Merge branch 'master' into 'master'

adding smt interval analysis

See merge request AVA/FloVer!15

attic/coq/testcases_smt/smt_bottom_up.v

+Require Import Flover.CertificateChecker.
+Require Import Flover.SMTArith.
+Definition x0 :expr Q := Var Q 0.
+Definition y1 :expr Q := Var Q 1.
+Definition e1 :expr Q := Binop Plus x0 y1.
+Definition e2 :expr Q := Binop Div e1 y1.
+Definition C34 :expr Q := Const M64 ((17)#(5)).
+Definition e5 :expr Q := Binop Plus e2 C34.
+Definition Rete5 := Ret e5.
+
+
+Definition defVars_fnc1 :FloverMap.t mType :=
+(FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 0) (M64) (FloverMap.empty mType))).
+
+
+Definition thePrecondition_fnc1:precond := fun (n:nat) =>
+if n =? 0 then ( (-3)#(1), (6)#(1)) else if n =? 1 then ( (2)#(1), (8)#(1)) else (0#1,0#1).
+
+Definition absenv_fnc1 :analysisResult := Eval compute in
+FloverMap.add e5 (( (29)#(10), (75821)#(10240)), (31656575032439604176368417020690028172637826983022229834977068248762132258095105)#(4767828205180598627806767057994257910674911537412415567148097160036817151091933841114427031552)) (FloverMap.add C34 (( (17)#(5), (17)#(5)), (17)#(45035996273704960)) (FloverMap.add e2 (( (-1)#(2), (8201)#(2048)), (2879632975312110162723860570159105251222262341380356792653971457)#(529335265084873566077879553980951356026419978008369989458181366086188773933056)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add e1 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add x0 (( (-3)#(1), (6)#(1)), (3)#(4503599627370496)) (FloverMap.empty (intv * error)))))))).
+
+Definition querymap_fnc1 := Eval compute in
+FloverMap.add e5 (nil) (FloverMap.add C34 (nil) (FloverMap.add e2 ((cons (AndQ (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))) (AndQ (LessEqQ (VarQ 1) (ConstQ ((8)#(1)))) (AndQ (LessEqQ (ConstQ ((-3)#(1))) (VarQ 0)) (AndQ (LessEqQ (ConstQ ((2)#(1))) (VarQ 1)) (LessEqQ (VarQ 0) (ConstQ ((6)#(1)))))))) nil)) (FloverMap.add y1 (nil) (FloverMap.add e1 (nil) (FloverMap.add y1 (nil) (FloverMap.add x0 (nil) (FloverMap.empty (list SMTLogic)))))))).
+
+Require Import Coq.Reals.Reals Coq.QArith.Qreals.
+Require Import RealRangeArith.
+Require Import Flover.Expressions.
+
+Definition query :=
+      match FloverMap.find e2 querymap_fnc1 with
+      | Some (List.cons q _) => q
+      | _ => EqualsQ (ConstQ (0#1)) (ConstQ (1#1)) (* 0 == 1 *)
+      end.
+
+Lemma eval_smt_expr E e v :
+  eval_smt E e v -> eval_expr E (fun _ => Some REAL) (toRExp (SMTArith2Expr e)) v REAL.
+Proof with try (right; apply Rabs_R0).
+  induction 1.
+  - now constructor.
+  - rewrite <- (delta_0_deterministic _ REAL 0)... constructor...
+  - rewrite <- (delta_0_deterministic _ REAL 0)... apply (Unop_neg (m:= REAL)); auto.
+  - rewrite <- (delta_0_deterministic _ REAL 0)...
+    apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
+  - rewrite <- (delta_0_deterministic _ REAL 0)...
+    apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
+  - rewrite <- (delta_0_deterministic _ REAL 0)...
+    apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
+  - rewrite <- (delta_0_deterministic _ REAL 0)...
+    apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto...
+Qed.
+
+Lemma eval_expr_smt E Gamma e v :
+  eval_expr E (toRTMap Gamma) (toREval (toRExp (SMTArith2Expr e))) v REAL
+  -> eval_smt E e v.
+Proof.
+  induction e in v |- *; cbn; intros H.
+  - inversion H. cbn. constructor.
+  - inversion H. cbn. constructor; auto.
+  - inversion H. cbn. constructor. destruct m; try discriminate. auto.
+  - inversion H. cbn. constructor.
+    + apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+    + apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
+  - inversion H. cbn. constructor.
+    + apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+    + apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
+  - inversion H. cbn. constructor.
+    + apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+    + apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
+  - inversion H. cbn. constructor; auto.
+    + apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+    + apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
+Qed.
+
+Lemma e2_to_smt : e2 = SMTArith2Expr (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1)).
+Proof.
+  reflexivity.
+Qed.
+
+(*
+Lemma refute_bound E :
+  fVars_P_sound (usedVars e2) E thePrecondition_fnc1
+  -> ~ eval_smt_logic E query
+  -> ~ eval_smt_logic E (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))).
+Proof.
+  intros P unsatQ B.
+  apply unsatQ. cbn. repeat constructor.
+  - exact B.
+  - destruct (P 1%nat) as [v1 [H0 H1]]. now cbn; set_tac.
+    eapply LessEqQ_eval. 1-2: constructor; eauto. apply H1.
+  - destruct (P 0%nat) as [v1 [H0 H1]]. now cbn; set_tac.
+    eapply LessEqQ_eval. 1-2: constructor; eauto. apply H1.
+  - destruct (P 1%nat) as [v1 [H0 H1]]. now cbn; set_tac.
+    eapply LessEqQ_eval. 1-2: constructor; eauto. apply H1.
+  - destruct (P 0%nat) as [v1 [H0 H1]]. now cbn; set_tac.
+    eapply LessEqQ_eval. 1-2: constructor; eauto. apply H1.
+Qed.
+*)
+
+Lemma refute_bound E :
+  fVars_P_sound (usedVars e2) E thePrecondition_fnc1
+  -> ~ eval_smt_logic E query
+  -> ~ eval_smt_logic E (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))).
+Proof.
+  intros P unsatQ B.
+  apply unsatQ. cbn. repeat split.
+  - exact B.
+  - destruct (P 1%nat) as [v1 [H0 H1]]. now cbn; set_tac.
+    exists v1. eexists. repeat split. 1-2: now constructor. apply H1.
+  - destruct (P 0%nat) as [v1 [H0 H1]]. now cbn; set_tac.
+    eexists. exists v1. repeat split. 1-2: now constructor. apply H1.
+  - destruct (P 1%nat) as [v1 [H0 H1]]. now cbn; set_tac.
+    eexists. exists v1. repeat split. 1-2: now constructor. apply H1.
+  - destruct (P 0%nat) as [v1 [H0 H1]]. now cbn; set_tac.
+    exists v1. eexists. repeat split. 1-2: now constructor. apply H1.
+Qed.
+
+Theorem RangeBound_e2_sound E Gamma v :
+  fVars_P_sound (usedVars e2) E thePrecondition_fnc1
+  -> ~ eval_smt_logic E query
+  -> eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL
+  -> v <= Q2R ((8201)#(2048)).
+Proof.
+  intros Psound unsatQ e2v.
+  rewrite e2_to_smt in e2v.
+  apply eval_expr_smt in e2v.
+  apply Rnot_lt_le. intros B.
+  eapply refute_bound. 1-2: eassumption.
+  eexists. exists v. repeat split. constructor. exact e2v. exact B.
+Qed.

attic/coq/testcases_smt/smt_bottom_up2.v

+Require Import Flover.CertificateChecker.
+Require Import Flover.SMTArith.
+Definition x0 :expr Q := Var Q 0.
+Definition y1 :expr Q := Var Q 1.
+Definition e1 :expr Q := Binop Plus x0 y1.
+Definition e2 :expr Q := Binop Div e1 y1.
+Definition C34 :expr Q := Const M64 ((17)#(5)).
+Definition e5 :expr Q := Binop Plus e2 C34.
+Definition Rete5 := Ret e5.
+
+
+Definition defVars_fnc1 :FloverMap.t mType :=
+(FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 0) (M64) (FloverMap.empty mType))).
+
+Definition thePrecondition_fnc1: FloverMap.t intv :=
+  FloverMap.add x0 ((-3)#(1), (6)#(1)) (FloverMap.add y1 (2#1, 8#1) (FloverMap.empty intv)).
+
+Definition absenv_fnc1 :analysisResult := Eval compute in
+FloverMap.add e5 (( (29)#(10), (75821)#(10240)), (31656575032439604176368417020690028172637826983022229834977068248762132258095105)#(4767828205180598627806767057994257910674911537412415567148097160036817151091933841114427031552)) (FloverMap.add C34 (( (17)#(5), (17)#(5)), (17)#(45035996273704960)) (FloverMap.add e2 (( (-1)#(2), (8201)#(2048)), (2879632975312110162723860570159105251222262341380356792653971457)#(529335265084873566077879553980951356026419978008369989458181366086188773933056)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add e1 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add x0 (( (-3)#(1), (6)#(1)), (3)#(4503599627370496)) (FloverMap.empty (intv * error)))))))).
+
+Definition querymap_fnc1 := Eval compute in
+FloverMap.add e5 (nil) (FloverMap.add C34 (nil) (FloverMap.add e2 ((cons (AndQ (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))) (AndQ (LessEqQ (VarQ 1) (ConstQ ((8)#(1)))) (AndQ (LessEqQ (ConstQ ((-3)#(1))) (VarQ 0)) (AndQ (LessEqQ (ConstQ ((2)#(1))) (VarQ 1)) (LessEqQ (VarQ 0) (ConstQ ((6)#(1)))))))) nil)) (FloverMap.add y1 (nil) (FloverMap.add e1 (nil) (FloverMap.add y1 (nil) (FloverMap.add x0 (nil) (FloverMap.empty (list SMTLogic)))))))).
+
+Require Import Coq.Reals.Reals Coq.QArith.Qreals.
+Require Import RealRangeArith.
+Require Import Flover.Expressions.
+
+Definition query :=
+      match FloverMap.find e2 querymap_fnc1 with
+      | Some (List.cons q _) => q
+      | _ => TrueQ
+      end.
+
+(*
+Definition prec :=
+  match query with
+  | AndQ q1 q2 => q2
+  | _ => TrueQ
+  end.
+*)
+
+Definition prec :=
+  AndQ (LessEqQ (ConstQ (-3 # 1)) (VarQ 0))
+       (AndQ (LessEqQ (VarQ 0) (ConstQ (6 # 1)))
+             (AndQ (LessEqQ (ConstQ (2 # 1)) (VarQ 1))
+                   (AndQ (LessEqQ (VarQ 1) (ConstQ (8 # 1))) TrueQ))).
+
+Definition bound :=
+  match query with
+  | AndQ q1 q2 => q1
+  | _ => TrueQ
+  end.
+
+Lemma prec_bound_correct E :
+  eval_smt_logic E query <-> eval_smt_logic E (AndQ prec bound).
+Proof.
+  cbn. tauto.
+Qed.
+
+Definition bound_expr :=
+  match bound with
+  | LessQ e (ConstQ r) => e
+  | LessQ (ConstQ r) e => e
+  | _ => ConstQ (0#1)
+  end.
+
+Lemma e2_to_smt : e2 = SMTArith2Expr bound_expr.
+Proof.
+  reflexivity.
+Qed.
+
+(*
+Lemma precond_bound_correct E :
+  eval_precond E thePrecondition_fnc1
+  -> eval_smt_logic E bound
+  -> eval_smt_logic E query.
+Proof.
+  intros P B.
+  apply prec_bound_correct.
+  constructor.
+  - eapply checkPre_pre_smt. 2: exact P.
+    reflexivity.
+  - exact B.
+Qed.
+*)
+
+Theorem RangeBound_e2_sound E Gamma v :
+  eval_precond E thePrecondition_fnc1
+  -> ~ eval_smt_logic E query
+  -> eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL
+  -> v <= Q2R ((8201)#(2048)).
+Proof.
+  intros H1 H2 H3.
+  rewrite e2_to_smt in H3.
+  eapply (RangeBound_high_sound (preQ:= prec) H1 _ _ H3).
+  Unshelve.
+  - reflexivity.
+  - intros H. apply H2. apply prec_bound_correct. destruct H as [Hp [Hb _]].
+    now constructor.
+Qed.

attic/coq/testcases_smt/smt_bottom_up_let.v

+Require Import Flover.CertificateChecker.
+Require Import Flover.SMTArith.
+Definition x0 :expr Q := Var Q 0.
+Definition y1 :expr Q := Var Q 1.
+Definition e1 :expr Q := Binop Plus x0 y1.
+Definition z4 :expr Q := Var Q 4.
+Definition e2 :expr Q := Binop Div z4 y1.
+Definition C34 :expr Q := Const M64 ((17)#(5)).
+Definition e5 :expr Q := Binop Plus e2 C34.
+Definition Rete5 := Ret e5.
+Definition Letz4e1Rete5 := Let M64 4 e1 Rete5.
+
+
+Definition defVars_fnc1 :FloverMap.t mType :=
+(FloverMap.add (Var Q 4) (M64) (FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 0) (M64) (FloverMap.empty mType)))).
+
+
+Definition thePrecondition_fnc1: FloverMap.t intv :=
+  FloverMap.add x0 ((-3)#(1), (6)#(1)) (FloverMap.add y1 (2#1, 8#1) (FloverMap.empty intv)).
+
+Definition absenv_fnc1 :analysisResult := Eval compute in
+FloverMap.add (Var Q 4) (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032) ) (FloverMap.add e5 (( (29)#(10), (75821)#(10240)), (31656575032439604176368417020690028172637826983022229834977068248762132258095105)#(4767828205180598627806767057994257910674911537412415567148097160036817151091933841114427031552)) (FloverMap.add C34 (( (17)#(5), (17)#(5)), (17)#(45035996273704960)) (FloverMap.add e2 (( (-1)#(2), (8201)#(2048)), (2879632975312110162723860570159105251222262341380356792653971457)#(529335265084873566077879553980951356026419978008369989458181366086188773933056)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add z4 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add e1 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add x0 (( (-3)#(1), (6)#(1)), (3)#(4503599627370496)) (FloverMap.empty (intv * error)))))))))).
+
+Definition querymap_fnc1 :=
+FloverMap.add (Var Q 4) (nil) (FloverMap.add e5 (nil) (FloverMap.add C34 (nil) (FloverMap.add e2 ((cons (AndQ (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))) (AndQ (LessEqQ (VarQ 1) (ConstQ ((8)#(1)))) (AndQ (LessEqQ (ConstQ ((-3)#(1))) (VarQ 0)) (AndQ (LessEqQ (ConstQ ((2)#(1))) (VarQ 1)) (LessEqQ (VarQ 0) (ConstQ ((6)#(1)))))))) nil)) (FloverMap.add y1 (nil) (FloverMap.add z4 (nil) (FloverMap.add e1 (nil) (FloverMap.add y1 (nil) (FloverMap.add x0 (nil) (FloverMap.empty (list SMTLogic)))))))))).
+
+Require Import Coq.Reals.Reals Coq.QArith.Qreals.
+Require Import RealRangeArith.
+Require Import Flover.Expressions.
+
+Definition query :=
+      match FloverMap.find e2 querymap_fnc1 with
+      | Some (List.cons q _) => q
+      | _ => TrueQ
+      end.
+
+(*
+Definition prec :=
+  match query with
+  | AndQ q1 q2 => q2
+  | _ => TrueQ
+  end.
+*)
+
+Definition prec :=
+  AndQ (LessEqQ (ConstQ (-3 # 1)) (VarQ 0))
+       (AndQ (LessEqQ (VarQ 0) (ConstQ (6 # 1)))
+             (AndQ (LessEqQ (ConstQ (2 # 1)) (VarQ 1))
+                   (AndQ (LessEqQ (VarQ 1) (ConstQ (8 # 1))) TrueQ))).
+
+Definition bound :=
+  match query with
+  | AndQ q1 q2 => q1
+  | _ => TrueQ
+  end.
+
+Lemma prec_bound_correct E :
+  eval_smt_logic E query <-> eval_smt_logic E (AndQ prec bound).
+Proof.
+  cbn. tauto.
+Qed.
+
+Lemma eval_smt_expr E e v :
+  eval_smt E e v -> eval_expr E (fun _ => Some REAL) (toRExp (SMTArith2Expr e)) v REAL.
+Proof with try (right; apply Rabs_R0).
+  induction 1.
+  - now constructor.
+  - rewrite <- (delta_0_deterministic _ REAL 0)... constructor...
+  - rewrite <- (delta_0_deterministic _ REAL 0)... apply (Unop_neg (m:= REAL)); auto.
+  - rewrite <- (delta_0_deterministic _ REAL 0)...
+    apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
+  - rewrite <- (delta_0_deterministic _ REAL 0)...
+    apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
+  - rewrite <- (delta_0_deterministic _ REAL 0)...
+    apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
+  - rewrite <- (delta_0_deterministic _ REAL 0)...
+    apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto...
+Qed.
+
+Lemma eval_expr_smt E Gamma e v :
+  eval_expr E (toRTMap Gamma) (toREval (toRExp (SMTArith2Expr e))) v REAL
+  -> eval_smt E e v.
+Proof.
+  induction e in v |- *; cbn; intros H.
+  - inversion H. cbn. constructor.
+  - inversion H. cbn. constructor; auto.
+  - inversion H. cbn. constructor. destruct m; try discriminate. auto.
+  - inversion H. cbn. constructor.
+    + apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+    + apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
+  - inversion H. cbn. constructor.
+    + apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+    + apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
+  - inversion H. cbn. constructor.
+    + apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+    + apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
+  - inversion H. cbn. constructor; auto.
+    + apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+    + apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
+Qed.
+
+Definition bound_expr :=
+  match bound with
+  | LessQ e (ConstQ r) => e
+  | LessQ (ConstQ r) e => e
+  | _ => ConstQ (0#1)
+  end.
+
+Lemma e2_to_smt : e2 = SMTArith2Expr bound_expr.
+Proof.
+Abort.
+
+Lemma eval_e2_inlined E Gamma v :
+  eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL -> eval_expr E (toRTMap Gamma) (toREval (toRExp (SMTArith2Expr bound_expr))) v REAL.
+Proof with try (right; apply Rabs_R0).
+  rewrite <- (delta_0_deterministic _ REAL 0)...
+  intros H. inversion H.
+  apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto...
+  - admit.
+  - rewrite <- (toRTMap_eval_REAL (Var R 1) H9). assumption.
+Admitted.
+
+Lemma precond_bound_correct E :
+  eval_precond E thePrecondition_fnc1
+  -> eval_smt_logic E bound
+  -> eval_smt_logic E query.
+Proof.
+  intros P B.
+  apply prec_bound_correct.
+  constructor.
+  - eapply checkPre_pre_smt. 2: exact P.
+    reflexivity.
+  - exact B.
+Qed.
+
+Theorem RangeBound_e2_sound E Gamma v :
+  eval_precond E thePrecondition_fnc1
+  -> ~ eval_smt_logic E query
+  -> eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL
+  -> v <= Q2R ((8201)#(2048)).
+Proof.
+  intros P nQ e2v.
+  apply eval_e2_inlined in e2v.
+  apply eval_expr_smt in e2v.
+  apply Rnot_lt_le. intros B.
+  apply nQ. apply precond_bound_correct. assumption.
+  do 2 eexists. repeat split; first [eassumption | constructor].
+Qed.

attic/coq/testcases_smt/testcase_Doppler.v

+Require Import Flover.CertificateChecker.
+Require Import Flover.SMTArith.
+(* Require Import Flover.SMTValidation. *)
+Definition C12 :expr Q := Const M64 ((1657)#(5)).
+Definition C34 :expr Q := Const M64 ((3)#(5)).
+Definition T2 :expr Q := Var Q 2.
+Definition e5 :expr Q := Binop Mult C34 T2.
+Definition e6 :expr Q := Binop Plus C12 e5.
+Definition UMine6 :expr Q := Unop Neg e6.
+Definition v1 :expr Q := Var Q 1.
+Definition e7 :expr Q := Binop Mult UMine6 v1.
+Definition u0 :expr Q := Var Q 0.
+Definition e8 :expr Q := Binop Plus e6 u0.
+Definition e9 :expr Q := Binop Mult e8 e8.
+Definition e10 :expr Q := Binop Div e7 e9.
+Definition Rete10 := Ret e10.
+
+
+Definition defVars_doppler :FloverMap.t mType :=
+(FloverMap.add (Var Q 0) (M64) (FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 2) (M64) (FloverMap.empty mType)))).
+
+
+Definition thePrecondition_doppler :=
+  FloverMap.add u0 (-100#1, 100#1) (FloverMap.add v1 (20#1, 20000#1) (FloverMap.add T2 (-30#1, 50#1) (FloverMap.empty intv))).
+
+Definition absenv_doppler :analysisResult := Eval compute in
+FloverMap.add e10 (( (-26688776647036775)#(193898302136352), (-156700)#(5322249)), (4539010972026683303050120095327512216096422204478916695616374703820945778271922835308820707992089065905809072803102359543119833046473491986173951465620708023920966108209278836911630406540351629664583258832952458474781714583641201336156211255871250258363339134573360321968683520123662731962148793248799126762059670142230384240259443958280927316219469399605577522382054092479955357491038836701067526006061330750371234271363459989977730726293112263204327432621633884375)#(6946881575336902398274073006442580695940363163353906376754739965735202698392559846418891988118801115081550268650112893004414138824905360424712176030962427176970330198413894472430113124972848478861036028596232644451943248527831305533814306762870254280021814184312793167557111190875651884658457951357503922164630579910655264970400579248413892869201129019278339105434841776095040929995238102957547326071498788437802549670716277097027061404357118143901490561892403102252934918832128)) (FloverMap.add e9 (( (1138489)#(25), (5322249)#(25)), (31925542667783538931925887764808218521724458943918984144150813990256848378453146446353514550378395469015865480921312990060616935650290296361584748492021295664945174009)#(197864321178483627248402016815717752028105079280969471931250444874317780085225493736253120848994435991678137140812911471481092027445400967974036924081514534333285417718959308800)) (FloverMap.add e8 (( (1067)#(5), (2307)#(5)), (22118872259511654165679074210367094250583915178799247531173589549131)#(148213874223764730142170860811120522052185580372019921970505707530128805939118080)) (FloverMap.add u0 (( (-100)#(1), (100)#(1)), (25)#(2251799813685248)) (FloverMap.add e6 (( (1567)#(5), (1807)#(5)), (286015870425657721837309664377505636991869898457103)#(3291009114642412084309938365114701009965471731267159726697218048)) (FloverMap.add e5 (( (-18)#(1), (30)#(1)), (3650833728657301081634471694827535)#(365375409332725729550921208179070754913983135744)) (FloverMap.add T2 (( (-30)#(1), (50)#(1)), (25)#(4503599627370496)) (FloverMap.add C34 (( (3)#(5), (3)#(5)), (3)#(45035996273704960)) (FloverMap.add C12 (( (1657)#(5), (1657)#(5)), (1657)#(45035996273704960)) (FloverMap.add e8 (( (1067)#(5), (2307)#(5)), (22118872259511654165679074210367094250583915178799247531173589549131)#(148213874223764730142170860811120522052185580372019921970505707530128805939118080)) (FloverMap.add u0 (( (-100)#(1), (100)#(1)), (25)#(2251799813685248)) (FloverMap.add e6 (( (1567)#(5), (1807)#(5)), (286015870425657721837309664377505636991869898457103)#(3291009114642412084309938365114701009965471731267159726697218048)) (FloverMap.add e5 (( (-18)#(1), (30)#(1)), (3650833728657301081634471694827535)#(365375409332725729550921208179070754913983135744)) (FloverMap.add T2 (( (-30)#(1), (50)#(1)), (25)#(4503599627370496)) (FloverMap.add C34 (( (3)#(5), (3)#(5)), (3)#(45035996273704960)) (FloverMap.add C12 (( (1657)#(5), (1657)#(5)), (1657)#(45035996273704960)) (FloverMap.add e7 (( (-7228000)#(1), (-6268)#(1)), (27893851128912527228254446719689338467872526596253813879482502889568449178778992649375)#(8343699359066055009355553539724812947666814540455674882605631280555545803830627148527195652096)) (FloverMap.add v1 (( (20)#(1), (20000)#(1)), (625)#(281474976710656)) (FloverMap.add UMine6 (( (-1807)#(5), (-1567)#(5)), (286015870425657721837309664377505636991869898457103)#(3291009114642412084309938365114701009965471731267159726697218048)) (FloverMap.add e6 (( (1567)#(5), (1807)#(5)), (286015870425657721837309664377505636991869898457103)#(3291009114642412084309938365114701009965471731267159726697218048)) (FloverMap.add e5 (( (-18)#(1), (30)#(1)), (3650833728657301081634471694827535)#(365375409332725729550921208179070754913983135744)) (FloverMap.add T2 (( (-30)#(1), (50)#(1)), (25)#(4503599627370496)) (FloverMap.add C34 (( (3)#(5), (3)#(5)), (3)#(45035996273704960)) (FloverMap.add C12 (( (1657)#(5), (1657)#(5)), (1657)#(45035996273704960)) (FloverMap.empty (intv * error))))))))))))))))))))))))).
+
+Definition querymap_doppler :=
+FloverMap.add e10 ((AndQ (AndQ (LessEqQ (VarQ 1) (ConstQ ((20000)#(1)))) (AndQ (LessEqQ (ConstQ ((-30)#(1))) (VarQ 2)) (AndQ (LessEqQ (ConstQ ((20)#(1))) (VarQ 1)) (AndQ (LessEqQ (ConstQ ((-100)#(1))) (VarQ 0)) (AndQ (LessEqQ (VarQ 0) (ConstQ ((100)#(1)))) (AndQ (LessEqQ (VarQ 2) (ConstQ ((50)#(1)))) TrueQ)))))) (AndQ (LessQ (DivQ (TimesQ (UMinusQ (PlusQ (ConstQ ((1657)#(5))) (TimesQ (ConstQ ((3)#(5))) (VarQ 2)))) (VarQ 1)) (TimesQ (PlusQ (PlusQ (ConstQ ((1657)#(5))) (TimesQ (ConstQ ((3)#(5))) (VarQ 2))) (VarQ 0)) (PlusQ (PlusQ (ConstQ ((1657)#(5))) (TimesQ (ConstQ ((3)#(5))) (VarQ 2))) (VarQ 0)))) (ConstQ ((-26688776647036775)#(193898302136352)))) TrueQ)), FalseQ) (FloverMap.empty (SMTLogic * SMTLogic)).
+
+(*
+Theorem test_validation :
+  validSMTIntervalbounds e10 absenv_doppler thePrecondition_doppler querymap_doppler NatSet.empty = true.
+Proof.
+  cbv.
+Abort.
+*)

attic/coq/testcases_smt/testcase_aritmetic.v

+Require Import Flover.CertificateChecker.
+Definition x0 :expr Q := Var Q 0.
+Definition y1 :expr Q := Var Q 1.
+Definition e1 :expr Q := Binop Plus x0 y1.
+Definition e2 :expr Q := Binop Div e1 y1.
+Definition C34 :expr Q := Const M64 ((17)#(5)).
+Definition e5 :expr Q := Binop Plus e2 C34.
+Definition Rete5 := Ret e5.
+
+
+Definition defVars_fnc1 :FloverMap.t mType :=
+(FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 0) (M64) (FloverMap.empty mType))).
+
+Definition thePrecondition_fnc1: FloverMap.t intv :=
+  FloverMap.add x0 ((-3)#(1), (6)#(1)) (FloverMap.add y1 (2#1, 8#1) (FloverMap.empty intv)).
+
+Definition absenv_fnc1 :analysisResult := Eval compute in
+FloverMap.add e5 (( (29)#(10), (75821)#(10240)), (31656575032439604176368417020690028172637826983022229834977068248762132258095105)#(4767828205180598627806767057994257910674911537412415567148097160036817151091933841114427031552)) (FloverMap.add C34 (( (17)#(5), (17)#(5)), (17)#(45035996273704960)) (FloverMap.add e2 (( (-1)#(2), (8201)#(2048)), (2879632975312110162723860570159105251222262341380356792653971457)#(529335265084873566077879553980951356026419978008369989458181366086188773933056)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add e1 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add x0 (( (-3)#(1), (6)#(1)), (3)#(4503599627370496)) (FloverMap.empty (intv * error)))))))).
+
+Definition querymap_fnc1 :=
+FloverMap.add e2 (FalseQ, (AndQ (AndQ (LessEqQ (VarQ 0) (ConstQ ((6)#(1)))) (AndQ (LessEqQ (VarQ 1) (ConstQ ((8)#(1)))) (AndQ (LessEqQ (ConstQ ((-3)#(1))) (VarQ 0)) (AndQ (LessEqQ (ConstQ ((2)#(1))) (VarQ 1)) TrueQ)))) (AndQ (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))) TrueQ))) (FloverMap.empty (SMTLogic * SMTLogic)).
+
+Theorem ErrorBound_fnc1_Sound :
+  CertificateChecker e5 absenv_fnc1 thePrecondition_fnc1 querymap_fnc1 defVars_fnc1 = true.
+Proof.
+  vm_compute.
+Abort.
+
+Require Import Coq.Reals.Reals Coq.QArith.Qreals.
+Require Import RealRangeArith.
+Require Import Flover.Expressions.
+
+Definition loQ :=
+  match FloverMap.find e2 querymap_fnc1 with
+  | Some (q, _) => q
+  | _ => FalseQ
+  end.
+
+Definition hiQ :=
+  match FloverMap.find e2 querymap_fnc1 with
+  | Some (_, q) => q
+  | _ => FalseQ
+  end.
+
+Definition query := hiQ.
+
+Definition prec := optionBind (getPrecond query) (fun q => q) TrueQ.
+
+Definition prec_reorder := precond2SMT thePrecondition_fnc1.
+  (*
+  AndQ (LessEqQ (ConstQ (-3 # 1)) (VarQ 0))
+       (AndQ (LessEqQ (VarQ 0) (ConstQ (6 # 1)))
+             (AndQ (LessEqQ (ConstQ (2 # 1)) (VarQ 1))
+                   (AndQ (LessEqQ (VarQ 1) (ConstQ (8 # 1))) TrueQ))).
+   *)
+
+Definition bound := optionBind (getBound query) (fun q => q) TrueQ.
+
+Lemma prec_bound_correct E :
+  eval_smt_logic E query <-> eval_smt_logic E (AndQ prec_reorder bound).
+Proof.
+  cbv. tauto.
+Qed.
+
+Definition bound_expr :=
+  match bound with
+  | LessQ e (ConstQ r) => e
+  | LessQ (ConstQ r) e => e
+  | _ => ConstQ (0#1)
+  end.
+
+Lemma e2_to_smt : e2 = SMTArith2Expr bound_expr.
+Proof.
+  reflexivity.
+Qed.
+
+Theorem RangeBound_e2_sound E Gamma v :
+  eval_precond E thePrecondition_fnc1
+  -> ~ eval_smt_logic E query
+  -> eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL
+  -> v <= Q2R ((8201)#(2048)).
+Proof.
+  intros H1 H2 H3.
+  rewrite e2_to_smt in H3.
+  eapply (RangeBound_high_sound (preQ:= prec_reorder) H1 _ _ H3).
+  Unshelve.
+  - reflexivity.
+  -  intros H. apply H2. apply prec_bound_correct.
+     destruct H as [Hp [Hb _]]. now constructor.
+Qed.

coq/CertificateChecker.v

@@ -9,15 +9,15 @@ From Flover
      Infra.Ltacs RealRangeArith RealRangeValidator RoundoffErrorValidator
      Environments TypeValidator FPRangeValidator ExpressionAbbrevs Commands.
 
-Require Export ExpressionSemantics Flover.Commands Coq.QArith.QArith.
+Require Export ExpressionSemantics Flover.Commands Coq.QArith.QArith Flover.SMTArith.
 
 (** Certificate checking function **)
 Definition CertificateChecker (e:expr Q) (absenv:analysisResult)
-           (P:precond) (defVars:FloverMap.t  mType):=
+           (P: precond) Qmap (defVars:FloverMap.t  mType):=
   let tMap := (getValidMap defVars e (FloverMap.empty mType)) in
   match tMap with
   |Succes tMap =>
-   if RangeValidator e absenv P NatSet.empty && FPRangeValidator e absenv tMap NatSet.empty
+   if RangeValidator e absenv P Qmap NatSet.empty && FPRangeValidator e absenv tMap NatSet.empty
    then RoundoffErrorValidator e tMap absenv NatSet.empty
    else false
   | _ => false
@@ -26,16 +26,15 @@ Definition CertificateChecker (e:expr Q) (absenv:analysisResult)
 (**
    Soundness proof for the certificate checker.
    Apart from assuming two executions, one in R and one on floats, we assume that
-   the real valued execution respects the precondition.
+   the real valued execution respects the precondition and dissatisfies the queries.
 **)
-Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P defVars:
+Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P Qmap defVars:
   forall (E1 E2:env) DeltaMap,
     (forall (v : R) (m' : mType),
         exists d : R, DeltaMap v m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
-    (forall v, NatSet.In v (Expressions.usedVars e) ->
-          exists vR, E1 v = Some vR /\
-                (Q2R (fst (P v)) <= vR <= Q2R (snd (P v)))%R) ->
-    CertificateChecker e absenv P defVars = true ->
+    eval_precond E1 P ->
+    unsat_queries Qmap ->
+    CertificateChecker e absenv P Qmap defVars = true ->
     exists Gamma,
       approxEnv E1 (toRExpMap Gamma) absenv (usedVars e) NatSet.empty E2 ->
       exists iv err vR vF m,
@@ -50,7 +49,7 @@ Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P defVa
    validator and the error bound validator.
 **)
 Proof.
-  intros * deltas_matched P_valid certificate_valid.
+  intros * deltas_matched P_valid unsat_qs certificate_valid.
   unfold CertificateChecker in certificate_valid.
   destruct (getValidMap defVars e (FloverMap.empty mType)) eqn:?; try congruence.
   rename t into Gamma.
@@ -64,8 +63,8 @@ Proof.
   assert (dVars_range_valid NatSet.empty E1 absenv).
   { unfold dVars_range_valid.
     intros; set_tac. }
-  assert (affine_dVars_range_valid NatSet.empty E1 absenv 1 (FloverMap.empty _) (fun _ => None))
-    as affine_dvars_valid.
+  assert (affine_dVars_range_valid NatSet.empty E1 absenv 1 (FloverMap.empty _)
+                                   (fun _ => None)) as affine_dvars_valid.
   { unfold affine_dVars_range_valid.
     intros; set_tac. }
   assert (NatSet.Subset (usedVars e -- NatSet.empty) (Expressions.usedVars e)).
@@ -74,7 +73,7 @@ Proof.
   rename R0 into validFPRanges.
   assert (validRanges e absenv E1 (toRTMap (toRExpMap Gamma))) as valid_e.
   { eapply (RangeValidator_sound e (dVars:=NatSet.empty) (A:=absenv) (P:=P) (E:=E1));
-      auto. }
+      eauto. }
   pose proof (validRanges_single _ _ _ _ valid_e) as valid_single;
     destruct valid_single as [iv_e [ err_e [vR [ map_e [eval_real real_bounds_e]]]]].
   destruct iv_e as [elo ehi].
@@ -82,20 +81,20 @@ Proof.
   assert (dVars_contained NatSet.empty (FloverMap.empty (affine_form Q))) as Hdvars
          by (unfold dVars_contained; intros * Hset; clear - Hset; set_tac).
   pose proof (RoundoffErrorValidator_sound e H approxE1E2 H1 eval_real R
-                                          valid_e map_e Hdvars) as Hsound.
+                                           valid_e map_e Hdvars) as Hsound.
   unfold validErrorBounds in Hsound.
   eapply validErrorBoundsRec_single in Hsound; eauto.
   destruct Hsound as [[vF [mF eval_float]] err_bounded]; auto.
   exists (elo, ehi), err_e, vR, vF, mF; repeat split; auto.
 Qed.
 
-Definition CertificateCheckerCmd (f:cmd Q) (absenv:analysisResult) (P:precond)
-           defVars :=
+Definition CertificateCheckerCmd (f:cmd Q) (absenv:analysisResult) (P: precond)
+           (Qmap: FloverMap.t (SMTLogic * SMTLogic)) defVars :=
   match getValidMapCmd defVars f (FloverMap.empty mType) with
   | Succes Gamma =>
-    if (validSSA f (freeVars f))
+    if (validSSA f (preVars P))
     then
-      if (RangeValidatorCmd f absenv P NatSet.empty) &&
+      if (RangeValidatorCmd f absenv P Qmap NatSet.empty) &&
           FPRangeValidatorCmd f absenv Gamma NatSet.empty
       then (RoundoffErrorValidatorCmd f Gamma absenv NatSet.empty)
       else false
@@ -103,15 +102,14 @@ Definition CertificateCheckerCmd (f:cmd Q) (absenv:analysisResult) (P:precond)
   | _ => false
   end.
 
-Theorem Certificate_checking_cmds_is_sound (f:cmd Q) (absenv:analysisResult) P
+Theorem Certificate_checking_cmds_is_sound (f:cmd Q) (absenv:analysisResult) P Qmap
         defVars DeltaMap:
   forall (E1 E2:env),
     (forall (v : R) (m' : mType),
         exists d : R, DeltaMap v  m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
-    (forall v, NatSet.In v (freeVars f) ->
-          exists vR, E1 v = Some vR /\
-                (Q2R (fst (P v)) <= vR <= Q2R (snd (P v)))%R) ->
-    CertificateCheckerCmd f absenv P defVars = true ->
+    eval_precond E1 P ->
+    unsat_queries Qmap ->
+    CertificateCheckerCmd f absenv P Qmap defVars = true ->
     exists Gamma,