Formally verifying the accuracy of numerical approximations in scientific software
Date
2014
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
University of Delaware
Abstract
Numerical computation has broad application to a variety of fields. Typically a numerical method yields an approximation to an exact mathematical value, since programs cannot generally handle evaluation of continuous functions at all points. The common way of creating such a method is to discretize continuous functions by restricting them to a mesh. Performing calculations on the mesh provides an approximation to performing calculations on the original function. However, this introduces error. While not the only source of error (round-off error in floating-point operations can be a major consideration), the error in the method itself is in some sense more fundamental. In practice, programs utilizing these approximations often contain defects which introduce additional error.
The order of accuracy of a numerical method relates the scheme's error to the discretization parameters. Scientists must know the accuracy of any numerical approximation, and often prove that the method satisfies the claimed order of accuracy by hand. However, the actual code to implement a method might be more complex and veer from the abstract mathematics.
We show that the claimed order of accuracy of a numerical method implemented in a C program can be (largely) automatically verified using formal methods. The automation cannot be complete, because the problem is undecidable in general and because the programmer must provide some annotations relating the code to the underlying mathematics. These annotations can be kept to a minimum. We have extended the Concurrency Intermediate Verification Language (CIVL) model checker to verify the order of accuracy of a numerical computation. Our method requires annotating C code with information specifying the function and the order of accuracy of the approximation. CIVL parses the annotations with the C code to form a model of the program. The model is symbolically executed, and techniques such as Taylor expansion are then used to relate the program data to the mathematical function. The verifier, with the assistance of a theorem prover, determines either that the assertions hold at all states, or else that they may not hold. If the assertions may not hold, CIVL provides diagnostic information.