Delivery-Date: Fri Aug 16 21:10:10 2002
From: "Marc Daumas" <Marc.Daumas@ens-lyon.fr>
To: <stds-754@ieee.org>
Cc: "Cesar A. Munoz H." <Munoz@Icase.Edu>,
        "Gilles Dowek" <Gilles.Dowek@INRIA.Fr>,
        "Wolfgang J. Paul" <WJP@CS.Uni-SB.De>,
        "John Harrison" <JohnH@ichips.intel.com>,
        =?iso-8859-1?Q?Laurent_Th=E9ry?= <Laurent.Thery@INRIA.Fr>,
        =?iso-8859-1?Q?Lo=EFc_Pottier?= <Loic.Pottier@INRIA.Fr>,
        <Assia.Mahboubi@sophia.inria.fr>
Subject: A question from Professor Kahan
Date: Fri, 16 Aug 2002 23:59:34 -0400
Message-ID: <KDEBKMDEEDFKAMCNNKFDGEMDCAAA.Marc.Daumas@ENS-Lyon.Fr>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Importance: Normal
Sender: owner-stds-754@majordomo.ieee.org
Precedence: bulk


Dear attendees, Dear members of the mailing list,

On July 18th meeting on the revision of the IEEE 754 standard, Professor
Kahan reacted to my talk on automatic proof checking for floating point
arithmetic. (Please refer to the previous announcement on the mailing list
and the PDF of the slides
http://grouper.ieee.org/groups/754/meeting-materials/2002-07-18-daumas.pdf)

One of the concerns of Professor Kahan was on our ability to do difficult or
even simple mathematics with automatic proof systems. He offered a small
puzzle. I will present you the puzzle first, then our model and our solution
using Coq automatic proof checker.

The problem involves complex numbers. We define the principle square root
(Psqrt) of a number as the (unique) square root with a positive real
component. A convention is fixed for the case where both square roots are
imaginary numbers. Professor Kahan said that one of the statements is always
true and the other fails on some complex numbers.

Psqrt(1 - z^2) =? Psqrt (1 - z) Psqrt (1 + z)
Psqrt(z^2 - 1) =? Psqrt (z - 1) Psqrt (1 + z)

The correct answer can be easily prompted to a human being using polar
properties of the complex field. However, we used the Cartesian notation in
our proof as the tedious aspects of the proof are handled automatically by
our system. The proof uses a tools that eliminates quantifiers (Hormander's
algorithm) due to Loīc Pottier and Assia Mahboubi at the INRIA in Sophia
Antipolis.

We assume that
Psqrt(1 + z) = S1 = a1 + i b1
Psqrt(1 - z) = S2 = a2 + i b2

The hypotheses are

- both square roots are principle a1 >= 0 and a2 >= 0

- S1 and S2 squared are related so that z = S1^2 - 1 = 1 - S2^2 leading to
an equation for the real component and an equation for the imaginary
component
	a1*a1 + a2*a2 = b1*b1 + b2*b2 + 2
	a1*b1 + a2*b2 = 0

We have to prove that a1*a2 - b1*b2 >= 0

For the other equality, we assume that
Psqrt(1 + z) = S1 = a1 + i b1
Psqrt(z - 1) = S2 = a2 + i b2

The hypotheses are now

- both square roots are still principle a1 >= 0 and a2 >= 0

- S1 and S2 squared are now related so that z = S1^2 - 1 = S2^2 + 1 leading
to an equation for the real component and an equation for the imaginary
component
	a1*a1 + b2*b2 = a2*a2 + b1*b1 + 2
	a1*b1 = a2*b2

We have to prove once again that a1*a2 - b1*b2 >= 0

The tool provides a proof of the statement directly readable by Coq that is
checked automatically. It answers that the first fact is always true whereas
the second one cannot be proved. Laurent Thery
(Laurent.Thery@sophia.inria.fr), Loic Pottier (Loic.Pottier@sophia.inria.fr)
or Assia Mahboubi (Assia.Mahboubi@sophia.inria.fr) of the INRIA at Sophia
Antipolis can provide more details on the tool that they have used and on
matters on Coq.

--
Marc Daumas - Charge de recherches au CNRS (LIP - ENS de Lyon)
mailto:Marc.Daumas@ENS-Lyon.Fr - http://www.ens-lyon.fr/~daumas
PGP Key FP : 69B6 11D1 DA61 717F DF76  5B92 E4EC B289 D607 F324
ENS de Lyon - 46, allee d'Italie - 69364 Lyon Cedex 07 - FRANCE
Phone: (+33) 4 72 72 83 52 - Fax: (+33) 4 72 72 80 80