Rational number limit

[erak]

Fixes #3327
Fixes #3759

[axic]

This pow should be evaluated in the const variable. Also you can use shift instead of pow for power-of-2.

[axic]

I don't think it is enough to check for the value after it has ben evaluated. It should be guessed before evaluating with pow.

One of the main problems here is the DoS vector (which is just annoying for a user, for example running the compiler in the browser).

[axic]

I don't think it is enough to check for the value after it has ben evaluated. It should be guessed before evaluating with pow.

One of the main problems here is the DoS vector (which is just annoying for a user, for example running the compiler in the browser).

[erak]

@axic I've started testing with two examples of those DoS cases and they're not hanging anymore. After the limit is reached, the function is still called, but m_value.denominator() is constant from there on and calling pow() results in the same large number.
Currently the error messages don't help to understand the issue I guess, but there might be some options for making them richer.

[chriseth]

We don't really use uint32_t explicitly in the rest of the codebase. I think I almost exclusively use size_t.

[axic]

size_t or unsigned is most common in the codebase

[chriseth]

Surplus whitespace.

[chriseth]

This can now be removed.

[chriseth]

Perhaps it would be better to re-use the same helper in all functions that compute exp for rational numbers. Just pass the base and the exponent, and it will determine if the resulting number still fits our precision.

[chriseth]

Also, if we know the base, we can better estimate the size of the resulting number.

[chriseth]

Please also add a test for bit-shifts.

[axic]

After the limit is reached, the function is still called, but m_value.denominator() is constant from there on and calling pow() results in the same large number.

For those test cases it probably is the case, however for the case of doing a very large exp, it will just "hang" or take a lot of time.

Please add such a test case too.

[axic]

Maybe useful to look at the test cases of #3348 (an earlier attempt of the same problem).

Additionally, some random notes:

• uint a = 1E1000000 ** 1E1000000;
• 100000000000E1250 = 1E1261

[ekpyron]

Indentation

[ekpyron]

Maybe log2 instead of log10?

[erak]

That was a defect ;) log10 is what I wanted but this formula calculated the number of digits and not the number of bits. I've added another formula which estimates the minimum number of bits needed.

[axic]

Does that mean it allows up to 50 decimal digits? What happens if _base + 1 is larger than 50 decimal digits?

According to boost these are also defined:

typedef number<cpp_dec_float<50> > cpp_dec_float_50;
typedef number<cpp_dec_float<100> > cpp_dec_float_100;

[erak]

@axic The precision will be reduced after creating cpp_dec_float_50 with base + 1. That means a if base has more than 50 digits, any additional digit will be represented with a zero. This does not affect the size of it.

[axic]

Can you add a test for this? Boost had some bugs where an overflow (with shifts) caused the entire value to be 0.

[ekpyron]

Why calculate digitsNeeded as an intermediate result?
You might as well just use log2 directly to get bitsNeeded instead of multiplying with log2(10) later...

log2(10) * log10(a) = log2(a)

I don't think using 10 as base has any advantage for choosing the correct way of rounding things...

What you want to have in the end is: 2 ^ 4096 - 1 >= _base^_exp or, since it's integers:
2^4096 > _base^_exp.

Hence you want log2(2^4096) > log2(_base^_exp).
Hence 4096 > _exp * log2(_base).

You only need to compensate for potential rounding error in log2(_base).

[ekpyron]

Safest thing would probably be bitsNeeded = _exp * (floor(log2(_base)) + 1).

[ekpyron]

Although you may want to treat _base <= 1 separately :-).

[ekpyron]

Also: do you only use fitsPrecision for _base >= 0? You'd probably need to treat negative _base differently...
And probably also add tests for that.

[axic]

Also needs a test for a larger base with a smaller exponent, which still exceeds the limit.

[chriseth]

Space after if

[chriseth]

Why not const&?

[chriseth]

Please add an explicit type.

[chriseth]

I think ** would be better here. Also we generally use /// ("javadoc") to document functions.

[chriseth]

Why not turn this into an assert and remove the one above?

[chriseth]

Please use an explicit type here.

[ekpyron]

OK - boost::multiprecision::msb is only introduced with boost 1.55 and trusty is still on boost 1.54 (somehow I thought it'd be at least 1.57) :-D.

I'll try to find a good workaround over the weekend.

The ci/circleci: test_x86 result Too long with no output (exceeded 10m0s) is not a good sign as well, though...

[chriseth]

@ekpyron were you able to find something? Otherwise I will pick this up later.

[ekpyron]

@chriseth I was just about to look into it. Unfortunately I think we may have to use floor(log2(...)) instead of msb again and therefore also deal with some bigfloat type... I'll check whether there's a better option.

[ekpyron]

@chriseth This now contains a workaround for boost < 1.55, which is a naive (but therefore sufficiently simple) implementation of msb. We have to keep an eye on the running times of the tests, though.

[ekpyron]

Now the ci/circleci: test_x86 test works again as well and doesn't seem to take longer than before the PR - not sure what the problem was before...