Abstract
Deductive verification has been successful in verifying interesting properties of real-world programs. One notable gap is the limited support for floating-point reasoning. This is unfortunate, as floating-point arithmetic is particularly unintuitive to reason about due to rounding as well as the presence of the special values infinity and `Not a Number' (NaN). In this paper, we present the first floating-point support in a deductive verification tool for the Java programming language. Our support in the KeY verifier handles arithmetic via floating-point decision procedures inside SMT solvers and transcendental functions via axiomatization. We evaluate this integration on new benchmarks, and show that this approach is powerful enough to prove the absence of floating-point special values -- often a prerequisite for further reasoning about numerical computations -- as well as certain functional properties for realistic benchmarks.
Highlights
Deductive verification has been successful in providing functional verification for programs written in popular programming languages such as Java [1, 21, 39, 47], Python [27], Rust [5], C [23, 53], and Ada [17, 48]
4.3 Evaluation of such as automated (SMT) Floating-Point Support. It was reported in previous work [30] that SMT support for floating-point arithmetic is rather limited
We compare the performance of the three major SMT solvers with floating-point support CVC4 (1.8) [7], Z3 (4.8.9) [51] and MathSAT (5.6.3) [20]
Summary
Deductive verification has been successful in providing functional verification for programs written in popular programming languages such as Java [1, 21, 39, 47], Python [27], Rust [5], C [23, 53], and Ada [17, 48]. Deductive verifiers allow a user to annotate methods in a program with pre- and postconditions, from which they automatically generate verification conditions (VCs). These are either proven directly by the verifier itself, or discharged with external tools such as automated (SMT) solvers or interactive proof assistants. While deductive verifiers fully implement many sophisticated data representations (including heap data structures, objects, and ownership), support for floating-point numbers remains rather limited – solely Frama-C and SPARK offer automated support for floating-point arithmetic in C and Ada [30] This state of affairs is at least partially a result of previous limitations in floating-point support in SMT solvers. This makes it possible to prove some goals, which depend on SMT supported theories, by using an SMT solver, while others are proved internally, using KeY’s own automation
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
