...
This compliant solution ensures that the loop counter computation involves numbers less than 2<superscript>24</superscript>
(248 (that is, 281,474,976,710,656).
Code Block | ||||
---|---|---|---|---|
| ||||
my $x = 10000000000000000; # 1e+16 for (my $y = 0; $y <= 5; $y += 1) { my $z = $x + $y; print "$z\n"; } |
...
1e+16
1e+16
1e+16
1e+16
1e+16
1e+16
Compliant Solution
This compliant solution uses the Bignum module to ensure precise computation. The Bignum module is available in CPAN, but became part of Perl's standard library for version 5.8.
Code Block | ||||
---|---|---|---|---|
| ||||
use bignum;
my $x = 10000000000000000; # 1e+16
for (my $y = $x; $y <= $x + 5; $y += 1) {
print "$y\n";
}
|
On a 32-bit machine, this program terminates normally after printing the following:
10000000000000000
10000000000000001
10000000000000002
10000000000000003
10000000000000004
10000000000000005
Risk Assessment
Failing to understand the limitations of floating-point numbers can result in unexpected computational results and exceptional conditions, possibly resulting in a violation of data integrity.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
INT01-PL | medium | probable | high | P4 | L3 |
Bibliography
[Gough 2005] | Section 8.6, "Floating-point issues" |
[IEEE 754 2006] | |
[CPAN] | Florian Ragwitz, bignum |
[Meta CPAN] | perlnumber |
...