Skip to content

CSA proof#1

Open
osmanyasar05 wants to merge 7 commits intomainfrom
CSA_proof
Open

CSA proof#1
osmanyasar05 wants to merge 7 commits intomainfrom
CSA_proof

Conversation

@osmanyasar05
Copy link
Copy Markdown
Collaborator

@osmanyasar05 osmanyasar05 commented Mar 25, 2026

Implementation and verification of Carry Save Adder (CSA) circuit in Lean. The PR includes both a manual proof and automated one using bv_automata.

luisacicolini
luisacicolini reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown

@luisacicolini luisacicolini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Left a few comments!

cowardsa
cowardsa reviewed Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown

@cowardsa cowardsa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall an impressive amount of work - I wonder if extending t to w+1 is painful?

Secondly, your main lemma performs a conversion toNat - and I wonder if this is causing a major pain? In particular you could still do bitvector addition right, you'll just need to extend a,b and c to keep any carry-outs.

I would actually advocate that any zeroExtension should be done to inputs to a CSA that way there is space for keeping the carry-out within the bitvector itself - that way you can just do bitvec add of all three inputs

luisacicolini
luisacicolini reviewed Mar 26, 2026
View reviewed changes
@osmanyasar05
Copy link
Copy Markdown
Collaborator Author

osmanyasar05 commented Mar 26, 2026

@cowardsa Thanks for the feedback! Yes, the two questions are related I think. It's a big part/problem of the proof. The reason I use toNat's is to make the addition of s (width w) and t (width w+1) possible. I'll look into how zeroExtension could obviate this.

@osmanyasar05
Copy link
Copy Markdown
Collaborator Author

osmanyasar05 commented Mar 26, 2026

@luisacicolini thanks a lot for the review! I addressed the comments.

@cowardsa
Copy link
Copy Markdown

cowardsa commented Mar 26, 2026

@cowardsa Thanks for the feedback! Yes, the two questions are related I think. It's a big part/problem of the proof. The reason I use toNat's is to make the addition of s (width w) and t (width w+1) possible. I'll look into how zeroExtension could obviate this.

Can't we just keep s and t to be the same width (w) - then you'll need to extend them before performing t<<1 + s?

luisacicolini
luisacicolini reviewed Mar 26, 2026
View reviewed changes
@osmanyasar05
Copy link
Copy Markdown
Collaborator Author

osmanyasar05 commented Mar 26, 2026

@cowardsa Thanks for the feedback! Yes, the two questions are related I think. It's a big part/problem of the proof. The reason I use toNat's is to make the addition of s (width w) and t (width w+1) possible. I'll look into how zeroExtension could obviate this.

Can't we just keep s and t to be the same width (w) - then you'll need to extend them before performing t<<1 + s?

Yes, this approach makes sense! I have just pushed a commit where I modified t to have width w, and changed the proofs accordingly. I will work on overhauling the rest of the proof and see how I can minimize toNat conversions.

@osmanyasar05 osmanyasar05 mentioned this pull request Mar 27, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luisacicolini luisacicolini luisacicolini left review comments

@cowardsa cowardsa cowardsa left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@osmanyasar05 @cowardsa @luisacicolini