Certifying floating-point implementations using Gappa

High confidence in floating-point programs requires proving numerical properties of final and intermediate values. One may need to guarantee that a value stays within some range, or that the error relative to some ideal value is well bounded. Such work may require several lines of proof for each line of code, and will usually be broken by the smallest change to the code (e.g. for maintenance or optimization purpose). Certifying these programs by hand is therefore very tedious and error-prone. This article discusses the use of the Gappa proof assistant in this context. Gappa has two main advantages over previous approaches: Its input format is very close to the actual C code to validate, and it automates error evaluation and propagation using interval arithmetic. Besides, it can be used to incrementally prove complex mathematical properties pertaining to the C code. Yet it does not require any specific knowledge about automatic theorem proving, and thus is accessible to a wide community. Moreover, Gappa may generate a formal proof of the results that can be checked independently by a lower-level proof assistant like Coq, hence providing an even higher confidence in the certification of the numerical code. The article demonstrates the use of this tool on a real-size example, an elementary function with correctly rounded output

Takeuti's proof theory in the context of the Kyoto School

Gaisi Takeuti (1926–2017) is one of the most distinguished logicians in proof theory after Hilbert and Gentzen. He extensively extended Hilbert's program in the sense that he formulated Gentzen's sequent calculus, conjectured that cut-elimination holds for it (Takeuti's conjecture), and obtained several stunning results in the 1950–60s towards the solution of his conjecture. Though he has been known chiefly as a great mathematician, he wrote many papers in English and Japanese where he expressed his philosophical thoughts. In particular, he used several keywords such as "active intuition" and "self-reflection" from Nishida's philosophy. In this paper, we aim to describe a general outline of our project to investigate Takeuti's philosophy of mathematics. In particular, after reviewing Takeuti's proof-theoretic results briefly, we describe some key elements in Takeuti's texts. By explaining these texts, we point out the connection between Takeuti's proof theory and Nishida's philosophy and explain the future goals of our project

Informal proof, formal proof, formalism

Increases in the use of automated theorem-provers have renewed focus on the relationship between the informal proofs normally found in mathematical research and fully formalised derivations. Whereas some claim that any correct proof will be underwritten by a fully formal proof, sceptics demur. In this paper I look at the relevance of these issues for formalism, construed as an anti-platonistic metaphysical doctrine. I argue that there are strong reasons to doubt that all proofs are fully formalisable, if formal proofs are required to be finitary, but that, on a proper view of the way in which formal proofs idealise actual practice, this restriction is unjustified and formalism is not threatened

Trusting Computations: a Mechanized Proof from Partial Differential Equations to Actual Program

Computer programs may go wrong due to exceptional behaviors, out-of-bound array accesses, or simply coding errors. Thus, they cannot be blindly trusted. Scientific computing programs make no exception in that respect, and even bring specific accuracy issues due to their massive use of floating-point computations. Yet, it is uncommon to guarantee their correctness. Indeed, we had to extend existing methods and tools for proving the correct behavior of programs to verify an existing numerical analysis program. This C program implements the second-order centered finite difference explicit scheme for solving the 1D wave equation. In fact, we have gone much further as we have mechanically verified the convergence of the numerical scheme in order to get a complete formal proof covering all aspects from partial differential equations to actual numerical results. To the best of our knowledge, this is the first time such a comprehensive proof is achieved.Comment: N° RR-8197 (2012). arXiv admin note: text overlap with arXiv:1112.179

Separation Logic for Small-step Cminor

Cminor is a mid-level imperative programming language; there are proved-correct optimizing compilers from C to Cminor and from Cminor to machine language. We have redesigned Cminor so that it is suitable for Hoare Logic reasoning and we have designed a Separation Logic for Cminor. In this paper, we give a small-step semantics (instead of the big-step of the proved-correct compiler) that is motivated by the need to support future concurrent extensions. We detail a machine-checked proof of soundness of our Separation Logic. This is the first large-scale machine-checked proof of a Separation Logic w.r.t. a small-step semantics. The work presented in this paper has been carried out in the Coq proof assistant. It is a first step towards an environment in which concurrent Cminor programs can be verified using Separation Logic and also compiled by a proved-correct compiler with formal end-to-end correctness guarantees.Comment: Version courte du rapport de recherche RR-613

Infinity

This essay surveys the different types of infinity that occur in pure and applied mathematics, with emphasis on: 1. the contrast between potential infinity and actual infinity; 2. Cantor's distinction between transfinite sets and absolute infinity; 3. the constructivist view of infinite quantifiers and the meaning of constructive proof; 4. the concept of feasibility and the philosophical problems surrounding feasible arithmetic; 5. Zeno's paradoxes and modern paradoxes of physical infinity involving supertasks

What Do Paraconsistent, Undecidable, Random, Computable and Incomplete mean? A Review of Godel's Way: Exploits into an undecidable world by Gregory Chaitin, Francisco A Doria, Newton C.A. da Costa 160p (2012) (review revised 2019)

In ‘Godel’s Way’ three eminent scientists discuss issues such as undecidability, incompleteness, randomness, computability and paraconsistency. I approach these issues from the Wittgensteinian viewpoint that there are two basic issues which have completely different solutions. There are the scientific or empirical issues, which are facts about the world that need to be investigated observationally and philosophical issues as to how language can be used intelligibly (which include certain questions in mathematics and logic), which need to be decided by looking at how we actually use words in particular contexts. When we get clear about which language game we are playing, these topics are seen to be ordinary scientific and mathematical questions like any others. Wittgenstein’s insights have seldom been equaled and never surpassed and are as pertinent today as they were 80 years ago when he dictated the Blue and Brown Books. In spite of its failings—really a series of notes rather than a finished book—this is a unique source of the work of these three famous scholars who have been working at the bleeding edges of physics, math and philosophy for over half a century. Da Costa and Doria are cited by Wolpert (see below or my articles on Wolpert and my review of Yanofsky’s ‘The Outer Limits of Reason’) since they wrote on universal computation, and among his many accomplishments, Da Costa is a pioneer in paraconsistency. Those wishing a comprehensive up to date framework for human behavior from the modern two systems view may consult my book ‘The Logical Structure of Philosophy, Psychology, Mind and Language in Ludwig Wittgenstein and John Searle’ 2nd ed (2019). Those interested in more of my writings may see ‘Talking Monkeys--Philosophy, Psychology, Science, Religion and Politics on a Doomed Planet--Articles and Reviews 2006-2019 3rd ed (2019), The Logical Structure of Human Behavior (2019), and Suicidal Utopian Delusions in the 21st Century 4th ed (2019

The Julius Caesar objection

This paper argues that that Caesar problem had a technical aspect, namely, that it threatened to make it impossible to prove, in the way Frege wanted, that there are infinitely many numbers. It then offers a solution to the problem, one that shows Frege did not really need the claim that "numbers are objects", not if that claim is intended in a form that forces the Caesar problem upon us