Skip to content

fix: guard mul() exponent-sum overflow, surface as ExponentOverflow#244

Open
thedavidmeister wants to merge 6 commits into
mainfrom
2026-06-17-issue-239-pow-panic-exponent-overflow
Open

fix: guard mul() exponent-sum overflow, surface as ExponentOverflow#244
thedavidmeister wants to merge 6 commits into
mainfrom
2026-06-17-issue-239-pow-panic-exponent-overflow

Conversation

@thedavidmeister

Copy link
Copy Markdown
Contributor

Summary

  • pow with very large or very negative integer exponents uses exponentiation-by-squaring, which repeatedly squares the base. When the base exponent is extreme, repeated doubling drives it past int256 bounds, causing a checked addition in mul() to panic with Panic(0x11) instead of the expected ExponentOverflow.
  • Fixed by adding an exact overflow guard to mul(): checks that exponentA + exponentB itself would overflow before performing the addition. The previous approach (checking each operand against EXPONENT_MAX individually) was too broad — opposite-sign pairs can never overflow int256, but the div round-trip tests pass exponents of opposite signs (one near type(int256).max, the other type(int256).min) whose sum is safely near zero.
  • New test testPowNegativeExponentSquaringPanic pins the exact revert args for the negative-exponent squaring-loop case.
  • Updated deploy constants and ABI artifact for the implementation bytecode change. Deploy needs manual trigger before testProdDeployment* will pass: gh workflow run manual-sol-artifacts.yaml --repo rainlanguage/rain.math.float --ref 2026-06-17-issue-239-pow-panic-exponent-overflow -f suite=decimal-float

Closes #239

Test plan

  • testPowNegativeExponentSquaringPanic passes (ExponentOverflow instead of Panic)
  • testPowIntegerExponentSquaringOverflow still passes (unchanged error path)
  • All div round-trip tests pass (testDivAdjustExponent*)
  • testArtifactsCommitted passes
  • testDeployAddress / testExpectedCodeHashDecimalFloat pass
  • Full fuzz suite passes (testRoundTripFuzzPow)
  • Deploy triggered manually → testProdDeployment* passes

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

Previously, when `pow` used exponentiation-by-squaring with a very large
or very negative exponent, repeated squaring of the base could drive the
base exponent beyond int256 range, causing a checked addition to panic
with Panic(0x11) instead of surfacing the domain-level ExponentOverflow.

Added an exact overflow guard to `mul()`: the addition `exponentA + exponentB`
overflows int256 only when both operands share the same sign and their sum
exceeds int256 bounds. Opposite-sign pairs can never overflow, so the
previous per-operand EXPONENT_MAX check was too broad (it incorrectly
fired in div round-trip tests where exponents of opposite signs combined
safely).

Pins `testPowNegativeExponentSquaringPanic` to the exact args, updates
deploy constants and ABI artifact for the implementation change.

Closes #239

Co-Authored-By: Claude <noreply@anthropic.com>
@thedavidmeister thedavidmeister self-assigned this Jun 17, 2026
@coderabbitai

coderabbitai Bot commented Jun 17, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@thedavidmeister, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 55 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 3545ae4d-e3b7-4621-8f8f-88106eff54bc

📥 Commits

Reviewing files that changed from the base of the PR and between 774ed07 and 312d427.

📒 Files selected for processing (4)
  • crates/float/abi/DecimalFloat.json
  • src/lib/deploy/LibDecimalFloatDeploy.sol
  • src/lib/implementation/LibDecimalFloatImplementation.sol
  • test/src/lib/LibDecimalFloat.pow.t.sol
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch 2026-06-17-issue-239-pow-panic-exponent-overflow

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

thedavidmeister and others added 5 commits June 21, 2026 01:30
…ce (bytecode changed by mul() exponent-sum overflow fix)
Previous 3b-attempt used wrong jq filter (missing deployedBytecode, had
linkReferences). CopyArtifacts.sol uses:
{abi, bytecode: {object:.bytecode.object}, deployedBytecode: {object:.deployedBytecode.object}}

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
ZOLTU_DEPLOYED_DECIMAL_FLOAT_ADDRESS and DECIMAL_FLOAT_CONTRACT_HASH are
now set to the values computed from this PR's bytecode (mul() exponent-sum
overflow fix changes source). Computed by testDeployAddress failure output:
address: 0xAEBcD4963d328b83f28c5BFDD6C3e6B1692F01fC
hash: 0x73f226457d40a7eada41cb774ac4d7736f00bd0e7cb902a6be0ff6c092ca4426

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

pow: negative-exponent squaring loop reverts Panic(0x11) instead of ExponentOverflow

1 participant