New beta build, 7.8.316:
http://pike.ida.liu.se/pub/pike/beta/7.8.316/Pike-v7.8.316.tar.gz
Windows build:
http://pike.ida.liu.se/pub/pike/beta/7.8.316/Pike-v7.8.316-win32.msi http://pike.ida.liu.se/pub/pike/beta/7.8.316/Pike-v7.8.316-win32.info
(untested)
If there are no valid protests I plan to release this this tomorrow.
That doesn't make it any better, though. The reason is this commit by srb:
revision 1.241 date: 2008/08/26 18:34:44; author: srb; state: Exp; lines: +32 -22 Fix buffer overflows when converting Pike floats to stringformat.
@@ -1609,7 +1618,8 @@ goto append_buffer;
case T_FLOAT: - sprintf(buffer,"%"PRINTPIKEFLOAT"f",sp[e].u.float_number); + sprintf(buffer,"%.*"PRINTPIKEFLOAT"g", + MAX_FLOAT_PREC_LEN, sp[e].u.float_number); #ifdef PIKE_DEBUG if (strlen (buffer) > MAX_FLOAT_SPRINTF_LEN) Pike_fatal ("Formatted float %s is %"PRINTSIZET"u, "
The intention is not bad - using the "f" specifier with a big exponent produces a very long string of digits. However, "g" happily removes all trailing zeroes, and also the decimal point if possible.
Indeed it's not a regression since the previous release, but I think it still should block a new one since the problem is severe enough that - given the expected speed of releases - waiting for the next one would be unfortunate.
Anyway, a fix is committed.
It's a lot better than something that translates to 0, in my opinion. At least (float)(string)x gives back approximately the same result now, as well as the string not being really really long for large numbers.
It's bad because the decimal dot disappears so that the result can be taken for an integer. Otherwise I don't have any issue with the "e" format, and my fix just ensures that there's a dot in it:
(string) 1.0;
(1) Result: "1.0"
I think however it'd be nice to tune down the number of displayed digits a bit (MAX_FLOAT_PREC_LEN) so that the binary/decimal conversion errors get rounded off.
I agree, I just think that actual representation of the number is better, and should have a higher priority than a decimal dot not to misinterpret it as an integer.
Adding ".0" to the number if it's missing should be easy enough, so there isn't any reason not to have both, is there?
Indeed, and that's exactly what the fix does:
sprintf(buf,"%.*"PRINTPIKEFLOAT"g", MAX_FLOAT_PREC_LEN, sp[-1].u.float_number); /* Ensure that a decimal point gets printed, since "g" removes it * completely if only zeroes would follow. Don't need to check for * an 'e', since if that is printed then "g" behaved like the "e" * format, and it always prints a '.' if the precision isn't * zero. */ if (!strchr (buf, '.')) strcat (buf, ".0");
You're right. I put too must trust in that the man page would be accurate. It is quite hard to trig that problem with the high precision used there though, but I fixed it anyway.
After some consideration and consulting I've decided it doesn't. We keep postponing releases for non-regressions which ultimately gives us these extremely long beta periods.
7.8.316 is going out as a release shortly. The next release will be in August.
I would've preferred a dist that supported Nettle 2.x, since that is starting to appear in some distributions.
yeah, but that is some work that needs testing. if the next release is aimed for next month then that's early enough (if someone picks it up and gets it to work by then.)
greetings, martin.
Your Nettle 2 changes was the thing that made sure I didn't make a new dist from HEAD. They bring a hole new list of potential breakage in their very nature. I'm OK with breaking new dists* for a month as long as I don't have to check that it works with all old dists right now.
* I assume "some distributions" can be instanciated to "Gentoo"?
Even more reason not to change anything to 7.8 and work on getting a 7.10 out as soon as possible with changes like that.
What changes? The changes between Nettle 1.15 and 2.0 are minimal (but cause compilation failures).
The main incompatible change is that a few typedefs went from function pointers to functions, which is trivial to detect in configure if you know about it...
Switching out a whole package in the bundle seems very major to me, even if it's supposed to be compatible. Allowing the new Pike to *compile* with both seems like a good idea though.
But seriously, can't we rather work on having a pike release say twice a year rather then adding all the changes and features as patches to a (obviously) released pike?
I haven't talked about switching out the bundle, what I'm talking about is supporting using a pre-installed Nettle 2.0.
We do have releases twice a year. That is sort of the problem. It should be more often.
Pike 7.10, probably aka Pike 8 is way off in the future. 7.8 is going to be maintained and features will be added for the foreseeable future.
I think there will be a 7.10 before 8.0.
Provided the multi-cpu project actually gets underway, it will probably start with a fairly big refactoring of the header files. The main reason is that a partly new API is necessary to track pointer assignments and to allow for the required changes in refcounting, but of course we'll probably take the opportunity to clean up the macro mess and lots of other old cruft. The plan is to do this work in 7.9, i.e. it will be part of 7.10.
When that is done, the actual multi-cpu development can start, without requiring further API changes in C modules etc. That branch would then become 8.0.
There are several reasons for this split: 1) Allow for gradual migration of C modules - in 7.9/7.10 they can work with both the old and the new API. 2) Split up the instability - both the refactoring and the multi-cpu changes will introduce bugs, and it's good to be able to separate them a bit. 3) To insulate other development from the multi-cpu mess better. 4) To be able to compare performance between the multi-cpu branch and the old one with minimal code differences.
I'd have a serious issue with that decision if I had to use a dist, but my own interests don't get hampered very much since we at Roxen build from cvs anyway.
If you had to use a dist, then you would not have wanted a dist to be made? I think making the dist was the correct decision. We can make a new dist in a few weeks.
o The regression from 7.6 is pretty bad. It's therefore fairly important that a fix gets out before 7.8 use gets even more spread.
o The fact that the bug was in the previous 7.8 build, so that it isn't a regression from that build, is mostly irrelevant compared to the above.
o The fix was already committed (with testsuite tests) well in advance of the final release date. 7.8.324 would have contained it and still be without the Nettle 2.0 stuff. It could have been released instead.
o The release has been held up for much more petty stuff than this. Sure, it's good to put down the foot at some point to get it done, but that was an ill-chosen time to do it.
o The regression from 7.6 is pretty bad. It's therefore fairly important that a fix gets out before 7.8 use gets even more spread.
This only says that a fix should be released soon. The options now was either
A) Release 7.8.316 now, and 7.8.X later with the fix B) Don't release 7.8.316, and 7.8.X later with the fix
Not releasing 7.8.316 does not make 7.8.X ready for release any sooner.
o The fix was already committed (with testsuite tests) well in advance of the final release date. 7.8.324 would have contained it and still be without the Nettle 2.0 stuff. It could have been released instead.
No. 7.8.324 has not undergone beta testing. When 7.8.324 has been beta-tested, it can be released. Releasing 7.8.316 does not limit the possibility to do so.
o The release has been held up for much more petty stuff than this.
Which is bad. Two wrongs don't make a right.
Not releasing 7.8.316 does not make 7.8.X ready for release any sooner.
Maybe not in some pure theoretical world, but in the real world it does. There it'd be closer to this:
A) Release 7.8.316 without the fix on July 6th and then a new version with it in the August - October timeframe (realistictly speaking). B) Release 7.8.324 with the fix around July 13th (allowing for one extra week of "beta testing").
Btw, what does "beta testing" mean in practice besides the urge on the mailing list to test it? Are there many here who actually test such releases in some special way? (Personally I don't, but otoh I generally use cvs-fresh versions in my daily work, so I test it continuously.)
No, a 7.8.324 release around July 13:th was not possible, due to releng (ZinO) going away to Dalarna. I'll let him answer on his requirements for a beta-test phase when he gets back.
It was releasing what we had on that day or wait 3+ weeks since I'm on vacation and away from any Windows building/testing capabilities.
pike-devel@lists.lysator.liu.se
-
Henrik Grubbstr�m (Lysator) @ Pike (-) developers forum -
Marcus Comstedt (ACROSS) (Hail Ilpalazzo!) @ Pike (-) developers forum
-
Martin Bähr -
Martin Nilsson (Opera Mini - AFK!) @ Pike (-) developers forum
-
Martin Stjernholm, Roxen IS @ Pike developers forum
-
Mirar @ Pike developers forum
-
Peter Bortas @ Pike developers forum