Proofs of numerical programs when the compiler optimizes

  • Sylvie BoldoEmail author
  • Thi Minh Tuyen Nguyen
SI: NFM 2010


On certain recently developed architectures, a numerical program may give different answers depending on the execution hardware and the compilation. Our goal is to formally prove properties about numerical programs that are true for multiple architectures and compilers. We propose an approach that states the rounding error of each floating-point computation whatever the environment and the compiler choices. This approach is implemented in the Frama-C platform for static analysis of C code. Small case studies using this approach are entirely and automatically proved.


Floating-point arithmetic Numerical program Static analysis Compiler optimization Why platform Frama-C platform 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ayad A, Marché C (2010) Multi-prover verification of floating-point programs. In: Giesl J, Hähnle R (eds) Fifth International Joint Conference on Automated Reasoning, LNAI. Springer, Edinburgh, ScotlandGoogle Scholar
  2. 2.
    Barnett M, Leino KRM, Rustan K, Leino M, Schulte W (2004) The Spec# Programming System: an overview. Springer, Berlin, pp 49–69Google Scholar
  3. 3.
    Barrett C, Tinelli C (2007) CVC3. In: Proceedings of the 19th International Conference on Computer Aided Verification (CAV ’07). LNCS, vol 4590, pp 298–302. Springer, BerlinGoogle Scholar
  4. 4.
    Baudin P, Filliâtre JC, Marché C, Monate B, Moy Y, Prevosto V (2008) ACSL: ANSI/ISO C Specification Language.
  5. 5.
    Boldo S, Filliâtre JC (2007) Formal Verification of Floating-Point Programs. In: 18th IEEE International Symposium on Computer Arithmetic, pp 187–194. FranceGoogle Scholar
  6. 6.
    Boldo S, Filliâtre JC, Melquiond G (2009) Combining Coq and Gappa for Certifying Floating-Point Programs. In: 16th Symposium on the Integration of Symbolic Computation and Mechanised Reasoning. Lecture Notes in Artificial Intelligence, vol 5625, pp 59–74. Springer, CanadaGoogle Scholar
  7. 7.
    Boldo S, Nguyen TMT (2010) Hardware-independent proofs of numerical programs. In: Muñoz C (ed) Proceedings of the Second NASA Formal Methods Symposium (NFM 2010), NASA/CP-2010-216215, pp 14–23. NASA, Langley Research Center, Hampton, USAGoogle Scholar
  8. 8.
    Burdy L, Cheon Y, Cok DR, Ernst MD, Kiniry JR, Leavens GT, Leino KRM, Poll E (2005) An overview of JML tools and applications. Int J Softw Tools Technol Transf (STTT) 7(3): 212–232CrossRefGoogle Scholar
  9. 9.
    Carreño VA, Miner PS (1995) Specification of the IEEE-854 floating-point standard in HOL and PVS. In: HOL95—8th International Workshop on Higher-Order Logic Theorem Proving and Its Applications. Aspen Grove, UTGoogle Scholar
  10. 10.
    Conchon S, Contejean E, Kanig J (2007) CC(X): Efficiently Combining Equality and Solvable Theories without Canonizers. In: SMT 2007—5th International Workshop on Satisfiability ModuloGoogle Scholar
  11. 11.
    Cousot P, Cousot R, Feret J, Mauborgne L, Miné A, Monniaux D, Rival X (2005) The ASTRÉE analyzer. In: ESOP, no. 3444 in LNCS, pp 21–30Google Scholar
  12. 12.
    Daumas M, Melquiond G (2010) Certification of bounds on expressions involving rounded operators. Trans Math Softw 37(1): 2:1–2:20MathSciNetGoogle Scholar
  13. 13.
    Daumas M, Melquiond G, Muñoz C (2005) Guaranteed proofs using interval arithmetic. In: Montuschi P, Schwarz E (eds) 17th IEEE Symposium on Computer Arithmetic, pp 188–195. Cape Cod, USAGoogle Scholar
  14. 14.
    Delmas D, Goubault E, Putot S, Souyris J, Tekkal K, Védrine F (2009) Towards an industrial use of fluctuat on safety-critical avionics software. In: FMICS. LNCS, vol 5825. Springer, Berlin, pp 53–69Google Scholar
  15. 15.
    Dowek G, Muñoz C, Carreño V (2005) Provably safe coordinated strategy for distributed conflict resolution. In: Proceedings of the AIAA Guidance Navigation, and Control Conference and Exhibit 2005, AIAA-2005-6047. San Francisco, CaliforniaGoogle Scholar
  16. 16.
    Filliâtre JC, Marché C (2007) The Why/Krakatoa/Caduceus platform for deductive program verification. In: Computer Aided Verification (CAV). LNCS, vol 4590. Springer, Berlin, pp 173–177Google Scholar
  17. 17.
    Goldberg D (1991) What every computer scientist should know about floating point arithmetic. ACM Comput Surv 23(1): 5–47CrossRefGoogle Scholar
  18. 18.
    Harrison J (2000) Formal verification of floating point trigonometric functions. In: Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design, pp. 217–233. Austin, TexasGoogle Scholar
  19. 19.
    Higham NJ (2002) Accuracy and stability of numerical algorithms. SIAM, PhiladelphiazbMATHCrossRefGoogle Scholar
  20. 20.
    JML-Java Modeling Language.
  21. 21.
    Leavens GT (2006) Not a number of floating point problems. J Object Technol 5(2): 75–83CrossRefGoogle Scholar
  22. 22.
    Microprocessor Standards Subcommittee (2008) IEEE Standard for Floating-Point Arithmetic. IEEE Std. 754-2008, pp 1–58. doi: 10.1109/IEEESTD.2008.4610935
  23. 23.
    Monniaux D (2008) The pitfalls of verifying floating-point computations. TOPLAS 30(3): 12. doi: 10.1145/1353445.1353446 CrossRefGoogle Scholar
  24. 24.
    Monniaux D (2009) Analyse statique : de la théorie à la pratique. Habilitation to direct research. Université Joseph Fourier, Grenoble, FranceGoogle Scholar
  25. 25.
    Ogita T, Rump SM, Oishi S (2005) Accurate sum and dot product. SIAM J Sci Comput 26: 1955–1988. doi: 10.1137/030601818 MathSciNetzbMATHCrossRefGoogle Scholar
  26. 26.
    Russinoff DM (1998) A mechanically checked proof of IEEE compliance of the floating point multiplication, division and square root algorithms of the AMD-K7 processor. LMS J Comput Math 1: 148–200MathSciNetzbMATHGoogle Scholar

Copyright information

© Springer-Verlag London Limited 2011

Authors and Affiliations

  1. 1.INRIA Saclay, Île-de-FranceOrsay CedexFrance
  2. 2.LRI, Univ. Paris-SudOrsay CedexFrance

Personalised recommendations