nlverify
play

NLVerify Verification of Polynomial Inequalities using Formal - PowerPoint PPT Presentation

Jul 19, 2023 •214 likes •1.36k views

NLVerify Verification of Polynomial Inequalities using Formal Floating-point Arithmetic Victor Magron (CNRS VERIMAG) Joint work with Tillmann Weisser and Benjamin Werner INRIA Spades Seminar October 27, 2015 V. Magron NLVerify 1 / 22

  1. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � z 1 � � 1 � z 2 Y − 2 X + 1 = � 1 X z 2 z 3 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + 1 z 11 1 V. Magron NLVerify 9 / 22

  2. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � z 1 � � 1 � z 2 Y − 2 X + 1 = � 1 X z 2 z 3 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + 1 z 11 1 V. Magron NLVerify 9 / 22

  3. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � 1 − z 8 − z 10 � � 1 � z 2 Y − 2 X + 1 = � 1 X z 2 z 3 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + 1 z 11 1 V. Magron NLVerify 9 / 22

  4. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � 1 − z 8 − z 10 � � 1 � z 2 Y − 2 X + 1 = � 1 X z 2 z 3 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + 1 z 11 1 V. Magron NLVerify 9 / 22

  5. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � 1 � � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � Y − 2 X + 1 = � 1 X ( z 8 − z 7 − 2 ) /2 z 3 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + 1 z 11 1 V. Magron NLVerify 9 / 22

  6. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � 1 � � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � Y − 2 X + 1 = � 1 X ( z 8 − z 7 − 2 ) /2 z 3 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + 1 z 11 1 V. Magron NLVerify 9 / 22

  7. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � 1 � � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � Y − 2 X + 1 = � 1 X ( z 8 − z 7 − 2 ) /2 z 3 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + z 10 − z 9 + 1 1 1 V. Magron NLVerify 9 / 22

  8. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � 1 � � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � Y − 2 X + 1 = � 1 X ( z 8 − z 7 − 2 ) /2 z 3 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + z 10 − z 9 + 1 1 1 V. Magron NLVerify 9 / 22

  9. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � 1 � � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � Y − 2 X + 1 = � 1 X ( z 8 − z 7 − 2 ) /2 z 10 − z 9 + 1 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + z 10 − z 9 + 1 1 1 V. Magron NLVerify 9 / 22

  10. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! We restrict ourselves to representations of degree ≤ 2. Write � � 1 � � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � Y − 2 X + 1 = � 1 X ( z 8 − z 7 − 2 ) /2 z 10 − z 9 + 1 X � · X � � � � � + 1 z 7 1 � · ( 1 − X ) + � � � � � 1 z 8 1 � · Y + � � � � � 1 z 9 1 � · ( 1 − Y ) � � � � � + 1 z 10 1 � · ( Y − X 2 ) � � � � � + z 10 − z 9 + 1 1 1 Find z 7 , z 8 , z 9 , z 10 ≥ 0 such that � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � � 0. ( z 8 − z 7 − 2 ) /2 z 10 − z 9 + 1 V. Magron NLVerify 9 / 22

  11. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! Find z 7 , z 8 , z 9 , z 10 ≥ 0 such that � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � � 0. ( z 8 − z 7 − 2 ) /2 z 10 − z 9 + 1 e. g. z 7 = z 8 = z 9 = z 10 = 0. V. Magron NLVerify 9 / 22

  12. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! Find z 7 , z 8 , z 9 , z 10 ≥ 0 such that � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � � 0. ( z 8 − z 7 − 2 ) /2 z 10 − z 9 + 1 e. g. z 7 = z 8 = z 9 = z 10 = 0. Substituting the solution: Y − 2 X + 1 = � � 1 � · ( Y − X 2 ) � � − 1 � 1 � � 1 X + 1 − 1 1 X V. Magron NLVerify 9 / 22

  13. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! Find z 7 , z 8 , z 9 , z 10 ≥ 0 such that � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � � 0. ( z 8 − z 7 − 2 ) /2 z 10 − z 9 + 1 e. g. z 7 = z 8 = z 9 = z 10 = 0. Substituting the solution: Y − 2 X + 1 = � � 1 �� � 1 � · ( Y − X 2 ) � �� − 1 � 1 0 � � 1 X + 1 − 1 0 0 0 X V. Magron NLVerify 9 / 22

  14. Example: Find SOS-decomposition for 0 ≤ x , y ≤ 1 ∧ x 2 ≤ y ⇒ y − 2 x + 1 ≥ 0! Find z 7 , z 8 , z 9 , z 10 ≥ 0 such that � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � � 0. ( z 8 − z 7 − 2 ) /2 z 10 − z 9 + 1 e. g. z 7 = z 8 = z 9 = z 10 = 0. Substituting the solution: Y − 2 X + 1 = � � 1 � · ( Y − X 2 ) �� � � �� �� �� 1 � 1 X 1 − 1 + 1 − 1 X V. Magron NLVerify 9 / 22

  15. Example: SOS-decomposition: Y − 2 X + 1 = ( 1 − X ) 2 + Y − X 2 � � Find z 7 , z 8 , z 9 , z 10 ≥ 0 such that � 1 − z 8 − z 10 ( z 8 − z 7 − 2 ) /2 � � 0. ( z 8 − z 7 − 2 ) /2 z 10 − z 9 + 1 e. g. z 7 = z 8 = z 9 = z 10 = 0. Substituting the solution: Y − 2 X + 1 = � � 1 � · ( Y − X 2 ) �� � � �� �� �� 1 � 1 X 1 − 1 + 1 − 1 X V. Magron NLVerify 9 / 22

  16. Example: SOS-decomposition: Y − 2 X + 1 = ( 1 − X ) 2 + Y − X 2 � � sdp solvers only find approximate certificates: 2.00014 ( 0.707263 X + 0.000078 Y − 0.70695 ) 2 Y − 2 X + 1 ≃ 0.000332 ( − 0.408035 X + 0.816664 Y − 0.408126 ) 2 + 0.000284 Y + 0.000116 ( 1 − Y ) + 1.00034 ( Y − X 2 ) + V. Magron NLVerify 9 / 22

  17. Example: SOS-decomposition: Y − 2 X + 1 = ( 1 − X ) 2 + Y − X 2 � � sdp solvers only find approximate certificates: 2.00014 ( 0.707263 X + 0.000078 Y − 0.70695 ) 2 Y − 2 X + 1 ≃ 0.000332 ( − 0.408035 X + 0.816664 Y − 0.408126 ) 2 + 0.000284 Y + 0.000116 ( 1 − Y ) + 1.00034 ( Y − X 2 ) + Exact error polynomial 0.000232209 X 2 − 5.81334 × 10 − 7 XY − 0.0000297356 X ε : = 0.000221436 Y 2 + 0.0000621035 Y − 0.000201126 + V. Magron NLVerify 9 / 22

  18. Example: SOS-decomposition: Y − 2 X + 1 = ( 1 − X ) 2 + Y − X 2 � � sdp solvers only find approximate certificates: 2.00014 ( 0.707263 X + 0.000078 Y − 0.70695 ) 2 Y − 2 X + 1 ≃ 0.000332 ( − 0.408035 X + 0.816664 Y − 0.408126 ) 2 + 0.000284 Y + 0.000116 ( 1 − Y ) + 1.00034 ( Y − X 2 ) + Exact error polynomial 0.000232209 X 2 − 5.81334 × 10 − 7 XY − 0.0000297356 X ε : = 0.000221436 Y 2 + 0.0000621035 Y − 0.000201126 + How can we employ such numerical certificates for formal verification? V. Magron NLVerify 9 / 22

  19. Introduction The Oracle Framework Interval Methods Coq Implementation Benchmarks Future Work

  20. How to use numerical certificates in C OQ ? tactic strategy 0.000232209 X 2 − 5.81334 × 10 − 7 XY − 0.0000297356 X ε : = 0.000221436 Y 2 + 0.0000621035 Y − 0.000201126 + V. Magron NLVerify 10 / 22

  21. How to use numerical certificates in C OQ ? tactic strategy Micromega uses heuristics to get an exact representation ε = 0 V. Magron NLVerify 10 / 22

  22. How to use numerical certificates in C OQ ? tactic strategy Micromega uses heuristics to get an exact representation NLCertify gives lower bound on ε by exact computations ε ∗ 0.000232209 X 2 − 5.81334 × 10 − 7 XY − 0.0000297356 X : = 0.000221436 Y 2 + 0.0000621035 Y − 0.000201126 + V. Magron NLVerify 10 / 22

  23. How to use numerical certificates in C OQ ? tactic strategy Micromega uses heuristics to get an exact representation NLCertify gives lower bound on ε by exact computations NLVerify use interval arithmetics to bound ε ε ∗ : = enclosure of ε V. Magron NLVerify 10 / 22

  24. General Framework Consider n -variate polynomials f , g 0 , . . . , g m ∈ Q [ X ] and a compact set K pop : = { x ∈ R n | g 0 ( x ) ≥ 0, . . . , g m ( x ) ≥ 0 } . V. Magron NLVerify 11 / 22

  25. General Framework Consider n -variate polynomials f , g 0 , . . . , g m ∈ Q [ X ] and a compact set K pop : = { x ∈ R n | g 0 ( x ) ≥ 0, . . . , g m ( x ) ≥ 0 }⊆ K box , where K box = [ a , b ] , with a , b ∈ Q n (plus assumption on the g j ). We are interested in the fact of f being non negative on K pop , i. e. ∀ x ∈ K pop : f ( x ) ≥ 0. V. Magron NLVerify 11 / 22

  26. General Framework Consider n -variate polynomials f , g 0 , . . . , g m ∈ Q [ X ] and a compact set K pop : = { x ∈ R n | g 0 ( x ) ≥ 0, . . . , g m ( x ) ≥ 0 } ⊆ K box , where K box = [ a , b ] , with a , b ∈ Q n (plus assumption on the g j ). We are interested in the fact of f being non negative on K pop , i. e. ∀ x ∈ K pop : f ( x ) ≥ 0. Number formats R axiomatic V. Magron NLVerify 11 / 22

  27. General Framework Consider n -variate polynomials f , g 0 , . . . , g m ∈ Q [ X ] and a compact set K pop : = { x ∈ R n | g 0 ( x ) ≥ 0, . . . , g m ( x ) ≥ 0 } ⊆ K box , where K box = [ a , b ] , with a , b ∈ Q n (plus assumption on the g j ). We are interested in the fact of f being non negative on K pop , i. e. ∀ x ∈ K pop : f ( x ) ≥ 0. Number formats R axiomatic Q exact, slow V. Magron NLVerify 11 / 22

  28. General Framework Consider n -variate polynomials f , g 0 , . . . , g m ∈ Q [ X ] and a compact set K pop : = { x ∈ R n | g 0 ( x ) ≥ 0, . . . , g m ( x ) ≥ 0 } ⊆ K box , where K box = [ a , b ] , with a , b ∈ Q n (plus assumption on the g j ). We are interested in the fact of f being non negative on K pop , i. e. ∀ x ∈ K pop : f ( x ) ≥ 0. Number formats R axiomatic Q exact, slow fast, certified inside C OQ (F LOCQ , Boldo/Melquiond), rounding errors F V. Magron NLVerify 11 / 22

  29. General Framework Consider n -variate polynomials f , g 0 , . . . , g m ∈ Q [ X ] and a compact set K pop : = { x ∈ R n | g 0 ( x ) ≥ 0, . . . , g m ( x ) ≥ 0 } ⊆ K box , where K box = [ a , b ] , with a , b ∈ Q n (plus assumption on the g j ). We are interested in the fact of f being non negative on K pop , i. e. ∀ x ∈ K pop : f ( x ) ≥ 0. Number formats R axiomatic Q exact, slow fast, certified inside C OQ (F LOCQ , Boldo/Melquiond), rounding errors F to keep track of rounding errors I V. Magron NLVerify 11 / 22

  30. Introduction The Oracle Framework Interval Methods Coq Implementation Benchmarks Future Work

  31. Notations Floating point numbers F ( p ) : = F r , p with radix r and precision p . V. Magron NLVerify 12 / 22

  32. Notations Floating point numbers F ( p ) : = F r , p with radix r and precision p . We are using one precision for all operations. In this talk r = 10, in the implementation r = 2. V. Magron NLVerify 12 / 22

  33. Notations Floating point numbers F ( p ) : = F r , p with radix r and precision p . We are using one precision for all operations. In this talk r = 10, in the implementation r = 2. Intervals I p : = I r , p with floating point bounds F p . V. Magron NLVerify 12 / 22

  34. Notations Floating point numbers F ( p ) : = F r , p with radix r and precision p . We are using one precision for all operations. In this talk r = 10, in the implementation r = 2. Intervals I p : = I r , p with floating point bounds F p . We map rationals to intervals via the enclosure � � Q → I p , [ a ] p : = max x ∈ F p { x | x ≤ a } , min x ∈ F p { x | x ≥ a } . V. Magron NLVerify 12 / 22

  35. Notations Floating point numbers F ( p ) : = F r , p with radix r and precision p . We are using one precision for all operations. In this talk r = 10, in the implementation r = 2. Intervals I p : = I r , p with floating point bounds F p . We map rationals to intervals via the enclosure � � Q → I p , [ a ] p : = max x ∈ F p { x | x ≤ a } , min x ∈ F p { x | x ≥ a } . Attention! Interval arithmetic does not carry any ring structure. The enclosure does not commute with the operations in Q . In general: [ a + b ] p � [ a ] p + [ b ] p . V. Magron NLVerify 12 / 22

  36. Two applications of intervals on polynomials Replace coefficients by intervals to speed up computation. Replace variables by intervals to obtain bounds on the function. V. Magron NLVerify 13 / 22

  37. Two applications of intervals on polynomials Replace coefficients by intervals to speed up computation. Replace variables by intervals to obtain bounds on the function. V. Magron NLVerify 13 / 22

  38. Two applications of intervals on polynomials Replace coefficients by intervals to speed up computation. Coefficient Enclosure Building a coefficient enclosure of a polynomial f ∈ Q [ X ] is done by mapping its coefficients to the corresponding intervals via [ • ] p . If f = ∑ α f α X α , its coefficient enclosure is the set of polynomials � � [ f α ] p X α : = f α X α | ˆ [ f ] p = ∑ ˆ ∑ f α ∈ [ f α ] p α α V. Magron NLVerify 13 / 22

  39. Two applications of intervals on polynomials Replace coefficients by intervals to speed up computation. Coefficient Enclosure Building a coefficient enclosure of a polynomial f ∈ Q [ X ] is done by mapping its coefficients to the corresponding intervals via [ • ] p . If f = ∑ α f α X α , its coefficient enclosure is the set of polynomials � � [ f α ] p X α : = f α X α | ˆ [ f ] p = ∑ ˆ ∑ f α ∈ [ f α ] p α α Keep in mind! The coefficient enclosure depends on the representation of f . V. Magron NLVerify 13 / 22

  40. Two applications of intervals on polynomials Replace coefficients by intervals to speed up computation. Coefficient Enclosure 1 3 X − 1 : = 3 X = 0 f [ f ] 2 = [ 0.33, 0.34 ] X − [ 0.33, 0.34 ] X [ 0 ] 2 = [ 0, 0 ] V. Magron NLVerify 13 / 22

  41. Two applications of intervals on polynomials Replace variables by intervals to obtain bounds on the function. Variable Enclosure The variable enclosure | f | B of a polynomial f with respect to a hyper box B = ( I 1 · · · , I n ) ⊆ I n p is built by replacing every variable X i by the corresponding interval I i . If f = ∑ α f α X α , its variable enclosure is f α B α ⊆ I p | f | B = ∑ α V. Magron NLVerify 13 / 22

  42. Two applications of intervals on polynomials Replace variables by intervals to obtain bounds on the function. Variable Enclosure The variable enclosure | f | B of a polynomial f with respect to a hyper box B = ( I 1 · · · , I n ) ⊆ I n p is built by replacing every variable X i by the corresponding interval I i . If f = ∑ α f α X α , its variable enclosure is f α B α ⊆ I p | f | B = ∑ α Of course: The variable enclosure depends on the representation of f . V. Magron NLVerify 13 / 22

  43. Two applications of intervals on polynomials Replace variables by intervals to obtain bounds on the function. Variable Enclosure Let B = [ − 1, 1 ] × [ 0, 1 ] × [ 0, 1 ] . Then X ( Y − Z ) = XY − YZ | X ( Y − Z ) | B = [ − 1, 1 ][ − 1, 1 ] = [ − 1, 1 ] | XY − XZ | B = [ − 1, 1 ] − [ − 1, 1 ] = [ − 2, 2 ] V. Magron NLVerify 13 / 22

  44. Two applications of intervals on polynomials C OEFFICIENT E NCLOSURE V ARIABLE E NCLOSURE We are combining both methods and SOS-certification. V. Magron NLVerify 13 / 22

  45. Introduction The Oracle Framework Interval Methods Coq Implementation Benchmarks Future Work

  46. Coq Implementation Theorem: � � � [ f ] p ⊆ [ ℓ , ∞ ) ⇒ f ≥ ℓ on K box . � � � K box V. Magron NLVerify 14 / 22

  47. Coq Implementation Theorem: � � � [ f ] p ⊆ [ ℓ , ∞ ) ⇒ f ≥ ℓ on K box . � � � K box C OQ Version: Lemma toPolI_ok p box pt : pt ∈ box → eval pt p ∈ Vencl box (toPolI p). V. Magron NLVerify 14 / 22

  48. Lemma toPolI_ok p box pt : pt ∈ box → eval pt p ∈ Vencl box (toPolI p). V. Magron NLVerify 15 / 22

  49. Lemma toPolI_ok p box pt : pt ∈ box → eval pt p ∈ Vencl box (toPolI p). eval PQ R ∈ toPolI Vencl PolI I V. Magron NLVerify 15 / 22

  50. Lemma toPolI_ok p box pt : pt ∈ box → eval pt p ∈ Vencl box (toPolI p). Inductive PQ := : Q → PQ | PEc eval PQ R | PEx : positive → PQ | PEadd: PQ -> PQ → PQ ∈ toPolI | PEsub: PQ -> PQ → PQ Vencl PolI I | ... . V. Magron NLVerify 15 / 22

  51. Lemma toPolI_ok p box pt : pt ∈ box → eval pt p ∈ Vencl box (toPolI p). Inductive PQ := : Q → PQ | PEc eval PQ R | PEx : positive → PQ | PEadd: PQ -> PQ → PQ ∈ toPolI | PEsub: PQ -> PQ → PQ Vencl PolI I | ... . Inductive PolI := : I → PolI | IPc | IPinj: positive → PolI → PolI : PolI → positive → PolI → PolI. | IPX V. Magron NLVerify 15 / 22

  52. Lemma toPolI_ok p box pt : pt ∈ box → eval pt p ∈ Vencl box (toPolI p). Inductive PQ := : Q → PQ | PEc eval PQ R | PEx : positive → PQ | PEadd: PQ -> PQ → PQ ∈ toPolI | PEsub: PQ -> PQ → PQ Vencl PolI I | ... . Inductive PolI := : I → PolI | IPc | IPinj: positive → PolI → PolI : PolI → positive → PolI → PolI. | IPX V. Magron NLVerify 15 / 22

  53. Lemma toPolI_ok p box pt : pt ∈ box → eval pt p ∈ Vencl box (toPolI p). Inductive PQ := Proof: : Q → PQ | PEc eval PQ R | PEx : positive → PQ | PEadd: PQ -> PQ → PQ = = toPolQ | PEsub: PQ -> PQ → PQ eval PQ PolQ R | ... . ∈ toPolI Cencl Vencl I PolI Inductive PolQ := : Q → PolQ | QPc | QPinj: positive → PolQ → PolQ : PolQ → positive → PolQ → PolQ. | QPX V. Magron NLVerify 15 / 22

  54. Lemma toPolI_ok p box pt : pt ∈ box → eval pt p ∈ Vencl box (toPolI p). Inductive PQ := NLVerify: : Q → PQ | PEc eval R | PEx : positive → PQ PQ | PEadd: PQ -> PQ → PQ = = toPolQ | PEsub: PQ -> PQ → PQ eval PQ PolQ R | ... . ∈ toPolI Cencl Vencl PolI I Inductive PolQ := : Q → PolQ | QPc | QPinj: positive → PolQ → PolQ : PolQ → positive → PolQ → PolQ. | QPX V. Magron NLVerify 15 / 22

  55. Correctness lemmas for PolI For PolQ a correctness lemma looks like: Lemma QPadd_ok (p q: PolQ) pt : eval pt (p !++ q) = eval pt p + eval pt q. V. Magron NLVerify 16 / 22

  56. Correctness lemmas for PolI For PolQ a correctness lemma looks like: Lemma QPadd_ok (p q: PolQ) pt : eval pt (p !++ q) = eval pt p + eval pt q. The direct translation of this lemma to PolI is false. V. Magron NLVerify 16 / 22

  57. Correctness lemmas for PolI For PolQ a correctness lemma looks like: Lemma QPadd_ok (p q: PolQ) pt : eval pt (p !++ q) = eval pt p + eval pt q. The direct translation of this lemma to PolI is false. A PolI operation can only be correct w.r.t. the underlying PolQ expressions: Lemma Padd_coef_ok (p q: PolQ) (P Q: PolI) : p ∈ P -> q ∈ Q -> (p !++ q) ∈ (P ?++ Q). V. Magron NLVerify 16 / 22

  58. Correctness lemmas for PolI eval R PQ = = toPolQ eval PQ PolQ R ∈ toPolI Cencl Vencl PolI I V. Magron NLVerify 16 / 22

  59. Correctness lemmas for PolI eval R PQ = = toPolQ eval PQ PolQ R ∈ toPolI Cencl Vencl PolI I → Correctness lemmas V. Magron NLVerify 16 / 22

  60. Proof of Lemma eval R PQ = = toPolQ eval PQ PolQ R ∈ toPolI Cencl Vencl PolI I → Correctness lemmas V. Magron NLVerify 16 / 22

  61. Proof of Lemma eval R PQ = = toPolQ eval PQ PolQ R ∈ toPolI Cencl Vencl PolI I → Correctness lemmas → easy because of same structure V. Magron NLVerify 16 / 22

  62. Proof of Lemma eval R PQ = = toPolQ eval PQ PolQ R ∈ toPolI Cencl Vencl PolI I → Correctness lemmas → easy because of same structure V. Magron NLVerify 16 / 22

  63. Proof of Lemma eval R PQ = = toPolQ eval PQ PolQ R ∈ toPolI Cencl Vencl PolI I → Correctness lemmas → easy because of same structure → basically proved in ring V. Magron NLVerify 16 / 22

  64. Proof of Lemma eval R PQ = = toPolQ eval PQ PolQ R ∈ toPolI Cencl Vencl PolI I → Correctness lemmas → easy because of same structure → basically proved in ring V. Magron NLVerify 16 / 22

  65. Proof of Lemma eval R PQ = = toPolQ eval PQ PolQ R ∈ toPolI Cencl Vencl PolI I → Correctness lemmas → easy because of same structure → basically proved in ring → follows from the correctness of interval arithmetic V. Magron NLVerify 16 / 22

  66. Introduction The Oracle Framework Interval Methods Coq Implementation Benchmarks Future Work

  67. Speedup NLVerify (p=50) vs. NLCertify x-Axis: examples (ordered by time_nlc) y-Axis: ratio time_nlv / time_nlc V. Magron NLVerify 17 / 22

  68. Speedup NLVerify (p=50) vs. NLCertify x-Axis: examples (ordered by time_nlc) y-Axis: ratio time_nlv / time_nlc V. Magron NLVerify 17 / 22

  69. Speedup Decreasing Precision x-Axis: precision y-Axis: ratio time_formal / time_informal V. Magron NLVerify 18 / 22

  70. Speedup Decreasing Precision x-Axis: precision y-Axis: ratio time_formal / time_informal V. Magron NLVerify 18 / 22

Recommend

More recommend