Skip to content

Commit b733273

Browse files
kroeningkroening
committed
division-by-zero on float
This separates the division-by-zero check for floating-point operations from the division-by-zero check for integers. The new division-by-zero check for floating-point operations is off by default, and is enabled by --float-div-by-zero-check. The case for doing so is weak. ISO/IEC 9899:2021 (C21) and predecessors clealy state (Sec 6.5.5 par 5) "In both operations, if the value of the second operand is zero, the behavior is undefined." However, Annex F (IEC 60559 floating-point arithmetic) states that implementations that define __STDC_IEC_559__ must implement IEC 60559 division, which clearly defines the behavior when dividing floating-point numbers by zero. This behavior can be observed on all architectures that we support.
1 parent cec9dc6 commit b733273

File tree

14 files changed

+151
-50
lines changed

14 files changed

+151
-50
lines changed

doc/man/cbmc.1

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -62,7 +62,10 @@ enable array bounds checks
6262
check shift greater than bit\-width
6363
.TP
6464
\fB\-\-div\-by\-zero\-check\fR
65-
enable division by zero checks
65+
enable division by zero checks for integer division
66+
.TP
67+
\fB\-\-float\-div\-by\-zero\-check\fR
68+
enable division by zero checks for floating-point division
6669
.TP
6770
\fB\-\-pointer\-primitive\-check\fR
6871
checks that all pointers in pointer primitives are valid or null

doc/man/goto-analyzer.1

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -521,7 +521,10 @@ Enable memory cleanup checks: assert that all dynamically allocated memory is
521521
explicitly freed before terminating the program.
522522
.TP
523523
\fB\-\-div\-by\-zero\-check\fR
524-
enable division by zero checks
524+
enable division by zero checks for integer division
525+
.TP
526+
\fB\-\-float\-div\-by\-zero\-check\fR
527+
enable division by zero checks for floating-point division
525528
.TP
526529
\fB\-\-signed\-overflow\-check\fR
527530
enable signed arithmetic over\- and underflow checks

doc/man/goto-diff.1

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,10 @@ Enable memory cleanup checks: assert that all dynamically allocated memory is
5252
explicitly freed before terminating the program.
5353
.TP
5454
\fB\-\-div\-by\-zero\-check\fR
55-
enable division by zero checks
55+
enable division by zero checks for integer division
56+
.TP
57+
\fB\-\-float\-div\-by\-zero\-check\fR
58+
enable division by zero checks for floating-point division
5659
.TP
5760
\fB\-\-signed\-overflow\-check\fR
5861
enable signed arithmetic over\- and underflow checks

doc/man/goto-instrument.1

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -192,7 +192,10 @@ Enable memory cleanup checks: assert that all dynamically allocated memory is
192192
explicitly freed before terminating the program.
193193
.TP
194194
\fB\-\-div\-by\-zero\-check\fR
195-
enable division by zero checks
195+
enable division by zero checks for integer division
196+
.TP
197+
\fB\-\-float\-div\-by\-zero\-check\fR
198+
enable division by zero checks for floating-point division
196199
.TP
197200
\fB\-\-signed\-overflow\-check\fR
198201
enable signed arithmetic over\- and underflow checks

regression/cbmc/Division/floating_point_division1.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
#include <assert.h>
2+
#include <math.h>
3+
4+
int main()
5+
{
6+
assert(1.0 / 2 == 0.5);
7+
assert(1.0 / 0 == INFINITY);
8+
assert(-1.0 / 0 == -INFINITY);
9+
assert(isnan(NAN / 0));
10+
assert(1.0 / INFINITY == 0);
11+
assert(isnan(INFINITY / INFINITY));
12+
}

regression/cbmc/Division/floating_point_division1.desc

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
CORE
2+
floating_point_division1.c
3+
4+
^EXIT=0$
5+
^SIGNAL=0$
6+
^VERIFICATION SUCCESSFUL$
7+
--
8+
^warning: ignoring

regression/cbmc/Division/floating_point_division2.c

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
#include <assert.h>
2+
#include <math.h>
3+
4+
double nondet_double();
5+
6+
int main()
7+
{
8+
double y = nondet_double();
9+
10+
if(y == 0)
11+
{
12+
// we expect to catch this with --float-div-by-zero-check
13+
double x = 1.0 / y;
14+
}
15+
}

regression/cbmc/Division/floating_point_division2.desc

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,9 @@
1+
CORE no-new-smt
2+
floating_point_division2.c
3+
--float-div-by-zero-check
4+
^EXIT=10$
5+
^SIGNAL=0$
6+
^\[main\.float-division-by-zero\.1\] line \d+ floating-point division by zero in 1\.0 / y: FAILURE$
7+
^VERIFICATION FAILED$
8+
--
9+
^warning: ignoring

regression/cbmc/pragma_cprover_enable_all/main.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ int main()
1515
#pragma CPROVER check push
1616
#pragma CPROVER check disable "bounds"
1717
#pragma CPROVER check disable "pointer"
18-
#pragma CPROVER check disable "div-by-zero"
18+
#pragma CPROVER check disable "float-div-by-zero"
1919
#pragma CPROVER check disable "enum-range"
2020
#pragma CPROVER check disable "signed-overflow"
2121
#pragma CPROVER check disable "unsigned-overflow"
@@ -52,7 +52,7 @@ int main()
5252
#pragma CPROVER check push
5353
#pragma CPROVER check enable "bounds"
5454
#pragma CPROVER check enable "pointer"
55-
#pragma CPROVER check enable "div-by-zero"
55+
#pragma CPROVER check enable "float-div-by-zero"
5656
#pragma CPROVER check enable "enum-range"
5757
#pragma CPROVER check enable "signed-overflow"
5858
#pragma CPROVER check enable "unsigned-overflow"

regression/cbmc/pragma_cprover_enable_all/test.desc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ main.c
55
^\[main\.pointer_primitives\.\d+\] line 77 pointer outside object bounds in R_OK\(q, \(unsigned (long (long )?)?int\)1\): FAILURE$
66
^\[main\.pointer_arithmetic\.\d+\] line 78 pointer arithmetic: pointer outside object bounds in p \+ (\(signed int\))?2000000000000(l|ll): FAILURE
77
^\[main\.NaN\.\d+\] line 84 NaN on / in x / den: FAILURE
8-
^\[main\.division-by-zero\.\d+\] line 84 division by zero in x / den: FAILURE
8+
^\[main\.float-division-by-zero\.\d+\] line 84 floating-point division by zero in x / den: FAILURE
99
^\[main\.overflow\.\d+\] line 84 arithmetic overflow on floating-point division in x / den: FAILURE
1010
^\[main\.enum-range-check\.\d+\] line 85 enum range check in \(ABC\)10: FAILURE
1111
^\[main\.overflow\.\d+\] line 86 arithmetic overflow on signed (to unsigned )?type conversion in \(char\)\(\(signed int\)i \+ 1\): FAILURE
@@ -18,7 +18,7 @@ main.c
1818
^\[main\.pointer_primitives\.\d+\] line 40 pointer outside object bounds in R_OK\(q, \(unsigned (long (long )?)?int\)1\): FAILURE$
1919
^\[main\.pointer_arithmetic\.\d+\] line 41 pointer arithmetic: pointer outside object bounds in p \+ .*2000000000000(l|ll): FAILURE
2020
^\[main\.NaN\.\d+\] line 47 NaN on / in x / den: FAILURE
21-
^\[main\.division-by-zero\.\d+\] line 47 division by zero in x / den: FAILURE
21+
^\[main\.float-division-by-zero\.\d+\] line 47 floating-point division by zero in x / den: FAILURE
2222
^\[main\.overflow\.\d+\] line 47 arithmetic overflow on floating-point division in x / den: FAILURE
2323
^\[main\.enum-range-check\.\d+\] line 48 enum range check in \(ABC\)10: FAILURE
2424
^\[main\.overflow\.\d+\] line 49 arithmetic overflow on signed type conversion in \(char\)\(signed int\)i \+ 1\): FAILURE

0 commit comments

Comments
 (0)