automating the verification of floating point algorithms
play

Automating the Verification of Floating-point Algorithms Guillaume - PowerPoint PPT Presentation

Sep 26, 2023 •285 likes •1.55k views

Introduction Interval+Error Advanced Gappa Conclusion Automating the Verification of Floating-point Algorithms Guillaume Melquiond Inria Saclay Ile-de-France LRI, Universit e Paris Sud, CNRS 2014-07-18 Guillaume Melquiond

  1. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 1: Toy Elementary Function float toy_sin(float x) { assert(fabsf(x) <= 1.0f); if (fabsf(x) < 0x1p -5f) return x; return x * (1.0f - x * x * 0x28e9p -16f); } Verification condition for accuracy � � toy sin x � ≤ 103 · 2 − 16 . � � ∀ x ∈ F 32 , | x | ≤ 1 ⇒ − 1 � � sin x � � � � x − 10473 · 2 − 16 x 3 � ≤ 102 · 2 − 16 . Optional hypothesis: − 1 � � sin x Guillaume Melquiond Automating the Verification of FP Algorithms 7 / 48

  2. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 1: Toy Elementary Function float toy_sin(float x) { assert(fabsf(x) <= 1.0f); if (fabsf(x) < 0x1p -5f) return x; return x * (1.0f - x * x * 0x28e9p -16f); } Verification condition for accuracy � � toy sin x � ≤ 103 · 2 − 16 . � � ∀ x ∈ F 32 , | x | ≤ 1 ⇒ − 1 � � sin x � � � � x − 10473 · 2 − 16 x 3 � ≤ 102 · 2 − 16 . Optional hypothesis: − 1 � � sin x Relative errors. Guillaume Melquiond Automating the Verification of FP Algorithms 7 / 48

  3. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 2: Cody-Waite Argument Reduction for Exp double exp(double x) { if (fabs(x) >= 800) return ...; double k = nearbyint(x * 0x1 .71547652 b82fep0); double t1 = x - k * 0xb .17217 f7d1cp -4; double t2 = t1 - k * 0xf.79 abc9e3b398p -48; ... } Guillaume Melquiond Automating the Verification of FP Algorithms 8 / 48

  4. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 2: Cody-Waite Argument Reduction for Exp double exp(double x) { if (fabs(x) >= 800) return ...; double k = nearbyint(x * 0x1 .71547652 b82fep0); double t1 = x - k * 0xb .17217 f7d1cp -4; double t2 = t1 - k * 0xf.79 abc9e3b398p -48; ... } Verification conditions | t 2 | ≤ 0 . 35, | t 2 − ( x − k · 0xb.17217f7d1cf79abc9e3b398p-4 ) | ≤ 2 − 55 . Guillaume Melquiond Automating the Verification of FP Algorithms 8 / 48

  5. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 2: Cody-Waite Argument Reduction for Exp double exp(double x) { if (fabs(x) >= 800) return ...; double k = nearbyint(x * 0x1 .71547652 b82fep0); double t1 = x - k * 0xb .17217 f7d1cp -4; double t2 = t1 - k * 0xf.79 abc9e3b398p -48; ... } Verification conditions | t 2 | ≤ 0 . 35, | t 2 − ( x − k · 0xb.17217f7d1cf79abc9e3b398p-4 ) | ≤ 2 − 55 . Vanishing round-off errors. Guillaume Melquiond Automating the Verification of FP Algorithms 8 / 48

  6. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 3: Itanium Division of 16-bit Unsigned Integers dividend a in f6, divisor b in f7, 1 + 2 − 17 in f9 // Inputs: frcpa.s1 f8 ,p6=f6 ,f7 ;; (p6) fma.s1 f6=f6 ,f8 ,f0 (p6) fnma.s1 f7=f7 ,f8 ,f9 ;; (p6) fma.s1 f8=f7 ,f6 ,f6 ;; fcvt.fx.trunc.s1 f8=f8 ⌊ a / b ⌋ in f8 // Output: Guillaume Melquiond Automating the Verification of FP Algorithms 9 / 48

  7. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 3: Itanium Division of 16-bit Unsigned Integers ≈ 1 / b [ frcpa ] y 0 q 0 = ◦ ( a × y 0 ) ◦ (1 + 2 − 17 − b × y 0 ) e 0 = q 1 = ◦ ( e 0 × q 0 + q 0 ) q = ⌊ q 1 ⌋ with ◦ ( · ) rounding to nearest on Itanium’s 82-bit format. Guillaume Melquiond Automating the Verification of FP Algorithms 9 / 48

  8. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 3: Itanium Division of 16-bit Unsigned Integers ≈ 1 / b [ frcpa ] y 0 q 0 = ◦ ( a × y 0 ) ◦ (1 + 2 − 17 − b × y 0 ) e 0 = q 1 = ◦ ( e 0 × q 0 + q 0 ) q = ⌊ q 1 ⌋ with ◦ ( · ) rounding to nearest on Itanium’s 82-bit format. Verification condition ∀ a , b ∈ [ | 1; 65535 | ] , q = ⌊ a / b ⌋ Guillaume Melquiond Automating the Verification of FP Algorithms 9 / 48

  9. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 3: Itanium Division of 16-bit Unsigned Integers ≈ 1 / b [ frcpa ] y 0 q 0 = ◦ ( a × y 0 ) ◦ (1 + 2 − 17 − b × y 0 ) e 0 = q 1 = ◦ ( e 0 × q 0 + q 0 ) q = ⌊ q 1 ⌋ with ◦ ( · ) rounding to nearest on Itanium’s 82-bit format. Verification condition ∀ a , b ∈ [ | 1; 65535 | ] , q = ⌊ a / b ⌋ Vanishing round-off errors. Polynomial manipulations. Guillaume Melquiond Automating the Verification of FP Algorithms 9 / 48

  10. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 4: Knuth’ TwoSum Algorithm s = a + b t = s - a e = (a - (s - t)) + (b - t) Guillaume Melquiond Automating the Verification of FP Algorithms 10 / 48

  11. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 4: Knuth’ TwoSum Algorithm s = a + b t = s - a e = (a - (s - t)) + (b - t) Verification condition Assuming no overflow occurs, s + e = a + b . Guillaume Melquiond Automating the Verification of FP Algorithms 10 / 48

  12. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Example 4: Knuth’ TwoSum Algorithm s = a + b t = s - a e = (a - (s - t)) + (b - t) Verification condition Assuming no overflow occurs, s + e = a + b . Pointless infinitely-precise values. Pointless round-off errors. Guillaume Melquiond Automating the Verification of FP Algorithms 10 / 48

  13. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Scope and Constraints of Gappa Scope Only real numbers: no exceptional values. Basic arithmetic operations: +, × , ÷ , √· . Radix-2 fixed- and FP arithmetic (no multi-precision). Logical formulas (no control flow). Guillaume Melquiond Automating the Verification of FP Algorithms 11 / 48

  14. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Scope and Constraints of Gappa Scope Only real numbers: no exceptional values. Basic arithmetic operations: +, × , ÷ , √· . Radix-2 fixed- and FP arithmetic (no multi-precision). Logical formulas (no control flow). Features Compute range and format of expressions. Bound forward errors. Guillaume Melquiond Automating the Verification of FP Algorithms 11 / 48

  15. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Scope and Constraints of Gappa Scope Only real numbers: no exceptional values. Basic arithmetic operations: +, × , ÷ , √· . Radix-2 fixed- and FP arithmetic (no multi-precision). Logical formulas (no control flow). Features Compute range and format of expressions. Bound forward errors. Constraints Handle complicated formulas (possibly with some user help). Generate Coq proofs that fit into Flocq’s formalism. Answer instantly. Guillaume Melquiond Automating the Verification of FP Algorithms 11 / 48

  16. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Why No Exceptional Values? Safety of most programs relies on their absence. In that case, range computation is sufficient. Guillaume Melquiond Automating the Verification of FP Algorithms 12 / 48

  17. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Why No Exceptional Values? Safety of most programs relies on their absence. In that case, range computation is sufficient. Their propagation is purely combinatorial anyway. Just use your preferred SAT method. Guillaume Melquiond Automating the Verification of FP Algorithms 12 / 48

  18. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability The Gappa Tool Gappa 1.1: 11k lines of C++, 8k lines of Coq, GPL’d. Guillaume Melquiond Automating the Verification of FP Algorithms 13 / 48

  19. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability The Gappa Tool Gappa 1.1: 11k lines of C++, 8k lines of Coq, GPL’d. Example (Cody-Waite argument reduction for exp) x = float <ieee_64 ,ne >( dummyx); # x is a double Log2h = 0xb .17217 f7d1cp -4; # 42 bits out of 53 InvLog2 = 0x1 .71547652 b82fep0; k = int <ne >(float <ieee_64 ,ne >(x*InvLog2)); t1 float <ieee_64 ,ne >= x - k*Log2h; # prove that t1 is computed exactly { x in [0.7 , 800] -> t1 = x - k*Log2h } Log2h ~ 1/ InvLog2; # user hint Guillaume Melquiond Automating the Verification of FP Algorithms 13 / 48

  20. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability The Gappa Tool Gappa 1.1: 11k lines of C++, 8k lines of Coq, GPL’d. Example (Cody-Waite argument reduction for exp) x = float <ieee_64 ,ne >( dummyx); # x is a double Log2h = 0xb .17217 f7d1cp -4; # 42 bits out of 53 InvLog2 = 0x1 .71547652 b82fep0; k = int <ne >(float <ieee_64 ,ne >(x*InvLog2)); t1 float <ieee_64 ,ne >= x - k*Log2h; # prove that t1 is computed exactly { x in [0.7 , 800] -> t1 = x - k*Log2h } Log2h ~ 1/ InvLog2; # user hint Generated Coq proof: 664 lines, 55 reasoning steps. Guillaume Melquiond Automating the Verification of FP Algorithms 13 / 48

  21. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Rounding Operators and Decidability Effective rounding ◦ ( x ) = ulp( x ) · ⌊ x / ulp( x ) ⌉ , with ulp( x ) the distance between the 2 FP numbers surrounding x . Note: ulp is piecewise constant, e.g. 4091 ranges for binary64. Guillaume Melquiond Automating the Verification of FP Algorithms 14 / 48

  22. Introduction Interval+Error Advanced Gappa Conclusion Context Gallery Gappa Decidability Rounding Operators and Decidability Effective rounding ◦ ( x ) = ulp( x ) · ⌊ x / ulp( x ) ⌉ , with ulp( x ) the distance between the 2 FP numbers surrounding x . Note: ulp is piecewise constant, e.g. 4091 ranges for binary64. Decidability of FP arithmetic For bounded quantifications, the following theories are decidable: ( R , + , ◦ ( · )), ( F , ⊕ , ⊗ , . . . ). Guillaume Melquiond Automating the Verification of FP Algorithms 14 / 48

  23. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Outline Introduction 1 Interval arithmetic and forward error analysis 2 Preliminaries Interval arithmetic Forward error analysis Example 1: toy elementary function Dealing with more intricate algorithms 3 The Gappa tool 4 Conclusion 5 Guillaume Melquiond Automating the Verification of FP Algorithms 15 / 48

  24. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine What We Want to Prove Bounds on program expressions: ∀ x 1 , . . . , x m ∈ R , e 1 ∈ I 1 ∧ . . . ∧ e n ∈ I n ⇒ e ∈ J with I 1 , . . . , I n , J intervals with nonsymbolic bounds. Guillaume Melquiond Automating the Verification of FP Algorithms 16 / 48

  25. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine What We Want to Prove Bounds on program expressions: ∀ x 1 , . . . , x m ∈ R , e 1 ∈ I 1 ∧ . . . ∧ e n ∈ I n ⇒ e ∈ J with I 1 , . . . , I n , J intervals with nonsymbolic bounds. Bounds on forward errors: ∀ x 1 , . . . , x m ∈ R , e 1 ∈ I 1 ∧ . . . ∧ e n ∈ I n ⇒ ˜ e − e ∈ K with ˜ e and e two expressions with close values. Guillaume Melquiond Automating the Verification of FP Algorithms 16 / 48

  26. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine A Variety of Forward Errors Example (Addition) Let u and v be approximated by ˜ u and ˜ v . What is the error between ◦ (˜ u + ˜ v ) and u + v ? Guillaume Melquiond Automating the Verification of FP Algorithms 17 / 48

  27. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine A Variety of Forward Errors Example (Addition) Let u and v be approximated by ˜ u and ˜ v . What is the error between ◦ (˜ u + ˜ v ) and u + v ? Three errors are involved: between ˜ u and u , between ˜ v and v , round-off error between ◦ (˜ u + ˜ v ) and ˜ u + ˜ v . Guillaume Melquiond Automating the Verification of FP Algorithms 17 / 48

  28. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine A Variety of Forward Errors Example (Addition) Let u and v be approximated by ˜ u and ˜ v . What is the error between ◦ (˜ u + ˜ v ) and u + v ? Three errors are involved: between ˜ u and u , between ˜ v and v , round-off error between ◦ (˜ u + ˜ v ) and ˜ u + ˜ v . Each error bound might be either absolute: ˜ u − u ∈ I , or relative: (˜ u − u ) / u ∈ I . Guillaume Melquiond Automating the Verification of FP Algorithms 17 / 48

  29. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine A Variety of Round-off Errors The round-off error between ◦ (˜ u + ˜ v ) and ˜ u + ˜ v is absolutely bounded if ˜ u and ˜ v are bounded, Guillaume Melquiond Automating the Verification of FP Algorithms 18 / 48

  30. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine A Variety of Round-off Errors The round-off error between ◦ (˜ u + ˜ v ) and ˜ u + ˜ v is absolutely bounded if ˜ u and ˜ v are bounded, relatively bounded for FP formats with gradual underflow, Guillaume Melquiond Automating the Verification of FP Algorithms 18 / 48

  31. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine A Variety of Round-off Errors The round-off error between ◦ (˜ u + ˜ v ) and ˜ u + ˜ v is absolutely bounded if ˜ u and ˜ v are bounded, relatively bounded for FP formats with gradual underflow, relatively bounded if ˜ u + ˜ v is far enough from 0, Guillaume Melquiond Automating the Verification of FP Algorithms 18 / 48

  32. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine A Variety of Round-off Errors The round-off error between ◦ (˜ u + ˜ v ) and ˜ u + ˜ v is absolutely bounded if ˜ u and ˜ v are bounded, relatively bounded for FP formats with gradual underflow, relatively bounded if ˜ u + ˜ v is far enough from 0, zero if ˜ u + ˜ v is in a suitable fixed-point format, Guillaume Melquiond Automating the Verification of FP Algorithms 18 / 48

  33. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine A Variety of Round-off Errors The round-off error between ◦ (˜ u + ˜ v ) and ˜ u + ˜ v is absolutely bounded if ˜ u and ˜ v are bounded, relatively bounded for FP formats with gradual underflow, relatively bounded if ˜ u + ˜ v is far enough from 0, zero if ˜ u + ˜ v is in a suitable fixed-point format, zero if ˜ u / ˜ v ∈ [ − 2 , − 1 / 2] for FP formats with gradual underflow. Guillaume Melquiond Automating the Verification of FP Algorithms 18 / 48

  34. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Interval Arithmetic Interval arithmetic extends operations on real numbers to operations on closed connected subsets of real numbers. Application Instead of proving ∀ x ∈ [ a , b ] , f ( x ) ∈ [ c , d ], you can prove F ([ a , b ]) ⊆ [ c , d ], assuming that F is an interval extension of f . Guillaume Melquiond Automating the Verification of FP Algorithms 19 / 48

  35. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Interval Arithmetic Interval arithmetic extends operations on real numbers to operations on closed connected subsets of real numbers. Application Instead of proving ∀ x ∈ [ a , b ] , f ( x ) ∈ [ c , d ], you can prove F ([ a , b ]) ⊆ [ c , d ], assuming that F is an interval extension of f . Evaluating F is easy; it involves operations on bounds only: x ∈ [ a , b ] ∧ y ∈ [ c , d ] ⇒ x + y ∈ [ a + c , b + d ] . This makes interval arithmetic suitable for automatically proving bounds on real-valued expressions. Guillaume Melquiond Automating the Verification of FP Algorithms 19 / 48

  36. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Interval Arithmetic and Dependencies Independent expressions If a ∈ [3 , 5] and b ∈ [1 , 2] are independent, then a − b ∈ [3 − 2 , 5 − 1] = [1 , 4] is the optimal enclosure. Guillaume Melquiond Automating the Verification of FP Algorithms 20 / 48

  37. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Interval Arithmetic and Dependencies Independent expressions If a ∈ [3 , 5] and b ∈ [1 , 2] are independent, then a − b ∈ [3 − 2 , 5 − 1] = [1 , 4] is the optimal enclosure. Correlated expressions If we have a ∈ [1 , 100], interval arithmetic gives ( a + ε ) − a ∈ [1 + ε, 100 + ε ] − [1 , 100] = [ − 99 + ε, 99 + ε ] while the optimal enclosure is [ ε, ε ]. Guillaume Melquiond Automating the Verification of FP Algorithms 20 / 48

  38. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Interval Arithmetic and Dependencies Various methods solve the dependency issue: octogons, ellipsoids, zonotopes, Taylor/Chebyshev models, decision procedures, e.g. simplex or CAD. Unfortunately they are much costlier than interval arithmetic at execution time, and even worse at formalization time. Guillaume Melquiond Automating the Verification of FP Algorithms 21 / 48

  39. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Leveraging Forward Error Analysis Some well-known results of the standard model of FP arithmetic: “The absolute error of the sum is the sum of the absolute errors.” (˜ u + ˜ v ) − ( u + v ) = (˜ u − u ) + (˜ v − v ). Guillaume Melquiond Automating the Verification of FP Algorithms 22 / 48

  40. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Leveraging Forward Error Analysis Some well-known results of the standard model of FP arithmetic: “The absolute error of the sum is the sum of the absolute errors.” (˜ u + ˜ v ) − ( u + v ) = (˜ u − u ) + (˜ v − v ). “The relative error of the product is the sum of the relative errors.” u ˜ ˜ v uv − 1 = ε u + ε v + ε u ε v with ε u = ˜ u / u − 1 and ε v = ˜ v / v − 1. Guillaume Melquiond Automating the Verification of FP Algorithms 22 / 48

  41. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Leveraging Forward Error Analysis Some well-known results of the standard model of FP arithmetic: “The absolute error of the sum is the sum of the absolute errors.” (˜ u + ˜ v ) − ( u + v ) = (˜ u − u ) + (˜ v − v ). “The relative error of the product is the sum of the relative errors.” u ˜ ˜ v uv − 1 = ε u + ε v + ε u ε v with ε u = ˜ u / u − 1 and ε v = ˜ v / v − 1. “The relative round-off error is bounded.” � ◦ ( u ) � � ≤ 2 − p if | u | ≥ . . . � � − 1 � � u � Guillaume Melquiond Automating the Verification of FP Algorithms 22 / 48

  42. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Leveraging Forward Error Analysis Rewriting system: (˜ u + ˜ v ) − ( u + v ) → (˜ u − u ) + (˜ v − v ) (˜ u ˜ v ) / ( uv ) − 1 → ε u + ε v + ε u ε v Sufficient as long as errors are not correlated, expressions have the same inductive structure with correlated sub-expressions in the same places. Because of the 2-step design/verification process, these hypotheses often hold. Guillaume Melquiond Automating the Verification of FP Algorithms 23 / 48

  43. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Example 1: Toy Elementary Function How to efficiently compute sin x for | x | ≤ 1 with a relative accuracy bounded by 103 · 2 − 16 ? Guillaume Melquiond Automating the Verification of FP Algorithms 24 / 48

  44. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Example 1: Toy Elementary Function How to efficiently compute sin x for | x | ≤ 1 with a relative accuracy bounded by 103 · 2 − 16 ? Example (Toy sine) float toy_sin(float x) { if (fabsf(x) < 0x1p -5f) return x; return x * (1.0f - x * x * 0x28e9p -16f); } Guillaume Melquiond Automating the Verification of FP Algorithms 24 / 48

  45. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Example 1: Toy Elementary Function How to efficiently compute sin x for | x | ≤ 1 with a relative accuracy bounded by 103 · 2 − 16 ? Example (Toy sine) float toy_sin(float x) { if (fabsf(x) < 0x1p -5f) return x; return x * (1.0f - x * x * 0x28e9p -16f); } An actual implementation of sin would use more than just 2 polynomials, and/or perform an argument reduction. But the proof process is the same! Guillaume Melquiond Automating the Verification of FP Algorithms 24 / 48

  46. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Approximating a Mathematical Function How to compute an accurate FP approximation of g ( x ) for any x ? Guillaume Melquiond Automating the Verification of FP Algorithms 25 / 48

  47. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Approximating a Mathematical Function How to compute an accurate FP approximation of g ( x ) for any x ? 1 Find an approximation ˆ g of g that uses only real operations that can be approximated by your floating-point unit. Bound the method error ˆ g ( x ) / g ( x ) − 1. Guillaume Melquiond Automating the Verification of FP Algorithms 25 / 48

  48. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Approximating a Mathematical Function How to compute an accurate FP approximation of g ( x ) for any x ? 1 Find an approximation ˆ g of g that uses only real operations that can be approximated by your floating-point unit. Bound the method error ˆ g ( x ) / g ( x ) − 1. 2 Write ˜ g that implements ˆ g with floating-point operations. Bound the round-off error ˜ g ( x ) / ˆ g ( x ) − 1. Guillaume Melquiond Automating the Verification of FP Algorithms 25 / 48

  49. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Approximating a Mathematical Function How to compute an accurate FP approximation of g ( x ) for any x ? 1 Find an approximation ˆ g of g that uses only real operations that can be approximated by your floating-point unit. Bound the method error ˆ g ( x ) / g ( x ) − 1. 2 Write ˜ g that implements ˆ g with floating-point operations. Bound the round-off error ˜ g ( x ) / ˆ g ( x ) − 1. 3 Compose both bounds to get ˜ g ( x ) / g ( x ) − 1. Guillaume Melquiond Automating the Verification of FP Algorithms 25 / 48

  50. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Approximating a Mathematical Function How to compute an accurate FP approximation of g ( x ) for any x ? 1 Find an approximation ˆ g of g that uses only real operations that can be approximated by your floating-point unit. Bound the method error ˆ g ( x ) / g ( x ) − 1. 2 Write ˜ g that implements ˆ g with floating-point operations. Bound the round-off error ˜ g ( x ) / ˆ g ( x ) − 1. 3 Compose both bounds to get ˜ g ( x ) / g ( x ) − 1. Proving correctness is just a matter of computing tight bounds for these expressions. Guillaume Melquiond Automating the Verification of FP Algorithms 25 / 48

  51. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Method Error (Relative) Method error: x · (1 − x 2 · 10473 · 2 − 16 ) − 1. sin x Interval analysis knows how to bound such an expression. Guillaume Melquiond Automating the Verification of FP Algorithms 26 / 48

  52. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Binary32 Round-off Error (Relative) Round-off error: ◦ ( x ·◦ (1 −◦ ( ◦ ( x 2 ) · 10473 · 2 − 16 ))) − 1. x · (1 − x 2 · 10473 · 2 − 16 ) Gappa knows how to bound such an expression. (And how to compose method and round-off errors.) Guillaume Melquiond Automating the Verification of FP Algorithms 27 / 48

  53. Introduction Interval+Error Advanced Gappa Conclusion Prelim Interval Forward Ex:Sine Gappa Script, as Written by a Human Example (Relative error for a toy sin implementation) @rnd = float <ieee_32 ,ne >; x = rnd(dummyx); # x is a float # floating-point implementation y rnd= x * (1 - x*x * 0x28E9p -16); # infinitely-precise computation My = x * (1 - x*x * 0x28E9p -16); { |x| in [1b-5 ,1] /\ # relative method error |My -/ sin_x| <= 1.55e-3 -> # relative total error |y -/ sin_x| <= 1.551e-3 } Guillaume Melquiond Automating the Verification of FP Algorithms 28 / 48

  54. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Outline Introduction 1 Interval arithmetic and forward error analysis 2 Dealing with more intricate algorithms 3 Example 2: Cody-Waite argument reduction for exp Example 3: Itanium division of 16-bit unsigned integers The Gappa tool 4 Conclusion 5 Guillaume Melquiond Automating the Verification of FP Algorithms 29 / 48

  55. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Intricate Algorithms For some algorithms, bounding errors is not sufficient, as they might rely on various tricks: exact computations, error compensations, convergent iterations, and so on. Guillaume Melquiond Automating the Verification of FP Algorithms 30 / 48

  56. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Goal: compute exp x for | x | ≤ 800. Argument reduction: replace x by a value close to 0, so that exp can be approximated by a small polynomial. Guillaume Melquiond Automating the Verification of FP Algorithms 31 / 48

  57. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Goal: compute exp x for | x | ≤ 800. Argument reduction: replace x by a value close to 0, so that exp can be approximated by a small polynomial. Idea 1: use exp x = 2 k exp( x − k log 2) with k an integer. Guillaume Melquiond Automating the Verification of FP Algorithms 31 / 48

  58. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Goal: compute exp x for | x | ≤ 800. Argument reduction: replace x by a value close to 0, so that exp can be approximated by a small polynomial. Idea 1: use exp x = 2 k exp( x − k log 2) with k an integer. Issue: how to compute x − k log 2 accurately? Guillaume Melquiond Automating the Verification of FP Algorithms 31 / 48

  59. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Goal: compute exp x for | x | ≤ 800. Argument reduction: replace x by a value close to 0, so that exp can be approximated by a small polynomial. Idea 1: use exp x = 2 k exp( x − k log 2) with k an integer. Issue: how to compute x − k log 2 accurately? Idea 2: use log 2 = ℓ h + ℓ l + ε with ε close to negligible. exp x = 2 k exp(( x − k ℓ h ) − k ℓ l ) exp( − k ε ) . Guillaume Melquiond Automating the Verification of FP Algorithms 31 / 48

  60. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Goal: compute exp x for | x | ≤ 800. Argument reduction: replace x by a value close to 0, so that exp can be approximated by a small polynomial. Idea 1: use exp x = 2 k exp( x − k log 2) with k an integer. Issue: how to compute x − k log 2 accurately? Idea 2: use log 2 = ℓ h + ℓ l + ε with ε close to negligible. exp x = 2 k exp(( x − k ℓ h ) − k ℓ l ) exp( − k ε ) . Implementation: evaluate ( x − k ℓ h ) − k ℓ l with FP arithmetic. exp x = 2 k exp( ◦ ( . . . )) exp( δ − k ε ) . Guillaume Melquiond Automating the Verification of FP Algorithms 31 / 48

  61. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Goal: compute exp x for | x | ≤ 800. Argument reduction: replace x by a value close to 0, so that exp can be approximated by a small polynomial. Idea 1: use exp x = 2 k exp( x − k log 2) with k an integer. Issue: how to compute x − k log 2 accurately? Idea 2: use log 2 = ℓ h + ℓ l + ε with ε close to negligible. exp x = 2 k exp(( x − k ℓ h ) − k ℓ l ) exp( − k ε ) . Implementation: evaluate ( x − k ℓ h ) − k ℓ l with FP arithmetic. exp x = 2 k exp( ◦ ( . . . )) exp( δ − k ε ) . Issue: how much is δ ? Guillaume Melquiond Automating the Verification of FP Algorithms 31 / 48

  62. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Example (Cody-Waite argument reduction for exp, part 1) Log2h = 0xb .17217 f7d1cp -4; # 42 bits out of 53 Log2l = 0xf.79 abc9e3b398p -48; InvLog2 = 0x1 .71547652 b82fep0; k = int <ne >(rnd(x*InvLog2)); t1 rnd= x - k*Log2h; Guillaume Melquiond Automating the Verification of FP Algorithms 32 / 48

  63. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Example (Cody-Waite argument reduction for exp, part 1) Log2h = 0xb .17217 f7d1cp -4; # 42 bits out of 53 Log2l = 0xf.79 abc9e3b398p -48; InvLog2 = 0x1 .71547652 b82fep0; k = int <ne >(rnd(x*InvLog2)); t1 rnd= x - k*Log2h; Proof. 1 | x | ≤ 800, so | k | < 2048, so k fits on 11 bits. Guillaume Melquiond Automating the Verification of FP Algorithms 32 / 48

  64. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Example (Cody-Waite argument reduction for exp, part 1) Log2h = 0xb .17217 f7d1cp -4; # 42 bits out of 53 Log2l = 0xf.79 abc9e3b398p -48; InvLog2 = 0x1 .71547652 b82fep0; k = int <ne >(rnd(x*InvLog2)); t1 rnd= x - k*Log2h; Proof. 1 | x | ≤ 800, so | k | < 2048, so k fits on 11 bits. 2 ℓ h fits on 42 bits, so ◦ ( k ℓ h ) = k ℓ h . Guillaume Melquiond Automating the Verification of FP Algorithms 32 / 48

  65. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Example (Cody-Waite argument reduction for exp, part 1) Log2h = 0xb .17217 f7d1cp -4; # 42 bits out of 53 Log2l = 0xf.79 abc9e3b398p -48; InvLog2 = 0x1 .71547652 b82fep0; k = int <ne >(rnd(x*InvLog2)); t1 rnd= x - k*Log2h; Proof. 1 | x | ≤ 800, so | k | < 2048, so k fits on 11 bits. 2 ℓ h fits on 42 bits, so ◦ ( k ℓ h ) = k ℓ h . 3 ℓ − 1 ≈ InvLog2 , so x ≈ k ℓ h . h Guillaume Melquiond Automating the Verification of FP Algorithms 32 / 48

  66. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp Example (Cody-Waite argument reduction for exp, part 1) Log2h = 0xb .17217 f7d1cp -4; # 42 bits out of 53 Log2l = 0xf.79 abc9e3b398p -48; InvLog2 = 0x1 .71547652 b82fep0; k = int <ne >(rnd(x*InvLog2)); t1 rnd= x - k*Log2h; Proof. 1 | x | ≤ 800, so | k | < 2048, so k fits on 11 bits. 2 ℓ h fits on 42 bits, so ◦ ( k ℓ h ) = k ℓ h . 3 ℓ − 1 ≈ InvLog2 , so x ≈ k ℓ h . h 4 So t 1 = ◦ ( x − ◦ ( k ℓ h )) = x − k ℓ h by Sterbenz’ lemma. Guillaume Melquiond Automating the Verification of FP Algorithms 32 / 48

  67. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 2: Cody-Waite Argument Reduction for Exp @rnd = float <ieee_64 ,ne >; x = rnd(dummyx); # x is a double # Cody-Waite argument reduction Log2h = 0xb .17217 f7d1cp -4; # 42 bits out of 53 Log2l = 0xf .79 abc9e3b398p -48; InvLog2 = 0x1 .71547652 b82fep0; k = int <ne >( rnd(x*InvLog2)); t1 rnd= x - k*Log2h; t2 rnd= t1 - k*Log2l; # exact values T1 = x - k*Log2h; T2 = T1 - k*Log2l; { |x| in [0.3 , 800] -> t1 = T1 /\ T1 in [ -0.35 ,0.35] /\ t2 - T2 in ? } Log2h ~ 1/ InvLog2; # try harder! T1 $ x; Guillaume Melquiond Automating the Verification of FP Algorithms 33 / 48

  68. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 3: Itanium Division of 16-bit Unsigned Integers Intel Itanium processors have no hardware divisor. How to efficiently perform a division with just add and mul? Guillaume Melquiond Automating the Verification of FP Algorithms 34 / 48

  69. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Example 3: Itanium Division of 16-bit Unsigned Integers Intel Itanium processors have no hardware divisor. How to efficiently perform a division with just add and mul? ≈ 1 / b [ frcpa ] y 0 q 0 = ◦ ( a × y 0 ) ◦ (1 + 2 − 17 − b × y 0 ) = e 0 q 1 = ◦ ( e 0 × q 0 + q 0 ) q = ⌊ q 1 ⌋ with ◦ ( · ) rounding to nearest on the extended 82-bit format. Correctness of the division ∀ a , b ∈ [ [1; 65535] ] , q = ⌊ a / b ⌋ . Guillaume Melquiond Automating the Verification of FP Algorithms 34 / 48

  70. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Proof Sketch Theorem (Exclusion zones) Given a and b positive integers. If 0 ≤ a × ( q 1 / ( a / b ) − 1) < 1 , then ⌊ q 1 ⌋ = ⌊ a / b ⌋ . Guillaume Melquiond Automating the Verification of FP Algorithms 35 / 48

  71. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Proof Sketch Theorem (Exclusion zones) Given a and b positive integers. If 0 ≤ a × ( q 1 / ( a / b ) − 1) < 1 , then ⌊ q 1 ⌋ = ⌊ a / b ⌋ . Notice the relative error between the FP value q 1 and the real a / b . So proving the correctness is just a matter of bounding this error. Guillaume Melquiond Automating the Verification of FP Algorithms 35 / 48

  72. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Proof Sketch Continued Bounding the method error ˆ q 1 − a / b and the round-off error q 1 − ˆ q 1 and composing them does not work at all. There is some error compensation. Guillaume Melquiond Automating the Verification of FP Algorithms 36 / 48

  73. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Proof Sketch Continued Bounding the method error ˆ q 1 − a / b and the round-off error q 1 − ˆ q 1 and composing them does not work at all. There is some error compensation. What the developers knew when designing the algorithm: If not for 2 − 17 , the code would perform a Newton iteration: q 1 / ( a / b ) − 1 = − ε 2 ˆ 0 with ε 0 = y 0 / (1 / b ) − 1. By taking 2 − 17 into account, q 1 / ( a / b ) − 1 = − ε 2 0 + (1 + ε 0 ) · 2 − 17 . ˆ Guillaume Melquiond Automating the Verification of FP Algorithms 36 / 48

  74. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division The Gappa Script, as Written by a Human Example (Division of 16-bit unsigned integers on Itanium) @rnd = float <x86_80 ,ne >; # algorithm with no rounding operators q0 = a * y0; e0 = 1 + 1b -17 - b * y0; q1 = q0 + e0 * q0; # notations for relative errors eps0 = (y0 - 1 / b) / (1 / b); err = (q1 - a / b) / (a / b); { # a and b are integers @FIX(a, 0) /\ a in [1 ,65535] /\ @FIX(b, 0) /\ b in [1 ,65535] /\ # specification of frcpa @FLT(y0 , 11) /\ |eps0| <= 0.00211373 /\ # Newton’s iteration, almost err = -(eps0 * eps0) + (1 + eps0) * 1b -17 -> # the separation hypothesis is satisfied err in [0 ,1] /\ a * err in [0 ,0.99999] /\ # all the computations are exact rnd(q0) = q0 /\ rnd(e0) = e0 /\ rnd(q1) = q1 } # try harder! rnd(q1) = q1 $ 1 / b; Guillaume Melquiond Automating the Verification of FP Algorithms 37 / 48

  75. Introduction Interval+Error Advanced Gappa Conclusion Ex:Cody-Waite Ex:Division Proof Sketch, the Coq Version Lemma div_u16_spec : forall a b, (1 <= a <= 65535)%Z -> (1 <= b <= 65535)%Z -> div_u16 a b = (a / b)%Z. Proof. intros a b Ba Bb. apply Zfloor_imp. cut (0 <= b * q1 - a < 1). lra. set (err := (q1 - a / b) / (a / b)). replace (b * q1 - a) with (a * err) by field. set (y0 := frcpa b). set (Mq0 := a * y0 + 0). set (Me0 := 1 + pow2 ( -17) - b * y0). set (Mq1 := Me0 * Mq0 + Mq0). set (eps0 := (y0 - 1 / b) / (1 / b)). assert ((Mq1 - a / b) / (a / b) = -(eps0 * eps0) + (1 + eps0) * pow2 ( -17)) by field. generalize (frcpa_spec b) ( FIX_format_Z2R radix2 a) ( FIX_format_Z2R radix2 b). gappa. Qed. Guillaume Melquiond Automating the Verification of FP Algorithms 38 / 48

  76. Introduction Interval+Error Advanced Gappa Conclusion Properties Process Theorems Outline Introduction 1 Interval arithmetic and forward error analysis 2 Dealing with more intricate algorithms 3 The Gappa tool 4 Supported properties Proof process Theorem database Conclusion 5 Guillaume Melquiond Automating the Verification of FP Algorithms 39 / 48

  77. Introduction Interval+Error Advanced Gappa Conclusion Properties Process Theorems A Few Words About Gappa Starting from a formula, Gappa saturates a set of theorems to infer new properties until it encounters a contradiction. Guillaume Melquiond Automating the Verification of FP Algorithms 40 / 48

  78. Introduction Interval+Error Advanced Gappa Conclusion Properties Process Theorems A Few Words About Gappa Starting from a formula, Gappa saturates a set of theorems to infer new properties until it encounters a contradiction. Supported properties BND ( x , I ) ≡ x ∈ I ABS ( x , I ) ≡ | x | ∈ I REL ( x , y , I ) ≡ ∃ ε ∈ I , x = y · (1 + ε ) x = m · 2 e FIX ( x , e ) ≡ ∃ m ∈ Z , x = m · 2 e ∧ | m | < 2 p FLT ( x , p ) ≡ ∃ m , e ∈ Z , NZR ( x ) ≡ x � = 0 EQL ( x , y ) ≡ x = y Guillaume Melquiond Automating the Verification of FP Algorithms 40 / 48

  79. Introduction Interval+Error Advanced Gappa Conclusion Properties Process Theorems A Few Words About Gappa Starting from a formula, Gappa saturates a set of theorems to infer new properties until it encounters a contradiction. Supported properties BND ( x , I ) ≡ x ∈ I ABS ( x , I ) ≡ | x | ∈ I REL ( x , y , I ) ≡ ∃ ε ∈ I , x = y · (1 + ε ) x = m · 2 e FIX ( x , e ) ≡ ∃ m ∈ Z , x = m · 2 e ∧ | m | < 2 p FLT ( x , p ) ≡ ∃ m , e ∈ Z , NZR ( x ) ≡ x � = 0 EQL ( x , y ) ≡ x = y To prove div u16, Gappa tried to apply 17k theorems. The final proof infers ∼ 80 properties. Guillaume Melquiond Automating the Verification of FP Algorithms 40 / 48

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms 1 Formal verification of floating-point algorithms John Harrison Intel Corporation Floating point algorithm verification HOL Light Floating point numbers and formats HOL floating

636 views • 28 slides
Formal Verification Methods 5: Floating-point verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating-point verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating-point verification John Harrison Intel Corporation Marktoberdorf 2003 Mon 4th August 2003 (10:35 11:20) 0 Summary Itanium overview Floating point numbers and Itanium formats HOL floating

532 views • 20 slides
Formal Proofs of Floating-Point Algorithms John Harrison Intel Corporation SCAN 2010 28th

Formal Proofs of Floating-Point Algorithms John Harrison Intel Corporation SCAN 2010 28th

Formal Proofs of Floating-Point Algorithms John Harrison Intel Corporation SCAN 2010 28th September 2010 0 Overview Formal verification and theorem proving Formalizing floating-point arithmetic Square root example Reciprocal

534 views • 42 slides
Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating Point Verification Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation Itanium overview HOL overview Floating point numbers and Itanium formats HOL

591 views • 21 slides
Formal verification of floating point trigonometric functions John Harrison Intel Corporation

Formal verification of floating point trigonometric functions John Harrison Intel Corporation

Formal verification of floating point trigonometric functions 1 Formal verification of floating point trigonometric functions John Harrison Intel Corporation Levels of verification HOL Light Theories of reals and floating point

268 views • 14 slides
Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal

Formal Verification of Floating-Point Arithmetic 1 Formal Verification of Floating-Point Arithmetic John Harrison Intel Corporation Formal verification Machine-checked proof Automatic and interactive approaches HOL Light

539 views • 19 slides
Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation Capital Normal University 13th October 2012 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point

971 views • 73 slides
Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

ECE 0142 Computer Organization Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur floating-point programming. Floating point greatly simplifies working with large (e.g., 2 70 ) and small (e.g., 2 -17 )

638 views • 30 slides
Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th

Floating-Point Verification by Theorem Proving John Harrison Intel Corporation SFM-06:HV 27th May 2006 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point arithmetic Division

1.14k views • 86 slides
Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com

Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com

Formal verification of floating-point arithmetic at Intel John Harrison johnh@ichips.intel.com JNAO 2nd June 2006 0 Overview Computer arithmetic bugs Formal verification and theorem proving Floating-point arithmetic Square

843 views • 37 slides
Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64

Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64

Formal verification of IA-64 division algorithms 1 Formal verification of IA-64 division algorithms John Harrison Intel Corporation IA-64 overview Quick introduction to HOL Light Floating point numbers and IA-64 formats HOL

451 views • 19 slides
Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point operations and rounding Lessons for programmers Many more details we will skip (its a 58-page standard) See CSAPP 2.4 for more detail. 1

381 views • 15 slides
Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

Scope of my researches Approximation theory Polynomial approximation with floating-point numbers Lattices and LLL algorithm A concrete case Conclusion Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

1.17k views • 101 slides
15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics

15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics

15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics IEEE Floating Point Standard Rounding Floating Point Operations Mathematical properties class03.ppt 15-213, F06 Floating Point

1.03k views • 34 slides
Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations !

Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations !

Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations ! Mathematical properties Next time ! The machine model Chris Riesbeck, Fall 2011 Monday, October 3, 2011 Checkpoint Monday, October 3, 2011 IEEE

1.07k views • 28 slides
2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point

2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point

2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point standard: Definition Floating Point Example and properties Rounding, addition, multiplication CSci 2021: Machine Architecture and

411 views • 7 slides
Towards an Optimizing Compiler for Numerical Kernels joint work with: Heiko Becker, Anastasiia

Towards an Optimizing Compiler for Numerical Kernels joint work with: Heiko Becker, Anastasiia

Photo by Sebastian Bruggisser Towards an Optimizing Compiler for Numerical Kernels joint work with: Heiko Becker, Anastasiia Izycheva, Debasmita Lohar, Viktor Kuncak, Magnus Myreen, Sylvie Putot, Eric Goubault, Helmut Seidl Eva Darulova

849 views • 51 slides
Number representation A number can be represented in binary in many ways. The most common number

Number representation A number can be represented in binary in many ways. The most common number

Number representation A number can be represented in binary in many ways. The most common number types to be represented are: Integers, positive integers one's complement, two's complement, sign-magnitude Decimal numbers with fixed

1k views • 67 slides
Variable precision computing: Applications and challenges David H. Bailey Lawrence Berkeley

Variable precision computing: Applications and challenges David H. Bailey Lawrence Berkeley

Variable precision computing: Applications and challenges David H. Bailey Lawrence Berkeley Natlional Laboratory (retired) University of California, Davis, Department of Computer Science This talk is available at:

525 views • 29 slides
Fixed and Floating-point Numbers Eric McCreath Fractional binary numbers Remember how the

Fixed and Floating-point Numbers Eric McCreath Fractional binary numbers Remember how the

Fixed and Floating-point Numbers Eric McCreath Fractional binary numbers Remember how the meaning of the digits in a binary number is defined: Note the binary radix point For example, the binary number: means 2 Binary Converting a

449 views • 7 slides
Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter

Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter

Optimizing MPC for robust and scalable integer and floating-point arithmetic Liisi Kerik * Peeter Laud * Jaak Randmets * * Cybernetica AS University of Tartu, Institute of Computer Science January 30, 2016 Introduction Secure

588 views • 23 slides
Interest Rate Hedging Best Practices &amp; Pitfalls to Avoid March 14, 2017 @ SVAFP &amp;

Interest Rate Hedging Best Practices &amp; Pitfalls to Avoid March 14, 2017 @ SVAFP &amp;

3/16/2017 Interest Rate Hedging Best Practices &amp; Pitfalls to Avoid March 14, 2017 @ SVAFP &amp; INTEREST RATE Ruth Hardie rhardie@hedgetrackers.com 1 3/16/2017 Agenda Risk Mitigation Scenarios focused on Fixing variable

454 views • 16 slides
DNN Model and Hardware Co-Design ISCA Tutorial (2017) Website:

DNN Model and Hardware Co-Design ISCA Tutorial (2017) Website:

DNN Model and Hardware Co-Design ISCA Tutorial (2017) Website: http://eyeriss.mit.edu/tutorial.html Joel Emer, Vivienne Sze, Yu-Hsin Chen, Tien-Ju Yang 1 Approaches Reduce size of operands for storage/compute Floating point Fixed

458 views • 25 slides
EX and Professor William Kahan (Berkeley) Extending T EX and Floating-Point Arithmetic AF

EX and Professor William Kahan (Berkeley) Extending T EX and Floating-Point Arithmetic AF

Dedication MET Professor Donald Knuth (Stanford) MET AF ONT with EX and Professor William Kahan (Berkeley) Extending T EX and Floating-Point Arithmetic AF Nelson H. F. Beebe ONT Department of Mathematics T University of Utah Salt Lake

624 views • 8 slides

More recommend