Fix strtod overflow detection (bug 23279).

As shown by bug 23279, strtod's round_and_return has an off-by-one
error in its overflow detection, only counting an exponent greater
than MAX_EXP as overflowing when an exponent of MAX_EXP also means
overflow (recall the ISO C definition of DBL_MAX_EXP etc. is based on
a floating-point model where 2^exp is multiplied by a value in the
interval [0.5, 1), so 2^MAX_EXP is not representable).

For decimal arguments to strtod, a separate overflow check in the main
implementation covers the case where the integer part of the argument
(truncated to the nearest integer towards zero) has more than MAX_EXP
bits, meaning that this issue in round_and_return only affects cases
(arguments with absolute value strictly between the maximum
representable value and 2^MAX_EXP) where overflow depends on the
rounding mode; in such cases, the returned value would still have been
correct on overflow but without the overflow exception being raised or
errno being set to ERANGE.  For hex float arguments, however, other
cases can arise, as shown in bug 23279, where a value with exponent
already set to MAX_EXP is passed into round_and_return and a result
can wrongly end up being NaN, or infinity instead of the largest
finite value.

This patch fixes the off-by-one error, adds testing of overflow
exceptions to the tst-strtod-round framework, and adds tests of these
issues.

Tested for x86_64.  Also ran the tst-strtod-round tests for powerpc to
make sure the new tests didn't introduce any new failures for IBM long
double.

	[BZ #23279]
	* stdlib/strtod_l.c (round_and_return): Handle an exponent of
	MAX_EXP as overflowing.
	* stdlib/gen-tst-strtod-round.c (string_to_fp): Clear MPFR
	overflow flag.
	(round_str): Output also whether result overflows in each rounding
	mode.
	* stdlib/tst-strtod-round-data: Add more tests.
	* stdlib/tst-strtod-round-data.h: Regenerated.
	* stdlib/tst-strtod-round-skeleton.c (_XNTRY): Update comment.
	(TEST): Handle extra arguments for overflow flags.
	(struct test_overflow): New type.
	[!FE_OVERFLOW] (FE_OVERFLOW): Define to 0.
	(GEN_ONE_TEST): Clear all exceptions.  Test overflow flag.
	(test_in_one_mode): Take argument with overflow information.
	(do_test): Update calls to test_in_one_mode.

ChangeLog

@@ -1,3 +1,22 @@
+2018-06-13  Joseph Myers  <joseph@codesourcery.com>
+
+	[BZ #23279]
+	* stdlib/strtod_l.c (round_and_return): Handle an exponent of
+	MAX_EXP as overflowing.
+	* stdlib/gen-tst-strtod-round.c (string_to_fp): Clear MPFR
+	overflow flag.
+	(round_str): Output also whether result overflows in each rounding
+	mode.
+	* stdlib/tst-strtod-round-data: Add more tests.
+	* stdlib/tst-strtod-round-data.h: Regenerated.
+	* stdlib/tst-strtod-round-skeleton.c (_XNTRY): Update comment.
+	(TEST): Handle extra arguments for overflow flags.
+	(struct test_overflow): New type.
+	[!FE_OVERFLOW] (FE_OVERFLOW): Define to 0.
+	(GEN_ONE_TEST): Clear all exceptions.  Test overflow flag.
+	(test_in_one_mode): Take argument with overflow information.
+	(do_test): Update calls to test_in_one_mode.
+
 2018-06-12  Carlos O'Donell  <carlos@redhat.com>
 
 	* elf/dl-load (_dl_dst_substitute): Correct comment.

stdlib/gen-tst-strtod-round.c

@@ -45,6 +45,7 @@
 static int
 string_to_fp (mpfr_t f, const char *s, mpfr_rnd_t rnd)
 {
+  mpfr_clear_overflow ();
 #ifdef WORKAROUND
   mpfr_t f2;
   mpfr_init2 (f2, 100000);
@@ -73,34 +74,45 @@ static void
 round_str (FILE *fout, const char *s, int prec, int emin, int emax,
 	   bool ibm_ld)
 {
+  mpfr_t max_value;
   mpfr_t f;
   mpfr_set_default_prec (prec);
   mpfr_set_emin (emin);
   mpfr_set_emax (emax);
   mpfr_init (f);
   int r = string_to_fp (f, s, MPFR_RNDD);
+  bool overflow = mpfr_overflow_p () != 0;
   if (ibm_ld)
     {
       assert (prec == 106 && emin == -1073 && emax == 1024);
       /* The maximum value in IBM long double has discontiguous
 	 mantissa bits.  */
-      mpfr_t max_value;
       mpfr_init2 (max_value, 107);
       mpfr_set_str (max_value, "0x1.fffffffffffff7ffffffffffffcp+1023", 0,
 		    MPFR_RNDN);
       if (mpfr_cmpabs (f, max_value) > 0)
-	r = 1;
-      mpfr_clear (max_value);
+	{
+	  r = 1;
+	  overflow = true;
+	}
     }
   mpfr_fprintf (fout, "\t%s,\n", r ? "false" : "true");
-  print_fp (fout, f, ",\n");
+  print_fp (fout, f, overflow ? ", true,\n" : ", false,\n");
   string_to_fp (f, s, MPFR_RNDN);
-  print_fp (fout, f, ",\n");
+  overflow = (mpfr_overflow_p () != 0
+	      || (ibm_ld && mpfr_cmpabs (f, max_value) > 0));
+  print_fp (fout, f, overflow ? ", true,\n" : ", false,\n");
   string_to_fp (f, s, MPFR_RNDZ);
-  print_fp (fout, f, ",\n");
+  overflow = (mpfr_overflow_p () != 0
+	      || (ibm_ld && mpfr_cmpabs (f, max_value) > 0));
+  print_fp (fout, f, overflow ? ", true,\n" : ", false,\n");
   string_to_fp (f, s, MPFR_RNDU);
-  print_fp (fout, f, "");
+  overflow = (mpfr_overflow_p () != 0
+	      || (ibm_ld && mpfr_cmpabs (f, max_value) > 0));
+  print_fp (fout, f, overflow ? ", true" : ", false");
   mpfr_clear (f);
+  if (ibm_ld)
+    mpfr_clear (max_value);
 }
 
 static void

stdlib/strtod_l.c

@@ -310,7 +310,7 @@ round_and_return (mp_limb_t *retval, intmax_t exponent, int negative,
 	}
     }
 
-  if (exponent > MAX_EXP)
+  if (exponent >= MAX_EXP)
     goto overflow;
 
   bool half_bit = (round_limb & (((mp_limb_t) 1) << round_bit)) != 0;
@@ -343,7 +343,7 @@ round_and_return (mp_limb_t *retval, intmax_t exponent, int negative,
 	exponent = MIN_EXP - 1;
     }
 
-  if (exponent > MAX_EXP)
+  if (exponent >= MAX_EXP)
   overflow:
     return overflow_value (negative);
 

stdlib/tst-strtod-round-skeleton.c

@@ -121,7 +121,8 @@
 #define ENTRY(...) \
   GEN_TEST_STRTOD_FOREACH (_ENTRY, __VA_ARGS__)
 
-/* Selector for boolean exact tag of expected results.  */
+/* Selector for boolean exact tag of expected results and that for
+   overflow.  */
 #define _XNTRY(FSUF, FTYPE, FTOSTR, LSUF, CSUF, ...)  \
   CHOOSE_ ## FSUF (__VA_ARGS__),
 #define XNTRY(...) \
@@ -136,22 +137,32 @@
 /* This macro is used in conjunction with the output from the
    gen-tst-strtod-round utility to select the appropriately
    rounded long double value for a given format.  */
-#define TEST(s,						\
-	     fx, fd, fn, fz, fu,			\
-	     dx, dd, dn, dz, du,			\
-	     ld64ix, ld64id, ld64in, ld64iz, ld64iu,	\
-	     ld64mx, ld64md, ld64mn, ld64mz, ld64mu,	\
-	     ld106x, ld106d, ld106n, ld106z, ld106u,	\
-	     ld113x, ld113d, ld113n, ld113z, ld113u)	\
-  {							\
-    L_ (s),						\
-    { XNTRY (fx, dx, ld64ix, ld64mx, ld106x, ld113x) },	\
-    {							\
-    { ENTRY (fn, dn, ld64in, ld64mn, ld106n, ld113n) },	\
-    { ENTRY (fd, dd, ld64id, ld64md, ld106d, ld113d) },	\
-    { ENTRY (fz, dz, ld64iz, ld64mz, ld106z, ld113z) },	\
-    { ENTRY (fu, du, ld64iu, ld64mu, ld106u, ld113u) }	\
-    }							\
+#define TEST(s,							\
+	     fx, fd, fdo, fn, fno, fz, fzo, fu, fuo,		\
+	     dx, dd, ddo, dn, dno, dz, dzo, du, duo,		\
+	     ld64ix, ld64id, ld64ido, ld64in, ld64ino,		\
+	     ld64iz, ld64izo, ld64iu, ld64iuo,			\
+	     ld64mx, ld64md, ld64mdo, ld64mn, ld64mno,		\
+	     ld64mz, ld64mzo, ld64mu, ld64muo,			\
+	     ld106x, ld106d, ld106do, ld106n, ld106no,		\
+	     ld106z, ld106zo, ld106u, ld106uo,			\
+	     ld113x, ld113d, ld113do, ld113n, ld113no,		\
+	     ld113z, ld113zo, ld113u, ld113uo)			\
+  {								\
+    L_ (s),							\
+    { XNTRY (fx, dx, ld64ix, ld64mx, ld106x, ld113x) },		\
+    {								\
+    { ENTRY (fn, dn, ld64in, ld64mn, ld106n, ld113n) },		\
+    { ENTRY (fd, dd, ld64id, ld64md, ld106d, ld113d) },		\
+    { ENTRY (fz, dz, ld64iz, ld64mz, ld106z, ld113z) },		\
+    { ENTRY (fu, du, ld64iu, ld64mu, ld106u, ld113u) }		\
+    },								\
+    {								\
+    { XNTRY (fno, dno, ld64ino, ld64mno, ld106no, ld113no) },	\
+    { XNTRY (fdo, ddo, ld64ido, ld64mdo, ld106do, ld113do) },	\
+    { XNTRY (fzo, dzo, ld64izo, ld64mzo, ld106zo, ld113zo) },	\
+    { XNTRY (fuo, duo, ld64iuo, ld64muo, ld106uo, ld113uo) }	\
+    }								\
   }
 
 struct test_exactness
@@ -164,10 +175,16 @@ struct test_results
   STRUCT_FOREACH_FLOAT_FTYPE
   };
 
+struct test_overflow
+  {
+  STRUCT_FOREACH_FLOAT_BOOL
+  };
+
 struct test {
   const CHAR *s;
   struct test_exactness exact;
   struct test_results r[4];
+  struct test_overflow o[4];
 };
 
 /* Include the generated test data.  */
@@ -181,9 +198,13 @@ struct test {
 # define FE_INEXACT 0
 #endif
 
+#ifndef FE_OVERFLOW
+# define FE_OVERFLOW 0
+#endif
+
 #define GEN_ONE_TEST(FSUF, FTYPE, FTOSTR, LSUF, CSUF)		\
 {								\
-  feclearexcept (FE_INEXACT);					\
+  feclearexcept (FE_ALL_EXCEPT);				\
   FTYPE f = STRTO (FSUF) (s, NULL);				\
   if (f != expected->FSUF					\
       || (copysign ## CSUF) (1.0 ## LSUF, f)			\
@@ -200,25 +221,47 @@ struct test {
       else							\
 	printf ("ignoring this inexact result\n");		\
     }								\
-  else if (FE_INEXACT != 0)					\
+  else								\
     {								\
-      bool inexact_raised = fetestexcept (FE_INEXACT) != 0;	\
-      if (inexact_raised != !exact->FSUF)			\
+      if (FE_INEXACT != 0)					\
 	{							\
-	  printf (FNPFXS "to" #FSUF  " (" STRM ") inexact %d "	\
-		  "not %d\n", s, inexact_raised, !exact->FSUF);	\
-	  if (EXCEPTION_TESTS (FTYPE))				\
-	    result = 1;						\
-	  else							\
-	    printf ("ignoring this exception error\n");		\
+	  bool inexact_raised = fetestexcept (FE_INEXACT) != 0;	\
+	  if (inexact_raised != !exact->FSUF)			\
+	    {							\
+	      printf (FNPFXS "to" #FSUF				\
+		      " (" STRM ") inexact %d "			\
+		      "not %d\n", s, inexact_raised,		\
+		      !exact->FSUF);				\
+	      if (EXCEPTION_TESTS (FTYPE))			\
+		result = 1;					\
+	      else						\
+		printf ("ignoring this exception error\n");	\
+	    }							\
+	}							\
+      if (FE_OVERFLOW != 0)					\
+	{							\
+	  bool overflow_raised					\
+	    = fetestexcept (FE_OVERFLOW) != 0;			\
+	  if (overflow_raised != overflow->FSUF)		\
+	    {							\
+	      printf (FNPFXS "to" #FSUF				\
+		      " (" STRM ") overflow %d "		\
+		      "not %d\n", s, overflow_raised,		\
+		      overflow->FSUF);				\
+	      if (EXCEPTION_TESTS (FTYPE))			\
+		result = 1;					\
+	      else						\
+		printf ("ignoring this exception error\n");	\
+	    }							\
 	}							\
     }								\
 }
 
 static int
 test_in_one_mode (const CHAR *s, const struct test_results *expected,
-		  const struct test_exactness *exact, const char *mode_name,
-		  int rnd_mode)
+		    const struct test_exactness *exact,
+		    const struct test_overflow *overflow,
+		    const char *mode_name, int rnd_mode)
 {
   int result = 0;
   GEN_TEST_STRTOD_FOREACH (GEN_ONE_TEST)
@@ -252,14 +295,15 @@ do_test (void)
   for (size_t i = 0; i < sizeof (tests) / sizeof (tests[0]); i++)
     {
       result |= test_in_one_mode (tests[i].s, &tests[i].r[modes[0].rnd_i],
-				  &tests[i].exact, modes[0].mode_name,
-				  modes[0].rnd_mode);
+				  &tests[i].exact, &tests[i].o[modes[0].rnd_i],
+				  modes[0].mode_name, modes[0].rnd_mode);
       for (const struct fetestmodes *m = &modes[1]; m->mode_name != NULL; m++)
 	{
 	  if (!fesetround (m->rnd_mode))
 	    {
 	      result |= test_in_one_mode (tests[i].s, &tests[i].r[m->rnd_i],
-					  &tests[i].exact, m->mode_name,
+					  &tests[i].exact,
+					  &tests[i].o[m->rnd_i], m->mode_name,
 					  m->rnd_mode);
 	      fesetround (save_round_mode);
 	    }