Skip to main content
SpringerLink
Log in
Book cover

International Conference on Verification, Model Checking, and Abstract Interpretation

VMCAI 2014: Verification, Model Checking, and Abstract Interpretation pp 337–356Cite as

Practical Floating-Point Tests with Integer Code

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 8318))

Abstract

Testing integer software with symbolic execution is wellestablished but floating-point remains a specialty feature. Modern symbolic floating-point tactics include concretization, lexical analysis, floating-point solvers, and intricate theories, but mostly ignore the default integer-only capabilities. If a symbolic executor is already highperformance, then software-emulation, common to integer-only machines, becomes a compelling choice for symbolic floating-point.

We propose a software floating-point emulation extension for symbolic execution of binary programs. First, supporting a soft floating-point library requires little effort, so multiple models are cheap; our executor has five distinct open source soft floating-point code bases. For integrity, test cases from symbolic execution of library code itself are hardware validated; mismatches with hardware appear in every tested library, a justin- time compiler, a machine decoder, and several floating-point solvers. In practice, the executor finds program faults involving floating-point in hundreds of Linux binaries.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alglave, J., Donaldson, A.F., Kroening, D., Tautschnig, M.: Making software verification tools really work. In: Bultan, T., Hsiung, P.-A. (eds.) ATVA 2011. LNCS, vol. 6996, pp. 28–42. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  2. Bagnara, R., Carlier, M., Gori, R., Gotlieb, A.: Symbolic path-oriented test data generation for floating-point programs. In: Proceedings of the 6th IEEE International Conference on Software Testing, Verification and Validation, p. 10. IEEE Press, Luxembourg City (2013)

    Google Scholar 

  3. Barr, E.T., Vo, T., Le, V., Su, Z.: Automatic detection of floating-point exceptions. In: Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2013, pp. 549–560. ACM, New York (2013)

    Chapter  Google Scholar 

  4. Blanchet, B., Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: A static analyzer for large safety-critical software. In: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation (PLD 2003), June 7-14, pp. 196–207. ACM Press, San Diego (2003)

    Chapter  Google Scholar 

  5. Botella, B., Gotlieb, A., Michel, C.: Symbolic execution of floating-point computations. Software Testing, Verification and Reliability 16(2), 97–121 (2006)

    Article  Google Scholar 

  6. Brillout, A., Kroening, D., Wahl, T.: Mixed abstractions for floating-point arithmetic. In: FMCAD, pp. 69–76. IEEE (2009)

    Google Scholar 

  7. Brumley, D., Jager, I., Avgerinos, T., Schwartz, E.J.: BAP: A binary analysis platform. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 463–469. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  8. Cadar, C., Dunbar, D., Engler, D.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: OSDI 2008, pp. 209–224 (2008)

    Google Scholar 

  9. Chipounov, V., Kuznetsov, V., Candea, G.: S2E: a platform for in-vivo multi-path analysis of software systems. In: ASPLOS 2011, pp. 265–278 (2011)

    Google Scholar 

  10. Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)

    Article  MathSciNet  Google Scholar 

  11. Collingbourne, P., Cadar, C., Kelly, P.H.: Symbolic crosschecking of floating-point and SIMD code. In: Proceedings of the Sixth Conference on Computer Systems, EuroSys 2011, pp. 315–328. ACM, New York (2011)

    Google Scholar 

  12. Conchon, S., Melquiond, G., Roux, C., Iguernelala, M.: Built-in treatment of an axiomatic floating-point theory for SMT solvers. In: Fontaine, P., Goel, A. (eds.) SMT 2012. EPiC Series, vol. 20, pp. 12–21. Easy Chair (2013)

    Google Scholar 

  13. Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, POPL 1977, pp. 238–252. ACM, New York (1977)

    Google Scholar 

  14. Davis, E.: Constraint propagation with interval labels. Artificial Intelligence 32(3), 281–331 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  15. de Moura, L., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  16. Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Godefroid, P., Kinder, J.: Proving memory safety of floating-point computations by combining static and dynamic program analysis. In: Proceedings of the 19th International Symposium on Software Testing and Analysis, ISSTA 2010, pp. 1–12. ACM, New York (2010)

    Chapter  Google Scholar 

  18. Godefroid, P., Levin, M.Y., Molnar, D.A.: Automated whitebox fuzz testing. In: Network Distributed Security Symposium (2008)

    Google Scholar 

  19. Godefroid, P., Taly, A.: Automated synthesis of symbolic instruction encodings from I/O samples. In: PLDI, pp. 441–452 (2012)

    Google Scholar 

  20. Goldberg, D.: What every computer scientist should know about floating-point arithmetic. ACM Computing Surveys 23, 5–48 (1991)

    Article  Google Scholar 

  21. Goubault, É., Putot, S.: Static analysis of numerical algorithms. In: Yi, K. (ed.) SAS 2006. LNCS, vol. 4134, pp. 18–34. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  22. Haller, L., Griggio, A., Brain, M., Kroening, D.: Deciding floating-point logic with systematic abstraction. In: Cabodi, G., Singh, S. (eds.) FMCAD, pp. 131–140. IEEE (2012)

    Google Scholar 

  23. Hansen, T., Schachte, P., Søndergaard, H.: State joining and splitting for the symbolic execution of binaries. In: Bensalem, S., Peled, D.A. (eds.) RV 2009. LNCS, vol. 5779, pp. 76–92. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Hauser, J.: SoftFloat-2b (2002), http://www.jhauser.us/arithmetic/SoftFloat.html

  25. IEEE Task P754: ANSI/IEEE 754-1985, Standard for Binary Floating-Point Arithmetic (August 1985)

    Google Scholar 

  26. Ivančic̀, F., Ganai, M.K., Sankaranarayanan, S., Gupta, A.: Software model checking the precision of floating-point programs. In: Proceedings of the 8th ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE 2010), pp. 49–58. IEEE (2010)

    Google Scholar 

  27. Kahan, W.: Implementation of algorithms (lecture notes by W. S. Haugeland and D. Hough). Technical Report 20 (1973)

    Google Scholar 

  28. Karrer, J.: Softgun – the embedded system simulator (2013), http://softgun.sourceforge.net

  29. King, J.C.: Symbolic execution and program testing. Communications of the ACM 19, 385–394 (1976)

    Article  MATH  Google Scholar 

  30. Kuliamin, V.V.: Standardization and testing of implementations of mathematical functions in floating point numbers. Programming and Computer Software 33(3), 154–173 (2007)

    Article  MATH  MathSciNet  Google Scholar 

  31. Lakhotia, K., Tillmann, N., Harman, M., de Halleux, J.: FloPSy - search-based floating point constraint solving for symbolic execution. In: Petrenko, A., Simão, A., Maldonado, J.C. (eds.) ICTSS 2010. LNCS, vol. 6435, pp. 142–157. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  32. Li, G., Li, P., Sawaya, G., Gopalakrishnan, G., Ghosh, I., Rajan, S.P.: GKLEE: concolic verification and test generation for GPUs. In: Proceedings of the 17th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, PPoPP 2012, pp. 215–224. ACM, New York (2012)

    Chapter  Google Scholar 

  33. Martignoni, L., McCamant, S., Poosankam, P., Song, D., Maniatis, P.: Path-exploration lifting: hi-fi tests for lo-fi emulators. In: ASPLOS 2012, pp. 337–348. ACM, New York (2012)

    Google Scholar 

  34. Miné, A.: Relational abstract domains for the detection of floating-point run-time errors. In: Schmidt, D.A. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 3–17. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  35. Molnar, D., Li, X.C., Wagner, D.A.: Dynamic test generation to find integer bugs in x86 binary linux programs. In: Proceedings of the 18th Conference on USENIX Security Symposium, SSYM 2009, pp. 67–82. USENIX Association (2009)

    Google Scholar 

  36. Monniaux, D.: The pitfalls of verifying floating-point computations. ACM Trans. Program. Lang. Syst. 30(3), 12:1–12:41 (2008)

    Google Scholar 

  37. Nethercote, N., Seward, J.: Valgrind: a framework for heavyweight dynamic binary instrumentation. In: PLDI 2007, pp. 89–100 (2007)

    Google Scholar 

  38. O’Leary, J., Zhao, X., Gerth, R., Seger, C.J.H.: Formally verifying IEEE compliance of floating-point hardware. Tech. rep., Intel Technical Journal (First quarter 1999)

    Google Scholar 

  39. Peleska, J., Vorobev, E., Lapschies, F.: Automated test case generation with SMT-solving and abstract interpretation. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 298–312. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  40. Păsăreanu, C., Visser, W.: A survey of new trends in symbolic execution for software testing and analysis. International Journal on Software Tools for Technology Transfer (STTT) 11, 339–353 (2009)

    Article  Google Scholar 

  41. Rümmer, P.: Preliminary SMT-FPA conformance tests (2010), http://www.cprover.org/SMT-LIB-Float/

  42. Rümmer, P., Wahl, T.: An SMT-LIB theory of binary floating-point arithmetic. In: Informal Proceedings of 8th International Workshop on Satisfiability Modulo Theories (SMT) at FLoC, Edinburgh, Scotland (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Stanford University, USA

    Anthony Romano

Authors
  1. Anthony Romano
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. One Microsoft Way, Microsoft Research, 98052, Redmond, WA, USA

    Kenneth L. McMillan

  2. DI - Ecole Normale Supérieure, 45, rue d’Ulm, 75230, Paris Cedex 05, France

    Xavier Rival

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Romano, A. (2014). Practical Floating-Point Tests with Integer Code. In: McMillan, K.L., Rival, X. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2014. Lecture Notes in Computer Science, vol 8318. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54013-4_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-54013-4_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-54012-7

  • Online ISBN: 978-3-642-54013-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation