feat: Float axioms for simplest functions, several lemmas

Rob23oba · Rob23oba · commit b88f22d3b811 · 2025-02-19T18:38:44.000+01:00
diff --git a/Batteries/Data/Float/Axioms.lean b/Batteries/Data/Float/Axioms.lean
@@ -0,0 +1,70 @@
+/-
+Copyright (c) 2025 Robin Arnez. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Robin Arnez
+-/
+
+import Batteries.Data.Float.Basic
+import Lean.Elab.Tactic
+
+/-!
+# Axiomatic redefinition of float functions
+
+In this file, the most common floating point functions are
+axiomatically redefined to be used to later prove theorems about them.
+This is a temporary file, once there actually is a definition in
+core Lean, this will become unnecessary.
+-/
+
+-- we don't want 10 different axioms for floats, we combine them here into one
+private structure Float.AxiomSet where
+  ofBits_toBits (x : Float) : ofBits x.toBits = x
+  toBits_ofBits (x : UInt64) : (ofBits x).toBits = if isNaNBits x then 0x7ff8_0000_0000_0000 else x
+  isNaN_def (x : Float) : x.isNaN = isNaNBits x.toBits
+  isInf_def (x : Float) : x.isInf = (x.exponentPart = 2047 ∧ x.mantissa = 0)
+  isFinite_def (x : Float) : x.isFinite = (x.exponentPart < 2047)
+  neg_def (x : Float) : x.neg = ofBits (x.toBits ^^^ 0x8000_0000_0000_0000)
+
+/--
+Auxiliary axiom redefining the opaque `Float` functions.
+-/
+axiom Float.definitionAxiom : Float.AxiomSet
+
+theorem Float.ofBits_toBits (x : Float) : ofBits x.toBits = x :=
+  Float.definitionAxiom.ofBits_toBits x
+
+theorem Float.toBits_ofBits (x : UInt64) :
+    (ofBits x).toBits = if isNaNBits x then 0x7ff8_0000_0000_0000 else x :=
+  Float.definitionAxiom.toBits_ofBits x
+
+theorem Float.isNaN.eq_def (x : Float) :
+    x.isNaN = Float.isNaNBits x.toBits :=
+  Float.definitionAxiom.isNaN_def x
+
+theorem Float.isNaN.eq_1 (x : Float) :
+    x.isNaN = Float.isNaNBits x.toBits := by
+  unfold Float.isNaN; rfl
+
+theorem Float.isInf.eq_def (x : Float) :
+    x.isInf = (x.exponentPart = 2047 ∧ x.mantissa = 0) :=
+  Float.definitionAxiom.isInf_def x
+
+theorem Float.isInf.eq_1 (x : Float) :
+    x.isInf = (x.exponentPart = 2047 ∧ x.mantissa = 0) := by
+  unfold Float.isInf; rfl
+
+theorem Float.isFinite.eq_def (x : Float) :
+    x.isFinite = (x.exponentPart < 2047) :=
+  Float.definitionAxiom.isFinite_def x
+
+theorem Float.isFinite.eq_1 (x : Float) :
+    x.isFinite = (x.exponentPart < 2047) := by
+  unfold Float.isFinite; rfl
+
+theorem Float.neg.eq_def (x : Float) :
+    x.neg = ofBits (x.toBits ^^^ 0x8000_0000_0000_0000) :=
+  Float.definitionAxiom.neg_def x
+
+theorem Float.neg.eq_1 (x : Float) :
+    x.neg = ofBits (x.toBits ^^^ 0x8000_0000_0000_0000) := by
+  unfold Float.neg; rfl
diff --git a/Batteries/Data/Float/Basic.lean b/Batteries/Data/Float/Basic.lean
@@ -0,0 +1,141 @@
+/-
+Copyright (c) 2025 Robin Arnez. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Robin Arnez
+-/
+
+import Batteries.Data.Nat.Basic
+
+/-!
+# Simple functions used in the axiomatic redefinition of floats (temporary).
+-/
+
+/-- Returns whether `x` is a NaN bit pattern, that is: `Float.ofBits x = Float.nan` -/
+def Float.isNaNBits (x : UInt64) : Bool :=
+  (x >>> 52) &&& 0x7ff = 0x7ff ∧ x &&& 0x000f_ffff_ffff_ffff ≠ 0
+
+/--
+Returns the sign bit of the given floating point number, i.e. whether
+the given `Float` is negative. NaN is considered positive in this function.
+-/
+def Float.signBit (x : Float) : Bool :=
+  x.toBits >>> 63 ≠ 0
+
+/--
+Returns the exponent part of the given floating point number which is a value between
+`0` and `2047` (inclusive) describing the exponent of the floating point number.
+NaN and infinity have exponent part `2047`, `1` has exponent part `1023`, `2` has `1024`, etc.
+-/
+def Float.exponentPart (x : Float) : UInt64 :=
+  (x.toBits >>> 52) &&& 0x7ff
+
+/--
+Returns the mantissa of the given floating point number (without any implicit digits).
+-/
+def Float.mantissa (x : Float) : UInt64 :=
+  x.toBits &&& 0x000f_ffff_ffff_ffff
+
+/--
+Constructs a floating point number from the given parts (sign, exponent and mantissa).
+This function expects `exponentPart < 2047` and `mantissa < 2 ^ 52` in order to work correctly.
+-/
+def Float.fromParts (exponentPart : UInt64) (mantissa : UInt64) : Float :=
+  Float.ofBits ((exponentPart <<< 52) ||| mantissa)
+
+/--
+The floating point value "positive infinity", also used to represent numerical computations
+which produce finite values outside of the representable range of `Float`.
+-/
+def Float.inf : Float := fromParts 2047 0
+
+/--
+The floating point value "not a number", used to represent erroneous numerical computations
+such as `0 / 0`. Using `nan` in any float operation will return `nan`, and all comparisons
+involving `nan` except `!=` return `false`, including in particular `nan == nan`.
+-/
+def Float.nan : Float := fromParts 2047 0x0008_0000_0000_0000
+
+/--
+Returns a pair of values `(a, b)` such `x = a / b` (assuming `x` is finite).
+-/
+def Float.toNumDenPair (x : Float) : Int × Nat :=
+  let signMul := bif x.signBit then (-1) else 1
+  let exp := x.exponentPart
+  if exp = 0 then (x.mantissa.toNat * signMul, 1 <<< 1074)
+  else
+    let mant := x.mantissa.toNat ||| 0x0010_0000_0000_0000
+    (mant <<< (exp.toNat - 1075) * signMul, 1 <<< (1075 - exp.toNat))
+
+/--
+Divide two natural numbers, to produce a correctly rounded (nearest-ties-to-even) `Float` result.
+-/
+def Nat.divFloat (x y : Nat) : Float :=
+  if y = 0 then if x = 0 then Float.nan else Float.inf else
+  if x = 0 then Float.fromParts 0 0 else
+  -- calculate `log2 = ⌊log 2 (x / y)⌋`
+  let log2 : Int := x.log2 - y.log2
+  let log2 := if x <<< y.log2 < y <<< x.log2 then log2 - 1 else log2
+  -- if `x / y ≥ 2 ^ 1024`, return positive infinity
+  if log2 ≥ 1024 then Float.inf else
+
+  let exp := 53 - max log2 (-1022)
+  -- calculate `mantissa = round (x / y * 2 ^ (exp - 1))` (rounding nearest-ties-to-even)
+  let num := x <<< exp.toNat
+  let den := y <<< (-exp).toNat
+  let div := num / den
+  let mantissa :=
+    if div &&& 3 = 1 ∧ div * den = num then div >>> 1 else (div + 1) >>> 1
+
+  if log2 < -1022 then
+    -- subnormal
+    if mantissa = 0x0010_0000_0000_0000 then -- overflow
+      Float.fromParts 1 0 -- smallest normal float
+    else
+      Float.fromParts 0 mantissa.toUInt64
+  else
+    -- normal
+    if mantissa = 0x0020_0000_0000_0000 then -- overflow
+      -- also works for infinity
+      Float.fromParts (log2 + 1024).natAbs.toUInt64 0
+    else
+      Float.fromParts (log2 + 1023).natAbs.toUInt64
+        (mantissa.toUInt64 &&& 0x000f_ffff_ffff_ffff)
+
+/--
+Returns `sqrt (x * 2 ^ e)` as a floating point number.
+-/
+def Float.sqrtHelper (x : Nat) (e : Int) : Float :=
+  -- log 2 (sqrt (x * 2 ^ e)) = log 2 (x * 2 ^ e) / 2 = ((log 2 x) + e) / 2
+  let log2 := (x.log2 + e) >>> 1
+  if log2 ≥ 1024 then Float.inf else
+
+  -- we want `mantissa = round (sqrt (x * 2 ^ e) * 2 ^ exp)`
+  -- round (sqrt (x * 2 ^ e) * 2 ^ exp) =
+  -- round (sqrt (x * 2 ^ (e + 2 * exp)))
+  -- we want variables `expInner` and `expOuter` with
+  -- sqrt (x * 2 ^ (e + 2 * exp)) = sqrt (x * 2 ^ expInner) >>> expOuter
+  -- TODO: prove that this implementation actually works
+  let exp := 53 - max log2 (-1022)
+  let e := e + 2 * exp
+  let expInner := if e < 0 then (-e).toNat &&& 1 else e.toNat
+  let expOuter := if e < 0 then (-e).toNat >>> 1 else 0
+  let val := x <<< expInner
+  let sqrt := val.sqrt
+  let result := sqrt >>> expOuter -- result = ⌊sqrt (x * 2 ^ e) * 2 ^ exp * 2⌋
+  let mantissa :=
+    if result &&& 3 = 1 ∧ result * result = val then result >>> 1 else (result + 1) >>> 1
+
+  if log2 < -1022 then
+    -- subnormal
+    if mantissa = 0x0010_0000_0000_0000 then -- overflow
+      Float.fromParts 1 0 -- smallest normal float
+    else
+      Float.fromParts 0 mantissa.toUInt64
+  else
+    -- normal
+    if mantissa = 0x0020_0000_0000_0000 then -- overflow
+      -- also works for infinity
+      Float.fromParts (log2 + 1024).natAbs.toUInt64 0
+    else
+      Float.fromParts (log2 + 1023).natAbs.toUInt64
+        (mantissa.toUInt64 &&& 0x000f_ffff_ffff_ffff)
diff --git a/Batteries/Data/Float/Lemmas.lean b/Batteries/Data/Float/Lemmas.lean
@@ -0,0 +1,90 @@
+/-
+Copyright (c) 2025 Robin Arnez. All rights reserved.
+Released under Apache 2.0 license as described in the file LICENSE.
+Authors: Robin Arnez
+-/
+import Batteries.Data.Float.Axioms
+
+theorem Float.toBits_inj {x y : Float} : x.toBits = y.toBits ↔ x = y := by
+  constructor
+  · intro h
+    rw [← Float.ofBits_toBits x, ← Float.ofBits_toBits y, h]
+  · rintro rfl
+    rfl
+
+example : (2047 <<< 52 ||| 2251799813685248) >>> 52 &&& 2047 = 2047 := by
+  simp
+
+theorem Float.toBits_ofBits_of_isNaNBits {x : UInt64} (h : isNaNBits x) :
+    (ofBits x).toBits = 0x7ff8_0000_0000_0000 := by
+  simp only [toBits_ofBits, h, reduceIte]
+
+theorem Float.toBits_ofBits_of_not_isNaNBits {x : UInt64} (h : isNaNBits x = false) :
+    (ofBits x).toBits = x := by
+  simp only [toBits_ofBits, h, reduceIte, reduceCtorEq]
+
+@[simp]
+theorem Float.toBits_nan : nan.toBits = 0x7ff8_0000_0000_0000 := by
+  simp [nan, fromParts, toBits_ofBits_of_isNaNBits, isNaNBits, ← UInt64.toNat_inj]
+
+@[simp]
+theorem Float.isNaN_nan : nan.isNaN := by
+  rw [isNaN, Float.toBits_nan]; rfl
+
+theorem Float.isNaN_iff_eq_nan (x : Float) : x.isNaN ↔ x = nan := by
+  unfold isNaN
+  constructor
+  · intro h
+    rw [← Float.ofBits_toBits x]
+    rw [← Float.toBits_inj, Float.toBits_ofBits]
+    simp only [h, reduceIte, Float.toBits_nan]
+  · intro h
+    rw [h, Float.toBits_nan]
+    rfl
+
+theorem Float.neg_def (x : Float) : -x = x.neg := rfl
+
+@[simp]
+theorem Float.neg_nan : -nan = nan := by
+  rw [Float.neg_def, neg, toBits_nan]
+  rw [← Float.isNaN_iff_eq_nan, isNaN, toBits_ofBits]
+  simp [isNaNBits, ← UInt64.toNat_inj]
+
+protected theorem Float.neg_neg (x : Float) : -(-x) = x := by
+  by_cases h : x = nan
+  · rw [h, neg_nan, neg_nan]
+  · simp only [Float.neg_def, Float.neg]
+    rw [toBits_ofBits_of_not_isNaNBits, ← Float.toBits_inj, toBits_ofBits_of_not_isNaNBits]
+    · simp only [← UInt64.toNat_inj, UInt64.toNat_xor, UInt64.reduceToNat]
+      rw [Nat.xor_assoc, Nat.xor_self, Nat.xor_zero]
+    repeat
+    · rw [← Float.isNaN_iff_eq_nan, isNaN] at h
+      simpa [isNaNBits, ← UInt64.toNat_inj, Nat.shiftRight_xor_distrib,
+        Nat.and_xor_distrib_right] using h
+
+theorem Float.neg_eq_nan_iff {x : Float} : -x = nan ↔ x = nan := by
+  constructor
+  · intro h
+    rw [← Float.neg_neg x, h, neg_nan]
+  · intro h
+    rw [h, neg_nan]
+
+theorem Float.exponentPart_neg (x : Float) : (-x).exponentPart = x.exponentPart := by
+  by_cases h : x = nan
+  · rw [h, neg_nan]
+  · rw [neg_def, neg, exponentPart, exponentPart]
+    rw [toBits_ofBits_of_not_isNaNBits]
+    · simp [← UInt64.toNat_inj, Nat.shiftRight_xor_distrib, Nat.and_xor_distrib_right]
+    · rw [← Float.isNaN_iff_eq_nan, isNaN] at h
+      simpa [isNaNBits, ← UInt64.toNat_inj, Nat.shiftRight_xor_distrib,
+        Nat.and_xor_distrib_right] using h
+
+theorem Float.mantissa_neg (x : Float) : (-x).mantissa = x.mantissa := by
+  by_cases h : x = nan
+  · rw [h, neg_nan]
+  · rw [neg_def, neg, mantissa, mantissa]
+    rw [toBits_ofBits_of_not_isNaNBits]
+    · simp [← UInt64.toNat_inj, Nat.and_xor_distrib_right]
+    · rw [← Float.isNaN_iff_eq_nan, isNaN] at h
+      simpa [isNaNBits, ← UInt64.toNat_inj, Nat.shiftRight_xor_distrib,
+        Nat.and_xor_distrib_right] using h
diff --git a/Batteries/Lean/Float.lean b/Batteries/Lean/Float.lean
@@ -4,20 +4,9 @@
  Authors: Mario Carneiro
 -/
 
-namespace Float
-
-/--
-The floating point value "positive infinity", also used to represent numerical computations
-which produce finite values outside of the representable range of `Float`.
--/
-def inf : Float := 1/0
+import Batteries.Data.Float.Basic
 
-/--
-The floating point value "not a number", used to represent erroneous numerical computations
-such as `0 / 0`. Using `nan` in any float operation will return `nan`, and all comparisons
-involving `nan` return `false`, including in particular `nan == nan`.
--/
-def nan : Float := 0/0
+namespace Float
 
 /-- Returns `v, exp` integers such that `f = v * 2^exp`.
 (`e` is not minimal, but `v.abs` will be at most `2^53 - 1`.)
@@ -74,24 +63,6 @@ def toStringFull (f : Float) : String :=
 
 end Float
 
-/--
-Divide two natural numbers, to produce a correctly rounded (nearest-ties-to-even) `Float` result.
--/
-protected def Nat.divFloat (a b : Nat) : Float :=
-  if b = 0 then
-    if a = 0 then Float.nan else Float.inf
-  else
-    let ea := a.log2
-    let eb := b.log2
-    if eb + 1024 < ea then Float.inf else
-    let eb' := if b <<< ea ≤ a <<< eb then eb else eb + 1
-    let mantissa : UInt64 := (a <<< (eb' + 53) / b <<< ea).toUInt64
-    let rounded := if mantissa &&& 3 == 1 && a <<< (eb' + 53) == mantissa.toNat * (b <<< ea) then
-      mantissa >>> 1
-    else
-      (mantissa + 1) >>> 1
-    rounded.toFloat.scaleB (ea - (eb' + 52))
-
 /--
 Divide two integers, to produce a correctly rounded (nearest-ties-to-even) `Float` result.
 -/
