## Proving bounds on real-valued functions with computations (2008)

### Cached

### Download Links

- [www.msr-inria.inria.fr]
- [www.lri.fr]
- [www.lri.fr]
- DBLP

### Other Repositories/Bibliography

Venue: | 4th International Joint Conference on Automated Reasoning. Volume 5195 of Lecture Notes in Artificial Intelligence |

Citations: | 12 - 2 self |

### BibTeX

@INPROCEEDINGS{Melquiond08provingbounds,

author = {Guillaume Melquiond},

title = {Proving bounds on real-valued functions with computations},

booktitle = {4th International Joint Conference on Automated Reasoning. Volume 5195 of Lecture Notes in Artificial Intelligence},

year = {2008},

pages = {2--17}

}

### OpenURL

### Abstract

Abstract. Interval-based methods are commonly used for computing numerical bounds on expressions and proving inequalities on real numbers. Yet they are hardly used in proof assistants, as the large amount of numerical computations they require keeps them out of reach from deductive proof processes. However, evaluating programs inside proofs is an efficient way for reducing the size of proof terms while performing numerous computations. This work shows how programs combining automatic differentiation with floating-point and interval arithmetic can be used as efficient yet certified solvers. They have been implemented in a library for the Coq proof system. This library provides tactics for proving inequalities on real-valued expressions. 1

### Citations

529 |
Methods and Applications of Interval Analysis
- Moore
- 1979
(Show Context)
Citation Context ...llowing rules: 〈l1, u1〉 + 〈l2, u2〉 = 〈l1 + l2, u1 + u2〉 〈l1, u1〉 − 〈l2, u2〉 = 〈l1 − u2, u1 − l2〉 Except for the particular case of ⊥ meaning an infinite bound, this is traditional interval arithmetic =-=[11,12]-=-. So extending the other arithmetic operators does not cause much difficulty. For instance, if l1 is negative and if both u1 and l2 are positive, the result of the division 〈l1, u1〉/〈l2, u2〉 is 〈l1/l2... |

163 |
Applied Interval Analysis: with Examples in Parameter and State Estimation, Robust Control and Robotics
- Jaulin, Kieffer, et al.
- 2004
(Show Context)
Citation Context ...llowing rules: 〈l1, u1〉 + 〈l2, u2〉 = 〈l1 + l2, u1 + u2〉 〈l1, u1〉 − 〈l2, u2〉 = 〈l1 − u2, u1 − l2〉 Except for the particular case of ⊥ meaning an infinite bound, this is traditional interval arithmetic =-=[11,12]-=-. So extending the other arithmetic operators does not cause much difficulty. For instance, if l1 is negative and if both u1 and l2 are positive, the result of the division 〈l1, u1〉/〈l2, u2〉 is 〈l1/l2... |

45 | Using reflection to build efficient and certified decision procedures
- Boutin
- 1997
(Show Context)
Citation Context ...e same proofs. Therefore, the proof system just has to evaluate the members of the new inequality, in order to verify that the transformation is valid. This transformation process is called reflexion =-=[18]-=-: An oracle produces a higher-level representation of the userproposition, and the proof system has only to check that the evaluation of this better representation is convertible to the old one. This... |

35 | A tactic language for the system Coq
- Delahaye
- 2000
(Show Context)
Citation Context ... proof assistant. Several existing reflexive tactics actually depend on Ocaml helpers embedded inside Coq, so this is not an unusual approach. Third, one could use the tactic language embedded in Coq =-=[17]-=-, so that the transformation runs on an unmodified Coq interpreter. This third way is the one chosen for this work. A Coq tactic will therefore parse the expression and create the program described in... |

32 |
A generic library of floating-point numbers and its application to exact computing
- Daumas, Rideau, et al.
- 2001
(Show Context)
Citation Context ...plexity is just O(n). The result is no longer exact, but interval arithmetic still works properly. There have been at least two prior formalizations of floating-point arithmetic in Coq. The first one =-=[13,14]-=- defines rounded results with relations, so the value w would be expressed as satisfying the proposition: w ≤ u v ∧ ∀m, e ∈ Z, |m| < β p ⇒ m · β e ≤ u v ⇒ m · βe ≤ w While useful and sufficient for pr... |

31 | Floating point verification in HOL light: the exponential function
- Harrison
- 1997
(Show Context)
Citation Context ....g. cos, arctan, exp) in addition to algebraic expressions, the problem becomes undecidable. Some inequalities can still be proved by first replacing elementary functions by polynomial approximations =-=[5,6]-=-. A resolution procedure for polynomial systems can then complete the formal proof. A different approach is based on interval arithmetic and numerical computations. The process inductively encloses su... |

22 | Guaranteed proofs using interval arithmetic
- Daumas, Melquiond, et al.
- 2005
(Show Context)
Citation Context ...oss of correlation between the multiple occurrences of a variable. In order to avoid this issue, the problems can be split into several smaller problems or higher-order enclosures can be used instead =-=[8,9]-=-. This paper presents an implementation of this approach for Coq. It will focus on the aspects of automatic proof and efficiency. Section 2 describes the few concepts needed for turning numerical comp... |

20 |
Preuves formelles en arithmétiques à virgule flottante
- Boldo
- 2004
(Show Context)
Citation Context ...plexity is just O(n). The result is no longer exact, but interval arithmetic still works properly. There have been at least two prior formalizations of floating-point arithmetic in Coq. The first one =-=[13,14]-=- defines rounded results with relations, so the value w would be expressed as satisfying the proposition: w ≤ u v ∧ ∀m, e ∈ Z, |m| < β p ⇒ m · β e ≤ u v ⇒ m · βe ≤ w While useful and sufficient for pr... |

19 | Verifying nonlinear real formulas via sums of squares
- Harrison
- 2007
(Show Context)
Citation Context ...to an equivalent system of several polynomial inequalities. Then a resolution procedure, e.g. based on cylindrical algebraic decomposition [3] or 1 http://coq.inria.fr/on the Nullstellensatz theorem =-=[4]-=-, will help a proof checker to conclude automatically. When the proposition involves elementary functions (e.g. cos, arctan, exp) in addition to algebraic expressions, the problem becomes undecidable.... |

17 | et al., “An American national standard: IEEE standard for binary floating point arithmetic - Stevenson - 1987 |

14 | B.: A computational approach to pocklington certificates in type theory
- Grégoire, Théry, et al.
- 2006
(Show Context)
Citation Context ...oing from P to fP is a single deductive step, so most of the verification time will be spent in evaluating fP . Fortunately, the convertibility rule happens to be implemented quite efficiently in Coq =-=[1,2]-=-, so it becomes possible to automatically prove some propositions on real numbers by simply evaluating programs. An example of such a proposition is the following one, where x and y are universallyqua... |

12 | Real Number Calculations and Theorem Proving
- Lester
- 2008
(Show Context)
Citation Context ...h is based on interval arithmetic and numerical computations. The process inductively encloses sub-expressions with numbers and propagates these bounds until the range of all the expressions is known =-=[7]-=-. Naive interval arithmetic, however, suffer from a loss of correlation between the multiple occurrences of a variable. In order to avoid this issue, the problems can be split into several smaller pro... |

11 | Towards automatic proofs of inequalities involving elementary functions
- Akbarpour, Paulson
- 2006
(Show Context)
Citation Context ....g. cos, arctan, exp) in addition to algebraic expressions, the problem becomes undecidable. Some inequalities can still be proved by first replacing elementary functions by polynomial approximations =-=[5,6]-=-. A resolution procedure for polynomial systems can then complete the formal proof. A different approach is based on interval arithmetic and numerical computations. The process inductively encloses su... |

10 |
A Purely Functional Library for Modular Arithmetic and Its Application to Certifying Large Prime Numbers
- Grégoire, Théry
- 2006
(Show Context)
Citation Context ...oing from P to fP is a single deductive step, so most of the verification time will be spent in evaluating fP . Fortunately, the convertibility rule happens to be implemented quite efficiently in Coq =-=[1,2]-=-, so it becomes possible to automatically prove some propositions on real numbers by simply evaluating programs. An example of such a proposition is the following one, where x and y are universallyqua... |

9 |
De l’arithmétique d’intervalles à la certification de programmes
- Melquiond
- 2006
(Show Context)
Citation Context ...ent for proving theorems on floating-point algorithms, such a relation does not provide any computational content, so it cannot be used for performing numerical computations. The second formalization =-=[15]-=- has introduced effective floating-point operators, but only for addition and multiplication. The other basic operators are evaluated by an external oracle. The results can then be checked by the syst... |

7 |
Formal Global Optimisation with Taylor Models,” in IJCAR, ser
- Zumkeller
- 2006
(Show Context)
Citation Context ...oss of correlation between the multiple occurrences of a variable. In order to avoid this issue, the problems can be split into several smaller problems or higher-order enclosures can be used instead =-=[8,9]-=-. This paper presents an implementation of this approach for Coq. It will focus on the aspects of automatic proof and efficiency. Section 2 describes the few concepts needed for turning numerical comp... |

5 |
Implementing the cylindrical algebraic decomposition within the Coq system
- Mahboubi
(Show Context)
Citation Context ...sition with existing formal methods, one can first turn it into an equivalent system of several polynomial inequalities. Then a resolution procedure, e.g. based on cylindrical algebraic decomposition =-=[3]-=- or 1 http://coq.inria.fr/on the Nullstellensatz theorem [4], will help a proof checker to conclude automatically. When the proposition involves elementary functions (e.g. cos, arctan, exp) in additi... |

3 |
Ajouter des entiers machine à Coq
- Spiwack
(Show Context)
Citation Context ...on computations, so the mantissa integers are relatively small.binary trees with leaves being radix-2 31 digits [1]. The arithmetic on these leaves is then delegated by Coq to the computer processor =-=[16]-=-. 3.2 Straight-line programs Until now, we have only performed interval computations. We have yet to prove properties on expressions. A prerequisite is the ability to actually represent these expressi... |