Commit 61171aef authored by Heiko Becker's avatar Heiko Becker

Merge branch 'fma_proofs_merge' into 'certificates'

Fma proofs merge

See merge request AVA/daisy!170
parents 13ae6d87 c14fe5f4
......@@ -258,6 +258,75 @@ Proof.
apply Rabs_pos.
Qed.
Lemma fma_abs_err_bounded (e1:exp Q) (e1R:R) (e1F:R) (e2:exp Q) (e2R:R) (e2F:R)
(e3:exp Q) (e3R:R) (e3F:R)
(vR:R) (vF:R) (E1 E2:env) (m m1 m2 m3:mType) defVars:
eval_exp E1 (toRMap defVars) (toREval (toRExp e1)) e1R M0 ->
eval_exp E2 defVars (toRExp e1) e1F m1->
eval_exp E1 (toRMap defVars) (toREval (toRExp e2)) e2R M0 ->
eval_exp E2 defVars (toRExp e2) e2F m2 ->
eval_exp E1 (toRMap defVars) (toREval (toRExp e3)) e3R M0 ->
eval_exp E2 defVars (toRExp e3) e3F m3->
eval_exp E1 (toRMap defVars) (toREval (Fma (toRExp e1) (toRExp e2) (toRExp e3))) vR M0 ->
eval_exp (updEnv 3 e3F (updEnv 2 e2F (updEnv 1 e1F emptyEnv)))
(updDefVars 3 m3 (updDefVars 2 m2 (updDefVars 1 m1 defVars)))
(Fma (Var R 1) (Var R 2) (Var R 3)) vF m ->
(Rabs (vR - vF) <= Rabs ((e1R - e1F) + (e2R * e3R - e2F * e3F)) + Rabs (e1F + e2F * e3F) * (Q2R (mTypeToQ m)))%R.
Proof.
intros e1_real e1_float e2_real e2_float e3_real e3_float fma_real fma_float.
inversion fma_real; subst;
assert (m0 = M0) by (eapply toRMap_eval_M0; eauto).
assert (m4 = M0) by (eapply toRMap_eval_M0; eauto).
assert (m5 = M0) by (eapply toRMap_eval_M0; eauto).
subst; simpl in H3; rewrite Q2R0_is_0 in H3; auto.
rewrite delta_0_deterministic in fma_real; auto.
rewrite delta_0_deterministic; auto.
unfold evalFma in *; simpl in *.
clear delta H3.
rewrite (meps_0_deterministic (toRExp e1) H5 e1_real);
rewrite (meps_0_deterministic (toRExp e2) H6 e2_real);
rewrite (meps_0_deterministic (toRExp e3) H7 e3_real).
rewrite (meps_0_deterministic (toRExp e1) H5 e1_real) in fma_real.
rewrite (meps_0_deterministic (toRExp e2) H6 e2_real) in fma_real.
rewrite (meps_0_deterministic (toRExp e3) H7 e3_real) in fma_real.
clear H5 H6 v1 v2 v3 H7 H2.
inversion fma_float; subst.
unfold evalFma in *.
unfold perturb; simpl.
inversion H3; subst; inversion H6; subst; inversion H7; subst.
unfold updEnv in *; simpl in *.
inversion H5; inversion H1; inversion H9; subst.
clear fma_float H7 fma_real e1_real e1_float e2_real e2_float e3_real e3_float H6 H1 H5 H9 H3 H0 H4 H8.
repeat rewrite Rmult_plus_distr_l.
rewrite Rmult_1_r.
rewrite Rsub_eq_Ropp_Rplus.
rewrite Ropp_plus_distr.
rewrite <- Rplus_assoc.
setoid_rewrite <- Rsub_eq_Ropp_Rplus at 2.
rewrite Rsub_eq_Ropp_Rplus.
rewrite Rsub_eq_Ropp_Rplus.
rewrite Rsub_eq_Ropp_Rplus.
rewrite <- Rplus_assoc.
setoid_rewrite Rplus_comm at 8.
rewrite <- Rplus_assoc.
setoid_rewrite Rplus_comm at 9.
rewrite Rplus_assoc.
setoid_rewrite Rplus_assoc at 2.
rewrite <- Rplus_assoc.
rewrite <- Rsub_eq_Ropp_Rplus.
rewrite <- Rsub_eq_Ropp_Rplus.
rewrite <- Ropp_plus_distr.
rewrite <- Rsub_eq_Ropp_Rplus.
eapply Rle_trans.
eapply Rabs_triang.
eapply Rplus_le_compat_l.
rewrite Rabs_Ropp.
repeat rewrite Rabs_mult.
eapply Rmult_le_compat_l; auto.
apply Rabs_pos.
Qed.
Lemma err_prop_inversion_pos_real nF nR err elo ehi
(float_iv_pos : (0 < elo - err)%R)
(real_iv_pos : (0 < elo)%R)
......
......@@ -69,6 +69,25 @@ Fixpoint validErrorbound (e:exp Q) (* analyzed expression *)
| _, _ => false
end
else false
| Fma e1 e2 e3 =>
if ((validErrorbound e1 typeMap A dVars)
&& (validErrorbound e2 typeMap A dVars)
&& (validErrorbound e3 typeMap A dVars))
then
match DaisyMap.find e1 A, DaisyMap.find e2 A, DaisyMap.find e3 A with
| Some (ive1, err1), Some (ive2, err2), Some (ive3, err3) =>
let errIve1 := widenIntv ive1 err1 in
let errIve2 := widenIntv ive2 err2 in
let errIve3 := widenIntv ive3 err3 in
let upperBoundE1 := maxAbs ive1 in
let upperBoundE2 := maxAbs ive2 in
let upperBoundE3 := maxAbs ive3 in
let errIntv_prod := multIntv errIve2 errIve3 in
let mult_error_bound := (upperBoundE2 * err3 + upperBoundE3 * err2 + err2 * err3) in
Qleb (err1 + mult_error_bound + (maxAbs (addIntv errIve1 errIntv_prod)) * (mTypeToQ m)) err
| _, _, _ => false
end
else false
|Downcast m1 e1 =>
if validErrorbound e1 typeMap A dVars
then
......@@ -407,6 +426,472 @@ Proof.
repeat rewrite Q2R_minus; lra.
Qed.
Lemma multiplicationErrorBounded e1lo e1hi e2lo e2hi nR1 nF1 nR2 nF2 err1 err2 :
(Q2R e1lo <= nR1 <= Q2R e1hi)%R ->
(Q2R e2lo <= nR2 <= Q2R e2hi)%R ->
(Rabs (nR1 - nF1) <= Q2R err1)%R ->
(Rabs (nR2 - nF2) <= Q2R err2)%R ->
(0 <= Q2R err1)%R ->
(0 <= Q2R err2)%R ->
(Rabs (nR1 * nR2 - nF1 * nF2) <=
RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 + RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1 +
Q2R err1 * Q2R err2)%R.
Proof.
intros valid_e1 valid_e2 err1_bounded err2_bounded err1_pos err2_pos.
unfold Rabs in err1_bounded.
unfold Rabs in err2_bounded.
(* Before doing case distinction, prove bounds that will be used many times: *)
assert (nR1 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi))%R
as upperBound_nR1
by (apply contained_leq_maxAbs_val; auto).
assert (nR2 <= RmaxAbsFun (Q2R e2lo, Q2R e2hi))%R
as upperBound_nR2
by (apply contained_leq_maxAbs_val; auto).
assert (-nR1 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi))%R
as upperBound_Ropp_nR1
by (apply contained_leq_maxAbs_neg_val; auto).
assert (- nR2 <= RmaxAbsFun (Q2R e2lo, Q2R e2hi))%R
as upperBound_Ropp_nR2
by (apply contained_leq_maxAbs_neg_val; auto).
assert (nR1 * Q2R err2 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2)%R
as bound_nR1 by (apply Rmult_le_compat_r; auto).
assert (- nR1 * Q2R err2 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2)%R
as bound_neg_nR1 by (apply Rmult_le_compat_r; auto).
assert (nR2 * Q2R err1 <= RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1)%R
as bound_nR2 by (apply Rmult_le_compat_r; auto).
assert (- nR2 * Q2R err1 <= RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1)%R
as bound_neg_nR2 by (apply Rmult_le_compat_r; auto).
assert (- (Q2R err1 * Q2R err2) <= Q2R err1 * Q2R err2)%R as err_neg_bound
by (rewrite Ropp_mult_distr_l; apply Rmult_le_compat_r; lra).
assert (0 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2)%R
as zero_up_nR1 by lra.
assert (RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 + RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1)%R
as nR1_to_sum by lra.
assert (RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 + RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 + RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1 + Q2R err1 * Q2R err2)%R
as sum_to_errsum by lra.
(* Large case distinction for
a) different cases of the value of Rabs (...) and
b) wether arguments of multiplication in (nf1 * nF2) are < or >= 0 *)
destruct Rcase_abs in err1_bounded; destruct Rcase_abs in err2_bounded.
+ rewrite Rsub_eq_Ropp_Rplus in err1_bounded, err2_bounded.
rewrite Ropp_plus_distr in err1_bounded, err2_bounded.
rewrite Ropp_involutive in err1_bounded, err2_bounded.
assert (nF1 <= Q2R err1 + nR1)%R by lra.
assert (nF2 <= Q2R err2 + nR2)%R by lra.
unfold Rabs.
destruct Rcase_abs.
* rewrite Rsub_eq_Ropp_Rplus. rewrite Ropp_plus_distr.
rewrite Ropp_involutive.
destruct (Rle_lt_dec 0 nF1).
{ (* Upper Bound ... *)
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l; auto.
apply H0.
destruct (Rle_lt_dec 0 (Q2R err2 + nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l. hnf. left; auto.
assert (nR1 <= nF1)%R by lra.
apply H1.
lra.
}
{
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (nR2 < nF2)%R by lra.
apply Rlt_le in H1; apply H1.
destruct (Rle_lt_dec 0 nR2).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (nR1 < nF1)%R by lra.
apply Rlt_le in H1; apply H1.
lra.
}
* rewrite Rsub_eq_Ropp_Rplus.
destruct (Rle_lt_dec 0 nF1).
{
rewrite Ropp_mult_distr_r.
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l; auto.
assert (- nF2 <= - nR2)%R by lra.
apply H1.
destruct (Rle_lt_dec 0 (- nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (nR1 < nF1)%R by lra.
apply Rlt_le in H1; apply H1.
lra.
}
{
rewrite Ropp_mult_distr_l.
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l.
rewrite <- (Ropp_involutive 0).
apply Ropp_ge_le_contravar.
apply Rle_ge.
rewrite Ropp_0.
hnf. left; auto.
apply H0.
destruct (Rle_lt_dec 0 (Q2R err2 + nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
assert (- nF1 <= -nR1)%R by lra.
apply H1.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
apply Ropp_le_ge_contravar in H.
apply Rge_le in H.
apply H.
lra.
}
+ rewrite Rsub_eq_Ropp_Rplus in err1_bounded, err2_bounded.
rewrite Ropp_plus_distr in err1_bounded.
rewrite Ropp_involutive in err1_bounded.
assert (nF1 <= Q2R err1 + nR1)%R by lra.
assert (nF2 <= Q2R err2 + nR2)%R by lra.
unfold Rabs.
destruct Rcase_abs.
* rewrite Rsub_eq_Ropp_Rplus. rewrite Ropp_plus_distr.
rewrite Ropp_involutive.
destruct (Rle_lt_dec 0 nF1).
{ (* Upper Bound ... *)
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l; auto.
apply H0.
destruct (Rle_lt_dec 0 (Q2R err2 + nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l. hnf. left; auto.
assert (nR1 <= nF1)%R by lra.
apply H1.
lra.
}
{
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (- nF2 <= - (nR2 - Q2R err2))%R by lra.
apply Ropp_le_ge_contravar in H1.
repeat rewrite Ropp_involutive in H1.
apply Rge_le in H1.
apply H1.
destruct (Rle_lt_dec 0 (nR2 - Q2R err2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (nR1 < nF1)%R by lra.
apply Rlt_le in H1; apply H1.
lra.
}
* rewrite Rsub_eq_Ropp_Rplus.
destruct (Rle_lt_dec 0 nF1).
{
rewrite Ropp_mult_distr_r.
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l; auto.
assert (- nF2 <= - nR2 + Q2R err2)%R by lra.
apply H1.
destruct (Rle_lt_dec 0 (- nR2 + Q2R err2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (nR1 < nF1)%R by lra.
apply Rlt_le in H1; apply H1.
lra.
}
{
rewrite Ropp_mult_distr_l.
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l.
rewrite <- (Ropp_involutive 0).
apply Ropp_ge_le_contravar.
apply Rle_ge.
rewrite Ropp_0.
hnf. left; auto.
apply H0.
destruct (Rle_lt_dec 0 (Q2R err2 + nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
assert (- nF1 <= -nR1)%R by lra.
apply H1.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
apply Ropp_le_ge_contravar in H.
apply Rge_le in H.
apply H.
lra.
}
+ rewrite Rsub_eq_Ropp_Rplus in err1_bounded, err2_bounded.
rewrite Ropp_plus_distr in err2_bounded.
rewrite Ropp_involutive in err2_bounded.
assert (nF1 <= Q2R err1 + nR1)%R by lra.
assert (nF2 <= Q2R err2 + nR2)%R by lra.
unfold Rabs.
destruct Rcase_abs.
* rewrite Rsub_eq_Ropp_Rplus. rewrite Ropp_plus_distr.
rewrite Ropp_involutive.
destruct (Rle_lt_dec 0 nF1).
{ (* Upper Bound ... *)
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l; auto.
apply H0.
destruct (Rle_lt_dec 0 (Q2R err2 + nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l. hnf. left; auto.
assert (- nF1 <= - (nR1 - Q2R err1))%R by lra.
apply Ropp_le_ge_contravar in H1.
repeat rewrite Ropp_involutive in H1.
apply Rge_le in H1.
apply H1.
lra.
}
{
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (nR2 < nF2)%R by lra.
apply Rlt_le in H1; apply H1.
destruct (Rle_lt_dec 0 nR2).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (- nF1 <= - (nR1 - Q2R err1))%R by lra.
apply Ropp_le_ge_contravar in H1.
repeat rewrite Ropp_involutive in H1.
apply Rge_le in H1.
apply H1.
lra.
}
* rewrite Rsub_eq_Ropp_Rplus.
destruct (Rle_lt_dec 0 nF1).
{
rewrite Ropp_mult_distr_r.
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l; auto.
assert (- nF2 <= - nR2)%R by lra.
apply H1.
destruct (Rle_lt_dec 0 (- nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (- nF1 <= - (nR1 - Q2R err1))%R by lra.
apply Ropp_le_ge_contravar in H1.
repeat rewrite Ropp_involutive in H1.
apply Rge_le in H1.
apply H1.
lra.
}
{
rewrite Ropp_mult_distr_l.
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l.
lra.
apply H0.
destruct (Rle_lt_dec 0 (Q2R err2 + nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
assert (- nF1 <= - (nR1 - Q2R err1))%R by lra.
apply H1.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l; try lra.
apply Ropp_le_ge_contravar in H.
apply Rge_le in H.
apply H.
lra.
}
(* All positive *)
+ assert (nF1 <= Q2R err1 + nR1)%R by lra.
assert (nF2 <= Q2R err2 + nR2)%R by lra.
unfold Rabs.
destruct Rcase_abs.
* rewrite Rsub_eq_Ropp_Rplus. rewrite Ropp_plus_distr.
rewrite Ropp_involutive.
destruct (Rle_lt_dec 0 nF1).
{ (* Upper Bound ... *)
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l; auto.
apply H0.
destruct (Rle_lt_dec 0 (Q2R err2 + nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l. hnf. left; auto.
assert (nR1 - Q2R err1 <= nF1)%R by lra.
apply H1.
lra.
}
{
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_neg_l.
hnf. left; auto.
assert (nR2 - Q2R err2 <= nF2)%R by lra.
apply H1.
destruct (Rle_lt_dec 0 (nR2 - Q2R err2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
lra.
assert (nR1 - Q2R err1 <= nF1)%R by lra.
apply H1.
lra.
}
* rewrite Rsub_eq_Ropp_Rplus.
destruct (Rle_lt_dec 0 nF1).
{
rewrite Ropp_mult_distr_r.
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l; auto.
assert (- nF2 <= Q2R err2 - nR2)%R by lra.
apply H1.
destruct (Rle_lt_dec 0 (Q2R err2 - nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
apply H.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
lra.
assert (nR1 - Q2R err1 <= nF1)%R by lra.
apply H1.
lra.
}
{
rewrite Ropp_mult_distr_l.
eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_l.
rewrite <- (Ropp_involutive 0).
apply Ropp_ge_le_contravar.
apply Rle_ge.
rewrite Ropp_0.
lra.
apply H0.
destruct (Rle_lt_dec 0 (Q2R err2 + nR2)).
- eapply Rle_trans.
eapply Rplus_le_compat_l.
eapply Rmult_le_compat_r; auto.
assert (- nF1 <= Q2R err1 - nR1)%R by lra.
apply H1.
lra.
- eapply Rle_trans.
eapply Rplus_le_compat_l.
rewrite Rmult_comm.
eapply Rmult_le_compat_neg_l.
lra.
apply Ropp_le_ge_contravar in H.
apply Rge_le in H.
apply H.
lra.
}
Qed.
Lemma validErrorboundCorrectMult E1 E2 A
(e1:exp Q) (e2:exp Q) (nR nR1 nR2 nF nF1 nF2 :R) (e err1 err2 :error)
(alo ahi e1lo e1hi e2lo e2hi:Q) dVars (m m1 m2:mType) Gamma defVars:
......@@ -455,460 +940,7 @@ Proof.
Focus 2.
apply valid_error.
apply Rplus_le_compat.
- unfold Rabs in err1_bounded.
unfold Rabs in err2_bounded.
(* Before doing case distinction, prove bounds that will be used many times: *)
assert (nR1 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi))%R
as upperBound_nR1
by (apply contained_leq_maxAbs_val; auto).
assert (nR2 <= RmaxAbsFun (Q2R e2lo, Q2R e2hi))%R
as upperBound_nR2
by (apply contained_leq_maxAbs_val; auto).
assert (-nR1 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi))%R
as upperBound_Ropp_nR1
by (apply contained_leq_maxAbs_neg_val; auto).
assert (- nR2 <= RmaxAbsFun (Q2R e2lo, Q2R e2hi))%R
as upperBound_Ropp_nR2
by (apply contained_leq_maxAbs_neg_val; auto).
assert (nR1 * Q2R err2 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2)%R
as bound_nR1 by (apply Rmult_le_compat_r; auto).
assert (- nR1 * Q2R err2 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2)%R
as bound_neg_nR1 by (apply Rmult_le_compat_r; auto).
assert (nR2 * Q2R err1 <= RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1)%R
as bound_nR2 by (apply Rmult_le_compat_r; auto).
assert (- nR2 * Q2R err1 <= RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1)%R
as bound_neg_nR2 by (apply Rmult_le_compat_r; auto).
assert (- (Q2R err1 * Q2R err2) <= Q2R err1 * Q2R err2)%R as err_neg_bound
by (rewrite Ropp_mult_distr_l; apply Rmult_le_compat_r; lra).
assert (0 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2)%R
as zero_up_nR1 by lra.
assert (RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 + RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1)%R
as nR1_to_sum by lra.
assert (RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 + RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1 <= RmaxAbsFun (Q2R e1lo, Q2R e1hi) * Q2R err2 + RmaxAbsFun (Q2R e2lo, Q2R e2hi) * Q2R err1 + Q2R err1 * Q2R err2)%R
as sum_to_errsum by lra.
clear e1_real e1_float e2_real e2_float eval_real eval_float valid_error
A_e1 A_e2.
(* Large case distinction for
a) different cases of the value of Rabs (...) and
b) wether arguments of multiplication in (nf1 * nF2) are < or >= 0 *)
destruct Rcase_abs in err1_bounded; destruct Rcase_abs in err2_bounded.