37 research outputs found
Interval Slopes as Numerical Abstract Domain for Floating-Point Variables
The design of embedded control systems is mainly done with model-based tools
such as Matlab/Simulink. Numerical simulation is the central technique of
development and verification of such tools. Floating-point arithmetic, that is
well-known to only provide approximated results, is omnipresent in this
activity. In order to validate the behaviors of numerical simulations using
abstract interpretation-based static analysis, we present, theoretically and
with experiments, a new partially relational abstract domain dedicated to
floating-point variables. It comes from interval expansion of non-linear
functions using slopes and it is able to mimic all the behaviors of the
floating-point arithmetic. Hence it is adapted to prove the absence of run-time
errors or to analyze the numerical precision of embedded control systems
Provably Correct Floating-Point Implementation of a Point-In-Polygon Algorithm
The problem of determining whether or not a point lies inside a given polygon occurs in many applications. In air traffic management concepts, a correct solution to the point-in-polygon problem is critical to geofencing systems for Unmanned Aerial Vehicles and in weather avoidance applications. Many mathematical methods can be used to solve the point-in-polygon problem. Unfortunately, a straightforward floating- point implementation of these methods can lead to incorrect results due to round-off errors. In particular, these errors may cause the control flow of the program to diverge with respect to the ideal real-number algorithm. This divergence potentially results in an incorrect point-in- polygon determination even when the point is far from the edges of the polygon. This paper presents a provably correct implementation of a point-in-polygon method that is based on the computation of the winding number. This implementation is mechanically generated from a source- to-source transformation of the ideal real-number specification of the algorithm. The correctness of this implementation is formally verified within the Frama-C analyzer, where the proof obligations are discharged using the Prototype Verification System (PVS)
A Formally Verified Floating-Point Implementation of the Compact Position Reporting Algorithm
The Automatic Dependent Surveillance-Broadcast (ADS-B) system allows aircraft to communicate their current state, including position and velocity information, to other aircraft in their vicinity and to ground stations. The Compact Position Reporting (CPR) algorithm is the ADS-B module responsible for the encoding and decoding of aircraft positions. CPR is highly sensitive to computer arithmetic since it heavily relies on functions that are intrinsically unstable such as floor and modulo. In this paper, a formally-verified double-precision floating-point implementation of the CPR algorithm is presented. The verification proceeds in three steps. First, an alternative version of CPR, which reduces the floating-point rounding error is proposed. Then, the Prototype Verification System (PVS) is used to formally prove that the ideal real-number counterpart of the improved algorithm is mathematically equivalent to the standard CPR definition. Finally, the static analyzer Frama-C is used to verify that the double-precision implementation of the improved algorithm is correct with respect to its operational requirement. The alternative algorithm is currently being considered for inclusion in the revised version of the ADS-B standards document as the reference implementation of the CPR algorithm
Robustness Verification of Support Vector Machines
We study the problem of formally verifying the robustness to adversarial
examples of support vector machines (SVMs), a major machine learning model for
classification and regression tasks. Following a recent stream of works on
formal robustness verification of (deep) neural networks, our approach relies
on a sound abstract version of a given SVM classifier to be used for checking
its robustness. This methodology is parametric on a given numerical abstraction
of real values and, analogously to the case of neural networks, needs neither
abstract least upper bounds nor widening operators on this abstraction. The
standard interval domain provides a simple instantiation of our abstraction
technique, which is enhanced with the domain of reduced affine forms, which is
an efficient abstraction of the zonotope abstract domain. This robustness
verification technique has been fully implemented and experimentally evaluated
on SVMs based on linear and nonlinear (polynomial and radial basis function)
kernels, which have been trained on the popular MNIST dataset of images and on
the recent and more challenging Fashion-MNIST dataset. The experimental results
of our prototype SVM robustness verifier appear to be encouraging: this
automated verification is fast, scalable and shows significantly high
percentages of provable robustness on the test set of MNIST, in particular
compared to the analogous provable robustness of neural networks
Dépliage de Boucles Versus Précision Numérique
Les calculs en nombres flottants sont intensivement utilisés dans divers domaines, notamment les
systèmes embarqués critiques. En général, les résultats de ces calculs sont perturbés par les erreurs
d’arrondi. Dans un scenario critique, ces erreurs peuvent être accumulées et propagées, générant ainsi
des dommages plus ou moins graves sur le plan humain, matériel, financier, etc. Il est donc souhaitable
d’obtenir les résultats les plus précis possibles lorsque nous utilisons l’arithmétique flottante.
Pour remédier à ce problème, l’outil Salsa [7] permet d’améliorer la précision des calculs en corrigeant
partiellement ces erreurs d’arrondi par une transformation automatique et source à source des
programmes. La principale contribution de ce travail consiste à analyser, à étudier si l’optimisation
par dépliage de boucles améliore plus la précision numérique des calculs dans le programme initial.
À cours terme, on souhaite définir un facteur de dépliage de boucles, c’est à dire, trouver quand est-ce
qu’il est pertinent de déplier la boucle dans le programme