Reseña: Contributions to the formal verification of arithmetic algorithms

PorJosé A. Alonso

El pasado mes de septiembre se presentó una tesis sobre verificación formal con Coq titulada Contributions to the formal verification of arithmetic algorithms.

Su autor es Érik Martin-Dorel, dirigido por Micaela Mayero y Jean-Michel Muller.

Su resumen es

The Floating-Point (FP) implementation of a real-valued function is performed with correct rounding if the output is always equal to the rounding of the exact value, which has many advantages. But for implementing a function with correct rounding in a reliable and efficient manner, one has to solve the “Table Maker’s Dilemma” (TMD). Two sophisticated algorithms (L and SLZ) have been designed to solve this problem, relying on some long and complex calculations that are performed by some heavily-optimized implementations. Hence the motivation to provide strong guarantees on these costly pre-computations. To this end, we use the Coq proof assistant. First, we develop a library of “Rigorous Polynomial Approximation”, allowing one to compute an approximation polynomial and an interval that bounds the approximation error in Coq. This formalization is a key building block for verifying the first step of SLZ, as well as the implementation of a mathematical function in general (with or without correct rounding). Then we have implemented, formally verified and made effective 3 interrelated certificates checkers in Coq, whose correctness proof derives from Hensel’s lemma that we have formalized for both univariate and bivariate cases. In particular, our “ISValP verifier” is a key component for formally verifying the results generated by SLZ. Then, we have focused on the mathematical proof of “augmented-precision” FP algorithms for the square root and the Euclidean 2D norm. We give some tight lower bounds on the minimum non-zero distance between sqrt(x²+y²) and a midpoint, allowing one to solve the TMD for this bivariate function. Finally, the “double-rounding” phenomenon can typically occur when several FP precision are available, and may change the behavior of some usual small FP algorithms. We have formally verified in Coq a set of results describing the behavior of the Fast2Sum algorithm with double-roundings.

Las transparencias usadas en la presentación se encuentran aquí.

Reseña: The Boyer-Moore waterfall model revisited

PorJosé A. Alonso

Uno de los problemas fundamentales dentro del campo del razonamiento automático es la automatización de la inducción. El método fundamental para automatizar la inducción es el de la cascada presentado por Robert S. Boyer y J S. Moore en su libro A Computational Logic e integrado en sus sistemas Nqthm y ACL2.

En el trabajo The Boyer-Moore waterfall model revisited se presenta una implementación del modelo de Boyer-Moore en el sistema HOL Light.

Sus autores son Petros Papapanagiotou y Jacques Fleuriot (de la Universidad de Edimburgo).

Su resumen es

In this paper, we investigate the potential of the Boyer-Moore waterfall model for the automation of inductive proofs within a modern proof assistant. We analyze the basic concepts and methodology underlying this 30-year-old model and implement a new, fully integrated tool in the theorem prover HOL Light that can be invoked as a tactic. We also describe several extensions and enhancements to the model. These include the integration of existing HOL Light proof procedures and the addition of state-of-the-art generalization techniques into the waterfall. Various features, such as proof feedback and heuristics dealing with non-termination, that are needed to make this automated tool useful within our interactive setting are also discussed. Finally, we present a thorough evaluation of the approach using a set of 150 theorems, and discuss the effectiveness of our additions and relevance of the model in light of our results.

El trabajo es una extensión de la Tesis de Máster de Petros Papapanagiotou titulada On the automation of inductive proofs in HOL
Light y sirve como lectura complementaria en el curso Automated Reasoning (2012-13) de la Universidad de Edimburgo. Las transparencias del correspondiente tema del curso son Inductive theorem proving.

Reseña: A formally-verified C compiler supporting floating-point arithmetic

PorJosé A. Alonso

Uno de los principales problemas en la verificación de programas consiste en verificación de propiedades de programas con aritmética flotante. Un avance en dicho problema es el reciente trabajo A formally-verified C compiler supporting floating-point arithmetic.

Sus autores son Sylvie Boldo, Jacques-Henri Jourdan, Xavier Leroy y Guillaume Melquiond.

Su resumen es

Floating-point arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE-754 standard was a push towards straightening the field and made formal reasoning about floating-point computations possible. Unfortunately, this is not sufficient to guarantee the final result of a program, as several other actors are involved: programming language, compiler, architecture. The CompCert formally-verified compiler provides a solution to this problem: this compiler comes with a mathematical specification of the semantics of its source language (ISO C90) and target platforms (ARM, PowerPC, x86-SSE2), and with a proof that compilation preserves semantics. In this paper, we report on our recent success in formally specifying and proving correct CompCert’s compilation of floating-point arithmetic. Since CompCert is verified using the Coq proof assistant, this effort required a suitable Coq formalization of the IEEE-754 standard; we extended the Flocq library for this purpose. As a result, we obtain the first formally verified compiler that provably preserves the semantics of floating-point programs.

El trabajo está integrado en la versión 1.12 de CompCert que se encuentra aquí.

Reseña: Proof pearl – A mechanized proof of GHC’s mergesort

PorJosé A. Alonso

Se publicado un artículo de verificación en Iabelle/HOL titulado Proof pearl – A mechanized proof of GHC’s mergesort.

Su autor es Christian Sternagel (de la Univ. de la Univ. de Insbruck).

Su resumen es

We present our Isabelle/HOL formalization of GHC’s sorting algorithm for lists, proving its correctness and stability. This constitutes another example of applying a state-of-the-art poof assistant to real-world code. Furthermore, it allows users to take advantage of the formalized algorithm in generated code.

La librería estándard de GHC (The Glasgow Haskell Compiler) tiene un algoritmo de ordenación, que es una variante de la ordenación por mezcla. El objetivo del trabajo es la verificación de dicho algortimo en Isabelle/HOL, demostrando su corrección y estabilidad.

La principal característica de este trabajo es la verificación de programas eficientes. El método empleado tiene tres pasos:

  1. formalizar variantes del algoritmo que faciliten la demostración y probar todas las propiedades deseadas;
  2. formalizar variantes eficientes del algoritmo y probar su equivalencia y
  3. usar la generación de código y obtener un programa eficiente del que se tiene garantía que satisface todas las propiedades que se probaron en la formalización inicial.

La formalización es pequeña (menos de 400 líneas de código) y la mayoría de las demostraciones son automáticas. Este éxito se basa en dos principios: la generalización de los conceptos y la definición de esquemas de inducción.

El código en Isabelle/HOL de la teoría correspondiente al trabajo se encuentra en The Archive of Formal Proofs.

Confluence by decreasing diagrams – Formalized

PorJosé A. Alonso

Se ha publicado un trabajo de formalización de sistemas de reescritura en Isabelle/HOL titulado Confluence by decreasing diagrams – formalized.

Su autor es Harald Zankl (de la Universidad de Insbruck, Austria).

Su resumen es

Decreasing diagrams are a complete characterization of confluence for abstract rewrite systems whose convertibility classes are countable. In this paper we present a formalization of decreasing diagrams in the theorem prover Isabelle. The main contribution is a formal proof that any locally decreasing abstract rewrite system is confluent.

Las teorías Isabelle/HOL correspondiente al trabajo se encuentran aquí.