research-article

Public Access

A unified Coq framework for verifying C programs with floating-point computations

Authors:

Tahina Ramananandro,

Paul Mountcastle,

Benoît Meister,

Richard LethinAuthors Info & Claims

CPP 2016: Proceedings of the 5th ACM SIGPLAN Conference on Certified Programs and Proofs

Pages 15 - 26

https://doi.org/10.1145/2854065.2854066

Published: 18 January 2016 Publication History

Abstract

We provide concrete evidence that floating-point computations in C programs can be verified in a homogeneous verification setting based on Coq only, by evaluating the practicality of the combination of the formal semantics of CompCert Clight and the Flocq formal specification of IEEE 754 floating-point arithmetic for the verification of properties of floating-point computations in C programs. To this end, we develop a framework to automatically compute real-number expressions of C floating-point computations with rounding error terms along with their correctness proofs. We apply our framework to the complete analysis of an energy-efficient C implementation of a radar image processing algorithm, for which we provide a certified bound on the total noise introduced by floating-point rounding errors and energy-efficient approximations of square root and sine.

References

[1]

IEEE Standard for Floating-Point Arithmetic. IEEE Std 754-2008, pages 1–70, Aug 2008.

[2]

A. W. Appel. Verification of a Cryptographic Primitive: SHA-256. ACM Trans. Program. Lang. Syst., 37(2):7:1–7:31, Apr. 2015. ISSN 0164-0925. URL http://doi.acm.org/10.1145/2701415.

Digital Library

[3]

A. W. Appel, R. Dockins, A. Hobor, L. Beringer, J. Dodds, G. Stewart, S. Blazy, and X. Leroy. Program Logics for Certified Compilers. Cambridge University Press, New York, NY, USA, 2014.

Digital Library

[4]

ISBN 110704801X, 9781107048010.

[5]

K. Barker, T. Benson, D. Campbell, D. Ediger, R. Gioiosa, A. Hoisie, D. Kerbyson, J. Manzano, A. Marquez, L. Song, N. Tallent, and A. Tumeo. PERFECT (Power Efficiency Revolution For Embedded Computing Technologies) Benchmark Suite Manual. Pacific Northwest National Laboratory and Georgia Tech Research Institute, December 2013. http://hpc.pnnl.gov/projects/PERFECT/.

[6]

P. Baudin, F. Bobot, R. Bonichon, L. Correnson, P. Cuoq, Z. Dargaye, J.-C. Filliˆatre, P. Hermann, F. Kirchner, M. Lemerre., C. Marché, B. Monate, Y. Moy, A. Pacalet, V. Prevosto, J. Signoles, and B. Yakobowski. Frama-C. http://frama-c.com, 2007–2015.

[7]

L. Beringer, A. Petcher, K. Q. Ye, and A. W. Appel. Verified Correctness and Security of OpenSSL HMAC. In 24th USENIX Security Symposium (USENIX Security 15), pages 207–221, Washington, D.C., Aug. 2015. USENIX Association. ISBN 978-1-931971-232. URL https://www.usenix.org/conference/usenixsecurity15/ technical-sessions/presentation/beringer.

Digital Library

[8]

Y. Bertot, P. Castéran, G. Huet, and C. Paulin-Mohring. Interactive theorem proving and program development : Coq’Art : the calculus of inductive constructions. Texts in theoretical computer science. Springer, Berlin, New York, 2004. ISBN 978-3-540-20854- 9. URL http://opac.inria.fr/record=b1101046.

Digital Library

[9]

Données complémentaires http://coq.inria.fr.

[10]

S. Blazy and X. Leroy. Mechanized semantics for the Clight subset of the C language. Journal of Automated Reasoning, 43(3):263–288, 2009.

[11]

S. Boldo and G. Melquiond. Flocq: A unified library for proving floating-point algorithms in Coq. In Computer Arithmetic (ARITH), 2011 20th IEEE Symposium on, pages 243–252, July 2011.

Digital Library

[12]

S. Boldo, J.-C. Filliˆatre, and G. Melquiond. Combining Coq and Gappa for certifying floating-point programs. In J. Carette, L. Dixon, C. Sacerdoti Coen, and S. M. Watt, editors, Intelligent Computer Mathematics, volume 5625 of Lecture Notes in Computer Science, pages 59–74. Springer Berlin Heidelberg, 2009.

Digital Library

[13]

ISBN 978-3-642-02613-3. URL http://dx.doi.org/10.1007/ 978-3-642-02614-0_10.

[14]

S. Boldo, F. Clément, J.-C. Filliˆatre, M. Mayero, G. Melquiond, and P. Weis. Wave equation numerical resolution: A comprehensive mechanical proof of a C program. Journal of Automated Reasoning, 50 (4):423–456, 2013.

Digital Library

[15]

S. Boldo, J.-H. Jourdan, X. Leroy, and G. Melquiond. Verified compilation of floating-point computations. Journal of Automated Reasoning, 54(2):135–163, 2015.

Digital Library

[16]

S. P. Boyd and L. Vandenberghe. Convex Optimization. Cambridge University Press, Cambridge, 2004.

Digital Library

[17]

N. Brisebarre, M. Jolde, E. Martin-Dorel, M. Mayero, J.-M. Muller, I. Paca, L. Rideau, and L. Théry. Rigorous polynomial approximation using Taylor models in Coq. In A. Goodloe and S. Person, editors, NASA Formal Methods, volume 7226 of Lecture Notes in Computer Science, pages 85–99. Springer Berlin Heidelberg, 2012. ISBN 978- 3-642-28890-6.

Digital Library

[18]

S. Chevillard, M. Joldes¸, and C. Lauter. Sollya: An environment for the development of numerical codes. In K. Fukuda, J. van der Hoeven, M. Joswig, and N. Takayama, editors, Mathematical Software - ICMS 2010, volume 6327 of Lecture Notes in Computer Science, pages 28– 31, Heidelberg, Germany, September 2010. Springer.

Digital Library

[19]

T. Coq development team. The Coq proof assistant. http://coq. inria.fr, 1984–2015.

[20]

P. Cousot and R. Cousot. Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In ACM Symposium on Principles of Programming Languages, pages 238–252, Jan. 1977.

Digital Library

[21]

D. Delmas, E. Goubault, S. Putot, J. Souyris, K. Tekkal, and F. Védrine. Towards an industrial use of FLUCTUAT on safetycritical avionics software. In Proceedings of the 14th International Workshop on Formal Methods for Industrial Critical Systems, FMICS ’09, pages 53–69, Berlin, Heidelberg, 2009. Springer-Verlag. ISBN 978-3-642-04569-1. URL http://dx.doi.org/10.1007/ 978-3-642-04570-7_6.

Digital Library

[22]

M. D. Desai and W. K. Jenkins. Convolution backprojection image reconstruction for spotlight mode synthetic aperture radar. Image Processing, IEEE Transactions on, 1(4):505–517, Oct 1992. ISSN 1057-7149.

Digital Library

[23]

C. Ellison and G. Rosu. An executable formal semantics of C with applications. In Proceedings of the 39th Annual ACM SIGPLANSIGACT Symposium on Principles of Programming Languages, POPL ’12, pages 533–544, New York, NY, USA, 2012. ACM. ISBN 978-1- 4503-1083-3. URL http://doi.acm.org/10.1145/2103656.

Digital Library

[24]

2103719.

[25]

E. Goubault and S. Putot. Static analysis of numerical algorithms. In Proceedings of the 13th International Conference on Static Analysis, SAS’06, pages 18–34, Berlin, Heidelberg, 2006. Springer-Verlag. ISBN 3-540-37756-5, 978-3-540-37756-6. URL http://dx.doi. org/10.1007/11823230_3.

Digital Library

[26]

M. Grant and S. Boyd. CVX: Matlab software for disciplined convex programming, version 2.0 beta. http://cvxr.com/cvx, Sept. 2013.

[27]

N. J. Higham. The accuracy of floating point summation. SIAM J. Sci. Comput, 14:783–799, 1993.

Digital Library

[28]

J.-H. Jourdan, V. Laporte, S. Blazy, X. Leroy, and D. Pichardie. A formally-verified C static analyzer. In 42nd symposium Principles of Programming Languages, pages 247–259. ACM Press, 2015.

Digital Library

[29]

W. Kahan. Pracniques: Further remarks on reducing truncation errors. Commun. ACM, 8(1):40–, Jan. 1965. ISSN 0001-0782.

Digital Library

[30]

. URL http://doi.acm.org/10.1145/363707.363723.

[31]

O. Kupriianova and C. Lauter. Metalibm. http://lipforge. ens-lyon.fr/www/metalibm/, 2013.

[32]

X. Leroy. Compcert. http://compcert.inria.fr, 2005–2015.

[33]

X. Leroy. Formal verification of a realistic compiler. Communications of the ACM, 52(7):107–115, 2009.

Digital Library

[34]

G. Melquiond. De l’arithmétique d’intervalles à la certification de programmes. PhD thesis, École Normale Supérieure de Lyon, Lyon, France, 2006. URL http://www.lri.fr/~melquion/doc/ 06-these.pdf.

[35]

G. Melquiond. Proving bounds on real-valued functions with computations. In A. Armando, P. Baumgartner, and G. Dowek, editors, Automated Reasoning, volume 5195 of Lecture Notes in Computer Science, pages 2–17. Springer Berlin Heidelberg, 2008. ISBN 978-3-540-71069-1. URL http://dx.doi.org/10.1007/ 978-3-540-71070-7_2.

Digital Library

[36]

G. Melquiond. Coq-interval. http://coq-interval.gforge. inria.fr/, 2008–2015.

[37]

J.-M. Muller. Elementary Functions: Algorithms and Implementation. Birkhäuser, 1997.

Digital Library

[38]

J. M. Muller, F. D. Dinechin, et al. CRlibm: Correctly Rounded mathematical library. http://lipforge.ens-lyon.fr/www/crlibm/, 2005–2010.

[39]

J. Park, P. T. P. Tang, M. Smelyanskiy, D. Kim, and T. Benson. Efficient backprojection-based synthetic aperture radar computation with many-core processors. In Proceedings of Supercomputing ’12, 2012.

Digital Library

[40]

M. Soumekh. Synthetic aperture radar signal processing. New York: Wiley, 1999.

[41]

P. H. Sterbenz. Floating-point computation. Englewood Cliffs ; London : Prentice-Hall, 1973. ISBN 0133224953.

[42]

J. F. Sturm. Using SeDuMi 1.02, a MATLAB toolbox for optimization over symmetric cones. Optimization Methods and Software, 11– 12:625–653, 1999. Version 1.3 available from http://coral.ie. lehigh.edu/~newsedumi/?page_id=20.

[43]

F. Vedrine, E. Goubault, and S. Putot. FLUCTUAT. http://www. lix.polytechnique.fr/Labo/Sylvie.Putot/fluctuat.html, 2001–2015.

Cited By

Kellison AHsu J(2024)Numerical Fuzz: A Type System for Rounding Error AnalysisProceedings of the ACM on Programming Languages10.1145/36564568:PLDI(1954-1978)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656456
Appel AKellison ATimany ATraytel DPientka BBlazy S(2024)VCFloat2: Floating-Point Error Analysis in CoqProceedings of the 13th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3636501.3636953(14-29)Online publication date: 9-Jan-2024
https://dl.acm.org/doi/10.1145/3636501.3636953
Titolo LMoscato MFeliu MMasci PMuñoz C(2024)Rigorous Floating-Point Round-Off Error Analysis in PRECiSA 4.0Formal Methods10.1007/978-3-031-71177-0_2(20-38)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71177-0_2
Show More Cited By

Index Terms

Recommendations

Verdi: a framework for implementing and formally verifying distributed systems
PLDI '15: Proceedings of the 36th ACM SIGPLAN Conference on Programming Language Design and Implementation

Distributed systems are difficult to implement correctly because they must handle both concurrency and failures: machines may crash at arbitrary points and networks may reorder, drop, or duplicate packets. Further, their behavior is often too complex ...
Verdi: a framework for implementing and formally verifying distributed systems
PLDI '15

Distributed systems are difficult to implement correctly because they must handle both concurrency and failures: machines may crash at arbitrary points and networks may reorder, drop, or duplicate packets. Further, their behavior is often too complex ...
A Framework for the Verification of Certifying Computations

Formal verification of complex algorithms is challenging. Verifying their implementations goes beyond the state of the art of current automatic verification tools and usually involves intricate mathematical theorems. Certifying algorithms compute in ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CPP 2016: Proceedings of the 5th ACM SIGPLAN Conference on Certified Programs and Proofs

January 2016

196 pages

ISBN:9781450341271

DOI:10.1145/2854065

Program Chairs:
Jeremy Avigad
Carnegie Mellon University, USA
,
Adam Chlipala
MIT, USA

Copyright © 2016 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGPLAN: ACM Special Interest Group on Programming Languages

In-Cooperation

SIGLOG: ACM Special Interest Group on Logic and Computation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 January 2016

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Defense Advanced Research Projects Agency

Conference

CPP 2016

Sponsor:

SIGPLAN

CPP 2016: Certified Proofs and Programs

January 18 - 19, 2016

FL, St. Petersburg, USA

Acceptance Rates

Overall Acceptance Rate 18 of 26 submissions, 69%

Upcoming Conference

POPL '25

Sponsor:
sigplan

The 52nd Annual ACM SIGPLAN Symposium on Principles of Programming Languages

January 19 - 25, 2025

Denver , CO , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

22
Total Citations
View Citations
842
Total Downloads

Downloads (Last 12 months)108
Downloads (Last 6 weeks)18

Reflects downloads up to 15 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Kellison AHsu J(2024)Numerical Fuzz: A Type System for Rounding Error AnalysisProceedings of the ACM on Programming Languages10.1145/36564568:PLDI(1954-1978)Online publication date: 20-Jun-2024
https://dl.acm.org/doi/10.1145/3656456
Appel AKellison ATimany ATraytel DPientka BBlazy S(2024)VCFloat2: Floating-Point Error Analysis in CoqProceedings of the 13th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3636501.3636953(14-29)Online publication date: 9-Jan-2024
https://dl.acm.org/doi/10.1145/3636501.3636953
Titolo LMoscato MFeliu MMasci PMuñoz C(2024)Rigorous Floating-Point Round-Off Error Analysis in PRECiSA 4.0Formal Methods10.1007/978-3-031-71177-0_2(20-38)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1007/978-3-031-71177-0_2
Scott RDodds MPerez IGoodloe ADockins R(2023)Trustworthy Runtime Verification via Bisimulation (Experience Report)Proceedings of the ACM on Programming Languages10.1145/36078417:ICFP(305-321)Online publication date: 31-Aug-2023
https://dl.acm.org/doi/10.1145/3607841
Kellison AAppel ATekriwal MBindel D(2023)LAProof: A Library of Formal Proofs of Accuracy and Correctness for Linear Algebra Programs2023 IEEE 30th Symposium on Computer Arithmetic (ARITH)10.1109/ARITH58626.2023.00021(36-43)Online publication date: 4-Sep-2023
https://doi.org/10.1109/ARITH58626.2023.00021
Appel APopescu AZdancewic S(2022)Coq’s vibrant ecosystem for verification engineering (invited talk)Proceedings of the 11th ACM SIGPLAN International Conference on Certified Programs and Proofs10.1145/3497775.3503951(2-11)Online publication date: 17-Jan-2022
https://dl.acm.org/doi/10.1145/3497775.3503951
Kellison ATekriwal MJeannin JHulette G(2022)Towards Verified Rounding Error Analysis for Stationary Iterative Methods2022 IEEE/ACM Sixth International Workshop on Software Correctness for HPC Applications (Correctness)10.1109/Correctness56720.2022.00007(10-17)Online publication date: Nov-2022
https://doi.org/10.1109/Correctness56720.2022.00007
Rivera JFranchetti FPuschel M(2022)A Compiler for Sound Floating-Point Computations using Affine Arithmetic2022 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)10.1109/CGO53902.2022.9741286(66-78)Online publication date: 2-Apr-2022
https://doi.org/10.1109/CGO53902.2022.9741286
Kellison AAppel A(2022)Verified Numerical Methods for Ordinary Differential EquationsSoftware Verification and Formal Methods for ML-Enabled Autonomous Systems10.1007/978-3-031-21222-2_9(147-163)Online publication date: 16-Dec-2022
https://doi.org/10.1007/978-3-031-21222-2_9
Rivera JFranchetti FPüschel MLee J(2021)An interval compiler for sound floating-point computationsProceedings of the 2021 IEEE/ACM International Symposium on Code Generation and Optimization10.1109/CGO51591.2021.9370307(52-64)Online publication date: 27-Feb-2021
https://dl.acm.org/doi/10.1109/CGO51591.2021.9370307
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents