[Haskell-cafe] Strange results when trying to create large Bool
arrays.
Bryan O'Sullivan
bos at serpentine.com
Thu Jul 12 08:54:40 EDT 2007
Ketil Malde wrote:
> I'd really like to have errors on overflow, at least as an option, even
> if it is costly in terms of performance. Is there a Trac ticket or
> something for this?
Not that I know of. I filed a Trac ticket against ByteString's readInt
function before I noticed that read has the same problem, and it was
closed because read does the same thing. I've been reluctant to pop my
head over the parapet since.
CPUs generally don't trap on integer overflow, so generating the
additional tests and jumps necessary to handle this would be a bit
involved, and would certainly cost a few percent in performance.
There's also overflow in truncation and sign conversions to worry about,
e.g. Word32 -> Word16, Word32 -> Int (on 32-bit systems), etc.
On the other hand, integer overflows have long been a popular attack
vector for getting programs to misbehave in the exploit community. If
you Google for "ia32 integer overflow" or "i386 integer overflow", the
first several *pages* of results in each case consist entirely of
security advisories. Haskell's FFI makes it as vulnerable as the
libraries it interfaces to.
Here's a cute-looking paper entitled "Efficient and accurate detection
of integer-based attacks".
http://www.cs.cmu.edu/~dbrumley/pubs/integer-ndss-07.pdf
<b
More information about the Haskell-Cafe
mailing list