Metalevel Interval Arithmetic and Verifiable Constraint Solving Timothy J. Hickey Michtom School of Computer Science Volen Center for Complex Systems Brandeis University, USA tim@cs.brandeis.edu October 19, 2001 Abstract CLIP is an implementation of CLP(Intervals) which has been designed to be verifiably correct in the sense that the answers it returns are mathematically correct solutions to the underlying arithmetic constraints. This fundamental design criteria affects many aspects of the implementation from the input and output of decimal constants to the design of the interval arithmetic libraries and the con- straint solving algorithms. In particular, to enhance verifiability, CLIP employs the simplest model of constraint solving in which constraints are decomposed into sets of primitive constraints which are then solved using a library of primitive constraint contractors. This approach results in a simple con- straint solver whose correctness is relatively straightforward to verify, but the solver is only able to solve relatively simple constraints. In this paper, we present the syntax, semantics, and implementation of CLIP, and we show how to use metalevel techniques to enhance the power of the CLIP constraint solver while preserving the simple structure of the system. In particular, we demonstrate that several of the box-narrowing algorithms from the Newton and Numerica systems can be easily implemented in CLIP. The principal advantages of this approach are (1) the resulting solvers are relatively easy to prove correct, (2) new solvers can be rapidly prototyped since the code is more concise and declarative than for imperative languages, and (3) contractors can be implemented directly from mathematical formulae without having to first prove results about interval arithmetic operators. Finally, the source code for the system is publicly available, which is a clear prerequisite for public, independent verifiability. 1 Introduction Interval arithmetic is an approach to solving numerical problems by performing computations on sets of reals rather than on floating point approximations to reals. There are many versions of interval arithmetic that differ mainly in the way they represent sets of reals. The classical approach [30] considers only closed, bounded, floating point intervals [a, b]= {x ∈R : a ≤ x ≤ b} where a, b are finite floating point numbers. One then builds libraries of routines for computing an interval containing the range of various classes of mathematical functions. For example, the interval multiplication procedure, mult(X, Y ), must satisfy {x ∗ y : x ∈ X, y ∈ Y }⊆ mult(X, Y ) and this can be achieved by defining mult([a, b], [c, d]) = [min(a ∗ lo c, a ∗ lo d, b ∗ lo c, b ∗ lo d), max(a ∗ hi c, a ∗ hi d, b ∗ hi c, b ∗ hi d)] where x ∗ lo y and x ∗ hi y are the optimal floating point approximations to x ∗ y which satisfy x ∗ lo y ≤ x ∗ y ≤ x ∗ hi y 1