2012-03-21 14:25:23 -03:00
|
|
|
;
|
2013-12-08 15:00:56 -04:00
|
|
|
; Copyright (c) 2008-2016 Stefan Krah. All rights reserved.
|
2012-03-21 14:25:23 -03:00
|
|
|
;
|
|
|
|
; Redistribution and use in source and binary forms, with or without
|
|
|
|
; modification, are permitted provided that the following conditions
|
|
|
|
; are met:
|
|
|
|
;
|
|
|
|
; 1. Redistributions of source code must retain the above copyright
|
|
|
|
; notice, this list of conditions and the following disclaimer.
|
|
|
|
;
|
|
|
|
; 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
; notice, this list of conditions and the following disclaimer in the
|
|
|
|
; documentation and/or other materials provided with the distribution.
|
|
|
|
;
|
|
|
|
; THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" AND
|
|
|
|
; ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
; IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
; ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
; FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
; DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
; OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
; HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
; LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
; OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
; SUCH DAMAGE.
|
|
|
|
;
|
|
|
|
|
|
|
|
|
|
|
|
(in-package "ACL2")
|
|
|
|
|
|
|
|
(include-book "arithmetic/top-with-meta" :dir :system)
|
|
|
|
(include-book "arithmetic-2/floor-mod/floor-mod" :dir :system)
|
|
|
|
|
|
|
|
|
|
|
|
;; =====================================================================
|
|
|
|
;; Proofs for several functions in umodarith.h
|
|
|
|
;; =====================================================================
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
;; =====================================================================
|
|
|
|
;; Helper theorems
|
|
|
|
;; =====================================================================
|
|
|
|
|
|
|
|
(defthm elim-mod-m<x<2*m
|
|
|
|
(implies (and (<= m x)
|
|
|
|
(< x (* 2 m))
|
|
|
|
(rationalp x) (rationalp m))
|
|
|
|
(equal (mod x m)
|
|
|
|
(+ x (- m)))))
|
|
|
|
|
|
|
|
(defthm modaux-1a
|
|
|
|
(implies (and (< x m) (< 0 x) (< 0 m)
|
|
|
|
(rationalp x) (rationalp m))
|
|
|
|
(equal (mod (- x) m)
|
|
|
|
(+ (- x) m))))
|
|
|
|
|
|
|
|
(defthm modaux-1b
|
|
|
|
(implies (and (< (- x) m) (< x 0) (< 0 m)
|
|
|
|
(rationalp x) (rationalp m))
|
|
|
|
(equal (mod x m)
|
|
|
|
(+ x m)))
|
|
|
|
:hints (("Goal" :use ((:instance modaux-1a
|
|
|
|
(x (- x)))))))
|
|
|
|
|
|
|
|
(defthm modaux-1c
|
|
|
|
(implies (and (< x m) (< 0 x) (< 0 m)
|
|
|
|
(rationalp x) (rationalp m))
|
|
|
|
(equal (mod x m)
|
|
|
|
x)))
|
|
|
|
|
|
|
|
(defthm modaux-2a
|
|
|
|
(implies (and (< 0 b) (< b m)
|
|
|
|
(natp x) (natp b) (natp m)
|
|
|
|
(< (mod (+ b x) m) b))
|
|
|
|
(equal (mod (+ (- m) b x) m)
|
|
|
|
(+ (- m) b (mod x m)))))
|
|
|
|
|
|
|
|
(defthm modaux-2b
|
|
|
|
(implies (and (< 0 b) (< b m)
|
|
|
|
(natp x) (natp b) (natp m)
|
|
|
|
(< (mod (+ b x) m) b))
|
|
|
|
(equal (mod (+ b x) m)
|
|
|
|
(+ (- m) b (mod x m))))
|
|
|
|
:hints (("Goal" :use (modaux-2a))))
|
|
|
|
|
|
|
|
(defthm linear-mod-1
|
|
|
|
(implies (and (< x m) (< b m)
|
|
|
|
(natp x) (natp b)
|
|
|
|
(rationalp m))
|
|
|
|
(equal (< x (mod (+ (- b) x) m))
|
|
|
|
(< x b)))
|
|
|
|
:hints (("Goal" :use ((:instance modaux-1a
|
|
|
|
(x (+ b (- x))))))))
|
|
|
|
|
|
|
|
(defthm linear-mod-2
|
|
|
|
(implies (and (< 0 b) (< b m)
|
|
|
|
(natp x) (natp b)
|
|
|
|
(natp m))
|
|
|
|
(equal (< (mod x m)
|
|
|
|
(mod (+ (- b) x) m))
|
|
|
|
(< (mod x m) b))))
|
|
|
|
|
|
|
|
(defthm linear-mod-3
|
|
|
|
(implies (and (< x m) (< b m)
|
|
|
|
(natp x) (natp b)
|
|
|
|
(rationalp m))
|
|
|
|
(equal (<= b (mod (+ b x) m))
|
|
|
|
(< (+ b x) m)))
|
|
|
|
:hints (("Goal" :use ((:instance elim-mod-m<x<2*m
|
|
|
|
(x (+ b x)))))))
|
|
|
|
|
|
|
|
(defthm modaux-2c
|
|
|
|
(implies (and (< 0 b) (< b m)
|
|
|
|
(natp x) (natp b) (natp m)
|
|
|
|
(<= b (mod (+ b x) m)))
|
|
|
|
(equal (mod (+ b x) m)
|
|
|
|
(+ b (mod x m))))
|
|
|
|
:hints (("Subgoal *1/8''" :use (linear-mod-3))))
|
|
|
|
|
|
|
|
(defthmd modaux-2d
|
|
|
|
(implies (and (< x m) (< 0 x) (< 0 m)
|
|
|
|
(< (- m) b) (< b 0) (rationalp m)
|
|
|
|
(<= x (mod (+ b x) m))
|
|
|
|
(rationalp x) (rationalp b))
|
|
|
|
(equal (+ (- m) (mod (+ b x) m))
|
|
|
|
(+ b x)))
|
|
|
|
:hints (("Goal" :cases ((<= 0 (+ b x))))
|
|
|
|
("Subgoal 2'" :use ((:instance modaux-1b
|
|
|
|
(x (+ b x)))))))
|
|
|
|
|
|
|
|
(defthm mod-m-b
|
|
|
|
(implies (and (< 0 x) (< 0 b) (< 0 m)
|
|
|
|
(< x b) (< b m)
|
|
|
|
(natp x) (natp b) (natp m))
|
|
|
|
(equal (mod (+ (mod (- x) m) b) m)
|
|
|
|
(mod (- x) b))))
|
|
|
|
|
|
|
|
|
|
|
|
;; =====================================================================
|
|
|
|
;; addmod, submod
|
|
|
|
;; =====================================================================
|
|
|
|
|
|
|
|
(defun addmod (a b m base)
|
|
|
|
(let* ((s (mod (+ a b) base))
|
|
|
|
(s (if (< s a) (mod (- s m) base) s))
|
|
|
|
(s (if (>= s m) (mod (- s m) base) s)))
|
|
|
|
s))
|
|
|
|
|
|
|
|
(defthmd addmod-correct
|
|
|
|
(implies (and (< 0 m) (< m base)
|
|
|
|
(< a m) (<= b m)
|
|
|
|
(natp m) (natp base)
|
|
|
|
(natp a) (natp b))
|
|
|
|
(equal (addmod a b m base)
|
|
|
|
(mod (+ a b) m)))
|
|
|
|
:hints (("Goal" :cases ((<= base (+ a b))))
|
|
|
|
("Subgoal 2.1'" :use ((:instance elim-mod-m<x<2*m
|
|
|
|
(x (+ a b)))))))
|
|
|
|
|
|
|
|
(defun submod (a b m base)
|
|
|
|
(let* ((d (mod (- a b) base))
|
|
|
|
(d (if (< a d) (mod (+ d m) base) d)))
|
|
|
|
d))
|
|
|
|
|
|
|
|
(defthmd submod-aux1
|
|
|
|
(implies (and (< a (mod (+ a (- b)) base))
|
|
|
|
(< 0 base) (< a base) (<= b base)
|
|
|
|
(natp base) (natp a) (natp b))
|
|
|
|
(< a b))
|
|
|
|
:rule-classes :forward-chaining)
|
|
|
|
|
|
|
|
(defthmd submod-aux2
|
|
|
|
(implies (and (<= (mod (+ a (- b)) base) a)
|
|
|
|
(< 0 base) (< a base) (< b base)
|
|
|
|
(natp base) (natp a) (natp b))
|
|
|
|
(<= b a))
|
|
|
|
:rule-classes :forward-chaining)
|
|
|
|
|
|
|
|
(defthmd submod-correct
|
|
|
|
(implies (and (< 0 m) (< m base)
|
|
|
|
(< a m) (<= b m)
|
|
|
|
(natp m) (natp base)
|
|
|
|
(natp a) (natp b))
|
|
|
|
(equal (submod a b m base)
|
|
|
|
(mod (- a b) m)))
|
|
|
|
:hints (("Goal" :cases ((<= base (+ a b))))
|
|
|
|
("Subgoal 2.2" :use ((:instance submod-aux1)))
|
|
|
|
("Subgoal 2.2'''" :cases ((and (< 0 (+ a (- b) m))
|
|
|
|
(< (+ a (- b) m) m))))
|
|
|
|
("Subgoal 2.1" :use ((:instance submod-aux2)))
|
|
|
|
("Subgoal 1.2" :use ((:instance submod-aux1)))
|
|
|
|
("Subgoal 1.1" :use ((:instance submod-aux2)))))
|
|
|
|
|
|
|
|
|
|
|
|
(defun submod-2 (a b m base)
|
|
|
|
(let* ((d (mod (- a b) base))
|
|
|
|
(d (if (< a b) (mod (+ d m) base) d)))
|
|
|
|
d))
|
|
|
|
|
|
|
|
(defthm submod-2-correct
|
|
|
|
(implies (and (< 0 m) (< m base)
|
|
|
|
(< a m) (<= b m)
|
|
|
|
(natp m) (natp base)
|
|
|
|
(natp a) (natp b))
|
|
|
|
(equal (submod-2 a b m base)
|
|
|
|
(mod (- a b) m)))
|
|
|
|
:hints (("Subgoal 2'" :cases ((and (< 0 (+ a (- b) m))
|
|
|
|
(< (+ a (- b) m) m))))))
|
|
|
|
|
|
|
|
|
|
|
|
;; =========================================================================
|
|
|
|
;; ext-submod is correct
|
|
|
|
;; =========================================================================
|
|
|
|
|
|
|
|
; a < 2*m, b < 2*m
|
|
|
|
(defun ext-submod (a b m base)
|
|
|
|
(let* ((a (if (>= a m) (- a m) a))
|
|
|
|
(b (if (>= b m) (- b m) b))
|
|
|
|
(d (mod (- a b) base))
|
|
|
|
(d (if (< a b) (mod (+ d m) base) d)))
|
|
|
|
d))
|
|
|
|
|
|
|
|
; a < 2*m, b < 2*m
|
|
|
|
(defun ext-submod-2 (a b m base)
|
|
|
|
(let* ((a (mod a m))
|
|
|
|
(b (mod b m))
|
|
|
|
(d (mod (- a b) base))
|
|
|
|
(d (if (< a b) (mod (+ d m) base) d)))
|
|
|
|
d))
|
|
|
|
|
|
|
|
(defthmd ext-submod-ext-submod-2-equal
|
|
|
|
(implies (and (< 0 m) (< m base)
|
|
|
|
(< a (* 2 m)) (< b (* 2 m))
|
|
|
|
(natp m) (natp base)
|
|
|
|
(natp a) (natp b))
|
|
|
|
(equal (ext-submod a b m base)
|
|
|
|
(ext-submod-2 a b m base))))
|
|
|
|
|
|
|
|
(defthmd ext-submod-2-correct
|
|
|
|
(implies (and (< 0 m) (< m base)
|
|
|
|
(< a (* 2 m)) (< b (* 2 m))
|
|
|
|
(natp m) (natp base)
|
|
|
|
(natp a) (natp b))
|
|
|
|
(equal (ext-submod-2 a b m base)
|
|
|
|
(mod (- a b) m))))
|
|
|
|
|
|
|
|
|
|
|
|
;; =========================================================================
|
|
|
|
;; dw-reduce is correct
|
|
|
|
;; =========================================================================
|
|
|
|
|
|
|
|
(defun dw-reduce (hi lo m base)
|
|
|
|
(let* ((r1 (mod hi m))
|
|
|
|
(r2 (mod (+ (* r1 base) lo) m)))
|
|
|
|
r2))
|
|
|
|
|
|
|
|
(defthmd dw-reduce-correct
|
|
|
|
(implies (and (< 0 m) (< m base)
|
|
|
|
(< hi base) (< lo base)
|
|
|
|
(natp m) (natp base)
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(equal (dw-reduce hi lo m base)
|
|
|
|
(mod (+ (* hi base) lo) m))))
|
|
|
|
|
|
|
|
(defthmd <=-multiply-both-sides-by-z
|
|
|
|
(implies (and (rationalp x) (rationalp y)
|
|
|
|
(< 0 z) (rationalp z))
|
|
|
|
(equal (<= x y)
|
|
|
|
(<= (* z x) (* z y)))))
|
|
|
|
|
|
|
|
(defthmd dw-reduce-aux1
|
|
|
|
(implies (and (< 0 m) (< m base)
|
|
|
|
(natp m) (natp base)
|
|
|
|
(< lo base) (natp lo)
|
|
|
|
(< x m) (natp x))
|
|
|
|
(< (+ lo (* base x)) (* base m)))
|
|
|
|
:hints (("Goal" :cases ((<= (+ x 1) m)))
|
|
|
|
("Subgoal 1''" :cases ((<= (* base (+ x 1)) (* base m))))
|
|
|
|
("subgoal 1.2" :use ((:instance <=-multiply-both-sides-by-z
|
|
|
|
(x (+ 1 x))
|
|
|
|
(y m)
|
|
|
|
(z base))))))
|
|
|
|
|
|
|
|
(defthm dw-reduce-aux2
|
|
|
|
(implies (and (< x (* base m))
|
|
|
|
(< 0 m) (< m base)
|
|
|
|
(natp m) (natp base) (natp x))
|
|
|
|
(< (floor x m) base)))
|
|
|
|
|
|
|
|
;; This is the necessary condition for using _mpd_div_words().
|
|
|
|
(defthmd dw-reduce-second-quotient-fits-in-single-word
|
|
|
|
(implies (and (< 0 m) (< m base)
|
|
|
|
(< hi base) (< lo base)
|
|
|
|
(natp m) (natp base)
|
|
|
|
(natp hi) (natp lo)
|
|
|
|
(equal r1 (mod hi m)))
|
|
|
|
(< (floor (+ (* r1 base) lo) m)
|
|
|
|
base))
|
|
|
|
:hints (("Goal" :cases ((< r1 m)))
|
|
|
|
("Subgoal 1''" :cases ((< (+ lo (* base (mod hi m))) (* base m))))
|
|
|
|
("Subgoal 1.2" :use ((:instance dw-reduce-aux1
|
|
|
|
(x (mod hi m)))))))
|
|
|
|
|
|
|
|
|
|
|
|
;; =========================================================================
|
|
|
|
;; dw-submod is correct
|
|
|
|
;; =========================================================================
|
|
|
|
|
|
|
|
(defun dw-submod (a hi lo m base)
|
|
|
|
(let* ((r (dw-reduce hi lo m base))
|
|
|
|
(d (mod (- a r) base))
|
|
|
|
(d (if (< a r) (mod (+ d m) base) d)))
|
|
|
|
d))
|
|
|
|
|
|
|
|
(defthmd dw-submod-aux1
|
|
|
|
(implies (and (natp a) (< 0 m) (natp m)
|
|
|
|
(natp x) (equal r (mod x m)))
|
|
|
|
(equal (mod (- a x) m)
|
|
|
|
(mod (- a r) m))))
|
|
|
|
|
|
|
|
(defthmd dw-submod-correct
|
|
|
|
(implies (and (< 0 m) (< m base)
|
2013-01-16 10:16:10 -04:00
|
|
|
(natp a) (< a m)
|
2012-03-21 14:25:23 -03:00
|
|
|
(< hi base) (< lo base)
|
|
|
|
(natp m) (natp base)
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(equal (dw-submod a hi lo m base)
|
|
|
|
(mod (- a (+ (* base hi) lo)) m)))
|
|
|
|
:hints (("Goal" :in-theory (disable dw-reduce)
|
|
|
|
:use ((:instance dw-submod-aux1
|
|
|
|
(x (+ lo (* base hi)))
|
|
|
|
(r (dw-reduce hi lo m base)))
|
|
|
|
(:instance dw-reduce-correct)))))
|
|
|
|
|
|
|
|
|
|
|
|
;; =========================================================================
|
|
|
|
;; ANSI C arithmetic for uint64_t
|
|
|
|
;; =========================================================================
|
|
|
|
|
|
|
|
(defun add (a b)
|
|
|
|
(mod (+ a b)
|
|
|
|
(expt 2 64)))
|
|
|
|
|
|
|
|
(defun sub (a b)
|
|
|
|
(mod (- a b)
|
|
|
|
(expt 2 64)))
|
|
|
|
|
|
|
|
(defun << (w n)
|
|
|
|
(mod (* w (expt 2 n))
|
|
|
|
(expt 2 64)))
|
|
|
|
|
|
|
|
(defun >> (w n)
|
|
|
|
(floor w (expt 2 n)))
|
|
|
|
|
|
|
|
;; join upper and lower half of a double word, yielding a 128 bit number
|
|
|
|
(defun join (hi lo)
|
|
|
|
(+ (* (expt 2 64) hi) lo))
|
|
|
|
|
|
|
|
|
|
|
|
;; =============================================================================
|
|
|
|
;; Fast modular reduction
|
|
|
|
;; =============================================================================
|
|
|
|
|
|
|
|
;; These are the three primes used in the Number Theoretic Transform.
|
|
|
|
;; A fast modular reduction scheme exists for all of them.
|
|
|
|
(defmacro p1 ()
|
|
|
|
(+ (expt 2 64) (- (expt 2 32)) 1))
|
|
|
|
|
|
|
|
(defmacro p2 ()
|
|
|
|
(+ (expt 2 64) (- (expt 2 34)) 1))
|
|
|
|
|
|
|
|
(defmacro p3 ()
|
|
|
|
(+ (expt 2 64) (- (expt 2 40)) 1))
|
|
|
|
|
|
|
|
|
|
|
|
;; reduce the double word number hi*2**64 + lo (mod p1)
|
|
|
|
(defun simple-mod-reduce-p1 (hi lo)
|
|
|
|
(+ (* (expt 2 32) hi) (- hi) lo))
|
|
|
|
|
|
|
|
;; reduce the double word number hi*2**64 + lo (mod p2)
|
|
|
|
(defun simple-mod-reduce-p2 (hi lo)
|
|
|
|
(+ (* (expt 2 34) hi) (- hi) lo))
|
|
|
|
|
|
|
|
;; reduce the double word number hi*2**64 + lo (mod p3)
|
|
|
|
(defun simple-mod-reduce-p3 (hi lo)
|
|
|
|
(+ (* (expt 2 40) hi) (- hi) lo))
|
|
|
|
|
|
|
|
|
|
|
|
; ----------------------------------------------------------
|
|
|
|
; The modular reductions given above are correct
|
|
|
|
; ----------------------------------------------------------
|
|
|
|
|
|
|
|
(defthmd congruence-p1-aux
|
|
|
|
(equal (* (expt 2 64) hi)
|
|
|
|
(+ (* (p1) hi)
|
|
|
|
(* (expt 2 32) hi)
|
|
|
|
(- hi))))
|
|
|
|
|
|
|
|
(defthmd congruence-p2-aux
|
|
|
|
(equal (* (expt 2 64) hi)
|
|
|
|
(+ (* (p2) hi)
|
|
|
|
(* (expt 2 34) hi)
|
|
|
|
(- hi))))
|
|
|
|
|
|
|
|
(defthmd congruence-p3-aux
|
|
|
|
(equal (* (expt 2 64) hi)
|
|
|
|
(+ (* (p3) hi)
|
|
|
|
(* (expt 2 40) hi)
|
|
|
|
(- hi))))
|
|
|
|
|
|
|
|
(defthmd mod-augment
|
|
|
|
(implies (and (rationalp x)
|
|
|
|
(rationalp y)
|
|
|
|
(rationalp m))
|
|
|
|
(equal (mod (+ x y) m)
|
|
|
|
(mod (+ x (mod y m)) m))))
|
|
|
|
|
|
|
|
(defthmd simple-mod-reduce-p1-congruent
|
|
|
|
(implies (and (integerp hi)
|
|
|
|
(integerp lo))
|
|
|
|
(equal (mod (simple-mod-reduce-p1 hi lo) (p1))
|
|
|
|
(mod (join hi lo) (p1))))
|
|
|
|
:hints (("Goal''" :use ((:instance congruence-p1-aux)
|
|
|
|
(:instance mod-augment
|
|
|
|
(m (p1))
|
|
|
|
(x (+ (- hi) lo (* (expt 2 32) hi)))
|
|
|
|
(y (* (p1) hi)))))))
|
|
|
|
|
|
|
|
(defthmd simple-mod-reduce-p2-congruent
|
|
|
|
(implies (and (integerp hi)
|
|
|
|
(integerp lo))
|
|
|
|
(equal (mod (simple-mod-reduce-p2 hi lo) (p2))
|
|
|
|
(mod (join hi lo) (p2))))
|
|
|
|
:hints (("Goal''" :use ((:instance congruence-p2-aux)
|
|
|
|
(:instance mod-augment
|
|
|
|
(m (p2))
|
|
|
|
(x (+ (- hi) lo (* (expt 2 34) hi)))
|
|
|
|
(y (* (p2) hi)))))))
|
|
|
|
|
|
|
|
(defthmd simple-mod-reduce-p3-congruent
|
|
|
|
(implies (and (integerp hi)
|
|
|
|
(integerp lo))
|
|
|
|
(equal (mod (simple-mod-reduce-p3 hi lo) (p3))
|
|
|
|
(mod (join hi lo) (p3))))
|
|
|
|
:hints (("Goal''" :use ((:instance congruence-p3-aux)
|
|
|
|
(:instance mod-augment
|
|
|
|
(m (p3))
|
|
|
|
(x (+ (- hi) lo (* (expt 2 40) hi)))
|
|
|
|
(y (* (p3) hi)))))))
|
|
|
|
|
|
|
|
|
|
|
|
; ---------------------------------------------------------------------
|
|
|
|
; We need a number less than 2*p, so that we can use the trick from
|
|
|
|
; elim-mod-m<x<2*m for the final reduction.
|
|
|
|
; For p1, two modular reductions are sufficient, for p2 and p3 three.
|
|
|
|
; ---------------------------------------------------------------------
|
|
|
|
|
|
|
|
;; p1: the first reduction is less than 2**96
|
|
|
|
(defthmd simple-mod-reduce-p1-<-2**96
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(< (simple-mod-reduce-p1 hi lo)
|
|
|
|
(expt 2 96))))
|
|
|
|
|
|
|
|
;; p1: the second reduction is less than 2*p1
|
|
|
|
(defthmd simple-mod-reduce-p1-<-2*p1
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(< (join hi lo) (expt 2 96))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(< (simple-mod-reduce-p1 hi lo)
|
|
|
|
(* 2 (p1)))))
|
|
|
|
|
|
|
|
|
|
|
|
;; p2: the first reduction is less than 2**98
|
|
|
|
(defthmd simple-mod-reduce-p2-<-2**98
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(< (simple-mod-reduce-p2 hi lo)
|
|
|
|
(expt 2 98))))
|
|
|
|
|
|
|
|
;; p2: the second reduction is less than 2**69
|
|
|
|
(defthmd simple-mod-reduce-p2-<-2*69
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(< (join hi lo) (expt 2 98))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(< (simple-mod-reduce-p2 hi lo)
|
|
|
|
(expt 2 69))))
|
|
|
|
|
|
|
|
;; p3: the third reduction is less than 2*p2
|
|
|
|
(defthmd simple-mod-reduce-p2-<-2*p2
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(< (join hi lo) (expt 2 69))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(< (simple-mod-reduce-p2 hi lo)
|
|
|
|
(* 2 (p2)))))
|
|
|
|
|
|
|
|
|
|
|
|
;; p3: the first reduction is less than 2**104
|
|
|
|
(defthmd simple-mod-reduce-p3-<-2**104
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(< (simple-mod-reduce-p3 hi lo)
|
|
|
|
(expt 2 104))))
|
|
|
|
|
|
|
|
;; p3: the second reduction is less than 2**81
|
|
|
|
(defthmd simple-mod-reduce-p3-<-2**81
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(< (join hi lo) (expt 2 104))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(< (simple-mod-reduce-p3 hi lo)
|
|
|
|
(expt 2 81))))
|
|
|
|
|
|
|
|
;; p3: the third reduction is less than 2*p3
|
|
|
|
(defthmd simple-mod-reduce-p3-<-2*p3
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(< (join hi lo) (expt 2 81))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(< (simple-mod-reduce-p3 hi lo)
|
|
|
|
(* 2 (p3)))))
|
|
|
|
|
|
|
|
|
|
|
|
; -------------------------------------------------------------------------
|
|
|
|
; The simple modular reductions, adapted for compiler friendly C
|
|
|
|
; -------------------------------------------------------------------------
|
|
|
|
|
|
|
|
(defun mod-reduce-p1 (hi lo)
|
|
|
|
(let* ((y hi)
|
|
|
|
(x y)
|
|
|
|
(hi (>> hi 32))
|
|
|
|
(x (sub lo x))
|
|
|
|
(hi (if (> x lo) (+ hi -1) hi))
|
|
|
|
(y (<< y 32))
|
|
|
|
(lo (add y x))
|
|
|
|
(hi (if (< lo y) (+ hi 1) hi)))
|
|
|
|
(+ (* hi (expt 2 64)) lo)))
|
|
|
|
|
|
|
|
(defun mod-reduce-p2 (hi lo)
|
|
|
|
(let* ((y hi)
|
|
|
|
(x y)
|
|
|
|
(hi (>> hi 30))
|
|
|
|
(x (sub lo x))
|
|
|
|
(hi (if (> x lo) (+ hi -1) hi))
|
|
|
|
(y (<< y 34))
|
|
|
|
(lo (add y x))
|
|
|
|
(hi (if (< lo y) (+ hi 1) hi)))
|
|
|
|
(+ (* hi (expt 2 64)) lo)))
|
|
|
|
|
|
|
|
(defun mod-reduce-p3 (hi lo)
|
|
|
|
(let* ((y hi)
|
|
|
|
(x y)
|
|
|
|
(hi (>> hi 24))
|
|
|
|
(x (sub lo x))
|
|
|
|
(hi (if (> x lo) (+ hi -1) hi))
|
|
|
|
(y (<< y 40))
|
|
|
|
(lo (add y x))
|
|
|
|
(hi (if (< lo y) (+ hi 1) hi)))
|
|
|
|
(+ (* hi (expt 2 64)) lo)))
|
|
|
|
|
|
|
|
|
|
|
|
; -------------------------------------------------------------------------
|
|
|
|
; The compiler friendly versions are equal to the simple versions
|
|
|
|
; -------------------------------------------------------------------------
|
|
|
|
|
|
|
|
(defthm mod-reduce-aux1
|
|
|
|
(implies (and (<= 0 a) (natp a) (natp m)
|
|
|
|
(< (- m) b) (<= b 0)
|
|
|
|
(integerp b)
|
|
|
|
(< (mod (+ b a) m)
|
|
|
|
(mod a m)))
|
|
|
|
(equal (mod (+ b a) m)
|
|
|
|
(+ b (mod a m))))
|
|
|
|
:hints (("Subgoal 2" :use ((:instance modaux-1b
|
|
|
|
(x (+ a b)))))))
|
|
|
|
|
|
|
|
(defthm mod-reduce-aux2
|
|
|
|
(implies (and (<= 0 a) (natp a) (natp m)
|
|
|
|
(< b m) (natp b)
|
|
|
|
(< (mod (+ b a) m)
|
|
|
|
(mod a m)))
|
|
|
|
(equal (+ m (mod (+ b a) m))
|
|
|
|
(+ b (mod a m)))))
|
|
|
|
|
|
|
|
|
|
|
|
(defthm mod-reduce-aux3
|
|
|
|
(implies (and (< 0 a) (natp a) (natp m)
|
|
|
|
(< (- m) b) (< b 0)
|
|
|
|
(integerp b)
|
|
|
|
(<= (mod a m)
|
|
|
|
(mod (+ b a) m)))
|
|
|
|
(equal (+ (- m) (mod (+ b a) m))
|
|
|
|
(+ b (mod a m))))
|
|
|
|
:hints (("Subgoal 1.2'" :use ((:instance modaux-1b
|
|
|
|
(x b))))
|
|
|
|
("Subgoal 1''" :use ((:instance modaux-2d
|
|
|
|
(x I))))))
|
|
|
|
|
|
|
|
|
|
|
|
(defthm mod-reduce-aux4
|
|
|
|
(implies (and (< 0 a) (natp a) (natp m)
|
|
|
|
(< b m) (natp b)
|
|
|
|
(<= (mod a m)
|
|
|
|
(mod (+ b a) m)))
|
|
|
|
(equal (mod (+ b a) m)
|
|
|
|
(+ b (mod a m)))))
|
|
|
|
|
|
|
|
|
|
|
|
(defthm mod-reduce-p1==simple-mod-reduce-p1
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(equal (mod-reduce-p1 hi lo)
|
|
|
|
(simple-mod-reduce-p1 hi lo)))
|
|
|
|
:hints (("Goal" :in-theory (disable expt)
|
|
|
|
:cases ((< 0 hi)))
|
|
|
|
("Subgoal 1.2.2'" :use ((:instance mod-reduce-aux1
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 32) hi)))))
|
|
|
|
("Subgoal 1.2.1'" :use ((:instance mod-reduce-aux3
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 32) hi)))))
|
|
|
|
("Subgoal 1.1.2'" :use ((:instance mod-reduce-aux2
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 32) hi)))))
|
|
|
|
("Subgoal 1.1.1'" :use ((:instance mod-reduce-aux4
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 32) hi)))))))
|
|
|
|
|
|
|
|
|
|
|
|
(defthm mod-reduce-p2==simple-mod-reduce-p2
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(equal (mod-reduce-p2 hi lo)
|
|
|
|
(simple-mod-reduce-p2 hi lo)))
|
|
|
|
:hints (("Goal" :cases ((< 0 hi)))
|
|
|
|
("Subgoal 1.2.2'" :use ((:instance mod-reduce-aux1
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 34) hi)))))
|
|
|
|
("Subgoal 1.2.1'" :use ((:instance mod-reduce-aux3
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 34) hi)))))
|
|
|
|
("Subgoal 1.1.2'" :use ((:instance mod-reduce-aux2
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 34) hi)))))
|
|
|
|
("Subgoal 1.1.1'" :use ((:instance mod-reduce-aux4
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 34) hi)))))))
|
|
|
|
|
|
|
|
|
|
|
|
(defthm mod-reduce-p3==simple-mod-reduce-p3
|
|
|
|
(implies (and (< hi (expt 2 64))
|
|
|
|
(< lo (expt 2 64))
|
|
|
|
(natp hi) (natp lo))
|
|
|
|
(equal (mod-reduce-p3 hi lo)
|
|
|
|
(simple-mod-reduce-p3 hi lo)))
|
|
|
|
:hints (("Goal" :cases ((< 0 hi)))
|
|
|
|
("Subgoal 1.2.2'" :use ((:instance mod-reduce-aux1
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 40) hi)))))
|
|
|
|
("Subgoal 1.2.1'" :use ((:instance mod-reduce-aux3
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 40) hi)))))
|
|
|
|
("Subgoal 1.1.2'" :use ((:instance mod-reduce-aux2
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 40) hi)))))
|
|
|
|
("Subgoal 1.1.1'" :use ((:instance mod-reduce-aux4
|
|
|
|
(m (expt 2 64))
|
|
|
|
(b (+ (- HI) LO))
|
|
|
|
(a (* (expt 2 40) hi)))))))
|
|
|
|
|
|
|
|
|
|
|
|
|