Pushing the Boundary on Automated Modular Floating-Point Verification
Rosa Abbasi
Max Planck Institute for Software Systems
27 Mar 2026, 10:00 am - 11:00 am
Kaiserslautern building G26, room 111
SWS Student Defense Talks - Thesis Defense
Floating-point numbers often represent real numbers in computer systems. They
are applicable in many domains, including embedded systems, machine learning,
and scientific computing. Despite their widespread use, they pose some
difficulties. Floating-point numbers and operations typically suffer from
roundoff errors, making computations over floating-points inaccurate with
respect to a real-valued specification. Moreover, the IEEE 754 floating-point
standard, a fundamental element in formalizing floating-point arithmetic for
today’s computers, presents additional challenges due to special values and
resulting unintuitive behaviors. ...
Floating-point numbers often represent real numbers in computer systems. They
are applicable in many domains, including embedded systems, machine learning,
and scientific computing. Despite their widespread use, they pose some
difficulties. Floating-point numbers and operations typically suffer from
roundoff errors, making computations over floating-points inaccurate with
respect to a real-valued specification. Moreover, the IEEE 754 floating-point
standard, a fundamental element in formalizing floating-point arithmetic for
today’s computers, presents additional challenges due to special values and
resulting unintuitive behaviors.
This thesis has three main contributions that address existing gaps in
automated reasoning about floating-point arithmetic, making it easier for
developers and researchers to understand, verify, and trust the floating-point
computations in their programs.
First, we introduce the first floating-point support in a deductive verifier
for the Java programming language. Our support in the KeY verifier
automatically handles floating-point arithmetic and transcendental functions.
We achieve this with a combination of delegation to external SMT solvers on one
hand, and rule-based reasoning within KeY on the other, exploiting the
complementary strengths of both approaches. As a result, this approach can
prove functional floating-point properties for realistic programs.
Second, inspired by KeY’s treatment of method calls and the need for a scalable
roundoff error analysis, we present the first modular optimization-based
roundoff error analysis for non-recursive procedural floating-point programs.
Our key idea is to achieve modularity while maintaining reasonable accuracy by
automatically computing procedure summaries that are a function of the input
parameters. Technically, we extend an existing optimization-based roundoff
error analysis and show how to effectively use first-order Taylor
approximations to compute precise procedure summaries, and how to integrate
those to obtain end-to-end roundoff error bounds.
Third, our experience using SMT solvers to discharge KeY’s floating-point
verification conditions revealed unexpected performance behavior, motivating a
systematic study of floating-point reasoning in SMT solvers. We propose a
metamorphic testing approach that uses semantics-preserving rewrite rules,
focusing on floating-point special values, to uncover unexpected performance
behavior in SMT solvers’ handling of floating-point formulas, such as an
increase in solving time when the SMT queries are simplified. Using real-world
test inputs, our approach can identify such performance bugs for every SMT
solver tested.
Read more