[Proposal] Warn about the loss of precision in hex literals

Emit an E_COMPILE_WARNING if these are seen.  (See #4758)
due to concerns about being unsafe to handle in user-space.)

- E_COMPILE_WARNING is also emitted for "Octal escape sequence overflow"
  but it's been long enough to consider changing that. See GH-4758.
- Making this proposal suddenly a ParseError in php 8.1 seems too soon.

TODO: Warn for octal and binary literals as well.

I expect this to behave the same on 32-bit and 64-bit builds
(floats are 64 bits on both)

For example,
`0xffff_ffff_ffff_f400` overflows and becomes the **float**
`0xffff_ffff_ffff_f000`. This will warn about that.

Instead of using `0xffff_ffff_ffff_f400` with binary bitwise operands,
most code should use the signed 64-bit int `~0xbff`.

Author: TysonAndre

Zend/tests/hex_overflow_number.phpt

@@ -0,0 +1,23 @@
+--TEST--
+Hex overflow in numeric literal warning
+--FILE--
+<?php
+var_dump(eval('return 0xffff_ffff_ffff_f800;'));
+var_dump(eval('return 0xffff_ffff_ffff_fa00;'));
+var_dump(eval('return 0xffff_ffff_ffff_fb00;'));
+var_dump(eval('return 0xffff_ffff_ffff_ffff;'));
+var_dump(eval('return 0x1_ffff_ffff_ffff_ffff;'));
+--EXPECTF--
+float(1.844674407370955E+19)
+
+Warning: Saw imprecise float hex literal - the last 2 non-zero bits were truncated in %shex_overflow_number.php(3) : eval()'d code on line 1
+float(1.844674407370955E+19)
+
+Warning: Saw imprecise float hex literal - the last 3 non-zero bits were truncated in %shex_overflow_number.php(4) : eval()'d code on line 1
+float(1.844674407370955E+19)
+
+Warning: Saw imprecise float hex literal - the last 11 non-zero bits were truncated in %shex_overflow_number.php(5) : eval()'d code on line 1
+float(1.8446744073709552E+19)
+
+Warning: Saw imprecise float hex literal - the last 12 non-zero bits were truncated in %shex_overflow_number.php(6) : eval()'d code on line 1
+float(3.6893488147419103E+19)

Zend/zend_language_scanner.l

@@ -135,6 +135,45 @@ static void strip_underscores(char *str, size_t *len)
 	*dest = '\0';
 }
 
+/* Get the number of bits in the representation of a hex literal. Precondition: *str represents a non-zero number that overflowed an int. */
+static int bits_in_hex_representation(const char *str, size_t len)
+{
+	size_t bits = len * 4;
+	const char *end = str + len - 1;
+	int last_digit;
+	while (*end == '0') {
+		bits -= 4;
+		end--;
+		ZEND_ASSERT(end >= str);
+	}
+	if ('0' <= *end && *end <= '9') {
+		last_digit = *end - '0';
+	} else if ('a' <= *end && *end <= 'f') {
+		last_digit = *end - 'a' + 10;
+	} else {
+		ZEND_ASSERT('A' <= *end && *end <= 'F');
+		last_digit = *end - 'A' + 10;
+	}
+	if ((last_digit & 1) == 0) {
+		bits--;
+		if ((last_digit & 2) == 0) {
+			bits--;
+			if ((last_digit & 4) == 0) {
+				bits--;
+			}
+		}
+	}
+	if (*str <= '1') {
+		bits -= 3;
+	} else if (*str <= '2') {
+		bits -= 2;
+	} else if (*str <= '4') {
+		bits -= 1;
+	}
+	return bits;
+}
+
+
 static size_t encoding_filter_script_to_internal(unsigned char **to, size_t *to_length, const unsigned char *from, size_t from_length)
 {
 	const zend_encoding *internal_encoding = zend_multibyte_get_internal_encoding();
@@ -2066,9 +2105,13 @@ NEWLINE ("\r"|"\n"|"\r\n")
 		}
 		RETURN_TOKEN_WITH_VAL(T_LNUMBER);
 	} else {
+		size_t bits_in_representation = bits_in_hex_representation(hex, len);
 		ZVAL_DOUBLE(zendlval, zend_hex_strtod(hex, (const char **)&end));
 		/* errno isn't checked since we allow HUGE_VAL/INF overflow */
 		ZEND_ASSERT(end == hex + len);
+		if (bits_in_representation > 53) {
+			zend_error(E_COMPILE_WARNING, "Saw imprecise float hex literal - the last %zu non-zero bits were truncated", bits_in_representation - 53);
+		}
 		if (contains_underscores) {
 			efree(hex);
 		}

ext/standard/tests/strings/pack64.phpt

@@ -32,7 +32,14 @@ print_r(unpack("q", pack("q", 0x8000000000000002)));
 print_r(unpack("q", pack("q", -1)));
 print_r(unpack("q", pack("q", 0x8000000000000000)));
 ?>
---EXPECT--
+--EXPECTF--
+Warning: Saw imprecise float hex literal - the last 10 non-zero bits were truncated in %spack64.php on line 7
+
+Warning: Saw imprecise float hex literal - the last 10 non-zero bits were truncated in %spack64.php on line 13
+
+Warning: Saw imprecise float hex literal - the last 10 non-zero bits were truncated in %spack64.php on line 19
+
+Warning: Saw imprecise float hex literal - the last 10 non-zero bits were truncated in %spack64.php on line 25
 Array
 (
     [1] => 281474976710654
@@ -112,4 +119,4 @@ Array
 Array
 (
     [1] => -9223372036854775808
-)
+)