diff --git a/code/jasmin/mlkem_avx2/extraction/jkem_avx2.ec b/code/jasmin/mlkem_avx2/extraction/jkem_avx2.ec index dafb5514..fd2a4831 100644 --- a/code/jasmin/mlkem_avx2/extraction/jkem_avx2.ec +++ b/code/jasmin/mlkem_avx2/extraction/jkem_avx2.ec @@ -7,13 +7,10 @@ import SLH64. require import Array1 Array4 Array5 Array6 Array7 Array8 Array9 Array16 Array24 Array25 Array32 Array33 Array64 Array128 Array136 Array256 Array400 Array536 Array768 -Array960 Array1024 Array1088 Array2048 Array2144 Array2304. - -require import -WArray8 WArray16 WArray32 WArray33 WArray40 WArray64 WArray128 WArray136 -WArray160 WArray192 WArray200 WArray224 WArray256 WArray288 WArray512 -WArray536 WArray768 WArray800 WArray960 WArray1088 WArray1536 WArray2048 -WArray2144 WArray4608. +Array960 Array1024 Array1088 Array2048 Array2144 Array2304 WArray8 WArray16 +WArray32 WArray33 WArray40 WArray64 WArray128 WArray136 WArray160 WArray192 +WArray200 WArray224 WArray256 WArray288 WArray512 WArray536 WArray768 +WArray800 WArray960 WArray1088 WArray1536 WArray2048 WArray2144 WArray4608. abbrev gen_matrix_indexes = (Array16.of_list witness @@ -1313,7 +1310,7 @@ module M(SC:Syscall_t) = { var t1:W256.t; t0 <- (VMOVSLDUP_256 b); t0 <- (VPBLEND_8u32 a t0 (W8.of_int 170)); - a <- (VPSRL_4u64 a (W8.of_int 32)); + a <- (VPSRL_4u64 a (W128.of_int 32)); t1 <- (VPBLEND_8u32 a b (W8.of_int 170)); return (t0, t1); } @@ -1322,9 +1319,9 @@ module M(SC:Syscall_t) = { var r1:W256.t; var t0:W256.t; var t1:W256.t; - t0 <- (VPSLL_8u32 b (W8.of_int 16)); + t0 <- (VPSLL_8u32 b (W128.of_int 16)); r0 <- (VPBLEND_16u16 a t0 (W8.of_int 170)); - t1 <- (VPSRL_8u32 a (W8.of_int 16)); + t1 <- (VPSRL_8u32 a (W128.of_int 16)); r1 <- (VPBLEND_16u16 t1 b (W8.of_int 170)); return (r0, r1); } @@ -1466,7 +1463,7 @@ module M(SC:Syscall_t) = { proc __csubq (r:W256.t, qx16:W256.t) : W256.t = { var t:W256.t; r <- (VPSUB_16u16 r qx16); - t <- (VPSRA_16u16 r (W8.of_int 15)); + t <- (VPSRA_16u16 r (W128.of_int 15)); t <- (VPAND_256 t qx16); r <- (VPADD_16u16 t r); return r; @@ -1474,7 +1471,7 @@ module M(SC:Syscall_t) = { proc __red16x (r:W256.t, qx16:W256.t, vx16:W256.t) : W256.t = { var x:W256.t; x <- (VPMULH_16u16 r vx16); - x <- (VPSRA_16u16 x (W8.of_int 10)); + x <- (VPSRA_16u16 x (W128.of_int 10)); x <- (VPMULL_16u16 x qx16); r <- (VPSUB_16u16 r x); return r; @@ -1939,8 +1936,8 @@ module M(SC:Syscall_t) = { proc __rol_4u64 (a:W256.t, o:int) : W256.t = { var r:W256.t; var t256:W256.t; - r <- (VPSLL_4u64 a (W8.of_int o)); - t256 <- (VPSRL_4u64 a (W8.of_int (64 - o))); + r <- (VPSLL_4u64 a (W128.of_int o)); + t256 <- (VPSRL_4u64 a (W128.of_int (64 - o))); r <- (r `|` t256); return r; } @@ -3101,8 +3098,8 @@ module M(SC:Syscall_t) = { al <- (VPBLEND_16u16 a0 _zero (W8.of_int 170)); ah <- (VPBLEND_16u16 a1 _zero (W8.of_int 170)); al <- (VPACKUS_8u32 al ah); - a0 <- (VPSRL_8u32 a0 (W8.of_int 16)); - a1 <- (VPSRL_8u32 a1 (W8.of_int 16)); + a0 <- (VPSRL_8u32 a0 (W128.of_int 16)); + a1 <- (VPSRL_8u32 a1 (W128.of_int 16)); ah <- (VPACKUS_8u32 a0 a1); return (al, ah); } @@ -3515,27 +3512,27 @@ module M(SC:Syscall_t) = { (t6, t3) <@ __shuffle1 (t0, t3); (t0, t4) <@ __shuffle1 (t1, t4); (t1, t5) <@ __shuffle1 (t2, t5); - t7 <- (VPSRL_16u16 t6 (W8.of_int 12)); - t8 <- (VPSLL_16u16 t3 (W8.of_int 4)); + t7 <- (VPSRL_16u16 t6 (W128.of_int 12)); + t8 <- (VPSLL_16u16 t3 (W128.of_int 4)); t7 <- (VPOR_256 t7 t8); t6 <- (VPAND_256 mask t6); t7 <- (VPAND_256 mask t7); - t8 <- (VPSRL_16u16 t3 (W8.of_int 8)); - t9 <- (VPSLL_16u16 t0 (W8.of_int 8)); + t8 <- (VPSRL_16u16 t3 (W128.of_int 8)); + t9 <- (VPSLL_16u16 t0 (W128.of_int 8)); t8 <- (VPOR_256 t8 t9); t8 <- (VPAND_256 mask t8); - t9 <- (VPSRL_16u16 t0 (W8.of_int 4)); + t9 <- (VPSRL_16u16 t0 (W128.of_int 4)); t9 <- (VPAND_256 mask t9); - t10 <- (VPSRL_16u16 t4 (W8.of_int 12)); - t11 <- (VPSLL_16u16 t1 (W8.of_int 4)); + t10 <- (VPSRL_16u16 t4 (W128.of_int 12)); + t11 <- (VPSLL_16u16 t1 (W128.of_int 4)); t10 <- (VPOR_256 t10 t11); t4 <- (VPAND_256 mask t4); t10 <- (VPAND_256 mask t10); - t11 <- (VPSRL_16u16 t1 (W8.of_int 8)); - tt <- (VPSLL_16u16 t5 (W8.of_int 8)); + t11 <- (VPSRL_16u16 t1 (W128.of_int 8)); + tt <- (VPSLL_16u16 t5 (W128.of_int 8)); t11 <- (VPOR_256 t11 tt); t11 <- (VPAND_256 mask t11); - tt <- (VPSRL_16u16 t5 (W8.of_int 4)); + tt <- (VPSRL_16u16 t5 (W128.of_int 4)); tt <- (VPAND_256 mask tt); rp <- (Array256.init @@ -3640,13 +3637,13 @@ module M(SC:Syscall_t) = { g3 <- (VPSHUFD_256 f (W8.of_int (85 * i))); g3 <- (VPSLLV_8u32 g3 shift); g3 <- (VPSHUFB_256 g3 idx); - g0 <- (VPSLL_16u16 g3 (W8.of_int 12)); - g1 <- (VPSLL_16u16 g3 (W8.of_int 8)); - g2 <- (VPSLL_16u16 g3 (W8.of_int 4)); - g0 <- (VPSRA_16u16 g0 (W8.of_int 15)); - g1 <- (VPSRA_16u16 g1 (W8.of_int 15)); - g2 <- (VPSRA_16u16 g2 (W8.of_int 15)); - g3 <- (VPSRA_16u16 g3 (W8.of_int 15)); + g0 <- (VPSLL_16u16 g3 (W128.of_int 12)); + g1 <- (VPSLL_16u16 g3 (W128.of_int 8)); + g2 <- (VPSLL_16u16 g3 (W128.of_int 4)); + g0 <- (VPSRA_16u16 g0 (W128.of_int 15)); + g1 <- (VPSRA_16u16 g1 (W128.of_int 15)); + g2 <- (VPSRA_16u16 g2 (W128.of_int 15)); + g3 <- (VPSRA_16u16 g3 (W128.of_int 15)); g0 <- (VPAND_256 g0 hqs); g1 <- (VPAND_256 g1 hqs); g2 <- (VPAND_256 g2 hqs); @@ -3719,19 +3716,19 @@ module M(SC:Syscall_t) = { (get256_direct (WArray128.init8 (fun i_0 => buf.[i_0])) (24 * i)); f0 <- (VPERMQ f0 (W8.of_int 148)); f0 <- (VPSHUFB_256 f0 shufbidx); - f1 <- (VPSRL_8u32 f0 (W8.of_int 1)); - f2 <- (VPSRL_8u32 f0 (W8.of_int 2)); + f1 <- (VPSRL_8u32 f0 (W128.of_int 1)); + f2 <- (VPSRL_8u32 f0 (W128.of_int 2)); f0 <- (VPAND_256 mask249 f0); f1 <- (VPAND_256 mask249 f1); f2 <- (VPAND_256 mask249 f2); f0 <- (VPADD_8u32 f0 f1); f0 <- (VPADD_8u32 f0 f2); - f1 <- (VPSRL_8u32 f0 (W8.of_int 3)); + f1 <- (VPSRL_8u32 f0 (W128.of_int 3)); f0 <- (VPADD_8u32 f0 mask6DB); f0 <- (VPSUB_8u32 f0 f1); - f1 <- (VPSLL_8u32 f0 (W8.of_int 10)); - f2 <- (VPSRL_8u32 f0 (W8.of_int 12)); - f3 <- (VPSRL_8u32 f0 (W8.of_int 2)); + f1 <- (VPSLL_8u32 f0 (W128.of_int 10)); + f2 <- (VPSRL_8u32 f0 (W128.of_int 12)); + f3 <- (VPSRL_8u32 f0 (W128.of_int 2)); f0 <- (VPAND_256 f0 mask07); f1 <- (VPAND_256 f1 mask70); f2 <- (VPAND_256 f2 mask07); @@ -3786,16 +3783,16 @@ module M(SC:Syscall_t) = { i <- 0; while ((i < aux)) { f0 <- (get256 (WArray128.init8 (fun i_0 => buf.[i_0])) i); - f1 <- (VPSRL_16u16 f0 (W8.of_int 1)); + f1 <- (VPSRL_16u16 f0 (W128.of_int 1)); f0 <- (VPAND_256 mask55 f0); f1 <- (VPAND_256 mask55 f1); f0 <- (VPADD_32u8 f0 f1); - f1 <- (VPSRL_16u16 f0 (W8.of_int 2)); + f1 <- (VPSRL_16u16 f0 (W128.of_int 2)); f0 <- (VPAND_256 mask33 f0); f1 <- (VPAND_256 mask33 f1); f0 <- (VPADD_32u8 f0 mask33); f0 <- (VPSUB_32u8 f0 f1); - f1 <- (VPSRL_16u16 f0 (W8.of_int 4)); + f1 <- (VPSRL_16u16 f0 (W128.of_int 4)); f0 <- (VPAND_256 mask0F f0); f1 <- (VPAND_256 mask0F f1); f0 <- (VPSUB_32u8 f0 mask03); @@ -4647,21 +4644,21 @@ module M(SC:Syscall_t) = { t5 <- (get256 (WArray512.init16 (fun i_0 => a.[i_0])) ((8 * i) + 5)); t6 <- (get256 (WArray512.init16 (fun i_0 => a.[i_0])) ((8 * i) + 6)); t7 <- (get256 (WArray512.init16 (fun i_0 => a.[i_0])) ((8 * i) + 7)); - tt <- (VPSLL_16u16 t1 (W8.of_int 12)); + tt <- (VPSLL_16u16 t1 (W128.of_int 12)); tt <- (tt `|` t0); - t0 <- (VPSRL_16u16 t1 (W8.of_int 4)); - t1 <- (VPSLL_16u16 t2 (W8.of_int 8)); + t0 <- (VPSRL_16u16 t1 (W128.of_int 4)); + t1 <- (VPSLL_16u16 t2 (W128.of_int 8)); t0 <- (t0 `|` t1); - t1 <- (VPSRL_16u16 t2 (W8.of_int 8)); - t2 <- (VPSLL_16u16 t3 (W8.of_int 4)); + t1 <- (VPSRL_16u16 t2 (W128.of_int 8)); + t2 <- (VPSLL_16u16 t3 (W128.of_int 4)); t1 <- (t1 `|` t2); - t2 <- (VPSLL_16u16 t5 (W8.of_int 12)); + t2 <- (VPSLL_16u16 t5 (W128.of_int 12)); t2 <- (t2 `|` t4); - t3 <- (VPSRL_16u16 t5 (W8.of_int 4)); - t4 <- (VPSLL_16u16 t6 (W8.of_int 8)); + t3 <- (VPSRL_16u16 t5 (W128.of_int 4)); + t4 <- (VPSLL_16u16 t6 (W128.of_int 8)); t3 <- (t3 `|` t4); - t4 <- (VPSRL_16u16 t6 (W8.of_int 8)); - t5 <- (VPSLL_16u16 t7 (W8.of_int 4)); + t4 <- (VPSRL_16u16 t6 (W128.of_int 8)); + t5 <- (VPSLL_16u16 t7 (W128.of_int 4)); t4 <- (t4 `|` t5); (ttt, t0) <@ __shuffle1 (tt, t0); (tt, t2) <@ __shuffle1 (t1, t2); @@ -4721,8 +4718,8 @@ module M(SC:Syscall_t) = { f1 <- (get256 (WArray512.init16 (fun i_0 => a.[i_0])) ((2 * i) + 1)); f0 <- (VPSUB_16u16 hq f0); f1 <- (VPSUB_16u16 hq f1); - g0 <- (VPSRA_16u16 f0 (W8.of_int 15)); - g1 <- (VPSRA_16u16 f1 (W8.of_int 15)); + g0 <- (VPSRA_16u16 f0 (W128.of_int 15)); + g1 <- (VPSRA_16u16 f1 (W128.of_int 15)); f0 <- (VPXOR_256 f0 g0); f1 <- (VPXOR_256 f1 g1); f0 <- (VPSUB_16u16 f0 hhq); @@ -4806,7 +4803,7 @@ module M(SC:Syscall_t) = { f <- (VPERMQ f (W8.of_int 148)); f <- (VPSHUFB_256 f shufbidx); f <- (VPSLLV_8u32 f sllvdidx); - f <- (VPSRL_16u16 f (W8.of_int 1)); + f <- (VPSRL_16u16 f (W128.of_int 1)); f <- (VPAND_256 f mask); f <- (VPMULHRS_16u16 f q); r <- @@ -4841,7 +4838,7 @@ module M(SC:Syscall_t) = { a <@ __polyvec_csubq (a); x16p <- jvx16; v <- (get256 (WArray32.init16 (fun i_0 => x16p.[i_0])) 0); - v8 <- (VPSLL_16u16 v (W8.of_int 3)); + v8 <- (VPSLL_16u16 v (W128.of_int 3)); off <- (VPBROADCAST_16u16 pvc_off_s); shift1 <- (VPBROADCAST_16u16 pvc_shift1_s); mask <- (VPBROADCAST_16u16 pvc_mask_s); @@ -4855,17 +4852,17 @@ module M(SC:Syscall_t) = { f0 <- (get256 (WArray1536.init16 (fun i_0 => a.[i_0])) i); f1 <- (VPMULL_16u16 f0 v8); f2 <- (VPADD_16u16 f0 off); - f0 <- (VPSLL_16u16 f0 (W8.of_int 3)); + f0 <- (VPSLL_16u16 f0 (W128.of_int 3)); f0 <- (VPMULH_16u16 f0 v); f2 <- (VPSUB_16u16 f1 f2); f1 <- (VPANDN_256 f1 f2); - f1 <- (VPSRL_16u16 f1 (W8.of_int 15)); + f1 <- (VPSRL_16u16 f1 (W128.of_int 15)); f0 <- (VPSUB_16u16 f0 f1); f0 <- (VPMULHRS_16u16 f0 shift1); f0 <- (VPAND_256 f0 mask); f0 <- (VPMADDWD_256 f0 shift2); f0 <- (VPSLLV_8u32 f0 sllvdidx); - f0 <- (VPSRL_4u64 f0 (W8.of_int 12)); + f0 <- (VPSRL_4u64 f0 (W128.of_int 12)); f0 <- (VPSHUFB_256 f0 shufbidx); t0 <- (truncateu128 f0); t1 <- (VEXTRACTI128 f0 (W8.of_int 1)); @@ -4901,7 +4898,7 @@ module M(SC:Syscall_t) = { a <@ __polyvec_csubq (a); x16p <- jvx16; v <- (get256 (WArray32.init16 (fun i_0 => x16p.[i_0])) 0); - v8 <- (VPSLL_16u16 v (W8.of_int 3)); + v8 <- (VPSLL_16u16 v (W128.of_int 3)); off <- (VPBROADCAST_16u16 pvc_off_s); shift1 <- (VPBROADCAST_16u16 pvc_shift1_s); mask <- (VPBROADCAST_16u16 pvc_mask_s); @@ -4915,17 +4912,17 @@ module M(SC:Syscall_t) = { f0 <- (get256 (WArray1536.init16 (fun i_0 => a.[i_0])) i); f1 <- (VPMULL_16u16 f0 v8); f2 <- (VPADD_16u16 f0 off); - f0 <- (VPSLL_16u16 f0 (W8.of_int 3)); + f0 <- (VPSLL_16u16 f0 (W128.of_int 3)); f0 <- (VPMULH_16u16 f0 v); f2 <- (VPSUB_16u16 f1 f2); f1 <- (VPANDN_256 f1 f2); - f1 <- (VPSRL_16u16 f1 (W8.of_int 15)); + f1 <- (VPSRL_16u16 f1 (W128.of_int 15)); f0 <- (VPSUB_16u16 f0 f1); f0 <- (VPMULHRS_16u16 f0 shift1); f0 <- (VPAND_256 f0 mask); f0 <- (VPMADDWD_256 f0 shift2); f0 <- (VPSLLV_8u32 f0 sllvdidx); - f0 <- (VPSRL_4u64 f0 (W8.of_int 12)); + f0 <- (VPSRL_4u64 f0 (W128.of_int 12)); f0 <- (VPSHUFB_256 f0 shufbidx); t0 <- (truncateu128 f0); t1 <- (VEXTRACTI128 f0 (W8.of_int 1)); @@ -5096,8 +5093,8 @@ module M(SC:Syscall_t) = { if ((r = 56)) { a.[x] <- (VPSHUFB_256 a.[x] r56); } else { - t <- (VPSLL_4u64 a.[x] (W8.of_int r)); - a.[x] <- (VPSRL_4u64 a.[x] (W8.of_int (64 - r))); + t <- (VPSLL_4u64 a.[x] (W128.of_int r)); + a.[x] <- (VPSRL_4u64 a.[x] (W128.of_int (64 - r))); a.[x] <- (a.[x] `|` t); } } @@ -5283,7 +5280,7 @@ module M(SC:Syscall_t) = { ((2 %% (2 ^ 2)) + ((2 ^ 2) * ((3 %% (2 ^ 2)) + ((2 ^ 2) * ((0 %% (2 ^ 2)) + ((2 ^ 2) * 1)))))))); - t.[1] <- (c14 \vshr64u256 (W8.of_int 63)); + t.[1] <- (c14 \vshr64u256 (W128.of_int 63)); t.[2] <- (c14 \vadd64u256 c14); t.[1] <- (t.[1] `|` t.[2]); d14 <- @@ -5301,7 +5298,7 @@ module M(SC:Syscall_t) = { ((0 %% (2 ^ 2)) + ((2 ^ 2) * ((0 %% (2 ^ 2)) + ((2 ^ 2) * 0)))))))); c00 <- (c00 `^` state.[0]); c00 <- (c00 `^` t.[0]); - t.[0] <- (c00 \vshr64u256 (W8.of_int 63)); + t.[0] <- (c00 \vshr64u256 (W128.of_int 63)); t.[1] <- (c00 \vadd64u256 c00); t.[1] <- (t.[1] `|` t.[0]); state.[2] <- (state.[2] `^` d00); @@ -5945,7 +5942,7 @@ module M(SC:Syscall_t) = { ((2 %% (2 ^ 2)) + ((2 ^ 2) * ((3 %% (2 ^ 2)) + ((2 ^ 2) * ((0 %% (2 ^ 2)) + ((2 ^ 2) * 1)))))))); - t.[1] <- (c14 \vshr64u256 (W8.of_int 63)); + t.[1] <- (c14 \vshr64u256 (W128.of_int 63)); t.[2] <- (c14 \vadd64u256 c14); t.[1] <- (t.[1] `|` t.[2]); d14 <- @@ -5963,7 +5960,7 @@ module M(SC:Syscall_t) = { ((0 %% (2 ^ 2)) + ((2 ^ 2) * ((0 %% (2 ^ 2)) + ((2 ^ 2) * 0)))))))); c00 <- (c00 `^` state.[0]); c00 <- (c00 `^` t.[0]); - t.[0] <- (c00 \vshr64u256 (W8.of_int 63)); + t.[0] <- (c00 \vshr64u256 (W128.of_int 63)); t.[1] <- (c00 \vadd64u256 c00); t.[1] <- (t.[1] `|` t.[0]); state.[2] <- (state.[2] `^` d00); @@ -7195,8 +7192,8 @@ module M(SC:Syscall_t) = { ((1 %% (2 ^ 2)) + ((2 ^ 2) * ((1 %% (2 ^ 2)) + ((2 ^ 2) * 2)))))))); f0 <- (VPSHUFB_256 f0 load_shuffle); f1 <- (VPSHUFB_256 f1 load_shuffle); - g0 <- (VPSRL_16u16 f0 (W8.of_int 4)); - g1 <- (VPSRL_16u16 f1 (W8.of_int 4)); + g0 <- (VPSRL_16u16 f0 (W128.of_int 4)); + g1 <- (VPSRL_16u16 f1 (W128.of_int 4)); f0 <- (VPBLEND_16u16 f0 g0 (W8.of_int 170)); f1 <- (VPBLEND_16u16 f1 g1 (W8.of_int 170)); f0 <- (VPAND_256 f0 mask); @@ -7364,7 +7361,7 @@ module M(SC:Syscall_t) = { ((2 ^ 2) * ((1 %% (2 ^ 2)) + ((2 ^ 2) * ((1 %% (2 ^ 2)) + ((2 ^ 2) * 2)))))))); f0 <- (VPSHUFB_256 f0 load_shuffle); - g0 <- (VPSRL_16u16 f0 (W8.of_int 4)); + g0 <- (VPSRL_16u16 f0 (W128.of_int 4)); f0 <- (VPBLEND_16u16 f0 g0 (W8.of_int 170)); f0 <- (VPAND_256 f0 mask); g0 <- (VPCMPGT_16u16 bounds f0); diff --git a/code/jasmin/mlkem_ref/extraction/jkem.ec b/code/jasmin/mlkem_ref/extraction/jkem.ec index 30b5808c..7a12a75c 100644 --- a/code/jasmin/mlkem_ref/extraction/jkem.ec +++ b/code/jasmin/mlkem_ref/extraction/jkem.ec @@ -6,12 +6,9 @@ import SLH64. require import Array4 Array5 Array24 Array25 Array32 Array33 Array34 Array64 Array128 -Array168 Array256 Array768 Array960 Array1088 Array2304. - -require import -WArray20 WArray32 WArray33 WArray34 WArray40 WArray64 WArray128 WArray168 -WArray192 WArray200 WArray256 WArray512 WArray960 WArray1088 WArray1536 -WArray4608. +Array168 Array256 Array768 Array960 Array1088 Array2304 WArray20 WArray32 +WArray33 WArray34 WArray40 WArray64 WArray128 WArray168 WArray192 WArray200 +WArray256 WArray512 WArray960 WArray1088 WArray1536 WArray4608. abbrev jzetas_inv = (Array128.of_list witness diff --git a/jasmin b/jasmin index 1bd46f65..89d03449 160000 --- a/jasmin +++ b/jasmin @@ -1 +1 @@ -Subproject commit 1bd46f6542c32c4ad0243f7bccedfa26590f6dc6 +Subproject commit 89d03449ff13f7f96ed760cf3e1684f3bce566e5 diff --git a/proof/correctness/avx2/AVX2_Ops.ec b/proof/correctness/avx2/AVX2_Ops.ec index 3ea6858b..dd8e8e56 100644 --- a/proof/correctness/avx2/AVX2_Ops.ec +++ b/proof/correctness/avx2/AVX2_Ops.ec @@ -1197,32 +1197,32 @@ module OpsV = { return VPEXTR_32 x p; } - proc iVPSRA_16u16 (x: vt16u16, y: W8.t) : vt16u16 = { + proc iVPSRA_16u16 (x: vt16u16, y: W128.t) : vt16u16 = { return VPSRA_16u16 x y; } - proc iVPSLL_8u32 (x: vt8u32, y: W8.t) : vt8u32 = { + proc iVPSLL_8u32 (x: vt8u32, y: W128.t) : vt8u32 = { return VPSLL_8u32 x y; } - proc iVPSLL_16u16 (x: vt16u16, y: W8.t) : vt16u16 = { + proc iVPSLL_16u16 (x: vt16u16, y: W128.t) : vt16u16 = { return VPSLL_16u16 x y; } - proc iVPSRL_16u16 (x: vt16u16, y: W8.t) : vt16u16 = { + proc iVPSRL_16u16 (x: vt16u16, y: W128.t) : vt16u16 = { return VPSRL_16u16 x y; } - proc iVPSRL_8u32 (x: vt8u32, y: W8.t) : vt8u32 = { + proc iVPSRL_8u32 (x: vt8u32, y: W128.t) : vt8u32 = { return VPSRL_8u32 x y; } - proc iVPSRL_4u64 (x: vt4u64, y: W8.t) : vt4u64 = { + proc iVPSRL_4u64 (x: vt4u64, y: W128.t) : vt4u64 = { return VPSRL_4u64 x y; } - proc iVPSLL_4u64 (x: vt4u64, y: W8.t) : vt4u64 = { + proc iVPSLL_4u64 (x: vt4u64, y: W128.t) : vt4u64 = { return VPSLL_4u64 x y; } @@ -1899,26 +1899,26 @@ proof. by proc; skip; rewrite /is2u64 /VPEXTR_64 => /> &1 &2 [] -> /=. qed. equiv eq_iVPEXTR_32: Ops.iVPEXTR_32 ~ OpsV.iVPEXTR_32 : is16u8 x{1} x{2} /\ ={p} /\ (p{1} = W8.of_int 0 \/ p{2} = W8.of_int 1) ==> is4u8 res{1} res{2}. proof. by proc; wp; skip; rewrite /is16u8 /is4u8 /VPEXTR_32 => /> &1 &2 [] -> /=. qed. -equiv eq_iVPSLL_8u32: Ops.iVPSLL_8u32 ~ OpsV.iVPSLL_8u32: is8u32 x{1} x{2} /\ ={y} ==> is8u32 res{1} res{2}. -proof. by proc; wp; skip; rewrite /is8u32 /VPSLL_8u32. qed. +equiv eq_iVPSLL_8u32: Ops.iVPSLL_8u32 ~ OpsV.iVPSLL_8u32: is8u32 x{1} x{2} /\ to_uint y{1} = to_uint y{2} ==> is8u32 res{1} res{2}. +proof. by proc; wp; skip; rewrite /is8u32 /VPSLL_8u32 /(`<<`) => /> /#. qed. -equiv eq_iVPSLL_16u16: Ops.iVPSLL_16u16 ~ OpsV.iVPSLL_16u16: is16u16 x{1} x{2} /\ ={y} ==> is16u16 res{1} res{2}. -proof. by proc; wp; skip; rewrite /is16u16 /VPSLL_16u16. qed. +equiv eq_iVPSLL_16u16: Ops.iVPSLL_16u16 ~ OpsV.iVPSLL_16u16: is16u16 x{1} x{2} /\ to_uint y{1} = to_uint y{2} ==> is16u16 res{1} res{2}. +proof. by proc; wp; skip; rewrite /is16u16 /VPSLL_16u16 /(`<<`) => /> /#. qed. -equiv eq_iVPSRL_16u16: Ops.iVPSRL_16u16 ~ OpsV.iVPSRL_16u16: is16u16 x{1} x{2} /\ ={y} ==> is16u16 res{1} res{2}. -proof. by proc; wp; skip; rewrite /is16u16 /VPSRL_16u16. qed. +equiv eq_iVPSRL_16u16: Ops.iVPSRL_16u16 ~ OpsV.iVPSRL_16u16: is16u16 x{1} x{2} /\ to_uint y{1} = to_uint y{2} ==> is16u16 res{1} res{2}. +proof. by proc; wp; skip; rewrite /is16u16 /VPSRL_16u16 /(`>>`) => /> /#. qed. -equiv eq_iVPSRL_8u32: Ops.iVPSRL_8u32 ~ OpsV.iVPSRL_8u32: is8u32 x{1} x{2} /\ ={y} ==> is8u32 res{1} res{2}. -proof. by proc; wp; skip; rewrite /is8u32 /VPSRL_8u32. qed. +equiv eq_iVPSRL_8u32: Ops.iVPSRL_8u32 ~ OpsV.iVPSRL_8u32: is8u32 x{1} x{2} /\ to_uint y{1} = to_uint y{2} ==> is8u32 res{1} res{2}. +proof. by proc; wp; skip; rewrite /is8u32 /VPSRL_8u32 /(`>>`) => /> /#. qed. -equiv eq_iVPSRA_16u16: Ops.iVPSRA_16u16 ~ OpsV.iVPSRA_16u16: is16u16 x{1} x{2} /\ ={y} ==> is16u16 res{1} res{2}. -proof. by proc; wp; skip; rewrite /is16u16 /VPSRA_16u16. qed. +equiv eq_iVPSRA_16u16: Ops.iVPSRA_16u16 ~ OpsV.iVPSRA_16u16: is16u16 x{1} x{2} /\ to_uint y{1} = to_uint y{2} ==> is16u16 res{1} res{2}. +proof. by proc; wp; skip; rewrite /is16u16 /VPSRA_16u16 /(`>>`) => /> /#. qed. -equiv eq_iVPSRL_4u64: Ops.iVPSRL_4u64 ~ OpsV.iVPSRL_4u64 : is4u64 x{1} x{2} /\ ={y} ==> is4u64 res{1} res{2}. -proof. by proc; wp; skip; rewrite /is4u64 /VPSRL_4u64. qed. +equiv eq_iVPSRL_4u64: Ops.iVPSRL_4u64 ~ OpsV.iVPSRL_4u64 : is4u64 x{1} x{2} /\ to_uint y{1} = to_uint y{2} ==> is4u64 res{1} res{2}. +proof. by proc; wp; skip; rewrite /is4u64 /VPSRL_4u64 /(`>>`) => /> /#. qed. -equiv eq_iVPSLL_4u64: Ops.iVPSLL_4u64 ~ OpsV.iVPSLL_4u64 : is4u64 x{1} x{2} /\ ={y} ==> is4u64 res{1} res{2}. -proof. by proc; wp; skip; rewrite /is4u64 /VPSLL_4u64. qed. +equiv eq_iVPSLL_4u64: Ops.iVPSLL_4u64 ~ OpsV.iVPSLL_4u64 : is4u64 x{1} x{2} /\ to_uint y{1} = to_uint y{2} ==> is4u64 res{1} res{2}. +proof. by proc; wp; skip; rewrite /is4u64 /VPSLL_4u64 /(`>>`) => /> /#. qed. equiv eq_iVPAND_16u16: Ops.iVPAND_16u16 ~ OpsV.iVPAND_16u16 : is16u16 x{1} x{2} /\ is16u16 y{1} y{2} ==> is16u16 res{1} res{2}. proof. by proc; wp; skip; rewrite /is16u16. qed. diff --git a/proof/correctness/avx2/MLKEM_InnerPKE_avx2.ec b/proof/correctness/avx2/MLKEM_InnerPKE_avx2.ec index 31de2fd9..3adfef3d 100644 --- a/proof/correctness/avx2/MLKEM_InnerPKE_avx2.ec +++ b/proof/correctness/avx2/MLKEM_InnerPKE_avx2.ec @@ -352,7 +352,7 @@ qed. lemma VPSRL1_ANDmask55 w k: 0 <= k < 32 => - mask55u256 `&` (VPSRL_16u16 w (W8.of_int 1)) \bits8 k + mask55u256 `&` (VPSRL_16u16 w (W128.of_int 1)) \bits8 k = mask55u8 `&` ((w \bits8 k) `>>` (W8.of_int 1)). proof. move=> Hk. @@ -361,12 +361,12 @@ rewrite -W256_bits16_bits8 1:/# andb16E /VPSRL_16u16 mapbE 1:/# /=. rewrite W256_bits16_bits8 1:/# mask55_bits8 1:/#. apply W8extra.wordP_red. rewrite -allP /=. have: (k\in iota_ 0 32) by smt(mem_iota). -by move: {Hk} k; rewrite -allP -iotaredE /= !W16.shrwE !W8.shrwE /int_bit /=. +by move: {Hk} k; rewrite -allP -iotaredE /= /(`>>`) !W8.shrwE /int_bit /=. qed. lemma VPSRL2_ANDmask33 w k: 0 <= k < 32 => - mask33u256 `&` (VPSRL_16u16 w (W8.of_int 2)) \bits8 k + mask33u256 `&` (VPSRL_16u16 w (W128.of_int 2)) \bits8 k = mask33u8 `&` ((w \bits8 k) `>>` (W8.of_int 2)). proof. move=> Hk. @@ -375,12 +375,12 @@ rewrite -W256_bits16_bits8 1:/# andb16E /VPSRL_16u16 mapbE 1:/# /=. rewrite W256_bits16_bits8 1:/# mask33_bits8 1:/#. apply W8extra.wordP_red. rewrite -allP /=. have: (k\in iota_ 0 32) by smt(mem_iota). -by move: {Hk} k; rewrite -allP -iotaredE /= !W16.shrwE !W8.shrwE /int_bit /=. +by move: {Hk} k; rewrite -allP -iotaredE /= /(`>>`) !W8.shrwE /int_bit /=. qed. lemma VPSRL4_ANDmask0F w k: 0 <= k < 32 => - VPAND_256 mask0Fu256 (VPSRL_16u16 w (W8.of_int 4)) \bits8 k + VPAND_256 mask0Fu256 (VPSRL_16u16 w (W128.of_int 4)) \bits8 k = mask0Fu8 `&` ((w \bits8 k) `>>` (W8.of_int 4)). proof. move=> Hk. @@ -389,7 +389,7 @@ rewrite -W256_bits16_bits8 1:/# andb16E /VPSRL_16u16 mapbE 1:/# /=. rewrite W256_bits16_bits8 1:/# mask0F_bits8 1:/#. apply W8extra.wordP_red. rewrite -allP /=. have: (k\in iota_ 0 32) by smt(mem_iota). -by move: {Hk} k; rewrite -allP -iotaredE /= !W16.shrwE !W8.shrwE /int_bit /=. +by move: {Hk} k; rewrite -allP -iotaredE /= /(`>>`) !W8.shrwE /int_bit /=. qed. lemma to_uint_mask33 (w:W8.t): diff --git a/proof/correctness/avx2/MLKEM_PolyVec_avx2_vec.ec b/proof/correctness/avx2/MLKEM_PolyVec_avx2_vec.ec index 4c03fd23..b1d7e073 100644 --- a/proof/correctness/avx2/MLKEM_PolyVec_avx2_vec.ec +++ b/proof/correctness/avx2/MLKEM_PolyVec_avx2_vec.ec @@ -131,7 +131,7 @@ module Mvec = { a <@ polyvec_csubq (a); x16p <- jvx16; v <- (get256 (WArray32.init16 (fun i => x16p.[i])) 0); - v8 <@ OpsV.iVPSLL_16u16(v, (W8.of_int 3)); + v8 <@ OpsV.iVPSLL_16u16(v, (W128.of_int 3)); off <@ OpsV.iVPBROADCAST_16u16(pvc_off_s); shift1 <@ OpsV.iVPBROADCAST_16u16(pvc_shift1_s); mask <@ OpsV.iVPBROADCAST_16u16(pvc_mask_s); @@ -144,17 +144,17 @@ module Mvec = { f0 <- (get256 (WArray1536.init16 (fun i => a.[i])) i); f1 <@ OpsV.iVPMULL_16u16(f0, v8); f2 <@ OpsV.iVPADD_16u16(f0, off); - f0 <@ OpsV.iVPSLL_16u16(f0, (W8.of_int 3)); + f0 <@ OpsV.iVPSLL_16u16(f0, (W128.of_int 3)); f0 <@ OpsV.iVPMULH_256(f0, v); f2 <@ OpsV.iVPSUB_16u16(f1, f2); f1 <@ OpsV.iVPANDN_16u16(f1, f2); - f1 <@ OpsV.iVPSRL_16u16(f1, (W8.of_int 15)); + f1 <@ OpsV.iVPSRL_16u16(f1, (W128.of_int 15)); f0 <@ OpsV.iVPSUB_16u16(f0, f1); f0 <@ OpsV.iVPMULHRS_256(f0, shift1); f0 <@ OpsV.iVPAND_16u16(f0, mask); f0 <@ OpsV.iVPMADDWD_256(f0, shift2); f0 <@ OpsV.iVPSLLV_8u32(f0, sllvdidx); - f0 <@ OpsV.iVPSRL_4u64(f0, (W8.of_int 12)); + f0 <@ OpsV.iVPSRL_4u64(f0, (W128.of_int 12)); f0 <@ OpsV.iVPSHUFB_256(f0, shufbidx); t0 <@ OpsV.itruncate_16u16_8u16(f0); t1 <@ OpsV.iVEXTRACTI128_16u8(f0, (W8.of_int 1)); @@ -194,7 +194,7 @@ module Mvec = { a <@ polyvec_csubq (a); x16p <- jvx16; v <- (get256 (WArray32.init16 (fun i => x16p.[i])) 0); - v8 <@ OpsV.iVPSLL_16u16(v, (W8.of_int 3)); + v8 <@ OpsV.iVPSLL_16u16(v, (W128.of_int 3)); off <@ OpsV.iVPBROADCAST_16u16(pvc_off_s); shift1 <@ OpsV.iVPBROADCAST_16u16(pvc_shift1_s); mask <@ OpsV.iVPBROADCAST_16u16(pvc_mask_s); @@ -207,17 +207,17 @@ module Mvec = { f0 <- (get256 (WArray1536.init16 (fun i => a.[i])) i); f1 <@ OpsV.iVPMULL_16u16(f0, v8); f2 <@ OpsV.iVPADD_16u16(f0, off); - f0 <@ OpsV.iVPSLL_16u16(f0, (W8.of_int 3)); + f0 <@ OpsV.iVPSLL_16u16(f0, (W128.of_int 3)); f0 <@ OpsV.iVPMULH_256(f0, v); f2 <@ OpsV.iVPSUB_16u16(f1, f2); f1 <@ OpsV.iVPANDN_16u16(f1, f2); - f1 <@ OpsV.iVPSRL_16u16(f1, (W8.of_int 15)); + f1 <@ OpsV.iVPSRL_16u16(f1, (W128.of_int 15)); f0 <@ OpsV.iVPSUB_16u16(f0, f1); f0 <@ OpsV.iVPMULHRS_256(f0, shift1); f0 <@ OpsV.iVPAND_16u16(f0, mask); f0 <@ OpsV.iVPMADDWD_256(f0, shift2); f0 <@ OpsV.iVPSLLV_8u32(f0, sllvdidx); - f0 <@ OpsV.iVPSRL_4u64(f0, (W8.of_int 12)); + f0 <@ OpsV.iVPSRL_4u64(f0, (W128.of_int 12)); f0 <@ OpsV.iVPSHUFB_256(f0, shufbidx); t0 <@ OpsV.itruncate_16u16_8u16(f0); t1 <@ OpsV.iVEXTRACTI128_16u8(f0, (W8.of_int 1)); @@ -259,7 +259,7 @@ module Mvec = { f <@ OpsV.iVPERMQ_32u8(f, (W8.of_int 148)); f <@ OpsV.iVPSHUFB_256(f, shufbidx); f <@ OpsV.iVPSLLV_8u32(f, sllvdidx); - f <@ OpsV.iVPSRL_16u16(f, (W8.of_int 1)); + f <@ OpsV.iVPSRL_16u16(f, (W128.of_int 1)); f <@ OpsV.iVPAND_16u16(f, mask); f <@ OpsV.iVPMULHRS_256(f, q); r <- diff --git a/proof/correctness/avx2/MLKEM_Poly_avx2_proof.ec b/proof/correctness/avx2/MLKEM_Poly_avx2_proof.ec index f2674488..47804951 100644 --- a/proof/correctness/avx2/MLKEM_Poly_avx2_proof.ec +++ b/proof/correctness/avx2/MLKEM_Poly_avx2_proof.ec @@ -258,9 +258,9 @@ proof. auto => />. move => &hr [#] 7? k *. case (_r{hr}.[k] \slt W16.zero). - + rewrite initiE 1://= /= -/(W16.onew). + + rewrite initiE 1:/# /= -/(W16.onew). apply getsignNeg. - + rewrite W16.sltE ltzNge -W16.sleE initiE 1://= /=. + + rewrite W16.sltE ltzNge -W16.sleE initiE 1:/# /=. apply getsignPos. auto => />. move => &hr [#] H H0 H1 H2 H3 H4 H5 H6 H7 *. @@ -1128,11 +1128,11 @@ proof. by move : (modz_cmp (to_uint b) 16) => /#. rewrite (W16.of_sintK (W16.to_uint b %% 2^4)) //= (Montgomery16.smod_small (to_uint b %% 16)). by move : (modz_cmp (to_uint b) 16) => /#. rewrite /(W16.smod 2048) //=. - do rewrite shr_shrw 1://=. - rewrite shrDP 1://=. + do rewrite shr_shrw 1:/#. + rewrite shrDP 1:/#. rewrite (pmod_small _ W32.modulus). by smt(). rewrite (_: ((to_uint b %% 2 ^ 4) * 2048 * 3329 %/ 2 ^ 14) = (to_uint b %% 2 ^ 4) * 3329 %/ 2 ^ 3). smt(). - rewrite -of_intD shrDP 1://= of_uintK. + rewrite -of_intD shrDP 1:/# of_uintK. do (rewrite (pmod_small _ W32.modulus); first by smt()). rewrite (_: (to_uint b %% 2 ^ 4 * 3329 %/ 2 ^ 3 + 1) %/ 2 ^ 1 = (8 + to_uint b %% 2 ^ 4 * 3329) %/ 2 ^ 4); first by smt(). rewrite (pmod_small _ W16.modulus); first by smt(). @@ -1141,24 +1141,24 @@ proof. rewrite /smod. smt(). rewrite (_: to_uint b %% 16 = to_uint (b `&` (W16.of_int W8.max_uint)) %% 16). - rewrite W16.and_mod 1://=. + rewrite W16.and_mod 1:/#. rewrite of_uintK (pmod_small _ W16.modulus) 1:/#. smt(). rewrite -zeroext_truncateu8_and. rewrite to_uint_zeroextu16. rewrite (_: to_uint (truncateu8 b) = to_uint mem.[to_uint ap{1} + 8 * i{2} + 2 * (k %% 16) %/ 4]). (* can be simplified *) rewrite to_uint_truncateu8 //=. - rewrite -(divz1 (to_uint b)) -(Ring.IntID.expr0 2) (_: 0 = 8 * 0) 1://=. - rewrite -(W8.of_uintK (to_uint b %/ 2 ^ (8 * 0))) -W2u8.of_int_bits8_div 1://=. + rewrite -(divz1 (to_uint b)) -(Ring.IntID.expr0 2) (_: 0 = 8 * 0) 1:/#. + rewrite -(W8.of_uintK (to_uint b %/ 2 ^ (8 * 0))) -W2u8.of_int_bits8_div 1:/#. rewrite to_uintK. - rewrite -get_unpack8 1://= pack2K initiE 1://= //=. + rewrite -get_unpack8 1:/# pack2K initiE 1:/# //=. rewrite (_: 2 * (k %% 16) %/ 4 = k %% 16 %/ 2). smt(). rewrite (addzC 8 _). do (rewrite get_setE 1:/#). smt(). + rewrite (_: b `&` (W16.of_int 240) = ((b `>>>` 4) `&` (W16.of_int (2^4 - 1))) `<<<` 4). (* can be simplified *) rewrite (_: 2^4 - 1 = 240 %% W16.modulus %/ 2^4). by trivial. - rewrite -W16.shrDP 1://= shrw_and shrl_andmaskN 1://= -andwA. + rewrite -W16.shrDP 1:/# shrw_and shrl_andmaskN 1:/# -andwA. rewrite (_: (of_int 240)%W16 `&` invw ((W16.masklsb 4)) = (W16.of_int 240)). rewrite /invw /max 1://=. rewrite /of_int /(pc_mask_s). @@ -1169,9 +1169,9 @@ proof. rewrite -iotaredE //=. smt(). done. - rewrite W16.and_mod 1://=. + rewrite W16.and_mod 1:/#. rewrite /q. - rewrite shlMP 1://=. + rewrite shlMP 1:/#. rewrite to_sintM_small. rewrite (W16.of_sintK 128) /smod //=. rewrite (Montgomery16.smod_small (to_uint (b `>>>` 4) %% 2 ^ 4 * 2^4)). @@ -1181,9 +1181,9 @@ proof. rewrite (W16.of_sintK 128) (Montgomery16.smod_small 128). smt(). rewrite of_sintK (Montgomery16.smod_small (to_uint (b `>>>` 4) %% 16 * 16)). by move : (modz_cmp (W16.to_uint (b `>>>` 4)) 16) => /#. rewrite (mulzA _ (2^4) 128) //=. - do rewrite shr_shrw 1://=. - rewrite shrDP 1://=. - rewrite -of_intD shrDP 1://= of_uintK. + do rewrite shr_shrw 1:/#. + rewrite shrDP 1:/#. + rewrite -of_intD shrDP 1:/# of_uintK. rewrite (pmod_small (to_uint (b `>>>` 4) %% 16 * 2048 * 3329) W32.modulus); first by smt(). rewrite (_: to_uint (b `>>>` 4) %% 16 * 2048 * 3329 %/ 2 ^ 14 = to_uint (b `>>>` 4) %% 16 * 3329 %/ 2 ^ 3). smt(). @@ -1198,20 +1198,20 @@ proof. rewrite -(pmod_small (to_uint (b `>>>` 4) %% 16) W16.modulus) 1:/#. rewrite -(W16.of_uintK (to_uint (b `>>>` 4) %% 16)). rewrite (_: 16 = 2 ^ 4). by trivial. - rewrite -W16.and_mod 1://=. + rewrite -W16.and_mod 1:/#. have ->: (W16.of_int (2 ^ 4 - 1)) = W16.masklsb (8 - 4); first by trivial. - rewrite -W16.andmask_shrw 1://=. + rewrite -W16.andmask_shrw 1:/#. rewrite -(W16.to_uintK' (b `&` (W16.masklsb 8))). - rewrite shrDP 1://=. - rewrite W16.and_mod 1://= /max //=. + rewrite shrDP 1:/#. + rewrite W16.and_mod 1:/# /max //=. rewrite of_uintK of_uintK. rewrite (pmod_small _ W16.modulus); first by smt(). rewrite modz_mod. rewrite (pmod_small _ W16.modulus); first by smt(). - rewrite -(divz1 (to_uint b)) -(Ring.IntID.expr0 2) (_: 0 = 8 * 0) 1://=. - rewrite -(W8.of_uintK (to_uint b %/ 2 ^ (8 * 0))) -W2u8.of_int_bits8_div 1://=. + rewrite -(divz1 (to_uint b)) -(Ring.IntID.expr0 2) (_: 0 = 8 * 0) 1:/#. + rewrite -(W8.of_uintK (to_uint b %/ 2 ^ (8 * 0))) -W2u8.of_int_bits8_div 1:/#. rewrite to_uintK. - rewrite -get_unpack8 1://= pack2K initiE 1://= //=. + rewrite -get_unpack8 1:/# pack2K initiE 1:/# //=. rewrite (_: 2 * (k %% 16) %/ 4 = k %% 16 %/ 2). smt(). rewrite (addzC 8 _). do (rewrite get_setE 1:/#). @@ -1235,12 +1235,12 @@ proof. rewrite (W16.of_sintK (W16.to_uint b %% 2^4)) //= (Montgomery16.smod_small (to_uint b %% 16)). by move : (modz_cmp (to_uint b) 16) => /#. rewrite /(W16.smod 2048) //=. rewrite /(W16.smod 3329) //=. - do rewrite shr_shrw 1://=. - rewrite shrDP 1://=. + do rewrite shr_shrw 1:/#. + rewrite shrDP 1:/#. rewrite (pmod_small _ W32.modulus). by smt(). rewrite (_: ((to_uint b %% 2 ^ 4) * 2048 * 3329 %/ 2 ^ 14) = (to_uint b %% 2 ^ 4) * 3329 %/ 2 ^ 3). smt(). rewrite -of_intD. - rewrite shrDP 1://= of_uintK. + rewrite shrDP 1:/# of_uintK. do (rewrite (pmod_small _ W32.modulus); first by smt()). rewrite (pmod_small _ W16.modulus); first by smt(). rewrite (_: (to_uint b %% 2 ^ 4 * 3329 %/ 2 ^ 3 + 1) %/ 2 ^ 1 = (8 + to_uint b %% 2 ^ 4 * 3329) %/ 2 ^ 4). @@ -1253,7 +1253,7 @@ proof. smt(). + rewrite (_: b `&` (W16.of_int 240) = ((b `>>>` 4) `&` (W16.of_int (2^4 - 1))) `<<<` 4). rewrite (_: 2^4 - 1 = 240 %% W16.modulus %/ 2^4). by trivial. - rewrite -W16.shrDP 1://= shrw_and shrl_andmaskN 1://= -andwA. + rewrite -W16.shrDP 1:/# shrw_and shrl_andmaskN 1:/# -andwA. rewrite (_: (of_int 240)%W16 `&` invw ((W16.masklsb 4)) = (W16.of_int 240)). rewrite /invw /max 1://=. rewrite /of_int /(pc_mask_s). @@ -1264,9 +1264,9 @@ proof. rewrite -iotaredE //=. smt(). done. - rewrite W16.and_mod 1://=. + rewrite W16.and_mod 1:/#. rewrite /q. - rewrite shlMP 1://=. + rewrite shlMP 1:/#. rewrite to_sintM_small. rewrite (W16.of_sintK 128) /smod //=. rewrite (_: W16.smod (to_uint (b `>>>` 4) %% 2 ^ 4 * 2^4 %% W16.modulus) = to_uint (b `>>>` 4) %% 2 ^ 4 * 2^4). @@ -1277,10 +1277,10 @@ proof. rewrite (Montgomery16.smod_small (to_uint (b `>>>` 4) %% 16 * 16)). by move : (modz_cmp (W16.to_uint (b `>>>` 4)) 16) => /#. rewrite /(W16.smod 3329) //=. rewrite (mulzA _ (2^4) 128) //=. - do rewrite shr_shrw 1://=. - rewrite shrDP 1://=. - rewrite -of_intD shrDP 1://= of_uintK. - do (rewrite (modz_dvd _ W32.modulus W16.modulus) 1://=). + do rewrite shr_shrw 1:/#. + rewrite shrDP 1:/#. + rewrite -of_intD shrDP 1:/# of_uintK. + do (rewrite (modz_dvd _ W32.modulus W16.modulus) 1:/#). rewrite (pmod_small (to_uint (b `>>>` 4) %% 16 * 2048 * 3329) W32.modulus); first by smt(). rewrite (_: to_uint (b `>>>` 4) %% 16 * 2048 * 3329 %/ 2 ^ 14 = to_uint (b `>>>` 4) %% 16 * 3329 %/ 2 ^ 3). smt(). @@ -1396,14 +1396,14 @@ proof. rewrite /lift_array256 mapiE 1:/# /= incoeffK. rewrite (v_def k) 1:/# (mask1_def k) 1:/# (shift1_def k) 1:/# qE. rewrite /wmulhs /round_scalew //=. - do rewrite shr_shrw 1://=. + do rewrite shr_shrw 1:/#. rewrite /(W16.smod 20159) //= /truncateu16. rewrite (pmod_small (to_sint a{1}.[64 * i{2} + k]) 3329). move : pos_bound_a => /#. rewrite (_: pc_mask_s = W16.of_int (2^4 - 1)). smt(). - rewrite W16.and_mod 1://=. - rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1://=. - do (rewrite -shlMP 1://= || rewrite W32.shlw_shrw_shrw 1://= //=). + rewrite W16.and_mod 1:/#. + rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1:/#. + do (rewrite -shlMP 1:/# || rewrite W32.shlw_shrw_shrw 1:/# /=). rewrite (_: (W32.masklsb 23) = (W32.of_int (2 ^ 23 - 1))); first by rewrite /max /=. rewrite W32.and_mod 1:/# of_uintK. have a_mul_ub: 0 <= to_sint ((W16.of_int (to_sint a{1}.[64 * i{2} + k] * 20159 %/ 65536))) <= 1024. @@ -1422,10 +1422,10 @@ proof. rewrite /smod /=. move : a_mul_ub => /#. rewrite (modz_dvd _ W32.modulus (2^23)) 1:/# (pmod_small _ (2^23)) 1:/# (pmod_small _ W16.modulus) 1:/#. - rewrite shrDP 1://= -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. + rewrite shrDP 1:/# -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. rewrite(_: to_sint a{1}.[64 * i{2} + k] * 20159 %/ 65536 %/ 2 ^ 5 = to_sint a{1}.[64 * i{2} + k] * 20159 %/ (2^21)) 1:/#. - rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1://= mul1z. - rewrite shrDP 1://= (pmod_small _ W32.modulus) 1:/#. + rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1:/# mul1z. + rewrite shrDP 1:/# (pmod_small _ W32.modulus) 1:/#. rewrite (_: (2 ^ 21 + to_sint a{1}.[64 * i{2} + k] * 20159) %/ 2 ^ 21 %/ 2 ^ 1 = (2 ^ 21 + to_sint a{1}.[64 * i{2} + k] * 20159) %/ 2 ^ 22) 1:/#. do (rewrite of_uintK || rewrite (modz_dvd _ _ 16) 1:/#). rewrite (_: W16.smod ((2^21 + to_sint a{1}.[64 * i{2} + k] * 20159) %/ 2^22 %% 16) = ((2^21 + to_sint a{1}.[64 * i{2} + k] * 20159) %/ 2^22 %% 16)). @@ -1443,14 +1443,14 @@ proof. rewrite /lift_array256 mapiE 1:/# /= incoeffK. rewrite (v_def k) 1:/# (mask1_def k) 1:/# (shift1_def k) 1:/# qE. rewrite /wmulhs /round_scalew //=. - do rewrite shr_shrw 1://=. + do rewrite shr_shrw 1:/#. rewrite /(W16.smod 20159) //= /truncateu16. rewrite (pmod_small (to_sint a{1}.[64 * i{2} + 16 + k]) 3329). move : pos_bound_a => /#. rewrite (_: pc_mask_s = W16.of_int (2^4 - 1)). smt(). - rewrite W16.and_mod 1://=. - rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1://=. - do (rewrite -shlMP 1://= || rewrite W32.shlw_shrw_shrw 1://= //=). + rewrite W16.and_mod 1:/#. + rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1:/#. + do (rewrite -shlMP 1:/# || rewrite W32.shlw_shrw_shrw 1:/# /=). rewrite (_: (W32.masklsb 23) = (W32.of_int (2 ^ 23 - 1))); first by rewrite /max /=. rewrite W32.and_mod 1:/# of_uintK. have a_mul_ub: 0 <= to_sint ((W16.of_int (to_sint a{1}.[64 * i{2} + 16 + k] * 20159 %/ 65536))) <= 1024. @@ -1469,10 +1469,10 @@ proof. rewrite /smod /=. move : a_mul_ub => /#. rewrite (modz_dvd _ W32.modulus (2^23)) 1:/# (pmod_small _ (2^23)) 1:/# (pmod_small _ W16.modulus) 1:/#. - rewrite shrDP 1://= -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. + rewrite shrDP 1:/# -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. rewrite(_: to_sint a{1}.[64 * i{2} + 16 + k] * 20159 %/ 65536 %/ 2 ^ 5 = to_sint a{1}.[64 * i{2} + 16 + k] * 20159 %/ (2^21)) 1:/#. - rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1://= mul1z. - rewrite shrDP 1://= (pmod_small _ W32.modulus) 1:/#. + rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1:/# mul1z. + rewrite shrDP 1:/# (pmod_small _ W32.modulus) 1:/#. rewrite (_: (2 ^ 21 + to_sint a{1}.[64 * i{2} + 16 + k] * 20159) %/ 2 ^ 21 %/ 2 ^ 1 = (2 ^ 21 + to_sint a{1}.[64 * i{2} + 16 + k] * 20159) %/ 2 ^ 22) 1:/#. do (rewrite of_uintK || rewrite (modz_dvd _ _ 16) 1:/#). rewrite (_: W16.smod ((2^21 + to_sint a{1}.[64 * i{2} + 16 + k] * 20159) %/ 2^22 %% 16) = ((2^21 + to_sint a{1}.[64 * i{2} + 16 + k] * 20159) %/ 2^22 %% 16)). @@ -1490,14 +1490,14 @@ proof. rewrite /lift_array256 mapiE 1:/# /= incoeffK. rewrite (v_def k) 1:/# (mask1_def k) 1:/# (shift1_def k) 1:/# qE. rewrite /wmulhs /round_scalew //=. - do rewrite shr_shrw 1://=. + do rewrite shr_shrw 1:/#. rewrite /(W16.smod 20159) //= /truncateu16. rewrite (pmod_small (to_sint a{1}.[64 * i{2} + 32 + k]) 3329). move : pos_bound_a => /#. rewrite (_: pc_mask_s = W16.of_int (2^4 - 1)). smt(). - rewrite W16.and_mod 1://=. - rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1://=. - do (rewrite -shlMP 1://= || rewrite W32.shlw_shrw_shrw 1://= //=). + rewrite W16.and_mod 1:/#. + rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1:/#. + do (rewrite -shlMP 1:/# || rewrite W32.shlw_shrw_shrw 1:/# /=). rewrite (_: (W32.masklsb 23) = (W32.of_int (2 ^ 23 - 1))); first by rewrite /max /=. rewrite W32.and_mod 1:/# of_uintK. have a_mul_ub: 0 <= to_sint ((W16.of_int (to_sint a{1}.[64 * i{2} + 32 + k] * 20159 %/ 65536))) <= 1024. @@ -1516,10 +1516,10 @@ proof. rewrite /smod /=. move : a_mul_ub => /#. rewrite (modz_dvd _ W32.modulus (2^23)) 1:/# (pmod_small _ (2^23)) 1:/# (pmod_small _ W16.modulus) 1:/#. - rewrite shrDP 1://= -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. + rewrite shrDP 1:/# -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. rewrite(_: to_sint a{1}.[64 * i{2} + 32 + k] * 20159 %/ 65536 %/ 2 ^ 5 = to_sint a{1}.[64 * i{2} + 32 + k] * 20159 %/ (2^21)) 1:/#. - rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1://= mul1z. - rewrite shrDP 1://= (pmod_small _ W32.modulus) 1:/#. + rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1:/# mul1z. + rewrite shrDP 1:/# (pmod_small _ W32.modulus) 1:/#. rewrite (_: (2 ^ 21 + to_sint a{1}.[64 * i{2} + 32 + k] * 20159) %/ 2 ^ 21 %/ 2 ^ 1 = (2 ^ 21 + to_sint a{1}.[64 * i{2} + 32 + k] * 20159) %/ 2 ^ 22) 1:/#. do (rewrite of_uintK || rewrite (modz_dvd _ _ 16) 1:/#). rewrite (_: W16.smod ((2^21 + to_sint a{1}.[64 * i{2} + 32 + k] * 20159) %/ 2^22 %% 16) = ((2^21 + to_sint a{1}.[64 * i{2} + 32 + k] * 20159) %/ 2^22 %% 16)). @@ -1537,14 +1537,14 @@ proof. rewrite /lift_array256 mapiE 1:/# /= incoeffK. rewrite (v_def k) 1:/# (mask1_def k) 1:/# (shift1_def k) 1:/# qE. rewrite /wmulhs /round_scalew //=. - do rewrite shr_shrw 1://=. + do rewrite shr_shrw 1:/#. rewrite /(W16.smod 20159) //= /truncateu16. rewrite (pmod_small (to_sint a{1}.[64 * i{2} + 48 + k]) 3329). move : pos_bound_a => /#. rewrite (_: pc_mask_s = W16.of_int (2^4 - 1)). smt(). - rewrite W16.and_mod 1://=. - rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1://=. - do (rewrite -shlMP 1://= || rewrite W32.shlw_shrw_shrw 1://= //=). + rewrite W16.and_mod 1:/#. + rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1:/#. + do (rewrite -shlMP 1:/# || rewrite W32.shlw_shrw_shrw 1:/# /=). rewrite (_: (W32.masklsb 23) = (W32.of_int (2 ^ 23 - 1))); first by rewrite /max /=. rewrite W32.and_mod 1:/# of_uintK. have a_mul_ub: 0 <= to_sint ((W16.of_int (to_sint a{1}.[64 * i{2} + 48 + k] * 20159 %/ 65536))) <= 1024. @@ -1563,10 +1563,10 @@ proof. rewrite /smod /=. move : a_mul_ub => /#. rewrite (modz_dvd _ W32.modulus (2^23)) 1:/# (pmod_small _ (2^23)) 1:/# (pmod_small _ W16.modulus) 1:/#. - rewrite shrDP 1://= -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. + rewrite shrDP 1:/# -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. rewrite(_: to_sint a{1}.[64 * i{2} + 48 + k] * 20159 %/ 65536 %/ 2 ^ 5 = to_sint a{1}.[64 * i{2} + 48 + k] * 20159 %/ (2^21)) 1:/#. - rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1://= mul1z. - rewrite shrDP 1://= (pmod_small _ W32.modulus) 1:/#. + rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1:/# mul1z. + rewrite shrDP 1:/# (pmod_small _ W32.modulus) 1:/#. rewrite (_: (2 ^ 21 + to_sint a{1}.[64 * i{2} + 48 + k] * 20159) %/ 2 ^ 21 %/ 2 ^ 1 = (2 ^ 21 + to_sint a{1}.[64 * i{2} + 48 + k] * 20159) %/ 2 ^ 22) 1:/#. do (rewrite of_uintK || rewrite (modz_dvd _ _ 16) 1:/#). rewrite (_: W16.smod ((2^21 + to_sint a{1}.[64 * i{2} + 48 + k] * 20159) %/ 2^22 %% 16) = ((2^21 + to_sint a{1}.[64 * i{2} + 48 + k] * 20159) %/ 2^22 %% 16)). @@ -1717,7 +1717,7 @@ proof. apply Array128.ext_eq. move => x x_i. rewrite filliE //=. case (32 * i{2} <= x && x < 32 * i{2} + 32) => x_si. - do (rewrite get_setE; first by move : x_si i_lb i_ub => /# //=). + do (rewrite get_setE; first by move : x_si i_lb i_ub => /# /=). smt(). do (rewrite set_neqiE; first 2 by move : x_si i_lb i_tub => /#). done. @@ -1736,22 +1736,22 @@ proof. rewrite W4u8.Pack.initiE 1:/# /=. rewrite permidx_def 1:/#. rewrite of_uintK. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. rewrite -(divz_mulp _ 4 2) 1..2://=. rewrite (_: (4 * (k %% 32 %/ 4 %% 2) + k %% 32 %/ (4 * 2)) %% 8 = k %% 8 - k %% 4 + k %/ 8 - 4 * i{2}). - rewrite -(modz_pow2_div 3 2 _) 1://=. + rewrite -(modz_pow2_div 3 2 _) 1:/#. rewrite (mulzC 4 _) (divzE _ 4). - rewrite modz_dvd 1://= modz_dvd 1://= //=. + rewrite modz_dvd 1:/# modz_dvd 1:/# //=. rewrite (pmod_small (Int.(+) _ _) 8). move : k_tlb k_ub; smt(). move : k_tlb k_ub; smt(). - rewrite (modz_dvd _ 32 4) 1://=. + rewrite (modz_dvd _ 32 4) 1:/#. rewrite (_: 4 * (k %% 8 - k %% 4 + (k %/ 8) - 4 * i{2}) + k %% 4 = 4 * (k %% 8) - 3 * (k %% 4) + 4 * (k %/ 8) - 16 * i{2}). smt(). - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). rewrite (_: (4 * (k %% 8) - 3 * (k %% 4) + 4 * (k %/ 8) - 16 * i{2}) %/ 8 %% 2 = (4 * (k %% 8) - 3 * (k %% 4) + 4 * (k %/ 8)) %% 16 %/ 8). - rewrite (_: 2 = 2^1) 1://= {3}(_: 8 = 2^3) 1://=. - rewrite -(modz_pow2_div 4 3) 1://= //=. + rewrite (_: 2 = 2^1) 1:/# {3}(_: 8 = 2^3) 1:/#. + rewrite -(modz_pow2_div 4 3) 1:/# //=. rewrite (mulzC 16 _). smt(). pose x := 4 * (k %% 8) - 3 * (k %% 4) + 4 * (k %/ 8) - 16 * i{2}. @@ -1769,10 +1769,10 @@ proof. rewrite (_: (16 * (x %/ 16) + 2 * (x %% 8) + 1) %% 8 = (2 * (x %% 8) + 1) %% 8). smt(). rewrite /packus16. - do (rewrite sltE sleE || rewrite of_sintK /smod //=). + do (rewrite sltE sleE || rewrite of_sintK /smod /=). do (rewrite f0_def 1:/# f1_def 1:/# f2_def 1:/# f3_def 1:/#). - do (rewrite /lift_array256 mapiE 1:/# //=). - do (rewrite (_: forall c, !(compress 4 (incoeff c) < 0)); first by move => c; move : (MLKEM_Poly.compress_rng (incoeff c) 4); rewrite -lezNgt //=). + do (rewrite /lift_array256 mapiE 1:/# /=). + do (rewrite (_: forall c, !(compress 4 (incoeff c) < 0)); first by move => c; move : (MLKEM_Poly.compress_rng (incoeff c) 4); rewrite -lezNgt /=). do (rewrite (_: forall c, !(255 <= compress 4 (incoeff c))) /=; first by move => c; move : (MLKEM_Poly.compress_rng (incoeff c) 4); rewrite -ltzNge /= => /#). rewrite (_: 8 * (x %/ 16) + 2 * (x %% 8) %% 8 = 2 * (k %% 8)). have H: k \in (iota_ (32 * i{2}) 32); first by rewrite mem_iota k_ub k_tlb. @@ -1791,8 +1791,8 @@ proof. smt(). rewrite (_: 4 * ((16 * (x %/ 16) + 2 * (x %% 8)) %% 2) = 0). smt(). - rewrite shlMP 1://= of_sintK /smod //=. - rewrite shlMP 1://= of_sintK /smod //=. + rewrite shlMP 1:/# of_sintK /smod //=. + rewrite shlMP 1:/# of_sintK /smod //=. have f0_b: forall k, 0 <= k < 16 => 0 <= to_sint f0{1}.[k] < 16. move => j j_i. rewrite (f0_def j j_i). @@ -1873,7 +1873,7 @@ proof. move => <-; first by smt(). rewrite to_sint_unsigned; first by move : (f3_b (2 * (k %% 8) + 1)) => /#. rewrite to_uintK' => //=. - do (rewrite of_int_bits8_div 1://= expr0 divz1). + do (rewrite of_int_bits8_div 1:/# expr0 divz1). have pck_bnds: forall (c1 c2: coeff), 0 <= (compress 4 c1) + (compress 4 c2) * 16 < 256. move => c1 c2. @@ -1907,7 +1907,7 @@ proof. do rewrite pck_id. do (rewrite (_: forall c1 c2, !(compress 4 c1 + (compress 4 c2) * 16 < 0)); first by move : pck_bnds => /#). simplify. - do (rewrite of_int_bits8_div 1://= //=). + do (rewrite of_int_bits8_div 1:/# /=). have packusid: forall c1 c2, (if 255 <= compress 4 c1 + (compress 4 c2) * 16 then (W8.of_int 255) else W8.of_int (compress 4 c1 + (compress 4 c2) * 16)) = W8.of_int (compress 4 c1 + (compress 4 c2) * 16). @@ -2030,14 +2030,14 @@ proof. rewrite /lift_array256 mapiE 1:/# /= incoeffK. rewrite (v_def k) 1:/# (mask1_def k) 1:/# (shift1_def k) 1:/# qE. rewrite /wmulhs /round_scalew //=. - do rewrite shr_shrw 1://=. + do rewrite shr_shrw 1:/#. rewrite /(W16.smod 20159) //= /truncateu16. rewrite (pmod_small (to_sint a{1}.[64 * i{2} + k]) 3329). move : pos_bound_a => /#. rewrite (_: pc_mask_s = W16.of_int (2^4 - 1)). smt(). - rewrite W16.and_mod 1://=. - rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1://=. - do (rewrite -shlMP 1://= || rewrite W32.shlw_shrw_shrw 1://= //=). + rewrite W16.and_mod 1:/#. + rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1:/#. + do (rewrite -shlMP 1:/# || rewrite W32.shlw_shrw_shrw 1:/# /=). rewrite (_: (W32.masklsb 23) = (W32.of_int (2 ^ 23 - 1))); first by rewrite /max /=. rewrite W32.and_mod 1:/# of_uintK. have a_mul_ub: 0 <= to_sint ((W16.of_int (to_sint a{1}.[64 * i{2} + k] * 20159 %/ 65536))) <= 1024. @@ -2056,10 +2056,10 @@ proof. rewrite /smod /=. move : a_mul_ub => /#. rewrite (modz_dvd _ W32.modulus (2^23)) 1:/# (pmod_small _ (2^23)) 1:/# (pmod_small _ W16.modulus) 1:/#. - rewrite shrDP 1://= -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. + rewrite shrDP 1:/# -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. rewrite(_: to_sint a{1}.[64 * i{2} + k] * 20159 %/ 65536 %/ 2 ^ 5 = to_sint a{1}.[64 * i{2} + k] * 20159 %/ (2^21)) 1:/#. - rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1://= mul1z. - rewrite shrDP 1://= (pmod_small _ W32.modulus) 1:/#. + rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1:/# mul1z. + rewrite shrDP 1:/# (pmod_small _ W32.modulus) 1:/#. rewrite (_: (2 ^ 21 + to_sint a{1}.[64 * i{2} + k] * 20159) %/ 2 ^ 21 %/ 2 ^ 1 = (2 ^ 21 + to_sint a{1}.[64 * i{2} + k] * 20159) %/ 2 ^ 22) 1:/#. do (rewrite of_uintK || rewrite (modz_dvd _ _ 16) 1:/#). rewrite (_: W16.smod ((2^21 + to_sint a{1}.[64 * i{2} + k] * 20159) %/ 2^22 %% 16) = ((2^21 + to_sint a{1}.[64 * i{2} + k] * 20159) %/ 2^22 %% 16)). @@ -2077,14 +2077,14 @@ proof. rewrite /lift_array256 mapiE 1:/# /= incoeffK. rewrite (v_def k) 1:/# (mask1_def k) 1:/# (shift1_def k) 1:/# qE. rewrite /wmulhs /round_scalew //=. - do rewrite shr_shrw 1://=. + do rewrite shr_shrw 1:/#. rewrite /(W16.smod 20159) //= /truncateu16. rewrite (pmod_small (to_sint a{1}.[64 * i{2} + 16 + k]) 3329). move : pos_bound_a => /#. rewrite (_: pc_mask_s = W16.of_int (2^4 - 1)). smt(). - rewrite W16.and_mod 1://=. - rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1://=. - do (rewrite -shlMP 1://= || rewrite W32.shlw_shrw_shrw 1://= //=). + rewrite W16.and_mod 1:/#. + rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1:/#. + do (rewrite -shlMP 1:/# || rewrite W32.shlw_shrw_shrw 1:/# /=). rewrite (_: (W32.masklsb 23) = (W32.of_int (2 ^ 23 - 1))); first by rewrite /max /=. rewrite W32.and_mod 1:/# of_uintK. have a_mul_ub: 0 <= to_sint ((W16.of_int (to_sint a{1}.[64 * i{2} + 16 + k] * 20159 %/ 65536))) <= 1024. @@ -2103,10 +2103,10 @@ proof. rewrite /smod /=. move : a_mul_ub => /#. rewrite (modz_dvd _ W32.modulus (2^23)) 1:/# (pmod_small _ (2^23)) 1:/# (pmod_small _ W16.modulus) 1:/#. - rewrite shrDP 1://= -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. + rewrite shrDP 1:/# -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. rewrite(_: to_sint a{1}.[64 * i{2} + 16 + k] * 20159 %/ 65536 %/ 2 ^ 5 = to_sint a{1}.[64 * i{2} + 16 + k] * 20159 %/ (2^21)) 1:/#. - rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1://= mul1z. - rewrite shrDP 1://= (pmod_small _ W32.modulus) 1:/#. + rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1:/# mul1z. + rewrite shrDP 1:/# (pmod_small _ W32.modulus) 1:/#. rewrite (_: (2 ^ 21 + to_sint a{1}.[64 * i{2} + 16 + k] * 20159) %/ 2 ^ 21 %/ 2 ^ 1 = (2 ^ 21 + to_sint a{1}.[64 * i{2} + 16 + k] * 20159) %/ 2 ^ 22) 1:/#. do (rewrite of_uintK || rewrite (modz_dvd _ _ 16) 1:/#). rewrite (_: W16.smod ((2^21 + to_sint a{1}.[64 * i{2} + 16 + k] * 20159) %/ 2^22 %% 16) = ((2^21 + to_sint a{1}.[64 * i{2} + 16 + k] * 20159) %/ 2^22 %% 16)). @@ -2124,14 +2124,14 @@ proof. rewrite /lift_array256 mapiE 1:/# /= incoeffK. rewrite (v_def k) 1:/# (mask1_def k) 1:/# (shift1_def k) 1:/# qE. rewrite /wmulhs /round_scalew //=. - do rewrite shr_shrw 1://=. + do rewrite shr_shrw 1:/#. rewrite /(W16.smod 20159) //= /truncateu16. rewrite (pmod_small (to_sint a{1}.[64 * i{2} + 32 + k]) 3329). move : pos_bound_a => /#. rewrite (_: pc_mask_s = W16.of_int (2^4 - 1)). smt(). - rewrite W16.and_mod 1://=. - rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1://=. - do (rewrite -shlMP 1://= || rewrite W32.shlw_shrw_shrw 1://= //=). + rewrite W16.and_mod 1:/#. + rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1:/#. + do (rewrite -shlMP 1:/# || rewrite W32.shlw_shrw_shrw 1:/# /=). rewrite (_: (W32.masklsb 23) = (W32.of_int (2 ^ 23 - 1))); first by rewrite /max /=. rewrite W32.and_mod 1:/# of_uintK. have a_mul_ub: 0 <= to_sint ((W16.of_int (to_sint a{1}.[64 * i{2} + 32 + k] * 20159 %/ 65536))) <= 1024. @@ -2150,10 +2150,10 @@ proof. rewrite /smod /=. move : a_mul_ub => /#. rewrite (modz_dvd _ W32.modulus (2^23)) 1:/# (pmod_small _ (2^23)) 1:/# (pmod_small _ W16.modulus) 1:/#. - rewrite shrDP 1://= -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. + rewrite shrDP 1:/# -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. rewrite(_: to_sint a{1}.[64 * i{2} + 32 + k] * 20159 %/ 65536 %/ 2 ^ 5 = to_sint a{1}.[64 * i{2} + 32 + k] * 20159 %/ (2^21)) 1:/#. - rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1://= mul1z. - rewrite shrDP 1://= (pmod_small _ W32.modulus) 1:/#. + rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1:/# mul1z. + rewrite shrDP 1:/# (pmod_small _ W32.modulus) 1:/#. rewrite (_: (2 ^ 21 + to_sint a{1}.[64 * i{2} + 32 + k] * 20159) %/ 2 ^ 21 %/ 2 ^ 1 = (2 ^ 21 + to_sint a{1}.[64 * i{2} + 32 + k] * 20159) %/ 2 ^ 22) 1:/#. do (rewrite of_uintK || rewrite (modz_dvd _ _ 16) 1:/#). rewrite (_: W16.smod ((2^21 + to_sint a{1}.[64 * i{2} + 32 + k] * 20159) %/ 2^22 %% 16) = ((2^21 + to_sint a{1}.[64 * i{2} + 32 + k] * 20159) %/ 2^22 %% 16)). @@ -2171,14 +2171,14 @@ proof. rewrite /lift_array256 mapiE 1:/# /= incoeffK. rewrite (v_def k) 1:/# (mask1_def k) 1:/# (shift1_def k) 1:/# qE. rewrite /wmulhs /round_scalew //=. - do rewrite shr_shrw 1://=. + do rewrite shr_shrw 1:/#. rewrite /(W16.smod 20159) //= /truncateu16. rewrite (pmod_small (to_sint a{1}.[64 * i{2} + 48 + k]) 3329). move : pos_bound_a => /#. rewrite (_: pc_mask_s = W16.of_int (2^4 - 1)). smt(). - rewrite W16.and_mod 1://=. - rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1://=. - do (rewrite -shlMP 1://= || rewrite W32.shlw_shrw_shrw 1://= //=). + rewrite W16.and_mod 1:/#. + rewrite /(W16.smod 512) //= (_: 512 = 2 ^ 9) 1:/#. + do (rewrite -shlMP 1:/# || rewrite W32.shlw_shrw_shrw 1:/# /=). rewrite (_: (W32.masklsb 23) = (W32.of_int (2 ^ 23 - 1))); first by rewrite /max /=. rewrite W32.and_mod 1:/# of_uintK. have a_mul_ub: 0 <= to_sint ((W16.of_int (to_sint a{1}.[64 * i{2} + 48 + k] * 20159 %/ 65536))) <= 1024. @@ -2197,10 +2197,10 @@ proof. rewrite /smod /=. move : a_mul_ub => /#. rewrite (modz_dvd _ W32.modulus (2^23)) 1:/# (pmod_small _ (2^23)) 1:/# (pmod_small _ W16.modulus) 1:/#. - rewrite shrDP 1://= -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. + rewrite shrDP 1:/# -of_intD (pmod_small _ W32.modulus) 1:/# (pmod_small _ W16.modulus) 1:/#. rewrite(_: to_sint a{1}.[64 * i{2} + 48 + k] * 20159 %/ 65536 %/ 2 ^ 5 = to_sint a{1}.[64 * i{2} + 48 + k] * 20159 %/ (2^21)) 1:/#. - rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1://= mul1z. - rewrite shrDP 1://= (pmod_small _ W32.modulus) 1:/#. + rewrite (addzC _ 1) -(divzMDl 1 _ (2^21)) 1:/# mul1z. + rewrite shrDP 1:/# (pmod_small _ W32.modulus) 1:/#. rewrite (_: (2 ^ 21 + to_sint a{1}.[64 * i{2} + 48 + k] * 20159) %/ 2 ^ 21 %/ 2 ^ 1 = (2 ^ 21 + to_sint a{1}.[64 * i{2} + 48 + k] * 20159) %/ 2 ^ 22) 1:/#. do (rewrite of_uintK || rewrite (modz_dvd _ _ 16) 1:/#). rewrite (_: W16.smod ((2^21 + to_sint a{1}.[64 * i{2} + 48 + k] * 20159) %/ 2^22 %% 16) = ((2^21 + to_sint a{1}.[64 * i{2} + 48 + k] * 20159) %/ 2^22 %% 16)). @@ -2406,7 +2406,7 @@ proof. apply Array128.ext_eq. move => x x_i. rewrite filliE //=. case (32 * i{2} <= x && x < 32 * i{2} + 32) => x_si. - do (rewrite get_setE; first by move : x_si i_lb i_ub => /# //=). + do (rewrite get_setE; first by move : x_si i_lb i_ub => /# /=). smt(). do (rewrite set_neqiE; first 2 by move : x_si i_lb i_tub => /#). done. @@ -2416,11 +2416,11 @@ proof. rewrite W4u8.Pack.initiE 1:/# /=. rewrite permidx_def 1:/#. rewrite of_uintK. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. rewrite -(divz_mulp _ 4 2) 1..2://=. rewrite (_: (4 * ((k - 32 * i{2}) %/ 4 %% 2) + (k - 32 * i{2}) %/ (4 * 2)) %% 8 = k %% 8 - k %% 4 + k %/ 8 - 4 * i{2}). - rewrite -(modz_pow2_div 3 2 _) 1://=. + rewrite -(modz_pow2_div 3 2 _) 1:/#. rewrite (mulzC 4 _) (divzE _ 4). rewrite modz_dvd //=. rewrite (_: (k - 32 * i{2}) %% 8 = k %% 8). move : k_tlb k_ub; smt(). @@ -2431,10 +2431,10 @@ proof. smt(). rewrite (_: 4 * (k %% 8 - k %% 4 + (k %/ 8) - 4 * i{2}) + k %% 4 = 4 * (k %% 8) - 3 * (k %% 4) + 4 * (k %/ 8) - 16 * i{2}). smt(). - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). rewrite (_: (4 * (k %% 8) - 3 * (k %% 4) + 4 * (k %/ 8) - 16 * i{2}) %/ 8 %% 2 = (4 * (k %% 8) - 3 * (k %% 4) + 4 * (k %/ 8)) %% 16 %/ 8). - rewrite (_: 2 = 2^1) 1://= {3}(_: 8 = 2^3) 1://=. - rewrite -(modz_pow2_div 4 3) 1://= //=. + rewrite (_: 2 = 2^1) 1:/# {3}(_: 8 = 2^3) 1:/#. + rewrite -(modz_pow2_div 4 3) 1:/# //=. rewrite (mulzC 16 _). smt(). pose x := 4 * (k %% 8) - 3 * (k %% 4) + 4 * (k %/ 8) - 16 * i{2}. @@ -2452,10 +2452,10 @@ proof. rewrite (_: (16 * (x %/ 16) + 2 * (x %% 8) + 1) %% 8 = (2 * (x %% 8) + 1) %% 8). smt(). rewrite /packus16. - do (rewrite sltE sleE || rewrite of_sintK /smod //=). + do (rewrite sltE sleE || rewrite of_sintK /smod /=). do (rewrite f0_def 1:/# f1_def 1:/# f2_def 1:/# f3_def 1:/#). - do (rewrite /lift_array256 mapiE 1:/# //=). - do (rewrite (_: forall c, !(compress 4 (incoeff c) < 0)); first by move => c; move : (MLKEM_Poly.compress_rng (incoeff c) 4); rewrite -lezNgt //=). + do (rewrite /lift_array256 mapiE 1:/# /=). + do (rewrite (_: forall c, !(compress 4 (incoeff c) < 0)); first by move => c; move : (MLKEM_Poly.compress_rng (incoeff c) 4); rewrite -lezNgt /=). do (rewrite (_: forall c, !(255 <= compress 4 (incoeff c))) /=; first by move => c; move : (MLKEM_Poly.compress_rng (incoeff c) 4); rewrite -ltzNge /= => /#). rewrite (_: 8 * (x %/ 16) + 2 * (x %% 8) %% 8 = 2 * (k %% 8)). have : k \in (iota_ (32 * i{2}) 32); first by rewrite mem_iota k_ub k_tlb. @@ -2470,8 +2470,8 @@ proof. smt(). rewrite (_: 4 * ((16 * (x %/ 16) + 2 * (x %% 8)) %% 2) = 0). smt(). - rewrite shlMP 1://= of_sintK /smod //=. - rewrite shlMP 1://= of_sintK /smod //=. + rewrite shlMP 1:/# of_sintK /smod //=. + rewrite shlMP 1:/# of_sintK /smod //=. have f0_b: forall k, 0 <= k < 16 => 0 <= to_sint f0{1}.[k] < 16. move => j j_i. rewrite (f0_def j j_i). @@ -2552,7 +2552,7 @@ proof. move => <-; first by smt(). rewrite to_sint_unsigned; first by move : (f3_b (2 * (k %% 8) + 1)) => /#. rewrite to_uintK' => //=. - do (rewrite of_int_bits8_div 1://= expr0 divz1). + do (rewrite of_int_bits8_div 1:/# expr0 divz1). have pck_bnds: forall (c1 c2: coeff), 0 <= (compress 4 c1) + (compress 4 c2) * 16 < 256. move => c1 c2. @@ -2586,7 +2586,7 @@ proof. do rewrite pck_id. do (rewrite (_: forall c1 c2, !(compress 4 c1 + (compress 4 c2) * 16 < 0)); first by move : pck_bnds => /#). simplify. - do (rewrite of_int_bits8_div 1://= //=). + do (rewrite of_int_bits8_div 1:/# /=). have packusid: forall c1 c2, (if 255 <= compress 4 c1 + (compress 4 c2) * 16 then (W8.of_int 255) else W8.of_int (compress 4 c1 + (compress 4 c2) * 16)) = W8.of_int (compress 4 c1 + (compress 4 c2) * 16). @@ -2680,8 +2680,8 @@ proof. auto => />. move => &1 &2 [#] pos_bound_a hq_def hhq_def i_lb i_ub rp_def i_tub />. split; first by move : i_lb i_tub => /#. - do (rewrite hq_def 1://=). - do (rewrite hhq_def 1://=). + do (rewrite hq_def 1:/#). + do (rewrite hhq_def 1:/#). rewrite (_: witness<:W8.t Array32.t>.[0 <- packss16 (((W16.of_int 1664) - a{1}.[32 * i{2} + 0]) `^` @@ -2894,7 +2894,7 @@ proof. apply Array32.ext_eq => x x_i. rewrite filliE 1:x_i //=. case (4 * i{2} <= x && x < 4 * i{2} + 4)=> x_si. - do (rewrite get_setE; first by move : x_si i_lb i_ub => /# //=). + do (rewrite get_setE; first by move : x_si i_lb i_ub => /# /=). (* TODO: smt should solve this have Hx: x \in (iota_ (4 * i{2}) 4); first by rewrite mem_iota -andabP x_si. move : Hx. @@ -2915,15 +2915,15 @@ proof. case (4 * i{2} <= k && k < 4 * i{2} + 4) => k_si. + rewrite /msg. rewrite wordP => j j_i. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). rewrite get8_set32_directE 1,2:/# k_si /= bits8iE 1:/# W32.get_bits2w 1:/# nth_mkseq 1:/# //=. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). rewrite /int_bit. rewrite /compress_poly mapiE 1:/# //=. rewrite lift_array256E 1:/#. rewrite (mulzC 8 _). do (rewrite modzMDl divzMDl //=). - do (rewrite (pdiv_small _ 8) 1:j_i //= || rewrite (modz_small j 8) 1:j_i //=). + do (rewrite (pdiv_small _ 8) 1:j_i //= || rewrite (modz_small j 8) 1:j_i /=). rewrite {2 4}(_: 16 = 8 * 2). by trivial. rewrite !modz_dvd 1,2://=. have -> : 32 * i{2} + 8 * (k %% 4) + j = (8*(4*i{2} + k %% 4) + j) by ring. @@ -2995,9 +2995,9 @@ proof. have x_msk: forall j0, 0 <= j0 < 16 => ((((f_def.[di] `<<` (W8.of_int n)) \bits16 k) `<<` sl) `|>>` (W8.of_int 15)).[j0] = a.[i].[j]. - rewrite /W16.(`|>>`) /sar //=. + rewrite /W16.(`|>>`) /sar /(`|>>>`) //=. move => j0 j0_i. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). rewrite (_: min 15 (j0 + 15) = 15); first by smt(). rewrite /W16.(`<<`) /W16.(`<<<`). rewrite /sl. @@ -3011,11 +3011,11 @@ proof. rewrite -addzA addNz addz0. rewrite /W32.(`<<`) /W32.(`<<<`). rewrite initiE 1:/# //=. - rewrite modz_dvd 1://= (pmod_small n) //=; first by smt(). + rewrite modz_dvd 1:/# (pmod_small n) //=; first by smt(). rewrite -(addzA _ n) addzN addz0. rewrite pack4wE 1:/# //=. rewrite initiE 1:/# //=. - rewrite (_: linear_idx %% 32 %% 8 = j). by rewrite modz_dvd 1://= /linear_idx mulzC modzMDl pmod_small 1:j_i. + rewrite (_: linear_idx %% 32 %% 8 = j). by rewrite modz_dvd 1:/# /linear_idx mulzC modzMDl pmod_small 1:j_i. rewrite (_: 4 * di + linear_idx %% 32 %/ 8 = i). rewrite /di /linear_idx; smt(). done. @@ -3112,7 +3112,7 @@ proof. move => j j_i. rewrite (idx_def j j_i). rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite /f8u32_t32u8 //=. @@ -3149,11 +3149,11 @@ proof. W2u8.Pack.init (fun j => tmp.[16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]])). apply W2u8.Pack.ext_eq. move => x x_i. - do 2!(rewrite initiE 1:/# //=). - rewrite W2u8.Pack.initiE 1://= //=. + do 2!(rewrite initiE 1:/# /=). + rewrite W2u8.Pack.initiE 1:/# //=. rewrite (pmod_small _ 16) //=. rewrite idx_def 1:/# /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: W2u8.Pack.init (fun (j : int) => tmp.[16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]]) = @@ -3164,7 +3164,7 @@ proof. move => x x_i. do (rewrite initiE //=). rewrite idx_def 1:/# /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). move : x_i k_lb k_ub => /#. rewrite (_: W2u8.Pack.init (fun (j : int) => f{1}.[4 * ((16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]) %/ 4 %/ 4) + @@ -3184,7 +3184,7 @@ proof. move => w w_i. rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (16 * ((2 * k + x) %/ 16) + to_uint idx{1}.[2 * k + x]) %/ 4 %% 4 = to_uint idx{1}.[2 * k + x] %/ 4). @@ -3203,7 +3203,7 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite exprM //=. rewrite (_: (2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j) %/ 4 = (k %% 4) + (2 * (k %% 8 %/ 4) + j) %/ 4). by smt(). @@ -3231,11 +3231,11 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (2 * k + j) %/ 16 = k %/ 8). by smt(). rewrite (_: 16 * (k %/ 8) = (4 * (k %/ 8)) * 4). smt(). - rewrite (divzMDl (4 * (k %/ 8)) _ 4) 1://=. + rewrite (divzMDl (4 * (k %/ 8)) _ 4) 1:/#. rewrite (_: (2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j) %/ 4 = (k %% 4) + (2 * (k %% 8 %/ 4) + j) %/ 4). by smt(). rewrite (pdiv_small _ 4) //=. by smt(). @@ -3244,7 +3244,7 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (2 * k + j) %/ 16 = k %/ 8). by smt(). rewrite (_: 16 * (k %/ 8) = (4 * (k %/ 8)) * 4). smt(). @@ -3260,7 +3260,7 @@ proof. apply W2u8.Pack.ext_eq. move => x x_i. do (rewrite initiE //=). - rewrite f_idx 1:// shift_idx 1://= bit_idx 1://=. + rewrite f_idx 1:// shift_idx 1:/# bit_idx 1:/#. trivial. rewrite (_: (pack2_t (W2u8.Pack.init (fun (j: int) => @@ -3313,7 +3313,7 @@ proof. move => j j_i. rewrite (idx_def j j_i). rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite /f8u32_t32u8 //=. @@ -3350,11 +3350,11 @@ proof. W2u8.Pack.init (fun j => tmp.[16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]])). apply W2u8.Pack.ext_eq. move => x x_i. - do 2!(rewrite initiE 1:/# //=). - rewrite W2u8.Pack.initiE 1://= //=. + do 2!(rewrite initiE 1:/# /=). + rewrite W2u8.Pack.initiE 1:/# //=. rewrite (pmod_small _ 16) //=. rewrite idx_def 1:/# /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: W2u8.Pack.init (fun (j : int) => tmp.[16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]]) = @@ -3365,7 +3365,7 @@ proof. move => x x_i. do (rewrite initiE //=). rewrite idx_def 1:/# /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). move : x_i k_lb k_ub => /#. rewrite (_: W2u8.Pack.init (fun (j : int) => f{1}.[4 * ((16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]) %/ 4 %/ 4) + @@ -3385,7 +3385,7 @@ proof. move => w w_i. rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (16 * ((2 * k + x) %/ 16) + to_uint idx{1}.[2 * k + x]) %/ 4 %% 4 = to_uint idx{1}.[2 * k + x] %/ 4). @@ -3404,7 +3404,7 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite exprM //=. rewrite (_: (2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j) %/ 4 = (k %% 4) + (2 * (k %% 8 %/ 4) + j) %/ 4). by smt(). @@ -3432,11 +3432,11 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (2 * k + j) %/ 16 = k %/ 8). by smt(). rewrite (_: 16 * (k %/ 8) = (4 * (k %/ 8)) * 4). smt(). - rewrite (divzMDl (4 * (k %/ 8)) _ 4) 1://=. + rewrite (divzMDl (4 * (k %/ 8)) _ 4) 1:/#. rewrite (_: (2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j) %/ 4 = (k %% 4) + (2 * (k %% 8 %/ 4) + j) %/ 4). by smt(). rewrite (pdiv_small _ 4) //=. by smt(). @@ -3445,7 +3445,7 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (2 * k + j) %/ 16 = k %/ 8). by smt(). rewrite (_: 16 * (k %/ 8) = (4 * (k %/ 8)) * 4). smt(). @@ -3461,7 +3461,7 @@ proof. apply W2u8.Pack.ext_eq. move => x x_i. do (rewrite initiE //=). - rewrite f_idx 1:// shift_idx 1://= bit_idx 1://=. + rewrite f_idx 1:// shift_idx 1:/# bit_idx 1:/#. trivial. rewrite (_: (pack2_t (W2u8.Pack.init (fun (j: int) => @@ -3512,7 +3512,7 @@ proof. move => j j_i. rewrite (idx_def j j_i). rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite /f8u32_t32u8 //=. @@ -3549,11 +3549,11 @@ proof. W2u8.Pack.init (fun j => tmp.[16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]])). apply W2u8.Pack.ext_eq. move => x x_i. - do 2!(rewrite initiE 1:/# //=). - rewrite W2u8.Pack.initiE 1://= //=. + do 2!(rewrite initiE 1:/# /=). + rewrite W2u8.Pack.initiE 1:/# //=. rewrite (pmod_small _ 16) //=. rewrite idx_def 1:/# /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: W2u8.Pack.init (fun (j : int) => tmp.[16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]]) = @@ -3564,7 +3564,7 @@ proof. move => x x_i. do (rewrite initiE //=). rewrite idx_def 1:/# /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). move : x_i k_lb k_ub => /#. rewrite (_: W2u8.Pack.init (fun (j : int) => f{1}.[4 * ((16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]) %/ 4 %/ 4) + @@ -3584,7 +3584,7 @@ proof. move => w w_i. rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (16 * ((2 * k + x) %/ 16) + to_uint idx{1}.[2 * k + x]) %/ 4 %% 4 = to_uint idx{1}.[2 * k + x] %/ 4). @@ -3603,7 +3603,7 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite exprM //=. rewrite (_: (2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j) %/ 4 = (k %% 4) + (2 * (k %% 8 %/ 4) + j) %/ 4). by smt(). @@ -3631,11 +3631,11 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (2 * k + j) %/ 16 = k %/ 8). by smt(). rewrite (_: 16 * (k %/ 8) = (4 * (k %/ 8)) * 4). smt(). - rewrite (divzMDl (4 * (k %/ 8)) _ 4) 1://=. + rewrite (divzMDl (4 * (k %/ 8)) _ 4) 1:/#. rewrite (_: (2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j) %/ 4 = (k %% 4) + (2 * (k %% 8 %/ 4) + j) %/ 4). by smt(). rewrite (pdiv_small _ 4) //=. by smt(). @@ -3644,7 +3644,7 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (2 * k + j) %/ 16 = k %/ 8). by smt(). rewrite (_: 16 * (k %/ 8) = (4 * (k %/ 8)) * 4). smt(). @@ -3660,7 +3660,7 @@ proof. apply W2u8.Pack.ext_eq. move => x x_i. do (rewrite initiE //=). - rewrite f_idx 1:// shift_idx 1://= bit_idx 1://=. + rewrite f_idx 1:// shift_idx 1:/# bit_idx 1:/#. trivial. rewrite (_: (pack2_t (W2u8.Pack.init (fun (j: int) => @@ -3710,7 +3710,7 @@ proof. move => j j_i. rewrite (idx_def j j_i). rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite /f8u32_t32u8 //=. @@ -3747,11 +3747,11 @@ proof. W2u8.Pack.init (fun j => tmp.[16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]])). apply W2u8.Pack.ext_eq. move => x x_i. - do 2!(rewrite initiE 1:/# //=). - rewrite W2u8.Pack.initiE 1://= //=. + do 2!(rewrite initiE 1:/# /=). + rewrite W2u8.Pack.initiE 1:/# //=. rewrite (pmod_small _ 16) //=. rewrite idx_def 1:/# /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: W2u8.Pack.init (fun (j : int) => tmp.[16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]]) = @@ -3762,7 +3762,7 @@ proof. move => x x_i. do (rewrite initiE //=). rewrite idx_def 1:/# /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). move : x_i k_lb k_ub => /#. rewrite (_: W2u8.Pack.init (fun (j : int) => f{1}.[4 * ((16 * ((2 * k + j) %/ 16) + to_uint idx{1}.[2 * k + j]) %/ 4 %/ 4) + @@ -3782,7 +3782,7 @@ proof. move => w w_i. rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (16 * ((2 * k + x) %/ 16) + to_uint idx{1}.[2 * k + x]) %/ 4 %% 4 = to_uint idx{1}.[2 * k + x] %/ 4). @@ -3801,7 +3801,7 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite exprM //=. rewrite (_: (2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j) %/ 4 = (k %% 4) + (2 * (k %% 8 %/ 4) + j) %/ 4). by smt(). @@ -3829,11 +3829,11 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (2 * k + j) %/ 16 = k %/ 8). by smt(). rewrite (_: 16 * (k %/ 8) = (4 * (k %/ 8)) * 4). smt(). - rewrite (divzMDl (4 * (k %/ 8)) _ 4) 1://=. + rewrite (divzMDl (4 * (k %/ 8)) _ 4) 1:/#. rewrite (_: (2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j) %/ 4 = (k %% 4) + (2 * (k %% 8 %/ 4) + j) %/ 4). by smt(). rewrite (pdiv_small _ 4) //=. by smt(). @@ -3842,7 +3842,7 @@ proof. rewrite (_: to_uint idx{1}.[2 * k + j] = 2 * (k %% 8 %/ 4) + 4 * (k %% 4) + j). rewrite idx_def 1:/#. rewrite /(Jkem_avx2.pfm_idx_s) initiE //= 1:/#. - do (rewrite (fun_if W8.to_uint) //=). + do (rewrite (fun_if W8.to_uint) /=). smt(). rewrite (_: (2 * k + j) %/ 16 = k %/ 8). by smt(). rewrite (_: 16 * (k %/ 8) = (4 * (k %/ 8)) * 4). smt(). @@ -3858,7 +3858,7 @@ proof. apply W2u8.Pack.ext_eq. move => x x_i. do (rewrite initiE //=). - rewrite f_idx 1:// shift_idx 1://= bit_idx 1://=. + rewrite f_idx 1:// shift_idx 1:/# bit_idx 1:/#. trivial. rewrite (_: (pack2_t (W2u8.Pack.init (fun (j: int) => @@ -3904,7 +3904,7 @@ proof. rewrite (addzA _ (k %% 4) 4). rewrite -/linear_idx -/di -/n -/kb -/sl. - rewrite sl_0 (W16.shl_shlw 0 _) 1://=. + rewrite sl_0 (W16.shl_shlw 0 _) 1:/#. rewrite (_: (f{1}.[di] `<<` (of_int n)%W8 \bits16 kb) `<<<` 0 = (f{1}.[di] `<<` (of_int n)%W8 \bits16 kb)). rewrite /W16.(`<<<`). @@ -3942,7 +3942,7 @@ proof. (32 * i{2}) 32 r{2}))). apply Array256.ext_eq. move => x x_i. - do (rewrite filliE 1:x_i //=). + do (rewrite filliE 1:x_i /=). smt(). do split; first 2 by smt(). @@ -3956,11 +3956,11 @@ proof. have ->: !(128 + 32 * i{2} <= k && k < 160 + 32 * i{2}). by move : k_lb k_ub => /#. simplify. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). do (rewrite (fun_if Array16."_.[_]") || rewrite if_arg). do (rewrite (fun_if W16.to_sint)). rewrite /g0_def /g1_def /g2_def /g3_def. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). do (rewrite (fun_if W16.to_sint)). have ->: !(W8.int_bit 32 (4 * (k %% 16 %/ 8) + 3)). @@ -3980,26 +3980,26 @@ proof. simplify. rewrite g0_def. - rewrite modz_dvd 1://=. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. + rewrite modz_dvd 1:/#. smt(). rewrite g1_def. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. rewrite (pdiv_small (k %% 8) 8). by smt(). - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. smt(). rewrite g2_def. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. rewrite (pdiv_small (k %% 8) 8). by smt(). - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. smt(). rewrite g3_def. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. rewrite (pdiv_small (k %% 8) 8). by smt(). - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. smt(). rewrite g0_def. @@ -4011,7 +4011,7 @@ proof. rewrite g3_def. move : (modz_cmp k 4) => /#. - do (rewrite modz_dvd 1://=). + do (rewrite modz_dvd 1:/#). rewrite (pdiv_small (k %% 8) 8). by smt(). rewrite (_: ((4 + k %% 4) %% 8 %/ 4) = 1). by smt(). rewrite (_: ((4 + k %% 4) %/ 8) = 0). by smt(). @@ -4071,11 +4071,11 @@ proof. have ->: !(32 * i{2} <= k && k < 32 * i{2} + 16). by move : k_lb k_ub => /#. have -> /=: !(32 * i{2} <= k && k < 32 * i{2} + 32). by move : k_lb k_ub => /#. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). do (rewrite (fun_if Array16."_.[_]") || rewrite if_arg). do (rewrite (fun_if W16.to_sint)). rewrite /g0_def /g1_def /g2_def /g3_def. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). do (rewrite (fun_if W16.to_sint)). have -> /=: !(W8.int_bit 49 (4 * (k %% 16 %/ 8) + 3)). @@ -4085,7 +4085,7 @@ proof. move : (modz_cmp k 16) => /#. smt(). - do (rewrite modz_dvd 1://=). + do (rewrite modz_dvd 1:/#). rewrite (_: (8 + k %% 8) %/ 8 = 1). by smt(). rewrite (_: (8 + k %% 8) %/ 4 %% 2 = k %/ 4 %% 2). by smt(). rewrite (_: k %% 8 %/ 4 %% 2 = k %/ 4 %% 2). by smt(). @@ -4172,11 +4172,11 @@ proof. have ->: !(128 + 32 * i{2} <= k && k < 144 + 32 * i{2}). by move : k_lb k_ub => /#. simplify. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). do (rewrite (fun_if Array16."_.[_]") || rewrite if_arg). do (rewrite (fun_if W16.to_sint)). rewrite /g0_def /g1_def /g2_def /g3_def. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). do (rewrite (fun_if W16.to_sint)). have ->: !(W8.int_bit 32 (4 * (k %% 16 %/ 8) + 3)). @@ -4194,25 +4194,25 @@ proof. smt(). rewrite g0_def. - do (rewrite modz_dvd 1://=). + do (rewrite modz_dvd 1:/#). move : k_lb k_ub i_lb i_tub => /#. rewrite g1_def. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. rewrite (pdiv_small (k %% 8) 8). by smt(). - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. smt(). rewrite g2_def. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. rewrite (pdiv_small (k %% 8) 8). by smt(). - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. smt(). rewrite g3_def. - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. rewrite (pdiv_small (k %% 8) 8). by smt(). - rewrite modz_dvd 1://=. + rewrite modz_dvd 1:/#. smt(). rewrite g0_def. @@ -4224,7 +4224,7 @@ proof. rewrite g3_def. move : (modz_cmp k 4) => /#. - do (rewrite modz_dvd 1://=). + do (rewrite modz_dvd 1:/#). rewrite (pdiv_small (k %% 8) 8). by smt(). rewrite (_: ((4 + k %% 4) %% 8 %/ 4) = 1). by smt(). rewrite (_: ((4 + k %% 4) %/ 8) = 0). by smt(). @@ -4262,11 +4262,11 @@ proof. have ->: !(32 * i{2} + 16 <= k && k < 32 * i{2} + 32). by move : k_lb k_ub => /#. have ->: !(32 * i{2} <= k && k < 32 * i{2} + 16). by move : k_lb k_ub => /#. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). do (rewrite (fun_if Array16."_.[_]") || rewrite if_arg). do (rewrite (fun_if W16.to_sint)). rewrite /g0_def /g1_def /g2_def /g3_def. - do (rewrite initiE 1:/# //=). + do (rewrite initiE 1:/# /=). do (rewrite (fun_if W16.to_sint)). have -> /=: !(W8.int_bit 49 (4 * (k %% 16 %/ 8) + 3)). @@ -4276,7 +4276,7 @@ proof. move : (modz_cmp k 16) => /#. smt(). - do (rewrite modz_dvd 1://=). + do (rewrite modz_dvd 1:/#). rewrite (_: (8 + k %% 8) %/ 8 = 1). by smt(). rewrite (_: (8 + k %% 8) %/ 4 %% 2 = k %/ 4 %% 2). by smt(). rewrite (_: k %% 8 %/ 4 %% 2 = k %/ 4 %% 2). by smt(). @@ -4335,7 +4335,7 @@ proof. split. apply Array256.ext_eq => x x_i. - do (rewrite Array256.mapiE 1:x_i //=). + do (rewrite Array256.mapiE 1:x_i /=). apply (rp_def x x_i). rewrite /pos_bound256_cxq /bpos16 => x x_i. @@ -4504,7 +4504,7 @@ proof. + rewrite /shuf2 /f16u16_t4u64 /f4u64_t16u16 /lift_array16 => />. rewrite -ext_eq_all /all_eq => />. rewrite /W8.int_bit => />. - rewrite shr_shrw 1://=. + rewrite shr_shrw 1:/#. rewrite wlsrE => />. do split; first 8 by apply W16.all_eq_eq. qed. @@ -4533,10 +4533,10 @@ proof. proc. wp; inline *; auto => />. rewrite /shuf1 /f8u32_t16u16 /f16u16_t8u32 /lift_array16 => />. - do (rewrite -ext_eq_all /all_eq //=). + do (rewrite -ext_eq_all /all_eq /=). rewrite /W8.int_bit => />. - do (rewrite shl_shlw 1://=; rewrite wlslE => />). - do (rewrite shr_shrw 1://=; rewrite wlsrE => />). + do (rewrite shl_shlw 1:/#; rewrite wlslE => />). + do (rewrite shr_shrw 1:/#; rewrite wlsrE => />). do split; first 16 by apply W16.all_eq_eq. qed. @@ -4578,7 +4578,7 @@ proof. split. + move => k k_lb k_ub. rewrite /(Jkem_avx2.jqx16). - do (rewrite initiE 1://= /=). + do (rewrite initiE 1:/# /=). smt(). + rewrite Array256.tP => i i_i />. rewrite -pack_ext_eq /lift_array256 Array256.tP map_pack in a1_eq_a. @@ -4639,17 +4639,17 @@ proof. move => *; have -> : !(a{1}.[128 * i{2} + 16 + k] `<<` (of_int 12)%W8).[x]; last by smt(). rewrite get_to_uint xb /= to_uint_shl // of_uintK /=. rewrite {1}(_: 65536 = 16 * 4096). trivial. - rewrite -mulz_modl 1://=. + rewrite -mulz_modl 1:/#. have /= expbnd:= (StdOrder.IntOrder.ler_weexpn2l 2 _ x 11 _); 1,2: smt(). rewrite (_: 4096 = 2^12) // divMr; first by apply le_dvd_pow; smt(). rewrite expz_div // 1:/# => *; move => *; apply dvdz_mull. + have -> : 2 %| 2 ^ (12 - x) = 2^1 %| 2 ^ (12 - x) by auto. by apply le_dvd_pow; smt(). - rewrite shl_shlw 1://= -(W16.to_uintK a{1}.[128 * i{2} + 16 + k]) shlMP 1://=. + rewrite shl_shlw 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 16 + k]) shlMP 1:/#. rewrite -of_intM W16.to_uintK to_uintM of_uintK //=. rewrite {1}(_: 65536 = 16 * 4096). trivial. - rewrite -mulz_modl 1://= (mulzC _ 4096). + rewrite -mulz_modl 1:/# (mulzC _ 4096). congr. do 3!(congr). rewrite /nttpack initiE 1:/# /=. rewrite /(nttpack_idx) //= initiE 1:/# => /#. @@ -4677,17 +4677,17 @@ proof. move => *; have -> : !(a{1}.[128 * i{2} + 32 + k] `<<` (of_int 8)%W8).[x]; last by smt(). rewrite get_to_uint xb /= to_uint_shl // of_uintK /=. rewrite (_: 65536 = 256 * 256). trivial. - rewrite -mulz_modl 1://=. + rewrite -mulz_modl 1:/#. have /= expbnd:= (StdOrder.IntOrder.ler_weexpn2l 2 _ x 8 _); 1,2: smt(). rewrite (_: 256 = 2^8) // divMr; first by apply le_dvd_pow; smt(). rewrite expz_div // 1:/# => *; move => *; apply dvdz_mull. + have -> : 2 %| 2 ^ (8 - x) = 2^1 %| 2 ^ (8 - x) by auto. by apply le_dvd_pow; smt(). - rewrite shl_shlw 1://= shr_shrw 1://= -(W16.to_uintK a{1}.[128 * i{2} + 16 + k]) shrDP 1://= -(W16.to_uintK a{1}.[128 * i{2} + 32 + k]) shlMP 1://=. + rewrite shl_shlw 1:/# shr_shrw 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 16 + k]) shrDP 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 32 + k]) shlMP 1:/#. rewrite -of_intM W16.to_uintK to_uintM of_uintK //=. rewrite {3}(_: 65536 = 256 * 256). trivial. - rewrite -mulz_modl 1://= (mulzC _ 256). + rewrite -mulz_modl 1:/# (mulzC _ 256). rewrite (pmod_small (to_uint a{1}.[128 * i{2} + 16 + k]) 65536). move : (pos_ubound_a (128 * i{2} + 16 + k)) => /#. rewrite (pmod_small (to_uint a{1}.[128 * i{2} + 16 + k] %/ 16) 65536). @@ -4727,7 +4727,7 @@ proof. + have -> : 2 %| 2 ^ (4 - x) = 2^1 %| 2 ^ (4 - x) by auto. by apply le_dvd_pow; smt(). - rewrite shl_shlw 1://= shr_shrw 1://= -(W16.to_uintK a{1}.[128 * i{2} + 32 + k]) shrDP 1://= -(W16.to_uintK a{1}.[128 * i{2} + 48 + k]) shlMP 1://=. + rewrite shl_shlw 1:/# shr_shrw 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 32 + k]) shrDP 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 48 + k]) shlMP 1:/#. rewrite -of_intM W16.to_uintK to_uintM of_uintK //=. rewrite (pmod_small (to_uint a{1}.[128 * i{2} + 48 + k] * 16) 65536). move : (pos_ubound_a (128 * i{2} + 48 + k)) => /#. @@ -4761,17 +4761,17 @@ proof. move => *; have -> : !(a{1}.[128 * i{2} + 80 + k] `<<` (of_int 12)%W8).[x]; last by smt(). rewrite get_to_uint xb /= to_uint_shl // of_uintK /=. rewrite {1}(_: 65536 = 16 * 4096). trivial. - rewrite -mulz_modl 1://=. + rewrite -mulz_modl 1:/#. have /= expbnd:= (StdOrder.IntOrder.ler_weexpn2l 2 _ x 11 _); 1,2: smt(). rewrite (_: 4096 = 2^12) // divMr; first by apply le_dvd_pow; smt(). rewrite expz_div // 1:/# => *; move => *; apply dvdz_mull. + have -> : 2 %| 2 ^ (12 - x) = 2^1 %| 2 ^ (12 - x) by auto. by apply le_dvd_pow; smt(). - rewrite shl_shlw 1://= -(W16.to_uintK a{1}.[128 * i{2} + 80 + k]) shlMP 1://=. + rewrite shl_shlw 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 80 + k]) shlMP 1:/#. rewrite -of_intM W16.to_uintK to_uintM of_uintK //=. rewrite {1}(_: 65536 = 16 * 4096). trivial. - rewrite -mulz_modl 1://= (mulzC _ 4096). + rewrite -mulz_modl 1:/# (mulzC _ 4096). congr. rewrite /nttpack initiE 1:/# /=. rewrite /(nttpack_idx) //= initiE 1:/# => /#. @@ -4800,17 +4800,17 @@ proof. move => *; have -> : !(a{1}.[128 * i{2} + 96 + k] `<<` (of_int 8)%W8).[x]; last by smt(). rewrite get_to_uint xb /= to_uint_shl // of_uintK /=. rewrite (_: 65536 = 256 * 256). trivial. - rewrite -mulz_modl 1://=. + rewrite -mulz_modl 1:/#. have /= expbnd:= (StdOrder.IntOrder.ler_weexpn2l 2 _ x 8 _); 1,2: smt(). rewrite (_: 256 = 2^8) // divMr; first by apply le_dvd_pow; smt(). rewrite expz_div // 1:/# => *; move => *; apply dvdz_mull. + have -> : 2 %| 2 ^ (8 - x) = 2^1 %| 2 ^ (8 - x) by auto. by apply le_dvd_pow; smt(). - rewrite shl_shlw 1://= shr_shrw 1://= -(W16.to_uintK a{1}.[128 * i{2} + 80 + k]) shrDP 1://= -(W16.to_uintK a{1}.[128 * i{2} + 96 + k]) shlMP 1://=. + rewrite shl_shlw 1:/# shr_shrw 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 80 + k]) shrDP 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 96 + k]) shlMP 1:/#. rewrite -of_intM W16.to_uintK to_uintM of_uintK //=. rewrite {3}(_: 65536 = 256 * 256). trivial. - rewrite -mulz_modl 1://= (mulzC _ 256). + rewrite -mulz_modl 1:/# (mulzC _ 256). rewrite (pmod_small (to_uint a{1}.[128 * i{2} + 80 + k]) 65536). move : (pos_ubound_a (128 * i{2} + 80 + k)) => /#. rewrite (pmod_small (to_uint a{1}.[128 * i{2} + 80 + k] %/ 16) 65536). @@ -4851,7 +4851,7 @@ proof. + have -> : 2 %| 2 ^ (4 - x) = 2^1 %| 2 ^ (4 - x) by auto. by apply le_dvd_pow; smt(). - rewrite shl_shlw 1://= shr_shrw 1://= -(W16.to_uintK a{1}.[128 * i{2} + 96 + k]) shrDP 1://= -(W16.to_uintK a{1}.[128 * i{2} + 112 + k]) shlMP 1://=. + rewrite shl_shlw 1:/# shr_shrw 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 96 + k]) shrDP 1:/# -(W16.to_uintK a{1}.[128 * i{2} + 112 + k]) shlMP 1:/#. rewrite -of_intM W16.to_uintK to_uintM of_uintK //=. rewrite (pmod_small (to_uint a{1}.[128 * i{2} + 112 + k] * 16) 65536). move : (pos_ubound_a (128 * i{2} + 112 + k)) => /#. @@ -4973,63 +4973,63 @@ proof. do split. + rewrite -ext_eq_all /all_eq //=. - do (rewrite /f16u16_t32u8 filliE 1:/# //=). + do (rewrite /f16u16_t32u8 filliE 1:/# /=). have in_bnds: forall k, 0 <= k < 32 => 192 * i{2} <= 192 * i{2} + k && 192 * i{2} + k < 192 * i{2} + 192. move => k; rewrite -{1}(addz0 (192 * i{2})) lez_add2l ltz_add2l. smt(). - do (rewrite in_bnds 1://=). + do (rewrite in_bnds 1:/#). have -> //=: 192 * i{2} + 0 < 192 * i{2} + 192. smt(). have idx_mod: forall k, 0 <= k < 32 => ((192 * i{2} + k) %% 3 = k %% 3). smt(). - do (rewrite idx_mod 1://=). + do (rewrite idx_mod 1:/#). rewrite (_: 192 * i{2} %% 3 = 0) //=. smt(). rewrite modzMr. - do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1://=). + do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1:/#). simplify. rewrite res9_l. rewrite tt_ddef t0_ddef t1_ddef t2_ddef t3_ddef t4_ddef /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite mapiE 1:/# //=). - do (rewrite of_int_bits8_div 1://= //=). - do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1://= || rewrite -(mulzA _ 16 256)). + do (rewrite mapiE 1:/# /=). + do (rewrite of_int_bits8_div 1:/# /=). + do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1:/# || rewrite -(mulzA _ 16 256)). do (rewrite (mulzC 256 (W16.to_uint _ %% 256))). do (rewrite -(W8.of_int_mod (_ * 256 + _)) || rewrite (modzMDl _ _ 256) || rewrite W8.of_int_mod). simplify. - do (rewrite (divzMDl _ _ 256) 1://=). + do (rewrite (divzMDl _ _ 256) 1:/#). simplify. do (rewrite -(divzMr _ 16 256) 1..2://= || (rewrite (pdiv_small _ 4096); first by move : a1_lbnd => /#) || rewrite addz0 || rewrite W8.of_int_mod). simplify. do (rewrite -(W8.of_int_mod (16 * _ + _)) || rewrite -(modzDm (16 * _) (_ %% 16) 256) || rewrite (pmod_small (_ %% 16) 256) 1:/#). do rewrite W8.of_int_mod. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1://=). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1:/#). simplify. do (rewrite (pmod_small (_ %/ 256) 16); first by move : a1_lbnd; smt()). simplify. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1://= || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1:/# || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). rewrite addz0 //=. + rewrite -ext_eq_all /all_eq //=. - do (rewrite /f16u16_t32u8 filliE 1:/# //=). + do (rewrite /f16u16_t32u8 filliE 1:/# /=). have in_bnds: forall k, 32 <= k < 64 => 192 * i{2} <= 192 * i{2} + k && 192 * i{2} + k < 192 * i{2} + 192. move => k; rewrite -{1}(addz0 (192 * i{2})) lez_add2l ltz_add2l. smt(). - do (rewrite in_bnds 1://=). + do (rewrite in_bnds 1:/#). have idx_mod: forall k, 32 <= k < 64 => ((192 * i{2} + k) %% 3 = k %% 3). smt(). - do (rewrite idx_mod 1://=). - do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1://=). + do (rewrite idx_mod 1:/#). + do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1:/#). simplify. rewrite res10_l. rewrite tt_ddef t0_ddef t1_ddef t2_ddef t3_ddef t4_ddef /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite mapiE 1:/# //=). - do (rewrite of_int_bits8_div 1://= //=). - do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1://= || rewrite -(mulzA _ 16 256)). + do (rewrite mapiE 1:/# /=). + do (rewrite of_int_bits8_div 1:/# /=). + do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1:/# || rewrite -(mulzA _ 16 256)). do (rewrite (mulzC 256 (W16.to_uint _ %% 256))). do (rewrite -(W8.of_int_mod (_ * 256 + _)) || rewrite (modzMDl _ _ 256) || rewrite W8.of_int_mod). simplify. - do (rewrite (divzMDl _ _ 256) 1://=). + do (rewrite (divzMDl _ _ 256) 1:/#). simplify. do (rewrite -(divzMr _ 16 256) 1..2://= || (rewrite (pdiv_small _ 4096); first by move : a1_lbnd => /#) || rewrite addz0 || rewrite W8.of_int_mod). @@ -5037,153 +5037,153 @@ proof. simplify. do (rewrite -(W8.of_int_mod (16 * _ + _)) || rewrite -(modzDm (16 * _) (_ %% 16) 256) || rewrite (pmod_small (_ %% 16) 256) 1:/#). do rewrite W8.of_int_mod. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1://=). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1:/#). simplify. do (rewrite (pmod_small (_ %/ 256) 16); first by move : a1_lbnd; smt()). simplify. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1://= || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1:/# || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). rewrite addz0 //=. + rewrite -ext_eq_all /all_eq //=. - do (rewrite /f16u16_t32u8 filliE 1:/# //=). + do (rewrite /f16u16_t32u8 filliE 1:/# /=). have in_bnds: forall k, 64 <= k < 96 => 192 * i{2} <= 192 * i{2} + k && 192 * i{2} + k < 192 * i{2} + 192. move => k; rewrite -{1}(addz0 (192 * i{2})) lez_add2l ltz_add2l. smt(). - do (rewrite in_bnds 1://=). + do (rewrite in_bnds 1:/#). have idx_mod: forall k, 64 <= k < 96 => ((192 * i{2} + k) %% 3 = k %% 3). smt(). - do (rewrite idx_mod 1://=). - do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1://=). + do (rewrite idx_mod 1:/#). + do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1:/#). simplify. rewrite res11_l. rewrite tt_ddef t0_ddef t1_ddef t2_ddef t3_ddef t4_ddef /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite mapiE 1:/# //=). - do (rewrite of_int_bits8_div 1://= //=). - do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1://= || rewrite -(mulzA _ 16 256)). + do (rewrite mapiE 1:/# /=). + do (rewrite of_int_bits8_div 1:/# /=). + do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1:/# || rewrite -(mulzA _ 16 256)). do (rewrite (mulzC 256 (W16.to_uint _ %% 256))). do (rewrite -(W8.of_int_mod (_ * 256 + _)) || rewrite (modzMDl _ _ 256) || rewrite W8.of_int_mod). simplify. - do (rewrite (divzMDl _ _ 256) 1://=). + do (rewrite (divzMDl _ _ 256) 1:/#). simplify. do (rewrite -(divzMr _ 16 256) 1..2://= || (rewrite (pdiv_small _ 4096); first by move : a1_lbnd => /#) || rewrite addz0 || rewrite W8.of_int_mod). simplify. do (rewrite -(W8.of_int_mod (16 * _ + _)) || rewrite -(modzDm (16 * _) (_ %% 16) 256) || rewrite (pmod_small (_ %% 16) 256) 1:/#). do rewrite W8.of_int_mod. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1://=). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1:/#). simplify. do (rewrite (pmod_small (_ %/ 256) 16); first by move : a1_lbnd; smt()). simplify. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1://= || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1:/# || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). rewrite addz0 //=. + rewrite -ext_eq_all /all_eq //=. - do (rewrite /f16u16_t32u8 filliE 1:/# //=). + do (rewrite /f16u16_t32u8 filliE 1:/# /=). have in_bnds: forall k, 96 <= k < 128 => 192 * i{2} <= 192 * i{2} + k && 192 * i{2} + k < 192 * i{2} + 192. move => k; rewrite -{1}(addz0 (192 * i{2})) lez_add2l ltz_add2l. smt(). - do (rewrite in_bnds 1://=). + do (rewrite in_bnds 1:/#). have idx_mod: forall k, 96 <= k < 128 => ((192 * i{2} + k) %% 3 = k %% 3). smt(). - do (rewrite idx_mod 1://=). - do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1://=). + do (rewrite idx_mod 1:/#). + do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1:/#). simplify. rewrite res9_r. rewrite tt_ddef t0_ddef t1_ddef t2_ddef t3_ddef t4_ddef /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite mapiE 1:/# //=). - do (rewrite of_int_bits8_div 1://= //=). - do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1://= || rewrite -(mulzA _ 16 256)). + do (rewrite mapiE 1:/# /=). + do (rewrite of_int_bits8_div 1:/# /=). + do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1:/# || rewrite -(mulzA _ 16 256)). do (rewrite (mulzC 256 (W16.to_uint _ %% 256))). do (rewrite -(W8.of_int_mod (_ * 256 + _)) || rewrite (modzMDl _ _ 256) || rewrite W8.of_int_mod). simplify. - do (rewrite (divzMDl _ _ 256) 1://=). + do (rewrite (divzMDl _ _ 256) 1:/#). simplify. do (rewrite -(divzMr _ 16 256) 1..2://= || (rewrite (pdiv_small _ 4096); first by move : a1_lbnd => /#) || rewrite addz0 || rewrite W8.of_int_mod). simplify. do (rewrite -(W8.of_int_mod (16 * _ + _)) || rewrite -(modzDm (16 * _) (_ %% 16) 256) || rewrite (pmod_small (_ %% 16) 256) 1:/#). do rewrite W8.of_int_mod. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1://=). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1:/#). simplify. do (rewrite (pmod_small (_ %/ 256) 16); first by move : a1_lbnd; smt()). simplify. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1://= || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1:/# || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). rewrite addz0 //=. + rewrite -ext_eq_all /all_eq //=. - do (rewrite /f16u16_t32u8 filliE 1:/# //=). + do (rewrite /f16u16_t32u8 filliE 1:/# /=). have in_bnds: forall k, 128 <= k < 160 => 192 * i{2} <= 192 * i{2} + k && 192 * i{2} + k < 192 * i{2} + 192. move => k; rewrite -{1}(addz0 (192 * i{2})) lez_add2l ltz_add2l. smt(). - do (rewrite in_bnds 1://=). + do (rewrite in_bnds 1:/#). have idx_mod: forall k, 128 <= k < 160 => ((192 * i{2} + k) %% 3 = k %% 3). smt(). - do (rewrite idx_mod 1://=). - do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1://=). + do (rewrite idx_mod 1:/#). + do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1:/#). simplify. rewrite res10_r. rewrite tt_ddef t0_ddef t1_ddef t2_ddef t3_ddef t4_ddef /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite mapiE 1:/# //=). - do (rewrite of_int_bits8_div 1://= //=). - do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1://= || rewrite -(mulzA _ 16 256)). + do (rewrite mapiE 1:/# /=). + do (rewrite of_int_bits8_div 1:/# /=). + do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1:/# || rewrite -(mulzA _ 16 256)). do (rewrite (mulzC 256 (W16.to_uint _ %% 256))). do (rewrite -(W8.of_int_mod (_ * 256 + _)) || rewrite (modzMDl _ _ 256) || rewrite W8.of_int_mod). simplify. - do (rewrite (divzMDl _ _ 256) 1://=). + do (rewrite (divzMDl _ _ 256) 1:/#). simplify. do (rewrite -(divzMr _ 16 256) 1..2://= || (rewrite (pdiv_small _ 4096); first by move : a1_lbnd => /#) || rewrite addz0 || rewrite W8.of_int_mod). simplify. do (rewrite -(W8.of_int_mod (16 * _ + _)) || rewrite -(modzDm (16 * _) (_ %% 16) 256) || rewrite (pmod_small (_ %% 16) 256) 1:/#). do rewrite W8.of_int_mod. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1://=). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1:/#). simplify. do (rewrite (pmod_small (_ %/ 256) 16); first by move : a1_lbnd; smt()). simplify. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1://= || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1:/# || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). rewrite addz0 //=. + rewrite -ext_eq_all /all_eq //=. - do (rewrite /f16u16_t32u8 filliE 1:/# //=). + do (rewrite /f16u16_t32u8 filliE 1:/# /=). have in_bnds: forall k, 160 <= k < 192 => 192 * i{2} <= 192 * i{2} + k && 192 * i{2} + k < 192 * i{2} + 192. move => k; rewrite -{1}(addz0 (192 * i{2})) lez_add2l ltz_add2l. smt(). - do (rewrite in_bnds 1://=). + do (rewrite in_bnds 1:/#). have idx_mod: forall k, 160 <= k < 192 => ((192 * i{2} + k) %% 3 = k %% 3). smt(). - do (rewrite idx_mod 1://=). - do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1://=). + do (rewrite idx_mod 1:/#). + do (rewrite (mulzC 192 i{2}) || rewrite modzMDl || rewrite (pmod_small _ 192) 1:/#). simplify. rewrite res11_r. rewrite tt_ddef t0_ddef t1_ddef t2_ddef t3_ddef t4_ddef /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite mapiE 1:/# //=). - do (rewrite of_int_bits8_div 1://= //=). - do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1://= || rewrite -(mulzA _ 16 256)). + do (rewrite mapiE 1:/# /=). + do (rewrite of_int_bits8_div 1:/# /=). + do (rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1:/# || rewrite -(mulzA _ 16 256)). do (rewrite (mulzC 256 (W16.to_uint _ %% 256))). do (rewrite -(W8.of_int_mod (_ * 256 + _)) || rewrite (modzMDl _ _ 256) || rewrite W8.of_int_mod). simplify. - do (rewrite (divzMDl _ _ 256) 1://=). + do (rewrite (divzMDl _ _ 256) 1:/#). simplify. do (rewrite -(divzMr _ 16 256) 1..2://= || (rewrite (pdiv_small _ 4096); first by move : a1_lbnd => /#) || rewrite addz0 || rewrite W8.of_int_mod). simplify. do (rewrite -(W8.of_int_mod (16 * _ + _)) || rewrite -(modzDm (16 * _) (_ %% 16) 256) || rewrite (pmod_small (_ %% 16) 256) 1:/#). do rewrite W8.of_int_mod. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1://=). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (mulzC 16 (W16.to_uint _)) -(mulz_modl 16 _ 16) 1:/#). simplify. do (rewrite (pmod_small (_ %/ 256) 16); first by move : a1_lbnd; smt()). simplify. - rewrite (_: 256 = 16 * 16) 1://=. - do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1://= || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). + rewrite (_: 256 = 16 * 16) 1:/#. + do (rewrite (divzMr _ 16 16) 1..2://= || rewrite (divzMDl _ _ 16) 1:/# || (rewrite (pdiv_small (_ %/ 16 %/ 16) 16); first by move : a1_lbnd => /#)). rewrite addz0 //=. inline*; wp; skip; auto => />. @@ -5199,7 +5199,7 @@ proof. move : j_bnds => /#. rewrite !to_uintD_small /= !of_uintK 1..6:/# /= !modz_small 1..6:/#. rewrite -(addz0 (to_uint rp{1} + 192 * i{2})) -(addzA _ (192 * i{2}) 0). - do (rewrite out_bnds 1://=). + do (rewrite out_bnds 1:/#). simplify. rewrite touch_mem_l //=; first by move : j_bnds => /#. + rewrite mulzDr mulz1 => k k_lb k_ub. @@ -5207,7 +5207,7 @@ proof. do rewrite /stores size_to_list. rewrite !to_uintD_small /= !of_uintK 1..6:/# /= !modz_small 1..6:/#. rewrite /to_list /mkseq -iotaredE /=. (* TODO: find or write lemma *) - do (rewrite initiE 1://=). + do (rewrite initiE 1:/#). simplify. case (192 * i{2} <= k) => k_tlb. do (rewrite get_setE). @@ -5336,132 +5336,132 @@ proof. do split. + move => k k_lb k_ub. - rewrite filliE 1:/# //= rp_def 1://=. + rewrite filliE 1:/# //= rp_def 1:/#. by move : k_ub => /ltzNge -> />. + rewrite res9_l. rewrite /f32u8_t16u16. - rewrite -ext_eq_all /all_eq //=. + rewrite -ext_eq_all /all_eq /=. rewrite /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite filliE 1:/# //= || rewrite idx_mod 1://= || rewrite idx_div 1://=). + do (rewrite filliE 1:/# /= || rewrite idx_mod 1:/# || rewrite idx_div 1:/#). rewrite (_: 128 * i{2} %% 2 = 0). by smt(). rewrite (_: 128 * i{2} %/ 2 = 64 * i{2}). by smt(). do (rewrite lez_addl || rewrite lez_add2l || rewrite ltz_add2l || rewrite ltz_addl). simplify. - do (rewrite (mulzDr 3 _ _) || rewrite -(mulzA 3 _ _) //=). + do (rewrite (mulzDr 3 _ _) || rewrite -(mulzA 3 _ _) /=). rewrite /load_array384 /= /loadW8 /=. do (rewrite initiE 1:/#). simplify. do (rewrite modzMDl || (rewrite (pmod_small (W8.to_uint _ %/ 16) 16); first by move : W8.to_uint_cmp => /#) || - rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1://= -(mulzA _ 16 256) divzE). + rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1:/# -(mulzA _ 16 256) divzE). do split. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). @@ -5469,228 +5469,228 @@ proof. + rewrite res9_r. rewrite /f32u8_t16u16. - rewrite -ext_eq_all /all_eq //=. + rewrite -ext_eq_all /all_eq /=. rewrite /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite filliE 1:/# //= || rewrite idx_mod 1://= || rewrite idx_div 1://=). + do (rewrite filliE 1:/# /= || rewrite idx_mod 1:/# || rewrite idx_div 1:/#). do (rewrite lez_addl || rewrite lez_add2l || rewrite ltz_add2l || rewrite ltz_addl). do (rewrite -(mulzA 3 _ _) || rewrite (mulzDr 3 _ _)). rewrite /load_array384 /= /loadW8 //=. do (rewrite initiE 1:/#). simplify. - do (rewrite modzMDr || rewrite divzMDl 1://= || (rewrite (pdiv_small (W8.to_uint _ %/ 16) 16); first by move : W8.to_uint_cmp => /#)). + do (rewrite modzMDr || rewrite divzMDl 1:/# || (rewrite (pdiv_small (W8.to_uint _ %/ 16) 16); first by move : W8.to_uint_cmp => /#)). do split. (* TODO: improve maybe ?? *) apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. + rewrite res10_l. rewrite /f32u8_t16u16. - rewrite -ext_eq_all /all_eq //=. + rewrite -ext_eq_all /all_eq /=. rewrite /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite filliE 1:/# //= || rewrite idx_mod 1://= || rewrite idx_div 1://=). + do (rewrite filliE 1:/# /= || rewrite idx_mod 1:/# || rewrite idx_div 1:/#). do (rewrite lez_addl || rewrite lez_add2l || rewrite ltz_add2l || rewrite ltz_addl). do (rewrite -(mulzA 3 _ _) || rewrite (mulzDr 3 _ _)). rewrite /load_array384 /= /loadW8 //=. do (rewrite initiE 1:/#). simplify. - do (rewrite (mulzDr 16 _ _) || rewrite (mulzA _ 16 16) //= || rewrite (mulzC 16 _) || rewrite divzMDr 1://= || - rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp //= || rewrite divzE || rewrite (pmod_small (W8.to_uint _ %% 16) 16) 1:modz_cmp 1://=). + do (rewrite (mulzDr 16 _ _) || rewrite (mulzA _ 16 16) /= || rewrite (mulzC 16 _) || rewrite divzMDr 1:/# || + rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp /= || rewrite divzE || rewrite (pmod_small (W8.to_uint _ %% 16) 16) 1:modz_cmp 1:/#). do split. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. + rewrite res10_r. rewrite /f32u8_t16u16. - rewrite -ext_eq_all /all_eq //=. + rewrite -ext_eq_all /all_eq /=. rewrite /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite filliE 1:/# //= || rewrite idx_mod 1://= || rewrite idx_div 1://=). + do (rewrite filliE 1:/# /= || rewrite idx_mod 1:/# || rewrite idx_div 1:/#). do (rewrite lez_addl || rewrite lez_add2l || rewrite ltz_add2l || rewrite ltz_addl). simplify. do (rewrite -(mulzA 3 _ _) || rewrite (mulzDr 3 _ _)). @@ -5698,116 +5698,116 @@ proof. do (rewrite initiE 1:/#). simplify. do (rewrite modzMDl || (rewrite (pmod_small (W8.to_uint _ %/ 16) 16); first by move : W8.to_uint_cmp => /#) || - rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1://= -(mulzA _ 16 256) divzE). + rewrite (mulzC 4096) (_: 4096 = 16 * 256) 1:/# -(mulzA _ 16 256) divzE). do split. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite divzMDl 1://= divzMDr 1://=. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite divzMDl 1:/# divzMDr 1:/#. rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modzMDr modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). @@ -5815,225 +5815,225 @@ proof. + rewrite res11_l. rewrite /f32u8_t16u16. - rewrite -ext_eq_all /all_eq //=. + rewrite -ext_eq_all /all_eq /=. rewrite /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite filliE 1:/# //= || rewrite idx_mod 1://= || rewrite idx_div 1://=). + do (rewrite filliE 1:/# /= || rewrite idx_mod 1:/# || rewrite idx_div 1:/#). do (rewrite lez_addl || rewrite lez_add2l || rewrite ltz_add2l || rewrite ltz_addl). do (rewrite -(mulzA 3 _ _) || rewrite (mulzDr 3 _ _)). rewrite /load_array384 /= /loadW8 //=. do (rewrite initiE 1:/#). simplify. - do (rewrite modzMDr || rewrite divzMDl 1://= || (rewrite (pdiv_small (W8.to_uint _ %/ 16) 16); first by move : W8.to_uint_cmp => /#)). + do (rewrite modzMDr || rewrite divzMDl 1:/# || (rewrite (pdiv_small (W8.to_uint _ %/ 16) 16); first by move : W8.to_uint_cmp => /#)). do split. (* TODO: improve maybe ?? *) apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite (mulzC 256 _) divzMDl 1://= (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite (mulzC 256 _) divzMDl 1:/# (pdiv_small _ 256) 1:W8.to_uint_cmp (pmod_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. + rewrite res11_r. rewrite /f32u8_t16u16. - rewrite -ext_eq_all /all_eq //=. + rewrite -ext_eq_all /all_eq /=. rewrite /shuf8 /shuf4 /shuf2 /shuf1 => />. - do (rewrite filliE 1:/# //= || rewrite idx_mod 1://= || rewrite idx_div 1://=). + do (rewrite filliE 1:/# /= || rewrite idx_mod 1:/# || rewrite idx_div 1:/#). do (rewrite lez_addl || rewrite lez_add2l || rewrite ltz_add2l || rewrite ltz_addl). do (rewrite -(mulzA 3 _ _) || rewrite (mulzDr 3 _ _)). rewrite /load_array384 /= /loadW8 //=. do (rewrite initiE 1:/#). simplify. - do (rewrite (mulzDr 16 _ _) || rewrite (mulzA _ 16 16) //= || rewrite (mulzC 16 _) || rewrite divzMDr 1://= || - rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp //= || rewrite divzE || rewrite (pmod_small (W8.to_uint _ %% 16) 16) 1:modz_cmp 1://=). + do (rewrite (mulzDr 16 _ _) || rewrite (mulzA _ 16 16) /= || rewrite (mulzC 16 _) || rewrite divzMDr 1:/# || + rewrite (pdiv_small _ 256) 1:W8.to_uint_cmp /= || rewrite divzE || rewrite (pmod_small (W8.to_uint _ %% 16) 16) 1:modz_cmp 1:/#). do split. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. apply W2u8.allP => //=. - do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1://= //=). - rewrite -addzA divzMDl 1://= -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. + do (rewrite initiE 1:/# /= || rewrite of_int_bits8_div 1:/# /=). + rewrite -addzA divzMDl 1:/# -(addzA _ _ (W8.to_uint _ %% 16)) addNz addz0 (pdiv_small _ 256) 1:W8.to_uint_cmp. split; 1: by rewrite - W8.of_int_mod /= modzMDl modz_small /=; smt(StdOrder.IntOrder.ger0_def W8.to_uint_cmp pow2_8). by ring;rewrite W8.to_uintK;ring. + move => k k_lb k_ub. - do (rewrite filliE 1:/# //=). + do (rewrite filliE 1:/# /=). do (rewrite /load_array384 /= /loadW8 /=). do (rewrite initiE /=; first by move : ap_lb ap_ub => /#). case (128 * i{2} <= k) => k_tlb. @@ -6062,23 +6062,23 @@ proof. do split. + rewrite Array16.tP => j j_bnds. do (rewrite initiE 1:/# /=). - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://= of_uintK (modz_dvd _ _ (2^12)) 1://= + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/# of_uintK (modz_dvd _ _ (2^12)) 1:/# (mulzC 4096 _) (modzMDl _ _ 4096). rewrite (pmod_small _ 4096); first by apply r2_bnds; smt(). rewrite /nttunpack initiE 1:/# //=. rewrite /(nttunpack_idx) //= initiE 1:/# => /#. + rewrite Array16.tP => j j_bnds. do (rewrite initiE 1:/# /=). - rewrite shr_shrw 1://= shrDP 1://=. + rewrite shr_shrw 1:/# shrDP 1:/#. rewrite (pmod_small _ W16.modulus); first by move : r2_bnds; smt(). - rewrite (mulzC 4096 _) divzMDl 1://= (pdiv_small _ 4096) 1:r2_bnds 1:/# /=. + rewrite (mulzC 4096 _) divzMDl 1:/# (pdiv_small _ 4096) 1:r2_bnds 1:/# /=. rewrite andw_orwDr. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK modz_dvd 1://= (pmod_small _ 4096) 1:/#. - rewrite shl_shlw 1://= shlMP 1://=. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK modz_dvd 1:/# (pmod_small _ 4096) 1:/#. + rewrite shl_shlw 1:/# shlMP 1:/#. rewrite mulzDl (mulzC 256 _) mulzA //=. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK (modz_dvd _ W16.modulus) 1://= modzMDl (pmod_small _ 4096) 1:/#. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK (modz_dvd _ W16.modulus) 1:/# modzMDl (pmod_small _ 4096) 1:/#. rewrite orw_disjoint. + apply W16.ext_eq => x xb; rewrite /W16.(`&`) map2E initiE //=. case (!(0 <= x < 4)). @@ -6101,16 +6101,16 @@ proof. rewrite /(nttunpack_idx) //= initiE 1:/# => /#. + rewrite Array16.tP => j j_bnds. do (rewrite initiE 1:/# /=). - rewrite shr_shrw 1://= shrDP 1://=. + rewrite shr_shrw 1:/# shrDP 1:/#. rewrite (pmod_small _ W16.modulus); first by move : r2_bnds; smt(). - rewrite (mulzC 256 _) divzMDl 1://= -(divz_mulp _ 16 256) 1..2://= (pdiv_small _ 4096) 1:r2_bnds 1:/# //=. - rewrite shl_shlw 1://= shlMP 1://=. + rewrite (mulzC 256 _) divzMDl 1:/# -(divz_mulp _ 16 256) 1..2://= (pdiv_small _ 4096) 1:r2_bnds 1:/# //=. + rewrite shl_shlw 1:/# shlMP 1:/#. rewrite mulzDl (mulzC 16 _) mulzA //=. rewrite andw_orwDr. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK modz_dvd 1://= (pmod_small _ 4096) 1:/#. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK (modz_dvd _ W16.modulus) 1://= modzMDl (pmod_small _ 4096) 1:/# (pmod_small _ 16) 1:/#. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK modz_dvd 1:/# (pmod_small _ 4096) 1:/#. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK (modz_dvd _ W16.modulus) 1:/# modzMDl (pmod_small _ 4096) 1:/# (pmod_small _ 16) 1:/#. rewrite orw_disjoint. + apply W16.ext_eq => x xb; rewrite /W16.(`&`) map2E initiE //=. @@ -6134,32 +6134,32 @@ proof. rewrite /(nttunpack_idx) //= initiE 1:/# => /#. + rewrite Array16.tP => j j_bnds. do (rewrite initiE 1:/# /=). - rewrite shr_shrw 1://= shrDP 1://=. + rewrite shr_shrw 1:/# shrDP 1:/#. rewrite (pmod_small _ W16.modulus); first by move : r2_bnds; smt(). - rewrite (mulzC 16 _) divzMDl 1://= (pdiv_small _ 16) 1:modz_cmp 1://= //=. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK modz_dvd 1://= (pmod_small _ 4096) 1:r2_bnds 1:/#. + rewrite (mulzC 16 _) divzMDl 1:/# (pdiv_small _ 16) 1:modz_cmp 1:/# //=. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK modz_dvd 1:/# (pmod_small _ 4096) 1:r2_bnds 1:/#. rewrite /nttunpack initiE 1:/# //=. rewrite /(nttunpack_idx) //= initiE 1:/# => /#. + rewrite Array16.tP => j j_bnds. do (rewrite initiE 1:/# /=). - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://= of_uintK (modz_dvd _ _ (2^12)) 1://= + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/# of_uintK (modz_dvd _ _ (2^12)) 1:/# (mulzC 4096 _) (modzMDl _ _ 4096). rewrite (pmod_small _ 4096); first by apply r2_bnds; smt(). rewrite /nttunpack initiE 1:/# //=. rewrite /(nttunpack_idx) //= initiE 1:/# => /#. + rewrite Array16.tP => j j_bnds. do (rewrite initiE 1:/# /=). - rewrite shr_shrw 1://= shrDP 1://=. + rewrite shr_shrw 1:/# shrDP 1:/#. rewrite (pmod_small _ W16.modulus); first by move : r2_bnds; smt(). - rewrite (mulzC 4096 _) divzMDl 1://= (pdiv_small _ 4096) 1:r2_bnds 1:/# /=. + rewrite (mulzC 4096 _) divzMDl 1:/# (pdiv_small _ 4096) 1:r2_bnds 1:/# /=. rewrite andw_orwDr. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK modz_dvd 1://= (pmod_small _ 4096) 1:/#. - rewrite shl_shlw 1://= shlMP 1://=. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK modz_dvd 1:/# (pmod_small _ 4096) 1:/#. + rewrite shl_shlw 1:/# shlMP 1:/#. rewrite mulzDl (mulzC 256 _) mulzA //=. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK (modz_dvd _ W16.modulus) 1://= modzMDl (pmod_small _ 4096) 1:/#. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK (modz_dvd _ W16.modulus) 1:/# modzMDl (pmod_small _ 4096) 1:/#. rewrite orw_disjoint. + apply W16.ext_eq => x xb; rewrite /W16.(`&`) map2E initiE //=. case (!(0 <= x < 4)). @@ -6182,16 +6182,16 @@ proof. rewrite /(nttunpack_idx) //= initiE 1:/# => /#. + rewrite Array16.tP => j j_bnds. do (rewrite initiE 1:/# /=). - rewrite shr_shrw 1://= shrDP 1://=. + rewrite shr_shrw 1:/# shrDP 1:/#. rewrite (pmod_small _ W16.modulus); first by move : r2_bnds; smt(). - rewrite (mulzC 256 _) divzMDl 1://= -(divz_mulp _ 16 256) 1..2://= (pdiv_small _ 4096) 1:r2_bnds 1:/# //=. - rewrite shl_shlw 1://= shlMP 1://=. + rewrite (mulzC 256 _) divzMDl 1:/# -(divz_mulp _ 16 256) 1..2://= (pdiv_small _ 4096) 1:r2_bnds 1:/# //=. + rewrite shl_shlw 1:/# shlMP 1:/#. rewrite mulzDl (mulzC 16 _) mulzA //=. rewrite andw_orwDr. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK modz_dvd 1://= (pmod_small _ 4096) 1:/#. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK (modz_dvd _ W16.modulus) 1://= modzMDl (pmod_small _ 4096) 1:/# (pmod_small _ 16) 1:/#. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK modz_dvd 1:/# (pmod_small _ 4096) 1:/#. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK (modz_dvd _ W16.modulus) 1:/# modzMDl (pmod_small _ 4096) 1:/# (pmod_small _ 16) 1:/#. rewrite orw_disjoint. + apply W16.ext_eq => x xb; rewrite /W16.(`&`) map2E initiE //=. @@ -6215,11 +6215,11 @@ proof. rewrite /(nttunpack_idx) //= initiE 1:/# => /#. + rewrite Array16.tP => j j_bnds. do (rewrite initiE 1:/# /=). - rewrite shr_shrw 1://= shrDP 1://=. + rewrite shr_shrw 1:/# shrDP 1:/#. rewrite (pmod_small _ W16.modulus); first by move : r2_bnds; smt(). - rewrite (mulzC 16 _) divzMDl 1://= (pdiv_small _ 16) 1:modz_cmp 1://= //=. - rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1://=. - rewrite of_uintK modz_dvd 1://= (pmod_small _ 4096) 1:r2_bnds 1:/#. + rewrite (mulzC 16 _) divzMDl 1:/# (pdiv_small _ 16) 1:modz_cmp 1:/# //=. + rewrite (W16.andwC (W16.of_int (2^12 - 1)) _) and_mod 1:/#. + rewrite of_uintK modz_dvd 1:/# (pmod_small _ 4096) 1:r2_bnds 1:/#. rewrite /nttunpack initiE 1:/# //=. rewrite /(nttunpack_idx) //= initiE 1:/# => /#. @@ -6230,7 +6230,7 @@ proof. rewrite /nttpack Array256.initiE 1:/# /=. do (rewrite Array256.filliE 1:nttpack_inbounds 1:/#). simplify. - do rewrite Array16.initiE 1:modz_cmp 1://=. + do rewrite Array16.initiE 1:modz_cmp 1:/#. simplify. have HH: forall j, 0 <= j < 256 => (nttunpack r{2}).[nttpack_idx.[j]] = (nttpack (nttunpack r{2})).[j]. (* TODO: add lemma; use axiom ??? *) move => j j_bnds. @@ -6311,10 +6311,10 @@ proof. have kpck_tbnds: 0 <= nttpack_idx.[k] && nttpack_idx.[k] < 128. move : (nttpack128_bounds k) k_s1 k_s2 k_s3 k_s4 k_s5 k_s6 k_s7 k_s8 => /#. rewrite -rp_def; first by move : (nttpack128_bounds k) => /#. - rewrite /nttpack (Array256.initiE (fun (i0 : int) => rp{1}.[nttpack_idx.[i0]])) 1://= //=. + rewrite /nttpack (Array256.initiE (fun (i0 : int) => rp{1}.[nttpack_idx.[i0]])) 1:/# //=. + rewrite (mulzDr 128) mulz1 => k k_lb k_ub. - do (rewrite Array256.filliE 1:/# //=). - do rewrite Array16.initiE 1:modz_cmp 1://=. + do (rewrite Array256.filliE 1:/# /=). + do rewrite Array16.initiE 1:modz_cmp 1:/#. simplify. have r2_unpack_bnds: forall (k : int), 0 <= k && k < 128 * i{2} + 128 => 0 <= (nttunpack r{2}).[k] && (nttunpack r{2}).[k] < 4096. diff --git a/proof/correctness/avx2/MLKEM_Poly_avx2_vec.ec b/proof/correctness/avx2/MLKEM_Poly_avx2_vec.ec index fbcc9c3a..2c7c39ed 100644 --- a/proof/correctness/avx2/MLKEM_Poly_avx2_vec.ec +++ b/proof/correctness/avx2/MLKEM_Poly_avx2_vec.ec @@ -34,7 +34,7 @@ module Mvec = { t0 <@ OpsV.iVMOVSLDUP_256_16u16(b); t0 <@ OpsV.iVPBLEND_8u32_16u16(a, t0, (W8.of_int 170)); - a <@ OpsV.iVPSRL_4u64(a, (W8.of_int 32)); + a <@ OpsV.iVPSRL_4u64(a, (W128.of_int 32)); t1 <@ OpsV.iVPBLEND_8u32_16u16(a, b, (W8.of_int 170)); return (t0, t1); } @@ -46,9 +46,9 @@ module Mvec = { var t0:W256.t; var t1:W256.t; - t0 <@ OpsV.iVPSLL_8u32(b, (W8.of_int 16)); + t0 <@ OpsV.iVPSLL_8u32(b, (W128.of_int 16)); r0 <@ OpsV.iVPBLEND_16u16(a, t0, (W8.of_int 170)); - t1 <@ OpsV.iVPSRL_8u32(a, (W8.of_int 16)); + t1 <@ OpsV.iVPSRL_8u32(a, (W128.of_int 16)); r1 <@ OpsV.iVPBLEND_16u16(t1, b, (W8.of_int 170)); return (r0, r1); @@ -101,7 +101,7 @@ module Mvec = { var t:W256.t; r <@ OpsV.iVPSUB_16u16(r, qx16); - t <@ OpsV.iVPSRA_16u16(r, (W8.of_int 15)); + t <@ OpsV.iVPSRA_16u16(r, (W128.of_int 15)); t <@ OpsV.iVPAND_16u16(t,qx16); r <@ OpsV.iVPADD_16u16(t, r); @@ -158,13 +158,13 @@ module Mvec = { g3 <@ OpsV.iVPSHUFD_256(f, W8.of_int (85 * i)); g3 <@ OpsV.iVPSLLV_8u32(g3, shift); g3 <@ OpsV.iVPSHUFB_256(g3, idx); - g0 <@ OpsV.iVPSLL_16u16(g3, (W8.of_int 12)); - g1 <@ OpsV.iVPSLL_16u16(g3, (W8.of_int 8)); - g2 <@ OpsV.iVPSLL_16u16(g3, (W8.of_int 4)); - g0 <@ OpsV.iVPSRA_16u16(g0, (W8.of_int 15)); - g1 <@ OpsV.iVPSRA_16u16(g1, (W8.of_int 15)); - g2 <@ OpsV.iVPSRA_16u16(g2, (W8.of_int 15)); - g3 <@ OpsV.iVPSRA_16u16(g3, (W8.of_int 15)); + g0 <@ OpsV.iVPSLL_16u16(g3, (W128.of_int 12)); + g1 <@ OpsV.iVPSLL_16u16(g3, (W128.of_int 8)); + g2 <@ OpsV.iVPSLL_16u16(g3, (W128.of_int 4)); + g0 <@ OpsV.iVPSRA_16u16(g0, (W128.of_int 15)); + g1 <@ OpsV.iVPSRA_16u16(g1, (W128.of_int 15)); + g2 <@ OpsV.iVPSRA_16u16(g2, (W128.of_int 15)); + g3 <@ OpsV.iVPSRA_16u16(g3, (W128.of_int 15)); g0 <@ OpsV.iVPAND_16u16(g0, hqs); g1 <@ OpsV.iVPAND_16u16(g1, hqs); g2 <@ OpsV.iVPAND_16u16(g2, hqs); @@ -233,8 +233,8 @@ module Mvec = { f1 <- (get256 (WArray512.init16 (fun i => a.[i])) ((2 * i) + 1)); f0 <@ OpsV.iVPSUB_16u16(hq, f0); f1 <@ OpsV.iVPSUB_16u16(hq, f1); - g0 <@ OpsV.iVPSRA_16u16(f0, (W8.of_int 15)); - g1 <@ OpsV.iVPSRA_16u16(f1, (W8.of_int 15)); + g0 <@ OpsV.iVPSRA_16u16(f0, (W128.of_int 15)); + g1 <@ OpsV.iVPSRA_16u16(f1, (W128.of_int 15)); f0 <@ OpsV.iVPXOR_16u16(f0, g0); f1 <@ OpsV.iVPXOR_16u16(f1, g1); f0 <@ OpsV.iVPSUB_16u16(f0, hhq); @@ -254,7 +254,7 @@ module Mvec = { var x:W256.t; x <@ OpsV.iVPMULH_256(r, vx16); - x <@ OpsV.iVPSRA_16u16(x, (W8.of_int 10)); + x <@ OpsV.iVPSRA_16u16(x, (W128.of_int 10)); x <@ OpsV.iVPMULL_16u16(x, qx16); r <@ OpsV.iVPSUB_16u16(r, x); return (r); @@ -539,14 +539,14 @@ module Mvec = { zero <- W256.zero ; y <@ OpsV.iVPBLEND_16u16(a0, zero, (W8.of_int 170)); z <@ OpsV.iVPBLEND_16u16(a1, zero, (W8.of_int 170)); - a0 <@ OpsV.iVPSRL_8u32(a0, (W8.of_int 16)); - a1 <@ OpsV.iVPSRL_8u32(a1, (W8.of_int 16)); + a0 <@ OpsV.iVPSRL_8u32(a0, (W128.of_int 16)); + a1 <@ OpsV.iVPSRL_8u32(a1, (W128.of_int 16)); z <@ OpsV.iVPACKUS_8u32(y, z); a0 <@ OpsV.iVPACKUS_8u32(a0, a1); y <@ OpsV.iVPBLEND_16u16(b0, zero, (W8.of_int 170)); x <@ OpsV.iVPBLEND_16u16(b1, zero, (W8.of_int 170)); - b0 <@ OpsV.iVPSRL_8u32(b0, (W8.of_int 16)); - b1 <@ OpsV.iVPSRL_8u32(b1, (W8.of_int 16)); + b0 <@ OpsV.iVPSRL_8u32(b0, (W128.of_int 16)); + b1 <@ OpsV.iVPSRL_8u32(b1, (W128.of_int 16)); y <@ OpsV.iVPACKUS_8u32(y, x); b0 <@ OpsV.iVPACKUS_8u32(b0, b1); z <@ OpsV.iVPMULL_16u16(z, qinvx16); @@ -659,21 +659,21 @@ module Mvec = { t5 <- (get256 (WArray512.init16 (fun i => a.[i])) ((8 * i) + 5)); t6 <- (get256 (WArray512.init16 (fun i => a.[i])) ((8 * i) + 6)); t7 <- (get256 (WArray512.init16 (fun i => a.[i])) ((8 * i) + 7)); - tt <@ OpsV.iVPSLL_16u16(t1, (W8.of_int 12)); + tt <@ OpsV.iVPSLL_16u16(t1, (W128.of_int 12)); tt <@ OpsV.iVPOR_16u16(tt, t0); - t0 <@ OpsV.iVPSRL_16u16(t1, (W8.of_int 4)); - t1 <@ OpsV.iVPSLL_16u16(t2, (W8.of_int 8)); + t0 <@ OpsV.iVPSRL_16u16(t1, (W128.of_int 4)); + t1 <@ OpsV.iVPSLL_16u16(t2, (W128.of_int 8)); t0 <@ OpsV.iVPOR_16u16(t0, t1); - t1 <@ OpsV.iVPSRL_16u16(t2, (W8.of_int 8)); - t2 <@ OpsV.iVPSLL_16u16(t3, (W8.of_int 4)); + t1 <@ OpsV.iVPSRL_16u16(t2, (W128.of_int 8)); + t2 <@ OpsV.iVPSLL_16u16(t3, (W128.of_int 4)); t1 <@ OpsV.iVPOR_16u16(t1, t2); - t2 <@ OpsV.iVPSLL_16u16(t5, (W8.of_int 12)); + t2 <@ OpsV.iVPSLL_16u16(t5, (W128.of_int 12)); t2 <@ OpsV.iVPOR_16u16(t2, t4); - t3 <@ OpsV.iVPSRL_16u16(t5, (W8.of_int 4)); - t4 <@ OpsV.iVPSLL_16u16(t6, (W8.of_int 8)); + t3 <@ OpsV.iVPSRL_16u16(t5, (W128.of_int 4)); + t4 <@ OpsV.iVPSLL_16u16(t6, (W128.of_int 8)); t3 <@ OpsV.iVPOR_16u16(t3, t4); - t4 <@ OpsV.iVPSRL_16u16(t6, (W8.of_int 8)); - t5 <@ OpsV.iVPSLL_16u16(t7, (W8.of_int 4)); + t4 <@ OpsV.iVPSRL_16u16(t6, (W128.of_int 8)); + t5 <@ OpsV.iVPSLL_16u16(t7, (W128.of_int 4)); t4 <@ OpsV.iVPOR_16u16(t4, t5); (ttt, t0) <@ shuffle1 (tt, t0); (tt, t2) <@ shuffle1 (t1, t2); @@ -742,27 +742,27 @@ module Mvec = { (t0, t4) <@ shuffle1 (t1, t4); (t1, t5) <@ shuffle1 (t2, t5); - t7 <@ OpsV.iVPSRL_16u16(t6, (W8.of_int 12)); - t8 <@ OpsV.iVPSLL_16u16(t3, (W8.of_int 4)); + t7 <@ OpsV.iVPSRL_16u16(t6, (W128.of_int 12)); + t8 <@ OpsV.iVPSLL_16u16(t3, (W128.of_int 4)); t7 <@ OpsV.iVPOR_16u16(t7, t8); t6 <@ OpsV.iVPAND_16u16(mask, t6); t7 <@ OpsV.iVPAND_16u16(mask, t7); - t8 <@ OpsV.iVPSRL_16u16(t3, (W8.of_int 8)); - t9 <@ OpsV.iVPSLL_16u16(t0, (W8.of_int 8)); + t8 <@ OpsV.iVPSRL_16u16(t3, (W128.of_int 8)); + t9 <@ OpsV.iVPSLL_16u16(t0, (W128.of_int 8)); t8 <@ OpsV.iVPOR_16u16(t8, t9); t8 <@ OpsV.iVPAND_16u16(mask, t8); - t9 <@ OpsV.iVPSRL_16u16(t0, (W8.of_int 4)); + t9 <@ OpsV.iVPSRL_16u16(t0, (W128.of_int 4)); t9 <@ OpsV.iVPAND_16u16(mask, t9); - t10 <@ OpsV.iVPSRL_16u16(t4, (W8.of_int 12)); - t11 <@ OpsV.iVPSLL_16u16(t1, (W8.of_int 4)); + t10 <@ OpsV.iVPSRL_16u16(t4, (W128.of_int 12)); + t11 <@ OpsV.iVPSLL_16u16(t1, (W128.of_int 4)); t10 <@ OpsV.iVPOR_16u16(t10, t11); t4 <@ OpsV.iVPAND_16u16(mask, t4); t10 <@ OpsV.iVPAND_16u16(mask, t10); - t11 <@ OpsV.iVPSRL_16u16(t1, (W8.of_int 8)); - tt <@ OpsV.iVPSLL_16u16(t5, (W8.of_int 8)); + t11 <@ OpsV.iVPSRL_16u16(t1, (W128.of_int 8)); + tt <@ OpsV.iVPSLL_16u16(t5, (W128.of_int 8)); t11 <@ OpsV.iVPOR_16u16(t11, tt); t11 <@ OpsV.iVPAND_16u16(mask, t11); - tt <@ OpsV.iVPSRL_16u16(t5, (W8.of_int 4)); + tt <@ OpsV.iVPSRL_16u16(t5, (W128.of_int 4)); tt <@ OpsV.iVPAND_16u16(mask, tt); rp <- diff --git a/proof/correctness/avx2/NTT_AVX_j.ec b/proof/correctness/avx2/NTT_AVX_j.ec index 46ebdf52..1b30e1d1 100644 --- a/proof/correctness/avx2/NTT_AVX_j.ec +++ b/proof/correctness/avx2/NTT_AVX_j.ec @@ -895,7 +895,7 @@ qed. lemma VPSRL_8u32_16 x k: 0 <= k < 16 => - (VPSRL_8u32 x (W8.of_int 16)) \bits16 k + (VPSRL_8u32 x (W128.of_int 16)) \bits16 k = if k%%2 = 0 then x \bits16 k+1 else W16.zero. @@ -1039,11 +1039,12 @@ do 8! (pose X:= a1{m} \bits32 _; rewrite (W32_unpack16E X) /X W256_bits32_bits16 1:// /= => {X}). move=> |> *. -do 15! (split; first by - rewrite packus_4u32_0H 1:/# /= VPBLENDW_256_170 //= 1:/# - packus_4u32_0H 1:/# W256_bits128_bits16 //= VPSRL_8u32_16 //= /#). -by rewrite packus_4u32_0H 1:/# /= VPBLENDW_256_170 //= 1:/# - packus_4u32_0H 1:/# W256_bits128_bits16 //= VPSRL_8u32_16 //= /#. +do split; +(rewrite !packus_4u32_0H /=; 1..3: +rewrite ?VPBLENDW_256_170 /#;[ +by rewrite VPSRL_8u32_16 1:/#/=| +by rewrite VPBLENDW_256_170 /= 1:/# + VPSRL_8u32_16 /= /#]). qed. phoare interleave_u16_ph b _x: @@ -1496,7 +1497,7 @@ seq 3 3: (#[/:4]pre /\ wp; call cmpl_mulx16_eq; auto => &1 &2 /> _ _ Hq. rewrite -{2}iotaredE /= => /> ??. move=> Hz *; rewrite -{2}iotaredE /=. - by rewrite (P2RS rp{1}) (P2CS r{2}) !PUR_i //= !PUC_i //= !P2R_i //= !P2C_i //=. + by rewrite (P2RS rp{1}) (P2CS r{2}) !PUR_i 1..4:/# /= !PUC_i /= 1..4:/# !P2R_i /= 1..32:/# !P2C_i /=. by auto. qed. @@ -1795,8 +1796,7 @@ proc; simplify. wp; skip => |> &m. rewrite !x16_spec_bits16 => Hq Hv. rewrite -!iotaredE /VPSUB_16u16 /VPMULL_16u16 /VPMULH_16u16 /VPSRA_16u16 /R2C /= => |> *. -do split; -move : (sbred16_spec);smt(). +do split;(move : sbred16_spec);rewrite /sbred16 /(`|>>`) /=; smt(). qed. phoare __red16x_ph n x: @@ -1861,7 +1861,10 @@ seq 6 35: (x16_spec q qx16{2} /\ zetasp{2}=zetas_op /\ i{2}=0 /\ move: Hpre; rewrite -{2}iotaredE /= => |> *. rewrite (P2RS rp{2}) /= !PUR_i //= !P2R_i //= => |> *. rewrite (P2RS rp{2}) /= !PUR_i //= => |> *. - by rewrite !P2R_i 1..40:// !P2C_i //. + do 16!(rewrite P2R_i 1,2://). + simplify. + do 16!(rewrite P2C_i 1,2://). + simplify. smt(). unroll {2} 1; rcondt {2} 1. by move=> &m; skip => /=. seq 10 8: (#[/:11]pre /\ diff --git a/proof/eclib/JWord_extra.ec b/proof/eclib/JWord_extra.ec index 50de9ab5..2a12bc7e 100644 --- a/proof/eclib/JWord_extra.ec +++ b/proof/eclib/JWord_extra.ec @@ -77,7 +77,7 @@ lemma W16_msb_sar (w: W16.t) k: msb (sar w k) = msb w. proof. move=> Hk. -rewrite !W16_msbE /(`|>>`) /sar /(`|>>>`) /= /#. +by rewrite !W16_msbE /(`|>>`) /sar /(`|>>>`) /= /#. qed. lemma W16_msb_sign (w: W16.t): @@ -110,7 +110,7 @@ lemma W16_sar_pos (w: W16.t) k: proof. rewrite W16_msbE /= => Hk Hpos. apply W16.ext_eq => i Hi. -rewrite /sar /(`|>>>`) initiE //=. +rewrite /sar /(`|>>>`) initiE //=. rewrite /(`>>>`) Hi /=. case: (W16.size-1 < (i + k)) => E. by rewrite lez_minl 1:/# eq_sym get_out /#. @@ -135,7 +135,7 @@ lemma W16_sarE_neg (w: W16.t) k: proof. rewrite W16_msbE /= => Hk Hmsb. apply W16.ext_eq => i Hi. -rewrite /sar /(`|>>>`) initiE //=. +rewrite /sar /(`|>>>`) initiE //=. rewrite /(`>>>`) !Hi //=. have ->/=: 0 <= i + k by smt(). case: (i + k < W16.size) => C. @@ -260,7 +260,7 @@ lemma W32_msb_sar (w: W32.t) k: msb (sar w k) = msb w. proof. move=> Hk. -by rewrite !W32_msbE /(`|>>`) /sar /= /#. +by rewrite !W32_msbE /(`|>>`) /sar /(`|>>>`) /= /#. qed. lemma W32_msb_sign (w: W32.t): @@ -293,7 +293,7 @@ lemma W32_sar_pos (w: W32.t) k: proof. rewrite W32_msbE /= => Hk Hpos. apply W32.ext_eq => i Hi. -rewrite /sar initiE //=. +rewrite /sar /(`|>>>`) initiE //=. rewrite /(`>>>`) Hi /=. case: (W32.size-1 < (i + k)) => E. by rewrite lez_minl 1:/# eq_sym get_out /#. @@ -318,7 +318,7 @@ lemma W32_sarE_neg (w: W32.t) k: proof. rewrite W32_msbE /= => Hk Hmsb. apply W32.ext_eq => i Hi. -rewrite /sar initiE //=. +rewrite /sar /(`|>>>`) initiE //=. rewrite /(`>>>`) !Hi //=. have ->/=: 0 <= i + k by smt(). case: (i + k < W32.size) => C. diff --git a/proof/eclib/bindings.ec b/proof/eclib/bindings.ec index d120e103..aea816ee 100644 --- a/proof/eclib/bindings.ec +++ b/proof/eclib/bindings.ec @@ -1,12 +1,12 @@ require import AllCore List IntDiv QFABV. - - -from Jasmin require import JModel. -require import Array4 Array32 Array256 Array768 Array960. +from Jasmin require import JModel_x86. +require import Array4 Array5 Array6 Array7 Array9 Array24 Array25 Array32 Array256 Array768 Array960. require import WArray32 WArray512 WArray960 WArray1536. import BitEncoding BS2Int BitChunking. +require import JWord_extra. + (* ----------- BEGIN BOOL BINDINGS ---------- *) op bool2bits (b : bool) : bool list = [b]. op bits2bool (b: bool list) : bool = List.nth false b 0. @@ -22,6 +22,8 @@ realize ofintP by rewrite /bits2bool /int2bs => i; rewrite (nth_mkseq false) //. realize touintP by rewrite /bool2bits /= => bv; rewrite bs2int_cons bs2int_nil /=. realize tosintP by move => bv => //. +bind op bool (/\) "and". +realize bvandP by move=> bv1 bv2; rewrite /bool2bits /#. (* ----------- BEGIN W8 BINDINGS ---------- *) bind bitstring W8.w2bits W8.bits2w W8.to_uint W8.to_sint W8.of_int W8.t 8. @@ -33,14 +35,36 @@ realize tosintP. move => bv /=;rewrite /to_sint /smod /BVA_Top_JWord_W8_t.msb. have -> /=: nth false (w2bits bv) (8 - 1) = 2 ^ (8 - 1) <= to_uint bv; last by smt(). rewrite /to_uint. rewrite -{2}(cat_take_drop 7 (w2bits bv)). -rewrite bs2int_cat size_take // W8.size_w2bits /=. -rewrite -bs2int_div //= get_to_uint //=. -rewrite -bs2int_mod // /= /to_uint. +rewrite bs2int_cat size_take 1:// W8.size_w2bits /=. +rewrite -bs2int_div 1:// /= get_to_uint /=. +rewrite -bs2int_mod 1:// /= /to_uint. by smt(bs2int_range mem_range W8.size_w2bits pow2_8). qed. realize touintP by smt(). -(* ___________ BEGIN W10 BINDINGS -----------*) + +(* -------------------------------------------------------------------- *) +bind op [W8.t & bool] W8."_.[_]" "get". + +realize bvgetP by done. + +(* -------------------------------------------------------------------- *) +bind op W8.t W8.andw "and". + +realize bvandP. +proof. +move=> w1 w2; apply/(eq_from_nth witness). +- by rewrite size_map size_zip !size_w2bits. +rewrite size_w2bits => i rg_i; rewrite (nth_map witness) /=. +- by rewrite size_zip !size_w2bits. +rewrite nth_zip_cond /= size_zip !size_w2bits lez_minl 1:// /=. +rewrite 2?iftrue ~-1:/# /=. +rewrite [nth _ (w2bits w1) _](nth_change_dfl false) ?size_w2bits 1:/#. +rewrite [nth _ (w2bits w2) _](nth_change_dfl false) ?size_w2bits 1:/#. +by rewrite !get_w2bits w2bitsE nth_mkseq //#. +qed. + +(* ----------- BEGIN W10 BINDINGS -----------*) theory W10. abbrev [-printing] size = 10. @@ -60,14 +84,44 @@ realize tosintP. move => bv /=;rewrite /to_sint /smod /BVA_Top_W10_t.msb. have -> /=: nth false (w2bits bv) (10 - 1) = 2 ^ (10 - 1) <= to_uint bv; last by smt(). rewrite /to_uint. rewrite -{2}(cat_take_drop 9 (w2bits bv)). -rewrite bs2int_cat size_take // W10.size_w2bits /=. -rewrite -bs2int_div //= get_to_uint //=. -rewrite -bs2int_mod // /= /to_uint. +rewrite bs2int_cat size_take 1:// W10.size_w2bits /=. +rewrite -bs2int_div 1:// /= get_to_uint /=. +rewrite -bs2int_mod 1:// /= /to_uint. have ? : 2^10 = 1024 by rewrite /=. by smt(bs2int_range mem_range W10.size_w2bits). qed. realize touintP by smt(). +(* ----------- BEGIN W12 BINDINGS -----------*) + +theory W12. + abbrev [-printing] size = 12. + clone include BitWordSH with op size <- size + rename "_XX" as "_12" + proof gt0_size by done, size_le_256 by done. +end W12. + +import W12. + +(* -------------------------------------------------------------------- *) +bind bitstring W12.w2bits W12.bits2w W12.to_uint W12.to_sint W12.of_int W12.t 12. +realize size_tolist by auto. +realize tolistP by auto. +realize oflistP by smt(W12.bits2wK). +realize ofintP by move=> *; rewrite /of_int int2bs_mod. +realize touintP by smt(). + +realize tosintP. +proof. +move=> bv /= @/to_sint @/smod @/msb. +rewrite (_ : nth _ _ _ = 2 ^ (12 - 1) <= to_uint bv) -1:/#. +rewrite /to_uint -{2}(cat_take_drop 11 (w2bits bv)). +rewrite bs2int_cat size_take 1:// W12.size_w2bits /=. +rewrite -bs2int_div 1:// /= get_to_uint /=. +rewrite -bs2int_mod 1:// /= /to_uint. +have ?: W12.modulus = 4096 by done. +by smt(bs2int_range mem_range W12.size_w2bits). +qed. (* ----------- BEGIN W16 BINDINGS ---------- *) @@ -80,9 +134,9 @@ realize tosintP. move => bv /=;rewrite /to_sint /smod /BVA_Top_JWord_W16_t.msb. have -> /=: nth false (w2bits bv) (16 - 1) = 2 ^ (16 - 1) <= to_uint bv; last by smt(). rewrite /to_uint. rewrite -{2}(cat_take_drop 15 (w2bits bv)). -rewrite bs2int_cat size_take // W16.size_w2bits /=. -rewrite -bs2int_div //= get_to_uint //=. -rewrite -bs2int_mod // /= /to_uint. +rewrite bs2int_cat size_take 1:// W16.size_w2bits /=. +rewrite -bs2int_div 1:// /= get_to_uint /=. +rewrite -bs2int_mod 1:// /= /to_uint. by smt(bs2int_range mem_range W16.size_w2bits pow2_16). qed. realize touintP by smt(). @@ -91,8 +145,10 @@ bind op W16.t W16.( + ) "add". realize bvaddP by exact W16.to_uintD. bind op [bool & W16.t] W16.\ult "ult". -realize bvultP by admit. (* FIXME: NO SEMANTICS FOR ult *) +realize bvultP by move=> bv1 bv2; rewrite W16.ultE /#. +bind op [bool & W16.t] W16.\slt "slt". +realize bvsltP by move=> w1 w2; rewrite W16.sltE /#. bind op W16.t W16.andw "and". realize bvandP. @@ -128,7 +184,11 @@ rewrite /sll_16 => bv1 bv2. case : (16 <= to_uint bv2); last first. + rewrite /(`<<`) W16.to_uint_shl; 1: by smt(W8.to_uint_cmp). rewrite /truncateu8 => bv2bnd />. - do 2! (rewrite (pmod_small (to_uint bv2) _);smt(W16.to_uint_cmp pow2_16)). + rewrite (pmod_small (to_uint bv2) _). + smt(W16.to_uint_cmp). + rewrite (pmod_small (to_uint bv2) _). + smt(W16.to_uint_cmp). + done. move => *. have -> : to_uint bv2 = (to_uint bv2 - 16) + 16 by ring. by rewrite exprD_nneg 1,2:/# /= /#. @@ -136,18 +196,16 @@ qed. op sra_16 (w1 w2 : W16.t) : W16.t = +W16.sar w1 (to_uint w2). +(* if (16 <= to_uint w2) then W16.zero else w1 `|>>` (truncateu8 w2). +*) bind op [W16.t] sra_16 "ashr". realize bvashrP. -rewrite /sra_16 => bv1 bv2. -case : (16 <= to_uint bv2); last by admit. -move => *. -have -> : to_uint bv2 = (to_uint bv2 - 16) + 16 by ring. -rewrite exprD_nneg 1,2:/# /= mulrC. by admit. +move=> bv1 bv2; rewrite W16_sar_div; smt(W16.to_uint_cmp). qed. - op srl_16 (w1 w2 : W16.t) : W16.t = if 16 <= (to_uint w2) then W16.zero else w1 `>>` (truncateu8 w2). @@ -158,7 +216,7 @@ rewrite /srl_16 => bv1 bv2. case : (16 <= to_uint bv2); last first. + rewrite /(`>>`) W16.to_uint_shr; 1: by smt(W8.to_uint_cmp). rewrite /truncateu8 => bv2bnd />. - do 2! (rewrite (pmod_small (to_uint bv2) _);smt(W16.to_uint_cmp)). + rewrite (pmod_small (to_uint bv2) _); smt(W16.to_uint_cmp). move => *. have -> : to_uint bv2 = (to_uint bv2 - 16) + 16 by ring. rewrite exprD_nneg 1,2:/# /=. @@ -168,11 +226,11 @@ qed. bind op [W16.t & W8.t] W2u8.truncateu8 "truncate". realize bvtruncateP. -move => mv; rewrite /truncateu8 /W16.w2bits take_mkseq //= /w2bits. +move => mv; rewrite /truncateu8 /W16.w2bits take_mkseq 1:// /= /w2bits. apply (eq_from_nth witness);1: by smt(size_mkseq). move => i; rewrite size_mkseq /= /max /= => ib. -rewrite !nth_mkseq // /of_int /to_uint /= get_bits2w // - nth_mkseq //= get_to_uint //= /to_uint /=. +rewrite !nth_mkseq 1..2:// /of_int /to_uint /= get_bits2w 1:// + nth_mkseq 1:// /= get_to_uint 1:// /= /to_uint /=. have -> /=: (0 <= i && i < 16) by smt(). pose a := bs2int (w2bits mv). rewrite {1}(divz_eq a (2^(8-i)*2^i)) !mulrA divzMDl; @@ -198,9 +256,9 @@ realize tosintP. move => bv /=;rewrite /to_sint /smod /BVA_Top_JWord_W32_t.msb. have -> /=: nth false (w2bits bv) (32 - 1) = 2 ^ (32 - 1) <= to_uint bv; last by smt(). rewrite /to_uint. rewrite -{2}(cat_take_drop 31 (w2bits bv)). -rewrite bs2int_cat size_take // W32.size_w2bits /=. -rewrite -bs2int_div //= get_to_uint //=. -rewrite -bs2int_mod // /= /to_uint. +rewrite bs2int_cat size_take 1:// W32.size_w2bits /=. +rewrite -bs2int_div 1:// /= get_to_uint /=. +rewrite -bs2int_mod 1:// /= /to_uint. by smt(bs2int_range mem_range W32.size_w2bits pow2_32). qed. realize touintP by smt(). @@ -247,13 +305,12 @@ rewrite /sll_32 => bv1 bv2. case : (32 <= to_uint bv2); last first. + rewrite /(`<<`) W32.to_uint_shl; 1: by smt(W8.to_uint_cmp). rewrite /truncateu8 => bv2bnd />. - do 2! (rewrite (pmod_small (to_uint bv2) _);smt(W32.to_uint_cmp pow2_32)). + rewrite (pmod_small (to_uint bv2) _); smt(W32.to_uint_cmp). move => *. have -> : to_uint bv2 = (to_uint bv2 - 32) + 32 by ring. by rewrite exprD_nneg 1,2:/# /= /#. qed. - op srl_32 (w1 w2 : W32.t) : W32.t = if 32 <= (to_uint w2) then W32.zero else w1 `>>` (truncateu8 w2). @@ -264,7 +321,7 @@ rewrite /srl_32 => bv1 bv2. case : (32 <= to_uint bv2); last first. + rewrite /(`>>`) W32.to_uint_shr; 1: by smt(W8.to_uint_cmp). rewrite /truncateu8 => bv2bnd />. - do 2! (rewrite (pmod_small (to_uint bv2) _);smt(W32.to_uint_cmp)). + rewrite (pmod_small (to_uint bv2) _); smt(W32.to_uint_cmp). move => *. have -> : to_uint bv2 = (to_uint bv2 - 32) + 32 by ring. rewrite exprD_nneg 1,2:/# /=. @@ -272,15 +329,14 @@ smt(StdOrder.IntOrder.expr_gt0 W32.to_uint_cmp pow2_32). qed. op sra_32 (w1 w2 : W32.t) : W32.t = + W32.sar w1 (to_uint w2). +(* if (32 <= to_uint w2) then W32.zero else w1 `|>>` (truncateu8 w2). +*) bind op [W32.t] sra_32 "ashr". realize bvashrP. -rewrite /sra_32 => bv1 bv2. -case : (32 <= to_uint bv2 < 32); last by admit. -move => *. -have -> : to_uint bv2 = (to_uint bv2 - 32) + 32 by ring. -rewrite exprD_nneg 1,2:/# /= mulrC. by admit. +move => bv1 bv2; rewrite W32_sar_div; smt(W32.to_uint_cmp). qed. bind op [W16.t & W32.t] W2u16.zeroextu32 "zextend". @@ -295,11 +351,11 @@ qed. bind op [W32.t & W8.t] W4u8.truncateu8 "truncate". realize bvtruncateP. -move => mv; rewrite /truncateu8 /W32.w2bits take_mkseq //= /w2bits. +move => mv; rewrite /truncateu8 /W32.w2bits take_mkseq 1:// /= /w2bits. apply (eq_from_nth witness);1: by smt(size_mkseq). move => i; rewrite size_mkseq /= /max /= => ib. -rewrite !nth_mkseq // /of_int /to_uint /= get_bits2w // - nth_mkseq //= get_to_uint //= /to_uint /=. +rewrite !nth_mkseq 1..2:// /of_int /to_uint /= get_bits2w 1:// + nth_mkseq 1:// /= get_to_uint /= /to_uint /=. have -> /=: (0 <= i && i < 32) by smt(). pose a := bs2int (w2bits mv). rewrite {1}(divz_eq a (2^(8-i)*2^i)) !mulrA divzMDl; @@ -315,11 +371,11 @@ qed. bind op [W32.t & W16.t] W2u16.truncateu16 "truncate". realize bvtruncateP. -move => mv; rewrite /truncateu16 /W32.w2bits take_mkseq //= /w2bits. +move => mv; rewrite /truncateu16 /W32.w2bits take_mkseq 1:// /= /w2bits. apply (eq_from_nth witness);1: by smt(size_mkseq). move => i; rewrite size_mkseq /= /max /= => ib. -rewrite !nth_mkseq // /of_int /to_uint /= get_bits2w // - nth_mkseq //= get_to_uint //= /to_uint /=. +rewrite !nth_mkseq 1..2:// /of_int /to_uint /= get_bits2w 1:// + nth_mkseq 1:// /= get_to_uint /= /to_uint /=. have -> /=: (0 <= i && i < 32) by smt(). pose a := bs2int (w2bits mv). rewrite {1}(divz_eq a (2^(16-i)*2^i)) !mulrA divzMDl; @@ -343,13 +399,43 @@ realize tosintP. move => bv /=;rewrite /to_sint /smod /BVA_Top_JWord_W64_t.msb. have -> /=: nth false (w2bits bv) (64 - 1) = 2 ^ (64 - 1) <= to_uint bv; last by smt(). rewrite /to_uint. rewrite -{2}(cat_take_drop 63 (w2bits bv)). -rewrite bs2int_cat size_take // W64.size_w2bits /=. -rewrite -bs2int_div //= get_to_uint //=. -rewrite -bs2int_mod // /= /to_uint. +rewrite bs2int_cat size_take 1:// W64.size_w2bits /=. +rewrite -bs2int_div 1:// /= get_to_uint /=. +rewrite -bs2int_mod 1:// /= /to_uint. by smt(bs2int_range mem_range W64.size_w2bits pow2_64). qed. realize touintP by smt(). +(*[size_flatten] (for uniform inner lists) *) +lemma size_flatten' ['a] sz (ss: 'a list list): + (forall x, x\in ss => size x = sz) => + size (flatten ss) = sz*size ss. +proof. +move=> H; rewrite size_flatten. +rewrite StdBigop.Bigint.sumzE. +rewrite StdBigop.Bigint.BIA.big_map. +rewrite -(StdBigop.Bigint.BIA.eq_big_seq (fun _ => sz)) /=. + by move=> x Hx; rewrite /(\o) /= H. +by rewrite StdBigop.Bigint.big_constz count_predT. +qed. + +bind op [bool & W64.t] W64.init "init". +realize bvinitP. +move=> f; apply (eq_from_nth false). + rewrite (size_flatten' 1). + move=> x /mkseqP [y [Hy ->]] /=. + exact BVA_Top_Pervasive_bool.size_tolist. + by rewrite size_w2bits size_mkseq /#. +rewrite size_w2bits => i Hi. +rewrite get_w2bits (BitEncoding.BitChunking.nth_flatten false 1 _). + apply/List.allP => x /mkseqP [y [Hy ->]] /=. + exact BVA_Top_Pervasive_bool.size_tolist. +by rewrite (:i %% 1 = 0) 1:/# nth_mkseq 1:/# /bool2bits initiE /=. +qed. + +bind op [W64.t & bool] W64."_.[_]" "get". +realize bvgetP by rewrite /bool2bits. + bind op W64.t W64.( + ) "add". realize bvaddP by exact W64.to_uintD. @@ -365,6 +451,32 @@ rewrite initiE 1:/# (nth_map (false,false)) /=;1: rewrite size_zip !size_w2bits by rewrite !nth_zip /=;1:smt(W64.size_w2bits). qed. +bind op W64.t W64.orw "or". +realize bvorP. +rewrite /orw /map2 => bv1 bv2. +apply (eq_from_nth false);1: rewrite size_map size_zip !size_w2bits /#. +move => i; rewrite size_w2bits /= => ib. +rewrite initiE 1:/# (nth_map (false,false)) /=;1: rewrite size_zip !size_w2bits /#. +by rewrite !nth_zip /=;1:smt(W64.size_w2bits). +qed. + +bind op [W64.t] W64.(+^) "xor". +realize bvxorP. +move => bv1 bv2. +apply (eq_from_nth false); 1: rewrite !size_map size_zip !size_w2bits /#. +move => i; rewrite size_w2bits /= => ib. +rewrite (nth_map (false,false)) /=; 1: rewrite size_zip !size_w2bits /#. +by rewrite !nth_zip /=; 1:smt(W64.size_w2bits). +qed. + +bind op [W64.t] W64.invw "not". +realize bvnotP. +move=> bv1. +apply (eq_from_nth false); 1: rewrite !size_map size_w2bits /#. +move => i; rewrite size_w2bits /= => ib. +by rewrite (nth_map false) 1:// /= /#. +qed. + op srl_64 (w1 w2 : W64.t) : W64.t = if (64 <= to_uint w2) then W64.zero else w1 `>>` (truncateu8 w2). @@ -375,7 +487,7 @@ rewrite /srl_64 => bv1 bv2. case : (64 <= to_uint bv2); last first. + rewrite /(`>>`) W64.to_uint_shr; 1: by smt(W8.to_uint_cmp). rewrite /truncateu8 => bv2bnd />. - do 2! (rewrite (pmod_small (to_uint bv2) _);smt(W64.to_uint_cmp)). + rewrite (pmod_small (to_uint bv2) _); smt(W64.to_uint_cmp). move => *. have -> : to_uint bv2 = (to_uint bv2 - 64) + 64 by ring. rewrite exprD_nneg 1,2:/# /=. @@ -383,17 +495,43 @@ smt(StdOrder.IntOrder.expr_gt0 W64.to_uint_cmp pow2_64). qed. +op sll_64 (w1 w2 : W64.t) : W64.t = + if (64 <= to_uint w2) then W64.zero else w1 `<<` (truncateu8 w2). + +bind op [W64.t] sll_64 "shl". +realize bvshlP. +proof. +rewrite /sll_64 => bv1 bv2. +case : (64 <= to_uint bv2); last first. ++ rewrite /(`<<`) W64.to_uint_shl; 1: by smt(W8.to_uint_cmp). + rewrite /truncateu8 => bv2bnd />. + rewrite (pmod_small (to_uint bv2) _);smt(W64.to_uint_cmp). +move => *. +have -> : to_uint bv2 = (to_uint bv2 - 64) + 64 by ring. +by rewrite exprD_nneg 1,2:/# /= /#. +qed. + +op rol_64 (w1 w2 : W64.t): W64.t = + w1 `|<<<|` to_uint w2. + +bind op [W64.t] rol_64 "rol". +realize bvrolP. +rewrite /rol_64=> bv1 bv2 i Hi. +by rewrite !get_w2bits rolE initiE. +qed. + + bind op [W16.t & W64.t] W4u16.zeroextu64 "zextend". realize bvzextendP by move => bv; rewrite /zeroextu64 /= of_uintK /=; smt(W16.to_uint_cmp pow2_16). bind op [W64.t & W16.t] W4u16.truncateu16 "truncate". realize bvtruncateP. -move => mv; rewrite /truncateu16 /W64.w2bits take_mkseq //= /w2bits. +move => mv; rewrite /truncateu16 /W64.w2bits take_mkseq 1:// /= /w2bits. apply (eq_from_nth witness);1: by smt(size_mkseq). move => i; rewrite size_mkseq /= /max /= => ib. -rewrite !nth_mkseq // /of_int /to_uint /= get_bits2w // - nth_mkseq //= get_to_uint //= /to_uint /=. +rewrite !nth_mkseq 1:// /of_int /to_uint 1:// /= get_bits2w 1:// + nth_mkseq 1:// /= get_to_uint /= /to_uint /=. have -> /=: (0 <= i && i < 64) by smt(). pose a := bs2int (w2bits mv). rewrite {1}(divz_eq a (2^(16-i)*2^i)) !mulrA divzMDl; @@ -406,41 +544,23 @@ by have -> : (2 ^ (16 - i) * 2 ^ i) = 65536; 1,2:/# /= -!addrA /= | done ]. qed. - -op sll_64 (w1 w2 : W64.t) : W64.t = - if (64 <= to_uint w2) then W64.zero else w1 `<<` (truncateu8 w2). - -bind op [W64.t] sll_64 "shl". -realize bvshlP. -proof. -rewrite /sll_64 => bv1 bv2. -case : (64 <= to_uint bv2); last first. -+ rewrite /(`<<`) W64.to_uint_shl; 1: by smt(W8.to_uint_cmp). - rewrite /truncateu8 => bv2bnd />. - do 2! (rewrite (pmod_small (to_uint bv2) _);smt(W64.to_uint_cmp)). -move => *. -have -> : to_uint bv2 = (to_uint bv2 - 64) + 64 by ring. -by rewrite exprD_nneg 1,2:/# /= /#. -qed. - - op truncate64_10 (bw: W64.t) : W10.t = W10.bits2w (W64.w2bits bw). bind op [W64.t & W10.t] truncate64_10 "truncate". realize bvtruncateP. -move => mv. rewrite /truncate64_10 /W64.w2bits take_mkseq //= /w2bits. +move => mv. rewrite /truncate64_10 /W64.w2bits take_mkseq 1:// /= /w2bits. apply (eq_from_nth witness);1: by smt(size_mkseq). move => i; rewrite size_mkseq /= /max /= => ib. -by rewrite !nth_mkseq // /bits2w initiE //= nth_mkseq /#. +by rewrite !nth_mkseq 1..2:// /bits2w initiE 1:// /= nth_mkseq /#. qed. bind op [W64.t & W8.t] W8u8.truncateu8 "truncate". realize bvtruncateP. (* generalize *) -move => mv; rewrite /truncateu8 /W64.w2bits take_mkseq //= /w2bits. +move => mv; rewrite /truncateu8 /W64.w2bits take_mkseq 1:// /= /w2bits. apply (eq_from_nth witness);1: by smt(size_mkseq). move => i; rewrite size_mkseq /= /max /= => ib. -rewrite !nth_mkseq // /of_int /to_uint /= get_bits2w // - nth_mkseq //= get_to_uint //= /to_uint /=. +rewrite !nth_mkseq 1..2:// /of_int /to_uint /= get_bits2w 1:// + nth_mkseq 1:// /= get_to_uint /= /to_uint /=. have -> /=: (0 <= i && i < 64) by smt(). pose a := bs2int (w2bits mv). rewrite {1}(divz_eq a (2^(8-i)*2^i)) !mulrA divzMDl; @@ -466,9 +586,9 @@ realize tosintP. move => bv /=;rewrite /to_sint /smod /BVA_Top_JWord_W128_t.msb. have -> /=: nth false (w2bits bv) (128 - 1) = 2 ^ (128 - 1) <= to_uint bv; last by smt(). rewrite /to_uint. rewrite -{2}(cat_take_drop 127 (w2bits bv)). -rewrite bs2int_cat size_take // W128.size_w2bits /=. -rewrite -bs2int_div //= get_to_uint //=. -rewrite -bs2int_mod // /= /to_uint. +rewrite bs2int_cat size_take 1:// W128.size_w2bits /=. +rewrite -bs2int_div 1:// /= get_to_uint /=. +rewrite -bs2int_mod 1:// /= /to_uint. by smt(bs2int_range mem_range W128.size_w2bits pow2_128). qed. realize touintP by smt(). @@ -484,29 +604,73 @@ realize tosintP. move => bv /=;rewrite /to_sint /smod /BVA_Top_JWord_W256_t.msb. have -> /=: nth false (w2bits bv) (256 - 1) = 2 ^ (256 - 1) <= to_uint bv; last by smt(). rewrite /to_uint. rewrite -{2}(cat_take_drop 255 (w2bits bv)). -rewrite bs2int_cat size_take // W256.size_w2bits /=. -rewrite -bs2int_div //= get_to_uint //=. -rewrite -bs2int_mod // /= /to_uint. +rewrite bs2int_cat size_take 1:// W256.size_w2bits /=. +rewrite -bs2int_div 1:// /= get_to_uint /=. +rewrite -bs2int_mod 1:// /= /to_uint. by smt(bs2int_range mem_range W256.size_w2bits pow2_256). qed. realize touintP by smt(). +bind op [bool & W256.t] W256.init "init". +realize bvinitP. +move=> f; apply (eq_from_nth false). + rewrite (size_flatten' 1). + move=> x /mkseqP [y [Hy ->]] /=. + exact BVA_Top_Pervasive_bool.size_tolist. + by rewrite size_w2bits size_mkseq /#. +rewrite size_w2bits => i Hi. +rewrite get_w2bits (BitEncoding.BitChunking.nth_flatten false 1 _). + apply/List.allP => x /mkseqP [y [Hy ->]] /=. + exact BVA_Top_Pervasive_bool.size_tolist. +by rewrite (:i %% 1 = 0) 1:/# nth_mkseq 1:/# /bool2bits initiE /=. +qed. + +bind op [W256.t & bool] W256."_.[_]" "get". +realize bvgetP by rewrite /bool2bits. + bind op W256.t W256.andw "and". realize bvandP. rewrite /andw /map2 => bv1 bv2. apply (eq_from_nth false);1: rewrite size_map size_zip !size_w2bits /#. move => i; rewrite size_w2bits /= => ib. rewrite initiE 1:/# (nth_map (false,false)) /=;1: rewrite size_zip !size_w2bits /#. -by rewrite !nth_zip /=;1:smt(W256.size_w2bits). +by rewrite !nth_zip /=;1:smt(W64.size_w2bits). +qed. + +bind op W256.t W256.orw "or". +realize bvorP. +rewrite /orw /map2 => bv1 bv2. +apply (eq_from_nth false);1: rewrite size_map size_zip !size_w2bits /#. +move => i; rewrite size_w2bits /= => ib. +rewrite initiE 1:/# (nth_map (false,false)) /=;1: rewrite size_zip !size_w2bits /#. +by rewrite !nth_zip /=;1:smt(W64.size_w2bits). qed. +bind op [W256.t] W256.(+^) "xor". +realize bvxorP. +move => bv1 bv2. +apply (eq_from_nth false); 1: rewrite !size_map size_zip !size_w2bits /#. +move => i; rewrite size_w2bits /= => ib. +rewrite (nth_map (false,false)) /=; 1: rewrite size_zip !size_w2bits /#. +by rewrite !nth_zip /=; 1:smt(W64.size_w2bits). +qed. + +bind op [W256.t] W256.invw "not". +realize bvnotP. +move=> bv1. +apply (eq_from_nth false); 1: rewrite !size_map size_w2bits /#. +move => i; rewrite size_w2bits /= => ib. +by rewrite (nth_map false) 1:// /= /#. +qed. + + bind op [W256.t & W128.t] truncateu128 "truncate". realize bvtruncateP. -move => mv; rewrite /truncateu128 /W256.w2bits take_mkseq //= /w2bits. +move => mv; rewrite /truncateu128 /W256.w2bits take_mkseq 1:// /= /w2bits. apply (eq_from_nth witness);1: by smt(size_mkseq). move => i; rewrite size_mkseq /= /max /= => ib. -rewrite !nth_mkseq // /of_int /to_uint /= get_bits2w // - nth_mkseq //= get_to_uint //= /to_uint /=. +rewrite !nth_mkseq 1..2:// /of_int /to_uint /= get_bits2w 1:// + nth_mkseq 1:// /= get_to_uint /= /to_uint /=. have -> /=: (0 <= i && i < 256) by smt(). pose a := bs2int (w2bits mv). rewrite {1}(divz_eq a (2^(128-i)*2^i)) !mulrA divzMDl; @@ -519,6 +683,37 @@ by have -> : (2 ^ (128 - i) * 2 ^ i) = 340282366920938463463374607431768211456; 1,2:/# /= -!addrA /= | done ]. qed. +(* ----------- BEGIN W512 BINDINGS ---------- *) + +theory W512. + abbrev [-printing] size = 512. + clone include BitWord with op size <- size + rename "_XX" as "_256" + proof gt0_size by done. +end W512. + +import W512. + +bind bitstring W512.w2bits W512.bits2w W512.to_uint W512.to_sint W512.of_int W512.t 512. +realize size_tolist by auto. +realize tolistP by auto. +realize oflistP by smt(W512.bits2wK). +realize ofintP by move=> *; rewrite /of_int int2bs_mod. +realize touintP by smt(). + +realize tosintP. +proof. +move=> bv /= @/to_sint @/smod @/msb. +rewrite (_ : nth _ _ _ = 2 ^ (512 - 1) <= to_uint bv) -1:/#. +rewrite /to_uint -{2}(cat_take_drop 511 (w2bits bv)). +rewrite bs2int_cat size_take ~-1:// W512.size_w2bits /=. +rewrite -bs2int_div ~-1:// /= get_to_uint ~-1:// /=. +rewrite -bs2int_mod ~-1:// /= /to_uint. +have ?: W512.modulus = 13407807929942597099574024998205846127479365820592393377723561443721764030073546976801874298166903427690031858186486050853753882811946569946433649006084096 by done. +by smt(bs2int_range mem_range W512.size_w2bits). +qed. + + (* ----------- BEGIN ARRAY BINDINGS ---------- *) bind array Array256."_.[_]" Array256."_.[_<-_]" Array256.to_list Array256.of_list Array256.t 256. @@ -552,6 +747,36 @@ realize get_setP by smt(Array4.get_setE). realize eqP by smt(Array4.tP). realize get_out by smt(Array4.get_out). +bind array Array5."_.[_]" Array5."_.[_<-_]" Array5.to_list Array5.of_list Array5.t 5. +realize tolistP by done. +realize get_setP by smt(Array5.get_setE). +realize eqP by smt(Array5.tP). +realize get_out by smt(Array5.get_out). + +bind array Array6."_.[_]" Array6."_.[_<-_]" Array6.to_list Array6.of_list Array6.t 6. +realize tolistP by done. +realize get_setP by smt(Array6.get_setE). +realize eqP by smt(Array6.tP). +realize get_out by smt(Array6.get_out). + +bind array Array7."_.[_]" Array7."_.[_<-_]" Array7.to_list Array7.of_list Array7.t 7. +realize tolistP by done. +realize get_setP by smt(Array7.get_setE). +realize eqP by smt(Array7.tP). +realize get_out by smt(Array7.get_out). + +bind array Array24."_.[_]" Array24."_.[_<-_]" Array24.to_list Array24.of_list Array24.t 24. +realize tolistP by done. +realize get_setP by smt(Array24.get_setE). +realize eqP by smt(Array24.tP). +realize get_out by smt(Array24.get_out). + +bind array Array25."_.[_]" Array25."_.[_<-_]" Array25.to_list Array25.of_list Array25.t 25. +realize tolistP by done. +realize get_setP by smt(Array25.get_setE). +realize eqP by smt(Array25.tP). +realize get_out by smt(Array25.get_out). + op init_256_16 (f: int -> W16.t) : W16.t Array256.t = Array256.init f. @@ -583,6 +808,49 @@ rewrite BVA_Top_Array4_Array4_t.tolistP. apply eq_in_mkseq => i i_bnd; smt(Array4.initE). qed. +op init_5_64 (f: int -> W64.t) = Array5.init f. + +bind op [W64.t & Array5.t] init_5_64 "ainit". +realize bvainitP. +proof. +rewrite /init_5_64 => f. +rewrite BVA_Top_Array5_Array5_t.tolistP. +apply eq_in_mkseq => i i_bnd; +smt(Array5.initE). +qed. + +op init_6_256 (f: int -> W256.t) = Array6.init f. + +bind op [W256.t & Array6.t] init_6_256 "ainit". +realize bvainitP. +proof. +rewrite /init_6_256 => f. +rewrite BVA_Top_Array6_Array6_t.tolistP. +apply eq_in_mkseq => i i_bnd; +smt(Array6.initE). +qed. + +op init_7_256 (f: int -> W256.t) = Array7.init f. + +bind op [W256.t & Array7.t] init_7_256 "ainit". +realize bvainitP. +proof. +rewrite /init_7_256 => f. +rewrite BVA_Top_Array7_Array7_t.tolistP. +apply eq_in_mkseq => i i_bnd; +smt(Array7.initE). +qed. + +op init_25_64 (f: int -> W64.t) = Array25.init f. + +bind op [W64.t & Array25.t] init_25_64 "ainit". +realize bvainitP. +proof. +rewrite /init_25_64 => f. +rewrite BVA_Top_Array25_Array25_t.tolistP. +by apply eq_in_mkseq => i i_bnd; smt(Array25.initE). +qed. + op init_960_8 (f: int -> W8.t) : W8.t Array960.t = Array960.init f. bind op [W8.t & Array960.t] init_960_8 "ainit". @@ -629,14 +897,14 @@ bind op [W16.t & W256.t & Array256.t] sliceset256_16_256 "asliceset". realize bvaslicesetP. move => arr offset bv H /= k kb; rewrite /sliceset256_16_256 /=. case (8 %| offset) => /= *; last first. -+ rewrite of_listK; 1: by rewrite size_map size_chunk // !size_cat size_take; ++ rewrite of_listK; 1: by rewrite size_map size_chunk 1:// !size_cat size_take; by smt(size_take size_drop W16.size_w2bits size_cat Array256.size_to_list size_flatten_W16_w2bits size_ge0). rewrite -(map_comp W16.w2bits W16.bits2w) /(\o). have := eq_in_map ((fun (x : bool list) => w2bits ((bits2w x))%W16)) idfun (chunk 16 (take offset (flatten (map W16.w2bits (to_list arr))) ++ w2bits bv ++ drop (offset + 256) (flatten (map W16.w2bits (to_list arr))))). rewrite iffE => [#] -> * /=; 1: by smt(in_chunk_size W16.bits2wK). - rewrite map_id /= chunkK //;1: by rewrite !size_cat size_take; + rewrite map_id /= chunkK 1://;1: by rewrite !size_cat size_take; by smt(size_take size_drop W16.size_w2bits size_cat Array256.size_to_list size_flatten_W16_w2bits size_ge0). by rewrite !nth_cat !size_cat /=; smt(nth_take nth_drop size_take size_drop W16.size_w2bits size_cat Array256.size_to_list size_flatten_W16_w2bits size_ge0). @@ -705,14 +973,14 @@ bind op [W8.t & W128.t & Array960.t] sliceset960_8_128 "asliceset". realize bvaslicesetP. move => arr offset bv H /= k kb; rewrite /sliceset960_8_128 /=. case (8 %| offset) => /= *; last first. -+ rewrite of_listK; 1: by rewrite size_map size_chunk // !size_cat size_take; ++ rewrite of_listK; 1: by rewrite size_map size_chunk 1:// !size_cat size_take; by smt(size_take size_drop W8.size_w2bits size_cat Array960.size_to_list size_flatten_W8_w2bits size_ge0). rewrite -(map_comp W8.w2bits W8.bits2w) /(\o). have := eq_in_map ((fun (x : bool list) => w2bits ((bits2w x))%W8)) idfun (chunk 8 (take offset (flatten (map W8.w2bits (to_list arr))) ++ w2bits bv ++ drop (offset + 128) (flatten (map W8.w2bits (to_list arr))))). rewrite iffE => [#] -> * /=; 1: by smt(in_chunk_size W8.bits2wK). - rewrite map_id /= chunkK //;1: by rewrite !size_cat size_take; + rewrite map_id /= chunkK 1://;1: by rewrite !size_cat size_take; by smt(size_take size_drop W8.size_w2bits size_cat Array960.size_to_list size_flatten_W8_w2bits size_ge0). by rewrite !nth_cat !size_cat /=; smt(nth_take nth_drop size_take size_drop W8.size_w2bits size_cat Array960.size_to_list size_flatten_W8_w2bits size_ge0). @@ -743,14 +1011,14 @@ bind op [W8.t & W32.t & Array960.t] sliceset960_8_32 "asliceset". realize bvaslicesetP. move => arr offset bv H /= k kb; rewrite /sliceset960_8_32 /=. case (8 %| offset) => /= *; last first. -+ rewrite of_listK; 1: by rewrite size_map size_chunk // !size_cat size_take; ++ rewrite of_listK; 1: by rewrite size_map size_chunk 1:// !size_cat size_take; by smt(size_take size_drop W8.size_w2bits size_cat Array960.size_to_list size_flatten_W8_w2bits size_ge0). rewrite -(map_comp W8.w2bits W8.bits2w) /(\o). have := eq_in_map ((fun (x : bool list) => w2bits ((bits2w x))%W8)) idfun (chunk 8 (take offset (flatten (map W8.w2bits (to_list arr))) ++ w2bits bv ++ drop (offset + 32) (flatten (map W8.w2bits (to_list arr))))). rewrite iffE => [#] -> * /=; 1: by smt(in_chunk_size W8.bits2wK). - rewrite map_id /= chunkK //;1: by rewrite !size_cat size_take; + rewrite map_id /= chunkK 1://;1: by rewrite !size_cat size_take; by smt(size_take size_drop W8.size_w2bits size_cat Array960.size_to_list size_flatten_W8_w2bits size_ge0). by rewrite !nth_cat !size_cat /=; smt(nth_take nth_drop size_take size_drop W8.size_w2bits size_cat Array960.size_to_list size_flatten_W8_w2bits size_ge0). @@ -778,7 +1046,6 @@ qed. (* BEGIN BIND CIRCUITS *) - bind circuit VPBROADCAST_16u16 "VPBROADCAST_16u16". bind circuit VPBROADCAST_8u32 "VPBROADCAST_8u32". bind circuit VPBROADCAST_4u64 "VPBROADCAST_4u64". @@ -796,3 +1063,12 @@ bind circuit VPMULL_16u16 "VPMULL_16u16". bind circuit VPSUB_16u16 "VPSUB_16u16". bind circuit VPADD_16u16 "VPADD_16u16". bind circuit W32.mulhi "UMULHI_32". + +bind circuit VPSHUFD_256 "VPSHUFD_256". +bind circuit VPERMQ "VPERMQ". +bind circuit VPSRL_4u64 "VPSRL_4u64". +bind circuit VPADD_4u64 "VPADD_4u64". +bind circuit VPBLENDD_256 "VPBLEND_8u32". +bind circuit VPSLLV_4u64 "VPSLLV_4u64". +bind circuit VPSRLV_4u64 "VPSRLV_4u64". +bind circuit VPSRLDQ_256 "VPSRLDQ_256".