Commit 527d291e authored by Heiko Becker's avatar Heiko Becker
Browse files

Merge branch 'errors_affine' into 'master'

Errors affine

See merge request AVA/FloVer!14
parents b32487f9 22a9baa7
......@@ -60,6 +60,14 @@ Proof.
congruence.
Qed.
Lemma fresh_from_interval n m iv:
(n < m)%nat -> fresh m (fromInterval iv n).
Proof.
intros Hle.
unfold fresh, get_max_index, fromInterval.
destruct Req_dec_sum; cbn; lia.
Qed.
Definition above_zero a := 0 < (IVlo (toInterval a)).
Definition below_zero a := (IVhi (toInterval a)) < 0.
......@@ -428,7 +436,7 @@ Proof.
split; Flover_compute.
Qed.
Lemma plus_aff_preserves_fresh a1 a2 n:
Lemma plus_aff_fresh_compat a1 a2 n:
fresh n a1 ->
fresh n a2 ->
fresh n (plus_aff a1 a2).
......@@ -770,7 +778,7 @@ Proof.
now rewrite neqn.
Qed.
Lemma mult_aff_aux_preserves_fresh a1 a2 n:
Lemma mult_aff_aux_fresh_compat a1 a2 n:
fresh n a1 ->
fresh n a2 ->
fresh n (mult_aff_aux (a1, a2)).
......@@ -804,7 +812,7 @@ Proof.
unfold af_evals in *.
assert (af_evals (mult_aff_aux (a1, a2)) (v1 * v2 - q * radius a1 * radius a2) (updMap map n q))
as Heq.
{ pose proof (mult_aff_aux_preserves_fresh fresh1 fresh2) as freshmult.
{ pose proof (mult_aff_aux_fresh_compat fresh1 fresh2) as freshmult.
pose proof (eval_updMap_compat map q freshmult) as Heq'.
rewrite Heq' in bounds.
unfold af_evals.
......@@ -844,7 +852,7 @@ Proof.
by (unfold fresh, get_max_index; simpl; omega).
pose proof (mult_aff_sound _ _ _ fresh1 fresh2 evals1 evals2) as [q evalsm].
unfold af_evals in evalsm |-*.
pose proof (mult_aff_aux_preserves_fresh fresh1 fresh2) as freshm.
pose proof (mult_aff_aux_fresh_compat fresh1 fresh2) as freshm.
pose proof (eval_updMap_compat map q freshm) as mapcompat.
unfold mult_aff in evalsm.
rewrite Hr' in evalsm.
......@@ -1254,7 +1262,7 @@ Qed.
(***************** Division *****************)
(********************************************)
Lemma fresh_mult_aff_const a c n:
Lemma mult_aff_const_fresh_compat a c n:
fresh n a ->
fresh n (mult_aff_const a c).
Proof.
......@@ -1263,23 +1271,23 @@ Proof.
simpl.
replace (radius a * 0) with 0 by lra.
destruct Req_dec_sum as [_ | H]; try contradiction.
apply mult_aff_aux_preserves_fresh; try assumption.
apply mult_aff_aux_fresh_compat; try assumption.
unfold fresh, get_max_index in *.
simpl; omega.
Qed.
Lemma fresh_plus_aff_const a c n:
Lemma plus_aff_const_fresh_compat a c n:
fresh n a ->
fresh n (plus_aff_const a c).
Proof.
intros fr.
unfold plus_aff_const, plus_aff.
apply plus_aff_preserves_fresh; try assumption.
apply plus_aff_fresh_compat; try assumption.
unfold fresh, get_max_index in *.
simpl; omega.
Qed.
Lemma fresh_inverse_aff a (n: nat):
Lemma inverse_aff_fresh_compat a (n: nat):
fresh n a ->
fresh (n + 1) (inverse_aff a n).
Proof.
......@@ -1288,8 +1296,8 @@ Proof.
destruct (Rlt_dec (IVhi (toInterval a)) 0).
Set Default Goal Selector "all".
apply fresh_noise; try omega.
apply fresh_plus_aff_const.
apply fresh_mult_aff_const.
apply plus_aff_const_fresh_compat.
apply mult_aff_const_fresh_compat.
now apply fresh_inc.
Set Default Goal Selector "1".
Qed.
......@@ -1336,7 +1344,7 @@ Proof.
pose proof (above_below_nonzero _ bounds2 evals2) as v2nonzero.
specialize (inv a2 v2 map n fresh2 bounds2 evals2) as [qInv evalsi].
pose proof mult_aff_sound as mul.
apply fresh_inverse_aff in fresh2.
apply inverse_aff_fresh_compat in fresh2.
unfold af_evals in evals1.
rewrite (eval_updMap_compat _ qInv fresh1) in evals1.
apply fresh_inc in fresh1.
......
......@@ -378,7 +378,7 @@ Proof.
split; intros; Flover_compute; simpl in *; try auto.
Qed.
Lemma plus_aff_preserves_fresh a1 a2 n:
Lemma plus_aff_fresh_compat a1 a2 n:
fresh n a1 ->
fresh n a2 ->
fresh n (plus_aff a1 a2).
......@@ -732,7 +732,7 @@ Proof.
now rewrite neqn.
Qed.
Lemma mult_aff_aux_preserves_fresh a1 a2 n:
Lemma mult_aff_aux_fresh_compat a1 a2 n:
fresh n a1 ->
fresh n a2 ->
fresh n (mult_aff_aux (a1, a2)).
......@@ -766,7 +766,7 @@ Proof.
unfold af_evals in *.
assert (af_evals (mult_aff_aux (a1, a2)) (v1 * v2 - q * radius a1 * radius a2) (updMap map n q))
as Heq.
{ pose proof (mult_aff_aux_preserves_fresh fresh1 fresh2) as freshmult.
{ pose proof (mult_aff_aux_fresh_compat fresh1 fresh2) as freshmult.
pose proof (eval_updMap_compat map q freshmult) as Heq'.
rewrite Heq' in bounds.
unfold af_evals.
......@@ -807,7 +807,7 @@ Proof.
by (unfold fresh, get_max_index; simpl; omega).
pose proof (mult_aff_sound _ _ _ fresh1 fresh2 evals1 evals2) as [q evalsm].
unfold af_evals in evalsm |-*.
pose proof (mult_aff_aux_preserves_fresh fresh1 fresh2) as freshm.
pose proof (mult_aff_aux_fresh_compat fresh1 fresh2) as freshm.
pose proof (eval_updMap_compat map q freshm) as mapcompat.
unfold mult_aff in evalsm |-*.
rewrite mapcompat.
......@@ -1223,7 +1223,7 @@ Qed.
(***************** Division *****************)
(********************************************)
Lemma fresh_mult_aff_const a c n:
Lemma mult_aff_const_fresh_compat a c n:
fresh n a ->
fresh n (mult_aff_const a c).
Proof.
......@@ -1233,23 +1233,23 @@ Proof.
assert (Qeq_bool 0 0 = true) by trivial.
rewrite H.
rewrite orb_true_r.
apply mult_aff_aux_preserves_fresh; try assumption.
apply mult_aff_aux_fresh_compat; try assumption.
unfold fresh, get_max_index in *.
simpl; omega.
Qed.
Lemma fresh_plus_aff_const a c n:
Lemma plus_aff_const_fresh_compat a c n:
fresh n a ->
fresh n (plus_aff_const a c).
Proof.
intros fr.
unfold plus_aff_const, plus_aff.
apply plus_aff_preserves_fresh; try assumption.
apply plus_aff_fresh_compat; try assumption.
unfold fresh, get_max_index in *.
simpl; omega.
Qed.
Lemma fresh_inverse_aff a (n: nat):
Lemma inverse_aff_fresh_compat a (n: nat):
fresh n a ->
fresh (n + 1) (inverse_aff a n).
Proof.
......@@ -1258,8 +1258,8 @@ Proof.
destruct (Qlt_bool (ivhi (toIntv a)) 0).
Set Default Goal Selector "all".
apply fresh_noise; try omega.
apply fresh_plus_aff_const.
apply fresh_mult_aff_const.
apply plus_aff_const_fresh_compat.
apply mult_aff_const_fresh_compat.
now apply fresh_inc.
Set Default Goal Selector "1".
Qed.
......@@ -1306,7 +1306,7 @@ Proof.
pose proof (above_below_nonzero _ bounds2 evals2) as v2nonzero.
specialize (inv a2 v2 map n fresh2 bounds2 evals2) as [qInv evalsi].
pose proof mult_aff_sound as mul.
apply fresh_inverse_aff in fresh2.
apply inverse_aff_fresh_compat in fresh2.
unfold af_evals in evals1.
rewrite (eval_updMap_compat _ qInv fresh1) in evals1.
apply fresh_inc in fresh1.
......
This diff is collapsed.
......@@ -29,7 +29,9 @@ Definition CertificateChecker (e:expr Q) (absenv:analysisResult)
the real valued execution respects the precondition.
**)
Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P defVars:
forall (E1 E2:env),
forall (E1 E2:env) DeltaMap,
(forall (e' : expr R) (m' : mType),
exists d : R, DeltaMap e' m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
(forall v, NatSet.In v (Expressions.usedVars e) ->
exists vR, E1 v = Some vR /\
(Q2R (fst (P v)) <= vR <= Q2R (snd (P v)))%R) ->
......@@ -38,17 +40,17 @@ Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P defVa
approxEnv E1 (toRExpMap Gamma) absenv (usedVars e) NatSet.empty E2 ->
exists iv err vR vF m,
FloverMap.find e absenv = Some (iv, err) /\
eval_expr E1 (toRTMap (toRExpMap Gamma)) (toREval (toRExp e)) vR REAL /\
eval_expr E2 (toRExpMap Gamma) (toRExp e) vF m /\
eval_expr E1 (toRTMap (toRExpMap Gamma)) DeltaMapR (toREval (toRExp e)) vR REAL /\
eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) vF m /\
(forall vF m,
eval_expr E2 (toRExpMap Gamma) (toRExp e) vF m ->
eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) vF m ->
(Rabs (vR - vF) <= Q2R err))%R.
(**
The proofs is a simple composition of the soundness proofs for the range
validator and the error bound validator.
**)
Proof.
intros * P_valid certificate_valid.
intros * deltas_matched P_valid certificate_valid.
unfold CertificateChecker in certificate_valid.
destruct (getValidMap defVars e (FloverMap.empty mType)) eqn:?; try congruence.
rename t into Gamma.
......@@ -77,9 +79,13 @@ Proof.
destruct valid_single as [iv_e [ err_e [vR [ map_e [eval_real real_bounds_e]]]]].
destruct iv_e as [elo ehi].
exists Gamma; intros approxE1E2.
edestruct (RoundoffErrorValidator_sound e H approxE1E2 H1 eval_real R
valid_e map_e)
as [[vF [mF eval_float]] err_bounded]; auto.
assert (dVars_contained NatSet.empty (FloverMap.empty (affine_form Q))) as Hdvars
by (unfold dVars_contained; intros * Hset; clear - Hset; set_tac).
pose proof (RoundoffErrorValidator_sound e _ deltas_matched H approxE1E2 H1 eval_real R
valid_e map_e Hdvars) as Hsound.
unfold validErrorBounds in Hsound.
eapply validErrorBounds_single in Hsound; eauto.
destruct Hsound as [[vF [mF eval_float]] err_bounded]; auto.
exists (elo, ehi), err_e, vR, vF, mF; repeat split; auto.
Qed.
......@@ -98,8 +104,10 @@ Definition CertificateCheckerCmd (f:cmd Q) (absenv:analysisResult) (P:precond)
end.
Theorem Certificate_checking_cmds_is_sound (f:cmd Q) (absenv:analysisResult) P
defVars:
defVars DeltaMap:
forall (E1 E2:env),
(forall (e' : expr R) (m' : mType),
exists d : R, DeltaMap e' m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
(forall v, NatSet.In v (freeVars f) ->
exists vR, E1 v = Some vR /\
(Q2R (fst (P v)) <= vR <= Q2R (snd (P v)))%R) ->
......@@ -108,17 +116,17 @@ Theorem Certificate_checking_cmds_is_sound (f:cmd Q) (absenv:analysisResult) P
approxEnv E1 (toRExpMap Gamma) absenv (freeVars f) NatSet.empty E2 ->
exists iv err vR vF m,
FloverMap.find (getRetExp f) absenv = Some (iv,err) /\
bstep (toREvalCmd (toRCmd f)) E1 (toRTMap (toRExpMap Gamma)) vR REAL /\
bstep (toRCmd f) E2 (toRExpMap Gamma) vF m /\
bstep (toREvalCmd (toRCmd f)) E1 (toRTMap (toRExpMap Gamma)) DeltaMapR vR REAL /\
bstep (toRCmd f) E2 (toRExpMap Gamma) DeltaMap vF m /\
(forall vF m,
bstep (toRCmd f) E2 (toRExpMap Gamma) vF m ->
bstep (toRCmd f) E2 (toRExpMap Gamma) DeltaMap vF m ->
(Rabs (vR - vF) <= Q2R (err))%R).
(**
The proofs is a simple composition of the soundness proofs for the range
validator and the error bound validator.
**)
Proof.
intros * P_valid certificate_valid.
intros * deltas_matched P_valid certificate_valid.
unfold CertificateCheckerCmd in certificate_valid.
destruct (getValidMapCmd defVars f (FloverMap.empty mType)) eqn:?;
try congruence.
......@@ -149,6 +157,9 @@ Proof.
pose proof (validRangesCmd_single _ _ _ _ valid_f) as valid_single.
destruct valid_single as [iv [ err [vR [map_f [eval_real bounded_real_f]]]]].
destruct iv as [f_lo f_hi].
edestruct (RoundoffErrorValidatorCmd_sound) as [[vF [mF eval_float]] ?]; eauto.
pose proof RoundoffErrorValidatorCmd_sound as Hsound.
eapply validErrorBoundsCmd_single in Hsound; eauto.
2: unfold dVars_contained; intros; set_tac.
specialize Hsound as ((vF & mF & eval_float) & ?).
exists (f_lo, f_hi), err, vR, vF, mF; repeat split; try auto.
Qed.
......@@ -48,14 +48,15 @@ Inductive sstep : cmd R -> env -> R -> cmd R -> env -> Prop :=
Define big step semantics for the Flover language, terminating on a "returned"
result value
**)
Inductive bstep : cmd R -> env -> (expr R -> option mType) -> R -> mType -> Prop :=
let_b m m' x e s E v res defVars:
eval_expr E defVars e v m ->
bstep s (updEnv x v E) defVars res m' -> (* (updDefVars (Var R x) m defVars) res m' -> *)
bstep (Let m x e s) E defVars res m'
|ret_b m e E v defVars:
eval_expr E defVars e v m ->
bstep (Ret e) E defVars v m.
Inductive bstep : cmd R -> env -> (expr R -> option mType) -> (expr R -> mType -> option R) ->
R -> mType -> Prop :=
let_b m m' x e s E v res defVars DeltaMap:
eval_expr E defVars DeltaMap e v m ->
bstep s (updEnv x v E) defVars DeltaMap res m' -> (* (updDefVars (Var R x) m defVars) res m' -> *)
bstep (Let m x e s) E defVars DeltaMap res m'
|ret_b m e E v defVars DeltaMap:
eval_expr E defVars DeltaMap e v m ->
bstep (Ret e) E defVars DeltaMap v m.
(**
The free variables of a command are all used variables of exprressions
......@@ -87,14 +88,14 @@ Fixpoint liveVars V (f:cmd V) :NatSet.t :=
end.
Lemma bstep_eq_env f:
forall E1 E2 Gamma v m,
forall E1 E2 Gamma DeltaMap v m,
(forall x, E1 x = E2 x) ->
bstep f E1 Gamma v m ->
bstep f E2 Gamma v m.
bstep f E1 Gamma DeltaMap v m ->
bstep f E2 Gamma DeltaMap v m.
Proof.
induction f; intros * eq_envs bstep_E1;
inversion bstep_E1; subst; simpl in *.
- eapply eval_eq_env in H7; eauto. eapply let_b; eauto.
- eapply eval_eq_env in H8; eauto. eapply let_b; eauto.
eapply IHf. instantiate (1:=(updEnv n v0 E1)).
+ intros; unfold updEnv.
destruct (x=? n); auto.
......@@ -102,12 +103,12 @@ Proof.
- apply ret_b. eapply eval_eq_env; eauto.
Qed.
Lemma swap_Gamma_bstep f E vR m Gamma1 Gamma2 :
Lemma swap_Gamma_bstep f E vR m Gamma1 Gamma2 DeltaMap:
(forall n, Gamma1 n = Gamma2 n) ->
bstep f E Gamma1 vR m ->
bstep f E Gamma2 vR m.
bstep f E Gamma1 DeltaMap vR m ->
bstep f E Gamma2 DeltaMap vR m.
Proof.
revert E Gamma1 Gamma2;
revert E Gamma1 Gamma2 DeltaMap;
induction f; intros * Gamma_eq eval_f.
- inversion eval_f; subst.
econstructor; try eauto.
......@@ -118,9 +119,9 @@ Proof.
Qed.
Lemma bstep_Gamma_det f:
forall E1 E2 Gamma v1 v2 m1 m2,
bstep f E1 Gamma v1 m1 ->
bstep f E2 Gamma v2 m2 ->
forall E1 E2 Gamma DeltaMap v1 v2 m1 m2,
bstep f E1 Gamma DeltaMap v1 m1 ->
bstep f E2 Gamma DeltaMap v2 m2 ->
m1 = m2.
Proof.
induction f; intros * eval_f1 eval_f2;
......@@ -128,4 +129,18 @@ Proof.
inversion eval_f2; subst; try auto.
- eapply IHf; eauto.
- eapply Gamma_det; eauto.
Qed.
\ No newline at end of file
Qed.
Lemma bstep_det f:
forall E Gamma DeltaMap v1 v2 m,
bstep f E Gamma DeltaMap v1 m ->
bstep f E Gamma DeltaMap v2 m ->
v1 = v2.
Proof.
induction f; intros * eval_f1 eval_f2;
inversion eval_f1; subst;
inversion eval_f2; subst; try auto.
- replace v with v0 in * by eauto using eval_expr_functional.
eapply IHf; eauto.
- eapply eval_expr_functional; eauto.
Qed.
From Coq
Require Import Reals.Reals QArith.Qreals.
From Flover
Require Import Commands ExpressionSemantics Environments RealRangeArith TypeValidator.
Fixpoint validErrorBounds (e:expr Q) E1 E2 A Gamma DeltaMap :Prop :=
(match e with
| Unop u e => validErrorBounds e E1 E2 A Gamma DeltaMap
| Downcast m e => validErrorBounds e E1 E2 A Gamma DeltaMap
| Binop b e1 e2 =>
validErrorBounds e1 E1 E2 A Gamma DeltaMap /\
validErrorBounds e2 E1 E2 A Gamma DeltaMap
| Fma e1 e2 e3 =>
validErrorBounds e1 E1 E2 A Gamma DeltaMap /\
validErrorBounds e2 E1 E2 A Gamma DeltaMap /\
validErrorBounds e3 E1 E2 A Gamma DeltaMap
| _ => True
end) /\
forall v__R (iv: intv) (err: error),
eval_expr E1 (toRTMap (toRExpMap Gamma)) DeltaMapR (toREval (toRExp e)) v__R REAL ->
FloverMap.find e A = Some (iv, err) ->
(exists v__FP m__FP,
eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) v__FP m__FP) /\
(forall v__FP m__FP,
eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) v__FP m__FP ->
(Rabs (v__R - v__FP) <= (Q2R err))%R).
Lemma validErrorBounds_single e E1 E2 A Gamma DeltaMap:
validErrorBounds e E1 E2 A Gamma DeltaMap ->
forall v__R iv err,
eval_expr E1 (toRTMap (toRExpMap Gamma)) DeltaMapR (toREval (toRExp e)) v__R REAL ->
FloverMap.find e A = Some (iv, err) ->
(exists v__FP m__FP,
eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) v__FP m__FP) /\
(forall v__FP m__FP,
eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) v__FP m__FP ->
(Rabs (v__R - v__FP) <= (Q2R err))%R).
Proof.
intros validError_e;
intros; destruct e; cbn in *; split;
destruct validError_e as (? & ? & ?); eauto.
Qed.
Fixpoint validErrorBoundsCmd (c: cmd Q) E1 E2 A Gamma DeltaMap: Prop :=
match c with
| Let m x e k => validErrorBounds e E1 E2 A Gamma DeltaMap /\
(forall v__R v__FP,
eval_expr E1 (toRTMap (toRExpMap Gamma)) DeltaMapR (toREval (toRExp e)) v__R REAL ->
eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) v__FP m ->
validErrorBoundsCmd k (updEnv x v__R E1) (updEnv x v__FP E2) A Gamma DeltaMap)
| Ret e => validErrorBounds e E1 E2 A Gamma DeltaMap
end /\
forall v__R (iv: intv) (err: error),
bstep (toREvalCmd (toRCmd c)) E1 (toRTMap (toRExpMap Gamma)) DeltaMapR v__R REAL ->
FloverMap.find (getRetExp c) A = Some (iv, err) ->
(exists v__FP m__FP,
bstep (toRCmd c) E2 (toRExpMap Gamma) DeltaMap v__FP m__FP) /\
(forall v__FP m__FP,
bstep (toRCmd c) E2 (toRExpMap Gamma) DeltaMap v__FP m__FP ->
(Rabs (v__R - v__FP) <= (Q2R err))%R).
Lemma validErrorBoundsCmd_single c E1 E2 A Gamma DeltaMap:
validErrorBoundsCmd c E1 E2 A Gamma DeltaMap ->
forall v__R (iv: intv) (err: error),
bstep (toREvalCmd (toRCmd c)) E1 (toRTMap (toRExpMap Gamma)) DeltaMapR v__R REAL ->
FloverMap.find (getRetExp c) A = Some (iv, err) ->
(exists v__FP m__FP,
bstep (toRCmd c) E2 (toRExpMap Gamma) DeltaMap v__FP m__FP) /\
(forall v__FP m__FP,
bstep (toRCmd c) E2 (toRExpMap Gamma) DeltaMap v__FP m__FP ->
(Rabs (v__R - v__FP) <= (Q2R err))%R).
Proof.
intros validError_e;
intros; destruct c; cbn in *; split;
destruct validError_e as (? & ? & ?); eauto.
Qed.
......@@ -11,9 +11,9 @@ From Flover
Infra.RealRationalProps Environments Infra.ExpressionAbbrevs
ExpressionSemantics.
Lemma const_abs_err_bounded (n:R) (nR:R) (nF:R) (E1 E2:env) (m:mType) defVars:
eval_expr E1 (toRTMap defVars) (Const REAL n) nR REAL ->
eval_expr E2 defVars (Const m n) nF m ->
Lemma const_abs_err_bounded (n:R) (nR:R) (nF:R) (E1 E2:env) (m:mType) defVars DeltaMap:
eval_expr E1 (toRTMap defVars) DeltaMapR (Const REAL n) nR REAL ->
eval_expr E2 defVars DeltaMap (Const m n) nF m ->
(Rabs (nR - nF) <= computeErrorR n m)%R.
Proof.
intros eval_real eval_float.
......@@ -34,16 +34,19 @@ Proof.
Qed.
Lemma add_abs_err_bounded (e1:expr Q) (e1R:R) (e1F:R) (e2:expr Q) (e2R:R) (e2F:R)
(vR:R) (vF:R) (E1 E2:env) (err1 err2 :Q) (m m1 m2:mType) defVars:
eval_expr E1 (toRTMap defVars) (toREval (toRExp e1)) e1R REAL ->
eval_expr E2 defVars (toRExp e1) e1F m1->
eval_expr E1 (toRTMap defVars) (toREval (toRExp e2)) e2R REAL ->
eval_expr E2 defVars (toRExp e2) e2F m2 ->
eval_expr E1 (toRTMap defVars) (toREval (Binop Plus (toRExp e1) (toRExp e2))) vR REAL ->
(vR:R) (vF:R) (E1 E2:env) (err1 err2 :Q) (m m1 m2:mType) defVars DeltaMap:
eval_expr E1 (toRTMap defVars) DeltaMapR (toREval (toRExp e1)) e1R REAL ->
eval_expr E2 defVars DeltaMap (toRExp e1) e1F m1->
eval_expr E1 (toRTMap defVars) DeltaMapR (toREval (toRExp e2)) e2R REAL ->
eval_expr E2 defVars DeltaMap (toRExp e2) e2F m2 ->
eval_expr E1 (toRTMap defVars) DeltaMapR (toREval (Binop Plus (toRExp e1) (toRExp e2))) vR REAL ->
eval_expr (updEnv 2 e2F (updEnv 1 e1F emptyEnv))
(updDefVars (Binop Plus (Var R 1) (Var R 2)) m
(updDefVars (Var R 2) m2 (updDefVars (Var R 1) m1 defVars)))
(Binop Plus (Var R 1) (Var R 2)) vF m ->
(fun x _ => if R_orderedExps.eq_dec x (Binop Plus (Var R 1) (Var R 2))
then DeltaMap (Binop Plus (toRExp e1) (toRExp e2)) m
else None)
(Binop Plus (Var R 1) (Var R 2)) vF m ->
(Rabs (e1R - e1F) <= Q2R err1)%R ->
(Rabs (e2R - e2F) <= Q2R err2)%R ->
(Rabs (vR - vF) <= Q2R err1 + Q2R err2 + computeErrorR (e1F + e2F) m)%R.
......@@ -57,17 +60,17 @@ Proof.
rewrite delta_0_deterministic in plus_real; auto.
rewrite (delta_0_deterministic (evalBinop Plus v1 v2) REAL delta); auto.
unfold evalBinop in *; simpl in *.
rewrite (meps_0_deterministic (toRExp e1) H5 e1_real);
rewrite (meps_0_deterministic (toRExp e2) H8 e2_real).
rewrite (meps_0_deterministic (toRExp e1) H5 e1_real) in plus_real.
rewrite (meps_0_deterministic (toRExp e2) H8 e2_real) in plus_real.
rewrite (meps_0_deterministic (toRExp e1) H6 e1_real);
rewrite (meps_0_deterministic (toRExp e2) H9 e2_real).
rewrite (meps_0_deterministic (toRExp e1) H6 e1_real) in plus_real.
rewrite (meps_0_deterministic (toRExp e2) H9 e2_real) in plus_real.
(* Now unfold the float valued evaluation to get the deltas we need for the inequality *)
inversion plus_float; subst.
unfold perturb; simpl.
inversion H11; subst; inversion H14; subst.
unfold updEnv in H1, H13; simpl in *.
symmetry in H1,H13.
inversion H1; inversion H13; subst.
inversion H13; subst; inversion H16; subst.
unfold updEnv in H1, H15; simpl in *.
symmetry in H1,H15.
inversion H1; inversion H15; subst.
(* We have now obtained all necessary values from the evaluations --> remove them for readability *)
clear plus_float H4 H7 plus_real e1_real e1_float e2_real e2_float H8 H6 H1.
repeat rewrite Rmult_plus_distr_l.
......@@ -104,16 +107,19 @@ Qed.
Copy-Paste proof with minor differences, was easier then manipulating the evaluations and then applying the lemma
**)
Lemma subtract_abs_err_bounded (e1:expr Q) (e1R:R) (e1F:R) (e2:expr Q) (e2R:R)
(e2F:R) (vR:R) (vF:R) (E1 E2:env) err1 err2 (m m1 m2:mType) defVars:
eval_expr E1 (toRTMap defVars) (toREval (toRExp e1)) e1R REAL ->
eval_expr E2 defVars (toRExp e1) e1F m1 ->
eval_expr E1 (toRTMap defVars) (toREval (toRExp e2)) e2R REAL ->
eval_expr E2 defVars (toRExp e2) e2F m2 ->
eval_expr E1 (toRTMap defVars) (toREval (Binop Sub (toRExp e1) (toRExp e2))) vR REAL ->
(e2F:R) (vR:R) (vF:R) (E1 E2:env) err1 err2 (m m1 m2:mType) defVars DeltaMap:
eval_expr E1 (toRTMap defVars) DeltaMapR (toREval (toRExp e1)) e1R REAL ->
eval_expr E2 defVars DeltaMap (toRExp e1) e1F m1 ->
eval_expr E1 (toRTMap defVars) DeltaMapR (toREval (toRExp e2)) e2R REAL ->
eval_expr E2 defVars DeltaMap (toRExp e2) e2F m2 ->
eval_expr E1 (toRTMap defVars) DeltaMapR (toREval (Binop Sub (toRExp e1) (toRExp e2))) vR REAL ->
eval_expr (updEnv 2 e2F (updEnv 1 e1F emptyEnv))
(updDefVars (Binop Sub (Var R 1) (Var R 2)) m
(updDefVars (Var R 2) m2 (updDefVars (Var R 1) m1 defVars)))
(Binop Sub (Var R 1) (Var R 2)) vF m ->
(updDefVars (Var R 2) m2 (updDefVars (Var R 1) m1 defVars)))
(fun x _ => if R_orderedExps.eq_dec x (Binop Sub (Var R 1) (Var R 2))
then DeltaMap (Binop Sub (toRExp e1) (toRExp e2)) m
else None)
(Binop Sub (Var R 1) (Var R 2)) vF m ->
(Rabs (e1R - e1F) <= Q2R err1)%R ->
(Rabs (e2R - e2F) <= Q2R err2)%R ->
(Rabs (vR - vF) <= Q2R err1 + Q2R err2 + computeErrorR (e1F - e2F) m)%R.
......@@ -127,17 +133,17 @@ Proof.
rewrite delta_0_deterministic in sub_real; auto.
rewrite (delta_0_deterministic (evalBinop Sub v1 v2) REAL delta); auto.
unfold evalBinop in *; simpl in *.
rewrite (meps_0_deterministic (toRExp e1) H5 e1_real);
rewrite (meps_0_deterministic (toRExp e2) H8 e2_real).
rewrite (meps_0_deterministic (toRExp e1) H5 e1_real) in sub_real.
rewrite (meps_0_deterministic (toRExp e2) H8 e2_real) in sub_real.
rewrite (meps_0_deterministic (toRExp e1) H6 e1_real);
rewrite (meps_0_deterministic (toRExp e2) H9 e2_real).
rewrite (meps_0_deterministic (toRExp e1) H6 e1_real) in sub_real.
rewrite (meps_0_deterministic (toRExp e2) H9 e2_real) in sub_real.
(* Now unfold the float valued evaluation to get the deltas we need for the inequality *)
inversion sub_float; subst.
unfold perturb; simpl.
inversion H11; subst; inversion H14; subst.
unfold updEnv in H1,H13; simpl in *.
symmetry in H1,H13.
inversion H1; inversion H13; subst.
inversion H13; subst; inversion H16; subst.
unfold updEnv in H1,H15; simpl in *.
symmetry in H1,H15.
inversion H1; inversion H15; subst.
(* We have now obtained all necessary values from the evaluations --> remove them for readability *)
clear sub_float H4 H7 sub_real e1_real e1_float e2_real e2_float H8 H6 H1.
repeat rewrite Rmult_plus_distr_l.
......@@ -179,16 +185,19 @@ Proof.
Qed.
Lemma mult_abs_err_bounded (e1:expr Q) (e1R:R) (e1F:R) (e2:expr Q) (e2R:R) (e2F:R)
(vR:R) (vF:R) (E1 E2:env) (m m1 m2:mType) defVars:
eval_expr E1 (toRTMap defVars) (toREval (toRExp e1)) e1R REAL ->
eval_expr E2 defVars (toRExp e1) e1F m1 ->
eval_expr E1 (toRTMap defVars) (toREval (toRExp e2)) e2R REAL ->