Section: New Results
FloatingPoint and Numerical Programs

É. MartinDorel and G. Melquiond worked on integrating the CoqInterval and CoqApprox libraries into a single package. The CoqApprox library is dedicated to computing verified Taylor models of univariate functions so as to compute approximation errors. The CoqInterval library reuses this work to automatically prove bounds on realvalued expressions. A large formalization effort took place during this work, so as to get rid of all the holes remaining in the formal proofs of CoqInterval. It was also the chance to perform a comparison between numerous decision procedures dedicated to proving nonlinear inequalities involving elementary functions. This work has been published in the Journal of Automated Reasoning [18] .

S. Boldo and G. Melquiond, with J.H. Jourdan and X. Leroy (Gallium team, Inria Paris  Rocquencourt) extended the CompCert compiler to get the first formally verified C compiler that provably preserves the semantics of floatingpoint programs This work, published in the Journal of Automated Reasoning [13] , also covers the formalization of numerous algorithms of conversion between integers and floatingpoint numbers.

S. Boldo worked on the fact that $a/\sqrt{\left({a}^{2}+{b}^{2}\right)}$ is always in the interval $[1,1]$ even when operations are done using floatingpoint arithmetic. This reduces to taking the square root of the square of a floatingpoint number as it is the worst case. Results in radix 2 (where $\sqrt{\left({a}^{2}\right)}=\lefta\right$) and other radices (where it might not hold) have been published at the 8th International Workshop on Numerical Software Verification [22] .

S. Boldo worked on programs computing the average of two floatingpoint numbers. As we want to take exceptional behaviors into account, we cannot use the naive formula (x+y)/2 . Based on hints given by Sterbenz, she first wrote an accurate program and formally proved its properties. She also developed and formally proved a new algorithm that computes the correct rounding of the average of two floatingpoint numbers [21] . This was published at the 17th International Conference on Formal Engineering Methods.

P. Roux formalized a theory of numerical analysis for bounding the roundoff errors of a floatingpoint algorithm. This approach was applied to the formal verification of a program for checking that a matrix is semidefinite positive. The challenge here is that testing semidefiniteness involves algebraic number computations, yet it needs to be implemented using only approximate floatingpoint operations. This work has been published in the Journal of Automated Reasoning [19] .

C. Lelay and G. Melquiond worked on formalizing in Coq a numerical domain for the Verasco abstract interpreter built upon the CompCert verified compiler. This abstract domain is a relational domain based on affine forms (zonotopes). It is meant to help verifying floatingpoint programs and it is expected to perform faster (but less accurately) than a more generic domain based on polyhedrons.