OT: PHP 32 bit numbers security issue
Uri Even-Chen
uri at speedy.net
Wed Jan 5 20:43:55 IST 2011
2011/1/5 Michael Tewner <tewner at gmail.com>:
>
>
> 2011/1/5 shimi <linux-il at shimi.net>
>>
>> On Wed, Jan 5, 2011 at 1:52 PM, shimi <linux-il at shimi.net> wrote:
>>>
>>> It has something to do with the precision attempting algorithm of
>>> floating point numbers, and the way it is done on fpu87 in 32bit processors.
>>> It tries to get close to the number below a certain point which is
>>> impossible, and the algorithm does not check to see if it is not actually
>>> progressing in getting closer to the minimal precision error. Hence it's an
>>> infinite loop.
>>>
>>> Compiling with -mfpmath=sse will also solve the problem.
>>>
>>
>> And a more thorough explanation:
>>
>> http://gcc.gnu.org/bugzilla/show_bug.cgi?id=323#c109
>>
>> -- Shimi
>>
>
> Hi all -
> A really great paper concerning floating point representation can be found
> at http://docs.sun.com/source/806-3568/ncg_goldberg.html -
>
> What Every Computer Scientist Should Know About Floating-Point Arithmetic
>
> -Mike
It's a little too long for me to read. Also, isn't there anything new
since March 1991?
Speaking about numbers, I noticed that when programming in Java, I
don't get any exception when the expression I want to calculate
overflows the number representation. For example if I calculate 10000
* 10000 * 10000, then I get some strange number without any exception.
This is of course a serious bug. Of course I can do 10000L * 10000L
* 10000L, or 10000.0 * 10000.0 * 10000.0, but I would expect the
compiler at least to throw an exception, or better - to use long
integers in this case. This is related to what I previously wrote
about numbers - I think compliers and calculators should do their best
to represent numbers as accurate as possible and as big (or small) as
possible, without bothering the user or programmer with the bit-to-bit
details of the number representation. The size of the number (in
bits) or speed are less important, what's more important is the
accuracy and size of the number. At least there should be an option,
when calculating real numbers, to use better accuracy than the
floating point "double", which is only 64 bits long. One should be
able to select the number of bits used for accuracy, and the number of
bits of the exponent. For example - 1024 bits for accuracy + 32 bits
for the exponent.
Uri Even-Chen
Mobile Phone: +972-50-9007559
E-mail: uri at speedy.net
Website: http://www.speedy.net/
More information about the Linux-il
mailing list