[WIP] Change the proofs to account for DeltaMap[s]

51a00b83 · Nikita Zyuzin · 94297887 · 51a00b83 · 51a00b83
Commit 51a00b83 authored Nov 27, 2018 by Nikita Zyuzin
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 30 deletions

coq/CertificateChecker.v coq/CertificateChecker.v +13 -11

coq/FPRangeValidator.v coq/FPRangeValidator.v +21 -19

No files found.
--- a/coq/CertificateChecker.v
+++ b/coq/CertificateChecker.v
@@ -29,7 +29,9 @@ Definition CertificateChecker (e:expr Q) (absenv:analysisResult)
   the real valued execution respects the precondition.
 **)
 Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P defVars:
-  forall (E1 E2:env),
+  forall (E1 E2:env) DeltaMap,
+    (forall (e' : expr R) (m' : mType),
+        exists d : R, DeltaMap e' m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
    (forall v, NatSet.In v (Expressions.usedVars e) ->
          exists vR, E1 v = Some vR /\
                (Q2R (fst (P v)) <= vR <= Q2R (snd (P v)))%R) ->
@@ -38,21 +40,24 @@ Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P defVa
      approxEnv E1 (toRExpMap Gamma) absenv (usedVars e) NatSet.empty E2 ->
      exists iv err vR vF m,
        FloverMap.find e absenv = Some (iv, err) /\
-        eval_expr E1 (toRTMap (toRExpMap Gamma)) (toREval (toRExp e)) vR REAL /\
-        eval_expr E2 (toRExpMap Gamma) (toRExp e) vF m /\
+        eval_expr E1 (toRTMap (toRExpMap Gamma)) DeltaMapR (toREval (toRExp e)) vR REAL /\
+        eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) vF m /\
        (forall vF m,
-            eval_expr E2 (toRExpMap Gamma) (toRExp e) vF m ->
+            eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) vF m ->
            (Rabs (vR - vF) <= Q2R err))%R.
 (**
   The proofs is a simple composition of the soundness proofs for the range
   validator and the error bound validator.
 **)
 Proof.
-  intros * P_valid certificate_valid.
+  intros * deltas_matched P_valid certificate_valid.
  unfold CertificateChecker in certificate_valid.
  destruct (getValidMap defVars e (FloverMap.empty mType)) eqn:?; try congruence.
  rename t into Gamma.
-  assert (validTypes e Gamma).
+  assert (validTypes e Gamma DeltaMap).
+  { eapply getValidMap_top_correct; eauto.
+    intros. cbn in *; congruence. }
+  assert (validTypes e Gamma DeltaMapR).
  { eapply getValidMap_top_correct; eauto.
    intros. cbn in *; congruence. }
  rewrite <- andb_lazy_alt in certificate_valid.
@@ -77,12 +82,9 @@ Proof.
    destruct valid_single as [iv_e [ err_e [vR [ map_e [eval_real real_bounds_e]]]]].
  destruct iv_e as [elo ehi].
  exists Gamma; intros approxE1E2.
-  rewrite <- eval_expr_REAL_det_nondet in eval_real.
-  assert (forall (e' : expr Rdefinitions.R) (m' : mType),
-              exists d, (fun e m => Some 0%R) e' m' = Some d /\ (Rabs d <= mTypeToR m')%R) as Htmp by admit.
  assert (dVars_contained NatSet.empty (FloverMap.empty (affine_form Q))) as Hdvars
         by (unfold dVars_contained; intros * Hset; clear - Hset; set_tac).
-  pose proof (RoundoffErrorValidator_sound e _ Htmp H approxE1E2 H1 eval_real R
+  pose proof (RoundoffErrorValidator_sound e _ deltas_matched H approxE1E2 H2 eval_real R
                                          valid_e map_e Hdvars) as Hsound.
  unfold validErrorBounds in Hsound.
  (* destruct Hsound as [[vF [mF eval_float]] err_bounded]; auto. *)
@@ -114,7 +116,7 @@ Theorem Certificate_checking_cmds_is_sound (f:cmd Q) (absenv:analysisResult) P
      approxEnv E1 (toRExpMap Gamma) absenv (freeVars f) NatSet.empty E2 ->
      exists iv err vR vF m,
    FloverMap.find  (getRetExp f) absenv = Some (iv,err) /\
-    bstep (toREvalCmd (toRCmd f)) E1 (toRTMap (toRExpMap Gamma)) vR REAL /\
+    bstep (toREvalCmd (toRCmd f)) E1 (toRTMap (toRExpMap Gamma)) DeltaMapR vR REAL /\
    bstep (toRCmd f) E2 (toRExpMap Gamma) vF m /\
    (forall vF m,
        bstep (toRCmd f) E2 (toRExpMap Gamma)  vF m ->

--- a/coq/FPRangeValidator.v
+++ b/coq/FPRangeValidator.v
@@ -145,36 +145,38 @@ Proof.
 Qed.

 Lemma FPRangeValidatorCmd_sound (f:cmd Q):
-  forall E1 E2 Gamma v vR m A fVars dVars outVars,
+  forall E1 E2 Gamma DeltaMap v vR m A fVars dVars outVars,
+  (forall (e' : expr R) (m' : mType),
+      exists d : R, DeltaMap e' m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
  approxEnv E1 (toRExpMap Gamma) A fVars dVars E2 ->
  ssa f (NatSet.union fVars dVars) outVars ->
-  bstep (toREvalCmd (toRCmd f)) E1 (toRTMap (toRExpMap Gamma)) vR m ->
-  bstep (toRCmd f) E2 (toRExpMap Gamma) v m ->
-  validTypesCmd f Gamma ->
+  bstep (toREvalCmd (toRCmd f)) E1 (toRTMap (toRExpMap Gamma)) DeltaMapR vR m ->
+  bstep (toRCmd f) E2 (toRExpMap Gamma) DeltaMap v m ->
+  validTypesCmd f Gamma DeltaMap ->
  validRangesCmd f A E1 (toRTMap (toRExpMap Gamma)) ->
  validErrorboundCmd f Gamma A dVars = true ->
  FPRangeValidatorCmd f A Gamma dVars = true ->
  NatSet.Subset (NatSet.diff (freeVars f) dVars) fVars ->
- (forall v, NatSet.In v dVars ->
-       exists vF m, E2 v = Some vF /\
-               FloverMap.find (Var Q v) Gamma = Some m /\
-               validFloatValue vF m) ->
+  (forall v, NatSet.In v dVars ->
+        exists vF m, E2 v = Some vF /\
+                FloverMap.find (Var Q v) Gamma = Some m /\
+                validFloatValue vF m) ->
  validFloatValue v m.
 Proof.
  induction f; intros;
    simpl in *;
-    (match_pat (bstep _ _ (toRTMap _) _ _) (fun H => inversion H; subst; simpl in * ));
-     (match_pat (bstep _ _ (toRExpMap Gamma) _ _) (fun H => inversion H; subst; simpl in * ));
+    (match_pat (bstep _ _ (toRTMap _) _ _ _) (fun H => inversion H; subst; simpl in * ));
+     (match_pat (bstep _ _ (toRExpMap Gamma) _ _ _) (fun H => inversion H; subst; simpl in * ));
      repeat match goal with
             | H : _ = true |- _ => andb_to_prop H
             end.
-  - destruct H3
+  - destruct H4
      as [[me [find_me [find_var [? [validt_e validt_f]]]]] valid_exec].
    assert (m = me) by (eapply validTypes_exec in find_me; eauto); subst.
    rename me into m.
    match_pat (ssa _ _ _) (fun H => inversion H; subst; simpl in * ).
    Flover_compute.
-    destruct H4 as [[valid_e valid_rec] valid_single].
+    destruct H5 as [[valid_e valid_rec] valid_single].
    pose proof (validRanges_single _ _ _ _ valid_e) as valid_e_single.
    destruct valid_e_single
      as [iv_e [err_e [vR_e [map_e [eval_e_real bounded_vR_e]]]]].
@@ -187,9 +189,9 @@ Proof.
      split; try auto.
      hnf; intros; subst; set_tac.
    + destruct iv_e; auto.
-    + rewrite <- (meps_0_deterministic (toRExp e) eval_e_real H17) in *; try auto.
+    + rewrite <- (meps_0_deterministic (toRExp e) eval_e_real H19) in *; try auto.
      apply (IHf (updEnv n vR_e E1) (updEnv n v1 E2)
-                 Gamma v vR m0 A fVars
+                 Gamma DeltaMap v vR m0 A fVars
                 (NatSet.add n dVars) (outVars)); eauto.
      * eapply approxUpdBound; eauto; simpl in *.
        { eapply toRExpMap_some; eauto. simpl; auto. }
@@ -218,9 +220,9 @@ Proof.
      * set_tac; split.
        { split; try auto.
          hnf; intros; subst.
-          apply H5; rewrite NatSet.add_spec; auto. }
+          apply H6; rewrite NatSet.add_spec; auto. }
        { hnf; intros.
-          apply H5; rewrite NatSet.add_spec; auto. }
+          apply H6; rewrite NatSet.add_spec; auto. }
        (*
      * unfold vars_typed. intros.
        unfold updDefVars.
@@ -239,8 +241,8 @@ Proof.
          set_tac. split; try auto.
          split; try auto.
          hnf; intros; subst; set_tac. }
-        { apply H8.
-          rewrite NatSet.add_spec in H4; destruct H4;
+        { apply H9.
+          rewrite NatSet.add_spec in H5; destruct H5;
            auto; subst; congruence. }
-  - destruct H4. destruct H3. eapply FPRangeValidator_sound; eauto.
+  - destruct H5. destruct H4. eapply FPRangeValidator_sound; eauto.
 Qed.