Commit 615bcb77 authored by ='s avatar =

Removing unused/commented proofs.

I also simplified the double pattern matchings used in Expressions.v
parent 57805bbd
......@@ -33,9 +33,6 @@ Fixpoint toREvalCmd (f:cmd R) :=
|Ret e => Ret (toREval e)
end.
(*| Nop: cmd V. *)
(*
UNUSED!
Small Step semantics for Daisy language
......@@ -52,16 +49,6 @@ Inductive sstep : cmd R -> env -> R -> cmd R -> env -> Prop :=
Define big step semantics for the Daisy language, terminating on a "returned"
result value
**)
(* meaning of this -> mType ??? *)
(* Inductive bstep : cmd R -> env -> R -> mType -> Prop := *)
(* let_b m x e s E v res: *)
(* eval_exp E e v m -> *)
(* bstep s (updEnv x m v E) res m -> *)
(* bstep (Let m x e s) E res m *)
(* |ret_b m e E v: *)
(* eval_exp E e v m -> *)
(* bstep (Ret e) E v m. *)
Inductive bstep : cmd R -> env -> R -> mType -> Prop :=
let_b m m' x e s E v res:
eval_exp E e v m ->
......
......@@ -36,7 +36,6 @@ Proof.
inversion eval_float; subst.
unfold perturb; simpl.
exists v; split; try auto.
rewrite H3 in H8; inversion H8.
rewrite Rabs_err_simpl.
repeat rewrite Rabs_mult.
......
This diff is collapsed.
......@@ -13,11 +13,12 @@ Inductive binop : Type := Plus | Sub | Mult | Div.
(** TODO: simplify pattern matching **)
Definition binopEqBool (b1:binop) (b2:binop) :=
match b1 with
Plus => match b2 with Plus => true |_ => false end
| Sub => match b2 with Sub => true |_ => false end
| Mult => match b2 with Mult => true |_ => false end
| Div => match b2 with Div => true |_ => false end
match b1, b2 with
| Plus, Plus => true
| Sub, Sub => true
| Mult, Mult => true
| Div, Div => true
| _,_ => false
end.
(**
......@@ -45,9 +46,10 @@ Qed.
Inductive unop: Type := Neg | Inv.
Definition unopEqBool (o1:unop) (o2:unop) :=
match o1 with
|Neg => match o2 with |Neg => true |_=> false end
|Inv => match o2 with |Inv => true |_ => false end
match o1, o2 with
| Neg, Neg => true
| Inv, Inv => true
| _ , _ => false
end.
(**
......@@ -78,57 +80,16 @@ Inductive exp (V:Type): Type :=
Used in certificates to define the analysis result as function
**)
Fixpoint expEqBool (e1:exp Q) (e2:exp Q) :=
match e1 with
|Var _ m1 v1 =>
match e2 with
|Var _ m2 v2 => andb (mTypeEqBool m1 m2) (v1 =? v2)
| _=> false
end
|Const m1 n1 =>
match e2 with
|Const m2 n2 => andb (mTypeEqBool m1 m2) (Qeq_bool n1 n2)
| _=> false
end
|Unop o1 e11 =>
match e2 with
|Unop o2 e22 => andb (unopEqBool o1 o2) (expEqBool e11 e22)
|_ => false
end
|Binop o1 e11 e12 =>
match e2 with
|Binop o2 e21 e22 => andb (binopEqBool o1 o2) (andb (expEqBool e11 e21) (expEqBool e12 e22))
|_ => false
end
|Downcast m1 f1 =>
match e2 with
|Downcast m2 f2 => andb (mTypeEqBool m1 m2) (expEqBool f1 f2)
|_ => false
end
match e1, e2 with
| Var _ m1 v1, Var _ m2 v2 => andb (mTypeEqBool m1 m2) (v1 =? v2)
| Const m1 n1, Const m2 n2 => andb (mTypeEqBool m1 m2) (Qeq_bool n1 n2)
| Unop o1 e11, Unop o2 e22 => andb (unopEqBool o1 o2) (expEqBool e11 e22)
| Binop o1 e11 e12, Binop o2 e21 e22 => andb (binopEqBool o1 o2) (andb (expEqBool e11 e21) (expEqBool e12 e22))
| Downcast m1 f1, Downcast m2 f2 => andb (mTypeEqBool m1 m2) (expEqBool f1 f2)
| _, _ => false
end.
(* Lemma expEqBool_eq e1 e2: *)
(* e1 = e2 -> *)
(* expEqBool e1 e2 = true. *)
(* Proof. *)
(* revert e1 e2. *)
(* induction e1; intros; split; intros. *)
(* - simpl in H. destruct e2; try inversion H; apply andb_true_iff in H; destruct H. *)
(* f_equal. *)
(* + apply EquivEqBoolEq; auto. *)
(* + apply beq_nat_true; auto. *)
(* - simpl. destruct e2; try inversion H. *)
(* rewrite mTypeEqBool_refl. *)
(* simpl. *)
(* symmetry; apply beq_nat_refl. *)
(* - simpl in H; destruct e2; try inversion H. apply andb_true_iff in H; destruct H. *)
(* f_equal. *)
(* + apply EquivEqBoolEq; auto. *)
(* + admit. *)
(* - *)
Lemma expEqBool_refl e:
expEqBool e e = true.
Proof.
......@@ -221,8 +182,7 @@ Proof.
eapply IHe; eauto.
Qed.
Fixpoint toRExp (e:exp Q) :=
match e with
......@@ -265,8 +225,6 @@ using a perturbation of the real valued computation by (1 + delta), where
**)
Inductive eval_exp (E:env) :(exp R) -> R -> mType -> Prop :=
| Var_load m x v:
(** isMorePrecise m m1 = true ->**)
(**mTypeEqBool m m1 = true ->*)
E x = Some (v, m) ->
eval_exp E (Var R m x) v m
| Const_dist m n delta:
......@@ -280,7 +238,6 @@ Inductive eval_exp (E:env) :(exp R) -> R -> mType -> Prop :=
eval_exp E f1 v1 m ->
eval_exp E (Unop Inv f1) (perturb (evalUnop Inv v1) delta) m
| Binop_dist m1 m2 op f1 f2 v1 v2 delta:
(*isJoinOf m m1 m2 = true ->*)
Rle (Rabs delta) (Q2R (meps (computeJoin m1 m2))) ->
eval_exp E f1 v1 m1 ->
eval_exp E f2 v2 m2 ->
......@@ -401,14 +358,10 @@ Proof.
pose proof (isMorePrecise_refl m1).
eapply Var_load; eauto.
pose proof (isMorePrecise_refl m2).
(* unfold mTypeEqBool; apply Qeq_bool_iff; apply Qeq_refl. *)
eapply Var_load; eauto.
(* unfold mTypeEqBool; apply Qeq_bool_iff; apply Qeq_refl. *)
Qed.
(* (** *)
(* Analogous lemma for unary expressions. *)
(* **) *)
Lemma unary_unfolding (e:exp R) (m:mType) (E:env) (v:R):
(eval_exp E (Unop Inv e) v m ->
exists v1 m1,
......@@ -422,18 +375,6 @@ Proof.
econstructor; try auto.
pose proof (isMorePrecise_refl m).
econstructor; eauto.
(* - intros exists_val. *)
(* destruct exists_val as [v1 [m1 [eval_f1 eval_e_E]]]. *)
(* inversion eval_e_E; subst. *)
(* inversion H1; subst. *)
(* econstructor; eauto. *)
(* unfold updEnv in H6. *)
(* simpl in H6. *)
(* inversion H6. *)
(* rewrite <- H2. *)
(* rewrite <- H1. *)
(* auto. *)
Qed.
(**
......
......@@ -58,95 +58,4 @@ Definition emptyEnv:env := fun _ => None.
Definition updEnv (x:nat) (mx:mType) (v: R) (E:env) (y:nat) :=
if (y =? x)
then Some (v, mx)
else E y.
(* Definition EnvEq: relation env := *)
(* fun E1 E2 => forall n : nat, *)
(* match (E1 n), (E2 n) with *)
(* | None, None => Is_true true *)
(* | Some (v1, m1), Some (v2, m2) => (v1 = v2) /\ ((meps m1) == (meps m2)) *)
(* | _, _ => Is_true false *)
(* end. *)
(* Global Instance EnvEquivalence: Equivalence EnvEq. *)
(* Proof. *)
(* split; intros. *)
(* - intros E1 n. *)
(* case_eq (E1 n). *)
(* + intros [v m] hyp; auto. *)
(* split; auto. *)
(* apply Qeq_refl. *)
(* + intros. *)
(* unfold Is_true; trivial. *)
(* - intros E1 E2 hyp n. *)
(* case_eq (E1 n). *)
(* + intros [v1 m1] H1; auto. *)
(* case_eq (E2 n). *)
(* * intros [v2 m2] H2; auto. *)
(* pose proof (hyp n). *)
(* rewrite H1 in H. *)
(* rewrite H2 in H. *)
(* destruct H as [Hv Hm]. *)
(* split; symmetry; auto. *)
(* * intros. *)
(* pose proof (hyp n). *)
(* rewrite H1 in H0. *)
(* rewrite H in H0. *)
(* auto. *)
(* + intros. pose proof (hyp n). *)
(* rewrite H in H0. *)
(* case_eq (E2 n). intros [v2 m2] H2. *)
(* rewrite H2 in H0; auto. *)
(* intro H2. rewrite H2 in H0; auto. *)
(* - intros E1 E2 E3 H12 H23 n. *)
(* case_eq (E1 n). *)
(* + intros [v1 m1] H1; auto. *)
(* pose proof (H12 n) as H12. *)
(* pose proof (H23 n) as H23. *)
(* case_eq (E3 n). *)
(* * intros [v3 m3] H3; auto. *)
(* rewrite H1 in H12. *)
(* rewrite H3 in H23. *)
(* case_eq (E2 n). *)
(* intros [v2 m2] H2; auto. *)
(* rewrite H2 in H12. *)
(* rewrite H2 in H23. *)
(* destruct H12 as [H12v H12m]. *)
(* destruct H23 as [H23v H23m]. *)
(* split. *)
(* rewrite H12v; auto. *)
(* rewrite H12m; auto. *)
(* intros. *)
(* rewrite H in H12. *)
(* unfold Is_true in H12. *)
(* inversion H12. *)
(* * intros H3. *)
(* rewrite H1 in H12. *)
(* rewrite H3 in H23. *)
(* case_eq (E2 n). *)
(* intros [v2 m2] H2; auto. *)
(* rewrite H2 in H12; rewrite H2 in H23. *)
(* apply H23. *)
(* intro H2; auto. *)
(* rewrite H2 in H12; rewrite H2 in H23. *)
(* apply H12. *)
(* + intro H1; auto. *)
(* pose proof (H12 n) as H12. *)
(* pose proof (H23 n) as H23. *)
(* case_eq (E3 n). *)
(* * intros [v3 m3] H3; auto. *)
(* rewrite H1 in H12; rewrite H3 in H23. *)
(* case_eq (E2 n). *)
(* intros [v2 m2] H2; auto. *)
(* rewrite H2 in H12; rewrite H2 in H23; auto. *)
(* intros H2; rewrite H2 in H12; rewrite H2 in H23; auto. *)
(* * rewrite H1 in H12. *)
(* intros H3. *)
(* rewrite H3 in H23. *)
(* case_eq (E2 n). *)
(* intros [v2 m2] H2. *)
(* rewrite H2 in H12; rewrite H2 in H23; auto. *)
(* unfold Is_true in H12; inversion H12. *)
(* intro H2; rewrite H2 in H12; rewrite H2 in H23; auto. *)
(* Defined. *)
\ No newline at end of file
else E y.
\ No newline at end of file
......@@ -158,79 +158,6 @@ Definition isJoinOf (m:mType) (m1:mType) (m2:mType) :=
Definition computeJoin (m1:mType) (m2:mType) :=
if (isMorePrecise m1 m2) then m1 else m2.
(* Lemma eq_compat_join (m:mType) (m2:mType) (m1:mType) (m0:mType) : *)
(* mTypeEq m m2 -> *)
(* isJoinOf m m1 m0 = true -> *)
(* isJoinOf m2 m1 m0 = true. *)
(* Proof. *)
(* intros. *)
(* unfold isJoinOf in *. *)
(* case_eq (isMorePrecise m1 m0); intros; rewrite H1 in H0; auto; *)
(* apply mTypeEquivs in H0; apply mTypeEquivs; *)
(* [ apply (Equivalence_Transitive m2 m m1) | apply (Equivalence_Transitive m2 m m0) ]; *)
(* auto; apply (Equivalence_Symmetric m m2); auto. *)
(* Qed. *)
(* Lemma M0_is_bot (m:mType): *)
(* isMorePrecise m M0 = true. *)
(* Proof. *)
(* unfold isMorePrecise. *)
(* destruct m. *)
(* simpl; auto. *)
(* Qed. *)
(* (* Lemma ifM0isJoin_l (m:mType) (m1:mType) (m2:mType) : *) *)
(* (* (meps m) == 0 -> isJoinOf m m1 m2 = true -> mTypeEqBool M0 m1 = true. *) *)
(* (* Proof. *) *)
(* (* intros H0 H. *) *)
(* (* unfold isJoinOf in H. *) *)
(* (* case_eq (isMorePrecise m1 m2); intro Hyp; rewrite Hyp in H; simpl in H. *) *)
(* (* - auto. *) *)
(* (* unfold mTypeEqBool. *) *)
(* (* simpl (meps M0). *) *)
(* (* unfold mTypeEqBool in H. *) *)
(* (* rewrite H0 in H. *) *)
(* (* auto. *) *)
(* (* - unfold isMorePrecise in Hyp. *) *)
(* (* unfold mTypeEqBool in *. *) *)
(* (* apply Qeq_bool_iff in H. *) *)
(* (* symmetry in H. *) *)
(* (* apply Qeq_eq_bool in H. *) *)
(* (* rewrite H0 in H. *) *)
(* (* simpl (meps M0) in Hyp. *) *)
(* (* rewrite H in Hyp. *) *)
(* (* apply diff_true_false in Hyp. *) *)
(* (* inversion Hyp. *) *)
(* (* Qed. *) *)
(* (* Lemma ifM0isJoin_r (m:mType) (m1:mType) (m2:mType) : *) *)
(* (* (meps m) == 0 -> isJoinOf m m1 m2 = true -> mTypeEqBool M0 m2 = true. *) *)
(* (* Proof. *) *)
(* (* intros H0 H. *) *)
(* (* unfold isJoinOf in H. *) *)
(* (* case_eq (isMorePrecise m1 m2); intro Hyp; rewrite Hyp in H; simpl in H. *) *)
(* (* - unfold isMorePrecise in Hyp. *) *)
(* (* case_eq (mTypeEqBool m2 M0); intro H2; rewrite H2 in Hyp. *) *)
(* (* + unfold mTypeEqBool in *. *) *)
(* (* rewrite Qeq_bool_iff in *. *) *)
(* (* symmetry; auto. *) *)
(* (* + unfold mTypeEqBool in H; apply Qeq_bool_iff in H; symmetry in H; apply Qeq_eq_bool in H. *) *)
(* (* unfold mTypeEqBool in Hyp. *) *)
(* (* assert (Qeq_bool (meps m1) (meps M0) = true). *) *)
(* (* apply Qeq_bool_iff. *) *)
(* (* apply Qeq_bool_iff in H. *) *)
(* (* rewrite H0 in H. *) *)
(* (* rewrite H. *) *)
(* (* simpl meps. *) *)
(* (* lra. *) *)
(* (* rewrite H1 in Hyp; apply diff_false_true in Hyp; inversion Hyp. *) *)
(* (* - unfold mTypeEqBool in *. simpl in *. rewrite H0 in H. auto. *) *)
(* (* Qed. *) *)
Lemma ifisMorePreciseM0 (m:mType) :
isMorePrecise M0 m = true -> m = M0.
Proof.
......@@ -301,30 +228,4 @@ Proof.
unfold computeJoin.
unfold isJoinOf in H.
case_eq (isMorePrecise m1 m2); intros; auto; rewrite H0 in H; apply EquivEqBoolEq; auto.
Qed.
(* Lemma joinIsMP (m1:mType) (m2:mType) : *)
(* isMorePrecise (computeJoin m1 m2) m1 = true. *)
(* Proof. *)
(* unfold computeJoin. *)
(* case_eq (isMorePrecise m1 m2); intros. *)
(* apply isMorePrecise_refl. *)
(* unfold isMorePrecise in *. *)
(* case_eq (mTypeEqBool m2 M0); intros; rewrite H0 in H; auto. *)
(* inversion H. *)
(* case_eq (mTypeEqBool m1 M0); intros; rewrite H1 in H; auto. *)
(* rewrite Qle_bool_iff. *)
(* apply Qnot_lt_le. *)
(* intro. *)
(* apply not_true_iff_false in H. *)
(* Lemma Qnot_lt_le : forall x y, ~ x<y -> y<=x. *)
(* Lemma Qnot_le_lt : forall x y, ~ x<=y -> y<x. *)
(* Lemma Qlt_not_le : forall x y, x<y -> ~ y<=x. *)
(* Lemma Qle_not_lt : forall x y, x<=y -> ~ y<x. *)
Qed.
\ No newline at end of file
......@@ -139,16 +139,6 @@ Proof.
unfold Q2RP; destruct iv; apply minAbs_impl_RminAbs.
Qed.
(* Lemma mEps_geq_zero: *)
(* (0 <= Q2R RationalSimps.machineEpsilon)%R. *)
(* Proof. *)
(* rewrite <- Q2R0_is_0. *)
(* apply Qle_Rle. *)
(* unfold machineEpsilon. *)
(* apply Qle_bool_iff. *)
(* unfold Qle_bool; auto. *)
(* Qed. *)
Lemma Q_case_div_to_R_case_div a b:
(b < 0 \/ 0 < a)%Q ->
(Q2R b < 0 \/ 0 < Q2R a)%R.
......
......@@ -183,74 +183,6 @@ Proof.
unfold isSupersetIntv in *; simpl in *.
apply le_neq_bool_to_lt_prop; auto.
Qed.
(* Lemma validVarsUnfolding_l (E:env) (absenv:analysisResult) (f1 f2: exp Q) dVars (b:binop) m0: *)
(* (typeMap (Binop b f1 f2)) (Binop b f1 f2) = Some m0 -> *)
(* (forall (v : NatSet.elt) (m : mType), *)
(* NatSet.mem v dVars = true -> *)
(* typeMap (Binop b f1 f2) (Var Q m v) = Some m -> *)
(* exists vR : R, *)
(* E v = Some (vR, M0) /\ *)
(* (Q2R (fst (fst (absenv (Var Q m v)))) <= vR <= Q2R (snd (fst (absenv (Var Q m v)))))%R) *)
(* -> *)
(* (forall (v : NatSet.elt) (m : mType), *)
(* NatSet.mem v dVars = true -> *)
(* typeMap f1 (Var Q m v) = Some m -> *)
(* exists vR : R, *)
(* E v = Some (vR, M0) /\ *)
(* (Q2R (fst (fst (absenv (Var Q m v)))) <= vR <= Q2R (snd (fst (absenv (Var Q m v)))))%R). *)
(* Proof. *)
(* intros. *)
(* specialize (H0 v m H1). *)
(* case_eq (typeMap f2 (Var Q m v)); intros; auto. *)
(* - case_eq (mTypeEqBool m m1); intros. *)
(* + (*apply EquivEqBoolEq in H4. ; rewrite <- H4 in H3.*) *)
(* assert (typeMap (Binop b f1 f2) (Var Q m v) = Some m). *)
(* simpl typeMap. rewrite H2. *)
(* auto. *)
(* specialize (H0 H5); auto. *)
(* + pose proof (typeMapVarDet _ _ _ H3). *)
(* rewrite H5 in H4. *)
(* rewrite mTypeEqBool_refl in H4. *)
(* inversion H4. *)
(* - assert (typeMap (Binop b f1 f2) (Var Q m v) = Some m) by (simpl; rewrite H2; auto). *)
(* specialize (H0 H4). *)
(* auto. *)
(* Qed. *)
(* Lemma validVarsUnfolding_r (E:env) (absenv:analysisResult) (f1 f2: exp Q) dVars (b:binop) m0: *)
(* (typeMap (Binop b f1 f2)) (Binop b f1 f2) = Some m0 -> *)
(* (forall (v : NatSet.elt) (m : mType), *)
(* NatSet.mem v dVars = true -> *)
(* typeMap (Binop b f1 f2) (Var Q m v) = Some m -> *)
(* exists vR : R, *)
(* E v = Some (vR, M0) /\ *)
(* (Q2R (fst (fst (absenv (Var Q m v)))) <= vR <= Q2R (snd (fst (absenv (Var Q m v)))))%R) *)
(* -> *)
(* (forall (v : NatSet.elt) (m : mType), *)
(* NatSet.mem v dVars = true -> *)
(* typeMap f2 (Var Q m v) = Some m -> *)
(* exists vR : R, *)
(* E v = Some (vR, M0) /\ *)
(* (Q2R (fst (fst (absenv (Var Q m v)))) <= vR <= Q2R (snd (fst (absenv (Var Q m v)))))%R). *)
(* Proof. *)
(* intros. *)
(* specialize (H0 v m H1). *)
(* case_eq (typeMap f1 (Var Q m v)); intros; auto. *)
(* - case_eq (mTypeEqBool m1 m); intros. *)
(* + (*apply EquivEqBoolEq in H4. ; rewrite <- H4 in H3.*) *)
(* assert (typeMap (Binop b f1 f2) (Var Q m v) = Some m). *)
(* simpl typeMap; rewrite H3. *)
(* apply EquivEqBoolEq in H4; rewrite H4; auto. *)
(* specialize (H0 H5); auto. *)
(* + pose proof (typeMapVarDet _ _ _ H3). *)
(* rewrite H5 in H4. *)
(* rewrite mTypeEqBool_refl in H4. *)
(* inversion H4. *)
(* - assert (typeMap (Binop b f1 f2) (Var Q m v) = Some m) by (simpl; rewrite H2,H3; auto). *)
(* specialize (H0 H4). *)
(* auto. *)
(* Qed. *)
Theorem validIntervalbounds_sound (f:exp Q) (absenv:analysisResult) (P:precond) fVars dVars (E:env) Gamma:
forall vR m,
......@@ -331,8 +263,7 @@ Proof.
destruct valid_bounds as [valid_rec valid_unop].
apply Is_true_eq_true in valid_rec.
inversion eval_f; subst.
+ (*assert (typeMap f f = Some mf) as typing_f_ok by (simpl in typing_ok; rewrite expEqBool_refl in typing_ok; apply typeGivesTypeMap; auto).*)
inversion typing_ok; subst.
+ inversion typing_ok; subst.
specialize (IHf v1 mf H1 valid_rec valid_definedVars usedVars_subset valid_usedVars H3).
rewrite absenv_f in IHf; simpl in IHf.
(* TODO: Make lemma *)
......@@ -351,8 +282,7 @@ Proof.
* eapply Rle_trans.
Focus 2. apply valid_hi.
rewrite Q2R_opp; lra.
+ (*assert (typeMap f f = Some mf) as typing_f_ok by (simpl in typing_ok; rewrite expEqBool_refl in typing_ok; apply typeGivesTypeMap; auto).*)
inversion typing_ok; subst.
+ inversion typing_ok; subst.
specialize (IHf v1 mf H2 valid_rec valid_definedVars usedVars_subset valid_usedVars H4).
rewrite absenv_f in IHf; simpl in IHf.
apply andb_prop_elim in valid_unop.
......@@ -439,15 +369,6 @@ Proof.
apply Is_true_eq_true in valid_e1; apply Is_true_eq_true in valid_e2.
destruct m1; destruct m2; cbv in H2; inversion H2.
inversion typing_ok; subst.
(* pose proof (typeMap_gives_type _ typing_ok). *)
(* simpl in H. case_eq (typeExpression f1); intros; rewrite H0 in H; [ | inversion H ]. *)
(* case_eq (typeExpression f2); intros; rewrite H1 in H; inversion H. *)
(* pose proof (validVarsUnfolding_l _ _ _ _ _ _ typing_ok valid_definedVars) as valid_definedVars_f1. *)
(* pose proof (validVarsUnfolding_r _ _ _ _ _ _ typing_ok valid_definedVars) as valid_definedVars_f2. *)
(* pose proof (binop_type_unfolding _ _ _ typing_ok) as subtypes. *)
(* destruct subtypes as [mf1 [mf2 [typing_f1 [typing_f2 join_f1_f2]]]]. *)
(* apply typeGivesTypeMap in H0. apply typeGivesTypeMap in H1. *)
specialize (IHf1 v1 m1 H4 valid_e1 valid_definedVars).
specialize (IHf2 v2 m2 H8 valid_e2 valid_definedVars).
rewrite absenv_f1 in IHf1.
......@@ -479,7 +400,7 @@ Proof.
apply Qle_Rle in valid_lo; apply Qle_Rle in valid_hi.
destruct valid_add as [valid_add_lo valid_add_hi].
split.
- eapply Rle_trans. (*rewrite absenv_bin;*) apply valid_lo.
- eapply Rle_trans. apply valid_lo.
unfold ivlo. unfold addIntv.
simpl in valid_add_lo.
repeat rewrite <- Q2R_plus in valid_add_lo.
......@@ -487,7 +408,7 @@ Proof.
unfold absIvUpd; auto.
- eapply Rle_trans.
Focus 2.
(*rewrite absenv_bin;*) apply valid_hi.
apply valid_hi.
unfold ivlo, addIntv.
simpl in valid_add_hi.
repeat rewrite <- Q2R_plus in valid_add_hi.
......@@ -503,7 +424,8 @@ Proof.
apply Qle_Rle in valid_lo; apply Qle_Rle in valid_hi.
destruct valid_sub as [valid_sub_lo valid_sub_hi].
split.
- eapply Rle_trans. (*rewrite absenv_bin;*) apply valid_lo.
- eapply Rle_trans.
apply valid_lo.
unfold ivlo. unfold subtractIntv.
simpl in valid_sub_lo.
repeat rewrite <- Rsub_eq_Ropp_Rplus in valid_sub_lo.
......@@ -512,7 +434,7 @@ Proof.
unfold absIvUpd; auto.
- eapply Rle_trans.
Focus 2.
(*rewrite absenv_bin;*) apply valid_hi.
apply valid_hi.
unfold ivlo, addIntv.
simpl in valid_sub_hi.
repeat rewrite <- Rsub_eq_Ropp_Rplus in valid_sub_hi.
......@@ -529,7 +451,8 @@ Proof.
apply Qle_Rle in valid_lo; apply Qle_Rle in valid_hi.
destruct valid_mul as [valid_mul_lo valid_mul_hi].
split.
- eapply Rle_trans. (*rewrite absenv_bin;*) apply valid_lo.
- eapply Rle_trans.
apply valid_lo.
unfold ivlo. unfold multIntv.
simpl in valid_mul_lo.
repeat rewrite <- Q2R_mult in valid_mul_lo.
......@@ -537,7 +460,7 @@ Proof.
unfold absIvUpd; auto.
- eapply Rle_trans.
Focus 2.
(*rewrite absenv_bin;*) apply valid_hi.
apply valid_hi.
unfold ivlo, addIntv.
simpl in valid_mul_hi.
repeat rewrite <- Q2R_mult in valid_mul_hi.
......@@ -581,7 +504,7 @@ Proof.
rewrite ivlo2_0 in H0.
lra. }
{ split.
- eapply Rle_trans. (*rewrite absenv_bin;*) apply valid_lo.
- eapply Rle_trans. apply valid_lo.
unfold ivlo. unfold multIntv.
simpl in valid_div_lo.
rewrite <- Q2R_inv in valid_div_lo; [ | auto].
......@@ -590,7 +513,7 @@ Proof.
rewrite <- Q2R_min4 in valid_div_lo; auto.
- eapply Rle_trans.
Focus 2.
(*rewrite absenv_bin;*) apply valid_hi.
apply valid_hi.
simpl in valid_div_hi.
rewrite <- Q2R_inv in valid_div_hi; [ | auto].
rewrite <- Q2R_inv in valid_div_hi; [ | auto].
......@@ -601,7 +524,6 @@ Proof.
+ destruct m1; destruct m2; inversion H2.
simpl in H3; rewrite Q2R0_is_0 in H3; auto.
- unfold validIntervalbounds in valid_bounds.
(*simpl erasure in valid_bounds.*)
simpl in *; destruct (absenv (Downcast m f)); destruct (absenv