Disable Divide by 0 Checks for Floats #3327
Assignees
Labels
[C] Internal
Tracks some internal work. I.e.: Users should not be affected.
T-CBMC
Issue related to an existing CBMC issue
Comments
cvick32
added
the
[C] Internal
|
Kani previously found a counterexample on this function using this harness: fn div_euclid_f64(lhs: f64, rhs: f64) -> f64 {
let q = (lhs / rhs).trunc();
if lhs % rhs < 0.0 {
if rhs > 0.0 {
q - 1.0
} else {
q + 1.0
}
} else {
q
}
}
#[kani::proof]
fn kani_harness_div_euclid_f64() {
let lhs: f64 = kani::any();
let rhs: f64 = kani::any();
div_euclid_f64(lhs, rhs);
}Kani's output summary from running SUMMARY:
** 4 of 62 failed
Failed Checks: division by zero
File: "src/epoch/mod.rs", line 1186, in epoch::div_euclid_f64
Failed Checks: NaN on division
File: "src/epoch/mod.rs", line 1186, in epoch::div_euclid_f64
Failed Checks: arithmetic overflow on floating-point division
File: "src/epoch/mod.rs", line 1186, in epoch::div_euclid_f64
Failed Checks: division by zero
File: "src/epoch/mod.rs", line 1187, in epoch::div_euclid_f64 |
|
Hmm, looks like we have a bug on the CBMC side in that floating-point division does not have checks enabled by default anymore, but floating-point remainder still has those. |
|
I intend to fold the fix for this on the CBMC side into diffblue/cbmc#7885 as, until that work is completed, any floating-point remainder operations are very questionable. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposed change: Remove divide by 0 checks for floating point numbers, as they are well-defined in Rust? A similar change for +/- Inf was made in this PR.
Motivation: This change would eliminate false positives in verification failures.
The text was updated successfully, but these errors were encountered: