Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add BitVec.sdivOverflow definition and lemmas for overflow in signed and unsigned division #7671

Draft
wants to merge 24 commits into
base: master
Choose a base branch
from
Draft

feat: add BitVec.sdivOverflow definition and lemmas for overflow in signed and unsigned division #7671

wants to merge 24 commits into from
+161 −0

Conversation

luisacicolini
Copy link
Contributor

@luisacicolini luisacicolini commented Mar 24, 2025
edited
Loading

This PR introduces the lemmas to check overflow conditions on signed and unsigned division BitVec.sdivOverflow and BitVec.not_udivOverflow (given that unsigned division never overflows), according to the definitions here.
The core proofs majorly relies on omega, when the bounds of the division are precise enough. This required introducing numerous Int.sdiv_* lemmas.

Co-authored by @bollu.

@github-actions github-actions bot added the toolchain-available A toolchain is available for this PR, at leanprover/lean4-pr-releases:pr-release-NNNN label Mar 24, 2025
@leanprover-community-bot
Copy link
Collaborator

leanprover-community-bot commented Mar 24, 2025
edited
Loading

Mathlib CI status (docs):

  • ❗ Batteries/Mathlib CI will not be attempted unless your PR branches off the nightly-with-mathlib branch. Try git rebase b0e58d3387ec103287ac56aea95e4cecd9968982 --onto 635af865bf52013210057ebfb99bec4c04f40cab. You can force Mathlib CI using the force-mathlib-ci label. (2025-03-24 23:38:59)
  • ❗ Batteries/Mathlib CI will not be attempted unless your PR branches off the nightly-with-mathlib branch. Try git rebase b0e58d3387ec103287ac56aea95e4cecd9968982 --onto 2edfe2e9cffd55e3c79291628ae091b942291ec9. You can force Mathlib CI using the force-mathlib-ci label. (2025-04-01 15:46:30)

@luisacicolini
Copy link
Contributor Author

changelog-library

@github-actions github-actions bot added the changelog-library Library label Apr 1, 2025
bollu
bollu suggested changes Apr 1, 2025
View reviewed changes
Copy link
Contributor

@bollu bollu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe in Int, the theorems are called as div_... rather than sdiv_...? So I'd at the very least change that. We also have theorems that use ge, which is not the simp normal form:

  • sdiv_neg_ge_two_ge
  • sdiv_neg_le_neg_two_ge

src/Init/Data/Int/DivMod/Lemmas.lean
norm_cast
simp

theorem sdiv_neg_ge_two_ge (x y : Int) (hy' : 2 ≤ y) (hx' : x < 0) :
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
theorem sdiv_neg_ge_two_ge (x y : Int) (hy' : 2 ≤ y) (hx' : x < 0) :
theorem div_le_of_two_le_of_lt_zero (x y : Int) (hy' : 2 ≤ y) (hx' : x < 0) :

I wonder what the canonical way of spelling x < 0 is in the theorem name: do we say lt_zero?

src/Init/Data/Int/DivMod/Lemmas.lean
simp only [hx, hy, Nat.succ_eq_add_one, Int.ofNat_eq_coe, ge_iff_le, Int.neg_le_neg_iff, Int.ofNat_le]
apply Nat.le_trans (m := xn) (by exact Nat.div_le_self xn (yn + 1)) (by omega)

theorem sdiv_pos_le_neg_two_le (x y : Int) (hy' : y ≤ -2) (hx' : 0 < x) :
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
theorem sdiv_pos_le_neg_two_le (x y : Int) (hy' : y ≤ -2) (hx' : 0 < x) :
theorem sdiv_nonpos_of_le_neg_two_of_zero_lt (x y : Int) (hy' : y ≤ -2) (hx' : 0 < x) :

It would be good to have an English sentence that explains what's going on. Also, doesn't the theorem hold for a looser bound, when y <= -1? We should try to now generalize our statements, as the proof goes through.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tobiasgrosser tobiasgrosser tobiasgrosser left review comments

@bollu bollu bollu requested changes

@hargoniX hargoniX Awaiting requested review from hargoniX hargoniX will be requested when the pull request is marked ready for review hargoniX is a code owner

@kim-em kim-em Awaiting requested review from kim-em kim-em will be requested when the pull request is marked ready for review kim-em is a code owner

Assignees
No one assigned
Labels
changelog-library Library toolchain-available A toolchain is available for this PR, at leanprover/lean4-pr-releases:pr-release-NNNN
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@luisacicolini @leanprover-community-bot @tobiasgrosser @bollu