Certifying floating-point implementations using Gappa

High confidence in floating-point programs requires proving numerical properties of final and intermediate values. One may need to guarantee that a value stays within some range, or that the error relative to some ideal value is well bounded. Such work may require several lines of proof for each line of code, and will usually be broken by the smallest change to the code (e.g. for maintenance or optimization purpose). Certifying these programs by hand is therefore very tedious and error-prone. This article discusses the use of the Gappa proof assistant in this context. Gappa has two main advantages over previous approaches: Its input format is very close to the actual C code to validate, and it automates error evaluation and propagation using interval arithmetic. Besides, it can be used to incrementally prove complex mathematical properties pertaining to the C code. Yet it does not require any specific knowledge about automatic theorem proving, and thus is accessible to a wide community. Moreover, Gappa may generate a formal proof of the results that can be checked independently by a lower-level proof assistant like Coq, hence providing an even higher confidence in the certification of the numerical code. The article demonstrates the use of this tool on a real-size example, an elementary function with correctly rounded output

Increasing the Reliability of Adaptive Quadrature Using Explicit Interpolants

We present two new adaptive quadrature routines. Both routines differ from previously published algorithms in many aspects, most significantly in how they represent the integrand, how they treat non-numerical values of the integrand, how they deal with improper divergent integrals and how they estimate the integration error. The main focus of these improvements is to increase the reliability of the algorithms without significantly impacting their efficiency. Both algorithms are implemented in Matlab and tested using both the "families" suggested by Lyness and Kaganove and the battery test used by Gander and Gautschi and Kahaner. They are shown to be more reliable, albeit in some cases less efficient, than other commonly-used adaptive integrators.Comment: 32 pages, submitted to ACM Transactions on Mathematical Softwar

Computational arithmetic : an updated view

'This paper begins with a review of the fioating-point system, where fioating-point numbers are characterized. It reveals the need of a stan dard in order to solve the problem of production of different results in different computers, as well as the problems oflibrary's portability and software package. It also characterizes the IEEE-754 standard, which specifies the binary fioating-point system for computers since 1980. This standard also specifies: r~presentation of numbers, arithmetic operations, conversion between formats and treatment of exception with underflow and overfiow. Special types of the NaN (not a num ber), + and - infinite, non normalized numbers and implicit bit are also characterized

Correct Approximation of IEEE 754 Floating-Point Arithmetic for Program Verification

Verification of programs using floating-point arithmetic is challenging on several accounts. One of the difficulties of reasoning about such programs is due to the peculiarities of floating-point arithmetic: rounding errors, infinities, non-numeric objects (NaNs), signed zeroes, denormal numbers, different rounding modes, etc. One possibility to reason about floating-point arithmetic is to model a program computation path by means of a set of ternary constraints of the form z = x op y and use constraint propagation techniques to infer new information on the variables' possible values. In this setting, we define and prove the correctness of algorithms to precisely bound the value of one of the variables x, y or z, starting from the bounds known for the other two. We do this for each of the operations and for each rounding mode defined by the IEEE 754 binary floating-point standard, even in the case the rounding mode in effect is only partially known. This is the first time that such so-called filtering algorithms are defined and their correctness is formally proved. This is an important slab for paving the way to formal verification of programs that use floating-point arithmetics.Comment: 64 pages, 19 figures, 2 table

The Design, construction, and implementation of an engineering software command processor and macro compiler

This paper presents the design and construction of a software translator that serves as a foundation, or central engine, around which an entire engineering software system can be constructed. To provide the user with a powerful interface to drive an application, a high-level procedural language similar to FORTRAN or BASIC is integrated into the translator. An application shell was also written to provide the user with an interactive command line environment for using the translator. The translator, language, and application shell together mechanize a programming and command interpreter environment. Users can interactively enter commands from the keyboard or load and process pre-written macro files from disk. The language gives users the ability to create variables, arrays, and functions, process complex mathematical expressions, and develop sophisticated macro programs. The language is quite capable of solving very complex engineering problems. Several engineering examples are presented including a solution to a four-bar crank mechanism, adding a material library to an application, a command line integration solver, a Runge-Kutta routine for solving sets of differential equations, and a convolution integral routine. The translator is modular, easily extensible, written entirely in C/C++, and readily portable to different platforms. A set of diagnostic tools is integrated into the translator to aid the developer in future development work. Complete theory and design details for all phases of the translator and language are presented. Performance issues are studied including a comparison against C/C++ and MS-DOS Qbasic. Exploration in application integration for a simulation package similar to CSMP is investigated. A complete Language and Compiler Guide is supplied with the program