Commit cc749eb4 authored by Nikita Zyuzin's avatar Nikita Zyuzin

Update error bounds proofs

parent fcc58289
......@@ -258,6 +258,28 @@ Proof.
apply Rabs_pos.
Lemma fma_abs_err_bounded (e1:exp Q) (e1R:R) (e1F:R) (e2:exp Q) (e2R:R) (e2F:R)
(e3:exp Q) (e3R:R) (e3F:R)
(vR:R) (vF:R) (E1 E2:env) (err1 err2 err3:Q) (m m1 m2:mType) defVars:
eval_exp E1 (toRMap defVars) (toREval (toRExp e1)) e1R M0 ->
eval_exp E2 defVars (toRExp e1) e1F m1->
eval_exp E1 (toRMap defVars) (toREval (toRExp e2)) e2R M0 ->
eval_exp E2 defVars (toRExp e2) e2F m2 ->
eval_exp E1 (toRMap defVars) (toREval (toRExp e3)) e3R M0 ->
eval_exp E2 defVars (toRExp e3) e3F m1->
eval_exp E1 (toRMap defVars) (toREval (Fma (toRExp e1) (toRExp e2) (toRExp e3))) vR M0 ->
eval_exp (upd Env 3 e3F (updEnv 2 e2F (updEnv 1 e1F emptyEnv)))
(updDefVars 3 m3 (updDefVars 2 m2 (updDefVars 1 m1 defVars)))
(Fma (Var R 1) (Var R 2) (Var R 3)) vF m ->
(Rabs (e1R - e1F) <= Q2R err1)%R ->
(Rabs (e2R - e2F) <= Q2R err2)%R ->
(Rabs (e3R - e3F) <= Q2R err3)%R ->
(Rabs (vR - vF) <= Q2R err1 + Q2R err2 + (Rabs (e1F + e2F) * (Q2R (mTypeToQ m))))%R.
(Rabs (vR - vF) <= Rabs (err1 + (e2R * e3R - e2F * e3F)) + Rabs (e1F + e2F * e3F) * (Q2R (mTypeToQ m)))%R.
Lemma err_prop_inversion_pos_real nF nR err elo ehi
(float_iv_pos : (0 < elo - err)%R)
(real_iv_pos : (0 < elo)%R)
......@@ -79,13 +79,9 @@ Fixpoint validErrorbound (e:exp Q) (* analyzed expression *)
let upperBoundE1 := maxAbs ive1 in
let upperBoundE2 := maxAbs ive2 in
let upperBoundE3 := maxAbs ive3 in
Qleb (err1 + (err2 * err3)) err
(* match b with *)
(* | Plus => *)
(* Qleb (err1 + err2 + (maxAbs (addIntv errIve1 errIve2)) * (mTypeToQ m)) err *)
(* | Mult => *)
(* Qleb ((upperBoundE1 * err2 + upperBoundE2 * err1 + err1 * err2) + (maxAbs (multIntv errIve1 errIve2)) * (mTypeToQ m)) err *)
(* end *)
let errIntv_prod := multIntv errIve2 errIve3 in
let mult_error_bound := (upperBoundE2 * err3 + upperBoundE3 * err2 + err2 * err3) in
Qleb (err1 + mult_error_bound + (maxAbs (addIntv errIntv_prod errIve1)) * (mTypeToQ m)) err
else false
|Downcast m1 e1 =>
if validErrorbound e1 typeMap A dVars
......@@ -1940,6 +1936,39 @@ Proof.
rewrite (Qmult_inj_r) in H4; auto. }
Lemma validErrorboundCorrectFma E1 E2 absenv
(e1:exp Q) (e2:exp Q) (e3: exp Q) (nR nR1 nR2 nR3 nF nF1 nF2 nF3: R) (e err1 err2 err3 :error)
(alo ahi e1lo e1hi e2lo e2hi e3lo e3hi:Q) dVars (m m1 m2 m3:mType) Gamma defVars:
m = join3 m1 m2 m3 ->
eval_exp E1 (toRMap defVars) (toREval (toRExp e1)) nR1 M0 ->
eval_exp E1 (toRMap defVars) (toREval (toRExp e2)) nR2 M0 ->
eval_exp E1 (toRMap defVars) (toREval (toRExp e3)) nR3 M0 ->
eval_exp E1 (toRMap defVars) (toREval (toRExp (Fma e1 e2 e3))) nR M0 ->
eval_exp E2 defVars (toRExp e1) nF1 m1 ->
eval_exp E2 defVars (toRExp e2) nF2 m2 ->
eval_exp E2 defVars (toRExp e3) nF3 m3 ->
eval_exp (updEnv 3 nF3 (updEnv 2 nF2 (updEnv 1 nF1 emptyEnv)))
(updDefVars 3 m3 (updDefVars 2 m2 (updDefVars 1 m1 defVars)))
(toRExp (Fma (Var Q 1) (Var Q 2) (Var Q 3))) nF m ->
typeCheck (Fma e1 e2 e3) defVars Gamma = true ->
validErrorbound (Fma e1 e2 e3) Gamma absenv dVars = true ->
(Q2R e1lo <= nR1 <= Q2R e1hi)%R ->
(Q2R e2lo <= nR2 <= Q2R e2hi)%R ->
(Q2R e3lo <= nR3 <= Q2R e3hi)%R ->
absenv e1 = ((e1lo,e1hi),err1) ->
absenv e2 = ((e2lo, e2hi),err2) ->
absenv e3 = ((e3lo, e3hi),err3) ->
absenv (Fma e1 e2 e3) = ((alo,ahi),e)->
(Rabs (nR1 - nF1) <= (Q2R err1))%R ->
(Rabs (nR2 - nF2) <= (Q2R err2))%R ->
(Rabs (nR3 - nF3) <= (Q2R err3))%R ->
(Rabs (nR - nF) <= (Q2R e))%R.
intros mIsJoin e1_real e2_real e3_real eval_real e1_float e2_float e3_float eval_float
subexpr_ok valid_error valid_e1 valid_e2 valid_e3 absenv_e1 absenv_e2 absenv_e3 absenv_mult
err1_bounded err2_bounded err3_bounded.
eapply Rle_trans.
Lemma validErrorboundCorrectRounding E1 E2 absenv (e: exp Q) (nR nF nF1: R) (err err':error) (elo ehi alo ahi: Q) dVars (m: mType) (machineEpsilon:mType) Gamma defVars:
eval_exp E1 (toRMap defVars) (toREval (toRExp e)) nR M0 ->
......@@ -2170,7 +2199,74 @@ Proof.
{ simpl; rewrite absenv_eq, type_b, L, L2, R1; simpl.
rewrite absenv_e1, absenv_e2; auto. }
{ andb_to_prop R; auto. }
- admit.
- simpl in valid_error.
destruct (absenv e1) as [[ivlo1 ivhi1] err1] eqn:absenv_e1;
destruct (absenv e2) as [[ivlo2 ivhi2] err2] eqn:absenv_e2;
destruct (absenv e3) as [[ivlo3 ivhi3] err3] eqn:absenv_e3.
subst; simpl in *.
rewrite absenv_eq, absenv_e1, absenv_e2, absenv_e3 in *.
case_eq (Gamma (Fma e1 e2 e3));
intros * type_fma; rewrite type_fma in *; [ | inversion valid_error ].
case_eq (Gamma e1);
intros * type_e1; rewrite type_e1 in typing_ok; [ | inversion typing_ok ].
case_eq (Gamma e2);
intros * type_e2; rewrite type_e2 in typing_ok; [ | inversion typing_ok ].
case_eq (Gamma e3);
intros * type_e3; rewrite type_e3 in typing_ok; [ | inversion typing_ok ].
repeat match goal with
| [H: _ = true |- _] => andb_to_prop H
inversion eval_real; subst.
assert (m3 = M0 /\ m4 = M0 /\ m5 = M0) as [? [? ?]] by (split; try split; eapply toRMap_eval_M0; eauto); subst.
destruct (IHe1 E1 E2 fVars dVars absenv v1 err1 P ivlo1 ivhi1 Gamma defVars)
as [[vF1 [mF1 eval_float_e1]] bounded_e1];
try auto; set_tac.
destruct (IHe2 E1 E2 fVars dVars absenv v2 err2 P ivlo2 ivhi2 Gamma defVars)
as [[vF2 [mF2 eval_float_e2]] bounded_e2];
try auto; set_tac.
destruct (IHe3 E1 E2 fVars dVars absenv v3 err3 P ivlo3 ivhi3 Gamma defVars)
as [[vF3 [mF3 eval_float_e3]] bounded_e3];
try auto; set_tac.
destruct (validIntervalbounds_sound _ _ _ E1 defVars L (fVars := fVars) (dVars:=dVars))
as [v1' [eval_real_e1 bounds_e1]];
try auto; set_tac.
rewrite absenv_e1 in bounds_e1.
pose proof (meps_0_deterministic _ eval_real_e1 H5); subst. clear H5.
destruct (validIntervalbounds_sound _ _ _ E1 defVars R1 (fVars:= fVars) (dVars:=dVars))
as [v2' [eval_real_e2 bounds_e2]];
try auto; set_tac.
rewrite absenv_e2 in bounds_e2; simpl in *.
pose proof (meps_0_deterministic _ eval_real_e2 H6); subst; clear H6.
destruct (validIntervalbounds_sound _ _ _ E1 defVars R0 (fVars:= fVars) (dVars:=dVars))
as [v3' [eval_real_e3 bounds_e3]];
try auto; set_tac.
rewrite absenv_e3 in bounds_e3; simpl in *.
pose proof (meps_0_deterministic _ eval_real_e3 H7); subst; clear H7.
+ repeat eexists; econstructor; eauto.
rewrite Rabs_right; try lra.
instantiate (1 := 0%R).
apply mTypeToQ_pos_R.
apply Rle_ge.
hnf; right. reflexivity.
+ intros * eval_float.
clear eval_float_e1 eval_float_e2 eval_float_e3.
inversion eval_float; subst.
eapply (fma_unfolding H4 H5 H8 H9) in eval_float; try auto.
eapply (validErrorboundCorrectFma (e1:=e1) (e2:=e2) (e3:=e3) absenv); eauto.
{ simpl.
rewrite type_fma.
rewrite type_e1.
rewrite type_e2.
rewrite type_e3.
rewrite mTypeEq_refl, R5, R6, R7; auto. }
{ simpl.
rewrite absenv_eq.
rewrite type_fma.
rewrite R, L1, L2, R4; simpl.
rewrite absenv_e1, absenv_e2, absenv_e3.
auto. }
- destruct (absenv e) as [[ivlo_e ivhi_e] err_e] eqn: absenv_e.
subst; simpl in *.
rewrite absenv_eq, absenv_e in *.
......@@ -2217,7 +2313,7 @@ Proof.
rewrite L0; auto.
intros. auto.
Theorem validErrorboundCmd_gives_eval (f:cmd Q) :
forall (absenv:analysisResult) E1 E2 outVars fVars dVars vR elo ehi err P Gamma defVars,
......@@ -474,7 +474,7 @@ Proof.
Helping lemma. Needed in soundness proof.
Helping lemmas. Needed in soundness proof.
For each evaluation of using an arbitrary epsilon, we can replace it by
evaluating the subexpressions and then binding the result values to different
variables in the Environment.
......@@ -493,6 +493,19 @@ Proof.
econstructor; try auto.
Lemma fma_unfolding f1 f2 f3 E v1 v2 v3 m1 m2 m3 Gamma delta:
(Rabs delta <= Q2R (mTypeToQ (join3 m1 m2 m3)))%R ->
eval_exp E Gamma f1 v1 m1 ->
eval_exp E Gamma f2 v2 m2 ->
eval_exp E Gamma f3 v3 m3 ->
eval_exp E Gamma (Fma f1 f2 f3) (perturb (evalFma v1 v2 v3) delta) (join3 m1 m2 m3) ->
eval_exp (updEnv 3 v3 (updEnv 2 v2 (updEnv 1 v1 emptyEnv)))
(updDefVars 3 m3 (updDefVars 2 m2 (updDefVars 1 m1 Gamma)))
(Fma (Var R 1) (Var R 2) (Var R 3)) (perturb (evalFma v1 v2 v3) delta) (join3 m1 m2 m3).
econstructor; try auto.
Lemma eval_eq_env e:
forall E1 E2 Gamma v m,
(forall x, E1 x = E2 x) ->
......@@ -149,6 +149,8 @@ Proof.
prove_fprangeval m v L1 R.
- andb_to_prop H4.
prove_fprangeval m v L1 R.
- andb_to_prop H4.
prove_fprangeval m v L1 R.
Lemma FPRangeValidatorCmd_sound (f:cmd Q):
......@@ -284,4 +286,4 @@ Proof.
rewrite NatSet.add_spec in H4; destruct H4;
auto; subst; congruence. }
- eapply FPRangeValidator_sound; eauto.
\ No newline at end of file
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment