Ariel Kellison’s research while affiliated with Cornell University and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (15)


Fig. 1. An illustration of backward error. The functioñ represents a floating-point implementation of the function . Given the points˜∈points˜ points˜∈ R and ∈ F ⊂ R such that˜(that˜ that˜() = ( ˜ ), the backward error is the distance between and˜.and˜ and˜.
The performance of BBBB benchmarks with known backward error bounds from the literature. The Input Size column gives the length of the input vector or dimensions of the input matrix; the Ops column gives the total number of floating-point operations. The Backward Bound column reports the bounds inferred by BBBB and well as the standard bounds (Std.) from the literature. The Timing column reports the time in seconds for BBBB to infer the backward error bound.
A comparison of forward bounds derived from BBBB's backward error bounds to those of NumFuzz and Gappa. For Gappa, we assume all variables are in the interval [0.1, 1000].
Bean: A Language for Backward Error Analysis
  • Preprint
  • File available

January 2025

·

1 Read

Ariel E. Kellison

·

Laura Zielinski

·

·

Justin Hsu

Backward error analysis offers a method for assessing the quality of numerical programs in the presence of floating-point rounding errors. However, techniques from the numerical analysis literature for quantifying backward error require substantial human effort, and there are currently no tools or automated methods for statically deriving sound backward error bounds. To address this gap, we propose Bean, a typed first-order programming language designed to express quantitative bounds on backward error. Bean's type system combines a graded coeffect system with strict linearity to soundly track the flow of backward error through programs. We prove the soundness of our system using a novel categorical semantics, where every Bean program denotes a triple of related transformations that together satisfy a backward error guarantee. To illustrate Bean's potential as a practical tool for automated backward error analysis, we implement a variety of standard algorithms from numerical linear algebra in Bean, establishing fine-grained backward error bounds via typing in a compositional style. We also develop a prototype implementation of Bean that infers backward error bounds automatically. Our evaluation shows that these inferred bounds match worst-case theoretical relative backward error bounds from the literature, underscoring Bean's utility in validating a key property of numerical programs: numerical stability.

Download

Type-Based Approaches to Rounding Error Analysis

This dissertation explores the design and implementation of programming languages that represent rounding error analysis through typing. The first part of this dissertation demonstrates that it is possible to design languages for forward error analysis, as illustrated with NumFuzz, a functional programming language whose type system expresses quantitative bounds on rounding error. This type system combines a sensitivity analysis, enforced through a linear typing discipline, with a novel graded monad to track the accumulation of rounding errors. We establish the soundness of the type system by relating the denotational semantics of the language to both an exact and floating-point operational semantics. To demonstrate the practical utility of NumFuzz as a tool for automated error analysis, we have developed a prototype implementation capable of automatically inferring error bounds. Our implementation produces bounds competitive with existing tools, while often achieving significantly faster analysis times. The second part of this dissertation explores a type-based approach to backward error analysis with Bean, a first-order programming language with a linear type system that can express quantitative bounds on backward error. Bean's type system combines a graded coeffect system with strict linearity to soundly track the flow of backward error through programs. To illustrate Bean's potential as a practical tool for automated backward error analysis, we implement a variety of standard algorithms from numerical linear algebra in Bean, establishing fine-grained backward error bounds via typing in a compositional style. We also develop a prototype implementation of Bean that infers backward error bounds automatically. Our evaluation shows that these inferred bounds match worst-case theoretical relative backward error bounds from the literature.


Numerical Fuzz: A Type System for Rounding Error Analysis

June 2024

·

4 Reads

·

2 Citations

Proceedings of the ACM on Programming Languages

Algorithms operating on real numbers are implemented as floating-point computations in practice, but floating-point operations introduce roundoff errors that can degrade the accuracy of the result. We propose Λ num , a functional programming language with a type system that can express quantitative bounds on roundoff error. Our type system combines a sensitivity analysis, enforced through a linear typing discipline, with a novel graded monad to track the accumulation of roundoff errors. We prove that our type system is sound by relating the denotational semantics of our language to the exact and floating-point operational semantics. To demonstrate our system, we instantiate Λ num with error metrics proposed in the numerical analysis literature and we show how to incorporate rounding operations that faithfully model aspects of the IEEE 754 floating-point standard. To show that Λ num can be a useful tool for automated error analysis, we develop a prototype implementation for Λ num that infers error bounds that are competitive with existing tools, while often running significantly faster. Finally, we consider semantic extensions of our graded monad to bound error under more complex rounding behaviors, such as non-deterministic and randomized rounding.


Figure 3-1.: Analysis stack for a MBSD embedded controller.
Figure 3-2.: The landscape of formal verification, as described by Leroy [73] (recreated in Pollard [97]). The Holy Grail point represents verification that takes no manual effort without decreasing the strength of claims, which is desirable but unattainable.
The First Tri-Lab Workshop on Formal Verification

·

·

Ariel E. Kellison

·

[...]

·

Heidi K. Thornquist

In this report, we describe the current capabilities and research needs related to formal methods at the NNSA labs. In particular, we identify medium-term and long-term research gaps in programming languages, formalization efforts of complex systems, embedded systems verification, hardware verification, cybersecurity, formal methods usability, workflows, numerical methods, the use of formal methods for artificial intelligence (and its converse, artificial intelligence for formal methods), and collaboration opportunities and considerations on these topics. We conclude with a small number of exemplar research problems related to these topic




Verified Correctness, Accuracy, and Convergence of a Stationary Iterative Linear Solver: Jacobi Method

August 2023

·

19 Reads

·

4 Citations

Lecture Notes in Computer Science

Solving a sparse linear system of the form Ax=b is a common engineering task, e.g., as a step in approximating solutions of differential equations. Inverting a large matrix A is often too expensive, and instead engineers rely on iterative methods, which progressively approximate the solution x of the linear system in several iterations, where each iteration is a much less expensive (sparse) matrix-vector multiplication. We present a formal proof in the Coq proof assistant of the correctness, accuracy and convergence of one prominent iterative method, the Jacobi iteration. The accuracy and convergence properties of Jacobi iteration are well-studied, but most past analyses were performed in real arithmetic; instead, we study those properties, and prove our results, in floating-point arithmetic. We then show that our results are properly reflected in a concrete implementation in the C language. Finally, we show that the iteration will not overflow, under assumptions that we make explicit. Notably, our proofs are faithful to the details of the implementation, including C program semantics and floating-point arithmetic.KeywordsFormal VerificationNumerical Methods Jacobi Method


Verified Numerical Methods for Ordinary Differential Equations

December 2022

·

17 Reads

·

7 Citations

Lecture Notes in Computer Science

Ordinary differential equations (ODEs) are used to model the evolution of the state of a system over time. They are ubiquitous in the physical sciences and are often used in computational models with safety-critical applications. For critical computations, numerical solvers for ODEs that provide useful guarantees of their accuracy and correctness are required, but do not always exist in practice. In this work, we demonstrate how to use the Coq proof assistant to verify that a C program correctly and accurately finds the solution to an ODE initial value problem (IVP). Our verification framework is modular, and concisely disentangles the high-level mathematical properties expected of the system being modeled from the low-level behavior of a particular C program. Our approach relies on the construction of two simple functional models in Coq: a floating-point valued functional model for analyzing the intermediate-level behavior of the program, and a real-valued functional model for analyzing the high-level mathematical properties of the system being modeled by the IVP. Our final result is a proof that the floating-point solution returned by the C program is an accurate solution to the IVP, with a good quantitative bound. Our framework assumes only the operational semantics of C and of IEEE-754 floating point arithmetic.




Citations (7)


... For instance, for our numeric type R, choosing the relative precision metric (Definition 3) proposed by Olver (1978) for the distance function R allows us to prove backward error bounds for a relative notion of error. This idea is reminiscent of type systems capturing function sensitivity (Reed and Pierce, 2010;Kellison and Hsu, 2024); however, the B type system does not capture function sensitivity since this concept does not play a central role in backward error analysis. ...

Reference:

Type-Based Approaches to Rounding Error Analysis
Numerical Fuzz: A Type System for Rounding Error Analysis
  • Citing Article
  • June 2024

Proceedings of the ACM on Programming Languages

... In comparison, for backward error analysis, the formal methods literature is sparse. We are only aware of the LAProof library due to Kellison et al. [32], which provides formal proofs of backward error bounds for linear algebra programs in the Coq proof assistant. ...

LAProof: A Library of Formal Proofs of Accuracy and Correctness for Linear Algebra Programs
  • Citing Conference Paper
  • September 2023

... Formalized specifications of floatingpoint arithmetic have been developed in the Coq (Boldo and Melquiond, 2011), Isabelle (Yu, 2013), and PVS (Paul S., 1995) proof assistants. These specifications have been used to develop sound tools for floating-point error analysis that generate proof certificates, such as VCFloat (Ramananandro et al., 2016;Appel and Kellison, 2024) and PRECiSA (Titolo et al., 2018(Titolo et al., , 2024. They have also been used to mechanize proofs of error bounds for specific numerical programs (e.g., Kellison and Appel (2022) (2023)). ...

VCFloat2: Floating-Point Error Analysis in Coq
  • Citing Conference Paper
  • January 2024

... Recent work done in collaboration with research groups at Princeton and Cornell has resulted in advances in formal proofs of error bounds for numerical kernels [58,59,60]. Ongoing research involves integrating these formal proofs into verified system design stacks. ...

Towards Verified Rounding Error Analysis for Stationary Iterative Methods
  • Citing Conference Paper
  • November 2022

... These specifications have been used to develop sound tools for floating-point error analysis that generate proof certificates, such as VCFloat (Ramananandro et al., 2016;Appel and Kellison, 2024) and PRECiSA (Titolo et al., 2018(Titolo et al., , 2024. They have also been used to mechanize proofs of error bounds for specific numerical programs (e.g., Kellison and Appel (2022) (2023)). Work by Patrick has applied abstract interpretation to verify the absence of floating-point faults in flight-control software, which have caused real-world accidents. ...

Verified Numerical Methods for Ordinary Differential Equations
  • Citing Chapter
  • December 2022

Lecture Notes in Computer Science

... Coil design problems can admit multiple local minima (Miner et al. 2001;Zhu et al. 2017) with large variability in performance of the discovered designs (Wechsung et al. 2022). One remedy of this problem is to use stochastic optimization (Glas et al. 2022;Wechsung et al. 2022), which appears to reduce the variability of the discovered minima. Stochastic optimization of coils has also been explored in Lobsien, Drevlak & Pedersen (2018); Lobsien et al. (2020). ...

Global stochastic optimization of stellarator coil configurations

Journal of Plasma Physics

... We do not take the stability or decidability of any of our atomic or defined relations as axioms. This choice clearly distinguishes our theory from those that take the stability of equality, betweenness, or congruence as axioms [1,2,11]. Instead, we define equivalence, collinearity, betweenness, and congruence (Definitions 3.5, 3.6, 3.7, and 3.10) negatively in terms of a strictly positive atomic relation. ...

Implementing Euclid’s straightedge and compass constructions in type theory

Annals of Mathematics and Artificial Intelligence