Some Formal Tools for Computer Arithmetic: Flocq and Gappa.

Flocq is a library of mathematical definitions and theorems for the Coq proof assistant; Gappa is meant to compute bounds of values and errors, while producing the corresponding formal proof. ... We describe here these tools, how they interact and how they fit in a larger verification process. ... ACKNOWLEDGMENTS This project has received funding from the European Commission under the Horizon 2020 research and innovation programme Grant agreement N°810367. ...

doi:10.1109/arith51176.2021.00031 fatcat:ibiw7molinc37ebxd4whml44pe

Several formalizations of floating-point arithmetic have been designed for the Coq system, a generic proof assistant. ... It offers a multi-radix and multi-precision formalization for various floating-and fixed-point formats. ... Gappa Two of the motivations for the Flocq library were: avoiding proof duplication between formalisms for Coq and allowing automation within a high-level formalism. ...

doi:10.1109/arith.2011.40 dblp:conf/arith/BoldoM10 fatcat:3agizdb5qvfzfovccorca6be5e

This article presents a formal proof of this algorithm, an improvement of its error bound and new investigations in case of underflow. ... This is the case for the computation of the area of a triangle. When the triangle is needle-like, the common formula has a very poor accuracy. ... Flocq is a formalization in Coq that offers a multi-radix and multi-precision formalization for various floating-and fixed-point formats (including FP with or without gradual underflow) with a comprehensive ...

doi:10.1109/arith.2013.29 dblp:conf/arith/Boldo13 fatcat:77lr732lvfanvbnflik25tfdzu

This hinders compiler optimizations and results in non-constant time computation, which is a problem in some applications. ... We fully proved the correctness of our algorithm, which mixes floating-point and fixed-bitwidth integer computations, using the Coq proof assistant and successfully integrated it into the CompCert formally ... Acknowledgments We wish to thank Cyril Six for help in running experiments on actual KV3 processors. ...

arXiv:2207.08420v1 fatcat:7phbzwxucjdedkblynmqtbvkia

Interval arithmetic libraries provide the four elementary arithmetic operators for operand intervals bounded by floating-point numbers. ... For this purpose, we utilize the Why3 platform equipped with a specification language for annotated programs and back-end theorem provers. ... Acknowledgements This work was partially funded by JSPS (KAKENHI J180000175 and J180000528). ...

arXiv:2003.10623v1 fatcat:afa45xxlmrf5nnxquowzezclnq

Multiple Versions

the formal semantics of CompCert Clight and the Flocq formal specification of IEEE 754 floating-point arithmetic for the verification of properties of floating-point computations in C programs. ... rounding errors and energy-efficient approximations of square root and sine. ... Acknowledgments We thank Xavier Leroy and Jacques-Henri Jourdan for our insightful discussions, and our anonymous reviewers for their many valuable comments and questions. ...

doi:10.1145/2854065.2854066 dblp:conf/cpp/RamananandroMML16 fatcat:3p5fjcmis5bqvnjy4mdusjr7mu

The SMT-LIB standard defines a formal semantics for a theory of floating-point (FP) arithmetic (FPA). ... This formalization reduces FP operations to reals by means of a rounding operator, as done in the IEEE-754 standard. ... For now, we follow the examples of the Gappa tool [8] and of the Flocq library [3] , so we assume that the target format has an unbounded e max . ...

doi:10.1007/978-3-319-63390-9_22 fatcat:tewo6v5crfcxpg32fcsydpb7ve

Being able to soundly estimate roundoff errors of finite-precision computations is important for many applications in embedded systems and scientific computing. ... This paper presents a formally verified and modular tool which fully automatically checks the correctness of finite-precision roundoff error bounds encoded in a certificate. ... Gappa has some support for fixed-points, but FloVer is the only tool with formalized affine arithmetic. ...

arXiv:1707.02115v2 fatcat:2c2jwcvlpfcsvnu4ncod2wuqdm

Multiple Versions

We use abstract interpretation to compute numerical bounds of expressions, and we use multiple automated provers, relying on different strategies for representing floating-point computations. ... One of these strategies is based on the native support for floating-point arithmetic recently added in the SMT-LIB standard. ... In 2007, Boldo and Filliâtre proposed an approach for proving properties related to FP computations in concrete C, using the Caduceus tool and Coq for the proofs [5] . ...

doi:10.1007/978-3-319-72308-2_7 fatcat:pj5a5gredzeu7ezxshgnrrjowe

We also present and formally prove a new algorithm that computes the correct rounding of the average of two floating-point numbers. ... The most well-known feature of floating-point arithmetic is the limited precision, which creates round-off errors and inaccuracies. ... Zimmermann and V.Lefèvre for constructive discussions that turned E i + 2p + 2 into E i + 2p + 1 in Theorem 2. ...

doi:10.1007/978-3-319-25423-4_2 fatcat:gfzwbbhfr5fphl3omhtyitr2py

Indeed, we had to extend existing methods and tools for proving the correct behavior of programs to verify an existing numerical analysis program. ... Scientific computing programs make no exception in that respect, and even bring specific accuracy issues due to their massive use of floating-point computations. ... We are also thankful to Vincent Martin for his constructive remarks on this article. Last, we feel indebted to the reviewers for their invaluable suggestions. ...

arXiv:1212.6641v3 fatcat:h25wy4wfr5fm3orhck5qzsyjdu

Multiple Versions

Indeed, we had to extend existing methods and tools for proving the correct behavior of programs to verify an existing numerical analysis program. ... Scientific computing programs make no exception in that respect, and even bring specific accuracy issues due to their massive use of floating-point computations. ... We are also thankful to Vincent Martin for his constructive remarks on this article. Last, we feel indebted to the reviewers for their invaluable suggestions. ...

doi:10.1016/j.camwa.2014.06.004 fatcat:5ahg2ixh3naolpl4pdm5u5fac4

Szczepanski

Developers often selectively use these optimizations in mainstream compilers like GCC and LLVM to improve the performance of computations over noisy inputs or for heuristics by allowing the compiler to ... We designed, formalized, implemented, and verified a compiler for Icing, a new language which supports selectively applying fast-math style optimizations in a verified compiler. ... CompCert [25] uses a constructive formalization of IEEE 754 arithmetic [6] based on Flocq [7] which allows for verified constant propagation and strength reduction optimizations for divisions by ...

doi:10.1007/978-3-030-25543-5_10 fatcat:otzctb6m6vbrroxrjtjcl47ksa

We demonstrate tools and methods for proofs about the correctness and numerical accuracy of C programs. ... The tools are foundational, in that they are connected to formal semantic specifications of the C operational semantics and of the IEEE 754 floating-point format. ... ACKNOWLEDGMENTS We thank Michael Soegtrop for assistance in configuring CompCert, Flocq, and VST. We thank Laurence Rideau and Guillaume Melquiond for their help in navigating the Flocq library. ...

doi:10.6092/issn.1972-5787/11442 fatcat:k5725swv5fddtmi6hggmomhz44

Open Access

Floating-point arithmetic is a very efficient solution to perform computations in the real field. ... Although numerical analysis gives tools to bound such differences, the proofs involved can be painful, hence error prone. ... Acknowledgements The author wants to express its deepest thanks to Sylvie Boldo and Guillaume Melquiond as well as to Érik Martin-Dorel and Pierre-Marie Pédrot for their help regarding this work. ...

doi:10.1007/s10817-015-9339-z fatcat:tprbattvmrabzf5tjwn2tx4fzy

Some Formal Tools for Computer Arithmetic: Flocq and Gappa

Preserved Fulltext

Flocq: A Unified Library for Proving Floating-Point Algorithms in Coq

Preserved Fulltext

How to Compute the Area of a Triangle: A Formal Revisit

Preserved Fulltext

Formally verified 32- and 64-bit integer division using double-precision floating-point arithmetic [article]

Preserved Fulltext

Computer-Assisted Verification of Four Interval Arithmetic Operators [article]

Preserved Fulltext

Other Versions

A unified Coq framework for verifying C programs with floating-point computations

Preserved Fulltext

A Three-Tier Strategy for Reasoning About Floating-Point Numbers in SMT [chapter]

Preserved Fulltext

A Verified Certificate Checker for Finite-Precision Error Bounds in Coq and HOL4 [article]

Preserved Fulltext

Other Versions

Automating the Verification of Floating-Point Programs [chapter]

Preserved Fulltext

Formal Verification of Programs Computing the Floating-Point Average [chapter]

Preserved Fulltext

Trusting Computations: a Mechanized Proof from Partial Differential Equations to Actual Program [article]

Preserved Fulltext

Other Versions

Trusting computations: A mechanized proof from partial differential equations to actual program

Preserved Fulltext

Icing: Supporting Fast-Math Style Optimizations in a Verified Compiler [chapter]

Preserved Fulltext

C floating-point proofs layered with VST and Flocq

Preserved Fulltext

Formal Proofs of Rounding Error Bounds

Preserved Fulltext