Coinductive Formal Reasoning in Exact Real Arithmetic

In this article we present a method for formally proving the correctness of the lazy algorithms for computing homographic and quadratic transformations – of which field operations are special cases– on a representation of real numbers by coinductive streams. The algorithms work on coinductive stream of M"{o}bius maps and form the basis of the Edalat–Potts exact real arithmetic. We use the machinery of the Coq proof assistant for the coinductive types to present the formalisation. The formalised algorithms are only partially productive, i.e., they do not output provably infinite streams for all possible inputs. We show how to deal with this partiality in the presence of syntactic restrictions posed by the constructive type theory of Coq. Furthermore we show that the type theoretic techniques that we develop are compatible with the semantics of the algorithms as continuous maps on real numbers. The resulting Coq formalisation is available for public download.

💡 Research Summary

This paper presents a comprehensive formalisation of exact real arithmetic using coinductive streams within the Coq proof assistant. The authors adopt the Edalat‑Potts framework, where a real number is represented as an infinite stream of nested intervals, each interval being the image of a Möbius (linear‑fractional) map. The intersection of all intervals yields a unique real value, and this representation subsumes familiar decimal, ternary, and other digit‑based encodings.

Two central algorithms are examined: the homographic (or Möbius) transformation and the quadratic transformation. The homographic algorithm applies a single Möbius map to an input stream, producing a new stream that corresponds to elementary field operations such as addition, subtraction, and multiplication. The quadratic algorithm combines two input streams to realise multiplication, squaring, and division, essentially implementing the second‑order operations required for a full field structure. Both algorithms are lazy: they refine intervals only as needed, and they may terminate after a finite number of steps for certain inputs. Consequently, they are only partially productive—they do not guarantee an infinite output stream for every possible input.

Coq’s native support for coinductive types relies on a syntactic guardedness condition: every recursive call must appear directly under a constructor. This condition ensures productivity but also excludes partially productive definitions. The authors therefore devise a novel approach that relaxes the strict guardedness requirement while remaining within Coq’s type‑theoretic constraints. Their technique introduces a conditional guard combined with a partial productivity predicate. In practice, the definition of each algorithm is expressed as a cofix term whose body contains explicit checks that the recursive call is guarded only when the current input satisfies a decidable condition (e.g., the interval width is below a threshold). When the condition fails, the computation yields a finite prefix and stops, which Coq accepts because the guard is satisfied on the branch that recurs.

The formal development proceeds in several layers. First, a coinductive predicate RealStream relates a stream of Möbius maps to the real number it denotes. Lemmas about convergence, monotonicity of the interval maps, and preservation of the intersection property are proved coinductively. Second, the authors define the homographic and quadratic functions as cofix terms, together with auxiliary lemmas that establish their soundness: the real number represented by the output stream equals the mathematical result of applying the corresponding continuous function to the input real(s). Third, they prove completeness: for any pair of real numbers, the algorithms can be instantiated (by appropriate choice of Möbius parameters) to compute the desired field operation, provided the inputs are represented by valid streams. The proofs make essential use of the continuity of the underlying transformations, ensuring that the partial productivity does not compromise correctness.

A significant contribution is the demonstration that the formalisation is representation‑independent. The only requirements on a concrete stream representation are that it can be expressed as a coalgebra for the functor Stream (MöbiusMap) and that the associated RealStream predicate holds. Consequently, the same Coq development can be instantiated for ternary streams, signed digit streams, or any other admissible encoding, simply by providing the appropriate constructors and proofs of the basic lemmas.

The paper situates its work within a rich body of related research. Prior Coq formalizations of exact reals (e.g., by Ciaffaglione‑Di Gianantonio, Bertot, Hou) focused on total, fully productive functions and did not address division or other operations that inherently involve partial productivity. The authors’ approach bridges this gap, offering the first Coq‑verified, partially productive algorithms that together yield a complete field of exact reals. Moreover, the treatment of partial productivity aligns with earlier work on partial recursion for inductive types, but extends it to the coinductive setting of infinite objects.

All Coq scripts, definitions, and proofs are made publicly available, enabling other researchers to reuse the framework, adapt it to alternative stream encodings, or extend it with higher‑level functions such as trigonometric, exponential, and logarithmic operations. The authors also outline future directions: automating the generation of conditional guards, integrating more sophisticated interval refinement strategies, and exploring categorical semantics that capture the weakly final coalgebra nature of the coinductive real type.

In summary, the paper delivers a rigorous, mechanised verification of lazy exact real arithmetic algorithms that are only partially productive, demonstrates how to reconcile Coq’s guardedness constraints with such algorithms, and provides a flexible, representation‑agnostic foundation for further development of certified exact real computation.