Abstraction techniques for Floating-Point Arithmetic

Similar documents
Mixed Abstractions for Floating-Point Arithmetic

Seminar in Software Engineering Presented by Dima Pavlov, November 2010

The SMT-LIB 2 Standard: Overview and Proposed New Theories

Software Model Checking. Xiangyu Zhang

On Reasoning about Finite Sets in Software Checking

On the Generation of Test Cases for Embedded Software in Avionics or Overview of CESAR

CS 510/13. Predicate Abstraction

Floating Point Arithmetic

Introduction to CBMC: Part 1

SMT-Based Bounded Model Checking for Embedded ANSI-C Software. Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva

Introduction to CBMC. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel December 5, 2011

ECE232: Hardware Organization and Design

Bounded Model Checking Of C Programs: CBMC Tool Overview

Open Floating Point Unit

Reals 1. Floating-point numbers and their properties. Pitfalls of numeric computation. Horner's method. Bisection. Newton's method.

Chapter 3: Arithmetic for Computers

Divide: Paper & Pencil

Chapter 03: Computer Arithmetic. Lesson 09: Arithmetic using floating point numbers

Interpolation-based Software Verification with Wolverine

IEEE Standard for Floating-Point Arithmetic: 754

Bit-Vector Approximations of Floating-Point Arithmetic

Verifying Multithreaded Software with Impact

Introduction. Preliminaries. Original IC3. Tree-IC3. IC3 on Control Flow Automata. Conclusion

Symbolic Execution for Checking the Accuracy of Floating-Point Programs

Automatic Software Verification

Lecture Objectives. Structured Programming & an Introduction to Error. Review the basic good habits of programming

Research Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001

Computer Arithmetic Floating Point

CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan

SMT-Style Program Analysis with Value-based Refinements

Proving Properties of non-array Programs

Numerical Solutions of Differential Equations (1)

CS101 Lecture 04: Binary Arithmetic

Floating-Point Data Representation and Manipulation 198:231 Introduction to Computer Organization Lecture 3

Verifying Recursive Programs using Intra-procedural Analyzers

Decision Procedures. An Algorithmic Point of View. Bit-Vectors. D. Kroening O. Strichman. Version 1.0, ETH/Technion

Lecture 1 Contracts : Principles of Imperative Computation (Fall 2018) Frank Pfenning

Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification

Deciding floating-point logic with abstract conflict driven clause learning

ECE 450:DIGITAL SIGNAL. Lecture 10: DSP Arithmetic

arxiv: v2 [cs.pl] 3 Apr 2018

Deductive Methods, Bounded Model Checking

Floating Point. The World is Not Just Integers. Programming languages support numbers with fraction

Operations On Data CHAPTER 4. (Solutions to Odd-Numbered Problems) Review Questions

Model Checking and Its Applications

Floating Point. CSE 351 Autumn Instructor: Justin Hsia

Predicate Abstraction Daniel Kroening 1

Software Model Checking with Abstraction Refinement

Floating Point Representation. CS Summer 2008 Jonathan Kaldor

Error Explanation with Distance Metrics

6. Hoare Logic and Weakest Preconditions

fractional quantities are typically represented in computers using floating point format this approach is very much similar to scientific notation

Chapter Three. Arithmetic

Formal Verification of Floating-Point programs

Lecture 1 Contracts. 1 A Mysterious Program : Principles of Imperative Computation (Spring 2018) Frank Pfenning

The ComFoRT Reasoning Framework

Integrating a SAT Solver with Isabelle/HOL

Lecture 2: Symbolic Model Checking With SAT

Semantic Importance Sampling for Statistical Model Checking

HySAT. what you can use it for how it works example from application domain final remarks. Christian Herde /12

EE 109 Unit 19. IEEE 754 Floating Point Representation Floating Point Arithmetic

Learning a SAT Solver from Single-

More on Verification and Model Checking

Inf2C - Computer Systems Lecture 2 Data Representation

Verification of Tree-Based Hierarchical Read-Copy Update in the Linux Kernel

FLOATING POINT NUMBERS

C Code Verification based on the Extended Labeled Transition System Model

Representing and Manipulating Floating Points

Floating Point. CSE 351 Autumn Instructor: Justin Hsia

Organisasi Sistem Komputer

Bug Finding with Under-approximating Static Analyses. Daniel Kroening, Matt Lewis, Georg Weissenbacher

Module 2: Computer Arithmetic

Errors in Computation

Model Checking Embedded C Software using k-induction and Invariants

Model Checking: Back and Forth Between Hardware and Software

Encoding floating-point numbers using the SMT theory in ESBMC: An empirical evaluation over the SV-COMP benchmarks

2 General issues in multi-operand addition

2 Computation with Floating-Point Numbers

Having a BLAST with SLAM

CHAPTER 5: Representing Numerical Data

ECE331: Hardware Organization and Design

Encoding floating-point numbers using the SMT theory in ESBMC: An empirical evaluation over the SV-COMP benchmarks

Floating-Point Arithmetic

F-Soft: Software Verification Platform

CS222: Processor Design

MAT128A: Numerical Analysis Lecture Two: Finite Precision Arithmetic

Chapter 4. Operations on Data

unused unused unused unused unused unused

Floating Point (with contributions from Dr. Bin Ren, William & Mary Computer Science)

Scientific Computing. Error Analysis

Floating Point. EE 109 Unit 20. Floating Point Representation. Fixed Point

By, Ajinkya Karande Adarsh Yoga

Floating-point Precision vs Performance Trade-offs

A Case Study on Model Checking and Deductive Verification Techniques of Safety-Critical Software

Data Representation Floating Point

Lecture 03 Approximations, Errors and Their Analysis

Number Systems and Computer Arithmetic

Exponential Numbers ID1050 Quantitative & Qualitative Reasoning

Simulation-based Bug Trace Minimization

EE 109 Unit 20. IEEE 754 Floating Point Representation Floating Point Arithmetic

Transcription:

Abstraction techniques for Floating-Point Arithmetic Angelo Brillout 1, Daniel Kroening 2 and Thomas Wahl 2 1 ETH Zurich, 2 Oxford University ETH Zürich

Floating-Point Arithmetic (FPA) Used for embedded and safety critical systems Finite representation of real numbers Rounding Deviation causes unintuitive results Deviation can change control flow Behavior of floating-point programs hard to predict 2

Contributions New effective approximation techniques Over- and underapproximation for FPA Bit-precise Precise and sound decision procedure for FPA: Based on CBMC model checking engine SAT solver as the back-end 3

Floating-Point Arithmetic (FPA) Numerical representation of a subset of the reals Floating-point format: IEEE-754 standard Triple (s; e; f) stands for the number ( 1) s f 2 e Represented by a bit-vector s e r 1 e 0 f 0 f p 1 Ã! Ã! Ã! 1 r p F p Representable numbers Floating-point operations ª Differ from real arithmetic. E.g.: (a b) c 6= a (b c) 4

Floating-Point Arithmetic (FPA) Result of FP-operation not always representable Approximations: bxc p := maxff 2 F p : f xg ; and dxe p := minff 2 F p : f xg : bxc p Rounding function: x dxe p rd p (x) 2 fbxc p ; dxe p g Rounding based on least significant bits of fraction

Floating-Point Arithmetic (FPA) Floating-point operations defined as: x } p y := rd p (x ± y) Verification of FPA programs: Naïve method: Bit-vector model of an FPU and bitblasting BMC (Unrolling, Bit-blasting, SAT-solving) Does not scale for FPA 6

FPA Verification FPU-Implementation of Add/Sub Align: mantissa shifted, rendering exponents equal Add/Sub: resulting mantissas are added/subtracted Round: shortening mantissa to obtain a number in F p 7

FPA Verification FPU-Implementation of Add/Sub Precision Align Add/Sub Round Total p = 5 295 168 572 1035 p = 23 687 420 1447 2554 p = 52 1404 826 2923 5153 8

FPA Verification FPU-Implementation of Mul/Div Add/Sub: exponents added/subtracted (Mul/Div) Mul/Div: mantissas multiplied/divided (Mul/Div) 9

FPA Verification FPU-Implementation of Mul/Div Precision Mul/Div Add/Sub Round Total p = 5 280 94 674 1048 p = 23 3898 94 2258 6550 p = 52 19268 94 5742 25104 10

FPA Verification Need for approximate FP-operations Can we approximate FP-operations by reducing the precision p? 11

Approximation techniques Reducing the precision p 0 < p Least significant bits are lost Overapproximation by open rounding: rd p;p 0(X) := [ bxc p 0; dxe p 0 ] \ F p New FP-operations X } p;p 0 Y := rd p;p 0(X ± Y ) Replace } p by } p;p 0 for some precision p 0 < p 12

Approximation techniques Overapproximation: visualization rd p;p 0(fxg) = [ bxc p 0; dxe p 0 ] \ F p bxc p 0 dxe p 0 precision p 0 < p x rd p;p 0(fxg) = f ; ; ; ; g 13

Approximation techniques Reducing the precision p 0 < p Least significant bits are lost Underapproximation by inhibiting rounding: rd p;p 0(X) := X \ F p 0 New FP-operations X } p;p 0 Y := rd p;p 0(X ± Y ) Replace } p by } p;p 0 for some precision p 0 < p 14

Approximation techniques Underapproximation: visualization rd p;p 0(fxg) = fxg \ F p 0 precision p 0 < p x rd p;p 0(fxg) = fxg if x 2 F p 0, ; otherwise 15

Alternating abstractions for FPA Over-approximation Permits more execution traces than original program SAT: no conclusion, UNSAT: assertions OK Under-approximation Permits less execution traces than original program SAT: assertion violated, UNSAT: no conclusion Refinement: increase p Alternation yields complete procedure 16

Alternating abstractions for FPA Á Select small precision p Á Generate Underapproximation (increase p using ) Á SAT? yes SAT, ass. yes satisfies Á? no (proof P ) yes (ass. ) P valid for Á? UNSAT, proof P no SAT? no Generate Overrapproximation (increase p using P ) Á 17

Alternating abstractions for FPA Refinement for FPA: Spuriously SAT: r } p;p 0 r 6= } p result of. If then increase precision Spuriously UNSAT: Recall: rd p;p 0(X) := X \ F p 0 X \ F p 0 If the constraint occurs in, then increase precision P 18

Summary Model Checking with FPA Effective over- and underapproximation hard to find Slow (model checking) Fully automatic Provides counterexample Implemented in CBMC 19

State of the Art Proof assistants Very powerful Require interaction No counterexample Interval arithmetic Fully automated Too coarse No counterexample [1; 2] + [4; 6] = [5; 8] 20

Issues E.g. the formula (a b) c 6= a (b c) is SAT Every overapproximation based on } is SAT } Every underapproximation based on is UNSAT Some formulae do not have effective over- or underapproximations 21

Conclusion New algorithm for iteratively approximating complex FPA formulae New under- and over-approximations for FPoperations Ability to generate counterexamples Debugging Automated test-vector generation Promising experiments, future work Thank you! 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback