Results 1  10
of
27
Trustworthy Numerical Computation in Scala
"... Modern computing has adopted the floating point type as a default way to describe computations with real numbers. Thanks to dedicated hardware support, such computations are efficient on modern architectures, even in double precision. However, rigorous reasoning about the resulting programs remains ..."
Abstract

Cited by 12 (4 self)
 Add to MetaCart
(Show Context)
Modern computing has adopted the floating point type as a default way to describe computations with real numbers. Thanks to dedicated hardware support, such computations are efficient on modern architectures, even in double precision. However, rigorous reasoning about the resulting programs remains difficult. This is in part due to a large gap between the finite floating point representation and the infiniteprecision realnumber semantics that serves as the developers’ mental model. Because programming languages do not provide support for estimating errors, some computations in practice are performed more and some less precisely than needed. We present a library solution for rigorous arithmetic computation. Our numerical data type library tracks a (double) floating point value, but also a guaranteed upper bound on the error between this value and the ideal value that would be computed in the realvalue semantics. Our implementation involves a set of linear approximations based on an extension of affine arithmetic. The derived approximations cover most of the standard mathematical operations, including trigonometric functions, and are more comprehensive than any publicly available ones. Moreover, while interval arithmetic rapidly yields overly pessimistic estimates, our approach remains precise for several computational tasks of interest. We evaluate the library on a number of examples from numerical analysis and physical simulations. We found it to be a useful tool for gaining confidence in the correctness of the computation.
A FormallyVerified C Compiler Supporting FloatingPoint Arithmetic
, 2012
"... Abstract—Floatingpoint arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE754 standard was a push towards straightening the field and made formal reasoning about floatingpoint computations possible. Unfortunately, this is not sufficient to guarantee the final result ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Abstract—Floatingpoint arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE754 standard was a push towards straightening the field and made formal reasoning about floatingpoint computations possible. Unfortunately, this is not sufficient to guarantee the final result of a program, as several other actors are involved: programming language, compiler, architecture. The CompCert formallyverified compiler provides a solution to this problem: this compiler comes with a mathematical specification of the semantics of its source language (ISO C90) and target platforms (ARM, PowerPC, x86SSE2), and with a proof that compilation preserves semantics. In this paper, we report on our recent success in formally specifying and proving correct CompCert’s compilation of floatingpoint arithmetic. Since CompCert is verified using the Coq proof assistant, this effort required a suitable Coq formalization of the IEEE754 standard; we extended the Flocq library for this purpose. As a result, we obtain the first formally verified compiler that provably preserves the semantics of floatingpoint programs. Index Terms—floatingpoint arithmetic; verified compilation; formal proof; floatingpoint semantic preservation; I.
On Sound Compilation of Reals
"... Writing accurate numerical software is hard because of many sources of unavoidable uncertainties, including finite numerical precision of implementations. We present a programming model where the user writes a program in a realvalued implementation and specification language that explicitly include ..."
Abstract

Cited by 9 (4 self)
 Add to MetaCart
(Show Context)
Writing accurate numerical software is hard because of many sources of unavoidable uncertainties, including finite numerical precision of implementations. We present a programming model where the user writes a program in a realvalued implementation and specification language that explicitly includes different types of uncertainties. We then present a compilation algorithm that generates a conventional implementation that is guaranteed to meet the desired precision with respect to real numbers. Our verification step generates verification conditions that treat different uncertainties in a unified way and encode reasoning about floatingpoint roundoff errors into reasoning about real numbers. Such verification conditions can be used as a standardized format for verifying the precision and the correctness of numerical programs. Due to their often nonlinear nature, precise reasoning about such verification conditions remains difficult. We show that current stateofthe art SMT solvers do not scale well to solving such verification conditions. We propose a new procedure that combines exact SMT solving over reals with approximate and sound affine and interval arithmetic. We show that this approach overcomes scalability limitations of SMT solvers while providing improved precision over affine and interval arithmetic. Using our initial implementation we show the usefullness and effectiveness of our approach on several examples, including those containing nonlinear computation. 1.
Hardwareindependent proofs of numerical programs
, 2010
"... On recent architectures, a numerical program may give different answers depending on the execution hardware and the compilation. Our goal is to formally prove properties about numerical programs that are true for multiple architectures and compilers. We propose an approach that states the rounding e ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
On recent architectures, a numerical program may give different answers depending on the execution hardware and the compilation. Our goal is to formally prove properties about numerical programs that are true for multiple architectures and compilers. We propose an approach that states the rounding error of each floatingpoint computation whatever the environment. This approach is implemented in the FramaC platform for static analysis of C code. Small case studies using this approach are entirely and automatically proved.
The Jessie plugin for Deduction Verification in FramaC Tutorial and Reference Manual Version 2.30
, 2012
"... ..."
(Show Context)
Formal verification of numerical programs: from C annotated programs to Coq proofs
, 2010
"... Numerical programs may require a high level of guarantee. This can be achieved by applying formal methods, such as machinechecked proofs. But these tools handle mathematical theorems while we are interested in C code. To achieve this high level of confidence on C programs, we use a chain of tools ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Numerical programs may require a high level of guarantee. This can be achieved by applying formal methods, such as machinechecked proofs. But these tools handle mathematical theorems while we are interested in C code. To achieve this high level of confidence on C programs, we use a chain of tools: FramaC, its Jessie plugin, Why and Coq. This requires the C program to be annotated: this means that each function must be precisely specified, and we will prove the correctness of the program by proving both that it meets its specifications and that it does not fail. Examples will be given to illustrate the features of this approach.
Certifying Solutions for Numerical Constraints
"... Abstract. A large portion of software is used for numerical computation in mathematics, physics and engineering. Among the aspects that make verification in this domain difficult is the need to quantify numerical errors, such as roundoff errors and errors due to the use of approximate numerical meth ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract. A large portion of software is used for numerical computation in mathematics, physics and engineering. Among the aspects that make verification in this domain difficult is the need to quantify numerical errors, such as roundoff errors and errors due to the use of approximate numerical methods. Much of numerical software uses selfstabilizing iterative algorithms, for example, to find solutions of nonlinear equations. To support such algorithms, we present a runtime verification technique that checks, given a nonlinear equation and a tentative solution, whether this value is indeed a solution to within a specified precision. Our technique combines runtime verification approaches with information about the analytical equation being solved. It is independent of the algorithm used for finding the solution and is therefore applicable to a wide range of problems. We have implemented our technique for the Scala programming language using our affine arithmetic library and the macro facility of Scala 2.10.
Builtin Treatment of an Axiomatic FloatingPoint Theory for SMT Solvers ∗
"... The treatment of the axiomatic theory of floatingpoint numbers is out of reach of current SMT solvers, especially when it comes to automatic reasoning on approximation errors. In this paper, we describe a dedicated procedure for such a theory, which provides an interface akin to the instantiation m ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
The treatment of the axiomatic theory of floatingpoint numbers is out of reach of current SMT solvers, especially when it comes to automatic reasoning on approximation errors. In this paper, we describe a dedicated procedure for such a theory, which provides an interface akin to the instantiation mechanism of an SMT solver. This procedure is based on the approach of the Gappa tool: it performs saturation of consequences of the axioms, in order to refine bounds on expressions. In addition to the original approach, bounds are further refined by a constraint solver for linear arithmetic. Combined with the natural support for equalities provided by SMT solvers, our approach improves the treatment of goals coming from deductive verification of numerical programs. We have implemented it in the AltErgo SMT solver. 1
Refining Abstract Interpretationbased Approximations with Constraint Solvers
, 2011
"... Abstract. Programs with floatingpoint computations are tricky to develop because floatingpoint arithmetic differs from real arithmetic and has many counterintuitive properties. A classical approach to verify such programs consists in estimating the precision of floatingpoint computations with res ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Programs with floatingpoint computations are tricky to develop because floatingpoint arithmetic differs from real arithmetic and has many counterintuitive properties. A classical approach to verify such programs consists in estimating the precision of floatingpoint computations with respect to the same sequence of operations in an idealized interpretation—have been designed to address this problem. However, such tools compute an overapproximation of the domains of the variables, both in the semantics of the floatingpoint numbers and in the semantics of the real numbers. This overapproximation can be very coarse on some programs. In this paper, we show that constraint solvers over floatingpoint numbers and real numbers can significantly refine the approximations computed by Fluctuat. We managed to reduce drastically the domains of variables of C programs that are difficult to handle for abstract interpretation techniques implemented in Fluctuat. Key words: Program verification; Floatingpoint computation; C programs; Abstract interpretationbased approximation; Intervalbased constraint solvers over real and floatingpoint numbers 1
On Numerical Error Propagation with Sensitivity
"... An emerging area of research is to automatically compute reasonably precise upper bounds on numerical errors including roundoffs. Previous approaches for this task are limited in their precision and scalability, especially in the presence of branches and loops. We argue that one reason for these lim ..."
Abstract
 Add to MetaCart
(Show Context)
An emerging area of research is to automatically compute reasonably precise upper bounds on numerical errors including roundoffs. Previous approaches for this task are limited in their precision and scalability, especially in the presence of branches and loops. We argue that one reason for these limitations is the focus of past approaches on approximating errors of individual reachable states. We propose instead a more relational and modular approach to analysis that characterizes analytically the input/output behavior of code fragments and reuses this characterization to reason about larger code fragments. We use the derivatives of the functions corresponding to program paths to capture a program’s sensitivity to input changes. To apply this approach for finiteprecision code, we decouple the computation of newly introduced roundoff errors from the amplification of existing errors. This enables us to precisely and efficiently account for propagation of errors through longrunning computation. Using this approach we implemented an analysis for programs containing nonlinear computation, conditionals, and loops. In the presence of loops our approach can find closedform symbolic invariants capturing upper bounds on numerical errors, even when the error grows with the number of iterations. We evaluate our system on a number of benchmarks from embedded systems and scientific computation, showing substantial improvements in precision and scalability over the state of the art. 1.