-
Notifications
You must be signed in to change notification settings - Fork 265
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
C library: additional floating-point functions and cleanup #8195
Conversation
fd07bb3
to
406a39a
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## develop #8195 +/- ##
========================================
Coverage 79.66% 79.66%
========================================
Files 1682 1682
Lines 195377 195377
========================================
Hits 155641 155641
Misses 39736 39736 ☔ View full report in Codecov by Sentry. |
@@ -854,11 +899,14 @@ float sqrtf(float f) | |||
// number of exponent and significand bits. Thus they are | |||
// given implicitly... | |||
|
|||
#pragma CPROVER check push | |||
#pragma CPROVER check disable "float-overflow" | |||
float lowerSquare = lower * lower; | |||
__CPROVER_assume(__CPROVER_isnormalf(lowerSquare)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A square root may well be denormal?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think that's possible for the case that f
(which we are taking the square root of) is normal, which this branch assumes: given a denormal number is smaller than 1, any denormal square root s
cannot be smaller than f
(for f
has to be denormal when s
is denormal.
Follows the same approximation approach as previously taken for log (and logf, logl).
We previously ended up with recursion.
Model floating-point exceptions as failing assertions.
Model fused multiply-add as documented in its man page.
We construct NaN (and Inf) by dividing by zero, which is a standards-compliant way in that Nan (Inf) is the correct result for these cases. Do not flag these operations as division-by-zero, which the user would not expect.
Fail as documented rather than via built-in assertions when overflowing.
We guess upper and lower bounds and check them for infinity afterwards. Those multiplications should not be flagged by auto-generated assertions.
c62afc8
to
085068c
Compare
Visual Studio knows static_assert, but not the standardised _Static_assert.
Visual Studio uses `1.000000e+300 * 1.000000e+300` as value behind the `HUGE_VAL` macro. We should not report an overflow for this approach of producing infinity.
Implemented in CBMC in diffblue/cbmc#8195.
Implemented in CBMC in diffblue/cbmc#8195. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses. Co-authored-by: Felipe R. Monteiro <felisous@amazon.com>
CBMC's sqrt* implementations were fixed in diffblue/cbmc#8195. By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.
Implemented in CBMC in diffblue/cbmc#8195.
CBMC's sqrt* implementations were fixed in diffblue/cbmc#8195.
Please see individual commit messages.