Theory "words"

Signature

Definitions

dimword_def

|- dimword (:α) = 2 ** dimindex (:α)

INT_MIN_def

|- INT_MIN (:α) = 2 ** (dimindex (:α) − 1)

UINT_MAX_def

|- UINT_MAX (:α) = dimword (:α) − 1

INT_MAX_def

|- INT_MAX (:α) = INT_MIN (:α) − 1

w2n_def

|- ∀w. w2n w = SUM (dimindex (:α)) (λi. SBIT (w ' i) i)

n2w_def

|- ∀n. n2w n = FCP i. BIT i n

w2w_def

|- ∀w. w2w w = n2w (w2n w)

sw2sw_def

|- ∀w. sw2sw w = n2w (SIGN_EXTEND (dimindex (:α)) (dimindex (:β)) (w2n w))

w2l_def

|- ∀b w. w2l b w = n2l b (w2n w)

l2w_def

|- ∀b l. l2w b l = n2w (l2n b l)

w2s_def

|- ∀b f w. w2s b f w = n2s b f (w2n w)

s2w_def

|- ∀b f s. s2w b f s = n2w (s2n b f s)

word_from_bin_list_def

|- word_from_bin_list = l2w 2

word_from_oct_list_def

|- word_from_oct_list = l2w 8

word_from_dec_list_def

|- word_from_dec_list = l2w 10

word_from_hex_list_def

|- word_from_hex_list = l2w 16

word_to_bin_list_def

|- word_to_bin_list = w2l 2

word_to_oct_list_def

|- word_to_oct_list = w2l 8

word_to_dec_list_def

|- word_to_dec_list = w2l 10

word_to_hex_list_def

|- word_to_hex_list = w2l 16

word_from_bin_string_def

|- word_from_bin_string = s2w 2 UNHEX

word_from_oct_string_def

|- word_from_oct_string = s2w 8 UNHEX

word_from_dec_string_def

|- word_from_dec_string = s2w 10 UNHEX

word_from_hex_string_def

|- word_from_hex_string = s2w 16 UNHEX

word_to_bin_string_def

|- word_to_bin_string = w2s 2 HEX

word_to_oct_string_def

|- word_to_oct_string = w2s 8 HEX

word_to_dec_string_def

|- word_to_dec_string = w2s 10 HEX

word_to_hex_string_def

|- word_to_hex_string = w2s 16 HEX

word_T_def

|- UINT_MAXw = n2w (UINT_MAX (:α))

word_L_def

|- INT_MINw = n2w (INT_MIN (:α))

word_H_def

|- INT_MAXw = n2w (INT_MAX (:α))

word_1comp_def

|- ∀w. ¬w = FCP i. ¬w ' i

word_and_def

|- ∀v w. v && w = FCP i. v ' i ∧ w ' i

word_or_def

|- ∀v w. v ‖ w = FCP i. v ' i ∨ w ' i

word_xor_def

|- ∀v w. v ⊕ w = FCP i. v ' i ⇎ w ' i

word_nand_def

|- ∀v w. v ~&& w = FCP i. ¬(v ' i ∧ w ' i)

word_nor_def

|- ∀v w. v ~|| w = FCP i. ¬(v ' i ∨ w ' i)

word_xnor_def

|- ∀v w. v ~?? w = FCP i. v ' i ⇔ w ' i

word_reduce_def

|- ∀f w.
     word_reduce f w =
     $FCP
       (K
          (let l = GENLIST (λi. w ' (dimindex (:α) − 1 − i)) (dimindex (:α))
           in
             FOLDL f (HD l) (TL l)))

word_compare_def

|- ∀a b. word_compare a b = if a = b then 1w else 0w

reduce_and_def

|- reduce_and = word_reduce $/\

reduce_or_def

|- reduce_or = word_reduce $\/

reduce_xor_def

|- reduce_xor = word_reduce (λx y. x ⇎ y)

reduce_nand_def

|- reduce_nand = word_reduce (λa b. ¬(a ∧ b))

reduce_nor_def

|- reduce_nor = word_reduce (λa b. ¬(a ∨ b))

reduce_xnor_def

|- reduce_xnor = word_reduce $<=>

word_lsb_def

|- ∀w. word_lsb w ⇔ w ' 0

word_msb_def

|- ∀w. word_msb w ⇔ w ' (dimindex (:α) − 1)

word_slice_def

|- ∀h l. h '' l = (λw. FCP i. l ≤ i ∧ i ≤ MIN h (dimindex (:α) − 1) ∧ w ' i)

word_bits_def

|- ∀h l. h -- l = (λw. FCP i. i + l ≤ MIN h (dimindex (:α) − 1) ∧ w ' (i + l))

word_signed_bits_def

|- ∀h l.
     h --- l =
     (λw.
        FCP i.
          l ≤ MIN h (dimindex (:α) − 1) ∧
          w ' (MIN (i + l) (MIN h (dimindex (:α) − 1))))

word_extract_def

|- ∀h l. h >< l = w2w o (h -- l)

word_bit_def

|- ∀b w. word_bit b w ⇔ b ≤ dimindex (:α) − 1 ∧ w ' b

word_reverse_def

|- ∀w. word_reverse w = FCP i. w ' (dimindex (:α) − 1 − i)

word_modify_def

|- ∀f w. word_modify f w = FCP i. f i (w ' i)

BIT_SET_tupled_primitive_def

|- BIT_SET_tupled =
   WFREC
     (@R.
        WF R ∧ (∀i n. n ≠ 0 ∧ ODD n ⇒ R (SUC i,n DIV 2) (i,n)) ∧
        ∀i n. n ≠ 0 ∧ ¬ODD n ⇒ R (SUC i,n DIV 2) (i,n))
     (λBIT_SET_tupled a.
        case a of
          (i,n) =>
            I
              (if n = 0 then ∅
               else if ODD n then i INSERT BIT_SET_tupled (SUC i,n DIV 2)
               else BIT_SET_tupled (SUC i,n DIV 2)))

BIT_SET_curried_def

|- ∀x x1. BIT_SET x x1 = BIT_SET_tupled (x,x1)

bit_field_insert_def

|- ∀h l a.
     bit_field_insert h l a =
     word_modify (λi. COND (l ≤ i ∧ i ≤ h) (a ' (i − l)))

word_sign_extend_def

|- ∀n w. word_sign_extend n w = n2w (SIGN_EXTEND n (dimindex (:α)) (w2n w))

word_len_def

|- ∀w. word_len w = dimindex (:α)

bit_count_upto_def

|- ∀n w. bit_count_upto n w = SUM n (λi. if w ' i then 1 else 0)

bit_count_def

|- ∀w. bit_count w = bit_count_upto (dimindex (:α)) w

word_2comp_def

|- ∀w. -w = n2w (dimword (:α) − w2n w)

word_add_def

|- ∀v w. v + w = n2w (w2n v + w2n w)

word_mul_def

|- ∀v w. v * w = n2w (w2n v * w2n w)

word_log2_def

|- ∀w. word_log2 w = n2w (LOG2 (w2n w))

add_with_carry_def

|- ∀x y carry_in.
     add_with_carry (x,y,carry_in) =
     (let unsigned_sum = w2n x + w2n y + if carry_in then 1 else 0 in
      let result = n2w unsigned_sum in
      let carry_out = w2n result ≠ unsigned_sum and
          overflow =
            (word_msb x ⇔ word_msb y) ∧ (word_msb x ⇎ word_msb result)
      in
        (result,carry_out,overflow))

word_sub_def

|- ∀v w. v − w = v + -w

word_div_def

|- ∀v w. v // w = n2w (w2n v DIV w2n w)

word_sdiv_def

|- ∀a b.
     a / b =
     if word_msb a then if word_msb b then -a // -b else -(-a // b)
     else if word_msb b then -(a // -b)
     else a // b

word_mod_def

|- ∀v w. word_mod v w = n2w (w2n v MOD w2n w)

word_srem_def

|- ∀a b.
     word_srem a b =
     if word_msb a then
       if word_msb b then -word_mod (-a) (-b) else -word_mod (-a) b
     else if word_msb b then word_mod a (-b)
     else word_mod a b

word_smod_def

|- ∀s t.
     word_smod s t =
     (let abs_s = if word_msb s then -s else s and
          abs_t = if word_msb t then -t else t
      in
      let u = word_mod abs_s abs_t
      in
        if u = 0w then u
        else if word_msb s then if word_msb t then -u else -u + t
        else if word_msb t then u + t
        else u)

word_L2_def

|- INT_MINw2 = INT_MINw * INT_MINw

nzcv_def

|- ∀a b.
     nzcv a b =
     (let q = w2n a + w2n (-b) in
      let r = n2w q
      in
        (word_msb r,r = 0w,BIT (dimindex (:α)) q ∨ (b = 0w),
         (word_msb a ⇎ word_msb b) ∧ (word_msb r ⇎ word_msb a)))

word_lt_def

|- ∀a b. a < b ⇔ (let (n,z,c,v) = nzcv a b in n ⇎ v)

word_gt_def

|- ∀a b. a > b ⇔ (let (n,z,c,v) = nzcv a b in ¬z ∧ (n ⇔ v))

word_le_def

|- ∀a b. a ≤ b ⇔ (let (n,z,c,v) = nzcv a b in z ∨ (n ⇎ v))

word_ge_def

|- ∀a b. a ≥ b ⇔ (let (n,z,c,v) = nzcv a b in n ⇔ v)

word_ls_def

|- ∀a b. a ≤₊ b ⇔ (let (n,z,c,v) = nzcv a b in ¬c ∨ z)

word_hi_def

|- ∀a b. a >₊ b ⇔ (let (n,z,c,v) = nzcv a b in c ∧ ¬z)

word_lo_def

|- ∀a b. a <₊ b ⇔ (let (n,z,c,v) = nzcv a b in ¬c)

word_hs_def

|- ∀a b. a ≥₊ b ⇔ (let (n,z,c,v) = nzcv a b in c)

word_min_def

|- ∀a b. word_min a b = if a <₊ b then a else b

word_max_def

|- ∀a b. word_max a b = if a <₊ b then b else a

word_smin_def

|- ∀a b. word_smin a b = if a < b then a else b

word_smax_def

|- ∀a b. word_smax a b = if a < b then b else a

word_abs_def

|- ∀w. word_abs w = if w < 0w then -w else w

word_lsl_def

|- ∀w n. w ≪ n = FCP i. i < dimindex (:α) ∧ n ≤ i ∧ w ' (i − n)

word_lsr_def

|- ∀w n. w ⋙ n = FCP i. i + n < dimindex (:α) ∧ w ' (i + n)

word_asr_def

|- ∀w n.
     w ≫ n = FCP i. if dimindex (:α) ≤ i + n then word_msb w else w ' (i + n)

word_ror_def

|- ∀w n. w ⇄ n = FCP i. w ' ((i + n) MOD dimindex (:α))

word_rol_def

|- ∀w n. w ⇆ n = w ⇄ (dimindex (:α) − n MOD dimindex (:α))

word_rrx_def

|- ∀c w.
     word_rrx (c,w) =
     (word_lsb w,FCP i. if i = dimindex (:α) − 1 then c else (w ⋙ 1) ' i)

word_lsl_bv_def

|- ∀w n. w <<~ n = w ≪ w2n n

word_lsr_bv_def

|- ∀w n. w >>>~ n = w ⋙ w2n n

word_asr_bv_def

|- ∀w n. w >>~ n = w ≫ w2n n

word_ror_bv_def

|- ∀w n. w #>>~ n = w ⇄ w2n n

word_rol_bv_def

|- ∀w n. w #<<~ n = w ⇆ w2n n

word_join_def

|- ∀v w.
     word_join v w =
     (let cv = w2w v and cw = w2w w in cv ≪ dimindex (:β) ‖ cw)

word_concat_def

|- ∀v w. v @@ w = w2w (word_join v w)

word_replicate_def

|- ∀n w.
     word_replicate n w =
     FCP i. i < n * dimindex (:α) ∧ w ' (i MOD dimindex (:α))

concat_word_list_def

|- (concat_word_list [] = 0w) ∧
   ∀h t. concat_word_list (h::t) = w2w h ‖ concat_word_list t ≪ dimindex (:α)

saturate_n2w_def

|- ∀n. saturate_n2w n = if dimword (:α) ≤ n then UINT_MAXw else n2w n

saturate_w2w_def

|- ∀w. saturate_w2w w = saturate_n2w (w2n w)

saturate_add_def

|- ∀a b. saturate_add a b = saturate_n2w (w2n a + w2n b)

saturate_sub_def

|- ∀a b. saturate_sub a b = n2w (w2n a − w2n b)

saturate_mul_def

|- ∀a b. saturate_mul a b = saturate_n2w (w2n a * w2n b)

n2w_itself_primitive_def

|- n2w_itself =
   WFREC (@R. WF R) (λn2w_itself a. case a of (n,v1) => I (n2w n))

Theorems

BIT_SET_ind

|- ∀P.
     (∀i n.
        (n ≠ 0 ∧ ODD n ⇒ P (SUC i) (n DIV 2)) ∧
        (n ≠ 0 ∧ ¬ODD n ⇒ P (SUC i) (n DIV 2)) ⇒
        P i n) ⇒
     ∀v v1. P v v1

BIT_SET_def

|- ∀n i.
     BIT_SET i n =
     if n = 0 then ∅
     else if ODD n then i INSERT BIT_SET (SUC i) (n DIV 2)
     else BIT_SET (SUC i) (n DIV 2)

ZERO_LT_dimword

|- 0 < dimword (:α)

dimword_IS_TWICE_INT_MIN

|- dimword (:α) = 2 * INT_MIN (:α)

dimword_sub_int_min

|- dimword (:α) − INT_MIN (:α) = INT_MIN (:α)

DIMINDEX_GT_0

|- 0 < dimindex (:α)

ONE_LT_dimword

|- 1 < dimword (:α)

EXISTS_HB

|- ∃m. dimindex (:α) = SUC m

MOD_DIMINDEX

|- ∀n. n MOD dimword (:α) = BITS (dimindex (:α) − 1) 0 n

BITS_ZEROL_DIMINDEX

|- ∀n. n < dimword (:α) ⇒ (BITS (dimindex (:α) − 1) 0 n = n)

MOD_2EXP_DIMINDEX

|- ∀n. n MOD dimword (:α) = MOD_2EXP (dimindex (:α)) n

INT_MIN_SUM

|- INT_MIN (:α + β) =
   if FINITE 𝕌(:α) ∧ FINITE 𝕌(:β) then dimword (:α) * INT_MIN (:β)
   else INT_MIN (:α + β)

ZERO_LT_INT_MIN

|- 0 < INT_MIN (:α)

ZERO_LT_INT_MAX

|- 1 < dimindex (:α) ⇒ 0 < INT_MAX (:α)

ZERO_LE_INT_MAX

|- 0 ≤ INT_MAX (:α)

ZERO_LT_UINT_MAX

|- 0 < UINT_MAX (:α)

INT_MIN_LT_DIMWORD

|- INT_MIN (:α) < dimword (:α)

INT_MAX_LT_DIMWORD

|- INT_MAX (:α) < dimword (:α)

dimindex_lt_dimword

|- dimindex (:α) < dimword (:α)

BOUND_ORDER

|- INT_MAX (:α) < INT_MIN (:α) ∧ INT_MIN (:α) ≤ UINT_MAX (:α) ∧
   UINT_MAX (:α) < dimword (:α)

dimindex_dimword_iso

|- (dimindex (:α) = dimindex (:β)) ⇔ (dimword (:α) = dimword (:β))

dimindex_dimword_le_iso

|- dimindex (:α) ≤ dimindex (:β) ⇔ dimword (:α) ≤ dimword (:β)

dimindex_dimword_lt_iso

|- dimindex (:α) < dimindex (:β) ⇔ dimword (:α) < dimword (:β)

dimindex_int_min_iso

|- (dimindex (:α) = dimindex (:β)) ⇔ (INT_MIN (:α) = INT_MIN (:β))

dimindex_int_min_le_iso

|- dimindex (:α) ≤ dimindex (:β) ⇔ INT_MIN (:α) ≤ INT_MIN (:β)

dimindex_int_min_lt_iso

|- dimindex (:α) < dimindex (:β) ⇔ INT_MIN (:α) < INT_MIN (:β)

dimindex_int_max_iso

|- (dimindex (:α) = dimindex (:β)) ⇔ (INT_MAX (:α) = INT_MAX (:β))

dimindex_int_max_le_iso

|- dimindex (:α) ≤ dimindex (:β) ⇔ INT_MAX (:α) ≤ INT_MAX (:β)

dimindex_int_max_lt_iso

|- dimindex (:α) < dimindex (:β) ⇔ INT_MAX (:α) < INT_MAX (:β)

dimindex_uint_max_iso

|- (dimindex (:α) = dimindex (:β)) ⇔ (UINT_MAX (:α) = UINT_MAX (:β))

dimindex_uint_max_le_iso

|- dimindex (:α) ≤ dimindex (:β) ⇔ UINT_MAX (:α) ≤ UINT_MAX (:β)

dimindex_uint_max_lt_iso

|- dimindex (:α) < dimindex (:β) ⇔ UINT_MAX (:α) < UINT_MAX (:β)

w2n_n2w

|- ∀n. w2n (n2w n) = n MOD dimword (:α)

n2w_w2n

|- ∀w. n2w (w2n w) = w

word_nchotomy

|- ∀w. ∃n. w = n2w n

n2w_mod

|- ∀n. n2w (n MOD dimword (:α)) = n2w n

n2w_11

|- ∀m n. (n2w m = n2w n) ⇔ (m MOD dimword (:α) = n MOD dimword (:α))

ranged_word_nchotomy

|- ∀w. ∃n. (w = n2w n) ∧ n < dimword (:α)

dimindex_1_cases

|- ∀a. (dimindex (:α) = 1) ⇒ (a = 0w) ∨ (a = 1w)

mod_dimindex

|- ∀n. n MOD dimindex (:α) < dimword (:α)

WORD_INDUCT

|- ∀P.
     P 0w ∧ (∀n. SUC n < dimword (:α) ⇒ P (n2w n) ⇒ P (n2w (SUC n))) ⇒ ∀x. P x

w2n_11

|- ∀v w. (w2n v = w2n w) ⇔ (v = w)

w2n_lt

|- ∀w. w2n w < dimword (:α)

word_0_n2w

|- w2n 0w = 0

word_1_n2w

|- w2n 1w = 1

w2n_eq_0

|- ∀w. (w2n w = 0) ⇔ (w = 0w)

n2w_dimword

|- n2w (dimword (:α)) = 0w

word_2comp_dimindex_1

|- ∀w. (dimindex (:α) = 1) ⇒ (-w = w)

word_add_n2w

|- ∀m n. n2w m + n2w n = n2w (m + n)

word_mul_n2w

|- ∀m n. n2w m * n2w n = n2w (m * n)

word_log2_n2w

|- ∀n. word_log2 (n2w n) = n2w (LOG2 (n MOD dimword (:α)))

word_1comp_n2w

|- ∀n. ¬n2w n = n2w (dimword (:α) − 1 − n MOD dimword (:α))

word_2comp_n2w

|- ∀n. -n2w n = n2w (dimword (:α) − n MOD dimword (:α))

word_lsb

|- word_lsb = word_bit 0

word_msb

|- word_msb = word_bit (dimindex (:α) − 1)

word_lsb_n2w

|- ∀n. word_lsb (n2w n) ⇔ ODD n

word_msb_n2w

|- ∀n. word_msb (n2w n) ⇔ BIT (dimindex (:α) − 1) n

word_msb_n2w_numeric

|- word_msb (n2w n) ⇔ INT_MIN (:α) ≤ n MOD dimword (:α)

word_and_n2w

|- ∀n m. n2w n && n2w m = n2w (BITWISE (dimindex (:α)) $/\ n m)

word_or_n2w

|- ∀n m. n2w n ‖ n2w m = n2w (BITWISE (dimindex (:α)) $\/ n m)

word_xor_n2w

|- ∀n m. n2w n ⊕ n2w m = n2w (BITWISE (dimindex (:α)) (λx y. x ⇎ y) n m)

word_nand_n2w

|- ∀n m. n2w n ~&& n2w m = n2w (BITWISE (dimindex (:α)) (λx y. ¬(x ∧ y)) n m)

word_nor_n2w

|- ∀n m. n2w n ~|| n2w m = n2w (BITWISE (dimindex (:α)) (λx y. ¬(x ∨ y)) n m)

word_xnor_n2w

|- ∀n m. n2w n ~?? n2w m = n2w (BITWISE (dimindex (:α)) $<=> n m)

l2w_w2l

|- ∀b w. 1 < b ⇒ (l2w b (w2l b w) = w)

w2l_l2w

|- ∀b l. w2l b (l2w b l) = n2l b (l2n b l MOD dimword (:α))

s2w_w2s

|- ∀c2n n2c b w.
     1 < b ∧ (∀x. x < b ⇒ (c2n (n2c x) = x)) ⇒ (s2w b c2n (w2s b n2c w) = w)

w2s_s2w

|- ∀b c2n n2c s.
     w2s b n2c (s2w b c2n s) = n2s b n2c (s2n b c2n s MOD dimword (:α))

NUMERAL_LESS_THM

|- (∀m n.
      m < NUMERAL (BIT1 n) ⇔
      (m = NUMERAL (BIT1 n) − 1) ∨ m < NUMERAL (BIT1 n) − 1) ∧
   ∀m n. m < NUMERAL (BIT2 n) ⇔ (m = NUMERAL (BIT1 n)) ∨ m < NUMERAL (BIT1 n)

word_bin_list

|- word_from_bin_list o word_to_bin_list = I

word_oct_list

|- word_from_oct_list o word_to_oct_list = I

word_dec_list

|- word_from_dec_list o word_to_dec_list = I

word_hex_list

|- word_from_hex_list o word_to_hex_list = I

word_bin_string

|- word_from_bin_string o word_to_bin_string = I

word_oct_string

|- word_from_oct_string o word_to_oct_string = I

word_dec_string

|- word_from_dec_string o word_to_dec_string = I

word_hex_string

|- word_from_hex_string o word_to_hex_string = I

word_0

|- ∀i. i < dimindex (:α) ⇒ ¬0w ' i

word_eq_0

|- ∀w. (w = 0w) ⇔ ∀i. i < dimindex (:α) ⇒ ¬w ' i

word_T

|- ∀i. i < dimindex (:α) ⇒ UINT_MAXw ' i

FCP_T_F

|- ($FCP (K T) = UINT_MAXw) ∧ ($FCP (K F) = 0w)

word_L

|- ∀n. n < dimindex (:α) ⇒ (INT_MINw ' n ⇔ (n = dimindex (:α) − 1))

word_H

|- ∀n. n < dimindex (:α) ⇒ (INT_MAXw ' n ⇔ n < dimindex (:α) − 1)

word_L2

|- INT_MINw2 = if 1 < dimindex (:α) then 0w else INT_MINw

WORD_NEG_1

|- -1w = UINT_MAXw

WORD_NEG_1_T

|- ∀i. i < dimindex (:α) ⇒ (-1w) ' i

WORD_MSB_1COMP

|- ∀w. word_msb (¬w) ⇔ ¬word_msb w

w2n_minus1

|- w2n (-1w) = dimword (:α) − 1

WORD_NOT_NOT

|- ∀a. ¬ ¬a = a

WORD_DE_MORGAN_THM

|- ∀a b. (¬(a && b) = ¬a ‖ ¬b) ∧ (¬(a ‖ b) = ¬a && ¬b)

WORD_NOT_XOR

|- ∀a b. (¬a ⊕ ¬b = a ⊕ b) ∧ (a ⊕ ¬b = ¬(a ⊕ b)) ∧ (¬a ⊕ b = ¬(a ⊕ b))

WORD_AND_CLAUSES

|- ∀a.
     (UINT_MAXw && a = a) ∧ (a && UINT_MAXw = a) ∧ (0w && a = 0w) ∧
     (a && 0w = 0w) ∧ (a && a = a)

WORD_OR_CLAUSES

|- ∀a.
     (UINT_MAXw ‖ a = UINT_MAXw) ∧ (a ‖ UINT_MAXw = UINT_MAXw) ∧
     (0w ‖ a = a) ∧ (a ‖ 0w = a) ∧ (a ‖ a = a)

WORD_XOR_CLAUSES

|- ∀a.
     (UINT_MAXw ⊕ a = ¬a) ∧ (a ⊕ UINT_MAXw = ¬a) ∧ (0w ⊕ a = a) ∧
     (a ⊕ 0w = a) ∧ (a ⊕ a = 0w)

WORD_AND_ASSOC

|- ∀a b c. (a && b) && c = a && b && c

WORD_OR_ASSOC

|- ∀a b c. (a ‖ b) ‖ c = a ‖ b ‖ c

WORD_XOR_ASSOC

|- ∀a b c. (a ⊕ b) ⊕ c = a ⊕ b ⊕ c

WORD_AND_COMM

|- ∀a b. a && b = b && a

WORD_OR_COMM

|- ∀a b. a ‖ b = b ‖ a

WORD_XOR_COMM

|- ∀a b. a ⊕ b = b ⊕ a

WORD_AND_IDEM

|- ∀a. a && a = a

WORD_OR_IDEM

|- ∀a. a ‖ a = a

WORD_AND_ABSORD

|- ∀a b. a ‖ a && b = a

WORD_OR_ABSORB

|- ∀a b. a && (a ‖ b) = a

WORD_AND_COMP

|- ∀a. a && ¬a = 0w

WORD_OR_COMP

|- ∀a. a ‖ ¬a = UINT_MAXw

WORD_XOR_COMP

|- ∀a. a ⊕ ¬a = UINT_MAXw

WORD_RIGHT_AND_OVER_OR

|- ∀a b c. (a ‖ b) && c = a && c ‖ b && c

WORD_RIGHT_OR_OVER_AND

|- ∀a b c. a && b ‖ c = (a ‖ c) && (b ‖ c)

WORD_RIGHT_AND_OVER_XOR

|- ∀a b c. (a ⊕ b) && c = a && c ⊕ b && c

WORD_LEFT_AND_OVER_OR

|- ∀a b c. a && (b ‖ c) = a && b ‖ a && c

WORD_LEFT_OR_OVER_AND

|- ∀a b c. a ‖ b && c = (a ‖ b) && (a ‖ c)

WORD_LEFT_AND_OVER_XOR

|- ∀a b c. a && (b ⊕ c) = a && b ⊕ a && c

WORD_XOR

|- ∀a b. a ⊕ b = a && ¬b ‖ b && ¬a

WORD_NAND_NOT_AND

|- ∀a b. a ~&& b = ¬(a && b)

WORD_NOR_NOT_OR

|- ∀a b. a ~|| b = ¬(a ‖ b)

WORD_XNOR_NOT_XOR

|- ∀a b. a ~?? b = ¬(a ⊕ b)

WORD_ADD_OR

|- ∀a b. (a && b = 0w) ⇒ (a + b = a ‖ b)

WORD_ADD_XOR

|- ∀a b. (a && b = 0w) ⇒ (a + b = a ⊕ b)

WORD_AND_EXP_SUB1

|- ∀m n. n2w n && n2w (2 ** m − 1) = n2w (n MOD 2 ** m)

w2w

|- ∀w i. i < dimindex (:β) ⇒ (w2w w ' i ⇔ i < dimindex (:α) ∧ w ' i)

sw2sw

|- ∀w i.
     i < dimindex (:β) ⇒
     (sw2sw w ' i ⇔
      if i < dimindex (:α) ∨ dimindex (:β) < dimindex (:α) then w ' i
      else word_msb w)

w2w_id

|- ∀w. w2w w = w

sw2sw_id

|- ∀w. sw2sw w = w

w2w_w2w

|- ∀w. w2w (w2w w) = w2w ((dimindex (:β) − 1 -- 0) w)

sw2sw_sw2sw

|- ∀w.
     sw2sw (sw2sw w) =
     if dimindex (:β) < dimindex (:α) ∧ dimindex (:β) < dimindex (:γ) then
       sw2sw (w2w w)
     else sw2sw w

sw2sw_w2w

|- ∀w. sw2sw w = (if word_msb w then -1w ≪ dimindex (:α) else 0w) ‖ w2w w

word_bit

|- ∀w b. b < dimindex (:α) ⇒ (w ' b ⇔ word_bit b w)

word_slice_n2w

|- ∀h l n. (h '' l) (n2w n) = n2w (SLICE (MIN h (dimindex (:α) − 1)) l n)

word_bits_n2w

|- ∀h l n. (h -- l) (n2w n) = n2w (BITS (MIN h (dimindex (:α) − 1)) l n)

word_bit_n2w

|- ∀b n. word_bit b (n2w n) ⇔ b ≤ dimindex (:α) − 1 ∧ BIT b n

word_signed_bits_n2w

|- ∀h l n.
     (h --- l) (n2w n) =
     n2w
       (SIGN_EXTEND (MIN (SUC h) (dimindex (:α)) − l) (dimindex (:α))
          (BITS (MIN h (dimindex (:α) − 1)) l n))

word_sign_extend_bits

|- ∀h l w.
     (h --- l) w =
     word_sign_extend (MIN (SUC h) (dimindex (:α)) − l) ((h -- l) w)

word_index_n2w

|- ∀n i.
     n2w n ' i ⇔
     if i < dimindex (:α) then BIT i n else FAIL $' index too large (n2w n) i

word_index

|- ∀n i. i < dimindex (:α) ⇒ (n2w n ' i ⇔ BIT i n)

word_bits_w2w

|- ∀w h l. (h -- l) (w2w w) = w2w ((MIN h (dimindex (:β) − 1) -- l) w)

word_reverse_n2w

|- ∀n. word_reverse (n2w n) = n2w (BIT_REVERSE (dimindex (:α)) n)

word_modify_n2w

|- ∀f n. word_modify f (n2w n) = n2w (BIT_MODIFY (dimindex (:α)) f n)

fcp_n2w

|- ∀f. $FCP f = word_modify (λi b. f i) 0w

w2n_w2w

|- ∀w.
     w2n (w2w w) =
     if dimindex (:α) ≤ dimindex (:β) then w2n w
     else w2n ((dimindex (:β) − 1 -- 0) w)

w2n_w2w_le

|- ∀w. w2n (w2w w) ≤ w2n w

w2w_lt

|- ∀w. w2n (w2w w) < dimword (:α)

w2w_n2w

|- ∀n.
     w2w (n2w n) =
     if dimindex (:β) ≤ dimindex (:α) then n2w n
     else n2w (BITS (dimindex (:α) − 1) 0 n)

w2w_0

|- w2w 0w = 0w

w2n_11_lift

|- ∀a b.
     dimindex (:α) ≤ dimindex (:γ) ∧ dimindex (:β) ≤ dimindex (:γ) ⇒
     ((w2n a = w2n b) ⇔ (w2w a = w2w b))

word_extract_n2w

|- (h >< l) (n2w n) =
   if dimindex (:β) ≤ dimindex (:α) then
     n2w (BITS (MIN h (dimindex (:α) − 1)) l n)
   else
     n2w (BITS (MIN (MIN h (dimindex (:α) − 1)) (dimindex (:α) − 1 + l)) l n)

n2w_BITS

|- ∀h l n. h < dimindex (:α) ⇒ (n2w (BITS h l n) = (h -- l) (n2w n))

word_extract_w2w

|- ∀w h l. dimindex (:α) ≤ dimindex (:β) ⇒ ((h >< l) (w2w w) = (h >< l) w)

WORD_w2w_EXTRACT

|- ∀w. w2w w = (dimindex (:α) − 1 >< 0) w

WORD_EQ

|- ∀v w. (∀x. x < dimindex (:α) ⇒ (word_bit x v ⇔ word_bit x w)) ⇔ (v = w)

BIT_UPDATE

|- ∀n x. n :+ x = word_modify (λi b. if i = n then x else b)

WORD_MODIFY_BIT

|- ∀f w i. i < dimindex (:α) ⇒ (word_modify f w ' i ⇔ f i (w ' i))

WORD_BIT_BITS

|- ∀b w. word_bit b w ⇔ ((b -- b) w = 1w)

WORD_BITS_COMP_THM

|- ∀h1 l1 h2 l2 w. (h2 -- l2) ((h1 -- l1) w) = (MIN h1 (h2 + l1) -- l2 + l1) w

WORD_BITS_EXTRACT

|- ∀h l w. (h -- l) w = (h >< l) w

WORD_BITS_LSR

|- ∀h l w n. (h -- l) w ⋙ n = (h -- l + n) w

WORD_BITS_ZERO

|- ∀h l w. h < l ⇒ ((h -- l) w = 0w)

WORD_BITS_ZERO2

|- ∀h l. (h -- l) 0w = 0w

WORD_BITS_ZERO3

|- ∀h l w. dimindex (:α) ≤ l ⇒ ((h -- l) w = 0w)

WORD_BITS_LT

|- ∀h l w. w2n ((h -- l) w) < 2 ** (SUC h − l)

WORD_EXTRACT_LT

|- ∀h l w. w2n ((h >< l) w) < 2 ** (SUC h − l)

WORD_EXTRACT_ZERO

|- ∀h l w. h < l ⇒ ((h >< l) w = 0w)

WORD_EXTRACT_ZERO2

|- ∀h l. (h >< l) 0w = 0w

WORD_EXTRACT_ZERO3

|- ∀h l w. dimindex (:α) ≤ l ⇒ ((h >< l) w = 0w)

WORD_SLICE_THM

|- ∀h l w. (h '' l) w = (h -- l) w ≪ l

WORD_SLICE_ZERO

|- ∀h l w. h < l ⇒ ((h '' l) w = 0w)

WORD_SLICE_ZERO2

|- ∀l h. (h '' l) 0w = 0w

WORD_SLICE_BITS_THM

|- ∀h w. (h '' 0) w = (h -- 0) w

WORD_BITS_SLICE_THM

|- ∀h l w. (h -- l) ((h '' l) w) = (h -- l) w

WORD_SLICE_COMP_THM

|- ∀h m' m l w.
     l ≤ m ∧ (m' = m + 1) ∧ m < h ⇒ ((h '' m') w ‖ (m '' l) w = (h '' l) w)

WORD_EXTRACT_COMP_THM

|- ∀w h l m n.
     (h >< l) ((m >< n) w) =
     (MIN m (MIN (h + n) (MIN (dimindex (:γ) − 1) (dimindex (:β) + n − 1))) ><
      l + n) w

WORD_EXTRACT_BITS_COMP

|- ∀n l k j h. (j >< k) ((h -- l) n) = (MIN h (j + l) >< k + l) n

WORD_ALL_BITS

|- ∀w h. dimindex (:α) − 1 ≤ h ⇒ ((h -- 0) w = w)

EXTRACT_ALL_BITS

|- ∀h w. dimindex (:α) − 1 ≤ h ⇒ ((h >< 0) w = w2w w)

WORD_BITS_MIN_HIGH

|- ∀w h l. dimindex (:α) − 1 < h ⇒ ((h -- l) w = (dimindex (:α) − 1 -- l) w)

WORD_EXTRACT_MIN_HIGH

|- (∀h l w.
      dimindex (:α) ≤ dimindex (:β) + l ∧ dimindex (:α) ≤ h ⇒
      ((h >< l) w = (dimindex (:α) − 1 >< l) w)) ∧
   ∀h l w.
     dimindex (:β) + l < dimindex (:α) ∧ dimindex (:β) + l ≤ h ⇒
     ((h >< l) w = (dimindex (:β) + l − 1 >< l) w)

CONCAT_EXTRACT

|- ∀h m l w.
     (h − m = dimindex (:β)) ∧ (m + 1 − l = dimindex (:γ)) ∧
     (h + 1 − l = dimindex (:δ)) ∧ dimindex (:β + γ) ≠ 1 ⇒
     ((h >< m + 1) w @@ (m >< l) w = (h >< l) w)

EXTRACT_CONCAT

|- ∀v w.
     FINITE 𝕌(:α) ∧ FINITE 𝕌(:β) ∧
     dimindex (:α) + dimindex (:β) ≤ dimindex (:γ) ⇒
     ((dimindex (:β) − 1 >< 0) (v @@ w) = w) ∧
     ((dimindex (:α) + dimindex (:β) − 1 >< dimindex (:β)) (v @@ w) = v)

EXTRACT_JOIN

|- ∀h m m' l s w.
     l ≤ m ∧ m' ≤ h ∧ (m' = m + 1) ∧ (s = m' − l) ⇒
     ((h >< m') w ≪ s ‖ (m >< l) w =
      (MIN h (MIN (dimindex (:β) + l − 1) (dimindex (:α) − 1)) >< l) w)

EXTRACT_JOIN_ADD

|- ∀h m m' l s w.
     l ≤ m ∧ m' ≤ h ∧ (m' = m + 1) ∧ (s = m' − l) ⇒
     ((h >< m') w ≪ s + (m >< l) w =
      (MIN h (MIN (dimindex (:β) + l − 1) (dimindex (:α) − 1)) >< l) w)

EXTEND_EXTRACT

|- ∀h l w. (dimindex (:γ) = h + 1 − l) ⇒ ((h >< l) w = w2w ((h >< l) w))

WORD_SLICE_OVER_BITWISE

|- (∀h l v w. (h '' l) v && (h '' l) w = (h '' l) (v && w)) ∧
   (∀h l v w. (h '' l) v ‖ (h '' l) w = (h '' l) (v ‖ w)) ∧
   ∀h l v w. (h '' l) v ⊕ (h '' l) w = (h '' l) (v ⊕ w)

WORD_BITS_OVER_BITWISE

|- (∀h l v w. (h -- l) v && (h -- l) w = (h -- l) (v && w)) ∧
   (∀h l v w. (h -- l) v ‖ (h -- l) w = (h -- l) (v ‖ w)) ∧
   ∀h l v w. (h -- l) v ⊕ (h -- l) w = (h -- l) (v ⊕ w)

WORD_w2w_OVER_BITWISE

|- (∀v w. w2w v && w2w w = w2w (v && w)) ∧
   (∀v w. w2w v ‖ w2w w = w2w (v ‖ w)) ∧ ∀v w. w2w v ⊕ w2w w = w2w (v ⊕ w)

WORD_EXTRACT_OVER_BITWISE

|- (∀h l v w. (h >< l) v && (h >< l) w = (h >< l) (v && w)) ∧
   (∀h l v w. (h >< l) v ‖ (h >< l) w = (h >< l) (v ‖ w)) ∧
   ∀h l v w. (h >< l) v ⊕ (h >< l) w = (h >< l) (v ⊕ w)

WORD_w2w_OVER_ADD

|- ∀a b. w2w (a + b) = (dimindex (:α) − 1 -- 0) (w2w a + w2w b)

WORD_w2w_OVER_MUL

|- ∀a b. w2w (a * b) = (dimindex (:α) − 1 -- 0) (w2w a * w2w b)

WORD_EXTRACT_OVER_ADD

|- ∀a b h.
     dimindex (:β) − 1 ≤ h ∧ dimindex (:β) ≤ dimindex (:α) ⇒
     ((h >< 0) (a + b) = (h >< 0) a + (h >< 0) b)

WORD_EXTRACT_OVER_MUL

|- ∀a b h.
     dimindex (:β) − 1 ≤ h ∧ dimindex (:β) ≤ dimindex (:α) ⇒
     ((h >< 0) (a * b) = (h >< 0) a * (h >< 0) b)

WORD_EXTRACT_OVER_ADD2

|- ∀a b h.
     h < dimindex (:α) ⇒
     ((h >< 0) ((h >< 0) a + (h >< 0) b) = (h >< 0) (a + b))

WORD_EXTRACT_OVER_MUL2

|- ∀a b h.
     h < dimindex (:α) ⇒
     ((h >< 0) ((h >< 0) a * (h >< 0) b) = (h >< 0) (a * b))

WORD_EXTRACT_ID

|- ∀w h. w2n w < 2 ** SUC h ⇒ ((h >< 0) w = w)

BIT_SET

|- ∀i n. BIT i n ⇔ i ∈ BIT_SET 0 n

WORD_LITERAL_AND

|- (∀n m.
      n2w n && n2w m = n2w (BITWISE (SUC (MIN (LOG2 n) (LOG2 m))) $/\ n m)) ∧
   (∀n m. n2w n && ¬n2w m = n2w (BITWISE (SUC (LOG2 n)) (λa b. a ∧ ¬b) n m)) ∧
   (∀n m. ¬n2w m && n2w n = n2w (BITWISE (SUC (LOG2 n)) (λa b. a ∧ ¬b) n m)) ∧
   ∀n m.
     ¬n2w n && ¬n2w m = ¬n2w (BITWISE (SUC (MAX (LOG2 n) (LOG2 m))) $\/ n m)

WORD_LITERAL_OR

|- (∀n m.
      n2w n ‖ n2w m = n2w (BITWISE (SUC (MAX (LOG2 n) (LOG2 m))) $\/ n m)) ∧
   (∀n m. n2w n ‖ ¬n2w m = ¬n2w (BITWISE (SUC (LOG2 m)) (λa b. a ∧ ¬b) m n)) ∧
   (∀n m. ¬n2w m ‖ n2w n = ¬n2w (BITWISE (SUC (LOG2 m)) (λa b. a ∧ ¬b) m n)) ∧
   ∀n m.
     ¬n2w n ‖ ¬n2w m = ¬n2w (BITWISE (SUC (MIN (LOG2 n) (LOG2 m))) $/\ n m)

WORD_LITERAL_XOR

|- ∀n m.
     n2w n ⊕ n2w m =
     n2w (BITWISE (SUC (MAX (LOG2 n) (LOG2 m))) (λx y. x ⇎ y) n m)

word_replicate_concat_word_list

|- ∀n w. word_replicate n w = concat_word_list (GENLIST (K w) n)

bit_field_insert

|- ∀h l a b.
     h < l + dimindex (:α) ⇒
     (bit_field_insert h l a b =
      (let mask = (h '' l) (-1w) in w2w a ≪ l && mask ‖ b && ¬mask))

word_join_index

|- ∀i a b.
     FINITE 𝕌(:α) ∧ FINITE 𝕌(:β) ∧ i < dimindex (:α + β) ⇒
     (word_join a b ' i ⇔
      if i < dimindex (:β) then b ' i else a ' (i − dimindex (:β)))

foldl_reduce_and

|- ∀w.
     reduce_and w =
     (let l =
            GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
              (dimindex (:α))
      in
        FOLDL $&& (HD l) (TL l))

foldl_reduce_or

|- ∀w.
     reduce_or w =
     (let l =
            GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
              (dimindex (:α))
      in
        FOLDL $|| (HD l) (TL l))

foldl_reduce_xor

|- ∀w.
     reduce_xor w =
     (let l =
            GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
              (dimindex (:α))
      in
        FOLDL $?? (HD l) (TL l))

foldl_reduce_nand

|- ∀w.
     reduce_nand w =
     (let l =
            GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
              (dimindex (:α))
      in
        FOLDL $~&& (HD l) (TL l))

foldl_reduce_nor

|- ∀w.
     reduce_nor w =
     (let l =
            GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
              (dimindex (:α))
      in
        FOLDL $~|| (HD l) (TL l))

foldl_reduce_xnor

|- ∀w.
     reduce_xnor w =
     (let l =
            GENLIST (λi. (let n = dimindex (:α) − 1 − i in (n >< n) w))
              (dimindex (:α))
      in
        FOLDL $~?? (HD l) (TL l))

LOG2_w2n_lt

|- ∀w. w ≠ 0w ⇒ LOG2 (w2n w) < dimindex (:α)

LOG2_w2n

|- ∀w.
     w ≠ 0w ⇒
     (LOG2 (w2n w) = dimindex (:α) − 1 − LEAST i. w ' (dimindex (:α) − 1 − i))

LEAST_BIT_LT

|- ∀w. w ≠ 0w ⇒ (LEAST i. w ' i) < dimindex (:α)

word_reduce_n2w

|- ∀n f.
     word_reduce f (n2w n) =
     $FCP (K (let l = BOOLIFY (dimindex (:α)) n [] in FOLDL f (HD l) (TL l)))

NOT_UINTMAXw

|- ∀w. w ≠ UINT_MAXw ⇒ ∃i. i < dimindex (:α) ∧ ¬w ' i

NOT_0w

|- ∀w. w ≠ 0w ⇒ ∃i. i < dimindex (:α) ∧ w ' i

reduce_and

|- ∀w. reduce_and w = if w = UINT_MAXw then 1w else 0w

reduce_or

|- ∀w. reduce_or w = if w = 0w then 0w else 1w

WORD_ADD_0

|- (∀w. w + 0w = w) ∧ ∀w. 0w + w = w

WORD_ADD_ASSOC

|- ∀v w x. v + (w + x) = v + w + x

WORD_MULT_ASSOC

|- ∀v w x. v * (w * x) = v * w * x

WORD_ADD_COMM

|- ∀v w. v + w = w + v

WORD_MULT_COMM

|- ∀v w. v * w = w * v

WORD_MULT_CLAUSES

|- ∀v w.
     (0w * v = 0w) ∧ (v * 0w = 0w) ∧ (1w * v = v) ∧ (v * 1w = v) ∧
     ((v + 1w) * w = v * w + w) ∧ (v * (w + 1w) = v + v * w)

WORD_LEFT_ADD_DISTRIB

|- ∀v w x. v * (w + x) = v * w + v * x

WORD_RIGHT_ADD_DISTRIB

|- ∀v w x. (v + w) * x = v * x + w * x

WORD_ADD_SUB_ASSOC

|- ∀v w x. v + w − x = v + (w − x)

WORD_ADD_SUB_SYM

|- ∀v w x. v + w − x = v − x + w

WORD_ADD_LINV

|- ∀w. -w + w = 0w

WORD_ADD_RINV

|- ∀w. w + -w = 0w

WORD_SUB_REFL

|- ∀w. w − w = 0w

WORD_SUB_ADD2

|- ∀v w. v + (w − v) = w

WORD_ADD_SUB

|- ∀v w. v + w − w = v

WORD_SUB_ADD

|- ∀v w. v − w + w = v

WORD_ADD_EQ_SUB

|- ∀v w x. (v + w = x) ⇔ (v = x − w)

WORD_ADD_INV_0_EQ

|- ∀v w. (v + w = v) ⇔ (w = 0w)

WORD_EQ_ADD_LCANCEL

|- ∀v w x. (v + w = v + x) ⇔ (w = x)

WORD_EQ_ADD_RCANCEL

|- ∀v w x. (v + w = x + w) ⇔ (v = x)

WORD_NEG

|- ∀w. -w = ¬w + 1w

WORD_NOT

|- ∀w. ¬w = -w − 1w

WORD_NEG_0

|- -0w = 0w

WORD_NEG_ADD

|- ∀v w. -(v + w) = -v + -w

WORD_NEG_NEG

|- ∀w. - -w = w

WORD_SUB_LNEG

|- ∀v w. -v − w = -(v + w)

WORD_SUB_RNEG

|- ∀v w. v − -w = v + w

WORD_SUB_SUB

|- ∀v w x. v − (w − x) = v + x − w

WORD_SUB_SUB2

|- ∀v w. v − (v − w) = w

WORD_EQ_SUB_LADD

|- ∀v w x. (v = w − x) ⇔ (v + x = w)

WORD_EQ_SUB_RADD

|- ∀v w x. (v − w = x) ⇔ (v = x + w)

WORD_EQ_SUB_ZERO

|- ∀w v. (v − w = 0w) ⇔ (v = w)

WORD_LCANCEL_SUB

|- ∀v w x. (v − w = x − w) ⇔ (v = x)

WORD_RCANCEL_SUB

|- ∀v w x. (v − w = v − x) ⇔ (w = x)

WORD_SUB_PLUS

|- ∀v w x. v − (w + x) = v − w − x

WORD_SUB_LZERO

|- ∀w. 0w − w = -w

WORD_SUB_RZERO

|- ∀w. w − 0w = w

WORD_ADD_LID_UNIQ

|- ∀v w. (v + w = w) ⇔ (v = 0w)

WORD_ADD_RID_UNIQ

|- ∀v w. (v + w = v) ⇔ (w = 0w)

WORD_SUM_ZERO

|- ∀a b. (a + b = 0w) ⇔ (a = -b)

WORD_ADD_SUB2

|- ∀v w. w + v − w = v

WORD_ADD_SUB3

|- ∀v x. v − (v + x) = -x

WORD_SUB_SUB3

|- ∀w v. v − w − v = -w

WORD_EQ_NEG

|- ∀v w. (-v = -w) ⇔ (v = w)

WORD_NEG_EQ

|- ∀w v. (-v = w) ⇔ (v = -w)

WORD_NEG_EQ_0

|- (-v = 0w) ⇔ (v = 0w)

WORD_SUB

|- ∀v w. -w + v = v − w

WORD_SUB_NEG

|- ∀v w. -v − -w = w − v

WORD_NEG_SUB

|- ∀w v. -(v − w) = w − v

WORD_SUB_TRIANGLE

|- ∀v w x. v − w + (w − x) = v − x

WORD_NOT_0

|- ¬0w = UINT_MAXw

WORD_NOT_T

|- ¬UINT_MAXw = 0w

WORD_NEG_T

|- -UINT_MAXw = 1w

WORD_MULT_SUC

|- ∀v n. v * n2w (n + 1) = v * n2w n + v

WORD_NEG_LMUL

|- ∀v w. -(v * w) = -v * w

WORD_NEG_RMUL

|- ∀v w. -(v * w) = v * -w

WORD_NEG_MUL

|- ∀w. -w = -1w * w

sw2sw_w2w_add

|- ∀w. sw2sw w = (if word_msb w then -1w ≪ dimindex (:α) else 0w) + w2w w

WORD_ADD_BIT0

|- ∀a b. (a + b) ' 0 ⇔ (a ' 0 ⇎ b ' 0)

WORD_ADD_BIT

|- ∀n a b.
     n < dimindex (:α) ⇒
     ((a + b) ' n ⇔
      if n = 0 then a ' 0 ⇎ b ' 0
      else if ((n − 1 -- 0) a + (n − 1 -- 0) b) ' n then a ' n ⇔ b ' n
      else a ' n ⇎ b ' n)

WORD_LEFT_SUB_DISTRIB

|- ∀v w x. v * (w − x) = v * w − v * x

WORD_RIGHT_SUB_DISTRIB

|- ∀v w x. (w − x) * v = w * v − x * v

WORD_LITERAL_MULT

|- (∀m n. n2w m * -n2w n = -n2w (m * n)) ∧ ∀m n. -n2w m * -n2w n = n2w (m * n)

WORD_LITERAL_ADD

|- (∀m n. -n2w m + -n2w n = -n2w (m + n)) ∧
   ∀m n. n2w m + -n2w n = if n ≤ m then n2w (m − n) else -n2w (n − m)

WORD_SUB_INTRO

|- (∀x y. -y + x = x − y) ∧ (∀x y. x + -y = x − y) ∧
   (∀x y z. -x * y + z = z − x * y) ∧ (∀x y z. z + -x * y = z − x * y) ∧
   (∀x. -1w * x = -x) ∧ (∀x y z. z − -x * y = z + x * y) ∧
   ∀x y z. -x * y − z = -(x * y + z)

n2w_SUC

|- ∀n. n2w (SUC n) = n2w n + 1w

n2w_sub

|- ∀a b. b ≤ a ⇒ (n2w (a − b) = n2w a − n2w b)

n2w_sub_eq_0

|- ∀a b. a ≤ b ⇒ (n2w (a − b) = 0w)

WORD_H_WORD_L

|- INT_MAXw = INT_MINw − 1w

word_L_MULT

|- ∀n. n2w n * INT_MINw = if EVEN n then 0w else INT_MINw

ASR_ADD

|- ∀w m n. w ≫ m ≫ n = w ≫ (m + n)

LSR_ADD

|- ∀w m n. w ⋙ m ⋙ n = w ⋙ (m + n)

ROR_ADD

|- ∀w m n. w ⇄ m ⇄ n = w ⇄ (m + n)

LSL_ADD

|- ∀w m n. w ≪ m ≪ n = w ≪ (m + n)

ASR_LIMIT

|- ∀w n. dimindex (:α) ≤ n ⇒ (w ≫ n = if word_msb w then UINT_MAXw else 0w)

ASR_UINT_MAX

|- ∀n. UINT_MAXw ≫ n = UINT_MAXw

LSR_LIMIT

|- ∀w n. dimindex (:α) ≤ n ⇒ (w ⋙ n = 0w)

LSL_LIMIT

|- ∀w n. dimindex (:α) ≤ n ⇒ (w ≪ n = 0w)

ROR_CYCLE

|- ∀w n. w ⇄ (n * dimindex (:α)) = w

ROR_MOD

|- ∀w n. w ⇄ (n MOD dimindex (:α)) = w ⇄ n

ROL_MOD

|- ∀w n. w ⇆ (n MOD dimindex (:α)) = w ⇆ n

LSL_ONE

|- ∀w. w ≪ 1 = w + w

ROR_UINT_MAX

|- ∀n. UINT_MAXw ⇄ n = UINT_MAXw

ROR_ROL

|- ∀w n. (w ⇄ n ⇆ n = w) ∧ (w ⇆ n ⇄ n = w)

MOD_COMPLEMENT

|- ∀n q a.
     0 < n ∧ 0 < q ∧ a < q * n ⇒ ((q * n − a) MOD n = (n − a MOD n) MOD n)

ROL_ADD

|- ∀w m n. w ⇆ m ⇆ n = w ⇆ (m + n)

ZERO_SHIFT

|- (∀n. 0w ≪ n = 0w) ∧ (∀n. 0w ≫ n = 0w) ∧ (∀n. 0w ⋙ n = 0w) ∧
   (∀n. 0w ⇆ n = 0w) ∧ ∀n. 0w ⇄ n = 0w

SHIFT_ZERO

|- (∀a. a ≪ 0 = a) ∧ (∀a. a ≫ 0 = a) ∧ (∀a. a ⋙ 0 = a) ∧ (∀a. a ⇆ 0 = a) ∧
   ∀a. a ⇄ 0 = a

word_lsl_n2w

|- ∀n m. n2w m ≪ n = if dimindex (:α) − 1 < n then 0w else n2w (m * 2 ** n)

word_lsr_n2w

|- ∀w n. w ⋙ n = (dimindex (:α) − 1 -- n) w

LSL_UINT_MAX

|- ∀n. UINT_MAXw ≪ n = n2w (dimword (:α) − 2 ** n)

word_asr_n2w

|- ∀n w.
     w ≫ n =
     if word_msb w then
       n2w (dimword (:α) − 2 ** (dimindex (:α) − MIN n (dimindex (:α)))) ‖
       w ⋙ n
     else w ⋙ n

word_ror_n2w

|- ∀n a.
     n2w a ⇄ n =
     (let x = n MOD dimindex (:α)
      in
        n2w
          (BITS (dimindex (:α) − 1) x a +
           BITS (x − 1) 0 a * 2 ** (dimindex (:α) − x)))

word_rrx_n2w

|- ∀c a.
     word_rrx (c,n2w a) =
     (ODD a,n2w (BITS (dimindex (:α) − 1) 1 a + SBIT c (dimindex (:α) − 1)))

word_ror

|- ∀w n.
     w ⇄ n =
     (let x = n MOD dimindex (:α)
      in
        (dimindex (:α) − 1 -- x) w ‖ (x − 1 -- 0) w ≪ (dimindex (:α) − x))

word_asr

|- ∀w n.
     w ≫ n =
     if word_msb w then
       (dimindex (:α) − 1 '' dimindex (:α) − n) UINT_MAXw ‖ w ⋙ n
     else w ⋙ n

w2n_lsr

|- ∀w m. w2n (w ⋙ m) = w2n w DIV 2 ** m

WORD_MUL_LSL

|- ∀a n. a ≪ n = n2w (2 ** n) * a

WORD_ADD_LSL

|- ∀n a b. (a + b) ≪ n = a ≪ n + b ≪ n

WORD_DIV_LSR

|- ∀m n. n < dimindex (:α) ⇒ (m ⋙ n = m // n2w (2 ** n))

WORD_MOD_1

|- ∀m. word_mod m 1w = 0w

WORD_MOD_POW2

|- ∀m v. v < dimindex (:α) − 1 ⇒ (word_mod m (n2w (2 ** SUC v)) = (v -- 0) m)

SHIFT_1_SUB_1

|- ∀i n. i < dimindex (:α) ⇒ ((1w ≪ n − 1w) ' i ⇔ i < n)

LSR_BITWISE

|- (∀n v w. w ⋙ n && v ⋙ n = (w && v) ⋙ n) ∧
   (∀n v w. w ⋙ n ‖ v ⋙ n = (w ‖ v) ⋙ n) ∧ ∀n v w. w ⋙ n ⊕ v ⋙ n = (w ⊕ v) ⋙ n

LSL_BITWISE

|- (∀n v w. w ≪ n && v ≪ n = (w && v) ≪ n) ∧
   (∀n v w. w ≪ n ‖ v ≪ n = (w ‖ v) ≪ n) ∧ ∀n v w. w ≪ n ⊕ v ≪ n = (w ⊕ v) ≪ n

ROR_BITWISE

|- (∀n v w. w ⇄ n && v ⇄ n = (w && v) ⇄ n) ∧
   (∀n v w. w ⇄ n ‖ v ⇄ n = (w ‖ v) ⇄ n) ∧ ∀n v w. w ⇄ n ⊕ v ⇄ n = (w ⊕ v) ⇄ n

ROL_BITWISE

|- (∀n v w. w ⇆ n && v ⇆ n = (w && v) ⇆ n) ∧
   (∀n v w. w ⇆ n ‖ v ⇆ n = (w ‖ v) ⇆ n) ∧ ∀n v w. w ⇆ n ⊕ v ⇆ n = (w ⊕ v) ⇆ n

WORD_2COMP_LSL

|- ∀n a. -a ≪ n = -(a ≪ n)

w2w_LSL

|- ∀w n.
     w2w (w ≪ n) =
     if n < dimindex (:α) then w2w ((dimindex (:α) − 1 − n -- 0) w) ≪ n
     else 0w

n2w_DIV

|- ∀a n. a < dimword (:α) ⇒ (n2w (a DIV 2 ** n) = n2w a ⋙ n)

WORD_BITS_LSL

|- ∀h l n w.
     h < dimindex (:α) ⇒
     ((h -- l) (w ≪ n) = if n ≤ h then (h − n -- l − n) w ≪ (n − l) else 0w)

WORD_EXTRACT_LSL

|- ∀h l n w.
     h < dimindex (:α) ⇒
     ((h >< l) (w ≪ n) = if n ≤ h then (h − n >< l − n) w ≪ (n − l) else 0w)

WORD_EXTRACT_LSL2

|- ∀h l n w.
     dimindex (:β) + l ≤ h + n ⇒
     ((h >< l) w ≪ n = (dimindex (:β) + l − (n + 1) >< l) w ≪ n)

EXTRACT_JOIN_LSL

|- ∀h m m' l s n w.
     l ≤ m ∧ m' ≤ h ∧ (m' = m + 1) ∧ (s = m' − l + n) ⇒
     ((h >< m') w ≪ s ‖ (m >< l) w ≪ n =
      (MIN h (MIN (dimindex (:β) + l − 1) (dimindex (:α) − 1)) >< l) w ≪ n)

EXTRACT_JOIN_ADD_LSL

|- ∀h m m' l s n w.
     l ≤ m ∧ m' ≤ h ∧ (m' = m + 1) ∧ (s = m' − l + n) ⇒
     ((h >< m') w ≪ s + (m >< l) w ≪ n =
      (MIN h (MIN (dimindex (:β) + l − 1) (dimindex (:α) − 1)) >< l) w ≪ n)

word_extract_mask

|- ∀h l a. (h >< l) a = if l ≤ h then a ⋙ l && 2w ≪ (h − l) − 1w else 0w

word_shift_bv

|- (∀w n. n < dimword (:α) ⇒ (w ≪ n = w <<~ n2w n)) ∧
   (∀w n. n < dimword (:α) ⇒ (w ≫ n = w >>~ n2w n)) ∧
   (∀w n. n < dimword (:α) ⇒ (w ⋙ n = w >>>~ n2w n)) ∧
   (∀w n. w ⇄ n = w #>>~ n2w (n MOD dimindex (:α))) ∧
   ∀w n. w ⇆ n = w #<<~ n2w (n MOD dimindex (:α))

WORD_NEG_L

|- -INT_MINw = INT_MINw

word_L_MULT_NEG

|- ∀n. -n2w n * INT_MINw = if EVEN n then 0w else INT_MINw

word_L2_MULT

|- (INT_MINw2 * INT_MINw2 = INT_MINw2) ∧ (INT_MINw * INT_MINw2 = INT_MINw2) ∧
   (∀n. n2w n * INT_MINw2 = if EVEN n then 0w else INT_MINw2) ∧
   ∀n. -n2w n * INT_MINw2 = if EVEN n then 0w else INT_MINw2

TWO_COMP_NEG

|- ∀a.
     word_msb a ⇒
     if (dimindex (:α) − 1 = 0) ∨ (a = INT_MINw) then word_msb (-a)
     else ¬word_msb (-a)

TWO_COMP_POS_NEG

|- ∀a.
     ¬((dimindex (:α) − 1 = 0) ∨ (a = 0w) ∨ (a = INT_MINw)) ⇒
     (¬word_msb a ⇔ word_msb (-a))

WORD_0_POS

|- ¬word_msb 0w

TWO_COMP_POS

|- ∀a. ¬word_msb a ⇒ (a = 0w) ∨ word_msb (-a)

WORD_H_POS

|- ¬word_msb INT_MAXw

WORD_L_NEG

|- word_msb INT_MINw

WORD_GREATER

|- ∀a b. a > b ⇔ b < a

WORD_GREATER_EQ

|- ∀a b. a ≥ b ⇔ b ≤ a

WORD_NOT_LESS

|- ∀a b. ¬(a < b) ⇔ b ≤ a

WORD_LT

|- ∀a b.
     a < b ⇔
     (word_msb a ⇔ word_msb b) ∧ w2n a < w2n b ∨ word_msb a ∧ ¬word_msb b

WORD_GT

|- ∀a b.
     a > b ⇔
     (word_msb b ⇔ word_msb a) ∧ w2n a > w2n b ∨ word_msb b ∧ ¬word_msb a

WORD_LE

|- ∀a b.
     a ≤ b ⇔
     (word_msb a ⇔ word_msb b) ∧ w2n a ≤ w2n b ∨ word_msb a ∧ ¬word_msb b

WORD_GE

|- ∀a b.
     a ≥ b ⇔
     (word_msb b ⇔ word_msb a) ∧ w2n a ≥ w2n b ∨ word_msb b ∧ ¬word_msb a

WORD_LO

|- ∀a b. a <₊ b ⇔ w2n a < w2n b

WORD_LS

|- ∀a b. a ≤₊ b ⇔ w2n a ≤ w2n b

WORD_HI

|- ∀a b. a >₊ b ⇔ w2n a > w2n b

WORD_HS

|- ∀a b. a ≥₊ b ⇔ w2n a ≥ w2n b

WORD_NOT_LESS_EQUAL

|- ∀a b. ¬(a ≤ b) ⇔ b < a

WORD_LESS_OR_EQ

|- ∀a b. a ≤ b ⇔ a < b ∨ (a = b)

WORD_GREATER_OR_EQ

|- ∀a b. a ≥ b ⇔ a > b ∨ (a = b)

WORD_LESS_TRANS

|- ∀a b c. a < b ∧ b < c ⇒ a < c

WORD_LESS_EQ_TRANS

|- ∀a b c. a ≤ b ∧ b ≤ c ⇒ a ≤ c

WORD_LESS_EQ_LESS_TRANS

|- ∀a b c. a ≤ b ∧ b < c ⇒ a < c

WORD_LESS_LESS_EQ_TRANS

|- ∀a b c. a < b ∧ b ≤ c ⇒ a < c

WORD_LESS_EQ_CASES

|- ∀a b. a ≤ b ∨ b ≤ a

WORD_LESS_CASES

|- ∀a b. a < b ∨ b ≤ a

WORD_LESS_CASES_IMP

|- ∀a b. ¬(a < b) ∧ a ≠ b ⇒ b < a

WORD_LESS_ANTISYM

|- ∀a b. ¬(a < b ∧ b < a)

WORD_LESS_EQ_ANTISYM

|- ∀a b. ¬(a < b ∧ b ≤ a)

WORD_LESS_EQ_REFL

|- ∀a. a ≤ a

WORD_LESS_EQUAL_ANTISYM

|- ∀a b. a ≤ b ∧ b ≤ a ⇒ (a = b)

WORD_LESS_IMP_LESS_OR_EQ

|- ∀a b. a < b ⇒ a ≤ b

WORD_LESS_REFL

|- ∀a. ¬(a < a)

WORD_LESS_LESS_CASES

|- ∀a b. (a = b) ∨ a < b ∨ b < a

WORD_NOT_GREATER

|- ∀a b. ¬(a > b) ⇔ a ≤ b

WORD_LESS_NOT_EQ

|- ∀a b. a < b ⇒ a ≠ b

WORD_NOT_LESS_EQ

|- ∀a b. (a = b) ⇒ ¬(a < b)

WORD_HIGHER

|- ∀a b. a >₊ b ⇔ b <₊ a

WORD_HIGHER_EQ

|- ∀a b. a ≥₊ b ⇔ b ≤₊ a

WORD_NOT_LOWER

|- ∀a b. ¬(a <₊ b) ⇔ b ≤₊ a

WORD_NOT_LOWER_EQUAL

|- ∀a b. ¬(a ≤₊ b) ⇔ b <₊ a

WORD_LOWER_OR_EQ

|- ∀a b. a ≤₊ b ⇔ a <₊ b ∨ (a = b)

WORD_HIGHER_OR_EQ

|- ∀a b. a ≥₊ b ⇔ a >₊ b ∨ (a = b)

WORD_LOWER_TRANS

|- ∀a b c. a <₊ b ∧ b <₊ c ⇒ a <₊ c

WORD_LOWER_EQ_TRANS

|- ∀a b c. a ≤₊ b ∧ b ≤₊ c ⇒ a ≤₊ c

WORD_LOWER_EQ_LOWER_TRANS

|- ∀a b c. a ≤₊ b ∧ b <₊ c ⇒ a <₊ c

WORD_LOWER_LOWER_EQ_TRANS

|- ∀a b c. a <₊ b ∧ b ≤₊ c ⇒ a <₊ c

WORD_LOWER_EQ_CASES

|- ∀a b. a ≤₊ b ∨ b ≤₊ a

WORD_LOWER_CASES

|- ∀a b. a <₊ b ∨ b ≤₊ a

WORD_LOWER_CASES_IMP

|- ∀a b. ¬(a <₊ b) ∧ a ≠ b ⇒ b <₊ a

WORD_LOWER_ANTISYM

|- ∀a b. ¬(a <₊ b ∧ b <₊ a)

WORD_LOWER_EQ_ANTISYM

|- ∀a b. ¬(a <₊ b ∧ b ≤₊ a)

WORD_LOWER_EQ_REFL

|- ∀a. a ≤₊ a

WORD_LOWER_EQUAL_ANTISYM

|- ∀a b. a ≤₊ b ∧ b ≤₊ a ⇒ (a = b)

WORD_LOWER_IMP_LOWER_OR_EQ

|- ∀a b. a <₊ b ⇒ a ≤₊ b

WORD_LOWER_REFL

|- ∀a. ¬(a <₊ a)

WORD_LOWER_LOWER_CASES

|- ∀a b. (a = b) ∨ a <₊ b ∨ b <₊ a

WORD_NOT_HIGHER

|- ∀a b. ¬(a >₊ b) ⇔ a ≤₊ b

WORD_LOWER_NOT_EQ

|- ∀a b. a <₊ b ⇒ a ≠ b

WORD_NOT_LOWER_EQ

|- ∀a b. (a = b) ⇒ ¬(a <₊ b)

WORD_L_PLUS_H

|- INT_MINw + INT_MAXw = UINT_MAXw

WORD_L_LESS_EQ

|- ∀a. INT_MINw ≤ a

WORD_LESS_EQ_H

|- ∀a. a ≤ INT_MAXw

WORD_L_LESS_H

|- INT_MINw < INT_MAXw

NOT_INT_MIN_ZERO

|- INT_MINw ≠ 0w

ZERO_LO_INT_MIN

|- 0w <₊ INT_MINw

WORD_0_LS

|- ∀w. 0w ≤₊ w

WORD_LS_T

|- ∀w. w ≤₊ UINT_MAXw

WORD_ADD_LEFT_LO

|- ∀b c a.
     a + b <₊ c ⇔
     if b ≤₊ c then
       (let x = n2w (w2n c − w2n b) in a <₊ x ∨ b ≠ 0w ∧ -c + x ≤₊ a)
     else -b ≤₊ a ∧ a <₊ -b + c

WORD_ADD_LEFT_LS

|- ∀b c a.
     a + b ≤₊ c ⇔
     if b ≤₊ c then
       (let x = n2w (w2n c − w2n b) in a ≤₊ x ∨ b ≠ 0w ∧ -c + x ≤₊ a)
     else -b ≤₊ a ∧ a ≤₊ -b + c

WORD_ADD_RIGHT_LS

|- ∀c a b.
     a ≤₊ b + c ⇔
     if c ≤₊ a then
       (let x = n2w (w2n a − w2n c) in x ≤₊ b ∧ ((c = 0w) ∨ b <₊ -a + x))
     else b <₊ -c ∨ -c + a ≤₊ b

WORD_ADD_RIGHT_LO

|- ∀c a b.
     a <₊ b + c ⇔
     if c ≤₊ a then
       (let x = n2w (w2n a − w2n c) in x <₊ b ∧ ((c = 0w) ∨ b <₊ -a + x))
     else b <₊ -c ∨ -c + a <₊ b

WORD_MSB_INT_MIN_LS

|- ∀a. word_msb a ⇔ INT_MINw ≤₊ a

WORD_LT_LO

|- ∀a b.
     a < b ⇔
     INT_MINw ≤₊ a ∧ (b <₊ INT_MINw ∨ a <₊ b) ∨
     a <₊ INT_MINw ∧ b <₊ INT_MINw ∧ a <₊ b

WORD_LE_LS

|- ∀a b.
     a ≤ b ⇔
     INT_MINw ≤₊ a ∧ (b <₊ INT_MINw ∨ a ≤₊ b) ∨
     a <₊ INT_MINw ∧ b <₊ INT_MINw ∧ a ≤₊ b

WORD_LESS_NEG_LEFT

|- ∀a b. -a <₊ b ⇔ b ≠ 0w ∧ ((a = 0w) ∨ -b <₊ a)

WORD_LESS_NEG_RIGHT

|- ∀a b. a <₊ -b ⇔ b ≠ 0w ∧ ((a = 0w) ∨ b <₊ -a)

WORD_LS_word_0

|- ∀n. n ≤₊ 0w ⇔ (n = 0w)

WORD_LO_word_0

|- (∀n. 0w <₊ n ⇔ n ≠ 0w) ∧ ∀n. ¬(n <₊ 0w)

WORD_ADD_LEFT_LO2

|- ∀c a. c + a <₊ a ⇔ a ≠ 0w ∧ (c ≠ 0w ∧ -c <₊ a ∨ (a = -c))

WORD_ADD_LEFT_LS2

|- ∀c a. c + a ≤₊ a ⇔ (c = 0w) ∨ a ≠ 0w ∧ (-c <₊ a ∨ (a = -c))

WORD_ADD_RIGHT_LO2

|- ∀c a. a <₊ c + a ⇔ c ≠ 0w ∧ ((a = 0w) ∨ a <₊ -c)

WORD_ADD_RIGHT_LS2

|- ∀c a. a ≤₊ c + a ⇔ (a = 0w) ∨ (c = 0w) ∨ a <₊ -c

word_msb_neg

|- ∀w. word_msb w ⇔ w < 0w

word_abs

|- ∀w. word_abs w = FCP i. ¬word_msb w ∧ w ' i ∨ word_msb w ∧ (-w) ' i

word_abs_word_abs

|- ∀w. word_abs (word_abs w) = word_abs w

word_abs_neg

|- ∀w. word_abs (-w) = word_abs w

word_abs_diff

|- ∀a b. word_abs (a − b) = word_abs (b − a)

FST_ADD_WITH_CARRY

|- ((∀a b. FST (add_with_carry (a,b,F)) = a + b) ∧
    (∀a b. FST (add_with_carry (a,¬b,T)) = a − b) ∧
    ∀a b. FST (add_with_carry (¬a,b,T)) = b − a) ∧
   (∀n a. FST (add_with_carry (a,n2w n,T)) = a − ¬n2w n) ∧
   ∀n b. FST (add_with_carry (n2w n,b,T)) = b − ¬n2w n

ADD_WITH_CARRY_SUB

|- ∀x y.
     add_with_carry (x,¬y,T) =
     (x − y,y ≤₊ x,
      (word_msb x ⇎ word_msb y) ∧ (word_msb (x − y) ⇎ word_msb x))

word_eq_n2w

|- (∀m n. (n2w m = n2w n) ⇔ MOD_2EXP_EQ (dimindex (:α)) m n) ∧
   (∀n. (n2w n = -1w) ⇔ MOD_2EXP_MAX (dimindex (:α)) n) ∧
   ∀n. (-1w = n2w n) ⇔ MOD_2EXP_MAX (dimindex (:α)) n

word_lt_n2w

|- ∀a b.
     n2w a < n2w b ⇔
     (let sa = BIT (dimindex (:α) − 1) a and sb = BIT (dimindex (:α) − 1) b
      in
        (sa ⇔ sb) ∧ a MOD dimword (:α) < b MOD dimword (:α) ∨ sa ∧ ¬sb)

word_gt_n2w

|- ∀a b.
     n2w a > n2w b ⇔
     (let sa = BIT (dimindex (:α) − 1) a and sb = BIT (dimindex (:α) − 1) b
      in
        (sa ⇔ sb) ∧ a MOD dimword (:α) > b MOD dimword (:α) ∨ ¬sa ∧ sb)

word_le_n2w

|- ∀a b.
     n2w a ≤ n2w b ⇔
     (let sa = BIT (dimindex (:α) − 1) a and sb = BIT (dimindex (:α) − 1) b
      in
        (sa ⇔ sb) ∧ a MOD dimword (:α) ≤ b MOD dimword (:α) ∨ sa ∧ ¬sb)

word_ge_n2w

|- ∀a b.
     n2w a ≥ n2w b ⇔
     (let sa = BIT (dimindex (:α) − 1) a and sb = BIT (dimindex (:α) − 1) b
      in
        (sa ⇔ sb) ∧ a MOD dimword (:α) ≥ b MOD dimword (:α) ∨ ¬sa ∧ sb)

word_ls_n2w

|- ∀a b. n2w a ≤₊ n2w b ⇔ a MOD dimword (:α) ≤ b MOD dimword (:α)

word_hi_n2w

|- ∀a b. n2w a >₊ n2w b ⇔ a MOD dimword (:α) > b MOD dimword (:α)

word_lo_n2w

|- ∀a b. n2w a <₊ n2w b ⇔ a MOD dimword (:α) < b MOD dimword (:α)

word_hs_n2w

|- ∀a b. n2w a ≥₊ n2w b ⇔ a MOD dimword (:α) ≥ b MOD dimword (:α)

w2n_add

|- ∀a b. ¬word_msb a ∧ ¬word_msb b ⇒ (w2n (a + b) = w2n a + w2n b)

saturate_w2w_n2w

|- ∀n.
     saturate_w2w (n2w n) =
     (let m = n MOD dimword (:α)
      in
        if dimindex (:β) ≤ dimindex (:α) ∧ dimword (:β) ≤ m then UINT_MAXw
        else n2w m)

saturate_w2w

|- ∀w.
     saturate_w2w w =
     if dimindex (:β) ≤ dimindex (:α) ∧ w2w UINT_MAXw ≤₊ w then UINT_MAXw
     else w2w w

saturate_sub

|- ∀a b. saturate_sub a b = if a ≤₊ b then 0w else a − b

saturate_add

|- ∀a b. saturate_add a b = if UINT_MAXw − a ≤₊ b then UINT_MAXw else a + b

NOT_FINITE_IMP_dimword_2

|- INFINITE 𝕌(:α) ⇒ (dimword (:α) = 2)

saturate_mul

|- ∀a b.
     saturate_mul a b =
     if FINITE 𝕌(:α) ∧ w2w UINT_MAXw ≤₊ w2w a * w2w b then UINT_MAXw
     else a * b

WORD_DIVISION

|- ∀w. w ≠ 0w ⇒ ∀v. (v = v // w * w + word_mod v w) ∧ word_mod v w <₊ w

word_reverse_0

|- word_reverse 0w = 0w

word_reverse_word_T

|- word_reverse (-1w) = -1w

sw2sw_0

|- sw2sw 0w = 0w

sw2sw_word_T

|- sw2sw (-1w) = -1w

word_div_1

|- ∀v. v // 1w = v

word_bit_0

|- ∀h. ¬word_bit h 0w

word_lsb_word_T

|- word_lsb (-1w)

word_msb_word_T

|- word_msb (-1w)

word_bit_0_word_T

|- word_bit 0 (-1w)

word_log2_1

|- word_log2 1w = 0w

word_join_0

|- ∀a. word_join 0w a = w2w a

word_concat_0_0

|- 0w @@ 0w = 0w

w2w_eq_n2w

|- ∀x y.
     dimindex (:α) ≤ dimindex (:β) ∧ y < dimword (:α) ⇒
     ((w2w x = n2w y) ⇔ (x = n2w y))

word_extract_eq_n2w

|- ∀x h y.
     dimindex (:α) ≤ dimindex (:β) ∧ dimindex (:α) − 1 ≤ h ∧
     y < dimword (:α) ⇒
     (((h >< 0) x = n2w y) ⇔ (x = n2w y))

word_concat_0

|- ∀x. FINITE 𝕌(:α) ∧ x < dimword (:β) ⇒ (0w @@ n2w x = n2w x)

word_concat_0_eq

|- ∀x y.
     FINITE 𝕌(:α) ∧ dimindex (:β) ≤ dimindex (:γ) ∧ y < dimword (:β) ⇒
     ((0w @@ x = n2w y) ⇔ (x = n2w y))

word_join_word_T

|- word_join (-1w) (-1w) = -1w

word_concat_word_T

|- -1w @@ -1w = w2w (-1w)

lsr_1_word_T

|- -1w ⋙ 1 = INT_MAXw

word_rrx_0

|- (word_rrx (F,0w) = (F,0w)) ∧ (word_rrx (T,0w) = (F,INT_MINw))

word_rrx_word_T

|- (word_rrx (F,-1w) = (T,INT_MAXw)) ∧ (word_rrx (T,-1w) = (T,-1w))

word_T_not_zero

|- -1w ≠ 0w

WORD_LS_word_T

|- (∀n. -1w ≤₊ n ⇔ (n = -1w)) ∧ ∀n. n ≤₊ -1w

WORD_LO_word_T

|- (∀n. ¬(-1w <₊ n)) ∧ ∀n. n <₊ -1w ⇔ n ≠ -1w

WORD_LESS_0_word_T

|- ¬(0w < -1w) ∧ ¬(0w ≤ -1w) ∧ -1w < 0w ∧ -1w ≤ 0w

word_reverse_thm

|- ∀w v n.
     (word_reverse (word_reverse w) = w) ∧
     (word_reverse (w ≪ n) = word_reverse w ⋙ n) ∧
     (word_reverse (w ⋙ n) = word_reverse w ≪ n) ∧
     (word_reverse (w ‖ v) = word_reverse w ‖ word_reverse v) ∧
     (word_reverse (w && v) = word_reverse w && word_reverse v) ∧
     (word_reverse (w ⊕ v) = word_reverse w ⊕ word_reverse v) ∧
     (word_reverse (¬w) = ¬word_reverse w) ∧ (word_reverse 0w = 0w) ∧
     (word_reverse (-1w) = -1w) ∧ ((word_reverse w = 0w) ⇔ (w = 0w)) ∧
     ((word_reverse w = -1w) ⇔ (w = -1w))

bit_count_upto_0

|- ∀w. bit_count_upto 0 w = 0

bit_count_upto_SUC

|- ∀w n.
     bit_count_upto (SUC n) w = (if w ' n then 1 else 0) + bit_count_upto n w

bit_count_upto_is_zero

|- ∀n w. (bit_count_upto n w = 0) ⇔ ∀i. i < n ⇒ ¬w ' i

bit_count_is_zero

|- ∀w. (bit_count w = 0) ⇔ (w = 0w)

WORD_FINITE

|- ∀s. FINITE s

WORD_SET_INDUCT

|- ∀P. P ∅ ∧ (∀s. P s ⇒ ∀e. e ∉ s ⇒ P (e INSERT s)) ⇒ ∀s. P s

SUC_WORD_PRED

|- ∀x. x ≠ 0w ⇒ (SUC (w2n (x − 1w)) = w2n x)

WORD_PRED_THM

|- ∀m. m ≠ 0w ⇒ w2n (m − 1w) < w2n m

LSR_LESS

|- ∀m y. y ≠ 0w ∧ 0 < m ⇒ w2n (y ⋙ m) < w2n y

word_sub_w2n

|- ∀x y. y ≤₊ x ⇒ (w2n (x − y) = w2n x − w2n y)

WORD_LE_EQ_LS

|- ∀x y. 0w ≤ x ∧ 0w ≤ y ⇒ (x ≤ y ⇔ x ≤₊ y)

WORD_LT_EQ_LO

|- ∀x y. 0w ≤ x ∧ 0w ≤ y ⇒ (x < y ⇔ x <₊ y)

WORD_ZERO_LE

|- ∀w. 0w ≤ w ⇔ w2n w < INT_MIN (:α)

WORD_LT_SUB_UPPER

|- ∀x y. 0w < y ∧ y < x ⇒ x − y < x

WORD_SUB_LT

|- ∀x y. 0w < y ∧ y < x ⇒ 0w < x − y ∧ x − y < x

WORD_SUB_LE

|- ∀x y. 0w ≤ y ∧ y ≤ x ⇒ 0w ≤ x − y ∧ x − y ≤ x

dimindex_1

|- dimindex (:unit) = 1

finite_1

|- FINITE 𝕌(:unit)

INT_MIN_1

|- INT_MIN (:unit) = 1

dimword_1

|- dimword (:unit) = 2

dimindex_2

|- dimindex (:2) = 2

finite_2

|- FINITE 𝕌(:2)

INT_MIN_2

|- INT_MIN (:2) = 2

dimword_2

|- dimword (:2) = 4

dimindex_3

|- dimindex (:3) = 3

finite_3

|- FINITE 𝕌(:3)

INT_MIN_3

|- INT_MIN (:3) = 4

dimword_3

|- dimword (:3) = 8

dimindex_4

|- dimindex (:4) = 4

finite_4

|- FINITE 𝕌(:4)

INT_MIN_4

|- INT_MIN (:4) = 8

dimword_4

|- dimword (:4) = 16

dimindex_5

|- dimindex (:5) = 5

finite_5

|- FINITE 𝕌(:5)

INT_MIN_5

|- INT_MIN (:5) = 16

dimword_5

|- dimword (:5) = 32

dimindex_6

|- dimindex (:6) = 6

finite_6

|- FINITE 𝕌(:6)

INT_MIN_6

|- INT_MIN (:6) = 32

dimword_6

|- dimword (:6) = 64

dimindex_7

|- dimindex (:7) = 7

finite_7

|- FINITE 𝕌(:7)

INT_MIN_7

|- INT_MIN (:7) = 64

dimword_7

|- dimword (:7) = 128

dimindex_8

|- dimindex (:8) = 8

finite_8

|- FINITE 𝕌(:8)

INT_MIN_8

|- INT_MIN (:8) = 128

dimword_8

|- dimword (:8) = 256

dimindex_9

|- dimindex (:9) = 9

finite_9

|- FINITE 𝕌(:9)

INT_MIN_9

|- INT_MIN (:9) = 256

dimword_9

|- dimword (:9) = 512

dimindex_10

|- dimindex (:10) = 10

finite_10

|- FINITE 𝕌(:10)

INT_MIN_10

|- INT_MIN (:10) = 512

dimword_10

|- dimword (:10) = 1024

dimindex_11

|- dimindex (:11) = 11

finite_11

|- FINITE 𝕌(:11)

INT_MIN_11

|- INT_MIN (:11) = 1024

dimword_11

|- dimword (:11) = 2048

dimindex_12

|- dimindex (:12) = 12

finite_12

|- FINITE 𝕌(:12)

INT_MIN_12

|- INT_MIN (:12) = 2048

dimword_12

|- dimword (:12) = 4096

dimindex_16

|- dimindex (:16) = 16

finite_16

|- FINITE 𝕌(:16)

INT_MIN_16

|- INT_MIN (:16) = 32768

dimword_16

|- dimword (:16) = 65536

dimindex_20

|- dimindex (:20) = 20

finite_20

|- FINITE 𝕌(:20)

INT_MIN_20

|- INT_MIN (:20) = 524288

dimword_20

|- dimword (:20) = 1048576

dimindex_24

|- dimindex (:24) = 24

finite_24

|- FINITE 𝕌(:24)

INT_MIN_24

|- INT_MIN (:24) = 8388608

dimword_24

|- dimword (:24) = 16777216

dimindex_28

|- dimindex (:28) = 28

finite_28

|- FINITE 𝕌(:28)

INT_MIN_28

|- INT_MIN (:28) = 134217728

dimword_28

|- dimword (:28) = 268435456

dimindex_30

|- dimindex (:30) = 30

finite_30

|- FINITE 𝕌(:30)

INT_MIN_30

|- INT_MIN (:30) = 536870912

dimword_30

|- dimword (:30) = 1073741824

dimindex_32

|- dimindex (:32) = 32

finite_32

|- FINITE 𝕌(:32)

INT_MIN_32

|- INT_MIN (:32) = 2147483648

dimword_32

|- dimword (:32) = 4294967296

dimindex_48

|- dimindex (:48) = 48

finite_48

|- FINITE 𝕌(:48)

INT_MIN_48

|- INT_MIN (:48) = 140737488355328

dimword_48

|- dimword (:48) = 281474976710656

dimindex_64

|- dimindex (:64) = 64

finite_64

|- FINITE 𝕌(:64)

INT_MIN_64

|- INT_MIN (:64) = 9223372036854775808

dimword_64

|- dimword (:64) = 18446744073709551616

dimindex_96

|- dimindex (:96) = 96

finite_96

|- FINITE 𝕌(:96)

INT_MIN_96

|- INT_MIN (:96) = 39614081257132168796771975168

dimword_96

|- dimword (:96) = 79228162514264337593543950336

dimindex_128

|- dimindex (:128) = 128

finite_128

|- FINITE 𝕌(:128)

INT_MIN_128

|- INT_MIN (:128) = 170141183460469231731687303715884105728

dimword_128

|- dimword (:128) = 340282366920938463463374607431768211456

n2w_itself_ind

|- ∀P. (∀n. P (n,(:α))) ⇒ ∀v v1. P (v,v1)

n2w_itself_def

|- n2w_itself (n,(:α)) = n2w n