## A Mechanically Checked Proof of the Correctness of the Kernel of the AMD5K86 Floating-Point Division Algorithm (1996)

Venue: | IEEE Transactions on Computers |

Citations: | 32 - 11 self |

### BibTeX

@ARTICLE{Moore96amechanically,

author = {J Strother Moore and Tom Lynch and Matt Kaufmann},

title = {A Mechanically Checked Proof of the Correctness of the Kernel of the AMD5K86 Floating-Point Division Algorithm},

journal = {IEEE Transactions on Computers},

year = {1996},

volume = {47}

}

### Years of Citing Articles

### OpenURL

### Abstract

We describe a mechanically checked proof of the correctness of the kernel of the floating point division algorithm used on the AMD5K 86 microprocessor. The kernel is a non-restoring division algorithm that computes the floating point quotient of two double extended precision floating point numbers, p and d (d 6= 0), with respect to a rounding mode, mode. The algorithm is defined in terms of floating point addition and multiplication. First, two NewtonRaphson iterations are used to compute a floating point approximation of the reciprocal of d. The result is used to compute four floating point quotient digits in the 24,,17 format (24 bits of precision and 17 bit exponents) which are then summed using appropriate rounding modes. We prove that if p and d are 64,,15 (possibly denormal) floating point numbers, d 6= 0 and mode specifies one of six rounding procedures and a desired precision 0 ! n 64, then the output of the algorithm is p=d rounded according to mode. We prove that every int...

### Citations

934 | Symbolic Boolean Manipulation with Ordered Binary Decision Diagrams - Bryant - 1992 |

375 | What Every Computer Scientist Should Know about Floating Point Arithmetic
- Goldberg
- 1991
(Show Context)
Citation Context ... p \Gamma e d + 25 Table 3: Exponent Bounds for Lines 7 through 32 Correctness of the AMDK 86 Floating Point Division Algorithm 33 10 Related Work For an introduction to floating point arithmetic see =-=[5]-=-. See also Goldberg's discussion in Appendix A of [10]. For a detailed treatment of division, per se, see [4]. We discuss two areas of related work in formal verification: formalization of floating po... |

104 |
Division and Square Root: Digit-Recurrence Algorithms and Implementations
- Ercegovac, Lang
- 1994
(Show Context)
Citation Context ...Division Algorithm 33 10 Related Work For an introduction to floating point arithmetic see [5]. See also Goldberg's discussion in Appendix A of [10]. For a detailed treatment of division, per se, see =-=[4]-=-. We discuss two areas of related work in formal verification: formalization of floating point arithmetic and mechanically checked proofs of division algorithms. Part of ANSI/IEEE-854 [12] is formaliz... |

65 | ACL2: An industrial strength version of nqthm
- Kaufmann, Moore
- 1996
(Show Context)
Citation Context ...er we hand translate all of the arithmetic expressions into traditional notation. We also use traditional mathematical English rather than formal logical notation. ACL2 is described in more detail in =-=[6, 7]-=-. ACL2 is available without fee on the Internet. See http://www.cli.com. Because ACL2 is an executable logic and divide is defined as a function in ACL2, it is possible to execute divide on concrete d... |

32 | Defining the IEEE-854 floating-point standard in pvs
- Miner
- 1995
(Show Context)
Citation Context ...iscuss two areas of related work in formal verification: formalization of floating point arithmetic and mechanically checked proofs of division algorithms. Part of ANSI/IEEE-854 [12] is formalized in =-=[9]-=- by P. Miner. Miner casts his formalization in the mechanically supported logic of PVS [3]. A few straightforward lemmas about rounding are shown, such as that truncation produces a number of no great... |

24 | Bit-level analysis of an SRT divider circuit
- Bryant
- 1996
(Show Context)
Citation Context ...ver, no mechanically checked proofs of floating point algorithms are presented in [9]. There have been several mechanically checked proofs of the SRT division algorithm reported in the literature. In =-=[2]-=- R. E. Bryant reports on the use of OBDD techniques to verify certain invariants on a radix-4 SRT division algorithm. Similar work has been done by E. M. Clarke as well as by Clarke, S. M. German and ... |

16 | Srivas. Modular verification of SRT division
- Ruess, Shankar, et al.
- 1996
(Show Context)
Citation Context ...OBDD techniques to verify certain invariants on a radix-4 SRT division algorithm. Similar work has been done by E. M. Clarke as well as by Clarke, S. M. German and X. Zhao (private communication). In =-=[13]-=- H. Reuss, M. Srivas, and N. Shankar report on the use of the PVS system to verify that a radix r SRT division algorithm divides. It is perhaps most telling simply to observe that in none of the SRT w... |

9 |
Computer Architecture
- Patterson, Hennessy
- 1990
(Show Context)
Citation Context ... 7 through 32 Correctness of the AMDK 86 Floating Point Division Algorithm 33 10 Related Work For an introduction to floating point arithmetic see [5]. See also Goldberg's discussion in Appendix A of =-=[10]-=-. For a detailed treatment of division, per se, see [4]. We discuss two areas of related work in formal verification: formalization of floating point arithmetic and mechanically checked proofs of divi... |

1 |
A Tutorial Introduction to PVS," presented at
- Crow, Owre, et al.
- 1995
(Show Context)
Citation Context ...rithmetic and mechanically checked proofs of division algorithms. Part of ANSI/IEEE-854 [12] is formalized in [9] by P. Miner. Miner casts his formalization in the mechanically supported logic of PVS =-=[3]-=-. A few straightforward lemmas about rounding are shown, such as that truncation produces a number of no greater absolute value. These lemmas have presumably been proved mechanically by the PVS system... |

1 |
Rounding Error Analysis for Division," Technical Report, Advanced Micro Devices
- Lynch, Ahmed, et al.
- 1995
(Show Context)
Citation Context ... (i.e., truncn(s d ; 8), page 11) in Table 1. The table maps each of the 128 8-bit non-0 significands to an 8-bit approximation of its reciprocal. The computation of the table entries is discussed in =-=[8]-=-. top 8 bits approx of d inverse 1:0000000 2 0:11111111 2 1:0000001 2 0:11111101 2 1:0000010 2 0:11111011 2 1:0000011 2 0:11111001 2 1:0000100 2 0:11110111 2 1:0000101 2 0:11110101 2 1:0000110 2 0:111... |