196 research outputs found
On Sound Relative Error Bounds for Floating-Point Arithmetic
State-of-the-art static analysis tools for verifying finite-precision code
compute worst-case absolute error bounds on numerical errors. These are,
however, often not a good estimate of accuracy as they do not take into account
the magnitude of the computed values. Relative errors, which compute errors
relative to the value's magnitude, are thus preferable. While today's tools do
report relative error bounds, these are merely computed via absolute errors and
thus not necessarily tight or more informative. Furthermore, whenever the
computed value is close to zero on part of the domain, the tools do not report
any relative error estimate at all. Surprisingly, the quality of relative error
bounds computed by today's tools has not been systematically studied or
reported to date. In this paper, we investigate how state-of-the-art static
techniques for computing sound absolute error bounds can be used, extended and
combined for the computation of relative errors. Our experiments on a standard
benchmark set show that computing relative errors directly, as opposed to via
absolute errors, is often beneficial and can provide error estimates up to six
orders of magnitude tighter, i.e. more accurate. We also show that interval
subdivision, another commonly used technique to reduce over-approximations, has
less benefit when computing relative errors directly, but it can help to
alleviate the effects of the inherent issue of relative error estimates close
to zero
Formal Proofs for Nonlinear Optimization
We present a formally verified global optimization framework. Given a
semialgebraic or transcendental function and a compact semialgebraic domain
, we use the nonlinear maxplus template approximation algorithm to provide a
certified lower bound of over . This method allows to bound in a modular
way some of the constituents of by suprema of quadratic forms with a well
chosen curvature. Thus, we reduce the initial goal to a hierarchy of
semialgebraic optimization problems, solved by sums of squares relaxations. Our
implementation tool interleaves semialgebraic approximations with sums of
squares witnesses to form certificates. It is interfaced with Coq and thus
benefits from the trusted arithmetic available inside the proof assistant. This
feature is used to produce, from the certificates, both valid underestimators
and lower bounds for each approximated constituent. The application range for
such a tool is widespread; for instance Hales' proof of Kepler's conjecture
yields thousands of multivariate transcendental inequalities. We illustrate the
performance of our formal framework on some of these inequalities as well as on
examples from the global optimization literature.Comment: 24 pages, 2 figures, 3 table
A Verified Certificate Checker for Finite-Precision Error Bounds in Coq and HOL4
Being able to soundly estimate roundoff errors of finite-precision
computations is important for many applications in embedded systems and
scientific computing. Due to the discrepancy between continuous reals and
discrete finite-precision values, automated static analysis tools are highly
valuable to estimate roundoff errors. The results, however, are only as correct
as the implementations of the static analysis tools. This paper presents a
formally verified and modular tool which fully automatically checks the
correctness of finite-precision roundoff error bounds encoded in a certificate.
We present implementations of certificate generation and checking for both Coq
and HOL4 and evaluate it on a number of examples from the literature. The
experiments use both in-logic evaluation of Coq and HOL4, and execution of
extracted code outside of the logics: we benchmark Coq extracted unverified
OCaml code and a CakeML-generated verified binary
Trusting Computations: a Mechanized Proof from Partial Differential Equations to Actual Program
Computer programs may go wrong due to exceptional behaviors, out-of-bound
array accesses, or simply coding errors. Thus, they cannot be blindly trusted.
Scientific computing programs make no exception in that respect, and even bring
specific accuracy issues due to their massive use of floating-point
computations. Yet, it is uncommon to guarantee their correctness. Indeed, we
had to extend existing methods and tools for proving the correct behavior of
programs to verify an existing numerical analysis program. This C program
implements the second-order centered finite difference explicit scheme for
solving the 1D wave equation. In fact, we have gone much further as we have
mechanically verified the convergence of the numerical scheme in order to get a
complete formal proof covering all aspects from partial differential equations
to actual numerical results. To the best of our knowledge, this is the first
time such a comprehensive proof is achieved.Comment: N° RR-8197 (2012). arXiv admin note: text overlap with
arXiv:1112.179
Certified Impossibility Results for Byzantine-Tolerant Mobile Robots
We propose a framework to build formal developments for robot networks using
the COQ proof assistant, to state and to prove formally various properties. We
focus in this paper on impossibility proofs, as it is natural to take advantage
of the COQ higher order calculus to reason about algorithms as abstract
objects. We present in particular formal proofs of two impossibility results
forconvergence of oblivious mobile robots if respectively more than one half
and more than one third of the robots exhibit Byzantine failures, starting from
the original theorems by Bouzid et al.. Thanks to our formalization, the
corresponding COQ developments are quite compact. To our knowledge, these are
the first certified (in the sense of formally proved) impossibility results for
robot networks
Wave Equation Numerical Resolution: a Comprehensive Mechanized Proof of a C Program
We formally prove correct a C program that implements a numerical scheme for
the resolution of the one-dimensional acoustic wave equation. Such an
implementation introduces errors at several levels: the numerical scheme
introduces method errors, and floating-point computations lead to round-off
errors. We annotate this C program to specify both method error and round-off
error. We use Frama-C to generate theorems that guarantee the soundness of the
code. We discharge these theorems using SMT solvers, Gappa, and Coq. This
involves a large Coq development to prove the adequacy of the C program to the
numerical scheme and to bound errors. To our knowledge, this is the first time
such a numerical analysis program is fully machine-checked.Comment: No. RR-7826 (2011
Verified compilation and optimization of floating-point kernels
When verifying safety-critical code on the level of source code, we trust the compiler to produce machine code that preserves the behavior of the source code. Trusting a verified compiler is easy. A rigorous machine-checked proof shows that the compiler correctly translates source code into machine code. Modern verified compilers (e.g. CompCert and CakeML) have rich input languages, but only rudimentary support for floating-point arithmetic. In fact, state-of-the-art verified compilers only implement and verify an inflexible one-to-one translation from floating-point source code to machine code. This translation completely ignores that floating-point arithmetic is actually a discrete representation of the continuous real numbers. This thesis presents two extensions improving floating-point arithmetic in CakeML. First, the thesis demonstrates verified compilation of elementary functions to floating-point code in: Dandelion, an automatic verifier for polynomial approximations of elementary functions; and libmGen, a proof-producing compiler relating floating-point machine code to the implemented real-numbered elementary function. Second, the thesis demonstrates verified optimization of floating-point code in: Icing, a floating-point language extending standard floating-point arithmetic with optimizations similar to those used by unverified compilers, like GCC and LLVM; and RealCake, an extension of CakeML with Icing into the first fully verified optimizing compiler for floating-point arithmetic.Bei der Verifizierung von sicherheitsrelevantem Quellcode vertrauen wir dem Compiler, dass er Maschinencode ausgibt, der sich wie der Quellcode verhält. Man kann ohne weiteres einem verifizierten Compiler vertrauen. Ein rigoroser maschinen-ü}berprüfter Beweis zeigt, dass der Compiler Quellcode in korrekten Maschinencode übersetzt. Moderne verifizierte Compiler (z.B. CompCert und CakeML) haben komplizierte Eingabesprachen, aber unterstützen Gleitkommaarithmetik nur rudimentär. De facto implementieren und verifizieren hochmoderne verifizierte Compiler für Gleitkommaarithmetik nur eine starre eins-zu-eins Übersetzung von Quell- zu Maschinencode. Diese Übersetzung ignoriert vollständig, dass Gleitkommaarithmetik eigentlich eine diskrete Repräsentation der kontinuierlichen reellen Zahlen ist. Diese Dissertation präsentiert zwei Erweiterungen die Gleitkommaarithmetik in CakeML verbessern. Zuerst demonstriert die Dissertation verifizierte Übersetzung von elementaren Funktionen in Gleitkommacode mit: Dandelion, einem automatischen Verifizierer für Polynomapproximierungen von elementaren Funktionen; und libmGen, einen Beweis-erzeugenden Compiler der Gleitkommacode in Relation mit der implementierten elementaren Funktion setzt. Dann demonstriert die Dissertation verifizierte Optimierung von Gleitkommacode mit: Icing, einer Gleitkommasprache die Gleitkommaarithmetik mit Optimierungen erweitert die ähnlich zu denen in unverifizierten Compilern, wie GCC und LLVM, sind; und RealCake, eine Erweiterung von CakeML mit Icing als der erste vollverifizierte Compiler für Gleitkommaarithmetik
A formally verified compiler back-end
This article describes the development and formal verification (proof of
semantic preservation) of a compiler back-end from Cminor (a simple imperative
intermediate language) to PowerPC assembly code, using the Coq proof assistant
both for programming the compiler and for proving its correctness. Such a
verified compiler is useful in the context of formal methods applied to the
certification of critical software: the verification of the compiler guarantees
that the safety properties proved on the source code hold for the executable
compiled code as well
- …