| ▲ | quanto 5 hours ago | ||||||||||||||||||||||||||||
During the days I was studying/working with Coq, one visiting professor gave a presentation on defense software design. An example presented was control logic for F-16, which the professor presumably worked on. A student asked how do you prove "correctness", i.e. operability, of a jet fighter and its control logic? I don't think the professor had a satisfying answer. My question is the same, albeit more technically refined. How do you prove the correctness of a numerical algorithm (operating on a quantized continuum) using type-theoretic/category-theoretic tools like theorem provers like Coq? There are documented tragedies where numerical rounding error of the control logic of a missile costed lives. I have proved mathematical theorems before (Curry-Howard!) but they were mathematical object driven (e.g. sets, groups) not continuous numbers. | |||||||||||||||||||||||||||||
| ▲ | dwohnitmok 5 hours ago | parent | next [-] | ||||||||||||||||||||||||||||
You use floating point numbers instead of real numbers in your theorems and function definitions. This sounds flippant, but I'm being entirely earnest. It's a significantly larger pain because floating point numbers have some messy behavior, but the essential steps remain the same. I've proved theorems about floating point numbers, not reals. Although, again, it's a huge pain, and when I can get away with it I'd prefer to prove things with real numbers and assume magically they transfer to floating point. But if the situation demands it and you have the time and energy, it's perfectly fine to use Coq/Rocq or any other theorem prover to prove things directly about floating point arithmetic. The article itself is talking about an approach sufficiently low level that you would be proving things about floating point numbers because you would have to be since it's all assembly! But even at a higher level you can have theorems about floating point numbers. E.g. https://flocq.gitlabpages.inria.fr/ There's nothing category theoretic or even type theoretic about the entities you are trying to prove with the theorem prover. Type theory is merely the "implementation language" of the prover. (And even if there was there's nothing tying type theory or category theory to the real numbers and not to floats) | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||
| ▲ | tensegrist 4 hours ago | parent | prev [-] | ||||||||||||||||||||||||||||
> There are documented tragedies where numerical rounding error of the control logic of a missile costed lives. curious about this | |||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||