![](/confluence/download/attachments/88042725/wiki_logo.gif)
Content by label
There is no content with the specified labels
Risk Assessment Summary
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|
There is no content with the specified labels
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|
6 Comments
thiago glauco sanchez
Into the Perl internals all numbers are converted to double, including integers. If you dont bother on checking the limits and precision of your code it should be interesting to activate the bignum directive:
$perl -E '
my $big_int = 18446744073709551616;
my $very_big_int = $big_int * 2; #lost of precision
say $very_big_int;'
3.68934881474191e+19
$ perl -E 'use bignum;
my $big_int = 18446744073709551616;
my $very_big_int = $big_int * 2; #Keep precision
say $very_big_int;'
36893488147419103232
It will keep integer preciosion for numbers as big as your memory can handle.
David Svoboda
Your code behaves as advertised on my 64-bit Ubuntu box.
I doubt all integers would be converted to floating-point...that would introduce lots of precision errors. See FLP02-C. Avoid using floating-point numbers when precise computation is needed for instance. On my box, only numbers or calculations that exceed 2^64 get converted.
Still, this does have interesting consequences, particularly because precision loss is not something people expect when they do integer arithmetic. Especially when people use untrusted integers...see, for instance IDS32-PL. Validate any integer that is used as an array index.
thiago glauco sanchez
People do not expect loosing precision on integer math and not use to check boundaries in dynamic languages like Perl.
David Svoboda
I created INT01-PL. Use small integers when precise computation is required in response to this conversation.
thiago glauco sanchez
>>I doubt all integers would be converted to floating point
Yea, not all integers are converted but can be converted at any time, depending on size, architecture and operators used. You see, in Perl the data type is converted dynamically.
A scalar can be a character, a string, a integer or a floating-point. So whe have to concern about the rules bellow:
decimal string --> native integer
conversion cannot be done without loss of information, the result is compatible with the conversion sequencedecimal_string --> native_floating_point --> native_integer
+
-
*
/
%
==
!=
>
<
>=
<=
and the unary operators-
abs
and--
will attempt to convert arguments to integers.**
,sin
andexp
force arguments to floating point format.So it is hard to predict when your integers will be converted to floating point format and becames harder when you write multiplataform code. The bignum directive is a good idea to overcome this process when you need very accurated data.
*native means C language type.
Hope it is usefull.
David Svoboda
Thanks for the background. INT01-PL can contain any future discussion on this topic.
On my 32-bit machine, all numbers over 2^32 get converted to floating point (I'd guess double), but on my 64-bit machine, all numbers over 2^48 get converted. So it's more complex than just what the size of C's int or long data type.
More importantly, it's not really addressed. The perlnumber page contains most of this, plus the info you cite, but nothing about numeric limits. I wouldn't be surprised if the limits have changed over different versions of Perl.