Commit 5a44ec01 authored by Clément Fumex's avatar Clément Fumex

+ remove unused constant half

+ add predicate "exact_int"
+ add three axioms on of_int +/-/*
+ add some other axioms
+ guard the theory realization with a dependency to flocq in make file
parent 1839bfe9
......@@ -914,13 +914,13 @@ COQLIBS_SEQ = $(addprefix lib/coq/seq/, $(COQLIBS_SEQ_FILES))
COQLIBS_BV_FILES = Pow2int BV_Gen
COQLIBS_BV = $(addprefix lib/coq/bv/, $(COQLIBS_BV_FILES))
COQLIBS_IEEEFLOAT_FILES = GenericFloat
COQLIBS_IEEEFLOAT = $(addprefix lib/coq/ieee_float/, $(COQLIBS_IEEEFLOAT_FILES))
ifeq (@enable_coq_fp_libs@,yes)
COQLIBS_FP_FILES = Rounding SingleFormat Single DoubleFormat Double
COQLIBS_FP_ALL_FILES = GenFloat $(COQLIBS_FP_FILES)
COQLIBS_FP = $(addprefix lib/coq/floating_point/, $(COQLIBS_FP_ALL_FILES))
COQLIBS_IEEEFLOAT_FILES = GenericFloat
COQLIBS_IEEEFLOAT = $(addprefix lib/coq/ieee_float/, $(COQLIBS_IEEEFLOAT_FILES))
endif
COQLIBS_FILES = lib/coq/BuiltIn lib/coq/HighOrd $(COQLIBS_INT) $(COQLIBS_BOOL) $(COQLIBS_REAL) $(COQLIBS_NUMBER) $(COQLIBS_SET) $(COQLIBS_MAP) $(COQLIBS_LIST) $(COQLIBS_OPTION) $(COQLIBS_SEQ) $(COQLIBS_FP) $(COQLIBS_BV) $(COQLIBS_IEEEFLOAT)
......
This diff is collapsed.
......@@ -56,7 +56,6 @@ theory GenericFloat
(* {3 Constructors and Constants} *)
constant zeroF : t (* +0.0 *)
constant half : t (* 0.5 *)
(* exp_bias = 2^(sb - 1) - 1 *)
(* max_finite_exp = 2^sb - 2 - exp_bias = exp_bias *)
(* max_significand = (2^eb + 2^eb - 1) * 2^(1-eb) *)
......@@ -167,7 +166,6 @@ theory GenericFloat
(* {3 Constructors and Constants} *)
axiom zeroF_is_positive : is_positive zeroF
axiom zeroF_is_zero : is_zero zeroF
axiom half_to_real : to_real half = 0.5
axiom zero_to_real : forall x [is_zero x].
is_zero x <-> is_finite x /\ to_real x = 0.0
......@@ -215,21 +213,16 @@ theory GenericFloat
constant max_real : real (* defined when cloning *)
constant max_int : int
(* constant emax = pow2 (eb -1)
axiom max_real: max_real = pow2 emax - pow2 (emax - sb) *)
axiom max_real_int: max_real = FromInt.from_int max_int
predicate in_range (x:real) = -. max_real <=. x <=. max_real
(* is_finite will guard all axioms, we're not specifying anything
for special values. It remains uninterpreted for the
axiomatisation (mapped in the driver tho), axioms have to
propagate it. The only way to have is_finite x is if x is by
propagation or by construction (right now only from using a
constant or a prover with native support). *)
axiom is_finite: forall x:t. is_finite x -> in_range (to_real x)
axiom zero_is_finite : is_finite zeroF
axiom half_is_finite : is_finite half
(* used as a condition to propagate is_finite *)
predicate no_overflow (m:mode) (x:real) = in_range (round m x)
......@@ -269,12 +262,19 @@ theory GenericFloat
(* The biggest representable integer whose predecessor (i.e. -1) is
representable *)
constant max_representable_integer : int (* defined when cloning RENAME -> max_safe_integer ? *)
(* pow2sb ? *)
(* axiom max_representable_integer:
max_representable_integer = pow2 sb *)
predicate exact_int (i: int) =
(- max_representable_integer) <= i <= max_representable_integer
(* round and integers *)
axiom Exact_rounding_for_integers:
forall m:mode, i:int.
(- max_representable_integer) <= i <= max_representable_integer ->
exact_int i ->
round m (FromInt.from_int i) = FromInt.from_int i
(** {3 Comparisons} *)
......@@ -339,6 +339,8 @@ theory GenericFloat
\/ ((is_minus_infinity x /\ is_not_nan y /\ not (is_minus_infinity y))
\/ (is_not_nan x /\ not (is_plus_infinity x) /\ is_plus_infinity y)))
axiom lt_lt_finite: forall x y z. lt x y -> lt y z -> is_finite y
(* lemmas on sign *)
axiom positive_to_real: forall x[is_positive x|to_real x >=. 0.0].
is_finite x -> is_positive x -> to_real x >=. 0.0
......@@ -630,6 +632,20 @@ theory GenericFloat
/\ (is_zero x -> same_sign r x)
/\ (is_finite x /\ to_real x >. 0.0 -> is_positive r)
(* exact arithmetic with integers *)
axiom of_int_add_exact: forall m n, i j.
exact_int i -> exact_int j ->
exact_int (i + j) -> eq (of_int m (i + j)) (add n (of_int m i) (of_int m j))
axiom of_int_sub_exact: forall m n, i j.
exact_int i -> exact_int j ->
exact_int (i - j) -> eq (of_int m (i - j)) (sub n (of_int m i) (of_int m j))
axiom of_int_mul_exact: forall m n, i j.
exact_int i -> exact_int j ->
exact_int (i * j) -> eq (of_int m (i * j)) (mul n (of_int m i) (of_int m j))
(* magic axioms *)
(* those two are wrong, find a correct version *)
......@@ -746,12 +762,18 @@ theory GenericFloat
is_finite x -> is_finite y -> le x y -> to_int m x <= to_int m y
axiom to_int_of_int: forall m:mode, i:int.
(- max_representable_integer) <= i <= max_representable_integer ->
exact_int i ->
to_int m (of_int m i) = i
axiom to_int_eq_of_int: forall m, x, i.
is_int x -> to_int m x = i -> x .= of_int m i
axiom eq_to_int: forall m, x y. is_finite x -> x .= y ->
to_int m x = to_int m y
axiom neg_to_int: forall m x.
is_int x -> to_int m (neg x) = - (to_int m x)
axiom roundToIntegral_is_finite : forall m:mode, x:t. is_finite x ->
is_finite (roundToIntegral m x)
end
......@@ -827,10 +849,12 @@ theory Float32
lemma round_bound_ne :
forall x:real [round RNE x].
x - 0x1p-24 * Abs.abs(x) - 0x1p-150 <= round RNE x <= x + 0x1p-24 * Abs.abs(x) + 0x1p-150
no_overflow RNE x ->
x - 0x1p-24 * Abs.abs(x) - 0x1p-150 <= round RNE x <= x + 0x1p-24 * Abs.abs(x) + 0x1p-150
lemma round_bound :
forall m:mode, x:real [round m x].
no_overflow m x ->
x - 0x1p-23 * Abs.abs(x) - 0x1p-149 <= round m x <= x + 0x1p-23 * Abs.abs(x) + 0x1p-149
end
......@@ -850,10 +874,12 @@ theory Float64
lemma round_bound_ne :
forall x:real [round RNE x].
x - 0x1p-53 * Abs.abs(x) - 0x1p-1075 <= round RNE x <= x + 0x1p-53 * Abs.abs(x) + 0x1p-1075
no_overflow RNE x ->
x - 0x1p-53 * Abs.abs(x) - 0x1p-1075 <= round RNE x <= x + 0x1p-53 * Abs.abs(x) + 0x1p-1075
lemma round_bound :
forall m:mode, x:real [round m x].
no_overflow m x ->
x - 0x1p-52 * Abs.abs(x) - 0x1p-1074 <= round m x <= x + 0x1p-52 * Abs.abs(x) + 0x1p-1074
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment