Wrong --conversion-check in cast from double to unsigned #8131

cesaro · 2023-12-20T13:32:25Z

The below program

int main() {
  unsigned u = 0xffffffffu;

  // since the double type seems to be implemented with a IEEE 754 binary64
  // format in CBMC, which has 53 bits of mantissa, double has enough bits to
  // represent the exact value of u, use, e.g., http://weitz.de/ieee/ to check;
  // therefore, C17, section 6.3.1.4, paragraph 2 says that this is
  // defined behavior and d should store the exact value that u stores
  double d = u;

  // defined behavior behavior as well, by C17 section 6.3.1.4, paragraph 1,
  // because the 'unsigned' type can represent the value; however,
  // cbmc --conversion-check complains
  u = (unsigned) d;

  return 0;
}

doesn't have undefined behavior in the double-to-unsigned conversion, according to C17, section 6.3.1.4, paragraph 1, but

cbmc --conversion-check main.c

in Linux, using latest develop, complains about an arithmetic overflow.

The text was updated successfully, but these errors were encountered:

We use less-than in the comparison, so make the bound one larger than the largest representable value (as we do in the other cases of float-to-signed/unsigned conversion checks). Fixes: diffblue#8131

tautschnig mentioned this issue Jan 11, 2024

Conversion check: fix off-by-one error for float-to-unsigned #8157

Merged

3 tasks

tautschnig added the pending merge label Jan 11, 2024

kroening closed this as completed in #8157 Jan 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Wrong --conversion-check in cast from double to unsigned #8131

Wrong --conversion-check in cast from double to unsigned #8131

cesaro commented Dec 20, 2023

Wrong --conversion-check in cast from double to unsigned #8131

Wrong --conversion-check in cast from double to unsigned #8131

Comments

cesaro commented Dec 20, 2023