overflow protections

[thedavidmeister]

Motivation

Solution

Checks

By submitting this for review, I'm confirming I've done the following:

• made this PR as small as possible
• unit-tested any new functionality
• linked any relevant issues or PRs
• included screenshots (if this involves a front-end change)

Summary by CodeRabbit

• New Features

  • None.

• Bug Fixes

  • Added overflow protection in decimal arithmetic to prevent rare edge-case failures with extreme values.

• Refactor

  • Reorganized numeric routines and lookup logic for clearer, more maintainable control flow while preserving external behavior.

• Tests

  • Added targeted tests covering the new overflow guard and related arithmetic scenarios.

• Chores

  • Updated gas and performance snapshots; no public API changes.

[coderabbitai]

Walkthrough

Refactors internal control flow in LibDecimalFloatImplementation.sol for add, log10, and pow10, introduces an exponent overflow guard in add, and adds two test helpers. Also updates gas/metric snapshot numbers only. No public signatures or data structures changed.

Changes

Cohort / File(s)	Summary
Gas/Metric Snapshots .gas-snapshot	Updated per-test and per-function gas and execution-time snapshot metrics (numeric changes only).
Decimal Float Impl Refactor src/lib/implementation/LibDecimalFloatImplementation.sol	add: added explicit guard that reverts when exponentA == int256.max and switched increment style; restructured overflow handling. log10/pow10: removed large unchecked blocks, reorganized control flow into explicit scopes, inlined an assembly-based lookup helper for table lookups, preserved lookup/interpolation semantics; no public API changes.
Tests — add test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol	Added addExternal(...) helper and testAddRevertMaxA() to exercise the new exponent overflow guard.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant C as Caller
  participant L as LibDecimalFloatImplementation.add
  Note over L: add overflow handling (new guard)
  C->>L: add(a, b)
  alt coefficient addition overflows
    alt exponentA == int256.max
      L-->>C: revert ExponentOverflow(signedCoefficientA, exponentA)
    else exponentA < int256.max
      L->>L: exponentA++ (adjust exponent)
      L->>L: combine adjusted coefficients
      L-->>C: return normalized result
    end
  else no overflow
    L-->>C: return result
  end

Loading

sequenceDiagram
  autonumber
  participant C as Caller
  participant Lg as LibDecimalFloatImplementation.log10
  participant Lt as LookupTable (inline asm)
  Note over Lg: log10 positive path with inlined lookup
  C->>Lg: log10(x)
  alt x == 0 or x < 0
    Lg-->>C: zero/negative handling (inv/log10 variants)
  else positive
    Lg->>Lg: normalize/maximize
    alt exact power of 10
      Lg-->>C: return exact exponent
    else interpolate
      Lg->>Lt: table lookup (inline asm)
      Lt-->>Lg: table values/indices
      Lg->>Lg: interpolate and finalize
      Lg-->>C: result
    end
  end

Loading

sequenceDiagram
  autonumber
  participant C as Caller
  participant P as LibDecimalFloatImplementation.pow10
  participant Lt as LookupTable (inline)
  Note over P: pow10 uses table or interpolation
  C->>P: pow10(e)
  alt e within precomputed table
    P->>Lt: lookup
    Lt-->>P: value
    P-->>C: result
  else interpolate
    P->>Lt: bounds lookup
    Lt-->>P: neighbors
    P->>P: interpolate/compose value
    P-->>C: result
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• 2025 08 13 maximize moar #99: Edits around maximize/add logic; overlaps with the new add overflow guard and exponent handling.
• 2025 08 27 log10 #115: Refactors log10/pow10 and exponent normalization; aligns with the control-flow and lookup changes here.
• loosen check pow 10 test #110: Changes affecting pow10/log10 behavior and tests; related to the table/interpolation adjustments.

Suggested reviewers

• hardyjosh

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "overflow protections" is directly related to the primary change in the diff which adds an exponent overflow guard in LibDecimalFloatImplementation.add and includes a test for the overflow case; the snapshots and refactorings in log10/pow10 are secondary and do not contradict the title. The title is concise and not misleading about the PR's intent, though it is somewhat broad. Given the changeset and objectives, the title accurately captures the main functional change.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 2025-09-20-overflow-protection

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f8a365f and 0ea4003.

📒 Files selected for processing (1)

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol (3 hunks)

🧰 Additional context used

🧠 Learnings (9)

📓 Common learnings

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#99
File: src/lib/implementation/LibDecimalFloatImplementation.sol:309-325
Timestamp: 2025-08-14T16:32:05.932Z
Learning: In the rainlanguage/rain.math.float repository, maintainer thedavidmeister prefers to keep assembly-based overflow checks inline for gas optimization rather than extracting them into helper functions, even when it results in code duplication.

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#130
File: src/lib/implementation/LibDecimalFloatImplementation.sol:320-330
Timestamp: 2025-09-09T15:11:31.003Z
Learning: In LibDecimalFloatImplementation.sol div function, returning zero when underflowExponentBy > 76 is intentional "non-error underflow" behavior rather than reverting. This graceful handling is the main goal of the changes.

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#115
File: src/lib/implementation/LibDecimalFloatImplementation.sol:593-601
Timestamp: 2025-08-29T10:38:26.353Z
Learning: The maximize function in LibDecimalFloatImplementation.sol produces exact results for simple integer values like 1. maximize(1, 0) yields exactly (1e76, -76) with no precision loss, and the log10 special case for signedCoefficient == 1e76 correctly handles this.

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#107
File: test/lib/LibDecimalFloatSlow.sol:37-45
Timestamp: 2025-08-21T18:03:40.347Z
Learning: In test/lib/LibDecimalFloatSlow.sol, the "slow" implementation is intentionally different from the production implementation to serve as an independent reference for fuzzing tests. The goal is to have two different approaches (expensive loops vs optimized jumps) that produce equivalent results, not identical implementations.

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#115
File: src/lib/implementation/LibDecimalFloatImplementation.sol:593-601
Timestamp: 2025-08-29T10:38:26.353Z
Learning: In Solidity, int256(1) when passed through the maximize function in LibDecimalFloatImplementation.sol produces exactly (1e76, -76), not an approximation. This means the special case for signedCoefficient == 1e76 in log10 correctly handles powers of 10 like log10(1).

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#115
File: test/src/lib/LibDecimalFloat.decimal.t.sol:122-126
Timestamp: 2025-08-29T14:54:24.240Z
Learning: In test/src/lib/LibDecimalFloat.decimal.t.sol, the fromFixedDecimalLossy function converts uint256(type(int256).max) losslessly because the boundary check is `value > uint256(type(int256).max)`, not `>=`. Values exactly equal to type(int256).max still take the lossless conversion path.

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#115
File: test/src/lib/LibDecimalFloat.decimal.t.sol:122-126
Timestamp: 2025-08-29T14:54:24.240Z
Learning: In test/src/lib/LibDecimalFloat.decimal.t.sol, the fromFixedDecimalLossy function converts uint256(type(int256).max) losslessly because the boundary check is `value > uint256(type(int256).max)`, not `>=`. Values exactly equal to type(int256).max still take the lossless conversion path.

📚 Learning: 2025-09-09T15:11:31.003Z

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#130
File: src/lib/implementation/LibDecimalFloatImplementation.sol:320-330
Timestamp: 2025-09-09T15:11:31.003Z
Learning: In LibDecimalFloatImplementation.sol div function, returning zero when underflowExponentBy > 76 is intentional "non-error underflow" behavior rather than reverting. This graceful handling is the main goal of the changes.

Applied to files:

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol

📚 Learning: 2025-08-29T14:54:24.240Z

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#115
File: test/src/lib/LibDecimalFloat.decimal.t.sol:122-126
Timestamp: 2025-08-29T14:54:24.240Z
Learning: In test/src/lib/LibDecimalFloat.decimal.t.sol, the fromFixedDecimalLossy function converts uint256(type(int256).max) losslessly because the boundary check is `value > uint256(type(int256).max)`, not `>=`. Values exactly equal to type(int256).max still take the lossless conversion path.

Applied to files:

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol

📚 Learning: 2025-08-21T18:03:40.347Z

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#107
File: test/lib/LibDecimalFloatSlow.sol:37-45
Timestamp: 2025-08-21T18:03:40.347Z
Learning: In test/lib/LibDecimalFloatSlow.sol, the "slow" implementation is intentionally different from the production implementation to serve as an independent reference for fuzzing tests. The goal is to have two different approaches (expensive loops vs optimized jumps) that produce equivalent results, not identical implementations.

Applied to files:

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol

📚 Learning: 2025-08-29T10:38:26.353Z

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#115
File: src/lib/implementation/LibDecimalFloatImplementation.sol:593-601
Timestamp: 2025-08-29T10:38:26.353Z
Learning: The maximize function in LibDecimalFloatImplementation.sol produces exact results for simple integer values like 1. maximize(1, 0) yields exactly (1e76, -76) with no precision loss, and the log10 special case for signedCoefficient == 1e76 correctly handles this.

Applied to files:

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol

📚 Learning: 2025-08-29T10:38:26.353Z

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#115
File: src/lib/implementation/LibDecimalFloatImplementation.sol:593-601
Timestamp: 2025-08-29T10:38:26.353Z
Learning: In Solidity, int256(1) when passed through the maximize function in LibDecimalFloatImplementation.sol produces exactly (1e76, -76), not an approximation. This means the special case for signedCoefficient == 1e76 in log10 correctly handles powers of 10 like log10(1).

Applied to files:

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol

📚 Learning: 2025-08-29T14:58:50.500Z

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#115
File: src/lib/implementation/LibDecimalFloatImplementation.sol:896-899
Timestamp: 2025-08-29T14:58:50.500Z
Learning: In unchecked Solidity blocks, arithmetic operations can overflow/underflow and wrap around, so bounds checks that seem "impossible" for normal arithmetic may actually be necessary to catch overflow edge cases. For example, in withTargetExponent function, the check `exponentDiff < 0` is needed because `targetExponent - exponent` could underflow in unchecked arithmetic.

Applied to files:

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol

📚 Learning: 2025-09-02T09:33:32.513Z

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#119
File: test/src/lib/format/LibFormatDecimalFloat.toDecimalString.t.sol:174-175
Timestamp: 2025-09-02T09:33:32.513Z
Learning: The LibFormatDecimalFloat.toDecimalString function in src/lib/format/LibFormatDecimalFloat.sol does not include rounding logic. It formats decimal floats as-is without rounding values based on significant figures limits.

Applied to files:

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol

📚 Learning: 2025-08-26T12:49:02.313Z

Learnt from: thedavidmeister
PR: rainlanguage/rain.math.float#107
File: src/lib/implementation/LibDecimalFloatImplementation.sol:282-289
Timestamp: 2025-08-26T12:49:02.313Z
Learning: In Solidity 0.8+, arithmetic operations outside unchecked blocks automatically revert on overflow/underflow, so manual overflow checks are redundant and should be avoided for gas efficiency.

Applied to files:

• test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (9)

• GitHub Check: rainix (ubuntu-latest, rainix-rs-static)
• GitHub Check: rainix (ubuntu-latest, rainix-sol-static)
• GitHub Check: git-clean
• GitHub Check: rainix (ubuntu-latest, rainix-sol-test)
• GitHub Check: rainix (ubuntu-latest, test-wasm-build)
• GitHub Check: rainix (ubuntu-latest, rainix-sol-legal)
• GitHub Check: rainix (macos-latest, rainix-sol-legal)
• GitHub Check: rainix (macos-latest, rainix-rs-test)
• GitHub Check: rainix (ubuntu-latest, rainix-rs-test)

🔇 Additional comments (1)

test/src/lib/implementation/LibDecimalFloatImplementation.add.t.sol (1)

5-11: LGTM — ExponentOverflow import and selector check verified.

Defined as error ExponentOverflow(int256 signedCoefficient, int256 exponent) in src/error/ErrDecimalFloat.sol, so the test's selector/arity (two int256 args) is correct.

[github-actions]

@coderabbitai assess this PR size classification for the totality of the PR with the following criterias and report it in your comment:

S/M/L PR Classification Guidelines:

This guide helps classify merged pull requests by effort and complexity rather than just line count. The goal is to assess the difficulty and scope of changes after they have been completed.

Small (S)

Characteristics:

• Simple bug fixes, typos, or minor refactoring
• Single-purpose changes affecting 1-2 files
• Documentation updates
• Configuration tweaks
• Changes that require minimal context to review

Review Effort: Would have taken 5-10 minutes

Examples:

• Fix typo in variable name
• Update README with new instructions
• Adjust configuration values
• Simple one-line bug fixes
• Import statement cleanup

Medium (M)

Characteristics:

• Feature additions or enhancements
• Refactoring that touches multiple files but maintains existing behavior
• Breaking changes with backward compatibility
• Changes requiring some domain knowledge to review

Review Effort: Would have taken 15-30 minutes

Examples:

• Add new feature or component
• Refactor common utility functions
• Update dependencies with minor breaking changes
• Add new component with tests
• Performance optimizations
• More complex bug fixes

Large (L)

Characteristics:

• Major feature implementations
• Breaking changes or API redesigns
• Complex refactoring across multiple modules
• New architectural patterns or significant design changes
• Changes requiring deep context and multiple review rounds

Review Effort: Would have taken 45+ minutes

Examples:

• Complete new feature with frontend/backend changes
• Protocol upgrades or breaking changes
• Major architectural refactoring
• Framework or technology upgrades

Additional Factors to Consider

When deciding between sizes, also consider:

• Test coverage impact: More comprehensive test changes lean toward larger classification
• Risk level: Changes to critical systems bump up a size category
• Team familiarity: Novel patterns or technologies increase complexity

Notes:

• the assessment must be for the totality of the PR, that means comparing the base branch to the last commit of the PR
• the assessment output must be exactly one of: S, M or L (single-line comment) in format of: SIZE={S/M/L}
• do not include any additional text, only the size classification
• your assessment comment must not include tips or additional sections
• do NOT tag me or anyone else on your comment