Motivation Floating-point arithmetic is efficient, but FP numbers have a limited range (→ exceptional behaviors), a limited precision (→ inaccurate results).
Gappa is a tool designed to formally verify the correctness of numerical software and hardware. It uses interval arithmetic and forward error analysis to bound mathematical expressions that involve rounded as well as exact operators. It then generates a theorem and its proof for each verified enclosure. This proof can be automatically checked with a proof… (More)
A plane flying at 250 knots and with a bank angle of 35 • has a turn rate of at least 3 • each second: 3π 180 ≤ g v tan 35π 180 , where g = 9.8m/s 2 and v = 250 514 1000 m/s. A plane flying at 250 knots and with a bank angle of 35 • has a turn rate of at least 3 • each second: 3π 180 ≤ g v tan 35π 180 , where g = 9.8m/s 2 and v = 250 514 1000 m/s. This… (More)
—Several formalizations of floating-point arithmetic have been designed for the Coq system, a generic proof assistant. Their different purposes have favored some specific applications: program verification, high-level properties, automation. Based on our experience using and/or developing these libraries, we have built a new system that is meant to… (More)
We present the design of the Boost interval arithmetic library, a C++ library designed to efficiently handle mathematical intervals in a generic way. Interval computations are an essential tool for reliable computing. Increasingly a number of mathematical proofs have relied on global optimization problems solved using branch-and-bound algorithms with… (More)
We formally prove correct a C program that implements a numerical scheme for the resolution of the one-dimensional acoustic wave equation. Such an implementation introduces errors at several levels: the numerical scheme introduces method errors, and floating-point computations lead to round-off errors. We annotate this C program to specify both method error… (More)
Many general purpose processors (including Intel's) may not always produce the correctly rounded result of a floating-point operation due to double rounding. Instead of rounding the value to the working precision, the value is first rounded in an intermediate extended precision and then rounded in the working precision; this often means a loss of accuracy.… (More)
The implementation of a correctly rounded or interval elementary function needs to be proven carefully in the very last details. The proof requires a tight bound on the overall error of the implementation with respect to the mathematical function. Such work is function specific, concerns tens of lines of code for each function, and will usually be broken by… (More)