Library mont_mul_triple

Require Import ssreflect ssrbool eqtype.
Require Import Arith_ext ZArith_ext Lists_ext.
Require Import machine_int multi_int omegaz.
Import MachineInt.
Require Import mapstos mips_seplog mips_contrib mips_tactics.
Require Import mont_mul_prg.

Local Open Scope machine_int_scope.
Local Open Scope eqmod_scope.
Local Open Scope zarith_ext_scope.
Local Open Scope heap_scope.
Import expr_m.
Local Open Scope mips_expr_scope.
Import assert_m.
Local Open Scope mips_assert_scope.
Local Open Scope mips_cmd_scope.
Local Open Scope mips_hoare_scope.
Local Open Scope nodup_scope.

Lemma mont_mul_triple : forall k alpha x y z m one ext int_ X_ Y_ M_ Z_ quot C t s_ : reg,
  nodup(k, alpha, x, y, z, m, one, ext, int_, X_, Y_, M_, Z_, quot, C, t, s_, r0) ->
  forall nk valpha vx vy vm vz X Y M,
  u2Z (nth 0 M zero32) * u2Z valpha =m -1 {{ Zbeta 1 }} ->
  length X = nk -> length Y = nk -> length M = nk ->
  u2Z vz + 4 * Z_of_nat nk < Zbeta 1 ->
  Sum nk X < Sum nk M -> Sum nk Y < Sum nk M ->
{{ fun s h => [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> rep zero32 nk ** var_e m |--> M) s h /\
  store.multi_null s }}
montgomery k alpha x y z m one ext int_ X_ Y_ M_ Z_ quot C t s_
{{ fun s h => exists Z, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  Zbeta nk * Sum (S nk) (Z ++ [C]_s :: nil) =m Sum nk X * Sum nk Y {{ Sum nk M }} /\
  Sum (S nk) (Z ++ [C]_s :: nil) < 2 * Sum nk M /\
  u2Z [t]_s = u2Z vz + 4 * Z_of_nat (nk - 1) }}.
Proof.
move=> k alpha x y z m one ext int_ X_ Y_ M_ Z_ quot C t s_
  Hset nk valpha vx vy vm vz X Y M Halpha Hx Hy Hm Hnz HX HY.
rewrite /montgomery.

NextAddiu.
move=> s h [[r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem Hmu]]]]]]]].
rewrite /wp_addiu.
repeat reg_upd; repeat (split; trivial).
by Assert_upd.
by rewrite store.multi_null_upd.

NextAddiu.
move=> s h [[r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem Hmu]]]]]]] r_one].
rewrite /wp_addiu.
repeat reg_upd; repeat (split; trivial).
by Assert_upd.
by rewrite store.multi_null_upd.

NextAddiu.
move=> s h [[[r_x [r_y [r_z [r_m [r_k [rd_galpha [Hmem Hmu]]]]]]] r_one] r_C].
rewrite /wp_addiu.
repeat reg_upd; repeat (split; trivial).
by Assert_upd.
by rewrite store.multi_null_upd.

apply hoare_prop_m.hoare_while_invariant with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s <= u2Z [k]_s /\
  [one]_s = one32 /\ (next <> O -> u2Z [t]_s = u2Z vz + 4 * Z_of_nat (nk - 1)) /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next)).

move=> s h [[[[r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem Hmu]]]]]]] r_one] r_C] r_ext].

exists (rep zero32 nk), O; repeat (split; trivial).
by apply len_rep.
by rewrite r_ext sext_Z2u // add_0 store.get_r0 u2Z_Z2u.
rewrite r_ext sext_Z2u // add_0 store.get_r0 u2Z_Z2u //; by apply min_u2Z.
apply u2Z_inj; by rewrite r_one sext_Z2u // add_com store.get_r0 add_0 u2Z_Z2u.
by case.
exists 0.
have -> : rep zero32 nk ++ [C ]_ s :: nil = rep zero32 (S nk).
  rewrite rep_last; repeat f_equal.
  apply u2Z_inj; by rewrite r_C sext_Z2u // add_0 store.get_r0.
rewrite Sum_rep_0.
split; first by done.
rewrite Zmult_1_r !Zmult_0_l Zplus_0_l.
apply Zmult_lt_0_compat; first by done.
apply Zle_lt_trans with (Sum nk X); [by apply min_Sum | assumption].

move=> s h [[Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [Hext [Hextk' [Hone [Ht Hinv]]]]]]]]]]]]]] Hextk].
rewrite /= Hext r_k in Hextk; move/negPn : Hextk; move/Zeq_boolP; move/Z_of_nat_inj => Hextk; subst next.

exists Z; do 8 (split; trivial).
case: Hinv => K [Hinv1 Hinv2].
split; first by exists K.
split.
- apply Zmult_gt_0_lt_reg_r with (Zbeta nk).
  by apply Zlt_gt, Zbeta_0.
  rewrite Zmult_comm Hinv1; exact Hinv2.
- apply Ht; by destruct nk.

apply hoare_lwxs_back_alt'' with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32).

move=> s h [[Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Ht Hinv]]]]]]]]]]]]]] Hextk].
rewrite /= in Hextk; move/Zeq_boolP : Hextk => Hextk.
have {Hextk}Hextk : (next < nk)%nat.
  apply Z_of_nat_lt_inj. rewrite -r_ext -r_k. by apply Zle_neq_lt.

exists (nth next X zero32); split.
- Decompose_32 X next X1 X2 HlenX1 HX'; last by rewrite Hx.
  rewrite HX' (decompose_equiv _ _ _ _ _ HlenX1) !assert_m.con_assoc_equiv assert_m.con_com_equiv !assert_m.con_assoc_equiv in Hmem.
  move: Hmem; apply monotony => // h'.
  apply mapsto_ext => //.
  by rewrite [mult]lock /= -lock shl_Z2u r_ext inj_mult Zmult_comm.
- rewrite /update_store_lwxs.
  exists Z, next; repeat reg_upd; repeat (split; trivial).
  by Assert_upd.
  rewrite r_ext r_k; by apply inj_lt.

apply hoare_lw_back_alt'' with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [mem [r_ext [Hextk' [Hone [Hinv [Hextk r_X_]]]]]]]]]]]]]]].

destruct Y as [| hdy tly]; first by destruct nk.
exists hdy; split.
rewrite /= !assert_m.con_assoc_equiv assert_m.con_com_equiv assert_m.con_assoc_equiv in mem.
move: mem; apply monotony => ht //.
apply mapsto_ext => //; by rewrite /= sext_0 add_0.
rewrite /update_store_lw.
exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.

apply hoare_lw_back_alt'' with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\
  [Y_]_s = nth O Y zero32 /\ [Z_]_s = nth O Z zero32).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [mem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ r_Y_]]]]]]]]]]]]]]]].

destruct Z as [| hdz tlz]; first by destruct nk.
exists hdz; split.
rewrite /= !assert_m.con_assoc_equiv assert_m.con_com_equiv assert_m.con_assoc_equiv !assert_m.con_assoc_equiv assert_m.con_com_equiv !assert_m.con_assoc_equiv in mem.
move: mem; apply monotony => ht //.
apply mapsto_ext => //; by rewrite /= sext_0 add_0.
rewrite /update_store_lw.
exists (hdz :: tlz), next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.

apply hoare_multu with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\ [Z_]_s = nth O Z zero32 /\
  store.utoZ s <= (Zbeta 1 - 1) * (Zbeta 1 - 1) /\ store.utoZ s = u2Z (nth next X zero32) * u2Z (nth O Y zero32)).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ r_Z_]]]]]]]]]]]]]]]]].

exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.

by rewrite store.utoZ_multu; apply max_u2Z_umul.
by rewrite store.utoZ_multu u2Z_umul r_X_ r_Y_.

apply hoare_lw_back_alt'' with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\
  [Z_]_s = nth O Z zero32 /\ store.utoZ s <= (Zbeta 1 - 1) * (Zbeta 1 - 1) /\
  store.utoZ s = u2Z (nth next X zero32) * u2Z (nth O Y zero32) /\ [M_]_s = nth O M zero32).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [mem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ [r_Z_ [Hm1 Hm2]]]]]]]]]]]]]]]]]]].

destruct M as [| hdm tlm]; first by destruct nk.
exists hdm; split.
rewrite /= assert_m.con_com_equiv !assert_m.con_assoc_equiv in mem.
move: mem; apply monotony => h' //.
apply mapsto_ext => //=; by rewrite sext_0 add_0.
exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.

apply hoare_maddu with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\ [Z_]_s = nth O Z zero32 /\
  store.utoZ s <= Zbeta 1 * (Zbeta 1 - 1) /\
  store.utoZ s = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32) /\ [M_]_s = nth O M zero32).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ [r_Z_ [Hm1 [Hm2 r_M_]]]]]]]]]]]]]]]]]]]].
exists Z, next.
have Htmp : store.utoZ s < Zbeta 2 * (2 ^^ store.acx_size - 1).
  by apply Zle_lt_trans with ((Zbeta 1 - 1) * (Zbeta 1 - 1)).
repeat reg_upd.
do 8 (split; trivial).
by Assert_upd.
do 8 (split; trivial).
split.
- rewrite store.utoZ_maddu // Hone umul_1 u2Z_zext r_Z_.
  apply Zle_trans with ((Zbeta 1 - 1) + (Zbeta 1 - 1) * (Zbeta 1 - 1)); last by done.
  apply Zplus_le_compat.
  by apply Zle_minus_1; rewrite /Zbeta; apply max_u2Z.
  rewrite Hm2 -u2Z_umul; by apply max_u2Z_umul.
- by rewrite store.utoZ_maddu // Hone umul_1 u2Z_zext r_Z_ Hm2 Zplus_comm.

apply hoare_mflo with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\ [Z_]_s = nth O Z zero32 /\
  store.utoZ s <= Zbeta 1 * (Zbeta 1 - 1) /\
  store.utoZ s = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32) /\ [M_]_s = nth O M zero32 /\
  [t]_s = ((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ [r_Z_ [Hm1 [Hm2 r_M_]]]]]]]]]]]]]]]]]]]].

exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.
apply store.lo_remainder; first by rewrite -plus_assoc; apply le_plus_r.
rewrite Hm2 u2Z_add // u2Z_umul u2Z_zext // Zpower_is_exp -Zbeta1_Zpower2 -Zbeta_is_exp /=.
apply Zle_lt_trans with ((Zbeta 1 - 1) * (Zbeta 1 - 1) + (Zbeta 1 - 1)); last by done.
apply Zplus_le_compat.
rewrite -u2Z_umul; by apply max_u2Z_umul.
apply Zle_minus_1; by apply max_u2Z.

apply hoare_mfhi with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\
  [Z_]_s = nth O Z zero32 /\ store.utoZ s <= Zbeta 1 * (Zbeta 1 - 1) /\
  store.utoZ s = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32) /\
  [M_]_s = nth O M zero32 /\
  [t]_s = ((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32 /\
  u2Z ([s_]_s [.||] [t]_s) = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32)).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ [r_Z_ [Hm1 [Hm2 [r_M_ r_t]]]]]]]]]]]]]]]]]]]]].
exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.
have H : store.lo s = [t]_s.
  rewrite r_t; apply store.lo_remainder.
  + rewrite -plus_assoc; by apply le_plus_r.
  + rewrite Hm2 -u2Z_umul u2Z_add.
    * by rewrite u2Z_zext.
    * rewrite u2Z_zext Zpower_is_exp -Zbeta1_Zpower2 -Zbeta_is_exp /=.
      apply Zle_lt_trans with ((Zbeta 1 - 1) * (Zbeta 1 - 1) + (Zbeta 1 - 1)); last by done.
      apply Zplus_le_compat.
      - by apply (@max_u2Z_umul 32).
      - apply Zle_minus_1; by apply max_u2Z.
rewrite store.utoZ_def store.utoZ_acx_beta2 in Hm2; last by apply Zle_lt_trans with (Zbeta 1 * (Zbeta 1 - 1)).
rewrite u2Z_Z2u in Hm2; last by split; by [apply Zle_refl | apply Zpower_0].
rewrite -H u2Z_concat -Zbeta1_Zpower2 -Hm2; ring.

apply hoare_multu with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\
  [Z_]_s = nth O Z zero32 /\ store.utoZ s <= (Zbeta 1 - 1) * (Zbeta 1 - 1) /\ [M_]_s = nth O M zero32 /\
  [t]_s = ((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32 /\
  u2Z ([s_]_s [.||] [t]_s) = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32) /\
  store.utoZ s = u2Z [t]_s * u2Z [alpha]_s).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ [r_Z_ [Hm1 [Hm2 [r_M_ [r_t Hconcat]]]]]]]]]]]]]]]]]]]]]].
exists Z, next; repeat reg_upd.
do 7 (split; trivial).
split.
by Assert_upd.
do 8 (split; trivial).
split.
rewrite store.utoZ_multu; by apply max_u2Z_umul.
do 3 (split; trivial).
by rewrite store.utoZ_multu -u2Z_umul.

apply hoare_addiu with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\
  [Z_]_s = nth O Z zero32 /\ store.utoZ s <= (Zbeta 1 - 1) * (Zbeta 1 - 1) /\ [M_]_s = nth O M zero32 /\
  [t]_s = ((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32 /\
  u2Z ([s_]_s [.||] [t]_s) = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32) /\
  store.utoZ s = u2Z [t]_s * u2Z [alpha]_s /\ [int_]_s = one32).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [ r_X_ [r_Y_ [r_Z_ [Hm1 [r_M_ [r_t [Hconcat Hm2]]]]]]]]]]]]]]]]]]]]]].

exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.
by rewrite add_com add_0 // sext_Z2u.

apply hoare_mflo with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K,
    Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\
  [Y_]_s = nth O Y zero32 /\ [Z_]_s = nth O Z zero32 /\
  store.utoZ s <= (Zbeta 1 - 1) * (Zbeta 1 - 1) /\ [M_]_s = nth O M zero32 /\
  [t]_s = ((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32 /\
  u2Z ([s_]_s [.||] [t]_s) = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32) /\
  store.utoZ s = u2Z [t]_s * u2Z [alpha]_s /\ [int_]_s = one32 /\
  [quot]_s = (((nth next X zero32 [.*] nth O Y zero32) [.+] (zext 32 (nth O Z zero32)) [.%] 32)
    [.*] [alpha]_s) [.%] 32).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ [ r_Z_ [Hm1 [r_M_ [r_t [Hconcat [Hm2 r_int_]]]]]]]]]]]]]]]]]]]]]]].
exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.
apply store.lo_remainder.
- rewrite -plus_assoc; by apply le_plus_r.
- by rewrite Hm2 r_t -u2Z_umul.

apply hoare_mthi with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\ [one]_s = one32 /\
  (exists K, Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\
  [Z_]_s = nth O Z zero32 /\ store.utoZ s < Zbeta 2 /\ [M_]_s = nth O M zero32 /\
  [t]_s = ((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32 /\
  u2Z ([s_]_s [.||] [t]_s) = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32) /\
  [int_]_s = one32 /\
  [quot]_s = ((((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32)
    [.*] [alpha]_s) [.%] 32 /\ store.hi s = [s_]_s).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ [ r_Z_ [Hm1 [r_M_ [r_t [Hconcat [Hm2 [r_int_ r_quot]]]]]]]]]]]]]]]]]]]]]]]].

exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.
rewrite store.utoZ_def store.hi_mthi_op store.acx_mthi_op store.lo_mthi_op store.utoZ_acx_beta2; last first.
  rewrite Hm2.
  apply Zle_lt_trans with ((Zbeta 1 - 1) * (Zbeta 1 - 1)); last by done.
  rewrite -u2Z_umul; by apply max_u2Z_umul.
rewrite u2Z_Z2u //= -Zplus_0_r_reverse.
apply Zle_lt_trans with ((Zbeta 1 - 1) + (Zbeta 1 - 1) * Zbeta 1); last by done.
apply Zplus_le_compat.
apply Zle_minus_1; by apply max_u2Z.
apply Zmult_le_compat_r.
apply Zle_minus_1; by apply max_u2Z.
by apply Zbeta_0'.
by apply store.hi_mthi_op.

apply hoare_mtlo with (fun s h => exists Z, exists next, length Z = nk /\
  [x]_s = vx /\ [y]_s = vy /\ [z]_s = vz /\ [m]_s = vm /\
  u2Z [k]_s = Z_of_nat nk /\ [alpha]_s = valpha /\
  (var_e x |--> X ** var_e y |--> Y ** var_e z |--> Z ** var_e m |--> M) s h /\
  u2Z [ext]_s = Z_of_nat next /\ u2Z [ext]_s < u2Z [k]_s /\
  [one]_s = one32 /\ (exists K,
    Zbeta next * Sum (S nk) (Z ++ [C]_s :: nil) = Sum next X * Sum nk Y + K * Sum nk M /\
    Sum next X * Sum nk Y + K * Sum nk M < 2 * Sum nk M * Zbeta next) /\
  (next < nk)%nat /\ [X_]_s = nth next X zero32 /\ [Y_]_s = nth O Y zero32 /\
  [Z_]_s = nth O Z zero32 /\ store.utoZ s < Zbeta 2 /\ [M_]_s = nth O M zero32 /\
  [t]_s = ((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32 /\
  u2Z ([s_]_s [.||] [t]_s) = u2Z (nth next X zero32) * u2Z (nth O Y zero32) + u2Z (nth O Z zero32) /\
  [int_]_s = one32 /\
  [quot]_s = ((((nth next X zero32 [.*] nth O Y zero32) [.+] zext 32 (nth O Z zero32)) [.%] 32)
    [.*] [alpha]_s) [.%] 32 /\
  store.hi s = [s_]_s /\ store.lo s = [t]_s).

move=> s h [Z [next [HZ [r_x [r_y [r_z [r_m [r_k [r_alpha [Hmem [r_ext [Hextk' [Hone [Hinv [Hextk [r_X_ [r_Y_ [r_Z_ [Hm1 [r_M_ [r_t [Hconcat [r_int_ [r_quot Hm2]]]]]]]]]]]]]]]]]]]]]]]].

exists Z, next; repeat reg_upd; repeat (split; trivial).
by Assert_upd.
rewrite store.utoZ_def store.acx_mtlo_op store.lo_mtlo_op store.hi_mtlo_op store.utoZ_acx_beta2 //
  u2Z_Z2u //= -Zplus_0_r_reverse.
apply Zle_lt_trans with ((Zbeta 1 - 1) + (Zbeta 1 - 1) * Zbeta 1); last by done.
apply Zplus_le_compat.
- apply Zle_minus_1; by apply max_u2Z.
- apply Zmult_le_compat_r.
  + apply Zle_minus_1; by apply max_u2Z.
  + by apply Zbeta_0'.
rewrite -Hm2.
by apply store.hi_mtlo_op.
by apply store.lo_mtlo_op.