Standard Library

Theorem files

Proof files

Theme:

union Nat { zero suc(Nat) } union UInt add_assoc: (all m:Nat, n:Nat, o:Nat. (m + n) + o = m + (n + o)) add_both_monus: (all z:Nat, y:Nat, x:Nat. (z + y) ∸ (z + x) = y ∸ x) add_both_sides_of_equal: (all x:Nat. (all y:Nat, z:Nat. ((x + y = x + z) ⇔ (y = z)))) add_both_sides_of_less: (all x:Nat, y:Nat, z:Nat. ((x + y < x + z) ⇔ (y < z))) add_both_sides_of_less_equal: (all x:Nat. (all y:Nat, z:Nat. ((x + y ≤ x + z) ⇔ (y ≤ z)))) add_commute: (all n:Nat. (all m:Nat. n + m = m + n)) fun add_div(a:Nat, b:Nat, y:Nat) { (a + b) / y } add_mono_less: (all a:Nat, b:Nat, c:Nat, d:Nat. (if (a < c and b < d) then a + b < c + d)) add_mono_less_equal: (all a:Nat, b:Nat, c:Nat, d:Nat. (if (a ≤ c and b ≤ d) then a + b ≤ c + d)) add_monus_identity: (all m:Nat. (all n:Nat. (m + n) ∸ m = n)) auto add_zero and_sym: (all P:bool, Q:bool. (P and Q) = (Q and P)) assoc_add: (all m:Nat, n:Nat, o:Nat. m + (n + o) = (m + n) + o) contrapositive: (all P:bool, Q:bool. (if ((if P then Q) and not Q) then not P)) dichotomy: (all x:Nat, y:Nat. (x ≤ y or y < x)) recursive dist(Nat,Nat) -> Nat{ dist(zero, n) = n dist(suc(m), n) = switch n { case zero { suc(m) } case suc(n') { dist(m, n') } } } dist_mult_add: (all a:Nat, x:Nat, y:Nat. a * (x + y) = a * x + a * y) dist_mult_add_right: (all x:Nat, y:Nat, a:Nat. (x + y) * a = x * a + y * a) dist_mult_monus: (all x:Nat. (all y:Nat, z:Nat. x * (y ∸ z) = x * y ∸ x * z)) dist_mult_monus_one: (all x:Nat, y:Nat. x * (y ∸ suc(zero)) = x * y ∸ x) fun div2(b:UInt) recfun div_alt(a:Nat, b:Nat, y:Nat) -> Pair<Nat,Nat> measure (a + b) + b { if b = zero then pair(zero, a) else if (a = y and zero < a) then define f = div_alt(zero, b, y); pair(suc(first(f)), second(f)) else div_alt(suc(a), b ∸ suc(zero), y) } fun divides(a:Nat, b:Nat) { some k:Nat. a * k = b } double_neg: (all P:bool. not not P = P) eq_false: (all P:bool. (not P ⇔ (P = false))) eq_true: (all P:bool. (P ⇔ (P = true))) recursive equal(Nat,Nat) -> bool{ equal(zero, n) = switch n { case zero { true } case suc(n') { false } } equal(suc(m'), n) = switch n { case zero { false } case suc(n') { equal(m', n') } } } equal_complete_sound: (all m:Nat. (all n:Nat. ((m = n) ⇔ equal(m, n)))) equal_implies_less_equal: (all x:Nat, y:Nat. (if x = y then x ≤ y)) equal_refl: (all n:Nat. equal(n, n)) ex_mid: (all b:bool. (b or not b)) recursive expt(Nat,Nat) -> Nat{ expt(zero, n) = suc(zero) expt(suc(p), n) = n * expt(p, n) } fun fromNat(Nat) -> UInt fromNat_add: (all x:Nat, y:Nat. fromNat(x + y) = fromNat(x) + fromNat(y)) fromNat_injective: (all x:Nat, y:Nat. (if fromNat(x) = fromNat(y) then x = y)) fromNat_mult: (all x:Nat, y:Nat. fromNat(x * y) = fromNat(x) * fromNat(y)) recfun gcd(a:Nat, b:Nat) -> Nat measure b { if b = zero then a else gcd(b, a % b) } gcd_divides: (all b:Nat, a:Nat. (divides(gcd(a, b), a) and divides(gcd(a, b), b))) greater_implies_not_equal: (all x:Nat, y:Nat. (if x > y then not (x = y))) iff_equal: (all P:bool, Q:bool. (if (P ⇔ Q) then P = Q)) iff_symm: (all P:bool, Q:bool. (if (P ⇔ Q) then (Q ⇔ P))) iff_trans: (all P:bool, Q:bool, R:bool. (if ((P ⇔ Q) and (Q ⇔ R)) then (P ⇔ R))) recursive iterate<T>(Nat,T,(fn T -> T)) -> T{ iterate(zero, init, f) = init iterate(suc(n), init, f) = f(@iterate<T>(n, init, f)) } le_exists_monus: (all n:Nat, m:Nat. (if n ≤ m then some x:Nat. m = n + x)) le_less_trans: (all m:Nat, n:Nat, o:Nat. (if (m ≤ n and n < o) then m < o)) auto le_lit_suc le_lit_suc: (all x:Nat, y:Nat. (lit(suc(x)) ≤ lit(suc(y))) = (lit(x) ≤ lit(y))) left_cancel: (all x:Nat. (all y:Nat, z:Nat. (if x + y = x + z then y = z))) less_equal_add: (all x:Nat. (all y:Nat. x ≤ x + y)) less_equal_add_left: (all x:Nat, y:Nat. y ≤ x + y) less_equal_add_monus: (all m:Nat. (all n:Nat, o:Nat. (if (n ≤ m and m ≤ n + o) then m ∸ n ≤ o))) less_equal_antisymmetric: (all x:Nat. (all y:Nat. (if (x ≤ y and y ≤ x) then x = y))) less_equal_fromNat: (all x:Nat, y:Nat. (if x ≤ y then fromNat(x) ≤ fromNat(y))) less_equal_implies_less_or_equal: (all x:Nat. (all y:Nat. (if x ≤ y then (x < y or x = y)))) less_equal_not_equal_implies_less: (all x:Nat, y:Nat. (if (x ≤ y and not (x = y)) then x < y)) less_equal_pow_log: (all n:Nat. n ≤ pow2(log(n))) less_equal_refl: (all n:Nat. n ≤ n) less_equal_toNat: (all x:UInt, y:UInt. (if toNat(x) ≤ toNat(y) then x ≤ y)) less_equal_trans: (all m:Nat. (all n:Nat, o:Nat. (if (m ≤ n and n ≤ o) then m ≤ o))) less_fromNat: (all x:Nat, y:Nat. (if x < y then fromNat(x) < fromNat(y))) less_implies_less_equal: (all x:Nat. (all y:Nat. (if x < y then x ≤ y))) less_implies_not_equal: (all x:Nat, y:Nat. (if x < y then not (x = y))) less_implies_not_greater: (all x:Nat. (all y:Nat. (if x < y then not (y < x)))) less_irreflexive: (all x:Nat. not (x < x)) less_le_trans: (all m:Nat, n:Nat, o:Nat. (if (m < n and n ≤ o) then m < o)) auto less_lit_suc less_lit_suc: (all x:Nat, y:Nat. (lit(suc(x)) < lit(suc(y))) = (lit(x) < lit(y))) auto less_lit_zero_suc less_lit_zero_suc: (all y:Nat. (ℕ0 < lit(suc(y))) = true) less_toNat: (all x:UInt, y:UInt. (if toNat(x) < toNat(y) then x < y)) less_trans: (all m:Nat, n:Nat, o:Nat. (if (m < n and n < o) then m < o)) auto less_zero_false less_zero_false: (all x:Nat. (x < zero) = false) fun lit(a:Nat) { a } auto lit_add_div lit_add_div: (all b:Nat, y:Nat. add_div(suc(y), b, suc(y)) = ℕ1 + add_div(zero, b, suc(y))) auto lit_add_div_suc lit_add_div_suc: (all a:Nat, b:Nat, y:Nat. add_div(a, suc(b), y) = add_div(suc(a), b, y)) auto lit_add_div_zero lit_add_div_zero: (all a:Nat, y:Nat. add_div(a, zero, y) = ℕ0) auto lit_add_fromNat lit_add_fromNat: (all x:Nat, y:Nat. fromNat(lit(x)) + fromNat(lit(y)) = fromNat(lit(x) + lit(y))) auto lit_add_suc lit_add_suc: (all n:Nat, m:Nat. lit(n) + suc(m) = lit(suc(n)) + m) auto lit_dist_mult_add lit_dist_mult_add: (all a:Nat, x:Nat, y:Nat. lit(a) * (x + y) = lit(a) * x + lit(a) * y) auto lit_dist_mult_add_right lit_dist_mult_add_right: (all x:Nat, y:Nat, a:Nat. (x + y) * lit(a) = x * lit(a) + y * lit(a)) auto lit_div lit_div: (all x:Nat, y:Nat. lit(x) / lit(y) = add_div(zero, x, y)) auto lit_div_cancel lit_div_cancel: (all y:Nat. lit(suc(y)) / lit(suc(y)) = ℕ1) auto lit_expt_suc lit_expt_suc: (all n:Nat, m:Nat. n ^ lit(suc(m)) = n * n ^ lit(m)) lit_expt_two: (all n:Nat. n ^ ℕ2 = n * n) auto lit_expt_zero lit_expt_zero: (all n:Nat. n ^ ℕ0 = ℕ1) auto lit_idem lit_idem: (all x:Nat. lit(lit(x)) = lit(x)) auto lit_less_zero_false lit_less_zero_false: (all x:Nat. (x < ℕ0) = false) auto lit_monus_fromNat lit_monus_fromNat: (all x:Nat, y:Nat. fromNat(lit(x)) ∸ fromNat(lit(y)) = fromNat(lit(x) ∸ lit(y))) auto lit_mult_fromNat lit_mult_fromNat: (all x:Nat, y:Nat. fromNat(lit(x)) * fromNat(lit(y)) = fromNat(lit(x) * lit(y))) lit_mult_left_cancel: (all m:Nat, a:Nat, b:Nat. (if lit(suc(m)) * a = lit(suc(m)) * b then a = b)) auto lit_mult_lit_suc lit_mult_lit_suc: (all m:Nat, n:Nat. lit(m) * lit(suc(n)) = lit(m) + lit(m) * lit(n)) auto lit_mult_suc lit_mult_suc: (all m:Nat, n:Nat. lit(m) * suc(n) = lit(m) + lit(m) * n) auto lit_one_expt lit_one_expt: (all n:Nat. ℕ1 ^ n = ℕ1) auto lit_suc_add lit_suc_add: (all x:Nat, y:Nat. lit(suc(x)) + lit(y) = lit(suc(lit(x) + lit(y)))) lit_suc_add2: (all x:Nat, y:Nat. suc(lit(x) + y) = lit(suc(x)) + y) auto lit_suc_less_equal_zero_false lit_suc_less_equal_zero_false: (all x:Nat. (lit(suc(x)) ≤ ℕ0) = false) auto lit_suc_monus_suc lit_suc_monus_suc: (all n:Nat, m:Nat. lit(suc(n)) ∸ lit(suc(m)) = lit(n) ∸ lit(m)) auto lit_suc_mult lit_suc_mult: (all m:Nat, n:Nat. lit(suc(m)) * lit(n) = lit(n) + lit(m) * lit(n)) lit_two_mult: (all n:Nat. ℕ2 * n = n + n) auto lit_zero_div lit_zero_div: (all x:Nat. ℕ0 / lit(suc(x)) = ℕ0) auto lit_zero_less_equal_true lit_zero_less_equal_true: (all x:Nat. (ℕ0 ≤ x) = true) fun log(n) { find_log(n, zero, zero) } fun log(b:UInt) { cnt_dubs(pred(b)) } fun log2(n) { find_log2(n, n, zero) } recursive max(Nat,Nat) -> Nat{ max(zero, n) = n max(suc(m'), n) = switch n { case zero { suc(m') } case suc(n') { suc(max(m', n')) } } } fun max(x:UInt, y:UInt) { if x < y then y else x } max_assoc: (all x:Nat, y:Nat, z:Nat. max(max(x, y), z) = max(x, max(y, z))) max_equal_greater_left: (all x:Nat, y:Nat. (if y ≤ x then max(x, y) = x)) max_equal_greater_right: (all x:Nat, y:Nat. (if x ≤ y then max(x, y) = y)) max_greater_left: (all x:Nat, y:Nat. x ≤ max(x, y)) max_greater_right: (all y:Nat, x:Nat. y ≤ max(x, y)) max_is_left_or_right: (all x:Nat, y:Nat. (max(x, y) = x or max(x, y) = y)) max_less_equal: (all x:Nat, y:Nat, z:Nat. (if (x ≤ z and y ≤ z) then max(x, y) ≤ z)) max_symmetric: (all x:Nat, y:Nat. max(x, y) = max(y, x)) recursive min(Nat,Nat) -> Nat{ min(zero, n) = zero min(suc(m'), n) = switch n { case zero { zero } case suc(n') { suc(min(m', n')) } } } fun min(x:UInt, y:UInt) { if x < y then x else y } monus_add_assoc: (all n:Nat. (all l:Nat, m:Nat. (if m ≤ n then l + (n ∸ m) = (l + n) ∸ m))) monus_add_identity: (all n:Nat. (all m:Nat. (if m ≤ n then m + (n ∸ m) = n))) monus_monus_eq_monus_add: (all x:Nat. (all y:Nat. (all z:Nat. (x ∸ y) ∸ z = x ∸ (y + z)))) monus_order: (all x:Nat, y:Nat, z:Nat. (x ∸ y) ∸ z = (x ∸ z) ∸ y) monus_right_cancel: (all x:Nat, y:Nat, a:Nat. (if (x ∸ a = y ∸ a and a ≤ x and a ≤ y) then x = y)) mult_assoc: (all m:Nat. (all n:Nat, o:Nat. (m * n) * o = m * (n * o))) mult_cancel_left_less: (all x:Nat, y:Nat, z:Nat. (if x * y < x * z then y < z)) mult_cancel_right_less: (all x:Nat, y:Nat, z:Nat. (if y * x < z * x then y < z)) mult_commute: (all m:Nat. (all n:Nat. m * n = n * m)) mult_mono_le: (all n:Nat. (all x:Nat, y:Nat. (if x ≤ y then n * x ≤ n * y))) mult_mono_le2: (all n:Nat, x:Nat, m:Nat, y:Nat. (if (n ≤ m and x ≤ y) then n * x ≤ m * y)) mult_mono_le_r: (all n:Nat. (all x:Nat, y:Nat. (if x ≤ y then x * n ≤ y * n))) auto mult_one mult_two: (all n:Nat. n + n = ℕ2 * n) auto mult_zero n_le_nn: (all n:Nat. n ≤ n * n) nat_add_to_zero: (all n:Nat, m:Nat. (if n + m = ℕ0 then (n = ℕ0 and m = ℕ0))) auto nat_add_zero nat_add_zero: (all x:Nat. x + ℕ0 = x) nat_less_add_pos: (all x:Nat, y:Nat. (if ℕ0 < y then x < x + y)) nat_monus_cancel: (all n:Nat. n ∸ n = ℕ0) nat_monus_one_pred: (all x:Nat. x ∸ ℕ1 = pred(x)) auto nat_monus_zero nat_monus_zero: (all n:Nat. n ∸ ℕ0 = n) nat_monus_zero_iff_less_eq: (all x:Nat, y:Nat. ((x ≤ y) ⇔ (x ∸ y = ℕ0))) auto nat_mult_one nat_mult_one: (all n:Nat. n * ℕ1 = n) nat_not_one_add_zero: (all n:Nat. not (ℕ1 + n = ℕ0)) auto nat_one_mult nat_one_mult: (all n:Nat. ℕ1 * n = n) nat_positive_suc: (all n:Nat. (if ℕ0 < n then some n':Nat. n = ℕ1 + n')) nat_suc_one_add: (all n:Nat. suc(n) = ℕ1 + n) auto nat_zero_add nat_zero_add: (all y:Nat. ℕ0 + y = y) nat_zero_le_zero: (all x:Nat. (if x ≤ ℕ0 then x = ℕ0)) nat_zero_less_one_add: (all n:Nat. ℕ0 < ℕ1 + n) nat_zero_monus: (all m:Nat. ℕ0 ∸ lit(m) = ℕ0) auto nat_zero_mult nat_zero_mult: (all y:Nat. ℕ0 * lit(y) = ℕ0) nat_zero_or_positive: (all x:Nat. (x = ℕ0 or ℕ0 < x)) not_equal_not_eq: (all m:Nat, n:Nat. (if not equal(m, n) then not (m = n))) not_less_equal_iff_greater: (all x:Nat, y:Nat. (not (x ≤ y) ⇔ (y < x))) not_less_equal_less_equal: (all x:Nat, y:Nat. (if not (x ≤ y) then y ≤ x)) not_less_implies_less_equal: (all x:Nat. (all y:Nat. (if not (x < y) then y ≤ x))) not_suc_less_equal_zero: (all x:Nat. not (suc(x) ≤ zero)) auto one_mult fun operator %(n:Nat, m:Nat) { n ∸ (n / m) * m } recursive operator *(Nat,Nat) -> Nat{ operator *(zero, m) = zero operator *(suc(n), m) = m + n * m } fun operator *(UInt,UInt) -> UInt recursive operator +(Nat,Nat) -> Nat{ operator +(zero, m) = m operator +(suc(n), m) = suc(n + m) } fun operator +(UInt,UInt) -> UInt recfun operator /(n:Nat, m:Nat) -> Nat measure n { if n < m then zero else if m = zero then zero else suc(zero) + (n ∸ m) / m } fun operator <(x:Nat, y:Nat) { suc(x) ≤ y } fun operator <(UInt,UInt) -> bool fun operator >(x:Nat, y:Nat) { y < x } fun operator >(x:UInt, y:UInt) { y < x } fun operator ^(a:Nat, b:Nat) { expt(b, a) } fun operator ^(a:UInt, b:UInt) recursive operator ∸(Nat,Nat) -> Nat{ operator ∸(zero, m) = zero operator ∸(suc(n), m) = switch m { case zero { suc(n) } case suc(m') { n ∸ m' } } } fun operator ∸(UInt,UInt) -> UInt recursive operator ≤(Nat,Nat) -> bool{ operator ≤(zero, m) = true operator ≤(suc(n'), m) = switch m { case zero { false } case suc(m') { n' ≤ m' } } } fun operator ≤(x:UInt, y:UInt) { (x < y or x = y) } fun operator ≥(x:Nat, y:Nat) { y ≤ x } fun operator ≥(x:UInt, y:UInt) { y ≤ x } or_not: (all P:bool, Q:bool. (if ((P or Q) and not P) then Q)) or_sym: (all P:bool, Q:bool. (P or Q) = (Q or P)) pos_mult_both_sides_of_less: (all n:Nat, x:Nat, y:Nat. (if (ℕ0 < n and x < y) then n * x < n * y)) pos_mult_left_cancel: (all m:Nat, a:Nat, b:Nat. (if (ℕ0 < m and m * a = m * b) then a = b)) pos_mult_left_cancel_less_equal: (all n:Nat, x:Nat, y:Nat. (if (ℕ0 < n and n * x ≤ n * y) then x ≤ y)) pos_mult_right_cancel_less: (all c:Nat, a:Nat, b:Nat. (if (ℕ0 < c and a * c < b * c) then a < b)) recursive pow2(Nat) -> Nat{ pow2(zero) = suc(zero) pow2(suc(n')) = suc(suc(zero)) * pow2(n') } pow_add_r: (all n:Nat, m:Nat, o:Nat. m ^ (n + o) = m ^ n * m ^ o) pow_le_mono_l: (all c:Nat, a:Nat, b:Nat. (if a ≤ b then a ^ c ≤ b ^ c)) pow_log2_greater: (all n:Nat. n < ℕ2 * ℕ2 ^ log2(n)) pow_log2_less_equal: (all n:Nat. (if ℕ0 < n then ℕ2 ^ log2(n) ≤ n)) pow_mul_l: (all o:Nat, m:Nat, n:Nat. (m * n) ^ o = m ^ o * n ^ o) pow_mul_r: (all o:Nat, m:Nat, n:Nat. (m ^ n) ^ o = m ^ (n * o)) fun pred(n:Nat) { switch n { case zero { zero } case suc(n') { n' } } } fun sqr(a:UInt) { a * a } strong_induction: (all P:(fn Nat -> bool), n:Nat. (if (all j:Nat. (if (all i:Nat. (if i < j then P(i))) then P(j))) then P(n))) auto suc_lit suc_lit: (all n:Nat. suc(lit(n)) = lit(suc(n))) sum_n': (all n:Nat. ℕ2 * summation(suc(n), ℕ0, fun x { x }) = n * (n + ℕ1)) sum_n: (all n:Nat. ℕ2 * summation(n, ℕ0, fun x { x }) = n * (n ∸ ℕ1)) recursive summation(Nat,Nat,(fn Nat -> Nat)) -> Nat{ summation(zero, begin, f) = zero summation(suc(k), begin, f) = f(begin) + summation(k, suc(begin), f) } summation_add: (all a:Nat. (all b:Nat, s:Nat, t:Nat, f:(fn Nat -> Nat), g:(fn Nat -> Nat), h:(fn Nat -> Nat). (if ((all i:Nat. (if i < a then g(s + i) = f(s + i))) and (all i:Nat. (if i < b then h(t + i) = f((s + a) + i)))) then summation(a + b, s, f) = summation(a, s, g) + summation(b, t, h)))) summation_cong: (all k:Nat. (all f:(fn Nat -> Nat), g:(fn Nat -> Nat), s:Nat, t:Nat. (if (all i:Nat. (if i < k then f(s + i) = g(t + i))) then summation(k, s, f) = summation(k, t, g)))) summation_next: (all n:Nat, s:Nat, f:(fn Nat -> Nat). summation(ℕ1 + n, s, f) = summation(n, s, f) + f(s + n)) fun toNat(UInt) -> Nat toNat_add: (all x:UInt, y:UInt. toNat(x + y) = toNat(x) + toNat(y)) toNat_less: (all x:UInt, y:UInt. (if x < y then toNat(x) < toNat(y))) toNat_less_equal: (all x:UInt, y:UInt. (if x ≤ y then toNat(x) ≤ toNat(y))) toNat_monus: (all x:UInt, y:UInt. toNat(x ∸ y) = toNat(x) ∸ toNat(y)) toNat_mult: (all x:UInt, y:UInt. toNat(x * y) = toNat(x) * toNat(y)) trichotomy: (all x:Nat. (all y:Nat. (x < y or x = y or y < x))) trichotomy2: (all y:Nat, x:Nat. (if (not (x = y) and not (x < y)) then y < x)) uint_add_assoc: (all x:UInt, y:UInt, z:UInt. (x + y) + z = x + (y + z)) uint_add_both_monus: (all z:UInt, y:UInt, x:UInt. (z + y) ∸ (z + x) = y ∸ x) uint_add_both_sides_of_equal: (all x:UInt, y:UInt, z:UInt. ((x + y = x + z) ⇔ (y = z))) auto uint_add_both_sides_of_le_equal uint_add_both_sides_of_le_equal: (all x:UInt. (all y:UInt, z:UInt. (x + y ≤ x + z) = (y ≤ z))) uint_add_both_sides_of_less: (all x:UInt, y:UInt, z:UInt. ((x + y < x + z) ⇔ (y < z))) uint_add_both_sides_of_less_equal: (all x:UInt. (all y:UInt, z:UInt. ((x + y ≤ x + z) ⇔ (y ≤ z)))) auto uint_add_bzero uint_add_commute: (all x:UInt, y:UInt. x + y = y + x) uint_add_mono_less: (all a:UInt, b:UInt, c:UInt, d:UInt. (if (a < c and b < d) then a + b < c + d)) uint_add_mono_less_equal: (all a:UInt, b:UInt, c:UInt, d:UInt. (if (a ≤ c and b ≤ d) then a + b ≤ c + d)) auto uint_add_monus_identity uint_add_monus_identity: (all m:UInt, n:UInt. (m + n) ∸ m = n) uint_add_one_le_double: (all x:UInt. (if 0 < x then 1 + x ≤ x + x)) uint_add_to_bzero: (all n:UInt, m:UInt. (if n + m = bzero then (n = bzero and m = bzero))) uint_add_to_zero: (all n:UInt, m:UInt. (if n + m = 0 then (n = 0 and m = 0))) auto uint_add_zero uint_add_zero: (all x:UInt. x + 0 = x) auto uint_bzero_add uint_bzero_le: (all x:UInt. bzero ≤ x) uint_bzero_less_one_add: (all n:UInt. bzero < 1 + n) uint_bzero_monus: (all x:UInt. bzero ∸ x = bzero) uint_dichotomy: (all x:UInt, y:UInt. (x ≤ y or y < x)) uint_dist_mult_add: (all a:UInt, x:UInt, y:UInt. a * (x + y) = a * x + a * y) uint_dist_mult_add_right: (all x:UInt, y:UInt, a:UInt. (x + y) * a = x * a + y * a) auto uint_equal uint_equal: (all x:Nat, y:Nat. (fromNat(lit(x)) = fromNat(lit(y))) = (x = y)) uint_equal_implies_less_equal: (all x:UInt, y:UInt. (if x = y then x ≤ y)) uint_fromNat_toNat: (all b:UInt. fromNat(toNat(b)) = b) uint_induction: (all P:(fn UInt -> bool). (if (P(0) and (all m:UInt. (if P(m) then P(1 + m)))) then (all n:UInt. P(n)))) uint_k_induction: (all P:(fn UInt -> bool), k:UInt. (if (P(k) and (all m:UInt. (if P(m) then P(1 + m)))) then (all n:UInt. (if k ≤ n then P(n))))) uint_less_add_one_implies_less_equal: (all x:UInt, y:UInt. (if x < 1 + y then x ≤ y)) uint_less_add_pos: (all x:UInt, y:UInt. (if bzero < y then x < x + y)) uint_less_equal_add: (all x:UInt, y:UInt. x ≤ x + y) uint_less_equal_add_left: (all x:UInt, y:UInt. y ≤ x + y) uint_less_equal_antisymmetric: (all x:UInt, y:UInt. (if (x ≤ y and y ≤ x) then x = y)) uint_less_equal_refl: (all n:UInt. n ≤ n) auto uint_less_equal_refl_true uint_less_equal_refl_true: (all n:UInt. (n ≤ n) = true) uint_less_equal_trans: (all x:UInt, y:UInt, z:UInt. (if (x ≤ y and y ≤ z) then x ≤ z)) uint_less_equal_zero: (all x:UInt. (if x ≤ 0 then x = 0)) uint_less_implies_less_equal: (all x:UInt, y:UInt. (if x < y then x ≤ y)) uint_less_implies_not_greater: (all x:UInt, y:UInt. (if x < y then not (y < x))) uint_less_irreflexive: (all x:UInt. not (x < x)) uint_less_is_less_equal: (all x:UInt, y:UInt. (x < y) = (1 + x ≤ y)) uint_less_plus1: (all n:UInt. n < 1 + n) auto uint_less_plus1_true uint_less_plus1_true: (all n:UInt. (n < 1 + n) = true) auto uint_less_refl_false uint_less_refl_false: (all x:UInt. (x < x) = false) uint_less_trans: (all x:UInt, y:UInt, z:UInt. (if (x < y and y < z) then x < z)) auto uint_lit_less uint_lit_less: (all x:Nat, y:Nat. (fromNat(lit(x)) < fromNat(lit(y))) = (lit(x) < lit(y))) auto uint_lit_less_equal uint_lit_less_equal: (all x:Nat, y:Nat. (fromNat(lit(x)) ≤ fromNat(lit(y))) = (lit(x) ≤ lit(y))) uint_max_assoc: (all x:UInt, y:UInt, z:UInt. max(max(x, y), z) = max(x, max(y, z))) uint_max_equal_greater_left: (all x:UInt, y:UInt. (if y ≤ x then max(x, y) = x)) uint_max_equal_greater_right: (all x:UInt, y:UInt. (if x ≤ y then max(x, y) = y)) uint_max_less_equal: (all x:UInt, y:UInt, z:UInt. (if (x ≤ z and y ≤ z) then max(x, y) ≤ z)) uint_max_symmetric: (all x:UInt, y:UInt. max(x, y) = max(y, x)) uint_max_zero: (all x:UInt. max(x, 0) = x) uint_monus_add_assoc: (all n:UInt, l:UInt, m:UInt. (if m ≤ n then l + (n ∸ m) = (l + n) ∸ m)) uint_monus_add_identity: (all n:UInt. (all m:UInt. (if m ≤ n then m + (n ∸ m) = n))) uint_monus_bzero: (all n:UInt. n ∸ bzero = n) auto uint_monus_cancel uint_monus_cancel: (all n:UInt. n ∸ n = 0) uint_monus_cancel_bzero: (all n:UInt. n ∸ n = bzero) uint_monus_monus_eq_monus_add: (all x:UInt, y:UInt, z:UInt. (x ∸ y) ∸ z = x ∸ (y + z)) uint_monus_order: (all x:UInt, y:UInt, z:UInt. (x ∸ y) ∸ z = (x ∸ z) ∸ y) auto uint_monus_zero uint_monus_zero: (all n:UInt. n ∸ 0 = n) uint_mult_assoc: (all m:UInt, n:UInt, o:UInt. (m * n) * o = m * (n * o)) uint_mult_commute: (all m:UInt, n:UInt. m * n = n * m) uint_mult_mono_le: (all n:UInt, x:UInt, y:UInt. (if x ≤ y then n * x ≤ n * y)) uint_mult_mono_le2: (all n:UInt, x:UInt, m:UInt, y:UInt. (if (n ≤ m and x ≤ y) then n * x ≤ m * y)) auto uint_mult_one uint_mult_one: (all n:UInt. n * 1 = n) uint_mult_to_zero: (all n:UInt, m:UInt. (if n * m = 0 then (n = 0 or m = 0))) auto uint_mult_zero uint_mult_zero: (all n:UInt. n * 0 = 0) uint_not_less_equal_iff_greater: (all x:UInt, y:UInt. (not (x ≤ y) ⇔ (y < x))) uint_not_less_implies_less_equal: (all x:UInt, y:UInt. (if not (x < y) then y ≤ x)) uint_not_less_zero: (all x:UInt. not (x < 0)) uint_not_one_add_le_zero: (all n:UInt. not (1 + n ≤ 0)) uint_not_one_add_zero: (all n:UInt. not (1 + n = 0)) uint_not_zero_pos: (all n:UInt. (if not (n = 0) then 0 < n)) auto uint_one_add_zero_false uint_one_add_zero_false: (all n:UInt. (1 + n = 0) = false) auto uint_one_mult uint_one_mult: (all n:UInt. 1 * n = n) uint_pos_implies_one_le: (all n:UInt. (if 0 < n then 1 ≤ n)) uint_pos_mult_both_sides_of_less: (all n:UInt, x:UInt, y:UInt. (if (0 < n and x < y) then n * x < n * y)) uint_pos_not_zero: (all n:UInt. (if 0 < n then not (n = 0))) uint_positive_add_one: (all n:UInt. (if 0 < n then some n':UInt. n = 1 + n')) uint_pred_monus: (all n:UInt. pred(n) = n ∸ 1) uint_toNat_fromNat: (all x:Nat. toNat(fromNat(x)) = x) uint_toNat_injective: (all x:UInt, y:UInt. (if toNat(x) = toNat(y) then x = y)) uint_trichotomy: (all x:UInt, y:UInt. (x < y or x = y or y < x)) uint_two_mult: (all n:UInt. 2 * n = n + n) auto uint_zero_add uint_zero_add: (all x:UInt. 0 + x = x) uint_zero_le: (all x:UInt. 0 ≤ x) uint_zero_le_zero: (all x:UInt. (if x ≤ 0 then x = 0)) auto uint_zero_less_equal_true uint_zero_less_equal_true: (all x:UInt. (0 ≤ x) = true) uint_zero_less_one_add: (all n:UInt. 0 < 1 + n) auto uint_zero_less_one_add_true uint_zero_less_one_add_true: (all n:UInt. (0 < 1 + n) = true) uint_zero_max: (all x:UInt. max(0, x) = x) auto uint_zero_mult uint_zero_mult: (all n:UInt. 0 * n = 0) uint_zero_or_add_one: (all x:UInt. (x = 0 or some x':UInt. x = 1 + x')) uint_zero_or_positive: (all x:UInt. (x = 0 or 0 < x)) fun xor(x:bool, y:bool) { if x then not y else y } xor_commute: (all a:bool, b:bool. xor(a, b) = xor(b, a)) xor_false: (all b:bool. xor(false, b) = b) xor_true: (all b:bool. xor(true, b) = not b) auto zero_add auto zero_less_equal_true zero_less_equal_true: (all x:Nat. (zero ≤ x) = true) auto zero_mult