Using Mathematics in Scientific ComputingMcMaster University

CAS 727Design of Numerical Software

Mohammed Alshayeb2/2011

Outlines

• Introduction to Mathematical techniques• Formal Methods• Limits of Formal Methods

Intro. to Mathematical Techniques

• Traditional design validation = Simulation– Choose test cases wisely, measure coverage– But still principally depend on selection of cases

• Formal Methods = Proof of Correctness– Methods with well-defined syntactical and semantical levels. – Both levels are based on mathematical theories (logic,

algebra, set theory, etc.) – It is used in areas where errors can cause loss of life or

significant financial damage. It is used much in floating point arithmetic.

Intro. to Mathematical Techniques

• Real-world numerical catastrophes– Intel FDIV Bug Error in Pentium hardwire floating

point divide circuit. Intel recall in December 1994 & 1997 cost $300 million.

– Patriot missile accident. 26 people were killed because of inaccurate calculation of the time.

– Ariane 5 rocket. Ariane 5 rocket exploded 40 seconds after being launched by European Space Agency.

Intro. to Mathematical Techniques

Verification Coverage

Formal Methods real life

Full coverage of some areas

Full coverage

Formal Methods – ideal case

simulation

Spot coverage

Intro. To Mathematical Techniques

• Use of Formal Methods by Projects

Transp

ort

Nuclear

Defence

Finan

cial

Health

care

Electr

onics

Telec

om

Adminstrati

on

Others0

5

10

15

20

25

30

Project by Application Domain Number of Projects

Project by Application Domain Number of Projects

Intro. To Mathematical Techniques

• Use of Formal Methods by type of Application

Intro. To Mathematical Techniques• Did the use of formal methods have an effect on time, cost, and quality?

No effect Improvement worsening

Time Cost Quality

Formal Methods

• Using Formal Methods– The conventional way of indicating a precondition

and a postcondition for a statement S is • {P} S {Q} where P is the precondition, and Q is the

postcondition “ Hoare triple”• e.g. { x = 0 } x:= x + 1 { x > 0 } is valid iff execution of x :=

x+1 in any state which x is 0 terminates in a state in which x > 0 • Definition of assignment: { E[x := R] } x := E {R}, where R

is postcondition, E is expression.

Formal Methods

• The use of formal methods

Formal Methods

• To apply Formal Methods in Scientific Computing, the domain of a relation must be valid, with respect to the design of logic. – E[ x := R ] ∧ domain( R )– Domain(R) = { x| (y | : (x,y) R) }– e.g. x { x | (y | : -2^16 < x + y < 2 ^ 16)} ( y | : -2^16 < x + y < 2^16)

Formal Method

• For any operation in floating point, the result must be valid for the floating point specification.

• Floating Point x = (−1)^s ×2^e × m, when rounding x’ a rounding error happens, it must be |x – x’/x| <= 2^-p

• Floating-point computations depend on the architecture

Limit of Formal Methods

• Use formal methods as supplements to quality assurance methods not a replacement for them

• Formal methods can increase confidence in a product’s reliability if they are applied skillfully

• Useful for consistency checks, but formal methods cannot guarantee the completeness of a specifications.

• Formal methods must be fully integrated with domain knowledge to achieve positive results.

Questions!!

End

References

• Hardware-independent proofs of numerical programs, Sylvie Boldo, Thi Minh Tuyen Nguyen. 2010

• Formal Methods Applied to a Floating-Point Number System, Geoff Barrett, 1989, IEEE

• Formal Methods: Practice and Experience, Jim Woodcock, University of York

• Stochastic Formal Methods: An application to accuracy of numeric software.

• Limits of Formal Methods, Ralf Kneuper