42 research outputs found
A Verified Certificate Checker for Finite-Precision Error Bounds in Coq and HOL4
Being able to soundly estimate roundoff errors of finite-precision
computations is important for many applications in embedded systems and
scientific computing. Due to the discrepancy between continuous reals and
discrete finite-precision values, automated static analysis tools are highly
valuable to estimate roundoff errors. The results, however, are only as correct
as the implementations of the static analysis tools. This paper presents a
formally verified and modular tool which fully automatically checks the
correctness of finite-precision roundoff error bounds encoded in a certificate.
We present implementations of certificate generation and checking for both Coq
and HOL4 and evaluate it on a number of examples from the literature. The
experiments use both in-logic evaluation of Coq and HOL4, and execution of
extracted code outside of the logics: we benchmark Coq extracted unverified
OCaml code and a CakeML-generated verified binary
Certifying floating-point implementations using Gappa
High confidence in floating-point programs requires proving numerical
properties of final and intermediate values. One may need to guarantee that a
value stays within some range, or that the error relative to some ideal value
is well bounded. Such work may require several lines of proof for each line of
code, and will usually be broken by the smallest change to the code (e.g. for
maintenance or optimization purpose). Certifying these programs by hand is
therefore very tedious and error-prone. This article discusses the use of the
Gappa proof assistant in this context. Gappa has two main advantages over
previous approaches: Its input format is very close to the actual C code to
validate, and it automates error evaluation and propagation using interval
arithmetic. Besides, it can be used to incrementally prove complex mathematical
properties pertaining to the C code. Yet it does not require any specific
knowledge about automatic theorem proving, and thus is accessible to a wide
community. Moreover, Gappa may generate a formal proof of the results that can
be checked independently by a lower-level proof assistant like Coq, hence
providing an even higher confidence in the certification of the numerical code.
The article demonstrates the use of this tool on a real-size example, an
elementary function with correctly rounded output
A certified infinite norm for the implementation of elementary functions
The version available on HAL is slightly different from the published version because it contains full proofs.International audienceThe high-quality floating-point implementation of useful functions f : R -> R, such as exp, sin, erf requires bounding the error eps = (p-f)/f of an approximation p with regard to the function f. This involves bounding the infinite norm ||eps|| of the error function. Its value must not be underestimated when implementations must be safe. Previous approaches for computing infinite norm are shown to be either unsafe, not sufficiently tight or too tedious in manual work. We present a safe and self-validating algorithm for automatically upper- and lower-bounding infinite norms of error functions. The algorithm is based on enhanced interval arithmetic. It can overcome high cancellation and high condition number around points where the error function is defined only by continuous extension. The given algorithm is implemented in a software tool. It can generate a proof of correctness for each instance on which it is run
Formalising Mathematics in Simple Type Theory
Despite the considerable interest in new dependent type theories, simple type
theory (which dates from 1940) is sufficient to formalise serious topics in
mathematics. This point is seen by examining formal proofs of a theorem about
stereographic projections. A formalisation using the HOL Light proof assistant
is contrasted with one using Isabelle/HOL. Harrison's technique for formalising
Euclidean spaces is contrasted with an approach using Isabelle/HOL's axiomatic
type classes. However, every formal system can be outgrown, and mathematics
should be formalised with a view that it will eventually migrate to a new
formalism
Dandelion: Certified Approximations of Elementary Functions
Elementary function operations such as sin and exp cannot in general be computed exactly on today's digital computers, and thus have to be approximated. The standard approximations in library functions typically provide only a limited set of precisions, and are too inefficient for many applications. Polynomial approximations that are customized to a limited input domain and output accuracy can provide superior performance. In fact, the Remez algorithm computes the best possible approximation for a given polynomial degree, but has so far not been formally verified. This paper presents Dandelion, an automated certificate checker for polynomial approximations of elementary functions computed with Remez-like algorithms that is fully verified in the HOL4 theorem prover. Dandelion checks whether the difference between a polynomial approximation and its target reference elementary function remains below a given error bound for all inputs in a given constraint. By extracting a verified binary with the CakeML compiler, Dandelion can validate certificates within a reasonable time, fully automating previous manually verified approximations
Mathematical Proof Between Generations
A proof is one of the most important concepts of mathematics. However, there
is a striking difference between how a proof is defined in theory and how it is
used in practice. This puts the unique status of mathematics as exact science
into peril. Now may be the time to reconcile theory and practice, i.e.
precision and intuition, through the advent of computer proof assistants. For
the most time this has been a topic for experts in specialized communities.
However, mathematical proofs have become increasingly sophisticated, stretching
the boundaries of what is humanly comprehensible, so that leading
mathematicians have asked for formal verification of their proofs. At the same
time, major theorems in mathematics have recently been computer-verified by
people from outside of these communities, even by beginning students. This
article investigates the gap between the different definitions of a proof and
possibilities to build bridges. It is written as a polemic or a collage by
different members of the communities in mathematics and computer science at
different stages of their careers, challenging well-known preconceptions and
exploring new perspectives.Comment: 17 pages, 1 figur
Michael John Caldwell Gordon (FRS 1994), 28 February 1948 -- 22 August 2017
Michael Gordon was a pioneer in the field of interactive theorem proving and
hardware verification. In the 1970s, he had the vision of formally verifying
system designs, proving their correctness using mathematics and logic. He
demonstrated his ideas on real-world computer designs. His students extended
the work to such diverse areas as the verification of floating-point
algorithms, the verification of probabilistic algorithms and the verified
translation of source code to correct machine code. He was elected to the Royal
Society in 1994, and he continued to produce outstanding research until
retirement.
His achievements include his work at Edinburgh University helping to create
Edinburgh LCF, the first interactive theorem prover of its kind, and the ML
family of functional programming languages. He adopted higher-order logic as a
general formalism for verification, showing that it could specify hardware
designs from the gate level right up to the processor level. It turned out to
be an ideal formalism for many problems in computer science and mathematics.
His tools and techniques have exerted a huge influence across the field of
formal verification