Logic for exact real arithmetic Helmut Schwichtenberg Joint work - PowerPoint PPT Presentation

Logic for exact real arithmetic Helmut Schwichtenberg Joint work with Ulrich Berger (Swansea), Nils K¨ opp (LMU), Kenyi Miyamoto (Innsbruck), Hideki Tsuiki (Kyoto) and Franziskus Wiesnet (LMU) Mathematisches Institut, LMU, M¨ unchen 2018 Joint Meeting of the Korean Mathematical Society and the German Mathematical Society Seoul, Korea, October 3-6, 2018 1 / 18

Exact real numbers can be given in different formats: ◮ Cauchy sequences (of rationals, with Cauchy modulus). ◮ Infinite sequences (“streams”) of signed digits {− 1 , 0 , 1 } , or ◮ {− 1 , 1 , ⊥} with at most one ⊥ ( “undefined”): Gray code. Want formally verified algorithms on reals given as streams. ◮ Consider formal proofs M and apply realizability to extract their computational content. ◮ Switch between different formats of reals by decoration. Example: ∀ nc x ( x ∈ co I → A )) . ∀ x A �→ ◮ Computational content of x ∈ co I is a stream representing x . 2 / 18

A real number can be represented as a Cauchy sequence ( a n ) n of rationals together with a Cauchy modulus M satisfying | a n − a m | ≤ 1 for n , m ≥ M ( p ) . 2 p Arithmetical operations on real numbers x , y are defined by L ( p ) c n � � x + y a n + b n max M ( p + 1) , N ( p + 1) − x − a n M ( p ) | x | | a n | M ( p ) � � x · y a n · b n max M ( p + 1 + p y ) , N ( p + 1 + p x ) � 1 if a n � = 0 x for | x | ∈ q R + 1 a n M (2( q + 1) + p ) 0 if a n = 0 where 2 p x is the upper bound of x provided by the Archimedian property. 3 / 18

Representation of real numbers x ∈ [ − 1 , 1] Dyadic rationals: k n � with k n ∈ {− 1 , 1 } . 2 n +1 n < m − 15 15 16 16 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 1 1 1 1 1 1 1 1 − 7 7 8 8 ¯ ¯ ¯ ¯ 1 1 1 1 1 1 1 1 − 3 3 4 4 ¯ 1 ¯ 1 1 1 − 1 1 2 2 ¯ 1 1 0 with ¯ 1 := − 1. Adjacent dyadics can differ in many digits: 7 9 16 ∼ 1¯ 16 ∼ 11¯ 1¯ 111 , 1 . 4 / 18

Cure: flip after 1. Binary reflected (or Gray-) code. − 15 15 16 16 L R R L L R R L L R R L L R R L − 7 7 8 8 L R R L L R R L − 3 3 4 4 L R R L − 1 1 2 2 L R 0 7 9 16 ∼ RRRL , 16 ∼ RLRL . 5 / 18

Problem with productivity: ¯ 1111 + 1¯ 1¯ 1¯ 1 · · · = ? (or LRLL . . . + RRRL · · · = ?) What is the first digit? Cure: delay. ◮ For binary code: add 0. Signed digit code k n � with k n ∈ {− 1 , 0 , 1 } . 2 n +1 n < m Widely used for real number computation. There is a lot of redundancy: ¯ 11 and 0¯ 1 both denote − 1 4 . ◮ For Gray-code: add U (undefined), D (delay), Fin L / R (finally left / right). Pre-Gray code. 6 / 18

Pre-Gray code 7 9 16 16 L L U D U Fin R Fin L R R 3 5 U D Fin L U 8 8 Fin R 1 3 D U 4 4 Fin R R L 1 U 2 R 0 Can remove Fin a (by U ◦ Fin a �→ a ◦ R , D ◦ Fin a �→ Fin a ◦ L ) RRRLLL . . . RLRLLL . . . RUDDDD . . . all denote 1 2 . Only keep the latter to denote 1 2 . Result: unique representation, called pure Gray code. 7 / 18

Average for signed digit streams Goal: x , y ∈ co I → x + y ∈ co I . 2 ◮ Need to accomodate streams in our logical framework. ◮ Model streams as “cototal objects” in the (free) algebra I given by the single constructor C : SD → I → I . Intuitively, k 0 , k 1 , k 2 . . . represents ∞ k n � with k n ∈ {− 1 , 0 , 1 } . 2 n +1 n =0 8 / 18

Φ( X ) := { x | ∃ k ∈ SD ∃ x ′ ∈ X ( x = x ′ + k ) } . 2 Then I := µ X Φ( X ) least fixed point co I := ν X Φ( X ) greatest fixed point satisfy the (strengthened) axioms Φ( I ∩ X ) ⊆ X → I ⊆ X induction X ⊆ Φ( co I ∪ X ) → X ⊆ co I coinduction (“strengthened” because their hypotheses are weaker than the fixed point property Φ( X ) = X ). 9 / 18

Goal: compute the average of two stream-coded reals. Prove x , y ∈ co I → x + y ∈ co I . 2 Computational content of this proof will be the desired algorithm. Informal proof (from Ulrich Berger & Monika Seisenberger 2006). Define sets P , Q of averages, Q with a “carry” i ∈ Z : P := { x + y Q := { x + y + i | x , y ∈ co I } , | x , y ∈ co I , i ∈ SD 2 } , 2 4 Suffices: Q satisfies the clause coinductively defining co I . Then by the greatest-fixed-point axiom for co I we have Q ⊆ co I . Since also P ⊆ Q we obtain P ⊆ co I , which is our claim. 10 / 18

Q satisfies the co I -clause: x ′ + y ′ + j i ∈ SD 2 → x , y ∈ co I → ∃ j ∈ SD 2 ∃ k ∈ SD ∃ x ′ , y ′ ∈ co I ( x + y + i + k 4 = ) . 4 2 Proof . Define J , K : Z → Z such that i = J ( i ) + 4 K ( i ) , | J ( i ) | ≤ 2 , | i | ≤ 6 → | K ( i ) | ≤ 1 . Then we can relate x + k and x + y + i by 2 4 x + y + J ( k + l +2 i ) + y + l x + k 2 + i + K ( k + l + 2 i ) 2 4 = . 4 2 11 / 18

By coinduction we obtain Q ⊆ co I : ∃ i ∈ SD 2 ∃ x , y ∈ co I ( z = x + y + i ) → z ∈ co I . 4 This gives our claim x , y ∈ co I → x + y ∈ co I . 2 Implicit algorithm. P ⊆ Q computes the first “carry” i ∈ SD 2 and the tails of the inputs. Then f : SD 2 × I × I → I defined corecursively by f ( i , C d ( u ) , C e ( v )) = C K ( k + l +2 i ) ( f ( J ( k + l + 2 i ) , u , v )) is called repeatedly and computes the average step by step. (Here ( k , d ) , ( l , e ) ∈ SD r ). 12 / 18

Realizability Define the realizability extension Φ r of Φ by Φ r ( Y ) := { ( x , u ) | ∃ ( k , d ) ∈ SD r ∃ ( x ′ , u ′ ) ∈ Y ( x = x ′ + k ∧ u = C d ( u ′ )) } 2 Let I r := µ Y Φ r ( Y ) least fixed point ( co I ) r := ν Y Φ r ( Y ) greatest fixed point . They satisfy the (strengthened) axioms Φ r ( I r ∩ Y ) ⊆ Y → I r ⊆ Y induction Y ⊆ Φ r (( co I ) r ∪ Y ) → Y ⊆ ( co I ) r coinduction . 13 / 18

From the proof M of x , y ∈ co I → x + y ∈ co I 2 extract a term et ( M ). The Soundness theorem gives a proof of et ( M ) r ∀ x , y ( x , y ∈ co I → x + y ∈ co I ) . 2 Brouwer-Heyting-Kolmogorov interpretation: u r ( x ∈ co I ) → v r ( y ∈ co I ) → et ( M )( u , v ) r ( x + y ∈ co I ) . 2 This is a formal verification that et ( M ) computes the average w.r.t. signed digit streams. 14 / 18

Average for pre-Gray code Method essentially the same as for signed digit streams. ◮ Only need to insert a different computational content to the predicates expressing how a real x is given. ◮ Instead of co I for signed digit streams we now need two such predicates co G and co H , corresponding to the two “modes” in pre-Gray code. 15 / 18

Method also works for multiplication and division: x , y ∈ co I → x + y ∈ co I , 2 x , y ∈ co I → x · y ∈ co I , x , y ∈ co I → 1 4 ≤ y → x y ∈ co I , both w.r.t. signed digit and Gray code. 16 / 18

Conclusion ◮ Want formally verified algorithms on real numbers given as streams (signed digits or pre-Gray code). ◮ Consider formal proofs M and apply realizability to extract their computational content. ◮ Switch between different representations of reals by relativising x to a coinductive predicate whose computational content is a stream representing x . ◮ The desired algorithm is obtained as the extracted term et ( M ) of the proof M . ◮ Verification by (automatically generated) formal soundness proof of the realizability interpretation. 17 / 18

References U. Berger, K. Miyamoto, H.S. and M. Seisenberger, Minlog - A tool for program extraction supporting algebras and coalgebras . In: Algebra and Coalgebra in Computer Science, LNCS 6859, 2011, pp. 393–399 U. Berger, K. Miyamoto, H.S. and H. Tsuiki, Logic for Gray-code computation . In: Concepts of Proof in Mathematics, Philosophy, and Computer Science (eds. Probst, Schuster). De Gruyter, 2016, pp. 69-110 H.S. and S.S. Wainer, Proofs and Computations , Perspectives in Logic. Association for Symbolic Logic and Cambridge University Press, 2012. 18 / 18