## Formal verification of square root algorithms (2003)

Venue: | Formal Methods in Systems Design |

Citations: | 11 - 1 self |

### BibTeX

@INPROCEEDINGS{Harrison03formalverification,

author = {John Harrison},

title = {Formal verification of square root algorithms},

booktitle = {Formal Methods in Systems Design},

year = {2003},

pages = {2003}

}

### OpenURL

### Abstract

Abstract. We discuss the formal verification of some low-level mathematical software for the Intel ® Itanium ® architecture. A number of important algorithms have been proven correct using the HOL Light theorem prover. After briefly surveying some of our formal verification work, we discuss in more detail the verification of a square root algorithm, which helps to illustrate why some features of HOL Light, in particular programmability, make it especially suitable for these applications. 1. Overview The Intel ® Itanium ® architecture is a new 64-bit architecture jointly developed by Intel and Hewlett-Packard, implemented in the Itanium® processor family (IPF). Among the software supplied by Intel to support IPF processors are some optimized mathematical functions to supplement or replace less efficient generic libraries. Naturally, the correctness of the algorithms used in such software is always a major concern. This is particularly so for division, square root and certain transcendental function kernels, which are intimately tied to the basic architecture. First, in IA-32 compatibility mode, these algorithms are used by hardware instructions like fptan and fdiv. And while in “native ” mode, division and square root are implemented in software, typical users are likely to see them as part of the basic architecture. The formal verification of some of the division algorithms is described by Harrison (2000b), and a representative verification of a transcendental function by Harrison (2000a). In this paper we complete the picture by considering a square root algorithm. Division, transcendental functions and square roots all have quite distinctive features and their formal verifications differ widely from each other. The present proofs have a number of interesting features, and show how important some theorem prover features — in particular programmability — are. The formal verifications are conducted using the freely available 1 HOL Light prover (Harrison, 1996). HOL Light is a version of HOL (Gordon and Melham, 1993), itself a descendent of Edinburgh LCF

### Citations

295 |
Every Planar map is Four Colorable
- Appel, Haken, et al.
- 1977
(Show Context)
Citation Context ...gan (1998) and formalized in HOL without difficulty, one can show that the 5 A more extreme case is the 4-color theorem, whose proof relies on extensive (computer-assisted) checking of special cases (=-=Appel and Haken, 1976-=-). 6 An ‘optimized’ way of checking, referred to by Aigner and Ziegler (2001) as “Landau’s trick”, is to verify that 3, 5, 7, 13, 23, 43, 83, 163, 317, 631, 1259, 2503 and 4001 are all prime and each ... |

88 |
C.P.: Edinburgh LCF: A Mechanised Logic
- Gordon, Milner, et al.
- 1979
(Show Context)
Citation Context ...cendent of Edinburgh LCF 1 See http://www.cl.cam.ac.uk/users/jrh/hol-light/index.html. c○ 2005 Kluwer Academic Publishers. Printed in the Netherlands. fmsd.tex; 8/09/2005; 10:46; p.1s2 John Harrison (=-=Gordon et al., 1979-=-) which first defined the ‘LCF approach’ that these systems take to formal proof. LCF provers like HOL explicitly generate proofs in terms of extremely low-level primitive inferences, in order to prov... |

71 | HOL light: A tutorial introduction
- Harrison
- 1996
(Show Context)
Citation Context ... interesting features, and show how important some theorem prover features — in particular programmability — are. The formal verifications are conducted using the freely available 1 HOL Light prover (=-=Harrison, 1996-=-). HOL Light is a version of HOL (Gordon and Melham, 1993), itself a descendent of Edinburgh LCF 1 See http://www.cl.cam.ac.uk/users/jrh/hol-light/index.html. c○ 2005 Kluwer Academic Publishers. Print... |

50 |
The Functional Approach to Programming
- COUSINEAU, MAUNY
- 1998
(Show Context)
Citation Context ...oof or one with more ad hoc machine support. HOL Light allows the user to implement higher-level logical inference rules by programming them in the interaction and implementation language CAML Light (=-=Cousineau and Mauny, 1998-=-), using an abstract type of theorems to protect against arbitrary inferences. Thus, proofs can be partially automated, so although in some respects the formalization of a proof in HOL is painfully ex... |

35 | A Machine-Checked Theory of Floating Point Arithmetic
- Harrison
- 1999
(Show Context)
Citation Context ..., mu rc is 1/2. The theorem has two side conditions, one being a nontriviality hypothesis, and the other an assertion that the value x does not lose precision. We will not show the formal definition (=-=Harrison, 1999-=-) here, since it is rather complicated. However, a simple and usually adequate sufficient condition is that the exact result lies in the normal range (or is zero). Actually applying this theorem, and ... |

32 | Formal verification of floating point trigonometric functions - Harrison - 2000 |

27 |
Computation of elementary functions on the
- Markstein
- 1990
(Show Context)
Citation Context ...lication operations as the special cases x · 1 + y and x · y + 0. The fma has many applications in typical floating-point codes, where it can often improve accuracy and/or performance. In particular (=-=Markstein, 1990-=-) correctly rounded quotients and square roots can be computed by fairly short sequences of fmas, obviating the need for dedicated instructions. Besides enabling compilers and assembly language progra... |

20 | Proving the IEEE correctness of iterative floating-point square root, divide, and remainder algorithms - Cornea-Hasegan - 1998 |

20 | Formal verification of IA-64 division algorithms - Harrison - 2000 |

19 | Applications of division by convergence - Goldschmidt - 1964 |

14 | C.J.H.: Formally Verifying - O’Leary, Zhao, et al. - 1999 |

11 | Verifying the accuracy of polynomial approximations in HOL - Harrison - 1997 |

11 | ANSI/IEEE Standard for Binary Floating Point Arithmetic: Std 754-1985 - IEEE - 1985 |

6 | A mechanically checked proof of IEEE compliance of a register-transfer-level specication of the AMD-k7 oating-point multiplication, division, and square root instructions - Rusinoff - 1998 |

2 | Ziegler: 2001, Proofs from The Book - Aigner, M |

2 | Beweis eines Satzes von Tschebyshev - Erdös - 1930 |

2 | eds.): Theorem Proving - Gunter, Felty - 1997 |

2 |
Theorem proving with the real numbers, Springer-Verlag
- Harrison
- 1998
(Show Context)
Citation Context ...el of assurance that the proofs are valid. HOL’s foundational approach to proof is maintained in the formalization of the underlying mathematics including natural number arithmetic and real analysis (=-=Harrison, 1998-=-). Rather than being axiomatized, these structures are constructed starting just with a few basic set-theoretic axioms such as the Axiom of Infinity. Thus, formalization of a proof in HOL achieves a h... |

1 | other brands are properties of their respective owners fmsd.tex; 8/09/2005; 10:46; p.12 Formal verification of square root algorithms 13 - All - 1993 |