reasoning about floating point arithmetic with acdcl
play

Reasoning about floating-point arithmetic with ACDCL Unifying - PowerPoint PPT Presentation

Sep 14, 2023 •99 likes •775 views

Reasoning about floating-point arithmetic with ACDCL Unifying Abstract Interpretation and Decision Procedures Daniel Kroening (joint work with Leopold Haller, Vijay DSilva, Michael Tautschnig, Martin Brain) 9 January 2013 1 Thursday, 17

  1. Reasoning about floating-point arithmetic with ACDCL Unifying Abstract Interpretation and Decision Procedures Daniel Kroening (joint work with Leopold Haller, Vijay D’Silva, Michael Tautschnig, Martin Brain) 9 January 2013 1 Thursday, 17 January 13

  2. Leopold Vijay Michael Haller D’Silva Tautschnig + Martin Brain (no photo) 2 Thursday, 17 January 13

  3. References • TACAS 2012: paths in floating-point programs with intervals • POPL 2013: Framework • VMCAI 2013: DPLL(T) • FMCAD 2012: Learning for intervals • SAS 2012: propositional SAT 3 Thursday, 17 January 13

  4. Presentation Outline Part I Existing approaches to FP - Verification Manual, Decision Abstract Semi-automated Procedures Interpretation Part II Decision Abstract Precise Scalable Procedures Interpretation Our research Abstract Satisfiability 4 Thursday, 17 January 13

  5. Part I 5 Thursday, 17 January 13

  6. IEEE754 Floating Point Numbers Special values: − 0 , +0 , −∞ , ∞ , NaN 6 Thursday, 17 January 13

  7. The Pitfalls of FP I II III IV V 7 Thursday, 17 January 13

  8. Is this program correct? (We will ignore the case x=NaN) 8 Thursday, 17 January 13

  9. What does correctness mean? Three possible meanings: • Result is sufficiently close to the real number result • Result is sufficiently close to the sine function • The assertion cannot be violated 9 Thursday, 17 January 13

  10. How can we check correctness? Manual Abstract Interpretation Decision Procedures 10 Thursday, 17 January 13

  11. Requires experts, expensive, powerful Manual Abstract Interpretation Decision Procedures 11 Thursday, 17 January 13

  12. Abstract Interpretation Error states do not overlap Error abstract representation, hence program is safe Program traces Abstract representation • Instead of exploring all executions, explore a single abstract execution • Abstract execution contains all concrete executions! • Highly efficient and scalable, but imprecise Program is safe Program Abstract Interpreter ? 12 Thursday, 17 January 13

  13. Abstract Interpretation An abstract interpreter modularly uses Abstract Interpreter operations provided by an abstract domain. Domain Changing the domain changes the analysis. Example Signs domain Constants domain { + , − } ∪ { ? } { c | c ∈ FP } ∪ { ? } y = 5 y = + x = ? x = + z = ? z = + safe! Possibly unsafe 13 Thursday, 17 January 13

  14. Abstract Interpretation An abstract interpreter modularly uses Abstract Interpreter operations provided by an abstract domain. Domain Changing the domain changes the analysis. Example Interval Domain { [ l, u ] | l, u ∈ Int } x, y ∈ [min( Int ) , max( Int )] x, y ∈ [min( Int ) , − 1] x ∈ [5 , 5] , y ∈ [min( Int ) , max( Int )] x ∈ [min( Int ) , 5] , y ∈ [min( Int ) , max( Int )] 14 Thursday, 17 January 13

  15. Abstract Interpretation Floating Point Intervals { [ l, u ] | l, u ∈ FP } ∪ { ? } x ∈ [ − 1 . 570796 , 1 . 570796] result ∈ [ − 2 . 216760 , 2 . 216760] result ∈ [ − 2 . 296453 , 2 . 296453] result ∈ [ − 2 . 301135 , 2 . 301135] Potentially unsafe 15 Thursday, 17 January 13

  16. Astrée Abstract Interpreter • Mature abstract interpreter by Cousot et. al • Large number of domains • Sold and supported by Absint GmbH • Successful in proving correct large avionics control software: 100k lines of code in 1h -> highly scalable • Various domains for floating point analysis: Original traces Ellipses Octagons Intervals 16 Thursday, 17 January 13

  17. Abstract Domains for Floating Point • Abstract domains are typically formulated over the real or rational numbers • Numeric domains rely on mathematical properties such as associativity which do not hold over floating point numbers ( a + b ) + c = a + ( b + c ) • Solution (Mine 2004): Interpret operations over floating point numbers as real number operations + error terms 17 Thursday, 17 January 13

  18. Imprecision in Abstract Interpretation • The efficiency of abstract interpreters comes at the cost of precision. Imprecision is accumulated from three sources: • Statements y ∈ [ − 25 , 25] x ∈ [ − 5 , 5] x ∈ [0 , 1] x, y ∈ [0 , 1] • Control-flow x ∈ [ − 1 , 1] • Loops x ∈ [100001 , max( Int )] x, y ∈ [1 , 1] y ∈ [min( Int ) , max( Int )] 18 Thursday, 17 January 13

  19. Imprecision in Abstract Interpretation • For efficiency reasons, most numeric abstract domains are convex ✓ ◆ Original traces Ellipses Octagons Intervals ∪ ˆ u 2 x ∪ ˆ ˆ y 6 − 2 2 − 2 Zonotope Convex polyhedra 19 Thursday, 17 January 13

  20. Imprecision in Abstract Interpretation What if convex abstractions are too weak? Error Error Very common scenario 20 Thursday, 17 January 13

  21. Abstract Interpretation Conclusion: • Very scalable • Imprecise • Precise results require experts and research effort • Expert created domains are moderately reusable • Feasible for programs with homogenous structure and behaviour (success in avionics) 21 Thursday, 17 January 13

  22. References Floating point abstract domains A. Chapoutot. Interval slopes as a numerical abstract domain for floating-point variables. SAS 2010 L. Chen, A. Miné and P . Cousot. A sound floating-point polyhedra abstract domain. APLAS 2008 A. Miné. Relational abstract domains for the detection of floating-point run-time errors. ESOP 2004 L. Chen, A. Miné, J. Wang and P . Cousot. An abstract domain to discover interval Linear Equalities. VMCAI 2010 L. Chen, A. Miné, J. Wang and P . Cousot. Interval polyhedra: An Abstract Domain to Infer Interval Linear Relationships. SAS 2009 K. Ghorbal, E. Goubault and S. Putot. The zonotope abstract domain Taylor1. CAV 2009 B. Jeannet, and A. Miné. Apron: A library of numerical abstract domains for static analysis. CAV 2009 D. Monniaux. Compositional analysis of floating-point linear numerical filters. CAV 2005 J. Feret. Static analysis of digital filters. ESOP 2004 F. Alegre, E. Feron and S. Pande. Using ellipsoidal domains to analyze control systems software. CoRR 2009 E. Goubault and S. Putot. Weakly relational domains for floating-point computation analysis. NSAD 2005 E. Goubault. Static analyses of the precision of floating-point operations. SAS 2001 22 Thursday, 17 January 13

  23. References Industrial Case Studies E. Goubault, S. Putot, P . Baufreton, J. Gassino. Static analysis of the accuracy in control systems: principles and experiments. FMICS 2007 D. Delmas, E. Goubault, S. Putot, J. Souyris, K. Tekkal, F. Védrine. Towards an industrial use of FLUCTUAT on safety-critical avionics software. FMICS 2009 J. Souyris and D. Delmas. Experimental assessment of Astrée on safety-critical avionics software. SAFECOMP 2007 J. Souyris. Industrial experience of abstract interpretation-based static analyzers. IFIP 2004 P . Cousot. Proving the absence of run-time errors in safety-critical avionics code. EMSOFT 2007 FP Static Analysers B. Blanchet, P . Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux and X. Rival. A static analyzer for large safety- critical software. SIGPLAN 38(5), 2003 P . Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux and Xavier Rival. The ASTREÉ analyzer. ESOP 2005 E. Goubault, M. Martel and S. Putot. Asserting the precision of floating-point computations: a simple abstract interpreter. ESOP 2002 23 Thursday, 17 January 13

  24. Requires experts, expensive, powerful Manual Abstract Interpretation Decision Procedures Scalable and efficient. Precise analysis requires experts 24 Thursday, 17 January 13

  25. Decision Procedures • Precisely explore a large set of program traces • For efficiency, represent problem symbolically as satisfiability of a logical formula Error Program traces Program is safe exactly if isTrace ( t ) ∧ error ( t ) is satisfied by some t 25 Thursday, 17 January 13

  26. Propositional SAT Propositional formula: ϕ = ( a ∨ ¬ b ) ∧ ( ¬ a ∨ b ) ∧ ¬ b Is there an assignment to a,b that makes the formula true? 1 0 0 s 1 0 s 1 s 2 0 0 0 2 0 0 1 2 0 0 2 2 0 0 3 2 0 0 4 2 0 0 5 2 0 0 6 2 0 0 7 Decrease in SAT solving time for SAT algorithms 2000-2007 26 Thursday, 17 January 13

  27. Why are SAT solvers so efficient Probe for solution Learn from failure failure • SAT solvers learn from failure • SAT solvers spot relevance 27 Thursday, 17 January 13

  28. Decision Procedures Example c → ( r = a/ 32 b ) ∧ ¬ c → ( r = a ∗ 32 b ) a > 0 ∧ b > 0 ∧ r < 0 ∧ Can be translated to propositional logic using divider and multiplier circuits a, b 7! 123456789 The formula evaluates to true r 7! � 1757895751 under the following assignment: c 7! false Counterexample! 28 Thursday, 17 January 13

  29. Bounded Model Checking Loops require unrolling before translation If the loop does not have a known fixed bound, the result is unrolled up to a chosen depth. 29 Thursday, 17 January 13

  30. Bounded Model Checking Unsatisfiable ? Decision Procedure Program has bug, counter-example is returned Satisfiable 30 Thursday, 17 January 13

  31. FP support in CBMC (2008) • CBMC implements bit-precise reasoning over floating-point numbers using a propositional encoding • Uses IEEE-754 semantics with support various rounding-modes • Allows proofs of complex, bit-level properties Thursday, 17 January 13

Recommend

Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

ECE 0142 Computer Organization Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur floating-point programming. Floating point greatly simplifies working with large (e.g., 2 70 ) and small (e.g., 2 -17 )

638 views • 30 slides
Towards SMT-Style Reasoning about Floating-Point Arithmetic Aleksandar Zelji c Uppsala

Towards SMT-Style Reasoning about Floating-Point Arithmetic Aleksandar Zelji c Uppsala

Towards SMT-Style Reasoning about Floating-Point Arithmetic Aleksandar Zelji c Uppsala University Philipp Rmmer Christoph Wintersteiger Uppsala University MSR Cambridge Workshop Progress in Decision Procedures Belgrade March 30 th 2013

546 views • 9 slides
Floating point How arithmetic operations mathematics involving floating point numbers

Floating point How arithmetic operations mathematics involving floating point numbers

Numerical and Scientific Computing with Applications David F . Gleich CS 314, Purdue September 7, 2016 In this class: Floating point How arithmetic operations mathematics involving floating point numbers work. Next class IEEE

812 views • 11 slides
Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary

Principles Of Digital Design Discussion: Arithmetic Binary Arithmetic Floating-Point Arithmetic Binary Arithmetic Same basic methodology as decimal arithmetic Important to know number representation Unsigned Signed

704 views • 11 slides
Catastrophic cancellation: the pitfalls of floating point arithmetic (and how to avoid them!)

Catastrophic cancellation: the pitfalls of floating point arithmetic (and how to avoid them!)

Catastrophic cancellation: the pitfalls of floating point arithmetic (and how to avoid them!) Graham Markall Quantitative Developer, OpenGamma Intro/Disclaimers Aims: Get a rough feel of how floating point works Know when to

570 views • 40 slides
Exploiting Community Structure for Floating-Point Precision Tuning Hui Guo Cindy Rubio-Gonzlez

Exploiting Community Structure for Floating-Point Precision Tuning Hui Guo Cindy Rubio-Gonzlez

Exploiting Community Structure for Floating-Point Precision Tuning Hui Guo Cindy Rubio-Gonzlez ISSTA18 Amsterdam, Netherlands, July 2018 Background Floating-point (FP) arithmetic used in many domains Reasoning about FP programs

573 views • 26 slides
ECS 231 Computer Arithmetic 1 / 27 Outline Floating-point numbers and representations 1

ECS 231 Computer Arithmetic 1 / 27 Outline Floating-point numbers and representations 1

ECS 231 Computer Arithmetic 1 / 27 Outline Floating-point numbers and representations 1 Floating-point arithmetic 2 Floating-point error analysis 3 Further reading 4 2 / 27 Outline Floating-point numbers and representations 1

438 views • 27 slides
Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com

Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com

Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com JNAO 2nd June 2006 0 Overview Computer arithmetic bugs Formal verification and theorem proving Floating-point arithmetic Square

843 views • 37 slides
Elements of Floating-point Arithmetic Sanzheng Qiao Department of Computing and Software

Elements of Floating-point Arithmetic Sanzheng Qiao Department of Computing and Software

Floating-point Numbers Sources of Errors Stability of an Algorithm Sensitiviy of a Problem Fallacies Summary Elements of Floating-point Arithmetic Sanzheng Qiao Department of Computing and Software McMaster University September, 2011

1.62k views • 140 slides
Elements of Floating-point Arithmetic Sanzheng Qiao Department of Computing and Software

Elements of Floating-point Arithmetic Sanzheng Qiao Department of Computing and Software

Floating-point Numbers Sources of Errors Stability of an Algorithm Sensitivity of a Problem Fallacies Summary Elements of Floating-point Arithmetic Sanzheng Qiao Department of Computing and Software McMaster University July, 2012

748 views • 59 slides
Some Basics Use integer arithmetic as much as possible. When using floating-point

Some Basics Use integer arithmetic as much as possible. When using floating-point

CPSC 3200 Practical Problem Solving University of Lethbridge Some Basics Use integer arithmetic as much as possible. When using floating-point variables, compare by fabs(a-b) &lt; EPS . Use some small EPS (e.g. 1e-8 ).

442 views • 16 slides
A Machine-Checked Theory of Floating Point Arithmetic John Harrison Intel Corporation, EY2-03

A Machine-Checked Theory of Floating Point Arithmetic John Harrison Intel Corporation, EY2-03

A Machine-Checked Theory of Floating Point Arithmetic 1 A Machine-Checked Theory of Floating Point Arithmetic John Harrison Intel Corporation, EY2-03 Introduction to IA-64 and HOL Light Floating point formats Ulps Rounding

254 views • 13 slides
ECON 950 Winter 2020 Prof. James MacKinnon 13. Floating-Point Arithmetic Estimates and test

ECON 950 Winter 2020 Prof. James MacKinnon 13. Floating-Point Arithmetic Estimates and test

ECON 950 Winter 2020 Prof. James MacKinnon 13. Floating-Point Arithmetic Estimates and test statistics are rarely integers. Therefore, any computer program for econometrics will need to use floating-point arithmetic. The rules of

502 views • 21 slides
An Automatable Formal Semantics for IEEE-754 Floating-Point Arithmetic Martin Brain , Cesare

An Automatable Formal Semantics for IEEE-754 Floating-Point Arithmetic Martin Brain , Cesare

SMT SMT-LIB Theory of Floating-Point Conclusions An Automatable Formal Semantics for IEEE-754 Floating-Point Arithmetic Martin Brain , Cesare Tinelli, Philipp R ummer, Thomas Wahl (and the rest of the SMT community) University of Oxford

543 views • 29 slides
On the maximum relative error when computing x n in floating-point arithmetic Jean-Michel Muller

On the maximum relative error when computing x n in floating-point arithmetic Jean-Michel Muller

On the maximum relative error when computing x n in floating-point arithmetic Jean-Michel Muller Joint work with S. Graillat and V. Lefvre INVA 2014 Thank you! Floating-Point numbers, roundings Precision- p binary FP number (set F p ):

792 views • 42 slides
Beyond Floating Point: Next-Generation Computer Arithmetic John L. Gustafson Professor, A*STAR

Beyond Floating Point: Next-Generation Computer Arithmetic John L. Gustafson Professor, A*STAR

Beyond Floating Point: Next-Generation Computer Arithmetic John L. Gustafson Professor, A*STAR and National University of Singapore Why worry about floating-point? Find the scalar product a b : a = (3.2e7, 1, 1, 8.0e7) b = (4.0e7, 1,

628 views • 46 slides
AM P A R CudA Multiple Precision ARithmetic librarY Floating point arithmetics A real

AM P A R CudA Multiple Precision ARithmetic librarY Floating point arithmetics A real

Tight and rigorous error bounds for basic building blocks of double-word arithmetic Mioara Joldes, Jean-Michel Muller, Valentina Popescu JNCF - January 2017 AM P A R CudA Multiple Precision ARithmetic librarY Floating point arithmetics

662 views • 37 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
ONT with Extending T EX and Floating-Point Arithmetic Nelson H. F. Beebe Department of

ONT with Extending T EX and Floating-Point Arithmetic Nelson H. F. Beebe Department of

MET AF ONT with Extending T EX and Floating-Point Arithmetic Nelson H. F. Beebe Department of Mathematics University of Utah Salt Lake City, UT 84112-0090 USA T EX Users Group Conference 2007 talk... p. 1/33 Dedication MET Professor

596 views • 33 slides
DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units

DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units

DLX Floating Point Extend MIPS Pipeline to Floating Point Operations Functional units more complex than simple integer ALU Require several clock cycles for a FP arithmetic operation Add: 4 cycles, Multiply: 7 cycles, Divide: 25

377 views • 22 slides
EX and Professor William Kahan (Berkeley) Extending T EX and Floating-Point Arithmetic AF

EX and Professor William Kahan (Berkeley) Extending T EX and Floating-Point Arithmetic AF

Dedication MET Professor Donald Knuth (Stanford) MET AF ONT with EX and Professor William Kahan (Berkeley) Extending T EX and Floating-Point Arithmetic AF Nelson H. F. Beebe ONT Department of Mathematics T University of Utah Salt Lake

624 views • 8 slides
Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th May 2006 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point arithmetic Division

1.14k views • 86 slides
Accurate Complex Multiplication in Floating-Point Arithmetic Vincent Lefvre Jean-Michel

Accurate Complex Multiplication in Floating-Point Arithmetic Vincent Lefvre Jean-Michel

Accurate Complex Multiplication in Floating-Point Arithmetic Vincent Lefvre Jean-Michel Muller. Universit de Lyon, CNRS, Inria, France. Arith26, Kyoto, June 2019 1 Accurate complex multiplication in FP arithmetic x , emphasis

401 views • 26 slides
Software Implementation of the IEEE 754R Decimal Floating- Point Arithmetic Using the Binary

Software Implementation of the IEEE 754R Decimal Floating- Point Arithmetic Using the Binary

Software Implementation of the IEEE 754R Decimal Floating- Point Arithmetic Using the Binary Encoding Format Marius Cornea, Cristina Anderson, John Harrison, Peter Tang, Eric Schneider, Evgeny Gvozdev, Charles Tsen June 25, 2007 ARITH18 1

172 views • 16 slides

More recommend