Changes between Version 17 and Version 18 of SoC2016


Ignore:
Timestamp:
Feb 19, 2016, 12:29:19 PM (7 years ago)
Author:
Niall Douglas
Comment:

Added safe-float proposal

Legend:

Unmodified
Added
Removed
Modified
  • SoC2016

    v17 v18  
    322322No specific competency test is proposed, but candidate students are required to show some previous work where all or most of these skills are exhibited.
    323323
     324
     325=== 6. Safe-Float ===
     326
     327Potential mentors: Damian Vicino
     328
     329==== Background ====
     330
     331Arithmetic operations in C++ are NOT guaranteed to yield a correct mathematical result. For instance, the overflow on addition operation may produce an infinite value when using float. Safe Float proposes implementing a drop-in replacement for floating point numeric data types guaranteeing that, when used in expressions in a C++ program, no incorrect arithmetic results will be produced without developer awareness.
     332
     333In addition to the arithmetic problems, some others can result in security concerns related to usage of floating point. In these regards, the CERT Division of Software Engineering Institute at Carnegie Mellon University publishes guidelines for Secure Programming when using FP datatypes ![1].
     334
     335A survey of arithmetic problems was written by David Goldberg in 1991 ![2]. And the limitations of Intel architecture for implementing floating point are described in the IA-32 ![3] and x87 ![4] manuals.
     336
     337Problems with floating-point can be categorised in:
     338- Domain/Pole/Range errors
     339- Approximation errors and narrowing on casting
     340- Unexpected input (e.g. reading a NaN from a stream when expecting a number)
     341- Ill defined (e.g. initialise or read as input “0.1”)
     342- Unexpected operation results (e.g. undetected denormalisation, rounding, underflow, overflow to infinity or NaN operands)
     343
     344Since C++11 and C++14 standards ![5] provided standardised floating point environment access giving the possibility of tackle the problem efficiently in a platform independent way. Using the floating-point environment, most problems can be detected by introducing multiple lines of code after each operation for checking flags. Requiring the programmer to write down all these checks in every place a floating point operation is executed is error-prone.
     345
     346In general, the problems mentioned lead to obscure and hard to detect bugs for the non-expert in numerical methods. However, some algorithms are designed taking in account approximations and errors to happen and could be silently discarded. Thus, our approach in safe-float is allowing the declaration of concerns to be considered for each declared variable (e.g. we can define safe_float<float, check_division_by_zero> which only checks for division by zero problems). 
     347
     348==== GSoC project proposal ====
     349
     350During GSoC 2015, safe-float was partially implemented exploring different designs. Now, with a stable design, we want to focus in finishing up the details to start the review process.
     351
     3521. Implement new policies for cast and error handling of the data type.
     3532. Implement Safe-Float literals for IEEE754 standard compliance.
     3543. Extend the test suite.
     3554. Define Concepts were required.
     3565. Check correct exception guarantees are implemented.
     3576. Extend current documentation ![6].
     358
     359==== Programming competency test ====
     360
     361- Define a user defined literal assignable to float that fails compilation when the value provided cannot be expressed as an positive integer power of 0.5 (e.g. 0.5, 0.25, 0.125).
     362- Provide a function receiving an integer (X) and a tuple (std::tuple<type1, type2, type3…>) into a tuple of vectors (std::tuple<std::vector<type1>,std::vector<type2>, std::vector<type3>, …> where each vector has X elements of each originally received in each tuple_element.
     363 E.g. for X=2 and the tuple {1, 1.0, ‘a’} , the result type is std::tuple<std::vector<int>, std::vector<double>, std::vector<char>> and the values are: {{1, 1},{1.0, 1.0},{‘a’, ‘a’}}
     364- Provide a template function “get_vector”, similar to std::get, that given the type X as parameter, returns editable access to the vector of type X in a tuple of vectors.
     365
     366==== References ====
     367
     368- ![1] SEI CERT. The CERT C++ secure coding standard. Pearson Education, 2008.
     369- ![2] Goldberg, David. "What every computer scientist should know about floating-point arithmetic." ACM Computing Surveys (CSUR) 23.1 (1991): 5-48.
     370- ![3] Intel® 64 and IA-32 Architectures Software Developer’s Manual - Volume 2 (specially sections about FP flags in FADD, FSUB, FMUL and FDIV) [4] x87 and SSE Floating Point Assists in IA-32: Flush-To-Zero (FTZ) and Denormals-Are-Zero (DAZ)
     371- ![5] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2014/n4296.pdf
     372- ![6] http://sdavtaker.github.io/safefloat/doc/html/index.html
     373
    324374'''[wiki:GSoCIdeaTemplate To any potential mentor adding a proposal HERE please use this template]'''