Re: LuaJIT FFI: Semantics of undefined numeric conversions (e.g. huge double to int)

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: LuaJIT FFI: Semantics of undefined numeric conversions (e.g. huge double to int)
From: Mike Pall <mikelu-1109@...>
Date: Mon, 19 Sep 2011 00:39:34 +0200

Philipp Kutin wrote:
> From reading the documentation, it looks like LuaJIT's FFI is the
> perfect tool for making engine and game functions/structures
> accessible from the scripting language, where of course only "safe"
> functions should be made visible directly (for example, those taking
> only scalar numbers).

Umm, why? If the scripts originate from the same trust domain,
there's no point in adding any restrictions. You can blow up
memory or cause a hang (not caught by hooks) just with the
standard Lua library. And if the scripts are untrusted, better
watch out -- a truly perfect sandbox for Lua is hard.

> But as far as I can see, the FFI docs don't specify what happens
> for numeric conversions that are undefined per C standard, such
> as downcasting a number greater than INT_MAX to an int.

It relies on C and/or machine code to do the conversion, so it has
the same amount of 'undefinedness'.

Actually, I can guarantee that it doesn't cause an exception. But
the result for undefined inputs is definitely platform-dependent.
It could be anything, e.g. 0, INT_MIN, INT_MAX or a random result,
depending on the input.

> So, in every "interesting" case, the out-of-range double is
> apparently converted to INT_MIN, but can I rely on this or is this a
> coincidental side-effect of the implementation?

No, you cannot rely on this. It just so happens to be the standard
behavior on x86 and x64. But I might add optimizations to the JIT
compiler that explicitly rely on the inputs being defined, which
may cause other results for out-of-range inputs.

> For example, the double to int conversion is listed as
> 
>     double -->^trunc int,
> 
> but what is "truncation" supposed to mean in this particular
> context?

Truncation means rounding towards zero: 1.5 -> 1, -1.5 -> -1

This doesn't say anything about out-of-range inputs. But at the
top of the semantics page it says that it follows the C standard
wherever possible, so out-of-range inputs are undefined.

--Mike

Follow-Ups:
- Re: LuaJIT FFI: Semantics of undefined numeric conversions (e.g. huge double to int), Philipp Kutin

References:
- LuaJIT FFI: Semantics of undefined numeric conversions (e.g. huge double to int), Philipp Kutin

Prev by Date: Re: Advice on using Lua for game scripting
Next by Date: Re: Does pulling out locals from loops improve performance?
Previous by thread: LuaJIT FFI: Semantics of undefined numeric conversions (e.g. huge double to int)
Next by thread: Re: LuaJIT FFI: Semantics of undefined numeric conversions (e.g. huge double to int)
Index(es):
- Date
- Thread