Coinductive Proofs for Basic Real Computation - Semantic Scholar

Coinductive Proofs for Basic Real Computation Tie Hou University of Wales Swansea, Swansea, SA2 8PP, Wales UK [email protected]

Abstract. We describe two representations for real numbers, signed digit streams and Cauchy sequences. We give coinductive proofs for the correctness of functions converting between these two representations to show the adequacy of signed digit stream representation. We also show a coinductive proof for the correctness of a corecursive program for the average function with regard to the signed digit stream representation. We implemented this proof in the interactive proof system Minlog. Thus, reliable, corecursive functions for real computation can be guaranteed, which is very helpful in formal software development for real numbers. Keywords: Real computation, Coinductive proof, Signed digit streams, Computability, Minlog.

1

Introduction

Computers are widely used for scientific applications in different fields, such as mathematics, physics, engineering and so on. The modeling of problems in above areas with a desirable accuracy requires considerable amount of computational effort. As the computational complexity increases, the risk of round off errors also increases. No matter how much precision is offered, these computations are not guaranteed to produce reliable results. Such unreliable computational results obtained may be useless to real-life problems, even may cause serious consequences. Therefore, a mathematical model of exact computation is highly desirable. This applies in particular to computations concerned with real numbers. In the current computer model of real numbers through floating point numbers, the computer memory stores the approximations of (possibly irrational) real numbers, which truncate at a fixed rate precision. The probability that this yields inaccurate results is high, especially if these numbers are used as intermediate results. Hence, it is necessary to have more accurate representation of real numbers and algorithms to implement the computations using these representations. Aiming at the above purpose, a wealth of alternative approaches are proposed, including interval arithmetic, stochastic arithmetic, multiple-precision arithmetic and exact arithmetic. Exact real arithmetic is a method of performing arithmetic operations whose results are guaranteed to be completely accurate, based on potentially infinite data structures such as streams. There are a number of alternative representations used for exact real arithmetic, such as any integral A. Beckmann et al. (Eds.): CiE 2006, LNCS 3988, pp. 221–230, 2006. c Springer-Verlag Berlin Heidelberg 2006

222

T. Hou

base with negative digits, base 2/3 with binary digits, nested sequences of rational intervals, Cauchy sequences, continued fractions ([8]), base golden-ratio with binary digits, and linear fractional transformations ([6]). Meanwhile, many algorithms have been proposed for real computations using these representations. However, few give formal proofs for the algorithms. More recently, Chirimar and Howe ([4]) represented real numbers by Cauchy sequences and implemented real analysis in Nuprl based on the type theory. Plume ([13]) gave algorithms for the basic arithmetic operations, transcendental functions, integration, and function minimum and maximum. Only informal proofs of correctness for some algorithms were shown. Formalisation of real numbers using corecursive streams as a coinductive type was discussed in [5], [3], [1] in the logical framework Coq. Lenisa ([11]) introduced set-theoretic generalizations of the coinduction proof principle in the view of bisimulation. However, the usual coinduction, based on bisimulation, is not expressive enough for the equality on real numbers, due to the redundancy of representation. In contrast, our approach is based on classical set theory and conventional mathematical reasoning. Coinduction is a method of growing importance in reasoning about functional languages, due to the increasing prominence of lazy data structure. What is more, the proof of coinductive assertions is easy to implement in proof assistants like Minlog, Coq and so on. The average function for signed digit streams in this paper has been implemented in the Minlog system. See also [14] for other proof developments in Minlog based on the Cauchy sequence representation of real numbers. 1.1

Contributions

The main contributions of this paper are: – (a) We define (in Section 2) a general lemma on closure properties of coinductively defined relations. – (b) We define (in Section 3) coinductive representations of real numbers by signed digit streams and Cauchy sequences. – (c) We give (in Section 4) coinductive proofs for the correctness of functions converting between the representations in (b). – (d) We give (in Section 5) coinductive proofs for the correctness of the average function for signed digit stream representation.

2

Coinduction

In this section we introduce the concept of coinduction from a classical settheoretic point of view. We prove a general lemma on closure properties of coinductive sets, which will be useful later. 2.1

Coinductive Relations as Largest Fixed Points

Let A be a set and ℘(A) := {X|X ⊆ A} its power set. An operation Φ : ℘(A) → ℘(A), is monotone iff X ⊆ Y implies Φ(X) ⊆ Φ(Y ).

Coinductive Proofs for Basic Real Computation

223

For any X, Y ⊆ A, it is well-known that any monotone operation Φ has a least and a largest fixed point, XΦ and X Φ respectively, that is, Φ(XΦ ) = XΦ , Φ(X Φ ) = X Φ , and for any other fixed point Y ⊆ A of Φ (i.e. Φ(Y ) = Y ) we have XΦ ⊆ Y ⊆ X Φ . The sets XΦ and X Φ can be defined by XΦ := {Y |Y ⊆ A, Φ(Y ) ⊆ Y } X Φ := {Y |Y ⊆ A, Y ⊆ Φ(Y )} It is easy to see that the monotonicity of Φ implies the required properties of XΦ and X Φ . In the following, we will concentrate on the largest fixed point, X Φ . By definition of X Φ , we have for any set Y ⊆ A that Y ⊆ Φ(Y ) implies Y ⊆ X Φ . This principle is called coinduction. In applications, the operation Φ is usually described by a formula F [X, a] as Φ(X) := {a ∈ A|F [X, a]}. In this case the monotonicity of Φ is guaranteed by the condition that X does only occur positively in F [X, a]. For our purposes it will suffice to consider formulae of the form F [X, a] :≡ X f (a) ∧ a ∈ B, where f : A → A is a fixed function and B is a fixed subset of A, hence, Φ(X) := f −1 (X) ∩ B. In this particular case the coinductive principle reads (setting X f,B := X Φ ), coindf,B (Y )

∀a ∈ A (a ∈ Y ⇒ f (a) ∈ Y ∧ a ∈ B) ∀a ∈ A (a ∈ Y ⇒ a ∈ X f,B )

The closure condition, X Φ ⊆ Φ(X Φ ), then reads clf,B (X f,B )

∀a ∈ A(a ∈ X f,B ⇒ f (a) ∈ X f,B ∧ a ∈ B).

Because in fact X Φ = Φ(X Φ ), the reverse of this implication holds as well. We will simply say that X f,B is coinductively defined by clf,B . 2.2

Closure Properties of Coinductive Relations

Consider r ⊆ A, which is coinductively defined by B ⊆ A and f : A → A (that is, r = X f,B in the notation above; we write interchangeably r(a) for a ∈ r). (r) ∀a ∈ A r(a) ⇒ B(a) ∧ r(f (a)) (1) We are interested in the question under which conditions r is closed under a given function. The following lemma takes care of a slightly more general situation. Lemma 1. Given g : X → X, h : X → A, s ⊆ X, s.t. for all x ∈ X, if s(x) then 1. s(g(x)) 2. f (h(x)) = h(g(x)) 3. B(h(x)) Then ∀x ∈ X s(x) ⇒ r(h(x)) .

224

T. Hou

Proof. Set r(a) :≡ ∃x ∈ X s(x)∧a = h(x)∧r(a) . We need to show that (1) holds when r is replaced by r. It is given that s(x) ⇒ B h(x) , that is, B(a) holds. By (1) we know that r(a) ⇒ r(f (a)). It is also given that f (a) = f h(x) = h g(x) and s(x) ⇒ s g(x) . Therefore, ∃g(x) ∈ X s g(x) ∧ f (a) = h g(x) ∧ r(f (a)) , that is, r(f (a)) holds. Hence, by coinduction ( r) ∀a r(a) ⇒ B(a) ∧ r(f (a)) r ⊆ r ∀a r(a) ⇒ r(a) follows r ⊆ r. Now assume s(x). Set a := h(x). Then r(a) implies r(a) since r ⊆ r, that is, r(h(x)). Hence we have shown ∀x ∈ X s(x) ⇒ r(h(x)) . Corollary 1. Let r ⊆ A be coinductively defined by f and B and assume that for all a, b ∈ A 1. f (h(a, b)) = h(f (a), f (b)) 2. r(a) ∧ r(b) ⇒ B(h(a, b)) Then ∀a, b r(a) ∧ r(b) ⇒ r(h(a, b)) . Proof. By Lemma 1 where X = A × A, s = r × r, g = f × f (that is, g(a, b) = f (a), f (b) ).

3

Coinductive Representations of Real Numbers by Signed Digit Streams and Cauchy Sequences

In this section we show how to represent real numbers by streams of signed digits (-1,0,1) and Cauchy sequences of rational numbers using coinductively defined representation relations. We will prove that these representations are equivalent to the usual ones involving the notion of infinite sum and limits from analysis. If X is a set, then [X] denotes the set of infinite streams of elements in X(i.e. [X] = X IN ). If xs = (x0 : x1 : x2 : . . .) ∈ [X], then we set head(xs) = x0 , tail(xs) = (x1 : x2 : x3 : . . .). 3.1

Coinductive Representation by Signed Digit Streams

Let SD := {−1, 0, 1} be the set of signed digits and [SD] the set of signed digit streams. Let ds = (d0 : d1 : d2 : . . .) be a signed digit stream. Then the real number r in the interval [-1, 1] that is represented by ds will be r=

∞

di · 2−(n+1)

(2)

n=0

In order to represent all real numbers r, we use an exponential factor 2k where k ∈ ZZ as follows. ∞ r = 2k · di · 2−(n+1) (3) n=0


225

Hence, we define the set of signed digit stream representations of real numbers as SDR := [SD]×ZZ. In order to be able to convince ourselves that the above representation is correct, a function SDT oReal, based on (3), converting from signed digit streams to real numbers is needed. Definition 1. For every k ∈ ZZ, we define SDT oReal : SDR → IR,

SDT oReal(ds, k) = 2k ·

∞

di · 2−(n+1)

n=0

According to Definition 1, we have the following lemma. Lemma 2. For every k ∈ ZZ, SDT oReal(ds, k) = 2k−1 · head(ds) + SDT oReal(tail(ds), k − 1). Especially, SDT oReal(ds, 0) = head(ds) + SDT oReal(tail(ds), 0) /2, when k = 0, that is, r ∈ [−1, 1]. Lemma 2 suggests the following coinductive definition of a relation ∼⊆ SDR×IR with the intended meaning (ds, k) ∼ r ⇔ SDT oReal(ds, k) = r. Definition 2 (Coinductive definition of (ds, k) ∼ r). We coinductively define a relation ∼⊆ SDR × IR by (∼)

(ds, k) ∼ r ⇒ |r| ≤ 2k ∧ (tail(ds), k − 1) ∼ r − 2k−1 · head(ds)

(4)

For the case k = 0, for short, we use the following coinductive definition.

Definition 3 (Coinductive definition of ds ∼ x). We coinductively define a relation ∼ ⊆ [SD] × [−1, 1] by

(∼ )

ds ∼ x ⇔ |x| ≤ 1 ∧ tail(ds) ∼ 2 · x − head(ds)

(5)

We can prove the correctness of above coinductively defined representation relations by the following lemmas.

Lemma 3. For every x ∈ [−1, 1], ds ∼ x ⇔ SDT oReal(ds, 0) = x. Proof. =⇒: That is to show

∀n ∈ IN ds ∼ x ⇒ |SDT oReal(ds, 0) − x| ≤ 21−n

(6)

By induction on n. n = 0 : by Definition 3, we can get ds ∼ x ⇒ |x| ≤ 1. By Definition 1, it is easy to see that SDT oReal(ds, k) ∈ [−2k , 2k ] ⇒ SDT oReal(ds, 0) ∈ [−1, 1]. Hence, |SDT oReal(ds, 0) − x| ≤ 2 = 21−0 , that is (6) holds. n = n + 1 : Now assume ds ∼ x ⇒ |SDT oReal(ds, 0) − x| ≤ 21−n holds, we need to show that ds ∼ x ⇒ |SDT oReal(ds, 0)−x| ≤ 21−(n+1) holds. By Defini x ⇒ tail(ds) ∼ 2 · x − head(ds). tion 3, we can get ds ∼

226

T. Hou

By I.H., we know that |SDT oReal(tail(ds), 0) − (2 · x − head(ds))| ≤ 21−n . By Lemma 2, we know 2 · SDT oReal(ds, 0) = head(ds) + SDT oReal(tail(ds), 0). Hence, |SDT oReal(ds, 0) − x| = |2 · SDT oReal(ds, 0) − 2 · x|/2 = |SDT oReal(tail(ds), 0) + head(ds) − 2 · x|/2 ≤ 21−n /2 = 21−(n+1) . Therefore, (6) is proved. ⇐=: By coinduction. Set Y := {(ds, x)|SDT oReal(ds, 0) = x}. We need to show Y ⊆∼ . By the principle of coinduction it suffices to show 1. f (ds, x) ∈ Y , that is, (tail(ds), 2 · x − head(ds)) ∈ Y 2. (ds, x) ∈ B, that is, |x| ≤ 1 Condition 1 holds by Lemma 2. We have |x| ≤ 1, so condition 2 holds.

Lemma 4. For every k ∈ ZZ, r ∈ IR, (ds, k) ∼ r ⇒ ds ∼ 2−k · r. Proof. We apply Lemma 1. We define g, f, h by g((ds, k), r) = (tail(ds), k − 1), r − 2k−1 · head(ds) , f (ds, x) = (tail(ds), 2 · x − head(ds)), h((ds, k), r) = (ds, 2−k · r). Now we need to show that the three conditions in Lemma 1 hold. k where C((ds, k), r) :≡ |r| Condition 1 holds by clg,C (∼), ≤ 2 . It is easy to −(k−1) see f h((ds, k), r) = tail(ds),2 · r −head(ds) = h g((ds, k), r) . Hence, condition 2 holds. We know B h((ds, k), r) = |2−k · r| ≤ 1, that is, condition 3 holds. Therefore, by Lemma 1, we get (ds, k) ∼ r ⇒ ds ∼ 2−k · r.

Lemma 5. For every k ∈ ZZ, x ∈ [−1, 1], ds ∼ x ⇒ (ds, k) ∼ 2k · x. Proof. For lack of space, the proof which is similar to Lemma 4 is omitted. 3.2

Coinductive Representation by Cauchy Sequences

We call a sequence xs = (xs0 : xs1 : . . .) of rational numbers (xsi ∈ Q) an l-Cauchy sequence if ∀n∀m ≥ n.|xsn − xsm | ≤ 2l−n , where xsi represents the i-th element of the Cauchy sequence. We set CR = [Q] × ZZ. We coinductively define a relation ∼c ⊆ CR × IR with the intended meaning (xs, l) ∼c r ⇔ xs is an l-Cauchy sequence converging to r. Definition 4 (Coinductive definition of (xs, l) ∼c r). For every (xs, l) ∈ CR, r ∈ IR, we define a relation ∼c ⊆ CR × IR by (∼c )

(xs, l) ∼c r ⇒ |head(xs) − r| ≤ 2l ∧ (tail(xs), l − 1) ∼c r

(7)

We can prove the correctness of this definition by the following lemma. Lemma 6. For every (xs, l) ∈ CR, r ∈ IR, (xs, l) ∼c r ⇔ ∀n.|xsn − r| ≤ 2l−n . Proof. Similar to the proof of Lemma 3.


4

227

Adequacy of the Signed Digit Stream Representation

We consider the Cauchy sequence representation of real numbers as the standard one. We call any other representation adequate if there are computable back-and-forth translations between these two representations. The concept of computability on infinite streams can be explained by means of ’Oracle Turing machine’ (Alan Turing ([15])). More recent accounts of the complexity of stream functions are studied by e.g. Ko ([10]) and Weihrauch ([16]). Hence, in order to show that the signed digit stream representation is adequate, we need to provide computable functions SDT C : SDR → CR and CT SD : CR → SDR, such that for all r ∈ IR, 1. ∀(ds, k) ∈ SDR (ds, k) ∼ r ⇒ SDT C(ds, k) ∼c r 2. ∀(xs, l) ∈ CR (xs, l) ∼c r ⇒ CT SD(xs, l) ∼ r Definition 5. For every k ∈ IN, we define

SDT C : IN × Q × [SD] → [Q] SDT C (k, q, ds) = q + 2k−1 · head(ds)

: SDT C (k − 1, q + 2k−1 · head(ds), tail(ds)). Then we set SDT C(ds, k) := SDT C (k, 0, ds), k + 1 .

The definition of SDT C is an instance of a well-known corecursion scheme for defining infinite streams. More general schemes of corecursion are discussed, for example, in recent work of Buchholz ([2]). Lemma 7 (Convert from SD to Cauchy)

∀ds, k, r, q[(ds, k) ∼ r ⇒ (SDT C (k, q, ds), k + 1) ∼c q + r] Proof. We use Lemma 1. We define g, f, h by g((ds, k), r) = (tail(ds), k − 1), r − 2k−1 · head(ds) , f ((xs, l), r) = ((tail(xs), l−1), r), h((ds, k), r) = (SDT C (k, q, ds), k+1), q+r . Now we need to show that three conditions in Lemma 1 hold. Condition 1 holds by clg,C (∼c ), where C((xs, l), r) :≡ |head(xs) − r| ≤ 2l . k−1 We can get f h((ds, k), r) = SDT C (k − 1, q + 2 · head(ds), tail(ds)), k , q + r = h g((ds, k), r) . Hence, condition 2 holds. We know B h((ds, k), r) = |head(SDT C (k, q, ds)) − r| < 2k+1 , that is, condition 3 holds. Therefore, by Lemma 1, we get ∀ds, k, r, q[(ds, k) ∼ r ⇒ (SDT Ck (q, ds), k + 1) ∼c q + r]. Since from the third element of an l-Cauchy sequence, it is easy to decide in which part of the interval r is, according to Lemma 6, function CT SD can be defined as follows.

228

T. Hou

Definition 6. For every n ∈ IN, we define

CT SD : IN × CR → SDR CT SD (n, (xs, l)) = (d0 : ds, k + 1) where

k

= max(l, 1 + log2 |y|)

y

= head(xs) − n ⎧ if |y| ≤ 2k−1 ⎨0 if y < −2k−1 = −1 ⎩ 1 if y > 2k−1 = f st CT SD ((n + 2k−1 · head(ds)), (tail(xs), l − 1))

d0 ds

Then we set CT SD(xs, l) := CT SD (0, (xs, l)). Lemma 8 (Convert from Cauchy to SD) ∀xs, l, r, n[(xs, l) ∼c r ⇒ CT SD n, (xs, l) ∼ r − n] Proof. By an application of Lemma 1, similar to the proof of Lemma 7.

Lemma 7 and Lemma 8 show the coherence between models of representations and their implementations. Hence, the adequacy of signed digit stream representation is proved.

5

Average of Signed Digit Streams

The average function plays an important role as a tool to get other computable functions, e.g. [7]. In the following we define the average function on real numbers in the interval [-1, 1]. Then we give the coinduction proof of its correctness. In order to calculate the average of two signed digit streams, a carry function that takes two digits as the input should be defined as follows( a0 = head(a), b0 = head(b), a1 = head(head(a)), b1 = head(head(b))). ⎧ if a0 + b0 = 2 ⎪ ⎪1 ⎪ ⎪ 0 if a0 + b0 = 0 ⎪ ⎪ ⎪ ⎪ if a0 + b0 = −2 ⎨ −1 if a0 + b0 = 1 ∧ a1 + b1 > 0 carry(a, b) = 1 ⎪ ⎪ if a0 + b0 = 1 ∧ a1 + b1 ≤ 0 ⎪0 ⎪ ⎪ ⎪ if a0 + b0 = −1 ∧ a1 + b1 < 0 ⎪ −1 ⎪ ⎩ 0 if a0 + b0 = −1 ∧ a1 + b1 ≥ 0 The average of signed digit streams is defined via an auxiliary function: Definition 7 (Corecursive definition of function avA). For every a, b ∈ [SD], we define the auxiliary function avA as follows. avA : [SD] → [SD] → [SD] avA (a, b) = (head(a) + head(b) − 2 · carry(a, b) + carry(tail(a), tail(b))) :

avA(tail(a), tail(b))


229

Using avA, the average function can be easily defined by: Definition 8 (Average function av). For every a, b ∈ [SD], we define average fuction av : [SD] → [SD] → [SD], av(a, b) = carry(a, b) : avA(a, b). We can prove the correctness of the auxiliary function of average by the following lemma. Lemma 9 (Auxiliary function of average). For every a, b ∈ [SD], x, y ∈ [−1, 1], a ∼ x ∧ b ∼ y ⇒ avA(a, b) ∼ x + y − carry(a, b). Proof. According to Corollary 1, define f, B, h by f (a, x) = (tail(a), 2 · x − head(a)), B(a, x) = |x| ≤ 1, h((a, x), (b, y)) = (avA(a, b), x + y − carry(a, b)). We need to show 1. tail(avA(a, b)) = avA(tail(a), tail(b)) 2. 2·(x+y −carry(a, b))−head(avA(a, b)) = (2·x−head(a))+(2·y −head(b))− carry(tail(a), tail(b)) 3. |x + y − carry(a, b)| ≤ 1 Obviously, condition 3 holds. By Definition 7, it is easy to find that tail(avA(a, b)) = avA(tail(a), tail(b)). Condition 1 is proved. Using Definition 7 to calculate head(avA(a, b)), condition 2 is also proved. Therefore, by Corollary 1, we get a ∼ x∧b ∼ y ⇒ avA(a, b) ∼ x + y − carry(a, b). The correctness of the average function is proved as follows. Lemma 10 (Average function). For every a, b ∈ [SD], x, y ∈ [−1, 1], a ∼ x ∧ b ∼ y ⇒ av(a, b) ∼ (x + y)/2.

Proof. By Lemma 9, we can get a ∼ x∧b ∼ y ⇒ avA(a, b) ∼ x+y−carry(a, b). By Definition 8, we can get avA(a, b) ∼ x + y − carry(a, b) ⇒ tail(av(a, b)) ∼ x + y − head(av(a, b)). Obviously, |(x + y)/2| ≤ 1. By Definition 3, we can get tail(av(a, b)) ∼ x + y − head(av(a, b)) ⇒ av(a, b) ∼ (x + y)/2.

6

Conclusion and Future Work

Using a general lemma on closure properties of coinductively defined relations, we have coinductively proved the correctness of the basic arithmetic operation average and operations that convert between signed digit streams and l-Cauchy sequences. Parts of these proofs have been implemented in the Minlog system. This shows that coinductive proofs are very helpful in developing correct functions for real computations. We hope the coinductive methods will further narrow the gap between theory and practice in the formal development of reliable software systems. As future work within this topic, we intend to perform coinductive proofs of multiplication and division functions for the signed digit stream representation. Also left to future research is to compare the efficiency of different proof methods in finding logical errors which normal testing can not discover.

230

T. Hou

Acknowlegdements I would like to thank Ulrich Berger for many discussions about this paper. I have benefited a lot from him. And also thanks to the anonymous referees for their comments.

References 1. Bertot, Y.: Coinduction in Coq. In Lecture Notes of TYPES Summer School 2005, August 15-26 2005, Sweden, vol. II (2005). http://www.cs.chalmers.se/Cs/ Research/Logic/TypesSS05/Extra/bertot.pdf 2. Buchholz, W.: A term calculus for (co-)recursive definitions on streamlike datastructures. Annals of Pure and Applied Logic, Volume 136 (2005) 75–90. 3. Ciaffaglione, A., Gianantonio, Di: A certified, corecursive implementation of exact real numbers. Theoretical Computer Science, Volume 351 (2006) 39–51. 4. Chirimar, J., Howe, D.J.: Implementing constructive real analysis: preliminary report. LNCS 613 (1992) 165–178. 5. Ciaffaglione, A.: Certified reasoning on real numbers and objects in co-inductive type theory. PHD Thesis. Department of Mathematics and Computer Science, University of Udine, and INPL-ENSMNS, Nancy, France (2003). 6. Edalat, A., Heckmann, R.: Computing with real numbers - I. The LFT approach to real number computation - II. A domain framework for computational geometry. In: Barthe G, Dybjer P, Pinto L, Saraiva J, editors, International summer school on applied semantics, Caminha, Portugal, Berlin, Springer-Verlag (2002) 193–267. 7. Escardo, M.H., Simpson, A.: A universal characterization of the closed Euclidean interval (extended abstract). Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science, Boston, Massachusetts (2001) 115–125. 8. Gibbons, J.: Streaming Representation-Changers. LNCS 3125 (2004) 142–168. 9. Jones, C.: Completing the rationals and metric spaces in LEGO. In Huet, G. and Plotkin, G., editors, Proceedings of the Second Annual Workshop on Logical Frameworks (1992). 10. Ko, Ker-I: Complexity theory of real functions. Birkhauser, Boston (1991). 11. Lenisa, M.: From Set-theoretic Coinduction to Coalgebraic Coinduction: some results, some problems. Coalgebraic Methods in Computer Science CMCS’99 Conference Proceedings, B. Jacobs, J. Rutten eds., ENTCS vol. 19 (1999). 12. Niqui, M.: Formalising exact arithmetic in type theory. In S. B. Cooper, B. Lowe, and L. Torenvliet, editors, New Computational Paradigms: First Conference on Computability in Europe, CiE 2005, Amsterdam, The Netherlands, June 8 12, 2005. Proceedings, LNCS 3526 (2005) 368–377. 13. Plume, D.: A Calculator for Exact Real Number Computation. 4th year project. Departments of Computer Science and Artificial Intelligence, University of Edinburgh (1998). 14. Schwichtenberg, Helmut: Inverting monotone continuous functions in constructive analysis. To appear in Proc. CiE 2006, Swansea (2006). 15. Turing, A.M.: Systems of logic based on ordinals. Proc. London Math. Soc. 45 (1939) 161–228. 16. Weihrauch, K.: Computable analysis, an introduction. Springer-Verlag (2000).