Engineering Software Integral types Andrei Zlate-Podani 1968 NATO - - PowerPoint PPT Presentation

engineering software
SMART_READER_LITE
LIVE PREVIEW

Engineering Software Integral types Andrei Zlate-Podani 1968 NATO - - PowerPoint PPT Presentation

Sep 10, 2022 308 likes •711 views

Engineering Software Integral types Andrei Zlate-Podani 1968 NATO Software Engineering Conference - Garmisch Projects running over-budget Projects running over-time Software was inefficient Software was of low quality

slide-1
SLIDE 1

Engineering Software

Integral types Andrei Zlate-Podani

slide-2
SLIDE 2

1968 NATO Software Engineering Conference - Garmisch

2

  • Projects running over-budget
  • Projects running over-time
  • Software was inefficient
  • Software was of low quality
  • Software often did not meet requirements
  • Projects were unmanageable and code difficult to maintain
  • Software was never delivered
slide-3
SLIDE 3

Writing software is bottom – up

3

  • Larger constructs are built by using basic operations and / or calling functions.
  • To preserve correctness it is necessary, but not sufficient, to satisfy the preconditions of the

basic operations and functions.

  • Any errors need to be detected and reported to the next layer, unless they are dealt with locally.
slide-4
SLIDE 4

Contracts

4

slide-5
SLIDE 5

Contracts – find_if_not

  • No conversion from iterator’s value type to predicate’s parameter type.
  • Assume a range of float and a predicate that takes int
  • The values in the range must be independent of the adjoining ones
  • Assume a range over an UTF-8 string
  • The meaning associated with the values must be the same in the range and in the predicate.
  • Assume that the predicate is looking values in the metric system and the range uses

imperial measures.

5

slide-6
SLIDE 6

bool

6

  • false – true + true == false
  • false XOR true OR true == true
slide-7
SLIDE 7

Characters

7

  • char distinct from signed char and unsigned char
  • wchar_t distinct type, sign and size are implementation defined
  • char16_t and char32_t are not fixed size
  • Numerical values who’s meaning is given by the encoding
  • The Unicode standard defines an N-to-1 relationship between code-points and glyphs
slide-8
SLIDE 8

Å

  • U+00C5

(latin capital letter a with ring above)

  • U+212B

(ångström symbol)

  • U+0041 U+030A

('A’ + combining ring above)

8

slide-9
SLIDE 9

9

slide-10
SLIDE 10

10

slide-11
SLIDE 11

11

slide-12
SLIDE 12

12

slide-13
SLIDE 13

13

// Insert coded character, using UTF8 or 8-bit ASCII template<int Flags> void insert_coded_character(Ch *&text, ulong code) { if (Flags & parse_no_utf8) { // Insert 8-bit ASCII character } else { // Insert UTF8 sequence

slide-14
SLIDE 14

Broken

14

slide-15
SLIDE 15

Properties for signed integers

15

  • Addition is associative – partially
  • Addition is commutative – partially for sequences
  • Multiplication is associative & commutative – yes
  • Multiplication is distributive – partially
  • Division is distributive ( (a + b) / c ) – no
  • Division is the inverse of multiplication – partially
  • Multiplication if the inverse of division – no
slide-16
SLIDE 16

Integral promotions

16

slide-17
SLIDE 17

boost::accumulators

17

slide-18
SLIDE 18

User’s guide

18

slide-19
SLIDE 19

Reference

19

slide-20
SLIDE 20

20

slide-21
SLIDE 21

What about overflow?

21

slide-22
SLIDE 22

C++17 added GCD & LCM support

22

slide-23
SLIDE 23

LCM

23

  • lcm(65537, 65539) = 262‘147
  • Actually it’s 4'295'229'443
  • r 0x1'0004'0003
  • r 33 bits
slide-24
SLIDE 24

24

slide-25
SLIDE 25

Unsafe operations

25

  • <numeric> header

reduce inner_product inclusive_scan exclusive_scan transform_reduce partial_sum transform_exclusive_scan transform_inclusive_scan adjacent_difference

  • <valarray> header

T sum();

  • perator *=
  • perator /=
  • perator +=
  • perator -=
slide-26
SLIDE 26

So how do you detect overflows?

26

  • The processor does it for you for free!
  • The standard provides

imaxdiv_t imaxdiv(intmax_t number, intmax_t denom);

  • But no add, subtract, multiply nor other division functions
  • We can use compiler extensions, write our own assembly routines or simulate the operations in

code

slide-27
SLIDE 27

Addition and subtraction

27

slide-28
SLIDE 28

Multiplication

28

slide-29
SLIDE 29

Multiplication

29

slide-30
SLIDE 30

Division

30

slide-31
SLIDE 31

31

slide-32
SLIDE 32

32

slide-33
SLIDE 33

33

slide-34
SLIDE 34

Let’s fix accumulate

34

slide-35
SLIDE 35

Haskell

35

slide-36
SLIDE 36

Concluding remarks

36

  • The standard library could help us by providing add, sub, mul and div variants
  • Abstracting away essential details leads to incorrect code and APIs. (LSP for templates)
  • It is very easy to create unusable interfaces
  • The documentation is part of the API. If any pre-condition or behavior changes, the API itself has

changed

  • We need libraries that provide reliable, safe and portable implementations and APIs
slide-37
SLIDE 37

Questions

37

  • Hacker’s Delight 2nd Ed. by Henry S. Warren, Jr., ISBN 0-321-84268-5
  • The Art of Computer Programming: Seminumerical Algorithms by Donald Knuth
  • Burnikel C., Ziegler J., “Fast Recursive Division”, MPI-I-98-1-022
  • Hansen, Per Brinch, "Multiple-Length Division Revisited: A Tour of the Minefield"
  • https://www.haskell.org/onlinereport/haskell2010/haskellch6.html#x13-1350006.4

azlatepodani@gmail.com

slide-38
SLIDE 38

Is this a realistic precondition?

38

slide-39
SLIDE 39

Bugs in the wild

39

  • CVE-2016-5223 Integer overflow in […] Google Chrome prior to 55.0.2883.75…
  • CVE-2017-14051 An integer overflow in […] the Linux kernel through 4.12.10…
  • CVE-2017-7529 Nginx versions […] are vulnerable to integer overflow…
  • CVE-2017-3738 There is an overflow bug in the AVX2 Montgomery multiplication procedure […]

OpenSSL…