More results on BitEncoding.int2bs

[strub]

New lemmas: int2bs_strikeE, int2bs_strike_succE

[oskgo]

These lemmas look like parts of some induction result. Is that how you're using it? Maybe it would make sense to provide an explicit induction rule as well? In the induction rule k could be left mostly abstract, which would make it a bit cleaner to use.

[strub]

Not sure to understand. This lemmas tell you exactly what happens in the binary representation when incrementing by 1. How could k be left abstract?

[fdupress]

Not sure to understand. This lemmas tell you exactly what happens in the binary representation when incrementing by 1. How could k be left abstract?

I think you could avoid specifying it exactly as the index of the first 1, and instead prove the result for all k that is the index of a 1 and such that all lower indices contain 0. But this is just a rewrite indexP away, I think. (Swap 0 and 1.)

[strub]

"For all k (but there is at most one which is the first index of false or the size of the list if there is no such k)" doesn't make proofs easier. Especially when you use both lemmas and you need to know that they are the same.

[oskgo]

I'll elaborate. Correct me if I'm wrong, but to me it looks like the main motivation of these lemmas is to use them when you have a statement like forall n, 0 <= n < 2^l => P (int2bs (l+1) n) and want to prove this using induction over n. I think that it should be possible to lift out an induction rule here that does the rewrite with these lemmas in the induction step for you. Something like forall k l, <bounds on k> => <hypothesis on l> => P (nseq k true ++ false :: l) => P (nseq k false ++ true :: l).

I recognize that they're also going to be useful even when you're not doing induction.

EDIT: If your usecase doesn't look anything like this you can ignore my remark.

[strub]

I am using them in a hoare proof (in a while loop). So yes, there is an induction, but not at the ambient logic level.

[oskgo]

Fair enough. Looks good to me. Approved.