Static Analysis 28th International

Symposium SAS 2021 Chicago IL USA

October 17 19 2021 Proceedings
Lecture Notes in Computer Science
Cezara Dr■goi (Editor)
Visit to download the full and correct content document:
https://ebookmeta.com/product/static-analysis-28th-international-symposium-sas-202
1-chicago-il-usa-october-17-19-2021-proceedings-lecture-notes-in-computer-science-
cezara-dragoi-editor/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...

Programming Languages and Systems 19th Asian Symposium

APLAS 2021 Chicago IL USA October 17 18 2021
Proceedings 1st Edition Hakjoo Oh

https://ebookmeta.com/product/programming-languages-and-
systems-19th-asian-symposium-aplas-2021-chicago-il-usa-
october-17-18-2021-proceedings-1st-edition-hakjoo-oh-2/

Programming Languages and Systems 19th Asian Symposium

APLAS 2021 Chicago IL USA October 17 18 2021
Proceedings 1st Edition Hakjoo Oh

https://ebookmeta.com/product/programming-languages-and-
systems-19th-asian-symposium-aplas-2021-chicago-il-usa-
october-17-18-2021-proceedings-1st-edition-hakjoo-oh/

Advances in Visual Computing 16th International

Symposium ISVC 2021 Virtual Event October 4 6 2021
Proceedings Part I Lecture Notes in Computer Science
George Bebis
https://ebookmeta.com/product/advances-in-visual-computing-16th-
international-symposium-isvc-2021-virtual-event-
october-4-6-2021-proceedings-part-i-lecture-notes-in-computer-
science-george-bebis/

Software Verification 13th International Conference

VSTTE 2021 New Haven CT USA October 18 19 2021 and 14th
International Workshop NSV 2021 Lecture Notes in
Computer Science 13124 Roderick Bloem (Editor)
https://ebookmeta.com/product/software-verification-13th-
international-conference-vstte-2021-new-haven-ct-usa-
october-18-19-2021-and-14th-international-workshop-
Computer Security ESORICS 2021 26th European Symposium
on Research in Computer Security Darmstadt Germany
October 4 8 2021 Proceedings Part II Lecture Notes in
Computer Science Book 12973
https://ebookmeta.com/product/computer-security-
esorics-2021-26th-european-symposium-on-research-in-computer-
security-darmstadt-germany-october-4-8-2021-proceedings-part-ii-
lecture-notes-in-computer-science-book-12973/

Discovery Science 24th International Conference DS 2021

Halifax NS Canada October 11 13 2021 Proceedings
Lecture Notes in Computer Science Carlos Soares
(Editor)
https://ebookmeta.com/product/discovery-science-24th-
international-conference-ds-2021-halifax-ns-canada-
october-11-13-2021-proceedings-lecture-notes-in-computer-science-
carlos-soares-editor/

Trends in Functional Programming 22nd International

Symposium TFP 2021 Virtual Event February 17 19 2021
Revised Selected Papers Lecture Notes in Computer
Science 12834 Viktória Zsók (Editor)
https://ebookmeta.com/product/trends-in-functional-
programming-22nd-international-symposium-tfp-2021-virtual-event-
february-17-19-2021-revised-selected-papers-lecture-notes-in-
computer-science-12834-viktoria-zsok-editor/

Formal Aspects of Component Software 17th International

Conference FACS 2021 Virtual Event October 28 29 2021
Proceedings Lecture Notes in Computer Science Gwen
Salaün Editor Anton Wijs Editor
https://ebookmeta.com/product/formal-aspects-of-component-
software-17th-international-conference-facs-2021-virtual-event-
october-28-29-2021-proceedings-lecture-notes-in-computer-science-
gwen-salaun-editor-anton-wijs-editor/

Pattern Recognition and Computer Vision 4th Chinese

Conference PRCV 2021 Beijing China October 29 November
1 2021 Proceedings Part IV Lecture Notes in Computer
Science Huimin Ma (Editor)
https://ebookmeta.com/product/pattern-recognition-and-computer-
vision-4th-chinese-conference-prcv-2021-beijing-china-
october-29-november-1-2021-proceedings-part-iv-lecture-notes-in-
 Cezara Drăgoi
Suvam Mukherjee
Kedar Namjoshi (Eds.)
ARCoSS
LNCS 12913

Static Analysis
28th International Symposium, SAS 2021
Chicago, IL, USA, October 17–19, 2021
Proceedings
Lecture Notes in Computer Science 12913
Founding Editors
Gerhard Goos, Germany
Juris Hartmanis, USA

Editorial Board Members

Elisa Bertino, USA Gerhard Woeginger , Germany
Wen Gao, China Moti Yung, USA
Bernhard Steffen , Germany

Advanced Research in Computing and Software Science

Subline of Lecture Notes in Computer Science

Subline Series Editors

Giorgio Ausiello, University of Rome ‘La Sapienza’, Italy
Vladimiro Sassone, University of Southampton, UK

Subline Advisory Board

Susanne Albers, TU Munich, Germany
Benjamin C. Pierce, University of Pennsylvania, USA
Bernhard Steffen , University of Dortmund, Germany
Deng Xiaotie, Peking University, Beijing, China
Jeannette M. Wing, Microsoft Research, Redmond, WA, USA
More information about this subseries at http://www.springer.com/series/7408
Cezara Drăgoi Suvam Mukherjee
• •

Kedar Namjoshi (Eds.)

Static Analysis
28th International Symposium, SAS 2021
Chicago, IL, USA, October 17–19, 2021
Proceedings

123
Editors
Cezara Drăgoi Suvam Mukherjee
Informal Systems, Inria, ENS, Microsoft Corporation
DI - Ecole Normale Supérieure Redmond, WA, USA
Paris, France
Kedar Namjoshi
Nokia Bell Labs
Murray Hill, NJ, USA

ISSN 0302-9743 ISSN 1611-3349 (electronic)

Lecture Notes in Computer Science
ISBN 978-3-030-88805-3 ISBN 978-3-030-88806-0 (eBook)
https://doi.org/10.1007/978-3-030-88806-0
LNCS Sublibrary: SL2 – Programming and Software Engineering

© Springer Nature Switzerland AG 2021

This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the
material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation,
broadcasting, reproduction on microfilms or in any other physical way, and transmission or information
storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now
known or hereafter developed.
The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication
does not imply, even in the absence of a specific statement, that such names are exempt from the relevant
protective laws and regulations and therefore free for general use.
The publisher, the authors and the editors are safe to assume that the advice and information in this book are
believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors
give a warranty, expressed or implied, with respect to the material contained herein or for any errors or
omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in
published maps and institutional affiliations.

This Springer imprint is published by the registered company Springer Nature Switzerland AG
The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland
 Preface

This volume contains the proceedings of the 28th edition of the International Static
Analysis Symposium, SAS 2021, held during October 17–19, 2021, in Chicago, USA.
The conference was a co-located event of SPLASH, the ACM SIGPLAN conference
on Systems, Programming, Languages, and Applications: Software for Humanity.
Travel restrictions as a result of the COVID-19 pandemic forced us to organize the
conference in hybrid form.
Static analysis is widely recognized as a fundamental tool for program verification,
bug detection, compiler optimization, program understanding, and software mainte-
nance. The series of Static Analysis Symposia has served as the primary venue for the
presentation of theoretical, practical, and application advances in the area. Previous
symposia were held in Chicago (virtual), Porto, Freiburg, New York, Edinburgh,
Saint-Malo, Munich, Seattle, Deauville, Venice, Perpignan, Los Angeles, Valencia,
Kongens Lyngby, Seoul, London, Verona, San Diego, Madrid, Paris, Santa Barbara,
Venice, Pisa, Paris, Aachen, Glasgow, and Namur.
SAS 2021 called for papers on topics including, but not limited to, abstract domains,
abstract interpretation, automated deduction, data flow analysis, debugging techniques,
deductive methods, emerging applications, model checking, data science, program
optimizations and transformations, program synthesis, program verification, security
analysis, tool environments and architectures, theoretical frameworks, and type
checking. Authors were encouraged to submit artifacts accompanying their papers to
strengthen evaluations and the reproducibility of results. A new feature this year
encouraged short submissions on experience with static analysis tools, industrial
reports, and case studies, along with tool papers, brief announcements of work in
progress, well-motivated discussions of new questions or new areas, etc.
The conference employed a double-blind reviewing process with an author response
period, supported on EasyChair. The Program Committee used a two-round review
process, where each submission received at least three first-round reviews, which the
authors could then respond to. This year, SAS had 40 submitted papers (33 regular, 7
short). Of these, 22 papers were accepted for publication (18 regular, 4 short) and
appear in this volume. The submitted papers were authored by researchers around the
world: from France, the USA, Canada, Germany, the Netherlands, Japan, India, China,
Australia, and several other countries. The author response period was followed by a
two-week Program Committee discussion where consensus was reached on the papers
to be accepted, after a thorough assessment of the relevance and the quality of the
work.
We view the artifacts as being equally important for the success and development of
static analysis as the written papers. It is important for researchers to be able to
independently reproduce experiments, which is greatly facilitated by having the orig-
inal artifacts available. Suvam Mukherjee, the artifact committee chair, set up the
artifact committee and introduced three new features in the artifact review process
vi Preface

which we expect will be carried through in future editions of SAS. The first is the
ability to submit Docker images as artifacts, in addition to Virtual Machine images.
Second, a public archival repository for the artifacts has been set up on Zenodo, hosted
at https://zenodo.org/communities/sas-2021/. Third, artifacts have badges awarded at
three levels: Validated (correct functionality), Extensible (with source code), and
Available (on the Zenodo repository). The artwork for the badges is by Arpita Biswas
(Harvard University) and Suvam Mukherjee. Each artifact was evaluated by three
members of the artifact evaluation committee. SAS had 20 artifact submissions, of
which 16 were accepted, a high percentage.
In addition to the contributed papers, SAS 2021 also featured three invited talks by
distinguished researchers: Gerard Holzmann (Nimble Research, USA), Cristina
Cifuentes (Oracle Labs, Australia), and Mooly Sagiv (Tel Aviv University, Israel). The
Program Committee also selected the recipient of the Radhia Cousot Young Researcher
Best Paper Award, given to a paper with a significant contribution from a student. This
award was instituted in memory of Radhia Cousot, for her fundamental contributions to
static analysis as well as one of the main promoters and organizers of the SAS series of
conferences.
The SAS program would not have been possible without the efforts of many people.
We thank them all. The members of the Program Committee, the artifact evaluation
committee and the external reviewers worked tirelessly to select a strong program,
offering constructive and helpful feedback to the authors in their reviews. The orga-
nizing committee of SPLASH 2021, chaired by Hridesh Rajan (Iowa State University,
USA), and the hybridization committee, chaired by Jonathan Aldrich (CMU, USA),
were tremendously helpful in navigating the conference through these difficult times.
The SAS steering committee provided much needed support and advice. Finally, we
thank Springer for their support of this event as well as for publishing these
proceedings.

October 2021 Cezara Drăgoi

Suvam Mukherjee
Kedar Namjoshi
 Organization

Program Committee Chairs

Cezara Drăgoi Inria, ENS, and Informal Systems, France
Kedar Namjoshi Nokia Bell Labs, USA

Steering Committee
Sandrine Blazy University of Rennes 1, France
Bor-Yuh Evan Chang University of Colorado Boulder and Amazon, USA
Patrick Cousot New York Univ., USA
Thomas Jensen Inria, France
David Pichardie ENS, France
Andreas Podelski University of Freiburg, Germany
Francesco Ranzato University of Padova, Italy
Xavier Rival Inria, France
Mihaela Sighireanu IRIF, France

Program Committee
Gogul Balakrishnan Google, USA
Josh Berdine Facebook, UK
Vijay D’Silva Google, USA
Michael Emmi Amazon Web Services, USA
Constantin Enea University of Paris, IRIF, and CNRS, France
Jerome Feret Inria, France
Roberto Giacobazzi University of Verona and IMDEA, Italy
Patrice Godefroid Microsoft Research, USA
Arie Gurfinkel University of Waterloo, Canada
Ranjit Jhala University of California, San Diego, USA
Burcu Kulahcioglu Ozkan Delft University of Technology, Netherlands
Akash Lal Microsoft Research, India
Francesco Logozzo Facebook, USA
Kenneth L. McMillan University of Texas at Austin, USA
Antoine Miné Sorbonne Université, France
Andreas Podelski University of Freiburg, Germany
Thomas Reps University of Wisconsin–Madison, USA
Xavier Rival Inria, CNRS, and ENS, France
Mihaela Sighireanu IRIF, Université Paris Diderot, France
Gagandeep Singh VMware Research and University of Illinois
Urbana-Champaign, USA
Lenore Zuck University of Illinois at Chicago, USA
viii Organization

Artifact Evaluation Chair

Suvam Mukherjee Microsoft, USA

Artifact Evaluation Committee

Rosa Abbasi Boroujeni MPI-SWS, Germany
Suguman Bansal University of Pennsylvania, USA
Ranadeep Biswas IRIF, Université Paris Diderot and CNRS, France
Ajay Brahmakshatriya Massachusetts Institute of Technology, USA
Marco Campion University of Verona, Italy
Prantik Chatterjee IIT Kanpur, India
Berk Cirisci IRIF, Université Paris Diderot and CNRS, France
Samvid Dharanikota Microsoft Research, India
Peixuan Li Pennsylvania State University, USA
Muhammad Numair Mansur MPI-SWS, Germany
Francesco Parolini Sorbonne Université, France
Nisarg Patel New York University, USA
Stanly Samuel Indian Institute of Science, India
Anton Xue University of Pennsylvania, USA

Additional Reviewers

Berkeley Churchill
David Delmas
Caterina Urban
Raphaël Monat
Thomas Genet
Armaël Guéneau
Invited Talks
 Oracle Parfait: The Flavour of Real-World
Vulnerability Detection and Intelligent
Configuration

Cristina Cifuentes

Oracle Labs
cristina.cifuentes@oracle.com

Abstract. The Parfait static code analysis tool focuses on detecting vulnera-
bilities that matter in C, C++, Java and Python languages. Its focus has been on
key items expected out of a commercial tool that lives in a commercial
organisation, namely, precision of results (i.e., high true positive rate), scala-
bility (i.e., being able to run quickly over millions of lines of code), incremental
analysis (i.e., being able to run over deltas of the code quickly), and usability
(i.e., ease of integration into standard build processes, reporting of traces to the
vulnerable location, etc). Today, Parfait is used by thousands of developers at
Oracle worldwide on a day-to-day basis.
In this presentation we’ll sample a flavour of Parfait – we explore some real
world challenges faced in the creation of a robust vulnerability detection tool,
look into two examples of vulnerabilities that severely affected the Java platform
in 2012/2013 and most machines since 2017, and conclude by recounting what
matters to developers for integration into today’s continuous integration and
continuous delivery (CI/CD) pipelines. Key to deployment of static code anal-
ysis tools is configuration of the tool itself – we present our experiences with use
of machine learning to automatically configure the tool, providing users with a
better out-of-the-box experience.
 Interactive Code Analysis

Gerard J. Holzmann

Nimble Research
gholzmann@acm.org

Abstract. Static code analyzers have become indispensable especially for safety
critical software development. But, they do have a few drawbacks as well.
For starters, and for good reason, the commercial tools can be quite slow, and
they are certainly not suitable for interactive use. I’ll describe a new tool called
Cobra, that I’m currently developing, which can resolve types of queries
interactively, even on very large code bases. Queries can be scripted or prede-
fined in libraries. The tool is designed to be easy to use, and is freely available.
 Pointer Analysis of Bytecode Programs
for Effective Formal Verification of Smart
Contracts

John Toman1, James Wilcox1, and Mooly Sagiv2

1
Certora john
james@certora.com
2
Tel Aviv University
msagiv@acm.org

Abstract. Low-level bytecode programs are difficult to handle by formal rea-

soning, particularly in the case of sound and precise reasoning about memory
operations. There is often no distinguished allocation operation: high-level
object allocations are affected via pointer arithmetic. Type information is lost in
the compilation: the abstraction of memory is simply a flat unstructured array of
bytes. To recover high-level information, a sound pointer analysis is an
invaluable resource. Such an analysis enables optimizations and elucidates
program behavior that would otherwise be obscured in a low-level setting. This
talk describes a new static analysis algorithm we have developed for sound
pointer analysis for low-level bytecode. We make this broad problem tractable
by first restricting our focus to bytecode programs that manage memory via a
bump allocator that operates on a distinguished free pointer. In other words, we
target bytecode programs where memory is divided into disjoint regions, each of
which corresponds to an “object.” Our analysis algorithm uses a novel technique
for mapping updates of a distinguished free pointer to provably non-aliased
abstract addresses, which enables standard pointer analysis techniques. Our
static pointer analysis uses a “trust but verify” approach: we build our analysis
on the expectation that the compiler has properly managed memory via the free
pointer/bump allocator, but at each step, we verify that regions of memory
allocated via the bump allocator are properly disjoint, i.e., every read/write of
memory provably accesses only one, distinct region. This talk discusses our
practical experience using this analysis in verifying smart contracts that run on
the Ethereum Virtual Machine. In particular, we outline multiple high-profile
memory management bugs uncovered by our analysis, and the downstream
optimizations and precision improvements unlocked by our pointer analysis
results.
 Contents

Fast and Efficient Bit-Level Precision Tuning . . . . . . . . . . . . . . . . . . . . . . . 1

Assalé Adjé, Dorra Ben Khalifa, and Matthieu Martel

Hash Consed Points-To Sets. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Mohamad Barbar and Yulei Sui

Backward Symbolic Execution with Loop Folding . . . . . . . . . . . . . . . . . . . 49

Marek Chalupa and Jan Strejček

Accelerating Program Analyses in Datalog by Merging Library Facts . . . . . . 77

Yifan Chen, Chenyang Yang, Xin Zhang, Yingfei Xiong, Hao Tang,
Xiaoyin Wang, and Lu Zhang

Static Analysis of Endian Portability by Abstract Interpretation. . . . . . . . . . . 102

David Delmas, Abdelraouf Ouadjaout, and Antoine Miné

Verified Functional Programming of an Abstract Interpreter . . . . . . . . . . . . . 124

Lucas Franceschino, David Pichardie, and Jean-Pierre Talpin

Disjunctive Interval Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144

Graeme Gange, Jorge A. Navas, Peter Schachte, Harald Søndergaard,
and Peter J. Stuckey

Static Analysis of ReLU Neural Networks with Tropical Polyhedra . . . . . . . . 166

Eric Goubault, Sébastien Palumby, Sylvie Putot, Louis Rustenholz,
and Sriram Sankaranarayanan

Exploiting Verified Neural Networks via Floating Point Numerical Error . . . . 191
Kai Jia and Martin Rinard

Verifying Low-Dimensional Input Neural Networks via Input Quantization. . . 206

Kai Jia and Martin Rinard

Data Abstraction: A General Framework to Handle Program Verification

of Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215
Julien Braine, Laure Gonnord, and David Monniaux

Toward Neural-Network-Guided Program Synthesis and Verification. . . . . . . 236

Naoki Kobayashi, Taro Sekiyama, Issei Sato, and Hiroshi Unno

Selective Context-Sensitivity for k-CFA with CFL-Reachability . . . . . . . . . . 261

Jingbo Lu, Dongjie He, and Jingling Xue
xvi Contents

Selectively-Amortized Resource Bounding . . . . . . . . . . . . . . . . . . . . . . . . . 286

Tianhan Lu, Bor-Yuh Evan Chang, and Ashutosh Trivedi

Reduced Products of Abstract Domains for Fairness Certification

of Neural Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Denis Mazzucato and Caterina Urban

A Multilanguage Static Analysis of Python Programs with Native

C Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Raphaël Monat, Abdelraouf Ouadjaout, and Antoine Miné

Automated Verification of the Parallel Bellman–Ford Algorithm . . . . . . . . . . 346

Mohsen Safari, Wytse Oortwijn, and Marieke Huisman

Improving Thread-Modular Abstract Interpretation . . . . . . . . . . . . . . . . . . . 359

Michael Schwarz, Simmo Saan, Helmut Seidl, Kalmer Apinis,
Julian Erhard, and Vesal Vojdani

Thread-Modular Analysis of Release-Acquire Concurrency. . . . . . . . . . . . . . 384

Divyanjali Sharma and Subodh Sharma

Symbolic Automatic Relations and Their Applications to SMT

and CHC Solving . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 405
Takumi Shimoda, Naoki Kobayashi, Ken Sakayori, and Ryosuke Sato

Compositional Verification of Smart Contracts Through

Communication Abstraction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Scott Wesley, Maria Christakis, Jorge A. Navas, Richard Trefler,
Valentin Wüstholz, and Arie Gurfinkel

Automatic Synthesis of Data-Flow Analyzers . . . . . . . . . . . . . . . . . . . . . . . 453

Xuezheng Xu, Xudong Wang, and Jingling Xue

Author Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 479

 Fast and Efficient Bit-Level Precision
Tuning

Assalé Adjé1 , Dorra Ben Khalifa1(B) , and Matthieu Martel1,2

1
LAMPS Laboratory, University of Perpignan, 52 Av. P. Alduy, Perpignan, France
{assale.adje,dorra.ben-khalifa,matthieu.martel}@univ-perp.fr
2
Numalis, Cap Omega, Rond-point Benjamin Franklin, Montpellier, France

Abstract. In this article, we introduce a new technique for precision

tuning. This problem consists of finding the least data types for numerical
values such that the result of the computation satisfies some accuracy
requirement. State of the art techniques for precision tuning use a trial-
and-error approach. They change the data types of some variables of the
program and evaluate the accuracy of the result. Depending on what is
obtained, they change more or less data types and repeat the process.
Our technique is radically different. Based on semantic equations, we
generate an Integer Linear Problem (ILP) from the program source code.
Basically, this is done by reasoning on the most significant bit and the
number of significant bits of the values which are integer quantities.
The integer solution to this problem, computed in polynomial time by a
classical linear programming solver, gives the optimal data types at the
bit level. A finer set of semantic equations is also proposed which does
not reduce directly to an ILP problem. So we use policy iteration to find
the solution. Both techniques have been implemented and we show that
our results encompass the results of state-of-the-art tools.

Keywords: Static analysis · Computer arithmetic · Integer linear

problems · Numerical accuracy · Policy iteration

1 Introduction

Let us consider a program P computing some numerical result R, typically but

not necessarily in the IEEE754 floating-point arithmetic [1]. Precision tuning
then consists of finding the smallest data types for all the variables and expres-
sions of P such that the result R has some desired accuracy. These last years,
much attention has been paid to this problem [8,11,14,16,17,24]. Indeed, preci-
sion tuning makes it possible to save memory and, by way of consequence, it has
a positive impact on the footprint of programs concerning energy consumption,
bandwidth usage, computation time, etc.
A common point to all the techniques cited previously is that they fol-
low a trial-and-error approach. Roughly speaking, one chooses a subset S of
the variables of P , assigns to them smaller data types (e.g. binary32 instead
c Springer Nature Switzerland AG 2021
C. Drăgoi et al. (Eds.): SAS 2021, LNCS 12913, pp. 1–24, 2021.
https://doi.org/10.1007/978-3-030-88806-0_1
2 A. Adjé et al.

of binary64 [1]) and evaluates the accuracy of the tuned program P  . If the
accuracy of the result returned by P  is satisfying then new variables are included
in S or even smaller data types are assigned to certain variables already in S (e.g.
binary16). Otherwise, if the accuracy of the result of P  is not satisfying, then
some variables are removed from S. This process is applied repeatedly, until a sta-
ble state is found. Existing techniques differ in their way to evaluate the accuracy
of programs, done by dynamic analysis [14,16,17,24] or by static analysis [8,11]
of P and P  . They may also differ in the algorithm used to define S, delta debug-
ging being the most widespread method [24]. A notable exception is FPTuner [8]
which relies on a local optimization procedure by solving quadratic problems for
a given set of candidate datatypes. A more exhaustive state-of-the-art about pre-
cision tuning techniques is given in [7].
Anyway all these techniques suffer from the same combinatorial limitation: If
P has n variables and if the method tries k different data types then the search
space contains k n configurations. They scale neither in the number n of variables
(even if heuristics such as delta debugging [24] or branch and bound [8] reduce
the search space at the price of optimality) or in the number k of data types
which can be tried. In particular, bit level precision tuning, which consists of
finding the minimal number of bits needed for each variable to reach the desired
accuracy, independently of a limited number k of data types, is not an option.
So the method introduced in this article for precision tuning of programs is rad-
ically different. Here, no trial-and-error method is employed. Instead, the accuracy
of the arithmetic expressions assigned to variables is determined by semantic equa-
tions, in function of the accuracy of the operands. By reasoning on the number of
significant bits of the variables of P and knowing the weight of their most signifi-
cant bit thanks to a range analysis performed before the tuning phase (see Sect. 3),
we are able to reduce the problem to an Integer Linear Problem (ILP) which can be
optimally solved in one shot by a classical linear programming solver (no iteration).
Concerning the number n of variables, the method scales up to the solver limita-
tions and the solutions are naturally found at the bit level, making the parameter
k irrelevant. An important point is that the optimal solution to the continuous lin-
ear programming relaxation of our ILP is a vector of integers, as demonstrated in
Sect. 4.2. By consequence, we may use a linear solver among real numbers whose
complexity is polynomial [25] (contrarily to the linear solvers among integers whose
complexity is NP-Hard [22]). This makes our precision tuning method solvable in
polynomial-time, contrarily to the existing exponential methods. Next, we go one
step further by introducing a second set of semantic equations. These new equa-
tions make it possible to tune even more the precision by being less pessimistic on
the propagation of carries in arithmetic operations. However the problem does not
reduce any longer to an ILP problem (min and max operators are needed). Then
we use policy iteration (PI) [9] to find efficiently the solution.
Both methods have been implemented inside a tool for precision tuning
named POP. Formerly, POP was expressing the precision tuning problem as
a set of first order logical propositions among relations between linear integer
expressions [2–4,6]. An SMT solver (Z3 in practice [21]) was used repeatedly to
find the existence of a solution with a certain weight expressing the number of
 Fast and Efficient Bit-Level Precision Tuning 3

significant bits (nsb) of variables. In the present article, we compare experimen-

tally our new methods to the SMT based method previously used by POP and
to the Precimonious tool [14,24]. These experiments on programs coming from
mathematical libraries or other applicative domains such as IoT [2,3] show that
the technique introduced in this article for precision tuning clearly encompasses
the state of the art techniques.
The rest of this article is organized as follows. In the next section, we provide
a motivating example. We then present in Sect. 3 some essential background on
the functions needed for the constraint generation and also we detail the set
of constraints for both ILP and PI methods. Section 4 presents the proofs of
correctness. We end up in Sect. 5 by showing that our new technique exhibits
very good results in practice before concluding in Sect. 6.

2 Running Example
A motivating example to better explain our method is given by the code snippet
of Fig. 1. In this example, we aim at modeling the movement of a simple pendu-
lum without damping. Let l = 0.5 m be the length of this pendulum, m = 1 kg
its mass and g = 9.81 m · s−2 Newton’s gravitational constant. We denote by
θ the tilt angle in radians as shown in Fig. 1 (initially θ = π4 ). The Equation
describing the movement of the pendulum is given in Eq. (1).
d2 θ
m·l· = −m · g · sin θ (1)
dt2
Equation (1) being a second order differential equation. We need to transform it
into a system of two first order differential equations for resolution. We obtain
y1 = θ and y2 = dθ dt . By applying Euler’s method to these last equations, we
obtain Eq. (2) implemented in Fig. 1.
dy1 dy2 g
= y2 and = − · sin y1 (2)
dt dt l

The key point of our technique is to generate a set of constraints for each
statement of our imperative language introduced further in Sect. 3. For our exam-
ple, we suppose that all variables, before POP analysis, are in double precision
(source program in the top left corner of Fig. 1) and that a range determination is
performed by dynamic analysis on the program variables (we plan to use a static
analyzer in the future). POP assigns to each node of the program’s syntactic tree
a unique control point in order to determine easily the number of significant bits
of the result as mentioned in the bottom corner of Fig. 1. Some notations can be
highlighted about the structure of POP source code. For instance, the annota-
tion g1 = 9.810 denotes that this instance of g has the unique control point 1 .
As well, we have the statement require nsb(y2,20) which informs the tool that
the user wants to get on variable y2 only 20 significant bits (we consider that a
result has n significants if the relative error between the exact and approximated
results is less than 2−n ). Finally, the minimal precision needed for the inputs
4 A. Adjé et al.

1 g = 9.81; l = 0.5;
2 y1 = 0.785398; y2 = 0.785398;
3 h = 0.1; t = 0.0;
4 while (t <10.0) {
5 y1new = y1 + y2 * h ; l
6
7
aux1 = sin ( y1 ) ;
aux2 = aux1 * h * g / l ;
θ
8 y2new = y2 - aux2 ;
9 t = t + h;
10 y1 = y1new ; y2 = y2new ;
11 };
12 require_nsb ( y2 ,20) ;

1 g 1 = 9.81 0 ; l 3 = 0.5 2 ; 1 g |20| = 9.81|20|; l |20| = 1.5|20|;

2 y1 5 = 0.785398 4 ; y2 7 = 0.785398 6 ;
3 h 9 = 0.1 8 ; t 11 = 0.0 10 ;
4 while ( t 13 < 15 10.0 14 ) 59 {
5 y1new 24 = y1 17 + 23 y2 19 * 22 h 21 ;
6 aux1 28 = sin ( y1 26 ) 27 ;
7 aux2 40 = aux1 30 * 39 h 32
8 * 38 g 34 / 37 l 36 ;
9 y2new 46 = y2 42 - 45 aux2 44 ;
10 t 52 = t 48 + 51 h 50 ;
11 y1 55 = y1new 54 ; y2 58 = y2new 57 ;
12 };
13 require_nsb ( y2 ,20) 61 ;
2 y1 |29| = 0.785398|29|; y2 |21| =
0.0|21|;
3 h |21| = 0.1|21|; t |21| = 0.0|21|;
4 while (t <1.0) {
5 y1new |20| = y1 |21| +|20| y2 |21|
6 *|22| h |21|;
7 aux1 |20| = sin ( y1 |29|) |20|;
8 aux2 |20| = aux1 |19| *|20| h |18|
9 *|19| g |17| /|18| l |17|;
10 y2new |20| = y2 |21| -|20| aux2 |18|;
11 t |20| = t |21| +|20| h |17|;
12 y1 |20| = y1new |20|; y2 |20|= y2new
|20|;
13 };
14 require_nsb ( y2 ,20) ;

π
Fig. 1. Top left: source program. Top right: pendulum movement for θ = 4
. Bottom
left: program annotated with labels and with inferred accuracies (right).

and intermediary results satisfying the user assertion is observed on the bottom
right corner of Fig. 1. In this code, if we consider for instance lines 5 and 6,
then y1new|20| means that the variable needs 20 significant bits at this point.
Similarly, y1 and y2 need 21 bits each and the addition requires 20 bits.
In the next section, we detail the ILP and PI formulations for precision tuning
implemented in POP. Also, we show the nature of constraints generated for the
pendulum example and consequently the new data types already presented in
Fig. 1. Note that our tool achieves precision tuning only. The inputs are the
program and the ranges over the variables of the program. We insist on the fact
that POP is not able to produce those ranges or to verify the correctness of
the input ranges. Those ranges are understood as intervals. This range inference
is completely external to our tool and has to be performed by an invariant
generator or an analyzer. To simplify the implementation, we use a dynamic
analysis which produces an under-approximation under the form of intervals.
Static analyzers with sophisticated abstract domains could be used such as [10].
In particular the efficiency of our techniques for loops depends on the precision
of the range analysis for loops. The sensibility of our precision tuning to the
estimate of the ranges depends on the following point. We use in the tuning
phase the ufp of the values. So we are sensible to the order of magnitude of the
ranges but not to the exact values. For example, we will obtain the same tuning
with the ranges [3.4, 6.1] and [2.5, 7.8]. But, obviously we get a worst tuning if
we use [0.0, 1000.0].
 Fast and Efficient Bit-Level Precision Tuning 5

3 Generation of Constraints for Bit-Level Tuning

In this section, we start with providing essential definitions for understanding the
rest of the article. Also, we define a simple imperative language from which we
generate semantic equations in order to determine the least precision needed for
the program numerical values. Then, we will focus on the two sets of constraints
obtained when using the simple ILP and the more complex PI formulation which
optimizes the carry bits that propagate throughout computations.

3.1 Preliminary Notations and Definitions

Our technique is independent of a particular computer arithmetic (e.g. IEEE754

[1] and POSIT [15]). In fact, we manipulate numbers for which we know the
unit in the first place (ufp) and the number of significant digits (nsb). We also
assume that the constants occurring in the source codes are exact and we bound
the errors introduced by the finite precision computations. Then, in the following,
ufpe (x) and nsbe (x) denote the ufp and nsb of the error on x (note that nsbe (x)
may be infinite in some cases). These functions are defined hereafter and a more
intuitive presentation is given in Fig. 2.
Unit in the First Place. The unit in the first place of a real number x (possibly
encoded up to some rounding mode by a floating-point or a fixpoint number) is
given in Eq. (3). This function is independent of the representation of x.

min{i ∈ Z : 2i+1 > |x|} = log2 (|x|) if x = 0,
ufp(x) = (3)
0 if x = 0.

Number of Significant Bits. Intuitively, nsb(x) is the number of significant

bits of x. Let x̂ the approximation of x in finite precision and let ε(x) = |x − x̂|
be the absolute error. Following Parker [23], if nsb(x) = k, for x = 0, then

ε(x) ≤ 2ufp(x)−k+1 (4)

In addition, if x = 0 then nsb(x) = 0. For example, if the exact binary value

1.0101 is approximated by either x = 1.010 or x = 1.011 then nsb(x) = 3.
Unit in the Last Place. The unit in the last place ulp of x is defined by

ulp(x) = ufp(x) − nsb(x) + 1. (5)

Computation Errors. The unit in the first place of the error on x is ufpe (x) =
ufp(x) − nsb(x). The number of significant bits of the computation error on x
is denoted nsbe (x). It is used to optimize the function ξ defined in Eq. (6). As
mentioned earlier, we assume that there is no error on any constant c arising
in programs, i.e. nsbe (c) = 0. Nevertheless, the nsbe of the results of elementary
operations may be greater than 0. For instance, if we add two constants c1 , c2
in x such that ufpe (c1 ) ≥ ufpe (c2 ) then nsbe (x) = ufpe (c1 ) − (ufpe (c2 ) − nsbe (c2 ))
which corresponds to the nsb of the resulting error (see Fig. 2). The unit in
6 A. Adjé et al.

the last place of the computation error on x is denoted ulpe (x) and we have
ulpe (x) = ufpe (x) − nsbe (x) + 1.
Carry Bit. During an operation between two numbers c1 and c2 , a carry bit
can be propagated through the operation. We model the carry bit by a function
denoted ξ computed as shown in Fig. 2:
If the ulp of one of the two operands c1 ufp ulp ufpe ulpe

or c2 is greater than the ufp of the other

nsb nsbe
one (or conversely) then c1 and c2 are not
aligned and ξ = 0 (otherwise ξ = 1). Recall ulpe
ξ=0
that, for a number x, we have ufpe (x) =
ufp(x) − nsb(x). In Sect. 3.3, we will use the ufp e

ξ function to optimize the error terms. The +

over-approximation of ξ by supposing that
it is always equal to 1 leads to the analysis =
of Sect. 3.2. However, when many operations
are done in a program which has to compute ulp e
ξ=1
with some tens of nsb, adding one bit is far
from being negligible. Consequently, a refined ufpe

analysis is presented in Sect. 3.3 where ξ is +

formulated by min and max operators. Let
c1 and c2 be the operands of some operation =
whose result is x. The optimized ξ function 1 carry bit
of Sect. 3.3 is given by
⎧ Fig. 2. Schematic representation of
⎪
⎨0 ulpe (c1 ) ≥ ufpe (c2 ),
ufp, nsb and ulp for values and
ξ(x)(c1 , c2 ) = 0 ulpe (c2 ) ≥ ufpe (c1 ),
⎪
⎩ errors. Representation of the carry
1 otherwise. bit function ξ.

In Fig. 5, an equivalent yet less intuitive def-

inition of ξ is used which corresponds to Eq. (6) in Lemma 1.
Lemma 1. Let c1 and c2 be the operands of some operation whose result is x.

0 ufpe (c1 ) − nsbe (c1 ) ≥ ufp(c2 ) − nsb(c2 ) or conversely,
ξ(x)(c1 , c2 ) = (6)
1 otherwise.

 ∈ Lab x ∈ Id  ∈ {+, -, ×, ÷} math ∈ {sin, cos, tan, arcsin, log, . . .}

 
Expr  e : e ::= c#p | x | e11  e22 | math(e1 ) | sqrt(e1 )
   1  0  
Cmd  c : c ::= c11 ; c22 |x= e | while b do c11 | if  b0 then c11 else c2 | require nsb(x, n)

Fig. 3. Language of input programs.

3.2 Integer Linear Problem Formulation

First, we define in Fig. 3 the simple imperative language in which our input
programs are written.
 Fast and Efficient Bit-Level Precision Tuning 7

We denote by Id the set of identifiers and by Lab the set of control points
of the program as a means to assign to each element e ∈ Expr and c ∈ Cmd
a unique control point  ∈ Lab. First, in c#p, p indicates the initial number
of significant bits of the constant c in the source code. Next, the statement
require nsb(x, n) indicates the minimal number of significant bits n that a
variable x must have at a control point . The rest of the grammar is standard.
As we have mentioned, we are able to reduce the problem of determining the
lowest precision on variables and intermediary values in programs to an Integer
Linear Problem (ILP) by reasoning on their unit in the first place (ufp) and the
number of significant bits (nsb). In addition, we assign to each control point  an
integer variable nsb() corresponding to the nsb of the arithmetic expressions.
Note that nsb() is determined by solving the ILP generated by the rules of
Fig. 4. Let us also mention that, in order to avoid cumbersome notations, the
constraints introduced hereafter assume that the programs handle scalar values
instead of the intervals given by the range analysis. A generalisation to intervals
is introduced in [18] for a comparable (yet not linear) set of constraints.
Let us now focus on the rules of Fig. 4 where  : Id → Id × Lab is an
environment which relates each identifier x to its last assignment x : Assuming
that x := e1 is the last assignment of x, the environment  maps x to x . Then,
E[e]  generates the set of constraints for an expression e ∈ Expr in the envi-
ronment . In the sequel, we formally define these constraints for each element
of our language. No constraint is generated for a constant c#p as mentioned in
Rule (Const) of Fig. 4. For Rule (Id) of a variable x , we require that the nsb
at control point  is less than its nsb in the last assignment of x given in (x).
For a binary operator  ∈ {+, −, ×, ÷}, we first generate the set of constraints
E[e11 ] and E[e22 ] for the operands at control points 1 and 2 . Considering
Rule (Add), the result of the addition of two numbers is stored in control point
. Recall that a range determination is performed before the accuracy analysis,
ufp(), ufp(1 ) and ufp(2 ) are known at constraint generation time.
In the present ILP of Fig. 4, we over-approximate the function ξ by
ξ()(1 , 2 ) = 1 for all , 1 and 2 . To wrap up, for the addition (Rule (Add)),
we have the nsb() = ufp() − ufpe (). More precisely, let us consider the addition
c11 + c22 and let us assume that prec() denotes the precision of this operation.
The error ε() is bound by ε(c11 + c22 ) ≤ ε(c11 ) + ε(c22 ) + 2ufp(c1 +c2 )−prec() and
 
ufpe () = max ufp(1 ) − nsb(1 ), ufp(2 ) − nsb(2 ), ufp(l) − prec() + ξ()(1 , 2 )
(7)
Since nsb() ≤ prec(), we may get rid of the last term in Eq. (7) and the two
constraints generated for Rule (ADD) are derived from Eq. (8).

nsb() ≤ ufp() − max ufp(1 ) − nsb(1 ), ufp(2 ) − nsb(2 ) − ξ()(1 , 2 ) (8)
8 A. Adjé et al.

 
E[c#p ] = ∅ (Const) E[x ] = nsb((x)) ≥ nsb() (Id)

E[e11 + e22 ] = E[e11 ] ∪ E[e22 ]

∪
(Add)
{nsb(1 ) ≥ nsb() + ufp(1 ) − ufp() + ξ()(1 , 2 ),
nsb(2 ) ≥ nsb() + ufp(2 ) − ufp() + ξ()(1 , 2 )}

E[e11 − e22 ] = E[e11 ] ∪ E[e22 ]

∪
(Sub)
{nsb(1 ) ≥ nsb() + ufp(1 ) − ufp() + ξ()(1 , 2 ),
nsb(2 ) ≥ nsb() + ufp(2 ) − ufp() + ξ()(1 , 2 )}

E[e11 × e22 ] = E[e11 ] ∪ E[e22 ]

∪ (Mult)
{nsb(1 ) ≥ nsb() + ξ()(1 , 2 ) − 1, nsb(2 ) ≥ nsb() + ξ()(1 , 2 ) − 1}

E[e11 ÷ e22 ] = E[e11 ] ∪ E[e22 ]

∪ (Div)
{nsb(1 ) ≥ nsb() + ξ()(1 , 2 ) − 1, nsb(2 ) ≥ nsb() + ξ()(1 , 2 ) − 1}
√    
E e1  = E[e11 ] ∪ nsb(1 ) ≥ nsb() (Sqrt)
    

E φ e1  = E[e11 ] ∪ nsb(1 ) ≥ nsb()+ϕ with φ ∈ {sin, cos, tan, log, . . .} (Math)
  
C x:= e1  = C,  [x → ] where C = E[e11 ] ∪ {nsb(1 ) ≥ nsb()} (Assign)
  
C c11 ;c22  = C1 ∪ C2 , 2
      (Seq)
where C1 , 1 = C c11  and C2 , 2 = C c22 1

C[if e0 then c1 else c2 ]  = (C1 ∪ C2 ∪ C3 ,  )

∀x ∈ Id,  (x) = , (C1 , 1 ) = C[c11 ] , (C2 , 2 ) = C[c22 ] , (Cond)
where C3 = {nsb(1 (x)) ≥ nsb(), nsb(2 (x)) ≥ nsb()}
x∈Id

C[while e0 do c1 ]  = (C1 ∪ C2 ,  )

∀x ∈ Id,  (x) = , (C1 , 1 ) = C[c11 ]  (While)
where C2 = {nsb((x)) ≥ nsb(), nsb(1 (x)) ≥ nsb()}
x∈Id
 
C[require nsb(x, p) ] = nsb((x)) ≥ p (Req)

ξ()(1 , 2 ) = 1

Fig. 4. ILP constraints with pessimistic carry bit propagation ξ = 1.

Rule (Sub) for the subtraction is obtained similarly to the addition case. For Rule
(Mult) of multiplication (and in the same manner Rule(Div)), the reasoning
mimics the one of the addition. Let c1 and c2 be two numbers and c the result
of their product, c = c11 × c22 . We denote by ε(c1 ), ε(c2 ) and ε(c) the errors
 Fast and Efficient Bit-Level Precision Tuning 9

on c1 , c2 and c, respectively. The error ε(c) of this multiplication is ε(c) =

c1 · ε(c2 ) + c2 · ε(c1 ) + ε(c1 ) · ε(c2 ). These numbers are bounded by

2ufp(c1 ) ≤ c1 ≤ 2ufp(c1 )+1 and 2ufp(c1 )−nsb(c1 ) ≤ ε(c1 ) ≤ 2ufp(c1 )−nsb(c1 )+1
2ufp(c2 ) ≤ c2 ≤ 2ufp(c2 )+1 and 2ufp(c2 )−nsb(c2 ) ≤ ε(c2 ) ≤ 2ufp(c2 )−nsb(c2 )+1
(9)
2ufp(c1 )+ufp(c2 )−nsb(c2 ) + 2ufp(c2 )+ufp(c1 )−nsb(c1 ) ≤ ε(c) ≤ 2ufp(c)−nsb(c)+1
+2ufp(c1 )+ufp(c2 )−nsb(c1 )−nsb(c2 )

We get rid of the last term 2ufp(c1 )+ufp(c2 )−nsb(c1 )−nsb(c2 ) of the error ε(c) which
is strictly less than the former two ones. By assuming that ufp(c1 + c2 ) = ufp(c)
and by reasoning on the exponents, we obtain the equations of Rule (Mult).

nsb(1 ) ≥ nsb() + ξ()(1 , 2 ) − 1 and nsb(2 ) ≥ nsb() + ξ()(1 , 2 ) − 1 .

The accuracy of math functions depends on each implementation (for exam-

ple this is not in the IEEE754 Standard). It is then difficult to propose something
independent of the user’s library. Then, for the elementary functions such as log-
arithm, exponential and the hyperbolic and trigonometric functions gathered in
Rule (Math), each implementation has its own nsb which we have to know to
model the propagation of errors in our analyses. To cope with this limitation,
we consider that each elementary function introduces a loss of precision of ϕ
bits, where ϕ ∈ N is a parameter of the analysis and consequently of our tool,
POP. In future work, we plan to reverse the question and to let the tool find
the minimal accuracy needed for functions by including their accuracy in the
constraint systems.
The rules of commands are rather classical, we use control points to distin-
guish many assignments of the same variable and also to implement joins in
conditions and loops. Given a command c and an environment , C[c]  returns
a pair (C,  ) made of a set C of constraints and of a new environment  . The
function C is defined by induction on the structure of commands in Figs. 4 and 5.
For conditionals, we generate the constraints for the then and else branches
plus additional constraints to join the results of both branches. Currently, we
do not take care of the guards. As a result, we analyze both the then and else
branches of the if statement with the whole environment. This is correct but it
is a source of imprecision. Concerning loops, we relate the number of significants
bits at the end of the body to the nsb of the same variables and the beginning
of the loop as shown in Rule (While).
Back to Line 5 of the pendulum program of Sect. 2, we generate seven con-
straints as shown in Eq. (10).
⎧ ⎫
⎪
⎪ nsb(17 ) ≥ nsb(23 ) + (−1) + ξ(23 )(17 , 22 ) − (−1), ⎪
⎪
⎪
⎪ ⎪
⎪
⎨ nsb(22 ≥ nsb(23 + 0 + ξ(23 )(17 , 22 ) − (1), ⎬
C1 = nsb(19 ) ≥ nsb(22 ) + ξ(22 )(19 , 21 ) − 1, (10)
⎪
⎪ ⎪
⎪
⎪ nsb(21 ) ≥ nsb(22 ) + ξ(22 )(19 , 21 ) − 1,
⎪ ⎪
⎪
⎩ ⎭
nsb(23 ) ≥ nsb(24 ), ξ(23 )(17 , 22 ) ≥ 1, ξ(22 )(19 , 21 ) ≥ 1

The first two constraints are for the addition. As mentioned previously, the ufp
are computed by a prior range analysis. Then, at constraint generation time,
10 A. Adjé et al.

they are constants. For our example, ufp(17 ) = −1. This quantity occurs in the
first constraints. The next two constraints are for the multiplication. The fifth
constraint nsb(23 ) ≥ nsb(24 ) is for the assignment and the last two constraints
are for the constant functions ξ(23 )(17 , 22 ) and ξ(22 )(19 , 21 ), respectively for
the addition and multiplication. For a user requirement of 20 bits on the variable
y2 (all variables are in double precision initially), POP succeeds in tuning the
majority of variables of the pendulum program into single precision with a total
number of bits at bit level equivalent to 274 (originally the program used 689
bits). The new mixed precision formats obtained are: y1new|20| = y1|21| +|20|
y2|22| ×|22| h|22|.

3.3 Policy Iteration for Optimized Carry Bit Propagation

The policy iteration algorithm is used to solve nonlinear fixpoint equations when
the function is written as the infimum of functions for which a fixpoint can
be easily computed. The infimum formulation makes the function not being
differentiable in the classical sense. The one proposed in [9] to solve smallest
fixpoint equations in static analysis requires the fact that the function is order-
preserving to ensure the decrease of the intermediate solutions provided by the
algorithm. In this article, because of the nature of the semantics, we propose a
policy iterations algorithm for a non order-preserving function.
More precisely, let F be a map from a complete lattice L to itself such
that F = inf π∈Π f π . Classical policy iterations solve F (x) = x by generating a
k
sequence (xk )k such that f π (xk ) = xk and xk+1 < xk . The set Π is called the
π
set of policies and f a policy map (associated to π). The set of policy maps
has to satisfy the selection property meaning that for all x ∈ L, there exists
π ∈ Π such that F (x) = f π (x). This is exactly the same as for each x ∈ L, the
minimization problem Minπ∈Π f π (x) has an optimal solution. If Π is finite and
F is order-preserving, policy iterations converge in finite time to a fixpoint of
F . The number of iterations is bounded from above by the number of policies.
Indeed, a policy cannot be selected twice in the running of the algorithm. This
is implied by the fact that the smallest fixpoint of a policy map is computed. In
this article, we adapt policy iterations to the problem of precision tuning. The
function F here is constructed from inequalities depicted in Fig. 4 and Fig. 5.
We thus have naturally constraints of the form F (x) ≤ x. We will give details
about the construction of F at Proposition 1. Consequently, we are interested
in solving:
   
nsb nsb
Min nsb()s.t.F ≤ nsb ∈ NLab , nsbe ∈ NLab (11)
nsb,nsbe nsbe nsbe


Let ξ : Lab → {0, 1}. We write Sξ1 the system of inequalities depicted in Fig. 4
and Sξ2 the system of inequalities presented at Fig. 5. Note that the final system
of inequalities is Sξ = Sξ1 ∪ Sξ2 meaning that we add new constraints to Sξ1 . If
the system Sξ1 is used alone, ξ is the constant function equal to 1. Otherwise, ξ
is defined by the formula at the end of Fig. 5.
 Fast and Efficient Bit-Level Precision Tuning 11

   
E  [c#p ] = nsbe () = 0 (Const ) E  [x ] = nsbe ((x)) ≥ nsbe () (Id )

E  [e11 + e22 ] = E  [e11 ] ∪ E  [e22 ] (Add )

⎧ ∪ ⎫
⎨ nsbe () ≥ nsbe (1 ), nsbe () ≥ nsbe (2 ), ⎬
nsbe () ≥ ufp(1 ) − ufp(2 ) + nsb(2 ) − nsb(1 ) + nsbe (2 ) + ξ()(1 , 2 ),
⎩ ⎭
nsbe () ≥ ufp(2 ) − ufp(1 ) + nsb(1 ) − nsb(2 ) + nsbe (1 ) + ξ()(1 , 2 )
E  [e11 − e22 ] = E  [e11 ] ∪ E  [e22 ] (Sub )
⎧ ∪ ⎫
⎨ nsbe () ≥ nsbe (1 ), nsbe () ≥ nsbe (2 ), ⎬
nsbe () ≥ ufp(1 ) − ufp(2 ) + nsb(2 ) − nsb(1 ) + nsbe (2 ) + ξ()(1 , 2 ),
⎩ ⎭
nsbe () ≥ ufp(2 ) − ufp(1 ) + nsb(1 ) − nsb(2 ) + nsbe (1 ) + ξ()(1 , 2 )
E  [e11 × e22 ] = E  [e11 ] ∪ E  [e22 ] (Mult )
 ∪ 
nsbe () ≥ nsb(1 ) + nsbe (1 ) + nsbe (2 ) − 2, nsbe () ≥ nsb(2 ) + nsbe (2 ) + nsbe (1 ) − 2
E  [e11 ÷ e22 ] = E  [e11 ] ∪ E  [e22 ] (Div )
 ∪ 
nsbe () ≥ nsb(1 ) + nsbe (1 ) + nsbe (2 ) − 2, nsbe () ≥ nsb(2 ) + nsbe (2 ) + nsbe (1 ) − 2
√    
E e1  = E  [e11 ] ∪ nsbe () ≥ nsbe (1 ) (Sqrt )
    
E  φ e1  = E  [e11 ] ∪ nsbe () ≥ +∞ with φ ∈ {sin, cos, tan, log, . . .} (Math )
   
C  x:= e1  = C,  [x → ] where C = E  [e11 ] ∪ {nsbe (1 ) ≥ nsbe ()} (Assign )
        
C  c11 ;c22  = C1 ∪C2 , 2 with C1 , 1 = C  c11  and C2 , 2 = C  c22 1 (Seq )

C  [if e0 then c1 else c2 ]  = (C1 ∪ C2 ∪ C3 ,  )

∀x ∈ Id,  (x) = , (C1 , 1 ) = C  [c11 ] , (C2 , 2 ) = C  [c22 ] , (Cond )
where C3 = {nsbe (1 (x)) ≥ nsbe (), nsbe (2 (x)) ≥ nsbe ()}
x∈Id

C  [while e0 do c1 ]  = (C1 ∪ C2 ,  )

∀x ∈ Id,  (x) = , (C1 , 1 ) = C  [c11 ]  (While )
where C2 = {nsbe ((x)) ≥ nsbe (), nsbe (1 (x)) ≥ nsbe ()}
x∈Id

C  [require nsb(x, p) ] = ∅ (Req )

  
max ufp(2 ) − ufp(1 ) + nsb(1 ) − nsb(2 ) − nsbe (2 ), 0,
ξ()(1 , 2 ) = min
max ufp(1 ) − ufp(2 ) + nsb(2 ) − nsb(1 ) − nsbe (1 ), 0 , 1

Fig. 5. Constraints solved by PI with min and max carry bit formulation.

Proposition 1. The following results hold:

1. Let ξ the constant function equal to 1. The system Sξ1 can be rewritten as
{nsb ∈ NLab | F (nsb) ≤ (nsb)} where F maps RLab to itself, F (NLab ) ⊆
12 A. Adjé et al.

(NLab ) and has coordinates which are the maximum of a finite family of affine
order-preserving functions.
2. Let ξ the function such that ξ() equals the function of Fig. 5. The system Sξ
can be rewritten as {(nsb, nsbe ) ∈ NLab × NLab | F (nsb, nsbe ) ≤ (nsb, nsbe )}
where F maps RLab × RLab to itself, F (NLab × NLab ) ⊆ (NLab × NLab ) and
all its coordinates are the min-max of a finite family of affine functions.

Note that, in the first case, F does not map from RLab × RLab to itself. It
is easy to extend F as a map from RLab × RLab to itself without affecting its
intrinsic behaviour. From Proposition 1, when Sξ is used, we can write F as
F = minπ∈Π f π , where f π is the maximum of a finite family of affine functions
and thus used a modified policy iterations algorithm. The set of policies here is
a map π : Lab → {0, 1}. A choice is thus a vector of 0 or 1. A policy map f π is
a function NLab to itself such that the coordinates are fπ (). If the coordinate
fπ () depends on ξ then ξ() = π(). Otherwise, the function is the maximum
of affine functions and a choice is not required.

Corollary 1. Any feasible solution of Problem (11) satisfies our ILP constraints
of Fig. 4 (or Fig. 5 if ξ is not fixed to 1).


Proposition 2 (Algorithm correctness). The sequence ( ∈Lab nsbk ())0≤k≤K
generated by Algorithm 1 satisfies the following properties:

1. K < +∞ i.e. the sequence is of finite length;

2. 
each term of the sequence
 furnishes a feasible solution for 
Problem (11);
3. nsbk+1
() < nsbk
() if k < K − 1 and ∈Lab nsb () =
K
∈Lab ∈Lab
∈Lab nsb
K−1
();
4. the number k is smaller than the number of policies.

Algorithm 1: Non-monotone Policy Iterations Algorithm

Result: An over-approximation of an optimal solution of Equation 11
1 Let k := 0, S := +∞;
2 Choose π 0 ∈ Π;
3 Select an optimal solution of (nsbk , nsbe k ) the integer linear program:
⎧ ⎫
⎨  ⎬
πk Lab Lab
Min nsb() | f (nsb, nsbe ) ≤ (nsb, nsbe ), nsb ∈ N , nsbe ∈ N ;
⎩ ⎭
∈Lab


if nsbk () < S then

∈Lab
4 S := ∈Lab nsbk ();
k+1
5 Choose π ∈ Π such that F (nsbk , nsbe k ) = f π
k+1
(nsbk , nsbe k );
6 k := k + 1 and go to 3;
7 else
8 Return S and nsbk .
9 end
 Fast and Efficient Bit-Level Precision Tuning 13

Figure 5 displays the new rules that we add to the global system of constraints
in which the only difference is to activate the optimized function ξ instead of
its over-approximation in Fig. 4. As mentioned in Eq. (6), to compute the ulp of
the errors on the operands, we need to estimate the number of bits of the error
nsbe for each operand on which all the rules of Fig. 5 are based. By applying this
reasoning, the problem do not remain an ILP any longer. Let us concentrate on
the rules of Fig. 5. The function E  [e]  generates the new set of constraints for
an expression e ∈ Expr in the environment . For Rule (Const ), the number
of significant bits of the error nsbe = 0 whereas we impose that the nsbe of a
variable x at control point  is less than the last assignment of nsbe in (x) as
shown in Rule (Id ) of Fig. 5. Considering Rule (Add ), we start by generating
the new set of constraints E  [e11 ] and E  [e22 ] on the operands at control points
1 and 2 . Then, we require that nsbe () ≥ nsbe (1 ) and nsbe () ≥ nsbe (2 ) where
the result of the addition is stored at control point . Additionally, nsbe () is
computed as shown hereafter.
   
ufp(1 ) − nsb(1 ) ufp(1 ) − nsb(1 ) − nsbe (1 )
nsbe () ≥ max − min + ξ()(1 , 2 )
ufp(2 ) − nsb(2 ) ufp(2 ) − nsb(2 ) − nsbe (2 )

By breaking the min and max operators, we obtain the constraints on nsbe () of
Rule (Add ). For the subtraction, the constraints generated are similar to the
addition case. Considering now Rule (Mult ), as we have defined in Sect. 3.2,
ε(c) = c1 · ε(c2 ) + c2 · ε(c1 ) + ε(c1 ) · ε(c2 ) where c = c11 × c22 . By reasoning on
ulpe , we bound ε(c) by

ε(c) ≤ 2ufp(c1 ) · 2ufp(c2 )−nsb(c2 )−nsbe (c2 )+1 + 2ufp(c2 ) · 2ufp(c1 )−nsb(c1 )−nsbe (c1 )+1
+2ufp(c2 )+ufp(c1 )−nsb(c1 )−nsb(c2 )−nsbe (c1 )−nsbe (c2 )+2

By selecting the smallest term ufp(c2 ) + ufp(c1 ) − nsb(c1 ) − nsb(c2 ) − nsbe (c1 ) −
nsbe (c2 ) + 2, we obtain that
 
ufp(1 ) + ufp(2 ) − nsb(1 ) ufp(1 ) + ufp(2 ) − nsb(1 )−
nsbe () ≥ max −
ufp(1 ) + ufp(2 ) − nsb(2 ) nsb(2 ) − nsbe (1 ) − nsbe (2 ) + 2

Finally, by simplifying the equation above we found the constraints of Rule

(Mult ) in Fig. 5 (same for Rule (Div )). For Rule (Sqrt ), we generate the
constraints on the expression E  [e11 ] and we require that nsbe of the result
stored at control point  is greater than the nsbe of the expression a control
point 1 . For Rule (Math ), we assume that nsbe () is unbounded. Concerning
the commands, we define the set C  [c]  which has the same function as C defined
in Fig. 4. The reasoning on the commands also remains similar except that this
time we reason on the number of bits of the errors nsbe . The only difference
is in Rule (Req ) where the set of constraints is empty. Let us recall that the
constraints C2 of Fig. 5 are added to the former constraints C1 of Fig. 4 and are
sent to a linear solver (GLPK in practice).
Now, let us take again the pendulum program of Fig. 1. By analyzing Line 5
of our program, we have to add the following set of constraints C2 of Eq. (12),
along with the former set C1 of Eq. (10). In fact, policy iteration makes it possible
to break the min in the ξ(23 )(17 , 22 ) function by choosing the max between
14 A. Adjé et al.

ufp(22 ) − ufp(17 ) − nsb(17 ) − nsb(22 ) − nsbe (17 ) and 0, the max between
ufp(17 ) − ufp(22 ) + nsb(22 ) − nsb(17 ) − nsbe (22 ) and 0 and the constant 1.
Next, it becomes possible to solve the corresponding ILP. If no fixed point is
reached, POP iterates until a solution is found. By applying this optimization,
the new formats are presented in lines 5 and 6 of the bottom right corner of
Fig. 1: y1new|20| = y1|21| +|20| y2|21| ×|22| h|21|. By comparing with
the formats obtained with the ILP formulation, a gain of precision of 1 bit is
observed on variables y2 and h (total of 272 bits at bit level for the optimized
program).
⎧ ⎫
⎪
⎪ nsbe (23 ) ≥ nsbe (17 ), nsbe (23 ) ≥ nsbe (22 ), ⎪
⎪
⎪
⎪ nsb(23 ) ≥ −1 − 0 + nsb(22 ) − nsb(17 ) + nsbe (22 ) + ξ(23 , 17 , 22 ), ⎪
⎪
⎪
⎪ ⎪
⎪
⎪
⎪ ⎪
⎪
⎨ nsbe (23 ) ≥ 0 − (−1) + nsb(17 ) − nsb(22 ) + nsbe (17 ) + ξ(23 , 17 , 22 ), ⎬
C2 = nsbe (23 ) ≥ nsbe (24 ), nsbe (22 ) ≥ nsb(19 ) + nsbe (19 ) + nsbe (21 ) − 2,
⎪
⎪ ⎪
⎪
⎪
⎪ nsbe (22 ) ≥ nsb(21 ) +nsbe (21 ) + nsbe (19 ) − 2, ⎪
⎪
⎪
⎪ ⎪
⎪
⎪
⎪ ξ(23 )(17 , 22 ) = min max 0 − 6 + nsb( 17 ) − nsb( 22 ) − nsbe ( 17 ), 0 , ⎪
⎪
⎩ ⎭
max 6 − 0 + nsb(22 ) − nsb(17 ) − nsbe (22 ), 0 , 1
(12)

4 Correctness

4.1 Soundness of the Constraint System

Let ≡ denote the syntactic equivalence and let e ∈ Expr be an expression. We

write Const(e ) the set of constants occurring in the expression e . For example,
Const(18.01 ×2 x3 +4 12.05 ×6 y 7 +8 z 9 ) = {18.01 , 12.05 }. Also, we denote
by τ : Lab → N a function mapping the labels of an expression to a nsb. The
notation τ |= E[e ] means that τ is the minimal solution to the ILP E[e ].
We write ⊥ the empty environment (dom(⊥ ) = ∅). The small step operational
semantics of our language is displayed in Fig. 6. It is standard, the only originality
being to indicate explicitly the nsb of constants. For the result of an elementary
operation, this nsb is computed in function of the nsb of the operands. Lemma 2
asses the soundness of the constraints for one step of the semantics.

(x) = c#p
x ,  −→ c #p, 

c = c1  c2 , p = ufp(c) − ufpe c #p
 
 ∈ {+, −, ×, ÷}
c11 #p1  c22 #p2 ,  −→ c#p, 
   
e11 ,  −→ e1 1 ,  e22 ,  −→ e2 2 , 
       
e11  e22 ,  −→ e1 1  e22 ,  c11 #p  e22 ,  −→ c11 p  e2 2 , 

Fig. 6. Small step operational semantics of arithmetic expressions.

Another random document with
no related content on Scribd:
Gould, Michael, clerk, 249
Gould, William, lieutenant of marines, 52
Gower, the Hon. John Leveson, rear-admiral, 64;
a ‘tight hand of the watch,’ 65;
used to ‘play hell and turn up Jack,’ ib.;
to get up early, 65–6;
an able tactician, 67;
had an astonishing memory, ib.;
hated puppyism, ib.; 90
Graham, Aaron, admiral’s secretary, 45;
afterwards magistrate at Bow Street, 53
Granger, William, midshipman, 94
Grant, Charles, midshipman, 118
Grant, George, secretary and purser, 124
Grant, Gregory, midshipman, 94
Grasse, Count de, French commander-in-chief, prisoner, 23
Graves, John, midshipman, at Leghorn, 139;
posse of friars, 141;
his afternoon nap disturbed, 149–50, 153
Graves, Lord Thomas, admiral, 10–13
Gray, George, gunner, 96
Greene, Pitt Burnaby, midshipman, 116
Grey, George, gunner, 70
Grey, George, lieutenant, 113
Grindall, Richard, captain, 228
Grouchy, French general, in Bantry Bay, 188
Guichen, Count de, French admiral, 16
Gullet, Christopher, midshipman, 63
Gunter, captain, 180
Hacker, Jerry, the purser, messed by himself, 165;
a miser, 166;
detests midshipmen, 166–7;
curses the peas, 168;
a most unaccountable fellow, 171
Hall, James, boatswain, 53
Hallowell, afterwards Carew, Benjamin, lieutenant, 113
Hamilton, Sir C., captain, 156
Hamilton, Edward, lieutenant, 172–3, 175;
captain, recaptured the Hermione, 176
Hamlin, midshipman, 63
Hamlin, D., midshipman, 63
Hamond, G. E., midshipman, 177
Hancock, Richard Turner, signal midshipman, 116
Hand organs, 20 n., 88
Handkerchiefs, black silk, worn by seamen, 130 n., 144
Hanwell, lieutenant, 32
Hardy, James, captain, inspects and praises the Blonde, 204–5;
sends her some buckets of paint, 205
Harley, Henry Roland, clerk, 55;
purser, 194–5
Harmood, Harry, captain, 11, 13;
commissioner, 174
Harrison, Mr., private secretary to Lord Spencer, 176
Harrison, John, gunner, 224
Harrison, William, mate, 248
Hartley, Martin Pert, midshipman, 40
Hastings, points of interest near, 254–5
Hawford, Richard, lieutenant, lost in the Rover, 8
Hearle, Benjamin, carpenter, 14
Hell-fire club, 44;
members’ dress, 48–9 and n.
Hemmings, Mr., master attendant at Plymouth, 191
Henikoff, Russian admiral, 184, 207
Herbert, Richard, midshipman, 53
Hervey, John, midshipman, 117
Hervey, Lady, pelted with sugar plums, 140
Hervey, Lord, ambassador, pelted with sugar plums, 140
Hewlett, Thomas, midshipman, 153
Heycock, Richard, midshipman, 94, 118;
refuses to pay mess fines, 108
Hickey, Frederick, lieutenant, sells his prize money, 181;
put on shore in the mutiny, 193, 201
Hill, John, boatswain, 63
Hinton, John, midshipman, 116
Hinton, Martin, lieutenant, 176
Hodges, John, midshipman, died of yellow fever, 249
Hodgskin, John A., midshipman, 125
Holland, John Wentworth, midshipman, 54
Hollingsworth, John, midshipman, killed in battle, 95 n.
Holloway, John, rear-admiral, memoir of, criticised, 27–8, 226, 247
Holmes, midshipman, is ‘caught napping,’ 86–7
Holmes, James, lieutenant of marines, 248
Home, Sir George, captain, 22
Hood, Lord, admiral, commands the Russian armament, 99;
sails for the Mediterranean, 126;
Toulon fleet surrenders to, 128;
chases the French fleet into Gourjean Bay, 146;
 siege of Bastia, 148, 145 n., 172, 176
Hoops, iron, taken on board, 230;
not worth their carriage, 231
Hope, Robert, surgeon, 124
Horsley, Richard, midshipman, 249
Hotham, William (afterwards Lord), vice-admiral, 126, 143;
misses a great opportunity, 145–7;
an able second in command, 147–8
Houghton, Charles, midshipman, 225
Houghton, Daniel, major, the African traveller, 225
Houghton, Frederick, midshipman, drowned, 225
Howe, Lord, admiral, 21, 25;
aspersions on, 28;
action off Cape Spartel, 29–33;
hoists the union flag, 98 n., 80 n., 99, 100
Huish, Robert, purser, his terror in a boat, 219–20, 224
Humphries, Christopher, boatswain, 202
Hungerford, Emanuel, lieutenant, an amusing fellow, 238;
strikes his former captain, 242;
a very able officer, 243, 247
Hunt, Peter, midshipman, a droll fellow, 125
Hutchins, Henry, purser, 13
Hutchinson, Edward, mate, 152
Hutt, John, captain, 121;
an excellent sailor, 122;
killed on 1st of June, 124

Ince, midshipman, 55
Incledon, Charles, the singer, 182 and n.
Inglis, Charles, midshipman, 92, 118;
 captain, 229
Ireland, rebellion in, 204
Ireland, Thomas, lieutenant, killed on 1st of June, 115
Ireland, William, gunner, 124
Irwin, John, lieutenant, 91 n.
Irwin, J. S., midshipman, 95, 114

Jacks, Davy, quartermaster, 72

Jackson, midshipman, 118
James, Edwin, lieutenant, 212, 224
James, William, author of the Naval History, a Yankee-Doodle, 131
n., 147, 152, 155 n.
Jeffrey, Ben, clerk, 98, 120
Jeffreys, Ninian, master, 115
Jeffries, boatswain, 120
Jennings, Ulick, midshipman, 160, 163;
commander, broke by court martial, 171
Jervis, Sir John, rear-admiral, 98–9;
Earl of St. Vincent, admiral of the fleet, 112, 117
Jeynes, Thomas, lieutenant, a tyrant, a cold-blooded bad fellow, 58–
62
Jezard, James, carpenter, 71
Johnstone, George, midshipman, murdered, 119
Johnstone, Jemmy, midshipman, 118
Jones, purser, 232
Jones, George, midshipman, called ‘Dog-head,’ 92, 118
Jones, Paul, captain, U.S.N., 38
Josephine, Empress, 101
Jump, lieutenant, agent of transports, 250

Katon, James, captain, 227–8

Kein, Thomas, assistant surgeon, 91
Kelloch, James, boatswain, 124
Kemble, Joseph, boatswain, 152
Kemp, Nicholas, lieutenant, 114
Kempenfelt, rear-admiral, an able tactician, 16;
lost in the Royal George, 23, 24
Keppel, the Hon. Augustus (afterwards Lord), admiral, 10, 11
Key, John, midshipman, 118;
lieutenant, unfit to be first, 226;
sent to hospital, 239;
refused a passage home, ib. and n.;
his manner of keeping watch, 240, 244, 247
Kiel, John, midshipman, went on shore without leave, 71;
off deck in his watch, 72–3;
‘troubled with St. Anthony’s fire,’ 83;
died mad, 93
King, Sir Richard, port admiral at Plymouth, 190;
approves of Gardner’s conduct, 190
King, Solomon, midshipman, 93, 118
King, William, midshipman, 93
Kinneer, James Jervis, midshipman, sent on shore in the mutiny,
193;
drowned, 202
Kirk, Daniel, midshipman, 116
Kirk, James, surgeon, 115
Kitten, William, 18
Kleber, French general, 261
Knight, captain in the army, killed in battle, 208
Knight, John, captain, 172–3, 175–6

Laforey, Sir Francis, captain, 229, 232–3

Lamb, William, midshipman and mate, 92, 118;
captain, 174
Lambrick, John, midshipman, 154
Lamotte-Picquet, French admiral, 233
Land, Hugh, clerk, 63
Landseer, Thomas, admiral’s servant, 55
Langara, Don Juan de, Spanish admiral, defeat of, 112;
off Minorca, 126;
at Toulon, 128
Laugharne, John, lieutenant, 8
Launder, William, midshipman, killed at the battle of the Nile, 119
Laurie, midshipman, murdered, 119
Laurie, Robert, midshipman (afterwards admiral), 53;
lieutenant, 121;
wounded on 1st June, 124
Lawrence, John, midshipman, 153
Le Bair, Nicholas, midshipman, died in French prison, 153
Lechmere, captain, 41
Le Clerc, Madame, sister of Napoleon, wife of commander-in-chief at
St. Domingo, 230
Lee, Francis Geary Gardner, midshipman (afterwards knighted), 202
Lee, Paddy, lieutenant, 113
Lee, Richard, captain of Hind, 178, 180;
speculates in prize money, 181;
a most meritorious officer, 182, 183, 195–6, 201
Leghorn, carnival at, 139;
convivial dinner at, 142
Lemon, John [or Lamond], midshipman, 249
Leonard, midshipman, triced up to the main topmast head, 81
Levy, Titus, purser, died mad, 91
Lewis, captain, 191
Liggatt, John, assistant surgeon, 96
Linzee, Samuel Hood, captain, 229, 233
Linzee, commodore, at Cagliari, 129;
at Tunis, 131
Liquor smuggled on board, 60, 69
Littlehales, R. B., midshipman, 54
Lloyd, Robert, lieutenant, 100, 114
Loring, captain, 229
Loring, Joseph, lieutenant, 52
Lowe, Thomas, lieutenant, 247
Lucas, John, lieutenant, court martial on, 73, 74
Lumsdale, J., captain, 41
Lutwidge, Skeffington, captain, 65
Lyford, Henry J., lieutenant, 224, 232
Lyne, Thomas, lieutenant, 170

McArthur, John, secretary, 148, 176

Macarthy, quartermaster, anecdote of man overboard, 199
Macbride, Andrew, schoolmaster, given to drink, 76;
his extreme ugliness, 76–7;
song on, 77–8;
died at Jamaica, 78;
an excellent mathematician, ib.;
 and writer, 79;
caricature of, ib.;
splendid abilities, 95
Macbride, John, admiral, 56, 82
McCarthy, a deserter, 58
McCulloch, William, midshipman, 154
McCurdy, John, assistant surgeon, 53
McDonald, John, mate, 119
Macfarland, J. S., midshipman, 54
McInerheny, Mr., master, 12, 13
McInerheny, William, 13
Mackenzie, Alexander, midshipman, a sneak, 153
Mackey, lieutenant, 114
McKinlay, George, captain, 230
McKinnon, Peter, gunner, his sore eyes, 61, 63
Maclean, Hector, lieutenant, 236, 247
Maclean, Lauchlin, clerk, 96
Macredie, John, midshipman, his song, 77–8;
a great deal of service, 80;
an excellent scholar, ib.;
very absent-minded, 81;
as Ajax Telamon, 84, 93;
his story of the raven, 88;
a most worthy fellow, 95;
in the Barfleur, 118
Malcolm, James, surgeon, 39, 91
Manning, Robert, midshipman, 54
Marr, Jacky, boatswain, 120, 176
Marriott, Mr., assistant secretary, Royal Meteorological Society, note
by, 179
Marsh, assistant surgeon, 96
Marsh, Edward, lieutenant, 114
Marshall, Andrew, assistant surgeon, 249
Marshall, John, lieutenant, author of the Royal Naval Biography,
27–9
Marshall, Sir Samuel, deputy comptroller of the navy, 174
Martin, Sir Henry, comptroller of the navy, 97
Martin, Thomas Byam, midshipman, 117;
captain, 156
Mathews, John, lieutenant, 113
Matthews, Robert B., midshipman, 249
Maundrell, midshipman, 63
Meager, Nicholas, midshipman, 123, 125
Mears, Thomas, gunner, 14
Medley, Edward, midshipman, 248
Mends, captain, 229
Merchant, Thomas, midshipman, 54
Merrett, John, surgeon, 17
Mess, ‘Spartan simplicity’ of the, 20;
contrasted with later luxury, 21
Milbanke, Mark, vice-admiral, 33, 38
Miles, Lawford, lieutenant of marines, 176
Millar, midshipman, his ugliness, 76–7;
made a gunner, 94
Miller, John, lieutenant, 124
Milligan, James, surgeon, 224
Milner, George, midshipman, 122–3, 125
Molloy, A. J. P., captain, his tyranny, 80, 90
Monkeys, crew of an African ship lived on, 42;
monkey soup, 51
Monkton, John, mate, 8
Montagu, lieutenant, 25, 38
Montagu, Robert rear-admiral, 227–8, 237
Moore, Edward, mate, his practical joke, 76;
opposed to tyranny, 81;
court martial on, 82;
his generosity, 83;
highly respected, 92, 118
Moore, James, gunner, 202
Morgan, lieutenant, his ugliness, 76–7
Morgan, Ben, midshipman, victim of bullying, 44;
his extravagance, 49, 54
Morgan, Ross, lieutenant of marines, becomes insane, 243–4, 248
Morgan, William, chaplain, 115
Morris, H. G., midshipman, 125
Morris, James Nicholl, lieutenant, at Trafalgar, 113
Mortella tower, 143–4 and n.
Morton, lieutenant, 118
Mottley, Samuel, lieutenant, 115
Moulding, Joe, his catechism, 34
Mounsey, William, midshipman, 63
Mulligan, a seaman, flogged for cowardice, 32
Murray, James, lieutenant, 38
Mustapha, suspected of being English, 137
Mutiny at Spithead (1797), 192–3
Myers, Philip, carpenter, 152
Napoleon, his three great errors, 101;
his sister, 230, 261
Nash, John, midshipman, 14
Nash, Richard, midshipman, killed, 14
Nauticus, junior, 28 n.
Navy Board, letter from, 262 n.
Nazer, John, mate, 202
Neate, William, midshipman, 39
Nelson, Horatio, captain, 131;
at Tunis, 132 n.;
his comment on the ‘Resurgam Squadron,’ 145 n.;
loses his eye, 147
Neve, Robert Jenner, midshipman, 125
New, Thomas, captain, court martial on, 230
Newfoundland, ice field near, 42
Newnham, clerk, said to be the admiral’s cow, 49;
a butt, 55
Newport, Thomas, carpenter, broke by court martial, 224
Nichola, midshipman, insane, 63
Nichols, captain, 41
Nicholson, Richard, midshipman, 18
Nicholson, W. P., midshipman, 18
Noble, Christopher, lieutenant of marines, death from wounds, 201
Noble, George, lieutenant of marines, 38
Norman, James, captain, 182
Nott, John Francis, midshipman, 117
Nowell, William, lieutenant, a good jumper, 87, 90
O’Connor, John, midshipman, 119
Oliver, captain, 229, 233
Oliver, Thomas, mate, 124
Orchard, schoolmaster, his ‘black pudding,’ 15, 17
Osborne, Charles, lieutenant, 13
Otter, Charles, midshipman, taken prisoner, 116
Otway, R. W., captain, 229, 233
Owen, midshipman, 33–35

Palmer, Nisbet, lieutenant, 138;

killed in action, 151–2
Pankhurst, Patty, tells a ghost story, 4
Pardieu [or Purdue, Simon], midshipman, 248
Parker, Hyde, admiral, ‘Old Vinegar,’ 11, 12, 82, 103–4
Parker, Sir Peter, vice-admiral, 23
Parr, Dr., assistant master at Harrow, 259–60 and n.
Parrots and monkeys, crew of an African ship lived on, 42;
roast parrots, 51
Parry, William, admiral, 3, 174
Paton, George, master, 201
Patterson, George, master, 57, 58, 62
Paulett, Lord H., captain, 229, 233
Peard, S., captain, 229
Pearson, Sir Richard, captain, taken prisoner, 38, 96
Peas in the after-hold, 167–8 and n.
Peers, captain of the marines, 232
Penn, Sir William, captured Jamaica, 245
Pennants worn by transport officers, 250, 265–6
Penrose, captain, 227–8
Perkins, captain, 229
Perkins, Robert, midshipman, his song, 104;
his joke, 105, 116
Peterson, Edmund, surgeon, 53
Peyton, Joseph, rear-admiral, 73, 90;
admiral, 203
Peyton, Joseph, lieutenant, 8
Phillimore, Sir John, captain, canes James, the author of the Naval
History, 131 n.
Phillips, quartermaster, his cheese stolen by the raven, 89
Philpot, midshipman, goes to a concert, 69;
quarrels with Gardner, 74;
called ‘Toby Philpot,’ 92
Philps, William, gunner, 171
Phrases:
A dish of turnips, 43
A purser’s shirt in the rigging, 163
A tight hand of the watch, 65, 198
As if hell kicked us, 146
Bowed the sea, 186
Cross-jack brace eye, 107
Damn your eyes = cheer up, 174
Don’t come barking like a tanner’s dog, 212
Easier than knot a rope yarn, 185
I say, Mortimer, 51
Jib a third in, 186
Make a fellow jump where
there was no stile, 65
My hat’s off, 108
No lame duck on change, 235
Play hell and turn up Jack, 43 n., 65
Puddening the flats, 119
Serve out slops at the gangway, 111
 Will you have your hammock up? 100
Pickering, Richard, clerk, 40
Pierce, James, captain of marines, 52
Piercy, Thomas, captain, 19;
ill health of, 21, 22;
taken prisoner, 38, 96
Pigs on board ship in action, 30
Pisa, carnival at, 140;
public buildings and pictures of, 140–1
Pitt, Thomas, midshipman, 153
Pole, Charles Morice, captain, 64
Poole, William, clerk, 171
Popham, Sir Home, 212
Porter, George, mate, 202
Portland Race, danger of, 189
Portlock, Nathaniel, lieutenant, an able navigator, 114
Potts, Henry, midshipman, 53
Poulden, Mr., 178–80
Poulden, Richard, captain, 178
Powell, Howell, assistant surgeon, drowned in the Babet, 12
Price, Mr., purser, his generosity, 21, 39
Pringle, William, midshipman, would do for a scuttle butt, 67;
visits sick messmate, 75;
‘Ponderous and Huge,’ 93 & n.
Proby, William Allen, Lord, midshipman, 154
Proctor, Alexander, assistant surgeon, 63
Prowse, William, lieutenant, reprimanded, 107, 113
Purser’s eights, 52 n.
Purvis, George, admiral’s secretary, 115
Pye, Sir Thomas, admiral, 10
Pye, William, schoolmaster, 45, 55, 120, 177

Quarrier, Daniel, assistant surgeon, 249

Quinton, John, mate, fond of gin grog, 61, 63

Rainier, Peter, admiral, 113

Ralfe, J., Naval Biography by, 228 n.
Ralph (1), a raven, taken for the Devil, 88–9
Ralph (2), a raven, a ‘most sagacious creature,’ 257–8
Raven, superstitious dread of a, 88–9, 257–8
Rayner, Edmund, midshipman, 125
Rea, captain of marines, 243;
his rhymes on Jamaica, 245, 248
Reardon, Andrew, assistant surgeon, sleeps in a cask, 48, 53
Reed, Davy, master, 89–91
Reeve, Samuel, captain, 22
Renwick, William, midshipman, 125
Resurgam Squadron, 145
Reynolds, Robert Carthew, captain, 99–100;
lost in the St. George, 113
Rice, James McPherson, midshipman, a ‘great mathematician,’ 123,
125
Rich, Sir Thomas, captain, 64
Richards, lieutenant, 199
Richards, John, lieutenant, promoted from before the mast, 115
Richardson, Henry, midshipman, 116
Richery, French admiral, his squadron, 185, 190
Rinaldini, capitano, famous bandit, 137
Rivers, William, gunner, 120, 176
Roberts, George, midshipman, 249
Robson, John, lieutenant of marines, 248
Roddam, midshipman, 116
Roddam, Robert, vice-admiral, 97, 107, 112
Rodney, Sir George, admiral, 12, 112, 182, 228
Rodney, the Hon. John, commodore, 156
Rogers, James, midshipman and mate, 115
Rolles, Robert, midshipman, 14
Rollin, Mr. A., secretary to the captain superintendent at Sheerness,
note by, 179
Rose, John, midshipman, 153
Roskruge, Francis, midshipman, killed at Trafalgar, 94
Roskruge, John, master, 91
Ross, James, midshipman, one-armed, 118
Ross, lieutenant, 86, 113
Russell, William Paddy, midshipman, 124
Russian soldiers, filthy habits of, 207
Rutherford, captain, 229

Sanders, James, midshipman, 93, 118;

commander, 230
Sandford, John, midshipman, 53
Sandwich, Lord, first lord of the admiralty, 3, 6
Saradine, Sol., 18
Sargent, Francis, mate, 92
Schomberg, Isaac, captain, superintendent of Sea Fencibles, 251
Schoolmasters, naval, 79 n.
Scott, Alexander John, chaplain, left behind at Toulon, 150;
in Victory at Trafalgar, 152
Scott, John, clerk, killed at Trafalgar, 96
Scott, Samuel, master’s mate, a blustering bully, 53
Scovell, Richard, midshipman, killed in battle, 153
Scratch Alley, the boatswain of, 142
Scriven, Timothy, carpenter, 63
Seppings, John, midshipman, 125
Serocold, captain, death of, 147
Seymour, Lord Hugh, admiral, commanding Jamaica station, 236
Shield, Mr., clergyman at Stoke, 17
Shield, William, captain, 144, 151
Ships:—
Abergavenny, guard-ship, 227, 229
Admiral de Vries, a cooperage, 227, 229
Æolus, 41, 229
Agamemnon, 131–2
Alacrity, brig, capture of 151–2
Albion, 11
Alcide, 115, 131, 155
Alert, 155–6
Alexander, 157
Alfred, 184
Alkmaar, 206 and n.
Ambuscade, 174
America, a hulk, 156, 227, 229
Andromeda, 65, 148
Apollo, 117, 200, 249
Aquilon, 139
Ardent, loss of, 147 and n.
Artois, 33
Audacious, 229
Aurora, 54
Babet, loss of, 120
Barfleur, Gardner’s service in, 97–120;
splendid ship’s company, 100;
officers of, 112–120, 80, 83, 151, 170, 176–7, 226
Bedford, 11
Bellerophon, 113, 119, 229
Bellona, 119, 229, 232
Berwick, Gardner’s service in, 126–54;
sailed for the Mediterranean, 126;
bad weather and phenomenal rolling, 127;
at Toulon, 127–8;
detached to Tunis, 129–36;
puts into Trapani, 137;
and Leghorn, 139;
joins Hotham off Toulon, 143;
officers of, 151–4;
captured, 152–3, 104, 121, 162, 170, 205
Bienfaisant, 104
Blanche, loss of, 208
Blenheim, 33, 226
Blonde, Gardner’s service in, 203–25;
in very good order, 205;
in great danger from the pilots’ ignorance, 208–211;
comic incidents of, 212;
south-easterly blizzard off Guernsey, 220–21;
officers of, 224–5
Bonetta, sloop, loss of, 230
Boreas, Gardner borne in, 3–9;
aground, 6;
quarrel with Foudroyant, 7;
one of the first copper-bottomed ships (1775), 8;
officers of, 8, 9, 19, 64, 75, 90, 115
Bristol, 25
Britannia, 94, 145
Brunswick, Gardner’s service in, 226–49;
with Cornwallis, off Brest, 226, 234–236;
sent to Jamaica, 227, 237;
 with Howe on 1 June, 236 n.;
ship’s dog thrown overboard, 241–2;
thunderstorm, 246–7;
officers of, 247–9
Buffalo, 25, 27–9;
in the battle on the Dogger Bank, 103;
song on, 103–4
Caledonia, 79
Calypso, 230
Cambridge, court martial held on board of, 199
Captain, 227, 229, 234, 241
Carnatic, 227–8
Centaur, lost, 26, 79
Cerberus, 22
Colossus, 64, 113
Commerce de Marseilles, 155, 170, 172
Conflagration, fireship, 121
Conqueror, Gardner borne in, 10–14;
review at Spithead, 10;
sails for North America, 10;
‘a dreadful passage’ and very large sick list, 11;
officers of, 12–14, 3, 6, 19
Conquistador, 112, 214
Cornwall, 11
Countess of Scarborough, hired ship, 38
Crown, 22, 33, 64–5
Culloden, 11, 64
Cumberland, 82, 227–8
Dauphin Royal, Fr., renamed Sans Culotte, 145
Decade, 229
Defence, 229, 233
Dictator, 203
Dido, 229
Diligente, 24, 50
Dolphin, 104
Dordrecht, 203 n.
Dromedary, 22
Druid, 229
Duke, 123