Signed double -0.0 vs 0.0 - MSVS2012 Visual C++ bug in x64 mode when compiled with /fp:fast /O2

Signed double -0.0 vs 0.0 - MSVS2012 Visual C++ bug in x64 mode when compiled with /fp:fast /O2 by George Yohng

Closed

as Fixed

Type:	Bug
ID:	754839
Opened:	7/20/2012 10:46:52 AM
Access Restriction:	Public

Workaround(s)

view

User(s) can reproduce this bug

Signed double -0.0 vs 0.0 - MSVS2012 Visual C++ optimized mishandles the difference between these two values with unexpected results in x64 mode when a program is compiled with /fp:fast /O2

Google V8 engine crashes badly because of this bug with /fp:fast and /O2 on x64

Details (expand)

Visual Studio 2012 RC

Compile with:
cl /fp:fast /O2 program.cpp
#include <stdio.h>

inline double SignedZero(bool negative) {
const unsigned long long negZ = 0x8000000000000000ULL;
return negative ? *((double*)&negZ) : 0.0;
}

inline double SignedZero2(bool negative) {
return negative ? -0.0 : 0.0;
}

int main()
{
    printf("%f %f\n", SignedZero(true), SignedZero(false));
    printf("%f %f\n", SignedZero2(true),SignedZero2(false));

    return 0;
}

To trick the optimizer, so that it doesn't remove the actual functions and to see that no branch is actually compiled in, use the following substitution for the inner part of the main:

    int d;

    sscanf("1","%d",&d);

    printf("%f %f\n", SignedZero(d), SignedZero(!d));
    printf("%f %f\n", SignedZero2(d),SignedZero2(!d));

English

Windows 7

English

SignedZero - is a function made with a workaround, while SignedZero2 is the way it appears in Google V8 Javascript Engine. The output from the sample program below is (which is erroneous):

-0.000000 0.000000
-0.000000 -0.000000

When disassembling one can see that the branch is eliminated altogether from the function SignedZero2.

The program should display:

-0.000000 0.000000
-0.000000 0.000000

0 attachments

Posted by Microsoft on 7/25/2012 at 10:20 AM

This is actually by design. Under /fp:fast, -0.0 is not differentiated from +0.0, and so when given “negative ? -0.0 : 0.0;” the optimizer is allowed to treat them as the same and pick to always return one of them.

/fp:fast also enables other optimizations that illustrate this. For example, given:
-(x – y)
With /fp:fast, we are allowed to optimize this to:
y – x
If x and y are the same (ie 1.0), the initial expression gives us -0.0 while the second expression gives us 0.0.

Shayne Hiet-Block
VC++ Code Generation and Optimization Team

Posted by Microsoft on 7/23/2012 at 12:34 AM

Thank you for submitting feedback on Visual Studio 11 and .NET Framework. Your issue has been routed to the appropriate VS development team for review. We will contact you if we require any additional information.

Posted by Microsoft on 7/20/2012 at 10:51 AM

Thank you for your feedback, we are currently reviewing the issue you have submitted. If this issue is urgent, please contact support directly(http://support.microsoft.com)