Remove rweight #337
Merged
Remove rweight #337
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
andres-erbsen
approved these changes
Mar 27, 2018
| (Hc : length c = len_c) | ||
| (Hidxs : length idxs = len_idxs). | ||
| Definition weight (i : nat) | ||
| := 2^(-(-(limbwidth_num * i) / limbwidth_den)). |
There was a problem hiding this comment.
is the double negation used here to make it round up? I don't know whether the trick here works, but I would believe you if you said it does. In C I often use (n + d - 1)/d for rounding up. Edit: hah, you proved it correct below. I approve of both the trick and the fact that the code was already set up in a way to make it the right thing to do to prove it.
There was a problem hiding this comment.
I got the "trick" by unfolding Qceiling (Z.pos (Z.to_pos num) / Z.to_pos den) and then removing the matches
| expand_lists (). | ||
| subst carrymod; reflexivity. | ||
| Qed. | ||
| Local Lemma weight_0 : weight 0 = 1. |
There was a problem hiding this comment.
Could you get this lemma and the next from lemmas about 2^Qceiling(limbwidth*i) ? Or are your proofs intentionally duplicative because they look simpler?
There was a problem hiding this comment.
I was originally trying to be as permissive as possible. I'll strengthen the hypotheses to require 0 < limbwidth_den which is required for basing it on 2^Qceiling(limbwidth*i) to actually be a simplification.
| @@ -6419,21 +6418,21 @@ Section rcarry_mul. | |||
| Definition rcarry_mul | |||
| := BoundsPipeline | |||
| (carry_mul_gen | |||
| @ rw @ GallinaReify.Reify s @ GallinaReify.Reify c @ GallinaReify.Reify n @ GallinaReify.Reify (length c) @ GallinaReify.Reify idxs @ GallinaReify.Reify (length idxs)) | |||
| @ GallinaReify.Reify (Qnum limbwidth) @ GallinaReify.Reify (Z.pos (Qden limbwidth)) @ GallinaReify.Reify s @ GallinaReify.Reify c @ GallinaReify.Reify n @ GallinaReify.Reify (length c) @ GallinaReify.Reify idxs @ GallinaReify.Reify (length idxs)) | |||
There was a problem hiding this comment.
It might be easier to take in (Z*Z) instead of Q for the limbwidth. either is fine by me.
There was a problem hiding this comment.
Huh? limbwidth is computed in this section. I could also let-bind the numerator and denominator....
| @@ -6591,6 +6584,7 @@ Section rcarry_mul. | |||
| | intros; apply eval_oppmod | |||
| | intros; apply eval_encodemod | |||
| | eassumption | |||
| | apply conj | |||
There was a problem hiding this comment.
I remember having issues with non-conditional (e?)apply conj looping. if you think it's fine here then it's most likely fine
There was a problem hiding this comment.
If it starts looping, I'll get rid of it. But this is really a very simple proof that goes by eauto modulo beta-iota-delta.
|
Updated to build to the end by plugging in a concrete weight function and proving a few extra lemmas. |
|
@jadephilipoom Are you okay with the changes to montred that inline the weight function? I tried to do things in a way that minimally impacted your proof (so definitely feel free to later rewrite it more or whatever). |
jadephilipoom
approved these changes
Mar 28, 2018
| Let w_divides : forall i : nat, w (S i) / w i > 0 | ||
| := weight_divides _ _ log2R_good. | ||
| Let w_1_gt1 : w 1 > 1 := weight_1_gt_1 _ _ log2R_good. | ||
| Let w_half_1_gt1 : w_half 1 > 1 := weight_1_gt_1 _ _ half_log2R_good. |
There was a problem hiding this comment.
Ugh, this is quite a lot of boilerplate. I was thinking of maybe making a record or something for saturated weight functions, and maybe this is another point for that strategy.
JasonGross
added a commit
to JasonGross/fiat-crypto
that referenced
this pull request
Feb 21, 2022
Probably if the lists are the same lengths, then we want to compare them element-wise rather than all at once. It's way too verbose to keep expanding them, so we only do that when lists are not the same length. We now get error messages such as ``` Unable to unify: [inr [378, 381, 384]] == [inr [101, 106, 108]] Could not unify the values at index 0: [mit-plv#378, mit-plv#381, mit-plv#384] != [mit-plv#101, mit-plv#106, mit-plv#108] index 0: mit-plv#378 != mit-plv#101 (slice 0 44, [mit-plv#377]) != (slice 0 44, [mit-plv#98]) index 0: mit-plv#377 != mit-plv#98 (add 64, [mit-plv#345, mit-plv#375]) != (add 64, [#57, mit-plv#96]) index 0: mit-plv#345 != #57 (slice 0 44, [mit-plv#337]) != (slice 0 44, [#44]) index 0: mit-plv#337 != #44 (add 64, [#41, mit-plv#334]) != (add 64, [#25, #41]) index 1: mit-plv#334 != #25 (mul 64, [#1, mit-plv#331]) != (mul 64, [#0, #1, #22]) [(add 64, [mit-plv#329, mit-plv#329])] != [#0, (const 20, [])] [(add 64, [(mul 64, [#7, mit-plv#328]), (mul 64, [#7, mit-plv#328])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, mit-plv#327])]), (mul 64, [(const 2, []), (add 64, [#0, mit-plv#327])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, mit-plv#326])])]), (mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, mit-plv#326])])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, (const 4, [])])])]), (mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, (const 4, [])])])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [(old 64 0, []), (mul 64, [(old 64 0, []), (const 4, [])])])]), (mul 64, [(const 2, []), (add 64, [(old 64 0, []), (mul 64, [(old 64 0, []), (const 4, [])])])])])] != [(old 64 0, []), (const 20, [])] ``` The second to last line is generally the one to look at; the last line adds a bit more detail to it. Perhaps we should instead list out the values of indices rather than expanding one additional level?
JasonGross
added a commit
to JasonGross/fiat-crypto
that referenced
this pull request
Feb 21, 2022
Probably if the lists are the same lengths, then we want to compare them element-wise rather than all at once. It's way too verbose to keep expanding them, so we only do that when lists are not the same length. We now get error messages such as ``` Unable to unify: [inr [378, 381, 384]] == [inr [101, 106, 108]] Could not unify the values at index 0: [mit-plv#378, mit-plv#381, mit-plv#384] != [mit-plv#101, mit-plv#106, mit-plv#108] index 0: mit-plv#378 != mit-plv#101 (slice 0 44, [mit-plv#377]) != (slice 0 44, [mit-plv#98]) index 0: mit-plv#377 != mit-plv#98 (add 64, [mit-plv#345, mit-plv#375]) != (add 64, [#57, mit-plv#96]) index 0: mit-plv#345 != #57 (slice 0 44, [mit-plv#337]) != (slice 0 44, [#44]) index 0: mit-plv#337 != #44 (add 64, [#41, mit-plv#334]) != (add 64, [#25, #41]) index 1: mit-plv#334 != #25 (mul 64, [#1, mit-plv#331]) != (mul 64, [#0, #1, #22]) [(add 64, [mit-plv#329, mit-plv#329])] != [#0, (const 20, [])] [(add 64, [(mul 64, [#7, mit-plv#328]), (mul 64, [#7, mit-plv#328])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, mit-plv#327])]), (mul 64, [(const 2, []), (add 64, [#0, mit-plv#327])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, mit-plv#326])])]), (mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, mit-plv#326])])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, (const 4, [])])])]), (mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, (const 4, [])])])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [(old 64 0, []), (mul 64, [(old 64 0, []), (const 4, [])])])]), (mul 64, [(const 2, []), (add 64, [(old 64 0, []), (mul 64, [(old 64 0, []), (const 4, [])])])])])] != [(old 64 0, []), (const 20, [])] ``` The second to last line is generally the one to look at; the last line adds a bit more detail to it. Perhaps we should instead list out the values of indices rather than expanding one additional level?
JasonGross
added a commit
that referenced
this pull request
Feb 22, 2022
Probably if the lists are the same lengths, then we want to compare them element-wise rather than all at once. It's way too verbose to keep expanding them, so we only do that when lists are not the same length. We now get error messages such as ``` Unable to unify: [inr [378, 381, 384]] == [inr [101, 106, 108]] Could not unify the values at index 0: [#378, #381, #384] != [#101, #106, #108] index 0: #378 != #101 (slice 0 44, [#377]) != (slice 0 44, [#98]) index 0: #377 != #98 (add 64, [#345, #375]) != (add 64, [#57, #96]) index 0: #345 != #57 (slice 0 44, [#337]) != (slice 0 44, [#44]) index 0: #337 != #44 (add 64, [#41, #334]) != (add 64, [#25, #41]) index 1: #334 != #25 (mul 64, [#1, #331]) != (mul 64, [#0, #1, #22]) [(add 64, [#329, #329])] != [#0, (const 20, [])] [(add 64, [(mul 64, [#7, #328]), (mul 64, [#7, #328])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, #327])]), (mul 64, [(const 2, []), (add 64, [#0, #327])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, #326])])]), (mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, #326])])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, (const 4, [])])])]), (mul 64, [(const 2, []), (add 64, [#0, (mul 64, [#0, (const 4, [])])])])])] != [#0, (const 20, [])] [(add 64, [(mul 64, [(const 2, []), (add 64, [(old 64 0, []), (mul 64, [(old 64 0, []), (const 4, [])])])]), (mul 64, [(const 2, []), (add 64, [(old 64 0, []), (mul 64, [(old 64 0, []), (const 4, [])])])])])] != [(old 64 0, []), (const 20, [])] ``` The second to last line is generally the one to look at; the last line adds a bit more detail to it. Perhaps we should instead list out the values of indices rather than expanding one additional level?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.