66-/
77import Cbrt512Proof.GeneratedCbrt512Model
88import Cbrt512Proof.EvmBridge
9+ import Cbrt512Proof.CbrtNumericCerts
910import CbrtProof.CbrtCorrect
1011import CbrtProof.CertifiedChain
1112import CbrtProof.FiniteCert
@@ -123,15 +124,18 @@ private theorem icbrt_le_hi_of_pow_lt_cube (w hi : Nat) (k : Nat)
123124theorem baseCase_NR_within_1ulp (w : Nat)
124125 (hw_lo : 2 ^ 251 ≤ w) (hw_hi : w < 2 ^ 254 ) :
125126 let m := icbrt w
126- let z := run6From w 22141993662453218394297550
127+ let z := run6From w baseCaseSeed
127128 m ≤ z ∧ z ≤ m + 1 := by
128129 simp only
129130 let s : Nat := 22141993662453218394297550
130131 let m := icbrt w
131132 have hmlo : m * m * m ≤ w := icbrt_cube_le w
132133 have hmhi : w < (m + 1 ) * (m + 1 ) * (m + 1 ) := icbrt_lt_succ_cube w
133- have hsPos : 0 < s := by omega
134134 have hw_pos : 0 < w := by omega
135+ have hs_lo : 2 ^ 83 ≤ s := by
136+ change 2 ^ 83 ≤ baseCaseSeed
137+ exact baseCaseSeed_bounds.1
138+ have hsPos : 0 < s := by omega
135139 -- Lower bound
136140 have hmz : m ≤ run6From w s := by
137141 unfold run6From
@@ -142,72 +146,78 @@ theorem baseCase_NR_within_1ulp (w : Nat)
142146 (cbrtStep_pos w _ hw_pos
143147 (cbrtStep_pos w _ hw_pos hsPos)))))
144148 hmlo
145- refine ⟨hmz, ?_⟩
149+ have hmz' : m ≤ run6From w baseCaseSeed := by
150+ simpa [s, baseCaseSeed] using hmz
151+ refine ⟨hmz', ?_⟩
146152 -- Case split on octave
147153 by_cases h252 : w < 2 ^ 252
148154 · -- Octave 251: w ∈ [2^251, 2^252)
149- -- lo = 15352400942462240883748044, hi = 19342813113834066795298815
150- let lo : Nat := 15352400942462240883748044
151- have hlo : lo ≤ m := lo_le_icbrt_of_cube_le_pow w lo 251 ( by native_decide) hw_lo
152- have hhi : m ≤ 19342813113834066795298815 :=
153- icbrt_le_hi_of_pow_lt_cube w 19342813113834066795298815 251 ( by native_decide) h252
154- have hm2 : 2 ≤ m := by omega
155- -- d1 bound
156- have hd1 : cbrtStep w s - m ≤ 1994218922075376856504634 := by
157- have h := cbrt_d1_bound w m s lo 19342813113834066795298815 hsPos hmlo hmhi hlo hhi
158- have : max (s - lo) ( 19342813113834066795298815 - s) = 6789592719990977510549506 := by
159- native_decide
160- rw [this] at h
161- have : ( 6789592719990977510549506 * 6789592719990977510549506 *
162- ( 19342813113834066795298815 + 2 * s) + 3 * 19342813113834066795298815 *
163- ( 19342813113834066795298815 + 1 )) / ( 3 * (s * s)) =
164- 1994218922075376856504634 := by native_decide
165- omega
166- exact chain_6steps_upper w m lo s 1994218922075376856504634
167- hm2 ( by omega : 0 < lo) hlo hsPos hmlo hmhi hd1
168- (Nat.le_trans ( by native_decide : 2 * 1994218922075376856504634 ≤ lo) hlo)
169- ( by native_decide) ( by native_decide) ( by native_decide) ( by native_decide) ( by native_decide)
155+ have hlo : octave251Lo ≤ m :=
156+ lo_le_icbrt_of_cube_le_pow w octave251Lo 251 octave251_bounds. 1 hw_lo
157+ have hhi : m ≤ octave251Hi :=
158+ icbrt_le_hi_of_pow_lt_cube w octave251Hi 251 octave251_bounds. 2 h252
159+ have hm2 : 2 ≤ m := Nat.le_trans octave251_lo_two_le hlo
160+ have hd1 : cbrtStep w s - m ≤ octave251D1 := by
161+ have h := cbrt_d1_bound w m s octave251Lo octave251Hi hsPos hmlo hmhi hlo hhi
162+ rw [ show max ( s - octave251Lo) (octave251Hi - s) = octave251Gap by
163+ simpa [s, baseCaseSeed] using octave251_gap_eq] at h
164+ have hformula :
165+ (octave251Gap * octave251Gap * (octave251Hi + 2 * s) +
166+ 3 * octave251Hi * (octave251Hi + 1 )) / ( 3 * (s * s)) = octave251D1 := by
167+ simpa [s, baseCaseSeed] using octave251_d1_formula_eq
168+ simpa [hformula] using h
169+ obtain ⟨h2d1, h2d2, h2d3, h2d4, h2d5, hd6_le1⟩ := octave251_chain_bounds
170+ have hloPos : 0 < octave251Lo := Nat.lt_of_lt_of_le ( by omega : 0 < 2 ) octave251_lo_two_le
171+ have hup : run6From w s ≤ m + 1 :=
172+ chain_6steps_upper w m octave251Lo s octave251D1
173+ hm2 hloPos hlo hsPos hmlo hmhi hd1
174+ (Nat.le_trans h2d1 hlo) h2d2 h2d3 h2d4 h2d5 hd6_le1
175+ simpa [s, baseCaseSeed] using hup
170176 · by_cases h253 : w < 2 ^ 253
171177 · -- Octave 252: w ∈ [2^252, 2^253)
172- let lo : Nat := 19342813113834066795298816
173- have hlo : lo ≤ m := lo_le_icbrt_of_cube_le_pow w lo 252 (by native_decide) (by omega)
174- have hhi : m ≤ 24370417406302138235346347 :=
175- icbrt_le_hi_of_pow_lt_cube w 24370417406302138235346347 252 (by native_decide) h253
176- have hm2 : 2 ≤ m := by omega
177- have hd1 : cbrtStep w s - m ≤ 365742585066387069963242 := by
178- have h := cbrt_d1_bound w m s lo 24370417406302138235346347 hsPos hmlo hmhi hlo hhi
179- have : max (s - lo) (24370417406302138235346347 - s) =
180- 2799180548619151598998734 := by native_decide
181- rw [this] at h
182- have : (2799180548619151598998734 * 2799180548619151598998734 *
183- (24370417406302138235346347 + 2 * s) + 3 * 24370417406302138235346347 *
184- (24370417406302138235346347 + 1 )) / (3 * (s * s)) =
185- 365742585066387069963242 := by native_decide
186- omega
187- exact chain_6steps_upper w m lo s 365742585066387069963242
188- hm2 (by omega : 0 < lo) hlo hsPos hmlo hmhi hd1
189- (Nat.le_trans (by native_decide : 2 * 365742585066387069963242 ≤ lo) hlo)
190- (by native_decide) (by native_decide) (by native_decide) (by native_decide) (by native_decide)
178+ have hlo : octave252Lo ≤ m :=
179+ lo_le_icbrt_of_cube_le_pow w octave252Lo 252 octave252_bounds.1 (by omega)
180+ have hhi : m ≤ octave252Hi :=
181+ icbrt_le_hi_of_pow_lt_cube w octave252Hi 252 octave252_bounds.2 h253
182+ have hm2 : 2 ≤ m := Nat.le_trans octave252_lo_two_le hlo
183+ have hd1 : cbrtStep w s - m ≤ octave252D1 := by
184+ have h := cbrt_d1_bound w m s octave252Lo octave252Hi hsPos hmlo hmhi hlo hhi
185+ rw [show max (s - octave252Lo) (octave252Hi - s) = octave252Gap by
186+ simpa [s, baseCaseSeed] using octave252_gap_eq] at h
187+ have hformula :
188+ (octave252Gap * octave252Gap * (octave252Hi + 2 * s) +
189+ 3 * octave252Hi * (octave252Hi + 1 )) / (3 * (s * s)) = octave252D1 := by
190+ simpa [s, baseCaseSeed] using octave252_d1_formula_eq
191+ simpa [hformula] using h
192+ obtain ⟨h2d1, h2d2, h2d3, h2d4, h2d5, hd6_le1⟩ := octave252_chain_bounds
193+ have hloPos : 0 < octave252Lo := Nat.lt_of_lt_of_le (by omega : 0 < 2 ) octave252_lo_two_le
194+ have hup : run6From w s ≤ m + 1 :=
195+ chain_6steps_upper w m octave252Lo s octave252D1
196+ hm2 hloPos hlo hsPos hmlo hmhi hd1
197+ (Nat.le_trans h2d1 hlo) h2d2 h2d3 h2d4 h2d5 hd6_le1
198+ simpa [s, baseCaseSeed] using hup
191199 · -- Octave 253: w ∈ [2^253, 2^254)
192- let lo : Nat := 24370417406302138235346347
193- have hlo : lo ≤ m := lo_le_icbrt_of_cube_le_pow w lo 253 (by native_decide) (by omega)
194- have hhi : m ≤ 30704801884924481767496089 :=
195- icbrt_le_hi_of_pow_lt_cube w 30704801884924481767496089 253 (by native_decide) hw_hi
196- have hm2 : 2 ≤ m := by omega
197- have hd1 : cbrtStep w s - m ≤ 3738299367780524623633435 := by
198- have h := cbrt_d1_bound w m s lo 30704801884924481767496089 hsPos hmlo hmhi hlo hhi
199- have : max (s - lo) (30704801884924481767496089 - s) =
200- 8562808222471263373198539 := by native_decide
201- rw [this] at h
202- have : (8562808222471263373198539 * 8562808222471263373198539 *
203- (30704801884924481767496089 + 2 * s) + 3 * 30704801884924481767496089 *
204- (30704801884924481767496089 + 1 )) / (3 * (s * s)) =
205- 3738299367780524623633435 := by native_decide
206- omega
207- exact chain_6steps_upper w m lo s 3738299367780524623633435
208- hm2 (by omega : 0 < lo) hlo hsPos hmlo hmhi hd1
209- (Nat.le_trans (by native_decide : 2 * 3738299367780524623633435 ≤ lo) hlo)
210- (by native_decide) (by native_decide) (by native_decide) (by native_decide) (by native_decide)
200+ have hlo : octave253Lo ≤ m :=
201+ lo_le_icbrt_of_cube_le_pow w octave253Lo 253 octave253_lo_cube_le_pow253 (by omega)
202+ have hhi : m ≤ M_TOP :=
203+ icbrt_le_hi_of_pow_lt_cube w M_TOP 253 m_top_cube_bounds.2 hw_hi
204+ have hm2 : 2 ≤ m := Nat.le_trans octave253_lo_two_le hlo
205+ have hd1 : cbrtStep w s - m ≤ octave253D1 := by
206+ have h := cbrt_d1_bound w m s octave253Lo M_TOP hsPos hmlo hmhi hlo hhi
207+ rw [show max (s - octave253Lo) (M_TOP - s) = octave253Gap by
208+ simpa [s, baseCaseSeed] using octave253_gap_eq] at h
209+ have hformula :
210+ (octave253Gap * octave253Gap * (M_TOP + 2 * s) +
211+ 3 * M_TOP * (M_TOP + 1 )) / (3 * (s * s)) = octave253D1 := by
212+ simpa [s, baseCaseSeed] using octave253_d1_formula_eq
213+ simpa [hformula] using h
214+ obtain ⟨h2d1, h2d2, h2d3, h2d4, h2d5, hd6_le1⟩ := octave253_chain_bounds
215+ have hloPos : 0 < octave253Lo := Nat.lt_of_lt_of_le (by omega : 0 < 2 ) octave253_lo_two_le
216+ have hup : run6From w s ≤ m + 1 :=
217+ chain_6steps_upper w m octave253Lo s octave253D1
218+ hm2 hloPos hlo hsPos hmlo hmhi hd1
219+ (Nat.le_trans h2d1 hlo) h2d2 h2d3 h2d4 h2d5 hd6_le1
220+ simpa [s, baseCaseSeed] using hup
211221
212222-- ============================================================================
213223-- Base case EVM bridge
@@ -264,22 +274,21 @@ theorem model_cbrtBaseCase_evm_correct (x_hi_1 : Nat)
264274 show x_hi_1 / 4 < 2 ^ 254 ; unfold WORD_MOD at hx_hi; omega
265275 have hw_wm : w < WORD_MOD := by show x_hi_1 / 4 < WORD_MOD; unfold WORD_MOD; omega
266276 have hm_lo : 2 ^ 83 ≤ m :=
267- lo_le_icbrt_of_cube_le_pow w (2 ^ 83 ) 251 ( by native_decide) hw_lo
277+ lo_le_icbrt_of_cube_le_pow w (2 ^ 83 ) 251 pow83_cube_le_pow251 hw_lo
268278 have hm_hi : m < 2 ^ 85 := by
269279 show icbrt w < 2 ^ 85
270- have := icbrt_le_hi_of_pow_lt_cube w (2 ^ 85 - 1 ) 253 ( by native_decide) hw_hi
280+ have := icbrt_le_hi_of_pow_lt_cube w (2 ^ 85 - 1 ) 253 pow254_le_succ_pow85_sub_one_cube hw_hi
271281 omega
272282 have hm_wm : m < WORD_MOD := by unfold WORD_MOD; omega
273283 have hm2_le : m * m ≤ (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) :=
274284 Nat.mul_le_mul (by omega) (by omega)
275285 have hm2_wm : m * m < WORD_MOD := by
276- have : (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) < WORD_MOD := by unfold WORD_MOD; native_decide
286+ have : (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) < WORD_MOD := pow85_sub_one_sq_lt_word
277287 omega
278288 have hm3_le : m * m * m ≤ (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) :=
279289 Nat.mul_le_mul hm2_le (by omega)
280290 have hm3_wm : m * m * m < WORD_MOD := by
281- have : (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) < WORD_MOD := by
282- unfold WORD_MOD; native_decide
291+ have : (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) * (2 ^ 85 - 1 ) < WORD_MOD := pow85_sub_one_cube_lt_word
283292 omega
284293 have h3m2_wm : 3 * (m * m) < WORD_MOD := by omega
285294 have h3m2_pos : 3 * (m * m) > 0 := by
@@ -294,8 +303,12 @@ theorem model_cbrtBaseCase_evm_correct (x_hi_1 : Nat)
294303 push_cast; simp [Int.add_mul, Int.mul_add, Int.mul_one, Int.one_mul]; omega
295304 -- ======== NR chain: 6 steps ========
296305 let s := (22141993662453218394297550 : Nat)
297- have hs_lo : 2 ^ 83 ≤ s := by native_decide
298- have hs_hi : s < 2 ^ 88 := by native_decide
306+ have hs_lo : 2 ^ 83 ≤ s := by
307+ change 2 ^ 83 ≤ baseCaseSeed
308+ exact baseCaseSeed_bounds.1
309+ have hs_hi : s < 2 ^ 88 := by
310+ change baseCaseSeed < 2 ^ 88
311+ exact baseCaseSeed_bounds.2
299312 let z1 := cbrtStep w s
300313 let z2 := cbrtStep w z1
301314 let z3 := cbrtStep w z2
@@ -339,7 +352,7 @@ theorem model_cbrtBaseCase_evm_correct (x_hi_1 : Nat)
339352 unfold WORD_MOD; omega
340353 -- ======== Shift lemma ========
341354 have hshift : evmShr (evmAnd (evmAnd 2 255 ) 255 ) x_hi_1 = w := by
342- have : evmAnd (evmAnd 2 255 ) 255 = 2 := by native_decide
355+ have : evmAnd (evmAnd 2 255 ) 255 = 2 := baseCaseShiftMask_eq_two
343356 rw [this]; exact evmShr_eq' 2 x_hi_1 (by omega) hx_hi
344357 -- ======== EVM bridge: z6² and z6³ ========
345358 have hevmMul_z6z6 : evmMul z6 z6 = z6 * z6 := by
0 commit comments