Automated, rigorous backward error bound analysis for floating-point numerical programs remains unsupported by existing formal methods. Method: We propose the first type-based verification framework enabling static derivation of rigorous backward error bounds. Our approach introduces a novel type system that integrates graded coeffects with strict linear typing, underpinned by a sound categorical semantics. We implement the first prototype tool capable of automatically inferring backward error bounds. Results: Applied to canonical numerical linear algebra algorithms, our tool automatically derives tight relative backward error bounds matching worst-case bounds reported in the literature. This constitutes the first formal demonstration—within a mechanized verification framework—that numerical stability is decidable.

Backward error analysis offers a method for assessing the quality of numerical programs in the presence of floating-point rounding errors. However, techniques from the numerical analysis literature for quantifying backward error require substantial human effort, and there are currently no tools or automated methods for statically deriving sound backward error bounds. To address this gap, we propose Bean, a typed first-order programming language designed to express quantitative bounds on backward error. Bean's type system combines a graded coeffect system with strict linearity to soundly track the flow of backward error through programs. We prove the soundness of our system using a novel categorical semantics, where every Bean program denotes a triple of related transformations that together satisfy a backward error guarantee. To illustrate Bean's potential as a practical tool for automated backward error analysis, we implement a variety of standard algorithms from numerical linear algebra in Bean, establishing fine-grained backward error bounds via typing in a compositional style. We also develop a prototype implementation of Bean that infers backward error bounds automatically. Our evaluation shows that these inferred bounds match worst-case theoretical relative backward error bounds from the literature, underscoring Bean's utility in validating a key property of numerical programs: numerical stability.