Formal proof for delayed finite field arithmetic using floating point operators

Formal proof checkers such as Coq are capable of validating proofs of correction of algorithms for finite field arithmetics but they require extensive training from potential users. The delayed solution of a triangular system over a finite field mixes operations on integers and operations on floating point numbers. We focus in this report on verifying proof obligations that state that no round off error occurred on any of the floating point operations. We use a tool named Gappa that can be learned in a matter of minutes to generate proofs related to floating point arithmetic and hide technicalities of formal proof checkers. We found that three facilities are missing from existing tools. The first one is the ability to use in Gappa new lemmas that cannot be easily expressed as rewriting rules. We coined the second one ``variable interchange'' as it would be required to validate loop interchanges. The third facility handles massive loop unrolling and argument instantiation by generating traces of execution for a large number of cases. We hope that these facilities may sometime in the future be integrated into mainstream code validation.Comment: 8th Conference on Real Numbers and Computers, Saint Jacques de Compostelle : Espagne (2008

Observables in Topological Theories: A Superspace Formulation

Observables of topological Yang-Mills theory were defined by Witten as the classes of an equivariant cohomology. We propose to define them alternatively as the BRST cohomology classes of a superspace version of the theory, where BRST invariance is associated to super Yang-Mills invariance. We provide and discuss the general solution of this cohomology.Comment: Prepared for International Conference on Renormalization Group and Anomalies in Gravity and Cosmology (IRGA 2003), Ouro Preto, MG, Brazil, 17-23 Mar 200

Remarks on Infrared Dynamics in QED3

In this work we study how the infrared sector of the interaction Hamiltonian can affect the construction of the S matrix operator of QED in (2+1) dimensions.Comment: 9 page

The Causal Phase in QED3QED_{3}

The operator ${\bf S}$ in Fock space which describes the scattering and particle production processes in an external time-dependent electromagnetic potential $A$ can be constructed from the one-particle S-matrix up to a physical phase $\lambda [A]$. In this work we determine this phase for $QED$ in (2+1) dimensions, by means of causality, and show that no ultraviolet divergences arise, in contrast to the usual formalism of $QED$.Comment: LaTex, 11 pages, no figure

Properties of the subtraction valid for any floating point system

International audienceWe start in this text with a very generic definition of floating point systems. We show that just a few very natural necessary conditions are sufficient to focus down to two classes of implemented floating point arithmetic. Later, we prove that, for all the existing implementations, high level properties such as Sterbenz's theorem are satisfied. We finish this text by focusing on the differences between an IEEE-754 compatible unit and Texas Instrument TMS/SMJ 320C3x digital signal processing circuit that is recommended for avionics and military applications. The results presented in this text have been validated by the Coq automatic proof checker to build confidence for later implementations in critical systems such as an aircraft flight control primary or secondary computer

When double rounding is odd

International audienceMany general purpose processors (including Intel's) may not always produce the correctly rounded result of a floating-point operation due to double rounding. Instead of rounding the value to the working precision, the value is first rounded in an intermediate extended precision and then rounded in the working precision; this often means a loss of accuracy. We suggest the use of rounding to odd as the first rounding in order to regain this accuracy: we prove that the double rounding then gives the correct rounding to the nearest value. To increase the trust on this result, as this rounding is unusual and this property is surprising, we formally proved this property using the Coq automatic proof checker

Properties of two's complement floating point notations

International audienceFew designs, mostly those of Texas Instruments, continue to use tworsquos complement floating point units. Such units are simpler to build and to validate, but they do not comply to the dominant IEEE standard for floating point arithmetic. We compare some properties of the two systems in this text. Some features are lost, but others remain unchanged. One strong example is the case of Sterbenzrsquos theorem and our recent extension. We show in the paper that the theorem and its extension hold for the tworsquos complement architecture. Still, users should ensure that results are large enough on circuits that do not implement gradual underflow. Theorems have been proven and validated using the Coq automatic proof checker

Trusting Computations: a Mechanized Proof from Partial Differential Equations to Actual Program

Computer programs may go wrong due to exceptional behaviors, out-of-bound array accesses, or simply coding errors. Thus, they cannot be blindly trusted. Scientific computing programs make no exception in that respect, and even bring specific accuracy issues due to their massive use of floating-point computations. Yet, it is uncommon to guarantee their correctness. Indeed, we had to extend existing methods and tools for proving the correct behavior of programs to verify an existing numerical analysis program. This C program implements the second-order centered finite difference explicit scheme for solving the 1D wave equation. In fact, we have gone much further as we have mechanically verified the convergence of the numerical scheme in order to get a complete formal proof covering all aspects from partial differential equations to actual numerical results. To the best of our knowledge, this is the first time such a comprehensive proof is achieved.Comment: N° RR-8197 (2012). arXiv admin note: text overlap with arXiv:1112.179