Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

division-by-zero on float #8233

Merged
merged 1 commit into from
Mar 23, 2024
Merged

division-by-zero on float #8233

merged 1 commit into from
Mar 23, 2024

Conversation

kroening
Copy link
Member

@kroening kroening commented Mar 9, 2024
edited
Loading

This separates the division-by-zero check for floating-point operations from the division-by-zero check for integers. The new division-by-zero check for floating-point operations is off by default, and is enabled by --float-div-by-zero-check.

The case for doing so is weak. ISO/IEC 9899:2021 (C21) and predecessors clealy state (Sec 6.5.5 par 5) "In both operations, if the value of the second operand is zero, the behavior is undefined."

However, Annex F (IEC 60559 floating-point arithmetic) states that implementations that define __STDC_IEC_559__ must implement IEC 60559 division, which clearly defines the behavior when dividing floating-point numbers by zero. This behavior can be observed on all architectures that we support.

  • Each commit message has a non-empty body, explaining why the change was made.
  • n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
  • The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
  • Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
  • n/a My commit message includes data points confirming performance improvements (if claimed).
  • My PR is restricted to a single feature or bugfix.
  • n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

@kroening kroening marked this pull request as ready for review March 9, 2024 19:42
@kroening kroening force-pushed the float-div-by-zero branch from 9335e6b to 87ffbc8 Compare March 9, 2024 19:52
@kroening kroening requested review from jimgrundy and TGWDB as code owners March 9, 2024 19:52
@kroening kroening mentioned this pull request Mar 9, 2024
Merged
5 tasks
@kroening kroening force-pushed the float-div-by-zero branch 4 times, most recently from b4f949a to 2f2e163 Compare March 9, 2024 20:40
@kroening kroening force-pushed the float-div-by-zero branch from 2f2e163 to b733273 Compare March 9, 2024 21:16
@codecov Codecov
Copy link

codecov bot commented Mar 9, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 79.64%. Comparing base (7d01374) to head (e00a1bd).

Additional details and impacted files 
@@             Coverage Diff             @@
##           develop    #8233      +/-   ##
===========================================
- Coverage    79.64%   79.64%   -0.01%     
===========================================
  Files         1684     1684              
  Lines       195670   195684      +14     
===========================================
+ Hits        155841   155852      +11     
- Misses       39829    39832       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@kroening kroening force-pushed the float-div-by-zero branch 2 times, most recently from e3f0ba9 to 16ea284 Compare March 9, 2024 23:34
tautschnig
tautschnig reviewed Mar 10, 2024
View reviewed changes
regression/cbmc/pragma_cprover_enable_all/main.c
@@ -15,7 +15,7 @@ int main()
#pragma CPROVER check push
#pragma CPROVER check disable "bounds"
#pragma CPROVER check disable "pointer"
#pragma CPROVER check disable "div-by-zero"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This regression test is called "...enable_all," so shouldn't the new check be enabled in addition rather than replace an existing one?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There isn't any integer division, so that wouldn't have any effect.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, but then this test should be extended to have one (the test is "enable_all", so we should be testing all of them).

tautschnig
tautschnig approved these changes Mar 22, 2024
View reviewed changes
regression/cbmc/pragma_cprover_enable_all/main.c
@@ -15,7 +15,7 @@ int main()
#pragma CPROVER check push
#pragma CPROVER check disable "bounds"
#pragma CPROVER check disable "pointer"
#pragma CPROVER check disable "div-by-zero"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, but then this test should be extended to have one (the test is "enable_all", so we should be testing all of them).

@kroening kroening force-pushed the float-div-by-zero branch from 16ea284 to ffaf0ee Compare March 22, 2024 20:51
@kroening
Copy link
Member Author

Test extended by adding an integer division by zero.

@kroening kroening enabled auto-merge March 22, 2024 20:53
@kroening
division-by-zero on float
e00a1bd 
This separates the division-by-zero check for floating-point operations from
the division-by-zero check for integers.  The new division-by-zero check for
floating-point operations is off by default, and is enabled by
--float-div-by-zero-check.

The case for doing so is weak.  ISO/IEC 9899:2021 (C21) and predecessors
clealy state (Sec 6.5.5 par 5) "In both operations, if the value of the
second operand is zero, the behavior is undefined."

However, Annex F (IEC 60559 floating-point arithmetic) states that
implementations that define __STDC_IEC_559__ must implement IEC 60559
division, which clearly defines the behavior when dividing floating-point
numbers by zero.  This behavior can be observed on all architectures that we
support.
@kroening kroening force-pushed the float-div-by-zero branch from ffaf0ee to e00a1bd Compare March 22, 2024 23:47
@kroening kroening merged commit b6ab541 into develop Mar 23, 2024
40 of 41 checks passed
@tautschnig tautschnig deleted the float-div-by-zero branch March 25, 2024 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tautschnig tautschnig tautschnig approved these changes

@peterschrammel peterschrammel Awaiting requested review from peterschrammel peterschrammel is a code owner

@remi-delmas-3000 remi-delmas-3000 Awaiting requested review from remi-delmas-3000 remi-delmas-3000 is a code owner

@jimgrundy jimgrundy Awaiting requested review from jimgrundy jimgrundy is a code owner

@TGWDB TGWDB Awaiting requested review from TGWDB TGWDB is a code owner

Assignees

@tautschnig tautschnig

Labels
C++ Front End C Front End
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kroening @tautschnig