C library: do not flag float overflow with HUGE_VAL

tautschnig · tautschnig · commit c56f1672ed8e · 2024-02-08T14:57:37.000Z
Visual Studio uses `1.000000e+300 * 1.000000e+300` as value behind the
`HUGE_VAL` macro. We should not report an overflow for this approach of
producing infinity.
diff --git a/src/ansi-c/library/math.c b/src/ansi-c/library/math.c
@@ -2558,7 +2558,10 @@ double exp(double x)
   else if(x > 1024.0 * M_LN2)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return HUGE_VAL;
+#pragma CPROVER check pop
   }
 
   // Nicol N. Schraudolph: A Fast, Compact Approximation of the Exponential
@@ -2632,7 +2635,10 @@ float expf(float x)
   else if(x > 128.0f * (float)M_LN2)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return HUGE_VALF;
+#pragma CPROVER check pop
   }
 
   // 23 is 32 - 1 sign bit - 8 exponent bits
@@ -2708,7 +2714,10 @@ long double expl(long double x)
   else if(x > 16384.0l * M_LN2)
   {
     errno = ERANGE;
+#  pragma CPROVER check push
+#  pragma CPROVER check disable "float-overflow"
     return HUGE_VALL;
+#  pragma CPROVER check pop
   }
   // 16 is 32 - 1 sign bit - 15 exponent bits
   int32_t bias = (1 << 16) * ((1 << 14) - 1);
@@ -2773,7 +2782,10 @@ double log(double x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VAL;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signd(x))
   {
@@ -2838,7 +2850,10 @@ float logf(float x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VALF;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signf(x))
   {
@@ -2904,7 +2919,10 @@ long double logl(long double x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VALL;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signld(x))
   {
@@ -2975,7 +2993,10 @@ double log2(double x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VAL;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signd(x))
   {
@@ -3039,7 +3060,10 @@ float log2f(float x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VALF;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signf(x))
   {
@@ -3104,7 +3128,10 @@ long double log2l(long double x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VALL;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signld(x))
   {
@@ -3175,7 +3202,10 @@ double log10(double x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VAL;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signd(x))
   {
@@ -3242,7 +3272,10 @@ float log10f(float x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VALF;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signf(x))
   {
@@ -3309,7 +3342,10 @@ long double log10l(long double x)
   else if(fpclassify(x) == FP_ZERO)
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return -HUGE_VALL;
+#pragma CPROVER check pop
   }
   else if(__CPROVER_signld(x))
   {
@@ -3441,10 +3477,13 @@ double pow(double x, double y)
   else if(fpclassify(x) == FP_ZERO && __CPROVER_signd(y))
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     if(__CPROVER_signd(x) && nearbyint(y) == y && fabs(fmod(y, 2.0)) == 1.0)
       return -HUGE_VAL;
     else
       return HUGE_VAL;
+#pragma CPROVER check pop
   }
   else if(isnan(x) || isnan(y))
 #pragma CPROVER check push
@@ -3479,7 +3518,10 @@ double pow(double x, double y)
   if(fabs(mult_result) > (double)(1 << 30))
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return y > 0.0 ? HUGE_VAL : 0.0;
+#pragma CPROVER check pop
   }
 #if !defined(__BYTE_ORDER__) || __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
   u.i[1] = (int32_t)mult_result + (bias + exp_c);
@@ -3583,13 +3625,16 @@ float powf(float x, float y)
   else if(fpclassify(x) == FP_ZERO && __CPROVER_signf(y))
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     if(
       __CPROVER_signf(x) && nearbyintf(y) == y && fabsf(fmodf(y, 2.0f)) == 1.0f)
     {
       return -HUGE_VALF;
     }
     else
       return HUGE_VALF;
+#pragma CPROVER check pop
   }
   else if(isnanf(x) || isnanf(y))
 #pragma CPROVER check push
@@ -3619,7 +3664,10 @@ float powf(float x, float y)
   if(fabsf(mult_result) > (float)(1 << 30))
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     return y > 0.0f ? HUGE_VALF : 0.0f;
+#pragma CPROVER check pop
   }
   u.i = (int32_t)mult_result + (bias + exp_c);
   return u.f;
@@ -3722,6 +3770,8 @@ long double powl(long double x, long double y)
   else if(fpclassify(x) == FP_ZERO && __CPROVER_signld(y))
   {
     errno = ERANGE;
+#pragma CPROVER check push
+#pragma CPROVER check disable "float-overflow"
     if(
       __CPROVER_signld(x) && nearbyintl(y) == y &&
       fabsl(fmodl(y, 2.0l)) == 1.0l)
@@ -3730,6 +3780,7 @@ long double powl(long double x, long double y)
     }
     else
       return HUGE_VALL;
+#pragma CPROVER check pop
   }
   else if(isnanl(x) || isnanl(y))
 #pragma CPROVER check push
@@ -3767,7 +3818,10 @@ long double powl(long double x, long double y)
   if(fabsl(mult_result) > (long double)(1 << 30))
   {
     errno = ERANGE;
+#  pragma CPROVER check push
+#  pragma CPROVER check disable "float-overflow"
     return y > 0.0l ? HUGE_VALL : 0.0l;
+#  pragma CPROVER check pop
   }
   int32_t result = (int32_t)mult_result + (bias + exp_c);
   union U result_u = {.i = {0}};

Original file line number	Diff line number	Diff line change
`@@ -2558,7 +2558,10 @@ double exp(double x)`
`2558`	`2558`	`else if(x > 1024.0 * M_LN2)`
`2559`	`2559`	`{`
`2560`	`2560`	`errno = ERANGE;`
	`2561`	`+#pragma CPROVER check push`
	`2562`	`+#pragma CPROVER check disable "float-overflow"`
`2561`	`2563`	`return HUGE_VAL;`
	`2564`	`+#pragma CPROVER check pop`
`2562`	`2565`	`}`
`2563`	`2566`
`2564`	`2567`	`// Nicol N. Schraudolph: A Fast, Compact Approximation of the Exponential`
`@@ -2632,7 +2635,10 @@ float expf(float x)`
`2632`	`2635`	`else if(x > 128.0f * (float)M_LN2)`
`2633`	`2636`	`{`
`2634`	`2637`	`errno = ERANGE;`
	`2638`	`+#pragma CPROVER check push`
	`2639`	`+#pragma CPROVER check disable "float-overflow"`
`2635`	`2640`	`return HUGE_VALF;`
	`2641`	`+#pragma CPROVER check pop`
`2636`	`2642`	`}`
`2637`	`2643`
`2638`	`2644`	`// 23 is 32 - 1 sign bit - 8 exponent bits`
`@@ -2708,7 +2714,10 @@ long double expl(long double x)`
`2708`	`2714`	`else if(x > 16384.0l * M_LN2)`
`2709`	`2715`	`{`
`2710`	`2716`	`errno = ERANGE;`
	`2717`	`+# pragma CPROVER check push`
	`2718`	`+# pragma CPROVER check disable "float-overflow"`
`2711`	`2719`	`return HUGE_VALL;`
	`2720`	`+# pragma CPROVER check pop`
`2712`	`2721`	`}`
`2713`	`2722`	`// 16 is 32 - 1 sign bit - 15 exponent bits`
`2714`	`2723`	`int32_t bias = (1 << 16) * ((1 << 14) - 1);`
`@@ -2773,7 +2782,10 @@ double log(double x)`
`2773`	`2782`	`else if(fpclassify(x) == FP_ZERO)`
`2774`	`2783`	`{`
`2775`	`2784`	`errno = ERANGE;`
	`2785`	`+#pragma CPROVER check push`
	`2786`	`+#pragma CPROVER check disable "float-overflow"`
`2776`	`2787`	`return -HUGE_VAL;`
	`2788`	`+#pragma CPROVER check pop`
`2777`	`2789`	`}`
`2778`	`2790`	`else if(__CPROVER_signd(x))`
`2779`	`2791`	`{`
`@@ -2838,7 +2850,10 @@ float logf(float x)`
`2838`	`2850`	`else if(fpclassify(x) == FP_ZERO)`
`2839`	`2851`	`{`
`2840`	`2852`	`errno = ERANGE;`
	`2853`	`+#pragma CPROVER check push`
	`2854`	`+#pragma CPROVER check disable "float-overflow"`
`2841`	`2855`	`return -HUGE_VALF;`
	`2856`	`+#pragma CPROVER check pop`
`2842`	`2857`	`}`
`2843`	`2858`	`else if(__CPROVER_signf(x))`
`2844`	`2859`	`{`
`@@ -2904,7 +2919,10 @@ long double logl(long double x)`
`2904`	`2919`	`else if(fpclassify(x) == FP_ZERO)`
`2905`	`2920`	`{`
`2906`	`2921`	`errno = ERANGE;`
	`2922`	`+#pragma CPROVER check push`
	`2923`	`+#pragma CPROVER check disable "float-overflow"`
`2907`	`2924`	`return -HUGE_VALL;`
	`2925`	`+#pragma CPROVER check pop`
`2908`	`2926`	`}`
`2909`	`2927`	`else if(__CPROVER_signld(x))`
`2910`	`2928`	`{`
`@@ -2975,7 +2993,10 @@ double log2(double x)`
`2975`	`2993`	`else if(fpclassify(x) == FP_ZERO)`
`2976`	`2994`	`{`
`2977`	`2995`	`errno = ERANGE;`
	`2996`	`+#pragma CPROVER check push`
	`2997`	`+#pragma CPROVER check disable "float-overflow"`
`2978`	`2998`	`return -HUGE_VAL;`
	`2999`	`+#pragma CPROVER check pop`
`2979`	`3000`	`}`
`2980`	`3001`	`else if(__CPROVER_signd(x))`
`2981`	`3002`	`{`
`@@ -3039,7 +3060,10 @@ float log2f(float x)`
`3039`	`3060`	`else if(fpclassify(x) == FP_ZERO)`
`3040`	`3061`	`{`
`3041`	`3062`	`errno = ERANGE;`
	`3063`	`+#pragma CPROVER check push`
	`3064`	`+#pragma CPROVER check disable "float-overflow"`
`3042`	`3065`	`return -HUGE_VALF;`
	`3066`	`+#pragma CPROVER check pop`
`3043`	`3067`	`}`
`3044`	`3068`	`else if(__CPROVER_signf(x))`
`3045`	`3069`	`{`
`@@ -3104,7 +3128,10 @@ long double log2l(long double x)`
`3104`	`3128`	`else if(fpclassify(x) == FP_ZERO)`
`3105`	`3129`	`{`
`3106`	`3130`	`errno = ERANGE;`
	`3131`	`+#pragma CPROVER check push`
	`3132`	`+#pragma CPROVER check disable "float-overflow"`
`3107`	`3133`	`return -HUGE_VALL;`
	`3134`	`+#pragma CPROVER check pop`
`3108`	`3135`	`}`
`3109`	`3136`	`else if(__CPROVER_signld(x))`
`3110`	`3137`	`{`
`@@ -3175,7 +3202,10 @@ double log10(double x)`
`3175`	`3202`	`else if(fpclassify(x) == FP_ZERO)`
`3176`	`3203`	`{`
`3177`	`3204`	`errno = ERANGE;`
	`3205`	`+#pragma CPROVER check push`
	`3206`	`+#pragma CPROVER check disable "float-overflow"`
`3178`	`3207`	`return -HUGE_VAL;`
	`3208`	`+#pragma CPROVER check pop`
`3179`	`3209`	`}`
`3180`	`3210`	`else if(__CPROVER_signd(x))`
`3181`	`3211`	`{`
`@@ -3242,7 +3272,10 @@ float log10f(float x)`
`3242`	`3272`	`else if(fpclassify(x) == FP_ZERO)`
`3243`	`3273`	`{`
`3244`	`3274`	`errno = ERANGE;`
	`3275`	`+#pragma CPROVER check push`
	`3276`	`+#pragma CPROVER check disable "float-overflow"`
`3245`	`3277`	`return -HUGE_VALF;`
	`3278`	`+#pragma CPROVER check pop`
`3246`	`3279`	`}`
`3247`	`3280`	`else if(__CPROVER_signf(x))`
`3248`	`3281`	`{`
`@@ -3309,7 +3342,10 @@ long double log10l(long double x)`
`3309`	`3342`	`else if(fpclassify(x) == FP_ZERO)`
`3310`	`3343`	`{`
`3311`	`3344`	`errno = ERANGE;`
	`3345`	`+#pragma CPROVER check push`
	`3346`	`+#pragma CPROVER check disable "float-overflow"`
`3312`	`3347`	`return -HUGE_VALL;`
	`3348`	`+#pragma CPROVER check pop`
`3313`	`3349`	`}`
`3314`	`3350`	`else if(__CPROVER_signld(x))`
`3315`	`3351`	`{`
`@@ -3441,10 +3477,13 @@ double pow(double x, double y)`
`3441`	`3477`	`else if(fpclassify(x) == FP_ZERO && __CPROVER_signd(y))`
`3442`	`3478`	`{`
`3443`	`3479`	`errno = ERANGE;`
	`3480`	`+#pragma CPROVER check push`
	`3481`	`+#pragma CPROVER check disable "float-overflow"`
`3444`	`3482`	`if(__CPROVER_signd(x) && nearbyint(y) == y && fabs(fmod(y, 2.0)) == 1.0)`
`3445`	`3483`	`return -HUGE_VAL;`
`3446`	`3484`	`else`
`3447`	`3485`	`return HUGE_VAL;`
	`3486`	`+#pragma CPROVER check pop`
`3448`	`3487`	`}`
`3449`	`3488`	`else if(isnan(x) \|\| isnan(y))`
`3450`	`3489`	`#pragma CPROVER check push`
`@@ -3479,7 +3518,10 @@ double pow(double x, double y)`
`3479`	`3518`	`if(fabs(mult_result) > (double)(1 << 30))`
`3480`	`3519`	`{`
`3481`	`3520`	`errno = ERANGE;`
	`3521`	`+#pragma CPROVER check push`
	`3522`	`+#pragma CPROVER check disable "float-overflow"`
`3482`	`3523`	`return y > 0.0 ? HUGE_VAL : 0.0;`
	`3524`	`+#pragma CPROVER check pop`
`3483`	`3525`	`}`
`3484`	`3526`	`#if !defined(__BYTE_ORDER__) \|\| __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__`
`3485`	`3527`	`u.i[1] = (int32_t)mult_result + (bias + exp_c);`
`@@ -3583,13 +3625,16 @@ float powf(float x, float y)`
`3583`	`3625`	`else if(fpclassify(x) == FP_ZERO && __CPROVER_signf(y))`
`3584`	`3626`	`{`
`3585`	`3627`	`errno = ERANGE;`
	`3628`	`+#pragma CPROVER check push`
	`3629`	`+#pragma CPROVER check disable "float-overflow"`
`3586`	`3630`	`if(`
`3587`	`3631`	`__CPROVER_signf(x) && nearbyintf(y) == y && fabsf(fmodf(y, 2.0f)) == 1.0f)`
`3588`	`3632`	`{`
`3589`	`3633`	`return -HUGE_VALF;`
`3590`	`3634`	`}`
`3591`	`3635`	`else`
`3592`	`3636`	`return HUGE_VALF;`
	`3637`	`+#pragma CPROVER check pop`
`3593`	`3638`	`}`
`3594`	`3639`	`else if(isnanf(x) \|\| isnanf(y))`
`3595`	`3640`	`#pragma CPROVER check push`
`@@ -3619,7 +3664,10 @@ float powf(float x, float y)`
`3619`	`3664`	`if(fabsf(mult_result) > (float)(1 << 30))`
`3620`	`3665`	`{`
`3621`	`3666`	`errno = ERANGE;`
	`3667`	`+#pragma CPROVER check push`
	`3668`	`+#pragma CPROVER check disable "float-overflow"`
`3622`	`3669`	`return y > 0.0f ? HUGE_VALF : 0.0f;`
	`3670`	`+#pragma CPROVER check pop`
`3623`	`3671`	`}`
`3624`	`3672`	`u.i = (int32_t)mult_result + (bias + exp_c);`
`3625`	`3673`	`return u.f;`
`@@ -3722,6 +3770,8 @@ long double powl(long double x, long double y)`
`3722`	`3770`	`else if(fpclassify(x) == FP_ZERO && __CPROVER_signld(y))`
`3723`	`3771`	`{`
`3724`	`3772`	`errno = ERANGE;`
	`3773`	`+#pragma CPROVER check push`
	`3774`	`+#pragma CPROVER check disable "float-overflow"`
`3725`	`3775`	`if(`
`3726`	`3776`	`__CPROVER_signld(x) && nearbyintl(y) == y &&`
`3727`	`3777`	`fabsl(fmodl(y, 2.0l)) == 1.0l)`
`@@ -3730,6 +3780,7 @@ long double powl(long double x, long double y)`
`3730`	`3780`	`}`
`3731`	`3781`	`else`
`3732`	`3782`	`return HUGE_VALL;`
	`3783`	`+#pragma CPROVER check pop`
`3733`	`3784`	`}`
`3734`	`3785`	`else if(isnanl(x) \|\| isnanl(y))`
`3735`	`3786`	`#pragma CPROVER check push`
`@@ -3767,7 +3818,10 @@ long double powl(long double x, long double y)`
`3767`	`3818`	`if(fabsl(mult_result) > (long double)(1 << 30))`
`3768`	`3819`	`{`
`3769`	`3820`	`errno = ERANGE;`
	`3821`	`+# pragma CPROVER check push`
	`3822`	`+# pragma CPROVER check disable "float-overflow"`
`3770`	`3823`	`return y > 0.0l ? HUGE_VALL : 0.0l;`
	`3824`	`+# pragma CPROVER check pop`
`3771`	`3825`	`}`
`3772`	`3826`	`int32_t result = (int32_t)mult_result + (bias + exp_c);`
`3773`	`3827`	`union U result_u = {.i = {0}};`