Approximating floating-point operations to verify numerical programs∗

The verification of programs performing floating-point computations is a key issue in the development of critical software. Reasoning on floatingpoint computations is a tricky task that requires dedicated tools: floatingpoint arithmetic is not correctly handled by solvers over the reals. Several methods have been developed in order to verify programs working with floating-point numbers. Some of them misinterpret the floatingpoint numbers as fixed point numbers [2], which is far from being safe. Others try to ensure the absence of runtime errors by over-approximating floating-point computations [3]. The late method is safe, but unfortunately rejects many valid programs. We rely on constraint programming techniques to generate test cases [5] or to verify the conformity of a program with its specification [6]. Constraint programming offers many benefits like the capability to deduce information from partially instantiated problems or to exhibit (counter)examples. Floating-point constraint solvers are available [4] but have some difficulties to handle large pieces of software. Part of these limitations roots in the poorness of floating-point arithmetic. That is why we introduce here a new method to solve constraints over the floating-point numbers which takes advantage of solvers over the reals. The basic idea is to build safe but tight approximations over the reals of the floatingpoint operations. To ensure the tightness of the approximations, each floating-point operation is approximated according to its rounding mode. For example, assume that x and y are positive normalized floating-point numbers, then the floating-point addition x⊕ y with a rounding mode set to −∞, is bounded by α× (x+ y) < x⊕ y ≤ x+ y where α = 1 1 + 2−p+1 and p is the size of the significant. Approximations for special cases have also been refined, e.g., for the addition with a rounding mode set to zero, or for the multiplication by a constant. Thanks to these approximations, a problem over the floating-point numbers is translated into a set of constraints over the reals. This set of ∗This work was partially supported by the ANR-07-SESUR-003 project CAVERN.