Results 1 
6 of
6
MultiProver Verification of FloatingPoint Programs ⋆
"... Abstract. In the context of deductive program verification, supporting floatingpoint computations is tricky. We propose an expressive language to formally specify behavioral properties of such programs. We give a firstorder axiomatization of floatingpoint operations which allows to reduce verifica ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
Abstract. In the context of deductive program verification, supporting floatingpoint computations is tricky. We propose an expressive language to formally specify behavioral properties of such programs. We give a firstorder axiomatization of floatingpoint operations which allows to reduce verification to checking the validity of logic formulas, in a suitable form for a large class of provers including SMT solvers and interactive proof assistants. Experiments using the FramaC platform for static analysis of C code are presented. 1
Trustworthy Numerical Computation in Scala
"... Modern computing has adopted the floating point type as a default way to describe computations with real numbers. Thanks to dedicated hardware support, such computations are efficient on modern architectures, even in double precision. However, rigorous reasoning about the resulting programs remains ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Modern computing has adopted the floating point type as a default way to describe computations with real numbers. Thanks to dedicated hardware support, such computations are efficient on modern architectures, even in double precision. However, rigorous reasoning about the resulting programs remains difficult. This is in part due to a large gap between the finite floating point representation and the infiniteprecision realnumber semantics that serves as the developers’ mental model. Because programming languages do not provide support for estimating errors, some computations in practice are performed more and some less precisely than needed. We present a library solution for rigorous arithmetic computation. Our numerical data type library tracks a (double) floating point value, but also a guaranteed upper bound on the error between this value and the ideal value that would be computed in the realvalue semantics. Our implementation involves a set of linear approximations based on an extension of affine arithmetic. The derived approximations cover most of the standard mathematical operations, including trigonometric functions, and are more comprehensive than any publicly available ones. Moreover, while interval arithmetic rapidly yields overly pessimistic estimates, our approach remains precise for several computational tasks of interest. We evaluate the library on a number of examples from numerical analysis and physical simulations. We found it to be a useful tool for gaining confidence in the correctness of the computation.
A FormallyVerified C Compiler Supporting FloatingPoint Arithmetic
, 2012
"... Abstract—Floatingpoint arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE754 standard was a push towards straightening the field and made formal reasoning about floatingpoint computations possible. Unfortunately, this is not sufficient to guarantee the final result ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract—Floatingpoint arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE754 standard was a push towards straightening the field and made formal reasoning about floatingpoint computations possible. Unfortunately, this is not sufficient to guarantee the final result of a program, as several other actors are involved: programming language, compiler, architecture. The CompCert formallyverified compiler provides a solution to this problem: this compiler comes with a mathematical specification of the semantics of its source language (ISO C90) and target platforms (ARM, PowerPC, x86SSE2), and with a proof that compilation preserves semantics. In this paper, we report on our recent success in formally specifying and proving correct CompCert’s compilation of floatingpoint arithmetic. Since CompCert is verified using the Coq proof assistant, this effort required a suitable Coq formalization of the IEEE754 standard; we extended the Flocq library for this purpose. As a result, we obtain the first formally verified compiler that provably preserves the semantics of floatingpoint programs. Index Terms—floatingpoint arithmetic; verified compilation; formal proof; floatingpoint semantic preservation; I.
Formal veri cation of numerical programs: from C annotated programs to Coq proofs ⋆ Sylvie Boldo
, 2010
"... Abstract. Numerical programs may require a high level of guarantee. This can be achieved by applying formal methods, such as machinechecked proofs. But these tools handle mathematical theorems while we are interested in C code. To achieve this high level of con dence on C programs, we use a chain of ..."
Abstract
 Add to MetaCart
Abstract. Numerical programs may require a high level of guarantee. This can be achieved by applying formal methods, such as machinechecked proofs. But these tools handle mathematical theorems while we are interested in C code. To achieve this high level of con dence on C programs, we use a chain of tools: FramaC, its Jessie plugin, Why and Coq. This requires the C program to be annotated: this means that each function must be precisely speci ed, and we will prove the correctness of the program by proving both that it meets its speci cations and that it does not fail. Examples will be given to illustrate the features of this approach. 1
Formal Verification of Numerical Programs: From C Annotated Programs to Mechanical Proofs
"... Abstract Numerical programs may require a high level of guarantee. This can be achieved by applying formal methods, such as machinechecked proofs. But these tools handle mathematical theorems while we are interested in C code, in which numerical computations are performed using floatingpoint arith ..."
Abstract
 Add to MetaCart
Abstract Numerical programs may require a high level of guarantee. This can be achieved by applying formal methods, such as machinechecked proofs. But these tools handle mathematical theorems while we are interested in C code, in which numerical computations are performed using floatingpoint arithmetic, whereas proof tools typically handle exact real arithmetic. To achieve this high level of confidence on C programs, we use a chain of tools: FramaC, its Jessie plugin, Why and provers among Coq, Gappa, AltErgo, CVC3 and Z3. This approach requires the C program to be annotated: each function must be precisely specified, and we prove the correctness of the program by proving both that it meets its specifications and that no runtime error may occur. The purpose of this paper is to illustrate, on various examples, the features of this approach.
Author manuscript, published in "Certified Programs and Proofs (2011)" HardwareDependent Proofs of Numerical Programs ⋆
, 2013
"... Abstract. We present an approach for proving behavioral properties of numerical programs by analyzing their compiled assembly code. We focus on the issues and traps that may arise on oatingpoint computations. Direct analysis of the assembly code allows us to take into account architecture or compi ..."
Abstract
 Add to MetaCart
Abstract. We present an approach for proving behavioral properties of numerical programs by analyzing their compiled assembly code. We focus on the issues and traps that may arise on oatingpoint computations. Direct analysis of the assembly code allows us to take into account architecture or compilerdependent features such as the possible use of extended precision registers. The approach is implemented on top of the generic Why platform for deductive veri cation, which allows us to perform experiments where proofs are discharged by combining several backend automatic provers. 1