Abstract. Sollya has become a mature tool for the development of numerical software. With about 175 built-in algorithms and a broad extensibility, it offers a complete tool-chain for fixed-and floating-point software and hardware design. Its features include on-the-fly faithful rounding, specialized approximation algorithms and extensive support for floating-point code generation.
High confidence in floating-point programs requires proving numerical properties of final and intermediate values.One may need to guarantee that a value stays within some range, or that the error relative to some ideal value is well bounded. Such work may require several lines of proof for each line of code, and will usually be broken by the smallest change to the code (e.g. for maintenance or optimization purpose). Certifying these programs by hand is therefore very tedious and error-prone. This article discusses the use of the Gappa proof assistant in this context. Gappa has two main advantages over previous approaches: Its input format is very close to the actual C code to validate, and it automates error evaluation and propagation using interval arithmetic. Besides, it can be used to incrementally prove complex mathematical properties pertaining to the C code. Yet it does not require any specific knowledge about automatic theorem proving, and thus is accessible to a wide community. Moreover, Gappa may generate a formal proof of the results that can be checked independently by a lower-level proof assistant like Coq, hence providing an even higher confidence in the certification of the numerical code. The article demonstrates the use of this tool on a real-size example, an elementary function with correctly rounded output.
The implementation of a correctly rounded or interval elementary function needs to be proven carefully in the very last details. The proof requires a tight bound on the overall error of the implementation with respect to the mathematical function. Such work is function specific, concerns tens of lines of code for each function, and will usually be broken by the smallest change to the code (e.g. for maintenance or optimization purpose). Therefore, it is very tedious and error-prone if done by hand. This article discusses the use of the Gappa proof assistant in this context. Gappa has two main advantages over previous approaches: Its input format is very close to the actual C code to validate, and it automates error evaluation and propagation using interval arithmetic. Besides, it can be used to incrementally prove complex mathematical properties pertaining to the C code. Yet it does not require any specific knowledge about automatic theorem proving, and thus is accessible to a wider community. Moreover, Gappa may generate a formal proof of the results that can be checked independently by a lowerlevel proof assistant like Coq, hence providing an even higher confidence in the certification of the numerical code.
This article is a case study in the implementation of a portable, proven and efficient correctly rounded elementary function in double-precision. We describe the methodology used to achieve these goals in the crlibm library. There are two novel aspects to this approach. The first is the proof framework, and in general the techniques used to balance performance and provability. The second is the introduction of processor-specific optimizations to get performance equivalent to the best current mathematical libraries, while trying to minimize the proof work. The implementation of the natural logarithm is detailed to illustrate these questions.Keywords: floating-point, elementary functions, logarithm, correct rounding Résumé Cet article montre comment implémenter une fonctionélémentaire efficace avec arrondi correct prouvé en double-précision. La méthodologie employée dans ce but par la bibliothèque crlibm présente deux aspects novateurs. Le premier concerne la preuve de l'arrondi correct, et plus généralement les techniques employées pour gérer les compromis entre performance et facilité de preuve. Le second est l'utilisation d'optimisations utilisant des caractéristiques les plus avancées des processeurs, ce qui permet d'obtenir une performanceéquivalente aux meilleures implémentations existantes. L'implémentation du logarithme népérien est décrite en détailà titre d'illustration. Mots-clés: virgule flottante, fonctionsélémentaires, logarithme, arrondi correctFast and correctly rounded logarithms in double-precision 1
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.