ISO/IEC JTC1 SC22 WG21 N3352 = 12-0042 - 2012-01-15

Lawrence Crowl, Lawrence@Crowl.org

C++ supports integer arithmetic and floating-point arithmetic, but it does not support fixed-point arithmetic. We propose support for fixed-point arithmetic via standard library facilities.

In C and C++, the basic integer types have several problematic behaviors.

Signed integer arithmetic overflow results in undefined behavior. Pre-emptively checking for overflow is challenging and tedious, so programmers very rarely do so. As a result, most programmers simply assume it will not happen.

Unsigned integer arithmetic overflow results in well-defined behavior, but that behavior is not always desirable. Again, pre-emptively checking for overflow is challenging and tedious.

C/C++ signed integers promote to unsigned integers, which is the exact opposite of the relationship between the their mathematical analogs; (unsigned) cardinal numbers are a strict subset of (signed) integral numbers. Because of this promotion, it is difficult to prevent signed numbers from being used in places where they are not intended.

C/C++ integer ranges are platform-specific, which generally either binds programs to a platform or requires considerable care in production of portable code.

Fixed-point arithmetic is better than floating-point arithmetic in several domains.

Problems with a constrained range can use bits for resolution that would otherwise have gone to an exponent. Examples include Mandelbrot set computation and angular position.

Problems with a constrained resolution can use smaller representation than a single-precision floating-point. An example is a pixel color value.

Low-cost or low-power systems may not provide floating-point hardware. For these systems, fixed-point arithmetic provides a much higher performance alternative to software-implemented floating-point arithmetic for many problems.

The popular computing literature abounds with articles on how to use integers to implement fixed-point arithmetic. However, manually writing fixed-point arithmetic with integer arithmetic is tedious and prone to error. Direct support is desirable.

ISO/IEC TR 18037 [E] provides fixed-point support in the C programming language. However, this support is not general; only a few possible radix positions are supported. The feature is essentially limited to the digital signal processing domain.

Likewise, software implementations of fixed-point arithmetic in C and C++, e.g. libfixmath [F], are also not general as the support only a limited number of radix positions.

The programming languages Ada [A], COBOL [B], CORAL 66 [C1] [C2], JOVIAL [J], and PL/I [P] provide direct support for fixed-point arithmetic.

We propose extending the standard library to provide general purpose binary fixed-point arithmetic. We anticipate that these library components will be used for the manipulation of program data variables, and not program control variables. That is, we do not view the proposal as a replacement for index or size variables.

The design relies on generally 'safe' defaults, but with additional explicit controls to match particular application domains or to enable more efficient execution.

Our proposal requires no new hardware, and is implementable as a pure library. Indeed, much of that implementation already exists. However, some operations could be substantially faster with direct hardware support.

The fixed-point library contains four class templates.
They are `cardinal`

and `integral`

for integer arithmetic,
and `nonnegative`

and `negatable`

for fractional arithmetic.

These types have a range specified by an integer.
The range of an unsigned number `n`
is 0 <= n < 2^{g}
where `g` is the range parameter.
The range of an signed number `n`
is 2^{g} < n < 2^{g}.
Note that the range interval is half-open for unsigned numbers
and open for signed numbers.
For example,
`cardinal<8>`

has values `n`
such that 0 <= `n` < 256
and
`integral<8>`

has values `n`
such that -256 < `n` < 256.

The fractional types have a resolution specified by an integer.
The resolution of a fractional number `n`
is 2^{s},
where `s` is the resolution parameter.
For example, `negatable<8,-4>`

has values `n`
such that -256 < `n` < 256
in increments of 2^{-4} = 1/16.

Both range and resolution parameters may be either positive or negative.
The number of significant bits is `g`-`s`.
This specification enables representing
both very small and very large values
with few bits.
In any event,
the range must be greater than the resolution,
that is `g`>`s`.

The basic arithmetic operations are
addition, subtraction, multiplication and division.
When mixing operands of different template class types,
`cardinal`

types will promote to the other types, and
the other types will promote to `negatable`

type.
The effect is that unsigned fixed-point types
promote to signed fixed-point types.
There are notable exceptions.
Negation and subtraction on unsigned types yields a signed type.
Comparison across types is direct;
there is no conversion beforehand.

In general, the range and resolution of the result of basic operations are large enough to hold the mathematical results. The following table shows the range and resolution for the results of basic operations on fractional types. The $ operator returns the range parameter. The @ operator returns the resolution parameter.

operation | result range | result resolution |
---|---|---|

a+b | max($a,$b)+1 | min(@a,@b) |

a-b | max($a,$b)+1 | min(@a,@b) |

a*b | $a+$b | @a+@b |

a/b | $a-@b | @a+$b |

Overflow in template argument computation is undefined behavior. In practice, overflow is unlikely to be a significant problem because even small machines can represent numbers with thousands of bits and because compiler can diagnose overflow in template arguments.

The special case in the operations above is division, where the mathematical result may require an infinite number of bits. The actual value must be rounded to a representable value. The above resolution is sufficient to ensure that if the mathematical result is not zero, the fixed-point result is not zero. Furthermore, assuming values have an error of one-half ULP, the defined resolution is close to the error bound in the computation.

When the computation is not exact,
rounding will be to one of the two nearest representable values.
The algorithm for choosing between these values is the rounding mode.
Different applications desire different modes,
so programmers may specify the rounding mode
with a value of type `enum class round`

.
The possible values are:

`fastest`

- Speed is more important than the choice in value.
`negative`

- Round towards negative infinity. This mode is useful in interval arithmetic.
`truncated`

- Round towards zero. This mode is useful in implementing integral arithmetic.
`positive`

- Round towards positive infinity. This mode is useful in interval arithmetic.
`classic`

- Round towards the nearest value, but exactly-half values are rounded towards maximum magnitude. This mode is the standard school algorithm.
`near_even`

- Round towards the nearest value, but exactly-half values are rounded towards even values. This mode has more balance than the classic mode.
`near_odd`

- Round towards the nearest value,
but exactly-half values are rounded towards odd values.
This mode has as much balance as the
`near_even`

mode, but preserves more information.

In general, these modes get slower but more accurate working down the list.

Since the range of intermediate values grow to hold all possible values, and variables have a static range and resolution, construction and assignment may need to reduce the range and resolution. Reducing the resolution is done with a rounding mode associated with the variable. When the dynamic value exceeds the range of variable, the assignment overflows.

When an overflow does occur,
the desirable behavior depends on the application,
so programmers may specify the overflow mode
with a value of type `enum class overflow`

.
The possible values are:

`impossible`

- Programmer analysis of the program has determined that overflow cannot occur. Uses of this mode should be accompanied by an argument supporting the conclusion.
`undefined`

- Programmers are willing to accept undefined behavior in the event of an overflow.
`modulus`

- The assigned value is the dynamic value mod the range of the variable. This mode makes sense only with unsigned numbers. It is useful for angular measures.
`saturate`

- If the dynamic value exceeds the range of the variable, assign the nearest representable value.
`exception`

- If the dynamic value exceeds the range of the variable,
throw an exeception of type
`std::overflow_error`

.

In general, these modes get slower but safer working down the list.

There exists no mechanism in C++11
to specify literals for the template types above.
However, we can get close with template functions
that yield the appropriate fixed-point value
based on an template `int`

parameter.
For example, the expression `to_cardinal<24>()`

will produce a `cardinal`

constant
with a range just sufficient to hold the value 24.
Likewise, the expression `to_nonnegative<2884,-4>()`

will produce a `nonnegative`

constant
with a range and resolution just sufficient
to hold the value 2884*2^{-4}.

Consider the alpha blending of two RGBA pixels,
`a`

and `b`

.
To avoid redundancy, we will only show computation for the red color.
The algorithm is somewhat complicated
by the need to convert the [0-255] range of color representation
to the [0-1] range of color values.

```
struct pixel { cardinal<8> r, g, b, a; };
pixel blend( pixel a, pixel b ) {
constexpr scale = to_nonnegative<255,0>;
auto a_r = a.r / scale;
auto b_r = b.r / scale;
auto aia = b.a * (to_cardinal<1>() - a.a);
auto c_a = a_a + aia;
auto c_r = (a.r*a.a + b.r*aia) / c_a;
pixel c;
c.a = static_cast<nonnegative<8,0>(c_a * to_nonnegative<255,0>);
c.r = static_cast<nonnegative<8,0>(c_r * to_nonnegative<255,0>);
return c;
};
```

The template class type signatures are as follows.

```
template<
int Crng,
overflow Covf = overflow::exception
>
class cardinal;
```

```
template<
int Crng,
overflow Covf = overflow::exception
>
class integral;
```

```
template<
int Crng,
int Crsl,
round Crnd = round::nearest_odd,
overflow Covf = overflow::exception
>
class nonnegative;
```

```
template<
int Crng,
int Crsl,
round Crnd = round::nearest_odd,
overflow Covf = overflow::exception
>
class negatable;
```

operations | types | notes |
---|---|---|

default construction | all | uninitialized |

copy construction | all | identical value |

value construction | from same or lower type | value subject to overflow and/or rounding |

`v.increment<overflow>();` |
`cardinal` and `integral` |
value subject to overflow |

`-v` |
all | result is a signed type |

`!v` |
all | test for value != 0 |

`~v` |
`cardinal` |
invert bits, but still within range |

`v.scale_up<` n`>()` |
all | multiply by 2^{n}, where n>0 |

`v.scale<` n`,` r`>()` |
all | multiply by 2^{n},
apply the rounding mode when n<0 |

`v*u` |
all | multiplication |

`v.divide<round>(u)` |
`cardinal` and `integral` |
integer division with the given roundng mode |

`v.divide<round>(u)` |
`nonnegative` and `negatable` |
fractional division with the given roundng mode |

`v/u` |
`cardinal` and `integral` |
`v.divide<truncated>(u)` |

`v/u` |
`nonnegative` and `negatable` |
`v.divide<` class-specified
rounding mode`>(u)` |

`v/u` |
`nonnegative` and `negatable` |
`v.divide<` class-specified
rounding mode`>(u)` |

`v%u` |
`cardinal` and `integral` |
remainder |

`v+u` |
all | addition |

`v-u` |
all | subtraction, the result is always signed |

comparisons | all | no value promotion/conversion, all comparisons are value-based |

`v&u; v^u; v|u` |
`cardinal` |
bitwise logical operations |

`v=u; a*=b; a/=b; a%=b; a+=b; a-=b; ` |
all | (compound) assignment |

`v&=u; v^=u; v|=u;` |
`cardinal` |
bitwise logical compound assignment |

- [A]
- Ada Reference Manual, http://www.ada-auth.org/arm.html
- [B]
- ISO IEC JTC1/SC22/WG4 - COBOL, http://www.cobolstandard.info/wg4/wg4.html
- [C1]
- BS 5905:1980 Specification for computer programming language CORAL 66, October 1980, http://shop.bsigroup.com/ProductDetail/?pid=000000000000133933
- [C2]
- XGC CORAL 66 Language Reference Manual, 2001, http://www.xgc.com/manuals/xgc-c66-rm/book1.html
- [E]
- ISO/IEC TR 18037:2008: Programming languages -- C -- Extensions to support embedded processors, http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=51126
- [F]
- libfixmath: Cross Platform Fixed Point Maths Library, http://code.google.com/p/libfixmath
- [J]
- MIL-STD-1589C (USAF) JOVIAL (J73), 6 July 1984, http://www.everyspec.com/MIL-STD/MIL-STD+%281500+-+1599%29/MIL-STD-1589C_14577/
- [P]
- PL/I, Wikipedia, http://en.wikipedia.org/wiki/PL/I