Affine Arithmetic - Archive of Formal Proofs

Affine Arithmetic Fabian Immler August 16, 2018

Abstract We give a formalization of affine forms [1, 2] as abstract representations of zonotopes. We provide affine operations as well as overapproximations of some non-affine operations like multiplication and division. Expressions involving those operations can automatically be turned into (executable) functions approximating the original expression in affine arithmetic. Moreover we give a verified implementation of a functional algorithm to compute the intersection of a zonotope with a hyperplane, as described in the paper [3].

Contents 0.1 0.2

sum-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Radiant and Degree . . . . . . . . . . . . . . . . . . . . . . .

5 5

1 Euclidean Space: Executability 1.1 Ordered representation of Basis 1.2 Instantiations . . . . . . . . . . 1.3 Representation as list . . . . . 1.4 Bounded Linear Functions . . . 1.5 bounded linear functions . . . .

6 and Rounding of Components 7 . . . . . . . . . . . . . . . . . 7 . . . . . . . . . . . . . . . . . 10 . . . . . . . . . . . . . . . . . 22 . . . . . . . . . . . . . . . . . 22

2 Affine Form 2.1 Auxiliary developments . . . . 2.2 Partial Deviations . . . . . . . 2.3 Affine Forms . . . . . . . . . . 2.4 Evaluation, Range, Joint Range 2.5 Domain . . . . . . . . . . . . . 2.6 Least Fresh Index . . . . . . . . 2.7 Total Deviation . . . . . . . . . 2.8 Binary Pointwise Operations . 2.9 Addition . . . . . . . . . . . . . 2.10 Total Deviation . . . . . . . . .

30 30 32 33 33 36 36 38 38 38 39

1

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

. . . . . . . . . .

2.11 2.12 2.13 2.14 2.15 2.16 2.17 2.18 2.19 2.20 2.21 2.22

Unary Operations . . . . . . . . . . . . . Pointwise Scaling of Partial Deviations . . Partial Deviations Scale Pointwise . . . . Pointwise Unary Minus . . . . . . . . . . Constant . . . . . . . . . . . . . . . . . . Inner Product . . . . . . . . . . . . . . . . Inner Product Pair . . . . . . . . . . . . . Update . . . . . . . . . . . . . . . . . . . Inf/Sup . . . . . . . . . . . . . . . . . . . Minkowski Sum . . . . . . . . . . . . . . . Splitting . . . . . . . . . . . . . . . . . . . From List of Generators . . . . . . . . . . 2.22.1 (reverse) ordered coefficients as list 2.23 2d zonotopes . . . . . . . . . . . . . . . . 2.24 Intervals . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

. . . . . . . . . . . . . . .

39 40 41 41 42 42 42 43 43 44 50 52 61 67 68

3 Operations on Expressions 3.1 Approximating Expression*s* . . . . . . . . . . . . . . . . . . 3.2 Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3 Derived symbols . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Constant Folding . . . . . . . . . . . . . . . . . . . . . . . . . 3.5 Free Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.6 Derivatives . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.7 Definition of Approximating Function using Affine Arithmetic

72 73 73 74 75 77 82 94

4 Straight Line Programs 123 4.1 Definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 4.2 Reification as straight line program (with common subexpression elimination) . . . . . . . . . . . . . . . . . . . . . . . . . 123 4.3 better code equations for construction of large programs . . . 140 5 Approximation with Affine Forms 5.1 Approximate Operations . . . . . . . 5.1.1 set of generated endpoints . . 5.1.2 Approximate total deviation 5.1.3 truncate partial deviations . . 5.1.4 truncation with error bound . 5.1.5 general affine operation . . . 5.1.6 Inf/Sup . . . . . . . . . . . . 5.2 Min Range approximation . . . . . . 5.2.1 Addition . . . . . . . . . . . . 5.2.2 Scaling . . . . . . . . . . . . 5.2.3 Multiplication . . . . . . . . . 5.2.4 Inverse . . . . . . . . . . . . .

2

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

. . . . . . . . . . . .

145 148 148 149 150 152 154 156 158 160 161 161 166

5.3 5.4 5.5 5.6 5.7

Reduction (Summarization of Coefficients) . . . . . . . . . . . Splitting with heuristics . . . . . . . . . . . . . . . . . . . . . Approximate Min Range - Kind Of Trigonometric Functions . Power, TODO: compare with Min-range approximation?! . . Generic operations on Affine Forms in Euclidean Space . . . .

174 182 185 200 225

6 Counterclockwise 229 6.1 Auxiliary Lemmas . . . . . . . . . . . . . . . . . . . . . . . . 229 6.2 Sort Elements of a List . . . . . . . . . . . . . . . . . . . . . . 230 6.3 Abstract CCW Systems . . . . . . . . . . . . . . . . . . . . . 234 7 CCW Vector Space

236

8 CCW for Nonaligned Points in the Plane 8.1 Determinant . . . . . . . . . . . . . . . . . . . . . 8.2 Strict CCW Predicate . . . . . . . . . . . . . . . 8.3 Collinearity . . . . . . . . . . . . . . . . . . . . . 8.4 Polygonal chains . . . . . . . . . . . . . . . . . . 8.5 Dirvec: Inverse of Polychain . . . . . . . . . . . . 8.6 Polychain of Sorted (polychain-of, ccw 0.sortedP ) .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

240 240 246 247 251 255 255

9 CCW for Arbitrary Points in the Plane 262 9.1 Interpretation of Knuth’s axioms in the plane . . . . . . . . . 262 9.2 Order prover setup . . . . . . . . . . . . . . . . . . . . . . . . 267 9.3 Contradictions . . . . . . . . . . . . . . . . . . . . . . . . . . 268 10 Intersection 282 10.1 Polygons and ccw, Counterclockwise-2D-Arbitrary.lex, psi, coll 282 10.2 Orient all entries . . . . . . . . . . . . . . . . . . . . . . . . . 286 10.3 Lowest Vertex . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 10.4 Collinear Generators . . . . . . . . . . . . . . . . . . . . . . . 288 10.5 Independent Generators . . . . . . . . . . . . . . . . . . . . . 292 10.6 Independent Oriented Generators . . . . . . . . . . . . . . . . 299 10.7 Half Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 10.8 Mirror . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 10.9 Full Segments . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 10.10Continuous Generalization . . . . . . . . . . . . . . . . . . . . 321 10.11Intersection of Vertical Line with Segment . . . . . . . . . . . 323 10.12Bounds on Vertical Intersection with Oriented List of Segments326 10.13Bounds on Vertical Intersection with General List of Segments 329 10.14Approximation from Orthogonal Directions . . . . . . . . . . 336 10.15“Completeness” of Intersection . . . . . . . . . . . . . . . . . 338

3

11 Implementation 11.1 Reverse Sorted, Distinct Association Lists 11.2 Degree . . . . . . . . . . . . . . . . . . . . 11.3 Auxiliary Definitions . . . . . . . . . . . . 11.4 Pointswise Addition . . . . . . . . . . . . 11.5 prod of pdevs . . . . . . . . . . . . . . . . 11.6 Set of Coefficients . . . . . . . . . . . . . 11.7 Domain . . . . . . . . . . . . . . . . . . . 11.8 Application . . . . . . . . . . . . . . . . . 11.9 Total Deviation . . . . . . . . . . . . . . . 11.10Minkowski Sum . . . . . . . . . . . . . . . 11.11Unary Operations . . . . . . . . . . . . . 11.12Filter . . . . . . . . . . . . . . . . . . . . 11.13Constant . . . . . . . . . . . . . . . . . . 11.14Update . . . . . . . . . . . . . . . . . . . 11.15Approximate Total Deviation . . . . . . . 11.16Equality . . . . . . . . . . . . . . . . . . . 11.17From List of Generators . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . .

342 342 342 343 344 345 345 345 346 347 348 349 349 350 351 352 352 353

12 Optimizations for Code Integer

354

13 Optimizations for Code Float

355

14 Target Language debug messages 14.1 Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . 14.2 Write to File . . . . . . . . . . . . . . . . . . . . . . . . 14.3 Show for Floats . . . . . . . . . . . . . . . . . . . . . . . 14.4 Convert Float to Decimal number . . . . . . . . . . . . 14.4.1 Version that should be easy to prove correct, but 14.5 Trusted, but faster version . . . . . . . . . . . . . . . . . 14.6 gnuplot output . . . . . . . . . . . . . . . . . . . . . . . 14.6.1 vector output of 2D zonotope . . . . . . . . . . .

. . . . . . . . . . . . slow! . . . . . . . . .

356 356 356 357 357 357 358 360 360

15 Dyadic Rational Representation of Real

361

16 Examples

363

17 Examples on Proving Inequalities

364

18 Examples: Intersection of Zonotopes with Hyperplanes 367 18.1 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 theory Affine-Arithmetic-Auxiliarities imports HOL−Analysis.Analysis begin

4

0.1

sum-list

lemma sum-list-nth-eqI : fixes xs ys:: 0a::monoid-add list shows V length xs = length ys =⇒ ( x y. (x , y) ∈ set (zip xs ys) =⇒ x = y) =⇒ sum-list xs = sum-list ys by (induct xs ys rule: list-induct2 ) auto lemma fst-sum-list: fst (sum-list xs) = sum-list (map fst xs) by (induct xs) auto lemma snd-sum-list: snd (sum-list xs) = sum-list (map snd xs) by (induct xs) auto lemma take-greater-eqI : take c xs = take c ys =⇒ c ≥ a =⇒ take a xs = take a ys proof (induct xs arbitrary: a c ys) case (Cons x xs) note ICons = Cons thus ?case proof (cases a) case (Suc b) thus ?thesis using Cons(2 ,3 ) proof (cases ys) case (Cons z zs) from ICons obtain d where c: c = Suc d by (auto simp: Cons Suc dest!: Suc-le-D) show ?thesis using ICons(2 ,3 ) by (auto simp: Suc Cons c intro: ICons(1 )) qed simp qed simp qed (metis le-0-eq take-eq-Nil ) lemma take-max-eqD: take (max a b) xs = take (max a b) ys =⇒ take a xs = take a ys ∧ take b xs = take b ys by (metis max .cobounded1 max .cobounded2 take-greater-eqI ) lemma take-Suc-eq: take (Suc n) xs = (if n < length xs then take n xs @ [xs ! n] else xs) by (auto simp: take-Suc-conv-app-nth)

0.2

Radiant and Degree

definition rad-of w = w ∗ pi / 180 definition deg-of w = 180 ∗ w / pi lemma rad-of-inverse[simp]: deg-of (rad-of w ) = w

5

and deg-of-inverse[simp]: rad-of (deg-of w ) = w by (auto simp: deg-of-def rad-of-def ) lemma deg-of-monoI : x ≤ y =⇒ deg-of x ≤ deg-of y by (auto simp: deg-of-def intro!: divide-right-mono) lemma rad-of-monoI : x ≤ y =⇒ rad-of x ≤ rad-of y by (auto simp: rad-of-def ) lemma deg-of-strict-monoI : x < y =⇒ deg-of x < deg-of y by (auto simp: deg-of-def intro!: divide-strict-right-mono) lemma rad-of-strict-monoI : x < y =⇒ rad-of x < rad-of y by (auto simp: rad-of-def ) lemma deg-of-mono[simp]: deg-of x ≤ deg-of y ←→ x ≤ y using rad-of-monoI by (fastforce intro!: deg-of-monoI ) lemma rad-of-mono[simp]: rad-of x ≤ rad-of y ←→ x ≤ y using rad-of-monoI by (fastforce intro!: deg-of-monoI ) lemma deg-of-strict-mono[simp]: deg-of x < deg-of y ←→ x < y using rad-of-strict-monoI by (fastforce intro!: deg-of-strict-monoI ) lemma rad-of-strict-mono[simp]: rad-of x < rad-of y ←→ x < y using rad-of-strict-monoI by (fastforce intro!: deg-of-strict-monoI ) lemma rad-of-lt-iff : rad-of d < r ←→ d < deg-of r and rad-of-gt-iff : rad-of d > r ←→ d > deg-of r and rad-of-le-iff : rad-of d ≤ r ←→ d ≤ deg-of r and rad-of-ge-iff : rad-of d ≥ r ←→ d ≥ deg-of r using rad-of-strict-mono[of d deg-of r ] rad-of-mono[of d deg-of r ] by auto end

1

Euclidean Space: Executability

theory Executable-Euclidean-Space imports HOL−Analysis.Analysis List−Index .List-Index HOL−Word .Bool-List-Representation HOL−Library.Float Affine-Arithmetic-Auxiliarities

6

begin

1.1

Ordered representation of Basis and Rounding of Components

class executable-euclidean-space = ordered-euclidean-space + fixes Basis-list eucl-down eucl-truncate-down eucl-truncate-up assumes eucl-down-def P : eucl-down p b = ( i ∈ Basis. round-down p (b · i ) ∗R i ) assumes eucl-truncate-down-def P : eucl-truncate-down q b = ( i ∈ Basis. truncate-down q (b · i ) ∗R i ) assumes eucl-truncate-up-def P : eucl-truncate-up q b = ( i ∈ Basis. truncate-up q (b · i ) ∗R i ) assumes Basis-list[simp]: set Basis-list = Basis assumes distinct-Basis-list[simp]: distinct Basis-list begin lemma length-Basis-list: length Basis-list = card Basis by (metis Basis-list distinct-Basis-list distinct-card ) end lemma eucl-truncate-down-zero[simp]: eucl-truncate-down p 0 = 0 by (auto simp: eucl-truncate-down-def truncate-down-zero) lemma eucl-truncate-up-zero[simp]: eucl-truncate-up p 0 = 0 by (auto simp: eucl-truncate-up-def )

1.2

Instantiations

instantiation real ::executable-euclidean-space begin definition Basis-list-real :: real list where Basis-list-real = [1 ] definition eucl-down prec b = round-down prec b definition eucl-truncate-down prec b = truncate-down prec b definition eucl-truncate-up prec b = truncate-up prec b instance proof qed (auto simp: Basis-list-real-def eucl-down-real-def eucl-truncate-down-real-def eucl-truncate-up-real-def ) end instantiation prod ::(executable-euclidean-space, executable-euclidean-space) executable-euclidean-space begin

7

definition Basis-list-prod :: ( 0a × 0b) list where Basis-list-prod = zip Basis-list (replicate (length (Basis-list:: 0a list)) 0 ) @ zip (replicate (length (Basis-list:: 0b list)) 0 ) Basis-list definition eucl-down p a = (eucl-down p (fst a), eucl-down p (snd a)) definition eucl-truncate-down p a = (eucl-truncate-down p (fst a), eucl-truncate-down p (snd a)) definition eucl-truncate-up p a = (eucl-truncate-up p (fst a), eucl-truncate-up p (snd a)) instance proof show set Basis-list = (Basis::( 0a∗ 0b) set) by (auto simp: Basis-list-prod-def Basis-prod-def elim!: in-set-zipE ) (auto simp: Basis-list[symmetric] in-set-zip in-set-conv-nth simp del : Basis-list) show distinct (Basis-list::( 0a∗ 0b)list) using distinct-Basis-list[where 0a= 0a] distinct-Basis-list[where 0a= 0b] by (auto simp: Basis-list-prod-def Basis-list intro: distinct-zipI1 distinct-zipI2 elim!: in-set-zipE ) qed (auto simp: eucl-down-prod-def eucl-truncate-down-prod-def eucl-truncate-up-prod-def sum-Basis-prod-eq inner-add-left inner-sum-left inner-Basis eucl-down-def eucl-truncate-down-def eucl-truncate-up-def intro!: euclidean-eqI [where 0a= 0a∗ 0b]) end lemma eucl-truncate-down-Basis[simp]: i ∈ Basis =⇒ eucl-truncate-down e x · i = truncate-down e (x · i ) by (simp add : eucl-truncate-down-def ) lemma eucl-truncate-down-correct: dist (x :: 0a::executable-euclidean-space) (eucl-down e x ) ∈ {0 ..sqrt (DIM ( 0a)) ∗ 2 powr of-int (− e)} proof − P have dist x (eucl-down e x ) = sqrt ( i ∈Basis. (dist (x · i ) (eucl-down e x · i ))2 ) unfolding euclidean-dist-l2 [where 0a= 0a] L2-set-def .. P also have . . . ≤ sqrt ( i ∈(Basis:: 0a set). ((2 powr of-int (− e))2 )) by (intro real-sqrt-le-mono sum-mono power-mono) (auto simp: dist-real-def eucl-down-def abs-round-down-le) finally show ?thesis by (simp add : real-sqrt-mult) qed lemma eucl-down: eucl-down e (x :: 0a::executable-euclidean-space) ≤ x by (auto simp add : eucl-le[where 0a= 0a] round-down eucl-down-def )

8

lemma eucl-truncate-down: eucl-truncate-down e (x :: 0a::executable-euclidean-space) ≤x by (auto simp add : eucl-le[where 0a= 0a] truncate-down) lemma eucl-truncate-down-le: x ≤ y =⇒ eucl-truncate-down w x ≤ (y:: 0a::executable-euclidean-space) using eucl-truncate-down by (rule order .trans) lemma eucl-truncate-up-Basis[simp]: i ∈ Basis =⇒ eucl-truncate-up e x · i = truncate-up e (x · i ) by (simp add : eucl-truncate-up-def truncate-up-def ) lemma eucl-truncate-up: x ≤ eucl-truncate-up e (x :: 0a::executable-euclidean-space) by (auto simp add : eucl-le[where 0a= 0a] round-up truncate-up-def ) lemma eucl-truncate-up-le: x ≤ y =⇒ x ≤ eucl-truncate-up e (y:: 0a::executable-euclidean-space) using - eucl-truncate-up by (rule order .trans) lemma eucl-truncate-down-mono: fixes x :: 0a::executable-euclidean-space shows x ≤ y =⇒ eucl-truncate-down p x ≤ eucl-truncate-down p y by (auto simp: eucl-le[where 0a= 0a] intro!: truncate-down-mono) lemma eucl-truncate-up-mono: fixes x :: 0a::executable-euclidean-space shows x ≤ y =⇒ eucl-truncate-up p x ≤ eucl-truncate-up p y by (auto simp: eucl-le[where 0a= 0a] intro!: truncate-up-mono) lemma infnorm[code]: fixes x :: 0a::executable-euclidean-space shows infnorm x = fold max (map (λi . abs (x · i )) Basis-list) 0 by (auto simp: Max .set-eq-fold [symmetric] infnorm-Max [symmetric] infnorm-pos-le intro!: max .absorb2 [symmetric]) declare declare declare declare declare declare declare declare

Inf-real-def [code del ] Sup-real-def [code del ] Inf-prod-def [code del ] Sup-prod-def [code del ] [[code abort: Inf ::real set ⇒ real ]] [[code abort: Sup::real set ⇒ real ]] [[code abort: Inf ::( 0a::Inf ∗ 0b::Inf ) set ⇒ 0a ∗ 0b]] [[code abort: Sup::( 0a::Sup ∗ 0b::Sup) set ⇒ 0a ∗ 0b]]

lemma nth-Basis-list-in-Basis[simp]: n < length (Basis-list:: 0a::executable-euclidean-space list) =⇒ Basis-list ! n ∈ (Basis:: 0a set)

9

by (metis Basis-list nth-mem)

1.3

Representation as list

lemma nth-eq-iff-index : distinct xs =⇒ n < length xs =⇒ xs ! n = i ←→ n = index xs i using index-nth-id by fastforce lemma in-Basis-index-Basis-list: i ∈ Basis =⇒ i = Basis-list ! index Basis-list i by simp lemmas [simp] = length-Basis-list lemma P sum-Basis-sum-nth-Basis-list: P ( i ∈Basis. f i ) = ( i