Basic order bounds for roundShiftRightEven #
IEEE32Exec.roundShiftRightEven is the core integer-rounding primitive used by
roundDyadicToIEEE32:
- We first compute an exact mantissa
n(aNat). - We then shrink it by
shiftbits to land on the target mantissa width. - The policy is round-to-nearest, ties-to-even.
For interval verification we also implement directed rounding (toward -∞ and +∞):
- floor-quotient:
q = n >>> shift - ceil-quotient:
ceil(n / 2^shift)which we implement asshiftRightCeilPow2 n shift
The key structural fact (used later to relate "nearest" to "directed" rounding) is:
roundShiftRightEven n shiftalways lies between the floor and ceil quotients.
In other words, round-to-nearest can only choose q or q+1, and those are exactly the two
directed-rounding candidates at this scale.
We prove that here in a way that is robust to later refactors of roundDyadicToIEEE32:
these lemmas talk only about the low-level Nat operations, not about floats.
Public “two-point” characterization #
The nearest-even quotient can only be one of the two directed-division candidates:
- the floor quotient
q = n >>> shift, or - the next integer
q + 1.
This public lemma connects
roundDyadicToIEEE32 (nearest rounding) to roundDyadicPosDown/roundDyadicPosUp
(directed rounding).
Nearest-even shift-right rounding yields one of two adjacent candidates.
Informal: roundShiftRightEven n shift is either the floor quotient n >>> shift or that value
plus one.
Nearest-even rounding is never below the floor-quotient (shiftRight).
Nearest-even rounding is never above shiftRight n shift + 1.
Nearest-even rounding is bounded above by the “ceiling quotient” shiftRightCeilPow2.
This is useful when connecting nearest-even rounding to directed rounding up, since the latter is often implemented as “divide by 2^k and round the quotient up”.
Convenience bundling of the lower+upper bounds used most often downstream.