Commit 19f50a82 authored by Heiko Becker's avatar Heiko Becker

Merge branch 'master' into 'master'

adding smt interval analysis

See merge request AVA/FloVer!15
parents cad900bc bac7151e
This diff is collapsed.
Require Import Flover.CertificateChecker.
Require Import Flover.SMTArith.
Definition x0 :expr Q := Var Q 0.
Definition y1 :expr Q := Var Q 1.
Definition e1 :expr Q := Binop Plus x0 y1.
Definition e2 :expr Q := Binop Div e1 y1.
Definition C34 :expr Q := Const M64 ((17)#(5)).
Definition e5 :expr Q := Binop Plus e2 C34.
Definition Rete5 := Ret e5.
Definition defVars_fnc1 :FloverMap.t mType :=
(FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 0) (M64) (FloverMap.empty mType))).
Definition thePrecondition_fnc1:precond := fun (n:nat) =>
if n =? 0 then ( (-3)#(1), (6)#(1)) else if n =? 1 then ( (2)#(1), (8)#(1)) else (0#1,0#1).
Definition absenv_fnc1 :analysisResult := Eval compute in
FloverMap.add e5 (( (29)#(10), (75821)#(10240)), (31656575032439604176368417020690028172637826983022229834977068248762132258095105)#(4767828205180598627806767057994257910674911537412415567148097160036817151091933841114427031552)) (FloverMap.add C34 (( (17)#(5), (17)#(5)), (17)#(45035996273704960)) (FloverMap.add e2 (( (-1)#(2), (8201)#(2048)), (2879632975312110162723860570159105251222262341380356792653971457)#(529335265084873566077879553980951356026419978008369989458181366086188773933056)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add e1 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add x0 (( (-3)#(1), (6)#(1)), (3)#(4503599627370496)) (FloverMap.empty (intv * error)))))))).
Definition querymap_fnc1 := Eval compute in
FloverMap.add e5 (nil) (FloverMap.add C34 (nil) (FloverMap.add e2 ((cons (AndQ (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))) (AndQ (LessEqQ (VarQ 1) (ConstQ ((8)#(1)))) (AndQ (LessEqQ (ConstQ ((-3)#(1))) (VarQ 0)) (AndQ (LessEqQ (ConstQ ((2)#(1))) (VarQ 1)) (LessEqQ (VarQ 0) (ConstQ ((6)#(1)))))))) nil)) (FloverMap.add y1 (nil) (FloverMap.add e1 (nil) (FloverMap.add y1 (nil) (FloverMap.add x0 (nil) (FloverMap.empty (list SMTLogic)))))))).
Require Import Coq.Reals.Reals Coq.QArith.Qreals.
Require Import RealRangeArith.
Require Import Flover.Expressions.
Definition query :=
match FloverMap.find e2 querymap_fnc1 with
| Some (List.cons q _) => q
| _ => EqualsQ (ConstQ (0#1)) (ConstQ (1#1)) (* 0 == 1 *)
end.
Lemma eval_smt_expr E e v :
eval_smt E e v -> eval_expr E (fun _ => Some REAL) (toRExp (SMTArith2Expr e)) v REAL.
Proof with try (right; apply Rabs_R0).
induction 1.
- now constructor.
- rewrite <- (delta_0_deterministic _ REAL 0)... constructor...
- rewrite <- (delta_0_deterministic _ REAL 0)... apply (Unop_neg (m:= REAL)); auto.
- rewrite <- (delta_0_deterministic _ REAL 0)...
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
- rewrite <- (delta_0_deterministic _ REAL 0)...
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
- rewrite <- (delta_0_deterministic _ REAL 0)...
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
- rewrite <- (delta_0_deterministic _ REAL 0)...
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto...
Qed.
Lemma eval_expr_smt E Gamma e v :
eval_expr E (toRTMap Gamma) (toREval (toRExp (SMTArith2Expr e))) v REAL
-> eval_smt E e v.
Proof.
induction e in v |- *; cbn; intros H.
- inversion H. cbn. constructor.
- inversion H. cbn. constructor; auto.
- inversion H. cbn. constructor. destruct m; try discriminate. auto.
- inversion H. cbn. constructor.
+ apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+ apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
- inversion H. cbn. constructor.
+ apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+ apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
- inversion H. cbn. constructor.
+ apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+ apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
- inversion H. cbn. constructor; auto.
+ apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+ apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
Qed.
Lemma e2_to_smt : e2 = SMTArith2Expr (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1)).
Proof.
reflexivity.
Qed.
(*
Lemma refute_bound E :
fVars_P_sound (usedVars e2) E thePrecondition_fnc1
-> ~ eval_smt_logic E query
-> ~ eval_smt_logic E (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))).
Proof.
intros P unsatQ B.
apply unsatQ. cbn. repeat constructor.
- exact B.
- destruct (P 1%nat) as [v1 [H0 H1]]. now cbn; set_tac.
eapply LessEqQ_eval. 1-2: constructor; eauto. apply H1.
- destruct (P 0%nat) as [v1 [H0 H1]]. now cbn; set_tac.
eapply LessEqQ_eval. 1-2: constructor; eauto. apply H1.
- destruct (P 1%nat) as [v1 [H0 H1]]. now cbn; set_tac.
eapply LessEqQ_eval. 1-2: constructor; eauto. apply H1.
- destruct (P 0%nat) as [v1 [H0 H1]]. now cbn; set_tac.
eapply LessEqQ_eval. 1-2: constructor; eauto. apply H1.
Qed.
*)
Lemma refute_bound E :
fVars_P_sound (usedVars e2) E thePrecondition_fnc1
-> ~ eval_smt_logic E query
-> ~ eval_smt_logic E (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))).
Proof.
intros P unsatQ B.
apply unsatQ. cbn. repeat split.
- exact B.
- destruct (P 1%nat) as [v1 [H0 H1]]. now cbn; set_tac.
exists v1. eexists. repeat split. 1-2: now constructor. apply H1.
- destruct (P 0%nat) as [v1 [H0 H1]]. now cbn; set_tac.
eexists. exists v1. repeat split. 1-2: now constructor. apply H1.
- destruct (P 1%nat) as [v1 [H0 H1]]. now cbn; set_tac.
eexists. exists v1. repeat split. 1-2: now constructor. apply H1.
- destruct (P 0%nat) as [v1 [H0 H1]]. now cbn; set_tac.
exists v1. eexists. repeat split. 1-2: now constructor. apply H1.
Qed.
Theorem RangeBound_e2_sound E Gamma v :
fVars_P_sound (usedVars e2) E thePrecondition_fnc1
-> ~ eval_smt_logic E query
-> eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL
-> v <= Q2R ((8201)#(2048)).
Proof.
intros Psound unsatQ e2v.
rewrite e2_to_smt in e2v.
apply eval_expr_smt in e2v.
apply Rnot_lt_le. intros B.
eapply refute_bound. 1-2: eassumption.
eexists. exists v. repeat split. constructor. exact e2v. exact B.
Qed.
Require Import Flover.CertificateChecker.
Require Import Flover.SMTArith.
Definition x0 :expr Q := Var Q 0.
Definition y1 :expr Q := Var Q 1.
Definition e1 :expr Q := Binop Plus x0 y1.
Definition e2 :expr Q := Binop Div e1 y1.
Definition C34 :expr Q := Const M64 ((17)#(5)).
Definition e5 :expr Q := Binop Plus e2 C34.
Definition Rete5 := Ret e5.
Definition defVars_fnc1 :FloverMap.t mType :=
(FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 0) (M64) (FloverMap.empty mType))).
Definition thePrecondition_fnc1: FloverMap.t intv :=
FloverMap.add x0 ((-3)#(1), (6)#(1)) (FloverMap.add y1 (2#1, 8#1) (FloverMap.empty intv)).
Definition absenv_fnc1 :analysisResult := Eval compute in
FloverMap.add e5 (( (29)#(10), (75821)#(10240)), (31656575032439604176368417020690028172637826983022229834977068248762132258095105)#(4767828205180598627806767057994257910674911537412415567148097160036817151091933841114427031552)) (FloverMap.add C34 (( (17)#(5), (17)#(5)), (17)#(45035996273704960)) (FloverMap.add e2 (( (-1)#(2), (8201)#(2048)), (2879632975312110162723860570159105251222262341380356792653971457)#(529335265084873566077879553980951356026419978008369989458181366086188773933056)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add e1 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add x0 (( (-3)#(1), (6)#(1)), (3)#(4503599627370496)) (FloverMap.empty (intv * error)))))))).
Definition querymap_fnc1 := Eval compute in
FloverMap.add e5 (nil) (FloverMap.add C34 (nil) (FloverMap.add e2 ((cons (AndQ (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))) (AndQ (LessEqQ (VarQ 1) (ConstQ ((8)#(1)))) (AndQ (LessEqQ (ConstQ ((-3)#(1))) (VarQ 0)) (AndQ (LessEqQ (ConstQ ((2)#(1))) (VarQ 1)) (LessEqQ (VarQ 0) (ConstQ ((6)#(1)))))))) nil)) (FloverMap.add y1 (nil) (FloverMap.add e1 (nil) (FloverMap.add y1 (nil) (FloverMap.add x0 (nil) (FloverMap.empty (list SMTLogic)))))))).
Require Import Coq.Reals.Reals Coq.QArith.Qreals.
Require Import RealRangeArith.
Require Import Flover.Expressions.
Definition query :=
match FloverMap.find e2 querymap_fnc1 with
| Some (List.cons q _) => q
| _ => TrueQ
end.
(*
Definition prec :=
match query with
| AndQ q1 q2 => q2
| _ => TrueQ
end.
*)
Definition prec :=
AndQ (LessEqQ (ConstQ (-3 # 1)) (VarQ 0))
(AndQ (LessEqQ (VarQ 0) (ConstQ (6 # 1)))
(AndQ (LessEqQ (ConstQ (2 # 1)) (VarQ 1))
(AndQ (LessEqQ (VarQ 1) (ConstQ (8 # 1))) TrueQ))).
Definition bound :=
match query with
| AndQ q1 q2 => q1
| _ => TrueQ
end.
Lemma prec_bound_correct E :
eval_smt_logic E query <-> eval_smt_logic E (AndQ prec bound).
Proof.
cbn. tauto.
Qed.
Definition bound_expr :=
match bound with
| LessQ e (ConstQ r) => e
| LessQ (ConstQ r) e => e
| _ => ConstQ (0#1)
end.
Lemma e2_to_smt : e2 = SMTArith2Expr bound_expr.
Proof.
reflexivity.
Qed.
(*
Lemma precond_bound_correct E :
eval_precond E thePrecondition_fnc1
-> eval_smt_logic E bound
-> eval_smt_logic E query.
Proof.
intros P B.
apply prec_bound_correct.
constructor.
- eapply checkPre_pre_smt. 2: exact P.
reflexivity.
- exact B.
Qed.
*)
Theorem RangeBound_e2_sound E Gamma v :
eval_precond E thePrecondition_fnc1
-> ~ eval_smt_logic E query
-> eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL
-> v <= Q2R ((8201)#(2048)).
Proof.
intros H1 H2 H3.
rewrite e2_to_smt in H3.
eapply (RangeBound_high_sound (preQ:= prec) H1 _ _ H3).
Unshelve.
- reflexivity.
- intros H. apply H2. apply prec_bound_correct. destruct H as [Hp [Hb _]].
now constructor.
Qed.
Require Import Flover.CertificateChecker.
Require Import Flover.SMTArith.
Definition x0 :expr Q := Var Q 0.
Definition y1 :expr Q := Var Q 1.
Definition e1 :expr Q := Binop Plus x0 y1.
Definition z4 :expr Q := Var Q 4.
Definition e2 :expr Q := Binop Div z4 y1.
Definition C34 :expr Q := Const M64 ((17)#(5)).
Definition e5 :expr Q := Binop Plus e2 C34.
Definition Rete5 := Ret e5.
Definition Letz4e1Rete5 := Let M64 4 e1 Rete5.
Definition defVars_fnc1 :FloverMap.t mType :=
(FloverMap.add (Var Q 4) (M64) (FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 0) (M64) (FloverMap.empty mType)))).
Definition thePrecondition_fnc1: FloverMap.t intv :=
FloverMap.add x0 ((-3)#(1), (6)#(1)) (FloverMap.add y1 (2#1, 8#1) (FloverMap.empty intv)).
Definition absenv_fnc1 :analysisResult := Eval compute in
FloverMap.add (Var Q 4) (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032) ) (FloverMap.add e5 (( (29)#(10), (75821)#(10240)), (31656575032439604176368417020690028172637826983022229834977068248762132258095105)#(4767828205180598627806767057994257910674911537412415567148097160036817151091933841114427031552)) (FloverMap.add C34 (( (17)#(5), (17)#(5)), (17)#(45035996273704960)) (FloverMap.add e2 (( (-1)#(2), (8201)#(2048)), (2879632975312110162723860570159105251222262341380356792653971457)#(529335265084873566077879553980951356026419978008369989458181366086188773933056)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add z4 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add e1 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add x0 (( (-3)#(1), (6)#(1)), (3)#(4503599627370496)) (FloverMap.empty (intv * error)))))))))).
Definition querymap_fnc1 :=
FloverMap.add (Var Q 4) (nil) (FloverMap.add e5 (nil) (FloverMap.add C34 (nil) (FloverMap.add e2 ((cons (AndQ (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))) (AndQ (LessEqQ (VarQ 1) (ConstQ ((8)#(1)))) (AndQ (LessEqQ (ConstQ ((-3)#(1))) (VarQ 0)) (AndQ (LessEqQ (ConstQ ((2)#(1))) (VarQ 1)) (LessEqQ (VarQ 0) (ConstQ ((6)#(1)))))))) nil)) (FloverMap.add y1 (nil) (FloverMap.add z4 (nil) (FloverMap.add e1 (nil) (FloverMap.add y1 (nil) (FloverMap.add x0 (nil) (FloverMap.empty (list SMTLogic)))))))))).
Require Import Coq.Reals.Reals Coq.QArith.Qreals.
Require Import RealRangeArith.
Require Import Flover.Expressions.
Definition query :=
match FloverMap.find e2 querymap_fnc1 with
| Some (List.cons q _) => q
| _ => TrueQ
end.
(*
Definition prec :=
match query with
| AndQ q1 q2 => q2
| _ => TrueQ
end.
*)
Definition prec :=
AndQ (LessEqQ (ConstQ (-3 # 1)) (VarQ 0))
(AndQ (LessEqQ (VarQ 0) (ConstQ (6 # 1)))
(AndQ (LessEqQ (ConstQ (2 # 1)) (VarQ 1))
(AndQ (LessEqQ (VarQ 1) (ConstQ (8 # 1))) TrueQ))).
Definition bound :=
match query with
| AndQ q1 q2 => q1
| _ => TrueQ
end.
Lemma prec_bound_correct E :
eval_smt_logic E query <-> eval_smt_logic E (AndQ prec bound).
Proof.
cbn. tauto.
Qed.
Lemma eval_smt_expr E e v :
eval_smt E e v -> eval_expr E (fun _ => Some REAL) (toRExp (SMTArith2Expr e)) v REAL.
Proof with try (right; apply Rabs_R0).
induction 1.
- now constructor.
- rewrite <- (delta_0_deterministic _ REAL 0)... constructor...
- rewrite <- (delta_0_deterministic _ REAL 0)... apply (Unop_neg (m:= REAL)); auto.
- rewrite <- (delta_0_deterministic _ REAL 0)...
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
- rewrite <- (delta_0_deterministic _ REAL 0)...
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
- rewrite <- (delta_0_deterministic _ REAL 0)...
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto... discriminate.
- rewrite <- (delta_0_deterministic _ REAL 0)...
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto...
Qed.
Lemma eval_expr_smt E Gamma e v :
eval_expr E (toRTMap Gamma) (toREval (toRExp (SMTArith2Expr e))) v REAL
-> eval_smt E e v.
Proof.
induction e in v |- *; cbn; intros H.
- inversion H. cbn. constructor.
- inversion H. cbn. constructor; auto.
- inversion H. cbn. constructor. destruct m; try discriminate. auto.
- inversion H. cbn. constructor.
+ apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+ apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
- inversion H. cbn. constructor.
+ apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+ apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
- inversion H. cbn. constructor.
+ apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+ apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
- inversion H. cbn. constructor; auto.
+ apply IHe1. rewrite <- (toRTMap_eval_REAL _ H6). assumption.
+ apply IHe2. rewrite <- (toRTMap_eval_REAL _ H9). assumption.
Qed.
Definition bound_expr :=
match bound with
| LessQ e (ConstQ r) => e
| LessQ (ConstQ r) e => e
| _ => ConstQ (0#1)
end.
Lemma e2_to_smt : e2 = SMTArith2Expr bound_expr.
Proof.
Abort.
Lemma eval_e2_inlined E Gamma v :
eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL -> eval_expr E (toRTMap Gamma) (toREval (toRExp (SMTArith2Expr bound_expr))) v REAL.
Proof with try (right; apply Rabs_R0).
rewrite <- (delta_0_deterministic _ REAL 0)...
intros H. inversion H.
apply (Binop_dist (m1:= REAL) (m2:=REAL)); auto...
- admit.
- rewrite <- (toRTMap_eval_REAL (Var R 1) H9). assumption.
Admitted.
Lemma precond_bound_correct E :
eval_precond E thePrecondition_fnc1
-> eval_smt_logic E bound
-> eval_smt_logic E query.
Proof.
intros P B.
apply prec_bound_correct.
constructor.
- eapply checkPre_pre_smt. 2: exact P.
reflexivity.
- exact B.
Qed.
Theorem RangeBound_e2_sound E Gamma v :
eval_precond E thePrecondition_fnc1
-> ~ eval_smt_logic E query
-> eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL
-> v <= Q2R ((8201)#(2048)).
Proof.
intros P nQ e2v.
apply eval_e2_inlined in e2v.
apply eval_expr_smt in e2v.
apply Rnot_lt_le. intros B.
apply nQ. apply precond_bound_correct. assumption.
do 2 eexists. repeat split; first [eassumption | constructor].
Qed.
Require Import Flover.CertificateChecker.
Require Import Flover.SMTArith.
(* Require Import Flover.SMTValidation. *)
Definition C12 :expr Q := Const M64 ((1657)#(5)).
Definition C34 :expr Q := Const M64 ((3)#(5)).
Definition T2 :expr Q := Var Q 2.
Definition e5 :expr Q := Binop Mult C34 T2.
Definition e6 :expr Q := Binop Plus C12 e5.
Definition UMine6 :expr Q := Unop Neg e6.
Definition v1 :expr Q := Var Q 1.
Definition e7 :expr Q := Binop Mult UMine6 v1.
Definition u0 :expr Q := Var Q 0.
Definition e8 :expr Q := Binop Plus e6 u0.
Definition e9 :expr Q := Binop Mult e8 e8.
Definition e10 :expr Q := Binop Div e7 e9.
Definition Rete10 := Ret e10.
Definition defVars_doppler :FloverMap.t mType :=
(FloverMap.add (Var Q 0) (M64) (FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 2) (M64) (FloverMap.empty mType)))).
Definition thePrecondition_doppler :=
FloverMap.add u0 (-100#1, 100#1) (FloverMap.add v1 (20#1, 20000#1) (FloverMap.add T2 (-30#1, 50#1) (FloverMap.empty intv))).
Definition absenv_doppler :analysisResult := Eval compute in
FloverMap.add e10 (( (-26688776647036775)#(193898302136352), (-156700)#(5322249)), (4539010972026683303050120095327512216096422204478916695616374703820945778271922835308820707992089065905809072803102359543119833046473491986173951465620708023920966108209278836911630406540351629664583258832952458474781714583641201336156211255871250258363339134573360321968683520123662731962148793248799126762059670142230384240259443958280927316219469399605577522382054092479955357491038836701067526006061330750371234271363459989977730726293112263204327432621633884375)#(6946881575336902398274073006442580695940363163353906376754739965735202698392559846418891988118801115081550268650112893004414138824905360424712176030962427176970330198413894472430113124972848478861036028596232644451943248527831305533814306762870254280021814184312793167557111190875651884658457951357503922164630579910655264970400579248413892869201129019278339105434841776095040929995238102957547326071498788437802549670716277097027061404357118143901490561892403102252934918832128)) (FloverMap.add e9 (( (1138489)#(25), (5322249)#(25)), (31925542667783538931925887764808218521724458943918984144150813990256848378453146446353514550378395469015865480921312990060616935650290296361584748492021295664945174009)#(197864321178483627248402016815717752028105079280969471931250444874317780085225493736253120848994435991678137140812911471481092027445400967974036924081514534333285417718959308800)) (FloverMap.add e8 (( (1067)#(5), (2307)#(5)), (22118872259511654165679074210367094250583915178799247531173589549131)#(148213874223764730142170860811120522052185580372019921970505707530128805939118080)) (FloverMap.add u0 (( (-100)#(1), (100)#(1)), (25)#(2251799813685248)) (FloverMap.add e6 (( (1567)#(5), (1807)#(5)), (286015870425657721837309664377505636991869898457103)#(3291009114642412084309938365114701009965471731267159726697218048)) (FloverMap.add e5 (( (-18)#(1), (30)#(1)), (3650833728657301081634471694827535)#(365375409332725729550921208179070754913983135744)) (FloverMap.add T2 (( (-30)#(1), (50)#(1)), (25)#(4503599627370496)) (FloverMap.add C34 (( (3)#(5), (3)#(5)), (3)#(45035996273704960)) (FloverMap.add C12 (( (1657)#(5), (1657)#(5)), (1657)#(45035996273704960)) (FloverMap.add e8 (( (1067)#(5), (2307)#(5)), (22118872259511654165679074210367094250583915178799247531173589549131)#(148213874223764730142170860811120522052185580372019921970505707530128805939118080)) (FloverMap.add u0 (( (-100)#(1), (100)#(1)), (25)#(2251799813685248)) (FloverMap.add e6 (( (1567)#(5), (1807)#(5)), (286015870425657721837309664377505636991869898457103)#(3291009114642412084309938365114701009965471731267159726697218048)) (FloverMap.add e5 (( (-18)#(1), (30)#(1)), (3650833728657301081634471694827535)#(365375409332725729550921208179070754913983135744)) (FloverMap.add T2 (( (-30)#(1), (50)#(1)), (25)#(4503599627370496)) (FloverMap.add C34 (( (3)#(5), (3)#(5)), (3)#(45035996273704960)) (FloverMap.add C12 (( (1657)#(5), (1657)#(5)), (1657)#(45035996273704960)) (FloverMap.add e7 (( (-7228000)#(1), (-6268)#(1)), (27893851128912527228254446719689338467872526596253813879482502889568449178778992649375)#(8343699359066055009355553539724812947666814540455674882605631280555545803830627148527195652096)) (FloverMap.add v1 (( (20)#(1), (20000)#(1)), (625)#(281474976710656)) (FloverMap.add UMine6 (( (-1807)#(5), (-1567)#(5)), (286015870425657721837309664377505636991869898457103)#(3291009114642412084309938365114701009965471731267159726697218048)) (FloverMap.add e6 (( (1567)#(5), (1807)#(5)), (286015870425657721837309664377505636991869898457103)#(3291009114642412084309938365114701009965471731267159726697218048)) (FloverMap.add e5 (( (-18)#(1), (30)#(1)), (3650833728657301081634471694827535)#(365375409332725729550921208179070754913983135744)) (FloverMap.add T2 (( (-30)#(1), (50)#(1)), (25)#(4503599627370496)) (FloverMap.add C34 (( (3)#(5), (3)#(5)), (3)#(45035996273704960)) (FloverMap.add C12 (( (1657)#(5), (1657)#(5)), (1657)#(45035996273704960)) (FloverMap.empty (intv * error))))))))))))))))))))))))).
Definition querymap_doppler :=
FloverMap.add e10 ((AndQ (AndQ (LessEqQ (VarQ 1) (ConstQ ((20000)#(1)))) (AndQ (LessEqQ (ConstQ ((-30)#(1))) (VarQ 2)) (AndQ (LessEqQ (ConstQ ((20)#(1))) (VarQ 1)) (AndQ (LessEqQ (ConstQ ((-100)#(1))) (VarQ 0)) (AndQ (LessEqQ (VarQ 0) (ConstQ ((100)#(1)))) (AndQ (LessEqQ (VarQ 2) (ConstQ ((50)#(1)))) TrueQ)))))) (AndQ (LessQ (DivQ (TimesQ (UMinusQ (PlusQ (ConstQ ((1657)#(5))) (TimesQ (ConstQ ((3)#(5))) (VarQ 2)))) (VarQ 1)) (TimesQ (PlusQ (PlusQ (ConstQ ((1657)#(5))) (TimesQ (ConstQ ((3)#(5))) (VarQ 2))) (VarQ 0)) (PlusQ (PlusQ (ConstQ ((1657)#(5))) (TimesQ (ConstQ ((3)#(5))) (VarQ 2))) (VarQ 0)))) (ConstQ ((-26688776647036775)#(193898302136352)))) TrueQ)), FalseQ) (FloverMap.empty (SMTLogic * SMTLogic)).
(*
Theorem test_validation :
validSMTIntervalbounds e10 absenv_doppler thePrecondition_doppler querymap_doppler NatSet.empty = true.
Proof.
cbv.
Abort.
*)
Require Import Flover.CertificateChecker.
Definition x0 :expr Q := Var Q 0.
Definition y1 :expr Q := Var Q 1.
Definition e1 :expr Q := Binop Plus x0 y1.
Definition e2 :expr Q := Binop Div e1 y1.
Definition C34 :expr Q := Const M64 ((17)#(5)).
Definition e5 :expr Q := Binop Plus e2 C34.
Definition Rete5 := Ret e5.
Definition defVars_fnc1 :FloverMap.t mType :=
(FloverMap.add (Var Q 1) (M64) (FloverMap.add (Var Q 0) (M64) (FloverMap.empty mType))).
Definition thePrecondition_fnc1: FloverMap.t intv :=
FloverMap.add x0 ((-3)#(1), (6)#(1)) (FloverMap.add y1 (2#1, 8#1) (FloverMap.empty intv)).
Definition absenv_fnc1 :analysisResult := Eval compute in
FloverMap.add e5 (( (29)#(10), (75821)#(10240)), (31656575032439604176368417020690028172637826983022229834977068248762132258095105)#(4767828205180598627806767057994257910674911537412415567148097160036817151091933841114427031552)) (FloverMap.add C34 (( (17)#(5), (17)#(5)), (17)#(45035996273704960)) (FloverMap.add e2 (( (-1)#(2), (8201)#(2048)), (2879632975312110162723860570159105251222262341380356792653971457)#(529335265084873566077879553980951356026419978008369989458181366086188773933056)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add e1 (( (-1)#(1), (14)#(1)), (126100789566373895)#(40564819207303340847894502572032)) (FloverMap.add y1 (( (2)#(1), (8)#(1)), (1)#(1125899906842624)) (FloverMap.add x0 (( (-3)#(1), (6)#(1)), (3)#(4503599627370496)) (FloverMap.empty (intv * error)))))))).
Definition querymap_fnc1 :=
FloverMap.add e2 (FalseQ, (AndQ (AndQ (LessEqQ (VarQ 0) (ConstQ ((6)#(1)))) (AndQ (LessEqQ (VarQ 1) (ConstQ ((8)#(1)))) (AndQ (LessEqQ (ConstQ ((-3)#(1))) (VarQ 0)) (AndQ (LessEqQ (ConstQ ((2)#(1))) (VarQ 1)) TrueQ)))) (AndQ (LessQ (ConstQ ((8201)#(2048))) (DivQ (PlusQ (VarQ 0) (VarQ 1)) (VarQ 1))) TrueQ))) (FloverMap.empty (SMTLogic * SMTLogic)).
Theorem ErrorBound_fnc1_Sound :
CertificateChecker e5 absenv_fnc1 thePrecondition_fnc1 querymap_fnc1 defVars_fnc1 = true.
Proof.
vm_compute.
Abort.
Require Import Coq.Reals.Reals Coq.QArith.Qreals.
Require Import RealRangeArith.
Require Import Flover.Expressions.
Definition loQ :=
match FloverMap.find e2 querymap_fnc1 with
| Some (q, _) => q
| _ => FalseQ
end.
Definition hiQ :=
match FloverMap.find e2 querymap_fnc1 with
| Some (_, q) => q
| _ => FalseQ
end.
Definition query := hiQ.
Definition prec := optionBind (getPrecond query) (fun q => q) TrueQ.
Definition prec_reorder := precond2SMT thePrecondition_fnc1.
(*
AndQ (LessEqQ (ConstQ (-3 # 1)) (VarQ 0))
(AndQ (LessEqQ (VarQ 0) (ConstQ (6 # 1)))
(AndQ (LessEqQ (ConstQ (2 # 1)) (VarQ 1))
(AndQ (LessEqQ (VarQ 1) (ConstQ (8 # 1))) TrueQ))).
*)
Definition bound := optionBind (getBound query) (fun q => q) TrueQ.
Lemma prec_bound_correct E :
eval_smt_logic E query <-> eval_smt_logic E (AndQ prec_reorder bound).
Proof.
cbv. tauto.
Qed.
Definition bound_expr :=
match bound with
| LessQ e (ConstQ r) => e
| LessQ (ConstQ r) e => e
| _ => ConstQ (0#1)
end.
Lemma e2_to_smt : e2 = SMTArith2Expr bound_expr.
Proof.
reflexivity.
Qed.
Theorem RangeBound_e2_sound E Gamma v :
eval_precond E thePrecondition_fnc1
-> ~ eval_smt_logic E query
-> eval_expr E (toRTMap Gamma) (toREval (toRExp e2)) v REAL
-> v <= Q2R ((8201)#(2048)).
Proof.
intros H1 H2 H3.
rewrite e2_to_smt in H3.
eapply (RangeBound_high_sound (preQ:= prec_reorder) H1 _ _ H3).
Unshelve.
- reflexivity.
- intros H. apply H2. apply prec_bound_correct.
destruct H as [Hp [Hb _]]. now constructor.
Qed.
This diff is collapsed.
......@@ -9,15 +9,15 @@ From Flover
Infra.Ltacs RealRangeArith RealRangeValidator RoundoffErrorValidator
Environments TypeValidator FPRangeValidator ExpressionAbbrevs Commands.
Require Export ExpressionSemantics Flover.Commands Coq.QArith.QArith.
Require Export ExpressionSemantics Flover.Commands Coq.QArith.QArith Flover.SMTArith.
(** Certificate checking function **)
Definition CertificateChecker (e:expr Q) (absenv:analysisResult)
(P:precond) (defVars:FloverMap.t mType):=
(P: precond) Qmap (defVars:FloverMap.t mType):=
let tMap := (getValidMap defVars e (FloverMap.empty mType)) in
match tMap with
|Succes tMap =>
if RangeValidator e absenv P NatSet.empty && FPRangeValidator e absenv tMap NatSet.empty
if RangeValidator e absenv P Qmap NatSet.empty && FPRangeValidator e absenv tMap NatSet.empty
then RoundoffErrorValidator e tMap absenv NatSet.empty
else false
| _ => false
......@@ -26,16 +26,15 @@ Definition CertificateChecker (e:expr Q) (absenv:analysisResult)
(**
Soundness proof for the certificate checker.
Apart from assuming two executions, one in R and one on floats, we assume that
the real valued execution respects the precondition.
the real valued execution respects the precondition and dissatisfies the queries.
**)
Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P defVars:
Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P Qmap defVars:
forall (E1 E2:env) DeltaMap,
(forall (v : R) (m' : mType),
exists d : R, DeltaMap v m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
(forall v, NatSet.In v (Expressions.usedVars e) ->
exists vR, E1 v = Some vR /\
(Q2R (fst (P v)) <= vR <= Q2R (snd (P v)))%R) ->
CertificateChecker e absenv P defVars = true ->
eval_precond E1 P ->
unsat_queries Qmap ->
CertificateChecker e absenv P Qmap defVars = true ->
exists Gamma,
approxEnv E1 (toRExpMap Gamma) absenv (usedVars e) NatSet.empty E2 ->
exists iv err vR vF m,
......@@ -50,7 +49,7 @@ Theorem Certificate_checking_is_sound (e:expr Q) (absenv:analysisResult) P defVa
validator and the error bound validator.
**)
Proof.
intros * deltas_matched P_valid certificate_valid.
intros * deltas_matched P_valid unsat_qs certificate_valid.
unfold CertificateChecker in certificate_valid.
destruct (getValidMap defVars e (FloverMap.empty mType)) eqn:?; try congruence.
rename t into Gamma.
......@@ -64,8 +63,8 @@ Proof.
assert (dVars_range_valid NatSet.empty E1 absenv).
{ unfold dVars_range_valid.
intros; set_tac. }
assert (affine_dVars_range_valid NatSet.empty E1 absenv 1 (FloverMap.empty _) (fun _ => None))
as affine_dvars_valid.
assert (affine_dVars_range_valid NatSet.empty E1 absenv 1 (FloverMap.empty _)
(fun _ => None)) as affine_dvars_valid.
{ unfold affine_dVars_range_valid.
intros; set_tac. }
assert (NatSet.Subset (usedVars e -- NatSet.empty) (Expressions.usedVars e)).
......@@ -74,7 +73,7 @@ Proof.
rename R0 into validFPRanges.
assert (validRanges e absenv E1 (toRTMap (toRExpMap Gamma))) as valid_e.
{ eapply (RangeValidator_sound e (dVars:=NatSet.empty) (A:=absenv) (P:=P) (E:=E1));
auto. }
eauto. }
pose proof (validRanges_single _ _ _ _ valid_e) as valid_single;
destruct valid_single as [iv_e [ err_e [vR [ map_e [eval_real real_bounds_e]]]]].
destruct iv_e as [elo ehi].
......@@ -82,20 +81,20 @@ Proof.
assert (dVars_contained NatSet.empty (FloverMap.empty (affine_form Q))) as Hdvars
by (unfold dVars_contained; intros * Hset; clear - Hset; set_tac).
pose proof (RoundoffErrorValidator_sound e H approxE1E2 H1 eval_real R
valid_e map_e Hdvars) as Hsound.
valid_e map_e Hdvars) as Hsound.
unfold validErrorBounds in Hsound.
eapply validErrorBoundsRec_single in Hsound; eauto.
destruct Hsound as [[vF [mF eval_float]] err_bounded]; auto.
exists (elo, ehi), err_e, vR, vF, mF; repeat split; auto.
Qed.
Definition CertificateCheckerCmd (f:cmd Q) (absenv:analysisResult) (P:precond)
defVars :=
Definition CertificateCheckerCmd (f:cmd Q) (absenv:analysisResult) (P: precond)
(Qmap: FloverMap.t (SMTLogic * SMTLogic)) defVars :=
match getValidMapCmd defVars f (FloverMap.empty mType) with
| Succes Gamma =>
if (validSSA f (freeVars f))
if (validSSA f (preVars P))
then
if (RangeValidatorCmd f absenv P NatSet.empty) &&
if (RangeValidatorCmd f absenv P Qmap NatSet.empty) &&
FPRangeValidatorCmd f absenv Gamma NatSet.empty
then (RoundoffErrorValidatorCmd f Gamma absenv NatSet.empty)
else false
......@@ -103,15 +102,14 @@ Definition CertificateCheckerCmd (f:cmd Q) (absenv:analysisResult) (P:precond)
| _ => false
end.
Theorem Certificate_checking_cmds_is_sound (f:cmd Q) (absenv:analysisResult) P
Theorem Certificate_checking_cmds_is_sound (f:cmd Q) (absenv:analysisResult) P Qmap
defVars DeltaMap:
forall (E1 E2:env),
(forall (v : R) (m' : mType),
exists d : R, DeltaMap v m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
(forall v, NatSet.In v (freeVars f) ->
exists vR, E1 v = Some vR /\
(Q2R (fst (P v)) <= vR <= Q2R (snd (P v)))%R) ->
CertificateCheckerCmd f absenv P defVars = true ->
eval_precond E1 P ->
unsat_queries Qmap ->
CertificateCheckerCmd f absenv P Qmap defVars = true ->
exists Gamma,
approxEnv E1 (toRExpMap Gamma) absenv (freeVars f) NatSet.empty E2 ->
exists iv err vR vF m,
......@@ -126,7 +124,7 @@ Theorem Certificate_checking_cmds_is_sound (f:cmd Q) (absenv:analysisResult) P
validator and the error bound validator.
**)
Proof.
intros * deltas_matched P_valid certificate_valid.
intros * deltas_matched P_valid unsat_qs certificate_valid.
unfold CertificateCheckerCmd in certificate_valid.
destruct (getValidMapCmd defVars f (FloverMap.empty mType)) eqn:?;
try congruence.
......@@ -137,10 +135,14 @@ Proof.
exists Gamma; intros approxE1E2.
repeat rewrite <- andb_lazy_alt in certificate_valid.