(************************************************************************)
(*         *   The Coq Proof Assistant / The Coq Development Team       *)
(*  v      *   INRIA, CNRS and contributors - Copyright 1999-2018       *)
(* <O___,, *       (see CREDITS file for the list of authors)           *)
(*   \VV/  **************************************************************)
(*    //   *    This file is distributed under the terms of the         *)
(*         *     GNU Lesser General Public License Version 2.1          *)
(*         *     (see LICENSE file for the text of the license)         *)
(************************************************************************)

Require Import
 Bool ZAxioms ZMulOrder ZPow ZDivFloor ZSgnAbs ZParity NZLog.

Module Type ZBitsProp
 (Import A : ZAxiomsSig')
 (Import B : ZMulOrderProp A)
 (Import C : ZParityProp A B)
 (Import D : ZSgnAbsProp A B)
 (Import E : ZPowProp A B C D)
 (Import F : ZDivProp A B D)
 (Import G : NZLog2Prop A A A B E).

Include BoolEqualityFacts A.

Ltac order_nz := try apply pow_nonzero; order'.
Ltac order_pos' := try apply abs_nonneg; order_pos.
Hint Rewrite div_0_l mod_0_l div_1_r mod_1_r : nz.

Lemma pow_sub_r : forall a b c, a~=0 -> 0<=c<=b -> a^(b-c) == a^b / a^c.
forall a b c : t,
a ~= 0 -> 0 <= c <= b -> a ^ (b - c) == a ^ b / a ^ c
Proof.
forall a b c : t,
a ~= 0 -> 0 <= c <= b -> a ^ (b - c) == a ^ b / a ^ c
 intros a b c Ha (H,H').
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
a ^ (b - c) == a ^ b / a ^ c rewrite <- (sub_simpl_r b c) at 2.
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
a ^ (b - c) == a ^ (b - c + c) / a ^ c
 rewrite pow_add_r; trivial.
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
a ^ (b - c) == a ^ (b - c) * a ^ c / a ^ c
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
0 <= b - c
 rewrite div_mul.
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
a ^ (b - c) == a ^ (b - c)
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
a ^ c ~= 0
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
0 <= b - c reflexivity.
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
a ^ c ~= 0
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
0 <= b - c
 now apply pow_nonzero.
a, b, c:t
Ha:a ~= 0
H:0 <= c
H':c <= b
0 <= b - c
 now apply le_0_sub.
Qed.

Lemma pow_div_l : forall a b c, b~=0 -> 0<=c -> a mod b == 0 ->
 (a/b)^c == a^c / b^c.
forall a b c : t,
b ~= 0 ->
0 <= c -> a mod b == 0 -> (a / b) ^ c == a ^ c / b ^ c
Proof.
forall a b c : t,
b ~= 0 ->
0 <= c -> a mod b == 0 -> (a / b) ^ c == a ^ c / b ^ c
 intros a b c Hb Hc H.
a, b, c:t
Hb:b ~= 0
Hc:0 <= c
H:a mod b == 0
(a / b) ^ c == a ^ c / b ^ c rewrite (div_mod a b Hb) at 2.
a, b, c:t
Hb:b ~= 0
Hc:0 <= c
H:a mod b == 0
(a / b) ^ c == (b * (a / b) + a mod b) ^ c / b ^ c
 rewrite H, add_0_r, pow_mul_l, mul_comm, div_mul.
a, b, c:t
Hb:b ~= 0
Hc:0 <= c
H:a mod b == 0
(a / b) ^ c == (a / b) ^ c
a, b, c:t
Hb:b ~= 0
Hc:0 <= c
H:a mod b == 0
b ^ c ~= 0 reflexivity.
a, b, c:t
Hb:b ~= 0
Hc:0 <= c
H:a mod b == 0
b ^ c ~= 0
 now apply pow_nonzero.
Qed.

Definition b2z (b:bool) := if b then 1 else 0.
Coercion b2z : bool >-> t.

Instance b2z_wd : Proper (Logic.eq ==> eq) b2z := _.

Lemma exists_div2 a : exists a' (b:bool), a == 2*a' + b.
a:t
exists (a' : t) (b : bool), a == 2 * a' + b
Proof.
a:t
exists (a' : t) (b : bool), a == 2 * a' + b
 elim (Even_or_Odd a); [intros (a',H)| intros (a',H)].
a, a':t
H:a == 2 * a'
exists (a'0 : t) (b : bool), a == 2 * a'0 + b
a, a':t
H:a == 2 * a' + 1
exists (a'0 : t) (b : bool), a == 2 * a'0 + b
 exists a'.
a, a':t
H:a == 2 * a'
exists b : bool, a == 2 * a' + b
a, a':t
H:a == 2 * a' + 1
exists (a'0 : t) (b : bool), a == 2 * a'0 + b exists false.
a, a':t
H:a == 2 * a'
a == 2 * a' + false
a, a':t
H:a == 2 * a' + 1
exists (a'0 : t) (b : bool), a == 2 * a'0 + b now nzsimpl.
a, a':t
H:a == 2 * a' + 1
exists (a'0 : t) (b : bool), a == 2 * a'0 + b
 exists a'.
a, a':t
H:a == 2 * a' + 1
exists b : bool, a == 2 * a' + b exists true.
a, a':t
H:a == 2 * a' + 1
a == 2 * a' + true now simpl.
Qed.

Lemma testbit_0_r a (b:bool) : testbit (2*a+b) 0 = b.
a:t
b:bool
(2 * a + b).[0] = b
Proof.
a:t
b:bool
(2 * a + b).[0] = b
 destruct b; simpl; rewrite ?add_0_r.
a:t
(2 * a + 1).[0] = true
a:t
(2 * a).[0] = false
 apply testbit_odd_0.
a:t
(2 * a).[0] = false
 apply testbit_even_0.
Qed.

Lemma testbit_succ_r a (b:bool) n : 0<=n ->
 testbit (2*a+b) (succ n) = testbit a n.
a:t
b:bool
n:t
0 <= n -> (2 * a + b).[S n] = a.[n]
Proof.
a:t
b:bool
n:t
0 <= n -> (2 * a + b).[S n] = a.[n]
 destruct b; simpl; rewrite ?add_0_r.
a, n:t
0 <= n -> (2 * a + 1).[S n] = a.[n]
a, n:t
0 <= n -> (2 * a).[S n] = a.[n]
 now apply testbit_odd_succ.
a, n:t
0 <= n -> (2 * a).[S n] = a.[n]
 now apply testbit_even_succ.
Qed.

Lemma testbit_spec' a n : 0<=n -> a.[n] == (a / 2^n) mod 2.
a, n:t
0 <= n -> a.[n] == (a / 2 ^ n) mod 2
Proof.
a, n:t
0 <= n -> a.[n] == (a / 2 ^ n) mod 2
 intro Hn.
a, n:t
Hn:0 <= n
a.[n] == (a / 2 ^ n) mod 2 revert a.
n:t
Hn:0 <= n
forall a : t, a.[n] == (a / 2 ^ n) mod 2 apply le_ind with (4:=Hn).
n:t
Hn:0 <= n
Proper (eq ==> iff)
  (fun n0 : t =>
   forall a : t, a.[n0] == (a / 2 ^ n0) mod 2)
n:t
Hn:0 <= n
forall a : t, a.[0] == (a / 2 ^ 0) mod 2
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2 
   solve_proper.
n:t
Hn:0 <= n
forall a : t, a.[0] == (a / 2 ^ 0) mod 2
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2
 intros a.
n:t
Hn:0 <= n
a:t
a.[0] == (a / 2 ^ 0) mod 2
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2 nzsimpl.
n:t
Hn:0 <= n
a:t
a.[0] == a mod 2
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2
 destruct (exists_div2 a) as (a' & b & H).
n:t
Hn:0 <= n
a, a':t
b:bool
H:a == 2 * a' + b
a.[0] == a mod 2
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2 rewrite H at 1.
n:t
Hn:0 <= n
a, a':t
b:bool
H:a == 2 * a' + b
(2 * a' + b).[0] == a mod 2
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2
 rewrite testbit_0_r.
n:t
Hn:0 <= n
a, a':t
b:bool
H:a == 2 * a' + b
b == a mod 2
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2 apply mod_unique with a'; trivial.
n:t
Hn:0 <= n
a, a':t
b:bool
H:a == 2 * a' + b
0 <= b < 2 \/ 2 < b <= 0
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2
 left.
n:t
Hn:0 <= n
a, a':t
b:bool
H:a == 2 * a' + b
0 <= b < 2
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2 destruct b; split; simpl; order'.
n:t
Hn:0 <= n
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2
 clear n Hn.
forall m : t,
0 <= m ->
(forall a : t, a.[m] == (a / 2 ^ m) mod 2) ->
forall a : t, a.[S m] == (a / 2 ^ S m) mod 2 intros n Hn IH a.
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a:t
a.[S n] == (a / 2 ^ S n) mod 2
 destruct (exists_div2 a) as (a' & b & H).
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a, a':t
b:bool
H:a == 2 * a' + b
a.[S n] == (a / 2 ^ S n) mod 2 rewrite H at 1.
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a, a':t
b:bool
H:a == 2 * a' + b
(2 * a' + b).[S n] == (a / 2 ^ S n) mod 2
 rewrite testbit_succ_r, IH by trivial.
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a, a':t
b:bool
H:a == 2 * a' + b
(a' / 2 ^ n) mod 2 == (a / 2 ^ S n) mod 2 f_equiv.
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a, a':t
b:bool
H:a == 2 * a' + b
a' / 2 ^ n == a / 2 ^ S n
 rewrite pow_succ_r, <- div_div by order_pos.
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a, a':t
b:bool
H:a == 2 * a' + b
a' / 2 ^ n == a / 2 / 2 ^ n f_equiv.
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a, a':t
b:bool
H:a == 2 * a' + b
a' == a / 2
 apply div_unique with b; trivial.
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a, a':t
b:bool
H:a == 2 * a' + b
0 <= b < 2 \/ 2 < b <= 0
 left.
n:t
Hn:0 <= n
IH:forall a0 : t, a0.[n] == (a0 / 2 ^ n) mod 2
a, a':t
b:bool
H:a == 2 * a' + b
0 <= b < 2 destruct b; split; simpl; order'.
Qed.

Lemma testbit_spec a n : 0<=n ->
  exists l h, 0<=l<2^n /\ a == l + (a.[n] + 2*h)*2^n.
a, n:t
0 <= n ->
exists l h : t,
  0 <= l < 2 ^ n /\ a == l + (a.[n] + 2 * h) * 2 ^ n
Proof.
a, n:t
0 <= n ->
exists l h : t,
  0 <= l < 2 ^ n /\ a == l + (a.[n] + 2 * h) * 2 ^ n
 intro Hn.
a, n:t
Hn:0 <= n
exists l h : t,
  0 <= l < 2 ^ n /\ a == l + (a.[n] + 2 * h) * 2 ^ n exists (a mod 2^n).
a, n:t
Hn:0 <= n
exists h : t,
  0 <= a mod 2 ^ n < 2 ^ n /\
  a == a mod 2 ^ n + (a.[n] + 2 * h) * 2 ^ n exists (a / 2^n / 2).
a, n:t
Hn:0 <= n
0 <= a mod 2 ^ n < 2 ^ n /\
a ==
a mod 2 ^ n + (a.[n] + 2 * (a / 2 ^ n / 2)) * 2 ^ n split.
a, n:t
Hn:0 <= n
0 <= a mod 2 ^ n < 2 ^ n
a, n:t
Hn:0 <= n
a ==
a mod 2 ^ n + (a.[n] + 2 * (a / 2 ^ n / 2)) * 2 ^ n
 apply mod_pos_bound; order_pos.
a, n:t
Hn:0 <= n
a ==
a mod 2 ^ n + (a.[n] + 2 * (a / 2 ^ n / 2)) * 2 ^ n
 rewrite add_comm, mul_comm, (add_comm a.[n]).
a, n:t
Hn:0 <= n
a ==
2 ^ n * (2 * (a / 2 ^ n / 2) + a.[n]) + a mod 2 ^ n
 rewrite (div_mod a (2^n)) at 1 by order_nz.
a, n:t
Hn:0 <= n
2 ^ n * (a / 2 ^ n) + a mod 2 ^ n ==
2 ^ n * (2 * (a / 2 ^ n / 2) + a.[n]) + a mod 2 ^ n do 2 f_equiv.
a, n:t
Hn:0 <= n
a / 2 ^ n == 2 * (a / 2 ^ n / 2) + a.[n]
 rewrite testbit_spec' by trivial.
a, n:t
Hn:0 <= n
a / 2 ^ n == 2 * (a / 2 ^ n / 2) + (a / 2 ^ n) mod 2 apply div_mod.
a, n:t
Hn:0 <= n
2 ~= 0 order'.
Qed.

Lemma testbit_true : forall a n, 0<=n ->
 (a.[n] = true <-> (a / 2^n) mod 2 == 1).
forall a n : t,
0 <= n -> a.[n] = true <-> (a / 2 ^ n) mod 2 == 1
Proof.
forall a n : t,
0 <= n -> a.[n] = true <-> (a / 2 ^ n) mod 2 == 1
 intros a n Hn.
a, n:t
Hn:0 <= n
a.[n] = true <-> (a / 2 ^ n) mod 2 == 1
 rewrite <- testbit_spec' by trivial.
a, n:t
Hn:0 <= n
a.[n] = true <-> a.[n] == 1
 destruct a.[n]; split; simpl; now try order'.
Qed.

Lemma testbit_false : forall a n, 0<=n ->
 (a.[n] = false <-> (a / 2^n) mod 2 == 0).
forall a n : t,
0 <= n -> a.[n] = false <-> (a / 2 ^ n) mod 2 == 0
Proof.
forall a n : t,
0 <= n -> a.[n] = false <-> (a / 2 ^ n) mod 2 == 0
 intros a n Hn.
a, n:t
Hn:0 <= n
a.[n] = false <-> (a / 2 ^ n) mod 2 == 0
 rewrite <- testbit_spec' by trivial.
a, n:t
Hn:0 <= n
a.[n] = false <-> a.[n] == 0
 destruct a.[n]; split; simpl; now try order'.
Qed.

Lemma testbit_eqb : forall a n, 0<=n ->
 a.[n] = eqb ((a / 2^n) mod 2) 1.
forall a n : t,
0 <= n -> a.[n] = ((a / 2 ^ n) mod 2 =? 1)
Proof.
forall a n : t,
0 <= n -> a.[n] = ((a / 2 ^ n) mod 2 =? 1)
 intros a n Hn.
a, n:t
Hn:0 <= n
a.[n] = ((a / 2 ^ n) mod 2 =? 1)
 apply eq_true_iff_eq.
a, n:t
Hn:0 <= n
a.[n] = true <-> ((a / 2 ^ n) mod 2 =? 1) = true now rewrite testbit_true, eqb_eq.
Qed.

Lemma b2z_inj : forall (a0 b0:bool), a0 == b0 -> a0 = b0.
forall a0 b0 : bool, a0 == b0 -> a0 = b0
Proof.
forall a0 b0 : bool, a0 == b0 -> a0 = b0
 intros [|] [|]; simpl; trivial; order'.
Qed.

Lemma add_b2z_double_div2 : forall (a0:bool) a, (a0+2*a)/2 == a.
forall (a0 : bool) (a : t), (a0 + 2 * a) / 2 == a
Proof.
forall (a0 : bool) (a : t), (a0 + 2 * a) / 2 == a
 intros a0 a.
a0:bool
a:t
(a0 + 2 * a) / 2 == a rewrite mul_comm, div_add by order'.
a0:bool
a:t
a0 / 2 + a == a
 now rewrite div_small, add_0_l by (destruct a0; split; simpl; order').
Qed.

Lemma add_b2z_double_bit0 : forall (a0:bool) a, (a0+2*a).[0] = a0.
forall (a0 : bool) (a : t), (a0 + 2 * a).[0] = a0
Proof.
forall (a0 : bool) (a : t), (a0 + 2 * a).[0] = a0
 intros a0 a.
a0:bool
a:t
(a0 + 2 * a).[0] = a0 apply b2z_inj.
a0:bool
a:t
(a0 + 2 * a).[0] == a0
 rewrite testbit_spec' by order.
a0:bool
a:t
((a0 + 2 * a) / 2 ^ 0) mod 2 == a0
 nzsimpl.
a0:bool
a:t
(a0 + 2 * a) mod 2 == a0 rewrite mul_comm, mod_add by order'.
a0:bool
a:t
a0 mod 2 == a0
 now rewrite mod_small by (destruct a0; split; simpl; order').
Qed.

Lemma b2z_div2 : forall (a0:bool), a0/2 == 0.
forall a0 : bool, a0 / 2 == 0
Proof.
forall a0 : bool, a0 / 2 == 0
 intros a0.
a0:bool
a0 / 2 == 0 rewrite <- (add_b2z_double_div2 a0 0).
a0:bool
a0 / 2 == (a0 + 2 * 0) / 2 now nzsimpl.
Qed.

Lemma b2z_bit0 : forall (a0:bool), a0.[0] = a0.
forall a0 : bool, a0.[0] = a0
Proof.
forall a0 : bool, a0.[0] = a0
 intros a0.
a0:bool
a0.[0] = a0 rewrite <- (add_b2z_double_bit0 a0 0) at 2.
a0:bool
a0.[0] = (a0 + 2 * 0).[0] now nzsimpl.
Qed.

Lemma testbit_unique : forall a n (a0:bool) l h,
 0<=l<2^n -> a == l + (a0 + 2*h)*2^n -> a.[n] = a0.
forall (a n : t) (a0 : bool) (l h : t),
0 <= l < 2 ^ n ->
a == l + (a0 + 2 * h) * 2 ^ n -> a.[n] = a0
Proof.
forall (a n : t) (a0 : bool) (l h : t),
0 <= l < 2 ^ n ->
a == l + (a0 + 2 * h) * 2 ^ n -> a.[n] = a0
 intros a n a0 l h Hl EQ.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
a.[n] = a0
 assert (0<=n).
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
0 <= n
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a.[n] = a0
  destruct (le_gt_cases 0 n) as [Hn|Hn]; trivial.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
Hn:n < 0
0 <= n
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a.[n] = a0
  rewrite pow_neg_r in Hl by trivial.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 0
EQ:a == l + (a0 + 2 * h) * 2 ^ n
Hn:n < 0
0 <= n
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a.[n] = a0 destruct Hl; order.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a.[n] = a0
 apply b2z_inj.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a.[n] == a0 rewrite testbit_spec' by trivial.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
(a / 2 ^ n) mod 2 == a0
 symmetry.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a0 == (a / 2 ^ n) mod 2 apply mod_unique with h.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
0 <= a0 < 2 \/ 2 < a0 <= 0
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a / 2 ^ n == 2 * h + a0
 left; destruct a0; simpl; split; order'.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a / 2 ^ n == 2 * h + a0
 symmetry.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
2 * h + a0 == a / 2 ^ n apply div_unique with l.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
0 <= l < 2 ^ n \/ 2 ^ n < l <= 0
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a == 2 ^ n * (2 * h + a0) + l
 now left.
a, n:t
a0:bool
l, h:t
Hl:0 <= l < 2 ^ n
EQ:a == l + (a0 + 2 * h) * 2 ^ n
H:0 <= n
a == 2 ^ n * (2 * h + a0) + l
 now rewrite add_comm, (add_comm _ a0), mul_comm.
Qed.

Lemma bits_0 : forall n, 0.[n] = false.
forall n : t, 0.[n] = false
Proof.
forall n : t, 0.[n] = false
 intros n.
n:t
0.[n] = false
 destruct (le_gt_cases 0 n).
n:t
H:0 <= n
0.[n] = false
n:t
H:n < 0
0.[n] = false
 apply testbit_false; trivial.
n:t
H:0 <= n
(0 / 2 ^ n) mod 2 == 0
n:t
H:n < 0
0.[n] = false nzsimpl; order_nz.
n:t
H:n < 0
0.[n] = false
 now apply testbit_neg_r.
Qed.

Lemma bits_opp : forall a n, 0<=n -> (-a).[n] = negb (P a).[n].
forall a n : t, 0 <= n -> (- a).[n] = negb (P a).[n]
Proof.
forall a n : t, 0 <= n -> (- a).[n] = negb (P a).[n]
 intros a n Hn.
a, n:t
Hn:0 <= n
(- a).[n] = negb (P a).[n]
 destruct (testbit_spec (-a) n Hn) as (l & h & Hl & EQ).
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] = negb (P a).[n]
 fold (b2z (-a).[n]) in EQ.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] = negb (P a).[n]
 apply negb_sym.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(P a).[n] = negb (- a).[n]
 apply testbit_unique with (2^n-l-1) (-h-1).
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
0 <= 2 ^ n - l - 1 < 2 ^ n
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n
 split.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
0 <= 2 ^ n - l - 1
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
2 ^ n - l - 1 < 2 ^ n
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n
 apply lt_succ_r.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
0 < S (2 ^ n - l - 1)
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
2 ^ n - l - 1 < 2 ^ n
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n rewrite sub_1_r, succ_pred.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
0 < 2 ^ n - l
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
2 ^ n - l - 1 < 2 ^ n
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n now apply lt_0_sub.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
2 ^ n - l - 1 < 2 ^ n
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n
 apply le_succ_l.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
S (2 ^ n - l - 1) <= 2 ^ n
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n rewrite sub_1_r, succ_pred.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
2 ^ n - l <= 2 ^ n
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n apply le_sub_le_add_r.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
2 ^ n <= 2 ^ n + l
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n
 rewrite <- (add_0_r (2^n)) at 1.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
2 ^ n + 0 <= 2 ^ n + l
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n now apply add_le_mono_l.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
2 ^ n - l - 1 +
(negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n
 rewrite <- add_sub_swap, sub_1_r.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
P a ==
P
  (2 ^ n - l +
   (negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n) f_equiv.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
a ==
2 ^ n - l + (negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n
 apply opp_inj.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
- a ==
-
(2 ^ n - l + (negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n) rewrite opp_add_distr, opp_sub_distr.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
- a ==
- 2 ^ n + l +
- ((negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n)
 rewrite (add_comm _ l), <- add_assoc.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
- a ==
l +
(- 2 ^ n +
 - ((negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n))
 rewrite EQ at 1.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
l + ((- a).[n] + 2 * h) * 2 ^ n ==
l +
(- 2 ^ n +
 - ((negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n)) apply add_cancel_l.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
((- a).[n] + 2 * h) * 2 ^ n ==
- 2 ^ n + - ((negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n)
 rewrite <- opp_add_distr.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
((- a).[n] + 2 * h) * 2 ^ n ==
- (2 ^ n + (negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n)
 rewrite <- (mul_1_l (2^n)) at 2.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
((- a).[n] + 2 * h) * 2 ^ n ==
-
(1 * 2 ^ n + (negb (- a).[n] + 2 * (- h - 1)) * 2 ^ n) rewrite <- mul_add_distr_r.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
((- a).[n] + 2 * h) * 2 ^ n ==
- ((1 + (negb (- a).[n] + 2 * (- h - 1))) * 2 ^ n)
 rewrite <- mul_opp_l.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
((- a).[n] + 2 * h) * 2 ^ n ==
- (1 + (negb (- a).[n] + 2 * (- h - 1))) * 2 ^ n
 f_equiv.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] + 2 * h ==
- (1 + (negb (- a).[n] + 2 * (- h - 1)))
 rewrite !opp_add_distr.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] + 2 * h ==
-1 + (- negb (- a).[n] + - (2 * (- h - 1)))
 rewrite <- mul_opp_r.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] + 2 * h ==
-1 + (- negb (- a).[n] + 2 * - (- h - 1))
 rewrite opp_sub_distr, opp_involutive.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] + 2 * h ==
-1 + (- negb (- a).[n] + 2 * (h + 1))
 rewrite (add_comm h).
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] + 2 * h ==
-1 + (- negb (- a).[n] + 2 * (1 + h))
 rewrite mul_add_distr_l.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] + 2 * h ==
-1 + (- negb (- a).[n] + (2 * 1 + 2 * h))
 rewrite !add_assoc.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] + 2 * h ==
-1 + - negb (- a).[n] + 2 * 1 + 2 * h
 apply add_cancel_r.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] == -1 + - negb (- a).[n] + 2 * 1
 rewrite mul_1_r.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] == -1 + - negb (- a).[n] + 2
 rewrite add_comm, add_assoc, !add_opp_r, sub_1_r, two_succ, pred_succ.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + ((- a).[n] + 2 * h) * 2 ^ n
(- a).[n] == 1 - negb (- a).[n]
 destruct (-a).[n]; simpl.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + (true + 2 * h) * 2 ^ n
1 == 1 - 0
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + (false + 2 * h) * 2 ^ n
0 == 1 - 1 now rewrite sub_0_r.
a, n:t
Hn:0 <= n
l, h:t
Hl:0 <= l < 2 ^ n
EQ:- a == l + (false + 2 * h) * 2 ^ n
0 == 1 - 1 now nzsimpl'.
Qed.