12

I'm finding the floating-point model/error issues quite confusing. It's an area I'm not familiar with and I'm not a low level C/asm programmer, so I would appreciate a bit of advice.

I have a largish C++ application built with VS2012 (VC11) that I have configured to throw floating-point exceptions (or more precisely, to allow the C++ runtime and/or hardware to throw fp-exceptions) - and it is throwing quite a lot of them in the release (optimized) build, but not in the debug build. I assume this is due to the optimizations and perhaps the floating-point model (although the compiler /fp:precise switch is set for both the release and debug builds).

My first question relates to managing the debugging of the app. I want to control where fp-exceptions are thrown and where they are "masked". This is needed because I am debugging the (optimized) release build (which is where the fp-exceptions occur) - and I want to disable fp-exceptions in certain functions where I have detected problems, so I can then locate new FP problems. But I am confused by the difference between using _controlfp_s to do this (which works fine) and the compiler (and #pragma float_control) switch "/fp:except" (which seems to have no effect). What is the difference between these two mechanisms? Are they supposed to have the same effect on fp exceptions?

Secondly, I am getting a number of "Floating-point stack check" exceptions - including one that seems to be thrown in a call to the GDI+ dll. Searching around the web, the few mentions of this exception seem to indicate it is due to compiler bugs. Is this generally the case? If so, how should I work round this? Is it best to disable compiler optimizations for the problem functions, or to disable fp-exceptions just for the problematic areas of code if there don't appear to be any bad floating-point values returned? For example, in the GDI+ call (to GraphicsPath::GetPointCount) that throws this exception, the actual returned integer value seems correct. Currently I'm using _controlfp_s to disable fp-exceptions immediately prior to the GDI+ call – and then use it again to re-enable exceptions directly after the call.

Finally, my application does make a lot of floating-point calculations and needs to be robust and reliable, but not necessarily hugely accurate. The nature of the application is that the floating-point values generally indicate probabilities, so are inherently somewhat imprecise. However, I want to trap any pure logic errors, such as divide by zero. What is the best fp model for this? Currently I am:

  • trapping all fp exceptions (i.e. EM_OVERFLOW | EM_UNDERFLOW | EM_ZERODIVIDE | EM_DENORMAL | EM_INVALID) using _controlfp_s and a SIGFPE Signal handler,
  • have enabled the denormals-are-zero (DAZ) and flush-to-zero (FTZ) (i.e. _MM_SET_FLUSH_ZERO_MODE(_MM_DENORMALS_ZERO_ON)), and
  • I am using the default VC11 compiler settings /fp:precise with /fp:except not specified.

Is this the best model?

Thanks and regards!

Jools99
  • 151
  • 1
  • 7
  • =="I want to control where fp exceptions are thrown and where they are "masked"."== Exception should never me masked. If they should be masked then you should not be throwing an exception in the first place. If by masking, you mean handling the exception then, it should be the same both in debug and release. – Ram May 29 '13 at 03:42
  • Hi Ram. This is mainly for debugging of my app – I want to disable fp-exceptions in certain functions where I have detected problems, so I can then locate new problems. I also have the issue with the fp-exception thrown by the GDI+ call. Currently I use _controlfp_s to disable fp-exceptions immediately prior to the call – and then use it to re-enable exceptions directly after. And I’m not sure all fp-exceptions are necessarily relevant (e.g. EM_DENORMAL) – which I assume is why VC (and other compilers?) disable them by default. I could do with advice on this – hence the last question above. – Jools99 May 29 '13 at 04:02
  • 3
    @Ram: These exceptions are not raised in software, they are generated as a result of FPU faults. Masking determines whether or not the fault becomes an exception. Don't think about C++ exception handling, `try`/`catch`, or stack unwinding. These are also exceptions but the behavior is different from C++ exceptions. – Ben Voigt May 29 '13 at 04:32
  • There are a *lot* of libraries that expect the FPU to be initialized with the exceptions turned off. They'll expect a division by zero to generate infinity, use NaN to track "not initialized" state, etcetera. You cannot afford to use such libraries unless you explicitly change the FPU control word before making a call. This is not practical. – Hans Passant Jun 16 '13 at 12:24
  • You may want to consider using a class which stores a rational number as {enumerator,denominator} and supports all the arithmetic operations provided in C++. I can send you such class, which does not perform any FP operations whatsoever. Although, if you're running a RT/embedded system, then it might fail to meet your requirements, time-wise (speed) and space-wise (memory). Of course, if it works for you, then you can always change the internal implementation to fit your system requirements. – barak manos Dec 31 '13 at 12:17
  • FP stack-check exceptions imply a bug, not necessarily near the exception. If a function returns a float and you call it through a function pointer that says it returns an int then it will leave the result on the 8-element x87 FPU stack and the caller will not know to pop it. Do that eight times and the FPU stack is full, and badness happens. Debugging these is a pain. Watch for the FPU stack pointer changing. Or, switch to 64-bit where the x87 stack is not used. – Bruce Dawson May 15 '14 at 22:00

3 Answers3

4

Most of the the following information comes from Bruce Dawson's blog post on the subject (link).

Since you're working with C++, you can create a RAII class that enables or disables floating point exceptions in a scoped manner. This lets you have greater control so that you're only exposing the exception state to your code, rather than manually managing calling _controlfp_s() yourself. In addition, floating point exception state that is set this way is system wide, so it's really advisable to remember the previous state of the control word and restore it when needed. RAII can take care of this for you and is a good solution for the issues with GDI+ that you're describing.

The exception flags _EM_OVERFLOW, _EM_ZERODIVIDE, and _EM_INVALID are the most important to account for. _EM_OVERFLOW is raised when positive or negative infinity is the result of a calculation, whereas _EM_INVALID is raised when a result is a signaling NaN. _EM_UNDERFLOW is safe to ignore; it signals when your computation result is non-zero and between -FLT_MIN and FLT_MIN (in other words, when you generate a denormal). _EM_INEXACT is raised too frequently to be of any practical use due to the nature of floating point arithmetic, although it can be informative if trying to track down imprecise results in some situations.

SIMD code adds more wrinkles to the mix; since you don't indicate using SIMD explicitly I'll leave out a discussion of that except to note that specifying anything other than /fp:fast can disable automatic vectorization of your code in VS 2012; see this answer for details on this.

Community
  • 1
  • 1
masrtis
  • 1,282
  • 17
  • 32
  • Thanks for the shoutout to my blog post. The controlfp family of functions set the state of the masking flags in the FPU, turning them on and off. That is what controls whether FPU exceptions are masked or not (and by default they are all masked Ram). I believe that /fp:except and #pragma float_control tell the compiler to generate code that is compatible with floating-point exceptions. This is important if you want to trap them, handle them, and continue. If you are using them just to find bugs (if you don't try to continue afterwards) then they are not important. – Bruce Dawson May 15 '14 at 21:58
1

I can't help much with the first two questions, but I have experience and a suggestion for the question about masking FPU exceptions.

I've found the functions

_statusfp()  (x64 and Win32)
_statusfp2() (Win32 only)
_fpreset()
_controlfp_s()
_clearfp()
_matherr()

useful when debugging FPU exceptions and in delivering a stable and fast product.

When debugging, I selectively unmask exceptions to help isolate the line of code where an fpu exception is generated in a calculation where I cannot avoid calling other code that unpredictably generates fpu exceptions (like the .NET JIT's divide by zeros).

In released product I use them to deliver a stable program that can tolerate serious floating point exceptions, detect when they occur, and recover gracefully.

I mask all FPU exceptions when I have to call code that cannot be changed,does not have reliable exception handing, and occasionally generates FPU exceptions.

Example:

#define BAD_FPU_EX (_EM_OVERFLOW | _EM_ZERODIVIDE | _EM_INVALID)
#define COMMON_FPU_EX (_EM_INEXACT | _EM_UNDERFLOW | _EM_DENORMAL)
#define ALL_FPU_EX (BAD_FPU_EX | COMMON_FPU_EX)

Release code:

_fpreset();
Use _controlfp_s() to mask ALL_FPU_EX 
_clearfp();
... calculation
unsigned int bad_fpu_ex = (BAD_FPU_EX  & _statusfp());
_clearfp(); // to prevent reacting to existing status flags again
if ( 0 != bad_fpu_ex )
{
  ... use fallback calculation
  ... discard result and return error code
  ... throw exception with useful information
}

Debug code:

_fpreset();
_clearfp();
Use _controlfp_s() to mask COMMON_FPU_EX and unmask BAD_FPU_EX 
... calculation
  "crash" in debugger on the line of code that is generating the "bad" exception.

Depending on your compiler options, release builds may be using intrinsic calls to FPU ops and debug builds may call math library functions. These two methods can have significantly different error handling behavior for invalid operations like sqrt(-1.0).

Using executables built with VS2010 on 64-bit Windows 7, I have generated slightly different double precision arithmetic values when using identical code on Win32 and x64 platforms. Even using non-optimized debug builds with /fp::precise, the fpu precision control explicitly set to _PC_53, and the fpu rounding control explicitly set to _RC_NEAR. I had to adjust some regression tests that compare double precision values to take the platform into account. I don't know if this is still an issue with VS2012, but heads up.

Dale Lear
  • 41
  • 2
0

I've been struggling for achieving some information about handling floating point exceptions on linux and I can tell you what I learned: There are a few ways of enabling the exception mechanism:

  1. fesetenv (FE_NOMASK_ENV); enables all exceptions
  2. feenableexcept(FE_ALL_EXCEPT );
 fpu_control_t fw;
 _FPU_GETCW(fw);
 fw |=FE_ALL_EXCEPT;
 _FPU_SETCW(fw);

4.

> fenv_t envp; include bits/fenv.h   
> fegetenv(&envp);    
 envp.__control_word |= ~_FPU_MASK_OM;   
> fesetenv(&envp);

5.

> fpu_control_t cw;
> __asm__ ("fnstcw %0" : "=m" (*&cw));get config word
>cw |= ~FE_UNDERFLOW;
> __asm__ ("fldcw %0" : : "m" (*&cw));write config word

6.C++ mode: std::feclearexcept(FE_ALL_EXCEPT);

There are some useful links : http://frs.web.cern.ch/frs/Source/MAC_headers/fpu_control.h http://en.cppreference.com/w/cpp/numeric/fenv/fetestexcept http://technopark02.blogspot.ro/2005/10/handling-sigfpe.html

Emil Condrea
  • 9,705
  • 7
  • 33
  • 52