Verifying Bit-Manipulations
- f Floating-P
- int
Wonyeol Lee
Rahul Sharma Alex Aiken Stanford University PLDI 2016
Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul - - PowerPoint PPT Presentation
Verifying Bit-Manipulations of Floating-P oint Wonyeol Lee Rahul Sharma Alex Aiken Stanford University PLDI 2016 This Talk Example: mathematical specification Goal: Bound the difference between spec and implementation
Wonyeol Lee
Rahul Sharma Alex Aiken Stanford University PLDI 2016
Bound the difference between spec and implementation
Verify binaries that mix floating-point and bit- level operations
mathematical specification
2
Bound the difference between spec and implementation
Verify binaries that mix floating-point and bit- level operations
floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification
3
Bound the difference between spec and implementation
Verify binaries that mix floating-point and bit- level operations
floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification
4
Bound the difference between spec and implementation
Verify binaries that mix floating-point and bit- level operations
how different?
floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification
5
Bound the difference between spec and implementation
Verify binaries that mix floating-point and bit- level operations
how different?
floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification
6
Bound the difference between spec and implementation
Verify binaries that mix floating-point and bit- level operations
how different?
floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification
7
Bound the difference between spec and implementation
Verify binaries that mix floating-point and bit- level operations
how different?
floating-point implementation ... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... mathematical specification
8
1 + 1030 − 1030 = 1 ≠ 0 = (1 + 1030) − 1030
9
1 01111111111 1100⋯00 (2) = −1 1 ∙ 21023−1023 ∙ 1.110 ⋯ 00(2)
1 + 1030 − 1030 = 1 ≠ 0 = (1 + 1030) − 1030
10
1 01111111111 1100⋯00 (2) = −1 1 ∙ 21023−1023 ∙ 1.110 ⋯ 00(2)
1 + 1030 − 1030 = 1 ≠ 0 = (1 + 1030) − 1030
11
1 01111111111 1100⋯00 (2) = −1 1 ∙ 21023−1023 ∙ 1.110 ⋯ 00(2)
Given 𝑂 (in int), compute 2𝑂 (in double)
floating-point implementations
reasoning about the code is difficult
12
Given 𝑂 (in int), compute 2𝑂 (in double)
floating-point implementations
reasoning about the code is difficult
1 [int] 2𝑂 [int] 2𝑂 [double]
bit-shifting by 𝑂 converting from int to double here 𝑂 = 10
13
Given 𝑂 (in int), compute 2𝑂 (in double)
floating-point implementations
reasoning about the code is difficult
1 [int] 2𝑂 [int] 2𝑂 [double]
bit-shifting by 𝑂 converting from int to double here 𝑂 = 10
14
expensive
Given 𝑂 (in int), compute 2𝑂 (in double)
floating-point implementations
reasoning about the code is difficult
works only for 0 ≤ 𝑂 ≤ 31
1 [int] 2𝑂 [int] 2𝑂 [double]
bit-shifting by 𝑂 converting from int to double here 𝑂 = 10
15
expensive
Given 𝑂 (in int), compute 2𝑂 (in double)
floating-point implementations
reasoning about the code is difficult
integer addition bit-shifting by 52
𝑂 [int] 𝑂 + 1023 [int] 00 ⋯ 0 [52 bits]
[12 bits]
works only for 0 ≤ 𝑂 ≤ 31
1 [int] 2𝑂 [int] 2𝑂 [double]
bit-shifting by 𝑂 converting from int to double here 𝑂 = 10
16
expensive
Given 𝑂 (in int), compute 2𝑂 (in double)
floating-point implementations
reasoning about the code is difficult
integer addition bit-shifting by 52
𝑂 [int] 𝑂 + 1023 [int] 00 ⋯ 0 [52 bits]
[12 bits]
2𝑂 [double]
works only for 0 ≤ 𝑂 ≤ 31
1 [int] 2𝑂 [int] 2𝑂 [double]
bit-shifting by 𝑂 converting from int to double here 𝑂 = 10
17
expensive
Given 𝑂 (in int), compute 2𝑂 (in double)
floating-point implementations
reasoning about the code is difficult
integer addition bit-shifting by 52
𝑂 [int] 𝑂 + 1023 [int] 00 ⋯ 0 [52 bits]
[12 bits]
2𝑂 [double]
works only for 0 ≤ 𝑂 ≤ 31 works for −1022 ≤ 𝑂 ≤ 1023
1 [int] 2𝑂 [int] 2𝑂 [double]
bit-shifting by 𝑂 converting from int to double here 𝑂 = 10
18
expensive
Given 𝑂 (in int), compute 2𝑂 (in double)
floating-point implementations
reasoning about the code is difficult
integer addition bit-shifting by 52
𝑂 [int] 𝑂 + 1023 [int] 00 ⋯ 0 [52 bits]
[12 bits]
2𝑂 [double]
works only for 0 ≤ 𝑂 ≤ 31 works for −1022 ≤ 𝑂 ≤ 1023
1 [int] 2𝑂 [int] 2𝑂 [double]
bit-shifting by 𝑂 converting from int to double here 𝑂 = 10
19
expensive
Find a small Θ > 0 such that
𝑔 𝑦 −𝑄 𝑦 𝑔(𝑦)
≤ Θ for all 𝑦 ∈ 𝑌
prove a bound on the maximum precision loss
mathematical specification
𝑔: ℝ → ℝ
20
Find a small Θ > 0 such that
𝑔 𝑦 −𝑄 𝑦 𝑔(𝑦)
≤ Θ for all 𝑦 ∈ 𝑌
prove a bound on the maximum precision loss
binary 𝑄 that mixes floating-point and bit-level operations mathematical specification
𝑔: ℝ → ℝ
... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... vpslld vpshufd
21
Find a small Θ > 0 such that
𝑔 𝑦 −𝑄 𝑦 𝑔(𝑦)
≤ Θ for all 𝑦 ∈ 𝑌
prove a bound on the maximum precision loss
binary 𝑄 that mixes floating-point and bit-level operations mathematical specification
𝑔: ℝ → ℝ
input range 𝑌 ⊆ ℝ
[−1, 1]
... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... vpslld vpshufd
22
Find a small Θ > 0 such that
𝑔 𝑦 −𝑄 𝑦 𝑔(𝑦)
≤ Θ for all 𝑦 ∈ 𝑌
prove a bound on the maximum precision loss
binary 𝑄 that mixes floating-point and bit-level operations mathematical specification
𝑔: ℝ → ℝ
input range 𝑌 ⊆ ℝ
[−1, 1]
... vpslld $20, %xmm3, %xmm3 vpshufd $114, %xmm3, %xmm3 vmulpd C1, %xmm2, %xmm1 vmulpd C2, %xmm2, %xmm2 ... vpslld vpshufd
23
~ 30 seconds (with 1 core for sinf)
> 4000 years (= 30 seconds × 232)
∵ (# of doubles between −1 and 1) =
1 2 (# of all doubles)
transcendental functions are very accurate [
]
persistence
24
~ 30 seconds (with 1 core for sinf)
> 4000 years (= 30 seconds × 232)
∵ (# of doubles between −1 and 1) =
1 2 (# of all doubles)
transcendental functions are very accurate [
]
persistence
25
~ 30 seconds (with 1 core for sinf)
> 4000 years (= 30 seconds × 232)
∵ (# of doubles between −1 and 1) =
1 2 (# of all doubles)
transcendental functions are very accurate [
]
persistence
26
~ 30 seconds (with 1 core for sinf)
> 4000 years (= 30 seconds × 232)
∵ (# of doubles between −1 and 1) =
1 2 (# of all doubles)
transcendental functions are very accurate [
]
persistence.
27
various automatic techniques can be applied
Astree , Fluctuat , ROSA , FPTaylor
Astree, Fluctuat) can handle certain bit-trick routines
mixed floating-point and bit-level code
28
various automatic techniques can be applied
Astree , Fluctuat , ROSA , FPTaylor
Astree, Fluctuat) can handle certain bit-trick routines
mixed floating-point and bit-level code
29
30
1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq
31
1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq
𝑂 = round 𝑦 ∙ log2 𝑓 𝑦
32
1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq
2𝑂
𝑂 = round 𝑦 ∙ log2 𝑓 𝑦
33
1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq
𝑓𝑦 = 𝑓𝑂∙ln 2 ∙ 𝑓𝑠 ≈ 2𝑂 ∙ 𝑓𝑠 𝑓𝑠 ≈
𝑗=0 12 𝑠𝑗
𝑗! 𝑠 = 𝑦 − 𝑂 ∙ ln 2 2𝑂
𝑂 = round 𝑦 ∙ log2 𝑓 𝑦
34
1 vmovddup %xmm0, %xmm0 2 vmulpd L2E, %xmm0, %xmm2 3 vroundpd $0, %xmm2, %xmm2 4 vcvtpd2dqx %xmm2, %xmm3 5 vpaddd B, %xmm3, %xmm3 6 vpslld $20, %xmm3, %xmm3 7 vpshufd $114, %xmm3, %xmm3 8 vmulpd C1, %xmm2, %xmm1 9 vmulpd C2, %xmm2, %xmm2 10 vaddpd %xmm1, %xmm0, %xmm1 11 vaddpd %xmm2, %xmm1, %xmm1 12 vmovapd T1, %xmm0 13 vmulpd T12, %xmm1, %xmm2 14 vaddpd T11, %xmm2, %xmm2 ... 36 vaddpd %xmm0, %xmm1, %xmm0 37 vmulpd %xmm3, %xmm0, %xmm0 38 retq
𝑓𝑦 = 𝑓𝑂∙ln 2 ∙ 𝑓𝑠 ≈ 2𝑂 ∙ 𝑓𝑠 𝑓𝑠 ≈
𝑗=0 12 𝑠𝑗
𝑗! 𝑠 = 𝑦 − 𝑂 ∙ ln 2 2𝑂
𝑂 = round 𝑦 ∙ log2 𝑓 𝑦
Goal: Find a small Θ > 0 such that
𝑓𝑦−2𝑂𝑓𝑠 𝑓𝑦
≤ Θ for all 𝑦 ∈ 𝑌
35
property
𝜗 = 2−53
(FPTaylor
36
property
𝜗 = 2−53
(FPTaylor
37
property
𝜗 = 2−53
(FPTaylor
𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗
38
property
𝜗 = 2−53
(FPTaylor
𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗
39
𝑦⨂𝑧
1
property
𝜗 = 2−53
(FPTaylor
𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗
40
𝑦⨂𝑧
1
property
𝜗 = 2−53
(FPTaylor
𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗
41
𝑦 ⨂f 𝑧 𝑦⨂𝑧
1
property
𝜗 = 2−53
(FPTaylor
𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗
42
𝑦 ⨂f 𝑧 𝑦⨂𝑧
1
𝜗
property
𝜗 = 2−53
(FPTaylor
𝑦 ⨂f 𝑧 ∈ 𝑦⨂𝑧 1 + 𝜀 ∶ 𝜀 < 𝜗
43
𝑦 ⨂f 𝑧 𝑦⨂𝑧
1
𝜗
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
44
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
45
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
46
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
47
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × +
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
48
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × +
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
49
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × +
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 ∶ 𝜀1 , 𝜀2 < 𝜗
50
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × +
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 ∶ 𝜀1 , 𝜀2 < 𝜗
51
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × + + ×
} {
rom 1 + 𝜗 property, 𝐵𝜀 𝑦 satisfies
𝑄 𝑦 ∈ 𝐵𝜀 𝑦 ∶ 𝜀𝑗 < 𝜗 for all 𝑦
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 ∶ 𝜀1 , 𝜀2 < 𝜗
52
𝑄 𝑦 = 2 ×f 𝑦 1 + 𝜀1 +f 3 1 + 𝜀2 𝐵𝜀 𝑦 × + + × ∈
} {
𝑌 −1 1 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 53
𝑌 −1 1 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 54
𝑌 −1 1 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 55
𝑌 −1 1 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 56
hard to find
𝑌 −1 1 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 57
hard to find abstract using n
𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 58
hard to find abstract using n
𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... 59
hard to find abstract using n
𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...
1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation
60
hard to find abstract using n
𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...
1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation
61
hard to find
abstract using n
𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝑌 −1 1 𝐽1 𝐽2 𝐽𝑜 𝑄(𝑦)
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...
1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation
62
hard to find
abstract using n
𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝐽1 𝐽2 𝐽𝑜
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...
1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation
63
𝐽1 𝐽2 𝐽𝑜
𝑔 𝑦 − 𝐵1,𝜀 𝑦 𝑔(𝑦) 𝑔 𝑦 − 𝐵𝑜,𝜀 𝑦 𝑔(𝑦)
𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝐽1 𝐽2 𝐽𝑜
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...
1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation
64
𝐽1 𝐽2 𝐽𝑜
𝑔 𝑦 − 𝐵1,𝜀 𝑦 𝑔(𝑦) 𝑔 𝑦 − 𝐵𝑜,𝜀 𝑦 𝑔(𝑦)
solve optimization problems
𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝐽1 𝐽2 𝐽𝑜
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...
1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation
65
max max
𝐽1 𝐽2 𝐽𝑜
𝑔 𝑦 − 𝐵1,𝜀 𝑦 𝑔(𝑦) 𝑔 𝑦 − 𝐵𝑜,𝜀 𝑦 𝑔(𝑦)
answer!
solve optimization problems
𝐵1,𝜀(𝑦) 𝐵𝑜,𝜀(𝑦) 𝐵2,𝜀(𝑦) 𝐽1 𝐽2 𝐽𝑜
... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ... ... vpslld $20, ... vpshufd $114, ... vmulpd C1, ... vmulpd C2, ... ...
1 3 𝒐 𝟑𝒐 + 𝟐 partial evaluation
66
max max
divide 𝑌 into intervals 𝐽𝑙, so that,
we can statically know the result of each bit-level operation
67
divide 𝑌 into intervals 𝐽𝑙, so that,
we can statically know the result of each bit-level operation
68
divide 𝑌 into intervals 𝐽𝑙, so that,
we can statically know the result of each bit-level operation
input x y ← x ×f C
(C= 0x3ff71547652b82fe)
N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...
−1 1 𝑌
69
divide 𝑌 into intervals 𝐽𝑙, so that,
we can statically know the result of each bit-level operation
input x y ← x ×f C
(C= 0x3ff71547652b82fe)
N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...
−1 1 𝑌 𝐽−1 𝐽0 𝐽1
70
divide 𝑌 into intervals 𝐽𝑙, so that,
we can statically know the result of each bit-level operation
input x y ← x ×f C
(C= 0x3ff71547652b82fe)
N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...
−1 1 𝑌 𝐽−1 𝐽0 𝐽1
71
𝐽1 𝐽0 𝑌 −1 1 𝐽−1
divide 𝑌 into intervals 𝐽𝑙, so that,
we can statically know the result of each bit-level operation
input x y ← x ×f C
(C= 0x3ff71547652b82fe)
N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...
−1 1 𝑌 𝐽−1 𝐽0 𝐽1
72
𝐽1 𝐽0 𝑌 −1 1
−1
𝐽−1
divide 𝑌 into intervals 𝐽𝑙, so that,
we can statically know the result of each bit-level operation
input x y ← x ×f C
(C= 0x3ff71547652b82fe)
N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...
−1 1 𝑌 𝐽−1 𝐽0 𝐽1
73
𝐽1 𝐽0 𝑌 −1 1
−1 partial evaluation input x y ← x ×f C
(C= 0x3ff71547652b82fe)
N ← −1 z ← 1022 w ← 0.5 ...
𝐽−1
divide 𝑌 into intervals 𝐽𝑙, so that,
we can statically know the result of each bit-level operation
input x y ← x ×f C
(C= 0x3ff71547652b82fe)
N ← round(y) z ← int(N) +i 0x3ff w ← z << 52 ...
−1 1 𝑌 𝐽−1 𝐽0 𝐽1
74
𝐽1 𝐽0 𝑌 −1 1
−1 partial evaluation input x y ← x ×f C
(C= 0x3ff71547652b82fe)
N ← −1 z ← 1022 w ← 0.5 ...
Only floating-point operations are left
→ Can compute 𝐵𝜀 𝑦
𝐽−1
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
75
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
76
−1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
77
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
78
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
79
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
80
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C
81
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C 𝑙 − 0.5 𝑙 + 0.5
82
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C 𝑙 − 0.5 𝑙 + 0.5
83
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑂 = 𝑙
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C 𝑙 − 0.5 𝑙 + 0.5
84
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑂 = 𝑙
𝑦 ∈ 𝑌 ∶ 𝑇 𝑦 ⊂ 𝑙 − 0.5, 𝑙 + 0.5
𝑇(𝑦) = 𝑦 × C 1 + 𝜀 : 𝜀 < 𝜗 𝑦 ×f C 𝑙 − 0.5 𝑙 + 0.5
85
𝑂 = −1 𝑂 = 0 𝑂 = 1 −1 1 𝑌 𝐽−1 𝐽0 𝐽1
𝑂 = 𝑙
be a symbolic abstraction on 𝐽𝑙
max
𝑦∈𝐽𝑙, |𝜀𝑗|<𝜗 𝑓𝑦−𝐵𝜀 𝑦 𝑓𝑦
86
be a symbolic abstraction on 𝐽𝑙
max
𝑦∈𝐽𝑙, |𝜀𝑗|<𝜗 𝑓𝑦−𝐵𝜀 𝑦 𝑓𝑦
87
The constructed intervals do not cover 𝑌 in general
−1 1
input range 𝑌
𝐽−1 𝐽0 𝐽1
88
The constructed intervals do not cover 𝑌 in general
−1 1
input range 𝑌
𝐽−1 𝐽0 𝐽1
89
floating-point numbers
The constructed intervals do not cover 𝑌 in general
−1 1
input range 𝑌
𝐽−1 𝐽0 𝐽1
90
floating-point numbers between intervals
The constructed intervals do not cover 𝑌 in general
−1 1
input range 𝑌
𝐽−1 𝐽0 𝐽1
91
floating-point numbers between intervals
𝑂 = round 𝑦 ×f 𝐷
For 𝑦 =
1 2𝐷 ,
𝑂 would be 0 or 1
0.5 1
92
: abstraction of 𝑦 ×f 𝐷
𝑂 = round 𝑦 ×f 𝐷
For 𝑦 =
1 2𝐷 ,
𝑂 would be 0 or 1
0.5 1
93
: abstraction of 𝑦 ×f 𝐷
𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷)
𝑂 = round 𝑦 ×f 𝐷
For 𝑦 =
1 2𝐷 ,
𝑂 would be 0 or 1
0.5 1
94
: abstraction of 𝑦 ×f 𝐷
𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷)
𝑂 = 0 𝑂 = 1
𝑂 = round 𝑦 ×f 𝐷
For 𝑦 =
1 2𝐷 ,
𝑂 would be 0 or 1
0.5 1
95
: abstraction of 𝑦 ×f 𝐷
𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(2𝐷)
𝑂 = 0 𝑂 = 1
𝑂 = round 𝑦 ×f 𝐷
For 𝑦 =
1 2𝐷 ,
𝑂 would be 0 or 1
𝑦 ×f 𝐷 0.5 1
96
: abstraction of 𝑦 ×f 𝐷
𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(2𝐷)
𝑂 = 0 𝑂 = 1
𝑂 = round 𝑦 ×f 𝐷
For 𝑦 =
1 2𝐷 ,
𝑂 would be 0 or 1
𝑦 ×f 𝐷 0.5 1
97
: abstraction of 𝑦 ×f 𝐷
𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(2𝐷)
𝑂 = 0 𝑂 = 1
𝑂 = round 𝑦 ×f 𝐷
For 𝑦 =
1 2𝐷 ,
𝑂 would be 0 or 1
𝑦 ×f 𝐷 0.5 1
98
: abstraction of 𝑦 ×f 𝐷
𝑦 = 1/(3𝐷) 𝑦 = 1/(1.5𝐷) 𝑦 = 1/(2𝐷)
𝑂 = 0 𝑂 = 1
be a symbolic abstraction on 𝐽𝑙
max
𝑦∈𝐽𝑙, |𝜀𝑗|<𝜗 𝑓𝑦−𝐵𝜀 𝑦 𝑓𝑦
max
𝑦∈𝐼 𝑓𝑦−𝑄 𝑦 𝑓𝑦
99
be a symbolic abstraction on 𝐽𝑙
max
𝑦∈𝐽𝑙, |𝜀𝑗|<𝜗 𝑓𝑦−𝐵𝜀 𝑦 𝑓𝑦
max
𝑦∈𝐼 𝑓𝑦−𝑄 𝑦 𝑓𝑦
100
101
from S3D (a combustion simulation engine)
log: from
<math.h>
RelErr(𝑏, 𝑐) =
𝑏−𝑐 𝑏
102
from S3D (a combustion simulation engine)
log: from
<math.h>
RelErr(𝑏, 𝑐) =
𝑏−𝑐 𝑏
103
5 ULPs
𝑏 𝑐
Interval Bound on ULP error # of intervals # of
𝜀
Size of
exp [−4, 4] 14 13 29 36 sin − 𝜌 2 , 𝜌 2 9 33 53 110 log (0,4) ∖ 4095 4096 , 1 21 221 25 4095 4096 , 1 1 × 1014 1 25
104
Interval Bound on ULP error # of intervals # of
𝜀
Size of
exp [−4, 4] 14 13 29 36 sin − 𝜌 2 , 𝜌 2 9 33 53 110 log (0,4) ∖ 4095 4096 , 1 21 221 25 4095 4096 , 1 1 × 1014 1 25
105
best illustrates the power of our method
x-axis: input value y-axis: ULP error
bounds on the intervals
sin log
106 1014
⋮
x-axis: input value y-axis: ULP error
bounds on the intervals
sin log
107 1014
⋮
0x5fe6eb50c7b537a9 – (x >> 1)
1014 ULPs for log on
4095 4096 , 1
property provides an imprecise abstraction
error analysis beyond 1 + 𝜗 property
6 ULPs for for log on 0,4
108
0x5fe6eb50c7b537a9 – (x >> 1)
1014 ULPs for log on
4095 4096 , 1
property provides an imprecise abstraction
error analysis beyond 1 + 𝜗 property
6 ULPs for for log on 0,4
109
that mix floating-point and bit-level operations
analytical optimization, and testing
110
111