Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul - PowerPoint PPT Presentation

P ossible Alternatives • Exhaustive testing • feasible for 32-bit float: ~ 30 seconds (with 1 core for sinf ) • infeasible for 64-bit double: > 4000 years ( = 30 seconds × 2 32 ) • infeasible even for input range X = −1, 1 1 ∵ (# of doubles between −1 and 1 ) = 2 (# of all doubles) • Machine-checkable proofs • Harrison used transcendental functions are very accurate [ ] • construction of these proofs often requires considerable persistence 24

P ossible Alternatives • Exhaustive testing • feasible for 32-bit float: ~ 30 seconds (with 1 core for sinf ) • infeasible for 64-bit double: > 4000 years ( = 30 seconds × 2 32 ) • infeasible even for input range X = −1, 1 1 ∵ (# of doubles between −1 and 1 ) = 2 (# of all doubles) • Machine-checkable proofs • Harrison used transcendental functions are very accurate [ ] • construction of these proofs often requires considerable persistence. 27

P ossible Automatic Alternatives • If only floating-point operations are used, various automatic techniques can be applied • e.g., Astree , Fluctuat , ROSA , FPTaylor • Several commercial tools (e.g., Astree, Fluctuat) can handle certain bit-trick routines • We are unaware of a general technique for verifying mixed floating-point and bit-level code 28

P ossible Automatic Alternatives • If only floating-point operations are used, various automatic techniques can be applied • e.g., Astree , Fluctuat , ROSA , FPTaylor • Several commercial tools (e.g., Astree, Fluctuat) can handle certain bit-trick routines • We are unaware of a general technique for verifying mixed floating-point and bit-level code 29

Our Method 30

𝑓 𝑦 Explained 1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq 31

𝑓 𝑦 Explained 𝑦 1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 𝑂 = round 𝑦 ∙ log 2 𝑓 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq 32

𝑓 𝑦 Explained 𝑦 1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 𝑂 = round 𝑦 ∙ log 2 𝑓 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 2 𝑂 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq 33

𝑓 𝑦 Explained 𝑦 1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 𝑂 = round 𝑦 ∙ log 2 𝑓 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 2 𝑂 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 𝑠 = 𝑦 − 𝑂 ∙ ln 2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 12 𝑠 𝑗 13 vmulpd T12, %xmm1, %xmm2 𝑓 𝑠 ≈ ෍ 14 vaddpd T11, %xmm2, %xmm2 𝑗! ... 𝑗=0 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 𝑓 𝑦 = 𝑓 𝑂∙ln 2 ∙ 𝑓 𝑠 ≈ 2 𝑂 ∙ 𝑓 𝑠 38 retq 34

𝑓 𝑦 Explained 𝑦 1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 𝑂 = round 𝑦 ∙ log 2 𝑓 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 2 𝑂 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 𝑠 = 𝑦 − 𝑂 ∙ ln 2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 12 𝑠 𝑗 13 vmulpd T12, %xmm1, %xmm2 𝑓 𝑠 ≈ ෍ 14 vaddpd T11, %xmm2, %xmm2 𝑗! ... 𝑗=0 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 𝑓 𝑦 = 𝑓 𝑂∙ln 2 ∙ 𝑓 𝑠 ≈ 2 𝑂 ∙ 𝑓 𝑠 38 retq Find a small Θ > 0 such that Goal: 𝑓 𝑦 −2 𝑂 𝑓 𝑠 ≤ Θ for all 𝑦 ∈ 𝑌 𝑓 𝑦 35

1) Abstract Floating-P oint Operations • Assume only floating-point operations are used • 1 + 𝜗 property • A standard way to model rounding errors • For 64-bit doubles, 𝜗 = 2 −53 • This property has been used in previous automatic techniques (FPTaylor -point programs 36

1) Abstract Floating-P oint Operations • Assume only floating-point operations are used • 1 + 𝜗 property • A standard way to model rounding errors • For 64-bit doubles, 𝜗 = 2 −53 • This property has been used in previous automatic techniques (FPTaylor -point programs 37

1) Abstract Floating-P oint Operations • Assume only floating-point operations are used • 1 + 𝜗 property • A standard way to model rounding errors 𝑦 ⨂ f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗 • For 64-bit doubles, 𝜗 = 2 −53 • This property has been used in previous automatic techniques (FPTaylor -point programs 38

1) Abstract Floating-P oint Operations • Assume only floating-point operations are used • 1 + 𝜗 property • A standard way to model rounding errors 𝑦 ⨂ f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗 0 1 𝑦⨂𝑧 • For 64-bit doubles, 𝜗 = 2 −53 • This property has been used in previous automatic techniques (FPTaylor -point programs 39

1) Abstract Floating-P oint Operations • Assume only floating-point operations are used • 1 + 𝜗 property • A standard way to model rounding errors 𝑦 ⨂ f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗 0 1 𝑦⨂𝑧 • For 64-bit doubles, 𝜗 = 2 −53 • This property has been used in previous automatic techniques (FPTaylor -point programs 40

1) Abstract Floating-P oint Operations • Assume only floating-point operations are used • 1 + 𝜗 property • A standard way to model rounding errors 𝑦 ⨂ f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗 0 1 𝑦⨂𝑧 𝑦 ⨂ f 𝑧 • For 64-bit doubles, 𝜗 = 2 −53 • This property has been used in previous automatic techniques (FPTaylor -point programs 41

1) Abstract Floating-P oint Operations • Assume only floating-point operations are used • 1 + 𝜗 property • A standard way to model rounding errors 𝑦 ⨂ f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗 𝜗 0 1 𝑦⨂𝑧 𝑦 ⨂ f 𝑧 • For 64-bit doubles, 𝜗 = 2 −53 • This property has been used in previous automatic techniques (FPTaylor -point programs 42

1) Abstract Floating-P oint Operations • Assume only floating-point operations are used • 1 + 𝜗 property • A standard way to model rounding errors 𝑦 ⨂ f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗 𝜗 0 1 𝑦⨂𝑧 𝑦 ⨂ f 𝑧 • For 64-bit doubles, 𝜗 = 2 −53 • This property has been used in previous automatic techniques (FPTaylor -point programs 43

1) Abstract Floating-P oint Operations • Compute a symbolic abstraction 𝐵 𝜀 𝑦 of a program 𝑄 • Example: • F 𝐵 𝜀 𝑦 satisfies rom 1 + 𝜗 property, 𝑄 𝑦 ∈ 𝐵 𝜀 𝑦 ∶ 𝜀 𝑗 < 𝜗 for all 𝑦 • Example: 44

1) Abstract Floating-P oint Operations • Compute a symbolic abstraction 𝐵 𝜀 𝑦 of a program 𝑄 • Example: 𝑄 𝑦 = 2 × f 𝑦 1 + 𝜀 1 + f 3 1 + 𝜀 2 • F 𝐵 𝜀 𝑦 satisfies rom 1 + 𝜗 property, 𝑄 𝑦 ∈ 𝐵 𝜀 𝑦 ∶ 𝜀 𝑗 < 𝜗 for all 𝑦 • Example: 45

1) Abstract Floating-P oint Operations • Compute a symbolic abstraction 𝐵 𝜀 𝑦 of a program 𝑄 • Example: 𝐵 𝜀 𝑦 𝑄 𝑦 = 2 × f 𝑦 1 + 𝜀 1 + f 3 1 + 𝜀 2 • F 𝐵 𝜀 𝑦 satisfies rom 1 + 𝜗 property, 𝑄 𝑦 ∈ 𝐵 𝜀 𝑦 ∶ 𝜀 𝑗 < 𝜗 for all 𝑦 • Example: 46

1) Abstract Floating-P oint Operations • Compute a symbolic abstraction 𝐵 𝜀 𝑦 of a program 𝑄 • Example: 𝐵 𝜀 𝑦 𝑄 𝑦 = 2 × f 𝑦 × 1 + 𝜀 1 + f 3 + 1 + 𝜀 2 • F 𝐵 𝜀 𝑦 satisfies rom 1 + 𝜗 property, 𝑄 𝑦 ∈ 𝐵 𝜀 𝑦 ∶ 𝜀 𝑗 < 𝜗 for all 𝑦 • Example: 47

1) Abstract Floating-P oint Operations • Compute a symbolic abstraction 𝐵 𝜀 𝑦 of a program 𝑄 • Example: 𝐵 𝜀 𝑦 𝑄 𝑦 = 2 × f 𝑦 × 1 + 𝜀 1 + f 3 + 1 + 𝜀 2 • F 𝐵 𝜀 𝑦 satisfies rom 1 + 𝜗 property, 𝑄 𝑦 ∈ 𝐵 𝜀 𝑦 ∶ 𝜀 𝑗 < 𝜗 for all 𝑦 • Example: 𝑄 𝑦 = 2 × f 𝑦 1 + 𝜀 1 + f 3 1 + 𝜀 2 ∶ 𝜀 1 , 𝜀 2 < 𝜗 50

1) Abstract Floating-P oint Operations • Compute a symbolic abstraction 𝐵 𝜀 𝑦 of a program 𝑄 • Example: 𝐵 𝜀 𝑦 𝑄 𝑦 = 2 × f 𝑦 × 1 + 𝜀 1 + + f 3 1 + 𝜀 2 • F 𝐵 𝜀 𝑦 satisfies rom 1 + 𝜗 property, 𝑄 𝑦 ∈ 𝐵 𝜀 𝑦 ∶ 𝜀 𝑗 < 𝜗 for all 𝑦 • Example: { } 𝑄 𝑦 = 2 × f 𝑦 × 1 + 𝜀 1 + f 3 + 1 + 𝜀 2 ∶ 𝜀 1 , 𝜀 2 < 𝜗 51

1) Abstract Floating-P oint Operations • Compute a symbolic abstraction 𝐵 𝜀 𝑦 of a program 𝑄 • Example: 𝐵 𝜀 𝑦 𝑄 𝑦 = 2 × f 𝑦 × 1 + 𝜀 1 + + f 3 1 + 𝜀 2 • F 𝐵 𝜀 𝑦 satisfies rom 1 + 𝜗 property, 𝑄 𝑦 ∈ 𝐵 𝜀 𝑦 ∶ 𝜀 𝑗 < 𝜗 for all 𝑦 • Example: { } 𝑄 𝑦 = ∈ 2 × f 𝑦 × 1 + 𝜀 1 + f 3 + 1 + 𝜀 2 ∶ 𝜀 1 , 𝜀 2 < 𝜗 52

Our Method: Overview 𝑄(𝑦) −1 1 𝑌 ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 53

Our Method: Overview 𝑄(𝑦) hard to find −1 1 𝑌 ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 56

Our Method: Overview 𝑄(𝑦) hard to find −1 1 𝑌 n ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... abstract using 57

Our Method: Overview 𝑄(𝑦) hard to find −1 1 𝑌 𝐽 1 𝐽 2 𝐽 𝑜 n ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... abstract using 58

Our Method: Overview 𝑄(𝑦) hard to find −1 1 𝑌 𝐽 1 𝐽 2 𝐽 𝑜 n ... ... vpslld $20, ... vpslld $20, ... vpshufd $114, ... vpshufd $114, ... vmulpd C1, ... vmulpd C1, ... ... vmulpd C2, ... vmulpd C2, ... ... vpslld $20, ... ... ... vpslld $20, ... vpshufd $114, ... vpshufd $114, ... vmulpd C1, ... vmulpd C1, ... abstract using vmulpd C2, ... vmulpd C2, ... ... ... 59

Our Method: Overview 𝑄(𝑦) hard to find −1 1 𝑌 𝐽 1 𝐽 2 𝐽 𝑜 n ... ... 1 vpslld $20, ... vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 3 vmulpd C1, ... vmulpd C1, ... ... vmulpd C2, ... vmulpd C2, ... ... vpslld $20, ... ... ... 𝒐 vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 𝟑𝒐 + 𝟐 vmulpd C1, ... vmulpd C1, ... abstract using vmulpd C2, ... vmulpd C2, ... ... partial evaluation ... of bit-level operations 60

Our Method: Overview 𝑄(𝑦) hard to find −1 1 𝑌 𝐽 1 𝐽 2 𝐽 𝑜 n ... ... 1 vpslld $20, ... vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 3 vmulpd C1, ... vmulpd C1, ... ... vmulpd C2, ... vmulpd C2, ... ... vpslld $20, ... ... ... 𝒐 vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 𝟑𝒐 + 𝟐 vmulpd C1, ... only floating-point vmulpd C1, ... abstract using vmulpd C2, ... vmulpd C2, ... ... operations partial evaluation ... of bit-level operations 61

Our Method: Overview 𝑄(𝑦) 𝐵 2,𝜀 (𝑦) 𝐵 1,𝜀 (𝑦) hard to find 𝐵 𝑜,𝜀 (𝑦) −1 1 𝑌 𝐽 1 𝐽 2 𝐽 𝑜 n ... ... 1 vpslld $20, ... vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 3 vmulpd C1, ... vmulpd C1, ... ... vmulpd C2, ... vmulpd C2, ... ... vpslld $20, ... ... ... 𝒐 vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 𝟑𝒐 + 𝟐 vmulpd C1, ... only floating-point vmulpd C1, ... abstract using vmulpd C2, ... vmulpd C2, ... ... operations partial evaluation ... of bit-level operations 62

Our Method: Overview 𝐵 2,𝜀 (𝑦) 𝐵 1,𝜀 (𝑦) 𝐵 𝑜,𝜀 (𝑦) 𝐽 1 𝐽 2 𝐽 𝑜 ... 1 vpslld $20, ... vpshufd $114, ... 3 vmulpd C1, ... ... vmulpd C2, ... ... vpslld $20, ... ... 𝒐 vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 𝟑𝒐 + 𝟐 vmulpd C1, ... vmulpd C1, ... vmulpd C2, ... vmulpd C2, ... ... partial evaluation ... of bit-level operations 63

Our Method: Overview 𝐵 2,𝜀 (𝑦) 𝐵 1,𝜀 (𝑦) 𝐵 𝑜,𝜀 (𝑦) 𝑔 𝑦 − 𝐵 𝑜,𝜀 𝑦 𝑔 𝑦 − 𝐵 1,𝜀 𝑦 𝑔(𝑦) 𝑔(𝑦) 𝐽 1 𝐽 2 𝐽 𝑜 𝐽 1 𝐽 2 𝐽 𝑜 ... 1 vpslld $20, ... vpshufd $114, ... 3 vmulpd C1, ... ... vmulpd C2, ... ... vpslld $20, ... ... 𝒐 vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 𝟑𝒐 + 𝟐 vmulpd C1, ... vmulpd C1, ... vmulpd C2, ... vmulpd C2, ... ... partial evaluation ... of bit-level operations 64

Our Method: Overview 𝐵 2,𝜀 (𝑦) 𝐵 1,𝜀 (𝑦) solve optimization problems 𝐵 𝑜,𝜀 (𝑦) 𝑔 𝑦 − 𝐵 𝑜,𝜀 𝑦 𝑔 𝑦 − 𝐵 1,𝜀 𝑦 max 𝑔(𝑦) max 𝑔(𝑦) 𝐽 1 𝐽 2 𝐽 𝑜 𝐽 1 𝐽 2 𝐽 𝑜 ... 1 vpslld $20, ... vpshufd $114, ... 3 vmulpd C1, ... ... vmulpd C2, ... ... vpslld $20, ... ... 𝒐 vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 𝟑𝒐 + 𝟐 vmulpd C1, ... vmulpd C1, ... vmulpd C2, ... vmulpd C2, ... ... partial evaluation ... of bit-level operations 65

Our Method: Overview 𝐵 2,𝜀 (𝑦) 𝐵 1,𝜀 (𝑦) solve optimization problems 𝐵 𝑜,𝜀 (𝑦) 𝑔 𝑦 − 𝐵 𝑜,𝜀 𝑦 𝑔 𝑦 − 𝐵 1,𝜀 𝑦 max 𝑔(𝑦) max 𝑔(𝑦) 𝐽 1 𝐽 2 𝐽 𝑜 𝐽 1 𝐽 2 𝐽 𝑜 ... 1 vpslld $20, ... answer! vpshufd $114, ... 3 vmulpd C1, ... ... vmulpd C2, ... ... vpslld $20, ... ... 𝒐 vpslld $20, ... vpshufd $114, ... vpshufd $114, ... 𝟑𝒐 + 𝟐 vmulpd C1, ... vmulpd C1, ... vmulpd C2, ... vmulpd C2, ... ... partial evaluation ... of bit-level operations 66

2) Divide the Input Range • Assume bit-level operations are used as well • To handle bit-level operations, divide 𝑌 into intervals 𝐽 𝑙 , on each 𝐽 𝑙 , so that, we can statically know the result of each bit-level operation • Example: 67

2) Divide the Input Range • Assume bit-level operations are used as well • To handle bit-level operations, divide 𝑌 into intervals 𝐽 𝑙 , on each 𝐽 𝑙 , so that, we can statically know the result of each bit-level operation • Example: 68

2) Divide the Input Range • Assume bit-level operations are used as well • To handle bit-level operations, divide 𝑌 into intervals 𝐽 𝑙 , on each 𝐽 𝑙 , so that, we can statically know the result of each bit-level operation −1 𝑌 1 • Example: input x y ← x × f C (C = 0x3ff71547652b82fe) N ← round(y) z ← int(N) + i 0x3ff w ← z << 52 ... 69

2) Divide the Input Range • Assume bit-level operations are used as well • To handle bit-level operations, divide 𝑌 into intervals 𝐽 𝑙 , on each 𝐽 𝑙 , so that, we can statically know the result of each bit-level operation −1 𝑌 1 • Example: 𝐽 −1 𝐽 0 𝐽 1 input x y ← x × f C (C = 0x3ff71547652b82fe) N ← round(y) z ← int(N) + i 0x3ff w ← z << 52 ... 70

2) Divide the Input Range • Assume bit-level operations are used as well • To handle bit-level operations, divide 𝑌 into intervals 𝐽 𝑙 , on each 𝐽 𝑙 , so that, we can statically know the result of each bit-level operation −1 −1 𝑌 𝑌 1 1 • Example: 𝐽 −1 𝐽 −1 𝐽 0 𝐽 0 𝐽 1 𝐽 1 input x y ← x × f C (C = 0x3ff71547652b82fe) N ← round(y) z ← int(N) + i 0x3ff w ← z << 52 ... 71

2) Divide the Input Range • Assume bit-level operations are used as well • To handle bit-level operations, divide 𝑌 into intervals 𝐽 𝑙 , on each 𝐽 𝑙 , so that, we can statically know the result of each bit-level operation −1 −1 𝑌 𝑌 1 1 • Example: 𝐽 −1 𝐽 −1 𝐽 0 𝐽 0 𝐽 1 𝐽 1 input x y ← x × f C (C = 0x3ff71547652b82fe) N ← round(y) −1 z ← int(N) + i 0x3ff w ← z << 52 ... 72

2) Divide the Input Range • Assume bit-level operations are used as well • To handle bit-level operations, divide 𝑌 into intervals 𝐽 𝑙 , on each 𝐽 𝑙 , so that, we can statically know the result of each bit-level operation −1 −1 𝑌 𝑌 1 1 • Example: 𝐽 −1 𝐽 −1 𝐽 0 𝐽 0 𝐽 1 𝐽 1 input x input x y ← x × f C y ← x × f C (C = 0x3ff71547652b82fe) (C = 0x3ff71547652b82fe) N ← round(y) partial evaluation N ← −1 −1 z ← int(N) + i 0x3ff z ← 1022 w ← z << 52 w ← 0.5 ... ... 73

2) Divide the Input Range • Assume bit-level operations are used as well • To handle bit-level operations, divide 𝑌 into intervals 𝐽 𝑙 , on each 𝐽 𝑙 , so that, we can statically know the result of each bit-level operation −1 −1 𝑌 𝑌 1 1 • Example: 𝐽 −1 𝐽 −1 𝐽 0 𝐽 0 𝐽 1 𝐽 1 input x input x y ← x × f C y ← x × f C (C = 0x3ff71547652b82fe) (C = 0x3ff71547652b82fe) N ← round(y) partial evaluation N ← −1 −1 z ← int(N) + i 0x3ff z ← 1022 Only floating-point operations are left w ← z << 52 w ← 0.5 ... ... → Can compute 𝐵 𝜀 𝑦 on each 𝐽 𝑙 74

2) Divide the Input Range • How to find such intervals? • Use symbolic abstractions • Example: • 𝑂 = round 𝑦 × f C • (symbolic abstraction of 𝑦 × f C ) = 𝑦 × C 1 + 𝜀 • Let 𝐽 𝑙 = largest interval contained in 𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5 • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽 𝑙 75

2) Divide the Input Range • How to find such intervals? −1 𝑌 1 • Use symbolic abstractions 𝐽 −1 𝐽 0 𝐽 1 • Example: • 𝑂 = round 𝑦 × f C • (symbolic abstraction of 𝑦 × f C ) = 𝑦 × C 1 + 𝜀 • Let 𝐽 𝑙 = largest interval contained in 𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5 • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽 𝑙 76

2) Divide the Input Range • How to find such intervals? −1 𝑌 1 • Use symbolic abstractions 𝐽 −1 𝐽 0 𝐽 1 𝑂 = −1 𝑂 = 0 𝑂 = 1 • Example: • 𝑂 = round 𝑦 × f C • (symbolic abstraction of 𝑦 × f C ) = 𝑦 × C 1 + 𝜀 • Let 𝐽 𝑙 = largest interval contained in 𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5 • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽 𝑙 77

2) Divide the Input Range • How to find such intervals? −1 𝑌 1 • Use symbolic abstractions 𝐽 −1 𝐽 0 𝐽 1 𝑂 = −1 𝑂 = 0 𝑂 = 1 • Example: • 𝑂 = round 𝑦 × f C • (symbolic abstraction of 𝑦 × f C ) = 𝑦 × C 1 + 𝜀 𝑦 × f C 𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 • Let 𝐽 𝑙 = largest interval contained in 𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5 • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽 𝑙 81

2) Divide the Input Range • How to find such intervals? −1 𝑌 1 • Use symbolic abstractions 𝐽 −1 𝐽 0 𝐽 1 𝑂 = −1 𝑂 = 0 𝑂 = 1 • Example: • 𝑂 = round 𝑦 × f C • (symbolic abstraction of 𝑦 × f C ) = 𝑦 × C 1 + 𝜀 𝑦 × f C 𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑙 − 0.5 𝑙 + 0.5 • Let 𝐽 𝑙 = largest interval contained in 𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5 • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽 𝑙 82

2) Divide the Input Range • How to find such intervals? −1 𝑌 1 • Use symbolic abstractions 𝐽 −1 𝐽 0 𝐽 1 𝑂 = −1 𝑂 = 0 𝑂 = 1 • Example: • 𝑂 = round 𝑦 × f C • (symbolic abstraction of 𝑦 × f C ) = 𝑦 × C 1 + 𝜀 𝑦 × f C 𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑂 = 𝑙 𝑙 − 0.5 𝑙 + 0.5 • Let 𝐽 𝑙 = largest interval contained in 𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5 • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽 𝑙 83

3) Compute a Bound on Precision Loss • Precision loss on each interval 𝐽 𝑙 • Let 𝐵 𝜀 𝑦 be a symbolic abstraction on 𝐽 𝑙 • Analytical optimization: 𝑓 𝑦 −𝐵 𝜀 𝑦 max 𝑓 𝑦 𝑦∈𝐽 𝑙 , |𝜀 𝑗 |<𝜗 • Use Mathematica to solve optimization problems analytically 86

3) Compute a Bound on Precision Loss • Precision loss on each interval 𝐽 𝑙 • Let 𝐵 𝜀 𝑦 be a symbolic abstraction on 𝐽 𝑙 • Analytical optimization: 𝑓 𝑦 −𝐵 𝜀 𝑦 max 𝑓 𝑦 𝑦∈𝐽 𝑙 , |𝜀 𝑗 |<𝜗 • Use Mathematica to solve optimization problems analytically 87

Are We Done? • No. The constructed intervals do not cover 𝑌 in general • Because we made sound approximations −1 input range 𝑌 1 𝐽 −1 𝐽 0 𝐽 1 88

Are We Done? • No. The constructed intervals do not cover 𝑌 in general • Because we made sound approximations −1 input range 𝑌 1 floating-point numbers 𝐽 −1 𝐽 0 𝐽 1 89

Are We Done? • No. The constructed intervals do not cover 𝑌 in general • Because we made sound approximations −1 input range 𝑌 1 floating-point numbers 𝐽 −1 𝐽 0 𝐽 1 between intervals 90

Are We Done? • No. The constructed intervals do not cover 𝑌 in general • Because we made sound approximations −1 input range 𝑌 1 floating-point numbers 𝐽 −1 𝐽 0 𝐽 1 between intervals 91

Are We Done? • Example: 𝑂 = round 𝑦 × f 𝐷 abstraction of 𝑦 × f 𝐷 : 0 1 0.5 1 For 𝑦 = 𝑂 would be 0 or 1 2𝐷 , • Let 𝐼 = {floating- • We observe that |𝐼| is small in experiment 92

Are We Done? • Example: 𝑂 = round 𝑦 × f 𝐷 abstraction of 𝑦 × f 𝐷 : 0 1 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(3𝐷) 0.5 1 For 𝑦 = 𝑂 would be 0 or 1 2𝐷 , • Let 𝐼 = {floating- • We observe that |𝐼| is small in experiment 93

Are We Done? • Example: 𝑂 = round 𝑦 × f 𝐷 abstraction of 𝑦 × f 𝐷 : 0 1 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(3𝐷) 𝑂 = 0 0.5 𝑂 = 1 1 For 𝑦 = 𝑂 would be 0 or 1 2𝐷 , • Let 𝐼 = {floating- • We observe that |𝐼| is small in experiment 94

Are We Done? • Example: 𝑂 = round 𝑦 × f 𝐷 abstraction of 𝑦 × f 𝐷 : 0 1 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(3𝐷) 𝑦 = 1/(2𝐷) 𝑂 = 0 0.5 𝑂 = 1 1 For 𝑦 = 𝑂 would be 0 or 1 2𝐷 , • Let 𝐼 = {floating- • We observe that |𝐼| is small in experiment 95

Are We Done? • Example: 𝑂 = round 𝑦 × f 𝐷 𝑦 × f 𝐷 abstraction of 𝑦 × f 𝐷 : ? ? ? ? ? ? 0 1 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(3𝐷) 𝑦 = 1/(2𝐷) 𝑂 = 0 0.5 𝑂 = 1 1 For 𝑦 = 𝑂 would be 0 or 1 2𝐷 , • Let 𝐼 = {floating- • We observe that |𝐼| is small in experiment 96

3) Compute a Bound on Precision Loss • Precision loss on each interval 𝐽 𝑙 • Let 𝐵 𝜀 𝑦 be a symbolic abstraction on 𝐽 𝑙 • Analytical optimization: 𝑓 𝑦 −𝐵 𝜀 𝑦 max 𝑓 𝑦 𝑦∈𝐽 𝑙 , |𝜀 𝑗 |<𝜗 • Use Mathematica to solve optimization problems analytically • Precision loss on 𝐼 • For each 𝑦 ∈ 𝐼 , obtain 𝑄 𝑦 by executing the binary • Brute force: 𝑓 𝑦 −𝑄 𝑦 max 𝑓 𝑦 𝑦∈𝐼 • Use Mathematica to compute 𝑓 𝑦 and precision loss exactly 99

3) Compute a Bound on Precision Loss • Precision loss on each interval 𝐽 𝑙 • Let 𝐵 𝜀 𝑦 be a symbolic abstraction on 𝐽 𝑙 • Analytical optimization: take maximum 𝑓 𝑦 −𝐵 𝜀 𝑦 → answer! max 𝑓 𝑦 𝑦∈𝐽 𝑙 , |𝜀 𝑗 |<𝜗 • Use Mathematica to solve optimization problems analytically • Precision loss on 𝐼 • For each 𝑦 ∈ 𝐼 , obtain 𝑄 𝑦 by executing the binary • Brute force: 𝑓 𝑦 −𝑄 𝑦 max 𝑓 𝑦 𝑦∈𝐼 • Use Mathematica to compute 𝑓 𝑦 and precision loss exactly 100

Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul - PowerPoint PPT Presentation

Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken Stanford University PLDI 2016 This Talk Example: mathematical specification Goal: Bound the difference between spec and implementation

Bit manipulations Operate on the bits of integers (0,...,31 for 4-byte integer) Single-bit

Self- -Verifying Verifying Self Self-Verifying * * Dining Philosophers Dining Philosophers

Listing Bit Strings List all bit strings of length 3. Listing Bit Strings List all bit strings

Lecture 13 : Lecture 13 : Special Bit Instructions Todays Goals L Learn bit-set and

Bit Basics Eric McCreath Bit Basics A bit (Binary digIT) is single unit of binary storage. A bit

https://bit.ly/3pptcRS 3 4 https://bit.ly/2UiBgWq Vase Face Face https://bit.ly/3luge2Q

Bit Manipulations Comp 1402/1002 Octal and Hex Constants Octal constant Nos. : Preceeded by 0

Low level programming in Ada95 Useful type declarations Bit manipulations and conversions

Verifying Test Hypotheses - HOL/TestGen An Experiment in Test and Proof Thomas Malcher January

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Overview Verifying Continuous-Time Markov Chains Negative exponential distributions 1 Lecture

Overview Motivation Verifying Continuous-Time Markov Chains 1 Lecture 1+2: Discrete-Time Markov

Verifying Trigonometric Identities A trigonometric identity is simply an identity involving

The MIPS instruction set architecture The MIPS has a 32 bit architecture, with 32 bit

Bit Basics A bit (Binary digIT) is single unit of binary storage. A bit is normally group with

Towards a Formal Semantics for FHM: Part 2 Joey Capper and Henrik Nilsson School of Computer

Normalization by Evaluation for Martin-Lf Type Theory with One Universe Peter Dybjer,

Symbolic Evaluation/Execution Todays Reading Material L. A. Clarke and D. J. Richardson,

Occam : Automated Software Winnowing Gregory Malecha 1 Ashish Gehani 2 Natarajan Shankar 2 1

Fold-Based Fusion as a Library A Generative Programming Pearl Manohar Jonnalagedda, Sandro

December 5, 2019 Zach Tatlock OctoML Lets Get in the Wayback Machine 2018 Lets Get in

On the Operational Meaning of the Bar Construction ...with an application to Probability Paolo

Programming with Boolean Satisfaction Michael Codish Department of Computer Science Ben Gurion

Sambuz

Useful Links

Newsletter

Mail Us