Logic for exact real arithmetic Helmut Schwichtenberg - PowerPoint PPT Presentation

Logic for exact real arithmetic Helmut Schwichtenberg Mathematisches Institut, LMU, M¨ unchen Oberwolfach, November 2017 1 / 25

Exact real numbers can be given in different formats: ◮ Cauchy sequences (of rationals, with Cauchy modulus). ◮ Infinite sequences (“streams”) of signed digits {− 1 , 0 , 1 } , or ◮ {− 1 , 1 , ⊥} with at most one ⊥ ( “undefined”): Gray code. Want formally verified algorithms on reals given as streams. ◮ Consider formal proofs M and apply realizability to extract their computational content. ◮ Switch between different formats of reals by decoration: ∀ nc x ( x ∈ co G → A )) (abbreviated ∀ nc ∀ x A �→ x ∈ co G A ). ◮ Computational content of x ∈ co G is a stream representing x . 2 / 25

Representation of real numbers x ∈ [ − 1 , 1] Dyadic rationals: k n � with k n ∈ {− 1 , 1 } . 2 n +1 n < m − 15 15 16 16 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 ¯ 1 1 1 1 1 1 1 1 1 − 7 7 8 8 ¯ ¯ ¯ ¯ 1 1 1 1 1 1 1 1 − 3 3 4 4 ¯ 1 ¯ 1 1 1 − 1 1 2 2 ¯ 1 1 0 with ¯ 1 := − 1. Adjacent dyadics can differ in many digits: 7 9 16 ∼ 1¯ 16 ∼ 11¯ 1¯ 111 , 1 . 3 / 25

Cure: flip after 1. Binary reflected (or Gray-) code. − 15 15 16 16 L R R L L R R L L R R L L R R L − 7 7 8 8 L R R L L R R L − 3 3 4 4 L R R L − 1 1 2 2 L R 0 7 9 16 ∼ RRRL , 16 ∼ RLRL . 4 / 25

Problem with productivity: ¯ 1111 + 1¯ 1¯ 1¯ 1 · · · = ? (or LRLL . . . + RRRL · · · = ?) What is the first digit? Cure: delay. ◮ For binary code: add 0. Signed digit code k n � with k n ∈ {− 1 , 0 , 1 } . 2 n +1 n < m Widely used for real number computation. There is a lot of redundancy: ¯ 11 and 0¯ 1 both denote − 1 4 . ◮ For Gray-code: add U (undefined), D (delay), Fin L / R (finally left / right). Pre-Gray code. 5 / 25

Pre-Gray code 7 9 16 16 L L U D U Fin R Fin L R R 3 5 U D Fin L U 8 8 Fin R 1 3 D U 4 4 Fin R R L 1 U 2 R 0 Can remove Fin a (by U ◦ Fin a �→ a ◦ R , D ◦ Fin a �→ Fin a ◦ L ) RRRLLL . . . RLRLLL . . . RUDDDD . . . all denote 1 2 . Only keep the latter to denote 1 2 . Result: unique representation, called pure Gray code. 6 / 25

Average for pre-Gray code Pre-Gray code: “cototal objects” in the (simultaneously defined) free algebras G and H given by the constructors Lr : B → G → G U : H → G Fin : B → G → H D : H → H with B = { tt , ff } 7 / 25

Predicates co G and co H Let a ∈ Psd ( x = − ax ′ − 1 x ′ ∈ Y ( x = x ′ Γ( X , Y ) := { x | ∃ r x ′ ∈ X ∃ r ) ∨ ∃ r 2 ) } , 2 a ∈ Psd ( x = ax ′ + 1 x ′ ∈ Y ( x = x ′ ∆( X , Y ) := { x | ∃ r x ′ ∈ X ∃ r ) ∨ ∃ r 2 ) } 2 and define ( co G , co H ) := ν ( X , Y ) (Γ( X , Y ) , ∆( X , Y )) (greatest fixed point) Consequences: a ∈ Psd ( x = − ax ′ − 1 x ′ ∈ co H ( x = x ′ ∀ nc x ∈ co G ( ∃ r x ′ ∈ co G ∃ r ) ∨ ∃ r 2 )) 2 a ∈ Psd ( x = ax ′ + 1 x ′ ∈ co H ( x = x ′ ∀ nc x ∈ co H ( ∃ r x ′ ∈ co G ∃ r ) ∨ ∃ r 2 )) 2 8 / 25

Lemma (CoGUMinus) ∀ nc x ( co G ( − x ) → co Gx ) , ∀ nc x ( co H ( − x ) → co Hx ) . Proof by coinduction (:= Gfp-axiom), using properties of the unary minus functions. Implicit algorithm. f : G → G and f ′ : H → H defined by f ′ ( Fin a ( u )) = Fin − a ( u ) , f ( Lr a ( u )) = Lr − a ( u ) , f ( U ( v )) = U ( f ′ ( v )) , f ′ ( D ( v )) = D ( f ′ ( v )) . 9 / 25

Using CoGUMinus we prove that co G and co H are equivalent. Lemma (CoHToCoG) ∀ nc x ( x ∈ co H → x ∈ co G ) , ∀ nc x ( x ∈ co G → x ∈ co H ) . Implicit algorithm. g : H → G and h : G → H : g ( Fin a ( u )) = Lr a ( f − ( u )) , h ( Lr a ( u )) = Fin a ( f − ( u )) , g ( D ( v )) = U ( v ) , h ( U ( v )) = D ( v ) where f − := cCoGUMinus (cL denotes the function extracted from the proof of a lemma L). No corecursive call is involved. 10 / 25

Informal proof U. Berger and M. Seisenberger 2010. To prove x , y ∈ co G ( x + y ∀ nc ∈ co G ) 2 consider two sets of averages, the second one with a “carry”: P := { x + y Q := { x + y + i | x , y ∈ co G } , | x , y ∈ co G , i ∈ Sd 2 } . 2 4 Suffices: Q satisfies the clause coinductively defining co G . ◮ By the greatest-fixed-point axiom for co G we have Q ⊆ co G . ◮ Since also P ⊆ Q we obtain P ⊆ co G , which is our claim. 11 / 25

Lemma (CoGAvToAvc) = x ′ + y ′ + i x ′ , y ′ ∈ co G ( x + y ∀ nc x , y ∈ co G ∃ r i ∈ Sd 2 ∃ r ) . 2 4 Proof needs CoGPsdTimes: ∀ nc a ∈ Psd ∀ nc x ∈ co G ( ax ∈ co G ). Rest easy, using CoGClause. Implicit algorithm. Write f ∗ for cCoGPsdTimes and s for cCoHToCoG. f ( Lr a ( u ) , Lr a ′ ( u ′ )) = ( a + a ′ , f ∗ ( − a , u ) , f ∗ ( − a ′ , u ′ )) , f ( Lr a ( u ) , U ( v )) = ( a , f ∗ ( − a , u ) , s ( v )) , f ( U ( v ) , Lr a ( u )) = ( a , s ( v ) , f ∗ ( − a , u )) , f ( U ( v ) , U ( v ′ )) = (0 , s ( v ) , s ( v ′ )) . 12 / 25

Lemma (CoGAvcSatCoICl) x ′ + y ′ + j + k x ′ , y ′ ∈ co G ( x + y + i ∀ nc i ∈ Sd 2 ∀ nc x , y ∈ co G ∃ r j ∈ Sd 2 ∃ r k ∈ Sd ∃ r 4 = ) . 4 2 Proof. Define J , K : Z → Z such that ∀ i ( i = J ( i ) + 4 K ( i )) ∀ i ( | J ( i ) | ≤ 2) ∀ i ( | i | ≤ 6 → | K ( i ) | ≤ 1) Then we can relate x + d and x + y + i by 2 4 x + y + J ( d + e +2 i ) x + d + y + e + i + K ( d + e + 2 i ) 2 2 4 = . 4 2 Implicit algorithm. f ( i , Lr a ( u ) , Lr a ′ ( u ′ ))=( J ( a + a ′ +2 i ) , K ( a + a ′ +2 i ) , f ∗ ( − a , u ) , f ∗ ( − a ′ , u ′ )) , f ( i , Lr a ( u ) , U ( v ))=( J ( a + 2 i ) , K ( a + 2 i ) , f ∗ ( − a , u ) , s ( v )) , f ( i , U ( v ) , Lr a ( u ))=( J ( a + 2 i ) , K ( a + 2 i ) , s ( v ) , f ∗ ( − a , u )) , f ( i , U ( v ) , U ( v ′ ))=( J (2 i ) , K (2 i ) , s ( v ) , s ( v ′ )) . 13 / 25

Lemma (CoGAvcToCoG) i ∈ Sd 2 ( z = x + y + i ∀ nc z ( ∃ r x , y ∈ co G ∃ r ) → z ∈ co G ) , 4 i ∈ Sd 2 ( z = x + y + i ∀ nc z ( ∃ r x , y ∈ co G ∃ r ) → z ∈ co H ) . 4 Proof (by coinduction) uses CoGAvcSatCoICl. We need a lemma: d ∈ Sd ( d = 0 ∨ r ∃ r SdDisj : ∀ nc a ∈ Psd ( d = a )) . Here ∨ r is an (inductively defined) variant of ∨ where only the content of the right hand side is kept. 14 / 25

Implicit algorithm. g ( i , u , u ′ ) = let ( i 1 , k , u 1 , u ′ 1 ) = cCoGAvcSatCoICl ( i , u , u ′ ) in case cSdDisj ( k ) of 0 → U ( h ( i 1 , u 1 , u ′ 1 )) a → Lr a ( g ( − ai 1 , f ∗ ( − a , u 1 ) , f ∗ ( − a , u ′ 1 ))) , h ( i , u , u ′ ) = let ( i 1 , k , u 1 , u ′ 1 ) = cCoGAvcSatCoICl ( i , u , u ′ ) in case cSdDisj ( k ) of 0 → D ( h ( i 1 , u 1 , u ′ 1 )) a → Fin a ( g ( − ai 1 , f ∗ ( − a , u 1 ) , f ∗ ( − a , u ′ 1 ))) . 15 / 25

Theorem (CoGAverage) x , y ∈ co G ( x + y ∀ nc ∈ co G ) . 2 Implicit algorithm. Compose cCoGAvToAvc with cCoGAvcToCoG. 16 / 25

Multiplication for pre-Gray code To prove x , x ′ ( x , x ′ ∈ co G → x · x ′ ∈ co G ) , ∀ nc consider the two sets P := { x · y | x , y ∈ co G } , Q := { x · y + z + i | x , y , z ∈ co G , i ∈ Sd 2 } . 4 Suffices: Q satisfies the clause coinductively defining co G . ◮ By the greatest-fixed-point axiom for co G we have Q ⊆ co G . ◮ Since also P ⊆ Q we obtain P ⊆ co G , which is our claim. 17 / 25

Lemma (CoGMultToMultc) x ′ , y ′ , z ∈ co G ( xy = x ′ y ′ + z + i ∀ nc x , y ∈ co G ∃ r i ∈ Sd 2 ∃ r ) . 4 Implicit algorithm. We use s for cCoHToCoG, and au for f ∗ ( a , u ). g ( Lr a ( u ) , Lr b ( u ′ )) = case cCoGAverage ( − abu , − abu ′ ) of Lr c ( u ′′ ) → ( c + ab , au , bu ′ , − cu ′′ ) U ( v ) → ( ab , au , bu ′ , s ( v )) g ( Lr a ( u ) , U ( v ))) = (0 , − au , s ( v ) , as ( v )) g ( U ( v ) , Lr a ( u )) = (0 , s ( v ) , − au , as ( v )) g ( U ( v ) , U ( v ′ )) = (0 , s ( v ) , s ( v ′ ) , cCoGZero ) . 18 / 25

Lemma (JKLr) z ∈ co G ( v + a + i = z + j ∀ nc i ∈ Sd 2 ∀ nc a ∈ Psd ∀ nc v ∈ co G ∃ r j ∈ Sd 2 ∃ r d ∈ Sd ∃ r + d ) . 4 4 Implicit algorithm We use s for cCoHToCoG. g ( i , a , Lr b 0 ( Lr b ( w ))) = ( J ( − b 0 b +2 b 0 + a + i ) , K ( − b 0 b +2 b 0 + a + i ) , b 0 bw ) g ( i , a , Lr b 0 ( U ( w ))) = ( J (2 b 0 + a + i ) , K (2 b 0 + a + i ) , − b 0 s ( w )) g ( i , a , U ( Lr b ( w ))) = ( J ( b + a + i ) , K ( b + a + i ) , bw ) g ( i , a , U ( U ( w ))) = ( J ( a + i ) , K ( a + i ) , s ( w )) Lemma (JKU) z ∈ co G ( v + i 4 = z + j ∀ nc i ∈ Sd 2 ∀ nc v ∈ co G ∃ r j ∈ Sd 2 ∃ r d ∈ Sd ∃ r + d ) 4 19 / 25

Lemma (CoGMultcSatCoICl) x ′ y + z ′ + j + d x ′ , z ′ ∈ co G ( xy + z + i ∀ nc y ∈ co G ∀ nc i ∈ Sd 2 ∀ nc x , z ∈ co G ∃ r d ∈ Sd ∃ r j ∈ Sd 2 ∃ r 4 = ) . 4 2 Implicit algorithm. We use h for cCoGAvcToCoG, w 0 for cCoGZero g ( u 0 , i , Lr a ( u ) , Lr b ( u ′ )) = let ( j , d , w ) = cJKLr ( i , b , h ( i , au 0 , − bu ′ )) in ( d , j , − au , w ) g ( u 0 , i , Lr a ( u ) , U ( v )) = let ( j , d , w ) = cJKU ( i , h ( i , au 0 , s ( v ))) in ( d , j , − au , w ) g ( u 0 , i , U ( v ) , Lr a ( u )) = let ( j , d , w ) = cJKLr ( i , a , h ( i , w 0 , − au )) in ( d , j , s ( v ) , w ) g ( u 0 , i , U ( v ) , U ( v ′ )) = let ( j , d , w ) = cJKU ( i , h ( i , w 0 , s ( v ′ ))) in ( d , j , s ( v ) , w ) 20 / 25