Results 1  10
of
17
MultiProver Verification of FloatingPoint Programs ⋆
"... Abstract. In the context of deductive program verification, supporting floatingpoint computations is tricky. We propose an expressive language to formally specify behavioral properties of such programs. We give a firstorder axiomatization of floatingpoint operations which allows to reduce verifica ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In the context of deductive program verification, supporting floatingpoint computations is tricky. We propose an expressive language to formally specify behavioral properties of such programs. We give a firstorder axiomatization of floatingpoint operations which allows to reduce verification to checking the validity of logic formulas, in a suitable form for a large class of provers including SMT solvers and interactive proof assistants. Experiments using the FramaC platform for static analysis of C code are presented. 1
Automatic verification of control system implementations
 In proceedings of EMSOFT
, 2010
"... Software implementations of controllers for physical subsystems form the core of many modern safetycritical systems such as aircraft flight control and automotive engine control. A fundamental property of such implementations is stability, the guarantee that the physical plant converges to a desire ..."
Abstract

Cited by 8 (8 self)
 Add to MetaCart
(Show Context)
Software implementations of controllers for physical subsystems form the core of many modern safetycritical systems such as aircraft flight control and automotive engine control. A fundamental property of such implementations is stability, the guarantee that the physical plant converges to a desired behavior under the actions of the controller. We present a methodology and a tool to perform automated static analysis of embedded controller code for stability of the controlled physical system. The design of controllers for physical systems provides not only the controllers but also mathematical proofs of their stability under idealized mathematical models. Unfortunately, since these models do not capture most of the implementation details, it is not always clear if the stability
Trustworthy Numerical Computation in Scala
"... Modern computing has adopted the floating point type as a default way to describe computations with real numbers. Thanks to dedicated hardware support, such computations are efficient on modern architectures, even in double precision. However, rigorous reasoning about the resulting programs remains ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
(Show Context)
Modern computing has adopted the floating point type as a default way to describe computations with real numbers. Thanks to dedicated hardware support, such computations are efficient on modern architectures, even in double precision. However, rigorous reasoning about the resulting programs remains difficult. This is in part due to a large gap between the finite floating point representation and the infiniteprecision realnumber semantics that serves as the developers’ mental model. Because programming languages do not provide support for estimating errors, some computations in practice are performed more and some less precisely than needed. We present a library solution for rigorous arithmetic computation. Our numerical data type library tracks a (double) floating point value, but also a guaranteed upper bound on the error between this value and the ideal value that would be computed in the realvalue semantics. Our implementation involves a set of linear approximations based on an extension of affine arithmetic. The derived approximations cover most of the standard mathematical operations, including trigonometric functions, and are more comprehensive than any publicly available ones. Moreover, while interval arithmetic rapidly yields overly pessimistic estimates, our approach remains precise for several computational tasks of interest. We evaluate the library on a number of examples from numerical analysis and physical simulations. We found it to be a useful tool for gaining confidence in the correctness of the computation.
Systematic testing for control applications
 In MEMOCODE
, 2010
"... Abstract—Software controllers for physical processes are at the core of many safetycritical systems such as avionics, automotive engine control, and process control. Despite their importance, the design and implementation of software controllers remains an art form; dependability is generally poor, ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
(Show Context)
Abstract—Software controllers for physical processes are at the core of many safetycritical systems such as avionics, automotive engine control, and process control. Despite their importance, the design and implementation of software controllers remains an art form; dependability is generally poor, and the cost of verifying systems is prohibitive. We illustrate the potential of applying program analysis tools on problems in controller design and implementation by focusing on concolic execution, a technique for systematic testing for software. In particular, we demonstrate how a concolic execution tool can be modified to automatically analyze controller implementations and (a) produce test cases achieving a coverage goal, (b) synthesize ranges for controller variables that can be used to allocate bits in a fixedpoint implementation, and (c) verify robustness of an implementation under input uncertainties. We have implemented these algorithms on top of the Splat test generation tool and have carried out preliminary experiments on control software that demonstrates feasibility of the techniques. I.
Automatic Detection of FloatingPoint Exceptions
, 1996
"... It is wellknown that floatingpoint exceptions can be disastrous and writing exceptionfree numerical programs is very difficult. Thus, it is important to automatically detect such errors. In this paper, we present Ariadne, a practical symbolic execution system specifically designed and implemented ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
It is wellknown that floatingpoint exceptions can be disastrous and writing exceptionfree numerical programs is very difficult. Thus, it is important to automatically detect such errors. In this paper, we present Ariadne, a practical symbolic execution system specifically designed and implemented for detecting floatingpoint exceptions. Ariadne systematically transforms a numerical program to explicitly check each exception triggering condition. Ariadne symbolically executes the transformed program using real arithmetic to find candidate realvalued inputs that can reach and trigger an exception. Ariadne converts each candidate input into a floatingpoint number, then tests it against the original program. In general, approximating floatingpoint arithmetic with real arithmetic can change paths from feasible to infeasible and vice versa. The key insight of this work is that, for the problem of detecting floatingpoint exceptions, this approximation works well in practice because, if one input reaches an exception, many are likely to, and at least one of them will do so over both floatingpoint and real arithmetic. To realize Ariadne, we also devised a novel, practical linearization technique to solve nonlinear constraints. We extensively evaluated Ariadne over 467 scalar functions in the widely used GNU Scientific Library (GSL). Our results show that Ariadne is practical and identifies a large number of real runtime exceptions in GSL. The GSL developers confirmed our preliminary findings and look forward to Ariadne’s public release, which we plan to do in the near future.
A Bit Too Precise? Bounded Verification of Quantized Digital Filters ⋆
"... Abstract. Digital filters are simple yet ubiquitous components of a wide variety of digital processing and control systems. Errors in the filters can be catastrophic. Traditionally digital filters have been verified using methods from control theory and extensive testing. We study two alternative ve ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Digital filters are simple yet ubiquitous components of a wide variety of digital processing and control systems. Errors in the filters can be catastrophic. Traditionally digital filters have been verified using methods from control theory and extensive testing. We study two alternative verification techniques: bitprecise analysis and realvalued error approximations. In this paper, we empirically evaluate several variants of these two fundamental approaches for verifying fixedpoint implementations of digital filters. We design our comparison to reveal the best possible approach towards verifying realworld designs of infinite impulse response (IIR) digital filters. Our study reveals broader insights into cases where bitreasoning is absolutely necessary and suggests efficient approaches using modern satisfiabilitymodulotheories (SMT) solvers. 1
Making Software Verification Tools Really Work
 ATVA 2011. LNCS
"... We discuss problems and barriers which stand in the way of producing verification tools that are robust, scalable and integrated in the software development cycle. Our analysis is that these barriers span a spectrum from theoretical, through practical and even logistical issues. Theoretical issues a ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
We discuss problems and barriers which stand in the way of producing verification tools that are robust, scalable and integrated in the software development cycle. Our analysis is that these barriers span a spectrum from theoretical, through practical and even logistical issues. Theoretical issues are the inherent complexity of program verification and the absence of a common, accepted semantic model in tools. Practical hurdles include the challenges arising from realworld systems features, such as floatingpoint arithmetic and weak memory. Logistical obstacles we identify are the lack of standard benchmarks to drive tool quality and efficiency, and the difficulty for academic research institutions of allocating resources to tool development. We propose simple measures which we, as a community, could adopt to make the design of serious verification tools easier and more credible. Our longterm vision is for the community to produce tools that are indispensable for a developer but so seamlessly integrated into a development environment, as to be invisible.
Componentbased design and verification in XMAN
 In Proc. of Embedded Realtime Soft. and Syst
, 2012
"... Abstract—Compositionality has the potential to enable a stepchange in the scalability of formal design and verification methods for industrialscale systems: by designing systems in a compositional manner, components can be modelled, specified, implemented, and verified independently and in paralle ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
Abstract—Compositionality has the potential to enable a stepchange in the scalability of formal design and verification methods for industrialscale systems: by designing systems in a compositional manner, components can be modelled, specified, implemented, and verified independently and in parallel by different teams, leading to significant gains in terms of productivity and the ability to reuse components. We discuss why componentbased frameworks have, up to now fallen short of meeting those expectations, and present the XMAN framework; a componentbased framework and development methodology that has been designed to overcome limitations of previous solutions. Walking through an industrial case study, we illustrate architecture, specification, detailed design, and implementation of systems in XMAN. Correctness and reliability concerns are addressed uniformly within XMAN through integration with existing static analysis tools for functional and extrafunctional properties. KeywordsComponentbased modeling; compositional verification and validation; formal methods. I.
On Sound Compilation of Reals
"... Writing accurate numerical software is hard because of many sources of unavoidable uncertainties, including finite numerical precision of implementations. We present a programming model where the user writes a program in a realvalued implementation and specification language that explicitly include ..."
Abstract
 Add to MetaCart
(Show Context)
Writing accurate numerical software is hard because of many sources of unavoidable uncertainties, including finite numerical precision of implementations. We present a programming model where the user writes a program in a realvalued implementation and specification language that explicitly includes different types of uncertainties. We then present a compilation algorithm that generates a conventional implementation that is guaranteed to meet the desired precision with respect to real numbers. Our verification step generates verification conditions that treat different uncertainties in a unified way and encode reasoning about floatingpoint roundoff errors into reasoning about real numbers. Such verification conditions can be used as a standardized format for verifying the precision and the correctness of numerical programs. Due to their often nonlinear nature, precise reasoning about such verification conditions remains difficult. We show that current stateofthe art SMT solvers do not scale well to solving such verification conditions. We propose a new procedure that combines exact SMT solving over reals with approximate and sound affine and interval arithmetic. We show that this approach overcomes scalability limitations of SMT solvers while providing improved precision over affine and interval arithmetic. Using our initial implementation we show the usefullness and effectiveness of our approach on several examples, including those containing nonlinear computation. 1.