| | 324 | |
| | 325 | === 6. Safe-Float === |
| | 326 | |
| | 327 | Potential mentors: Damian Vicino |
| | 328 | |
| | 329 | ==== Background ==== |
| | 330 | |
| | 331 | Arithmetic operations in C++ are NOT guaranteed to yield a correct mathematical result. For instance, the overflow on addition operation may produce an infinite value when using float. Safe Float proposes implementing a drop-in replacement for floating point numeric data types guaranteeing that, when used in expressions in a C++ program, no incorrect arithmetic results will be produced without developer awareness. |
| | 332 | |
| | 333 | In addition to the arithmetic problems, some others can result in security concerns related to usage of floating point. In these regards, the CERT Division of Software Engineering Institute at Carnegie Mellon University publishes guidelines for Secure Programming when using FP datatypes ![1]. |
| | 334 | |
| | 335 | A survey of arithmetic problems was written by David Goldberg in 1991 ![2]. And the limitations of Intel architecture for implementing floating point are described in the IA-32 ![3] and x87 ![4] manuals. |
| | 336 | |
| | 337 | Problems with floating-point can be categorised in: |
| | 338 | - Domain/Pole/Range errors |
| | 339 | - Approximation errors and narrowing on casting |
| | 340 | - Unexpected input (e.g. reading a NaN from a stream when expecting a number) |
| | 341 | - Ill defined (e.g. initialise or read as input “0.1”) |
| | 342 | - Unexpected operation results (e.g. undetected denormalisation, rounding, underflow, overflow to infinity or NaN operands) |
| | 343 | |
| | 344 | Since C++11 and C++14 standards ![5] provided standardised floating point environment access giving the possibility of tackle the problem efficiently in a platform independent way. Using the floating-point environment, most problems can be detected by introducing multiple lines of code after each operation for checking flags. Requiring the programmer to write down all these checks in every place a floating point operation is executed is error-prone. |
| | 345 | |
| | 346 | In general, the problems mentioned lead to obscure and hard to detect bugs for the non-expert in numerical methods. However, some algorithms are designed taking in account approximations and errors to happen and could be silently discarded. Thus, our approach in safe-float is allowing the declaration of concerns to be considered for each declared variable (e.g. we can define safe_float<float, check_division_by_zero> which only checks for division by zero problems). |
| | 347 | |
| | 348 | ==== GSoC project proposal ==== |
| | 349 | |
| | 350 | During GSoC 2015, safe-float was partially implemented exploring different designs. Now, with a stable design, we want to focus in finishing up the details to start the review process. |
| | 351 | |
| | 352 | 1. Implement new policies for cast and error handling of the data type. |
| | 353 | 2. Implement Safe-Float literals for IEEE754 standard compliance. |
| | 354 | 3. Extend the test suite. |
| | 355 | 4. Define Concepts were required. |
| | 356 | 5. Check correct exception guarantees are implemented. |
| | 357 | 6. Extend current documentation ![6]. |
| | 358 | |
| | 359 | ==== Programming competency test ==== |
| | 360 | |
| | 361 | - Define a user defined literal assignable to float that fails compilation when the value provided cannot be expressed as an positive integer power of 0.5 (e.g. 0.5, 0.25, 0.125). |
| | 362 | - Provide a function receiving an integer (X) and a tuple (std::tuple<type1, type2, type3…>) into a tuple of vectors (std::tuple<std::vector<type1>,std::vector<type2>, std::vector<type3>, …> where each vector has X elements of each originally received in each tuple_element. |
| | 363 | E.g. for X=2 and the tuple {1, 1.0, ‘a’} , the result type is std::tuple<std::vector<int>, std::vector<double>, std::vector<char>> and the values are: {{1, 1},{1.0, 1.0},{‘a’, ‘a’}} |
| | 364 | - Provide a template function “get_vector”, similar to std::get, that given the type X as parameter, returns editable access to the vector of type X in a tuple of vectors. |
| | 365 | |
| | 366 | ==== References ==== |
| | 367 | |
| | 368 | - ![1] SEI CERT. The CERT C++ secure coding standard. Pearson Education, 2008. |
| | 369 | - ![2] Goldberg, David. "What every computer scientist should know about floating-point arithmetic." ACM Computing Surveys (CSUR) 23.1 (1991): 5-48. |
| | 370 | - ![3] Intel® 64 and IA-32 Architectures Software Developer’s Manual - Volume 2 (specially sections about FP flags in FADD, FSUB, FMUL and FDIV) [4] x87 and SSE Floating Point Assists in IA-32: Flush-To-Zero (FTZ) and Denormals-Are-Zero (DAZ) |
| | 371 | - ![5] http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2014/n4296.pdf |
| | 372 | - ![6] http://sdavtaker.github.io/safefloat/doc/html/index.html |
| | 373 | |
