45 research outputs found
Certified Roundoff Error Bounds Using Semidefinite Programming.
Roundoff errors cannot be avoided when implementing numerical programs with finite precision. The ability to reason about rounding is especially important if one wants to explore a range of potential representations, for instance for FPGAs or custom hardware implementation. This problem becomes challenging when the program does not employ solely linear operations as non-linearities are inherent to many interesting computational problems in real-world applications. Existing solutions to reasoning are limited in the presence of nonlinear correlations between variables, leading to either imprecise bounds or high analysis time. Furthermore, while it is easy to implement a straightforward method such as interval arithmetic, sophisticated techniques are less straightforward to implement in a formal setting. Thus there is a need for methods which output certificates that can be formally validated inside a proof assistant. We present a framework to provide upper bounds on absolute roundoff errors. This framework is based on optimization techniques employing semidefinite programming and sums of squares certificates, which can be formally checked inside the Coq theorem prover. Our tool covers a wide range of nonlinear programs, including polynomials and transcendental operations as well as conditional statements. We illustrate the efficiency and precision of this tool on non-trivial programs coming from biology, optimization and space control. Our tool produces more precise error bounds for 37 percent of all programs and yields better performance in 73 percent of all programs
Certified Roundoff Error Bounds using Bernstein Expansions and Sparse Krivine-Stengle Representations
Floating point error is an inevitable drawback of embedded systems
implementation. Computing rigorous upper bounds of roundoff errors is
absolutely necessary to the validation of critical software. This problem is
even more challenging when addressing non-linear programs. In this paper, we
propose and compare two new methods based on Bernstein expansions and sparse
Krivine-Stengle representations, adapted from the field of the global
optimization to compute upper bounds of roundoff errors for programs
implementing polynomial functions. We release two related software package
FPBern and FPKiSten, and compare them with state of the art tools. We show that
these two methods achieve competitive performance, while computing accurate
upper bounds by comparison with other tools.Comment: 20 pages, 2 table
Bounds for deterministic and stochastic dynamical systems using sum-of-squares optimization
We describe methods for proving upper and lower bounds on infinite-time
averages in deterministic dynamical systems and on stationary expectations in
stochastic systems. The dynamics and the quantities to be bounded are assumed
to be polynomial functions of the state variables. The methods are
computer-assisted, using sum-of-squares polynomials to formulate sufficient
conditions that can be checked by semidefinite programming. In the
deterministic case, we seek tight bounds that apply to particular local
attractors. An obstacle to proving such bounds is that they do not hold
globally; they are generally violated by trajectories starting outside the
local basin of attraction. We describe two closely related ways past this
obstacle: one that requires knowing a subset of the basin of attraction, and
another that considers the zero-noise limit of the corresponding stochastic
system. The bounding methods are illustrated using the van der Pol oscillator.
We bound deterministic averages on the attracting limit cycle above and below
to within 1%, which requires a lower bound that does not hold for the unstable
fixed point at the origin. We obtain similarly tight upper and lower bounds on
stochastic expectations for a range of noise amplitudes. Limitations of our
methods for certain types of deterministic systems are discussed, along with
prospects for improvement.Comment: 25 pages; Added new Section 7.2; Added references; Corrected typos;
Submitted to SIAD
A Verified Certificate Checker for Finite-Precision Error Bounds in Coq and HOL4
Being able to soundly estimate roundoff errors of finite-precision
computations is important for many applications in embedded systems and
scientific computing. Due to the discrepancy between continuous reals and
discrete finite-precision values, automated static analysis tools are highly
valuable to estimate roundoff errors. The results, however, are only as correct
as the implementations of the static analysis tools. This paper presents a
formally verified and modular tool which fully automatically checks the
correctness of finite-precision roundoff error bounds encoded in a certificate.
We present implementations of certificate generation and checking for both Coq
and HOL4 and evaluate it on a number of examples from the literature. The
experiments use both in-logic evaluation of Coq and HOL4, and execution of
extracted code outside of the logics: we benchmark Coq extracted unverified
OCaml code and a CakeML-generated verified binary
On Sound Relative Error Bounds for Floating-Point Arithmetic
State-of-the-art static analysis tools for verifying finite-precision code
compute worst-case absolute error bounds on numerical errors. These are,
however, often not a good estimate of accuracy as they do not take into account
the magnitude of the computed values. Relative errors, which compute errors
relative to the value's magnitude, are thus preferable. While today's tools do
report relative error bounds, these are merely computed via absolute errors and
thus not necessarily tight or more informative. Furthermore, whenever the
computed value is close to zero on part of the domain, the tools do not report
any relative error estimate at all. Surprisingly, the quality of relative error
bounds computed by today's tools has not been systematically studied or
reported to date. In this paper, we investigate how state-of-the-art static
techniques for computing sound absolute error bounds can be used, extended and
combined for the computation of relative errors. Our experiments on a standard
benchmark set show that computing relative errors directly, as opposed to via
absolute errors, is often beneficial and can provide error estimates up to six
orders of magnitude tighter, i.e. more accurate. We also show that interval
subdivision, another commonly used technique to reduce over-approximations, has
less benefit when computing relative errors directly, but it can help to
alleviate the effects of the inherent issue of relative error estimates close
to zero
Inferring Interval-Valued Floating-Point Preconditions
Aggregated roundoff errors caused by floating-point arithmetic can make numerical code highly unreliable. Verified postconditions for floating-point functions can guarantee the accuracy of their results under specific preconditions on the function inputs, but how to systematically find an adequate precondition for a desired error bound has not been explored so far. We present two novel techniques for automatically synthesizing preconditions for floating-point functions that guarantee that user-provided accuracy requirements are satisfied. Our evaluation on a standard benchmark set shows that our approaches are complementary and able to find accurate preconditions in reasonable time
Verified compilation and optimization of floating-point kernels
When verifying safety-critical code on the level of source code, we trust the compiler to produce machine code that preserves the behavior of the source code. Trusting a verified compiler is easy. A rigorous machine-checked proof shows that the compiler correctly translates source code into machine code. Modern verified compilers (e.g. CompCert and CakeML) have rich input languages, but only rudimentary support for floating-point arithmetic. In fact, state-of-the-art verified compilers only implement and verify an inflexible one-to-one translation from floating-point source code to machine code. This translation completely ignores that floating-point arithmetic is actually a discrete representation of the continuous real numbers. This thesis presents two extensions improving floating-point arithmetic in CakeML. First, the thesis demonstrates verified compilation of elementary functions to floating-point code in: Dandelion, an automatic verifier for polynomial approximations of elementary functions; and libmGen, a proof-producing compiler relating floating-point machine code to the implemented real-numbered elementary function. Second, the thesis demonstrates verified optimization of floating-point code in: Icing, a floating-point language extending standard floating-point arithmetic with optimizations similar to those used by unverified compilers, like GCC and LLVM; and RealCake, an extension of CakeML with Icing into the first fully verified optimizing compiler for floating-point arithmetic.Bei der Verifizierung von sicherheitsrelevantem Quellcode vertrauen wir dem Compiler, dass er Maschinencode ausgibt, der sich wie der Quellcode verhĂ€lt. Man kann ohne weiteres einem verifizierten Compiler vertrauen. Ein rigoroser maschinen-ĂŒ}berprĂŒfter Beweis zeigt, dass der Compiler Quellcode in korrekten Maschinencode ĂŒbersetzt. Moderne verifizierte Compiler (z.B. CompCert und CakeML) haben komplizierte Eingabesprachen, aber unterstĂŒtzen Gleitkommaarithmetik nur rudimentĂ€r. De facto implementieren und verifizieren hochmoderne verifizierte Compiler fĂŒr Gleitkommaarithmetik nur eine starre eins-zu-eins Ăbersetzung von Quell- zu Maschinencode. Diese Ăbersetzung ignoriert vollstĂ€ndig, dass Gleitkommaarithmetik eigentlich eine diskrete ReprĂ€sentation der kontinuierlichen reellen Zahlen ist. Diese Dissertation prĂ€sentiert zwei Erweiterungen die Gleitkommaarithmetik in CakeML verbessern. Zuerst demonstriert die Dissertation verifizierte Ăbersetzung von elementaren Funktionen in Gleitkommacode mit: Dandelion, einem automatischen Verifizierer fĂŒr Polynomapproximierungen von elementaren Funktionen; und libmGen, einen Beweis-erzeugenden Compiler der Gleitkommacode in Relation mit der implementierten elementaren Funktion setzt. Dann demonstriert die Dissertation verifizierte Optimierung von Gleitkommacode mit: Icing, einer Gleitkommasprache die Gleitkommaarithmetik mit Optimierungen erweitert die Ă€hnlich zu denen in unverifizierten Compilern, wie GCC und LLVM, sind; und RealCake, eine Erweiterung von CakeML mit Icing als der erste vollverifizierte Compiler fĂŒr Gleitkommaarithmetik