OT: PHP 32 bit numbers security issue

OT: PHP 32 bit numbers security issue

Nadav Har'El nyh at math.technion.ac.il
Thu Jan 6 00:31:50 IST 2011 

On Wed, Jan 05, 2011, Uri Even-Chen wrote about "Re: OT: PHP 32 bit numbers security issue":
>But I think programming languages should be more friendly, and always convert
> numbers to the best representation, or report overflow cases. In the past,
> speed and memory were more important than today. Today, graphics and video
> take a lot of resources, so mathematical calculations can be slower and more
> accurate - multiplying two numbers with 1024 bits each is much faster than
> what is used to be 20 or 30 years ago.

It is pointless to make such generalizations, that speed of numeric
calculation is no longer important. Many applications, including video
encoding/decoding, games, and much more, basically do calculations in a
tight loop, and they simply don't need 1024 bits (let alone unlimited)
precision. They want to have a certain precision, and perform calculations
fast and with low energy requirements.

What I do agree with you, though, is that there is no longer a reason why
modern languages should not have built-in unlimited precision integers
("bigints") as an *option* in addition to the regular faster types like
"int", "long", etc. Once upon a time, adding a "bigint" library to a
language meant that the compiler was bigger, the library was bigger, and
the book was thicker. With todays gigantic software, nobody cares about
these things any more.

The question of unlimited precision real numbers (aka "floating point")
is more complicated - how will you represent simple fractions (like 1/3)
whose base-10 expansion is infinite? What will you do about results of
math functions (e.g., log(), sin(), sqrt() etc.) that are irrational?
Will your number system also start supporting simple fractions and symbolic
formulas to retain the perfect precision for as long as possible? Pretty
soon you'll end up with Matematica (http://en.wikipedia.org/wiki/Mathematica)..
I think a more sensible approach for real numbers is something like what
"bc" does, i.e., support an arbitrary, but pre-determined, precision.


-- 
Nadav Har'El                        |     Thursday, Jan  6 2011, 1 Shevat 5771
nyh at math.technion.ac.il             |-----------------------------------------
Phone +972-523-790466, ICQ 13349191 |Seen on the back of a dump truck:
http://nadav.harel.org.il           |<---PASSING SIDE . . . . . SUICIDE--->

More information about the Linux-il mailing list