BinNums.Z), ((to_uint64 (to_uint64 x)) = (to_uint64 x)).
-
-Axiom proj_sint64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_sint64 x)) = (to_sint64 x)).
-
-Axiom proj_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_uint n x)) = (to_uint n x)).
-
-Axiom incl_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n x ->
- is_sint n x.
-
-Axiom proj_su_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint (m + n)%Z (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_su_sint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint n (to_uint (m + (n + 1%Z)%Z)%Z x)) = (to_sint n x)).
-
-Axiom proj_int8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_uint8 x)) = (to_sint8 x)).
-
-Axiom proj_int16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_uint16 x)) = (to_sint16 x)).
-
-Axiom proj_int32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_uint32 x)) = (to_sint32 x)).
-
-Axiom proj_int64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_uint64 x)) = (to_sint64 x)).
-
-Axiom proj_us_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_uint (n + 1%Z)%Z (to_sint (m + n)%Z x)) = (to_uint (n + 1%Z)%Z x)).
-
-Axiom incl_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_uint (n + i)%Z x.
-
-Axiom incl_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_sint n x -> is_sint (n + i)%Z x.
-
-Axiom incl_int :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_sint (n + i)%Z x.
-
-Parameter fliteral: t1.
-
-Axiom fliteral_axiom :
- t'isFinite1 fliteral /\ ((t'real1 fliteral) = (1 * 2)%R).
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (i:Numbers.BinNums.Z) (f:t1),
- let r := t'real1 f in
- ~ (i = 0%Z) -> (r <= 10%R)%R -> ((-10%R)%R <= r)%R -> is_sint32 i ->
- t'isFinite1 (mul1 RNE f fliteral).
-Proof.
-intros i f r h1 h2 h3 h4.
-
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.res.oracle b/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.res.oracle
index 2e980a59b736685ec5792ce128784b7c83477a06..288a484c71d1d73941afd4bdbced3c1992716336 100644
--- a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.res.oracle
+++ b/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_1174.res.oracle
@@ -3,11 +3,11 @@
[wp] Running WP plugin...
[wp] Warning: Missing RTE guards
[wp] 1 goal scheduled
-[wp] [Coq] Goal typed_real_job_assert_qed_ok : Valid
+[wp] [Alt-Ergo] Goal typed_real_job_assert_qed_ok : Valid
[wp] Proved goals: 1 / 1
Qed: 0
- Coq: 1
+ Alt-Ergo: 1
------------------------------------------------------------
Functions WP Alt-Ergo Total Success
- job - - 1 100%
+ job - 1 1 100%
------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_2471.1.res.oracle b/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_2471.1.res.oracle
deleted file mode 100644
index fd77bf32479b1f01fa6c0f47ab4c077ed8ef068b..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_2471.1.res.oracle
+++ /dev/null
@@ -1,12 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing bts_2471.i (no preprocessing)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] 1 goal scheduled
-[wp] [Coq] Goal typed_foo_assert_ko : Unsuccess
-[wp] Proved goals: 0 / 1
- Coq: 0 (unsuccess: 1)
-------------------------------------------------------------
- Functions WP Alt-Ergo Total Success
- foo - - 1 0.0%
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_2471.0.res.oracle b/src/plugins/wp/tests/wp_bts/oracle_qualif/bts_2471.res.oracle
similarity index 100%
rename from src/plugins/wp/tests/wp_bts/oracle_qualif/bts_2471.0.res.oracle
rename to src/plugins/wp/tests/wp_bts/oracle_qualif/bts_2471.res.oracle
diff --git a/src/plugins/wp/tests/wp_eva/test_config_qualif b/src/plugins/wp/tests/wp_eva/test_config_qualif
index 8f8c6e5c791fd649d5d9a45b234bbf850e2b3ce6..5cc6f72566ce5f45d29d47a3ee4d208b904d271b 100644
--- a/src/plugins/wp/tests/wp_eva/test_config_qualif
+++ b/src/plugins/wp/tests/wp_eva/test_config_qualif
@@ -1,2 +1,2 @@
-CMD: @frama-c@ -no-autoload-plugins -load-module eva,scope,reduc,wp -eva -eva-no-print -eva-verbose 0 @PTEST_FILE@ -then -reduc -reduc-gen-annot all -then -no-reduc -then -wp -wp-par 1 -wp-share @PTEST_SHARE_DIR@ -wp-msg-key shell -wp-report tests/qualif.report -wp-session @PTEST_SUITE_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.@PTEST_NUMBER@.session -wp-cache-env -wp-cache replay @PTEST_FILE@ -wp-coq-timeout 120
+CMD: @frama-c@ -no-autoload-plugins -load-module eva,scope,reduc,wp -eva -eva-no-print -eva-verbose 0 @PTEST_FILE@ -then -reduc -reduc-gen-annot all -then -no-reduc -then -wp -wp-par 1 -wp-share @PTEST_SHARE_DIR@ -wp-msg-key shell -wp-report tests/qualif.report -wp-session @PTEST_SUITE_DIR@/oracle@PTEST_CONFIG@/@PTEST_NAME@.@PTEST_NUMBER@.session -wp-cache-env -wp-cache replay @PTEST_FILE@
OPT:
diff --git a/src/plugins/wp/tests/wp_plugin/Abs.v b/src/plugins/wp/tests/wp_plugin/Abs.v
deleted file mode 100644
index 71280cae205e57f15051ed9ee5bb44b9cb006540..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/Abs.v
+++ /dev/null
@@ -1,4 +0,0 @@
-Require Import ZArith.
-
-Definition my_abs := Z.abs.
-
diff --git a/src/plugins/wp/tests/wp_plugin/abs.i b/src/plugins/wp/tests/wp_plugin/abs.i
index 77a22fdc26958674051945fae5d3f1e69d8947ae..a602a11d813578ba99b10380fa702855e49c3e30 100644
--- a/src/plugins/wp/tests/wp_plugin/abs.i
+++ b/src/plugins/wp/tests/wp_plugin/abs.i
@@ -1,13 +1,12 @@
/* run.config
COMMENT: depends from files mentionned into "abs.driver"
- DEPS: abs.why abs.mlw abs.script Abs.v
+ DEPS: abs.why
OPT: -wp-driver %{dep:@PTEST_DIR@/abs.driver}
*/
/* run.config_qualif
COMMENT: depends from files mentionned into "abs.driver"
- DEPS: abs.why abs.mlw abs.script Abs.v
+ DEPS: abs.why
OPT: -wp -wp-driver %{dep:@PTEST_DIR@/abs.driver} -wp-prover alt-ergo
- OPT: -wp -wp-driver %{dep:@PTEST_DIR@/abs.driver} -wp-prover coq
*/
/*@ axiomatic Absolute { logic integer ABS(integer x) ; } */
diff --git a/src/plugins/wp/tests/wp_plugin/abs.mlw b/src/plugins/wp/tests/wp_plugin/abs.mlw
deleted file mode 100644
index ad61e9bf35704fe57208a6b5301d001f007409e4..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/abs.mlw
+++ /dev/null
@@ -1,3 +0,0 @@
-logic my_abs : int -> int
-axiom abs_pos : forall x:int. x>=0 -> my_abs(x) = x
-axiom abs_neg : forall x:int. x<=0 -> my_abs(x) = -x
diff --git a/src/plugins/wp/tests/wp_plugin/abs.script b/src/plugins/wp/tests/wp_plugin/abs.script
deleted file mode 100644
index 9303a5e547253988ed4a35b21650bd7641569c51..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/abs.script
+++ /dev/null
@@ -1,13 +0,0 @@
-(* Generated by Frama-C WP *)
-
-Goal typed_abs_abs_ensures.
-Hint abs,default,property.
-Proof.
- intro n. intros. subst.
- unfold my_abs.
- induction H1;
- [ intros ; rewrite Zabs_non_eq | intros ; rewrite Z.abs_eq ] ;
- auto with zarith.
-Qed.
-
-
diff --git a/src/plugins/wp/tests/wp_plugin/float_format.i b/src/plugins/wp/tests/wp_plugin/float_format.i
index 32638b743812503f6432a3bf23d80a7921b90aa4..117574e517c0ddd4bd758787e23e77d1117ba4ff 100644
--- a/src/plugins/wp/tests/wp_plugin/float_format.i
+++ b/src/plugins/wp/tests/wp_plugin/float_format.i
@@ -1,5 +1,4 @@
/* run.config_qualif
- OPT: -wp-prover coq
OPT: -wp-prover alt-ergo -wp-steps 5 -wp-timeout 100
*/
diff --git a/src/plugins/wp/tests/wp_plugin/inductive.c b/src/plugins/wp/tests/wp_plugin/inductive.c
index 27be59683fddb6c4bd533d9ee6954a2209b53253..5fe98fae814e83f4c6533d9553266075fb930472 100644
--- a/src/plugins/wp/tests/wp_plugin/inductive.c
+++ b/src/plugins/wp/tests/wp_plugin/inductive.c
@@ -3,7 +3,7 @@
*/
/* run.config_qualif
- OPT: -wp-prover coq -wp-timeout 240
+ DONTRUN:
*/
typedef struct _list { int element; struct _list* next; } list;
diff --git a/src/plugins/wp/tests/wp_plugin/inductive.script b/src/plugins/wp/tests/wp_plugin/inductive.script
deleted file mode 100644
index d5d9adc636b9ab7cd2841f3bfdaa5c266c8770f2..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/inductive.script
+++ /dev/null
@@ -1,41 +0,0 @@
-(* Generated by Frama-C WP *)
-
-Goal typed_lemma_offset.
-Hint offset,property.
-Proof.
- intros. remember (shift_sint32 a_1 i) as a_11.
- remember (shift_sint32 a i) as a1.
- revert dependent a. revert dependent a_1.
- induction H; intros; subst.
- - apply Q_refl. unfold P_same_array; intros.
- unfold P_same_array in *. unfold shift_sint32, shift in *.
- destruct a0, a_0. simpl in *.
- replace i1 with (i + (i1 -i)) by omega.
- rewrite 2!Z.add_assoc.
- apply H; omega.
- - apply Q_swap with (i_2:=i+i_2) (i_1:=i+i_1). unfold P_swap in *.
- decompose [and] H; clear H.
- unfold shift_sint32, shift in *. destruct a0, a_0. simpl in *.
- repeat split; try omega.
- + rewrite 2!Z.add_assoc. assumption.
- + rewrite 2!Z.add_assoc. assumption.
- + intros.
- replace i_0 with (i + (i_0 - i)) by omega.
- rewrite 2!Z.add_assoc.
- apply H6; omega.
- - apply Q_trans with (t_1:=t_1) (a_1:=shift_sint32 a_1 (-i)).
- + apply IHP_same_elements1. destruct a_1; unfold shift_sint32, shift; simpl. f_equal; omega. reflexivity.
- + apply IHP_same_elements2. reflexivity. destruct a_1; unfold shift_sint32, shift; simpl. f_equal; omega.
-Qed.
-
-Goal typed_lemma_test.
-Hint property,test.
-Proof.
-intros.
-destruct H.
- - left. reflexivity.
- - right. split;assumption.
-(* auto with zarith. *)
-Qed.
-
-
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/abs.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/abs.res.oracle
index f1c48b4d78f3584846dd4ebf21e8e0c605669c4f..2bfda3e2447475511ce53a7f9cfa432ee664b45f 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/abs.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/abs.res.oracle
@@ -6,7 +6,7 @@
Function abs
------------------------------------------------------------
-Goal Post-condition (file abs.i, line 14) in 'abs':
+Goal Post-condition (file abs.i, line 13) in 'abs':
Assume {
Type: is_sint32(abs_0) /\ is_sint32(x).
If x < 0
diff --git a/src/plugins/wp/tests/wp_plugin/oracle/float_format.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle/float_format.res.oracle
index 9b59a37581730e0e503c2db1faa20b405c61be8f..86587426f43e2a50822707fa7feace8c84912896 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle/float_format.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle/float_format.res.oracle
@@ -1,6 +1,6 @@
# frama-c -wp [...]
[kernel] Parsing float_format.i (no preprocessing)
-[kernel:parser:decimal-float] float_format.i:9: Warning:
+[kernel:parser:decimal-float] float_format.i:8: Warning:
Floating-point constant 0.2 is not represented exactly. Will use 0x1.999999999999ap-3.
(warn-once: no further messages from category 'parser:decimal-float' will be emitted)
[wp] Running WP plugin...
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.1.res.oracle
deleted file mode 100644
index 7ff2eea8aab38a2c694b8a60e8af212c5118ea41..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.1.res.oracle
+++ /dev/null
@@ -1,13 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing abs.i (no preprocessing)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] 1 goal scheduled
-[wp] [Coq] Goal typed_abs_abs_ensures : Valid
-[wp] Proved goals: 1 / 1
- Qed: 0
- Coq: 1
-------------------------------------------------------------
- Functions WP Alt-Ergo Total Success
- abs - - 1 100%
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.1.session/interactive/abs_ensures.v b/src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.1.session/interactive/abs_ensures.v
deleted file mode 100644
index 565fe5684b5102b52e3da065cf61603a4f0bc54c..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.1.session/interactive/abs_ensures.v
+++ /dev/null
@@ -1,341 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.FromInt.
-Require map.Map.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-(* Why3 assumption *)
-Definition is_bool (x:Numbers.BinNums.Z) : Prop := (x = 0%Z) \/ (x = 1%Z).
-
-(* Why3 assumption *)
-Definition is_uint8 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 256%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint8 (x:Numbers.BinNums.Z) : Prop :=
- ((-128%Z)%Z <= x)%Z /\ (x < 128%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint16 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 65536%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint16 (x:Numbers.BinNums.Z) : Prop :=
- ((-32768%Z)%Z <= x)%Z /\ (x < 32768%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint32 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 4294967296%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint32 (x:Numbers.BinNums.Z) : Prop :=
- ((-2147483648%Z)%Z <= x)%Z /\ (x < 2147483648%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint64 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 18446744073709551616%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint64 (x:Numbers.BinNums.Z) : Prop :=
- ((-9223372036854775808%Z)%Z <= x)%Z /\ (x < 9223372036854775808%Z)%Z.
-
-Axiom is_bool0 : is_bool 0%Z.
-
-Axiom is_bool1 : is_bool 1%Z.
-
-Parameter to_bool: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom to_bool'def :
- forall (x:Numbers.BinNums.Z),
- ((x = 0%Z) -> ((to_bool x) = 0%Z)) /\ (~ (x = 0%Z) -> ((to_bool x) = 1%Z)).
-
-Parameter to_uint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter two_power_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom two_power_abs_is_positive :
- forall (n:Numbers.BinNums.Z), (0%Z < (two_power_abs n))%Z.
-
-Axiom two_power_abs_plus_pos :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- (0%Z <= m)%Z ->
- ((two_power_abs (n + m)%Z) = ((two_power_abs n) * (two_power_abs m))%Z).
-
-Axiom two_power_abs_plus_one :
- forall (n:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- ((two_power_abs (n + 1%Z)%Z) = (2%Z * (two_power_abs n))%Z).
-
-(* Why3 assumption *)
-Definition is_uint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-(* Why3 assumption *)
-Definition is_sint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- ((-(two_power_abs n))%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-Parameter to_uint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom is_to_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n (to_uint n x).
-
-Axiom is_to_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_sint n (to_sint n x).
-
-Axiom is_to_uint8 : forall (x:Numbers.BinNums.Z), is_uint8 (to_uint8 x).
-
-Axiom is_to_sint8 : forall (x:Numbers.BinNums.Z), is_sint8 (to_sint8 x).
-
-Axiom is_to_uint16 : forall (x:Numbers.BinNums.Z), is_uint16 (to_uint16 x).
-
-Axiom is_to_sint16 : forall (x:Numbers.BinNums.Z), is_sint16 (to_sint16 x).
-
-Axiom is_to_uint32 : forall (x:Numbers.BinNums.Z), is_uint32 (to_uint32 x).
-
-Axiom is_to_sint32 : forall (x:Numbers.BinNums.Z), is_sint32 (to_sint32 x).
-
-Axiom is_to_uint64 : forall (x:Numbers.BinNums.Z), is_uint64 (to_uint64 x).
-
-Axiom is_to_sint64 : forall (x:Numbers.BinNums.Z), is_sint64 (to_sint64 x).
-
-Axiom id_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_uint n x <-> ((to_uint n x) = x).
-
-Axiom id_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_sint n x <-> ((to_sint n x) = x).
-
-Axiom id_uint8 :
- forall (x:Numbers.BinNums.Z), is_uint8 x -> ((to_uint8 x) = x).
-
-Axiom id_sint8 :
- forall (x:Numbers.BinNums.Z), is_sint8 x -> ((to_sint8 x) = x).
-
-Axiom id_uint16 :
- forall (x:Numbers.BinNums.Z), is_uint16 x -> ((to_uint16 x) = x).
-
-Axiom id_sint16 :
- forall (x:Numbers.BinNums.Z), is_sint16 x -> ((to_sint16 x) = x).
-
-Axiom id_uint32 :
- forall (x:Numbers.BinNums.Z), is_uint32 x -> ((to_uint32 x) = x).
-
-Axiom id_sint32 :
- forall (x:Numbers.BinNums.Z), is_sint32 x -> ((to_sint32 x) = x).
-
-Axiom id_uint64 :
- forall (x:Numbers.BinNums.Z), is_uint64 x -> ((to_uint64 x) = x).
-
-Axiom id_sint64 :
- forall (x:Numbers.BinNums.Z), is_sint64 x -> ((to_sint64 x) = x).
-
-Axiom proj_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_uint n (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_sint n x)) = (to_sint n x)).
-
-Axiom proj_uint8 :
- forall (x:Numbers.BinNums.Z), ((to_uint8 (to_uint8 x)) = (to_uint8 x)).
-
-Axiom proj_sint8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_sint8 x)) = (to_sint8 x)).
-
-Axiom proj_uint16 :
- forall (x:Numbers.BinNums.Z), ((to_uint16 (to_uint16 x)) = (to_uint16 x)).
-
-Axiom proj_sint16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_sint16 x)) = (to_sint16 x)).
-
-Axiom proj_uint32 :
- forall (x:Numbers.BinNums.Z), ((to_uint32 (to_uint32 x)) = (to_uint32 x)).
-
-Axiom proj_sint32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_sint32 x)) = (to_sint32 x)).
-
-Axiom proj_uint64 :
- forall (x:Numbers.BinNums.Z), ((to_uint64 (to_uint64 x)) = (to_uint64 x)).
-
-Axiom proj_sint64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_sint64 x)) = (to_sint64 x)).
-
-Axiom proj_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_uint n x)) = (to_uint n x)).
-
-Axiom incl_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n x ->
- is_sint n x.
-
-Axiom proj_su_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint (m + n)%Z (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_su_sint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint n (to_uint (m + (n + 1%Z)%Z)%Z x)) = (to_sint n x)).
-
-Axiom proj_int8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_uint8 x)) = (to_sint8 x)).
-
-Axiom proj_int16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_uint16 x)) = (to_sint16 x)).
-
-Axiom proj_int32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_uint32 x)) = (to_sint32 x)).
-
-Axiom proj_int64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_uint64 x)) = (to_sint64 x)).
-
-Axiom proj_us_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_uint (n + 1%Z)%Z (to_sint (m + n)%Z x)) = (to_uint (n + 1%Z)%Z x)).
-
-Axiom incl_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_uint (n + i)%Z x.
-
-Axiom incl_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_sint n x -> is_sint (n + i)%Z x.
-
-Axiom incl_int :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_sint (n + i)%Z x.
-
-Parameter my_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom abs_pos :
- forall (x:Numbers.BinNums.Z), (0%Z <= x)%Z -> ((my_abs x) = x).
-
-Axiom abs_neg :
- forall (x:Numbers.BinNums.Z), (x <= 0%Z)%Z -> ((my_abs x) = (-x)%Z).
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (i:Numbers.BinNums.Z) (i1:Numbers.BinNums.Z), is_sint32 i1 ->
- is_sint32 i ->
- (i1 < 0%Z)%Z /\ ((i + i1)%Z = 0%Z) \/ ~ (i1 < 0%Z)%Z /\ (i1 = i) ->
- ((my_abs i1) = i).
-Proof.
- Require Import Psatz.
-
- intros i n Hn Hi H ; intros.
- inversion_clear H as [ C1 | C2 ].
- + inversion_clear C1 as [ Nn Hin ].
- assert (Heq: i = (-n)%Z) by lia.
- rewrite Heq ; apply abs_neg ; lia.
- + inversion_clear C2 as [ Pn Hin ] ; subst.
- apply abs_pos ; lia.
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.0.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.res.oracle
similarity index 100%
rename from src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.0.res.oracle
rename to src/plugins/wp/tests/wp_plugin/oracle_qualif/abs.res.oracle
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.0.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.0.res.oracle
deleted file mode 100644
index c9d94a87a47ff301d7f3b25a1466a322e00f5736..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.0.res.oracle
+++ /dev/null
@@ -1,15 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing float_format.i (no preprocessing)
-[kernel:parser:decimal-float] float_format.i:9: Warning:
- Floating-point constant 0.2 is not represented exactly. Will use 0x1.999999999999ap-3.
- (warn-once: no further messages from category 'parser:decimal-float' will be emitted)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] 1 goal scheduled
-[wp] [Coq] Goal typed_output_ensures_KO : Unsuccess
-[wp] Proved goals: 0 / 1
- Coq: 0 (unsuccess: 1)
-------------------------------------------------------------
- Functions WP Alt-Ergo Total Success
- output - - 1 0.0%
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.1.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.res.oracle
similarity index 92%
rename from src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.1.res.oracle
rename to src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.res.oracle
index 484b4e1bb0ef8cfe1c9cffa2b0a8a4aa599c97a0..cb9d081888bd4d94a305be62ff79c2f550a58ce1 100644
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.1.res.oracle
+++ b/src/plugins/wp/tests/wp_plugin/oracle_qualif/float_format.res.oracle
@@ -1,6 +1,6 @@
# frama-c -wp -wp-timeout 100 -wp-steps 5 [...]
[kernel] Parsing float_format.i (no preprocessing)
-[kernel:parser:decimal-float] float_format.i:9: Warning:
+[kernel:parser:decimal-float] float_format.i:8: Warning:
Floating-point constant 0.2 is not represented exactly. Will use 0x1.999999999999ap-3.
(warn-once: no further messages from category 'parser:decimal-float' will be emitted)
[wp] Running WP plugin...
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.0.session/interactive/lemma_offset.v b/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.0.session/interactive/lemma_offset.v
deleted file mode 100644
index 2959622c67342a2762399ec0bb12652da71d43e3..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.0.session/interactive/lemma_offset.v
+++ /dev/null
@@ -1,428 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.FromInt.
-Require map.Map.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-(* Why3 assumption *)
-Inductive addr :=
- | addr'mk : Numbers.BinNums.Z -> Numbers.BinNums.Z -> addr.
-Axiom addr_WhyType : WhyType addr.
-Existing Instance addr_WhyType.
-
-(* Why3 assumption *)
-Definition offset (v:addr) : Numbers.BinNums.Z :=
- match v with
- | addr'mk x x1 => x1
- end.
-
-(* Why3 assumption *)
-Definition base (v:addr) : Numbers.BinNums.Z :=
- match v with
- | addr'mk x x1 => x
- end.
-
-Parameter addr_le: addr -> addr -> Prop.
-
-Parameter addr_lt: addr -> addr -> Prop.
-
-Parameter addr_le_bool: addr -> addr -> Init.Datatypes.bool.
-
-Parameter addr_lt_bool: addr -> addr -> Init.Datatypes.bool.
-
-Axiom addr_le_def :
- forall (p:addr) (q:addr), ((base p) = (base q)) ->
- addr_le p q <-> ((offset p) <= (offset q))%Z.
-
-Axiom addr_lt_def :
- forall (p:addr) (q:addr), ((base p) = (base q)) ->
- addr_lt p q <-> ((offset p) < (offset q))%Z.
-
-Axiom addr_le_bool_def :
- forall (p:addr) (q:addr),
- addr_le p q <-> ((addr_le_bool p q) = Init.Datatypes.true).
-
-Axiom addr_lt_bool_def :
- forall (p:addr) (q:addr),
- addr_lt p q <-> ((addr_lt_bool p q) = Init.Datatypes.true).
-
-(* Why3 assumption *)
-Definition null : addr := addr'mk 0%Z 0%Z.
-
-(* Why3 assumption *)
-Definition global (b:Numbers.BinNums.Z) : addr := addr'mk b 0%Z.
-
-(* Why3 assumption *)
-Definition shift (p:addr) (k:Numbers.BinNums.Z) : addr :=
- addr'mk (base p) ((offset p) + k)%Z.
-
-(* Why3 assumption *)
-Definition included (p:addr) (a:Numbers.BinNums.Z) (q:addr)
- (b:Numbers.BinNums.Z) : Prop :=
- (0%Z < a)%Z ->
- (0%Z <= b)%Z /\
- ((base p) = (base q)) /\
- ((offset q) <= (offset p))%Z /\
- (((offset p) + a)%Z <= ((offset q) + b)%Z)%Z.
-
-(* Why3 assumption *)
-Definition separated (p:addr) (a:Numbers.BinNums.Z) (q:addr)
- (b:Numbers.BinNums.Z) : Prop :=
- (a <= 0%Z)%Z \/
- (b <= 0%Z)%Z \/
- ~ ((base p) = (base q)) \/
- (((offset q) + b)%Z <= (offset p))%Z \/
- (((offset p) + a)%Z <= (offset q))%Z.
-
-(* Why3 assumption *)
-Definition eqmem {a:Type} {a_WT:WhyType a} (m1:addr -> a) (m2:addr -> a)
- (p:addr) (a1:Numbers.BinNums.Z) : Prop :=
- forall (q:addr), included q 1%Z p a1 -> ((m1 q) = (m2 q)).
-
-Parameter havoc:
- forall {a:Type} {a_WT:WhyType a}, (addr -> a) -> (addr -> a) -> addr ->
- Numbers.BinNums.Z -> addr -> a.
-
-(* Why3 assumption *)
-Definition valid_rw (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- (0%Z < (base p))%Z /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (m (base p)))%Z.
-
-(* Why3 assumption *)
-Definition valid_rd (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- ~ (0%Z = (base p)) /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (m (base p)))%Z.
-
-(* Why3 assumption *)
-Definition valid_obj (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- (p = null) \/
- ~ (0%Z = (base p)) /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (1%Z + (m (base p)))%Z)%Z.
-
-(* Why3 assumption *)
-Definition invalid (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (n <= 0%Z)%Z \/
- ((base p) = 0%Z) \/
- ((m (base p)) <= (offset p))%Z \/ (((offset p) + n)%Z <= 0%Z)%Z.
-
-Axiom valid_rw_rd :
- forall (m:Numbers.BinNums.Z -> Numbers.BinNums.Z), forall (p:addr),
- forall (n:Numbers.BinNums.Z), valid_rw m p n -> valid_rd m p n.
-
-Axiom valid_string :
- forall (m:Numbers.BinNums.Z -> Numbers.BinNums.Z), forall (p:addr),
- ((base p) < 0%Z)%Z ->
- (0%Z <= (offset p))%Z /\ ((offset p) < (m (base p)))%Z ->
- valid_rd m p 1%Z /\ ~ valid_rw m p 1%Z.
-
-Axiom separated_1 :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (i:Numbers.BinNums.Z)
- (j:Numbers.BinNums.Z),
- separated p a q b -> ((offset p) <= i)%Z /\ (i < ((offset p) + a)%Z)%Z ->
- ((offset q) <= j)%Z /\ (j < ((offset q) + b)%Z)%Z ->
- ~ ((addr'mk (base p) i) = (addr'mk (base q) j)).
-
-Parameter region: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter linked: (Numbers.BinNums.Z -> Numbers.BinNums.Z) -> Prop.
-
-Parameter sconst: (addr -> Numbers.BinNums.Z) -> Prop.
-
-(* Why3 assumption *)
-Definition framed (m:addr -> addr) : Prop :=
- forall (p:addr), ((region (base p)) <= 0%Z)%Z ->
- ((region (base (m p))) <= 0%Z)%Z.
-
-Axiom separated_included :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z), (0%Z < a)%Z ->
- (0%Z < b)%Z -> separated p a q b -> ~ included p a q b.
-
-Axiom included_trans :
- forall (p:addr) (q:addr) (r:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (c:Numbers.BinNums.Z),
- included p a q b -> included q b r c -> included p a r c.
-
-Axiom separated_trans :
- forall (p:addr) (q:addr) (r:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (c:Numbers.BinNums.Z),
- included p a q b -> separated q b r c -> separated p a r c.
-
-Axiom separated_sym :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z),
- separated p a q b <-> separated q b p a.
-
-Axiom eqmem_included :
- forall {a:Type} {a_WT:WhyType a},
- forall (m1:addr -> a) (m2:addr -> a), forall (p:addr) (q:addr),
- forall (a1:Numbers.BinNums.Z) (b:Numbers.BinNums.Z), included p a1 q b ->
- eqmem m1 m2 q b -> eqmem m1 m2 p a1.
-
-Axiom eqmem_sym :
- forall {a:Type} {a_WT:WhyType a},
- forall (m1:addr -> a) (m2:addr -> a), forall (p:addr),
- forall (a1:Numbers.BinNums.Z), eqmem m1 m2 p a1 -> eqmem m2 m1 p a1.
-
-Axiom havoc_access :
- forall {a:Type} {a_WT:WhyType a},
- forall (m0:addr -> a) (m1:addr -> a), forall (q:addr) (p:addr),
- forall (a1:Numbers.BinNums.Z),
- (separated q 1%Z p a1 -> ((havoc m0 m1 p a1 q) = (m1 q))) /\
- (~ separated q 1%Z p a1 -> ((havoc m0 m1 p a1 q) = (m0 q))).
-
-Parameter cinits: (addr -> Init.Datatypes.bool) -> Prop.
-
-(* Why3 assumption *)
-Definition is_init_range (m:addr -> Init.Datatypes.bool) (p:addr)
- (l:Numbers.BinNums.Z) : Prop :=
- forall (i:Numbers.BinNums.Z), (0%Z <= i)%Z /\ (i < l)%Z ->
- ((m (shift p i)) = Init.Datatypes.true).
-
-Parameter set_init:
- (addr -> Init.Datatypes.bool) -> addr -> Numbers.BinNums.Z ->
- addr -> Init.Datatypes.bool.
-
-Axiom set_init_access :
- forall (m:addr -> Init.Datatypes.bool), forall (q:addr) (p:addr),
- forall (a:Numbers.BinNums.Z),
- (separated q 1%Z p a -> ((set_init m p a q) = (m q))) /\
- (~ separated q 1%Z p a -> ((set_init m p a q) = Init.Datatypes.true)).
-
-(* Why3 assumption *)
-Definition monotonic_init (m1:addr -> Init.Datatypes.bool)
- (m2:addr -> Init.Datatypes.bool) : Prop :=
- forall (p:addr), ((m1 p) = Init.Datatypes.true) ->
- ((m2 p) = Init.Datatypes.true).
-
-Parameter int_of_addr: addr -> Numbers.BinNums.Z.
-
-Parameter addr_of_int: Numbers.BinNums.Z -> addr.
-
-Axiom table : Type.
-Parameter table_WhyType : WhyType table.
-Existing Instance table_WhyType.
-
-Parameter table_of_base: Numbers.BinNums.Z -> table.
-
-Parameter table_to_offset: table -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom table_to_offset_zero :
- forall (t:table), ((table_to_offset t 0%Z) = 0%Z).
-
-Axiom table_to_offset_monotonic :
- forall (t:table), forall (o1:Numbers.BinNums.Z) (o2:Numbers.BinNums.Z),
- (o1 <= o2)%Z <-> ((table_to_offset t o1) <= (table_to_offset t o2))%Z.
-
-Axiom int_of_addr_bijection :
- forall (a:Numbers.BinNums.Z), ((int_of_addr (addr_of_int a)) = a).
-
-Axiom addr_of_int_bijection :
- forall (p:addr), ((addr_of_int (int_of_addr p)) = p).
-
-Axiom addr_of_null : ((int_of_addr null) = 0%Z).
-
-(* Why3 assumption *)
-Inductive P_reachable: (Numbers.BinNums.Z -> Numbers.BinNums.Z) ->
- (addr -> addr) -> addr -> addr -> Prop :=
- | Q_root_reachable :
- forall (Malloc:Numbers.BinNums.Z -> Numbers.BinNums.Z)
- (Mptr:addr -> addr) (root:addr),
- P_reachable Malloc Mptr root root
- | Q_next_reachable :
- forall (Malloc:Numbers.BinNums.Z -> Numbers.BinNums.Z)
- (Mptr:addr -> addr) (root:addr) (node:addr),
- valid_rw Malloc root 2%Z ->
- P_reachable Malloc Mptr (Mptr (shift root 1%Z)) node ->
- P_reachable Malloc Mptr root node.
-
-Axiom Q_test :
- forall (Malloc:Numbers.BinNums.Z -> Numbers.BinNums.Z) (Mptr:addr -> addr)
- (root:addr) (node:addr),
- P_reachable Malloc Mptr root node ->
- (root = node) \/
- valid_rw Malloc root 2%Z /\
- P_reachable Malloc Mptr (Mptr (shift root 1%Z)) node.
-
-(* Why3 assumption *)
-Definition P_same_array (Mint:addr -> Numbers.BinNums.Z)
- (Mint1:addr -> Numbers.BinNums.Z) (a:addr) (b:addr)
- (begin:Numbers.BinNums.Z) (end1:Numbers.BinNums.Z) : Prop :=
- forall (i:Numbers.BinNums.Z), (begin <= i)%Z -> (i < end1)%Z ->
- ((Mint1 (shift a i)) = (Mint (shift b i))).
-
-(* Why3 assumption *)
-Definition P_swap (Mint:addr -> Numbers.BinNums.Z)
- (Mint1:addr -> Numbers.BinNums.Z) (a:addr) (b:addr)
- (begin:Numbers.BinNums.Z) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z)
- (end1:Numbers.BinNums.Z) : Prop :=
- ((((((Mint1 (shift a i)) = (Mint (shift b j))) /\
- ((Mint1 (shift a j)) = (Mint (shift b i)))) /\
- (begin <= i)%Z) /\
- (i < j)%Z) /\
- (j < end1)%Z) /\
- (forall (i1:Numbers.BinNums.Z), ~ (i1 = i) -> ~ (j = i1) ->
- (begin <= i1)%Z -> (i1 < end1)%Z ->
- ((Mint1 (shift a i1)) = (Mint (shift b i1)))).
-
-(* Why3 assumption *)
-Inductive P_same_elements: (addr -> Numbers.BinNums.Z) ->
- (addr -> Numbers.BinNums.Z) -> addr -> addr -> Numbers.BinNums.Z ->
- Numbers.BinNums.Z -> Prop :=
- | Q_refl :
- forall (Mint:addr -> Numbers.BinNums.Z)
- (Mint1:addr -> Numbers.BinNums.Z) (a:addr) (b:addr)
- (begin:Numbers.BinNums.Z) (end1:Numbers.BinNums.Z),
- P_same_array Mint Mint1 a b begin end1 ->
- P_same_elements Mint Mint1 a b begin end1
- | Q_swap :
- forall (Mint:addr -> Numbers.BinNums.Z)
- (Mint1:addr -> Numbers.BinNums.Z) (a:addr) (b:addr)
- (begin:Numbers.BinNums.Z) (i:Numbers.BinNums.Z) (j:Numbers.BinNums.Z)
- (end1:Numbers.BinNums.Z),
- P_swap Mint Mint1 a b begin i j end1 ->
- P_same_elements Mint Mint1 a b begin end1
- | Q_trans :
- forall (Mint:addr -> Numbers.BinNums.Z)
- (Mint1:addr -> Numbers.BinNums.Z) (Mint2:addr -> Numbers.BinNums.Z)
- (a:addr) (b:addr) (c:addr) (begin:Numbers.BinNums.Z)
- (end1:Numbers.BinNums.Z),
- P_same_elements Mint Mint1 b c begin end1 ->
- P_same_elements Mint1 Mint2 a b begin end1 ->
- P_same_elements Mint Mint2 a c begin end1.
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (t:addr -> Numbers.BinNums.Z) (t1:addr -> Numbers.BinNums.Z)
- (a:addr) (a1:addr) (i:Numbers.BinNums.Z) (i1:Numbers.BinNums.Z)
- (i2:Numbers.BinNums.Z),
- P_same_elements t t1 (shift a i2) (shift a1 i2) i i1 ->
- P_same_elements t t1 a a1 (i + i2)%Z (i1 + i2)%Z.
-Proof.
- Require Import Psatz.
-
- intros M1 M2 p q b e s.
- remember (shift p s) as ps.
- remember (shift q s) as qs.
- intro H.
- revert dependent p.
- revert dependent q.
- induction H ; intros ; subst.
- - apply Q_refl.
- unfold P_same_array in * ; unfold shift in * ; intros.
- destruct p, q ; simpl in * .
- replace i with (s + (i - s))%Z by lia.
- rewrite 2!Z.add_assoc.
- apply H ; lia.
- - apply Q_swap with (i := (s + i)%Z) (j := (s + j)%Z).
- unfold P_swap in * ; unfold shift in * ; destruct p, q ; simpl in * .
- decompose [and] H ; clear H.
- repeat split ; try lia.
- * rewrite 2!Z.add_assoc ; auto.
- * rewrite 2!Z.add_assoc ; auto.
- * intros.
- replace i1 with (s + (i1 - s))%Z by lia.
- rewrite 2!Z.add_assoc ; auto.
- apply H1 ; lia.
- - apply Q_trans with (Mint1 := Mint1)(b := shift b (- s)%Z).
- * apply IHP_same_elements1 ; auto.
- unfold shift ; destruct b ; simpl ; f_equal ; lia.
- * apply IHP_same_elements2 ; auto.
- unfold shift ; destruct b ; simpl ; f_equal ; lia.
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.0.session/interactive/lemma_test.v b/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.0.session/interactive/lemma_test.v
deleted file mode 100644
index 8741256bcdbbce570c6158e1c8df78a0e784b712..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.0.session/interactive/lemma_test.v
+++ /dev/null
@@ -1,346 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.FromInt.
-Require map.Map.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-(* Why3 assumption *)
-Inductive addr :=
- | addr'mk : Numbers.BinNums.Z -> Numbers.BinNums.Z -> addr.
-Axiom addr_WhyType : WhyType addr.
-Existing Instance addr_WhyType.
-
-(* Why3 assumption *)
-Definition offset (v:addr) : Numbers.BinNums.Z :=
- match v with
- | addr'mk x x1 => x1
- end.
-
-(* Why3 assumption *)
-Definition base (v:addr) : Numbers.BinNums.Z :=
- match v with
- | addr'mk x x1 => x
- end.
-
-Parameter addr_le: addr -> addr -> Prop.
-
-Parameter addr_lt: addr -> addr -> Prop.
-
-Parameter addr_le_bool: addr -> addr -> Init.Datatypes.bool.
-
-Parameter addr_lt_bool: addr -> addr -> Init.Datatypes.bool.
-
-Axiom addr_le_def :
- forall (p:addr) (q:addr), ((base p) = (base q)) ->
- addr_le p q <-> ((offset p) <= (offset q))%Z.
-
-Axiom addr_lt_def :
- forall (p:addr) (q:addr), ((base p) = (base q)) ->
- addr_lt p q <-> ((offset p) < (offset q))%Z.
-
-Axiom addr_le_bool_def :
- forall (p:addr) (q:addr),
- addr_le p q <-> ((addr_le_bool p q) = Init.Datatypes.true).
-
-Axiom addr_lt_bool_def :
- forall (p:addr) (q:addr),
- addr_lt p q <-> ((addr_lt_bool p q) = Init.Datatypes.true).
-
-(* Why3 assumption *)
-Definition null : addr := addr'mk 0%Z 0%Z.
-
-(* Why3 assumption *)
-Definition global (b:Numbers.BinNums.Z) : addr := addr'mk b 0%Z.
-
-(* Why3 assumption *)
-Definition shift (p:addr) (k:Numbers.BinNums.Z) : addr :=
- addr'mk (base p) ((offset p) + k)%Z.
-
-(* Why3 assumption *)
-Definition included (p:addr) (a:Numbers.BinNums.Z) (q:addr)
- (b:Numbers.BinNums.Z) : Prop :=
- (0%Z < a)%Z ->
- (0%Z <= b)%Z /\
- ((base p) = (base q)) /\
- ((offset q) <= (offset p))%Z /\
- (((offset p) + a)%Z <= ((offset q) + b)%Z)%Z.
-
-(* Why3 assumption *)
-Definition separated (p:addr) (a:Numbers.BinNums.Z) (q:addr)
- (b:Numbers.BinNums.Z) : Prop :=
- (a <= 0%Z)%Z \/
- (b <= 0%Z)%Z \/
- ~ ((base p) = (base q)) \/
- (((offset q) + b)%Z <= (offset p))%Z \/
- (((offset p) + a)%Z <= (offset q))%Z.
-
-(* Why3 assumption *)
-Definition eqmem {a:Type} {a_WT:WhyType a} (m1:addr -> a) (m2:addr -> a)
- (p:addr) (a1:Numbers.BinNums.Z) : Prop :=
- forall (q:addr), included q 1%Z p a1 -> ((m1 q) = (m2 q)).
-
-Parameter havoc:
- forall {a:Type} {a_WT:WhyType a}, (addr -> a) -> (addr -> a) -> addr ->
- Numbers.BinNums.Z -> addr -> a.
-
-(* Why3 assumption *)
-Definition valid_rw (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- (0%Z < (base p))%Z /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (m (base p)))%Z.
-
-(* Why3 assumption *)
-Definition valid_rd (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- ~ (0%Z = (base p)) /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (m (base p)))%Z.
-
-(* Why3 assumption *)
-Definition valid_obj (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- (p = null) \/
- ~ (0%Z = (base p)) /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (1%Z + (m (base p)))%Z)%Z.
-
-(* Why3 assumption *)
-Definition invalid (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (n <= 0%Z)%Z \/
- ((base p) = 0%Z) \/
- ((m (base p)) <= (offset p))%Z \/ (((offset p) + n)%Z <= 0%Z)%Z.
-
-Axiom valid_rw_rd :
- forall (m:Numbers.BinNums.Z -> Numbers.BinNums.Z), forall (p:addr),
- forall (n:Numbers.BinNums.Z), valid_rw m p n -> valid_rd m p n.
-
-Axiom valid_string :
- forall (m:Numbers.BinNums.Z -> Numbers.BinNums.Z), forall (p:addr),
- ((base p) < 0%Z)%Z ->
- (0%Z <= (offset p))%Z /\ ((offset p) < (m (base p)))%Z ->
- valid_rd m p 1%Z /\ ~ valid_rw m p 1%Z.
-
-Axiom separated_1 :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (i:Numbers.BinNums.Z)
- (j:Numbers.BinNums.Z),
- separated p a q b -> ((offset p) <= i)%Z /\ (i < ((offset p) + a)%Z)%Z ->
- ((offset q) <= j)%Z /\ (j < ((offset q) + b)%Z)%Z ->
- ~ ((addr'mk (base p) i) = (addr'mk (base q) j)).
-
-Parameter region: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter linked: (Numbers.BinNums.Z -> Numbers.BinNums.Z) -> Prop.
-
-Parameter sconst: (addr -> Numbers.BinNums.Z) -> Prop.
-
-(* Why3 assumption *)
-Definition framed (m:addr -> addr) : Prop :=
- forall (p:addr), ((region (base p)) <= 0%Z)%Z ->
- ((region (base (m p))) <= 0%Z)%Z.
-
-Axiom separated_included :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z), (0%Z < a)%Z ->
- (0%Z < b)%Z -> separated p a q b -> ~ included p a q b.
-
-Axiom included_trans :
- forall (p:addr) (q:addr) (r:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (c:Numbers.BinNums.Z),
- included p a q b -> included q b r c -> included p a r c.
-
-Axiom separated_trans :
- forall (p:addr) (q:addr) (r:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (c:Numbers.BinNums.Z),
- included p a q b -> separated q b r c -> separated p a r c.
-
-Axiom separated_sym :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z),
- separated p a q b <-> separated q b p a.
-
-Axiom eqmem_included :
- forall {a:Type} {a_WT:WhyType a},
- forall (m1:addr -> a) (m2:addr -> a), forall (p:addr) (q:addr),
- forall (a1:Numbers.BinNums.Z) (b:Numbers.BinNums.Z), included p a1 q b ->
- eqmem m1 m2 q b -> eqmem m1 m2 p a1.
-
-Axiom eqmem_sym :
- forall {a:Type} {a_WT:WhyType a},
- forall (m1:addr -> a) (m2:addr -> a), forall (p:addr),
- forall (a1:Numbers.BinNums.Z), eqmem m1 m2 p a1 -> eqmem m2 m1 p a1.
-
-Axiom havoc_access :
- forall {a:Type} {a_WT:WhyType a},
- forall (m0:addr -> a) (m1:addr -> a), forall (q:addr) (p:addr),
- forall (a1:Numbers.BinNums.Z),
- (separated q 1%Z p a1 -> ((havoc m0 m1 p a1 q) = (m1 q))) /\
- (~ separated q 1%Z p a1 -> ((havoc m0 m1 p a1 q) = (m0 q))).
-
-Parameter cinits: (addr -> Init.Datatypes.bool) -> Prop.
-
-(* Why3 assumption *)
-Definition is_init_range (m:addr -> Init.Datatypes.bool) (p:addr)
- (l:Numbers.BinNums.Z) : Prop :=
- forall (i:Numbers.BinNums.Z), (0%Z <= i)%Z /\ (i < l)%Z ->
- ((m (shift p i)) = Init.Datatypes.true).
-
-Parameter set_init:
- (addr -> Init.Datatypes.bool) -> addr -> Numbers.BinNums.Z ->
- addr -> Init.Datatypes.bool.
-
-Axiom set_init_access :
- forall (m:addr -> Init.Datatypes.bool), forall (q:addr) (p:addr),
- forall (a:Numbers.BinNums.Z),
- (separated q 1%Z p a -> ((set_init m p a q) = (m q))) /\
- (~ separated q 1%Z p a -> ((set_init m p a q) = Init.Datatypes.true)).
-
-(* Why3 assumption *)
-Definition monotonic_init (m1:addr -> Init.Datatypes.bool)
- (m2:addr -> Init.Datatypes.bool) : Prop :=
- forall (p:addr), ((m1 p) = Init.Datatypes.true) ->
- ((m2 p) = Init.Datatypes.true).
-
-Parameter int_of_addr: addr -> Numbers.BinNums.Z.
-
-Parameter addr_of_int: Numbers.BinNums.Z -> addr.
-
-Axiom table : Type.
-Parameter table_WhyType : WhyType table.
-Existing Instance table_WhyType.
-
-Parameter table_of_base: Numbers.BinNums.Z -> table.
-
-Parameter table_to_offset: table -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom table_to_offset_zero :
- forall (t:table), ((table_to_offset t 0%Z) = 0%Z).
-
-Axiom table_to_offset_monotonic :
- forall (t:table), forall (o1:Numbers.BinNums.Z) (o2:Numbers.BinNums.Z),
- (o1 <= o2)%Z <-> ((table_to_offset t o1) <= (table_to_offset t o2))%Z.
-
-Axiom int_of_addr_bijection :
- forall (a:Numbers.BinNums.Z), ((int_of_addr (addr_of_int a)) = a).
-
-Axiom addr_of_int_bijection :
- forall (p:addr), ((addr_of_int (int_of_addr p)) = p).
-
-Axiom addr_of_null : ((int_of_addr null) = 0%Z).
-
-(* Why3 assumption *)
-Inductive P_reachable: (Numbers.BinNums.Z -> Numbers.BinNums.Z) ->
- (addr -> addr) -> addr -> addr -> Prop :=
- | Q_root_reachable :
- forall (Malloc:Numbers.BinNums.Z -> Numbers.BinNums.Z)
- (Mptr:addr -> addr) (root:addr),
- P_reachable Malloc Mptr root root
- | Q_next_reachable :
- forall (Malloc:Numbers.BinNums.Z -> Numbers.BinNums.Z)
- (Mptr:addr -> addr) (root:addr) (node:addr),
- valid_rw Malloc root 2%Z ->
- P_reachable Malloc Mptr (Mptr (shift root 1%Z)) node ->
- P_reachable Malloc Mptr root node.
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (t:Numbers.BinNums.Z -> Numbers.BinNums.Z) (t1:addr -> addr)
- (a:addr) (a1:addr),
- P_reachable t t1 a a1 ->
- (a1 = a) \/ valid_rw t a 2%Z /\ P_reachable t t1 (t1 (shift a 1%Z)) a1.
-Proof.
- intros M1 M2 p q H.
- destruct H.
- - left ; auto.
- - right ; split ; assumption.
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.res.oracle
deleted file mode 100644
index 729cc633cdf7126b1edaa8d8028e4f1636a236f7..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/inductive.res.oracle
+++ /dev/null
@@ -1,13 +0,0 @@
-# frama-c -wp -wp-timeout 240 [...]
-[kernel] Parsing inductive.c (with preprocessing)
-[wp] Running WP plugin...
-[wp] 2 goals scheduled
-[wp] [Coq] Goal typed_lemma_offset : Valid
-[wp] [Coq] Goal typed_lemma_test : Valid
-[wp] Proved goals: 2 / 2
- Qed: 0
- Coq: 2
-------------------------------------------------------------
- Axiomatics WP Alt-Ergo Total Success
- Lemma - - 2 100%
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_assigns_part2.v b/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_assigns_part2.v
deleted file mode 100644
index 26de73e48cb71891bc87851d3e2f2b02333a3753..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_assigns_part2.v
+++ /dev/null
@@ -1,559 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.FromInt.
-Require map.Map.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-(* Why3 assumption *)
-Inductive addr :=
- | addr'mk : Numbers.BinNums.Z -> Numbers.BinNums.Z -> addr.
-Axiom addr_WhyType : WhyType addr.
-Existing Instance addr_WhyType.
-
-(* Why3 assumption *)
-Definition offset (v:addr) : Numbers.BinNums.Z :=
- match v with
- | addr'mk x x1 => x1
- end.
-
-(* Why3 assumption *)
-Definition base (v:addr) : Numbers.BinNums.Z :=
- match v with
- | addr'mk x x1 => x
- end.
-
-Parameter addr_le: addr -> addr -> Prop.
-
-Parameter addr_lt: addr -> addr -> Prop.
-
-Parameter addr_le_bool: addr -> addr -> Init.Datatypes.bool.
-
-Parameter addr_lt_bool: addr -> addr -> Init.Datatypes.bool.
-
-Axiom addr_le_def :
- forall (p:addr) (q:addr), ((base p) = (base q)) ->
- addr_le p q <-> ((offset p) <= (offset q))%Z.
-
-Axiom addr_lt_def :
- forall (p:addr) (q:addr), ((base p) = (base q)) ->
- addr_lt p q <-> ((offset p) < (offset q))%Z.
-
-Axiom addr_le_bool_def :
- forall (p:addr) (q:addr),
- addr_le p q <-> ((addr_le_bool p q) = Init.Datatypes.true).
-
-Axiom addr_lt_bool_def :
- forall (p:addr) (q:addr),
- addr_lt p q <-> ((addr_lt_bool p q) = Init.Datatypes.true).
-
-(* Why3 assumption *)
-Definition null : addr := addr'mk 0%Z 0%Z.
-
-(* Why3 assumption *)
-Definition global (b:Numbers.BinNums.Z) : addr := addr'mk b 0%Z.
-
-(* Why3 assumption *)
-Definition shift (p:addr) (k:Numbers.BinNums.Z) : addr :=
- addr'mk (base p) ((offset p) + k)%Z.
-
-(* Why3 assumption *)
-Definition included (p:addr) (a:Numbers.BinNums.Z) (q:addr)
- (b:Numbers.BinNums.Z) : Prop :=
- (0%Z < a)%Z ->
- (0%Z <= b)%Z /\
- ((base p) = (base q)) /\
- ((offset q) <= (offset p))%Z /\
- (((offset p) + a)%Z <= ((offset q) + b)%Z)%Z.
-
-(* Why3 assumption *)
-Definition separated (p:addr) (a:Numbers.BinNums.Z) (q:addr)
- (b:Numbers.BinNums.Z) : Prop :=
- (a <= 0%Z)%Z \/
- (b <= 0%Z)%Z \/
- ~ ((base p) = (base q)) \/
- (((offset q) + b)%Z <= (offset p))%Z \/
- (((offset p) + a)%Z <= (offset q))%Z.
-
-(* Why3 assumption *)
-Definition eqmem {a:Type} {a_WT:WhyType a} (m1:addr -> a) (m2:addr -> a)
- (p:addr) (a1:Numbers.BinNums.Z) : Prop :=
- forall (q:addr), included q 1%Z p a1 -> ((m1 q) = (m2 q)).
-
-Parameter havoc:
- forall {a:Type} {a_WT:WhyType a}, (addr -> a) -> (addr -> a) -> addr ->
- Numbers.BinNums.Z -> addr -> a.
-
-(* Why3 assumption *)
-Definition valid_rw (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- (0%Z < (base p))%Z /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (m (base p)))%Z.
-
-(* Why3 assumption *)
-Definition valid_rd (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- ~ (0%Z = (base p)) /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (m (base p)))%Z.
-
-(* Why3 assumption *)
-Definition valid_obj (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (0%Z < n)%Z ->
- (p = null) \/
- ~ (0%Z = (base p)) /\
- (0%Z <= (offset p))%Z /\ (((offset p) + n)%Z <= (1%Z + (m (base p)))%Z)%Z.
-
-(* Why3 assumption *)
-Definition invalid (m:Numbers.BinNums.Z -> Numbers.BinNums.Z) (p:addr)
- (n:Numbers.BinNums.Z) : Prop :=
- (n <= 0%Z)%Z \/
- ((base p) = 0%Z) \/
- ((m (base p)) <= (offset p))%Z \/ (((offset p) + n)%Z <= 0%Z)%Z.
-
-Axiom valid_rw_rd :
- forall (m:Numbers.BinNums.Z -> Numbers.BinNums.Z), forall (p:addr),
- forall (n:Numbers.BinNums.Z), valid_rw m p n -> valid_rd m p n.
-
-Axiom valid_string :
- forall (m:Numbers.BinNums.Z -> Numbers.BinNums.Z), forall (p:addr),
- ((base p) < 0%Z)%Z ->
- (0%Z <= (offset p))%Z /\ ((offset p) < (m (base p)))%Z ->
- valid_rd m p 1%Z /\ ~ valid_rw m p 1%Z.
-
-Axiom separated_1 :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (i:Numbers.BinNums.Z)
- (j:Numbers.BinNums.Z),
- separated p a q b -> ((offset p) <= i)%Z /\ (i < ((offset p) + a)%Z)%Z ->
- ((offset q) <= j)%Z /\ (j < ((offset q) + b)%Z)%Z ->
- ~ ((addr'mk (base p) i) = (addr'mk (base q) j)).
-
-Parameter region: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter linked: (Numbers.BinNums.Z -> Numbers.BinNums.Z) -> Prop.
-
-Parameter sconst: (addr -> Numbers.BinNums.Z) -> Prop.
-
-(* Why3 assumption *)
-Definition framed (m:addr -> addr) : Prop :=
- forall (p:addr), ((region (base p)) <= 0%Z)%Z ->
- ((region (base (m p))) <= 0%Z)%Z.
-
-Axiom separated_included :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z), (0%Z < a)%Z ->
- (0%Z < b)%Z -> separated p a q b -> ~ included p a q b.
-
-Axiom included_trans :
- forall (p:addr) (q:addr) (r:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (c:Numbers.BinNums.Z),
- included p a q b -> included q b r c -> included p a r c.
-
-Axiom separated_trans :
- forall (p:addr) (q:addr) (r:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (c:Numbers.BinNums.Z),
- included p a q b -> separated q b r c -> separated p a r c.
-
-Axiom separated_sym :
- forall (p:addr) (q:addr),
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z),
- separated p a q b <-> separated q b p a.
-
-Axiom eqmem_included :
- forall {a:Type} {a_WT:WhyType a},
- forall (m1:addr -> a) (m2:addr -> a), forall (p:addr) (q:addr),
- forall (a1:Numbers.BinNums.Z) (b:Numbers.BinNums.Z), included p a1 q b ->
- eqmem m1 m2 q b -> eqmem m1 m2 p a1.
-
-Axiom eqmem_sym :
- forall {a:Type} {a_WT:WhyType a},
- forall (m1:addr -> a) (m2:addr -> a), forall (p:addr),
- forall (a1:Numbers.BinNums.Z), eqmem m1 m2 p a1 -> eqmem m2 m1 p a1.
-
-Axiom havoc_access :
- forall {a:Type} {a_WT:WhyType a},
- forall (m0:addr -> a) (m1:addr -> a), forall (q:addr) (p:addr),
- forall (a1:Numbers.BinNums.Z),
- (separated q 1%Z p a1 -> ((havoc m0 m1 p a1 q) = (m1 q))) /\
- (~ separated q 1%Z p a1 -> ((havoc m0 m1 p a1 q) = (m0 q))).
-
-Parameter cinits: (addr -> Init.Datatypes.bool) -> Prop.
-
-(* Why3 assumption *)
-Definition is_init_range (m:addr -> Init.Datatypes.bool) (p:addr)
- (l:Numbers.BinNums.Z) : Prop :=
- forall (i:Numbers.BinNums.Z), (0%Z <= i)%Z /\ (i < l)%Z ->
- ((m (shift p i)) = Init.Datatypes.true).
-
-Parameter set_init:
- (addr -> Init.Datatypes.bool) -> addr -> Numbers.BinNums.Z ->
- addr -> Init.Datatypes.bool.
-
-Axiom set_init_access :
- forall (m:addr -> Init.Datatypes.bool), forall (q:addr) (p:addr),
- forall (a:Numbers.BinNums.Z),
- (separated q 1%Z p a -> ((set_init m p a q) = (m q))) /\
- (~ separated q 1%Z p a -> ((set_init m p a q) = Init.Datatypes.true)).
-
-(* Why3 assumption *)
-Definition monotonic_init (m1:addr -> Init.Datatypes.bool)
- (m2:addr -> Init.Datatypes.bool) : Prop :=
- forall (p:addr), ((m1 p) = Init.Datatypes.true) ->
- ((m2 p) = Init.Datatypes.true).
-
-Parameter int_of_addr: addr -> Numbers.BinNums.Z.
-
-Parameter addr_of_int: Numbers.BinNums.Z -> addr.
-
-Axiom table : Type.
-Parameter table_WhyType : WhyType table.
-Existing Instance table_WhyType.
-
-Parameter table_of_base: Numbers.BinNums.Z -> table.
-
-Parameter table_to_offset: table -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom table_to_offset_zero :
- forall (t:table), ((table_to_offset t 0%Z) = 0%Z).
-
-Axiom table_to_offset_monotonic :
- forall (t:table), forall (o1:Numbers.BinNums.Z) (o2:Numbers.BinNums.Z),
- (o1 <= o2)%Z <-> ((table_to_offset t o1) <= (table_to_offset t o2))%Z.
-
-Axiom int_of_addr_bijection :
- forall (a:Numbers.BinNums.Z), ((int_of_addr (addr_of_int a)) = a).
-
-Axiom addr_of_int_bijection :
- forall (p:addr), ((addr_of_int (int_of_addr p)) = p).
-
-Axiom addr_of_null : ((int_of_addr null) = 0%Z).
-
-(* Why3 assumption *)
-Definition is_bool (x:Numbers.BinNums.Z) : Prop := (x = 0%Z) \/ (x = 1%Z).
-
-(* Why3 assumption *)
-Definition is_uint8 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 256%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint8 (x:Numbers.BinNums.Z) : Prop :=
- ((-128%Z)%Z <= x)%Z /\ (x < 128%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint16 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 65536%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint16 (x:Numbers.BinNums.Z) : Prop :=
- ((-32768%Z)%Z <= x)%Z /\ (x < 32768%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint32 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 4294967296%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint32 (x:Numbers.BinNums.Z) : Prop :=
- ((-2147483648%Z)%Z <= x)%Z /\ (x < 2147483648%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint64 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 18446744073709551616%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint64 (x:Numbers.BinNums.Z) : Prop :=
- ((-9223372036854775808%Z)%Z <= x)%Z /\ (x < 9223372036854775808%Z)%Z.
-
-Axiom is_bool0 : is_bool 0%Z.
-
-Axiom is_bool1 : is_bool 1%Z.
-
-Parameter to_bool: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom to_bool'def :
- forall (x:Numbers.BinNums.Z),
- ((x = 0%Z) -> ((to_bool x) = 0%Z)) /\ (~ (x = 0%Z) -> ((to_bool x) = 1%Z)).
-
-Parameter to_uint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter two_power_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom two_power_abs_is_positive :
- forall (n:Numbers.BinNums.Z), (0%Z < (two_power_abs n))%Z.
-
-Axiom two_power_abs_plus_pos :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- (0%Z <= m)%Z ->
- ((two_power_abs (n + m)%Z) = ((two_power_abs n) * (two_power_abs m))%Z).
-
-Axiom two_power_abs_plus_one :
- forall (n:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- ((two_power_abs (n + 1%Z)%Z) = (2%Z * (two_power_abs n))%Z).
-
-(* Why3 assumption *)
-Definition is_uint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-(* Why3 assumption *)
-Definition is_sint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- ((-(two_power_abs n))%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-Parameter to_uint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom is_to_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n (to_uint n x).
-
-Axiom is_to_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_sint n (to_sint n x).
-
-Axiom is_to_uint8 : forall (x:Numbers.BinNums.Z), is_uint8 (to_uint8 x).
-
-Axiom is_to_sint8 : forall (x:Numbers.BinNums.Z), is_sint8 (to_sint8 x).
-
-Axiom is_to_uint16 : forall (x:Numbers.BinNums.Z), is_uint16 (to_uint16 x).
-
-Axiom is_to_sint16 : forall (x:Numbers.BinNums.Z), is_sint16 (to_sint16 x).
-
-Axiom is_to_uint32 : forall (x:Numbers.BinNums.Z), is_uint32 (to_uint32 x).
-
-Axiom is_to_sint32 : forall (x:Numbers.BinNums.Z), is_sint32 (to_sint32 x).
-
-Axiom is_to_uint64 : forall (x:Numbers.BinNums.Z), is_uint64 (to_uint64 x).
-
-Axiom is_to_sint64 : forall (x:Numbers.BinNums.Z), is_sint64 (to_sint64 x).
-
-Axiom id_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_uint n x <-> ((to_uint n x) = x).
-
-Axiom id_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_sint n x <-> ((to_sint n x) = x).
-
-Axiom id_uint8 :
- forall (x:Numbers.BinNums.Z), is_uint8 x -> ((to_uint8 x) = x).
-
-Axiom id_sint8 :
- forall (x:Numbers.BinNums.Z), is_sint8 x -> ((to_sint8 x) = x).
-
-Axiom id_uint16 :
- forall (x:Numbers.BinNums.Z), is_uint16 x -> ((to_uint16 x) = x).
-
-Axiom id_sint16 :
- forall (x:Numbers.BinNums.Z), is_sint16 x -> ((to_sint16 x) = x).
-
-Axiom id_uint32 :
- forall (x:Numbers.BinNums.Z), is_uint32 x -> ((to_uint32 x) = x).
-
-Axiom id_sint32 :
- forall (x:Numbers.BinNums.Z), is_sint32 x -> ((to_sint32 x) = x).
-
-Axiom id_uint64 :
- forall (x:Numbers.BinNums.Z), is_uint64 x -> ((to_uint64 x) = x).
-
-Axiom id_sint64 :
- forall (x:Numbers.BinNums.Z), is_sint64 x -> ((to_sint64 x) = x).
-
-Axiom proj_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_uint n (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_sint n x)) = (to_sint n x)).
-
-Axiom proj_uint8 :
- forall (x:Numbers.BinNums.Z), ((to_uint8 (to_uint8 x)) = (to_uint8 x)).
-
-Axiom proj_sint8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_sint8 x)) = (to_sint8 x)).
-
-Axiom proj_uint16 :
- forall (x:Numbers.BinNums.Z), ((to_uint16 (to_uint16 x)) = (to_uint16 x)).
-
-Axiom proj_sint16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_sint16 x)) = (to_sint16 x)).
-
-Axiom proj_uint32 :
- forall (x:Numbers.BinNums.Z), ((to_uint32 (to_uint32 x)) = (to_uint32 x)).
-
-Axiom proj_sint32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_sint32 x)) = (to_sint32 x)).
-
-Axiom proj_uint64 :
- forall (x:Numbers.BinNums.Z), ((to_uint64 (to_uint64 x)) = (to_uint64 x)).
-
-Axiom proj_sint64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_sint64 x)) = (to_sint64 x)).
-
-Axiom proj_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_uint n x)) = (to_uint n x)).
-
-Axiom incl_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n x ->
- is_sint n x.
-
-Axiom proj_su_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint (m + n)%Z (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_su_sint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint n (to_uint (m + (n + 1%Z)%Z)%Z x)) = (to_sint n x)).
-
-Axiom proj_int8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_uint8 x)) = (to_sint8 x)).
-
-Axiom proj_int16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_uint16 x)) = (to_sint16 x)).
-
-Axiom proj_int32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_uint32 x)) = (to_sint32 x)).
-
-Axiom proj_int64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_uint64 x)) = (to_sint64 x)).
-
-Axiom proj_us_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_uint (n + 1%Z)%Z (to_sint (m + n)%Z x)) = (to_uint (n + 1%Z)%Z x)).
-
-Axiom incl_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_uint (n + i)%Z x.
-
-Axiom incl_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_sint n x -> is_sint (n + i)%Z x.
-
-Axiom incl_int :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_sint (n + i)%Z x.
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (t:Numbers.BinNums.Z -> Numbers.BinNums.Z) (a:addr)
- (i:Numbers.BinNums.Z) (i1:Numbers.BinNums.Z),
- let a1 := shift a i in
- (0%Z <= i1)%Z -> (i <= i1)%Z -> (0%Z <= i)%Z -> (i < i1)%Z ->
- ((region (base a)) <= 0%Z)%Z -> ((to_uint32 (1%Z + i)%Z) <= i1)%Z ->
- linked t -> is_uint32 i1 -> is_uint32 i -> ~ invalid t a1 1%Z ->
- included a1 1%Z (shift a 0%Z) i1.
-Proof.
- Require Import Psatz.
-
- intros.
- unfold included.
- unfold base, offset, shift in * ; simpl in *.
- lia.
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_invariant_established.v b/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_invariant_established.v
deleted file mode 100644
index c4516805f0d993d85149abfe2fccb798174300a4..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_invariant_established.v
+++ /dev/null
@@ -1,322 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.FromInt.
-Require map.Map.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-(* Why3 assumption *)
-Definition is_bool (x:Numbers.BinNums.Z) : Prop := (x = 0%Z) \/ (x = 1%Z).
-
-(* Why3 assumption *)
-Definition is_uint8 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 256%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint8 (x:Numbers.BinNums.Z) : Prop :=
- ((-128%Z)%Z <= x)%Z /\ (x < 128%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint16 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 65536%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint16 (x:Numbers.BinNums.Z) : Prop :=
- ((-32768%Z)%Z <= x)%Z /\ (x < 32768%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint32 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 4294967296%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint32 (x:Numbers.BinNums.Z) : Prop :=
- ((-2147483648%Z)%Z <= x)%Z /\ (x < 2147483648%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint64 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 18446744073709551616%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint64 (x:Numbers.BinNums.Z) : Prop :=
- ((-9223372036854775808%Z)%Z <= x)%Z /\ (x < 9223372036854775808%Z)%Z.
-
-Axiom is_bool0 : is_bool 0%Z.
-
-Axiom is_bool1 : is_bool 1%Z.
-
-Parameter to_bool: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom to_bool'def :
- forall (x:Numbers.BinNums.Z),
- ((x = 0%Z) -> ((to_bool x) = 0%Z)) /\ (~ (x = 0%Z) -> ((to_bool x) = 1%Z)).
-
-Parameter to_uint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter two_power_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom two_power_abs_is_positive :
- forall (n:Numbers.BinNums.Z), (0%Z < (two_power_abs n))%Z.
-
-Axiom two_power_abs_plus_pos :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- (0%Z <= m)%Z ->
- ((two_power_abs (n + m)%Z) = ((two_power_abs n) * (two_power_abs m))%Z).
-
-Axiom two_power_abs_plus_one :
- forall (n:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- ((two_power_abs (n + 1%Z)%Z) = (2%Z * (two_power_abs n))%Z).
-
-(* Why3 assumption *)
-Definition is_uint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-(* Why3 assumption *)
-Definition is_sint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- ((-(two_power_abs n))%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-Parameter to_uint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom is_to_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n (to_uint n x).
-
-Axiom is_to_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_sint n (to_sint n x).
-
-Axiom is_to_uint8 : forall (x:Numbers.BinNums.Z), is_uint8 (to_uint8 x).
-
-Axiom is_to_sint8 : forall (x:Numbers.BinNums.Z), is_sint8 (to_sint8 x).
-
-Axiom is_to_uint16 : forall (x:Numbers.BinNums.Z), is_uint16 (to_uint16 x).
-
-Axiom is_to_sint16 : forall (x:Numbers.BinNums.Z), is_sint16 (to_sint16 x).
-
-Axiom is_to_uint32 : forall (x:Numbers.BinNums.Z), is_uint32 (to_uint32 x).
-
-Axiom is_to_sint32 : forall (x:Numbers.BinNums.Z), is_sint32 (to_sint32 x).
-
-Axiom is_to_uint64 : forall (x:Numbers.BinNums.Z), is_uint64 (to_uint64 x).
-
-Axiom is_to_sint64 : forall (x:Numbers.BinNums.Z), is_sint64 (to_sint64 x).
-
-Axiom id_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_uint n x <-> ((to_uint n x) = x).
-
-Axiom id_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_sint n x <-> ((to_sint n x) = x).
-
-Axiom id_uint8 :
- forall (x:Numbers.BinNums.Z), is_uint8 x -> ((to_uint8 x) = x).
-
-Axiom id_sint8 :
- forall (x:Numbers.BinNums.Z), is_sint8 x -> ((to_sint8 x) = x).
-
-Axiom id_uint16 :
- forall (x:Numbers.BinNums.Z), is_uint16 x -> ((to_uint16 x) = x).
-
-Axiom id_sint16 :
- forall (x:Numbers.BinNums.Z), is_sint16 x -> ((to_sint16 x) = x).
-
-Axiom id_uint32 :
- forall (x:Numbers.BinNums.Z), is_uint32 x -> ((to_uint32 x) = x).
-
-Axiom id_sint32 :
- forall (x:Numbers.BinNums.Z), is_sint32 x -> ((to_sint32 x) = x).
-
-Axiom id_uint64 :
- forall (x:Numbers.BinNums.Z), is_uint64 x -> ((to_uint64 x) = x).
-
-Axiom id_sint64 :
- forall (x:Numbers.BinNums.Z), is_sint64 x -> ((to_sint64 x) = x).
-
-Axiom proj_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_uint n (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_sint n x)) = (to_sint n x)).
-
-Axiom proj_uint8 :
- forall (x:Numbers.BinNums.Z), ((to_uint8 (to_uint8 x)) = (to_uint8 x)).
-
-Axiom proj_sint8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_sint8 x)) = (to_sint8 x)).
-
-Axiom proj_uint16 :
- forall (x:Numbers.BinNums.Z), ((to_uint16 (to_uint16 x)) = (to_uint16 x)).
-
-Axiom proj_sint16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_sint16 x)) = (to_sint16 x)).
-
-Axiom proj_uint32 :
- forall (x:Numbers.BinNums.Z), ((to_uint32 (to_uint32 x)) = (to_uint32 x)).
-
-Axiom proj_sint32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_sint32 x)) = (to_sint32 x)).
-
-Axiom proj_uint64 :
- forall (x:Numbers.BinNums.Z), ((to_uint64 (to_uint64 x)) = (to_uint64 x)).
-
-Axiom proj_sint64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_sint64 x)) = (to_sint64 x)).
-
-Axiom proj_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_uint n x)) = (to_uint n x)).
-
-Axiom incl_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n x ->
- is_sint n x.
-
-Axiom proj_su_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint (m + n)%Z (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_su_sint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint n (to_uint (m + (n + 1%Z)%Z)%Z x)) = (to_sint n x)).
-
-Axiom proj_int8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_uint8 x)) = (to_sint8 x)).
-
-Axiom proj_int16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_uint16 x)) = (to_sint16 x)).
-
-Axiom proj_int32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_uint32 x)) = (to_sint32 x)).
-
-Axiom proj_int64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_uint64 x)) = (to_sint64 x)).
-
-Axiom proj_us_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_uint (n + 1%Z)%Z (to_sint (m + n)%Z x)) = (to_uint (n + 1%Z)%Z x)).
-
-Axiom incl_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_uint (n + i)%Z x.
-
-Axiom incl_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_sint n x -> is_sint (n + i)%Z x.
-
-Axiom incl_int :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_sint (n + i)%Z x.
-
-(* Why3 goal *)
-Theorem wp_goal : forall (i:Numbers.BinNums.Z), is_uint32 i -> (0%Z <= i)%Z.
-Proof.
- Require Import Psatz.
- intros ; unfold is_uint32 in * ; lia.
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_invariant_preserved.v b/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_invariant_preserved.v
deleted file mode 100644
index de105f5f2d24a160997d9315d2fdf86d8052df7f..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.0.session/interactive/copy_loop_invariant_preserved.v
+++ /dev/null
@@ -1,329 +0,0 @@
-(* This file is generated by Why3's Coq driver *)
-(* Beware! Only edit allowed sections below *)
-Require Import BuiltIn.
-Require BuiltIn.
-Require HighOrd.
-Require bool.Bool.
-Require int.Int.
-Require int.Abs.
-Require int.ComputerDivision.
-Require real.Real.
-Require real.RealInfix.
-Require real.FromInt.
-Require map.Map.
-
-Parameter eqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom eqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.true) <-> (x = y).
-
-Axiom eqb_false :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((eqb x y) = Init.Datatypes.false) <-> ~ (x = y).
-
-Parameter neqb:
- forall {a:Type} {a_WT:WhyType a}, a -> a -> Init.Datatypes.bool.
-
-Axiom neqb1 :
- forall {a:Type} {a_WT:WhyType a},
- forall (x:a) (y:a), ((neqb x y) = Init.Datatypes.true) <-> ~ (x = y).
-
-Parameter zlt: Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Parameter zleq:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Init.Datatypes.bool.
-
-Axiom zlt1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zlt x y) = Init.Datatypes.true) <-> (x < y)%Z.
-
-Axiom zleq1 :
- forall (x:Numbers.BinNums.Z) (y:Numbers.BinNums.Z),
- ((zleq x y) = Init.Datatypes.true) <-> (x <= y)%Z.
-
-Parameter rlt:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Parameter rleq:
- Reals.Rdefinitions.R -> Reals.Rdefinitions.R -> Init.Datatypes.bool.
-
-Axiom rlt1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rlt x y) = Init.Datatypes.true) <-> (x < y)%R.
-
-Axiom rleq1 :
- forall (x:Reals.Rdefinitions.R) (y:Reals.Rdefinitions.R),
- ((rleq x y) = Init.Datatypes.true) <-> (x <= y)%R.
-
-(* Why3 assumption *)
-Definition real_of_int (x:Numbers.BinNums.Z) : Reals.Rdefinitions.R :=
- BuiltIn.IZR x.
-
-Axiom c_euclidian :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z), ~ (d = 0%Z) ->
- (n = (((ZArith.BinInt.Z.quot n d) * d)%Z + (ZArith.BinInt.Z.rem n d))%Z).
-
-Axiom cmod_remainder :
- forall (n:Numbers.BinNums.Z) (d:Numbers.BinNums.Z),
- ((0%Z <= n)%Z -> (0%Z < d)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) < d)%Z) /\
- ((n <= 0%Z)%Z -> (0%Z < d)%Z ->
- ((-d)%Z < (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z) /\
- ((0%Z <= n)%Z -> (d < 0%Z)%Z ->
- (0%Z <= (ZArith.BinInt.Z.rem n d))%Z /\
- ((ZArith.BinInt.Z.rem n d) < (-d)%Z)%Z) /\
- ((n <= 0%Z)%Z -> (d < 0%Z)%Z ->
- (d < (ZArith.BinInt.Z.rem n d))%Z /\ ((ZArith.BinInt.Z.rem n d) <= 0%Z)%Z).
-
-Axiom cdiv_neutral :
- forall (a:Numbers.BinNums.Z), ((ZArith.BinInt.Z.quot a 1%Z) = a).
-
-Axiom cdiv_inv :
- forall (a:Numbers.BinNums.Z), ~ (a = 0%Z) ->
- ((ZArith.BinInt.Z.quot a a) = 1%Z).
-
-Axiom cdiv_closed_remainder :
- forall (a:Numbers.BinNums.Z) (b:Numbers.BinNums.Z) (n:Numbers.BinNums.Z),
- (0%Z <= a)%Z -> (0%Z <= b)%Z ->
- (0%Z <= (b - a)%Z)%Z /\ ((b - a)%Z < n)%Z ->
- ((ZArith.BinInt.Z.rem a n) = (ZArith.BinInt.Z.rem b n)) -> (a = b).
-
-(* Why3 assumption *)
-Definition is_bool (x:Numbers.BinNums.Z) : Prop := (x = 0%Z) \/ (x = 1%Z).
-
-(* Why3 assumption *)
-Definition is_uint8 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 256%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint8 (x:Numbers.BinNums.Z) : Prop :=
- ((-128%Z)%Z <= x)%Z /\ (x < 128%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint16 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 65536%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint16 (x:Numbers.BinNums.Z) : Prop :=
- ((-32768%Z)%Z <= x)%Z /\ (x < 32768%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint32 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 4294967296%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint32 (x:Numbers.BinNums.Z) : Prop :=
- ((-2147483648%Z)%Z <= x)%Z /\ (x < 2147483648%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_uint64 (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < 18446744073709551616%Z)%Z.
-
-(* Why3 assumption *)
-Definition is_sint64 (x:Numbers.BinNums.Z) : Prop :=
- ((-9223372036854775808%Z)%Z <= x)%Z /\ (x < 9223372036854775808%Z)%Z.
-
-Axiom is_bool0 : is_bool 0%Z.
-
-Axiom is_bool1 : is_bool 1%Z.
-
-Parameter to_bool: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom to_bool'def :
- forall (x:Numbers.BinNums.Z),
- ((x = 0%Z) -> ((to_bool x) = 0%Z)) /\ (~ (x = 0%Z) -> ((to_bool x) = 1%Z)).
-
-Parameter to_uint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint8: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint16: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint32: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_uint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint64: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter two_power_abs: Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom two_power_abs_is_positive :
- forall (n:Numbers.BinNums.Z), (0%Z < (two_power_abs n))%Z.
-
-Axiom two_power_abs_plus_pos :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- (0%Z <= m)%Z ->
- ((two_power_abs (n + m)%Z) = ((two_power_abs n) * (two_power_abs m))%Z).
-
-Axiom two_power_abs_plus_one :
- forall (n:Numbers.BinNums.Z), (0%Z <= n)%Z ->
- ((two_power_abs (n + 1%Z)%Z) = (2%Z * (two_power_abs n))%Z).
-
-(* Why3 assumption *)
-Definition is_uint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- (0%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-(* Why3 assumption *)
-Definition is_sint (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) : Prop :=
- ((-(two_power_abs n))%Z <= x)%Z /\ (x < (two_power_abs n))%Z.
-
-Parameter to_uint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Parameter to_sint:
- Numbers.BinNums.Z -> Numbers.BinNums.Z -> Numbers.BinNums.Z.
-
-Axiom is_to_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n (to_uint n x).
-
-Axiom is_to_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_sint n (to_sint n x).
-
-Axiom is_to_uint8 : forall (x:Numbers.BinNums.Z), is_uint8 (to_uint8 x).
-
-Axiom is_to_sint8 : forall (x:Numbers.BinNums.Z), is_sint8 (to_sint8 x).
-
-Axiom is_to_uint16 : forall (x:Numbers.BinNums.Z), is_uint16 (to_uint16 x).
-
-Axiom is_to_sint16 : forall (x:Numbers.BinNums.Z), is_sint16 (to_sint16 x).
-
-Axiom is_to_uint32 : forall (x:Numbers.BinNums.Z), is_uint32 (to_uint32 x).
-
-Axiom is_to_sint32 : forall (x:Numbers.BinNums.Z), is_sint32 (to_sint32 x).
-
-Axiom is_to_uint64 : forall (x:Numbers.BinNums.Z), is_uint64 (to_uint64 x).
-
-Axiom is_to_sint64 : forall (x:Numbers.BinNums.Z), is_sint64 (to_sint64 x).
-
-Axiom id_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_uint n x <-> ((to_uint n x) = x).
-
-Axiom id_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- is_sint n x <-> ((to_sint n x) = x).
-
-Axiom id_uint8 :
- forall (x:Numbers.BinNums.Z), is_uint8 x -> ((to_uint8 x) = x).
-
-Axiom id_sint8 :
- forall (x:Numbers.BinNums.Z), is_sint8 x -> ((to_sint8 x) = x).
-
-Axiom id_uint16 :
- forall (x:Numbers.BinNums.Z), is_uint16 x -> ((to_uint16 x) = x).
-
-Axiom id_sint16 :
- forall (x:Numbers.BinNums.Z), is_sint16 x -> ((to_sint16 x) = x).
-
-Axiom id_uint32 :
- forall (x:Numbers.BinNums.Z), is_uint32 x -> ((to_uint32 x) = x).
-
-Axiom id_sint32 :
- forall (x:Numbers.BinNums.Z), is_sint32 x -> ((to_sint32 x) = x).
-
-Axiom id_uint64 :
- forall (x:Numbers.BinNums.Z), is_uint64 x -> ((to_uint64 x) = x).
-
-Axiom id_sint64 :
- forall (x:Numbers.BinNums.Z), is_sint64 x -> ((to_sint64 x) = x).
-
-Axiom proj_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_uint n (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_sint n x)) = (to_sint n x)).
-
-Axiom proj_uint8 :
- forall (x:Numbers.BinNums.Z), ((to_uint8 (to_uint8 x)) = (to_uint8 x)).
-
-Axiom proj_sint8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_sint8 x)) = (to_sint8 x)).
-
-Axiom proj_uint16 :
- forall (x:Numbers.BinNums.Z), ((to_uint16 (to_uint16 x)) = (to_uint16 x)).
-
-Axiom proj_sint16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_sint16 x)) = (to_sint16 x)).
-
-Axiom proj_uint32 :
- forall (x:Numbers.BinNums.Z), ((to_uint32 (to_uint32 x)) = (to_uint32 x)).
-
-Axiom proj_sint32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_sint32 x)) = (to_sint32 x)).
-
-Axiom proj_uint64 :
- forall (x:Numbers.BinNums.Z), ((to_uint64 (to_uint64 x)) = (to_uint64 x)).
-
-Axiom proj_sint64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_sint64 x)) = (to_sint64 x)).
-
-Axiom proj_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- ((to_sint n (to_uint n x)) = (to_uint n x)).
-
-Axiom incl_su :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z), is_uint n x ->
- is_sint n x.
-
-Axiom proj_su_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint (m + n)%Z (to_uint n x)) = (to_uint n x)).
-
-Axiom proj_su_sint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_sint n (to_uint (m + (n + 1%Z)%Z)%Z x)) = (to_sint n x)).
-
-Axiom proj_int8 :
- forall (x:Numbers.BinNums.Z), ((to_sint8 (to_uint8 x)) = (to_sint8 x)).
-
-Axiom proj_int16 :
- forall (x:Numbers.BinNums.Z), ((to_sint16 (to_uint16 x)) = (to_sint16 x)).
-
-Axiom proj_int32 :
- forall (x:Numbers.BinNums.Z), ((to_sint32 (to_uint32 x)) = (to_sint32 x)).
-
-Axiom proj_int64 :
- forall (x:Numbers.BinNums.Z), ((to_sint64 (to_uint64 x)) = (to_sint64 x)).
-
-Axiom proj_us_uint :
- forall (n:Numbers.BinNums.Z) (m:Numbers.BinNums.Z) (x:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= m)%Z ->
- ((to_uint (n + 1%Z)%Z (to_sint (m + n)%Z x)) = (to_uint (n + 1%Z)%Z x)).
-
-Axiom incl_uint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_uint (n + i)%Z x.
-
-Axiom incl_sint :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_sint n x -> is_sint (n + i)%Z x.
-
-Axiom incl_int :
- forall (n:Numbers.BinNums.Z) (x:Numbers.BinNums.Z) (i:Numbers.BinNums.Z),
- (0%Z <= n)%Z -> (0%Z <= i)%Z -> is_uint n x -> is_sint (n + i)%Z x.
-
-(* Why3 goal *)
-Theorem wp_goal :
- forall (i:Numbers.BinNums.Z) (i1:Numbers.BinNums.Z), (0%Z <= i1)%Z ->
- (i <= i1)%Z -> (0%Z <= i)%Z -> (i < i1)%Z -> is_uint32 i1 -> is_uint32 i ->
- ((to_uint32 (1%Z + i)%Z) <= i1)%Z.
-Proof.
- Require Import Psatz.
- intros i n Ln Un Li Ui Hi Hn.
- unfold is_uint32 in * .
- assert (to_uint32 (1 + i) = 1 + i)%Z.
- apply id_uint32 ; unfold is_uint32 ; lia.
- rewrite H ; lia.
-Qed.
-
diff --git a/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.res.oracle b/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.res.oracle
deleted file mode 100644
index 2a778626650ec1c7914af47affa551156dde65b0..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/oracle_qualif/region_to_coq.res.oracle
+++ /dev/null
@@ -1,16 +0,0 @@
-# frama-c -wp [...]
-[kernel] Parsing region_to_coq.i (no preprocessing)
-[wp] Running WP plugin...
-[wp] Warning: Missing RTE guards
-[wp] 4 goals scheduled
-[wp] [Coq] Goal typed_copy_loop_invariant_preserved : Valid
-[wp] [Coq] Goal typed_copy_loop_invariant_established : Valid
-[wp] [Qed] Goal typed_copy_loop_assigns_part1 : Valid
-[wp] [Coq] Goal typed_copy_loop_assigns_part2 : Valid
-[wp] Proved goals: 4 / 4
- Qed: 1
- Coq: 3
-------------------------------------------------------------
- Functions WP Alt-Ergo Total Success
- copy 1 - 4 100%
-------------------------------------------------------------
diff --git a/src/plugins/wp/tests/wp_plugin/region_to_coq.i b/src/plugins/wp/tests/wp_plugin/region_to_coq.i
deleted file mode 100644
index dcf02f6108a07af270315c63f188ad500cffcb28..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/region_to_coq.i
+++ /dev/null
@@ -1,14 +0,0 @@
-/* run.config
- DONTRUN:
-*/
-/* run.config_qualif
- OPT: -wp-prover coq
-*/
-
-void copy(int* a, unsigned int n, int* b)
-{
- /*@ loop invariant 0 <= i <= n ;
- loop assigns i, b[0..n-1]; */
- for(unsigned int i = 0; i < n; ++i)
- b[i] = a[i];
-}
diff --git a/src/plugins/wp/tests/wp_plugin/region_to_coq.script b/src/plugins/wp/tests/wp_plugin/region_to_coq.script
deleted file mode 100644
index ec805f70b549129917db4df73cf1b8a5a297c2f2..0000000000000000000000000000000000000000
--- a/src/plugins/wp/tests/wp_plugin/region_to_coq.script
+++ /dev/null
@@ -1,36 +0,0 @@
-(* Generated by Frama-C WP *)
-
-Goal typed_copy_loop_assigns_part2.
-Hint *,b,copy,i,loop-assigns,part-1.
-Proof.
- intros.
- unfold included, shift_sint32.
- unfold base, offset, shift ; simpl.
- omega.
-Qed.
-
-Goal typed_copy_loop_invariant_established.
-Hint copy,established.
-Proof.
- unfold is_uint32 ; intros ; omega.
-Qed.
-
-Goal typed_copy_loop_invariant_preserved.
-Hint copy,preserved.
-Proof.
- intros i n Li Ui Ln _ Hi Hn.
- Require Import Lia.
- assert (Hi_1: (1+i <= n)%Z) by lia.
- unfold is_uint32, to_uint32.
- unfold to_range.
- rewrite Z.add_0_l.
- repeat rewrite Z.sub_0_r.
- unfold is_uint32 in Hi.
- assert (Bs: (1 + i = 4294967296)%Z \/ (1 + i < 4294967296)%Z) by lia.
- inversion_clear Bs as [ Eq | Lower ].
- - rewrite <- Eq.
- rewrite Z_mod_same ; lia.
- - rewrite Z.mod_small ; lia.
-Qed.
-
-