You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -200,3 +200,15 @@ related to [advanced features](#advanced-features).
200
200
201
201
Please refer to [Intrinsics](rust-feature-support/intrinsics.md) for information
202
202
on the current support in Kani for Rust compiler intrinsics.
203
+
204
+
### Floating point operations
205
+
206
+
Kani supports floating point numbers, but some supported operations on floats are "over-approximated."
207
+
These are the trigonometric functions like `sin` and `cos` and the `sqrt` function as well.
208
+
This means the verifier can raise errors that cannot actually happen when the code is run normally.
209
+
For instance, ([#1342](https://github.com/model-checking/kani/issues/1342)) the `sin`/`cos` functions basically return a nondeterministic value between -1 and 1.
210
+
In other words, they largely ignore their input and give very conservative answers.
211
+
This range certainly includes the "real" value, so proof soundness is still preserved, but it means Kani could raise spurious errors that cannot actually happen.
212
+
This makes Kani unsuitable for verifying some kinds of properties (e.g. precision) about numerical algorithms.
213
+
Proofs that fail because of this problem can sometimes be repaired by introducing "stubs" for these functions that return a more acceptable approximation.
214
+
However, note that the actual behavior of these functions can vary by platform/os/architecture/compiler, so introducing an "overly precise" approximation may introduce unsoundness: actual system behavior may produce different values from the stub's approximation.
0 commit comments