Commit 88437004 authored by Joachim Bard's avatar Joachim Bard

some more work on soundness of SubdivsChecker

parent 43cdec44
......@@ -67,14 +67,15 @@ Proof.
intros. cbn in *; congruence. }
exists Gamma; intros approxEnv_E1E2.
destruct subdivs.
- edestruct result_checking_sound; eauto.
intuition.
- edestruct result_checking_sound as ((outVars & Hssa) & validR & validErr & validFPR); eauto.
edestruct validRanges_single as (iv_e & err_e & vR & find_e & eval_real_e & ?); eauto.
edestruct validErrorBoundsRec_single; eauto.
destruct H5 as (? & ? & ?).
edestruct validErrorBoundsRec_single as ((vFP & mFP & eval_fp_e) & ?); eauto.
repeat eexists; eauto.
- (* general version of subdivs_checking_sound *) admit.
Admitted.
- edestruct subdivs_checking_sound as ((outVars & Hssa) & validR & validErr & validFPR); eauto.
edestruct validRanges_single as (iv_e & err_e & vR & find_e & eval_real_e & ?); eauto.
edestruct validErrorBoundsRec_single as ((vFP & mFP & eval_fp_e) & ?); eauto.
repeat eexists; eauto.
Qed.
(**
Soundness proof for the certificate checker.
......
......@@ -26,11 +26,10 @@ Theorem result_checking_sound (e: expr Q) (absenv: analysisResult) P Qmap defVar
unsat_queries Qmap ->
getValidMap defVars e (FloverMap.empty mType) = Succes Gamma ->
ResultChecker e absenv P Qmap defVars Gamma = true ->
exists outVars,
ssa e (freeVars e) outVars /\
validRanges e absenv E1 (toRTMap (toRExpMap Gamma)) /\
validErrorBounds e E1 E2 absenv Gamma /\
validFPRanges e E2 Gamma DeltaMap.
(exists outVars, ssa e (freeVars e) outVars) /\
validRanges e absenv E1 (toRTMap (toRExpMap Gamma)) /\
validErrorBounds e E1 E2 absenv Gamma /\
validFPRanges e E2 Gamma DeltaMap.
(**
The proofs is a simple composition of the soundness proofs for the range
validator and the error bound validator.
......@@ -108,7 +107,7 @@ Corollary result_checking_sound_single (e: expr Q) (absenv: analysisResult) P Qm
Proof.
intros * deltas_matched P_valid unsat_qs valid_typeMap results_valid.
exists Gamma; intros approxE1E2.
edestruct result_checking_sound as (? & _ & validRange & Hsound & _); try eauto.
edestruct result_checking_sound as (_ & validRange & Hsound & _); try eauto.
eapply validRanges_single in validRange.
destruct validRange as [iv [err [vR [Hfind [eval_real validRange]]]]].
eapply validErrorBoundsRec_single in Hsound; eauto.
......
......@@ -40,6 +40,177 @@ Proof.
- apply (reflect_iff _ _ (Z.leb_spec0 _ _)). auto.
Qed.
Lemma resultLeq_range_sound e A1 A2 E Gamma :
resultLeq e A1 A2 = true ->
validRanges e A1 E Gamma ->
validRanges e A2 E Gamma.
Proof.
induction e in E |- *; cbn.
- intros Hleq (_ & iv & err & vR & Hfind & Heval & Hiv).
rewrite Hfind in Hleq. Flover_compute.
split; auto. kill_trivial_exists. exists vR. canonize_hyps; cbn in *.
repeat split; auto; lra.
- intros Hleq (_ & iv & err & vR & Hfind & Heval & Hiv).
rewrite Hfind in Hleq. Flover_compute.
split; auto. kill_trivial_exists. exists vR. canonize_hyps; cbn in *.
repeat split; auto; lra.
- intros H (H1 & iv & err & vR & Hfind & Heval & Hiv).
apply andb_true_iff in H as [Hleq1 Hleq].
rewrite Hfind in Hleq. Flover_compute.
split; auto. kill_trivial_exists. exists vR. canonize_hyps; cbn in *.
repeat split; auto; lra.
- intros H ((Hdiv & H1 & H2) & iv & err & vR & Hfind & Heval & Hiv).
apply andb_true_iff in H as [H Hleq].
apply andb_true_iff in H as [Hleq1 Hleq2].
rewrite Hfind in Hleq. Flover_compute.
repeat split; auto.
+ intros -> ivA2 errA2 Hfind2.
edestruct (resultLeq_sound _ _ _ Hleq2)
as (ivA1 & errA1 & ? & ? & Hfind1 & Hfind2' & Hsub & _).
rewrite Hfind2' in Hfind2.
injection Hfind2. intros _ ->.
specialize (Hdiv eq_refl ivA1 errA1 Hfind1).
apply andb_true_iff in Hsub as [Hsub1 Hsub2].
cbn in *.
apply orb_true_iff.
apply orb_true_iff in Hdiv as [Hdiv | Hdiv]; [left | right].
* andb_to_prop Hdiv.
apply andb_true_iff.
admit. (* needs additional checks *)
* admit.
+ kill_trivial_exists. exists vR. canonize_hyps; cbn in *.
repeat split; auto; lra.
- intros H ((H1 & H2 & H3) & iv & err & vR & Hfind & Heval & Hiv).
apply andb_true_iff in H as [H Hleq].
apply andb_true_iff in H as [H Hleq3].
apply andb_true_iff in H as [Hleq1 Hleq2].
rewrite Hfind in Hleq. Flover_compute.
split; auto. kill_trivial_exists. exists vR. canonize_hyps; cbn in *.
repeat split; auto; lra.
- intros H (H1 & iv & err & vR & Hfind & Heval & Hiv).
apply andb_true_iff in H as [Hleq1 Hleq].
rewrite Hfind in Hleq. Flover_compute.
split; auto. kill_trivial_exists. exists vR. canonize_hyps; cbn in *.
repeat split; auto; lra.
- intros H ((H1 & Hx & H2) & iv & err & vR & Hfind & Heval & Hiv).
apply andb_true_iff in H as [H Hleq].
apply andb_true_iff in H as [Hleq1 Hleq2].
rewrite Hfind in Hleq. Flover_compute.
repeat split; auto.
+ admit. (* needs additional checker *)
+ kill_trivial_exists. exists vR. canonize_hyps; cbn in *.
repeat split; auto; lra.
Admitted.
Lemma resultLeq_error_sound e A1 A2 E1 E2 Gamma :
resultLeq e A1 A2 = true ->
validErrorBounds e E1 E2 A1 Gamma ->
validErrorBounds e E1 E2 A2 Gamma.
Proof.
intros Hleq err_sound DeltaMap delta_sound.
specialize (err_sound _ delta_sound).
revert E1 E2 err_sound.
induction e; intros E1 E2 err_sound; cbn.
- split; auto. intros vR iv err Heval Hfind.
cbn in Hleq.
Flover_compute.
unfold error in *.
assert (e0 = err) by congruence; subst.
edestruct err_sound as (_ & H1 & H2); eauto.
split; auto.
canonize_hyps.
intros vFP mFP HevalFP.
specialize (H2 vFP mFP HevalFP).
lra.
- split; auto. intros vR iv err Heval Hfind.
cbn in Hleq.
Flover_compute.
unfold error in *.
assert (e0 = err) by congruence; subst.
edestruct err_sound as (_ & H1 & H2); eauto.
split; auto.
canonize_hyps.
intros vFP mFP HevalFP.
specialize (H2 vFP mFP HevalFP).
lra.
- edestruct err_sound as [H1 Herr].
cbn in Hleq.
apply andb_true_iff in Hleq as [Hleq1 Hleq].
split; [destruct u; auto |].
intros vR iv err Heval Hfind.
Flover_compute.
unfold error in *.
assert (e1 = err) by congruence; subst.
edestruct Herr as [Hex Hall]; eauto.
split; auto.
canonize_hyps.
intros vFP mFP HevalFP.
specialize (Hall vFP mFP HevalFP).
lra.
- edestruct err_sound as ((Hdiv & H1 & H2) & Herr).
cbn in Hleq.
apply andb_true_iff in Hleq as [H Hleq].
apply andb_true_iff in H as [Hleq1 Hleq2].
split.
+ cbn in Hdiv. admit.
+ intros vR iv err Heval Hfind.
Flover_compute.
unfold error in *.
assert (e0 = err) by congruence; subst.
edestruct Herr as [Hex Hall]; eauto.
split; auto.
canonize_hyps.
intros vFP mFP HevalFP.
specialize (Hall vFP mFP HevalFP).
lra.
- edestruct err_sound as ((H1 & H2 & H3) & Herr).
cbn in Hleq.
apply andb_true_iff in Hleq as [H Hleq].
apply andb_true_iff in H as [H Hleq3].
apply andb_true_iff in H as [Hleq1 Hleq2].
split; auto.
intros vR iv err Heval Hfind.
Flover_compute.
unfold error in *.
assert (e0 = err) by congruence; subst.
edestruct Herr as [Hex Hall]; eauto.
split; auto.
canonize_hyps.
intros vFP mFP HevalFP.
specialize (Hall vFP mFP HevalFP).
lra.
- edestruct err_sound as [H1 Herr].
cbn in Hleq.
apply andb_true_iff in Hleq as [Hleq1 Hleq].
split; auto.
intros vR iv err Heval Hfind.
Flover_compute.
unfold error in *.
assert (e1 = err) by congruence; subst.
edestruct Herr as [Hex Hall]; eauto.
split; auto.
canonize_hyps.
intros vFP mFP HevalFP.
specialize (Hall vFP mFP HevalFP).
lra.
- edestruct err_sound as ((H1 & Hx & H2) & Herr).
cbn in Hleq.
apply andb_true_iff in Hleq as [H Hleq].
apply andb_true_iff in H as [Hleq1 Hleq2].
split; auto.
+ split; auto. split; auto. admit.
+ intros vR iv err Heval Hfind.
Flover_compute.
unfold error in *.
assert (e0 = err) by congruence; subst.
edestruct Herr as [Hex Hall]; eauto.
split; auto.
canonize_hyps.
intros vFP mFP HevalFP.
specialize (Hall vFP mFP HevalFP).
lra.
Admitted.
(* TODO: maybe put this somewhere else *)
Lemma approxEnv_empty_dVars A1 A2 Gamma fVars dVars E1 E2 :
NatSet.Empty dVars ->
......@@ -438,15 +609,16 @@ Theorem subdivs_checking_sound (e: expr Q) (absenv: analysisResult) P subdivs de
forall (E1 E2: env) DeltaMap,
(forall (e': R) (m': mType),
exists d: R, DeltaMap e' m' = Some d /\ (Rabs d <= mTypeToR m')%R) ->
approxEnv E1 (toRExpMap Gamma) absenv (freeVars e) NatSet.empty E2 ->
eval_precond E1 P ->
(forall Qmap, In Qmap (queriesInSubdivs subdivs) -> unsat_queries Qmap) ->
getValidMap defVars e (FloverMap.empty mType) = Succes Gamma ->
SubdivsChecker e absenv P subdivs defVars Gamma = true ->
(*
(exists outVars, ssa e (freeVars e) outVars) /\
validRanges e absenv E1 (toRTMap (toRExpMap Gamma)) /\
validFPRanges e E2 Gamma absenv /\
validErrorBounds e E1 E2 absenv Gamma.
*)
validErrorBounds e E1 E2 absenv Gamma /\
validFPRanges e E2 Gamma DeltaMap.
(*
exists Gamma,
approxEnv E1 (toRExpMap Gamma) absenv (freeVars e) NatSet.empty E2 ->
exists iv err vR vF m,
......@@ -456,8 +628,9 @@ Theorem subdivs_checking_sound (e: expr Q) (absenv: analysisResult) P subdivs de
(forall vF m,
eval_expr E2 (toRExpMap Gamma) DeltaMap (toRExp e) vF m ->
(Rabs (vR - vF) <= Q2R err))%R.
*)
Proof.
intros * deltas_matched P_valid unsat_qs valid_typeMap chk.
intros * deltas_matched approxEnv P_valid unsat_qs valid_typeMap chk.
apply andb_prop in chk as [chk valid_subdivs].
apply andb_prop in chk as [valid_ssa valid_cover].
eapply (checkPreconds_sound) in P_valid as [P1 [in_subdivs P_valid]]; eauto.
......@@ -468,7 +641,13 @@ Proof.
pose proof (checkSubdivs_sound e _ _ _ _ _ _ _ valid_subdivs in_subdivs) as [range_err_check A_leq].
assert (ResultChecker e A P1 Qmap defVars Gamma = true) as res_check
by (unfold ResultChecker; now rewrite valid_ssa', range_err_check).
eapply approxEnv_empty_dVars in approxEnv; eauto.
edestruct result_checking_sound as (Hssa & validR & validErr & validFPR); eauto.
{ apply unsat_qs. apply in_map_iff. now exists (P1, A, Qmap). }
repeat split; eauto using resultLeq_range_sound, resultLeq_error_sound.
Qed.
(*
exists Gamma; intros approxE1E2.
assert (approxEnv E1 (toRExpMap Gamma) A (freeVars e) NatSet.empty E2) as approxE1E2'
by (eapply approxEnv_empty_dVars; eauto).
......@@ -491,3 +670,4 @@ Proof.
specialize (err_bounded vF0 m Heval).
lra.
Qed.
*)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment