You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Aug 2, 2022. It is now read-only.
While working on issue #47 I noticed that some properties are harder to prove than expected and are not feasible to prove in the time given. The missing parts are:
The associativity lemmas for integer conversions between signed and unsigned. Since addition and subtraction are sign-independent the following lemmas are valid but cannot be proven yet (for all ranges):
X + Y = To_Int (To_Uns (X) + To_Uns (Y))
X - Y = To_Int (To_Uns (X) - To_Uns (Y))
Multiplication with overflow check is a little more complex than addition and subtraction but it should be provable with moderate effort.
The division functions are not yet analyzed but after a short overview they're the most complex part of the package and will likely require high effort to prove.
While working on issue #47 I noticed that some properties are harder to prove than expected and are not feasible to prove in the time given. The missing parts are:
X + Y = To_Int (To_Uns (X) + To_Uns (Y))X - Y = To_Int (To_Uns (X) - To_Uns (Y))