Reliable Computing 4: 71–82, 1998.
1998 Kluwer Academic Publishers. Printed in the Netherlands.
A Software Tool for Automatically Veriﬁed
Operations on Intervals and Probability
DANIEL BERLEANT and HANG CHENG
Dept. of Computer Systems Engineering, University of Arkansas, Fayetteville, AR 72701, USA,
(Received: 2 April 1995; accepted: 1 August 1996)
Abstract. We describe a software tool for performing automatically veriﬁed arithmetic operations on
independent operands when the operands are intervals, or probability distribution functions, or one
operand is an interval and the other is a distribution. Intervals and distributions are expressed using
the same technique, so the algorithms do not need to distinguish between intervals and distributions in
their operation. The tool can calculate common arithmetic operations with guaranteed results (as well
as conﬁdence limits on a distribution if the distribution is empirically estimated from samples).
A previous paper  discusses the concepts, algorithms, and related work. Here we emphasize
a software tool that implements the algorithms, interacts with the user via a graphical user interface,
and saves, retrieves, and prints the results of its calculations.
1. Introduction to the Representation
We use histograms to represent, correctly, both probability distribution functions
(PDFs) and intervals. We take an interval to be an incompletely speciﬁed description
of value such that there is a probability of one that the actual but unknown value
falls within the interval. A probability distribution may be in the form of either a
probability density function (PDF) or its integral, a cumulative distribution function
(CDF). Next, we show how to represent both distribution functions and intervals,
correctly, using the same representational technique.
Histograms are a natural way for people to create and edit probability distributions,
and are used for this purpose by our software tool. While a histogram discretizes the
underlying PDF, in our technique this discretization introduces no error, and thereby
maintains correctness. Instead, it introduces information loss. To see this, consider
a histogram discretization of a PDF to be a partitioning of the PDF’s domain into
a set of intervals, each of which is associated with a probability mass equal to the
area under the PDF across the range of that interval. The graphical depiction of a
histogram is then simply a convention for describing this set of intervals and their