From 0a7092bc39938ebe4133a8f2c11a38f678d8157b Mon Sep 17 00:00:00 2001 From: Tobias Grosser Date: Wed, 25 Sep 2024 20:29:01 +0100 Subject: [PATCH 01/17] chore: update to nightly-2024-09-25 --- SSA/Projects/InstCombine/ForLean.lean | 12 ++++++------ lake-manifest.json | 6 +++--- lakefile.toml | 2 +- lean-toolchain | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/SSA/Projects/InstCombine/ForLean.lean b/SSA/Projects/InstCombine/ForLean.lean index aea45a94c..50598ffe0 100644 --- a/SSA/Projects/InstCombine/ForLean.lean +++ b/SSA/Projects/InstCombine/ForLean.lean @@ -493,7 +493,7 @@ theorem and_add_or {A B : BitVec w} : (B &&& A) + (B ||| A) = B + A := by @[simp] theorem msb_signExtend_of_ge {i} (h : i ≥ w) (x : BitVec w) : (x.signExtend i).msb = x.msb := by - simp [BitVec.msb_eq_getLsbD_last] + simp [BitVec.msb_eq_getLsbD_last, getLsbD_signExtend] split <;> by_cases (0 < i) <;> simp_all simp [show i = w by omega] @@ -518,16 +518,16 @@ theorem allOnes_sshiftRight {w n : Nat} : (allOnes w).sshiftRight n = allOnes w := by ext i by_cases h : 0 < w - · simp [BitVec.msb_allOnes h] - · simp ; omega + · simp [BitVec.msb_allOnes h, getLsbD_sshiftRight] + · simp [getLsbD_sshiftRight]; omega @[simp] theorem zero_sshiftRight {w n : Nat} : (0#w).sshiftRight n = 0#w := by ext i by_cases h : 0 < w - · simp [BitVec.msb_allOnes h] - · simp + · simp [BitVec.msb_allOnes h, getLsbD_sshiftRight] + · simp [getLsbD_sshiftRight] @[simp] theorem zero_ushiftRight {w n : Nat} : @@ -540,7 +540,7 @@ theorem zero_ushiftRight {w n : Nat} : theorem not_sshiftRight {b : BitVec w} : ~~~b.sshiftRight n = (~~~b).sshiftRight n := by ext i - simp + simp [getLsbD_sshiftRight] by_cases h : w ≤ i <;> by_cases h' : n + i < w <;> by_cases h'' : 0 < w diff --git a/lake-manifest.json b/lake-manifest.json index b1463a93a..a52062903 100644 --- a/lake-manifest.json +++ b/lake-manifest.json @@ -5,7 +5,7 @@ "type": "git", "subDir": null, "scope": "leanprover-community", - "rev": "c37494a698d68c5e3711575fcb90ebf2974900ff", + "rev": "cd404b26c6ea643b9fdf5fb004d83a88c0f00f3e", "name": "batteries", "manifestFile": "lake-manifest.json", "inputRev": "nightly-testing", @@ -75,10 +75,10 @@ "type": "git", "subDir": null, "scope": "", - "rev": "08a9b5c185b952bb4a0c628361f4b2f8fe7eb623", + "rev": "f22e9cb44e572aa5c27f2b3e5136e365e36bf1c3", "name": "mathlib", "manifestFile": "lake-manifest.json", - "inputRev": "nightly-testing-2024-09-24", + "inputRev": "nightly-testing-2024-09-25", "inherited": false, "configFile": "lakefile.lean"}, {"url": "https://github.com/acmepjz/md4lean", diff --git a/lakefile.toml b/lakefile.toml index e13cbb13e..67c14d340 100644 --- a/lakefile.toml +++ b/lakefile.toml @@ -4,7 +4,7 @@ defaultTargets = ["SSA"] [[require]] name = "mathlib" git = "https://github.com/leanprover-community/mathlib4" -rev = "nightly-testing-2024-09-24" +rev = "nightly-testing-2024-09-25" [[require]] name = "Cli" diff --git a/lean-toolchain b/lean-toolchain index 98d327efe..211c2d6ba 100644 --- a/lean-toolchain +++ b/lean-toolchain @@ -1 +1 @@ -leanprover/lean4:nightly-2024-09-24 +leanprover/lean4:nightly-2024-09-25 From e8354eaabe7f8a8ad932c7fd4b37b934f1b83ac6 Mon Sep 17 00:00:00 2001 From: Tobias Grosser Date: Wed, 25 Sep 2024 21:06:30 +0100 Subject: [PATCH 02/17] chore: predicate support in FSM --- .../Bits/Fast/FiniteStateMachine.lean | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 0a6cc1bfc..88832449c 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -679,3 +679,24 @@ theorem decideIfZeros_correct {arity : Type _} [DecidableEq arity] intro x s h use x exact h + +inductive Predicate +| eq (t1 t2 : Term) +| and (p q : Predicate) +| or (p q : Predicate) +| not (p : Predicate) + + +def Predicate.denote : Predicate -> Prop +| eq t1 t2 => t1.eval = t2.eval +| and p q => p.denote ∧ q.denote +| or p q => p.denote ∨ q.denote +| not p => ¬ p.denote + +-- write lowerings for predicates into FSMs +def Predicate.toFSM : Predicate -> FSM α +| eq t1 t2 => sorry +| _ => sorry + +theorem Predicate.toFsm_correct (p : Predicate) : + decideIfZeros p.toFSM = true ↔ p.denote := by sorry From 77d89e68f56c9c21334cf673d00a912c9a7d43ab Mon Sep 17 00:00:00 2001 From: Tobias Grosser Date: Wed, 25 Sep 2024 21:11:47 +0100 Subject: [PATCH 03/17] Add types --- .../Bits/Fast/FiniteStateMachine.lean | 23 +++++++++++++------ 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 88832449c..32fff7dce 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -681,22 +681,31 @@ theorem decideIfZeros_correct {arity : Type _} [DecidableEq arity] exact h inductive Predicate -| eq (t1 t2 : Term) -| and (p q : Predicate) -| or (p q : Predicate) -| not (p : Predicate) + ( α : Type ) + [ i : Fintype α ] + [ dec_eq : DecidableEq α ] := +| eq (t1 t2 : Term ) +| and (p q : Predicate α) +| or (p q : Predicate α) +| not (p : Predicate α) -def Predicate.denote : Predicate -> Prop +def Predicate.denote + -- Why are `i` and `dec_eq` marked as unused? + (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] : + Predicate α -> Prop | eq t1 t2 => t1.eval = t2.eval | and p q => p.denote ∧ q.denote | or p q => p.denote ∨ q.denote | not p => ¬ p.denote -- write lowerings for predicates into FSMs -def Predicate.toFSM : Predicate -> FSM α +def Predicate.toFSM + (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] : + Predicate α -> FSM α | eq t1 t2 => sorry | _ => sorry -theorem Predicate.toFsm_correct (p : Predicate) : +theorem Predicate.toFsm_correct + (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] (p : Predicate α) : decideIfZeros p.toFSM = true ↔ p.denote := by sorry From 7e2a2ab7ee513aef3d02407ab250dcdfed4c0141 Mon Sep 17 00:00:00 2001 From: Tobias Grosser Date: Wed, 25 Sep 2024 21:38:05 +0100 Subject: [PATCH 04/17] Format --- SSA/Experimental/Bits/Fast/FiniteStateMachine.lean | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 32fff7dce..4c111e6ac 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -707,5 +707,5 @@ def Predicate.toFSM | _ => sorry theorem Predicate.toFsm_correct - (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] (p : Predicate α) : + (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] (p : Predicate α) : decideIfZeros p.toFSM = true ↔ p.denote := by sorry From 1c11c84f43b90092e7e99bd74dd09282fa0b15e4 Mon Sep 17 00:00:00 2001 From: Tobias Grosser Date: Wed, 25 Sep 2024 21:42:52 +0100 Subject: [PATCH 05/17] Connect termEvalEq --- SSA/Experimental/Bits/Fast/FiniteStateMachine.lean | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 4c111e6ac..2c8183576 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -703,7 +703,7 @@ def Predicate.denote def Predicate.toFSM (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] : Predicate α -> FSM α -| eq t1 t2 => sorry +| eq t1 t2 => (termEvalEqFSM (Term.xor t1 t2)).toFSM | _ => sorry theorem Predicate.toFsm_correct From 16342fd7c871a77662736c8e5b1f08f924556d21 Mon Sep 17 00:00:00 2001 From: Tobias Grosser Date: Wed, 25 Sep 2024 21:58:36 +0100 Subject: [PATCH 06/17] Update SSA/Experimental/Bits/Fast/FiniteStateMachine.lean Co-authored-by: Alex Keizer --- SSA/Experimental/Bits/Fast/FiniteStateMachine.lean | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 2c8183576..f464acbe0 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -684,7 +684,7 @@ inductive Predicate ( α : Type ) [ i : Fintype α ] [ dec_eq : DecidableEq α ] := -| eq (t1 t2 : Term ) +| eq (t1 t2 : Term ) : Predicate (Fin (max t1.arity t2.arity)) | and (p q : Predicate α) | or (p q : Predicate α) | not (p : Predicate α) From 74b9b9eb17d4787a6e084de1db491a49b2344a6c Mon Sep 17 00:00:00 2001 From: Siddharth Bhat Date: Wed, 25 Sep 2024 20:44:10 -0500 Subject: [PATCH 07/17] chore: progress --- .../Bits/Fast/FiniteStateMachine.lean | 100 +++++++++++++++--- 1 file changed, 83 insertions(+), 17 deletions(-) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index f464acbe0..452d0d611 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -10,6 +10,7 @@ import SSA.Experimental.Bits.Fast.Circuit open Sum +section FSM variable {α β α' β' : Type} {γ : β → Type} /-- `FSM n` represents a function `BitStream → ⋯ → BitStream → BitStream`, @@ -590,6 +591,65 @@ def termEvalEqFSM : ∀ (t : Term), FSMSolution t { toFSM := by dsimp [arity]; exact composeUnary FSM.decr q, good := by ext; simp } +/-! +FSM that implement bitwise-and. Since we use `0` as the good state, +we keep the invariant that if both inputs are good and our state is `0`, then we produce a `0`. +If not, we produce an infinite sequence of `1`. +-/ +def and : FSM Bool := + { α := Unit, + initCarry := fun _ => false, + nextBitCirc := fun a => + match a with + | some () => + -- Only if both are `0` we produce a `0`. + (Circuit.var true (inr false) ||| + ((Circuit.var false (inr true) ||| + -- But if we have failed and have value `1`, then we produce a `1` from our state. + (Circuit.var true (inl ()))))) + | none => -- must succeed in both arguments, so we are `0` if both are `0`. + Circuit.var true (inr true) ||| + Circuit.var true (inr false) + } + +/-! +FSM that implement bitwise-or. Since we use `0` as the good state, +we keep the invariant that if either inputs is `0` then our state is `0`. +If not, we produce a `1`. +-/ +def or : FSM Bool := + { α := Unit, + initCarry := fun _ => false, + nextBitCirc := fun a => + match a with + | some () => + -- If either succeeds, then the full thing succeeds + ((Circuit.var true (inr false) &&& + ((Circuit.var false (inr true)) ||| + -- On the other hand, if we have failed, then propagate failure. + (Circuit.var true (inl ()))))) + | none => -- can succeed in either argument, so we are `0` if either is `0`. + Circuit.var true (inr true) &&& + Circuit.var true (inr false) + } + +/-! +FSM that implement logical not. +we keep the invariant that if the input ever fails and becomes a `1`, then we produce a `0`. +IF not, we produce an infinite sequence of `1`. + +EDIT: Aha, this doesn't work! +We need NFA to DFA here (as the presburger book does), +where we must produce an infinite sequence of`0` iff the input can *ever* become a `1`. +But here, since we phrase things directly in terms of producing sequences, it's a bit less clear +what we should do :) + +- Alternatively, we need to be able to decide `eventually always zero`. +- Alternatively, we push negations inside, and decide `⬝ ≠ ⬝` and `⬝ ≰ ⬝`. +-/ +def lnot : FSM Unit := sorry + + inductive Result : Type | falseAfter (n : ℕ) : Result | trueFor (n : ℕ) : Result @@ -680,30 +740,36 @@ theorem decideIfZeros_correct {arity : Type _} [DecidableEq arity] use x exact h -inductive Predicate - ( α : Type ) - [ i : Fintype α ] - [ dec_eq : DecidableEq α ] := -| eq (t1 t2 : Term ) : Predicate (Fin (max t1.arity t2.arity)) -| and (p q : Predicate α) -| or (p q : Predicate α) -| not (p : Predicate α) +end FSM + +/-- +The fragment of predicate logic that we support in `bv_automata`. +Currently, we support equality, conjunction, disjunction, and negation. +This can be expanded to also support arithmetic constraints such as unsigned-less-than. +-/ +inductive Predicate : Type → Type _ where +| eq (t1 t2 : Term) : Predicate (Fin (max t1.arity t2.arity)) +| and (p : Predicate α) (q : Predicate β) : Predicate (α ⊕ β) +| or (p : Predicate α) (q : Predicate β) : Predicate (α ⊕ β) +| not (p : Predicate α) : Predicate α -def Predicate.denote - -- Why are `i` and `dec_eq` marked as unused? - (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] : - Predicate α -> Prop +/-- +denote a reflected `predicate` into a `prop. +-/ +def Predicate.denote : Predicate α → Prop | eq t1 t2 => t1.eval = t2.eval | and p q => p.denote ∧ q.denote | or p q => p.denote ∨ q.denote | not p => ¬ p.denote --- write lowerings for predicates into FSMs -def Predicate.toFSM - (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] : - Predicate α -> FSM α -| eq t1 t2 => (termEvalEqFSM (Term.xor t1 t2)).toFSM +/-- +Convert a predicate into a proposition +-/ +def Predicate.toFSM : Predicate α → FSM α +| .eq t1 t2 => (termEvalEqFSM (Term.xor t1 t2)).toFSM +| .and p q => sorry -- compose the FSM of `p, q` with `FSM.and`. FSM.compose _ _ _ +| .or t1 t2 => sorry -- compose the FSM of `p, q` with `FSM.or`. FSM.compose _ _ _ | _ => sorry theorem Predicate.toFsm_correct From 674e094ba82a5b6206c2652ee6bea286830f0f49 Mon Sep 17 00:00:00 2001 From: Alex Keizer Date: Wed, 25 Sep 2024 20:54:47 -0500 Subject: [PATCH 08/17] WIP: start repeatBit implementation --- SSA/Experimental/Bits/Defs.lean | 44 ++++++++++++++--------- SSA/Experimental/Bits/Fast/BitStream.lean | 6 ++++ 2 files changed, 33 insertions(+), 17 deletions(-) diff --git a/SSA/Experimental/Bits/Defs.lean b/SSA/Experimental/Bits/Defs.lean index 985923e7c..f3ba2dfa6 100644 --- a/SSA/Experimental/Bits/Defs.lean +++ b/SSA/Experimental/Bits/Defs.lean @@ -40,6 +40,13 @@ inductive Term : Type | incr : Term → Term /-- Decrement (i.e., subtract one) -/ | decr : Term → Term +/-- `repeatBit` is an operation that will repeat the infinitely repeat the +least significant `true` bit of the input. + +That is `repeatBit t` is all-zeroes iff `t` is all-zeroes. +Otherwise, there is some number `k` s.t. `repeatBit t` is all-ones after +dropping the least significant `k` bits -/ +| repeatBit : Term → Term open Term @@ -53,20 +60,21 @@ so eval requires us to give a value for each possible variable. -/ def Term.eval (t : Term) (vars : Nat → BitStream) : BitStream := match t with - | var n => vars n - | zero => BitStream.zero - | one => BitStream.one - | negOne => BitStream.negOne - | and t₁ t₂ => (t₁.eval vars) &&& (t₂.eval vars) - | or t₁ t₂ => (t₁.eval vars) ||| (t₂.eval vars) - | xor t₁ t₂ => (t₁.eval vars) ^^^ (t₂.eval vars) - | not t => ~~~(t.eval vars) - | ls b t => (Term.eval t vars).concat b - | add t₁ t₂ => (Term.eval t₁ vars) + (Term.eval t₂ vars) - | sub t₁ t₂ => (Term.eval t₁ vars) - (Term.eval t₂ vars) - | neg t => -(Term.eval t vars) - | incr t => BitStream.incr (Term.eval t vars) - | decr t => BitStream.decr (Term.eval t vars) + | var n => vars n + | zero => BitStream.zero + | one => BitStream.one + | negOne => BitStream.negOne + | and t₁ t₂ => (t₁.eval vars) &&& (t₂.eval vars) + | or t₁ t₂ => (t₁.eval vars) ||| (t₂.eval vars) + | xor t₁ t₂ => (t₁.eval vars) ^^^ (t₂.eval vars) + | not t => ~~~(t.eval vars) + | ls b t => (Term.eval t vars).concat b + | add t₁ t₂ => (Term.eval t₁ vars) + (Term.eval t₂ vars) + | sub t₁ t₂ => (Term.eval t₁ vars) - (Term.eval t₂ vars) + | neg t => -(Term.eval t vars) + | incr t => BitStream.incr (Term.eval t vars) + | decr t => BitStream.decr (Term.eval t vars) + | repeatBit t => BitStream.repeatBit (Term.eval t vars) instance : Add Term := ⟨add⟩ instance : Sub Term := ⟨sub⟩ @@ -94,6 +102,7 @@ a term like `var 10` only has a single free variable, but its arity will be `11` | neg t => arity t | incr t => arity t | decr t => arity t +| repeatBit t => arity t /-- Evaluate a term `t` to the BitStream it represents. @@ -130,6 +139,7 @@ and only require that many bitstream values to be given in `vars`. let x₁ := t₁.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) let x₂ := t₂.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) x₁ - x₂ - | neg t => -(Term.evalFin t vars) - | incr t => BitStream.incr (Term.evalFin t vars) - | decr t => BitStream.decr (Term.evalFin t vars) + | neg t => -(Term.evalFin t vars) + | incr t => BitStream.incr (Term.evalFin t vars) + | decr t => BitStream.decr (Term.evalFin t vars) + | repeatBit t => BitStream.repeatBit (Term.evalFin t vars) diff --git a/SSA/Experimental/Bits/Fast/BitStream.lean b/SSA/Experimental/Bits/Fast/BitStream.lean index cd0105afe..0467fd7a5 100644 --- a/SSA/Experimental/Bits/Fast/BitStream.lean +++ b/SSA/Experimental/Bits/Fast/BitStream.lean @@ -276,6 +276,12 @@ instance : Add BitStream := ⟨add⟩ instance : Neg BitStream := ⟨neg⟩ instance : Sub BitStream := ⟨sub⟩ +def repeatBit (xs : BitStream) : BitStream := + corec (b := (true, xs)) fun (carry, xs) => + let carry := carry && xs 0 + let xs := xs.tail + ((carry, xs), carry) + /-! TODO: We should define addition and `carry` in terms of `mapAccum`. For example: From cd16f5c7827e7e9e67b8b2421fbb654ccfff5fc0 Mon Sep 17 00:00:00 2001 From: Alex Keizer Date: Wed, 25 Sep 2024 21:37:42 -0500 Subject: [PATCH 09/17] repeatBit combinator --- SSA/Experimental/Bits/Fast/BitStream.lean | 17 ++++++- .../Bits/Fast/FiniteStateMachine.lean | 45 ++++++++++++++++--- 2 files changed, 55 insertions(+), 7 deletions(-) diff --git a/SSA/Experimental/Bits/Fast/BitStream.lean b/SSA/Experimental/Bits/Fast/BitStream.lean index 0467fd7a5..d467bf0d2 100644 --- a/SSA/Experimental/Bits/Fast/BitStream.lean +++ b/SSA/Experimental/Bits/Fast/BitStream.lean @@ -98,6 +98,15 @@ section Lemmas theorem ext {x y : BitStream} (h : ∀ i, x i = y i) : x = y := by funext i; exact h i +theorem corec_eq_corec {a : α} {b : β} {f g} + (R : α → β → Prop) + (h : ∀ a b, R a b → + let x := f a + let y := g b + R x.fst y.fst ∧ x.snd = y.snd) : + corec f a = corec g b := by + sorry + end Lemmas end Basic @@ -276,9 +285,13 @@ instance : Add BitStream := ⟨add⟩ instance : Neg BitStream := ⟨neg⟩ instance : Sub BitStream := ⟨sub⟩ +/-- `repeatBit xs` will repeat the first bit of `xs` which is `true`. +That is, it will be all-zeros iff `xs` is all-zeroes, +otherwise, there's some number `k` so that after dropping the `k` least +significant bits, `repeatBit xs` is all-ones. -/ def repeatBit (xs : BitStream) : BitStream := - corec (b := (true, xs)) fun (carry, xs) => - let carry := carry && xs 0 + corec (b := (false, xs)) fun (carry, xs) => + let carry := carry || xs 0 let xs := xs.tail ((carry, xs), carry) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 452d0d611..c9d6456a0 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -104,6 +104,15 @@ theorem eval_eq_carry (x : arity → BitStream) (n : ℕ) : p.eval x n = (p.nextBit (p.carry x n) (fun i => x i n)).2 := rfl +theorem eval_eq_eval' : + p.eval x = p.eval' x := by + funext i + simp only [eval, eval'] + induction i generalizing p x + case zero => rfl + case succ i ih => + sorry + /-- `p.changeVars f` changes the arity of an `FSM`. The function `f` determines how the new input bits map to the input expected by `p` -/ def changeVars {arity2 : Type} (changeVars : arity → arity2) : FSM arity2 := @@ -476,6 +485,22 @@ theorem eval_eq_zero_of_set {arity : Type _} (p : FSM arity) rw [eval] exact (evalAux_eq_zero_of_set p R hR hi hr1 x n).1 +def repeatBit : FSM Unit where + α := Unit + initCarry := fun () => false + nextBitCirc := fun _ => + .or (.var true <| .inl ()) (.var true <| .inr ()) + +@[simp] theorem eval_repeatBit : + repeatBit.eval x = BitStream.repeatBit (x ()) := by + unfold BitStream.repeatBit + rw [eval_eq_eval', eval'] + apply BitStream.corec_eq_corec + (R := fun a b => a.1 () = b.2 ∧ (a.2 ()) = b.1) + intro ⟨y, a⟩ ⟨b, x⟩ h + simp only at h + simp [h, nextBit, BitStream.head] + end FSM structure FSMSolution (t : Term) extends FSM (Fin t.arity) := @@ -590,6 +615,10 @@ def termEvalEqFSM : ∀ (t : Term), FSMSolution t let q := termEvalEqFSM t { toFSM := by dsimp [arity]; exact composeUnary FSM.decr q, good := by ext; simp } + | repeatBit t => + let p := termEvalEqFSM t + { toFSM := by dsimp [arity]; exact composeUnary FSM.repeatBit p, + good := by ext; simp } /-! FSM that implement bitwise-and. Since we use `0` as the good state, @@ -604,7 +633,7 @@ def and : FSM Bool := | some () => -- Only if both are `0` we produce a `0`. (Circuit.var true (inr false) ||| - ((Circuit.var false (inr true) ||| + ((Circuit.var false (inr true) ||| -- But if we have failed and have value `1`, then we produce a `1` from our state. (Circuit.var true (inl ()))))) | none => -- must succeed in both arguments, so we are `0` if both are `0`. @@ -751,7 +780,7 @@ inductive Predicate : Type → Type _ where | eq (t1 t2 : Term) : Predicate (Fin (max t1.arity t2.arity)) | and (p : Predicate α) (q : Predicate β) : Predicate (α ⊕ β) | or (p : Predicate α) (q : Predicate β) : Predicate (α ⊕ β) -| not (p : Predicate α) : Predicate α +| not (p : Predicate α) : Predicate α /-- @@ -767,9 +796,15 @@ def Predicate.denote : Predicate α → Prop Convert a predicate into a proposition -/ def Predicate.toFSM : Predicate α → FSM α -| .eq t1 t2 => (termEvalEqFSM (Term.xor t1 t2)).toFSM -| .and p q => sorry -- compose the FSM of `p, q` with `FSM.and`. FSM.compose _ _ _ -| .or t1 t2 => sorry -- compose the FSM of `p, q` with `FSM.or`. FSM.compose _ _ _ +| .eq t1 t2 => (termEvalEqFSM (Term.repeatBit <| Term.xor t1 t2)).toFSM +| .and p q => + let p := toFSM p + let q := toFSM q + -- composeBinary _ _ _ + -- ^^^^^^^^^^^^ Doesn't yet work, since `composeBinary` return the arity + -- `Fin (max _ _)`, whereas predicate says the arity is `α ⊕ β` + sorry -- compose the FSM of `p, q` with `FSM.and`. FSM.compose _ _ _ +| .or p q => sorry -- compose the FSM of `p, q` with `FSM.or`. FSM.compose _ _ _ | _ => sorry theorem Predicate.toFsm_correct From c3ecbf32e330d887f8cf0433d18029fd8cf0c04a Mon Sep 17 00:00:00 2001 From: Siddharth Bhat Date: Wed, 25 Sep 2024 22:56:54 -0500 Subject: [PATCH 10/17] chore: define and, or. --- .../Bits/Fast/FiniteStateMachine.lean | 47 ++++++++++++------- 1 file changed, 31 insertions(+), 16 deletions(-) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index c9d6456a0..3cf525f52 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -530,6 +530,19 @@ def composeBinary | true => q₁.toFSM | false => q₂.toFSM) +def composeBinary' + (p : FSM Bool) + {n m : Nat} + (q₁ : FSM (Fin n)) + (q₂ : FSM (Fin m)) : + FSM (Fin (max n m)) := + p.compose (Fin (max n m)) + (λ b => Fin (cond b n m)) + (λ b i => Fin.castLE (by cases b <;> simp) i) + (λ b => match b with + | true => q₁ + | false => q₂) + @[simp] lemma composeUnary_eval (p : FSM Unit) {t : Term} @@ -776,11 +789,15 @@ The fragment of predicate logic that we support in `bv_automata`. Currently, we support equality, conjunction, disjunction, and negation. This can be expanded to also support arithmetic constraints such as unsigned-less-than. -/ -inductive Predicate : Type → Type _ where -| eq (t1 t2 : Term) : Predicate (Fin (max t1.arity t2.arity)) -| and (p : Predicate α) (q : Predicate β) : Predicate (α ⊕ β) -| or (p : Predicate α) (q : Predicate β) : Predicate (α ⊕ β) -| not (p : Predicate α) : Predicate α +inductive Predicate : Nat → Type _ where +| eq (t1 t2 : Term) : Predicate ((max t1.arity t2.arity)) +| and (p : Predicate n) (q : Predicate m) : Predicate (max n m) +| or (p : Predicate n) (q : Predicate m) : Predicate (max n m) +-- For now, we can't prove `not`, because it needs NFA → DFA conversion +-- the way Sid knows how to build it, or negation normal form, +-- both of which is machinery we lack. +-- | not (p : Predicate n) : Predicate n + /-- @@ -790,23 +807,21 @@ def Predicate.denote : Predicate α → Prop | eq t1 t2 => t1.eval = t2.eval | and p q => p.denote ∧ q.denote | or p q => p.denote ∨ q.denote -| not p => ¬ p.denote +-- | not p => ¬ p.denote /-- Convert a predicate into a proposition -/ -def Predicate.toFSM : Predicate α → FSM α +def Predicate.toFSM : Predicate k → FSM (Fin k) | .eq t1 t2 => (termEvalEqFSM (Term.repeatBit <| Term.xor t1 t2)).toFSM | .and p q => let p := toFSM p let q := toFSM q - -- composeBinary _ _ _ - -- ^^^^^^^^^^^^ Doesn't yet work, since `composeBinary` return the arity - -- `Fin (max _ _)`, whereas predicate says the arity is `α ⊕ β` - sorry -- compose the FSM of `p, q` with `FSM.and`. FSM.compose _ _ _ -| .or p q => sorry -- compose the FSM of `p, q` with `FSM.or`. FSM.compose _ _ _ -| _ => sorry - -theorem Predicate.toFsm_correct - (α : Type) [ i : Fintype α ] [ dec_eq : DecidableEq α ] (p : Predicate α) : + composeBinary' FSM.and p q +| .or p q => + let p := toFSM p + let q := toFSM q + composeBinary' FSM.or p q + +theorem Predicate.toFsm_correct {k : Nat} (p : Predicate k) : decideIfZeros p.toFSM = true ↔ p.denote := by sorry From 74d8de7f14e0b0d2a1fac9d9def3dd62319c3342 Mon Sep 17 00:00:00 2001 From: Atticus Kuhn Date: Sat, 28 Sep 2024 17:32:57 +0100 Subject: [PATCH 11/17] remove sorry from corec --- SSA/Experimental/Bits/Fast/BitStream.lean | 24 ++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/SSA/Experimental/Bits/Fast/BitStream.lean b/SSA/Experimental/Bits/Fast/BitStream.lean index d467bf0d2..7b2815f41 100644 --- a/SSA/Experimental/Bits/Fast/BitStream.lean +++ b/SSA/Experimental/Bits/Fast/BitStream.lean @@ -98,14 +98,36 @@ section Lemmas theorem ext {x y : BitStream} (h : ∀ i, x i = y i) : x = y := by funext i; exact h i +theorem compose_first {α: Type u₁} (i : Nat) (a : α ) (f : α → α × Bool) : (f ((Prod.fst ∘ f)^[i] a)).1 = (Prod.fst ∘ f)^[i] (f a).1 := + match i with + | 0 => by simp + | i + 1=> + let y:= @compose_first α i ((f a).1) f + by simp [y] + theorem corec_eq_corec {a : α} {b : β} {f g} (R : α → β → Prop) + (thing : R a b) (h : ∀ a b, R a b → let x := f a let y := g b R x.fst y.fst ∧ x.snd = y.snd) : corec f a = corec g b := by - sorry + ext i + have lem : R ((Prod.fst ∘ f)^[i] (f a).1) ((Prod.fst ∘ g)^[i] (g b).1) ∧ corec f a i = corec g b i := by + induction' i with i ih + <;> simp [corec] + · apply h + exact thing + · simp at h + simp [corec] at ih + have m := h ((Prod.fst ∘ f)^[i] (f a).1) ((Prod.fst ∘ g)^[i] (g b).1) (ih.1) + cases' m with l r + simp [r] + rw [← @compose_first α, ← @compose_first β i] + exact l + cases lem + assumption end Lemmas From 40d13303c605bb9821691a6fba8a2f33029ba343 Mon Sep 17 00:00:00 2001 From: Atticus Kuhn Date: Sat, 28 Sep 2024 17:36:41 +0100 Subject: [PATCH 12/17] simplify proof --- SSA/Experimental/Bits/Fast/BitStream.lean | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/SSA/Experimental/Bits/Fast/BitStream.lean b/SSA/Experimental/Bits/Fast/BitStream.lean index 7b2815f41..a91b85ff2 100644 --- a/SSA/Experimental/Bits/Fast/BitStream.lean +++ b/SSA/Experimental/Bits/Fast/BitStream.lean @@ -101,9 +101,7 @@ theorem ext {x y : BitStream} (h : ∀ i, x i = y i) : x = y := by theorem compose_first {α: Type u₁} (i : Nat) (a : α ) (f : α → α × Bool) : (f ((Prod.fst ∘ f)^[i] a)).1 = (Prod.fst ∘ f)^[i] (f a).1 := match i with | 0 => by simp - | i + 1=> - let y:= @compose_first α i ((f a).1) f - by simp [y] + | i + 1 => by simp [@compose_first α i ((f a).1) f] theorem corec_eq_corec {a : α} {b : β} {f g} (R : α → β → Prop) @@ -114,18 +112,15 @@ theorem corec_eq_corec {a : α} {b : β} {f g} R x.fst y.fst ∧ x.snd = y.snd) : corec f a = corec g b := by ext i - have lem : R ((Prod.fst ∘ f)^[i] (f a).1) ((Prod.fst ∘ g)^[i] (g b).1) ∧ corec f a i = corec g b i := by + have lem : R ((Prod.fst ∘ f)^[i] (f a).1) ((Prod.fst ∘ g)^[i] (g b).1) ∧ corec f a i = corec g b i := by induction' i with i ih - <;> simp [corec] + <;> simp only [Function.iterate_succ, Function.comp_apply, corec] · apply h exact thing - · simp at h - simp [corec] at ih - have m := h ((Prod.fst ∘ f)^[i] (f a).1) ((Prod.fst ∘ g)^[i] (g b).1) (ih.1) + · have m := h ((Prod.fst ∘ f)^[i] (f a).1) ((Prod.fst ∘ g)^[i] (g b).1) (ih.1) cases' m with l r - simp [r] - rw [← @compose_first α, ← @compose_first β i] - exact l + rw [r, ← @compose_first α, ← @compose_first β] + simp [l] cases lem assumption From a49220f3cafe4030c9eb11fc6d4280ad50646be6 Mon Sep 17 00:00:00 2001 From: Atticus Kuhn Date: Sat, 28 Sep 2024 17:38:56 +0100 Subject: [PATCH 13/17] simpify proof --- SSA/Experimental/Bits/Fast/BitStream.lean | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SSA/Experimental/Bits/Fast/BitStream.lean b/SSA/Experimental/Bits/Fast/BitStream.lean index a91b85ff2..3ac36c002 100644 --- a/SSA/Experimental/Bits/Fast/BitStream.lean +++ b/SSA/Experimental/Bits/Fast/BitStream.lean @@ -101,7 +101,7 @@ theorem ext {x y : BitStream} (h : ∀ i, x i = y i) : x = y := by theorem compose_first {α: Type u₁} (i : Nat) (a : α ) (f : α → α × Bool) : (f ((Prod.fst ∘ f)^[i] a)).1 = (Prod.fst ∘ f)^[i] (f a).1 := match i with | 0 => by simp - | i + 1 => by simp [@compose_first α i ((f a).1) f] + | i + 1 => by simp [compose_first i ((f a).1) f] theorem corec_eq_corec {a : α} {b : β} {f g} (R : α → β → Prop) @@ -119,7 +119,7 @@ theorem corec_eq_corec {a : α} {b : β} {f g} exact thing · have m := h ((Prod.fst ∘ f)^[i] (f a).1) ((Prod.fst ∘ g)^[i] (g b).1) (ih.1) cases' m with l r - rw [r, ← @compose_first α, ← @compose_first β] + rw [r, ← compose_first, ← @compose_first β] simp [l] cases lem assumption From 9d1d2b214052194781bd35c89a095a8e8b28e489 Mon Sep 17 00:00:00 2001 From: Siddharth Bhat Date: Sat, 28 Sep 2024 16:21:23 -0500 Subject: [PATCH 14/17] chore: fix sorry, now allow project to build. We fail on guard_msgs due to sorry? --- SSA/Experimental/Bits/Fast/FiniteStateMachine.lean | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 3cf525f52..32e495037 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -497,9 +497,10 @@ def repeatBit : FSM Unit where rw [eval_eq_eval', eval'] apply BitStream.corec_eq_corec (R := fun a b => a.1 () = b.2 ∧ (a.2 ()) = b.1) - intro ⟨y, a⟩ ⟨b, x⟩ h - simp only at h - simp [h, nextBit, BitStream.head] + · simp [repeatBit] + · intro ⟨y, a⟩ ⟨b, x⟩ h + simp at h + simp [h, nextBit, BitStream.head] end FSM @@ -818,7 +819,7 @@ def Predicate.toFSM : Predicate k → FSM (Fin k) let p := toFSM p let q := toFSM q composeBinary' FSM.and p q -| .or p q => +| .or p q => let p := toFSM p let q := toFSM q composeBinary' FSM.or p q From b5e09db267487d9d79e7e99016198ff46efd8a3e Mon Sep 17 00:00:00 2001 From: Siddharth Bhat Date: Sat, 28 Sep 2024 16:30:15 -0500 Subject: [PATCH 15/17] chore: allow project to compile by updating guard messages with sorry --- SSA/Experimental/Bits/Fast/Decide.lean | 76 +++++++++------- .../Bits/Fast/FiniteStateMachine.lean | 2 +- SSA/Experimental/Bits/Fast/Tactic.lean | 88 ++++++++++++++----- 3 files changed, 111 insertions(+), 55 deletions(-) diff --git a/SSA/Experimental/Bits/Fast/Decide.lean b/SSA/Experimental/Bits/Fast/Decide.lean index 3227f6df2..998620ec1 100644 --- a/SSA/Experimental/Bits/Fast/Decide.lean +++ b/SSA/Experimental/Bits/Fast/Decide.lean @@ -33,96 +33,110 @@ example : ((and x y) + (or x y)).eval = (x + y).eval := by example : ((or x y) - (xor x y)).eval = (and x y).eval := by native_decide + +/- +Note that we use `#eval!` instead of `#eval`, since our +proof of `decide` currently contains a `sorry`. We should elminate the `sorry`, +and then switch to `#eval`. +-/ + +/-- +info: 'Decidable.decide' does not depend on any axioms +--- +info: 'decide' depends on axioms: [propext, sorryAx, Classical.choice, Quot.sound] +-/ +#guard_msgs in #print axioms decide + /-- info: true -/ -#guard_msgs in #eval decide (x + -x) 0 +#guard_msgs in #eval! decide (x + -x) 0 /-- info: true -/ -#guard_msgs in #eval decide (incr x) (x + 1) +#guard_msgs in #eval! decide (incr x) (x + 1) /-- info: true -/ -#guard_msgs in #eval decide (decr x) (x - 1) +#guard_msgs in #eval! decide (decr x) (x - 1) /-- info: true -/ -#guard_msgs in #eval decide (x + -y) (x - y) +#guard_msgs in #eval! decide (x + -y) (x - y) /-- info: true -/ -#guard_msgs in #eval decide (x + 0) (var 0) +#guard_msgs in #eval! decide (x + 0) (var 0) /-- info: true -/ -#guard_msgs in #eval decide (x + y) (y + x) +#guard_msgs in #eval! decide (x + y) (y + x) /-- info: true -/ -#guard_msgs in #eval decide (x + (y + z)) (x + y + z) +#guard_msgs in #eval! decide (x + (y + z)) (x + y + z) /-- info: true -/ -#guard_msgs in #eval decide (x - x) 0 +#guard_msgs in #eval! decide (x - x) 0 /-- info: true -/ -#guard_msgs in #eval decide (x + 0) x +#guard_msgs in #eval! decide (x + 0) x /-- info: true -/ -#guard_msgs in #eval decide (0 + x) x +#guard_msgs in #eval! decide (0 + x) x /-- info: true -/ -#guard_msgs in #eval decide (-x) (not x).incr +#guard_msgs in #eval! decide (-x) (not x).incr /-- info: true -/ -#guard_msgs in #eval decide (-x) (not x.decr) +#guard_msgs in #eval! decide (-x) (not x.decr) /-- info: true -/ -#guard_msgs in #eval decide (not x) (-x).decr +#guard_msgs in #eval! decide (not x) (-x).decr /-- info: true -/ -#guard_msgs in #eval decide (-not x) (x + 1) +#guard_msgs in #eval! decide (-not x) (x + 1) /-- info: true -/ -#guard_msgs in #eval decide (x + y) (x - not y - 1) +#guard_msgs in #eval! decide (x + y) (x - not y - 1) /-- info: true -/ -#guard_msgs in #eval decide (x + y) ((xor x y) + (and x y).ls false) +#guard_msgs in #eval! decide (x + y) ((xor x y) + (and x y).ls false) /-- info: true -/ -#guard_msgs in #eval decide (x + y) (or x y + and x y) +#guard_msgs in #eval! decide (x + y) (or x y + and x y) /-- info: true -/ -#guard_msgs in #eval decide (x + y) ((or x y).ls false - (xor x y)) +#guard_msgs in #eval! decide (x + y) ((or x y).ls false - (xor x y)) /-- info: true -/ -#guard_msgs in #eval decide (x - y) (x + not y).incr +#guard_msgs in #eval! decide (x - y) (x + not y).incr /-- info: true -/ -#guard_msgs in #eval decide (x - y) (xor x y - (and (not x) y).ls false) +#guard_msgs in #eval! decide (x - y) (xor x y - (and (not x) y).ls false) /-- info: true -/ -#guard_msgs in #eval decide (x - y) (and x (not y) - (and (not x) y)) +#guard_msgs in #eval! decide (x - y) (and x (not y) - (and (not x) y)) /-- info: true -/ -#guard_msgs in #eval decide (x - y) ((and x (not y)).ls false - (xor x y)) +#guard_msgs in #eval! decide (x - y) ((and x (not y)).ls false - (xor x y)) /-- info: true -/ -#guard_msgs in #eval decide (xor x y) ((or x y) - (and x y)) +#guard_msgs in #eval! decide (xor x y) ((or x y) - (and x y)) /-- info: true -/ -#guard_msgs in #eval decide (and x (not y)) (or x y - y) +#guard_msgs in #eval! decide (and x (not y)) (or x y - y) /-- info: true -/ -#guard_msgs in #eval decide (and x (not y)) (x - and x y) +#guard_msgs in #eval! decide (and x (not y)) (x - and x y) /-- info: true -/ -#guard_msgs in #eval decide (not (x - y)) (y - x).decr +#guard_msgs in #eval! decide (not (x - y)) (y - x).decr /-- info: true -/ -#guard_msgs in #eval decide (not (x - y)) (not x + y) +#guard_msgs in #eval! decide (not (x - y)) (not x + y) /-- info: true -/ -#guard_msgs in #eval decide (not (xor x y)) (and x y - (or x y)).decr +#guard_msgs in #eval! decide (not (xor x y)) (and x y - (or x y)).decr /-- info: true -/ -#guard_msgs in #eval decide (not (xor x y)) (and x y + not (or x y)) +#guard_msgs in #eval! decide (not (xor x y)) (and x y + not (or x y)) /-- info: true -/ -#guard_msgs in #eval decide (or x y) (and x (not y) + y) +#guard_msgs in #eval! decide (or x y) (and x (not y) + y) /-- info: true -/ -#guard_msgs in #eval decide (and x y) (or (not x) y - not x) +#guard_msgs in #eval! decide (and x y) (or (not x) y - not x) end testDecide diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 32e495037..2dbb7a4be 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -690,7 +690,7 @@ what we should do :) - Alternatively, we need to be able to decide `eventually always zero`. - Alternatively, we push negations inside, and decide `⬝ ≠ ⬝` and `⬝ ≰ ⬝`. -/ -def lnot : FSM Unit := sorry +-- def lnot : FSM Unit := sorry inductive Result : Type diff --git a/SSA/Experimental/Bits/Fast/Tactic.lean b/SSA/Experimental/Bits/Fast/Tactic.lean index d58941717..c681916f1 100644 --- a/SSA/Experimental/Bits/Fast/Tactic.lean +++ b/SSA/Experimental/Bits/Fast/Tactic.lean @@ -332,143 +332,185 @@ macro "bv_automata" : tactic => def alive_1 {w : ℕ} (x x_1 x_2 : BitVec w) : (x_2 &&& x_1 ^^^ x_1) + 1#w + x = x - (x_2 ||| ~~~x_1) := by bv_automata -/-- info: 'alive_1' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'alive_1' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms alive_1 def test_OfNat_ofNat (x : BitVec 1) : 1 + x = x + 1 := by bv_automata -/-- info: 'test_OfNat_ofNat' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test_OfNat_ofNat' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test_OfNat_ofNat def test_BitVec_ofNat (x : BitVec 1) : 1 + x = x + 1#1 := by bv_automata /-- -info: 'test_BitVec_ofNat' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] +info: 'test_BitVec_ofNat' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ #guard_msgs in #print axioms test_BitVec_ofNat def test0 {w : Nat} (x y : BitVec (w + 1)) : x + 0 = x := by bv_automata -/-- info: 'test0' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test0' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test0 def test_simple2 {w : Nat} (x y : BitVec (w + 1)) : x = x := by bv_automata /-- -info: 'test_simple2' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] +info: 'test_simple2' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ #guard_msgs in #print axioms test_simple2 def test1 {w : Nat} (x y : BitVec (w + 1)) : (x ||| y) - (x ^^^ y) = x &&& y := by bv_automata -/-- info: 'test1' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test1' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test1 def test2 (x y : BitVec 300) : (x &&& y) + (x ||| y) = x + y := by bv_automata -/-- info: 'test2' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test2' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test2 def test3 (x y : BitVec 300) : ((x ||| y) - (x ^^^ y)) = (x &&& y) := by bv_automata -/-- info: 'test3' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test3' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test3 def test4 (x y : BitVec 2) : (x + -y) = (x - y) := by bv_automata -/-- info: 'test4' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test4' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test4 def test5 (x y z : BitVec 2) : (x + y + z) = (z + y + x) := by bv_automata -/-- info: 'test5' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test5' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test5 def test6 (x y z : BitVec 2) : (x + (y + z)) = (x + y + z) := by bv_automata -/-- info: 'test6' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test6' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test6 def test11 (x y : BitVec 2) : (x + y) = ((x ||| y) + (x &&& y)) := by bv_automata -/-- info: 'test11' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test11' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test11 def test15 (x y : BitVec 2) : (x - y) = (( x &&& (~~~ y)) - ((~~~ x) &&& y)) := by bv_automata -/-- info: 'test15' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test15' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test15 def test17 (x y : BitVec 2) : (x ^^^ y) = ((x ||| y) - (x &&& y)) := by bv_automata -/-- info: 'test17' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test17' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test17 def test18 (x y : BitVec 2) : (x &&& (~~~ y)) = ((x ||| y) - y) := by bv_automata -/-- info: 'test18' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test18' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test18 def test19 (x y : BitVec 2) : (x &&& (~~~ y)) = (x - (x &&& y)) := by bv_automata -/-- info: 'test19' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test19' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test19 def test21 (x y : BitVec 2) : (~~~(x - y)) = (~~~x + y) := by bv_automata -/-- info: 'test21' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test21' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test21 def test23 (x y : BitVec 2) : (~~~(x ^^^ y)) = ((x &&& y) + ~~~(x ||| y)) := by bv_automata -/-- info: 'test23' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test23' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test23 def test24 (x y : BitVec 2) : (x ||| y) = (( x &&& (~~~y)) + y) := by bv_automata -/-- info: 'test24' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test24' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test24 def test25 (x y : BitVec 2) : (x &&& y) = (((~~~x) ||| y) - ~~~x) := by bv_automata -/-- info: 'test25' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test25' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test25 def test26 {w : Nat} (x y : BitVec (w + 1)) : 1 + x + 0 = 1 + x := by bv_automata -/-- info: 'test26' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test26' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test26 def test27 (x y : BitVec 5) : 2 + x = 1 + x + 1 := by bv_automata -/-- info: 'test27' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test27' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test27 def test28 {w : Nat} (x y : BitVec (w + 1)) : x &&& x &&& x &&& x &&& x &&& x = x := by bv_automata -/-- info: 'test28' depends on axioms: [propext, Classical.choice, Lean.ofReduceBool, Quot.sound] -/ +/-- +info: 'test28' depends on axioms: [propext, sorryAx, Classical.choice, Lean.ofReduceBool, Quot.sound] +-/ #guard_msgs in #print axioms test28 -- This test is commented out because it takes over a minute to run From 92ff7c076b26a007f6d9a33d31e6033dd3c1e26d Mon Sep 17 00:00:00 2001 From: Siddharth Bhat Date: Sat, 28 Sep 2024 16:33:56 -0500 Subject: [PATCH 16/17] chore: cleanup --- SSA/Experimental/Bits/Fast/BitStream.lean | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/SSA/Experimental/Bits/Fast/BitStream.lean b/SSA/Experimental/Bits/Fast/BitStream.lean index 3ac36c002..4e7d5c11c 100644 --- a/SSA/Experimental/Bits/Fast/BitStream.lean +++ b/SSA/Experimental/Bits/Fast/BitStream.lean @@ -98,11 +98,24 @@ section Lemmas theorem ext {x y : BitStream} (h : ∀ i, x i = y i) : x = y := by funext i; exact h i -theorem compose_first {α: Type u₁} (i : Nat) (a : α ) (f : α → α × Bool) : (f ((Prod.fst ∘ f)^[i] a)).1 = (Prod.fst ∘ f)^[i] (f a).1 := +/-- +The field projection `.1` distributes over function composition, so we can compute +the first field of the result of the composition by repeatedly composing the first projection. +-/ +theorem compose_first {α: Type u₁} (i : Nat) (a : α) + (f : α → α × Bool) : + (f ((Prod.fst ∘ f)^[i] a)).1 = (Prod.fst ∘ f)^[i] (f a).1 := match i with | 0 => by simp | i + 1 => by simp [compose_first i ((f a).1) f] +/-- +Coinduction principle for `corec`. +To show that `corec f a = corec g b`, +we must show that: +- The relation `R a b` is inhabited ["base case"] +- Given that `R a b` holds, then `R (f a) (g b)` holds [coinductive case] +-/ theorem corec_eq_corec {a : α} {b : β} {f g} (R : α → β → Prop) (thing : R a b) From 49405aa28d90a7b15764d6bfcf04ea55336b329f Mon Sep 17 00:00:00 2001 From: Siddharth Bhat Date: Sat, 28 Sep 2024 16:50:55 -0500 Subject: [PATCH 17/17] chore: duplicate Defs, Lemmas into Fast --- SSA/Experimental/Bits/Defs.lean | 10 -- SSA/Experimental/Bits/Fast/Decide.lean | 2 +- SSA/Experimental/Bits/Fast/Defs.lean | 145 ++++++++++++++++++ .../Bits/Fast/FiniteStateMachine.lean | 2 +- SSA/Experimental/Bits/Fast/Lemmas.lean | 38 +++++ SSA/Experimental/Bits/Fast/Tactic.lean | 2 +- 6 files changed, 186 insertions(+), 13 deletions(-) create mode 100644 SSA/Experimental/Bits/Fast/Defs.lean create mode 100644 SSA/Experimental/Bits/Fast/Lemmas.lean diff --git a/SSA/Experimental/Bits/Defs.lean b/SSA/Experimental/Bits/Defs.lean index f3ba2dfa6..ff2043e86 100644 --- a/SSA/Experimental/Bits/Defs.lean +++ b/SSA/Experimental/Bits/Defs.lean @@ -40,13 +40,6 @@ inductive Term : Type | incr : Term → Term /-- Decrement (i.e., subtract one) -/ | decr : Term → Term -/-- `repeatBit` is an operation that will repeat the infinitely repeat the -least significant `true` bit of the input. - -That is `repeatBit t` is all-zeroes iff `t` is all-zeroes. -Otherwise, there is some number `k` s.t. `repeatBit t` is all-ones after -dropping the least significant `k` bits -/ -| repeatBit : Term → Term open Term @@ -74,7 +67,6 @@ def Term.eval (t : Term) (vars : Nat → BitStream) : BitStream := | neg t => -(Term.eval t vars) | incr t => BitStream.incr (Term.eval t vars) | decr t => BitStream.decr (Term.eval t vars) - | repeatBit t => BitStream.repeatBit (Term.eval t vars) instance : Add Term := ⟨add⟩ instance : Sub Term := ⟨sub⟩ @@ -102,7 +94,6 @@ a term like `var 10` only has a single free variable, but its arity will be `11` | neg t => arity t | incr t => arity t | decr t => arity t -| repeatBit t => arity t /-- Evaluate a term `t` to the BitStream it represents. @@ -142,4 +133,3 @@ and only require that many bitstream values to be given in `vars`. | neg t => -(Term.evalFin t vars) | incr t => BitStream.incr (Term.evalFin t vars) | decr t => BitStream.decr (Term.evalFin t vars) - | repeatBit t => BitStream.repeatBit (Term.evalFin t vars) diff --git a/SSA/Experimental/Bits/Fast/Decide.lean b/SSA/Experimental/Bits/Fast/Decide.lean index 998620ec1..1fa084970 100644 --- a/SSA/Experimental/Bits/Fast/Decide.lean +++ b/SSA/Experimental/Bits/Fast/Decide.lean @@ -1,5 +1,5 @@ import SSA.Experimental.Bits.Fast.FiniteStateMachine -import SSA.Experimental.Bits.Lemmas +import SSA.Experimental.Bits.Fast.Lemmas instance (t₁ t₂ : Term) : Decidable (t₁.eval = t₂.eval) := decidable_of_iff diff --git a/SSA/Experimental/Bits/Fast/Defs.lean b/SSA/Experimental/Bits/Fast/Defs.lean new file mode 100644 index 000000000..f3ba2dfa6 --- /dev/null +++ b/SSA/Experimental/Bits/Fast/Defs.lean @@ -0,0 +1,145 @@ +/- +Released under Apache 2.0 license as described in the file LICENSE. +-/ +import Mathlib.Data.Bool.Basic +import Mathlib.Data.Fin.Basic +import SSA.Experimental.Bits.Fast.BitStream + +/-! +# Term Language +This file defines the term language the decision procedure operates on, +and the denotation of these terms into operations on bitstreams -/ + +/-- A `Term` is an expression in the language our decision procedure operates on, +it represent an infinite bitstream (with free variables) -/ +inductive Term : Type +| var : Nat → Term +/-- The constant `0` -/ +| zero : Term +/-- The constant `-1` -/ +| negOne : Term +/-- The constant `1` -/ +| one : Term +/-- Bitwise and -/ +| and : Term → Term → Term +/-- Bitwise or -/ +| or : Term → Term → Term +/-- Bitwise xor -/ +| xor : Term → Term → Term +/-- Bitwise complement -/ +| not : Term → Term +/-- Append a single bit the start (i.e., least-significant end) of the bitstream -/ +| ls (b : Bool) : Term → Term +/-- Addition -/ +| add : Term → Term → Term +/-- Subtraction -/ +| sub : Term → Term → Term +/-- Negation -/ +| neg : Term → Term +/-- Increment (i.e., add one) -/ +| incr : Term → Term +/-- Decrement (i.e., subtract one) -/ +| decr : Term → Term +/-- `repeatBit` is an operation that will repeat the infinitely repeat the +least significant `true` bit of the input. + +That is `repeatBit t` is all-zeroes iff `t` is all-zeroes. +Otherwise, there is some number `k` s.t. `repeatBit t` is all-ones after +dropping the least significant `k` bits -/ +| repeatBit : Term → Term + +open Term + +open BitStream in +/-- +Evaluate a term `t` to the BitStream it represents, +given a value for the free variables in `t`. + +Note that we don't keep track of how many free variable occur in `t`, +so eval requires us to give a value for each possible variable. +-/ +def Term.eval (t : Term) (vars : Nat → BitStream) : BitStream := + match t with + | var n => vars n + | zero => BitStream.zero + | one => BitStream.one + | negOne => BitStream.negOne + | and t₁ t₂ => (t₁.eval vars) &&& (t₂.eval vars) + | or t₁ t₂ => (t₁.eval vars) ||| (t₂.eval vars) + | xor t₁ t₂ => (t₁.eval vars) ^^^ (t₂.eval vars) + | not t => ~~~(t.eval vars) + | ls b t => (Term.eval t vars).concat b + | add t₁ t₂ => (Term.eval t₁ vars) + (Term.eval t₂ vars) + | sub t₁ t₂ => (Term.eval t₁ vars) - (Term.eval t₂ vars) + | neg t => -(Term.eval t vars) + | incr t => BitStream.incr (Term.eval t vars) + | decr t => BitStream.decr (Term.eval t vars) + | repeatBit t => BitStream.repeatBit (Term.eval t vars) + +instance : Add Term := ⟨add⟩ +instance : Sub Term := ⟨sub⟩ +instance : One Term := ⟨one⟩ +instance : Zero Term := ⟨zero⟩ +instance : Neg Term := ⟨neg⟩ + +/-- `t.arity` is the max free variable id that occurs in the given term `t`, +and thus is an upper bound on the number of free variables that occur in `t`. + +Note that the upper bound is not perfect: +a term like `var 10` only has a single free variable, but its arity will be `11` -/ +@[simp] def Term.arity : Term → Nat +| (var n) => n+1 +| zero => 0 +| one => 0 +| negOne => 0 +| Term.and t₁ t₂ => max (arity t₁) (arity t₂) +| Term.or t₁ t₂ => max (arity t₁) (arity t₂) +| Term.xor t₁ t₂ => max (arity t₁) (arity t₂) +| Term.not t => arity t +| ls _ t => arity t +| add t₁ t₂ => max (arity t₁) (arity t₂) +| sub t₁ t₂ => max (arity t₁) (arity t₂) +| neg t => arity t +| incr t => arity t +| decr t => arity t +| repeatBit t => arity t + +/-- +Evaluate a term `t` to the BitStream it represents. + +This differs from `Term.eval` in that `Term.evalFin` uses `Term.arity` to +determine the number of free variables that occur in the given term, +and only require that many bitstream values to be given in `vars`. +-/ +@[simp] def Term.evalFin (t : Term) (vars : Fin (arity t) → BitStream) : BitStream := + match t with + | var n => vars (Fin.last n) + | zero => BitStream.zero + | one => BitStream.one + | negOne => BitStream.negOne + | and t₁ t₂ => + let x₁ := t₁.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + let x₂ := t₂.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + x₁ &&& x₂ + | or t₁ t₂ => + let x₁ := t₁.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + let x₂ := t₂.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + x₁ ||| x₂ + | xor t₁ t₂ => + let x₁ := t₁.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + let x₂ := t₂.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + x₁ ^^^ x₂ + | not t => ~~~(t.evalFin vars) + | ls b t => (t.evalFin vars).concat b + | add t₁ t₂ => + let x₁ := t₁.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + let x₂ := t₂.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + x₁ + x₂ + | sub t₁ t₂ => + let x₁ := t₁.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + let x₂ := t₂.evalFin (fun i => vars (Fin.castLE (by simp [arity]) i)) + x₁ - x₂ + | neg t => -(Term.evalFin t vars) + | incr t => BitStream.incr (Term.evalFin t vars) + | decr t => BitStream.decr (Term.evalFin t vars) + | repeatBit t => BitStream.repeatBit (Term.evalFin t vars) diff --git a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean index 2dbb7a4be..7dcd1d97c 100644 --- a/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean +++ b/SSA/Experimental/Bits/Fast/FiniteStateMachine.lean @@ -5,7 +5,7 @@ import Mathlib.Data.Fintype.Pi import Mathlib.Data.Fintype.BigOperators import Mathlib.Tactic.Zify import Mathlib.Tactic.Ring -import SSA.Experimental.Bits.Defs +import SSA.Experimental.Bits.Fast.Defs import SSA.Experimental.Bits.Fast.Circuit open Sum diff --git a/SSA/Experimental/Bits/Fast/Lemmas.lean b/SSA/Experimental/Bits/Fast/Lemmas.lean new file mode 100644 index 000000000..12bb39e93 --- /dev/null +++ b/SSA/Experimental/Bits/Fast/Lemmas.lean @@ -0,0 +1,38 @@ +/- +Released under Apache 2.0 license as described in the file LICENSE. +-/ +import Mathlib.Data.Fintype.Card +import Mathlib.Data.Fintype.Sum +import Mathlib.Data.Fintype.Sigma +import Mathlib.Data.Fintype.BigOperators +import Mathlib.Tactic.Zify +import Mathlib.Tactic.Ring +import SSA.Experimental.Bits.Fast.Defs +import SSA.Experimental.Bits.Fast.BitStream + +open Term + +lemma evalFin_eq_eval (t : Term) (vars : Nat → BitStream) : + Term.evalFin t (fun i => vars i) = Term.eval t vars := by + induction t <;> + dsimp [Term.evalFin, Term.eval, arity] at * <;> simp [*] + +lemma eq_iff_xor_eq_zero (seq₁ seq₂ : BitStream) : + (∀ i, seq₁ i = seq₂ i) ↔ (∀ i, (seq₁ ^^^ seq₂) i = BitStream.zero i) := by + simp [Function.funext_iff] + +lemma eval_eq_iff_xor_eq_zero (t₁ t₂ : Term) : + t₁.eval = t₂.eval ↔ (t₁.xor t₂).evalFin = fun _ => BitStream.zero := by + simp only [Function.funext_iff, Term.eval, Term.evalFin, + ← eq_iff_xor_eq_zero, ← evalFin_eq_eval] + constructor + · intro h seq + ext j + simp only [arity.eq_7, BitStream.xor_eq, BitStream.zero_eq, bne_eq_false_iff_eq] + apply congr_fun + simpa using h (fun j => if hj : j < (arity (t₁.xor t₂)) then seq ⟨j, hj⟩ else fun _ => false) + · intro h seq + ext j + have := h (seq ·) + apply_fun (· j) at this + simpa diff --git a/SSA/Experimental/Bits/Fast/Tactic.lean b/SSA/Experimental/Bits/Fast/Tactic.lean index c681916f1..af85a5c80 100644 --- a/SSA/Experimental/Bits/Fast/Tactic.lean +++ b/SSA/Experimental/Bits/Fast/Tactic.lean @@ -1,7 +1,7 @@ import Lean.Meta.Tactic.Simp.BuiltinSimprocs import SSA.Experimental.Bits.Fast.BitStream import SSA.Experimental.Bits.Fast.Decide -import SSA.Experimental.Bits.Lemmas +import SSA.Experimental.Bits.Fast.Lemmas import Qq.Macro open Lean Elab Tactic