[PATCH] Fix silent overflow bug in APFloat::multiplySignificand (PR20728).

Lang Hames lhames at gmail.com
Tue Nov 18 17:13:24 PST 2014 

Hi All,

I've been digging in to http://llvm.org/PR20728 and I've discovered the
root cause of the bug detailed there. The short version is that on x86 the
following call should constant-fold to 4.0L:

fmal(1.0L, 1.0L, 3.0L)

However, it currently constant folds to 0.0L.

Here's what goes wrong: The call is constant folded using
APFloat::fusedMultiplyAdd, but the real work is done by
APFloat::multiplySignificand. APFloat::multiplySignificand takes an RHS for
the multiplication and an optional addend. The method allocates a 2x
precision intermediate significand to hold the result of both operations.
This is sufficient to hold the result of the multiplication without
overflowing, but if the MSB of the multiplication result and the addend are
both in the top bits of their respective significands, the addition
operation will overflow. For reasons too perverse to detail here (read the
bug for the gory details) this overflow is not detected, and
multiplySignificand happily returns bogus results. In the case of the test
case above, you end up with:

    0100...0  (1.0)
+   1100...0  (3.0)
---------------------
1 | 0000...0  (0.0!)

The attached patch fixes this bug by holding the intermediate result in 2 *
precision + 1 bits, and arranging for the top bit of the addend to be zero
(by shifting right by 1). This means that the addition no longer overflows,
but simply carries into the top bit.

This patch passes the regression test suite and the nightly test suite on
x86-64, so that's a good start. Are there any APFloat experts out there who
are able to offer comment on the approach I've taken though? It seems
superficially sane, but this is floating point code - the appearance of
sanity may be purely coincidental.

Cheers,
Lang.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20141118/a742e03b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: APFloat_multiplySignificand_fix.patch
Type: application/octet-stream
Size: 4365 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/llvm-commits/attachments/20141118/a742e03b/attachment.obj>

More information about the llvm-commits mailing list