A unified Coq framework for verifying C programs with floating-point computations

We provide concrete evidence that floating-point computations in C programs can be verified in a homogeneous verification setting based on Coq only, by evaluating the practicality of the combination of the formal semantics of CompCert Clight and the Flocq formal specification of IEEE 754 floating-point arithmetic for the verification of properties of floating-point computations in C programs. To this end, we develop a framework to automatically compute real-number expressions of C floating-point computations with rounding error terms along with their correctness proofs. We apply our framework to the complete analysis of an energy-efficient C implementation of a radar image processing algorithm, for which we provide a certified bound on the total noise introduced by floating-point rounding errors and energy-efficient approximations of square root and sine.

[1]  Xavier Leroy,et al.  A Formally-Verified C Static Analyzer , 2015, POPL.

[2]  Pat H. Sterbenz,et al.  Floating-point computation , 1973 .

[3]  Mehrdad Soumekh,et al.  Synthetic Aperture Radar Signal Processing with MATLAB Algorithms , 1999 .

[4]  Guillaume Melquiond Proving Bounds on Real-Valued Functions with Computations , 2008, IJCAR.

[5]  W. Kenneth Jenkins,et al.  Convolution backprojection image reconstruction for spotlight mode synthetic aperture radar , 1992, IEEE Trans. Image Process..

[6]  Eric Goubault,et al.  Towards an Industrial Use of FLUCTUAT on Safety-Critical Avionics Software , 2009, FMICS.

[7]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[8]  Jean-Michel Muller,et al.  Elementary Functions: Algorithms and Implementation , 1997 .

[9]  Guillaume Melquiond,et al.  Journal of Automated Reasoning manuscript No. (will be inserted by the editor) Wave Equation Numerical Resolution: a Comprehensive Mechanized Proof of a C Program , 2022 .

[10]  Guillaume Melquiond,et al.  Verified Compilation of Floating-Point Computations , 2014, Journal of Automated Reasoning.

[11]  Guillaume Melquiond,et al.  De l'arithmétique d'intervalles à la certification de programmes. (From interval arithmetic to program verification) , 2006 .

[12]  Xavier Leroy,et al.  Mechanized Semantics for the Clight Subset of the C Language , 2009, Journal of Automated Reasoning.

[13]  Andrew W. Appel,et al.  Verified Correctness and Security of OpenSSL HMAC , 2015, USENIX Security Symposium.

[14]  Guillaume Melquiond,et al.  Combining Coq and Gappa for Certifying Floating-Point Programs , 2009, Calculemus/MKM.

[15]  Nicolas Brisebarre,et al.  Rigorous Polynomial Approximation Using Taylor Models in Coq , 2012, NASA Formal Methods.

[16]  Chucky Ellison,et al.  An executable formal semantics of C with applications , 2011, POPL '12.

[17]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[18]  W AppelAndrew Verification of a Cryptographic Primitive , 2015 .

[19]  Eric Goubault,et al.  Static Analysis of Numerical Algorithms , 2006, SAS.

[20]  Andrew W. Appel,et al.  Program Logics for Certified Compilers , 2014 .

[21]  Nicholas J. Higham,et al.  The Accuracy of Floating Point Summation , 1993, SIAM J. Sci. Comput..

[22]  Stephen P. Boyd,et al.  Convex Optimization , 2004, Algorithms and Theory of Computation Handbook.

[23]  Mikhail Smelyanskiy,et al.  Efficient backprojection-based synthetic aperture radar computation with many-core processors , 2012, 2012 International Conference for High Performance Computing, Networking, Storage and Analysis.

[24]  Jos F. Sturm,et al.  A Matlab toolbox for optimization over symmetric cones , 1999 .

[25]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[26]  Andrew W. Appel,et al.  Verification of a Cryptographic Primitive: SHA-256 , 2015, TOPL.

[27]  James Demmel,et al.  IEEE Standard for Floating-Point Arithmetic , 2008 .

[28]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[29]  William Kahan,et al.  Pracniques: further remarks on reducing truncation errors , 1965, CACM.

[30]  Guillaume Melquiond,et al.  Flocq: A Unified Library for Proving Floating-Point Algorithms in Coq , 2011, 2011 IEEE 20th Symposium on Computer Arithmetic.

[31]  Christoph Quirin Lauter,et al.  Sollya: An Environment for the Development of Numerical Codes , 2010, ICMS.