Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul - - PowerPoint PPT Presentation

verifying bit manipulations
SMART_READER_LITE
LIVE PREVIEW

Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul - - PowerPoint PPT Presentation

Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken Stanford University PLDI 2016 This Talk Example: mathematical specification Goal: Bound the difference between spec and implementation


slide-1
SLIDE 1

Verifying Bit-Manipulations

  • f Floating-P
  • int

Wonyeol Lee

Rahul Sharma Alex Aiken Stanford University PLDI 2016

slide-2
SLIDE 2

This Talk

  • Example:
  • Goal:

Bound the difference between spec and implementation

  • Key contribution:

Verify binaries that mix floating-point and bit- level operations

  • 𝑓𝑦

mathematical specification

2

slide-3
SLIDE 3

This Talk

  • Example:
  • Goal:

Bound the difference between spec and implementation

  • Key contribution:

Verify binaries that mix floating-point and bit- level operations

  • 𝑓𝑦

floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification

3

slide-4
SLIDE 4

This Talk

  • Example:
  • Goal:

Bound the difference between spec and implementation

  • Key contribution:

Verify binaries that mix floating-point and bit- level operations

𝑓𝑦

floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification

4

slide-5
SLIDE 5

This Talk

  • Example:
  • Goal:

Bound the difference between spec and implementation

  • Key contribution:

Verify binaries that mix floating-point and bit- level operations

how different?

𝑓𝑦

floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification

5

slide-6
SLIDE 6

This Talk

  • Example:
  • Goal:

Bound the difference between spec and implementation

  • Key contribution:

Verify binaries that mix floating-point and bit- level operations

how different?

𝑓𝑦

floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification

6

slide-7
SLIDE 7

This Talk

  • Example:
  • Goal:

Bound the difference between spec and implementation

  • Key contribution:

Verify binaries that mix floating-point and bit- level operations

how different?

𝑓𝑦

floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification

7

slide-8
SLIDE 8

This Talk

  • Example:
  • Goal:

Bound the difference between spec and implementation

  • Key contribution:

Verify binaries that mix floating-point and bit- level operations

how different?

𝑓𝑦

floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification

8

slide-9
SLIDE 9
  • Example:
  • Automatic reasoning about floating-point is not easy
  • have rounding errors
  • d
  • Associativity:

1 + 1030 − 1030 = 1 ≠ 0 = (1 + 1030) − 1030

  • It becomes much harder if bit-level operations are used

Floating-P

  • int Numbers

9

1 01111111111 1100⋯00 (2) = −1 1 ∙ 21023−1023 ∙ 1.110 ⋯ 00(2)

slide-10
SLIDE 10
  • Example:
  • Automatic reasoning about floating-point is not easy
  • have rounding errors
  • d
  • Associativity:

1 + 1030 − 1030 = 1 ≠ 0 = (1 + 1030) − 1030

  • It becomes much harder if bit-level operations are used

Floating-P

  • int Numbers

10

1 01111111111 1100⋯00 (2) = −1 1 ∙ 21023−1023 ∙ 1.110 ⋯ 00(2)

slide-11
SLIDE 11
  • Example:
  • Automatic reasoning about floating-point is not easy
  • have rounding errors
  • d
  • Associativity:

1 + 1030 − 1030 = 1 ≠ 0 = (1 + 1030) − 1030

  • It becomes much harder if bit-level operations are used

Floating-P

  • int Numbers

11

1 01111111111 1100⋯00 (2) = −1 1 ∙ 21023−1023 ∙ 1.110 ⋯ 00(2)

slide-12
SLIDE 12

Bit-Level Operations

  • Example:

Given 𝑂 (in int), compute 2𝑂 (in double)

  • Such bit-manipulations are ubiquitous in highly optimized

floating-point implementations

  • If a code mixes floating-point and bit-level operations,

reasoning about the code is difficult

12

slide-13
SLIDE 13

Bit-Level Operations

  • Example:

Given 𝑂 (in int), compute 2𝑂 (in double)

  • Such bit-manipulations are ubiquitous in highly optimized

floating-point implementations

  • If a code mixes floating-point and bit-level operations,

reasoning about the code is difficult

1 [int] 2𝑂 [int] 2𝑂 [double]

bit-shifting by 𝑂 converting from int to double here 𝑂 = 10

13

slide-14
SLIDE 14

Bit-Level Operations

  • Example:

Given 𝑂 (in int), compute 2𝑂 (in double)

  • Such bit-manipulations are ubiquitous in highly optimized

floating-point implementations

  • If a code mixes floating-point and bit-level operations,

reasoning about the code is difficult

1 [int] 2𝑂 [int] 2𝑂 [double]

bit-shifting by 𝑂 converting from int to double here 𝑂 = 10

14

expensive

slide-15
SLIDE 15

Bit-Level Operations

  • Example:

Given 𝑂 (in int), compute 2𝑂 (in double)

  • Such bit-manipulations are ubiquitous in highly optimized

floating-point implementations

  • If a code mixes floating-point and bit-level operations,

reasoning about the code is difficult

works only for 0 ≤ 𝑂 ≤ 31

1 [int] 2𝑂 [int] 2𝑂 [double]

bit-shifting by 𝑂 converting from int to double here 𝑂 = 10

15

expensive

slide-16
SLIDE 16

Bit-Level Operations

  • Example:

Given 𝑂 (in int), compute 2𝑂 (in double)

  • Such bit-manipulations are ubiquitous in highly optimized

floating-point implementations

  • If a code mixes floating-point and bit-level operations,

reasoning about the code is difficult

integer addition bit-shifting by 52

𝑂 [int] 𝑂 + 1023 [int] 00 ⋯ 0 [52 bits]

[12 bits]

works only for 0 ≤ 𝑂 ≤ 31

1 [int] 2𝑂 [int] 2𝑂 [double]

bit-shifting by 𝑂 converting from int to double here 𝑂 = 10

16

expensive

slide-17
SLIDE 17

Bit-Level Operations

  • Example:

Given 𝑂 (in int), compute 2𝑂 (in double)

  • Such bit-manipulations are ubiquitous in highly optimized

floating-point implementations

  • If a code mixes floating-point and bit-level operations,

reasoning about the code is difficult

integer addition bit-shifting by 52

𝑂 [int] 𝑂 + 1023 [int] 00 ⋯ 0 [52 bits]

[12 bits]

2𝑂 [double]

works only for 0 ≤ 𝑂 ≤ 31

1 [int] 2𝑂 [int] 2𝑂 [double]

bit-shifting by 𝑂 converting from int to double here 𝑂 = 10

17

expensive

slide-18
SLIDE 18

Bit-Level Operations

  • Example:

Given 𝑂 (in int), compute 2𝑂 (in double)

  • Such bit-manipulations are ubiquitous in highly optimized

floating-point implementations

  • If a code mixes floating-point and bit-level operations,

reasoning about the code is difficult

integer addition bit-shifting by 52

𝑂 [int] 𝑂 + 1023 [int] 00 ⋯ 0 [52 bits]

[12 bits]

2𝑂 [double]

works only for 0 ≤ 𝑂 ≤ 31 works for −1022 ≤ 𝑂 ≤ 1023

1 [int] 2𝑂 [int] 2𝑂 [double]

bit-shifting by 𝑂 converting from int to double here 𝑂 = 10

18

expensive

slide-19
SLIDE 19

Bit-Level Operations

  • Example:

Given 𝑂 (in int), compute 2𝑂 (in double)

  • Such bit-manipulations are ubiquitous in highly optimized

floating-point implementations

  • If a code mixes floating-point and bit-level operations,

reasoning about the code is difficult

integer addition bit-shifting by 52

𝑂 [int] 𝑂 + 1023 [int] 00 ⋯ 0 [52 bits]

[12 bits]

2𝑂 [double]

works only for 0 ≤ 𝑂 ≤ 31 works for −1022 ≤ 𝑂 ≤ 1023

1 [int] 2𝑂 [int] 2𝑂 [double]

bit-shifting by 𝑂 converting from int to double here 𝑂 = 10

19

expensive

slide-20
SLIDE 20

Problem Statement

  • Goal:

Find a small Θ > 0 such that

𝑔 𝑦 −𝑄 𝑦 𝑔(𝑦)

≤ Θ for all 𝑦 ∈ 𝑌

  • i.e.,

prove a bound on the maximum precision loss

mathematical specification

𝑔: ℝ → ℝ

𝑓𝑦

20

slide-21
SLIDE 21

Problem Statement

  • Goal:

Find a small Θ > 0 such that

𝑔 𝑦 −𝑄 𝑦 𝑔(𝑦)

≤ Θ for all 𝑦 ∈ 𝑌

  • i.e.,

prove a bound on the maximum precision loss

binary 𝑄 that mixes floating-point and bit-level operations mathematical specification

𝑔: ℝ → ℝ

𝑓𝑦

... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... vpslld vpshufd

21

slide-22
SLIDE 22

Problem Statement

  • Goal:

Find a small Θ > 0 such that

𝑔 𝑦 −𝑄 𝑦 𝑔(𝑦)

≤ Θ for all 𝑦 ∈ 𝑌

  • i.e.,

prove a bound on the maximum precision loss

binary 𝑄 that mixes floating-point and bit-level operations mathematical specification

𝑔: ℝ → ℝ

𝑓𝑦

input range 𝑌 ⊆ ℝ

[−1, 1]

... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... vpslld vpshufd

22

slide-23
SLIDE 23

Problem Statement

  • Goal:

Find a small Θ > 0 such that

𝑔 𝑦 −𝑄 𝑦 𝑔(𝑦)

≤ Θ for all 𝑦 ∈ 𝑌

  • i.e.,

prove a bound on the maximum precision loss

binary 𝑄 that mixes floating-point and bit-level operations mathematical specification

𝑔: ℝ → ℝ

𝑓𝑦

input range 𝑌 ⊆ ℝ

[−1, 1]

... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... vpslld vpshufd

23

slide-24
SLIDE 24

P

  • ssible Alternatives
  • Exhaustive testing
  • feasible for 32-bit float:

~ 30 seconds (with 1 core for sinf)

  • infeasible for 64-bit double:

> 4000 years (= 30 seconds × 232)

  • infeasible even for input range X = −1, 1

∵ (# of doubles between −1 and 1) =

1 2 (# of all doubles)

  • Machine-checkable proofs
  • Harrison used

transcendental functions are very accurate [

]

  • construction of these proofs often requires considerable

persistence

24

slide-25
SLIDE 25

P

  • ssible Alternatives
  • Exhaustive testing
  • feasible for 32-bit float:

~ 30 seconds (with 1 core for sinf)

  • infeasible for 64-bit double:

> 4000 years (= 30 seconds × 232)

  • infeasible even for input range X = −1, 1

∵ (# of doubles between −1 and 1) =

1 2 (# of all doubles)

  • Machine-checkable proofs
  • Harrison used

transcendental functions are very accurate [

]

  • construction of these proofs often requires considerable

persistence

25

slide-26
SLIDE 26

P

  • ssible Alternatives
  • Exhaustive testing
  • feasible for 32-bit float:

~ 30 seconds (with 1 core for sinf)

  • infeasible for 64-bit double:

> 4000 years (= 30 seconds × 232)

  • infeasible even for input range X = −1, 1

∵ (# of doubles between −1 and 1) =

1 2 (# of all doubles)

  • Machine-checkable proofs
  • Harrison used

transcendental functions are very accurate [

]

  • construction of these proofs often requires considerable

persistence

26

slide-27
SLIDE 27

P

  • ssible Alternatives
  • Exhaustive testing
  • feasible for 32-bit float:

~ 30 seconds (with 1 core for sinf)

  • infeasible for 64-bit double:

> 4000 years (= 30 seconds × 232)

  • infeasible even for input range X = −1, 1

∵ (# of doubles between −1 and 1) =

1 2 (# of all doubles)

  • Machine-checkable proofs
  • Harrison used

transcendental functions are very accurate [

]

  • construction of these proofs often requires considerable

persistence.

27

slide-28
SLIDE 28

P

  • ssible Automatic Alternatives
  • If only floating-point operations are used,

various automatic techniques can be applied

  • e.g.,

Astree , Fluctuat , ROSA , FPTaylor

  • Several commercial tools (e.g.,

Astree, Fluctuat) can handle certain bit-trick routines

  • We are unaware of a general technique for verifying

mixed floating-point and bit-level code

28

slide-29
SLIDE 29

P

  • ssible Automatic Alternatives
  • If only floating-point operations are used,

various automatic techniques can be applied

  • e.g.,

Astree , Fluctuat , ROSA , FPTaylor

  • Several commercial tools (e.g.,

Astree, Fluctuat) can handle certain bit-trick routines

  • We are unaware of a general technique for verifying

mixed floating-point and bit-level code

29

slide-30
SLIDE 30

Our Method

30

slide-31
SLIDE 31

1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq

𝑓𝑦 Explained

31

slide-32
SLIDE 32

1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq

𝑓𝑦 Explained

𝑂 = round 𝑦 ∙ log2 𝑓 𝑦

32

slide-33
SLIDE 33

1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq

2𝑂

𝑓𝑦 Explained

𝑂 = round 𝑦 ∙ log2 𝑓 𝑦

33

slide-34
SLIDE 34

1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq

𝑓𝑦 = 𝑓𝑂∙ln 2 ∙ 𝑓𝑠 ≈ 2𝑂 ∙ 𝑓𝑠 𝑓𝑠 ≈ ෍

𝑗=0 12 𝑠𝑗

𝑗! 𝑠 = 𝑦 − 𝑂 ∙ ln 2 2𝑂

𝑓𝑦 Explained

𝑂 = round 𝑦 ∙ log2 𝑓 𝑦

34

slide-35
SLIDE 35

1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq

𝑓𝑦 = 𝑓𝑂∙ln 2 ∙ 𝑓𝑠 ≈ 2𝑂 ∙ 𝑓𝑠 𝑓𝑠 ≈ ෍

𝑗=0 12 𝑠𝑗

𝑗! 𝑠 = 𝑦 − 𝑂 ∙ ln 2 2𝑂

𝑓𝑦 Explained

𝑂 = round 𝑦 ∙ log2 𝑓 𝑦

Goal: Find a small Θ > 0 such that

𝑓𝑦−2𝑂𝑓𝑠 𝑓𝑦

≤ Θ for all 𝑦 ∈ 𝑌

35

slide-36
SLIDE 36
  • Assume only floating-point operations are used
  • 1 + 𝜗

property

  • A standard way to model rounding errors
  • For 64-bit doubles,

𝜗 = 2−53

  • This property has been used in previous automatic techniques

(FPTaylor

  • point programs

1) Abstract Floating-P

  • int Operations

36

slide-37
SLIDE 37
  • Assume only floating-point operations are used
  • 1 + 𝜗

property

  • A standard way to model rounding errors
  • For 64-bit doubles,

𝜗 = 2−53

  • This property has been used in previous automatic techniques

(FPTaylor

  • point programs

1) Abstract Floating-P

  • int Operations

37

slide-38
SLIDE 38
  • Assume only floating-point operations are used
  • 1 + 𝜗

property

  • A standard way to model rounding errors
  • For 64-bit doubles,

𝜗 = 2−53

  • This property has been used in previous automatic techniques

(FPTaylor

  • point programs

𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗

1) Abstract Floating-P

  • int Operations

38

slide-39
SLIDE 39
  • Assume only floating-point operations are used
  • 1 + 𝜗

property

  • A standard way to model rounding errors
  • For 64-bit doubles,

𝜗 = 2−53

  • This property has been used in previous automatic techniques

(FPTaylor

  • point programs

𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗

1) Abstract Floating-P

  • int Operations

39

𝑦⨂𝑧

1

slide-40
SLIDE 40
  • Assume only floating-point operations are used
  • 1 + 𝜗

property

  • A standard way to model rounding errors
  • For 64-bit doubles,

𝜗 = 2−53

  • This property has been used in previous automatic techniques

(FPTaylor

  • point programs

𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗

1) Abstract Floating-P

  • int Operations

40

𝑦⨂𝑧

1

slide-41
SLIDE 41
  • Assume only floating-point operations are used
  • 1 + 𝜗

property

  • A standard way to model rounding errors
  • For 64-bit doubles,

𝜗 = 2−53

  • This property has been used in previous automatic techniques

(FPTaylor

  • point programs

𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗

1) Abstract Floating-P

  • int Operations

41

𝑦 ⨂f 𝑧 𝑦⨂𝑧

1

slide-42
SLIDE 42
  • Assume only floating-point operations are used
  • 1 + 𝜗

property

  • A standard way to model rounding errors
  • For 64-bit doubles,

𝜗 = 2−53

  • This property has been used in previous automatic techniques

(FPTaylor

  • point programs

𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗

1) Abstract Floating-P

  • int Operations

42

𝑦 ⨂f 𝑧 𝑦⨂𝑧

1

𝜗

slide-43
SLIDE 43
  • Assume only floating-point operations are used
  • 1 + 𝜗

property

  • A standard way to model rounding errors
  • For 64-bit doubles,

𝜗 = 2−53

  • This property has been used in previous automatic techniques

(FPTaylor

  • point programs

𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗

1) Abstract Floating-P

  • int Operations

43

𝑦 ⨂f 𝑧 𝑦⨂𝑧

1

𝜗

slide-44
SLIDE 44
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

1) Abstract Floating-P

  • int Operations

44

slide-45
SLIDE 45
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

1) Abstract Floating-P

  • int Operations

45

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2

slide-46
SLIDE 46
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

1) Abstract Floating-P

  • int Operations

46

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦

slide-47
SLIDE 47
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

1) Abstract Floating-P

  • int Operations

47

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × +

slide-48
SLIDE 48
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

1) Abstract Floating-P

  • int Operations

48

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × +

slide-49
SLIDE 49
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

1) Abstract Floating-P

  • int Operations

49

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × +

slide-50
SLIDE 50
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 ∶ 𝜀1 , 𝜀2 < 𝜗

1) Abstract Floating-P

  • int Operations

50

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × +

slide-51
SLIDE 51
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 ∶ 𝜀1 , 𝜀2 < 𝜗

1) Abstract Floating-P

  • int Operations

51

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × + + ×

} {

slide-52
SLIDE 52
  • Compute a symbolic abstraction 𝐵𝜀 𝑦
  • f a program 𝑄
  • Example:
  • F

rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies

𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦

  • Example:

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 ∶ 𝜀1 , 𝜀2 < 𝜗

1) Abstract Floating-P

  • int Operations

52

𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × + + × ∈

} {

slide-53
SLIDE 53

Our Method: Overview

𝑌 −1 1 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 53

slide-54
SLIDE 54

Our Method: Overview

𝑌 −1 1 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 54

slide-55
SLIDE 55

Our Method: Overview

𝑌 −1 1 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 55

slide-56
SLIDE 56

Our Method: Overview

𝑌 −1 1 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 56

hard to find

slide-57
SLIDE 57

Our Method: Overview

𝑌 −1 1 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 57

hard to find abstract using n

slide-58
SLIDE 58

Our Method: Overview

𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 58

hard to find abstract using n

slide-59
SLIDE 59

Our Method: Overview

𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 59

hard to find abstract using n

slide-60
SLIDE 60

Our Method: Overview

𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...

1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation

  • f bit-level operations

60

hard to find abstract using n

slide-61
SLIDE 61

Our Method: Overview

𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...

1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation

  • f bit-level operations

61

hard to find

  • nly floating-point
  • perations

abstract using n

slide-62
SLIDE 62

Our Method: Overview

𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...

1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation

  • f bit-level operations

62

hard to find

  • nly floating-point
  • perations

abstract using n

slide-63
SLIDE 63

Our Method: Overview

𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝐽1 𝐽2 𝐽𝑜

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...

1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation

  • f bit-level operations

63

slide-64
SLIDE 64

Our Method: Overview

𝐽1 𝐽2 𝐽𝑜

𝑔 𝑦 − 𝐵1,𝜀 𝑦 𝑔(𝑦) 𝑔 𝑦 − 𝐵𝑜,𝜀 𝑦 𝑔(𝑦)

𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝐽1 𝐽2 𝐽𝑜

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...

1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation

  • f bit-level operations

64

slide-65
SLIDE 65

Our Method: Overview

𝐽1 𝐽2 𝐽𝑜

𝑔 𝑦 − 𝐵1,𝜀 𝑦 𝑔(𝑦) 𝑔 𝑦 − 𝐵𝑜,𝜀 𝑦 𝑔(𝑦)

solve optimization problems

𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝐽1 𝐽2 𝐽𝑜

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...

1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation

  • f bit-level operations

65

max max

slide-66
SLIDE 66

Our Method: Overview

𝐽1 𝐽2 𝐽𝑜

𝑔 𝑦 − 𝐵1,𝜀 𝑦 𝑔(𝑦) 𝑔 𝑦 − 𝐵𝑜,𝜀 𝑦 𝑔(𝑦)

answer!

solve optimization problems

𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝐽1 𝐽2 𝐽𝑜

... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...

1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation

  • f bit-level operations

66

max max

slide-67
SLIDE 67
  • Assume bit-level operations are used as well
  • To handle bit-level operations,

divide 𝑌 into intervals 𝐽𝑙, so that,

  • n each 𝐽𝑙,

we can statically know the result of each bit-level operation

  • Example:

2) Divide the Input Range

67

slide-68
SLIDE 68
  • Assume bit-level operations are used as well
  • To handle bit-level operations,

divide 𝑌 into intervals 𝐽𝑙, so that,

  • n each 𝐽𝑙,

we can statically know the result of each bit-level operation

  • Example:

2) Divide the Input Range

68

slide-69
SLIDE 69
  • Assume bit-level operations are used as well
  • To handle bit-level operations,

divide 𝑌 into intervals 𝐽𝑙, so that,

  • n each 𝐽𝑙,

we can statically know the result of each bit-level operation

  • Example:

input x y ← x ×f C

(C= 0x3ff71547652b82fe)

N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...

2) Divide the Input Range

−1 1 𝑌

69

slide-70
SLIDE 70
  • Assume bit-level operations are used as well
  • To handle bit-level operations,

divide 𝑌 into intervals 𝐽𝑙, so that,

  • n each 𝐽𝑙,

we can statically know the result of each bit-level operation

  • Example:

input x y ← x ×f C

(C= 0x3ff71547652b82fe)

N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...

2) Divide the Input Range

−1 1 𝑌 𝐽−1 𝐽0 𝐽1

70

slide-71
SLIDE 71
  • Assume bit-level operations are used as well
  • To handle bit-level operations,

divide 𝑌 into intervals 𝐽𝑙, so that,

  • n each 𝐽𝑙,

we can statically know the result of each bit-level operation

  • Example:

input x y ← x ×f C

(C= 0x3ff71547652b82fe)

N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...

2) Divide the Input Range

−1 1 𝑌 𝐽−1 𝐽0 𝐽1

71

𝐽1 𝐽0 𝑌 −1 1 𝐽−1

slide-72
SLIDE 72
  • Assume bit-level operations are used as well
  • To handle bit-level operations,

divide 𝑌 into intervals 𝐽𝑙, so that,

  • n each 𝐽𝑙,

we can statically know the result of each bit-level operation

  • Example:

input x y ← x ×f C

(C= 0x3ff71547652b82fe)

N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...

2) Divide the Input Range

−1 1 𝑌 𝐽−1 𝐽0 𝐽1

72

𝐽1 𝐽0 𝑌 −1 1

−1

𝐽−1

slide-73
SLIDE 73
  • Assume bit-level operations are used as well
  • To handle bit-level operations,

divide 𝑌 into intervals 𝐽𝑙, so that,

  • n each 𝐽𝑙,

we can statically know the result of each bit-level operation

  • Example:

input x y ← x ×f C

(C= 0x3ff71547652b82fe)

N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...

2) Divide the Input Range

−1 1 𝑌 𝐽−1 𝐽0 𝐽1

73

𝐽1 𝐽0 𝑌 −1 1

−1 partial evaluation input x y ← x ×f C

(C= 0x3ff71547652b82fe)

N ← −1 z ← 1022 w ← 0.5 ...

𝐽−1

slide-74
SLIDE 74
  • Assume bit-level operations are used as well
  • To handle bit-level operations,

divide 𝑌 into intervals 𝐽𝑙, so that,

  • n each 𝐽𝑙,

we can statically know the result of each bit-level operation

  • Example:

input x y ← x ×f C

(C= 0x3ff71547652b82fe)

N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...

2) Divide the Input Range

−1 1 𝑌 𝐽−1 𝐽0 𝐽1

74

𝐽1 𝐽0 𝑌 −1 1

−1 partial evaluation input x y ← x ×f C

(C= 0x3ff71547652b82fe)

N ← −1 z ← 1022 w ← 0.5 ...

Only floating-point operations are left

→ Can compute 𝐵𝜀 𝑦

  • n each 𝐽𝑙

𝐽−1

slide-75
SLIDE 75

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

75

slide-76
SLIDE 76

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

76

−1 1 𝑌 𝐽−1 𝐽0 𝐽1

slide-77
SLIDE 77

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

77

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

slide-78
SLIDE 78

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

78

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

slide-79
SLIDE 79

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

79

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

slide-80
SLIDE 80

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

80

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

slide-81
SLIDE 81

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C

81

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

slide-82
SLIDE 82

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C 𝑙 − 0.5 𝑙 + 0.5

82

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

slide-83
SLIDE 83

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C 𝑙 − 0.5 𝑙 + 0.5

83

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

𝑂 = 𝑙

slide-84
SLIDE 84

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C 𝑙 − 0.5 𝑙 + 0.5

84

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

𝑂 = 𝑙

slide-85
SLIDE 85

2) Divide the Input Range

  • How to find such intervals?
  • Use symbolic abstractions
  • Example:
  • 𝑂 = round 𝑦 ×f C
  • (symbolic abstraction of 𝑦 ×f C) = 𝑦 × C 1 + 𝜀
  • Let 𝐽𝑙 = largest interval contained in

𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5

  • Then 𝑂 is evaluated to 𝑙 for every input in 𝐽𝑙

𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C 𝑙 − 0.5 𝑙 + 0.5

85

𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1

𝑂 = 𝑙

slide-86
SLIDE 86

3) Compute a Bound on Precision Loss

  • Precision loss on each interval 𝐽𝑙
  • Let 𝐵𝜀 𝑦

be a symbolic abstraction on 𝐽𝑙

  • Analytical optimization:

max

𝑦∈𝐽𝑙, |𝜀𝑗|<𝜗 𝑓𝑦−𝐵𝜀 𝑦 𝑓𝑦

  • Use Mathematica to solve optimization problems analytically

86

slide-87
SLIDE 87

3) Compute a Bound on Precision Loss

  • Precision loss on each interval 𝐽𝑙
  • Let 𝐵𝜀 𝑦

be a symbolic abstraction on 𝐽𝑙

  • Analytical optimization:

max

𝑦∈𝐽𝑙, |𝜀𝑗|<𝜗 𝑓𝑦−𝐵𝜀 𝑦 𝑓𝑦

  • Use Mathematica to solve optimization problems analytically

87

slide-88
SLIDE 88
  • No.

The constructed intervals do not cover 𝑌 in general

  • Because we made sound approximations

Are We Done?

−1 1

input range 𝑌

𝐽−1 𝐽0 𝐽1

88

slide-89
SLIDE 89
  • No.

The constructed intervals do not cover 𝑌 in general

  • Because we made sound approximations

Are We Done?

−1 1

input range 𝑌

𝐽−1 𝐽0 𝐽1

89

floating-point numbers

slide-90
SLIDE 90
  • No.

The constructed intervals do not cover 𝑌 in general

  • Because we made sound approximations

Are We Done?

−1 1

input range 𝑌

𝐽−1 𝐽0 𝐽1

90

floating-point numbers between intervals

slide-91
SLIDE 91
  • No.

The constructed intervals do not cover 𝑌 in general

  • Because we made sound approximations

Are We Done?

−1 1

input range 𝑌

𝐽−1 𝐽0 𝐽1

91

floating-point numbers between intervals

slide-92
SLIDE 92
  • Example:

𝑂 = round 𝑦 ×f 𝐷

For 𝑦 =

1 2𝐷 ,

𝑂 would be 0 or 1

  • Let 𝐼 = {floating-
  • We observe that |𝐼| is small in experiment

Are We Done?

0.5 1

92

: abstraction of 𝑦 ×f 𝐷

slide-93
SLIDE 93
  • Example:

𝑂 = round 𝑦 ×f 𝐷

For 𝑦 =

1 2𝐷 ,

𝑂 would be 0 or 1

  • Let 𝐼 = {floating-
  • We observe that |𝐼| is small in experiment

Are We Done?

0.5 1

93

: abstraction of 𝑦 ×f 𝐷

𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷)

slide-94
SLIDE 94
  • Example:

𝑂 = round 𝑦 ×f 𝐷

For 𝑦 =

1 2𝐷 ,

𝑂 would be 0 or 1

  • Let 𝐼 = {floating-
  • We observe that |𝐼| is small in experiment

Are We Done?

0.5 1

94

: abstraction of 𝑦 ×f 𝐷

𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷)

𝑂 = 0 𝑂 = 1

slide-95
SLIDE 95
  • Example:

𝑂 = round 𝑦 ×f 𝐷

For 𝑦 =

1 2𝐷 ,

𝑂 would be 0 or 1

  • Let 𝐼 = {floating-
  • We observe that |𝐼| is small in experiment

Are We Done?

0.5 1

95

: abstraction of 𝑦 ×f 𝐷

𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(2𝐷)

𝑂 = 0 𝑂 = 1

slide-96
SLIDE 96
  • Example:

𝑂 = round 𝑦 ×f 𝐷

For 𝑦 =

1 2𝐷 ,

𝑂 would be 0 or 1

  • Let 𝐼 = {floating-
  • We observe that |𝐼| is small in experiment

Are We Done?

𝑦 ×f 𝐷 0.5 1

? ? ? ? ? ?

96

: abstraction of 𝑦 ×f 𝐷

𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(2𝐷)

𝑂 = 0 𝑂 = 1

slide-97
SLIDE 97
  • Example:

𝑂 = round 𝑦 ×f 𝐷

For 𝑦 =

1 2𝐷 ,

𝑂 would be 0 or 1

  • Let 𝐼 = {floating-
  • We observe that |𝐼| is small in experiment

Are We Done?

𝑦 ×f 𝐷 0.5 1

? ? ? ? ? ?

97

: abstraction of 𝑦 ×f 𝐷

𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(2𝐷)

𝑂 = 0 𝑂 = 1

slide-98
SLIDE 98
  • Example:

𝑂 = round 𝑦 ×f 𝐷

For 𝑦 =

1 2𝐷 ,

𝑂 would be 0 or 1

  • Let 𝐼 = {floating-
  • We observe that |𝐼| is small in experiment

Are We Done?

𝑦 ×f 𝐷 0.5 1

? ? ? ? ? ?

98

: abstraction of 𝑦 ×f 𝐷

𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(2𝐷)

𝑂 = 0 𝑂 = 1

slide-99
SLIDE 99

3) Compute a Bound on Precision Loss

  • Precision loss on each interval 𝐽𝑙
  • Let 𝐵𝜀 𝑦

be a symbolic abstraction on 𝐽𝑙

  • Analytical optimization:

max

𝑦∈𝐽𝑙, |𝜀𝑗|<𝜗 𝑓𝑦−𝐵𝜀 𝑦 𝑓𝑦

  • Use Mathematica to solve optimization problems analytically
  • Precision loss on 𝐼
  • For each 𝑦 ∈ 𝐼,
  • btain 𝑄 𝑦 by executing the binary
  • Brute force:

max

𝑦∈𝐼 𝑓𝑦−𝑄 𝑦 𝑓𝑦

  • Use Mathematica to compute 𝑓𝑦 and precision loss exactly

99

slide-100
SLIDE 100

3) Compute a Bound on Precision Loss

  • Precision loss on each interval 𝐽𝑙
  • Let 𝐵𝜀 𝑦

be a symbolic abstraction on 𝐽𝑙

  • Analytical optimization:

max

𝑦∈𝐽𝑙, |𝜀𝑗|<𝜗 𝑓𝑦−𝐵𝜀 𝑦 𝑓𝑦

  • Use Mathematica to solve optimization problems analytically
  • Precision loss on 𝐼
  • For each 𝑦 ∈ 𝐼,
  • btain 𝑄 𝑦 by executing the binary
  • Brute force:

max

𝑦∈𝐼 𝑓𝑦−𝑄 𝑦 𝑓𝑦

  • Use Mathematica to compute 𝑓𝑦 and precision loss exactly

take maximum

→ answer!

100

slide-101
SLIDE 101

Case Studies

101

slide-102
SLIDE 102

Settings

  • Benchmarks
  • exp:

from S3D (a combustion simulation engine)

  • sin,

log: from

<math.h>

  • Measures of precision loss
  • Relative error:

RelErr(𝑏, 𝑐) =

𝑏−𝑐 𝑏

  • ULP error:
  • Rounding errors of numeric libraries are typically measured by ULPs
  • ULPErr 𝑏, 𝑐 = (# of floating-point numbers between 𝑏 and 𝑐)
  • Example:
  • ULPErr 𝑏, 𝑐 ≤ 2 ∙ RelErr(𝑏, 𝑐)/𝜗

102

slide-103
SLIDE 103

Settings

  • Benchmarks
  • exp:

from S3D (a combustion simulation engine)

  • sin,

log: from

<math.h>

  • Measures of precision loss
  • Relative error:

RelErr(𝑏, 𝑐) =

𝑏−𝑐 𝑏

  • ULP error:
  • Rounding errors of numeric libraries are typically measured by ULPs
  • ULPErr 𝑏, 𝑐 = (# of floating-point numbers between 𝑏 and 𝑐)
  • Example:
  • ULPErr 𝑏, 𝑐 ≤ 2 ∙ RelErr(𝑏, 𝑐)/𝜗

103

5 ULPs

𝑏 𝑐

slide-104
SLIDE 104

Results

Interval Bound on ULP error # of intervals # of

𝜀

Size of

exp [−4, 4] 14 13 29 36 sin − 𝜌 2 , 𝜌 2 9 33 53 110 log (0,4) ∖ 4095 4096 , 1 21 221 25 4095 4096 , 1 1 × 1014 1 25

104

slide-105
SLIDE 105

Results

Interval Bound on ULP error # of intervals # of

𝜀

Size of

exp [−4, 4] 14 13 29 36 sin − 𝜌 2 , 𝜌 2 9 33 53 110 log (0,4) ∖ 4095 4096 , 1 21 221 25 4095 4096 , 1 1 × 1014 1 25

105

best illustrates the power of our method

slide-106
SLIDE 106

Results: sin, log

x-axis: input value y-axis: ULP error

bounds on the intervals

sin log

106 1014

slide-107
SLIDE 107

Results: sin, log

x-axis: input value y-axis: ULP error

bounds on the intervals

sin log

107 1014

slide-108
SLIDE 108

Limitations of Our Method

  • May construct a large number of intervals
  • Example:

0x5fe6eb50c7b537a9 – (x >> 1)

  • For this example,
  • ur method constructs 263 intervals
  • May produce loose error bounds
  • Example:

1014 ULPs for log on

4095 4096 , 1

  • Sometimes 1 + 𝜗

property provides an imprecise abstraction

  • Proving a precise error bound requires more sophisticated

error analysis beyond 1 + 𝜗 property

  • Our recent result:

6 ULPs for for log on 0,4

108

slide-109
SLIDE 109

Limitations of Our Method

  • May construct a large number of intervals
  • Example:

0x5fe6eb50c7b537a9 – (x >> 1)

  • For this example,
  • ur method constructs 263 intervals
  • May produce loose error bounds
  • Example:

1014 ULPs for log on

4095 4096 , 1

  • Sometimes 1 + 𝜗

property provides an imprecise abstraction

  • Proving a precise error bound requires more sophisticated

error analysis beyond 1 + 𝜗 property

  • Our recent result:

6 ULPs for for log on 0,4

109

slide-110
SLIDE 110

Summary

  • First systematic method for verifying binaries

that mix floating-point and bit-level operations

  • Use abstraction,

analytical optimization, and testing

  • Directly applicable to highly optimized binaries
  • f transcendental functions

110

slide-111
SLIDE 111

Questions?

111