Section: New Results
Automated Reasoning
 A Threetier Strategy for Reasoning about FloatingPoint Numbers in SMT.

The SMTLIB standard defines a formal semantics for a theory of floatingpoint (FP) arithmetic (FPA). This formalization reduces FP operations to reals by means of a rounding operator, as done in the IEEE754 standard. Closely following this description, S. Conchon, M. Iguernlala, K. Ji, G. Melquiond and C. Fumex propose a threetier strategy to reason about FPA in SMT solvers. The first layer is a purely axiomatic implementation of the automatable semantics of the SMTLIB standard. It reasons with exceptional cases (e.g. overflows, division by zero, undefined operations) and reduces finite representable FP expressions to reals using the rounding operator. At the core of the strategy, a second layer handles a set of lemmas about the properties of rounding. For these lemmas to be used effectively, the instantiation mechanism of SMT solvers is extended to tightly cooperate with the third layer, the NRA engine of SMT solvers, which provides interval information. The strategy is implemented in the AltErgo SMT solver and validated on a set of benchmarks coming from the SMTLIB competition, and also from the deductive verification of C and Ada programs. The results show that the approach is promising and compete with existing techniques implemented in stateoftheart SMT solvers. This work was presented at the CAV conference [18].
 Lightweight Approach for Declarative Proofs.

M. Clochard designed an extension of firstorder logic, for describing reasoning steps needed to discharge a proof obligation. The extension is under the form of two new connectives, called proof indications, that allow the user to encode reasoning steps inside a logic formula. This extension makes possible to use the syntax of formulas as a proof language. The approach was presented at the JFLA conference [26] and implemented in Why3. It brings a lightweight mechanism for declarative proofs in an environment like Why3 where provers are used as black boxes. Moreover, this mechanism restricts the scope of auxiliary lemmas, reducing the size of proof obligations sent to external provers.