Floating-point numbers are limited both in range and in precision, yet they are widely used as a way to implement computations on real numbers. Thus arithmetic operations introduce small errors which might be ampli ed during subsequent computations and cause inaccuracies. As such, proving the correctness of a oating-point algorithm usually entails verifying that the computed results are still close enough to some ideal values, despite the method error and the round-o errors. The traditional way to tackle such a veri cation is to perform an error analysis, possibly using automated tools.

Unfortunately, when it comes to the low-level functions found in mathematical libraries, the oating-point code is usually so contrived that this approach falls short. Indeed, just knowing the code is no longer su cient to verify it, one also has to know the mathematical reasons that led to choosing this code in the rst place. This excludes any hope of full automation, yet automated tools are sorely needed, if only because performing a pen-and-paper proof of such functions is long, tedious, and error-prone.

This talk will show some issues speci c to the veri cation of the oating-point functions of a mathematical library, and some methods for solving them automatically. These methods will be exempli ed using Gappa, a tool dedicated to proving the logical formulas that arise during the veri cation of small yet complicated oating-point algorithms. This tool is based on interval arithmetic, expression rewriting, and theorem saturation. For increased con dence, the tool also generates formal proofs which can be veri ed by the Coq proof assistant.