An Imperative Language for Verified Exact Real-Number Computation

TL;DR

Clerical is a new imperative programming language designed for verified exact real-number computations, integrating nondeterminism, local state, and limits, with formal semantics and correctness proofs.

Contribution

It introduces Clerical, combining imperative programming with nondeterminism and limits, supported by a formal semantics, logic, and verified implementation for exact real computations.

Findings

Developed a domain-theoretic denotational semantics for Clerical

Formulated a sound Hoare-style specification logic

Implemented and verified a program computing π in OCaml and Coq

Abstract

We introduce Clerical, a programming language for exact real-number computation that combines first-order imperative-style programming with a limit operator for computation of real numbers as limits of Cauchy sequences. We address the semidecidability of the linear ordering of the reals by incorporating nondeterministic guarded choice, through which decisions based on partial comparison operations on reals can be patched together to give total programs. The interplay between mutable state, nondeterminism, and computation of limits is controlled by the requirement that expressions computing limits and guards modify only local state. We devise a domain-theoretic denotational semantics that uses a variant of Plotkin powerdomain construction tailored to our specific version of nondeterminism. We formulate a Hoare-style specification logic, show that it is sound for the denotational semantics, and illustrate the setup by implementing and proving correct a program for computation of $\pi$ as the least positive zero of $\sin$. The modular character of Clerical allows us to compose the program from smaller parts, each of which is shown to be correct on its own. We provide a proof-of-concept OCaml implementation of Clerical, and formally verify parts of the development, notably the soundness of specification logic, in the Coq proof assistant.