Verified Compilation of Floating-Point Computations

Floating-point arithmetic is known to be tricky: roundings, formats, exceptional values. The IEEE-754 standard was a push towards straightening the field and made formal reasoning about floating-point computations easier and flourishing. Unfortunately, this is not sufficient to guarantee the final result of a program, as several other actors are involved: programming language, compiler, and architecture. The CompCert formally-verified compiler provides a solution to this problem: this compiler comes with a mathematical specification of the semantics of its source language (a large subset of ISO C99) and target platforms (ARM, PowerPC, x86-SSE2), and with a proof that compilation preserves semantics. In this paper, we report on our recent success in formally specifying and proving correct CompCert’s compilation of floating-point arithmetic. Since CompCert is verified using the Coq proof assistant, this effort required a suitable Coq formalization of the IEEE-754 standard; we extended the Flocq library for this purpose. As a result, we obtain the first formally verified compiler that provably preserves the semantics of floating-point programs.

[1]  Xuejun Yang,et al.  Finding and understanding bugs in C compilers , 2011, PLDI '11.

[2]  Akinori Yonezawa,et al.  Proving Compiler Correctness in a Mechanized Logic R. Milner and R. Weyhrauch , 1974 .

[3]  Paul S. Miner,et al.  Specification of the ieee-854 floating-point standard in hol and pvs , 1995 .

[4]  Josef Stoer,et al.  Numerische Mathematik 1 , 1989 .

[5]  Sylvie Boldo,et al.  Hardware-independent Proofs of Numerical Programs , 2010, NASA Formal Methods.

[6]  Pat H. Sterbenz,et al.  Floating-point computation , 1973 .

[7]  Guillaume Melquiond,et al.  Emulation of a FMA and Correctly Rounded Sums: Proved Algorithms Using Rounding to Odd , 2008, IEEE Transactions on Computers.

[8]  William D. Clinger How to read floating point numbers accurately , 1990, PLDI '90.

[9]  Sylvie Boldo,et al.  Preuves formelles en arithmétiques à virgule flottante , 2004 .

[10]  Peter L. Montgomery,et al.  Division by invariant integers using multiplication , 1994, PLDI '94.

[11]  T. J. Dekker,et al.  A floating-point technique for extending the available precision , 1971 .

[12]  Patrick Cousot,et al.  The ASTR ´ EE Analyzer , 2005 .

[13]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[14]  Jean-Michel Muller,et al.  Accelerating correctly rounded floating-point division when the divisor is known in advance , 2004, IEEE Transactions on Computers.

[15]  James Demmel,et al.  IEEE Standard for Floating-Point Arithmetic , 2008 .

[16]  David M. Russinoff A Mechanically Checked Proof of IEEE Compliance of the Floating Point Multiplication, Division and Square Root Algorithms of the AMD-K7™ Processor , 1998, LMS J. Comput. Math..

[17]  Jean-Michel Muller,et al.  Handbook of Floating-Point Arithmetic (2nd Ed.) , 2018 .

[18]  Sylvie Boldo,et al.  Proofs of numerical programs when the compiler optimizes , 2011, Innovations in Systems and Software Engineering.

[19]  Eric Goubault,et al.  Towards an Industrial Use of FLUCTUAT on Safety-Critical Avionics Software , 2009, FMICS.

[20]  John Harrison,et al.  A Machine-Checked Theory of Floating Point Arithmetic , 1999, TPHOLs.

[21]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[22]  Guillaume Melquiond,et al.  Flocq: A Unified Library for Proving Floating-Point Algorithms in Coq , 2011, 2011 IEEE 20th Symposium on Computer Arithmetic.

[23]  Jean-Christophe Filliâtre,et al.  Formal Verification of Floating-Point Programs , 2007, 18th IEEE Symposium on Computer Arithmetic (ARITH '07).

[24]  Amey Karkare,et al.  Heap reference analysis using access graphs , 2006, ACM Trans. Program. Lang. Syst..

[25]  Samuel A. Figueroa,et al.  When is double rounding innocuous? , 1995, SGNM.

[26]  Magnus O. Myreen Formal verification of machine-code programs , 2011 .

[27]  Gary T. Leavens,et al.  Not a Number of Floating Point Problems , 2006, J. Object Technol..

[28]  Claude Marché,et al.  Multi-Prover Verification of Floating-Point Programs , 2010, IJCAR.

[29]  Arnault Ioualalen,et al.  A New Abstract Domain for the Representation of Mathematically Equivalent Expressions , 2012, SAS.

[30]  Siegfried M. Rump,et al.  Accurate Floating-Point Summation Part I: Faithful Rounding , 2008, SIAM J. Sci. Comput..

[31]  John Harrison,et al.  Formal Verification of Floating Point Trigonometric Functions , 2000, FMCAD.

[32]  William J. Dally,et al.  The GPU Computing Era , 2010, IEEE Micro.

[33]  Guodong Li,et al.  Structure of a Proof-Producing Compiler for a Subset of Higher Order Logic , 2007, ESOP.

[34]  J. Strother Moore,et al.  A mechanically verified language implementation , 1989, Journal of Automated Reasoning.