Will ease reasoning about different instantiations later. @@ -12,21 +27,16 @@ needs "Infra/tactics.hl";; let exp_INDUCT, exp_REC= define_type "exp = Var num | Const V - | Plus exp exp - | Sub exp exp - | Mult exp exp - | Div exp exp";; - + | Binop binop exp exp";; (* Define the machine epsilon for floating point operations. FIXME: Currently set to 1.0 instead of the concrete value! *) let m_eps = define `m_eps:real = (&1)`;; - (* Define a perturbation function to ease writing of basic definitions *) -let perturb_def = define `(perturb:real->real->real) = \r e. e * ((&1) + e)`;; +let perturb = define `(perturb:real->real->real) = \r e. r * ((&1) + e)`;; (* Define expression evaluation parametric by an "error function". This function will be used later to express float computations using a perturbation @@ -34,32 +44,19 @@ let perturb_def = define `(perturb:real->real->real) = \r e. e * ((&1) + e)`;; Additionally we need an "error id" function which uniquely numbers an expression. *) let eval_err = new_recursive_definition exp_REC - `(eval_err (Var name) err_fun err_id_fun env - = perturb (env name) (err_fun (err_id_fun (Var name)))) /\ - (eval_err (Const v) err_fun err_id_fun env - = perturb v (err_fun (err_id_fun (Const v)))) /\ - (eval_err (Plus e1 e2) err_fun err_id_fun env - = perturb ( - (eval_err e1 err_fun err_id_fun env) + (eval_err e2 err_fun err_id_fun env)) - (err_fun (err_id_fun (Plus e1 e2)))) /\ - (eval_err (Sub e1 e2) err_fun err_id_fun env - = perturb ( - (eval_err e1 err_fun err_id_fun env) - (eval_err e2 err_fun err_id_fun env)) - (err_fun (err_id_fun (Sub e1 e2)))) /\ - (eval_err (Mult e1 e2)err_fun err_id_fun env - = perturb ( - (eval_err e1 err_fun err_id_fun env) * (eval_err e2 err_fun err_id_fun env)) - (err_fun (err_id_fun (Mult e1 e2)))) /\ - (eval_err (Div e1 e2) err_fun err_id_fun env - = perturb ( - (eval_err e1 err_fun err_id_fun env) / (eval_err e2 err_fun err_id_fun env)) - (err_fun (err_id_fun (Div e1 e2))))`;; + `(eval_err (Var name) err_fun env + = perturb (env name) (err_fun (Var name))) /\ + (eval_err (Const v) err_fun env + = perturb v (err_fun (Const v))) /\ + (eval_err (Binop binop e1 e2) err_fun env + = perturb (eval_binop binop (eval_err e1 err_fun env) (eval_err e2 err_fun env)) + (err_fun (Binop binop e1 e2)))`;; (* Define real evaluation as stated above: *) let eval_real = define - `eval_real (e:(real)exp) (env:num->real) = eval_err e (\x. &0) (\x. &0) env`;; + `eval_real (e:(real)exp) (env:num->real) = eval_err e (\x. &0) env`;; (* float evaluation is non-deterministic, since the perturbation is existencially quantified diff --git a/hol/toy_example.hl b/hol/toy_example.hl index 7b7a997..9a60fa2 100644 --- a/hol/toy_example.hl +++ b/hol/toy_example.hl @@ -1,5 +1,5 @@ (* - + Toy Example to get a feeling for what needs to be done for certificate checking *) needs "daisy_lang.hl";; @@ -8,7 +8,25 @@ let prg = define Let 1 (Mult (Const (&2)) (Var 2)) (Ret (Mult (Const (&3)) (Var 1)))`;; -let prg_float = define - `prg_float:(float)cmd = +let abs_err = define `abs_err = &1`;; (* TODO: FIXME *) + +g `!fl_err_fun err_ids env env_final_real env_final_float. + is_valid_err_float fl_err_fun ==> + bstep prg env eval_real Nop env_final_real ==> + bstep prg env (\e. eval_err e fl_err_fun err_ids) Nop env_final_float ==> + abs (env_final_real 0 - env_final_float 0) <= abs_err`;; -g ` +e (REWRITE_TAC [prg]);; +e (INTRO_TAC + "!fl_err_fun err_ids env env_final_real env_final_float; + error_fl_valid; terminates_real; terminates_float");; +e (SUBGOAL_THEN `?v. eval_real (Mult (Const (&2)) (Var 2)) env = v` (LABEL_TAC "exists_val"));; +e (REWRITE_TAC[eval_real;eval_err]);; +e (REWRITE_TAC[perturb]);; +e (EXISTS_TAC `&0`);; +e (REAL_ARITH_TAC);; +e (REMOVE_THEN "exists_val" (DESTRUCT_TAC "@v. val_def"));; +e (SUBGOAL_THEN `bstep (Ret (Mult (Const (&3)) (Var 1))) (upd_env 1 v env) eval_real Nop env_final_real` ASSUME_TAC);; +e (ASM_MESON_TAC[bstep_CASES]);; +e (REWRITE_TAC[bstep_CASES]);; +b();; -- GitLab