Commit ca07259c by Marc Schoolderman

### ported the proofs to why3 version 0.88.3;

`removed any dependency on alt-ergo < 2.0.0`
parent 02ec34b5
 ... ... @@ -9,8 +9,8 @@ lemma asr_0: eq (asr zeros 1) zeros lemma asr_1: eq (asr (of_int 1) 1) zeros lemma asr_f: eq (asr ones 1) ones lemma xor_0: forall w. 0 <= w < 256 -> to_uint (bw_xor (of_int w) zeros) = w lemma xor_1: forall w. 0 <= w < 256 -> to_uint (bw_xor (of_int w) ones) = 255 - w lemma xor_0: forall w. 0 <= w < 256 -> t'int (bw_xor (of_int w) zeros) = w lemma xor_1: forall w. 0 <= w < 256 -> t'int (bw_xor (of_int w) ones) = 255 - w lemma pow2_72: pow2 72 = 0x1000000000000000000 lemma pow2_80: pow2 80 = 0x100000000000000000000 ... ...
This diff is collapsed.
No preview for this file type
 ... ... @@ -9,8 +9,8 @@ lemma asr_0: eq (asr zeros 1) zeros lemma asr_1: eq (asr (of_int 1) 1) zeros lemma asr_f: eq (asr ones 1) ones lemma xor_0: forall w. 0 <= w < 256 -> to_uint (bw_xor (of_int w) zeros) = w lemma xor_1: forall w. 0 <= w < 256 -> to_uint (bw_xor (of_int w) ones) = 255 - w lemma xor_0: forall w. 0 <= w < 256 -> t'int (bw_xor (of_int w) zeros) = w lemma xor_1: forall w. 0 <= w < 256 -> t'int (bw_xor (of_int w) ones) = 255 - w lemma or_0: forall w. bw_or zeros w = w ... ...
This diff is collapsed.
No preview for this file type
 ... ... @@ -9,8 +9,8 @@ lemma asr_0: eq (asr zeros 1) zeros lemma asr_1: eq (asr (of_int 1) 1) zeros lemma asr_f: eq (asr ones 1) ones lemma xor_0: forall w. 0 <= w < 256 -> to_uint (bw_xor (of_int w) zeros) = w lemma xor_1: forall w. 0 <= w < 256 -> to_uint (bw_xor (of_int w) ones) = 255 - w lemma xor_0: forall w. 0 <= w < 256 -> t'int (bw_xor (of_int w) zeros) = w lemma xor_1: forall w. 0 <= w < 256 -> t'int (bw_xor (of_int w) ones) = 255 - w lemma or_0: forall w. bw_or zeros w = w ... ... @@ -240,10 +240,6 @@ end; ldd r26 rY 8; ldd r27 rY 9; 'L11: (*TODO *) assert { at(uint 5 reg 7)'L00 + pow2 40*at(uint 5 reg 23)'L11 = at(uint 10 mem (uint 2 reg rY))'S }; assert { at(uint 5 reg 2*uint 5 reg 7)'L00 = at(uint 5 reg 2*uint 5 reg 7)'L11 }; assert { at(uint 5 reg 2 + pow2 40*uint 5 reg 12)'L11 = at(uint 10 mem (uint 2 reg rX))'S }; S.init(); abstract ensures { S.synchronized S.shadow reg } ... ... @@ -626,15 +622,23 @@ ensures { uint 5 reg 7 + pow2 40*uint 10 reg 17 + ?cf*pow2 120 = old(uint 5 reg S.modify_r22(); S.modify_r23(); S.modify_r24(); S.modify_r25(); S.modify_r26(); end; assert { 0 <= at(uint 5 reg 2 + pow2 40*uint 5 reg 12)'L11 <= pow2 80-1 }; assert { 0 <= at(uint 5 reg 7 + pow2 40*uint 5 reg 23)'L11 <= pow2 80-1 }; assert { 0 <= at(uint 5 reg 2 + pow2 40*uint 5 reg 12)'L11 * at(uint 5 reg 7 + pow2 40*uint 5 reg 23)'L11 <= (pow2 80-1)*(pow2 80-1) }; assert { "expl:hack" 0 <= uint 10 reg 17 by 0 <= uint 5 reg 17 /\ 0 <= uint 5 reg 22 }; assert { at(uint 5 reg 12)'L00' + pow2 40*uint 5 reg 7 + pow2 80*uint 10 reg 17 + ?cf*pow2 160 = at( (uint 5 reg 2 + pow2 40*uint 5 reg 12)*(uint 5 reg 7 + pow2 40*uint 5 reg 23) )'L11 + ?cf*pow2 160 }; assert { 0 <= at(uint 5 reg 2 + pow2 40*uint 5 reg 12)'L11 * at(uint 5 reg 7 + pow2 40*uint 5 reg 23)'L11 <= (pow2 80-1)*(pow2 80-1) by 0 <= at(uint 5 reg 2 + pow2 40*uint 5 reg 12)'L11 <= pow2 80-1 /\ 0 <= at(uint 5 reg 7 + pow2 40*uint 5 reg 23)'L11 <= pow2 80-1 }; assert { "expl:obvious" 0 <= uint 10 reg 17 }; assert { at (uint 5 reg 12)'L00' + pow2 40*uint 5 reg 7 + pow2 80*uint 10 reg 17 + ?cf*pow2 160 = (pow2 40+1)*(at(uint 5 reg 2*uint 5 reg 7 + pow2 40*uint 5 reg 12*uint 5 reg 23)'L11) - pow2 40 * at((uint 5 reg 2 - uint 5 reg 12)*(uint 5 reg 7 - uint 5 reg 23)) 'L11 + ?cf*pow2 160 by at(uint 5 reg 2*uint 5 reg 7)'L00 = at(uint 5 reg 2*uint 5 reg 7)'L11 /\ at(uint 5 reg 7)'L00 + pow2 40*at(uint 5 reg 23)'L11 = at(uint 10 mem (uint 2 reg rY))'S }; std rZ 5 r7; std rZ 6 r8; ... ...
This diff is collapsed.
No preview for this file type
 ... ... @@ -9,8 +9,8 @@ lemma asr_0: eq (asr zeros 1) zeros lemma asr_1: eq (asr (of_int 1) 1) zeros lemma asr_f: eq (asr ones 1) ones lemma xor_0: forall w. 0 <= w < 256 -> to_uint (bw_xor (of_int w) zeros) = w lemma xor_1: forall w. 0 <= w < 256 -> to_uint (bw_xor (of_int w) ones) = 255 - w lemma xor_0: forall w. 0 <= w < 256 -> t'int (bw_xor (of_int w) zeros) = w lemma xor_1: forall w. 0 <= w < 256 -> t'int (bw_xor (of_int w) ones) = 255 - w lemma or_0: forall w. bw_or zeros w = w ... ... @@ -828,6 +828,7 @@ end; S.init(); abstract ensures { S.synchronized S.shadow reg } (* this next one fails *) ensures { uint 2 reg 6 + pow2 16*uint 4 reg 26 + pow2 48*uint 2 reg 12 + pow2 64*uint 4 reg 8 = ?cf*(pow2 96 - 1) - (at(uint 6 reg 14)'L11 - at(uint 6 mem (uint 2 reg rX))'S)*(at(uint 6 reg 8)'L11 - at(uint 6 mem (uint 2 reg rY))'S) } ensures { let cor = reg[31] + (pow2 8+pow2 16+pow2 24+pow2 32+pow2 40)*reg[30] in cor = old ?cf - ?cf \/ cor = pow2 48 + old ?cf - ?cf } 'B: ... ... @@ -869,6 +870,7 @@ assert { at reg[30] 'QQ = 0xFF -> reg[30] = 0xFE + ?tf }; assert { at reg[30] 'QQ = 0x00 -> reg[30] = ?tf }; asr r30; assume { ?cf = 1 - at ?tf 'B }; S.modify_r6(); S.modify_r7(); S.modify_r26(); S.modify_r27(); S.modify_r28(); S.modify_r29(); S.modify_r12(); S.modify_r13(); ... ... @@ -906,7 +908,7 @@ assert { 0 <= at( (at(uint 6 mem (uint 2 reg rY))'S + pow2 48*uint 6 reg 8) )'L1 assert { 0 <= at( (at(uint 6 mem (uint 2 reg rX))'S + pow2 48*uint 6 reg 14) )'L11 <= (pow2 96-1) }; assert { 0 <= at( (at(uint 6 mem (uint 2 reg rX))'S + pow2 48*uint 6 reg 14)*(at(uint 6 mem (uint 2 reg rY))'S + pow2 48*uint 6 reg 8) )'L11 <= (pow2 96-1)*(pow2 96-1) }; assert { "expl:hack" 0 <= uint 12 reg 14 by 0 <= uint 6 reg 14 /\ 0 <= uint 6 reg 20 }; assert { "expl:obvious" 0 <= uint 12 reg 14 by 0 <= uint 6 reg 14 /\ 0 <= uint 6 reg 20 }; assert { uint 6 mem (uint 2 reg rZ) + pow2 48*uint 12 reg 14 + pow2 144*uint 6 reg 0 + ?cf*pow2 192 = at( (at(uint 6 mem (uint 2 reg rX))'S + pow2 48*uint 6 reg 14)*(at(uint 6 mem (uint 2 reg rY))'S + pow2 48*uint 6 reg 8) )'L11 + ?cf*pow2 192 ... ...
This diff is collapsed.
No preview for this file type