A Verified Certificate Checker for Finite-Precision Error Bounds in Coq and HOL4

TL;DR

This paper introduces a formally verified, modular tool for automatically checking the correctness of finite-precision roundoff error bounds in embedded and scientific computing, implemented in Coq and HOL4.

Contribution

It provides the first fully verified, automated certificate checker for finite-precision error bounds in Coq and HOL4, enhancing reliability of static analysis tools.

Findings

Successfully verified error bounds on literature examples

Demonstrated effectiveness with both in-logic and external code execution

Benchmarked verified and unverified implementations for performance comparison

Abstract

Being able to soundly estimate roundoff errors of finite-precision computations is important for many applications in embedded systems and scientific computing. Due to the discrepancy between continuous reals and discrete finite-precision values, automated static analysis tools are highly valuable to estimate roundoff errors. The results, however, are only as correct as the implementations of the static analysis tools. This paper presents a formally verified and modular tool which fully automatically checks the correctness of finite-precision roundoff error bounds encoded in a certificate. We present implementations of certificate generation and checking for both Coq and HOL4 and evaluate it on a number of examples from the literature. The experiments use both in-logic evaluation of Coq and HOL4, and execution of extracted code outside of the logics: we benchmark Coq extracted unverified OCaml code and a CakeML-generated verified binary.