Results 1  10
of
43
Verifying nonlinear real formulas via sums of squares
 Theorem Proving in Higher Order Logics, TPHOLs 2007, volume 4732 of Lect. Notes in Comp. Sci
, 2007
"... Abstract. Techniques based on sums of squares appear promising as a general approach to the universal theory of reals with addition and multiplication, i.e. verifying Boolean combinations of equations and inequalities. A particularly attractive feature is that suitable ‘sum of squares ’ certificates ..."
Abstract

Cited by 31 (3 self)
 Add to MetaCart
(Show Context)
Abstract. Techniques based on sums of squares appear promising as a general approach to the universal theory of reals with addition and multiplication, i.e. verifying Boolean combinations of equations and inequalities. A particularly attractive feature is that suitable ‘sum of squares ’ certificates can be found by sophisticated numerical methods such as semidefinite programming, yet the actual verification of the resulting proof is straightforward even in a highly foundational theorem prover. We will describe our experience with an implementation in HOL Light, noting some successes as well as difficulties. We also describe a new approach to the univariate case that can handle some otherwise difficult examples. 1 Verifying nonlinear formulas over the reals Over the real numbers, there are algorithms that can in principle perform quantifier elimination from arbitrary firstorder formulas built up using addition, multiplication and the usual equality and inequality predicates. A classic example of such a quantifier elimination equivalence is the criterion for a quadratic equation to have a real root: ∀a b c. (∃x. ax 2 + bx + c = 0) ⇔ a = 0 ∧ (b = 0 ⇒ c = 0) ∨ a � = 0 ∧ b 2 ≥ 4ac
Formal Verification of FloatingPoint Programs
, 2007
"... This paper introduces a methodology to perform formal verification of floatingpoint C programs. It extends an existing tool for the verification of C programs, Caduceus, with new annotations specific to floatingpoint arithmetic. The Caduceus firstorder logic model for C programs is extended acc ..."
Abstract

Cited by 29 (7 self)
 Add to MetaCart
This paper introduces a methodology to perform formal verification of floatingpoint C programs. It extends an existing tool for the verification of C programs, Caduceus, with new annotations specific to floatingpoint arithmetic. The Caduceus firstorder logic model for C programs is extended accordingly. Then verification conditions expressing the correctness of the programs are obtained in the usual way and can be discharged interactively with the Coq proof assistant, using an existing Coq formalization of floatingpoint arithmetic. This methodology is already implemented and has been successfully applied to several short floatingpoint programs, which are presented in this paper.
Mixed abstractions for floatingpoint arithmetic
 In FMCAD
, 2009
"... Abstract—Floatingpoint arithmetic is essential for many embedded and safetycritical systems, such as in the avionics industry. Inaccuracies in floatingpoint calculations can cause subtle changes of the control flow, potentially leading to disastrous errors. In this paper, we present a simple and ..."
Abstract

Cited by 26 (7 self)
 Add to MetaCart
Abstract—Floatingpoint arithmetic is essential for many embedded and safetycritical systems, such as in the avionics industry. Inaccuracies in floatingpoint calculations can cause subtle changes of the control flow, potentially leading to disastrous errors. In this paper, we present a simple and general, yet powerful framework for building abstractions from formulas, and instantiate this framework to a bitaccurate, sound and complete decision procedure for IEEEcompliant binary floatingpoint arithmetic. Our procedure benefits in practice from its ability to flexibly harness both over and underapproximations in the abstraction process. We demonstrate the potency of the procedure for the formal analysis of floatingpoint software. I.
Certifying the floatingpoint implementation of an elementary function using Gappa
 IEEE TRANSACTIONS ON COMPUTERS, 2010. 9 HTTP://DX.DOI.ORG/10.1145/1772954.1772987 10 HTTP://DX.DOI.ORG/10.1145/1838599.1838622 11 HTTP://SHEMESH.LARC.NASA.GOV/NFM2010/PAPERS/NFM2010_14_23.PDF 12 HTTP://DX.DOI.ORG/10.1007/9783642142031_11 13 HTTP://DX.
, 2011
"... High confidence in floatingpoint programs requires proving numerical properties of final and intermediate values. One may need to guarantee that a value stays within some range, or that the error relative to some ideal value is well bounded. This certification may require a timeconsuming proof fo ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
(Show Context)
High confidence in floatingpoint programs requires proving numerical properties of final and intermediate values. One may need to guarantee that a value stays within some range, or that the error relative to some ideal value is well bounded. This certification may require a timeconsuming proof for each line of code, and it is usually broken by the smallest change to the code, e.g., for maintenance or optimization purpose. Certifying floatingpoint programs by hand is, therefore, very tedious and errorprone. The Gappa proof assistant is designed to make this task both easier and more secure, due to the following novel features: It automates the evaluation and propagation of rounding errors using interval arithmetic. Its input format is very close to the actual code to validate. It can be used incrementally to prove complex mathematical properties pertaining to the code. It generates a formal proof of the results, which can be checked independently by a lower level proof assistant like Coq. Yet it does not require any specific knowledge about automatic theorem proving, and thus, is accessible to a wide community. This paper demonstrates the practical use of this tool for a widely used class of floatingpoint programs: implementations of elementary functions in a mathematical library.
Deciding FloatingPoint Logic with Systematic Abstraction
"... We present a bitprecise decision procedure for the theory of binary floatingpoint arithmetic. The core of our approach is a nontrivial generalisation of the conflict analysis algorithm used in modern SAT solvers to latticebased abstractions. Existing complete solvers for floatingpoint arithme ..."
Abstract

Cited by 18 (8 self)
 Add to MetaCart
We present a bitprecise decision procedure for the theory of binary floatingpoint arithmetic. The core of our approach is a nontrivial generalisation of the conflict analysis algorithm used in modern SAT solvers to latticebased abstractions. Existing complete solvers for floatingpoint arithmetic employ bitvector encodings. Propositional solvers based on the Conflict Driven Clause Learning (CDCL) algorithm are then used as a backend. We present a naturaldomain SMT approach that lifts the CDCL framework to operate directly over abstractions of floatingpoint values. We have instantiated our method inside MATHSAT5 with the floatingpoint interval abstraction. The result is a sound and complete procedure for floatingpoint arithmetic that outperforms the stateoftheart significantly on problems that check ranges on numerical variables. Our technique is independent of the specific abstraction and can be applied to problems beyond floatingpoint satisfiability checking.
Formalizing an analytic proof of the prime number theorem (Extended Abstract)
"... ..."
(Show Context)
Formal verification of square root algorithms
 Formal Methods in Systems Design
, 2003
"... Abstract. We discuss the formal verification of some lowlevel mathematical software for the Intel ® Itanium ® architecture. A number of important algorithms have been proven correct using the HOL Light theorem prover. After briefly surveying some of our formal verification work, we discuss in more ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Abstract. We discuss the formal verification of some lowlevel mathematical software for the Intel ® Itanium ® architecture. A number of important algorithms have been proven correct using the HOL Light theorem prover. After briefly surveying some of our formal verification work, we discuss in more detail the verification of a square root algorithm, which helps to illustrate why some features of HOL Light, in particular programmability, make it especially suitable for these applications. 1. Overview The Intel ® Itanium ® architecture is a new 64bit architecture jointly developed by Intel and HewlettPackard, implemented in the Itanium® processor family (IPF). Among the software supplied by Intel to support IPF processors are some optimized mathematical functions to supplement or replace less efficient generic libraries. Naturally, the correctness of the algorithms used in such software is always a major concern. This is particularly so for division, square root and certain transcendental function kernels, which are intimately tied to the basic architecture. First, in IA32 compatibility mode, these algorithms are used by hardware instructions like fptan and fdiv. And while in “native ” mode, division and square root are implemented in software, typical users are likely to see them as part of the basic architecture. The formal verification of some of the division algorithms is described by Harrison (2000b), and a representative verification of a transcendental function by Harrison (2000a). In this paper we complete the picture by considering a square root algorithm. Division, transcendental functions and square roots all have quite distinctive features and their formal verifications differ widely from each other. The present proofs have a number of interesting features, and show how important some theorem prover features — in particular programmability — are. The formal verifications are conducted using the freely available 1 HOL Light prover (Harrison, 1996). HOL Light is a version of HOL (Gordon and Melham, 1993), itself a descendent of Edinburgh LCF
A FormallyVerified C Compiler Supporting FloatingPoint Arithmetic
, 2012
"... Abstract—Floatingpoint arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE754 standard was a push towards straightening the field and made formal reasoning about floatingpoint computations possible. Unfortunately, this is not sufficient to guarantee the final result ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
(Show Context)
Abstract—Floatingpoint arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE754 standard was a push towards straightening the field and made formal reasoning about floatingpoint computations possible. Unfortunately, this is not sufficient to guarantee the final result of a program, as several other actors are involved: programming language, compiler, architecture. The CompCert formallyverified compiler provides a solution to this problem: this compiler comes with a mathematical specification of the semantics of its source language (ISO C90) and target platforms (ARM, PowerPC, x86SSE2), and with a proof that compilation preserves semantics. In this paper, we report on our recent success in formally specifying and proving correct CompCert’s compilation of floatingpoint arithmetic. Since CompCert is verified using the Coq proof assistant, this effort required a suitable Coq formalization of the IEEE754 standard; we extended the Flocq library for this purpose. As a result, we obtain the first formally verified compiler that provably preserves the semantics of floatingpoint programs. Index Terms—floatingpoint arithmetic; verified compilation; formal proof; floatingpoint semantic preservation; I.
Floatingpoint verification
 International Journal Of ManMachine Studies
, 1995
"... Abstract: This paper overviews the application of formal verification techniques to hardware in general, and to floatingpoint hardware in particular. A specific challenge is to connect the usual mathematical view of continuous arithmetic operations with the discrete world, in a credible and verifia ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
Abstract: This paper overviews the application of formal verification techniques to hardware in general, and to floatingpoint hardware in particular. A specific challenge is to connect the usual mathematical view of continuous arithmetic operations with the discrete world, in a credible and verifiable way.
Hardwareindependent proofs of numerical programs
, 2010
"... On recent architectures, a numerical program may give different answers depending on the execution hardware and the compilation. Our goal is to formally prove properties about numerical programs that are true for multiple architectures and compilers. We propose an approach that states the rounding e ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
On recent architectures, a numerical program may give different answers depending on the execution hardware and the compilation. Our goal is to formally prove properties about numerical programs that are true for multiple architectures and compilers. We propose an approach that states the rounding error of each floatingpoint computation whatever the environment. This approach is implemented in the FramaC platform for static analysis of C code. Small case studies using this approach are entirely and automatically proved.